c4c7ac6a837d125d9024cb5c75e6bab8ef4d32ec
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-26  Oliver Hunt  <oliver@apple.com>
2
3         Function.prototype.apply has a bad time with the spread operator
4         https://bugs.webkit.org/show_bug.cgi?id=129381
5
6         Reviewed by Mark Hahnenberg.
7
8         Make sure our apply logic handle the spread operator correctly.
9         To do this we simply emit the enumeration logic that we'd normally
10         use for other enumerations, but only store the first two results
11         to registers.  Then perform a varargs call.
12
13         * bytecompiler/NodesCodegen.cpp:
14         (JSC::ApplyFunctionCallDotNode::emitBytecode):
15
16 2014-02-26  Mark Lam  <mark.lam@apple.com>
17
18         Compilation policy management belongs in operationOptimize(), not the DFG Driver.
19         <https://webkit.org/b/129355>
20
21         Reviewed by Filip Pizlo.
22
23         By compilation policy, I mean the rules for determining whether to
24         compile, when to compile, when to attempt compilation again, etc.  The
25         few of these policy decisions that were previously being made in the
26         DFG driver are now moved to operationOptimize() where we keep the rest
27         of the policy logic.  Decisions that are based on the capabilities
28         supported by the DFG are moved to DFG capabiliityLevel().
29
30         I've run the following benchmarks:
31         1. the collection of jsc benchmarks on the jsc executable vs. its
32            baseline.
33         2. Octane 2.0 in browser without the WebInspector.
34         3. Octane 2.0 in browser with the WebInspector open and a breakpoint
35            set somewhere where it won't break.
36
37         In all of these, the results came out to be a wash as expected.
38
39         * dfg/DFGCapabilities.cpp:
40         (JSC::DFG::isSupported):
41         (JSC::DFG::mightCompileEval):
42         (JSC::DFG::mightCompileProgram):
43         (JSC::DFG::mightCompileFunctionForCall):
44         (JSC::DFG::mightCompileFunctionForConstruct):
45         (JSC::DFG::mightInlineFunctionForCall):
46         (JSC::DFG::mightInlineFunctionForClosureCall):
47         (JSC::DFG::mightInlineFunctionForConstruct):
48         * dfg/DFGCapabilities.h:
49         * dfg/DFGDriver.cpp:
50         (JSC::DFG::compileImpl):
51         * jit/JITOperations.cpp:
52
53 2014-02-26  Michael Saboff  <msaboff@apple.com>
54
55         Auto generate bytecode information for bytecode parser and LLInt
56         https://bugs.webkit.org/show_bug.cgi?id=129181
57
58         Reviewed by Mark Lam.
59
60         Added new bytecode/BytecodeList.json that contains a list of bytecodes and related
61         helpers.  It also includes bytecode length and other information used to generate files.
62         Added a new generator, generate-bytecode-files that generates Bytecodes.h and InitBytecodes.asm
63         in DerivedSources/JavaScriptCore/.
64
65         Added the generation of these files to the "DerivedSource" build step.
66         Slighty changed the build order, since the Bytecodes.h file is needed by
67         JSCLLIntOffsetsExtractor.  Moved the offline assembly to a separate step since it needs
68         to be run after JSCLLIntOffsetsExtractor.
69
70         Made related changes to OPCODE macros and their use.
71
72         * CMakeLists.txt:
73         * DerivedSources.make:
74         * GNUmakefile.am:
75         * GNUmakefile.list.am:
76         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
77         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
78         * JavaScriptCore.vcxproj/copy-files.cmd:
79         * JavaScriptCore.xcodeproj/project.pbxproj:
80         * bytecode/BytecodeList.json: Added.
81         * bytecode/Opcode.h:
82         (JSC::padOpcodeName):
83         * generate-bytecode-files: Added.
84         * llint/LLIntCLoop.cpp:
85         (JSC::LLInt::CLoop::initialize):
86         * llint/LLIntCLoop.h:
87         * llint/LLIntData.cpp:
88         (JSC::LLInt::initialize):
89         * llint/LLIntOpcode.h:
90         * llint/LowLevelInterpreter.asm:
91
92 2014-02-26  Mark Lam  <mark.lam@apple.com>
93
94         ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() in inspector-protocol/*.
95         <https://webkit.org/b/129364>
96
97         Reviewed by Alexey Proskuryakov.
98
99         InjectedScriptModule::ensureInjected() needs an APIEntryShim.
100
101         * inspector/InjectedScriptModule.cpp:
102         (Inspector::InjectedScriptModule::ensureInjected):
103         - Added the needed but missing APIEntryShim. 
104
105 2014-02-25  Mark Lam  <mark.lam@apple.com>
106
107         Web Inspector: CRASH when evaluating in console of JSContext RWI with disabled breakpoints.
108         <https://webkit.org/b/128766>
109
110         Reviewed by Geoffrey Garen.
111
112         Make the JSLock::grabAllLocks() work the same way as for the C loop LLINT.
113         The reasoning is that we don't know of any clients that need unordered
114         re-entry into the VM from different threads. So, we're enforcing ordered
115         re-entry i.e. we must re-grab locks in the reverse order of dropping locks.
116
117         The crash in this bug happened because we were allowing unordered re-entry,
118         and the following type of scenario occurred:
119
120         1. Thread T1 locks the VM, and enters the VM to execute some JS code.
121         2. On entry, T1 detects that VM::m_entryScope is null i.e. this is the
122            first time it entered the VM.
123            T1 sets VM::m_entryScope to T1's entryScope.
124         3. T1 drops all locks.
125
126         4. Thread T2 locks the VM, and enters the VM to execute some JS code.
127            On entry, T2 sees that VM::m_entryScope is NOT null, and therefore
128            does not set the entryScope.
129         5. T2 drops all locks.
130
131         6. T1 re-grabs locks.
132         7. T1 returns all the way out of JS code. On exit from the outer most
133            JS function, T1 clears VM::m_entryScope (because T1 was the one who
134            set it).
135         8. T1 unlocks the VM.
136
137         9. T2 re-grabs locks.
138         10. T2 proceeds to execute some code and expects VM::m_entryScope to be
139             NOT null, but it turns out to be null. Assertion failures and
140             crashes ensue.
141
142         With ordered re-entry, at step 6, T1 will loop and yield until T2 exits
143         the VM. Hence, the issue will no longer manifest.
144
145         * runtime/JSLock.cpp:
146         (JSC::JSLock::dropAllLocks):
147         (JSC::JSLock::grabAllLocks):
148         * runtime/JSLock.h:
149         (JSC::JSLock::DropAllLocks::dropDepth):
150
151 2014-02-25  Mark Lam  <mark.lam@apple.com>
152
153         Need to initialize VM stack data even when the VM is on an exclusive thread.
154         <https://webkit.org/b/129265>
155
156         Not reviewed.
157
158         Relanding r164627 now that <https://webkit.org/b/129341> is fixed.
159
160         * API/APIShims.h:
161         (JSC::APIEntryShim::APIEntryShim):
162         (JSC::APICallbackShim::shouldDropAllLocks):
163         * heap/MachineStackMarker.cpp:
164         (JSC::MachineThreads::addCurrentThread):
165         * runtime/JSLock.cpp:
166         (JSC::JSLockHolder::JSLockHolder):
167         (JSC::JSLockHolder::init):
168         (JSC::JSLockHolder::~JSLockHolder):
169         (JSC::JSLock::JSLock):
170         (JSC::JSLock::setExclusiveThread):
171         (JSC::JSLock::lock):
172         (JSC::JSLock::unlock):
173         (JSC::JSLock::currentThreadIsHoldingLock):
174         (JSC::JSLock::dropAllLocks):
175         (JSC::JSLock::grabAllLocks):
176         * runtime/JSLock.h:
177         (JSC::JSLock::hasExclusiveThread):
178         (JSC::JSLock::exclusiveThread):
179         * runtime/VM.cpp:
180         (JSC::VM::VM):
181         * runtime/VM.h:
182         (JSC::VM::hasExclusiveThread):
183         (JSC::VM::exclusiveThread):
184         (JSC::VM::setExclusiveThread):
185         (JSC::VM::currentThreadIsHoldingAPILock):
186
187 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
188
189         Inline caching in the FTL on ARM64 should "work"
190         https://bugs.webkit.org/show_bug.cgi?id=129334
191
192         Reviewed by Mark Hahnenberg.
193         
194         Gets us to the point where simple tests that use inline caching are passing.
195
196         * assembler/LinkBuffer.cpp:
197         (JSC::LinkBuffer::copyCompactAndLinkCode):
198         (JSC::LinkBuffer::shrink):
199         * ftl/FTLInlineCacheSize.cpp:
200         (JSC::FTL::sizeOfGetById):
201         (JSC::FTL::sizeOfPutById):
202         (JSC::FTL::sizeOfCall):
203         * ftl/FTLOSRExitCompiler.cpp:
204         (JSC::FTL::compileFTLOSRExit):
205         * ftl/FTLThunks.cpp:
206         (JSC::FTL::osrExitGenerationThunkGenerator):
207         * jit/GPRInfo.h:
208         * offlineasm/arm64.rb:
209
210 2014-02-25  Commit Queue  <commit-queue@webkit.org>
211
212         Unreviewed, rolling out r164627.
213         http://trac.webkit.org/changeset/164627
214         https://bugs.webkit.org/show_bug.cgi?id=129325
215
216         Broke SubtleCrypto tests (Requested by ap on #webkit).
217
218         * API/APIShims.h:
219         (JSC::APIEntryShim::APIEntryShim):
220         (JSC::APICallbackShim::shouldDropAllLocks):
221         * heap/MachineStackMarker.cpp:
222         (JSC::MachineThreads::addCurrentThread):
223         * runtime/JSLock.cpp:
224         (JSC::JSLockHolder::JSLockHolder):
225         (JSC::JSLockHolder::init):
226         (JSC::JSLockHolder::~JSLockHolder):
227         (JSC::JSLock::JSLock):
228         (JSC::JSLock::lock):
229         (JSC::JSLock::unlock):
230         (JSC::JSLock::currentThreadIsHoldingLock):
231         (JSC::JSLock::dropAllLocks):
232         (JSC::JSLock::grabAllLocks):
233         * runtime/JSLock.h:
234         * runtime/VM.cpp:
235         (JSC::VM::VM):
236         * runtime/VM.h:
237         (JSC::VM::currentThreadIsHoldingAPILock):
238
239 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
240
241         ARM64 rshift64 should be an arithmetic shift
242         https://bugs.webkit.org/show_bug.cgi?id=129323
243
244         Reviewed by Mark Hahnenberg.
245
246         * assembler/MacroAssemblerARM64.h:
247         (JSC::MacroAssemblerARM64::rshift64):
248
249 2014-02-25  Sergio Villar Senin  <svillar@igalia.com>
250
251         [CSS Grid Layout] Add ENABLE flag
252         https://bugs.webkit.org/show_bug.cgi?id=129153
253
254         Reviewed by Simon Fraser.
255
256         * Configurations/FeatureDefines.xcconfig: added ENABLE_CSS_GRID_LAYOUT feature flag.
257
258 2014-02-25  Michael Saboff  <msaboff@apple.com>
259
260         JIT Engines use the wrong stack limit for stack checks
261         https://bugs.webkit.org/show_bug.cgi?id=129314
262
263         Reviewed by Filip Pizlo.
264
265         Change the Baseline and DFG code to use VM::m_stackLimit for stack limit checks.
266
267         * dfg/DFGJITCompiler.cpp:
268         (JSC::DFG::JITCompiler::compileFunction):
269         * jit/JIT.cpp:
270         (JSC::JIT::privateCompile):
271         * jit/JITCall.cpp:
272         (JSC::JIT::compileLoadVarargs):
273         * jit/JITCall32_64.cpp:
274         (JSC::JIT::compileLoadVarargs):
275         * runtime/VM.h:
276         (JSC::VM::addressOfStackLimit):
277
278 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
279
280         Unreviewed, roll out http://trac.webkit.org/changeset/164493.
281         
282         It causes crashes, apparently because it's removing too many barriers. I will investigate
283         later.
284
285         * bytecode/SpeculatedType.cpp:
286         (JSC::speculationToAbbreviatedString):
287         * bytecode/SpeculatedType.h:
288         * dfg/DFGFixupPhase.cpp:
289         (JSC::DFG::FixupPhase::fixupNode):
290         (JSC::DFG::FixupPhase::insertStoreBarrier):
291         * dfg/DFGNode.h:
292         * ftl/FTLCapabilities.cpp:
293         (JSC::FTL::canCompile):
294         * ftl/FTLLowerDFGToLLVM.cpp:
295         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
296         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
297         (JSC::FTL::LowerDFGToLLVM::isNotNully):
298         (JSC::FTL::LowerDFGToLLVM::isNully):
299         (JSC::FTL::LowerDFGToLLVM::speculate):
300         (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
301         (JSC::FTL::LowerDFGToLLVM::speculateNotCell):
302
303 2014-02-24  Oliver Hunt  <oliver@apple.com>
304
305         Fix build.
306
307         * jit/CCallHelpers.h:
308         (JSC::CCallHelpers::setupArgumentsWithExecState):
309
310 2014-02-24  Oliver Hunt  <oliver@apple.com>
311
312         Spread operator has a bad time when applied to call function
313         https://bugs.webkit.org/show_bug.cgi?id=128853
314
315         Reviewed by Geoffrey Garen.
316
317         Follow on from the previous patch the added an extra slot to
318         op_call_varargs (and _call, _call_eval, _construct).  We now
319         use the slot as an offset to in effect act as a 'slice' on
320         the spread subject.  This allows us to automatically retain
321         all our existing argument and array optimisatons.  Most of
322         this patch is simply threading the offset around.
323
324         * bytecode/CodeBlock.cpp:
325         (JSC::CodeBlock::dumpBytecode):
326         * bytecompiler/BytecodeGenerator.cpp:
327         (JSC::BytecodeGenerator::emitCall):
328         (JSC::BytecodeGenerator::emitCallVarargs):
329         * bytecompiler/BytecodeGenerator.h:
330         * bytecompiler/NodesCodegen.cpp:
331         (JSC::getArgumentByVal):
332         (JSC::CallFunctionCallDotNode::emitBytecode):
333         (JSC::ApplyFunctionCallDotNode::emitBytecode):
334         * interpreter/Interpreter.cpp:
335         (JSC::sizeFrameForVarargs):
336         (JSC::loadVarargs):
337         * interpreter/Interpreter.h:
338         * jit/CCallHelpers.h:
339         (JSC::CCallHelpers::setupArgumentsWithExecState):
340         * jit/JIT.h:
341         * jit/JITCall.cpp:
342         (JSC::JIT::compileLoadVarargs):
343         * jit/JITInlines.h:
344         (JSC::JIT::callOperation):
345         * jit/JITOperations.cpp:
346         * jit/JITOperations.h:
347         * llint/LLIntSlowPaths.cpp:
348         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
349         * runtime/Arguments.cpp:
350         (JSC::Arguments::copyToArguments):
351         * runtime/Arguments.h:
352         * runtime/JSArray.cpp:
353         (JSC::JSArray::copyToArguments):
354         * runtime/JSArray.h:
355
356 2014-02-24  Mark Lam  <mark.lam@apple.com>
357
358         Need to initialize VM stack data even when the VM is on an exclusive thread.
359         <https://webkit.org/b/129265>
360
361         Reviewed by Geoffrey Garen.
362
363         We check VM::exclusiveThread as an optimization to forego the need to do
364         JSLock locking. However, we recently started piggy backing on JSLock's
365         lock() and unlock() to initialize VM stack data (stackPointerAtVMEntry
366         and lastStackTop) to appropriate values for the current thread. This is
367         needed because we may be acquiring the lock to enter the VM on a different
368         thread.
369
370         As a result, we ended up not initializing the VM stack data when
371         VM::exclusiveThread causes us to bypass the locking activity. Even though
372         the VM::exclusiveThread will not have to deal with the VM being entered
373         on a different thread, it still needs to initialize the VM stack data.
374         The VM relies on that data being initialized properly once it has been
375         entered.
376
377         With this fix, we push the check for exclusiveThread down into the JSLock,
378         and handle the bypassing of unneeded locking activity there while still
379         executing the necessary the VM stack data initialization.
380
381         * API/APIShims.h:
382         (JSC::APIEntryShim::APIEntryShim):
383         (JSC::APICallbackShim::shouldDropAllLocks):
384         * heap/MachineStackMarker.cpp:
385         (JSC::MachineThreads::addCurrentThread):
386         * runtime/JSLock.cpp:
387         (JSC::JSLockHolder::JSLockHolder):
388         (JSC::JSLockHolder::init):
389         (JSC::JSLockHolder::~JSLockHolder):
390         (JSC::JSLock::JSLock):
391         (JSC::JSLock::setExclusiveThread):
392         (JSC::JSLock::lock):
393         (JSLock::unlock):
394         (JSLock::currentThreadIsHoldingLock):
395         (JSLock::dropAllLocks):
396         (JSLock::grabAllLocks):
397         * runtime/JSLock.h:
398         (JSC::JSLock::exclusiveThread):
399         * runtime/VM.cpp:
400         (JSC::VM::VM):
401         * runtime/VM.h:
402         (JSC::VM::exclusiveThread):
403         (JSC::VM::setExclusiveThread):
404         (JSC::VM::currentThreadIsHoldingAPILock):
405
406 2014-02-24  Filip Pizlo  <fpizlo@apple.com>
407
408         FTL should do polymorphic PutById inlining
409         https://bugs.webkit.org/show_bug.cgi?id=129210
410
411         Reviewed by Mark Hahnenberg and Oliver Hunt.
412         
413         This makes PutByIdStatus inform us about polymorphic cases by returning an array of
414         PutByIdVariants. The DFG now has a node called MultiPutByOffset that indicates a
415         selection of multiple inlined PutByIdVariants.
416         
417         MultiPutByOffset is almost identical to MultiGetByOffset, which we added in
418         http://trac.webkit.org/changeset/164207.
419         
420         This also does some FTL refactoring to make MultiPutByOffset share code with some nodes
421         that generate similar code.
422         
423         1% speed-up on V8v7 due to splay improving by 6.8%. Splay does the thing where it
424         sometimes swaps field insertion order, creating fake polymorphism.
425
426         * CMakeLists.txt:
427         * GNUmakefile.list.am:
428         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
429         * JavaScriptCore.xcodeproj/project.pbxproj:
430         * bytecode/PutByIdStatus.cpp:
431         (JSC::PutByIdStatus::computeFromLLInt):
432         (JSC::PutByIdStatus::computeFor):
433         (JSC::PutByIdStatus::computeForStubInfo):
434         (JSC::PutByIdStatus::dump):
435         * bytecode/PutByIdStatus.h:
436         (JSC::PutByIdStatus::PutByIdStatus):
437         (JSC::PutByIdStatus::isSimple):
438         (JSC::PutByIdStatus::numVariants):
439         (JSC::PutByIdStatus::variants):
440         (JSC::PutByIdStatus::at):
441         (JSC::PutByIdStatus::operator[]):
442         * bytecode/PutByIdVariant.cpp: Added.
443         (JSC::PutByIdVariant::dump):
444         (JSC::PutByIdVariant::dumpInContext):
445         * bytecode/PutByIdVariant.h: Added.
446         (JSC::PutByIdVariant::PutByIdVariant):
447         (JSC::PutByIdVariant::replace):
448         (JSC::PutByIdVariant::transition):
449         (JSC::PutByIdVariant::kind):
450         (JSC::PutByIdVariant::isSet):
451         (JSC::PutByIdVariant::operator!):
452         (JSC::PutByIdVariant::structure):
453         (JSC::PutByIdVariant::oldStructure):
454         (JSC::PutByIdVariant::newStructure):
455         (JSC::PutByIdVariant::structureChain):
456         (JSC::PutByIdVariant::offset):
457         * dfg/DFGAbstractInterpreterInlines.h:
458         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
459         * dfg/DFGByteCodeParser.cpp:
460         (JSC::DFG::ByteCodeParser::emitPrototypeChecks):
461         (JSC::DFG::ByteCodeParser::handleGetById):
462         (JSC::DFG::ByteCodeParser::emitPutById):
463         (JSC::DFG::ByteCodeParser::handlePutById):
464         (JSC::DFG::ByteCodeParser::parseBlock):
465         * dfg/DFGCSEPhase.cpp:
466         (JSC::DFG::CSEPhase::checkStructureElimination):
467         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
468         (JSC::DFG::CSEPhase::putStructureStoreElimination):
469         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
470         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
471         * dfg/DFGClobberize.h:
472         (JSC::DFG::clobberize):
473         * dfg/DFGConstantFoldingPhase.cpp:
474         (JSC::DFG::ConstantFoldingPhase::foldConstants):
475         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
476         * dfg/DFGFixupPhase.cpp:
477         (JSC::DFG::FixupPhase::fixupNode):
478         * dfg/DFGGraph.cpp:
479         (JSC::DFG::Graph::dump):
480         * dfg/DFGGraph.h:
481         * dfg/DFGNode.cpp:
482         (JSC::DFG::MultiPutByOffsetData::writesStructures):
483         (JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
484         * dfg/DFGNode.h:
485         (JSC::DFG::Node::convertToPutByOffset):
486         (JSC::DFG::Node::hasMultiPutByOffsetData):
487         (JSC::DFG::Node::multiPutByOffsetData):
488         * dfg/DFGNodeType.h:
489         * dfg/DFGPredictionPropagationPhase.cpp:
490         (JSC::DFG::PredictionPropagationPhase::propagate):
491         * dfg/DFGSafeToExecute.h:
492         (JSC::DFG::safeToExecute):
493         * dfg/DFGSpeculativeJIT32_64.cpp:
494         (JSC::DFG::SpeculativeJIT::compile):
495         * dfg/DFGSpeculativeJIT64.cpp:
496         (JSC::DFG::SpeculativeJIT::compile):
497         * dfg/DFGTypeCheckHoistingPhase.cpp:
498         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
499         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
500         * ftl/FTLCapabilities.cpp:
501         (JSC::FTL::canCompile):
502         * ftl/FTLLowerDFGToLLVM.cpp:
503         (JSC::FTL::LowerDFGToLLVM::compileNode):
504         (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
505         (JSC::FTL::LowerDFGToLLVM::compileAllocatePropertyStorage):
506         (JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
507         (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
508         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
509         (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
510         (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
511         (JSC::FTL::LowerDFGToLLVM::loadProperty):
512         (JSC::FTL::LowerDFGToLLVM::storeProperty):
513         (JSC::FTL::LowerDFGToLLVM::addressOfProperty):
514         (JSC::FTL::LowerDFGToLLVM::storageForTransition):
515         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
516         (JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
517         (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
518         * tests/stress/fold-multi-put-by-offset-to-put-by-offset.js: Added.
519         * tests/stress/multi-put-by-offset-reallocation-butterfly-cse.js: Added.
520         * tests/stress/multi-put-by-offset-reallocation-cases.js: Added.
521
522 2014-02-24  peavo@outlook.com  <peavo@outlook.com>
523
524         JSC regressions after r164494
525         https://bugs.webkit.org/show_bug.cgi?id=129272
526
527         Reviewed by Mark Lam.
528
529         * offlineasm/x86.rb: Only avoid reverse opcode (fdivr) for Windows.
530
531 2014-02-24  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
532
533         Code cleanup: remove leftover ENABLE(WORKERS) macros and support.
534         https://bugs.webkit.org/show_bug.cgi?id=129255
535
536         Reviewed by Csaba Osztrogon√°c.
537
538         ENABLE_WORKERS macro was removed in r159679.
539         Support is now also removed from xcconfig files.
540
541         * Configurations/FeatureDefines.xcconfig:
542
543 2014-02-24  David Kilzer  <ddkilzer@apple.com>
544
545         Remove redundant setting in FeatureDefines.xcconfig
546
547         * Configurations/FeatureDefines.xcconfig:
548
549 2014-02-23  Sam Weinig  <sam@webkit.org>
550
551         Update FeatureDefines.xcconfig
552
553         Rubber-stamped by Anders Carlsson.
554
555         * Configurations/FeatureDefines.xcconfig:
556
557 2014-02-23  Dean Jackson  <dino@apple.com>
558
559         Sort the project file with sort-Xcode-project-file.
560
561         Rubber-stamped by Sam Weinig.
562
563         * JavaScriptCore.xcodeproj/project.pbxproj:
564
565 2014-02-23  Sam Weinig  <sam@webkit.org>
566
567         Move telephone number detection behind its own ENABLE macro
568         https://bugs.webkit.org/show_bug.cgi?id=129236
569
570         Reviewed by Dean Jackson.
571
572         * Configurations/FeatureDefines.xcconfig:
573         Add ENABLE_TELEPHONE_NUMBER_DETECTION.
574
575 2014-02-22  Filip Pizlo  <fpizlo@apple.com>
576
577         Refine DFG+FTL inlining and compilation limits
578         https://bugs.webkit.org/show_bug.cgi?id=129212
579
580         Reviewed by Mark Hahnenberg.
581         
582         Allow larger functions to be DFG-compiled. Institute a limit on FTL compilation,
583         and set that limit quite high. Institute a limit on inlining-into. The idea here is
584         that large functions tend to be autogenerated, and code generators like emscripten
585         appear to leave few inlining opportunities anyway. Also, we don't want the code
586         size explosion that we would risk if we allowed compilation of a large function and
587         then inlined a ton of stuff into it.
588         
589         This is a 0.5% speed-up on Octane v2 and almost eliminates the typescript
590         regression. This is a 9% speed-up on AsmBench.
591
592         * bytecode/CodeBlock.cpp:
593         (JSC::CodeBlock::noticeIncomingCall):
594         * dfg/DFGByteCodeParser.cpp:
595         (JSC::DFG::ByteCodeParser::handleInlining):
596         * dfg/DFGCapabilities.h:
597         (JSC::DFG::isSmallEnoughToInlineCodeInto):
598         * ftl/FTLCapabilities.cpp:
599         (JSC::FTL::canCompile):
600         * ftl/FTLState.h:
601         (JSC::FTL::shouldShowDisassembly):
602         * runtime/Options.h:
603
604 2014-02-22  Dan Bernstein  <mitz@apple.com>
605
606         REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
607         https://bugs.webkit.org/show_bug.cgi?id=129227
608
609         Reviewed by Eric Carlson.
610
611         Reverted r164507.
612
613         * API/JSBase.cpp:
614         (JSEvaluateScript):
615         (JSCheckScriptSyntax):
616         * API/JSObjectRef.cpp:
617         (JSObjectMakeFunction):
618         (JSObjectMakeArray):
619         (JSObjectMakeDate):
620         (JSObjectMakeError):
621         (JSObjectMakeRegExp):
622         (JSObjectGetProperty):
623         (JSObjectSetProperty):
624         (JSObjectGetPropertyAtIndex):
625         (JSObjectSetPropertyAtIndex):
626         (JSObjectDeleteProperty):
627         (JSObjectCallAsFunction):
628         (JSObjectCallAsConstructor):
629         * API/JSValue.mm:
630         (valueToArray):
631         (valueToDictionary):
632         * API/JSValueRef.cpp:
633         (JSValueIsEqual):
634         (JSValueIsInstanceOfConstructor):
635         (JSValueCreateJSONString):
636         (JSValueToNumber):
637         (JSValueToStringCopy):
638         (JSValueToObject):
639         * inspector/ConsoleMessage.cpp:
640         (Inspector::ConsoleMessage::ConsoleMessage):
641         (Inspector::ConsoleMessage::autogenerateMetadata):
642         * inspector/ConsoleMessage.h:
643         * inspector/JSGlobalObjectInspectorController.cpp:
644         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
645         * inspector/JSGlobalObjectInspectorController.h:
646         * inspector/ScriptCallStack.cpp:
647         * inspector/ScriptCallStack.h:
648         * inspector/ScriptCallStackFactory.cpp:
649         (Inspector::createScriptCallStack):
650         (Inspector::createScriptCallStackForConsole):
651         (Inspector::createScriptCallStackFromException):
652         * inspector/ScriptCallStackFactory.h:
653         * inspector/agents/InspectorConsoleAgent.cpp:
654         (Inspector::InspectorConsoleAgent::enable):
655         (Inspector::InspectorConsoleAgent::addMessageToConsole):
656         (Inspector::InspectorConsoleAgent::count):
657         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
658         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
659
660 2014-02-22  Joseph Pecoraro  <pecoraro@apple.com>
661
662         Remove some unreachable code (-Wunreachable-code)
663         https://bugs.webkit.org/show_bug.cgi?id=129220
664
665         Reviewed by Eric Carlson.
666
667         * API/tests/testapi.c:
668         (EvilExceptionObject_convertToType):
669         * disassembler/udis86/udis86_decode.c:
670         (decode_operand):
671
672 2014-02-22  Filip Pizlo  <fpizlo@apple.com>
673
674         Unreviewed, ARMv7 build fix.
675
676         * assembler/ARMv7Assembler.h:
677
678 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
679
680         It should be possible for a LinkBuffer to outlive the MacroAssembler and still be useful
681         https://bugs.webkit.org/show_bug.cgi?id=124733
682
683         Reviewed by Oliver Hunt.
684         
685         This also takes the opportunity to de-duplicate some branch compaction code.
686
687         * assembler/ARM64Assembler.h:
688         * assembler/ARMv7Assembler.h:
689         (JSC::ARMv7Assembler::buffer):
690         * assembler/AssemblerBuffer.h:
691         (JSC::AssemblerData::AssemblerData):
692         (JSC::AssemblerBuffer::AssemblerBuffer):
693         (JSC::AssemblerBuffer::storage):
694         (JSC::AssemblerBuffer::grow):
695         * assembler/LinkBuffer.h:
696         (JSC::LinkBuffer::LinkBuffer):
697         (JSC::LinkBuffer::executableOffsetFor):
698         (JSC::LinkBuffer::applyOffset):
699         * assembler/MacroAssemblerARM64.h:
700         (JSC::MacroAssemblerARM64::link):
701         * assembler/MacroAssemblerARMv7.h:
702
703 2014-02-21  Brent Fulgham  <bfulgham@apple.com>
704
705         Extend media support for WebVTT sources
706         https://bugs.webkit.org/show_bug.cgi?id=129156
707
708         Reviewed by Eric Carlson.
709
710         * Configurations/FeatureDefines.xcconfig: Add new feature define for AVF_CAPTIONS
711
712 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
713
714         Web Inspector: JSContext inspection should report exceptions in the console
715         https://bugs.webkit.org/show_bug.cgi?id=128776
716
717         Reviewed by Timothy Hatcher.
718
719         When JavaScript API functions have an exception, let the inspector
720         know so it can log the JavaScript and Native backtrace that caused
721         the exception.
722
723         Include some clean up of ConsoleMessage and ScriptCallStack construction.
724
725         * API/JSBase.cpp:
726         (JSEvaluateScript):
727         (JSCheckScriptSyntax):
728         * API/JSObjectRef.cpp:
729         (JSObjectMakeFunction):
730         (JSObjectMakeArray):
731         (JSObjectMakeDate):
732         (JSObjectMakeError):
733         (JSObjectMakeRegExp):
734         (JSObjectGetProperty):
735         (JSObjectSetProperty):
736         (JSObjectGetPropertyAtIndex):
737         (JSObjectSetPropertyAtIndex):
738         (JSObjectDeleteProperty):
739         (JSObjectCallAsFunction):
740         (JSObjectCallAsConstructor):
741         * API/JSValue.mm:
742         (reportExceptionToInspector):
743         (valueToArray):
744         (valueToDictionary):
745         * API/JSValueRef.cpp:
746         (JSValueIsEqual):
747         (JSValueIsInstanceOfConstructor):
748         (JSValueCreateJSONString):
749         (JSValueToNumber):
750         (JSValueToStringCopy):
751         (JSValueToObject):
752         When seeing an exception, let the inspector know there was an exception.
753
754         * inspector/JSGlobalObjectInspectorController.h:
755         * inspector/JSGlobalObjectInspectorController.cpp:
756         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
757         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
758         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
759         Log API exceptions by also grabbing the native backtrace.
760
761         * inspector/ScriptCallStack.h:
762         * inspector/ScriptCallStack.cpp:
763         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
764         (Inspector::ScriptCallStack::append):
765         Minor extensions to ScriptCallStack to make it easier to work with.
766
767         * inspector/ConsoleMessage.cpp:
768         (Inspector::ConsoleMessage::ConsoleMessage):
769         (Inspector::ConsoleMessage::autogenerateMetadata):
770         Provide better default information if the first call frame was native.
771
772         * inspector/ScriptCallStackFactory.cpp:
773         (Inspector::createScriptCallStack):
774         (Inspector::extractSourceInformationFromException):
775         (Inspector::createScriptCallStackFromException):
776         Perform the handling here of inserting a fake call frame for exceptions
777         if there was no call stack (e.g. a SyntaxError) or if the first call
778         frame had no information.
779
780         * inspector/ConsoleMessage.cpp:
781         (Inspector::ConsoleMessage::ConsoleMessage):
782         (Inspector::ConsoleMessage::autogenerateMetadata):
783         * inspector/ConsoleMessage.h:
784         * inspector/ScriptCallStackFactory.cpp:
785         (Inspector::createScriptCallStack):
786         (Inspector::createScriptCallStackForConsole):
787         * inspector/ScriptCallStackFactory.h:
788         * inspector/agents/InspectorConsoleAgent.cpp:
789         (Inspector::InspectorConsoleAgent::enable):
790         (Inspector::InspectorConsoleAgent::addMessageToConsole):
791         (Inspector::InspectorConsoleAgent::count):
792         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
793         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
794         ConsoleMessage cleanup.
795
796 2014-02-21  Oliver Hunt  <oliver@apple.com>
797
798         Add extra space to op_call and related opcodes
799         https://bugs.webkit.org/show_bug.cgi?id=129170
800
801         Reviewed by Mark Lam.
802
803         No change in behaviour, just some refactoring to add an extra
804         slot to the op_call instructions, and refactoring to make similar
805         changes easier in future.
806
807         * bytecode/CodeBlock.cpp:
808         (JSC::CodeBlock::printCallOp):
809         * bytecode/Opcode.h:
810         (JSC::padOpcodeName):
811         * bytecompiler/BytecodeGenerator.cpp:
812         (JSC::BytecodeGenerator::emitCall):
813         (JSC::BytecodeGenerator::emitCallVarargs):
814         (JSC::BytecodeGenerator::emitConstruct):
815         * dfg/DFGByteCodeParser.cpp:
816         (JSC::DFG::ByteCodeParser::handleIntrinsic):
817         * jit/JITCall.cpp:
818         (JSC::JIT::compileOpCall):
819         * jit/JITCall32_64.cpp:
820         (JSC::JIT::compileOpCall):
821         * llint/LowLevelInterpreter.asm:
822         * llint/LowLevelInterpreter32_64.asm:
823         * llint/LowLevelInterpreter64.asm:
824
825 2014-02-21  Mark Lam  <mark.lam@apple.com>
826
827         gatherFromOtherThread() needs to align the sp before gathering roots.
828         <https://webkit.org/b/129169>
829
830         Reviewed by Geoffrey Garen.
831
832         The GC scans the stacks of other threads using MachineThreads::gatherFromOtherThread().
833         gatherFromOtherThread() defines the range of the other thread's stack as
834         being bounded by the other thread's stack pointer and stack base. While
835         the stack base will always be aligned to sizeof(void*), the stack pointer
836         may not be. This is because the other thread may have just pushed a 32-bit
837         value on its stack before we suspended it for scanning.
838
839         The fix is to round the stack pointer up to the next aligned address of
840         sizeof(void*) and start scanning from there. On 64-bit systems, we will
841         effectively ignore the 32-bit word at the bottom of the stack (top of the
842         stack for stacks growing up) because it cannot be a 64-bit pointer anyway.
843         64-bit pointers should always be stored on 64-bit aligned boundaries (our
844         conservative scan algorithm already depends on this assumption).
845
846         On 32-bit systems, the rounding is effectively a no-op.
847
848         * heap/ConservativeRoots.cpp:
849         (JSC::ConservativeRoots::genericAddSpan):
850         - Hardened somne assertions so that we can catch misalignment issues on
851           release builds as well.
852         * heap/MachineStackMarker.cpp:
853         (JSC::MachineThreads::gatherFromOtherThread):
854
855 2014-02-21  Matthew Mirman  <mmirman@apple.com>
856
857         Added a GetMyArgumentsLengthSafe and added a speculation check.
858         https://bugs.webkit.org/show_bug.cgi?id=129051
859
860         Reviewed by Filip Pizlo.
861
862         * ftl/FTLLowerDFGToLLVM.cpp:
863         (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
864
865 2014-02-21  peavo@outlook.com  <peavo@outlook.com>
866
867         [Win][LLINT] Many JSC stress test failures.
868         https://bugs.webkit.org/show_bug.cgi?id=129155
869
870         Reviewed by Michael Saboff.
871
872         Intel syntax has reversed operand order compared to AT&T syntax, so we need to swap the operand order, in this case on floating point operations.
873         Also avoid using the reverse opcode (e.g. fdivr), as this puts the result at the wrong position in the floating point stack.
874         E.g. "divd ft0, ft1" would translate to fdivr st, st(1) (Intel syntax) on Windows, but this puts the result in st, when it should be in st(1).
875
876         * offlineasm/x86.rb: Swap operand order on Windows.
877
878 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
879
880         DFG write barriers should do more speculations
881         https://bugs.webkit.org/show_bug.cgi?id=129160
882
883         Reviewed by Mark Hahnenberg.
884         
885         Replace ConditionalStoreBarrier with the cheapest speculation that you could do
886         instead.
887         
888         Miniscule speed-up on some things. It's a decent difference in code size, though.
889
890         * bytecode/SpeculatedType.cpp:
891         (JSC::speculationToAbbreviatedString):
892         * bytecode/SpeculatedType.h:
893         (JSC::isNotCellSpeculation):
894         * dfg/DFGFixupPhase.cpp:
895         (JSC::DFG::FixupPhase::fixupNode):
896         (JSC::DFG::FixupPhase::insertStoreBarrier):
897         (JSC::DFG::FixupPhase::insertPhantomCheck):
898         * dfg/DFGNode.h:
899         (JSC::DFG::Node::shouldSpeculateOther):
900         (JSC::DFG::Node::shouldSpeculateNotCell):
901         * ftl/FTLCapabilities.cpp:
902         (JSC::FTL::canCompile):
903         * ftl/FTLLowerDFGToLLVM.cpp:
904         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
905         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
906         (JSC::FTL::LowerDFGToLLVM::isNotOther):
907         (JSC::FTL::LowerDFGToLLVM::isOther):
908         (JSC::FTL::LowerDFGToLLVM::speculate):
909         (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
910         (JSC::FTL::LowerDFGToLLVM::speculateOther):
911         (JSC::FTL::LowerDFGToLLVM::speculateNotCell):
912
913 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
914
915         Revert r164486, causing a number of test failures.
916
917         Unreviewed rollout.
918
919 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
920
921         Revive SABI (aka shouldAlwaysBeInlined)
922         https://bugs.webkit.org/show_bug.cgi?id=129159
923
924         Reviewed by Mark Hahnenberg.
925         
926         This is a small Octane speed-up.
927
928         * jit/Repatch.cpp:
929         (JSC::linkFor): This code was assuming that if it's invoked then the caller is a DFG code block. That's wrong, since it's now used by all of the JITs.
930
931 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
932
933         Web Inspector: JSContext inspection should report exceptions in the console
934         https://bugs.webkit.org/show_bug.cgi?id=128776
935
936         Reviewed by Timothy Hatcher.
937
938         When JavaScript API functions have an exception, let the inspector
939         know so it can log the JavaScript and Native backtrace that caused
940         the exception.
941
942         Include some clean up of ConsoleMessage and ScriptCallStack construction.
943
944         * API/JSBase.cpp:
945         (JSEvaluateScript):
946         (JSCheckScriptSyntax):
947         * API/JSObjectRef.cpp:
948         (JSObjectMakeFunction):
949         (JSObjectMakeArray):
950         (JSObjectMakeDate):
951         (JSObjectMakeError):
952         (JSObjectMakeRegExp):
953         (JSObjectGetProperty):
954         (JSObjectSetProperty):
955         (JSObjectGetPropertyAtIndex):
956         (JSObjectSetPropertyAtIndex):
957         (JSObjectDeleteProperty):
958         (JSObjectCallAsFunction):
959         (JSObjectCallAsConstructor):
960         * API/JSValue.mm:
961         (reportExceptionToInspector):
962         (valueToArray):
963         (valueToDictionary):
964         * API/JSValueRef.cpp:
965         (JSValueIsEqual):
966         (JSValueIsInstanceOfConstructor):
967         (JSValueCreateJSONString):
968         (JSValueToNumber):
969         (JSValueToStringCopy):
970         (JSValueToObject):
971         When seeing an exception, let the inspector know there was an exception.
972
973         * inspector/JSGlobalObjectInspectorController.h:
974         * inspector/JSGlobalObjectInspectorController.cpp:
975         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
976         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
977         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
978         Log API exceptions by also grabbing the native backtrace.
979
980         * inspector/ScriptCallStack.h:
981         * inspector/ScriptCallStack.cpp:
982         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
983         (Inspector::ScriptCallStack::append):
984         Minor extensions to ScriptCallStack to make it easier to work with.
985
986         * inspector/ConsoleMessage.cpp:
987         (Inspector::ConsoleMessage::ConsoleMessage):
988         (Inspector::ConsoleMessage::autogenerateMetadata):
989         Provide better default information if the first call frame was native.
990
991         * inspector/ScriptCallStackFactory.cpp:
992         (Inspector::createScriptCallStack):
993         (Inspector::extractSourceInformationFromException):
994         (Inspector::createScriptCallStackFromException):
995         Perform the handling here of inserting a fake call frame for exceptions
996         if there was no call stack (e.g. a SyntaxError) or if the first call
997         frame had no information.
998
999         * inspector/ConsoleMessage.cpp:
1000         (Inspector::ConsoleMessage::ConsoleMessage):
1001         (Inspector::ConsoleMessage::autogenerateMetadata):
1002         * inspector/ConsoleMessage.h:
1003         * inspector/ScriptCallStackFactory.cpp:
1004         (Inspector::createScriptCallStack):
1005         (Inspector::createScriptCallStackForConsole):
1006         * inspector/ScriptCallStackFactory.h:
1007         * inspector/agents/InspectorConsoleAgent.cpp:
1008         (Inspector::InspectorConsoleAgent::enable):
1009         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1010         (Inspector::InspectorConsoleAgent::count):
1011         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1012         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1013         ConsoleMessage cleanup.
1014
1015 2014-02-20  Anders Carlsson  <andersca@apple.com>
1016
1017         Modernize JSGlobalLock and JSLockHolder
1018         https://bugs.webkit.org/show_bug.cgi?id=129105
1019
1020         Reviewed by Michael Saboff.
1021
1022         Use std::mutex and std::thread::id where possible.
1023
1024         * runtime/JSLock.cpp:
1025         (JSC::GlobalJSLock::GlobalJSLock):
1026         (JSC::GlobalJSLock::~GlobalJSLock):
1027         (JSC::GlobalJSLock::initialize):
1028         (JSC::JSLock::JSLock):
1029         (JSC::JSLock::lock):
1030         (JSC::JSLock::unlock):
1031         (JSC::JSLock::currentThreadIsHoldingLock):
1032         * runtime/JSLock.h:
1033
1034 2014-02-20  Mark Lam  <mark.lam@apple.com>
1035
1036         virtualForWithFunction() should not throw an exception with a partially initialized frame.
1037         <https://webkit.org/b/129134>
1038
1039         Reviewed by Michael Saboff.
1040
1041         Currently, when JITOperations.cpp's virtualForWithFunction() fails to
1042         prepare the callee function for execution, it proceeds to throw the
1043         exception using the callee frame which is only partially initialized
1044         thus far. Instead, it should be throwing the exception using the caller
1045         frame because:
1046         1. the error happened "in" the caller while preparing the callee for
1047            execution i.e. the caller frame is the top fully initialized frame
1048            on the stack.
1049         2. the callee frame is not fully initialized yet, and the unwind
1050            mechanism cannot depend on the data in it.
1051
1052         * jit/JITOperations.cpp:
1053
1054 2014-02-20  Mark Lam  <mark.lam@apple.com>
1055
1056         DefaultGCActivityCallback::doWork() should reschedule if GC is deferred.
1057         <https://webkit.org/b/129131>
1058
1059         Reviewed by Mark Hahnenberg.
1060
1061         Currently, DefaultGCActivityCallback::doWork() does not check if the GC
1062         needs to be deferred before commencing. As a result, the GC may crash
1063         and/or corrupt data because the VM is not in the consistent state needed
1064         for the GC to run. With this fix, doWork() now checks if the GC is
1065         supposed to be deferred and re-schedules if needed. It only commences
1066         with GC'ing when it's safe to do so.
1067
1068         * runtime/GCActivityCallback.cpp:
1069         (JSC::DefaultGCActivityCallback::doWork):
1070
1071 2014-02-20  Geoffrey Garen  <ggaren@apple.com>
1072
1073         Math.imul gives wrong results
1074         https://bugs.webkit.org/show_bug.cgi?id=126345
1075
1076         Reviewed by Mark Hahnenberg.
1077
1078         Don't truncate non-int doubles to 0 -- that's just not how ToInt32 works.
1079         Instead, take a slow path that will do the right thing.
1080
1081         * jit/ThunkGenerators.cpp:
1082         (JSC::imulThunkGenerator):
1083
1084 2014-02-20  Filip Pizlo  <fpizlo@apple.com>
1085
1086         DFG should do its own static estimates of execution frequency before it starts creating OSR entrypoints
1087         https://bugs.webkit.org/show_bug.cgi?id=129129
1088
1089         Reviewed by Geoffrey Garen.
1090         
1091         We estimate execution counts based on loop depth, and then use those to estimate branch
1092         weights. These weights then get carried all the way down to LLVM prof branch_weights
1093         meta-data.
1094         
1095         This is better than letting LLVM do its own static estimates, since by the time we
1096         generate LLVM IR, we may have messed up the CFG due to OSR entrypoint creation. Of
1097         course, it would be even better if we just slurped in some kind of execution counts
1098         from profiling, but we don't do that, yet.
1099
1100         * CMakeLists.txt:
1101         * GNUmakefile.list.am:
1102         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1103         * JavaScriptCore.xcodeproj/project.pbxproj:
1104         * dfg/DFGBasicBlock.cpp:
1105         (JSC::DFG::BasicBlock::BasicBlock):
1106         * dfg/DFGBasicBlock.h:
1107         * dfg/DFGBlockInsertionSet.cpp:
1108         (JSC::DFG::BlockInsertionSet::insert):
1109         (JSC::DFG::BlockInsertionSet::insertBefore):
1110         * dfg/DFGBlockInsertionSet.h:
1111         * dfg/DFGByteCodeParser.cpp:
1112         (JSC::DFG::ByteCodeParser::handleInlining):
1113         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1114         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
1115         (JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
1116         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1117         (JSC::DFG::createPreHeader):
1118         * dfg/DFGNaturalLoops.h:
1119         (JSC::DFG::NaturalLoops::loopDepth):
1120         * dfg/DFGOSREntrypointCreationPhase.cpp:
1121         (JSC::DFG::OSREntrypointCreationPhase::run):
1122         * dfg/DFGPlan.cpp:
1123         (JSC::DFG::Plan::compileInThreadImpl):
1124         * dfg/DFGStaticExecutionCountEstimationPhase.cpp: Added.
1125         (JSC::DFG::StaticExecutionCountEstimationPhase::StaticExecutionCountEstimationPhase):
1126         (JSC::DFG::StaticExecutionCountEstimationPhase::run):
1127         (JSC::DFG::StaticExecutionCountEstimationPhase::applyCounts):
1128         (JSC::DFG::performStaticExecutionCountEstimation):
1129         * dfg/DFGStaticExecutionCountEstimationPhase.h: Added.
1130
1131 2014-02-20  Filip Pizlo  <fpizlo@apple.com>
1132
1133         FTL may not see a compact_unwind section if there weren't any stackmaps
1134         https://bugs.webkit.org/show_bug.cgi?id=129125
1135
1136         Reviewed by Geoffrey Garen.
1137         
1138         It's OK to not have an unwind section, so long as the function also doesn't have any
1139         OSR exits.
1140
1141         * ftl/FTLCompile.cpp:
1142         (JSC::FTL::fixFunctionBasedOnStackMaps):
1143         (JSC::FTL::compile):
1144         * ftl/FTLUnwindInfo.cpp:
1145         (JSC::FTL::UnwindInfo::parse):
1146         * ftl/FTLUnwindInfo.h:
1147
1148 == Rolled over to ChangeLog-2014-02-20 ==