[WTF] Add environment variable helpers
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2019-02-15  Ross Kirsling  <ross.kirsling@sony.com>
2
3         [WTF] Add environment variable helpers
4         https://bugs.webkit.org/show_bug.cgi?id=192405
5
6         Reviewed by Michael Catanzaro.
7
8         * inspector/remote/glib/RemoteInspectorGlib.cpp:
9         (Inspector::RemoteInspector::RemoteInspector):
10         (Inspector::RemoteInspector::start):
11         * jsc.cpp:
12         (startTimeoutThreadIfNeeded):
13         * runtime/Options.cpp:
14         (JSC::overrideOptionWithHeuristic):
15         (JSC::Options::overrideAliasedOptionWithHeuristic):
16         (JSC::Options::initialize):
17         * runtime/VM.cpp:
18         (JSC::enableAssembler):
19         (JSC::VM::VM):
20         * tools/CodeProfiling.cpp:
21         (JSC::CodeProfiling::notifyAllocator):
22         Utilize WTF::Environment where possible.
23
24 2019-02-15  Mark Lam  <mark.lam@apple.com>
25
26         SamplingProfiler::stackTracesAsJSON() should escape strings.
27         https://bugs.webkit.org/show_bug.cgi?id=194649
28         <rdar://problem/48072386>
29
30         Reviewed by Saam Barati.
31
32         Ditto for TypeSet::toJSONString() and TypeSet::toJSONString().
33
34         * runtime/SamplingProfiler.cpp:
35         (JSC::SamplingProfiler::stackTracesAsJSON):
36         * runtime/TypeSet.cpp:
37         (JSC::TypeSet::toJSONString const):
38         (JSC::StructureShape::toJSONString const):
39
40 2019-02-15  Robin Morisset  <rmorisset@apple.com>
41
42         CodeBlock::jettison should clear related watchpoints
43         https://bugs.webkit.org/show_bug.cgi?id=194544
44
45         Reviewed by Mark Lam.
46
47         * bytecode/CodeBlock.cpp:
48         (JSC::CodeBlock::jettison):
49         * dfg/DFGCommonData.h:
50         (JSC::DFG::CommonData::clearWatchpoints): Added.
51         * dfg/CommonData.cpp:
52         (JSC::DFG::CommonData::clearWatchpoints): Added.
53
54 2019-02-15  Tadeu Zagallo  <tzagallo@apple.com>
55
56         Move bytecode cache-related filesystem code out of CodeCache
57         https://bugs.webkit.org/show_bug.cgi?id=194675
58
59         Reviewed by Saam Barati.
60
61         That code is only used for the bytecode-cache tests, so it should live in
62         jsc.cpp rather than in the CodeCache.
63
64         * jsc.cpp:
65         (CliSourceProvider::create):
66         (CliSourceProvider::~CliSourceProvider):
67         (CliSourceProvider::cachePath const):
68         (CliSourceProvider::loadBytecode):
69         (CliSourceProvider::CliSourceProvider):
70         (jscSource):
71         (GlobalObject::moduleLoaderFetch):
72         (functionDollarEvalScript):
73         (runWithOptions):
74         * parser/SourceProvider.h:
75         (JSC::SourceProvider::cacheBytecode const):
76         * runtime/CodeCache.cpp:
77         (JSC::writeCodeBlock):
78         * runtime/CodeCache.h:
79         (JSC::CodeCacheMap::fetchFromDiskImpl):
80
81 2019-02-15  Yusuke Suzuki  <ysuzuki@apple.com>
82
83         [JSC] DFG, FTL, and Wasm worklist creation should be fenced
84         https://bugs.webkit.org/show_bug.cgi?id=194714
85
86         Reviewed by Mark Lam.
87
88         Let's consider about the following extreme case.
89
90         1. VM (A) is created.
91         2. Another VM (B) is created on a different thread.
92         3. (A) is being destroyed. It calls DFG::existingWorklistForIndexOrNull in a destructor.
93         4. At the same time, (B) starts using DFG Worklist and it is instantiated in call_once.
94         5. But (A) reads the pointer directly through DFG::existingWorklistForIndexOrNull.
95         6. (A) sees the half-baked worklist, which may be in the middle of creation.
96
97         This patch puts store-store fence just before putting a pointer to a global variable.
98         This fence is executed only three times at most, for DFG, FTL, and Wasm worklist initializations.
99
100         * dfg/DFGWorklist.cpp:
101         (JSC::DFG::ensureGlobalDFGWorklist):
102         (JSC::DFG::ensureGlobalFTLWorklist):
103         * wasm/WasmWorklist.cpp:
104         (JSC::Wasm::ensureWorklist):
105
106 2019-02-15  Commit Queue  <commit-queue@webkit.org>
107
108         Unreviewed, rolling out r241559 and r241566.
109         https://bugs.webkit.org/show_bug.cgi?id=194710
110
111         Causes layout test crashes under GuardMalloc (Requested by
112         ryanhaddad on #webkit).
113
114         Reverted changesets:
115
116         "[WTF] Add environment variable helpers"
117         https://bugs.webkit.org/show_bug.cgi?id=192405
118         https://trac.webkit.org/changeset/241559
119
120         "Unreviewed build fix for WinCairo Debug after r241559."
121         https://trac.webkit.org/changeset/241566
122
123 2019-02-15  Yusuke Suzuki  <ysuzuki@apple.com>
124
125         [JSC] Do not even allocate JIT worklists in non-JIT mode
126         https://bugs.webkit.org/show_bug.cgi?id=194693
127
128         Reviewed by Mark Lam.
129
130         Heap always allocates JIT worklists for Baseline, DFG, and FTL. While they do not have actual threads, Worklist itself already allocates some memory.
131         And we do not perform any GC operations that are only meaningful in JIT environment.
132
133         1. We add VM::canUseJIT() check in Heap's ensureXXXWorklist things to prevent them from being allocated.
134         2. We remove DFG marking constraint in non-JIT mode.
135         3. We do not gather conservative roots from scratch buffers under the non-JIT mode (BTW, # of scratch buffers are always zero in non-JIT mode)
136         4. We do not visit JITStubRoutineSet.
137         5. Align JITWorklist function names to the other worklists.
138
139         * dfg/DFGOSRExitPreparation.cpp:
140         (JSC::DFG::prepareCodeOriginForOSRExit):
141         * dfg/DFGPlan.h:
142         * dfg/DFGWorklist.cpp:
143         (JSC::DFG::markCodeBlocks): Deleted.
144         * dfg/DFGWorklist.h:
145         * heap/Heap.cpp:
146         (JSC::Heap::completeAllJITPlans):
147         (JSC::Heap::iterateExecutingAndCompilingCodeBlocks):
148         (JSC::Heap::gatherScratchBufferRoots):
149         (JSC::Heap::removeDeadCompilerWorklistEntries):
150         (JSC::Heap::stopThePeriphery):
151         (JSC::Heap::suspendCompilerThreads):
152         (JSC::Heap::resumeCompilerThreads):
153         (JSC::Heap::addCoreConstraints):
154         * jit/JITWorklist.cpp:
155         (JSC::JITWorklist::existingGlobalWorklistOrNull):
156         (JSC::JITWorklist::ensureGlobalWorklist):
157         (JSC::JITWorklist::instance): Deleted.
158         * jit/JITWorklist.h:
159         * llint/LLIntSlowPaths.cpp:
160         (JSC::LLInt::jitCompileAndSetHeuristics):
161         * runtime/VM.cpp:
162         (JSC::VM::~VM):
163         (JSC::VM::gatherScratchBufferRoots):
164         (JSC::VM::gatherConservativeRoots): Deleted.
165         * runtime/VM.h:
166
167 2019-02-15  Saam barati  <sbarati@apple.com>
168
169         [WebAssembly] Write a new register allocator for Air O0 and make BBQ use it
170         https://bugs.webkit.org/show_bug.cgi?id=194036
171
172         Reviewed by Yusuke Suzuki.
173
174         This patch adds a new Air-O0 backend. Air-O0 runs fewer passes and doesn't
175         use linear scan for register allocation. Instead of linear scan, Air-O0 does
176         mostly block-local register allocation, and it does this as it's emitting
177         code directly. The register allocator uses liveness analysis to reduce
178         the number of spills. Doing register allocation as we're emitting code
179         allows us to skip editing the IR to insert spills, which saves a non trivial
180         amount of compile time. For stack allocation, we give each Tmp its own slot.
181         This is less than ideal. We probably want to do some trivial live range analysis
182         in the future. The reason this isn't a deal breaker for Wasm is that this patch
183         makes it so that we reuse Tmps as we're generating Air IR in the AirIRGenerator.
184         Because Wasm is a stack machine, we trivially know when we kill a stack value (its last use).
185         
186         This patch is another 25% Wasm startup time speedup. It seems to be worth
187         another 1% on JetStream2.
188
189         * JavaScriptCore.xcodeproj/project.pbxproj:
190         * Sources.txt:
191         * b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp: Added.
192         (JSC::B3::Air::GenerateAndAllocateRegisters::GenerateAndAllocateRegisters):
193         (JSC::B3::Air::GenerateAndAllocateRegisters::buildLiveRanges):
194         (JSC::B3::Air::GenerateAndAllocateRegisters::insertBlocksForFlushAfterTerminalPatchpoints):
195         (JSC::B3::Air::callFrameAddr):
196         (JSC::B3::Air::GenerateAndAllocateRegisters::flush):
197         (JSC::B3::Air::GenerateAndAllocateRegisters::spill):
198         (JSC::B3::Air::GenerateAndAllocateRegisters::alloc):
199         (JSC::B3::Air::GenerateAndAllocateRegisters::freeDeadTmpsIfNeeded):
200         (JSC::B3::Air::GenerateAndAllocateRegisters::assignTmp):
201         (JSC::B3::Air::GenerateAndAllocateRegisters::isDisallowedRegister):
202         (JSC::B3::Air::GenerateAndAllocateRegisters::prepareForGeneration):
203         (JSC::B3::Air::GenerateAndAllocateRegisters::generate):
204         * b3/air/AirAllocateRegistersAndStackAndGenerateCode.h: Added.
205         * b3/air/AirCode.cpp:
206         * b3/air/AirCode.h:
207         * b3/air/AirGenerate.cpp:
208         (JSC::B3::Air::prepareForGeneration):
209         (JSC::B3::Air::generateWithAlreadyAllocatedRegisters):
210         (JSC::B3::Air::generate):
211         * b3/air/AirHandleCalleeSaves.cpp:
212         (JSC::B3::Air::handleCalleeSaves):
213         * b3/air/AirHandleCalleeSaves.h:
214         * b3/air/AirTmpMap.h:
215         * runtime/Options.h:
216         * wasm/WasmAirIRGenerator.cpp:
217         (JSC::Wasm::AirIRGenerator::didKill):
218         (JSC::Wasm::AirIRGenerator::newTmp):
219         (JSC::Wasm::AirIRGenerator::AirIRGenerator):
220         (JSC::Wasm::parseAndCompileAir):
221         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64TruncUF64>):
222         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64TruncUF32>):
223         * wasm/WasmAirIRGenerator.h:
224         * wasm/WasmB3IRGenerator.cpp:
225         (JSC::Wasm::B3IRGenerator::didKill):
226         * wasm/WasmBBQPlan.cpp:
227         (JSC::Wasm::BBQPlan::compileFunctions):
228         * wasm/WasmFunctionParser.h:
229         (JSC::Wasm::FunctionParser<Context>::parseBody):
230         (JSC::Wasm::FunctionParser<Context>::parseExpression):
231         * wasm/WasmValidate.cpp:
232         (JSC::Wasm::Validate::didKill):
233
234 2019-02-14  Saam barati  <sbarati@apple.com>
235
236         lowerStackArgs should lower Lea32/64 on ARM64 to Add
237         https://bugs.webkit.org/show_bug.cgi?id=194656
238
239         Reviewed by Yusuke Suzuki.
240
241         On arm64, Lea is just implemented as an add. However, Air treats it as an
242         address with a given width. Because of this width, we were incorrectly
243         computing whether or not this immediate could fit into the instruction itself
244         or it needed to be explicitly put into a register. This patch makes
245         AirLowerStackArgs lower Lea to Add on arm64.
246
247         * b3/air/AirLowerStackArgs.cpp:
248         (JSC::B3::Air::lowerStackArgs):
249         * b3/air/AirOpcode.opcodes:
250         * b3/air/testair.cpp:
251
252 2019-02-14  Saam Barati  <sbarati@apple.com>
253
254         Cache the results of BytecodeGenerator::getVariablesUnderTDZ
255         https://bugs.webkit.org/show_bug.cgi?id=194583
256         <rdar://problem/48028140>
257
258         Reviewed by Yusuke Suzuki.
259
260         This patch makes it so that getVariablesUnderTDZ caches a result of
261         CompactVariableMap::Handle. getVariablesUnderTDZ is costly when
262         it's called in an environment where there are a lot of variables.
263         This patch makes it so we cache its results. This is profitable when
264         getVariablesUnderTDZ is called repeatedly with the same environment
265         state. This is common since we call this every time we encounter a
266         function definition/expression node.
267
268         * builtins/BuiltinExecutables.cpp:
269         (JSC::BuiltinExecutables::createExecutable):
270         * bytecode/UnlinkedFunctionExecutable.cpp:
271         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
272         * bytecode/UnlinkedFunctionExecutable.h:
273         * bytecompiler/BytecodeGenerator.cpp:
274         (JSC::BytecodeGenerator::popLexicalScopeInternal):
275         (JSC::BytecodeGenerator::liftTDZCheckIfPossible):
276         (JSC::BytecodeGenerator::pushTDZVariables):
277         (JSC::BytecodeGenerator::getVariablesUnderTDZ):
278         (JSC::BytecodeGenerator::restoreTDZStack):
279         * bytecompiler/BytecodeGenerator.h:
280         (JSC::BytecodeGenerator::makeFunction):
281         * parser/VariableEnvironment.cpp:
282         (JSC::CompactVariableMap::Handle::Handle):
283         (JSC::CompactVariableMap::Handle::operator=):
284         * parser/VariableEnvironment.h:
285         (JSC::CompactVariableMap::Handle::operator bool const):
286         * runtime/CodeCache.cpp:
287         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
288
289 2019-02-14  Yusuke Suzuki  <ysuzuki@apple.com>
290
291         [JSC] Non-JIT entrypoints should share NativeJITCode per entrypoint type
292         https://bugs.webkit.org/show_bug.cgi?id=194659
293
294         Reviewed by Mark Lam.
295
296         Non-JIT entrypoints create NativeJITCode every time it is called. But it is meaningless since these entry point code are identical.
297         We should create one per entrypoint type (for function, we should have CodeForCall and CodeForConstruct) and continue to use them.
298         And we use NativeJITCode instead of DirectJITCode if it does not have difference between usual entrypoint and arity check entrypoint.
299
300         * dfg/DFGJITCode.h:
301         * dfg/DFGJITFinalizer.cpp:
302         (JSC::DFG::JITFinalizer::finalize):
303         (JSC::DFG::JITFinalizer::finalizeFunction):
304         * jit/JITCode.cpp:
305         (JSC::DirectJITCode::initializeCodeRefForDFG):
306         (JSC::DirectJITCode::initializeCodeRef): Deleted.
307         (JSC::NativeJITCode::initializeCodeRef): Deleted.
308         * jit/JITCode.h:
309         * llint/LLIntEntrypoint.cpp:
310         (JSC::LLInt::setFunctionEntrypoint):
311         (JSC::LLInt::setEvalEntrypoint):
312         (JSC::LLInt::setProgramEntrypoint):
313         (JSC::LLInt::setModuleProgramEntrypoint): Retagged is removed since the tag is the same.
314
315 2019-02-14  Ross Kirsling  <ross.kirsling@sony.com>
316
317         [WTF] Add environment variable helpers
318         https://bugs.webkit.org/show_bug.cgi?id=192405
319
320         Reviewed by Michael Catanzaro.
321
322         * inspector/remote/glib/RemoteInspectorGlib.cpp:
323         (Inspector::RemoteInspector::RemoteInspector):
324         (Inspector::RemoteInspector::start):
325         * jsc.cpp:
326         (startTimeoutThreadIfNeeded):
327         * runtime/Options.cpp:
328         (JSC::overrideOptionWithHeuristic):
329         (JSC::Options::overrideAliasedOptionWithHeuristic):
330         (JSC::Options::initialize):
331         * runtime/VM.cpp:
332         (JSC::enableAssembler):
333         (JSC::VM::VM):
334         * tools/CodeProfiling.cpp:
335         (JSC::CodeProfiling::notifyAllocator):
336         Utilize WTF::Environment where possible.
337
338 2019-02-14  Yusuke Suzuki  <ysuzuki@apple.com>
339
340         [JSC] Should have default NativeJITCode
341         https://bugs.webkit.org/show_bug.cgi?id=194634
342
343         Reviewed by Mark Lam.
344
345         In JSC_useJIT=false mode, we always create identical NativeJITCode for call and construct when we create NativeExecutable.
346         This is meaningless since we do not modify NativeJITCode after the creation. This patch adds singleton used as a default one.
347         Since NativeJITCode (& JITCode) is ThreadSafeRefCounted, we can just share it in a whole process level. This removes 446 NativeJITCode
348         allocations, which takes 14KB.
349
350         * runtime/VM.cpp:
351         (JSC::jitCodeForCallTrampoline):
352         (JSC::jitCodeForConstructTrampoline):
353         (JSC::VM::getHostFunction):
354
355 2019-02-14  Tadeu Zagallo  <tzagallo@apple.com>
356
357         generateUnlinkedCodeBlockForFunctions shouldn't need to create a FunctionExecutable just to get its source code
358         https://bugs.webkit.org/show_bug.cgi?id=194576
359
360         Reviewed by Saam Barati.
361
362         Extract a new function, `linkedSourceCode` from UnlinkedFunctionExecutable::link
363         and use it in `generateUnlinkedCodeBlockForFunctions` instead.
364
365         * bytecode/UnlinkedFunctionExecutable.cpp:
366         (JSC::UnlinkedFunctionExecutable::linkedSourceCode const):
367         (JSC::UnlinkedFunctionExecutable::link):
368         * bytecode/UnlinkedFunctionExecutable.h:
369         * runtime/CodeCache.cpp:
370         (JSC::generateUnlinkedCodeBlockForFunctions):
371
372 2019-02-14  Tadeu Zagallo  <tzagallo@apple.com>
373
374         CachedBitVector's size must be converted from bits to bytes
375         https://bugs.webkit.org/show_bug.cgi?id=194441
376
377         Reviewed by Saam Barati.
378
379         CachedBitVector used its size in bits for memcpy. That didn't cause any
380         issues when encoding, since the size in bits was also used in the allocation,
381         but would overflow the actual BitVector buffer when decoding.
382
383         * runtime/CachedTypes.cpp:
384         (JSC::CachedBitVector::encode):
385         (JSC::CachedBitVector::decode const):
386
387 2019-02-13  Brian Burg  <bburg@apple.com>
388
389         Web Inspector: don't include accessibility role in DOM.Node object payloads
390         https://bugs.webkit.org/show_bug.cgi?id=194623
391         <rdar://problem/36384037>
392
393         Reviewed by Devin Rousso.
394
395         Remove property of DOM.Node that is no longer being sent.
396
397         * inspector/protocol/DOM.json:
398
399 2019-02-13  Keith Miller  <keith_miller@apple.com> and Yusuke Suzuki  <ysuzuki@apple.com>
400
401         We should only make rope strings when concatenating strings long enough.
402         https://bugs.webkit.org/show_bug.cgi?id=194465
403
404         Reviewed by Mark Lam.
405
406         This patch stops us from allocating a rope string if the resulting
407         rope would be smaller than the size of the JSRopeString object we
408         would need to allocate.
409
410         This patch also adds paths so that we don't unnecessarily allocate
411         JSString cells for primitives we are going to concatenate with a
412         string anyway.
413
414         The important change from the previous one is that we do not apply
415         the above rule to JSRopeStrings generated by JSStrings. If we convert
416         it to JSString, comparison of memory consumption becomes the following,
417         because JSRopeString does not have StringImpl until it is resolved.
418
419             sizeof(JSRopeString) v.s. sizeof(JSString) + sizeof(StringImpl) + content
420
421         Since sizeof(JSString) + sizeof(StringImpl) is larger than sizeof(JSRopeString),
422         resolving eagerly increases memory footprint. The point is that we need to
423         account newly created JSString and JSRopeString from the operands. This is the
424         reason why this patch adds different thresholds for each jsString functions.
425
426         This patch also avoids concatenation for ropes conservatively. Many ropes are
427         temporary cells. So we do not resolve eagerly if one of operands is already a
428         rope.
429
430         In CLI execution, this change is performance neutral in JetStream2 (run 6 times, 1 for warming up and average in latter 5.).
431
432             Before: 159.3778
433             After:  160.72340000000003
434
435         * dfg/DFGOperations.cpp:
436         * runtime/CommonSlowPaths.cpp:
437         (JSC::SLOW_PATH_DECL):
438         * runtime/JSString.h:
439         (JSC::JSString::isRope const):
440         * runtime/Operations.cpp:
441         (JSC::jsAddSlowCase):
442         * runtime/Operations.h:
443         (JSC::jsString):
444         (JSC::jsAddNonNumber):
445         (JSC::jsAdd):
446
447 2019-02-13  Saam Barati  <sbarati@apple.com>
448
449         AirIRGenerator::addSwitch switch patchpoint needs to model clobbering the scratch register
450         https://bugs.webkit.org/show_bug.cgi?id=194610
451
452         Reviewed by Michael Saboff.
453
454         BinarySwitch might use the scratch register. We must model the
455         effects of that properly. This is already caught by our br-table
456         tests on arm64.
457
458         * wasm/WasmAirIRGenerator.cpp:
459         (JSC::Wasm::AirIRGenerator::addSwitch):
460
461 2019-02-13  Mark Lam  <mark.lam@apple.com>
462
463         Create a randomized free list for new StructureIDs on StructureIDTable resize.
464         https://bugs.webkit.org/show_bug.cgi?id=194566
465         <rdar://problem/47975502>
466
467         Reviewed by Michael Saboff.
468
469         Also isolate 32-bit implementation of StructureIDTable out more so the 64-bit
470         implementation is a little easier to read.
471
472         This patch appears to be perf neutral on JetStream2 (as run from the command line).
473
474         * runtime/StructureIDTable.cpp:
475         (JSC::StructureIDTable::StructureIDTable):
476         (JSC::StructureIDTable::makeFreeListFromRange):
477         (JSC::StructureIDTable::resize):
478         (JSC::StructureIDTable::allocateID):
479         (JSC::StructureIDTable::deallocateID):
480         * runtime/StructureIDTable.h:
481         (JSC::StructureIDTable::get):
482         (JSC::StructureIDTable::deallocateID):
483         (JSC::StructureIDTable::allocateID):
484         (JSC::StructureIDTable::flushOldTables):
485
486 2019-02-13  Tadeu Zagallo  <tzagallo@apple.com>
487
488         VariableLengthObject::allocate<T> should initialize objects
489         https://bugs.webkit.org/show_bug.cgi?id=194534
490
491         Reviewed by Michael Saboff.
492
493         `buffer()` should not be called for empty VariableLengthObjects, but
494         these cases were not being caught due to the objects not being properly
495         initialized. Fix it so that allocate calls the constructor and fix the
496         assertion failues.
497
498         * runtime/CachedTypes.cpp:
499         (JSC::CachedObject::operator new):
500         (JSC::VariableLengthObject::allocate):
501         (JSC::CachedVector::encode):
502         (JSC::CachedVector::decode const):
503         (JSC::CachedUniquedStringImpl::decode const):
504         (JSC::CachedBitVector::encode):
505         (JSC::CachedBitVector::decode const):
506         (JSC::CachedArray::encode):
507         (JSC::CachedArray::decode const):
508         (JSC::CachedImmutableButterfly::CachedImmutableButterfly):
509         (JSC::CachedBigInt::decode const):
510
511 2019-02-13  Tadeu Zagallo  <tzagallo@apple.com>
512
513         CodeBlocks read from disk should not be re-written
514         https://bugs.webkit.org/show_bug.cgi?id=194535
515
516         Reviewed by Michael Saboff.
517
518         Keep track of which CodeBlocks have been read from disk or have already
519         been serialized in CodeCache.
520
521         * runtime/CodeCache.cpp:
522         (JSC::CodeCache::write):
523         * runtime/CodeCache.h:
524         (JSC::SourceCodeValue::SourceCodeValue):
525         (JSC::CodeCacheMap::fetchFromDiskImpl):
526
527 2019-02-13  Tadeu Zagallo  <tzagallo@apple.com>
528
529         SourceCode should be copied when generating bytecode for functions
530         https://bugs.webkit.org/show_bug.cgi?id=194536
531
532         Reviewed by Saam Barati.
533
534         The FunctionExecutable might be collected while generating the bytecode
535         for nested functions, in which case the SourceCode reference would no
536         longer be valid.
537
538         * runtime/CodeCache.cpp:
539         (JSC::generateUnlinkedCodeBlockForFunctions):
540
541 2019-02-12  Saam barati  <sbarati@apple.com>
542
543         JSScript needs to retain its cache path NSURL*
544         https://bugs.webkit.org/show_bug.cgi?id=194577
545
546         Reviewed by Tim Horton.
547
548         * API/JSScript.mm:
549         (+[JSScript scriptFromASCIIFile:inVirtualMachine:withCodeSigning:andBytecodeCache:]):
550         (-[JSScript dealloc]):
551
552 2019-02-12  Robin Morisset  <rmorisset@apple.com>
553
554         Make B3Value::returnsBool() more precise
555         https://bugs.webkit.org/show_bug.cgi?id=194457
556
557         Reviewed by Saam Barati.
558
559         It is currently used repeatedly in B3ReduceStrength, as well as once in B3LowerToAir.
560         It has a needlessly complex rule for BitAnd, and has no rule for other easy cases such as BitOr or Select.
561         No new tests added as this should be indirectly tested by the already existing tests.
562
563         * b3/B3Value.cpp:
564         (JSC::B3::Value::returnsBool const):
565
566 2019-02-12  Michael Catanzaro  <mcatanzaro@igalia.com>
567
568         Unreviewed, fix -Wimplicit-fallthrough warning after r241140
569         https://bugs.webkit.org/show_bug.cgi?id=194399
570         <rdar://problem/47889777>
571
572         * dfg/DFGDoesGC.cpp:
573         (JSC::DFG::doesGC):
574
575 2019-02-12  Michael Catanzaro  <mcatanzaro@igalia.com>
576
577         [WPE][GTK] Unsafe g_unsetenv() use in WebProcessPool::platformInitialize
578         https://bugs.webkit.org/show_bug.cgi?id=194370
579
580         Reviewed by Darin Adler.
581
582         Change a couple WTFLogAlways to use g_warning, for good measure. Of course this isn't
583         necessary, but it will make errors more visible.
584
585         * inspector/remote/glib/RemoteInspectorGlib.cpp:
586         (Inspector::RemoteInspector::start):
587         (Inspector::dbusConnectionCallAsyncReadyCallback):
588         * inspector/remote/glib/RemoteInspectorServer.cpp:
589         (Inspector::RemoteInspectorServer::start):
590
591 2019-02-12  Andy Estes  <aestes@apple.com>
592
593         [iOSMac] Enable Parental Controls Content Filtering
594         https://bugs.webkit.org/show_bug.cgi?id=194521
595         <rdar://39732376>
596
597         Reviewed by Tim Horton.
598
599         * Configurations/FeatureDefines.xcconfig:
600
601 2019-02-11  Mark Lam  <mark.lam@apple.com>
602
603         Randomize insertion of deallocated StructureIDs into the StructureIDTable's free list.
604         https://bugs.webkit.org/show_bug.cgi?id=194512
605         <rdar://problem/47975465>
606
607         Reviewed by Yusuke Suzuki.
608
609         * runtime/StructureIDTable.cpp:
610         (JSC::StructureIDTable::StructureIDTable):
611         (JSC::StructureIDTable::allocateID):
612         (JSC::StructureIDTable::deallocateID):
613         * runtime/StructureIDTable.h:
614
615 2019-02-10  Mark Lam  <mark.lam@apple.com>
616
617         Remove the RELEASE_ASSERT check for duplicate cases in the BinarySwitch constructor.
618         https://bugs.webkit.org/show_bug.cgi?id=194493
619         <rdar://problem/36380852>
620
621         Reviewed by Yusuke Suzuki.
622
623         Having duplicate cases in the BinarySwitch is not a correctness issue.  It is
624         however not good for performance and memory usage.  As such, a debug ASSERT will
625         do.  We'll also do an audit of the clients of BinarySwitch to see if it's
626         possible to be instantiated with duplicate cases in
627         https://bugs.webkit.org/show_bug.cgi?id=194492 later.
628
629         Also added some value dumps to the RELEASE_ASSERT to help debug the issue when we
630         see duplicate cases.
631
632         * jit/BinarySwitch.cpp:
633         (JSC::BinarySwitch::BinarySwitch):
634
635 2019-02-10  Darin Adler  <darin@apple.com>
636
637         Switch uses of StringBuilder with String::format for hex numbers to use HexNumber.h instead
638         https://bugs.webkit.org/show_bug.cgi?id=194485
639
640         Reviewed by Daniel Bates.
641
642         * heap/HeapSnapshotBuilder.cpp:
643         (JSC::HeapSnapshotBuilder::json): Use appendUnsignedAsHex along with
644         reinterpret_cast<uintptr_t> to replace uses of String::format with "%p".
645
646         * runtime/JSGlobalObjectFunctions.cpp:
647         (JSC::encode): Removed some unneeded casts in StringBuilder code,
648         including one in a call to appendByteAsHex.
649         (JSC::globalFuncEscape): Ditto.
650
651 2019-02-10  Commit Queue  <commit-queue@webkit.org>
652
653         Unreviewed, rolling out r241230.
654         https://bugs.webkit.org/show_bug.cgi?id=194488
655
656         "It regressed JetStream2 by ~6%" (Requested by saamyjoon on
657         #webkit).
658
659         Reverted changeset:
660
661         "We should only make rope strings when concatenating strings
662         long enough."
663         https://bugs.webkit.org/show_bug.cgi?id=194465
664         https://trac.webkit.org/changeset/241230
665
666 2019-02-10  Saam barati  <sbarati@apple.com>
667
668         BBQ-Air: Emit better code for switch
669         https://bugs.webkit.org/show_bug.cgi?id=194053
670
671         Reviewed by Yusuke Suzuki.
672
673         Instead of emitting a linear set of jumps for Switch, this patch
674         makes the BBQ-Air backend emit a binary switch.
675
676         * wasm/WasmAirIRGenerator.cpp:
677         (JSC::Wasm::AirIRGenerator::addSwitch):
678
679 2019-02-09  Yusuke Suzuki  <ysuzuki@apple.com>
680
681         Unreviewed, Lexer should use isLatin1 implementation in WTF
682         https://bugs.webkit.org/show_bug.cgi?id=194466
683
684         Follow-up after r241233 pointed by Darin.
685
686         * parser/Lexer.cpp:
687         (JSC::isLatin1): Deleted.
688
689 2019-02-09  Darin Adler  <darin@apple.com>
690
691         Eliminate unnecessary String temporaries by using StringConcatenateNumbers
692         https://bugs.webkit.org/show_bug.cgi?id=194021
693
694         Reviewed by Geoffrey Garen.
695
696         * inspector/agents/InspectorConsoleAgent.cpp:
697         (Inspector::InspectorConsoleAgent::count): Remove String::number and let
698         makeString do the conversion without allocating/destroying a String.
699         * inspector/agents/InspectorDebuggerAgent.cpp:
700         (Inspector::objectGroupForBreakpointAction): Ditto.
701         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl): Ditto.
702         (Inspector::InspectorDebuggerAgent::setBreakpoint): Ditto.
703         * runtime/JSGenericTypedArrayViewInlines.h:
704         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty): Ditto.
705         * runtime/NumberPrototype.cpp:
706         (JSC::numberProtoFuncToFixed): Use String::numberToStringFixedWidth instead
707         of calling numberToFixedWidthString to do the same thing.
708         (JSC::numberProtoFuncToPrecision): Use String::number instead of calling
709         numberToFixedPrecisionString to do the same thing.
710         * runtime/SamplingProfiler.cpp:
711         (JSC::SamplingProfiler::reportTopFunctions): Ditto.
712
713 2019-02-09  Yusuke Suzuki  <ysuzuki@apple.com>
714
715         Unreviewed, rolling in r241237 again
716         https://bugs.webkit.org/show_bug.cgi?id=194469
717
718         * runtime/JSString.h:
719         (JSC::jsSubstring):
720
721 2019-02-09  Commit Queue  <commit-queue@webkit.org>
722
723         Unreviewed, rolling out r241237.
724         https://bugs.webkit.org/show_bug.cgi?id=194474
725
726         Shows significant memory increase in WSL (Requested by
727         yusukesuzuki on #webkit).
728
729         Reverted changeset:
730
731         "[WTF] Use BufferInternal StringImpl if substring StringImpl
732         takes more memory"
733         https://bugs.webkit.org/show_bug.cgi?id=194469
734         https://trac.webkit.org/changeset/241237
735
736 2019-02-08  Yusuke Suzuki  <ysuzuki@apple.com>
737
738         [WTF] Use BufferInternal StringImpl if substring StringImpl takes more memory
739         https://bugs.webkit.org/show_bug.cgi?id=194469
740
741         Reviewed by Geoffrey Garen.
742
743         * runtime/JSString.h:
744         (JSC::jsSubstring):
745
746 2019-02-08  Yusuke Suzuki  <ysuzuki@apple.com>
747
748         [JSC] CachedTypes should use jsString instead of JSString::create
749         https://bugs.webkit.org/show_bug.cgi?id=194471
750
751         Reviewed by Mark Lam.
752
753         Use jsString() here because JSString::create is a bit low-level API and it requires some invariant like "length is not zero".
754
755         * runtime/CachedTypes.cpp:
756         (JSC::CachedJSValue::decode const):
757
758 2019-02-08  Yusuke Suzuki  <ysuzuki@apple.com>
759
760         [JSC] Increase StructureIDTable initial capacity
761         https://bugs.webkit.org/show_bug.cgi?id=194468
762
763         Reviewed by Mark Lam.
764
765         Currently, # of structures just after initializing JSGlobalObject (precisely, initializing GlobalObject in
766         JSC shell), 281, already exceeds the current initial value 256. We should increase the capacity since
767         unnecessary resizing requires more operations, keeps old StructureID array until GC happens, and makes
768         more memory dirty. We also remove some structures that are no longer used.
769
770         * runtime/JSGlobalObject.h:
771         (JSC::JSGlobalObject::callbackObjectStructure const):
772         (JSC::JSGlobalObject::propertyNameIteratorStructure const): Deleted.
773         * runtime/StructureIDTable.h:
774         * runtime/VM.h:
775
776 2019-02-08  Yusuke Suzuki  <ysuzuki@apple.com>
777
778         [JSC] String.fromCharCode's slow path always generates 16bit string
779         https://bugs.webkit.org/show_bug.cgi?id=194466
780
781         Reviewed by Keith Miller.
782
783         String.fromCharCode(a1) has a fast path and the most frequently used. And String.fromCharCode(a1, a2, ...)
784         goes to the slow path. However, in the slow path, we always create 16bit string. 16bit string takes 2x memory,
785         and even worse, taints ropes 16bit if 16bit string is included in the given rope. We find that acorn-wtb
786         creates very large strings multiple times with String.fromCharCode, and String.fromCharCode always produces
787         16bit string. However, only few strings are actually 16bit strings. This patch attempts to make 8bit string
788         as much as possible.
789
790         It improves non JIT acorn-wtb's peak and current memory footprint by 6% and 3% respectively.
791
792         * runtime/StringConstructor.cpp:
793         (JSC::stringFromCharCode):
794
795 2019-02-08  Keith Miller  <keith_miller@apple.com>
796
797         We should only make rope strings when concatenating strings long enough.
798         https://bugs.webkit.org/show_bug.cgi?id=194465
799
800         Reviewed by Saam Barati.
801
802         This patch stops us from allocating a rope string if the resulting
803         rope would be smaller than the size of the JSRopeString object we
804         would need to allocate.
805
806         This patch also adds paths so that we don't unnecessarily allocate
807         JSString cells for primitives we are going to concatenate with a
808         string anyway.
809
810         * dfg/DFGOperations.cpp:
811         * runtime/CommonSlowPaths.cpp:
812         (JSC::SLOW_PATH_DECL):
813         * runtime/JSString.h:
814         * runtime/Operations.cpp:
815         (JSC::jsAddSlowCase):
816         * runtime/Operations.h:
817         (JSC::jsString):
818         (JSC::jsAdd):
819
820 2019-02-08  Saam barati  <sbarati@apple.com>
821
822         Nodes that rely on being dominated by CheckInBounds should have a child edge to it
823         https://bugs.webkit.org/show_bug.cgi?id=194334
824         <rdar://problem/47844327>
825
826         Reviewed by Mark Lam.
827
828         * dfg/DFGAbstractInterpreterInlines.h:
829         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
830         * dfg/DFGArgumentsEliminationPhase.cpp:
831         * dfg/DFGByteCodeParser.cpp:
832         (JSC::DFG::ByteCodeParser::parseBlock):
833         * dfg/DFGClobberize.h:
834         (JSC::DFG::clobberize):
835         * dfg/DFGConstantFoldingPhase.cpp:
836         (JSC::DFG::ConstantFoldingPhase::foldConstants):
837         * dfg/DFGFixupPhase.cpp:
838         (JSC::DFG::FixupPhase::fixupNode):
839         (JSC::DFG::FixupPhase::convertToHasIndexedProperty):
840         * dfg/DFGIntegerCheckCombiningPhase.cpp:
841         (JSC::DFG::IntegerCheckCombiningPhase::handleBlock):
842         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
843         * dfg/DFGNodeType.h:
844         * dfg/DFGSSALoweringPhase.cpp:
845         (JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
846         * dfg/DFGSpeculativeJIT.cpp:
847         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
848         * ftl/FTLLowerDFGToB3.cpp:
849         (JSC::FTL::DFG::LowerDFGToB3::compileCheckInBounds):
850         (JSC::FTL::DFG::LowerDFGToB3::compileHasIndexedProperty):
851
852 2019-02-08  Yusuke Suzuki  <ysuzuki@apple.com>
853
854         [JSC] Shrink sizeof(CodeBlock) more
855         https://bugs.webkit.org/show_bug.cgi?id=194419
856
857         Reviewed by Mark Lam.
858
859         This patch further shrinks the size of CodeBlock, from 352 to 296 (304).
860
861         1. CodeBlock copies so many data from ScriptExecutable even if ScriptExecutable
862         has the same information. These data is not touched in CodeBlock::~CodeBlock,
863         so we can just use the data in ScriptExecutable instead of holding it in CodeBlock.
864
865         2. We remove m_instructions pointer since the ownership is managed by UnlinkedCodeBlock.
866         And we do not touch it in CodeBlock::~CodeBlock.
867
868         3. We move m_calleeSaveRegisters from CodeBlock to CodeBlock::JITData. For baseline and LLInt
869         cases, this patch offers RegisterAtOffsetList::llintBaselineCalleeSaveRegisters() which returns
870         singleton to `const RegisterAtOffsetList*` usable for LLInt and Baseline JIT CodeBlocks.
871
872         4. Move m_catchProfiles to RareData and materialize only when op_catch's slow path is called.
873
874         5. Drop ownerScriptExecutable. ownerExecutable() returns ScriptExecutable*.
875
876         * bytecode/CodeBlock.cpp:
877         (JSC::CodeBlock::hash const):
878         (JSC::CodeBlock::sourceCodeForTools const):
879         (JSC::CodeBlock::dumpAssumingJITType const):
880         (JSC::CodeBlock::dumpSource):
881         (JSC::CodeBlock::CodeBlock):
882         (JSC::CodeBlock::finishCreation):
883         (JSC::CodeBlock::propagateTransitions):
884         (JSC::CodeBlock::finalizeLLIntInlineCaches):
885         (JSC::CodeBlock::setCalleeSaveRegisters):
886         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
887         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
888         (JSC::CodeBlock::lineNumberForBytecodeOffset):
889         (JSC::CodeBlock::expressionRangeForBytecodeOffset const):
890         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
891         (JSC::CodeBlock::newReplacement):
892         (JSC::CodeBlock::replacement):
893         (JSC::CodeBlock::computeCapabilityLevel):
894         (JSC::CodeBlock::jettison):
895         (JSC::CodeBlock::calleeSaveRegisters const):
896         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
897         (JSC::CodeBlock::updateOSRExitCounterAndCheckIfNeedToReoptimize):
898         (JSC::CodeBlock::getArrayProfile):
899         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
900         (JSC::CodeBlock::notifyLexicalBindingUpdate):
901         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
902         (JSC::CodeBlock::validate):
903         (JSC::CodeBlock::outOfLineJumpTarget):
904         (JSC::CodeBlock::arithProfileForBytecodeOffset):
905         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
906         * bytecode/CodeBlock.h:
907         (JSC::CodeBlock::specializationKind const):
908         (JSC::CodeBlock::isStrictMode const):
909         (JSC::CodeBlock::isConstructor const):
910         (JSC::CodeBlock::codeType const):
911         (JSC::CodeBlock::isKnownNotImmediate):
912         (JSC::CodeBlock::instructions const):
913         (JSC::CodeBlock::ownerExecutable const):
914         (JSC::CodeBlock::thisRegister const):
915         (JSC::CodeBlock::source const):
916         (JSC::CodeBlock::sourceOffset const):
917         (JSC::CodeBlock::firstLineColumnOffset const):
918         (JSC::CodeBlock::createRareDataIfNecessary):
919         (JSC::CodeBlock::ownerScriptExecutable const): Deleted.
920         (JSC::CodeBlock::setThisRegister): Deleted.
921         (JSC::CodeBlock::calleeSaveRegisters const): Deleted.
922         * bytecode/EvalCodeBlock.h:
923         * bytecode/FunctionCodeBlock.h:
924         * bytecode/GlobalCodeBlock.h:
925         (JSC::GlobalCodeBlock::GlobalCodeBlock):
926         * bytecode/ModuleProgramCodeBlock.h:
927         * bytecode/ProgramCodeBlock.h:
928         * debugger/Debugger.cpp:
929         (JSC::Debugger::toggleBreakpoint):
930         * debugger/DebuggerCallFrame.cpp:
931         (JSC::DebuggerCallFrame::sourceID const):
932         (JSC::DebuggerCallFrame::sourceIDForCallFrame):
933         * debugger/DebuggerScope.cpp:
934         (JSC::DebuggerScope::location const):
935         * dfg/DFGByteCodeParser.cpp:
936         (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
937         (JSC::DFG::ByteCodeParser::inliningCost):
938         (JSC::DFG::ByteCodeParser::parseCodeBlock):
939         * dfg/DFGCapabilities.cpp:
940         (JSC::DFG::isSupportedForInlining):
941         (JSC::DFG::mightCompileEval):
942         (JSC::DFG::mightCompileProgram):
943         (JSC::DFG::mightCompileFunctionForCall):
944         (JSC::DFG::mightCompileFunctionForConstruct):
945         (JSC::DFG::canUseOSRExitFuzzing):
946         * dfg/DFGGraph.h:
947         (JSC::DFG::Graph::executableFor):
948         * dfg/DFGJITCompiler.cpp:
949         (JSC::DFG::JITCompiler::compileFunction):
950         * dfg/DFGOSREntry.cpp:
951         (JSC::DFG::prepareOSREntry):
952         * dfg/DFGOSRExit.cpp:
953         (JSC::DFG::restoreCalleeSavesFor):
954         (JSC::DFG::saveCalleeSavesFor):
955         (JSC::DFG::saveOrCopyCalleeSavesFor):
956         * dfg/DFGOSRExitCompilerCommon.cpp:
957         (JSC::DFG::handleExitCounts):
958         * dfg/DFGOperations.cpp:
959         * dfg/DFGToFTLDeferredCompilationCallback.cpp:
960         (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
961         * ftl/FTLCapabilities.cpp:
962         (JSC::FTL::canCompile):
963         * ftl/FTLLink.cpp:
964         (JSC::FTL::link):
965         * ftl/FTLOSRExitCompiler.cpp:
966         (JSC::FTL::compileStub):
967         * interpreter/CallFrame.cpp:
968         (JSC::CallFrame::callerSourceOrigin):
969         * interpreter/Interpreter.cpp:
970         (JSC::eval):
971         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
972         * interpreter/StackVisitor.cpp:
973         (JSC::StackVisitor::Frame::calleeSaveRegisters):
974         (JSC::StackVisitor::Frame::sourceURL const):
975         (JSC::StackVisitor::Frame::sourceID):
976         (JSC::StackVisitor::Frame::computeLineAndColumn const):
977         * interpreter/StackVisitor.h:
978         * jit/AssemblyHelpers.h:
979         (JSC::AssemblyHelpers::emitSaveCalleeSavesFor):
980         (JSC::AssemblyHelpers::emitSaveOrCopyCalleeSavesFor):
981         (JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
982         * jit/CallFrameShuffleData.cpp:
983         (JSC::CallFrameShuffleData::setupCalleeSaveRegisters):
984         * jit/JIT.cpp:
985         (JSC::JIT::compileWithoutLinking):
986         * jit/JITToDFGDeferredCompilationCallback.cpp:
987         (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
988         * jit/JITWorklist.cpp:
989         (JSC::JITWorklist::Plan::finalize):
990         (JSC::JITWorklist::compileNow):
991         * jit/RegisterAtOffsetList.cpp:
992         (JSC::RegisterAtOffsetList::llintBaselineCalleeSaveRegisters):
993         * jit/RegisterAtOffsetList.h:
994         (JSC::RegisterAtOffsetList::at const):
995         * runtime/ErrorInstance.cpp:
996         (JSC::appendSourceToError):
997         * runtime/ScriptExecutable.cpp:
998         (JSC::ScriptExecutable::newCodeBlockFor):
999         * runtime/StackFrame.cpp:
1000         (JSC::StackFrame::sourceID const):
1001         (JSC::StackFrame::sourceURL const):
1002         (JSC::StackFrame::computeLineAndColumn const):
1003
1004 2019-02-08  Robin Morisset  <rmorisset@apple.com>
1005
1006         B3LowerMacros wrongly sets m_changed to true in the case of AtomicWeakCAS on x86
1007         https://bugs.webkit.org/show_bug.cgi?id=194460
1008
1009         Reviewed by Mark Lam.
1010
1011         Trivial fix, should already be covered by testAtomicWeakCAS in testb3.cpp.
1012
1013         * b3/B3LowerMacros.cpp:
1014
1015 2019-02-08  Mark Lam  <mark.lam@apple.com>
1016
1017         Use maxSingleCharacterString in comparisons instead of literal constants.
1018         https://bugs.webkit.org/show_bug.cgi?id=194452
1019
1020         Reviewed by Yusuke Suzuki.
1021
1022         This way, if we ever change maxSingleCharacterString, it won't break all this code
1023         that relies on it being 0xff implicitly.
1024
1025         * dfg/DFGSpeculativeJIT.cpp:
1026         (JSC::DFG::SpeculativeJIT::compileStringSlice):
1027         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1028         * ftl/FTLLowerDFGToB3.cpp:
1029         (JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
1030         (JSC::FTL::DFG::LowerDFGToB3::compileStringSlice):
1031         * jit/ThunkGenerators.cpp:
1032         (JSC::stringGetByValGenerator):
1033         (JSC::charToString):
1034
1035 2019-02-08  Mark Lam  <mark.lam@apple.com>
1036
1037         Fix DFG's doesGC() for CheckTierUp*, GetByVal, PutByVal*, and StringCharAt nodes.
1038         https://bugs.webkit.org/show_bug.cgi?id=194446
1039         <rdar://problem/47926792>
1040
1041         Reviewed by Saam Barati.
1042
1043         Fix doesGC() for the following nodes:
1044
1045             CheckTierUpAtReturn:
1046                 Calls triggerTierUpNow(), which calls triggerFTLReplacementCompile(),
1047                 which calls Worklist::completeAllReadyPlansForVM(), which uses DeferGC.
1048
1049             CheckTierUpInLoop:
1050                 Calls triggerTierUpNowInLoop(), which calls tierUpCommon(), which calls
1051                 Worklist::completeAllReadyPlansForVM(), which uses DeferGC.
1052
1053             CheckTierUpAndOSREnter:
1054                 Calls triggerOSREntryNow(), which calls tierUpCommon(), which calls
1055                 Worklist::completeAllReadyPlansForVM(), which uses DeferGC.
1056
1057             GetByVal:
1058                 case Array::String calls operationSingleCharacterString(), which calls
1059                 jsSingleCharacterString(), which can allocate a string.
1060
1061             PutByValDirect:
1062             PutByVal:
1063             PutByValAlias:
1064                 For the DFG only, the integer TypeArrays calls compilePutByValForIntTypedArray(),
1065                 which may call slow paths operationPutByValDirectStrict(), operationPutByValDirectNonStrict(),
1066                 operationPutByValStrict(), or operationPutByValNonStrict().  All of these
1067                 slow paths call putByValInternal(), which may create exception objects, or
1068                 call the generic JSValue::put() which may execute arbitrary code.
1069
1070             StringCharAt:
1071                 Can call operationSingleCharacterString(), which calls jsSingleCharacterString(),
1072                 which can allocate a string.
1073
1074         Also fix DFG::SpeculativeJIT::compileGetByValOnString() and FTL's compileStringCharAt()
1075         to use the maxSingleCharacterString constant instead of a literal constant.
1076
1077         * dfg/DFGDoesGC.cpp:
1078         (JSC::DFG::doesGC):
1079         * dfg/DFGSpeculativeJIT.cpp:
1080         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1081         * dfg/DFGSpeculativeJIT64.cpp:
1082         (JSC::DFG::SpeculativeJIT::compile):
1083         * ftl/FTLLowerDFGToB3.cpp:
1084         (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
1085         (JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
1086         (JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
1087
1088 2019-02-08  Yusuke Suzuki  <ysuzuki@apple.com>
1089
1090         [JSC] SourceProviderCacheItem should be small
1091         https://bugs.webkit.org/show_bug.cgi?id=194432
1092
1093         Reviewed by Saam Barati.
1094
1095         Some JetStream2 tests stress the JS parser. At that time, so many SourceProviderCacheItems are created.
1096         While they are removed when full-GC happens, it significantly increases the peak memory usage.
1097         This patch reduces the size of SourceProviderCacheItem from 56 to 32.
1098
1099         * parser/Parser.cpp:
1100         (JSC::Parser<LexerType>::parseFunctionInfo):
1101         * parser/ParserModes.h:
1102         * parser/ParserTokens.h:
1103         * parser/SourceProviderCacheItem.h:
1104         (JSC::SourceProviderCacheItem::endFunctionToken const):
1105         (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
1106
1107 2019-02-07  Robin Morisset  <rmorisset@apple.com>
1108
1109         Fix Abs(Neg(x)) -> Abs(x) optimization in B3ReduceStrength
1110         https://bugs.webkit.org/show_bug.cgi?id=194420
1111
1112         Reviewed by Saam Barati.
1113
1114         In https://bugs.webkit.org/show_bug.cgi?id=194250, I added an optimization: Abs(Neg(x)) -> Abs(x).
1115         But I introduced two bugs, one is that I actually implemented Abs(Neg(x)) -> x, and the other is that the test is looking at Abs(Abs(x)) instead (both were stupid copy-paste mistakes).
1116         This trivial patch fixes both.
1117
1118         * b3/B3ReduceStrength.cpp:
1119         * b3/testb3.cpp:
1120         (JSC::B3::testAbsNegArg):
1121
1122 2019-02-07  Keith Miller  <keith_miller@apple.com>
1123
1124         Better error messages for module loader SPI
1125         https://bugs.webkit.org/show_bug.cgi?id=194421
1126
1127         Reviewed by Saam Barati.
1128
1129         * API/JSAPIGlobalObject.mm:
1130         (JSC::JSAPIGlobalObject::moduleLoaderImportModule):
1131
1132 2019-02-07  Mark Lam  <mark.lam@apple.com>
1133
1134         Fix more doesGC() for CheckTraps, GetMapBucket, and Switch nodes.
1135         https://bugs.webkit.org/show_bug.cgi?id=194399
1136         <rdar://problem/47889777>
1137
1138         Reviewed by Yusuke Suzuki.
1139
1140         Fix doesGC() for the following nodes:
1141
1142             CheckTraps:
1143                 We normally will not emit this node because Options::usePollingTraps() is
1144                 false by default.  However, as it is implemented now, CheckTraps can GC
1145                 because it can allocate a TerminatedExecutionException.  If we make the
1146                 TerminatedExecutionException a singleton allocated at initialization time,
1147                 doesGC() can return false for CheckTraps.
1148                 https://bugs.webkit.org/show_bug.cgi?id=194323
1149
1150             GetMapBucket:
1151                 Can call operationJSMapFindBucket() or operationJSSetFindBucket(),
1152                 which calls HashMapImpl::findBucket(), which calls jsMapHash(), which
1153                 can resolve a rope.
1154
1155             Switch:
1156                 If switchData kind is SwitchChar, can call operationResolveRope() .
1157                 If switchData kind is SwitchString and the child use kind is not StringIdentUse,
1158                     can call operationSwitchString() which resolves ropes.
1159
1160             DirectTailCall:
1161             ForceOSRExit:
1162             Return:
1163             TailCallForwardVarargs:
1164             TailCallVarargs:
1165             Throw:
1166                 These are terminal nodes.  It shouldn't really matter what doesGC() returns
1167                 for them, but following our conservative practice, unless we have a good
1168                 reason for doesGC() to return false, we should just return true.
1169
1170         * dfg/DFGDoesGC.cpp:
1171         (JSC::DFG::doesGC):
1172
1173 2019-02-07  Robin Morisset  <rmorisset@apple.com>
1174
1175         B3ReduceStrength: missing peephole optimizations for Neg and Sub
1176         https://bugs.webkit.org/show_bug.cgi?id=194250
1177
1178         Reviewed by Saam Barati.
1179
1180         Adds the following optimizations for integers:
1181         - Sub(x, x) => 0
1182             Already covered by the test testSubArg
1183         - Sub(x1, Neg(x2)) => Add (x1, x2)
1184             Added test: testSubNeg
1185         - Neg(Sub(x1, x2)) => Sub(x2, x1)
1186             Added test: testNegSub
1187         - Add(Neg(x1), x2) => Sub(x2, x1)
1188             Added test: testAddNeg1
1189         - Add(x1, Neg(x2)) => Sub(x1, x2)
1190             Added test: testAddNeg2
1191         Adds the following optimization for floating point values:
1192         - Abs(Neg(x)) => Abs(x)
1193             Added test: testAbsNegArg
1194             Adds the following optimization:
1195
1196         Also did some trivial refactoring, using m_value->isInteger() everywhere instead of isInt(m_value->type()), and using replaceWithNew<Value> instead of replaceWithNewValue(m_proc.add<Value(..))
1197
1198         * b3/B3ReduceStrength.cpp:
1199         * b3/testb3.cpp:
1200         (JSC::B3::testAddNeg1):
1201         (JSC::B3::testAddNeg2):
1202         (JSC::B3::testSubNeg):
1203         (JSC::B3::testNegSub):
1204         (JSC::B3::testAbsAbsArg):
1205         (JSC::B3::testAbsNegArg):
1206         (JSC::B3::run):
1207
1208 2019-02-06  Yusuke Suzuki  <ysuzuki@apple.com>
1209
1210         [JSC] Use BufferInternal single character StringImpl for SmallStrings
1211         https://bugs.webkit.org/show_bug.cgi?id=194374
1212
1213         Reviewed by Geoffrey Garen.
1214
1215         Currently, we first create a large StringImpl, and create bunch of substrings with length = 1.
1216         But pointer is larger than single character. BufferInternal StringImpl with single character
1217         is more memory efficient.
1218
1219         * runtime/SmallStrings.cpp:
1220         (JSC::SmallStringsStorage::SmallStringsStorage):
1221         (JSC::SmallStrings::SmallStrings):
1222         * runtime/SmallStrings.h:
1223
1224 2019-02-06  Yusuke Suzuki  <ysuzuki@apple.com>
1225
1226         [JSC] InitializeEntrypointArguments should produce SpecCellCheck if FlushFormat is FlushedCell
1227         https://bugs.webkit.org/show_bug.cgi?id=194369
1228         <rdar://problem/47813087>
1229
1230         Reviewed by Saam Barati.
1231
1232         InitializeEntrypointArguments says SpecCell if the FlushFormat is FlushedCell. But this actually has
1233         JSEmpty if it is TDZ. This incorrectly proved type information removes necessary CheckNotEmpty in
1234         constant folding phase.
1235
1236         * dfg/DFGAbstractInterpreterInlines.h:
1237         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1238
1239 2019-02-06  Devin Rousso  <drousso@apple.com>
1240
1241         Web Inspector: DOM: don't send the entire function string with each event listener
1242         https://bugs.webkit.org/show_bug.cgi?id=194293
1243         <rdar://problem/47822809>
1244
1245         Reviewed by Joseph Pecoraro.
1246
1247         * inspector/protocol/DOM.json:
1248
1249         * runtime/JSFunction.h:
1250         Export `calculatedDisplayName`.
1251
1252 2019-02-06  Yusuke Suzuki  <ysuzuki@apple.com>
1253
1254         [JSC] PrivateName to PublicName hash table is wasteful
1255         https://bugs.webkit.org/show_bug.cgi?id=194277
1256
1257         Reviewed by Michael Saboff.
1258
1259         PrivateNames account for a lot of memory in the initial JSC footprint. BuiltinNames have Identifier fields corresponding to these PrivateNames
1260         which makes the sizeof(BuiltinNames) about 6KB. It also maintains hash tables for "PublicName to PrivateName" and "PrivateName to PublicName",
1261         each of which takes 16KB memory. While "PublicName to PrivateName" functionality is used in builtin JS (parsing "@xxx" and get a private
1262         name for "xxx"), "PrivateName to PublicName" is rarely used. Holding 16KB hash table for rarely used feature is costly.
1263
1264         In this patch, we add some rules to remove "PrivateName to PublicName" hash table.
1265
1266         1. PrivateName's content should be the same to PublicName.
1267         2. If PrivateName is not actually a private name (we introduced hacky mapping like "@iteratorSymbol" => Symbol.iterator),
1268            the public name should be easily crafted from the given PrivateName.
1269
1270         We modify the content of private names to ensure (1). And for (2), we can meet this requirement by ensuring that the "@xxxSymbol"
1271         is converted to "Symbol.xxx". (1) and (2) allow us to convert a private name to a public name without a large hash table.
1272
1273         We also remove unused identifiers in CommonIdentifiers. And we also move some of them to WebCore's WebCoreBuiltinNames if it is only used in
1274         WebCore.
1275
1276         * builtins/BuiltinNames.cpp:
1277         (JSC::BuiltinNames::BuiltinNames):
1278         * builtins/BuiltinNames.h:
1279         (JSC::BuiltinNames::lookUpPrivateName const):
1280         (JSC::BuiltinNames::getPublicName const):
1281         (JSC::BuiltinNames::checkPublicToPrivateMapConsistency):
1282         (JSC::BuiltinNames::appendExternalName):
1283         (JSC::BuiltinNames::lookUpPublicName const): Deleted.
1284         * builtins/BuiltinUtils.h:
1285         * bytecode/BytecodeDumper.cpp:
1286         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
1287         * bytecompiler/NodesCodegen.cpp:
1288         (JSC::BytecodeIntrinsicNode::emit_intrinsic_getByIdDirectPrivate):
1289         (JSC::BytecodeIntrinsicNode::emit_intrinsic_putByIdDirectPrivate):
1290         * parser/Lexer.cpp:
1291         (JSC::Lexer<LChar>::parseIdentifier):
1292         (JSC::Lexer<UChar>::parseIdentifier):
1293         * parser/Parser.cpp:
1294         (JSC::Parser<LexerType>::createGeneratorParameters):
1295         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1296         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
1297         (JSC::Parser<LexerType>::parseClassDeclaration):
1298         (JSC::Parser<LexerType>::parseExportDeclaration):
1299         (JSC::Parser<LexerType>::parseMemberExpression):
1300         * parser/ParserArena.h:
1301         (JSC::IdentifierArena::makeIdentifier):
1302         * runtime/CachedTypes.cpp:
1303         (JSC::CachedUniquedStringImpl::encode):
1304         (JSC::CachedUniquedStringImpl::decode const):
1305         * runtime/CommonIdentifiers.cpp:
1306         (JSC::CommonIdentifiers::CommonIdentifiers):
1307         (JSC::CommonIdentifiers::lookUpPrivateName const):
1308         (JSC::CommonIdentifiers::getPublicName const):
1309         (JSC::CommonIdentifiers::lookUpPublicName const): Deleted.
1310         * runtime/CommonIdentifiers.h:
1311         * runtime/ExceptionHelpers.cpp:
1312         (JSC::createUndefinedVariableError):
1313         * runtime/Identifier.cpp:
1314         (JSC::Identifier::dump const):
1315         * runtime/Identifier.h:
1316         * runtime/IdentifierInlines.h:
1317         (JSC::Identifier::fromUid):
1318         * runtime/JSTypedArrayViewPrototype.cpp:
1319         (JSC::JSTypedArrayViewPrototype::finishCreation):
1320         * tools/JSDollarVM.cpp:
1321         (JSC::functionGetPrivateProperty):
1322
1323 2019-02-06  Keith Rollin  <krollin@apple.com>
1324
1325         Really enable the automatic checking and regenerations of .xcfilelists during builds
1326         https://bugs.webkit.org/show_bug.cgi?id=194357
1327         <rdar://problem/47861231>
1328
1329         Reviewed by Chris Dumez.
1330
1331         Bug 194124 was supposed to enable the automatic checking and
1332         regenerating of .xcfilelist files during the build. While related
1333         changes were included in that patch, the change to actually enable the
1334         operation somehow was omitted. This patch actually enables the
1335         operation. The check-xcfilelist.sh scripts now check
1336         WK_DISABLE_CHECK_XCFILELISTS, and if it's "1", opts-out the developer
1337         from the checking.
1338
1339         * Scripts/check-xcfilelists.sh:
1340
1341 2019-02-06  Yusuke Suzuki  <ysuzuki@apple.com>
1342
1343         [JSC] Unify indirectEvalExecutableSpace and directEvalExecutableSpace
1344         https://bugs.webkit.org/show_bug.cgi?id=194339
1345
1346         Reviewed by Michael Saboff.
1347
1348         DirectEvalExecutable and IndirectEvalExecutable have completely same memory layout.
1349         They have even the same structure. This patch unifies the subspaces for them.
1350
1351         * runtime/DirectEvalExecutable.h:
1352         * runtime/EvalExecutable.h:
1353         (JSC::EvalExecutable::subspaceFor):
1354         * runtime/IndirectEvalExecutable.h:
1355         * runtime/VM.cpp:
1356         * runtime/VM.h:
1357         (JSC::VM::forEachScriptExecutableSpace):
1358
1359 2019-02-06  Yusuke Suzuki  <ysuzuki@apple.com>
1360
1361         [JSC] NativeExecutable should be smaller
1362         https://bugs.webkit.org/show_bug.cgi?id=194331
1363
1364         Reviewed by Michael Saboff.
1365
1366         NativeExecutable takes 88 bytes now. Since our GC rounds the size with 16, it actually takes 96 bytes in IsoSubspaces.
1367         Since a lot of NativeExecutable are allocated, we already has two MarkedBlocks even just after JSGlobalObject initialization.
1368         This patch makes sizeof(NativeExecutable) 64 bytes, which is 32 bytes smaller than 96 bytes. Now our JSGlobalObject initialization
1369         only takes one MarkedBlock for NativeExecutable.
1370
1371         To make NativeExecutable smaller,
1372
1373         1. m_numParametersForCall and m_numParametersForConstruct in ExecutableBase are only meaningful in ScriptExecutable subclasses. Since
1374            they are not touched from JIT, we can remove them from ExecutableBase and move them to ScriptExecutable.
1375
1376         2. DOMJIT::Signature* is rarely used. Rather than having it in NativeExecutable, we should put it in NativeJITCode. Since NativeExecutable
1377            always has JITCode, we can safely query the value from NativeExecutable. This patch creates NativeDOMJITCode, which is a subclass of
1378            NativeJITCode, and instantiated only when DOMJIT::Signature* is given.
1379
1380         3. Move Intrinsic to a member of ScriptExecutable or JITCode. Since JITCode has some paddings to put things, we can leverage this to put
1381            Intrinsic for NativeExecutable.
1382
1383         We also move "clearCode" code from ExecutableBase to ScriptExecutable since it is only valid for ScriptExecutable subclasses.
1384
1385         * CMakeLists.txt:
1386         * JavaScriptCore.xcodeproj/project.pbxproj:
1387         * bytecode/CallVariant.h:
1388         * interpreter/Interpreter.cpp:
1389         * jit/JITCode.cpp:
1390         (JSC::DirectJITCode::DirectJITCode):
1391         (JSC::NativeJITCode::NativeJITCode):
1392         (JSC::NativeDOMJITCode::NativeDOMJITCode):
1393         * jit/JITCode.h:
1394         (JSC::JITCode::signature const):
1395         (JSC::JITCode::intrinsic):
1396         * jit/JITOperations.cpp:
1397         * jit/JITThunks.cpp:
1398         (JSC::JITThunks::hostFunctionStub):
1399         * jit/Repatch.cpp:
1400         * llint/LLIntSlowPaths.cpp:
1401         * runtime/ExecutableBase.cpp:
1402         (JSC::ExecutableBase::dump const):
1403         (JSC::ExecutableBase::hashFor const):
1404         (JSC::ExecutableBase::hasClearableCode const): Deleted.
1405         (JSC::ExecutableBase::clearCode): Deleted.
1406         * runtime/ExecutableBase.h:
1407         (JSC::ExecutableBase::ExecutableBase):
1408         (JSC::ExecutableBase::isModuleProgramExecutable):
1409         (JSC::ExecutableBase::isHostFunction const):
1410         (JSC::ExecutableBase::generatedJITCodeForCall const):
1411         (JSC::ExecutableBase::generatedJITCodeForConstruct const):
1412         (JSC::ExecutableBase::generatedJITCodeFor const):
1413         (JSC::ExecutableBase::generatedJITCodeForCall): Deleted.
1414         (JSC::ExecutableBase::generatedJITCodeForConstruct): Deleted.
1415         (JSC::ExecutableBase::generatedJITCodeFor): Deleted.
1416         (JSC::ExecutableBase::offsetOfNumParametersFor): Deleted.
1417         (JSC::ExecutableBase::hasJITCodeForCall const): Deleted.
1418         (JSC::ExecutableBase::hasJITCodeForConstruct const): Deleted.
1419         (JSC::ExecutableBase::intrinsic const): Deleted.
1420         * runtime/ExecutableBaseInlines.h: Added.
1421         (JSC::ExecutableBase::intrinsic const):
1422         (JSC::ExecutableBase::hasJITCodeForCall const):
1423         (JSC::ExecutableBase::hasJITCodeForConstruct const):
1424         * runtime/JSBoundFunction.cpp:
1425         * runtime/JSType.cpp:
1426         (WTF::printInternal):
1427         * runtime/JSType.h:
1428         * runtime/NativeExecutable.cpp:
1429         (JSC::NativeExecutable::create):
1430         (JSC::NativeExecutable::createStructure):
1431         (JSC::NativeExecutable::NativeExecutable):
1432         (JSC::NativeExecutable::signatureFor const):
1433         (JSC::NativeExecutable::intrinsic const):
1434         * runtime/NativeExecutable.h:
1435         * runtime/ScriptExecutable.cpp:
1436         (JSC::ScriptExecutable::ScriptExecutable):
1437         (JSC::ScriptExecutable::clearCode):
1438         (JSC::ScriptExecutable::installCode):
1439         (JSC::ScriptExecutable::hasClearableCode const):
1440         * runtime/ScriptExecutable.h:
1441         (JSC::ScriptExecutable::intrinsic const):
1442         (JSC::ScriptExecutable::hasJITCodeForCall const):
1443         (JSC::ScriptExecutable::hasJITCodeForConstruct const):
1444         * runtime/VM.cpp:
1445         (JSC::VM::getHostFunction):
1446
1447 2019-02-06  Pablo Saavedra  <psaavedra@igalia.com>
1448
1449         Build failure after r240431
1450         https://bugs.webkit.org/show_bug.cgi?id=194330
1451
1452         Reviewed by Žan Doberšek.
1453
1454         * API/glib/JSCOptions.cpp:
1455
1456 2019-02-05  Mark Lam  <mark.lam@apple.com>
1457
1458         Fix DFG's doesGC() for a few more nodes.
1459         https://bugs.webkit.org/show_bug.cgi?id=194307
1460         <rdar://problem/47832956>
1461
1462         Reviewed by Yusuke Suzuki.
1463
1464         Fix doesGC() for the following nodes:
1465
1466             NumberToStringWithValidRadixConstant:
1467                 Calls operationInt32ToStringWithValidRadix(), which calls int32ToString(),
1468                 which can allocate a string.
1469                 Calls operationInt52ToStringWithValidRadix(), which calls int52ToString(),
1470                 which can allocate a string.
1471                 Calls operationDoubleToStringWithValidRadix(), which calls numberToString(),
1472                 which can allocate a string.
1473
1474             RegExpExecNonGlobalOrSticky: calls createRegExpMatchesArray() which allocates
1475                 memory for all kinds of objects.
1476             RegExpMatchFast: calls operationRegExpMatchFastString(), which calls
1477                 RegExpObject::execInline() and RegExpObject::matchGlobal().  Both of
1478                 these allocates memory for the match result.
1479             RegExpMatchFastGlobal: calls operationRegExpMatchFastGlobalString(), which
1480                 calls RegExpObject's collectMatches(), which allocates an array amongst
1481                 other objects.
1482
1483             StringFromCharCode:
1484                 If the uint32 code to convert is greater than maxSingleCharacterString,
1485                 we'll call operationStringFromCharCode(), which calls jsSingleCharacterString(),
1486                 which allocates a new string if the code is greater than maxSingleCharacterString.
1487
1488         Also fix SpeculativeJIT::compileFromCharCode() and FTL's compileStringFromCharCode()
1489         to use maxSingleCharacterString instead of a literal constant.
1490
1491         * dfg/DFGDoesGC.cpp:
1492         (JSC::DFG::doesGC):
1493         * dfg/DFGSpeculativeJIT.cpp:
1494         (JSC::DFG::SpeculativeJIT::compileFromCharCode):
1495         * ftl/FTLLowerDFGToB3.cpp:
1496         (JSC::FTL::DFG::LowerDFGToB3::compileStringFromCharCode):
1497
1498 2019-02-05  Keith Rollin  <krollin@apple.com>
1499
1500         Enable the automatic checking and regenerations of .xcfilelists during builds
1501         https://bugs.webkit.org/show_bug.cgi?id=194124
1502         <rdar://problem/47721277>
1503
1504         Reviewed by Tim Horton.
1505
1506         Bug 193790 add a facility for checking -- during build time -- that
1507         any needed .xcfilelist files are up-to-date and for updating them if
1508         they are not. This facility was initially opt-in by setting
1509         WK_ENABLE_CHECK_XCFILELISTS until other pieces were in place and until
1510         the process seemed robust. Its now time to enable this facility and
1511         make it opt-out. If there is a need to disable this facility, set and
1512         export WK_DISABLE_CHECK_XCFILELISTS=1 in your environment before
1513         running `make` or `build-webkit`, or before running Xcode from the
1514         command line.
1515
1516         Additionally, remove the step that generates a list of source files
1517         going into the UnifiedSources build step. It's only necessarily to
1518         specify Sources.txt and SourcesCocoa.txt as inputs.
1519
1520         * JavaScriptCore.xcodeproj/project.pbxproj:
1521         * UnifiedSources-input.xcfilelist: Removed.
1522
1523 2019-02-05  Keith Rollin  <krollin@apple.com>
1524
1525         Update .xcfilelist files
1526         https://bugs.webkit.org/show_bug.cgi?id=194121
1527         <rdar://problem/47720863>
1528
1529         Reviewed by Tim Horton.
1530
1531         Preparatory to enabling the facility for automatically updating the
1532         .xcfilelist files, check in a freshly-updated set so that not everyone
1533         runs up against having to regenerate them themselves.
1534
1535         * DerivedSources-input.xcfilelist:
1536         * DerivedSources-output.xcfilelist:
1537
1538 2019-02-05  Andy VanWagoner  <andy@vanwagoner.family>
1539
1540         [INTL] improve efficiency of Intl.NumberFormat formatToParts
1541         https://bugs.webkit.org/show_bug.cgi?id=185557
1542
1543         Reviewed by Mark Lam.
1544
1545         Since field nesting depth is minimal, this algorithm should be effectively O(n),
1546         where n is the number of characters in the formatted string.
1547         It may be less memory efficient than the previous impl, since the intermediate Vector
1548         is the length of the string, instead of the count of the fields.
1549
1550         * runtime/IntlNumberFormat.cpp:
1551         (JSC::IntlNumberFormat::formatToParts):
1552         * runtime/IntlNumberFormat.h:
1553
1554 2019-02-05  Mark Lam  <mark.lam@apple.com>
1555
1556         Move DFG nodes that clobberize() says will write(Heap) to the doesGC() list that returns true.
1557         https://bugs.webkit.org/show_bug.cgi?id=194298
1558         <rdar://problem/47827555>
1559
1560         Reviewed by Saam Barati.
1561
1562         We do this for 3 reasons:
1563         1. It's clearer when reading doesGC()'s code that these nodes will return true.
1564         2. If things change in the future where clobberize() no longer reports these nodes
1565            as write(Heap), each node should be vetted first to make sure that it can never
1566            GC before being moved back to the doesGC() list that returns false.
1567         3. This reduces the list of nodes that we need to audit to make sure doesGC() is
1568            correct in its claims about the nodes' GCing possibility.
1569
1570         The list of nodes moved are:
1571
1572             ArrayPush
1573             ArrayPop
1574             Call
1575             CallEval
1576             CallForwardVarargs
1577             CallVarargs
1578             Construct
1579             ConstructForwardVarargs
1580             ConstructVarargs
1581             DefineDataProperty
1582             DefineAccessorProperty
1583             DeleteById
1584             DeleteByVal
1585             DirectCall
1586             DirectConstruct
1587             DirectTailCallInlinedCaller
1588             GetById
1589             GetByIdDirect
1590             GetByIdDirectFlush
1591             GetByIdFlush
1592             GetByIdWithThis
1593             GetByValWithThis
1594             GetDirectPname
1595             GetDynamicVar
1596             HasGenericProperty
1597             HasOwnProperty
1598             HasStructureProperty
1599             InById
1600             InByVal
1601             InstanceOf
1602             InstanceOfCustom
1603             LoadVarargs
1604             NumberToStringWithRadix
1605             PutById
1606             PutByIdDirect
1607             PutByIdFlush
1608             PutByIdWithThis
1609             PutByOffset
1610             PutByValWithThis
1611             PutDynamicVar
1612             PutGetterById
1613             PutGetterByVal
1614             PutGetterSetterById
1615             PutSetterById
1616             PutSetterByVal
1617             PutStack
1618             PutToArguments
1619             RegExpExec
1620             RegExpTest
1621             ResolveScope
1622             ResolveScopeForHoistingFuncDeclInEval
1623             TailCall
1624             TailCallForwardVarargsInlinedCaller
1625             TailCallInlinedCaller
1626             TailCallVarargsInlinedCaller
1627             ToNumber
1628             ToPrimitive
1629             ValueNegate
1630
1631         * dfg/DFGDoesGC.cpp:
1632         (JSC::DFG::doesGC):
1633
1634 2019-02-05  Yusuke Suzuki  <ysuzuki@apple.com>
1635
1636         [JSC] Shrink sizeof(UnlinkedCodeBlock)
1637         https://bugs.webkit.org/show_bug.cgi?id=194281
1638
1639         Reviewed by Michael Saboff.
1640
1641         This patch first attempts to reduce the size of UnlinkedCodeBlock in a relatively simpler way. Reordering members, remove unused member, and
1642         move rarely used members to RareData. This changes sizeof(UnlinkedCodeBlock) from 312 to 256.
1643
1644         Still we have several chances to reduce sizeof(UnlinkedCodeBlock). Making more Vectors to RefCountedArrays can be done with some restructuring
1645         of generatorification phase. It would be possible to remove m_sourceURLDirective and m_sourceMappingURLDirective from UnlinkedCodeBlock since
1646         they should be in SourceProvider and that should be enough. These changes require some intrusive modifications and we make them as a future work.
1647
1648         * bytecode/CodeBlock.cpp:
1649         (JSC::CodeBlock::finishCreation):
1650         * bytecode/CodeBlock.h:
1651         (JSC::CodeBlock::bitVectors const): Deleted.
1652         * bytecode/CodeType.h:
1653         * bytecode/UnlinkedCodeBlock.cpp:
1654         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1655         (JSC::UnlinkedCodeBlock::shrinkToFit):
1656         * bytecode/UnlinkedCodeBlock.h:
1657         (JSC::UnlinkedCodeBlock::bitVector):
1658         (JSC::UnlinkedCodeBlock::addBitVector):
1659         (JSC::UnlinkedCodeBlock::addSetConstant):
1660         (JSC::UnlinkedCodeBlock::constantRegisters):
1661         (JSC::UnlinkedCodeBlock::numberOfConstantIdentifierSets const):
1662         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
1663         (JSC::UnlinkedCodeBlock::codeType const):
1664         (JSC::UnlinkedCodeBlock::didOptimize const):
1665         (JSC::UnlinkedCodeBlock::setDidOptimize):
1666         (JSC::UnlinkedCodeBlock::usesGlobalObject const): Deleted.
1667         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1668         (JSC::UnlinkedCodeBlock::globalObjectRegister const): Deleted.
1669         (JSC::UnlinkedCodeBlock::bitVectors const): Deleted.
1670         * bytecompiler/BytecodeGenerator.cpp:
1671         (JSC::BytecodeGenerator::emitLoad):
1672         (JSC::BytecodeGenerator::emitLoadGlobalObject): Deleted.
1673         * bytecompiler/BytecodeGenerator.h:
1674         * runtime/CachedTypes.cpp:
1675         (JSC::CachedCodeBlockRareData::encode):
1676         (JSC::CachedCodeBlockRareData::decode const):
1677         (JSC::CachedCodeBlock::scopeRegister const):
1678         (JSC::CachedCodeBlock::codeType const):
1679         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1680         (JSC::CachedCodeBlock<CodeBlockType>::decode const):
1681         (JSC::CachedCodeBlock<CodeBlockType>::encode):
1682         (JSC::CachedCodeBlock::globalObjectRegister const): Deleted.
1683
1684 2019-02-04  Yusuke Suzuki  <ysuzuki@apple.com>
1685
1686         Unreviewed, add missing exception checks after r240637
1687         https://bugs.webkit.org/show_bug.cgi?id=193546
1688
1689         * tools/JSDollarVM.cpp:
1690         (JSC::functionShadowChickenFunctionsOnStack):
1691
1692 2019-02-04  Yusuke Suzuki  <ysuzuki@apple.com>
1693
1694         [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types
1695         https://bugs.webkit.org/show_bug.cgi?id=193993
1696
1697         Reviewed by Keith Miller.
1698
1699         JSC::VM has a lot of IsoSubspaces, and each takes 504B. This unnecessarily makes VM so large.
1700         And some of them are rarely used. We should allocate it lazily.
1701
1702         In this patch, we make some `IsoSubspaces` `std::unique_ptr<IsoSubspace>`. And we add ensureXXXSpace
1703         functions which allocate IsoSubspaces lazily. This function is used by subspaceFor<> in each class.
1704         And we also add subspaceForConcurrently<> function, which is called from concurrent JIT tiers. This
1705         returns nullptr if the subspace is not allocated yet. JSCell::subspaceFor now takes second template
1706         parameter which tells the function whether subspaceFor is concurrently done. If the IsoSubspace is
1707         lazily created, we may return nullptr for the concurrent access. We ensure the space's initialization
1708         by using WTF::storeStoreFence when lazily allocating it.
1709
1710         In GC's constraint solving, we may touch these lazily allocated spaces. At that time, we check the
1711         existence of the space before touching this. This is not racy because the main thread is stopped when
1712         the constraint solving is working.
1713
1714         This changes sizeof(VM) from 64736 to 56472.
1715
1716         Another interesting thing is that we removed `PreventCollectionScope preventCollectionScope(heap);` in
1717         `Subspace::initialize`. This is really dangerous API since it easily causes dead-lock between the
1718         collector and the mutator if IsoSubspace is dynamically created. We do want to make IsoSubspaces
1719         dynamically-created ones since the requirement of the pre-allocation poses a scalability problem
1720         of IsoSubspace adoption because IsoSubspace is large. Registered Subspace is only touched in the
1721         EndPhase, and the peripheries should be stopped when running EndPhase. Thus, as long as the main thread
1722         can run this IsoSubspace code, the collector is never EndPhase. So this is safe.
1723
1724         * API/JSCallbackFunction.h:
1725         * API/ObjCCallbackFunction.h:
1726         (JSC::ObjCCallbackFunction::subspaceFor):
1727         * API/glib/JSCCallbackFunction.h:
1728         * CMakeLists.txt:
1729         * JavaScriptCore.xcodeproj/project.pbxproj:
1730         * bytecode/CodeBlock.cpp:
1731         (JSC::CodeBlock::visitChildren):
1732         (JSC::CodeBlock::finalizeUnconditionally):
1733         * bytecode/CodeBlock.h:
1734         * bytecode/EvalCodeBlock.h:
1735         * bytecode/ExecutableToCodeBlockEdge.h:
1736         * bytecode/FunctionCodeBlock.h:
1737         * bytecode/ModuleProgramCodeBlock.h:
1738         * bytecode/ProgramCodeBlock.h:
1739         * bytecode/UnlinkedFunctionExecutable.cpp:
1740         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
1741         * bytecode/UnlinkedFunctionExecutable.h:
1742         * dfg/DFGSpeculativeJIT.cpp:
1743         (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
1744         (JSC::DFG::SpeculativeJIT::compileMakeRope):
1745         (JSC::DFG::SpeculativeJIT::compileNewObject):
1746         * ftl/FTLLowerDFGToB3.cpp:
1747         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
1748         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
1749         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
1750         (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
1751         (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell):
1752         * heap/Heap.cpp:
1753         (JSC::Heap::finalizeUnconditionalFinalizers):
1754         (JSC::Heap::deleteAllCodeBlocks):
1755         (JSC::Heap::deleteAllUnlinkedCodeBlocks):
1756         (JSC::Heap::addCoreConstraints):
1757         * heap/Subspace.cpp:
1758         (JSC::Subspace::initialize):
1759         * jit/AssemblyHelpers.h:
1760         (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
1761         (JSC::AssemblyHelpers::emitAllocateVariableSizedCell):
1762         * jit/JITOpcodes.cpp:
1763         (JSC::JIT::emit_op_new_object):
1764         * jit/JITOpcodes32_64.cpp:
1765         (JSC::JIT::emit_op_new_object):
1766         * runtime/DirectArguments.h:
1767         * runtime/DirectEvalExecutable.h:
1768         * runtime/ErrorInstance.h:
1769         (JSC::ErrorInstance::subspaceFor):
1770         * runtime/ExecutableBase.h:
1771         * runtime/FunctionExecutable.h:
1772         * runtime/IndirectEvalExecutable.h:
1773         * runtime/InferredValue.cpp:
1774         (JSC::InferredValue::visitChildren):
1775         * runtime/InferredValue.h:
1776         * runtime/InferredValueInlines.h:
1777         (JSC::InferredValue::finalizeUnconditionally):
1778         * runtime/InternalFunction.h:
1779         * runtime/JSAsyncFunction.h:
1780         * runtime/JSAsyncGeneratorFunction.h:
1781         * runtime/JSBoundFunction.h:
1782         * runtime/JSCell.h:
1783         (JSC::subspaceFor):
1784         (JSC::subspaceForConcurrently):
1785         * runtime/JSCellInlines.h:
1786         (JSC::allocatorForNonVirtualConcurrently):
1787         * runtime/JSCustomGetterSetterFunction.h:
1788         * runtime/JSDestructibleObject.h:
1789         * runtime/JSFunction.h:
1790         * runtime/JSGeneratorFunction.h:
1791         * runtime/JSImmutableButterfly.h:
1792         * runtime/JSLexicalEnvironment.h:
1793         (JSC::JSLexicalEnvironment::subspaceFor):
1794         * runtime/JSNativeStdFunction.h:
1795         * runtime/JSSegmentedVariableObject.h:
1796         * runtime/JSString.h:
1797         * runtime/ModuleProgramExecutable.h:
1798         * runtime/NativeExecutable.h:
1799         * runtime/ProgramExecutable.h:
1800         * runtime/PropertyMapHashTable.h:
1801         * runtime/ProxyRevoke.h:
1802         * runtime/ScopedArguments.h:
1803         * runtime/ScriptExecutable.cpp:
1804         (JSC::ScriptExecutable::clearCode):
1805         (JSC::ScriptExecutable::installCode):
1806         * runtime/Structure.h:
1807         * runtime/StructureRareData.h:
1808         * runtime/SubspaceAccess.h: Copied from Source/JavaScriptCore/runtime/InferredValueInlines.h.
1809         * runtime/VM.cpp:
1810         (JSC::VM::VM):
1811         * runtime/VM.h:
1812         (JSC::VM::SpaceAndSet::SpaceAndSet):
1813         (JSC::VM::SpaceAndSet::setFor):
1814         (JSC::VM::forEachScriptExecutableSpace):
1815         (JSC::VM::SpaceAndFinalizerSet::SpaceAndFinalizerSet): Deleted.
1816         (JSC::VM::SpaceAndFinalizerSet::finalizerSetFor): Deleted.
1817         (JSC::VM::ScriptExecutableSpaceAndSet::ScriptExecutableSpaceAndSet): Deleted.
1818         (JSC::VM::ScriptExecutableSpaceAndSet::clearableCodeSetFor): Deleted.
1819         (JSC::VM::UnlinkedFunctionExecutableSpaceAndSet::UnlinkedFunctionExecutableSpaceAndSet): Deleted.
1820         (JSC::VM::UnlinkedFunctionExecutableSpaceAndSet::clearableCodeSetFor): Deleted.
1821         * runtime/WeakMapImpl.h:
1822         (JSC::WeakMapImpl::subspaceFor):
1823         * wasm/js/JSWebAssemblyCodeBlock.h:
1824         * wasm/js/JSWebAssemblyMemory.h:
1825         * wasm/js/WebAssemblyFunction.h:
1826         * wasm/js/WebAssemblyWrapperFunction.h:
1827
1828 2019-02-04  Keith Miller  <keith_miller@apple.com>
1829
1830         Change llint operand macros to inline functions
1831         https://bugs.webkit.org/show_bug.cgi?id=194248
1832
1833         Reviewed by Mark Lam.
1834
1835         * llint/LLIntSlowPaths.cpp:
1836         (JSC::LLInt::getNonConstantOperand):
1837         (JSC::LLInt::getOperand):
1838         (JSC::LLInt::llint_trace_value):
1839         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1840         (JSC::LLInt::getByVal):
1841         (JSC::LLInt::genericCall):
1842         (JSC::LLInt::varargsSetup):
1843         (JSC::LLInt::commonCallEval):
1844
1845 2019-02-04  Robin Morisset  <rmorisset@apple.com>
1846
1847         when lowering AssertNotEmpty, create the value before creating the patchpoint
1848         https://bugs.webkit.org/show_bug.cgi?id=194231
1849
1850         Reviewed by Saam Barati.
1851
1852         This is a very simple change: we should never generate B3 IR where an instruction depends on a value that comes later in the instruction stream.
1853         AssertNotEmpty was generating some such IR, it probably slipped through until now because it is a rather rare and tricky instruction to generate.
1854
1855         * ftl/FTLLowerDFGToB3.cpp:
1856         (JSC::FTL::DFG::LowerDFGToB3::compileAssertNotEmpty):
1857
1858 2019-02-04  Yusuke Suzuki  <ysuzuki@apple.com>
1859
1860         [JSC] ExecutableToCodeBlockEdge should be smaller
1861         https://bugs.webkit.org/show_bug.cgi?id=194244
1862
1863         Reviewed by Michael Saboff.
1864
1865         ExecutableToCodeBlockEdge is allocated so many times. However its memory layout is not efficient.
1866         sizeof(ExecutableToCodeBlockEdge) is 24bytes, but it discards 7bytes due to one bool m_isActive flag.
1867         Because our size classes are rounded by 16bytes, ExecutableToCodeBlockEdge takes 32bytes. So, half of
1868         it is wasted. We should fit it into 16bytes so that we can efficiently allocate it.
1869
1870         In this patch, we leverages TypeInfoMayBePrototype bit in JSTypeInfo. It is a bit special TypeInfo bit
1871         since this is per-cell bit. We rename this to TypeInfoPerCellBit, and use it as a `m_isActive` mark in
1872         ExecutableToCodeBlockEdge. In JSObject subclasses, we use it as MayBePrototype flag.
1873
1874         Since this flag is not changed in CAS style, we must not change this in concurrent threads. This is OK
1875         for ExecutableToCodeBlockEdge's m_isActive flag since this is touched on the main thread (ScriptExecutable::installCode
1876         does not touch it if it is called in non-main threads).
1877
1878         * bytecode/ExecutableToCodeBlockEdge.cpp:
1879         (JSC::ExecutableToCodeBlockEdge::finishCreation):
1880         (JSC::ExecutableToCodeBlockEdge::visitChildren):
1881         (JSC::ExecutableToCodeBlockEdge::activate):
1882         (JSC::ExecutableToCodeBlockEdge::deactivate):
1883         (JSC::ExecutableToCodeBlockEdge::isActive const):
1884         * bytecode/ExecutableToCodeBlockEdge.h:
1885         * runtime/JSCell.h:
1886         * runtime/JSCellInlines.h:
1887         (JSC::JSCell::perCellBit const):
1888         (JSC::JSCell::setPerCellBit):
1889         (JSC::JSCell::mayBePrototype const): Deleted.
1890         (JSC::JSCell::didBecomePrototype): Deleted.
1891         * runtime/JSObject.cpp:
1892         (JSC::JSObject::setPrototypeDirect):
1893         * runtime/JSObject.h:
1894         * runtime/JSObjectInlines.h:
1895         (JSC::JSObject::mayBePrototype const):
1896         (JSC::JSObject::didBecomePrototype):
1897         * runtime/JSTypeInfo.h:
1898         (JSC::TypeInfo::perCellBit):
1899         (JSC::TypeInfo::mergeInlineTypeFlags):
1900         (JSC::TypeInfo::mayBePrototype): Deleted.
1901
1902 2019-02-04  Yusuke Suzuki  <ysuzuki@apple.com>
1903
1904         [JSC] Shrink size of FunctionExecutable
1905         https://bugs.webkit.org/show_bug.cgi?id=194191
1906
1907         Reviewed by Michael Saboff.
1908
1909         This patch reduces the size of FunctionExecutable. Since it is allocated in IsoSubspace, reducing the size directly
1910         improves the allocation efficiency.
1911
1912         1. ScriptExecutable (base class of FunctionExecutable) has several members, but it is meaningful only in FunctionExecutable.
1913            We remove this from ScriptExecutable, and move it to FunctionExecutable.
1914
1915         2. FunctionExecutable has several data which are rarely used. One for FunctionOverrides functionality, which is typically
1916            used for JSC debugging purpose, and another is TypeSet and offsets for type profiler. We move them to RareData and reduce
1917            the size of FunctionExecutable in the common case.
1918
1919         This patch changes the size of FunctionExecutable from 176 to 144.
1920
1921         * bytecode/CodeBlock.cpp:
1922         (JSC::CodeBlock::dumpSource):
1923         (JSC::CodeBlock::finishCreation):
1924         * dfg/DFGNode.h:
1925         (JSC::DFG::Node::OpInfoWrapper::as const):
1926         * interpreter/StackVisitor.cpp:
1927         (JSC::StackVisitor::Frame::computeLineAndColumn const):
1928         * runtime/ExecutableBase.h:
1929         * runtime/FunctionExecutable.cpp:
1930         (JSC::FunctionExecutable::FunctionExecutable):
1931         (JSC::FunctionExecutable::ensureRareDataSlow):
1932         * runtime/FunctionExecutable.h:
1933         * runtime/Intrinsic.h:
1934         * runtime/ModuleProgramExecutable.cpp:
1935         (JSC::ModuleProgramExecutable::ModuleProgramExecutable):
1936         * runtime/ProgramExecutable.cpp:
1937         (JSC::ProgramExecutable::ProgramExecutable):
1938         * runtime/ScriptExecutable.cpp:
1939         (JSC::ScriptExecutable::ScriptExecutable):
1940         (JSC::ScriptExecutable::overrideLineNumber const):
1941         (JSC::ScriptExecutable::typeProfilingStartOffset const):
1942         (JSC::ScriptExecutable::typeProfilingEndOffset const):
1943         * runtime/ScriptExecutable.h:
1944         (JSC::ScriptExecutable::firstLine const):
1945         (JSC::ScriptExecutable::setOverrideLineNumber): Deleted.
1946         (JSC::ScriptExecutable::hasOverrideLineNumber const): Deleted.
1947         (JSC::ScriptExecutable::overrideLineNumber const): Deleted.
1948         (JSC::ScriptExecutable::typeProfilingStartOffset const): Deleted.
1949         (JSC::ScriptExecutable::typeProfilingEndOffset const): Deleted.
1950         * runtime/StackFrame.cpp:
1951         (JSC::StackFrame::computeLineAndColumn const):
1952         * tools/JSDollarVM.cpp:
1953         (JSC::functionReturnTypeFor):
1954
1955 2019-02-04  Mark Lam  <mark.lam@apple.com>
1956
1957         DFG's doesGC() is incorrect about the SameValue node's behavior.
1958         https://bugs.webkit.org/show_bug.cgi?id=194211
1959         <rdar://problem/47608913>
1960
1961         Reviewed by Saam Barati.
1962
1963         Only the DoubleRepUse case is guaranteed to not GC.  The other case may GC because
1964         it calls operationSameValue() which may allocate memory for resolving ropes.
1965
1966         * dfg/DFGDoesGC.cpp:
1967         (JSC::DFG::doesGC):
1968
1969 2019-02-03  Yusuke Suzuki  <ysuzuki@apple.com>
1970
1971         [JSC] UnlinkedMetadataTable assumes that MetadataTable is destroyed before it is destructed, but order of destruction of JS heap cells are not guaranteed
1972         https://bugs.webkit.org/show_bug.cgi?id=194031
1973
1974         Reviewed by Saam Barati.
1975
1976         UnlinkedMetadataTable assumes that MetadataTable linked against this UnlinkedMetadataTable is already destroyed when UnlinkedMetadataTable is destroyed.
1977         This means that UnlinkedCodeBlock is destroyed after all the linked CodeBlocks are destroyed. But this assumption is not valid since GC's finalizer
1978         sweeps objects without considering the dependencies among swept objects. UnlinkedMetadataTable can be destroyed even before linked MetadataTable is
1979         destroyed if UnlinkedCodeBlock is destroyed before linked CodeBlock is destroyed.
1980
1981         To make the above assumption valid, we make UnlinkedMetadataTable RefCounted object, and make MetadataTable hold the strong ref to UnlinkedMetadataTable.
1982         This ensures that UnlinkedMetadataTable is destroyed after all the linked MetadataTables are destroyed.
1983
1984         * bytecode/MetadataTable.cpp:
1985         (JSC::MetadataTable::MetadataTable):
1986         (JSC::MetadataTable::~MetadataTable):
1987         * bytecode/UnlinkedCodeBlock.cpp:
1988         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1989         (JSC::UnlinkedCodeBlock::visitChildren):
1990         (JSC::UnlinkedCodeBlock::estimatedSize):
1991         (JSC::UnlinkedCodeBlock::setInstructions):
1992         * bytecode/UnlinkedCodeBlock.h:
1993         (JSC::UnlinkedCodeBlock::metadata):
1994         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
1995         * bytecode/UnlinkedMetadataTable.h:
1996         (JSC::UnlinkedMetadataTable::create):
1997         * bytecode/UnlinkedMetadataTableInlines.h:
1998         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1999         * runtime/CachedTypes.cpp:
2000         (JSC::CachedMetadataTable::decode const):
2001         (JSC::CachedCodeBlock::metadata const):
2002         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2003         (JSC::CachedCodeBlock<CodeBlockType>::decode const):
2004         (JSC::CachedCodeBlock<CodeBlockType>::encode):
2005
2006 2019-02-01  Yusuke Suzuki  <ysuzuki@apple.com>
2007
2008         [JSC] Decouple JIT related data from CodeBlock
2009         https://bugs.webkit.org/show_bug.cgi?id=194187
2010
2011         Reviewed by Saam Barati.
2012
2013         CodeBlock holds bunch of data which is only used after JIT starts compiling it.
2014         We have three types of data in CodeBlock.
2015
2016         1. The data which is always used. CodeBlock needs to hold it.
2017         2. The data which is touched even in LLInt, but it is only meaningful in JIT tiers. The example is profiling.
2018         3. The data which is used after the JIT compiler starts running for the given CodeBlock.
2019
2020         This patch decouples (3) from CodeBlock as CodeBlock::JITData. Even if we have bunch of CodeBlocks, only small
2021         number of them gets JIT compilation. Always allocating (3) data enlarges the size of CodeBlock, leading to the
2022         memory waste. Potentially we can decouple (2) in another data structure, but we first do (3) since (3) is beneficial
2023         in both non-JIT and *JIT* modes.
2024
2025         JITData is created only when JIT compiler wants to use it. So it can be concurrently created and used, so it is guarded
2026         by the lock of CodeBlock.
2027
2028         The size of CodeBlock is reduced from 512 to 352.
2029
2030         This patch improves memory footprint and gets 1.1% improvement in RAMification.
2031
2032             Footprint geomean: 36696503 (34.997 MB)
2033             Peak Footprint geomean: 38595988 (36.808 MB)
2034             Score: 37634263 (35.891 MB)
2035
2036             Footprint geomean: 37172768 (35.451 MB)
2037             Peak Footprint geomean: 38978288 (37.173 MB)
2038             Score: 38064824 (36.301 MB)
2039
2040         * bytecode/CodeBlock.cpp:
2041         (JSC::CodeBlock::~CodeBlock):
2042         (JSC::CodeBlock::propagateTransitions):
2043         (JSC::CodeBlock::ensureJITDataSlow):
2044         (JSC::CodeBlock::finalizeBaselineJITInlineCaches):
2045         (JSC::CodeBlock::getICStatusMap):
2046         (JSC::CodeBlock::addStubInfo):
2047         (JSC::CodeBlock::addJITAddIC):
2048         (JSC::CodeBlock::addJITMulIC):
2049         (JSC::CodeBlock::addJITSubIC):
2050         (JSC::CodeBlock::addJITNegIC):
2051         (JSC::CodeBlock::findStubInfo):
2052         (JSC::CodeBlock::addByValInfo):
2053         (JSC::CodeBlock::addCallLinkInfo):
2054         (JSC::CodeBlock::getCallLinkInfoForBytecodeIndex):
2055         (JSC::CodeBlock::addRareCaseProfile):
2056         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
2057         (JSC::CodeBlock::rareCaseProfileCountForBytecodeOffset):
2058         (JSC::CodeBlock::resetJITData):
2059         (JSC::CodeBlock::stronglyVisitStrongReferences):
2060         (JSC::CodeBlock::shrinkToFit):
2061         (JSC::CodeBlock::linkIncomingCall):
2062         (JSC::CodeBlock::linkIncomingPolymorphicCall):
2063         (JSC::CodeBlock::unlinkIncomingCalls):
2064         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2065         (JSC::CodeBlock::dumpValueProfiles):
2066         (JSC::CodeBlock::setPCToCodeOriginMap):
2067         (JSC::CodeBlock::findPC):
2068         (JSC::CodeBlock::dumpMathICStats):
2069         * bytecode/CodeBlock.h:
2070         (JSC::CodeBlock::ensureJITData):
2071         (JSC::CodeBlock::setJITCodeMap):
2072         (JSC::CodeBlock::jitCodeMap):
2073         (JSC::CodeBlock::likelyToTakeSlowCase):
2074         (JSC::CodeBlock::couldTakeSlowCase):
2075         (JSC::CodeBlock::lazyOperandValueProfiles):
2076         (JSC::CodeBlock::stubInfoBegin): Deleted.
2077         (JSC::CodeBlock::stubInfoEnd): Deleted.
2078         (JSC::CodeBlock::callLinkInfosBegin): Deleted.
2079         (JSC::CodeBlock::callLinkInfosEnd): Deleted.
2080         (JSC::CodeBlock::jitCodeMap const): Deleted.
2081         (JSC::CodeBlock::numberOfRareCaseProfiles): Deleted.
2082         * bytecode/MethodOfGettingAValueProfile.cpp:
2083         (JSC::MethodOfGettingAValueProfile::emitReportValue const):
2084         (JSC::MethodOfGettingAValueProfile::reportValue):
2085         * dfg/DFGByteCodeParser.cpp:
2086         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2087         * jit/JIT.h:
2088         * jit/JITOperations.cpp:
2089         (JSC::tryGetByValOptimize):
2090         * jit/JITPropertyAccess.cpp:
2091         (JSC::JIT::privateCompileGetByVal):
2092         (JSC::JIT::privateCompilePutByVal):
2093
2094 2018-12-16  Darin Adler  <darin@apple.com>
2095
2096         Convert additional String::format clients to alternative approaches
2097         https://bugs.webkit.org/show_bug.cgi?id=192746
2098
2099         Reviewed by Alexey Proskuryakov.
2100
2101         * inspector/agents/InspectorConsoleAgent.cpp:
2102         (Inspector::InspectorConsoleAgent::stopTiming): Use makeString
2103         and FormattedNumber::fixedWidth.
2104
2105 2019-02-01  Yusuke Suzuki  <ysuzuki@apple.com>
2106
2107         [JSC] Remove some of IsoSubspaces for JSFunction subclasses
2108         https://bugs.webkit.org/show_bug.cgi?id=194177
2109
2110         Reviewed by Saam Barati.
2111
2112         JSGeneratorFunction, JSAsyncFunction, and JSAsyncGeneratorFunction do not add any fields / classInfo methods.
2113         We can share the IsoSubspace for JSFunction.
2114
2115         * runtime/JSAsyncFunction.h:
2116         * runtime/JSAsyncGeneratorFunction.h:
2117         * runtime/JSGeneratorFunction.h:
2118         * runtime/VM.cpp:
2119         (JSC::VM::VM):
2120         * runtime/VM.h:
2121
2122 2019-02-01  Mark Lam  <mark.lam@apple.com>
2123
2124         Remove invalid assertion in DFG's compileDoubleRep().
2125         https://bugs.webkit.org/show_bug.cgi?id=194130
2126         <rdar://problem/47699474>
2127
2128         Reviewed by Saam Barati.
2129
2130         * dfg/DFGSpeculativeJIT.cpp:
2131         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
2132
2133 2019-02-01  Yusuke Suzuki  <ysuzuki@apple.com>
2134
2135         [JSC] Unify CodeBlock IsoSubspaces
2136         https://bugs.webkit.org/show_bug.cgi?id=194167
2137
2138         Reviewed by Saam Barati.
2139
2140         When we move CodeBlock into its IsoSubspace, we create IsoSubspaces for each subclass of CodeBlock.
2141         But this is not necessary since,
2142
2143         1. They do not override the classInfo methods.
2144         2. sizeof(ProgramCodeBlock etc.) == sizeof(CodeBlock) since subclasses adds no additional fields.
2145
2146         Creating IsoSubspace for each subclass is costly in terms of memory. Especially, IsoSubspace for
2147         ProgramCodeBlock is. We typically create only one ProgramCodeBlock, and it means the rest of the
2148         MarkedBlock (16KB - sizeof(footer) - sizeof(ProgramCodeBlock)) is just wasted.
2149
2150         This patch unifies these IsoSubspaces into one.
2151
2152         * bytecode/CodeBlock.cpp:
2153         (JSC::CodeBlock::destroy):
2154         * bytecode/CodeBlock.h:
2155         * bytecode/EvalCodeBlock.cpp:
2156         (JSC::EvalCodeBlock::destroy): Deleted.
2157         * bytecode/EvalCodeBlock.h: We drop some utility functions in EvalCodeBlock and use UnlinkedEvalCodeBlock's one directly.
2158         * bytecode/FunctionCodeBlock.cpp:
2159         (JSC::FunctionCodeBlock::destroy): Deleted.
2160         * bytecode/FunctionCodeBlock.h:
2161         * bytecode/GlobalCodeBlock.h:
2162         * bytecode/ModuleProgramCodeBlock.cpp:
2163         (JSC::ModuleProgramCodeBlock::destroy): Deleted.
2164         * bytecode/ModuleProgramCodeBlock.h:
2165         * bytecode/ProgramCodeBlock.cpp:
2166         (JSC::ProgramCodeBlock::destroy): Deleted.
2167         * bytecode/ProgramCodeBlock.h:
2168         * interpreter/Interpreter.cpp:
2169         (JSC::Interpreter::execute):
2170         * runtime/VM.cpp:
2171         (JSC::VM::VM):
2172         * runtime/VM.h:
2173         (JSC::VM::forEachCodeBlockSpace):
2174
2175 2019-02-01  Yusuke Suzuki  <ysuzuki@apple.com>
2176
2177         Unreviewed, follow-up after r240859
2178         https://bugs.webkit.org/show_bug.cgi?id=194145
2179
2180         Replace OOB HeapCellType with cellHeapCellType since they are completely the same.
2181         And rename cellDangerousBitsSpace back to cellSpace.
2182
2183         * runtime/JSCellInlines.h:
2184         (JSC::JSCell::subspaceFor):
2185         * runtime/VM.cpp:
2186         (JSC::VM::VM):
2187         * runtime/VM.h:
2188
2189 2019-02-01  Yusuke Suzuki  <ysuzuki@apple.com>
2190
2191         [JSC] Remove cellJSValueOOBSpace
2192         https://bugs.webkit.org/show_bug.cgi?id=194145
2193
2194         Reviewed by Mark Lam.
2195
2196         * runtime/JSObject.h:
2197         (JSC::JSObject::subspaceFor): Deleted.
2198         * runtime/VM.cpp:
2199         (JSC::VM::VM):
2200         * runtime/VM.h:
2201
2202 2019-01-31  Mark Lam  <mark.lam@apple.com>
2203
2204         Remove poisoning from CodeBlock and LLInt code.
2205         https://bugs.webkit.org/show_bug.cgi?id=194113
2206
2207         Reviewed by Yusuke Suzuki.
2208
2209         * bytecode/CodeBlock.cpp:
2210         (JSC::CodeBlock::CodeBlock):
2211         (JSC::CodeBlock::~CodeBlock):
2212         (JSC::CodeBlock::setConstantRegisters):
2213         (JSC::CodeBlock::propagateTransitions):
2214         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2215         (JSC::CodeBlock::jettison):
2216         (JSC::CodeBlock::predictedMachineCodeSize):
2217         * bytecode/CodeBlock.h:
2218         (JSC::CodeBlock::vm const):
2219         (JSC::CodeBlock::addConstant):
2220         (JSC::CodeBlock::heap const):
2221         (JSC::CodeBlock::replaceConstant):
2222         * llint/LLIntOfflineAsmConfig.h:
2223         * llint/LLIntSlowPaths.cpp:
2224         (JSC::LLInt::handleHostCall):
2225         (JSC::LLInt::setUpCall):
2226         * llint/LowLevelInterpreter.asm:
2227         * llint/LowLevelInterpreter32_64.asm:
2228         * llint/LowLevelInterpreter64.asm:
2229
2230 2019-01-31  Yusuke Suzuki  <ysuzuki@apple.com>
2231
2232         [JSC] Remove finalizer in AsyncFromSyncIteratorPrototype
2233         https://bugs.webkit.org/show_bug.cgi?id=194107
2234
2235         Reviewed by Saam Barati.
2236
2237         AsyncFromSyncIteratorPrototype uses the finalizer, but it is not necessary since it does not hold any objects which require destruction.
2238         We drop this finalizer. And we also make methods of AsyncFromSyncIteratorPrototype lazily allocated.
2239
2240         * CMakeLists.txt:
2241         * DerivedSources.make:
2242         * JavaScriptCore.xcodeproj/project.pbxproj:
2243         * runtime/AsyncFromSyncIteratorPrototype.cpp:
2244         (JSC::AsyncFromSyncIteratorPrototype::AsyncFromSyncIteratorPrototype):
2245         (JSC::AsyncFromSyncIteratorPrototype::finishCreation):
2246         (JSC::AsyncFromSyncIteratorPrototype::create):
2247         * runtime/AsyncFromSyncIteratorPrototype.h:
2248
2249 2019-01-31  Tadeu Zagallo  <tzagallo@apple.com>
2250
2251         Fix `runJITThreadLimitTests` in testapi
2252         https://bugs.webkit.org/show_bug.cgi?id=194064
2253         <rdar://problem/46139147>
2254
2255         Reviewed by Mark Lam.
2256
2257         Fix typo where `targetNumberOfThreads` was not being used.
2258
2259         * API/tests/testapi.mm:
2260         (runJITThreadLimitTests):
2261
2262 2019-01-31  Tadeu Zagallo  <tzagallo@apple.com>
2263
2264         testapi fails RELEASE_ASSERT(codeBlock) in fetchFromDisk() of CodeCache.h
2265         https://bugs.webkit.org/show_bug.cgi?id=194112
2266
2267         Reviewed by Mark Lam.
2268
2269         `testBytecodeCache` does not populate the bytecode cache for the global
2270         CodeBlock, so it should only enable `forceDiskCache` after its execution.
2271
2272         * API/tests/testapi.mm:
2273         (testBytecodeCache):
2274
2275 2019-01-31  Yusuke Suzuki  <ysuzuki@apple.com>
2276
2277         Unreviewed, follow-up after r240796
2278
2279         Initialize WriteBarrier<InferredValue> in the constructor. Otherwise, GC can see the broken one
2280         when allocating InferredValue in FunctionExecutable::finishCreation.
2281
2282         * runtime/FunctionExecutable.cpp:
2283         (JSC::FunctionExecutable::FunctionExecutable):
2284         (JSC::FunctionExecutable::finishCreation):
2285
2286 2019-01-31  Yusuke Suzuki  <ysuzuki@apple.com>
2287
2288         [JSC] Do not use InferredValue in non-JIT configuration
2289         https://bugs.webkit.org/show_bug.cgi?id=194084
2290
2291         Reviewed by Saam Barati.
2292
2293         InferredValue is not meaningful if our VM is non-JIT configuration. InferredValue is used to watch the instantiation of the  FunctionExecutable's
2294         JSFunction and SymbolTable's JSScope to explore the chance of folding them into constants in DFG and FTL. If it is instantiated only once, we can
2295         put a watchpoint and fold it into this constant. But if JIT is disabled, we do not need to care it.
2296         Even in non-JIT configuration, we still use InferredValue for FunctionExecutable to determine whether the given FunctionExecutable is preferable
2297         target for poly proto. If JSFunction for the FunctionExecutable is used as a constructor and instantiated more than once, poly proto Structure
2298         seems appropriate for objects created by this JSFunction. But at that time, only thing we would like to know is that whether JSFunction for this
2299         FunctionExecutable is instantiated multiple times. This does not require the full feature of InferredValue, WatchpointState is enough.
2300         To summarize, since nobody uses InferredValue feature in non-JIT configuration, we should not create it.
2301
2302         * bytecode/ObjectAllocationProfileInlines.h:
2303         (JSC::ObjectAllocationProfile::initializeProfile):
2304         * runtime/FunctionExecutable.cpp:
2305         (JSC::FunctionExecutable::finishCreation):
2306         (JSC::FunctionExecutable::visitChildren):
2307         * runtime/FunctionExecutable.h:
2308         * runtime/InferredValue.cpp:
2309         (JSC::InferredValue::create):
2310         * runtime/JSAsyncFunction.cpp:
2311         (JSC::JSAsyncFunction::create):
2312         * runtime/JSAsyncGeneratorFunction.cpp:
2313         (JSC::JSAsyncGeneratorFunction::create):
2314         * runtime/JSFunction.cpp:
2315         (JSC::JSFunction::create):
2316         * runtime/JSFunctionInlines.h:
2317         (JSC::JSFunction::createWithInvalidatedReallocationWatchpoint):
2318         * runtime/JSGeneratorFunction.cpp:
2319         (JSC::JSGeneratorFunction::create):
2320         * runtime/JSSymbolTableObject.h:
2321         (JSC::JSSymbolTableObject::setSymbolTable):
2322         * runtime/SymbolTable.cpp:
2323         (JSC::SymbolTable::finishCreation):
2324         * runtime/VM.cpp:
2325         (JSC::VM::VM):
2326
2327 2019-01-31  Fujii Hironori  <Hironori.Fujii@sony.com>
2328
2329         [CMake][JSC] Changing ud_opcode.py should trigger invoking ud_opcode.py
2330         https://bugs.webkit.org/show_bug.cgi?id=194085
2331
2332         Reviewed by Yusuke Suzuki.
2333
2334         r240730 changed ud_itab.py and caused incremental build failures
2335         for Ninja builds.
2336
2337         * CMakeLists.txt: Added ud_itab.py and optable.xml to UDIS_GEN_DEP.
2338
2339 2019-01-30  Yusuke Suzuki  <ysuzuki@apple.com>
2340
2341         [JSC] Symbol should be in destructibleCellSpace
2342         https://bugs.webkit.org/show_bug.cgi?id=194082
2343
2344         Reviewed by Saam Barati.
2345
2346         Because Symbol's member was not poisoned, we changed the subspace for Symbol from destructibleCellSpace
2347         to cellJSValueOOBSpace. But the problem is cellJSValueOOBSpace is a space for cells which are not
2348         destructible. As a result, Symbol::destroy is never called, and SymbolImpl is leaked. This patch makes
2349         Symbol's space destructibleCellSpace to appropriately call the destructor.
2350
2351         * runtime/Symbol.h:
2352
2353 2019-01-30  Michael Catanzaro  <mcatanzaro@igalia.com>
2354
2355         Unreviewed, rolling out r240755.
2356
2357         This was not correct
2358
2359         Reverted changeset:
2360
2361         "Unreviewed, fix GCC build after r240730"
2362         https://bugs.webkit.org/show_bug.cgi?id=194041
2363         https://trac.webkit.org/changeset/240755
2364
2365 2019-01-30  Michael Catanzaro  <mcatanzaro@igalia.com>
2366
2367         Unreviewed, fix GCC build after r240730
2368         https://bugs.webkit.org/show_bug.cgi?id=194041
2369         <rdar://problem/47680981>
2370
2371         * disassembler/udis86/ud_itab.py:
2372         (UdItabGenerator.genOpcodeTablesLookupIndex):
2373
2374 2019-01-30  Tadeu Zagallo  <tzagallo@apple.com>
2375
2376         testapi's `testBytecodeCache` does not need to run the code twice
2377         https://bugs.webkit.org/show_bug.cgi?id=194046
2378
2379         Reviewed by Mark Lam.
2380
2381         Since we populate the cache eagerly (unlike the stress tests) we don't
2382         need to run the code twice.
2383
2384         * API/tests/testapi.mm:
2385         (testBytecodeCache):
2386
2387 2019-01-30  Saam barati  <sbarati@apple.com>
2388
2389         [WebAssembly] Change BBQ to generate Air IR
2390         https://bugs.webkit.org/show_bug.cgi?id=191802
2391         <rdar://problem/47651718>
2392
2393         Reviewed by Keith Miller.
2394
2395         This patch adds a new Wasm compiler for the BBQ tier. Instead
2396         of compiling using  B3-01, we now generate Air code directly.
2397         The goal of doing this was to speed up compile times for Wasm
2398         programs.
2399         
2400         This patch provides us with a 20-30% compile time speedup. However, I
2401         have ideas on how to improve compile times even further. For example,
2402         we should probably implement a faster running register allocator:
2403         https://bugs.webkit.org/show_bug.cgi?id=194036
2404         
2405         We can also improve on the code we generate.
2406         We should emit better code for Switch: https://bugs.webkit.org/show_bug.cgi?id=194053
2407         And we should do better instruction selection in various
2408         areas: https://bugs.webkit.org/show_bug.cgi?id=193999
2409
2410         * JavaScriptCore.xcodeproj/project.pbxproj:
2411         * Sources.txt:
2412         * b3/B3LowerToAir.cpp:
2413         * b3/B3StackmapSpecial.h:
2414         * b3/air/AirCode.cpp:
2415         (JSC::B3::Air::Code::emitDefaultPrologue):
2416         * b3/air/AirCode.h:
2417         * b3/air/AirTmp.h:
2418         (JSC::B3::Air::Tmp::Tmp):
2419         * runtime/Options.h:
2420         * wasm/WasmAirIRGenerator.cpp: Added.
2421         (JSC::Wasm::ConstrainedTmp::ConstrainedTmp):
2422         (JSC::Wasm::TypedTmp::TypedTmp):
2423         (JSC::Wasm::TypedTmp::operator== const):
2424         (JSC::Wasm::TypedTmp::operator!= const):
2425         (JSC::Wasm::TypedTmp::operator bool const):
2426         (JSC::Wasm::TypedTmp::operator Tmp const):
2427         (JSC::Wasm::TypedTmp::operator Arg const):
2428         (JSC::Wasm::TypedTmp::tmp const):
2429         (JSC::Wasm::TypedTmp::type const):
2430         (JSC::Wasm::AirIRGenerator::ControlData::ControlData):
2431         (JSC::Wasm::AirIRGenerator::ControlData::dump const):
2432         (JSC::Wasm::AirIRGenerator::ControlData::type const):
2433         (JSC::Wasm::AirIRGenerator::ControlData::signature const):
2434         (JSC::Wasm::AirIRGenerator::ControlData::hasNonVoidSignature const):
2435         (JSC::Wasm::AirIRGenerator::ControlData::targetBlockForBranch):
2436         (JSC::Wasm::AirIRGenerator::ControlData::convertIfToBlock):
2437         (JSC::Wasm::AirIRGenerator::ControlData::resultForBranch const):
2438         (JSC::Wasm::AirIRGenerator::emptyExpression):
2439         (JSC::Wasm::AirIRGenerator::fail const):
2440         (JSC::Wasm::AirIRGenerator::setParser):
2441         (JSC::Wasm::AirIRGenerator::toTmpVector):
2442         (JSC::Wasm::AirIRGenerator::validateInst):
2443         (JSC::Wasm::AirIRGenerator::extractArg):
2444         (JSC::Wasm::AirIRGenerator::append):
2445         (JSC::Wasm::AirIRGenerator::appendEffectful):
2446         (JSC::Wasm::AirIRGenerator::newTmp):
2447         (JSC::Wasm::AirIRGenerator::g32):
2448         (JSC::Wasm::AirIRGenerator::g64):
2449         (JSC::Wasm::AirIRGenerator::f32):
2450         (JSC::Wasm::AirIRGenerator::f64):
2451         (JSC::Wasm::AirIRGenerator::tmpForType):
2452         (JSC::Wasm::AirIRGenerator::addPatchpoint):
2453         (JSC::Wasm::AirIRGenerator::emitPatchpoint):
2454         (JSC::Wasm::AirIRGenerator::emitCheck):
2455         (JSC::Wasm::AirIRGenerator::emitCCall):
2456         (JSC::Wasm::AirIRGenerator::moveOpForValueType):
2457         (JSC::Wasm::AirIRGenerator::instanceValue):
2458         (JSC::Wasm::AirIRGenerator::fixupPointerPlusOffset):
2459         (JSC::Wasm::AirIRGenerator::restoreWasmContextInstance):
2460         (JSC::Wasm::AirIRGenerator::AirIRGenerator):
2461         (JSC::Wasm::AirIRGenerator::restoreWebAssemblyGlobalState):
2462         (JSC::Wasm::AirIRGenerator::emitThrowException):
2463         (JSC::Wasm::AirIRGenerator::addLocal):
2464         (JSC::Wasm::AirIRGenerator::addConstant):
2465         (JSC::Wasm::AirIRGenerator::addArguments):
2466         (JSC::Wasm::AirIRGenerator::getLocal):
2467         (JSC::Wasm::AirIRGenerator::addUnreachable):
2468         (JSC::Wasm::AirIRGenerator::addGrowMemory):
2469         (JSC::Wasm::AirIRGenerator::addCurrentMemory):
2470         (JSC::Wasm::AirIRGenerator::setLocal):
2471         (JSC::Wasm::AirIRGenerator::getGlobal):
2472         (JSC::Wasm::AirIRGenerator::setGlobal):
2473         (JSC::Wasm::AirIRGenerator::emitCheckAndPreparePointer):
2474         (JSC::Wasm::sizeOfLoadOp):
2475         (JSC::Wasm::AirIRGenerator::emitLoadOp):
2476         (JSC::Wasm::AirIRGenerator::load):
2477         (JSC::Wasm::sizeOfStoreOp):
2478         (JSC::Wasm::AirIRGenerator::emitStoreOp):
2479         (JSC::Wasm::AirIRGenerator::store):
2480         (JSC::Wasm::AirIRGenerator::addSelect):
2481         (JSC::Wasm::AirIRGenerator::emitTierUpCheck):
2482         (JSC::Wasm::AirIRGenerator::addLoop):
2483         (JSC::Wasm::AirIRGenerator::addTopLevel):
2484         (JSC::Wasm::AirIRGenerator::addBlock):
2485         (JSC::Wasm::AirIRGenerator::addIf):
2486         (JSC::Wasm::AirIRGenerator::addElse):
2487         (JSC::Wasm::AirIRGenerator::addElseToUnreachable):
2488         (JSC::Wasm::AirIRGenerator::addReturn):
2489         (JSC::Wasm::AirIRGenerator::addBranch):
2490         (JSC::Wasm::AirIRGenerator::addSwitch):
2491         (JSC::Wasm::AirIRGenerator::endBlock):
2492         (JSC::Wasm::AirIRGenerator::addEndToUnreachable):
2493         (JSC::Wasm::AirIRGenerator::addCall):
2494         (JSC::Wasm::AirIRGenerator::addCallIndirect):
2495         (JSC::Wasm::AirIRGenerator::unify):
2496         (JSC::Wasm::AirIRGenerator::unifyValuesWithBlock):
2497         (JSC::Wasm::AirIRGenerator::dump):
2498         (JSC::Wasm::AirIRGenerator::origin):
2499         (JSC::Wasm::parseAndCompileAir):
2500         (JSC::Wasm::AirIRGenerator::emitChecksForModOrDiv):
2501         (JSC::Wasm::AirIRGenerator::emitModOrDiv):
2502         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32DivS>):
2503         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32RemS>):
2504         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32DivU>):
2505         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32RemU>):
2506         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64DivS>):
2507         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64RemS>):
2508         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64DivU>):
2509         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64RemU>):
2510         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Ctz>):
2511         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Ctz>):
2512         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Popcnt>):
2513         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Popcnt>):
2514         (JSC::Wasm::AirIRGenerator::addOp<F64ConvertUI64>):
2515         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32ConvertUI64>):
2516         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Nearest>):
2517         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Nearest>):
2518         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Trunc>):
2519         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Trunc>):
2520         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32TruncSF64>):
2521         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32TruncSF32>):
2522         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32TruncUF64>):
2523         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32TruncUF32>):
2524         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64TruncSF64>):
2525         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64TruncUF64>):
2526         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64TruncSF32>):
2527         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64TruncUF32>):
2528         (JSC::Wasm::AirIRGenerator::addShift):
2529         (JSC::Wasm::AirIRGenerator::addIntegerSub):
2530         (JSC::Wasm::AirIRGenerator::addFloatingPointAbs):
2531         (JSC::Wasm::AirIRGenerator::addFloatingPointBinOp):
2532         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Ceil>):
2533         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Mul>):
2534         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Sub>):
2535         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Le>):
2536         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32DemoteF64>):
2537         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Min>):
2538         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Ne>):
2539         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Lt>):
2540         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Max>):
2541         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Mul>):
2542         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Div>):
2543         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Clz>):
2544         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Copysign>):
2545         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64ConvertUI32>):
2546         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32ReinterpretI32>):
2547         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64And>):
2548         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Ne>):
2549         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Gt>):
2550         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Sqrt>):
2551         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Ge>):
2552         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64GtS>):
2553         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64GtU>):
2554         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Eqz>):
2555         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Div>):
2556         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Add>):
2557         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Or>):
2558         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32LeU>):
2559         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32LeS>):
2560         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Ne>):
2561         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Clz>):
2562         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Neg>):
2563         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32And>):
2564         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32LtU>):
2565         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Rotr>):
2566         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Abs>):
2567         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32LtS>):
2568         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Eq>):
2569         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Copysign>):
2570         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32ConvertSI64>):
2571         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Rotl>):
2572         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Lt>):
2573         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64ConvertSI32>):
2574         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Eq>):
2575         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Le>):
2576         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Ge>):
2577         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32ShrU>):
2578         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32ConvertUI32>):
2579         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32ShrS>):
2580         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32GeU>):
2581         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Ceil>):
2582         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32GeS>):
2583         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Shl>):
2584         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Floor>):
2585         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Xor>):
2586         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Abs>):
2587         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Min>):
2588         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Mul>):
2589         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Sub>):
2590         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32ReinterpretF32>):
2591         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Add>):
2592         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Sub>):
2593         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Or>):
2594         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64LtU>):
2595         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64LtS>):
2596         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64ConvertSI64>):
2597         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Xor>):
2598         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64GeU>):
2599         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Mul>):
2600         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Sub>):
2601         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64PromoteF32>):
2602         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Add>):
2603         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64GeS>):
2604         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64ExtendUI32>):
2605         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Ne>):
2606         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64ReinterpretI64>):
2607         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Eq>):
2608         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Eq>):
2609         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Floor>):
2610         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32ConvertSI32>):
2611         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Eqz>):
2612         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64ReinterpretF64>):
2613         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64ShrS>):
2614         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64ShrU>):
2615         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Sqrt>):
2616         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Shl>):
2617         (JSC::Wasm::AirIRGenerator::addOp<OpType::F32Gt>):
2618         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32WrapI64>):
2619         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Rotl>):
2620         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32Rotr>):
2621         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32GtU>):
2622         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64ExtendSI32>):
2623         (JSC::Wasm::AirIRGenerator::addOp<OpType::I32GtS>):
2624         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Neg>):
2625         (JSC::Wasm::AirIRGenerator::addOp<OpType::F64Max>):
2626         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64LeU>):
2627         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64LeS>):
2628         (JSC::Wasm::AirIRGenerator::addOp<OpType::I64Add>):
2629         * wasm/WasmAirIRGenerator.h: Added.
2630         * wasm/WasmB3IRGenerator.cpp:
2631         (JSC::Wasm::B3IRGenerator::emptyExpression):
2632         * wasm/WasmBBQPlan.cpp:
2633         (JSC::Wasm::BBQPlan::compileFunctions):
2634         * wasm/WasmCallingConvention.cpp:
2635         (JSC::Wasm::jscCallingConventionAir):
2636         (JSC::Wasm::wasmCallingConventionAir):
2637         * wasm/WasmCallingConvention.h:
2638         (JSC::Wasm::CallingConvention::CallingConvention):
2639         (JSC::Wasm::CallingConvention::marshallArgumentImpl const):
2640         (JSC::Wasm::CallingConvention::marshallArgument const):
2641         (JSC::Wasm::CallingConventionAir::CallingConventionAir):
2642         (JSC::Wasm::CallingConventionAir::prologueScratch const):
2643         (JSC::Wasm::CallingConventionAir::marshallArgumentImpl const):
2644         (JSC::Wasm::CallingConventionAir::marshallArgument const):
2645         (JSC::Wasm::CallingConventionAir::headerSizeInBytes):
2646         (JSC::Wasm::CallingConventionAir::loadArguments const):
2647         (JSC::Wasm::CallingConventionAir::setupCall const):
2648         (JSC::Wasm::nextJSCOffset):
2649         * wasm/WasmFunctionParser.h:
2650         (JSC::Wasm::FunctionParser<Context>::parseExpression):
2651         * wasm/WasmValidate.cpp:
2652         (JSC::Wasm::Validate::emptyExpression):
2653
2654 2019-01-30  Robin Morisset  <rmorisset@apple.com>
2655
2656         Object.keys can now lead to a PhantomNewArrayBuffer, OSR exit from the FTL should know how to materialize a NewArrayBuffer in that case
2657         https://bugs.webkit.org/show_bug.cgi?id=194050
2658         <rdar://problem/47595592>
2659
2660         Following https://bugs.webkit.org/show_bug.cgi?id=190047, PhantomNewArrayBuffer is no longer guaranteed to originate from a NewArrayBuffer in the baseline jit.
2661         It can now come from Object.keys, which is a function call. We must teach the FTL how to OSR exit in that case.
2662
2663         Reviewed by Yusuke Suzuki.
2664
2665         * ftl/FTLOperations.cpp:
2666         (JSC::FTL::operationMaterializeObjectInOSR):
2667
2668 2019-01-30  Tadeu Zagallo  <tzagallo@apple.com>
2669
2670         Remove assertion that CachedSymbolTables should have no RareData
2671         https://bugs.webkit.org/show_bug.cgi?id=194037
2672
2673         Reviewed by Mark Lam.
2674
2675         It turns out that we don't need to cache the SymbolTableRareData and
2676         we should not assert that it's empty.
2677
2678         * runtime/CachedTypes.cpp:
2679         (JSC::CachedSymbolTable::encode):
2680
2681 2019-01-30  Tadeu Zagallo  <tzagallo@apple.com>
2682
2683         CachedBytecode's move constructor should not call `freeDataIfOwned`
2684         https://bugs.webkit.org/show_bug.cgi?id=194045
2685
2686         Reviewed by Mark Lam.
2687
2688         That might result in freeing a garbage value
2689
2690         * parser/SourceProvider.h:
2691         (JSC::CachedBytecode::CachedBytecode):
2692
2693 2019-01-30  Keith Miller  <keith_miller@apple.com>
2694
2695         mul32 should convert powers of 2 to an lshift
2696         https://bugs.webkit.org/show_bug.cgi?id=193957
2697
2698         Reviewed by Yusuke Suzuki.
2699
2700         * assembler/MacroAssembler.h:
2701         (JSC::MacroAssembler::mul32):
2702         * assembler/testmasm.cpp:
2703         (JSC::int32Operands):
2704         (JSC::testMul32WithImmediates):
2705         (JSC::run):
2706
2707 2019-01-30  Yusuke Suzuki  <ysuzuki@apple.com>
2708
2709         [JSC] Make disassembler data structures constant read-only data
2710         https://bugs.webkit.org/show_bug.cgi?id=194041
2711
2712         Reviewed by Mark Lam.
2713
2714         Bunch of disassembler data structures are not marked "const", which prevents the loader to put them in read-only region.
2715         This patch makes them "const".
2716
2717         * disassembler/ARM64/A64DOpcode.cpp:
2718         * disassembler/udis86/ud_itab.py:
2719         (UdItabGenerator.genOpcodeTablesLookupIndex):
2720         (UdItabGenerator.genInsnTable):
2721         (UdItabGenerator.genMnemonicsList):
2722         (genItabH):
2723         * disassembler/udis86/udis86_decode.h:
2724         * disassembler/udis86/udis86_syn.c:
2725         * disassembler/udis86/udis86_syn.h:
2726         * disassembler/udis86/udis86_types.h:
2727
2728 2019-01-30  Yusuke Suzuki  <ysuzuki@apple.com>
2729
2730         Unreviewed, update the builtin test results
2731         https://bugs.webkit.org/show_bug.cgi?id=194015
2732
2733         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2734         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result:
2735         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result:
2736         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result:
2737         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2738         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result:
2739         * Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result:
2740         * Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
2741         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
2742         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2743         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2744         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2745         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2746
2747 2019-01-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2748
2749         [JSC] Make global static variables "const" as much as possible
2750         https://bugs.webkit.org/show_bug.cgi?id=194015
2751
2752         Reviewed by Mark Lam.
2753
2754         Some of global static variables are not "const". For example, `static const char* name = ...`
2755         is not constant variable. We should make it `static const char* const name = ...`.
2756
2757         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
2758         (generate_externs_for_object):
2759         * Scripts/wkbuiltins/builtins_generate_separate_header.py:
2760         (generate_externs_for_object):
2761         * Scripts/wkbuiltins/builtins_generator.py:
2762         (BuiltinsGenerator.generate_embedded_code_string_section_for_data):
2763         * assembler/MacroAssembler.h:
2764         (JSC::MacroAssembler::additionBlindedConstant):
2765         * b3/air/AirFormTable.h:
2766         * b3/air/opcode_generator.rb:
2767         * runtime/JSObject.cpp:
2768         (JSC::JSObject::visitButterfly):
2769         * tools/CodeProfile.cpp:
2770         * tools/CodeProfile.h:
2771
2772 2019-01-29  Keith Miller  <keith_miller@apple.com>
2773
2774         Remove default constructor from LLIntPrototypeLoadAdaptiveStructureWatchpoint
2775         https://bugs.webkit.org/show_bug.cgi?id=194000
2776         <rdar://problem/47642894>
2777
2778         Reviewed by Mark Lam.
2779
2780         default constructor is unused and
2781         LLIntPrototypeLoadAdaptiveStructureWatchpoint has a reference
2782         data member which causes sadness.
2783
2784         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
2785
2786 2019-01-29  Ross Kirsling  <ross.kirsling@sony.com>
2787
2788         Remove FIXME for Annex B.3.5's "for-of var" subcase.
2789
2790         Rubber-stamped by Yusuke Suzuki.
2791
2792         This subcase is removed from the spec in https://github.com/tc39/ecma262/pull/1393.
2793
2794         * parser/Parser.h:
2795         (JSC::Parser::declareHoistedVariable):
2796
2797 2019-01-29  Mark Lam  <mark.lam@apple.com>
2798
2799         Remove unneeded CPU(BIG_ENDIAN) handling in LLInt after new bytecode format.
2800         https://bugs.webkit.org/show_bug.cgi?id=132333
2801
2802         Reviewed by Yusuke Suzuki.
2803
2804         * bytecode/InstructionStream.h:
2805         (JSC::InstructionStreamWriter::write):
2806         - The 32-bit write() function need not invert the order of the bytes written to
2807           the bytecode stream for CPU(BUG_ENDIAN) because the incoming uint32_t value to
2808           be written is already in big endian order for CPU(BUG_ENDIAN) platforms.
2809
2810         * llint/LLIntOfflineAsmConfig.h:
2811         - OFFLINE_ASM_BIG_ENDIAN is no longer needed nor used after the new bytecode format.
2812
2813 2019-01-29  Mark Lam  <mark.lam@apple.com>
2814
2815         ValueRecovery::recover() should purify NaN values it recovers.
2816         https://bugs.webkit.org/show_bug.cgi?id=193978
2817         <rdar://problem/47625488>
2818
2819         Reviewed by Saam Barati.
2820
2821         According to DFG::OSRExit::executeOSRExit() and DFG::OSRExit::compileExit(),
2822         recovered DoubleDisplacedInJSStack values need to be purified.
2823         ValueRecovery::recover() should do the same.
2824
2825         * bytecode/ValueRecovery.cpp:
2826         (JSC::ValueRecovery::recover const):
2827
2828 2019-01-29  Yusuke Suzuki  <ysuzuki@apple.com>
2829
2830         [JSC] FTL should handle LocalAllocator*
2831         https://bugs.webkit.org/show_bug.cgi?id=193980
2832
2833         Reviewed by Saam Barati.
2834
2835         At some point, Allocator holds LocalAllocator* instead of 32bit integer. In FTL allocation path, we fail to use this constant LocalAllocator*
2836         because the FTL still use the incoming value as 32bit integer there.
2837
2838         * ftl/FTLLowerDFGToB3.cpp:
2839         (JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):
2840
2841 2019-01-29  Keith Rollin  <krollin@apple.com>
2842
2843         Add .xcfilelists to Run Script build phases
2844         https://bugs.webkit.org/show_bug.cgi?id=193792
2845         <rdar://problem/47201785>
2846
2847         Reviewed by Alex Christensen.
2848
2849         As part of supporting XCBuild, update the necessary Run Script build
2850         phases in their Xcode projects to refer to their associated
2851         .xcfilelist files.
2852
2853         Note that the addition of these files bumps the Xcode project version
2854         number to something that's Xcode 10 compatible. This change means that
2855         older versions of the Xcode IDE can't read these projects. Nor can it
2856         fully load workspaces that refer to these projects (the updated
2857         projects are shown as non-expandable placeholders). `xcodebuild` can
2858         still build these projects; it's just that the IDE can't open them.
2859
2860         * JavaScriptCore.xcodeproj/project.pbxproj:
2861
2862 2019-01-29  Dominik Infuehr  <dinfuehr@igalia.com>
2863
2864         [ARM] Check for negative zero instead of just zero
2865         https://bugs.webkit.org/show_bug.cgi?id=193689
2866
2867         Reviewed by Mark Lam.
2868
2869         ARM now performs a negative zero check in branchConvertDoubleToInt32 instead
2870         of just bailing out for zero.
2871
2872         * assembler/MacroAssemblerARMv7.h:
2873         (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
2874
2875 2019-01-28  Devin Rousso  <drousso@apple.com>
2876
2877         Web Inspector: provide a way to edit page WebRTC settings on a remote target
2878         https://bugs.webkit.org/show_bug.cgi?id=193863
2879         <rdar://problem/47572764>
2880
2881         Reviewed by Joseph Pecoraro.
2882
2883         * inspector/protocol/Page.json:
2884         Add more values to the `Setting` enum type:
2885          - `ICECandidateFilteringEnabled`
2886          - `MediaCaptureRequiresSecureConnection`
2887          - `MockCaptureDevicesEnabled`
2888
2889 2019-01-28  Ross Kirsling  <ross.kirsling@sony.com>
2890
2891         Remove unnecessary `using namespace WTF`s (or at least restrict their scope).
2892         https://bugs.webkit.org/show_bug.cgi?id=193941
2893
2894         Reviewed by Alex Christensen.
2895
2896         * API/JSWeakObjectMapRefPrivate.cpp:
2897         * bytecompiler/NodesCodegen.cpp:
2898         * heap/MachineStackMarker.cpp:
2899         * jit/ExecutableAllocator.cpp:
2900         * jsc.cpp:
2901         * parser/Nodes.cpp:
2902         * runtime/DateConstructor.cpp:
2903         * runtime/DateConversion.cpp:
2904         * runtime/DateInstance.cpp:
2905         * runtime/DatePrototype.cpp:
2906         * runtime/InitializeThreading.cpp:
2907         * runtime/IteratorOperations.cpp:
2908         * runtime/JSDateMath.cpp:
2909         * runtime/JSGlobalObjectFunctions.cpp:
2910         * runtime/StringPrototype.cpp:
2911         * runtime/VM.cpp:
2912         * testRegExp.cpp:
2913         * tools/JSDollarVM.cpp:
2914         * yarr/YarrInterpreter.cpp:
2915         * yarr/YarrJIT.cpp:
2916         * yarr/YarrPattern.cpp:
2917         * yarr/YarrUnicodeProperties.cpp:
2918
2919 2019-01-28  Yusuke Suzuki  <ysuzuki@apple.com>
2920
2921         [JSC] Reduce size of memory used for ShadowChicken
2922         https://bugs.webkit.org/show_bug.cgi?id=193546
2923
2924         Reviewed by Mark Lam.
2925
2926         This patch lazily instantiate ShadowChicken. We do not need this until we start logging ShadowChicken packets.
2927         The removal of ShadowChicken saves 55KB memory.
2928
2929         * debugger/DebuggerCallFrame.cpp:
2930         (JSC::DebuggerCallFrame::create):
2931         * ftl/FTLLowerDFGToB3.cpp:
2932         (JSC::FTL::DFG::LowerDFGToB3::ensureShadowChickenPacket):
2933         * heap/Heap.cpp:
2934         (JSC::Heap::stopThePeriphery):
2935         (JSC::Heap::addCoreConstraints):
2936         * jit/CCallHelpers.cpp:
2937         (JSC::CCallHelpers::ensureShadowChickenPacket):
2938         * jit/JITExceptions.cpp:
2939         (JSC::genericUnwind):
2940         * jit/JITOpcodes.cpp:
2941         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2942         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2943         * jit/JITOpcodes32_64.cpp:
2944         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2945         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2946         * jit/JITOperations.cpp:
2947         * llint/LLIntSlowPaths.cpp:
2948         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2949         * runtime/JSGlobalObject.cpp:
2950         (JSC::JSGlobalObject::setDebugger):
2951         * runtime/JSGlobalObject.h:
2952         (JSC::JSGlobalObject::setDebugger): Deleted.
2953         * runtime/VM.cpp:
2954         (JSC::VM::VM):
2955         (JSC::VM::ensureShadowChicken):
2956         * runtime/VM.h:
2957         (JSC::VM::shadowChicken):
2958         * tools/JSDollarVM.cpp:
2959         (JSC::functionShadowChickenFunctionsOnStack):
2960         (JSC::changeDebuggerModeWhenIdle):
2961
2962 2019-01-28  Andy Estes  <aestes@apple.com>
2963
2964         [watchOS] Enable Parental Controls content filtering
2965         https://bugs.webkit.org/show_bug.cgi?id=193939
2966         <rdar://problem/46641912>
2967
2968         Reviewed by Ryosuke Niwa.
2969
2970         * Configurations/FeatureDefines.xcconfig:
2971
2972 2019-01-28  Mark Lam  <mark.lam@apple.com>
2973
2974         ToString node actually does GC.
2975         https://bugs.webkit.org/show_bug.cgi?id=193920
2976         <rdar://problem/46695900>
2977
2978         Reviewed by Yusuke Suzuki.
2979
2980         Other than for StringObjectUse and StringOrStringObjectUse, ToString and
2981         CallStringConstructor can allocate new JSStrings, and hence, can GC.
2982
2983         * dfg/DFGDoesGC.cpp:
2984         (JSC::DFG::doesGC):
2985
2986 2019-01-28  Yusuke Suzuki  <ysuzuki@apple.com>
2987
2988         [JSC] RegExpConstructor should not have own IsoSubspace
2989         https://bugs.webkit.org/show_bug.cgi?id=193801
2990
2991         Reviewed by Mark Lam.
2992
2993         This patch finally removes RegExpConstructor's cached data to JSGlobalObject and remove IsoSubspace for RegExpConstructor.
2994         sizeof(RegExpConstructor) != sizeof(InternalFunction), so that we have 16KB memory just for RegExpConstructor. But cached
2995         regexp matching data (e.g. `RegExp.$1`) is per-JSGlobalObject one, and we can move this data to JSGlobalObject and remove
2996         it from RegExpConstructor members.
2997
2998         We introduce RegExpGlobalData, which holds the per-global RegExp matching data. And we perform `performMatch` etc. with
2999         JSGlobalObject instead of RegExpConstructor. This change requires small changes in DFG / FTL's RecordRegExpCachedResult
3000         node since its 1st argument is changed from RegExpConstructor to JSGlobalObject.
3001
3002         We also move emptyRegExp from RegExpPrototype to VM's RegExpCache because it is more natural place to put it.
3003
3004         * CMakeLists.txt:
3005         * JavaScriptCore.xcodeproj/project.pbxproj:
3006         * Sources.txt:
3007         * dfg/DFGOperations.cpp:
3008         * dfg/DFGSpeculativeJIT.cpp:
3009         (JSC::DFG::SpeculativeJIT::compileRecordRegExpCachedResult):
3010         * dfg/DFGStrengthReductionPhase.cpp:
3011         (JSC::DFG::StrengthReductionPhase::handleNode):
3012         * ftl/FTLAbstractHeapRepository.cpp:
3013         * ftl/FTLAbstractHeapRepository.h:
3014         * ftl/FTLLowerDFGToB3.cpp:
3015         (JSC::FTL::DFG::LowerDFGToB3::compileRecordRegExpCachedResult):
3016         * runtime/JSGlobalObject.cpp:
3017         (JSC::JSGlobalObject::init):
3018         (JSC::JSGlobalObject::visitChildren):
3019         * runtime/JSGlobalObject.h:
3020         (JSC::JSGlobalObject::regExpGlobalData):
3021         (JSC::JSGlobalObject::regExpGlobalDataOffset):
3022         (JSC::JSGlobalObject::regExpConstructor const): Deleted.
3023         * runtime/RegExpCache.cpp:
3024         (JSC::RegExpCache::initialize):
3025         * runtime/RegExpCache.h:
3026         (JSC::RegExpCache::emptyRegExp const):
3027         * runtime/RegExpCachedResult.cpp:
3028         (JSC::RegExpCachedResult::visitAggregate):
3029         (JSC::RegExpCachedResult::visitChildren): Deleted.
3030         * runtime/RegExpCachedResult.h:
3031         (JSC::RegExpCachedResult::RegExpCachedResult): Deleted.
3032         * runtime/RegExpConstructor.cpp:
3033         (JSC::RegExpConstructor::RegExpConstructor):
3034         (JSC::regExpConstructorDollar):
3035         (JSC::regExpConstructorInput):
3036         (JSC::regExpConstructorMultiline):
3037         (JSC::regExpConstructorLastMatch):
3038         (JSC::regExpConstructorLastParen):
3039         (JSC::regExpConstructorLeftContext):
3040         (JSC::regExpConstructorRightContext):
3041         (JSC::setRegExpConstructorInput):
3042         (JSC::setRegExpConstructorMultiline):
3043         (JSC::RegExpConstructor::destroy): Deleted.
3044         (JSC::RegExpConstructor::visitChildren): Deleted.
3045         (JSC::RegExpConstructor::getBackref): Deleted.
3046         (JSC::RegExpConstructor::getLastParen): Deleted.
3047         (JSC::RegExpConstructor::getLeftContext): Deleted.
3048         (JSC::RegExpConstructor::getRightContext): Deleted.
3049         * runtime/RegExpConstructor.h:
3050         (JSC::RegExpConstructor::performMatch): Deleted.
3051         (JSC::RegExpConstructor::recordMatch): Deleted.
3052         * runtime/RegExpGlobalData.cpp: Added.
3053         (JSC::RegExpGlobalData::visitAggregate):
3054         (JSC::RegExpGlobalData::getBackref):
3055         (JSC::RegExpGlobalData::getLastParen):
3056         (JSC::RegExpGlobalData::getLeftContext):
3057         (JSC::RegExpGlobalData::getRightContext):
3058         * runtime/RegExpGlobalData.h: Added.
3059         (JSC::RegExpGlobalData::cachedResult):
3060         (JSC::RegExpGlobalData::setMultiline):
3061         (JSC::RegExpGlobalData::multiline const):
3062         (JSC::RegExpGlobalData::input):
3063         (JSC::RegExpGlobalData::offsetOfCachedResult):
3064         * runtime/RegExpGlobalDataInlines.h: Added.
3065         (JSC::RegExpGlobalData::setInput):
3066         (JSC::RegExpGlobalData::performMatch):
3067         (JSC::RegExpGlobalData::recordMatch):
3068         * runtime/RegExpObject.cpp:
3069         (JSC::RegExpObject::matchGlobal):
3070         * runtime/RegExpObjectInlines.h:
3071         (JSC::RegExpObject::execInline):
3072         (JSC::RegExpObject::matchInline):
3073         (JSC::collectMatches):
3074         * runtime/RegExpPrototype.cpp:
3075         (JSC::RegExpPrototype::finishCreation):
3076         (JSC::regExpProtoFuncSearchFast):
3077         (JSC::RegExpPrototype::visitChildren): Deleted.
3078         * runtime/RegExpPrototype.h:
3079         * runtime/StringPrototype.cpp:
3080         (JSC::removeUsingRegExpSearch):
3081         (JSC::replaceUsingRegExpSearch):
3082         * runtime/VM.cpp:
3083         (JSC::VM::VM):
3084         * runtime/VM.h:
3085
3086 2018-12-15  Darin Adler  <darin@apple.com>
3087
3088         Replace many uses of String::format with more type-safe alternatives
3089         https://bugs.webkit.org/show_bug.cgi?id=192742
3090
3091         Reviewed by Mark Lam.
3092
3093         * inspector/InjectedScriptBase.cpp:
3094         (Inspector::InjectedScriptBase::makeCall): Use makeString.
3095         (Inspector::InjectedScriptBase::makeAsyncCall): Ditto.
3096         * inspector/InspectorBackendDispatcher.cpp:
3097         (Inspector::BackendDispatcher::getPropertyValue): Ditto.
3098         * inspector/agents/InspectorConsoleAgent.cpp:
3099         (Inspector::InspectorConsoleAgent::enable): Ditto.
3100         * jsc.cpp:
3101         (FunctionJSCStackFunctor::operator() const): Ditto.
3102
3103         * runtime/CodeCache.cpp:
3104         (JSC::writeCodeBlock): Use makeString's numeric capabilities instead of
3105         using String::number.
3106
3107         * runtime/IntlDateTimeFormat.cpp:
3108         (JSC::IntlDateTimeFormat::initializeDateTimeFormat): Use string concatenation.
3109         * runtime/IntlObject.cpp:
3110         (JSC::canonicalizeLocaleList): Ditto.
3111
3112 2019-01-27  Chris Fleizach  <cfleizach@apple.com>
3113
3114         AX: Introduce a static accessibility tree
3115         https://bugs.webkit.org/show_bug.cgi?id=193348
3116         <rdar://problem/47203295>
3117
3118         Reviewed by Ryosuke Niwa.
3119
3120         * Configurations/FeatureDefines.xcconfig:
3121
3122 2019-01-26  Devin Rousso  <drousso@apple.com>
3123
3124         Web Inspector: provide a way to edit the user agent of a remote target
3125         https://bugs.webkit.org/show_bug.cgi?id=193862
3126         <rdar://problem/47359292>
3127
3128         Reviewed by Joseph Pecoraro.
3129
3130         * inspector/protocol/Page.json:
3131         Add `overrideUserAgent` command.
3132
3133 2019-01-25  Yusuke Suzuki  <ysuzuki@apple.com>
3134
3135         [JSC] NativeErrorConstructor should not have own IsoSubspace
3136         https://bugs.webkit.org/show_bug.cgi?id=193713
3137
3138         Reviewed by Saam Barati.
3139
3140         This removes an additional member in NativeErrorConstructor, and make sizeof(NativeErrorConstructor) == sizeof(InternalFunction).
3141         We also make error constructors lazily allocated by using LazyClassStructure. Since error structures are not accessed from DFG / FTL
3142         threads, this is OK. While TypeError constructor is eagerly allocated because it is touched from our builtin JS as @TypeError, we should
3143         offer some function instead of exposing TypeError constructor in the future, and remove this @TypeError reference. This change removes
3144         IsoSubspace for NativeErrorConstructor in VM. We also remove @Error and @RangeError references for builtins since they are no longer
3145         referenced.
3146
3147         * CMakeLists.txt:
3148         * JavaScriptCore.xcodeproj/project.pbxproj:
3149         * Sources.txt:
3150         * builtins/BuiltinNames.h:
3151         * interpreter/Interpreter.h:
3152         * runtime/Error.cpp:
3153         (JSC::createEvalError):
3154         (JSC::createRangeError):
3155         (JSC::createReferenceError):
3156         (JSC::createSyntaxError):
3157         (JSC::createTypeError):
3158         (JSC::createURIError):
3159         (WTF::printInternal): Deleted.
3160         * runtime/Error.h:
3161         * runtime/ErrorPrototype.cpp:
3162         (JSC::ErrorPrototype::create):
3163         (JSC::ErrorPrototype::finishCreation):
3164         * runtime/ErrorPrototype.h:
3165         (JSC::ErrorPrototype::create): Deleted.
3166         * runtime/ErrorType.cpp: Added.
3167         (JSC::errorTypeName):
3168         (WTF::printInternal):
3169         * runtime/ErrorType.h: Added.
3170         * runtime/JSGlobalObject.cpp:
3171         (JSC::JSGlobalObject::initializeErrorConstructor):
3172         (JSC::JSGlobalObject::init):
3173         (JSC::JSGlobalObject::visitChildren):
3174         * runtime/JSGlobalObject.h:
3175         (JSC::JSGlobalObject::internalPromiseConstructor const):
3176         (JSC::JSGlobalObject::errorStructure const):
3177         (JSC::JSGlobalObject::evalErrorConstructor const): Deleted.
3178         (JSC::JSGlobalObject::rangeErrorConstructor const): Deleted.
3179         (JSC::JSGlobalObject::referenceErrorConstructor const): Deleted.
3180         (JSC::JSGlobalObject::syntaxErrorConstructor const): Deleted.
3181         (JSC::JSGlobalObject::typeErrorConstructor const): Deleted.
3182         (JSC::JSGlobalObject::URIErrorConstructor const): Deleted.
3183         * runtime/NativeErrorConstructor.cpp:
3184         (JSC::NativeErrorConstructor<errorType>::NativeErrorConstructor):
3185         (JSC::NativeErrorConstructorBase::finishCreation):
3186         (JSC::NativeErrorConstructor<errorType>::constructNativeErrorConstructor):
3187         (JSC::NativeErrorConstructor<errorType>::callNativeErrorConstructor):
3188         (JSC::NativeErrorConstructor::NativeErrorConstructor): Deleted.
3189         (JSC::NativeErrorConstructor::finishCreation): Deleted.
3190         (JSC::NativeErrorConstructor::visitChildren): Deleted.
3191         (JSC::Interpreter::constructWithNativeErrorConstructor): Deleted.
3192         (JSC::Interpreter::callNativeErrorConstructor): Deleted.
3193         * runtime/NativeErrorConstructor.h:
3194         (JSC::NativeErrorConstructorBase::createStructure):
3195         (JSC::NativeErrorConstructorBase::NativeErrorConstructorBase):
3196         * runtime/NativeErrorPrototype.cpp:
3197         (JSC::NativeErrorPrototype::finishCreation): Deleted.
3198         * runtime/NativeErrorPrototype.h:
3199         * runtime/VM.cpp:
3200         (JSC::VM::VM):
3201         * runtime/VM.h:
3202         * wasm/js/WasmToJS.cpp:
3203         (JSC::Wasm::handleBadI64Use):
3204
3205 2019-01-25  Devin Rousso  <drousso@apple.com>
3206
3207         Web Inspector: provide a way to edit page settings on a remote target
3208         https://bugs.webkit.org/show_bug.cgi?id=193813
3209         <rdar://problem/47359510>
3210
3211         Reviewed by Joseph Pecoraro.
3212
3213         * inspector/protocol/Page.json:
3214         Add `overrideSetting` command with supporting `Setting` enum type.
3215
3216 2019-01-25  Keith Rollin  <krollin@apple.com>
3217
3218         Update Xcode projects with "Check .xcfilelists" build phase
3219         https://bugs.webkit.org/show_bug.cgi?id=193790
3220         <rdar://problem/47201374>
3221
3222         Reviewed by Alex Christensen.
3223
3224         Support for XCBuild includes specifying inputs and outputs to various
3225         Run Script build phases. These inputs and outputs are specified as
3226         .xcfilelist files. Once created, these .xcfilelist files need to be
3227         kept up-to-date. In order to check that they are up-to-date or not,
3228         add an Xcode build step that invokes an external script that performs
3229         the checking. If the .xcfilelists are found to be out-of-date, update
3230         them, halt the build, and instruct the developer to restart the build
3231         with up-to-date files.
3232
3233         At this time, the checking and regenerating is performed only if the
3234         WK_ENABLE_CHECK_XCFILELISTS environment variable is set to 1. People
3235         who want to use this facility can set this variable and test out the
3236         checking/regenerating. Once it seems like there are no egregious
3237         issues that upset a developer's workflow, we'll unconditionally enable
3238         this facility.
3239
3240         * JavaScriptCore.xcodeproj/project.pbxproj:
3241         * Scripts/check-xcfilelists.sh: Added.
3242
3243 2019-01-25  Joseph Pecoraro  <pecoraro@apple.com>
3244
3245         Web Inspector: Exclude Debugger Threads from CPU Usage values in Web Inspector
3246         https://bugs.webkit.org/show_bug.cgi?id=193796
3247         <rdar://problem/47532910>
3248
3249         Reviewed by Devin Rousso.
3250
3251         * runtime/SamplingProfiler.cpp:
3252         (JSC::SamplingProfiler::machThread):
3253         * runtime/SamplingProfiler.h:
3254         Expose the mach_port_t of the SamplingProfiler thread
3255         so it can be tested against later.
3256
3257 2019-01-25  Alex Christensen  <achristensen@webkit.org>
3258
3259         Fix Windows build after r240511
3260
3261         * bytecode/UnlinkedFunctionExecutable.cpp:
3262         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
3263
3264 2019-01-25  Keith Rollin  <krollin@apple.com>
3265
3266         Update Xcode projects with "Apply Configuration to XCFileLists" build target
3267         https://bugs.webkit.org/show_bug.cgi?id=193781
3268         <rdar://problem/47201153>
3269
3270         Reviewed by Alex Christensen.
3271
3272         Part of generating the .xcfilelists used as part of adopting XCBuild
3273         includes running `make DerivedSources.make` from a standalone script.
3274         It’s important for this invocation to have the same environment as
3275         when the actual build invokes `make DerivedSources.make`. If the
3276         environments are different, then the two invocations will provide
3277         different results. In order to get the same environment in the
3278         standalone script, have the script launch xcodebuild targeting the
3279         "Apply Configuration to XCFileLists" build target, which will then
3280         re-invoke our standalone script. The script is now running again, this
3281         time in an environment with all workspace, project, target, xcconfig
3282         and other environment variables established.
3283
3284         The "Apply Configuration to XCFileLists" build target accomplishes
3285         this task via a small embedded shell script that consists only of:
3286
3287             eval "${WK_SUBLAUNCH_SCRIPT_PARAMETERS[@]}"
3288
3289         The process that invokes "Apply Configuration to XCFileLists" first
3290         sets WK_SUBLAUNCH_SCRIPT_PARAMETERS to an array of commands to be
3291         evaluated and exports it into the shell environment. When xcodebuild
3292         is invoked, it inherits the value of this variable and can `eval` the
3293         contents of that variable. Our external standalone script can then set
3294         WK_SUBLAUNCH_SCRIPT_PARAMETERS to the path to itself, along with a set
3295         of command-line parameters needed to restart itself in the appropriate
3296         state.
3297
3298         * JavaScriptCore.xcodeproj/project.pbxproj:
3299
3300 2019-01-25  Tadeu Zagallo  <tzagallo@apple.com>
3301
3302         Add API to generate and consume cached bytecode
3303         https://bugs.webkit.org/show_bug.cgi?id=193401
3304         <rdar://problem/47514099>
3305
3306         Reviewed by Keith Miller.
3307
3308         Add the `generateBytecode` and `generateModuleBytecode` functions to
3309         generate serialized bytecode for a given `SourceCode`. These functions
3310         will eagerly generate code for all the nested functions.
3311
3312         Additionally, update the API methods in JSScript to generate and use the
3313         bytecode when the bytecodeCache path is provided.
3314
3315         * API/JSAPIGlobalObject.mm:
3316         (JSC::JSAPIGlobalObject::moduleLoaderFetch):
3317         * API/JSContext.mm:
3318         (-[JSContext wrapperMap]):
3319         * API/JSContextInternal.h:
3320         * API/JSScript.mm:
3321         (+[JSScript scriptWithSource:inVirtualMachine:]):
3322         (+[JSScript scriptFromASCIIFile:inVirtualMachine:withCodeSigning:andBytecodeCache:]):
3323         (-[JSScript dealloc]):
3324         (-[JSScript readCache]):
3325         (-[JSScript writeCache]):
3326         (-[JSScript hash]):
3327         (-[JSScript source]):
3328         (-[JSScript cachedBytecode]):
3329         (-[JSScript jsSourceCode:]):
3330         * API/JSScriptInternal.h:
3331         * API/JSScriptSourceProvider.h: Copied from Source/JavaScriptCore/API/JSScriptInternal.h.
3332         (JSScriptSourceProvider::create):
3333         (JSScriptSourceProvider::JSScriptSourceProvider):
3334         * API/JSScriptSourceProvider.mm: Copied from Source/JavaScriptCore/API/JSScriptInternal.h.
3335         (JSScriptSourceProvider::hash const):
3336         (JSScriptSourceProvider::source const):
3337         (JSScriptSourceProvider::cachedBytecode const):
3338         * API/JSVirtualMachine.mm:
3339         (-[JSVirtualMachine vm]):
3340         * API/JSVirtualMachineInternal.h:
3341         * API/tests/testapi.mm:
3342         (testBytecodeCache):
3343         (-[JSContextFileLoaderDelegate context:fetchModuleForIdentifier:withResolveHandler:andRejectHandler:]):
3344         (testObjectiveCAPI):
3345         * JavaScriptCore.xcodeproj/project.pbxproj:
3346         * SourcesCocoa.txt:
3347         * bytecode/UnlinkedFunctionExecutable.cpp:
3348         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
3349         * bytecode/UnlinkedFunctionExecutable.h:
3350         * parser/SourceCodeKey.h:
3351         (JSC::SourceCodeKey::source const):
3352         * parser/SourceProvider.h:
3353         (JSC::CachedBytecode::CachedBytecode):
3354         (JSC::CachedBytecode::operator=):
3355         (JSC::CachedBytecode::data const):
3356         (JSC::CachedBytecode::size const):
3357         (JSC::CachedBytecode::owned const):
3358         (JSC::CachedBytecode::~CachedBytecode):
3359         (JSC::CachedBytecode::freeDataIfOwned):
3360         (JSC::SourceProvider::cachedBytecode const):
3361         * parser/UnlinkedSourceCode.h:
3362         (JSC::UnlinkedSourceCode::provider const):
3363         * runtime/CodeCache.cpp:
3364         (JSC::generateUnlinkedCodeBlockForFunctions):
3365       &n