Inlining of a function that ends in op_unreachable crashes
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-01-03  Robin Morisset  <rmorisset@apple.com>
2
3         Inlining of a function that ends in op_unreachable crashes
4         https://bugs.webkit.org/show_bug.cgi?id=181027
5
6         Reviewed by Filip Pizlo.
7
8         * dfg/DFGByteCodeParser.cpp:
9         (JSC::DFG::ByteCodeParser::allocateTargetableBlock):
10         (JSC::DFG::ByteCodeParser::inlineCall):
11
12 2018-01-02  Saam Barati  <sbarati@apple.com>
13
14         Incorrect assertion inside AccessCase
15         https://bugs.webkit.org/show_bug.cgi?id=181200
16         <rdar://problem/35494754>
17
18         Reviewed by Yusuke Suzuki.
19
20         Consider a PutById compiled to a setter in a function like so:
21         
22         ```
23         function foo(o) { o.f = o; }
24         ```
25         
26         The DFG will often assign the same registers to the baseGPR (o in o.f) and the
27         valueRegsPayloadGPR (o in the RHS). The code totally works when these are assigned
28         to the same register. However, we're asserting that they're not the same register.
29         This patch just removes this invalid assertion.
30
31         * bytecode/AccessCase.cpp:
32         (JSC::AccessCase::generateImpl):
33
34 2018-01-02  Caio Lima  <ticaiolima@gmail.com>
35
36         [ESNext][BigInt] Implement BigIntConstructor and BigIntPrototype
37         https://bugs.webkit.org/show_bug.cgi?id=175359
38
39         Reviewed by Yusuke Suzuki.
40
41         This patch is implementing BigIntConstructor and BigIntPrototype
42         following spec[1, 2]. As addition, we are also implementing BigIntObject
43         warapper to handle ToObject(v) abstract operation when "v" is a BigInt
44         primitive. With these classes, now it's possible to syntetize
45         BigInt.prototype and then call "toString", "valueOf" and
46         "toLocaleString" when the primitive is a BigInt.
47         BigIntConstructor exposes an API to parse other primitives such as
48         Number, Boolean and String to BigInt.
49         We decided to skip parseInt implementation, since it was removed from
50         spec.
51
52         [1] - https://tc39.github.io/proposal-bigint/#sec-bigint-constructor
53         [2] - https://tc39.github.io/proposal-bigint/#sec-properties-of-the-bigint-prototype-object 
54
55         * CMakeLists.txt:
56         * DerivedSources.make:
57         * JavaScriptCore.xcodeproj/project.pbxproj:
58         * Sources.txt:
59         * jsc.cpp:
60         * runtime/BigIntConstructor.cpp: Added.
61         (JSC::BigIntConstructor::BigIntConstructor):
62         (JSC::BigIntConstructor::finishCreation):
63         (JSC::isSafeInteger):
64         (JSC::toBigInt):
65         (JSC::callBigIntConstructor):
66         (JSC::bigIntConstructorFuncAsUintN):
67         (JSC::bigIntConstructorFuncAsIntN):
68         * runtime/BigIntConstructor.h: Added.
69         (JSC::BigIntConstructor::create):
70         (JSC::BigIntConstructor::createStructure):
71         * runtime/BigIntObject.cpp: Added.
72         (JSC::BigIntObject::BigIntObject):
73         (JSC::BigIntObject::finishCreation):
74         (JSC::BigIntObject::toStringName):
75         (JSC::BigIntObject::defaultValue):
76         * runtime/BigIntObject.h: Added.
77         (JSC::BigIntObject::create):
78         (JSC::BigIntObject::internalValue const):
79         (JSC::BigIntObject::createStructure):
80         * runtime/BigIntPrototype.cpp: Added.
81         (JSC::BigIntPrototype::BigIntPrototype):
82         (JSC::BigIntPrototype::finishCreation):
83         (JSC::toThisBigIntValue):
84         (JSC::bigIntProtoFuncToString):
85         (JSC::bigIntProtoFuncToLocaleString):
86         (JSC::bigIntProtoFuncValueOf):
87         * runtime/BigIntPrototype.h: Added.
88         (JSC::BigIntPrototype::create):
89         (JSC::BigIntPrototype::createStructure):
90         * runtime/IntlCollator.cpp:
91         (JSC::IntlCollator::initializeCollator):
92         * runtime/IntlNumberFormat.cpp:
93         (JSC::IntlNumberFormat::initializeNumberFormat):
94         * runtime/JSBigInt.cpp:
95         (JSC::JSBigInt::createFrom):
96         (JSC::JSBigInt::parseInt):
97         (JSC::JSBigInt::toObject const):
98         * runtime/JSBigInt.h:
99         * runtime/JSCJSValue.cpp:
100         (JSC::JSValue::synthesizePrototype const):
101         * runtime/JSCPoisonedPtr.cpp:
102         * runtime/JSCell.cpp:
103         (JSC::JSCell::toObjectSlow const):
104         * runtime/JSGlobalObject.cpp:
105         (JSC::JSGlobalObject::init):
106         (JSC::JSGlobalObject::visitChildren):
107         * runtime/JSGlobalObject.h:
108         (JSC::JSGlobalObject::bigIntPrototype const):
109         (JSC::JSGlobalObject::bigIntObjectStructure const):
110         * runtime/StructureCache.h:
111         * runtime/StructureInlines.h:
112         (JSC::prototypeForLookupPrimitiveImpl):
113
114 2018-01-02  Tim Horton  <timothy_horton@apple.com>
115
116         Fix the MathCommon build with a recent compiler
117         https://bugs.webkit.org/show_bug.cgi?id=181216
118
119         Reviewed by Sam Weinig.
120
121         * runtime/MathCommon.cpp:
122         (JSC::fdlibmPow):
123         This cast drops the 'const' qualifier from the pointer to 'one',
124         but it doesn't have to, and it makes the compiler sad.
125
126 == Rolled over to ChangeLog-2018-01-01 ==