[Cocoa] Variation fonts are erroneously disabled on iOS
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
2
3         [Cocoa] Variation fonts are erroneously disabled on iOS
4         https://bugs.webkit.org/show_bug.cgi?id=167172
5
6         Reviewed by Simon Fraser.
7
8         OpenSource builders don't seem to understand sdk=embedded*.
9
10         * Configurations/FeatureDefines.xcconfig:
11
12 2017-01-19  Skachkov Oleksandr  <gskachkov@gmail.com>
13
14         "this" missing after await in async arrow function
15         https://bugs.webkit.org/show_bug.cgi?id=166919
16
17         Reviewed by NOBODY Saam Barati.
18
19         This patch fixed issue in async arrow function. Issue appears because in arrow
20         function _this_ is loaded from arrow function virtual scope. 
21         Async arrow function can be suspended and when resuming should be used _this_ from 
22         virtual scope, to allow this we load _this_ from virtual scope before store it to 
23         generator.generatorThis property 
24
25         * bytecompiler/NodesCodegen.cpp:
26         (JSC::FunctionNode::emitBytecode):
27
28 2017-01-18  Yusuke Suzuki  <utatane.tea@gmail.com>
29
30         [B3] B3 strength reduction could encounter Value without owner in PureCSE
31         https://bugs.webkit.org/show_bug.cgi?id=167161
32
33         Reviewed by Filip Pizlo.
34
35         PureCSE relies on the fact that all the stored Values have owner member.
36         This assumption is broken when you execute specializeSelect in B3ReduceStrength phase.
37         It clears owner of Values which are in between Select and Check to clone them to then/else
38         blocks. If these cleared Values are already stored in PureCSE map, this map poses a Value
39         with nullptr owner in PureCSE.
40
41         This patch changes PureCSE to ignore stored Values tha have nullptr owner. This even means
42         that a client of PureCSE could deliberately null the owner if they wanted to signal the
43         Value should be ignored.
44
45         While PureCSE ignores chance for optimization if Value's owner is nullptr, in the current
46         strength reduction algorithm, this does not hurt optimization because CSE will be eventually
47         applied since the strength reduction phase want to reach fixed point. But even without
48         this iterations, our result itself is valid since PureCSE is allowed to be conservative.
49
50         * b3/B3PureCSE.cpp:
51         (JSC::B3::PureCSE::findMatch):
52         (JSC::B3::PureCSE::process):
53         * b3/testb3.cpp:
54         (JSC::B3::testCheckSelectAndCSE):
55         (JSC::B3::run):
56
57 2017-01-18  Filip Pizlo  <fpizlo@apple.com>
58
59         JSSegmentedVariableObject and its subclasses should have a sane destruction story
60         https://bugs.webkit.org/show_bug.cgi?id=167193
61
62         Reviewed by Saam Barati.
63         
64         Prior to this change, JSSegmentedVariableObjects' subclasses install finalizers that call
65         destroy. They did this in random ways, which sometimes resulted in
66         JSSegmentedVariableObject::~JSSegmentedVariableObject executing more than once (which worked
67         because of the way that ~SegmentedVector is written). Maybe this works now, but it's a disaster
68         waiting to happen.
69
70         Fortunately we can now just give those things their own Subspace and teach it its own protocol of
71         destruction. This change introduces JSSegmentedVariableObjectSubspace and stashes a m_classInfo
72         in JSSegmentedVariableObject. Now, subclasses of JSSegmentedVariableObject are destructible in
73         much the same way as JSDestructibleObject without having to be subclasses of
74         JSDestructibleObject.
75
76         * API/JSCallbackObject.cpp:
77         (JSC::JSCallbackObject<JSGlobalObject>::create):
78         * CMakeLists.txt:
79         * JavaScriptCore.xcodeproj/project.pbxproj:
80         * jsc.cpp:
81         (GlobalObject::create):
82         * runtime/JSGlobalLexicalEnvironment.h:
83         (JSC::JSGlobalLexicalEnvironment::create):
84         * runtime/JSGlobalObject.cpp:
85         (JSC::JSGlobalObject::create):
86         (JSC::JSGlobalObject::finishCreation):
87         * runtime/JSGlobalObject.h:
88         (JSC::JSGlobalObject::create): Deleted.
89         (JSC::JSGlobalObject::finishCreation): Deleted.
90         * runtime/JSSegmentedVariableObject.cpp:
91         (JSC::JSSegmentedVariableObject::destroy):
92         (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
93         (JSC::JSSegmentedVariableObject::~JSSegmentedVariableObject):
94         (JSC::JSSegmentedVariableObject::finishCreation):
95         * runtime/JSSegmentedVariableObject.h:
96         (JSC::JSSegmentedVariableObject::subspaceFor):
97         (JSC::JSSegmentedVariableObject::classInfo):
98         (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject): Deleted.
99         (JSC::JSSegmentedVariableObject::finishCreation): Deleted.
100         * runtime/JSSegmentedVariableObjectSubspace.cpp: Added.
101         (JSC::JSSegmentedVariableObjectSubspace::JSSegmentedVariableObjectSubspace):
102         (JSC::JSSegmentedVariableObjectSubspace::~JSSegmentedVariableObjectSubspace):
103         (JSC::JSSegmentedVariableObjectSubspace::finishSweep):
104         (JSC::JSSegmentedVariableObjectSubspace::destroy):
105         * runtime/JSSegmentedVariableObjectSubspace.h: Added.
106         * runtime/VM.cpp:
107         (JSC::VM::VM):
108         * runtime/VM.h:
109         * testRegExp.cpp:
110         (GlobalObject::create):
111
112 2017-01-18  Joseph Pecoraro  <pecoraro@apple.com>
113
114         Web Inspector: console.table only works for the first 5 properties
115         https://bugs.webkit.org/show_bug.cgi?id=167175
116
117         Reviewed by Timothy Hatcher.
118
119         * inspector/InjectedScriptSource.js:
120         (InjectedScript.prototype.wrapTable):
121         (InjectedScript.RemoteObject.createObjectPreviewForValue):
122         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
123         Pass through secondLevelKeys. Though the keys are themselves ignored, the
124         existence is a signal that we should send more than the first 5 properties.
125
126 2017-01-18  Antti Koivisto  <antti@apple.com>
127
128         Only delete source provider caches on full collection
129         https://bugs.webkit.org/show_bug.cgi?id=167173
130
131         Reviewed by Andreas Kling.
132
133         They are currently often wiped and recreated during page loading due to eden collections.
134
135         It is not clear that tying the lifetime of these caches to gc makes sense at all but this
136         should at least help some.
137
138         * heap/Heap.cpp:
139         (JSC::Heap::deleteSourceProviderCaches):
140
141 2017-01-18  Filip Pizlo  <fpizlo@apple.com>
142
143         JSObjectSetPrivate should not use jsCast<>
144         rdar://problem/30069096
145
146         Reviewed by Keith Miller.
147
148         * API/JSObjectRef.cpp:
149         (JSObjectSetPrivate):
150
151 2017-01-18  Brian Burg  <bburg@apple.com>
152
153         Web Inspector: remove an unnecessary include in generated Objective-C Inspector protocol code
154         https://bugs.webkit.org/show_bug.cgi?id=167156
155
156         Rubber-stamped by Geoffrey Garen.
157
158         * inspector/scripts/codegen/objc_generator_templates.py:
159         This include of config.h doesn't make sense when using the code generator
160         outside of JavaScriptCore/WebKit. It is not necessary either, so remove it.
161
162         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
163         * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
164         * inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
165         * inspector/scripts/tests/generic/expected/definitions-with-mac-platform.json-result:
166         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
167         * inspector/scripts/tests/generic/expected/enum-values.json-result:
168         * inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
169         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
170         * inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
171         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
172         * inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
173         * inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
174         * inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
175         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
176         * inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
177         * inspector/scripts/tests/ios/expected/definitions-with-mac-platform.json-result:
178         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
179         Rebaseline test results.
180
181 2017-01-18  Csaba Osztrogonác  <ossy@webkit.org>
182
183         Fix the JSCOnly build after r210844
184         https://bugs.webkit.org/show_bug.cgi?id=167155
185
186         Unreviewed buildfix.
187
188         * heap/EdenGCActivityCallback.cpp:
189
190 2017-01-16  Filip Pizlo  <fpizlo@apple.com>
191
192         Make opaque root scanning truly constraint-based
193         https://bugs.webkit.org/show_bug.cgi?id=165760
194
195         Reviewed by Geoffrey Garen.
196
197         We have bugs when visitChildren() changes its mind about what opaque root to add, since
198         we don't have barriers on opaque roots. This supposedly once worked for generational GC,
199         and I started adding more barriers to support concurrent GC. But I think that the real
200         bug here is that we want the JSObject->OpaqueRoot to be evaluated as a constraint that
201         participates in the fixpoint. I like to think of this as an *output* constraint, because it
202         is concerned with outgoing edges in the heap from the object that registered the constraint.
203         An *input* constraint is like what Weak<> does when deciding whether the thing it points to
204         should be live.
205
206         Whether or not an object has output constraints depends on its type. So, we want the GC to
207         have a feature where we rapidly call some function on all marked objects of some type.
208         
209         It's easy to rapidly scan all marked objects in a MarkedBlock. So, we want to allocate all
210         objects that have output constraints in their own MarkedBlocks and we want to track the set
211         of MarkedBlocks with output constraints.
212         
213         This patch makes it easy to have clients of JSC's internal C++ APIs create a Subspace - like
214         what we used to call MarkedSpace::Subspace but now it's in the JSC namespace - which is
215         a collection of objects that you can easily scan during GC from a MarkingConstraint. It's
216         now possible for internal C++ API clients to register their own MarkingConstraints. The DOM
217         now uses this to create two Subspaces (more on why two below) and it calls
218         JSCell::visitOutputConstraints() on all of the marked objects in those subspaces using a new
219         MarkingConstraint. That MarkingConstraint uses a new style of volatility, called
220         SeldomGreyed, which is like GreyedByExecution except it is opportunistically not executed
221         as roots in the hopes that their sole execution will be the snapshot-at-the-end. I also
222         converted the CodeBlock rescan constraint to SeldomGreyed, since that's also an output
223         constraint.
224         
225         This patch also uses Subspace for something pretty obvious: knowing how to call the
226         destructor. Subspaces can specialize the sweep for their way of invoking destructors. We
227         have the following subspaces:
228         
229         - auxiliary
230         - cell
231         - destructibleCell - for JSCell subclasses that have destructors and StructureIsImmortal
232         - stringSpace - inlines ~JSString into the sweep, making string allocation 7% faster
233         - destructibleObjectSpace - for JSDestructibleObject subclasses
234         
235         And WebCore adds:
236         
237         - outputConstraint - for JSDOMObjects that have a visitAdditionalChildren
238         - globalObjectOutputConstraint - for JSDOMGlobalObjects that have a visitAdditionalChildren,
239           since JSDOMGlobalObjects are not JSDestructibleObjects
240         
241         The Subspace for a type is selected by saying JSC::subspaceFor<Type>(vm). This calls
242         Type::subspaceFor<Type>(vm). This allows cell classes to override subspaceFor<> and it
243         allows any subspaceFor<> implementation to query static flags in the type. This is how
244         JSCell::subspaceFor<> can select either cellSpace or destructibleCellSpace.
245         
246         This patch is mostly about:
247         
248         - Moving MarkedSpace::Subspace out of MarkedSpace and making it a nice class with a nice
249           API. Almost all of its functionality is just taken out of MarkedSpace.
250         - Converting users of the old API for allocating objects and getting MarkedAllocators, like
251           heap.allocatorForObjectWithoutDestructor() and its friends. That would now say
252           vm.cellSpace.allocatorFor().
253         
254         Altogether, this means that we only have a small regression on Dromaeo. The regression is
255         due to the fact that we scan output constraints. Before the Subspace optimizations (see
256         r209766, which was rolled out in r209812), this regression on Dromaeo/jslib was 2x but after
257         the optimizations in this patch it's only 1.12x. Note that Dromaeo/jslib creats gigabytes of
258         DOM nodes. Compared to web pages, this is a very extreme synthetic microbenchmark. Still, we
259         like optimizing these because we don't want to presume what web pages will look like.
260         
261         The use of Subspaces to specialize destructors happened not because it's super necessary but
262         because I wanted to introduce a single unified way of communicating to the GC how to treat
263         different types. Any Subspace feature that allowed us to collect some types together would
264         have to be mindful of the destructorness of objects. I could have turned this into a
265         liability where each Subspace has two subsubspaces - one for destructor objects and one for
266         non-destructor objects, which would have allowed me to keep the old sweep specialization
267         code. Just days prior, mlam wanted to do something that was hard because of that old sweep
268         specializer, so I decided to take the opportunity to fix the sweep specializer while also
269         making Subspace be the one true way of teaching the GC about types. To validate that this
270         actually does things, I added a JSStringSubspace and a test that shows that this is a 7%
271         string allocation progression.
272         
273         In bug 167066, I'm getting rid of the rest of the code in JSC that would special-case for
274         JSDestructibleObject vs StructureIsImmortal by using the GC's DestructionMode. After that,
275         Subspace will be only mechanism by which JSC uses the GC to encode types.
276         
277         Prior to this change, having multiple MarkedSpace::Subspaces would have been expensive
278         because they create a bunch of MarkedAllocators upfront. We now have the ability to create
279         MarkedAllocators lazily. We create them on the first allocation from that size class or when
280         a JIT asks for the MarkedAllocator. The concurrent JITs can ask for MarkedAllocators because
281         their creation is under a lock.
282         
283         On my machine, this might be a 1.1% JetStream speed-up with 87% confidence and it might be
284         a 0.4% PLT3 slow-down with 92% confidence. Note that 0.4% on PLT3 is the level of systematic
285         error on PLT3 on my computer: I've seen definite 0.4% speed-ups and slow-downs that were not
286         confirmed by any bot. Let's see what the bots say.
287         
288         * CMakeLists.txt:
289         * JavaScriptCore.xcodeproj/project.pbxproj:
290         * bytecode/ObjectAllocationProfile.h:
291         (JSC::ObjectAllocationProfile::initialize):
292         * bytecode/PolymorphicAccess.cpp:
293         (JSC::AccessCase::generateImpl):
294         * dfg/DFGSpeculativeJIT.cpp:
295         (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
296         (JSC::DFG::SpeculativeJIT::compileMakeRope):
297         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
298         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
299         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
300         (JSC::DFG::SpeculativeJIT::emitAllocateButterfly):
301         * dfg/DFGSpeculativeJIT64.cpp:
302         (JSC::DFG::SpeculativeJIT::compile):
303         * ftl/FTLAbstractHeapRepository.h:
304         * ftl/FTLLowerDFGToB3.cpp:
305         (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
306         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
307         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
308         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
309         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
310         (JSC::FTL::DFG::LowerDFGToB3::allocatorForSize):
311         (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
312         (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell):
313         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
314         * heap/AllocatorAttributes.h:
315         (JSC::AllocatorAttributes::AllocatorAttributes):
316         * heap/ConstraintVolatility.h: Added.
317         (WTF::printInternal):
318         * heap/GCActivityCallback.cpp:
319         * heap/Heap.cpp:
320         (JSC::Heap::Heap):
321         (JSC::Heap::lastChanceToFinalize):
322         (JSC::Heap::markToFixpoint):
323         (JSC::Heap::updateObjectCounts):
324         (JSC::Heap::collectAllGarbage):
325         (JSC::Heap::collectInThread):
326         (JSC::Heap::stopTheWorld):
327         (JSC::Heap::updateAllocationLimits):
328         (JSC::Heap::bytesVisited):
329         (JSC::Heap::addCoreConstraints):
330         (JSC::Heap::addMarkingConstraint):
331         (JSC::Heap::notifyIsSafeToCollect):
332         (JSC::Heap::preventCollection):
333         (JSC::Heap::allowCollection):
334         (JSC::Heap::setMutatorShouldBeFenced):
335         (JSC::Heap::buildConstraintSet): Deleted.
336         (JSC::Heap::writeBarrierOpaqueRootSlow): Deleted.
337         (JSC::Heap::addMutatorShouldBeFencedCache): Deleted.
338         * heap/Heap.h:
339         (JSC::Heap::mutatorExecutionVersion):
340         (JSC::Heap::numOpaqueRoots):
341         (JSC::Heap::vm): Deleted.
342         (JSC::Heap::subspaceForObjectWithoutDestructor): Deleted.
343         (JSC::Heap::subspaceForObjectDestructor): Deleted.
344         (JSC::Heap::subspaceForAuxiliaryData): Deleted.
345         (JSC::Heap::allocatorForObjectWithoutDestructor): Deleted.
346         (JSC::Heap::allocatorForObjectWithDestructor): Deleted.
347         (JSC::Heap::allocatorForAuxiliaryData): Deleted.
348         * heap/HeapInlines.h:
349         (JSC::Heap::vm):
350         (JSC::Heap::allocateWithDestructor): Deleted.
351         (JSC::Heap::allocateWithoutDestructor): Deleted.
352         (JSC::Heap::allocateObjectOfType): Deleted.
353         (JSC::Heap::subspaceForObjectOfType): Deleted.
354         (JSC::Heap::allocatorForObjectOfType): Deleted.
355         (JSC::Heap::allocateAuxiliary): Deleted.
356         (JSC::Heap::tryAllocateAuxiliary): Deleted.
357         (JSC::Heap::tryReallocateAuxiliary): Deleted.
358         (JSC::Heap::ascribeOwner): Deleted.
359         (JSC::Heap::writeBarrierOpaqueRoot): Deleted.
360         * heap/LargeAllocation.cpp:
361         (JSC::LargeAllocation::tryCreate):
362         (JSC::LargeAllocation::LargeAllocation):
363         (JSC::LargeAllocation::~LargeAllocation):
364         (JSC::LargeAllocation::sweep):
365         * heap/LargeAllocation.h:
366         * heap/MarkedAllocator.cpp:
367         (JSC::MarkedAllocator::MarkedAllocator):
368         (JSC::MarkedAllocator::tryAllocateWithoutCollecting):
369         (JSC::MarkedAllocator::tryAllocateIn):
370         (JSC::MarkedAllocator::allocateSlowCaseImpl):
371         (JSC::MarkedAllocator::tryAllocateBlock):
372         (JSC::MarkedAllocator::shrink):
373         (JSC::MarkedAllocator::markedSpace):
374         * heap/MarkedAllocator.h:
375         (JSC::MarkedAllocator::nextAllocatorInSubspace):
376         (JSC::MarkedAllocator::setNextAllocatorInSubspace):
377         (JSC::MarkedAllocator::subspace):
378         (JSC::MarkedAllocator::tryAllocate): Deleted.
379         (JSC::MarkedAllocator::allocate): Deleted.
380         (JSC::MarkedAllocator::forEachBlock): Deleted.
381         * heap/MarkedAllocatorInlines.h: Added.
382         (JSC::MarkedAllocator::tryAllocate):
383         (JSC::MarkedAllocator::allocate):
384         (JSC::MarkedAllocator::forEachBlock):
385         (JSC::MarkedAllocator::forEachNotEmptyBlock):
386         * heap/MarkedBlock.cpp:
387         (JSC::MarkedBlock::Handle::subspace):
388         (JSC::MarkedBlock::Handle::sweep):
389         (JSC::MarkedBlock::Handle::specializedSweep): Deleted.
390         (JSC::MarkedBlock::Handle::sweepHelperSelectScribbleMode): Deleted.
391         (JSC::MarkedBlock::Handle::sweepHelperSelectEmptyMode): Deleted.
392         (JSC::MarkedBlock::Handle::sweepHelperSelectHasNewlyAllocated): Deleted.
393         (JSC::MarkedBlock::Handle::sweepHelperSelectSweepMode): Deleted.
394         (JSC::MarkedBlock::Handle::sweepHelperSelectMarksMode): Deleted.
395         * heap/MarkedBlock.h:
396         (JSC::MarkedBlock::Handle::visitWeakSet):
397         * heap/MarkedBlockInlines.h:
398         (JSC::MarkedBlock::Handle::isNewlyAllocatedStale):
399         (JSC::MarkedBlock::Handle::hasAnyNewlyAllocated):
400         (JSC::MarkedBlock::heap):
401         (JSC::MarkedBlock::space):
402         (JSC::MarkedBlock::Handle::space):
403         (JSC::MarkedBlock::Handle::specializedSweep):
404         (JSC::MarkedBlock::Handle::finishSweepKnowingSubspace):
405         (JSC::MarkedBlock::Handle::sweepDestructionMode):
406         (JSC::MarkedBlock::Handle::emptyMode):
407         (JSC::MarkedBlock::Handle::scribbleMode):
408         (JSC::MarkedBlock::Handle::newlyAllocatedMode):
409         (JSC::MarkedBlock::Handle::marksMode):
410         (JSC::MarkedBlock::Handle::forEachMarkedCell):
411         * heap/MarkedSpace.cpp:
412         (JSC::MarkedSpace::initializeSizeClassForStepSize):
413         (JSC::MarkedSpace::MarkedSpace):
414         (JSC::MarkedSpace::lastChanceToFinalize):
415         (JSC::MarkedSpace::addMarkedAllocator):
416         (JSC::MarkedSpace::allocate): Deleted.
417         (JSC::MarkedSpace::tryAllocate): Deleted.
418         (JSC::MarkedSpace::allocateLarge): Deleted.
419         (JSC::MarkedSpace::tryAllocateLarge): Deleted.
420         * heap/MarkedSpace.h:
421         (JSC::MarkedSpace::heap):
422         (JSC::MarkedSpace::allocatorLock):
423         (JSC::MarkedSpace::subspaceForObjectsWithDestructor): Deleted.
424         (JSC::MarkedSpace::subspaceForObjectsWithoutDestructor): Deleted.
425         (JSC::MarkedSpace::subspaceForAuxiliaryData): Deleted.
426         (JSC::MarkedSpace::allocatorFor): Deleted.
427         (JSC::MarkedSpace::destructorAllocatorFor): Deleted.
428         (JSC::MarkedSpace::auxiliaryAllocatorFor): Deleted.
429         (JSC::MarkedSpace::allocateWithoutDestructor): Deleted.
430         (JSC::MarkedSpace::allocateWithDestructor): Deleted.
431         (JSC::MarkedSpace::allocateAuxiliary): Deleted.
432         (JSC::MarkedSpace::tryAllocateAuxiliary): Deleted.
433         (JSC::MarkedSpace::forEachSubspace): Deleted.
434         * heap/MarkingConstraint.cpp:
435         (JSC::MarkingConstraint::MarkingConstraint):
436         * heap/MarkingConstraint.h:
437         (JSC::MarkingConstraint::volatility):
438         * heap/MarkingConstraintSet.cpp:
439         (JSC::MarkingConstraintSet::resetStats):
440         (JSC::MarkingConstraintSet::add):
441         (JSC::MarkingConstraintSet::executeConvergenceImpl):
442         * heap/MarkingConstraintSet.h:
443         * heap/SlotVisitor.cpp:
444         (JSC::SlotVisitor::visitChildren):
445         (JSC::SlotVisitor::visitAsConstraint):
446         (JSC::SlotVisitor::drain):
447         (JSC::SlotVisitor::addOpaqueRoot):
448         (JSC::SlotVisitor::mergeIfNecessary):
449         (JSC::SlotVisitor::mergeOpaqueRootsIfNecessary): Deleted.
450         * heap/SlotVisitor.h:
451         (JSC::SlotVisitor::setIgnoreNewOpaqueRoots):
452         * heap/SlotVisitorInlines.h:
453         (JSC::SlotVisitor::reportExtraMemoryVisited):
454         (JSC::SlotVisitor::reportExternalMemoryVisited):
455         * heap/Subspace.cpp: Added.
456         (JSC::Subspace::Subspace):
457         (JSC::Subspace::~Subspace):
458         (JSC::Subspace::finishSweep):
459         (JSC::Subspace::destroy):
460         (JSC::Subspace::allocate):
461         (JSC::Subspace::tryAllocate):
462         (JSC::Subspace::allocatorForSlow):
463         (JSC::Subspace::allocateSlow):
464         (JSC::Subspace::tryAllocateSlow):
465         * heap/Subspace.h: Added.
466         (JSC::Subspace::tryAllocatorFor):
467         (JSC::Subspace::allocatorFor):
468         * heap/SubspaceInlines.h: Added.
469         (JSC::Subspace::forEachMarkedBlock):
470         (JSC::Subspace::forEachNotEmptyMarkedBlock):
471         (JSC::Subspace::forEachLargeAllocation):
472         (JSC::Subspace::forEachMarkedCell):
473         * heap/WeakBlock.cpp:
474         (JSC::WeakBlock::specializedVisit):
475         * heap/WeakBlock.h:
476         * heap/WeakSet.h:
477         (JSC::WeakSet::visit):
478         * jit/AssemblyHelpers.h:
479         (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
480         (JSC::AssemblyHelpers::emitAllocateVariableSized):
481         (JSC::AssemblyHelpers::emitAllocateVariableSizedCell):
482         * jit/JITOpcodes.cpp:
483         (JSC::JIT::emit_op_new_object):
484         * jsc.cpp:
485         * runtime/ButterflyInlines.h:
486         (JSC::Butterfly::createUninitialized):
487         (JSC::Butterfly::growArrayRight):
488         * runtime/ClassInfo.h:
489         * runtime/ClonedArguments.cpp:
490         (JSC::ClonedArguments::createEmpty):
491         * runtime/DirectArguments.cpp:
492         (JSC::DirectArguments::overrideThings):
493         * runtime/GenericArgumentsInlines.h:
494         (JSC::GenericArguments<Type>::initModifiedArgumentsDescriptor):
495         * runtime/HashMapImpl.h:
496         (JSC::HashMapBuffer::create):
497         * runtime/JSArray.cpp:
498         (JSC::JSArray::tryCreateUninitialized):
499         (JSC::JSArray::unshiftCountSlowCase):
500         * runtime/JSArrayBufferView.cpp:
501         (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
502         * runtime/JSCell.h:
503         (JSC::subspaceFor):
504         * runtime/JSCellInlines.h:
505         (JSC::JSCell::visitOutputConstraints):
506         (JSC::JSCell::subspaceFor):
507         (JSC::allocateCell):
508         * runtime/JSDestructibleObject.h:
509         (JSC::JSDestructibleObject::subspaceFor):
510         * runtime/JSDestructibleObjectSubspace.cpp: Added.
511         (JSC::JSDestructibleObjectSubspace::JSDestructibleObjectSubspace):
512         (JSC::JSDestructibleObjectSubspace::~JSDestructibleObjectSubspace):
513         (JSC::JSDestructibleObjectSubspace::finishSweep):
514         (JSC::JSDestructibleObjectSubspace::destroy):
515         * runtime/JSDestructibleObjectSubspace.h: Added.
516         * runtime/JSObject.h:
517         (JSC::JSObject::JSObject):
518         * runtime/JSObjectInlines.h:
519         * runtime/JSSegmentedVariableObject.h:
520         * runtime/JSString.h:
521         (JSC::JSString::subspaceFor):
522         * runtime/JSStringSubspace.cpp: Added.
523         (JSC::JSStringSubspace::JSStringSubspace):
524         (JSC::JSStringSubspace::~JSStringSubspace):
525         (JSC::JSStringSubspace::finishSweep):
526         (JSC::JSStringSubspace::destroy):
527         * runtime/JSStringSubspace.h: Added.
528         * runtime/RegExpMatchesArray.h:
529         (JSC::tryCreateUninitializedRegExpMatchesArray):
530         * runtime/VM.cpp:
531         (JSC::VM::VM):
532         * runtime/VM.h:
533
534 2017-01-17  Michael Saboff  <msaboff@apple.com>
535
536         Nested parenthesized regular expressions with non-zero minimum counts appear to hang and use lots of memory
537         https://bugs.webkit.org/show_bug.cgi?id=167125
538
539         Reviewed by Filip Pizlo.
540
541         Changed Yarr to handle nested parenthesized subexpressions where the minimum count is
542         not 0 directly in the Yarr interpreter.  Previously we'd factor an expression like
543         (a|b)+ into (a|b)(a|b)* with special handling for captures.  This factoring was done
544         using a deep copy that doubled the size of the resulting expresion for each nested 
545         parenthesized subexpression.  Now the Yarr interpreter can directly process a regexp
546         like (a|b){2,42}.  
547
548         The parser will allow one level of nested, non-zero minimum, counted parenthesis using
549         the old copy method.  After one level, it will generate parenthesis terms with a non-zero
550         minimum.   Such an expression wasn't handled by the Yarr JIT before the change, so this
551         change isn't a performance regression.
552
553         Added a minimum count to the YarrPattern and ByteTerm classes, and then factored that
554         minimum into the interpreter.  A non-zero minimum is only handled by the Yarr interpreter.
555         If the Yarr JIT see such a term, it punts back to the interpreter.
556
557         * yarr/YarrInterpreter.cpp:
558         (JSC::Yarr::Interpreter::backtrackPatternCharacter):
559         (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
560         (JSC::Yarr::Interpreter::matchCharacterClass):
561         (JSC::Yarr::Interpreter::backtrackCharacterClass):
562         (JSC::Yarr::Interpreter::matchBackReference):
563         (JSC::Yarr::Interpreter::backtrackBackReference):
564         (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
565         (JSC::Yarr::Interpreter::matchParenthesesOnceEnd):
566         (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
567         (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
568         (JSC::Yarr::Interpreter::matchParenthesesTerminalBegin):
569         (JSC::Yarr::Interpreter::backtrackParenthesesTerminalBegin):
570         (JSC::Yarr::Interpreter::matchParentheticalAssertionBegin):
571         (JSC::Yarr::Interpreter::matchParentheticalAssertionEnd):
572         (JSC::Yarr::Interpreter::backtrackParentheticalAssertionBegin):
573         (JSC::Yarr::Interpreter::backtrackParentheticalAssertionEnd):
574         (JSC::Yarr::Interpreter::matchParentheses):
575         (JSC::Yarr::Interpreter::backtrackParentheses):
576         (JSC::Yarr::Interpreter::matchDisjunction):
577         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
578         (JSC::Yarr::ByteCompiler::atomCharacterClass):
579         (JSC::Yarr::ByteCompiler::atomBackReference):
580         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
581         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
582         (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
583         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
584         (JSC::Yarr::ByteCompiler::emitDisjunction):
585         * yarr/YarrInterpreter.h:
586         (JSC::Yarr::ByteTerm::ByteTerm):
587         * yarr/YarrJIT.cpp:
588         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
589         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
590         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
591         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
592         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
593         (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
594         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
595         (JSC::Yarr::YarrGenerator::generateTerm):
596         (JSC::Yarr::YarrGenerator::backtrackTerm):
597         (JSC::Yarr::YarrGenerator::generate):
598         (JSC::Yarr::YarrGenerator::backtrack):
599         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
600         * yarr/YarrPattern.cpp:
601         (JSC::Yarr::YarrPatternConstructor::copyTerm):
602         (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
603         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
604         (JSC::Yarr::YarrPattern::YarrPattern):
605         * yarr/YarrPattern.h:
606         (JSC::Yarr::PatternTerm::PatternTerm):
607         (JSC::Yarr::PatternTerm::quantify):
608         (JSC::Yarr::YarrPattern::reset):
609
610 2017-01-17  Joseph Pecoraro  <pecoraro@apple.com>
611
612         ENABLE(USER_TIMING) Not Defined for Apple Windows or OS X Ports
613         https://bugs.webkit.org/show_bug.cgi?id=116551
614         <rdar://problem/13949830>
615
616         Reviewed by Alex Christensen.
617
618         * Configurations/FeatureDefines.xcconfig:
619
620 2017-01-16  Filip Pizlo  <fpizlo@apple.com>
621
622         JSCell::classInfo() shouldn't have a bunch of mitigations for being called during destruction
623         https://bugs.webkit.org/show_bug.cgi?id=167066
624
625         Reviewed by Keith Miller and Michael Saboff.
626         
627         This reduces the size of JSCell::classInfo() by half and removes some checks that
628         this function previously had to do in case it was called from destructors.
629         
630         I changed all of the destructors so that they don't call JSCell::classInfo() and I
631         added an assertion to JSCell::classInfo() to catch cases where someone called it
632         from a destructor accidentally.
633         
634         This means that we only have one place in destruction that needs to know the class:
635         the sweeper's call to the destructor.
636         
637         One of the trickiest outcomes of this is the need to support inherits() tests in
638         JSObjectGetPrivate(), when it is called from the destructor callback on the object
639         being destructed. JSObjectGetPrivate() is undefined behavior anyway if you use it
640         on any dead-but-not-destructed object other than the one being destructed right
641         now. The purpose of the inherits() tests is to distinguish between different kinds
642         of CallbackObjects, which may have different kinds of base classes. I think that
643         this was always subtly wrong - for example, if the object being destructed is a
644         JSGlobalObject then it's not a DestructibleObject, is not in a destructor block,
645         but does not have an immortal Structure - so classInfo() is not valid. This fixes
646         the issue by having ~JSCallbackObject know its classInfo. It now stashes its
647         classInfo in VM so that JSObjectGetPrivate can use that classInfo if it detects
648         that it's being used on a currently-destructing object.
649         
650         That was the only really weird part of this patch. The rest is mostly removing
651         illegal uses of jsCast<> in destructors. There were a few other genuine uses of
652         classInfo() but they were in code that already knew how to get its classInfo()
653         using other means:
654         
655         - You can still say structure()->classInfo(), and I use this form in code that
656           knows that its StructureIsImmortal.
657         
658         - You can use this->classInfo() if it's overridden, like in subclasses of
659           JSDestructibleObject.
660         
661         Rolling this back in because I think I fixed the crashes.
662
663         * API/JSAPIWrapperObject.mm:
664         (JSAPIWrapperObjectHandleOwner::finalize):
665         * API/JSCallbackObject.h:
666         * API/JSCallbackObjectFunctions.h:
667         (JSC::JSCallbackObject<Parent>::~JSCallbackObject):
668         (JSC::JSCallbackObject<Parent>::init):
669         * API/JSObjectRef.cpp:
670         (classInfoPrivate):
671         (JSObjectGetPrivate):
672         (JSObjectSetPrivate):
673         * bytecode/EvalCodeBlock.cpp:
674         (JSC::EvalCodeBlock::destroy):
675         * bytecode/FunctionCodeBlock.cpp:
676         (JSC::FunctionCodeBlock::destroy):
677         * bytecode/ModuleProgramCodeBlock.cpp:
678         (JSC::ModuleProgramCodeBlock::destroy):
679         * bytecode/ProgramCodeBlock.cpp:
680         (JSC::ProgramCodeBlock::destroy):
681         * bytecode/UnlinkedEvalCodeBlock.cpp:
682         (JSC::UnlinkedEvalCodeBlock::destroy):
683         * bytecode/UnlinkedFunctionCodeBlock.cpp:
684         (JSC::UnlinkedFunctionCodeBlock::destroy):
685         * bytecode/UnlinkedFunctionExecutable.cpp:
686         (JSC::UnlinkedFunctionExecutable::destroy):
687         * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
688         (JSC::UnlinkedModuleProgramCodeBlock::destroy):
689         * bytecode/UnlinkedProgramCodeBlock.cpp:
690         (JSC::UnlinkedProgramCodeBlock::destroy):
691         * heap/CodeBlockSet.cpp:
692         (JSC::CodeBlockSet::lastChanceToFinalize):
693         (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
694         * heap/MarkedAllocator.cpp:
695         (JSC::MarkedAllocator::allocateSlowCaseImpl):
696         * heap/MarkedBlock.cpp:
697         (JSC::MarkedBlock::Handle::sweep):
698         * jit/JITThunks.cpp:
699         (JSC::JITThunks::finalize):
700         * runtime/AbstractModuleRecord.cpp:
701         (JSC::AbstractModuleRecord::destroy):
702         * runtime/ExecutableBase.cpp:
703         (JSC::ExecutableBase::clearCode):
704         * runtime/JSCellInlines.h:
705         (JSC::JSCell::classInfo):
706         (JSC::JSCell::callDestructor):
707         * runtime/JSLock.h:
708         (JSC::JSLock::ownerThread):
709         * runtime/JSModuleNamespaceObject.cpp:
710         (JSC::JSModuleNamespaceObject::destroy):
711         * runtime/JSModuleRecord.cpp:
712         (JSC::JSModuleRecord::destroy):
713         * runtime/JSPropertyNameEnumerator.cpp:
714         (JSC::JSPropertyNameEnumerator::destroy):
715         * runtime/JSSegmentedVariableObject.h:
716         * runtime/SymbolTable.cpp:
717         (JSC::SymbolTable::destroy):
718         * runtime/VM.h:
719         * wasm/js/JSWebAssemblyCallee.cpp:
720         (JSC::JSWebAssemblyCallee::destroy):
721         * wasm/js/WebAssemblyModuleRecord.cpp:
722         (JSC::WebAssemblyModuleRecord::destroy):
723         * wasm/js/WebAssemblyToJSCallee.cpp:
724         (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
725         (JSC::WebAssemblyToJSCallee::destroy):
726
727 2017-01-17  Filip Pizlo  <fpizlo@apple.com>
728
729         Unreviewed, roll out http://trac.webkit.org/changeset/210821
730         It was causing crashes.
731
732         * API/JSAPIWrapperObject.mm:
733         (JSAPIWrapperObjectHandleOwner::finalize):
734         * API/JSCallbackObject.h:
735         * API/JSCallbackObjectFunctions.h:
736         (JSC::JSCallbackObject<Parent>::~JSCallbackObject):
737         (JSC::JSCallbackObject<Parent>::init):
738         * API/JSObjectRef.cpp:
739         (JSObjectGetPrivate):
740         (JSObjectSetPrivate):
741         (classInfoPrivate): Deleted.
742         * bytecode/EvalCodeBlock.cpp:
743         (JSC::EvalCodeBlock::destroy):
744         * bytecode/FunctionCodeBlock.cpp:
745         (JSC::FunctionCodeBlock::destroy):
746         * bytecode/ModuleProgramCodeBlock.cpp:
747         (JSC::ModuleProgramCodeBlock::destroy):
748         * bytecode/ProgramCodeBlock.cpp:
749         (JSC::ProgramCodeBlock::destroy):
750         * bytecode/UnlinkedEvalCodeBlock.cpp:
751         (JSC::UnlinkedEvalCodeBlock::destroy):
752         * bytecode/UnlinkedFunctionCodeBlock.cpp:
753         (JSC::UnlinkedFunctionCodeBlock::destroy):
754         * bytecode/UnlinkedFunctionExecutable.cpp:
755         (JSC::UnlinkedFunctionExecutable::destroy):
756         * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
757         (JSC::UnlinkedModuleProgramCodeBlock::destroy):
758         * bytecode/UnlinkedProgramCodeBlock.cpp:
759         (JSC::UnlinkedProgramCodeBlock::destroy):
760         * heap/CodeBlockSet.cpp:
761         (JSC::CodeBlockSet::lastChanceToFinalize):
762         (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
763         * heap/MarkedAllocator.cpp:
764         (JSC::MarkedAllocator::allocateSlowCaseImpl):
765         * heap/MarkedBlock.cpp:
766         (JSC::MarkedBlock::Handle::sweep):
767         * jit/JITThunks.cpp:
768         (JSC::JITThunks::finalize):
769         * runtime/AbstractModuleRecord.cpp:
770         (JSC::AbstractModuleRecord::destroy):
771         * runtime/ExecutableBase.cpp:
772         (JSC::ExecutableBase::clearCode):
773         * runtime/JSCellInlines.h:
774         (JSC::JSCell::classInfo):
775         (JSC::JSCell::callDestructor):
776         * runtime/JSLock.h:
777         (JSC::JSLock::exclusiveThread):
778         (JSC::JSLock::ownerThread): Deleted.
779         * runtime/JSModuleNamespaceObject.cpp:
780         (JSC::JSModuleNamespaceObject::destroy):
781         * runtime/JSModuleRecord.cpp:
782         (JSC::JSModuleRecord::destroy):
783         * runtime/JSPropertyNameEnumerator.cpp:
784         (JSC::JSPropertyNameEnumerator::destroy):
785         * runtime/JSSegmentedVariableObject.h:
786         * runtime/SymbolTable.cpp:
787         (JSC::SymbolTable::destroy):
788         * runtime/VM.h:
789         * wasm/js/JSWebAssemblyCallee.cpp:
790         (JSC::JSWebAssemblyCallee::destroy):
791         * wasm/js/WebAssemblyModuleRecord.cpp:
792         (JSC::WebAssemblyModuleRecord::destroy):
793         * wasm/js/WebAssemblyToJSCallee.cpp:
794         (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
795         (JSC::WebAssemblyToJSCallee::destroy):
796
797 2017-01-16  Filip Pizlo  <fpizlo@apple.com>
798
799         JSCell::classInfo() shouldn't have a bunch of mitigations for being called during destruction
800         https://bugs.webkit.org/show_bug.cgi?id=167066
801
802         Reviewed by Keith Miller and Michael Saboff.
803         
804         This reduces the size of JSCell::classInfo() by half and removes some checks that
805         this function previously had to do in case it was called from destructors.
806         
807         I changed all of the destructors so that they don't call JSCell::classInfo() and I
808         added an assertion to JSCell::classInfo() to catch cases where someone called it
809         from a destructor accidentally.
810         
811         This means that we only have one place in destruction that needs to know the class:
812         the sweeper's call to the destructor.
813         
814         One of the trickiest outcomes of this is the need to support inherits() tests in
815         JSObjectGetPrivate(), when it is called from the destructor callback on the object
816         being destructed. JSObjectGetPrivate() is undefined behavior anyway if you use it
817         on any dead-but-not-destructed object other than the one being destructed right
818         now. The purpose of the inherits() tests is to distinguish between different kinds
819         of CallbackObjects, which may have different kinds of base classes. I think that
820         this was always subtly wrong - for example, if the object being destructed is a
821         JSGlobalObject then it's not a DestructibleObject, is not in a destructor block,
822         but does not have an immortal Structure - so classInfo() is not valid. This fixes
823         the issue by having ~JSCallbackObject know its classInfo. It now stashes its
824         classInfo in VM so that JSObjectGetPrivate can use that classInfo if it detects
825         that it's being used on a currently-destructing object.
826         
827         That was the only really weird part of this patch. The rest is mostly removing
828         illegal uses of jsCast<> in destructors. There were a few other genuine uses of
829         classInfo() but they were in code that already knew how to get its classInfo()
830         using other means:
831         
832         - You can still say structure()->classInfo(), and I use this form in code that
833           knows that its StructureIsImmortal.
834         
835         - You can use this->classInfo() if it's overridden, like in subclasses of
836           JSDestructibleObject.
837
838         * API/JSAPIWrapperObject.mm:
839         (JSAPIWrapperObjectHandleOwner::finalize):
840         * API/JSCallbackObject.h:
841         * API/JSCallbackObjectFunctions.h:
842         (JSC::JSCallbackObject<Parent>::~JSCallbackObject):
843         (JSC::JSCallbackObject<Parent>::init):
844         * API/JSObjectRef.cpp:
845         (classInfoPrivate):
846         (JSObjectGetPrivate):
847         (JSObjectSetPrivate):
848         * bytecode/EvalCodeBlock.cpp:
849         (JSC::EvalCodeBlock::destroy):
850         * bytecode/FunctionCodeBlock.cpp:
851         (JSC::FunctionCodeBlock::destroy):
852         * bytecode/ModuleProgramCodeBlock.cpp:
853         (JSC::ModuleProgramCodeBlock::destroy):
854         * bytecode/ProgramCodeBlock.cpp:
855         (JSC::ProgramCodeBlock::destroy):
856         * bytecode/UnlinkedEvalCodeBlock.cpp:
857         (JSC::UnlinkedEvalCodeBlock::destroy):
858         * bytecode/UnlinkedFunctionCodeBlock.cpp:
859         (JSC::UnlinkedFunctionCodeBlock::destroy):
860         * bytecode/UnlinkedFunctionExecutable.cpp:
861         (JSC::UnlinkedFunctionExecutable::destroy):
862         * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
863         (JSC::UnlinkedModuleProgramCodeBlock::destroy):
864         * bytecode/UnlinkedProgramCodeBlock.cpp:
865         (JSC::UnlinkedProgramCodeBlock::destroy):
866         * heap/CodeBlockSet.cpp:
867         (JSC::CodeBlockSet::lastChanceToFinalize):
868         (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
869         * heap/MarkedAllocator.cpp:
870         (JSC::MarkedAllocator::allocateSlowCaseImpl):
871         * heap/MarkedBlock.cpp:
872         (JSC::MarkedBlock::Handle::sweep):
873         * jit/JITThunks.cpp:
874         (JSC::JITThunks::finalize):
875         * runtime/AbstractModuleRecord.cpp:
876         (JSC::AbstractModuleRecord::destroy):
877         * runtime/ExecutableBase.cpp:
878         (JSC::ExecutableBase::clearCode):
879         * runtime/JSCellInlines.h:
880         (JSC::JSCell::classInfo):
881         (JSC::JSCell::callDestructor):
882         * runtime/JSLock.h:
883         (JSC::JSLock::ownerThread):
884         * runtime/JSModuleNamespaceObject.cpp:
885         (JSC::JSModuleNamespaceObject::destroy):
886         * runtime/JSModuleRecord.cpp:
887         (JSC::JSModuleRecord::destroy):
888         * runtime/JSPropertyNameEnumerator.cpp:
889         (JSC::JSPropertyNameEnumerator::destroy):
890         * runtime/JSSegmentedVariableObject.h:
891         * runtime/SymbolTable.cpp:
892         (JSC::SymbolTable::destroy):
893         * runtime/VM.h:
894         * wasm/js/JSWebAssemblyCallee.cpp:
895         (JSC::JSWebAssemblyCallee::destroy):
896         * wasm/js/WebAssemblyModuleRecord.cpp:
897         (JSC::WebAssemblyModuleRecord::destroy):
898         * wasm/js/WebAssemblyToJSCallee.cpp:
899         (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
900         (JSC::WebAssemblyToJSCallee::destroy):
901
902 2017-01-16  Joseph Pecoraro  <pecoraro@apple.com>
903
904         Remove the REQUEST_ANIMATION_FRAME flag
905         https://bugs.webkit.org/show_bug.cgi?id=156980
906         <rdar://problem/25906849>
907
908         Reviewed by Simon Fraser.
909
910         * Configurations/FeatureDefines.xcconfig:
911
912 2017-01-14  Yusuke Suzuki  <utatane.tea@gmail.com>
913
914         WebAssembly: Suppress warnings & errors in GCC
915         https://bugs.webkit.org/show_bug.cgi?id=167049
916
917         Reviewed by Sam Weinig.
918
919         * wasm/WasmFunctionParser.h:
920         Add missing { } after the switch. Ideally, it is not necessary.
921         But in GCC, it is required. Since this function is fairly large,
922         I think the code generated by this does not cause performance
923         regression.
924
925         * wasm/WasmPageCount.h:
926         UINT_MAX is defined in limits.h.
927
928         * wasm/generateWasmValidateInlinesHeader.py:
929         On the other hand, we use this suppress pragma here to solve the
930         same problem in wasm/WasmFunctionParser.h. Since the load function
931         is fairly small, the additional `return { };` may generate some
932         suboptimal code. See bug 150794 for more detail.
933
934 2017-01-14  Yusuke Suzuki  <utatane.tea@gmail.com>
935
936         Reserve capacity for StringBuilder in unescape
937         https://bugs.webkit.org/show_bug.cgi?id=167008
938
939         Reviewed by Sam Weinig.
940
941         `unescape` function is frequently called in Kraken sha256-iterative.
942         This patch just reserves the capacity for the StringBuilder.
943
944         Currently, we select the length of the string for the reserved capacity.
945         It improves the performance 2.73%.
946
947             Benchmark report for Kraken on sakura-trick.
948
949             VMs tested:
950             "baseline" at /home/yusukesuzuki/dev/WebKit/WebKitBuild/untot/Release/bin/jsc
951             "patched" at /home/yusukesuzuki/dev/WebKit/WebKitBuild/un/Release/bin/jsc
952
953             Collected 100 samples per benchmark/VM, with 100 VM invocations per benchmark. Emitted a call to gc() between
954             sample measurements. Used 1 benchmark iteration per VM invocation for warm-up. Used the jsc-specific preciseTime()
955             function to get microsecond-level timing. Reporting benchmark execution times with 95% confidence intervals in
956             milliseconds.
957
958                                                        baseline                  patched
959
960             stanford-crypto-sha256-iterative        51.609+-0.672             50.237+-0.860           might be 1.0273x faster
961
962             <arithmetic>                            51.609+-0.672             50.237+-0.860           might be 1.0273x faster
963
964         * runtime/JSGlobalObjectFunctions.cpp:
965         (JSC::globalFuncUnescape):
966
967 2017-01-13  Joseph Pecoraro  <pecoraro@apple.com>
968
969         Remove ENABLE(DETAILS_ELEMENT) guards
970         https://bugs.webkit.org/show_bug.cgi?id=167042
971
972         Reviewed by Alex Christensen.
973
974         * Configurations/FeatureDefines.xcconfig:
975
976 2017-01-11  Darin Adler  <darin@apple.com>
977
978         Remove PassRefPtr from more of "platform"
979         https://bugs.webkit.org/show_bug.cgi?id=166809
980
981         Reviewed by Sam Weinig.
982
983         * inspector/JSInjectedScriptHost.h:
984         (Inspector::JSInjectedScriptHost::impl): Simplified code since we don't need a
985         const_cast here any more.
986         * runtime/PrivateName.h:
987         (JSC::PrivateName::uid): Ditto.
988
989 2017-01-13  Ryan Haddad  <ryanhaddad@apple.com>
990
991         Unreviewed, rolling out r210735.
992
993         This change introduced LayoutTest and JSC test flakiness.
994
995         Reverted changeset:
996
997         "Reserve capacity for StringBuilder in unescape"
998         https://bugs.webkit.org/show_bug.cgi?id=167008
999         http://trac.webkit.org/changeset/210735
1000
1001 2017-01-13  Saam Barati  <sbarati@apple.com>
1002
1003         Initialize the ArraySpecies watchpoint as Clear and transition to IsWatched once slice is called for the first time
1004         https://bugs.webkit.org/show_bug.cgi?id=167017
1005         <rdar://problem/30019309>
1006
1007         Reviewed by Keith Miller and Filip Pizlo.
1008
1009         This patch is to reverse the JSBench regression from r210695.
1010         
1011         The new state diagram for the array species watchpoint is as
1012         follows:
1013         
1014         1. On GlobalObject construction, it starts life out as ClearWatchpoint.
1015         2. When slice is called for the first time, we observe the state
1016         of the world, and either transition it to IsWatched if we were able
1017         to set up the object property conditions, or to IsInvalidated if we
1018         were not.
1019         3. The DFG compiler will now only lower slice as an intrinsic if
1020         it observed the speciesWatchpoint.state() as IsWatched.
1021         4. The IsWatched => IsInvalidated transition happens only when
1022         one of the object property condition watchpoints fire.
1023
1024         * dfg/DFGByteCodeParser.cpp:
1025         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1026         * runtime/ArrayPrototype.cpp:
1027         (JSC::speciesWatchpointIsValid):
1028         (JSC::speciesConstructArray):
1029         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1030         (JSC::ArrayPrototype::tryInitializeSpeciesWatchpoint):
1031         (JSC::ArrayPrototype::initializeSpeciesWatchpoint): Deleted.
1032         * runtime/ArrayPrototype.h:
1033         * runtime/JSGlobalObject.cpp:
1034         (JSC::JSGlobalObject::JSGlobalObject):
1035         (JSC::JSGlobalObject::init):
1036
1037 2017-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1038
1039         Reserve capacity for StringBuilder in unescape
1040         https://bugs.webkit.org/show_bug.cgi?id=167008
1041
1042         Reviewed by Sam Weinig.
1043
1044         `unescape` function is frequently called in Kraken sha256-iterative.
1045         This patch just reserves the capacity for the StringBuilder.
1046
1047         Currently, we select the length of the string for the reserved capacity.
1048         It improves the performance 2.73%.
1049
1050             Benchmark report for Kraken on sakura-trick.
1051
1052             VMs tested:
1053             "baseline" at /home/yusukesuzuki/dev/WebKit/WebKitBuild/untot/Release/bin/jsc
1054             "patched" at /home/yusukesuzuki/dev/WebKit/WebKitBuild/un/Release/bin/jsc
1055
1056             Collected 100 samples per benchmark/VM, with 100 VM invocations per benchmark. Emitted a call to gc() between
1057             sample measurements. Used 1 benchmark iteration per VM invocation for warm-up. Used the jsc-specific preciseTime()
1058             function to get microsecond-level timing. Reporting benchmark execution times with 95% confidence intervals in
1059             milliseconds.
1060
1061                                                        baseline                  patched
1062
1063             stanford-crypto-sha256-iterative        51.609+-0.672             50.237+-0.860           might be 1.0273x faster
1064
1065             <arithmetic>                            51.609+-0.672             50.237+-0.860           might be 1.0273x faster
1066
1067         * runtime/JSGlobalObjectFunctions.cpp:
1068         (JSC::globalFuncUnescape):
1069
1070 2017-01-12  Saam Barati  <sbarati@apple.com>
1071
1072         Add a slice intrinsic to the DFG/FTL
1073         https://bugs.webkit.org/show_bug.cgi?id=166707
1074         <rdar://problem/29913445>
1075
1076         Reviewed by Filip Pizlo.
1077
1078         The gist of this patch is to inline Array.prototype.slice
1079         into the DFG/FTL. The implementation in the DFG-backend
1080         and FTLLowerDFGToB3 is just a straight forward implementation
1081         of what the C function is doing. The more interesting bits
1082         of this patch are setting up the proper watchpoints and conditions
1083         in the executing code to prove that its safe to skip all of the
1084         observable JS actions that Array.prototype.slice normally does.
1085         
1086         We perform the following proofs:
1087         1. Array.prototype.constructor has not changed (via a watchpoint).
1088         2. That Array.prototype.constructor[Symbol.species] has not changed (via a watchpoint).
1089         3. The global object is not having a bad time.
1090         4. The array that is being sliced has an original array structure.
1091         5. Array.prototype/Object.prototype have not transitioned.
1092         
1093         Conditions 1, 2, and 3 are strictly required.
1094         
1095         4 is ensuring a couple things:
1096         1. That a "constructor" property hasn't been added to the array
1097         we're slicing since we're supposed to perform a Get(array, "constructor").
1098         2. That we're not slicing an instance of a subclass of Array.
1099         
1100         We could relax 4.1 in the future if we find other ways to test if
1101         the incoming array hasn't changed the "constructor" property. We
1102         would probably use TryGetById to do this.
1103         
1104         I'm seeing a 5% speedup on crypto-pbkdf2 and often a 1% speedup on
1105         the total benchmark (the results are sometimes noisy).
1106
1107         * dfg/DFGAbstractInterpreterInlines.h:
1108         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1109         * dfg/DFGByteCodeParser.cpp:
1110         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1111         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1112         (JSC::DFG::CallArrayAllocatorWithVariableStructureVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableStructureVariableSizeSlowPathGenerator):
1113         * dfg/DFGClobberize.h:
1114         (JSC::DFG::clobberize):
1115         * dfg/DFGDoesGC.cpp:
1116         (JSC::DFG::doesGC):
1117         * dfg/DFGFixupPhase.cpp:
1118         (JSC::DFG::FixupPhase::fixupNode):
1119         * dfg/DFGNodeType.h:
1120         * dfg/DFGPredictionPropagationPhase.cpp:
1121         * dfg/DFGSafeToExecute.h:
1122         (JSC::DFG::safeToExecute):
1123         * dfg/DFGSpeculativeJIT.cpp:
1124         (JSC::DFG::SpeculativeJIT::compileArraySlice):
1125         (JSC::DFG::SpeculativeJIT::emitAllocateButterfly):
1126         * dfg/DFGSpeculativeJIT.h:
1127         * dfg/DFGSpeculativeJIT32_64.cpp:
1128         (JSC::DFG::SpeculativeJIT::compile):
1129         (JSC::DFG::SpeculativeJIT::emitInitializeButterfly):
1130         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
1131         * dfg/DFGSpeculativeJIT64.cpp:
1132         (JSC::DFG::SpeculativeJIT::compile):
1133         (JSC::DFG::SpeculativeJIT::emitInitializeButterfly):
1134         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
1135         * ftl/FTLAbstractHeapRepository.h:
1136         * ftl/FTLCapabilities.cpp:
1137         (JSC::FTL::canCompile):
1138         * ftl/FTLLowerDFGToB3.cpp:
1139         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1140         (JSC::FTL::DFG::LowerDFGToB3::compileArraySlice):
1141         (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
1142         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
1143         (JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
1144         (JSC::FTL::DFG::LowerDFGToB3::storeStructure):
1145         (JSC::FTL::DFG::LowerDFGToB3::allocateCell):
1146         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
1147         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
1148         (JSC::FTL::DFG::LowerDFGToB3::allocateUninitializedContiguousJSArray):
1149         * jit/AssemblyHelpers.cpp:
1150         (JSC::AssemblyHelpers::emitLoadStructure):
1151         * runtime/ArrayPrototype.cpp:
1152         (JSC::ArrayPrototype::finishCreation):
1153         (JSC::speciesWatchpointIsValid):
1154         (JSC::speciesConstructArray):
1155         (JSC::arrayProtoFuncSlice):
1156         (JSC::arrayProtoPrivateFuncConcatMemcpy):
1157         (JSC::ArrayPrototype::initializeSpeciesWatchpoint):
1158         (JSC::ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire):
1159         (JSC::speciesWatchpointsValid): Deleted.
1160         (JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint): Deleted.
1161         * runtime/ArrayPrototype.h:
1162         (JSC::ArrayPrototype::speciesWatchpointStatus): Deleted.
1163         (): Deleted.
1164         * runtime/Intrinsic.h:
1165         * runtime/JSGlobalObject.cpp:
1166         (JSC::JSGlobalObject::JSGlobalObject):
1167         (JSC::JSGlobalObject::init):
1168         * runtime/JSGlobalObject.h:
1169         (JSC::JSGlobalObject::arraySpeciesWatchpoint):
1170         * runtime/Structure.h:
1171
1172 2017-01-12  Saam Barati  <sbarati@apple.com>
1173
1174         Concurrent GC has a bug where we would detect a race but fail to rescan the object
1175         https://bugs.webkit.org/show_bug.cgi?id=166960
1176         <rdar://problem/29983526>
1177
1178         Reviewed by Filip Pizlo and Mark Lam.
1179
1180         We have code like this in JSC:
1181         
1182         ```
1183         Butterfly* butterfly = allocateMoreOutOfLineStorage(vm, oldOutOfLineCapacity, newOutOfLineCapacity);
1184         nukeStructureAndSetButterfly(vm, structureID, butterfly);
1185         structure->setLastOffset(newLastOffset);
1186         WTF::storeStoreFence();
1187         setStructureIDDirectly(structureID);
1188         ```
1189         
1190         Note that the collector could detect a race here, which sometimes
1191         incorrectly caused us to not visit the object again.
1192         
1193         Mutator Thread: M, Collector Thread: C, assuming sequential consistency via
1194         proper barriers:
1195         
1196         M: allocate new butterfly
1197         M: Set nuked structure ID
1198         M: Set butterfly (this does a barrier)
1199         C: Start scanning O
1200         C: load structure ID
1201         C: See it's nuked and bail, (we used to rely on a write barrier to rescan).
1202         
1203         We sometimes never rescanned here because we were calling
1204         setStructureIDDirectly which doesn't do a write barrier.
1205         (Note, the places that do this but call setStructure were
1206         OK because setStructure will perform a write barrier.)
1207         
1208         (This same issue also existed in places where the collector thread
1209         detected races for Structure::m_offset, but places that changed
1210         Structure::m_offset didn't perform a write barrier on the object
1211         after changing its Structure's m_offset.)
1212         
1213         To prevent such code from requiring every call site to perform
1214         a write barrier on the object, I've changed the collector code
1215         to keep a stack of cells to be revisited due to races. This stack
1216         is then consulted when we do marking. Because such races are rare,
1217         we have a single stack on Heap that is guarded by a lock.
1218
1219         * heap/Heap.cpp:
1220         (JSC::Heap::Heap):
1221         (JSC::Heap::~Heap):
1222         (JSC::Heap::markToFixpoint):
1223         (JSC::Heap::endMarking):
1224         (JSC::Heap::buildConstraintSet):
1225         (JSC::Heap::addToRaceMarkStack):
1226         * heap/Heap.h:
1227         (JSC::Heap::collectorSlotVisitor):
1228         (JSC::Heap::mutatorMarkStack): Deleted.
1229         * heap/SlotVisitor.cpp:
1230         (JSC::SlotVisitor::didRace):
1231         * heap/SlotVisitor.h:
1232         (JSC::SlotVisitor::didRace):
1233         (JSC::SlotVisitor::didNotRace): Deleted.
1234         * heap/SlotVisitorInlines.h:
1235         (JSC::SlotVisitor::didNotRace): Deleted.
1236         * runtime/JSObject.cpp:
1237         (JSC::JSObject::visitButterfly):
1238         (JSC::JSObject::visitButterflyImpl):
1239         * runtime/JSObjectInlines.h:
1240         (JSC::JSObject::prepareToPutDirectWithoutTransition):
1241         * runtime/Structure.cpp:
1242         (JSC::Structure::flattenDictionaryStructure):
1243
1244 2017-01-12  Chris Dumez  <cdumez@apple.com>
1245
1246         Add KEYBOARD_KEY_ATTRIBUTE / KEYBOARD_CODE_ATTRIBUTE to FeatureDefines.xcconfig
1247         https://bugs.webkit.org/show_bug.cgi?id=166995
1248
1249         Reviewed by Jer Noble.
1250
1251         Add KEYBOARD_KEY_ATTRIBUTE / KEYBOARD_CODE_ATTRIBUTE to FeatureDefines.xcconfig
1252         as some people are having trouble building without it.
1253
1254         * Configurations/FeatureDefines.xcconfig:
1255
1256 2017-01-12  Yusuke Suzuki  <utatane.tea@gmail.com>
1257
1258         Implement InlineClassicScript
1259         https://bugs.webkit.org/show_bug.cgi?id=166925
1260
1261         Reviewed by Ryosuke Niwa.
1262
1263         Add ScriptFetcher field for SourceOrigin.
1264
1265         * runtime/SourceOrigin.h:
1266         (JSC::SourceOrigin::SourceOrigin):
1267         (JSC::SourceOrigin::fetcher):
1268
1269 2017-01-11  Andreas Kling  <akling@apple.com>
1270
1271         Crash when WebCore's GC heap grows way too large.
1272         <https://webkit.org/b/166875>
1273         <rdar://problem/27896585>
1274
1275         Reviewed by Mark Lam.
1276
1277         Add a simple API to JSC::Heap that allows setting a hard limit on the amount
1278         of live bytes. If this is exceeded, we crash with a recognizable signature.
1279         By default there is no limit.
1280
1281         * heap/Heap.cpp:
1282         (JSC::Heap::didExceedMaxLiveSize):
1283         (JSC::Heap::updateAllocationLimits):
1284         * heap/Heap.h:
1285         (JSC::Heap::setMaxLiveSize):
1286
1287 2017-01-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1288
1289         Decouple module loading initiator from ScriptElement
1290         https://bugs.webkit.org/show_bug.cgi?id=166888
1291
1292         Reviewed by Saam Barati and Ryosuke Niwa.
1293
1294         Add ScriptFetcher and JSScriptFetcher.
1295
1296         * CMakeLists.txt:
1297         * JavaScriptCore.xcodeproj/project.pbxproj:
1298         * builtins/ModuleLoaderPrototype.js:
1299         (requestFetch):
1300         (requestInstantiate):
1301         (requestSatisfy):
1302         (requestInstantiateAll):
1303         (requestLink):
1304         (moduleEvaluation):
1305         (loadAndEvaluateModule):
1306         (importModule):
1307         * llint/LLIntData.cpp:
1308         (JSC::LLInt::Data::performAssertions):
1309         * llint/LowLevelInterpreter.asm:
1310         * runtime/Completion.cpp:
1311         (JSC::loadAndEvaluateModule):
1312         (JSC::loadModule):
1313         (JSC::linkAndEvaluateModule):
1314         * runtime/Completion.h:
1315         * runtime/JSModuleLoader.cpp:
1316         (JSC::JSModuleLoader::loadAndEvaluateModule):
1317         (JSC::JSModuleLoader::loadModule):
1318         (JSC::JSModuleLoader::linkAndEvaluateModule):
1319         (JSC::JSModuleLoader::resolve):
1320         (JSC::JSModuleLoader::fetch):
1321         (JSC::JSModuleLoader::instantiate):
1322         (JSC::JSModuleLoader::evaluate):
1323         * runtime/JSModuleLoader.h:
1324         * runtime/JSScriptFetcher.cpp: Copied from Source/WebCore/dom/LoadableScript.cpp.
1325         (JSC::JSScriptFetcher::destroy):
1326         * runtime/JSScriptFetcher.h: Added.
1327         (JSC::JSScriptFetcher::createStructure):
1328         (JSC::JSScriptFetcher::create):
1329         (JSC::JSScriptFetcher::fetcher):
1330         (JSC::JSScriptFetcher::JSScriptFetcher):
1331         * runtime/JSType.h:
1332         * runtime/ScriptFetcher.h: Copied from Source/WebCore/dom/LoadableScript.cpp.
1333         (JSC::ScriptFetcher::~ScriptFetcher):
1334         * runtime/VM.cpp:
1335         (JSC::VM::VM):
1336         * runtime/VM.h:
1337
1338 2017-01-10  Yusuke Suzuki  <utatane.tea@gmail.com>
1339
1340         Implement JSSourceCode to propagate SourceCode in module pipeline
1341         https://bugs.webkit.org/show_bug.cgi?id=166861
1342
1343         Reviewed by Saam Barati.
1344
1345         Instead of propagating source code string, we propagate JSSourceCode
1346         cell in the module pipeline. This allows us to attach a metadata
1347         to the propagated source code string. In particular, it propagates
1348         SourceOrigin through the module pipeline.
1349
1350         And it also fixes JSC shell to use Module source type for module source code.
1351
1352         * CMakeLists.txt:
1353         * JavaScriptCore.xcodeproj/project.pbxproj:
1354         * builtins/ModuleLoaderPrototype.js:
1355         (fulfillFetch):
1356         (requestFetch):
1357         * jsc.cpp:
1358         (GlobalObject::moduleLoaderFetch):
1359         (runWithScripts):
1360         * llint/LLIntData.cpp:
1361         (JSC::LLInt::Data::performAssertions):
1362         * llint/LowLevelInterpreter.asm:
1363         * runtime/Completion.cpp:
1364         (JSC::loadAndEvaluateModule):
1365         (JSC::loadModule):
1366         * runtime/JSModuleLoader.cpp:
1367         (JSC::JSModuleLoader::provide):
1368         * runtime/JSModuleLoader.h:
1369         * runtime/JSSourceCode.cpp: Added.
1370         (JSC::JSSourceCode::destroy):
1371         * runtime/JSSourceCode.h: Added.
1372         (JSC::JSSourceCode::createStructure):
1373         (JSC::JSSourceCode::create):
1374         (JSC::JSSourceCode::sourceCode):
1375         (JSC::JSSourceCode::JSSourceCode):
1376         * runtime/JSType.h:
1377         * runtime/ModuleLoaderPrototype.cpp:
1378         (JSC::moduleLoaderPrototypeParseModule):
1379         * runtime/VM.cpp:
1380         (JSC::VM::VM):
1381         * runtime/VM.h:
1382
1383 2017-01-10  Commit Queue  <commit-queue@webkit.org>
1384
1385         Unreviewed, rolling out r210052.
1386         https://bugs.webkit.org/show_bug.cgi?id=166915
1387
1388         "breaks web compatability" (Requested by keith_miller on
1389         #webkit).
1390
1391         Reverted changeset:
1392
1393         "Add support for global"
1394         https://bugs.webkit.org/show_bug.cgi?id=165171
1395         http://trac.webkit.org/changeset/210052
1396
1397 2017-01-10  Sam Weinig  <sam@webkit.org>
1398
1399         [WebIDL] Remove most of the custom bindings for the WebGL code
1400         https://bugs.webkit.org/show_bug.cgi?id=166834
1401
1402         Reviewed by Alex Christensen.
1403
1404         * runtime/ArrayPrototype.h:
1405         * runtime/ObjectPrototype.h:
1406         Export the ClassInfo so it can be used from WebCore.
1407
1408 2017-01-09  Filip Pizlo  <fpizlo@apple.com>
1409
1410         Streamline the GC barrier slowpath
1411         https://bugs.webkit.org/show_bug.cgi?id=166878
1412
1413         Reviewed by Geoffrey Garen and Saam Barati.
1414         
1415         This implements two optimizations to the barrier:
1416         
1417         - Removes the write barrier buffer. This was just overhead.
1418         
1419         - Teaches the slow path how to white an object that was black but unmarked, ensuring that
1420           we don't take slow path for this object again.
1421
1422         * JavaScriptCore.xcodeproj/project.pbxproj:
1423         * dfg/DFGSpeculativeJIT.cpp:
1424         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
1425         * ftl/FTLLowerDFGToB3.cpp:
1426         (JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
1427         * heap/CellState.h:
1428         * heap/Heap.cpp:
1429         (JSC::Heap::Heap):
1430         (JSC::Heap::markToFixpoint):
1431         (JSC::Heap::addToRememberedSet):
1432         (JSC::Heap::stopTheWorld):
1433         (JSC::Heap::writeBarrierSlowPath):
1434         (JSC::Heap::buildConstraintSet):
1435         (JSC::Heap::flushWriteBarrierBuffer): Deleted.
1436         * heap/Heap.h:
1437         (JSC::Heap::writeBarrierBuffer): Deleted.
1438         * heap/SlotVisitor.cpp:
1439         (JSC::SlotVisitor::appendJSCellOrAuxiliary):
1440         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1441         (JSC::SlotVisitor::appendToMarkStack):
1442         (JSC::SlotVisitor::visitChildren):
1443         * heap/WriteBarrierBuffer.cpp: Removed.
1444         * heap/WriteBarrierBuffer.h: Removed.
1445         * jit/JITOperations.cpp:
1446         * jit/JITOperations.h:
1447         * runtime/JSCellInlines.h:
1448         (JSC::JSCell::JSCell):
1449         * runtime/StructureIDBlob.h:
1450         (JSC::StructureIDBlob::StructureIDBlob):
1451
1452 2017-01-10  Mark Lam  <mark.lam@apple.com>
1453
1454         Property setters should not be called for bound arguments list entries.
1455         https://bugs.webkit.org/show_bug.cgi?id=165631
1456
1457         Reviewed by Filip Pizlo.
1458
1459         * builtins/FunctionPrototype.js:
1460         (bind):
1461         - use @putByValDirect to set the bound arguments so that we don't consult the
1462           prototype chain for setters.
1463
1464         * runtime/IntlDateTimeFormatPrototype.cpp:
1465         (JSC::IntlDateTimeFormatPrototypeGetterFormat):
1466         * runtime/IntlNumberFormatPrototype.cpp:
1467         (JSC::IntlNumberFormatPrototypeGetterFormat):
1468         - no need to create a bound arguments array because these bound functions binds
1469           no arguments according to the spec.
1470
1471 2017-01-10  Skachkov Oleksandr  <gskachkov@gmail.com>
1472
1473         Calling async arrow function which is in a class's member function will cause error
1474         https://bugs.webkit.org/show_bug.cgi?id=166879
1475
1476         Reviewed by Saam Barati.
1477
1478         Current patch fixed loading 'super' in async arrow function. Errored appear becuase 
1479         super was loaded always nevertherless if it used in async arrow function or not, but bytecompiler
1480         put to arrow function context only if it used within arrow function. So to fix this issue we need to 
1481         check if super was used in arrow function. 
1482
1483         * bytecompiler/BytecodeGenerator.h:
1484         * bytecompiler/NodesCodegen.cpp:
1485         (JSC::FunctionNode::emitBytecode):
1486
1487 2017-01-10  Commit Queue  <commit-queue@webkit.org>
1488
1489         Unreviewed, rolling out r210537.
1490         https://bugs.webkit.org/show_bug.cgi?id=166903
1491
1492         This change introduced JSC test failures (Requested by
1493         ryanhaddad on #webkit).
1494
1495         Reverted changeset:
1496
1497         "Implement JSSourceCode to propagate SourceCode in module
1498         pipeline"
1499         https://bugs.webkit.org/show_bug.cgi?id=166861
1500         http://trac.webkit.org/changeset/210537
1501
1502 2017-01-10  Commit Queue  <commit-queue@webkit.org>
1503
1504         Unreviewed, rolling out r210540.
1505         https://bugs.webkit.org/show_bug.cgi?id=166896
1506
1507         too crude for non-WebCore clients (Requested by kling on
1508         #webkit).
1509
1510         Reverted changeset:
1511
1512         "Crash when GC heap grows way too large."
1513         https://bugs.webkit.org/show_bug.cgi?id=166875
1514         http://trac.webkit.org/changeset/210540
1515
1516 2017-01-09  Filip Pizlo  <fpizlo@apple.com>
1517
1518         JSArray has some object scanning races
1519         https://bugs.webkit.org/show_bug.cgi?id=166874
1520
1521         Reviewed by Mark Lam.
1522         
1523         This fixes two separate bugs, both of which I detected by running
1524         array-splice-contiguous.js in extreme anger:
1525         
1526         1) Some of the paths of shifting and unshifting were not grabbing the internal cell
1527            lock. This was causing the array storage scan to crash, even though it was well
1528            synchronized (the scan does hold the lock). The fix is just to hold the lock anywhere
1529            that memmoves the innards of the butterfly.
1530         
1531         2) Out of line property scanning was synchronized using double collect snapshot. Array
1532            storage scanning was synchronized using locks. But what if array storage
1533            transformations messed up the out of line properties? It turns out that we actually
1534            need to hoist the array storage scanner's locking up into the double collect
1535            snapshot.
1536         
1537         I don't know how to write a test that does any better of a job of catching this than
1538         array-splice-contiguous.js.
1539
1540         * heap/DeferGC.h: Make DisallowGC usable even if NDEBUG.
1541         * runtime/JSArray.cpp:
1542         (JSC::JSArray::unshiftCountSlowCase):
1543         (JSC::JSArray::shiftCountWithArrayStorage):
1544         (JSC::JSArray::unshiftCountWithArrayStorage):
1545         * runtime/JSObject.cpp:
1546         (JSC::JSObject::visitButterflyImpl):
1547
1548 2017-01-10  Andreas Kling  <akling@apple.com>
1549
1550         Crash when GC heap grows way too large.
1551         <https://webkit.org/b/166875>
1552         <rdar://problem/27896585>
1553
1554         Reviewed by Mark Lam.
1555
1556         Hard cap the JavaScript heap at 4GB of live objects (determined post-GC.)
1557         If we go past this limit, crash with a recognizable signature.
1558
1559         * heap/Heap.cpp:
1560         (JSC::Heap::didExceedHeapSizeLimit):
1561         (JSC::Heap::updateAllocationLimits):
1562
1563 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
1564
1565         Implement JSSourceCode to propagate SourceCode in module pipeline
1566         https://bugs.webkit.org/show_bug.cgi?id=166861
1567
1568         Reviewed by Saam Barati.
1569
1570         Instead of propagating source code string, we propagate JSSourceCode
1571         cell in the module pipeline. This allows us to attach a metadata
1572         to the propagated source code string. In particular, it propagates
1573         SourceOrigin through the module pipeline.
1574
1575         * CMakeLists.txt:
1576         * JavaScriptCore.xcodeproj/project.pbxproj:
1577         * builtins/ModuleLoaderPrototype.js:
1578         (fulfillFetch):
1579         (requestFetch):
1580         * jsc.cpp:
1581         (GlobalObject::moduleLoaderFetch):
1582         * llint/LLIntData.cpp:
1583         (JSC::LLInt::Data::performAssertions):
1584         * llint/LowLevelInterpreter.asm:
1585         * runtime/Completion.cpp:
1586         (JSC::loadAndEvaluateModule):
1587         (JSC::loadModule):
1588         * runtime/JSModuleLoader.cpp:
1589         (JSC::JSModuleLoader::provide):
1590         * runtime/JSModuleLoader.h:
1591         * runtime/JSSourceCode.cpp: Added.
1592         (JSC::JSSourceCode::destroy):
1593         * runtime/JSSourceCode.h: Added.
1594         (JSC::JSSourceCode::createStructure):
1595         (JSC::JSSourceCode::create):
1596         (JSC::JSSourceCode::sourceCode):
1597         (JSC::JSSourceCode::JSSourceCode):
1598         * runtime/JSType.h:
1599         * runtime/ModuleLoaderPrototype.cpp:
1600         (JSC::moduleLoaderPrototypeParseModule):
1601         * runtime/VM.cpp:
1602         (JSC::VM::VM):
1603         * runtime/VM.h:
1604
1605 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
1606
1607         REGRESSION (r210522): ASSERTION FAILED: divot.offset >= divotStart.offset seen with stress/import-basic.js and stress/import-from-eval.js
1608         https://bugs.webkit.org/show_bug.cgi?id=166873
1609
1610         Reviewed by Saam Barati.
1611
1612         The divot should be the end of `import` token.
1613
1614         * parser/Parser.cpp:
1615         (JSC::Parser<LexerType>::parseMemberExpression):
1616
1617 2017-01-09  Filip Pizlo  <fpizlo@apple.com>
1618
1619         Unreviewed, fix cloop.
1620
1621         * dfg/DFGPlanInlines.h:
1622
1623 2017-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>
1624
1625         [JSC] Prototype dynamic-import
1626         https://bugs.webkit.org/show_bug.cgi?id=165724
1627
1628         Reviewed by Saam Barati.
1629
1630         In this patch, we implement stage3 dynamic-import proposal[1].
1631         This patch adds a new special operator `import`. And by using it, we can import
1632         the module dynamically from modules and scripts. Before this feature, the module
1633         is always imported statically and before executing the modules, importing the modules
1634         needs to be done. And especially, the module can only be imported from the module.
1635         So the classic script cannot import and use the modules. This dynamic-import relaxes
1636         the above restrictions.
1637
1638         The typical dynamic-import form is the following.
1639
1640             import("...").then(function (namespace) { ... });
1641
1642         You can pass any AssignmentExpression for the import operator. So you can determine
1643         the importing modules dynamically.
1644
1645             import(value).then(function (namespace) { ... });
1646
1647         And previously the module import declaration is only allowed in the top level statements.
1648         But this import operator is just an expression. So you can use it in the function.
1649         And you can use it conditionally.
1650
1651             async function go(cond)
1652             {
1653                 if (cond)
1654                     return import("...");
1655                 return undefined;
1656             }
1657             await go(true);
1658
1659         Currently, this patch just implements this feature only for the JSC shell.
1660         JSC module loader requires a new hook, `importModule`. And the JSC shell implements
1661         this hook. So, for now, this dynamic-import is not available in the browser side.
1662         If you write this `import` call, it always returns the rejected promise.
1663
1664         import is implemented like a special operator similar to `super`.
1665         This is because import is context-sensitive. If you call the `import`, the module
1666         key resolution is done based on the caller's running context.
1667
1668         For example, if you are running the script which filename is "./ok/hello.js", the module
1669         key for the call`import("./resource/syntax.js")` becomes `"./ok/resource/syntax.js"`.
1670         But if you write the completely same import form in the script "./error/hello.js", the
1671         key becomes "./error/resource/syntax.js". So exposing this feature as the `import`
1672         function is misleading: this function becomes caller's context-sensitive. That's why
1673         dynamic-import is specified as a special operator.
1674
1675         To resolve the module key, we need the caller's context information like the filename of
1676         the caller. This is provided by the SourceOrigin implemented in r210149.
1677         In the JSC shell implementation, this SourceOrigin holds the filename of the caller. So
1678         based on this implementation, the module loader resolve the module key.
1679         In the near future, we will extend this SourceOrigin to hold more information needed for
1680         the browser-side import implementation.
1681
1682         [1]: https://tc39.github.io/proposal-dynamic-import/
1683
1684         * builtins/ModuleLoaderPrototype.js:
1685         (importModule):
1686         * bytecompiler/BytecodeGenerator.cpp:
1687         (JSC::BytecodeGenerator::emitGetTemplateObject):
1688         (JSC::BytecodeGenerator::emitGetGlobalPrivate):
1689         * bytecompiler/BytecodeGenerator.h:
1690         * bytecompiler/NodesCodegen.cpp:
1691         (JSC::ImportNode::emitBytecode):
1692         * jsc.cpp:
1693         (absolutePath):
1694         (GlobalObject::moduleLoaderImportModule):
1695         (functionRun):
1696         (functionLoad):
1697         (functionCheckSyntax):
1698         (runWithScripts):
1699         * parser/ASTBuilder.h:
1700         (JSC::ASTBuilder::createImportExpr):
1701         * parser/NodeConstructors.h:
1702         (JSC::ImportNode::ImportNode):
1703         * parser/Nodes.h:
1704         (JSC::ExpressionNode::isImportNode):
1705         * parser/Parser.cpp:
1706         (JSC::Parser<LexerType>::parseMemberExpression):
1707         * parser/SyntaxChecker.h:
1708         (JSC::SyntaxChecker::createImportExpr):
1709         * runtime/JSGlobalObject.cpp:
1710         (JSC::JSGlobalObject::init):
1711         * runtime/JSGlobalObject.h:
1712         * runtime/JSGlobalObjectFunctions.cpp:
1713         (JSC::globalFuncImportModule):
1714         * runtime/JSGlobalObjectFunctions.h:
1715         * runtime/JSModuleLoader.cpp:
1716         (JSC::JSModuleLoader::importModule):
1717         (JSC::JSModuleLoader::getModuleNamespaceObject):
1718         * runtime/JSModuleLoader.h:
1719         * runtime/ModuleLoaderPrototype.cpp:
1720         (JSC::moduleLoaderPrototypeGetModuleNamespaceObject):
1721
1722 2017-01-08  Filip Pizlo  <fpizlo@apple.com>
1723
1724         Make the collector's fixpoint smart about scheduling work
1725         https://bugs.webkit.org/show_bug.cgi?id=165910
1726
1727         Reviewed by Keith Miller.
1728         
1729         Prior to this change, every time the GC would run any constraints in markToFixpoint, it
1730         would run all of the constraints. It would always run them in the same order. That means
1731         that so long as any one constraint was generating new work, we'd pay the price of all
1732         constraints. This is usually OK because most constraints are cheap but it artificially
1733         inflates the cost of slow constraints - especially ones that are expensive but usually
1734         generate no new work.
1735         
1736         This patch redoes how the GC runs constraints by applying ideas from data flow analysis.
1737         The GC now builds a MarkingConstraintSet when it boots up, and this contains all of the
1738         constraints as well as some meta-data about them. Now, markToFixpoint just calls into
1739         MarkingConstraintSet to execute constraints. Because constraint execution and scheduling
1740         need to be aware of each other, I rewrote markToFixpoint in such a way that it's more
1741         obvious how the GC goes between constraint solving, marking with stopped mutator, and
1742         marking with resumed mutator. This also changes the scheduler API in such a way that a
1743         synchronous stop-the-world collection no longer needs to do fake stop/resume - instead we
1744         just swap the space-time scheduler for the stop-the-world scheduler.
1745         
1746         This is a big streamlining of the GC. This is a speed-up in GC-heavy tests because we
1747         now execute most constraints exactly twice regardless of how many total fixpoint
1748         iterations we do. Now, when we run out of marking work, the constraint solver will just
1749         run the constraint that is most likely to generate new visiting work, and if it does
1750         generate work, then the GC now goes back to marking. Before, it would run *all*
1751         constraints and then go back to marking. The constraint solver is armed with three
1752         information signals that it uses to sort the constraints in order of descending likelihood
1753         to generate new marking work. Then it runs them in that order until it there is new
1754         marking work. The signals are:
1755         
1756         1) Whether the constraint is greyed by marking or execution. We call this the volatility
1757            of the constraint. For example, weak reference constraints have GreyedByMarking as
1758            their volatility because they are most likely to have something to say after we've done
1759            some marking. On the other hand, conservative roots have GreyedByExecution as their
1760            volatility because they will give new information anytime we let the mutator run. The
1761            constraint solver will only run GreyedByExecution constraints as roots and after the
1762            GreyedByMarking constraints go silent. This ensures that we don't try to scan
1763            conservative roots every time we need to re-run weak references and vice-versa.
1764            
1765            Another way to look at it is that the constraint solver tries to predict if the
1766            wavefront is advancing or retreating. The wavefront is almost certainly advancing so
1767            long as the mark stacks are non-empty or so long as at least one of the GreyedByMarking
1768            constraints is still producing work. Otherwise the wavefront is almost certainly
1769            retreating. It's most profitable to run GreyedByMarking constraints when the wavefront
1770            is advancing, and most profitable to run GreyedByExecution constraints when the
1771            wavefront is retreating.
1772            
1773            We use the predicted wavefront direction and the volatility of constraints as a
1774            first-order signal of constraint profitability.
1775         
1776         2) How much visiting work was created the last time the constraint ran. The solver
1777            remembers the lastVisitCount, and uses it to predict how much work the constraint will
1778            generate next time. In practice this means we will keep re-running the one interesting
1779            constraint until it shuts up.
1780         
1781         3) Optional work predictors for some constraints. The constraint that shuffles the mutator
1782            mark stack into the main SlotVisitor's mutator mark stack always knows exactly how much
1783            work it will create.
1784            
1785            The sum of (2) and (3) are used as a second-order signal of constraint profitability.
1786         
1787         The constraint solver will always run all of the GreyedByExecution constraints at GC
1788         start, since these double as the GC's roots. The constraint solver will always run all of
1789         the GreyedByMarking constraints the first time that marking stalls. Other than that, the
1790         solver will keep running constraints, sorted according to their likelihood to create work,
1791         until either work is created or we run out of constraints to run. GC termination happens
1792         when we run out of constraints to run.
1793         
1794         This new infrastructure means that we have a much better chance of dealing with worst-case
1795         DOM pathologies. If we can intelligently factor different evil DOM things into different
1796         constraints with the right work predictions then this could reduce the cost of those DOM
1797         things by a factor of N where N is the number of fixpoint iterations the GC typically
1798         does. N is usually around 5-6 even for simple heaps.
1799         
1800         My perf measurements say:
1801         
1802         PLT3: 0.02% faster with 5.3% confidence.
1803         JetStream: 0.15% faster with 17% confidence.
1804         Speedometer: 0.58% faster with 82% confidence.
1805         
1806         Here are the details from JetStream:
1807         
1808         splay: 1.02173x faster with 0.996841 confidence
1809         splay-latency: 1.0617x faster with 0.987462 confidence
1810         towers.c: 1.01852x faster with 0.92128 confidence
1811         crypto-md5: 1.06058x faster with 0.482363 confidence
1812         score: 1.00152x faster with 0.16892 confidence
1813         
1814         I think that Speedometer is legitimately benefiting from this change based on looking at
1815         --logGC=true output. We are now spending less time reexecuting expensive constraints. I
1816         think that JetStream/splay is also benefiting, because although the constraints it sees
1817         are cheap, it spends 30% of its time in GC so even small improvements matter.
1818
1819         * CMakeLists.txt:
1820         * JavaScriptCore.xcodeproj/project.pbxproj:
1821         * dfg/DFGPlan.cpp:
1822         (JSC::DFG::Plan::markCodeBlocks): Deleted.
1823         (JSC::DFG::Plan::rememberCodeBlocks): Deleted.
1824         * dfg/DFGPlan.h:
1825         * dfg/DFGPlanInlines.h: Added.
1826         (JSC::DFG::Plan::iterateCodeBlocksForGC):
1827         * dfg/DFGWorklist.cpp:
1828         (JSC::DFG::Worklist::markCodeBlocks): Deleted.
1829         (JSC::DFG::Worklist::rememberCodeBlocks): Deleted.
1830         (JSC::DFG::rememberCodeBlocks): Deleted.
1831         * dfg/DFGWorklist.h:
1832         * dfg/DFGWorklistInlines.h: Added.
1833         (JSC::DFG::iterateCodeBlocksForGC):
1834         (JSC::DFG::Worklist::iterateCodeBlocksForGC):
1835         * heap/CodeBlockSet.cpp:
1836         (JSC::CodeBlockSet::writeBarrierCurrentlyExecuting): Deleted.
1837         * heap/CodeBlockSet.h:
1838         (JSC::CodeBlockSet::iterate): Deleted.
1839         * heap/CodeBlockSetInlines.h:
1840         (JSC::CodeBlockSet::iterate):
1841         (JSC::CodeBlockSet::iterateCurrentlyExecuting):
1842         * heap/Heap.cpp:
1843         (JSC::Heap::Heap):
1844         (JSC::Heap::iterateExecutingAndCompilingCodeBlocks):
1845         (JSC::Heap::iterateExecutingAndCompilingCodeBlocksWithoutHoldingLocks):
1846         (JSC::Heap::assertSharedMarkStacksEmpty):
1847         (JSC::Heap::markToFixpoint):
1848         (JSC::Heap::endMarking):
1849         (JSC::Heap::collectInThread):
1850         (JSC::Heap::stopIfNecessarySlow):
1851         (JSC::Heap::acquireAccessSlow):
1852         (JSC::Heap::collectIfNecessaryOrDefer):
1853         (JSC::Heap::buildConstraintSet):
1854         (JSC::Heap::notifyIsSafeToCollect):
1855         (JSC::Heap::ResumeTheWorldScope::ResumeTheWorldScope): Deleted.
1856         (JSC::Heap::ResumeTheWorldScope::~ResumeTheWorldScope): Deleted.
1857         (JSC::Heap::harvestWeakReferences): Deleted.
1858         (JSC::Heap::visitConservativeRoots): Deleted.
1859         (JSC::Heap::visitCompilerWorklistWeakReferences): Deleted.
1860         * heap/Heap.h:
1861         * heap/MarkingConstraint.cpp: Added.
1862         (JSC::MarkingConstraint::MarkingConstraint):
1863         (JSC::MarkingConstraint::~MarkingConstraint):
1864         (JSC::MarkingConstraint::resetStats):
1865         (JSC::MarkingConstraint::execute):
1866         * heap/MarkingConstraint.h: Added.
1867         (JSC::MarkingConstraint::index):
1868         (JSC::MarkingConstraint::abbreviatedName):
1869         (JSC::MarkingConstraint::name):
1870         (JSC::MarkingConstraint::lastVisitCount):
1871         (JSC::MarkingConstraint::quickWorkEstimate):
1872         (JSC::MarkingConstraint::workEstimate):
1873         (JSC::MarkingConstraint::volatility):
1874         * heap/MarkingConstraintSet.cpp: Added.
1875         (JSC::MarkingConstraintSet::ExecutionContext::ExecutionContext):
1876         (JSC::MarkingConstraintSet::ExecutionContext::didVisitSomething):
1877         (JSC::MarkingConstraintSet::ExecutionContext::shouldTimeOut):
1878         (JSC::MarkingConstraintSet::ExecutionContext::drain):
1879         (JSC::MarkingConstraintSet::ExecutionContext::didExecute):
1880         (JSC::MarkingConstraintSet::ExecutionContext::execute):
1881         (JSC::MarkingConstraintSet::MarkingConstraintSet):
1882         (JSC::MarkingConstraintSet::~MarkingConstraintSet):
1883         (JSC::MarkingConstraintSet::resetStats):
1884         (JSC::MarkingConstraintSet::add):
1885         (JSC::MarkingConstraintSet::executeBootstrap):
1886         (JSC::MarkingConstraintSet::executeConvergence):
1887         (JSC::MarkingConstraintSet::isWavefrontAdvancing):
1888         (JSC::MarkingConstraintSet::executeConvergenceImpl):
1889         (JSC::MarkingConstraintSet::executeAll):
1890         * heap/MarkingConstraintSet.h: Added.
1891         (JSC::MarkingConstraintSet::isWavefrontRetreating):
1892         * heap/MutatorScheduler.cpp: Added.
1893         (JSC::MutatorScheduler::MutatorScheduler):
1894         (JSC::MutatorScheduler::~MutatorScheduler):
1895         (JSC::MutatorScheduler::didStop):
1896         (JSC::MutatorScheduler::willResume):
1897         (JSC::MutatorScheduler::didExecuteConstraints):
1898         (JSC::MutatorScheduler::log):
1899         (JSC::MutatorScheduler::shouldStop):
1900         (JSC::MutatorScheduler::shouldResume):
1901         * heap/MutatorScheduler.h: Added.
1902         * heap/OpaqueRootSet.h:
1903         (JSC::OpaqueRootSet::add):
1904         * heap/SlotVisitor.cpp:
1905         (JSC::SlotVisitor::visitAsConstraint):
1906         (JSC::SlotVisitor::drain):
1907         (JSC::SlotVisitor::didReachTermination):
1908         (JSC::SlotVisitor::hasWork):
1909         (JSC::SlotVisitor::drainFromShared):
1910         (JSC::SlotVisitor::drainInParallelPassively):
1911         (JSC::SlotVisitor::addOpaqueRoot):
1912         * heap/SlotVisitor.h:
1913         (JSC::SlotVisitor::addToVisitCount):
1914         * heap/SpaceTimeMutatorScheduler.cpp: Copied from Source/JavaScriptCore/heap/SpaceTimeScheduler.cpp.
1915         (JSC::SpaceTimeMutatorScheduler::Snapshot::Snapshot):
1916         (JSC::SpaceTimeMutatorScheduler::Snapshot::now):
1917         (JSC::SpaceTimeMutatorScheduler::Snapshot::bytesAllocatedThisCycle):
1918         (JSC::SpaceTimeMutatorScheduler::SpaceTimeMutatorScheduler):
1919         (JSC::SpaceTimeMutatorScheduler::~SpaceTimeMutatorScheduler):
1920         (JSC::SpaceTimeMutatorScheduler::state):
1921         (JSC::SpaceTimeMutatorScheduler::beginCollection):
1922         (JSC::SpaceTimeMutatorScheduler::didStop):
1923         (JSC::SpaceTimeMutatorScheduler::willResume):
1924         (JSC::SpaceTimeMutatorScheduler::didExecuteConstraints):
1925         (JSC::SpaceTimeMutatorScheduler::timeToStop):
1926         (JSC::SpaceTimeMutatorScheduler::timeToResume):
1927         (JSC::SpaceTimeMutatorScheduler::log):
1928         (JSC::SpaceTimeMutatorScheduler::endCollection):
1929         (JSC::SpaceTimeMutatorScheduler::bytesAllocatedThisCycleImpl):
1930         (JSC::SpaceTimeMutatorScheduler::bytesSinceBeginningOfCycle):
1931         (JSC::SpaceTimeMutatorScheduler::maxHeadroom):
1932         (JSC::SpaceTimeMutatorScheduler::headroomFullness):
1933         (JSC::SpaceTimeMutatorScheduler::mutatorUtilization):
1934         (JSC::SpaceTimeMutatorScheduler::collectorUtilization):
1935         (JSC::SpaceTimeMutatorScheduler::elapsedInPeriod):
1936         (JSC::SpaceTimeMutatorScheduler::phase):
1937         (JSC::SpaceTimeMutatorScheduler::shouldBeResumed):
1938         (JSC::SpaceTimeScheduler::Decision::targetMutatorUtilization): Deleted.
1939         (JSC::SpaceTimeScheduler::Decision::targetCollectorUtilization): Deleted.
1940         (JSC::SpaceTimeScheduler::Decision::elapsedInPeriod): Deleted.
1941         (JSC::SpaceTimeScheduler::Decision::phase): Deleted.
1942         (JSC::SpaceTimeScheduler::Decision::shouldBeResumed): Deleted.
1943         (JSC::SpaceTimeScheduler::Decision::timeToResume): Deleted.
1944         (JSC::SpaceTimeScheduler::Decision::timeToStop): Deleted.
1945         (JSC::SpaceTimeScheduler::SpaceTimeScheduler): Deleted.
1946         (JSC::SpaceTimeScheduler::snapPhase): Deleted.
1947         (JSC::SpaceTimeScheduler::currentDecision): Deleted.
1948         * heap/SpaceTimeMutatorScheduler.h: Copied from Source/JavaScriptCore/heap/SpaceTimeScheduler.h.
1949         (JSC::SpaceTimeScheduler::Decision::operator bool): Deleted.
1950         * heap/SpaceTimeScheduler.cpp: Removed.
1951         * heap/SpaceTimeScheduler.h: Removed.
1952         * heap/SynchronousStopTheWorldMutatorScheduler.cpp: Added.
1953         (JSC::SynchronousStopTheWorldMutatorScheduler::SynchronousStopTheWorldMutatorScheduler):
1954         (JSC::SynchronousStopTheWorldMutatorScheduler::~SynchronousStopTheWorldMutatorScheduler):
1955         (JSC::SynchronousStopTheWorldMutatorScheduler::state):
1956         (JSC::SynchronousStopTheWorldMutatorScheduler::beginCollection):
1957         (JSC::SynchronousStopTheWorldMutatorScheduler::timeToStop):
1958         (JSC::SynchronousStopTheWorldMutatorScheduler::timeToResume):
1959         (JSC::SynchronousStopTheWorldMutatorScheduler::endCollection):
1960         * heap/SynchronousStopTheWorldMutatorScheduler.h: Added.
1961         * heap/VisitingTimeout.h: Added.
1962         (JSC::VisitingTimeout::VisitingTimeout):
1963         (JSC::VisitingTimeout::visitCount):
1964         (JSC::VisitingTimeout::didVisitSomething):
1965         (JSC::VisitingTimeout::shouldTimeOut):
1966         * runtime/Options.h:
1967
1968 2017-01-09  Commit Queue  <commit-queue@webkit.org>
1969
1970         Unreviewed, rolling out r210476.
1971         https://bugs.webkit.org/show_bug.cgi?id=166859
1972
1973         "4% JSBench regression" (Requested by keith_mi_ on #webkit).
1974
1975         Reverted changeset:
1976
1977         "Add a slice intrinsic to the DFG/FTL"
1978         https://bugs.webkit.org/show_bug.cgi?id=166707
1979         http://trac.webkit.org/changeset/210476
1980
1981 2017-01-08  Andreas Kling  <akling@apple.com>
1982
1983         Inject MarkedSpace size classes for a few more high-volume objects.
1984         <https://webkit.org/b/166815>
1985
1986         Reviewed by Darin Adler.
1987
1988         Add the following classes to the list of manually injected size classes:
1989
1990             - JSString
1991             - JSFunction
1992             - PropertyTable
1993             - Structure
1994
1995         Only Structure actually ends up with a new size class, the others already
1996         can't get any tighter due to the current MarkedBlock::atomSize being 16.
1997         I've put them in anyway to ensure that we have optimally carved-out cells
1998         for them in the future, should they grow.
1999
2000         With this change, Structures get allocated in 128-byte cells instead of
2001         160-byte cells, giving us 25% more Structures per MarkedBlock.
2002
2003         * heap/MarkedSpace.cpp:
2004
2005 2017-01-06  Saam Barati  <sbarati@apple.com>
2006
2007         Add a slice intrinsic to the DFG/FTL
2008         https://bugs.webkit.org/show_bug.cgi?id=166707
2009
2010         Reviewed by Filip Pizlo.
2011
2012         The gist of this patch is to inline Array.prototype.slice
2013         into the DFG/FTL. The implementation in the DFG-backend
2014         and FTLLowerDFGToB3 is just a straight forward implementation
2015         of what the C function is doing. The more interesting bits
2016         of this patch are setting up the proper watchpoints and conditions
2017         in the executing code to prove that its safe to skip all of the
2018         observable JS actions that Array.prototype.slice normally does.
2019         
2020         We perform the following proofs:
2021         1. Array.prototype.constructor has not changed (via a watchpoint).
2022         2. That Array.prototype.constructor[Symbol.species] has not changed (via a watchpoint).
2023         3. The global object is not having a bad time.
2024         3. The array that is being sliced has an original array structure.
2025         5. Array.prototype/Object.prototype have not transitioned.
2026         
2027         Conditions 1, 2, and 3 are strictly required.
2028         
2029         4 is ensuring a couple things:
2030         1. That a "constructor" property hasn't been added to the array
2031         we're slicing since we're supposed to perform a Get(array, "constructor").
2032         2. That we're not slicing an instance of a subclass of Array.
2033         
2034         We could relax 4.1 in the future if we find other ways to test if
2035         the incoming array hasn't changed the "constructor" property.
2036         
2037         I'm seeing a 5% speedup on crypto-pbkdf2 and often a 1% speedup on
2038         the total benchmark (the results are sometimes noisy).
2039
2040         * bytecode/ExitKind.cpp:
2041         (JSC::exitKindToString):
2042         * bytecode/ExitKind.h:
2043         * dfg/DFGAbstractInterpreterInlines.h:
2044         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2045         * dfg/DFGByteCodeParser.cpp:
2046         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
2047         * dfg/DFGClobberize.h:
2048         (JSC::DFG::clobberize):
2049         * dfg/DFGDoesGC.cpp:
2050         (JSC::DFG::doesGC):
2051         * dfg/DFGFixupPhase.cpp:
2052         (JSC::DFG::FixupPhase::fixupNode):
2053         * dfg/DFGNode.h:
2054         (JSC::DFG::Node::hasHeapPrediction):
2055         (JSC::DFG::Node::hasArrayMode):
2056         * dfg/DFGNodeType.h:
2057         * dfg/DFGPredictionPropagationPhase.cpp:
2058         * dfg/DFGSafeToExecute.h:
2059         (JSC::DFG::safeToExecute):
2060         * dfg/DFGSpeculativeJIT.cpp:
2061         (JSC::DFG::SpeculativeJIT::compileArraySlice):
2062         * dfg/DFGSpeculativeJIT.h:
2063         * dfg/DFGSpeculativeJIT32_64.cpp:
2064         (JSC::DFG::SpeculativeJIT::compile):
2065         * dfg/DFGSpeculativeJIT64.cpp:
2066         (JSC::DFG::SpeculativeJIT::compile):
2067         * ftl/FTLCapabilities.cpp:
2068         (JSC::FTL::canCompile):
2069         * ftl/FTLLowerDFGToB3.cpp:
2070         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2071         (JSC::FTL::DFG::LowerDFGToB3::compileArraySlice):
2072         * jit/AssemblyHelpers.cpp:
2073         (JSC::AssemblyHelpers::emitLoadStructure):
2074         * runtime/ArrayPrototype.cpp:
2075         (JSC::ArrayPrototype::finishCreation):
2076         (JSC::speciesWatchpointIsValid):
2077         (JSC::speciesConstructArray):
2078         (JSC::arrayProtoFuncSlice):
2079         (JSC::arrayProtoPrivateFuncConcatMemcpy):
2080         (JSC::ArrayPrototype::initializeSpeciesWatchpoint):
2081         (JSC::ArrayPrototypeAdaptiveInferredPropertyWatchpoint::handleFire):
2082         (JSC::speciesWatchpointsValid): Deleted.
2083         (JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint): Deleted.
2084         * runtime/ArrayPrototype.h:
2085         (JSC::ArrayPrototype::speciesWatchpointStatus): Deleted.
2086         (): Deleted.
2087         * runtime/Intrinsic.h:
2088         * runtime/JSGlobalObject.cpp:
2089         (JSC::JSGlobalObject::JSGlobalObject):
2090         (JSC::JSGlobalObject::init):
2091         * runtime/JSGlobalObject.h:
2092         (JSC::JSGlobalObject::arraySpeciesWatchpoint):
2093
2094 2017-01-06  Mark Lam  <mark.lam@apple.com>
2095
2096         The ObjC API's JSVirtualMachine's map tables need to be guarded by a lock.
2097         https://bugs.webkit.org/show_bug.cgi?id=166778
2098         <rdar://problem/29761198>
2099
2100         Reviewed by Filip Pizlo.
2101
2102         Now that we have a concurrent GC, access to JSVirtualMachine's
2103         m_externalObjectGraph and m_externalRememberedSet need to be guarded by a lock
2104         since both the GC marker thread and the mutator thread may access them at the
2105         same time.
2106
2107         * API/JSVirtualMachine.mm:
2108         (-[JSVirtualMachine addExternalRememberedObject:]):
2109         (-[JSVirtualMachine addManagedReference:withOwner:]):
2110         (-[JSVirtualMachine removeManagedReference:withOwner:]):
2111         (-[JSVirtualMachine externalDataMutex]):
2112         (scanExternalObjectGraph):
2113         (scanExternalRememberedSet):
2114
2115         * API/JSVirtualMachineInternal.h:
2116         - Deleted externalObjectGraph method.  There's no need to expose this.
2117
2118 2017-01-06  Michael Saboff  <msaboff@apple.com>
2119
2120         @putByValDirect in Array.of and Array.from overwrites non-writable/configurable properties
2121         https://bugs.webkit.org/show_bug.cgi?id=153486
2122
2123         Reviewed by Saam Barati.
2124
2125         Moved read only check in putDirect() to all paths.
2126
2127         * runtime/SparseArrayValueMap.cpp:
2128         (JSC::SparseArrayValueMap::putDirect):
2129
2130 2016-12-30  Filip Pizlo  <fpizlo@apple.com>
2131
2132         DeferGC::~DeferGC should be super cheap
2133         https://bugs.webkit.org/show_bug.cgi?id=166626
2134
2135         Reviewed by Saam Barati.
2136         
2137         Right now, ~DeferGC requires running the collector's full collectIfNecessaryOrDefer()
2138         hook, which is super big. Normally, that hook would only be called from GC slow paths,
2139         so it ought to be possible to add complex logic to it. It benefits the GC algorithm to
2140         make that code smart, not necessarily fast.
2141
2142         The right thing for it to do is to have ~DeferGC check a boolean to see if
2143         collectIfNecessaryOrDefer() had previously deferred anything, and only call it if that
2144         is true. That's what this patch does.
2145         
2146         Unfortunately, this means that we lose the collectAccordingToDeferGCProbability mode,
2147         which we used for two tests. Since I could only see two tests that used this mode, I
2148         felt that it was better to enhance the GC than to keep the tests. I filed bug 166627 to
2149         bring back something like that mode.
2150         
2151         Although this patch does make some paths faster, its real goal is to ensure that bug
2152         165963 can add more logic to collectIfNecessaryOrDefer() without introducing a big
2153         regression. Until then, I wouldn't be surprised if this patch was a progression, but I'm
2154         not betting on it.
2155
2156         * heap/Heap.cpp:
2157         (JSC::Heap::collectIfNecessaryOrDefer):
2158         (JSC::Heap::decrementDeferralDepthAndGCIfNeededSlow):
2159         (JSC::Heap::canCollect): Deleted.
2160         (JSC::Heap::shouldCollectHeuristic): Deleted.
2161         (JSC::Heap::shouldCollect): Deleted.
2162         (JSC::Heap::collectAccordingToDeferGCProbability): Deleted.
2163         (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): Deleted.
2164         * heap/Heap.h:
2165         * heap/HeapInlines.h:
2166         (JSC::Heap::incrementDeferralDepth):
2167         (JSC::Heap::decrementDeferralDepth):
2168         (JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
2169         (JSC::Heap::mayNeedToStop):
2170         (JSC::Heap::stopIfNecessary):
2171         * runtime/Options.h:
2172
2173 2017-01-05  Filip Pizlo  <fpizlo@apple.com>
2174
2175         AutomaticThread timeout shutdown leaves a small window where notify() would think that the thread is still running
2176         https://bugs.webkit.org/show_bug.cgi?id=166742
2177
2178         Reviewed by Geoffrey Garen.
2179         
2180         Update to new AutomaticThread API.
2181
2182         * dfg/DFGWorklist.cpp:
2183
2184 2017-01-05  Per Arne Vollan  <pvollan@apple.com>
2185
2186         [Win] Compile error.
2187         https://bugs.webkit.org/show_bug.cgi?id=166726
2188
2189         Reviewed by Alex Christensen.
2190
2191         Add include folder.
2192
2193         * CMakeLists.txt:
2194
2195 2016-12-21  Brian Burg  <bburg@apple.com>
2196
2197         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
2198         https://bugs.webkit.org/show_bug.cgi?id=166003
2199         <rdar://problem/28718990>
2200
2201         Reviewed by Joseph Pecoraro.
2202
2203         This patch implements parser, model, and generator-side changes to account for
2204         platform-specific types, events, and commands. The 'platform' property is parsed
2205         for top-level definitions and assumed to be the 'generic' platform if none is specified.
2206
2207         Since the generator's platform setting acts to filter definitions with an incompatible platform,
2208         all generators must be modified to consult a list of filtered types/commands/events for
2209         a domain instead of directly accessing Domain.{type_declarations, commands, events}. To prevent
2210         accidental misuse, hide those fields behind accessors (e.g., `all_type_declarations()`) so that they
2211         are still accessible if truly necessary, but not used by default and caused an error if not migrated.
2212
2213         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2214         (CppAlternateBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
2215         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2216         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
2217         (CppBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
2218         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2219         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2220         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
2221         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
2222         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2223         (CppBackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
2224         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2225         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
2226         (CppFrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2227         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2228         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
2229         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
2230         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2231         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
2232         (_generate_typedefs_for_domain):
2233         (_generate_builders_for_domain):
2234         (_generate_forward_declarations_for_binding_traits):
2235         (_generate_declarations_for_enum_conversion_methods):
2236         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2237         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
2238         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2239         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
2240         * inspector/scripts/codegen/generate_js_backend_commands.py:
2241         (JSBackendCommandsGenerator.should_generate_domain):
2242         (JSBackendCommandsGenerator.domains_to_generate):
2243         (JSBackendCommandsGenerator.generate_domain):
2244         (JSBackendCommandsGenerator.domains_to_generate.should_generate_domain): Deleted.
2245         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2246         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
2247         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
2248         (ObjCBackendDispatcherHeaderGenerator._generate_objc_handler_declarations_for_domain):
2249         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2250         (ObjCBackendDispatcherImplementationGenerator):
2251         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
2252         (ObjCBackendDispatcherImplementationGenerator._generate_handler_implementation_for_domain):
2253         (ObjCConfigurationImplementationGenerator): Deleted.
2254         (ObjCConfigurationImplementationGenerator.__init__): Deleted.
2255         (ObjCConfigurationImplementationGenerator.output_filename): Deleted.
2256         (ObjCConfigurationImplementationGenerator.domains_to_generate): Deleted.
2257         (ObjCConfigurationImplementationGenerator.generate_output): Deleted.
2258         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_domain): Deleted.
2259         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_command): Deleted.
2260         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command): Deleted.
2261         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command.and): Deleted.
2262         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command): Deleted.
2263         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command.in_param_expression): Deleted.
2264         (ObjCConfigurationImplementationGenerator._generate_invocation_for_command): Deleted.
2265         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2266         (ObjCConfigurationHeaderGenerator.generate_output):
2267         (ObjCConfigurationHeaderGenerator._generate_properties_for_domain):
2268         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2269         (ObjCConfigurationImplementationGenerator):
2270         (ObjCConfigurationImplementationGenerator.generate_output):
2271         (ObjCConfigurationImplementationGenerator._generate_configuration_implementation_for_domains):
2272         (ObjCConfigurationImplementationGenerator._generate_ivars):
2273         (ObjCConfigurationImplementationGenerator._generate_dealloc):
2274         (ObjCBackendDispatcherImplementationGenerator): Deleted.
2275         (ObjCBackendDispatcherImplementationGenerator.__init__): Deleted.
2276         (ObjCBackendDispatcherImplementationGenerator.output_filename): Deleted.
2277         (ObjCBackendDispatcherImplementationGenerator.generate_output): Deleted.
2278         (ObjCBackendDispatcherImplementationGenerator._generate_configuration_implementation_for_domains): Deleted.
2279         (ObjCBackendDispatcherImplementationGenerator._generate_ivars): Deleted.
2280         (ObjCBackendDispatcherImplementationGenerator._generate_dealloc): Deleted.
2281         (ObjCBackendDispatcherImplementationGenerator._generate_handler_setter_for_domain): Deleted.
2282         (ObjCBackendDispatcherImplementationGenerator._generate_event_dispatcher_getter_for_domain): Deleted.
2283         (ObjCBackendDispatcherImplementationGenerator._variable_name_prefix_for_domain): Deleted.
2284         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2285         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
2286         (ObjCFrontendDispatcherImplementationGenerator._generate_event_dispatcher_implementations):
2287         * inspector/scripts/codegen/generate_objc_header.py:
2288         (ObjCHeaderGenerator.generate_output):
2289         (ObjCHeaderGenerator._generate_forward_declarations):
2290         (ObjCHeaderGenerator._generate_enums):
2291         (ObjCHeaderGenerator._generate_types):
2292         (ObjCHeaderGenerator._generate_command_protocols):
2293         (ObjCHeaderGenerator._generate_event_interfaces):
2294         * inspector/scripts/codegen/generate_objc_internal_header.py:
2295         (ObjCInternalHeaderGenerator.generate_output):
2296         (ObjCInternalHeaderGenerator._generate_event_dispatcher_private_interfaces):
2297         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2298         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
2299         (ObjCProtocolTypeConversionsHeaderGenerator._generate_enum_conversion_functions):
2300         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2301         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
2302         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_interface):
2303         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_implementation):
2304         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2305         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
2306         (ObjCProtocolTypesImplementationGenerator.generate_type_implementations):
2307
2308         * inspector/scripts/codegen/generator.py:
2309         (Generator.can_generate_platform):
2310         (Generator):
2311         (Generator.type_declarations_for_domain):
2312         (Generator.commands_for_domain):
2313         (Generator.events_for_domain):
2314         These are the core methods for computing whether a definition can be used given a target platform.
2315
2316         (Generator.calculate_types_requiring_shape_assertions):
2317         (Generator._traverse_and_assign_enum_values):
2318         * inspector/scripts/codegen/models.py:
2319         (Protocol.parse_type_declaration):
2320         (Protocol.parse_command):
2321         (Protocol.parse_event):
2322         (Protocol.resolve_types):
2323
2324         (Domain.__init__):
2325         (Domain):
2326         (Domain.all_type_declarations):
2327         (Domain.all_commands):
2328         (Domain.all_events):
2329         Hide fields behind these accessors so it's really obvious when we are ignoring platform filtering.
2330
2331         (Domain.resolve_type_references):
2332         (TypeDeclaration.__init__):
2333         (Command.__init__):
2334         (Event.__init__):
2335         * inspector/scripts/codegen/objc_generator.py:
2336         (ObjCGenerator.should_generate_types_for_domain):
2337         (ObjCGenerator):
2338         (ObjCGenerator.should_generate_commands_for_domain):
2339         (ObjCGenerator.should_generate_events_for_domain):
2340         (ObjCGenerator.should_generate_domain_types_filter): Deleted.
2341         (ObjCGenerator.should_generate_domain_types_filter.should_generate_domain_types): Deleted.
2342         (ObjCGenerator.should_generate_domain_command_handler_filter): Deleted.
2343         (ObjCGenerator.should_generate_domain_command_handler_filter.should_generate_domain_command_handler): Deleted.
2344         (ObjCGenerator.should_generate_domain_event_dispatcher_filter): Deleted.
2345         (ObjCGenerator.should_generate_domain_event_dispatcher_filter.should_generate_domain_event_dispatcher): Deleted.
2346         Clean up some messy code that essentially did the same definition filtering as we must do for platforms.
2347         This will be enhanced in a future patch so that platform filtering will take priority over the target framework.
2348
2349         The results above need rebaselining because the class names for two generators were swapped by accident.
2350         Fixing the names causes the order of generated files to change, and this generates ugly diffs because every
2351         generated file includes the same copyright block at the top.
2352
2353         * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
2354         * inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
2355         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
2356         * inspector/scripts/tests/generic/expected/enum-values.json-result:
2357         * inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
2358         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
2359         * inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
2360         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
2361         * inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
2362         * inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
2363         * inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
2364         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
2365         * inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
2366
2367         * inspector/scripts/tests/generic/expected/fail-on-command-with-invalid-platform.json-error: Added.
2368         * inspector/scripts/tests/generic/expected/fail-on-type-with-invalid-platform.json-error: Added.
2369         * inspector/scripts/tests/generic/fail-on-command-with-invalid-platform.json: Added.
2370         * inspector/scripts/tests/generic/fail-on-type-with-invalid-platform.json: Added.
2371
2372         Add error test cases for invalid platforms in commands, types, and events.
2373
2374         * inspector/scripts/tests/generic/definitions-with-mac-platform.json: Added.
2375         * inspector/scripts/tests/generic/expected/definitions-with-mac-platform.json-result: Added.
2376         * inspector/scripts/tests/all/definitions-with-mac-platform.json: Added.
2377         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result: Added.
2378         * inspector/scripts/tests/ios/definitions-with-mac-platform.json: Added.
2379         * inspector/scripts/tests/ios/expected/definitions-with-mac-platform.json-result: Added.
2380         * inspector/scripts/tests/mac/definitions-with-mac-platform.json: Added.
2381         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result: Added.
2382
2383         Add a basic 4-way test that generates code for each platform from the same specification.
2384         With 'macos' platform for each definition, only 'all' and 'mac' generate anything interesting.
2385
2386 2017-01-03  Brian Burg  <bburg@apple.com>
2387
2388         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
2389         https://bugs.webkit.org/show_bug.cgi?id=166003
2390         <rdar://problem/28718990>
2391
2392         Reviewed by Joseph Pecoraro.
2393
2394         This patch implements parser, model, and generator-side changes to account for
2395         platform-specific types, events, and commands. The 'platform' property is parsed
2396         for top-level definitions and assumed to be the 'generic' platform if none is specified.
2397
2398         Since the generator's platform setting acts to filter definitions with an incompatible platform,
2399         all generators must be modified to consult a list of filtered types/commands/events for
2400         a domain instead of directly accessing Domain.{type_declarations, commands, events}. To prevent
2401         accidental misuse, hide those fields behind accessors (e.g., `all_type_declarations()`) so that they
2402         are still accessible if truly necessary, but not used by default and caused an error if not migrated.
2403
2404         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2405         (CppAlternateBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
2406         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2407         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
2408         (CppBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
2409         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2410         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2411         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
2412         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
2413         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2414         (CppBackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
2415         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2416         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
2417         (CppFrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2418         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2419         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
2420         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
2421         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2422         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
2423         (_generate_typedefs_for_domain):
2424         (_generate_builders_for_domain):
2425         (_generate_forward_declarations_for_binding_traits):
2426         (_generate_declarations_for_enum_conversion_methods):
2427         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2428         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
2429         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2430         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
2431         * inspector/scripts/codegen/generate_js_backend_commands.py:
2432         (JSBackendCommandsGenerator.should_generate_domain):
2433         (JSBackendCommandsGenerator.domains_to_generate):
2434         (JSBackendCommandsGenerator.generate_domain):
2435         (JSBackendCommandsGenerator.domains_to_generate.should_generate_domain): Deleted.
2436         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2437         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
2438         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
2439         (ObjCBackendDispatcherHeaderGenerator._generate_objc_handler_declarations_for_domain):
2440         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2441         (ObjCBackendDispatcherImplementationGenerator):
2442         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
2443         (ObjCBackendDispatcherImplementationGenerator._generate_handler_implementation_for_domain):
2444         (ObjCConfigurationImplementationGenerator): Deleted.
2445         (ObjCConfigurationImplementationGenerator.__init__): Deleted.
2446         (ObjCConfigurationImplementationGenerator.output_filename): Deleted.
2447         (ObjCConfigurationImplementationGenerator.domains_to_generate): Deleted.
2448         (ObjCConfigurationImplementationGenerator.generate_output): Deleted.
2449         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_domain): Deleted.
2450         (ObjCConfigurationImplementationGenerator._generate_handler_implementation_for_command): Deleted.
2451         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command): Deleted.
2452         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command.and): Deleted.
2453         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command): Deleted.
2454         (ObjCConfigurationImplementationGenerator._generate_conversions_for_command.in_param_expression): Deleted.
2455         (ObjCConfigurationImplementationGenerator._generate_invocation_for_command): Deleted.
2456         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2457         (ObjCConfigurationHeaderGenerator.generate_output):
2458         (ObjCConfigurationHeaderGenerator._generate_properties_for_domain):
2459         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2460         (ObjCConfigurationImplementationGenerator):
2461         (ObjCConfigurationImplementationGenerator.generate_output):
2462         (ObjCConfigurationImplementationGenerator._generate_configuration_implementation_for_domains):
2463         (ObjCConfigurationImplementationGenerator._generate_ivars):
2464         (ObjCConfigurationImplementationGenerator._generate_dealloc):
2465         (ObjCBackendDispatcherImplementationGenerator): Deleted.
2466         (ObjCBackendDispatcherImplementationGenerator.__init__): Deleted.
2467         (ObjCBackendDispatcherImplementationGenerator.output_filename): Deleted.
2468         (ObjCBackendDispatcherImplementationGenerator.generate_output): Deleted.
2469         (ObjCBackendDispatcherImplementationGenerator._generate_configuration_implementation_for_domains): Deleted.
2470         (ObjCBackendDispatcherImplementationGenerator._generate_ivars): Deleted.
2471         (ObjCBackendDispatcherImplementationGenerator._generate_dealloc): Deleted.
2472         (ObjCBackendDispatcherImplementationGenerator._generate_handler_setter_for_domain): Deleted.
2473         (ObjCBackendDispatcherImplementationGenerator._generate_event_dispatcher_getter_for_domain): Deleted.
2474         (ObjCBackendDispatcherImplementationGenerator._variable_name_prefix_for_domain): Deleted.
2475         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2476         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
2477         (ObjCFrontendDispatcherImplementationGenerator._generate_event_dispatcher_implementations):
2478         * inspector/scripts/codegen/generate_objc_header.py:
2479         (ObjCHeaderGenerator.generate_output):
2480         (ObjCHeaderGenerator._generate_forward_declarations):
2481         (ObjCHeaderGenerator._generate_enums):
2482         (ObjCHeaderGenerator._generate_types):
2483         (ObjCHeaderGenerator._generate_command_protocols):
2484         (ObjCHeaderGenerator._generate_event_interfaces):
2485         * inspector/scripts/codegen/generate_objc_internal_header.py:
2486         (ObjCInternalHeaderGenerator.generate_output):
2487         (ObjCInternalHeaderGenerator._generate_event_dispatcher_private_interfaces):
2488         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2489         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
2490         (ObjCProtocolTypeConversionsHeaderGenerator._generate_enum_conversion_functions):
2491         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2492         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
2493         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_interface):
2494         (ObjCProtocolTypeConversionsImplementationGenerator._generate_type_factory_category_implementation):
2495         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2496         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
2497         (ObjCProtocolTypesImplementationGenerator.generate_type_implementations):
2498
2499         * inspector/scripts/codegen/generator.py:
2500         (Generator.can_generate_platform):
2501         (Generator):
2502         (Generator.type_declarations_for_domain):
2503         (Generator.commands_for_domain):
2504         (Generator.events_for_domain):
2505         These are the core methods for computing whether a definition can be used given a target platform.
2506
2507         (Generator.calculate_types_requiring_shape_assertions):
2508         (Generator._traverse_and_assign_enum_values):
2509         * inspector/scripts/codegen/models.py:
2510         (Protocol.parse_type_declaration):
2511         (Protocol.parse_command):
2512         (Protocol.parse_event):
2513         (Protocol.resolve_types):
2514
2515         (Domain.__init__):
2516         (Domain):
2517         (Domain.all_type_declarations):
2518         (Domain.all_commands):
2519         (Domain.all_events):
2520         Hide fields behind these accessors so it's really obvious when we are ignoring platform filtering.
2521
2522         (Domain.resolve_type_references):
2523         (TypeDeclaration.__init__):
2524         (Command.__init__):
2525         (Event.__init__):
2526         * inspector/scripts/codegen/objc_generator.py:
2527         (ObjCGenerator.should_generate_types_for_domain):
2528         (ObjCGenerator):
2529         (ObjCGenerator.should_generate_commands_for_domain):
2530         (ObjCGenerator.should_generate_events_for_domain):
2531         (ObjCGenerator.should_generate_domain_types_filter): Deleted.
2532         (ObjCGenerator.should_generate_domain_types_filter.should_generate_domain_types): Deleted.
2533         (ObjCGenerator.should_generate_domain_command_handler_filter): Deleted.
2534         (ObjCGenerator.should_generate_domain_command_handler_filter.should_generate_domain_command_handler): Deleted.
2535         (ObjCGenerator.should_generate_domain_event_dispatcher_filter): Deleted.
2536         (ObjCGenerator.should_generate_domain_event_dispatcher_filter.should_generate_domain_event_dispatcher): Deleted.
2537         Clean up some messy code that essentially did the same definition filtering as we must do for platforms.
2538         This will be enhanced in a future patch so that platform filtering will take priority over the target framework.
2539
2540         The following results need rebaselining because the class names for two generators were swapped by accident.
2541         Fixing the names causes the order of generated files to change, and this generates ugly diffs because every
2542         generated file includes the same copyright block at the top.
2543
2544         * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
2545         * inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
2546         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
2547         * inspector/scripts/tests/generic/expected/enum-values.json-result:
2548         * inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
2549         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
2550         * inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
2551         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
2552         * inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
2553         * inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
2554         * inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
2555         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
2556         * inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
2557
2558 2017-01-03  Brian Burg  <bburg@apple.com>
2559
2560         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
2561         https://bugs.webkit.org/show_bug.cgi?id=166003
2562         <rdar://problem/28718990>
2563
2564         Reviewed by Joseph Pecoraro.
2565
2566         Make it possible to test inspector protocol generator output for different platforms.
2567
2568         Move existing tests to the generic/ subdirectory, as they are to be generated
2569         without any specific platform. Later, platform-specific generator behavior will be
2570         tested by cloning the same test to multiple platform directories.
2571
2572         * inspector/scripts/tests{/ => /generic/}commands-with-async-attribute.json
2573         * inspector/scripts/tests{/ => /generic/}commands-with-optional-call-return-parameters.json
2574         * inspector/scripts/tests{/ => /generic/}domains-with-varying-command-sizes.json
2575         * inspector/scripts/tests{/ => /generic/}enum-values.json
2576         * inspector/scripts/tests{/ => /generic/}events-with-optional-parameters.json
2577         * inspector/scripts/tests{/ => /generic/}expected/commands-with-async-attribute.json-result
2578         * inspector/scripts/tests{/ => /generic/}expected/commands-with-optional-call-return-parameters.json-result
2579         * inspector/scripts/tests{/ => /generic/}expected/domains-with-varying-command-sizes.json-result
2580         * inspector/scripts/tests{/ => /generic/}expected/enum-values.json-result
2581         * inspector/scripts/tests{/ => /generic/}expected/events-with-optional-parameters.json-result
2582         * inspector/scripts/tests{/ => /generic/}expected/fail-on-domain-availability.json-error
2583         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-command-call-parameter-names.json-error
2584         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-command-return-parameter-names.json-error
2585         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-event-parameter-names.json-error
2586         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-type-declarations.json-error
2587         * inspector/scripts/tests{/ => /generic/}expected/fail-on-duplicate-type-member-names.json-error
2588         * inspector/scripts/tests{/ => /generic/}expected/fail-on-enum-with-no-values.json-error
2589         * inspector/scripts/tests{/ => /generic/}expected/fail-on-number-typed-optional-parameter-flag.json-error
2590         * inspector/scripts/tests{/ => /generic/}expected/fail-on-number-typed-optional-type-member.json-error
2591         * inspector/scripts/tests{/ => /generic/}expected/fail-on-string-typed-optional-parameter-flag.json-error
2592         * inspector/scripts/tests{/ => /generic/}expected/fail-on-string-typed-optional-type-member.json-error
2593         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-declaration-using-type-reference.json-error
2594         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-reference-as-primitive-type.json-error
2595         * inspector/scripts/tests{/ => /generic/}expected/fail-on-type-with-lowercase-name.json-error
2596         * inspector/scripts/tests{/ => /generic/}expected/fail-on-unknown-type-reference-in-type-declaration.json-error
2597         * inspector/scripts/tests{/ => /generic/}expected/fail-on-unknown-type-reference-in-type-member.json-error
2598         * inspector/scripts/tests{/ => /generic/}expected/generate-domains-with-feature-guards.json-result
2599         * inspector/scripts/tests{/ => /generic/}expected/same-type-id-different-domain.json-result
2600         * inspector/scripts/tests{/ => /generic/}expected/shadowed-optional-type-setters.json-result
2601         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-aliased-primitive-type.json-result
2602         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-array-type.json-result
2603         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-enum-type.json-result
2604         * inspector/scripts/tests{/ => /generic/}expected/type-declaration-object-type.json-result
2605         * inspector/scripts/tests{/ => /generic/}expected/type-requiring-runtime-casts.json-result
2606         * inspector/scripts/tests{/ => /generic/}fail-on-domain-availability.json
2607         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-command-call-parameter-names.json
2608         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-command-return-parameter-names.json
2609         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-event-parameter-names.json
2610         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-type-declarations.json
2611         * inspector/scripts/tests{/ => /generic/}fail-on-duplicate-type-member-names.json
2612         * inspector/scripts/tests{/ => /generic/}fail-on-enum-with-no-values.json
2613         * inspector/scripts/tests{/ => /generic/}fail-on-number-typed-optional-parameter-flag.json
2614         * inspector/scripts/tests{/ => /generic/}fail-on-number-typed-optional-type-member.json
2615         * inspector/scripts/tests{/ => /generic/}fail-on-string-typed-optional-parameter-flag.json
2616         * inspector/scripts/tests{/ => /generic/}fail-on-string-typed-optional-type-member.json
2617         * inspector/scripts/tests{/ => /generic/}fail-on-type-declaration-using-type-reference.json
2618         * inspector/scripts/tests{/ => /generic/}fail-on-type-reference-as-primitive-type.json
2619         * inspector/scripts/tests{/ => /generic/}fail-on-type-with-lowercase-name.json
2620         * inspector/scripts/tests{/ => /generic/}fail-on-unknown-type-reference-in-type-declaration.json
2621         * inspector/scripts/tests{/ => /generic/}fail-on-unknown-type-reference-in-type-member.json
2622         * inspector/scripts/tests{/ => /generic/}generate-domains-with-feature-guards.json
2623         * inspector/scripts/tests{/ => /generic/}same-type-id-different-domain.json
2624         * inspector/scripts/tests{/ => /generic/}shadowed-optional-type-setters.json
2625         * inspector/scripts/tests{/ => /generic/}type-declaration-aliased-primitive-type.json
2626         * inspector/scripts/tests{/ => /generic/}type-declaration-array-type.json
2627         * inspector/scripts/tests{/ => /generic/}type-declaration-enum-type.json
2628         * inspector/scripts/tests{/ => /generic/}type-declaration-object-type.json
2629         * inspector/scripts/tests{/ => /generic/}type-requiring-runtime-casts.json
2630
2631 2017-01-03  Brian Burg  <bburg@apple.com>
2632
2633         Web Inspector: teach the protocol generator about platform-specific types, events, and commands
2634         https://bugs.webkit.org/show_bug.cgi?id=166003
2635         <rdar://problem/28718990>
2636
2637         Reviewed by Joseph Pecoraro.
2638
2639         Add a --platform argument to generate-inspector-protocol-bindings.py and propagate
2640         the specified platform to each generator. This will be used in the next few patches
2641         to exclude types, events, and commands that are unsupported by the backend platform.
2642
2643         Covert all subclasses of Generator to pass along their positional arguments so that we
2644         can easily change base class arguments without editing all generator constructors.
2645
2646         * inspector/scripts/codegen/cpp_generator.py:
2647         (CppGenerator.__init__):
2648         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
2649         (CppAlternateBackendDispatcherHeaderGenerator.__init__):
2650         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2651         (CppBackendDispatcherHeaderGenerator.__init__):
2652         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2653         (CppBackendDispatcherImplementationGenerator.__init__):
2654         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2655         (CppFrontendDispatcherHeaderGenerator.__init__):
2656         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2657         (CppFrontendDispatcherImplementationGenerator.__init__):
2658         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2659         (CppProtocolTypesHeaderGenerator.__init__):
2660         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2661         (CppProtocolTypesImplementationGenerator.__init__):
2662         * inspector/scripts/codegen/generate_js_backend_commands.py:
2663         (JSBackendCommandsGenerator.__init__):
2664         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2665         (ObjCBackendDispatcherHeaderGenerator.__init__):
2666         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2667         (ObjCConfigurationImplementationGenerator.__init__):
2668         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2669         (ObjCConfigurationHeaderGenerator.__init__):
2670         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
2671         (ObjCBackendDispatcherImplementationGenerator.__init__):
2672         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2673         (ObjCFrontendDispatcherImplementationGenerator.__init__):
2674         * inspector/scripts/codegen/generate_objc_header.py:
2675         (ObjCHeaderGenerator.__init__):
2676         * inspector/scripts/codegen/generate_objc_internal_header.py:
2677         (ObjCInternalHeaderGenerator.__init__):
2678         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
2679         (ObjCProtocolTypeConversionsHeaderGenerator.__init__):
2680         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
2681         (ObjCProtocolTypeConversionsImplementationGenerator.__init__):
2682         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2683         (ObjCProtocolTypesImplementationGenerator.__init__):
2684         Pass along *args instead of single positional arguments.
2685
2686         * inspector/scripts/codegen/generator.py:
2687         (Generator.__init__):
2688         Save the target platform and add a getter.
2689
2690         * inspector/scripts/codegen/models.py:
2691         (Platform):
2692         (Platform.__init__):
2693         (Platform.fromString):
2694         (Platforms):
2695         Define the allowed Platform instances (iOS, macOS, and Any).
2696
2697         * inspector/scripts/codegen/objc_generator.py:
2698         (ObjCGenerator.and.__init__):
2699         * inspector/scripts/generate-inspector-protocol-bindings.py:
2700         (generate_from_specification):
2701         Pass along *args instead of single positional arguments.
2702
2703 2017-01-04  JF Bastien  <jfbastien@apple.com>
2704
2705         WebAssembly JS API: add Module.sections
2706         https://bugs.webkit.org/show_bug.cgi?id=165159
2707         <rdar://problem/29760326>
2708
2709         Reviewed by Mark Lam.
2710
2711         As described in: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblymodulecustomsections
2712
2713         This was added for Emscripten, and is likely to be used soon.
2714
2715         * wasm/WasmFormat.h: custom sections are just name + bytes
2716         * wasm/WasmModuleParser.cpp: parse them, instead of skipping over
2717         * wasm/WasmModuleParser.h:
2718         * wasm/js/WebAssemblyModulePrototype.cpp: construct the Array of
2719         ArrayBuffer as described in the spec
2720         (JSC::webAssemblyModuleProtoCustomSections):
2721
2722 2017-01-04  Saam Barati  <sbarati@apple.com>
2723
2724         We don't properly handle exceptions inside the nativeCallTrampoline macro in the LLInt
2725         https://bugs.webkit.org/show_bug.cgi?id=163720
2726
2727         Reviewed by Mark Lam.
2728
2729         In the LLInt, we were incorrectly doing the exception check after the call.
2730         Before the exception check, we were unwinding to our caller's
2731         frame under the assumption that our caller was always a JS frame.
2732         This is incorrect, however, because our caller might be a C frame.
2733         One way that it can be a C frame is when C calls to JS, and JS tail
2734         calls to native. This patch fixes this bug by doing unwinding from
2735         the native callee's frame instead of its callers.
2736
2737         * llint/LowLevelInterpreter32_64.asm:
2738         * llint/LowLevelInterpreter64.asm:
2739
2740 2017-01-03  JF Bastien  <jfbastien@apple.com>
2741
2742         REGRESSION (r210244): Release JSC Stress test failure: wasm.yaml/wasm/js-api/wasm-to-wasm.js.default-wasm
2743         https://bugs.webkit.org/show_bug.cgi?id=166669
2744         <rdar://problem/29856455>
2745
2746         Reviewed by Saam Barati.
2747
2748         Bug #165282 added wasm -> wasm calls, but caused crashes in
2749         release builds because the pinned registers are also callee-saved
2750         and were being clobbered. B3 didn't see itself clobbering them
2751         when no memory was used, and therefore omitted a restore.
2752
2753         This was causing the C++ code in callWebAssemblyFunction to crash
2754         because $r12 was 0, and it expected it to have its value prior to
2755         the call.
2756
2757         * wasm/WasmB3IRGenerator.cpp:
2758         (JSC::Wasm::createJSToWasmWrapper):
2759
2760 2017-01-03  Joseph Pecoraro  <pecoraro@apple.com>
2761
2762         Web Inspector: Address failures under LayoutTests/inspector/debugger/stepping
2763         https://bugs.webkit.org/show_bug.cgi?id=166300
2764
2765         Reviewed by Brian Burg.
2766
2767         * debugger/Debugger.cpp:
2768         (JSC::Debugger::continueProgram):
2769         When continuing, clear states that would have had us pause again.
2770
2771         * inspector/agents/InspectorDebuggerAgent.cpp:
2772         (Inspector::InspectorDebuggerAgent::didBecomeIdle):
2773         When resuming after becoming idle, be sure to clear Debugger state.
2774
2775 2017-01-03  JF Bastien  <jfbastien@apple.com>
2776
2777         WebAssembly JS API: check and test in-call / out-call values
2778         https://bugs.webkit.org/show_bug.cgi?id=164876
2779         <rdar://problem/29844107>
2780
2781         Reviewed by Saam Barati.
2782
2783         * wasm/WasmBinding.cpp:
2784         (JSC::Wasm::wasmToJs): fix the wasm -> JS call coercions for f32 /
2785         f64 which the assotiated tests inadvertently tripped on: the
2786         previous code wasn't correctly performing JSValue boxing for
2787         "double" values. This change is slightly involved because it
2788         requires two scratch registers to materialize the
2789         `DoubleEncodeOffset` value. This change therefore reorganizes the
2790         code to first generate traps, then handle all integers (freeing
2791         all GPRs), and then all the floating-point values.
2792         * wasm/js/WebAssemblyFunction.cpp:
2793         (JSC::callWebAssemblyFunction): Implement the defined semantics
2794         for mismatched arities when JS calls wasm:
2795         https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects
2796           - i32 is 0, f32 / f64 are NaN.
2797           - wasm functions which return "void" are "undefined" in JS.
2798
2799 2017-01-03  Per Arne Vollan  <pvollan@apple.com>
2800
2801         [Win] jsc.exe sometimes never exits.
2802         https://bugs.webkit.org/show_bug.cgi?id=158073
2803
2804         Reviewed by Darin Adler.
2805
2806         On Windows the thread specific destructor is also called when the main thread is exiting.
2807         This may lead to the main thread waiting forever for the machine thread lock when exiting,
2808         if the sampling profiler thread was terminated by the system while holding the machine
2809         thread lock.
2810
2811         * heap/MachineStackMarker.cpp:
2812         (JSC::MachineThreads::removeThread):
2813
2814 2017-01-02  Julien Brianceau  <jbriance@cisco.com>
2815
2816         Remove sh4 specific code from JavaScriptCore
2817         https://bugs.webkit.org/show_bug.cgi?id=166640
2818
2819         Reviewed by Filip Pizlo.
2820
2821         sh4-specific code does not compile for a while (r189884 at least).
2822         As nobody seems to have interest in this architecture anymore, let's
2823         remove this dead code and thus ease the burden for JSC maintainers.
2824
2825         * CMakeLists.txt:
2826         * JavaScriptCore.xcodeproj/project.pbxproj:
2827         * assembler/AbstractMacroAssembler.h:
2828         (JSC::AbstractMacroAssembler::Jump::Jump):
2829         (JSC::AbstractMacroAssembler::Jump::link):
2830         * assembler/MacroAssembler.h:
2831         * assembler/MacroAssemblerSH4.h: Removed.
2832         * assembler/MaxFrameExtentForSlowPathCall.h:
2833         * assembler/SH4Assembler.h: Removed.
2834         * bytecode/DOMJITAccessCasePatchpointParams.cpp:
2835         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
2836         * dfg/DFGSpeculativeJIT.h:
2837         (JSC::DFG::SpeculativeJIT::callOperation):
2838         * jit/AssemblyHelpers.h:
2839         (JSC::AssemblyHelpers::debugCall):
2840         * jit/CCallHelpers.h:
2841         (JSC::CCallHelpers::setupArgumentsWithExecState):
2842         (JSC::CCallHelpers::prepareForTailCallSlow):
2843         * jit/CallFrameShuffler.cpp:
2844         (JSC::CallFrameShuffler::prepareForTailCall):
2845         * jit/ExecutableAllocator.h:
2846         * jit/FPRInfo.h:
2847         * jit/GPRInfo.h:
2848         * jit/JITInlines.h:
2849         (JSC::JIT::callOperation):
2850         * jit/JITOpcodes32_64.cpp:
2851         (JSC::JIT::privateCompileCTINativeCall):
2852         * jit/JITOperations.cpp:
2853         * jit/RegisterSet.cpp:
2854         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2855         (JSC::RegisterSet::dfgCalleeSaveRegisters):
2856         * jit/ThunkGenerators.cpp:
2857         (JSC::nativeForGenerator):
2858         * llint/LLIntData.cpp:
2859         (JSC::LLInt::Data::performAssertions):
2860         * llint/LLIntOfflineAsmConfig.h:
2861         * llint/LowLevelInterpreter.asm:
2862         * llint/LowLevelInterpreter32_64.asm:
2863         * offlineasm/backends.rb:
2864         * offlineasm/instructions.rb:
2865         * offlineasm/sh4.rb: Removed.
2866         * yarr/YarrJIT.cpp:
2867         (JSC::Yarr::YarrGenerator::generateEnter):
2868         (JSC::Yarr::YarrGenerator::generateReturn):
2869
2870 2017-01-02  JF Bastien  <jfbastien@apple.com>
2871
2872         WebAssembly: handle and optimize wasm export → wasm import calls
2873         https://bugs.webkit.org/show_bug.cgi?id=165282
2874
2875         Reviewed by Saam Barati.
2876
2877           - Add a new JSType for WebAssemblyFunction, and use it when creating its
2878             structure. This will is used to quickly detect from wasm whether the import
2879             call is to another wasm module, or whether it's to JS.
2880           - Generate two stubs from the import stub generator: one for wasm->JS and one
2881             for wasm -> wasm. This is done at Module time. Which is called will only be
2882             known at Instance time, once we've received the import object. We want to
2883             avoid codegen at Instance time, so having both around is great.
2884           - Restore the WebAssembly global state (VM top Instance, and pinned registers)
2885             after call / call_indirect, and in the JS->wasm entry stub.
2886           - Pinned registers are now a global thing, not per-Memory, because the wasm ->
2887             wasm stubs are generated at Module time where we don't really have enough
2888             information to do the right thing (doing so would generate too much code).
2889
2890         * CMakeLists.txt:
2891         * JavaScriptCore.xcodeproj/project.pbxproj:
2892         * runtime/JSType.h: add WebAssemblyFunctionType as a JSType
2893         * wasm/WasmB3IRGenerator.cpp: significantly rework how calls which
2894         could be external work, and how we save / restore global state:
2895         VM's top Instance, and pinned registers
2896         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2897         (JSC::Wasm::getMemoryBaseAndSize):
2898         (JSC::Wasm::restoreWebAssemblyGlobalState):
2899         (JSC::Wasm::createJSToWasmWrapper):
2900         (JSC::Wasm::parseAndCompile):
2901         * wasm/WasmB3IRGenerator.h:
2902         * wasm/WasmBinding.cpp:
2903         (JSC::Wasm::materializeImportJSCell):
2904         (JSC::Wasm::wasmToJS):
2905         (JSC::Wasm::wasmToWasm): the main goal of this patch was adding this function
2906         (JSC::Wasm::exitStubGenerator):
2907         * wasm/WasmBinding.h:
2908         * wasm/WasmFormat.h: Get rid of much of the function index space:
2909         we already have all of its information elsewhere, and as-is it
2910         provides no extra efficiency.
2911         (JSC::Wasm::ModuleInformation::functionIndexSpaceSize):
2912         (JSC::Wasm::ModuleInformation::isImportedFunctionFromFunctionIndexSpace):
2913         (JSC::Wasm::ModuleInformation::signatureIndexFromFunctionIndexSpace):
2914         * wasm/WasmFunctionParser.h:
2915         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
2916         * wasm/WasmMemory.cpp: Add some logging.
2917         (JSC::Wasm::Memory::dump): this was nice when debugging
2918         (JSC::Wasm::Memory::makeString):
2919         (JSC::Wasm::Memory::Memory):
2920         (JSC::Wasm::Memory::~Memory):
2921         (JSC::Wasm::Memory::grow):
2922         * wasm/WasmMemory.h: don't use extra indirection, it wasn't
2923         needed. Reorder some of the fields which are looked up at runtime
2924         so they're more cache-friendly.
2925         (JSC::Wasm::Memory::Memory):
2926         (JSC::Wasm::Memory::mode):
2927         (JSC::Wasm::Memory::offsetOfSize):
2928         * wasm/WasmMemoryInformation.cpp: Pinned registers are now a
2929         global thing for all of JSC, not a per-Memory thing
2930         anymore. wasm->wasm calls are more complex otherwise: they have to
2931         figure out how to bridge between the caller and callee's
2932         special-snowflake pinning.
2933         (JSC::Wasm::PinnedRegisterInfo::get):
2934         (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
2935         (JSC::Wasm::MemoryInformation::MemoryInformation):
2936         * wasm/WasmMemoryInformation.h:
2937         * wasm/WasmModuleParser.cpp:
2938         * wasm/WasmModuleParser.h:
2939         * wasm/WasmPageCount.cpp: Copied from Source/JavaScriptCore/wasm/WasmBinding.h.
2940         (JSC::Wasm::PageCount::dump): nice for debugging
2941         * wasm/WasmPageCount.h:
2942         * wasm/WasmPlan.cpp:
2943         (JSC::Wasm::Plan::parseAndValidateModule):
2944         (JSC::Wasm::Plan::run):
2945         * wasm/WasmPlan.h:
2946         (JSC::Wasm::Plan::takeWasmExitStubs):
2947         * wasm/WasmSignature.cpp:
2948         (JSC::Wasm::Signature::toString):
2949         (JSC::Wasm::Signature::dump):
2950         * wasm/WasmSignature.h:
2951         * wasm/WasmValidate.cpp:
2952         (JSC::Wasm::validateFunction):
2953         * wasm/WasmValidate.h:
2954         * wasm/js/JSWebAssemblyInstance.h:
2955         (JSC::JSWebAssemblyInstance::offsetOfTable):
2956         (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
2957         (JSC::JSWebAssemblyInstance::offsetOfImportFunction):
2958         * wasm/js/JSWebAssemblyMemory.cpp:
2959         (JSC::JSWebAssemblyMemory::create):
2960         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
2961         (JSC::JSWebAssemblyMemory::buffer):
2962         (JSC::JSWebAssemblyMemory::grow):
2963         * wasm/js/JSWebAssemblyMemory.h:
2964         (JSC::JSWebAssemblyMemory::memory):
2965         (JSC::JSWebAssemblyMemory::offsetOfMemory):
2966         (JSC::JSWebAssemblyMemory::offsetOfSize):
2967         * wasm/js/JSWebAssemblyModule.cpp:
2968         (JSC::JSWebAssemblyModule::create):
2969         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2970         * wasm/js/JSWebAssemblyModule.h:
2971         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
2972         (JSC::JSWebAssemblyModule::functionImportCount):
2973         * wasm/js/WebAssemblyFunction.cpp:
2974         (JSC::callWebAssemblyFunction):
2975         (JSC::WebAssemblyFunction::create):
2976         (JSC::WebAssemblyFunction::createStructure):
2977         (JSC::WebAssemblyFunction::WebAssemblyFunction):
2978         (JSC::WebAssemblyFunction::finishCreation):
2979         * wasm/js/WebAssemblyFunction.h:
2980         (JSC::WebAssemblyFunction::wasmEntrypoint):
2981         (JSC::WebAssemblyFunction::offsetOfInstance):
2982         (JSC::WebAssemblyFunction::offsetOfWasmEntryPointCode):
2983         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2984         (JSC::constructJSWebAssemblyInstance): always start with a dummy
2985         memory, so wasm->wasm calls don't need to null-check
2986         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2987         (JSC::constructJSWebAssemblyMemory):
2988         * wasm/js/WebAssemblyModuleConstructor.cpp:
2989         (JSC::WebAssemblyModuleConstructor::createModule):
2990         * wasm/js/WebAssemblyModuleRecord.cpp:
2991         (JSC::WebAssemblyModuleRecord::link):
2992         (JSC::WebAssemblyModuleRecord::evaluate):
2993         * wasm/js/WebAssemblyModuleRecord.h:
2994
2995 2017-01-02  Saam Barati  <sbarati@apple.com>
2996
2997         WebAssembly: Some loads don't take into account the offset
2998         https://bugs.webkit.org/show_bug.cgi?id=166616
2999         <rdar://problem/29841541>
3000
3001         Reviewed by Keith Miller.
3002
3003         * wasm/WasmB3IRGenerator.cpp:
3004         (JSC::Wasm::B3IRGenerator::emitLoadOp):
3005
3006 2017-01-01  Jeff Miller  <jeffm@apple.com>
3007
3008         Update user-visible copyright strings to include 2017
3009         https://bugs.webkit.org/show_bug.cgi?id=166278
3010
3011         Reviewed by Dan Bernstein.
3012
3013         * Info.plist:
3014
3015 2016-12-28  Saam Barati  <sbarati@apple.com>
3016
3017         WebAssembly: Don't allow duplicate export names
3018         https://bugs.webkit.org/show_bug.cgi?id=166490
3019         <rdar://problem/29815000>
3020
3021         Reviewed by Keith Miller.
3022
3023         * wasm/WasmModuleParser.cpp:
3024
3025 2016-12-28  Saam Barati  <sbarati@apple.com>
3026
3027         Unreviewed. Fix jsc.cpp build error.
3028
3029         * jsc.cpp:
3030         (functionTestWasmModuleFunctions):
3031
3032 2016-12-28  Saam Barati  <sbarati@apple.com>
3033
3034         WebAssembly: Implement grow_memory and current_memory
3035         https://bugs.webkit.org/show_bug.cgi?id=166448
3036         <rdar://problem/29803676>
3037
3038         Reviewed by Keith Miller.
3039
3040         This patch implements grow_memory, current_memory, and WebAssembly.prototype.grow.
3041         See relevant spec texts here:
3042         
3043         https://github.com/WebAssembly/design/blob/master/Semantics.md#linear-memory-accesses
3044         https://github.com/WebAssembly/design/blob/master/JS.md#webassemblymemoryprototypegrow
3045         
3046         I also fix a couple miscellaneous bugs:
3047         
3048         1. Data section now understands full init_exprs. 
3049         2. parseVarUint1 no longer has a bug where we allow values larger than 1 if
3050         their bottom 8 bits are zero.
3051         
3052         Since the JS API can now grow memory, we need to make calling an import
3053         and call_indirect refresh the base memory register and the size registers.
3054
3055         * jsc.cpp:
3056         (functionTestWasmModuleFunctions):
3057         * runtime/Options.h:
3058         * runtime/VM.h:
3059         * wasm/WasmB3IRGenerator.cpp:
3060         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
3061         (JSC::Wasm::reloadPinnedRegisters):
3062         (JSC::Wasm::B3IRGenerator::emitReloadPinnedRegisters):
3063         (JSC::Wasm::createJSToWasmWrapper):
3064         (JSC::Wasm::parseAndCompile):
3065         * wasm/WasmFormat.cpp:
3066         (JSC::Wasm::Segment::create):
3067         * wasm/WasmFormat.h:
3068         (JSC::Wasm::I32InitExpr::I32InitExpr):
3069         (JSC::Wasm::I32InitExpr::globalImport):
3070         (JSC::Wasm::I32InitExpr::constValue):
3071         (JSC::Wasm::I32InitExpr::isConst):
3072         (JSC::Wasm::I32InitExpr::isGlobalImport):
3073         (JSC::Wasm::I32InitExpr::globalImportIndex):
3074         (JSC::Wasm::Segment::byte):
3075         (JSC::Wasm::ModuleInformation::importFunctionCount):
3076         (JSC::Wasm::ModuleInformation::hasMemory):
3077         * wasm/WasmFunctionParser.h:
3078         * wasm/WasmMemory.cpp:
3079         (JSC::Wasm::Memory::Memory):
3080         (JSC::Wasm::Memory::grow):
3081         * wasm/WasmMemory.h:
3082         (JSC::Wasm::Memory::size):
3083         (JSC::Wasm::Memory::sizeInPages):
3084         (JSC::Wasm::Memory::offsetOfMemory):
3085         (JSC::Wasm::Memory::isValid): Deleted.
3086         (JSC::Wasm::Memory::grow): Deleted.
3087         * wasm/WasmModuleParser.cpp:
3088         (JSC::Wasm::makeI32InitExpr):
3089         * wasm/WasmModuleParser.h:
3090         * wasm/WasmPageCount.h:
3091         (JSC::Wasm::PageCount::bytes):
3092         (JSC::Wasm::PageCount::pageCount):
3093         (JSC::Wasm::PageCount::fromBytes):
3094         (JSC::Wasm::PageCount::operator+):
3095         * wasm/WasmParser.h:
3096         (JSC::Wasm::Parser<SuccessType>::parseVarUInt1):
3097         * wasm/WasmValidate.cpp:
3098         * wasm/js/JSWebAssemblyInstance.h:
3099         (JSC::JSWebAssemblyInstance::offsetOfMemory):
3100         * wasm/js/JSWebAssemblyMemory.cpp:
3101         (JSC::JSWebAssemblyMemory::~JSWebAssemblyMemory):
3102         (JSC::JSWebAssemblyMemory::grow):
3103         * wasm/js/JSWebAssemblyMemory.h:
3104         (JSC::JSWebAssemblyMemory::offsetOfMemory):
3105         * wasm/js/JSWebAssemblyModule.h:
3106         (JSC::JSWebAssemblyModule::functionImportCount):
3107         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace):
3108         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace):
3109         (JSC::JSWebAssemblyModule::importCount): Deleted.
3110         * wasm/js/WebAssemblyFunction.cpp:
3111         (JSC::callWebAssemblyFunction):
3112         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3113         (JSC::constructJSWebAssemblyInstance):
3114         * wasm/js/WebAssemblyMemoryConstructor.cpp:
3115         (JSC::constructJSWebAssemblyMemory):
3116         * wasm/js/WebAssemblyMemoryPrototype.cpp:
3117         (JSC::getMemory):
3118         (JSC::webAssemblyMemoryProtoFuncBuffer):
3119         (JSC::webAssemblyMemoryProtoFuncGrow):
3120         * wasm/js/WebAssemblyModuleRecord.cpp:
3121         (JSC::WebAssemblyModuleRecord::link):
3122         (JSC::dataSegmentFail):
3123         (JSC::WebAssemblyModuleRecord::evaluate):
3124         * wasm/wasm.json:
3125
3126 2016-12-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3127
3128         Use variadic templates in JSC Parser to clean up
3129         https://bugs.webkit.org/show_bug.cgi?id=166482
3130
3131         Reviewed by Saam Barati.
3132
3133         * parser/Parser.cpp:
3134         (JSC::Parser<LexerType>::logError):
3135         * parser/Parser.h:
3136
3137 2016-12-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3138
3139         Propagate the source origin as much as possible
3140         https://bugs.webkit.org/show_bug.cgi?id=166348
3141
3142         Reviewed by Darin Adler.
3143
3144         This patch introduces CallFrame::callerSourceOrigin, SourceOrigin class
3145         and SourceProvider::m_sourceOrigin. CallFrame::callerSourceOrigin returns
3146         an appropriate SourceOrigin if possible. If we cannot find the appropriate
3147         one, we just return null SourceOrigin.
3148
3149         This paves the way for implementing the module dynamic-import[1].
3150         When the import operator is evaluated, it will resolve the module
3151         specifier with this propagated source origin of the caller function.
3152
3153         To support import operator inside the dynamic code generation
3154         functions (like `eval`, `new Function`, indirect call to `eval`),
3155         we need to propagate the caller's source origin to the generated
3156         source code.
3157
3158         We do not use sourceURL for that purpose. This is because we
3159         would like to keep sourceURL for `eval` / `new Function` null.
3160         This sourceURL will be used for the stack dump for errors with line/column
3161         numbers. Dumping the caller's sourceURL with line/column numbers are
3162         meaningless. So we would like to keep it null while we would like
3163         to propagate SourceOrigin for dynamic imports.
3164
3165         [1]: https://github.com/tc39/proposal-dynamic-import
3166
3167         * API/JSBase.cpp:
3168         (JSEvaluateScript):
3169         (JSCheckScriptSyntax):
3170         * API/JSObjectRef.cpp:
3171         (JSObjectMakeFunction):
3172         * API/JSScriptRef.cpp:
3173         (OpaqueJSScript::create):
3174         (OpaqueJSScript::vm):
3175         (OpaqueJSScript::OpaqueJSScript):
3176         (parseScript):
3177         * JavaScriptCore.xcodeproj/project.pbxproj:
3178         * Scripts/builtins/builtins_templates.py:
3179         * Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
3180         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
3181         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
3182         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
3183         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
3184         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
3185         * builtins/BuiltinExecutables.cpp:
3186         (JSC::BuiltinExecutables::BuiltinExecutables):
3187         (JSC::BuiltinExecutables::createDefaultConstructor):
3188         * debugger/DebuggerCallFrame.cpp:
3189         (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
3190         * inspector/InjectedScriptManager.cpp:
3191         (Inspector::InjectedScriptManager::createInjectedScript):
3192         * inspector/JSInjectedScriptHost.cpp:
3193         (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
3194         * inspector/agents/InspectorRuntimeAgent.cpp:
3195         (Inspector::InspectorRuntimeAgent::parse):
3196         * interpreter/CallFrame.cpp:
3197         (JSC::CallFrame::callerSourceOrigin):
3198         * interpreter/CallFrame.h:
3199         * interpreter/Interpreter.cpp:
3200         (JSC::eval):
3201         * jsc.cpp:
3202         (jscSource):
3203         (GlobalObject::finishCreation):
3204         (extractDirectoryName):
3205         (currentWorkingDirectory):
3206         (GlobalObject::moduleLoaderResolve):
3207         (functionRunString):
3208         (functionLoadString):
3209         (functionCallerSourceOrigin):
3210         (functionCreateBuiltin):
3211         (functionCheckModuleSyntax):
3212         (runInteractive):
3213         * parser/SourceCode.h:
3214         (JSC::makeSource):
3215         * parser/SourceProvider.cpp:
3216         (JSC::SourceProvider::SourceProvider):
3217         * parser/SourceProvider.h:
3218         (JSC::SourceProvider::sourceOrigin):
3219         (JSC::StringSourceProvider::create):
3220         (JSC::StringSourceProvider::StringSourceProvider):
3221         (JSC::WebAssemblySourceProvider::create):
3222         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3223         * runtime/FunctionConstructor.cpp:
3224         (JSC::constructFunction):
3225         (JSC::constructFunctionSkippingEvalEnabledCheck):
3226         * runtime/FunctionConstructor.h:
3227         * runtime/JSGlobalObjectFunctions.cpp:
3228         (JSC::globalFuncEval):
3229         * runtime/ModuleLoaderPrototype.cpp:
3230         (JSC::moduleLoaderPrototypeParseModule):
3231         * runtime/ScriptExecutable.h:
3232         (JSC::ScriptExecutable::sourceOrigin):
3233         * runtime/SourceOrigin.h: Added.
3234         (JSC::SourceOrigin::SourceOrigin):
3235         (JSC::SourceOrigin::string):
3236         (JSC::SourceOrigin::isNull):
3237         * tools/FunctionOverrides.cpp:
3238         (JSC::initializeOverrideInfo):
3239
3240 2016-12-24  Caio Lima  <ticaiolima@gmail.com>
3241
3242         [test262] Fixing mapped arguments object property test case
3243         https://bugs.webkit.org/show_bug.cgi?id=159398
3244
3245         Reviewed by Saam Barati.
3246
3247         This patch changes GenericArguments' override mechanism to
3248         implement corret behavior on ECMAScript test262 suite test cases of
3249         mapped arguments object with non-configurable and non-writable
3250         property. Also it is ensuring that arguments[i]
3251         cannot be deleted when argument "i" is {configurable: false}.
3252         
3253         The previous implementation is against to the specification for 2 reasons:
3254
3255         1. Every argument in arguments object are {writable: true} by default
3256            (http://www.ecma-international.org/ecma-262/7.0/index.html#sec-createunmappedargumentsobject).