88097719819bcfaefe85fe48b72f36cc09615ca0
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-12-04  Caio Lima  <ticaiolima@gmail.com>
2
3         [ESNext][BigInt] Support logic operations
4         https://bugs.webkit.org/show_bug.cgi?id=179903
5
6         Reviewed by Yusuke Suzuki.
7
8         We are introducing in this patch the ToBoolean support for JSBigInt.
9         With this change, we can implement the correct behavior of BigInt as
10         operand of logical opertions. During JIT genertion into DFG and FTL,
11         we are using JSBigInt::m_length to verify if the number is 0n or not,
12         following the same approach used by JSString. This is also safe in the case
13         of BigInt, because only 0n has m_length == 0.
14
15         We are not including BigInt speculation into Branch nodes in this
16         patch, but the plan is to implement it in further patches.
17
18         * ftl/FTLAbstractHeapRepository.h:
19         * ftl/FTLLowerDFGToB3.cpp:
20         (JSC::FTL::DFG::LowerDFGToB3::boolify):
21         (JSC::FTL::DFG::LowerDFGToB3::isBigInt):
22         * jit/AssemblyHelpers.cpp:
23         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
24         (JSC::AssemblyHelpers::branchIfValue):
25         * runtime/JSBigInt.cpp:
26         (JSC::JSBigInt::isZero const):
27         (JSC::JSBigInt::offsetOfLength):
28         (JSC::JSBigInt::toBoolean const):
29         (JSC::JSBigInt::isZero): Deleted.
30         * runtime/JSBigInt.h:
31         * runtime/JSCellInlines.h:
32         (JSC::JSCell::toBoolean const):
33         (JSC::JSCell::pureToBoolean const):
34
35 2018-12-04  Devin Rousso  <drousso@apple.com>
36
37         Web Inspector: Audit: tests should support async operations
38         https://bugs.webkit.org/show_bug.cgi?id=192171
39         <rdar://problem/46423562>
40
41         Reviewed by Joseph Pecoraro.
42
43         Add `awaitPromise` command for executing a callback when a Promise gets settled.
44
45         Drive-by: allow `wasThrown` to be optional, instead of expecting it to always have a value.
46
47         * inspector/protocol/Runtime.json:
48
49         * inspector/InjectedScriptSource.js:
50         (InjectedScript.prototype.awaitPromise): Added.
51
52         * inspector/InjectedScript.h:
53         * inspector/InjectedScript.cpp:
54         (Inspector::InjectedScript::evaluate):
55         (Inspector::InjectedScript::awaitPromise): Added.
56         (Inspector::InjectedScript::callFunctionOn):
57         (Inspector::InjectedScript::evaluateOnCallFrame):
58
59         * inspector/InjectedScriptBase.h:
60         * inspector/InjectedScriptBase.cpp:
61         (Inspector::InjectedScriptBase::makeEvalCall):
62         (Inspector::InjectedScriptBase::makeAsyncCall): Added.
63         (Inspector::InjcetedScriptBase::checkCallResult): Added.
64         (Inspector::InjcetedScriptBase::checkAsyncCallResult): Added.
65
66         * inspector/agents/InspectorRuntimeAgent.h:
67         * inspector/agents/InspectorRuntimeAgent.cpp:
68         (Inspector::InspectorRuntimeAgent::evaluate):
69         (Inspector::InspectorRuntimeAgent::awaitPromise):
70         (Inspector::InspectorRuntimeAgent::callFunctionOn):
71
72         * inspector/agents/InspectorDebuggerAgent.cpp:
73         (Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):
74
75 2018-12-03  Ryan Haddad  <ryanhaddad@apple.com>
76
77         Unreviewed, rolling out r238833.
78
79         Breaks macOS and iOS debug builds.
80
81         Reverted changeset:
82
83         "[ESNext][BigInt] Support logic operations"
84         https://bugs.webkit.org/show_bug.cgi?id=179903
85         https://trac.webkit.org/changeset/238833
86
87 2018-12-03  Caio Lima  <ticaiolima@gmail.com>
88
89         [ESNext][BigInt] Support logic operations
90         https://bugs.webkit.org/show_bug.cgi?id=179903
91
92         Reviewed by Yusuke Suzuki.
93
94         We are introducing in this patch the ToBoolean support for JSBigInt.
95         With this change, we can implement the correct behavior of BigInt as
96         operand of logical opertions. During JIT genertion into DFG and FTL,
97         we are using JSBigInt::m_length to verify if the number is 0n or not,
98         following the same approach used by JSString. This is also safe in the case
99         of BigInt, because only 0n has m_length == 0.
100
101         We are not including BigInt speculation into Branch nodes in this
102         patch, but the plan is to implement it in further patches.
103
104         * ftl/FTLAbstractHeapRepository.h:
105         * ftl/FTLLowerDFGToB3.cpp:
106         (JSC::FTL::DFG::LowerDFGToB3::boolify):
107         (JSC::FTL::DFG::LowerDFGToB3::isBigInt):
108         * jit/AssemblyHelpers.cpp:
109         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
110         (JSC::AssemblyHelpers::branchIfValue):
111         * runtime/JSBigInt.cpp:
112         (JSC::JSBigInt::isZero const):
113         (JSC::JSBigInt::offsetOfLength):
114         (JSC::JSBigInt::toBoolean const):
115         (JSC::JSBigInt::isZero): Deleted.
116         * runtime/JSBigInt.h:
117         * runtime/JSCellInlines.h:
118         (JSC::JSCell::toBoolean const):
119         (JSC::JSCell::pureToBoolean const):
120
121 2018-12-03  Keith Rollin  <krollin@apple.com>
122
123         Add .xcfilelist files
124         https://bugs.webkit.org/show_bug.cgi?id=192082
125         <rdar://problem/46312533>
126
127         Reviewed by Brent Fulgham.
128
129         Add .xcfilelist files for Generate Derived Sources and Generate
130         Unified Sources build phases in Xcode. These are just being staged for
131         now; they'll be added to the Xcode projects later.
132
133         * DerivedSources-input.xcfilelist: Added.
134         * DerivedSources-output.xcfilelist: Added.
135         * UnifiedSources-input.xcfilelist: Added.
136         * UnifiedSources-output.xcfilelist: Added.
137
138 2018-12-03  Mark Lam  <mark.lam@apple.com>
139
140         Fix the bytecode code generator scripts to pretty print BytecodeStructs.h and BytecodeIndices.h.
141         https://bugs.webkit.org/show_bug.cgi?id=192271
142
143         Reviewed by Keith Miller.
144
145         This makes the generated code style compliant and human readable.
146
147         * generator/Argument.rb:
148         * generator/DSL.rb:
149         * generator/Fits.rb:
150         * generator/Metadata.rb:
151         * generator/Opcode.rb:
152
153 2018-12-02  Zalan Bujtas  <zalan@apple.com>
154
155         Add a runtime feature flag for LayoutFormattingContext.
156         https://bugs.webkit.org/show_bug.cgi?id=192280
157
158         Reviewed by Simon Fraser.
159
160         * Configurations/FeatureDefines.xcconfig:
161
162 2018-12-02  Caio Lima  <ticaiolima@gmail.com>
163
164         [ESNext][BigInt] Implement support for "<<" and ">>"
165         https://bugs.webkit.org/show_bug.cgi?id=186233
166
167         Reviewed by Yusuke Suzuki.
168
169         This patch is introducing the support for BigInt into lshift and
170         rshift into LLint and Baseline layers.
171
172         * runtime/CommonSlowPaths.cpp:
173         (JSC::SLOW_PATH_DECL):
174         * runtime/JSBigInt.cpp:
175         (JSC::JSBigInt::createWithLength):
176         (JSC::JSBigInt::leftShift):
177         (JSC::JSBigInt::signedRightShift):
178         (JSC::JSBigInt::leftShiftByAbsolute):
179         (JSC::JSBigInt::rightShiftByAbsolute):
180         (JSC::JSBigInt::rightShiftByMaximum):
181         (JSC::JSBigInt::toShiftAmount):
182         * runtime/JSBigInt.h:
183
184 2018-12-01  Simon Fraser  <simon.fraser@apple.com>
185
186         Heap.h refers to the non-existent HeapStatistics
187         https://bugs.webkit.org/show_bug.cgi?id=187882
188
189         Reviewed by Keith Miller.
190         
191         Just remove the "friend class HeapStatistics".
192
193         * heap/Heap.h:
194
195 2018-11-29  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
196
197         [JSC] Keep TypeMaybeBigInt small
198         https://bugs.webkit.org/show_bug.cgi?id=192203
199
200         Reviewed by Saam Barati.
201
202         As BigInt is being implemented, more and more bytecodes start returning BigInt.
203         It means that ResultType of these bytecodes include TypeMaybeBigInt. However,
204         TypeMaybeBigInt was large number 0x20, leading to wide instruction since ResultType
205         easily becomes larger than 32 (e.g. TypeInt32 | TypeMaybeBigInt == 33).
206
207         This patch sorts the numbers of TypeMaybeXXX based on the frequency of appearance in
208         the code.
209
210         * parser/ResultType.h:
211
212 2018-11-30  Dean Jackson  <dino@apple.com>
213
214         Try to fix Windows build by using strcmp instead of strcasecmp.
215
216         * jsc.cpp:
217         (isMJSFile):
218
219 2018-11-30  Mark Lam  <mark.lam@apple.com>
220
221         Fix the bytecode code generator scripts to pretty print Bytecodes.h.
222         https://bugs.webkit.org/show_bug.cgi?id=192258
223
224         Reviewed by Keith Miller.
225
226         This makes Bytecodes.h more human readable.
227
228         * generator/DSL.rb:
229         * generator/Section.rb:
230
231 2018-11-30  Mark Lam  <mark.lam@apple.com>
232
233         Add the generator directory to the Xcode project.
234         https://bugs.webkit.org/show_bug.cgi?id=192252
235
236         Reviewed by Michael Saboff.
237
238         This is so that we can work with these bytecode class generator files easily in Xcode.
239
240         * JavaScriptCore.xcodeproj/project.pbxproj:
241
242 2018-11-30  Don Olmstead  <don.olmstead@sony.com>
243
244         Rename ENABLE_SUBTLE_CRYPTO to ENABLE_WEB_CRYPTO
245         https://bugs.webkit.org/show_bug.cgi?id=192197
246
247         Reviewed by Jiewen Tan.
248
249         * Configurations/FeatureDefines.xcconfig:
250
251 2018-11-30  Dean Jackson  <dino@apple.com>
252
253         Add first-class support for .mjs files in jsc binary
254         https://bugs.webkit.org/show_bug.cgi?id=192190
255         <rdar://problem/46375715>
256
257         Reviewed by Keith Miller.
258
259         Treat files with a .mjs extension as a module, regardless
260         of whether or not the --module-file argument was given.
261
262         * jsc.cpp:
263         (printUsageStatement): Update usage.
264         (isMJSFile): Helper to look for .mjs extensions.
265         (CommandLine::parseArguments): Pick the appropriate script type.
266
267 2018-11-30  Caio Lima  <ticaiolima@gmail.com>
268
269         [BigInt] Implement ValueBitXor into DFG
270         https://bugs.webkit.org/show_bug.cgi?id=190264
271
272         Reviewed by Yusuke Suzuki.
273
274         This patch is splitting the BitXor node into ArithBitXor and
275         ValueBitXor. This is necessary due the introduction of
276         BigInt, since BitXor operations now can result into Int32 or BigInt.
277         In such case, we use ArithBitXor when operands are Int and fallback to
278         ValueBitXor when operands are anything else. In the case of
279         ValueBitXor, we speculate BigInt when op1 and op2 are predicted as
280         BigInt as well. BigInt specialization consist into call
281         `operationBigIntBitXor` function, that calls JSBigInt::bitXor.
282
283         * bytecode/BytecodeList.rb:
284         * bytecode/CodeBlock.cpp:
285         (JSC::CodeBlock::finishCreation):
286         (JSC::CodeBlock::arithProfileForPC):
287         * bytecode/Opcode.h:
288         (JSC::padOpcodeName):
289         * bytecompiler/BytecodeGenerator.h:
290         * dfg/DFGAbstractInterpreterInlines.h:
291         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
292         * dfg/DFGBackwardsPropagationPhase.cpp:
293         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
294         (JSC::DFG::BackwardsPropagationPhase::propagate):
295         * dfg/DFGByteCodeParser.cpp:
296         (JSC::DFG::ByteCodeParser::parseBlock):
297         * dfg/DFGClobberize.h:
298         (JSC::DFG::clobberize):
299         * dfg/DFGDoesGC.cpp:
300         (JSC::DFG::doesGC):
301         * dfg/DFGFixupPhase.cpp:
302         (JSC::DFG::FixupPhase::fixupNode):
303         * dfg/DFGNodeType.h:
304         * dfg/DFGOperations.cpp:
305         * dfg/DFGOperations.h:
306         * dfg/DFGPredictionPropagationPhase.cpp:
307         * dfg/DFGSafeToExecute.h:
308         (JSC::DFG::safeToExecute):
309         * dfg/DFGSpeculativeJIT.cpp:
310         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
311         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
312         * dfg/DFGSpeculativeJIT.h:
313         (JSC::DFG::SpeculativeJIT::bitOp):
314         * dfg/DFGSpeculativeJIT32_64.cpp:
315         (JSC::DFG::SpeculativeJIT::compile):
316         * dfg/DFGSpeculativeJIT64.cpp:
317         (JSC::DFG::SpeculativeJIT::compile):
318         * dfg/DFGStrengthReductionPhase.cpp:
319         (JSC::DFG::StrengthReductionPhase::handleNode):
320         * ftl/FTLCapabilities.cpp:
321         (JSC::FTL::canCompile):
322         * ftl/FTLLowerDFGToB3.cpp:
323         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
324         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitXor):
325         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitXor):
326         (JSC::FTL::DFG::LowerDFGToB3::compileBitXor): Deleted.
327         * jit/JITArithmetic.cpp:
328         (JSC::JIT::emit_op_bitxor):
329         * llint/LowLevelInterpreter32_64.asm:
330         * llint/LowLevelInterpreter64.asm:
331         * runtime/CommonSlowPaths.cpp:
332         (JSC::SLOW_PATH_DECL):
333
334 2018-11-29  Justin Michaud  <justin_michaud@apple.com>
335
336         CSS Painting API should pass 'this' correctly to paint callback, and repaint when properties change.
337         https://bugs.webkit.org/show_bug.cgi?id=191443
338
339         Reviewed by Dean Jackson.
340
341         Export the simpler construct() method for use in WebCore.
342
343         * runtime/ConstructData.h:
344
345 2018-11-28  Mark Lam  <mark.lam@apple.com>
346
347         ENABLE_SEPARATED_WX_HEAP needs to be defined in Platform.h.
348         https://bugs.webkit.org/show_bug.cgi?id=192110
349         <rdar://problem/46317746>
350
351         Reviewed by Saam Barati.
352
353         * config.h:
354
355 2018-11-28  Keith Rollin  <krollin@apple.com>
356
357         Update generate-{derived,unified}-sources scripts to support generating .xcfilelist files
358         https://bugs.webkit.org/show_bug.cgi?id=192031
359         <rdar://problem/46286816>
360
361         Reviewed by Alex Christensen.
362
363         The Generate Derived Sources and Generate Unified Sources build phases
364         in Xcode need to have their inputs and outputs specified. This
365         specification will come in the form of .xcfilelist files that will be
366         attached to these build phases. There is one .xcfilelist file that
367         lists the input file and one that lists the output files. As part of
368         this work, the various generate-{derived,unified}-sources scripts that
369         are executed in these Generate build phases are modified to help in
370         the creation of these .xcfilelist files. In particular, they can now
371         be invoked with command-line parameters. These parameters are then
372         used to alter the normal execution of these scripts, causing them to
373         produce the .xcfilelist files as opposed to actually generating the
374         files that are listed in those files.
375
376         * Scripts/generate-derived-sources.sh:
377         * Scripts/generate-unified-sources.sh:
378
379 2018-11-28  Keith Rollin  <krollin@apple.com>
380
381         Revert print_all_generated_files work in r238008; tighten up target specifications
382         https://bugs.webkit.org/show_bug.cgi?id=192025
383         <rdar://problem/46284301>
384
385         Reviewed by Alex Christensen.
386
387         In r238008, I added a facility for DerivedSources.make makefiles to
388         print out the list of files that they generate. This output was used
389         in the generation of .xcfilelist files used to specify the output of
390         the associated Generate Derived Sources build phases in Xcode. This
391         approach worked, but it meant that people would need to follow a
392         specific convention to keep this mechanism working.
393
394         Instead of continuing this approach, I'm going to implement a new
395         facility based on the output of `make` when passed the -d flag (which
396         prints dependency information). This new mechanism is completely
397         automatic and doesn't need maintainers to follow a convention. To that
398         end, remove most of the work performed in r238008 that supports the
399         print_all_generated_files target.
400
401         At the same time, it's important for the sets of targets and their
402         dependencies to be complete and correct. Therefore, also include
403         changes to bring those up-to-date. As part of that, you'll see
404         prevalent use of a particular technique. Here's an example:
405
406             BYTECODE_FILES = \
407                 Bytecodes.h \
408                 BytecodeIndices.h \
409                 BytecodeStructs.h \
410                 InitBytecodes.asm \
411             #
412             BYTECODE_FILES_PATTERNS = $(subst .,%,$(BYTECODE_FILES))
413
414             all : $(BYTECODE_FILES)
415
416             $(BYTECODE_FILES_PATTERNS): $(wildcard $(JavaScriptCore)/generator/*.rb) $(JavaScriptCore)/bytecode/BytecodeList.rb
417                 ...
418
419         These lines indicate a set of generated files (those specified in
420         BYTECODE_FILES). These files are generated by the BytecodeList.rb
421         tool. But, as opposed to the normal rule where a single foo.output is
422         generated by foo.input plus some additional dependencies, this rule
423         produces multiple output files from a tool whose connection to the
424         output files is not immediately clear. A special approach is needed
425         where a single rule produces multiple output files. The normal way to
426         implement this is to use an .INTERMEDIATE target. However, we used
427         this approach in the past and ran into a problem with it, addressing
428         it with an alternate approach in r210507. The above example shows this
429         approach. The .'s in the list of target files are replaced with %'s,
430         and the result is used as the left side of the dependency rule.
431
432         * DerivedSources.make:
433
434 2018-11-28  Keith Rollin  <krollin@apple.com>
435
436         Remove Postprocess Headers dependencies
437         https://bugs.webkit.org/show_bug.cgi?id=192023
438         <rdar://problem/46283377>
439
440         Reviewed by Mark Lam.
441
442         JavaScriptCore's Xcode Postprocess Headers build phase used to have a
443         dependency on a specific handful of files. In r234227, the script used
444         in this phase (postprocess-headers.sh) was completely rewritten to
445         operate on *all* files in JSC's Public and Private headers directories
446         instead of just this handful. This rewrite makes the previous
447         dependency specification insufficient, leading to incorrect
448         incremental builds if the right files weren't touched. Address this by
449         removing the dependencies completely. This will cause
450         postprocess-headers.sh to always be executed, even when none of its
451         files are touch. Running this script all the time is OK, since it has
452         built-in protections against unnecessarily touching files that haven't
453         changed.
454
455         * JavaScriptCore.xcodeproj/project.pbxproj:
456
457 2018-11-27  Mark Lam  <mark.lam@apple.com>
458
459         ENABLE_FAST_JIT_PERMISSIONS should be false for iosmac.
460         https://bugs.webkit.org/show_bug.cgi?id=192055
461         <rdar://problem/46288783>
462
463         Reviewed by Saam Barati.
464
465         * Configurations/FeatureDefines.xcconfig:
466
467 2018-11-27  Saam barati  <sbarati@apple.com>
468
469         r238510 broke scopes of size zero
470         https://bugs.webkit.org/show_bug.cgi?id=192033
471         <rdar://problem/46281734>
472
473         Reviewed by Keith Miller.
474
475         In r238510, I wrote the loop like this: 
476         `for (ScopeOffset offset { 0 }; offset <= symbolTable->maxScopeOffset(); offset += 1)`
477         
478         This breaks for scopes of size zero because maxScopeOffset() will be UINT_MAX.
479         
480         This patch fixes this by writing the loop as:
481         `for (unsigned offset = 0; offset < symbolTable->scopeSize(); ++offset)`
482
483         * dfg/DFGObjectAllocationSinkingPhase.cpp:
484
485 2018-11-27  Mark Lam  <mark.lam@apple.com>
486
487         ASSERTION FAILED: capacity && isPageAligned(capacity) in JSC::CLoopStack::CLoopStack(JSC::VM&).
488         https://bugs.webkit.org/show_bug.cgi?id=192018
489
490         Reviewed by Saam Barati.
491
492         This assertion failed because the regress-191579.js test was specifying
493         --maxPerThreadStackUsage=400000 i.e. it was running with a stack size that is not
494         page aligned.  Given that the user can specify any arbitrary stack size, and the
495         CLoop stack expects to be page aligned, we'll just round up the requested capacity
496         to the next page alignment.
497
498         * interpreter/CLoopStack.cpp:
499         (JSC::CLoopStack::CLoopStack):
500
501 2018-11-27  Mark Lam  <mark.lam@apple.com>
502
503         [Re-landing] NaNs read from Wasm code needs to be be purified.
504         https://bugs.webkit.org/show_bug.cgi?id=191056
505         <rdar://problem/45660341>
506
507         Reviewed by Filip Pizlo.
508
509         * wasm/js/WebAssemblyModuleRecord.cpp:
510         (JSC::WebAssemblyModuleRecord::link):
511
512 2018-11-27  Timothy Hatcher  <timothy@apple.com>
513
514         Web Inspector: Add support for forcing color scheme appearance in DOM tree.
515         https://bugs.webkit.org/show_bug.cgi?id=191820
516         rdar://problem/46153172
517
518         Reviewed by Devin Rousso.
519
520         * inspector/protocol/Page.json: Added setForcedAppearance.
521         Also added the defaultAppearanceDidChange event and Appearance enum.
522
523 2018-11-27  Ryan Haddad  <ryanhaddad@apple.com>
524
525         Unreviewed, rolling out r238509.
526
527         Causes JSC tests to fail on iOS.
528
529         Reverted changeset:
530
531         "NaNs read from Wasm code needs to be be purified."
532         https://bugs.webkit.org/show_bug.cgi?id=191056
533         https://trac.webkit.org/changeset/238509
534
535 2018-11-27  Mark Lam  <mark.lam@apple.com>
536
537         Introducing a ENABLE_SEPARATED_WX_HEAP macro.
538         https://bugs.webkit.org/show_bug.cgi?id=192013
539         <rdar://problem/45494310>
540
541         Reviewed by Keith Miller.
542
543         This makes the code a little more readable.
544
545         I put the definition of ENABLE_SEPARATED_WX_HEAP in JSC's config.h instead of
546         Platform.h because ENABLE_SEPARATED_WX_HEAP is only needed inside JSC.  Also,
547         ENABLE_SEPARATED_WX_HEAP depends on ENABLE(FAST_JIT_PERMISSIONS), which is only
548         defined for JSC.
549
550         * config.h:
551         * jit/ExecutableAllocator.cpp:
552         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
553         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
554         * jit/ExecutableAllocator.h:
555         (JSC::performJITMemcpy):
556         * runtime/Options.cpp:
557         (JSC::recomputeDependentOptions):
558
559 2018-11-26  Caio Lima  <ticaiolima@gmail.com>
560
561         Re-introduce op_bitnot
562         https://bugs.webkit.org/show_bug.cgi?id=190923
563
564         Reviewed by Yusuke Suzuki.
565
566         With the introduction of BigInt as a new type, we can't emit bitwise
567         not as `x ^ -1` anymore, because this is incompatible with the new type.
568         Based on that, this Patch is adding `op_bitnot` as a new operation
569         into LLInt, as well as introducing ArithBitNot node into DFG to support
570         JIT compilation of such opcode. We will use the ValueProfile of this
571         intruction in the future to generate better code when its operand
572         is not Int32.
573
574         * assembler/MacroAssemblerARM64.h:
575         (JSC::MacroAssemblerARM64::not32):
576         * assembler/MacroAssemblerARMv7.h:
577         (JSC::MacroAssemblerARMv7::not32):
578         * assembler/MacroAssemblerMIPS.h:
579         (JSC::MacroAssemblerMIPS::not32):
580         * bytecode/BytecodeList.rb:
581         * bytecode/BytecodeUseDef.h:
582         (JSC::computeUsesForBytecodeOffset):
583         (JSC::computeDefsForBytecodeOffset):
584         * bytecode/CodeBlock.cpp:
585         (JSC::CodeBlock::finishCreation):
586         * bytecode/Opcode.h:
587         (JSC::padOpcodeName):
588         * bytecompiler/BytecodeGenerator.cpp:
589         (JSC::BytecodeGenerator::emitUnaryOp):
590         * bytecompiler/NodesCodegen.cpp:
591         (JSC::UnaryPlusNode::emitBytecode):
592         (JSC::BitwiseNotNode::emitBytecode): Deleted.
593         * dfg/DFGAbstractInterpreterInlines.h:
594         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
595         * dfg/DFGBackwardsPropagationPhase.cpp:
596         (JSC::DFG::BackwardsPropagationPhase::propagate):
597         * dfg/DFGByteCodeParser.cpp:
598         (JSC::DFG::ByteCodeParser::parseBlock):
599         * dfg/DFGCapabilities.cpp:
600         (JSC::DFG::capabilityLevel):
601         * dfg/DFGClobberize.h:
602         (JSC::DFG::clobberize):
603         * dfg/DFGDoesGC.cpp:
604         (JSC::DFG::doesGC):
605         * dfg/DFGFixupPhase.cpp:
606         (JSC::DFG::FixupPhase::fixupNode):
607         * dfg/DFGNodeType.h:
608         * dfg/DFGOperations.cpp:
609         * dfg/DFGOperations.h:
610         * dfg/DFGPredictionPropagationPhase.cpp:
611         * dfg/DFGSafeToExecute.h:
612         (JSC::DFG::safeToExecute):
613         * dfg/DFGSpeculativeJIT.cpp:
614         (JSC::DFG::SpeculativeJIT::compileBitwiseNot):
615         * dfg/DFGSpeculativeJIT.h:
616         * dfg/DFGSpeculativeJIT32_64.cpp:
617         (JSC::DFG::SpeculativeJIT::compile):
618         * dfg/DFGSpeculativeJIT64.cpp:
619         (JSC::DFG::SpeculativeJIT::compile):
620         * ftl/FTLCapabilities.cpp:
621         (JSC::FTL::canCompile):
622         * ftl/FTLLowerDFGToB3.cpp:
623         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
624         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitNot):
625         * jit/JIT.cpp:
626         (JSC::JIT::privateCompileMainPass):
627         (JSC::JIT::privateCompileSlowCases):
628         * jit/JIT.h:
629         * jit/JITArithmetic.cpp:
630         (JSC::JIT::emit_op_bitnot):
631         * llint/LowLevelInterpreter32_64.asm:
632         * llint/LowLevelInterpreter64.asm:
633         * offlineasm/cloop.rb:
634         * parser/NodeConstructors.h:
635         (JSC::BitwiseNotNode::BitwiseNotNode):
636         * parser/Nodes.h:
637         * parser/ResultType.h:
638         (JSC::ResultType::bigIntOrInt32Type):
639         (JSC::ResultType::forBitOp):
640         * runtime/CommonSlowPaths.cpp:
641         (JSC::SLOW_PATH_DECL):
642         * runtime/CommonSlowPaths.h:
643
644 2018-11-26  Saam barati  <sbarati@apple.com>
645
646         InPlaceAbstractState::endBasicBlock rule for SetLocal should filter the value based on the flush format
647         https://bugs.webkit.org/show_bug.cgi?id=191956
648         <rdar://problem/45665806>
649
650         Reviewed by Yusuke Suzuki.
651
652         This is a similar bug to what Keith fixed in r232134. The issue is if we have
653         a program like this:
654         
655         a: JSConstant(jsNumber(0))
656         b: SetLocal(Int32:@a, loc1, FlushedInt32)
657         c: ArrayifyToStructure(Cell:@a)
658         d: Jump(...)
659         
660         At the point in the program right after the Jump, a GetLocal for loc1
661         would return whatever the ArrayifyToStructure resulting type is. This breaks
662         the invariant that a GetLocal must return a value that is a subtype of its
663         FlushFormat. InPlaceAbstractState::endBasicBlock will know if a SetLocal is
664         the final node touching a local slot. If so, it'll see if any nodes later
665         in the block may have refined the type of the value stored in that slot. If
666         so, endBasicBlock() further refines the type to ensure that any GetLocals
667         loading from the same slot will result in having this more refined type.
668         However, we must ensure that this logic only considers types within the
669         hierarchy of the variable access data's FlushFormat, otherwise, we may
670         break the invariant that a GetLocal's type is a subtype of its FlushFormat.
671
672         * dfg/DFGInPlaceAbstractState.cpp:
673         (JSC::DFG::InPlaceAbstractState::endBasicBlock):
674
675 2018-11-26  Saam barati  <sbarati@apple.com>
676
677         Object allocation sinking phase needs to iterate each scope offset instead of just iterating the symbol table's hashmap when handling an activation
678         https://bugs.webkit.org/show_bug.cgi?id=191958
679         <rdar://problem/46221877>
680
681         Reviewed by Yusuke Suzuki.
682
683         There may be more entries in an activation than unique variables
684         in a symbol table's hashmap. For example, if you have two parameters
685         to a function, and they both are the same name, and the function
686         uses eval, we'll end up with two scope slots, but only a single
687         entry in the hashmap in the symbol table. Object allocation sinking
688         phase was previously iterating over the hashmap, assuming these
689         values were equivalent. This is wrong in the above case. Instead,
690         we need to iterate over each scope offset.
691
692         * dfg/DFGObjectAllocationSinkingPhase.cpp:
693         * runtime/GenericOffset.h:
694         (JSC::GenericOffset::operator+=):
695         (JSC::GenericOffset::operator-=):
696
697 2018-11-26  Mark Lam  <mark.lam@apple.com>
698
699         NaNs read from Wasm code needs to be be purified.
700         https://bugs.webkit.org/show_bug.cgi?id=191056
701         <rdar://problem/45660341>
702
703         Reviewed by Filip Pizlo.
704
705         * wasm/js/WebAssemblyModuleRecord.cpp:
706         (JSC::WebAssemblyModuleRecord::link):
707
708 2018-11-26  Tadeu Zagallo  <tzagallo@apple.com>
709
710         ASSERTION FAILED: m_outOfLineJumpTargets.contains(bytecodeOffset)
711         https://bugs.webkit.org/show_bug.cgi?id=191716
712         <rdar://problem/45723878>
713
714         Reviewed by Saam Barati.
715
716         After https://bugs.webkit.org/show_bug.cgi?id=187373, when updating
717         jump targets during generatorification, we only stored the new jump
718         target when it changed. However, the out-of-line jump targets are
719         cleared at the beginning of the pass, so we need to store it
720         unconditionally.
721
722         * bytecode/PreciseJumpTargetsInlines.h:
723         (JSC::extractStoredJumpTargetsForInstruction):
724         (JSC::updateStoredJumpTargetsForInstruction):
725
726 2018-11-23  Wenson Hsieh  <wenson_hsieh@apple.com>
727
728         Enable drag and drop support for iOSMac
729         https://bugs.webkit.org/show_bug.cgi?id=191818
730         <rdar://problem/43907454>
731
732         Reviewed by Dean Jackson.
733
734         * Configurations/FeatureDefines.xcconfig:
735
736 2018-11-22  Mark Lam  <mark.lam@apple.com>
737
738         Make the jsc shell's dumpException() more robust against long exception strings.
739         https://bugs.webkit.org/show_bug.cgi?id=191910
740         <rdar://problem/46212980>
741
742         Reviewed by Michael Saboff.
743
744         This only affects the dumping of the exception string in the jsc shell due to
745         unhandled exceptions or exceptions at shell boot time before any JS code is
746         running.
747
748         * jsc.cpp:
749         (dumpException):
750
751 2018-11-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
752
753         [JSC] Drop ARM_TRADITIONAL support in LLInt, baseline JIT, and DFG
754         https://bugs.webkit.org/show_bug.cgi?id=191675
755
756         Reviewed by Mark Lam.
757
758         We no longer maintain ARM_TRADITIONAL LLInt and JIT in JSC. This architecture will use
759         CLoop instead. This patch removes ARM_TRADITIONAL support in LLInt and JIT.
760
761         Discussed in https://lists.webkit.org/pipermail/webkit-dev/2018-October/030220.html.
762
763         * CMakeLists.txt:
764         * JavaScriptCore.xcodeproj/project.pbxproj:
765         * Sources.txt:
766         * assembler/ARMAssembler.cpp: Removed.
767         * assembler/ARMAssembler.h: Removed.
768         * assembler/LinkBuffer.cpp:
769         (JSC::LinkBuffer::linkCode):
770         (JSC::LinkBuffer::dumpCode):
771         * assembler/MacroAssembler.h:
772         (JSC::MacroAssembler::patchableBranch32):
773         * assembler/MacroAssemblerARM.cpp: Removed.
774         * assembler/MacroAssemblerARM.h: Removed.
775         * assembler/PerfLog.cpp:
776         * assembler/PerfLog.h:
777         * assembler/ProbeContext.h:
778         (JSC::Probe::CPUState::pc):
779         (JSC::Probe::CPUState::fp):
780         (JSC::Probe::CPUState::sp):
781         * assembler/testmasm.cpp:
782         (JSC::isPC):
783         (JSC::testProbeModifiesStackPointer):
784         (JSC::testProbeModifiesStackValues):
785         * bytecode/InlineAccess.h:
786         (JSC::InlineAccess::sizeForPropertyAccess):
787         (JSC::InlineAccess::sizeForPropertyReplace):
788         (JSC::InlineAccess::sizeForLengthAccess):
789         * dfg/DFGSpeculativeJIT.h:
790         * disassembler/CapstoneDisassembler.cpp:
791         (JSC::tryToDisassemble):
792         * jit/AssemblyHelpers.cpp:
793         (JSC::AssemblyHelpers::debugCall):
794         * jit/AssemblyHelpers.h:
795         * jit/CCallHelpers.h:
796         (JSC::CCallHelpers::setupArgumentsImpl):
797         (JSC::CCallHelpers::prepareForTailCallSlow):
798         * jit/CallFrameShuffler.cpp:
799         (JSC::CallFrameShuffler::prepareForTailCall):
800         * jit/HostCallReturnValue.cpp:
801         * jit/JITMathIC.h:
802         (JSC::isProfileEmpty):
803         * jit/RegisterSet.cpp:
804         (JSC::RegisterSet::reservedHardwareRegisters):
805         (JSC::RegisterSet::calleeSaveRegisters):
806         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
807         (JSC::RegisterSet::dfgCalleeSaveRegisters):
808         * jit/Repatch.cpp:
809         (JSC::forceICFailure):
810         * jit/ThunkGenerators.cpp:
811         (JSC::nativeForGenerator):
812         * llint/LLIntOfflineAsmConfig.h:
813         * llint/LowLevelInterpreter.asm:
814         * llint/LowLevelInterpreter32_64.asm:
815         * offlineasm/arm.rb:
816         * offlineasm/backends.rb:
817         * yarr/YarrJIT.cpp:
818         (JSC::Yarr::YarrGenerator::generateEnter):
819         (JSC::Yarr::YarrGenerator::generateReturn):
820
821 2018-11-21  Saam barati  <sbarati@apple.com>
822
823         DFGSpeculativeJIT should not &= exitOK with mayExit(node)
824         https://bugs.webkit.org/show_bug.cgi?id=191897
825         <rdar://problem/45871998>
826
827         Reviewed by Mark Lam.
828
829         exitOK is a statement about it being legal to exit. mayExit() is about being
830         conservative and returning false only if an OSR exit *could never* happen.
831         mayExit() tries to be as smart as possible to see if it can return false.
832         It can't return false if a runtime exit *could* happen. However, there is
833         code in the compiler where mayExit() returns false (because it uses data
834         generated from AI about type checks being proved), but the code we emit in the
835         compiler backend unconditionally generates an OSR exit, even if that exit may
836         never execute. For example, let's say we have this IR:
837         
838         SomeNode(Boolean:@input)
839         
840         And we always emit code like this as a way of emitting a boolean type check:
841         
842         jump L1 if input == true
843         jump L1 if input == false
844         emit an OSR exit
845         
846         In such a program, when we generate the above OSR exit, in a validationEnabled()
847         build, and if @input is proved to be a boolean, we'll end up crashing because we
848         have the bogus assertion saying !exitOK. This is one reason why things are cleaner
849         if we don't conflate mayExit() with exitOK.
850
851         * dfg/DFGSpeculativeJIT.cpp:
852         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
853
854 2018-11-21  Saam barati  <sbarati@apple.com>
855
856         Fix assertion in KnownCellUse inside SpeculativeJIT::speculate
857         https://bugs.webkit.org/show_bug.cgi?id=191895
858         <rdar://problem/46167406>
859
860         Reviewed by Mark Lam.
861
862         We were asserting that the input edge should have type SpecCell but it should
863         really be SpecCellCheck since the type filter for KnownCellUse is SpecCellCheck.
864         
865         This patch cleans up that assertion code by joining a bunch of cases into a
866         single function call which grabs the type filter for the edge UseKind and
867         asserts that the incoming edge meets the type filter criteria.
868
869         * dfg/DFGSpeculativeJIT.cpp:
870         (JSC::DFG::SpeculativeJIT::speculate):
871         * ftl/FTLLowerDFGToB3.cpp:
872         (JSC::FTL::DFG::LowerDFGToB3::speculate):
873
874 2018-11-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
875
876         [JSC] Use ProtoCallFrame::numberOfRegisters instead of raw number `4`
877         https://bugs.webkit.org/show_bug.cgi?id=191877
878
879         Reviewed by Sam Weinig.
880
881         Instead of hard-coding `4` into LowLevelInterpreter, use ProtoCallFrame::numberOfRegisters.
882
883         * interpreter/ProtoCallFrame.h:
884         * llint/LowLevelInterpreter32_64.asm:
885         * llint/LowLevelInterpreter64.asm:
886
887 2018-11-21  Mark Lam  <mark.lam@apple.com>
888
889         Creating a wasm memory that is bigger than the ArrayBuffer limit but smaller than the spec limit should throw OOME not RangeError.
890         https://bugs.webkit.org/show_bug.cgi?id=191776
891         <rdar://problem/46152851>
892
893         Reviewed by Saam Barati.
894
895         * wasm/WasmMemory.cpp:
896         (JSC::Wasm::Memory::tryCreate):
897         - return nullptr if the requested bytes exceed MAX_ARRAY_BUFFER_SIZE.
898           The clients will already do a null check and throw an OutOfMemoryError if needed.
899         (JSC::Wasm::Memory::grow):
900         - throw OOME if newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE.
901         * wasm/js/WebAssemblyMemoryConstructor.cpp:
902         (JSC::constructJSWebAssemblyMemory):
903         - throw OOME if newPageCount.bytes() > MAX_ARRAY_BUFFER_SIZE.
904
905 2018-11-21  Caio Lima  <ticaiolima@gmail.com>
906
907         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
908         https://bugs.webkit.org/show_bug.cgi?id=190836
909
910         Reviewed by Saam Barati and Yusuke Suzuki.
911
912         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
913         where we allocate a BigInt trusting the length received as argument.
914         With this additional method, we now check if length passed to
915         `JSBigInt::tryCreateWithLength` is not greater than JSBigInt::maxLength.
916         When the length is greater than JSBigInt::maxLength, we then throw OOM
917         exception.
918         This required us to change the interface of some JSBigInt operations to
919         receive `ExecState*` instead of `VM&`. We changed only operations that
920         can throw because of OOM.
921         We beleive that this approach of throwing instead of finishing the
922         execution abruptly is better because JS programs can catch such
923         exception and handle this issue properly.
924
925         * dfg/DFGOperations.cpp:
926         * jit/JITOperations.cpp:
927         * runtime/CommonSlowPaths.cpp:
928         (JSC::SLOW_PATH_DECL):
929         * runtime/JSBigInt.cpp:
930         (JSC::JSBigInt::createZero):
931         (JSC::JSBigInt::tryCreateWithLength):
932         (JSC::JSBigInt::createWithLengthUnchecked):
933         (JSC::JSBigInt::createFrom):
934         (JSC::JSBigInt::multiply):
935         (JSC::JSBigInt::divide):
936         (JSC::JSBigInt::copy):
937         (JSC::JSBigInt::unaryMinus):
938         (JSC::JSBigInt::remainder):
939         (JSC::JSBigInt::add):
940         (JSC::JSBigInt::sub):
941         (JSC::JSBigInt::bitwiseAnd):
942         (JSC::JSBigInt::bitwiseOr):
943         (JSC::JSBigInt::bitwiseXor):
944         (JSC::JSBigInt::absoluteAdd):
945         (JSC::JSBigInt::absoluteSub):
946         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
947         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
948         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
949         (JSC::JSBigInt::absoluteBitwiseOp):
950         (JSC::JSBigInt::absoluteAddOne):
951         (JSC::JSBigInt::absoluteSubOne):
952         (JSC::JSBigInt::toStringGeneric):
953         (JSC::JSBigInt::rightTrim):
954         (JSC::JSBigInt::allocateFor):
955         (JSC::JSBigInt::createWithLength): Deleted.
956         * runtime/JSBigInt.h:
957         * runtime/Operations.cpp:
958         (JSC::jsAddSlowCase):
959         * runtime/Operations.h:
960         (JSC::jsSub):
961         (JSC::jsMul):
962
963 2018-11-20  Mark Lam  <mark.lam@apple.com>
964
965         Remove invalid assertion in VMTraps::SignalSender's SignalAction.
966         https://bugs.webkit.org/show_bug.cgi?id=191856
967         <rdar://problem/46089992>
968
969         Reviewed by Yusuke Suzuki.
970
971         The ASSERT(vm.traps().needTrapHandling()) assertion in SignalSender's SigAction
972         function is invalid because we can't be sure that the trap has been handled yet
973         by the time the trap fires.  This is because the main thread may also check traps
974         (in LLInt, baseline JIT and VM runtime code).  There's a race to handle the trap.
975         Hence, the SigAction cannot assume that the trap still needs handling by the time
976         it is executed.  This patch removed the invalid assertion.
977
978         Also renamed m_trapSet to m_condition because it is a AutomaticThreadCondition,
979         and all the ways it is used is as a condvar.  The m_trapSet name doesn't seem
980         appropriate nor meaningful.
981
982         * runtime/VMTraps.cpp:
983         (JSC::VMTraps::tryInstallTrapBreakpoints):
984         - Added a !needTrapHandling() check as an optimization: there's no need to install
985           VMTrap breakpoints if someone already beat us to handling the trap (remember,
986           the main thread is racing against the VMTraps signalling thread to handle the
987           trap too).  We only need to install the VMTraps breakpoints if we need DFG/FTL
988           compiled code to deopt so that they can check and handle pending traps.  If the
989           trap has already been handled, it's better to not deopt any DFG/FTL functions.
990
991         (JSC::VMTraps::willDestroyVM):
992         (JSC::VMTraps::fireTrap):
993         (JSC::VMTraps::VMTraps):
994         * runtime/VMTraps.h:
995
996 2018-11-21  Dominik Infuehr  <dinfuehr@igalia.com>
997
998         Enable JIT on ARM/Linux
999         https://bugs.webkit.org/show_bug.cgi?id=191548
1000
1001         Reviewed by Yusuke Suzuki.
1002
1003         Enable JIT by default on ARMv7/Linux after it was disabled with
1004         recent bytcode format change.
1005
1006         * bytecode/CodeBlock.cpp:
1007         (JSC::CodeBlock::getICStatusMap):
1008         * bytecode/CodeBlock.h:
1009         (JSC::CodeBlock::metadata):
1010         * bytecode/InByIdStatus.cpp:
1011         (JSC::InByIdStatus::computeFor):
1012         * bytecode/Instruction.h:
1013         (JSC::Instruction::cast):
1014         * bytecode/MetadataTable.h:
1015         (JSC::MetadataTable::forEach):
1016         * bytecode/PutByIdStatus.cpp:
1017         (JSC::PutByIdStatus::computeFor):
1018         (JSC::PutByIdStatus::hasExitSite): Deleted.
1019         * bytecode/PutByIdStatus.h:
1020         * dfg/DFGOSRExit.cpp:
1021         (JSC::DFG::reifyInlinedCallFrames):
1022         * dfg/DFGOSRExitCompilerCommon.cpp:
1023         (JSC::DFG::reifyInlinedCallFrames):
1024         * generator/Argument.rb:
1025         * generator/Opcode.rb:
1026         * jit/GPRInfo.h:
1027         * jit/JIT.h:
1028         * jit/JITArithmetic32_64.cpp:
1029         (JSC::JIT::emit_compareAndJump):
1030         (JSC::JIT::emit_compareUnsignedAndJump):
1031         (JSC::JIT::emit_compareUnsigned):
1032         (JSC::JIT::emit_compareAndJumpSlow):
1033         (JSC::JIT::emit_op_unsigned):
1034         (JSC::JIT::emit_op_inc):
1035         (JSC::JIT::emit_op_dec):
1036         (JSC::JIT::emitBinaryDoubleOp):
1037         (JSC::JIT::emit_op_mod):
1038         (JSC::JIT::emitSlow_op_mod):
1039         * jit/JITCall32_64.cpp:
1040         (JSC::JIT::emitPutCallResult):
1041         (JSC::JIT::emit_op_ret):
1042         (JSC::JIT::emitSlow_op_call):
1043         (JSC::JIT::emitSlow_op_tail_call):
1044         (JSC::JIT::emitSlow_op_call_eval):
1045         (JSC::JIT::emitSlow_op_call_varargs):
1046         (JSC::JIT::emitSlow_op_tail_call_varargs):
1047         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
1048         (JSC::JIT::emitSlow_op_construct_varargs):
1049         (JSC::JIT::emitSlow_op_construct):
1050         (JSC::JIT::emit_op_call):
1051         (JSC::JIT::emit_op_tail_call):
1052         (JSC::JIT::emit_op_call_eval):
1053         (JSC::JIT::emit_op_call_varargs):
1054         (JSC::JIT::emit_op_tail_call_varargs):
1055         (JSC::JIT::emit_op_tail_call_forward_arguments):
1056         (JSC::JIT::emit_op_construct_varargs):
1057         (JSC::JIT::emit_op_construct):
1058         (JSC::JIT::compileSetupFrame):
1059         (JSC::JIT::compileCallEval):
1060         (JSC::JIT::compileCallEvalSlowCase):
1061         (JSC::JIT::compileOpCall):
1062         (JSC::JIT::compileOpCallSlowCase):
1063         (JSC::JIT::compileSetupVarargsFrame): Deleted.
1064         * jit/JITInlines.h:
1065         (JSC::JIT::updateTopCallFrame):
1066         * jit/JITOpcodes.cpp:
1067         (JSC::JIT::emit_op_catch):
1068         (JSC::JIT::emitSlow_op_loop_hint):
1069         * jit/JITOpcodes32_64.cpp:
1070         (JSC::JIT::emit_op_mov):
1071         (JSC::JIT::emit_op_end):
1072         (JSC::JIT::emit_op_jmp):
1073         (JSC::JIT::emit_op_new_object):
1074         (JSC::JIT::emitSlow_op_new_object):
1075         (JSC::JIT::emit_op_overrides_has_instance):
1076         (JSC::JIT::emit_op_instanceof):
1077         (JSC::JIT::emit_op_instanceof_custom):
1078         (JSC::JIT::emitSlow_op_instanceof):
1079         (JSC::JIT::emitSlow_op_instanceof_custom):
1080         (JSC::JIT::emit_op_is_empty):
1081         (JSC::JIT::emit_op_is_undefined):
1082         (JSC::JIT::emit_op_is_boolean):
1083         (JSC::JIT::emit_op_is_number):
1084         (JSC::JIT::emit_op_is_cell_with_type):
1085         (JSC::JIT::emit_op_is_object):
1086         (JSC::JIT::emit_op_to_primitive):
1087         (JSC::JIT::emit_op_set_function_name):
1088         (JSC::JIT::emit_op_not):
1089         (JSC::JIT::emit_op_jfalse):
1090         (JSC::JIT::emit_op_jtrue):
1091         (JSC::JIT::emit_op_jeq_null):
1092         (JSC::JIT::emit_op_jneq_null):
1093         (JSC::JIT::emit_op_jneq_ptr):
1094         (JSC::JIT::emit_op_eq):
1095         (JSC::JIT::emitSlow_op_eq):
1096         (JSC::JIT::emit_op_jeq):
1097         (JSC::JIT::emitSlow_op_jeq):
1098         (JSC::JIT::emit_op_neq):
1099         (JSC::JIT::emitSlow_op_neq):
1100         (JSC::JIT::emit_op_jneq):
1101         (JSC::JIT::emitSlow_op_jneq):
1102         (JSC::JIT::compileOpStrictEq):
1103         (JSC::JIT::emit_op_stricteq):
1104         (JSC::JIT::emit_op_nstricteq):
1105         (JSC::JIT::compileOpStrictEqJump):
1106         (JSC::JIT::emit_op_jstricteq):
1107         (JSC::JIT::emit_op_jnstricteq):
1108         (JSC::JIT::emitSlow_op_jstricteq):
1109         (JSC::JIT::emitSlow_op_jnstricteq):
1110         (JSC::JIT::emit_op_eq_null):
1111         (JSC::JIT::emit_op_neq_null):
1112         (JSC::JIT::emit_op_throw):
1113         (JSC::JIT::emit_op_to_number):
1114         (JSC::JIT::emit_op_to_string):
1115         (JSC::JIT::emit_op_to_object):
1116         (JSC::JIT::emit_op_catch):
1117         (JSC::JIT::emit_op_identity_with_profile):
1118         (JSC::JIT::emit_op_get_parent_scope):
1119         (JSC::JIT::emit_op_switch_imm):
1120         (JSC::JIT::emit_op_switch_char):
1121         (JSC::JIT::emit_op_switch_string):
1122         (JSC::JIT::emit_op_debug):
1123         (JSC::JIT::emit_op_enter):
1124         (JSC::JIT::emit_op_get_scope):
1125         (JSC::JIT::emit_op_create_this):
1126         (JSC::JIT::emit_op_to_this):
1127         (JSC::JIT::emit_op_check_tdz):
1128         (JSC::JIT::emit_op_has_structure_property):
1129         (JSC::JIT::privateCompileHasIndexedProperty):
1130         (JSC::JIT::emit_op_has_indexed_property):
1131         (JSC::JIT::emitSlow_op_has_indexed_property):
1132         (JSC::JIT::emit_op_get_direct_pname):
1133         (JSC::JIT::emit_op_enumerator_structure_pname):
1134         (JSC::JIT::emit_op_enumerator_generic_pname):
1135         (JSC::JIT::emit_op_profile_type):
1136         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1137         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1138         * jit/JITPropertyAccess32_64.cpp:
1139         (JSC::JIT::emit_op_put_getter_by_id):
1140         (JSC::JIT::emit_op_put_setter_by_id):
1141         (JSC::JIT::emit_op_put_getter_setter_by_id):
1142         (JSC::JIT::emit_op_put_getter_by_val):
1143         (JSC::JIT::emit_op_put_setter_by_val):
1144         (JSC::JIT::emit_op_del_by_id):
1145         (JSC::JIT::emit_op_del_by_val):
1146         (JSC::JIT::emit_op_get_by_val):
1147         (JSC::JIT::emitGetByValWithCachedId):
1148         (JSC::JIT::emitSlow_op_get_by_val):
1149         (JSC::JIT::emit_op_put_by_val_direct):
1150         (JSC::JIT::emit_op_put_by_val):
1151         (JSC::JIT::emitGenericContiguousPutByVal):
1152         (JSC::JIT::emitArrayStoragePutByVal):
1153         (JSC::JIT::emitPutByValWithCachedId):
1154         (JSC::JIT::emitSlow_op_put_by_val):
1155         (JSC::JIT::emit_op_try_get_by_id):
1156         (JSC::JIT::emitSlow_op_try_get_by_id):
1157         (JSC::JIT::emit_op_get_by_id_direct):
1158         (JSC::JIT::emitSlow_op_get_by_id_direct):
1159         (JSC::JIT::emit_op_get_by_id):
1160         (JSC::JIT::emitSlow_op_get_by_id):
1161         (JSC::JIT::emit_op_get_by_id_with_this):
1162         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1163         (JSC::JIT::emit_op_put_by_id):
1164         (JSC::JIT::emitSlow_op_put_by_id):
1165         (JSC::JIT::emit_op_in_by_id):
1166         (JSC::JIT::emitSlow_op_in_by_id):
1167         (JSC::JIT::emit_op_resolve_scope):
1168         (JSC::JIT::emit_op_get_from_scope):
1169         (JSC::JIT::emitSlow_op_get_from_scope):
1170         (JSC::JIT::emit_op_put_to_scope):
1171         (JSC::JIT::emitSlow_op_put_to_scope):
1172         (JSC::JIT::emit_op_get_from_arguments):
1173         (JSC::JIT::emit_op_put_to_arguments):
1174         * jit/RegisterSet.cpp:
1175         (JSC::RegisterSet::vmCalleeSaveRegisters):
1176         * llint/LLIntData.cpp:
1177         (JSC::LLInt::Data::performAssertions):
1178         * llint/LowLevelInterpreter.asm:
1179         * runtime/SamplingProfiler.cpp:
1180         (JSC::tryGetBytecodeIndex):
1181
1182 2018-11-20  Saam barati  <sbarati@apple.com>
1183
1184         Merging an IC variant may lead to the IC status containing overlapping structure sets
1185         https://bugs.webkit.org/show_bug.cgi?id=191869
1186         <rdar://problem/45403453>
1187
1188         Reviewed by Mark Lam.
1189
1190         When merging two IC variant lists, we may end up in a world where we have
1191         overlapping structure sets. We defend against this when we append a new
1192         variant, but we should also defend against it once we merge in a new variant.
1193         
1194         Consider this case with MultiPutByOffset, where we merge two PutByIdStatuses
1195         together, P1 and P2.
1196         
1197         Let's consider these structures:
1198         s1 = {}
1199         s2 = {p: 0}
1200         s3 = {p: 0, p2: 1}
1201         
1202         P1 contains these variants:
1203         Transition: [s1 => s2]
1204         Replace: [s2, s3]
1205         
1206         P2 contains:
1207         Replace: [s2]
1208         
1209         Because of the ordering of the variants, we may end up combining
1210         P2's replace into P1's transition, forming this new list:
1211         Transition: [(s1, s2) => s2]
1212         Replace: [s2, s3]
1213         
1214         Obviously the ideal thing here is to have some ordering when we merge
1215         in variants to choose the most ideal option. It'd be ideal for P2's
1216         Replace to be merged into P1's replace.
1217         
1218         If we notice that this is super important, we can implement some kind
1219         of ordering. None of our tests (until this patch) stress this. This patch
1220         just makes it so we defend against this crazy scenario by falling back
1221         to the slow path gracefully. This prevents us from emitting invalid
1222         IR in FTL->B3 lowering by creating a switch with two case labels being
1223         identical values.
1224
1225         * bytecode/ICStatusUtils.h:
1226         (JSC::appendICStatusVariant):
1227
1228 2018-11-20  Fujii Hironori  <Hironori.Fujii@sony.com>
1229
1230         REGRESSION(r238039) WebCore::JSDOMGlobalObject::createStructure is using JSC::Structure::create without including StructureInlines.h
1231         https://bugs.webkit.org/show_bug.cgi?id=191626
1232         <rdar://problem/46161064>
1233
1234         Unreviewed adding comment for my change r238366.
1235
1236         * runtime/Structure.h: Added a comment for Structure::create.
1237
1238 2018-11-19  Mark Lam  <mark.lam@apple.com>
1239
1240         globalFuncImportModule() should return a promise when it clears exceptions.
1241         https://bugs.webkit.org/show_bug.cgi?id=191792
1242         <rdar://problem/46090763>
1243
1244         Reviewed by Michael Saboff.
1245
1246         If we're clearing the exceptions in a CatchScope, then it means that we've handled
1247         the exception, and is able to proceed in a normal manner.  Hence, we should not
1248         return the empty JSValue in this case: instead, we should return a Promise as
1249         expected by import's API.
1250
1251         The only time when we can't return a promise is when we fail to create a Promise.
1252         In that case, we should be propagating the exception.
1253
1254         Hence, globalFuncImportModule() contains a ThrowScope (for propagating the
1255         exception that arises from failure to create the Promise) wrapping a CatchScope
1256         (for catching any exception that arises from failure to execute the import).
1257
1258         Also fixed similar issues, and some exception check issues in JSModuleLoader and
1259         the jsc shell.
1260
1261         * jsc.cpp:
1262         (GlobalObject::moduleLoaderImportModule):
1263         (GlobalObject::moduleLoaderFetch):
1264         * runtime/JSGlobalObjectFunctions.cpp:
1265         (JSC::globalFuncImportModule):
1266         * runtime/JSModuleLoader.cpp:
1267         (JSC::JSModuleLoader::loadAndEvaluateModule):
1268         (JSC::JSModuleLoader::loadModule):
1269         (JSC::JSModuleLoader::requestImportModule):
1270         (JSC::JSModuleLoader::importModule):
1271         (JSC::JSModuleLoader::resolve):
1272         (JSC::JSModuleLoader::fetch):
1273         (JSC::moduleLoaderParseModule):
1274         (JSC::moduleLoaderResolveSync):
1275
1276 2018-11-19  Alex Christensen  <achristensen@webkit.org>
1277
1278         Add SPI to disable JIT in a WKWebView
1279         https://bugs.webkit.org/show_bug.cgi?id=191822
1280         <rdar://problem/28119360>
1281
1282         Reviewed by Geoffrey Garen.
1283
1284         * jit/ExecutableAllocator.cpp:
1285         (JSC::jitDisabled):
1286         (JSC::allowJIT):
1287         (JSC::ExecutableAllocator::setJITEnabled):
1288         * jit/ExecutableAllocator.h:
1289         (JSC::ExecutableAllocator::setJITEnabled):
1290
1291 2018-11-19  Fujii Hironori  <Hironori.Fujii@sony.com>
1292
1293         [MSVC] X86Assembler.h(108): error C2666: 'WebCore::operator -': 7 overloads have similar conversions
1294         https://bugs.webkit.org/show_bug.cgi?id=189467
1295         <rdar://problem/44290945>
1296
1297         Reviewed by Mark Lam.
1298
1299         This issue has happened several times. And, it seems that it will
1300         take more time for Microsoft to fix the MSVC bug. We need a
1301         effective workaround not to repeat this issue until they fix MSVC.
1302
1303         Remove ": int8_t" of RegisterID only for COMPILER(MSVC).
1304
1305         * assembler/X86Assembler.h: Added JSC_X86_ASM_REGISTER_ID_ENUM_BASE_TYPE macro.
1306
1307 2018-11-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1308
1309         [WebAssembly] I64 arguments / return value check should be moved from callWebAssemblyFunction to JSToWasm wrapper
1310         https://bugs.webkit.org/show_bug.cgi?id=190512
1311
1312         Reviewed by Keith Miller.
1313
1314         This patch moves I64 arguments / return value check from callWebAssemblyFunction to JSToWasm wrapper. Since this
1315         check can be done when compiling the function, we should encode the result into the generated wrapper instead of
1316         checking every time we call callWebAssemblyFunction. This change is also one of the steps removing callWebAssemblyFunction
1317         entirely.
1318
1319         * wasm/WasmExceptionType.h:
1320         * wasm/js/JSToWasm.cpp:
1321         (JSC::Wasm::createJSToWasmWrapper):
1322         * wasm/js/WebAssemblyFunction.cpp:
1323         (JSC::callWebAssemblyFunction):
1324         * wasm/js/WebAssemblyWrapperFunction.cpp:
1325         (JSC::callWebAssemblyWrapperFunction):
1326
1327 2018-11-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1328
1329         Consider removing double load for accessing the instructions from LLInt
1330         https://bugs.webkit.org/show_bug.cgi?id=190932
1331
1332         Reviewed by Mark Lam.
1333
1334         Changing InstructionStream to RefCountedArray like structure involves so much changes
1335         including BytecodeGraph, PreciseJumpTargets etc. Instead, CodeBlock simply hold a raw
1336         pointer to the InstructionStream's data. Since InstructionStream is not changed
1337         anymore, this pointer is valid while CodeBlock is live.
1338
1339         * bytecode/CodeBlock.cpp:
1340         (JSC::CodeBlock::CodeBlock):
1341         * bytecode/CodeBlock.h:
1342         * bytecode/InstructionStream.h:
1343         (JSC::InstructionStream::rawPointer const):
1344         * llint/LowLevelInterpreter.asm:
1345         * llint/LowLevelInterpreter32_64.asm:
1346         * llint/LowLevelInterpreter64.asm:
1347
1348 2018-11-18  Fujii Hironori  <Hironori.Fujii@sony.com>
1349
1350         REGRESSION(r238039) WebCore::JSDOMGlobalObject::createStructure is using JSC::Structure::create without including StructureInlines.h
1351         https://bugs.webkit.org/show_bug.cgi?id=191626
1352
1353         Reviewed by Yusuke Suzuki.
1354
1355         JSC::Structure::create is used everywhere. It should be defined in
1356         Structure.h, not in StructureInlines.h.
1357
1358         * runtime/Structure.h:
1359         (JSC::Structure::create): Moved.
1360         * runtime/StructureInlines.h: Moved JSC::Structure::create.
1361
1362 2018-11-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1363
1364         Unreviewed, rolling in the rest of r237254
1365         https://bugs.webkit.org/show_bug.cgi?id=190340
1366
1367         * parser/ParserModes.h:
1368         * parser/ParserTokens.h:
1369         (JSC::JSTextPosition::JSTextPosition):
1370         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
1371         * runtime/CodeCache.cpp:
1372         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1373         * runtime/FunctionConstructor.cpp:
1374         (JSC::constructFunctionSkippingEvalEnabledCheck):
1375
1376 2018-11-17  Devin Rousso  <drousso@apple.com>
1377
1378         Web Inspector: Network: add button to show system certificate dialog
1379         https://bugs.webkit.org/show_bug.cgi?id=191458
1380         <rdar://problem/45977019>
1381
1382         Reviewed by Joseph Pecoraro.
1383
1384         * inspector/protocol/Network.json:
1385         Add `getSerializedCertificate` command.
1386
1387 2018-11-17  Dominik Infuehr  <dinfuehr@igalia.com>
1388
1389         Fix build with disabled DFG/FTL
1390         https://bugs.webkit.org/show_bug.cgi?id=191256
1391
1392         Reviewed by Yusuke Suzuki.
1393
1394         Fix compilation errors and warnings with both DFG and FTL
1395         disabled at compile-time.
1396
1397         * bytecode/CodeBlock.cpp:
1398         (JSC::CodeBlock::getICStatusMap):
1399         * bytecode/InByIdStatus.cpp:
1400         (JSC::InByIdStatus::computeFor):
1401         * bytecode/PutByIdStatus.cpp:
1402         (JSC::PutByIdStatus::computeFor):
1403         (JSC::PutByIdStatus::hasExitSite): Deleted.
1404         * bytecode/PutByIdStatus.h:
1405         * jit/JITOpcodes.cpp:
1406         (JSC::JIT::emit_op_catch):
1407
1408 2018-11-16  Joseph Pecoraro  <pecoraro@apple.com>
1409
1410         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Local Inspector)
1411         https://bugs.webkit.org/show_bug.cgi?id=191740
1412         <rdar://problem/45470897>
1413
1414         Reviewed by Timothy Hatcher.
1415
1416         * inspector/InspectorFrontendChannel.h:
1417         Expose EnumTraits for ConnectionType for WebKit IPC messages.
1418
1419 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
1420
1421         All users of ArrayBuffer should agree on the same max size
1422         https://bugs.webkit.org/show_bug.cgi?id=191771
1423
1424         Reviewed by Mark Lam.
1425
1426         Array buffers cannot be larger than 0x7fffffff, because otherwise loading typedArray.length in the DFG/FTL would produce
1427         a uint32 or would require a signedness check, neither of which sounds reasonable. It's better to just bound their max size
1428         instead.
1429
1430         * runtime/ArrayBuffer.cpp:
1431         (JSC::ArrayBufferContents::ArrayBufferContents):
1432         (JSC::ArrayBufferContents::tryAllocate):
1433         (JSC::ArrayBufferContents::transferTo):
1434         (JSC::ArrayBufferContents::copyTo):
1435         (JSC::ArrayBufferContents::shareWith):
1436         * runtime/ArrayBuffer.h:
1437         * wasm/WasmMemory.cpp:
1438         (JSC::Wasm::Memory::tryCreate):
1439         (JSC::Wasm::Memory::grow):
1440         * wasm/WasmPageCount.h:
1441
1442 2018-11-16  Saam Barati  <sbarati@apple.com>
1443
1444         KnownCellUse should also have SpecCellCheck as its type filter
1445         https://bugs.webkit.org/show_bug.cgi?id=191729
1446         <rdar://problem/45872852>
1447
1448         Reviewed by Filip Pizlo.
1449
1450         We write transformations in the compiler like this where we emit edges with
1451         KnownCellUse if we know we're inserting code at a point where we're dominated
1452         by a Cell check:
1453         
1454         a: SomeValue
1455         b: Something(Cell:@a)
1456         c: SomethingElse(@b)
1457         d: CheckNotEmpty(@a)
1458         
1459         =>
1460         
1461         a: SomeValue
1462         b: Something(Cell:@a)
1463         e: RandomOtherThing(KnownCellUse:@a)
1464         c: SomethingElse(@b)
1465         d: CheckNotEmpty(@a)
1466         
1467         However, doing this used to lead to subtly incorrect programs since KnownCellUse
1468         did not allow the empty value to flow through it. We used to end up incorrectly
1469         deleting @d in the above program. We fix this, we make KnownCellUse allow the empty
1470         value to flow through.
1471
1472         * dfg/DFGUseKind.h:
1473         (JSC::DFG::typeFilterFor):
1474
1475 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
1476
1477         Fix assertion failure on BytecodeGenerator::recordOpcode
1478         https://bugs.webkit.org/show_bug.cgi?id=191724
1479         <rdar://problem/45724395>
1480
1481         Reviewed by Saam Barati.
1482
1483         Since https://bugs.webkit.org/show_bug.cgi?id=187373, we were not
1484         restoring m_lastInstruction after patching the bytecode when
1485         finalizing StructureForInContexts, only m_lastOpcodeID, which led to
1486         the assertion failure.
1487
1488         * bytecompiler/BytecodeGenerator.cpp:
1489         (JSC::StructureForInContext::finalize):
1490
1491 2018-11-15  Mark Lam  <mark.lam@apple.com>
1492
1493         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
1494         https://bugs.webkit.org/show_bug.cgi?id=191730
1495         <rdar://problem/46048517>
1496
1497         Reviewed by Saam Barati.
1498
1499         According to the spec https://www.ecma-international.org/ecma-262/9.0/index.html#sec-regexp.prototype-@@match,
1500         the RegExp match results are filled in using the spec's CreateDataProperty()
1501         function which does not consult the prototype for setters.  JSArray:push()
1502         consults the prototype for setters.  We should be using putDirectIndex() instead.
1503
1504         * runtime/RegExpObjectInlines.h:
1505         (JSC::collectMatches):
1506
1507 2018-11-15  Mark Lam  <mark.lam@apple.com>
1508
1509         RegExp operations should not take fast patch if lastIndex is not numeric.
1510         https://bugs.webkit.org/show_bug.cgi?id=191731
1511         <rdar://problem/46017305>
1512
1513         Reviewed by Saam Barati.
1514
1515         This is because if lastIndex is an object with a valueOf() method, it can execute
1516         arbitrary code which may have side effects, and side effects are not permitted by
1517         the RegExp fast paths.
1518
1519         * builtins/RegExpPrototype.js:
1520         (globalPrivate.hasObservableSideEffectsForRegExpMatch):
1521         (overriddenName.string_appeared_here.search):
1522         (globalPrivate.hasObservableSideEffectsForRegExpSplit):
1523         (intrinsic.RegExpTestIntrinsic.test):
1524         * builtins/StringPrototype.js:
1525         (globalPrivate.hasObservableSideEffectsForStringReplace):
1526
1527 2018-11-15  Keith Rollin  <krollin@apple.com>
1528
1529         Delete old .xcfilelist files
1530         https://bugs.webkit.org/show_bug.cgi?id=191669
1531         <rdar://problem/46081994>
1532
1533         Reviewed by Chris Dumez.
1534
1535         .xcfilelist files were created and added to the Xcode project files in
1536         https://trac.webkit.org/changeset/238008/webkit. However, they caused
1537         build issues and they were removed from the Xcode projects in
1538         https://trac.webkit.org/changeset/238055/webkit. This check-in removes
1539         the files from the repository altogether. They'll ultimately be
1540         replaced with new files with names that indicate whether the
1541         associated files are inputs to the Run Script phase or are files
1542         created by the Run Script phase.
1543
1544         * DerivedSources.xcfilelist: Removed.
1545         * UnifiedSources.xcfilelist: Removed.
1546
1547 2018-11-14  Keith Rollin  <krollin@apple.com>
1548
1549         Move scripts for Derived and Unified Sources to external files
1550         https://bugs.webkit.org/show_bug.cgi?id=191670
1551         <rdar://problem/46082278>
1552
1553         Reviewed by Keith Miller.
1554
1555         Move the scripts in the Generate Derived Sources and Generate Unified
1556         Sources Run Script phases from the Xcode projects to external shell
1557         script files. Then invoke those scripts from the Run Script phases.
1558         This refactoring is being performed to support later work that will
1559         invoke these scripts in other contexts.
1560
1561         The scripts were maintained as-is when making the move. I did a little
1562         reformatting and added 'set -e' to the top of each file, but that's
1563         it.
1564
1565         * JavaScriptCore.xcodeproj/project.pbxproj:
1566         * Scripts/generate-derived-sources.sh: Added.
1567         * Scripts/generate-unified-sources.sh: Added.
1568
1569 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
1570
1571         Web Inspector: Pass Inspector::FrontendChannel as a reference connect/disconnect methods
1572         https://bugs.webkit.org/show_bug.cgi?id=191612
1573
1574         Reviewed by Matt Baker.
1575
1576         * inspector/InspectorFrontendRouter.cpp:
1577         (Inspector::FrontendRouter::connectFrontend):
1578         (Inspector::FrontendRouter::disconnectFrontend):
1579         * inspector/InspectorFrontendRouter.h:
1580         * inspector/JSGlobalObjectInspectorController.cpp:
1581         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1582         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
1583         * inspector/JSGlobalObjectInspectorController.h:
1584         * inspector/remote/RemoteControllableTarget.h:
1585         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
1586         (Inspector::RemoteConnectionToTarget::setup):
1587         (Inspector::RemoteConnectionToTarget::close):
1588         * inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:
1589         (Inspector::RemoteConnectionToTarget::setup):
1590         (Inspector::RemoteConnectionToTarget::close):
1591         * runtime/JSGlobalObjectDebuggable.cpp:
1592         (JSC::JSGlobalObjectDebuggable::connect):
1593         (JSC::JSGlobalObjectDebuggable::disconnect):
1594         * runtime/JSGlobalObjectDebuggable.h:
1595
1596 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
1597
1598         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Remote Inspector)
1599         https://bugs.webkit.org/show_bug.cgi?id=191494
1600         <rdar://problem/45469854>
1601
1602         Reviewed by Devin Rousso.
1603
1604         * CMakeLists.txt:
1605         * DerivedSources.make:
1606         * JavaScriptCore.xcodeproj/project.pbxproj:
1607         * Sources.txt:
1608         New domain and resources.
1609
1610         * inspector/protocol/Target.json: Added.
1611         New protocol domain, modeled after Worker.json, to allow for
1612         multiplexing between different targets.
1613
1614         * inspector/InspectorTarget.h:
1615         Each target will instantiate an InspectorTarget and must
1616         provide an identifier, type, and means of connecting/disconnecting
1617         to a frontend channel.
1618
1619         * inspector/agents/InspectorTargetAgent.cpp: Added.
1620         (Inspector::InspectorTargetAgent::InspectorTargetAgent):
1621         (Inspector::InspectorTargetAgent::didCreateFrontendAndBackend):
1622         (Inspector::InspectorTargetAgent::willDestroyFrontendAndBackend):
1623         (Inspector::InspectorTargetAgent::exists):
1624         (Inspector::InspectorTargetAgent::initialized):
1625         (Inspector::InspectorTargetAgent::sendMessageToTarget):
1626         (Inspector::InspectorTargetAgent::sendMessageFromTargetToFrontend):
1627         (Inspector::targetTypeToProtocolType):
1628         (Inspector::buildTargetInfoObject):
1629         (Inspector::InspectorTargetAgent::targetCreated):
1630         (Inspector::InspectorTargetAgent::targetTerminated):
1631         (Inspector::InspectorTargetAgent::connectToTargets):
1632         (Inspector::InspectorTargetAgent::disconnectFromTargets):
1633         * inspector/agents/InspectorTargetAgent.h: Added.
1634         TargetAgent holds a list of targets, and connects/disconnects to each
1635         of the targets when a frontend connects/disconnects.
1636
1637         * inspector/scripts/codegen/generator.py:
1638         Better enum casing of ServiceWorker.
1639
1640 2018-11-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1641
1642         Unreviewed, rolling in CodeCache in r237254
1643         https://bugs.webkit.org/show_bug.cgi?id=190340
1644
1645         Land the CodeCache part without adding an additional hash value.
1646
1647         * bytecode/UnlinkedFunctionExecutable.cpp:
1648         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1649         * bytecode/UnlinkedFunctionExecutable.h:
1650         * parser/SourceCodeKey.h:
1651         (JSC::SourceCodeKey::SourceCodeKey):
1652         (JSC::SourceCodeKey::operator== const):
1653         * runtime/CodeCache.cpp:
1654         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1655         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1656         * runtime/CodeCache.h:
1657         * runtime/FunctionConstructor.cpp:
1658         (JSC::constructFunctionSkippingEvalEnabledCheck):
1659         * runtime/FunctionExecutable.cpp:
1660         (JSC::FunctionExecutable::fromGlobalCode):
1661         * runtime/FunctionExecutable.h:
1662
1663 2018-11-13  Saam Barati  <sbarati@apple.com>
1664
1665         ProxyObject should check for VMInquiry and return early before throwing a stack overflow exception
1666         https://bugs.webkit.org/show_bug.cgi?id=191601
1667
1668         Reviewed by Mark Lam.
1669
1670         This doesn't fix any bugs today, but it may reduce future bugs. It was
1671         always weird that ProxyObject::getOwnPropertySlot with VMInquiry might
1672         throw a stack overflow error instead of just returning false like it
1673         normally does when VMInquiry is passed in.
1674
1675         * runtime/ProxyObject.cpp:
1676         (JSC::ProxyObject::getOwnPropertySlotCommon):
1677
1678 2018-11-13  Saam Barati  <sbarati@apple.com>
1679
1680         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
1681         https://bugs.webkit.org/show_bug.cgi?id=191600
1682
1683         Reviewed by Mark Lam.
1684
1685         processLogEntries will call into calculatedClassName, which will clear
1686         any exceptions it encounters (it assumes that they're stack overflow exceptions).
1687         However, this code may be called when an exception is already pending on the 
1688         VM (e.g, when we throw an exception in the DFG, we compile an OSR exit
1689         offramp, which may compile a baseline codeblock, which will process
1690         the type profiler log). To get around this, processLogEntires should stash
1691         away and re-apply any pending exceptions.
1692
1693         * dfg/DFGDriver.cpp:
1694         (JSC::DFG::compileImpl):
1695         * dfg/DFGOperations.cpp:
1696         * inspector/agents/InspectorRuntimeAgent.cpp:
1697         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1698         * jit/JIT.cpp:
1699         (JSC::JIT::doMainThreadPreparationBeforeCompile):
1700         * jit/JITOperations.cpp:
1701         * runtime/CommonSlowPaths.cpp:
1702         (JSC::SLOW_PATH_DECL):
1703         * runtime/TypeProfilerLog.cpp:
1704         (JSC::TypeProfilerLog::processLogEntries):
1705         * runtime/TypeProfilerLog.h:
1706         * runtime/VM.cpp:
1707         (JSC::VM::dumpTypeProfilerData):
1708         * runtime/VM.h:
1709         (JSC::VM::DeferExceptionScope::DeferExceptionScope):
1710         * tools/JSDollarVM.cpp:
1711         (JSC::functionFindTypeForExpression):
1712         (JSC::functionReturnTypeFor):
1713
1714 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
1715
1716         Unreviewed, rolling out r238132.
1717
1718         The test added with this change is timing out on Debug JSC
1719         bots.
1720
1721         Reverted changeset:
1722
1723         "[BigInt] JSBigInt::createWithLength should throw when length
1724         is greater than JSBigInt::maxLength"
1725         https://bugs.webkit.org/show_bug.cgi?id=190836
1726         https://trac.webkit.org/changeset/238132
1727
1728 2018-11-12  Mark Lam  <mark.lam@apple.com>
1729
1730         Add OOM detection to StringPrototype's substituteBackreferences().
1731         https://bugs.webkit.org/show_bug.cgi?id=191563
1732         <rdar://problem/45720428>
1733
1734         Reviewed by Saam Barati.
1735
1736         * dfg/DFGStrengthReductionPhase.cpp:
1737         (JSC::DFG::StrengthReductionPhase::handleNode):
1738         * runtime/StringPrototype.cpp:
1739         (JSC::substituteBackreferencesSlow):
1740         (JSC::substituteBackreferencesInline):
1741         (JSC::substituteBackreferences):
1742         (JSC::replaceUsingRegExpSearch):
1743         (JSC::replaceUsingStringSearch):
1744         * runtime/StringPrototype.h:
1745
1746 2018-11-13  Mark Lam  <mark.lam@apple.com>
1747
1748         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
1749         https://bugs.webkit.org/show_bug.cgi?id=191579
1750         <rdar://problem/45942472>
1751
1752         Reviewed by Saam Barati.
1753
1754         Both of these functions do a lot of work.  It would be good for the topCallFrame
1755         to be correct should we need to throw an exception.
1756
1757         For example, we've observed the following crash trace:
1758
1759           * frame #0: WTFCrash() at Assertions.cpp:253
1760             frame #1: ...
1761             frame #2: JSC::StructureIDTable::get(this=0x00006040000162f0, structureID=1874583248) at StructureIDTable.h:129
1762             frame #3: JSC::VM::getStructure(this=0x0000604000016210, id=4022066896) at VM.h:705
1763             frame #4: JSC::JSCell::structure(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:125
1764             frame #5: JSC::JSCell::classInfo(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:335
1765             frame #6: JSC::JSCell::inherits(this=0x00007ffeefbbde30, vm=0x0000604000016210, info=0x0000000105eaf020) const at JSCellInlines.h:302
1766             frame #7: JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(from=0x00007ffeefbbde30) at JSCast.h:36
1767             frame #8: JSC::asObject(cell=0x00007ffeefbbde30) at JSObject.h:1299
1768             frame #9: JSC::asObject(value=JSValue @ 0x00007ffeefbba380) at JSObject.h:1304
1769             frame #10: JSC::Register::object(this=0x00007ffeefbbdd58) const at JSObject.h:1514
1770             frame #11: JSC::ExecState::jsCallee(this=0x00007ffeefbbdd40) const at CallFrame.h:107
1771             frame #12: JSC::ExecState::isStackOverflowFrame(this=0x00007ffeefbbdd40) const at CallFrameInlines.h:36
1772             frame #13: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:52
1773             frame #14: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:41
1774             frame #15: void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>&, unsigned long, unsigned long)::$_3>(startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800, functor=0x00007ffeefbbaa60)::$_3 const&) at StackVisitor.h:147
1775             frame #16: JSC::Interpreter::getStackTrace(this=0x0000602000005db0, owner=0x000062d00020cbe0, results=0x00006020000249d0, framesToSkip=0, maxStackSize=1) at Interpreter.cpp:437
1776             frame #17: JSC::getStackTrace(exec=0x000062d00002c048, vm=0x0000631000000800, obj=0x000062d00020cbe0, useCurrentFrame=true) at Error.cpp:170
1777             frame #18: JSC::ErrorInstance::finishCreation(this=0x000062d00020cbe0, exec=0x000062d00002c048, vm=0x0000631000000800, message=0x00007ffeefbbb800, useCurrentFrame=true) at ErrorInstance.cpp:119
1778             frame #19: JSC::ErrorInstance::create(exec=0x000062d00002c048, vm=0x0000631000000800, structure=0x000062d0000f5730, message=0x00007ffeefbbb800, appender=0x0000000000000000, type=TypeNothing, useCurrentFrame=true)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool) at ErrorInstance.h:49
1779             frame #20: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800, appender=0x0000000000000000)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred)) at Error.cpp:68
1780             frame #21: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800) at Error.cpp:316
1781             frame #22: JSC::createStackOverflowError(exec=0x000062d00002c048, globalObject=0x000062d00002c000) at ExceptionHelpers.cpp:77
1782             frame #23: JSC::createStackOverflowError(exec=0x000062d00002c048) at ExceptionHelpers.cpp:72
1783             frame #24: JSC::throwStackOverflowError(exec=0x000062d00002c048, scope=0x00007ffeefbbbaa0) at ExceptionHelpers.cpp:335
1784             frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372
1785             frame #26: JSC::ProxyObject::getOwnPropertySlot(object=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbd40, slot=0x00007ffeefbbc720) at ProxyObject.cpp:395
1786             frame #27: JSC::JSObject::getNonIndexPropertySlot(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbea0, slot=0x00007ffeefbbc720) at JSObjectInlines.h:150
1787             frame #28: bool JSC::JSObject::getPropertySlot<false>(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbc320, slot=0x00007ffeefbbc720) at JSObject.h:1424
1788             frame #29: JSC::JSObject::calculatedClassName(object=0x000062d000200e40) at JSObject.cpp:535
1789             frame #30: JSC::Structure::toStructureShape(this=0x000062d000007410, value=JSValue @ 0x00007ffeefbbcae0, sawPolyProtoStructure=0x00007ffeefbbcf60) at Structure.cpp:1142
1790             frame #31: JSC::TypeProfilerLog::processLogEntries(this=0x000060400000a950, reason=0x00007ffeefbbd5c0) at TypeProfilerLog.cpp:89
1791             frame #32: JSC::JIT::doMainThreadPreparationBeforeCompile(this=0x0000619000034da0) at JIT.cpp:951
1792             frame #33: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:43
1793             frame #34: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:42
1794             frame #35: JSC::JITWorklist::compileLater(this=0x0000616000001b80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:256
1795             frame #36: JSC::LLInt::jitCompileAndSetHeuristics(codeBlock=0x000062d0001d88c0, exec=0x00007ffeefbbde30, loopOSREntryBytecodeOffset=0) at LLIntSlowPaths.cpp:391
1796             frame #37: llint_replace(exec=0x00007ffeefbbde30, pc=0x00006040000161ba) at LLIntSlowPaths.cpp:516
1797             frame #38: llint_entry at LowLevelInterpreter64.asm:98
1798             frame #39: vmEntryToJavaScript at LowLevelInterpreter64.asm:296
1799             ...
1800
1801         This crash occurred because StackVisitor was seeing an invalid topCallFrame while
1802         trying to capture the Error stack while throwing a StackOverflowError below
1803         llint_replace.  While in this specific example, it is questionable whether we
1804         should be executing JS code below TypeProfilerLog::processLogEntries(), it is
1805         correct to have set the topCallFrame in llint_replace.  We do this by calling
1806         LLINT_BEGIN_NO_SET_PC() at the top of llint_replace.
1807
1808         We also do the same for llint_osr.
1809         
1810         Note: both of these LLInt slow path functions are called with a fully initialized
1811         CallFrame.  Hence, there's no issue with setting topCallFrame to their CallFrames
1812         for these functions.
1813
1814         * llint/LLIntSlowPaths.cpp:
1815         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1816
1817 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
1818
1819         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
1820         https://bugs.webkit.org/show_bug.cgi?id=190836
1821
1822         Reviewed by Saam Barati.
1823
1824         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
1825         where we allocate a BigInt trusting the length received as argument.
1826         With this additional method, we now check if length passed to
1827         `JSBigInt::createWithLength` is not greater than JSBigInt::maxLength.
1828         When the length is greater than maxLength, we then throw OOM
1829         exception.
1830         This required change the interface of some JSBigInt operations to
1831         receive `ExecState*` instead of `VM&`. We changed only operations that
1832         can throw because of OOM.
1833         We beleive that this approach of throwing instead of finishing the
1834         execution abruptly is better because JS programs can catch such
1835         exception and handle this issue properly.
1836
1837         * dfg/DFGOperations.cpp:
1838         * jit/JITOperations.cpp:
1839         * runtime/CommonSlowPaths.cpp:
1840         (JSC::SLOW_PATH_DECL):
1841         * runtime/JSBigInt.cpp:
1842         (JSC::JSBigInt::createZero):
1843         (JSC::JSBigInt::tryCreateWithLength):
1844         (JSC::JSBigInt::createWithLengthUnchecked):
1845         (JSC::JSBigInt::createFrom):
1846         (JSC::JSBigInt::multiply):
1847         (JSC::JSBigInt::divide):
1848         (JSC::JSBigInt::copy):
1849         (JSC::JSBigInt::unaryMinus):
1850         (JSC::JSBigInt::remainder):
1851         (JSC::JSBigInt::add):
1852         (JSC::JSBigInt::sub):
1853         (JSC::JSBigInt::bitwiseAnd):
1854         (JSC::JSBigInt::bitwiseOr):
1855         (JSC::JSBigInt::bitwiseXor):
1856         (JSC::JSBigInt::absoluteAdd):
1857         (JSC::JSBigInt::absoluteSub):
1858         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
1859         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
1860         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
1861         (JSC::JSBigInt::absoluteBitwiseOp):
1862         (JSC::JSBigInt::absoluteAddOne):
1863         (JSC::JSBigInt::absoluteSubOne):
1864         (JSC::JSBigInt::toStringGeneric):
1865         (JSC::JSBigInt::rightTrim):
1866         (JSC::JSBigInt::allocateFor):
1867         (JSC::JSBigInt::createWithLength): Deleted.
1868         * runtime/JSBigInt.h:
1869         * runtime/Operations.cpp:
1870         (JSC::jsAddSlowCase):
1871         * runtime/Operations.h:
1872         (JSC::jsSub):
1873         (JSC::jsMul):
1874
1875 2018-11-12  Devin Rousso  <drousso@apple.com>
1876
1877         Web Inspector: Network: show secure certificate details per-request
1878         https://bugs.webkit.org/show_bug.cgi?id=191447
1879         <rdar://problem/30019476>
1880
1881         Reviewed by Joseph Pecoraro.
1882
1883         Add Security domain to hold security related protocol types.
1884
1885         * CMakeLists.txt:
1886         * DerivedSources.make:
1887         * inspector/protocol/Network.json:
1888         * inspector/protocol/Security.json: Added.
1889         * inspector/scripts/codegen/objc_generator.py:
1890         (ObjCGenerator):
1891
1892 2018-11-12  Saam barati  <sbarati@apple.com>
1893
1894         Unreviewed. Rollout 238026: It caused ~8% JetStream 2 regressions on some iOS devices
1895         https://bugs.webkit.org/show_bug.cgi?id=191555
1896
1897         * bytecode/UnlinkedFunctionExecutable.cpp:
1898         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1899         * bytecode/UnlinkedFunctionExecutable.h:
1900         * parser/SourceCodeKey.h:
1901         (JSC::SourceCodeKey::SourceCodeKey):
1902         (JSC::SourceCodeKey::operator== const):
1903         * runtime/CodeCache.cpp:
1904         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1905         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1906         * runtime/CodeCache.h:
1907         * runtime/FunctionConstructor.cpp:
1908         (JSC::constructFunctionSkippingEvalEnabledCheck):
1909         * runtime/FunctionExecutable.cpp:
1910         (JSC::FunctionExecutable::fromGlobalCode):
1911         * runtime/FunctionExecutable.h:
1912
1913 2018-11-11  Benjamin Poulain  <benjamin@webkit.org>
1914
1915         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
1916         https://bugs.webkit.org/show_bug.cgi?id=191492
1917
1918         Reviewed by Alex Christensen.
1919
1920         Rename file.
1921
1922         * API/JSValue.mm:
1923
1924 2018-11-10  Benjamin Poulain  <benjamin@webkit.org>
1925
1926         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
1927         https://bugs.webkit.org/show_bug.cgi?id=191492
1928
1929         Reviewed by Alex Christensen.
1930
1931         * API/JSValue.mm:
1932
1933 2018-11-10  Michael Catanzaro  <mcatanzaro@igalia.com>
1934
1935         Unreviewed, silence -Wunused-variable warning
1936
1937         * bytecode/Opcode.h:
1938         (JSC::padOpcodeName):
1939
1940 2018-11-09  Keith Rollin  <krollin@apple.com>
1941
1942         Unreviewed build fix after https://bugs.webkit.org/show_bug.cgi?id=191324
1943
1944         Remove the use of .xcfilelists until their side-effects are better
1945         understood.
1946
1947         * JavaScriptCore.xcodeproj/project.pbxproj:
1948
1949 2018-11-09  Keith Miller  <keith_miller@apple.com>
1950
1951         LLInt VectorSizeOffset should be based on offset extraction
1952         https://bugs.webkit.org/show_bug.cgi?id=191468
1953
1954         Reviewed by Yusuke Suzuki.
1955
1956         This patch also adds some usings to LLIntOffsetsExtractor that
1957         make it possible to use the bare names of Vector/RefCountedArray
1958         in offsets extraction.
1959
1960         * llint/LLIntOffsetsExtractor.cpp:
1961         * llint/LowLevelInterpreter.asm:
1962
1963 2018-11-09  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1964
1965         Unreviewed, rolling in CodeCache in r237254
1966         https://bugs.webkit.org/show_bug.cgi?id=190340
1967
1968         Land the CodeCache part, which uses DefaultHash<>::Hash instead of computeHash.
1969
1970         * bytecode/UnlinkedFunctionExecutable.cpp:
1971         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1972         * bytecode/UnlinkedFunctionExecutable.h:
1973         * parser/SourceCodeKey.h:
1974         (JSC::SourceCodeKey::SourceCodeKey):
1975         (JSC::SourceCodeKey::operator== const):
1976         * runtime/CodeCache.cpp:
1977         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1978         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1979         * runtime/CodeCache.h:
1980         * runtime/FunctionConstructor.cpp:
1981         (JSC::constructFunctionSkippingEvalEnabledCheck):
1982         * runtime/FunctionExecutable.cpp:
1983         (JSC::FunctionExecutable::fromGlobalCode):
1984         * runtime/FunctionExecutable.h:
1985
1986 2018-11-08  Keith Miller  <keith_miller@apple.com>
1987
1988         put_by_val opcodes need to add the number tag as a 64-bit register
1989         https://bugs.webkit.org/show_bug.cgi?id=191456
1990
1991         Reviewed by Saam Barati.
1992
1993         Previously the LLInt would add it as a pointer sized value. That is
1994         wrong if pointer size is less 64-bits.
1995
1996         * llint/LowLevelInterpreter64.asm:
1997
1998 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
1999
2000         [JSC] isStrWhiteSpace seems redundant with Lexer<UChar>::isWhiteSpace
2001         https://bugs.webkit.org/show_bug.cgi?id=191439
2002
2003         Reviewed by Saam Barati.
2004
2005         * CMakeLists.txt:
2006         * runtime/ParseInt.h:
2007         (JSC::isStrWhiteSpace):
2008         Define isStrWhiteSpace in terms of isWhiteSpace and isLineTerminator.
2009
2010 2018-11-08  Michael Saboff  <msaboff@apple.com>
2011
2012         Options::useRegExpJIT() should use jitEnabledByDefault() just like useJIT()
2013         https://bugs.webkit.org/show_bug.cgi?id=191444
2014
2015         Reviewed by Saam Barati.
2016
2017         * runtime/Options.h:
2018
2019 2018-11-08  Fujii Hironori  <Hironori.Fujii@sony.com>
2020
2021         [Win] UDis86Disassembler.cpp: warning: format specifies type 'unsigned long' but the argument has type 'uintptr_t' (aka 'unsigned long long')
2022         https://bugs.webkit.org/show_bug.cgi?id=191416
2023
2024         Reviewed by Saam Barati.
2025
2026         * disassembler/UDis86Disassembler.cpp:
2027         (JSC::tryToDisassembleWithUDis86): Use PRIxPTR for uintptr_t.
2028
2029 2018-11-08  Keith Rollin  <krollin@apple.com>
2030
2031         Create .xcfilelist files
2032         https://bugs.webkit.org/show_bug.cgi?id=191324
2033         <rdar://problem/45852819>
2034
2035         Reviewed by Alex Christensen.
2036
2037         As part of preparing for enabling XCBuild, create and use .xcfilelist
2038         files. These files are using during Run Script build phases in an
2039         Xcode project. If a Run Script build phase produces new files that are
2040         used later as inputs to subsequent build phases, XCBuild needs to know
2041         about these files. These files can be either specified in an "output
2042         files" section of the Run Script phase editor, or in .xcfilelist files
2043         that are associated with the Run Script build phase.
2044
2045         This patch takes the second approach. It consists of three sets of changes:
2046
2047         - Modify the DerivedSources.make files to have a
2048           'print_all_generated_files" target that produces a list of the files
2049           they create.
2050
2051         - Create a shell script that produces .xcfilelist files from the
2052           output of the previous step, as well as for the files created in the
2053           Generate Unified Sources build steps.
2054
2055         - Add the new .xcfilelist files to the associated projects.
2056
2057         Note that, with these changes, the Xcode workspace and projects can no
2058         longer be fully loaded into Xcode 9. Xcode will attempt to load the
2059         projects that have .xcfilelist files associated with them, but will
2060         fail and display a placeholder for those projects instead. It's
2061         expected that all developers are using Xcode 10 by now and that not
2062         being able to load into Xcode 9 is not a practical issue. Keep in mind
2063         that this is strictly an IDE issue, and that the projects can still be
2064         built with `xcodebuild`.
2065
2066         Also note that the shell script that creates the .xcfilelist files can
2067         also be used to verify that the set of files that's currently checked
2068         in is up-to-date. This checking can be used as part of a check-in hook
2069         or part of check-webkit-style to sooner catch cases where the
2070         .xcfilelist files need to be regenerated.
2071
2072         * DerivedSources.make:
2073         * DerivedSources.xcfilelist: Added.
2074         * JavaScriptCore.xcodeproj/project.pbxproj:
2075         * UnifiedSources.xcfilelist: Added.
2076
2077 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
2078
2079         U+180E is no longer a whitespace character
2080         https://bugs.webkit.org/show_bug.cgi?id=191415
2081
2082         Reviewed by Saam Barati.
2083
2084         Mongolian Vowel Separator stopped being a valid whitespace character as of ES2016.
2085         (https://github.com/tc39/ecma262/pull/300)
2086
2087         * parser/Lexer.h:
2088         (JSC::Lexer<UChar>::isWhiteSpace):
2089         * runtime/ParseInt.h:
2090         (JSC::isStrWhiteSpace):
2091         * yarr/create_regex_tables:
2092
2093 2018-11-08  Keith Miller  <keith_miller@apple.com>
2094
2095         jitEnabledByDefault() should be on useJIT not useBaselineJIT
2096         https://bugs.webkit.org/show_bug.cgi?id=191434
2097
2098         Reviewed by Saam Barati.
2099
2100         * runtime/Options.h:
2101
2102 2018-11-08  Joseph Pecoraro  <pecoraro@apple.com>
2103
2104         Web Inspector: Restrict domains at the target level instead of only at the window level
2105         https://bugs.webkit.org/show_bug.cgi?id=191344
2106
2107         Reviewed by Devin Rousso.
2108
2109         * inspector/protocol/Console.json:
2110         * inspector/protocol/Debugger.json:
2111         * inspector/protocol/Heap.json:
2112         * inspector/protocol/Runtime.json:
2113         Remove workerSupported as it is now no longer necessary. It is implied
2114         by availability being empty (meaning it is supported everywhere).
2115
2116         * inspector/protocol/Inspector.json:
2117         * inspector/protocol/ScriptProfiler.json:
2118         Restrict to "javascript" and "web" debuggables, not available in workers.
2119
2120         * inspector/protocol/Worker.json:
2121         Cleanup, remove empty types list.
2122         
2123         * inspector/protocol/Recording.json:
2124         Cleanup, only expose this in the "web" domain for now.
2125
2126         * inspector/scripts/codegen/generate_js_backend_commands.py:
2127         (JSBackendCommandsGenerator.generate_domain):
2128         * inspector/scripts/codegen/models.py:
2129         (Protocol.parse_domain):
2130         Allow a list of debuggable types. Add "worker" even though it is unused
2131         since that is a type we would want to allow or consider.
2132
2133         (Domain.__init__):
2134         (Domains):
2135         Remove now unnecessary workerSupported code.
2136         Allow availability on a domain with only types.
2137
2138         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Removed.
2139         * inspector/scripts/tests/generic/worker-supported-domains.json: Removed.
2140
2141 2018-11-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2142
2143         Consider removing double load for accessing the MetadataTable from LLInt
2144         https://bugs.webkit.org/show_bug.cgi?id=190933
2145
2146         Reviewed by Keith Miller.
2147
2148         This patch removes double load for accesses to MetadataTable from LLInt.
2149         MetadataTable is now specially RefCounted class, which has interesting memory layout.
2150         When refcount becomes 0, MetadataTable asks UnlinkedMetadataTable to destroy itself.
2151
2152         * bytecode/CodeBlock.cpp:
2153         (JSC::CodeBlock::finishCreation):
2154         (JSC::CodeBlock::estimatedSize):
2155         (JSC::CodeBlock::visitChildren):
2156         * bytecode/CodeBlock.h:
2157         (JSC::CodeBlock::metadata):
2158         * bytecode/CodeBlockInlines.h:
2159         (JSC::CodeBlock::forEachValueProfile):
2160         (JSC::CodeBlock::forEachArrayProfile):
2161         (JSC::CodeBlock::forEachArrayAllocationProfile):
2162         (JSC::CodeBlock::forEachObjectAllocationProfile):
2163         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2164         * bytecode/MetadataTable.cpp:
2165         (JSC::MetadataTable::MetadataTable):
2166         (JSC::MetadataTable::~MetadataTable):
2167         (JSC::MetadataTable::sizeInBytes):
2168         * bytecode/MetadataTable.h:
2169         (JSC::MetadataTable::get):
2170         (JSC::MetadataTable::forEach):
2171         (JSC::MetadataTable::ref const):
2172         (JSC::MetadataTable::deref const):
2173         (JSC::MetadataTable::refCount const):
2174         (JSC::MetadataTable::hasOneRef const):
2175         (JSC::MetadataTable::buffer):
2176         (JSC::MetadataTable::linkingData const):
2177         (JSC::MetadataTable::getImpl):
2178         * bytecode/UnlinkedMetadataTable.h:
2179         (JSC::UnlinkedMetadataTable::buffer const):
2180         * bytecode/UnlinkedMetadataTableInlines.h:
2181         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
2182         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
2183         (JSC::UnlinkedMetadataTable::addEntry):
2184         (JSC::UnlinkedMetadataTable::sizeInBytes):
2185         (JSC::UnlinkedMetadataTable::finalize):
2186         (JSC::UnlinkedMetadataTable::link):
2187         (JSC::UnlinkedMetadataTable::unlink):
2188         * llint/LowLevelInterpreter.asm:
2189         * llint/LowLevelInterpreter32_64.asm:
2190
2191 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
2192
2193         [BigInt] Add support to BigInt into ValueAdd
2194         https://bugs.webkit.org/show_bug.cgi?id=186177
2195
2196         Reviewed by Keith Miller.
2197
2198         We are adding a very primitive specialization case of BigInts into ValueAdd.
2199         When compiling a speculated version of this node to BigInt, we are currently
2200         calling 'operationAddBigInt', a function that expects only BigInts as
2201         parameter and effectly add numbers using JSBigInt::add. To properly
2202         speculate BigInt operands, we changed ArithProfile to observe when
2203         its result is a BigInt. With this new observation, we are able to identify
2204         when ValueAdd results into a String or BigInt.
2205
2206         Here are some numbers for this specialization running
2207         microbenchmarks:
2208
2209         big-int-simple-add                   21.5411+-1.1096  ^  15.3502+-0.7027  ^ definitely 1.4033x faster
2210         big-int-add-prediction-propagation   13.7762+-0.5578  ^  10.8117+-0.5330  ^ definitely 1.2742x faster
2211
2212         * bytecode/ArithProfile.cpp:
2213         (JSC::ArithProfile::emitObserveResult):
2214         (JSC::ArithProfile::shouldEmitSetNonNumeric const):
2215         (JSC::ArithProfile::shouldEmitSetBigInt const):
2216         (JSC::ArithProfile::emitSetNonNumeric const):
2217         (JSC::ArithProfile::emitSetBigInt const):
2218         (WTF::printInternal):
2219         (JSC::ArithProfile::shouldEmitSetNonNumber const): Deleted.
2220         (JSC::ArithProfile::emitSetNonNumber const): Deleted.
2221         * bytecode/ArithProfile.h:
2222         (JSC::ArithProfile::observedUnaryInt):
2223         (JSC::ArithProfile::observedUnaryNumber):
2224         (JSC::ArithProfile::observedBinaryIntInt):
2225         (JSC::ArithProfile::observedBinaryNumberInt):
2226         (JSC::ArithProfile::observedBinaryIntNumber):
2227         (JSC::ArithProfile::observedBinaryNumberNumber):
2228         (JSC::ArithProfile::didObserveNonInt32 const):
2229         (JSC::ArithProfile::didObserveNonNumeric const):
2230         (JSC::ArithProfile::didObserveBigInt const):
2231         (JSC::ArithProfile::setObservedNonNumeric):
2232         (JSC::ArithProfile::setObservedBigInt):
2233         (JSC::ArithProfile::observeResult):
2234         (JSC::ArithProfile::didObserveNonNumber const): Deleted.
2235         (JSC::ArithProfile::setObservedNonNumber): Deleted.
2236         * dfg/DFGByteCodeParser.cpp:
2237         (JSC::DFG::ByteCodeParser::makeSafe):
2238         * dfg/DFGFixupPhase.cpp:
2239         (JSC::DFG::FixupPhase::fixupNode):
2240         * dfg/DFGNode.h:
2241         (JSC::DFG::Node::mayHaveNonNumericResult):
2242         (JSC::DFG::Node::mayHaveBigIntResult):
2243         (JSC::DFG::Node::mayHaveNonNumberResult): Deleted.
2244         * dfg/DFGNodeFlags.cpp:
2245         (JSC::DFG::dumpNodeFlags):
2246         * dfg/DFGNodeFlags.h:
2247         * dfg/DFGOperations.cpp:
2248         * dfg/DFGOperations.h:
2249         * dfg/DFGPredictionPropagationPhase.cpp:
2250         * dfg/DFGSpeculativeJIT.cpp:
2251         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2252         * ftl/FTLLowerDFGToB3.cpp:
2253         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2254         * runtime/CommonSlowPaths.cpp:
2255         (JSC::updateArithProfileForUnaryArithOp):
2256         (JSC::updateArithProfileForBinaryArithOp):
2257
2258 2018-11-07  Joseph Pecoraro  <pecoraro@apple.com>
2259
2260         Web Inspector: Fix "Javascript" => "JavaScript" enum in protocol generated objects
2261         https://bugs.webkit.org/show_bug.cgi?id=191340
2262
2263         Reviewed by Devin Rousso.
2264
2265         * inspector/ConsoleMessage.cpp:
2266         (Inspector::messageSourceValue):
2267         Use new enum name.
2268
2269         * inspector/scripts/codegen/generator.py:
2270         Correct the casing of "JavaScript".
2271
2272 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
2273
2274         Align wide opcodes in the instruction stream
2275         https://bugs.webkit.org/show_bug.cgi?id=191254
2276
2277         Reviewed by Keith Miller.
2278
2279         Pad the bytecode with nops to ensure that wide opcodes are 4-byte
2280         aligned on platforms that don't like unaligned memory access.
2281
2282         For that, add a new type to represent jump targets, BoundLabel, which
2283         delays computing the offset in case we need to emit nops for padding.
2284         Extra padding is also emitted before op_yield and at the of each
2285         BytecodeWriter fragment, to ensure that the bytecode remains aligned
2286         after the rewriting.
2287
2288         As a side effect, we can longer guarantee that the point immediately
2289         before emitting an opcode is the start of that opcode, since nops
2290         might be emitted in between if the opcode needs to be wide. To fix
2291         that, we only take the offset of opcodes after they have been emitted,
2292         using `m_lastInstruction.offset()`.
2293
2294         * bytecode/BytecodeDumper.h:
2295         (JSC::BytecodeDumper::dumpValue):
2296         * bytecode/BytecodeGeneratorification.cpp:
2297         (JSC::BytecodeGeneratorification::run):
2298         * bytecode/BytecodeList.rb:
2299         * bytecode/BytecodeRewriter.h:
2300         (JSC::BytecodeRewriter::Fragment::align):
2301         (JSC::BytecodeRewriter::insertFragmentBefore):
2302         (JSC::BytecodeRewriter::insertFragmentAfter):
2303         * bytecode/Fits.h:
2304         * bytecode/InstructionStream.h:
2305         (JSC::InstructionStreamWriter::ref):
2306         * bytecode/PreciseJumpTargetsInlines.h:
2307         (JSC::updateStoredJumpTargetsForInstruction):
2308         * bytecompiler/BytecodeGenerator.cpp:
2309         (JSC::Label::setLocation):
2310         (JSC::BoundLabel::target):
2311         (JSC::BoundLabel::saveTarget):
2312         (JSC::BoundLabel::commitTarget):
2313         (JSC::BytecodeGenerator::generate):
2314         (JSC::BytecodeGenerator::recordOpcode):
2315         (JSC::BytecodeGenerator::alignWideOpcode):
2316         (JSC::BytecodeGenerator::emitProfileControlFlow):
2317         (JSC::BytecodeGenerator::emitResolveScope):
2318         (JSC::BytecodeGenerator::emitGetFromScope):
2319         (JSC::BytecodeGenerator::emitPutToScope):
2320         (JSC::BytecodeGenerator::emitGetById):
2321         (JSC::BytecodeGenerator::emitDirectGetById):
2322         (JSC::BytecodeGenerator::emitPutById):
2323         (JSC::BytecodeGenerator::emitDirectPutById):
2324         (JSC::BytecodeGenerator::emitGetByVal):
2325         (JSC::BytecodeGenerator::emitCreateThis):
2326         (JSC::BytecodeGenerator::beginSwitch):
2327         (JSC::BytecodeGenerator::endSwitch):
2328         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2329         (JSC::BytecodeGenerator::emitYieldPoint):
2330         (JSC::BytecodeGenerator::emitToThis):
2331         (JSC::Label::bind): Deleted.
2332         * bytecompiler/BytecodeGenerator.h:
2333         (JSC::BytecodeGenerator::recordOpcode): Deleted.
2334         * bytecompiler/Label.h:
2335         (JSC::BoundLabel::BoundLabel):
2336         (JSC::BoundLabel::operator int):
2337         (JSC::Label::bind):
2338         * generator/Opcode.rb:
2339
2340 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
2341
2342         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
2343         https://bugs.webkit.org/show_bug.cgi?id=191184
2344
2345         Reviewed by Saam Barati.
2346
2347         Fix API test on CLoop: we can only disable the LLInt when the JIT is enabled.
2348
2349         * API/tests/PingPongStackOverflowTest.cpp:
2350         (testPingPongStackOverflow):
2351
2352 2018-11-06  Justin Fan  <justin_fan@apple.com>
2353
2354         [WebGPU] Experimental prototype for WebGPURenderPipeline and WebGPUSwapChain
2355         https://bugs.webkit.org/show_bug.cgi?id=191291
2356
2357         Reviewed by Myles Maxfield.
2358
2359         Properly disable WEBGPU on all non-Metal platforms for now.
2360
2361         * Configurations/FeatureDefines.xcconfig:
2362
2363 2018-11-06  Keith Rollin  <krollin@apple.com>
2364
2365         Adjust handling of Include paths that need quoting
2366         https://bugs.webkit.org/show_bug.cgi?id=191314
2367         <rdar://problem/45849143>
2368
2369         Reviewed by Dan Bernstein.
2370
2371         There are several places in the JavaScriptCore Xcode project where the
2372         paths defined in HEADER_SEARCH_PATHS are quoted. That is, the
2373         definitions look like:
2374
2375             HEADER_SEARCH_PATHS = (
2376                 "\"${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore\"",
2377                 "\"${BUILT_PRODUCTS_DIR}/LLIntOffsets/${ARCHS}\"",
2378                 "\"$(JAVASCRIPTCORE_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders\"",
2379                 "$(inherited)",
2380             );
2381
2382         The idea here is presumably to have the resulting $(CPP) command have
2383         -I options where the associated paths are themselves quoted,
2384         protecting against space characters in the paths.
2385
2386         This approach to quote management can break under Xcode 9. If
2387         .xcfilelist files are added to the project, the 'objectVersion' value
2388         in the Xcode project file is changed from 46 to 51. If a project with
2389         objectVersion=51 is presented to Xcode 9 (as can happen when we build
2390         for older OS's), it produces build lines where the quotes are escaped,
2391         thereby becoming part of the path. The build then fails because a
2392         search for a file normally found in a directory called "Foo" will be
2393         looked for in "\"Foo\"", which doesn't exist.
2394
2395         Simply removing the escaped quotes from the HEADER_SEARCH_PATHS
2396         definition doesn't work, leading to paths that need quoting due to
2397         space characters but that don't get this quoting (the part of the path
2398         after the space appears to simply go missing).
2399
2400         Removing the escaped quotes from the HEADER_SEARCH_PATHS and moving
2401         the definitions to the .xcconfig fixes this problem.
2402
2403         * Configurations/ToolExecutable.xcconfig:
2404         * JavaScriptCore.xcodeproj/project.pbxproj:
2405
2406 2018-11-06  Michael Saboff  <msaboff@apple.com>
2407
2408         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
2409         https://bugs.webkit.org/show_bug.cgi?id=191271
2410
2411         Reviewed by Saam Barati.
2412
2413         Fixed use of ThrowScope my adding release() calls.  Found a few places where we needed
2414         RETURN_IF_EXCEPTION().  After some code inspections determined that we need to cover the
2415         exception bubbling for String.match() with a global RegExp as well as String.replace()
2416         and String.search().
2417
2418         * runtime/RegExpObjectInlines.h:
2419         (JSC::RegExpObject::matchInline):
2420         (JSC::collectMatches):
2421         * runtime/RegExpPrototype.cpp:
2422         (JSC::regExpProtoFuncSearchFast):
2423         * runtime/StringPrototype.cpp:
2424         (JSC::removeUsingRegExpSearch):
2425         (JSC::replaceUsingRegExpSearch):
2426
2427 2018-11-05  Don Olmstead  <don.olmstead@sony.com>
2428
2429         Fix typos in closing ENABLE guards
2430         https://bugs.webkit.org/show_bug.cgi?id=191273
2431
2432         Reviewed by Keith Miller.
2433
2434         * ftl/FTLForOSREntryJITCode.h:
2435         * ftl/FTLJITCode.h:
2436         * jsc.cpp:
2437         * wasm/WasmMemoryInformation.h:
2438         * wasm/WasmPageCount.h:
2439
2440 2018-11-05  Keith Miller  <keith_miller@apple.com>
2441
2442         Make static_asserts in APICast into bitwise_cast
2443         https://bugs.webkit.org/show_bug.cgi?id=191272
2444
2445         Reviewed by Filip Pizlo.
2446
2447         * API/APICast.h:
2448         (toJS):
2449         (toJSForGC):
2450         (toRef):
2451
2452 2018-11-05  Dominik Infuehr  <dinfuehr@igalia.com>
2453
2454         Enable LLInt on ARMv7/Linux
2455         https://bugs.webkit.org/show_bug.cgi?id=191190
2456
2457         Reviewed by Yusuke Suzuki.
2458
2459         After enabling the new bytecode format in r237547, C_LOOP was
2460         forced on all 32-bit platforms. Now enable LLInt again on
2461         ARMv7-Thumb2/Linux.
2462
2463         This adds a callee-saved register in ARMv7/Linux for the metadataTable and
2464         stores/restores it on LLInt function calls. It also introduces the globaladdr-
2465         instruction for the ARM-offlineasm to access the opcode-table.
2466
2467         * jit/GPRInfo.h:
2468         * jit/RegisterSet.cpp:
2469         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2470         * llint/LowLevelInterpreter.asm:
2471         * llint/LowLevelInterpreter32_64.asm:
2472         * offlineasm/arm.rb:
2473         * offlineasm/asm.rb:
2474         * offlineasm/instructions.rb:
2475
2476 2018-11-05  Fujii Hironori  <Hironori.Fujii@sony.com>
2477
2478         [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class"
2479         https://bugs.webkit.org/show_bug.cgi?id=191146
2480
2481         Reviewed by Yusuke Suzuki.
2482
2483         * jit/JIT.h: Changed is64BitType from a template class method to a
2484         template inner class.
2485
2486 2018-11-02  Keith Miller  <keith_miller@apple.com>
2487
2488         Assert JSValues can fit into a pointer when API casting
2489         https://bugs.webkit.org/show_bug.cgi?id=191220
2490
2491         Reviewed by Michael Saboff.
2492
2493         * API/APICast.h:
2494         (toJS):
2495         (toJSForGC):
2496         (toRef):
2497
2498 2018-11-02  Michael Saboff  <msaboff@apple.com>
2499
2500         Rolling in r237753 with unreviewed build fix.
2501
2502         Fixed issues with DECLARE_THROW_SCOPE placement.
2503
2504 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
2505
2506         Unreviewed, rolling out r237753.
2507
2508         Introduced JSC test failures
2509
2510         Reverted changeset:
2511
2512         "Running out of stack space not properly handled in
2513         RegExp::compile() and its callers"
2514         https://bugs.webkit.org/show_bug.cgi?id=191206
2515         https://trac.webkit.org/changeset/237753
2516
2517 2018-11-02  Michael Saboff  <msaboff@apple.com>
2518
2519         Running out of stack space not properly handled in RegExp::compile() and its callers
2520         https://bugs.webkit.org/show_bug.cgi?id=191206
2521
2522         Reviewed by Filip Pizlo.
2523
2524         Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
2525         up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
2526         to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.
2527
2528         * runtime/RegExp.cpp:
2529         (JSC::RegExp::compile):
2530         (JSC::RegExp::compileMatchOnly):
2531         * runtime/RegExp.h:
2532         * runtime/RegExpInlines.h:
2533         (JSC::RegExp::compileIfNecessary):
2534         (JSC::RegExp::matchInline):
2535         (JSC::RegExp::compileIfNecessaryMatchOnly):
2536         * runtime/RegExpObjectInlines.h:
2537         (JSC::RegExpObject::execInline):
2538         * yarr/YarrErrorCode.h:
2539         (JSC::Yarr::hasHardError):
2540
2541 2018-11-02  Keith Miller  <keith_miller@apple.com>
2542
2543         API should use wrapper object if address is 32-bit
2544         https://bugs.webkit.org/show_bug.cgi?id=191203
2545
2546         Reviewed by Filip Pizlo.
2547
2548         * API/APICast.h:
2549         (toJS):
2550         (toJSForGC):
2551         (toRef):
2552
2553 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
2554
2555         Metadata should not be copyable
2556         https://bugs.webkit.org/show_bug.cgi?id=191193
2557
2558         Reviewed by Keith Miller.
2559
2560         We should only ever hold references to the entry in the metadata table.
2561
2562         * bytecode/CodeBlock.cpp:
2563         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2564         * dfg/DFGByteCodeParser.cpp:
2565         (JSC::DFG::ByteCodeParser::parseBlock):
2566         * generator/Metadata.rb:
2567
2568 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
2569
2570         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
2571         https://bugs.webkit.org/show_bug.cgi?id=191175
2572
2573         Reviewed by Keith Miller.
2574
2575         https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled
2576
2577         * jit/JITExceptions.cpp:
2578         (JSC::genericUnwind):
2579         * llint/LLIntData.h:
2580         (JSC::LLInt::getWideCodePtr):
2581
2582 2018-11-01  Fujii Hironori  <Hironori.Fujii@sony.com>
2583
2584         Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h
2585         https://bugs.webkit.org/show_bug.cgi?id=189693
2586
2587         Reviewed by Yusuke Suzuki.
2588
2589         * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>.
2590         * API/JSStringRef.cpp: Ditto.
2591         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
2592         * wasm/WasmParser.h: Ditto.
2593
2594 2018-11-01  Keith Miller  <keith_miller@apple.com>
2595
2596         Unreviewed, JavaScriptCore should only guarantee to produce a
2597         modulemap if we are building for iOSMac.
2598
2599         * Configurations/JavaScriptCore.xcconfig:
2600
2601 2018-10-31  Devin Rousso  <drousso@apple.com>
2602
2603         Web Inspector: Canvas: create a setting for auto-recording newly created contexts
2604         https://bugs.webkit.org/show_bug.cgi?id=190856
2605
2606         Reviewed by Brian Burg.
2607
2608         * inspector/protocol/Canvas.json:
2609         Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record
2610         immediately after a context is created.
2611
2612         * inspector/protocol/Recording.json:
2613         Add `creation` value for `Initiator` enum.
2614
2615 2018-10-31  Devin Rousso  <drousso@apple.com>
2616
2617         Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls
2618         https://bugs.webkit.org/show_bug.cgi?id=190641
2619         <rdar://problem/45319049>
2620
2621         Reviewed by Joseph Pecoraro.
2622
2623         * inspector/protocol/DOM.json:
2624         Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine
2625         whether a video element's low power state has changed.
2626
2627 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
2628
2629         Adjust inlining threshold for new bytecode format
2630         https://bugs.webkit.org/show_bug.cgi?id=191115
2631
2632         Reviewed by Saam Barati.
2633
2634         The new format reduced the number of operands for many opcodes, which
2635         changed inlining decisions and impacted performance negatively.
2636
2637         * runtime/Options.h:
2638
2639 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
2640
2641         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
2642         https://bugs.webkit.org/show_bug.cgi?id=191108
2643         <rdar://problem/45690700>
2644
2645         Reviewed by Saam Barati.
2646
2647         When linking the handler, we need to check whether the target op_catch is
2648         wide or narrow in order to chose the right code pointer for the handler.
2649
2650         * bytecode/CodeBlock.cpp:
2651         (JSC::CodeBlock::finishCreation):
2652
2653 2018-10-31  Dominik Infuehr  <dinfuehr@igalia.com>
2654
2655         Align entries in metadata table
2656         https://bugs.webkit.org/show_bug.cgi?id=191062
2657
2658         Reviewed by Filip Pizlo.
2659
2660         Entries in the metadata table need to be aligned on some 32-bit
2661         architectures.
2662
2663         * bytecode/MetadataTable.h:
2664         (JSC::MetadataTable::forEach):
2665         * bytecode/Opcode.cpp:
2666         (JSC::metadataAlignment):
2667         * bytecode/Opcode.h:
2668         * bytecode/UnlinkedMetadataTableInlines.h:
2669         (JSC::UnlinkedMetadataTable::finalize):
2670         * generator/Section.rb:
2671
2672 2018-10-31  Jim Mason  <jmason@ibinx.com>
2673
2674         Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp
2675         https://bugs.webkit.org/show_bug.cgi?id=191063
2676
2677         Reviewed by Yusuke Suzuki.
2678
2679         * wasm/WasmFaultSignalHandler.cpp:
2680
2681 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2682
2683         [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions
2684         https://bugs.webkit.org/show_bug.cgi?id=191092
2685
2686         Reviewed by Saam Barati.
2687
2688         Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the
2689         following things to tighten LLInt ASM code.
2690
2691         1. Remove unnecessary load instructions. Use jmp with BaseIndex directly.
2692         2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical
2693         since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is
2694         a power of two, we convert it to lshift instruction.
2695
2696         * llint/LowLevelInterpreter32_64.asm:
2697         * llint/LowLevelInterpreter64.asm:
2698         * offlineasm/arm64.rb:
2699         * offlineasm/instructions.rb:
2700         * offlineasm/x86.rb:
2701
2702 2018-10-30  Don Olmstead  <don.olmstead@sony.com>
2703
2704         [PlayStation] Enable JavaScriptCore
2705         https://bugs.webkit.org/show_bug.cgi?id=191072
2706
2707         Reviewed by Brent Fulgham.
2708
2709         Add platform files for the PlayStation port.
2710
2711         * PlatformPlayStation.cmake: Added.
2712
2713 2018-10-30  Alexey Proskuryakov  <ap@apple.com>
2714
2715         Clean up some obsolete MAX_ALLOWED macros
2716         https://bugs.webkit.org/show_bug.cgi?id=190916
2717
2718         Reviewed by Tim Horton.
2719
2720         * API/JSManagedValue.mm:
2721         * API/JSVirtualMachine.mm:
2722         * API/JSWrapperMap.mm:
2723
2724 2018-10-30  Ross Kirsling  <ross.kirsling@sony.com>
2725
2726         useProbeOSRExit causes failures for Win64 DFG JIT
2727         https://bugs.webkit.org/show_bug.cgi?id=190656
2728
2729         Reviewed by Keith Miller.
2730
2731         * assembler/ProbeContext.cpp:
2732         (JSC::Probe::executeProbe):
2733         If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
2734         then let's just call lowWatermarkFromVisitingDirtyPages instead.
2735
2736         * dfg/DFGOSRExit.cpp:
2737         (JSC::DFG::OSRExit::executeOSRExit):
2738         The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
2739         mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
2740         (Also, stop redundantly setting the stack pointer twice in a row.)
2741
2742 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2743
2744         "Unreviewed, partial rolling in r237254"
2745         https://bugs.webkit.org/show_bug.cgi?id=190340
2746
2747         This only adds Parser.{cpp,h}. And it is not used in this patch.
2748         It examines that the regression is related to exact Parser changes.
2749
2750         * parser/Parser.cpp:
2751         (JSC::Parser<LexerType>::parseInner):
2752         (JSC::Parser<LexerType>::parseSingleFunction):
2753         (JSC::Parser<LexerType>::parseFunctionInfo):
2754         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2755         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
2756         * parser/Parser.h:
2757         (JSC::Parser<LexerType>::parse):
2758         (JSC::parse):
2759         (JSC::parseFunctionForFunctionConstructor):
2760
2761 2018-10-29  Mark Lam  <mark.lam@apple.com>
2762
2763         Correctly detect string overflow when using the 'Function' constructor.
2764         https://bugs.webkit.org/show_bug.cgi?id=184883
2765         <rdar://problem/36320331>
2766
2767         Reviewed by Saam Barati.
2768
2769         Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if
2770         we detect an overflow.
2771
2772         * runtime/FunctionConstructor.cpp:
2773         (JSC::constructFunctionSkippingEvalEnabledCheck):
2774         * runtime/JSGlobalObjectFunctions.cpp:
2775         (JSC::encode):
2776         (JSC::decode):
2777         * runtime/JSONObject.cpp:
2778         (JSC::Stringifier::stringify):
2779         (JSC::Stringifier::appendStringifiedValue):
2780
2781 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2782
2783         Unreviewed, fix JSC on arm64e after r237547
2784         https://bugs.webkit.org/show_bug.cgi?id=187373
2785
2786         Unreviewed.
2787
2788         Remove unused move guarded by POINTER_PROFILING that was trashing the
2789         metadata on arm64e.
2790
2791         * llint/LowLevelInterpreter64.asm:
2792
2793 2018-10-29  Keith Miller  <keith_miller@apple.com>
2794
2795         JSC should explicitly list its modulemap file
2796         https://bugs.webkit.org/show_bug.cgi?id=191032
2797
2798         Reviewed by Saam Barati.
2799
2800         The automagically generated module map file for JSC will
2801         include headers where they may not work out of the box.
2802         This patch makes it so we now export the same modulemap
2803         that used to be provided via the legacy system.
2804
2805         * Configurations/JavaScriptCore.xcconfig:
2806         * JavaScriptCore.modulemap: Added.
2807         * JavaScriptCore.xcodeproj/project.pbxproj:
2808
2809 2018-10-29  Tim Horton  <timothy_horton@apple.com>
2810
2811         Modernize WebKit nibs and lprojs for localization's sake
2812         https://bugs.webkit.org/show_bug.cgi?id=190911
2813         <rdar://problem/45349466>
2814
2815         Reviewed by Dan Bernstein.
2816
2817         * JavaScriptCore.xcodeproj/project.pbxproj:
2818         English->en
2819
2820 2018-10-29  Commit Queue  <commit-queue@webkit.org>
2821
2822         Unreviewed, rolling out r237492.
2823         https://bugs.webkit.org/show_bug.cgi?id=191035
2824
2825         "It regresses JetStream 2 by 5% on some iOS devices"
2826         (Requested by saamyjoon on #webkit).
2827
2828         Reverted changeset:
2829
2830         "Unreviewed, partial rolling in r237254"
2831         https://bugs.webkit.org/show_bug.cgi?id=190340
2832         https://trac.webkit.org/changeset/237492
2833
2834 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2835
2836         Add support for GetStack FlushedDouble
2837         https://bugs.webkit.org/show_bug.cgi?id=191012
2838         <rdar://problem/45265141>
2839
2840         Reviewed by Saam Barati.
2841
2842         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
2843         for doubles, but it turns out it may arise from the PutStack sinking
2844         phase: if we sink a PutStack into a successor block, other predecessors
2845         will emit a GetStack followed by a Upsilon.
2846
2847         * ftl/FTLLowerDFGToB3.cpp:
2848         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
2849
2850 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
2851
2852         New bytecode format for JSC
2853         https://bugs.webkit.org/show_bug.cgi?id=187373
2854         <rdar://problem/44186758>
2855
2856         Reviewed by Filip Pizlo.
2857
2858         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
2859         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
2860         operands) and might contain an extra operand, the metadataID. The metadataID is used to
2861         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
2862
2863         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
2864         and types to all its operands. Additionally, reading a bytecode from the instruction stream
2865         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
2866         operands directly from the stream.
2867
2868
2869         * CMakeLists.txt:
2870         * DerivedSources.make:
2871         * JavaScriptCore.xcodeproj/project.pbxproj:
2872         * Sources.txt:
2873         * assembler/MacroAssemblerCodeRef.h:
2874         (JSC::ReturnAddressPtr::ReturnAddressPtr):
2875         (JSC::ReturnAddressPtr::value const):
2876         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
2877         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
2878         * bytecode/ArithProfile.h:
2879         (JSC::ArithProfile::ArithProfile):
2880         * bytecode/ArrayAllocationProfile.h:
2881         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
2882         * bytecode/ArrayProfile.h:
2883         * bytecode/BytecodeBasicBlock.cpp:
2884         (JSC::isJumpTarget):
2885         (JSC::BytecodeBasicBlock::computeImpl):
2886         (JSC::BytecodeBasicBlock::compute):
2887         * bytecode/BytecodeBasicBlock.h:
2888         (JSC::BytecodeBasicBlock::leaderOffset const):
2889         (JSC::BytecodeBasicBlock::totalLength const):
2890         (JSC::BytecodeBasicBlock::offsets const):
2891         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
2892         (JSC::BytecodeBasicBlock::addLength):
2893         * bytecode/BytecodeDumper.cpp:
2894         (JSC::BytecodeDumper<Block>::printLocationAndOp):
2895         (JSC::BytecodeDumper<Block>::dumpBytecode):
2896         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2897         (JSC::BytecodeDumper<Block>::dumpConstants):
2898         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2899         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2900         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2901         (JSC::BytecodeDumper<Block>::dumpBlock):
2902         * bytecode/BytecodeDumper.h:
2903         (JSC::BytecodeDumper::dumpOperand):
2904         (JSC::BytecodeDumper::dumpValue):
2905         (JSC::BytecodeDumper::BytecodeDumper):
2906         (JSC::BytecodeDumper::block const):
2907         * bytecode/BytecodeGeneratorification.cpp:
2908         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2909         (JSC::BytecodeGeneratorification::enterPoint const):
2910         (JSC::BytecodeGeneratorification::instructions const):
2911         (JSC::GeneratorLivenessAnalysis::run):
2912         (JSC::BytecodeGeneratorification::run):
2913         (JSC::performGeneratorification):
2914         * bytecode/BytecodeGeneratorification.h:
2915         * bytecode/BytecodeGraph.h:
2916         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
2917         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
2918         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
2919         (JSC::BytecodeGraph::BytecodeGraph):
2920         * bytecode/BytecodeKills.h:
2921         * bytecode/BytecodeList.json: Removed.
2922         * bytecode/BytecodeList.rb: Added.
2923         * bytecode/BytecodeLivenessAnalysis.cpp:
2924         (JSC::BytecodeLivenessAnalysis::dumpResults):
2925         * bytecode/BytecodeLivenessAnalysis.h:
2926         * bytecode/BytecodeLivenessAnalysisInlines.h:
2927         (JSC::isValidRegisterForLiveness):
2928         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
2929         * bytecode/BytecodeRewriter.cpp:
2930         (JSC::BytecodeRewriter::applyModification):
2931         (JSC::BytecodeRewriter::execute):
2932         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
2933         (JSC::BytecodeRewriter::insertImpl):
2934         (JSC::BytecodeRewriter::adjustJumpTarget):
2935         (JSC::BytecodeRewriter::adjustJumpTargets):
2936         * bytecode/BytecodeRewriter.h:
2937         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
2938         (JSC::BytecodeRewriter::Fragment::Fragment):
2939         (JSC::BytecodeRewriter::Fragment::appendInstruction):
2940         (JSC::BytecodeRewriter::BytecodeRewriter):
2941         (JSC::BytecodeRewriter::insertFragmentBefore):
2942         (JSC::BytecodeRewriter::insertFragmentAfter):
2943         (JSC::BytecodeRewriter::removeBytecode):
2944         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
2945         (JSC::BytecodeRewriter::adjustJumpTarget):
2946         * bytecode/BytecodeUseDef.h:
2947         (JSC::computeUsesForBytecodeOffset):
2948         (JSC::computeDefsForBytecodeOffset):
2949         * bytecode/CallLinkStatus.cpp:
2950         (JSC::CallLinkStatus::computeFromLLInt):
2951         * bytecode/CodeBlock.cpp:
2952         (JSC::CodeBlock::dumpBytecode):
2953         (JSC::CodeBlock::CodeBlock):
2954         (JSC::CodeBlock::finishCreation):
2955         (JSC::CodeBlock::estimatedSize):
2956         (JSC::CodeBlock::visitChildren):
2957         (JSC::CodeBlock::propagateTransitions):
2958         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2959         (JSC::CodeBlock::addJITAddIC):
2960         (JSC::CodeBlock::addJITMulIC):
2961         (JSC::CodeBlock::addJITSubIC):
2962         (JSC::CodeBlock::addJITNegIC):
2963         (JSC::CodeBlock::stronglyVisitStrongReferences):
2964         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
2965         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
2966         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2967         (JSC::CodeBlock::getArrayProfile):
2968         (JSC::CodeBlock::updateAllArrayPredictions):
2969         (JSC::CodeBlock::predictedMachineCodeSize):
2970         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
2971         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2972         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2973         (JSC::CodeBlock::validate):
2974         (JSC::CodeBlock::outOfLineJumpOffset):
2975         (JSC::CodeBlock::outOfLineJumpTarget):
2976         (JSC::CodeBlock::arithProfileForBytecodeOffset):
2977         (JSC::CodeBlock::arithProfileForPC):
2978         (JSC::CodeBlock::couldTakeSpecialFastCase):
2979         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2980         * bytecode/CodeBlock.h:
2981         (JSC::CodeBlock::addMathIC):
2982         (JSC::CodeBlock::outOfLineJumpOffset):
2983         (JSC::CodeBlock::bytecodeOffset):
2984         (JSC::CodeBlock::instructions const):
2985         (JSC::CodeBlock::instructionCount const):
2986         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2987         (JSC::CodeBlock::metadata):
2988         (JSC::CodeBlock::metadataSizeInBytes):
2989         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
2990         (JSC::CodeBlock::totalNumberOfValueProfiles):
2991         * bytecode/CodeBlockInlines.h: Added.
2992         (JSC::CodeBlock::forEachValueProfile):
2993         (JSC::CodeBlock::forEachArrayProfile):
2994         (JSC::CodeBlock::forEachArrayAllocationProfile):
2995         (JSC::CodeBlock::forEachObjectAllocationProfile):
2996         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2997         * bytecode/Fits.h: Added.
2998         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2999         * bytecode/GetByIdStatus.cpp:
3000         (JSC::GetByIdStatus::computeFromLLInt):
3001         * bytecode/Instruction.h:
3002         (JSC::Instruction::Instruction):
3003         (JSC::Instruction::Impl::opcodeID const):
3004         (JSC::Instruction::opcodeID const):
3005         (JSC::Instruction::name const):
3006         (JSC::Instruction::isWide const):
3007         (JSC::Instruction::size const):
3008         (JSC::Instruction::is const):
3009         (JSC::Instruction::as const):
3010         (JSC::Instruction::cast):
3011         (JSC::Instruction::cast const):
3012         (JSC::Instruction::narrow const):
3013         (JSC::Instruction::wide const):
3014         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3015         (JSC::InstructionStream::InstructionStream):
3016         (JSC::InstructionStream::sizeInBytes const):
3017         * bytecode/InstructionStream.h: Added.
3018         (JSC::InstructionStream::BaseRef::BaseRef):
3019         (JSC::InstructionStream::BaseRef::operator=):
3020         (JSC::InstructionStream::BaseRef::operator-> const):
3021         (JSC::InstructionStream::BaseRef::ptr const):
3022         (JSC::InstructionStream::BaseRef::operator!= const):
3023         (JSC::InstructionStream::BaseRef::next const):
3024         (JSC::InstructionStream::BaseRef::offset const):
3025         (JSC::InstructionStream::BaseRef::isValid const):
3026         (JSC::InstructionStream::BaseRef::unwrap const):
3027         (JSC::InstructionStream::MutableRef::freeze const):
3028         (JSC::InstructionStream::MutableRef::operator->):
3029         (JSC::InstructionStream::MutableRef::ptr):
3030         (JSC::InstructionStream::MutableRef::operator Ref):
3031         (JSC::InstructionStream::MutableRef::unwrap):
3032         (JSC::InstructionStream::iterator::operator*):
3033         (JSC::InstructionStream::iterator::operator++):
3034         (JSC::InstructionStream::begin const):
3035         (JSC::InstructionStream::end const):
3036         (JSC::InstructionStream::at const):
3037         (JSC::InstructionStream::size const):
3038         (JSC::InstructionStreamWriter::InstructionStreamWriter):
3039         (JSC::InstructionStreamWriter::ref):
3040         (JSC::InstructionStreamWriter::seek):
3041         (JSC::InstructionStreamWriter::position):
3042         (JSC::InstructionStreamWriter::write):
3043         (JSC::InstructionStreamWriter::rewind):
3044         (JSC::InstructionStreamWriter::finalize):
3045         (JSC::InstructionStreamWriter::swap):
3046         (JSC::InstructionStreamWriter::iterator::operator*):
3047         (JSC::InstructionStreamWriter::iterator::operator++):
3048         (JSC::InstructionStreamWriter::begin):
3049         (JSC::InstructionStreamWriter::end):
3050         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
3051         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
3052         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
3053         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
3054         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
3055         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3056         (JSC::MetadataTable::MetadataTable):
3057         (JSC::DeallocTable::withOpcodeType):
3058         (JSC::MetadataTable::~MetadataTable):
3059         (JSC::MetadataTable::sizeInBytes):
3060         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
3061         (JSC::MetadataTable::get):
3062         (JSC::MetadataTable::forEach):
3063         (JSC::MetadataTable::getImpl):
3064         * bytecode/Opcode.cpp:
3065         (JSC::metadataSize):
3066         * bytecode/Opcode.h:
3067         (JSC::padOpcodeName):
3068         * bytecode/OpcodeInlines.h:
3069         (JSC::isOpcodeShape):
3070         (JSC::getOpcodeType):
3071         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3072         * bytecode/PreciseJumpTargets.cpp:
3073         (JSC::getJumpTargetsForInstruction):
3074         (JSC::computePreciseJumpTargetsInternal):
3075         (JSC::computePreciseJumpTargets):
3076         (JSC::recomputePreciseJumpTargets):
3077         (JSC::findJumpTargetsForInstruction):
3078         * bytecode/PreciseJumpTargets.h:
3079         * bytecode/PreciseJumpTargetsInlines.h:
3080         (JSC::jumpTargetForInstruction):
3081         (JSC::extractStoredJumpTargetsForInstruction):
3082         (JSC::updateStoredJumpTargetsForInstruction):
3083         * bytecode/PutByIdStatus.cpp:
3084         (JSC::PutByIdStatus::computeFromLLInt):
3085         * bytecode/SpecialPointer.cpp:
3086         (WTF::printInternal):
3087         * bytecode/SpecialPointer.h:
3088         * bytecode/UnlinkedCodeBlock.cpp:
3089         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
3090         (JSC::UnlinkedCodeBlock::visitChildren):
3091         (JSC::UnlinkedCodeBlock::estimatedSize):
3092         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
3093         (JSC::dumpLineColumnEntry):
3094         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
3095         (JSC::UnlinkedCodeBlock::setInstructions):
3096         (JSC::UnlinkedCodeBlock::instructions const):
3097         (JSC::UnlinkedCodeBlock::applyModification):
3098         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
3099         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
3100         * bytecode/UnlinkedCodeBlock.h:
3101         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
3102         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
3103         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3104         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
3105         (JSC::UnlinkedCodeBlock::metadata):
3106         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
3107         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
3108         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
3109         * bytecode/UnlinkedInstructionStream.cpp: Removed.
3110         * bytecode/UnlinkedInstructionStream.h: Removed.
3111         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
3112         * bytecode/UnlinkedMetadataTableInlines.h: Added.
3113         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
3114         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
3115         (JSC::UnlinkedMetadataTable::addEntry):
3116         (JSC::UnlinkedMetadataTable::sizeInBytes):
3117         (JSC::UnlinkedMetadataTable::finalize):
3118         (JSC::UnlinkedMetadataTable::link):
3119         (JSC::UnlinkedMetadataTable::unlink):
3120         * bytecode/VirtualRegister.cpp:
3121         (JSC::VirtualRegister::VirtualRegister):
3122         * bytecode/VirtualRegister.h:
3123         * bytecompiler/BytecodeGenerator.cpp:
3124         (JSC::Label::setLocation):
3125         (JSC::Label::bind):
3126         (JSC::BytecodeGenerator::generate):
3127         (JSC::BytecodeGenerator::BytecodeGenerator):
3128         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
3129         (JSC::BytecodeGenerator::emitEnter):
3130         (JSC::BytecodeGenerator::emitLoopHint):
3131         (JSC::BytecodeGenerator::emitJump):
3132         (JSC::BytecodeGenerator::emitCheckTraps):
3133         (JSC::BytecodeGenerator::rewind):
3134         (JSC::BytecodeGenerator::fuseCompareAndJump):
3135         (JSC::BytecodeGenerator::fuseTestAndJmp):
3136         (JSC::BytecodeGenerator::emitJumpIfTrue):
3137         (JSC::BytecodeGenerator::emitJumpIfFalse):
3138         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
3139         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
3140         (JSC::BytecodeGenerator::moveLinkTimeConstant):
3141         (JSC::BytecodeGenerator::moveEmptyValue):
3142         (JSC::BytecodeGenerator::emitMove):
3143         (JSC::BytecodeGenerator::emitUnaryOp):
3144         (JSC::BytecodeGenerator::emitBinaryOp):
3145         (JSC::BytecodeGenerator::emitToObject):
3146         (JSC::BytecodeGenerator::emitToNumber):
3147         (JSC::BytecodeGenerator::emitToString):
3148         (JSC::BytecodeGenerator::emitTypeOf):
3149         (JSC::BytecodeGenerator::emitInc):
3150         (JSC::BytecodeGenerator::emitDec):
3151         (JSC::BytecodeGenerator::emitEqualityOp):
3152         (JSC::BytecodeGenerator::emitProfileType):
3153         (JSC::BytecodeGenerator::emitProfileControlFlow):
3154         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3155         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
3156         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3157         (JSC::BytecodeGenerator::emitOverridesHasInstance):
3158         (JSC::BytecodeGenerator::emitResolveScope):
3159         (JSC::BytecodeGenerator::emitGetFromScope):
3160         (JSC::BytecodeGenerator::emitPutToScope):
3161         (JSC::BytecodeGenerator::emitInstanceOf):
3162         (JSC::BytecodeGenerator::emitInstanceOfCustom):
3163         (JSC::BytecodeGenerator::emitInByVal):
3164         (JSC::BytecodeGenerator::emitInById):
3165         (JSC::BytecodeGenerator::emitTryGetById):
3166         (JSC::BytecodeGenerator::emitGetById):
3167         (JSC::BytecodeGenerator::emitDirectGetById):
3168         (JSC::BytecodeGenerator::emitPutById):
3169         (JSC::BytecodeGenerator::emitDirectPutById):
3170         (JSC::BytecodeGenerator::emitPutGetterById):
3171         (JSC::BytecodeGenerator::emitPutSetterById):
3172         (JSC::BytecodeGenerator::emitPutGetterSetter):
3173         (JSC::BytecodeGenerator::emitPutGetterByVal):
3174         (JSC::BytecodeGenerator::emitPutSetterByVal):
3175         (JSC::BytecodeGenerator::emitDeleteById):
3176         (JSC::BytecodeGenerator::emitGetByVal):
3177         (JSC::BytecodeGenerator::emitPutByVal):
3178         (JSC::BytecodeGenerator::emitDirectPutByVal):
3179         (JSC::BytecodeGenerator::emitDeleteByVal):
3180         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
3181         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
3182         (JSC::BytecodeGenerator::emitIdWithProfile):
3183         (JSC::BytecodeGenerator::emitUnreachable):
3184         (JSC::BytecodeGenerator::emitGetArgument):
3185         (JSC::BytecodeGenerator::emitCreateThis):
3186         (JSC::BytecodeGenerator::emitTDZCheck):
3187         (JSC::BytecodeGenerator::emitNewObject):
3188         (JSC::BytecodeGenerator::emitNewArrayBuffer):
3189         (JSC::BytecodeGenerator::emitNewArray):
3190         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
3191         (JSC::BytecodeGenerator::emitNewArrayWithSize):
3192         (JSC::BytecodeGenerator::emitNewRegExp):
3193         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
3194         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
3195         (JSC::BytecodeGenerator::emitNewFunction):
3196         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
3197         (JSC::BytecodeGenerator::emitCall):
3198         (JSC::BytecodeGenerator::emitCallInTailPosition):
3199         (JSC::BytecodeGenerator::emitCallEval):
3200         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
3201         (JSC::BytecodeGenerator::emitCallVarargs):
3202         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
3203         (JSC::BytecodeGenerator::emitConstructVarargs):
3204         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
3205         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
3206         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
3207         (JSC::BytecodeGenerator::emitCallDefineProperty):
3208         (JSC::BytecodeGenerator::emitReturn):
3209         (JSC::BytecodeGenerator::emitEnd):
3210         (JSC::BytecodeGenerator::emitConstruct):
3211         (JSC::BytecodeGenerator::emitStrcat):
3212         (JSC::BytecodeGenerator::emitToPrimitive):
3213         (JSC::BytecodeGenerator::emitGetScope):
3214         (JSC::BytecodeGenerator::emitPushWithScope):
3215         (JSC::BytecodeGenerator::emitGetParentScope):
3216         (JSC::BytecodeGenerator::emitDebugHook):
3217         (JSC::BytecodeGenerator::emitCatch):
3218         (JSC::BytecodeGenerator::emitThrow):
3219         (JSC::BytecodeGenerator::emitArgumentCount):
3220         (JSC::BytecodeGenerator::emitThrowStaticError):
3221         (JSC::BytecodeGenerator::beginSwitch):
3222         (JSC::prepareJumpTableForSwitch):
3223         (JSC::prepareJumpTableForStringSwitch):
3224         (JSC::BytecodeGenerator::endSwitch):
3225         (JSC::BytecodeGenerator::emitGetEnumerableLength):
3226         (JSC::BytecodeGenerator::emitHasGenericProperty):
3227         (JSC::BytecodeGenerator::emitHasIndexedProperty):
3228         (JSC::BytecodeGenerator::emitHasStructureProperty):
3229         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
3230         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
3231         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
3232         (JSC::BytecodeGenerator::emitToIndexString):
3233         (JSC::BytecodeGenerator::emitIsCellWithType):
3234         (JSC::BytecodeGenerator::emitIsObject):
3235         (JSC::BytecodeGenerator::emitIsNumber):
3236         (JSC::BytecodeGenerator::emitIsUndefined):
3237         (JSC::BytecodeGenerator::emitIsEmpty):
3238         (JSC::BytecodeGenerator::emitRestParameter):
3239         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
3240         (JSC::BytecodeGenerator::emitYieldPoint):
3241         (JSC::BytecodeGenerator::emitYield):
3242         (JSC::BytecodeGenerator::emitGetAsyncIterator):
3243         (JSC::BytecodeGenerator::emitDelegateYield):
3244         (JSC::BytecodeGenerator::emitFinallyCompletion):
3245         (JSC::BytecodeGenerator::emitJumpIf):
3246         (JSC::ForInContext::finalize):
3247         (JSC::StructureForInContext::finalize):
3248         (JSC::IndexedForInContext::finalize):
3249         (JSC::StaticPropertyAnalysis::record):
3250         (JSC::BytecodeGenerator::emitToThis):
3251         * bytecompiler/BytecodeGenerator.h:
3252         (JSC::StructureForInContext::addGetInst):
3253         (JSC::BytecodeGenerator::recordOpcode):
3254         (JSC::BytecodeGenerator::addMetadataFor):
3255         (JSC::BytecodeGenerator::emitUnaryOp):
3256         (JSC::BytecodeGenerator::kill):
3257         (JSC::BytecodeGenerator::instructions const):
3258         (JSC::BytecodeGenerator::write):
3259         (JSC::BytecodeGenerator::withWriter):
3260         * bytecompiler/Label.h:
3261         (JSC::Label::Label):
3262         (JSC::Label::bind):
3263         * bytecompiler/NodesCodegen.cpp:
3264         (JSC::ArrayNode::emitBytecode):
3265         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
3266         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3267         (JSC::BitwiseNotNode::emitBytecode):
3268         (JSC::BinaryOpNode::emitBytecode):
3269         (JSC::EqualNode::emitBytecode):
3270         (JSC::StrictEqualNode::emitBytecode):
3271         (JSC::emitReadModifyAssignment):
3272         (JSC::ForInNode::emitBytecode):
3273         (JSC::CaseBlockNode::emitBytecodeForBlock):
3274         (JSC::FunctionNode::emitBytecode):
3275         (JSC::ClassExprNode::emitBytecode):
3276         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
3277         (WTF::printInternal):
3278         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3279         * bytecompiler/RegisterID.h:
3280         * bytecompiler/StaticPropertyAnalysis.h:
3281         (JSC::StaticPropertyAnalysis::create):
3282         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
3283         * bytecompiler/StaticPropertyAnalyzer.h:
3284         (JSC::StaticPropertyAnalyzer::createThis):
3285         (JSC::StaticPropertyAnalyzer::newObject):
3286         (JSC::StaticPropertyAnalyzer::putById):
3287         (JSC::StaticPropertyAnalyzer::mov):
3288         (JSC::StaticPropertyAnalyzer::kill):
3289         * dfg/DFGByteCodeParser.cpp:
3290         (JSC::DFG::ByteCodeParser::addCall):
3291         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
3292         (JSC::DFG::ByteCodeParser::getArrayMode):
3293         (JSC::DFG::ByteCodeParser::handleCall):
3294         (JSC::DFG::ByteCodeParser::handleVarargsCall):
3295         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
3296         (JSC::DFG::ByteCodeParser::inlineCall):
3297         (JSC::DFG::ByteCodeParser::handleCallVariant):
3298         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
3299         (JSC::DFG::ByteCodeParser::handleInlining):
3300         (JSC::DFG::ByteCodeParser::handleMinMax):
3301         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3302         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
3303         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
3304         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
3305         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
3306         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
3307         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3308         (JSC::DFG::ByteCodeParser::handleGetById):
3309         (JSC::DFG::ByteCodeParser::handlePutById):
3310         (JSC::DFG::ByteCodeParser::parseGetById):
3311         (JSC::DFG::ByteCodeParser::parseBlock):
3312         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3313         (JSC::DFG::ByteCodeParser::handlePutByVal):
3314         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
3315         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
3316         (JSC::DFG::ByteCodeParser::handleNewFunc):
3317         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
3318         (JSC::DFG::ByteCodeParser::parse):
3319         * dfg/DFGCapabilities.cpp:
3320         (JSC::DFG::capabilityLevel):
3321         * dfg/DFGCapabilities.h:
3322         (JSC::DFG::capabilityLevel):
3323         * dfg/DFGOSREntry.cpp:
3324         (JSC::DFG::prepareCatchOSREntry):
3325         * dfg/DFGSpeculativeJIT.cpp:
3326         (JSC::DFG::SpeculativeJIT::compileValueAdd):
3327         (JSC::DFG::SpeculativeJIT::compileValueSub):
3328         (JSC::DFG::SpeculativeJIT::compileValueNegate):
3329         (JSC::DFG::SpeculativeJIT::compileArithMul):
3330         * ftl/FTLLowerDFGToB3.cpp:
3331         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
3332         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
3333         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
3334         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
3335         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
3336         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
3337         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
3338         * ftl/FTLOperations.cpp:
3339         (JSC::FTL::operationMaterializeObjectInOSR):
3340         * generate-bytecode-files: Removed.
3341         * generator/Argument.rb: Added.
3342         * generator/Assertion.rb: Added.
3343         * generator/DSL.rb: Added.
3344         * generator/Fits.rb: Added.
3345         * generator/GeneratedFile.rb: Added.
3346         * generator/Metadata.rb: Added.
3347         * generator/Opcode.rb: Added.
3348         * generator/OpcodeGroup.rb: Added.
3349         * generator/Options.rb: Added.
3350         * generator/Section.rb: Added.
3351         * generator/Template.rb: Added.
3352         * generator/Type.rb: Added.
3353         * generator/main.rb: Added.
3354         * interpreter/AbstractPC.h:
3355         * interpreter/CallFrame.cpp:
3356         (JSC::CallFrame::currentVPC const):
3357         (JSC::CallFrame::setCurrentVPC):
3358         * interpreter/CallFrame.h:
3359         (JSC::CallSiteIndex::CallSiteIndex):
3360         (JSC::ExecState::setReturnPC):
3361         * interpreter/Interpreter.cpp:
3362         (WTF::printInternal):
3363         * interpreter/Interpreter.h:
3364         * interpreter/InterpreterInlines.h:
3365         * interpreter/StackVisitor.cpp:
3366         (JSC::StackVisitor::Frame::dump const):
3367         * interpreter/VMEntryRecord.h:
3368         * jit/JIT.cpp:
3369         (JSC::JIT::JIT):
3370         (JSC::JIT::emitSlowCaseCall):
3371         (JSC::JIT::privateCompileMainPass):
3372         (JSC::JIT::privateCompileSlowCases):
3373         (JSC::JIT::compileWithoutLinking):
3374         (JSC::JIT::link):
3375         * jit/JIT.h:
3376         * jit/JITArithmetic.cpp:
3377         (JSC::JIT::emit_op_jless):
3378         (JSC::JIT::emit_op_jlesseq):
3379         (JSC::JIT::emit_op_jgreater):
3380         (JSC::JIT::emit_op_jgreatereq):
3381         (JSC::JIT::emit_op_jnless):
3382         (JSC::JIT::emit_op_jnlesseq):
3383         (JSC::JIT::emit_op_jngreater):
3384         (JSC::JIT::emit_op_jngreatereq):
3385         (JSC::JIT::emitSlow_op_jless):
3386         (JSC::JIT::emitSlow_op_jlesseq):
3387         (JSC::JIT::emitSlow_op_jgreater):
3388         (JSC::JIT::emitSlow_op_jgreatereq):
3389         (JSC::JIT::emitSlow_op_jnless):
3390         (JSC::JIT::emitSlow_op_jnlesseq):
3391         (JSC::JIT::emitSlow_op_jngreater):
3392         (JSC::JIT::emitSlow_op_jngreatereq):
3393         (JSC::JIT::emit_op_below):
3394         (JSC::JIT::emit_op_beloweq):
3395         (JSC::JIT::emit_op_jbelow):
3396         (JSC::JIT::emit_op_jbeloweq):
3397         (JSC::JIT::emit_op_unsigned):
3398         (JSC::JIT::emit_compareAndJump):
3399         (JSC::JIT::emit_compareUnsignedAndJump):
3400         (JSC::JIT::emit_compareUnsigned):
3401         (JSC::JIT::emit_compareAndJumpSlow):
3402         (JSC::JIT::emit_op_inc):
3403         (JSC::JIT::emit_op_dec):
3404         (JSC::JIT::emit_op_mod):
3405         (JSC::JIT::emitSlow_op_mod):
3406         (JSC::JIT::emit_op_negate):
3407         (JSC::JIT::emitSlow_op_negate):
3408         (JSC::JIT::emitBitBinaryOpFastPath):
3409         (JSC::JIT::emit_op_bitand):
3410         (JSC::JIT::emit_op_bitor):
3411         (JSC::JIT::emit_op_bitxor):
3412         (JSC::JIT::emit_op_lshift):
3413         (JSC::JIT::emitRightShiftFastPath):
3414         (JSC::JIT::emit_op_rshift):
3415         (JSC::JIT::emit_op_urshift):
3416         (JSC::getOperandTypes):
3417         (JSC::JIT::emit_op_add):
3418         (JSC::JIT::emitSlow_op_add):
3419         (JSC::JIT::emitMathICFast):
3420         (JSC::JIT::emitMathICSlow):
3421         (JSC::JIT::emit_op_div):
3422         (JSC::JIT::emit_op_mul):
3423         (JSC::JIT::emitSlow_op_mul):
3424         (JSC::JIT::emit_op_sub):
3425         (JSC::JIT::emitSlow_op_sub):
3426         * jit/JITCall.cpp:
3427         (JSC::JIT::emitPutCallResult):
3428         (JSC::JIT::compileSetupFrame):
3429         (JSC::JIT::compileCallEval):
3430         (JSC::JIT::compileCallEvalSlowCase):
3431         (JSC::JIT::compileTailCall):
3432         (JSC::JIT::compileOpCall):
3433         (JSC::JIT::compileOpCallSlowCase):
3434         (JSC::JIT::emit_op_call):
3435         (JSC::JIT::emit_op_tail_call):
3436         (JSC::JIT::emit_op_call_eval):
3437         (JSC::JIT::emit_op_call_varargs):
3438         (JSC::JIT::emit_op_tail_call_varargs):
3439         (JSC::JIT::emit_op_tail_call_forward_arguments):
3440         (JSC::JIT::emit_op_construct_varargs):
3441         (JSC::JIT::emit_op_construct):
3442         (JSC::JIT::emitSlow_op_call):
3443         (JSC::JIT::emitSlow_op_tail_call):
3444         (JSC::JIT::emitSlow_op_call_eval):
3445         (JSC::JIT::emitSlow_op_call_varargs):
3446         (JSC::JIT::emitSlow_op_tail_call_varargs):
3447         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
3448         (JSC::JIT::emitSlow_op_construct_varargs):
3449         (JSC::JIT::emitSlow_op_construct):
3450         * jit/JITDisassembler.cpp:
3451         (JSC::JITDisassembler::JITDisassembler):
3452         * jit/JITExceptions.cpp:
3453         (JSC::genericUnwind):
3454         * jit/JITInlines.h:
3455         (JSC::JIT::emitDoubleGetByVal):
3456         (JSC::JIT::emitLoadForArrayMode):
3457         (JSC::JIT::emitContiguousGetByVal):
3458         (JSC::JIT::emitArrayStorageGetByVal):
3459         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
3460         (JSC::JIT::sampleInstruction):
3461         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
3462         (JSC::JIT::emitValueProfilingSite):
3463         (JSC::JIT::jumpTarget):
3464         (JSC::JIT::copiedGetPutInfo):
3465         (JSC::JIT::copiedArithProfile):
3466         * jit/JITMathIC.h:
3467         (JSC::isProfileEmpty):
3468         (JSC::JITBinaryMathIC::JITBinaryMathIC):
3469         (JSC::JITUnaryMathIC::JITUnaryMathIC):
3470         * jit/JITOpcodes.cpp:
3471         (JSC::JIT::emit_op_mov):
3472         (JSC::JIT::emit_op_end):
3473         (JSC::JIT::emit_op_jmp):
3474         (JSC::JIT::emit_op_new_object):
3475         (JSC::JIT::emitSlow_op_new_object):
3476         (JSC::JIT::emit_op_overrides_has_instance):
3477         (JSC::JIT::emit_op_instanceof):
3478         (JSC::JIT::emitSlow_op_instanceof):
3479         (JSC::JIT::emit_op_instanceof_custom):
3480         (JSC::JIT::emit_op_is_empty):
3481         (JSC::JIT::emit_op_is_undefined):
3482         (JSC::JIT::emit_op_is_boolean):
3483         (JSC::JIT::emit_op_is_number):
3484         (JSC::JIT::emit_op_is_cell_with_type):
3485         (JSC::JIT::emit_op_is_object):
3486         (JSC::JIT::emit_op_ret):
3487         (JSC::JIT::emit_op_to_primitive):
3488         (JSC::JIT::emit_op_set_function_name):
3489         (JSC::JIT::emit_op_not):
3490         (JSC::JIT::emit_op_jfalse):
3491         (JSC::JIT::emit_op_jeq_null):
3492         (JSC::JIT::emit_op_jneq_null):
3493         (JSC::JIT::emit_op_jneq_ptr):
3494         (JSC::JIT::emit_op_eq):
3495         (JSC::JIT::emit_op_jeq):
3496         (JSC::JIT::emit_op_jtrue):
3497         (JSC::JIT::emit_op_neq):
3498         (JSC::JIT::emit_op_jneq):
3499         (JSC::JIT::emit_op_throw):
3500         (JSC::JIT::compileOpStrictEq):
3501         (JSC::JIT::emit_op_stricteq):
3502         (JSC::JIT::emit_op_nstricteq):
3503         (JSC::JIT::compileOpStrictEqJump):
3504         (JSC::JIT::emit_op_jstricteq):
3505         (JSC::JIT::emit_op_jnstricteq):
3506         (JSC::JIT::emitSlow_op_jstricteq):
3507         (JSC::JIT::emitSlow_op_jnstricteq):
3508         (JSC::JIT::emit_op_to_number):
3509         (JSC::JIT::emit_op_to_string):
3510         (JSC::JIT::emit_op_to_object):
3511         (JSC::JIT::emit_op_catch):
3512         (JSC::JIT::emit_op_identity_with_profile):
3513         (JSC::JIT::emit_op_get_parent_scope):
3514         (JSC::JIT::emit_op_switch_imm):
3515         (JSC::JIT::emit_op_switch_char):
3516         (JSC::JIT::emit_op_switch_string):
3517         (JSC::JIT::emit_op_debug):
3518         (JSC::JIT::emit_op_eq_null):
3519         (JSC::JIT::emit_op_neq_null):
3520         (JSC::JIT::emit_op_enter):
3521         (JSC::JIT::emit_op_get_scope):
3522         (JSC::JIT::emit_op_to_this):
3523         (JSC::JIT::emit_op_create_this):
3524         (JSC::JIT::emit_op_check_tdz):
3525         (JSC::JIT::emitSlow_op_eq):
3526         (JSC::JIT::emitSlow_op_neq):
3527         (JSC::JIT::emitSlow_op_jeq):
3528         (JSC::JIT::emitSlow_op_jneq):
3529         (JSC::JIT::emitSlow_op_instanceof_custom):
3530         (JSC::JIT::emit_op_loop_hint):
3531         (JSC::JIT::emitSlow_op_loop_hint):
3532         (JSC::JIT::emit_op_check_traps):
3533         (JSC::JIT::emit_op_nop):
3534         (JSC::JIT::emit_op_super_sampler_begin):
3535         (JSC::JIT::emit_op_super_sampler_end):
3536         (JSC::JIT::emitSlow_op_check_traps):
3537         (JSC::JIT::emit_op_new_regexp):
3538         (JSC::JIT::emitNewFuncCommon):
3539         (JSC::JIT::emit_op_new_func):
3540         (JSC::JIT::emit_op_new_generator_func):
3541         (JSC::JIT::emit_op_new_async_generator_func):
3542         (JSC::JIT::emit_op_new_async_func):
3543         (JSC::JIT::emitNewFuncExprCommon):
3544         (JSC::JIT::emit_op_new_func_exp):
3545         (JSC::JIT::emit_op_new_generator_func_exp):
3546         (JSC::JIT::emit_op_new_async_func_exp):
3547         (JSC::JIT::emit_op_new_async_generator_func_exp):
3548         (JSC::JIT::emit_op_new_array):
3549         (JSC::JIT::emit_op_new_array_with_size):
3550         (JSC::JIT::emit_op_has_structure_property):
3551         (JSC::JIT::privateCompileHasIndexedProperty):
3552         (JSC::JIT::emit_op_has_indexed_property):
3553         (JSC::JIT::emitSlow_op_has_indexed_property):
3554         (JSC::JIT::emit_op_get_direct_pname):
3555         (JSC::JIT::emit_op_enumerator_structure_pname):
3556         (JSC::JIT::emit_op_enumerator_generic_pname):
3557         (JSC::JIT::emit_op_profile_type):
3558         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
3559         (JSC::JIT::emit_op_log_shadow_chicken_tail):
3560         (JSC::JIT::emit_op_profile_control_flow):
3561         (JSC::JIT::emit_op_argument_count):
3562         (JSC::JIT::emit_op_get_rest_length):
3563         (JSC::JIT::emit_op_get_argument):
3564         * jit/JITOpcodes32_64.cpp:
3565         (JSC::JIT::emit_op_to_this):
3566         * jit/JITOperations.cpp:
3567         * jit/JITOperations.h:
3568         * jit/JITPropertyAccess.cpp:
3569         (JSC::JIT::emit_op_get_by_val):
3570         (JSC::JIT::emitGetByValWithCachedId):
3571         (JSC::JIT::emitSlow_op_get_by_val):
3572         (JSC::JIT::emit_op_put_by_val_direct):
3573         (JSC::JIT::emit_op_put_by_val):
3574         (JSC::JIT::emitGenericContiguousPutByVal):
3575         (JSC::JIT::emitArrayStoragePutByVal):
3576         (JSC::JIT::emitPutByValWithCachedId):
3577         (JSC::JIT::emitSlow_op_put_by_val):
3578         (JSC::JIT::emit_op_put_getter_by_id):
3579         (JSC::JIT::emit_op_put_setter_by_id):
3580         (JSC::JIT::emit_op_put_getter_setter_by_id):
3581         (JSC::JIT::emit_op_put_getter_by_val):
3582         (JSC::JIT::emit_op_put_setter_by_val):
3583         (JSC::JIT::emit_op_del_by_id):
3584         (JSC::JIT::emit_op_del_by_val):
3585         (JSC::JIT::emit_op_try_get_by_id):
3586         (JSC::JIT::emitSlow_op_try_get_by_id):
3587         (JSC::JIT::emit_op_get_by_id_direct):
3588         (JSC::JIT::emitSlow_op_get_by_id_direct):
3589         (JSC::JIT::emit_op_get_by_id):
3590         (JSC::JIT::emit_op_get_by_id_with_this):
3591         (JSC::JIT::emitSlow_op_get_by_id):
3592         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3593         (JSC::JIT::emit_op_put_by_id):
3594         (JSC::JIT::emitSlow_op_put_by_id):
3595         (JSC::JIT::emit_op_in_by_id):
3596         (JSC::JIT::emitSlow_op_in_by_id):
3597         (JSC::JIT::emit_op_resolve_scope):
3598         (JSC::JIT::emit_op_get_from_scope):
3599         (JSC::JIT::emitSlow_op_get_from_scope):
3600         (JSC::JIT::emit_op_put_to_scope):
3601         (JSC::JIT::emitSlow_op_put_to_scope):
3602         (JSC::JIT::emit_op_get_from_arguments):
3603         (JSC::JIT::emit_op_put_to_arguments):
3604         (JSC::JIT::privateCompileGetByVal):
3605         (JSC::JIT::privateCompileGetByValWithCachedId):
3606         (JSC::JIT::privateCompilePutByVal):
3607         (JSC::JIT::privateCompilePutByValWithCachedId):
3608         (JSC::JIT::emitDoubleLoad):
3609         (JSC::JIT::emitContiguousLoad):
3610         (JSC::JIT::emitArrayStorageLoad):
3611         (JSC::JIT::emitDirectArgumentsGetByVal):
3612         (JSC::JIT::emitScopedArgumentsGetByVal):
3613         (JSC::JIT::emitIntTypedArrayGetByVal):
3614         (JSC::JIT::emitFloatTypedArrayGetByVal):
3615         (JSC::JIT::emitIntTypedArrayPutByVal):
3616         (JSC::JIT::emitFloatTypedArrayPutByVal):
3617         * jit/RegisterSet.cpp:
3618         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
3619         * jit/SlowPathCall.h:
3620         (JSC::JITSlowPathCall::JITSlowPathCall):
3621         * llint/LLIntData.cpp:
3622         (JSC::LLInt::initialize):
3623         (JSC::LLInt::Data::performAssertions):
3624         * llint/LLIntData.h:
3625         (JSC::LLInt::exceptionInstructions):
3626         (JSC::LLInt::opcodeMap):
3627         (JSC::LLInt::opcodeMapWide):
3628         (JSC::LLInt::getOpcode):
3629         (JSC::LLInt::getOpcodeWide):
3630         (JSC::LLInt::getWideCodePtr):
3631         * llint/LLIntOffsetsExtractor.cpp:
3632         * llint/LLIntSlowPaths.cpp:
3633         (JSC::LLInt::llint_trace_operand):
3634         (JSC::LLInt::llint_trace_value):
3635         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3636         (JSC::LLInt::entryOSR):
3637         (JSC::LLInt::setupGetByIdPrototypeCache):
3638         (JSC::LLInt::getByVal):
3639         (JSC::LLInt::handleHostCall):
3640         (JSC::LLInt::setUpCall):
3641         (JSC::LLInt::genericCall):
3642         (JSC::LLInt::varargsSetup):
3643         (JSC::LLInt::commonCallEval):
3644         * llint/LLIntSlowPaths.h:
3645         * llint/LowLevelInterpreter.asm:
3646         * llint/LowLevelInterpreter.cpp:
3647         (JSC::CLoopRegister::operator const Instruction*):
3648         (JSC::CLoop::execute):
3649         * llint/LowLevelInterpreter32_64.asm:
3650         * llint/LowLevelInterpreter64.asm:
3651         * offlineasm/arm64.rb:
3652         * offlineasm/asm.rb:
3653         * offlineasm/ast.rb:
3654         * offlineasm/cloop.rb:
3655         * offlineasm/generate_offset_extractor.rb:
3656         * offlineasm/instructions.rb:
3657         * offlineasm/offsets.rb:
3658         * offlineasm/parser.rb:
3659         * offlineasm/transform.rb:
3660         * offlineasm/x86.rb:
3661         * parser/ResultType.h:
3662         (JSC::ResultType::dump const):
3663         (JSC::OperandTypes::first const):
3664         (JSC::OperandTypes::second const):
3665         (JSC::OperandTypes::dump const):
3666         * profiler/ProfilerBytecodeSequence.cpp:
3667         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
3668         * runtime/CommonSlowPaths.cpp:
3669         (JSC::SLOW_PATH_DECL):
3670         (JSC::updateArithProfileForUnaryArithOp):
3671         (JSC::updateArithProfileForBinaryArithOp):
3672         * runtime/CommonSlowPaths.h:
3673         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
3674         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
3675         * runtime/ExceptionFuzz.cpp:
3676         (JSC::doExceptionFuzzing):
3677         * runtime/ExceptionFuzz.h:
3678         (JSC::doExceptionFuzzingIfEnabled):
3679         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3680         (JSC::GetPutInfo::dump const):
3681         (WTF::printInternal):
3682         * runtime/GetPutInfo.h:
3683         (JSC::GetPutInfo::operand const):
3684         * runtime/JSCPoison.h:
3685         * runtime/JSType.cpp: Added.
3686         (WTF::printInternal):
3687         * runtime/JSType.h:
3688         * runtime/SamplingProfiler.cpp:
3689         (JSC::SamplingProfiler::StackFrame::displayName):
3690         * runtime/SamplingProfiler.h:
3691         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
3692         * runtime/SlowPathReturnType.h:
3693         (JSC::encodeResult):
3694         (JSC::decodeResult):
3695         * runtime/VM.h:
3696         * runtime/Watchdog.h:
3697         * tools/HeapVerifier.cpp:
3698
3699 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3700
3701         Unreviewed, partial rolling in r237254
3702         https://bugs.webkit.org/show_bug.cgi?id=190340
3703
3704         We do not use the added function right now to investigate what is the reason of the regression.
3705         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
3706         seems culprit of the regression on iOS devices.
3707
3708         * bytecode/UnlinkedFunctionExecutable.cpp:
3709         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3710         * bytecode/UnlinkedFunctionExecutable.h:
3711         * parser/SourceCodeKey.h:
3712         (JSC::SourceCodeKey::SourceCodeKey):
3713         (JSC::SourceCodeKey::operator== const):
3714         * runtime/CodeCache.cpp:
3715         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3716         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3717         * runtime/CodeCache.h:
3718         * runtime/FunctionConstructor.cpp:
3719         (JSC::constructFunctionSkippingEvalEnabledCheck):
3720         * runtime/FunctionExecutable.cpp:
3721         (JSC::FunctionExecutable::fromGlobalCode):
3722         * runtime/FunctionExecutable.h:
3723
3724 2018-10-26  Commit Queue  <commit-queue@webkit.org>
3725
3726         Unreviewed, rolling out r237479 and r237484.
3727         https://bugs.webkit.org/show_bug.cgi?id=190978
3728
3729         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
3730
3731         Reverted changesets:
3732
3733         "New bytecode format for JSC"
3734         https://bugs.webkit.org/show_bug.cgi?id=187373
3735         https://trac.webkit.org/changeset/237479
3736
3737         "Gardening: Build fix after r237479."
3738         https://bugs.webkit.org/show_bug.cgi?id=187373
3739         https://trac.webkit.org/changeset/237484
3740
3741 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
3742
3743         Gardening: Build fix after r237479.
3744         https://bugs.webkit.org/show_bug.cgi?id=187373
3745
3746         Unreviewed.
3747
3748         * Configurations/JSC.xcconfig:
3749         * JavaScriptCore.xcodeproj/project.pbxproj:
3750         * llint/LLIntData.cpp:
3751         (JSC::LLInt::initialize):
3752
3753 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
3754
3755         New bytecode format for JSC
3756         https://bugs.webkit.org/show_bug.cgi?id=187373
3757         <rdar://problem/44186758>
3758
3759         Reviewed by Filip Pizlo.
3760
3761         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
3762         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
3763         operands) and might contain an extra operand, the metadataID. The metadataID is used to
3764         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
3765
3766         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
3767         and types to all its operands. Additionally, reading a bytecode from the instruction stream
3768         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
3769         operands directly from the stream.
3770
3771
3772         * CMakeLists.txt:
3773         * DerivedSources.make:
3774         * JavaScriptCore.xcodeproj/project.pbxproj:
3775         * Sources.txt:
3776         * assembler/MacroAssemblerCodeRef.h:
3777         (JSC::ReturnAddressPtr::ReturnAddressPtr):
3778         (JSC::ReturnAddressPtr::value const):
3779         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
3780         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
3781         * bytecode/ArithProfile.h:
3782         (JSC::ArithProfile::ArithProfile):
3783         * bytecode/ArrayAllocationProfile.h:
3784         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
3785         * bytecode/ArrayProfile.h:
3786         * bytecode/BytecodeBasicBlock.cpp:
3787         (JSC::isJumpTarget):
3788         (JSC::BytecodeBasicBlock::computeImpl):
3789         (JSC::BytecodeBasicBlock::compute):
3790         * bytecode/BytecodeBasicBlock.h:
3791         (JSC::BytecodeBasicBlock::leaderOffset const):
3792         (JSC::BytecodeBasicBlock::totalLength const):
3793         (JSC::BytecodeBasicBlock::offsets const):
3794         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
3795         (JSC::BytecodeBasicBlock::addLength):
3796         * bytecode/BytecodeDumper.cpp:
3797         (JSC::BytecodeDumper<Block>::printLocationAndOp):
3798         (JSC::BytecodeDumper<Block>::dumpBytecode):
3799         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
3800         (JSC::BytecodeDumper<Block>::dumpConstants):
3801         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
3802         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
3803         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
3804         (JSC::BytecodeDumper<Block>::dumpBlock):
3805         * bytecode/BytecodeDumper.h:
3806         (JSC::BytecodeDumper::dumpOperand):
3807         (JSC::BytecodeDumper::dumpValue):
3808         (JSC::BytecodeDumper::BytecodeDumper):
3809         (JSC::BytecodeDumper::block const):
3810         * bytecode/BytecodeGeneratorification.cpp:
3811         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
3812         (JSC::BytecodeGeneratorification::enterPoint const):
3813         (JSC::BytecodeGeneratorification::instructions const):
3814         (JSC::GeneratorLivenessAnalysis::run):
3815         (JSC::BytecodeGeneratorification::run):
3816         (JSC::performGeneratorification):
3817         * bytecode/BytecodeGeneratorification.h:
3818         * bytecode/BytecodeGraph.h:
3819         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
3820         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
3821         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
3822         (JSC::BytecodeGraph::BytecodeGraph):
3823         * bytecode/BytecodeKills.h:
3824         * bytecode/BytecodeList.json: Removed.
3825         * bytecode/BytecodeList.rb: Added.
3826         * bytecode/BytecodeLivenessAnalysis.cpp:
3827         (JSC::BytecodeLivenessAnalysis::dumpResults):
3828         * bytecode/BytecodeLivenessAnalysis.h:
3829         * bytecode/BytecodeLivenessAnalysisInlines.h:
3830         (JSC::isValidRegisterForLiveness):
3831         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
3832         * bytecode/BytecodeRewriter.cpp:
3833         (JSC::BytecodeRewriter::applyModification):
3834         (JSC::BytecodeRewriter::execute):
3835         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
3836         (JSC::BytecodeRewriter::insertImpl):
3837         (JSC::BytecodeRewriter::adjustJumpTarget):
3838         (JSC::BytecodeRewriter::adjustJumpTargets):
3839         * bytecode/BytecodeRewriter.h:
3840         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
3841         (JSC::BytecodeRewriter::Fragment::Fragment):
3842         (JSC::BytecodeRewriter::Fragment::appendInstruction):
3843         (JSC::BytecodeRewriter::BytecodeRewriter):
3844         (JSC::BytecodeRewriter::insertFragmentBefore):
3845         (JSC::BytecodeRewriter::insertFragmentAfter):
3846         (JSC::BytecodeRewriter::removeBytecode):
3847         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
3848         (JSC::BytecodeRewriter::adjustJumpTarget):
3849         * bytecode/BytecodeUseDef.h:
3850         (JSC::computeUsesForBytecodeOffset):
3851         (JSC::computeDefsForBytecodeOffset):
3852         * bytecode/CallLinkStatus.cpp:
3853         (JSC::CallLinkStatus::computeFromLLInt):
3854         * bytecode/CodeBlock.cpp:
3855         (JSC::CodeBlock::dumpBytecode):
3856         (JSC::CodeBlock::CodeBlock):
3857         (JSC::CodeBlock::finishCreation):
3858         (JSC::CodeBlock::estimatedSize):
3859         (JSC::CodeBlock::visitChildren):
3860         (JSC::CodeBlock::propagateTransitions):
3861         (JSC::CodeBlock::finalizeLLIntInlineCaches):
3862         (JSC::CodeBlock::addJITAddIC):
3863         (JSC::CodeBlock::addJITMulIC):
3864         (JSC::CodeBlock::addJITSubIC):
3865         (JSC::CodeBlock::addJITNegIC):
3866         (JSC::CodeBlock::stronglyVisitStrongReferences):
3867         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
3868         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
3869         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
3870         (JSC::CodeBlock::getArrayProfile):
3871         (JSC::CodeBlock::updateAllArrayPredictions):
3872         (JSC::CodeBlock::predictedMachineCodeSize):
3873         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
3874         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
3875         (JSC::CodeBlock::valueProfileForBytecodeOffset):
3876         (JSC::CodeBlock::validate):
3877         (JSC::CodeBlock::outOfLineJumpOffset):
3878         (JSC::CodeBlock::outOfLineJumpTarget):
3879         (JSC::CodeBlock::arithProfileForBytecodeOffset):
3880         (JSC::CodeBlock::arithProfileForPC):
3881         (JSC::CodeBlock::couldTakeSpecialFastCase):
3882         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
3883         * bytecode/CodeBlock.h:
3884         (JSC::CodeBlock::addMathIC):
3885         (JSC::CodeBlock::outOfLineJumpOffset):
3886         (JSC::CodeBlock::bytecodeOffset):
3887         (JSC::CodeBlock::instructions const):
3888         (JSC::CodeBlock::instructionCount const):
3889         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
3890         (JSC::CodeBlock::metadata):
3891         (JSC::CodeBlock::metadataSizeInBytes):
3892         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
3893         (JSC::CodeBlock::totalNumberOfValueProfiles):
3894         * bytecode/CodeBlockInlines.h: Added.
3895         (JSC::CodeBlock::forEachValueProfile):
3896         (JSC::CodeBlock::forEachArrayProfile):
3897         (JSC::CodeBlock::forEachArrayAllocationProfile):
3898         (JSC::CodeBlock::forEachObjectAllocationProfile):
3899         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
3900         * bytecode/Fits.h: Added.
3901         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
3902         * bytecode/GetByIdStatus.cpp:
3903         (JSC::GetByIdStatus::computeFromLLInt):
3904         * bytecode/Instruction.h:
3905         (JSC::Instruction::Instruction):
3906         (JSC::Instruction::Impl::opcodeID const):
3907         (JSC::Instruction::opcodeID const):
3908         (JSC::Instruction::name const):
3909         (JSC::Instruction::isWide const):
3910         (JSC::Instruction::size const):
3911         (JSC::Instruction::is const):
3912         (JSC::Instruction::as const):
3913         (JSC::Instruction::cast):
3914         (JSC::Instruction::cast const):
3915         (JSC::Instruction::narrow const):
3916         (JSC::Instruction::wide const):
3917         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3918         (JSC::InstructionStream::InstructionStream):
3919         (JSC::InstructionStream::sizeInBytes const):
3920         * bytecode/InstructionStream.h: Added.
3921         (JSC::InstructionStream::BaseRef::BaseRef):
3922         (JSC::InstructionStream::BaseRef::operator=):
3923         (JSC::InstructionStream::BaseRef::operator-> const):
3924         (JSC::InstructionStream::BaseRef::ptr const):
3925         (JSC::InstructionStream::BaseRef::operator!= const):
3926         (JSC::InstructionStream::BaseRef::next const):
3927         (JSC::InstructionStream::BaseRef::offset const):
3928         (JSC::InstructionStream::BaseRef::isValid const):
3929         (JSC::InstructionStream::BaseRef::unwrap const):
3930         (JSC::InstructionStream::MutableRef::freeze const):
3931         (JSC::InstructionStream::MutableRef::operator->):
3932         (JSC::InstructionStream::MutableRef::ptr):
3933         (JSC::InstructionStream::MutableRef::operator Ref):
3934         (JSC::InstructionStream::MutableRef::unwrap):
3935         (JSC::InstructionStream::iterator::operator*):
3936         (JSC::InstructionStream::iterator::operator++):
3937         (JSC::InstructionStream::begin const):
3938         (JSC::InstructionStream::end const):
3939         (JSC::InstructionStream::at const):
3940         (JSC::InstructionStream::size const):
3941         (JSC::InstructionStreamWriter::InstructionStreamWriter):
3942         (JSC::InstructionStreamWriter::ref):
3943         (JSC::InstructionStreamWriter::seek):
3944         (JSC::InstructionStreamWriter::position):
3945         (JSC::InstructionStreamWriter::write):
3946         (JSC::InstructionStreamWriter::rewind):
3947         (JSC::InstructionStreamWriter::finalize):
3948         (JSC::InstructionStreamWriter::swap):
3949         (JSC::InstructionStreamWriter::iterator::operator*):
3950         (JSC::InstructionStreamWriter::iterator::operator++):
3951         (JSC::InstructionStreamWriter::begin):
3952         (JSC::InstructionStreamWriter::end):
3953         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
3954         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
3955         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
3956         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
3957         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
3958         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.