8a2bc7d30f9107cdc791eb35be43108c77d9ed39
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-12-04  Benjamin Poulain  <bpoulain@apple.com>
2
3         [JSC] Add signExt() to FTLB3Output
4         https://bugs.webkit.org/show_bug.cgi?id=151853
5
6         Reviewed by Geoffrey Garen.
7
8         Rename signExt() to signExt32To64(). This is just to separate
9         it explicitly from the remaining signExt() used inside FTLOutput.
10
11         Then use the SExt32 for implementing that in B3.
12
13         * ftl/FTLB3Output.h:
14         (JSC::FTL::Output::signExt32To64):
15         (JSC::FTL::Output::signExt): Deleted.
16         * ftl/FTLLowerDFGToLLVM.cpp:
17         (JSC::FTL::DFG::LowerDFGToLLVM::compileInt52Rep):
18         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetDirectPname):
19         (JSC::FTL::DFG::LowerDFGToLLVM::strictInt52ToInt32):
20         (JSC::FTL::DFG::LowerDFGToLLVM::strictInt52ToJSValue):
21         (JSC::FTL::DFG::LowerDFGToLLVM::jsValueToStrictInt52):
22         * ftl/FTLOutput.h:
23         (JSC::FTL::Output::signExt32To64):
24         (JSC::FTL::Output::signExt):
25
26 2015-12-04  Joseph Pecoraro  <pecoraro@apple.com>
27
28         Web Inspector: Unskip many inspector/debugger tests
29         https://bugs.webkit.org/show_bug.cgi?id=151843
30
31         Reviewed by Timothy Hatcher.
32
33         * bindings/ScriptFunctionCall.cpp:
34         (Deprecated::ScriptFunctionCall::call):
35         Ignore TerminationExceptions, as those aren't real execution
36         exceptions and may be seen on Workers that have closed.
37
38 2015-12-04  Joseph Pecoraro  <pecoraro@apple.com>
39
40         Web Inspector: Remove untested and unused Worker inspection
41         https://bugs.webkit.org/show_bug.cgi?id=151848
42
43         Reviewed by Brian Burg.
44
45         * CMakeLists.txt:
46         * DerivedSources.make:
47         * debugger/Debugger.cpp:
48         (JSC::Debugger::Debugger):
49         (JSC::Debugger::willExecuteProgram):
50         * debugger/Debugger.h:
51         * inspector/JSGlobalObjectScriptDebugServer.cpp:
52         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
53         * inspector/ScriptDebugServer.cpp:
54         (Inspector::ScriptDebugServer::ScriptDebugServer):
55         * inspector/ScriptDebugServer.h:
56         * inspector/agents/InspectorConsoleAgent.h:
57         * inspector/agents/InspectorRuntimeAgent.cpp:
58         (Inspector::InspectorRuntimeAgent::run): Deleted.
59         * inspector/agents/InspectorRuntimeAgent.h:
60         * inspector/agents/JSGlobalObjectConsoleAgent.h:
61         * inspector/protocol/Runtime.json:
62         * inspector/protocol/Worker.json: Removed.
63
64 2015-12-04  Joseph Pecoraro  <pecoraro@apple.com>
65
66         Web Inspector: Specifically Identify the Global Lexical Environment Scope
67         https://bugs.webkit.org/show_bug.cgi?id=151828
68
69         Reviewed by Brian Burg.
70
71         * inspector/InjectedScriptSource.js:
72         Include the new scope type.
73
74         * inspector/JSJavaScriptCallFrame.h:
75         * inspector/JSJavaScriptCallFrame.cpp:
76         (Inspector::JSJavaScriptCallFrame::scopeType):
77         Set the new value for the new scope type.
78
79         * inspector/JSJavaScriptCallFramePrototype.cpp:
80         (Inspector::JSJavaScriptCallFramePrototype::finishCreation): Deleted.
81         (Inspector::jsJavaScriptCallFrameConstantGLOBAL_SCOPE): Deleted.
82         (Inspector::jsJavaScriptCallFrameConstantLOCAL_SCOPE): Deleted.
83         (Inspector::jsJavaScriptCallFrameConstantWITH_SCOPE): Deleted.
84         (Inspector::jsJavaScriptCallFrameConstantCLOSURE_SCOPE): Deleted.
85         (Inspector::jsJavaScriptCallFrameConstantCATCH_SCOPE): Deleted.
86         (Inspector::jsJavaScriptCallFrameConstantFUNCTION_NAME_SCOPE): Deleted.
87         Remove unused constants on the JavaScriptCallFrame object.
88         Currently they are just hardcoded in InjectedScriptSource
89         and they don't make sense on instances anyways.
90
91 2015-12-04  Keith Miller  <keith_miller@apple.com>
92
93         Add an option to emit instructions validating exceptions in the DFG rather than always emiting them.
94         https://bugs.webkit.org/show_bug.cgi?id=151841
95
96         Reviewed by Saam Barati.
97
98         Add a new option that validates the DFG execption checking. The default value for the option is
99         true in Debug builds and false in Release builds. Additionally, renamed jitAssertNoException to
100         jitReleaseAssertNoException for consistency with our ASSERT naming convention.
101
102         * dfg/DFGSpeculativeJIT.cpp:
103         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
104         * jit/AssemblyHelpers.cpp:
105         (JSC::AssemblyHelpers::jitReleaseAssertNoException):
106         (JSC::AssemblyHelpers::jitAssertNoException): Deleted.
107         * jit/AssemblyHelpers.h:
108         (JSC::AssemblyHelpers::jitAssertNoException): Deleted.
109         * runtime/Options.cpp:
110         (JSC::recomputeDependentOptions):
111         * runtime/Options.h:
112
113 2015-12-04  Csaba Osztrogonác  <ossy@webkit.org>
114
115         Fix the !ENABLE(DFG_JIT) build after r190735
116         https://bugs.webkit.org/show_bug.cgi?id=151617
117
118         Reviewed by Filip Pizlo.
119
120         * jit/GCAwareJITStubRoutine.cpp:
121         (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
122
123 2015-12-04  Csaba Osztrogonác  <ossy@webkit.org>
124
125         [cmake] Fix the B3 build after r192946
126         https://bugs.webkit.org/show_bug.cgi?id=151857
127
128         Reviewed by Michael Saboff.
129
130         * CMakeLists.txt:
131
132 2015-12-04  Csaba Osztrogonác  <ossy@webkit.org>
133
134         [AArch64] Typo fix after r189575
135         https://bugs.webkit.org/show_bug.cgi?id=151855
136
137         Reviewed by Michael Saboff.
138
139         * ftl/FTLUnwindInfo.cpp:
140         (JSC::FTL::parseUnwindInfo):
141
142 2015-12-03  Filip Pizlo  <fpizlo@apple.com>
143
144         B3 Patchpoint and Check opcodes should be able to specify WarmAny, ColdAny, and LateColdAny
145         https://bugs.webkit.org/show_bug.cgi?id=151335
146
147         Reviewed by Geoffrey Garen.
148
149         This removes ValueRep::Any and replaces it with ValueRep::WarmAny, ValueRep::ColdAny, and
150         ValueRep::LateColdAny. I think that conceptually the most obvious users of patchpoints are inline
151         caches, which would use WarmAny for their non-OSR inputs. For this reason, I make WarmAny the
152         default.
153
154         However, the StackmapValue optimization that provides a default ValueRep for any that are missing
155         was meant for OSR. So, this optimization now uses ColdAny.
156
157         This patch wires this change through the whole compiler and adds some tests.
158
159         * b3/B3CheckSpecial.cpp:
160         (JSC::B3::CheckSpecial::Key::Key):
161         (JSC::B3::CheckSpecial::Key::dump):
162         (JSC::B3::CheckSpecial::CheckSpecial):
163         * b3/B3CheckSpecial.h:
164         (JSC::B3::CheckSpecial::Key::Key):
165         (JSC::B3::CheckSpecial::Key::opcode):
166         (JSC::B3::CheckSpecial::Key::numArgs):
167         (JSC::B3::CheckSpecial::Key::stackmapRole):
168         * b3/B3CheckValue.cpp:
169         (JSC::B3::CheckValue::CheckValue):
170         * b3/B3ConstrainedValue.h:
171         (JSC::B3::ConstrainedValue::ConstrainedValue):
172         * b3/B3LowerToAir.cpp:
173         (JSC::B3::Air::LowerToAir::fillStackmap):
174         (JSC::B3::Air::LowerToAir::lower):
175         * b3/B3MoveConstants.cpp:
176         * b3/B3PatchpointSpecial.cpp:
177         (JSC::B3::PatchpointSpecial::forEachArg):
178         (JSC::B3::PatchpointSpecial::isValid):
179         (JSC::B3::PatchpointSpecial::admitsStack):
180         * b3/B3PatchpointValue.cpp:
181         (JSC::B3::PatchpointValue::PatchpointValue):
182         * b3/B3PatchpointValue.h:
183         * b3/B3StackmapSpecial.cpp:
184         (JSC::B3::StackmapSpecial::forEachArgImpl):
185         (JSC::B3::StackmapSpecial::admitsStackImpl):
186         (JSC::B3::StackmapSpecial::isArgValidForRep):
187         (WTF::printInternal):
188         * b3/B3StackmapSpecial.h:
189         * b3/B3StackmapValue.cpp:
190         (JSC::B3::StackmapValue::append):
191         (JSC::B3::StackmapValue::setConstraint):
192         * b3/B3StackmapValue.h:
193         * b3/B3Validate.cpp:
194         * b3/B3ValueRep.cpp:
195         (JSC::B3::ValueRep::dump):
196         (WTF::printInternal):
197         * b3/B3ValueRep.h:
198         (JSC::B3::ValueRep::ValueRep):
199         (JSC::B3::ValueRep::reg):
200         (JSC::B3::ValueRep::operator!=):
201         (JSC::B3::ValueRep::operator bool):
202         (JSC::B3::ValueRep::isAny):
203         (JSC::B3::ValueRep::isSomeRegister):
204         * b3/testb3.cpp:
205         (JSC::B3::compileAndRun):
206         (JSC::B3::add32):
207         (JSC::B3::test42):
208         (JSC::B3::testSimplePatchpoint):
209         (JSC::B3::testPatchpointWithEarlyClobber):
210         (JSC::B3::testPatchpointFixedRegister):
211         (JSC::B3::testPatchpointAny):
212         (JSC::B3::testPatchpointLotsOfLateAnys):
213         (JSC::B3::testPatchpointAnyImm):
214         (JSC::B3::testPatchpointManyImms):
215         (JSC::B3::testPatchpointWithRegisterResult):
216         (JSC::B3::testPatchpointWithAnyResult):
217         (JSC::B3::run):
218         * ftl/FTLLowerDFGToLLVM.cpp:
219         (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
220
221 2015-12-03  Filip Pizlo  <fpizlo@apple.com>
222
223         B3 patchpoints should allow specifying output constraints
224         https://bugs.webkit.org/show_bug.cgi?id=151809
225
226         Reviewed by Benjamin Poulain.
227
228         JS call patchpoints should put their result into the result register, while most other patchpoints
229         should put their results into some register. I think that it's best if we just allow arbitrary
230         constraints on the result of a patchpoint. And by "arbitrary" I mean allowing the same kinds of
231         constraints as we allow on the stackmap children.
232
233         This also adds a large comment in B3StackmapValue.h that lays out the philosophy of our stackmaps
234         and patchpoints. I found it useful to write down the plan since it's pretty subtle.
235
236         * b3/B3LowerToAir.cpp:
237         (JSC::B3::Air::LowerToAir::lower):
238         * b3/B3PatchpointSpecial.cpp:
239         (JSC::B3::PatchpointSpecial::isValid):
240         (JSC::B3::PatchpointSpecial::admitsStack):
241         * b3/B3PatchpointValue.cpp:
242         (JSC::B3::PatchpointValue::~PatchpointValue):
243         (JSC::B3::PatchpointValue::dumpMeta):
244         (JSC::B3::PatchpointValue::PatchpointValue):
245         * b3/B3PatchpointValue.h:
246         (JSC::B3::PatchpointValue::accepts):
247         * b3/B3Procedure.h:
248         (JSC::B3::Procedure::code):
249         * b3/B3StackmapSpecial.cpp:
250         (JSC::B3::StackmapSpecial::isValidImpl):
251         (JSC::B3::StackmapSpecial::appendRepsImpl):
252         (JSC::B3::StackmapSpecial::isArgValidForValue):
253         (JSC::B3::StackmapSpecial::isArgValidForRep):
254         (JSC::B3::StackmapSpecial::repForArg):
255         * b3/B3StackmapSpecial.h:
256         * b3/B3StackmapValue.h:
257         * b3/B3Validate.cpp:
258         * b3/B3ValueRep.h:
259         (JSC::B3::ValueRep::doubleValue):
260         * b3/testb3.cpp:
261         (JSC::B3::testPatchpointManyImms):
262         (JSC::B3::testPatchpointWithRegisterResult):
263         (JSC::B3::testPatchpointWithStackArgumentResult):
264         (JSC::B3::testPatchpointWithAnyResult):
265         (JSC::B3::testSimpleCheck):
266         (JSC::B3::run):
267         * jit/RegisterSet.h:
268
269 2015-12-03  Anders Carlsson  <andersca@apple.com>
270
271         Remove Objective-C GC support
272         https://bugs.webkit.org/show_bug.cgi?id=151819
273         rdar://problem/23746991
274
275         Reviewed by Dan Bernstein.
276
277         * Configurations/Base.xcconfig:
278         * Configurations/ToolExecutable.xcconfig:
279
280 2015-12-03  Benjamin Poulain  <bpoulain@apple.com>
281
282         Attempt to fix GTK again after r193125
283
284         * assembler/MacroAssemblerX86Common.h:
285         (JSC::MacroAssemblerX86Common::supportsLZCNT):
286
287 2015-12-03  Benjamin Poulain  <bpoulain@apple.com>
288
289         Attempt to fix GTK after r193125
290
291         * assembler/MacroAssemblerX86Common.h:
292         (JSC::MacroAssemblerX86Common::supportsLZCNT):
293         GCC is unable to handle EBX correctly when clobbered by inline asm.
294
295 2015-12-03  Saam barati  <sbarati@apple.com>
296
297         FTL::OSRExitDescriptor should use less memory by having a companion object that dies after compilation
298         https://bugs.webkit.org/show_bug.cgi?id=151795
299
300         Reviewed by Geoffrey Garen.
301
302         There were a few fields on FTL::OSRExitDescriptor that are only
303         needed during compilation. This patch introduces OSRExitDescriptorImpl 
304         which is a struct that we create for each OSRExitDescriptor. The difference is 
305         that OSRExitDescriptorImpl lives off of FTL::State so it dies after we compile.
306         This way no unnecessary fields persist after the compilation.
307
308         * ftl/FTLCompile.cpp:
309         (JSC::FTL::mmAllocateDataSection):
310         * ftl/FTLExceptionHandlerManager.cpp:
311         (JSC::FTL::ExceptionHandlerManager::lazySlowPathExceptionTarget):
312         (JSC::FTL::ExceptionHandlerManager::getCallOSRExitCommon):
313         * ftl/FTLLowerDFGToLLVM.cpp:
314         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
315         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException):
316         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitDescriptor):
317         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
318         (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
319         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
320         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
321         * ftl/FTLOSRExit.cpp:
322         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
323         (JSC::FTL::OSRExitDescriptor::validateReferences):
324         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
325         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
326         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
327         (JSC::FTL::OSRExit::OSRExit):
328         (JSC::FTL::OSRExit::codeLocationForRepatch):
329         (JSC::FTL::OSRExit::gatherRegistersToSpillForCallIfException):
330         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
331         (JSC::FTL::exceptionTypeWillArriveAtOSRExitFromGenericUnwind):
332         (JSC::FTL::OSRExit::willArriveAtOSRExitFromGenericUnwind):
333         (JSC::FTL::OSRExit::willArriveAtOSRExitFromCallOperation):
334         (JSC::FTL::OSRExitDescriptor::isExceptionHandler): Deleted.
335         * ftl/FTLOSRExit.h:
336         (JSC::FTL::OSRExitDescriptorImpl::OSRExitDescriptorImpl):
337         * ftl/FTLOSRExitCompiler.cpp:
338         (JSC::FTL::compileFTLOSRExit):
339         * ftl/FTLState.h:
340
341 2015-12-03  Alex Christensen  <achristensen@webkit.org>
342
343         Fix 64-bit Windows build after r193125.
344         https://bugs.webkit.org/show_bug.cgi?id=151799
345
346         Reviewed by Michael Saboff.
347
348         * assembler/MacroAssemblerX86Common.h:
349         (JSC::MacroAssemblerX86Common::supportsLZCNT):
350         Use __cpuid intrinsic instead of inline assembly.
351
352 2015-12-02  Filip Pizlo  <fpizlo@apple.com>
353
354         FTL B3 should support OSR exit
355         https://bugs.webkit.org/show_bug.cgi?id=151710
356
357         Reviewed by Saam Barati.
358
359         This adds OSR exit support using the same style that I established with lazy slow paths. All of
360         the work is driven by FTL::LowerDFGToLLVM, and from there any work that needs to be deferred
361         until after B3 finishes is attached to the stackmap generator. In order to make it easy to port
362         all of the different forms of OSR exit - invalidation points, exceptions, etc. - the logic for
363         registering an OSR exit is abstracted behind OSRExitDescriptor and OSRExitHandle.
364
365         An issue that I encountered repeatedly in this patch is OSRExitDescriptor being passed as a
366         reference (&) rather than pointer (*). The new code uses a lot of lambdas that run after the
367         current frame pops, so the capture list cannot be [&]. I believe that always listing all of the
368         captured variables is not scalable considering how sophisticated our use of lambdas is. So, it
369         makes sense to use [=]. But anytime we captured a variable whose type was OSRExitDescriptor&, it
370         would be captured by value, because that's how references work. One has to be mindful of these
371         things whenever using [=]. Note that it's not enough to say that we should have listed the
372         captured variables explicitly - in that case, we still could have made the mistake by forgetting
373         to put & in front of the variant. The pattern that worked for me to reason about whether I'm
374         capturing an object or a pointer to an object is to always use pointer types for pointers: either
375         RefPtr<> when we also want the lambda to prolong the object's life, or * if we are confident that
376         the object will stay alive. For this reason, this patch changes all code that references
377         OSRExitDescriptor to use * instead of &. Consistency makes the code easier to grok, and it made
378         it easier to introduce the required uses of * in places where there were lambdas.
379
380         I tested this by running imaging-gaussian-blur, and running some tests that reqiure OSR exit. I'm
381         not promising that all kinds of exits work, but we have to begin somewhere.
382
383         * CMakeLists.txt:
384         * JavaScriptCore.xcodeproj/project.pbxproj:
385         * b3/B3Compilation.cpp:
386         (JSC::B3::Compilation::Compilation):
387         (JSC::B3::Compilation::~Compilation):
388         * b3/B3Procedure.cpp:
389         (JSC::B3::Procedure::addDataSection):
390         (JSC::B3::Procedure::frameSize):
391         (JSC::B3::Procedure::calleeSaveRegisters):
392         * b3/B3Procedure.h:
393         (JSC::B3::Procedure::releaseByproducts):
394         (JSC::B3::Procedure::code):
395         (JSC::B3::Procedure::takeByproducts): Deleted.
396         * b3/air/AirCode.h:
397         (JSC::B3::Air::Code::setFrameSize):
398         (JSC::B3::Air::Code::calleeSaveRegisters):
399         * b3/air/AirGenerationContext.h:
400         * ftl/FTLB3Compile.cpp:
401         (JSC::FTL::compile):
402         * ftl/FTLCompile.cpp:
403         (JSC::FTL::mmAllocateDataSection):
404         * ftl/FTLExceptionHandlerManager.cpp:
405         (JSC::FTL::ExceptionHandlerManager::lazySlowPathExceptionTarget):
406         (JSC::FTL::ExceptionHandlerManager::getCallOSRExitCommon):
407         * ftl/FTLExitThunkGenerator.cpp:
408         * ftl/FTLExitThunkGenerator.h:
409         * ftl/FTLJITCode.cpp:
410         (JSC::FTL::JITCode::JITCode):
411         (JSC::FTL::JITCode::initializeB3Code):
412         (JSC::FTL::JITCode::initializeB3Byproducts):
413         (JSC::FTL::JITCode::initializeExitThunks):
414         (JSC::FTL::JITCode::validateReferences):
415         (JSC::FTL::JITCode::liveRegistersToPreserveAtExceptionHandlingCallSite):
416         * ftl/FTLJITCode.h:
417         * ftl/FTLJITFinalizer.cpp:
418         (JSC::FTL::JITFinalizer::finalizeFunction):
419         * ftl/FTLJITFinalizer.h:
420         * ftl/FTLJSCall.cpp:
421         (JSC::FTL::JSCall::emit):
422         * ftl/FTLJSCallBase.cpp:
423         (JSC::FTL::JSCallBase::emit):
424         * ftl/FTLJSTailCall.cpp:
425         (JSC::FTL::JSTailCall::JSTailCall):
426         (JSC::FTL::JSTailCall::emit):
427         (JSC::FTL::DFG::getRegisterWithAddend): Deleted.
428         (JSC::FTL::m_instructionOffset): Deleted.
429         * ftl/FTLJSTailCall.h:
430         (JSC::FTL::JSTailCall::patchpoint):
431         (JSC::FTL::JSTailCall::stackmapID):
432         (JSC::FTL::JSTailCall::estimatedSize):
433         (JSC::FTL::JSTailCall::operator<):
434         * ftl/FTLLowerDFGToLLVM.cpp:
435         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
436         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException):
437         (JSC::FTL::DFG::LowerDFGToLLVM::lowBlock):
438         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitDescriptor):
439         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
440         (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
441         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
442         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
443         (JSC::FTL::DFG::LowerDFGToLLVM::callStackmap):
444         (JSC::FTL::lowerDFGToLLVM):
445         * ftl/FTLOSRExit.cpp:
446         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
447         (JSC::FTL::OSRExitDescriptor::validateReferences):
448         (JSC::FTL::OSRExitDescriptor::appendOSRExit):
449         (JSC::FTL::OSRExitDescriptor::appendOSRExitLater):
450         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
451         (JSC::FTL::OSRExit::OSRExit):
452         (JSC::FTL::OSRExit::codeLocationForRepatch):
453         (JSC::FTL::OSRExit::gatherRegistersToSpillForCallIfException):
454         (JSC::FTL::OSRExit::spillRegistersToSpillSlot):
455         (JSC::FTL::OSRExit::recoverRegistersFromSpillSlot):
456         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
457         * ftl/FTLOSRExit.h:
458         (JSC::FTL::OSRExit::considerAddingAsFrequentExitSite):
459         * ftl/FTLOSRExitCompilationInfo.h:
460         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
461         * ftl/FTLOSRExitCompiler.cpp:
462         (JSC::FTL::reboxAccordingToFormat):
463         (JSC::FTL::compileRecovery):
464         (JSC::FTL::compileStub):
465         (JSC::FTL::compileFTLOSRExit):
466         * ftl/FTLOSRExitHandle.cpp: Added.
467         (JSC::FTL::OSRExitHandle::emitExitThunk):
468         * ftl/FTLOSRExitHandle.h: Added.
469         (JSC::FTL::OSRExitHandle::OSRExitHandle):
470         * ftl/FTLState.cpp:
471         (JSC::FTL::State::State):
472         (JSC::FTL::State::~State):
473
474 2015-12-03  Joseph Pecoraro  <pecoraro@apple.com>
475
476         REGRESSION:(r192753): Remote Web Inspector: RemoteInspector::sendMessageToRemote with null connection
477         https://bugs.webkit.org/show_bug.cgi?id=151789
478
479         Reviewed by Timothy Hatcher.
480
481         * inspector/remote/RemoteInspector.mm:
482         (Inspector::RemoteInspector::sendMessageToRemote):
483         Bail if the connection is no longer available. It may have
484         been closed remotely.
485
486 2015-12-03  Joseph Pecoraro  <pecoraro@apple.com>
487
488         REGRESSION:(r192753): Remote Web Inspector: Window immediately closes after opening
489         https://bugs.webkit.org/show_bug.cgi?id=151788
490
491         Reviewed by Timothy Hatcher.
492
493         * inspector/remote/RemoteInspector.mm:
494         (Inspector::RemoteInspector::pushListingsNow):
495         The key at the outer level was not a string. Ensure it is a
496         string for backwards compatibility. One day we may use
497         non-numeric page identifiers as listing keys.
498
499 2015-12-03  Joseph Pecoraro  <pecoraro@apple.com>
500
501         REGRESSION(r192753): Remote Web Inspector: Enabling Remote Inspection on Auto Inspect candidate Debuggable doesn't show up in debuggers
502         https://bugs.webkit.org/show_bug.cgi?id=151792
503
504         Reviewed by Brian Burg.
505
506         * inspector/remote/RemoteInspector.mm:
507         (Inspector::RemoteInspector::updateAutomaticInspectionCandidate):
508         When m_debuggablesMap was split into both m_targetMap and m_listingMap
509         this particular case was missed in updating both the target and listing
510         when the target is updated. We should match RemoteInspector::updateTarget
511         and update the listing map as the debuggable may have changed to be
512         allowed to debug.
513
514 2015-12-03  Benjamin Poulain  <bpoulain@apple.com>
515
516         [JSC] Add CLZ support to B3
517         https://bugs.webkit.org/show_bug.cgi?id=151799
518
519         Reviewed by Michael Saboff.
520
521         Previously we were counting on LLVM to select LZCNT
522         when its available.
523         Since we have to do that ourself now, I added feature
524         detection based on the CPUID. The MacroAssembler just
525         pick the best available lowering based on the platform.
526
527         * assembler/MacroAssemblerX86Common.cpp:
528         * assembler/MacroAssemblerX86Common.h:
529         (JSC::MacroAssemblerX86Common::countLeadingZeros32):
530         (JSC::MacroAssemblerX86Common::supportsLZCNT):
531         (JSC::MacroAssemblerX86Common::clz32AfterBsr):
532         * assembler/MacroAssemblerX86_64.h:
533         (JSC::MacroAssemblerX86_64::countLeadingZeros64):
534         (JSC::MacroAssemblerX86_64::clz64AfterBsr):
535         * assembler/X86Assembler.h:
536         (JSC::X86Assembler::lzcnt_rr):
537         (JSC::X86Assembler::lzcnt_mr):
538         (JSC::X86Assembler::lzcntq_rr):
539         (JSC::X86Assembler::lzcntq_mr):
540         (JSC::X86Assembler::bsr_mr):
541         (JSC::X86Assembler::bsrq_rr):
542         (JSC::X86Assembler::bsrq_mr):
543         * b3/B3LowerToAir.cpp:
544         (JSC::B3::Air::LowerToAir::lower):
545         * b3/B3Opcode.cpp:
546         (WTF::printInternal):
547         * b3/B3Opcode.h:
548         * b3/B3Validate.cpp:
549         * b3/B3Value.cpp:
550         (JSC::B3::Value::effects):
551         (JSC::B3::Value::key):
552         (JSC::B3::Value::typeFor):
553         * b3/air/AirOpcode.opcodes:
554         * b3/testb3.cpp:
555         (JSC::B3::countLeadingZero):
556         (JSC::B3::testClzArg64):
557         (JSC::B3::testClzMem64):
558         (JSC::B3::testClzArg32):
559         (JSC::B3::testClzMem32):
560         (JSC::B3::doubleOperands):
561         (JSC::B3::run):
562         * ftl/FTLB3Output.h:
563         (JSC::FTL::Output::ctlz32):
564         * ftl/FTLLowerDFGToLLVM.cpp:
565         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithClz32):
566         * ftl/FTLOutput.h:
567         (JSC::FTL::Output::ctlz32):
568
569 2015-12-02  Mark Lam  <mark.lam@apple.com>
570
571         Polymorphic operand types for DFG and FTL mul.
572         https://bugs.webkit.org/show_bug.cgi?id=151746
573
574         Reviewed by Filip Pizlo.
575
576         Perf on benchmarks is neutral except for the newly added JSRegress ftl-object-mul
577         test which shows a 2.16x speed up on x86_64 FTL, 1.27x speed up on x86_64 DFG,
578         and 1.56x on x86 DFG. 
579
580         The speed up comes not from the mul operator itself, but from the fact that the
581         polymorphic operand types support now allow the test function to run without OSR
582         exiting, thereby realizing the DFG and FTL's speed up on other work that the test
583         function does.
584
585         This patch has passed the layout tests on x86_64 with a debug build.
586         It passed the JSC tests with x86 and x86_64 debug builds.
587
588         * dfg/DFGAbstractInterpreterInlines.h:
589         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
590         * dfg/DFGClobberize.h:
591         (JSC::DFG::clobberize):
592         * dfg/DFGFixupPhase.cpp:
593         (JSC::DFG::FixupPhase::fixupNode):
594         * dfg/DFGOperations.cpp:
595         * dfg/DFGOperations.h:
596         * dfg/DFGPredictionPropagationPhase.cpp:
597         (JSC::DFG::PredictionPropagationPhase::propagate):
598         * dfg/DFGSpeculativeJIT.cpp:
599         (JSC::DFG::SpeculativeJIT::compileArithMul):
600         * ftl/FTLCompile.cpp:
601         - Changed to call generateBinaryOpFastPath() instead now, and let it dispatch to
602           the appropriate snippet generator.
603
604         * ftl/FTLCompileBinaryOp.cpp:
605         (JSC::FTL::generateBinaryArithOpFastPath):
606         (JSC::FTL::generateBinaryOpFastPath):
607         (JSC::FTL::generateArithSubFastPath): Deleted.
608         (JSC::FTL::generateValueAddFastPath): Deleted.
609         - Refactored these functions to eliminate the need for copy-pasting every time
610           we add support for another binary arithmetic snippet.
611
612         * ftl/FTLCompileBinaryOp.h:
613         * ftl/FTLInlineCacheDescriptor.h:
614         * ftl/FTLInlineCacheDescriptorInlines.h:
615         (JSC::FTL::ArithMulDescriptor::ArithMulDescriptor):
616         (JSC::FTL::ArithMulDescriptor::icSize):
617         * ftl/FTLInlineCacheSize.cpp:
618         (JSC::FTL::sizeOfArithMul):
619         * ftl/FTLInlineCacheSize.h:
620         * ftl/FTLLowerDFGToLLVM.cpp:
621         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
622         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithMul):
623         * jit/JITMulGenerator.h:
624         (JSC::JITMulGenerator::JITMulGenerator):
625
626         * tests/stress/op_mul.js:
627         - Updated a test value: the interesting value for imminent overflow from an
628           int32 is 0x7fffffff, not 0x7ffffff.
629
630 2015-12-02  Joseph Pecoraro  <pecoraro@apple.com>
631
632         REGRESSION(r192753): Remote Web Inspector: Applications and Debuggables not showing up in debuggers
633         https://bugs.webkit.org/show_bug.cgi?id=151787
634
635         Reviewed by Brian Burg.
636
637         * inspector/remote/RemoteInspector.mm:
638         (Inspector::RemoteInspector::receivedIndicateMessage):
639         Removed lock that was unnecessarily added in r192753. It was
640         protecting nothing.
641
642 2015-12-02  Saam barati  <sbarati@apple.com>
643
644         Insert a FIXME comment FTLLazySlowPath.h to remind us to remove/refactor the ScratchRegisterAllocator field.
645
646         Rubber-stamped by Filip Pizlo.
647
648         * ftl/FTLLazySlowPath.h:
649
650 2015-12-02  Benjamin Poulain  <benjamin@webkit.org>
651
652         [JSC] Remove insertElement() from FTLB3Output
653         https://bugs.webkit.org/show_bug.cgi?id=151781
654
655         Reviewed by Sam Weinig.
656
657         * ftl/FTLB3Output.h:
658         (JSC::FTL::Output::insertElement): Deleted.
659         That's a LLVM concept.
660
661 2015-12-02  Benjamin Poulain  <bpoulain@apple.com>
662
663         [JSC] Remove stuffs related to alloca from FTLB3Output
664         https://bugs.webkit.org/show_bug.cgi?id=151780
665
666         Reviewed by Mark Lam.
667
668         We can use the Phis directly with B3 :)
669
670         * ftl/FTLB3Output.h:
671         (JSC::FTL::Output::alloca): Deleted.
672         (JSC::FTL::Output::get): Deleted.
673         (JSC::FTL::Output::set): Deleted.
674
675 2015-12-02  Benjamin Poulain  <benjamin@webkit.org>
676
677         [JSC] Add sin(), cos(), pow() and log() to B3
678         https://bugs.webkit.org/show_bug.cgi?id=151778
679
680         Reviewed by Geoffrey Garen.
681
682         * ftl/FTLB3Output.h:
683         (JSC::FTL::Output::doubleSin):
684         (JSC::FTL::Output::doubleCos):
685         (JSC::FTL::Output::doublePow):
686         (JSC::FTL::Output::doubleLog):
687         (JSC::FTL::Output::callWithoutSideEffects):
688
689 2015-12-02  Filip Pizlo  <fpizlo@apple.com>
690
691         Add a few obvious strength-reductions to Air
692         https://bugs.webkit.org/show_bug.cgi?id=151777
693
694         Reviewed by Mark Lam.
695
696         The absence of these optimizations was obnoxious.
697
698         * assembler/MacroAssemblerX86Common.h:
699         (JSC::MacroAssemblerX86Common::add32): lea 1(reg), reg -> add 1, reg.
700         * b3/air/AirGenerate.cpp:
701         (JSC::B3::Air::generate): Emit simpler prologue/epilogue if !frameSize.
702         * b3/air/AirOpcode.opcodes: We have matching for BranchMul32 with immediate, but we forgot to add the instruction form.
703         * jit/AssemblyHelpers.h: Support for the prologue/epilogue optimizations.
704         (JSC::AssemblyHelpers::emitFunctionPrologue):
705         (JSC::AssemblyHelpers::emitFunctionEpilogueWithEmptyFrame):
706         (JSC::AssemblyHelpers::emitFunctionEpilogue):
707
708 2015-12-02  Benjamin Poulain  <bpoulain@apple.com>
709
710         Update the interface added in r192967
711
712         * b3/B3CCallValue.h:
713         Filip prefers explicit effects.
714         * b3/testb3.cpp:
715         (JSC::B3::testCallSimplePure):
716
717 2015-12-02  Benjamin Poulain  <bpoulain@apple.com>
718
719         [JSC] Add a function attribute for Pure functions in B3
720         https://bugs.webkit.org/show_bug.cgi?id=151741
721
722         Reviewed by Geoffrey Garen.
723
724         We have plenty of functions without side effects
725         when lowering DFG.
726         This patch adds the "PureCall" flag to B3's CCall
727         to make sure those functions do not prevent optimizations.
728
729         * b3/B3CCallValue.h:
730         * b3/testb3.cpp:
731         (JSC::B3::testCallSimplePure):
732         (JSC::B3::run):
733
734 2015-12-02  Mark Lam  <mark.lam@apple.com>
735
736         Removed unnecessary #if USE(JSVALUE64).
737         https://bugs.webkit.org/show_bug.cgi?id=151733
738
739         Not reviewed.
740
741         * dfg/DFGClobberize.h:
742         (JSC::DFG::clobberize):
743
744 2015-12-02  Mark Lam  <mark.lam@apple.com>
745
746         Use the JITAddGenerator snippet in the FTL.
747         https://bugs.webkit.org/show_bug.cgi?id=151519
748
749         Reviewed by Geoffrey Garen.
750
751         One detail about how we choosing to handle operands to the binary snippets that
752         may be constant: the slow path call to a C++ function still needs the constant
753         operand loaded in a register.  To simplify things, we're choosing to always tell
754         LLVM to load the operands into registers even if they may be constant.  However,
755         even though a constant operand is preloaded in a register, the snippet generator
756         will not be made aware of it.  It will continue to load the constant as an
757         immediate.
758
759         * ftl/FTLCompile.cpp:
760         * ftl/FTLCompileBinaryOp.cpp:
761         (JSC::FTL::generateArithSubFastPath):
762         (JSC::FTL::generateValueAddFastPath):
763         - generateValueAddFastPath() currently is an exact copy of generateArithSubFastPath()
764           except that it uses JITAddGenerator instead of JITSubGenerator.  When we add
765           support for JITMulGenerator later, the code will start to vary.  We'll refactor
766           these functions then when we have more insight into what needs to vary between
767           the implementations.
768
769         * ftl/FTLCompileBinaryOp.h:
770         * ftl/FTLInlineCacheDescriptor.h:
771         * ftl/FTLInlineCacheDescriptorInlines.h:
772         (JSC::FTL::ValueAddDescriptor::ValueAddDescriptor):
773         (JSC::FTL::ValueAddDescriptor::icSize):
774         * ftl/FTLInlineCacheSize.cpp:
775         (JSC::FTL::sizeOfValueAdd):
776         * ftl/FTLInlineCacheSize.h:
777         * ftl/FTLLowerDFGToLLVM.cpp:
778         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
779         (JSC::FTL::DFG::LowerDFGToLLVM::compileValueAdd):
780
781 2015-12-02  Mark Lam  <mark.lam@apple.com>
782
783         Teach DFG that ArithSub can now clobber the heap (and other things).
784         https://bugs.webkit.org/show_bug.cgi?id=151733
785
786         Reviewed by Geoffrey Garen.
787
788         * dfg/DFGAbstractInterpreterInlines.h:
789         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
790         * dfg/DFGClobberize.h:
791         (JSC::DFG::clobberize):
792         * dfg/DFGPredictionPropagationPhase.cpp:
793         (JSC::DFG::PredictionPropagationPhase::propagate):
794
795 2015-12-02  Benjamin Poulain  <bpoulain@apple.com>
796
797         [JSC] Handle x86 partial register stalls in Air
798         https://bugs.webkit.org/show_bug.cgi?id=151735
799
800         Reviewed by Filip Pizlo.
801
802         This patch adds a primitive false-dependency breaking
803         algorithm to Air. We look for redefinition of the same
804         variable that is too close to a partial definition.
805
806         There is not explicit dependency tracking going on,
807         but it is pretty fast and the extra xorps added on false-positives
808         are cheap anyway.
809
810         Typically, partial register stalls appear from instructions
811         interfering with themselves in small loops. Something like:
812
813           Label0:
814             cvtsi2sdq %eax, %xmm0
815             ...
816             jmp Label0
817
818         Those are correctly detected by propagating the local distance
819         information from block to block until no unsafe chain is found.
820
821         The test testInt32ToDoublePartialRegisterStall() checks the kind
822         of cases we typically find from JavaScript.
823         The execution time is 20% faster with a register reset (which is
824         astounding since the very next instruction has a real dependency).
825
826         Future tweaks will be needed when we can run more JavaScript:
827         -Handle function calls differently.
828         -Anything with a special can have hidden instructions.
829          We need to take them into account.
830
831         * JavaScriptCore.xcodeproj/project.pbxproj:
832         * assembler/MacroAssemblerX86Common.h:
833         (JSC::MacroAssemblerX86Common::moveZeroToDouble):
834         * assembler/X86Assembler.h:
835         (JSC::X86Assembler::xorps_rr):
836         (JSC::X86Assembler::xorpd_rr):
837         According to the documentation, starting with Sandy Bridge,
838         registers reset can be done in the frontend with xorps.
839
840         * b3/B3IndexSet.h:
841         (JSC::B3::IndexSet::remove):
842         * b3/air/AirFixPartialRegisterStalls.cpp: Added.
843         (JSC::B3::Air::fixPartialRegisterStalls):
844         * b3/air/AirFixPartialRegisterStalls.h: Added.
845         * b3/air/AirGenerate.cpp:
846         (JSC::B3::Air::prepareForGeneration):
847         * b3/testb3.cpp:
848         (JSC::B3::testInt32ToDoublePartialRegisterStall):
849         (JSC::B3::run):
850         * jit/FPRInfo.h:
851
852 2015-12-01  Yusuke Suzuki  <utatane.tea@gmail.com>
853
854         [ES6] Implement LLInt/Baseline Support for ES6 Generators and enable this feature
855         https://bugs.webkit.org/show_bug.cgi?id=150792
856
857         Reviewed by Saam Barati.
858
859         This patch implements basic functionality of ES6 Generators in LLInt and Baseline tiers.
860         While the implementation has some inefficient part, the implementation covers edge cases.
861         Later, we will make this efficient.
862
863             https://bugs.webkit.org/show_bug.cgi?id=151545
864             https://bugs.webkit.org/show_bug.cgi?id=151546
865             https://bugs.webkit.org/show_bug.cgi?id=151547
866             https://bugs.webkit.org/show_bug.cgi?id=151552
867             https://bugs.webkit.org/show_bug.cgi?id=151560
868             https://bugs.webkit.org/show_bug.cgi?id=151586
869
870         To encourage DFG / FTL later, we take the following design.
871
872         1. Use switch_imm to jump to the save/resume points.
873
874         Instead of saving / restoring instruction pointer to resume from it, we use switch_imm to jump to the resume point.
875         This limits one entry point to a given generator function. This design makes inlining easy.
876         The generated code becomes the following.
877
878             function @generatorNext(@generator, @generatorState, @generatorValue, @generatorResumeMode)
879             {
880                 switch (@generatorState) {
881                 case Initial:
882                     ...
883                     initial sequence.
884                     ...
885
886
887                     op_save(Yield_0);  // op_save contains *virtual* jump to Yield_0.
888                                        // CFG shows a jump edge to Yield_0 point, but it won't be actually used.
889                     return ...;
890
891                 case Yield_0:
892                     op_resume();
893                     if (@generatorResumeMode == Throw)
894                         ...
895                     else if (@generatorResumeMode == Return)
896                         ...
897                     ...
898                     // sentValue is a value sent from a caller by `generator.next(sentValue)`.
899                     sentValue = @generatorValue;
900                     ...
901                     op_save(Yield_1);
902                     return ...;
903
904                 case Yield_1:
905                     op_resume();
906                     if (@generatorResumeMode == Throw)
907                         ...
908                     else if (@generatorResumeMode == Return)
909                         ...
910                     ...
911                     sentValue = @generatorValue;
912                     ...
913
914                 ...
915                 }
916             }
917
918             Resume sequence should not be emitted per yield.
919             This should be done in https://bugs.webkit.org/show_bug.cgi?id=151552.
920
921         2. Store live frame registers to GeneratorFrame
922
923         To save and resume generator's state, we save all the live registers in GeneratorFrame.
924         And when resuming, we refill registers with saved ones.
925         Since saved register contains scope register, |this| etc., the environment including the scope chain will be recovered automatically.
926         While saving and resuming callee registers, we don't save parameter registers.
927         These registers will be used to control generator's resume behavior.
928
929         We perform BytecodeLivenessAnalysis in CodeBlock to determine actually *def*ined registers at that resume point.
930
931         3. GeneratorFunction will evaluate parameters before generating Generator
932
933         Generator's parameter should be evaluated before entering Generator's body. For example,
934
935             function hello() { ... }
936             function *gen(a, b = hello())
937             {
938                 yield b;
939             }
940             let g = gen(20);  // Now, hello should be called.
941
942         To enable this, we evaluate parameters in GeneratorFunction, and after that, we create a Generator and return it.
943         This can be explained by the following pseudo code.
944
945             function *gen(a, b = hello())
946             {
947                 // This is generator.
948                 return {
949                     @generatorNext: function (@generator, @generatorState, @generatorValue, @generatorResumeMode)
950                     {
951                         ...
952                     }
953                 }
954             }
955
956         4. op_save seems similar to conditional jump
957
958         We won't jump to elsewhere from op_save actually. But we add a *virtual* jump edge (flow) from op_save to the point so called *merge point*.
959         We construct the CFG as follows,
960
961             (global generator switch) -> (initial sequence) -> (op_save) ----+-> (merge point) -> (next sequence)*
962                    |                                              |          |
963                    |                                              v          |
964                    |                                           (op_ret)      |
965                    |                                                         |
966                    +------------------------------------------->(op_resume)--+
967
968         By constructing such a graph,
969
970             1. Since we have a flow from (op_save) to (merge point), at merge point, we can *use* locals that are defined before (op_save)
971             2. op_save should claim that it does not define anything. And claim that it *use*s locals that are used in (merge point).
972             3. at op_resume, we see *use*d locals at merge point and define all of them.
973
974         We can do the above things in use-def analysis because use-def analysis is backward analysis.
975         And after analyzing use-def chains, in op_save / op_resume, we only save / resume live registers at the head of merge point.
976
977         * API/JSScriptRef.cpp:
978         (parseScript):
979         * CMakeLists.txt:
980         * Configurations/FeatureDefines.xcconfig:
981         * DerivedSources.make:
982         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
983         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
984         * JavaScriptCore.xcodeproj/project.pbxproj:
985         * builtins/BuiltinExecutables.cpp:
986         (JSC::createExecutableInternal):
987         * builtins/GeneratorPrototype.js: Added.
988         (generatorResume):
989         (next):
990         (return):
991         (throw):
992         * bytecode/BytecodeBasicBlock.cpp:
993         (JSC::isBranch):
994         * bytecode/BytecodeList.json:
995         * bytecode/BytecodeLivenessAnalysis.cpp:
996         (JSC::stepOverInstruction):
997         (JSC::computeLocalLivenessForBytecodeOffset):
998         (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
999         (JSC::BytecodeLivenessAnalysis::computeFullLiveness):
1000         (JSC::BytecodeLivenessAnalysis::computeKills):
1001         * bytecode/BytecodeUseDef.h:
1002         (JSC::computeUsesForBytecodeOffset):
1003         (JSC::computeDefsForBytecodeOffset):
1004         * bytecode/CodeBlock.cpp:
1005         (JSC::CodeBlock::dumpBytecode):
1006         (JSC::CodeBlock::CodeBlock):
1007         (JSC::CodeBlock::finishCreation):
1008         (JSC::CodeBlock::shrinkToFit):
1009         (JSC::CodeBlock::validate):
1010         * bytecode/CodeBlock.h:
1011         (JSC::CodeBlock::numCalleeLocals):
1012         (JSC::CodeBlock::liveCalleeLocalsAtYield):
1013         * bytecode/EvalCodeCache.h:
1014         (JSC::EvalCodeCache::tryGet):
1015         (JSC::EvalCodeCache::getSlow):
1016         (JSC::EvalCodeCache::isCacheable):
1017         * bytecode/ExecutableInfo.h:
1018         (JSC::ExecutableInfo::ExecutableInfo):
1019         (JSC::ExecutableInfo::generatorThisMode):
1020         (JSC::ExecutableInfo::superBinding):
1021         (JSC::ExecutableInfo::parseMode):
1022         (JSC::ExecutableInfo::isArrowFunction): Deleted.
1023         * bytecode/PreciseJumpTargets.cpp:
1024         (JSC::getJumpTargetsForBytecodeOffset):
1025         * bytecode/UnlinkedCodeBlock.cpp:
1026         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1027         * bytecode/UnlinkedCodeBlock.h:
1028         (JSC::UnlinkedCodeBlock::parseMode):
1029         (JSC::UnlinkedCodeBlock::generatorThisMode):
1030         (JSC::UnlinkedCodeBlock::superBinding):
1031         (JSC::UnlinkedCodeBlock::isArrowFunction): Deleted.
1032         * bytecode/UnlinkedFunctionExecutable.cpp:
1033         (JSC::generateUnlinkedFunctionCodeBlock):
1034         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1035         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
1036         * bytecode/UnlinkedFunctionExecutable.h:
1037         * bytecompiler/BytecodeGenerator.cpp:
1038         (JSC::BytecodeGenerator::BytecodeGenerator):
1039         (JSC::BytecodeGenerator::initializeParameters):
1040         (JSC::BytecodeGenerator::newRegister):
1041         (JSC::BytecodeGenerator::reclaimFreeRegisters):
1042         (JSC::BytecodeGenerator::createVariable):
1043         (JSC::BytecodeGenerator::emitCreateThis):
1044         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1045         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1046         (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
1047         (JSC::BytecodeGenerator::emitNewFunction):
1048         (JSC::BytecodeGenerator::emitIteratorNextWithValue):
1049         (JSC::BytecodeGenerator::emitYieldPoint):
1050         (JSC::BytecodeGenerator::emitSave):
1051         (JSC::BytecodeGenerator::emitResume):
1052         (JSC::BytecodeGenerator::emitYield):
1053         (JSC::BytecodeGenerator::emitDelegateYield):
1054         (JSC::BytecodeGenerator::emitGeneratorStateChange):
1055         (JSC::BytecodeGenerator::emitGeneratorStateLabel):
1056         (JSC::BytecodeGenerator::beginGenerator):
1057         (JSC::BytecodeGenerator::endGenerator):
1058         (JSC::BytecodeGenerator::emitNewFunctionInternal): Deleted.
1059         (JSC::BytecodeGenerator::emitNewFunctionCommon): Deleted.
1060         * bytecompiler/BytecodeGenerator.h:
1061         (JSC::BytecodeGenerator::generatorThisMode):
1062         (JSC::BytecodeGenerator::superBinding):
1063         (JSC::BytecodeGenerator::generatorRegister):
1064         (JSC::BytecodeGenerator::generatorStateRegister):
1065         (JSC::BytecodeGenerator::generatorValueRegister):
1066         (JSC::BytecodeGenerator::generatorResumeModeRegister):
1067         (JSC::BytecodeGenerator::parseMode):
1068         (JSC::BytecodeGenerator::registerFor):
1069         (JSC::BytecodeGenerator::makeFunction):
1070         * bytecompiler/NodesCodegen.cpp:
1071         (JSC::ThisNode::emitBytecode):
1072         (JSC::emitHomeObjectForCallee):
1073         (JSC::emitSuperBaseForCallee):
1074         (JSC::ReturnNode::emitBytecode):
1075         (JSC::FunctionNode::emitBytecode):
1076         (JSC::YieldExprNode::emitBytecode):
1077         * dfg/DFGByteCodeParser.cpp:
1078         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1079         (JSC::DFG::ByteCodeParser::inlineCall):
1080         (JSC::DFG::ByteCodeParser::handleGetById):
1081         (JSC::DFG::ByteCodeParser::handlePutById):
1082         * dfg/DFGForAllKills.h:
1083         (JSC::DFG::forAllKilledOperands):
1084         * dfg/DFGGraph.h:
1085         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
1086         * dfg/DFGOSREntrypointCreationPhase.cpp:
1087         (JSC::DFG::OSREntrypointCreationPhase::run):
1088         * dfg/DFGVariableEventStream.cpp:
1089         (JSC::DFG::VariableEventStream::reconstruct):
1090         * ftl/FTLForOSREntryJITCode.cpp:
1091         (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
1092         * ftl/FTLForOSREntryJITCode.h:
1093         * ftl/FTLOSREntry.cpp:
1094         (JSC::FTL::prepareOSREntry):
1095         * ftl/FTLState.cpp:
1096         (JSC::FTL::State::State):
1097         * heap/MarkedBlock.h:
1098         (JSC::MarkedBlock::isAtom):
1099         (JSC::MarkedBlock::isLiveCell):
1100         * interpreter/Interpreter.cpp:
1101         (JSC::eval):
1102         (JSC::Interpreter::dumpRegisters):
1103         * jit/JIT.cpp:
1104         (JSC::JIT::privateCompileMainPass):
1105         (JSC::JIT::frameRegisterCountFor):
1106         * jit/JIT.h:
1107         * jit/JITOpcodes.cpp:
1108         (JSC::JIT::emitNewFuncCommon):
1109         (JSC::JIT::emit_op_new_func):
1110         (JSC::JIT::emit_op_new_generator_func):
1111         (JSC::JIT::emitNewFuncExprCommon):
1112         (JSC::JIT::emit_op_new_func_exp):
1113         (JSC::JIT::emit_op_new_generator_func_exp):
1114         (JSC::JIT::emit_op_save):
1115         (JSC::JIT::emit_op_resume):
1116         * jit/JITOperations.cpp:
1117         (JSC::operationNewFunctionCommon):
1118         * jit/JITOperations.h:
1119         * llint/LLIntEntrypoint.cpp:
1120         (JSC::LLInt::frameRegisterCountFor):
1121         * llint/LLIntSlowPaths.cpp:
1122         (JSC::LLInt::traceFunctionPrologue):
1123         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1124         * llint/LLIntSlowPaths.h:
1125         * llint/LowLevelInterpreter.asm:
1126         * parser/ASTBuilder.h:
1127         (JSC::ASTBuilder::createYield):
1128         (JSC::ASTBuilder::createFunctionMetadata):
1129         (JSC::ASTBuilder::propagateArgumentsUse):
1130         * parser/Nodes.cpp:
1131         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1132         * parser/Nodes.h:
1133         * parser/Parser.cpp:
1134         (JSC::Parser<LexerType>::Parser):
1135         (JSC::Parser<LexerType>::parseInner):
1136         (JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
1137         (JSC::Parser<LexerType>::parseFunctionBody):
1138         (JSC::stringForFunctionMode):
1139         (JSC::Parser<LexerType>::createGeneratorParameters):
1140         (JSC::Parser<LexerType>::parseFunctionInfo):
1141         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1142         (JSC::Parser<LexerType>::parseClass):
1143         (JSC::Parser<LexerType>::parseAssignmentExpression):
1144         (JSC::Parser<LexerType>::parseYieldExpression):
1145         (JSC::Parser<LexerType>::parsePropertyMethod):
1146         (JSC::Parser<LexerType>::parseFunctionExpression):
1147         * parser/Parser.h:
1148         (JSC::Scope::Scope):
1149         (JSC::Scope::setSourceParseMode):
1150         (JSC::Scope::hasArguments):
1151         (JSC::Scope::collectFreeVariables):
1152         (JSC::Scope::setIsFunction):
1153         (JSC::Scope::setIsGeneratorFunction):
1154         (JSC::Scope::setIsGenerator):
1155         (JSC::parse):
1156         * parser/ParserModes.h:
1157         (JSC::isFunctionParseMode):
1158         (JSC::isModuleParseMode):
1159         (JSC::isProgramParseMode):
1160         * parser/SourceCodeKey.h: Added.
1161         (JSC::SourceCodeKey::SourceCodeKey):
1162         (JSC::SourceCodeKey::isHashTableDeletedValue):
1163         (JSC::SourceCodeKey::hash):
1164         (JSC::SourceCodeKey::length):
1165         (JSC::SourceCodeKey::isNull):
1166         (JSC::SourceCodeKey::string):
1167         (JSC::SourceCodeKey::operator==):
1168         (JSC::SourceCodeKeyHash::hash):
1169         (JSC::SourceCodeKeyHash::equal):
1170         (JSC::SourceCodeKeyHashTraits::isEmptyValue):
1171         * parser/SyntaxChecker.h:
1172         (JSC::SyntaxChecker::createYield):
1173         (JSC::SyntaxChecker::createFunctionMetadata):
1174         (JSC::SyntaxChecker::operatorStackPop):
1175         * runtime/CodeCache.cpp:
1176         (JSC::CodeCache::getGlobalCodeBlock):
1177         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1178         * runtime/CodeCache.h:
1179         (JSC::SourceCodeKey::SourceCodeKey): Deleted.
1180         (JSC::SourceCodeKey::isHashTableDeletedValue): Deleted.
1181         (JSC::SourceCodeKey::hash): Deleted.
1182         (JSC::SourceCodeKey::length): Deleted.
1183         (JSC::SourceCodeKey::isNull): Deleted.
1184         (JSC::SourceCodeKey::string): Deleted.
1185         (JSC::SourceCodeKey::operator==): Deleted.
1186         (JSC::SourceCodeKeyHash::hash): Deleted.
1187         (JSC::SourceCodeKeyHash::equal): Deleted.
1188         (JSC::SourceCodeKeyHashTraits::isEmptyValue): Deleted.
1189         * runtime/CommonIdentifiers.h:
1190         * runtime/CommonSlowPaths.cpp:
1191         (JSC::SLOW_PATH_DECL):
1192         * runtime/CommonSlowPaths.h:
1193         * runtime/Completion.cpp:
1194         (JSC::checkSyntax):
1195         (JSC::checkModuleSyntax):
1196         * runtime/Executable.cpp:
1197         (JSC::ScriptExecutable::newCodeBlockFor):
1198         (JSC::ProgramExecutable::checkSyntax):
1199         * runtime/Executable.h:
1200         * runtime/FunctionConstructor.cpp:
1201         (JSC::constructFunction):
1202         (JSC::constructFunctionSkippingEvalEnabledCheck):
1203         * runtime/FunctionConstructor.h:
1204         * runtime/GeneratorFrame.cpp: Added.
1205         (JSC::GeneratorFrame::GeneratorFrame):
1206         (JSC::GeneratorFrame::finishCreation):
1207         (JSC::GeneratorFrame::createStructure):
1208         (JSC::GeneratorFrame::create):
1209         (JSC::GeneratorFrame::save):
1210         (JSC::GeneratorFrame::resume):
1211         (JSC::GeneratorFrame::visitChildren):
1212         * runtime/GeneratorFrame.h: Added.
1213         (JSC::GeneratorFrame::locals):
1214         (JSC::GeneratorFrame::localAt):
1215         (JSC::GeneratorFrame::offsetOfLocals):
1216         (JSC::GeneratorFrame::allocationSizeForLocals):
1217         * runtime/GeneratorFunctionConstructor.cpp: Added.
1218         (JSC::GeneratorFunctionConstructor::GeneratorFunctionConstructor):
1219         (JSC::GeneratorFunctionConstructor::finishCreation):
1220         (JSC::callGeneratorFunctionConstructor):
1221         (JSC::constructGeneratorFunctionConstructor):
1222         (JSC::GeneratorFunctionConstructor::getCallData):
1223         (JSC::GeneratorFunctionConstructor::getConstructData):
1224         * runtime/GeneratorFunctionConstructor.h: Added.
1225         (JSC::GeneratorFunctionConstructor::create):
1226         (JSC::GeneratorFunctionConstructor::createStructure):
1227         * runtime/GeneratorFunctionPrototype.cpp: Added.
1228         (JSC::GeneratorFunctionPrototype::GeneratorFunctionPrototype):
1229         (JSC::GeneratorFunctionPrototype::finishCreation):
1230         * runtime/GeneratorFunctionPrototype.h: Added.
1231         (JSC::GeneratorFunctionPrototype::create):
1232         (JSC::GeneratorFunctionPrototype::createStructure):
1233         * runtime/GeneratorPrototype.cpp: Copied from Source/JavaScriptCore/ftl/FTLForOSREntryJITCode.cpp.
1234         (JSC::GeneratorPrototype::finishCreation):
1235         (JSC::GeneratorPrototype::getOwnPropertySlot):
1236         * runtime/GeneratorPrototype.h: Copied from Source/JavaScriptCore/ftl/FTLForOSREntryJITCode.cpp.
1237         (JSC::GeneratorPrototype::create):
1238         (JSC::GeneratorPrototype::createStructure):
1239         (JSC::GeneratorPrototype::GeneratorPrototype):
1240         * runtime/GeneratorThisMode.h: Added.
1241         * runtime/JSFunction.cpp:
1242         (JSC::JSFunction::getOwnPropertySlot):
1243         * runtime/JSGeneratorFunction.cpp: Added.
1244         (JSC::JSGeneratorFunction::JSGeneratorFunction):
1245         (JSC::JSGeneratorFunction::createImpl):
1246         (JSC::JSGeneratorFunction::create):
1247         (JSC::JSGeneratorFunction::createWithInvalidatedReallocationWatchpoint):
1248         * runtime/JSGeneratorFunction.h: Added.
1249         (JSC::JSGeneratorFunction::allocationSize):
1250         (JSC::JSGeneratorFunction::createStructure):
1251         * runtime/JSGlobalObject.cpp:
1252         (JSC::JSGlobalObject::init):
1253         (JSC::JSGlobalObject::visitChildren):
1254         * runtime/JSGlobalObject.h:
1255         (JSC::JSGlobalObject::generatorFunctionPrototype):
1256         (JSC::JSGlobalObject::generatorPrototype):
1257         (JSC::JSGlobalObject::generatorFunctionStructure):
1258         * runtime/ModuleLoaderObject.cpp:
1259         (JSC::moduleLoaderObjectParseModule):
1260         * runtime/VM.cpp:
1261         (JSC::VM::VM):
1262         * runtime/VM.h:
1263         * tests/es6.yaml:
1264         * tests/es6/generators_yield_star_generic_iterables.js:
1265         (iterator.next):
1266         (iterable.Symbol.iterator):
1267         (__createIterableObject):
1268         * tests/es6/generators_yield_star_instances_of_iterables.js:
1269         (iterator.next):
1270         (iterable.Symbol.iterator):
1271         (__createIterableObject):
1272         * tests/es6/generators_yield_star_iterator_closing.js:
1273         (iterator.next):
1274         (iterable.Symbol.iterator):
1275         (__createIterableObject):
1276         * tests/es6/generators_yield_star_iterator_closing_via_throw.js:
1277         (iterator.next):
1278         (iterable.Symbol.iterator):
1279         (__createIterableObject):
1280         * tests/stress/generator-arguments-from-function.js: Added.
1281         (shouldBe):
1282         (test):
1283         * tests/stress/generator-arguments.js: Added.
1284         (shouldBe):
1285         (g1):
1286         * tests/stress/generator-class-methods-syntax.js: Added.
1287         (testSyntax):
1288         (testSyntaxError):
1289         (testSyntaxError.Cocoa):
1290         (testSyntax.Cocoa.prototype.ok):
1291         (testSyntax.Cocoa):
1292         (testSyntax.Cocoa.ok):
1293         * tests/stress/generator-class-methods.js: Added.
1294         (shouldBe):
1295         (prototype.gen):
1296         (staticGen):
1297         (shouldBe.g.next):
1298         * tests/stress/generator-eval-this.js: Added.
1299         (shouldBe):
1300         (shouldThrow):
1301         (B):
1302         (A):
1303         (C.prototype.generator):
1304         (C):
1305         (TypeError):
1306         * tests/stress/generator-function-constructor.js: Added.
1307         (shouldBe):
1308         (generatorFunctionConstructor):
1309         * tests/stress/generator-function-name.js: Added.
1310         (shouldBe):
1311         (ok):
1312         * tests/stress/generator-methods-with-non-generator.js: Added.
1313         (shouldThrow):
1314         * tests/stress/generator-relations.js: Added.
1315         (shouldBe):
1316         (generatorFunction):
1317         * tests/stress/generator-return-before-first-call.js: Added.
1318         (shouldBe):
1319         (shouldBeIteratorResult):
1320         * tests/stress/generator-return.js: Added.
1321         (shouldBe):
1322         (shouldBeIteratorResult):
1323         * tests/stress/generator-this.js: Added.
1324         (shouldBe):
1325         (shouldThrow):
1326         (gen):
1327         (shouldBe.g.next):
1328         * tests/stress/generator-throw-before-first-call.js: Added.
1329         (unreachable):
1330         (gen):
1331         (catch):
1332         * tests/stress/generator-throw.js: Added.
1333         (shouldBe):
1334         (shouldBeIteratorResult):
1335         * tests/stress/generator-with-new-target.js: Added.
1336         (shouldBe):
1337         (gen):
1338         * tests/stress/generator-with-super.js: Added.
1339         (shouldThrow):
1340         (test):
1341         (B.prototype.gen):
1342         (B):
1343         (A.prototype.gen):
1344         (A):
1345         * tests/stress/generator-yield-star.js: Added.
1346         (shouldBe):
1347         (shouldThrow):
1348         (prototype.call):
1349         (Arrays):
1350         (Arrays.prototype.Symbol.iterator):
1351         (Iterator.prototype.next):
1352         (Iterator.prototype.string_appeared_here):
1353         (Iterator.prototype.Symbol.iterator):
1354         (Iterator):
1355         (gen):
1356
1357 2015-12-01  Commit Queue  <commit-queue@webkit.org>
1358
1359         Unreviewed, rolling out r192914.
1360         https://bugs.webkit.org/show_bug.cgi?id=151734
1361
1362         JSC tests for this change are failing on 32 and 64-bit bots
1363         (Requested by ryanhaddad on #webkit).
1364
1365         Reverted changeset:
1366
1367         "[ES6] Implement LLInt/Baseline Support for ES6 Generators and
1368         enable this feature"
1369         https://bugs.webkit.org/show_bug.cgi?id=150792
1370         http://trac.webkit.org/changeset/192914
1371
1372 2015-12-01  Caitlin Potter  <caitpotter88@gmail.com>
1373
1374         [JSC] support CoverInitializedName in nested AssignmentPatterns
1375         https://bugs.webkit.org/show_bug.cgi?id=151595
1376
1377         Reviewed by Geoffrey Garen.
1378
1379         A regression introduced in bug https://bugs.webkit.org/show_bug.cgi?id=151026
1380         causes the parser to fail when attempting to parse nested
1381         ObjectAssignmentPatterns with CoverInitializedName destructuring targets.
1382
1383         * parser/Parser.cpp:
1384         (JSC::Parser<LexerType>::parseAssignmentExpressionOrPropagateErrorClass):
1385         (JSC::Parser<LexerType>::parseAssignmentExpression):
1386         (JSC::Parser<LexerType>::parseProperty):
1387         (JSC::Parser<LexerType>::parseArrayLiteral):
1388         * parser/Parser.h:
1389         (JSC::Parser::ExpressionErrorClassifier::propagateExpressionErrorClass):
1390         * tests/es6.yaml:
1391         * tests/es6/destructuring_assignment_nested_cover_initialized_name.js: Added.
1392         (test1):
1393         (test2):
1394
1395 2015-12-01  Juergen Ributzka  <juergen@apple.com>
1396
1397         Add new library dependency for LLVMForJavaScriptCore dylib
1398         https://bugs.webkit.org/show_bug.cgi?id=151687
1399         
1400         Changes on open source LLVM added a new dependency to libLLVMInstrumentation.a.
1401         Adding this dependency should be backwards compatible, since LLVM has built and
1402         shipped this library even before the creation of FTL.
1403
1404         Reviewed by Geoffrey Garen.
1405
1406         * Configurations/LLVMForJSC.xcconfig:
1407
1408 2015-12-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1409
1410         [ES6] Implement LLInt/Baseline Support for ES6 Generators and enable this feature
1411         https://bugs.webkit.org/show_bug.cgi?id=150792
1412
1413         Reviewed by Saam Barati.
1414
1415         This patch implements basic functionality of ES6 Generators in LLInt and Baseline tiers.
1416         While the implementation has some inefficient part, the implementation covers edge cases.
1417         Later, we will make this efficient.
1418
1419             https://bugs.webkit.org/show_bug.cgi?id=151545
1420             https://bugs.webkit.org/show_bug.cgi?id=151546
1421             https://bugs.webkit.org/show_bug.cgi?id=151547
1422             https://bugs.webkit.org/show_bug.cgi?id=151552
1423             https://bugs.webkit.org/show_bug.cgi?id=151560
1424             https://bugs.webkit.org/show_bug.cgi?id=151586
1425
1426         To encourage DFG / FTL later, we take the following design.
1427
1428         1. Use switch_imm to jump to the save/resume points.
1429
1430         Instead of saving / restoring instruction pointer to resume from it, we use switch_imm to jump to the resume point.
1431         This limits one entry point to a given generator function. This design makes inlining easy.
1432         The generated code becomes the following.
1433
1434             function @generatorNext(@generator, @generatorState, @generatorValue, @generatorResumeMode)
1435             {
1436                 switch (@generatorState) {
1437                 case Initial:
1438                     ...
1439                     initial sequence.
1440                     ...
1441
1442
1443                     op_save(Yield_0);  // op_save contains *virtual* jump to Yield_0.
1444                                        // CFG shows a jump edge to Yield_0 point, but it won't be actually used.
1445                     return ...;
1446
1447                 case Yield_0:
1448                     op_resume();
1449                     if (@generatorResumeMode == Throw)
1450                         ...
1451                     else if (@generatorResumeMode == Return)
1452                         ...
1453                     ...
1454                     // sentValue is a value sent from a caller by `generator.next(sentValue)`.
1455                     sentValue = @generatorValue;
1456                     ...
1457                     op_save(Yield_1);
1458                     return ...;
1459
1460                 case Yield_1:
1461                     op_resume();
1462                     if (@generatorResumeMode == Throw)
1463                         ...
1464                     else if (@generatorResumeMode == Return)
1465                         ...
1466                     ...
1467                     sentValue = @generatorValue;
1468                     ...
1469
1470                 ...
1471                 }
1472             }
1473
1474             Resume sequence should not be emitted per yield.
1475             This should be done in https://bugs.webkit.org/show_bug.cgi?id=151552.
1476
1477         2. Store live frame registers to GeneratorFrame
1478
1479         To save and resume generator's state, we save all the live registers in GeneratorFrame.
1480         And when resuming, we refill registers with saved ones.
1481         Since saved register contains scope register, |this| etc., the environment including the scope chain will be recovered automatically.
1482         While saving and resuming callee registers, we don't save parameter registers.
1483         These registers will be used to control generator's resume behavior.
1484
1485         We perform BytecodeLivenessAnalysis in CodeBlock to determine actually *def*ined registers at that resume point.
1486
1487         3. GeneratorFunction will evaluate parameters before generating Generator
1488
1489         Generator's parameter should be evaluated before entering Generator's body. For example,
1490
1491             function hello() { ... }
1492             function *gen(a, b = hello())
1493             {
1494                 yield b;
1495             }
1496             let g = gen(20);  // Now, hello should be called.
1497
1498         To enable this, we evaluate parameters in GeneratorFunction, and after that, we create a Generator and return it.
1499         This can be explained by the following pseudo code.
1500
1501             function *gen(a, b = hello())
1502             {
1503                 // This is generator.
1504                 return {
1505                     @generatorNext: function (@generator, @generatorState, @generatorValue, @generatorResumeMode)
1506                     {
1507                         ...
1508                     }
1509                 }
1510             }
1511
1512         4. op_save seems similar to conditional jump
1513
1514         We won't jump to elsewhere from op_save actually. But we add a *virtual* jump edge (flow) from op_save to the point so called *merge point*.
1515         We construct the CFG as follows,
1516
1517             (global generator switch) -> (initial sequence) -> (op_save) ----+-> (merge point) -> (next sequence)*
1518                    |                                              |          |
1519                    |                                              v          |
1520                    |                                           (op_ret)      |
1521                    |                                                         |
1522                    +------------------------------------------->(op_resume)--+
1523
1524         By constructing such a graph,
1525
1526             1. Since we have a flow from (op_save) to (merge point), at merge point, we can *use* locals that are defined before (op_save)
1527             2. op_save should claim that it does not define anything. And claim that it *use*s locals that are used in (merge point).
1528             3. at op_resume, we see *use*d locals at merge point and define all of them.
1529
1530         We can do the above things in use-def analysis because use-def analysis is backward analysis.
1531         And after analyzing use-def chains, in op_save / op_resume, we only save / resume live registers at the head of merge point.
1532
1533         * API/JSScriptRef.cpp:
1534         (parseScript):
1535         * CMakeLists.txt:
1536         * Configurations/FeatureDefines.xcconfig:
1537         * DerivedSources.make:
1538         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1539         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1540         * JavaScriptCore.xcodeproj/project.pbxproj:
1541         * builtins/BuiltinExecutables.cpp:
1542         (JSC::createExecutableInternal):
1543         * builtins/GeneratorPrototype.js: Added.
1544         (generatorResume):
1545         (next):
1546         (return):
1547         (throw):
1548         * bytecode/BytecodeBasicBlock.cpp:
1549         (JSC::isBranch):
1550         * bytecode/BytecodeList.json:
1551         * bytecode/BytecodeLivenessAnalysis.cpp:
1552         (JSC::stepOverInstruction):
1553         (JSC::computeLocalLivenessForBytecodeOffset):
1554         (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
1555         (JSC::BytecodeLivenessAnalysis::computeFullLiveness):
1556         (JSC::BytecodeLivenessAnalysis::computeKills):
1557         * bytecode/BytecodeUseDef.h:
1558         (JSC::computeUsesForBytecodeOffset):
1559         (JSC::computeDefsForBytecodeOffset):
1560         * bytecode/CodeBlock.cpp:
1561         (JSC::CodeBlock::dumpBytecode):
1562         (JSC::CodeBlock::CodeBlock):
1563         (JSC::CodeBlock::finishCreation):
1564         (JSC::CodeBlock::shrinkToFit):
1565         (JSC::CodeBlock::validate):
1566         * bytecode/CodeBlock.h:
1567         (JSC::CodeBlock::numCalleeLocals):
1568         (JSC::CodeBlock::liveCalleeLocalsAtYield):
1569         * bytecode/EvalCodeCache.h:
1570         (JSC::EvalCodeCache::tryGet):
1571         (JSC::EvalCodeCache::getSlow):
1572         (JSC::EvalCodeCache::isCacheable):
1573         * bytecode/ExecutableInfo.h:
1574         (JSC::ExecutableInfo::ExecutableInfo):
1575         (JSC::ExecutableInfo::generatorThisMode):
1576         (JSC::ExecutableInfo::superBinding):
1577         (JSC::ExecutableInfo::parseMode):
1578         (JSC::ExecutableInfo::isArrowFunction): Deleted.
1579         * bytecode/PreciseJumpTargets.cpp:
1580         (JSC::getJumpTargetsForBytecodeOffset):
1581         * bytecode/UnlinkedCodeBlock.cpp:
1582         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1583         * bytecode/UnlinkedCodeBlock.h:
1584         (JSC::UnlinkedCodeBlock::parseMode):
1585         (JSC::UnlinkedCodeBlock::generatorThisMode):
1586         (JSC::UnlinkedCodeBlock::superBinding):
1587         (JSC::UnlinkedCodeBlock::isArrowFunction): Deleted.
1588         * bytecode/UnlinkedFunctionExecutable.cpp:
1589         (JSC::generateUnlinkedFunctionCodeBlock):
1590         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1591         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
1592         * bytecode/UnlinkedFunctionExecutable.h:
1593         * bytecompiler/BytecodeGenerator.cpp:
1594         (JSC::BytecodeGenerator::BytecodeGenerator):
1595         (JSC::BytecodeGenerator::initializeParameters):
1596         (JSC::BytecodeGenerator::newRegister):
1597         (JSC::BytecodeGenerator::reclaimFreeRegisters):
1598         (JSC::BytecodeGenerator::createVariable):
1599         (JSC::BytecodeGenerator::emitCreateThis):
1600         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1601         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1602         (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
1603         (JSC::BytecodeGenerator::emitNewFunction):
1604         (JSC::BytecodeGenerator::emitIteratorNextWithValue):
1605         (JSC::BytecodeGenerator::emitYieldPoint):
1606         (JSC::BytecodeGenerator::emitSave):
1607         (JSC::BytecodeGenerator::emitResume):
1608         (JSC::BytecodeGenerator::emitYield):
1609         (JSC::BytecodeGenerator::emitDelegateYield):
1610         (JSC::BytecodeGenerator::emitGeneratorStateChange):
1611         (JSC::BytecodeGenerator::emitGeneratorStateLabel):
1612         (JSC::BytecodeGenerator::beginGenerator):
1613         (JSC::BytecodeGenerator::endGenerator):
1614         (JSC::BytecodeGenerator::emitNewFunctionInternal): Deleted.
1615         (JSC::BytecodeGenerator::emitNewFunctionCommon): Deleted.
1616         * bytecompiler/BytecodeGenerator.h:
1617         (JSC::BytecodeGenerator::generatorThisMode):
1618         (JSC::BytecodeGenerator::superBinding):
1619         (JSC::BytecodeGenerator::generatorRegister):
1620         (JSC::BytecodeGenerator::generatorStateRegister):
1621         (JSC::BytecodeGenerator::generatorValueRegister):
1622         (JSC::BytecodeGenerator::generatorResumeModeRegister):
1623         (JSC::BytecodeGenerator::parseMode):
1624         (JSC::BytecodeGenerator::registerFor):
1625         (JSC::BytecodeGenerator::makeFunction):
1626         * bytecompiler/NodesCodegen.cpp:
1627         (JSC::ThisNode::emitBytecode):
1628         (JSC::emitHomeObjectForCallee):
1629         (JSC::emitSuperBaseForCallee):
1630         (JSC::ReturnNode::emitBytecode):
1631         (JSC::FunctionNode::emitBytecode):
1632         (JSC::YieldExprNode::emitBytecode):
1633         * dfg/DFGByteCodeParser.cpp:
1634         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1635         (JSC::DFG::ByteCodeParser::inlineCall):
1636         (JSC::DFG::ByteCodeParser::handleGetById):
1637         (JSC::DFG::ByteCodeParser::handlePutById):
1638         * dfg/DFGForAllKills.h:
1639         (JSC::DFG::forAllKilledOperands):
1640         * dfg/DFGGraph.h:
1641         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
1642         * dfg/DFGOSREntrypointCreationPhase.cpp:
1643         (JSC::DFG::OSREntrypointCreationPhase::run):
1644         * dfg/DFGVariableEventStream.cpp:
1645         (JSC::DFG::VariableEventStream::reconstruct):
1646         * ftl/FTLForOSREntryJITCode.cpp:
1647         (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
1648         * ftl/FTLForOSREntryJITCode.h:
1649         * ftl/FTLOSREntry.cpp:
1650         (JSC::FTL::prepareOSREntry):
1651         * ftl/FTLState.cpp:
1652         (JSC::FTL::State::State):
1653         * heap/MarkedBlock.h:
1654         (JSC::MarkedBlock::isAtom):
1655         (JSC::MarkedBlock::isLiveCell):
1656         * interpreter/Interpreter.cpp:
1657         (JSC::eval):
1658         (JSC::Interpreter::dumpRegisters):
1659         * jit/JIT.cpp:
1660         (JSC::JIT::privateCompileMainPass):
1661         (JSC::JIT::frameRegisterCountFor):
1662         * jit/JIT.h:
1663         * jit/JITOpcodes.cpp:
1664         (JSC::JIT::emitNewFuncCommon):
1665         (JSC::JIT::emit_op_new_func):
1666         (JSC::JIT::emit_op_new_generator_func):
1667         (JSC::JIT::emitNewFuncExprCommon):
1668         (JSC::JIT::emit_op_new_func_exp):
1669         (JSC::JIT::emit_op_new_generator_func_exp):
1670         (JSC::JIT::emit_op_save):
1671         (JSC::JIT::emit_op_resume):
1672         * jit/JITOperations.cpp:
1673         (JSC::operationNewFunctionCommon):
1674         * jit/JITOperations.h:
1675         * llint/LLIntEntrypoint.cpp:
1676         (JSC::LLInt::frameRegisterCountFor):
1677         * llint/LLIntSlowPaths.cpp:
1678         (JSC::LLInt::traceFunctionPrologue):
1679         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1680         * llint/LLIntSlowPaths.h:
1681         * llint/LowLevelInterpreter.asm:
1682         * parser/ASTBuilder.h:
1683         (JSC::ASTBuilder::createYield):
1684         (JSC::ASTBuilder::createFunctionMetadata):
1685         (JSC::ASTBuilder::propagateArgumentsUse):
1686         * parser/Nodes.cpp:
1687         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1688         * parser/Nodes.h:
1689         * parser/Parser.cpp:
1690         (JSC::Parser<LexerType>::Parser):
1691         (JSC::Parser<LexerType>::parseInner):
1692         (JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
1693         (JSC::Parser<LexerType>::parseFunctionBody):
1694         (JSC::stringForFunctionMode):
1695         (JSC::Parser<LexerType>::createGeneratorParameters):
1696         (JSC::Parser<LexerType>::parseFunctionInfo):
1697         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1698         (JSC::Parser<LexerType>::parseClass):
1699         (JSC::Parser<LexerType>::parseAssignmentExpression):
1700         (JSC::Parser<LexerType>::parseYieldExpression):
1701         (JSC::Parser<LexerType>::parsePropertyMethod):
1702         (JSC::Parser<LexerType>::parseFunctionExpression):
1703         * parser/Parser.h:
1704         (JSC::Scope::Scope):
1705         (JSC::Scope::setSourceParseMode):
1706         (JSC::Scope::hasArguments):
1707         (JSC::Scope::collectFreeVariables):
1708         (JSC::Scope::setIsFunction):
1709         (JSC::Scope::setIsGeneratorFunction):
1710         (JSC::Scope::setIsGenerator):
1711         (JSC::parse):
1712         * parser/ParserModes.h:
1713         (JSC::isFunctionParseMode):
1714         (JSC::isModuleParseMode):
1715         (JSC::isProgramParseMode):
1716         * parser/SourceCodeKey.h: Added.
1717         (JSC::SourceCodeKey::SourceCodeKey):
1718         (JSC::SourceCodeKey::isHashTableDeletedValue):
1719         (JSC::SourceCodeKey::hash):
1720         (JSC::SourceCodeKey::length):
1721         (JSC::SourceCodeKey::isNull):
1722         (JSC::SourceCodeKey::string):
1723         (JSC::SourceCodeKey::operator==):
1724         (JSC::SourceCodeKeyHash::hash):
1725         (JSC::SourceCodeKeyHash::equal):
1726         (JSC::SourceCodeKeyHashTraits::isEmptyValue):
1727         * parser/SyntaxChecker.h:
1728         (JSC::SyntaxChecker::createYield):
1729         (JSC::SyntaxChecker::createFunctionMetadata):
1730         (JSC::SyntaxChecker::operatorStackPop):
1731         * runtime/CodeCache.cpp:
1732         (JSC::CodeCache::getGlobalCodeBlock):
1733         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1734         * runtime/CodeCache.h:
1735         (JSC::SourceCodeKey::SourceCodeKey): Deleted.
1736         (JSC::SourceCodeKey::isHashTableDeletedValue): Deleted.
1737         (JSC::SourceCodeKey::hash): Deleted.
1738         (JSC::SourceCodeKey::length): Deleted.
1739         (JSC::SourceCodeKey::isNull): Deleted.
1740         (JSC::SourceCodeKey::string): Deleted.
1741         (JSC::SourceCodeKey::operator==): Deleted.
1742         (JSC::SourceCodeKeyHash::hash): Deleted.
1743         (JSC::SourceCodeKeyHash::equal): Deleted.
1744         (JSC::SourceCodeKeyHashTraits::isEmptyValue): Deleted.
1745         * runtime/CommonIdentifiers.h:
1746         * runtime/CommonSlowPaths.cpp:
1747         (JSC::SLOW_PATH_DECL):
1748         * runtime/CommonSlowPaths.h:
1749         * runtime/Completion.cpp:
1750         (JSC::checkSyntax):
1751         (JSC::checkModuleSyntax):
1752         * runtime/Executable.cpp:
1753         (JSC::ScriptExecutable::newCodeBlockFor):
1754         (JSC::ProgramExecutable::checkSyntax):
1755         * runtime/Executable.h:
1756         * runtime/FunctionConstructor.cpp:
1757         (JSC::constructFunction):
1758         (JSC::constructFunctionSkippingEvalEnabledCheck):
1759         * runtime/FunctionConstructor.h:
1760         * runtime/GeneratorFrame.cpp: Added.
1761         (JSC::GeneratorFrame::GeneratorFrame):
1762         (JSC::GeneratorFrame::finishCreation):
1763         (JSC::GeneratorFrame::createStructure):
1764         (JSC::GeneratorFrame::create):
1765         (JSC::GeneratorFrame::save):
1766         (JSC::GeneratorFrame::resume):
1767         (JSC::GeneratorFrame::visitChildren):
1768         * runtime/GeneratorFrame.h: Added.
1769         (JSC::GeneratorFrame::locals):
1770         (JSC::GeneratorFrame::localAt):
1771         (JSC::GeneratorFrame::offsetOfLocals):
1772         (JSC::GeneratorFrame::allocationSizeForLocals):
1773         * runtime/GeneratorFunctionConstructor.cpp: Added.
1774         (JSC::GeneratorFunctionConstructor::GeneratorFunctionConstructor):
1775         (JSC::GeneratorFunctionConstructor::finishCreation):
1776         (JSC::callGeneratorFunctionConstructor):
1777         (JSC::constructGeneratorFunctionConstructor):
1778         (JSC::GeneratorFunctionConstructor::getCallData):
1779         (JSC::GeneratorFunctionConstructor::getConstructData):
1780         * runtime/GeneratorFunctionConstructor.h: Added.
1781         (JSC::GeneratorFunctionConstructor::create):
1782         (JSC::GeneratorFunctionConstructor::createStructure):
1783         * runtime/GeneratorFunctionPrototype.cpp: Added.
1784         (JSC::GeneratorFunctionPrototype::GeneratorFunctionPrototype):
1785         (JSC::GeneratorFunctionPrototype::finishCreation):
1786         * runtime/GeneratorFunctionPrototype.h: Added.
1787         (JSC::GeneratorFunctionPrototype::create):
1788         (JSC::GeneratorFunctionPrototype::createStructure):
1789         * runtime/GeneratorPrototype.cpp: Copied from Source/JavaScriptCore/ftl/FTLForOSREntryJITCode.cpp.
1790         (JSC::GeneratorPrototype::finishCreation):
1791         (JSC::GeneratorPrototype::getOwnPropertySlot):
1792         * runtime/GeneratorPrototype.h: Copied from Source/JavaScriptCore/ftl/FTLForOSREntryJITCode.cpp.
1793         (JSC::GeneratorPrototype::create):
1794         (JSC::GeneratorPrototype::createStructure):
1795         (JSC::GeneratorPrototype::GeneratorPrototype):
1796         * runtime/GeneratorThisMode.h: Added.
1797         * runtime/JSFunction.cpp:
1798         (JSC::JSFunction::getOwnPropertySlot):
1799         * runtime/JSGeneratorFunction.cpp: Added.
1800         (JSC::JSGeneratorFunction::JSGeneratorFunction):
1801         (JSC::JSGeneratorFunction::createImpl):
1802         (JSC::JSGeneratorFunction::create):
1803         (JSC::JSGeneratorFunction::createWithInvalidatedReallocationWatchpoint):
1804         * runtime/JSGeneratorFunction.h: Added.
1805         (JSC::JSGeneratorFunction::allocationSize):
1806         (JSC::JSGeneratorFunction::createStructure):
1807         * runtime/JSGlobalObject.cpp:
1808         (JSC::JSGlobalObject::init):
1809         (JSC::JSGlobalObject::visitChildren):
1810         * runtime/JSGlobalObject.h:
1811         (JSC::JSGlobalObject::generatorFunctionPrototype):
1812         (JSC::JSGlobalObject::generatorPrototype):
1813         (JSC::JSGlobalObject::generatorFunctionStructure):
1814         * runtime/ModuleLoaderObject.cpp:
1815         (JSC::moduleLoaderObjectParseModule):
1816         * runtime/VM.cpp:
1817         (JSC::VM::VM):
1818         * runtime/VM.h:
1819         * tests/es6.yaml:
1820         * tests/es6/generators_yield_star_generic_iterables.js:
1821         (iterator.next):
1822         (iterable.Symbol.iterator):
1823         (__createIterableObject):
1824         * tests/es6/generators_yield_star_instances_of_iterables.js:
1825         (iterator.next):
1826         (iterable.Symbol.iterator):
1827         (__createIterableObject):
1828         * tests/es6/generators_yield_star_iterator_closing.js:
1829         (iterator.next):
1830         (iterable.Symbol.iterator):
1831         (__createIterableObject):
1832         * tests/es6/generators_yield_star_iterator_closing_via_throw.js:
1833         (iterator.next):
1834         (iterable.Symbol.iterator):
1835         (__createIterableObject):
1836         * tests/stress/generator-arguments-from-function.js: Added.
1837         (shouldBe):
1838         (test):
1839         * tests/stress/generator-arguments.js: Added.
1840         (shouldBe):
1841         (g1):
1842         * tests/stress/generator-class-methods-syntax.js: Added.
1843         (testSyntax):
1844         (testSyntaxError):
1845         (testSyntaxError.Cocoa):
1846         (testSyntax.Cocoa.prototype.ok):
1847         (testSyntax.Cocoa):
1848         (testSyntax.Cocoa.ok):
1849         * tests/stress/generator-class-methods.js: Added.
1850         (shouldBe):
1851         (prototype.gen):
1852         (staticGen):
1853         (shouldBe.g.next):
1854         * tests/stress/generator-eval-this.js: Added.
1855         (shouldBe):
1856         (shouldThrow):
1857         (B):
1858         (A):
1859         (C.prototype.generator):
1860         (C):
1861         (TypeError):
1862         * tests/stress/generator-function-constructor.js: Added.
1863         (shouldBe):
1864         (generatorFunctionConstructor):
1865         * tests/stress/generator-function-name.js: Added.
1866         (shouldBe):
1867         (ok):
1868         * tests/stress/generator-methods-with-non-generator.js: Added.
1869         (shouldThrow):
1870         * tests/stress/generator-relations.js: Added.
1871         (shouldBe):
1872         (generatorFunction):
1873         * tests/stress/generator-return-before-first-call.js: Added.
1874         (shouldBe):
1875         (shouldBeIteratorResult):
1876         * tests/stress/generator-return.js: Added.
1877         (shouldBe):
1878         (shouldBeIteratorResult):
1879         * tests/stress/generator-this.js: Added.
1880         (shouldBe):
1881         (shouldThrow):
1882         (gen):
1883         (shouldBe.g.next):
1884         * tests/stress/generator-throw-before-first-call.js: Added.
1885         (unreachable):
1886         (gen):
1887         (catch):
1888         * tests/stress/generator-throw.js: Added.
1889         (shouldBe):
1890         (shouldBeIteratorResult):
1891         * tests/stress/generator-with-new-target.js: Added.
1892         (shouldBe):
1893         (gen):
1894         * tests/stress/generator-with-super.js: Added.
1895         (shouldThrow):
1896         (test):
1897         (B.prototype.gen):
1898         (B):
1899         (A.prototype.gen):
1900         (A):
1901         * tests/stress/generator-yield-star.js: Added.
1902         (shouldBe):
1903         (shouldThrow):
1904         (prototype.call):
1905         (Arrays):
1906         (Arrays.prototype.Symbol.iterator):
1907         (Iterator.prototype.next):
1908         (Iterator.prototype.string_appeared_here):
1909         (Iterator.prototype.Symbol.iterator):
1910         (Iterator):
1911         (gen):
1912
1913 2015-12-01  Filip Pizlo  <fpizlo@apple.com>
1914
1915         Remove repetitive cruft from FTL OSR exit code in LowerDFGToLLVM
1916         https://bugs.webkit.org/show_bug.cgi?id=151718
1917
1918         Reviewed by Geoffrey Garen.
1919
1920         * b3/B3StackmapValue.h:
1921         * ftl/FTLLowerDFGToLLVM.cpp:
1922         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
1923         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException):
1924         (JSC::FTL::DFG::LowerDFGToLLVM::lowBlock):
1925         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitDescriptor):
1926         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
1927         (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
1928         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
1929         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
1930         (JSC::FTL::DFG::LowerDFGToLLVM::callStackmap):
1931
1932 2015-12-01  Caitlin Potter  <caitp@igalia.com>
1933
1934         [JSC] add missing RequireObjectCoercible() step in destructuring
1935         https://bugs.webkit.org/show_bug.cgi?id=151596
1936
1937         Reviewed by Darin Adler.
1938
1939         * bytecompiler/BytecodeGenerator.cpp:
1940         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1941         * bytecompiler/BytecodeGenerator.h:
1942         * bytecompiler/NodesCodegen.cpp:
1943         (JSC::ObjectPatternNode::bindValue):
1944         * tests/stress/destructuring-assignment-require-object-coercible.js: Added.
1945         (testTypeError):
1946         (testOK):
1947
1948 2015-12-01  Mark Lam  <mark.lam@apple.com>
1949
1950         Refactor FTL sub snippet code to support general binary op snippets.
1951         https://bugs.webkit.org/show_bug.cgi?id=151706
1952
1953         Reviewed by Geoffrey Garen.
1954
1955         * CMakeLists.txt:
1956         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1957         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1958         * JavaScriptCore.xcodeproj/project.pbxproj:
1959
1960         * ftl/FTLCompile.cpp:
1961         - Moved the BinarySnippetRegisterContext to FTLCompileBinaryOp.cpp verbatim.
1962         - Generalize generateArithSubICFastPath() to generateBinaryOpICFastPath().
1963           It now uses snippet specific helpers in FTLCompileBinaryOp.cpp to generate
1964           the fast paths.
1965
1966         * ftl/FTLCompileBinaryOp.cpp: Added.
1967         (JSC::FTL::BinarySnippetRegisterContext::BinarySnippetRegisterContext):
1968         (JSC::FTL::BinarySnippetRegisterContext::initializeRegisters):
1969         (JSC::FTL::BinarySnippetRegisterContext::restoreRegisters):
1970         - Moved here without changed from FTLCompile.cpp.
1971         (JSC::FTL::generateArithSubFastPath):
1972         * ftl/FTLCompileBinaryOp.h: Added.
1973
1974         * ftl/FTLInlineCacheDescriptor.h:
1975         (JSC::FTL::BinaryOpDescriptor::nodeType):
1976         (JSC::FTL::BinaryOpDescriptor::size):
1977         (JSC::FTL::BinaryOpDescriptor::name):
1978         (JSC::FTL::BinaryOpDescriptor::fastPathICName):
1979         (JSC::FTL::BinaryOpDescriptor::slowPathFunction):
1980         (JSC::FTL::BinaryOpDescriptor::leftOperand):
1981         (JSC::FTL::BinaryOpDescriptor::rightOperand):
1982         (JSC::FTL::BinaryOpDescriptor::BinaryOpDescriptor):
1983         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor): Deleted.
1984         (JSC::FTL::ArithSubDescriptor::leftType): Deleted.
1985         (JSC::FTL::ArithSubDescriptor::rightType): Deleted.
1986         - Refactor ArithSubDescriptor into BinaryOpDescriptor, and re-add a sub-class
1987           ArithSubDescriptor as specializations of BinaryOpDescriptor.
1988
1989         * ftl/FTLInlineCacheDescriptorInlines.h: Added.
1990         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
1991         (JSC::FTL::ArithSubDescriptor::icSize):
1992
1993         * ftl/FTLLowerDFGToLLVM.cpp:
1994         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
1995         * ftl/FTLOSRExit.cpp:
1996         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
1997         (JSC::FTL::OSRExit::willArriveAtOSRExitFromCallOperation):
1998         * ftl/FTLOSRExit.h:
1999         * ftl/FTLState.h:
2000
2001 2015-12-01  Carlos Garcia Campos  <cgarcia@igalia.com>
2002
2003         Unreviewed, rolling out r192876.
2004
2005         It broke a lot of JSC and layout tests for GTK and EFL
2006
2007         Reverted changeset:
2008
2009         "[ES6] "super" and "this" should be lexically bound inside an
2010         arrow function and should live in a JSLexicalEnvironment"
2011         https://bugs.webkit.org/show_bug.cgi?id=149338
2012         http://trac.webkit.org/changeset/192876
2013
2014 2015-12-01 Aleksandr Skachkov   <gskachkov@gmail.com>
2015
2016         [ES6] "super" and "this" should be lexically bound inside an arrow function and should live in a JSLexicalEnvironment
2017         https://bugs.webkit.org/show_bug.cgi?id=149338
2018
2019         Reviewed by Saam Barati.
2020
2021         Implemented new version of the lexically bound 'this' in arrow function. In current version 
2022         'this' is stored inside of the lexical environment of the function. To store and load we use
2023         op_get_from_scope and op_put_to_scope operations. Also new implementation prevent raising TDZ
2024         error for arrow functions that are declared before super() but invoke after.
2025
2026         * builtins/BuiltinExecutables.cpp:
2027         (JSC::createExecutableInternal):
2028         * bytecode/BytecodeList.json:
2029         * bytecode/BytecodeUseDef.h:
2030         * bytecode/CodeBlock.cpp:
2031         (JSC::CodeBlock::dumpBytecode):
2032         * bytecode/EvalCodeCache.h:
2033         (JSC::EvalCodeCache::getSlow):
2034         * bytecode/ExecutableInfo.h:
2035         (JSC::ExecutableInfo::ExecutableInfo):
2036         (JSC::ExecutableInfo::isDerivedConstructorContext):
2037         (JSC::ExecutableInfo::isArrowFunctionContext):
2038         * bytecode/UnlinkedCodeBlock.cpp:
2039         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2040         * bytecode/UnlinkedCodeBlock.h:
2041         (JSC::UnlinkedCodeBlock::isDerivedConstructorContext):
2042         (JSC::UnlinkedCodeBlock::isArrowFunctionContext):
2043         * bytecode/UnlinkedFunctionExecutable.cpp:
2044         (JSC::generateUnlinkedFunctionCodeBlock):
2045         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2046         * bytecode/UnlinkedFunctionExecutable.h:
2047         * bytecompiler/BytecodeGenerator.cpp:
2048         (JSC::BytecodeGenerator::BytecodeGenerator):
2049         (JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
2050         (JSC::BytecodeGenerator::variable):
2051         (JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
2052         (JSC::BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment):
2053         (JSC::BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment):
2054         (JSC::BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment):
2055         (JSC::BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope):
2056         (JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
2057         (JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):
2058         * bytecompiler/BytecodeGenerator.h:
2059         (JSC::BytecodeGenerator::isDerivedConstructorContext):
2060         (JSC::BytecodeGenerator::usesArrowFunction):
2061         (JSC::BytecodeGenerator::needsToUpdateArrowFunctionContext):
2062         (JSC::BytecodeGenerator::usesEval):
2063         (JSC::BytecodeGenerator::usesThis):
2064         (JSC::BytecodeGenerator::newTarget):
2065         (JSC::BytecodeGenerator::makeFunction):
2066         * bytecompiler/NodesCodegen.cpp:
2067         (JSC::ThisNode::emitBytecode):
2068         (JSC::SuperNode::emitBytecode):
2069         (JSC::EvalFunctionCallNode::emitBytecode):
2070         (JSC::FunctionCallValueNode::emitBytecode):
2071         (JSC::FunctionNode::emitBytecode):
2072         * debugger/DebuggerCallFrame.cpp:
2073         (JSC::DebuggerCallFrame::evaluate):
2074         * dfg/DFGAbstractInterpreterInlines.h:
2075         * dfg/DFGByteCodeParser.cpp:
2076         (JSC::DFG::ByteCodeParser::parseBlock):
2077         * dfg/DFGCapabilities.cpp:
2078         * dfg/DFGClobberize.h:
2079         * dfg/DFGDoesGC.cpp:
2080         * dfg/DFGFixupPhase.cpp:
2081         * dfg/DFGNodeType.h:
2082         * dfg/DFGObjectAllocationSinkingPhase.cpp:
2083         * dfg/DFGPredictionPropagationPhase.cpp:
2084         * dfg/DFGPromotedHeapLocation.cpp:
2085         * dfg/DFGPromotedHeapLocation.h:
2086         * dfg/DFGSafeToExecute.h:
2087         * dfg/DFGSpeculativeJIT.cpp:
2088         * dfg/DFGSpeculativeJIT.h:
2089         * dfg/DFGSpeculativeJIT32_64.cpp:
2090         * dfg/DFGSpeculativeJIT64.cpp:
2091         * ftl/FTLCapabilities.cpp:
2092         * ftl/FTLLowerDFGToLLVM.cpp:
2093         * ftl/FTLOperations.cpp:
2094         (JSC::FTL::operationMaterializeObjectInOSR):
2095         * interpreter/Interpreter.cpp:
2096         (JSC::eval):
2097         * jit/JIT.cpp:
2098         * jit/JIT.h:
2099         * jit/JITOpcodes.cpp:
2100         (JSC::JIT::emitNewFuncExprCommon):
2101         * jit/JITOpcodes32_64.cpp:
2102         * llint/LLIntSlowPaths.cpp:
2103         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2104         * llint/LowLevelInterpreter.asm:
2105         * llint/LowLevelInterpreter32_64.asm:
2106         * llint/LowLevelInterpreter64.asm:
2107         * parser/ASTBuilder.h:
2108         (JSC::ASTBuilder::createArrowFunctionExpr):
2109         (JSC::ASTBuilder::usesArrowFunction):
2110         * parser/Nodes.h:
2111         (JSC::ScopeNode::usesArrowFunction):
2112         * parser/Parser.cpp:
2113         (JSC::Parser<LexerType>::parseFunctionInfo):
2114         * parser/ParserModes.h:
2115         * runtime/CodeCache.cpp:
2116         (JSC::CodeCache::getGlobalCodeBlock):
2117         (JSC::CodeCache::getProgramCodeBlock):
2118         (JSC::CodeCache::getEvalCodeBlock):
2119         (JSC::CodeCache::getModuleProgramCodeBlock):
2120         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2121         * runtime/CodeCache.h:
2122         * runtime/CommonIdentifiers.h:
2123         * runtime/CommonSlowPaths.cpp:
2124         (JSC::SLOW_PATH_DECL):
2125         * runtime/Executable.cpp:
2126         (JSC::ScriptExecutable::ScriptExecutable):
2127         (JSC::EvalExecutable::create):
2128         (JSC::EvalExecutable::EvalExecutable):
2129         (JSC::ProgramExecutable::ProgramExecutable):
2130         (JSC::ModuleProgramExecutable::ModuleProgramExecutable):
2131         (JSC::FunctionExecutable::FunctionExecutable):
2132         * runtime/Executable.h:
2133         (JSC::ScriptExecutable::isArrowFunctionContext):
2134         (JSC::ScriptExecutable::isDerivedConstructorContext):
2135         * runtime/JSGlobalObject.cpp:
2136         (JSC::JSGlobalObject::createEvalCodeBlock):
2137         * runtime/JSGlobalObject.h:
2138         * runtime/JSGlobalObjectFunctions.cpp:
2139         (JSC::globalFuncEval):
2140         * tests/es6.yaml:
2141         * tests/stress/arrowfunction-activation-sink-osrexit.js:
2142         * tests/stress/arrowfunction-activation-sink.js:
2143         * tests/stress/arrowfunction-lexical-bind-newtarget.js: Added.
2144         * tests/stress/arrowfunction-lexical-bind-supercall-1.js: Added.
2145         * tests/stress/arrowfunction-lexical-bind-supercall-2.js: Added.
2146         * tests/stress/arrowfunction-lexical-bind-supercall-3.js: Added.
2147         * tests/stress/arrowfunction-lexical-bind-supercall-4.js: Added.
2148         * tests/stress/arrowfunction-lexical-bind-this-1.js:
2149         * tests/stress/arrowfunction-lexical-bind-this-7.js: Added.
2150         * tests/stress/arrowfunction-tdz-1.js: Added.
2151         * tests/stress/arrowfunction-tdz-2.js: Added.
2152         * tests/stress/arrowfunction-tdz-3.js: Added.
2153         * tests/stress/arrowfunction-tdz-4.js: Added.
2154         * tests/stress/arrowfunction-tdz.js: Removed.
2155
2156 2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2157
2158         [Streams API] streams should not directly use Number and related methods
2159         https://bugs.webkit.org/show_bug.cgi?id=151499
2160
2161         Reviewed by Darin Adler.
2162
2163         * runtime/CommonIdentifiers.h: Adding isNaN as private symbol.
2164         * runtime/JSGlobalObject.cpp:
2165         (JSC::JSGlobalObject::init): Adding @isNaN function.
2166
2167 2015-12-01  Csaba Osztrogonác  <ossy@webkit.org>
2168
2169         Don't hide the argument name inside for block in AirIteratedRegisterCoalescing.cpp
2170         https://bugs.webkit.org/show_bug.cgi?id=151622
2171
2172         Reviewed by Darin Adler.
2173
2174         * b3/air/AirIteratedRegisterCoalescing.cpp:
2175         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
2176
2177 2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2178
2179         [Streams API] Remove use of @catch for exposed promises
2180         https://bugs.webkit.org/show_bug.cgi?id=151625
2181
2182         Reviewed by Darin Adler.
2183
2184         * runtime/JSPromisePrototype.cpp:
2185         (JSC::JSPromisePrototype::addOwnInternalSlots): Removing @catch from the prototype as it is not safe.
2186
2187 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2188
2189         B3::ValueRep::Any should translate into a Arg::ColdUse role in Air
2190         https://bugs.webkit.org/show_bug.cgi?id=151174
2191
2192         Reviewed by Geoffrey Garen and Benjamin Poulain.
2193
2194         This teaches the register allocator that it should pick spills based on whichever tmp has the
2195         highest score:
2196
2197             score(tmp) = degree(tmp) / sum(for each use of tmp, block->frequency)
2198
2199         In other words, the numerator is the number of edges in the inteference graph and the denominator
2200         is an estimate of the dynamic number of uses.
2201
2202         This also extends Arg::Role to know that there is such a thing as ColdUse, i.e. a Use that
2203         doesn't count as such for the above formula. Because LateUse is always used in contexts where we
2204         want it to be Cold, I've defined LateUse to imply ColdUse.
2205
2206         This gets rid of all spilling inside the hot loop in Kraken/imaging-gaussian-blur. But more
2207         importantly, it makes our register allocator use a well-known heuristic based on reusable
2208         building blocks like the new Air::UseCounts. Even if the heuristic is slightly wrong, the right
2209         heuristic probably uses the same building blocks.
2210
2211         * JavaScriptCore.xcodeproj/project.pbxproj:
2212         * b3/B3StackmapSpecial.cpp:
2213         (JSC::B3::StackmapSpecial::forEachArgImpl):
2214         * b3/B3ValueRep.h:
2215         * b3/air/AirArg.cpp:
2216         (WTF::printInternal):
2217         * b3/air/AirArg.h:
2218         (JSC::B3::Air::Arg::isAnyUse):
2219         (JSC::B3::Air::Arg::isColdUse):
2220         (JSC::B3::Air::Arg::isWarmUse):
2221         (JSC::B3::Air::Arg::isEarlyUse):
2222         (JSC::B3::Air::Arg::isDef):
2223         * b3/air/AirIteratedRegisterCoalescing.cpp:
2224         (JSC::B3::Air::iteratedRegisterCoalescing):
2225         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::IteratedRegisterCoalescingAllocator): Deleted.
2226         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocatedReg): Deleted.
2227         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::tmpArraySize): Deleted.
2228         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees): Deleted.
2229         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build): Deleted.
2230         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::selectSpill): Deleted.
2231         (JSC::B3::Air::isUselessMoveInst): Deleted.
2232         (JSC::B3::Air::assignRegisterToTmpInProgram): Deleted.
2233         (JSC::B3::Air::addSpillAndFillToProgram): Deleted.
2234         (JSC::B3::Air::iteratedRegisterCoalescingOnType): Deleted.
2235         * b3/air/AirLiveness.h:
2236         * b3/air/AirSpillEverything.cpp:
2237         (JSC::B3::Air::spillEverything):
2238         * b3/air/AirUseCounts.h: Added.
2239         (JSC::B3::Air::UseCounts::Counts::dump):
2240         (JSC::B3::Air::UseCounts::UseCounts):
2241         (JSC::B3::Air::UseCounts::operator[]):
2242         (JSC::B3::Air::UseCounts::dump):
2243         * runtime/Options.h:
2244
2245 2015-11-30  Csaba Osztrogonác  <ossy@webkit.org>
2246
2247         Fix the !ENABLE(DFG_JIT) build after r192699
2248         https://bugs.webkit.org/show_bug.cgi?id=151616
2249
2250         Reviewed by Darin Adler.
2251
2252         * assembler/MacroAssembler.h:
2253
2254 2015-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
2255
2256         Object::{freeze, seal} perform preventExtensionsTransition twice
2257         https://bugs.webkit.org/show_bug.cgi?id=151606
2258
2259         Reviewed by Darin Adler.
2260
2261         In Structure::{freezeTransition, sealTransition}, we perform preventExtensionsTransition.
2262         So it is unnecessary to perform preventExtensionsTransition before executing Structure::{freezeTransition, sealTransition}.
2263
2264         * runtime/JSObject.cpp:
2265         (JSC::JSObject::seal):
2266         (JSC::JSObject::freeze):
2267         (JSC::JSObject::preventExtensions):
2268         * tests/stress/freeze-and-seal-should-prevent-extensions.js: Added.
2269         (shouldBe):
2270         (shouldThrow):
2271
2272 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
2273
2274         [JSC] Add Sqrt to B3
2275         https://bugs.webkit.org/show_bug.cgi?id=151692
2276
2277         Reviewed by Geoffrey Garen.
2278
2279         * assembler/MacroAssemblerX86Common.h:
2280         (JSC::MacroAssemblerX86Common::sqrtDouble):
2281         * assembler/X86Assembler.h:
2282         (JSC::X86Assembler::sqrtsd_mr):
2283         * b3/B3LowerToAir.cpp:
2284         (JSC::B3::Air::LowerToAir::lower):
2285         * b3/B3Opcode.cpp:
2286         (WTF::printInternal):
2287         * b3/B3Opcode.h:
2288         * b3/B3Validate.cpp:
2289         * b3/B3Value.cpp:
2290         (JSC::B3::Value::effects):
2291         (JSC::B3::Value::key):
2292         (JSC::B3::Value::typeFor):
2293         * b3/air/AirOpcode.opcodes:
2294         * b3/testb3.cpp:
2295         (JSC::B3::testSqrtArg):
2296         (JSC::B3::testSqrtImm):
2297         (JSC::B3::testSqrtMem):
2298         (JSC::B3::run):
2299         * ftl/FTLB3Output.h:
2300         (JSC::FTL::Output::doubleSqrt):
2301
2302 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2303
2304         FTL lazy slow paths should work with B3
2305         https://bugs.webkit.org/show_bug.cgi?id=151667
2306
2307         Reviewed by Geoffrey Garen.
2308
2309         This adds all of the glue necessary to make FTL::LazySlowPath work with B3. The B3 approach
2310         allows us to put all of the code in FTL::LowerDFGToLLVM, instead of having supporting data
2311         structures on the side and a bunch of complex code in FTLCompile.cpp.
2312
2313         * b3/B3CheckSpecial.cpp:
2314         (JSC::B3::CheckSpecial::generate):
2315         * b3/B3LowerToAir.cpp:
2316         (JSC::B3::Air::LowerToAir::run):
2317         * b3/B3PatchpointSpecial.cpp:
2318         (JSC::B3::PatchpointSpecial::generate):
2319         * b3/B3StackmapValue.h:
2320         * ftl/FTLJSTailCall.cpp:
2321         (JSC::FTL::DFG::recoveryFor):
2322         (JSC::FTL::JSTailCall::emit):
2323         * ftl/FTLLazySlowPath.cpp:
2324         (JSC::FTL::LazySlowPath::LazySlowPath):
2325         (JSC::FTL::LazySlowPath::generate):
2326         * ftl/FTLLazySlowPath.h:
2327         (JSC::FTL::LazySlowPath::createGenerator):
2328         (JSC::FTL::LazySlowPath::patchableJump):
2329         (JSC::FTL::LazySlowPath::done):
2330         (JSC::FTL::LazySlowPath::patchpoint):
2331         (JSC::FTL::LazySlowPath::usedRegisters):
2332         (JSC::FTL::LazySlowPath::callSiteIndex):
2333         (JSC::FTL::LazySlowPath::stub):
2334         * ftl/FTLLocation.cpp:
2335         (JSC::FTL::Location::forValueRep):
2336         (JSC::FTL::Location::forStackmaps):
2337         (JSC::FTL::Location::dump):
2338         (JSC::FTL::Location::isGPR):
2339         (JSC::FTL::Location::gpr):
2340         (JSC::FTL::Location::isFPR):
2341         (JSC::FTL::Location::fpr):
2342         (JSC::FTL::Location::restoreInto):
2343         * ftl/FTLLocation.h:
2344         (JSC::FTL::Location::Location):
2345         (JSC::FTL::Location::forRegister):
2346         (JSC::FTL::Location::forIndirect):
2347         (JSC::FTL::Location::forConstant):
2348         (JSC::FTL::Location::kind):
2349         (JSC::FTL::Location::hasReg):
2350         (JSC::FTL::Location::reg):
2351         (JSC::FTL::Location::hasOffset):
2352         (JSC::FTL::Location::offset):
2353         (JSC::FTL::Location::hash):
2354         (JSC::FTL::Location::hasDwarfRegNum): Deleted.
2355         (JSC::FTL::Location::dwarfRegNum): Deleted.
2356         (JSC::FTL::Location::hasDwarfReg): Deleted.
2357         (JSC::FTL::Location::dwarfReg): Deleted.
2358         * ftl/FTLLowerDFGToLLVM.cpp:
2359         (JSC::FTL::DFG::LowerDFGToLLVM::LowerDFGToLLVM):
2360         (JSC::FTL::DFG::LowerDFGToLLVM::lazySlowPath):
2361         * jit/RegisterSet.cpp:
2362         (JSC::RegisterSet::stubUnavailableRegisters):
2363         (JSC::RegisterSet::macroScratchRegisters):
2364         (JSC::RegisterSet::calleeSaveRegisters):
2365         * jit/RegisterSet.h:
2366
2367 2015-11-30  Geoffrey Garen  <ggaren@apple.com>
2368
2369         Use a better RNG for Math.random()
2370         https://bugs.webkit.org/show_bug.cgi?id=151641
2371
2372         Reviewed by Anders Carlsson.
2373
2374         Updated for interface change.
2375
2376         * runtime/JSGlobalObject.cpp:
2377         (JSC::JSGlobalObject::setInputCursor):
2378
2379 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
2380
2381         [JSC] Speed up Air Liveness Analysis on Tmps
2382         https://bugs.webkit.org/show_bug.cgi?id=151556
2383
2384         Reviewed by Filip Pizlo.
2385
2386         Liveness Analysis scales poorly on large graphs like the ones
2387         generated by testComplex().
2388         This patch introduces a faster of Liveness using the continuous indices
2389         of values instead of the values themselves.
2390
2391         There are two main areas of improvements:
2392         1) Reduce the cost of doing a LocalCalc over a BasicBlock.
2393         2) Reduce how many LocalCalc are needed to converge to a solution.
2394
2395         Most of the costs of LocalCalc are from HashSet manipulations.
2396         The HashSet operations are O(1) but the constant is large enough
2397         to be a problem.
2398
2399         I used a similar trick as the Register Allocator to remove hashing
2400         and collision handling: the absolute value of the Tmp is used as an index
2401         into a flat array.
2402
2403         I used Briggs's Sparse Set implementation for the local live information
2404         at each instruction. It has great properties for doing the local calculation:
2405         -No memory reallocation.
2406         -O(1) add() and remove() with a small constant.
2407         -Strict O(n) iteration.
2408         -O(1) clear().
2409
2410         The values Live-At-Head are now stored into a Vector. The Sparse Set
2411         is used to maintain the Tmp uniqueness.
2412
2413         When forwarding new liveness at head to the predecessor, I start by removing
2414         everything that was already in live-at-head. We can assume that any value
2415         in that list has already been added to the predecessors.
2416         This leaves us with a small-ish number of Tmps to add to live-at-head
2417         and to the predecessors.
2418
2419         The speed up convergence, I used the same trick as DFG's liveness: keep
2420         a set of dirty blocks to process. In practice, all the blocks without
2421         back-edges converge quickly, and we only propagate liveness as needed.
2422
2423         This patch reduces the time taken by "testComplex(64, 384)" by another 5%.
2424
2425         The remaining things to do for Liveness are:
2426         -Skip the first block for the fix point (it is often large and doing a local
2427          calc on it is useless).
2428         -Find a better Data Structure for live-at-tail (updating the HashSet takes
2429          > 50% of the total convergence time).
2430
2431         * JavaScriptCore.xcodeproj/project.pbxproj:
2432         * b3/air/AirIteratedRegisterCoalescing.cpp:
2433         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build):
2434         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::getAlias):
2435         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::getAliasWhenSpilling):
2436         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocatedReg):
2437         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::tmpArraySize):
2438         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees):
2439         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
2440         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdge):
2441         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::makeWorkList):
2442         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::simplify):
2443         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::forEachAdjacent):
2444         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::hasBeenSimplified):
2445         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::decrementDegree):
2446         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::forEachNodeMoves):
2447         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::isMoveRelated):
2448         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::enableMovesOnValue):
2449         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::precoloredCoalescingHeuristic):
2450         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::conservativeHeuristic):
2451         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addWorkList):
2452         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::combine):
2453         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::freezeMoves):
2454         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::selectSpill):
2455         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::assignColors):
2456         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::dumpInterferenceGraphInDot):
2457         (JSC::B3::Air::iteratedRegisterCoalescingOnType):
2458         (JSC::B3::Air::iteratedRegisterCoalescing):
2459         (JSC::B3::Air::AbsoluteTmpHelper<Arg::GP>::absoluteIndex): Deleted.
2460         (JSC::B3::Air::AbsoluteTmpHelper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
2461         (JSC::B3::Air::AbsoluteTmpHelper<Arg::FP>::absoluteIndex): Deleted.
2462         (JSC::B3::Air::AbsoluteTmpHelper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
2463         * b3/air/AirReportUsedRegisters.cpp:
2464         (JSC::B3::Air::reportUsedRegisters):
2465         * b3/air/AirTmpInlines.h:
2466         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex):
2467         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex):
2468         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex):
2469         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex):
2470         * b3/air/AirLiveness.h: Added.
2471
2472 2015-11-30  Saam barati  <sbarati@apple.com>
2473
2474         FTL OSR Exits that are exception handlers should not have two different entrances. Instead, we should have two discrete OSR exits that do different things.
2475         https://bugs.webkit.org/show_bug.cgi?id=151404
2476
2477         Reviewed by Filip Pizlo.
2478
2479         * ftl/FTLCompile.cpp:
2480         (JSC::FTL::mmAllocateDataSection):
2481         * ftl/FTLExceptionHandlerManager.cpp:
2482         (JSC::FTL::ExceptionHandlerManager::addNewExit):
2483         (JSC::FTL::ExceptionHandlerManager::addNewCallOperationExit):
2484         (JSC::FTL::ExceptionHandlerManager::callOperationExceptionTarget):
2485         (JSC::FTL::ExceptionHandlerManager::lazySlowPathExceptionTarget):
2486         (JSC::FTL::ExceptionHandlerManager::callOperationOSRExit):
2487         (JSC::FTL::ExceptionHandlerManager::getByIdOSRExit): Deleted.
2488         (JSC::FTL::ExceptionHandlerManager::subOSRExit): Deleted.
2489         * ftl/FTLExceptionHandlerManager.h:
2490         * ftl/FTLExitThunkGenerator.cpp:
2491         (JSC::FTL::ExitThunkGenerator::emitThunk):
2492         * ftl/FTLOSRExit.cpp:
2493         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
2494         (JSC::FTL::OSRExitDescriptor::isExceptionHandler):
2495         (JSC::FTL::OSRExit::OSRExit):
2496         (JSC::FTL::OSRExit::spillRegistersToSpillSlot):
2497         (JSC::FTL::OSRExit::recoverRegistersFromSpillSlot):
2498         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
2499         (JSC::FTL::OSRExit::willArriveAtOSRExitFromGenericUnwind):
2500         (JSC::FTL::OSRExit::willArriveAtOSRExitFromCallOperation):
2501         (JSC::FTL::OSRExit::needsRegisterRecoveryOnGenericUnwindOSRExitPath):
2502         (JSC::FTL::OSRExitDescriptor::willArriveAtExitFromIndirectExceptionCheck): Deleted.
2503         (JSC::FTL::OSRExitDescriptor::mightArriveAtOSRExitFromGenericUnwind): Deleted.
2504         (JSC::FTL::OSRExitDescriptor::mightArriveAtOSRExitFromCallOperation): Deleted.
2505         (JSC::FTL::OSRExitDescriptor::needsRegisterRecoveryOnGenericUnwindOSRExitPath): Deleted.
2506         * ftl/FTLOSRExit.h:
2507         * ftl/FTLOSRExitCompilationInfo.h:
2508         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
2509         * ftl/FTLOSRExitCompiler.cpp:
2510         (JSC::FTL::compileFTLOSRExit):
2511
2512 2015-11-30  Mark Lam  <mark.lam@apple.com>
2513
2514         Refactor the op_add, op_sub, and op_mul snippets to use the SnippetOperand class.
2515         https://bugs.webkit.org/show_bug.cgi?id=151678
2516
2517         Reviewed by Geoffrey Garen.
2518
2519         * dfg/DFGSpeculativeJIT.cpp:
2520         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2521         (JSC::DFG::SpeculativeJIT::compileArithSub):
2522         * ftl/FTLCompile.cpp:
2523         * jit/JITAddGenerator.cpp:
2524         (JSC::JITAddGenerator::generateFastPath):
2525         * jit/JITAddGenerator.h:
2526         (JSC::JITAddGenerator::JITAddGenerator):
2527         * jit/JITArithmetic.cpp:
2528         (JSC::JIT::emit_op_add):
2529         (JSC::JIT::emit_op_mul):
2530         (JSC::JIT::emit_op_sub):
2531         * jit/JITMulGenerator.cpp:
2532         (JSC::JITMulGenerator::generateFastPath):
2533         * jit/JITMulGenerator.h:
2534         (JSC::JITMulGenerator::JITMulGenerator):
2535         * jit/JITSubGenerator.cpp:
2536         (JSC::JITSubGenerator::generateFastPath):
2537         * jit/JITSubGenerator.h:
2538         (JSC::JITSubGenerator::JITSubGenerator):
2539         * jit/SnippetOperand.h:
2540         (JSC::SnippetOperand::isPositiveConstInt32):
2541
2542 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2543
2544         B3 stackmaps should support early clobber
2545         https://bugs.webkit.org/show_bug.cgi?id=151668
2546
2547         Reviewed by Geoffrey Garen.
2548
2549         While starting work on FTL lazy slow paths, I realized that we needed some way to say that r11 is
2550         off limits. Not just that it's clobbered, but that it cannot be used for any input values to a
2551         stackmap.
2552
2553         In LLVM we do this by having the AnyRegCC forbid r11.
2554
2555         In B3, we want something more flexible. In this and other cases, what we really want is an early
2556         clobber set. B3 already supported a late clobber set for every stackmap value. Late clobber means
2557         that the act of performing the operation will cause garbage to be written into those registers.
2558         But here we want: assume that garbage magically appears in those registers in the moment before
2559         the operation executes. Any registers in that set will be off-limits to the inputs to the
2560         stackmap. This should be great for other things, like the way the we handle exceptions.
2561
2562         For the simple r11 issue, what we want is to call the StackmapValue::clobber() method, which now
2563         means both early and late clobber. It's the weapon of choice whenever you're unsure.
2564
2565         This adds the early clobber feature, does some minor Inst refactoring to make this less scary,
2566         and adds a test. The test is simple but it's very comprehensive - for example it tests the
2567         early-clobber-after-Move special case.
2568
2569         * b3/B3StackmapSpecial.cpp:
2570         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2571         (JSC::B3::StackmapSpecial::extraEarlyClobberedRegs):
2572         (JSC::B3::StackmapSpecial::forEachArgImpl):
2573         * b3/B3StackmapSpecial.h:
2574         * b3/B3StackmapValue.cpp:
2575         (JSC::B3::StackmapValue::dumpMeta):
2576         (JSC::B3::StackmapValue::StackmapValue):
2577         * b3/B3StackmapValue.h:
2578         * b3/air/AirCCallSpecial.cpp:
2579         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2580         (JSC::B3::Air::CCallSpecial::extraEarlyClobberedRegs):
2581         (JSC::B3::Air::CCallSpecial::dumpImpl):
2582         * b3/air/AirCCallSpecial.h:
2583         * b3/air/AirInst.h:
2584         * b3/air/AirInstInlines.h:
2585         (JSC::B3::Air::Inst::extraClobberedRegs):
2586         (JSC::B3::Air::Inst::extraEarlyClobberedRegs):
2587         (JSC::B3::Air::Inst::forEachTmpWithExtraClobberedRegs):
2588         (JSC::B3::Air::Inst::reportUsedRegisters):
2589         (JSC::B3::Air::Inst::forEachDefAndExtraClobberedTmp): Deleted.
2590         * b3/air/AirIteratedRegisterCoalescing.cpp:
2591         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::IteratedRegisterCoalescingAllocator):
2592         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build):
2593         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocate):
2594         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees):
2595         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
2596         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdge):
2597         (JSC::B3::Air::iteratedRegisterCoalescingOnType):
2598         (JSC::B3::Air::iteratedRegisterCoalescing):
2599         * b3/air/AirSpecial.h:
2600         * b3/air/AirSpillEverything.cpp:
2601         (JSC::B3::Air::spillEverything):
2602         * b3/testb3.cpp:
2603         (JSC::B3::testSimplePatchpointWithoutOuputClobbersGPArgs):
2604         (JSC::B3::testSimplePatchpointWithOuputClobbersGPArgs):
2605         (JSC::B3::testSimplePatchpointWithoutOuputClobbersFPArgs):
2606         (JSC::B3::testSimplePatchpointWithOuputClobbersFPArgs):
2607         (JSC::B3::testPatchpointWithEarlyClobber):
2608         (JSC::B3::testPatchpointCallArg):
2609         (JSC::B3::run):
2610         * dfg/DFGCommon.h:
2611
2612 2015-11-30  Mark Lam  <mark.lam@apple.com>
2613
2614         Snippefy op_div for the baseline JIT.
2615         https://bugs.webkit.org/show_bug.cgi?id=151607
2616
2617         Reviewed by Geoffrey Garen.
2618
2619         * CMakeLists.txt:
2620         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2621         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2622         * JavaScriptCore.xcodeproj/project.pbxproj:
2623
2624         * jit/JIT.h:
2625         * jit/JITArithmetic.cpp:
2626         (JSC::JIT::emit_op_div):
2627         (JSC::JIT::emitSlow_op_div):
2628         (JSC::JIT::compileBinaryArithOpSlowCase): Deleted.
2629
2630         * jit/JITArithmetic32_64.cpp:
2631         (JSC::JIT::emitBinaryDoubleOp):
2632         (JSC::JIT::emit_op_div): Deleted.
2633         (JSC::JIT::emitSlow_op_div): Deleted.
2634         - Removed the 32-bit specific op_div implementation.  The 64-bit version with the
2635           op_div snippet can now service both 32-bit and 64-bit.
2636  
2637         * jit/JITDivGenerator.cpp: Added.
2638         (JSC::JITDivGenerator::loadOperand):
2639         (JSC::JITDivGenerator::generateFastPath):
2640         * jit/JITDivGenerator.h: Added.
2641         (JSC::JITDivGenerator::JITDivGenerator):
2642         (JSC::JITDivGenerator::didEmitFastPath):
2643         (JSC::JITDivGenerator::endJumpList):
2644         (JSC::JITDivGenerator::slowPathJumpList):
2645  
2646         * jit/JITInlines.h:
2647         (JSC::JIT::getOperandConstantDouble): Added.
2648  
2649         * jit/SnippetOperand.h: Added.
2650         (JSC::SnippetOperand::SnippetOperand):
2651         (JSC::SnippetOperand::mightBeNumber):
2652         (JSC::SnippetOperand::definitelyIsNumber):
2653         (JSC::SnippetOperand::isConst):
2654         (JSC::SnippetOperand::isConstInt32):
2655         (JSC::SnippetOperand::isConstDouble):
2656         (JSC::SnippetOperand::asRawBits):
2657         (JSC::SnippetOperand::asConstInt32):
2658         (JSC::SnippetOperand::asConstDouble):
2659         (JSC::SnippetOperand::setConstInt32):
2660         (JSC::SnippetOperand::setConstDouble):
2661         - The SnippetOperand encapsulates operand constness, const type, and profiling
2662           information.  As a result:
2663           1. The argument list to the JITDivGenerator constructor is now more concise.
2664           2. The logic of the JITDivGenerator is now less verbose and easier to express.
2665
2666         * parser/ResultType.h:
2667         (JSC::ResultType::isInt32):
2668         (JSC::ResultType::definitelyIsNumber):
2669         (JSC::ResultType::definitelyIsString):
2670         (JSC::ResultType::definitelyIsBoolean):
2671         (JSC::ResultType::mightBeNumber):
2672         (JSC::ResultType::isNotNumber):
2673         - Made these functions const because they were always meant to be const.
2674           This also allows me to enforce constness in the SnippetOperand.
2675
2676 2015-11-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2677
2678         Fix coding style of Intl code
2679         https://bugs.webkit.org/show_bug.cgi?id=151491
2680
2681         Reviewed by Darin Adler.
2682
2683         This patch does three things:
2684         1. Rename pointers and references to ExecState from "exec" to "state".
2685         2. Pass parameters by references instead of pointers if the parameters
2686            are required.
2687         3. Remove the word "get" from the names of functions that don't return
2688            values through out arguments.
2689
2690         * runtime/IntlCollator.cpp:
2691         (JSC::IntlCollatorFuncCompare):
2692         * runtime/IntlCollatorConstructor.cpp:
2693         (JSC::initializeCollator):
2694         (JSC::constructIntlCollator):
2695         (JSC::callIntlCollator):
2696         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
2697         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
2698         * runtime/IntlDateTimeFormat.cpp:
2699         (JSC::IntlDateTimeFormatFuncFormatDateTime):
2700         * runtime/IntlDateTimeFormatConstructor.cpp:
2701         (JSC::constructIntlDateTimeFormat):
2702         (JSC::callIntlDateTimeFormat):
2703         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
2704         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
2705         * runtime/IntlDateTimeFormatPrototype.cpp:
2706         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
2707         (JSC::IntlDateTimeFormatPrototypeGetterFormat):
2708         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
2709         * runtime/IntlNumberFormat.cpp:
2710         (JSC::IntlNumberFormatFuncFormatNumber):
2711         * runtime/IntlNumberFormatConstructor.cpp:
2712         (JSC::constructIntlNumberFormat):
2713         (JSC::callIntlNumberFormat):
2714         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
2715         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
2716         * runtime/IntlNumberFormatPrototype.cpp:
2717         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
2718         (JSC::IntlNumberFormatPrototypeGetterFormat):
2719         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
2720         * runtime/IntlObject.cpp:
2721         (JSC::intlBooleanOption):
2722         (JSC::intlStringOption):
2723         (JSC::privateUseLangTag):
2724         (JSC::canonicalLangTag):
2725         (JSC::grandfatheredLangTag):
2726         (JSC::canonicalizeLanguageTag):
2727         (JSC::canonicalizeLocaleList):
2728         (JSC::lookupSupportedLocales):
2729         (JSC::bestFitSupportedLocales):
2730         (JSC::supportedLocales):
2731         (JSC::getIntlBooleanOption): Deleted.
2732         (JSC::getIntlStringOption): Deleted.
2733         (JSC::getPrivateUseLangTag): Deleted.
2734         (JSC::getCanonicalLangTag): Deleted.
2735         (JSC::getGrandfatheredLangTag): Deleted.
2736         * runtime/IntlObject.h:
2737
2738 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
2739
2740         [JSC] Simplify the loop that remove useless Air instructions
2741         https://bugs.webkit.org/show_bug.cgi?id=151652
2742
2743         Reviewed by Andreas Kling.
2744
2745         * b3/air/AirEliminateDeadCode.cpp:
2746         (JSC::B3::Air::eliminateDeadCode):
2747         Use Vector's removeAllMatching() instead of custom code.
2748
2749         It is likely faster too since we remove few values and Vector
2750         is good at doing that.
2751
2752 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2753
2754         B3 should be be clever about choosing which child to reuse for result in two-operand commutative operations
2755         https://bugs.webkit.org/show_bug.cgi?id=151321
2756
2757         Reviewed by Geoffrey Garen.
2758
2759         When lowering a commutative operation to a two-operand instruction, you have a choice of which
2760         child value to move into the result tmp. For example we might have:
2761
2762             @x = Add(@y, @z)
2763
2764         Assuming no three-operand add is available, we could either lower it to this:
2765
2766             Move %y, %x
2767             Add %z, %x
2768
2769         or to this:
2770
2771             Move %z, %x
2772             Add %y, %x
2773
2774         Which is better depends on the likelihood of coalescing with %x. If it's more likely that %y will
2775         coalesce with %x, then we want to use the first form. Otherwise, we should use the second form.
2776
2777         This implements two heuristics for selecting the right form, and makes those heuristics reusable
2778         within the B3->Air lowering by abstracting it as preferRightForResult(). For non-commutative
2779         operations we must use the first form, so the first form is the default. The heuristics are:
2780
2781         - If the right child has only one user, then use the second form instead. This is profitable because
2782           that means that @z dies at the Add, so using the second form means that the Move will be coalesced
2783           away.
2784
2785         - If one of the children is a Phi that this operation (the Add in this case) flows into via some
2786           Upsilon - possibly transitively through other Phis - then use the form that cases a Move on that
2787           child. This overrides everything else, and is meant to optimize variables that accumulate in a
2788           loop.
2789
2790         This required adding a reusable PhiChildren analysis, so I wrote one. It has an API that is mostly
2791         based on iterators, and a higher-level API for looking at transitive children that is based on
2792         functors.
2793
2794         I was originally implementing this for completeness, but when looking at how it interacted with
2795         imaging-gaussian-blur, I realized the need for some heuristic for the loop-accumulator case. This
2796         helps a lot on that benchmark. This widens the overall lead that B3 has on imaging-gaussian-blur, but
2797         steady-state runs that exclude compile latency still show a slight deficit. That will most likely get
2798         fixed by https://bugs.webkit.org/show_bug.cgi?id=151174.
2799
2800         No new tests because the commutativity appears to be covered by existing tests, and anyway, there are
2801         no correctness implications to commuting a commutative operation.
2802
2803         * CMakeLists.txt:
2804         * JavaScriptCore.xcodeproj/project.pbxproj:
2805         * b3/B3LowerToAir.cpp:
2806         (JSC::B3::Air::LowerToAir::LowerToAir):
2807         (JSC::B3::Air::LowerToAir::canBeInternal):
2808         (JSC::B3::Air::LowerToAir::appendUnOp):
2809         (JSC::B3::Air::LowerToAir::preferRightForResult):
2810         (JSC::B3::Air::LowerToAir::appendBinOp):
2811         (JSC::B3::Air::LowerToAir::lower):
2812         * b3/B3PhiChildren.cpp: Added.
2813         (JSC::B3::PhiChildren::PhiChildren):
2814         (JSC::B3::PhiChildren::~PhiChildren):
2815         * b3/B3PhiChildren.h: Added.
2816         (JSC::B3::PhiChildren::ValueCollection::ValueCollection):
2817         (JSC::B3::PhiChildren::ValueCollection::size):
2818         (JSC::B3::PhiChildren::ValueCollection::at):
2819         (JSC::B3::PhiChildren::ValueCollection::operator[]):
2820         (JSC::B3::PhiChildren::ValueCollection::contains):
2821         (JSC::B3::PhiChildren::ValueCollection::iterator::iterator):
2822         (JSC::B3::PhiChildren::ValueCollection::iterator::operator*):
2823         (JSC::B3::PhiChildren::ValueCollection::iterator::operator++):
2824         (JSC::B3::PhiChildren::ValueCollection::iterator::operator==):
2825         (JSC::B3::PhiChildren::ValueCollection::iterator::operator!=):
2826         (JSC::B3::PhiChildren::ValueCollection::begin):
2827         (JSC::B3::PhiChildren::ValueCollection::end):
2828         (JSC::B3::PhiChildren::UpsilonCollection::UpsilonCollection):
2829         (JSC::B3::PhiChildren::UpsilonCollection::size):
2830         (JSC::B3::PhiChildren::UpsilonCollection::at):
2831         (JSC::B3::PhiChildren::UpsilonCollection::operator[]):
2832         (JSC::B3::PhiChildren::UpsilonCollection::contains):
2833         (JSC::B3::PhiChildren::UpsilonCollection::begin):
2834         (JSC::B3::PhiChildren::UpsilonCollection::end):
2835         (JSC::B3::PhiChildren::UpsilonCollection::values):
2836         (JSC::B3::PhiChildren::UpsilonCollection::forAllTransitiveIncomingValues):
2837         (JSC::B3::PhiChildren::UpsilonCollection::transitivelyUses):
2838         (JSC::B3::PhiChildren::at):
2839         (JSC::B3::PhiChildren::operator[]):
2840         * b3/B3Procedure.cpp:
2841         (JSC::B3::Procedure::Procedure):
2842         * b3/B3Procedure.h:
2843         * b3/B3UseCounts.cpp:
2844         (JSC::B3::UseCounts::UseCounts):
2845         * b3/B3UseCounts.h:
2846         (JSC::B3::UseCounts::numUses):
2847         (JSC::B3::UseCounts::numUsingInstructions):
2848         (JSC::B3::UseCounts::operator[]): Deleted.
2849
2850 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2851
2852         REGRESSION(r192812): This change seems to have broken the iOS builds (Requested by ryanhaddad on #webkit).
2853         https://bugs.webkit.org/show_bug.cgi?id=151669
2854
2855         Unreviewed, fix build.
2856
2857         * dfg/DFGCommon.h:
2858
2859 2015-11-30  Saam barati  <sbarati@apple.com>
2860
2861         implement op_get_rest_length so that we can allocate the rest array with the right size from the start
2862         https://bugs.webkit.org/show_bug.cgi?id=151467
2863
2864         Reviewed by Geoffrey Garen and Mark Lam.
2865
2866         This patch implements op_get_rest_length which returns the length
2867         that the rest parameter array will be. We're implementing this because
2868         it might be a constant value in the presence of inlining in the DFG.
2869         We will take advantage of this optimization opportunity in a future patch:
2870         https://bugs.webkit.org/show_bug.cgi?id=151454
2871         to emit better code for op_copy_rest.
2872
2873         op_get_rest_length has two operands: 
2874         1) a destination
2875         2) A constant indicating the number of parameters to skip when copying the rest array.
2876
2877         op_get_rest_length lowers to a JSConstant node when we're inlined
2878         and not a varargs call (in this case, we statically know the arguments
2879         length). When that condition isn't met, we lower op_get_rest_length to 
2880         GetRestArray. GetRestArray produces its result as an int32.
2881
2882         * bytecode/BytecodeList.json:
2883         * bytecode/BytecodeUseDef.h:
2884         (JSC::computeUsesForBytecodeOffset):
2885         (JSC::computeDefsForBytecodeOffset):
2886         * bytecode/CodeBlock.cpp:
2887         (JSC::CodeBlock::dumpBytecode):
2888         * bytecompiler/BytecodeGenerator.cpp:
2889         (JSC::BytecodeGenerator::emitNewArray):
2890         (JSC::BytecodeGenerator::emitNewArrayWithSize):
2891         (JSC::BytecodeGenerator::emitNewFunction):
2892         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2893         (JSC::BytecodeGenerator::emitRestParameter):
2894         * bytecompiler/BytecodeGenerator.h:
2895         * bytecompiler/NodesCodegen.cpp:
2896         (JSC::RestParameterNode::emit):
2897         * dfg/DFGAbstractInterpreterInlines.h:
2898         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2899         * dfg/DFGByteCodeParser.cpp:
2900         (JSC::DFG::ByteCodeParser::parseBlock):
2901         * dfg/DFGCapabilities.cpp:
2902         (JSC::DFG::capabilityLevel):
2903         * dfg/DFGClobberize.h:
2904         (JSC::DFG::clobberize):
2905         * dfg/DFGDoesGC.cpp:
2906         (JSC::DFG::doesGC):
2907         * dfg/DFGFixupPhase.cpp:
2908         (JSC::DFG::FixupPhase::fixupNode):
2909         * dfg/DFGMayExit.cpp:
2910         (JSC::DFG::mayExit):
2911         * dfg/DFGNode.h:
2912         (JSC::DFG::Node::numberOfArgumentsToSkip):
2913         * dfg/DFGNodeType.h:
2914         * dfg/DFGOperations.cpp:
2915         * dfg/DFGOperations.h:
2916         * dfg/DFGPredictionPropagationPhase.cpp:
2917         (JSC::DFG::PredictionPropagationPhase::propagate):
2918         * dfg/DFGSafeToExecute.h:
2919         (JSC::DFG::safeToExecute):
2920         * dfg/DFGSpeculativeJIT.cpp:
2921         (JSC::DFG::SpeculativeJIT::compileCopyRest):
2922         (JSC::DFG::SpeculativeJIT::compileGetRestLength):
2923         (JSC::DFG::SpeculativeJIT::compileNotifyWrite):
2924         * dfg/DFGSpeculativeJIT.h:
2925         (JSC::DFG::SpeculativeJIT::callOperation):
2926         * dfg/DFGSpeculativeJIT32_64.cpp:
2927         (JSC::DFG::SpeculativeJIT::compile):
2928         * dfg/DFGSpeculativeJIT64.cpp:
2929         (JSC::DFG::SpeculativeJIT::compile):
2930         * ftl/FTLCapabilities.cpp:
2931         (JSC::FTL::canCompile):
2932         * ftl/FTLLowerDFGToLLVM.cpp:
2933         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2934         (JSC::FTL::DFG::LowerDFGToLLVM::compileCopyRest):
2935         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetRestLength):
2936         (JSC::FTL::DFG::LowerDFGToLLVM::compileNewObject):
2937         * jit/JIT.cpp:
2938         (JSC::JIT::privateCompileMainPass):
2939         * jit/JIT.h:
2940         * jit/JITOpcodes.cpp:
2941         (JSC::JIT::emit_op_copy_rest):
2942         (JSC::JIT::emit_op_get_rest_length):
2943         * llint/LowLevelInterpreter.asm:
2944         * llint/LowLevelInterpreter32_64.asm:
2945         * llint/LowLevelInterpreter64.asm:
2946         * runtime/CommonSlowPaths.cpp:
2947         (JSC::SLOW_PATH_DECL):
2948
2949 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2950
2951         MacroAssembler needs an API for disabling scratch registers
2952         https://bugs.webkit.org/show_bug.cgi?id=151010
2953
2954         Reviewed by Saam Barati and Michael Saboff.
2955
2956         This adds two scope classes, DisallowMacroScratchRegisterUsage and
2957         AllowMacroScratchRegisterUsage. The default is that the scratch registers are enabled. Air
2958         disables them before generation.
2959
2960         Henceforth the pattern inside B3 stackmap generator callbacks will be that you can only use
2961         AllowMacroScratchRegisterUsage if you've either supplied the scratch register as a clobbered
2962         register and arranged for all of the stackmap values to be late uses, or you're writing a test
2963         and you're OK with it being fragile with respect to scratch registers. The latter holds in most
2964         of testb3.
2965
2966         * JavaScriptCore.xcodeproj/project.pbxproj:
2967         * assembler/AbstractMacroAssembler.h:
2968         (JSC::optimizeForX86):
2969         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2970         * assembler/AllowMacroScratchRegisterUsage.h: Added.
2971         (JSC::AllowMacroScratchRegisterUsage::AllowMacroScratchRegisterUsage):
2972         (JSC::AllowMacroScratchRegisterUsage::~AllowMacroScratchRegisterUsage):
2973         * assembler/DisallowMacroScratchRegisterUsage.h: Added.
2974         (JSC::DisallowMacroScratchRegisterUsage::DisallowMacroScratchRegisterUsage):
2975         (JSC::DisallowMacroScratchRegisterUsage::~DisallowMacroScratchRegisterUsage):
2976         * assembler/MacroAssemblerX86Common.h:
2977         (JSC::MacroAssemblerX86Common::scratchRegister):
2978         (JSC::MacroAssemblerX86Common::loadDouble):
2979         (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
2980         * assembler/MacroAssemblerX86_64.h:
2981         (JSC::MacroAssemblerX86_64::add32):
2982         (JSC::MacroAssemblerX86_64::and32):
2983         (JSC::MacroAssemblerX86_64::or32):
2984         (JSC::MacroAssemblerX86_64::sub32):
2985         (JSC::MacroAssemblerX86_64::load8):
2986         (JSC::MacroAssemblerX86_64::addDouble):
2987         (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
2988         (JSC::MacroAssemblerX86_64::store32):
2989         (JSC::MacroAssemblerX86_64::store8):
2990         (JSC::MacroAssemblerX86_64::callWithSlowPathReturnType):
2991         (JSC::MacroAssemblerX86_64::call):
2992         (JSC::MacroAssemblerX86_64::jump):
2993         (JSC::MacroAssemblerX86_64::tailRecursiveCall):
2994         (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
2995         (JSC::MacroAssemblerX86_64::branchAdd32):
2996         (JSC::MacroAssemblerX86_64::add64):
2997         (JSC::MacroAssemblerX86_64::addPtrNoFlags):
2998         (JSC::MacroAssemblerX86_64::and64):
2999         (JSC::MacroAssemblerX86_64::lshift64):
3000         (JSC::MacroAssemblerX86_64::or64):
3001         (JSC::MacroAssemblerX86_64::sub64):
3002         (JSC::MacroAssemblerX86_64::store64):
3003         (JSC::MacroAssemblerX86_64::store64WithAddressOffsetPatch):
3004         (JSC::MacroAssemblerX86_64::branch64):
3005         (JSC::MacroAssemblerX86_64::branchPtr):
3006         (JSC::MacroAssemblerX86_64::branchTest64):
3007         (JSC::MacroAssemblerX86_64::test64):
3008         (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
3009         (JSC::MacroAssemblerX86_64::branch32WithPatch):
3010         (JSC::MacroAssemblerX86_64::storePtrWithPatch):
3011         (JSC::MacroAssemblerX86_64::branch8):
3012         (JSC::MacroAssemblerX86_64::branchTest8):
3013         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
3014         (JSC::MacroAssemblerX86_64::readCallTarget):
3015         (JSC::MacroAssemblerX86_64::haveScratchRegisterForBlinding):
3016         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
3017         (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranchPtrWithPatch):
3018         (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranch32WithPatch):
3019         (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranchPtrWithPatch):
3020         (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranch32WithPatch):
3021         (JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch):
3022         (JSC::MacroAssemblerX86_64::repatchCall):
3023         (JSC::MacroAssemblerX86_64::add64AndSetFlags):
3024         * b3/air/AirGenerate.cpp:
3025         (JSC::B3::Air::generate):
3026         * b3/testb3.cpp:
3027         (JSC::B3::testSimplePatchpoint):
3028         (JSC::B3::testSimplePatchpointWithoutOuputClobbersGPArgs):
3029         (JSC::B3::testSimplePatchpointWithOuputClobbersGPArgs):
3030         (JSC::B3::testSimplePatchpointWithoutOuputClobbersFPArgs):
3031         (JSC::B3::testSimplePatchpointWithOuputClobbersFPArgs):
3032         (JSC::B3::testPatchpointCallArg):
3033         (JSC::B3::testPatchpointFixedRegister):
3034         (JSC::B3::testPatchpointAny):
3035         (JSC::B3::testPatchpointAnyImm):
3036         (JSC::B3::testSimpleCheck):
3037         (JSC::B3::testCheckLessThan):
3038         (JSC::B3::testCheckMegaCombo):
3039         (JSC::B3::testCheckAddImm):
3040         (JSC::B3::testCheckAddImmCommute):
3041         (JSC::B3::testCheckAddImmSomeRegister):
3042         (JSC::B3::testCheckAdd):
3043         (JSC::B3::testCheckAdd64):
3044         (JSC::B3::testCheckAddFoldFail):
3045         (JSC::B3::testCheckSubImm):
3046         (JSC::B3::testCheckSubBadImm):
3047         (JSC::B3::testCheckSub):
3048         (JSC::B3::testCheckSub64):
3049         (JSC::B3::testCheckSubFoldFail):
3050         (JSC::B3::testCheckNeg):
3051         (JSC::B3::testCheckNeg64):
3052         (JSC::B3::testCheckMul):
3053         (JSC::B3::testCheckMulMemory):
3054         (JSC::B3::testCheckMul2):
3055         (JSC::B3::testCheckMul64):
3056         (JSC::B3::testCheckMulFoldFail):
3057         (JSC::B3::genericTestCompare):
3058         * dfg/DFGCommon.h:
3059         * jit/GPRInfo.h:
3060         (JSC::GPRInfo::toRegister):
3061         (JSC::GPRInfo::reservedRegisters):
3062
3063 2015-11-26  Mark Lam  <mark.lam@apple.com>
3064
3065         [ARM64] stress/op_div.js is failing on some divide by 0 cases.
3066         https://bugs.webkit.org/show_bug.cgi?id=151515
3067
3068         Reviewed by Saam Barati.
3069
3070         * dfg/DFGSpeculativeJIT.cpp:
3071         (JSC::DFG::SpeculativeJIT::compileArithDiv):
3072         - Added a check for the divide by zero case.
3073         * tests/stress/op_div.js:
3074         - Un-skipped the test.
3075
3076 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
3077
3078         [cmake] Add testb3 to the build system
3079         https://bugs.webkit.org/show_bug.cgi?id=151619
3080
3081         Reviewed by Gyuyoung Kim.
3082
3083         * shell/CMakeLists.txt:
3084
3085 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
3086
3087         Use mark pragmas only if it is supported
3088         https://bugs.webkit.org/show_bug.cgi?id=151621
3089
3090         Reviewed by Mark Lam.
3091
3092         * b3/air/AirIteratedRegisterCoalescing.cpp:
3093
3094 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
3095
3096         Fix the ENABLE(B3_JIT) build with GCC in B3Procedure.h
3097         https://bugs.webkit.org/show_bug.cgi?id=151620
3098
3099         Reviewed by Mark Lam.
3100
3101         * b3/B3Procedure.h:
3102
3103 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
3104
3105         [cmake] Add new B3 source files to the build system
3106         https://bugs.webkit.org/show_bug.cgi?id=151618
3107
3108         Reviewed by Gyuyoung Kim.
3109
3110         * CMakeLists.txt:
3111
3112 2015-11-26  Carlos Garcia Campos  <cgarcia@igalia.com>
3113
3114         [GLIB] Implement garbage collector timers
3115         https://bugs.webkit.org/show_bug.cgi?id=151391
3116
3117         Reviewed by Žan Doberšek.
3118
3119         Add GLib implementation using GSource.
3120
3121         * heap/EdenGCActivityCallback.cpp:
3122         * heap/FullGCActivityCallback.cpp:
3123         * heap/GCActivityCallback.cpp:
3124         (JSC::GCActivityCallback::GCActivityCallback):
3125         (JSC::GCActivityCallback::scheduleTimer):
3126         (JSC::GCActivityCallback::cancelTimer):
3127         * heap/GCActivityCallback.h:
3128         * heap/Heap.cpp:
3129         (JSC::Heap::Heap):
3130         * heap/HeapTimer.cpp:
3131         (JSC::HeapTimer::HeapTimer):
3132         (JSC::HeapTimer::~HeapTimer):
3133         (JSC::HeapTimer::timerDidFire):
3134         * heap/HeapTimer.h:
3135         * heap/IncrementalSweeper.cpp:
3136         (JSC::IncrementalSweeper::IncrementalSweeper):
3137         (JSC::IncrementalSweeper::scheduleTimer):
3138         (JSC::IncrementalSweeper::cancelTimer):
3139         * heap/IncrementalSweeper.h:
3140
3141 2015-11-24  Caitlin Potter  <caitp@igalia.com>
3142
3143         [JSC] support Computed Property Names in destructuring Patterns
3144         https://bugs.webkit.org/show_bug.cgi?id=151494
3145
3146         Reviewed by Saam Barati.
3147
3148         Add support for computed property names in destructuring BindingPatterns
3149         and AssignmentPatterns.
3150
3151         Productions BindingProperty(1) and AssignmentProperty(2) allow for any valid
3152         PropertName(3), including ComputedPropertyName(4)
3153
3154         1: http://tc39.github.io/ecma262/#prod-BindingProperty
3155         2: http://tc39.github.io/ecma262/#prod-AssignmentProperty
3156         3: http://tc39.github.io/ecma262/#prod-PropertyName
3157         4: http://tc39.github.io/ecma262/#prod-ComputedPropertyName
3158
3159         * bytecompiler/NodesCodegen.cpp:
3160         (JSC::ObjectPatternNode::bindValue):
3161         * parser/ASTBuilder.h:
3162         (JSC::ASTBuilder::appendObjectPatternEntry):
3163         * parser/Nodes.h:
3164         (JSC::ObjectPatternNode::appendEntry):
3165         * parser/Parser.cpp:
3166         (JSC::Parser<LexerType>::parseDestructuringPattern):
3167         * parser/SyntaxChecker.h:
3168         (JSC::SyntaxChecker::operatorStackPop):
3169         * tests/es6.yaml:
3170         * tests/es6/destructuring_assignment_computed_properties.js: Added.
3171         (test):
3172         (test.computeName):
3173         (test.loadValue):
3174         (test.out.get a):
3175         (test.out.set a):
3176         (test.out.get b):
3177         (test.out.set b):
3178         (test.out.get c):
3179         (test.out.set c):
3180         (test.get var):
3181
3182 2015-11-24  Commit Queue  <commit-queue@webkit.org>
3183
3184         Unreviewed, rolling out r192536, r192722, and r192743.
3185         https://bugs.webkit.org/show_bug.cgi?id=151593
3186
3187         Still causing trouble. (Requested by kling on #webkit).
3188
3189         Reverted changesets:
3190
3191         "[JSC] JSPropertyNameEnumerator could be destructorless."
3192         https://bugs.webkit.org/show_bug.cgi?id=151242
3193         http://trac.webkit.org/changeset/192536
3194
3195         "REGRESSION(r192536): Null pointer dereference in
3196         JSPropertyNameEnumerator::visitChildren()."
3197         https://bugs.webkit.org/show_bug.cgi?id=151495
3198         http://trac.webkit.org/changeset/192722
3199
3200         "REGRESSION(r192536): Null pointer dereference in
3201         JSPropertyNameEnumerator::visitChildren()."
3202         https://bugs.webkit.org/show_bug.cgi?id=151495
3203         http://trac.webkit.org/changeset/192743
3204
3205 2015-11-23  Brian Burg  <bburg@apple.com>
3206
3207         Unreviewed, fix the Mac CMake build after r192793.
3208
3209         * PlatformMac.cmake:
3210
3211 2015-11-20  Brian Burg  <bburg@apple.com>
3212
3213         Web Inspector: RemoteInspector should track targets and connections for remote automation
3214         https://bugs.webkit.org/show_bug.cgi?id=151042
3215
3216         Reviewed by Joseph Pecoraro.
3217
3218         Refactor RemoteInspector so it can be used to send listings of different target types.
3219         First, rename Debuggable to RemoteInspectionTarget, and pull things not specific to
3220         remote inspection into the base class RemoteControllableTarget and its Connection class.
3221
3222         Add a new RemoteControllableTarget called RemoteAutomationTarget, used by UIProcess
3223         to support remote UI automation via webinspectord. On the protocol side, this target
3224         uses a new WIRTypeKey called WIRTypeAutomation to distiguish the listing from
3225         Web and JavaScript listings and avoid inventing a new listing mechanism.
3226
3227         * API/JSContextRef.cpp:
3228         (JSGlobalContextGetDebuggerRunLoop):
3229         (JSGlobalContextSetDebuggerRunLoop):
3230         * JavaScriptCore.xcodeproj/project.pbxproj:
3231         * inspector/InspectorFrontendChannel.h:
3232         * inspector/remote/RemoteAutomationTarget.cpp: Added.
3233         (Inspector::RemoteAutomationTarget::setAutomationAllowed): Added.
3234         * inspector/remote/RemoteAutomationTarget.h: Added.
3235         * inspector/remote/RemoteConnectionToTarget.h: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggableConnection.h.
3236         (Inspector::RemoteTargetBlock::RemoteTargetBlock):
3237         (Inspector::RemoteTargetBlock::~RemoteTargetBlock):
3238         (Inspector::RemoteTargetBlock::operator=):
3239         (Inspector::RemoteTargetBlock::operator()):
3240         * inspector/remote/RemoteConnectionToTarget.mm: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggableConnection.mm.
3241         (Inspector::RemoteTargetHandleRunSourceGlobal):
3242         (Inspector::RemoteTargetQueueTaskOnGlobalQueue):
3243         (Inspector::RemoteTargetInitializeGlobalQueue):
3244         (Inspector::RemoteTargetHandleRunSourceWithInfo):
3245         (Inspector::RemoteConnectionToTarget::RemoteConnectionToTarget):
3246         (Inspector::RemoteConnectionToTarget::~RemoteConnectionToTarget):
3247         (Inspector::RemoteConnectionToTarget::destination):
3248         (Inspector::RemoteConnectionToTarget::connectionIdentifier):
3249         (Inspector::RemoteConnectionToTarget::dispatchAsyncOnTarget):
3250         (Inspector::RemoteConnectionToTarget::setup):
3251         (Inspector::RemoteConnectionToTarget::targetClosed):
3252         (Inspector::RemoteConnectionToTarget::close):
3253         (Inspector::RemoteConnectionToTarget::sendMessageToTarget):
3254         (Inspector::RemoteConnectionToTarget::sendMessageToFrontend):
3255         (Inspector::RemoteConnectionToTarget::setupRunLoop):
3256         (Inspector::RemoteConnectionToTarget::teardownRunLoop):
3257         (Inspector::RemoteConnectionToTarget::queueTaskOnPrivateRunLoop):
3258         * inspector/remote/RemoteControllableTarget.cpp: Added.
3259         (Inspector::RemoteControllableTarget::~RemoteControllableTarget):
3260         (Inspector::RemoteControllableTarget::init):
3261         (Inspector::RemoteControllableTarget::update):
3262         * inspector/remote/RemoteControllableTarget.h: Added.
3263         * inspector/remote/RemoteInspectionTarget.cpp: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggable.cpp.
3264         (Inspector::RemoteInspectionTarget::remoteControlAllowed):
3265         (Inspector::RemoteInspectionTarget::setRemoteDebuggingAllowed):
3266         (Inspector::RemoteInspectionTarget::pauseWaitingForAutomaticInspection):
3267         (Inspector::RemoteInspectionTarget::unpauseForInitializedInspector):
3268         * inspector/remote/RemoteInspectionTarget.h: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggable.h.
3269         (isType):
3270         * inspector/remote/RemoteInspector.h:
3271
3272             Code to manage Debuggables now works with RemoteControllableTargets and doesn't
3273             care whether the target is for Inspection or Automation. Listing data with target-
3274             and type-specific information are captured when clients call into RemoteInspector
3275             since that's the easiest time to gather this information on the right thread.
3276             Use the is<> / downcast<> machinery when we need a concrete Target type.
3277
3278         * inspector/remote/RemoteInspector.mm:
3279         (Inspector::RemoteInspector::nextAvailableIdentifier):
3280         (Inspector::RemoteInspector::registerTarget): renamed from registerDebuggable.
3281         (Inspector::RemoteInspector::unregisterTarget): renamed from unregisterDebuggable.
3282         (Inspector::RemoteInspector::updateTarget): renamed from updateDebuggable.
3283         (Inspector::RemoteInspector::updateAutomaticInspectionCandidate):
3284         (Inspector::RemoteInspector::sendMessageToRemote):
3285         (Inspector::RemoteInspector::setupFailed):
3286         (Inspector::RemoteInspector::stopInternal):
3287         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
3288         (Inspector::RemoteInspector::xpcConnectionFailed):
3289         (Inspector::RemoteInspector::listingForTarget):
3290         (Inspector::RemoteInspector::listingForInspectionTarget):
3291         (Inspector::RemoteInspector::listingForAutomationTarget):
3292         (Inspector::RemoteInspector::pushListingsNow):
3293         (Inspector::RemoteInspector::pushListingsSoon):
3294         (Inspector::RemoteInspector::receivedSetupMessage):
3295         (Inspector::RemoteInspector::receivedDataMessage):
3296         (Inspector::RemoteInspector::receivedDidCloseMessage):
3297         (Inspector::RemoteInspector::receivedGetListingMessage):
3298         (Inspector::RemoteInspector::receivedIndicateMessage):
3299         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
3300         (Inspector::RemoteInspector::RemoteInspector): Deleted.
3301         (Inspector::RemoteInspector::registerDebuggable): Deleted.
3302         (Inspector::RemoteInspector::unregisterDebuggable): Deleted.
3303         (Inspector::RemoteInspector::updateDebuggable): Deleted.
3304         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate): Deleted.
3305         (Inspector::RemoteInspector::sendMessageToRemoteFrontend): Deleted.
3306         (Inspector::RemoteInspector::listingForDebuggable): Deleted.
3307         (Inspector::RemoteInspector::pushListingNow): Deleted.
3308         (Inspector::RemoteInspector::pushListingSoon): Deleted.
3309         * inspector/remote/RemoteInspectorConstants.h:
3310         * runtime/JSGlobalObjectDebuggable.cpp:
3311         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemote):
3312         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
3313         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend): Deleted.
3314         * runtime/JSGlobalObjectDebuggable.h:
3315
3316 2015-11-23  Brian Burg  <bburg@apple.com>
3317
3318         Rename JavaScriptCore builtins files to match exposed object names
3319         https://bugs.webkit.org/show_bug.cgi?id=151549
3320
3321         Reviewed by Youenn Fablet.
3322
3323         As a subtask of unifying code generation for WebCore and JSC builtins, we need to get rid of
3324         differences between builtins filenames (e.g., Promise.prototype.js) and the name of the
3325         generated Builtin object (PromisePrototype).
3326
3327         If we don't do this, then both build systems need special hacks to normalize the object name
3328         from the file name. It's easier to just normalize the filename.
3329
3330         * CMakeLists.txt:
3331         * DerivedSources.make:
3332         * JavaScriptCore.xcodeproj/project.pbxproj:
3333         * builtins/ArrayIteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/ArrayIterator.prototype.js.
3334         * builtins/ArrayPrototype.js: Renamed from Source/JavaScriptCore/builtins/Array.prototype.js.
3335         * builtins/FunctionPrototype.js: Renamed from Source/JavaScriptCore/builtins/Function.prototype.js.
3336         * builtins/IteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/Iterator.prototype.js.
3337         * builtins/PromiseOperations.js: Renamed from Source/JavaScriptCore/builtins/Operations.Promise.js.
3338         * builtins/PromisePrototype.js: Renamed from Source/JavaScriptCore/builtins/Promise.prototype.js.
3339         * builtins/StringIteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/StringIterator.prototype.js.
3340         * builtins/TypedArrayPrototype.js: Renamed from Source/JavaScriptCore/builtins/TypedArray.prototype.js.
3341
3342 2015-11-23  Andreas Kling  <akling@apple.com>
3343
3344         REGRESSION(r192536): Null pointer dereference in JSPropertyNameEnumerator::visitChildren().
3345         <https://webkit.org/b/151495>
3346
3347         Reviewed by Mark Lam
3348
3349         The test I added when fixing this bug the first time caught a