WebAssembly: NFC s/goto/lambda/g
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-29  JF Bastien  <jfbastien@apple.com>
2
3         WebAssembly: NFC s/goto/lambda/g
4         https://bugs.webkit.org/show_bug.cgi?id=170242
5
6         Reviewed by Mark Lam.
7
8         Lambdas are more in-style than the goto I just used.
9
10         * wasm/WasmMemory.cpp:
11         (JSC::Wasm::tryGetFastMemory):
12
13 2017-03-28  Saam Barati  <sbarati@apple.com>
14
15         AssemblyHelpers should not have a VM field
16         https://bugs.webkit.org/show_bug.cgi?id=170207
17
18         Reviewed by Yusuke Suzuki.
19
20         APIs that need VM should take one as a parameter. When doing position
21         independent code for Wasm, we can't tie code generation to a VM.
22
23         * b3/B3Compile.cpp:
24         (JSC::B3::compile):
25         * b3/air/testair.cpp:
26         * b3/testb3.cpp:
27         (JSC::B3::testEntrySwitchSimple):
28         (JSC::B3::testEntrySwitchNoEntrySwitch):
29         (JSC::B3::testEntrySwitchWithCommonPaths):
30         (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
31         (JSC::B3::testEntrySwitchLoop):
32         * bytecode/AccessCase.cpp:
33         (JSC::AccessCase::generateWithGuard):
34         (JSC::AccessCase::generateImpl):
35         * bytecode/DOMJITAccessCasePatchpointParams.cpp:
36         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
37         * bytecode/InlineAccess.cpp:
38         (JSC::InlineAccess::dumpCacheSizesAndCrash):
39         (JSC::InlineAccess::generateSelfPropertyAccess):
40         (JSC::InlineAccess::generateSelfPropertyReplace):
41         (JSC::InlineAccess::generateArrayLength):
42         (JSC::InlineAccess::rewireStubAsJump):
43         * bytecode/InlineAccess.h:
44         * bytecode/PolymorphicAccess.cpp:
45         (JSC::AccessGenerationState::emitExplicitExceptionHandler):
46         (JSC::PolymorphicAccess::regenerate):
47         * bytecode/PolymorphicAccess.h:
48         (JSC::AccessGenerationState::AccessGenerationState):
49         * dfg/DFGJITCompiler.cpp:
50         (JSC::DFG::JITCompiler::JITCompiler):
51         (JSC::DFG::JITCompiler::compileExceptionHandlers):
52         (JSC::DFG::JITCompiler::link):
53         (JSC::DFG::JITCompiler::compile):
54         (JSC::DFG::JITCompiler::compileFunction):
55         (JSC::DFG::JITCompiler::exceptionCheck):
56         * dfg/DFGJITCompiler.h:
57         (JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
58         (JSC::DFG::JITCompiler::fastExceptionCheck):
59         (JSC::DFG::JITCompiler::vm):
60         * dfg/DFGOSRExitCompiler.cpp:
61         * dfg/DFGOSRExitCompiler.h:
62         * dfg/DFGOSRExitCompiler32_64.cpp:
63         (JSC::DFG::OSRExitCompiler::compileExit):
64         * dfg/DFGOSRExitCompiler64.cpp:
65         (JSC::DFG::OSRExitCompiler::compileExit):
66         * dfg/DFGOSRExitCompilerCommon.cpp:
67         (JSC::DFG::adjustAndJumpToTarget):
68         * dfg/DFGOSRExitCompilerCommon.h:
69         * dfg/DFGSpeculativeJIT.cpp:
70         (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
71         (JSC::DFG::SpeculativeJIT::checkArray):
72         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
73         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
74         (JSC::DFG::SpeculativeJIT::compileMakeRope):
75         (JSC::DFG::SpeculativeJIT::compileGetGlobalObject):
76         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
77         (JSC::DFG::SpeculativeJIT::compileCreateActivation):
78         (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
79         (JSC::DFG::SpeculativeJIT::compileSpread):
80         (JSC::DFG::SpeculativeJIT::compileArraySlice):
81         (JSC::DFG::SpeculativeJIT::compileNukeStructureAndSetButterfly):
82         (JSC::DFG::SpeculativeJIT::compileNewStringObject):
83         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
84         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
85         * dfg/DFGSpeculativeJIT.h:
86         (JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
87         (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
88         (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
89         (JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
90         * dfg/DFGSpeculativeJIT32_64.cpp:
91         (JSC::DFG::SpeculativeJIT::emitCall):
92         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
93         (JSC::DFG::SpeculativeJIT::emitBranch):
94         (JSC::DFG::SpeculativeJIT::compile):
95         * dfg/DFGSpeculativeJIT64.cpp:
96         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
97         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
98         (JSC::DFG::SpeculativeJIT::emitCall):
99         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
100         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
101         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
102         (JSC::DFG::SpeculativeJIT::emitBranch):
103         (JSC::DFG::SpeculativeJIT::compile):
104         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
105         * dfg/DFGThunks.cpp:
106         (JSC::DFG::osrEntryThunkGenerator):
107         * ftl/FTLCompile.cpp:
108         (JSC::FTL::compile):
109         * ftl/FTLJITFinalizer.h:
110         * ftl/FTLLazySlowPath.cpp:
111         (JSC::FTL::LazySlowPath::generate):
112         * ftl/FTLLazySlowPathCall.h:
113         (JSC::FTL::createLazyCallGenerator):
114         * ftl/FTLLink.cpp:
115         (JSC::FTL::link):
116         * ftl/FTLLowerDFGToB3.cpp:
117         (JSC::FTL::DFG::LowerDFGToB3::lower):
118         (JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
119         (JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
120         (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
121         (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
122         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
123         (JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
124         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
125         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
126         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
127         (JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull):
128         (JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
129         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
130         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
131         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
132         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
133         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
134         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
135         (JSC::FTL::DFG::LowerDFGToB3::buildTypeOf):
136         * ftl/FTLOSRExitCompiler.cpp:
137         (JSC::FTL::compileStub):
138         * ftl/FTLSlowPathCall.h:
139         (JSC::FTL::callOperation):
140         * ftl/FTLState.h:
141         (JSC::FTL::State::vm):
142         * ftl/FTLThunks.cpp:
143         (JSC::FTL::genericGenerationThunkGenerator):
144         (JSC::FTL::slowPathCallThunkGenerator):
145         * jit/AssemblyHelpers.cpp:
146         (JSC::AssemblyHelpers::jitReleaseAssertNoException):
147         (JSC::AssemblyHelpers::callExceptionFuzz):
148         (JSC::AssemblyHelpers::emitJumpIfException):
149         (JSC::AssemblyHelpers::emitExceptionCheck):
150         (JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
151         (JSC::AssemblyHelpers::emitLoadStructure):
152         (JSC::AssemblyHelpers::emitRandomThunk):
153         (JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
154         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
155         (JSC::AssemblyHelpers::debugCall):
156         * jit/AssemblyHelpers.h:
157         (JSC::AssemblyHelpers::AssemblyHelpers):
158         (JSC::AssemblyHelpers::codeBlock):
159         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
160         (JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMEntryFrameCalleeSavesBuffer):
161         (JSC::AssemblyHelpers::barrierBranch):
162         (JSC::AssemblyHelpers::barrierStoreLoadFence):
163         (JSC::AssemblyHelpers::mutatorFence):
164         (JSC::AssemblyHelpers::storeButterfly):
165         (JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):
166         (JSC::AssemblyHelpers::jumpIfMutatorFenceNotNeeded):
167         (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
168         (JSC::AssemblyHelpers::emitAllocateJSObject):
169         (JSC::AssemblyHelpers::emitAllocateVariableSizedCell):
170         (JSC::AssemblyHelpers::emitAllocateVariableSizedJSObject):
171         (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
172         (JSC::AssemblyHelpers::vm): Deleted.
173         (JSC::AssemblyHelpers::debugCall): Deleted.
174         * jit/CCallHelpers.cpp:
175         (JSC::CCallHelpers::ensureShadowChickenPacket):
176         * jit/CCallHelpers.h:
177         (JSC::CCallHelpers::CCallHelpers):
178         (JSC::CCallHelpers::jumpToExceptionHandler):
179         * jit/JIT.cpp:
180         (JSC::JIT::emitEnterOptimizationCheck):
181         (JSC::JIT::privateCompileExceptionHandlers):
182         * jit/JIT.h:
183         (JSC::JIT::exceptionCheck):
184         (JSC::JIT::exceptionCheckWithCallFrameRollback):
185         * jit/JITMathIC.h:
186         (JSC::JITMathIC::generateOutOfLine):
187         * jit/JITOpcodes.cpp:
188         (JSC::JIT::emit_op_instanceof):
189         (JSC::JIT::emit_op_is_undefined):
190         (JSC::JIT::emit_op_jfalse):
191         (JSC::JIT::emit_op_jeq_null):
192         (JSC::JIT::emit_op_jneq_null):
193         (JSC::JIT::emit_op_jtrue):
194         (JSC::JIT::emit_op_throw):
195         (JSC::JIT::emit_op_catch):
196         (JSC::JIT::emit_op_eq_null):
197         (JSC::JIT::emit_op_neq_null):
198         (JSC::JIT::emitSlow_op_loop_hint):
199         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
200         (JSC::JIT::emit_op_log_shadow_chicken_tail):
201         * jit/JITOpcodes32_64.cpp:
202         (JSC::JIT::privateCompileCTINativeCall):
203         (JSC::JIT::emit_op_new_object):
204         (JSC::JIT::emit_op_jfalse):
205         (JSC::JIT::emit_op_jtrue):
206         (JSC::JIT::emit_op_throw):
207         (JSC::JIT::emit_op_catch):
208         (JSC::JIT::emit_op_create_this):
209         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
210         (JSC::JIT::emit_op_log_shadow_chicken_tail):
211         * jit/JITPropertyAccess.cpp:
212         (JSC::JIT::emitWriteBarrier):
213         * jit/JSInterfaceJIT.h:
214         (JSC::JSInterfaceJIT::JSInterfaceJIT):
215         (JSC::JSInterfaceJIT::vm):
216         * jit/Repatch.cpp:
217         (JSC::tryCacheGetByID):
218         (JSC::tryCachePutByID):
219         (JSC::linkPolymorphicCall):
220         (JSC::resetGetByID):
221         (JSC::resetPutByID):
222         * jit/SetupVarargsFrame.cpp:
223         (JSC::emitSetupVarargsFrameFastCase):
224         * jit/SetupVarargsFrame.h:
225         * jit/SpecializedThunkJIT.h:
226         (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
227         * jit/ThunkGenerators.cpp:
228         (JSC::throwExceptionFromCallSlowPathGenerator):
229         (JSC::linkCallThunkGenerator):
230         (JSC::linkPolymorphicCallThunkGenerator):
231         (JSC::virtualThunkFor):
232         (JSC::nativeForGenerator):
233         (JSC::randomThunkGenerator):
234         (JSC::boundThisNoArgsFunctionCallGenerator):
235         (JSC::throwExceptionFromWasmThunkGenerator):
236         * wasm/WasmB3IRGenerator.cpp:
237         (JSC::Wasm::parseAndCompile):
238         * wasm/WasmBinding.cpp:
239         (JSC::Wasm::wasmToJs):
240         (JSC::Wasm::wasmToWasm):
241
242 2017-03-28  Keith Miller  <keith_miller@apple.com>
243
244         WebAssembly: We should have Origins
245         https://bugs.webkit.org/show_bug.cgi?id=170217
246
247         Reviewed by Mark Lam.
248
249         This patch adds wasm origins for B3::Values, called OpcodeOrigin. Currently,
250         OpcodeOrigin just tracks the original opcode and the location of that opcode.
251
252         Here's a sample:
253
254         BB#0: ; frequency = 1.000000
255             Int64 @4 = Patchpoint(generator = 0x10f487fa8, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister)
256             Int64 @5 = FramePointer()
257             Void @8 = Store(@4, @5, offset = 24, ControlDependent|Writes:Top)
258             Int64 @10 = Const64(0)
259             Void @12 = Store($0(@10), @5, offset = 16, ControlDependent|Writes:Top)
260             Int64 @13 = Patchpoint(generator = 0x10f4be7f0, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister, ExitsSideways|ControlDependent|WritesPinned|ReadsPinned|Fence|Writes:Top|Reads:Top)
261             Int64 @16 = ArgumentReg(%rdi)
262             Int64 @18 = ArgumentReg(%rsi)
263             Int32 @22 = Trunc(@18, Wasm: {opcode: I64Rotl, location: 5})
264             Int64 @23 = RotL(@16, @22, Wasm: {opcode: I64Rotl, location: 5})
265             Void @27 = Return(@23, Terminal, Wasm: {opcode: End, location: 6})
266
267         * JavaScriptCore.xcodeproj/project.pbxproj:
268         * b3/B3Value.cpp:
269         (JSC::B3::Value::deepDump):
270         * wasm/WasmB3IRGenerator.cpp:
271         (JSC::Wasm::B3IRGenerator::setParser):
272         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
273         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
274         (JSC::Wasm::B3IRGenerator::emitLoadOp):
275         (JSC::Wasm::B3IRGenerator::emitStoreOp):
276         (JSC::Wasm::B3IRGenerator::addConstant):
277         (JSC::Wasm::B3IRGenerator::addLoop):
278         (JSC::Wasm::B3IRGenerator::unify):
279         (JSC::Wasm::parseAndCompile):
280         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
281         (JSC::Wasm::getMemoryBaseAndSize): Deleted.
282         * wasm/WasmFunctionParser.h:
283         (JSC::Wasm::FunctionParser::currentOpcode):
284         (JSC::Wasm::FunctionParser::currentOpcodeStartingOffset):
285         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
286         * wasm/WasmOpcodeOrigin.cpp: Added.
287         (JSC::Wasm::OpcodeOrigin::dump):
288         * wasm/WasmOpcodeOrigin.h: Added.
289         (JSC::Wasm::OpcodeOrigin::OpcodeOrigin):
290         * wasm/WasmValidate.cpp:
291         (JSC::Wasm::Validate::setParser):
292         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
293         (CodeGenerator.generate):
294         (generateB3OpCode):
295         (generateConstCode):
296
297 2017-03-28  JF Bastien  <jfbastien@apple.com>
298
299         WebAssembly: option to crash if no fast memory is available
300         https://bugs.webkit.org/show_bug.cgi?id=170219
301
302         Reviewed by Mark Lam.
303
304         * runtime/Options.h:
305         * wasm/WasmMemory.cpp:
306         (JSC::Wasm::webAssemblyCouldntGetFastMemory):
307         (JSC::Wasm::tryGetFastMemory):
308
309 2017-03-28  Mark Lam  <mark.lam@apple.com>
310
311         The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
312         https://bugs.webkit.org/show_bug.cgi?id=170213
313         <rdar://problem/30755345>
314
315         Reviewed by Filip Pizlo.
316
317         The current condition for stealing the conn isn't tight enough.  Restricting the
318         stealing to when m_currentPhase == NotRunning ensures that the Collector is
319         really done running.
320
321         No test because this issue only manifests with a race condition that is difficult
322         to reproduce on demand.
323
324         * heap/Heap.cpp:
325         (JSC::Heap::requestCollection):
326
327 2017-03-28  Keith Miller  <keith_miller@apple.com>
328
329         WebAssembly: Make WebAssembly.instantiate/compile truly asynchronous
330         https://bugs.webkit.org/show_bug.cgi?id=169187
331
332         Reviewed by Saam Barati.
333
334         This patch allows WebAssembly compilations to happen asynchronously.
335         To do so, it refactors how much of the compilation happens and adds
336         new infrastructure for async promises.
337
338         First, there is a new class, PromiseDeferredTimer that lives on
339         the VM.  PromiseDeferredTimer will manage the life-cycle of async
340         pending promises and any dependencies that promise
341         needs. PromiseDeferredTimer automagically releases the pending
342         promise and dependencies once the JSPromiseDeferred is resolved or
343         rejected. Additionally, PromiseDeferredTimer provides a mechanism
344         to poll the run-loop whenever the async task needs to synchronize
345         with the JS thread. Normally, that will be whenever the async task
346         finishes. In the case of Web Assembly we also use this feature for
347         the compile + instantiate case, where we might have more work
348         after the first async task completes (more on that later).
349
350         The next class is Wasm::Worklist, which is used to manage Wasm
351         compilation tasks. The worklist class works similarly to the
352         DFG/FTL Worklists. It has a pool of threads that it manages. One
353         interesting aspect of Wasm Worklist is that it can synchronously
354         compile a plan that is already potentially running
355         asynchronously. This can occur if a user calls
356         WebAssembly.instantiate() then new WebAssembly.instantiate() on
357         the same module. In that case the Wasm Worklist will bump the
358         priority of the running pending Plan and block the JS thread.
359
360         This patch also makes some of the Wasm Plan code cleaner. Since we
361         now defer all compilation to instantiation time, we no longer need
362         to guess at which memory we are going to get. Also, Wasm Plans now
363         track the work they have done with a state enum.
364
365         Finally, this patch makes renamed HeapTimer to JSRunLoopTimer. It
366         also adds changes test262AsyncTest to a more generic testing
367         infrastructure. Now, in addition to the old functionality, you can
368         call asyncTest() with the number of tests you expect. When the jsc
369         CLI exits, it will guarantee that asyncTestPassed() is called that
370         many times.
371
372         * CMakeLists.txt:
373         * JavaScriptCore.xcodeproj/project.pbxproj:
374         * heap/GCActivityCallback.h:
375         * heap/IncrementalSweeper.cpp:
376         (JSC::IncrementalSweeper::scheduleTimer):
377         (JSC::IncrementalSweeper::IncrementalSweeper):
378         * heap/IncrementalSweeper.h:
379         * heap/StopIfNecessaryTimer.cpp:
380         (JSC::StopIfNecessaryTimer::StopIfNecessaryTimer):
381         * heap/StopIfNecessaryTimer.h:
382         * heap/StrongInlines.h:
383         * jsc.cpp:
384         (GlobalObject::finishCreation):
385         (printInternal):
386         (functionAsyncTestStart):
387         (functionAsyncTestPassed):
388         (functionTestWasmModuleFunctions):
389         (CommandLine::parseArguments):
390         (runJSC):
391         * runtime/JSPromiseDeferred.cpp:
392         (JSC::JSPromiseDeferred::resolve):
393         (JSC::JSPromiseDeferred::reject):
394         * runtime/JSPromiseDeferred.h:
395         (JSC::JSPromiseDeferred::promiseAsyncPending):
396         * runtime/JSRunLoopTimer.cpp: Renamed from Source/JavaScriptCore/heap/HeapTimer.cpp.
397         (JSC::JSRunLoopTimer::JSRunLoopTimer):
398         (JSC::JSRunLoopTimer::setRunLoop):
399         (JSC::JSRunLoopTimer::~JSRunLoopTimer):
400         (JSC::JSRunLoopTimer::timerDidFire):
401         (JSC::JSRunLoopTimer::scheduleTimer):
402         (JSC::JSRunLoopTimer::cancelTimer):
403         (JSC::JSRunLoopTimer::invalidate):
404         * runtime/JSRunLoopTimer.h: Copied from Source/JavaScriptCore/heap/HeapTimer.h.
405         * runtime/Options.h:
406         * runtime/PromiseDeferredTimer.cpp: Added.
407         (JSC::PromiseDeferredTimer::PromiseDeferredTimer):
408         (JSC::PromiseDeferredTimer::doWork):
409         (JSC::PromiseDeferredTimer::runRunLoop):
410         (JSC::PromiseDeferredTimer::addPendingPromise):
411         (JSC::PromiseDeferredTimer::cancelPendingPromise):
412         (JSC::PromiseDeferredTimer::scheduleWorkSoon):
413         (JSC::PromiseDeferredTimer::scheduleBlockedTask):
414         * runtime/PromiseDeferredTimer.h: Renamed from Source/JavaScriptCore/heap/HeapTimer.h.
415         (JSC::PromiseDeferredTimer::stopRunningTasks):
416         * runtime/VM.cpp:
417         (JSC::VM::VM):
418         (JSC::VM::~VM):
419         * runtime/VM.h:
420         * wasm/JSWebAssembly.cpp:
421         (JSC::reject):
422         (JSC::webAssemblyCompileFunc):
423         (JSC::resolve):
424         (JSC::instantiate):
425         (JSC::compileAndInstantiate):
426         (JSC::webAssemblyInstantiateFunc):
427         (JSC::webAssemblyValidateFunc):
428         * wasm/WasmB3IRGenerator.cpp:
429         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
430         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
431         (JSC::Wasm::B3IRGenerator::memoryKind):
432         (JSC::Wasm::parseAndCompile):
433         * wasm/WasmB3IRGenerator.h:
434         * wasm/WasmFormat.h:
435         (JSC::Wasm::ModuleInformation::internalFunctionCount):
436         * wasm/WasmFunctionParser.h:
437         * wasm/WasmMemory.h:
438         * wasm/WasmMemoryInformation.cpp:
439         (JSC::Wasm::MemoryInformation::MemoryInformation):
440         * wasm/WasmMemoryInformation.h:
441         (JSC::Wasm::MemoryInformation::maximum):
442         (JSC::Wasm::MemoryInformation::hasReservedMemory): Deleted.
443         (JSC::Wasm::MemoryInformation::takeReservedMemory): Deleted.
444         (JSC::Wasm::MemoryInformation::mode): Deleted.
445         * wasm/WasmModuleParser.cpp:
446         * wasm/WasmModuleParser.h:
447         (JSC::Wasm::ModuleParser::ModuleParser):
448         * wasm/WasmPlan.cpp:
449         (JSC::Wasm::Plan::Plan):
450         (JSC::Wasm::Plan::stateString):
451         (JSC::Wasm::Plan::moveToState):
452         (JSC::Wasm::Plan::fail):
453         (JSC::Wasm::Plan::parseAndValidateModule):
454         (JSC::Wasm::Plan::prepare):
455         (JSC::Wasm::Plan::ThreadCountHolder::ThreadCountHolder):
456         (JSC::Wasm::Plan::ThreadCountHolder::~ThreadCountHolder):
457         (JSC::Wasm::Plan::compileFunctions):
458         (JSC::Wasm::Plan::complete):
459         (JSC::Wasm::Plan::waitForCompletion):
460         (JSC::Wasm::Plan::cancel):
461         (JSC::Wasm::Plan::run): Deleted.
462         (JSC::Wasm::Plan::initializeCallees): Deleted.
463         * wasm/WasmPlan.h:
464         (JSC::Wasm::Plan::dontFinalize):
465         (JSC::Wasm::Plan::exports):
466         (JSC::Wasm::Plan::internalFunctionCount):
467         (JSC::Wasm::Plan::takeModuleInformation):
468         (JSC::Wasm::Plan::takeCallLinkInfos):
469         (JSC::Wasm::Plan::takeWasmExitStubs):
470         (JSC::Wasm::Plan::setModeAndPromise):
471         (JSC::Wasm::Plan::mode):
472         (JSC::Wasm::Plan::pendingPromise):
473         (JSC::Wasm::Plan::vm):
474         (JSC::Wasm::Plan::errorMessage):
475         (JSC::Wasm::Plan::failed):
476         (JSC::Wasm::Plan::hasWork):
477         (JSC::Wasm::Plan::hasBeenPrepared):
478         * wasm/WasmPlanInlines.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
479         (JSC::Wasm::Plan::initializeCallees):
480         * wasm/WasmValidate.cpp:
481         * wasm/WasmWorklist.cpp: Added.
482         (JSC::Wasm::Worklist::priorityString):
483         (JSC::Wasm::Worklist::QueueElement::setToNextPriority):
484         (JSC::Wasm::Worklist::iterate):
485         (JSC::Wasm::Worklist::enqueue):
486         (JSC::Wasm::Worklist::completePlanSynchronously):
487         (JSC::Wasm::Worklist::stopAllPlansForVM):
488         (JSC::Wasm::Worklist::Worklist):
489         (JSC::Wasm::Worklist::~Worklist):
490         (JSC::Wasm::existingWorklistOrNull):
491         (JSC::Wasm::ensureWorklist):
492         * wasm/WasmWorklist.h: Added.
493         (JSC::Wasm::Worklist::nextTicket):
494         (JSC::Wasm::Worklist::Comparator::operator()):
495         * wasm/js/JSWebAssemblyCallee.h:
496         * wasm/js/JSWebAssemblyCodeBlock.cpp:
497         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
498         (JSC::JSWebAssemblyCodeBlock::initialize):
499         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
500         * wasm/js/JSWebAssemblyCodeBlock.h:
501         (JSC::JSWebAssemblyCodeBlock::create):
502         (JSC::JSWebAssemblyCodeBlock::initialized):
503         (JSC::JSWebAssemblyCodeBlock::plan):
504         (JSC::JSWebAssemblyCodeBlock::runnable):
505         (JSC::JSWebAssemblyCodeBlock::errorMessage):
506         (JSC::JSWebAssemblyCodeBlock::callees):
507         * wasm/js/JSWebAssemblyHelpers.h:
508         (JSC::createSourceBufferFromValue):
509         * wasm/js/JSWebAssemblyInstance.cpp:
510         (JSC::JSWebAssemblyInstance::finishCreation):
511         (JSC::JSWebAssemblyInstance::visitChildren):
512         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
513         (JSC::JSWebAssemblyInstance::finalizeCreation):
514         (JSC::JSWebAssemblyInstance::create):
515         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
516         * wasm/js/JSWebAssemblyInstance.h:
517         (JSC::JSWebAssemblyInstance::codeBlock):
518         (JSC::JSWebAssemblyInstance::initialized):
519         (JSC::JSWebAssemblyInstance::module):
520         (JSC::JSWebAssemblyInstance::importFunction):
521         (JSC::JSWebAssemblyInstance::setMemory):
522         (JSC::JSWebAssemblyInstance::table):
523         (JSC::JSWebAssemblyInstance::importFunctions):
524         (JSC::JSWebAssemblyInstance::setImportFunction): Deleted.
525         (JSC::JSWebAssemblyInstance::setTable): Deleted.
526         * wasm/js/JSWebAssemblyModule.cpp:
527         (JSC::JSWebAssemblyModule::createStub):
528         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
529         (JSC::JSWebAssemblyModule::finishCreation):
530         (JSC::JSWebAssemblyModule::setCodeBlock):
531         (JSC::JSWebAssemblyModule::buildCodeBlock): Deleted.
532         (JSC::JSWebAssemblyModule::create): Deleted.
533         (JSC::JSWebAssemblyModule::codeBlock): Deleted.
534         * wasm/js/JSWebAssemblyModule.h:
535         (JSC::JSWebAssemblyModule::moduleInformation):
536         (JSC::JSWebAssemblyModule::codeBlock):
537         (JSC::JSWebAssemblyModule::source):
538         (JSC::JSWebAssemblyModule::takeReservedMemory): Deleted.
539         (JSC::JSWebAssemblyModule::codeBlockFor): Deleted.
540         * wasm/js/WebAssemblyInstanceConstructor.cpp:
541         (JSC::constructJSWebAssemblyInstance):
542         (JSC::WebAssemblyInstanceConstructor::createInstance): Deleted.
543         * wasm/js/WebAssemblyModuleConstructor.cpp:
544         (JSC::WebAssemblyModuleConstructor::createModule):
545         * wasm/js/WebAssemblyModulePrototype.cpp:
546         (JSC::webAssemblyModuleProtoImports):
547         (JSC::webAssemblyModuleProtoExports):
548         * wasm/js/WebAssemblyModuleRecord.cpp:
549         (JSC::WebAssemblyModuleRecord::finishCreation):
550         (JSC::WebAssemblyModuleRecord::link):
551         (JSC::WebAssemblyModuleRecord::evaluate):
552         * wasm/js/WebAssemblyModuleRecord.h:
553
554 2017-03-28  Yusuke Suzuki  <utatane.tea@gmail.com>
555
556         WebAssembly: add fallback to use pinned register to load/store state
557         https://bugs.webkit.org/show_bug.cgi?id=169773
558
559         Reviewed by Saam Barati.
560
561         This patch adds a new pinned register to hold JSWebAssemblyInstance,
562         which is used to represent the context of running Wasm code.
563         While we use fast TLS to hold the context in macOS, we do not have
564         any system reserved fast TLS slot in the other systems. This pinned
565         register approach is used in these systems. These changes decouple
566         VM from Wasm module to make Wasm module position independent code.
567
568         While using fast TLS could be beneficial in x64 systems which number of
569         registers is relatively small, pinned register approach could be
570         beneficial in ARM64 which has plenty of registers. In macOS, we can
571         switch the implementation with the runtime flag. Thus macOS port can
572         compare the performance and decide which implementation is used after
573         landing this patch.
574
575         * heap/MarkedBlock.h:
576         (JSC::MarkedBlock::offsetOfVM):
577         * jit/AssemblyHelpers.cpp:
578         (JSC::AssemblyHelpers::loadWasmContext):
579         (JSC::AssemblyHelpers::storeWasmContext):
580         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
581         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
582         * jit/AssemblyHelpers.h:
583         (JSC::AssemblyHelpers::loadWasmContext): Deleted.
584         (JSC::AssemblyHelpers::storeWasmContext): Deleted.
585         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister): Deleted.
586         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister): Deleted.
587         * jit/Repatch.cpp:
588         (JSC::webAssemblyOwner):
589         (JSC::linkFor):
590         (JSC::linkPolymorphicCall):
591         (JSC::isWebAssemblyToJSCallee): Deleted.
592         * jit/ThunkGenerators.cpp:
593         (JSC::throwExceptionFromWasmThunkGenerator):
594         * llint/LLIntData.cpp:
595         (JSC::LLInt::Data::performAssertions):
596         * llint/LowLevelInterpreter.asm:
597         * runtime/JSCell.cpp:
598         (JSC::JSCell::isAnyWasmCallee):
599         * runtime/JSCellInlines.h:
600         (JSC::isWebAssemblyToJSCallee):
601         * runtime/JSType.h:
602         * runtime/StackFrame.cpp:
603         (JSC::StackFrame::functionName):
604         * runtime/VM.cpp:
605         (JSC::VM::VM):
606         * runtime/VM.h:
607         (JSC::VM::wasmContextOffset):
608         * wasm/WasmB3IRGenerator.cpp:
609         (JSC::Wasm::B3IRGenerator::materializeWasmContext):
610         (JSC::Wasm::B3IRGenerator::restoreWasmContext):
611         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
612         (JSC::Wasm::getMemoryBaseAndSize):
613         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
614         (JSC::Wasm::createJSToWasmWrapper):
615         (JSC::Wasm::loadWasmContext): Deleted.
616         (JSC::Wasm::storeWasmContext): Deleted.
617         (JSC::Wasm::restoreWebAssemblyGlobalState): Deleted.
618         * wasm/WasmBinding.cpp:
619         (JSC::Wasm::wasmToJs):
620         * wasm/WasmContext.cpp:
621         (JSC::loadWasmContext):
622         (JSC::storeWasmContext):
623         * wasm/WasmContext.h:
624         * wasm/WasmMemoryInformation.cpp:
625         (JSC::Wasm::getPinnedRegisters):
626         (JSC::Wasm::PinnedRegisterInfo::get):
627         (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
628         * wasm/WasmMemoryInformation.h:
629         (JSC::Wasm::PinnedRegisterInfo::toSave):
630         (JSC::Wasm::useFastTLS):
631         (JSC::Wasm::useFastTLSForWasmContext):
632         * wasm/js/JSWebAssemblyInstance.cpp:
633         (JSC::JSWebAssemblyInstance::finishCreation):
634         (JSC::JSWebAssemblyInstance::visitChildren):
635         * wasm/js/JSWebAssemblyInstance.h:
636         (JSC::JSWebAssemblyInstance::offsetOfCallee):
637         * wasm/js/JSWebAssemblyModule.cpp:
638         (JSC::JSWebAssemblyModule::finishCreation):
639         (JSC::JSWebAssemblyModule::visitChildren):
640         * wasm/js/JSWebAssemblyModule.h:
641         (JSC::JSWebAssemblyModule::callee):
642         * wasm/js/WebAssemblyFunction.cpp:
643         (JSC::callWebAssemblyFunction):
644         (JSC::WebAssemblyFunction::create):
645         * wasm/js/WebAssemblyToJSCallee.cpp:
646         (JSC::WebAssemblyToJSCallee::create):
647         (JSC::WebAssemblyToJSCallee::createStructure):
648         (JSC::WebAssemblyToJSCallee::finishCreation):
649         (JSC::WebAssemblyToJSCallee::visitChildren):
650         (JSC::WebAssemblyToJSCallee::destroy): Deleted.
651         * wasm/js/WebAssemblyToJSCallee.h:
652
653 2017-03-28  Brian Burg  <bburg@apple.com>
654
655         Web Inspector: Add "Disable Caches" option that only applies to the inspected page while Web Inspector is open
656         https://bugs.webkit.org/show_bug.cgi?id=169865
657         <rdar://problem/31250573>
658
659         Reviewed by Joseph Pecoraro.
660
661         * inspector/protocol/Network.json:
662         Rename the command for disabling resource caching to match the WebCore::Page
663         flag. This also removes the possibility that this could be confused for the old,
664         buggy command that this patch rips out.
665
666 2017-03-25  Yusuke Suzuki  <utatane.tea@gmail.com>
667
668         [JSC] Move platformThreadSignal to WTF
669         https://bugs.webkit.org/show_bug.cgi?id=170097
670
671         Reviewed by Mark Lam.
672
673         It is a small clean up towards https://bugs.webkit.org/show_bug.cgi?id=170027.
674         platformThreadSignal uses PlatformThread in JSC, but it can be implemented in
675         WTF ThreadIdentifier.
676
677         * runtime/JSLock.cpp:
678         (JSC::JSLock::lock):
679         * runtime/JSLock.h:
680         (JSC::JSLock::ownerThread):
681         (JSC::JSLock::currentThreadIsHoldingLock):
682         * runtime/PlatformThread.h:
683         (JSC::platformThreadSignal): Deleted.
684         * runtime/VM.h:
685         (JSC::VM::ownerThread):
686         * runtime/VMTraps.cpp:
687         (JSC::VMTraps::SignalSender::send):
688
689 2017-03-28  JF Bastien  <jfbastien@apple.com>
690
691         WebAssembly: implement Module imports/exports
692         https://bugs.webkit.org/show_bug.cgi?id=166982
693
694         Reviewed by Saam Barati.
695
696         As defined in: https://github.com/WebAssembly/design/commit/18cbacb90cd3584dd5c9aa3d392e4e55f66af6ab
697
698         * wasm/WasmFormat.h:
699         (JSC::Wasm::makeString): use uppercase instead, it was only used
700         for diagnostic but is now used for the expected JS property's
701         capitalization
702         * wasm/js/WebAssemblyModulePrototype.cpp:
703         (JSC::webAssemblyModuleProtoImports):
704         (JSC::webAssemblyModuleProtoExports):
705
706 2017-03-27  JF Bastien  <jfbastien@apple.com>
707
708         WebAssembly: JSWebAssemblyCodeBlock.h belongs in JavaScriptCore/wasm/js not JavaScriptCore/wasm
709         https://bugs.webkit.org/show_bug.cgi?id=170160
710
711         Reviewed by Mark Lam.
712
713         * JavaScriptCore.xcodeproj/project.pbxproj:
714         * wasm/js/JSWebAssemblyCodeBlock.h: Renamed from Source/JavaScriptCore/wasm/JSWebAssemblyCodeBlock.h.
715
716 2017-03-27  JF Bastien  <jfbastien@apple.com>
717
718         WebAssembly: misc memory testing
719         https://bugs.webkit.org/show_bug.cgi?id=170137
720
721         Reviewed by Keith Miller.
722
723         * wasm/js/WebAssemblyInstanceConstructor.cpp:
724         (JSC::WebAssemblyInstanceConstructor::createInstance): improve error messages
725
726 2017-03-27  Michael Saboff  <msaboff@apple.com>
727
728         Add ARM64 system instructions to disassembler
729         https://bugs.webkit.org/show_bug.cgi?id=170084
730
731         Reviewed by Saam Barati.
732
733         This changes adds support for MRS and MSR instructions, and refactors the DMB
734         disassembly to handle all of the barrier instructions.
735
736         * disassembler/ARM64/A64DOpcode.cpp:
737         (JSC::ARM64Disassembler::A64DOpcodeMSRImmediate::format):
738         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::format):
739         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::format):
740         (JSC::ARM64Disassembler::A64DOpcodeDmb::format): Deleted.
741         * disassembler/ARM64/A64DOpcode.h:
742         (JSC::ARM64Disassembler::A64DOpcodeSystem::lBit):
743         (JSC::ARM64Disassembler::A64DOpcodeSystem::op0):
744         (JSC::ARM64Disassembler::A64DOpcodeSystem::op1):
745         (JSC::ARM64Disassembler::A64DOpcodeSystem::crN):
746         (JSC::ARM64Disassembler::A64DOpcodeSystem::crM):
747         (JSC::ARM64Disassembler::A64DOpcodeSystem::op2):
748         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::opName):
749         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::systemRegister):
750         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::opName):
751         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::option):
752         (JSC::ARM64Disassembler::A64DOpcodeDmb::opName): Deleted.
753         (JSC::ARM64Disassembler::A64DOpcodeDmb::option): Deleted.
754         (JSC::ARM64Disassembler::A64DOpcodeDmb::crM): Deleted.
755
756 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
757
758         B3::fixSSA should do liveness pruning
759         https://bugs.webkit.org/show_bug.cgi?id=170111
760
761         Reviewed by Saam Barati.
762         
763         This moves all of the logic of Air::Liveness<> to WTF::Liveness<> and then uses that to
764         create B3::VariableLiveness. Then this uses VariableLiveness::LiveAtHead to prune Phi
765         construction.
766         
767         This makes B3::fixSSA run twice as fast. This is a 13% progression on WasmBench compile
768         times.
769
770         * CMakeLists.txt:
771         * JavaScriptCore.xcodeproj/project.pbxproj:
772         * b3/B3BasicBlock.h:
773         (JSC::B3::BasicBlock::get):
774         * b3/B3FixSSA.cpp:
775         (JSC::B3::fixSSA):
776         * b3/B3VariableLiveness.cpp: Added.
777         (JSC::B3::VariableLiveness::VariableLiveness):
778         (JSC::B3::VariableLiveness::~VariableLiveness):
779         * b3/B3VariableLiveness.h: Added.
780         (JSC::B3::VariableLivenessAdapter::VariableLivenessAdapter):
781         (JSC::B3::VariableLivenessAdapter::numIndices):
782         (JSC::B3::VariableLivenessAdapter::valueToIndex):
783         (JSC::B3::VariableLivenessAdapter::indexToValue):
784         (JSC::B3::VariableLivenessAdapter::blockSize):
785         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse):
786         (JSC::B3::VariableLivenessAdapter::forEachLateUse):
787         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef):
788         (JSC::B3::VariableLivenessAdapter::forEachLateDef):
789         * b3/air/AirCFG.h: Added.
790         (JSC::B3::Air::CFG::CFG):
791         (JSC::B3::Air::CFG::root):
792         (JSC::B3::Air::CFG::newMap):
793         (JSC::B3::Air::CFG::successors):
794         (JSC::B3::Air::CFG::predecessors):
795         (JSC::B3::Air::CFG::index):
796         (JSC::B3::Air::CFG::node):
797         (JSC::B3::Air::CFG::numNodes):
798         (JSC::B3::Air::CFG::dump):
799         * b3/air/AirCode.cpp:
800         (JSC::B3::Air::Code::Code):
801         * b3/air/AirCode.h:
802         (JSC::B3::Air::Code::cfg):
803         * b3/air/AirLiveness.h:
804         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
805         (JSC::B3::Air::LivenessAdapter::blockSize):
806         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse):
807         (JSC::B3::Air::LivenessAdapter::forEachLateUse):
808         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef):
809         (JSC::B3::Air::LivenessAdapter::forEachLateDef):
810         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
811         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
812         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
813         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
814         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
815         (JSC::B3::Air::Liveness::Liveness):
816         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc): Deleted.
817         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable): Deleted.
818         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator): Deleted.
819         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++): Deleted.
820         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*): Deleted.
821         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==): Deleted.
822         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=): Deleted.
823         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin): Deleted.
824         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end): Deleted.
825         (JSC::B3::Air::Liveness::LocalCalc::Iterable::contains): Deleted.
826         (JSC::B3::Air::Liveness::LocalCalc::live): Deleted.
827         (JSC::B3::Air::Liveness::LocalCalc::isLive): Deleted.
828         (JSC::B3::Air::Liveness::LocalCalc::execute): Deleted.
829         (JSC::B3::Air::Liveness::rawLiveAtHead): Deleted.
830         (JSC::B3::Air::Liveness::Iterable::Iterable): Deleted.
831         (JSC::B3::Air::Liveness::Iterable::iterator::iterator): Deleted.
832         (JSC::B3::Air::Liveness::Iterable::iterator::operator*): Deleted.
833         (JSC::B3::Air::Liveness::Iterable::iterator::operator++): Deleted.
834         (JSC::B3::Air::Liveness::Iterable::iterator::operator==): Deleted.
835         (JSC::B3::Air::Liveness::Iterable::iterator::operator!=): Deleted.
836         (JSC::B3::Air::Liveness::Iterable::begin): Deleted.
837         (JSC::B3::Air::Liveness::Iterable::end): Deleted.
838         (JSC::B3::Air::Liveness::Iterable::contains): Deleted.
839         (JSC::B3::Air::Liveness::liveAtHead): Deleted.
840         (JSC::B3::Air::Liveness::liveAtTail): Deleted.
841         (JSC::B3::Air::Liveness::workset): Deleted.
842
843 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
844
845         Air::Liveness shouldn't need HashSets
846         https://bugs.webkit.org/show_bug.cgi?id=170102
847
848         Reviewed by Yusuke Suzuki.
849         
850         This converts Air::Liveness<> to no longer use HashSets or BitVectors. This turns out to be
851         easy because it's cheap enough to do a sorted merge of the things being added to liveAtHead and
852         the things in the predecessors' liveAtTail. This turns out to be faster - it's a 2% overall
853         compile time progression on WasmBench.
854         
855         * b3/B3LowerToAir.cpp:
856         (JSC::B3::Air::LowerToAir::lower): Add a FIXME unrelated to this patch.
857         * b3/air/AirLiveness.h:
858         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
859         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc):
860         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead):
861         (JSC::B3::Air::AbstractLiveness::liveAtHead):
862         (JSC::B3::Air::AbstractLiveness::liveAtTail):
863         * b3/air/AirTmp.h:
864         (JSC::B3::Air::Tmp::bank):
865         (JSC::B3::Air::Tmp::tmpIndex):
866         * dfg/DFGStoreBarrierClusteringPhase.cpp:
867
868 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
869
870         Air should use RegisterSet for RegLiveness
871         https://bugs.webkit.org/show_bug.cgi?id=170108
872
873         Reviewed by Yusuke Suzuki.
874         
875         The biggest change here is the introduction of the new RegLiveness class. This is a
876         drop-in replacement for the old RegLiveness, which was a specialization of
877         AbstractLiveness<>, but it's about 30% faster. It gets its speed boost from just using
878         sets everywhere, which is efficient for registers since RegisterSet is just two (on
879         x86-64) or three 32-bit (on ARM64) statically allocated words. This looks like a 1%
880         compile time progression on WasmBench.
881
882         * CMakeLists.txt:
883         * JavaScriptCore.xcodeproj/project.pbxproj:
884         * b3/B3TimingScope.cpp: Records phase timing totals.
885         (JSC::B3::TimingScope::TimingScope):
886         (JSC::B3::TimingScope::~TimingScope):
887         * b3/B3TimingScope.h:
888         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
889         (JSC::B3::Air::allocateRegistersByGraphColoring):
890         * b3/air/AirLiveness.h: Move code around and rename a bit to make it more like RegLiveness; in particular we want the `iterator` to be called `iterator` not `Iterator`, and we want it to be internal to its iterable. Also rename this template to Liveness, to match the header filename.
891         (JSC::B3::Air::Liveness::Liveness):
892         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
893         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable):
894         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator):
895         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++):
896         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*):
897         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==):
898         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=):
899         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin):
900         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end):
901         (JSC::B3::Air::Liveness::Iterable::Iterable):
902         (JSC::B3::Air::Liveness::Iterable::iterator::iterator):
903         (JSC::B3::Air::RegLivenessAdapter::RegLivenessAdapter): Deleted.
904         (JSC::B3::Air::RegLivenessAdapter::numIndices): Deleted.
905         (JSC::B3::Air::RegLivenessAdapter::acceptsBank): Deleted.
906         (JSC::B3::Air::RegLivenessAdapter::acceptsRole): Deleted.
907         (JSC::B3::Air::RegLivenessAdapter::valueToIndex): Deleted.
908         (JSC::B3::Air::RegLivenessAdapter::indexToValue): Deleted.
909         (JSC::B3::Air::AbstractLiveness::AbstractLiveness): Deleted.
910         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc): Deleted.
911         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::Iterator): Deleted.
912         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator++): Deleted.
913         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator*): Deleted.
914         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator==): Deleted.
915         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator!=): Deleted.
916         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::Iterable): Deleted.
917         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::begin): Deleted.
918         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::end): Deleted.
919         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::contains): Deleted.
920         (JSC::B3::Air::AbstractLiveness::LocalCalc::live): Deleted.
921         (JSC::B3::Air::AbstractLiveness::LocalCalc::isLive): Deleted.
922         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute): Deleted.
923         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead): Deleted.
924         (JSC::B3::Air::AbstractLiveness::Iterable::Iterable): Deleted.
925         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::iterator): Deleted.
926         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator*): Deleted.
927         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator++): Deleted.
928         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator==): Deleted.
929         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator!=): Deleted.
930         (JSC::B3::Air::AbstractLiveness::Iterable::begin): Deleted.
931         (JSC::B3::Air::AbstractLiveness::Iterable::end): Deleted.
932         (JSC::B3::Air::AbstractLiveness::Iterable::contains): Deleted.
933         (JSC::B3::Air::AbstractLiveness::liveAtHead): Deleted.
934         (JSC::B3::Air::AbstractLiveness::liveAtTail): Deleted.
935         (JSC::B3::Air::AbstractLiveness::workset): Deleted.
936         * b3/air/AirLogRegisterPressure.cpp:
937         * b3/air/AirLowerAfterRegAlloc.cpp:
938         * b3/air/AirRegLiveness.cpp: Added.
939         (JSC::B3::Air::RegLiveness::RegLiveness):
940         (JSC::B3::Air::RegLiveness::~RegLiveness):
941         (JSC::B3::Air::RegLiveness::LocalCalc::execute):
942         * b3/air/AirRegLiveness.h: Added.
943         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
944         (JSC::B3::Air::RegLiveness::LocalCalc::live):
945         (JSC::B3::Air::RegLiveness::LocalCalc::isLive):
946         (JSC::B3::Air::RegLiveness::liveAtHead):
947         (JSC::B3::Air::RegLiveness::liveAtTail):
948         * b3/air/AirReportUsedRegisters.cpp:
949         * jit/RegisterSet.h:
950         (JSC::RegisterSet::add):
951         (JSC::RegisterSet::remove):
952         (JSC::RegisterSet::contains):
953         (JSC::RegisterSet::subsumes):
954         (JSC::RegisterSet::iterator::iterator):
955         (JSC::RegisterSet::iterator::operator*):
956         (JSC::RegisterSet::iterator::operator++):
957         (JSC::RegisterSet::iterator::operator==):
958         (JSC::RegisterSet::iterator::operator!=):
959         (JSC::RegisterSet::begin):
960         (JSC::RegisterSet::end):
961
962 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
963
964         Fix wasm by returning after we do TLS.
965
966         Rubber stamped by Keith Miller.
967
968         * jit/AssemblyHelpers.h:
969         (JSC::AssemblyHelpers::storeWasmContext):
970
971 2017-03-24  Mark Lam  <mark.lam@apple.com>
972
973         Add some instrumentation in Heap::resumeThePeriphery() to help debug an issue.
974         https://bugs.webkit.org/show_bug.cgi?id=170086
975         <rdar://problem/31253673>
976
977         Reviewed by Saam Barati.
978
979         Adding some instrumentation in Heap::resumeThePeriphery() to dump some Heap state
980         just before we RELEASE_ASSERT_NOT_REACHED.
981
982         * heap/Heap.cpp:
983         (JSC::Heap::resumeThePeriphery):
984
985 2017-03-24  JF Bastien  <jfbastien@apple.com>
986
987         WebAssembly: store state in TLS instead of on VM
988         https://bugs.webkit.org/show_bug.cgi?id=169611
989
990         Reviewed by Filip Pizlo.
991
992         Using thread-local storage instead of VM makes code more position
993         independent. We used to store the WebAssembly top Instance (the
994         latest one in the call stack) on VM, now we instead store it in
995         TLS. This top Instance is used to access a bunch of state such as
996         Memory location, size, table (for call_indirect), etc.
997
998         Instead of calling it "top", which is confusing, we now just call
999         it WasmContext.
1000
1001         Making the code PIC means future patches will be able to
1002         postMessage and structured clone into IDB without having to
1003         recompile the code. This wasn't possible before because we
1004         hard-coded the address of VM at compilation time. That doesn't
1005         work between workers, and doesn't work across reloads (which IDB
1006         is intended to do).
1007
1008         It'll also potentially make code faster once we start tuning
1009         what's in TLS, what's in which of the 4 free slots, and what's in
1010         pinned registers. I'm leaving this tuning for later because
1011         there's lower lying fruit for us to pick.
1012
1013         * CMakeLists.txt:
1014         * JavaScriptCore.xcodeproj/project.pbxproj:
1015         * assembler/AbstractMacroAssembler.h:
1016         * assembler/AllowMacroScratchRegisterUsageIf.h: Copied from assembler/AllowMacroScratchRegisterUsage.h.
1017         (JSC::AllowMacroScratchRegisterUsageIf::AllowMacroScratchRegisterUsageIf):
1018         (JSC::AllowMacroScratchRegisterUsageIf::~AllowMacroScratchRegisterUsageIf):
1019         * assembler/MacroAssembler.h:
1020         (JSC::MacroAssembler::storeToTLSPtr): we previously didn't have
1021         the code required to store to TLS, only to load
1022         * assembler/MacroAssemblerARM64.h:
1023         (JSC::MacroAssemblerARM64::loadFromTLSPtrNeedsMacroScratchRegister):
1024         (JSC::MacroAssemblerARM64::storeToTLS32):
1025         (JSC::MacroAssemblerARM64::storeToTLS64):
1026         (JSC::MacroAssemblerARM64::storeToTLSPtrNeedsMacroScratchRegister):
1027         * assembler/MacroAssemblerX86Common.h:
1028         (JSC::MacroAssemblerX86Common::loadFromTLSPtrNeedsMacroScratchRegister):
1029         (JSC::MacroAssemblerX86Common::storeToTLS32):
1030         (JSC::MacroAssemblerX86Common::storeToTLSPtrNeedsMacroScratchRegister):
1031         * assembler/MacroAssemblerX86_64.h:
1032         (JSC::MacroAssemblerX86_64::loadFromTLS64): was loading 32-bit instead of 64-bit
1033         (JSC::MacroAssemblerX86_64::storeToTLS64):
1034         * assembler/X86Assembler.h:
1035         (JSC::X86Assembler::movl_rm):
1036         (JSC::X86Assembler::movq_rm):
1037         * b3/testb3.cpp:
1038         (JSC::B3::testFastTLSLoad):
1039         (JSC::B3::testFastTLSStore):
1040         (JSC::B3::run):
1041         * jit/AssemblyHelpers.h:
1042         (JSC::AssemblyHelpers::loadWasmContext):
1043         (JSC::AssemblyHelpers::storeWasmContext):
1044         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
1045         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
1046         * jit/Repatch.cpp:
1047         (JSC::webAssemblyOwner):
1048         * jit/ThunkGenerators.cpp:
1049         (JSC::throwExceptionFromWasmThunkGenerator):
1050         * runtime/Options.h:
1051         * runtime/VM.cpp:
1052         (JSC::VM::VM):
1053         * runtime/VM.h:
1054         * wasm/WasmB3IRGenerator.cpp:
1055         (JSC::Wasm::loadWasmContext):
1056         (JSC::Wasm::storeWasmContext):
1057         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1058         (JSC::Wasm::getMemoryBaseAndSize):
1059         (JSC::Wasm::restoreWebAssemblyGlobalState):
1060         (JSC::Wasm::createJSToWasmWrapper):
1061         (JSC::Wasm::parseAndCompile):
1062         * wasm/WasmBinding.cpp:
1063         (JSC::Wasm::materializeImportJSCell):
1064         (JSC::Wasm::wasmToJs):
1065         (JSC::Wasm::wasmToWasm):
1066         * wasm/WasmContext.cpp: Added.
1067         (JSC::loadWasmContext):
1068         (JSC::storeWasmContext):
1069         * wasm/WasmContext.h: Added. Replaces "top" JSWebAssemblyInstance.
1070         * wasm/js/WebAssemblyFunction.cpp:
1071         (JSC::callWebAssemblyFunction):
1072         * wasm/js/WebAssemblyInstanceConstructor.h:
1073
1074 2017-03-24  JF Bastien  <jfbastien@apple.com>
1075
1076         WebAssembly: spec-tests/memory.wast.js fails in debug
1077         https://bugs.webkit.org/show_bug.cgi?id=169794
1078
1079         Reviewed by Keith Miller.
1080
1081         The failure was due to empty memories (with maximum size 0). Those
1082         only occur in tests and in code that's trying to trip us. This
1083         patch adds memory mode "none" which represents no memory. It can
1084         work with either bounds checked or signaling code because it never
1085         contains loads and stores.
1086
1087         The spec tests which were failing did the following:
1088             > (module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
1089             > (assert_return (invoke "memsize") (i32.const 0))
1090             > (module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
1091             > (assert_return (invoke "memsize") (i32.const 0))
1092             > (module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
1093             > (assert_return (invoke "memsize") (i32.const 1))
1094
1095         * wasm/WasmB3IRGenerator.cpp:
1096         (JSC::Wasm::B3IRGenerator::memoryKind):
1097         * wasm/WasmMemory.cpp:
1098         (JSC::Wasm::tryGetFastMemory):
1099         (JSC::Wasm::releaseFastMemory):
1100         (JSC::Wasm::Memory::Memory):
1101         (JSC::Wasm::Memory::createImpl):
1102         (JSC::Wasm::Memory::create):
1103         (JSC::Wasm::Memory::grow):
1104         (JSC::Wasm::Memory::makeString):
1105         * wasm/WasmMemory.h:
1106         * wasm/WasmMemoryInformation.cpp:
1107         (JSC::Wasm::MemoryInformation::MemoryInformation):
1108         * wasm/js/JSWebAssemblyCodeBlock.cpp:
1109         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1110         * wasm/js/JSWebAssemblyModule.cpp:
1111         (JSC::JSWebAssemblyModule::codeBlock):
1112         (JSC::JSWebAssemblyModule::finishCreation):
1113         * wasm/js/JSWebAssemblyModule.h:
1114         (JSC::JSWebAssemblyModule::codeBlock):
1115         (JSC::JSWebAssemblyModule::codeBlockFor):
1116
1117 2017-03-24  Mark Lam  <mark.lam@apple.com>
1118
1119         Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
1120         https://bugs.webkit.org/show_bug.cgi?id=170064
1121         <rdar://problem/31246098>
1122
1123         Reviewed by Geoffrey Garen.
1124
1125         * runtime/ArrayPrototype.cpp:
1126         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1127         * runtime/JSArray.cpp:
1128         (JSC::JSArray::fastSlice):
1129
1130 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
1131
1132         [JSC] Use jsNontrivialString agressively for ToString(Int52)
1133         https://bugs.webkit.org/show_bug.cgi?id=170002
1134
1135         Reviewed by Sam Weinig.
1136
1137         We use the same logic used for Int32 to use jsNontvirialString.
1138         After single character check, produced string is always longer than 1.
1139         Thus, we can use jsNontrivialString.
1140
1141         * runtime/NumberPrototype.cpp:
1142         (JSC::int52ToString):
1143
1144 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
1145
1146         [JSC] Use WeakRandom for SamplingProfiler interval fluctuation
1147         https://bugs.webkit.org/show_bug.cgi?id=170045
1148
1149         Reviewed by Mark Lam.
1150
1151         It is unnecessary to use cryptographicallyRandomNumber for SamplingProfiler
1152         interval fluctuation. Use WeakRandom instead.
1153
1154         * runtime/SamplingProfiler.cpp:
1155         (JSC::SamplingProfiler::SamplingProfiler):
1156         (JSC::SamplingProfiler::timerLoop):
1157         * runtime/SamplingProfiler.h:
1158
1159 2017-03-23  Mark Lam  <mark.lam@apple.com>
1160
1161         Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
1162         https://bugs.webkit.org/show_bug.cgi?id=170025
1163         <rdar://problem/31228679>
1164
1165         Reviewed by Saam Barati.
1166
1167         * runtime/ArrayPrototype.cpp:
1168         (JSC::copySplicedArrayElements):
1169         (JSC::arrayProtoFuncSplice):
1170
1171 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
1172
1173         [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
1174         https://bugs.webkit.org/show_bug.cgi?id=169998
1175
1176         Reviewed by Saam Barati.
1177
1178         Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
1179         We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
1180         We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.
1181
1182         This patch tighten the conditions of addShouldSpeculateAnyInt.
1183
1184         1. Honor DoubleConstant.
1185
1186         When executing imaging-darkroom, we have a thing like that,
1187
1188             132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
1189             1320:< 1:loc38>        Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
1190             1321:< 1:loc39>        Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
1191             133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)
1192
1193         The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
1194         of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
1195         While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
1196         severe performance regression.
1197
1198         Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.
1199
1200         One thing can be found that we have DoubleConstant in the RHS. It means that we have `1.0` instead of `1` in the code.
1201         We can see the code like `lhs - 1.0` instead of `lhs - 1` in imaging-darkroom. It offers good information that lhs and
1202         the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
1203         it in Int52.
1204
1205         So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
1206         Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.
1207
1208         2. Two Int52Rep(Double) conversions are not desirable.
1209
1210         We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
1211         decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
1212         rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
1213         cheap since only one Double to Int52 conversion could be required.
1214         This recovers some regression in assorted tests while keeping kraken crypto improvements.
1215
1216         3. Avoid frequent Int52 to JSValue conversions.
1217
1218         Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
1219         Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
1220         converting Int52, performing ArithAdd, and soon converting back to JSValue.
1221
1222         The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
1223         And still it keeps kraken crypto improvements.
1224
1225                                                    baseline                  patched
1226
1227         imaging-darkroom                       201.112+-3.192      ^     189.532+-2.883         ^ definitely 1.0611x faster
1228         stanford-crypto-pbkdf2                 103.953+-2.325            100.926+-2.396           might be 1.0300x faster
1229         stanford-crypto-sha256-iterative        35.103+-1.071      ?      36.049+-1.143         ? might be 1.0270x slower
1230
1231         * dfg/DFGGraph.h:
1232         (JSC::DFG::Graph::addShouldSpeculateAnyInt):
1233
1234 == Rolled over to ChangeLog-2017-03-23 ==