88925e5d481a9ebc7d4a1ec21478c66d464275bc
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-29  Tim Horton  <timothy_horton@apple.com>
2
3         Modernize WebKit nibs and lprojs for localization's sake
4         https://bugs.webkit.org/show_bug.cgi?id=190911
5         <rdar://problem/45349466>
6
7         Reviewed by Dan Bernstein.
8
9         * JavaScriptCore.xcodeproj/project.pbxproj:
10         English->en
11
12 2018-10-29  Commit Queue  <commit-queue@webkit.org>
13
14         Unreviewed, rolling out r237492.
15         https://bugs.webkit.org/show_bug.cgi?id=191035
16
17         "It regresses JetStream 2 by 5% on some iOS devices"
18         (Requested by saamyjoon on #webkit).
19
20         Reverted changeset:
21
22         "Unreviewed, partial rolling in r237254"
23         https://bugs.webkit.org/show_bug.cgi?id=190340
24         https://trac.webkit.org/changeset/237492
25
26 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
27
28         Add support for GetStack FlushedDouble
29         https://bugs.webkit.org/show_bug.cgi?id=191012
30         <rdar://problem/45265141>
31
32         Reviewed by Saam Barati.
33
34         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
35         for doubles, but it turns out it may arise from the PutStack sinking
36         phase: if we sink a PutStack into a successor block, other predecessors
37         will emit a GetStack followed by a Upsilon.
38
39         * ftl/FTLLowerDFGToB3.cpp:
40         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
41
42 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
43
44         New bytecode format for JSC
45         https://bugs.webkit.org/show_bug.cgi?id=187373
46         <rdar://problem/44186758>
47
48         Reviewed by Filip Pizlo.
49
50         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
51         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
52         operands) and might contain an extra operand, the metadataID. The metadataID is used to
53         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
54
55         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
56         and types to all its operands. Additionally, reading a bytecode from the instruction stream
57         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
58         operands directly from the stream.
59
60
61         * CMakeLists.txt:
62         * DerivedSources.make:
63         * JavaScriptCore.xcodeproj/project.pbxproj:
64         * Sources.txt:
65         * assembler/MacroAssemblerCodeRef.h:
66         (JSC::ReturnAddressPtr::ReturnAddressPtr):
67         (JSC::ReturnAddressPtr::value const):
68         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
69         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
70         * bytecode/ArithProfile.h:
71         (JSC::ArithProfile::ArithProfile):
72         * bytecode/ArrayAllocationProfile.h:
73         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
74         * bytecode/ArrayProfile.h:
75         * bytecode/BytecodeBasicBlock.cpp:
76         (JSC::isJumpTarget):
77         (JSC::BytecodeBasicBlock::computeImpl):
78         (JSC::BytecodeBasicBlock::compute):
79         * bytecode/BytecodeBasicBlock.h:
80         (JSC::BytecodeBasicBlock::leaderOffset const):
81         (JSC::BytecodeBasicBlock::totalLength const):
82         (JSC::BytecodeBasicBlock::offsets const):
83         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
84         (JSC::BytecodeBasicBlock::addLength):
85         * bytecode/BytecodeDumper.cpp:
86         (JSC::BytecodeDumper<Block>::printLocationAndOp):
87         (JSC::BytecodeDumper<Block>::dumpBytecode):
88         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
89         (JSC::BytecodeDumper<Block>::dumpConstants):
90         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
91         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
92         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
93         (JSC::BytecodeDumper<Block>::dumpBlock):
94         * bytecode/BytecodeDumper.h:
95         (JSC::BytecodeDumper::dumpOperand):
96         (JSC::BytecodeDumper::dumpValue):
97         (JSC::BytecodeDumper::BytecodeDumper):
98         (JSC::BytecodeDumper::block const):
99         * bytecode/BytecodeGeneratorification.cpp:
100         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
101         (JSC::BytecodeGeneratorification::enterPoint const):
102         (JSC::BytecodeGeneratorification::instructions const):
103         (JSC::GeneratorLivenessAnalysis::run):
104         (JSC::BytecodeGeneratorification::run):
105         (JSC::performGeneratorification):
106         * bytecode/BytecodeGeneratorification.h:
107         * bytecode/BytecodeGraph.h:
108         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
109         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
110         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
111         (JSC::BytecodeGraph::BytecodeGraph):
112         * bytecode/BytecodeKills.h:
113         * bytecode/BytecodeList.json: Removed.
114         * bytecode/BytecodeList.rb: Added.
115         * bytecode/BytecodeLivenessAnalysis.cpp:
116         (JSC::BytecodeLivenessAnalysis::dumpResults):
117         * bytecode/BytecodeLivenessAnalysis.h:
118         * bytecode/BytecodeLivenessAnalysisInlines.h:
119         (JSC::isValidRegisterForLiveness):
120         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
121         * bytecode/BytecodeRewriter.cpp:
122         (JSC::BytecodeRewriter::applyModification):
123         (JSC::BytecodeRewriter::execute):
124         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
125         (JSC::BytecodeRewriter::insertImpl):
126         (JSC::BytecodeRewriter::adjustJumpTarget):
127         (JSC::BytecodeRewriter::adjustJumpTargets):
128         * bytecode/BytecodeRewriter.h:
129         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
130         (JSC::BytecodeRewriter::Fragment::Fragment):
131         (JSC::BytecodeRewriter::Fragment::appendInstruction):
132         (JSC::BytecodeRewriter::BytecodeRewriter):
133         (JSC::BytecodeRewriter::insertFragmentBefore):
134         (JSC::BytecodeRewriter::insertFragmentAfter):
135         (JSC::BytecodeRewriter::removeBytecode):
136         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
137         (JSC::BytecodeRewriter::adjustJumpTarget):
138         * bytecode/BytecodeUseDef.h:
139         (JSC::computeUsesForBytecodeOffset):
140         (JSC::computeDefsForBytecodeOffset):
141         * bytecode/CallLinkStatus.cpp:
142         (JSC::CallLinkStatus::computeFromLLInt):
143         * bytecode/CodeBlock.cpp:
144         (JSC::CodeBlock::dumpBytecode):
145         (JSC::CodeBlock::CodeBlock):
146         (JSC::CodeBlock::finishCreation):
147         (JSC::CodeBlock::estimatedSize):
148         (JSC::CodeBlock::visitChildren):
149         (JSC::CodeBlock::propagateTransitions):
150         (JSC::CodeBlock::finalizeLLIntInlineCaches):
151         (JSC::CodeBlock::addJITAddIC):
152         (JSC::CodeBlock::addJITMulIC):
153         (JSC::CodeBlock::addJITSubIC):
154         (JSC::CodeBlock::addJITNegIC):
155         (JSC::CodeBlock::stronglyVisitStrongReferences):
156         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
157         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
158         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
159         (JSC::CodeBlock::getArrayProfile):
160         (JSC::CodeBlock::updateAllArrayPredictions):
161         (JSC::CodeBlock::predictedMachineCodeSize):
162         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
163         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
164         (JSC::CodeBlock::valueProfileForBytecodeOffset):
165         (JSC::CodeBlock::validate):
166         (JSC::CodeBlock::outOfLineJumpOffset):
167         (JSC::CodeBlock::outOfLineJumpTarget):
168         (JSC::CodeBlock::arithProfileForBytecodeOffset):
169         (JSC::CodeBlock::arithProfileForPC):
170         (JSC::CodeBlock::couldTakeSpecialFastCase):
171         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
172         * bytecode/CodeBlock.h:
173         (JSC::CodeBlock::addMathIC):
174         (JSC::CodeBlock::outOfLineJumpOffset):
175         (JSC::CodeBlock::bytecodeOffset):
176         (JSC::CodeBlock::instructions const):
177         (JSC::CodeBlock::instructionCount const):
178         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
179         (JSC::CodeBlock::metadata):
180         (JSC::CodeBlock::metadataSizeInBytes):
181         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
182         (JSC::CodeBlock::totalNumberOfValueProfiles):
183         * bytecode/CodeBlockInlines.h: Added.
184         (JSC::CodeBlock::forEachValueProfile):
185         (JSC::CodeBlock::forEachArrayProfile):
186         (JSC::CodeBlock::forEachArrayAllocationProfile):
187         (JSC::CodeBlock::forEachObjectAllocationProfile):
188         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
189         * bytecode/Fits.h: Added.
190         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
191         * bytecode/GetByIdStatus.cpp:
192         (JSC::GetByIdStatus::computeFromLLInt):
193         * bytecode/Instruction.h:
194         (JSC::Instruction::Instruction):
195         (JSC::Instruction::Impl::opcodeID const):
196         (JSC::Instruction::opcodeID const):
197         (JSC::Instruction::name const):
198         (JSC::Instruction::isWide const):
199         (JSC::Instruction::size const):
200         (JSC::Instruction::is const):
201         (JSC::Instruction::as const):
202         (JSC::Instruction::cast):
203         (JSC::Instruction::cast const):
204         (JSC::Instruction::narrow const):
205         (JSC::Instruction::wide const):
206         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
207         (JSC::InstructionStream::InstructionStream):
208         (JSC::InstructionStream::sizeInBytes const):
209         * bytecode/InstructionStream.h: Added.
210         (JSC::InstructionStream::BaseRef::BaseRef):
211         (JSC::InstructionStream::BaseRef::operator=):
212         (JSC::InstructionStream::BaseRef::operator-> const):
213         (JSC::InstructionStream::BaseRef::ptr const):
214         (JSC::InstructionStream::BaseRef::operator!= const):
215         (JSC::InstructionStream::BaseRef::next const):
216         (JSC::InstructionStream::BaseRef::offset const):
217         (JSC::InstructionStream::BaseRef::isValid const):
218         (JSC::InstructionStream::BaseRef::unwrap const):
219         (JSC::InstructionStream::MutableRef::freeze const):
220         (JSC::InstructionStream::MutableRef::operator->):
221         (JSC::InstructionStream::MutableRef::ptr):
222         (JSC::InstructionStream::MutableRef::operator Ref):
223         (JSC::InstructionStream::MutableRef::unwrap):
224         (JSC::InstructionStream::iterator::operator*):
225         (JSC::InstructionStream::iterator::operator++):
226         (JSC::InstructionStream::begin const):
227         (JSC::InstructionStream::end const):
228         (JSC::InstructionStream::at const):
229         (JSC::InstructionStream::size const):
230         (JSC::InstructionStreamWriter::InstructionStreamWriter):
231         (JSC::InstructionStreamWriter::ref):
232         (JSC::InstructionStreamWriter::seek):
233         (JSC::InstructionStreamWriter::position):
234         (JSC::InstructionStreamWriter::write):
235         (JSC::InstructionStreamWriter::rewind):
236         (JSC::InstructionStreamWriter::finalize):
237         (JSC::InstructionStreamWriter::swap):
238         (JSC::InstructionStreamWriter::iterator::operator*):
239         (JSC::InstructionStreamWriter::iterator::operator++):
240         (JSC::InstructionStreamWriter::begin):
241         (JSC::InstructionStreamWriter::end):
242         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
243         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
244         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
245         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
246         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
247         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
248         (JSC::MetadataTable::MetadataTable):
249         (JSC::DeallocTable::withOpcodeType):
250         (JSC::MetadataTable::~MetadataTable):
251         (JSC::MetadataTable::sizeInBytes):
252         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
253         (JSC::MetadataTable::get):
254         (JSC::MetadataTable::forEach):
255         (JSC::MetadataTable::getImpl):
256         * bytecode/Opcode.cpp:
257         (JSC::metadataSize):
258         * bytecode/Opcode.h:
259         (JSC::padOpcodeName):
260         * bytecode/OpcodeInlines.h:
261         (JSC::isOpcodeShape):
262         (JSC::getOpcodeType):
263         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
264         * bytecode/PreciseJumpTargets.cpp:
265         (JSC::getJumpTargetsForInstruction):
266         (JSC::computePreciseJumpTargetsInternal):
267         (JSC::computePreciseJumpTargets):
268         (JSC::recomputePreciseJumpTargets):
269         (JSC::findJumpTargetsForInstruction):
270         * bytecode/PreciseJumpTargets.h:
271         * bytecode/PreciseJumpTargetsInlines.h:
272         (JSC::jumpTargetForInstruction):
273         (JSC::extractStoredJumpTargetsForInstruction):
274         (JSC::updateStoredJumpTargetsForInstruction):
275         * bytecode/PutByIdStatus.cpp:
276         (JSC::PutByIdStatus::computeFromLLInt):
277         * bytecode/SpecialPointer.cpp:
278         (WTF::printInternal):
279         * bytecode/SpecialPointer.h:
280         * bytecode/UnlinkedCodeBlock.cpp:
281         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
282         (JSC::UnlinkedCodeBlock::visitChildren):
283         (JSC::UnlinkedCodeBlock::estimatedSize):
284         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
285         (JSC::dumpLineColumnEntry):
286         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
287         (JSC::UnlinkedCodeBlock::setInstructions):
288         (JSC::UnlinkedCodeBlock::instructions const):
289         (JSC::UnlinkedCodeBlock::applyModification):
290         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
291         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
292         * bytecode/UnlinkedCodeBlock.h:
293         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
294         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
295         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
296         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
297         (JSC::UnlinkedCodeBlock::metadata):
298         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
299         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
300         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
301         * bytecode/UnlinkedInstructionStream.cpp: Removed.
302         * bytecode/UnlinkedInstructionStream.h: Removed.
303         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
304         * bytecode/UnlinkedMetadataTableInlines.h: Added.
305         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
306         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
307         (JSC::UnlinkedMetadataTable::addEntry):
308         (JSC::UnlinkedMetadataTable::sizeInBytes):
309         (JSC::UnlinkedMetadataTable::finalize):
310         (JSC::UnlinkedMetadataTable::link):
311         (JSC::UnlinkedMetadataTable::unlink):
312         * bytecode/VirtualRegister.cpp:
313         (JSC::VirtualRegister::VirtualRegister):
314         * bytecode/VirtualRegister.h:
315         * bytecompiler/BytecodeGenerator.cpp:
316         (JSC::Label::setLocation):
317         (JSC::Label::bind):
318         (JSC::BytecodeGenerator::generate):
319         (JSC::BytecodeGenerator::BytecodeGenerator):
320         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
321         (JSC::BytecodeGenerator::emitEnter):
322         (JSC::BytecodeGenerator::emitLoopHint):
323         (JSC::BytecodeGenerator::emitJump):
324         (JSC::BytecodeGenerator::emitCheckTraps):
325         (JSC::BytecodeGenerator::rewind):
326         (JSC::BytecodeGenerator::fuseCompareAndJump):
327         (JSC::BytecodeGenerator::fuseTestAndJmp):
328         (JSC::BytecodeGenerator::emitJumpIfTrue):
329         (JSC::BytecodeGenerator::emitJumpIfFalse):
330         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
331         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
332         (JSC::BytecodeGenerator::moveLinkTimeConstant):
333         (JSC::BytecodeGenerator::moveEmptyValue):
334         (JSC::BytecodeGenerator::emitMove):
335         (JSC::BytecodeGenerator::emitUnaryOp):
336         (JSC::BytecodeGenerator::emitBinaryOp):
337         (JSC::BytecodeGenerator::emitToObject):
338         (JSC::BytecodeGenerator::emitToNumber):
339         (JSC::BytecodeGenerator::emitToString):
340         (JSC::BytecodeGenerator::emitTypeOf):
341         (JSC::BytecodeGenerator::emitInc):
342         (JSC::BytecodeGenerator::emitDec):
343         (JSC::BytecodeGenerator::emitEqualityOp):
344         (JSC::BytecodeGenerator::emitProfileType):
345         (JSC::BytecodeGenerator::emitProfileControlFlow):
346         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
347         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
348         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
349         (JSC::BytecodeGenerator::emitOverridesHasInstance):
350         (JSC::BytecodeGenerator::emitResolveScope):
351         (JSC::BytecodeGenerator::emitGetFromScope):
352         (JSC::BytecodeGenerator::emitPutToScope):
353         (JSC::BytecodeGenerator::emitInstanceOf):
354         (JSC::BytecodeGenerator::emitInstanceOfCustom):
355         (JSC::BytecodeGenerator::emitInByVal):
356         (JSC::BytecodeGenerator::emitInById):
357         (JSC::BytecodeGenerator::emitTryGetById):
358         (JSC::BytecodeGenerator::emitGetById):
359         (JSC::BytecodeGenerator::emitDirectGetById):
360         (JSC::BytecodeGenerator::emitPutById):
361         (JSC::BytecodeGenerator::emitDirectPutById):
362         (JSC::BytecodeGenerator::emitPutGetterById):
363         (JSC::BytecodeGenerator::emitPutSetterById):
364         (JSC::BytecodeGenerator::emitPutGetterSetter):
365         (JSC::BytecodeGenerator::emitPutGetterByVal):
366         (JSC::BytecodeGenerator::emitPutSetterByVal):
367         (JSC::BytecodeGenerator::emitDeleteById):
368         (JSC::BytecodeGenerator::emitGetByVal):
369         (JSC::BytecodeGenerator::emitPutByVal):
370         (JSC::BytecodeGenerator::emitDirectPutByVal):
371         (JSC::BytecodeGenerator::emitDeleteByVal):
372         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
373         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
374         (JSC::BytecodeGenerator::emitIdWithProfile):
375         (JSC::BytecodeGenerator::emitUnreachable):
376         (JSC::BytecodeGenerator::emitGetArgument):
377         (JSC::BytecodeGenerator::emitCreateThis):
378         (JSC::BytecodeGenerator::emitTDZCheck):
379         (JSC::BytecodeGenerator::emitNewObject):
380         (JSC::BytecodeGenerator::emitNewArrayBuffer):
381         (JSC::BytecodeGenerator::emitNewArray):
382         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
383         (JSC::BytecodeGenerator::emitNewArrayWithSize):
384         (JSC::BytecodeGenerator::emitNewRegExp):
385         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
386         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
387         (JSC::BytecodeGenerator::emitNewFunction):
388         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
389         (JSC::BytecodeGenerator::emitCall):
390         (JSC::BytecodeGenerator::emitCallInTailPosition):
391         (JSC::BytecodeGenerator::emitCallEval):
392         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
393         (JSC::BytecodeGenerator::emitCallVarargs):
394         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
395         (JSC::BytecodeGenerator::emitConstructVarargs):
396         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
397         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
398         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
399         (JSC::BytecodeGenerator::emitCallDefineProperty):
400         (JSC::BytecodeGenerator::emitReturn):
401         (JSC::BytecodeGenerator::emitEnd):
402         (JSC::BytecodeGenerator::emitConstruct):
403         (JSC::BytecodeGenerator::emitStrcat):
404         (JSC::BytecodeGenerator::emitToPrimitive):
405         (JSC::BytecodeGenerator::emitGetScope):
406         (JSC::BytecodeGenerator::emitPushWithScope):
407         (JSC::BytecodeGenerator::emitGetParentScope):
408         (JSC::BytecodeGenerator::emitDebugHook):
409         (JSC::BytecodeGenerator::emitCatch):
410         (JSC::BytecodeGenerator::emitThrow):
411         (JSC::BytecodeGenerator::emitArgumentCount):
412         (JSC::BytecodeGenerator::emitThrowStaticError):
413         (JSC::BytecodeGenerator::beginSwitch):
414         (JSC::prepareJumpTableForSwitch):
415         (JSC::prepareJumpTableForStringSwitch):
416         (JSC::BytecodeGenerator::endSwitch):
417         (JSC::BytecodeGenerator::emitGetEnumerableLength):
418         (JSC::BytecodeGenerator::emitHasGenericProperty):
419         (JSC::BytecodeGenerator::emitHasIndexedProperty):
420         (JSC::BytecodeGenerator::emitHasStructureProperty):
421         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
422         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
423         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
424         (JSC::BytecodeGenerator::emitToIndexString):
425         (JSC::BytecodeGenerator::emitIsCellWithType):
426         (JSC::BytecodeGenerator::emitIsObject):
427         (JSC::BytecodeGenerator::emitIsNumber):
428         (JSC::BytecodeGenerator::emitIsUndefined):
429         (JSC::BytecodeGenerator::emitIsEmpty):
430         (JSC::BytecodeGenerator::emitRestParameter):
431         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
432         (JSC::BytecodeGenerator::emitYieldPoint):
433         (JSC::BytecodeGenerator::emitYield):
434         (JSC::BytecodeGenerator::emitGetAsyncIterator):
435         (JSC::BytecodeGenerator::emitDelegateYield):
436         (JSC::BytecodeGenerator::emitFinallyCompletion):
437         (JSC::BytecodeGenerator::emitJumpIf):
438         (JSC::ForInContext::finalize):
439         (JSC::StructureForInContext::finalize):
440         (JSC::IndexedForInContext::finalize):
441         (JSC::StaticPropertyAnalysis::record):
442         (JSC::BytecodeGenerator::emitToThis):
443         * bytecompiler/BytecodeGenerator.h:
444         (JSC::StructureForInContext::addGetInst):
445         (JSC::BytecodeGenerator::recordOpcode):
446         (JSC::BytecodeGenerator::addMetadataFor):
447         (JSC::BytecodeGenerator::emitUnaryOp):
448         (JSC::BytecodeGenerator::kill):
449         (JSC::BytecodeGenerator::instructions const):
450         (JSC::BytecodeGenerator::write):
451         (JSC::BytecodeGenerator::withWriter):
452         * bytecompiler/Label.h:
453         (JSC::Label::Label):
454         (JSC::Label::bind):
455         * bytecompiler/NodesCodegen.cpp:
456         (JSC::ArrayNode::emitBytecode):
457         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
458         (JSC::ApplyFunctionCallDotNode::emitBytecode):
459         (JSC::BitwiseNotNode::emitBytecode):
460         (JSC::BinaryOpNode::emitBytecode):
461         (JSC::EqualNode::emitBytecode):
462         (JSC::StrictEqualNode::emitBytecode):
463         (JSC::emitReadModifyAssignment):
464         (JSC::ForInNode::emitBytecode):
465         (JSC::CaseBlockNode::emitBytecodeForBlock):
466         (JSC::FunctionNode::emitBytecode):
467         (JSC::ClassExprNode::emitBytecode):
468         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
469         (WTF::printInternal):
470         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
471         * bytecompiler/RegisterID.h:
472         * bytecompiler/StaticPropertyAnalysis.h:
473         (JSC::StaticPropertyAnalysis::create):
474         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
475         * bytecompiler/StaticPropertyAnalyzer.h:
476         (JSC::StaticPropertyAnalyzer::createThis):
477         (JSC::StaticPropertyAnalyzer::newObject):
478         (JSC::StaticPropertyAnalyzer::putById):
479         (JSC::StaticPropertyAnalyzer::mov):
480         (JSC::StaticPropertyAnalyzer::kill):
481         * dfg/DFGByteCodeParser.cpp:
482         (JSC::DFG::ByteCodeParser::addCall):
483         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
484         (JSC::DFG::ByteCodeParser::getArrayMode):
485         (JSC::DFG::ByteCodeParser::handleCall):
486         (JSC::DFG::ByteCodeParser::handleVarargsCall):
487         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
488         (JSC::DFG::ByteCodeParser::inlineCall):
489         (JSC::DFG::ByteCodeParser::handleCallVariant):
490         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
491         (JSC::DFG::ByteCodeParser::handleInlining):
492         (JSC::DFG::ByteCodeParser::handleMinMax):
493         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
494         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
495         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
496         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
497         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
498         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
499         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
500         (JSC::DFG::ByteCodeParser::handleGetById):
501         (JSC::DFG::ByteCodeParser::handlePutById):
502         (JSC::DFG::ByteCodeParser::parseGetById):
503         (JSC::DFG::ByteCodeParser::parseBlock):
504         (JSC::DFG::ByteCodeParser::parseCodeBlock):
505         (JSC::DFG::ByteCodeParser::handlePutByVal):
506         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
507         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
508         (JSC::DFG::ByteCodeParser::handleNewFunc):
509         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
510         (JSC::DFG::ByteCodeParser::parse):
511         * dfg/DFGCapabilities.cpp:
512         (JSC::DFG::capabilityLevel):
513         * dfg/DFGCapabilities.h:
514         (JSC::DFG::capabilityLevel):
515         * dfg/DFGOSREntry.cpp:
516         (JSC::DFG::prepareCatchOSREntry):
517         * dfg/DFGSpeculativeJIT.cpp:
518         (JSC::DFG::SpeculativeJIT::compileValueAdd):
519         (JSC::DFG::SpeculativeJIT::compileValueSub):
520         (JSC::DFG::SpeculativeJIT::compileValueNegate):
521         (JSC::DFG::SpeculativeJIT::compileArithMul):
522         * ftl/FTLLowerDFGToB3.cpp:
523         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
524         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
525         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
526         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
527         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
528         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
529         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
530         * ftl/FTLOperations.cpp:
531         (JSC::FTL::operationMaterializeObjectInOSR):
532         * generate-bytecode-files: Removed.
533         * generator/Argument.rb: Added.
534         * generator/Assertion.rb: Added.
535         * generator/DSL.rb: Added.
536         * generator/Fits.rb: Added.
537         * generator/GeneratedFile.rb: Added.
538         * generator/Metadata.rb: Added.
539         * generator/Opcode.rb: Added.
540         * generator/OpcodeGroup.rb: Added.
541         * generator/Options.rb: Added.
542         * generator/Section.rb: Added.
543         * generator/Template.rb: Added.
544         * generator/Type.rb: Added.
545         * generator/main.rb: Added.
546         * interpreter/AbstractPC.h:
547         * interpreter/CallFrame.cpp:
548         (JSC::CallFrame::currentVPC const):
549         (JSC::CallFrame::setCurrentVPC):
550         * interpreter/CallFrame.h:
551         (JSC::CallSiteIndex::CallSiteIndex):
552         (JSC::ExecState::setReturnPC):
553         * interpreter/Interpreter.cpp:
554         (WTF::printInternal):
555         * interpreter/Interpreter.h:
556         * interpreter/InterpreterInlines.h:
557         * interpreter/StackVisitor.cpp:
558         (JSC::StackVisitor::Frame::dump const):
559         * interpreter/VMEntryRecord.h:
560         * jit/JIT.cpp:
561         (JSC::JIT::JIT):
562         (JSC::JIT::emitSlowCaseCall):
563         (JSC::JIT::privateCompileMainPass):
564         (JSC::JIT::privateCompileSlowCases):
565         (JSC::JIT::compileWithoutLinking):
566         (JSC::JIT::link):
567         * jit/JIT.h:
568         * jit/JITArithmetic.cpp:
569         (JSC::JIT::emit_op_jless):
570         (JSC::JIT::emit_op_jlesseq):
571         (JSC::JIT::emit_op_jgreater):
572         (JSC::JIT::emit_op_jgreatereq):
573         (JSC::JIT::emit_op_jnless):
574         (JSC::JIT::emit_op_jnlesseq):
575         (JSC::JIT::emit_op_jngreater):
576         (JSC::JIT::emit_op_jngreatereq):
577         (JSC::JIT::emitSlow_op_jless):
578         (JSC::JIT::emitSlow_op_jlesseq):
579         (JSC::JIT::emitSlow_op_jgreater):
580         (JSC::JIT::emitSlow_op_jgreatereq):
581         (JSC::JIT::emitSlow_op_jnless):
582         (JSC::JIT::emitSlow_op_jnlesseq):
583         (JSC::JIT::emitSlow_op_jngreater):
584         (JSC::JIT::emitSlow_op_jngreatereq):
585         (JSC::JIT::emit_op_below):
586         (JSC::JIT::emit_op_beloweq):
587         (JSC::JIT::emit_op_jbelow):
588         (JSC::JIT::emit_op_jbeloweq):
589         (JSC::JIT::emit_op_unsigned):
590         (JSC::JIT::emit_compareAndJump):
591         (JSC::JIT::emit_compareUnsignedAndJump):
592         (JSC::JIT::emit_compareUnsigned):
593         (JSC::JIT::emit_compareAndJumpSlow):
594         (JSC::JIT::emit_op_inc):
595         (JSC::JIT::emit_op_dec):
596         (JSC::JIT::emit_op_mod):
597         (JSC::JIT::emitSlow_op_mod):
598         (JSC::JIT::emit_op_negate):
599         (JSC::JIT::emitSlow_op_negate):
600         (JSC::JIT::emitBitBinaryOpFastPath):
601         (JSC::JIT::emit_op_bitand):
602         (JSC::JIT::emit_op_bitor):
603         (JSC::JIT::emit_op_bitxor):
604         (JSC::JIT::emit_op_lshift):
605         (JSC::JIT::emitRightShiftFastPath):
606         (JSC::JIT::emit_op_rshift):
607         (JSC::JIT::emit_op_urshift):
608         (JSC::getOperandTypes):
609         (JSC::JIT::emit_op_add):
610         (JSC::JIT::emitSlow_op_add):
611         (JSC::JIT::emitMathICFast):
612         (JSC::JIT::emitMathICSlow):
613         (JSC::JIT::emit_op_div):
614         (JSC::JIT::emit_op_mul):
615         (JSC::JIT::emitSlow_op_mul):
616         (JSC::JIT::emit_op_sub):
617         (JSC::JIT::emitSlow_op_sub):
618         * jit/JITCall.cpp:
619         (JSC::JIT::emitPutCallResult):
620         (JSC::JIT::compileSetupFrame):
621         (JSC::JIT::compileCallEval):
622         (JSC::JIT::compileCallEvalSlowCase):
623         (JSC::JIT::compileTailCall):
624         (JSC::JIT::compileOpCall):
625         (JSC::JIT::compileOpCallSlowCase):
626         (JSC::JIT::emit_op_call):
627         (JSC::JIT::emit_op_tail_call):
628         (JSC::JIT::emit_op_call_eval):
629         (JSC::JIT::emit_op_call_varargs):
630         (JSC::JIT::emit_op_tail_call_varargs):
631         (JSC::JIT::emit_op_tail_call_forward_arguments):
632         (JSC::JIT::emit_op_construct_varargs):
633         (JSC::JIT::emit_op_construct):
634         (JSC::JIT::emitSlow_op_call):
635         (JSC::JIT::emitSlow_op_tail_call):
636         (JSC::JIT::emitSlow_op_call_eval):
637         (JSC::JIT::emitSlow_op_call_varargs):
638         (JSC::JIT::emitSlow_op_tail_call_varargs):
639         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
640         (JSC::JIT::emitSlow_op_construct_varargs):
641         (JSC::JIT::emitSlow_op_construct):
642         * jit/JITDisassembler.cpp:
643         (JSC::JITDisassembler::JITDisassembler):
644         * jit/JITExceptions.cpp:
645         (JSC::genericUnwind):
646         * jit/JITInlines.h:
647         (JSC::JIT::emitDoubleGetByVal):
648         (JSC::JIT::emitLoadForArrayMode):
649         (JSC::JIT::emitContiguousGetByVal):
650         (JSC::JIT::emitArrayStorageGetByVal):
651         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
652         (JSC::JIT::sampleInstruction):
653         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
654         (JSC::JIT::emitValueProfilingSite):
655         (JSC::JIT::jumpTarget):
656         (JSC::JIT::copiedGetPutInfo):
657         (JSC::JIT::copiedArithProfile):
658         * jit/JITMathIC.h:
659         (JSC::isProfileEmpty):
660         (JSC::JITBinaryMathIC::JITBinaryMathIC):
661         (JSC::JITUnaryMathIC::JITUnaryMathIC):
662         * jit/JITOpcodes.cpp:
663         (JSC::JIT::emit_op_mov):
664         (JSC::JIT::emit_op_end):
665         (JSC::JIT::emit_op_jmp):
666         (JSC::JIT::emit_op_new_object):
667         (JSC::JIT::emitSlow_op_new_object):
668         (JSC::JIT::emit_op_overrides_has_instance):
669         (JSC::JIT::emit_op_instanceof):
670         (JSC::JIT::emitSlow_op_instanceof):
671         (JSC::JIT::emit_op_instanceof_custom):
672         (JSC::JIT::emit_op_is_empty):
673         (JSC::JIT::emit_op_is_undefined):
674         (JSC::JIT::emit_op_is_boolean):
675         (JSC::JIT::emit_op_is_number):
676         (JSC::JIT::emit_op_is_cell_with_type):
677         (JSC::JIT::emit_op_is_object):
678         (JSC::JIT::emit_op_ret):
679         (JSC::JIT::emit_op_to_primitive):
680         (JSC::JIT::emit_op_set_function_name):
681         (JSC::JIT::emit_op_not):
682         (JSC::JIT::emit_op_jfalse):
683         (JSC::JIT::emit_op_jeq_null):
684         (JSC::JIT::emit_op_jneq_null):
685         (JSC::JIT::emit_op_jneq_ptr):
686         (JSC::JIT::emit_op_eq):
687         (JSC::JIT::emit_op_jeq):
688         (JSC::JIT::emit_op_jtrue):
689         (JSC::JIT::emit_op_neq):
690         (JSC::JIT::emit_op_jneq):
691         (JSC::JIT::emit_op_throw):
692         (JSC::JIT::compileOpStrictEq):
693         (JSC::JIT::emit_op_stricteq):
694         (JSC::JIT::emit_op_nstricteq):
695         (JSC::JIT::compileOpStrictEqJump):
696         (JSC::JIT::emit_op_jstricteq):
697         (JSC::JIT::emit_op_jnstricteq):
698         (JSC::JIT::emitSlow_op_jstricteq):
699         (JSC::JIT::emitSlow_op_jnstricteq):
700         (JSC::JIT::emit_op_to_number):
701         (JSC::JIT::emit_op_to_string):
702         (JSC::JIT::emit_op_to_object):
703         (JSC::JIT::emit_op_catch):
704         (JSC::JIT::emit_op_identity_with_profile):
705         (JSC::JIT::emit_op_get_parent_scope):
706         (JSC::JIT::emit_op_switch_imm):
707         (JSC::JIT::emit_op_switch_char):
708         (JSC::JIT::emit_op_switch_string):
709         (JSC::JIT::emit_op_debug):
710         (JSC::JIT::emit_op_eq_null):
711         (JSC::JIT::emit_op_neq_null):
712         (JSC::JIT::emit_op_enter):
713         (JSC::JIT::emit_op_get_scope):
714         (JSC::JIT::emit_op_to_this):
715         (JSC::JIT::emit_op_create_this):
716         (JSC::JIT::emit_op_check_tdz):
717         (JSC::JIT::emitSlow_op_eq):
718         (JSC::JIT::emitSlow_op_neq):
719         (JSC::JIT::emitSlow_op_jeq):
720         (JSC::JIT::emitSlow_op_jneq):
721         (JSC::JIT::emitSlow_op_instanceof_custom):
722         (JSC::JIT::emit_op_loop_hint):
723         (JSC::JIT::emitSlow_op_loop_hint):
724         (JSC::JIT::emit_op_check_traps):
725         (JSC::JIT::emit_op_nop):
726         (JSC::JIT::emit_op_super_sampler_begin):
727         (JSC::JIT::emit_op_super_sampler_end):
728         (JSC::JIT::emitSlow_op_check_traps):
729         (JSC::JIT::emit_op_new_regexp):
730         (JSC::JIT::emitNewFuncCommon):
731         (JSC::JIT::emit_op_new_func):
732         (JSC::JIT::emit_op_new_generator_func):
733         (JSC::JIT::emit_op_new_async_generator_func):
734         (JSC::JIT::emit_op_new_async_func):
735         (JSC::JIT::emitNewFuncExprCommon):
736         (JSC::JIT::emit_op_new_func_exp):
737         (JSC::JIT::emit_op_new_generator_func_exp):
738         (JSC::JIT::emit_op_new_async_func_exp):
739         (JSC::JIT::emit_op_new_async_generator_func_exp):
740         (JSC::JIT::emit_op_new_array):
741         (JSC::JIT::emit_op_new_array_with_size):
742         (JSC::JIT::emit_op_has_structure_property):
743         (JSC::JIT::privateCompileHasIndexedProperty):
744         (JSC::JIT::emit_op_has_indexed_property):
745         (JSC::JIT::emitSlow_op_has_indexed_property):
746         (JSC::JIT::emit_op_get_direct_pname):
747         (JSC::JIT::emit_op_enumerator_structure_pname):
748         (JSC::JIT::emit_op_enumerator_generic_pname):
749         (JSC::JIT::emit_op_profile_type):
750         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
751         (JSC::JIT::emit_op_log_shadow_chicken_tail):
752         (JSC::JIT::emit_op_profile_control_flow):
753         (JSC::JIT::emit_op_argument_count):
754         (JSC::JIT::emit_op_get_rest_length):
755         (JSC::JIT::emit_op_get_argument):
756         * jit/JITOpcodes32_64.cpp:
757         (JSC::JIT::emit_op_to_this):
758         * jit/JITOperations.cpp:
759         * jit/JITOperations.h:
760         * jit/JITPropertyAccess.cpp:
761         (JSC::JIT::emit_op_get_by_val):
762         (JSC::JIT::emitGetByValWithCachedId):
763         (JSC::JIT::emitSlow_op_get_by_val):
764         (JSC::JIT::emit_op_put_by_val_direct):
765         (JSC::JIT::emit_op_put_by_val):
766         (JSC::JIT::emitGenericContiguousPutByVal):
767         (JSC::JIT::emitArrayStoragePutByVal):
768         (JSC::JIT::emitPutByValWithCachedId):
769         (JSC::JIT::emitSlow_op_put_by_val):
770         (JSC::JIT::emit_op_put_getter_by_id):
771         (JSC::JIT::emit_op_put_setter_by_id):
772         (JSC::JIT::emit_op_put_getter_setter_by_id):
773         (JSC::JIT::emit_op_put_getter_by_val):
774         (JSC::JIT::emit_op_put_setter_by_val):
775         (JSC::JIT::emit_op_del_by_id):
776         (JSC::JIT::emit_op_del_by_val):
777         (JSC::JIT::emit_op_try_get_by_id):
778         (JSC::JIT::emitSlow_op_try_get_by_id):
779         (JSC::JIT::emit_op_get_by_id_direct):
780         (JSC::JIT::emitSlow_op_get_by_id_direct):
781         (JSC::JIT::emit_op_get_by_id):
782         (JSC::JIT::emit_op_get_by_id_with_this):
783         (JSC::JIT::emitSlow_op_get_by_id):
784         (JSC::JIT::emitSlow_op_get_by_id_with_this):
785         (JSC::JIT::emit_op_put_by_id):
786         (JSC::JIT::emitSlow_op_put_by_id):
787         (JSC::JIT::emit_op_in_by_id):
788         (JSC::JIT::emitSlow_op_in_by_id):
789         (JSC::JIT::emit_op_resolve_scope):
790         (JSC::JIT::emit_op_get_from_scope):
791         (JSC::JIT::emitSlow_op_get_from_scope):
792         (JSC::JIT::emit_op_put_to_scope):
793         (JSC::JIT::emitSlow_op_put_to_scope):
794         (JSC::JIT::emit_op_get_from_arguments):
795         (JSC::JIT::emit_op_put_to_arguments):
796         (JSC::JIT::privateCompileGetByVal):
797         (JSC::JIT::privateCompileGetByValWithCachedId):
798         (JSC::JIT::privateCompilePutByVal):
799         (JSC::JIT::privateCompilePutByValWithCachedId):
800         (JSC::JIT::emitDoubleLoad):
801         (JSC::JIT::emitContiguousLoad):
802         (JSC::JIT::emitArrayStorageLoad):
803         (JSC::JIT::emitDirectArgumentsGetByVal):
804         (JSC::JIT::emitScopedArgumentsGetByVal):
805         (JSC::JIT::emitIntTypedArrayGetByVal):
806         (JSC::JIT::emitFloatTypedArrayGetByVal):
807         (JSC::JIT::emitIntTypedArrayPutByVal):
808         (JSC::JIT::emitFloatTypedArrayPutByVal):
809         * jit/RegisterSet.cpp:
810         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
811         * jit/SlowPathCall.h:
812         (JSC::JITSlowPathCall::JITSlowPathCall):
813         * llint/LLIntData.cpp:
814         (JSC::LLInt::initialize):
815         (JSC::LLInt::Data::performAssertions):
816         * llint/LLIntData.h:
817         (JSC::LLInt::exceptionInstructions):
818         (JSC::LLInt::opcodeMap):
819         (JSC::LLInt::opcodeMapWide):
820         (JSC::LLInt::getOpcode):
821         (JSC::LLInt::getOpcodeWide):
822         (JSC::LLInt::getWideCodePtr):
823         * llint/LLIntOffsetsExtractor.cpp:
824         * llint/LLIntSlowPaths.cpp:
825         (JSC::LLInt::llint_trace_operand):
826         (JSC::LLInt::llint_trace_value):
827         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
828         (JSC::LLInt::entryOSR):
829         (JSC::LLInt::setupGetByIdPrototypeCache):
830         (JSC::LLInt::getByVal):
831         (JSC::LLInt::handleHostCall):
832         (JSC::LLInt::setUpCall):
833         (JSC::LLInt::genericCall):
834         (JSC::LLInt::varargsSetup):
835         (JSC::LLInt::commonCallEval):
836         * llint/LLIntSlowPaths.h:
837         * llint/LowLevelInterpreter.asm:
838         * llint/LowLevelInterpreter.cpp:
839         (JSC::CLoopRegister::operator const Instruction*):
840         (JSC::CLoop::execute):
841         * llint/LowLevelInterpreter32_64.asm:
842         * llint/LowLevelInterpreter64.asm:
843         * offlineasm/arm64.rb:
844         * offlineasm/asm.rb:
845         * offlineasm/ast.rb:
846         * offlineasm/cloop.rb:
847         * offlineasm/generate_offset_extractor.rb:
848         * offlineasm/instructions.rb:
849         * offlineasm/offsets.rb:
850         * offlineasm/parser.rb:
851         * offlineasm/transform.rb:
852         * offlineasm/x86.rb:
853         * parser/ResultType.h:
854         (JSC::ResultType::dump const):
855         (JSC::OperandTypes::first const):
856         (JSC::OperandTypes::second const):
857         (JSC::OperandTypes::dump const):
858         * profiler/ProfilerBytecodeSequence.cpp:
859         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
860         * runtime/CommonSlowPaths.cpp:
861         (JSC::SLOW_PATH_DECL):
862         (JSC::updateArithProfileForUnaryArithOp):
863         (JSC::updateArithProfileForBinaryArithOp):
864         * runtime/CommonSlowPaths.h:
865         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
866         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
867         * runtime/ExceptionFuzz.cpp:
868         (JSC::doExceptionFuzzing):
869         * runtime/ExceptionFuzz.h:
870         (JSC::doExceptionFuzzingIfEnabled):
871         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
872         (JSC::GetPutInfo::dump const):
873         (WTF::printInternal):
874         * runtime/GetPutInfo.h:
875         (JSC::GetPutInfo::operand const):
876         * runtime/JSCPoison.h:
877         * runtime/JSType.cpp: Added.
878         (WTF::printInternal):
879         * runtime/JSType.h:
880         * runtime/SamplingProfiler.cpp:
881         (JSC::SamplingProfiler::StackFrame::displayName):
882         * runtime/SamplingProfiler.h:
883         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
884         * runtime/SlowPathReturnType.h:
885         (JSC::encodeResult):
886         (JSC::decodeResult):
887         * runtime/VM.h:
888         * runtime/Watchdog.h:
889         * tools/HeapVerifier.cpp:
890
891 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
892
893         Unreviewed, partial rolling in r237254
894         https://bugs.webkit.org/show_bug.cgi?id=190340
895
896         We do not use the added function right now to investigate what is the reason of the regression.
897         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
898         seems culprit of the regression on iOS devices.
899
900         * bytecode/UnlinkedFunctionExecutable.cpp:
901         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
902         * bytecode/UnlinkedFunctionExecutable.h:
903         * parser/SourceCodeKey.h:
904         (JSC::SourceCodeKey::SourceCodeKey):
905         (JSC::SourceCodeKey::operator== const):
906         * runtime/CodeCache.cpp:
907         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
908         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
909         * runtime/CodeCache.h:
910         * runtime/FunctionConstructor.cpp:
911         (JSC::constructFunctionSkippingEvalEnabledCheck):
912         * runtime/FunctionExecutable.cpp:
913         (JSC::FunctionExecutable::fromGlobalCode):
914         * runtime/FunctionExecutable.h:
915
916 2018-10-26  Commit Queue  <commit-queue@webkit.org>
917
918         Unreviewed, rolling out r237479 and r237484.
919         https://bugs.webkit.org/show_bug.cgi?id=190978
920
921         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
922
923         Reverted changesets:
924
925         "New bytecode format for JSC"
926         https://bugs.webkit.org/show_bug.cgi?id=187373
927         https://trac.webkit.org/changeset/237479
928
929         "Gardening: Build fix after r237479."
930         https://bugs.webkit.org/show_bug.cgi?id=187373
931         https://trac.webkit.org/changeset/237484
932
933 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
934
935         Gardening: Build fix after r237479.
936         https://bugs.webkit.org/show_bug.cgi?id=187373
937
938         Unreviewed.
939
940         * Configurations/JSC.xcconfig:
941         * JavaScriptCore.xcodeproj/project.pbxproj:
942         * llint/LLIntData.cpp:
943         (JSC::LLInt::initialize):
944
945 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
946
947         New bytecode format for JSC
948         https://bugs.webkit.org/show_bug.cgi?id=187373
949         <rdar://problem/44186758>
950
951         Reviewed by Filip Pizlo.
952
953         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
954         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
955         operands) and might contain an extra operand, the metadataID. The metadataID is used to
956         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
957
958         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
959         and types to all its operands. Additionally, reading a bytecode from the instruction stream
960         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
961         operands directly from the stream.
962
963
964         * CMakeLists.txt:
965         * DerivedSources.make:
966         * JavaScriptCore.xcodeproj/project.pbxproj:
967         * Sources.txt:
968         * assembler/MacroAssemblerCodeRef.h:
969         (JSC::ReturnAddressPtr::ReturnAddressPtr):
970         (JSC::ReturnAddressPtr::value const):
971         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
972         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
973         * bytecode/ArithProfile.h:
974         (JSC::ArithProfile::ArithProfile):
975         * bytecode/ArrayAllocationProfile.h:
976         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
977         * bytecode/ArrayProfile.h:
978         * bytecode/BytecodeBasicBlock.cpp:
979         (JSC::isJumpTarget):
980         (JSC::BytecodeBasicBlock::computeImpl):
981         (JSC::BytecodeBasicBlock::compute):
982         * bytecode/BytecodeBasicBlock.h:
983         (JSC::BytecodeBasicBlock::leaderOffset const):
984         (JSC::BytecodeBasicBlock::totalLength const):
985         (JSC::BytecodeBasicBlock::offsets const):
986         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
987         (JSC::BytecodeBasicBlock::addLength):
988         * bytecode/BytecodeDumper.cpp:
989         (JSC::BytecodeDumper<Block>::printLocationAndOp):
990         (JSC::BytecodeDumper<Block>::dumpBytecode):
991         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
992         (JSC::BytecodeDumper<Block>::dumpConstants):
993         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
994         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
995         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
996         (JSC::BytecodeDumper<Block>::dumpBlock):
997         * bytecode/BytecodeDumper.h:
998         (JSC::BytecodeDumper::dumpOperand):
999         (JSC::BytecodeDumper::dumpValue):
1000         (JSC::BytecodeDumper::BytecodeDumper):
1001         (JSC::BytecodeDumper::block const):
1002         * bytecode/BytecodeGeneratorification.cpp:
1003         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
1004         (JSC::BytecodeGeneratorification::enterPoint const):
1005         (JSC::BytecodeGeneratorification::instructions const):
1006         (JSC::GeneratorLivenessAnalysis::run):
1007         (JSC::BytecodeGeneratorification::run):
1008         (JSC::performGeneratorification):
1009         * bytecode/BytecodeGeneratorification.h:
1010         * bytecode/BytecodeGraph.h:
1011         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
1012         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
1013         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
1014         (JSC::BytecodeGraph::BytecodeGraph):
1015         * bytecode/BytecodeKills.h:
1016         * bytecode/BytecodeList.json: Removed.
1017         * bytecode/BytecodeList.rb: Added.
1018         * bytecode/BytecodeLivenessAnalysis.cpp:
1019         (JSC::BytecodeLivenessAnalysis::dumpResults):
1020         * bytecode/BytecodeLivenessAnalysis.h:
1021         * bytecode/BytecodeLivenessAnalysisInlines.h:
1022         (JSC::isValidRegisterForLiveness):
1023         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
1024         * bytecode/BytecodeRewriter.cpp:
1025         (JSC::BytecodeRewriter::applyModification):
1026         (JSC::BytecodeRewriter::execute):
1027         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
1028         (JSC::BytecodeRewriter::insertImpl):
1029         (JSC::BytecodeRewriter::adjustJumpTarget):
1030         (JSC::BytecodeRewriter::adjustJumpTargets):
1031         * bytecode/BytecodeRewriter.h:
1032         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
1033         (JSC::BytecodeRewriter::Fragment::Fragment):
1034         (JSC::BytecodeRewriter::Fragment::appendInstruction):
1035         (JSC::BytecodeRewriter::BytecodeRewriter):
1036         (JSC::BytecodeRewriter::insertFragmentBefore):
1037         (JSC::BytecodeRewriter::insertFragmentAfter):
1038         (JSC::BytecodeRewriter::removeBytecode):
1039         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
1040         (JSC::BytecodeRewriter::adjustJumpTarget):
1041         * bytecode/BytecodeUseDef.h:
1042         (JSC::computeUsesForBytecodeOffset):
1043         (JSC::computeDefsForBytecodeOffset):
1044         * bytecode/CallLinkStatus.cpp:
1045         (JSC::CallLinkStatus::computeFromLLInt):
1046         * bytecode/CodeBlock.cpp:
1047         (JSC::CodeBlock::dumpBytecode):
1048         (JSC::CodeBlock::CodeBlock):
1049         (JSC::CodeBlock::finishCreation):
1050         (JSC::CodeBlock::estimatedSize):
1051         (JSC::CodeBlock::visitChildren):
1052         (JSC::CodeBlock::propagateTransitions):
1053         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1054         (JSC::CodeBlock::addJITAddIC):
1055         (JSC::CodeBlock::addJITMulIC):
1056         (JSC::CodeBlock::addJITSubIC):
1057         (JSC::CodeBlock::addJITNegIC):
1058         (JSC::CodeBlock::stronglyVisitStrongReferences):
1059         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
1060         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
1061         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
1062         (JSC::CodeBlock::getArrayProfile):
1063         (JSC::CodeBlock::updateAllArrayPredictions):
1064         (JSC::CodeBlock::predictedMachineCodeSize):
1065         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
1066         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
1067         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1068         (JSC::CodeBlock::validate):
1069         (JSC::CodeBlock::outOfLineJumpOffset):
1070         (JSC::CodeBlock::outOfLineJumpTarget):
1071         (JSC::CodeBlock::arithProfileForBytecodeOffset):
1072         (JSC::CodeBlock::arithProfileForPC):
1073         (JSC::CodeBlock::couldTakeSpecialFastCase):
1074         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1075         * bytecode/CodeBlock.h:
1076         (JSC::CodeBlock::addMathIC):
1077         (JSC::CodeBlock::outOfLineJumpOffset):
1078         (JSC::CodeBlock::bytecodeOffset):
1079         (JSC::CodeBlock::instructions const):
1080         (JSC::CodeBlock::instructionCount const):
1081         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1082         (JSC::CodeBlock::metadata):
1083         (JSC::CodeBlock::metadataSizeInBytes):
1084         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
1085         (JSC::CodeBlock::totalNumberOfValueProfiles):
1086         * bytecode/CodeBlockInlines.h: Added.
1087         (JSC::CodeBlock::forEachValueProfile):
1088         (JSC::CodeBlock::forEachArrayProfile):
1089         (JSC::CodeBlock::forEachArrayAllocationProfile):
1090         (JSC::CodeBlock::forEachObjectAllocationProfile):
1091         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
1092         * bytecode/Fits.h: Added.
1093         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1094         * bytecode/GetByIdStatus.cpp:
1095         (JSC::GetByIdStatus::computeFromLLInt):
1096         * bytecode/Instruction.h:
1097         (JSC::Instruction::Instruction):
1098         (JSC::Instruction::Impl::opcodeID const):
1099         (JSC::Instruction::opcodeID const):
1100         (JSC::Instruction::name const):
1101         (JSC::Instruction::isWide const):
1102         (JSC::Instruction::size const):
1103         (JSC::Instruction::is const):
1104         (JSC::Instruction::as const):
1105         (JSC::Instruction::cast):
1106         (JSC::Instruction::cast const):
1107         (JSC::Instruction::narrow const):
1108         (JSC::Instruction::wide const):
1109         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1110         (JSC::InstructionStream::InstructionStream):
1111         (JSC::InstructionStream::sizeInBytes const):
1112         * bytecode/InstructionStream.h: Added.
1113         (JSC::InstructionStream::BaseRef::BaseRef):
1114         (JSC::InstructionStream::BaseRef::operator=):
1115         (JSC::InstructionStream::BaseRef::operator-> const):
1116         (JSC::InstructionStream::BaseRef::ptr const):
1117         (JSC::InstructionStream::BaseRef::operator!= const):
1118         (JSC::InstructionStream::BaseRef::next const):
1119         (JSC::InstructionStream::BaseRef::offset const):
1120         (JSC::InstructionStream::BaseRef::isValid const):
1121         (JSC::InstructionStream::BaseRef::unwrap const):
1122         (JSC::InstructionStream::MutableRef::freeze const):
1123         (JSC::InstructionStream::MutableRef::operator->):
1124         (JSC::InstructionStream::MutableRef::ptr):
1125         (JSC::InstructionStream::MutableRef::operator Ref):
1126         (JSC::InstructionStream::MutableRef::unwrap):
1127         (JSC::InstructionStream::iterator::operator*):
1128         (JSC::InstructionStream::iterator::operator++):
1129         (JSC::InstructionStream::begin const):
1130         (JSC::InstructionStream::end const):
1131         (JSC::InstructionStream::at const):
1132         (JSC::InstructionStream::size const):
1133         (JSC::InstructionStreamWriter::InstructionStreamWriter):
1134         (JSC::InstructionStreamWriter::ref):
1135         (JSC::InstructionStreamWriter::seek):
1136         (JSC::InstructionStreamWriter::position):
1137         (JSC::InstructionStreamWriter::write):
1138         (JSC::InstructionStreamWriter::rewind):
1139         (JSC::InstructionStreamWriter::finalize):
1140         (JSC::InstructionStreamWriter::swap):
1141         (JSC::InstructionStreamWriter::iterator::operator*):
1142         (JSC::InstructionStreamWriter::iterator::operator++):
1143         (JSC::InstructionStreamWriter::begin):
1144         (JSC::InstructionStreamWriter::end):
1145         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
1146         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
1147         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
1148         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
1149         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
1150         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1151         (JSC::MetadataTable::MetadataTable):
1152         (JSC::DeallocTable::withOpcodeType):
1153         (JSC::MetadataTable::~MetadataTable):
1154         (JSC::MetadataTable::sizeInBytes):
1155         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
1156         (JSC::MetadataTable::get):
1157         (JSC::MetadataTable::forEach):
1158         (JSC::MetadataTable::getImpl):
1159         * bytecode/Opcode.cpp:
1160         (JSC::metadataSize):
1161         * bytecode/Opcode.h:
1162         (JSC::padOpcodeName):
1163         * bytecode/OpcodeInlines.h:
1164         (JSC::isOpcodeShape):
1165         (JSC::getOpcodeType):
1166         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1167         * bytecode/PreciseJumpTargets.cpp:
1168         (JSC::getJumpTargetsForInstruction):
1169         (JSC::computePreciseJumpTargetsInternal):
1170         (JSC::computePreciseJumpTargets):
1171         (JSC::recomputePreciseJumpTargets):
1172         (JSC::findJumpTargetsForInstruction):
1173         * bytecode/PreciseJumpTargets.h:
1174         * bytecode/PreciseJumpTargetsInlines.h:
1175         (JSC::jumpTargetForInstruction):
1176         (JSC::extractStoredJumpTargetsForInstruction):
1177         (JSC::updateStoredJumpTargetsForInstruction):
1178         * bytecode/PutByIdStatus.cpp:
1179         (JSC::PutByIdStatus::computeFromLLInt):
1180         * bytecode/SpecialPointer.cpp:
1181         (WTF::printInternal):
1182         * bytecode/SpecialPointer.h:
1183         * bytecode/UnlinkedCodeBlock.cpp:
1184         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1185         (JSC::UnlinkedCodeBlock::visitChildren):
1186         (JSC::UnlinkedCodeBlock::estimatedSize):
1187         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1188         (JSC::dumpLineColumnEntry):
1189         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
1190         (JSC::UnlinkedCodeBlock::setInstructions):
1191         (JSC::UnlinkedCodeBlock::instructions const):
1192         (JSC::UnlinkedCodeBlock::applyModification):
1193         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
1194         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1195         * bytecode/UnlinkedCodeBlock.h:
1196         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
1197         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
1198         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
1199         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
1200         (JSC::UnlinkedCodeBlock::metadata):
1201         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
1202         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1203         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
1204         * bytecode/UnlinkedInstructionStream.cpp: Removed.
1205         * bytecode/UnlinkedInstructionStream.h: Removed.
1206         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1207         * bytecode/UnlinkedMetadataTableInlines.h: Added.
1208         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1209         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
1210         (JSC::UnlinkedMetadataTable::addEntry):
1211         (JSC::UnlinkedMetadataTable::sizeInBytes):
1212         (JSC::UnlinkedMetadataTable::finalize):
1213         (JSC::UnlinkedMetadataTable::link):
1214         (JSC::UnlinkedMetadataTable::unlink):
1215         * bytecode/VirtualRegister.cpp:
1216         (JSC::VirtualRegister::VirtualRegister):
1217         * bytecode/VirtualRegister.h:
1218         * bytecompiler/BytecodeGenerator.cpp:
1219         (JSC::Label::setLocation):
1220         (JSC::Label::bind):
1221         (JSC::BytecodeGenerator::generate):
1222         (JSC::BytecodeGenerator::BytecodeGenerator):
1223         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
1224         (JSC::BytecodeGenerator::emitEnter):
1225         (JSC::BytecodeGenerator::emitLoopHint):
1226         (JSC::BytecodeGenerator::emitJump):
1227         (JSC::BytecodeGenerator::emitCheckTraps):
1228         (JSC::BytecodeGenerator::rewind):
1229         (JSC::BytecodeGenerator::fuseCompareAndJump):
1230         (JSC::BytecodeGenerator::fuseTestAndJmp):
1231         (JSC::BytecodeGenerator::emitJumpIfTrue):
1232         (JSC::BytecodeGenerator::emitJumpIfFalse):
1233         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1234         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1235         (JSC::BytecodeGenerator::moveLinkTimeConstant):
1236         (JSC::BytecodeGenerator::moveEmptyValue):
1237         (JSC::BytecodeGenerator::emitMove):
1238         (JSC::BytecodeGenerator::emitUnaryOp):
1239         (JSC::BytecodeGenerator::emitBinaryOp):
1240         (JSC::BytecodeGenerator::emitToObject):
1241         (JSC::BytecodeGenerator::emitToNumber):
1242         (JSC::BytecodeGenerator::emitToString):
1243         (JSC::BytecodeGenerator::emitTypeOf):
1244         (JSC::BytecodeGenerator::emitInc):
1245         (JSC::BytecodeGenerator::emitDec):
1246         (JSC::BytecodeGenerator::emitEqualityOp):
1247         (JSC::BytecodeGenerator::emitProfileType):
1248         (JSC::BytecodeGenerator::emitProfileControlFlow):
1249         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1250         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
1251         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1252         (JSC::BytecodeGenerator::emitOverridesHasInstance):
1253         (JSC::BytecodeGenerator::emitResolveScope):
1254         (JSC::BytecodeGenerator::emitGetFromScope):
1255         (JSC::BytecodeGenerator::emitPutToScope):
1256         (JSC::BytecodeGenerator::emitInstanceOf):
1257         (JSC::BytecodeGenerator::emitInstanceOfCustom):
1258         (JSC::BytecodeGenerator::emitInByVal):
1259         (JSC::BytecodeGenerator::emitInById):
1260         (JSC::BytecodeGenerator::emitTryGetById):
1261         (JSC::BytecodeGenerator::emitGetById):
1262         (JSC::BytecodeGenerator::emitDirectGetById):
1263         (JSC::BytecodeGenerator::emitPutById):
1264         (JSC::BytecodeGenerator::emitDirectPutById):
1265         (JSC::BytecodeGenerator::emitPutGetterById):
1266         (JSC::BytecodeGenerator::emitPutSetterById):
1267         (JSC::BytecodeGenerator::emitPutGetterSetter):
1268         (JSC::BytecodeGenerator::emitPutGetterByVal):
1269         (JSC::BytecodeGenerator::emitPutSetterByVal):
1270         (JSC::BytecodeGenerator::emitDeleteById):
1271         (JSC::BytecodeGenerator::emitGetByVal):
1272         (JSC::BytecodeGenerator::emitPutByVal):
1273         (JSC::BytecodeGenerator::emitDirectPutByVal):
1274         (JSC::BytecodeGenerator::emitDeleteByVal):
1275         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
1276         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
1277         (JSC::BytecodeGenerator::emitIdWithProfile):
1278         (JSC::BytecodeGenerator::emitUnreachable):
1279         (JSC::BytecodeGenerator::emitGetArgument):
1280         (JSC::BytecodeGenerator::emitCreateThis):
1281         (JSC::BytecodeGenerator::emitTDZCheck):
1282         (JSC::BytecodeGenerator::emitNewObject):
1283         (JSC::BytecodeGenerator::emitNewArrayBuffer):
1284         (JSC::BytecodeGenerator::emitNewArray):
1285         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
1286         (JSC::BytecodeGenerator::emitNewArrayWithSize):
1287         (JSC::BytecodeGenerator::emitNewRegExp):
1288         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1289         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
1290         (JSC::BytecodeGenerator::emitNewFunction):
1291         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
1292         (JSC::BytecodeGenerator::emitCall):
1293         (JSC::BytecodeGenerator::emitCallInTailPosition):
1294         (JSC::BytecodeGenerator::emitCallEval):
1295         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
1296         (JSC::BytecodeGenerator::emitCallVarargs):
1297         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
1298         (JSC::BytecodeGenerator::emitConstructVarargs):
1299         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
1300         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
1301         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
1302         (JSC::BytecodeGenerator::emitCallDefineProperty):
1303         (JSC::BytecodeGenerator::emitReturn):
1304         (JSC::BytecodeGenerator::emitEnd):
1305         (JSC::BytecodeGenerator::emitConstruct):
1306         (JSC::BytecodeGenerator::emitStrcat):
1307         (JSC::BytecodeGenerator::emitToPrimitive):
1308         (JSC::BytecodeGenerator::emitGetScope):
1309         (JSC::BytecodeGenerator::emitPushWithScope):
1310         (JSC::BytecodeGenerator::emitGetParentScope):
1311         (JSC::BytecodeGenerator::emitDebugHook):
1312         (JSC::BytecodeGenerator::emitCatch):
1313         (JSC::BytecodeGenerator::emitThrow):
1314         (JSC::BytecodeGenerator::emitArgumentCount):
1315         (JSC::BytecodeGenerator::emitThrowStaticError):
1316         (JSC::BytecodeGenerator::beginSwitch):
1317         (JSC::prepareJumpTableForSwitch):
1318         (JSC::prepareJumpTableForStringSwitch):
1319         (JSC::BytecodeGenerator::endSwitch):
1320         (JSC::BytecodeGenerator::emitGetEnumerableLength):
1321         (JSC::BytecodeGenerator::emitHasGenericProperty):
1322         (JSC::BytecodeGenerator::emitHasIndexedProperty):
1323         (JSC::BytecodeGenerator::emitHasStructureProperty):
1324         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
1325         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
1326         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
1327         (JSC::BytecodeGenerator::emitToIndexString):
1328         (JSC::BytecodeGenerator::emitIsCellWithType):
1329         (JSC::BytecodeGenerator::emitIsObject):
1330         (JSC::BytecodeGenerator::emitIsNumber):
1331         (JSC::BytecodeGenerator::emitIsUndefined):
1332         (JSC::BytecodeGenerator::emitIsEmpty):
1333         (JSC::BytecodeGenerator::emitRestParameter):
1334         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1335         (JSC::BytecodeGenerator::emitYieldPoint):
1336         (JSC::BytecodeGenerator::emitYield):
1337         (JSC::BytecodeGenerator::emitGetAsyncIterator):
1338         (JSC::BytecodeGenerator::emitDelegateYield):
1339         (JSC::BytecodeGenerator::emitFinallyCompletion):
1340         (JSC::BytecodeGenerator::emitJumpIf):
1341         (JSC::ForInContext::finalize):
1342         (JSC::StructureForInContext::finalize):
1343         (JSC::IndexedForInContext::finalize):
1344         (JSC::StaticPropertyAnalysis::record):
1345         (JSC::BytecodeGenerator::emitToThis):
1346         * bytecompiler/BytecodeGenerator.h:
1347         (JSC::StructureForInContext::addGetInst):
1348         (JSC::BytecodeGenerator::recordOpcode):
1349         (JSC::BytecodeGenerator::addMetadataFor):
1350         (JSC::BytecodeGenerator::emitUnaryOp):
1351         (JSC::BytecodeGenerator::kill):
1352         (JSC::BytecodeGenerator::instructions const):
1353         (JSC::BytecodeGenerator::write):
1354         (JSC::BytecodeGenerator::withWriter):
1355         * bytecompiler/Label.h:
1356         (JSC::Label::Label):
1357         (JSC::Label::bind):
1358         * bytecompiler/NodesCodegen.cpp:
1359         (JSC::ArrayNode::emitBytecode):
1360         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
1361         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1362         (JSC::BitwiseNotNode::emitBytecode):
1363         (JSC::BinaryOpNode::emitBytecode):
1364         (JSC::EqualNode::emitBytecode):
1365         (JSC::StrictEqualNode::emitBytecode):
1366         (JSC::emitReadModifyAssignment):
1367         (JSC::ForInNode::emitBytecode):
1368         (JSC::CaseBlockNode::emitBytecodeForBlock):
1369         (JSC::FunctionNode::emitBytecode):
1370         (JSC::ClassExprNode::emitBytecode):
1371         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
1372         (WTF::printInternal):
1373         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1374         * bytecompiler/RegisterID.h:
1375         * bytecompiler/StaticPropertyAnalysis.h:
1376         (JSC::StaticPropertyAnalysis::create):
1377         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
1378         * bytecompiler/StaticPropertyAnalyzer.h:
1379         (JSC::StaticPropertyAnalyzer::createThis):
1380         (JSC::StaticPropertyAnalyzer::newObject):
1381         (JSC::StaticPropertyAnalyzer::putById):
1382         (JSC::StaticPropertyAnalyzer::mov):
1383         (JSC::StaticPropertyAnalyzer::kill):
1384         * dfg/DFGByteCodeParser.cpp:
1385         (JSC::DFG::ByteCodeParser::addCall):
1386         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1387         (JSC::DFG::ByteCodeParser::getArrayMode):
1388         (JSC::DFG::ByteCodeParser::handleCall):
1389         (JSC::DFG::ByteCodeParser::handleVarargsCall):
1390         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
1391         (JSC::DFG::ByteCodeParser::inlineCall):
1392         (JSC::DFG::ByteCodeParser::handleCallVariant):
1393         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
1394         (JSC::DFG::ByteCodeParser::handleInlining):
1395         (JSC::DFG::ByteCodeParser::handleMinMax):
1396         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1397         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
1398         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
1399         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
1400         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
1401         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
1402         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1403         (JSC::DFG::ByteCodeParser::handleGetById):
1404         (JSC::DFG::ByteCodeParser::handlePutById):
1405         (JSC::DFG::ByteCodeParser::parseGetById):
1406         (JSC::DFG::ByteCodeParser::parseBlock):
1407         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1408         (JSC::DFG::ByteCodeParser::handlePutByVal):
1409         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
1410         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
1411         (JSC::DFG::ByteCodeParser::handleNewFunc):
1412         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
1413         (JSC::DFG::ByteCodeParser::parse):
1414         * dfg/DFGCapabilities.cpp:
1415         (JSC::DFG::capabilityLevel):
1416         * dfg/DFGCapabilities.h:
1417         (JSC::DFG::capabilityLevel):
1418         * dfg/DFGOSREntry.cpp:
1419         (JSC::DFG::prepareCatchOSREntry):
1420         * dfg/DFGSpeculativeJIT.cpp:
1421         (JSC::DFG::SpeculativeJIT::compileValueAdd):
1422         (JSC::DFG::SpeculativeJIT::compileValueSub):
1423         (JSC::DFG::SpeculativeJIT::compileValueNegate):
1424         (JSC::DFG::SpeculativeJIT::compileArithMul):
1425         * ftl/FTLLowerDFGToB3.cpp:
1426         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
1427         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
1428         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
1429         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
1430         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
1431         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
1432         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
1433         * ftl/FTLOperations.cpp:
1434         (JSC::FTL::operationMaterializeObjectInOSR):
1435         * generate-bytecode-files: Removed.
1436         * generator/Argument.rb: Added.
1437         * generator/Assertion.rb: Added.
1438         * generator/DSL.rb: Added.
1439         * generator/Fits.rb: Added.
1440         * generator/GeneratedFile.rb: Added.
1441         * generator/Metadata.rb: Added.
1442         * generator/Opcode.rb: Added.
1443         * generator/OpcodeGroup.rb: Added.
1444         * generator/Options.rb: Added.
1445         * generator/Section.rb: Added.
1446         * generator/Template.rb: Added.
1447         * generator/Type.rb: Added.
1448         * generator/main.rb: Added.
1449         * interpreter/AbstractPC.h:
1450         * interpreter/CallFrame.cpp:
1451         (JSC::CallFrame::currentVPC const):
1452         (JSC::CallFrame::setCurrentVPC):
1453         * interpreter/CallFrame.h:
1454         (JSC::CallSiteIndex::CallSiteIndex):
1455         (JSC::ExecState::setReturnPC):
1456         * interpreter/Interpreter.cpp:
1457         (WTF::printInternal):
1458         * interpreter/Interpreter.h:
1459         * interpreter/InterpreterInlines.h:
1460         * interpreter/StackVisitor.cpp:
1461         (JSC::StackVisitor::Frame::dump const):
1462         * interpreter/VMEntryRecord.h:
1463         * jit/JIT.cpp:
1464         (JSC::JIT::JIT):
1465         (JSC::JIT::emitSlowCaseCall):
1466         (JSC::JIT::privateCompileMainPass):
1467         (JSC::JIT::privateCompileSlowCases):
1468         (JSC::JIT::compileWithoutLinking):
1469         (JSC::JIT::link):
1470         * jit/JIT.h:
1471         * jit/JITArithmetic.cpp:
1472         (JSC::JIT::emit_op_jless):
1473         (JSC::JIT::emit_op_jlesseq):
1474         (JSC::JIT::emit_op_jgreater):
1475         (JSC::JIT::emit_op_jgreatereq):
1476         (JSC::JIT::emit_op_jnless):
1477         (JSC::JIT::emit_op_jnlesseq):
1478         (JSC::JIT::emit_op_jngreater):
1479         (JSC::JIT::emit_op_jngreatereq):
1480         (JSC::JIT::emitSlow_op_jless):
1481         (JSC::JIT::emitSlow_op_jlesseq):
1482         (JSC::JIT::emitSlow_op_jgreater):
1483         (JSC::JIT::emitSlow_op_jgreatereq):
1484         (JSC::JIT::emitSlow_op_jnless):
1485         (JSC::JIT::emitSlow_op_jnlesseq):
1486         (JSC::JIT::emitSlow_op_jngreater):
1487         (JSC::JIT::emitSlow_op_jngreatereq):
1488         (JSC::JIT::emit_op_below):
1489         (JSC::JIT::emit_op_beloweq):
1490         (JSC::JIT::emit_op_jbelow):
1491         (JSC::JIT::emit_op_jbeloweq):
1492         (JSC::JIT::emit_op_unsigned):
1493         (JSC::JIT::emit_compareAndJump):
1494         (JSC::JIT::emit_compareUnsignedAndJump):
1495         (JSC::JIT::emit_compareUnsigned):
1496         (JSC::JIT::emit_compareAndJumpSlow):
1497         (JSC::JIT::emit_op_inc):
1498         (JSC::JIT::emit_op_dec):
1499         (JSC::JIT::emit_op_mod):
1500         (JSC::JIT::emitSlow_op_mod):
1501         (JSC::JIT::emit_op_negate):
1502         (JSC::JIT::emitSlow_op_negate):
1503         (JSC::JIT::emitBitBinaryOpFastPath):
1504         (JSC::JIT::emit_op_bitand):
1505         (JSC::JIT::emit_op_bitor):
1506         (JSC::JIT::emit_op_bitxor):
1507         (JSC::JIT::emit_op_lshift):
1508         (JSC::JIT::emitRightShiftFastPath):
1509         (JSC::JIT::emit_op_rshift):
1510         (JSC::JIT::emit_op_urshift):
1511         (JSC::getOperandTypes):
1512         (JSC::JIT::emit_op_add):
1513         (JSC::JIT::emitSlow_op_add):
1514         (JSC::JIT::emitMathICFast):
1515         (JSC::JIT::emitMathICSlow):
1516         (JSC::JIT::emit_op_div):
1517         (JSC::JIT::emit_op_mul):
1518         (JSC::JIT::emitSlow_op_mul):
1519         (JSC::JIT::emit_op_sub):
1520         (JSC::JIT::emitSlow_op_sub):
1521         * jit/JITCall.cpp:
1522         (JSC::JIT::emitPutCallResult):
1523         (JSC::JIT::compileSetupFrame):
1524         (JSC::JIT::compileCallEval):
1525         (JSC::JIT::compileCallEvalSlowCase):
1526         (JSC::JIT::compileTailCall):
1527         (JSC::JIT::compileOpCall):
1528         (JSC::JIT::compileOpCallSlowCase):
1529         (JSC::JIT::emit_op_call):
1530         (JSC::JIT::emit_op_tail_call):
1531         (JSC::JIT::emit_op_call_eval):
1532         (JSC::JIT::emit_op_call_varargs):
1533         (JSC::JIT::emit_op_tail_call_varargs):
1534         (JSC::JIT::emit_op_tail_call_forward_arguments):
1535         (JSC::JIT::emit_op_construct_varargs):
1536         (JSC::JIT::emit_op_construct):
1537         (JSC::JIT::emitSlow_op_call):
1538         (JSC::JIT::emitSlow_op_tail_call):
1539         (JSC::JIT::emitSlow_op_call_eval):
1540         (JSC::JIT::emitSlow_op_call_varargs):
1541         (JSC::JIT::emitSlow_op_tail_call_varargs):
1542         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
1543         (JSC::JIT::emitSlow_op_construct_varargs):
1544         (JSC::JIT::emitSlow_op_construct):
1545         * jit/JITDisassembler.cpp:
1546         (JSC::JITDisassembler::JITDisassembler):
1547         * jit/JITExceptions.cpp:
1548         (JSC::genericUnwind):
1549         * jit/JITInlines.h:
1550         (JSC::JIT::emitDoubleGetByVal):
1551         (JSC::JIT::emitLoadForArrayMode):
1552         (JSC::JIT::emitContiguousGetByVal):
1553         (JSC::JIT::emitArrayStorageGetByVal):
1554         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1555         (JSC::JIT::sampleInstruction):
1556         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
1557         (JSC::JIT::emitValueProfilingSite):
1558         (JSC::JIT::jumpTarget):
1559         (JSC::JIT::copiedGetPutInfo):
1560         (JSC::JIT::copiedArithProfile):
1561         * jit/JITMathIC.h:
1562         (JSC::isProfileEmpty):
1563         (JSC::JITBinaryMathIC::JITBinaryMathIC):
1564         (JSC::JITUnaryMathIC::JITUnaryMathIC):
1565         * jit/JITOpcodes.cpp:
1566         (JSC::JIT::emit_op_mov):
1567         (JSC::JIT::emit_op_end):
1568         (JSC::JIT::emit_op_jmp):
1569         (JSC::JIT::emit_op_new_object):
1570         (JSC::JIT::emitSlow_op_new_object):
1571         (JSC::JIT::emit_op_overrides_has_instance):
1572         (JSC::JIT::emit_op_instanceof):
1573         (JSC::JIT::emitSlow_op_instanceof):
1574         (JSC::JIT::emit_op_instanceof_custom):
1575         (JSC::JIT::emit_op_is_empty):
1576         (JSC::JIT::emit_op_is_undefined):
1577         (JSC::JIT::emit_op_is_boolean):
1578         (JSC::JIT::emit_op_is_number):
1579         (JSC::JIT::emit_op_is_cell_with_type):
1580         (JSC::JIT::emit_op_is_object):
1581         (JSC::JIT::emit_op_ret):
1582         (JSC::JIT::emit_op_to_primitive):
1583         (JSC::JIT::emit_op_set_function_name):
1584         (JSC::JIT::emit_op_not):
1585         (JSC::JIT::emit_op_jfalse):
1586         (JSC::JIT::emit_op_jeq_null):
1587         (JSC::JIT::emit_op_jneq_null):
1588         (JSC::JIT::emit_op_jneq_ptr):
1589         (JSC::JIT::emit_op_eq):
1590         (JSC::JIT::emit_op_jeq):
1591         (JSC::JIT::emit_op_jtrue):
1592         (JSC::JIT::emit_op_neq):
1593         (JSC::JIT::emit_op_jneq):
1594         (JSC::JIT::emit_op_throw):
1595         (JSC::JIT::compileOpStrictEq):
1596         (JSC::JIT::emit_op_stricteq):
1597         (JSC::JIT::emit_op_nstricteq):
1598         (JSC::JIT::compileOpStrictEqJump):
1599         (JSC::JIT::emit_op_jstricteq):
1600         (JSC::JIT::emit_op_jnstricteq):
1601         (JSC::JIT::emitSlow_op_jstricteq):
1602         (JSC::JIT::emitSlow_op_jnstricteq):
1603         (JSC::JIT::emit_op_to_number):
1604         (JSC::JIT::emit_op_to_string):
1605         (JSC::JIT::emit_op_to_object):
1606         (JSC::JIT::emit_op_catch):
1607         (JSC::JIT::emit_op_identity_with_profile):
1608         (JSC::JIT::emit_op_get_parent_scope):
1609         (JSC::JIT::emit_op_switch_imm):
1610         (JSC::JIT::emit_op_switch_char):
1611         (JSC::JIT::emit_op_switch_string):
1612         (JSC::JIT::emit_op_debug):
1613         (JSC::JIT::emit_op_eq_null):
1614         (JSC::JIT::emit_op_neq_null):
1615         (JSC::JIT::emit_op_enter):
1616         (JSC::JIT::emit_op_get_scope):
1617         (JSC::JIT::emit_op_to_this):
1618         (JSC::JIT::emit_op_create_this):
1619         (JSC::JIT::emit_op_check_tdz):
1620         (JSC::JIT::emitSlow_op_eq):
1621         (JSC::JIT::emitSlow_op_neq):
1622         (JSC::JIT::emitSlow_op_jeq):
1623         (JSC::JIT::emitSlow_op_jneq):
1624         (JSC::JIT::emitSlow_op_instanceof_custom):
1625         (JSC::JIT::emit_op_loop_hint):
1626         (JSC::JIT::emitSlow_op_loop_hint):
1627         (JSC::JIT::emit_op_check_traps):
1628         (JSC::JIT::emit_op_nop):
1629         (JSC::JIT::emit_op_super_sampler_begin):
1630         (JSC::JIT::emit_op_super_sampler_end):
1631         (JSC::JIT::emitSlow_op_check_traps):
1632         (JSC::JIT::emit_op_new_regexp):
1633         (JSC::JIT::emitNewFuncCommon):
1634         (JSC::JIT::emit_op_new_func):
1635         (JSC::JIT::emit_op_new_generator_func):
1636         (JSC::JIT::emit_op_new_async_generator_func):
1637         (JSC::JIT::emit_op_new_async_func):
1638         (JSC::JIT::emitNewFuncExprCommon):
1639         (JSC::JIT::emit_op_new_func_exp):
1640         (JSC::JIT::emit_op_new_generator_func_exp):
1641         (JSC::JIT::emit_op_new_async_func_exp):
1642         (JSC::JIT::emit_op_new_async_generator_func_exp):
1643         (JSC::JIT::emit_op_new_array):
1644         (JSC::JIT::emit_op_new_array_with_size):
1645         (JSC::JIT::emit_op_has_structure_property):
1646         (JSC::JIT::privateCompileHasIndexedProperty):
1647         (JSC::JIT::emit_op_has_indexed_property):
1648         (JSC::JIT::emitSlow_op_has_indexed_property):
1649         (JSC::JIT::emit_op_get_direct_pname):
1650         (JSC::JIT::emit_op_enumerator_structure_pname):
1651         (JSC::JIT::emit_op_enumerator_generic_pname):
1652         (JSC::JIT::emit_op_profile_type):
1653         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1654         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1655         (JSC::JIT::emit_op_profile_control_flow):
1656         (JSC::JIT::emit_op_argument_count):
1657         (JSC::JIT::emit_op_get_rest_length):
1658         (JSC::JIT::emit_op_get_argument):
1659         * jit/JITOpcodes32_64.cpp:
1660         (JSC::JIT::emit_op_to_this):
1661         * jit/JITOperations.cpp:
1662         * jit/JITOperations.h:
1663         * jit/JITPropertyAccess.cpp:
1664         (JSC::JIT::emit_op_get_by_val):
1665         (JSC::JIT::emitGetByValWithCachedId):
1666         (JSC::JIT::emitSlow_op_get_by_val):
1667         (JSC::JIT::emit_op_put_by_val_direct):
1668         (JSC::JIT::emit_op_put_by_val):
1669         (JSC::JIT::emitGenericContiguousPutByVal):
1670         (JSC::JIT::emitArrayStoragePutByVal):
1671         (JSC::JIT::emitPutByValWithCachedId):
1672         (JSC::JIT::emitSlow_op_put_by_val):
1673         (JSC::JIT::emit_op_put_getter_by_id):
1674         (JSC::JIT::emit_op_put_setter_by_id):
1675         (JSC::JIT::emit_op_put_getter_setter_by_id):
1676         (JSC::JIT::emit_op_put_getter_by_val):
1677         (JSC::JIT::emit_op_put_setter_by_val):
1678         (JSC::JIT::emit_op_del_by_id):
1679         (JSC::JIT::emit_op_del_by_val):
1680         (JSC::JIT::emit_op_try_get_by_id):
1681         (JSC::JIT::emitSlow_op_try_get_by_id):
1682         (JSC::JIT::emit_op_get_by_id_direct):
1683         (JSC::JIT::emitSlow_op_get_by_id_direct):
1684         (JSC::JIT::emit_op_get_by_id):
1685         (JSC::JIT::emit_op_get_by_id_with_this):
1686         (JSC::JIT::emitSlow_op_get_by_id):
1687         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1688         (JSC::JIT::emit_op_put_by_id):
1689         (JSC::JIT::emitSlow_op_put_by_id):
1690         (JSC::JIT::emit_op_in_by_id):
1691         (JSC::JIT::emitSlow_op_in_by_id):
1692         (JSC::JIT::emit_op_resolve_scope):
1693         (JSC::JIT::emit_op_get_from_scope):
1694         (JSC::JIT::emitSlow_op_get_from_scope):
1695         (JSC::JIT::emit_op_put_to_scope):
1696         (JSC::JIT::emitSlow_op_put_to_scope):
1697         (JSC::JIT::emit_op_get_from_arguments):
1698         (JSC::JIT::emit_op_put_to_arguments):
1699         (JSC::JIT::privateCompileGetByVal):
1700         (JSC::JIT::privateCompileGetByValWithCachedId):
1701         (JSC::JIT::privateCompilePutByVal):
1702         (JSC::JIT::privateCompilePutByValWithCachedId):
1703         (JSC::JIT::emitDoubleLoad):
1704         (JSC::JIT::emitContiguousLoad):
1705         (JSC::JIT::emitArrayStorageLoad):
1706         (JSC::JIT::emitDirectArgumentsGetByVal):
1707         (JSC::JIT::emitScopedArgumentsGetByVal):
1708         (JSC::JIT::emitIntTypedArrayGetByVal):
1709         (JSC::JIT::emitFloatTypedArrayGetByVal):
1710         (JSC::JIT::emitIntTypedArrayPutByVal):
1711         (JSC::JIT::emitFloatTypedArrayPutByVal):
1712         * jit/RegisterSet.cpp:
1713         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
1714         * jit/SlowPathCall.h:
1715         (JSC::JITSlowPathCall::JITSlowPathCall):
1716         * llint/LLIntData.cpp:
1717         (JSC::LLInt::initialize):
1718         (JSC::LLInt::Data::performAssertions):
1719         * llint/LLIntData.h:
1720         (JSC::LLInt::exceptionInstructions):
1721         (JSC::LLInt::opcodeMap):
1722         (JSC::LLInt::opcodeMapWide):
1723         (JSC::LLInt::getOpcode):
1724         (JSC::LLInt::getOpcodeWide):
1725         (JSC::LLInt::getWideCodePtr):
1726         * llint/LLIntOffsetsExtractor.cpp:
1727         * llint/LLIntSlowPaths.cpp:
1728         (JSC::LLInt::llint_trace_operand):
1729         (JSC::LLInt::llint_trace_value):
1730         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1731         (JSC::LLInt::entryOSR):
1732         (JSC::LLInt::setupGetByIdPrototypeCache):
1733         (JSC::LLInt::getByVal):
1734         (JSC::LLInt::handleHostCall):
1735         (JSC::LLInt::setUpCall):
1736         (JSC::LLInt::genericCall):
1737         (JSC::LLInt::varargsSetup):
1738         (JSC::LLInt::commonCallEval):
1739         * llint/LLIntSlowPaths.h:
1740         * llint/LowLevelInterpreter.asm:
1741         * llint/LowLevelInterpreter.cpp:
1742         (JSC::CLoopRegister::operator const Instruction*):
1743         (JSC::CLoop::execute):
1744         * llint/LowLevelInterpreter32_64.asm:
1745         * llint/LowLevelInterpreter64.asm:
1746         * offlineasm/arm64.rb:
1747         * offlineasm/asm.rb:
1748         * offlineasm/ast.rb:
1749         * offlineasm/cloop.rb:
1750         * offlineasm/generate_offset_extractor.rb:
1751         * offlineasm/instructions.rb:
1752         * offlineasm/offsets.rb:
1753         * offlineasm/parser.rb:
1754         * offlineasm/transform.rb:
1755         * offlineasm/x86.rb:
1756         * parser/ResultType.h:
1757         (JSC::ResultType::dump const):
1758         (JSC::OperandTypes::first const):
1759         (JSC::OperandTypes::second const):
1760         (JSC::OperandTypes::dump const):
1761         * profiler/ProfilerBytecodeSequence.cpp:
1762         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
1763         * runtime/CommonSlowPaths.cpp:
1764         (JSC::SLOW_PATH_DECL):
1765         (JSC::updateArithProfileForUnaryArithOp):
1766         (JSC::updateArithProfileForBinaryArithOp):
1767         * runtime/CommonSlowPaths.h:
1768         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
1769         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
1770         * runtime/ExceptionFuzz.cpp:
1771         (JSC::doExceptionFuzzing):
1772         * runtime/ExceptionFuzz.h:
1773         (JSC::doExceptionFuzzingIfEnabled):
1774         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1775         (JSC::GetPutInfo::dump const):
1776         (WTF::printInternal):
1777         * runtime/GetPutInfo.h:
1778         (JSC::GetPutInfo::operand const):
1779         * runtime/JSCPoison.h:
1780         * runtime/JSType.cpp: Added.
1781         (WTF::printInternal):
1782         * runtime/JSType.h:
1783         * runtime/SamplingProfiler.cpp:
1784         (JSC::SamplingProfiler::StackFrame::displayName):
1785         * runtime/SamplingProfiler.h:
1786         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
1787         * runtime/SlowPathReturnType.h:
1788         (JSC::encodeResult):
1789         (JSC::decodeResult):
1790         * runtime/VM.h:
1791         * runtime/Watchdog.h:
1792         * tools/HeapVerifier.cpp:
1793
1794 2018-10-26  Commit Queue  <commit-queue@webkit.org>
1795
1796         Unreviewed, rolling out r237445.
1797         https://bugs.webkit.org/show_bug.cgi?id=190972
1798
1799         Cause performance regression on iOS devices (Requested by
1800         yusukesuzuki on #webkit).
1801
1802         Reverted changeset:
1803
1804         "Unreviewed, partial rolling in r237254"
1805         https://bugs.webkit.org/show_bug.cgi?id=190340
1806         https://trac.webkit.org/changeset/237445
1807
1808 2018-10-26  Mark Lam  <mark.lam@apple.com>
1809
1810         Fix missing edge cases with JSGlobalObjects having a bad time.
1811         https://bugs.webkit.org/show_bug.cgi?id=189028
1812         <rdar://problem/45204939>
1813
1814         Reviewed by Saam Barati.
1815
1816         Consider the following scenario:
1817
1818             let object O1 (of global G1) have an indexing type that is not SlowPut.
1819             let global G2 have a bad time.
1820             let object O2 (of global G2) be set as the prototype of O1.
1821             let object O3 (of global G2) have indexed accessors.
1822
1823         In the existing code, if we set O3 as O2's prototype, we'll have a bug where
1824         O1 will not be made aware that that there are indexed accessors in its prototype
1825         chain.
1826
1827         In this patch, we solve this issue by introducing a new invariant:
1828
1829             A prototype chain is considered to possibly have indexed accessors if any
1830             object in the chain belongs to a global object that is having a bad time.
1831
1832         We apply this invariant as follows:
1833
1834         1. Enhance JSGlobalObject::haveABadTime() to also check if other global objects are
1835            affected by it having a bad time.  If so, it also ensures that those affected
1836            global objects have a bad time.
1837
1838            The original code for JSGlobalObject::haveABadTime() uses a ObjectsWithBrokenIndexingFinder
1839            to find all objects affected by the global object having a bad time.  We enhance
1840            ObjectsWithBrokenIndexingFinder to also check for the possibility that any global
1841            objects may be affected by other global objects having a bad time i.e.
1842
1843                 let g1 = global1
1844                 let g2 = global2
1845                 let o1 = an object in g1
1846                 let o2 = an object in g2
1847
1848                 let g1 have a bad time
1849                 g2 is affected if
1850                     o1 is in the prototype chain of o2,
1851                     and o2 may be a prototype.
1852
1853            If the ObjectsWithBrokenIndexingFinder does find the possibility of other global
1854            objects being affected, it will abort its heap scan and let haveABadTime() take
1855            a slow path to do a more complete multi global object scan.
1856
1857            The slow path works as follows:
1858
1859            1. Iterate the heap and record the graph of all global object dependencies.
1860
1861               For each global object, record the list of other global objects that are
1862               affected by it.
1863
1864            2. Compute a list of global objects that need to have a bad time using the
1865               current global object dependency graph.
1866
1867            3. For each global object in the list of affected global objects, fire their
1868               HaveABadTime watchpoint and convert all their array structures to the
1869               SlowPut alternatives.
1870
1871            4. Re-run ObjectsWithBrokenIndexingFinder to find all objects that are affected
1872               by any of the globals in the list from (2).
1873
1874         2. Enhance Structure::mayInterceptIndexedAccesses() to also return true if the
1875            structure's global object is having a bad time.
1876
1877         Note: there are 3 scenarios that we need to consider:
1878
1879             let g1 = global1
1880             let g2 = global2
1881             let o1 = an object in g1
1882             let o2 = an object in g2
1883
1884             Scenario 1: o2 is a prototype, and
1885                         g1 has a bad time after o1 is inserted into the o2's prototype chain.
1886
1887             Scenario 2: o2 is a prototype, and
1888                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
1889
1890             Scenario 3: o2 is NOT a prototype, and
1891                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
1892
1893             For scenario 1, when g1 has a bad time, we need to also make sure g2 has
1894             a bad time.  This is handled by enhancement 1 above.
1895
1896             For scenario 2, when o1 is inserted into o2's prototype chain, we need to check
1897             if o1's global object has a bad time.  If so, then we need to make sure o2's
1898             global also has a bad time (because o2 is a prototype) and convert o2's
1899             storage type to SlowPut.  This is handled by enhancement 2 above in conjunction
1900             with JSObject::setPrototypeDirect().
1901
1902             For scenario 3, when o1 is inserted into o2's prototype chain, we need to check
1903             if o1's global object has a bad time.  If so, then we only need to convert o2's
1904             storage type to SlowPut (because o2 is NOT a prototype).  This is handled by
1905             enhancement 2 above.
1906
1907         3. Also add $vm.isHavingABadTime(), $vm.createGlobalObject() to enable us to
1908            write some tests for this issue.
1909
1910         * runtime/JSGlobalObject.cpp:
1911         (JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
1912         (JSC::JSGlobalObject::haveABadTime):
1913         * runtime/JSGlobalObject.h:
1914         * runtime/JSObject.h:
1915         (JSC::JSObject::mayInterceptIndexedAccesses): Deleted.
1916         * runtime/JSObjectInlines.h:
1917         (JSC::JSObject::mayInterceptIndexedAccesses):
1918         * runtime/Structure.h:
1919         * runtime/StructureInlines.h:
1920         (JSC::Structure::mayInterceptIndexedAccesses const):
1921         * tools/JSDollarVM.cpp:
1922         (JSC::functionHaveABadTime):
1923         (JSC::functionIsHavingABadTime):
1924         (JSC::functionCreateGlobalObject):
1925         (JSC::JSDollarVM::finishCreation):
1926
1927 2018-10-26  Keith Miller  <keith_miller@apple.com>
1928
1929         JSC xcconfig should set DEFINES_MODULE
1930         https://bugs.webkit.org/show_bug.cgi?id=190952
1931
1932         Reviewed by Mark Lam.
1933
1934         This should mean that the JavaScriptCore.framework will have a module map.
1935
1936         * Configurations/JavaScriptCore.xcconfig:
1937
1938 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1939
1940         [JSC] havingABadTimeWatchpoint is not required in Array#indexOf optimization
1941         https://bugs.webkit.org/show_bug.cgi?id=190941
1942
1943         Reviewed by Saam Barati.
1944
1945         While "Rest" operation fast path requires havingABadTimeWatchpoint since it allocates
1946         JSArray, Array#{indexOf,lastIndexOf} do not require it when we use the fast path for them.
1947         This patch removes watching on havingABadTimeWatchpoint in Array#indexOf. The test causing
1948         "havingABadTime" is already included in our test suites (e.g. array-indexof-have-a-bad-time.js).
1949
1950         * dfg/DFGByteCodeParser.cpp:
1951         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1952         * runtime/JSArrayInlines.h:
1953         (JSC::JSArray::canDoFastIndexedAccess):
1954         * runtime/JSGlobalObject.h:
1955         * runtime/JSGlobalObjectInlines.h:
1956         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
1957         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable): Deleted.
1958
1959 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1960
1961         Unreviewed, partial rolling in r237254
1962         https://bugs.webkit.org/show_bug.cgi?id=190340
1963
1964         We do not use the added function right now to investigate what is the reason of the regression.
1965         If it causes the regression, it seems that Parser.cpp's inlining decision seems culprit.
1966
1967         * bytecode/UnlinkedFunctionExecutable.cpp:
1968         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1969         * bytecode/UnlinkedFunctionExecutable.h:
1970         * parser/Parser.cpp:
1971         (JSC::Parser<LexerType>::parseInner):
1972         (JSC::Parser<LexerType>::parseSingleFunction):
1973         (JSC::Parser<LexerType>::parseFunctionInfo):
1974         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1975         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
1976         * parser/Parser.h:
1977         (JSC::Parser<LexerType>::parse):
1978         (JSC::parse):
1979         (JSC::parseFunctionForFunctionConstructor):
1980         * parser/ParserModes.h:
1981         * parser/ParserTokens.h:
1982         (JSC::JSTextPosition::JSTextPosition):
1983         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
1984         * parser/SourceCodeKey.h:
1985         (JSC::SourceCodeKey::SourceCodeKey):
1986         (JSC::SourceCodeKey::operator== const):
1987         * runtime/CodeCache.cpp:
1988         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1989         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1990         * runtime/CodeCache.h:
1991         * runtime/FunctionConstructor.cpp:
1992         (JSC::constructFunctionSkippingEvalEnabledCheck):
1993         * runtime/FunctionExecutable.cpp:
1994         (JSC::FunctionExecutable::fromGlobalCode):
1995         * runtime/FunctionExecutable.h:
1996
1997 2018-10-25  Brent Fulgham  <bfulgham@apple.com>
1998
1999         Unreviewed build fix for Visual Studio 2017
2000
2001         * API/tests/testapi.c:
2002         (testMarkingConstraintsAndHeapFinalizers):
2003         (main):
2004
2005 2018-10-25  Devin Rousso  <drousso@apple.com>
2006
2007         Web Inspector: display fullscreen enter/exit events in Timelines and Network node waterfalls
2008         https://bugs.webkit.org/show_bug.cgi?id=189874
2009         <rdar://problem/44700000>
2010
2011         Reviewed by Joseph Pecoraro.
2012
2013         * inspector/protocol/DOM.json:
2014         Allow `data` to be passed to the frontend with `didFireEvent`.
2015
2016 2018-10-25  Ross Kirsling  <ross.kirsling@sony.com>
2017
2018         Cleanup: inline constexpr is redundant as constexpr implies inline
2019         https://bugs.webkit.org/show_bug.cgi?id=190819
2020
2021         Reviewed by Mark Lam.
2022
2023         * bytecode/ArrayProfile.h:
2024         (JSC::asArrayModes):
2025         * runtime/IndexingType.h:
2026         (JSC::isCopyOnWrite):
2027         * runtime/MathCommon.h:
2028         (JSC::maxSafeInteger):
2029         (JSC::minSafeInteger):
2030         * runtime/StackAlignment.h:
2031         (JSC::stackAlignmentBytes):
2032         (JSC::stackAlignmentRegisters):
2033
2034 2018-10-24  Megan Gardner  <megan_gardner@apple.com>
2035
2036         Turn on Conic Gradients
2037         https://bugs.webkit.org/show_bug.cgi?id=190810
2038
2039         Reviewed by Tim Horton.
2040
2041         * Configurations/FeatureDefines.xcconfig:
2042
2043 2018-10-24  Michael Saboff  <msaboff@apple.com>
2044
2045         Increase executable memory pool from 64MB to 128MB for ARM64
2046         https://bugs.webkit.org/show_bug.cgi?id=190453
2047
2048         Unreviewed, rolling back in r237024.
2049
2050         The original change did impact ARES-6 performance by 4-8%.  That will
2051         be investigated separately.
2052
2053 2018-10-22  Keith Rollin  <krollin@apple.com>
2054
2055         Use Location = "Relative to Build Products" rather than "Relative to Group"
2056         https://bugs.webkit.org/show_bug.cgi?id=190781
2057
2058         Reviewed by Alexey Proskuryakov.
2059
2060         Almost all Derived Files are included in Xcode projects with the
2061         Location attribute set to "Relative to Group". While this currently
2062         works, the Derived Files can no longer be found when enabling XCBuild
2063         (which has stricter requirements). Fix this by setting the Location
2064         attribute to "Relative to Build Products".
2065
2066         * JavaScriptCore.xcodeproj/project.pbxproj:
2067
2068 2018-10-22  Mark Lam  <mark.lam@apple.com>
2069
2070         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
2071         https://bugs.webkit.org/show_bug.cgi?id=190515
2072         <rdar://problem/45222379>
2073
2074         Reviewed by Saam Barati.
2075
2076         1. Fixes calls to asArrayModes() to take a structure's IndexingMode instead of
2077            IndexingType.
2078
2079         2. DFG's compileNewArrayBuffer()'s HaveABadTime case was previously using the
2080            node's indexingType (instead of indexingMode) to choose the array structure
2081            to use for creating an array buffer with.  This turns out to not be an issue
2082            because when the VM is in having a bad time, all the
2083            arrayStructureForIndexingTypeDuringAllocation structure pointers will point to
2084            the SlowPutArrayStorage structure anyway.  However, to be strictly correct,
2085            we'll fix it to use the structure for the node's indexingMode.
2086
2087         * dfg/DFGAbstractValue.cpp:
2088         (JSC::DFG::AbstractValue::set):
2089         (JSC::DFG::AbstractValue::mergeOSREntryValue):
2090         * dfg/DFGAbstractValue.h:
2091         (JSC::DFG::AbstractValue::validate const):
2092         * dfg/DFGOSRExit.cpp:
2093         (JSC::DFG::OSRExit::executeOSRExit):
2094         * dfg/DFGRegisteredStructureSet.cpp:
2095         (JSC::DFG::RegisteredStructureSet::arrayModesFromStructures const):
2096         * dfg/DFGSpeculativeJIT.cpp:
2097         (JSC::DFG::SpeculativeJIT::compileNewArrayBuffer):
2098
2099 2018-10-19  Commit Queue  <commit-queue@webkit.org>
2100
2101         Unreviewed, rolling out r237254.
2102         https://bugs.webkit.org/show_bug.cgi?id=190760
2103
2104         "It regresses JetStream 2 by 5% on some iOS devices"
2105         (Requested by saamyjoon on #webkit).
2106
2107         Reverted changeset:
2108
2109         "[JSC] JSC should have "parseFunction" to optimize Function
2110         constructor"
2111         https://bugs.webkit.org/show_bug.cgi?id=190340
2112         https://trac.webkit.org/changeset/237254
2113
2114 2018-10-19  Saam Barati  <sbarati@apple.com>
2115
2116         vmCall should check if we exit before emitting an OSR exit due to exceptions
2117         https://bugs.webkit.org/show_bug.cgi?id=190740
2118         <rdar://problem/45220139>
2119
2120         Reviewed by Mark Lam.
2121
2122         The bug we were seeing is the MovHint removal phase would
2123         eliminate a superfluous MovHint. This left a certain range
2124         of nodes in a state where they would not be able to reconstruct
2125         values for an OSR exit. This is OK, since this phase proved those
2126         nodes don't exit. However, some of these nodes may use the vmCall
2127         construct in FTLLower. vmCall used to unconditionally emit an
2128         exception check after each call. However, if such a call happens
2129         in the range of nodes where we can't exit, we would end up generating
2130         an invalid exit (and running with validateFTLOSRExitLiveness flag
2131         would find this issue).
2132         
2133         This patch makes vmCall check to see if the node can exit before
2134         emitting an exception check. A node not being able to exit implies
2135         that it can't exit for exceptions, therefore, by definition, it can't
2136         throw an exception.
2137
2138         * ftl/FTLLowerDFGToB3.cpp:
2139         (JSC::FTL::DFG::LowerDFGToB3::vmCall):
2140
2141 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
2142
2143         [ESNext][BigInt] Implement support for "^"
2144         https://bugs.webkit.org/show_bug.cgi?id=186235
2145
2146         Reviewed by Yusuke Suzuki.
2147
2148         This patch is introducing support for BigInt into bitwise xor
2149         operation. We are including only support into LLInt and Baseline.
2150
2151         * runtime/CommonSlowPaths.cpp:
2152         (JSC::SLOW_PATH_DECL):
2153         * runtime/JSBigInt.cpp:
2154         (JSC::JSBigInt::bitwiseXor):
2155         (JSC::JSBigInt::absoluteXor):
2156         * runtime/JSBigInt.h:
2157
2158 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
2159
2160         [BigInt] Add ValueSub into DFG
2161         https://bugs.webkit.org/show_bug.cgi?id=186176
2162
2163         Reviewed by Yusuke Suzuki.
2164
2165         We are introducing in this patch a new node called ValueSub. This node
2166         is necessary due to introduction of BigInt, making subtraction
2167         operations result in non-Number values in some cases. In such case, ValueSub is
2168         responsible to handle Untyped and BigInt operations.
2169         In addition, we are also creating a speculative path when both
2170         operands are BigInt. According to a simple BigInt subtraction microbenchmark,
2171         this represents a speedup of ~1.2x faster.
2172
2173         big-int-simple-sub    14.6427+-0.5652    ^    11.9559+-0.6485   ^   definitely 1.2247x faster
2174
2175         * dfg/DFGAbstractInterpreterInlines.h:
2176         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2177         * dfg/DFGByteCodeParser.cpp:
2178         (JSC::DFG::ByteCodeParser::parseBlock):
2179         * dfg/DFGClobberize.h:
2180         (JSC::DFG::clobberize):
2181         * dfg/DFGDoesGC.cpp:
2182         (JSC::DFG::doesGC):
2183         * dfg/DFGFixupPhase.cpp:
2184         (JSC::DFG::FixupPhase::fixupNode):
2185         * dfg/DFGGraph.h:
2186         (JSC::DFG::Graph::addSpeculationMode):
2187         * dfg/DFGNodeType.h:
2188         * dfg/DFGOperations.cpp:
2189         * dfg/DFGOperations.h:
2190         * dfg/DFGPredictionPropagationPhase.cpp:
2191         * dfg/DFGSafeToExecute.h:
2192         (JSC::DFG::safeToExecute):
2193         * dfg/DFGSpeculativeJIT.cpp:
2194         (JSC::DFG::SpeculativeJIT::compileValueSub):
2195         (JSC::DFG::SpeculativeJIT::compileArithSub):
2196         * dfg/DFGSpeculativeJIT.h:
2197         * dfg/DFGSpeculativeJIT32_64.cpp:
2198         (JSC::DFG::SpeculativeJIT::compile):
2199         * dfg/DFGSpeculativeJIT64.cpp:
2200         (JSC::DFG::SpeculativeJIT::compile):
2201         * dfg/DFGValidate.cpp:
2202         * ftl/FTLCapabilities.cpp:
2203         (JSC::FTL::canCompile):
2204         * ftl/FTLLowerDFGToB3.cpp:
2205         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2206         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2207         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2208
2209 2018-10-18  Alexey Proskuryakov  <ap@apple.com>
2210
2211         Switch from PLATFORM(IOS) to PLATFORM(IOS_FAMILY)
2212         https://bugs.webkit.org/show_bug.cgi?id=190729
2213
2214         Reviewed by Tim Horton.
2215
2216         * API/JSBase.cpp:
2217         * API/JSWrapperMap.mm:
2218         * assembler/ARM64Assembler.h:
2219         (JSC::ARM64Assembler::cacheFlush):
2220         * assembler/ARMv7Assembler.h:
2221         (JSC::ARMv7Assembler::cacheFlush):
2222         * assembler/AssemblerCommon.h:
2223         (JSC::isIOS):
2224         * heap/FullGCActivityCallback.cpp:
2225         (JSC::FullGCActivityCallback::doCollection):
2226         * heap/Heap.cpp:
2227         (JSC::Heap::overCriticalMemoryThreshold):
2228         (JSC::Heap::updateAllocationLimits):
2229         (JSC::Heap::collectIfNecessaryOrDefer):
2230         * heap/Heap.h:
2231         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2232         (Inspector::RemoteConnectionToTarget::dispatchAsyncOnTarget):
2233         * jit/ExecutableAllocator.cpp:
2234         (JSC::allowJIT):
2235         * jit/ExecutableAllocator.h:
2236         * jit/RegisterSet.cpp:
2237         (JSC::RegisterSet::reservedHardwareRegisters):
2238         (JSC::RegisterSet::calleeSaveRegisters):
2239         * jit/ThunkGenerators.cpp:
2240         * jsc.cpp:
2241         (main):
2242         * runtime/MathCommon.cpp:
2243         * runtime/Options.cpp:
2244         (JSC::overrideDefaults):
2245         (JSC::recomputeDependentOptions):
2246         * runtime/Options.h:
2247
2248 2018-10-18  Ross Kirsling  <ross.kirsling@sony.com>
2249
2250         delete expression should not throw without a reference
2251         https://bugs.webkit.org/show_bug.cgi?id=190637
2252
2253         Reviewed by Yusuke Suzuki.
2254
2255         * parser/Parser.cpp:
2256         (JSC::Parser<LexerType>::parseUnaryExpression):
2257         Eliminate non-spec-compliant switch case.
2258
2259 2018-10-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2260
2261         [JSC] JSC should have "parseFunction" to optimize Function constructor
2262         https://bugs.webkit.org/show_bug.cgi?id=190340
2263
2264         Reviewed by Mark Lam.
2265
2266         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
2267         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
2268         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
2269         is really costly and ideally we should meet the above requirement by the one time parsing.
2270
2271         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
2272         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
2273         For example, if we run the code,
2274
2275             Function('/*', '*/){')
2276
2277         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
2278         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
2279         that, in our implementation, we first create the entire string.
2280
2281             function anonymous(/*) {
2282                 */){
2283             }
2284
2285         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
2286         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
2287         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
2288         above example while we parse the entire function only once. And we do not need to create two strings too.
2289
2290         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
2291         significantly sped up (28.2%).
2292
2293         Before:
2294             uglify-js:  2.94 runs/s
2295         After:
2296             uglify-js:  3.77 runs/s
2297
2298         * bytecode/UnlinkedFunctionExecutable.cpp:
2299         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2300         * bytecode/UnlinkedFunctionExecutable.h:
2301         * parser/Parser.cpp:
2302         (JSC::Parser<LexerType>::parseInner):
2303         (JSC::Parser<LexerType>::parseSingleFunction):
2304         (JSC::Parser<LexerType>::parseFunctionInfo):
2305         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2306         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
2307         * parser/Parser.h:
2308         (JSC::Parser<LexerType>::parse):
2309         (JSC::parse):
2310         (JSC::parseFunctionForFunctionConstructor):
2311         * parser/ParserModes.h:
2312         * parser/ParserTokens.h:
2313         (JSC::JSTextPosition::JSTextPosition):
2314         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
2315         * parser/SourceCodeKey.h:
2316         (JSC::SourceCodeKey::SourceCodeKey):
2317         (JSC::SourceCodeKey::operator== const):
2318         * runtime/CodeCache.cpp:
2319         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2320         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2321         * runtime/CodeCache.h:
2322         * runtime/FunctionConstructor.cpp:
2323         (JSC::constructFunctionSkippingEvalEnabledCheck):
2324         * runtime/FunctionExecutable.cpp:
2325         (JSC::FunctionExecutable::fromGlobalCode):
2326         * runtime/FunctionExecutable.h:
2327
2328 2018-10-18  Commit Queue  <commit-queue@webkit.org>
2329
2330         Unreviewed, rolling out r237242.
2331         https://bugs.webkit.org/show_bug.cgi?id=190701
2332
2333         it breaks "stress/sampling-profiler-basic.js" (Requested by
2334         caiolima on #webkit).
2335
2336         Reverted changeset:
2337
2338         "[BigInt] Add ValueSub into DFG"
2339         https://bugs.webkit.org/show_bug.cgi?id=186176
2340         https://trac.webkit.org/changeset/237242
2341
2342 2018-10-18  Takafumi Kubota  <takafumi.kubota1012@sslab.ics.keio.ac.jp>
2343
2344         Missing #pragma once in WasmOpcodeOrigin.h
2345         https://bugs.webkit.org/show_bug.cgi?id=190699
2346
2347         Reviewed by Yusuke Suzuki.
2348
2349         This patch add ''#pragma once'' into WasmOpcodeOrigin.h to avoid the
2350         multiple inclusion that can happen in the unified build
2351         configuration.
2352
2353         * wasm/WasmOpcodeOrigin.h:
2354
2355 2018-10-17  Wenson Hsieh  <wenson_hsieh@apple.com>
2356
2357         Enable the datalist element by default on iOS and macOS
2358         https://bugs.webkit.org/show_bug.cgi?id=190594
2359         <rdar://problem/45281159>
2360
2361         Reviewed by Ryosuke Niwa and Tim Horton.
2362
2363         * Configurations/FeatureDefines.xcconfig:
2364
2365 2018-10-17  Caio Lima  <ticaiolima@gmail.com>
2366
2367         [BigInt] Add ValueSub into DFG
2368         https://bugs.webkit.org/show_bug.cgi?id=186176
2369
2370         Reviewed by Yusuke Suzuki.
2371
2372         We are introducing in this patch a new node called ValueSub. This node
2373         is necessary due to introduction of BigInt, making subtraction
2374         operations result in non-Number values in some cases. In such case, ValueSub is
2375         responsible to handle Untyped and BigInt operations.
2376         In addition, we are also creating a speculative path when both
2377         operands are BigInt. According to a simple BigInt subtraction microbenchmark,
2378         this represents a speedup of ~1.2x faster.
2379
2380         big-int-simple-sub    14.6427+-0.5652    ^    11.9559+-0.6485   ^   definitely 1.2247x faster
2381
2382         * dfg/DFGAbstractInterpreterInlines.h:
2383         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2384         * dfg/DFGByteCodeParser.cpp:
2385         (JSC::DFG::ByteCodeParser::parseBlock):
2386         * dfg/DFGClobberize.h:
2387         (JSC::DFG::clobberize):
2388         * dfg/DFGDoesGC.cpp:
2389         (JSC::DFG::doesGC):
2390         * dfg/DFGFixupPhase.cpp:
2391         (JSC::DFG::FixupPhase::fixupNode):
2392         * dfg/DFGGraph.h:
2393         (JSC::DFG::Graph::addSpeculationMode):
2394         * dfg/DFGNodeType.h:
2395         * dfg/DFGOperations.cpp:
2396         * dfg/DFGOperations.h:
2397         * dfg/DFGPredictionPropagationPhase.cpp:
2398         * dfg/DFGSafeToExecute.h:
2399         (JSC::DFG::safeToExecute):
2400         * dfg/DFGSpeculativeJIT.cpp:
2401         (JSC::DFG::SpeculativeJIT::compileValueSub):
2402         (JSC::DFG::SpeculativeJIT::compileArithSub):
2403         * dfg/DFGSpeculativeJIT.h:
2404         * dfg/DFGSpeculativeJIT32_64.cpp:
2405         (JSC::DFG::SpeculativeJIT::compile):
2406         * dfg/DFGSpeculativeJIT64.cpp:
2407         (JSC::DFG::SpeculativeJIT::compile):
2408         * dfg/DFGValidate.cpp:
2409         * ftl/FTLCapabilities.cpp:
2410         (JSC::FTL::canCompile):
2411         * ftl/FTLLowerDFGToB3.cpp:
2412         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2413         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2414         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2415
2416 2018-10-17  Mark Lam  <mark.lam@apple.com>
2417
2418         The parser should not emit a ApplyFunctionCallDotNode for Reflect.apply.
2419         https://bugs.webkit.org/show_bug.cgi?id=190671
2420         <rdar://problem/45201145>
2421
2422         Reviewed by Saam Barati.
2423
2424         The bytecode generator does not currently know how to inline Reflect.apply (see
2425         https://bugs.webkit.org/show_bug.cgi?id=190668).  Hence, it's a waste of time to
2426         emit the ApplyFunctionCallDotNode since the function check against Function.apply
2427         that it will generate will always fail.
2428
2429         Also fixed CallVariant::dump() to be able to handle dumping a non-executable
2430         callee.  Reflect.apply used to trip this up.  Any object with an apply property
2431         invoked as a function could also trip this up.  This is now fixed.
2432
2433         * bytecode/CallVariant.cpp:
2434         (JSC::CallVariant::dump const):
2435         * bytecompiler/NodesCodegen.cpp:
2436         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2437         * parser/ASTBuilder.h:
2438         (JSC::ASTBuilder::makeFunctionCallNode):
2439
2440 2018-10-17  Commit Queue  <commit-queue@webkit.org>
2441
2442         Unreviewed, rolling out r237024.
2443         https://bugs.webkit.org/show_bug.cgi?id=190673
2444
2445         "It regressed ARES6 on iOS devices by 4-8%" (Requested by
2446         saamyjoon on #webkit).
2447
2448         Reverted changeset:
2449
2450         "Increase executable memory pool from 64MB to 128MB for ARM64"
2451         https://bugs.webkit.org/show_bug.cgi?id=190453
2452         https://trac.webkit.org/changeset/237024
2453
2454 2018-10-17  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2455
2456         [JSC] Use WTF::Function instead of std::function
2457         https://bugs.webkit.org/show_bug.cgi?id=190665
2458
2459         Reviewed by Keith Miller.
2460
2461         We should use WTF::Function as much as possible. It allocates memory from bmalloc instead of standard malloc.
2462
2463         * runtime/JSNativeStdFunction.h:
2464
2465 2018-10-17  Keith Miller  <keith_miller@apple.com>
2466
2467         Remove debug logging from generate_offsets_extractor.rb
2468         https://bugs.webkit.org/show_bug.cgi?id=190667
2469
2470         Reviewed by Mark Lam.
2471
2472         * offlineasm/generate_offset_extractor.rb:
2473
2474 2018-10-17  Keith Miller  <keith_miller@apple.com>
2475
2476         AI does not clear Phantom allocation nodes.
2477         https://bugs.webkit.org/show_bug.cgi?id=190694
2478
2479         Reviewed by Saam Barati.
2480
2481         Phantom nodes claim to have a result so they should make sure they clear
2482         their abstract values.
2483
2484         * dfg/DFGAbstractInterpreterInlines.h:
2485         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2486
2487 2018-10-17  Keith Miller  <keith_miller@apple.com>
2488
2489         Unreviewed, fix windows build.
2490
2491         * offlineasm/generate_offset_extractor.rb:
2492
2493 2018-10-17  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2494
2495         [JSC] More aggressively use `constexpr` in LowLevelInterpreter.asm for constant values
2496         https://bugs.webkit.org/show_bug.cgi?id=190659
2497
2498         Reviewed by Keith Miller.
2499
2500         Asking the actual constant value to the JSC binary is always the best way to get the correct value.
2501         The value is correctly updated once the original value is changed. We would like to encourage this
2502         approach more in LowLevelInterpreter.asm.
2503
2504         This patch expands the coverage of this approach. We make ObservedType, ResultType, and ArithProfile
2505         constexpr-friendly to produce the magic value used in LowLevelInterpreter.asm at compiling time.
2506         This change allows us to easily extend ArithProfile in the future to adopt BigInt efficiently.
2507
2508         We additionally use `constexpr` for several constant values in LowLevelInterpreter.asm.
2509
2510         * assembler/MaxFrameExtentForSlowPathCall.h:
2511         Use this value in LowLevelInterpreter.asm directly. We also make them constexpr. And we add CPU(ARM64E).
2512
2513         * bytecode/ArithProfile.h:
2514         (JSC::ObservedType::ObservedType):
2515         (JSC::ObservedType::sawInt32 const):
2516         (JSC::ObservedType::isOnlyInt32 const):
2517         (JSC::ObservedType::sawNumber const):
2518         (JSC::ObservedType::isOnlyNumber const):
2519         (JSC::ObservedType::sawNonNumber const):
2520         (JSC::ObservedType::isOnlyNonNumber const):
2521         (JSC::ObservedType::isEmpty const):
2522         (JSC::ObservedType::bits const):
2523         (JSC::ObservedType::withInt32 const):
2524         (JSC::ObservedType::withNumber const):
2525         (JSC::ObservedType::withNonNumber const):
2526         (JSC::ObservedType::withoutNonNumber const):
2527         (JSC::ObservedType::operator== const):
2528         (JSC::ArithProfile::ArithProfile):
2529         (JSC::ArithProfile::fromInt):
2530         (JSC::ArithProfile::observedUnaryInt):
2531         (JSC::ArithProfile::observedUnaryNumber):
2532         (JSC::ArithProfile::observedBinaryIntInt):
2533         (JSC::ArithProfile::observedBinaryNumberInt):
2534         (JSC::ArithProfile::observedBinaryIntNumber):
2535         (JSC::ArithProfile::observedBinaryNumberNumber):
2536         (JSC::ArithProfile::lhsObservedType const):
2537         (JSC::ArithProfile::rhsObservedType const):
2538         (JSC::ArithProfile::bits const):
2539         Make ObservedType and ArithProfile constexpr-friendly.
2540
2541         * llint/LLIntData.cpp:
2542         (JSC::LLInt::Data::performAssertions):
2543         Make several ASSERTs to STATIC_ASSERTs. Remove some unnecessary checks.
2544         * llint/LLIntOffsetsExtractor.cpp:
2545         * llint/LowLevelInterpreter.asm:
2546         Remove unused constant values. Use constexpr more and more aggressively.
2547
2548         * parser/ResultType.h:
2549         (JSC::ResultType::ResultType):
2550         (JSC::ResultType::isInt32 const):
2551         (JSC::ResultType::definitelyIsNumber const):
2552         (JSC::ResultType::definitelyIsString const):
2553         (JSC::ResultType::definitelyIsBoolean const):
2554         (JSC::ResultType::definitelyIsBigInt const):
2555         (JSC::ResultType::mightBeNumber const):
2556         (JSC::ResultType::isNotNumber const):
2557         (JSC::ResultType::mightBeBigInt const):
2558         (JSC::ResultType::isNotBigInt const):
2559         (JSC::ResultType::nullType):
2560         (JSC::ResultType::booleanType):
2561         (JSC::ResultType::numberType):
2562         (JSC::ResultType::numberTypeIsInt32):
2563         (JSC::ResultType::stringOrNumberType):
2564         (JSC::ResultType::addResultType):
2565         (JSC::ResultType::stringType):
2566         (JSC::ResultType::bigIntType):
2567         (JSC::ResultType::unknownType):
2568         (JSC::ResultType::forAdd):
2569         (JSC::ResultType::forLogicalOp):
2570         (JSC::ResultType::forBitOp):
2571         (JSC::ResultType::bits const):
2572         Make ResultType constexpr-friendly.
2573
2574         * runtime/JSCJSValue.h:
2575         Use offsetof instead of OBJECT_OFFSETOF. It is OK since EncodedValueDescriptor is POD.
2576         This change makes TagOffset and PayloadOffset macros constexpr-friendly while OBJECT_OFFSETOF
2577         cannot be used in constexpr since it uses reinterpret_cast.
2578
2579 2018-10-17  Keith Miller  <keith_miller@apple.com>
2580
2581         Unreviewed revert Fujii's revert in r237214 with new WinCairo build fix.
2582
2583 2018-10-16  Mark Lam  <mark.lam@apple.com>
2584
2585         GetIndexedPropertyStorage can GC.
2586         https://bugs.webkit.org/show_bug.cgi?id=190625
2587         <rdar://problem/45309366>
2588
2589         Reviewed by Saam Barati.
2590
2591         This is because if the ArrayMode type is String, the DFG and FTL will be emitting
2592         a call to operationResolveRope, and operationResolveRope can GC.  This patch
2593         updates doesGC() to reflect this.
2594
2595         * dfg/DFGDoesGC.cpp:
2596         (JSC::DFG::doesGC):
2597
2598 2018-10-16  Fujii Hironori  <Hironori.Fujii@sony.com>
2599
2600         Unreviewed, rolling out r237188, r237189, and r237197.
2601
2602         It breaks WinCairo Debug builds and Release LayoutTests
2603
2604         Reverted changesets:
2605
2606         https://bugs.webkit.org/show_bug.cgi?id=189708
2607         https://trac.webkit.org/changeset/237188
2608
2609         "Unreviewed, forgot to add untracked files."
2610         https://trac.webkit.org/changeset/237189
2611
2612         "isASTErroneous in offlineasm should de-macroify before
2613         looking for Errors"
2614         https://bugs.webkit.org/show_bug.cgi?id=190634
2615         https://trac.webkit.org/changeset/237197
2616
2617 2018-10-16  Devin Rousso  <drousso@apple.com>
2618
2619         Web Inspector: Canvas: capture previously saved states and add them to the recording payload
2620         https://bugs.webkit.org/show_bug.cgi?id=190473
2621
2622         Reviewed by Joseph Pecoraro.
2623
2624         * inspector/protocol/Recording.json:
2625         Add `states` key to `InitialState` object.
2626
2627 2018-10-16  Keith Miller  <keith_miller@apple.com>
2628
2629         isASTErroneous in offlineasm should de-macroify before looking for Errors
2630         https://bugs.webkit.org/show_bug.cgi?id=190634
2631
2632         Reviewed by Mark Lam.
2633
2634         If a macro isn't usable in a configuration it might still cause us to
2635         think the ast is invalid. This change runs the de-macroifier before
2636         looking for errors.
2637
2638         Also, it adds a missing include to Printer.h.
2639
2640         * assembler/Printer.h:
2641         * offlineasm/settings.rb:
2642
2643 2018-10-16  Justin Michaud  <justin_michaud@apple.com>
2644
2645         Implement feature flag and bindings for CSS Painting API
2646         https://bugs.webkit.org/show_bug.cgi?id=190237
2647
2648         Reviewed by Ryosuke Niwa.
2649
2650         * Configurations/FeatureDefines.xcconfig:
2651
2652 2018-10-16  Keith Miller  <keith_miller@apple.com>
2653
2654         Unreviewed, forgot to add untracked files.
2655
2656         * llint/LLIntSettingsExtractor.cpp: Added.
2657         (main):
2658         * offlineasm/generate_settings_extractor.rb: Added.
2659
2660 2018-10-16  Keith Miller  <keith_miller@apple.com>
2661
2662         Unreviewed, reland https://bugs.webkit.org/show_bug.cgi?id=189708 with build fix.
2663
2664         * CMakeLists.txt:
2665         * JavaScriptCore.xcodeproj/project.pbxproj:
2666         * llint/LLIntOffsetsExtractor.cpp:
2667         (JSC::LLIntOffsetsExtractor::dummy):
2668         * offlineasm/generate_offset_extractor.rb:
2669         * offlineasm/offsets.rb:
2670         * offlineasm/settings.rb:
2671
2672 2018-10-16  Keith Miller  <keith_miller@apple.com>
2673
2674         Unreviewed, add missing include.
2675
2676         * runtime/BasicBlockLocation.h:
2677
2678 2018-10-15  Keith Miller  <keith_miller@apple.com>
2679
2680         Support arm64 CPUs with a 32-bit address space
2681         https://bugs.webkit.org/show_bug.cgi?id=190273
2682
2683         Reviewed by Michael Saboff.
2684
2685         This patch adds support for arm64_32 in the LLInt. In order to
2686         make this work we needed to add a new type that reflects the size
2687         of a cpu register. This type is called CPURegister or UCPURegister
2688         for the unsigned version. Most places that used void* or intptr_t
2689         to refer to a register have been changed to use this new type.
2690
2691         * JavaScriptCore.xcodeproj/project.pbxproj:
2692         * assembler/ARM64Assembler.h:
2693         (JSC::isInt):
2694         (JSC::is4ByteAligned):
2695         (JSC::PairPostIndex::PairPostIndex):
2696         (JSC::PairPreIndex::PairPreIndex):
2697         (JSC::ARM64Assembler::readPointer):
2698         (JSC::ARM64Assembler::readCallTarget):
2699         (JSC::ARM64Assembler::computeJumpType):
2700         (JSC::ARM64Assembler::linkCompareAndBranch):
2701         (JSC::ARM64Assembler::linkConditionalBranch):
2702         (JSC::ARM64Assembler::linkTestAndBranch):
2703         (JSC::ARM64Assembler::loadRegisterLiteral):
2704         (JSC::ARM64Assembler::loadStoreRegisterPairPostIndex):
2705         (JSC::ARM64Assembler::loadStoreRegisterPairPreIndex):
2706         (JSC::ARM64Assembler::loadStoreRegisterPairOffset):
2707         (JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):
2708         (JSC::isInt7): Deleted.
2709         (JSC::isInt11): Deleted.
2710         * assembler/CPU.h:
2711         (JSC::isAddress64Bit):
2712         (JSC::isAddress32Bit):
2713         * assembler/MacroAssembler.h:
2714         (JSC::MacroAssembler::shouldBlind):
2715         * assembler/MacroAssemblerARM64.cpp:
2716         (JSC::MacroAssemblerARM64::collectCPUFeatures):
2717         * assembler/MacroAssemblerARM64.h:
2718         (JSC::MacroAssemblerARM64::load):
2719         (JSC::MacroAssemblerARM64::store):
2720         (JSC::MacroAssemblerARM64::isInIntRange): Deleted.
2721         * assembler/Printer.h:
2722         * assembler/ProbeContext.h:
2723         (JSC::Probe::CPUState::gpr):
2724         (JSC::Probe::CPUState::spr):
2725         (JSC::Probe::Context::gpr):
2726         (JSC::Probe::Context::spr):
2727         * b3/B3ConstPtrValue.h:
2728         * b3/B3StackmapSpecial.cpp:
2729         (JSC::B3::StackmapSpecial::isArgValidForRep):
2730         * b3/air/AirArg.h:
2731         (JSC::B3::Air::Arg::stackSlot const):
2732         (JSC::B3::Air::Arg::special const):
2733         * b3/air/testair.cpp:
2734         * b3/testb3.cpp:
2735         (JSC::B3::testStoreConstantPtr):
2736         (JSC::B3::testInterpreter):
2737         (JSC::B3::testAddShl32):
2738         (JSC::B3::testLoadBaseIndexShift32):
2739         * bindings/ScriptFunctionCall.cpp:
2740         (Deprecated::ScriptCallArgumentHandler::appendArgument):
2741         * bindings/ScriptFunctionCall.h:
2742         * bytecode/CodeBlock.cpp:
2743         (JSC::roundCalleeSaveSpaceAsVirtualRegisters):
2744         * dfg/DFGOSRExit.cpp:
2745         (JSC::DFG::restoreCalleeSavesFor):
2746         (JSC::DFG::saveCalleeSavesFor):
2747         (JSC::DFG::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
2748         (JSC::DFG::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
2749         * dfg/DFGOSRExitCompilerCommon.cpp:
2750         (JSC::DFG::reifyInlinedCallFrames):
2751         * dfg/DFGSpeculativeJIT64.cpp:
2752         (JSC::DFG::SpeculativeJIT::compile):
2753         * disassembler/UDis86Disassembler.cpp:
2754         (JSC::tryToDisassembleWithUDis86):
2755         * ftl/FTLLowerDFGToB3.cpp:
2756         (JSC::FTL::DFG::LowerDFGToB3::compileWeakMapGet):
2757         * heap/MachineStackMarker.cpp:
2758         (JSC::copyMemory):
2759         * interpreter/CallFrame.h:
2760         (JSC::ExecState::returnPC const):
2761         (JSC::ExecState::hasReturnPC const):
2762         (JSC::ExecState::clearReturnPC):
2763         (JSC::ExecState::returnPCOffset):
2764         (JSC::ExecState::isGlobalExec const):
2765         (JSC::ExecState::setReturnPC):
2766         * interpreter/CalleeBits.h:
2767         (JSC::CalleeBits::boxWasm):
2768         (JSC::CalleeBits::isWasm const):
2769         (JSC::CalleeBits::asWasmCallee const):
2770         * interpreter/Interpreter.cpp:
2771         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
2772         * interpreter/VMEntryRecord.h:
2773         * jit/AssemblyHelpers.h:
2774         (JSC::AssemblyHelpers::clearStackFrame):
2775         * jit/RegisterAtOffset.h:
2776         (JSC::RegisterAtOffset::offsetAsIndex const):
2777         * jit/RegisterAtOffsetList.cpp:
2778         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
2779         * llint/LLIntData.cpp:
2780         (JSC::LLInt::Data::performAssertions):
2781         * llint/LLIntOfflineAsmConfig.h:
2782         * llint/LowLevelInterpreter.asm:
2783         * llint/LowLevelInterpreter64.asm:
2784         * offlineasm/arm64.rb:
2785         * offlineasm/asm.rb:
2786         * offlineasm/ast.rb:
2787         * offlineasm/backends.rb:
2788         * offlineasm/parser.rb:
2789         * offlineasm/x86.rb:
2790         * runtime/BasicBlockLocation.cpp:
2791         (JSC::BasicBlockLocation::dumpData const):
2792         (JSC::BasicBlockLocation::emitExecuteCode const):
2793         * runtime/BasicBlockLocation.h:
2794         * runtime/HasOwnPropertyCache.h:
2795         * runtime/JSBigInt.cpp:
2796         (JSC::JSBigInt::inplaceMultiplyAdd):
2797         (JSC::JSBigInt::digitDiv):
2798         * runtime/JSBigInt.h:
2799         * runtime/JSObject.h:
2800         * runtime/Options.cpp:
2801         (JSC::jitEnabledByDefault):
2802         * runtime/Options.h:
2803         * runtime/RegExp.cpp:
2804         (JSC::RegExp::printTraceData):
2805         * runtime/SamplingProfiler.cpp:
2806         (JSC::CFrameWalker::walk):
2807         * runtime/SlowPathReturnType.h:
2808         (JSC::encodeResult):
2809         (JSC::decodeResult):
2810         * tools/SigillCrashAnalyzer.cpp:
2811         (JSC::SigillCrashAnalyzer::dumpCodeBlock):
2812
2813 2018-10-15  Justin Fan  <justin_fan@apple.com>
2814
2815         Add WebGPU 2018 feature flag and experimental feature flag
2816         https://bugs.webkit.org/show_bug.cgi?id=190509
2817
2818         Reviewed by Dean Jackson.
2819
2820         Re-add ENABLE_WEBGPU, an experimental feature flag, and a RuntimeEnabledFeature
2821         for the 2018 WebGPU prototype.
2822
2823         * Configurations/FeatureDefines.xcconfig:
2824
2825 2018-10-15  Timothy Hatcher  <timothy@apple.com>
2826
2827         Add support for prefers-color-scheme media query
2828         https://bugs.webkit.org/show_bug.cgi?id=190499
2829         rdar://problem/45212025
2830
2831         Reviewed by Dean Jackson.
2832
2833         * Configurations/FeatureDefines.xcconfig: Added ENABLE_DARK_MODE_CSS.
2834
2835 2018-10-15  Commit Queue  <commit-queue@webkit.org>
2836
2837         Unreviewed, rolling out r237084, r237088, r237098, and
2838         r237114.
2839         https://bugs.webkit.org/show_bug.cgi?id=190602
2840
2841         Breaks internal builds. (Requested by ryanhaddad on #webkit).
2842
2843         Reverted changesets:
2844
2845         "Separate configuration extraction from offset extraction"
2846         https://bugs.webkit.org/show_bug.cgi?id=189708
2847         https://trac.webkit.org/changeset/237084
2848
2849         "Gardening: Build fix after r237084."
2850         https://bugs.webkit.org/show_bug.cgi?id=189708
2851         https://trac.webkit.org/changeset/237088
2852
2853         "Gardening: Build fix after r237084."
2854         https://bugs.webkit.org/show_bug.cgi?id=189708
2855         https://trac.webkit.org/changeset/237098
2856
2857         "REGRESSION (r237084): JavaScriptCore fails to build on Linux"
2858         https://trac.webkit.org/changeset/237114
2859
2860 2018-10-15  Keith Miller  <keith_miller@apple.com>
2861
2862         BytecodeDumper should print all switch labels
2863         https://bugs.webkit.org/show_bug.cgi?id=190596
2864
2865         Reviewed by Saam Barati.
2866
2867         Right now the bytecode dumper only prints the default target not any of the
2868         non-default targets.
2869
2870         * bytecode/BytecodeDumper.cpp:
2871         (JSC::BytecodeDumper<Block>::dumpBytecode):
2872
2873 2018-10-15  Saam barati  <sbarati@apple.com>
2874
2875         Emit fjcvtzs on ARM64E on Darwin
2876         https://bugs.webkit.org/show_bug.cgi?id=184023
2877
2878         Reviewed by Yusuke Suzuki and Filip Pizlo.
2879
2880         ARMv8.3 introduced the fjcvtzs instruction which does double->int32
2881         conversion using the semantics defined by JavaScript:
2882         http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0801g/hko1477562192868.html
2883         This patch teaches JSC to use that instruction when possible.
2884
2885         * assembler/ARM64Assembler.h:
2886         (JSC::ARM64Assembler::fjcvtzs):
2887         (JSC::ARM64Assembler::fjcvtzsInsn):
2888         * assembler/MacroAssemblerARM64.cpp:
2889         (JSC::MacroAssemblerARM64::collectCPUFeatures):
2890         * assembler/MacroAssemblerARM64.h:
2891         (JSC::MacroAssemblerARM64::supportsDoubleToInt32ConversionUsingJavaScriptSemantics):
2892         (JSC::MacroAssemblerARM64::convertDoubleToInt32UsingJavaScriptSemantics):
2893         * dfg/DFGSpeculativeJIT.cpp:
2894         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2895         * disassembler/ARM64/A64DOpcode.cpp:
2896         * disassembler/ARM64/A64DOpcode.h:
2897         (JSC::ARM64Disassembler::A64DOpcode::appendInstructionName):
2898         * ftl/FTLLowerDFGToB3.cpp:
2899         (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
2900         * jit/JITRightShiftGenerator.cpp:
2901         (JSC::JITRightShiftGenerator::generateFastPath):
2902         * runtime/MathCommon.h:
2903         (JSC::toInt32):
2904
2905 2018-10-15  Saam Barati  <sbarati@apple.com>
2906
2907         JSArray::shiftCountWithArrayStorage is wrong when an array has holes
2908         https://bugs.webkit.org/show_bug.cgi?id=190262
2909         <rdar://problem/44986241>
2910
2911         Reviewed by Mark Lam.
2912
2913         We would take the fast path for shiftCountWithArrayStorage when the array
2914         hasHoles(). However, the code for this was wrong. It'd incorrectly update
2915         ArrayStorage::m_numValuesInVector. Since the hasHoles() for ArrayStorage
2916         path is never taken in JetStream 2, this patch just removes that from
2917         the fast path. Instead, we just fallback to the slow path when hasHoles().
2918         If we find evidence that this matters for real use cases, we can
2919         figure out a way to make the fast path work.
2920
2921         * runtime/JSArray.cpp:
2922         (JSC::JSArray::shiftCountWithArrayStorage):
2923
2924 2018-10-15  Commit Queue  <commit-queue@webkit.org>
2925
2926         Unreviewed, rolling out r237054.
2927         https://bugs.webkit.org/show_bug.cgi?id=190593
2928
2929         "this regressed JetStream 2 by 6% on iOS" (Requested by
2930         saamyjoon on #webkit).
2931
2932         Reverted changeset:
2933
2934         "[JSC] JSC should have "parseFunction" to optimize Function
2935         constructor"
2936         https://bugs.webkit.org/show_bug.cgi?id=190340
2937         https://trac.webkit.org/changeset/237054
2938
2939 2018-10-14  David Kilzer  <ddkilzer@apple.com>
2940
2941         REGRESSION (r237084): JavaScriptCore fails to build on Linux
2942         <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10949>
2943
2944         * llint/LLIntSettingsExtractor.cpp: Attempt to fix build by
2945         including <stdio.h>.
2946
2947 2018-10-15  Alex Christensen  <achristensen@webkit.org>
2948
2949         Shrink more enum classes
2950         https://bugs.webkit.org/show_bug.cgi?id=190540
2951
2952         Reviewed by Chris Dumez.
2953
2954         * runtime/ConsoleTypes.h:
2955
2956 2018-10-15  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2957
2958         [JSC] Disable DOMJIT on 32bit architecture
2959         https://bugs.webkit.org/show_bug.cgi?id=190387
2960
2961         Reviewed by Mark Lam.
2962
2963         We disable DOMJIT on 32bit architecture due to exhaustion of registers.
2964
2965         * runtime/Options.h:
2966
2967 2018-10-15  Alex Christensen  <achristensen@webkit.org>
2968
2969         Include EnumTraits.h less
2970         https://bugs.webkit.org/show_bug.cgi?id=190535
2971
2972         Reviewed by Chris Dumez.
2973
2974         * runtime/ConsoleTypes.h:
2975
2976 2018-10-14  Mark Lam  <mark.lam@apple.com>
2977
2978         Gardening: Build fix after r237084.
2979         https://bugs.webkit.org/show_bug.cgi?id=189708
2980
2981         Unreviewd.
2982
2983         * llint/LLIntOffsetsExtractor.cpp:
2984
2985 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2986
2987         [JSC] Remove Option::useAsyncIterator
2988         https://bugs.webkit.org/show_bug.cgi?id=190567
2989
2990         Reviewed by Saam Barati.
2991
2992         Async iterator is enabled by default at 2017-08-09. It is already shipped in several releases,
2993         and we can think that it is already mature. Let's drop the option `Option::useAsyncIterator`.
2994
2995         * Configurations/FeatureDefines.xcconfig:
2996         * bytecompiler/BytecodeGenerator.cpp:
2997         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
2998         (JSC::BytecodeGenerator::emitNewFunction):
2999         * parser/ASTBuilder.h:
3000         (JSC::ASTBuilder::createFunctionMetadata):
3001         * parser/Parser.cpp:
3002         (JSC::Parser<LexerType>::parseForStatement):
3003         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
3004         (JSC::Parser<LexerType>::parseClass):
3005         (JSC::Parser<LexerType>::parseProperty):
3006         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
3007         * runtime/Options.h:
3008
3009 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3010
3011         [JSC] Remove Options::useObjectRestSpread
3012         https://bugs.webkit.org/show_bug.cgi?id=190568
3013
3014         Reviewed by Saam Barati.
3015
3016         Options::useObjectRestSpread is enabled by default at 2017-06-27. It is already shipped in several releases,
3017         and we can think that it is mature. Let's drop Options::useObjectRestSpread() flag.
3018
3019         * parser/Parser.cpp:
3020         (JSC::Parser<LexerType>::Parser):
3021         (JSC::Parser<LexerType>::parseDestructuringPattern):
3022         (JSC::Parser<LexerType>::parseProperty):
3023         * parser/Parser.h:
3024         * runtime/Options.h:
3025
3026 2018-10-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3027
3028         [JSC] JSON.stringify can accept call-with-no-arguments
3029         https://bugs.webkit.org/show_bug.cgi?id=190343
3030
3031         Reviewed by Mark Lam.
3032
3033         JSON.stringify can accept `JSON.stringify()` call (call-with-no-arguments) according to the spec[1].
3034         Instead of throwing an error, we should take the first argument as `undefined` if it is not given.
3035
3036         [1]: https://tc39.github.io/ecma262/#sec-json.stringify
3037
3038         * runtime/JSONObject.cpp:
3039         (JSC::JSONProtoFuncStringify):
3040
3041 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
3042
3043         Gardening: Build fix after r237084.
3044         https://bugs.webkit.org/show_bug.cgi?id=189708
3045
3046         Unreviewd.
3047
3048         * JavaScriptCore.xcodeproj/project.pbxproj:
3049
3050 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
3051
3052         Separate configuration extraction from offset extraction
3053         https://bugs.webkit.org/show_bug.cgi?id=189708
3054
3055         Reviewed by Keith Miller.
3056
3057         Instead of generating a file with all offsets for every combination of
3058         configurations, we first generate a file with only the configuration
3059         indices and pass that to the offset extractor. The offset extractor then
3060         only generates the offsets for valid configurations
3061
3062         * CMakeLists.txt:
3063         * JavaScriptCore.xcodeproj/project.pbxproj:
3064         * llint/LLIntOffsetsExtractor.cpp:
3065         (JSC::LLIntOffsetsExtractor::dummy):
3066         * llint/LLIntSettingsExtractor.cpp: Added.
3067         (main):
3068         * offlineasm/generate_offset_extractor.rb:
3069         * offlineasm/generate_settings_extractor.rb: Added.
3070         * offlineasm/offsets.rb:
3071         * offlineasm/settings.rb:
3072
3073 2018-10-12  Ryan Haddad  <ryanhaddad@apple.com>
3074
3075         Unreviewed, rolling out r237063.
3076
3077         Caused layout test fast/dom/Window/window-postmessage-clone-
3078         deep-array.html to fail on macOS and iOS Debug bots.
3079
3080         Reverted changeset:
3081
3082         "[JSC] Remove gcc warnings on mips and armv7"
3083         https://bugs.webkit.org/show_bug.cgi?id=188598
3084         https://trac.webkit.org/changeset/237063
3085
3086 2018-10-11  Guillaume Emont  <guijemont@igalia.com>
3087
3088         [JSC] Remove gcc warnings on mips and armv7
3089         https://bugs.webkit.org/show_bug.cgi?id=188598
3090
3091         Reviewed by Mark Lam.
3092
3093         Fix many gcc/clang warnings that are false positives, mostly alignment
3094         issues.
3095
3096         * assembler/MacroAssemblerPrinter.cpp:
3097         (JSC::Printer::printMemory):
3098         Use bitwise_cast instead of reinterpret_cast.
3099         * assembler/testmasm.cpp:
3100         (JSC::floatOperands):
3101         marked as potentially unused as it is not used on all platforms.
3102         (JSC::testProbeModifiesStackValues):
3103         modifiedFlags is not used on mips, so don't declare it.
3104         * bytecode/CodeBlock.h:
3105         Make ScriptExecutable::prepareForExecution() return an
3106         std::optional<Exception*> instead of a JSObject*.
3107         * interpreter/Interpreter.cpp:
3108         (JSC::Interpreter::executeProgram):
3109         (JSC::Interpreter::executeCall):
3110         (JSC::Interpreter::executeConstruct):
3111         (JSC::Interpreter::prepareForRepeatCall):
3112         (JSC::Interpreter::execute):
3113         (JSC::Interpreter::executeModuleProgram):
3114         Update calling code for the prototype change of
3115         ScriptExecutable::prepareForExecution().
3116         * jit/JITOperations.cpp: Same as for Interpreter.cpp.
3117         * llint/LLIntSlowPaths.cpp:
3118         (JSC::LLInt::setUpCall): Same as for Interpreter.cpp.
3119         * runtime/JSBigInt.cpp:
3120         (JSC::JSBigInt::dataStorage):
3121         Use bitwise_cast instead of reinterpret_cast.
3122         * runtime/ScriptExecutable.cpp:
3123         * runtime/ScriptExecutable.h:
3124         Make ScriptExecutable::prepareForExecution() return an
3125         std::optional<Exception*> instead of a JSObject*.
3126         * tools/JSDollarVM.cpp:
3127         (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast.
3128
3129 2018-10-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3130
3131         Use currentStackPointer more
3132         https://bugs.webkit.org/show_bug.cgi?id=190503
3133
3134         Reviewed by Saam Barati.
3135
3136         * runtime/VM.cpp:
3137         (JSC::VM::committedStackByteCount):
3138
3139 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3140
3141         [JSC] JSC should have "parseFunction" to optimize Function constructor
3142         https://bugs.webkit.org/show_bug.cgi?id=190340
3143
3144         Reviewed by Mark Lam.
3145
3146         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
3147         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
3148         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
3149         is really costly and ideally we should meet the above requirement by the one time parsing.
3150
3151         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
3152         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
3153         For example, if we run the code,
3154
3155             Function('/*', '*/){')
3156
3157         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
3158         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
3159         that, in our implementation, we first create the entire string.
3160
3161             function anonymous(/*) {
3162                 */){
3163             }
3164
3165         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
3166         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
3167         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
3168         above example while we parse the entire function only once. And we do not need to create two strings too.
3169
3170         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
3171         significantly sped up (28.2%).
3172
3173         Before:
3174             uglify-js:  2.94 runs/s
3175         After:
3176             uglify-js:  3.77 runs/s
3177
3178         * bytecode/UnlinkedFunctionExecutable.cpp:
3179         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3180         * bytecode/UnlinkedFunctionExecutable.h:
3181         * parser/Parser.cpp:
3182         (JSC::Parser<LexerType>::parseInner):
3183         (JSC::Parser<LexerType>::parseSingleFunction):
3184         (JSC::Parser<LexerType>::parseFunctionInfo):
3185         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3186         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
3187         (JSC::Parser<LexerType>::parseClass):
3188         (JSC::Parser<LexerType>::parsePropertyMethod):
3189         (JSC::Parser<LexerType>::parseGetterSetter):
3190         (JSC::Parser<LexerType>::parseFunctionExpression):
3191         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
3192         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
3193         * parser/Parser.h:
3194         (JSC::Parser<LexerType>::parse):
3195         (JSC::parse):
3196         (JSC::parseFunctionForFunctionConstructor):
3197         * parser/ParserModes.h:
3198         * parser/ParserTokens.h:
3199         (JSC::JSTextPosition::JSTextPosition):
3200         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
3201         * parser/SourceCodeKey.h:
3202         (JSC::SourceCodeKey::SourceCodeKey):
3203         (JSC::SourceCodeKey::operator== const):
3204         * runtime/CodeCache.cpp:
3205         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3206         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3207         * runtime/CodeCache.h:
3208         * runtime/FunctionConstructor.cpp:
3209         (JSC::constructFunctionSkippingEvalEnabledCheck):
3210         * runtime/FunctionExecutable.cpp:
3211         (JSC::FunctionExecutable::fromGlobalCode):
3212         * runtime/FunctionExecutable.h:
3213
3214 2018-10-11  Ross Kirsling  <ross.kirsling@sony.com>
3215
3216         Fix non-existent define `CPU(JSVALUE64)`
3217         https://bugs.webkit.org/show_bug.cgi?id=190479
3218
3219         Reviewed by Yusuke Suzuki.
3220
3221         * jit/CCallHelpers.h:
3222         (JSC::CCallHelpers::setupArgumentsImpl):
3223         Correct CPU(JSVALUE64) to USE(JSVALUE64).
3224
3225 2018-10-11  Keith Rollin  <krollin@apple.com>
3226
3227         CURRENT_ARCH should not be used in Run Script phase.
3228         https://bugs.webkit.org/show_bug.cgi?id=190407
3229         <rdar://problem/45133556>
3230
3231         Reviewed by Alexey Proskuryakov.
3232
3233         CURRENT_ARCH is used in a number of Xcode Run Script phases. However,
3234         CURRENT_ARCH is not well-defined during this phase (and may even have
3235         the value "undefined") since this phase is run just once per build
3236         rather than once per supported architecture. Migrate away from
3237         CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and
3238         performing an operation for each value, or by picking the first entry
3239         in ARCHS and using that as a representative value.
3240
3241         * JavaScriptCore.xcodeproj/project.pbxproj: Store
3242         LLIntDesiredOffsets.h into a directory with a name based on ARCHS
3243         rather than CURRENT_ARCH.
3244
3245 2018-10-10  Mark Lam  <mark.lam@apple.com>
3246
3247         Changes towards allowing use of the ASAN detect_stack_use_after_return option.
3248         https://bugs.webkit.org/show_bug.cgi?id=190405
3249         <rdar://problem/45131464>
3250
3251         Reviewed by Michael Saboff.
3252
3253         The ASAN detect_stack_use_after_return option checks for use of stack variables
3254         after they have been freed.  It does this by allocating relevant stack variables
3255         in heap memory (instead of on the stack) if the code ever takes the address of
3256         those stack variables.  Unfortunately, this is a common idiom that we use to
3257         compute the approximate stack pointer value.  As a result, on such ASAN runs, the
3258         computed approximate stack pointer value will point into the heap instead of the
3259         stack.  This breaks the VM's expectations and wreaks havoc.
3260
3261         To fix this, we use the newly introduced WTF::currentStackPointer() instead of
3262         taking the address of stack variables.
3263
3264         We also need to enhance ExceptionScopes to be able to work with ASAN
3265         detect_stack_use_after_return which will allocated the scope in the heap.  We
3266         work around this by passing the current stack pointer of the instantiating calling
3267         frame into the scope constructor, and using that for the position check in
3268         ~ThrowScope() instead.
3269
3270         The above is only a start towards enabling ASAN detect_stack_use_after_return on
3271         the VM.  There are still other issues to be resolved before we can run with this
3272         ASAN option.
3273
3274         * runtime/CatchScope.h:
3275         * runtime/ExceptionEventLocation.h:
3276         (JSC::ExceptionEventLocation::ExceptionEventLocation):
3277         * runtime/ExceptionScope.h:
3278         (JSC::ExceptionScope::stackPosition const):
3279         * runtime/JSLock.cpp:
3280         (JSC::JSLock::didAcquireLock):
3281         * runtime/ThrowScope.cpp:
3282         (JSC::ThrowScope::~ThrowScope):
3283         * runtime/ThrowScope.h:
3284         * runtime/VM.h:
3285         (JSC::VM::needExceptionCheck const):
3286         (JSC::VM::isSafeToRecurse const):
3287         * wasm/js/WebAssemblyFunction.cpp:
3288         (JSC::callWebAssemblyFunction):
3289         * yarr/YarrPattern.cpp:
3290         (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const):
3291
3292 2018-10-10  Devin Rousso  <drousso@apple.com>
3293
3294         Web Inspector: create special Network waterfall for media events
3295         https://bugs.webkit.org/show_bug.cgi?id=189773
3296         <rdar://problem/44626605>
3297
3298         Reviewed by Joseph Pecoraro.
3299
3300         * inspector/protocol/DOM.json:
3301         Add `didFireEvent` event that is fired when specific event listeners added by
3302         `InspectorInstrumentation::addEventListenersToNode` are fired.
3303
3304 2018-10-10  Michael Saboff  <msaboff@apple.com>
3305
3306         Increase executable memory pool from 64MB to 128MB for ARM64
3307         https://bugs.webkit.org/show_bug.cgi?id=190453
3308
3309         Reviewed by Saam Barati.
3310
3311         * jit/ExecutableAllocator.cpp:
3312
3313 2018-10-10  Devin Rousso  <drousso@apple.com>
3314
3315         Web Inspector: notify the frontend when a canvas has started recording via console.record
3316         https://bugs.webkit.org/show_bug.cgi?id=190306
3317
3318         Reviewed by Brian Burg.
3319
3320         * inspector/protocol/Canvas.json:
3321         Add `recordingStarted` event.
3322
3323         * inspector/protocol/Recording.json:
3324         Add `Initiator` enum for determining who started the recording.
3325
3326 2018-10-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3327
3328         [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr
3329         https://bugs.webkit.org/show_bug.cgi?id=190429
3330
3331         Reviewed by Saam Barati.
3332
3333         Some createXXX functions can fail. But sometimes the caller does not perform error checking.
3334         To make it explicit that these functions can fail, we rename these functions from createXXX
3335         to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory
3336         function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX
3337         and it should return RefPtr<>.
3338
3339         This patch mainly focuses on TypedArray factory functions. Previously, these functions are
3340         `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`.
3341         And we also introduce `Ref<XXXArray> create(...)` function which internally performs
3342         RELEASE_ASSERT on the result of `tryCreate(...)`.
3343
3344         And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail.
3345
3346         This change actually finds one place which does not perform any null checkings while it uses
3347         `RefPtr<> create(...)` function.
3348
3349         * API/JSCallbackObjectFunctions.h:
3350         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
3351         (JSC::JSCallbackObject<Parent>::put):
3352         (JSC::JSCallbackObject<Parent>::putByIndex):
3353         (JSC::JSCallbackObject<Parent>::deleteProperty):
3354         (JSC::JSCallbackObject<Parent>::callbackGetter):
3355         * API/JSClassRef.h:
3356         (StaticValueEntry::StaticValueEntry):
3357         * API/JSContext.mm:
3358         (-[JSContext evaluateScript:withSourceURL:]):
3359         (-[JSContext setName:]):
3360         * API/JSContextRef.cpp:
3361         (JSGlobalContextCopyName):
3362         (JSContextCreateBacktrace):
3363         * API/JSObjectRef.cpp:
3364         (JSObjectCopyPropertyNames):
3365         * API/JSScriptRef.cpp:
3366         * API/JSStringRef.cpp:
3367         (JSStringCreateWithCharactersNoCopy):
3368         * API/JSValue.mm:
3369         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
3370         (+[JSValue valueWithNewErrorFromMessage:inContext:]):
3371         (+[JSValue valueWithNewSymbolFromDescription:inContext:]):
3372         (performPropertyOperation):
3373         (-[JSValue invokeMethod:withArguments:]):
3374         (containerValueToObject):
3375         (objectToValueWithoutCopy):
3376         (objectToValue):
3377         * API/JSValueRef.cpp:
3378         (JSValueCreateJSONString):
3379         (JSValueToStringCopy):
3380         * API/OpaqueJSString.cpp:
3381         (OpaqueJSString::tryCreate):
3382         (OpaqueJSString::create): Deleted.
3383         * API/OpaqueJSString.h:
3384         * API/glib/JSCContext.cpp:
3385         (evaluateScriptInContext):
3386         * API/glib/JSCValue.cpp:
3387         (jsc_value_new_string_from_bytes):
3388         * ftl/FTLLazySlowPath.h:
3389         (JSC::FTL::LazySlowPath::createGenerator):
3390         * ftl/FTLLazySlowPathCall.h:
3391         (JSC::FTL::createLazyCallGenerator):
3392         * ftl/FTLOSRExit.cpp:
3393         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
3394         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
3395         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
3396         * ftl/FTLOSRExit.h:
3397         * ftl/FTLPatchpointExceptionHandle.cpp:
3398         (JSC::FTL::PatchpointExceptionHandle::create):
3399         (JSC::FTL::PatchpointExceptionHandle::createHandle):
3400         * ftl/FTLPatchpointExceptionHandle.h:
3401         * heap/EdenGCActivityCallback.h:
3402         (JSC::GCActivityCallback::tryCreateEdenTimer):
3403         (JSC::GCActivityCallback::createEdenTimer): Deleted.
3404         * heap/FullGCActivityCallback.h:
3405         (JSC::GCActivityCallback::tryCreateFullTimer):
3406         (JSC::GCActivityCallback::createFullTimer): Deleted.
3407         * heap/GCActivityCallback.h:
3408         * heap/Heap.cpp:
3409         (JSC::Heap::Heap):
3410         * inspector/AsyncStackTrace.cpp:
3411         (Inspector::AsyncStackTrace::create):
3412         * inspector/AsyncStackTrace.h:
3413         * jsc.cpp:
3414         (fillBufferWithContentsOfFile):
3415         * runtime/ArrayBuffer.h:
3416         * runtime/GenericTypedArrayView.h:
3417         * runtime/GenericTypedArrayViewInlines.h:
3418         (JSC::GenericTypedArrayView<Adaptor>::create):
3419         (JSC::GenericTypedArrayView<Adaptor>::tryCreate):
3420         (JSC::GenericTypedArrayView<Adaptor>::createUninitialized):
3421         (JSC::GenericTypedArrayView<Adaptor>::tryCreateUninitialized):
3422         (JSC::GenericTypedArrayView<Adaptor>::subarray const):
3423         * runtime/JSArrayBufferView.cpp:
3424         (JSC::JSArrayBufferView::possiblySharedImpl):
3425         * runtime/JSGenericTypedArrayViewInlines.h:
3426         (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
3427         (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
3428         * wasm/WasmMemory.cpp:
3429         (JSC::Wasm::Memory::create):
3430         (JSC::Wasm::Memory::tryCreate):
3431         * wasm/WasmMemory.h:
3432         * wasm/WasmTable.cpp:
3433         (JSC::Wasm::Table::tryCreate):
3434         (JSC::Wasm::Table::create): Deleted.
3435         * wasm/WasmTable.h:
3436         * wasm/js/JSWebAssemblyInstance.cpp:
3437         (JSC::JSWebAssemblyInstance::create):
3438         * wasm/js/JSWebAssemblyMemory.cpp:
3439         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
3440         * wasm/js/WebAssemblyMemoryConstructor.cpp:
3441         (JSC::constructJSWebAssemblyMemory):
3442         * wasm/js/WebAssemblyModuleRecord.cpp:
3443         (JSC::WebAssemblyModuleRecord::link):
3444         * wasm/js/WebAssemblyTableConstructor.cpp:
3445         (JSC::constructJSWebAssemblyTable):
3446
3447 2018-10-09  Devin Rousso  <drousso@apple.com>
3448
3449         Web Inspector: show redirect requests in Network and Timelines tabs
3450         https://bugs.webkit.org/show_bug.cgi?id=150005
3451         <rdar://problem/5378164>
3452
3453         Reviewed by Joseph Pecoraro.
3454
3455         * inspector/protocol/Network.json:
3456         Add missing fields to `ResourceTiming`.
3457
3458 2018-10-09  Claudio Saavedra  <csaavedra@igalia.com>
3459
3460         [WPE] Explicitly link against gmodule where used
3461         https://bugs.webkit.org/show_bug.cgi?id=190398
3462
3463         Reviewed by Michael Catanzaro.
3464
3465         * PlatformWPE.cmake:
3466
3467 2018-10-08  Justin Fan  <justin_fan@apple.com>
3468
3469         WebGPU: Rename old WebGPU prototype to WebMetal
3470         https://bugs.webkit.org/show_bug.cgi?id=190325
3471         <rdar://problem/44990443>
3472
3473         Reviewed by Dean Jackson.
3474
3475         Rename WebGPU prototype files to WebMetal in preparation for implementing the new (Oct 2018) WebGPU interface.
3476
3477         * Configurations/FeatureDefines.xcconfig:
3478         * inspector/protocol/Canvas.json:
3479         * inspector/scripts/codegen/generator.py:
3480
3481 2018-10-08  Aditya Keerthi  <akeerthi@apple.com>
3482
3483         Make <input type=color> a runtime enabled (on-by-default) feature
3484         https://bugs.webkit.org/show_bug.cgi?id=189162
3485
3486         Reviewed by Wenson Hsieh and Tim Horton.
3487
3488         * Configurations/FeatureDefines.xcconfig:
3489
3490 2018-10-08  Devin Rousso  <drousso@apple.com>
3491
3492         Web Inspector: group media network entries by the node that triggered the request
3493         https://bugs.webkit.org/show_bug.cgi?id=189606
3494         <rdar://problem/44438527>
3495
3496         Reviewed by Brian Burg.
3497
3498         * inspector/protocol/Network.json:
3499         Add an optional `nodeId` field to the `Initiator` object that is set it is possible to
3500         determine which ancestor node triggered the load. It may not correspond directly to the node
3501         with the href/src, as that url may only be used by an ancestor for loading.
3502
3503 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3504
3505         [JSC][Linux] Use non-truncated name for JIT workers in Linux
3506         https://bugs.webkit.org/show_bug.cgi?id=190339
3507
3508         Reviewed by Mark Lam.
3509
3510         The current thread names are meaningless in Linux environment. We do not want to
3511         have truncated name in Linux: we want to have clear name in Linux. Instead, we
3512         should have the name for Linux separately from the name used in the non-Linux
3513         environments. This patch adds FTLWorker, DFGWorker, and JITWorker names for
3514         Linux environment.
3515
3516         * dfg/DFGWorklist.cpp:
3517         (JSC::DFG::createWorklistName):
3518         (JSC::DFG::Worklist::Worklist):
3519         (JSC::DFG::Worklist::create):
3520         (JSC::DFG::ensureGlobalDFGWorklist):
3521         (JSC::DFG::ensureGlobalFTLWorklist):
3522         * dfg/DFGWorklist.h:
3523         * jit/JITWorklist.cpp:
3524
3525 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3526
3527         Name Heap threads
3528         https://bugs.webkit.org/show_bug.cgi?id=190337
3529
3530         Reviewed by Mark Lam.
3531
3532         Name heap threads as "Heap Helper Thread". In Linux, we name it "HeapHelper" since
3533         Linux does not accept the name longer than 15. We do not want to use the short name
3534         for non-Linux environment. And we want to have clear name in Linux: truncated name
3535         is not good. So, having the two names is the only way.
3536
3537         * heap/HeapHelperPool.cpp:
3538         (JSC::heapHelperPool):
3539
3540 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3541
3542         [JSC] Avoid creating ProgramExecutable in checkSyntax
3543         https://bugs.webkit.org/show_bug.cgi?id=190332
3544
3545         Reviewed by Mark Lam.
3546
3547         uglify-js in web-tooling-benchmark executes massive number of Function constructor calls.
3548         In Function constructor code, we perform checkSyntax for body and parameters. So fast checkSyntax
3549         is important when the performance of Function constructor matters. Current checkSyntax code
3550         unnecessarily allocates ProgramExecutable. This patch removes this allocation and improves
3551         the benchmark score slightly.
3552
3553         Before:
3554             uglify-js:  2.87 runs/s
3555         After:
3556             uglify-js:  2.94 runs/s
3557
3558         * runtime/Completion.cpp:
3559         (JSC::checkSyntaxInternal):
3560         (JSC::checkSyntax):
3561         * runtime/ProgramExecutable.cpp:
3562         (JSC::ProgramExecutable::checkSyntax): Deleted.
3563         * runtime/ProgramExecutable.h:
3564
3565 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
3566
3567         [ESNext][BigInt] Implement support for "|"
3568         https://bugs.webkit.org/show_bug.cgi?id=186229
3569
3570         Reviewed by Yusuke Suzuki.
3571
3572         This patch is introducing support for BigInt into bitwise "or" operator.
3573         In addition, we are also introducing 2 new DFG nodes, named "ArithBitOr" and
3574         "ValueBitOr", to replace "BitOr" node. The idea is to follow the
3575         difference that we make on Arith<op> and Value<op>, where ArithBitOr
3576         handles cases when the operands are Int32 and ValueBitOr handles
3577         the remaining cases.
3578
3579         We are also changing op_bitor to use ValueProfile. We are using
3580         ValueProfile during DFG generation to emit "ArithBitOr" when
3581         outcome prediction is Int32.
3582
3583         * bytecode/CodeBlock.cpp:
3584         (JSC::CodeBlock::finishCreation):
3585         (JSC::CodeBlock::arithProfileForPC):
3586         * bytecompiler/BytecodeGenerator.cpp:
3587         (JSC::BytecodeGenerator::emitBinaryOp):
3588         * dfg/DFGAbstractInterpreterInlines.h:
3589         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3590         * dfg/DFGBackwardsPropagationPhase.cpp:
3591         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
3592         (JSC::DFG::BackwardsPropagationPhase::propagate):
3593         * dfg/DFGByteCodeParser.cpp:
3594         (JSC::DFG::ByteCodeParser::parseBlock):
3595         * dfg/DFGClobberize.h:
3596         (JSC::DFG::clobberize):
3597         * dfg/DFGDoesGC.cpp:
3598         (JSC::DFG::doesGC):
3599         * dfg/DFGFixupPhase.cpp:
3600         (JSC::DFG::FixupPhase::fixupNode):
3601         * dfg/DFGNodeType.h:
3602         * dfg/DFGOperations.cpp:
3603         (JSC::DFG::bitwiseOp):
3604         * dfg/DFGOperations.h:
3605         * dfg/DFGPredictionPropagationPhase.cpp:
3606         * dfg/DFGSafeToExecute.h:
3607         (JSC::DFG::safeToExecute):
3608         * dfg/DFGSpeculativeJIT.cpp:
3609         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
3610         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
3611         * dfg/DFGSpeculativeJIT.h:
3612         (JSC::DFG::SpeculativeJIT::bitOp):
3613         * dfg/DFGSpeculativeJIT32_64.cpp:
3614         (JSC::DFG::SpeculativeJIT::compile):
3615         * dfg/DFGSpeculativeJIT64.cpp:
3616         (JSC::DFG::SpeculativeJIT::compile):
3617         * dfg/DFGStrengthReductionPhase.cpp:
3618         (JSC::DFG::StrengthReductionPhase::handleNode):
3619         * ftl/FTLCapabilities.cpp:
3620         (JSC::FTL::canCompile):
3621         * ftl/FTLLowerDFGToB3.cpp:
3622         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3623         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
3624         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitOr):
3625         (JSC::FTL::DFG::LowerDFGToB3::compileBitOr): Deleted.
3626         * jit/JITArithmetic.cpp:
3627         (JSC::JIT::emit_op_bitor):
3628         * llint/LowLevelInterpreter32_64.asm:
3629         * llint/LowLevelInterpreter64.asm:
3630         * runtime/CommonSlowPaths.cpp:
3631         (JSC::SLOW_PATH_DECL):
3632         * runtime/JSBigInt.cpp:
3633         (JSC::JSBigInt::bitwiseAnd):
3634         (JSC::JSBigInt::bitwiseOr):
3635         (JSC::JSBigInt::absoluteBitwiseOp):
3636         (JSC::JSBigInt::absoluteAddOne):
3637         * runtime/JSBigInt.h:
3638
3639 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3640
3641         [JSC] Use new extra memory reporting in SparseArrayMap
3642         https://bugs.webkit.org/show_bug.cgi?id=190278
3643
3644         Reviewed by Keith Miller.
3645
3646         This patch switches the extra memory reporting mechanism from deprecatedReportExtraMemory
3647         to reportExtraMemoryAllocated & reportExtraMemoryVisited in SparseArrayMap.
3648
3649         * runtime/SparseArrayValueMap.cpp:
3650         (JSC::SparseArrayValueMap::add):
3651         (JSC::SparseArrayValueMap::visitChildren):
3652
3653 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3654
3655         [JSC][Linux] Support Perf JITDump logging
3656         https://bugs.webkit.org/show_bug.cgi?id=189893
3657
3658         Reviewed by Mark Lam.
3659
3660         This patch adds Linux `perf` command's JIT Dump support. It allows JSC to tell perf about JIT code information.
3661         We add a command line option, `--logJITCodeForPerf`, which dumps `jit-%pid.dump` in the current directory.
3662         By using this dump and perf.data output, we can annotate JIT code with profiling information.
3663
3664             $ echo "(function f() { var s = 0; for (var i = 0; i < 1000000000; i++) { s += i; } return s; })();" > test.js
3665             $ perf record -k mono ../../WebKitBuild/perf/Release/bin/jsc test.js --logJITCodeForPerf=true
3666             [ perf record: Woken up 1 times to write data ]
3667             [ perf record: Captured and wrote 0.182 MB perf.data (4346 samples) ]
3668             $ perf inject --jit -i perf.data -o perf.jit.data
3669             $ perf report -i perf.jit.data
3670
3671         * Sources.txt:
3672         * assembler/LinkBuffer.cpp:
3673         (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
3674         * assembler/LinkBuffer.h:
3675         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
3676         * assembler/PerfLog.cpp: Added.
3677         (JSC::PerfLog::singleton):
3678         (JSC::generateTimestamp):
3679         (JSC::getCurrentThreadID):
3680         (JSC::PerfLog::PerfLog):
3681         (JSC::PerfLog::write):
3682         (JSC::PerfLog::flush):
3683         (JSC::PerfLog::log):
3684         * assembler/PerfLog.h: Added.
3685         * jit/ExecutableAllocator.cpp:
3686         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
3687         * runtime/Options.cpp:
3688         (JSC::Options::isAvailable):
3689         * runtime/Options.h:
3690
3691 2018-10-05  Mark Lam  <mark.lam@apple.com>
3692
3693         Gardening: Build fix after r236880.
3694         https://bugs.webkit.org/show_bug.cgi?id=190317
3695
3696         Unreviewed.
3697
3698         * jit/ExecutableAllocator.h:
3699
3700 2018-10-05  Mark Lam  <mark.lam@apple.com>
3701
3702         performJITMemcpy() should handle the case when the executable allocator is not initialized yet.
3703         https://bugs.webkit.org/show_bug.cgi?id=190317
3704         <rdar://problem/45039398>
3705
3706         Reviewed by Saam Barati.
3707
3708         When SeparatedWXHeaps is in use, jitWriteThunkGenerator() will call performJITMemcpy()
3709         to copy memory before the JIT fixed memory pool is initialize.  Before r236864,
3710         performJITMemcpy() would just do a memcpy in that case.  We need to restore the
3711         equivalent behavior.
3712
3713         * jit/ExecutableAllocator.cpp:
3714         (JSC::isJITPC):
3715         * jit/ExecutableAllocator.h:
3716         (JSC::performJITMemcpy):
3717
3718 2018-10-05  Carlos Eduardo Ramalho  <cadubentzen@gmail.com>
3719
3720         [WPE][JSC] Use Unified Sources for Platform-specific sources
3721         https://bugs.webkit.org/show_bug.cgi?id=190300
3722
3723         Reviewed by Yusuke Suzuki.
3724
3725         Currently the GTK port already used Unified Sources with the same source files.
3726         As WPE has conditional code using gmodule, we need to add GLIB_GMODULE_LIBRARIES
3727         to the list of libraries to link with.
3728
3729         * PlatformWPE.cmake:
3730         * SourcesWPE.txt: Added.
3731         * shell/PlatformWPE.cmake:
3732
3733 2018-10-05  Mike Gorse  <mgorse@alum.wpi.edu>
3734
3735         [GTK] build fails with python 3 if LANG and LC_TYPE are unset
3736         https://bugs.webkit.org/show_bug.cgi?id=190258
3737
3738         Reviewed by Konstantin Tokarev.
3739
3740         * Scripts/cssmin.py: Set stdout to UTF-8 on python 3.
3741         * Scripts/generateIntlCanonicalizeLanguage.py: Open files with
3742           encoding=UTF-8 on Python 3.
3743         * yarr/generateYarrCanonicalizeUnicode: Ditto.
3744         * yarr/generateYarrUnicodePropertyTables.py: Ditto.
3745
3746 2018-10-04  Mark Lam  <mark.lam@apple.com>
3747
3748         Move start/EndOfFixedExecutableMemoryPool pointers into the FixedVMPoolExecutableAllocator object.
3749         https://bugs.webkit.org/show_bug.cgi?id=190295
3750         <rdar://problem/19197193>
3751
3752         Reviewed by Saam Barati.
3753
3754         This allows us to use the tagging logic already baked into MacroAssemblerCodePtr
3755         instead of needing to use our own custom version here.
3756
3757         * jit/ExecutableAllocator.cpp:
3758         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
3759         (JSC::FixedVMPoolExecutableAllocator::memoryStart):
3760         (JSC::FixedVMPoolExecutableAllocator::memoryEnd):
3761         (JSC::FixedVMPoolExecutableAllocator::isJITPC):
3762         (JSC::ExecutableAllocator::allocate):
3763         (JSC::startOfFixedExecutableMemoryPoolImpl):
3764         (JSC::endOfFixedExecutableMemoryPoolImpl):
3765         (JSC::isJITPC):
3766         * jit/ExecutableAllocator.h:
3767
3768 2018-10-04  Mark Lam  <mark.lam@apple.com>
3769
3770         Disable Options::useWebAssemblyFastMemory() on linux if ASAN signal handling is not disabled.
3771         https://bugs.webkit.org/show_bug.cgi?id=190283
3772         <rdar://problem/45015752>
3773
3774         Reviewed by Keith Miller.
3775
3776         * runtime/Options.cpp:
3777         (JSC::Options::initialize):
3778         * wasm/WasmFaultSignalHandler.cpp:
3779         (JSC::Wasm::enableFastMemory):
3780
3781 2018-10-03  Ross Kirsling  <ross.kirsling@sony.com>
3782
3783         [JSC] print() changes CRLF to CRCRLF on Windows
3784         https://bugs.webkit.org/show_bug.cgi?id=190228
3785
3786         Reviewed by Mark Lam.
3787
3788         * jsc.cpp:
3789         (main):
3790         Ultimately, this is just the normal behavior of printf in text mode on Windows.
3791         Since we're reading in files as binary, we need to be printing out as binary too
3792         (just as we do in DumpRenderTree and ImageDiff.)
3793
3794 2018-10-03  Saam barati  <sbarati@apple.com>
3795
3796         lowXYZ in FTLLower should always filter the type of the incoming edge
3797         https://bugs.webkit.org/show_bug.cgi?id=189939
3798         <rdar://problem/44407030>
3799
3800         Reviewed by Michael Saboff.
3801
3802         For example, the FTL may know more about data flow than AI in certain programs,
3803         and it needs to inform AI of these data flow properties to appease the assertion
3804         we have in AI that a node must perform type checks on its child nodes.
3805         
3806         For example, consider this program:
3807         
3808         ```
3809         bb#1
3810         a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
3811         Branch(...,  #2, #3)
3812         
3813         bb#2
3814         ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
3815         Jump(#3)
3816         
3817         bb#3
3818         c: Add(Int32:@something, Int32:@a)
3819         ```
3820         
3821         When the Add node does lowInt32() for @a, FTL lower used to just grab it
3822         from the int32 hash table without filtering the AbstractValue. However,
3823         the parent node is asking for a type check to happen, so we must inform
3824         AI of this "type check" if we want to appease the assertion that all nodes
3825         perform type checks for their edges that semantically perform type checks.
3826         This patch makes it so we filter the AbstractValue in the lowXYZ even
3827         if FTLLower proved the value must be XYZ.
3828
3829         * ftl/FTLLowerDFGToB3.cpp:
3830         (JSC::FTL::DFG::LowerDFGToB3::compilePhi):
3831         (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck):
3832         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
3833         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
3834         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
3835
3836 2018-10-03  Michael Saboff  <msaboff@apple.com>
3837
3838         Command line jsc should report memory footprint in bytes
3839         https://bugs.webkit.org/show_bug.cgi?id=190267
3840
3841         Reviewed by Mark Lam.
3842
3843         Change to leave the footprint values from the system unmodified.
3844
3845         * jsc.cpp:
3846         (JSCMemoryFootprint::finishCreation):
3847
3848 2018-10-03  Mark Lam  <mark.lam@apple.com>
3849
3850         Suppress unreachable code warning for LLIntAssembly.h code.
3851         https://bugs.webkit.org/show_bug.cgi?id=190263
3852         <rdar://problem/44986532>
3853
3854         Reviewed by Saam Barati.
3855
3856         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
3857         asm files, and may contain dead code which are harmless, but will trip up the warning.
3858         We should suppress the warning so that it doesn't break builds.
3859
3860         * llint/LowLevelInterpreter.cpp:
3861         (JSC::CLoop::execute):
3862
3863 2018-10-03  Dan Bernstein  <mitz@apple.com>
3864
3865         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
3866         https://bugs.webkit.org/show_bug.cgi?id=190250
3867
3868         Reviewed by Alex Christensen.
3869
3870         * API/tests/Regress141275.mm:
3871         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
3872           by making the self-retaining explicit.
3873
3874         * API/tests/testapi.cpp:
3875         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
3876           loop instead of returning from the lambda.
3877
3878         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
3879           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
3880           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
3881
3882         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
3883           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
3884
3885         * assembler/MacroAssemblerPrinter.cpp:
3886         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
3887           some commas with semicolons.
3888
3889 2018-10-03  Mark Lam  <mark.lam@apple.com>
3890
3891         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
3892         https://bugs.webkit.org/show_bug.cgi?id=190187
3893         <rdar://problem/42512909>
3894
3895         Reviewed by Michael Saboff.
3896
3897         Allowing different max string lengths at each level opens up opportunities for
3898         bugs to creep in.  With 2 different max length values, it is more difficult to
3899         keep the story straight on how we do overflow / bounds checks at each place in
3900         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
3901         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
3902         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
3903         standardize on a MaxLength of INT_MAX at all levels.
3904
3905         We'll also standardize the way we do length overflow checks on using
3906         CheckedArithmetic, and add some asserts to document the assumptions of the code.
3907
3908         * runtime/FunctionConstructor.cpp:
3909         (JSC::constructFunctionSkippingEvalEnabledCheck):
3910         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
3911         * runtime/JSString.h:
3912         (JSC::JSString::finishCreation):
3913         (JSC::JSString::createHasOtherOwner):
3914         (JSC::JSString::setLength):
3915         * runtime/JSStringInlines.h:
3916         (JSC::jsMakeNontrivialString):
3917         * runtime/Operations.h:
3918         (JSC::jsString):
3919
3920 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
3921
3922         [JSC] Add a C++ callable overload of objectConstructorSeal
3923         https://bugs.webkit.org/show_bug.cgi?id=190137
3924
3925         Reviewed by Yusuke Suzuki.
3926
3927         * runtime/ObjectConstructor.cpp:
3928         * runtime/ObjectConstructor.h:
3929
3930 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
3931
3932         Fix Disassembler-output on ARM Thumb2
3933         https://bugs.webkit.org/show_bug.cgi?id=190203
3934
3935         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
3936         execution in thumb mode for jumps and calls. The actual machine
3937         instructions are still aligned to 2-bytes though. Use dataLocation() as
3938         start address for disassembling since it unsets the thumb bit.
3939         Until now the disassembler would start at the wrong address (off by 1),
3940         resulting in the wrong disassembled machine instructions.
3941
3942         Reviewed by Mark Lam.
3943
3944         * disassembler/CapstoneDisassembler.cpp:
3945         (JSC::tryToDisassemble):
3946
3947 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3948
3949         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
3950         https://bugs.webkit.org/show_bug.cgi?id=190215
3951
3952         Reviewed by Mark Lam.
3953
3954         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
3955         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
3956         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple