8b5fcbb3faa03f965b7aebeaba53a3f5eb508859
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-09-26  Keith Miller  <keith_miller@apple.com>
2
3         We should zero unused property storage when rebalancing array storage.
4         https://bugs.webkit.org/show_bug.cgi?id=188151
5
6         Reviewed by Michael Saboff.
7
8         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
9         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
10         property storage.
11
12         * runtime/JSArray.cpp:
13         (JSC::JSArray::unshiftCountSlowCase):
14
15 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
16
17         Unreviewed, add scope verification handling
18         https://bugs.webkit.org/show_bug.cgi?id=189780
19
20         * runtime/ArrayPrototype.cpp:
21         (JSC::arrayProtoFuncIndexOf):
22         (JSC::arrayProtoFuncLastIndexOf):
23
24 2018-09-26  Koby Boyango  <koby.b@mce.systems>
25
26         [JSC] offlineasm parser should handle CRLF in asm files
27         https://bugs.webkit.org/show_bug.cgi?id=189949
28
29         Reviewed by Mark Lam.
30
31         * offlineasm/parser.rb:
32
33 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
34
35         [JSC] Optimize Array#lastIndexOf
36         https://bugs.webkit.org/show_bug.cgi?id=189780
37
38         Reviewed by Saam Barati.
39
40         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
41         for JSArray with contiguous storage.
42
43         * runtime/ArrayPrototype.cpp:
44         (JSC::arrayProtoFuncLastIndexOf):
45
46 2018-09-25  Saam Barati  <sbarati@apple.com>
47
48         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
49         https://bugs.webkit.org/show_bug.cgi?id=189940
50         <rdar://problem/43640987>
51
52         Reviewed by Mark Lam.
53
54         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
55         CodeBlock. There is nothing semantically wrong with doing that (except for
56         poor naming), however, the poor naming here led us to make a real semantic
57         mistake. We wanted the baseline CodeBlock's constant pool, but we were
58         accessing the FTL CodeBlock's constant pool accidentally. We need to
59         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
60         constant value.
61
62         * bytecode/InlineCallFrame.h:
63         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
64         * ftl/FTLOperations.cpp:
65         (JSC::FTL::operationMaterializeObjectInOSR):
66
67 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
68
69         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
70         https://bugs.webkit.org/show_bug.cgi?id=189962
71         <rdar://problem/44648287>
72
73         Reviewed by Brian Burg.
74
75         * inspector/scripts/codegen/generate_objc_header.py:
76         (ObjCHeaderGenerator._callback_block_for_command):
77         If there are no return parameters include "void" in the block signature.
78
79         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
80         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
81         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
82         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
83         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
84         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
85         Rebaseline test results.
86
87 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
88
89         Remove AUTHORS and THANKS files which are stale
90         https://bugs.webkit.org/show_bug.cgi?id=189941
91
92         Reviewed by Darin Adler.
93
94         Included mentions below so their names are still in ChangeLogs.
95
96         * AUTHORS: Removed.
97         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
98         These authors remain mentioned in copyrights in source files.
99
100         * THANKS: Removed.
101         Richard Moore <rich@kde.org> - for filling the Math object with some life
102         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
103         Marco Pinelli <pinmc@libero.it> - for his patches
104         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
105         
106 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
107
108         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
109         https://bugs.webkit.org/show_bug.cgi?id=189733
110
111         Reviewed by Michael Catanzaro.
112
113         * assembler/ARM64Assembler.h:
114         * assembler/ARMAssembler.h:
115         (JSC::ARMAssembler::cacheFlush):
116         * assembler/MacroAssemblerARM.cpp:
117         (JSC::isVFPPresent):
118         * assembler/MacroAssemblerARM64.cpp:
119         * assembler/MacroAssemblerARMv7.cpp:
120         * assembler/MacroAssemblerMIPS.cpp:
121         * assembler/MacroAssemblerX86Common.cpp:
122         * heap/HeapCell.cpp:
123         * heap/HeapCell.h:
124         * jit/HostCallReturnValue.h:
125         * jit/JIT.h:
126         * jit/JITOperations.cpp:
127         * jit/ThunkGenerators.cpp:
128         * runtime/ArrayConventions.cpp:
129         (JSC::clearArrayMemset):
130         * runtime/JSBigInt.cpp:
131         (JSC::JSBigInt::digitDiv):
132
133 2018-09-24  Saam Barati  <sbarati@apple.com>
134
135         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
136         https://bugs.webkit.org/show_bug.cgi?id=189922
137         <rdar://problem/44651275>
138
139         Reviewed by Mark Lam.
140
141         The implementation was first getting the length to iterate up to,
142         then getting the starting index. However, getting the starting
143         index may perform effects. e.g, it could change the length of the
144         array. This changes it so we verify the length is still valid.
145
146         * runtime/ArrayPrototype.cpp:
147         (JSC::arrayProtoFuncIndexOf):
148
149 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
150
151         offlineasm: fix macro scoping
152         https://bugs.webkit.org/show_bug.cgi?id=189902
153
154         Reviewed by Mark Lam.
155
156         In the code below, the reference to `f` in `g`, which should refer to
157         the outer macro definition will instead refer to the f argument of the
158         anonymous macro passed to `g`. That leads to this code failing to
159         compile (f expected 0 args but got 1).
160         
161         ```
162         macro f(x)
163             move x, t0
164         end
165         
166         macro g(fn)
167             fn(macro () f(42) end)
168         end
169         
170         g(macro(f) f() end)
171         ```
172
173         * offlineasm/ast.rb:
174         * offlineasm/transform.rb:
175
176 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
177
178         Add forEach method for iterating CodeBlock's ValueProfiles
179         https://bugs.webkit.org/show_bug.cgi?id=189897
180
181         Reviewed by Mark Lam.
182
183         Add method to abstract how we find ValueProfiles in a CodeBlock in
184         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
185         ValueProfiles will be stored in the MetadataTable.
186
187         * bytecode/CodeBlock.cpp:
188         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
189         (JSC::CodeBlock::updateAllValueProfilePredictions):
190         (JSC::CodeBlock::shouldOptimizeNow):
191         (JSC::CodeBlock::dumpValueProfiles):
192         * bytecode/CodeBlock.h:
193         (JSC::CodeBlock::forEachValueProfile):
194         (JSC::CodeBlock::numberOfArgumentValueProfiles):
195         (JSC::CodeBlock::valueProfileForArgument):
196         (JSC::CodeBlock::numberOfValueProfiles):
197         (JSC::CodeBlock::valueProfile):
198         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
199         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
200         * tools/HeapVerifier.cpp:
201         (JSC::HeapVerifier::validateJSCell):
202
203 2018-09-24  Saam barati  <sbarati@apple.com>
204
205         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
206         https://bugs.webkit.org/show_bug.cgi?id=189682
207         <rdar://problem/43557315>
208
209         Reviewed by Mark Lam.
210
211         Otherwise, if we have code like this:
212         ```
213         a: Arguments
214         b: GetButterfly(@a)
215         c: ForceExit
216         d: GetArrayLength(@a, @b)
217         ```
218         it will get transformed into this invalid DFG IR:
219         ```
220         a: PhantomArguments
221         b: Check(@a)
222         c: ForceExit
223         d: GetArrayLength(@a, @b)
224         ```
225         
226         And we will fail DFG validation since @b does not have a result.
227         
228         The fix is to just remove all nodes after the ForceExit and plant an
229         Unreachable after it. So the above code program will now turn into this:
230         ```
231         a: PhantomArguments
232         b: Check(@a)
233         c: ForceExit
234         e: Unreachable
235         ```
236
237         * dfg/DFGArgumentsEliminationPhase.cpp:
238
239 2018-09-22  Saam barati  <sbarati@apple.com>
240
241         The sampling should not use Strong<CodeBlock> in its machineLocation field
242         https://bugs.webkit.org/show_bug.cgi?id=189319
243
244         Reviewed by Filip Pizlo.
245
246         The sampling profiler has a CLI mode where we gather information about inline
247         call frames. That data structure was using a Strong<CodeBlock>. We were
248         constructing this Strong<CodeBlock> during GC concurrently to processing all
249         the Strong handles. This is a bug since we end up corrupting that data
250         structure. This patch fixes this by just making this data structure use the
251         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
252
253         * inspector/agents/InspectorScriptProfilerAgent.cpp:
254         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
255         * runtime/SamplingProfiler.cpp:
256         (JSC::SamplingProfiler::processUnverifiedStackTraces):
257
258         (JSC::SamplingProfiler::reportTopFunctions):
259         (JSC::SamplingProfiler::reportTopBytecodes):
260         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
261         cause a GC to happen while already holding the sampling profiler's
262         lock.
263
264 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
265
266         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
267         https://bugs.webkit.org/show_bug.cgi?id=189778
268
269         Reviewed by Keith Miller.
270
271         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
272         Linux and macOS respectively. We would like to enable it for non JIT
273         configurations in X86_64 and ARM64.
274
275         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
276         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
277         configuration. But it is wrong in the new scenario since we have a build
278         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
279         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
280         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
281         related to LLInt ASM interpreter and not related to JIT.
282
283         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
284         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
285         has machine register information that is used in LLInt ASM interpreter.
286
287         * API/tests/PingPongStackOverflowTest.cpp:
288         (testPingPongStackOverflow):
289         * CMakeLists.txt:
290         * JavaScriptCore.xcodeproj/project.pbxproj:
291         * assembler/MaxFrameExtentForSlowPathCall.h:
292         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
293         * bytecode/CodeBlock.cpp:
294         (JSC::CodeBlock::finishCreation):
295         * bytecode/CodeBlock.h:
296         (JSC::CodeBlock::calleeSaveRegisters const):
297         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
298         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
299         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
300         * bytecode/Opcode.h:
301         (JSC::padOpcodeName):
302         * heap/Heap.cpp:
303         (JSC::Heap::gatherJSStackRoots):
304         (JSC::Heap::stopThePeriphery):
305         * interpreter/CLoopStack.cpp:
306         * interpreter/CLoopStack.h:
307         * interpreter/CLoopStackInlines.h:
308         * interpreter/EntryFrame.h:
309         * interpreter/Interpreter.cpp:
310         (JSC::Interpreter::Interpreter):
311         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
312         * interpreter/Interpreter.h:
313         * interpreter/StackVisitor.cpp:
314         (JSC::StackVisitor::Frame::calleeSaveRegisters):
315         * interpreter/VMEntryRecord.h:
316         * jit/ExecutableAllocator.h:
317         * jit/FPRInfo.h:
318         (WTF::printInternal):
319         * jit/GPRInfo.cpp:
320         * jit/GPRInfo.h:
321         (WTF::printInternal):
322         * jit/HostCallReturnValue.cpp:
323         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
324         * jit/HostCallReturnValue.h:
325         * jit/JITOperations.cpp:
326         (JSC::getHostCallReturnValueWithExecState): Deleted.
327         * jit/JITOperationsMSVC64.cpp:
328         * jit/Reg.cpp:
329         * jit/Reg.h:
330         * jit/RegisterAtOffset.cpp:
331         * jit/RegisterAtOffset.h:
332         * jit/RegisterAtOffsetList.cpp:
333         * jit/RegisterAtOffsetList.h:
334         * jit/RegisterMap.h:
335         * jit/RegisterSet.cpp:
336         * jit/RegisterSet.h:
337         * jit/TempRegisterSet.cpp:
338         * jit/TempRegisterSet.h:
339         * llint/LLIntCLoop.cpp:
340         * llint/LLIntCLoop.h:
341         * llint/LLIntData.cpp:
342         (JSC::LLInt::initialize):
343         (JSC::LLInt::Data::performAssertions):
344         * llint/LLIntData.h:
345         * llint/LLIntOfflineAsmConfig.h:
346         * llint/LLIntOpcode.h:
347         * llint/LLIntPCRanges.h:
348         * llint/LLIntSlowPaths.cpp:
349         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
350         * llint/LLIntSlowPaths.h:
351         * llint/LLIntThunks.cpp:
352         * llint/LowLevelInterpreter.cpp:
353         * llint/LowLevelInterpreter.h:
354         * runtime/JSCJSValue.h:
355         * runtime/MachineContext.h:
356         * runtime/SamplingProfiler.cpp:
357         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
358         for LLInt ASM interpreter with non JIT configuration.
359         * runtime/TestRunnerUtils.cpp:
360         (JSC::optimizeNextInvocation):
361         * runtime/VM.cpp:
362         (JSC::VM::VM):
363         (JSC::VM::getHostFunction):
364         (JSC::VM::updateSoftReservedZoneSize):
365         (JSC::sanitizeStackForVM):
366         (JSC::VM::committedStackByteCount):
367         * runtime/VM.h:
368         * runtime/VMInlines.h:
369         (JSC::VM::ensureStackCapacityFor):
370         (JSC::VM::isSafeToRecurseSoft const):
371
372 2018-09-21  Keith Miller  <keith_miller@apple.com>
373
374         Add Promise SPI
375         https://bugs.webkit.org/show_bug.cgi?id=189809
376
377         Reviewed by Saam Barati.
378
379         The Patch adds new SPI to create promises. It's mostly SPI because
380         I want to see how internal users react to it before we make it
381         public.
382
383         This patch adds a couple of new Obj-C SPI methods. The first
384         creates a new promise using the same API that JS does where the
385         user provides an executor callback. If an exception is raised
386         in/to that callback the promise is automagically rejected. The
387         other methods create a pre-resolved or rejected promise as this
388         appears to be a common way to initialize a promise.
389
390         I was also considering adding a second version of executor API
391         where it would catch specific Obj-C exceptions. This would work by
392         taking a Class paramter and checking isKindOfClass: on the
393         exception. I decided against this as nothing else in our API
394         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
395         corrupt state if an Obj-C exception unwinds through JS frames.
396
397         This patch adds a new C function that will create a "deferred"
398         promise. A deferred promise is a style of creating promise/futures
399         where the resolve and reject functions are passed as outputs of a
400         function. I went with this style for the C SPI because we don't have
401         any concept of forwarding exceptions in the C API.
402
403         In order to make the C API work I refactored a bit of the promise code
404         so that we can call a static method on JSDeferredPromise and just get
405         the components without allocating an extra cell wrapper.
406
407         * API/JSContext.mm:
408         (+[JSContext currentCallee]):
409         * API/JSObjectRef.cpp:
410         (JSObjectMakeDeferredPromise):
411         * API/JSObjectRefPrivate.h:
412         * API/JSValue.mm:
413         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
414         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
415         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
416         * API/JSValuePrivate.h: Added.
417         * API/JSVirtualMachine.mm:
418         * API/JSVirtualMachinePrivate.h:
419         * API/tests/testapi.c:
420         (main):
421         * API/tests/testapi.cpp:
422         (APIContext::operator JSC::ExecState*):
423         (TestAPI::failed const):
424         (TestAPI::check):
425         (TestAPI::basicSymbol):
426         (TestAPI::symbolsTypeof):
427         (TestAPI::symbolsGetPropertyForKey):
428         (TestAPI::symbolsSetPropertyForKey):
429         (TestAPI::symbolsHasPropertyForKey):
430         (TestAPI::symbolsDeletePropertyForKey):
431         (TestAPI::promiseResolveTrue):
432         (TestAPI::promiseRejectTrue):
433         (testCAPIViaCpp):
434         (TestAPI::run): Deleted.
435         * API/tests/testapi.mm:
436         (testObjectiveCAPIMain):
437         (promiseWithExecutor):
438         (promiseRejectOnJSException):
439         (promiseCreateResolved):
440         (promiseCreateRejected):
441         (parallelPromiseResolveTest):
442         (testObjectiveCAPI):
443         * JavaScriptCore.xcodeproj/project.pbxproj:
444         * runtime/JSInternalPromiseDeferred.cpp:
445         (JSC::JSInternalPromiseDeferred::create):
446         * runtime/JSPromise.h:
447         * runtime/JSPromiseConstructor.cpp:
448         (JSC::constructPromise):
449         * runtime/JSPromiseDeferred.cpp:
450         (JSC::JSPromiseDeferred::createDeferredData):
451         (JSC::JSPromiseDeferred::create):
452         (JSC::JSPromiseDeferred::finishCreation):
453         (JSC::newPromiseCapability): Deleted.
454         * runtime/JSPromiseDeferred.h:
455         (JSC::JSPromiseDeferred::promise const):
456         (JSC::JSPromiseDeferred::resolve const):
457         (JSC::JSPromiseDeferred::reject const):
458
459 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
460
461         Unreviewed, rolling out r236359.
462
463         Broke the Windows build.
464
465         Reverted changeset:
466
467         "Add Promise SPI"
468         https://bugs.webkit.org/show_bug.cgi?id=189809
469         https://trac.webkit.org/changeset/236359
470
471 2018-09-21  Mark Lam  <mark.lam@apple.com>
472
473         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
474         https://bugs.webkit.org/show_bug.cgi?id=189855
475         <rdar://problem/44680181>
476
477         Reviewed by Filip Pizlo.
478
479         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
480         ExecState* argument.  This is intentional so that resolveRope() does not throw
481         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
482         get the VM from the cell instead of via the ExecState.
483
484         Also removed an obsolete and unused field in JSString.
485
486         * runtime/JSString.cpp:
487         (JSC::JSRopeString::resolveRope const):
488         (JSC::JSRopeString::outOfMemory const):
489         * runtime/JSString.h:
490         (JSC::JSString::tryGetValue const):
491
492 2018-09-21  Michael Saboff  <msaboff@apple.com>
493
494         Add functions to measure memory footprint to JSC
495         https://bugs.webkit.org/show_bug.cgi?id=189768
496
497         Reviewed by Saam Barati.
498
499         Rolling this back in again.
500
501         Provide system memory metrics for the current process to aid in memory reduction measurement and
502         tuning using native JS tests.
503
504         * jsc.cpp:
505         (MemoryFootprint::now):
506         (MemoryFootprint::resetPeak):
507         (GlobalObject::finishCreation):
508         (JSCMemoryFootprint::JSCMemoryFootprint):
509         (JSCMemoryFootprint::createStructure):
510         (JSCMemoryFootprint::create):
511         (JSCMemoryFootprint::finishCreation):
512         (JSCMemoryFootprint::addProperty):
513         (functionResetMemoryPeak):
514
515 2018-09-21  Keith Miller  <keith_miller@apple.com>
516
517         Add Promise SPI
518         https://bugs.webkit.org/show_bug.cgi?id=189809
519
520         Reviewed by Saam Barati.
521
522         The Patch adds new SPI to create promises. It's mostly SPI because
523         I want to see how internal users react to it before we make it
524         public.
525
526         This patch adds a couple of new Obj-C SPI methods. The first
527         creates a new promise using the same API that JS does where the
528         user provides an executor callback. If an exception is raised
529         in/to that callback the promise is automagically rejected. The
530         other methods create a pre-resolved or rejected promise as this
531         appears to be a common way to initialize a promise.
532
533         I was also considering adding a second version of executor API
534         where it would catch specific Obj-C exceptions. This would work by
535         taking a Class paramter and checking isKindOfClass: on the
536         exception. I decided against this as nothing else in our API
537         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
538         corrupt state if an Obj-C exception unwinds through JS frames.
539
540         This patch adds a new C function that will create a "deferred"
541         promise. A deferred promise is a style of creating promise/futures
542         where the resolve and reject functions are passed as outputs of a
543         function. I went with this style for the C SPI because we don't have
544         any concept of forwarding exceptions in the C API.
545
546         In order to make the C API work I refactored a bit of the promise code
547         so that we can call a static method on JSDeferredPromise and just get
548         the components without allocating an extra cell wrapper.
549
550         * API/JSContext.mm:
551         (+[JSContext currentCallee]):
552         * API/JSObjectRef.cpp:
553         (JSObjectMakeDeferredPromise):
554         * API/JSObjectRefPrivate.h:
555         * API/JSValue.mm:
556         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
557         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
558         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
559         * API/JSValuePrivate.h: Added.
560         * API/JSVirtualMachine.mm:
561         * API/JSVirtualMachinePrivate.h:
562         * API/tests/testapi.c:
563         (main):
564         * API/tests/testapi.cpp:
565         (APIContext::operator JSC::ExecState*):
566         (TestAPI::failed const):
567         (TestAPI::check):
568         (TestAPI::basicSymbol):
569         (TestAPI::symbolsTypeof):
570         (TestAPI::symbolsGetPropertyForKey):
571         (TestAPI::symbolsSetPropertyForKey):
572         (TestAPI::symbolsHasPropertyForKey):
573         (TestAPI::symbolsDeletePropertyForKey):
574         (TestAPI::promiseResolveTrue):
575         (TestAPI::promiseRejectTrue):
576         (testCAPIViaCpp):
577         (TestAPI::run): Deleted.
578         * API/tests/testapi.mm:
579         (testObjectiveCAPIMain):
580         (promiseWithExecutor):
581         (promiseRejectOnJSException):
582         (promiseCreateResolved):
583         (promiseCreateRejected):
584         (parallelPromiseResolveTest):
585         (testObjectiveCAPI):
586         * JavaScriptCore.xcodeproj/project.pbxproj:
587         * runtime/JSInternalPromiseDeferred.cpp:
588         (JSC::JSInternalPromiseDeferred::create):
589         * runtime/JSPromise.h:
590         * runtime/JSPromiseConstructor.cpp:
591         (JSC::constructPromise):
592         * runtime/JSPromiseDeferred.cpp:
593         (JSC::JSPromiseDeferred::createDeferredData):
594         (JSC::JSPromiseDeferred::create):
595         (JSC::JSPromiseDeferred::finishCreation):
596         (JSC::newPromiseCapability): Deleted.
597         * runtime/JSPromiseDeferred.h:
598         (JSC::JSPromiseDeferred::promise const):
599         (JSC::JSPromiseDeferred::resolve const):
600         (JSC::JSPromiseDeferred::reject const):
601
602 2018-09-21  Truitt Savell  <tsavell@apple.com>
603
604         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
605         https://bugs.webkit.org/show_bug.cgi?id=156674
606
607         Unreviewed Test Gardening
608
609         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
610         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
611
612 2018-09-21  Mike Gorse  <mgorse@suse.com>
613
614         Build tools should work when the /usr/bin/python is python3
615         https://bugs.webkit.org/show_bug.cgi?id=156674
616
617         Reviewed by Michael Catanzaro.
618
619         * Scripts/cssmin.py:
620         * Scripts/generate-js-builtins.py:
621         (do_open):
622         (generate_bindings_for_builtins_files):
623         * Scripts/generateIntlCanonicalizeLanguage.py:
624         * Scripts/jsmin.py:
625         (JavascriptMinify.minify.write):
626         (JavascriptMinify):
627         (JavascriptMinify.minify):
628         * Scripts/make-js-file-arrays.py:
629         (chunk):
630         (main):
631         * Scripts/wkbuiltins/__init__.py:
632         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
633         (generate_section_for_global_private_code_name_macro):
634         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
635         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
636         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
637         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
638         * Scripts/wkbuiltins/builtins_model.py:
639         (BuiltinFunction.__lt__):
640         (BuiltinsCollection.copyrights):
641         (BuiltinsCollection._parse_functions):
642         * disassembler/udis86/ud_opcode.py:
643         (UdOpcodeTables.pprint.printWalk):
644         * generate-bytecode-files:
645         * inspector/scripts/codegen/__init__.py:
646         * inspector/scripts/codegen/cpp_generator.py:
647         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
648         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
649         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
650         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
651         (CppBackendDispatcherHeaderGenerator.generate_output):
652         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
653         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
654         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
655         (CppBackendDispatcherImplementationGenerator.generate_output):
656         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
657         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
658         (CppFrontendDispatcherHeaderGenerator.generate_output):
659         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
660         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
661         (CppFrontendDispatcherImplementationGenerator.generate_output):
662         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
663         (CppProtocolTypesHeaderGenerator.generate_output):
664         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
665         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
666         (CppProtocolTypesImplementationGenerator.generate_output):
667         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
668         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
669         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
670         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
671         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
672         * inspector/scripts/codegen/generate_js_backend_commands.py:
673         (JSBackendCommandsGenerator.should_generate_domain):
674         (JSBackendCommandsGenerator.domains_to_generate):
675         (JSBackendCommandsGenerator.generate_output):
676         (JSBackendCommandsGenerator.generate_domain):
677         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
678         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
679         (ObjCBackendDispatcherHeaderGenerator.generate_output):
680         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
681         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
682         (ObjCBackendDispatcherImplementationGenerator.generate_output):
683         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
684         * inspector/scripts/codegen/generate_objc_configuration_header.py:
685         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
686         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
687         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
688         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
689         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
690         * inspector/scripts/codegen/generate_objc_header.py:
691         (ObjCHeaderGenerator.generate_output):
692         (ObjCHeaderGenerator._generate_type_interface):
693         * inspector/scripts/codegen/generate_objc_internal_header.py:
694         (ObjCInternalHeaderGenerator.generate_output):
695         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
696         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
697         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
698         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
699         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
700         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
701         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
702         (ObjCProtocolTypesImplementationGenerator.generate_output):
703         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
704         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
705         * inspector/scripts/codegen/generator.py:
706         (Generator.non_supplemental_domains):
707         (Generator.open_fields):
708         (Generator.calculate_types_requiring_shape_assertions):
709         (Generator._traverse_and_assign_enum_values):
710         (Generator.stylized_name_for_enum_value):
711         * inspector/scripts/codegen/models.py:
712         (find_duplicates):
713         * inspector/scripts/codegen/objc_generator.py:
714         * wasm/generateWasm.py:
715         (opcodeIterator):
716         * yarr/generateYarrCanonicalizeUnicode:
717         * yarr/generateYarrUnicodePropertyTables.py:
718         * yarr/hasher.py:
719         (stringHash):
720
721 2018-09-21  Tomas Popela  <tpopela@redhat.com>
722
723         [ARM] Build broken on armv7hl after r235517
724         https://bugs.webkit.org/show_bug.cgi?id=189831
725
726         Reviewed by Yusuke Suzuki.
727
728         Add missing implementation of patchebleBranch8() for traditional ARM.
729
730         * assembler/MacroAssemblerARM.h:
731         (JSC::MacroAssemblerARM::patchableBranch8):
732
733 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
734
735         Unreviewed, rolling out r236293.
736
737         Internal build still broken.
738
739         Reverted changeset:
740
741         "Add functions to measure memory footprint to JSC"
742         https://bugs.webkit.org/show_bug.cgi?id=189768
743         https://trac.webkit.org/changeset/236293
744
745 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
746
747         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
748         https://bugs.webkit.org/show_bug.cgi?id=189558
749
750         Reviewed by Mark Lam.
751
752         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
753
754             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
755
756         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
757         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
758
759         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
760         And we propagate this value to the global atomic counter when rebalance happens.
761
762         We also reduce HeapCell::heap() access by using `vm.heap`.
763
764         * heap/SlotVisitor.cpp:
765         (JSC::SlotVisitor::didStartMarking):
766         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
767         (JSC::SlotVisitor::drain):
768         (JSC::SlotVisitor::performIncrementOfDraining):
769         * heap/SlotVisitor.h:
770         * heap/SlotVisitorInlines.h:
771         (JSC::SlotVisitor::reportExtraMemoryVisited):
772         * runtime/JSString.cpp:
773         (JSC::JSRopeString::resolveRopeToAtomicString const):
774         (JSC::JSRopeString::resolveRope const):
775         * runtime/JSString.h:
776         (JSC::JSString::finishCreation):
777         * wasm/js/JSWebAssemblyInstance.cpp:
778         (JSC::JSWebAssemblyInstance::finishCreation):
779         * wasm/js/JSWebAssemblyMemory.cpp:
780         (JSC::JSWebAssemblyMemory::finishCreation):
781
782 2018-09-20  Michael Saboff  <msaboff@apple.com>
783
784         Add functions to measure memory footprint to JSC
785         https://bugs.webkit.org/show_bug.cgi?id=189768
786
787         Reviewed by Saam Barati.
788
789         Rolling this back in.
790
791         Provide system memory metrics for the current process to aid in memory reduction measurement and
792         tuning using native JS tests.
793
794         * jsc.cpp:
795         (MemoryFootprint::now):
796         (MemoryFootprint::resetPeak):
797         (GlobalObject::finishCreation):
798         (JSCMemoryFootprint::JSCMemoryFootprint):
799         (JSCMemoryFootprint::createStructure):
800         (JSCMemoryFootprint::create):
801         (JSCMemoryFootprint::finishCreation):
802         (JSCMemoryFootprint::addProperty):
803         (functionResetMemoryPeak):
804
805 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
806
807         Unreviewed, rolling out r236235.
808
809         Breaks internal builds.
810
811         Reverted changeset:
812
813         "Add functions to measure memory footprint to JSC"
814         https://bugs.webkit.org/show_bug.cgi?id=189768
815         https://trac.webkit.org/changeset/236235
816
817 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
818
819         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
820         https://bugs.webkit.org/show_bug.cgi?id=189730
821
822         Reviewed by Saam Barati.
823
824         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
825
826         * jit/JITMathIC.h:
827         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
828
829 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
830
831         [JSC] Optimize Array#indexOf in C++ runtime
832         https://bugs.webkit.org/show_bug.cgi?id=189507
833
834         Reviewed by Saam Barati.
835
836         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
837         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
838         and actually it is working well, C++ Array#indexOf is called significant amount
839         of time before tiering up, and it takes 6.74% of jsc main thread samples according
840         to perf command in Linux. This is because C++ Array#indexOf is too generic and
841         misses the chance to optimize JSArray cases.
842
843         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
844         access to the given JSArray is non-observable and indexing type is good for the fast
845         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
846         babylon web-tooling-benchmark.
847
848         * runtime/ArrayPrototype.cpp:
849         (JSC::arrayProtoFuncIndexOf):
850         * runtime/JSArray.h:
851         * runtime/JSArrayInlines.h:
852         (JSC::JSArray::canDoFastIndexedAccess):
853         (JSC::toLength):
854         * runtime/JSCJSValueInlines.h:
855         (JSC::JSValue::JSValue):
856         * runtime/JSGlobalObject.h:
857         * runtime/JSGlobalObjectInlines.h:
858         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
859         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
860         * runtime/MathCommon.h:
861         (JSC::canBeStrictInt32):
862         (JSC::canBeInt32):
863
864 2018-09-19  Michael Saboff  <msaboff@apple.com>
865
866         Add functions to measure memory footprint to JSC
867         https://bugs.webkit.org/show_bug.cgi?id=189768
868
869         Reviewed by Saam Barati.
870
871         Provide system memory metrics for the current process to aid in memory reduction measurement and
872         tuning using native JS tests.
873
874         * jsc.cpp:
875         (MemoryFootprint::now):
876         (MemoryFootprint::resetPeak):
877         (GlobalObject::finishCreation):
878         (JSCMemoryFootprint::JSCMemoryFootprint):
879         (JSCMemoryFootprint::createStructure):
880         (JSCMemoryFootprint::create):
881         (JSCMemoryFootprint::finishCreation):
882         (JSCMemoryFootprint::addProperty):
883         (functionResetMemoryPeak):
884
885 2018-09-19  Saam barati  <sbarati@apple.com>
886
887         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
888         https://bugs.webkit.org/show_bug.cgi?id=189703
889
890         Reviewed by Mark Lam.
891
892         This fixes a crash that a TypeProfiler change revealed.
893
894         * dfg/DFGSpeculativeJIT64.cpp:
895         (JSC::DFG::SpeculativeJIT::compile):
896
897 2018-09-19  Saam barati  <sbarati@apple.com>
898
899         AI rule for MultiPutByOffset executes its effects in the wrong order
900         https://bugs.webkit.org/show_bug.cgi?id=189757
901         <rdar://problem/43535257>
902
903         Reviewed by Michael Saboff.
904
905         The AI rule for MultiPutByOffset was executing effects in the wrong order.
906         It first executed the transition effects and the effects on the base, and
907         then executed the filtering effects on the value being stored. However, you
908         can end up with the wrong type when the base and the value being stored
909         are the same. E.g, in a program like `o.f = o`. These effects need to happen
910         in the opposite order, modeling what happens in the runtime executing of
911         MultiPutByOffset.
912
913         * dfg/DFGAbstractInterpreterInlines.h:
914         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
915
916 2018-09-18  Mark Lam  <mark.lam@apple.com>
917
918         Ensure that ForInContexts are invalidated if their loop local is over-written.
919         https://bugs.webkit.org/show_bug.cgi?id=189571
920         <rdar://problem/44402277>
921
922         Reviewed by Saam Barati.
923
924         Instead of hunting down every place in the BytecodeGenerator that potentially
925         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
926         the bytecode range of the loop body when the ForInContext is popped, and
927         invalidate the context if we ever find the loop temp variable over-written.
928
929         This has 2 benefits:
930         1. It ensures that every type of opcode that can write to the loop temp will be
931            handled appropriately, not just the op_mov that we've hunted down.
932         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
933            every time we emit an op_mov (or other opcodes that can write to a local)
934            even when we're not inside a for-in loop.
935
936         JSC benchmarks show that that this change is performance neutral.
937
938         * bytecompiler/BytecodeGenerator.cpp:
939         (JSC::BytecodeGenerator::pushIndexedForInScope):
940         (JSC::BytecodeGenerator::popIndexedForInScope):
941         (JSC::BytecodeGenerator::pushStructureForInScope):
942         (JSC::BytecodeGenerator::popStructureForInScope):
943         (JSC::ForInContext::finalize):
944         (JSC::StructureForInContext::finalize):
945         (JSC::IndexedForInContext::finalize):
946         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
947         * bytecompiler/BytecodeGenerator.h:
948         (JSC::ForInContext::ForInContext):
949         (JSC::ForInContext::bodyBytecodeStartOffset const):
950         (JSC::StructureForInContext::StructureForInContext):
951         (JSC::IndexedForInContext::IndexedForInContext):
952         * bytecompiler/NodesCodegen.cpp:
953         (JSC::PostfixNode::emitResolve):
954         (JSC::PrefixNode::emitResolve):
955         (JSC::ReadModifyResolveNode::emitBytecode):
956         (JSC::AssignResolveNode::emitBytecode):
957         (JSC::EmptyLetExpression::emitBytecode):
958         (JSC::ForInNode::emitLoopHeader):
959         (JSC::ForOfNode::emitBytecode):
960         (JSC::BindingNode::bindValue const):
961         (JSC::AssignmentElementNode::bindValue const):
962         * runtime/CommonSlowPaths.cpp:
963         (JSC::SLOW_PATH_DECL):
964
965 2018-09-17  Devin Rousso  <drousso@apple.com>
966
967         Web Inspector: generate CSSKeywordCompletions from backend values
968         https://bugs.webkit.org/show_bug.cgi?id=189041
969
970         Reviewed by Joseph Pecoraro.
971
972         * inspector/protocol/CSS.json:
973         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
974
975 2018-09-17  Saam barati  <sbarati@apple.com>
976
977         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
978         https://bugs.webkit.org/show_bug.cgi?id=189676
979         <rdar://problem/39682897>
980
981         Reviewed by Michael Saboff.
982
983         Because the incoming value may be TDZ, CheckStructure may end up crashing.
984         Since the Type Profile does not currently record TDZ values in any of its
985         data structures, this is not a semantic change in how it will show you data.
986         It just fixes crashes when we emit a CheckStructure and the incoming value
987         is TDZ.
988
989         * dfg/DFGFixupPhase.cpp:
990         (JSC::DFG::FixupPhase::fixupNode):
991         * dfg/DFGNode.h:
992         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
993
994 2018-09-17  Darin Adler  <darin@apple.com>
995
996         Use OpaqueJSString rather than JSRetainPtr inside WebKit
997         https://bugs.webkit.org/show_bug.cgi?id=189652
998
999         Reviewed by Saam Barati.
1000
1001         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
1002         JSStringRef.h.
1003
1004         * API/JSContext.mm:
1005         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
1006         than JSStringCreateWithCFString, simplifying the code and also obviating the
1007         need for explicit JSStringRelease.
1008         (-[JSContext setName:]): Ditto.
1009
1010         * API/JSStringRef.cpp:
1011         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
1012         It seems that additional optimization is possible, obviating the need to allocate
1013         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
1014
1015         * API/JSValue.mm:
1016         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
1017         OpaqueJSString::create and adoptRef as appropriate.
1018         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
1019         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
1020         (performPropertyOperation): Ditto.
1021         (-[JSValue invokeMethod:withArguments:]): Ditto.
1022         (valueToObjectWithoutCopy): Ditto.
1023         (containerValueToObject): Ditto.
1024         (valueToString): Ditto.
1025         (objectToValueWithoutCopy): Ditto.
1026         (objectToValue): Ditto.
1027
1028 2018-09-08  Darin Adler  <darin@apple.com>
1029
1030         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
1031         https://bugs.webkit.org/show_bug.cgi?id=189455
1032
1033         Reviewed by Keith Miller.
1034
1035         * API/JSObjectRef.cpp:
1036         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
1037         JSRetainPtr<JSStringRef>.
1038         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
1039         adopt constructor.
1040         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
1041         the array elements are now Ref.
1042
1043         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
1044         it only works for two specific unrelated types, JSStringRef and
1045         JSGlobalContextRef. Simplified the default constructor using data
1046         member initialization. Prepared to make the adopt constructor private
1047         (got everything compiling that way, then made it public again so that
1048         Apple internal software will still build). Got rid of unneeded
1049         templated constructor and assignment operator, since it's not relevant
1050         since there is no inheritance between JSRetainPtr template types.
1051         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
1052         Added move constructor and move assignment operator for slightly better
1053         performance. Simplified implementations of various member functions
1054         so they are more obviously correct, by using leakPtr in more of them
1055         and using std::exchange to make the flow of values more obvious.
1056
1057         * API/JSValue.mm:
1058         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
1059         missing JSStringRelease to fix a leak.
1060
1061         * API/tests/CustomGlobalObjectClassTest.c:
1062         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
1063         (globalObjectSetPrototypeTest): Ditto.
1064         (globalObjectPrivatePropertyTest): Ditto.
1065
1066         * API/tests/ExecutionTimeLimitTest.cpp:
1067         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
1068         (testExecutionTimeLimit): Ditto, lots more.
1069
1070         * API/tests/FunctionOverridesTest.cpp:
1071         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
1072
1073         * API/tests/JSObjectGetProxyTargetTest.cpp:
1074         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
1075         a leak.
1076
1077         * API/tests/PingPongStackOverflowTest.cpp:
1078         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
1079         JSStringRelease to fix leaks.
1080
1081         * API/tests/testapi.c:
1082         (throwException): Added. Helper function for repeated idiom where we want
1083         to throw an exception, but with additional JSStringRelease calls so we don't
1084         have to leak just to keep the code simpler to read.
1085         (MyObject_getProperty): Use throwException.
1086         (MyObject_setProperty): Ditto.
1087         (MyObject_deleteProperty): Ditto.
1088         (isValueEqualToString): Added. Helper function for an idiom where we check
1089         if something is a string and then if it's equal to a particular string
1090         constant, but a version that has an additional JSStringRelease call so we
1091         don't have to leak just to keep the code simpler to read.
1092         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
1093         (MyObject_callAsConstructor): Ditto.
1094         (MyObject_hasInstance): Ditto.
1095         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
1096         (testMarkingConstraintsAndHeapFinalizers): Ditto.
1097
1098 2018-09-14  Saam barati  <sbarati@apple.com>
1099
1100         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
1101         https://bugs.webkit.org/show_bug.cgi?id=189628
1102         <rdar://problem/39481690>
1103
1104         Reviewed by Mark Lam.
1105
1106         An Availability may point to a Node. And that Node may be removed from
1107         the graph, e.g, it's freed and its memory is no longer owned by Graph.
1108         This patch makes it so we no longer dump this metadata by default. If
1109         this metadata is interesting to you, you'll need to go in and change
1110         Graph::dump to dump the needed metadata.
1111
1112         * dfg/DFGGraph.cpp:
1113         (JSC::DFG::Graph::dump):
1114
1115 2018-09-14  Mark Lam  <mark.lam@apple.com>
1116
1117         Refactor some ForInContext code for better encapsulation.
1118         https://bugs.webkit.org/show_bug.cgi?id=189626
1119         <rdar://problem/44466415>
1120
1121         Reviewed by Keith Miller.
1122
1123         1. Add a ForInContext::m_type field to store the context type.  This does not
1124            increase the class size, but eliminates the need for a virtual call to get the
1125            type.
1126
1127            Note: we still need a virtual destructor because we'll be mingling
1128            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
1129
1130         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
1131            convenience methods.
1132
1133         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
1134            to do the casting to the subclass types.  This ensures that we'll properly
1135            assert that the casting is legal.
1136
1137         * bytecompiler/BytecodeGenerator.cpp:
1138         (JSC::BytecodeGenerator::emitGetByVal):
1139         (JSC::BytecodeGenerator::popIndexedForInScope):
1140         (JSC::BytecodeGenerator::popStructureForInScope):
1141         * bytecompiler/BytecodeGenerator.h:
1142         (JSC::ForInContext::type const):
1143         (JSC::ForInContext::isIndexedForInContext const):
1144         (JSC::ForInContext::isStructureForInContext const):
1145         (JSC::ForInContext::asIndexedForInContext):
1146         (JSC::ForInContext::asStructureForInContext):
1147         (JSC::ForInContext::ForInContext):
1148         (JSC::StructureForInContext::StructureForInContext):
1149         (JSC::IndexedForInContext::IndexedForInContext):
1150         (JSC::ForInContext::~ForInContext): Deleted.
1151
1152 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
1153
1154         Web Inspector: Record actions performed on ImageBitmapRenderingContext
1155         https://bugs.webkit.org/show_bug.cgi?id=181341
1156
1157         Reviewed by Joseph Pecoraro.
1158
1159         * inspector/protocol/Recording.json:
1160         * inspector/scripts/codegen/generator.py:
1161
1162 2018-09-14  Mike Gorse  <mgorse@suse.com>
1163
1164         builtins directory causes name conflict on Python 3
1165         https://bugs.webkit.org/show_bug.cgi?id=189552
1166
1167         Reviewed by Michael Catanzaro.
1168
1169         * CMakeLists.txt: builtins -> wkbuiltins.
1170         * DerivedSources.make: builtins -> wkbuiltins.
1171         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
1172           builtins.
1173         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
1174         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
1175         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
1176         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
1177         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
1178         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
1179         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
1180         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
1181         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
1182         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
1183         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
1184         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
1185
1186 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1187
1188         [WebAssembly] Inline WasmContext accessor functions
1189         https://bugs.webkit.org/show_bug.cgi?id=189416
1190
1191         Reviewed by Saam Barati.
1192
1193         WasmContext accessor functions are very small while it resides in the critical path of
1194         JS to Wasm function call. This patch makes them inline to improve performance.
1195         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
1196
1197         * JavaScriptCore.xcodeproj/project.pbxproj:
1198         * Sources.txt:
1199         * interpreter/CallFrame.cpp:
1200         * jit/AssemblyHelpers.cpp:
1201         * wasm/WasmB3IRGenerator.cpp:
1202         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
1203         (JSC::Wasm::Context::useFastTLS):
1204         (JSC::Wasm::Context::load const):
1205         (JSC::Wasm::Context::store):
1206         * wasm/WasmMemoryInformation.cpp:
1207         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
1208         * wasm/js/JSToWasm.cpp:
1209         * wasm/js/WebAssemblyFunction.cpp:
1210
1211 2018-09-12  David Kilzer  <ddkilzer@apple.com>
1212
1213         Move JavaScriptCore files to match Xcode project hierarchy
1214         <https://webkit.org/b/189574>
1215
1216         Reviewed by Filip Pizlo.
1217
1218         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
1219         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
1220         * CMakeLists.txt: Update for new path to
1221         generateYarrUnicodePropertyTables.py, hasher.py and
1222         JSAPIValueWrapper.h.
1223         * DerivedSources.make: Ditto. Add missing dependency on
1224         hasher.py captured by CMakeLists.txt.
1225         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
1226         reference paths. Add hasher.py library to project.
1227         * Sources.txt: Update for new path to
1228         JSAPIValueWrapper.cpp.
1229         * runtime/JSImmutableButterfly.h: Add missing includes
1230         after changes to Sources.txt and regenerating unified
1231         sources.
1232         * runtime/RuntimeType.h: Ditto.
1233         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
1234         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
1235
1236 2018-09-12  David Kilzer  <ddkilzer@apple.com>
1237
1238         Let Xcode have its way with the JavaScriptCore project
1239
1240         * JavaScriptCore.xcodeproj/project.pbxproj:
1241
1242 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
1243
1244         Add IGNORE_WARNING_.* macros
1245         https://bugs.webkit.org/show_bug.cgi?id=188996
1246
1247         Reviewed by Michael Catanzaro.
1248
1249         * API/JSCallbackObject.h:
1250         * API/tests/testapi.c:
1251         * assembler/LinkBuffer.h:
1252         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1253         * b3/B3LowerToAir.cpp:
1254         * b3/B3Opcode.cpp:
1255         * b3/B3Type.h:
1256         * b3/B3TypeMap.h:
1257         * b3/B3Width.h:
1258         * b3/air/AirArg.cpp:
1259         * b3/air/AirArg.h:
1260         * b3/air/AirCode.h:
1261         * bytecode/Opcode.h:
1262         (JSC::padOpcodeName):
1263         * dfg/DFGSpeculativeJIT.cpp:
1264         (JSC::DFG::SpeculativeJIT::speculateNumber):
1265         (JSC::DFG::SpeculativeJIT::speculateMisc):
1266         * dfg/DFGSpeculativeJIT64.cpp:
1267         * ftl/FTLOutput.h:
1268         * jit/CCallHelpers.h:
1269         (JSC::CCallHelpers::calculatePokeOffset):
1270         * llint/LLIntData.cpp:
1271         * llint/LLIntSlowPaths.cpp:
1272         (JSC::LLInt::slowPathLogF):
1273         * runtime/ConfigFile.cpp:
1274         (JSC::ConfigFile::canonicalizePaths):
1275         * runtime/JSDataViewPrototype.cpp:
1276         * runtime/JSGenericTypedArrayViewConstructor.h:
1277         * runtime/JSGenericTypedArrayViewPrototype.h:
1278         * runtime/Options.cpp:
1279         (JSC::Options::setAliasedOption):
1280         * tools/CodeProfiling.cpp:
1281         * wasm/WasmSections.h:
1282         * wasm/generateWasmValidateInlinesHeader.py:
1283
1284 == Rolled over to ChangeLog-2018-09-11 ==