1 2016-12-08 Filip Pizlo <fpizlo@apple.com>
3 Enable SharedArrayBuffer, remove the flag
4 https://bugs.webkit.org/show_bug.cgi?id=165614
6 Rubber stamped by Geoffrey Garen.
8 * runtime/JSGlobalObject.cpp:
9 (JSC::JSGlobalObject::init):
10 * runtime/RuntimeFlags.h:
12 2016-12-08 JF Bastien <jfbastien@apple.com>
14 WebAssembly JS API: wire up Instance imports
15 https://bugs.webkit.org/show_bug.cgi?id=165118
17 Reviewed by Saam Barati.
19 Change a bunch of the WebAssembly object model, and pipe the
20 necessary changes to be able to call JS imports from
21 WebAssembly. This will make it easier to call_indirect, and
22 unblock many other missing features.
24 As a follow-up I need to teach JSC::linkFor to live without a
25 CodeBlock: wasm doesn't have one and the IC patching is sad. We'll
26 switch on the callee (or its type?) and then use that as the owner
27 (because the callee is alive if the instance is alive, ditto
28 module, and module owns the CallLinkInfo).
31 * JavaScriptCore.xcodeproj/project.pbxproj:
32 * interpreter/CallFrame.h:
33 (JSC::ExecState::callee): give access to the callee as a JSCell
34 * jit/RegisterSet.cpp: dead code from previous WebAssembly implementation
37 (functionTestWasmModuleFunctions):
38 * runtime/JSCellInlines.h:
39 (JSC::ExecState::vm): check callee instead of jsCallee: wasm only has a JSCell and not a JSObject
41 (JSC::VM::VM): store the "top" WebAssembly.Instance on entry to WebAssembly (and restore the previous one on exit)
45 * wasm/JSWebAssembly.h:
46 * wasm/WasmB3IRGenerator.cpp:
47 (JSC::Wasm::B3IRGenerator::B3IRGenerator): pass unlinked calls around to shorten their lifetime: they're ony needed until the Plan is done
48 (JSC::Wasm::B3IRGenerator::addCall):
49 (JSC::Wasm::createJSToWasmWrapper):
50 (JSC::Wasm::parseAndCompile): also pass in the function index space, so that imports can be signature-checked along with internal functions
51 * wasm/WasmB3IRGenerator.h:
52 * wasm/WasmBinding.cpp: Added.
53 (JSC::Wasm::importStubGenerator): stubs from wasm to JS
54 * wasm/WasmBinding.h: Copied from Source/JavaScriptCore/wasm/WasmValidate.h.
55 * wasm/WasmCallingConvention.h:
56 (JSC::Wasm::CallingConvention::setupFrameInPrologue):
57 * wasm/WasmFormat.h: fix the object model
58 (JSC::Wasm::CallableFunction::CallableFunction):
59 * wasm/WasmFunctionParser.h: simplify some of the failure condition checks
60 (JSC::Wasm::FunctionParser<Context>::FunctionParser): need function index space, not just internal functions
61 (JSC::Wasm::FunctionParser<Context>::parseExpression):
62 * wasm/WasmModuleParser.cpp: early-create some of the structures which will be needed later
63 (JSC::Wasm::ModuleParser::parseImport):
64 (JSC::Wasm::ModuleParser::parseFunction):
65 (JSC::Wasm::ModuleParser::parseMemory):
66 (JSC::Wasm::ModuleParser::parseExport):
67 (JSC::Wasm::ModuleParser::parseCode):
68 * wasm/WasmModuleParser.h:
69 (JSC::Wasm::ModuleParser::functionIndexSpace):
70 (JSC::Wasm::ModuleParser::functionLocations):
72 (JSC::Wasm::Parser::consumeUTF8String):
73 * wasm/WasmPlan.cpp: pass around the wasm objects at the right time, reducing their lifetime and making it easier to pass them around when needed
74 (JSC::Wasm::Plan::run):
75 (JSC::Wasm::Plan::initializeCallees):
77 (JSC::Wasm::Plan::exports):
78 (JSC::Wasm::Plan::internalFunctionCount):
79 (JSC::Wasm::Plan::jsToWasmEntryPointForFunction):
80 (JSC::Wasm::Plan::takeModuleInformation):
81 (JSC::Wasm::Plan::takeCallLinkInfos):
82 (JSC::Wasm::Plan::takeWasmToJSStubs):
83 (JSC::Wasm::Plan::takeFunctionIndexSpace):
84 * wasm/WasmValidate.cpp: check function index space instead of only internal functions
85 (JSC::Wasm::Validate::addCall):
86 (JSC::Wasm::validateFunction):
87 * wasm/WasmValidate.h:
88 * wasm/js/JSWebAssemblyCallee.cpp:
89 (JSC::JSWebAssemblyCallee::finishCreation):
90 * wasm/js/JSWebAssemblyCallee.h:
91 (JSC::JSWebAssemblyCallee::create):
92 (JSC::JSWebAssemblyCallee::jsToWasmEntryPoint):
93 * wasm/js/JSWebAssemblyInstance.cpp:
94 (JSC::JSWebAssemblyInstance::create):
95 (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
96 (JSC::JSWebAssemblyInstance::visitChildren):
97 * wasm/js/JSWebAssemblyInstance.h: hold the import functions off the end of the Instance
98 (JSC::JSWebAssemblyInstance::importFunction):
99 (JSC::JSWebAssemblyInstance::importFunctions):
100 (JSC::JSWebAssemblyInstance::setImportFunction):
101 (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
102 (JSC::JSWebAssemblyInstance::offsetOfImportFunction):
103 (JSC::JSWebAssemblyInstance::allocationSize):
104 * wasm/js/JSWebAssemblyModule.cpp:
105 (JSC::JSWebAssemblyModule::create):
106 (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
107 (JSC::JSWebAssemblyModule::visitChildren):
108 * wasm/js/JSWebAssemblyModule.h: hold the link call info, the import function stubs, and the function index space
109 (JSC::JSWebAssemblyModule::signatureForFunctionIndexSpace):
110 (JSC::JSWebAssemblyModule::importCount):
111 (JSC::JSWebAssemblyModule::calleeFromFunctionIndexSpace):
112 * wasm/js/WebAssemblyFunction.cpp:
113 (JSC::callWebAssemblyFunction): set top Instance on VM
114 * wasm/js/WebAssemblyFunction.h:
115 (JSC::WebAssemblyFunction::instance):
116 * wasm/js/WebAssemblyInstanceConstructor.cpp:
117 (JSC::constructJSWebAssemblyInstance): handle function imports
118 * wasm/js/WebAssemblyModuleConstructor.cpp:
119 (JSC::constructJSWebAssemblyModule): generate the stubs for import functions
120 * wasm/js/WebAssemblyModuleRecord.cpp:
121 (JSC::WebAssemblyModuleRecord::link):
122 * wasm/js/WebAssemblyToJSCallee.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
123 (JSC::WebAssemblyToJSCallee::create): dummy JSCell singleton which lives on the VM, and is put as the callee in the import stub's frame to identified it when unwinding
124 (JSC::WebAssemblyToJSCallee::createStructure):
125 (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
126 (JSC::WebAssemblyToJSCallee::finishCreation):
127 (JSC::WebAssemblyToJSCallee::destroy):
128 * wasm/js/WebAssemblyToJSCallee.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
130 2016-12-08 Mark Lam <mark.lam@apple.com>
132 Enable JSC restricted options by default in the jsc shell.
133 https://bugs.webkit.org/show_bug.cgi?id=165615
135 Reviewed by Keith Miller.
137 The jsc shell is only used for debugging and development testing. We should
138 allow it to use restricted options like JSC_useDollarVM even for release builds.
142 * runtime/Options.cpp:
143 (JSC::Options::enableRestrictedOptions):
144 (JSC::Options::isAvailable):
145 (JSC::allowRestrictedOptions): Deleted.
148 2016-12-08 Chris Dumez <cdumez@apple.com>
150 Unreviewed, rolling out r209489.
152 Likely caused large regressions on JetStream, Sunspider and
157 "Add system trace points for JavaScript VM entry/exit"
158 https://bugs.webkit.org/show_bug.cgi?id=165550
159 http://trac.webkit.org/changeset/209489
161 2016-12-08 Keith Miller <keith_miller@apple.com>
163 Move LEB tests to API tests
164 https://bugs.webkit.org/show_bug.cgi?id=165586
166 Reviewed by Saam Barati.
171 (printUsageStatement):
172 (CommandLine::parseArguments):
174 (runLEBTests): Deleted.
176 2016-12-07 JF Bastien <jfbastien@apple.com>
178 Cleanup WebAssembly's RETURN_IF_EXCEPTION
179 https://bugs.webkit.org/show_bug.cgi?id=165595
181 Reviewed by Filip Pizlo.
183 * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
184 (JSC::constructJSWebAssemblyCompileError):
185 * wasm/js/WebAssemblyFunction.cpp:
186 (JSC::callWebAssemblyFunction):
187 * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
188 (JSC::constructJSWebAssemblyRuntimeError):
190 2016-12-07 Geoffrey Garen <ggaren@apple.com>
192 Renamed SourceCode members to match their accessor names
193 https://bugs.webkit.org/show_bug.cgi?id=165573
195 Reviewed by Keith Miller.
197 startChar => startOffset
200 * parser/UnlinkedSourceCode.h:
201 (JSC::UnlinkedSourceCode::UnlinkedSourceCode):
202 (JSC::UnlinkedSourceCode::view):
203 (JSC::UnlinkedSourceCode::startOffset):
204 (JSC::UnlinkedSourceCode::endOffset):
205 (JSC::UnlinkedSourceCode::length):
207 2016-12-07 Keith Miller <keith_miller@apple.com>
209 Add more missing trivial wasm ops.
210 https://bugs.webkit.org/show_bug.cgi?id=165564
212 Reviewed by Geoffrey Garen.
214 This patch adds the nop, drop, and tee_local opcodes.
215 It also fixes an issue where we were not generating
216 the proper enums for the grow_memory and current_memory
219 * wasm/WasmFunctionParser.h:
220 (JSC::Wasm::FunctionParser<Context>::parseExpression):
221 * wasm/generateWasmOpsHeader.py:
223 2016-12-07 Geoffrey Garen <ggaren@apple.com>
225 Renamed source => parentSource
226 https://bugs.webkit.org/show_bug.cgi?id=165570
228 Reviewed by Keith Miller.
232 * bytecode/UnlinkedFunctionExecutable.cpp:
233 (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
235 2016-12-07 Yusuke Suzuki <utatane.tea@gmail.com>
237 [JSC] Drop translate phase in module loader
238 https://bugs.webkit.org/show_bug.cgi?id=164861
240 Reviewed by Saam Barati.
242 Originally, this "translate" phase was introduced to the module loader.
243 However, recent rework discussion[1] starts dropping this phase.
244 And this "translate" phase is meaningless in the browser side module loader
245 since this phase originally mimics the node.js's translation hook (like,
246 transpiling CoffeeScript source to JavaScript).
248 This "translate" phase is not necessary for the exposed HTML5
249 <script type="module"> tag right now. Once the module loader pipeline is
250 redefined and specified, we need to update the current loader anyway.
251 So dropping "translate" phase right now is OK.
253 This a bit simplifies the current module loader pipeline.
255 [1]: https://github.com/whatwg/loader/issues/147
257 * builtins/ModuleLoaderPrototype.js:
261 (requestInstantiate):
263 (fulfillTranslate): Deleted.
264 (requestTranslate): Deleted.
265 * bytecode/BytecodeIntrinsicRegistry.cpp:
266 (JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
268 * runtime/JSGlobalObject.cpp:
269 * runtime/JSGlobalObject.h:
270 * runtime/JSModuleLoader.cpp:
271 (JSC::JSModuleLoader::translate): Deleted.
272 * runtime/JSModuleLoader.h:
273 * runtime/ModuleLoaderPrototype.cpp:
274 (JSC::moduleLoaderPrototypeInstantiate):
275 (JSC::moduleLoaderPrototypeTranslate): Deleted.
277 2016-12-07 Joseph Pecoraro <pecoraro@apple.com>
279 Web Inspector: Add ability to distinguish if a Script was parsed as a module
280 https://bugs.webkit.org/show_bug.cgi?id=164900
281 <rdar://problem/29323817>
283 Reviewed by Timothy Hatcher.
285 * inspector/agents/InspectorDebuggerAgent.cpp:
286 (Inspector::InspectorDebuggerAgent::didParseSource):
287 * inspector/protocol/Debugger.json:
288 Add an optional event parameter to distinguish if a script was a module or not.
290 2016-12-07 Simon Fraser <simon.fraser@apple.com>
292 Add system trace points for JavaScript VM entry/exit
293 https://bugs.webkit.org/show_bug.cgi?id=165550
295 Reviewed by Tim Horton.
297 Add trace points for entry/exit into/out of the JS VM.
299 * runtime/VMEntryScope.cpp:
300 (JSC::VMEntryScope::VMEntryScope):
301 (JSC::VMEntryScope::~VMEntryScope):
303 2016-12-06 Keith Miller <keith_miller@apple.com>
305 Add support for truncation operators
306 https://bugs.webkit.org/show_bug.cgi?id=165519
308 Reviewed by Geoffrey Garen.
310 This patch adds initial support for truncation operators. The current patch
311 does range based out of bounds checking, in the future we should use system
312 register flags on ARM and other tricks on X86 improve the performance of
315 * assembler/MacroAssemblerARM64.h:
316 (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
317 (JSC::MacroAssemblerARM64::truncateDoubleToInt64):
318 (JSC::MacroAssemblerARM64::truncateDoubleToUint64):
319 (JSC::MacroAssemblerARM64::truncateFloatToInt32):
320 (JSC::MacroAssemblerARM64::truncateFloatToUint32):
321 (JSC::MacroAssemblerARM64::truncateFloatToInt64):
322 (JSC::MacroAssemblerARM64::truncateFloatToUint64):
323 * assembler/MacroAssemblerX86Common.h:
324 (JSC::MacroAssemblerX86Common::truncateFloatToInt32):
325 (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): Deleted.
326 * assembler/MacroAssemblerX86_64.h:
327 (JSC::MacroAssemblerX86_64::truncateDoubleToUint32):
328 (JSC::MacroAssemblerX86_64::truncateDoubleToInt64):
329 (JSC::MacroAssemblerX86_64::truncateDoubleToUint64):
330 (JSC::MacroAssemblerX86_64::truncateFloatToUint32):
331 (JSC::MacroAssemblerX86_64::truncateFloatToInt64):
332 (JSC::MacroAssemblerX86_64::truncateFloatToUint64):
333 * assembler/X86Assembler.h:
334 (JSC::X86Assembler::cvttss2si_rr):
335 (JSC::X86Assembler::cvttss2siq_rr):
336 * wasm/WasmB3IRGenerator.cpp:
337 (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncSF64>):
338 (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncSF32>):
339 (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncUF64>):
340 (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncUF32>):
341 (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncSF64>):
342 (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncUF64>):
343 (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncSF32>):
344 (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncUF32>):
345 * wasm/WasmFunctionParser.h:
346 (JSC::Wasm::FunctionParser<Context>::parseExpression):
348 2016-12-07 Joseph Pecoraro <pecoraro@apple.com>
350 Web Inspector: Remove unused and mostly untested Page domain commands and events
351 https://bugs.webkit.org/show_bug.cgi?id=165507
353 Reviewed by Brian Burg.
355 Remove unused and unsupported commands and events.
357 - Page.setDocumentContent
358 - Page.getScriptExecutionStatus
359 - Page.setScriptExecutionDisabled
360 - Page.handleJavaScriptDialog
361 - Page.javascriptDialogOpening
362 - Page.javascriptDialogClosed
363 - Page.scriptsEnabled
365 * inspector/protocol/Page.json:
367 2016-12-07 Yusuke Suzuki <utatane.tea@gmail.com>
369 [JSC] Merge PromiseReactions
370 https://bugs.webkit.org/show_bug.cgi?id=165526
372 Reviewed by Sam Weinig.
374 Our promise implementation has two arrays per Promise; promiseFulfillReactions and promiseRejectReactions.
375 And everytime we call `promise.then`, we create two promise reactions for fullfill and reject.
376 However, these two reactions and the arrays for reactions can be merged into one array and one reaction.
377 It reduces the unnecessary object allocations.
381 * builtins/BuiltinNames.h:
382 * builtins/PromiseOperations.js:
383 (globalPrivate.newPromiseReaction):
384 (globalPrivate.triggerPromiseReactions):
385 (globalPrivate.rejectPromise):
386 (globalPrivate.fulfillPromise):
387 (globalPrivate.promiseReactionJob):
388 (globalPrivate.initializePromise):
389 * builtins/PromisePrototype.js:
391 * runtime/JSPromise.cpp:
392 (JSC::JSPromise::finishCreation):
394 2016-12-06 Mark Lam <mark.lam@apple.com>
396 GetByID IC is wrongly unwrapping the global proxy this value for getter/setters.
397 https://bugs.webkit.org/show_bug.cgi?id=165401
399 Reviewed by Saam Barati.
401 When the this value for a property access is the JS global and that property
402 access is via a GetterSetter, the underlying getter / setter functions would
403 expect the this value they receive to be the JSProxy instance instead of the
404 JSGlobalObject. This is consistent with how the LLINT and runtime code behaves.
405 The IC code should behave the same way.
407 Also added some ASSERTs to document invariants in the code, and help detect
408 bugs sooner if the code gets changed in a way that breaks those invariants in
411 * bytecode/PolymorphicAccess.cpp:
412 (JSC::AccessCase::generateImpl):
414 2016-12-06 Joseph Pecoraro <pecoraro@apple.com>
416 DumpRenderTree ASSERT in JSC::ExecutableBase::isHostFunction seen on bots
417 https://bugs.webkit.org/show_bug.cgi?id=165497
418 <rdar://problem/29538973>
420 Reviewed by Saam Barati.
422 * inspector/agents/InspectorScriptProfilerAgent.cpp:
423 (Inspector::InspectorScriptProfilerAgent::trackingComplete):
424 Defer collection when extracting and processing the samples to avoid
425 any objects held by the samples from getting collected while processing.
426 This is because while processing we call into functions that can
427 allocate and we must prevent those functions from syncing with the
428 GC thread which may collect other sample data yet to be processed.
430 2016-12-06 Alexey Proskuryakov <ap@apple.com>
432 Correct SDKROOT values in xcconfig files
433 https://bugs.webkit.org/show_bug.cgi?id=165487
434 rdar://problem/29539209
436 Reviewed by Dan Bernstein.
438 Fix suggested by Dan Bernstein.
440 * Configurations/DebugRelease.xcconfig:
442 2016-12-06 Saam Barati <sbarati@apple.com>
444 Remove old Wasm object model
445 https://bugs.webkit.org/show_bug.cgi?id=165481
447 Reviewed by Keith Miller and Mark Lam.
449 It's confusing to see code that consults both the old
450 Wasm object model alongside the new one. The old object
451 model is not a thing, and it's not being used. Let's
452 remove it now to prevent further confusion.
455 * JavaScriptCore.xcodeproj/project.pbxproj:
456 * bytecode/CodeBlock.cpp:
457 (JSC::CodeBlock::finalizeLLIntInlineCaches):
458 (JSC::CodeBlock::replacement):
459 (JSC::CodeBlock::computeCapabilityLevel):
460 (JSC::CodeBlock::updateAllPredictions):
461 * bytecode/CodeBlock.h:
462 * bytecode/WebAssemblyCodeBlock.cpp: Removed.
463 * bytecode/WebAssemblyCodeBlock.h: Removed.
464 * dfg/DFGCapabilities.cpp:
465 (JSC::DFG::isSupportedForInlining):
466 * interpreter/Interpreter.cpp:
467 (JSC::GetStackTraceFunctor::operator()):
468 (JSC::UnwindFunctor::operator()):
469 (JSC::isWebAssemblyExecutable): Deleted.
470 * jit/JITOperations.cpp:
472 (JSC::linkPolymorphicCall):
473 * llint/LLIntSlowPaths.cpp:
474 (JSC::LLInt::setUpCall):
475 * runtime/ExecutableBase.cpp:
476 (JSC::ExecutableBase::clearCode):
477 * runtime/ExecutableBase.h:
478 (JSC::ExecutableBase::isWebAssemblyExecutable): Deleted.
479 * runtime/JSFunction.cpp:
480 * runtime/JSFunction.h:
481 * runtime/JSFunctionInlines.h:
482 (JSC::JSFunction::isBuiltinFunction):
486 * runtime/WebAssemblyExecutable.cpp: Removed.
487 * runtime/WebAssemblyExecutable.h: Removed.
489 2016-12-06 JF Bastien <jfbastien@apple.com>
492 https://bugs.webkit.org/show_bug.cgi?id=165493
494 Reviewed by Mark Lam.
498 2016-12-06 Mark Lam <mark.lam@apple.com>
500 Introduce the concept of Immutable Prototype Exotic Objects to comply with the spec.
501 https://bugs.webkit.org/show_bug.cgi?id=165227
502 <rdar://problem/29442665>
504 Reviewed by Saam Barati.
506 * runtime/JSObject.cpp:
507 (JSC::JSObject::setPrototypeWithCycleCheck):
508 - This is where we check for immutable prototype exotic objects and refuse to set
509 the prototype if needed.
510 See https://tc39.github.io/ecma262/#sec-immutable-prototype-exotic-objects.
512 * runtime/JSTypeInfo.h:
513 (JSC::TypeInfo::isImmutablePrototypeExoticObject):
514 * runtime/Structure.h:
515 - Add flag for declaring immutable prototype exotic objects.
517 * runtime/ObjectPrototype.h:
518 - Declare that Object.prototype is an immutable prototype exotic object.
519 See https://tc39.github.io/ecma262/#sec-properties-of-the-object-prototype-object.
521 * runtime/ObjectConstructor.cpp:
522 (JSC::objectConstructorSetPrototypeOf):
523 - Use better error messages.
525 2016-12-04 Darin Adler <darin@apple.com>
527 Use ASCIICType more, and improve it a little bit
528 https://bugs.webkit.org/show_bug.cgi?id=165360
530 Reviewed by Sam Weinig.
532 * inspector/InspectorValues.cpp:
533 (Inspector::readHexDigits): Use isASCIIHexDigit.
534 (Inspector::hextoInt): Deleted.
535 (decodeString): Use toASCIIHexValue.
537 * runtime/JSGlobalObjectFunctions.cpp:
538 (JSC::parseDigit): Use isASCIIDigit, isASCIIUpper, and isASCIILower.
540 * runtime/StringPrototype.cpp:
541 (JSC::substituteBackreferencesSlow): Use isASCIIDigit.
543 2016-12-06 Csaba Osztrogonác <ossy@webkit.org>
545 Add storeFence support for ARMv7
546 https://bugs.webkit.org/show_bug.cgi?id=164733
548 Reviewed by Saam Barati.
550 * assembler/ARMAssembler.h:
551 (JSC::ARMAssembler::dmbISHST): Added.
552 * assembler/ARMv7Assembler.h: Typo fixed, DMB has only T1 encoding.
553 (JSC::ARMv7Assembler::dmbSY):
554 (JSC::ARMv7Assembler::dmbISHST): Added.
555 * assembler/MacroAssemblerARM.h:
556 (JSC::MacroAssemblerARM::storeFence):
557 * assembler/MacroAssemblerARMv7.h:
558 (JSC::MacroAssemblerARMv7::storeFence):
560 2016-12-05 Matt Baker <mattbaker@apple.com>
562 Web Inspector: remove ASSERT from InspectorDebuggerAgent::derefAsyncCallData
563 https://bugs.webkit.org/show_bug.cgi?id=165413
564 <rdar://problem/29517587>
566 Reviewed by Brian Burg.
568 DOMTimer::removeById can call into InspectorInstrumentation with an
569 invalid identifier, so don't assert that async call data exists.
571 * inspector/agents/InspectorDebuggerAgent.cpp:
572 (Inspector::InspectorDebuggerAgent::derefAsyncCallData):
574 2016-12-05 Geoffrey Garen <ggaren@apple.com>
576 Fixed a bug in my last patch.
580 * bytecode/UnlinkedFunctionExecutable.h: Restore the conversion to
583 2016-12-05 Geoffrey Garen <ggaren@apple.com>
585 Moved start and end column linking into helper functions
586 https://bugs.webkit.org/show_bug.cgi?id=165422
588 Reviewed by Sam Weinig.
590 * bytecode/UnlinkedFunctionExecutable.cpp:
591 (JSC::UnlinkedFunctionExecutable::link):
592 * bytecode/UnlinkedFunctionExecutable.h:
594 2016-12-05 Mark Lam <mark.lam@apple.com>
596 Fix JSC files so that we can build a release build with NDEBUG #undef'ed.
597 https://bugs.webkit.org/show_bug.cgi?id=165409
599 Reviewed by Keith Miller.
601 This allows us to run a release build with DEBUG ASSERTs enabled.
603 * bytecode/BytecodeLivenessAnalysis.cpp:
604 * bytecode/UnlinkedEvalCodeBlock.cpp:
605 * bytecode/UnlinkedFunctionCodeBlock.cpp:
606 * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
607 * bytecode/UnlinkedProgramCodeBlock.cpp:
608 * runtime/EvalExecutable.cpp:
610 2016-12-05 Geoffrey Garen <ggaren@apple.com>
612 Renamed source => parentSource
613 https://bugs.webkit.org/show_bug.cgi?id=165419
615 Reviewed by Saam Barati.
617 This should help clarify that a FunctionExecutable holds the source
618 code to its *parent* scope, and not its own SourceCode.
620 * builtins/BuiltinExecutables.cpp:
621 (JSC::BuiltinExecutables::createExecutable):
622 * bytecode/UnlinkedFunctionExecutable.cpp:
623 (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
624 (JSC::UnlinkedFunctionExecutable::link):
625 * bytecode/UnlinkedFunctionExecutable.h:
627 2016-12-05 Geoffrey Garen <ggaren@apple.com>
629 ScriptExecutable should not contain a copy of firstLine and startColumn
630 https://bugs.webkit.org/show_bug.cgi?id=165415
632 Reviewed by Keith Miller.
634 We already have this data in SourceCode.
636 It's super confusing to have two copies of this data, where one is
637 allowed to mutate. In reality, your line and column number never change.
639 * bytecode/UnlinkedFunctionExecutable.cpp:
640 (JSC::UnlinkedFunctionExecutable::link):
641 * runtime/CodeCache.cpp:
642 (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
643 * runtime/CodeCache.h:
644 (JSC::generateUnlinkedCodeBlock):
645 * runtime/FunctionExecutable.cpp:
646 (JSC::FunctionExecutable::FunctionExecutable):
647 * runtime/FunctionExecutable.h:
648 * runtime/ScriptExecutable.cpp:
649 (JSC::ScriptExecutable::ScriptExecutable):
650 (JSC::ScriptExecutable::newCodeBlockFor):
651 * runtime/ScriptExecutable.h:
652 (JSC::ScriptExecutable::firstLine):
653 (JSC::ScriptExecutable::startColumn):
654 (JSC::ScriptExecutable::recordParse):
656 2016-12-05 Caitlin Potter <caitp@igalia.com>
658 [JSC] report unexpected token when "async" is followed by identifier
659 https://bugs.webkit.org/show_bug.cgi?id=165091
661 Reviewed by Mark Lam.
663 Report a SyntaxError, in order to report correct error in contexts
664 an async ArrowFunction cannot occur. Also corrects errors in comment
665 describing JSTokenType bitfield, which was added in r209293.
668 (JSC::Parser<LexerType>::parseMemberExpression):
669 * parser/ParserTokens.h:
671 2016-12-05 Keith Miller <keith_miller@apple.com>
673 Add Wasm i64 to i32 conversion.
674 https://bugs.webkit.org/show_bug.cgi?id=165378
676 Reviewed by Filip Pizlo.
678 It turns out the wrap operation is just B3's Trunc.
682 2016-12-05 Joseph Pecoraro <pecoraro@apple.com>
684 REGRESSION(r208985): SafariForWebKitDevelopment Symbol Not Found looking for method with WTF::Optional
685 https://bugs.webkit.org/show_bug.cgi?id=165351
687 Reviewed by Yusuke Suzuki.
689 Some versions of Safari expect:
691 Inspector::BackendDispatcher::reportProtocolError(WTF::Optional<long>, Inspector::BackendDispatcher::CommonErrorCode, WTF::String const&)
693 Which we had updated to use std::optional. Expose a version with the original
694 Symbol for these Safaris. This stub will just call through to the new version.
696 * inspector/InspectorBackendDispatcher.cpp:
697 (Inspector::BackendDispatcher::reportProtocolError):
698 * inspector/InspectorBackendDispatcher.h:
700 2016-12-05 Konstantin Tokarev <annulen@yandex.ru>
702 Add __STDC_FORMAT_MACROS before inttypes.h is included
703 https://bugs.webkit.org/show_bug.cgi?id=165374
705 We need formatting macros like PRIu64 to be available in all places where
706 inttypes.h header is used. All these usages get inttypes.h definitions
707 via wtf/Assertions.h header, except SQLiteFileSystem.cpp where formatting
708 macros are not used anymore since r185129.
710 This patch fixes multiple build errors with MinGW and reduces number of
711 independent __STDC_FORMAT_MACROS uses in the code base.
713 Reviewed by Darin Adler.
715 * disassembler/ARM64/A64DOpcode.cpp: Removed __STDC_FORMAT_MACROS
716 because it is obtained via Assertions.h now
717 * disassembler/ARM64Disassembler.cpp: Ditto.
719 2016-12-04 Keith Miller <keith_miller@apple.com>
721 Add support for Wasm ctz and popcnt
722 https://bugs.webkit.org/show_bug.cgi?id=165369
724 Reviewed by Saam Barati.
726 * assembler/MacroAssemblerARM64.h:
727 (JSC::MacroAssemblerARM64::countTrailingZeros32):
728 (JSC::MacroAssemblerARM64::countTrailingZeros64):
729 * assembler/MacroAssemblerX86Common.cpp:
730 * assembler/MacroAssemblerX86Common.h:
731 (JSC::MacroAssemblerX86Common::countTrailingZeros32):
732 (JSC::MacroAssemblerX86Common::supportsBMI1):
733 (JSC::MacroAssemblerX86Common::ctzAfterBsf):
734 * assembler/MacroAssemblerX86_64.h:
735 (JSC::MacroAssemblerX86_64::countTrailingZeros64):
736 * assembler/X86Assembler.h:
737 (JSC::X86Assembler::tzcnt_rr):
738 (JSC::X86Assembler::tzcntq_rr):
739 (JSC::X86Assembler::bsf_rr):
740 (JSC::X86Assembler::bsfq_rr):
741 * wasm/WasmB3IRGenerator.cpp:
742 (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Ctz>):
743 (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Ctz>):
744 (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Popcnt>):
745 (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Popcnt>):
746 * wasm/WasmFunctionParser.h:
747 (JSC::Wasm::FunctionParser<Context>::parseExpression):
749 2016-12-04 Saam Barati <sbarati@apple.com>
751 We should have a Wasm callee
752 https://bugs.webkit.org/show_bug.cgi?id=165163
754 Reviewed by Keith Miller.
756 This patch adds JSWebAssemblyCallee and stores it into the
757 callee slot in the call frame as part of the prologue of a
758 wasm function. This is the first step in implementing
759 unwinding from/through wasm frames. We will use the callee
760 to identify that a machine frame belongs to wasm code.
763 * JavaScriptCore.xcodeproj/project.pbxproj:
766 (functionTestWasmModuleFunctions):
767 * llint/LowLevelInterpreter64.asm:
768 * runtime/JSGlobalObject.cpp:
772 * wasm/JSWebAssembly.h:
773 * wasm/WasmB3IRGenerator.cpp:
774 (JSC::Wasm::B3IRGenerator::B3IRGenerator):
775 (JSC::Wasm::parseAndCompile):
776 * wasm/WasmCallingConvention.h:
777 (JSC::Wasm::CallingConvention::setupFrameInPrologue):
780 (JSC::Wasm::Plan::initializeCallees):
782 (JSC::Wasm::Plan::compiledFunction):
783 (JSC::Wasm::Plan::getCompiledFunctions): Deleted.
784 * wasm/js/JSWebAssemblyCallee.cpp: Added.
785 (JSC::JSWebAssemblyCallee::JSWebAssemblyCallee):
786 (JSC::JSWebAssemblyCallee::finishCreation):
787 (JSC::JSWebAssemblyCallee::destroy):
788 * wasm/js/JSWebAssemblyCallee.h: Added.
789 (JSC::JSWebAssemblyCallee::create):
790 (JSC::JSWebAssemblyCallee::createStructure):
791 (JSC::JSWebAssemblyCallee::jsEntryPoint):
792 * wasm/js/JSWebAssemblyModule.cpp:
793 (JSC::JSWebAssemblyModule::create):
794 (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
795 (JSC::JSWebAssemblyModule::visitChildren):
796 * wasm/js/JSWebAssemblyModule.h:
797 (JSC::JSWebAssemblyModule::moduleInformation):
798 (JSC::JSWebAssemblyModule::callee):
799 (JSC::JSWebAssemblyModule::callees):
800 (JSC::JSWebAssemblyModule::offsetOfCallees):
801 (JSC::JSWebAssemblyModule::allocationSize):
802 (JSC::JSWebAssemblyModule::compiledFunctions): Deleted.
803 * wasm/js/WebAssemblyFunction.cpp:
804 (JSC::callWebAssemblyFunction):
805 (JSC::WebAssemblyFunction::create):
806 (JSC::WebAssemblyFunction::visitChildren):
807 (JSC::WebAssemblyFunction::finishCreation):
808 * wasm/js/WebAssemblyFunction.h:
809 (JSC::WebAssemblyFunction::webAssemblyCallee):
810 (JSC::WebAssemblyFunction::instance):
811 (JSC::WebAssemblyFunction::signature):
812 (JSC::CallableWebAssemblyFunction::CallableWebAssemblyFunction): Deleted.
813 (JSC::WebAssemblyFunction::webAssemblyFunctionCell): Deleted.
814 * wasm/js/WebAssemblyFunctionCell.cpp:
815 (JSC::WebAssemblyFunctionCell::create): Deleted.
816 (JSC::WebAssemblyFunctionCell::WebAssemblyFunctionCell): Deleted.
817 (JSC::WebAssemblyFunctionCell::destroy): Deleted.
818 (JSC::WebAssemblyFunctionCell::createStructure): Deleted.
819 * wasm/js/WebAssemblyFunctionCell.h:
820 (JSC::WebAssemblyFunctionCell::function): Deleted.
821 * wasm/js/WebAssemblyModuleConstructor.cpp:
822 (JSC::constructJSWebAssemblyModule):
823 * wasm/js/WebAssemblyModuleRecord.cpp:
824 (JSC::WebAssemblyModuleRecord::link):
826 2016-12-04 Matt Baker <mattbaker@apple.com>
828 Web Inspector: Assertion Failures breakpoint should respect global Breakpoints enabled setting
829 https://bugs.webkit.org/show_bug.cgi?id=165277
830 <rdar://problem/29467098>
832 Reviewed by Mark Lam.
834 * inspector/agents/InspectorDebuggerAgent.cpp:
835 (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
836 Check that breakpoints are active before pausing.
838 2016-12-03 Yusuke Suzuki <utatane.tea@gmail.com>
840 Refactor SymbolImpl layout
841 https://bugs.webkit.org/show_bug.cgi?id=165247
843 Reviewed by Darin Adler.
845 Use SymbolImpl::{create, createNullSymbol} instead.
847 * runtime/PrivateName.h:
848 (JSC::PrivateName::PrivateName):
850 2016-12-03 JF Bastien <jfbastien@apple.com>
852 WebAssembly: update binary format to 0xD version
853 https://bugs.webkit.org/show_bug.cgi?id=165345
855 Reviewed by Keith Miller.
857 As described in the following PR: https://github.com/WebAssembly/design/pull/836
858 Originally committed in r209175, reverted in r209242, and fixed in r209284.
860 * wasm/WasmB3IRGenerator.cpp:
861 (JSC::Wasm::B3IRGenerator::B3IRGenerator):
862 (JSC::Wasm::B3IRGenerator::zeroForType):
863 (JSC::Wasm::B3IRGenerator::addConstant):
864 (JSC::Wasm::createJSWrapper):
865 * wasm/WasmCallingConvention.h:
866 (JSC::Wasm::CallingConvention::marshallArgument):
867 * wasm/WasmFormat.cpp:
868 (JSC::Wasm::toString): Deleted.
870 (JSC::Wasm::isValueType):
871 (JSC::Wasm::toB3Type): Deleted.
872 * wasm/WasmFunctionParser.h:
873 (JSC::Wasm::FunctionParser<Context>::parseExpression):
874 * wasm/WasmModuleParser.cpp:
875 (JSC::Wasm::ModuleParser::parse):
876 (JSC::Wasm::ModuleParser::parseType):
877 * wasm/WasmModuleParser.h:
879 (JSC::Wasm::Parser::parseResultType):
880 * wasm/generateWasm.py:
882 * wasm/generateWasmOpsHeader.py:
886 * wasm/js/WebAssemblyFunction.cpp:
887 (JSC::callWebAssemblyFunction):
890 2016-12-02 Keith Miller <keith_miller@apple.com>
893 https://bugs.webkit.org/show_bug.cgi?id=165355
895 Reviewed by Filip Pizlo.
897 This patch also makes two other important changes:
899 1) allows for i64 constants in the B3 generator language.
900 2) Fixes a bug with F64ConvertUI64 where the operation returned a Float instead
903 * wasm/WasmB3IRGenerator.cpp:
904 (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
905 * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
906 (CodeGenerator.generateOpcode):
908 (generateI32ConstCode): Deleted.
911 2016-12-03 Commit Queue <commit-queue@webkit.org>
913 Unreviewed, rolling out r209298.
914 https://bugs.webkit.org/show_bug.cgi?id=165359
916 broke the build (Requested by smfr on #webkit).
921 https://bugs.webkit.org/show_bug.cgi?id=165355
922 http://trac.webkit.org/changeset/209298
924 2016-12-02 Keith Miller <keith_miller@apple.com>
927 https://bugs.webkit.org/show_bug.cgi?id=165355
929 Reviewed by Filip Pizlo.
931 This patch also makes two other important changes:
933 1) allows for i64 constants in the B3 generator language.
934 2) Fixes a bug with F64ConvertUI64 where the operation returned a Float instead
937 * wasm/WasmB3IRGenerator.cpp:
938 (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
939 * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
940 (CodeGenerator.generateOpcode):
942 (generateI32ConstCode): Deleted.
945 2016-12-02 Keith Miller <keith_miller@apple.com>
947 Unreviewed, fix git having a breakdown over trying to reland a rollout.
949 2016-12-02 Keith Miller <keith_miller@apple.com>
951 Add Wasm floating point nearest and trunc
952 https://bugs.webkit.org/show_bug.cgi?id=165339
954 Reviewed by Saam Barati.
956 This patch also allows any wasm primitive type to be passed as a
959 * assembler/MacroAssemblerARM64.h:
960 (JSC::MacroAssemblerARM64::nearestIntDouble):
961 (JSC::MacroAssemblerARM64::nearestIntFloat):
962 (JSC::MacroAssemblerARM64::truncDouble):
963 (JSC::MacroAssemblerARM64::truncFloat):
964 * assembler/MacroAssemblerX86Common.h:
965 (JSC::MacroAssemblerX86Common::nearestIntDouble):
966 (JSC::MacroAssemblerX86Common::nearestIntFloat):
969 * wasm/WasmB3IRGenerator.cpp:
970 (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
971 (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
972 (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Nearest>):
973 (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Nearest>):
974 (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Trunc>):
975 (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Trunc>):
976 * wasm/WasmFunctionParser.h:
977 (JSC::Wasm::FunctionParser<Context>::parseExpression):
979 2016-12-02 Caitlin Potter <caitp@igalia.com>
981 [JSC] add additional bit to JSTokenType bitfield
982 https://bugs.webkit.org/show_bug.cgi?id=165091
984 Reviewed by Geoffrey Garen.
986 Avoid overflow which causes keyword tokens to be treated as unary
987 tokens now that "async" is tokenized as a keyword, by granting an
988 additional 64 bits to be occupied by token IDs.
990 * parser/ParserTokens.h:
992 2016-12-02 Andy Estes <aestes@apple.com>
994 [Cocoa] Adopt the PRODUCT_BUNDLE_IDENTIFIER build setting
995 https://bugs.webkit.org/show_bug.cgi?id=164492
997 Reviewed by Dan Bernstein.
999 * Configurations/JavaScriptCore.xcconfig: Set PRODUCT_BUNDLE_IDENTIFIER to
1000 com.apple.$(PRODUCT_NAME:rfc1034identifier).
1001 * Info.plist: Changed CFBundleIdentifier's value from com.apple.${PRODUCT_NAME} to
1002 ${PRODUCT_BUNDLE_IDENTIFIER}.
1004 2016-12-02 JF Bastien <jfbastien@apple.com>
1006 WebAssembly: mark WasmOps.h as private
1007 https://bugs.webkit.org/show_bug.cgi?id=165335
1009 Reviewed by Mark Lam.
1011 * JavaScriptCore.xcodeproj/project.pbxproj: WasmOps.h will be used by non-JSC and should therefore be private
1013 2016-12-02 Commit Queue <commit-queue@webkit.org>
1015 Unreviewed, rolling out r209275 and r209276.
1016 https://bugs.webkit.org/show_bug.cgi?id=165348
1018 "broke the arm build" (Requested by keith_miller on #webkit).
1020 Reverted changesets:
1022 "Add Wasm floating point nearest and trunc"
1023 https://bugs.webkit.org/show_bug.cgi?id=165339
1024 http://trac.webkit.org/changeset/209275
1026 "Unreviewed, forgot to change instruction after renaming."
1027 http://trac.webkit.org/changeset/209276
1029 2016-12-02 Keith Miller <keith_miller@apple.com>
1031 Unreviewed, forgot to change instruction after renaming.
1033 * assembler/MacroAssemblerARM64.h:
1034 (JSC::MacroAssemblerARM64::nearestIntDouble):
1035 (JSC::MacroAssemblerARM64::nearestIntFloat):
1037 2016-12-02 Keith Miller <keith_miller@apple.com>
1039 Add Wasm floating point nearest and trunc
1040 https://bugs.webkit.org/show_bug.cgi?id=165339
1042 Reviewed by Filip Pizlo.
1044 This patch also allows any wasm primitive type to be passed as a
1047 * assembler/MacroAssemblerARM64.h:
1048 (JSC::MacroAssemblerARM64::nearestIntDouble):
1049 (JSC::MacroAssemblerARM64::nearestIntFloat):
1050 (JSC::MacroAssemblerARM64::truncDouble):
1051 (JSC::MacroAssemblerARM64::truncFloat):
1052 * assembler/MacroAssemblerX86Common.h:
1053 (JSC::MacroAssemblerX86Common::nearestIntDouble):
1054 (JSC::MacroAssemblerX86Common::nearestIntFloat):
1057 * wasm/WasmB3IRGenerator.cpp:
1058 (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1059 (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
1060 (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Nearest>):
1061 (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Nearest>):
1062 (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Trunc>):
1063 (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Trunc>):
1064 * wasm/WasmFunctionParser.h:
1065 (JSC::Wasm::FunctionParser<Context>::parseExpression):
1067 2016-12-02 JF Bastien <jfbastien@apple.com>
1069 WebAssembly: revert patch causing odd breakage
1070 https://bugs.webkit.org/show_bug.cgi?id=165308
1074 Bug #164724 seems to cause build issues which I haven't tracked down yet. WasmOps.h can't be found:
1075 ./Source/JavaScriptCore/wasm/WasmFormat.h:34:10: fatal error: 'WasmOps.h' file not found
1077 It's weird since the file is auto-generated and has been for a while. #164724 merely includes it in WasmFormat.h.
1079 * wasm/WasmB3IRGenerator.cpp:
1080 (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1081 (JSC::Wasm::B3IRGenerator::zeroForType):
1082 (JSC::Wasm::B3IRGenerator::addConstant):
1083 (JSC::Wasm::createJSWrapper):
1084 * wasm/WasmCallingConvention.h:
1085 (JSC::Wasm::CallingConvention::marshallArgument):
1086 * wasm/WasmFormat.cpp:
1087 (JSC::Wasm::toString):
1088 * wasm/WasmFormat.h:
1089 (JSC::Wasm::toB3Type):
1090 * wasm/WasmFunctionParser.h:
1091 (JSC::Wasm::FunctionParser<Context>::parseExpression):
1092 * wasm/WasmModuleParser.cpp:
1093 (JSC::Wasm::ModuleParser::parse):
1094 (JSC::Wasm::ModuleParser::parseType):
1095 * wasm/WasmModuleParser.h:
1096 * wasm/WasmParser.h:
1097 (JSC::Wasm::Parser::parseResultType):
1098 * wasm/generateWasm.py:
1100 * wasm/generateWasmOpsHeader.py:
1103 (typeMacroizer): Deleted.
1104 * wasm/js/WebAssemblyFunction.cpp:
1105 (JSC::callWebAssemblyFunction):
1108 2016-12-01 Brian Burg <bburg@apple.com>
1110 Remote Inspector: fix weird typo in generated ObjC protocol type initializer implementations
1111 https://bugs.webkit.org/show_bug.cgi?id=165295
1112 <rdar://problem/29427778>
1114 Reviewed by Joseph Pecoraro.
1116 Remove a stray semicolon appended after custom initializer signatures.
1117 This is a syntax error when building with less lenient compiler warnings.
1119 * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1120 (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1121 * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1122 * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1123 * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1124 * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1125 * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1126 * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1127 * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1129 2016-12-01 Saam Barati <sbarati@apple.com>
1131 Rename CallFrame::callee() to CallFrame::jsCallee()
1132 https://bugs.webkit.org/show_bug.cgi?id=165293
1134 Reviewed by Keith Miller.
1136 Wasm will soon have its own Callee that doesn't derive
1137 from JSObject, but derives from JSCell. I want to introduce
1138 a new function like:
1140 CalleeBase* CallFrame::callee()
1143 once we have a Wasm callee. It only makes sense to name that
1144 function callee() and rename the current one turn to:
1146 JSObject* CallFrame::jsCallee()
1149 * API/APICallbackFunction.h:
1150 (JSC::APICallbackFunction::call):
1151 (JSC::APICallbackFunction::construct):
1152 * API/JSCallbackObjectFunctions.h:
1153 (JSC::JSCallbackObject<Parent>::construct):
1154 (JSC::JSCallbackObject<Parent>::call):
1155 * debugger/DebuggerCallFrame.cpp:
1156 (JSC::DebuggerCallFrame::scope):
1157 (JSC::DebuggerCallFrame::type):
1158 * interpreter/CallFrame.cpp:
1159 (JSC::CallFrame::friendlyFunctionName):
1160 * interpreter/CallFrame.h:
1161 (JSC::ExecState::jsCallee):
1162 (JSC::ExecState::callee): Deleted.
1163 * interpreter/Interpreter.cpp:
1164 (JSC::Interpreter::dumpRegisters):
1165 (JSC::notifyDebuggerOfUnwinding):
1166 * interpreter/ShadowChicken.cpp:
1167 (JSC::ShadowChicken::update):
1168 * interpreter/StackVisitor.cpp:
1169 (JSC::StackVisitor::readNonInlinedFrame):
1170 * llint/LLIntSlowPaths.cpp:
1171 (JSC::LLInt::traceFunctionPrologue):
1172 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1173 * runtime/ArrayConstructor.cpp:
1174 (JSC::constructArrayWithSizeQuirk):
1175 * runtime/AsyncFunctionConstructor.cpp:
1176 (JSC::callAsyncFunctionConstructor):
1177 (JSC::constructAsyncFunctionConstructor):
1178 * runtime/BooleanConstructor.cpp:
1179 (JSC::constructWithBooleanConstructor):
1180 * runtime/ClonedArguments.cpp:
1181 (JSC::ClonedArguments::createWithInlineFrame):
1182 * runtime/CommonSlowPaths.h:
1183 (JSC::CommonSlowPaths::arityCheckFor):
1184 * runtime/DateConstructor.cpp:
1185 (JSC::constructWithDateConstructor):
1186 * runtime/DirectArguments.cpp:
1187 (JSC::DirectArguments::createByCopying):
1189 (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
1190 (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
1191 * runtime/ErrorConstructor.cpp:
1192 (JSC::Interpreter::constructWithErrorConstructor):
1193 (JSC::Interpreter::callErrorConstructor):
1194 * runtime/FunctionConstructor.cpp:
1195 (JSC::constructWithFunctionConstructor):
1196 (JSC::callFunctionConstructor):
1197 * runtime/GeneratorFunctionConstructor.cpp:
1198 (JSC::callGeneratorFunctionConstructor):
1199 (JSC::constructGeneratorFunctionConstructor):
1200 * runtime/InternalFunction.cpp:
1201 (JSC::InternalFunction::createSubclassStructure):
1202 * runtime/IntlCollator.cpp:
1203 (JSC::IntlCollator::initializeCollator):
1204 * runtime/IntlCollatorConstructor.cpp:
1205 (JSC::constructIntlCollator):
1206 (JSC::callIntlCollator):
1207 (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1208 * runtime/IntlDateTimeFormat.cpp:
1209 (JSC::IntlDateTimeFormat::initializeDateTimeFormat):
1210 * runtime/IntlDateTimeFormatConstructor.cpp:
1211 (JSC::constructIntlDateTimeFormat):
1212 (JSC::callIntlDateTimeFormat):
1213 (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1214 * runtime/IntlNumberFormat.cpp:
1215 (JSC::IntlNumberFormat::initializeNumberFormat):
1216 * runtime/IntlNumberFormatConstructor.cpp:
1217 (JSC::constructIntlNumberFormat):
1218 (JSC::callIntlNumberFormat):
1219 (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1220 * runtime/IntlObject.cpp:
1221 (JSC::canonicalizeLocaleList):
1222 (JSC::defaultLocale):
1223 (JSC::lookupSupportedLocales):
1224 (JSC::intlObjectFuncGetCanonicalLocales):
1225 * runtime/JSArrayBufferConstructor.cpp:
1226 (JSC::constructArrayBuffer):
1227 * runtime/JSArrayBufferPrototype.cpp:
1228 (JSC::arrayBufferProtoFuncSlice):
1229 * runtime/JSBoundFunction.cpp:
1230 (JSC::boundThisNoArgsFunctionCall):
1231 (JSC::boundFunctionCall):
1232 (JSC::boundThisNoArgsFunctionConstruct):
1233 (JSC::boundFunctionConstruct):
1234 * runtime/JSCellInlines.h:
1235 (JSC::ExecState::vm):
1236 * runtime/JSCustomGetterSetterFunction.cpp:
1237 (JSC::JSCustomGetterSetterFunction::customGetterSetterFunctionCall):
1238 * runtime/JSFunction.cpp:
1239 (JSC::callHostFunctionAsConstructor):
1240 * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1241 (JSC::constructGenericTypedArrayView):
1242 * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1243 (JSC::genericTypedArrayViewProtoFuncSlice):
1244 (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1245 * runtime/JSGlobalObjectFunctions.cpp:
1246 (JSC::globalFuncEval):
1247 * runtime/JSInternalPromiseConstructor.cpp:
1248 (JSC::constructPromise):
1249 * runtime/JSMapIterator.cpp:
1250 (JSC::JSMapIterator::createPair):
1251 (JSC::JSMapIterator::clone):
1252 * runtime/JSNativeStdFunction.cpp:
1253 (JSC::runStdFunction):
1254 * runtime/JSPromiseConstructor.cpp:
1255 (JSC::constructPromise):
1256 * runtime/JSPropertyNameIterator.cpp:
1257 (JSC::JSPropertyNameIterator::clone):
1258 * runtime/JSScope.h:
1259 (JSC::ExecState::lexicalGlobalObject):
1260 * runtime/JSSetIterator.cpp:
1261 (JSC::JSSetIterator::createPair):
1262 (JSC::JSSetIterator::clone):
1263 * runtime/JSStringIterator.cpp:
1264 (JSC::JSStringIterator::clone):
1265 * runtime/MapConstructor.cpp:
1266 (JSC::constructMap):
1267 * runtime/MapPrototype.cpp:
1268 (JSC::mapProtoFuncValues):
1269 (JSC::mapProtoFuncEntries):
1270 (JSC::mapProtoFuncKeys):
1271 (JSC::privateFuncMapIterator):
1272 * runtime/NativeErrorConstructor.cpp:
1273 (JSC::Interpreter::constructWithNativeErrorConstructor):
1274 (JSC::Interpreter::callNativeErrorConstructor):
1275 * runtime/ObjectConstructor.cpp:
1276 (JSC::constructObject):
1277 * runtime/ProxyObject.cpp:
1278 (JSC::performProxyCall):
1279 (JSC::performProxyConstruct):
1280 * runtime/ProxyRevoke.cpp:
1281 (JSC::performProxyRevoke):
1282 * runtime/RegExpConstructor.cpp:
1283 (JSC::constructWithRegExpConstructor):
1284 (JSC::callRegExpConstructor):
1285 * runtime/ScopedArguments.cpp:
1286 (JSC::ScopedArguments::createByCopying):
1287 * runtime/SetConstructor.cpp:
1288 (JSC::constructSet):
1289 * runtime/SetPrototype.cpp:
1290 (JSC::setProtoFuncValues):
1291 (JSC::setProtoFuncEntries):
1292 (JSC::privateFuncSetIterator):
1293 * runtime/StringConstructor.cpp:
1294 (JSC::constructWithStringConstructor):
1295 * runtime/StringPrototype.cpp:
1296 (JSC::stringProtoFuncIterator):
1297 * runtime/WeakMapConstructor.cpp:
1298 (JSC::constructWeakMap):
1299 * runtime/WeakSetConstructor.cpp:
1300 (JSC::constructWeakSet):
1301 * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
1302 (JSC::constructJSWebAssemblyCompileError):
1303 * wasm/js/WebAssemblyFunction.cpp:
1304 (JSC::callWebAssemblyFunction):
1305 * wasm/js/WebAssemblyModuleConstructor.cpp:
1306 (JSC::constructJSWebAssemblyModule):
1307 * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
1308 (JSC::constructJSWebAssemblyRuntimeError):
1310 2016-12-01 Brian Burg <bburg@apple.com>
1312 Web Inspector: generated code should use a framework-style import for *ProtocolArrayConversions.h
1313 https://bugs.webkit.org/show_bug.cgi?id=165281
1314 <rdar://problem/29427778>
1316 Reviewed by Joseph Pecoraro.
1318 * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1319 (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
1320 * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1321 * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1322 * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1323 * inspector/scripts/tests/expected/enum-values.json-result:
1324 * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1325 * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1326 * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1327 * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1328 * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1329 * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1330 * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1331 * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1332 * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1334 2016-12-01 Geoffrey Garen <ggaren@apple.com>
1336 SourceCodeKey should use unlinked source code
1337 https://bugs.webkit.org/show_bug.cgi?id=165286
1339 Reviewed by Saam Barati.
1341 This patch splits out UnlinkedSourceCode from SourceCode, and deploys
1342 UnlinkedSourceCode in SourceCodeKey.
1344 It's misleading to store SourceCode in SourceCodeKey because SourceCode
1345 has an absolute location whereas unlinked cached code has no location.
1347 I plan to deploy UnlinkedSourceCode in more places, to indicate code
1348 that has no absolute location.
1350 * JavaScriptCore.xcodeproj/project.pbxproj:
1351 * parser/SourceCode.cpp:
1352 (JSC::UnlinkedSourceCode::toUTF8):
1353 (JSC::SourceCode::toUTF8): Deleted.
1354 * parser/SourceCode.h:
1355 (JSC::SourceCode::SourceCode):
1356 (JSC::SourceCode::startColumn):
1357 (JSC::SourceCode::isHashTableDeletedValue): Deleted.
1358 (JSC::SourceCode::hash): Deleted.
1359 (JSC::SourceCode::view): Deleted.
1360 (JSC::SourceCode::providerID): Deleted.
1361 (JSC::SourceCode::isNull): Deleted.
1362 (JSC::SourceCode::provider): Deleted.
1363 (JSC::SourceCode::startOffset): Deleted.
1364 (JSC::SourceCode::endOffset): Deleted.
1365 (JSC::SourceCode::length): Deleted. Move a bunch of stuff in to a new
1366 base class, UnlinkedSourceCode.
1368 * parser/SourceCodeKey.h:
1369 (JSC::SourceCodeKey::SourceCodeKey): Use UnlinkedSourceCode since code
1370 in the cache has no location.
1372 * parser/UnlinkedSourceCode.h: Copied from Source/JavaScriptCore/parser/SourceCode.h.
1373 (JSC::UnlinkedSourceCode::UnlinkedSourceCode):
1374 (JSC::UnlinkedSourceCode::provider):
1375 (JSC::SourceCode::SourceCode): Deleted.
1376 (JSC::SourceCode::isHashTableDeletedValue): Deleted.
1377 (JSC::SourceCode::hash): Deleted.
1378 (JSC::SourceCode::view): Deleted.
1379 (JSC::SourceCode::providerID): Deleted.
1380 (JSC::SourceCode::isNull): Deleted.
1381 (JSC::SourceCode::provider): Deleted.
1382 (JSC::SourceCode::firstLine): Deleted.
1383 (JSC::SourceCode::startColumn): Deleted.
1384 (JSC::SourceCode::startOffset): Deleted.
1385 (JSC::SourceCode::endOffset): Deleted.
1386 (JSC::SourceCode::length): Deleted.
1387 (JSC::makeSource): Deleted.
1388 (JSC::SourceCode::subExpression): Deleted.
1390 * runtime/CodeCache.h: Use UnlinkedSourceCode in the cache.
1392 2016-12-01 Keith Miller <keith_miller@apple.com>
1394 Add wasm int to floating point opcodes
1395 https://bugs.webkit.org/show_bug.cgi?id=165252
1397 Reviewed by Geoffrey Garen.
1399 This patch adds support for the Wasm integral type => floating point
1400 type conversion opcodes. Most of these were already supported by B3
1401 however there was no support for uint64 to float/double. Unfortunately,
1402 AFAIK x86_64 does not have a single instruction that performs this
1403 conversion. Since there is a signed conversion instruction on x86 we
1404 use that for all uint64s that don't have the top bit set. If they do have
1405 the top bit set we need to divide by 2 (rounding up) then convert the number
1406 with the signed conversion then double the result.
1408 * assembler/MacroAssemblerX86_64.h:
1409 (JSC::MacroAssemblerX86_64::convertUInt64ToDouble):
1410 (JSC::MacroAssemblerX86_64::convertUInt64ToFloat):
1412 (valueWithTypeOfWasmValue):
1414 (functionTestWasmModuleFunctions):
1415 * wasm/WasmB3IRGenerator.cpp:
1416 (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1417 (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
1418 * wasm/WasmFunctionParser.h:
1419 (JSC::Wasm::FunctionParser<Context>::parseExpression):
1422 2016-12-01 Geoffrey Garen <ggaren@apple.com>
1424 Renamed EvalCodeCache => DirectEvalCodeCache
1425 https://bugs.webkit.org/show_bug.cgi?id=165271
1427 Reviewed by Saam Barati.
1429 We only use this cache for DirectEval, not IndirectEval.
1431 * JavaScriptCore.xcodeproj/project.pbxproj:
1432 * bytecode/CodeBlock.cpp:
1433 (JSC::DirectEvalCodeCache::visitAggregate):
1434 (JSC::CodeBlock::stronglyVisitStrongReferences):
1435 (JSC::EvalCodeCache::visitAggregate): Deleted.
1436 * bytecode/CodeBlock.h:
1437 (JSC::CodeBlock::directEvalCodeCache):
1438 (JSC::CodeBlock::evalCodeCache): Deleted.
1439 * bytecode/DirectEvalCodeCache.h: Copied from Source/JavaScriptCore/bytecode/EvalCodeCache.h.
1440 (JSC::EvalCodeCache::CacheKey::CacheKey): Deleted.
1441 (JSC::EvalCodeCache::CacheKey::hash): Deleted.
1442 (JSC::EvalCodeCache::CacheKey::isEmptyValue): Deleted.
1443 (JSC::EvalCodeCache::CacheKey::operator==): Deleted.
1444 (JSC::EvalCodeCache::CacheKey::isHashTableDeletedValue): Deleted.
1445 (JSC::EvalCodeCache::CacheKey::Hash::hash): Deleted.
1446 (JSC::EvalCodeCache::CacheKey::Hash::equal): Deleted.
1447 (JSC::EvalCodeCache::tryGet): Deleted.
1448 (JSC::EvalCodeCache::set): Deleted.
1449 (JSC::EvalCodeCache::isEmpty): Deleted.
1450 (JSC::EvalCodeCache::clear): Deleted.
1451 * bytecode/EvalCodeCache.h: Removed.
1452 * interpreter/Interpreter.cpp:
1454 * runtime/DirectEvalExecutable.cpp:
1455 (JSC::DirectEvalExecutable::create):
1457 2016-12-01 Geoffrey Garen <ggaren@apple.com>
1459 Removed some unnecessary indirection in code generation
1460 https://bugs.webkit.org/show_bug.cgi?id=165264
1462 Reviewed by Keith Miller.
1464 There's no need to route through JSGlobalObject when producing code --
1465 it just made the code harder to read.
1467 This patch moves functions from JSGlobalObject to their singleton
1470 * runtime/CodeCache.cpp:
1471 (JSC::CodeCache::getUnlinkedEvalCodeBlock):
1472 (JSC::CodeCache::getUnlinkedGlobalEvalCodeBlock): Deleted.
1473 * runtime/CodeCache.h:
1474 * runtime/DirectEvalExecutable.cpp:
1475 (JSC::DirectEvalExecutable::create):
1476 * runtime/IndirectEvalExecutable.cpp:
1477 (JSC::IndirectEvalExecutable::create):
1478 * runtime/JSGlobalObject.cpp:
1479 (JSC::JSGlobalObject::createProgramCodeBlock): Deleted.
1480 (JSC::JSGlobalObject::createLocalEvalCodeBlock): Deleted.
1481 (JSC::JSGlobalObject::createGlobalEvalCodeBlock): Deleted.
1482 (JSC::JSGlobalObject::createModuleProgramCodeBlock): Deleted.
1483 * runtime/JSGlobalObject.h:
1484 * runtime/ModuleProgramExecutable.cpp:
1485 (JSC::ModuleProgramExecutable::create):
1486 * runtime/ProgramExecutable.cpp:
1487 (JSC::ProgramExecutable::initializeGlobalProperties):
1488 * runtime/ProgramExecutable.h:
1490 2016-11-30 Darin Adler <darin@apple.com>
1492 Roll out StringBuilder changes from the previous patch.
1493 They were a slowdown on a Kraken JSON test.
1495 * runtime/JSONObject.cpp:
1496 Roll out changes from below.
1498 2016-11-30 Yusuke Suzuki <utatane.tea@gmail.com>
1500 [JSC] Specifying same module entry point multiple times cause TypeError
1501 https://bugs.webkit.org/show_bug.cgi?id=164858
1503 Reviewed by Saam Barati.
1505 Allow importing the same module multiple times. Previously, when specifying the same
1506 module in the <script type="module" src="here">, it throws TypeError.
1508 * builtins/ModuleLoaderPrototype.js:
1511 (requestInstantiate):
1514 2016-11-30 Yusuke Suzuki <utatane.tea@gmail.com>
1516 WebAssembly JS API: export a module namespace object instead of a module environment
1517 https://bugs.webkit.org/show_bug.cgi?id=165121
1519 Reviewed by Saam Barati.
1521 This patch setup AbstractModuleRecord further for WebAssemblyModuleRecord.
1522 For exported entries in a wasm instance, we set up exported entries for
1523 AbstractModuleRecord. This allows us to export WASM exported functions in
1524 the module handling code.
1526 Since the exported entries in the abstract module record are correctly
1527 instantiated, the module namespace object for WASM module also starts
1528 working correctly. So we start exposing the module namespace object
1529 as `instance.exports` instead of the module environment object.
1531 And we move SourceCode, lexicalVariables, and declaredVariables fields to
1532 JSModuleRecord since they are related to JS source code (in the spec words,
1533 they are related to the source text module record).
1535 * runtime/AbstractModuleRecord.cpp:
1536 (JSC::AbstractModuleRecord::AbstractModuleRecord):
1537 * runtime/AbstractModuleRecord.h:
1538 (JSC::AbstractModuleRecord::sourceCode): Deleted.
1539 (JSC::AbstractModuleRecord::declaredVariables): Deleted.
1540 (JSC::AbstractModuleRecord::lexicalVariables): Deleted.
1541 * runtime/JSModuleRecord.cpp:
1542 (JSC::JSModuleRecord::JSModuleRecord):
1543 * runtime/JSModuleRecord.h:
1544 (JSC::JSModuleRecord::sourceCode):
1545 (JSC::JSModuleRecord::declaredVariables):
1546 (JSC::JSModuleRecord::lexicalVariables):
1547 * wasm/WasmFormat.cpp:
1548 * wasm/js/JSWebAssemblyInstance.cpp:
1549 (JSC::JSWebAssemblyInstance::finishCreation):
1550 * wasm/js/WebAssemblyFunction.cpp:
1551 * wasm/js/WebAssemblyInstanceConstructor.cpp:
1552 (JSC::constructJSWebAssemblyInstance):
1553 * wasm/js/WebAssemblyModuleRecord.cpp:
1554 (JSC::WebAssemblyModuleRecord::create):
1555 (JSC::WebAssemblyModuleRecord::WebAssemblyModuleRecord):
1556 (JSC::WebAssemblyModuleRecord::finishCreation):
1557 WebAssemblyModuleRecord::link should perform linking things.
1558 So allocating exported entries should be done here.
1559 (JSC::WebAssemblyModuleRecord::link):
1560 * wasm/js/WebAssemblyModuleRecord.h:
1562 2016-11-30 Mark Lam <mark.lam@apple.com>
1564 TypeInfo::OutOfLineTypeFlags should be 16 bits in size.
1565 https://bugs.webkit.org/show_bug.cgi?id=165224
1567 Reviewed by Saam Barati.
1569 There's no reason for OutOfLineTypeFlags to be constraint to 8 bits since the
1570 space is available to us. Making OutOfLineTypeFlags 16 bits brings TypeInfo up
1571 to 32 bits in size from the current 24 bits.
1573 * runtime/JSTypeInfo.h:
1574 (JSC::TypeInfo::TypeInfo):
1576 2016-11-30 Joseph Pecoraro <pecoraro@apple.com>
1578 REGRESSION: inspector/sampling-profiler/* LayoutTests are flaky timeouts
1579 https://bugs.webkit.org/show_bug.cgi?id=164388
1580 <rdar://problem/29101555>
1582 Reviewed by Saam Barati.
1584 There was a possibility of a deadlock between the main thread and the GC thread
1585 with the SamplingProfiler lock when Inspector is processing samples to send to
1586 the frontend. The Inspector (main thread) was holding the SamplingProfiler lock
1587 while processing samples, which runs JavaScript that could trigger a GC, and
1588 GC then tries to acquire the SamplingProfiler lock to process unprocessed samples.
1590 A simple solution here is to tighten the bounds of when Inspector holds the
1591 SamplingProfiler lock. It only needs the lock when extracting samples from
1592 the SamplingProfiler. It doesn't need to hold the lock for processing those
1593 samples, which is what can run script and cause a GC.
1595 * inspector/agents/InspectorScriptProfilerAgent.cpp:
1596 (Inspector::InspectorScriptProfilerAgent::trackingComplete):
1597 Tighten bounds of this lock to only where it is needed.
1599 2016-11-30 Mark Lam <mark.lam@apple.com>
1601 Proxy is not allowed in the global prototype chain.
1602 https://bugs.webkit.org/show_bug.cgi?id=165205
1604 Reviewed by Geoffrey Garen.
1606 * runtime/ProgramExecutable.cpp:
1607 (JSC::ProgramExecutable::initializeGlobalProperties):
1608 - We'll now throw a TypeError if we detect a Proxy in the global prototype chain.
1610 2016-11-30 Commit Queue <commit-queue@webkit.org>
1612 Unreviewed, rolling out r209112.
1613 https://bugs.webkit.org/show_bug.cgi?id=165208
1615 "It regressed Octane/Raytrace and JetStream" (Requested by
1616 saamyjoon on #webkit).
1620 "We should support CreateThis in the FTL"
1621 https://bugs.webkit.org/show_bug.cgi?id=164904
1622 http://trac.webkit.org/changeset/209112
1624 2016-11-30 Darin Adler <darin@apple.com>
1626 Streamline and speed up tokenizer and segmented string classes
1627 https://bugs.webkit.org/show_bug.cgi?id=165003
1629 Reviewed by Sam Weinig.
1631 * runtime/JSONObject.cpp:
1632 (JSC::Stringifier::appendStringifiedValue): Use viewWithUnderlyingString when calling
1633 StringBuilder::appendQuotedJSONString, since it now takes a StringView and there is
1634 no benefit in creating a String for that function if one doesn't already exist.
1636 2016-11-29 JF Bastien <jfbastien@apple.com>
1638 WebAssembly JS API: improve Instance
1639 https://bugs.webkit.org/show_bug.cgi?id=164757
1641 Reviewed by Keith Miller.
1643 An Instance's `exports` property wasn't populated with exports.
1645 According to the spec [0], `exports` should present itself as a WebAssembly
1646 Module Record. In order to do this we need to split JSModuleRecord into
1647 AbstractModuleRecord (without the `link` and `evaluate` functions), and
1648 JSModuleRecord (which implements link and evaluate). We can then have a separate
1649 WebAssemblyModuleRecord which shares most of the implementation.
1651 `exports` then maps function names to WebAssemblyFunction and
1652 WebAssemblyFunctionCell, which call into the B3-generated WebAssembly code.
1654 A follow-up patch will do imports.
1656 A few things of note:
1658 - Use Identifier instead of String. They get uniqued, we need them for the JSModuleNamespaceObject. This is safe because JSWebAssemblyModule creation is on the main thread.
1659 - JSWebAssemblyInstance needs to refer to the JSWebAssemblyModule used to create it, because the module owns the code, identifiers, etc. The world would be very sad if it got GC'd.
1660 - Instance.exports shouldn't use putWithoutTransition because it affects all Structures, whereas here each instance needs its own exports.
1661 - Expose the compiled functions, and pipe them to the InstanceConstructor. Start moving things around to split JSModuleRecord out into JS and WebAssembly parts.
1663 [0]: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstance-constructor
1666 * JavaScriptCore.xcodeproj/project.pbxproj:
1667 * runtime/AbstractModuleRecord.cpp: Copied from Source/JavaScriptCore/runtime/JSModuleRecord.cpp, which I split in two
1668 (JSC::AbstractModuleRecord::AbstractModuleRecord):
1669 (JSC::AbstractModuleRecord::destroy):
1670 (JSC::AbstractModuleRecord::finishCreation):
1671 (JSC::AbstractModuleRecord::visitChildren):
1672 (JSC::AbstractModuleRecord::appendRequestedModule):
1673 (JSC::AbstractModuleRecord::addStarExportEntry):
1674 (JSC::AbstractModuleRecord::addImportEntry):
1675 (JSC::AbstractModuleRecord::addExportEntry):
1676 (JSC::identifierToJSValue):
1677 (JSC::AbstractModuleRecord::hostResolveImportedModule):
1678 (JSC::AbstractModuleRecord::ResolveQuery::ResolveQuery):
1679 (JSC::AbstractModuleRecord::ResolveQuery::isEmptyValue):
1680 (JSC::AbstractModuleRecord::ResolveQuery::isDeletedValue):
1681 (JSC::AbstractModuleRecord::ResolveQuery::Hash::hash):
1682 (JSC::AbstractModuleRecord::ResolveQuery::Hash::equal):
1683 (JSC::AbstractModuleRecord::cacheResolution):
1684 (JSC::getExportedNames):
1685 (JSC::AbstractModuleRecord::getModuleNamespace):
1686 (JSC::printableName):
1687 (JSC::AbstractModuleRecord::dump):
1688 * runtime/AbstractModuleRecord.h: Copied from Source/JavaScriptCore/runtime/JSModuleRecord.h.
1689 (JSC::AbstractModuleRecord::ImportEntry::isNamespace):
1690 (JSC::AbstractModuleRecord::sourceCode):
1691 (JSC::AbstractModuleRecord::moduleKey):
1692 (JSC::AbstractModuleRecord::requestedModules):
1693 (JSC::AbstractModuleRecord::exportEntries):
1694 (JSC::AbstractModuleRecord::importEntries):
1695 (JSC::AbstractModuleRecord::starExportEntries):
1696 (JSC::AbstractModuleRecord::declaredVariables):
1697 (JSC::AbstractModuleRecord::lexicalVariables):
1698 (JSC::AbstractModuleRecord::moduleEnvironment):
1699 * runtime/JSGlobalObject.cpp:
1700 (JSC::JSGlobalObject::init):
1701 (JSC::JSGlobalObject::visitChildren):
1702 * runtime/JSGlobalObject.h:
1703 (JSC::JSGlobalObject::webAssemblyModuleRecordStructure):
1704 (JSC::JSGlobalObject::webAssemblyFunctionStructure):
1705 * runtime/JSModuleEnvironment.cpp:
1706 (JSC::JSModuleEnvironment::create):
1707 (JSC::JSModuleEnvironment::finishCreation):
1708 (JSC::JSModuleEnvironment::getOwnPropertySlot):
1709 (JSC::JSModuleEnvironment::getOwnNonIndexPropertyNames):
1710 (JSC::JSModuleEnvironment::put):
1711 (JSC::JSModuleEnvironment::deleteProperty):
1712 * runtime/JSModuleEnvironment.h:
1713 (JSC::JSModuleEnvironment::create):
1714 (JSC::JSModuleEnvironment::offsetOfModuleRecord):
1715 (JSC::JSModuleEnvironment::allocationSize):
1716 (JSC::JSModuleEnvironment::moduleRecord):
1717 (JSC::JSModuleEnvironment::moduleRecordSlot):
1718 * runtime/JSModuleNamespaceObject.cpp:
1719 (JSC::JSModuleNamespaceObject::finishCreation):
1720 (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1721 * runtime/JSModuleNamespaceObject.h:
1722 (JSC::JSModuleNamespaceObject::create):
1723 (JSC::JSModuleNamespaceObject::moduleRecord):
1724 * runtime/JSModuleRecord.cpp:
1725 (JSC::JSModuleRecord::createStructure):
1726 (JSC::JSModuleRecord::create):
1727 (JSC::JSModuleRecord::JSModuleRecord):
1728 (JSC::JSModuleRecord::destroy):
1729 (JSC::JSModuleRecord::finishCreation):
1730 (JSC::JSModuleRecord::visitChildren):
1731 (JSC::JSModuleRecord::instantiateDeclarations):
1732 * runtime/JSModuleRecord.h:
1733 * runtime/JSScope.cpp:
1734 (JSC::abstractAccess):
1735 (JSC::JSScope::collectClosureVariablesUnderTDZ):
1739 * wasm/JSWebAssembly.h:
1740 * wasm/WasmFormat.h: use Identifier instead of String
1741 * wasm/WasmModuleParser.cpp:
1742 (JSC::Wasm::ModuleParser::parse):
1743 (JSC::Wasm::ModuleParser::parseType):
1744 (JSC::Wasm::ModuleParser::parseImport): fix off-by-one
1745 (JSC::Wasm::ModuleParser::parseFunction):
1746 (JSC::Wasm::ModuleParser::parseExport):
1747 * wasm/WasmModuleParser.h:
1748 (JSC::Wasm::ModuleParser::ModuleParser):
1749 * wasm/WasmPlan.cpp:
1750 (JSC::Wasm::Plan::run):
1751 * wasm/js/JSWebAssemblyInstance.cpp:
1752 (JSC::JSWebAssemblyInstance::create):
1753 (JSC::JSWebAssemblyInstance::finishCreation):
1754 (JSC::JSWebAssemblyInstance::visitChildren):
1755 * wasm/js/JSWebAssemblyInstance.h:
1756 (JSC::JSWebAssemblyInstance::module):
1757 * wasm/js/JSWebAssemblyModule.cpp:
1758 (JSC::JSWebAssemblyModule::create):
1759 (JSC::JSWebAssemblyModule::finishCreation):
1760 (JSC::JSWebAssemblyModule::visitChildren):
1761 * wasm/js/JSWebAssemblyModule.h:
1762 (JSC::JSWebAssemblyModule::moduleInformation):
1763 (JSC::JSWebAssemblyModule::compiledFunctions):
1764 (JSC::JSWebAssemblyModule::exportSymbolTable):
1765 * wasm/js/WebAssemblyFunction.cpp: Added.
1766 (JSC::callWebAssemblyFunction):
1767 (JSC::WebAssemblyFunction::create):
1768 (JSC::WebAssemblyFunction::createStructure):
1769 (JSC::WebAssemblyFunction::WebAssemblyFunction):
1770 (JSC::WebAssemblyFunction::visitChildren):
1771 (JSC::WebAssemblyFunction::finishCreation):
1772 * wasm/js/WebAssemblyFunction.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
1773 (JSC::CallableWebAssemblyFunction::CallableWebAssemblyFunction):
1774 (JSC::WebAssemblyFunction::webAssemblyFunctionCell):
1775 * wasm/js/WebAssemblyFunctionCell.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h.
1776 (JSC::WebAssemblyFunctionCell::create):
1777 (JSC::WebAssemblyFunctionCell::WebAssemblyFunctionCell):
1778 (JSC::WebAssemblyFunctionCell::destroy):
1779 (JSC::WebAssemblyFunctionCell::createStructure):
1780 * wasm/js/WebAssemblyFunctionCell.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h.
1781 (JSC::WebAssemblyFunctionCell::function):
1782 * wasm/js/WebAssemblyInstanceConstructor.cpp:
1783 (JSC::constructJSWebAssemblyInstance):
1784 * wasm/js/WebAssemblyModuleConstructor.cpp:
1785 (JSC::constructJSWebAssemblyModule):
1786 * wasm/js/WebAssemblyModuleRecord.cpp: Added.
1787 (JSC::WebAssemblyModuleRecord::createStructure):
1788 (JSC::WebAssemblyModuleRecord::create):
1789 (JSC::WebAssemblyModuleRecord::WebAssemblyModuleRecord):
1790 (JSC::WebAssemblyModuleRecord::destroy):
1791 (JSC::WebAssemblyModuleRecord::finishCreation):
1792 (JSC::WebAssemblyModuleRecord::visitChildren):
1793 (JSC::WebAssemblyModuleRecord::link):
1794 (JSC::WebAssemblyModuleRecord::evaluate):
1795 * wasm/js/WebAssemblyModuleRecord.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
1797 2016-11-29 Saam Barati <sbarati@apple.com>
1799 We should be able optimize the pattern where we spread a function's rest parameter to another call
1800 https://bugs.webkit.org/show_bug.cgi?id=163865
1802 Reviewed by Filip Pizlo.
1804 This patch optimizes the following patterns to prevent both the allocation
1805 of the rest parameter, and the execution of the iterator protocol:
1808 function foo(...args) {
1809 let arr = [...args];
1814 function foo(...args) {
1819 To do this, I've extended the arguments elimination phase to reason
1820 about Spread and NewArrayWithSpread. I've added two new nodes, PhantomSpread
1821 and PhantomNewArrayWithSpread. PhantomSpread is only allowed over rest
1822 parameters that don't escape. If the rest parameter *does* escape, we can't
1823 convert the spread into a phantom because it would not be sound w.r.t JS
1824 semantics because we would be reading from the call frame even though
1825 the rest array may have changed.
1827 Note that NewArrayWithSpread also understands what to do when one of its
1828 arguments is PhantomSpread(@PhantomCreateRest) even if it itself is escaped.
1830 PhantomNewArrayWithSpread is only allowed over a series of
1831 PhantomSpread(@PhantomCreateRest) nodes. Like with PhantomSpread, PhantomNewArrayWithSpread
1832 is only allowed if none of its arguments that are being spread are escaped
1833 and if it itself is not escaped.
1835 Because there is a dependency between a node being a candidate and
1836 the escaped state of the node's children, I've extended the notion
1837 of escaping a node inside the arguments elimination phase. Now, when
1838 any node is escaped, we must consider all other candidates that are may
1839 now no longer be valid.
1844 function foo(...args) {
1850 In the above program, we don't know if the function call to escape()
1851 modifies args, therefore, the spread can not become phantom because
1852 the execution of the spread may not be as simple as reading the
1853 arguments from the call frame.
1855 Unfortunately, the arguments elimination phase does not consider control
1856 flow when doing its escape analysis. It would be good to integrate this
1857 phase with the object allocation sinking phase. To see why, consider
1858 an example where we don't eliminate the spread and allocation of the rest
1859 parameter even though we could:
1862 function foo(rareCondition, ...args) {
1869 There are only a few users of the PhantomSpread and PhantomNewArrayWithSpread
1870 nodes. PhantomSpread is only used by PhantomNewArrayWithSpread and NewArrayWithSpread.
1871 PhantomNewArrayWithSpread is only used by ForwardVarargs and the various
1872 *Call*ForwardVarargs nodes. The users of these phantoms know how to produce
1873 what the phantom node would have produced. For example, NewArrayWithSpread
1874 knows how to produce the values that would have been produced by PhantomSpread(@PhantomCreateRest)
1875 by directly reading from the call frame.
1877 This patch is a 6% speedup on my MBP on ES6SampleBench.
1879 * b3/B3LowerToAir.cpp:
1880 (JSC::B3::Air::LowerToAir::tryAppendLea):
1882 * builtins/BuiltinExecutables.cpp:
1883 (JSC::BuiltinExecutables::createDefaultConstructor):
1884 * dfg/DFGAbstractInterpreterInlines.h:
1885 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1886 * dfg/DFGArgumentsEliminationPhase.cpp:
1887 * dfg/DFGClobberize.h:
1888 (JSC::DFG::clobberize):
1889 * dfg/DFGDoesGC.cpp:
1891 * dfg/DFGFixupPhase.cpp:
1892 (JSC::DFG::FixupPhase::fixupNode):
1893 * dfg/DFGForAllKills.h:
1894 (JSC::DFG::forAllKillsInBlock):
1896 (JSC::DFG::Node::hasConstant):
1897 (JSC::DFG::Node::constant):
1898 (JSC::DFG::Node::bitVector):
1899 (JSC::DFG::Node::isPhantomAllocation):
1900 * dfg/DFGNodeType.h:
1901 * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
1902 (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
1903 (JSC::DFG::LocalOSRAvailabilityCalculator::LocalOSRAvailabilityCalculator):
1904 (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
1905 * dfg/DFGOSRAvailabilityAnalysisPhase.h:
1906 * dfg/DFGObjectAllocationSinkingPhase.cpp:
1907 * dfg/DFGPreciseLocalClobberize.h:
1908 (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
1909 * dfg/DFGPredictionPropagationPhase.cpp:
1910 * dfg/DFGPromotedHeapLocation.cpp:
1911 (WTF::printInternal):
1912 * dfg/DFGPromotedHeapLocation.h:
1913 * dfg/DFGSafeToExecute.h:
1914 (JSC::DFG::safeToExecute):
1915 * dfg/DFGSpeculativeJIT32_64.cpp:
1916 (JSC::DFG::SpeculativeJIT::compile):
1917 * dfg/DFGSpeculativeJIT64.cpp:
1918 (JSC::DFG::SpeculativeJIT::compile):
1919 * dfg/DFGValidate.cpp:
1920 * ftl/FTLCapabilities.cpp:
1921 (JSC::FTL::canCompile):
1922 * ftl/FTLLowerDFGToB3.cpp:
1923 (JSC::FTL::DFG::LowerDFGToB3::LowerDFGToB3):
1924 (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1925 (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
1926 (JSC::FTL::DFG::LowerDFGToB3::compileSpread):
1927 (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1928 (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1929 (JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargs):
1930 (JSC::FTL::DFG::LowerDFGToB3::getSpreadLengthFromInlineCallFrame):
1931 (JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargsWithSpread):
1932 * ftl/FTLOperations.cpp:
1933 (JSC::FTL::operationPopulateObjectInOSR):
1934 (JSC::FTL::operationMaterializeObjectInOSR):
1935 * jit/SetupVarargsFrame.cpp:
1936 (JSC::emitSetupVarargsFrameFastCase):
1938 (GlobalObject::finishCreation):
1939 (functionMaxArguments):
1940 * runtime/JSFixedArray.h:
1941 (JSC::JSFixedArray::createFromArray):
1943 2016-11-29 Commit Queue <commit-queue@webkit.org>
1945 Unreviewed, rolling out r209058 and r209074.
1946 https://bugs.webkit.org/show_bug.cgi?id=165188
1948 These changes caused API test StringBuilderTest.Equal to crash
1949 and/or fail. (Requested by ryanhaddad on #webkit).
1951 Reverted changesets:
1953 "Streamline and speed up tokenizer and segmented string
1955 https://bugs.webkit.org/show_bug.cgi?id=165003
1956 http://trac.webkit.org/changeset/209058
1958 "REGRESSION (r209058): API test StringBuilderTest.Equal
1960 https://bugs.webkit.org/show_bug.cgi?id=165142
1961 http://trac.webkit.org/changeset/209074
1963 2016-11-29 Caitlin Potter <caitp@igalia.com>
1965 [JSC] always wrap AwaitExpression operand in a new Promise
1966 https://bugs.webkit.org/show_bug.cgi?id=165181
1968 Reviewed by Yusuke Suzuki.
1970 Ensure operand of AwaitExpression is wrapped in a new Promise by
1971 explicitly creating a new Promise Capability and invoking its
1972 resolve callback. This avoids the specified short-circuit for
1975 * builtins/AsyncFunctionPrototype.js:
1976 (globalPrivate.asyncFunctionResume):
1978 2016-11-29 Saam Barati <sbarati@apple.com>
1980 We should support CreateThis in the FTL
1981 https://bugs.webkit.org/show_bug.cgi?id=164904
1983 Reviewed by Geoffrey Garen.
1985 * ftl/FTLAbstractHeapRepository.h:
1986 * ftl/FTLCapabilities.cpp:
1987 (JSC::FTL::canCompile):
1988 * ftl/FTLLowerDFGToB3.cpp:
1989 (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1990 (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
1991 (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
1992 (JSC::FTL::DFG::LowerDFGToB3::compileCreateThis):
1993 (JSC::FTL::DFG::LowerDFGToB3::storeStructure):
1994 (JSC::FTL::DFG::LowerDFGToB3::allocateCell):
1995 (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
1996 (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
1997 (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell):
1998 * runtime/Structure.h:
2000 2016-11-29 Mark Lam <mark.lam@apple.com>
2002 Fix exception scope verification failures in runtime/RegExp* files.
2003 https://bugs.webkit.org/show_bug.cgi?id=165054
2005 Reviewed by Saam Barati.
2007 Also replaced returning JSValue() with returning { }.
2009 * runtime/RegExpConstructor.cpp:
2011 (JSC::regExpCreate):
2012 (JSC::constructRegExp):
2013 * runtime/RegExpObject.cpp:
2014 (JSC::RegExpObject::defineOwnProperty):
2015 (JSC::collectMatches):
2016 (JSC::RegExpObject::matchGlobal):
2017 * runtime/RegExpObjectInlines.h:
2018 (JSC::getRegExpObjectLastIndexAsUnsigned):
2019 (JSC::RegExpObject::execInline):
2020 (JSC::RegExpObject::matchInline):
2021 * runtime/RegExpPrototype.cpp:
2022 (JSC::regExpProtoFuncCompile):
2024 (JSC::regExpProtoFuncToString):
2025 (JSC::regExpProtoFuncSplitFast):
2027 2016-11-29 Andy Estes <aestes@apple.com>
2029 [Cocoa] Enable two clang warnings recommended by Xcode
2030 https://bugs.webkit.org/show_bug.cgi?id=164498
2032 Reviewed by Mark Lam.
2034 * Configurations/Base.xcconfig: Enabled CLANG_WARN_INFINITE_RECURSION and CLANG_WARN_SUSPICIOUS_MOVE.
2036 2016-11-29 Keith Miller <keith_miller@apple.com>
2038 Add simple way to implement Wasm ops that require more than one B3 opcode
2039 https://bugs.webkit.org/show_bug.cgi?id=165129
2041 Reviewed by Geoffrey Garen.
2043 This patch adds a simple way to show the B3IRGenerator opcode script how
2044 to generate code for Wasm opcodes that do not have a one to one mapping.
2045 The syntax is pretty simple right now. There are only three things one
2046 can use as of this patch (although more things might be added in the future)
2047 1) Wasm opcode arguments: These are referred to as @<argument_number>. For example,
2048 I32.sub would map to Sub(@0, @1).
2049 2) 32-bit int constants: These are reffered to as i32(<value>). For example, i32.inc
2050 would map to Add(@0, i32(1))
2051 3) B3 opcodes: These are referred to as the B3 opcode name followed by the B3Value's constructor
2052 arguments. A value may take the result of another value as an argument. For example, you can do
2053 Div(Mul(@0, Add(@0, i32(1))), i32(2)) if there was a b3 opcode that computed the sum from 1 to n.
2055 These scripts are used to implement Wasm's eqz and floating point max/min opcodes. This patch
2056 also adds missing support for the Wasm Neg opcodes.
2060 (functionTestWasmModuleFunctions):
2061 * wasm/WasmB3IRGenerator.cpp:
2062 (JSC::Wasm::toB3Op): Deleted.
2063 * wasm/WasmFunctionParser.h:
2064 (JSC::Wasm::FunctionParser<Context>::parseBody):
2065 * wasm/WasmModuleParser.cpp:
2066 (JSC::Wasm::ModuleParser::parseType):
2067 * wasm/WasmParser.h:
2068 (JSC::Wasm::Parser::parseUInt8):
2069 (JSC::Wasm::Parser::parseValueType):
2070 * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
2076 (CodeGenerator.__init__):
2077 (CodeGenerator.advance):
2078 (CodeGenerator.token):
2079 (CodeGenerator.parseError):
2080 (CodeGenerator.consume):
2081 (CodeGenerator.generateParameters):
2082 (CodeGenerator.generateOpcode):
2083 (CodeGenerator.generate):
2086 (generateI32ConstCode):
2088 (generateSimpleCode):
2091 2016-11-29 Mark Lam <mark.lam@apple.com>
2093 Fix exception scope verification failures in ProxyConstructor.cpp and ProxyObject.cpp.
2094 https://bugs.webkit.org/show_bug.cgi?id=165053
2096 Reviewed by Saam Barati.
2098 Also replaced returning JSValue() with returning { }.
2100 * runtime/ProxyConstructor.cpp:
2101 (JSC::constructProxyObject):
2102 * runtime/ProxyObject.cpp:
2103 (JSC::ProxyObject::structureForTarget):
2104 (JSC::performProxyGet):
2105 (JSC::ProxyObject::performInternalMethodGetOwnProperty):
2106 (JSC::ProxyObject::performHasProperty):
2107 (JSC::ProxyObject::getOwnPropertySlotCommon):
2108 (JSC::ProxyObject::performPut):
2109 (JSC::ProxyObject::putByIndexCommon):
2110 (JSC::performProxyCall):
2111 (JSC::performProxyConstruct):
2112 (JSC::ProxyObject::performDelete):
2113 (JSC::ProxyObject::performPreventExtensions):
2114 (JSC::ProxyObject::performIsExtensible):
2115 (JSC::ProxyObject::performDefineOwnProperty):
2116 (JSC::ProxyObject::performGetOwnPropertyNames):
2117 (JSC::ProxyObject::performSetPrototype):
2118 (JSC::ProxyObject::performGetPrototype):
2120 2016-11-28 Matt Baker <mattbaker@apple.com>
2122 Web Inspector: Debugger should have an option for showing asynchronous call stacks
2123 https://bugs.webkit.org/show_bug.cgi?id=163230
2124 <rdar://problem/28698683>
2126 Reviewed by Joseph Pecoraro.
2128 * inspector/ScriptCallFrame.cpp:
2129 (Inspector::ScriptCallFrame::isNative):
2130 Encapsulate check for native code source URL.
2132 * inspector/ScriptCallFrame.h:
2133 * inspector/ScriptCallStack.cpp:
2134 (Inspector::ScriptCallStack::firstNonNativeCallFrame):
2135 (Inspector::ScriptCallStack::buildInspectorArray):
2136 * inspector/ScriptCallStack.h:
2137 Replace use of Console::StackTrace with Array<Console::CallFrame>.
2139 * inspector/agents/InspectorDebuggerAgent.cpp:
2140 (Inspector::InspectorDebuggerAgent::disable):
2141 (Inspector::InspectorDebuggerAgent::setAsyncStackTraceDepth):
2142 Set number of async frames to store (including boundary frames).
2143 A value of zero disables recording of async call stacks.
2145 (Inspector::InspectorDebuggerAgent::buildAsyncStackTrace):
2146 Helper function for building a linked list StackTraces.
2147 (Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):
2148 Store a call stack for the script that scheduled the async call.
2149 If the call repeats (e.g. setInterval), the starting reference count is
2150 set to 1. This ensures that dereffing after dispatch won't clear the stack.
2151 If another async call is currently being dispatched, increment the
2152 AsyncCallData reference count for that call.
2154 (Inspector::InspectorDebuggerAgent::didCancelAsyncCall):
2155 Decrement the reference count for the canceled call.
2157 (Inspector::InspectorDebuggerAgent::willDispatchAsyncCall):
2158 Set the identifier for the async callback currently being dispatched,
2159 so that if the debugger pauses during dispatch a stack trace can be
2160 associated with the pause location. If an async call is already being
2161 dispatched, which could be the case when a script schedules an async
2162 call in a nested runloop, do nothing.
2164 (Inspector::InspectorDebuggerAgent::didDispatchAsyncCall):
2165 Decrement the reference count for the canceled call.
2166 (Inspector::InspectorDebuggerAgent::didPause):
2167 If a stored stack trace exists for this location, convert to a protocol
2168 object and send to the frontend.
2170 (Inspector::InspectorDebuggerAgent::didClearGlobalObject):
2171 (Inspector::InspectorDebuggerAgent::clearAsyncStackTraceData):
2172 (Inspector::InspectorDebuggerAgent::refAsyncCallData):
2173 Increment AsyncCallData reference count.
2174 (Inspector::InspectorDebuggerAgent::derefAsyncCallData):
2175 Decrement AsyncCallData reference count. If zero, deref its parent
2176 (if it exists) and remove the AsyncCallData entry.
2178 * inspector/agents/InspectorDebuggerAgent.h:
2180 * inspector/protocol/Console.json:
2181 * inspector/protocol/Network.json:
2182 Replace use of Console.StackTrace with array of Console.CallFrame.
2184 * inspector/protocol/Debugger.json:
2185 New protocol command and event data.
2187 2016-11-28 Darin Adler <darin@apple.com>
2189 Streamline and speed up tokenizer and segmented string classes
2190 https://bugs.webkit.org/show_bug.cgi?id=165003
2192 Reviewed by Sam Weinig.
2194 * runtime/JSONObject.cpp:
2195 (JSC::Stringifier::appendStringifiedValue): Use viewWithUnderlyingString when calling
2196 StringBuilder::appendQuotedJSONString, since it now takes a StringView and there is
2197 no benefit in creating a String for that function if one doesn't already exist.
2199 2016-11-21 Mark Lam <mark.lam@apple.com>
2201 Fix exception scope verification failures in runtime/Intl* files.
2202 https://bugs.webkit.org/show_bug.cgi?id=165014
2204 Reviewed by Saam Barati.
2206 * runtime/IntlCollatorConstructor.cpp:
2207 (JSC::constructIntlCollator):
2208 (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
2209 * runtime/IntlCollatorPrototype.cpp:
2210 (JSC::IntlCollatorPrototypeFuncResolvedOptions):
2211 * runtime/IntlDateTimeFormatConstructor.cpp:
2212 (JSC::constructIntlDateTimeFormat):
2213 (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
2214 * runtime/IntlDateTimeFormatPrototype.cpp:
2215 (JSC::IntlDateTimeFormatFuncFormatDateTime):
2216 (JSC::IntlDateTimeFormatPrototypeGetterFormat):
2217 (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
2218 * runtime/IntlNumberFormatConstructor.cpp:
2219 (JSC::constructIntlNumberFormat):
2220 (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
2221 * runtime/IntlNumberFormatPrototype.cpp:
2222 (JSC::IntlNumberFormatFuncFormatNumber):
2223 (JSC::IntlNumberFormatPrototypeGetterFormat):
2224 (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
2225 * runtime/IntlObject.cpp:
2226 (JSC::lookupSupportedLocales):
2227 * runtime/IntlObjectInlines.h:
2228 (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
2230 2016-11-28 Mark Lam <mark.lam@apple.com>
2232 Fix exception scope verification failures in IteratorOperations.h.
2233 https://bugs.webkit.org/show_bug.cgi?id=165015
2235 Reviewed by Saam Barati.
2237 * runtime/IteratorOperations.h:
2238 (JSC::forEachInIterable):
2240 2016-11-28 Mark Lam <mark.lam@apple.com>
2242 Fix exception scope verification failures in JSArray* files.
2243 https://bugs.webkit.org/show_bug.cgi?id=165016
2245 Reviewed by Saam Barati.
2247 * runtime/JSArray.cpp:
2248 (JSC::JSArray::defineOwnProperty):
2249 (JSC::JSArray::put):
2250 (JSC::JSArray::setLength):
2251 (JSC::JSArray::pop):
2252 (JSC::JSArray::push):
2253 (JSC::JSArray::unshiftCountWithAnyIndexingType):
2254 * runtime/JSArrayBuffer.cpp:
2255 (JSC::JSArrayBuffer::put):
2256 (JSC::JSArrayBuffer::defineOwnProperty):
2257 * runtime/JSArrayInlines.h:
2261 2016-11-28 Mark Lam <mark.lam@apple.com>
2263 Fix exception scope verification failures in JSDataView.cpp.
2264 https://bugs.webkit.org/show_bug.cgi?id=165020
2266 Reviewed by Saam Barati.
2268 * runtime/JSDataView.cpp:
2269 (JSC::JSDataView::put):
2271 2016-11-28 Mark Lam <mark.lam@apple.com>
2273 Fix exception scope verification failures in JSFunction.cpp.
2274 https://bugs.webkit.org/show_bug.cgi?id=165021
2276 Reviewed by Saam Barati.
2278 * runtime/JSFunction.cpp:
2279 (JSC::JSFunction::put):
2280 (JSC::JSFunction::defineOwnProperty):
2282 2016-11-28 Mark Lam <mark.lam@apple.com>
2284 Fix exception scope verification failures in runtime/JSGenericTypedArrayView* files.
2285 https://bugs.webkit.org/show_bug.cgi?id=165022
2287 Reviewed by Saam Barati.
2289 * runtime/JSGenericTypedArrayViewConstructorInlines.h:
2290 (JSC::constructGenericTypedArrayViewFromIterator):
2291 (JSC::constructGenericTypedArrayViewWithArguments):
2292 (JSC::constructGenericTypedArrayView):
2293 * runtime/JSGenericTypedArrayViewInlines.h:
2294 (JSC::JSGenericTypedArrayView<Adaptor>::set):
2295 (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
2296 * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
2297 (JSC::speciesConstruct):
2298 (JSC::genericTypedArrayViewProtoFuncSet):
2299 (JSC::genericTypedArrayViewProtoFuncJoin):
2300 (JSC::genericTypedArrayViewProtoFuncSlice):
2301 (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
2303 2016-11-28 Mark Lam <mark.lam@apple.com>
2305 Fix exception scope verification failures in runtime/Operations.cpp/h.
2306 https://bugs.webkit.org/show_bug.cgi?id=165046
2308 Reviewed by Saam Barati.
2310 Also switched to using returning { } instead of JSValue().
2312 * runtime/Operations.cpp:
2313 (JSC::jsAddSlowCase):
2314 (JSC::jsIsObjectTypeOrNull):
2315 * runtime/Operations.h:
2316 (JSC::jsStringFromRegisterArray):
2317 (JSC::jsStringFromArguments):
2321 2016-11-28 Mark Lam <mark.lam@apple.com>
2323 Fix exception scope verification failures in JSScope.cpp.
2324 https://bugs.webkit.org/show_bug.cgi?id=165047
2326 Reviewed by Saam Barati.
2328 * runtime/JSScope.cpp:
2329 (JSC::JSScope::resolve):
2331 2016-11-28 Mark Lam <mark.lam@apple.com>
2333 Fix exception scope verification failures in JSTypedArrayViewPrototype.cpp.
2334 https://bugs.webkit.org/show_bug.cgi?id=165049
2336 Reviewed by Saam Barati.
2338 * runtime/JSTypedArrayViewPrototype.cpp:
2339 (JSC::typedArrayViewPrivateFuncSort):
2340 (JSC::typedArrayViewProtoFuncSet):
2341 (JSC::typedArrayViewProtoFuncCopyWithin):
2342 (JSC::typedArrayViewProtoFuncIncludes):
2343 (JSC::typedArrayViewProtoFuncLastIndexOf):
2344 (JSC::typedArrayViewProtoFuncIndexOf):
2345 (JSC::typedArrayViewProtoFuncJoin):
2346 (JSC::typedArrayViewProtoGetterFuncBuffer):
2347 (JSC::typedArrayViewProtoGetterFuncLength):
2348 (JSC::typedArrayViewProtoGetterFuncByteLength):
2349 (JSC::typedArrayViewProtoGetterFuncByteOffset):
2350 (JSC::typedArrayViewProtoFuncReverse):
2351 (JSC::typedArrayViewPrivateFuncSubarrayCreate):
2352 (JSC::typedArrayViewProtoFuncSlice):
2354 2016-11-28 Mark Lam <mark.lam@apple.com>
2356 Fix exception scope verification failures in runtime/Map* files.
2357 https://bugs.webkit.org/show_bug.cgi?id=165050
2359 Reviewed by Saam Barati.
2361 * runtime/MapConstructor.cpp:
2362 (JSC::constructMap):
2363 * runtime/MapIteratorPrototype.cpp:
2364 (JSC::MapIteratorPrototypeFuncNext):
2365 * runtime/MapPrototype.cpp:
2366 (JSC::privateFuncMapIteratorNext):
2368 2016-11-28 Mark Lam <mark.lam@apple.com>
2370 Fix exception scope verification failures in more miscellaneous files.
2371 https://bugs.webkit.org/show_bug.cgi?id=165102
2373 Reviewed by Saam Barati.
2375 * wasm/js/WebAssemblyInstanceConstructor.cpp:
2376 (JSC::constructJSWebAssemblyInstance):
2378 2016-11-28 Mark Lam <mark.lam@apple.com>
2380 Fix exception scope verification failures in runtime/Weak* files.
2381 https://bugs.webkit.org/show_bug.cgi?id=165096
2383 Reviewed by Geoffrey Garen.
2385 * runtime/WeakMapConstructor.cpp:
2386 (JSC::constructWeakMap):
2387 * runtime/WeakMapPrototype.cpp:
2388 (JSC::protoFuncWeakMapSet):
2389 * runtime/WeakSetConstructor.cpp:
2390 (JSC::constructWeakSet):
2391 * runtime/WeakSetPrototype.cpp:
2392 (JSC::protoFuncWeakSetAdd):
2394 2016-11-28 Mark Lam <mark.lam@apple.com>
2396 Fix exception scope verification failures in runtime/String* files.
2397 https://bugs.webkit.org/show_bug.cgi?id=165067
2399 Reviewed by Saam Barati.
2401 * runtime/StringConstructor.cpp:
2402 (JSC::stringFromCodePoint):
2403 (JSC::constructWithStringConstructor):
2404 * runtime/StringObject.cpp:
2405 (JSC::StringObject::put):
2406 (JSC::StringObject::putByIndex):
2407 (JSC::StringObject::defineOwnProperty):
2408 * runtime/StringPrototype.cpp:
2409 (JSC::jsSpliceSubstrings):
2410 (JSC::jsSpliceSubstringsWithSeparators):
2411 (JSC::replaceUsingRegExpSearch):
2412 (JSC::replaceUsingStringSearch):
2413 (JSC::repeatCharacter):
2415 (JSC::stringProtoFuncReplaceUsingStringSearch):
2416 (JSC::stringProtoFuncCharAt):
2417 (JSC::stringProtoFuncCodePointAt):
2418 (JSC::stringProtoFuncConcat):
2419 (JSC::stringProtoFuncIndexOf):
2420 (JSC::stringProtoFuncLastIndexOf):
2421 (JSC::splitStringByOneCharacterImpl):
2422 (JSC::stringProtoFuncSplitFast):
2423 (JSC::stringProtoFuncSubstring):
2424 (JSC::stringProtoFuncToLowerCase):
2425 (JSC::stringProtoFuncToUpperCase):
2426 (JSC::toLocaleCase):
2428 (JSC::stringProtoFuncIncludes):
2429 (JSC::builtinStringIncludesInternal):
2430 (JSC::stringProtoFuncIterator):
2432 (JSC::stringProtoFuncNormalize):
2434 2016-11-28 Mark Lam <mark.lam@apple.com>
2436 Fix exception scope verification failures in ObjectConstructor.cpp and ObjectPrototype.cpp.
2437 https://bugs.webkit.org/show_bug.cgi?id=165051
2439 Reviewed by Saam Barati.
2442 1. Replaced returning JSValue() with returning { }.
2443 2. Replaced uses of exec->propertyNames() with vm.propertyNames.
2445 * runtime/ObjectConstructor.cpp:
2446 (JSC::constructObject):
2447 (JSC::objectConstructorGetPrototypeOf):
2448 (JSC::objectConstructorGetOwnPropertyDescriptor):
2449 (JSC::objectConstructorGetOwnPropertyDescriptors):
2450 (JSC::objectConstructorGetOwnPropertyNames):
2451 (JSC::objectConstructorGetOwnPropertySymbols):
2452 (JSC::objectConstructorKeys):
2453 (JSC::ownEnumerablePropertyKeys):
2454 (JSC::toPropertyDescriptor):
2455 (JSC::defineProperties):
2456 (JSC::objectConstructorDefineProperties):
2457 (JSC::objectConstructorCreate):
2458 (JSC::setIntegrityLevel):
2459 (JSC::objectConstructorSeal):
2460 (JSC::objectConstructorPreventExtensions):
2461 (JSC::objectConstructorIsSealed):
2462 (JSC::objectConstructorIsFrozen):
2463 (JSC::ownPropertyKeys):
2464 * runtime/ObjectPrototype.cpp:
2465 (JSC::objectProtoFuncValueOf):
2466 (JSC::objectProtoFuncHasOwnProperty):
2467 (JSC::objectProtoFuncIsPrototypeOf):
2468 (JSC::objectProtoFuncDefineGetter):
2469 (JSC::objectProtoFuncDefineSetter):
2470 (JSC::objectProtoFuncLookupGetter):
2471 (JSC::objectProtoFuncLookupSetter):
2472 (JSC::objectProtoFuncToLocaleString):
2473 (JSC::objectProtoFuncToString):
2475 2016-11-26 Mark Lam <mark.lam@apple.com>
2477 Fix exception scope verification failures in miscellaneous files.
2478 https://bugs.webkit.org/show_bug.cgi?id=165055
2480 Reviewed by Saam Barati.
2482 * runtime/MathObject.cpp:
2483 (JSC::mathProtoFuncIMul):
2484 * runtime/ModuleLoaderPrototype.cpp:
2485 (JSC::moduleLoaderPrototypeParseModule):
2486 (JSC::moduleLoaderPrototypeRequestedModules):
2487 * runtime/NativeErrorConstructor.cpp:
2488 (JSC::Interpreter::constructWithNativeErrorConstructor):
2489 * runtime/NumberConstructor.cpp:
2490 (JSC::constructWithNumberConstructor):
2491 * runtime/SetConstructor.cpp:
2492 (JSC::constructSet):
2493 * runtime/SetIteratorPrototype.cpp:
2494 (JSC::SetIteratorPrototypeFuncNext):
2495 * runtime/SparseArrayValueMap.cpp:
2496 (JSC::SparseArrayValueMap::putEntry):
2497 (JSC::SparseArrayEntry::put):
2498 * runtime/TemplateRegistry.cpp:
2499 (JSC::TemplateRegistry::getTemplateObject):
2501 2016-11-28 Mark Lam <mark.lam@apple.com>
2503 Fix exception scope verification failures in ReflectObject.cpp.
2504 https://bugs.webkit.org/show_bug.cgi?id=165066
2506 Reviewed by Saam Barati.
2508 * runtime/ReflectObject.cpp:
2509 (JSC::reflectObjectConstruct):
2510 (JSC::reflectObjectDefineProperty):
2511 (JSC::reflectObjectEnumerate):
2512 (JSC::reflectObjectGet):
2513 (JSC::reflectObjectGetOwnPropertyDescriptor):
2514 (JSC::reflectObjectGetPrototypeOf):
2515 (JSC::reflectObjectOwnKeys):
2516 (JSC::reflectObjectSet):
2518 2016-11-24 Mark Lam <mark.lam@apple.com>
2520 Fix exception scope verification failures in ArrayConstructor.cpp and ArrayPrototype.cpp.
2521 https://bugs.webkit.org/show_bug.cgi?id=164972
2523 Reviewed by Geoffrey Garen.
2525 * runtime/ArrayConstructor.cpp:
2526 (JSC::constructArrayWithSizeQuirk):
2527 * runtime/ArrayPrototype.cpp:
2530 (JSC::speciesWatchpointsValid):
2531 (JSC::speciesConstructArray):
2534 (JSC::arrayProtoFuncToString):
2535 (JSC::arrayProtoFuncToLocaleString):
2538 (JSC::arrayProtoFuncJoin):
2539 (JSC::arrayProtoFuncPop):
2540 (JSC::arrayProtoFuncPush):
2541 (JSC::arrayProtoFuncReverse):
2542 (JSC::arrayProtoFuncShift):
2543 (JSC::arrayProtoFuncSlice):
2544 (JSC::arrayProtoFuncSplice):
2545 (JSC::arrayProtoFuncUnShift):
2546 (JSC::arrayProtoFuncIndexOf):
2547 (JSC::arrayProtoFuncLastIndexOf):
2548 (JSC::concatAppendOne):
2549 (JSC::arrayProtoPrivateFuncConcatMemcpy):
2550 (JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint):
2552 2016-11-28 Mark Lam <mark.lam@apple.com>
2554 Fix exception scope verification failures in LLIntSlowPaths.cpp.
2555 https://bugs.webkit.org/show_bug.cgi?id=164969
2557 Reviewed by Geoffrey Garen.
2559 * llint/LLIntSlowPaths.cpp:
2560 (JSC::LLInt::getByVal):
2561 (JSC::LLInt::setUpCall):
2562 (JSC::LLInt::varargsSetup):
2563 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2565 2016-11-26 Yusuke Suzuki <utatane.tea@gmail.com>
2567 [WTF] Import std::optional reference implementation as WTF::Optional
2568 https://bugs.webkit.org/show_bug.cgi?id=164199
2570 Reviewed by Saam Barati and Sam Weinig.
2572 Previous WTF::Optional::operator= is not compatible to std::optional::operator=.
2573 std::optional::emplace has the same semantics to the previous one.
2574 So we change the code to use it.
2576 * Scripts/builtins/builtins_templates.py:
2577 * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2578 * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result:
2579 * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result:
2580 * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result:
2581 * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2582 * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result:
2583 * Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result:
2584 * Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
2585 * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
2586 * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2587 * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2588 * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2589 * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2590 * assembler/MacroAssemblerARM64.h:
2591 (JSC::MacroAssemblerARM64::commuteCompareToZeroIntoTest):
2592 * assembler/MacroAssemblerX86Common.h:
2593 (JSC::MacroAssemblerX86Common::commuteCompareToZeroIntoTest):
2594 * b3/B3CheckSpecial.cpp:
2595 (JSC::B3::CheckSpecial::forEachArg):
2596 (JSC::B3::CheckSpecial::shouldTryAliasingDef):
2597 * b3/B3CheckSpecial.h:
2598 * b3/B3LowerToAir.cpp:
2599 (JSC::B3::Air::LowerToAir::scaleForShl):
2600 (JSC::B3::Air::LowerToAir::effectiveAddr):
2601 (JSC::B3::Air::LowerToAir::tryAppendLea):
2603 (JSC::B3::invertedCompare):
2605 * b3/B3PatchpointSpecial.cpp:
2606 (JSC::B3::PatchpointSpecial::forEachArg):
2607 * b3/B3StackmapSpecial.cpp:
2608 (JSC::B3::StackmapSpecial::forEachArgImpl):
2609 * b3/B3StackmapSpecial.h:
2611 (JSC::B3::Value::invertedCompare):
2613 (JSC::B3::Air::Arg::isValidScale):
2614 (JSC::B3::Air::Arg::isValidAddrForm):
2615 (JSC::B3::Air::Arg::isValidIndexForm):
2616 (JSC::B3::Air::Arg::isValidForm):
2617 * b3/air/AirCustom.h:
2618 (JSC::B3::Air::PatchCustom::shouldTryAliasingDef):
2619 * b3/air/AirFixObviousSpills.cpp:
2621 * b3/air/AirInstInlines.h:
2622 (JSC::B3::Air::Inst::shouldTryAliasingDef):
2623 * b3/air/AirIteratedRegisterCoalescing.cpp:
2624 * b3/air/AirSpecial.cpp:
2625 (JSC::B3::Air::Special::shouldTryAliasingDef):
2626 * b3/air/AirSpecial.h:
2627 * bytecode/BytecodeGeneratorification.cpp:
2628 (JSC::BytecodeGeneratorification::storageForGeneratorLocal):
2629 * bytecode/CodeBlock.cpp:
2630 (JSC::CodeBlock::findPC):
2631 (JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex):
2632 * bytecode/CodeBlock.h:
2633 * bytecode/UnlinkedFunctionExecutable.cpp:
2634 (JSC::UnlinkedFunctionExecutable::link):
2635 * bytecode/UnlinkedFunctionExecutable.h:
2636 * bytecompiler/BytecodeGenerator.h:
2637 * bytecompiler/NodesCodegen.cpp:
2638 (JSC::PropertyListNode::emitPutConstantProperty):
2639 (JSC::ObjectPatternNode::bindValue):
2640 * debugger/Debugger.cpp:
2641 (JSC::Debugger::resolveBreakpoint):
2642 * debugger/DebuggerCallFrame.cpp:
2643 (JSC::DebuggerCallFrame::currentPosition):
2644 * debugger/DebuggerParseData.cpp:
2645 (JSC::DebuggerPausePositions::breakpointLocationForLineColumn):
2646 * debugger/DebuggerParseData.h:
2647 * debugger/ScriptProfilingScope.h:
2648 * dfg/DFGAbstractInterpreterInlines.h:
2649 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2650 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeDoubleUnaryOpEffects):
2651 * dfg/DFGJITCode.cpp:
2652 (JSC::DFG::JITCode::findPC):
2654 * dfg/DFGOperations.cpp:
2655 (JSC::DFG::operationPutByValInternal):
2656 * dfg/DFGSlowPathGenerator.h:
2657 (JSC::DFG::SlowPathGenerator::generate):
2658 * dfg/DFGSpeculativeJIT.cpp:
2659 (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
2660 (JSC::DFG::SpeculativeJIT::emitUntypedBitOp):
2661 (JSC::DFG::SpeculativeJIT::emitUntypedRightShiftBitOp):
2662 (JSC::DFG::SpeculativeJIT::compileMathIC):
2663 (JSC::DFG::SpeculativeJIT::compileArithDiv):
2664 (JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
2665 * dfg/DFGSpeculativeJIT.h:
2666 * dfg/DFGSpeculativeJIT32_64.cpp:
2667 (JSC::DFG::SpeculativeJIT::compile):
2668 * dfg/DFGSpeculativeJIT64.cpp:
2669 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2670 (JSC::DFG::SpeculativeJIT::emitBranch):
2671 (JSC::DFG::SpeculativeJIT::compile):
2672 * dfg/DFGStrengthReductionPhase.cpp:
2673 (JSC::DFG::StrengthReductionPhase::handleNode):
2674 * ftl/FTLJITCode.cpp:
2675 (JSC::FTL::JITCode::findPC):
2678 (JSC::Heap::collectAsync):
2679 (JSC::Heap::collectSync):
2680 (JSC::Heap::collectInThread):
2681 (JSC::Heap::requestCollection):
2682 (JSC::Heap::willStartCollection):
2683 (JSC::Heap::didFinishCollection):
2684 (JSC::Heap::shouldDoFullCollection):
2686 (JSC::Heap::collectionScope):
2687 * heap/HeapSnapshot.cpp:
2688 (JSC::HeapSnapshot::nodeForCell):
2689 (JSC::HeapSnapshot::nodeForObjectIdentifier):
2690 * heap/HeapSnapshot.h:
2691 * inspector/InspectorBackendDispatcher.cpp:
2692 (Inspector::BackendDispatcher::dispatch):
2693 (Inspector::BackendDispatcher::sendPendingErrors):
2694 (Inspector::BackendDispatcher::reportProtocolError):
2695 * inspector/InspectorBackendDispatcher.h:
2696 * inspector/agents/InspectorHeapAgent.cpp:
2697 (Inspector::InspectorHeapAgent::nodeForHeapObjectIdentifier):
2698 (Inspector::InspectorHeapAgent::getPreview):
2699 (Inspector::InspectorHeapAgent::getRemoteObject):
2700 * inspector/agents/InspectorHeapAgent.h:
2701 * inspector/remote/RemoteConnectionToTarget.h:
2702 * inspector/remote/RemoteConnectionToTarget.mm:
2703 (Inspector::RemoteConnectionToTarget::targetIdentifier):
2704 (Inspector::RemoteConnectionToTarget::setup):
2705 * inspector/remote/RemoteInspector.h:
2706 * inspector/remote/RemoteInspector.mm:
2707 (Inspector::RemoteInspector::updateClientCapabilities):
2708 * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2709 (_generate_declarations_for_enum_conversion_methods):
2710 (_generate_declarations_for_enum_conversion_methods.return_type_with_export_macro):
2711 * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2712 (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain.generate_conversion_method_body):
2713 * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2714 * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2715 * inspector/scripts/tests/expected/enum-values.json-result:
2716 * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2717 * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2718 * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2719 * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2721 (JSC::JITCode::findPC):
2722 * jit/JITDivGenerator.cpp:
2723 (JSC::JITDivGenerator::generateFastPath):
2724 * jit/JITOperations.cpp:
2725 * jit/PCToCodeOriginMap.cpp:
2726 (JSC::PCToCodeOriginMap::findPC):
2727 * jit/PCToCodeOriginMap.h:
2729 (WTF::RuntimeArray::getOwnPropertySlot):
2730 * llint/LLIntSlowPaths.cpp:
2731 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2732 * parser/ModuleAnalyzer.cpp:
2733 (JSC::ModuleAnalyzer::exportVariable):
2734 * runtime/ConcurrentJSLock.h:
2735 (JSC::ConcurrentJSLocker::ConcurrentJSLocker):
2736 * runtime/DefinePropertyAttributes.h:
2737 (JSC::DefinePropertyAttributes::writable):
2738 (JSC::DefinePropertyAttributes::configurable):
2739 (JSC::DefinePropertyAttributes::enumerable):
2740 * runtime/GenericArgumentsInlines.h:
2741 (JSC::GenericArguments<Type>::getOwnPropertySlot):
2742 (JSC::GenericArguments<Type>::put):
2743 (JSC::GenericArguments<Type>::deleteProperty):
2744 (JSC::GenericArguments<Type>::defineOwnProperty):
2745 * runtime/HasOwnPropertyCache.h:
2746 (JSC::HasOwnPropertyCache::get):
2747 * runtime/HashMapImpl.h:
2748 (JSC::concurrentJSMapHash):
2749 * runtime/Identifier.h:
2751 * runtime/JSArray.cpp:
2752 (JSC::JSArray::defineOwnProperty):
2753 * runtime/JSCJSValue.cpp:
2754 (JSC::JSValue::toNumberFromPrimitive):
2755 (JSC::JSValue::putToPrimitive):
2756 * runtime/JSCJSValue.h:
2757 * runtime/JSGenericTypedArrayView.h:
2758 (JSC::JSGenericTypedArrayView::toAdaptorNativeFromValueWithoutCoercion):
2759 * runtime/JSGenericTypedArrayViewConstructorInlines.h:
2760 (JSC::constructGenericTypedArrayViewWithArguments):
2761 (JSC::constructGenericTypedArrayView):
2762 * runtime/JSGenericTypedArrayViewInlines.h:
2763 (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
2764 (JSC::JSGenericTypedArrayView<Adaptor>::put):
2765 * runtime/JSModuleRecord.cpp:
2766 * runtime/JSModuleRecord.h:
2767 * runtime/JSObject.cpp:
2768 (JSC::JSObject::putDirectAccessor):
2769 (JSC::JSObject::deleteProperty):
2770 (JSC::JSObject::putDirectMayBeIndex):
2771 (JSC::JSObject::defineOwnProperty):
2772 * runtime/JSObject.h:
2773 (JSC::JSObject::getOwnPropertySlot):
2774 (JSC::JSObject::getPropertySlot):
2775 (JSC::JSObject::putOwnDataPropertyMayBeIndex):
2776 * runtime/JSObjectInlines.h:
2777 (JSC::JSObject::putInline):
2778 * runtime/JSString.cpp:
2779 (JSC::JSString::getStringPropertyDescriptor):
2780 * runtime/JSString.h:
2781 (JSC::JSString::getStringPropertySlot):
2782 * runtime/LiteralParser.cpp:
2783 (JSC::LiteralParser<CharType>::parse):
2784 * runtime/MathCommon.h:
2785 (JSC::safeReciprocalForDivByConst):
2786 * runtime/ObjectPrototype.cpp:
2787 (JSC::objectProtoFuncHasOwnProperty):
2788 * runtime/PropertyDescriptor.h:
2789 (JSC::toPropertyDescriptor):
2790 * runtime/PropertyName.h:
2792 * runtime/SamplingProfiler.cpp:
2793 (JSC::SamplingProfiler::processUnverifiedStackTraces):
2794 * runtime/StringObject.cpp:
2795 (JSC::StringObject::put):
2796 (JSC::isStringOwnProperty):
2797 (JSC::StringObject::deleteProperty):
2798 * runtime/ToNativeFromValue.h:
2799 (JSC::toNativeFromValueWithoutCoercion):
2800 * runtime/TypedArrayAdaptors.h:
2801 (JSC::IntegralTypedArrayAdaptor::toNativeFromInt32WithoutCoercion):
2802 (JSC::IntegralTypedArrayAdaptor::toNativeFromUint32WithoutCoercion):
2803 (JSC::IntegralTypedArrayAdaptor::toNativeFromDoubleWithoutCoercion):
2804 (JSC::FloatTypedArrayAdaptor::toNativeFromInt32WithoutCoercion):
2805 (JSC::FloatTypedArrayAdaptor::toNativeFromDoubleWithoutCoercion):
2806 (JSC::Uint8ClampedAdaptor::toNativeFromInt32WithoutCoercion):
2807 (JSC::Uint8ClampedAdaptor::toNativeFromDoubleWithoutCoercion):
2809 2016-11-26 Sam Weinig <sam@webkit.org>
2811 Convert IntersectionObserver over to using RuntimeEnabledFeatures so it can be properly excluded from script
2812 https://bugs.webkit.org/show_bug.cgi?id=164965
2814 Reviewed by Simon Fraser.
2816 * runtime/CommonIdentifiers.h:
2817 Add identifiers needed for RuntimeEnabledFeatures.
2819 2016-11-23 Zan Dobersek <zdobersek@igalia.com>
2821 Remove ENABLE_ASSEMBLER_WX_EXCLUSIVE code
2822 https://bugs.webkit.org/show_bug.cgi?id=165027
2824 Reviewed by Darin Adler.
2826 Remove the code guarded with ENABLE(ASSEMBLER_WX_EXCLUSIVE).
2827 No port enables this and the guarded code doesn't build at all,
2828 so it's safe to say it's abandoned.
2830 * jit/ExecutableAllocator.cpp:
2831 (JSC::ExecutableAllocator::initializeAllocator):
2832 (JSC::ExecutableAllocator::ExecutableAllocator):
2833 (JSC::ExecutableAllocator::reprotectRegion): Deleted.
2835 2016-11-18 Mark Lam <mark.lam@apple.com>
2837 Fix exception scope verification failures in JSC profiler files.
2838 https://bugs.webkit.org/show_bug.cgi?id=164971
2840 Reviewed by Saam Barati.
2842 * profiler/ProfilerBytecodeSequence.cpp:
2843 (JSC::Profiler::BytecodeSequence::addSequenceProperties):
2844 * profiler/ProfilerCompilation.cpp:
2845 (JSC::Profiler::Compilation::toJS):
2846 * profiler/ProfilerDatabase.cpp:
2847 (JSC::Profiler::Database::toJS):
2848 (JSC::Profiler::Database::toJSON):
2849 * profiler/ProfilerOSRExitSite.cpp:
2850 (JSC::Profiler::OSRExitSite::toJS):
2851 * profiler/ProfilerOriginStack.cpp:
2852 (JSC::Profiler::OriginStack::toJS):
2854 2016-11-22 Mark Lam <mark.lam@apple.com>
2856 Fix exception scope verification failures in JSONObject.cpp.
2857 https://bugs.webkit.org/show_bug.cgi?id=165025
2859 Reviewed by Saam Barati.
2861 * runtime/JSONObject.cpp:
2863 (JSC::Stringifier::Stringifier):
2864 (JSC::Stringifier::stringify):
2865 (JSC::Stringifier::toJSON):
2866 (JSC::Stringifier::appendStringifiedValue):
2867 (JSC::Stringifier::Holder::appendNextProperty):
2868 (JSC::Walker::walk):
2869 (JSC::JSONProtoFuncParse):
2870 (JSC::JSONProtoFuncStringify):
2871 (JSC::JSONStringify):
2873 2016-11-21 Mark Lam <mark.lam@apple.com>
2875 Removed an extra space character at the end of line.
2879 * runtime/JSCell.cpp:
2880 (JSC::JSCell::toNumber):
2882 2016-11-21 Mark Lam <mark.lam@apple.com>
2884 Fix exception scope verification failures in FunctionConstructor.cpp.
2885 https://bugs.webkit.org/show_bug.cgi?id=165011
2887 Reviewed by Saam Barati.
2889 * runtime/FunctionConstructor.cpp:
2890 (JSC::constructFunction):
2891 (JSC::constructFunctionSkippingEvalEnabledCheck):
2893 2016-11-21 Mark Lam <mark.lam@apple.com>
2895 Fix exception scope verification failures in GetterSetter.cpp.
2896 https://bugs.webkit.org/show_bug.cgi?id=165013
2898 Reviewed by Saam Barati.
2900 * runtime/GetterSetter.cpp:
2904 2016-11-21 Yusuke Suzuki <utatane.tea@gmail.com>
2906 Crash in com.apple.JavaScriptCore: WTF::ThreadSpecific<WTF::WTFThreadData, + 142
2907 https://bugs.webkit.org/show_bug.cgi?id=164898
2909 Reviewed by Darin Adler.
2911 The callsite object (JSArray) of tagged template literal is managed by WeakGCMap since
2912 same tagged template literal need to return an identical object.
2913 The problem is that we used TemplateRegistryKey as the key of the WeakGCMap. WeakGCMap
2914 can prune its entries in the collector thread. At that time, this TemplateRegistryKey
2915 is deallocated. Since it includes String (and then, StringImpl), we accidentally call
2916 ref(), deref() and StringImpl::destroy() in the different thread from the main thread
2917 while this TemplateRegistryKey is allocated in the main thread.
2919 Instead, we use TemplateRegistryKey* as the key of WeakGCMap. Then, to keep its liveness
2920 while the entry of the WeakGCMap is alive, the callsite object has the reference to
2921 the JSTemplateRegistryKey. And it holds Ref<TemplateRegistryKey>.
2923 And now we need to lookup WeakGCMap with TemplateRegistryKey*. To do so, we create
2924 interning system for TemplateRegistryKey. It is similar to AtomicStringTable and
2925 SymbolRegistry. TemplateRegistryKey is allocated from this table. This table atomize the
2926 TemplateRegistryKey. So we can use the pointer comparison between TemplateRegistryKey.
2927 It allows us to lookup the entry from WeakGCMap by TemplateRegistryKey*.
2930 * JavaScriptCore.xcodeproj/project.pbxproj:
2931 * builtins/BuiltinNames.h:
2932 * bytecompiler/BytecodeGenerator.cpp:
2933 (JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
2934 (JSC::BytecodeGenerator::emitGetTemplateObject):
2935 * bytecompiler/BytecodeGenerator.h:
2936 * runtime/JSGlobalObject.cpp:
2937 (JSC::getTemplateObject):
2938 * runtime/JSTemplateRegistryKey.cpp:
2939 (JSC::JSTemplateRegistryKey::JSTemplateRegistryKey):
2940 (JSC::JSTemplateRegistryKey::create):
2941 * runtime/JSTemplateRegistryKey.h:
2942 * runtime/TemplateRegistry.cpp:
2943 (JSC::TemplateRegistry::getTemplateObject):
2944 * runtime/TemplateRegistry.h:
2945 * runtime/TemplateRegistryKey.cpp: Copied from Source/JavaScriptCore/runtime/TemplateRegistry.h.
2946 (JSC::TemplateRegistryKey::~TemplateRegistryKey):
2947 * runtime/TemplateRegistryKey.h:
2948 (JSC::TemplateRegistryKey::calculateHash):
2949 (JSC::TemplateRegistryKey::create):
2950 (JSC::TemplateRegistryKey::TemplateRegistryKey):
2951 * runtime/TemplateRegistryKeyTable.cpp: Added.
2952 (JSC::TemplateRegistryKeyTranslator::hash):
2953 (JSC::TemplateRegistryKeyTranslator::equal):
2954 (JSC::TemplateRegistryKeyTranslator::translate):
2955 (JSC::TemplateRegistryKeyTable::~TemplateRegistryKeyTable):
2956 (JSC::TemplateRegistryKeyTable::createKey):
2957 (JSC::TemplateRegistryKeyTable::unregister):
2958 * runtime/TemplateRegistryKeyTable.h: Copied from Source/JavaScriptCore/runtime/JSTemplateRegistryKey.h.
2959 (JSC::TemplateRegistryKeyTable::KeyHash::hash):
2960 (JSC::TemplateRegistryKeyTable::KeyHash::equal):
2962 (JSC::VM::templateRegistryKeyTable):
2964 2016-11-21 Mark Lam <mark.lam@apple.com>
2966 Fix exception scope verification failures in runtime/Error* files.
2967 https://bugs.webkit.org/show_bug.cgi?id=164998
2969 Reviewed by Darin Adler.
2971 * runtime/ErrorConstructor.cpp:
2972 (JSC::Interpreter::constructWithErrorConstructor):
2973 * runtime/ErrorInstance.cpp:
2974 (JSC::ErrorInstance::create):
2975 * runtime/ErrorInstance.h:
2976 * runtime/ErrorPrototype.cpp:
2977 (JSC::errorProtoFuncToString):
2979 2016-11-21 Mark Lam <mark.lam@apple.com>
2981 Fix exception scope verification failures in *Executable.cpp files.
2982 https://bugs.webkit.org/show_bug.cgi?id=164996
2984 Reviewed by Darin Adler.
2986 * runtime/DirectEvalExecutable.cpp:
2987 (JSC::DirectEvalExecutable::create):
2988 * runtime/IndirectEvalExecutable.cpp:
2989 (JSC::IndirectEvalExecutable::create):
2990 * runtime/ProgramExecutable.cpp:
2991 (JSC::ProgramExecutable::initializeGlobalProperties):
2992 * runtime/ScriptExecutable.cpp:
2993 (JSC::ScriptExecutable::prepareForExecutionImpl):
2995 2016-11-20 Zan Dobersek <zdobersek@igalia.com>
2997 [EncryptedMedia] Make EME API runtime-enabled
2998 https://bugs.webkit.org/show_bug.cgi?id=164927
3000 Reviewed by Jer Noble.
3002 * runtime/CommonIdentifiers.h: Add the necessary identifiers.
3004 2016-11-20 Mark Lam <mark.lam@apple.com>
3006 Fix exception scope verification failures in ConstructData.cpp.
3007 https://bugs.webkit.org/show_bug.cgi?id=164976
3009 Reviewed by Darin Adler.
3011 * runtime/ConstructData.cpp:
3014 2016-11-20 Mark Lam <mark.lam@apple.com>
3016 Fix exception scope verification failures in CommonSlowPaths.cpp/h.
3017 https://bugs.webkit.org/show_bug.cgi?id=164975
3019 Reviewed by Darin Adler.
3021 * runtime/CommonSlowPaths.cpp:
3022 (JSC::SLOW_PATH_DECL):
3023 * runtime/CommonSlowPaths.h:
3024 (JSC::CommonSlowPaths::opIn):
3026 2016-11-20 Mark Lam <mark.lam@apple.com>
3028 Fix exception scope verification failures in DateConstructor.cpp and DatePrototype.cpp.
3029 https://bugs.webkit.org/show_bug.cgi?id=164995
3031 Reviewed by Darin Adler.
3033 * runtime/DateConstructor.cpp:
3034 (JSC::millisecondsFromComponents):
3035 (JSC::constructDate):
3036 * runtime/DatePrototype.cpp:
3037 (JSC::dateProtoFuncToPrimitiveSymbol):
3039 2016-11-20 Caitlin Potter <caitp@igalia.com>
3041 [JSC] speed up parsing of async functions
3042 https://bugs.webkit.org/show_bug.cgi?id=164808
3044 Reviewed by Yusuke Suzuki.
3046 Minor adjustments to Parser in order to mitigate slowdown with async
3047 function parsing enabled:
3049 - Tokenize "async" as a keyword
3050 - Perform less branching in various areas of the Parser
3052 * parser/Keywords.table:
3053 * parser/Parser.cpp:
3054 (JSC::Parser<LexerType>::parseStatementListItem):
3055 (JSC::Parser<LexerType>::parseStatement):
3056 (JSC::Parser<LexerType>::maybeParseAsyncFunctionDeclarationStatement):
3057 (JSC::Parser<LexerType>::parseClass):
3058 (JSC::Parser<LexerType>::parseExportDeclaration):
3059 (JSC::Parser<LexerType>::parseAssignmentExpression):
3060 (JSC::Parser<LexerType>::parseProperty):
3061 (JSC::Parser<LexerType>::createResolveAndUseVariable):
3062 (JSC::Parser<LexerType>::parsePrimaryExpression):
3063 (JSC::Parser<LexerType>::parseMemberExpression):
3064 (JSC::Parser<LexerType>::printUnexpectedTokenText):
3066 (JSC::isAnyContextualKeyword):
3067 (JSC::isIdentifierOrAnyContextualKeyword):
3068 (JSC::isSafeContextualKeyword):
3069 (JSC::Parser::matchSpecIdentifier):
3070 * parser/ParserTokens.h:
3071 * runtime/CommonIdentifiers.h:
3073 2016-11-19 Mark Lam <mark.lam@apple.com>
3075 Add --timeoutMultiplier option to allow some tests more time to run.
3076 https://bugs.webkit.org/show_bug.cgi?id=164951
3078 Reviewed by Yusuke Suzuki.
3081 (timeoutThreadMain):
3082 - Modified to factor in a timeout multiplier that can adjust the timeout duration.
3083 (startTimeoutThreadIfNeeded):
3084 - Moved the code that starts the timeout thread here from main() so that we can
3085 call it after command line args have been parsed instead.
3087 - Deleted old timeout thread starting code.
3088 (CommandLine::parseArguments):
3089 - Added parsing of the --timeoutMultiplier option.
3091 - Start the timeout thread if needed after we've parsed the command line args.
3093 2016-11-19 Mark Lam <mark.lam@apple.com>
3095 Fix missing exception checks in JSC inspector files.
3096 https://bugs.webkit.org/show_bug.cgi?id=164959
3098 Reviewed by Saam Barati.
3100 * inspector/JSInjectedScriptHost.cpp:
3101 (Inspector::JSInjectedScriptHost::getInternalProperties):
3102 (Inspector::JSInjectedScriptHost::weakMapEntries):
3103 (Inspector::JSInjectedScriptHost::weakSetEntries):
3104 (Inspector::JSInjectedScriptHost::iteratorEntries):
3105 * inspector/JSJavaScriptCallFrame.cpp:
3106 (Inspector::JSJavaScriptCallFrame::scopeDescriptions):
3108 2016-11-18 Mark Lam <mark.lam@apple.com>
3110 Fix missing exception checks in DFGOperations.cpp.
3111 https://bugs.webkit.org/show_bug.cgi?id=164958
3113 Reviewed by Geoffrey Garen.
3115 * dfg/DFGOperations.cpp:
3117 2016-11-18 Mark Lam <mark.lam@apple.com>
3119 Fix exception scope verification failures in ShadowChicken.cpp.
3120 https://bugs.webkit.org/show_bug.cgi?id=164966
3122 Reviewed by Saam Barati.
3124 * interpreter/ShadowChicken.cpp:
3125 (JSC::ShadowChicken::functionsOnStack):
3127 2016-11-18 Jeremy Jones <jeremyj@apple.com>
3129 Add runtime flag to enable pointer lock. Enable pointer lock feature for mac.
3130 https://bugs.webkit.org/show_bug.cgi?id=163801
3132 Reviewed by Simon Fraser.
3134 * Configurations/FeatureDefines.xcconfig:
3136 2016-11-18 Filip Pizlo <fpizlo@apple.com>
3138 Unreviewed, fix cloop.
3140 * bytecode/CodeBlock.cpp:
3141 (JSC::CodeBlock::stronglyVisitStrongReferences):
3143 2016-11-18 Filip Pizlo <fpizlo@apple.com>
3145 Concurrent GC should be able to run splay in debug mode and earley/raytrace in release mode with no perf regression
3146 https://bugs.webkit.org/show_bug.cgi?id=164282
3148 Reviewed by Geoffrey Garen and Oliver Hunt.
3150 The two three remaining bugs were:
3152 - Improper ordering inside putDirectWithoutTransition() and friends. We need to make sure
3153 that the GC doesn't see the store to Structure::m_offset until we've resized the butterfly.
3154 That proved a bit tricky. On the other hand, this means that we could probably remove the
3155 requirement that the GC holds the Structure lock in some cases. I haven't removed that lock
3156 yet because I still think it might protect some weird cases, and it doesn't seem to cost us
3159 - CodeBlock's GC strategy needed to be made thread-safe (visitWeakly, visitChildren, and
3160 their friends now hold locks) and incremental-safe (we need to update predictions in the
3161 finalizer to make sure we clear anything that was put into a value profile towards the end
3164 - The GC timeslicing scheduler needed to be made a bit more aggressive to deal with
3165 generational workloads like earley, raytrace, and CDjs. Once I got those benchmarks to run,
3166 I found that they would do many useless iterations of GC because they wouldn't pause long
3167 enough after rescanning weak references and roots. I added a bunch of knobs for forcing a
3168 pause. In the end, I realized that I could get the desired effect by putting a ceiling on
3169 mutator utilization. We want the GC to finish quickly if it is possible to do so, even if
3170 the amount of allocation that the mutator had done is low. Having a utilization ceiling
3171 seems to accomplish this for benchmarks with trivial heaps (earley and raytrace) as well as
3172 huge heaps (like CDjs in its "large" configuration).
3174 This preserves splay performance, makes the concurrent GC more stable, and makes the
3175 concurrent GC not a perf regression on earley or raytrace. It seems to give us great CDjs
3176 performance as well, but this is still hard to tell because we crash a lot in that benchmark.
3178 * bytecode/CodeBlock.cpp:
3179 (JSC::CodeBlock::CodeBlock):
3180 (JSC::CodeBlock::visitWeakly):
3181 (JSC::CodeBlock::visitChildren):
3182 (JSC::CodeBlock::shouldVisitStrongly):
3183 (JSC::CodeBlock::shouldJettisonDueToOldAge):
3184 (JSC::CodeBlock::propagateTransitions):
3185 (JSC::CodeBlock::determineLiveness):
3186 (JSC::CodeBlock::WeakReferenceHarvester::visitWeakReferences):
3187 (JSC::CodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
3188 (JSC::CodeBlock::visitOSRExitTargets):
3189 (JSC::CodeBlock::stronglyVisitStrongReferences):
3190 (JSC::CodeBlock::stronglyVisitWeakReferences):
3191 * bytecode/CodeBlock.h:
3192 (JSC::CodeBlock::clearVisitWeaklyHasBeenCalled):
3193 * heap/CodeBlockSet.cpp:
3194 (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
3196 (JSC::Heap::ResumeTheWorldScope::ResumeTheWorldScope):
3197 (JSC::Heap::markToFixpoint):
3198 (JSC::Heap::beginMarking):
3199 (JSC::Heap::addToRememberedSet):
3200 (JSC::Heap::collectInThread):
3202 * heap/HeapInlines.h:
3203 (JSC::Heap::mutatorFence):
3204 * heap/MarkedBlock.cpp:
3205 * runtime/JSCellInlines.h:
3206 (JSC::JSCell::finishCreation):
3207 * runtime/JSObjectInlines.h:
3208 (JSC::JSObject::putDirectWithoutTransition):
3209 (JSC::JSObject::putDirectInternal):
3210 * runtime/Options.h:
3211 * runtime/Structure.cpp:
3212 (JSC::Structure::add):
3213 * runtime/Structure.h:
3214 * runtime/StructureInlines.h:
3215 (JSC::Structure::add):
3217 2016-11-18 Joseph Pecoraro <pecoraro@apple.com>
3219 Web Inspector: Generator functions should have a displayable name when shown in stack traces
3220 https://bugs.webkit.org/show_bug.cgi?id=164844
3221 <rdar://problem/29300697>
3223 Reviewed by Yusuke Suzuki.
3225 * parser/SyntaxChecker.h:
3226 (JSC::SyntaxChecker::createGeneratorFunctionBody):
3227 * parser/ASTBuilder.h:
3228 (JSC::ASTBuilder::createGeneratorFunctionBody):
3229 New way to create a generator function with an inferred name.
3231 * parser/Parser.cpp:
3232 (JSC::Parser<LexerType>::parseInner):
3233 (JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
3235 Pass on the name of the generator wrapper function so we can
3236 use it on the inner generator function.
3238 2016-11-17 Ryosuke Niwa <rniwa@webkit.org>
3240 Add an experimental API to find elements across shadow boundaries
3241 https://bugs.webkit.org/show_bug.cgi?id=164851
3242 <rdar://problem/28220092>
3244 Reviewed by Sam Weinig.
3246 * runtime/CommonIdentifiers.h:
3248 2016-11-17 Yusuke Suzuki <utatane.tea@gmail.com>
3250 [JSC] Drop arguments.caller
3251 https://bugs.webkit.org/show_bug.cgi?id=164859
3253 Reviewed by Saam Barati.
3255 Originally, some JavaScript engine has `arguments.caller` property.
3256 But it easily causes some information leaks and it becomes obstacles
3257 for secure ECMAScript (SES). In ES5, we make it deprecated in strict
3258 mode. To do so, we explicitly set "caller" getter throwing TypeError
3259 to arguments in strict mode.
3261 But now, there is no modern engine which supports `arguments.caller`
3262 in sloppy mode. So the original compatibility problem is gone and
3263 "caller" getter in the strict mode arguments becomes meaningless.
3265 ES2017 drops this from the spec. In this patch, we also drop this
3266 `arguments.caller` in strict mode support.
3268 Note that Function#caller is still alive.
3270 * runtime/ClonedArguments.cpp:
3271 (JSC::ClonedArguments::getOwnPropertySlot):
3272 (JSC::ClonedArguments::put):
3273 (JSC::ClonedArguments::deleteProperty):
3274 (JSC::ClonedArguments::defineOwnProperty):
3275 (JSC::ClonedArguments::materializeSpecials):
3277 2016-11-17 Mark Lam <mark.lam@apple.com>
3279 Inlining should be disallowed when JSC_alwaysUseShadowChicken=true.
3280 https://bugs.webkit.org/show_bug.cgi?id=164893
3281 <rdar://problem/29146436>
3283 Reviewed by Saam Barati.
3285 * runtime/Options.cpp:
3286 (JSC::recomputeDependentOptions):
3288 2016-11-17 Filip Pizlo <fpizlo@apple.com>
3290 Speculatively disable eager object zero-fill on not-x86 to let the bots decide if that's a problem
3291 https://bugs.webkit.org/show_bug.cgi?id=164885
3293 Reviewed by Mark Lam.
3295 This adds a useGCFences() function that we use to guard all eager object zero-fill and the
3296 related fences. It currently returns true only on x86().
3298 The goal here is to get the bots to tell us if this code is responsible for perf issues on
3299 any non-x86 platforms. We have a few different paths that we can pursue if this turns out
3300 to be the case. Eager zero-fill is merely the easiest way to optimize out some fences, but
3301 we could get rid of it and instead teach B3 how to think about fences.
3305 * bytecode/PolymorphicAccess.cpp:
3306 (JSC::AccessCase::generateImpl):
3307 * dfg/DFGSpeculativeJIT.cpp:
3308 (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
3309 (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
3310 * ftl/FTLLowerDFGToB3.cpp:
3311 (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
3312 (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
3313 (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
3314 (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
3315 (JSC::FTL::DFG::LowerDFGToB3::mutatorFence):
3316 (JSC::FTL::DFG::LowerDFGToB3::setButterfly):
3317 * jit/AssemblyHelpers.h:
3318 (JSC::AssemblyHelpers::mutatorFence):
3319 (JSC::AssemblyHelpers::storeButterfly):
3320 (JSC::AssemblyHelpers::emitInitializeInlineStorage):
3321 (JSC::AssemblyHelpers::emitInitializeOutOfLineStorage):
3323 2016-11-17 Keith Miller <keith_miller@apple.com>
3326 https://bugs.webkit.org/show_bug.cgi?id=164871
3328 Reviewed by Filip Pizlo.
3330 Add rotate left and rotate right to Wasm. These directly map to B3 opcodes.
3331 This also moves arm specific transformations of rotate left to lower macros
3332 after optimization. It's a bad idea to have platform specific canonicalizations
3333 in reduce strength since other optimizations may not be aware of it.
3335 Add a bug to do pure CSE after lower macros after optimization since we want to
3336 clean up RotL(value, Neg(Neg(shift))).
3338 * b3/B3Generate.cpp:
3339 (JSC::B3::generateToAir):
3340 * b3/B3LowerMacrosAfterOptimizations.cpp:
3341 * b3/B3ReduceStrength.cpp:
3344 2016-11-17 Keith Miller <keith_miller@apple.com>
3347 https://bugs.webkit.org/show_bug.cgi?id=164877
3349 Reviewed by Mark Lam.
3351 B3 already has a Sqrt opcode we just need to map Wasm to it.
3355 2016-11-17 Keith Miller <keith_miller@apple.com>
3357 Add support for rotate in B3 and the relevant assemblers
3358 https://bugs.webkit.org/show_bug.cgi?id=164869
3360 Reviewed by Geoffrey Garen.
3362 This patch runs RotR and RotL (rotate right and left respectively)
3363 through B3 and B3's assemblers. One thing of note is that ARM64 does
3364 not support rotate left instead it allows negative right rotations.
3366 This patch also fixes a theoretical bug in the assembler where
3367 on X86 doing someShiftOp(reg, edx) would instead shift the shift
3368 amount by the value. Additionally, this patch refactors some
3369 of the X86 assembler to use templates when deciding how to format
3370 the appropriate shift instruction.
3372 * assembler/MacroAssemblerARM64.h:
3373 (JSC::MacroAssemblerARM64::rotateRight32):
3374 (JSC::MacroAssemblerARM64::rotateRight64):
3375 * assembler/MacroAssemblerX86Common.h:
3376 (JSC::MacroAssemblerX86Common::rotateRight32):
3377 (JSC::MacroAssemblerX86Common::rotateLeft32):
3378 * assembler/MacroAssemblerX86_64.h:
3379 (JSC::MacroAssemblerX86_64::lshift64):
3380 (JSC::MacroAssemblerX86_64::rshift64):
3381 (JSC::MacroAssemblerX86_64::urshift64):
3382 (JSC::MacroAssemblerX86_64::rotateRight64):
3383 (JSC::MacroAssemblerX86_64::rotateLeft64):
3384 (JSC::MacroAssemblerX86_64::or64):
3385 * assembler/X86Assembler.h:
3386 (JSC::X86Assembler::xorq_rm):
3387 (JSC::X86Assembler::shiftInstruction32):
3388 (JSC::X86Assembler::sarl_i8r):
3389 (JSC::X86Assembler::shrl_i8r):
3390 (JSC::X86Assembler::shll_i8r):
3391 (JSC::X86Assembler::rorl_i8r):
3392 (JSC::X86Assembler::rorl_CLr):
3393 (JSC::X86Assembler::roll_i8r):
3394 (JSC::X86Assembler::roll_CLr):
3395 (JSC::X86Assembler::shiftInstruction64):
3396 (JSC::X86Assembler::sarq_CLr):
3397 (JSC::X86Assembler::sarq_i8r):
3398 (JSC::X86Assembler::shrq_i8r):
3399 (JSC::X86Assembler::shlq_i8r):
3400 (JSC::X86Assembler::rorq_i8r):
3401 (JSC::X86Assembler::rorq_CLr):
3402 (JSC::X86Assembler::rolq_i8r):
3403 (JSC::X86Assembler::rolq_CLr):
3405 (JSC::B3::rotateRight):
3406 (JSC::B3::rotateLeft):
3407 * b3/B3Const32Value.cpp:
3408 (JSC::B3::Const32Value::rotRConstant):
3409 (JSC::B3::Const32Value::rotLConstant):
3410 * b3/B3Const32Value.h:
3411 * b3/B3Const64Value.cpp:
3412 (JSC::B3::Const64Value::rotRConstant):
3413 (JSC::B3::Const64Value::rotLConstant):
3414 * b3/B3Const64Value.h:
3415 * b3/B3LowerToAir.cpp:
3416 (JSC::B3::Air::LowerToAir::lower):
3418 (WTF::printInternal):
git://git.webkit.org / WebKit-https.git / blob