1 2015-08-04 Filip Pizlo <fpizlo@apple.com>
3 Rename Mutex to DeprecatedMutex
4 https://bugs.webkit.org/show_bug.cgi?id=147675
6 Reviewed by Geoffrey Garen.
8 * bytecode/SamplingTool.cpp:
9 (JSC::SamplingTool::doRun):
10 (JSC::SamplingTool::notifyOfScope):
11 * bytecode/SamplingTool.h:
12 * dfg/DFGThreadData.h:
13 * dfg/DFGWorklist.cpp:
14 (JSC::DFG::Worklist::~Worklist):
15 (JSC::DFG::Worklist::isActiveForVM):
16 (JSC::DFG::Worklist::enqueue):
17 (JSC::DFG::Worklist::compilationState):
18 (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
19 (JSC::DFG::Worklist::removeAllReadyPlansForVM):
20 (JSC::DFG::Worklist::completeAllReadyPlansForVM):
21 (JSC::DFG::Worklist::visitWeakReferences):
22 (JSC::DFG::Worklist::removeDeadPlans):
23 (JSC::DFG::Worklist::queueLength):
24 (JSC::DFG::Worklist::dump):
25 (JSC::DFG::Worklist::runThread):
27 * disassembler/Disassembler.cpp:
28 * heap/CopiedSpace.cpp:
29 (JSC::CopiedSpace::doneFillingBlock):
30 (JSC::CopiedSpace::doneCopying):
32 * heap/CopiedSpaceInlines.h:
33 (JSC::CopiedSpace::recycleBorrowedBlock):
34 (JSC::CopiedSpace::allocateBlockForCopyingPhase):
36 * heap/MachineStackMarker.cpp:
37 (JSC::ActiveMachineThreadsManager::Locker::Locker):
38 (JSC::ActiveMachineThreadsManager::add):
39 (JSC::ActiveMachineThreadsManager::remove):
40 (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
41 (JSC::MachineThreads::~MachineThreads):
42 (JSC::MachineThreads::addCurrentThread):
43 (JSC::MachineThreads::removeThreadIfFound):
44 (JSC::MachineThreads::tryCopyOtherThreadStack):
45 (JSC::MachineThreads::tryCopyOtherThreadStacks):
46 (JSC::MachineThreads::gatherConservativeRoots):
47 * heap/MachineStackMarker.h:
48 * interpreter/JSStack.cpp:
49 (JSC::stackStatisticsMutex):
50 (JSC::JSStack::addToCommittedByteCount):
51 (JSC::JSStack::committedByteCount):
53 * profiler/ProfilerDatabase.h:
55 2015-08-05 Saam barati <saambarati1@gmail.com>
57 Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
58 https://bugs.webkit.org/show_bug.cgi?id=147657
62 This kills the last of the name scope objects. Function name scopes are
63 now built on top of the scoping mechanisms introduced with ES6 block scoping.
64 A name scope is now just a JSLexicalEnvironment. We treat assignments to the
65 function name scoped variable carefully depending on if the function is in
66 strict mode. If we're in strict mode, then we treat the variable exactly
67 like a "const" variable. If we're not in strict mode, we can't treat
68 this variable like like ES6 "const" because that would cause the bytecode
69 generator to throw an exception when it shouldn't.
72 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
73 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
74 * JavaScriptCore.xcodeproj/project.pbxproj:
75 * bytecode/BytecodeList.json:
76 * bytecode/BytecodeUseDef.h:
77 (JSC::computeUsesForBytecodeOffset):
78 (JSC::computeDefsForBytecodeOffset):
79 * bytecode/CodeBlock.cpp:
80 (JSC::CodeBlock::dumpBytecode):
81 * bytecompiler/BytecodeGenerator.cpp:
82 (JSC::BytecodeGenerator::BytecodeGenerator):
83 (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
84 (JSC::BytecodeGenerator::pushLexicalScope):
85 (JSC::BytecodeGenerator::pushLexicalScopeInternal):
86 (JSC::BytecodeGenerator::variable):
87 (JSC::BytecodeGenerator::resolveType):
88 (JSC::BytecodeGenerator::emitThrowTypeError):
89 (JSC::BytecodeGenerator::emitPushFunctionNameScope):
90 (JSC::BytecodeGenerator::pushScopedControlFlowContext):
91 (JSC::BytecodeGenerator::emitPushCatchScope):
92 * bytecompiler/BytecodeGenerator.h:
93 * bytecompiler/NodesCodegen.cpp:
94 * debugger/DebuggerScope.cpp:
95 * dfg/DFGOperations.cpp:
96 * interpreter/Interpreter.cpp:
98 (JSC::JIT::privateCompileMainPass):
100 * jit/JITOpcodes.cpp:
101 (JSC::JIT::emit_op_to_string):
102 (JSC::JIT::emit_op_catch):
103 (JSC::JIT::emit_op_push_name_scope): Deleted.
104 * jit/JITOpcodes32_64.cpp:
105 (JSC::JIT::emitSlow_op_to_string):
106 (JSC::JIT::emit_op_catch):
107 (JSC::JIT::emit_op_push_name_scope): Deleted.
108 * jit/JITOperations.cpp:
109 (JSC::pushNameScope): Deleted.
110 * llint/LLIntSlowPaths.cpp:
111 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
112 * llint/LLIntSlowPaths.h:
113 * llint/LowLevelInterpreter.asm:
115 * runtime/CommonSlowPaths.cpp:
116 * runtime/Executable.cpp:
117 (JSC::ScriptExecutable::newCodeBlockFor):
118 * runtime/JSFunctionNameScope.cpp: Removed.
119 * runtime/JSFunctionNameScope.h: Removed.
120 * runtime/JSGlobalObject.cpp:
121 (JSC::JSGlobalObject::init):
122 (JSC::JSGlobalObject::visitChildren):
123 * runtime/JSGlobalObject.h:
124 (JSC::JSGlobalObject::withScopeStructure):
125 (JSC::JSGlobalObject::strictEvalActivationStructure):
126 (JSC::JSGlobalObject::activationStructure):
127 (JSC::JSGlobalObject::directArgumentsStructure):
128 (JSC::JSGlobalObject::scopedArgumentsStructure):
129 (JSC::JSGlobalObject::outOfBandArgumentsStructure):
130 (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
131 * runtime/JSNameScope.cpp: Removed.
132 * runtime/JSNameScope.h: Removed.
133 * runtime/JSObject.cpp:
134 (JSC::JSObject::toThis):
135 (JSC::JSObject::seal):
136 (JSC::JSObject::isFunctionNameScopeObject): Deleted.
137 * runtime/JSObject.h:
138 * runtime/JSScope.cpp:
139 (JSC::JSScope::isCatchScope):
140 (JSC::JSScope::isFunctionNameScopeObject):
141 (JSC::resolveModeName):
143 * runtime/JSSymbolTableObject.cpp:
144 * runtime/SymbolTable.h:
147 2015-08-05 Joseph Pecoraro <pecoraro@apple.com>
149 Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
150 https://bugs.webkit.org/show_bug.cgi?id=147679
152 Reviewed by Timothy Hatcher.
154 Improve native iterator support for the PropertyName Iterator by
155 allowing inspection of the internal object within the iterator
156 and peeking of the next upcoming values of the iterator.
158 * inspector/JSInjectedScriptHost.cpp:
159 (Inspector::JSInjectedScriptHost::subtype):
160 (Inspector::JSInjectedScriptHost::getInternalProperties):
161 (Inspector::JSInjectedScriptHost::iteratorEntries):
162 * runtime/JSPropertyNameIterator.h:
163 (JSC::JSPropertyNameIterator::iteratedValue):
165 2015-08-04 Brent Fulgham <bfulgham@apple.com>
167 [Win] Update Apple Windows build for VS2015
168 https://bugs.webkit.org/show_bug.cgi?id=147653
170 Reviewed by Dean Jackson.
172 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
173 Show JSC files in proper project locations in IDE.
175 2015-08-04 Joseph Pecoraro <pecoraro@apple.com>
177 Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
178 https://bugs.webkit.org/show_bug.cgi?id=147328
180 Reviewed by Timothy Hatcher.
182 * inspector/InjectedScriptSource.js:
183 Use classList and classList.toString instead of className.
185 2015-08-04 Yusuke Suzuki <utatane.tea@gmail.com>
187 [ES6] Support Module Syntax
188 https://bugs.webkit.org/show_bug.cgi?id=147422
190 Reviewed by Saam Barati.
192 This patch introduces ES6 Modules syntax parsing part.
193 In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
194 and this patch does not include the code generator part.
196 Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
197 and do not execute the body or construct the AST. And after analyzing all the dependent
198 modules, we will parse the dependent modules next.
199 After all analyzing part is done, we will start the second pass. In the second pass, we
200 will parse the module, produce the AST, and execute the body.
201 If we don't do so, we need to create all the ASTs in the module's dependent graph at first
202 because the given module can be executed after the all dependent modules are executed. It
203 means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
204 the dependent modules' information.
206 In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
207 This patch aims at just implementing the syntax parsing functionality correctly.
208 After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
209 to collect the dependent modules fast[1].
211 To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
212 By using this, we can parse the given string as the module.
214 [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
216 * bytecompiler/NodesCodegen.cpp:
217 (JSC::ModuleProgramNode::emitBytecode):
218 (JSC::ImportDeclarationNode::emitBytecode):
219 (JSC::ExportAllDeclarationNode::emitBytecode):
220 (JSC::ExportDefaultDeclarationNode::emitBytecode):
221 (JSC::ExportLocalDeclarationNode::emitBytecode):
222 (JSC::ExportNamedDeclarationNode::emitBytecode):
224 (GlobalObject::finishCreation):
225 (functionCheckModuleSyntax):
226 * parser/ASTBuilder.h:
227 (JSC::ASTBuilder::createModuleSpecifier):
228 (JSC::ASTBuilder::createImportSpecifier):
229 (JSC::ASTBuilder::createImportSpecifierList):
230 (JSC::ASTBuilder::appendImportSpecifier):
231 (JSC::ASTBuilder::createImportDeclaration):
232 (JSC::ASTBuilder::createExportAllDeclaration):
233 (JSC::ASTBuilder::createExportDefaultDeclaration):
234 (JSC::ASTBuilder::createExportLocalDeclaration):
235 (JSC::ASTBuilder::createExportNamedDeclaration):
236 (JSC::ASTBuilder::createExportSpecifier):
237 (JSC::ASTBuilder::createExportSpecifierList):
238 (JSC::ASTBuilder::appendExportSpecifier):
239 * parser/Keywords.table:
240 * parser/NodeConstructors.h:
241 (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
242 (JSC::ImportSpecifierNode::ImportSpecifierNode):
243 (JSC::ImportDeclarationNode::ImportDeclarationNode):
244 (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
245 (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
246 (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
247 (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
248 (JSC::ExportSpecifierNode::ExportSpecifierNode):
250 (JSC::ModuleProgramNode::ModuleProgramNode):
252 (JSC::ModuleProgramNode::startColumn):
253 (JSC::ModuleProgramNode::endColumn):
254 (JSC::ModuleSpecifierNode::moduleName):
255 (JSC::ImportSpecifierNode::importedName):
256 (JSC::ImportSpecifierNode::localName):
257 (JSC::ImportSpecifierListNode::specifiers):
258 (JSC::ImportSpecifierListNode::append):
259 (JSC::ImportDeclarationNode::specifierList):
260 (JSC::ImportDeclarationNode::moduleSpecifier):
261 (JSC::ExportAllDeclarationNode::moduleSpecifier):
262 (JSC::ExportDefaultDeclarationNode::declaration):
263 (JSC::ExportLocalDeclarationNode::declaration):
264 (JSC::ExportSpecifierNode::exportedName):
265 (JSC::ExportSpecifierNode::localName):
266 (JSC::ExportSpecifierListNode::specifiers):
267 (JSC::ExportSpecifierListNode::append):
268 (JSC::ExportNamedDeclarationNode::specifierList):
269 (JSC::ExportNamedDeclarationNode::moduleSpecifier):
271 (JSC::Parser<LexerType>::Parser):
272 (JSC::Parser<LexerType>::parseInner):
273 (JSC::Parser<LexerType>::parseModuleSourceElements):
274 (JSC::Parser<LexerType>::parseVariableDeclaration):
275 (JSC::Parser<LexerType>::parseVariableDeclarationList):
276 (JSC::Parser<LexerType>::createBindingPattern):
277 (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
278 (JSC::Parser<LexerType>::parseDestructuringPattern):
279 (JSC::Parser<LexerType>::parseForStatement):
280 (JSC::Parser<LexerType>::parseFormalParameters):
281 (JSC::Parser<LexerType>::parseFunctionParameters):
282 (JSC::Parser<LexerType>::parseFunctionDeclaration):
283 (JSC::Parser<LexerType>::parseClassDeclaration):
284 (JSC::Parser<LexerType>::parseModuleSpecifier):
285 (JSC::Parser<LexerType>::parseImportClauseItem):
286 (JSC::Parser<LexerType>::parseImportDeclaration):
287 (JSC::Parser<LexerType>::parseExportSpecifier):
288 (JSC::Parser<LexerType>::parseExportDeclaration):
289 (JSC::Parser<LexerType>::parseMemberExpression):
291 (JSC::isIdentifierOrKeyword):
292 (JSC::ModuleScopeData::create):
293 (JSC::ModuleScopeData::exportedBindings):
294 (JSC::ModuleScopeData::exportName):
295 (JSC::ModuleScopeData::exportBinding):
297 (JSC::Scope::setIsModule):
298 (JSC::Scope::moduleScopeData):
299 (JSC::Parser::matchContextualKeyword):
300 (JSC::Parser::matchIdentifierOrKeyword):
301 (JSC::Parser::isofToken): Deleted.
302 * parser/ParserModes.h:
303 * parser/ParserTokens.h:
304 * parser/SyntaxChecker.h:
305 (JSC::SyntaxChecker::createModuleSpecifier):
306 (JSC::SyntaxChecker::createImportSpecifier):
307 (JSC::SyntaxChecker::createImportSpecifierList):
308 (JSC::SyntaxChecker::appendImportSpecifier):
309 (JSC::SyntaxChecker::createImportDeclaration):
310 (JSC::SyntaxChecker::createExportAllDeclaration):
311 (JSC::SyntaxChecker::createExportDefaultDeclaration):
312 (JSC::SyntaxChecker::createExportLocalDeclaration):
313 (JSC::SyntaxChecker::createExportNamedDeclaration):
314 (JSC::SyntaxChecker::createExportSpecifier):
315 (JSC::SyntaxChecker::createExportSpecifierList):
316 (JSC::SyntaxChecker::appendExportSpecifier):
317 * runtime/CommonIdentifiers.cpp:
318 (JSC::CommonIdentifiers::CommonIdentifiers):
319 * runtime/CommonIdentifiers.h:
320 * runtime/Completion.cpp:
321 (JSC::checkModuleSyntax):
322 * runtime/Completion.h:
323 * tests/stress/modules-syntax-error-with-names.js: Added.
325 * tests/stress/modules-syntax-error.js: Added.
327 (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
328 * tests/stress/modules-syntax.js: Added.
329 (prototype.checkModuleSyntax):
331 * tests/stress/tagged-templates-syntax.js:
333 2015-08-03 Csaba Osztrogonác <ossy@webkit.org>
335 Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
336 https://bugs.webkit.org/show_bug.cgi?id=146833
338 Reviewed by Alexey Proskuryakov.
340 * assembler/ARM64Assembler.h:
341 * assembler/ARMAssembler.h:
342 (JSC::ARMAssembler::cacheFlush):
343 * assembler/MacroAssemblerARM.cpp:
345 * assembler/MacroAssemblerX86Common.h:
346 (JSC::MacroAssemblerX86Common::isSSE2Present):
347 * heap/MachineStackMarker.h:
348 * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
350 * jit/HostCallReturnValue.h:
352 * jit/JITOperations.cpp:
354 * jit/JITStubsARMv7.h:
356 * jit/JITStubsX86Common.h:
357 * jit/JITStubsX86_64.h:
358 * jit/ThunkGenerators.cpp:
359 * runtime/JSExportMacros.h:
360 * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
363 2015-08-03 Filip Pizlo <fpizlo@apple.com>
365 Unreviewed, fix uninitialized property leading to an assert.
367 * runtime/PutPropertySlot.h:
368 (JSC::PutPropertySlot::PutPropertySlot):
370 2015-08-03 Filip Pizlo <fpizlo@apple.com>
372 Unreviewed, fix Windows.
374 * bytecode/ObjectPropertyConditionSet.h:
375 (JSC::ObjectPropertyConditionSet::fromRawPointer):
377 2015-07-31 Filip Pizlo <fpizlo@apple.com>
379 DFG should have adaptive structure watchpoints
380 https://bugs.webkit.org/show_bug.cgi?id=146929
382 Reviewed by Geoffrey Garen.
384 Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
385 property, you'd check that the object still has the structure that you first saw the object have. We
386 optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
387 elide the structure check.
389 But this approach fails when that object frequently has new properties added to it. This would
390 change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
391 we'd have to recompile either the IC or an entire code block.
393 This change introduces a new concept: an object property condition. This value describes some
394 condition involving a property on some object. There are four kinds: presence, absence,
395 absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
396 object has some property at some offset with some attributes. This allows us to implement a new kind
397 of watchpoint, which knows about the object property condition that it's being used to enforce. If
398 the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
399 on the new structure.
401 Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
402 and prototype accesses. They are also used for any DFG accesses to object constants, including
403 global property accesses.
405 Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
406 neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
407 chain situation. It's also a small speed-up on getter-richards.
410 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
411 * JavaScriptCore.xcodeproj/project.pbxproj:
412 * bytecode/CodeBlock.cpp:
413 (JSC::CodeBlock::printGetByIdCacheStatus):
414 (JSC::CodeBlock::printPutByIdCacheStatus):
415 * bytecode/CodeBlockJettisoningWatchpoint.cpp:
416 (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
417 * bytecode/ComplexGetStatus.cpp:
418 (JSC::ComplexGetStatus::computeFor):
419 * bytecode/ComplexGetStatus.h:
420 (JSC::ComplexGetStatus::ComplexGetStatus):
421 (JSC::ComplexGetStatus::takesSlowPath):
422 (JSC::ComplexGetStatus::kind):
423 (JSC::ComplexGetStatus::offset):
424 (JSC::ComplexGetStatus::conditionSet):
425 (JSC::ComplexGetStatus::attributes): Deleted.
426 (JSC::ComplexGetStatus::specificValue): Deleted.
427 (JSC::ComplexGetStatus::chain): Deleted.
428 * bytecode/ConstantStructureCheck.cpp: Removed.
429 * bytecode/ConstantStructureCheck.h: Removed.
430 * bytecode/GetByIdStatus.cpp:
431 (JSC::GetByIdStatus::computeForStubInfo):
432 * bytecode/GetByIdVariant.cpp:
433 (JSC::GetByIdVariant::GetByIdVariant):
434 (JSC::GetByIdVariant::~GetByIdVariant):
435 (JSC::GetByIdVariant::operator=):
436 (JSC::GetByIdVariant::attemptToMerge):
437 (JSC::GetByIdVariant::dumpInContext):
438 (JSC::GetByIdVariant::baseStructure): Deleted.
439 * bytecode/GetByIdVariant.h:
440 (JSC::GetByIdVariant::operator!):
441 (JSC::GetByIdVariant::structureSet):
442 (JSC::GetByIdVariant::conditionSet):
443 (JSC::GetByIdVariant::offset):
444 (JSC::GetByIdVariant::callLinkStatus):
445 (JSC::GetByIdVariant::constantChecks): Deleted.
446 (JSC::GetByIdVariant::alternateBase): Deleted.
447 * bytecode/ObjectPropertyCondition.cpp: Added.
448 (JSC::ObjectPropertyCondition::dumpInContext):
449 (JSC::ObjectPropertyCondition::dump):
450 (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
451 (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
452 (JSC::ObjectPropertyCondition::isStillValid):
453 (JSC::ObjectPropertyCondition::structureEnsuresValidity):
454 (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
455 (JSC::ObjectPropertyCondition::isWatchable):
456 (JSC::ObjectPropertyCondition::isStillLive):
457 (JSC::ObjectPropertyCondition::validateReferences):
458 (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
459 * bytecode/ObjectPropertyCondition.h: Added.
460 (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
461 (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
462 (JSC::ObjectPropertyCondition::presence):
463 (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
464 (JSC::ObjectPropertyCondition::absence):
465 (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
466 (JSC::ObjectPropertyCondition::absenceOfSetter):
467 (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
468 (JSC::ObjectPropertyCondition::equivalence):
469 (JSC::ObjectPropertyCondition::operator!):
470 (JSC::ObjectPropertyCondition::object):
471 (JSC::ObjectPropertyCondition::condition):
472 (JSC::ObjectPropertyCondition::kind):
473 (JSC::ObjectPropertyCondition::uid):
474 (JSC::ObjectPropertyCondition::hasOffset):
475 (JSC::ObjectPropertyCondition::offset):
476 (JSC::ObjectPropertyCondition::hasAttributes):
477 (JSC::ObjectPropertyCondition::attributes):
478 (JSC::ObjectPropertyCondition::hasPrototype):
479 (JSC::ObjectPropertyCondition::prototype):
480 (JSC::ObjectPropertyCondition::hasRequiredValue):
481 (JSC::ObjectPropertyCondition::requiredValue):
482 (JSC::ObjectPropertyCondition::hash):
483 (JSC::ObjectPropertyCondition::operator==):
484 (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
485 (JSC::ObjectPropertyCondition::isCompatibleWith):
486 (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
487 (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
488 (JSC::ObjectPropertyCondition::isValidValueForPresence):
489 (JSC::ObjectPropertyConditionHash::hash):
490 (JSC::ObjectPropertyConditionHash::equal):
491 * bytecode/ObjectPropertyConditionSet.cpp: Added.
492 (JSC::ObjectPropertyConditionSet::forObject):
493 (JSC::ObjectPropertyConditionSet::forConditionKind):
494 (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
495 (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
496 (JSC::ObjectPropertyConditionSet::slotBaseCondition):
497 (JSC::ObjectPropertyConditionSet::mergedWith):
498 (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
499 (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
500 (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
501 (JSC::ObjectPropertyConditionSet::areStillLive):
502 (JSC::ObjectPropertyConditionSet::dumpInContext):
503 (JSC::ObjectPropertyConditionSet::dump):
504 (JSC::generateConditionsForPropertyMiss):
505 (JSC::generateConditionsForPropertySetterMiss):
506 (JSC::generateConditionsForPrototypePropertyHit):
507 (JSC::generateConditionsForPrototypePropertyHitCustom):
508 (JSC::generateConditionsForPropertySetterMissConcurrently):
509 * bytecode/ObjectPropertyConditionSet.h: Added.
510 (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
511 (JSC::ObjectPropertyConditionSet::invalid):
512 (JSC::ObjectPropertyConditionSet::nonEmpty):
513 (JSC::ObjectPropertyConditionSet::isValid):
514 (JSC::ObjectPropertyConditionSet::isEmpty):
515 (JSC::ObjectPropertyConditionSet::begin):
516 (JSC::ObjectPropertyConditionSet::end):
517 (JSC::ObjectPropertyConditionSet::releaseRawPointer):
518 (JSC::ObjectPropertyConditionSet::adoptRawPointer):
519 (JSC::ObjectPropertyConditionSet::fromRawPointer):
520 (JSC::ObjectPropertyConditionSet::Data::Data):
521 * bytecode/PolymorphicGetByIdList.cpp:
522 (JSC::GetByIdAccess::GetByIdAccess):
523 (JSC::GetByIdAccess::~GetByIdAccess):
524 (JSC::GetByIdAccess::visitWeak):
525 * bytecode/PolymorphicGetByIdList.h:
526 (JSC::GetByIdAccess::GetByIdAccess):
527 (JSC::GetByIdAccess::structure):
528 (JSC::GetByIdAccess::conditionSet):
529 (JSC::GetByIdAccess::stubRoutine):
530 (JSC::GetByIdAccess::chain): Deleted.
531 (JSC::GetByIdAccess::chainCount): Deleted.
532 * bytecode/PolymorphicPutByIdList.cpp:
533 (JSC::PutByIdAccess::fromStructureStubInfo):
534 (JSC::PutByIdAccess::visitWeak):
535 * bytecode/PolymorphicPutByIdList.h:
536 (JSC::PutByIdAccess::PutByIdAccess):
537 (JSC::PutByIdAccess::transition):
538 (JSC::PutByIdAccess::setter):
539 (JSC::PutByIdAccess::newStructure):
540 (JSC::PutByIdAccess::conditionSet):
541 (JSC::PutByIdAccess::stubRoutine):
542 (JSC::PutByIdAccess::chain): Deleted.
543 (JSC::PutByIdAccess::chainCount): Deleted.
544 * bytecode/PropertyCondition.cpp: Added.
545 (JSC::PropertyCondition::dumpInContext):
546 (JSC::PropertyCondition::dump):
547 (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
548 (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
549 (JSC::PropertyCondition::isStillValid):
550 (JSC::PropertyCondition::isWatchableWhenValid):
551 (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
552 (JSC::PropertyCondition::isWatchable):
553 (JSC::PropertyCondition::isStillLive):
554 (JSC::PropertyCondition::validateReferences):
555 (JSC::PropertyCondition::isValidValueForAttributes):
556 (JSC::PropertyCondition::isValidValueForPresence):
557 (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
558 (WTF::printInternal):
559 * bytecode/PropertyCondition.h: Added.
560 (JSC::PropertyCondition::PropertyCondition):
561 (JSC::PropertyCondition::presenceWithoutBarrier):
562 (JSC::PropertyCondition::presence):
563 (JSC::PropertyCondition::absenceWithoutBarrier):
564 (JSC::PropertyCondition::absence):
565 (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
566 (JSC::PropertyCondition::absenceOfSetter):
567 (JSC::PropertyCondition::equivalenceWithoutBarrier):
568 (JSC::PropertyCondition::equivalence):
569 (JSC::PropertyCondition::operator!):
570 (JSC::PropertyCondition::kind):
571 (JSC::PropertyCondition::uid):
572 (JSC::PropertyCondition::hasOffset):
573 (JSC::PropertyCondition::offset):
574 (JSC::PropertyCondition::hasAttributes):
575 (JSC::PropertyCondition::attributes):
576 (JSC::PropertyCondition::hasPrototype):
577 (JSC::PropertyCondition::prototype):
578 (JSC::PropertyCondition::hasRequiredValue):
579 (JSC::PropertyCondition::requiredValue):
580 (JSC::PropertyCondition::hash):
581 (JSC::PropertyCondition::operator==):
582 (JSC::PropertyCondition::isHashTableDeletedValue):
583 (JSC::PropertyCondition::isCompatibleWith):
584 (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
585 (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
586 (JSC::PropertyConditionHash::hash):
587 (JSC::PropertyConditionHash::equal):
588 * bytecode/PutByIdStatus.cpp:
589 (JSC::PutByIdStatus::computeFromLLInt):
590 (JSC::PutByIdStatus::computeFor):
591 (JSC::PutByIdStatus::computeForStubInfo):
592 * bytecode/PutByIdVariant.cpp:
593 (JSC::PutByIdVariant::operator=):
594 (JSC::PutByIdVariant::transition):
595 (JSC::PutByIdVariant::setter):
596 (JSC::PutByIdVariant::makesCalls):
597 (JSC::PutByIdVariant::attemptToMerge):
598 (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
599 (JSC::PutByIdVariant::dumpInContext):
600 (JSC::PutByIdVariant::baseStructure): Deleted.
601 * bytecode/PutByIdVariant.h:
602 (JSC::PutByIdVariant::PutByIdVariant):
603 (JSC::PutByIdVariant::kind):
604 (JSC::PutByIdVariant::structure):
605 (JSC::PutByIdVariant::structureSet):
606 (JSC::PutByIdVariant::oldStructure):
607 (JSC::PutByIdVariant::conditionSet):
608 (JSC::PutByIdVariant::offset):
609 (JSC::PutByIdVariant::callLinkStatus):
610 (JSC::PutByIdVariant::constantChecks): Deleted.
611 (JSC::PutByIdVariant::alternateBase): Deleted.
612 * bytecode/StructureStubClearingWatchpoint.cpp:
613 (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
614 (JSC::StructureStubClearingWatchpoint::push):
615 (JSC::StructureStubClearingWatchpoint::fireInternal):
616 (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
617 (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
618 (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
619 * bytecode/StructureStubClearingWatchpoint.h:
620 (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
621 (JSC::WatchpointsOnStructureStubInfo::codeBlock):
622 (JSC::WatchpointsOnStructureStubInfo::stubInfo):
623 * bytecode/StructureStubInfo.cpp:
624 (JSC::StructureStubInfo::deref):
625 (JSC::StructureStubInfo::visitWeakReferences):
626 * bytecode/StructureStubInfo.h:
627 (JSC::StructureStubInfo::initPutByIdTransition):
628 (JSC::StructureStubInfo::initPutByIdReplace):
629 (JSC::StructureStubInfo::setSeen):
630 (JSC::StructureStubInfo::addWatchpoint):
631 * dfg/DFGAbstractInterpreterInlines.h:
632 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
633 * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
634 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
635 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
636 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
637 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
638 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
639 * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
640 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
641 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
642 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
643 * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
644 (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
645 (JSC::DFG::AdaptiveStructureWatchpoint::install):
646 (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
647 * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
648 (JSC::DFG::AdaptiveStructureWatchpoint::key):
649 * dfg/DFGByteCodeParser.cpp:
650 (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
651 (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
652 (JSC::DFG::ByteCodeParser::handleGetByOffset):
653 (JSC::DFG::ByteCodeParser::handlePutByOffset):
654 (JSC::DFG::ByteCodeParser::check):
655 (JSC::DFG::ByteCodeParser::promoteToConstant):
656 (JSC::DFG::ByteCodeParser::planLoad):
657 (JSC::DFG::ByteCodeParser::load):
658 (JSC::DFG::ByteCodeParser::presenceLike):
659 (JSC::DFG::ByteCodeParser::checkPresenceLike):
660 (JSC::DFG::ByteCodeParser::store):
661 (JSC::DFG::ByteCodeParser::handleGetById):
662 (JSC::DFG::ByteCodeParser::handlePutById):
663 (JSC::DFG::ByteCodeParser::parseBlock):
664 (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
665 * dfg/DFGCommonData.cpp:
666 (JSC::DFG::CommonData::validateReferences):
667 * dfg/DFGCommonData.h:
668 * dfg/DFGConstantFoldingPhase.cpp:
669 (JSC::DFG::ConstantFoldingPhase::foldConstants):
670 (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
671 (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
672 (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
673 (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
674 * dfg/DFGDesiredWatchpoints.cpp:
675 (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
676 (JSC::DFG::InferredValueAdaptor::add):
677 (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
678 (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
679 (JSC::DFG::DesiredWatchpoints::addLazily):
680 (JSC::DFG::DesiredWatchpoints::consider):
681 (JSC::DFG::DesiredWatchpoints::reallyAdd):
682 (JSC::DFG::DesiredWatchpoints::areStillValid):
683 (JSC::DFG::DesiredWatchpoints::dumpInContext):
684 * dfg/DFGDesiredWatchpoints.h:
685 (JSC::DFG::SetPointerAdaptor::add):
686 (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
687 (JSC::DFG::SetPointerAdaptor::dumpInContext):
688 (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
689 (JSC::DFG::InferredValueAdaptor::dumpInContext):
690 (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
691 (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
692 (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
693 (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
694 (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
695 (JSC::DFG::GenericDesiredWatchpoints::isWatched):
696 (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
697 (JSC::DFG::DesiredWatchpoints::isWatched):
698 (JSC::DFG::GenericSetAdaptor::add): Deleted.
699 (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
700 * dfg/DFGDesiredWeakReferences.cpp:
701 (JSC::DFG::DesiredWeakReferences::addLazily):
702 (JSC::DFG::DesiredWeakReferences::contains):
703 * dfg/DFGDesiredWeakReferences.h:
705 (JSC::DFG::Graph::dump):
706 (JSC::DFG::Graph::clearFlagsOnAllNodes):
707 (JSC::DFG::Graph::watchCondition):
708 (JSC::DFG::Graph::isSafeToLoad):
709 (JSC::DFG::Graph::livenessFor):
710 (JSC::DFG::Graph::tryGetConstantProperty):
711 (JSC::DFG::Graph::visitChildren):
713 (JSC::DFG::Graph::identifiers):
714 (JSC::DFG::Graph::watchpoints):
715 * dfg/DFGMultiGetByOffsetData.cpp: Added.
716 (JSC::DFG::GetByOffsetMethod::dumpInContext):
717 (JSC::DFG::GetByOffsetMethod::dump):
718 (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
719 (JSC::DFG::MultiGetByOffsetCase::dump):
720 (WTF::printInternal):
721 * dfg/DFGMultiGetByOffsetData.h: Added.
722 (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
723 (JSC::DFG::GetByOffsetMethod::constant):
724 (JSC::DFG::GetByOffsetMethod::load):
725 (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
726 (JSC::DFG::GetByOffsetMethod::operator!):
727 (JSC::DFG::GetByOffsetMethod::kind):
728 (JSC::DFG::GetByOffsetMethod::prototype):
729 (JSC::DFG::GetByOffsetMethod::offset):
730 (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
731 (JSC::DFG::MultiGetByOffsetCase::set):
732 (JSC::DFG::MultiGetByOffsetCase::method):
734 * dfg/DFGSafeToExecute.h:
735 (JSC::DFG::safeToExecute):
736 * dfg/DFGStructureRegistrationPhase.cpp:
737 (JSC::DFG::StructureRegistrationPhase::run):
738 * ftl/FTLLowerDFGToLLVM.cpp:
739 (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
741 (JSC::repatchByIdSelfAccess):
742 (JSC::checkObjectPropertyCondition):
743 (JSC::checkObjectPropertyConditions):
744 (JSC::replaceWithJump):
745 (JSC::generateByIdStub):
746 (JSC::actionForCell):
747 (JSC::tryBuildGetByIDList):
748 (JSC::emitPutReplaceStub):
749 (JSC::emitPutTransitionStub):
750 (JSC::tryCachePutByID):
751 (JSC::tryBuildPutByIdList):
753 (JSC::addStructureTransitionCheck): Deleted.
754 (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
755 * runtime/IntendedStructureChain.cpp: Removed.
756 * runtime/IntendedStructureChain.h: Removed.
757 * runtime/JSCJSValue.h:
758 * runtime/JSObject.cpp:
759 (JSC::throwTypeError):
760 (JSC::JSObject::convertToDictionary):
761 (JSC::JSObject::shiftButterflyAfterFlattening):
762 * runtime/JSObject.h:
763 (JSC::JSObject::flattenDictionaryObject):
764 (JSC::JSObject::convertToDictionary): Deleted.
765 * runtime/Operations.h:
766 (JSC::normalizePrototypeChain):
767 (JSC::normalizePrototypeChainForChainAccess): Deleted.
768 (JSC::isPrototypeChainNormalized): Deleted.
769 * runtime/PropertySlot.h:
770 (JSC::PropertySlot::PropertySlot):
771 (JSC::PropertySlot::slotBase):
772 * runtime/Structure.cpp:
773 (JSC::Structure::addPropertyTransition):
774 (JSC::Structure::attributeChangeTransition):
775 (JSC::Structure::toDictionaryTransition):
776 (JSC::Structure::toCacheableDictionaryTransition):
777 (JSC::Structure::toUncacheableDictionaryTransition):
778 (JSC::Structure::ensurePropertyReplacementWatchpointSet):
779 (JSC::Structure::startWatchingPropertyForReplacements):
780 (JSC::Structure::didCachePropertyReplacement):
781 (JSC::Structure::dump):
782 * runtime/Structure.h:
784 * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
788 * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
790 * tests/stress/replacement-watchpoint-dictionary.js: Added.
792 * tests/stress/replacement-watchpoint.js: Added.
794 * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
796 * tests/stress/undefined-access-then-proto-change.js: Added.
799 2015-08-03 Yusuke Suzuki <utatane.tea@gmail.com>
801 JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
802 https://bugs.webkit.org/show_bug.cgi?id=147538
804 Reviewed by Geoffrey Garen.
806 Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
807 As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
808 This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
810 * parser/ParserTokens.h:
811 * tests/stress/arrow-function-token-is-not-keyword.js: Added.
814 2015-08-03 Keith Miller <keith_miller@apple.com>
816 Clean up the naming for AST expression generation.
817 https://bugs.webkit.org/show_bug.cgi?id=147581
819 Reviewed by Yusuke Suzuki.
821 * parser/ASTBuilder.h:
822 (JSC::ASTBuilder::createThisExpr):
823 (JSC::ASTBuilder::createSuperExpr):
824 (JSC::ASTBuilder::createNewTargetExpr):
825 (JSC::ASTBuilder::thisExpr): Deleted.
826 (JSC::ASTBuilder::superExpr): Deleted.
827 (JSC::ASTBuilder::newTargetExpr): Deleted.
829 (JSC::Parser<LexerType>::parsePrimaryExpression):
830 (JSC::Parser<LexerType>::parseMemberExpression):
831 * parser/SyntaxChecker.h:
832 (JSC::SyntaxChecker::createThisExpr):
833 (JSC::SyntaxChecker::createSuperExpr):
834 (JSC::SyntaxChecker::createNewTargetExpr):
835 (JSC::SyntaxChecker::thisExpr): Deleted.
836 (JSC::SyntaxChecker::superExpr): Deleted.
837 (JSC::SyntaxChecker::newTargetExpr): Deleted.
839 2015-08-03 Yusuke Suzuki <utatane.tea@gmail.com>
841 Don't set up the callsite to operationGetByValDefault when the optimization is already done
842 https://bugs.webkit.org/show_bug.cgi?id=147577
844 Reviewed by Filip Pizlo.
846 operationGetByValDefault should be called only when the IC is not set.
847 operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
848 operationGetByValDefault raises the assertion failure.
849 In this patch, we change the callsite setting up code in operationGetByValString when
850 the IC is already set. And to make the operation's meaning explicitly, we changed the
851 name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
854 * jit/JITOperations.cpp:
855 * jit/JITOperations.h:
856 * jit/JITPropertyAccess.cpp:
857 (JSC::JIT::emitSlow_op_get_by_val):
858 * jit/JITPropertyAccess32_64.cpp:
859 (JSC::JIT::emitSlow_op_get_by_val):
860 * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
863 2015-08-03 Csaba Osztrogonác <ossy@webkit.org>
865 [FTL] Remove unused scripts related to native call inlining
866 https://bugs.webkit.org/show_bug.cgi?id=147448
868 Reviewed by Filip Pizlo.
870 * build-symbol-table-index.py: Removed.
871 * copy-llvm-ir-to-derived-sources.sh: Removed.
872 * create-llvm-ir-from-source-file.py: Removed.
873 * create-symbol-table-index.py: Removed.
875 2015-08-02 Benjamin Poulain <bpoulain@apple.com>
877 Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
878 https://bugs.webkit.org/show_bug.cgi?id=118455
880 Reviewed by Filip Pizlo.
882 LivenessAnalysisPhase lights up like a christmas tree in profiles.
884 This patch cuts its cost by 4.
885 About half of the gains come from removing many rehash() when copying
887 The last quarter is achieved by having a special add() function for initializing
890 This makes benchmarks progress by 1-2% here and there. Nothing massive.
892 * dfg/DFGLivenessAnalysisPhase.cpp:
893 (JSC::DFG::LivenessAnalysisPhase::process):
894 The m_live HashSet is only useful per block. When we are done with it,
895 we can transfer it to liveAtHead to avoid a copy.
897 2015-08-01 Saam barati <saambarati1@gmail.com>
899 Unreviewed. Remove unintentional "print" statement in test case.
900 https://bugs.webkit.org/show_bug.cgi?id=142567
902 * tests/stress/class-syntax-definition-semantics.js:
903 (shouldBeSyntaxError):
905 2015-07-31 Alex Christensen <achristensen@webkit.org>
908 https://bugs.webkit.org/show_bug.cgi?id=146579
910 Reviewed by Jon Honeycutt.
913 Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
915 2015-07-31 Saam barati <saambarati1@gmail.com>
917 ES6 class syntax should use block scoping
918 https://bugs.webkit.org/show_bug.cgi?id=142567
920 Reviewed by Geoffrey Garen.
922 We treat class declarations like we do "let" declarations.
923 The class name is under TDZ until the class declaration
924 statement is evaluated. Class declarations also follow
925 the same rules as "let": No duplicate definitions inside
926 a lexical environment.
928 * parser/ASTBuilder.h:
929 (JSC::ASTBuilder::createClassDeclStatement):
931 (JSC::Parser<LexerType>::parseClassDeclaration):
932 * tests/stress/class-syntax-block-scoping.js: Added.
936 * tests/stress/class-syntax-definition-semantics.js: Added.
937 (shouldBeSyntaxError):
938 (shouldNotBeSyntaxError):
940 * tests/stress/class-syntax-tdz.js:
946 2015-07-31 Sukolsak Sakshuwong <sukolsak@gmail.com>
948 Implement WebAssembly module parser
949 https://bugs.webkit.org/show_bug.cgi?id=147293
951 Reviewed by Mark Lam.
953 Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
954 include file: 'JSWASMModule.h'" issue on Windows.
956 Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
957 <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
958 the magic number at the beginning of the files. Parsing of the rest will be
959 implemented in a subsequent patch.
962 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
963 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
964 * JavaScriptCore.xcodeproj/project.pbxproj:
966 (GlobalObject::finishCreation):
967 (functionLoadWebAssembly):
968 * parser/SourceProvider.h:
969 (JSC::WebAssemblySourceProvider::create):
970 (JSC::WebAssemblySourceProvider::data):
971 (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
972 * runtime/JSGlobalObject.cpp:
973 (JSC::JSGlobalObject::init):
974 (JSC::JSGlobalObject::visitChildren):
975 * runtime/JSGlobalObject.h:
976 (JSC::JSGlobalObject::wasmModuleStructure):
977 * wasm/WASMMagicNumber.h: Added.
978 * wasm/WASMModuleParser.cpp: Added.
979 (JSC::WASMModuleParser::WASMModuleParser):
980 (JSC::WASMModuleParser::parse):
981 (JSC::WASMModuleParser::parseModule):
982 (JSC::parseWebAssembly):
983 * wasm/WASMModuleParser.h: Added.
984 * wasm/WASMReader.cpp: Added.
985 (JSC::WASMReader::readUnsignedInt32):
986 (JSC::WASMReader::readFloat):
987 (JSC::WASMReader::readDouble):
988 * wasm/WASMReader.h: Added.
989 (JSC::WASMReader::WASMReader):
991 2015-07-30 Sukolsak Sakshuwong <sukolsak@gmail.com>
993 Add the "wasm" directory to the Additional Include Directories for jsc.exe
994 https://bugs.webkit.org/show_bug.cgi?id=147443
996 Reviewed by Mark Lam.
998 This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
999 Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
1001 * JavaScriptCore.vcxproj/jsc/jscCommon.props:
1003 2015-07-30 Chris Dumez <cdumez@apple.com>
1005 Mark more classes as fast allocated
1006 https://bugs.webkit.org/show_bug.cgi?id=147440
1008 Reviewed by Sam Weinig.
1010 Mark more classes as fast allocated for performance. We heap-allocate
1011 objects of those types throughout the code base.
1013 * API/JSCallbackObject.h:
1014 * API/ObjCCallbackFunction.mm:
1015 * bytecode/BytecodeKills.h:
1016 * bytecode/BytecodeLivenessAnalysis.h:
1017 * bytecode/CallLinkStatus.h:
1018 * bytecode/FullBytecodeLiveness.h:
1019 * bytecode/SamplingTool.h:
1020 * bytecompiler/BytecodeGenerator.h:
1021 * dfg/DFGBasicBlock.h:
1022 * dfg/DFGBlockMap.h:
1023 * dfg/DFGInPlaceAbstractState.h:
1024 * dfg/DFGThreadData.h:
1025 * heap/HeapVerifier.h:
1026 * heap/SlotVisitor.h:
1028 * runtime/ControlFlowProfiler.h:
1029 * runtime/TypeProfiler.h:
1030 * runtime/TypeProfilerLog.h:
1031 * runtime/Watchdog.h:
1033 2015-07-29 Filip Pizlo <fpizlo@apple.com>
1035 DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
1036 https://bugs.webkit.org/show_bug.cgi?id=147433
1037 rdar://problem/21668986
1039 Reviewed by Mark Lam.
1041 Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments. But
1042 currently that's not what it does - it emits a SetArgument for every argument that a varargs
1043 call may pass. Each SetArgument gets turned into a GetStack. This means that if
1044 ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
1045 get passed or used, we get degenerate IR where we have a GetStack of something that didn't
1048 This fixes the bug by removing the code to optimize away PutStacks in
1049 ArgumentsEliminationPhase.
1051 * dfg/DFGArgumentsEliminationPhase.cpp:
1052 * tests/stress/varargs-inlining-underflow.js: Added.
1057 2015-07-29 Andy VanWagoner <thetalecrafter@gmail.com>
1059 Implement basic types for ECMAScript Internationalization API
1060 https://bugs.webkit.org/show_bug.cgi?id=146926
1062 Reviewed by Benjamin Poulain.
1064 Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
1065 http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
1067 * CMakeLists.txt: Added new Intl files.
1068 * Configurations/FeatureDefines.xcconfig: Enable INTL.
1069 * DerivedSources.make: Added Intl files.
1070 * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
1071 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
1072 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
1073 * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
1074 * runtime/DateConstructor.cpp: Made Date.now public.
1075 * runtime/DateConstructor.h: Made Date.now public.
1076 * runtime/IntlCollator.cpp: Added.
1077 (JSC::IntlCollator::create):
1078 (JSC::IntlCollator::createStructure):
1079 (JSC::IntlCollator::IntlCollator):
1080 (JSC::IntlCollator::finishCreation):
1081 (JSC::IntlCollator::destroy):
1082 (JSC::IntlCollator::visitChildren):
1083 (JSC::IntlCollator::setBoundCompare):
1084 (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
1085 * runtime/IntlCollator.h: Added.
1086 (JSC::IntlCollator::constructor):
1087 (JSC::IntlCollator::boundCompare):
1088 * runtime/IntlCollatorConstructor.cpp: Added.
1089 (JSC::IntlCollatorConstructor::create):
1090 (JSC::IntlCollatorConstructor::createStructure):
1091 (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
1092 (JSC::IntlCollatorConstructor::finishCreation):
1093 (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
1094 (JSC::callIntlCollator): Added Collator constructor (10.1.2).
1095 (JSC::IntlCollatorConstructor::getConstructData):
1096 (JSC::IntlCollatorConstructor::getCallData):
1097 (JSC::IntlCollatorConstructor::getOwnPropertySlot):
1098 (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1099 (JSC::IntlCollatorConstructor::visitChildren):
1100 * runtime/IntlCollatorConstructor.h: Added.
1101 (JSC::IntlCollatorConstructor::collatorStructure):
1102 * runtime/IntlCollatorPrototype.cpp: Added.
1103 (JSC::IntlCollatorPrototype::create):
1104 (JSC::IntlCollatorPrototype::createStructure):
1105 (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
1106 (JSC::IntlCollatorPrototype::finishCreation):
1107 (JSC::IntlCollatorPrototype::getOwnPropertySlot):
1108 (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
1109 (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1110 * runtime/IntlCollatorPrototype.h: Added.
1111 * runtime/IntlDateTimeFormat.cpp: Added.
1112 (JSC::IntlDateTimeFormat::create):
1113 (JSC::IntlDateTimeFormat::createStructure):
1114 (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
1115 (JSC::IntlDateTimeFormat::finishCreation):
1116 (JSC::IntlDateTimeFormat::destroy):
1117 (JSC::IntlDateTimeFormat::visitChildren):
1118 (JSC::IntlDateTimeFormat::setBoundFormat):
1119 (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
1120 * runtime/IntlDateTimeFormat.h: Added.
1121 (JSC::IntlDateTimeFormat::constructor):
1122 (JSC::IntlDateTimeFormat::boundFormat):
1123 * runtime/IntlDateTimeFormatConstructor.cpp: Added.
1124 (JSC::IntlDateTimeFormatConstructor::create):
1125 (JSC::IntlDateTimeFormatConstructor::createStructure):
1126 (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
1127 (JSC::IntlDateTimeFormatConstructor::finishCreation):
1128 (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
1129 (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
1130 (JSC::IntlDateTimeFormatConstructor::getConstructData):
1131 (JSC::IntlDateTimeFormatConstructor::getCallData):
1132 (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
1133 (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1134 (JSC::IntlDateTimeFormatConstructor::visitChildren):
1135 * runtime/IntlDateTimeFormatConstructor.h: Added.
1136 (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
1137 * runtime/IntlDateTimeFormatPrototype.cpp: Added.
1138 (JSC::IntlDateTimeFormatPrototype::create):
1139 (JSC::IntlDateTimeFormatPrototype::createStructure):
1140 (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
1141 (JSC::IntlDateTimeFormatPrototype::finishCreation):
1142 (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
1143 (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
1144 (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1145 * runtime/IntlDateTimeFormatPrototype.h: Added.
1146 * runtime/IntlNumberFormat.cpp: Added.
1147 (JSC::IntlNumberFormat::create):
1148 (JSC::IntlNumberFormat::createStructure):
1149 (JSC::IntlNumberFormat::IntlNumberFormat):
1150 (JSC::IntlNumberFormat::finishCreation):
1151 (JSC::IntlNumberFormat::destroy):
1152 (JSC::IntlNumberFormat::visitChildren):
1153 (JSC::IntlNumberFormat::setBoundFormat):
1154 (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
1155 * runtime/IntlNumberFormat.h: Added.
1156 (JSC::IntlNumberFormat::constructor):
1157 (JSC::IntlNumberFormat::boundFormat):
1158 * runtime/IntlNumberFormatConstructor.cpp: Added.
1159 (JSC::IntlNumberFormatConstructor::create):
1160 (JSC::IntlNumberFormatConstructor::createStructure):
1161 (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
1162 (JSC::IntlNumberFormatConstructor::finishCreation):
1163 (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
1164 (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
1165 (JSC::IntlNumberFormatConstructor::getConstructData):
1166 (JSC::IntlNumberFormatConstructor::getCallData):
1167 (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
1168 (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1169 (JSC::IntlNumberFormatConstructor::visitChildren):
1170 * runtime/IntlNumberFormatConstructor.h: Added.
1171 (JSC::IntlNumberFormatConstructor::numberFormatStructure):
1172 * runtime/IntlNumberFormatPrototype.cpp: Added.
1173 (JSC::IntlNumberFormatPrototype::create):
1174 (JSC::IntlNumberFormatPrototype::createStructure):
1175 (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
1176 (JSC::IntlNumberFormatPrototype::finishCreation):
1177 (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
1178 (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
1179 (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1180 * runtime/IntlNumberFormatPrototype.h: Added.
1181 * runtime/IntlObject.cpp:
1182 (JSC::IntlObject::create):
1183 (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
1184 (JSC::IntlObject::visitChildren):
1185 * runtime/IntlObject.h:
1186 (JSC::IntlObject::collatorConstructor):
1187 (JSC::IntlObject::collatorPrototype):
1188 (JSC::IntlObject::collatorStructure):
1189 (JSC::IntlObject::numberFormatConstructor):
1190 (JSC::IntlObject::numberFormatPrototype):
1191 (JSC::IntlObject::numberFormatStructure):
1192 (JSC::IntlObject::dateTimeFormatConstructor):
1193 (JSC::IntlObject::dateTimeFormatPrototype):
1194 (JSC::IntlObject::dateTimeFormatStructure):
1195 * runtime/JSGlobalObject.cpp:
1196 (JSC::JSGlobalObject::init):
1198 2015-07-29 Commit Queue <commit-queue@webkit.org>
1200 Unreviewed, rolling out r187550.
1201 https://bugs.webkit.org/show_bug.cgi?id=147420
1203 Broke Windows build (again) (Requested by smfr on #webkit).
1207 "Implement WebAssembly module parser"
1208 https://bugs.webkit.org/show_bug.cgi?id=147293
1209 http://trac.webkit.org/changeset/187550
1211 2015-07-29 Basile Clement <basile_clement@apple.com>
1213 Remove native call inlining
1214 https://bugs.webkit.org/show_bug.cgi?id=147417
1216 Rubber Stamped by Filip Pizlo.
1219 * dfg/DFGAbstractInterpreterInlines.h:
1220 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1221 * dfg/DFGByteCodeParser.cpp:
1222 (JSC::DFG::ByteCodeParser::handleCall): Deleted.
1223 * dfg/DFGClobberize.h:
1224 (JSC::DFG::clobberize): Deleted.
1225 * dfg/DFGDoesGC.cpp:
1226 (JSC::DFG::doesGC): Deleted.
1227 * dfg/DFGFixupPhase.cpp:
1228 (JSC::DFG::FixupPhase::fixupNode): Deleted.
1230 (JSC::DFG::Node::hasHeapPrediction): Deleted.
1231 (JSC::DFG::Node::hasCellOperand): Deleted.
1232 * dfg/DFGNodeType.h:
1233 * dfg/DFGPredictionPropagationPhase.cpp:
1234 (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1235 * dfg/DFGSafeToExecute.h:
1236 (JSC::DFG::safeToExecute): Deleted.
1237 * dfg/DFGSpeculativeJIT32_64.cpp:
1238 (JSC::DFG::SpeculativeJIT::compile): Deleted.
1239 * dfg/DFGSpeculativeJIT64.cpp:
1240 (JSC::DFG::SpeculativeJIT::compile): Deleted.
1241 * ftl/FTLCapabilities.cpp:
1242 (JSC::FTL::canCompile): Deleted.
1243 * ftl/FTLLowerDFGToLLVM.cpp:
1244 (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
1245 (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1246 (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
1247 (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
1248 (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
1249 (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
1251 (JSC::FTL::State::State): Deleted.
1253 * runtime/BundlePath.cpp: Removed.
1254 (JSC::bundlePath): Deleted.
1255 * runtime/JSDataViewPrototype.cpp:
1258 * runtime/Options.h:
1260 2015-07-29 Basile Clement <basile_clement@apple.com>
1262 Unreviewed, skipping a test that is too complex for its own good
1263 https://bugs.webkit.org/show_bug.cgi?id=147167
1265 * tests/stress/math-pow-coherency.js:
1267 2015-07-29 Sukolsak Sakshuwong <sukolsak@gmail.com>
1269 Implement WebAssembly module parser
1270 https://bugs.webkit.org/show_bug.cgi?id=147293
1272 Reviewed by Mark Lam.
1274 Reupload the patch, since r187539 should fix the "Cannot open include file:
1275 'JSWASMModule.h'" issue in the Windows build.
1278 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1279 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1280 * JavaScriptCore.xcodeproj/project.pbxproj:
1282 (GlobalObject::finishCreation):
1283 (functionLoadWebAssembly):
1284 * parser/SourceProvider.h:
1285 (JSC::WebAssemblySourceProvider::create):
1286 (JSC::WebAssemblySourceProvider::data):
1287 (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
1288 * runtime/JSGlobalObject.cpp:
1289 (JSC::JSGlobalObject::init):
1290 (JSC::JSGlobalObject::visitChildren):
1291 * runtime/JSGlobalObject.h:
1292 (JSC::JSGlobalObject::wasmModuleStructure):
1293 * wasm/WASMMagicNumber.h: Added.
1294 * wasm/WASMModuleParser.cpp: Added.
1295 (JSC::WASMModuleParser::WASMModuleParser):
1296 (JSC::WASMModuleParser::parse):
1297 (JSC::WASMModuleParser::parseModule):
1298 (JSC::parseWebAssembly):
1299 * wasm/WASMModuleParser.h: Added.
1300 * wasm/WASMReader.cpp: Added.
1301 (JSC::WASMReader::readUnsignedInt32):
1302 (JSC::WASMReader::readFloat):
1303 (JSC::WASMReader::readDouble):
1304 * wasm/WASMReader.h: Added.
1305 (JSC::WASMReader::WASMReader):
1307 2015-07-29 Basile Clement <basile_clement@apple.com>
1309 Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
1310 https://bugs.webkit.org/show_bug.cgi?id=147167
1312 * tests/stress/math-pow-coherency.js:
1314 2015-07-28 Sukolsak Sakshuwong <sukolsak@gmail.com>
1316 Add the "wasm" directory to Visual Studio project files
1317 https://bugs.webkit.org/show_bug.cgi?id=147400
1319 Reviewed by Simon Fraser.
1321 This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
1322 in the Windows build.
1324 * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1325 * JavaScriptCore.vcxproj/copy-files.cmd:
1327 2015-07-28 Commit Queue <commit-queue@webkit.org>
1329 Unreviewed, rolling out r187531.
1330 https://bugs.webkit.org/show_bug.cgi?id=147397
1332 Broke Windows bild (Requested by smfr on #webkit).
1336 "Implement WebAssembly module parser"
1337 https://bugs.webkit.org/show_bug.cgi?id=147293
1338 http://trac.webkit.org/changeset/187531
1340 2015-07-28 Benjamin Poulain <bpoulain@apple.com>
1342 Speed up the Stringifier::toJSON() fast case
1343 https://bugs.webkit.org/show_bug.cgi?id=147383
1345 Reviewed by Andreas Kling.
1347 * runtime/JSONObject.cpp:
1348 (JSC::Stringifier::toJSON):
1349 (JSC::Stringifier::toJSONImpl):
1351 2015-07-28 Sukolsak Sakshuwong <sukolsak@gmail.com>
1353 Implement WebAssembly module parser
1354 https://bugs.webkit.org/show_bug.cgi?id=147293
1356 Reviewed by Geoffrey Garen.
1358 Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
1359 <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
1360 the magic number at the beginning of the files. Parsing of the rest will be
1361 implemented in a subsequent patch.
1364 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1365 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1366 * JavaScriptCore.xcodeproj/project.pbxproj:
1368 (GlobalObject::finishCreation):
1369 (functionLoadWebAssembly):
1370 * parser/SourceProvider.h:
1371 (JSC::WebAssemblySourceProvider::create):
1372 (JSC::WebAssemblySourceProvider::data):
1373 (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
1374 * runtime/JSGlobalObject.cpp:
1375 (JSC::JSGlobalObject::init):
1376 (JSC::JSGlobalObject::visitChildren):
1377 * runtime/JSGlobalObject.h:
1378 (JSC::JSGlobalObject::wasmModuleStructure):
1379 * wasm/WASMMagicNumber.h: Added.
1380 * wasm/WASMModuleParser.cpp: Added.
1381 (JSC::WASMModuleParser::WASMModuleParser):
1382 (JSC::WASMModuleParser::parse):
1383 (JSC::WASMModuleParser::parseModule):
1384 (JSC::parseWebAssembly):
1385 * wasm/WASMModuleParser.h: Added.
1386 * wasm/WASMReader.cpp: Added.
1387 (JSC::WASMReader::readUnsignedInt32):
1388 (JSC::WASMReader::readFloat):
1389 (JSC::WASMReader::readDouble):
1390 * wasm/WASMReader.h: Added.
1391 (JSC::WASMReader::WASMReader):
1393 2015-07-28 Yusuke Suzuki <utatane.tea@gmail.com>
1395 [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
1396 https://bugs.webkit.org/show_bug.cgi?id=147350
1398 Reviewed by Sam Weinig.
1400 * Configurations/FeatureDefines.xcconfig:
1402 2015-07-28 Saam barati <saambarati1@gmail.com>
1404 Make the type profiler work with lexical scoping and add tests
1405 https://bugs.webkit.org/show_bug.cgi?id=145438
1407 Reviewed by Geoffrey Garen.
1409 op_profile_type now knows how to resolve variables allocated within
1410 the local scope stack. This means it knows how to resolve "let"
1411 and "const" variables. Also, some refactoring was done inside
1412 the BytecodeGenerator to make writing code to support the type
1413 profiler much simpler and clearer.
1415 * bytecode/CodeBlock.cpp:
1416 (JSC::CodeBlock::CodeBlock):
1417 * bytecode/CodeBlock.h:
1418 (JSC::CodeBlock::symbolTable): Deleted.
1419 * bytecode/UnlinkedCodeBlock.h:
1420 (JSC::UnlinkedCodeBlock::addExceptionHandler):
1421 (JSC::UnlinkedCodeBlock::exceptionHandler):
1422 (JSC::UnlinkedCodeBlock::vm):
1423 (JSC::UnlinkedCodeBlock::addArrayProfile):
1424 (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
1425 (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
1426 * bytecompiler/BytecodeGenerator.cpp:
1427 (JSC::BytecodeGenerator::BytecodeGenerator):
1428 (JSC::BytecodeGenerator::emitMove):
1429 (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
1430 (JSC::BytecodeGenerator::emitProfileType):
1431 (JSC::BytecodeGenerator::emitProfileControlFlow):
1432 (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1433 * bytecompiler/BytecodeGenerator.h:
1434 (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
1435 * bytecompiler/NodesCodegen.cpp:
1436 (JSC::ThisNode::emitBytecode):
1437 (JSC::ResolveNode::emitBytecode):
1438 (JSC::BracketAccessorNode::emitBytecode):
1439 (JSC::DotAccessorNode::emitBytecode):
1440 (JSC::FunctionCallValueNode::emitBytecode):
1441 (JSC::FunctionCallResolveNode::emitBytecode):
1442 (JSC::FunctionCallBracketNode::emitBytecode):
1443 (JSC::FunctionCallDotNode::emitBytecode):
1444 (JSC::CallFunctionCallDotNode::emitBytecode):
1445 (JSC::ApplyFunctionCallDotNode::emitBytecode):
1446 (JSC::PostfixNode::emitResolve):
1447 (JSC::PostfixNode::emitBracket):
1448 (JSC::PostfixNode::emitDot):
1449 (JSC::PrefixNode::emitResolve):
1450 (JSC::PrefixNode::emitBracket):
1451 (JSC::PrefixNode::emitDot):
1452 (JSC::ReadModifyResolveNode::emitBytecode):
1453 (JSC::AssignResolveNode::emitBytecode):
1454 (JSC::AssignDotNode::emitBytecode):
1455 (JSC::ReadModifyDotNode::emitBytecode):
1456 (JSC::AssignBracketNode::emitBytecode):
1457 (JSC::ReadModifyBracketNode::emitBytecode):
1458 (JSC::EmptyVarExpression::emitBytecode):
1459 (JSC::EmptyLetExpression::emitBytecode):
1460 (JSC::ForInNode::emitLoopHeader):
1461 (JSC::ForOfNode::emitBytecode):
1462 (JSC::ReturnNode::emitBytecode):
1463 (JSC::FunctionNode::emitBytecode):
1464 (JSC::BindingNode::bindValue):
1465 * dfg/DFGSpeculativeJIT32_64.cpp:
1466 (JSC::DFG::SpeculativeJIT::compile):
1467 * dfg/DFGSpeculativeJIT64.cpp:
1468 (JSC::DFG::SpeculativeJIT::compile):
1469 * jit/JITOpcodes.cpp:
1470 (JSC::JIT::emit_op_profile_type):
1471 * jit/JITOpcodes32_64.cpp:
1472 (JSC::JIT::emit_op_profile_type):
1473 * llint/LowLevelInterpreter32_64.asm:
1474 * llint/LowLevelInterpreter64.asm:
1475 * tests/typeProfiler/es6-block-scoping.js: Added.
1478 (wrapper.changeFoo):
1482 * tests/typeProfiler/es6-classes.js: Added.
1485 (wrapper.Animal.prototype.methodA):
1487 (wrapper.Dog.prototype.methodB):
1490 2015-07-28 Saam barati <saambarati1@gmail.com>
1492 Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
1493 https://bugs.webkit.org/show_bug.cgi?id=146979
1495 Reviewed by Geoffrey Garen.
1497 Now that BytecodeGenerator has a notion of local scope depth,
1498 we can easily implement a catch scope that doesn't claim that
1499 all variables are dynamically scoped. This means that functions
1500 that use try/catch can have local variable resolution. This also
1501 means that all functions that use try/catch don't have all
1502 their variables marked as being captured.
1504 Catch scopes now behave like a "let" scope (sans the TDZ logic) with a
1505 single variable. Catch scopes are now just JSLexicalEnvironments and the
1506 symbol table backing the catch scope knows that it corresponds to a catch scope.
1509 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1510 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1511 * JavaScriptCore.xcodeproj/project.pbxproj:
1512 * bytecode/CodeBlock.cpp:
1513 (JSC::CodeBlock::dumpBytecode):
1514 * bytecode/EvalCodeCache.h:
1515 (JSC::EvalCodeCache::isCacheable):
1516 * bytecompiler/BytecodeGenerator.cpp:
1517 (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1518 (JSC::BytecodeGenerator::emitLoadGlobalObject):
1519 (JSC::BytecodeGenerator::pushLexicalScope):
1520 (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1521 (JSC::BytecodeGenerator::popLexicalScope):
1522 (JSC::BytecodeGenerator::popLexicalScopeInternal):
1523 (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1524 (JSC::BytecodeGenerator::variable):
1525 (JSC::BytecodeGenerator::resolveType):
1526 (JSC::BytecodeGenerator::emitResolveScope):
1527 (JSC::BytecodeGenerator::emitPopScope):
1528 (JSC::BytecodeGenerator::emitPopWithScope):
1529 (JSC::BytecodeGenerator::emitDebugHook):
1530 (JSC::BytecodeGenerator::popScopedControlFlowContext):
1531 (JSC::BytecodeGenerator::emitPushCatchScope):
1532 (JSC::BytecodeGenerator::emitPopCatchScope):
1533 (JSC::BytecodeGenerator::beginSwitch):
1534 (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
1535 * bytecompiler/BytecodeGenerator.h:
1536 (JSC::BytecodeGenerator::lastOpcodeID):
1537 * bytecompiler/NodesCodegen.cpp:
1538 (JSC::AssignResolveNode::emitBytecode):
1539 (JSC::WithNode::emitBytecode):
1540 (JSC::TryNode::emitBytecode):
1541 * debugger/DebuggerScope.cpp:
1542 (JSC::DebuggerScope::isCatchScope):
1543 (JSC::DebuggerScope::isFunctionNameScope):
1544 (JSC::DebuggerScope::isFunctionOrEvalScope):
1545 (JSC::DebuggerScope::caughtValue):
1546 * debugger/DebuggerScope.h:
1547 * inspector/ScriptDebugServer.cpp:
1548 (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
1549 * interpreter/Interpreter.cpp:
1550 (JSC::Interpreter::execute):
1551 * jit/JITOpcodes.cpp:
1552 (JSC::JIT::emit_op_push_name_scope):
1553 * jit/JITOpcodes32_64.cpp:
1554 (JSC::JIT::emit_op_push_name_scope):
1555 * jit/JITOperations.cpp:
1556 * jit/JITOperations.h:
1557 * parser/ASTBuilder.h:
1558 (JSC::ASTBuilder::createContinueStatement):
1559 (JSC::ASTBuilder::createTryStatement):
1560 * parser/NodeConstructors.h:
1561 (JSC::ThrowNode::ThrowNode):
1562 (JSC::TryNode::TryNode):
1563 (JSC::FunctionParameters::FunctionParameters):
1565 * parser/Parser.cpp:
1566 (JSC::Parser<LexerType>::parseTryStatement):
1567 * parser/SyntaxChecker.h:
1568 (JSC::SyntaxChecker::createBreakStatement):
1569 (JSC::SyntaxChecker::createContinueStatement):
1570 (JSC::SyntaxChecker::createTryStatement):
1571 (JSC::SyntaxChecker::createSwitchStatement):
1572 (JSC::SyntaxChecker::createWhileStatement):
1573 (JSC::SyntaxChecker::createWithStatement):
1574 * runtime/JSCatchScope.cpp:
1575 * runtime/JSCatchScope.h:
1576 (JSC::JSCatchScope::JSCatchScope): Deleted.
1577 (JSC::JSCatchScope::create): Deleted.
1578 (JSC::JSCatchScope::createStructure): Deleted.
1579 * runtime/JSFunctionNameScope.h:
1580 (JSC::JSFunctionNameScope::JSFunctionNameScope):
1581 * runtime/JSGlobalObject.cpp:
1582 (JSC::JSGlobalObject::init):
1583 (JSC::JSGlobalObject::visitChildren):
1584 * runtime/JSGlobalObject.h:
1585 (JSC::JSGlobalObject::withScopeStructure):
1586 (JSC::JSGlobalObject::strictEvalActivationStructure):
1587 (JSC::JSGlobalObject::activationStructure):
1588 (JSC::JSGlobalObject::functionNameScopeStructure):
1589 (JSC::JSGlobalObject::directArgumentsStructure):
1590 (JSC::JSGlobalObject::scopedArgumentsStructure):
1591 (JSC::JSGlobalObject::catchScopeStructure): Deleted.
1592 * runtime/JSNameScope.cpp:
1593 (JSC::JSNameScope::create):
1594 (JSC::JSNameScope::toThis):
1595 * runtime/JSNameScope.h:
1596 * runtime/JSObject.cpp:
1597 (JSC::JSObject::toThis):
1598 (JSC::JSObject::isFunctionNameScopeObject):
1599 (JSC::JSObject::isCatchScopeObject): Deleted.
1600 * runtime/JSObject.h:
1601 * runtime/JSScope.cpp:
1602 (JSC::JSScope::collectVariablesUnderTDZ):
1603 (JSC::JSScope::isLexicalScope):
1604 (JSC::JSScope::isCatchScope):
1605 (JSC::resolveModeName):
1606 * runtime/JSScope.h:
1607 * runtime/SymbolTable.cpp:
1608 (JSC::SymbolTable::SymbolTable):
1609 (JSC::SymbolTable::cloneScopePart):
1610 * runtime/SymbolTable.h:
1611 * tests/stress/const-semantics.js:
1614 2015-07-28 Filip Pizlo <fpizlo@apple.com>
1616 DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
1617 https://bugs.webkit.org/show_bug.cgi?id=147373
1619 Reviewed by Mark Lam.
1621 The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
1622 safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
1623 safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
1625 When converting a GetByVal to GetStack, there are three possibilities:
1627 1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
1628 know to have stored to the stack. For example, if we inline a function that does
1629 "arguments[42]" at a call that passes no arguments.
1631 2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
1632 can happen for "arguments[42]" with no inline call frame (since we don't know statically
1633 how many arguments we will be passed) or in a varargs call frame.
1635 3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
1636 happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
1637 frame, and we know that the caller passed 42 or more arguments.
1639 The way the phase handles this is it first determines that we're not in case (1). This is
1640 called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
1641 frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
1642 is in-bounds (i.e. case (3)).
1644 But the phase was again doing a check for whether the index is in-bounds for non-varargs
1645 inline call frames even when safeToGetStack was true. That check is redundant and should be
1646 eliminated, since it makes the code confusing.
1648 * dfg/DFGArgumentsEliminationPhase.cpp:
1650 2015-07-28 Filip Pizlo <fpizlo@apple.com>
1652 DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
1653 https://bugs.webkit.org/show_bug.cgi?id=147371
1655 Reviewed by Mark Lam.
1659 - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
1660 using ConflictingFlush for arguments.
1662 - Assert that a GetStack never sees ConflictingFlush.
1664 * dfg/DFGPutStackSinkingPhase.cpp:
1666 2015-07-28 Basile Clement <basile_clement@apple.com>
1668 Misleading error message: "At least one digit must occur after a decimal point"
1669 https://bugs.webkit.org/show_bug.cgi?id=146238
1671 Reviewed by Geoffrey Garen.
1673 Interestingly, we had a comment explaining what this error message was
1674 about that is much clearer than the error message itself. This patch
1675 simply replaces the error message with the explanation from the
1679 (JSC::Lexer<T>::lex):
1681 2015-07-28 Basile Clement <basile_clement@apple.com>
1683 Simplify call linking
1684 https://bugs.webkit.org/show_bug.cgi?id=147363
1686 Reviewed by Filip Pizlo.
1688 Previously, we were passing both the CallLinkInfo and a
1689 (CodeSpecializationKind, RegisterPreservationMode) pair to the
1690 different call linking slow paths. However, the CallLinkInfo already
1691 has all of that information, and we don't gain anything by having them
1692 in additional static parameters - except possibly a very small
1693 performance gain in presence of inlining. However since those are
1694 already slow paths, this performance loss (if it exists) will not be
1695 visible in practice.
1697 This patch removes the various specialized thunks and JIT operations
1698 for regular and polymorphic call linking with a single thunk and
1699 operation for each case. Moreover, it removes the four specialized
1700 virtual call thunks and operations with one virtual call thunk for each
1701 call link info, allowing for better branch prediction by the CPU and
1702 fixing a pre-existing FIXME.
1704 * bytecode/CallLinkInfo.cpp:
1705 (JSC::CallLinkInfo::unlink):
1706 (JSC::CallLinkInfo::dummy): Deleted.
1707 * bytecode/CallLinkInfo.h:
1708 (JSC::CallLinkInfo::CallLinkInfo):
1709 (JSC::CallLinkInfo::registerPreservationMode):
1710 (JSC::CallLinkInfo::setUpCallFromFTL):
1711 (JSC::CallLinkInfo::setSlowStub):
1712 (JSC::CallLinkInfo::clearSlowStub):
1713 (JSC::CallLinkInfo::slowStub):
1714 * dfg/DFGDriver.cpp:
1715 (JSC::DFG::compileImpl):
1716 * dfg/DFGJITCompiler.cpp:
1717 (JSC::DFG::JITCompiler::link):
1718 * ftl/FTLJSCallBase.cpp:
1719 (JSC::FTL::JSCallBase::link):
1721 (JSC::JIT::compileCallEvalSlowCase):
1722 (JSC::JIT::compileOpCall):
1723 (JSC::JIT::compileOpCallSlowCase):
1724 * jit/JITCall32_64.cpp:
1725 (JSC::JIT::compileCallEvalSlowCase):
1726 (JSC::JIT::compileOpCall):
1727 (JSC::JIT::compileOpCallSlowCase):
1728 * jit/JITOperations.cpp:
1729 * jit/JITOperations.h:
1730 (JSC::operationLinkFor): Deleted.
1731 (JSC::operationVirtualFor): Deleted.
1732 (JSC::operationLinkPolymorphicCallFor): Deleted.
1734 (JSC::generateByIdStub):
1739 (JSC::linkVirtualFor):
1740 (JSC::linkPolymorphicCall):
1742 * jit/ThunkGenerators.cpp:
1743 (JSC::linkCallThunkGenerator):
1744 (JSC::linkPolymorphicCallThunkGenerator):
1745 (JSC::virtualThunkFor):
1746 (JSC::linkForThunkGenerator): Deleted.
1747 (JSC::linkConstructThunkGenerator): Deleted.
1748 (JSC::linkCallThatPreservesRegsThunkGenerator): Deleted.
1749 (JSC::linkConstructThatPreservesRegsThunkGenerator): Deleted.
1750 (JSC::linkPolymorphicCallForThunkGenerator): Deleted.
1751 (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator): Deleted.
1752 (JSC::virtualForThunkGenerator): Deleted.
1753 (JSC::virtualCallThunkGenerator): Deleted.
1754 (JSC::virtualConstructThunkGenerator): Deleted.
1755 (JSC::virtualCallThatPreservesRegsThunkGenerator): Deleted.
1756 (JSC::virtualConstructThatPreservesRegsThunkGenerator): Deleted.
1757 * jit/ThunkGenerators.h:
1758 (JSC::linkThunkGeneratorFor): Deleted.
1759 (JSC::linkPolymorphicCallThunkGeneratorFor): Deleted.
1760 (JSC::virtualThunkGeneratorFor): Deleted.
1762 2015-07-28 Basile Clement <basile_clement@apple.com>
1764 stress/math-pow-with-constants.js fails in cloop
1765 https://bugs.webkit.org/show_bug.cgi?id=147167
1767 Reviewed by Geoffrey Garen.
1769 Baseline JIT, DFG and FTL are using a fast exponentiation fast path
1770 when computing Math.pow() with an integer exponent that is not taken in
1771 the LLInt (or the DFG abstract interpreter). This leads to the result
1772 of pow changing depending on the compilation tier or the fact that
1773 constant propagation kicks in, which is undesirable.
1775 This patch adds the fast path to the slow operationMathPow in order to
1776 maintain an illusion of consistency.
1778 * runtime/MathCommon.cpp:
1779 (JSC::operationMathPow):
1780 * tests/stress/math-pow-coherency.js: Added.
1782 (build42AsDouble.opaqueAdd):
1786 (pow42NoConstantFolding):
1787 (powDouble42NoConstantFolding):
1789 2015-07-28 Joseph Pecoraro <pecoraro@apple.com>
1791 Web Inspector: Show Pseudo Elements in DOM Tree
1792 https://bugs.webkit.org/show_bug.cgi?id=139612
1794 Reviewed by Timothy Hatcher.
1796 * inspector/protocol/DOM.json:
1797 Add new properties to DOMNode if it is a pseudo element or if it has
1798 pseudo element children. Add new events for if a pseudo element is
1799 added or removed dynamically to an existing DOMNode.
1801 2015-07-27 Filip Pizlo <fpizlo@apple.com>
1803 Add logging when executable code gets deallocated
1804 https://bugs.webkit.org/show_bug.cgi?id=147355
1806 Reviewed by Mark Lam.
1808 * ftl/FTLJITCode.cpp:
1809 (JSC::FTL::JITCode::~JITCode): Print something when this is freed.
1811 (JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef): Print something when this is freed.
1813 2015-07-27 Filip Pizlo <fpizlo@apple.com>
1815 DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
1816 https://bugs.webkit.org/show_bug.cgi?id=147354
1818 Reviewed by Michael Saboff.
1820 If m_structure.isClobbered(), it means that we had a side effect that clobbered
1821 the abstract value but it may recover back to its original value at the next
1822 invalidation point. Since the invalidation point hasn't been reached yet, we need
1823 to conservatively treat the clobbered state as if it was top. At the invalidation
1824 point, the clobbered set will return back to being unclobbered.
1826 In addition to fixing the bug, this introduces isInfinite(), which should be used
1827 in places where it's tempting to just use isTop().
1829 * dfg/DFGSafeToExecute.h:
1830 (JSC::DFG::safeToExecute): Fix the bug.
1831 * dfg/DFGStructureAbstractValue.cpp:
1832 (JSC::DFG::StructureAbstractValue::contains): Switch to using isInfinite().
1833 (JSC::DFG::StructureAbstractValue::isSubsetOf): Switch to using isInfinite().
1834 (JSC::DFG::StructureAbstractValue::isSupersetOf): Switch to using isInfinite().
1835 (JSC::DFG::StructureAbstractValue::overlaps): Switch to using isInfinite().
1836 * dfg/DFGStructureAbstractValue.h:
1837 (JSC::DFG::StructureAbstractValue::isFinite): New convenience method.
1838 (JSC::DFG::StructureAbstractValue::isInfinite): New convenience method.
1839 (JSC::DFG::StructureAbstractValue::onlyStructure): Switch to using isInfinite().
1841 2015-07-27 Yusuke Suzuki <utatane.tea@gmail.com>
1843 [ES6] Implement Reflect.enumerate
1844 https://bugs.webkit.org/show_bug.cgi?id=147347
1846 Reviewed by Sam Weinig.
1848 This patch implements Reflect.enumerate.
1849 It returns the iterator that iterates the enumerable keys of the given object.
1850 It follows the for-in's enumeration order.
1852 To implement it, we write down the same logic to the for-in's enumeration code in C++.
1855 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1856 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1857 * JavaScriptCore.xcodeproj/project.pbxproj:
1858 * runtime/JSGlobalObject.cpp:
1859 (JSC::JSGlobalObject::init):
1860 (JSC::JSGlobalObject::visitChildren):
1861 * runtime/JSGlobalObject.h:
1862 (JSC::JSGlobalObject::propertyNameIteratorStructure):
1863 * runtime/JSPropertyNameIterator.cpp: Added.
1864 (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1865 (JSC::JSPropertyNameIterator::clone):
1866 (JSC::JSPropertyNameIterator::create):
1867 (JSC::JSPropertyNameIterator::finishCreation):
1868 (JSC::JSPropertyNameIterator::visitChildren):
1869 (JSC::JSPropertyNameIterator::next):
1870 (JSC::propertyNameIteratorFuncNext):
1871 * runtime/JSPropertyNameIterator.h: Added.
1872 (JSC::JSPropertyNameIterator::createStructure):
1873 * runtime/ReflectObject.cpp:
1874 (JSC::reflectObjectEnumerate):
1875 * tests/stress/reflect-enumerate.js: Added.
1879 2015-07-27 Yusuke Suzuki <utatane.tea@gmail.com>
1881 [ES6] Implement Reflect.preventExtensions
1882 https://bugs.webkit.org/show_bug.cgi?id=147331
1884 Reviewed by Sam Weinig.
1886 Implement Reflect.preventExtensions.
1887 This is different from Object.preventExensions.
1889 1. When preventExtensions is called onto the non-object, it raises the TypeError.
1890 2. Reflect.preventExtensions does not raise the TypeError when the preventExtensions operation is failed.
1892 For the (2) case, since there is no Proxy implementation currently, Reflect.preventExtensions always succeed.
1894 * runtime/ReflectObject.cpp:
1895 (JSC::reflectObjectPreventExtensions):
1896 * tests/stress/reflect-prevent-extensions.js: Added.
1900 2015-07-27 Alex Christensen <achristensen@webkit.org>
1902 Use Ninja on Windows.
1903 https://bugs.webkit.org/show_bug.cgi?id=147228
1905 Reviewed by Martin Robinson.
1908 Set the working directory when generating LowLevelInterpreterWin.asm to put LowLevelInterpreterWin.asm.sym in the right place.
1910 2015-07-27 Yusuke Suzuki <utatane.tea@gmail.com>
1912 SparseValueMap check is skipped when the butterfly's vectorLength is larger than the access-requested index
1913 https://bugs.webkit.org/show_bug.cgi?id=147265
1915 Reviewed by Geoffrey Garen.
1917 JSObject's vector holds the indexed values and we leverage it to represent stored values and holes.
1918 By checking that the given index is in-bound of the vector's length, we can look up the property fast.
1919 And for the sparse array, we have also the separated SparseValueMap to hold the pairs.
1920 And we need to take care that the length of the vector should not overlap the indices stored in the SparseValueMap.
1922 The vector only holds the pure JS values to avoid additional checking for accessors when looking up the value
1923 from the vector. To achieve this, we also store the accessors (and attributed properties) to SparseValueMap
1924 even the index is less than MIN_SPARSE_ARRAY_INDEX.
1926 As a result, if the length of the vector overlaps the indices of the accessors stored in the SparseValueMap,
1927 we accidentally skip the phase looking up from the SparseValueMap. Instead, we just load from the vector and
1928 if the loaded value is an array hole, we decide the given object does not have the value for the given index.
1930 This patch fixes the problem.
1931 When defining the attributed value that index is smaller than the length of the vector, we throw away the vector
1932 and change the object to DictionaryIndexingMode. Since we can assume that indexed accessors rarely exist in
1933 practice, we expect this does not hurt the performance while keeping the fast property access system without
1934 checking the sparse map.
1936 * runtime/JSObject.cpp:
1937 (JSC::JSObject::putDirectIndexBeyondVectorLength):
1938 * tests/stress/sparse-map-non-overlapping.js: Added.
1942 * tests/stress/sparse-map-non-skip-getter-overriding.js: Added.
1946 * tests/stress/sparse-map-non-skip.js: Added.
1952 2015-07-27 Saam barati <saambarati1@gmail.com>
1954 Reduce execution time for "let" and "const" tests
1955 https://bugs.webkit.org/show_bug.cgi?id=147291
1957 Reviewed by Geoffrey Garen.
1959 We don't need to loop so many times for things that will not make it
1960 into the DFG. Also, we can loop a lot less for almost all the tests
1961 because they're mostly testing the bytecode generator.
1963 * tests/stress/const-and-with-statement.js:
1964 * tests/stress/const-exception-handling.js:
1965 * tests/stress/const-loop-semantics.js:
1966 * tests/stress/const-not-strict-mode.js:
1967 * tests/stress/const-semantics.js:
1968 * tests/stress/const-tdz.js:
1969 * tests/stress/lexical-let-and-with-statement.js:
1970 * tests/stress/lexical-let-exception-handling.js:
1972 * tests/stress/lexical-let-loop-semantics.js:
1976 * tests/stress/lexical-let-not-strict-mode.js:
1977 * tests/stress/lexical-let-semantics.js:
1979 * tests/stress/lexical-let-tdz.js:
1983 2015-07-26 Yusuke Suzuki <utatane.tea@gmail.com>
1985 Rename PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols
1986 https://bugs.webkit.org/show_bug.cgi?id=147311
1988 Reviewed by Sam Weinig.
1990 To make the meaning clear in the user side (PropertyNameArray array(exec, PropertyNameMode::StringsAndSymbols)),
1991 this patch renames PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols.
1993 * bytecode/ObjectAllocationProfile.h:
1994 (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
1995 * runtime/EnumerationMode.h:
1996 * runtime/ObjectConstructor.cpp:
1997 (JSC::ownEnumerablePropertyKeys):
1998 (JSC::defineProperties):
1999 (JSC::objectConstructorSeal):
2000 (JSC::objectConstructorFreeze):
2001 (JSC::objectConstructorIsSealed):
2002 (JSC::objectConstructorIsFrozen):
2003 (JSC::ownPropertyKeys):
2004 * runtime/ReflectObject.cpp:
2005 (JSC::reflectObjectOwnKeys):
2007 2015-07-27 Saam barati <saambarati1@gmail.com>
2009 Added a comment explaining that all "addVar()"s should happen before
2010 emitting bytecode for a function's default parameter expressions
2012 Rubber Stamped by Mark Lam.
2014 * bytecompiler/BytecodeGenerator.cpp:
2015 (JSC::BytecodeGenerator::BytecodeGenerator):
2017 2015-07-26 Sam Weinig <sam@webkit.org>
2019 Add missing builtin files to the JavaScriptCore Xcode project
2020 https://bugs.webkit.org/show_bug.cgi?id=147312
2022 Reviewed by Darin Adler.
2024 * JavaScriptCore.xcodeproj/project.pbxproj:
2027 2015-07-26 Yusuke Suzuki <utatane.tea@gmail.com>
2029 [ES6] Implement Reflect.isExtensible
2030 https://bugs.webkit.org/show_bug.cgi?id=147308
2032 Reviewed by Sam Weinig.
2034 This patch implements Reflect.isExtensible.
2035 It is similar to Object.isExtensible.
2036 The difference is that it raises an error if the first argument is not an object.
2038 * runtime/ReflectObject.cpp:
2039 (JSC::reflectObjectIsExtensible):
2040 * tests/stress/reflect-is-extensible.js: Added.
2044 2015-07-26 Yusuke Suzuki <utatane.tea@gmail.com>
2046 Unreviewed, fix the debug build due to touching the non-declared variable in ASSERT
2047 https://bugs.webkit.org/show_bug.cgi?id=147307
2049 * runtime/ObjectConstructor.cpp:
2050 (JSC::ownPropertyKeys):
2052 2015-07-25 Yusuke Suzuki <utatane.tea@gmail.com>
2054 [ES6] Implement Reflect.ownKeys
2055 https://bugs.webkit.org/show_bug.cgi?id=147307
2057 Reviewed by Sam Weinig.
2059 This patch implements Reflect.ownKeys.
2060 In this patch, we refactor the existing code to list up own keys in the object.
2061 Such code is used by Object.getOwnPropertyNames, Object.getOwnPropertyKeys, Object.keys and @ownEnumerableKeys.
2062 We factor out the listing up own keys as ownPropertyKeys function and also use it in Reflect.ownKeys.
2064 * runtime/ObjectConstructor.cpp:
2065 (JSC::objectConstructorGetOwnPropertyNames):
2066 (JSC::objectConstructorGetOwnPropertySymbols):
2067 (JSC::objectConstructorKeys):
2068 (JSC::ownEnumerablePropertyKeys):
2069 (JSC::ownPropertyKeys):
2070 * runtime/ObjectConstructor.h:
2071 * runtime/ReflectObject.cpp:
2072 (JSC::reflectObjectOwnKeys):
2073 * tests/stress/reflect-own-keys.js: Added.
2078 2015-07-26 Yusuke Suzuki <utatane.tea@gmail.com>
2080 [ES6] Implement Reflect.apply
2081 https://bugs.webkit.org/show_bug.cgi?id=147306
2083 Reviewed by Sam Weinig.
2085 Implement Reflect.apply.
2086 The large part of this can be implemented by the @apply builtin annotation.
2087 The only thing which is different from the Funciton.prototype.apply is the third parameter,
2088 "argumentsList" is needed to be an object.
2090 * builtins/ReflectObject.js:
2093 * runtime/ReflectObject.cpp:
2094 * tests/stress/reflect-apply.js: Added.
2099 (get var.array.get length):
2100 (get var.array.get 0):
2102 * tests/stress/reflect-delete-property.js:
2104 2015-07-25 Yusuke Suzuki <utatane.tea@gmail.com>
2106 [ES6] Add Reflect namespace and add Reflect.deleteProperty
2107 https://bugs.webkit.org/show_bug.cgi?id=147287
2109 Reviewed by Sam Weinig.
2111 This patch just creates the namespace for ES6 Reflect APIs.
2112 And add template files to implement the actual code.
2114 Not to keep the JS generated properties C array empty,
2115 we added one small method, Reflect.deleteProperty in this patch.
2118 * DerivedSources.make:
2119 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2120 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2121 * JavaScriptCore.xcodeproj/project.pbxproj:
2122 * builtins/ReflectObject.js: Added.
2124 * runtime/CommonIdentifiers.h:
2125 * runtime/JSGlobalObject.cpp:
2126 (JSC::JSGlobalObject::init):
2127 * runtime/ReflectObject.cpp: Added.
2128 (JSC::ReflectObject::ReflectObject):
2129 (JSC::ReflectObject::finishCreation):
2130 (JSC::ReflectObject::getOwnPropertySlot):
2131 * runtime/ReflectObject.h: Added.
2132 (JSC::ReflectObject::create):
2133 (JSC::ReflectObject::createStructure):
2134 * tests/stress/reflect-delete-property.js: Added.
2138 2015-07-24 Yusuke Suzuki <utatane.tea@gmail.com>
2140 Avoid 2 times name iteration in Object.assign
2141 https://bugs.webkit.org/show_bug.cgi?id=147268
2143 Reviewed by Geoffrey Garen.
2145 Object.assign calls Object.getOwnPropertyNames & Object.getOwnPropertySymbols to collect all the names.
2146 But exposing the private API that collects both at the same time makes the API efficient when the given Object has so many non-indexed properties.
2147 Since Object.assign is so generic API (some form of utility API), the form of the given Object is not expected.
2148 So the taken object may have so many non-indexed properties.
2150 In this patch, we introduce `ownEnumerablePropertyKeys` private function.
2151 It is minor changed version of `[[OwnPropertyKeys]]` in the ES6 spec;
2152 It only includes enumerable properties.
2154 By filtering out the non-enumerable properties in the exposed private function,
2155 we avoid calling @objectGetOwnPropertyDescriptor for each property at the same time.
2157 * builtins/ObjectConstructor.js:
2159 * runtime/CommonIdentifiers.h:
2160 * runtime/EnumerationMode.h:
2161 * runtime/JSGlobalObject.cpp:
2162 (JSC::JSGlobalObject::init):
2163 * runtime/ObjectConstructor.cpp:
2164 (JSC::ownEnumerablePropertyKeys):
2165 * runtime/ObjectConstructor.h:
2166 * tests/stress/object-assign-enumerable.js: Added.
2168 * tests/stress/object-assign-order.js: Added.
2171 2015-07-24 Yusuke Suzuki <utatane.tea@gmail.com>
2173 Remove runtime flags for symbols
2174 https://bugs.webkit.org/show_bug.cgi?id=147246
2176 Reviewed by Alex Christensen.
2178 * runtime/ArrayPrototype.cpp:
2179 (JSC::ArrayPrototype::finishCreation):
2180 * runtime/JSGlobalObject.cpp:
2181 (JSC::JSGlobalObject::init): Deleted.
2182 * runtime/JSGlobalObject.h:
2183 * runtime/ObjectConstructor.cpp:
2184 (JSC::ObjectConstructor::finishCreation):
2185 * runtime/RuntimeFlags.h:
2187 2015-07-24 Yusuke Suzuki <utatane.tea@gmail.com>
2189 Object.getOwnPropertySymbols on large list takes very long
2190 https://bugs.webkit.org/show_bug.cgi?id=146137
2192 Reviewed by Mark Lam.
2194 Before this patch, Object.getOwnPropertySymbols collects all the names including strings.
2195 And after it's done, filter the names to only retrieve the symbols.
2196 But it's so time consuming if the given object is a large non-holed array since it has
2197 many indexed properties and all the indexes have to be converted to uniqued_strings and
2198 added to the collection of property names (though they may not be of the requested type
2199 and will be filtered out later)
2201 This patch introduces PropertyNameMode.
2202 We leverage this mode in 2 places.
2204 1. PropertyNameArray side
2205 It is set in PropertyNameArray and it filters the incoming added identifiers based on the mode.
2206 It ensures that PropertyNameArray doesn't become so large in the pathological case.
2207 And it ensures that non-expected typed keys by the filter (Symbols or Strings) are never added
2208 to the property name array collections.
2209 However it does not solve the whole problem because the huge array still incurs the many
2210 "indexed property to uniqued string" conversion and the large iteration before adding the keys
2211 to the property name array.
2213 2. getOwnPropertyNames side
2214 So we can use the PropertyNameMode in the caller side (getOwnPropertyNames) as a **hint**.
2215 When the large iteration may occur, the caller side can use the PropertyNameMode as a hint to
2216 avoid the iteration.
2217 But we cannot exclusively rely on these caller side checks because it would require that we
2218 exhaustively add the checks to all custom implementations of getOwnPropertyNames as well.
2219 This process requires manual inspection of many pieces of code, and is error prone. Instead,
2220 we only apply the caller side check in a few strategic places where it is known to yield
2221 performance benefits; and we rely on the filter in PropertyNameArray::add() to reject the wrong
2222 types of properties for all other calls to PropertyNameArray::add().
2224 In this patch, there's a concept in use that is not clear just from reading the code, and hence
2225 should be documented here. When selecting the PropertyNameMode for the PropertyNameArray to be
2226 instantiated, we apply the following logic:
2228 1. Only JavaScriptCore code is aware of ES6 Symbols.
2229 We can assume that pre-existing external code that interfaces JSC are only looking for string named properties. This includes:
2231 b. Serializer bindings
2233 d. Objective C bindings
2234 2. In JSC, code that compute object storage space needs to iterate both Symbol and String named properties. Hence, use PropertyNameMode::Both.
2235 3. In JSC, ES6 APIs that work with Symbols should use PropertyNameMode::Symbols.
2236 4. In JSC, ES6 APIs that work with String named properties should use PropertyNameMode::Strings.
2238 * API/JSObjectRef.cpp:
2239 (JSObjectCopyPropertyNames):
2240 * bindings/ScriptValue.cpp:
2241 (Deprecated::jsToInspectorValue):
2242 * bytecode/ObjectAllocationProfile.h:
2243 (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
2244 * runtime/EnumerationMode.h:
2245 (JSC::EnumerationMode::EnumerationMode):
2246 (JSC::EnumerationMode::includeSymbolProperties): Deleted.
2247 * runtime/GenericArgumentsInlines.h:
2248 (JSC::GenericArguments<Type>::getOwnPropertyNames):
2249 * runtime/JSGenericTypedArrayViewInlines.h:
2250 (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertyNames):
2251 * runtime/JSLexicalEnvironment.cpp:
2252 (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
2253 * runtime/JSONObject.cpp:
2254 (JSC::Stringifier::Stringifier):
2255 (JSC::Stringifier::Holder::appendNextProperty):
2256 (JSC::Walker::walk):
2257 * runtime/JSObject.cpp:
2258 (JSC::JSObject::getOwnPropertyNames):
2259 * runtime/JSPropertyNameEnumerator.cpp:
2260 (JSC::JSPropertyNameEnumerator::create):
2261 * runtime/JSPropertyNameEnumerator.h:
2262 (JSC::propertyNameEnumerator):
2263 * runtime/JSSymbolTableObject.cpp:
2264 (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
2265 * runtime/ObjectConstructor.cpp:
2266 (JSC::objectConstructorGetOwnPropertyNames):
2267 (JSC::objectConstructorGetOwnPropertySymbols):
2268 (JSC::objectConstructorKeys):
2269 (JSC::defineProperties):
2270 (JSC::objectConstructorSeal):
2271 (JSC::objectConstructorFreeze):
2272 (JSC::objectConstructorIsSealed):
2273 (JSC::objectConstructorIsFrozen):
2274 * runtime/PropertyNameArray.h:
2275 (JSC::PropertyNameArray::PropertyNameArray):
2276 (JSC::PropertyNameArray::mode):
2277 (JSC::PropertyNameArray::addKnownUnique):
2278 (JSC::PropertyNameArray::add):
2279 (JSC::PropertyNameArray::isUidMatchedToTypeMode):
2280 (JSC::PropertyNameArray::includeSymbolProperties):
2281 (JSC::PropertyNameArray::includeStringProperties):
2282 * runtime/StringObject.cpp:
2283 (JSC::StringObject::getOwnPropertyNames):
2284 * runtime/Structure.cpp:
2285 (JSC::Structure::getPropertyNamesFromStructure):
2287 2015-07-24 Saam barati <saambarati1@gmail.com>
2289 [ES6] Add support for default parameters
2290 https://bugs.webkit.org/show_bug.cgi?id=38409
2292 Reviewed by Filip Pizlo.
2294 This patch implements ES6 default parameters according to the ES6
2295 specification. This patch builds off the components introduced with
2296 "let" scoping and parsing function parameters in the same parser
2297 arena as the function itself. "let" scoping allows functions with default
2298 parameter values to place their parameters under the TDZ. Parsing function
2299 parameters in the same parser arena allows the FunctionParameters AST node
2300 refer to ExpressionNodes.
2302 The most subtle part of this patch is how we allocate lexical environments
2303 when functions have default parameter values. If a function has default
2304 parameter values then there must be a separate lexical environment for
2305 its parameters. Then, the function's "var" lexical environment must have
2306 the parameter lexical environment as its parent. The BytecodeGenerator
2307 takes great care to not allocate the "var" lexical environment before its
2310 The "arguments" object for a function with default parameters will never be
2311 a mapped arugments object. It will always be a cloned arugments object.
2313 * bytecompiler/BytecodeGenerator.cpp:
2314 (JSC::BytecodeGenerator::generate):
2315 (JSC::BytecodeGenerator::BytecodeGenerator):
2316 (JSC::BytecodeGenerator::~BytecodeGenerator):
2317 (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2318 (JSC::BytecodeGenerator::initializeNextParameter):
2319 (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2320 (JSC::BytecodeGenerator::visibleNameForParameter):
2321 (JSC::BytecodeGenerator::emitLoadGlobalObject):
2322 (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2323 (JSC::BytecodeGenerator::pushLexicalScope):
2324 (JSC::BytecodeGenerator::popLexicalScope):
2325 * bytecompiler/BytecodeGenerator.h:
2326 (JSC::BytecodeGenerator::lastOpcodeID):
2327 * bytecompiler/NodesCodegen.cpp:
2328 (JSC::FunctionNode::emitBytecode):
2329 * jit/JITOperations.cpp:
2330 * parser/ASTBuilder.h:
2331 (JSC::ASTBuilder::createElementList):
2332 (JSC::ASTBuilder::createFormalParameterList):
2333 (JSC::ASTBuilder::appendParameter):
2334 (JSC::ASTBuilder::createClause):
2335 (JSC::ASTBuilder::createClauseList):
2337 (JSC::FunctionParameters::size):
2338 (JSC::FunctionParameters::at):
2339 (JSC::FunctionParameters::hasDefaultParameterValues):
2340 (JSC::FunctionParameters::append):
2341 * parser/Parser.cpp:
2342 (JSC::Parser<LexerType>::parseVariableDeclarationList):
2343 (JSC::Parser<LexerType>::createBindingPattern):
2344 (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2345 (JSC::Parser<LexerType>::parseDestructuringPattern):
2346 (JSC::Parser<LexerType>::parseFormalParameters):
2347 (JSC::Parser<LexerType>::parseFunctionParameters):
2349 (JSC::Scope::declareParameter):
2350 * parser/SyntaxChecker.h:
2351 (JSC::SyntaxChecker::createElementList):
2352 (JSC::SyntaxChecker::createFormalParameterList):
2353 (JSC::SyntaxChecker::appendParameter):
2354 (JSC::SyntaxChecker::createClause):
2355 (JSC::SyntaxChecker::createClauseList):
2356 * tests/stress/es6-default-parameters.js: Added.
2359 (shouldThrowSyntaxError):
2362 (basicFunctionCaptureInDefault.basicFunctionCaptureInDefault.basicCaptured):
2363 (basicCaptured.basicCaptured.tricky):
2367 (augmentsArguments1):
2368 (augmentsArguments2):
2369 (augmentsArguments3):
2370 (augmentsArguments4):
2371 (augmentsArguments5):
2373 2015-07-24 Xabier Rodriguez Calvar <calvaris@igalia.com>
2375 Remove JS Promise constructor unused piece of code
2376 https://bugs.webkit.org/show_bug.cgi?id=147262
2378 Reviewed by Geoffrey Garen.
2380 * runtime/JSPromiseConstructor.cpp:
2381 (JSC::constructPromise): Deleted.
2382 * runtime/JSPromiseConstructor.h: Removed JSC::constructPromise.
2384 2015-07-24 Mark Lam <mark.lam@apple.com>
2386 Add WASM files to vcxproj files.
2387 https://bugs.webkit.org/show_bug.cgi?id=147264
2389 Reviewed by Geoffrey Garen.
2391 This is a follow up to http://trac.webkit.org/changeset/187254 where WASM files
2392 were introduced but were not able to be added to the vcxproj files yet.
2394 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2395 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2397 2015-07-23 Filip Pizlo <fpizlo@apple.com>
2399 DFG::safeToExecute() is wrong for MultiGetByOffset, doesn't consider the structures of the prototypes that get loaded from
2400 https://bugs.webkit.org/show_bug.cgi?id=147250
2402 Reviewed by Geoffrey Garen.
2404 This fixes a nasty - but currently benign - bug in DFG::safeToExecute(). That function
2405 will tell you if hoisting a node to some point is safe in the sense that the node will
2406 not crash the VM if it executes at that point. A node may be unsafe to execute if we
2407 cannot prove that at that point, the memory it is loading is not garbage. This is a
2408 necessarily loose notion - for example it's OK to hoist a load if we haven't proved
2409 that the load makes semantic sense at that point, since anyway the place where the node
2410 did get used will still be guarded by any such semantic checks. But because we may also
2411 hoist uses of the load, we need to make sure that it doesn't produce a garbage value.
2412 Also, we need to ensure that the load won't trap. Hence safeToExecute() returns true
2413 anytime we can be sure that a node will not produce a garbage result (i.e. a malformed
2414 JSValue or object pointer) and will not trap when executed at the point in question.
2416 The bug is that this verification isn't performed for the loads from prototypes inside
2417 MultiGetByOffset. DFG::ByteCodeParser will guard MultiGetByOffset with CheckStructure's
2418 on the prototypes. So, hypothetically, you might end up hoisting a MultiGetByOffset
2419 above those structure checks, which would mean that we might load a value from a memory
2420 location without knowing that the location is valid. It might then return the value
2423 This never happens in practice. Those structure checks are more hoistable that the
2424 MultiGetByOffset, since they read a strict subset of the MultiGetByOffset's abstract
2425 heap reads. Also, we hoist in program order. So, those CheckStructure's will always be
2426 hoisted before the MultiGetByOffset gets hoisted.
2428 But we should fix this anyway. DFG::safeToExecute() has a clear definition of what a
2429 "true" return means for IR transformations, and it fails in satisfying that definition
2430 for MultiGetByOffset.
2432 There are various approaches we can use for making this safe. I considered two:
2434 1) Have MultiGetByOffset refer to the prototypes it is loading from in IR, so that we
2435 can check if it's safe to load from them.
2437 2) Turn off MultiGetByOffset hoisting when it will emit loads from prototypes, and the
2438 prototype structure isn't being watched.
2440 I ended up using (2), because it will be the most natural solution once I finish
2441 https://bugs.webkit.org/show_bug.cgi?id=146929. Already now, it's somewhat more natural
2442 than (1) since that requires more extensive IR changes. Also, (2) will give us what we
2443 want in *most* cases: we will usually watch the prototype structure, and we will
2444 usually constant-fold loads from prototypes. Both of these usually-true things would
2445 have to become false for MultiGetByOffset hoisting to be disabled by this change.
2447 This change also adds my attempt at a test, though it's not really a test of this bug.
2448 This bug is currently benign. But, the test does at least trigger the logic to run,
2449 which is better than nothing.
2451 * dfg/DFGSafeToExecute.h:
2452 (JSC::DFG::safeToExecute):
2453 * tests/stress/multi-get-by-offset-hoist-around-structure-check.js: Added.
2456 2015-07-23 Sukolsak Sakshuwong <sukolsak@gmail.com>
2458 Implement WebAssembly modules
2459 https://bugs.webkit.org/show_bug.cgi?id=147222
2461 Reviewed by Filip Pizlo.
2463 Make JSWASMModule inherit from JSDestructibleObject so that the destructor is called.
2465 * wasm/JSWASMModule.h:
2467 2015-07-23 Alex Christensen <achristensen@webkit.org>
2469 Remove compile and runtime flags for promises.
2470 https://bugs.webkit.org/show_bug.cgi?id=147244
2472 Reviewed by Yusuke Suzuki.
2474 * API/JSCallbackObjectFunctions.h:
2475 (JSC::JSCallbackObject<Parent>::JSCallbackObject):
2476 * API/JSContextRef.cpp:
2477 (JSGlobalContextCreateInGroup):
2478 * Configurations/FeatureDefines.xcconfig:
2479 * inspector/JSInjectedScriptHost.cpp:
2480 (Inspector::JSInjectedScriptHost::getInternalProperties):
2481 * runtime/JSGlobalObject.cpp:
2482 (JSC::JSGlobalObject::init):
2483 (JSC::JSGlobalObject::visitChildren):
2484 * runtime/JSGlobalObject.h:
2485 (JSC::JSGlobalObject::create):
2486 (JSC::JSGlobalObject::syntaxErrorConstructor):
2487 (JSC::JSGlobalObject::typeErrorConstructor):
2488 (JSC::JSGlobalObject::URIErrorConstructor):
2489 (JSC::JSGlobalObject::promiseConstructor):
2490 (JSC::JSGlobalObject::nullGetterFunction):
2491 (JSC::JSGlobalObject::nullSetterFunction):
2492 (JSC::JSGlobalObject::applyFunction):
2493 (JSC::JSGlobalObject::definePropertyFunction):
2494 (JSC::JSGlobalObject::arrayProtoValuesFunction):
2495 (JSC::JSGlobalObject::initializePromiseFunction):
2496 (JSC::JSGlobalObject::newPromiseDeferredFunction):
2497 (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
2498 (JSC::JSGlobalObject::regExpPrototype):
2499 (JSC::JSGlobalObject::errorPrototype):
2500 (JSC::JSGlobalObject::iteratorPrototype):
2501 (JSC::JSGlobalObject::promisePrototype):
2502 (JSC::JSGlobalObject::debuggerScopeStructure):
2503 (JSC::JSGlobalObject::withScopeStructure):
2504 (JSC::JSGlobalObject::iteratorResultStructure):
2505 (JSC::JSGlobalObject::iteratorResultStructureOffset):
2506 (JSC::JSGlobalObject::regExpMatchesArrayStructure):
2507 (JSC::JSGlobalObject::promiseStructure):
2508 * runtime/JSPromise.cpp:
2509 (JSC::JSPromise::result):
2510 * runtime/JSPromise.h:
2511 * runtime/JSPromiseConstructor.cpp:
2512 (JSC::constructPromise):
2513 * runtime/JSPromiseConstructor.h:
2514 * runtime/JSPromiseDeferred.cpp:
2515 (JSC::JSPromiseDeferred::visitChildren):
2516 * runtime/JSPromiseDeferred.h:
2517 * runtime/JSPromisePrototype.cpp:
2518 (JSC::JSPromisePrototype::getOwnPropertySlot):
2519 * runtime/JSPromisePrototype.h:
2520 * runtime/RuntimeFlags.h:
2525 2015-07-23 Sukolsak Sakshuwong <sukolsak@gmail.com>
2527 Implement WebAssembly modules
2528 https://bugs.webkit.org/show_bug.cgi?id=147222
2530 Reviewed by Mark Lam.
2532 Introducing the boilerplate data structure for the WebAssembly module.
2533 WebAssembly functionality will be added in a subsequent patch.
2536 * JavaScriptCore.xcodeproj/project.pbxproj:
2537 * wasm/JSWASMModule.cpp: Added.
2538 (JSC::JSWASMModule::visitChildren):
2539 * wasm/JSWASMModule.h: Added.
2540 (JSC::JSWASMModule::create):
2541 (JSC::JSWASMModule::createStructure):
2542 (JSC::JSWASMModule::JSWASMModule):
2544 2015-07-23 Devin Rousso <drousso@apple.com>
2546 Web Inspector: Add a function to CSSCompletions to get a list of supported system fonts
2547 https://bugs.webkit.org/show_bug.cgi?id=147009
2549 Reviewed by Joseph Pecoraro.
2551 * inspector/protocol/CSS.json: Added getSupportedSystemFontFamilyNames function.
2553 2015-07-22 Sukolsak Sakshuwong <sukolsak@gmail.com>
2555 Add ENABLE_WEBASSEMBLY feature flag for WebAssembly
2556 https://bugs.webkit.org/show_bug.cgi?id=147212
2558 Reviewed by Filip Pizlo.
2560 * Configurations/FeatureDefines.xcconfig:
2562 2015-07-22 Filip Pizlo <fpizlo@apple.com>
2564 Simplify DFG::DesiredIdentifiers and make it possible to turn a UniquedStringImpl* into an identifierNumber at any time
2565 https://bugs.webkit.org/show_bug.cgi?id=147218
2567 Reviewed by Sam Weinig.
2569 I want to be able to take a UniquedStringImpl* and turn it into an identifierNumber at
2570 various points in my work on https://bugs.webkit.org/show_bug.cgi?id=146929. Currently,
2571 most Nodes that deal with identifiers use identifierNumbers and you can only create an
2572 identifierNumber in BytecodeGenerator. DFG::ByteCodeParser does sort of have the
2573 ability to create new identifierNumbers when inlining - it takes the inlined code's
2574 identifiers and either gives them new numbers or reuses numbers from the enclosing
2577 This patch takes that basic functionality and puts it in
2578 DFG::DesiredIdentifiers::ensure(). Anyone can call this at any time to turn a
2579 UniquedStringImpl* into an identifierNumber. This data structure is already used by
2580 Plan to properly install any newly created identifier table entries into the CodeBlock.
2582 * dfg/DFGByteCodeParser.cpp:
2583 (JSC::DFG::ByteCodeParser::ByteCodeParser):
2584 (JSC::DFG::ByteCodeParser::noticeArgumentsUse):
2585 (JSC::DFG::ByteCodeParser::linkBlocks):
2586 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2587 (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): Deleted.
2588 * dfg/DFGDesiredIdentifiers.cpp:
2589 (JSC::DFG::DesiredIdentifiers::DesiredIdentifiers):
2590 (JSC::DFG::DesiredIdentifiers::numberOfIdentifiers):
2591 (JSC::DFG::DesiredIdentifiers::ensure):
2592 (JSC::DFG::DesiredIdentifiers::at):
2593 (JSC::DFG::DesiredIdentifiers::addLazily): Deleted.
2594 * dfg/DFGDesiredIdentifiers.h:
2596 2015-07-22 Filip Pizlo <fpizlo@apple.com>
2598 Simplify things like CompareEq(@x,@x)
2599 https://bugs.webkit.org/show_bug.cgi?id=145850
2601 Reviewed by Sam Weinig.
2603 This simplifies x==x to true, except in cases where x might be a double (in which case this
2604 might still be false if x is NaN).
2606 * dfg/DFGAbstractInterpreterInlines.h:
2607 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2608 * tests/stress/nan-equal-untyped.js: Added.
2611 * tests/stress/nan-equal.js: Added.
2614 2015-07-22 Joseph Pecoraro <pecoraro@apple.com>
2616 Web Inspector: Timeline should immediately start moving play head when starting a new recording
2617 https://bugs.webkit.org/show_bug.cgi?id=147210
2619 Reviewed by Timothy Hatcher.
2621 * inspector/protocol/Timeline.json:
2622 Add timestamps to recordingStarted and recordingStopped events.
2624 2015-07-22 Yusuke Suzuki <utatane.tea@gmail.com>
2626 Introducing construct ability into JS executables
2627 https://bugs.webkit.org/show_bug.cgi?id=147183
2629 Reviewed by Geoffrey Garen.
2631 Decouple the construct ability from the builtin functions.
2632 Currently, all builtin functions are not constructors after r182995.
2633 In that patch, when the given function is builtin JS function, we recognize it as the non-constructor function.
2635 But, we need to relax it to implement some constructors in builtins JS.
2636 By decoupling the construct ability from whether the function is builtin or not, we can provide
2638 1. constructors written in builtin JS
2639 2. non-constructors in normal JS functions
2641 (1) is needed for Promise constructor.
2642 And (2) is needed for method functions and arrow functions.
2644 This patch introduces ConstructAbility into the unlinked function executables.
2645 It holds whether the given JS function has the construct ability or not.
2646 By leveraging this, this patch disables the construct ability of the method definitions, setters, getters and arrow functions.
2648 And at the same time, this patch introduces the annotation for constructor in builtin JS.
2649 We can define the function as follows,
2651 constructor Promise(executor)
2656 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2657 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2658 * JavaScriptCore.xcodeproj/project.pbxproj:
2659 * builtins/BuiltinExecutables.cpp:
2660 (JSC::BuiltinExecutables::createDefaultConstructor):
2661 (JSC::BuiltinExecutables::createExecutableInternal):
2662 * builtins/BuiltinExecutables.h:
2663 * builtins/Iterator.prototype.js:
2665 (SymbolIterator): Deleted.
2666 * bytecode/UnlinkedCodeBlock.cpp:
2667 (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2668 * bytecode/UnlinkedCodeBlock.h:
2669 * bytecompiler/BytecodeGenerator.h:
2670 (JSC::BytecodeGenerator::makeFunction):
2671 * generate-js-builtins:
2674 (Function.__init__):
2675 (Function.mangleName):
2677 (mangleName): Deleted.
2678 * jit/JITOperations.cpp:
2679 * llint/LLIntSlowPaths.cpp:
2680 (JSC::LLInt::setUpCall):
2681 * parser/Parser.cpp:
2682 (JSC::Parser<LexerType>::parseClass):
2683 * runtime/CodeCache.cpp:
2684 (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2685 * runtime/CommonIdentifiers.h:
2686 * runtime/ConstructAbility.h: Copied from Source/JavaScriptCore/builtins/Iterator.prototype.js.
2687 * runtime/Executable.h:
2688 * runtime/JSFunction.cpp:
2689 (JSC::JSFunction::getConstructData):
2690 * runtime/JSGlobalObject.cpp:
2691 (JSC::JSGlobalObject::init):
2692 * tests/stress/non-constructors.js: Added.
2694 (.prototype.method):
2695 (.prototype.get getter):
2696 (.prototype.set setter):
2700 (set var.test.get getter):
2701 (set var.test.set setter):
2702 (set var.test.normal):
2706 2015-07-22 Csaba Osztrogonác <ossy@webkit.org>
2708 [JSC] Enable exception fuzzing for GCC too
2709 https://bugs.webkit.org/show_bug.cgi?id=146831
2711 Reviewed by Darin Adler.
2713 * jit/JITOperations.cpp:
2715 2015-07-22 Filip Pizlo <fpizlo@apple.com>
2717 Fixed pool allocation should always be aligned
2718 https://bugs.webkit.org/show_bug.cgi?id=147201
2720 Reviewed by Simon Fraser.
2722 Passing an unaligned size to the allocator can cause asserts or even worse things. The
2723 Options reservation value isn't going to be aligned.
2725 * jit/ExecutableAllocatorFixedVMPool.cpp:
2726 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
2728 2015-07-22 Csaba Osztrogonác <ossy@webkit.org>
2730 Enable STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE for GCC
2731 https://bugs.webkit.org/show_bug.cgi?id=146829
2733 Reviewed by Brent Fulgham.
2735 * heap/GCAssertions.h:
2737 2015-07-22 Alex Christensen <achristensen@webkit.org>
2739 Fix quirks in CMake build on Mac and Windows
2740 https://bugs.webkit.org/show_bug.cgi?id=147174
2742 Reviewed by Gyuyoung Kim.
2744 * PlatformMac.cmake:
2745 Add JSRemoteInspector.cpp and remove semicolon from command to make it actually run.
2747 2015-07-21 Yusuke Suzuki <utatane.tea@gmail.com>
2749 Add newTarget accessor to JS constructor written in C++
2750 https://bugs.webkit.org/show_bug.cgi?id=147160
2752 Reviewed by Geoffrey Garen.
2754 This patch adds `ExecState#newTarget()` which returns `new.target` defined in ECMA262 6th.
2755 It enables some C++ constructors (like Intl.XXX constructors) to leverage this to complete
2758 When the constructor is called, |this| in the arguments is used for storing new.target instead.
2759 So by adding the accessor for |this|, JS constructor written in C++ can access new.target.
2761 And at the same time, this patch extends the existing `construct` to accept new.target value.
2762 It is corresponding to the spec's Construct abstract operation.
2764 * interpreter/CallFrame.h:
2765 (JSC::ExecState::newTarget):
2766 * interpreter/Interpreter.cpp:
2767 (JSC::Interpreter::executeConstruct):
2768 * interpreter/Interpreter.h:
2769 * runtime/ConstructData.cpp:
2771 * runtime/ConstructData.h:
2774 2015-07-21 Filip Pizlo <fpizlo@apple.com>
2776 Unreviewed, fix a lot of tests. Need to initialize WTF threading sooner.
2781 2015-07-21 Filip Pizlo <fpizlo@apple.com>
2783 Fixed VM pool allocation should have a reserve for allocations that cannot fail
2784 https://bugs.webkit.org/show_bug.cgi?id=147154
2785 rdar://problem/21847618
2787 Reviewed by Geoffrey Garen.
2789 This adds the notion of a JIT pool reserve fraction. Some fraction, currently 1/4, of
2790 the JIT pool is reserved for allocations that cannot fail. It makes sense to make this
2791 a fraction rather than a constant because each allocation that can fail may cause some
2792 number of allocations that cannot fail (for example, the OSR exit thunks that we
2793 compile when we exit from some CodeBlock cannot fail).
2795 I've tested this by adding a test mode where we artificially limit the JIT pool size.
2796 Prior to the fix, we had >20 failures. Now we have none.
2798 * heap/GCLogging.cpp:
2799 (WTF::printInternal): I needed a dump method on Options members when debugging this.
2801 * jit/ExecutableAllocator.h: Raise the ARM64 limit to 32MB because 16MB is cutting it too close.
2802 * jit/ExecutableAllocatorFixedVMPool.cpp:
2803 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Add the ability to artificially limit JIT pool size for testing.
2804 (JSC::ExecutableAllocator::memoryPressureMultiplier): Implement the reserve when computing memory pressure for JIT tier-up heuristics.
2805 (JSC::ExecutableAllocator::allocate): Implement the reserve when allocating can-fail things.
2806 * jsc.cpp: Rewire some options parsing so that CommandLine happens before we create the JIT pool.
2808 (CommandLine::parseArguments):
2810 * runtime/Options.cpp:
2811 (JSC::OptionRange::dump): I needed a dump method on Options members when debugging this.
2812 (JSC::Options::initialize): This can now be called more than once.
2813 * runtime/Options.h:
2815 2015-07-21 Saam barati <saambarati1@gmail.com>
2817 ObjectPatternNode's entry should use "const Identifier&" instead of "Identifier"
2818 https://bugs.webkit.org/show_bug.cgi?id=147156
2820 Reviewed by Andreas Kling.
2824 2015-07-21 Basile Clement <basile_clement@apple.com>
2826 Object allocation sinking phase is performing needless HashMap copies
2827 https://bugs.webkit.org/show_bug.cgi?id=147159
2829 Reviewed by Geoffrey Garen.
2831 The points-to analyzer in the object allocation sinking phase is
2832 currently performing copies of its allocation and pointers tables in
2833 several places. While this is not a huge problem since those tables are
2834 usually small and we are in the FTL path anyway, we still shouldn't be
2835 doing such useless copying.
2837 This patch also removes the DFGInsertOSRHintsForUpdate files that are
2838 no longer needed with the new object sinking phase and should have been
2842 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2843 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2844 * JavaScriptCore.xcodeproj/project.pbxproj:
2845 * dfg/DFGInsertOSRHintsForUpdate.cpp: Removed.
2846 (JSC::DFG::insertOSRHintsForUpdate): Deleted.
2847 * dfg/DFGInsertOSRHintsForUpdate.h: Removed.
2848 * dfg/DFGObjectAllocationSinkingPhase.cpp:
2850 2015-07-21 Saam barati <saambarati1@gmail.com>
2852 DestructuringPatternNode and DestructuringAssignmentNode should be ParserArenaFreeable
2853 https://bugs.webkit.org/show_bug.cgi?id=147140
2855 Reviewed by Geoffrey Garen.
2857 The descendants of DestructuringPatternNode that need destruction also
2858 inherit from ParserArenaDeletable.
2861 (JSC::DestructuringPatternNode::~DestructuringPatternNode):
2862 (JSC::ObjectPatternNode::appendEntry):
2863 (JSC::DestructuringAssignmentNode::bindings):
2865 2015-07-21 Keith Miller <keith_miller@apple.com>
2867 Add support for the new.target syntax.
2868 https://bugs.webkit.org/show_bug.cgi?id=147051
2870 Reviewed by Yusuke Suzuki.
2872 Add support for new.target. Essentially the implementation is, before constructor calls,
2873 the target of a "new" is placed where "this" noramlly goes in the calling convention.
2874 Then in the constructor before object is initialized we move the target of the "new"
2875 into a local variable.
2877 * bytecompiler/BytecodeGenerator.cpp:
2878 (JSC::BytecodeGenerator::BytecodeGenerator):
2879 * bytecompiler/NodesCodegen.cpp:
2880 (JSC::NewTargetNode::emitBytecode):
2881 * parser/ASTBuilder.h:
2882 (JSC::ASTBuilder::newTargetExpr):
2883 * parser/NodeConstructors.h:
2884 (JSC::NewTargetNode::NewTargetNode):
2886 * parser/Parser.cpp:
2887 (JSC::Parser<LexerType>::parseMemberExpression):
2888 * parser/SyntaxChecker.h:
2889 (JSC::SyntaxChecker::newTargetExpr):
2890 * runtime/CommonIdentifiers.h:
2891 * tests/stress/new-target.js: Added.
2894 (Constructor.subCall):
2895 (Constructor.SubConstructor):
2902 2015-07-20 Saam barati <saambarati1@gmail.com>
2904 "let" scoping introduced incoherent story about symbol table cloning
2905 https://bugs.webkit.org/show_bug.cgi?id=147046
2907 Reviewed by Filip Pizlo.
2909 This patch now establishes a clear set of rules for how SymbolTables
2910 are owned by CodeBlock. Every SymbolTable that is used by a bytecode
2911 instruction must live in CodeBlock's constant register pool. When CodeBlock
2912 is being linked, it ensures that every SymbolTable in the constant pool is cloned.
2913 This leaves no room for an un-cloned symbol table to be used by a bytecode instruction.
2914 Some instructions may refer to SymbolTable's indirectly through a JSLexicalEnvironment.
2915 This is fine, all JSLexicalEnvironment's are allocated with references to cloned symbol tables.
2917 Another goal of this patch is to remove the notion that a SymbolTable is 1 to 1
2918 with a CodeBlock. With lexical scoping, this view of the world is no longer
2919 correct. This patch begins to remove this assumption by making CodeBlock's
2920 symbolTable() getter method private. There is still one place where we need
2921 to purge our codebase of this assumption and that is the type profiler. It
2922 has not been updated for lexical scoping. After it is updated in
2923 https://bugs.webkit.org/show_bug.cgi?id=145438
2924 we will be able to remove CodeBlock's symbolTable() getter entirely.
2926 * bytecode/CodeBlock.cpp:
2927 (JSC::CodeBlock::CodeBlock):
2928 (JSC::CodeBlock::nameForRegister):
2929 * bytecode/CodeBlock.h:
2930 (JSC::CodeBlock::addStringSwitchJumpTable):
2931 (JSC::CodeBlock::stringSwitchJumpTable):
2932 (JSC::CodeBlock::evalCodeCache):
2933 (JSC::CodeBlock::symbolTable):
2934 * bytecode/UnlinkedCodeBlock.cpp:
2935 (JSC::UnlinkedFunctionExecutable::visitChildren):
2936 (JSC::UnlinkedFunctionExecutable::link):
2937 (JSC::UnlinkedFunctionExecutable::codeBlockFor):
2938 * bytecode/UnlinkedCodeBlock.h:
2939 (JSC::UnlinkedCodeBlock::addExceptionHandler):
2940 (JSC::UnlinkedCodeBlock::exceptionHandler):
2941 (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex):
2942 (JSC::UnlinkedCodeBlock::symbolTableConstantIndex):
2943 (JSC::UnlinkedCodeBlock::symbolTable): Deleted.
2944 (JSC::UnlinkedCodeBlock::setSymbolTable): Deleted.
2945 * bytecompiler/BytecodeGenerator.cpp:
2946 (JSC::BytecodeGenerator::generate):
2947 (JSC::BytecodeGenerator::BytecodeGenerator):
2948 (JSC::BytecodeGenerator::pushLexicalScope):
2949 (JSC::BytecodeGenerator::variableForLocalEntry):
2950 (JSC::BytecodeGenerator::createVariable):
2951 (JSC::BytecodeGenerator::resolveType):
2952 (JSC::BytecodeGenerator::emitResolveScope):
2953 * bytecompiler/BytecodeGenerator.h:
2954 (JSC::BytecodeGenerator::thisRegister):
2955 (JSC::BytecodeGenerator::instructions):
2956 (JSC::BytecodeGenerator::symbolTable): Deleted.
2958 (JSC::DFG::Graph::baselineCodeBlockFor):
2959 (JSC::DFG::Graph::isStrictModeFor):
2960 (JSC::DFG::Graph::symbolTableFor): Deleted.
2961 * jit/AssemblyHelpers.h:
2962 (JSC::AssemblyHelpers::baselineCodeBlock):
2963 (JSC::AssemblyHelpers::argumentsStart):
2964 (JSC::AssemblyHelpers::symbolTableFor): Deleted.
2965 * runtime/CommonSlowPaths.cpp:
2966 (JSC::SLOW_PATH_DECL):
2967 * runtime/Executable.cpp:
2968 (JSC::FunctionExecutable::visitChildren):
2969 (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation):
2970 (JSC::FunctionExecutable::symbolTable): Deleted.
2971 * runtime/Executable.h:
2973 2015-07-18 Filip Pizlo <fpizlo@apple.com>
2975 REGRESSION(186691): OSR entry is broken on loop headers that have no live variables
2976 https://bugs.webkit.org/show_bug.cgi?id=147074
2977 rdar://problem/21869970
2979 Reviewed by Michael Saboff.
2981 The OSR entry must-handle block/value widening introduced in r186691 would cause the
2982 CFA to reexecute if it caused any live local variables to change value. But this fails
2983 if the must-handle block has no live local variables, and the entry block otherwise
2984 appears to be unreachable.
2986 This fixes the bug by having the change detection include whether the block hadn't been
2987 visited in addition to whether any local variable values got widened.
2989 This is a ~4% speed-up on SunSpider in browser.
2991 * dfg/DFGCFAPhase.cpp:
2992 (JSC::DFG::CFAPhase::run):
2994 2015-07-20 Mark Lam <mark.lam@apple.com>
2996 Rollout r187020 and r187021: breaks JSC API tests on debug builds.
2997 https://bugs.webkit.org/show_bug.cgi?id=147110
2999 * heap/MachineStackMarker.cpp:
3000 (JSC::MachineThreads::addCurrentThread):
3001 * runtime/JSLock.cpp:
3002 (JSC::JSLockHolder::~JSLockHolder):
3003 (JSC::JSLock::JSLock):
3004 (JSC::JSLock::willDestroyVM):
3005 (JSC::JSLock::setExclusiveThread):
3006 (JSC::JSLock::lock):
3007 (JSC::JSLock::unlock):
3008 (JSC::JSLock::currentThreadIsHoldingLock):
3009 (JSC::JSLock::dropAllLocks):
3012 (JSC::JSLock::hasExclusiveThread):
3013 (JSC::JSLock::exclusiveThread):
3015 (JSC::VM::hasExclusiveThread):
3016 (JSC::VM::exclusiveThread):
3017 (JSC::VM::setExclusiveThread):
3019 2015-07-20 Per Arne Vollan <peavo@outlook.com>
3021 Unreviewed debug build fix after r187020.
3023 * heap/MachineStackMarker.cpp:
3024 (JSC::MachineThreads::addCurrentThread):
3025 VM::exclusiveThread() has changed return type to ThreadIdentifier.
3027 2015-07-20 Per Arne Vollan <peavo@outlook.com>
3029 JavaScriptCore performance is very bad on Windows
3030 https://bugs.webkit.org/show_bug.cgi?id=146448
3032 Reviewed by Mark Lam.
3034 Profiling shows that std::this_thread::get_id() is slow on Windows.
3035 Use WTF::currentThread() instead, which calls GetCurrentThreadId().
3036 This is faster on Windows. The issue has been reported to Microsoft,
3037 https://connect.microsoft.com/VisualStudio/feedback/details/1558211.
3039 * runtime/JSLock.cpp:
3040 (JSC::JSLockHolder::~JSLockHolder):
3041 (JSC::JSLock::JSLock):
3042 (JSC::JSLock::willDestroyVM):
3043 (JSC::JSLock::setExclusiveThread):
3044 (JSC::JSLock::lock):
3045 (JSC::JSLock::unlock):
3046 (JSC::JSLock::currentThreadIsHoldingLock):
3049 (JSC::JSLock::hasExclusiveThread):
3050 (JSC::JSLock::exclusiveThread):
3052 (JSC::VM::hasExclusiveThread):
3053 (JSC::VM::exclusiveThread):
3054 (JSC::VM::setExclusiveThread):
3056 2015-07-19 Yusuke Suzuki <utatane.tea@gmail.com>
3058 In strict mode, `Object.keys(arguments)` includes "length"
3059 https://bugs.webkit.org/show_bug.cgi?id=147071
3061 Reviewed by Darin Adler.
3063 ClonedAguments didn't set the "length" with DontEnum.
3065 * runtime/ClonedArguments.cpp:
3066 (JSC::ClonedArguments::createWithInlineFrame):
3067 (JSC::ClonedArguments::createByCopyingFrom):
3068 * tests/stress/arguments-length-always-dont-enum.js: Added.
3073 2015-07-19 Jordan Harband <ljharb@gmail.com>
3075 new Date(NaN).toJSON() must return null instead of throwing a TypeError
3076 https://bugs.webkit.org/show_bug.cgi?id=141115
3078 Reviewed by Yusuke Suzuki.
3080 * runtime/DatePrototype.cpp:
3081 (JSC::dateProtoFuncToJSON):
3083 2015-07-19 Saam barati <saambarati1@gmail.com>
3085 Parser::parseFunctionInfo hits RELEASE_ASSERT for Arrow Functions
3086 https://bugs.webkit.org/show_bug.cgi?id=147090
3088 Reviewed by Yusuke Suzuki.
3090 ArrowFunction's have there ParserFunctionInfo "name" field to
3091 be a non-null pointer. This is obviously allowed and valid except we
3092 had a RELEASE_ASSERT that claimed otherwise. This is a mistake.
3094 Note: ArrowFunction's will never actually have a function name;
3095 there ParserFunctionInfo "name" field will be the empty string.
3096 This is not be mistaken with the name field being a null pointer.
3098 * parser/Parser.cpp:
3099 (JSC::Parser<LexerType>::parseFunctionInfo):
3101 2015-07-18 Saam barati <saambarati1@gmail.com>
3103 [ES6] Add support for block scope const
3104 https://bugs.webkit.org/show_bug.cgi?id=31813
3106 Reviewed by Filip Pizlo.
3108 'const' is now implemented in an ES6 spec compliant manner.
3109 'const' variables are always block scoped and always live
3110 either on the stack or in a JSLexicalEnvironment. 'const'
3111 variables never live on the global object.
3113 Inside the BytecodeGenerator, when assigning to a stack
3114 'const' variable or a LocalClosureVar 'const' variable,
3115 we will emit code that just throws a type error.
3116 When assigning to a ClosureVar const variable, CodeBlock linking
3117 will ensure that we perform a dynamic lookup of that variable so
3118 that put_to_scope's slow path throws a type error.
3120 The old 'const' implementation has been removed in this patch.
3122 * bytecode/BytecodeList.json:
3123 * bytecode/BytecodeUseDef.h:
3124 (JSC::computeUsesForBytecodeOffset):
3125 (JSC::computeDefsForBytecodeOffset):
3126 * bytecode/CodeBlock.cpp:
3127 (JSC::CodeBlock::dumpBytecode):
3128 (JSC::CodeBlock::CodeBlock):
3129 * bytecompiler/BytecodeGenerator.cpp:
3130 (JSC::BytecodeGenerator::BytecodeGenerator):
3131 (JSC::BytecodeGenerator::pushLexicalScope):
3132 (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3133 (JSC::BytecodeGenerator::variable):
3134 (JSC::BytecodeGenerator::variableForLocalEntry):
3135 (JSC::BytecodeGenerator::createVariable):
3136 (JSC::BytecodeGenerator::emitResolveScope):
3137 (JSC::BytecodeGenerator::emitInstanceOf):
3138 (JSC::BytecodeGenerator::emitGetById):
3139 (JSC::BytecodeGenerator::isArgumentNumber):
3140 (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
3141 (JSC::BytecodeGenerator::emitEnumeration):
3142 (JSC::BytecodeGenerator::variablePerSymbolTable): Deleted.
3143 (JSC::BytecodeGenerator::emitInitGlobalConst): Deleted.
3144 * bytecompiler/BytecodeGenerator.h:
3145 (JSC::Variable::Variable):
3146 (JSC::Variable::isReadOnly):
3147 (JSC::Variable::isSpecial):
3148 (JSC::Variable::isConst):
3149 (JSC::BytecodeGenerator::thisRegister):
3150 (JSC::BytecodeGenerator::emitTypeOf):
3151 (JSC::BytecodeGenerator::emitIn):
3152 * bytecompiler/NodesCodegen.cpp:
3153 (JSC::PostfixNode::emitResolve):
3154 (JSC::PrefixNode::emitResolve):
3155 (JSC::ReadModifyResolveNode::emitBytecode):
3156 (JSC::AssignResolveNode::emitBytecode):
3157 (JSC::CommaNode::emitBytecode):
3158 (JSC::BindingNode::bindValue):
3159 (JSC::ConstDeclNode::emitCodeSingle): Deleted.
3160 (JSC::ConstDeclNode::emitBytecode): Deleted.
3161 (JSC::ConstStatementNode::emitBytecode): Deleted.
3162 * dfg/DFGByteCodeParser.cpp:
3163 (JSC::DFG::ByteCodeParser::parseBlock):
3164 * dfg/DFGCapabilities.cpp:
3165 (JSC::DFG::capabilityLevel):
3167 (JSC::JIT::privateCompileMainPass):
3169 * jit/JITPropertyAccess.cpp:
3170 (JSC::JIT::emit_op_put_to_arguments):
3171 (JSC::JIT::emit_op_init_global_const): Deleted.
3172 * jit/JITPropertyAccess32_64.cpp:
3173 (JSC::JIT::emit_op_put_to_arguments):
3174 (JSC::JIT::emit_op_init_global_const): Deleted.
3175 * llint/LowLevelInterpreter.asm:
3176 * llint/LowLevelInterpreter32_64.asm:
3177 * llint/LowLevelInterpreter64.asm:
3178 * parser/ASTBuilder.h:
3179 (JSC::ASTBuilder::createDeclarationStatement):
3180 (JSC::ASTBuilder::createEmptyVarExpression):
3181 (JSC::ASTBuilder::createDebugger):
3182 (JSC::ASTBuilder::appendStatement):
3183 (JSC::ASTBuilder::createVarStatement): Deleted.
3184 (JSC::ASTBuilder::createLetStatement): Deleted.
3185 (JSC::ASTBuilder::createConstStatement): Deleted.
3186 (JSC::ASTBuilder::appendConstDecl): Deleted.
3187 * parser/NodeConstructors.h:
3188 (JSC::CommaNode::CommaNode):
3189 (JSC::SourceElements::SourceElements):
3190 (JSC::SwitchNode::SwitchNode):
3191 (JSC::BlockNode::BlockNode):
3192 (JSC::ConstStatementNode::ConstStatementNode): Deleted.
3193 (JSC::ConstDeclNode::ConstDeclNode): Deleted.
3195 (JSC::ConstDeclNode::hasInitializer): Deleted.
3196 (JSC::ConstDeclNode::ident): Deleted.
3197 * parser/Parser.cpp:
3198 (JSC::Parser<LexerType>::parseStatementListItem):
3199 (JSC::Parser<LexerType>::parseVariableDeclaration):
3200 (JSC::Parser<LexerType>::parseWhileStatement):
3201 (JSC::Parser<LexerType>::parseVariableDeclarationList):
3202 (JSC::Parser<LexerType>::createBindingPattern):
3203 (JSC::Parser<LexerType>::parseDestructuringPattern):
3204 (JSC::Parser<LexerType>::parseDefaultValueForDestructuringPattern):
3205 (JSC::Parser<LexerType>::parseForStatement):
3206 (JSC::Parser<LexerType>::parseTryStatement):
3207 (JSC::Parser<LexerType>::parseFunctionInfo):
3208 (JSC::Parser<LexerType>::parseFunctionDeclaration):
3209 (JSC::Parser<LexerType>::parseClass):
3210 (JSC::Parser<LexerType>::parseConstDeclaration): Deleted.
3211 (JSC::Parser<LexerType>::parseConstDeclarationList): Deleted.
3214 (JSC::isEvalNode<EvalNode>):
3217 (JSC::isEvalOrArgumentsIdentifier):
3218 (JSC::Scope::Scope):
3219 (JSC::Scope::declareCallee):
3220 (JSC::Scope::declareVariable):
3221 (JSC::Scope::declareLexicalVariable):
3222 (JSC::Scope::hasDeclaredVariable):
3223 (JSC::Scope::allowsVarDeclarations):
3224 (JSC::Scope::allowsLexicalDeclarations):
3225 (JSC::Scope::declareParameter):
3226 (JSC::Scope::declareBoundParameter):
3227 (JSC::Parser::destructuringKindFromDeclarationType):
3228 (JSC::Parser::assignmentContextFromDeclarationType):
3229 (JSC::Parser::isEvalOrArguments):
3230 (JSC::Parser::currentScope):
3231 (JSC::Parser::popScope):
3232 (JSC::Parser::declareVariable):
3233 (JSC::Parser::hasDeclaredVariable):
3234 (JSC::Parser::setStrictMode):
3235 (JSC::Parser::strictMode):
3236 (JSC::Parser::isValidStrictMode):
3237 (JSC::Parser::declareParameter):
3238 (JSC::Parser::declareBoundParameter):
3239 (JSC::Parser::breakIsValid):
3240 * parser/SyntaxChecker.h:
3241 (JSC::SyntaxChecker::createForInLoop):
3242 (JSC::SyntaxChecker::createForOfLoop):
3243 (JSC::SyntaxChecker::createEmptyStatement):
3244 (JSC::SyntaxChecker::createDeclarationStatement):
3245 (JSC::SyntaxChecker::createReturnStatement):
3246 (JSC::SyntaxChecker::createBreakStatement):
3247 (JSC::SyntaxChecker::createVarStatement): Deleted.
3248 (JSC::SyntaxChecker::createLetStatement): Deleted.
3249 * parser/VariableEnvironment.h:
3250 (JSC::VariableEnvironmentEntry::isCaptured):
3251 (JSC::VariableEnvironmentEntry::isConst):
3252 (JSC::VariableEnvironmentEntry::isVar):
3253 (JSC::VariableEnvironmentEntry::isLet):
3254 (JSC::VariableEnvironmentEntry::setIsCaptured):
3255 (JSC::VariableEnvironmentEntry::setIsConst):
3256 (JSC::VariableEnvironmentEntry::setIsVar):
3257 (JSC::VariableEnvironmentEntry::setIsLet):
3258 (JSC::VariableEnvironmentEntry::isConstant): Deleted.
3259 (JSC::VariableEnvironmentEntry::setIsConstant): Deleted.
3260 * runtime/Executable.cpp:
3261 (JSC::ProgramExecutable::initializeGlobalProperties):
3262 * runtime/JSGlobalObject.cpp:
3263 (JSC::JSGlobalObject::defineOwnProperty):
3264 (JSC::JSGlobalObject::addGlobalVar):
3265 (JSC::JSGlobalObject::addFunction):
3266 (JSC::lastInPrototypeChain):
3267 * runtime/JSGlobalObject.h:
3268 (JSC::JSGlobalObject::finishCreation):
3269 (JSC::JSGlobalObject::addVar):
3270 (JSC::JSGlobalObject::addConst): Deleted.
3271 * runtime/JSLexicalEnvironment.cpp:
3272 (JSC::JSLexicalEnvironment::symbolTablePut):
3273 * tests/stress/const-and-with-statement.js: Added.
3276 (shouldThrowInvalidConstAssignment):
3278 * tests/stress/const-exception-handling.js: Added.
3282 * tests/stress/const-loop-semantics.js: Added.
3285 (shouldThrowInvalidConstAssignment):
3287 * tests/stress/const-not-strict-mode.js: Added.
3292 * tests/stress/const-semantics.js: Added.
3295 (shouldThrowInvalidConstAssignment):
3297 * tests/stress/const-tdz.js: Added.
3303 2015-07-18 Saam barati <saambarati1@gmail.com>
3305 lexical scoping is broken with respect to "break" and "continue"
3306 https://bugs.webkit.org/show_bug.cgi?id=147063
3308 Reviewed by Filip Pizlo.
3310 Bug #142944 which introduced "let" and lexical scoping
3311 didn't properly hook into the bytecode generator's machinery
3312 for calculating scope depth deltas for "break" and "continue". This
3313 resulted in the bytecode generator popping an incorrect number
3314 of scopes when lexical scopes were involved.
3316 This patch fixes this problem and generalizes this machinery a bit.
3317 This patch also renames old functions in a sensible way that is more
3318 coherent in a world with lexical scoping.
3320 * bytecompiler/BytecodeGenerator.cpp:
3321 (JSC::BytecodeGenerator::BytecodeGenerator):
3322 (JSC::BytecodeGenerator::newLabelScope):
3323 (JSC::BytecodeGenerator::emitProfileType):
3324 (JSC::BytecodeGenerator::pushLexicalScope):
3325 (JSC::BytecodeGenerator::popLexicalScope):
3326 (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3327 (JSC::BytecodeGenerator::resolveType):
3328 (JSC::BytecodeGenerator::emitResolveScope):
3329 (JSC::BytecodeGenerator::emitGetFromScope):
3330 (JSC::BytecodeGenerator::emitPutToScope):
3331 (JSC::BytecodeGenerator::emitPushWithScope):
3332 (JSC::BytecodeGenerator::emitGetParentScope):
3333 (JSC::BytecodeGenerator::emitPopScope):
3334 (JSC::BytecodeGenerator::emitPopWithOrCatchScope):
3335 (JSC::BytecodeGenerator::emitPopScopes):
3336 (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler):
3337 (JSC::BytecodeGenerator::localScopeDepth):
3338 (JSC::BytecodeGenerator::labelScopeDepth):
3339 (JSC::BytecodeGenerator::emitThrowReferenceError):
3340 (JSC::BytecodeGenerator::emitPushFunctionNameScope):
3341 (JSC::BytecodeGenerator::pushScopedControlFlowContext):
3342 (JSC::BytecodeGenerator::popScopedControlFlowContext):
3343 (JSC::BytecodeGenerator::emitPushCatchScope):
3344 (JSC::BytecodeGenerator::currentScopeDepth): Deleted.
3345 * bytecompiler/BytecodeGenerator.h:
3346 (JSC::BytecodeGenerator::hasFinaliser):
3347 (JSC::BytecodeGenerator::scopeDepth): Deleted.
3348 * bytecompiler/NodesCodegen.cpp:
3349 (JSC::ContinueNode::trivialTarget):
3350 (JSC::BreakNode::trivialTarget):
3351 (JSC::ReturnNode::emitBytecode):
3352 (JSC::WithNode::emitBytecode):
3353 (JSC::TryNode::emitBytecode):
3354 * tests/stress/lexical-scoping-break-continue.js: Added.
3358 2015-07-18 Commit Queue <commit-queue@webkit.org>
3360 Unreviewed, rolling out r186996.
3361 https://bugs.webkit.org/show_bug.cgi?id=147070
3363 Broke JSC tests (Requested by smfr on #webkit).
3367 "lexical scoping is broken with respect to "break" and
3369 https://bugs.webkit.org/show_bug.cgi?id=147063
3370 http://trac.webkit.org/changeset/186996
3372 2015-07-18 Saam barati <saambarati1@gmail.com>
3374 lexical scoping is broken with respect to "break" and "continue"
3375 https://bugs.webkit.org/show_bug.cgi?id=147063
3377 Reviewed by Filip Pizlo.
3379 Bug #142944 which introduced "let" and lexical scoping
3380 didn't properly hook into the bytecode generator's machinery
3381 for calculating scope depth deltas for "break" and "continue". This
3382 resulted in the bytecode generator popping an incorrect number
3383 of scopes when lexical scopes were involved.
3385 This patch fixes this problem and generalizes this machinery a bit.
3386 This patch also renames old functions in a sensible way that is more
3387 coherent in a world with lexical scoping.
3389 * bytecompiler/BytecodeGenerator.cpp:
3390 (JSC::BytecodeGenerator::BytecodeGenerator):
3391 (JSC::BytecodeGenerator::newLabelScope):
3392 (JSC::BytecodeGenerator::emitProfileType):
3393 (JSC::BytecodeGenerator::pushLexicalScope):
3394 (JSC::BytecodeGenerator::popLexicalScope):
3395 (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3396 (JSC::BytecodeGenerator::resolveType):
3397 (JSC::BytecodeGenerator::emitResolveScope):
3398 (JSC::BytecodeGenerator::emitGetFromScope):
3399 (JSC::BytecodeGenerator::emitPutToScope):
3400 (JSC::BytecodeGenerator::emitPushWithScope):
3401 (JSC::BytecodeGenerator::emitGetParentScope):
3402 (JSC::BytecodeGenerator::emitPopScope):
3403 (JSC::BytecodeGenerator::emitPopWithOrCatchScope):
3404 (JSC::BytecodeGenerator::emitPopScopes):
3405 (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler):
3406 (JSC::BytecodeGenerator::localScopeDepth):
3407 (JSC::BytecodeGenerator::labelScopeDepth):
3408 (JSC::BytecodeGenerator::emitThrowReferenceError):
3409 (JSC::BytecodeGenerator::emitPushFunctionNameScope):
3410 (JSC::BytecodeGenerator::pushScopedControlFlowContext):
3411 (JSC::BytecodeGenerator::popScopedControlFlowContext):
3412 (JSC::BytecodeGenerator::emitPushCatchScope):
3413 (JSC::BytecodeGenerator::currentScopeDepth): Deleted.
3414 * bytecompiler/BytecodeGenerator.h:
3415 (JSC::BytecodeGenerator::hasFinaliser):
3416 (JSC::BytecodeGenerator::scopeDepth): Deleted.
3417 * bytecompiler/NodesCodegen.cpp:
3418 (JSC::ContinueNode::trivialTarget):
3419 (JSC::BreakNode::trivialTarget):
3420 (JSC::ReturnNode::emitBytecode):
3421 (JSC::WithNode::emitBytecode):
3422 (JSC::TryNode::emitBytecode):
3423 * tests/stress/lexical-scoping-break-continue.js: Added.
3427 2015-07-17 Filip Pizlo <fpizlo@apple.com>
3429 DFG should have some obvious mitigations against watching structures that are unprofitable to watch
3430 https://bugs.webkit.org/show_bug.cgi?id=147034
3432 Reviewed by Mark Lam and Michael Saboff.
3434 This implements two guards against the DFG watching structures that are likely to fire
3437 - Don't watch dictionaries or any structure that had a dictionary in its past. Dictionaries
3438 can be flattened, and then they can transform back to dictionaries.
3440 - Don't watch structures whose past structures were transitioned-away from while their
3441 transition watchpoints were being watched. This property gives us monotonicity: if we
3442 recompile because we watched structure S1 of object O, then we won't make the same mistake
3443 again when object O has structure S2, S3, and so on.
3445 This is a 1.5% speed-up on Kraken. It does penalize some Octane tests, but it also seems to
3446 help some of them, so on Octane it's basically neutral.
3448 * bytecode/Watchpoint.h:
3449 (JSC::WatchpointSet::invalidate):
3450 (JSC::WatchpointSet::isBeingWatched):
3451 (JSC::WatchpointSet::addressOfState):
3452 (JSC::WatchpointSet::addressOfSetIsNotEmpty):
3453 (JSC::InlineWatchpointSet::touch):
3454 (JSC::InlineWatchpointSet::isBeingWatched):
3455 * runtime/JSGlobalObject.h:
3456 (JSC::JSGlobalObject::createStructure):
3457 (JSC::JSGlobalObject::registerWeakMap):
3458 * runtime/Structure.cpp:
3459 (JSC::Structure::Structure):
3460 (JSC::Structure::toDictionaryTransition):
3461 (JSC::Structure::didTransitionFromThisStructure):
3462 * runtime/Structure.h:
3464 2015-07-16 Filip Pizlo <fpizlo@apple.com>
3466 Remove DFG::DesiredWriteBarriers because it's just a very difficult way of saying "please barrier the machine code block owner"
3467 https://bugs.webkit.org/show_bug.cgi?id=147030
3469 Reviewed by Andreas Kling.
3471 All of the users of DesiredWriteBarriers were just using it to request that Plan
3472 finalization executes a barrier on codeBlock->ownerExecutable. Indeed, that's the only
3473 owning cell in the heap that compilation affects. So, we might as well just have Plan
3474 unconditionally execute that barrier and then we don't need DesiredWriteBarriers at
3478 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3479 * JavaScriptCore.xcodeproj/project.pbxproj:
3480 * dfg/DFGByteCodeParser.cpp:
3481 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3482 * dfg/DFGDesiredWriteBarriers.cpp: Removed.
3483 * dfg/DFGDesiredWriteBarriers.h: Removed.
3485 (JSC::DFG::Graph::registerFrozenValues):
3487 (JSC::DFG::Plan::reallyAdd):
3488 (JSC::DFG::Plan::notifyCompiling):
3489 (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
3490 (JSC::DFG::Plan::checkLivenessAndVisitChildren):
3491 (JSC::DFG::Plan::cancel):
3494 2015-07-17 Yusuke Suzuki <utatane.tea@gmail.com>
3496 Integrate automatic microtask draining into JSC framework and re-enable Promise
3497 https://bugs.webkit.org/show_bug.cgi?id=146828
3499 Reviewed by Sam Weinig.
3501 Add automatic microtask draining system into JSC framework.
3502 When the depth of VM lock becomes 0, before this, we drain the queued microtasks.
3503 Enqueuing behavior can be injected by the JSGlobalObject's method table.
3504 It is utilized in WebCore to post the microtask to WebCore's event loop.
3506 In the case of JSC interactive shell, VM depth is always greater than 0.
3507 So we manually drains the queued microtasks after evaluating the written line.
3509 Since now JSC framework has the microtask queue, we can drain the queued microtasks.
3510 So re-enable the Promise in the JSC framework context.
3512 * API/JSContextRef.cpp:
3513 (javaScriptRuntimeFlags): Deleted.
3514 * API/tests/testapi.c:
3516 * API/tests/testapi.mm:
3517 (testObjectiveCAPIMain):
3520 * runtime/JSGlobalObject.cpp:
3521 (JSC::JSGlobalObject::queueMicrotask):
3522 * runtime/JSLock.cpp:
3523 (JSC::JSLock::willReleaseLock):
3525 (JSC::VM::queueMicrotask):
3526 (JSC::VM::drainMicrotasks):
3527 (JSC::QueuedTask::run):
3529 (JSC::QueuedTask::QueuedTask):
3531 2015-07-17 Saam barati <saambarati1@gmail.com>
3533 Function parameters should be parsed in the same parser arena as the function body
3534 https://bugs.webkit.org/show_bug.cgi?id=145995
3536 Reviewed by Yusuke Suzuki.
3538 This patch changes how functions are parsed in JSC. A function's
3539 parameters are now parsed in the same arena as the function itself.
3540 This allows us to arena allocate all destructuring AST nodes and
3541 the FunctionParameters node. This will help make implementing ES6
3542 default parameter values sane.
3544 A source code that represents a function now includes the text of the function's
3545 parameters. The starting offset is at the opening parenthesis of the parameter
3546 list or at the starting character of the identifier for arrow functions that
3547 have single arguments and don't start with parenthesis.
3551 "function (param1, param2) { ... }"
3553 | This offset used to be the starting offset of a function's SourceCode
3555 | This is the new starting offset for a function's SourceCode.
3557 This requires us to change how some offsets are calculated
3558 and also requires us to report some different line numbers for internal
3559 metrics that use a SourceCode's starting line and column numbers.
3561 This patch also does a bit of cleanup with regards to how
3562 functions are parsed in general (especially arrow functions).
3563 It removes some unnecessary #ifdefs and the likes for arrow
3564 to make things clearer and more deliberate.
3566 * API/JSScriptRef.cpp:
3568 * builtins/BuiltinExecutables.cpp:
3569 (JSC::BuiltinExecutables::createExecutableInternal):
3570 * bytecode/UnlinkedCodeBlock.cpp:
3571 (JSC::generateFunctionCodeBlock):
3572 (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
3573 (JSC::UnlinkedFunctionExecutable::visitChildren):
3574 (JSC::UnlinkedFunctionExecutable::parameterCount): Deleted.
3575 * bytecode/UnlinkedCodeBlock.h:
3576 * bytecompiler/NodesCodegen.cpp:
3577 (JSC::DestructuringAssignmentNode::emitBytecode):
3578 (JSC::assignDefaultValueIfUndefined):
3579 (JSC::ArrayPatternNode::collectBoundIdentifiers):
3580 (JSC::DestructuringPatternNode::~DestructuringPatternNode): Deleted.
3581 * parser/ASTBuilder.h:
3582 (JSC::ASTBuilder::createClassExpr):
3583 (JSC::ASTBuilder::createFunctionExpr):
3584 (JSC::ASTBuilder::createFunctionBody):
3585 (JSC::ASTBuilder::createArrowFunctionExpr):
3586 (JSC::ASTBuilder::createGetterOrSetterProperty):
3587 (JSC::ASTBuilder::createElementList):
3588 (JSC::ASTBuilder::createFormalParameterList):
3589 (JSC::ASTBuilder::appendParameter):
3590 (JSC::ASTBuilder::createClause):
3591 (JSC::ASTBuilder::createClauseList):
3592 (JSC::ASTBuilder::createFuncDeclStatement):
3593 (JSC::ASTBuilder::createForInLoop):
3594 (JSC::ASTBuilder::createForOfLoop):
3595 (JSC::ASTBuilder::isResolve):
3596 (JSC::ASTBuilder::createDestructuringAssignment):
3597 (JSC::ASTBuilder::createArrayPattern):
3598 (JSC::ASTBuilder::appendArrayPatternSkipEntry):
3599 (JSC::ASTBuilder::appendArrayPatternEntry):
3600 (JSC::ASTBuilder::appendArrayPatternRestEntry):
3601 (JSC::ASTBuilder::finishArrayPattern):
3602 (JSC::ASTBuilder::createObjectPattern):
3603 (JSC::ASTBuilder::appendObjectPatternEntry):
3604 (JSC::ASTBuilder::createBindingLocation):
3605 (JSC::ASTBuilder::setEndOffset):
3607 (JSC::Lexer<T>::Lexer):
3608 (JSC::Lexer<T>::nextTokenIsColon):
3609 (JSC::Lexer<T>::setTokenPosition):
3610 (JSC::Lexer<T>::lex):
3611 (JSC::Lexer<T>::clear):
3613 (JSC::Lexer::setIsReparsingFunction):
3614 (JSC::Lexer::isReparsingFunction):
3615 (JSC::Lexer::lineNumber):
3616 (JSC::Lexer::setIsReparsing): Deleted.
3617 (JSC::Lexer::isReparsing): Deleted.
3618 * parser/NodeConstructors.h:
3619 (JSC::TryNode::TryNode):
3620 (JSC::FunctionParameters::FunctionParameters):
3621 (JSC::FuncExprNode::FuncExprNode):
3622 (JSC::FuncDeclNode::FuncDeclNode):
3623 (JSC::ArrayPatternNode::ArrayPatternNode):
3624 (JSC::ObjectPatternNode::ObjectPatternNode):
3625 (JSC::BindingNode::BindingNode):
3626 (JSC::DestructuringAssignmentNode::DestructuringAssignmentNode):
3627 (JSC::ParameterNode::ParameterNode): Deleted.
3628 (JSC::ArrayPatternNode::create): Deleted.
3629 (JSC::ObjectPatternNode::create): Deleted.
3630 (JSC::BindingNode::create): Deleted.
3632 (JSC::ProgramNode::ProgramNode):
3633 (JSC::EvalNode::EvalNode):
3634 (JSC::FunctionBodyNode::FunctionBodyNode):
3635 (JSC::FunctionBodyNode::finishParsing):
3636 (JSC::FunctionNode::FunctionNode):
3637 (JSC::FunctionNode::finishParsing):
3638 (JSC::FunctionParameters::create): Deleted.
3639 (JSC::FunctionParameters::FunctionParameters): Deleted.
3640 (JSC::FunctionParameters::~FunctionParameters): Deleted.
3642 (JSC::ProgramNode::startColumn):
3643 (JSC::ProgramNode::endColumn):
3644 (JSC::EvalNode::startColumn):
3645 (JSC::EvalNode::endColumn):
3646 (JSC::FunctionParameters::size):
3647 (JSC::FunctionParameters::at):
3648 (JSC::FunctionParameters::append):
3649 (JSC::FuncExprNode::body):
3650 (JSC::DestructuringPatternNode::~DestructuringPatternNode):
3651 (JSC::DestructuringPatternNode::isBindingNode):
3652 (JSC::DestructuringPatternNode::emitDirectBinding):
3653 (JSC::ArrayPatternNode::appendIndex):
3654 (JSC::ObjectPatternNode::appendEntry):
3655 (JSC::BindingNode::boundProperty):
3656 (JSC::BindingNode::divotStart):
3657 (JSC::BindingNode::divotEnd):
3658 (JSC::DestructuringAssignmentNode::bindings):
3659 (JSC::FuncDeclNode::body):
3660 (JSC::ParameterNode::pattern): Deleted.
3661 (JSC::ParameterNode::nextParam): Deleted.
3662 (JSC::FunctionParameters::patterns): Deleted.
3663 * parser/Parser.cpp:
3664 (JSC::Parser<LexerType>::Parser):
3665 (JSC::Parser<LexerType>::~Parser):
3666 (JSC::Parser<LexerType>::parseInner):
3667 (JSC::Parser<LexerType>::allowAutomaticSemicolon):
3668 (JSC::Parser<LexerType>::parseSourceElements):
3669 (JSC::Parser<LexerType>::createBindingPattern):
3670 (JSC::Parser<LexerType>::parseArrowFunctionSingleExpressionBodySourceElements):
3671 (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
3672 (JSC::Parser<LexerType>::parseSwitchClauses):
3673 (JSC::Parser<LexerType>::parseSwitchDefaultClause):
3674 (JSC::Parser<LexerType>::parseBlockStatement):
3675 (JSC::Parser<LexerType>::parseStatement):
3676 (JSC::Parser<LexerType>::parseFormalParameters):
3677 (JSC::Parser<LexerType>::parseFunctionBody):
3678 (JSC::stringForFunctionMode):
3679 (JSC::Parser<LexerType>::parseFunctionParameters):
3680 (JSC::Parser<LexerType>::parseFunctionInfo):
3681 (JSC::Parser<LexerType>::parseFunctionDeclaration):
3682 (JSC::Parser<LexerType>::parseClass):
3683 (JSC::Parser<LexerType>::parsePrimaryExpression):
3684 (JSC::Parser<LexerType>::parseMemberExpression):
3685 (JSC::Parser<LexerType>::parseArrowFunctionExpression):
3686 (JSC::operatorString):
3687 (JSC::Parser<LexerType>::parseArrowFunctionSingleExpressionBody): Deleted.
3689 (JSC::Parser::positionBeforeLastNewline):
3690 (JSC::Parser::locationBeforeLastToken):
3691 (JSC::Parser::findCachedFunctionInfo):
3692 (JSC::Parser::isofToken):
3693 (JSC::Parser::isEndOfArrowFunction):
3694 (JSC::Parser::isArrowFunctionParamters):
3695 (JSC::Parser::tokenStart):
3696 (JSC::Parser::isLETMaskedAsIDENT):
3697 (JSC::Parser::autoSemiColon):
3698 (JSC::Parser::setEndOfStatement):
3699 (JSC::Parser::canRecurse):
3700 (JSC::Parser<LexerType>::parse):
3702 * parser/ParserFunctionInfo.h:
3703 * parser/ParserModes.h:
3704 (JSC::functionNameIsInScope):
3705 * parser/SourceCode.h:
3707 (JSC::SourceCode::subExpression):
3708 (JSC::SourceCode::subArrowExpression): Deleted.
3709 * parser/SourceProviderCache.h:
3710 (JSC::SourceProviderCache::get):
3711 * parser/SourceProviderCacheItem.h:
3712 (JSC::SourceProviderCacheItem::endFunctionToken):
3713 (JSC::SourceProviderCacheItem::usedVariables):
3714 (JSC::SourceProviderCacheItem::writtenVariables):
3715 (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
3716 * parser/SyntaxChecker.h:
3717 (JSC::SyntaxChecker::SyntaxChecker):
3718 (JSC::SyntaxChecker::createClassExpr):
3719 (JSC::SyntaxChecker::createFunctionExpr):
3720 (JSC::SyntaxChecker::createFunctionBody):
3721 (JSC::SyntaxChecker::createArrowFunctionExpr):
3722 (JSC::SyntaxChecker::setFunctionNameStart):
3723 (JSC::SyntaxChecker::createArguments):
3724 (JSC::SyntaxChecker::createPropertyList):
3725 (JSC::SyntaxChecker::createElementList):
3726 (JSC::SyntaxChecker::createFormalParameterList):
3727 (JSC::SyntaxChecker::appendParameter):
3728 (JSC::SyntaxChecker::createClause):
3729 (JSC::SyntaxChecker::createClauseList):
3730 * runtime/CodeCache.cpp:
3731 (JSC::CodeCache::getGlobalCodeBlock):
3732 (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
3733 * runtime/Completion.cpp:
3735 * runtime/Executable.cpp:
3736 (JSC::ProgramExecutable::checkSyntax):
3737 * tests/controlFlowProfiler/conditional-expression.js:
3738 (testConditionalFunctionCall):
3740 2015-07-16 Filip Pizlo <fpizlo@apple.com>
3742 Unreviewed, fix build for newer LLVMs.
3744 * llvm/LLVMHeaders.h:
3745 * llvm/library/LLVMExports.cpp:
3747 2015-07-16 Mark Lam <mark.lam@apple.com>
3749 RegExp::match() should set m_state to ByteCode if compilation fails.
3750 https://bugs.webkit.org/show_bug.cgi?id=147023
3752 Reviewed by Michael Saboff.
3754 A RegExp has a YarrCodeBlock that has 4 MacroAssemblerCodeRefs for compiled code.
3755 If one of these compilations succeeds, RegExp::m_state will be set to JITCode.
3756 Subsequently, if RegExp tries to compile another one of these but fails, m_state
3757 will be left untouched i.e. it still says JITCode. As a result, when
3758 RegExp::match() later tries to execute the non-existant compiled code, it will
3761 The fix is to downgrade m_state to ByteCode if RegExp ever fails to compile.
3762 This failure should be rare. We'll do the minimal work here to fix the issue and
3763 keep an eye on the perf bots. If perf regresses, we can do some optimization work then.
3765 This issue is difficult to test for since it either requires a low memory condition
3766 to trigger a failed RegExp compilation at the right moment, or for the RegExp to
3767 succeed compilation in the MatchedOnly mode but fail in IncludeSubpatterns mode.
3768 Instead, I manually tested it by instrumenting RegExp::compile() to fail once in every
3769 10 compilation attempts.
3771 * runtime/RegExp.cpp:
3772 (JSC::RegExp::compile):
3773 (JSC::RegExp::compileMatchOnly):
3775 2015-07-15 Brent Fulgham <bfulgham@apple.com>
3777 [Win] Fix armv7 build.
3779 * jit/CCallHelpers.h:
3780 (JSC::CCallHelpers::setupArgumentsWithExecState): The 64-bit argument
3781 version of poke is not available on armv7 builds.
3783 2015-07-15 Brent Fulgham <bfulgham@apple.com>
3785 [Win] 64-bit Build Failure
3786 https://bugs.webkit.org/show_bug.cgi?id=146989
3788 Reviewed by Mark Lam.
3790 * jit/CCallHelpers.h:
3791 (JSC::CCallHelpers::setupArgumentsWithExecState): Add missing
3792 declaration for 64-bit type on 4-argument register machines (like
3795 2015-07-15 Saam barati <saambarati1@gmail.com>
3797 [ES6] implement block scoping to enable 'let'
3798 https://bugs.webkit.org/show_bug.cgi?id=142944
3800 Reviewed by Filip Pizlo.
3803 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3804 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3805 * JavaScriptCore.xcodeproj/project.pbxproj:
3806 * builtins/BuiltinExecutables.cpp:
3807 (JSC::BuiltinExecutables::createExecutableInternal):
3808 * bytecode/BytecodeList.json:
3809 This patch adds a new opcode and removes op_pop_scope:
3810 1) op_get_parent_scope returns the parent scope but doesn't
3811 implicitly write that scope into the scope register. op_pop_scope
3812 is now reduced to op_get_parent_scope followed by op_mov.
3814 * bytecode/BytecodeUseDef.h:
3815 (JSC::computeUsesForBytecodeOffset):
3816 (JSC::computeDefsForBytecodeOffset):
3817 * bytecode/CodeBlock.cpp:
3818 (JSC::CodeBlock::dumpBytecode):
3819 (JSC::CodeBlock::CodeBlock):
3820 (JSC::CodeBlock::stronglyVisitStrongReferences):
3821 * bytecode/CodeBlock.h:
3822 (JSC::CodeBlock::addStringSwitchJumpTable):
3823 (JSC::CodeBlock::stringSwitchJumpTable):
3824 (JSC::CodeBlock::symbolTable):
3825 (JSC::CodeBlock::evalCodeCache):
3826 (JSC::CodeBlock::setConstantRegisters):
3827 (JSC::CodeBlock::replaceConstant):
3828 op_put_to_scope for LocalClosureVar now takes as an argument
3829 the constant index for the Symbol Table it will be putting into.
3830 This argument is only used to communicate from the BytecodeGenerator
3831 to CodeBlock linking time and it is not present in the linked bytecode.
3833 op_put_to_scope for non LocalClosureVar takes, at the same index, an
3834 argument that represents the local scope depth which it uses for
3835 JSScope::abstractResolve to know how many scopes it needs to skip.
3836 Again, this is not in the linked code.
3837 op_get_from_scope and op_resolve_scope also take as an argument
3838 the local scope depth to use in JSScope::abstractResolve. Again,
3839 this is not used in the linked code.
3841 * bytecode/EvalCodeCache.h:
3842 (JSC::EvalCodeCache::tryGet):
3843 (JSC::EvalCodeCache::getSlow):
3844 (JSC::EvalCodeCache::clear):
3845 (JSC::EvalCodeCache::isCacheable):
3846 When direct eval is called and passed a scope that
3847 corresponds to a lexical scope, we can't safely cache
3848 that code because we won't be able to guarantee
3849 that the cached code is always executed in the same scope.
3850 Consider this example:
3863 We can't reuse resolution depth when linking get_from_scope in evals.
3865 * bytecode/UnlinkedCodeBlock.cpp:
3866 (JSC::generateFunctionCodeBlock):
3867 (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
3868 (JSC::UnlinkedFunctionExecutable::parameterCount):
3869 * bytecode/UnlinkedCodeBlock.h:
3870 Unlinked functions now know the variables that were under TDZ in their parent
3873 (JSC::UnlinkedCodeBlock::symbolTable):
3874 (JSC::UnlinkedCodeBlock::setSymbolTable):
3875 (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex):
3876 (JSC::UnlinkedCodeBlock::symbolTableConstantIndex):
3877 (JSC::UnlinkedCodeBlock::vm):
3878 * bytecompiler/BytecodeGenerator.cpp:
3879 (JSC::BytecodeGenerator::generate):
3880 (JSC::BytecodeGenerator::BytecodeGenerator):
3881 (JSC::BytecodeGenerator::~BytecodeGenerator):
3882 (JSC::BytecodeGenerator::newRegister):
3883 (JSC::BytecodeGenerator::reclaimFreeRegisters):
3884 (JSC::BytecodeGenerator::newBlockScopeVariable):
3885 (JSC::BytecodeGenerator::newTemporary):
3886 (JSC::BytecodeGenerator::emitProfileType):
3887 (JSC::BytecodeGenerator::emitLoadGlobalObject):
3888 (JSC::BytecodeGenerator::pushLexicalScope):
3889 (JSC::BytecodeGenerator::popLexicalScope):
3890 (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3891 (JSC::BytecodeGenerator::variable):
3892 (JSC::BytecodeGenerator::variablePerSymbolTable):
3893 (JSC::BytecodeGenerator::variableForLocalEntry):
3894 (JSC::BytecodeGenerator::createVariable):
3895 (JSC::BytecodeGenerator::emitResolveScope):
3896 (JSC::BytecodeGenerator::emitGetFromScope):
3897 (JSC::BytecodeGenerator::emitPutToScope):
3898 (JSC::BytecodeGenerator::initializeVariable):
3899 (JSC::BytecodeGenerator::emitTDZCheck):
3900 (JSC::BytecodeGenerator::needsTDZCheck):
3901 (JSC::BytecodeGenerator::emitTDZCheckIfNecessary):
3902 (JSC::BytecodeGenerator::liftTDZCheckIfPossible):
git://git.webkit.org / WebKit-https.git / blob