Add support for selective handling of VM traps.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-02  Mark Lam  <mark.lam@apple.com>
2
3         Add support for selective handling of VM traps.
4         https://bugs.webkit.org/show_bug.cgi?id=169087
5
6         Reviewed by Keith Miller.
7
8         This is needed because there are some places in the VM where it's appropriate to
9         handle some types of VM traps but not others.
10
11         We implement this selection by using a VMTraps::Mask that allows the user to
12         specify which traps should be serviced.
13
14         * interpreter/Interpreter.cpp:
15         (JSC::Interpreter::executeProgram):
16         (JSC::Interpreter::executeCall):
17         (JSC::Interpreter::executeConstruct):
18         (JSC::Interpreter::execute):
19         * runtime/VM.cpp:
20         (JSC::VM::handleTraps):
21         * runtime/VM.h:
22         * runtime/VMTraps.cpp:
23         (JSC::VMTraps::takeTrap): Deleted.
24         * runtime/VMTraps.h:
25         (JSC::VMTraps::Mask::Mask):
26         (JSC::VMTraps::Mask::allEventTypes):
27         (JSC::VMTraps::Mask::bits):
28         (JSC::VMTraps::Mask::init):
29         (JSC::VMTraps::needTrapHandling):
30         (JSC::VMTraps::hasTrapForEvent):
31
32 2017-03-02  Alex Christensen  <achristensen@webkit.org>
33
34         Continue enabling WebRTC
35         https://bugs.webkit.org/show_bug.cgi?id=169056
36
37         Reviewed by Jon Lee.
38
39         * Configurations/FeatureDefines.xcconfig:
40
41 2017-03-02  Tomas Popela  <tpopela@redhat.com>
42
43         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
44         https://bugs.webkit.org/show_bug.cgi?id=169034
45
46         Reviewed by Mark Lam.
47
48         It should not assign to offset, but compare to offset.
49
50         * runtime/JSGlobalObject.cpp:
51         (JSC::JSGlobalObject::addStaticGlobals):
52
53 2017-03-01  Alex Christensen  <achristensen@webkit.org>
54
55         Unreviewed, rolling out r213259.
56
57         Broke an internal build
58
59         Reverted changeset:
60
61         "Continue enabling WebRTC"
62         https://bugs.webkit.org/show_bug.cgi?id=169056
63         http://trac.webkit.org/changeset/213259
64
65 2017-03-01  Alex Christensen  <achristensen@webkit.org>
66
67         Continue enabling WebRTC
68         https://bugs.webkit.org/show_bug.cgi?id=169056
69
70         Reviewed by Jon Lee.
71
72         * Configurations/FeatureDefines.xcconfig:
73
74 2017-03-01  Michael Saboff  <msaboff@apple.com>
75
76         Source/JavaScriptCore/ChangeLog
77         https://bugs.webkit.org/show_bug.cgi?id=169055
78
79         Reviewed by Mark Lam.
80
81         Made local copies of options strings for OptionRange and string typed options.
82
83         * runtime/Options.cpp:
84         (JSC::parse):
85         (JSC::OptionRange::init):
86
87 2017-03-01  Mark Lam  <mark.lam@apple.com>
88
89         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
90         https://bugs.webkit.org/show_bug.cgi?id=168996
91
92         Reviewed by Filip Pizlo and Saam Barati.
93
94         PlatformThread is more useful because it allows us to:
95         1. find the MachineThreads::Thread which is associated with it.
96         2. suspend / resume threads.
97         3. send a signal to a thread.
98
99         We can't do those with std::thread::id.  We will need one or more of these
100         capabilities to implement non-polling VM traps later.
101
102         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
103         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
104         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
105         JSLock::m_hasOwnerThread before doing the thread identity comparison.
106
107         * JavaScriptCore.xcodeproj/project.pbxproj:
108         * heap/MachineStackMarker.cpp:
109         (JSC::MachineThreads::Thread::createForCurrentThread):
110         (JSC::MachineThreads::machineThreadForCurrentThread):
111         (JSC::MachineThreads::removeThread):
112         (JSC::MachineThreads::Thread::suspend):
113         (JSC::MachineThreads::tryCopyOtherThreadStacks):
114         (JSC::getCurrentPlatformThread): Deleted.
115         * heap/MachineStackMarker.h:
116         * runtime/JSCellInlines.h:
117         (JSC::JSCell::classInfo):
118         * runtime/JSLock.cpp:
119         (JSC::JSLock::JSLock):
120         (JSC::JSLock::lock):
121         (JSC::JSLock::unlock):
122         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
123         * runtime/JSLock.h:
124         (JSC::JSLock::ownerThread):
125         (JSC::JSLock::currentThreadIsHoldingLock):
126         * runtime/PlatformThread.h: Added.
127         (JSC::currentPlatformThread):
128         * runtime/VM.cpp:
129         (JSC::VM::~VM):
130         * runtime/VM.h:
131         (JSC::VM::ownerThread):
132         * runtime/Watchdog.cpp:
133         (JSC::Watchdog::setTimeLimit):
134         (JSC::Watchdog::shouldTerminate):
135         (JSC::Watchdog::startTimer):
136         (JSC::Watchdog::stopTimer):
137         * tools/JSDollarVMPrototype.cpp:
138         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
139         * tools/VMInspector.cpp:
140
141 2017-03-01  Saam Barati  <sbarati@apple.com>
142
143         Implement a mega-disassembler that'll be used in the FTL
144         https://bugs.webkit.org/show_bug.cgi?id=168685
145
146         Reviewed by Mark Lam.
147
148         This patch extends the previous Air disassembler to print the
149         DFG and B3 nodes belonging to particular Air instructions.
150         The algorithm I'm using to do this is not perfect. For example,
151         it won't try to print the entire DFG/B3 graph. It'll just print
152         the related nodes for particular Air instructions. We can make the
153         algorithm more sophisticated as we get more experience looking at
154         these IR dumps and get a better feel for what we want out of them.
155
156         This is an example of the output:
157
158         ...
159         ...
160         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
161            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
162                Patch &Patchpoint2, %r20, %r20, %r0, @54
163          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
164            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
165                Move 32(%r20), %r5, @57
166                       0x389cc9ac0:    ldur   x5, [x20, #32]
167         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
168            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
169                Move32 (%r5), %r1, @58
170                       0x389cc9ac4:    ldur   w1, [x5]
171            Int32 @59 = Const32(DFG:@115, 92)
172            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
173            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
174                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
175                       0x389cc9ac8:    cmp    w1, #92
176                       0x389cc9acc:    b.ne   0x389cc9dac
177         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
178            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
179                Move 8(%r5), %r4, @64
180                       0x389cc9ad0:    ldur   x4, [x5, #8]
181          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
182            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
183                Move32 -8(%r4), %r2, @67
184                       0x389cc9ad4:    ldur   w2, [x4, #-8]
185       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
186            Int32 @68 = Const32(DFG:@192, -1)
187                Move $0xffffffffffffffff, %r1, $-1(@68)
188                       0x389cc9ad8:    mov    x1, #-1
189          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
190            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
191                Add32 %r2, %r1, %r1, @69
192                       0x389cc9adc:    add    w1, w2, w1
193          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
194            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
195            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
196                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
197                       0x389cc9ae0:    cmp    x0, x22
198                       0x389cc9ae4:    b.lo   0x389cc9dc0
199            Int32 @72 = Trunc(@53, DFG:@86)
200            Int32 @73 = BitAnd(@69, @72, DFG:@86)
201                And32 %r1, %r0, %r1, @73
202                       0x389cc9ae8:    and    w1, w1, w0
203            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
204            Int32 @72 = Trunc(@53, DFG:@86)
205            Int64 @11 = SlotBase(stack0)
206            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
207                Move32 %r0, -64(%fp), @76
208                       0x389cc9aec:    stur   w0, [fp, #-64]
209            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
210            Int64 @77 = ZExt32(@73, DFG:@12)
211            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
212                Add64 %r1, %r22, %r3, @78
213                       0x389cc9af0:    add    x3, x1, x22
214            Int64 @11 = SlotBase(stack0)
215            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
216                Move %r3, -72(%fp), @81
217                       0x389cc9af4:    stur   x3, [fp, #-72]
218            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
219            Int32 @82 = Trunc(@24, DFG:@10)
220            Int64 @11 = SlotBase(stack0)
221            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
222                Move32 %r21, -80(%fp), @85
223                       0x389cc9af8:    stur   w21, [fp, #-80]
224           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
225            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
226            Void @90 = Branch(@89, DFG:@129, Terminal)
227                Branch32 AboveOrEqual, %r1, %r2, @90
228                       0x389cc9afc:    cmp    w1, w2
229                       0x389cc9b00:    b.hs   0x389cc9bec
230         ...
231         ...
232
233         * b3/air/AirDisassembler.cpp:
234         (JSC::B3::Air::Disassembler::dump):
235         * b3/air/AirDisassembler.h:
236         * ftl/FTLCompile.cpp:
237         (JSC::FTL::compile):
238         * ftl/FTLLowerDFGToB3.cpp:
239         (JSC::FTL::DFG::LowerDFGToB3::lower):
240         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
241         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
242         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
243         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
244
245 2017-03-01  Mark Lam  <mark.lam@apple.com>
246
247         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
248         https://bugs.webkit.org/show_bug.cgi?id=169042
249
250         Not reviewed.
251
252         Rolling out r213229 and r213202.
253
254         * JavaScriptCore.xcodeproj/project.pbxproj:
255         * heap/MachineStackMarker.cpp:
256         (JSC::getCurrentPlatformThread):
257         (JSC::MachineThreads::Thread::createForCurrentThread):
258         (JSC::MachineThreads::machineThreadForCurrentThread):
259         (JSC::MachineThreads::removeThread):
260         (JSC::MachineThreads::Thread::suspend):
261         (JSC::MachineThreads::tryCopyOtherThreadStacks):
262         * heap/MachineStackMarker.h:
263         * runtime/JSCellInlines.h:
264         (JSC::JSCell::classInfo):
265         * runtime/JSLock.cpp:
266         (JSC::JSLock::JSLock):
267         (JSC::JSLock::lock):
268         (JSC::JSLock::unlock):
269         (JSC::JSLock::currentThreadIsHoldingLock):
270         * runtime/JSLock.h:
271         (JSC::JSLock::ownerThread):
272         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
273         * runtime/PlatformThread.h: Removed.
274         * runtime/VM.cpp:
275         (JSC::VM::~VM):
276         * runtime/VM.h:
277         (JSC::VM::ownerThread):
278         * runtime/Watchdog.cpp:
279         (JSC::Watchdog::setTimeLimit):
280         (JSC::Watchdog::shouldTerminate):
281         (JSC::Watchdog::startTimer):
282         (JSC::Watchdog::stopTimer):
283         * tools/JSDollarVMPrototype.cpp:
284         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
285         * tools/VMInspector.cpp:
286
287 2017-03-01  Mark Lam  <mark.lam@apple.com>
288
289         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
290         https://bugs.webkit.org/show_bug.cgi?id=169042
291
292         Reviewed by Filip Pizlo.
293
294         * runtime/JSLock.h:
295         (JSC::JSLock::currentThreadIsHoldingLock):
296
297 2017-02-28  Brian Burg  <bburg@apple.com>
298
299         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
300         https://bugs.webkit.org/show_bug.cgi?id=168695
301         <rdar://problem/30643899>
302
303         Reviewed by Joseph Pecoraro.
304
305         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
306         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
307         to gather listing information for RemoteAutomationTargets.
308
309         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
310         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
311         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
312
313         * inspector/remote/RemoteInspector.h:
314         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
315
316         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
317         (Inspector::RemoteConnectionToTarget::setup):
318         (Inspector::RemoteConnectionToTarget::close):
319         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
320         and use it inside the block later after it may have been destructed already. If that happens,
321         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
322
323         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
324         (Inspector::RemoteInspector::updateTargetListing):
325         We need to make sure to request a listing push after the target is updated, so implicitly call
326         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
327
328         (Inspector::RemoteInspector::receivedSetupMessage):
329         (Inspector::RemoteInspector::receivedDidCloseMessage):
330         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
331         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
332         and asynchronously on the target's queue when the connection to target is opened or closed.
333
334 2017-03-01  Tomas Popela  <tpopela@redhat.com>
335
336         Leak under Options::setOptions
337         https://bugs.webkit.org/show_bug.cgi?id=169029
338
339         Reviewed by Michael Saboff.
340
341         Don't leak the optionsStrCopy variable.
342
343         * runtime/Options.cpp:
344         (JSC::Options::setOptions):
345
346 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
347
348         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
349         https://bugs.webkit.org/show_bug.cgi?id=168968
350
351         Reviewed by Saam Barati.
352
353         This patch decouples dumping bytecode sequence from CodeBlock.
354         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
355         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
356         called Generatorification.
357
358         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
359         this class to dump bytecode sequence.
360
361         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
362         which dumps unlinked bytecode sequence before generatorification if it is enabled.
363
364         * CMakeLists.txt:
365         * JavaScriptCore.xcodeproj/project.pbxproj:
366         * bytecode/BytecodeDumper.cpp: Added.
367         (JSC::getStructureID):
368         (JSC::getSpecialPointer):
369         (JSC::getPutByIdFlags):
370         (JSC::getToThisStatus):
371         (JSC::getPointer):
372         (JSC::getStructureChain):
373         (JSC::getStructure):
374         (JSC::getCallLinkInfo):
375         (JSC::getBasicBlockLocation):
376         (JSC::BytecodeDumper<Block>::actualPointerFor):
377         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
378         (JSC::beginDumpProfiling):
379         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
380         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
381         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
382         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
383         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
384         (JSC::dumpRareCaseProfile):
385         (JSC::dumpArithProfile):
386         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
387         (JSC::BytecodeDumper<Block>::vm):
388         (JSC::BytecodeDumper<Block>::identifier):
389         (JSC::regexpToSourceString):
390         (JSC::regexpName):
391         (JSC::printLocationAndOp):
392         (JSC::isConstantRegisterIndex):
393         (JSC::debugHookName):
394         (JSC::BytecodeDumper<Block>::registerName):
395         (JSC::idName):
396         (JSC::BytecodeDumper<Block>::constantName):
397         (JSC::BytecodeDumper<Block>::printUnaryOp):
398         (JSC::BytecodeDumper<Block>::printBinaryOp):
399         (JSC::BytecodeDumper<Block>::printConditionalJump):
400         (JSC::BytecodeDumper<Block>::printGetByIdOp):
401         (JSC::dumpStructure):
402         (JSC::dumpChain):
403         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
404         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
405         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
406         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
407         (JSC::BytecodeDumper<Block>::printCallOp):
408         (JSC::BytecodeDumper<Block>::printPutByIdOp):
409         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
410         (JSC::BytecodeDumper<Block>::dumpBytecode):
411         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
412         (JSC::BytecodeDumper<Block>::dumpConstants):
413         (JSC::BytecodeDumper<Block>::dumpRegExps):
414         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
415         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
416         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
417         (JSC::BytecodeDumper<Block>::dumpBlock):
418         * bytecode/BytecodeDumper.h: Added.
419         (JSC::BytecodeDumper::BytecodeDumper):
420         (JSC::BytecodeDumper::block):
421         (JSC::BytecodeDumper::instructionsBegin):
422         * bytecode/BytecodeGeneratorification.cpp:
423         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
424         (JSC::performGeneratorification):
425         * bytecode/BytecodeLivenessAnalysis.cpp:
426         (JSC::BytecodeLivenessAnalysis::dumpResults):
427         * bytecode/CodeBlock.cpp:
428         (JSC::CodeBlock::dumpBytecode):
429         (JSC::CodeBlock::finishCreation):
430         (JSC::CodeBlock::propagateTransitions):
431         (JSC::CodeBlock::finalizeLLIntInlineCaches):
432         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
433         (JSC::CodeBlock::usesOpcode):
434         (JSC::CodeBlock::valueProfileForBytecodeOffset):
435         (JSC::CodeBlock::arithProfileForPC):
436         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
437         (JSC::idName): Deleted.
438         (JSC::CodeBlock::registerName): Deleted.
439         (JSC::CodeBlock::constantName): Deleted.
440         (JSC::regexpToSourceString): Deleted.
441         (JSC::regexpName): Deleted.
442         (JSC::debugHookName): Deleted.
443         (JSC::CodeBlock::printUnaryOp): Deleted.
444         (JSC::CodeBlock::printBinaryOp): Deleted.
445         (JSC::CodeBlock::printConditionalJump): Deleted.
446         (JSC::CodeBlock::printGetByIdOp): Deleted.
447         (JSC::dumpStructure): Deleted.
448         (JSC::dumpChain): Deleted.
449         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
450         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
451         (JSC::CodeBlock::printCallOp): Deleted.
452         (JSC::CodeBlock::printPutByIdOp): Deleted.
453         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
454         (JSC::CodeBlock::beginDumpProfiling): Deleted.
455         (JSC::CodeBlock::dumpValueProfiling): Deleted.
456         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
457         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
458         (JSC::CodeBlock::dumpArithProfile): Deleted.
459         (JSC::CodeBlock::printLocationAndOp): Deleted.
460         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
461         * bytecode/CodeBlock.h:
462         (JSC::CodeBlock::constantRegisters):
463         (JSC::CodeBlock::numberOfRegExps):
464         (JSC::CodeBlock::bitVectors):
465         (JSC::CodeBlock::bitVector):
466         * bytecode/HandlerInfo.h:
467         (JSC::HandlerInfoBase::typeName):
468         * bytecode/UnlinkedCodeBlock.cpp:
469         (JSC::UnlinkedCodeBlock::dump):
470         * bytecode/UnlinkedCodeBlock.h:
471         (JSC::UnlinkedCodeBlock::getConstant):
472         * bytecode/UnlinkedInstructionStream.cpp:
473         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
474         * bytecode/UnlinkedInstructionStream.h:
475         (JSC::UnlinkedInstructionStream::Reader::next):
476         * runtime/Options.h:
477
478 2017-02-28  Mark Lam  <mark.lam@apple.com>
479
480         Change JSLock to stash PlatformThread instead of std::thread::id.
481         https://bugs.webkit.org/show_bug.cgi?id=168996
482
483         Reviewed by Filip Pizlo.
484
485         PlatformThread is more useful because it allows us to:
486         1. find the MachineThreads::Thread which is associated with it.
487         2. suspend / resume threads.
488         3. send a signal to a thread.
489
490         We can't do those with std::thread::id.  We will need one or more of these
491         capabilities to implement non-polling VM traps later.
492
493         * JavaScriptCore.xcodeproj/project.pbxproj:
494         * heap/MachineStackMarker.cpp:
495         (JSC::MachineThreads::Thread::createForCurrentThread):
496         (JSC::MachineThreads::machineThreadForCurrentThread):
497         (JSC::MachineThreads::removeThread):
498         (JSC::MachineThreads::Thread::suspend):
499         (JSC::MachineThreads::tryCopyOtherThreadStacks):
500         (JSC::getCurrentPlatformThread): Deleted.
501         * heap/MachineStackMarker.h:
502         * runtime/JSCellInlines.h:
503         (JSC::JSCell::classInfo):
504         * runtime/JSLock.cpp:
505         (JSC::JSLock::lock):
506         (JSC::JSLock::unlock):
507         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
508         * runtime/JSLock.h:
509         (JSC::JSLock::ownerThread):
510         (JSC::JSLock::currentThreadIsHoldingLock):
511         * runtime/PlatformThread.h: Added.
512         (JSC::currentPlatformThread):
513         * runtime/VM.cpp:
514         (JSC::VM::~VM):
515         * runtime/VM.h:
516         (JSC::VM::ownerThread):
517         * runtime/Watchdog.cpp:
518         (JSC::Watchdog::setTimeLimit):
519         (JSC::Watchdog::shouldTerminate):
520         (JSC::Watchdog::startTimer):
521         (JSC::Watchdog::stopTimer):
522         * tools/JSDollarVMPrototype.cpp:
523         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
524         * tools/VMInspector.cpp:
525
526 2017-02-28  Mark Lam  <mark.lam@apple.com>
527
528         Enable the SigillCrashAnalyzer by default for iOS.
529         https://bugs.webkit.org/show_bug.cgi?id=168989
530
531         Reviewed by Keith Miller.
532
533         * runtime/Options.cpp:
534         (JSC::overrideDefaults):
535
536 2017-02-28  Mark Lam  <mark.lam@apple.com>
537
538         Remove setExclusiveThread() and peers from the JSLock.
539         https://bugs.webkit.org/show_bug.cgi?id=168977
540
541         Reviewed by Filip Pizlo.
542
543         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
544         Speedometer, we see that removal of exclusive thread status has no measurable
545         impact on performance.  So, let's remove the code for handling exclusive thread
546         status, and simplify the JSLock code.
547
548         For the records, exclusive thread status does improve JSLock locking/unlocking
549         time by up to 20%.  However, this difference is not measurable in the way WebCore
550         uses the JSLock as confirmed by Speedometer.
551
552         Also applied a minor optimization in JSLock::lock() to assume the initial lock
553         entry case (as opposed to the re-entry case).  This appears to shows a small
554         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
555         time in a micro-benchmark.
556
557         * heap/Heap.cpp:
558         (JSC::Heap::Heap):
559         * heap/MachineStackMarker.cpp:
560         (JSC::MachineThreads::MachineThreads):
561         (JSC::MachineThreads::addCurrentThread):
562         * heap/MachineStackMarker.h:
563         * runtime/JSLock.cpp:
564         (JSC::JSLock::JSLock):
565         (JSC::JSLock::lock):
566         (JSC::JSLock::unlock):
567         (JSC::JSLock::currentThreadIsHoldingLock):
568         (JSC::JSLock::dropAllLocks):
569         (JSC::JSLock::grabAllLocks):
570         (JSC::JSLock::setExclusiveThread): Deleted.
571         * runtime/JSLock.h:
572         (JSC::JSLock::ownerThread):
573         (JSC::JSLock::hasExclusiveThread): Deleted.
574         (JSC::JSLock::exclusiveThread): Deleted.
575         * runtime/VM.h:
576         (JSC::VM::hasExclusiveThread): Deleted.
577         (JSC::VM::exclusiveThread): Deleted.
578         (JSC::VM::setExclusiveThread): Deleted.
579
580 2017-02-28  Saam Barati  <sbarati@apple.com>
581
582         Arm64 disassembler prints "ars" instead of "asr"
583         https://bugs.webkit.org/show_bug.cgi?id=168923
584
585         Rubber stamped by Michael Saboff.
586
587         * disassembler/ARM64/A64DOpcode.cpp:
588         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
589
590 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
591
592         Use of arguments in arrow function is slow
593         https://bugs.webkit.org/show_bug.cgi?id=168829
594
595         Reviewed by Saam Barati.
596
597         Current patch improves performance access to arguments within arrow functuion
598         by preventing create arguments variable within arrow function, also allow to cache 
599         arguments variable. Before arguments variable always have Dynamic resolve type, after 
600         patch it can be ClosureVar, that increase performance of access to arguments variable
601         in 9 times inside of the arrow function. 
602
603         * bytecompiler/BytecodeGenerator.cpp:
604         (JSC::BytecodeGenerator::BytecodeGenerator):
605         * runtime/JSScope.cpp:
606         (JSC::abstractAccess):
607
608 2017-02-28  Michael Saboff  <msaboff@apple.com>
609
610         Add ability to configure JSC options from a file
611         https://bugs.webkit.org/show_bug.cgi?id=168914
612
613         Reviewed by Filip Pizlo.
614
615         Added the ability to set options and DataLog file location via a configuration file.
616         The configuration file is specified with the --configFile option to JSC or the
617         JSC_configFile environment variable.
618
619         The file format allows for options conditionally dependent on various attributes.
620         Currently those attributes are the process name, parent process name and build
621         type (Release or Debug).  In this patch, the parent process type is not set.
622         That will be set up in WebKit code with a follow up patch.
623
624         Here is an example config file:
625
626             logFile = "/tmp/jscLog.%pid.txt"
627
628             jscOptions {
629                 dumpOptions = 2
630             }
631
632             build == "Debug" {
633                 jscOptions {
634                     useConcurrentJIT = false
635                     dumpDisassembly = true
636                 }
637             }
638
639             build == "Release" && processName == "jsc" {
640                 jscOptions {
641                     asyncDisassembly = true
642                 }
643             }
644
645         Eliminated the prior options file code.
646
647         * CMakeLists.txt:
648         * JavaScriptCore.xcodeproj/project.pbxproj:
649         * jsc.cpp:
650         (jscmain):
651         * runtime/ConfigFile.cpp: Added.
652         (JSC::ConfigFileScanner::ConfigFileScanner):
653         (JSC::ConfigFileScanner::start):
654         (JSC::ConfigFileScanner::lineNumber):
655         (JSC::ConfigFileScanner::currentBuffer):
656         (JSC::ConfigFileScanner::atFileEnd):
657         (JSC::ConfigFileScanner::tryConsume):
658         (JSC::ConfigFileScanner::tryConsumeString):
659         (JSC::ConfigFileScanner::tryConsumeUpto):
660         (JSC::ConfigFileScanner::fillBufferIfNeeded):
661         (JSC::ConfigFileScanner::fillBuffer):
662         (JSC::ConfigFile::ConfigFile):
663         (JSC::ConfigFile::setProcessName):
664         (JSC::ConfigFile::setParentProcessName):
665         (JSC::ConfigFile::parse):
666         * runtime/ConfigFile.h: Added.
667         * runtime/Options.cpp:
668         (JSC::Options::initialize):
669         (JSC::Options::setOptions):
670         * runtime/Options.h:
671
672 2017-02-27  Alex Christensen  <achristensen@webkit.org>
673
674         Begin enabling WebRTC on 64-bit
675         https://bugs.webkit.org/show_bug.cgi?id=168915
676
677         Reviewed by Eric Carlson.
678
679         * Configurations/FeatureDefines.xcconfig:
680
681 2017-02-27  Mark Lam  <mark.lam@apple.com>
682
683         Introduce a VM Traps mechanism and refactor Watchdog to use it.
684         https://bugs.webkit.org/show_bug.cgi?id=168842
685
686         Reviewed by Filip Pizlo.
687
688         Currently, the traps mechanism is only used for the JSC watchdog, and for
689         asynchronous termination requests (which is currently only used for worker
690         threads termination).
691
692         This first cut of the traps mechanism still relies on polling from DFG and FTL
693         code.  This is done to keep the patch as small as possible.  The work to do
694         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
695         another patch.
696
697         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
698         flag to enable the traps polling in the DFG and FTL code.  When we have the
699         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
700         the VM::m_needAsynchronousTerminationSupport flag.
701
702         Note: this patch also separates asynchronous termination support from the JSC
703         watchdog.  This separation allows us to significantly simplify the locking
704         requirements in the watchdog code, and make it easier to reason about its
705         correctness.
706
707         * CMakeLists.txt:
708         * JavaScriptCore.xcodeproj/project.pbxproj:
709         * bytecode/BytecodeList.json:
710         * bytecode/BytecodeUseDef.h:
711         (JSC::computeUsesForBytecodeOffset):
712         (JSC::computeDefsForBytecodeOffset):
713         * bytecode/CodeBlock.cpp:
714         (JSC::CodeBlock::dumpBytecode):
715         * bytecompiler/BytecodeGenerator.cpp:
716         (JSC::BytecodeGenerator::BytecodeGenerator):
717         (JSC::BytecodeGenerator::emitLoopHint):
718         (JSC::BytecodeGenerator::emitCheckTraps):
719         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
720         * bytecompiler/BytecodeGenerator.h:
721         * dfg/DFGAbstractInterpreterInlines.h:
722         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
723         * dfg/DFGByteCodeParser.cpp:
724         (JSC::DFG::ByteCodeParser::parseBlock):
725         * dfg/DFGCapabilities.cpp:
726         (JSC::DFG::capabilityLevel):
727         * dfg/DFGClobberize.h:
728         (JSC::DFG::clobberize):
729         * dfg/DFGDoesGC.cpp:
730         (JSC::DFG::doesGC):
731         * dfg/DFGFixupPhase.cpp:
732         (JSC::DFG::FixupPhase::fixupNode):
733         * dfg/DFGNodeType.h:
734         * dfg/DFGPredictionPropagationPhase.cpp:
735         * dfg/DFGSafeToExecute.h:
736         (JSC::DFG::safeToExecute):
737         * dfg/DFGSpeculativeJIT.cpp:
738         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
739         * dfg/DFGSpeculativeJIT.h:
740         * dfg/DFGSpeculativeJIT32_64.cpp:
741         (JSC::DFG::SpeculativeJIT::compile):
742         * dfg/DFGSpeculativeJIT64.cpp:
743         (JSC::DFG::SpeculativeJIT::compile):
744         * ftl/FTLCapabilities.cpp:
745         (JSC::FTL::canCompile):
746         * ftl/FTLLowerDFGToB3.cpp:
747         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
748         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
749         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
750         * interpreter/Interpreter.cpp:
751         (JSC::Interpreter::executeProgram):
752         (JSC::Interpreter::executeCall):
753         (JSC::Interpreter::executeConstruct):
754         (JSC::Interpreter::execute):
755         * jit/JIT.cpp:
756         (JSC::JIT::privateCompileMainPass):
757         (JSC::JIT::privateCompileSlowCases):
758         * jit/JIT.h:
759         * jit/JITOpcodes.cpp:
760         (JSC::JIT::emit_op_check_traps):
761         (JSC::JIT::emitSlow_op_check_traps):
762         (JSC::JIT::emit_op_watchdog): Deleted.
763         (JSC::JIT::emitSlow_op_watchdog): Deleted.
764         * jit/JITOperations.cpp:
765         * jit/JITOperations.h:
766         * llint/LLIntSlowPaths.cpp:
767         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
768         * llint/LLIntSlowPaths.h:
769         * llint/LowLevelInterpreter.asm:
770         * llint/LowLevelInterpreter32_64.asm:
771         * llint/LowLevelInterpreter64.asm:
772         * runtime/VM.cpp:
773         (JSC::VM::~VM):
774         (JSC::VM::ensureWatchdog):
775         (JSC::VM::handleTraps):
776         * runtime/VM.h:
777         (JSC::VM::ownerThread):
778         (JSC::VM::needTrapHandling):
779         (JSC::VM::needTrapHandlingAddress):
780         (JSC::VM::notifyNeedTermination):
781         (JSC::VM::notifyNeedWatchdogCheck):
782         (JSC::VM::needAsynchronousTerminationSupport):
783         (JSC::VM::setNeedAsynchronousTerminationSupport):
784         * runtime/VMInlines.h:
785         (JSC::VM::shouldTriggerTermination): Deleted.
786         * runtime/VMTraps.cpp: Added.
787         (JSC::VMTraps::fireTrap):
788         (JSC::VMTraps::takeTrap):
789         * runtime/VMTraps.h: Added.
790         (JSC::VMTraps::needTrapHandling):
791         (JSC::VMTraps::needTrapHandlingAddress):
792         (JSC::VMTraps::hasTrapForEvent):
793         (JSC::VMTraps::setTrapForEvent):
794         (JSC::VMTraps::clearTrapForEvent):
795         * runtime/Watchdog.cpp:
796         (JSC::Watchdog::Watchdog):
797         (JSC::Watchdog::setTimeLimit):
798         (JSC::Watchdog::shouldTerminate):
799         (JSC::Watchdog::enteredVM):
800         (JSC::Watchdog::exitedVM):
801         (JSC::Watchdog::startTimer):
802         (JSC::Watchdog::stopTimer):
803         (JSC::Watchdog::willDestroyVM):
804         (JSC::Watchdog::terminateSoon): Deleted.
805         (JSC::Watchdog::shouldTerminateSlow): Deleted.
806         * runtime/Watchdog.h:
807         (JSC::Watchdog::shouldTerminate): Deleted.
808         (JSC::Watchdog::timerDidFireAddress): Deleted.
809
810 2017-02-27  Commit Queue  <commit-queue@webkit.org>
811
812         Unreviewed, rolling out r213019.
813         https://bugs.webkit.org/show_bug.cgi?id=168925
814
815         "It broke 32-bit jsc tests in debug builds" (Requested by
816         saamyjoon on #webkit).
817
818         Reverted changeset:
819
820         "op_get_by_id_with_this should use inline caching"
821         https://bugs.webkit.org/show_bug.cgi?id=162124
822         http://trac.webkit.org/changeset/213019
823
824 2017-02-27  JF Bastien  <jfbastien@apple.com>
825
826         WebAssembly: miscellaneous spec fixes part deux
827         https://bugs.webkit.org/show_bug.cgi?id=168861
828
829         Reviewed by Keith Miller.
830
831         * wasm/WasmFunctionParser.h: add some FIXME
832
833 2017-02-27  Alex Christensen  <achristensen@webkit.org>
834
835         [libwebrtc] Enable WebRTC in some Production Builds
836         https://bugs.webkit.org/show_bug.cgi?id=168858
837
838         * Configurations/FeatureDefines.xcconfig:
839
840 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
841
842         op_get_by_id_with_this should use inline caching
843         https://bugs.webkit.org/show_bug.cgi?id=162124
844
845         Reviewed by Saam Barati.
846
847         This patch is enabling inline cache for op_get_by_id_with_this in all
848         tiers. It means that operations using ```super.member``` are going to
849         be able to be optimized by PIC. To enable it, we introduced a new
850         member of StructureStubInfo.patch named thisGPR, created a new class
851         to manage the IC named JITGetByIdWithThisGenerator and changed
852         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
853         to decide the correct this value on inline caches.
854         With inline cached enabled, ```super.member``` are ~4.5x faster,
855         according microbenchmarks.
856
857         * bytecode/AccessCase.cpp:
858         (JSC::AccessCase::generateImpl):
859         * bytecode/PolymorphicAccess.cpp:
860         (JSC::PolymorphicAccess::regenerate):
861         * bytecode/PolymorphicAccess.h:
862         * bytecode/StructureStubInfo.cpp:
863         (JSC::StructureStubInfo::reset):
864         * bytecode/StructureStubInfo.h:
865         * dfg/DFGFixupPhase.cpp:
866         (JSC::DFG::FixupPhase::fixupNode):
867         * dfg/DFGJITCompiler.cpp:
868         (JSC::DFG::JITCompiler::link):
869         * dfg/DFGJITCompiler.h:
870         (JSC::DFG::JITCompiler::addGetByIdWithThis):
871         * dfg/DFGSpeculativeJIT.cpp:
872         (JSC::DFG::SpeculativeJIT::compileIn):
873         * dfg/DFGSpeculativeJIT.h:
874         (JSC::DFG::SpeculativeJIT::callOperation):
875         * dfg/DFGSpeculativeJIT32_64.cpp:
876         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
877         (JSC::DFG::SpeculativeJIT::compile):
878         * dfg/DFGSpeculativeJIT64.cpp:
879         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
880         (JSC::DFG::SpeculativeJIT::compile):
881         * ftl/FTLLowerDFGToB3.cpp:
882         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
883         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
884         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
885         * jit/CCallHelpers.h:
886         (JSC::CCallHelpers::setupArgumentsWithExecState):
887         * jit/ICStats.h:
888         * jit/JIT.cpp:
889         (JSC::JIT::JIT):
890         (JSC::JIT::privateCompileSlowCases):
891         (JSC::JIT::link):
892         * jit/JIT.h:
893         * jit/JITInlineCacheGenerator.cpp:
894         (JSC::JITByIdGenerator::JITByIdGenerator):
895         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
896         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
897         * jit/JITInlineCacheGenerator.h:
898         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
899         * jit/JITInlines.h:
900         (JSC::JIT::callOperation):
901         * jit/JITOperations.cpp:
902         * jit/JITOperations.h:
903         * jit/JITPropertyAccess.cpp:
904         (JSC::JIT::emit_op_get_by_id_with_this):
905         (JSC::JIT::emitSlow_op_get_by_id_with_this):
906         * jit/JITPropertyAccess32_64.cpp:
907         (JSC::JIT::emit_op_get_by_id_with_this):
908         (JSC::JIT::emitSlow_op_get_by_id_with_this):
909         * jit/Repatch.cpp:
910         (JSC::appropriateOptimizingGetByIdFunction):
911         (JSC::appropriateGenericGetByIdFunction):
912         (JSC::tryCacheGetByID):
913         * jit/Repatch.h:
914         * jsc.cpp:
915         (WTF::CustomGetter::getOwnPropertySlot):
916         (WTF::CustomGetter::customGetterAcessor):
917
918 2017-02-24  JF Bastien  <jfbastien@apple.com>
919
920         WebAssembly: miscellaneous spec fixes
921         https://bugs.webkit.org/show_bug.cgi?id=168822
922
923         Reviewed by Saam Barati.
924
925         * wasm/WasmModuleParser.cpp: "unknown" sections are now called "custom" sections
926         * wasm/WasmSections.h:
927         (JSC::Wasm::validateOrder):
928         (JSC::Wasm::makeString): fix ASSERT_UNREACHABLE bug in printing
929         * wasm/js/WebAssemblyInstanceConstructor.cpp:
930         (JSC::constructJSWebAssemblyInstance): disallow i64 import
931         * wasm/js/WebAssemblyModuleRecord.cpp:
932         (JSC::WebAssemblyModuleRecord::link): disallow i64 export
933         (JSC::WebAssemblyModuleRecord::evaluate):
934
935 2017-02-24  Filip Pizlo  <fpizlo@apple.com>
936
937         Move Arg::Type and Arg::Width out into the B3 namespace, since they are general concepts
938         https://bugs.webkit.org/show_bug.cgi?id=168833
939
940         Reviewed by Saam Barati.
941         
942         I want to use the Air::Arg::Type and Air::Arg::Width concepts in B3. We are already
943         doing this a bit, and it's akward because of the namespacing. Throughout B3 we take the
944         approach that if something is not specific to Air, then it should be in the B3
945         namespace.
946         
947         This moves Air::Arg::Type to B3::Bank. This moves Air::Arg::Width to B3::Width.
948         
949         I renamed Arg::Type to Bank because there is already a B3::Type and because Arg::Type
950         was never really a type. Its purpose was always to identify register banks, and we use
951         this enum when the thing we care about is whether the value is most appropriate for
952         GPRs or FPRs.
953         
954         I kept both as non-enum classes because I think that we've learned that terse compiler
955         code is a good thing. I don't want to say Bank::GP when I can say GP. With Width, the
956         argument is even stronger, since you cannot say Width::8 but you can say Width8.
957
958         * CMakeLists.txt:
959         * JavaScriptCore.xcodeproj/project.pbxproj:
960         * b3/B3Bank.cpp: Added.
961         (WTF::printInternal):
962         * b3/B3Bank.h: Added.
963         (JSC::B3::forEachBank):
964         (JSC::B3::bankForType):
965         * b3/B3CheckSpecial.cpp:
966         (JSC::B3::CheckSpecial::forEachArg):
967         * b3/B3LegalizeMemoryOffsets.cpp:
968         * b3/B3LowerToAir.cpp:
969         (JSC::B3::Air::LowerToAir::run):
970         (JSC::B3::Air::LowerToAir::tmp):
971         (JSC::B3::Air::LowerToAir::scaleForShl):
972         (JSC::B3::Air::LowerToAir::effectiveAddr):
973         (JSC::B3::Air::LowerToAir::addr):
974         (JSC::B3::Air::LowerToAir::createGenericCompare):
975         (JSC::B3::Air::LowerToAir::createBranch):
976         (JSC::B3::Air::LowerToAir::createCompare):
977         (JSC::B3::Air::LowerToAir::createSelect):
978         (JSC::B3::Air::LowerToAir::lower):
979         * b3/B3MemoryValue.cpp:
980         (JSC::B3::MemoryValue::accessWidth):
981         * b3/B3MemoryValue.h:
982         * b3/B3MoveConstants.cpp:
983         * b3/B3PatchpointSpecial.cpp:
984         (JSC::B3::PatchpointSpecial::forEachArg):
985         * b3/B3StackmapSpecial.cpp:
986         (JSC::B3::StackmapSpecial::forEachArgImpl):
987         * b3/B3Value.h:
988         * b3/B3Variable.h:
989         (JSC::B3::Variable::width):
990         (JSC::B3::Variable::bank):
991         * b3/B3WasmAddressValue.h:
992         * b3/B3Width.cpp: Added.
993         (WTF::printInternal):
994         * b3/B3Width.h: Added.
995         (JSC::B3::pointerWidth):
996         (JSC::B3::widthForType):
997         (JSC::B3::conservativeWidth):
998         (JSC::B3::minimumWidth):
999         (JSC::B3::bytes):
1000         (JSC::B3::widthForBytes):
1001         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
1002         * b3/air/AirAllocateStack.cpp:
1003         (JSC::B3::Air::allocateStack):
1004         * b3/air/AirArg.cpp:
1005         (JSC::B3::Air::Arg::canRepresent):
1006         (JSC::B3::Air::Arg::isCompatibleBank):
1007         (JSC::B3::Air::Arg::isCompatibleType): Deleted.
1008         * b3/air/AirArg.h:
1009         (JSC::B3::Air::Arg::hasBank):
1010         (JSC::B3::Air::Arg::bank):
1011         (JSC::B3::Air::Arg::isBank):
1012         (JSC::B3::Air::Arg::forEachTmp):
1013         (JSC::B3::Air::Arg::forEachType): Deleted.
1014         (JSC::B3::Air::Arg::pointerWidth): Deleted.
1015         (JSC::B3::Air::Arg::typeForB3Type): Deleted.
1016         (JSC::B3::Air::Arg::widthForB3Type): Deleted.
1017         (JSC::B3::Air::Arg::conservativeWidth): Deleted.
1018         (JSC::B3::Air::Arg::minimumWidth): Deleted.
1019         (JSC::B3::Air::Arg::bytes): Deleted.
1020         (JSC::B3::Air::Arg::widthForBytes): Deleted.
1021         (JSC::B3::Air::Arg::hasType): Deleted.
1022         (JSC::B3::Air::Arg::type): Deleted.
1023         (JSC::B3::Air::Arg::isType): Deleted.
1024         * b3/air/AirArgInlines.h:
1025         (JSC::B3::Air::ArgThingHelper<Tmp>::forEach):
1026         (JSC::B3::Air::ArgThingHelper<Arg>::forEach):
1027         (JSC::B3::Air::ArgThingHelper<Reg>::forEach):
1028         (JSC::B3::Air::Arg::forEach):
1029         * b3/air/AirCCallSpecial.cpp:
1030         (JSC::B3::Air::CCallSpecial::forEachArg):
1031         * b3/air/AirCCallingConvention.cpp:
1032         * b3/air/AirCode.cpp:
1033         (JSC::B3::Air::Code::Code):
1034         (JSC::B3::Air::Code::setRegsInPriorityOrder):
1035         (JSC::B3::Air::Code::pinRegister):
1036         * b3/air/AirCode.h:
1037         (JSC::B3::Air::Code::regsInPriorityOrder):
1038         (JSC::B3::Air::Code::newTmp):
1039         (JSC::B3::Air::Code::numTmps):
1040         (JSC::B3::Air::Code::regsInPriorityOrderImpl):
1041         * b3/air/AirCustom.cpp:
1042         (JSC::B3::Air::PatchCustom::isValidForm):
1043         (JSC::B3::Air::ShuffleCustom::isValidForm):
1044         * b3/air/AirCustom.h:
1045         (JSC::B3::Air::PatchCustom::forEachArg):
1046         (JSC::B3::Air::CCallCustom::forEachArg):
1047         (JSC::B3::Air::ColdCCallCustom::forEachArg):
1048         (JSC::B3::Air::ShuffleCustom::forEachArg):
1049         (JSC::B3::Air::WasmBoundsCheckCustom::forEachArg):
1050         * b3/air/AirDumpAsJS.cpp:
1051         (JSC::B3::Air::dumpAsJS):
1052         * b3/air/AirEliminateDeadCode.cpp:
1053         (JSC::B3::Air::eliminateDeadCode):
1054         * b3/air/AirEmitShuffle.cpp:
1055         (JSC::B3::Air::emitShuffle):
1056         * b3/air/AirEmitShuffle.h:
1057         (JSC::B3::Air::ShufflePair::ShufflePair):
1058         (JSC::B3::Air::ShufflePair::width):
1059         * b3/air/AirFixObviousSpills.cpp:
1060         * b3/air/AirFixPartialRegisterStalls.cpp:
1061         (JSC::B3::Air::fixPartialRegisterStalls):
1062         * b3/air/AirInst.cpp:
1063         (JSC::B3::Air::Inst::hasArgEffects):
1064         * b3/air/AirInst.h:
1065         (JSC::B3::Air::Inst::forEachTmp):
1066         * b3/air/AirInstInlines.h:
1067         (JSC::B3::Air::Inst::forEach):
1068         (JSC::B3::Air::Inst::forEachDef):
1069         (JSC::B3::Air::Inst::forEachDefWithExtraClobberedRegs):
1070         * b3/air/AirLiveness.h:
1071         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
1072         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
1073         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
1074         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
1075         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
1076         (JSC::B3::Air::RegLivenessAdapter::acceptsBank):
1077         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
1078         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute):
1079         (JSC::B3::Air::TmpLivenessAdapter::acceptsType): Deleted.
1080         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsType): Deleted.
1081         (JSC::B3::Air::RegLivenessAdapter::acceptsType): Deleted.
1082         * b3/air/AirLogRegisterPressure.cpp:
1083         (JSC::B3::Air::logRegisterPressure):
1084         * b3/air/AirLowerAfterRegAlloc.cpp:
1085         (JSC::B3::Air::lowerAfterRegAlloc):
1086         * b3/air/AirLowerMacros.cpp:
1087         (JSC::B3::Air::lowerMacros):
1088         * b3/air/AirPadInterference.cpp:
1089         (JSC::B3::Air::padInterference):
1090         * b3/air/AirReportUsedRegisters.cpp:
1091         (JSC::B3::Air::reportUsedRegisters):
1092         * b3/air/AirSpillEverything.cpp:
1093         (JSC::B3::Air::spillEverything):
1094         * b3/air/AirTmpInlines.h:
1095         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex): Deleted.
1096         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::lastMachineRegisterIndex): Deleted.
1097         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
1098         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex): Deleted.
1099         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::lastMachineRegisterIndex): Deleted.
1100         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
1101         * b3/air/AirTmpWidth.cpp:
1102         (JSC::B3::Air::TmpWidth::recompute):
1103         * b3/air/AirTmpWidth.h:
1104         (JSC::B3::Air::TmpWidth::width):
1105         (JSC::B3::Air::TmpWidth::requiredWidth):
1106         (JSC::B3::Air::TmpWidth::defWidth):
1107         (JSC::B3::Air::TmpWidth::useWidth):
1108         (JSC::B3::Air::TmpWidth::Widths::Widths):
1109         * b3/air/AirUseCounts.h:
1110         (JSC::B3::Air::UseCounts::UseCounts):
1111         * b3/air/AirValidate.cpp:
1112         * b3/air/opcode_generator.rb:
1113         * b3/air/testair.cpp:
1114         (JSC::B3::Air::compile): Deleted.
1115         (JSC::B3::Air::invoke): Deleted.
1116         (JSC::B3::Air::compileAndRun): Deleted.
1117         (JSC::B3::Air::testSimple): Deleted.
1118         (JSC::B3::Air::loadConstantImpl): Deleted.
1119         (JSC::B3::Air::loadConstant): Deleted.
1120         (JSC::B3::Air::loadDoubleConstant): Deleted.
1121         (JSC::B3::Air::testShuffleSimpleSwap): Deleted.
1122         (JSC::B3::Air::testShuffleSimpleShift): Deleted.
1123         (JSC::B3::Air::testShuffleLongShift): Deleted.
1124         (JSC::B3::Air::testShuffleLongShiftBackwards): Deleted.
1125         (JSC::B3::Air::testShuffleSimpleRotate): Deleted.
1126         (JSC::B3::Air::testShuffleSimpleBroadcast): Deleted.
1127         (JSC::B3::Air::testShuffleBroadcastAllRegs): Deleted.
1128         (JSC::B3::Air::testShuffleTreeShift): Deleted.
1129         (JSC::B3::Air::testShuffleTreeShiftBackward): Deleted.
1130         (JSC::B3::Air::testShuffleTreeShiftOtherBackward): Deleted.
1131         (JSC::B3::Air::testShuffleMultipleShifts): Deleted.
1132         (JSC::B3::Air::testShuffleRotateWithFringe): Deleted.
1133         (JSC::B3::Air::testShuffleRotateWithFringeInWeirdOrder): Deleted.
1134         (JSC::B3::Air::testShuffleRotateWithLongFringe): Deleted.
1135         (JSC::B3::Air::testShuffleMultipleRotates): Deleted.
1136         (JSC::B3::Air::testShuffleShiftAndRotate): Deleted.
1137         (JSC::B3::Air::testShuffleShiftAllRegs): Deleted.
1138         (JSC::B3::Air::testShuffleRotateAllRegs): Deleted.
1139         (JSC::B3::Air::testShuffleSimpleSwap64): Deleted.
1140         (JSC::B3::Air::testShuffleSimpleShift64): Deleted.
1141         (JSC::B3::Air::testShuffleSwapMixedWidth): Deleted.
1142         (JSC::B3::Air::testShuffleShiftMixedWidth): Deleted.
1143         (JSC::B3::Air::testShuffleShiftMemory): Deleted.
1144         (JSC::B3::Air::testShuffleShiftMemoryLong): Deleted.
1145         (JSC::B3::Air::testShuffleShiftMemoryAllRegs): Deleted.
1146         (JSC::B3::Air::testShuffleShiftMemoryAllRegs64): Deleted.
1147         (JSC::B3::Air::combineHiLo): Deleted.
1148         (JSC::B3::Air::testShuffleShiftMemoryAllRegsMixedWidth): Deleted.
1149         (JSC::B3::Air::testShuffleRotateMemory): Deleted.
1150         (JSC::B3::Air::testShuffleRotateMemory64): Deleted.
1151         (JSC::B3::Air::testShuffleRotateMemoryMixedWidth): Deleted.
1152         (JSC::B3::Air::testShuffleRotateMemoryAllRegs64): Deleted.
1153         (JSC::B3::Air::testShuffleRotateMemoryAllRegsMixedWidth): Deleted.
1154         (JSC::B3::Air::testShuffleSwapDouble): Deleted.
1155         (JSC::B3::Air::testShuffleShiftDouble): Deleted.
1156         (JSC::B3::Air::testX86VMULSD): Deleted.
1157         (JSC::B3::Air::testX86VMULSDDestRex): Deleted.
1158         (JSC::B3::Air::testX86VMULSDOp1DestRex): Deleted.
1159         (JSC::B3::Air::testX86VMULSDOp2DestRex): Deleted.
1160         (JSC::B3::Air::testX86VMULSDOpsDestRex): Deleted.
1161         (JSC::B3::Air::testX86VMULSDAddr): Deleted.
1162         (JSC::B3::Air::testX86VMULSDAddrOpRexAddr): Deleted.
1163         (JSC::B3::Air::testX86VMULSDDestRexAddr): Deleted.
1164         (JSC::B3::Air::testX86VMULSDRegOpDestRexAddr): Deleted.
1165         (JSC::B3::Air::testX86VMULSDAddrOpDestRexAddr): Deleted.
1166         (JSC::B3::Air::testX86VMULSDBaseNeedsRex): Deleted.
1167         (JSC::B3::Air::testX86VMULSDIndexNeedsRex): Deleted.
1168         (JSC::B3::Air::testX86VMULSDBaseIndexNeedRex): Deleted.
1169         (JSC::B3::Air::run): Deleted.
1170
1171 2017-02-24  Keith Miller  <keith_miller@apple.com>
1172
1173         We should be able to use std::tuples as keys in HashMap
1174         https://bugs.webkit.org/show_bug.cgi?id=168805
1175
1176         Reviewed by Filip Pizlo.
1177
1178         Convert the mess of std::pairs we used as the keys in PrototypeMap
1179         to a std::tuple. I also plan on using this for a HashMap in wasm.
1180
1181         * JavaScriptCore.xcodeproj/project.pbxproj:
1182         * runtime/PrototypeMap.cpp:
1183         (JSC::PrototypeMap::createEmptyStructure):
1184         (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
1185         * runtime/PrototypeMap.h:
1186
1187 2017-02-24  Saam Barati  <sbarati@apple.com>
1188
1189         Unreviewed. Remove inaccurate copy-paste comment from r212939.
1190
1191         * dfg/DFGOperations.cpp:
1192
1193 2017-02-23  Saam Barati  <sbarati@apple.com>
1194
1195         Intrinsicify parseInt
1196         https://bugs.webkit.org/show_bug.cgi?id=168627
1197
1198         Reviewed by Filip Pizlo.
1199
1200         This patch makes parseInt an intrinsic in the DFG and FTL.
1201         We do our best to eliminate this node. If we speculate that
1202         the first operand to the operation is an int32, and that there
1203         isn't a second operand, we convert to the identity of the first
1204         operand. That's because parseInt(someInt) === someInt.
1205         
1206         If the first operand is proven to be an integer, and the second
1207         operand is the integer 0 or the integer 10, we can eliminate the
1208         node by making it an identity over its first operand. That's
1209         because parseInt(someInt, 0) === someInt and parseInt(someInt, 10) === someInt.
1210         
1211         If we are not able to constant fold the node away, we try to remove
1212         checks. The most common use case of parseInt is that its first operand
1213         is a proven string. The DFG might be able to remove type checks in this
1214         case. We also set up CSE rules for parseInt(someString, someIntRadix)
1215         because it's a "pure" operation (modulo resolving a rope).
1216
1217         This looks to be a 4% Octane/Box2D progression.
1218
1219         * dfg/DFGAbstractInterpreterInlines.h:
1220         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1221         * dfg/DFGByteCodeParser.cpp:
1222         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1223         * dfg/DFGClobberize.h:
1224         (JSC::DFG::clobberize):
1225         * dfg/DFGConstantFoldingPhase.cpp:
1226         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1227         * dfg/DFGDoesGC.cpp:
1228         (JSC::DFG::doesGC):
1229         * dfg/DFGFixupPhase.cpp:
1230         (JSC::DFG::FixupPhase::fixupNode):
1231         * dfg/DFGNode.h:
1232         (JSC::DFG::Node::hasHeapPrediction):
1233         * dfg/DFGNodeType.h:
1234         * dfg/DFGOperations.cpp:
1235         (JSC::DFG::parseIntResult):
1236         * dfg/DFGOperations.h:
1237         * dfg/DFGPredictionPropagationPhase.cpp:
1238         * dfg/DFGSafeToExecute.h:
1239         (JSC::DFG::safeToExecute):
1240         * dfg/DFGSpeculativeJIT.cpp:
1241         (JSC::DFG::SpeculativeJIT::compileParseInt):
1242         * dfg/DFGSpeculativeJIT.h:
1243         (JSC::DFG::SpeculativeJIT::callOperation):
1244         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1245         * dfg/DFGSpeculativeJIT32_64.cpp:
1246         (JSC::DFG::SpeculativeJIT::compile):
1247         * dfg/DFGSpeculativeJIT64.cpp:
1248         (JSC::DFG::SpeculativeJIT::compile):
1249         * ftl/FTLCapabilities.cpp:
1250         (JSC::FTL::canCompile):
1251         * ftl/FTLLowerDFGToB3.cpp:
1252         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1253         (JSC::FTL::DFG::LowerDFGToB3::compileParseInt):
1254         * jit/JITOperations.h:
1255         * parser/Lexer.cpp:
1256         * runtime/ErrorInstance.cpp:
1257         * runtime/Intrinsic.h:
1258         * runtime/JSGlobalObject.cpp:
1259         (JSC::JSGlobalObject::init):
1260         * runtime/JSGlobalObjectFunctions.cpp:
1261         (JSC::toStringView): Deleted.
1262         (JSC::isStrWhiteSpace): Deleted.
1263         (JSC::parseDigit): Deleted.
1264         (JSC::parseIntOverflow): Deleted.
1265         (JSC::parseInt): Deleted.
1266         * runtime/JSGlobalObjectFunctions.h:
1267         * runtime/ParseInt.h: Added.
1268         (JSC::parseDigit):
1269         (JSC::parseIntOverflow):
1270         (JSC::isStrWhiteSpace):
1271         (JSC::parseInt):
1272         (JSC::toStringView):
1273         * runtime/StringPrototype.cpp:
1274
1275 2017-02-23  JF Bastien  <jfbastien@apple.com>
1276
1277         WebAssembly: support 0x1 version
1278         https://bugs.webkit.org/show_bug.cgi?id=168672
1279
1280         Reviewed by Keith Miller.
1281
1282         * wasm/wasm.json: update the version number, everything is based
1283         on its value
1284
1285 2017-02-23  Saam Barati  <sbarati@apple.com>
1286
1287         Make Briggs fixpoint validation run only with validateGraphAtEachPhase
1288         https://bugs.webkit.org/show_bug.cgi?id=168795
1289
1290         Rubber stamped by Keith Miller.
1291
1292         The Briggs allocator was running intensive validation
1293         on each step of the fixpoint. Instead, it now will just
1294         do it when shouldValidateIRAtEachPhase() is true because
1295         doing this for all !ASSERT_DISABLED builds takes too long.
1296
1297         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
1298
1299 2017-02-23  Filip Pizlo  <fpizlo@apple.com>
1300
1301         SpeculativeJIT::compilePutByValForIntTypedArray should only do the constant-folding optimization when the constant passes the type check
1302         https://bugs.webkit.org/show_bug.cgi?id=168787
1303
1304         Reviewed by Michael Saboff and Mark Lam.
1305
1306         * dfg/DFGSpeculativeJIT.cpp:
1307         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1308
1309 2017-02-23  Mark Lam  <mark.lam@apple.com>
1310
1311         Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
1312         https://bugs.webkit.org/show_bug.cgi?id=168786
1313
1314         Reviewed by Filip Pizlo.
1315
1316         In practice, we will always have multiple instructions after invalidation points,
1317         and have enough room in the JIT buffer for the invalidation point to work with.
1318         However, as a precaution, we can guarantee that there's enough room by always
1319         emitting a label just before we link the buffer.  The label will emit nop padding
1320         if needed.
1321
1322         * assembler/LinkBuffer.cpp:
1323         (JSC::LinkBuffer::linkCode):
1324
1325 2017-02-23  Keith Miller  <keith_miller@apple.com>
1326
1327         Unreviewed, fix the cloop build. Needed a #if.
1328
1329         * jit/ExecutableAllocator.cpp:
1330
1331 2017-02-22  Carlos Garcia Campos  <cgarcia@igalia.com>
1332
1333         Better handle Thread and RunLoop initialization
1334         https://bugs.webkit.org/show_bug.cgi?id=167828
1335
1336         Reviewed by Yusuke Suzuki.
1337
1338         * runtime/InitializeThreading.cpp:
1339         (JSC::initializeThreading): Do not initialize double_conversion, that is already initialized by WTF, and GC
1340         threads that will be initialized by WTF main thread when needed.
1341
1342 2017-02-22  JF Bastien  <jfbastien@apple.com>
1343
1344         WebAssembly: clear out insignificant i32 bits when calling JavaScript
1345         https://bugs.webkit.org/show_bug.cgi?id=166677
1346
1347         Reviewed by Keith Miller.
1348
1349         When WebAssembly calls JavaScript it needs to clear out the
1350         insignificant bits of int32 values:
1351
1352           +------------------- tag
1353           |  +---------------- insignificant
1354           |  |   +------------ 32-bit integer value
1355           |  |   |
1356           |--|---|-------|
1357         0xffff0000ffffffff
1358
1359         At least some JavaScript code assumes that these bits are all
1360         zero. In the wasm-to-wasm.js example we store a 64-bit value in an
1361         object with lo / hi fields, each containing 32-bit integers. We
1362         then load these back, and the baseline compiler fails its
1363         comparison because it first checks the value are the same type
1364         (yes, because the int32 tag is set in both), and then whether they
1365         have the same value (no, because comparing the two registers
1366         fails). We could argue that the baseline compiler is wrong for
1367         performing a 64-bit comparison, but it doesn't really matter
1368         because there's not much of a point in breaking that invariant for
1369         WebAssembly's sake.
1370
1371         * wasm/WasmBinding.cpp:
1372         (JSC::Wasm::wasmToJs):
1373
1374 2017-02-22  Keith Miller  <keith_miller@apple.com>
1375
1376         Remove the demand executable allocator
1377         https://bugs.webkit.org/show_bug.cgi?id=168754
1378
1379         Reviewed by Saam Barati.
1380
1381         We currently only use the demand executable allocator for non-iOS 32-bit platforms.
1382         Benchmark results on a MBP indicate there is no appreciable performance difference
1383         between a the fixed and demand allocators. In a future patch I will go back through
1384         this code and remove more of the abstractions.
1385
1386         * JavaScriptCore.xcodeproj/project.pbxproj:
1387         * jit/ExecutableAllocator.cpp:
1388         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1389         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1390         (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
1391         (JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
1392         (JSC::ExecutableAllocator::initializeAllocator):
1393         (JSC::ExecutableAllocator::ExecutableAllocator):
1394         (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
1395         (JSC::ExecutableAllocator::isValid):
1396         (JSC::ExecutableAllocator::underMemoryPressure):
1397         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1398         (JSC::ExecutableAllocator::allocate):
1399         (JSC::ExecutableAllocator::isValidExecutableMemory):
1400         (JSC::ExecutableAllocator::getLock):
1401         (JSC::ExecutableAllocator::committedByteCount):
1402         (JSC::ExecutableAllocator::dumpProfile):
1403         (JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
1404         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
1405         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
1406         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
1407         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
1408         (JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
1409         (JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
1410         (JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
1411         (JSC::DemandExecutableAllocator::allocators): Deleted.
1412         (JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
1413         * jit/ExecutableAllocator.h:
1414         * jit/ExecutableAllocatorFixedVMPool.cpp: Removed.
1415         * jit/JITStubRoutine.h:
1416         (JSC::JITStubRoutine::canPerformRangeFilter):
1417         (JSC::JITStubRoutine::filteringStartAddress):
1418         (JSC::JITStubRoutine::filteringExtentSize):
1419
1420 2017-02-22  Saam Barati  <sbarati@apple.com>
1421
1422         Add biased coloring to Briggs and IRC
1423         https://bugs.webkit.org/show_bug.cgi?id=168611
1424
1425         Reviewed by Filip Pizlo.
1426
1427         This patch implements biased coloring as proposed by Briggs. See section
1428         5.3.3 of his thesis for more information: http://www.cs.utexas.edu/users/mckinley/380C/lecs/briggs-thesis-1992.pdf
1429
1430         The main idea of biased coloring is this:
1431         We try to coalesce a move between u and v, but the conservative heuristic
1432         fails. We don't want coalesce the move because we don't want to risk
1433         creating an uncolorable graph. However, if the conservative heuristic fails,
1434         it's not proof that the graph is uncolorable if the move were indeed coalesced.
1435         So, when we go to color the tmps, we'll remember that we really want the
1436         same register for u and v, and if legal during coloring, we will
1437         assign them to the same register.
1438
1439         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
1440
1441 2017-02-22  Yusuke Suzuki  <utatane.tea@gmail.com>
1442
1443         JSModuleNamespace object should have IC
1444         https://bugs.webkit.org/show_bug.cgi?id=160590
1445
1446         Reviewed by Saam Barati.
1447
1448         This patch optimizes accesses to module namespace objects.
1449
1450         1. Cache the resolutions for module namespace objects.
1451
1452             When constructing the module namespace object, we already resolves all the exports.
1453             The module namespace object caches this result and leverage it in the later access in
1454             getOwnPropertySlot. This avoids resolving bindings through resolveExport.
1455
1456         2. Introduce ModuleNamespaceLoad IC.
1457
1458             This patch adds new IC for module namespace objects. The mechanism is simple, getOwnPropertySlot
1459             tells us about module namespace object resolution. The IC first checks whether the given object
1460             is an expected module namespace object. If this check succeeds, we load the value from the module
1461             environment.
1462
1463         3. Introduce DFG/FTL optimization.
1464
1465             After exploiting module namespace object accesses in (2), DFG can recognize this in ByteCodeParser.
1466             DFG will convert it to CheckCell with the namespace object and GetClosureVar from the cached environment.
1467             At that time, we have a chance to fold it to the constant.
1468
1469         This optimization improves the performance of accessing to module namespace objects.
1470
1471         Before
1472             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-namespace.js
1473             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.43s user 0.03s system 101% cpu 0.451 total
1474             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-binding.js
1475             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.08s user 0.02s system 103% cpu 0.104 total
1476
1477         After
1478             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-namespace.js
1479             ../../WebKitBuild/module-ic/Release/bin/jsc -m   0.11s user 0.01s system 106% cpu 0.109 total
1480             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.js
1481             ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.j  0.08s user 0.02s system 102% cpu 0.105 total
1482
1483         * CMakeLists.txt:
1484         * JavaScriptCore.xcodeproj/project.pbxproj:
1485         * bytecode/AccessCase.cpp:
1486         (JSC::AccessCase::create):
1487         (JSC::AccessCase::guardedByStructureCheck):
1488         (JSC::AccessCase::canReplace):
1489         (JSC::AccessCase::visitWeak):
1490         (JSC::AccessCase::generateWithGuard):
1491         (JSC::AccessCase::generateImpl):
1492         * bytecode/AccessCase.h:
1493         * bytecode/GetByIdStatus.cpp:
1494         (JSC::GetByIdStatus::GetByIdStatus):
1495         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1496         (JSC::GetByIdStatus::makesCalls):
1497         (JSC::GetByIdStatus::dump):
1498         * bytecode/GetByIdStatus.h:
1499         (JSC::GetByIdStatus::isModuleNamespace):
1500         (JSC::GetByIdStatus::takesSlowPath):
1501         (JSC::GetByIdStatus::moduleNamespaceObject):
1502         (JSC::GetByIdStatus::moduleEnvironment):
1503         (JSC::GetByIdStatus::scopeOffset):
1504         * bytecode/ModuleNamespaceAccessCase.cpp: Added.
1505         (JSC::ModuleNamespaceAccessCase::ModuleNamespaceAccessCase):
1506         (JSC::ModuleNamespaceAccessCase::create):
1507         (JSC::ModuleNamespaceAccessCase::~ModuleNamespaceAccessCase):
1508         (JSC::ModuleNamespaceAccessCase::clone):
1509         (JSC::ModuleNamespaceAccessCase::emit):
1510         * bytecode/ModuleNamespaceAccessCase.h: Added.
1511         (JSC::ModuleNamespaceAccessCase::moduleNamespaceObject):
1512         (JSC::ModuleNamespaceAccessCase::moduleEnvironment):
1513         (JSC::ModuleNamespaceAccessCase::scopeOffset):
1514         * bytecode/PolymorphicAccess.cpp:
1515         (WTF::printInternal):
1516         * dfg/DFGByteCodeParser.cpp:
1517         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
1518         (JSC::DFG::ByteCodeParser::handleGetById):
1519         * jit/AssemblyHelpers.h:
1520         (JSC::AssemblyHelpers::loadValue):
1521         * jit/Repatch.cpp:
1522         (JSC::tryCacheGetByID):
1523         * runtime/AbstractModuleRecord.cpp:
1524         (JSC::AbstractModuleRecord::getModuleNamespace):
1525         * runtime/JSModuleNamespaceObject.cpp:
1526         (JSC::JSModuleNamespaceObject::finishCreation):
1527         (JSC::JSModuleNamespaceObject::visitChildren):
1528         (JSC::getValue):
1529         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1530         (JSC::JSModuleNamespaceObject::getOwnPropertyNames):
1531         * runtime/JSModuleNamespaceObject.h:
1532         (JSC::isJSModuleNamespaceObject):
1533         (JSC::JSModuleNamespaceObject::create): Deleted.
1534         (JSC::JSModuleNamespaceObject::createStructure): Deleted.
1535         (JSC::JSModuleNamespaceObject::moduleRecord): Deleted.
1536         * runtime/JSModuleRecord.h:
1537         (JSC::JSModuleRecord::moduleEnvironment): Deleted.
1538         * runtime/PropertySlot.h:
1539         (JSC::PropertySlot::PropertySlot):
1540         (JSC::PropertySlot::domJIT):
1541         (JSC::PropertySlot::moduleNamespaceSlot):
1542         (JSC::PropertySlot::setValueModuleNamespace):
1543         (JSC::PropertySlot::setCacheableCustom):
1544
1545 2017-02-22  Saam Barati  <sbarati@apple.com>
1546
1547         Unreviewed. Rename AirGraphColoring.* files to AirAllocateRegistersByGraphColoring.* to be more consistent with the rest of the Air file names.
1548
1549         * CMakeLists.txt:
1550         * JavaScriptCore.xcodeproj/project.pbxproj:
1551         * b3/air/AirAllocateRegistersByGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirGraphColoring.cpp.
1552         * b3/air/AirAllocateRegistersByGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirGraphColoring.h.
1553         * b3/air/AirGenerate.cpp:
1554         * b3/air/AirGraphColoring.cpp: Removed.
1555         * b3/air/AirGraphColoring.h: Removed.
1556
1557 2017-02-21  Youenn Fablet  <youenn@apple.com>
1558
1559         [WebRTC][Mac] Activate libwebrtc
1560         https://bugs.webkit.org/show_bug.cgi?id=167293
1561         <rdar://problem/30401864>
1562
1563         Reviewed by Alex Christensen.
1564
1565         * Configurations/FeatureDefines.xcconfig:
1566
1567 2017-02-21  Saam Barati  <sbarati@apple.com>
1568
1569         Add the Briggs optimistic allocator to run on ARM64
1570         https://bugs.webkit.org/show_bug.cgi?id=168454
1571
1572         Reviewed by Filip Pizlo.
1573
1574         This patch adds the Briggs allocator to Air:
1575         http://www.cs.utexas.edu/users/mckinley/380C/lecs/briggs-thesis-1992.pdf
1576         It uses it by default on ARM64. I was measuring an 8-10% speedup
1577         in the phase because of this. I also wasn't able to detect a slowdown 
1578         for generated code on ARM64. There are still a few things we can do
1579         to speed things up even further. Moving the interference graph into
1580         a BitVector was another 10-20% speedup. We should consider doing this
1581         in a follow up patch. This is especially important now, since making
1582         register allocation faster has a direct impact on startup time for
1583         Wasm modules.
1584         
1585         I abstracted away the common bits between Briggs and IRC, and moved
1586         them into a common super class. In a follow up to this patch, I plan
1587         on implementing biased coloring for both Briggs and IRC (this is
1588         described in Briggs's thesis). I was able to detect a 1% slowdown
1589         with Briggs on Octane for x86-64. This is because the register file
1590         for x86-64 is smaller than ARM64. When I implemented biased coloring,
1591         I was no longer able to detect this slowdown. I still think it's a
1592         sensible plan to run Briggs on ARM64 and IRC on x86-64.
1593
1594         * CMakeLists.txt:
1595         * JavaScriptCore.xcodeproj/project.pbxproj:
1596         * b3/air/AirGenerate.cpp:
1597         (JSC::B3::Air::prepareForGeneration):
1598         * b3/air/AirGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp.
1599         (JSC::B3::Air::allocateRegistersByGraphColoring):
1600         (JSC::B3::Air::iteratedRegisterCoalescing): Deleted.
1601         * b3/air/AirGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.h.
1602         * b3/air/AirIteratedRegisterCoalescing.cpp: Removed.
1603         * b3/air/AirIteratedRegisterCoalescing.h: Removed.
1604         * runtime/Options.h:
1605
1606 2017-02-21  Mark Lam  <mark.lam@apple.com>
1607
1608         Add more missing exception checks detected by running marathon.js.
1609         https://bugs.webkit.org/show_bug.cgi?id=168697
1610
1611         Reviewed by Saam Barati.
1612
1613         * runtime/StringPrototype.cpp:
1614         (JSC::replaceUsingRegExpSearch):
1615         (JSC::replaceUsingStringSearch):
1616
1617 2017-02-21  JF Bastien  <jfbastien@apple.com>
1618
1619         FullCodeOrigin for CodeBlock+CodeOrigin printing
1620         https://bugs.webkit.org/show_bug.cgi?id=168673
1621
1622         Reviewed by Filip Pizlo.
1623
1624         WebAssembly doesn't have a CodeBlock, so printing it isn't
1625         valid. This patch adds FullCodeOrigin to handle the
1626         CodeBlock+CodeOrigin printing pattern, and uses it through all the
1627         places I could find, including Repatch.cpp where it's relevant for
1628         WebAssembly.
1629
1630         * CMakeLists.txt:
1631         * JavaScriptCore.xcodeproj/project.pbxproj:
1632         * bytecode/CodeBlock.cpp:
1633         (JSC::CodeBlock::noticeIncomingCall):
1634         * bytecode/FullCodeOrigin.cpp: Added.
1635         (JSC::FullCodeOrigin::dump):
1636         (JSC::FullCodeOrigin::dumpInContext):
1637         * bytecode/FullCodeOrigin.h: Added.
1638         (JSC::FullCodeOrigin::FullCodeOrigin):
1639         * bytecode/PolymorphicAccess.cpp:
1640         (JSC::PolymorphicAccess::regenerate):
1641         * jit/PolymorphicCallStubRoutine.cpp:
1642         (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
1643         * jit/Repatch.cpp:
1644         (JSC::linkFor):
1645         (JSC::linkDirectFor):
1646         (JSC::linkVirtualFor):
1647
1648 2017-02-21  Filip Pizlo  <fpizlo@apple.com>
1649
1650         Unreviewed, fix cloop. I managed to have my local patch for relanding be the one without the cloop
1651         fix. I keep forgetting about cloop!
1652
1653         * heap/Heap.cpp:
1654         (JSC::Heap::stopThePeriphery):
1655         * runtime/JSLock.cpp:
1656
1657 2017-02-21  Mark Lam  <mark.lam@apple.com>
1658
1659         Add missing exception checks detected by running marathon.js.
1660         https://bugs.webkit.org/show_bug.cgi?id=168687
1661
1662         Reviewed by Saam Barati.
1663
1664         When running the marathon.js test from https://bugs.webkit.org/show_bug.cgi?id=168580,
1665         we get some crashes due to missing exception checks.  This patch adds those
1666         missing exception checks.
1667
1668         * runtime/JSCJSValueInlines.h:
1669         (JSC::JSValue::toPropertyKey):
1670         * runtime/JSObject.cpp:
1671         (JSC::JSObject::getPrimitiveNumber):
1672
1673 2017-02-20  Filip Pizlo  <fpizlo@apple.com>
1674
1675         The collector thread should only start when the mutator doesn't have heap access
1676         https://bugs.webkit.org/show_bug.cgi?id=167737
1677
1678         Reviewed by Keith Miller.
1679         
1680         This turns the collector thread's workflow into a state machine, so that the mutator thread can
1681         run it directly. This reduces the amount of synchronization we do with the collector thread, and
1682         means that most apps will never start the collector thread. The collector thread will still start
1683         when we need to finish collecting and we don't have heap access.
1684         
1685         In this new world, "stopping the world" means relinquishing control of collection to the mutator.
1686         This means tracking who is conducting collection. I use the GCConductor enum to say who is
1687         conducting. It's either GCConductor::Mutator or GCConductor::Collector. I use the term "conn" to
1688         refer to the concept of conducting (having the conn, relinquishing the conn, taking the conn).
1689         So, stopping the world means giving the mutator the conn. Releasing heap access means giving the
1690         collector the conn.
1691         
1692         This meant bringing back the conservative scan of the calling thread. It turns out that this
1693         scan was too slow to be called on each GC increment because apparently setjmp() now does system
1694         calls. So, I wrote our own callee save register saving for the GC. Then I had doubts about
1695         whether or not it was correct, so I also made it so that the GC only rarely asks for the register
1696         state. I think we still want to use my register saving code instead of setjmp because setjmp
1697         seems to save things we don't need, and that could make us overly conservative.
1698         
1699         It turns out that this new scheduling discipline makes the old space-time scheduler perform
1700         better than the new stochastic space-time scheduler on systems with fewer than 4 cores. This is
1701         because the mutator having the conn enables us to time the mutator<->collector context switches
1702         by polling. The OS is never involved. So, we can use super precise timing. This allows the old
1703         space-time schduler to shine like it hadn't before.
1704         
1705         The splay results imply that this is all a good thing. On 2-core systems, this reduces pause
1706         times by 40% and it increases throughput about 5%. On 1-core systems, this reduces pause times by
1707         half and reduces throughput by 8%. On 4-or-more-core systems, this doesn't seem to have much
1708         effect.
1709
1710         * CMakeLists.txt:
1711         * JavaScriptCore.xcodeproj/project.pbxproj:
1712         * bytecode/CodeBlock.cpp:
1713         (JSC::CodeBlock::visitChildren):
1714         * dfg/DFGWorklist.cpp:
1715         (JSC::DFG::Worklist::ThreadBody::ThreadBody):
1716         (JSC::DFG::Worklist::dump):
1717         (JSC::DFG::numberOfWorklists):
1718         (JSC::DFG::ensureWorklistForIndex):
1719         (JSC::DFG::existingWorklistForIndexOrNull):
1720         (JSC::DFG::existingWorklistForIndex):
1721         * dfg/DFGWorklist.h:
1722         (JSC::DFG::numberOfWorklists): Deleted.
1723         (JSC::DFG::ensureWorklistForIndex): Deleted.
1724         (JSC::DFG::existingWorklistForIndexOrNull): Deleted.
1725         (JSC::DFG::existingWorklistForIndex): Deleted.
1726         * heap/CollectingScope.h: Added.
1727         (JSC::CollectingScope::CollectingScope):
1728         (JSC::CollectingScope::~CollectingScope):
1729         * heap/CollectorPhase.cpp: Added.
1730         (JSC::worldShouldBeSuspended):
1731         (WTF::printInternal):
1732         * heap/CollectorPhase.h: Added.
1733         * heap/EdenGCActivityCallback.cpp:
1734         (JSC::EdenGCActivityCallback::lastGCLength):
1735         * heap/FullGCActivityCallback.cpp:
1736         (JSC::FullGCActivityCallback::doCollection):
1737         (JSC::FullGCActivityCallback::lastGCLength):
1738         * heap/GCConductor.cpp: Added.
1739         (JSC::gcConductorShortName):
1740         (WTF::printInternal):
1741         * heap/GCConductor.h: Added.
1742         * heap/GCFinalizationCallback.cpp: Added.
1743         (JSC::GCFinalizationCallback::GCFinalizationCallback):
1744         (JSC::GCFinalizationCallback::~GCFinalizationCallback):
1745         * heap/GCFinalizationCallback.h: Added.
1746         (JSC::GCFinalizationCallbackFuncAdaptor::GCFinalizationCallbackFuncAdaptor):
1747         (JSC::createGCFinalizationCallback):
1748         * heap/Heap.cpp:
1749         (JSC::Heap::Thread::Thread):
1750         (JSC::Heap::Heap):
1751         (JSC::Heap::lastChanceToFinalize):
1752         (JSC::Heap::gatherStackRoots):
1753         (JSC::Heap::updateObjectCounts):
1754         (JSC::Heap::sweepSynchronously):
1755         (JSC::Heap::collectAllGarbage):
1756         (JSC::Heap::collectAsync):
1757         (JSC::Heap::collectSync):
1758         (JSC::Heap::shouldCollectInCollectorThread):
1759         (JSC::Heap::collectInCollectorThread):
1760         (JSC::Heap::checkConn):
1761         (JSC::Heap::runNotRunningPhase):
1762         (JSC::Heap::runBeginPhase):
1763         (JSC::Heap::runFixpointPhase):
1764         (JSC::Heap::runConcurrentPhase):
1765         (JSC::Heap::runReloopPhase):
1766         (JSC::Heap::runEndPhase):
1767         (JSC::Heap::changePhase):
1768         (JSC::Heap::finishChangingPhase):
1769         (JSC::Heap::stopThePeriphery):
1770         (JSC::Heap::resumeThePeriphery):
1771         (JSC::Heap::stopTheMutator):
1772         (JSC::Heap::resumeTheMutator):
1773         (JSC::Heap::stopIfNecessarySlow):
1774         (JSC::Heap::collectInMutatorThread):
1775         (JSC::Heap::waitForCollector):
1776         (JSC::Heap::acquireAccessSlow):
1777         (JSC::Heap::releaseAccessSlow):
1778         (JSC::Heap::relinquishConn):
1779         (JSC::Heap::finishRelinquishingConn):
1780         (JSC::Heap::handleNeedFinalize):
1781         (JSC::Heap::notifyThreadStopping):
1782         (JSC::Heap::finalize):
1783         (JSC::Heap::addFinalizationCallback):
1784         (JSC::Heap::requestCollection):
1785         (JSC::Heap::waitForCollection):
1786         (JSC::Heap::updateAllocationLimits):
1787         (JSC::Heap::didFinishCollection):
1788         (JSC::Heap::collectIfNecessaryOrDefer):
1789         (JSC::Heap::notifyIsSafeToCollect):
1790         (JSC::Heap::preventCollection):
1791         (JSC::Heap::performIncrement):
1792         (JSC::Heap::markToFixpoint): Deleted.
1793         (JSC::Heap::shouldCollectInThread): Deleted.
1794         (JSC::Heap::collectInThread): Deleted.
1795         (JSC::Heap::stopTheWorld): Deleted.
1796         (JSC::Heap::resumeTheWorld): Deleted.
1797         * heap/Heap.h:
1798         (JSC::Heap::machineThreads):
1799         (JSC::Heap::lastFullGCLength):
1800         (JSC::Heap::lastEdenGCLength):
1801         (JSC::Heap::increaseLastFullGCLength):
1802         * heap/HeapInlines.h:
1803         (JSC::Heap::mutatorIsStopped): Deleted.
1804         * heap/HeapStatistics.cpp: Removed.
1805         * heap/HeapStatistics.h: Removed.
1806         * heap/HelpingGCScope.h: Removed.
1807         * heap/IncrementalSweeper.cpp:
1808         (JSC::IncrementalSweeper::stopSweeping):
1809         (JSC::IncrementalSweeper::willFinishSweeping): Deleted.
1810         * heap/IncrementalSweeper.h:
1811         * heap/MachineStackMarker.cpp:
1812         (JSC::MachineThreads::gatherFromCurrentThread):
1813         (JSC::MachineThreads::gatherConservativeRoots):
1814         (JSC::callWithCurrentThreadState):
1815         * heap/MachineStackMarker.h:
1816         * heap/MarkedAllocator.cpp:
1817         (JSC::MarkedAllocator::allocateSlowCaseImpl):
1818         * heap/MarkedBlock.cpp:
1819         (JSC::MarkedBlock::Handle::sweep):
1820         * heap/MarkedSpace.cpp:
1821         (JSC::MarkedSpace::sweep):
1822         * heap/MutatorState.cpp:
1823         (WTF::printInternal):
1824         * heap/MutatorState.h:
1825         * heap/RegisterState.h: Added.
1826         * heap/RunningScope.h: Added.
1827         (JSC::RunningScope::RunningScope):
1828         (JSC::RunningScope::~RunningScope):
1829         * heap/SlotVisitor.cpp:
1830         (JSC::SlotVisitor::SlotVisitor):
1831         (JSC::SlotVisitor::drain):
1832         (JSC::SlotVisitor::drainFromShared):
1833         (JSC::SlotVisitor::drainInParallelPassively):
1834         (JSC::SlotVisitor::donateAll):
1835         (JSC::SlotVisitor::donate):
1836         * heap/SlotVisitor.h:
1837         (JSC::SlotVisitor::codeName):
1838         * heap/StochasticSpaceTimeMutatorScheduler.cpp:
1839         (JSC::StochasticSpaceTimeMutatorScheduler::beginCollection):
1840         (JSC::StochasticSpaceTimeMutatorScheduler::synchronousDrainingDidStall):
1841         (JSC::StochasticSpaceTimeMutatorScheduler::timeToStop):
1842         * heap/SweepingScope.h: Added.
1843         (JSC::SweepingScope::SweepingScope):
1844         (JSC::SweepingScope::~SweepingScope):
1845         * jit/JITWorklist.cpp:
1846         (JSC::JITWorklist::Thread::Thread):
1847         * jsc.cpp:
1848         (GlobalObject::finishCreation):
1849         (functionFlashHeapAccess):
1850         * runtime/InitializeThreading.cpp:
1851         (JSC::initializeThreading):
1852         * runtime/JSCellInlines.h:
1853         (JSC::JSCell::classInfo):
1854         * runtime/Options.cpp:
1855         (JSC::overrideDefaults):
1856         * runtime/Options.h:
1857         * runtime/TestRunnerUtils.cpp:
1858         (JSC::finalizeStatsAtEndOfTesting):
1859
1860 2017-02-21  Saam Barati  <sbarati@apple.com>
1861
1862         Air should have a disassembly mode that dumps IR and assembly intermixed
1863         https://bugs.webkit.org/show_bug.cgi?id=168629
1864
1865         Reviewed by Filip Pizlo.
1866
1867         This will make dumping FTL disassembly dump Air intermixed
1868         with the assembly generated by each Air Inst. This is similar
1869         to how dumpDFGDisassembly dumps the generated assembly for each
1870         Node.
1871         
1872         Here is what the output will look like:
1873         
1874         Generated FTL JIT code for foo#CUaFiQ:[0x10b76c960->0x10b76c2d0->0x10b7b6da0, FTLFunctionCall, 40 (NeverInline)], instruction count = 40:
1875         BB#0: ; frequency = 1.000000
1876                 0x469004e02e00: push %rbp
1877                 0x469004e02e01: mov %rsp, %rbp
1878                 0x469004e02e04: add $0xffffffffffffffd0, %rsp
1879             Move $0x10b76c960, %rax, $4487301472(@16)
1880                 0x469004e02e08: mov $0x10b76c960, %rax
1881             Move %rax, 16(%rbp), @19
1882                 0x469004e02e12: mov %rax, 0x10(%rbp)
1883             Patch &Patchpoint2, %rbp, %rax, @20
1884                 0x469004e02e16: lea -0x50(%rbp), %rax
1885                 0x469004e02e1a: mov $0x1084081e0, %r11
1886                 0x469004e02e24: cmp %rax, (%r11)
1887                 0x469004e02e27: ja 0x469004e02e9a
1888             Move 56(%rbp), %rdx, @23
1889                 0x469004e02e2d: mov 0x38(%rbp), %rdx
1890             Move $0xffff000000000002, %rax, $-281474976710654(@15)
1891                 0x469004e02e31: mov $0xffff000000000002, %rax
1892             Patch &BranchTest64(3,SameAsRep)1, NonZero, %rdx, %rax, %rdx, @26
1893                 0x469004e02e3b: test %rdx, %rax
1894                 0x469004e02e3e: jnz 0x469004e02f08
1895             Move 48(%rbp), %rax, @29
1896                 0x469004e02e44: mov 0x30(%rbp), %rax
1897             Move %rax, %rcx, @31
1898                 0x469004e02e48: mov %rax, %rcx
1899             Xor64 $6, %rcx, @31
1900                 0x469004e02e4b: xor $0x6, %rcx
1901             Patch &BranchTest64(3,SameAsRep)1, NonZero, %rcx, $-2, %rax, @35
1902                 0x469004e02e4f: test $0xfffffffffffffffe, %rcx
1903                 0x469004e02e56: jnz 0x469004e02f12
1904             Patch &Branch32(3,SameAsRep)0, NotEqual, (%rdx), $266, %rdx, @45
1905                 0x469004e02e5c: cmp $0x10a, (%rdx)
1906                 0x469004e02e62: jnz 0x469004e02f1c
1907             BranchTest32 NonZero, %rax, $1, @49
1908                 0x469004e02e68: test $0x1, %al
1909                 0x469004e02e6a: jnz 0x469004e02e91
1910           Successors: #3, #1
1911         BB#1: ; frequency = 1.000000
1912           Predecessors: #0
1913             Move $0, %rcx, @65
1914                 0x469004e02e70: xor %rcx, %rcx
1915             Jump @66
1916           Successors: #2
1917         BB#2: ; frequency = 1.000000
1918           Predecessors: #1, #3
1919             Move 24(%rdx), %rax, @58
1920                 0x469004e02e73: mov 0x18(%rdx), %rax
1921             Patch &BranchAdd32(4,ForceLateUseUnlessRecoverable)3, Overflow, %rcx, %rax, %rcx, %rcx, %rax, @60
1922                 0x469004e02e77: add %eax, %ecx
1923                 0x469004e02e79: jo 0x469004e02f26
1924             Move $0xffff000000000000, %rax, $-281474976710656(@14)
1925                 0x469004e02e7f: mov $0xffff000000000000, %rax
1926             Add64 %rcx, %rax, %rax, @62
1927                 0x469004e02e89: add %rcx, %rax
1928             Ret64 %rax, @63
1929                 0x469004e02e8c: mov %rbp, %rsp
1930                 0x469004e02e8f: pop %rbp
1931                 0x469004e02e90: ret 
1932         BB#3: ; frequency = 1.000000
1933           Predecessors: #0
1934             Move 16(%rdx), %rcx, @52
1935                 0x469004e02e91: mov 0x10(%rdx), %rcx
1936             Jump @55
1937                 0x469004e02e95: jmp 0x469004e02e73
1938           Successors: #2
1939
1940         * CMakeLists.txt:
1941         * JavaScriptCore.xcodeproj/project.pbxproj:
1942         * b3/air/AirCode.h:
1943         (JSC::B3::Air::Code::setDisassembler):
1944         (JSC::B3::Air::Code::disassembler):
1945         * b3/air/AirDisassembler.cpp: Added.
1946         (JSC::B3::Air::Disassembler::startEntrypoint):
1947         (JSC::B3::Air::Disassembler::endEntrypoint):
1948         (JSC::B3::Air::Disassembler::startLatePath):
1949         (JSC::B3::Air::Disassembler::endLatePath):
1950         (JSC::B3::Air::Disassembler::startBlock):
1951         (JSC::B3::Air::Disassembler::addInst):
1952         (JSC::B3::Air::Disassembler::dump):
1953         * b3/air/AirDisassembler.h: Added.
1954         * b3/air/AirGenerate.cpp:
1955         (JSC::B3::Air::generate):
1956         * ftl/FTLCompile.cpp:
1957         (JSC::FTL::compile):
1958
1959 2017-02-21  Ryan Haddad  <ryanhaddad@apple.com>
1960
1961         Unreviewed, rolling out r212712.
1962
1963         This change broke the CLoop build.
1964
1965         Reverted changeset:
1966
1967         "JSModuleNamespace object should have IC"
1968         https://bugs.webkit.org/show_bug.cgi?id=160590
1969         http://trac.webkit.org/changeset/212712
1970
1971 2017-02-21  Yusuke Suzuki  <utatane.tea@gmail.com>
1972
1973         JSModuleNamespace object should have IC
1974         https://bugs.webkit.org/show_bug.cgi?id=160590
1975
1976         Reviewed by Saam Barati.
1977
1978         This patch optimizes accesses to module namespace objects.
1979
1980         1. Cache the resolutions for module namespace objects.
1981
1982             When constructing the module namespace object, we already resolves all the exports.
1983             The module namespace object caches this result and leverage it in the later access in
1984             getOwnPropertySlot. This avoids resolving bindings through resolveExport.
1985
1986         2. Introduce ModuleNamespaceLoad IC.
1987
1988             This patch adds new IC for module namespace objects. The mechanism is simple, getOwnPropertySlot
1989             tells us about module namespace object resolution. The IC first checks whether the given object
1990             is an expected module namespace object. If this check succeeds, we load the value from the module
1991             environment.
1992
1993         3. Introduce DFG/FTL optimization.
1994
1995             After exploiting module namespace object accesses in (2), DFG can recognize this in ByteCodeParser.
1996             DFG will convert it to CheckCell with the namespace object and GetClosureVar from the cached environment.
1997             At that time, we have a chance to fold it to the constant.
1998
1999         This optimization improves the performance of accessing to module namespace objects.
2000
2001         Before
2002             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-namespace.js
2003             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.43s user 0.03s system 101% cpu 0.451 total
2004             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-binding.js
2005             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.08s user 0.02s system 103% cpu 0.104 total
2006
2007         After
2008             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-namespace.js
2009             ../../WebKitBuild/module-ic/Release/bin/jsc -m   0.11s user 0.01s system 106% cpu 0.109 total
2010             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.js
2011             ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.j  0.08s user 0.02s system 102% cpu 0.105 total
2012
2013         * CMakeLists.txt:
2014         * JavaScriptCore.xcodeproj/project.pbxproj:
2015         * bytecode/AccessCase.cpp:
2016         (JSC::AccessCase::create):
2017         (JSC::AccessCase::guardedByStructureCheck):
2018         (JSC::AccessCase::canReplace):
2019         (JSC::AccessCase::visitWeak):
2020         (JSC::AccessCase::generateWithGuard):
2021         (JSC::AccessCase::generateImpl):
2022         * bytecode/AccessCase.h:
2023         * bytecode/GetByIdStatus.cpp:
2024         (JSC::GetByIdStatus::GetByIdStatus):
2025         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
2026         (JSC::GetByIdStatus::makesCalls):
2027         (JSC::GetByIdStatus::dump):
2028         * bytecode/GetByIdStatus.h:
2029         (JSC::GetByIdStatus::isModuleNamespace):
2030         (JSC::GetByIdStatus::takesSlowPath):
2031         (JSC::GetByIdStatus::moduleNamespaceObject):
2032         (JSC::GetByIdStatus::moduleEnvironment):
2033         (JSC::GetByIdStatus::scopeOffset):
2034         * bytecode/ModuleNamespaceAccessCase.cpp: Added.
2035         (JSC::ModuleNamespaceAccessCase::ModuleNamespaceAccessCase):
2036         (JSC::ModuleNamespaceAccessCase::create):
2037         (JSC::ModuleNamespaceAccessCase::~ModuleNamespaceAccessCase):
2038         (JSC::ModuleNamespaceAccessCase::clone):
2039         (JSC::ModuleNamespaceAccessCase::emit):
2040         * bytecode/ModuleNamespaceAccessCase.h: Added.
2041         (JSC::ModuleNamespaceAccessCase::moduleNamespaceObject):
2042         (JSC::ModuleNamespaceAccessCase::moduleEnvironment):
2043         (JSC::ModuleNamespaceAccessCase::scopeOffset):
2044         * bytecode/PolymorphicAccess.cpp:
2045         (WTF::printInternal):
2046         * dfg/DFGByteCodeParser.cpp:
2047         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
2048         (JSC::DFG::ByteCodeParser::handleGetById):
2049         * jit/AssemblyHelpers.h:
2050         (JSC::AssemblyHelpers::loadValue):
2051         * jit/Repatch.cpp:
2052         (JSC::tryCacheGetByID):
2053         * runtime/AbstractModuleRecord.cpp:
2054         (JSC::AbstractModuleRecord::getModuleNamespace):
2055         * runtime/JSModuleNamespaceObject.cpp:
2056         (JSC::JSModuleNamespaceObject::finishCreation):
2057         (JSC::JSModuleNamespaceObject::visitChildren):
2058         (JSC::getValue):
2059         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
2060         (JSC::JSModuleNamespaceObject::getOwnPropertyNames):
2061         * runtime/JSModuleNamespaceObject.h:
2062         (JSC::isJSModuleNamespaceObject):
2063         (JSC::JSModuleNamespaceObject::create): Deleted.
2064         (JSC::JSModuleNamespaceObject::createStructure): Deleted.
2065         (JSC::JSModuleNamespaceObject::moduleRecord): Deleted.
2066         * runtime/JSModuleRecord.h:
2067         (JSC::JSModuleRecord::moduleEnvironment): Deleted.
2068         * runtime/PropertySlot.h:
2069         (JSC::PropertySlot::PropertySlot):
2070         (JSC::PropertySlot::domJIT):
2071         (JSC::PropertySlot::moduleNamespaceSlot):
2072         (JSC::PropertySlot::setValueModuleNamespace):
2073         (JSC::PropertySlot::setCacheableCustom):
2074
2075 2017-02-21  Yusuke Suzuki  <utatane.tea@gmail.com>
2076
2077         ASSERTION FAILED: "!scope.exception()" with Object.isSealed/isFrozen and uninitialized module bindings
2078         https://bugs.webkit.org/show_bug.cgi?id=168605
2079
2080         Reviewed by Saam Barati.
2081
2082         We should check exception state after calling getOwnPropertyDescriptor() since it can throw errors.
2083
2084         * runtime/ObjectConstructor.cpp:
2085         (JSC::objectConstructorIsSealed):
2086         (JSC::objectConstructorIsFrozen):
2087
2088 2017-02-20  Mark Lam  <mark.lam@apple.com>
2089
2090         [Re-landing] CachedCall should let GC know to keep its arguments alive.
2091         https://bugs.webkit.org/show_bug.cgi?id=168567
2092         <rdar://problem/30475767>
2093
2094         Reviewed by Saam Barati.
2095
2096         We fix this by having CachedCall use a MarkedArgumentBuffer to store its
2097         arguments instead of a Vector.
2098
2099         Also declared CachedCall, MarkedArgumentBuffer, and ProtoCallFrame as
2100         WTF_FORBID_HEAP_ALLOCATION because they rely on being stack allocated for
2101         correctness.
2102
2103         Update: the original patch has a bug in MarkedArgumentBuffer::expandCapacity()
2104         where it was copying and calling addMarkSet() on values in m_buffer beyond m_size
2105         (up to m_capacity).  As a result, depending on the pre-existing values in
2106         m_inlineBuffer, this may result in a computed Heap pointer that is wrong, and
2107         subsequently, manifest as a crash.  This is likely to be the cause of the PLT
2108         regression.
2109
2110         I don't have a new test for this fix because the issue relies on sufficiently bad
2111         values randomly showing up in m_inlineBuffer when we do an ensureCapacity() which
2112         calls expandCapacity().
2113
2114         * interpreter/CachedCall.h:
2115         (JSC::CachedCall::CachedCall):
2116         (JSC::CachedCall::call):
2117         (JSC::CachedCall::clearArguments):
2118         (JSC::CachedCall::appendArgument):
2119         (JSC::CachedCall::setArgument): Deleted.
2120         * interpreter/CallFrame.h:
2121         (JSC::ExecState::emptyList):
2122         * interpreter/Interpreter.cpp:
2123         (JSC::Interpreter::prepareForRepeatCall):
2124         * interpreter/Interpreter.h:
2125         * interpreter/ProtoCallFrame.h:
2126         * runtime/ArgList.cpp:
2127         (JSC::MarkedArgumentBuffer::slowEnsureCapacity):
2128         (JSC::MarkedArgumentBuffer::expandCapacity):
2129         (JSC::MarkedArgumentBuffer::slowAppend):
2130         * runtime/ArgList.h:
2131         (JSC::MarkedArgumentBuffer::append):
2132         (JSC::MarkedArgumentBuffer::ensureCapacity):
2133         * runtime/StringPrototype.cpp:
2134         (JSC::replaceUsingRegExpSearch):
2135         * runtime/VM.cpp:
2136         (JSC::VM::VM):
2137         * runtime/VM.h:
2138
2139 2017-02-20  Commit Queue  <commit-queue@webkit.org>
2140
2141         Unreviewed, rolling out r212618.
2142         https://bugs.webkit.org/show_bug.cgi?id=168609
2143
2144         "Appears to cause PLT regression" (Requested by mlam on
2145         #webkit).
2146
2147         Reverted changeset:
2148
2149         "CachedCall should let GC know to keep its arguments alive."
2150         https://bugs.webkit.org/show_bug.cgi?id=168567
2151         http://trac.webkit.org/changeset/212618
2152
2153 2017-02-19  Mark Lam  <mark.lam@apple.com>
2154
2155         BytecodeGenerator should not iterate its m_controlFlowScopeStack using a pointer bump.
2156         https://bugs.webkit.org/show_bug.cgi?id=168585
2157
2158         Reviewed by Yusuke Suzuki.
2159
2160         This is because m_controlFlowScopeStack is a SegmentedVector, and entries for
2161         consecutive indices in the vector are not guaranteed to be consecutive in memory
2162         layout.  Instead, we should be using indexing instead.
2163
2164         This issue was detected by the marathon.js test from
2165         https://bugs.webkit.org/show_bug.cgi?id=168580.
2166
2167         * bytecompiler/BytecodeGenerator.cpp:
2168         (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
2169         (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded):
2170
2171 2017-02-20  Manuel Rego Casasnovas  <rego@igalia.com>
2172
2173         [css-grid] Remove compilation flag ENABLE_CSS_GRID_LAYOUT
2174         https://bugs.webkit.org/show_bug.cgi?id=167693
2175
2176         Reviewed by Sergio Villar Senin.
2177
2178         * Configurations/FeatureDefines.xcconfig:
2179
2180 2017-02-19  Commit Queue  <commit-queue@webkit.org>
2181
2182         Unreviewed, rolling out r212472.
2183         https://bugs.webkit.org/show_bug.cgi?id=168584
2184
2185         Broke CLoop builds when r212466 was rolled out in r212616
2186         (Requested by rniwa on #webkit).
2187
2188         Reverted changeset:
2189
2190         "Unreviewed, fix cloop build."
2191         http://trac.webkit.org/changeset/212472
2192
2193 2017-02-19  Mark Lam  <mark.lam@apple.com>
2194
2195         functionTestWasmModuleFunctions() should use a MarkedArgumentBuffer for storing args instead of a Vector.
2196         https://bugs.webkit.org/show_bug.cgi?id=168574
2197
2198         Reviewed by Filip Pizlo.
2199
2200         * jsc.cpp:
2201         (callWasmFunction):
2202         (functionTestWasmModuleFunctions):
2203         * runtime/ArgList.h:
2204
2205 2017-02-19  Mark Lam  <mark.lam@apple.com>
2206
2207         CachedCall should let GC know to keep its arguments alive.
2208         https://bugs.webkit.org/show_bug.cgi?id=168567
2209         <rdar://problem/30475767>
2210
2211         Reviewed by Saam Barati.
2212
2213         We fix this by having CachedCall use a MarkedArgumentBuffer to store its
2214         arguments instead of a Vector.
2215
2216         Also declared CachedCall, MarkedArgumentBuffer, and ProtoCallFrame as
2217         WTF_FORBID_HEAP_ALLOCATION because they rely on being stack allocated for
2218         correctness.
2219
2220         * interpreter/CachedCall.h:
2221         (JSC::CachedCall::CachedCall):
2222         (JSC::CachedCall::call):
2223         (JSC::CachedCall::clearArguments):
2224         (JSC::CachedCall::appendArgument):
2225         (JSC::CachedCall::setArgument): Deleted.
2226         * interpreter/CallFrame.h:
2227         (JSC::ExecState::emptyList):
2228         * interpreter/Interpreter.cpp:
2229         (JSC::Interpreter::prepareForRepeatCall):
2230         * interpreter/Interpreter.h:
2231         * interpreter/ProtoCallFrame.h:
2232         * runtime/ArgList.cpp:
2233         (JSC::MarkedArgumentBuffer::expandCapacity):
2234         * runtime/ArgList.h:
2235         (JSC::MarkedArgumentBuffer::ensureCapacity):
2236         * runtime/StringPrototype.cpp:
2237         (JSC::replaceUsingRegExpSearch):
2238         * runtime/VM.cpp:
2239         (JSC::VM::VM):
2240         * runtime/VM.h:
2241
2242 2017-02-19  Commit Queue  <commit-queue@webkit.org>
2243
2244         Unreviewed, rolling out r212466.
2245         https://bugs.webkit.org/show_bug.cgi?id=168577
2246
2247         causes crashes on AArch64 on linux, maybe it's causing crashes
2248         on iOS too (Requested by pizlo on #webkit).
2249
2250         Reverted changeset:
2251
2252         "The collector thread should only start when the mutator
2253         doesn't have heap access"
2254         https://bugs.webkit.org/show_bug.cgi?id=167737
2255         http://trac.webkit.org/changeset/212466
2256
2257 2017-02-17  Michael Saboff  <msaboff@apple.com>
2258
2259         Improve ARM64 disassembler handling of pseudo ops, unsupported opcodes and zero reg
2260         https://bugs.webkit.org/show_bug.cgi?id=168527
2261
2262         Reviewed by Filip Pizlo.
2263
2264         Added support for data processing 1 source instructions like rbit, rev, clz and cls.
2265         Added support for the FP conditional select instruction, fcsel.  Consolidated the
2266         two classes for handling dmb instructions into one class.  Fixed the instruction
2267         selection mask in the integer conditional select class, A64DOpcodeConditionalSelect.
2268         Fixed the processing of extract instruction (extr) including the rotate right (ror)
2269         pseudo instruction.  Changed the printing of x31 and w31 to xzr and wzr as operands
2270         according to the spec.  Added support for common pseudo instructions.  This includes:
2271         - mvn x1, X2 in place of orn x1, xzr, x2
2272         - lsl x3, x4, #count in place of ubfiz x3, x4, #count, #count
2273         - smull x5, w6, w7 in place of smaddl x5, w6, w7, XZR
2274         - More understandable mov x8, #-304 in place of movn x8, #0x12f
2275         - Eliminated xzr from register index loads and stores, outputing
2276           ldr x10, [x11] instead of ldr x10, [x11, xzr]
2277
2278         Changed the move wide instructions to use hex literals for movz and movk.
2279         This makes it much easier to decifer sequences of wide moves for large literals.
2280                 Before                       After
2281           movz   x17, #26136           movz   x17, #0x6618
2282           movk   x17, #672, lsl #16    movk   x17, #0x2a0, lsl #16
2283           movk   x17, #1, lsl #32      movk   x17, #0x1, lsl #32
2284
2285         Verified that all instructions currently generated by the JSC stress tests are
2286         disassembled.
2287
2288         * disassembler/ARM64/A64DOpcode.cpp:
2289         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2290         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing1Source::format):
2291         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::format):
2292         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::format):
2293         (JSC::ARM64Disassembler::A64DOpcodeExtract::format):
2294         (JSC::ARM64Disassembler::A64DOpcodeFloatingPointConditionalSelect::format):
2295         (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::format):
2296         (JSC::ARM64Disassembler::A64DOpcodeDmb::format):
2297         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::format):
2298         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreRegisterOffset::format):
2299         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreRegisterPair::format):
2300         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreUnsignedImmediate::format):
2301         (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::format):
2302         (JSC::ARM64Disassembler::A64DOpcodeMoveWide::format):
2303         (JSC::ARM64Disassembler::A64DOpcodeDmbIsh::format): Deleted.
2304         (JSC::ARM64Disassembler::A64DOpcodeDmbIshSt::format): Deleted.
2305         * disassembler/ARM64/A64DOpcode.h:
2306         (JSC::ARM64Disassembler::A64DOpcode::appendSignedImmediate64):
2307         (JSC::ARM64Disassembler::A64DOpcode::appendUnsignedHexImmediate):
2308         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing1Source::opName):
2309         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing1Source::sBit):
2310         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing1Source::opCode):
2311         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing1Source::opCode2):
2312         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing1Source::opNameIndex):
2313         (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::opName):
2314         (JSC::ARM64Disassembler::A64DOpcodeFloatingPointConditionalSelect::opName):
2315         (JSC::ARM64Disassembler::A64DOpcodeFloatingPointConditionalSelect::condition):
2316         (JSC::ARM64Disassembler::A64DOpcodeDmb::option):
2317         (JSC::ARM64Disassembler::A64DOpcodeDmb::crM):
2318         (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::isMov):
2319         (JSC::ARM64Disassembler::A64DOpcodeDmbIsh::opName): Deleted.
2320         (JSC::ARM64Disassembler::A64DOpcodeDmbIshSt::opName): Deleted.
2321
2322 2017-02-17  Zan Dobersek  <zdobersek@igalia.com>
2323
2324         [GLib] GCActivityCallback::scheduleTimer() keeps pushing dispatch into the future
2325         https://bugs.webkit.org/show_bug.cgi?id=168363
2326
2327         Reviewed by Carlos Garcia Campos.
2328
2329         Mimic the USE(CF) implementation of GCActivityCallback and HeapTimer by
2330         scheduling the timer a decade into the future instead of completely
2331         cancelling it. That way new dispatch times for GCActivityCallback can be
2332         computed by simply deducting the difference in the new and previous
2333         delay from the GSource's current dispatch time. Previously we handled an
2334         extra 'paused' state (where m_delay was -1) and allowed for a delay of
2335         an infinite value to be valid, complicating the next dispatch time
2336         computation.
2337
2338         HeapTimer gains the static s_decade variable. The dispatch function in
2339         heapTimerSourceFunctions only dispatches the callback, which now delays
2340         the GSource by a decade. HeapTimer::scheduleTimer() simply schedules the
2341         source to dispatch in the specified amount of time, and cancelTimer()
2342         'cancels' the source by setting the dispatch time to a decade.
2343
2344         GCActivityCallback constructor initializes the delay to the s_decade
2345         value and immediately sets the ready time for GSource a decade into the
2346         future, avoiding the default -1 value as the ready time that would cause
2347         problems in scheduleTimer(). scheduleTimer() doesn't special-case the
2348         zero-delay value anymore, instead it just computes the difference
2349         between the old and the new delay and rolls back the GSource's ready
2350         time for that amount. cancelTimer() sets m_delay to the decade value and
2351         delays the GSource for that same amount.
2352
2353         * heap/GCActivityCallback.cpp:
2354         (JSC::GCActivityCallback::GCActivityCallback):
2355         (JSC::GCActivityCallback::scheduleTimer):
2356         (JSC::GCActivityCallback::cancelTimer):
2357         * heap/GCActivityCallback.h:
2358         * heap/HeapTimer.cpp:
2359         (JSC::HeapTimer::HeapTimer):
2360         (JSC::HeapTimer::scheduleTimer):
2361         (JSC::HeapTimer::cancelTimer):
2362         * heap/HeapTimer.h:
2363
2364 2017-02-16  Yusuke Suzuki  <utatane.tea@gmail.com>
2365
2366         [JSC] Drop PassRefPtr from ArrayBuffer
2367         https://bugs.webkit.org/show_bug.cgi?id=168455
2368
2369         Reviewed by Geoffrey Garen.
2370
2371         This patch finally drops all the PassRefPtr in JSC.
2372         We changed PassRefPtr<ArrayBuffer> to RefPtr<ArrayBuffer>&&.
2373         Since ArrayBuffer may be nullptr if the array is neutered,
2374         we hold it as RefPtr<> instead of Ref<>.
2375
2376         And we also drops 2 files, TypedArrayBase.h and IntegralTypedArrayBase.h.
2377         They are not used (and they are not referenced from the project file).
2378
2379         * inspector/JavaScriptCallFrame.h:
2380         * jsc.cpp:
2381         (functionDollarAgentReceiveBroadcast):
2382         * runtime/ArrayBufferView.cpp:
2383         (JSC::ArrayBufferView::ArrayBufferView):
2384         * runtime/ArrayBufferView.h:
2385         (JSC::ArrayBufferView::possiblySharedBuffer):
2386         (JSC::ArrayBufferView::unsharedBuffer):
2387         (JSC::ArrayBufferView::verifySubRangeLength):
2388         (JSC::ArrayBufferView::clampOffsetAndNumElements):
2389         * runtime/ClassInfo.h:
2390         * runtime/DataView.cpp:
2391         (JSC::DataView::DataView):
2392         (JSC::DataView::create):
2393         * runtime/DataView.h:
2394         * runtime/GenericTypedArrayView.h:
2395         * runtime/GenericTypedArrayViewInlines.h:
2396         (JSC::GenericTypedArrayView<Adaptor>::GenericTypedArrayView):
2397         (JSC::GenericTypedArrayView<Adaptor>::create):
2398         (JSC::GenericTypedArrayView<Adaptor>::subarray):
2399         * runtime/IntegralTypedArrayBase.h: Removed.
2400         * runtime/JSArrayBuffer.cpp:
2401         (JSC::JSArrayBuffer::JSArrayBuffer):
2402         (JSC::JSArrayBuffer::create):
2403         * runtime/JSArrayBuffer.h:
2404         * runtime/JSArrayBufferPrototype.cpp:
2405         (JSC::arrayBufferProtoFuncSlice):
2406         * runtime/JSArrayBufferView.cpp:
2407         (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
2408         * runtime/JSArrayBufferView.h:
2409         * runtime/JSArrayBufferViewInlines.h:
2410         (JSC::JSArrayBufferView::possiblySharedImpl):
2411         (JSC::JSArrayBufferView::unsharedImpl):
2412         * runtime/JSCell.cpp:
2413         (JSC::JSCell::slowDownAndWasteMemory):
2414         (JSC::JSCell::getTypedArrayImpl):
2415         * runtime/JSCell.h:
2416         * runtime/JSDataView.cpp:
2417         (JSC::JSDataView::create):
2418         (JSC::JSDataView::possiblySharedTypedImpl):
2419         (JSC::JSDataView::unsharedTypedImpl):
2420         (JSC::JSDataView::getTypedArrayImpl):
2421         * runtime/JSDataView.h:
2422         * runtime/JSGenericTypedArrayView.h:
2423         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
2424         (JSC::constructGenericTypedArrayViewWithArguments):
2425         * runtime/JSGenericTypedArrayViewInlines.h:
2426         (JSC::JSGenericTypedArrayView<Adaptor>::create):
2427         (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
2428         (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
2429         (JSC::JSGenericTypedArrayView<Adaptor>::getTypedArrayImpl):
2430         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
2431         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
2432         * runtime/JSTypedArrays.cpp:
2433         (JSC::createUint8TypedArray):
2434         * runtime/TypedArrayBase.h: Removed.
2435
2436 2017-02-16  Keith Miller  <keith_miller@apple.com>
2437
2438         ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id()
2439         https://bugs.webkit.org/show_bug.cgi?id=168354
2440
2441         Reviewed by Geoffrey Garen.
2442
2443         Instead of adding a custom vmEntryGlobalObject for the debugger
2444         we can just have it use vmEntryScope instead.
2445
2446         * debugger/Debugger.cpp:
2447         (JSC::Debugger::detach):
2448         * interpreter/CallFrame.cpp:
2449         (JSC::CallFrame::vmEntryGlobalObjectForDebuggerDetach): Deleted.
2450         * interpreter/CallFrame.h:
2451
2452 2017-02-16  Filip Pizlo  <fpizlo@apple.com>
2453
2454         Unreviewed, fix cloop build.
2455
2456         * heap/Heap.cpp:
2457         (JSC::Heap::stopThePeriphery):
2458         * runtime/JSLock.cpp:
2459
2460 2017-02-10  Filip Pizlo  <fpizlo@apple.com>
2461
2462         The collector thread should only start when the mutator doesn't have heap access
2463         https://bugs.webkit.org/show_bug.cgi?id=167737
2464
2465         Reviewed by Keith Miller.
2466         
2467         This turns the collector thread's workflow into a state machine, so that the mutator thread can
2468         run it directly. This reduces the amount of synchronization we do with the collector thread, and
2469         means that most apps will never start the collector thread. The collector thread will still start
2470         when we need to finish collecting and we don't have heap access.
2471         
2472         In this new world, "stopping the world" means relinquishing control of collection to the mutator.
2473         This means tracking who is conducting collection. I use the GCConductor enum to say who is
2474         conducting. It's either GCConductor::Mutator or GCConductor::Collector. I use the term "conn" to
2475         refer to the concept of conducting (having the conn, relinquishing the conn, taking the conn).
2476         So, stopping the world means giving the mutator the conn. Releasing heap access means giving the
2477         collector the conn.
2478         
2479         This meant bringing back the conservative scan of the calling thread. It turns out that this
2480         scan was too slow to be called on each GC increment because apparently setjmp() now does system
2481         calls. So, I wrote our own callee save register saving for the GC. Then I had doubts about
2482         whether or not it was correct, so I also made it so that the GC only rarely asks for the register
2483         state. I think we still want to use my register saving code instead of setjmp because setjmp
2484         seems to save things we don't need, and that could make us overly conservative.
2485         
2486         It turns out that this new scheduling discipline makes the old space-time scheduler perform
2487         better than the new stochastic space-time scheduler on systems with fewer than 4 cores. This is
2488         because the mutator having the conn enables us to time the mutator<->collector context switches
2489         by polling. The OS is never involved. So, we can use super precise timing. This allows the old
2490         space-time schduler to shine like it hadn't before.
2491         
2492         The splay results imply that this is all a good thing. On 2-core systems, this reduces pause
2493         times by 40% and it increases throughput about 5%. On 1-core systems, this reduces pause times by
2494         half and reduces throughput by 8%. On 4-or-more-core systems, this doesn't seem to have much
2495         effect.
2496
2497         * CMakeLists.txt:
2498         * JavaScriptCore.xcodeproj/project.pbxproj:
2499         * dfg/DFGWorklist.cpp:
2500         (JSC::DFG::Worklist::ThreadBody::ThreadBody):
2501         (JSC::DFG::Worklist::dump):
2502         (JSC::DFG::numberOfWorklists):
2503         (JSC::DFG::ensureWorklistForIndex):
2504         (JSC::DFG::existingWorklistForIndexOrNull):
2505         (JSC::DFG::existingWorklistForIndex):
2506         * dfg/DFGWorklist.h:
2507         (JSC::DFG::numberOfWorklists): Deleted.
2508         (JSC::DFG::ensureWorklistForIndex): Deleted.
2509         (JSC::DFG::existingWorklistForIndexOrNull): Deleted.
2510         (JSC::DFG::existingWorklistForIndex): Deleted.
2511         * heap/CollectingScope.h: Added.
2512         (JSC::CollectingScope::CollectingScope):
2513         (JSC::CollectingScope::~CollectingScope):
2514         * heap/CollectorPhase.cpp: Added.
2515         (JSC::worldShouldBeSuspended):
2516         (WTF::printInternal):
2517         * heap/CollectorPhase.h: Added.
2518         * heap/EdenGCActivityCallback.cpp:
2519         (JSC::EdenGCActivityCallback::lastGCLength):
2520         * heap/FullGCActivityCallback.cpp:
2521         (JSC::FullGCActivityCallback::doCollection):
2522         (JSC::FullGCActivityCallback::lastGCLength):
2523         * heap/GCConductor.cpp: Added.
2524         (JSC::gcConductorShortName):
2525         (WTF::printInternal):
2526         * heap/GCConductor.h: Added.
2527         * heap/Heap.cpp:
2528         (JSC::Heap::Thread::Thread):
2529         (JSC::Heap::Heap):
2530         (JSC::Heap::lastChanceToFinalize):
2531         (JSC::Heap::gatherStackRoots):
2532         (JSC::Heap::updateObjectCounts):
2533         (JSC::Heap::shouldCollectInCollectorThread):
2534         (JSC::Heap::collectInCollectorThread):
2535         (JSC::Heap::checkConn):
2536         (JSC::Heap::runCurrentPhase):
2537         (JSC::Heap::runNotRunningPhase):
2538         (JSC::Heap::runBeginPhase):
2539         (JSC::Heap::runFixpointPhase):
2540         (JSC::Heap::runConcurrentPhase):
2541         (JSC::Heap::runReloopPhase):
2542         (JSC::Heap::runEndPhase):
2543         (JSC::Heap::changePhase):
2544         (JSC::Heap::finishChangingPhase):
2545         (JSC::Heap::stopThePeriphery):
2546         (JSC::Heap::resumeThePeriphery):
2547         (JSC::Heap::stopTheMutator):
2548         (JSC::Heap::resumeTheMutator):
2549         (JSC::Heap::stopIfNecessarySlow):
2550         (JSC::Heap::collectInMutatorThread):
2551         (JSC::Heap::collectInMutatorThreadImpl):
2552         (JSC::Heap::waitForCollector):
2553         (JSC::Heap::acquireAccessSlow):
2554         (JSC::Heap::releaseAccessSlow):
2555         (JSC::Heap::relinquishConn):
2556         (JSC::Heap::finishRelinquishingConn):
2557         (JSC::Heap::handleNeedFinalize):
2558         (JSC::Heap::notifyThreadStopping):
2559         (JSC::Heap::finalize):
2560         (JSC::Heap::requestCollection):
2561         (JSC::Heap::waitForCollection):
2562         (JSC::Heap::updateAllocationLimits):
2563         (JSC::Heap::didFinishCollection):
2564         (JSC::Heap::collectIfNecessaryOrDefer):
2565         (JSC::Heap::preventCollection):
2566         (JSC::Heap::performIncrement):
2567         (JSC::Heap::markToFixpoint): Deleted.
2568         (JSC::Heap::shouldCollectInThread): Deleted.
2569         (JSC::Heap::collectInThread): Deleted.
2570         (JSC::Heap::stopTheWorld): Deleted.
2571         (JSC::Heap::resumeTheWorld): Deleted.
2572         * heap/Heap.h:
2573         (JSC::Heap::machineThreads):
2574         (JSC::Heap::lastFullGCLength):
2575         (JSC::Heap::lastEdenGCLength):
2576         (JSC::Heap::increaseLastFullGCLength):
2577         * heap/HeapInlines.h:
2578         (JSC::Heap::mutatorIsStopped): Deleted.
2579         * heap/HeapStatistics.cpp: Removed.
2580         * heap/HeapStatistics.h: Removed.
2581         * heap/HelpingGCScope.h: Removed.
2582         * heap/MachineStackMarker.cpp:
2583         (JSC::MachineThreads::gatherFromCurrentThread):
2584         (JSC::MachineThreads::gatherConservativeRoots):
2585         * heap/MachineStackMarker.h:
2586         * heap/MarkedBlock.cpp:
2587         (JSC::MarkedBlock::Handle::sweep):
2588         * heap/MutatorState.cpp:
2589         (WTF::printInternal):
2590         * heap/MutatorState.h:
2591         * heap/RegisterState.h: Added.
2592         * heap/SlotVisitor.cpp:
2593         (JSC::SlotVisitor::drainFromShared):
2594         (JSC::SlotVisitor::drainInParallelPassively):
2595         (JSC::SlotVisitor::donateAll):
2596         * heap/StochasticSpaceTimeMutatorScheduler.cpp:
2597         (JSC::StochasticSpaceTimeMutatorScheduler::beginCollection):
2598         (JSC::StochasticSpaceTimeMutatorScheduler::synchronousDrainingDidStall):
2599         (JSC::StochasticSpaceTimeMutatorScheduler::timeToStop):
2600         * heap/SweepingScope.h: Added.
2601         (JSC::SweepingScope::SweepingScope):
2602         (JSC::SweepingScope::~SweepingScope):
2603         * jit/JITWorklist.cpp:
2604         (JSC::JITWorklist::Thread::Thread):
2605         * jsc.cpp:
2606         (GlobalObject::finishCreation):
2607         (functionFlashHeapAccess):
2608         * runtime/InitializeThreading.cpp:
2609         (JSC::initializeThreading):
2610         * runtime/JSCellInlines.h:
2611         (JSC::JSCell::classInfo):
2612         * runtime/Options.cpp:
2613         (JSC::overrideDefaults):
2614         * runtime/Options.h:
2615         * runtime/TestRunnerUtils.cpp:
2616         (JSC::finalizeStatsAtEndOfTesting):
2617
2618 2017-02-16  Anders Carlsson  <andersca@apple.com>
2619
2620         Remove EFL from JavaScriptCore
2621         https://bugs.webkit.org/show_bug.cgi?id=168459
2622
2623         Reviewed by Geoffrey Garen.
2624
2625         * heap/GCActivityCallback.cpp:
2626         (JSC::GCActivityCallback::GCActivityCallback):
2627         (JSC::GCActivityCallback::cancelTimer):
2628         (JSC::GCActivityCallback::didAllocate):
2629         * heap/GCActivityCallback.h:
2630         * heap/HeapTimer.cpp:
2631         (JSC::HeapTimer::add): Deleted.
2632         (JSC::HeapTimer::stop): Deleted.
2633         (JSC::HeapTimer::timerEvent): Deleted.
2634         * heap/HeapTimer.h:
2635         * inspector/EventLoop.cpp:
2636         (Inspector::EventLoop::cycle):
2637         * jsc.cpp:
2638         (main):
2639         * tools/CodeProfiling.cpp:
2640         (JSC::CodeProfiling::begin):
2641         (JSC::CodeProfiling::end):
2642
2643 2017-02-15  Brian Burg  <bburg@apple.com>
2644
2645         [Cocoa] Web Inspector: Inspector::fromProtocolString<T> should return std::optional<T>
2646         https://bugs.webkit.org/show_bug.cgi?id=168018
2647         <rdar://problem/30468779>
2648
2649         Reviewed by Joseph Pecoraro.
2650
2651         These methods parse untrusted string inputs, so they should return an optional instead
2652         of asserting or crashing when the input is not usable.
2653
2654         Update various pieces of generated code to handle the error case gracefully.
2655
2656         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2657         (ObjCBackendDispatcherImplementationGenerator._generate_conversions_for_command):
2658         (ObjCBackendDispatcherImplementationGenerator._generate_invocation_for_command):
2659         The local variable holding the ObjC-friendly converted value should take a std::optional
2660         when converting an enum from a string into an NS_ENUM value. If the enum command parameter
2661         is not optional, then send a response with a command failure message and return.
2662
2663         The optional enum parameter case is not handled correctly, but no existing code requires it.
2664
2665         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2666         (ObjCProtocolTypeConversionsHeaderGenerator._generate_enum_from_protocol_string):
2667         Fix signature and remove default case ASSERT_NOT_REACHED.
2668
2669         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2670         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_method_implementation):
2671         Since this code assumes all inputs to be valid and throws an exception otherwise, we
2672         try to convert the enum and throw an exception if it's nullopt. If it's valid, write to outValue.
2673
2674         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2675         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_payload):
2676         The local variable holding the ObjC-friendly converted value should take a std::optional
2677         when converting an enum from a string into an NS_ENUM value. If the enum command parameter
2678         is not optional, then throw an exception if the value is nullopt. Otherwise, allow it to be empty.
2679
2680         * inspector/scripts/codegen/objc_generator.py:
2681         (ObjCGenerator.protocol_to_objc_expression_for_member):
2682         Unconditionally unwrap the optional. This expression is only used inside the typechecked
2683         ObjC protocol objects. In this case we are guaranteed to have already initialized the enum with a valid
2684         value, but must store it as a string inside a wrapped InspectorObject. The getter needs to
2685         re-convert the stored string into an NS_ENUM value.
2686
2687         * inspector/scripts/codegen/objc_generator_templates.py:
2688         Update type template for fromProtocolString<T>().
2689
2690         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
2691         * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
2692         * inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
2693         * inspector/scripts/tests/generic/expected/definitions-with-mac-platform.json-result:
2694         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
2695         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
2696         * inspector/scripts/tests/generic/expected/enum-values.json-result:
2697         * inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
2698         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
2699         * inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
2700         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
2701         * inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
2702         * inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
2703         * inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
2704         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
2705         * inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
2706         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
2707         * inspector/scripts/tests/ios/expected/definitions-with-mac-platform.json-result:
2708         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
2709         Rebaseline tests.
2710
2711 2017-02-16  Keith Miller  <keith_miller@apple.com>
2712
2713         ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id()
2714         https://bugs.webkit.org/show_bug.cgi?id=168354
2715
2716         Reviewed by Filip Pizlo.
2717
2718         Add a new vmEntryGlobalObject method for the debugger so that
2719         the debugger does not crash in debug builds when trying to
2720         detach itself from a global object.
2721
2722         * debugger/Debugger.cpp:
2723         (JSC::Debugger::detach):
2724         * interpreter/CallFrame.cpp:
2725         (JSC::CallFrame::vmEntryGlobalObjectForDebuggerDetach):
2726         * interpreter/CallFrame.h:
2727
2728 2017-02-16  Keith Miller  <keith_miller@apple.com>
2729
2730         Refactor AccessCase to be more like B3Value
2731         https://bugs.webkit.org/show_bug.cgi?id=168408
2732
2733         Reviewed by Filip Pizlo.
2734
2735         This patch makes AccessCase (and new subclasses) more like B3Value. In the new system each
2736         type has an associated AccessCase subclass. For instance any getter should use the
2737         GetterSetterAccessCase subclass. The new system is easier to follow since you no longer need
2738         to know exactly which members are used by which types. The subclass to AccessType mapping is:
2739
2740         GetterSetterAccessCase:
2741             Getter
2742             CustomAccessorGetter
2743             CustomValueGetter
2744             Setter
2745
2746         ProxyableAccessCase:
2747             Load
2748             Miss
2749             GetGetter
2750
2751         IntrinsicGetterAccessCase:
2752             IntrinsicGetter
2753
2754         AccessCase:
2755             Everything else
2756
2757         It also has the additional advantage that it uses less memory for the cases where we would have needed
2758         rare data in the past but that case would only use a small bit of it.
2759
2760         This patch also removes megamorphic loads and renames some TryGetById related enum values from Pure to Try.
2761
2762         * CMakeLists.txt:
2763         * JavaScriptCore.xcodeproj/project.pbxproj:
2764         * bytecode/AccessCase.cpp: Added.
2765         (JSC::AccessCase::AccessCase):
2766         (JSC::AccessCase::create):
2767         (JSC::AccessCase::~AccessCase):
2768         (JSC::AccessCase::fromStructureStubInfo):
2769         (JSC::AccessCase::clone):
2770         (JSC::AccessCase::commit):
2771         (JSC::AccessCase::guardedByStructureCheck):
2772         (JSC::AccessCase::doesCalls):
2773         (JSC::AccessCase::couldStillSucceed):
2774         (JSC::AccessCase::canReplace):
2775         (JSC::AccessCase::dump):
2776         (JSC::AccessCase::visitWeak):
2777         (JSC::AccessCase::propagateTransitions):
2778         (JSC::AccessCase::generateWithGuard):
2779         (JSC::AccessCase::generate):
2780         (JSC::AccessCase::generateImpl):
2781         * bytecode/AccessCase.h: Added.
2782         (JSC::AccessCase::as):
2783         (JSC::AccessCase::create):
2784         (JSC::AccessCase::type):
2785         (JSC::AccessCase::state):
2786         (JSC::AccessCase::offset):
2787         (JSC::AccessCase::structure):
2788         (JSC::AccessCase::newStructure):
2789         (JSC::AccessCase::conditionSet):
2790         (JSC::AccessCase::alternateBase):
2791         (JSC::AccessCase::additionalSet):
2792         (JSC::AccessCase::viaProxy):
2793         (JSC::AccessCase::isGetter):
2794         (JSC::AccessCase::isAccessor):
2795         (JSC::AccessCase::dumpImpl):
2796         (JSC::AccessCase::resetState):
2797         * bytecode/GetByIdStatus.cpp:
2798         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
2799         * bytecode/GetterSetterAccessCase.cpp: Added.
2800         (JSC::GetterSetterAccessCase::GetterSetterAccessCase):
2801         (JSC::GetterSetterAccessCase::create):
2802         (JSC::GetterSetterAccessCase::~GetterSetterAccessCase):
2803         (JSC::GetterSetterAccessCase::clone):
2804         (JSC::GetterSetterAccessCase::alternateBase):
2805         (JSC::GetterSetterAccessCase::dumpImpl):
2806         (JSC::GetterSetterAccessCase::emitDOMJITGetter):
2807         * bytecode/GetterSetterAccessCase.h: Added.
2808         (JSC::GetterSetterAccessCase::callLinkInfo):
2809         (JSC::GetterSetterAccessCase::customSlotBase):
2810         (JSC::GetterSetterAccessCase::domJIT):
2811         * bytecode/IntrinsicGetterAccessCase.cpp: Added.
2812         (JSC::IntrinsicGetterAccessCase::IntrinsicGetterAccessCase):
2813         (JSC::IntrinsicGetterAccessCase::create):
2814         (JSC::IntrinsicGetterAccessCase::~IntrinsicGetterAccessCase):
2815         (JSC::IntrinsicGetterAccessCase::clone):
2816         * bytecode/IntrinsicGetterAccessCase.h: Added.
2817         (JSC::IntrinsicGetterAccessCase::intrinsicFunction):
2818         (JSC::IntrinsicGetterAccessCase::intrinsic):
2819         * bytecode/PolymorphicAccess.cpp:
2820         (JSC::PolymorphicAccess::regenerate):
2821         (WTF::printInternal):
2822         (JSC::AccessCase::AccessCase): Deleted.
2823         (JSC::AccessCase::tryGet): Deleted.
2824         (JSC::AccessCase::get): Deleted.
2825         (JSC::AccessCase::megamorphicLoad): Deleted.
2826         (JSC::AccessCase::replace): Deleted.
2827         (JSC::AccessCase::transition): Deleted.
2828         (JSC::AccessCase::setter): Deleted.
2829         (JSC::AccessCase::in): Deleted.
2830         (JSC::AccessCase::getLength): Deleted.
2831         (JSC::AccessCase::getIntrinsic): Deleted.
2832         (JSC::AccessCase::~AccessCase): Deleted.
2833         (JSC::AccessCase::fromStructureStubInfo): Deleted.
2834         (JSC::AccessCase::clone): Deleted.
2835         (JSC::AccessCase::commit): Deleted.
2836         (JSC::AccessCase::guardedByStructureCheck): Deleted.
2837         (JSC::AccessCase::alternateBase): Deleted.
2838         (JSC::AccessCase::doesCalls): Deleted.
2839         (JSC::AccessCase::couldStillSucceed): Deleted.
2840         (JSC::AccessCase::canBeReplacedByMegamorphicLoad): Deleted.
2841         (JSC::AccessCase::canReplace): Deleted.
2842         (JSC::AccessCase::dump): Deleted.
2843         (JSC::AccessCase::visitWeak): Deleted.
2844         (JSC::AccessCase::propagateTransitions): Deleted.
2845         (JSC::AccessCase::generateWithGuard): Deleted.
2846         (JSC::AccessCase::generate): Deleted.
2847         (JSC::AccessCase::generateImpl): Deleted.
2848         (JSC::AccessCase::emitDOMJITGetter): Deleted.
2849         * bytecode/PolymorphicAccess.h:
2850         (JSC::AccessCase::type): Deleted.
2851         (JSC::AccessCase::state): Deleted.
2852         (JSC::AccessCase::offset): Deleted.
2853         (JSC::AccessCase::viaProxy): Deleted.
2854         (JSC::AccessCase::structure): Deleted.
2855         (JSC::AccessCase::newStructure): Deleted.
2856         (JSC::AccessCase::conditionSet): Deleted.
2857         (JSC::AccessCase::intrinsicFunction): Deleted.
2858         (JSC::AccessCase::intrinsic): Deleted.
2859         (JSC::AccessCase::domJIT): Deleted.
2860         (JSC::AccessCase::additionalSet): Deleted.
2861         (JSC::AccessCase::customSlotBase): Deleted.
2862         (JSC::AccessCase::isGetter): Deleted.
2863         (JSC::AccessCase::callLinkInfo): Deleted.
2864         (JSC::AccessCase::RareData::RareData): Deleted.
2865         * bytecode/ProxyableAccessCase.cpp: Added.
2866         (JSC::ProxyableAccessCase::ProxyableAccessCase):
2867         (JSC::ProxyableAccessCase::create):
2868         (JSC::ProxyableAccessCase::~ProxyableAccessCase):
2869         (JSC::ProxyableAccessCase::clone):
2870         (JSC::ProxyableAccessCase::dumpImpl):
2871         * bytecode/ProxyableAccessCase.h: Added.
2872         * bytecode/PutByIdStatus.cpp:
2873         (JSC::PutByIdStatus::computeForStubInfo):
2874         * bytecode/StructureStubInfo.cpp:
2875         (JSC::StructureStubInfo::reset):
2876         * bytecode/StructureStubInfo.h:
2877         * dfg/DFGByteCodeParser.cpp:
2878         (JSC::DFG::ByteCodeParser::parseBlock):
2879         * dfg/DFGSpeculativeJIT.cpp:
2880         (JSC::DFG::SpeculativeJIT::compileTryGetById):
2881         * ftl/FTLLowerDFGToB3.cpp:
2882         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2883         (JSC::FTL::DFG::LowerDFGToB3::compileGetById):
2884         * jit/IntrinsicEmitter.cpp:
2885         (JSC::IntrinsicGetterAccessCase::canEmitIntrinsicGetter):
2886         (JSC::IntrinsicGetterAccessCase::emitIntrinsicGetter):
2887         (JSC::AccessCase::canEmitIntrinsicGetter): Deleted.
2888         (JSC::AccessCase::emitIntrinsicGetter): Deleted.
2889         * jit/JITOperations.cpp:
2890         * jit/JITPropertyAccess.cpp:
2891         (JSC::JIT::emit_op_try_get_by_id):
2892         * jit/JITPropertyAccess32_64.cpp:
2893         (JSC::JIT::emit_op_try_get_by_id):
2894         * jit/Repatch.cpp:
2895         (JSC::tryCacheGetByID):
2896         (JSC::tryCachePutByID):
2897         (JSC::tryRepatchIn):
2898         * jit/Repatch.h:
2899         * runtime/Options.h:
2900
2901 2017-02-16  Filip Pizlo  <fpizlo@apple.com>
2902
2903         JSONParseTest needs to hold the lock when the VM is destroyed
2904         https://bugs.webkit.org/show_bug.cgi?id=168450
2905
2906         Rubber stamped by Alex Christensen.
2907
2908         * API/tests/JSONParseTest.cpp:
2909         (testJSONParse):
2910
2911 2017-02-16  Yusuke Suzuki  <utatane.tea@gmail.com>
2912
2913         [JSC] Drop PassRefPtr in inspector/
2914         https://bugs.webkit.org/show_bug.cgi?id=168420
2915
2916         Reviewed by Alex Christensen.
2917
2918         Drop PassRefPtr uses.
2919         And use Ref<Inspector::ScriptArguments> and Ref<ScriptCallStack> as much as possible.
2920         It drops some unnecessary null checks.
2921
2922         * debugger/Debugger.cpp:
2923         (JSC::Debugger::hasBreakpoint):
2924         (JSC::Debugger::currentDebuggerCallFrame):
2925         * debugger/Debugger.h:
2926         * inspector/AsyncStackTrace.cpp:
2927         (Inspector::AsyncStackTrace::create):
2928         (Inspector::AsyncStackTrace::AsyncStackTrace):
2929         (Inspector::AsyncStackTrace::buildInspectorObject):
2930         (Inspector::AsyncStackTrace::truncate):
2931         * inspector/AsyncStackTrace.h:
2932         * inspector/ConsoleMessage.cpp:
2933         (Inspector::ConsoleMessage::ConsoleMessage):
2934         * inspector/ConsoleMessage.h:
2935         * inspector/InjectedScriptManager.cpp:
2936         (Inspector::InjectedScriptManager::InjectedScriptManager):
2937         (Inspector::InjectedScriptManager::injectedScriptHost):
2938         * inspector/InjectedScriptManager.h:
2939         * inspector/JSGlobalObjectConsoleClient.cpp:
2940         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2941         (Inspector::JSGlobalObjectConsoleClient::count):
2942         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2943         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
2944         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
2945         * inspector/JSGlobalObjectConsoleClient.h:
2946         ConsoleClient now takes Ref<ScriptArgument>&& instead of RefPtr<ScriptArgument>&&.
2947
2948         * inspector/JSGlobalObjectInspectorController.cpp:
2949         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
2950         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2951         * inspector/JSGlobalObjectInspectorController.h:
2952         * inspector/JSJavaScriptCallFrame.cpp:
2953         (Inspector::JSJavaScriptCallFrame::JSJavaScriptCallFrame):
2954         (Inspector::toJS):
2955         * inspector/JSJavaScriptCallFrame.h:
2956         (Inspector::JSJavaScriptCallFrame::create):
2957         * inspector/JavaScriptCallFrame.cpp:
2958         (Inspector::JavaScriptCallFrame::JavaScriptCallFrame):
2959         (Inspector::JavaScriptCallFrame::caller):
2960         * inspector/JavaScriptCallFrame.h:
2961         (Inspector::JavaScriptCallFrame::create):
2962         * inspector/ScriptDebugServer.cpp:
2963         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
2964         (Inspector::ScriptDebugServer::dispatchDidPause):
2965         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
2966         * inspector/agents/InspectorConsoleAgent.cpp:
2967         (Inspector::InspectorConsoleAgent::stopTiming):
2968         (Inspector::InspectorConsoleAgent::count):
2969         * inspector/agents/InspectorConsoleAgent.h:
2970         * inspector/agents/InspectorDebuggerAgent.cpp:
2971         (Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):
2972         * runtime/ConsoleClient.cpp:
2973         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2974         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2975         (JSC::ConsoleClient::logWithLevel):
2976         (JSC::ConsoleClient::dir):
2977         (JSC::ConsoleClient::dirXML):
2978         (JSC::ConsoleClient::table):
2979         (JSC::ConsoleClient::trace):
2980         (JSC::ConsoleClient::assertion):
2981         (JSC::ConsoleClient::group):
2982         (JSC::ConsoleClient::groupCollapsed):
2983         (JSC::ConsoleClient::groupEnd):
2984         * runtime/ConsoleClient.h:
2985         * runtime/ConsoleObject.cpp:
2986         (JSC::consoleLogWithLevel):
2987         (JSC::consoleProtoFuncDir):
2988         (JSC::consoleProtoFuncDirXML):
2989         (JSC::consoleProtoFuncTable):
2990         (JSC::consoleProtoFuncTrace):
2991         (JSC::consoleProtoFuncAssert):
2992         (JSC::consoleProtoFuncCount):
2993         (JSC::consoleProtoFuncTimeStamp):
2994         (JSC::consoleProtoFuncGroup):
2995         (JSC::consoleProtoFuncGroupCollapsed):
2996         (JSC::consoleProtoFuncGroupEnd):
2997
2998 2017-02-15  Keith Miller  <keith_miller@apple.com>
2999
3000         Weak should not use jsCast in its accessors
3001         https://bugs.webkit.org/show_bug.cgi?id=168406
3002
3003         Reviewed by Filip Pizlo.
3004
3005         This can cause assertion failures in WebCore where classes might remove themselves
3006         from a data structure in a weak reference, if that reference is still alive.
3007
3008         * heap/WeakInlines.h:
3009         (JSC::>):
3010         (JSC::Weak<T>::operator):
3011         (JSC::Weak<T>::get):
3012
3013 2017-02-16  Yusuke Suzuki  <utatane.tea@gmail.com>
3014
3015         Web Inspector: allow import() inside the inspector
3016         https://bugs.webkit.org/show_bug.cgi?id=167457
3017
3018         Reviewed by Ryosuke Niwa.
3019
3020         We relax import module hook to accept null SourceOrigin.
3021         Such a script can be evaluated from the inspector console.
3022
3023         * jsc.cpp:
3024         (GlobalObject::moduleLoaderImportModule):
3025         * runtime/JSGlobalObjectFunctions.cpp:
3026         (JSC::globalFuncImportModule):
3027
3028 2017-02-16  Yusuke Suzuki  <utatane.tea@gmail.com>
3029
3030         [JSC] Update module namespace object according to the latest ECMA262
3031         https://bugs.webkit.org/show_bug.cgi?id=168280
3032
3033         Reviewed by Saam Barati.
3034
3035         Reflect updates to the module namespace object.
3036
3037         1. @@iterator property is dropped[1].
3038         2. @@toStringTag property becomes non-configurable[1].
3039         3. delete with Symbol should be delegated to the JSObject's one[2].
3040
3041         [1]: https://tc39.github.io/ecma262/#sec-module-namespace-objects
3042         [2]: https://github.com/tc39/ecma262/pull/767
3043
3044         * runtime/JSModuleNamespaceObject.cpp:
3045         (JSC::JSModuleNamespaceObject::finishCreation):
3046         (JSC::JSModuleNamespaceObject::deleteProperty):
3047         (JSC::moduleNamespaceObjectSymbolIterator): Deleted.
3048
3049 2017-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
3050
3051         Unreviewed. Fix the build after r212424.
3052
3053         Add missing file.
3054
3055         * inspector/remote/RemoteInspector.cpp: Added.
3056         (Inspector::RemoteInspector::startDisabled):
3057         (Inspector::RemoteInspector::nextAvailableTargetIdentifier):
3058         (Inspector::RemoteInspector::registerTarget):
3059         (Inspector::RemoteInspector::unregisterTarget):
3060         (Inspector::RemoteInspector::updateTarget):
3061         (Inspector::RemoteInspector::updateClientCapabilities):
3062         (Inspector::RemoteInspector::setRemoteInspectorClient):
3063         (Inspector::RemoteInspector::setupFailed):
3064         (Inspector::RemoteInspector::setupCompleted):
3065         (Inspector::RemoteInspector::waitingForAutomaticInspection):
3066         (Inspector::RemoteInspector::clientCapabilitiesDidChange):
3067         (Inspector::RemoteInspector::stop):
3068         (Inspector::RemoteInspector::listingForTarget):
3069         (Inspector::RemoteInspector::updateHasActiveDebugSession):
3070
3071 2017-02-15  Yusuke Suzuki  <utatane.tea@gmail.com>
3072
3073         [JSC] Drop PassRefPtr in bytecompiler/
3074         https://bugs.webkit.org/show_bug.cgi?id=168374
3075
3076         Reviewed by Sam Weinig.
3077
3078         This patch drops PassRefPtr in bytecompiler directory.
3079         We carefully change this to Ref<>. And we use Ref<Label>
3080         as much as possible instead of using RefPtr<Label>.
3081         And use Label& instead of Label* as much as possible.
3082
3083         Currently we do not apply this change for RefPtr<RegisterID>,
3084         to reduce the size of this patch.
3085
3086         * bytecompiler/BytecodeGenerator.cpp:
3087         (JSC::BytecodeGenerator::BytecodeGenerator):
3088         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3089         (JSC::BytecodeGenerator::newLabelScope):
3090         (JSC::BytecodeGenerator::newLabel):
3091         (JSC::BytecodeGenerator::newEmittedLabel):
3092         Introduce a new helper function, which returns new label that is emitted right here.
3093
3094         (JSC::BytecodeGenerator::emitLabel):
3095         (JSC::BytecodeGenerator::emitJump):
3096         (JSC::BytecodeGenerator::emitJumpIfTrue):
3097         (JSC::BytecodeGenerator::emitJumpIfFalse):
3098         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
3099         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
3100         Drop returning Ref<Label> since nobody uses it.
3101
3102         (JSC::BytecodeGenerator::emitGetByVal):
3103         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
3104         (JSC::BytecodeGenerator::emitCall):
3105         (JSC::BytecodeGenerator::emitReturn):
3106         (JSC::BytecodeGenerator::emitConstruct):
3107         (JSC::BytecodeGenerator::pushFinallyControlFlowScope):
3108         (JSC::BytecodeGenerator::breakTarget):
3109         (JSC::BytecodeGenerator::pushTry):
3110         (JSC::BytecodeGenerator::popTry):
3111         (JSC::prepareJumpTableForSwitch):
3112         (JSC::prepareJumpTableForStringSwitch):
3113         (JSC::BytecodeGenerator::endSwitch):
3114         (JSC::BytecodeGenerator::emitEnumeration):
3115         (JSC::BytecodeGenerator::emitIteratorNext):
3116         (JSC::BytecodeGenerator::emitIteratorNextWithValue):
3117         (JSC::BytecodeGenerator::emitIteratorClose):
3118         (JSC::BytecodeGenerator::pushIndexedForInScope):
3119         (JSC::BytecodeGenerator::pushStructureForInScope):
3120         (JSC::BytecodeGenerator::invalidateForInContextForLocal):
3121         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
3122         (JSC::BytecodeGenerator::emitYieldPoint):
3123         (JSC::BytecodeGenerator::emitYield):
3124         (JSC::BytecodeGenerator::emitDelegateYield):
3125         (JSC::BytecodeGenerator::emitJumpViaFinallyIfNeeded):
3126         (JSC::BytecodeGenerator::emitReturnViaFinallyIfNeeded):
3127         (JSC::BytecodeGenerator::emitFinallyCompletion):
3128         (JSC::BytecodeGenerator::emitJumpIf):
3129         * bytecompiler/BytecodeGenerator.h:
3130         FinallyJump, FinallyContext, TryData, TryContext and TryRange hold Ref<Label>
3131         instead of RefPtr<Label>. They are never nullptr.
3132
3133         (JSC::FinallyJump::FinallyJump):
3134         (JSC::FinallyContext::FinallyContext):
3135         (JSC::FinallyContext::registerJump):
3136         (JSC::BytecodeGenerator::emitNodeInConditionContext):
3137         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
3138         * bytecompiler/Label.h:
3139         Make Label noncopyable.
3140
3141         * bytecompiler/LabelScope.h:
3142         (JSC::LabelScope::LabelScope):
3143         (JSC::LabelScope::breakTarget):
3144         breakTarget always returns Label&. On the other hand, continueTarget may be nullptr.
3145         So it returns Label*.
3146
3147         * bytecompiler/NodesCodegen.cpp:
3148         (JSC::ExpressionNode::emitBytecodeInConditionContext):
3149         (JSC::ConstantNode::emitBytecodeInConditionContext):
3150         (JSC::FunctionCallValueNode::emitBytecode):
3151         (JSC::CallFunctionCallDotNode::emitBytecode):
3152         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3153         (JSC::LogicalNotNode::emitBytecodeInConditionContext):
3154         (JSC::BinaryOpNode::emitBytecodeInConditionContext):
3155         (JSC::InstanceOfNode::emitBytecode):
3156         (JSC::LogicalOpNode::emitBytecode):
3157         (JSC::LogicalOpNode::emitBytecodeInConditionContext):
3158         (JSC::ConditionalNode::emitBytecode):
3159         (JSC::IfElseNode::emitBytecode):
3160         (JSC::DoWhileNode::emitBytecode):
3161         (JSC::WhileNode::emitBytecode):
3162         (JSC::ForNode::emitBytecode):
3163         (JSC::ForInNode::emitBytecode):
3164         (JSC::ContinueNode::trivialTarget):
3165         (JSC::ContinueNode::emitBytecode):
3166         (JSC::BreakNode::trivialTarget):
3167         (JSC::CaseBlockNode::emitBytecodeForBlock):
3168         (JSC::TryNode::emitBytecode):
3169         (JSC::FunctionNode::emitBytecode):
3170         (JSC::ClassExprNode::emitBytecode):
3171         (JSC::assignDefaultValueIfUndefined):
3172         (JSC::ArrayPatternNode::bindValue):
3173         Use Ref<Label> and Label&.
3174
3175         * parser/Nodes.h:
3176
3177 2017-02-15  Alex Christensen  <achristensen@webkit.org>
3178
3179         Unreviewed, rolling out r212394.
3180
3181         Fixed iOS WebInspector
3182
3183         Reverted changeset:
3184
3185         "Unreviewed, rolling out r212169."
3186         https://bugs.webkit.org/show_bug.cgi?id=166681
3187         http://trac.webkit.org/changeset/212394
3188
3189 2017-02-15  Guillaume Emont  <guijemont@igalia.com>
3190
3191         MIPS: add missing implementations of load8SignedExtendTo32()
3192
3193         JSC: missing implementations of MacroAssemblerMIPS::load8SignedExtendTo32()
3194         https://bugs.webkit.org/show_bug.cgi?id=168350
3195
3196         Reviewed by Yusuke Suzuki.
3197
3198         * assembler/MacroAssemblerMIPS.h:
3199         (JSC::MacroAssemblerMIPS::load8SignedExtendTo32):
3200         Add missing implementations
3201
3202 2017-02-15  Alex Christensen  <achristensen@webkit.org>
3203
3204         Unreviewed, rolling out r212169.
3205
3206         Broke iOS WebInspector
3207
3208         Reverted changeset:
3209
3210         "WebInspector: refactor RemoteInspector to move cocoa specific
3211         code to their own files"
3212         https://bugs.webkit.org/show_bug.cgi?id=166681
3213         http://trac.webkit.org/changeset/212169
3214
3215 2017-02-15  Chris Dumez  <cdumez@apple.com>
3216
3217         Expose Symbol.toPrimitive / valueOf on Location instances
3218         https://bugs.webkit.org/show_bug.cgi?id=168295
3219
3220         Reviewed by Geoffrey Garen, Keith Miller and Mark Lam.
3221
3222         Cache origin objectProtoValueOf function on JSGlobalObject.
3223
3224         * runtime/JSGlobalObject.cpp:
3225         (JSC::JSGlobalObject::init):
3226         * runtime/JSGlobalObject.h:
3227         (JSC::JSGlobalObject::objectProtoValueOfFunction):
3228
3229 2017-02-15  Yusuke Suzuki  <utatane.tea@gmail.com>
3230
3231         [JSC] Drop PassRefPtr
3232         https://bugs.webkit.org/show_bug.cgi?id=168320
3233
3234         Reviewed by Saam Barati.
3235
3236         * API/JSContextRef.cpp:
3237         (JSGlobalContextCreateInGroup):
3238         Use Ref<VM> from the factory function.
3239
3240         * API/JSScriptRef.cpp:
3241         (OpaqueJSScript::create):
3242         Return Ref<> instead.
3243
3244         * API/tests/JSONParseTest.cpp:
3245         (testJSONParse):
3246         Use Ref<VM>.
3247
3248         * assembler/LinkBuffer.cpp:
3249         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
3250         Use reference since we already perform null check.
3251
3252         * assembler/MacroAssemblerCodeRef.h:
3253         (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
3254         Take Ref<>&& instead of PassRefPtr<>.
3255
3256         * bytecode/CallLinkInfo.h:
3257         (JSC::CallLinkInfo::setStub):
3258         (JSC::CallLinkInfo::setSlowStub):
3259         Take Ref<>&& instead of PassRefPtr<>.
3260
3261         * bytecode/CodeBlock.cpp:
3262         (JSC::CodeBlock::CodeBlock):
3263         Take RefPtr<SourceProvider>. Currently, the SourceProvider would be nullptr.
3264         We will change it to Ref<SourceProvider> in https://bugs.webkit.org/show_bug.cgi?id=168325.
3265
3266         (JSC::CodeBlock::finishCreation):
3267         Take Ref<TypeSet>&&.
3268
3269         * bytecode/CodeBlock.h:
3270         (JSC::CodeBlock::setJITCode):
3271         Take Ref<>&& instead.
3272
3273         (JSC::CodeBlock::jitCode):
3274         Return RefPtr<> instead.
3275
3276         * bytecode/EvalCodeBlock.h:
3277         (JSC::EvalCodeBlock::create):
3278         Take RefPtr<>&& instead since SourceProvider woule be nullptr.
3279
3280         (JSC::EvalCodeBlock::EvalCodeBlock):
3281         * bytecode/FunctionCodeBlock.h:
3282         (JSC::FunctionCodeBlock::create):
3283         (JSC::FunctionCodeBlock::FunctionCodeBlock):
3284         Take RefPtr<>&& instead since SourceProvider woule be nullptr.
3285
3286         * bytecode/GlobalCodeBlock.h:
3287         (JSC::GlobalCodeBlock::GlobalCodeBlock):
3288         Take RefPtr<>&& instead since SourceProvider woule be nullptr.
3289
3290         * bytecode/ModuleProgramCodeBlock.h:
3291         (JSC::ModuleProgramCodeBlock::create):
3292         (JSC::ModuleProgramCodeBlock::ModuleProgramCodeBlock):
3293         Take RefPtr<>&& instead since SourceProvider woule be nullptr.
3294
3295         * bytecode/ProgramCodeBlock.h:
3296         (JSC::ProgramCodeBlock::create):
3297         (JSC::ProgramCodeBlock::ProgramCodeBlock):
3298         Take RefPtr<>&& instead since SourceProvider woule be nullptr.
3299
3300         * debugger/DebuggerParseData.cpp:
3301         (JSC::gatherDebuggerParseDataForSource):
3302         Ensure the provider is not nullptr. It is OK because we already
3303         touch `provider->xxx` values.
3304
3305         * dfg/DFGBlockInsertionSet.cpp:
3306         (JSC::DFG::BlockInsertionSet::insert):
3307         Take Ref<>&& instead.
3308
3309         * dfg/DFGBlockInsertionSet.h:
3310         * dfg/DFGByteCodeParser.cpp:
3311         (JSC::DFG::ByteCodeParser::inlineCall):
3312         (JSC::DFG::ByteCodeParser::handleInlining):
3313         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3314         Pass Ref<>&& to appendBlock.
3315
3316         * dfg/DFGDriver.cpp:
3317         (JSC::DFG::compileImpl):
3318         (JSC::DFG::compile):
3319         Pass Ref<Plan>&&. And take Ref<>&& callback.
3320
3321         * dfg/DFGDriver.h:
3322         * dfg/DFGGraph.h:
3323         appendBlock takes Ref<>&&.
3324
3325         (JSC::DFG::Graph::appendBlock):
3326         * dfg/DFGJITCompiler.cpp:
3327         (JSC::DFG::JITCompiler::compile):
3328         (JSC::DFG::JITCompiler::compileFunction):
3329         * dfg/DFGJITCompiler.h:
3330         (JSC::DFG::JITCompiler::jitCode):
3331         * dfg/DFGJITFinalizer.cpp:
3332         (JSC::DFG::JITFinalizer::JITFinalizer):
3333         Take Ref<JITCode>&&.