Separate configuration extraction from offset extraction
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-12  Tadeu Zagallo  <tzagallo@apple.com>
2
3         Separate configuration extraction from offset extraction
4         https://bugs.webkit.org/show_bug.cgi?id=189708
5
6         Reviewed by Keith Miller.
7
8         Instead of generating a file with all offsets for every combination of
9         configurations, we first generate a file with only the configuration
10         indices and pass that to the offset extractor. The offset extractor then
11         only generates the offsets for valid configurations
12
13         * CMakeLists.txt:
14         * JavaScriptCore.xcodeproj/project.pbxproj:
15         * llint/LLIntOffsetsExtractor.cpp:
16         (JSC::LLIntOffsetsExtractor::dummy):
17         * llint/LLIntSettingsExtractor.cpp: Added.
18         (main):
19         * offlineasm/generate_offset_extractor.rb:
20         * offlineasm/generate_settings_extractor.rb: Added.
21         * offlineasm/offsets.rb:
22         * offlineasm/settings.rb:
23
24 2018-10-12  Ryan Haddad  <ryanhaddad@apple.com>
25
26         Unreviewed, rolling out r237063.
27
28         Caused layout test fast/dom/Window/window-postmessage-clone-
29         deep-array.html to fail on macOS and iOS Debug bots.
30
31         Reverted changeset:
32
33         "[JSC] Remove gcc warnings on mips and armv7"
34         https://bugs.webkit.org/show_bug.cgi?id=188598
35         https://trac.webkit.org/changeset/237063
36
37 2018-10-11  Guillaume Emont  <guijemont@igalia.com>
38
39         [JSC] Remove gcc warnings on mips and armv7
40         https://bugs.webkit.org/show_bug.cgi?id=188598
41
42         Reviewed by Mark Lam.
43
44         Fix many gcc/clang warnings that are false positives, mostly alignment
45         issues.
46
47         * assembler/MacroAssemblerPrinter.cpp:
48         (JSC::Printer::printMemory):
49         Use bitwise_cast instead of reinterpret_cast.
50         * assembler/testmasm.cpp:
51         (JSC::floatOperands):
52         marked as potentially unused as it is not used on all platforms.
53         (JSC::testProbeModifiesStackValues):
54         modifiedFlags is not used on mips, so don't declare it.
55         * bytecode/CodeBlock.h:
56         Make ScriptExecutable::prepareForExecution() return an
57         std::optional<Exception*> instead of a JSObject*.
58         * interpreter/Interpreter.cpp:
59         (JSC::Interpreter::executeProgram):
60         (JSC::Interpreter::executeCall):
61         (JSC::Interpreter::executeConstruct):
62         (JSC::Interpreter::prepareForRepeatCall):
63         (JSC::Interpreter::execute):
64         (JSC::Interpreter::executeModuleProgram):
65         Update calling code for the prototype change of
66         ScriptExecutable::prepareForExecution().
67         * jit/JITOperations.cpp: Same as for Interpreter.cpp.
68         * llint/LLIntSlowPaths.cpp:
69         (JSC::LLInt::setUpCall): Same as for Interpreter.cpp.
70         * runtime/JSBigInt.cpp:
71         (JSC::JSBigInt::dataStorage):
72         Use bitwise_cast instead of reinterpret_cast.
73         * runtime/ScriptExecutable.cpp:
74         * runtime/ScriptExecutable.h:
75         Make ScriptExecutable::prepareForExecution() return an
76         std::optional<Exception*> instead of a JSObject*.
77         * tools/JSDollarVM.cpp:
78         (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast.
79
80 2018-10-11  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
81
82         Use currentStackPointer more
83         https://bugs.webkit.org/show_bug.cgi?id=190503
84
85         Reviewed by Saam Barati.
86
87         * runtime/VM.cpp:
88         (JSC::VM::committedStackByteCount):
89
90 2018-10-08  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
91
92         [JSC] JSC should have "parseFunction" to optimize Function constructor
93         https://bugs.webkit.org/show_bug.cgi?id=190340
94
95         Reviewed by Mark Lam.
96
97         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
98         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
99         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
100         is really costly and ideally we should meet the above requirement by the one time parsing.
101
102         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
103         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
104         For example, if we run the code,
105
106             Function('/*', '*/){')
107
108         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
109         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
110         that, in our implementation, we first create the entire string.
111
112             function anonymous(/*) {
113                 */){
114             }
115
116         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
117         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
118         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
119         above example while we parse the entire function only once. And we do not need to create two strings too.
120
121         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
122         significantly sped up (28.2%).
123
124         Before:
125             uglify-js:  2.94 runs/s
126         After:
127             uglify-js:  3.77 runs/s
128
129         * bytecode/UnlinkedFunctionExecutable.cpp:
130         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
131         * bytecode/UnlinkedFunctionExecutable.h:
132         * parser/Parser.cpp:
133         (JSC::Parser<LexerType>::parseInner):
134         (JSC::Parser<LexerType>::parseSingleFunction):
135         (JSC::Parser<LexerType>::parseFunctionInfo):
136         (JSC::Parser<LexerType>::parseFunctionDeclaration):
137         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
138         (JSC::Parser<LexerType>::parseClass):
139         (JSC::Parser<LexerType>::parsePropertyMethod):
140         (JSC::Parser<LexerType>::parseGetterSetter):
141         (JSC::Parser<LexerType>::parseFunctionExpression):
142         (JSC::Parser<LexerType>::parseAsyncFunctionExpression):
143         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
144         * parser/Parser.h:
145         (JSC::Parser<LexerType>::parse):
146         (JSC::parse):
147         (JSC::parseFunctionForFunctionConstructor):
148         * parser/ParserModes.h:
149         * parser/ParserTokens.h:
150         (JSC::JSTextPosition::JSTextPosition):
151         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
152         * parser/SourceCodeKey.h:
153         (JSC::SourceCodeKey::SourceCodeKey):
154         (JSC::SourceCodeKey::operator== const):
155         * runtime/CodeCache.cpp:
156         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
157         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
158         * runtime/CodeCache.h:
159         * runtime/FunctionConstructor.cpp:
160         (JSC::constructFunctionSkippingEvalEnabledCheck):
161         * runtime/FunctionExecutable.cpp:
162         (JSC::FunctionExecutable::fromGlobalCode):
163         * runtime/FunctionExecutable.h:
164
165 2018-10-11  Ross Kirsling  <ross.kirsling@sony.com>
166
167         Fix non-existent define `CPU(JSVALUE64)`
168         https://bugs.webkit.org/show_bug.cgi?id=190479
169
170         Reviewed by Yusuke Suzuki.
171
172         * jit/CCallHelpers.h:
173         (JSC::CCallHelpers::setupArgumentsImpl):
174         Correct CPU(JSVALUE64) to USE(JSVALUE64).
175
176 2018-10-11  Keith Rollin  <krollin@apple.com>
177
178         CURRENT_ARCH should not be used in Run Script phase.
179         https://bugs.webkit.org/show_bug.cgi?id=190407
180         <rdar://problem/45133556>
181
182         Reviewed by Alexey Proskuryakov.
183
184         CURRENT_ARCH is used in a number of Xcode Run Script phases. However,
185         CURRENT_ARCH is not well-defined during this phase (and may even have
186         the value "undefined") since this phase is run just once per build
187         rather than once per supported architecture. Migrate away from
188         CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and
189         performing an operation for each value, or by picking the first entry
190         in ARCHS and using that as a representative value.
191
192         * JavaScriptCore.xcodeproj/project.pbxproj: Store
193         LLIntDesiredOffsets.h into a directory with a name based on ARCHS
194         rather than CURRENT_ARCH.
195
196 2018-10-10  Mark Lam  <mark.lam@apple.com>
197
198         Changes towards allowing use of the ASAN detect_stack_use_after_return option.
199         https://bugs.webkit.org/show_bug.cgi?id=190405
200         <rdar://problem/45131464>
201
202         Reviewed by Michael Saboff.
203
204         The ASAN detect_stack_use_after_return option checks for use of stack variables
205         after they have been freed.  It does this by allocating relevant stack variables
206         in heap memory (instead of on the stack) if the code ever takes the address of
207         those stack variables.  Unfortunately, this is a common idiom that we use to
208         compute the approximate stack pointer value.  As a result, on such ASAN runs, the
209         computed approximate stack pointer value will point into the heap instead of the
210         stack.  This breaks the VM's expectations and wreaks havoc.
211
212         To fix this, we use the newly introduced WTF::currentStackPointer() instead of
213         taking the address of stack variables.
214
215         We also need to enhance ExceptionScopes to be able to work with ASAN
216         detect_stack_use_after_return which will allocated the scope in the heap.  We
217         work around this by passing the current stack pointer of the instantiating calling
218         frame into the scope constructor, and using that for the position check in
219         ~ThrowScope() instead.
220
221         The above is only a start towards enabling ASAN detect_stack_use_after_return on
222         the VM.  There are still other issues to be resolved before we can run with this
223         ASAN option.
224
225         * runtime/CatchScope.h:
226         * runtime/ExceptionEventLocation.h:
227         (JSC::ExceptionEventLocation::ExceptionEventLocation):
228         * runtime/ExceptionScope.h:
229         (JSC::ExceptionScope::stackPosition const):
230         * runtime/JSLock.cpp:
231         (JSC::JSLock::didAcquireLock):
232         * runtime/ThrowScope.cpp:
233         (JSC::ThrowScope::~ThrowScope):
234         * runtime/ThrowScope.h:
235         * runtime/VM.h:
236         (JSC::VM::needExceptionCheck const):
237         (JSC::VM::isSafeToRecurse const):
238         * wasm/js/WebAssemblyFunction.cpp:
239         (JSC::callWebAssemblyFunction):
240         * yarr/YarrPattern.cpp:
241         (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const):
242
243 2018-10-10  Devin Rousso  <drousso@apple.com>
244
245         Web Inspector: create special Network waterfall for media events
246         https://bugs.webkit.org/show_bug.cgi?id=189773
247         <rdar://problem/44626605>
248
249         Reviewed by Joseph Pecoraro.
250
251         * inspector/protocol/DOM.json:
252         Add `didFireEvent` event that is fired when specific event listeners added by
253         `InspectorInstrumentation::addEventListenersToNode` are fired.
254
255 2018-10-10  Michael Saboff  <msaboff@apple.com>
256
257         Increase executable memory pool from 64MB to 128MB for ARM64
258         https://bugs.webkit.org/show_bug.cgi?id=190453
259
260         Reviewed by Saam Barati.
261
262         * jit/ExecutableAllocator.cpp:
263
264 2018-10-10  Devin Rousso  <drousso@apple.com>
265
266         Web Inspector: notify the frontend when a canvas has started recording via console.record
267         https://bugs.webkit.org/show_bug.cgi?id=190306
268
269         Reviewed by Brian Burg.
270
271         * inspector/protocol/Canvas.json:
272         Add `recordingStarted` event.
273
274         * inspector/protocol/Recording.json:
275         Add `Initiator` enum for determining who started the recording.
276
277 2018-10-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
278
279         [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr
280         https://bugs.webkit.org/show_bug.cgi?id=190429
281
282         Reviewed by Saam Barati.
283
284         Some createXXX functions can fail. But sometimes the caller does not perform error checking.
285         To make it explicit that these functions can fail, we rename these functions from createXXX
286         to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory
287         function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX
288         and it should return RefPtr<>.
289
290         This patch mainly focuses on TypedArray factory functions. Previously, these functions are
291         `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`.
292         And we also introduce `Ref<XXXArray> create(...)` function which internally performs
293         RELEASE_ASSERT on the result of `tryCreate(...)`.
294
295         And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail.
296
297         This change actually finds one place which does not perform any null checkings while it uses
298         `RefPtr<> create(...)` function.
299
300         * API/JSCallbackObjectFunctions.h:
301         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
302         (JSC::JSCallbackObject<Parent>::put):
303         (JSC::JSCallbackObject<Parent>::putByIndex):
304         (JSC::JSCallbackObject<Parent>::deleteProperty):
305         (JSC::JSCallbackObject<Parent>::callbackGetter):
306         * API/JSClassRef.h:
307         (StaticValueEntry::StaticValueEntry):
308         * API/JSContext.mm:
309         (-[JSContext evaluateScript:withSourceURL:]):
310         (-[JSContext setName:]):
311         * API/JSContextRef.cpp:
312         (JSGlobalContextCopyName):
313         (JSContextCreateBacktrace):
314         * API/JSObjectRef.cpp:
315         (JSObjectCopyPropertyNames):
316         * API/JSScriptRef.cpp:
317         * API/JSStringRef.cpp:
318         (JSStringCreateWithCharactersNoCopy):
319         * API/JSValue.mm:
320         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
321         (+[JSValue valueWithNewErrorFromMessage:inContext:]):
322         (+[JSValue valueWithNewSymbolFromDescription:inContext:]):
323         (performPropertyOperation):
324         (-[JSValue invokeMethod:withArguments:]):
325         (containerValueToObject):
326         (objectToValueWithoutCopy):
327         (objectToValue):
328         * API/JSValueRef.cpp:
329         (JSValueCreateJSONString):
330         (JSValueToStringCopy):
331         * API/OpaqueJSString.cpp:
332         (OpaqueJSString::tryCreate):
333         (OpaqueJSString::create): Deleted.
334         * API/OpaqueJSString.h:
335         * API/glib/JSCContext.cpp:
336         (evaluateScriptInContext):
337         * API/glib/JSCValue.cpp:
338         (jsc_value_new_string_from_bytes):
339         * ftl/FTLLazySlowPath.h:
340         (JSC::FTL::LazySlowPath::createGenerator):
341         * ftl/FTLLazySlowPathCall.h:
342         (JSC::FTL::createLazyCallGenerator):
343         * ftl/FTLOSRExit.cpp:
344         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
345         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
346         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
347         * ftl/FTLOSRExit.h:
348         * ftl/FTLPatchpointExceptionHandle.cpp:
349         (JSC::FTL::PatchpointExceptionHandle::create):
350         (JSC::FTL::PatchpointExceptionHandle::createHandle):
351         * ftl/FTLPatchpointExceptionHandle.h:
352         * heap/EdenGCActivityCallback.h:
353         (JSC::GCActivityCallback::tryCreateEdenTimer):
354         (JSC::GCActivityCallback::createEdenTimer): Deleted.
355         * heap/FullGCActivityCallback.h:
356         (JSC::GCActivityCallback::tryCreateFullTimer):
357         (JSC::GCActivityCallback::createFullTimer): Deleted.
358         * heap/GCActivityCallback.h:
359         * heap/Heap.cpp:
360         (JSC::Heap::Heap):
361         * inspector/AsyncStackTrace.cpp:
362         (Inspector::AsyncStackTrace::create):
363         * inspector/AsyncStackTrace.h:
364         * jsc.cpp:
365         (fillBufferWithContentsOfFile):
366         * runtime/ArrayBuffer.h:
367         * runtime/GenericTypedArrayView.h:
368         * runtime/GenericTypedArrayViewInlines.h:
369         (JSC::GenericTypedArrayView<Adaptor>::create):
370         (JSC::GenericTypedArrayView<Adaptor>::tryCreate):
371         (JSC::GenericTypedArrayView<Adaptor>::createUninitialized):
372         (JSC::GenericTypedArrayView<Adaptor>::tryCreateUninitialized):
373         (JSC::GenericTypedArrayView<Adaptor>::subarray const):
374         * runtime/JSArrayBufferView.cpp:
375         (JSC::JSArrayBufferView::possiblySharedImpl):
376         * runtime/JSGenericTypedArrayViewInlines.h:
377         (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
378         (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
379         * wasm/WasmMemory.cpp:
380         (JSC::Wasm::Memory::create):
381         (JSC::Wasm::Memory::tryCreate):
382         * wasm/WasmMemory.h:
383         * wasm/WasmTable.cpp:
384         (JSC::Wasm::Table::tryCreate):
385         (JSC::Wasm::Table::create): Deleted.
386         * wasm/WasmTable.h:
387         * wasm/js/JSWebAssemblyInstance.cpp:
388         (JSC::JSWebAssemblyInstance::create):
389         * wasm/js/JSWebAssemblyMemory.cpp:
390         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
391         * wasm/js/WebAssemblyMemoryConstructor.cpp:
392         (JSC::constructJSWebAssemblyMemory):
393         * wasm/js/WebAssemblyModuleRecord.cpp:
394         (JSC::WebAssemblyModuleRecord::link):
395         * wasm/js/WebAssemblyTableConstructor.cpp:
396         (JSC::constructJSWebAssemblyTable):
397
398 2018-10-09  Devin Rousso  <drousso@apple.com>
399
400         Web Inspector: show redirect requests in Network and Timelines tabs
401         https://bugs.webkit.org/show_bug.cgi?id=150005
402         <rdar://problem/5378164>
403
404         Reviewed by Joseph Pecoraro.
405
406         * inspector/protocol/Network.json:
407         Add missing fields to `ResourceTiming`.
408
409 2018-10-09  Claudio Saavedra  <csaavedra@igalia.com>
410
411         [WPE] Explicitly link against gmodule where used
412         https://bugs.webkit.org/show_bug.cgi?id=190398
413
414         Reviewed by Michael Catanzaro.
415
416         * PlatformWPE.cmake:
417
418 2018-10-08  Justin Fan  <justin_fan@apple.com>
419
420         WebGPU: Rename old WebGPU prototype to WebMetal
421         https://bugs.webkit.org/show_bug.cgi?id=190325
422         <rdar://problem/44990443>
423
424         Reviewed by Dean Jackson.
425
426         Rename WebGPU prototype files to WebMetal in preparation for implementing the new (Oct 2018) WebGPU interface.
427
428         * Configurations/FeatureDefines.xcconfig:
429         * inspector/protocol/Canvas.json:
430         * inspector/scripts/codegen/generator.py:
431
432 2018-10-08  Aditya Keerthi  <akeerthi@apple.com>
433
434         Make <input type=color> a runtime enabled (on-by-default) feature
435         https://bugs.webkit.org/show_bug.cgi?id=189162
436
437         Reviewed by Wenson Hsieh and Tim Horton.
438
439         * Configurations/FeatureDefines.xcconfig:
440
441 2018-10-08  Devin Rousso  <drousso@apple.com>
442
443         Web Inspector: group media network entries by the node that triggered the request
444         https://bugs.webkit.org/show_bug.cgi?id=189606
445         <rdar://problem/44438527>
446
447         Reviewed by Brian Burg.
448
449         * inspector/protocol/Network.json:
450         Add an optional `nodeId` field to the `Initiator` object that is set it is possible to
451         determine which ancestor node triggered the load. It may not correspond directly to the node
452         with the href/src, as that url may only be used by an ancestor for loading.
453
454 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
455
456         [JSC][Linux] Use non-truncated name for JIT workers in Linux
457         https://bugs.webkit.org/show_bug.cgi?id=190339
458
459         Reviewed by Mark Lam.
460
461         The current thread names are meaningless in Linux environment. We do not want to
462         have truncated name in Linux: we want to have clear name in Linux. Instead, we
463         should have the name for Linux separately from the name used in the non-Linux
464         environments. This patch adds FTLWorker, DFGWorker, and JITWorker names for
465         Linux environment.
466
467         * dfg/DFGWorklist.cpp:
468         (JSC::DFG::createWorklistName):
469         (JSC::DFG::Worklist::Worklist):
470         (JSC::DFG::Worklist::create):
471         (JSC::DFG::ensureGlobalDFGWorklist):
472         (JSC::DFG::ensureGlobalFTLWorklist):
473         * dfg/DFGWorklist.h:
474         * jit/JITWorklist.cpp:
475
476 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
477
478         Name Heap threads
479         https://bugs.webkit.org/show_bug.cgi?id=190337
480
481         Reviewed by Mark Lam.
482
483         Name heap threads as "Heap Helper Thread". In Linux, we name it "HeapHelper" since
484         Linux does not accept the name longer than 15. We do not want to use the short name
485         for non-Linux environment. And we want to have clear name in Linux: truncated name
486         is not good. So, having the two names is the only way.
487
488         * heap/HeapHelperPool.cpp:
489         (JSC::heapHelperPool):
490
491 2018-10-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
492
493         [JSC] Avoid creating ProgramExecutable in checkSyntax
494         https://bugs.webkit.org/show_bug.cgi?id=190332
495
496         Reviewed by Mark Lam.
497
498         uglify-js in web-tooling-benchmark executes massive number of Function constructor calls.
499         In Function constructor code, we perform checkSyntax for body and parameters. So fast checkSyntax
500         is important when the performance of Function constructor matters. Current checkSyntax code
501         unnecessarily allocates ProgramExecutable. This patch removes this allocation and improves
502         the benchmark score slightly.
503
504         Before:
505             uglify-js:  2.87 runs/s
506         After:
507             uglify-js:  2.94 runs/s
508
509         * runtime/Completion.cpp:
510         (JSC::checkSyntaxInternal):
511         (JSC::checkSyntax):
512         * runtime/ProgramExecutable.cpp:
513         (JSC::ProgramExecutable::checkSyntax): Deleted.
514         * runtime/ProgramExecutable.h:
515
516 2018-10-06  Caio Lima  <ticaiolima@gmail.com>
517
518         [ESNext][BigInt] Implement support for "|"
519         https://bugs.webkit.org/show_bug.cgi?id=186229
520
521         Reviewed by Yusuke Suzuki.
522
523         This patch is introducing support for BigInt into bitwise "or" operator.
524         In addition, we are also introducing 2 new DFG nodes, named "ArithBitOr" and
525         "ValueBitOr", to replace "BitOr" node. The idea is to follow the
526         difference that we make on Arith<op> and Value<op>, where ArithBitOr
527         handles cases when the operands are Int32 and ValueBitOr handles
528         the remaining cases.
529
530         We are also changing op_bitor to use ValueProfile. We are using
531         ValueProfile during DFG generation to emit "ArithBitOr" when
532         outcome prediction is Int32.
533
534         * bytecode/CodeBlock.cpp:
535         (JSC::CodeBlock::finishCreation):
536         (JSC::CodeBlock::arithProfileForPC):
537         * bytecompiler/BytecodeGenerator.cpp:
538         (JSC::BytecodeGenerator::emitBinaryOp):
539         * dfg/DFGAbstractInterpreterInlines.h:
540         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
541         * dfg/DFGBackwardsPropagationPhase.cpp:
542         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
543         (JSC::DFG::BackwardsPropagationPhase::propagate):
544         * dfg/DFGByteCodeParser.cpp:
545         (JSC::DFG::ByteCodeParser::parseBlock):
546         * dfg/DFGClobberize.h:
547         (JSC::DFG::clobberize):
548         * dfg/DFGDoesGC.cpp:
549         (JSC::DFG::doesGC):
550         * dfg/DFGFixupPhase.cpp:
551         (JSC::DFG::FixupPhase::fixupNode):
552         * dfg/DFGNodeType.h:
553         * dfg/DFGOperations.cpp:
554         (JSC::DFG::bitwiseOp):
555         * dfg/DFGOperations.h:
556         * dfg/DFGPredictionPropagationPhase.cpp:
557         * dfg/DFGSafeToExecute.h:
558         (JSC::DFG::safeToExecute):
559         * dfg/DFGSpeculativeJIT.cpp:
560         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
561         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
562         * dfg/DFGSpeculativeJIT.h:
563         (JSC::DFG::SpeculativeJIT::bitOp):
564         * dfg/DFGSpeculativeJIT32_64.cpp:
565         (JSC::DFG::SpeculativeJIT::compile):
566         * dfg/DFGSpeculativeJIT64.cpp:
567         (JSC::DFG::SpeculativeJIT::compile):
568         * dfg/DFGStrengthReductionPhase.cpp:
569         (JSC::DFG::StrengthReductionPhase::handleNode):
570         * ftl/FTLCapabilities.cpp:
571         (JSC::FTL::canCompile):
572         * ftl/FTLLowerDFGToB3.cpp:
573         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
574         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr):
575         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitOr):
576         (JSC::FTL::DFG::LowerDFGToB3::compileBitOr): Deleted.
577         * jit/JITArithmetic.cpp:
578         (JSC::JIT::emit_op_bitor):
579         * llint/LowLevelInterpreter32_64.asm:
580         * llint/LowLevelInterpreter64.asm:
581         * runtime/CommonSlowPaths.cpp:
582         (JSC::SLOW_PATH_DECL):
583         * runtime/JSBigInt.cpp:
584         (JSC::JSBigInt::bitwiseAnd):
585         (JSC::JSBigInt::bitwiseOr):
586         (JSC::JSBigInt::absoluteBitwiseOp):
587         (JSC::JSBigInt::absoluteAddOne):
588         * runtime/JSBigInt.h:
589
590 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
591
592         [JSC] Use new extra memory reporting in SparseArrayMap
593         https://bugs.webkit.org/show_bug.cgi?id=190278
594
595         Reviewed by Keith Miller.
596
597         This patch switches the extra memory reporting mechanism from deprecatedReportExtraMemory
598         to reportExtraMemoryAllocated & reportExtraMemoryVisited in SparseArrayMap.
599
600         * runtime/SparseArrayValueMap.cpp:
601         (JSC::SparseArrayValueMap::add):
602         (JSC::SparseArrayValueMap::visitChildren):
603
604 2018-10-05  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
605
606         [JSC][Linux] Support Perf JITDump logging
607         https://bugs.webkit.org/show_bug.cgi?id=189893
608
609         Reviewed by Mark Lam.
610
611         This patch adds Linux `perf` command's JIT Dump support. It allows JSC to tell perf about JIT code information.
612         We add a command line option, `--logJITCodeForPerf`, which dumps `jit-%pid.dump` in the current directory.
613         By using this dump and perf.data output, we can annotate JIT code with profiling information.
614
615             $ echo "(function f() { var s = 0; for (var i = 0; i < 1000000000; i++) { s += i; } return s; })();" > test.js
616             $ perf record -k mono ../../WebKitBuild/perf/Release/bin/jsc test.js --logJITCodeForPerf=true
617             [ perf record: Woken up 1 times to write data ]
618             [ perf record: Captured and wrote 0.182 MB perf.data (4346 samples) ]
619             $ perf inject --jit -i perf.data -o perf.jit.data
620             $ perf report -i perf.jit.data
621
622         * Sources.txt:
623         * assembler/LinkBuffer.cpp:
624         (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
625         * assembler/LinkBuffer.h:
626         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
627         * assembler/PerfLog.cpp: Added.
628         (JSC::PerfLog::singleton):
629         (JSC::generateTimestamp):
630         (JSC::getCurrentThreadID):
631         (JSC::PerfLog::PerfLog):
632         (JSC::PerfLog::write):
633         (JSC::PerfLog::flush):
634         (JSC::PerfLog::log):
635         * assembler/PerfLog.h: Added.
636         * jit/ExecutableAllocator.cpp:
637         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
638         * runtime/Options.cpp:
639         (JSC::Options::isAvailable):
640         * runtime/Options.h:
641
642 2018-10-05  Mark Lam  <mark.lam@apple.com>
643
644         Gardening: Build fix after r236880.
645         https://bugs.webkit.org/show_bug.cgi?id=190317
646
647         Unreviewed.
648
649         * jit/ExecutableAllocator.h:
650
651 2018-10-05  Mark Lam  <mark.lam@apple.com>
652
653         performJITMemcpy() should handle the case when the executable allocator is not initialized yet.
654         https://bugs.webkit.org/show_bug.cgi?id=190317
655         <rdar://problem/45039398>
656
657         Reviewed by Saam Barati.
658
659         When SeparatedWXHeaps is in use, jitWriteThunkGenerator() will call performJITMemcpy()
660         to copy memory before the JIT fixed memory pool is initialize.  Before r236864,
661         performJITMemcpy() would just do a memcpy in that case.  We need to restore the
662         equivalent behavior.
663
664         * jit/ExecutableAllocator.cpp:
665         (JSC::isJITPC):
666         * jit/ExecutableAllocator.h:
667         (JSC::performJITMemcpy):
668
669 2018-10-05  Carlos Eduardo Ramalho  <cadubentzen@gmail.com>
670
671         [WPE][JSC] Use Unified Sources for Platform-specific sources
672         https://bugs.webkit.org/show_bug.cgi?id=190300
673
674         Reviewed by Yusuke Suzuki.
675
676         Currently the GTK port already used Unified Sources with the same source files.
677         As WPE has conditional code using gmodule, we need to add GLIB_GMODULE_LIBRARIES
678         to the list of libraries to link with.
679
680         * PlatformWPE.cmake:
681         * SourcesWPE.txt: Added.
682         * shell/PlatformWPE.cmake:
683
684 2018-10-05  Mike Gorse  <mgorse@alum.wpi.edu>
685
686         [GTK] build fails with python 3 if LANG and LC_TYPE are unset
687         https://bugs.webkit.org/show_bug.cgi?id=190258
688
689         Reviewed by Konstantin Tokarev.
690
691         * Scripts/cssmin.py: Set stdout to UTF-8 on python 3.
692         * Scripts/generateIntlCanonicalizeLanguage.py: Open files with
693           encoding=UTF-8 on Python 3.
694         * yarr/generateYarrCanonicalizeUnicode: Ditto.
695         * yarr/generateYarrUnicodePropertyTables.py: Ditto.
696
697 2018-10-04  Mark Lam  <mark.lam@apple.com>
698
699         Move start/EndOfFixedExecutableMemoryPool pointers into the FixedVMPoolExecutableAllocator object.
700         https://bugs.webkit.org/show_bug.cgi?id=190295
701         <rdar://problem/19197193>
702
703         Reviewed by Saam Barati.
704
705         This allows us to use the tagging logic already baked into MacroAssemblerCodePtr
706         instead of needing to use our own custom version here.
707
708         * jit/ExecutableAllocator.cpp:
709         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
710         (JSC::FixedVMPoolExecutableAllocator::memoryStart):
711         (JSC::FixedVMPoolExecutableAllocator::memoryEnd):
712         (JSC::FixedVMPoolExecutableAllocator::isJITPC):
713         (JSC::ExecutableAllocator::allocate):
714         (JSC::startOfFixedExecutableMemoryPoolImpl):
715         (JSC::endOfFixedExecutableMemoryPoolImpl):
716         (JSC::isJITPC):
717         * jit/ExecutableAllocator.h:
718
719 2018-10-04  Mark Lam  <mark.lam@apple.com>
720
721         Disable Options::useWebAssemblyFastMemory() on linux if ASAN signal handling is not disabled.
722         https://bugs.webkit.org/show_bug.cgi?id=190283
723         <rdar://problem/45015752>
724
725         Reviewed by Keith Miller.
726
727         * runtime/Options.cpp:
728         (JSC::Options::initialize):
729         * wasm/WasmFaultSignalHandler.cpp:
730         (JSC::Wasm::enableFastMemory):
731
732 2018-10-03  Ross Kirsling  <ross.kirsling@sony.com>
733
734         [JSC] print() changes CRLF to CRCRLF on Windows
735         https://bugs.webkit.org/show_bug.cgi?id=190228
736
737         Reviewed by Mark Lam.
738
739         * jsc.cpp:
740         (main):
741         Ultimately, this is just the normal behavior of printf in text mode on Windows.
742         Since we're reading in files as binary, we need to be printing out as binary too
743         (just as we do in DumpRenderTree and ImageDiff.)
744
745 2018-10-03  Saam barati  <sbarati@apple.com>
746
747         lowXYZ in FTLLower should always filter the type of the incoming edge
748         https://bugs.webkit.org/show_bug.cgi?id=189939
749         <rdar://problem/44407030>
750
751         Reviewed by Michael Saboff.
752
753         For example, the FTL may know more about data flow than AI in certain programs,
754         and it needs to inform AI of these data flow properties to appease the assertion
755         we have in AI that a node must perform type checks on its child nodes.
756         
757         For example, consider this program:
758         
759         ```
760         bb#1
761         a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower
762         Branch(...,  #2, #3)
763         
764         bb#2
765         ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set.
766         Jump(#3)
767         
768         bb#3
769         c: Add(Int32:@something, Int32:@a)
770         ```
771         
772         When the Add node does lowInt32() for @a, FTL lower used to just grab it
773         from the int32 hash table without filtering the AbstractValue. However,
774         the parent node is asking for a type check to happen, so we must inform
775         AI of this "type check" if we want to appease the assertion that all nodes
776         perform type checks for their edges that semantically perform type checks.
777         This patch makes it so we filter the AbstractValue in the lowXYZ even
778         if FTLLower proved the value must be XYZ.
779
780         * ftl/FTLLowerDFGToB3.cpp:
781         (JSC::FTL::DFG::LowerDFGToB3::compilePhi):
782         (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck):
783         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
784         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
785         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
786
787 2018-10-03  Michael Saboff  <msaboff@apple.com>
788
789         Command line jsc should report memory footprint in bytes
790         https://bugs.webkit.org/show_bug.cgi?id=190267
791
792         Reviewed by Mark Lam.
793
794         Change to leave the footprint values from the system unmodified.
795
796         * jsc.cpp:
797         (JSCMemoryFootprint::finishCreation):
798
799 2018-10-03  Mark Lam  <mark.lam@apple.com>
800
801         Suppress unreachable code warning for LLIntAssembly.h code.
802         https://bugs.webkit.org/show_bug.cgi?id=190263
803         <rdar://problem/44986532>
804
805         Reviewed by Saam Barati.
806
807         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
808         asm files, and may contain dead code which are harmless, but will trip up the warning.
809         We should suppress the warning so that it doesn't break builds.
810
811         * llint/LowLevelInterpreter.cpp:
812         (JSC::CLoop::execute):
813
814 2018-10-03  Dan Bernstein  <mitz@apple.com>
815
816         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
817         https://bugs.webkit.org/show_bug.cgi?id=190250
818
819         Reviewed by Alex Christensen.
820
821         * API/tests/Regress141275.mm:
822         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
823           by making the self-retaining explicit.
824
825         * API/tests/testapi.cpp:
826         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
827           loop instead of returning from the lambda.
828
829         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
830           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
831           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
832
833         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
834           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
835
836         * assembler/MacroAssemblerPrinter.cpp:
837         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
838           some commas with semicolons.
839
840 2018-10-03  Mark Lam  <mark.lam@apple.com>
841
842         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
843         https://bugs.webkit.org/show_bug.cgi?id=190187
844         <rdar://problem/42512909>
845
846         Reviewed by Michael Saboff.
847
848         Allowing different max string lengths at each level opens up opportunities for
849         bugs to creep in.  With 2 different max length values, it is more difficult to
850         keep the story straight on how we do overflow / bounds checks at each place in
851         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
852         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
853         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
854         standardize on a MaxLength of INT_MAX at all levels.
855
856         We'll also standardize the way we do length overflow checks on using
857         CheckedArithmetic, and add some asserts to document the assumptions of the code.
858
859         * runtime/FunctionConstructor.cpp:
860         (JSC::constructFunctionSkippingEvalEnabledCheck):
861         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
862         * runtime/JSString.h:
863         (JSC::JSString::finishCreation):
864         (JSC::JSString::createHasOtherOwner):
865         (JSC::JSString::setLength):
866         * runtime/JSStringInlines.h:
867         (JSC::jsMakeNontrivialString):
868         * runtime/Operations.h:
869         (JSC::jsString):
870
871 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
872
873         [JSC] Add a C++ callable overload of objectConstructorSeal
874         https://bugs.webkit.org/show_bug.cgi?id=190137
875
876         Reviewed by Yusuke Suzuki.
877
878         * runtime/ObjectConstructor.cpp:
879         * runtime/ObjectConstructor.h:
880
881 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
882
883         Fix Disassembler-output on ARM Thumb2
884         https://bugs.webkit.org/show_bug.cgi?id=190203
885
886         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
887         execution in thumb mode for jumps and calls. The actual machine
888         instructions are still aligned to 2-bytes though. Use dataLocation() as
889         start address for disassembling since it unsets the thumb bit.
890         Until now the disassembler would start at the wrong address (off by 1),
891         resulting in the wrong disassembled machine instructions.
892
893         Reviewed by Mark Lam.
894
895         * disassembler/CapstoneDisassembler.cpp:
896         (JSC::tryToDisassemble):
897
898 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
899
900         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
901         https://bugs.webkit.org/show_bug.cgi?id=190215
902
903         Reviewed by Mark Lam.
904
905         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
906         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
907         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple
908         this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER)
909         for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT).
910
911         To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for
912         non-JIT configurations. This does not have any functionality allocating executable memory, thus
913         any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF.
914
915         * jit/ExecutableAllocator.cpp:
916         (JSC::ExecutableAllocator::initializeAllocator):
917         (JSC::ExecutableAllocator::singleton):
918         * jit/ExecutableAllocator.h:
919         (JSC::ExecutableAllocator::isValid const):
920         (JSC::ExecutableAllocator::underMemoryPressure):
921         (JSC::ExecutableAllocator::memoryPressureMultiplier):
922         (JSC::ExecutableAllocator::dumpProfile):
923         (JSC::ExecutableAllocator::allocate):
924         (JSC::ExecutableAllocator::isValidExecutableMemory):
925         (JSC::ExecutableAllocator::committedByteCount):
926         (JSC::ExecutableAllocator::getLock const):
927         (JSC::performJITMemcpy):
928
929 2018-10-01  Dean Jackson  <dino@apple.com>
930
931         Remove CSS Animation Triggers
932         https://bugs.webkit.org/show_bug.cgi?id=190175
933         <rdar://problem/44925626>
934
935         Reviewed by Simon Fraser.
936
937         * Configurations/FeatureDefines.xcconfig:
938
939 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
940
941         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
942         https://bugs.webkit.org/show_bug.cgi?id=190033
943
944         Reviewed by Yusuke Suzuki.
945
946         The implementation of JSBigInt::toStringToGeneric doesn't handle power
947         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
948         implemented JSBigInt::toStringBasePowerOfTwo that follows the
949         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
950         digit.
951
952         * runtime/JSBigInt.cpp:
953         (JSC::JSBigInt::toString):
954         (JSC::JSBigInt::toStringBasePowerOfTwo):
955         * runtime/JSBigInt.h:
956
957 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
958
959         [JSC] Add branchIfNaN and branchIfNotNaN
960         https://bugs.webkit.org/show_bug.cgi?id=190122
961
962         Reviewed by Mark Lam.
963
964         Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable.
965
966         * dfg/DFGSpeculativeJIT.cpp:
967         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
968         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
969         (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand):
970         (JSC::DFG::SpeculativeJIT::compileSpread):
971         (JSC::DFG::SpeculativeJIT::compileNewArray):
972         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
973         (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal):
974         (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
975         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
976         * dfg/DFGSpeculativeJIT32_64.cpp:
977         (JSC::DFG::SpeculativeJIT::compile):
978         * dfg/DFGSpeculativeJIT64.cpp:
979         (JSC::DFG::SpeculativeJIT::compile):
980         * jit/AssemblyHelpers.cpp:
981         (JSC::AssemblyHelpers::purifyNaN):
982         * jit/AssemblyHelpers.h:
983         (JSC::AssemblyHelpers::branchIfNaN):
984         (JSC::AssemblyHelpers::branchIfNotNaN):
985         * jit/JITPropertyAccess.cpp:
986         (JSC::JIT::emitGenericContiguousPutByVal):
987         (JSC::JIT::emitDoubleLoad):
988         (JSC::JIT::emitFloatTypedArrayGetByVal):
989         * jit/JITPropertyAccess32_64.cpp:
990         (JSC::JIT::emitGenericContiguousPutByVal):
991         * wasm/js/JSToWasm.cpp:
992         (JSC::Wasm::createJSToWasmWrapper):
993
994 2018-10-01  Mark Lam  <mark.lam@apple.com>
995
996         Function.toString() should also copy the source code Functions that are class definitions.
997         https://bugs.webkit.org/show_bug.cgi?id=190186
998         <rdar://problem/44733360>
999
1000         Reviewed by Saam Barati.
1001
1002         Previously, if the Function is a class definition, functionProtoFuncToString()
1003         would create a String using StringView::toStringWithoutCopying(), and use that
1004         String to make a JSString.  This is not a problem if the underlying SourceProvider
1005         (that backs the characters in that StringView) is immortal.  However, this is
1006         not always the case in practice.
1007
1008         This patch fixes this issue by changing functionProtoFuncToString() to create the
1009         String using StringView::toString() instead, which makes a copy of the underlying
1010         characters buffer.  This detaches the resultant JSString from the SourceProvider
1011         characters buffer that it was created from, and ensure that the underlying
1012         characters buffer of the string will be alive for the entire lifetime of the
1013         JSString.
1014
1015         * runtime/FunctionPrototype.cpp:
1016         (JSC::functionProtoFuncToString):
1017
1018 2018-10-01  Keith Miller  <keith_miller@apple.com>
1019
1020         Create a RELEASE_AND_RETURN macro for ExceptionScopes
1021         https://bugs.webkit.org/show_bug.cgi?id=190163
1022
1023         Reviewed by Mark Lam.
1024
1025         The new RELEASE_AND_RETURN does all the work for cases
1026         where you want to return the result of some expression
1027         without explicitly checking for an exception. This is
1028         much like the existing RETURN_IF_EXCEPTION macro.
1029
1030         * dfg/DFGOperations.cpp:
1031         (JSC::DFG::newTypedArrayWithSize):
1032         * interpreter/Interpreter.cpp:
1033         (JSC::eval):
1034         * jit/JITOperations.cpp:
1035         (JSC::getByVal):
1036         * jsc.cpp:
1037         (functionDollarAgentReceiveBroadcast):
1038         * llint/LLIntSlowPaths.cpp:
1039         (JSC::LLInt::setUpCall):
1040         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1041         (JSC::LLInt::varargsSetup):
1042         * profiler/ProfilerDatabase.cpp:
1043         (JSC::Profiler::Database::toJSON const):
1044         * runtime/AbstractModuleRecord.cpp:
1045         (JSC::AbstractModuleRecord::hostResolveImportedModule):
1046         * runtime/ArrayConstructor.cpp:
1047         (JSC::constructArrayWithSizeQuirk):
1048         * runtime/ArrayPrototype.cpp:
1049         (JSC::getProperty):
1050         (JSC::fastJoin):
1051         (JSC::arrayProtoFuncToString):
1052         (JSC::arrayProtoFuncToLocaleString):
1053         (JSC::arrayProtoFuncJoin):
1054         (JSC::arrayProtoFuncPop):
1055         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1056         * runtime/BigIntConstructor.cpp:
1057         (JSC::toBigInt):
1058         * runtime/CommonSlowPaths.h:
1059         (JSC::CommonSlowPaths::opInByVal):
1060         * runtime/ConstructData.cpp:
1061         (JSC::construct):
1062         * runtime/DateConstructor.cpp:
1063         (JSC::dateParse):
1064         * runtime/DatePrototype.cpp:
1065         (JSC::dateProtoFuncToPrimitiveSymbol):
1066         * runtime/DirectArguments.h:
1067         * runtime/ErrorConstructor.cpp:
1068         (JSC::Interpreter::constructWithErrorConstructor):
1069         * runtime/ErrorPrototype.cpp:
1070         (JSC::errorProtoFuncToString):
1071         * runtime/ExceptionScope.h:
1072         * runtime/FunctionConstructor.cpp:
1073         (JSC::constructFunction):
1074         * runtime/FunctionPrototype.cpp:
1075         (JSC::functionProtoFuncToString):
1076         * runtime/GenericArgumentsInlines.h:
1077         (JSC::GenericArguments<Type>::defineOwnProperty):
1078         * runtime/GetterSetter.cpp:
1079         (JSC::callGetter):
1080         * runtime/IntlCollatorConstructor.cpp:
1081         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1082         * runtime/IntlCollatorPrototype.cpp:
1083         (JSC::IntlCollatorFuncCompare):
1084         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
1085         * runtime/IntlDateTimeFormatConstructor.cpp:
1086         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1087         * runtime/IntlDateTimeFormatPrototype.cpp:
1088         (JSC::IntlDateTimeFormatFuncFormatDateTime):
1089         (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
1090         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
1091         * runtime/IntlNumberFormatConstructor.cpp:
1092         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1093         * runtime/IntlNumberFormatPrototype.cpp:
1094         (JSC::IntlNumberFormatFuncFormatNumber):
1095         (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
1096         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
1097         * runtime/IntlObject.cpp:
1098         (JSC::intlNumberOption):
1099         * runtime/IntlObjectInlines.h:
1100         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
1101         * runtime/IntlPluralRules.cpp:
1102         (JSC::IntlPluralRules::resolvedOptions):
1103         * runtime/IntlPluralRulesConstructor.cpp:
1104         (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
1105         * runtime/IntlPluralRulesPrototype.cpp:
1106         (JSC::IntlPluralRulesPrototypeFuncSelect):
1107         (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
1108         * runtime/JSArray.cpp:
1109         (JSC::JSArray::defineOwnProperty):
1110         (JSC::JSArray::put):
1111         (JSC::JSArray::setLength):
1112         (JSC::JSArray::unshiftCountWithAnyIndexingType):
1113         * runtime/JSArrayBufferPrototype.cpp:
1114         (JSC::arrayBufferProtoGetterFuncByteLength):
1115         (JSC::sharedArrayBufferProtoGetterFuncByteLength):
1116         * runtime/JSArrayInlines.h:
1117         (JSC::toLength):
1118         * runtime/JSBoundFunction.cpp:
1119         (JSC::boundFunctionCall):
1120         (JSC::boundFunctionConstruct):
1121         * runtime/JSCJSValue.cpp:
1122         (JSC::JSValue::putToPrimitive):
1123         * runtime/JSCJSValueInlines.h:
1124         (JSC::JSValue::toIndex const):
1125         (JSC::JSValue::toPropertyKey const):
1126         (JSC::JSValue::get const):
1127         (JSC::JSValue::getPropertySlot const):
1128         (JSC::JSValue::getOwnPropertySlot const):
1129         (JSC::JSValue::equalSlowCaseInline):
1130         * runtime/JSDataView.cpp:
1131         (JSC::JSDataView::put):
1132         (JSC::JSDataView::defineOwnProperty):
1133         * runtime/JSFunction.cpp:
1134         (JSC::JSFunction::put):
1135         (JSC::JSFunction::defineOwnProperty):
1136         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1137         (JSC::constructGenericTypedArrayViewWithArguments):
1138         (JSC::constructGenericTypedArrayView):
1139         * runtime/JSGenericTypedArrayViewInlines.h:
1140         (JSC::JSGenericTypedArrayView<Adaptor>::set):
1141         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1142         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1143         (JSC::speciesConstruct):
1144         (JSC::genericTypedArrayViewProtoFuncJoin):
1145         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1146         * runtime/JSGlobalObject.cpp:
1147         (JSC::JSGlobalObject::put):
1148         * runtime/JSGlobalObjectFunctions.cpp:
1149         (JSC::decode):
1150         (JSC::globalFuncEval):
1151         (JSC::globalFuncProtoGetter):
1152         * runtime/JSInternalPromise.cpp:
1153         (JSC::JSInternalPromise::then):
1154         * runtime/JSModuleEnvironment.cpp:
1155         (JSC::JSModuleEnvironment::put):
1156         * runtime/JSModuleLoader.cpp:
1157         (JSC::JSModuleLoader::provideFetch):
1158         (JSC::JSModuleLoader::loadAndEvaluateModule):
1159         (JSC::JSModuleLoader::loadModule):
1160         (JSC::JSModuleLoader::linkAndEvaluateModule):
1161         (JSC::JSModuleLoader::requestImportModule):
1162         (JSC::JSModuleLoader::getModuleNamespaceObject):
1163         (JSC::moduleLoaderRequestedModules):
1164         * runtime/JSONObject.cpp:
1165         (JSC::Stringifier::stringify):
1166         (JSC::Stringifier::toJSON):
1167         (JSC::Walker::walk):
1168         (JSC::JSONProtoFuncStringify):
1169         * runtime/JSObject.cpp:
1170         (JSC::ordinarySetSlow):
1171         (JSC::JSObject::putInlineSlow):
1172         (JSC::JSObject::toPrimitive const):
1173         (JSC::JSObject::hasInstance):
1174         (JSC::JSObject::toNumber const):
1175         (JSC::JSObject::defineOwnIndexedProperty):
1176         (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
1177         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
1178         (JSC::JSObject::defineOwnNonIndexProperty):
1179         * runtime/JSObject.h:
1180         (JSC::JSObject::get const):
1181         * runtime/JSObjectInlines.h:
1182         (JSC::JSObject::getPropertySlot const):
1183         (JSC::JSObject::putInlineForJSObject):
1184         * runtime/MapConstructor.cpp:
1185         (JSC::constructMap):
1186         * runtime/NativeErrorConstructor.cpp:
1187         (JSC::Interpreter::constructWithNativeErrorConstructor):
1188         * runtime/ObjectConstructor.cpp:
1189         (JSC::constructObject):
1190         (JSC::objectConstructorGetPrototypeOf):
1191         (JSC::objectConstructorGetOwnPropertyDescriptor):
1192         (JSC::objectConstructorGetOwnPropertyDescriptors):
1193         (JSC::objectConstructorGetOwnPropertyNames):
1194         (JSC::objectConstructorGetOwnPropertySymbols):
1195         (JSC::objectConstructorKeys):
1196         (JSC::objectConstructorDefineProperty):
1197         (JSC::objectConstructorDefineProperties):
1198         (JSC::objectConstructorCreate):
1199         * runtime/ObjectPrototype.cpp:
1200         (JSC::objectProtoFuncToLocaleString):
1201         (JSC::objectProtoFuncToString):
1202         * runtime/Operations.cpp:
1203         (JSC::jsAddSlowCase):
1204         * runtime/Operations.h:
1205         (JSC::jsString):
1206         (JSC::jsLess):
1207         (JSC::jsLessEq):
1208         * runtime/ParseInt.h:
1209         (JSC::toStringView):
1210         * runtime/ProxyConstructor.cpp:
1211         (JSC::constructProxyObject):
1212         * runtime/ProxyObject.cpp:
1213         (JSC::ProxyObject::toStringName):
1214         (JSC::performProxyGet):
1215         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
1216         (JSC::ProxyObject::performHasProperty):
1217         (JSC::ProxyObject::getOwnPropertySlotCommon):
1218         (JSC::ProxyObject::performPut):
1219         (JSC::ProxyObject::putByIndexCommon):
1220         (JSC::performProxyCall):
1221         (JSC::performProxyConstruct):
1222         (JSC::ProxyObject::performDelete):
1223         (JSC::ProxyObject::performPreventExtensions):
1224         (JSC::ProxyObject::performIsExtensible):
1225         (JSC::ProxyObject::performDefineOwnProperty):
1226         (JSC::ProxyObject::performSetPrototype):
1227         (JSC::ProxyObject::performGetPrototype):
1228         * runtime/ReflectObject.cpp:
1229         (JSC::reflectObjectConstruct):
1230         (JSC::reflectObjectDefineProperty):
1231         (JSC::reflectObjectGet):
1232         (JSC::reflectObjectGetOwnPropertyDescriptor):
1233         (JSC::reflectObjectGetPrototypeOf):
1234         (JSC::reflectObjectOwnKeys):
1235         (JSC::reflectObjectSet):
1236         * runtime/RegExpConstructor.cpp:
1237         (JSC::constructRegExp):
1238         * runtime/RegExpObject.cpp:
1239         (JSC::RegExpObject::defineOwnProperty):
1240         (JSC::RegExpObject::matchGlobal):
1241         * runtime/RegExpPrototype.cpp:
1242         (JSC::regExpProtoFuncTestFast):
1243         (JSC::regExpProtoFuncExec):
1244         (JSC::regExpProtoFuncToString):
1245         * runtime/ScriptExecutable.cpp:
1246         (JSC::ScriptExecutable::newCodeBlockFor):
1247         * runtime/SetConstructor.cpp:
1248         (JSC::constructSet):
1249         * runtime/SparseArrayValueMap.cpp:
1250         (JSC::SparseArrayValueMap::putEntry):
1251         (JSC::SparseArrayEntry::put):
1252         * runtime/StringConstructor.cpp:
1253         (JSC::stringFromCharCode):
1254         (JSC::stringFromCodePoint):
1255         * runtime/StringObject.cpp:
1256         (JSC::StringObject::put):
1257         (JSC::StringObject::putByIndex):
1258         (JSC::StringObject::defineOwnProperty):
1259         * runtime/StringPrototype.cpp:
1260         (JSC::jsSpliceSubstrings):
1261         (JSC::jsSpliceSubstringsWithSeparators):
1262         (JSC::removeUsingRegExpSearch):
1263         (JSC::replaceUsingRegExpSearch):
1264         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
1265         (JSC::replaceUsingStringSearch):
1266         (JSC::repeatCharacter):
1267         (JSC::replace):
1268         (JSC::stringProtoFuncReplaceUsingRegExp):
1269         (JSC::stringProtoFuncReplaceUsingStringSearch):
1270         (JSC::stringProtoFuncSplitFast):
1271         (JSC::stringProtoFuncToLowerCase):
1272         (JSC::stringProtoFuncToUpperCase):
1273         (JSC::toLocaleCase):
1274         (JSC::trimString):
1275         (JSC::stringProtoFuncIncludes):
1276         (JSC::builtinStringIncludesInternal):
1277         (JSC::normalize):
1278         (JSC::stringProtoFuncNormalize):
1279         * runtime/SymbolPrototype.cpp:
1280         (JSC::symbolProtoFuncToString):
1281         (JSC::symbolProtoFuncValueOf):
1282         * tools/JSDollarVM.cpp:
1283         (WTF::functionWasmStreamingParserAddBytes):
1284         (JSC::functionGetPrivateProperty):
1285         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
1286         (JSC::constructJSWebAssemblyCompileError):
1287         * wasm/js/WebAssemblyModuleConstructor.cpp:
1288         (JSC::constructJSWebAssemblyModule):
1289         (JSC::WebAssemblyModuleConstructor::createModule):
1290         * wasm/js/WebAssemblyTableConstructor.cpp:
1291         (JSC::constructJSWebAssemblyTable):
1292         * wasm/js/WebAssemblyWrapperFunction.cpp:
1293         (JSC::callWebAssemblyWrapperFunction):
1294
1295 2018-10-01  Koby Boyango  <koby.b@mce-sys.com>
1296
1297         [JSC] Add a JSONStringify overload that receives a JSValue space
1298         https://bugs.webkit.org/show_bug.cgi?id=190131
1299
1300         Reviewed by Yusuke Suzuki.
1301
1302         * runtime/JSONObject.cpp:
1303         * runtime/JSONObject.h:
1304
1305 2018-10-01  Commit Queue  <commit-queue@webkit.org>
1306
1307         Unreviewed, rolling out r236647.
1308         https://bugs.webkit.org/show_bug.cgi?id=190124
1309
1310         Breaking test stress/big-int-to-string.js (Requested by
1311         caiolima_ on #webkit).
1312
1313         Reverted changeset:
1314
1315         "[BigInt] BigInt.proptotype.toString is broken when radix is
1316         power of 2"
1317         https://bugs.webkit.org/show_bug.cgi?id=190033
1318         https://trac.webkit.org/changeset/236647
1319
1320 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1321
1322         [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper
1323         https://bugs.webkit.org/show_bug.cgi?id=189498
1324
1325         Reviewed by Saam Barati.
1326
1327         To call JS-to-Wasm code we need to convert the result value from wasm function to
1328         the JS type. Previously this is done by callWebAssemblyFunction by using swtich
1329         over signature.returnType(). But since we know the value of `signature.returnType()`
1330         at compiling phase, we can emit a small conversion code directly to JSToWasm glue
1331         and remove this switch from callWebAssemblyFunction.
1332
1333         In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters
1334         in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version,
1335         we add an implementation for that.
1336
1337         * jit/AssemblyHelpers.h:
1338         (JSC::AssemblyHelpers::boxDouble):
1339         * wasm/js/JSToWasm.cpp:
1340         (JSC::Wasm::createJSToWasmWrapper):
1341         * wasm/js/WebAssemblyFunction.cpp:
1342         (JSC::callWebAssemblyFunction):
1343
1344 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
1345
1346         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
1347         https://bugs.webkit.org/show_bug.cgi?id=190033
1348
1349         Reviewed by Yusuke Suzuki.
1350
1351         The implementation of JSBigInt::toStringToGeneric doesn't handle power
1352         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
1353         implemented JSBigInt::toStringBasePowerOfTwo that follows the
1354         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
1355         digit.
1356
1357         * runtime/JSBigInt.cpp:
1358         (JSC::JSBigInt::toString):
1359         (JSC::JSBigInt::toStringBasePowerOfTwo):
1360         * runtime/JSBigInt.h:
1361
1362 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
1363
1364         [ESNext][BigInt] Implement support for "&"
1365         https://bugs.webkit.org/show_bug.cgi?id=186228
1366
1367         Reviewed by Yusuke Suzuki.
1368
1369         This patch introduces support of BigInt into bitwise "&" operation.
1370         We are also introducing the ValueBitAnd DFG node, that is responsible
1371         to take care of JIT for non-Int32 operands. With the introduction of this
1372         new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd
1373         follows the behavior of ArithAdd and other arithmetic nodes, where
1374         the Arith<op> version always results in Number (in the case of
1375         ArithBitAnd, its is always an Int32).
1376
1377         * bytecode/CodeBlock.cpp:
1378         (JSC::CodeBlock::finishCreation):
1379         * bytecompiler/BytecodeGenerator.cpp:
1380         (JSC::BytecodeGenerator::emitBinaryOp):
1381         * dfg/DFGAbstractInterpreterInlines.h:
1382         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1383         * dfg/DFGBackwardsPropagationPhase.cpp:
1384         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1385         (JSC::DFG::BackwardsPropagationPhase::propagate):
1386         * dfg/DFGByteCodeParser.cpp:
1387         (JSC::DFG::ByteCodeParser::parseBlock):
1388         * dfg/DFGClobberize.h:
1389         (JSC::DFG::clobberize):
1390         * dfg/DFGDoesGC.cpp:
1391         (JSC::DFG::doesGC):
1392         * dfg/DFGFixupPhase.cpp:
1393         (JSC::DFG::FixupPhase::fixupNode):
1394         * dfg/DFGNodeType.h:
1395         * dfg/DFGOperations.cpp:
1396         * dfg/DFGOperations.h:
1397         * dfg/DFGPredictionPropagationPhase.cpp:
1398         * dfg/DFGSafeToExecute.h:
1399         (JSC::DFG::safeToExecute):
1400         * dfg/DFGSpeculativeJIT.cpp:
1401         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
1402         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
1403         * dfg/DFGSpeculativeJIT.h:
1404         (JSC::DFG::SpeculativeJIT::bitOp):
1405         * dfg/DFGSpeculativeJIT32_64.cpp:
1406         (JSC::DFG::SpeculativeJIT::compile):
1407         * dfg/DFGSpeculativeJIT64.cpp:
1408         (JSC::DFG::SpeculativeJIT::compile):
1409         * dfg/DFGStrengthReductionPhase.cpp:
1410         (JSC::DFG::StrengthReductionPhase::handleNode):
1411         * ftl/FTLCapabilities.cpp:
1412         (JSC::FTL::canCompile):
1413         * ftl/FTLLowerDFGToB3.cpp:
1414         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1415         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
1416         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd):
1417         (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted.
1418         * jit/JIT.h:
1419         * jit/JITArithmetic.cpp:
1420         (JSC::JIT::emitBitBinaryOpFastPath):
1421         (JSC::JIT::emit_op_bitand):
1422         * llint/LowLevelInterpreter32_64.asm:
1423         * llint/LowLevelInterpreter64.asm:
1424         * runtime/CommonSlowPaths.cpp:
1425         (JSC::SLOW_PATH_DECL):
1426         * runtime/JSBigInt.cpp:
1427         (JSC::JSBigInt::JSBigInt):
1428         (JSC::JSBigInt::initialize):
1429         (JSC::JSBigInt::createZero):
1430         (JSC::JSBigInt::createFrom):
1431         (JSC::JSBigInt::bitwiseAnd):
1432         (JSC::JSBigInt::absoluteBitwiseOp):
1433         (JSC::JSBigInt::absoluteAnd):
1434         (JSC::JSBigInt::absoluteOr):
1435         (JSC::JSBigInt::absoluteAndNot):
1436         (JSC::JSBigInt::absoluteAddOne):
1437         (JSC::JSBigInt::absoluteSubOne):
1438         * runtime/JSBigInt.h:
1439         * runtime/JSCJSValue.h:
1440         * runtime/JSCJSValueInlines.h:
1441         (JSC::JSValue::toBigIntOrInt32 const):
1442
1443 2018-09-28  Mark Lam  <mark.lam@apple.com>
1444
1445         Gardening: speculative build fix.
1446         <rdar://problem/44869924>
1447
1448         Not reviewed.
1449
1450         * assembler/LinkBuffer.cpp:
1451         (JSC::LinkBuffer::copyCompactAndLinkCode):
1452
1453 2018-09-28  Guillaume Emont  <guijemont@igalia.com>
1454
1455         [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
1456         https://bugs.webkit.org/show_bug.cgi?id=190080
1457
1458         Reviewed by Mark Lam.
1459
1460         * assembler/ARMv7Assembler.h:
1461         (JSC::ARMv7Assembler::link):
1462         (JSC::ARMv7Assembler::linkJumpT1):
1463         (JSC::ARMv7Assembler::linkJumpT2):
1464         (JSC::ARMv7Assembler::linkJumpT3):
1465         (JSC::ARMv7Assembler::linkJumpT4):
1466         (JSC::ARMv7Assembler::linkConditionalJumpT4):
1467         (JSC::ARMv7Assembler::linkBX):
1468         (JSC::ARMv7Assembler::linkConditionalBX):
1469         * assembler/MacroAssemblerARMv7.h:
1470         (JSC::MacroAssemblerARMv7::link):
1471
1472 2018-09-27  Saam barati  <sbarati@apple.com>
1473
1474         Verify the contents of AssemblerBuffer on arm64e
1475         https://bugs.webkit.org/show_bug.cgi?id=190057
1476         <rdar://problem/38916630>
1477
1478         Reviewed by Mark Lam.
1479
1480         * assembler/ARM64Assembler.h:
1481         (JSC::ARM64Assembler::ARM64Assembler):
1482         (JSC::ARM64Assembler::fillNops):
1483         (JSC::ARM64Assembler::link):
1484         (JSC::ARM64Assembler::linkJumpOrCall):
1485         (JSC::ARM64Assembler::linkCompareAndBranch):
1486         (JSC::ARM64Assembler::linkConditionalBranch):
1487         (JSC::ARM64Assembler::linkTestAndBranch):
1488         (JSC::ARM64Assembler::unlinkedCode): Deleted.
1489         * assembler/ARMAssembler.h:
1490         (JSC::ARMAssembler::fillNops):
1491         * assembler/ARMv7Assembler.h:
1492         (JSC::ARMv7Assembler::unlinkedCode): Deleted.
1493         * assembler/AbstractMacroAssembler.h:
1494         (JSC::AbstractMacroAssembler::emitNops):
1495         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
1496         * assembler/AssemblerBuffer.h:
1497         (JSC::ARM64EHash::ARM64EHash):
1498         (JSC::ARM64EHash::update):
1499         (JSC::ARM64EHash::hash const):
1500         (JSC::ARM64EHash::randomSeed const):
1501         (JSC::AssemblerBuffer::AssemblerBuffer):
1502         (JSC::AssemblerBuffer::putShort):
1503         (JSC::AssemblerBuffer::putIntUnchecked):
1504         (JSC::AssemblerBuffer::putInt):
1505         (JSC::AssemblerBuffer::hash const):
1506         (JSC::AssemblerBuffer::data const):
1507         (JSC::AssemblerBuffer::putIntegralUnchecked):
1508         (JSC::AssemblerBuffer::append): Deleted.
1509         * assembler/LinkBuffer.cpp:
1510         (JSC::LinkBuffer::copyCompactAndLinkCode):
1511         * assembler/MIPSAssembler.h:
1512         (JSC::MIPSAssembler::fillNops):
1513         * assembler/MacroAssemblerARM64.h:
1514         (JSC::MacroAssemblerARM64::jumpsToLink):
1515         (JSC::MacroAssemblerARM64::link):
1516         (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
1517         * assembler/MacroAssemblerARMv7.h:
1518         (JSC::MacroAssemblerARMv7::jumpsToLink):
1519         (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
1520         * assembler/X86Assembler.h:
1521         (JSC::X86Assembler::fillNops):
1522
1523 2018-09-27  Mark Lam  <mark.lam@apple.com>
1524
1525         ByValInfo should not use integer offsets.
1526         https://bugs.webkit.org/show_bug.cgi?id=190070
1527         <rdar://problem/44803430>
1528
1529         Reviewed by Saam Barati.
1530
1531         Also moved some fields around to allow the ByValInfo struct to be more densely packed.
1532
1533         * bytecode/ByValInfo.h:
1534         (JSC::ByValInfo::ByValInfo):
1535         * jit/JIT.cpp:
1536         (JSC::JIT::link):
1537         * jit/JITOpcodes.cpp:
1538         (JSC::JIT::privateCompileHasIndexedProperty):
1539         * jit/JITOpcodes32_64.cpp:
1540         (JSC::JIT::privateCompileHasIndexedProperty):
1541         * jit/JITPropertyAccess.cpp:
1542         (JSC::JIT::privateCompileGetByVal):
1543         (JSC::JIT::privateCompileGetByValWithCachedId):
1544         (JSC::JIT::privateCompilePutByVal):
1545         (JSC::JIT::privateCompilePutByValWithCachedId):
1546
1547 2018-09-27  Saam barati  <sbarati@apple.com>
1548
1549         DFG::OSRExit::m_patchableCodeOffset should not be an int
1550         https://bugs.webkit.org/show_bug.cgi?id=190066
1551         <rdar://problem/39498244>
1552
1553         Reviewed by Mark Lam.
1554
1555         * dfg/DFGJITCompiler.cpp:
1556         (JSC::DFG::JITCompiler::linkOSRExits):
1557         (JSC::DFG::JITCompiler::link):
1558         * dfg/DFGOSRExit.cpp:
1559         (JSC::DFG::OSRExit::codeLocationForRepatch const):
1560         (JSC::DFG::OSRExit::compileOSRExit):
1561         (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted.
1562         (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted.
1563         (JSC::DFG::OSRExit::correctJump): Deleted.
1564         * dfg/DFGOSRExit.h:
1565         * dfg/DFGOSRExitCompilationInfo.h:
1566
1567 2018-09-27  Saam barati  <sbarati@apple.com>
1568
1569         Don't use int offsets in StructureStubInfo
1570         https://bugs.webkit.org/show_bug.cgi?id=190064
1571         <rdar://problem/44784719>
1572
1573         Reviewed by Mark Lam.
1574
1575         * bytecode/InlineAccess.cpp:
1576         (JSC::linkCodeInline):
1577         * bytecode/StructureStubInfo.h:
1578         (JSC::StructureStubInfo::slowPathCallLocation):
1579         (JSC::StructureStubInfo::doneLocation):
1580         (JSC::StructureStubInfo::slowPathStartLocation):
1581         * jit/JITInlineCacheGenerator.cpp:
1582         (JSC::JITInlineCacheGenerator::finalize):
1583
1584 2018-09-27  Mark Lam  <mark.lam@apple.com>
1585
1586         DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
1587         https://bugs.webkit.org/show_bug.cgi?id=190054
1588         <rdar://problem/44803543>
1589
1590         Reviewed by Saam Barati.
1591
1592         * dfg/DFGJITCode.h:
1593         (JSC::DFG::JITCode::appendOSREntryData):
1594         * dfg/DFGJITCompiler.cpp:
1595         (JSC::DFG::JITCompiler::noticeOSREntry):
1596         * dfg/DFGOSREntry.cpp:
1597         (JSC::DFG::OSREntryData::dumpInContext const):
1598         (JSC::DFG::prepareOSREntry):
1599         * dfg/DFGOSREntry.h:
1600         * runtime/JSCPtrTag.h:
1601
1602 2018-09-27  Mark Lam  <mark.lam@apple.com>
1603
1604         JITMathIC should not use integer offsets into machine code.
1605         https://bugs.webkit.org/show_bug.cgi?id=190030
1606         <rdar://problem/44803307>
1607
1608         Reviewed by Saam Barati.
1609
1610         We'll replace them with CodeLocation smart pointers instead.
1611
1612         * jit/JITMathIC.h:
1613         (JSC::isProfileEmpty):
1614
1615 2018-09-26  Mark Lam  <mark.lam@apple.com>
1616
1617         Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
1618         https://bugs.webkit.org/show_bug.cgi?id=190022
1619         <rdar://problem/44800928>
1620
1621         Reviewed by Saam Barati.
1622
1623         * jit/ExecutableAllocator.cpp:
1624         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1625         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1626         * jit/ExecutableAllocator.h:
1627         (JSC::performJITMemcpy):
1628         * runtime/Options.cpp:
1629         (JSC::recomputeDependentOptions):
1630
1631 2018-09-26  Mark Lam  <mark.lam@apple.com>
1632
1633         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
1634         https://bugs.webkit.org/show_bug.cgi?id=190016
1635         <rdar://problem/44802875>
1636
1637         Reviewed by Saam Barati.
1638
1639         Also assert in performJITMemcpy() that the entire buffer to be copied will fit in
1640         JIT memory.
1641
1642         * assembler/ARM64Assembler.h:
1643         (JSC::ARM64Assembler::fillNops):
1644         (JSC::ARM64Assembler::replaceWithVMHalt):
1645         (JSC::ARM64Assembler::replaceWithJump):
1646         (JSC::ARM64Assembler::replaceWithLoad):
1647         (JSC::ARM64Assembler::replaceWithAddressComputation):
1648         (JSC::ARM64Assembler::setPointer):
1649         (JSC::ARM64Assembler::repatchInt32):
1650         (JSC::ARM64Assembler::repatchCompact):
1651         (JSC::ARM64Assembler::linkJumpOrCall):
1652         (JSC::ARM64Assembler::linkCompareAndBranch):
1653         (JSC::ARM64Assembler::linkConditionalBranch):
1654         (JSC::ARM64Assembler::linkTestAndBranch):
1655         * assembler/LinkBuffer.cpp:
1656         (JSC::LinkBuffer::copyCompactAndLinkCode):
1657         (JSC::LinkBuffer::linkCode):
1658         * jit/ExecutableAllocator.h:
1659         (JSC::performJITMemcpy):
1660
1661 2018-09-25  Keith Miller  <keith_miller@apple.com>
1662
1663         Move Symbol API to SPI
1664         https://bugs.webkit.org/show_bug.cgi?id=189946
1665
1666         Reviewed by Michael Saboff.
1667
1668         Some of the property access methods on JSValue needed to be moved
1669         to a category so that SPI overloads don't result in a compiler
1670         error for internal users.
1671
1672         Additionally, this patch does not move the new enum entry for
1673         Symbols in the JSType enumeration.
1674
1675         * API/JSObjectRef.h:
1676         * API/JSObjectRefPrivate.h:
1677         * API/JSValue.h:
1678         * API/JSValuePrivate.h:
1679         * API/JSValueRef.h:
1680
1681 2018-09-26  Keith Miller  <keith_miller@apple.com>
1682
1683         We should zero unused property storage when rebalancing array storage.
1684         https://bugs.webkit.org/show_bug.cgi?id=188151
1685
1686         Reviewed by Michael Saboff.
1687
1688         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
1689         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
1690         property storage.
1691
1692         * runtime/JSArray.cpp:
1693         (JSC::JSArray::unshiftCountSlowCase):
1694
1695 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1696
1697         Unreviewed, add scope verification handling
1698         https://bugs.webkit.org/show_bug.cgi?id=189780
1699
1700         * runtime/ArrayPrototype.cpp:
1701         (JSC::arrayProtoFuncIndexOf):
1702         (JSC::arrayProtoFuncLastIndexOf):
1703
1704 2018-09-26  Koby Boyango  <koby.b@mce.systems>
1705
1706         [JSC] offlineasm parser should handle CRLF in asm files
1707         https://bugs.webkit.org/show_bug.cgi?id=189949
1708
1709         Reviewed by Mark Lam.
1710
1711         * offlineasm/parser.rb:
1712
1713 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1714
1715         [JSC] Optimize Array#lastIndexOf
1716         https://bugs.webkit.org/show_bug.cgi?id=189780
1717
1718         Reviewed by Saam Barati.
1719
1720         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
1721         for JSArray with contiguous storage.
1722
1723         * runtime/ArrayPrototype.cpp:
1724         (JSC::arrayProtoFuncLastIndexOf):
1725
1726 2018-09-25  Saam Barati  <sbarati@apple.com>
1727
1728         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
1729         https://bugs.webkit.org/show_bug.cgi?id=189940
1730         <rdar://problem/43640987>
1731
1732         Reviewed by Mark Lam.
1733
1734         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
1735         CodeBlock. There is nothing semantically wrong with doing that (except for
1736         poor naming), however, the poor naming here led us to make a real semantic
1737         mistake. We wanted the baseline CodeBlock's constant pool, but we were
1738         accessing the FTL CodeBlock's constant pool accidentally. We need to
1739         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
1740         constant value.
1741
1742         * bytecode/InlineCallFrame.h:
1743         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
1744         * ftl/FTLOperations.cpp:
1745         (JSC::FTL::operationMaterializeObjectInOSR):
1746
1747 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
1748
1749         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
1750         https://bugs.webkit.org/show_bug.cgi?id=189962
1751         <rdar://problem/44648287>
1752
1753         Reviewed by Brian Burg.
1754
1755         * inspector/scripts/codegen/generate_objc_header.py:
1756         (ObjCHeaderGenerator._callback_block_for_command):
1757         If there are no return parameters include "void" in the block signature.
1758
1759         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
1760         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
1761         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
1762         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
1763         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
1764         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
1765         Rebaseline test results.
1766
1767 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
1768
1769         Remove AUTHORS and THANKS files which are stale
1770         https://bugs.webkit.org/show_bug.cgi?id=189941
1771
1772         Reviewed by Darin Adler.
1773
1774         Included mentions below so their names are still in ChangeLogs.
1775
1776         * AUTHORS: Removed.
1777         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
1778         These authors remain mentioned in copyrights in source files.
1779
1780         * THANKS: Removed.
1781         Richard Moore <rich@kde.org> - for filling the Math object with some life
1782         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
1783         Marco Pinelli <pinmc@libero.it> - for his patches
1784         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
1785         
1786 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
1787
1788         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
1789         https://bugs.webkit.org/show_bug.cgi?id=189733
1790
1791         Reviewed by Michael Catanzaro.
1792
1793         * assembler/ARM64Assembler.h:
1794         * assembler/ARMAssembler.h:
1795         (JSC::ARMAssembler::cacheFlush):
1796         * assembler/MacroAssemblerARM.cpp:
1797         (JSC::isVFPPresent):
1798         * assembler/MacroAssemblerARM64.cpp:
1799         * assembler/MacroAssemblerARMv7.cpp:
1800         * assembler/MacroAssemblerMIPS.cpp:
1801         * assembler/MacroAssemblerX86Common.cpp:
1802         * heap/HeapCell.cpp:
1803         * heap/HeapCell.h:
1804         * jit/HostCallReturnValue.h:
1805         * jit/JIT.h:
1806         * jit/JITOperations.cpp:
1807         * jit/ThunkGenerators.cpp:
1808         * runtime/ArrayConventions.cpp:
1809         (JSC::clearArrayMemset):
1810         * runtime/JSBigInt.cpp:
1811         (JSC::JSBigInt::digitDiv):
1812
1813 2018-09-24  Saam Barati  <sbarati@apple.com>
1814
1815         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1816         https://bugs.webkit.org/show_bug.cgi?id=189922
1817         <rdar://problem/44651275>
1818
1819         Reviewed by Mark Lam.
1820
1821         The implementation was first getting the length to iterate up to,
1822         then getting the starting index. However, getting the starting
1823         index may perform effects. e.g, it could change the length of the
1824         array. This changes it so we verify the length is still valid.
1825
1826         * runtime/ArrayPrototype.cpp:
1827         (JSC::arrayProtoFuncIndexOf):
1828
1829 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1830
1831         offlineasm: fix macro scoping
1832         https://bugs.webkit.org/show_bug.cgi?id=189902
1833
1834         Reviewed by Mark Lam.
1835
1836         In the code below, the reference to `f` in `g`, which should refer to
1837         the outer macro definition will instead refer to the f argument of the
1838         anonymous macro passed to `g`. That leads to this code failing to
1839         compile (f expected 0 args but got 1).
1840         
1841         ```
1842         macro f(x)
1843             move x, t0
1844         end
1845         
1846         macro g(fn)
1847             fn(macro () f(42) end)
1848         end
1849         
1850         g(macro(f) f() end)
1851         ```
1852
1853         * offlineasm/ast.rb:
1854         * offlineasm/transform.rb:
1855
1856 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1857
1858         Add forEach method for iterating CodeBlock's ValueProfiles
1859         https://bugs.webkit.org/show_bug.cgi?id=189897
1860
1861         Reviewed by Mark Lam.
1862
1863         Add method to abstract how we find ValueProfiles in a CodeBlock in
1864         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
1865         ValueProfiles will be stored in the MetadataTable.
1866
1867         * bytecode/CodeBlock.cpp:
1868         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1869         (JSC::CodeBlock::updateAllValueProfilePredictions):
1870         (JSC::CodeBlock::shouldOptimizeNow):
1871         (JSC::CodeBlock::dumpValueProfiles):
1872         * bytecode/CodeBlock.h:
1873         (JSC::CodeBlock::forEachValueProfile):
1874         (JSC::CodeBlock::numberOfArgumentValueProfiles):
1875         (JSC::CodeBlock::valueProfileForArgument):
1876         (JSC::CodeBlock::numberOfValueProfiles):
1877         (JSC::CodeBlock::valueProfile):
1878         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
1879         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
1880         * tools/HeapVerifier.cpp:
1881         (JSC::HeapVerifier::validateJSCell):
1882
1883 2018-09-24  Saam barati  <sbarati@apple.com>
1884
1885         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1886         https://bugs.webkit.org/show_bug.cgi?id=189682
1887         <rdar://problem/43557315>
1888
1889         Reviewed by Mark Lam.
1890
1891         Otherwise, if we have code like this:
1892         ```
1893         a: Arguments
1894         b: GetButterfly(@a)
1895         c: ForceExit
1896         d: GetArrayLength(@a, @b)
1897         ```
1898         it will get transformed into this invalid DFG IR:
1899         ```
1900         a: PhantomArguments
1901         b: Check(@a)
1902         c: ForceExit
1903         d: GetArrayLength(@a, @b)
1904         ```
1905         
1906         And we will fail DFG validation since @b does not have a result.
1907         
1908         The fix is to just remove all nodes after the ForceExit and plant an
1909         Unreachable after it. So the above code program will now turn into this:
1910         ```
1911         a: PhantomArguments
1912         b: Check(@a)
1913         c: ForceExit
1914         e: Unreachable
1915         ```
1916
1917         * dfg/DFGArgumentsEliminationPhase.cpp:
1918
1919 2018-09-22  Saam barati  <sbarati@apple.com>
1920
1921         The sampling should not use Strong<CodeBlock> in its machineLocation field
1922         https://bugs.webkit.org/show_bug.cgi?id=189319
1923
1924         Reviewed by Filip Pizlo.
1925
1926         The sampling profiler has a CLI mode where we gather information about inline
1927         call frames. That data structure was using a Strong<CodeBlock>. We were
1928         constructing this Strong<CodeBlock> during GC concurrently to processing all
1929         the Strong handles. This is a bug since we end up corrupting that data
1930         structure. This patch fixes this by just making this data structure use the
1931         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
1932
1933         * inspector/agents/InspectorScriptProfilerAgent.cpp:
1934         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
1935         * runtime/SamplingProfiler.cpp:
1936         (JSC::SamplingProfiler::processUnverifiedStackTraces):
1937
1938         (JSC::SamplingProfiler::reportTopFunctions):
1939         (JSC::SamplingProfiler::reportTopBytecodes):
1940         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
1941         cause a GC to happen while already holding the sampling profiler's
1942         lock.
1943
1944 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1945
1946         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
1947         https://bugs.webkit.org/show_bug.cgi?id=189778
1948
1949         Reviewed by Keith Miller.
1950
1951         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
1952         Linux and macOS respectively. We would like to enable it for non JIT
1953         configurations in X86_64 and ARM64.
1954
1955         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
1956         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
1957         configuration. But it is wrong in the new scenario since we have a build
1958         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
1959         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
1960         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
1961         related to LLInt ASM interpreter and not related to JIT.
1962
1963         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
1964         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
1965         has machine register information that is used in LLInt ASM interpreter.
1966
1967         * API/tests/PingPongStackOverflowTest.cpp:
1968         (testPingPongStackOverflow):
1969         * CMakeLists.txt:
1970         * JavaScriptCore.xcodeproj/project.pbxproj:
1971         * assembler/MaxFrameExtentForSlowPathCall.h:
1972         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
1973         * bytecode/CodeBlock.cpp:
1974         (JSC::CodeBlock::finishCreation):
1975         * bytecode/CodeBlock.h:
1976         (JSC::CodeBlock::calleeSaveRegisters const):
1977         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
1978         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1979         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
1980         * bytecode/Opcode.h:
1981         (JSC::padOpcodeName):
1982         * heap/Heap.cpp:
1983         (JSC::Heap::gatherJSStackRoots):
1984         (JSC::Heap::stopThePeriphery):
1985         * interpreter/CLoopStack.cpp:
1986         * interpreter/CLoopStack.h:
1987         * interpreter/CLoopStackInlines.h:
1988         * interpreter/EntryFrame.h:
1989         * interpreter/Interpreter.cpp:
1990         (JSC::Interpreter::Interpreter):
1991         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
1992         * interpreter/Interpreter.h:
1993         * interpreter/StackVisitor.cpp:
1994         (JSC::StackVisitor::Frame::calleeSaveRegisters):
1995         * interpreter/VMEntryRecord.h:
1996         * jit/ExecutableAllocator.h:
1997         * jit/FPRInfo.h:
1998         (WTF::printInternal):
1999         * jit/GPRInfo.cpp:
2000         * jit/GPRInfo.h:
2001         (WTF::printInternal):
2002         * jit/HostCallReturnValue.cpp:
2003         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
2004         * jit/HostCallReturnValue.h:
2005         * jit/JITOperations.cpp:
2006         (JSC::getHostCallReturnValueWithExecState): Deleted.
2007         * jit/JITOperationsMSVC64.cpp:
2008         * jit/Reg.cpp:
2009         * jit/Reg.h:
2010         * jit/RegisterAtOffset.cpp:
2011         * jit/RegisterAtOffset.h:
2012         * jit/RegisterAtOffsetList.cpp:
2013         * jit/RegisterAtOffsetList.h:
2014         * jit/RegisterMap.h:
2015         * jit/RegisterSet.cpp:
2016         * jit/RegisterSet.h:
2017         * jit/TempRegisterSet.cpp:
2018         * jit/TempRegisterSet.h:
2019         * llint/LLIntCLoop.cpp:
2020         * llint/LLIntCLoop.h:
2021         * llint/LLIntData.cpp:
2022         (JSC::LLInt::initialize):
2023         (JSC::LLInt::Data::performAssertions):
2024         * llint/LLIntData.h:
2025         * llint/LLIntOfflineAsmConfig.h:
2026         * llint/LLIntOpcode.h:
2027         * llint/LLIntPCRanges.h:
2028         * llint/LLIntSlowPaths.cpp:
2029         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2030         * llint/LLIntSlowPaths.h:
2031         * llint/LLIntThunks.cpp:
2032         * llint/LowLevelInterpreter.cpp:
2033         * llint/LowLevelInterpreter.h:
2034         * runtime/JSCJSValue.h:
2035         * runtime/MachineContext.h:
2036         * runtime/SamplingProfiler.cpp:
2037         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
2038         for LLInt ASM interpreter with non JIT configuration.
2039         * runtime/TestRunnerUtils.cpp:
2040         (JSC::optimizeNextInvocation):
2041         * runtime/VM.cpp:
2042         (JSC::VM::VM):
2043         (JSC::VM::getHostFunction):
2044         (JSC::VM::updateSoftReservedZoneSize):
2045         (JSC::sanitizeStackForVM):
2046         (JSC::VM::committedStackByteCount):
2047         * runtime/VM.h:
2048         * runtime/VMInlines.h:
2049         (JSC::VM::ensureStackCapacityFor):
2050         (JSC::VM::isSafeToRecurseSoft const):
2051
2052 2018-09-21  Keith Miller  <keith_miller@apple.com>
2053
2054         Add Promise SPI
2055         https://bugs.webkit.org/show_bug.cgi?id=189809
2056
2057         Reviewed by Saam Barati.
2058
2059         The Patch adds new SPI to create promises. It's mostly SPI because
2060         I want to see how internal users react to it before we make it
2061         public.
2062
2063         This patch adds a couple of new Obj-C SPI methods. The first
2064         creates a new promise using the same API that JS does where the
2065         user provides an executor callback. If an exception is raised
2066         in/to that callback the promise is automagically rejected. The
2067         other methods create a pre-resolved or rejected promise as this
2068         appears to be a common way to initialize a promise.
2069
2070         I was also considering adding a second version of executor API
2071         where it would catch specific Obj-C exceptions. This would work by
2072         taking a Class paramter and checking isKindOfClass: on the
2073         exception. I decided against this as nothing else in our API
2074         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2075         corrupt state if an Obj-C exception unwinds through JS frames.
2076
2077         This patch adds a new C function that will create a "deferred"
2078         promise. A deferred promise is a style of creating promise/futures
2079         where the resolve and reject functions are passed as outputs of a
2080         function. I went with this style for the C SPI because we don't have
2081         any concept of forwarding exceptions in the C API.
2082
2083         In order to make the C API work I refactored a bit of the promise code
2084         so that we can call a static method on JSDeferredPromise and just get
2085         the components without allocating an extra cell wrapper.
2086
2087         * API/JSContext.mm:
2088         (+[JSContext currentCallee]):
2089         * API/JSObjectRef.cpp:
2090         (JSObjectMakeDeferredPromise):
2091         * API/JSObjectRefPrivate.h:
2092         * API/JSValue.mm:
2093         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2094         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2095         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2096         * API/JSValuePrivate.h: Added.
2097         * API/JSVirtualMachine.mm:
2098         * API/JSVirtualMachinePrivate.h:
2099         * API/tests/testapi.c:
2100         (main):
2101         * API/tests/testapi.cpp:
2102         (APIContext::operator JSC::ExecState*):
2103         (TestAPI::failed const):
2104         (TestAPI::check):
2105         (TestAPI::basicSymbol):
2106         (TestAPI::symbolsTypeof):
2107         (TestAPI::symbolsGetPropertyForKey):
2108         (TestAPI::symbolsSetPropertyForKey):
2109         (TestAPI::symbolsHasPropertyForKey):
2110         (TestAPI::symbolsDeletePropertyForKey):
2111         (TestAPI::promiseResolveTrue):
2112         (TestAPI::promiseRejectTrue):
2113         (testCAPIViaCpp):
2114         (TestAPI::run): Deleted.
2115         * API/tests/testapi.mm:
2116         (testObjectiveCAPIMain):
2117         (promiseWithExecutor):
2118         (promiseRejectOnJSException):
2119         (promiseCreateResolved):
2120         (promiseCreateRejected):
2121         (parallelPromiseResolveTest):
2122         (testObjectiveCAPI):
2123         * JavaScriptCore.xcodeproj/project.pbxproj:
2124         * runtime/JSInternalPromiseDeferred.cpp:
2125         (JSC::JSInternalPromiseDeferred::create):
2126         * runtime/JSPromise.h:
2127         * runtime/JSPromiseConstructor.cpp:
2128         (JSC::constructPromise):
2129         * runtime/JSPromiseDeferred.cpp:
2130         (JSC::JSPromiseDeferred::createDeferredData):
2131         (JSC::JSPromiseDeferred::create):
2132         (JSC::JSPromiseDeferred::finishCreation):
2133         (JSC::newPromiseCapability): Deleted.
2134         * runtime/JSPromiseDeferred.h:
2135         (JSC::JSPromiseDeferred::promise const):
2136         (JSC::JSPromiseDeferred::resolve const):
2137         (JSC::JSPromiseDeferred::reject const):
2138
2139 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
2140
2141         Unreviewed, rolling out r236359.
2142
2143         Broke the Windows build.
2144
2145         Reverted changeset:
2146
2147         "Add Promise SPI"
2148         https://bugs.webkit.org/show_bug.cgi?id=189809
2149         https://trac.webkit.org/changeset/236359
2150
2151 2018-09-21  Mark Lam  <mark.lam@apple.com>
2152
2153         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
2154         https://bugs.webkit.org/show_bug.cgi?id=189855
2155         <rdar://problem/44680181>
2156
2157         Reviewed by Filip Pizlo.
2158
2159         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
2160         ExecState* argument.  This is intentional so that resolveRope() does not throw
2161         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
2162         get the VM from the cell instead of via the ExecState.
2163
2164         Also removed an obsolete and unused field in JSString.
2165
2166         * runtime/JSString.cpp:
2167         (JSC::JSRopeString::resolveRope const):
2168         (JSC::JSRopeString::outOfMemory const):
2169         * runtime/JSString.h:
2170         (JSC::JSString::tryGetValue const):
2171
2172 2018-09-21  Michael Saboff  <msaboff@apple.com>
2173
2174         Add functions to measure memory footprint to JSC
2175         https://bugs.webkit.org/show_bug.cgi?id=189768
2176
2177         Reviewed by Saam Barati.
2178
2179         Rolling this back in again.
2180
2181         Provide system memory metrics for the current process to aid in memory reduction measurement and
2182         tuning using native JS tests.
2183
2184         * jsc.cpp:
2185         (MemoryFootprint::now):
2186         (MemoryFootprint::resetPeak):
2187         (GlobalObject::finishCreation):
2188         (JSCMemoryFootprint::JSCMemoryFootprint):
2189         (JSCMemoryFootprint::createStructure):
2190         (JSCMemoryFootprint::create):
2191         (JSCMemoryFootprint::finishCreation):
2192         (JSCMemoryFootprint::addProperty):
2193         (functionResetMemoryPeak):
2194
2195 2018-09-21  Keith Miller  <keith_miller@apple.com>
2196
2197         Add Promise SPI
2198         https://bugs.webkit.org/show_bug.cgi?id=189809
2199
2200         Reviewed by Saam Barati.
2201
2202         The Patch adds new SPI to create promises. It's mostly SPI because
2203         I want to see how internal users react to it before we make it
2204         public.
2205
2206         This patch adds a couple of new Obj-C SPI methods. The first
2207         creates a new promise using the same API that JS does where the
2208         user provides an executor callback. If an exception is raised
2209         in/to that callback the promise is automagically rejected. The
2210         other methods create a pre-resolved or rejected promise as this
2211         appears to be a common way to initialize a promise.
2212
2213         I was also considering adding a second version of executor API
2214         where it would catch specific Obj-C exceptions. This would work by
2215         taking a Class paramter and checking isKindOfClass: on the
2216         exception. I decided against this as nothing else in our API
2217         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
2218         corrupt state if an Obj-C exception unwinds through JS frames.
2219
2220         This patch adds a new C function that will create a "deferred"
2221         promise. A deferred promise is a style of creating promise/futures
2222         where the resolve and reject functions are passed as outputs of a
2223         function. I went with this style for the C SPI because we don't have
2224         any concept of forwarding exceptions in the C API.
2225
2226         In order to make the C API work I refactored a bit of the promise code
2227         so that we can call a static method on JSDeferredPromise and just get
2228         the components without allocating an extra cell wrapper.
2229
2230         * API/JSContext.mm:
2231         (+[JSContext currentCallee]):
2232         * API/JSObjectRef.cpp:
2233         (JSObjectMakeDeferredPromise):
2234         * API/JSObjectRefPrivate.h:
2235         * API/JSValue.mm:
2236         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
2237         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
2238         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
2239         * API/JSValuePrivate.h: Added.
2240         * API/JSVirtualMachine.mm:
2241         * API/JSVirtualMachinePrivate.h:
2242         * API/tests/testapi.c:
2243         (main):
2244         * API/tests/testapi.cpp:
2245         (APIContext::operator JSC::ExecState*):
2246         (TestAPI::failed const):
2247         (TestAPI::check):
2248         (TestAPI::basicSymbol):
2249         (TestAPI::symbolsTypeof):
2250         (TestAPI::symbolsGetPropertyForKey):
2251         (TestAPI::symbolsSetPropertyForKey):
2252         (TestAPI::symbolsHasPropertyForKey):
2253         (TestAPI::symbolsDeletePropertyForKey):
2254         (TestAPI::promiseResolveTrue):
2255         (TestAPI::promiseRejectTrue):
2256         (testCAPIViaCpp):
2257         (TestAPI::run): Deleted.
2258         * API/tests/testapi.mm:
2259         (testObjectiveCAPIMain):
2260         (promiseWithExecutor):
2261         (promiseRejectOnJSException):
2262         (promiseCreateResolved):
2263         (promiseCreateRejected):
2264         (parallelPromiseResolveTest):
2265         (testObjectiveCAPI):
2266         * JavaScriptCore.xcodeproj/project.pbxproj:
2267         * runtime/JSInternalPromiseDeferred.cpp:
2268         (JSC::JSInternalPromiseDeferred::create):
2269         * runtime/JSPromise.h:
2270         * runtime/JSPromiseConstructor.cpp:
2271         (JSC::constructPromise):
2272         * runtime/JSPromiseDeferred.cpp:
2273         (JSC::JSPromiseDeferred::createDeferredData):
2274         (JSC::JSPromiseDeferred::create):
2275         (JSC::JSPromiseDeferred::finishCreation):
2276         (JSC::newPromiseCapability): Deleted.
2277         * runtime/JSPromiseDeferred.h:
2278         (JSC::JSPromiseDeferred::promise const):
2279         (JSC::JSPromiseDeferred::resolve const):
2280         (JSC::JSPromiseDeferred::reject const):
2281
2282 2018-09-21  Truitt Savell  <tsavell@apple.com>
2283
2284         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
2285         https://bugs.webkit.org/show_bug.cgi?id=156674
2286
2287         Unreviewed Test Gardening
2288
2289         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2290         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2291
2292 2018-09-21  Mike Gorse  <mgorse@suse.com>
2293
2294         Build tools should work when the /usr/bin/python is python3
2295         https://bugs.webkit.org/show_bug.cgi?id=156674
2296
2297         Reviewed by Michael Catanzaro.
2298
2299         * Scripts/cssmin.py:
2300         * Scripts/generate-js-builtins.py:
2301         (do_open):
2302         (generate_bindings_for_builtins_files):
2303         * Scripts/generateIntlCanonicalizeLanguage.py:
2304         * Scripts/jsmin.py:
2305         (JavascriptMinify.minify.write):
2306         (JavascriptMinify):
2307         (JavascriptMinify.minify):
2308         * Scripts/make-js-file-arrays.py:
2309         (chunk):
2310         (main):
2311         * Scripts/wkbuiltins/__init__.py:
2312         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
2313         (generate_section_for_global_private_code_name_macro):
2314         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
2315         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
2316         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
2317         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
2318         * Scripts/wkbuiltins/builtins_model.py:
2319         (BuiltinFunction.__lt__):
2320         (BuiltinsCollection.copyrights):
2321         (BuiltinsCollection._parse_functions):
2322         * disassembler/udis86/ud_opcode.py:
2323         (UdOpcodeTables.pprint.printWalk):
2324         * generate-bytecode-files:
2325         * inspector/scripts/codegen/__init__.py:
2326         * inspector/scripts/codegen/cpp_generator.py:
2327         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2328         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
2329         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2330         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
2331         (CppBackendDispatcherHeaderGenerator.generate_output):
2332         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2333         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2334         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
2335         (CppBackendDispatcherImplementationGenerator.generate_output):
2336         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2337         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
2338         (CppFrontendDispatcherHeaderGenerator.generate_output):
2339         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2340         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
2341         (CppFrontendDispatcherImplementationGenerator.generate_output):
2342         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2343         (CppProtocolTypesHeaderGenerator.generate_output):
2344         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
2345         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2346         (CppProtocolTypesImplementationGenerator.generate_output):
2347         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
2348         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
2349         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2350         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
2351         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
2352         * inspector/scripts/codegen/generate_js_backend_commands.py:
2353         (JSBackendCommandsGenerator.should_generate_domain):
2354         (JSBackendCommandsGenerator.domains_to_generate):
2355         (JSBackendCommandsGenerator.generate_output):
2356         (JSBackendCommandsGenerator.generate_domain):
2357         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2358         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
2359         (ObjCBackendDispatcherHeaderGenerator.generate_output):
2360         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2361         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
2362         (ObjCBackendDispatcherImplementationGenerator.generate_output):
2363         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
2364         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2365         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2366         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2367         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
2368         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
2369         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2370         * inspector/scripts/codegen/generate_objc_header.py:
2371         (ObjCHeaderGenerator.generate_output):
2372         (ObjCHeaderGenerator._generate_type_interface):
2373         * inspector/scripts/codegen/generate_objc_internal_header.py:
2374         (ObjCInternalHeaderGenerator.generate_output):
2375         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2376         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
2377         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
2378         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2379         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
2380         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2381         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
2382         (ObjCProtocolTypesImplementationGenerator.generate_output):
2383         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
2384         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2385         * inspector/scripts/codegen/generator.py:
2386         (Generator.non_supplemental_domains):
2387         (Generator.open_fields):
2388         (Generator.calculate_types_requiring_shape_assertions):
2389         (Generator._traverse_and_assign_enum_values):
2390         (Generator.stylized_name_for_enum_value):
2391         * inspector/scripts/codegen/models.py:
2392         (find_duplicates):
2393         * inspector/scripts/codegen/objc_generator.py:
2394         * wasm/generateWasm.py:
2395         (opcodeIterator):
2396         * yarr/generateYarrCanonicalizeUnicode:
2397         * yarr/generateYarrUnicodePropertyTables.py:
2398         * yarr/hasher.py:
2399         (stringHash):
2400
2401 2018-09-21  Tomas Popela  <tpopela@redhat.com>
2402
2403         [ARM] Build broken on armv7hl after r235517
2404         https://bugs.webkit.org/show_bug.cgi?id=189831
2405
2406         Reviewed by Yusuke Suzuki.
2407
2408         Add missing implementation of patchebleBranch8() for traditional ARM.
2409
2410         * assembler/MacroAssemblerARM.h:
2411         (JSC::MacroAssemblerARM::patchableBranch8):
2412
2413 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2414
2415         Unreviewed, rolling out r236293.
2416
2417         Internal build still broken.
2418
2419         Reverted changeset:
2420
2421         "Add functions to measure memory footprint to JSC"
2422         https://bugs.webkit.org/show_bug.cgi?id=189768
2423         https://trac.webkit.org/changeset/236293
2424
2425 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2426
2427         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
2428         https://bugs.webkit.org/show_bug.cgi?id=189558
2429
2430         Reviewed by Mark Lam.
2431
2432         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
2433
2434             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
2435
2436         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
2437         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
2438
2439         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
2440         And we propagate this value to the global atomic counter when rebalance happens.
2441
2442         We also reduce HeapCell::heap() access by using `vm.heap`.
2443
2444         * heap/SlotVisitor.cpp:
2445         (JSC::SlotVisitor::didStartMarking):
2446         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
2447         (JSC::SlotVisitor::drain):
2448         (JSC::SlotVisitor::performIncrementOfDraining):
2449         * heap/SlotVisitor.h:
2450         * heap/SlotVisitorInlines.h:
2451         (JSC::SlotVisitor::reportExtraMemoryVisited):
2452         * runtime/JSString.cpp:
2453         (JSC::JSRopeString::resolveRopeToAtomicString const):
2454         (JSC::JSRopeString::resolveRope const):
2455         * runtime/JSString.h:
2456         (JSC::JSString::finishCreation):
2457         * wasm/js/JSWebAssemblyInstance.cpp:
2458         (JSC::JSWebAssemblyInstance::finishCreation):
2459         * wasm/js/JSWebAssemblyMemory.cpp:
2460         (JSC::JSWebAssemblyMemory::finishCreation):
2461
2462 2018-09-20  Michael Saboff  <msaboff@apple.com>
2463
2464         Add functions to measure memory footprint to JSC
2465         https://bugs.webkit.org/show_bug.cgi?id=189768
2466
2467         Reviewed by Saam Barati.
2468
2469         Rolling this back in.
2470
2471         Provide system memory metrics for the current process to aid in memory reduction measurement and
2472         tuning using native JS tests.
2473
2474         * jsc.cpp:
2475         (MemoryFootprint::now):
2476         (MemoryFootprint::resetPeak):
2477         (GlobalObject::finishCreation):
2478         (JSCMemoryFootprint::JSCMemoryFootprint):
2479         (JSCMemoryFootprint::createStructure):
2480         (JSCMemoryFootprint::create):
2481         (JSCMemoryFootprint::finishCreation):
2482         (JSCMemoryFootprint::addProperty):
2483         (functionResetMemoryPeak):
2484
2485 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
2486
2487         Unreviewed, rolling out r236235.
2488
2489         Breaks internal builds.
2490
2491         Reverted changeset:
2492
2493         "Add functions to measure memory footprint to JSC"
2494         https://bugs.webkit.org/show_bug.cgi?id=189768
2495         https://trac.webkit.org/changeset/236235
2496
2497 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
2498
2499         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
2500         https://bugs.webkit.org/show_bug.cgi?id=189730
2501
2502         Reviewed by Saam Barati.
2503
2504         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
2505
2506         * jit/JITMathIC.h:
2507         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
2508
2509 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2510
2511         [JSC] Optimize Array#indexOf in C++ runtime
2512         https://bugs.webkit.org/show_bug.cgi?id=189507
2513
2514         Reviewed by Saam Barati.
2515
2516         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
2517         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
2518         and actually it is working well, C++ Array#indexOf is called significant amount
2519         of time before tiering up, and it takes 6.74% of jsc main thread samples according
2520         to perf command in Linux. This is because C++ Array#indexOf is too generic and
2521         misses the chance to optimize JSArray cases.
2522
2523         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
2524         access to the given JSArray is non-observable and indexing type is good for the fast
2525         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
2526         babylon web-tooling-benchmark.
2527
2528         * runtime/ArrayPrototype.cpp:
2529         (JSC::arrayProtoFuncIndexOf):
2530         * runtime/JSArray.h:
2531         * runtime/JSArrayInlines.h:
2532         (JSC::JSArray::canDoFastIndexedAccess):
2533         (JSC::toLength):
2534         * runtime/JSCJSValueInlines.h:
2535         (JSC::JSValue::JSValue):
2536         * runtime/JSGlobalObject.h:
2537         * runtime/JSGlobalObjectInlines.h:
2538         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
2539         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
2540         * runtime/MathCommon.h:
2541         (JSC::canBeStrictInt32):
2542         (JSC::canBeInt32):
2543
2544 2018-09-19  Michael Saboff  <msaboff@apple.com>
2545
2546         Add functions to measure memory footprint to JSC
2547         https://bugs.webkit.org/show_bug.cgi?id=189768
2548
2549         Reviewed by Saam Barati.
2550
2551         Provide system memory metrics for the current process to aid in memory reduction measurement and
2552         tuning using native JS tests.
2553
2554         * jsc.cpp:
2555         (MemoryFootprint::now):
2556         (MemoryFootprint::resetPeak):
2557         (GlobalObject::finishCreation):
2558         (JSCMemoryFootprint::JSCMemoryFootprint):
2559         (JSCMemoryFootprint::createStructure):
2560         (JSCMemoryFootprint::create):
2561         (JSCMemoryFootprint::finishCreation):
2562         (JSCMemoryFootprint::addProperty):
2563         (functionResetMemoryPeak):
2564
2565 2018-09-19  Saam barati  <sbarati@apple.com>
2566
2567         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
2568         https://bugs.webkit.org/show_bug.cgi?id=189703
2569
2570         Reviewed by Mark Lam.
2571
2572         This fixes a crash that a TypeProfiler change revealed.
2573
2574         * dfg/DFGSpeculativeJIT64.cpp:
2575         (JSC::DFG::SpeculativeJIT::compile):
2576
2577 2018-09-19  Saam barati  <sbarati@apple.com>
2578
2579         AI rule for MultiPutByOffset executes its effects in the wrong order
2580         https://bugs.webkit.org/show_bug.cgi?id=189757
2581         <rdar://problem/43535257>
2582
2583         Reviewed by Michael Saboff.
2584
2585         The AI rule for MultiPutByOffset was executing effects in the wrong order.
2586         It first executed the transition effects and the effects on the base, and
2587         then executed the filtering effects on the value being stored. However, you
2588         can end up with the wrong type when the base and the value being stored
2589         are the same. E.g, in a program like `o.f = o`. These effects need to happen
2590         in the opposite order, modeling what happens in the runtime executing of
2591         MultiPutByOffset.
2592
2593         * dfg/DFGAbstractInterpreterInlines.h:
2594         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2595
2596 2018-09-18  Mark Lam  <mark.lam@apple.com>
2597
2598         Ensure that ForInContexts are invalidated if their loop local is over-written.
2599         https://bugs.webkit.org/show_bug.cgi?id=189571
2600         <rdar://problem/44402277>
2601
2602         Reviewed by Saam Barati.
2603
2604         Instead of hunting down every place in the BytecodeGenerator that potentially
2605         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
2606         the bytecode range of the loop body when the ForInContext is popped, and
2607         invalidate the context if we ever find the loop temp variable over-written.
2608
2609         This has 2 benefits:
2610         1. It ensures that every type of opcode that can write to the loop temp will be
2611            handled appropriately, not just the op_mov that we've hunted down.
2612         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
2613            every time we emit an op_mov (or other opcodes that can write to a local)
2614            even when we're not inside a for-in loop.
2615
2616         JSC benchmarks show that that this change is performance neutral.
2617
2618         * bytecompiler/BytecodeGenerator.cpp:
2619         (JSC::BytecodeGenerator::pushIndexedForInScope):
2620         (JSC::BytecodeGenerator::popIndexedForInScope):
2621         (JSC::BytecodeGenerator::pushStructureForInScope):
2622         (JSC::BytecodeGenerator::popStructureForInScope):
2623         (JSC::ForInContext::finalize):
2624         (JSC::StructureForInContext::finalize):
2625         (JSC::IndexedForInContext::finalize):
2626         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
2627         * bytecompiler/BytecodeGenerator.h:
2628         (JSC::ForInContext::ForInContext):
2629         (JSC::ForInContext::bodyBytecodeStartOffset const):
2630         (JSC::StructureForInContext::StructureForInContext):
2631         (JSC::IndexedForInContext::IndexedForInContext):
2632         * bytecompiler/NodesCodegen.cpp:
2633         (JSC::PostfixNode::emitResolve):
2634         (JSC::PrefixNode::emitResolve):
2635         (JSC::ReadModifyResolveNode::emitBytecode):
2636         (JSC::AssignResolveNode::emitBytecode):
2637         (JSC::EmptyLetExpression::emitBytecode):
2638         (JSC::ForInNode::emitLoopHeader):
2639         (JSC::ForOfNode::emitBytecode):
2640         (JSC::BindingNode::bindValue const):
2641         (JSC::AssignmentElementNode::bindValue const):
2642         * runtime/CommonSlowPaths.cpp:
2643         (JSC::SLOW_PATH_DECL):
2644
2645 2018-09-17  Devin Rousso  <drousso@apple.com>
2646
2647         Web Inspector: generate CSSKeywordCompletions from backend values
2648         https://bugs.webkit.org/show_bug.cgi?id=189041
2649
2650         Reviewed by Joseph Pecoraro.
2651
2652         * inspector/protocol/CSS.json:
2653         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
2654
2655 2018-09-17  Saam barati  <sbarati@apple.com>
2656
2657         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
2658         https://bugs.webkit.org/show_bug.cgi?id=189676
2659         <rdar://problem/39682897>
2660
2661         Reviewed by Michael Saboff.
2662
2663         Because the incoming value may be TDZ, CheckStructure may end up crashing.
2664         Since the Type Profile does not currently record TDZ values in any of its
2665         data structures, this is not a semantic change in how it will show you data.
2666         It just fixes crashes when we emit a CheckStructure and the incoming value
2667         is TDZ.
2668
2669         * dfg/DFGFixupPhase.cpp:
2670         (JSC::DFG::FixupPhase::fixupNode):
2671         * dfg/DFGNode.h:
2672         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
2673
2674 2018-09-17  Darin Adler  <darin@apple.com>
2675
2676         Use OpaqueJSString rather than JSRetainPtr inside WebKit
2677         https://bugs.webkit.org/show_bug.cgi?id=189652
2678
2679         Reviewed by Saam Barati.
2680
2681         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
2682         JSStringRef.h.
2683
2684         * API/JSContext.mm:
2685         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
2686         than JSStringCreateWithCFString, simplifying the code and also obviating the
2687         need for explicit JSStringRelease.
2688         (-[JSContext setName:]): Ditto.
2689
2690         * API/JSStringRef.cpp:
2691         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
2692         It seems that additional optimization is possible, obviating the need to allocate
2693         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
2694
2695         * API/JSValue.mm:
2696         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
2697         OpaqueJSString::create and adoptRef as appropriate.
2698         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
2699         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
2700         (performPropertyOperation): Ditto.
2701         (-[JSValue invokeMethod:withArguments:]): Ditto.
2702         (valueToObjectWithoutCopy): Ditto.
2703         (containerValueToObject): Ditto.
2704         (valueToString): Ditto.
2705         (objectToValueWithoutCopy): Ditto.
2706         (objectToValue): Ditto.
2707
2708 2018-09-08  Darin Adler  <darin@apple.com>
2709
2710         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
2711         https://bugs.webkit.org/show_bug.cgi?id=189455
2712
2713         Reviewed by Keith Miller.
2714
2715         * API/JSObjectRef.cpp:
2716         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
2717         JSRetainPtr<JSStringRef>.
2718         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
2719         adopt constructor.
2720         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
2721         the array elements are now Ref.
2722
2723         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
2724         it only works for two specific unrelated types, JSStringRef and
2725         JSGlobalContextRef. Simplified the default constructor using data
2726         member initialization. Prepared to make the adopt constructor private
2727         (got everything compiling that way, then made it public again so that
2728         Apple internal software will still build). Got rid of unneeded
2729         templated constructor and assignment operator, since it's not relevant
2730         since there is no inheritance between JSRetainPtr template types.
2731         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
2732         Added move constructor and move assignment operator for slightly better
2733         performance. Simplified implementations of various member functions
2734         so they are more obviously correct, by using leakPtr in more of them
2735         and using std::exchange to make the flow of values more obvious.
2736
2737         * API/JSValue.mm:
2738         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
2739         missing JSStringRelease to fix a leak.
2740
2741         * API/tests/CustomGlobalObjectClassTest.c:
2742         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
2743         (globalObjectSetPrototypeTest): Ditto.
2744         (globalObjectPrivatePropertyTest): Ditto.
2745
2746         * API/tests/ExecutionTimeLimitTest.cpp:
2747         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
2748         (testExecutionTimeLimit): Ditto, lots more.
2749
2750         * API/tests/FunctionOverridesTest.cpp:
2751         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
2752
2753         * API/tests/JSObjectGetProxyTargetTest.cpp:
2754         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
2755         a leak.
2756
2757         * API/tests/PingPongStackOverflowTest.cpp:
2758         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
2759         JSStringRelease to fix leaks.
2760
2761         * API/tests/testapi.c:
2762         (throwException): Added. Helper function for repeated idiom where we want
2763         to throw an exception, but with additional JSStringRelease calls so we don't
2764         have to leak just to keep the code simpler to read.
2765         (MyObject_getProperty): Use throwException.
2766         (MyObject_setProperty): Ditto.
2767         (MyObject_deleteProperty): Ditto.
2768         (isValueEqualToString): Added. Helper function for an idiom where we check
2769         if something is a string and then if it's equal to a particular string
2770         constant, but a version that has an additional JSStringRelease call so we
2771         don't have to leak just to keep the code simpler to read.
2772         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
2773         (MyObject_callAsConstructor): Ditto.
2774         (MyObject_hasInstance): Ditto.
2775         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
2776         (testMarkingConstraintsAndHeapFinalizers): Ditto.
2777
2778 2018-09-14  Saam barati  <sbarati@apple.com>
2779
2780         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
2781         https://bugs.webkit.org/show_bug.cgi?id=189628
2782         <rdar://problem/39481690>
2783
2784         Reviewed by Mark Lam.
2785
2786         An Availability may point to a Node. And that Node may be removed from
2787         the graph, e.g, it's freed and its memory is no longer owned by Graph.
2788         This patch makes it so we no longer dump this metadata by default. If
2789         this metadata is interesting to you, you'll need to go in and change
2790         Graph::dump to dump the needed metadata.
2791
2792         * dfg/DFGGraph.cpp:
2793         (JSC::DFG::Graph::dump):
2794
2795 2018-09-14  Mark Lam  <mark.lam@apple.com>
2796
2797         Refactor some ForInContext code for better encapsulation.
2798         https://bugs.webkit.org/show_bug.cgi?id=189626
2799         <rdar://problem/44466415>
2800
2801         Reviewed by Keith Miller.
2802
2803         1. Add a ForInContext::m_type field to store the context type.  This does not
2804            increase the class size, but eliminates the need for a virtual call to get the
2805            type.
2806
2807            Note: we still need a virtual destructor because we'll be mingling
2808            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
2809
2810         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
2811            convenience methods.
2812
2813         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
2814            to do the casting to the subclass types.  This ensures that we'll properly
2815            assert that the casting is legal.
2816
2817         * bytecompiler/BytecodeGenerator.cpp:
2818         (JSC::BytecodeGenerator::emitGetByVal):
2819         (JSC::BytecodeGenerator::popIndexedForInScope):
2820         (JSC::BytecodeGenerator::popStructureForInScope):
2821         * bytecompiler/BytecodeGenerator.h:
2822         (JSC::ForInContext::type const):
2823         (JSC::ForInContext::isIndexedForInContext const):
2824         (JSC::ForInContext::isStructureForInContext const):
2825         (JSC::ForInContext::asIndexedForInContext):
2826         (JSC::ForInContext::asStructureForInContext):
2827         (JSC::ForInContext::ForInContext):
2828         (JSC::StructureForInContext::StructureForInContext):
2829         (JSC::IndexedForInContext::IndexedForInContext):
2830         (JSC::ForInContext::~ForInContext): Deleted.
2831
2832 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
2833
2834         Web Inspector: Record actions performed on ImageBitmapRenderingContext
2835         https://bugs.webkit.org/show_bug.cgi?id=181341
2836
2837         Reviewed by Joseph Pecoraro.
2838
2839         * inspector/protocol/Recording.json:
2840         * inspector/scripts/codegen/generator.py:
2841
2842 2018-09-14  Mike Gorse  <mgorse@suse.com>
2843
2844         builtins directory causes name conflict on Python 3
2845         https://bugs.webkit.org/show_bug.cgi?id=189552
2846
2847         Reviewed by Michael Catanzaro.
2848
2849         * CMakeLists.txt: builtins -> wkbuiltins.
2850         * DerivedSources.make: builtins -> wkbuiltins.
2851         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
2852           builtins.
2853         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
2854         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
2855         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
2856         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
2857         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
2858         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
2859         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
2860         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
2861         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
2862         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
2863         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
2864         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
2865
2866 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2867
2868         [WebAssembly] Inline WasmContext accessor functions
2869         https://bugs.webkit.org/show_bug.cgi?id=189416
2870
2871         Reviewed by Saam Barati.
2872
2873         WasmContext accessor functions are very small while it resides in the critical path of
2874         JS to Wasm function call. This patch makes them inline to improve performance.
2875         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
2876
2877         * JavaScriptCore.xcodeproj/project.pbxproj:
2878         * Sources.txt:
2879         * interpreter/CallFrame.cpp:
2880         * jit/AssemblyHelpers.cpp:
2881         * wasm/WasmB3IRGenerator.cpp:
2882         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
2883         (JSC::Wasm::Context::useFastTLS):
2884         (JSC::Wasm::Context::load const):
2885         (JSC::Wasm::Context::store):
2886         * wasm/WasmMemoryInformation.cpp:
2887         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
2888         * wasm/js/JSToWasm.cpp:
2889         * wasm/js/WebAssemblyFunction.cpp:
2890
2891 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2892
2893         Move JavaScriptCore files to match Xcode project hierarchy
2894         <https://webkit.org/b/189574>
2895
2896         Reviewed by Filip Pizlo.
2897
2898         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
2899         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
2900         * CMakeLists.txt: Update for new path to
2901         generateYarrUnicodePropertyTables.py, hasher.py and
2902         JSAPIValueWrapper.h.
2903         * DerivedSources.make: Ditto. Add missing dependency on
2904         hasher.py captured by CMakeLists.txt.
2905         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
2906         reference paths. Add hasher.py library to project.
2907         * Sources.txt: Update for new path to
2908         JSAPIValueWrapper.cpp.
2909         * runtime/JSImmutableButterfly.h: Add missing includes
2910         after changes to Sources.txt and regenerating unified
2911         sources.
2912         * runtime/RuntimeType.h: Ditto.
2913         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
2914         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
2915
2916 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2917
2918         Let Xcode have its way with the JavaScriptCore project
2919
2920         * JavaScriptCore.xcodeproj/project.pbxproj:
2921
2922 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
2923
2924         Add IGNORE_WARNING_.* macros
2925         https://bugs.webkit.org/show_bug.cgi?id=188996
2926
2927         Reviewed by Michael Catanzaro.
2928
2929         * API/JSCallbackObject.h:
2930         * API/tests/testapi.c:
2931         * assembler/LinkBuffer.h:
2932         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
2933         * b3/B3LowerToAir.cpp:
2934         * b3/B3Opcode.cpp:
2935         * b3/B3Type.h:
2936         * b3/B3TypeMap.h:
2937         * b3/B3Width.h:
2938         * b3/air/AirArg.cpp:
2939         * b3/air/AirArg.h:
2940         * b3/air/AirCode.h:
2941         * bytecode/Opcode.h:
2942         (JSC::padOpcodeName):
2943         * dfg/DFGSpeculativeJIT.cpp:
2944         (JSC::DFG::SpeculativeJIT::speculateNumber):
2945         (JSC::DFG::SpeculativeJIT::speculateMisc):
2946         * dfg/DFGSpeculativeJIT64.cpp:
2947         * ftl/FTLOutput.h:
2948         * jit/CCallHelpers.h:
2949         (JSC::CCallHelpers::calculatePokeOffset):
2950         * llint/LLIntData.cpp:
2951         * llint/LLIntSlowPaths.cpp:
2952         (JSC::LLInt::slowPathLogF):
2953         * runtime/ConfigFile.cpp:
2954         (JSC::ConfigFile::canonicalizePaths):
2955         * runtime/JSDataViewPrototype.cpp:
2956         * runtime/JSGenericTypedArrayViewConstructor.h:
2957         * runtime/JSGenericTypedArrayViewPrototype.h:
2958         * runtime/Options.cpp:
2959         (JSC::Options::setAliasedOption):
2960         * tools/CodeProfiling.cpp:
2961         * wasm/WasmSections.h:
2962         * wasm/generateWasmValidateInlinesHeader.py:
2963
2964 == Rolled over to ChangeLog-2018-09-11 ==