[EFL] Build break with latest EFL 1.8 libraries.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-24  Ryuan Choi  <ryuan.choi@samsung.com>
2
3         [EFL] Build break with latest EFL 1.8 libraries.
4         https://bugs.webkit.org/show_bug.cgi?id=123245
5
6         Reviewed by Gyuyoung Kim.
7
8         After fixed build break on EFL 1.8 at r138326, EFL libraries are changed
9         Eo typedef and splitted header files which contain version macro.
10
11         * PlatformEfl.cmake: Added EO path to include directories.
12         * heap/HeapTimer.h: Changed Ecore_Timer typedef when EO exist.
13
14 2013-10-23  Filip Pizlo  <fpizlo@apple.com>
15
16         Put all uses of LLVM intrinsics behind a single Option
17         https://bugs.webkit.org/show_bug.cgi?id=123219
18
19         Reviewed by Mark Hahnenberg.
20
21         * ftl/FTLExitThunkGenerator.cpp:
22         (JSC::FTL::ExitThunkGenerator::emitThunk):
23         * ftl/FTLLowerDFGToLLVM.cpp:
24         (JSC::FTL::generateExitThunks):
25         (JSC::FTL::LowerDFGToLLVM::compileGetById):
26         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
27         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
28         * ftl/FTLOSRExitCompiler.cpp:
29         (JSC::FTL::compileFTLOSRExit):
30         * runtime/Options.h:
31
32 2013-10-23  Daniel Bates  <dabates@apple.com>
33
34         Fix JavaScriptCore build targets following <http://trac.webkit.org/changeset/157864>
35         (https://bugs.webkit.org/show_bug.cgi?id=123169)
36
37         Tell Xcode that the supported platforms for all JavaScriptCore targets are iOS and OS X.
38
39         * Configurations/Base.xcconfig:
40
41 2013-10-23  Michael Saboff  <msaboff@apple.com>
42
43         LLInt arity check exception processing should start unwinding from caller
44         https://bugs.webkit.org/show_bug.cgi?id=123209
45
46         Reviewed by Oliver Hunt.
47
48         Use the caller frame returned from slow_path_call_arityCheck to process exceptions.
49
50         * llint/LowLevelInterpreter32_64.asm:
51         * llint/LowLevelInterpreter64.asm:
52
53 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
54
55         FTL should be able to do some simple inline caches using LLVM patchpoints
56         https://bugs.webkit.org/show_bug.cgi?id=123164
57
58         Reviewed by Mark Hahnenberg.
59         
60         This implements GetById inline caches in the FTL using llvm.webkit.patchpoint.
61         
62         The idea is that we ask LLVM for a nop slide the size of a GetById inline
63         cache and then fill in the code after LLVM compilation is complete. For now, we
64         just use the system calling convention for the arguments and return. We also
65         still make some assumptions about registers that aren't correct. But, most of
66         the scaffolding is there and this will successfully patch an inline cache.
67
68         * JavaScriptCore.xcodeproj/project.pbxproj:
69         * assembler/AbstractMacroAssembler.h:
70         * assembler/LinkBuffer.cpp:
71         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
72         (JSC::LinkBuffer::linkCode):
73         (JSC::LinkBuffer::allocate):
74         * assembler/LinkBuffer.h:
75         (JSC::LinkBuffer::LinkBuffer):
76         (JSC::LinkBuffer::link):
77         * ftl/FTLAbbreviations.h:
78         (JSC::FTL::constNull):
79         (JSC::FTL::buildCall):
80         * ftl/FTLCapabilities.cpp:
81         (JSC::FTL::canCompile):
82         * ftl/FTLCompile.cpp:
83         (JSC::FTL::fixFunctionBasedOnStackMaps):
84         * ftl/FTLInlineCacheDescriptor.h: Added.
85         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
86         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
87         (JSC::FTL::GetByIdDescriptor::stackmapID):
88         (JSC::FTL::GetByIdDescriptor::codeOrigin):
89         (JSC::FTL::GetByIdDescriptor::uid):
90         * ftl/FTLInlineCacheSize.cpp: Added.
91         (JSC::FTL::sizeOfGetById):
92         (JSC::FTL::sizeOfPutById):
93         * ftl/FTLInlineCacheSize.h: Added.
94         * ftl/FTLIntrinsicRepository.h:
95         * ftl/FTLJITFinalizer.cpp:
96         (JSC::FTL::JITFinalizer::finalizeFunction):
97         * ftl/FTLJITFinalizer.h:
98         * ftl/FTLLocation.cpp:
99         (JSC::FTL::Location::directGPR):
100         * ftl/FTLLocation.h:
101         * ftl/FTLLowerDFGToLLVM.cpp:
102         (JSC::FTL::LowerDFGToLLVM::compileGetById):
103         * ftl/FTLOutput.h:
104         (JSC::FTL::Output::call):
105         * ftl/FTLSlowPathCall.cpp: Added.
106         (JSC::FTL::callOperation):
107         * ftl/FTLSlowPathCall.h: Added.
108         (JSC::FTL::SlowPathCall::SlowPathCall):
109         (JSC::FTL::SlowPathCall::call):
110         (JSC::FTL::SlowPathCall::key):
111         * ftl/FTLSlowPathCallKey.cpp: Added.
112         (JSC::FTL::SlowPathCallKey::dump):
113         * ftl/FTLSlowPathCallKey.h: Added.
114         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
115         (JSC::FTL::SlowPathCallKey::usedRegisters):
116         (JSC::FTL::SlowPathCallKey::callTarget):
117         (JSC::FTL::SlowPathCallKey::offset):
118         (JSC::FTL::SlowPathCallKey::isEmptyValue):
119         (JSC::FTL::SlowPathCallKey::isDeletedValue):
120         (JSC::FTL::SlowPathCallKey::operator==):
121         (JSC::FTL::SlowPathCallKey::hash):
122         (JSC::FTL::SlowPathCallKeyHash::hash):
123         (JSC::FTL::SlowPathCallKeyHash::equal):
124         * ftl/FTLStackMaps.cpp:
125         (JSC::FTL::StackMaps::Location::directGPR):
126         * ftl/FTLStackMaps.h:
127         * ftl/FTLState.h:
128         * ftl/FTLThunks.cpp:
129         (JSC::FTL::slowPathCallThunkGenerator):
130         * ftl/FTLThunks.h:
131         (JSC::FTL::Thunks::getSlowPathCallThunk):
132         * jit/CCallHelpers.h:
133         (JSC::CCallHelpers::setupArguments):
134         * jit/GPRInfo.h:
135         * jit/JITInlineCacheGenerator.cpp:
136         (JSC::garbageStubInfo):
137         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
138         (JSC::JITByIdGenerator::finalize):
139         * jit/JITInlineCacheGenerator.h:
140         (JSC::JITByIdGenerator::slowPathBegin):
141         * jit/RegisterSet.cpp:
142         (JSC::RegisterSet::stackRegisters):
143         (JSC::RegisterSet::specialRegisters):
144         (JSC::RegisterSet::calleeSaveRegisters):
145         (JSC::RegisterSet::allGPRs):
146         (JSC::RegisterSet::allFPRs):
147         (JSC::RegisterSet::allRegisters):
148         (JSC::RegisterSet::dump):
149         * jit/RegisterSet.h:
150         (JSC::RegisterSet::exclude):
151         (JSC::RegisterSet::numberOfSetRegisters):
152         (JSC::RegisterSet::RegisterSet):
153         (JSC::RegisterSet::isEmptyValue):
154         (JSC::RegisterSet::isDeletedValue):
155         (JSC::RegisterSet::operator==):
156         (JSC::RegisterSet::hash):
157         (JSC::RegisterSetHash::hash):
158         (JSC::RegisterSetHash::equal):
159         * runtime/Options.h:
160
161 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
162
163         jitCompileAndSetHeuristics should DeferGCForAWhile
164         https://bugs.webkit.org/show_bug.cgi?id=123196
165
166         Reviewed by Mark Hahnenberg.
167         
168         This fixes random crashes in V8v7/raytrace. I only see those crashes on exactly one of
169         my machines. I don't think this is testable; we just need to steadily converge towards
170         getting our uses of DeferGC to be right and then be careful not to regress. We're not
171         there yet, obviously.
172         
173         * llint/LLIntSlowPaths.cpp:
174         (JSC::LLInt::jitCompileAndSetHeuristics):
175
176 2013-10-23  Daniel Bates  <dabates@apple.com>
177
178         [iOS] Upstream more JavaScriptCore build configuration changes
179         https://bugs.webkit.org/show_bug.cgi?id=123169
180
181         Reviewed by David Kilzer.
182
183         * Configurations/Base.xcconfig:
184         * Configurations/Version.xcconfig:
185         * Configurations/iOS.xcconfig: Added.
186         * JavaScriptCore.xcodeproj/project.pbxproj:
187
188 2013-10-23  Daniel Bates  <dabates@apple.com>
189
190         [iOS] Export DefaultGCActivityCallback member functions
191         https://bugs.webkit.org/show_bug.cgi?id=123175
192
193         Reviewed by David Kilzer.
194
195         * runtime/GCActivityCallback.h:
196
197 2013-10-23  Daniel Bates  <dabates@apple.com>
198
199         [iOS] Upstream more ARMv7s bits
200         https://bugs.webkit.org/show_bug.cgi?id=123052
201
202         Reviewed by Joseph Pecoraro.
203
204         * Configurations/JavaScriptCore.xcconfig:
205
206 2013-10-22  Andreas Kling  <akling@apple.com>
207
208         Minor VM* -> VM& cleanups in HashTable and Keywords.
209         <https://webkit.org/b/123183>
210
211         Turn some VM* variables that will never be null into VM&.
212
213         Reviewed by Geoffrey Garen.
214
215 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
216
217         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
218         https://bugs.webkit.org/show_bug.cgi?id=123179
219
220         Reviewed by Mark Hahnenberg.
221
222         * parser/NodeConstructors.h:
223         (JSC::LogicalOpNode::LogicalOpNode):
224         * parser/ResultType.h:
225         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
226         This is JavaScript (aka Sparta).
227
228 2013-10-22  Commit Queue  <commit-queue@webkit.org>
229
230         Unreviewed, rolling out r157819.
231         http://trac.webkit.org/changeset/157819
232         https://bugs.webkit.org/show_bug.cgi?id=123180
233
234         Broke 32-bit builds (Requested by smfr on #webkit).
235
236         * Configurations/JavaScriptCore.xcconfig:
237         * Configurations/ToolExecutable.xcconfig:
238
239 2013-10-22  Daniel Bates  <dabates@apple.com>
240
241         [iOS] Upstream more ARMv7s bits
242         https://bugs.webkit.org/show_bug.cgi?id=123052
243
244         Reviewed by Joseph Pecoraro.
245
246         * Configurations/JavaScriptCore.xcconfig:
247         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
248         modifying a file in JavaScriptCore/Configurations.
249
250 2013-10-22  Daniel Bates  <dabates@apple.com>
251
252         [iOS] Upstream JSLock changes
253         https://bugs.webkit.org/show_bug.cgi?id=123107
254
255         Reviewed by Geoffrey Garen.
256
257         * runtime/JSLock.cpp:
258         (JSC::JSLock::unlock):
259         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
260         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
261         use pre-increment instead of post-increment when we're not using the return value of the instruction.
262         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
263         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
264         since we don't use the return value of such instructions.
265         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
266         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
267         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
268         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
269         the argument is sufficiently descriptive of its purpose.
270
271 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
272
273         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
274         https://bugs.webkit.org/show_bug.cgi?id=123166
275
276         Reviewed by Michael Saboff.
277
278         * jit/CCallHelpers.h:
279         (JSC::CCallHelpers::setupArgumentsWithExecState):
280
281 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
282
283         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
284         https://bugs.webkit.org/show_bug.cgi?id=123165
285
286         Reviewed by Michael Saboff.
287
288         * jit/JITInlines.h:
289         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
290         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
291         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
292         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
293
294 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
295
296         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
297         https://bugs.webkit.org/show_bug.cgi?id=123092
298
299         Reviewed by Michael Saboff.
300
301         Impacted architectures are SH4 and ARM_TRADITIONAL.
302
303         * assembler/ARMAssembler.h:
304         (JSC::ARMAssembler::buffer):
305         * assembler/AssemblerBufferWithConstantPool.h:
306         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
307         * assembler/LinkBuffer.cpp:
308         (JSC::LinkBuffer::linkCode):
309         * assembler/SH4Assembler.h:
310         (JSC::SH4Assembler::buffer):
311
312 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
313
314         Remove unused stuff in JIT stubs.
315         https://bugs.webkit.org/show_bug.cgi?id=123155
316
317         Reviewed by Michael Saboff.
318
319         * jit/JITStubs.h:
320         * jit/JITStubsARM.h:
321         (JSC::ctiTrampoline):
322         * jit/JITStubsARM64.h:
323         * jit/JITStubsARMv7.h:
324         * jit/JITStubsMIPS.h:
325         * jit/JITStubsSH4.h:
326         * jit/JITStubsX86.h:
327         * jit/JITStubsX86_64.h:
328
329 2013-10-22  Daniel Bates  <dabates@apple.com>
330
331         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
332         https://bugs.webkit.org/show_bug.cgi?id=123115
333         <rdar://problem/13696872>
334
335         Reviewed by Andy Estes.
336
337         Based on a patch by Mark Hahnenberg.
338
339         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
340
341         * API/JSBase.cpp:
342
343 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
344
345         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
346         https://bugs.webkit.org/show_bug.cgi?id=123157
347
348         Reviewed by Andreas Kling.
349
350         * assembler/SH4Assembler.h:
351         (JSC::SH4Assembler::lastRegister):
352         (JSC::SH4Assembler::firstFPRegister):
353         (JSC::SH4Assembler::lastFPRegister):
354
355 2013-10-22  Brian Holt  <brian.holt@samsung.com>
356
357         Build break on ARMv7 after r157209
358         https://bugs.webkit.org/show_bug.cgi?id=122890
359
360         Reviewed by Csaba Osztrogon√°c.
361
362         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
363
364         * assembler/ARMAssembler.h:
365         * assembler/MacroAssemblerARM.h:
366         (JSC::MacroAssemblerARM::firstRegister):
367         (JSC::MacroAssemblerARM::lastRegister):
368         (JSC::MacroAssemblerARM::firstFPRegister):
369         (JSC::MacroAssemblerARM::lastFPRegister):
370
371 2013-10-21  Daniel Bates  <dabates@apple.com>
372
373         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
374         https://bugs.webkit.org/show_bug.cgi?id=123045
375
376         Reviewed by Joseph Pecoraro.
377
378         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
379         to global method table.
380         * runtime/JSGlobalObject.cpp: Ditto.
381         * runtime/JSGlobalObject.h:
382         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
383
384 2013-10-21  Daniel Bates  <dabates@apple.com>
385
386         [iOS] Upstream JSC Objective-C API compiler warning fixes
387         https://bugs.webkit.org/show_bug.cgi?id=123125
388
389         Reviewed by Mark Hahnenberg.
390
391         Based on a patch by Mark Hahnenberg.
392
393         * API/JSValue.mm:
394         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
395         (-[JSValue toSize]): Ditto.
396         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
397
398 2013-10-21  Daniel Bates  <dabates@apple.com>
399
400         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
401         available since iOS 7.0
402         https://bugs.webkit.org/show_bug.cgi?id=123122
403
404         Reviewed by Dan Bernstein.
405
406         * API/JSContext.h:
407         * API/JSManagedValue.h:
408         * API/JSValue.h:
409         * API/JSVirtualMachine.h:
410
411 2013-10-20  Mark Lam  <mark.lam@apple.com>
412
413         Avoid JSC debugger overhead unless needed.
414         https://bugs.webkit.org/show_bug.cgi?id=123084.
415
416         Reviewed by Geoffrey Garen.
417
418         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
419         - If no break on exception is set, we also avoid exception event debug callbacks.
420         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
421           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
422           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
423           returning, the ScriptDebugServer will clear its m_currentCallFrame if
424           needsOpDebugCallbacks() is false.
425
426         * debugger/Debugger.cpp:
427         (JSC::Debugger::Debugger):
428         (JSC::Debugger::setNeedsExceptionCallbacks):
429         (JSC::Debugger::setShouldPause):
430         (JSC::Debugger::updateNumberOfBreakpoints):
431         (JSC::Debugger::updateNeedForOpDebugCallbacks):
432         * debugger/Debugger.h:
433         * interpreter/Interpreter.cpp:
434         (JSC::Interpreter::unwind):
435         (JSC::Interpreter::debug):
436         * jit/JITOpcodes.cpp:
437         (JSC::JIT::emit_op_debug):
438         * jit/JITOpcodes32_64.cpp:
439         (JSC::JIT::emit_op_debug):
440         * llint/LLIntOffsetsExtractor.cpp:
441         * llint/LowLevelInterpreter.asm:
442
443 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
444
445         [WIN] Unreviewed build correction.
446
447         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
448           sources, not header files.
449         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
450
451 2013-10-21  Oliver Hunt  <oliver@apple.com>
452
453         Support computed property names in object literals
454         https://bugs.webkit.org/show_bug.cgi?id=123112
455
456         Reviewed by Michael Saboff.
457
458         Add support for computed property names to the parser.
459
460         * bytecompiler/NodesCodegen.cpp:
461         (JSC::PropertyListNode::emitBytecode):
462         * parser/ASTBuilder.h:
463         (JSC::ASTBuilder::createProperty):
464         (JSC::ASTBuilder::getName):
465         * parser/NodeConstructors.h:
466         (JSC::PropertyNode::PropertyNode):
467         * parser/Nodes.h:
468         (JSC::PropertyNode::expressionName):
469         (JSC::PropertyNode::name):
470         * parser/Parser.cpp:
471         (JSC::::parseProperty):
472         (JSC::::parseStrictObjectLiteral):
473         * parser/SyntaxChecker.h:
474         (JSC::SyntaxChecker::Property::Property):
475         (JSC::SyntaxChecker::createProperty):
476         (JSC::SyntaxChecker::operatorStackPop):
477
478 2013-10-21  Michael Saboff  <msaboff@apple.com>
479
480         Add option so that JSC will crash if it can't allocate executable memory for the JITs
481         https://bugs.webkit.org/show_bug.cgi?id=123048
482         <rdar://problem/12856193>
483
484         Reviewed by Geoffrey Garen.
485
486         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
487         when checking the validity of the executable allocator. The default value for this option is
488         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
489         the app can obtain executable memory.
490
491         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
492         (main):
493         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
494         * runtime/VM.cpp:
495         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
496         is enabled.
497
498 2013-10-21  Nadav Rotem  <nrotem@apple.com>
499
500         Remove AllInOneFile.cpp
501         https://bugs.webkit.org/show_bug.cgi?id=123055
502
503         Reviewed by Csaba Osztrogon√°c.
504
505         * AllInOneFile.cpp: Removed.
506
507 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
508
509         Unreviewed, cleanup a FIXME comment.
510
511         * jit/Repatch.cpp:
512
513 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
514
515         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
516         https://bugs.webkit.org/show_bug.cgi?id=123076
517
518         Reviewed by Sam Weinig.
519         
520         Start preparing for a world in which we are patching code generated by LLVM, which may have
521         very different register usage conventions than our JITs. This requires us being more explicit
522         about the registers we are using. For example, the repatching code shouldn't take for granted
523         that tagMaskRegister holds the TagMask or that the register is even in use.
524
525         * CMakeLists.txt:
526         * GNUmakefile.list.am:
527         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
528         * JavaScriptCore.xcodeproj/project.pbxproj:
529         * assembler/MacroAssembler.h:
530         (JSC::MacroAssembler::numberOfRegisters):
531         (JSC::MacroAssembler::registerIndex):
532         (JSC::MacroAssembler::numberOfFPRegisters):
533         (JSC::MacroAssembler::fpRegisterIndex):
534         (JSC::MacroAssembler::totalNumberOfRegisters):
535         * bytecode/StructureStubInfo.h:
536         * dfg/DFGSpeculativeJIT.cpp:
537         (JSC::DFG::SpeculativeJIT::usedRegisters):
538         * dfg/DFGSpeculativeJIT.h:
539         * ftl/FTLSaveRestore.cpp:
540         (JSC::FTL::bytesForGPRs):
541         (JSC::FTL::bytesForFPRs):
542         (JSC::FTL::offsetOfGPR):
543         (JSC::FTL::offsetOfFPR):
544         * jit/JITInlineCacheGenerator.cpp:
545         (JSC::JITByIdGenerator::JITByIdGenerator):
546         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
547         * jit/JITInlineCacheGenerator.h:
548         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
549         * jit/JITPropertyAccess.cpp:
550         (JSC::JIT::emit_op_get_by_id):
551         (JSC::JIT::emit_op_put_by_id):
552         * jit/JITPropertyAccess32_64.cpp:
553         (JSC::JIT::emit_op_get_by_id):
554         (JSC::JIT::emit_op_put_by_id):
555         * jit/RegisterSet.cpp: Added.
556         (JSC::RegisterSet::specialRegisters):
557         * jit/RegisterSet.h: Added.
558         (JSC::RegisterSet::RegisterSet):
559         (JSC::RegisterSet::set):
560         (JSC::RegisterSet::clear):
561         (JSC::RegisterSet::get):
562         (JSC::RegisterSet::merge):
563         * jit/Repatch.cpp:
564         (JSC::generateProtoChainAccessStub):
565         (JSC::tryCacheGetByID):
566         (JSC::tryBuildGetByIDList):
567         (JSC::emitPutReplaceStub):
568         (JSC::tryRepatchIn):
569         (JSC::linkClosureCall):
570         * jit/TempRegisterSet.cpp: Added.
571         (JSC::TempRegisterSet::TempRegisterSet):
572         * jit/TempRegisterSet.h:
573
574 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
575
576         [sh4] Fix build (broken since r157690).
577         https://bugs.webkit.org/show_bug.cgi?id=123081
578
579         Reviewed by Andreas Kling.
580
581         * assembler/AssemblerBufferWithConstantPool.h:
582         * assembler/SH4Assembler.h:
583         (JSC::SH4Assembler::buffer):
584         (JSC::SH4Assembler::readCallTarget):
585
586 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
587
588         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
589         https://bugs.webkit.org/show_bug.cgi?id=123079
590
591         Reviewed by Geoffrey Garen.
592
593         * jit/TempRegisterSet.h:
594
595 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
596
597         Rename RegisterSet to TempRegisterSet
598         https://bugs.webkit.org/show_bug.cgi?id=123077
599
600         Reviewed by Dan Bernstein.
601
602         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
603         * JavaScriptCore.xcodeproj/project.pbxproj:
604         * bytecode/StructureStubInfo.h:
605         * dfg/DFGJITCompiler.h:
606         * dfg/DFGSpeculativeJIT.h:
607         (JSC::DFG::SpeculativeJIT::usedRegisters):
608         * jit/JITInlineCacheGenerator.cpp:
609         (JSC::JITByIdGenerator::JITByIdGenerator):
610         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
611         * jit/JITInlineCacheGenerator.h:
612         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
613         * jit/JITPropertyAccess.cpp:
614         (JSC::JIT::emit_op_get_by_id):
615         (JSC::JIT::emit_op_put_by_id):
616         * jit/JITPropertyAccess32_64.cpp:
617         (JSC::JIT::emit_op_get_by_id):
618         (JSC::JIT::emit_op_put_by_id):
619         * jit/RegisterSet.h: Removed.
620         * jit/ScratchRegisterAllocator.h:
621         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
622         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
623         (JSC::TempRegisterSet::TempRegisterSet):
624         (JSC::TempRegisterSet::asPOD):
625         (JSC::TempRegisterSet::copyInfo):
626
627 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
628
629         Restructure LinkBuffer to allow for alternate allocation strategies
630         https://bugs.webkit.org/show_bug.cgi?id=123071
631
632         Reviewed by Oliver Hunt.
633         
634         The idea is to eventually allow a LinkBuffer to place the code into an already
635         allocated region of memory.  That region of memory could be the nop-slide left behind
636         by a llvm.webkit.patchpoint.
637
638         * assembler/ARM64Assembler.h:
639         (JSC::ARM64Assembler::buffer):
640         * assembler/AssemblerBuffer.h:
641         * assembler/LinkBuffer.cpp:
642         (JSC::LinkBuffer::copyCompactAndLinkCode):
643         (JSC::LinkBuffer::linkCode):
644         (JSC::LinkBuffer::allocate):
645         (JSC::LinkBuffer::shrink):
646         * assembler/LinkBuffer.h:
647         (JSC::LinkBuffer::LinkBuffer):
648         (JSC::LinkBuffer::didFailToAllocate):
649         * assembler/X86Assembler.h:
650         (JSC::X86Assembler::buffer):
651         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
652
653 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
654
655         Some includes in JSC seem to use an incorrect style
656         https://bugs.webkit.org/show_bug.cgi?id=123057
657
658         Reviewed by Geoffrey Garen.
659
660         Changed pseudo-system includes to user ones.
661
662         * API/JSContextRef.cpp:
663         * API/JSStringRefCF.cpp:
664         * API/JSValueRef.cpp:
665         * API/OpaqueJSString.cpp:
666         * jit/JIT.h:
667         * parser/SyntaxChecker.h:
668         * runtime/WeakGCMap.h:
669
670 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
671
672         Baseline JIT and DFG IC code generation should be unified and rationalized
673         https://bugs.webkit.org/show_bug.cgi?id=122939
674
675         Reviewed by Geoffrey Garen.
676         
677         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
678         some register info and creates JIT inline caches for you. Used this to even furhter
679         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
680         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
681         that it needs to do the equivalent of get_by_id, so with this generator it will be able
682         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
683
684         * CMakeLists.txt:
685         * GNUmakefile.list.am:
686         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
687         * JavaScriptCore.xcodeproj/project.pbxproj:
688         * assembler/AbstractMacroAssembler.h:
689         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
690         * bytecode/CodeBlock.h:
691         (JSC::CodeBlock::ecmaMode):
692         * dfg/DFGInlineCacheWrapper.h: Added.
693         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
694         * dfg/DFGInlineCacheWrapperInlines.h: Added.
695         (JSC::DFG::::finalize):
696         * dfg/DFGJITCompiler.cpp:
697         (JSC::DFG::JITCompiler::link):
698         * dfg/DFGJITCompiler.h:
699         (JSC::DFG::JITCompiler::addGetById):
700         (JSC::DFG::JITCompiler::addPutById):
701         * dfg/DFGSpeculativeJIT32_64.cpp:
702         (JSC::DFG::SpeculativeJIT::cachedGetById):
703         (JSC::DFG::SpeculativeJIT::cachedPutById):
704         * dfg/DFGSpeculativeJIT64.cpp:
705         (JSC::DFG::SpeculativeJIT::cachedGetById):
706         (JSC::DFG::SpeculativeJIT::cachedPutById):
707         (JSC::DFG::SpeculativeJIT::compile):
708         * jit/AssemblyHelpers.h:
709         (JSC::AssemblyHelpers::isStrictModeFor):
710         (JSC::AssemblyHelpers::strictModeFor):
711         * jit/GPRInfo.h:
712         (JSC::JSValueRegs::tagGPR):
713         * jit/JIT.cpp:
714         (JSC::JIT::JIT):
715         (JSC::JIT::privateCompileSlowCases):
716         (JSC::JIT::privateCompile):
717         * jit/JIT.h:
718         * jit/JITInlineCacheGenerator.cpp: Added.
719         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
720         (JSC::JITByIdGenerator::JITByIdGenerator):
721         (JSC::JITByIdGenerator::finalize):
722         (JSC::JITByIdGenerator::generateFastPathChecks):
723         (JSC::JITGetByIdGenerator::generateFastPath):
724         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
725         (JSC::JITPutByIdGenerator::generateFastPath):
726         (JSC::JITPutByIdGenerator::slowPathFunction):
727         * jit/JITInlineCacheGenerator.h: Added.
728         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
729         (JSC::JITInlineCacheGenerator::stubInfo):
730         (JSC::JITByIdGenerator::JITByIdGenerator):
731         (JSC::JITByIdGenerator::reportSlowPathCall):
732         (JSC::JITByIdGenerator::slowPathJump):
733         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
734         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
735         * jit/JITPropertyAccess.cpp:
736         (JSC::JIT::emit_op_get_by_id):
737         (JSC::JIT::emitSlow_op_get_by_id):
738         (JSC::JIT::emit_op_put_by_id):
739         (JSC::JIT::emitSlow_op_put_by_id):
740         * jit/JITPropertyAccess32_64.cpp:
741         (JSC::JIT::emit_op_get_by_id):
742         (JSC::JIT::emitSlow_op_get_by_id):
743         (JSC::JIT::emit_op_put_by_id):
744         (JSC::JIT::emitSlow_op_put_by_id):
745         * jit/RegisterSet.h:
746         (JSC::RegisterSet::set):
747
748 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
749
750         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
751         https://bugs.webkit.org/show_bug.cgi?id=123067
752
753         Reviewed by Geoffrey Garen.
754
755         * API/APICast.h: Include it.
756
757 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
758
759         FTL::Location should treat the offset as an addend in the case of a Register location
760         https://bugs.webkit.org/show_bug.cgi?id=123062
761
762         Reviewed by Sam Weinig.
763
764         * ftl/FTLLocation.cpp:
765         (JSC::FTL::Location::forStackmaps):
766         (JSC::FTL::Location::dump):
767         (JSC::FTL::Location::restoreInto):
768         * ftl/FTLLocation.h:
769         (JSC::FTL::Location::forRegister):
770         (JSC::FTL::Location::hasAddend):
771         (JSC::FTL::Location::addend):
772
773 2013-10-19  Nadav Rotem  <nrotem@apple.com>
774
775         DFG dominators: document and rename stuff.
776         https://bugs.webkit.org/show_bug.cgi?id=123056
777
778         Reviewed by Filip Pizlo.
779
780         Documented the code and renamed some variables.
781
782         * dfg/DFGDominators.cpp:
783         (JSC::DFG::Dominators::compute):
784         (JSC::DFG::Dominators::pruneDominators):
785         * dfg/DFGDominators.h:
786
787 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
788
789         Fix build failure for architectures with 4 argument registers.
790         https://bugs.webkit.org/show_bug.cgi?id=123060
791
792         Reviewed by Michael Saboff.
793
794         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
795         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
796
797         * dfg/DFGSpeculativeJIT.h:
798         (JSC::DFG::SpeculativeJIT::callOperation):
799         * jit/CCallHelpers.h:
800         (JSC::CCallHelpers::setupArgumentsWithExecState):
801         * jit/JITInlines.h:
802         (JSC::JIT::callOperation):
803
804 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
805
806         Unreviewed, fix FTL build.
807
808         * ftl/FTLIntrinsicRepository.h:
809         * ftl/FTLLowerDFGToLLVM.cpp:
810         (JSC::FTL::LowerDFGToLLVM::compileGetById):
811
812 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
813
814         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
815         https://bugs.webkit.org/show_bug.cgi?id=122940
816
817         Reviewed by Oliver Hunt.
818         
819         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
820         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
821         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
822         StructureStubInfo's. It removes some of the need for the compile-time property access
823         records; for example the DFG no longer has to save information about registers in a
824         property access record only to later save it to the stub info.
825         
826         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
827         at any stage of compilation.
828
829         * bytecode/CodeBlock.cpp:
830         (JSC::CodeBlock::printGetByIdCacheStatus):
831         (JSC::CodeBlock::dumpBytecode):
832         (JSC::CodeBlock::~CodeBlock):
833         (JSC::CodeBlock::propagateTransitions):
834         (JSC::CodeBlock::finalizeUnconditionally):
835         (JSC::CodeBlock::addStubInfo):
836         (JSC::CodeBlock::getStubInfoMap):
837         (JSC::CodeBlock::shrinkToFit):
838         * bytecode/CodeBlock.h:
839         (JSC::CodeBlock::begin):
840         (JSC::CodeBlock::end):
841         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
842         * bytecode/CodeOrigin.h:
843         (JSC::CodeOrigin::CodeOrigin):
844         (JSC::CodeOrigin::isHashTableDeletedValue):
845         (JSC::CodeOrigin::hash):
846         (JSC::CodeOriginHash::hash):
847         (JSC::CodeOriginHash::equal):
848         * bytecode/GetByIdStatus.cpp:
849         (JSC::GetByIdStatus::computeFor):
850         * bytecode/GetByIdStatus.h:
851         * bytecode/PutByIdStatus.cpp:
852         (JSC::PutByIdStatus::computeFor):
853         * bytecode/PutByIdStatus.h:
854         * bytecode/StructureStubInfo.h:
855         (JSC::getStructureStubInfoCodeOrigin):
856         * dfg/DFGByteCodeParser.cpp:
857         (JSC::DFG::ByteCodeParser::parseBlock):
858         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
859         * dfg/DFGJITCompiler.cpp:
860         (JSC::DFG::JITCompiler::link):
861         * dfg/DFGJITCompiler.h:
862         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
863         (JSC::DFG::InRecord::InRecord):
864         * dfg/DFGSpeculativeJIT.cpp:
865         (JSC::DFG::SpeculativeJIT::compileIn):
866         * dfg/DFGSpeculativeJIT.h:
867         (JSC::DFG::SpeculativeJIT::callOperation):
868         * dfg/DFGSpeculativeJIT32_64.cpp:
869         (JSC::DFG::SpeculativeJIT::cachedGetById):
870         (JSC::DFG::SpeculativeJIT::cachedPutById):
871         * dfg/DFGSpeculativeJIT64.cpp:
872         (JSC::DFG::SpeculativeJIT::cachedGetById):
873         (JSC::DFG::SpeculativeJIT::cachedPutById):
874         * jit/CCallHelpers.h:
875         (JSC::CCallHelpers::setupArgumentsWithExecState):
876         * jit/JIT.cpp:
877         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
878         (JSC::JIT::privateCompile):
879         * jit/JIT.h:
880         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
881         * jit/JITInlines.h:
882         (JSC::JIT::callOperation):
883         * jit/JITOperations.cpp:
884         * jit/JITOperations.h:
885         * jit/JITPropertyAccess.cpp:
886         (JSC::JIT::emitSlow_op_get_by_id):
887         (JSC::JIT::emitSlow_op_put_by_id):
888         * jit/JITPropertyAccess32_64.cpp:
889         (JSC::JIT::emitSlow_op_get_by_id):
890         (JSC::JIT::emitSlow_op_put_by_id):
891         * jit/Repatch.cpp:
892         (JSC::appropriateGenericPutByIdFunction):
893         (JSC::appropriateListBuildingPutByIdFunction):
894         (JSC::resetPutByID):
895
896 2013-10-18  Oliver Hunt  <oliver@apple.com>
897
898         Spread operator should be performing direct "puts" and not triggering setters
899         https://bugs.webkit.org/show_bug.cgi?id=123047
900
901         Reviewed by Geoffrey Garen.
902
903         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
904         to array construct.  This required a new PutByValDirect node to be introduced to
905         the DFG.  The current implementation simply changes the slow path function that
906         is called, but in future this could be made faster as it does not need to check
907         the prototype chain.
908
909         * bytecode/CodeBlock.cpp:
910         (JSC::CodeBlock::dumpBytecode):
911         (JSC::CodeBlock::CodeBlock):
912         * bytecode/Opcode.h:
913         (JSC::padOpcodeName):
914         * bytecompiler/BytecodeGenerator.cpp:
915         (JSC::BytecodeGenerator::emitDirectPutByVal):
916         * bytecompiler/BytecodeGenerator.h:
917         * bytecompiler/NodesCodegen.cpp:
918         (JSC::ArrayNode::emitBytecode):
919         * dfg/DFGAbstractInterpreterInlines.h:
920         (JSC::DFG::::executeEffects):
921         * dfg/DFGBackwardsPropagationPhase.cpp:
922         (JSC::DFG::BackwardsPropagationPhase::propagate):
923         * dfg/DFGByteCodeParser.cpp:
924         (JSC::DFG::ByteCodeParser::parseBlock):
925         * dfg/DFGCSEPhase.cpp:
926         (JSC::DFG::CSEPhase::getArrayLengthElimination):
927         (JSC::DFG::CSEPhase::getByValLoadElimination):
928         (JSC::DFG::CSEPhase::checkStructureElimination):
929         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
930         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
931         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
932         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
933         (JSC::DFG::CSEPhase::performNodeCSE):
934         * dfg/DFGCapabilities.cpp:
935         (JSC::DFG::capabilityLevel):
936         * dfg/DFGClobberize.h:
937         (JSC::DFG::clobberize):
938         * dfg/DFGFixupPhase.cpp:
939         (JSC::DFG::FixupPhase::fixupNode):
940         * dfg/DFGGraph.h:
941         (JSC::DFG::Graph::clobbersWorld):
942         * dfg/DFGNode.h:
943         (JSC::DFG::Node::hasArrayMode):
944         * dfg/DFGNodeType.h:
945         * dfg/DFGOperations.cpp:
946         (JSC::DFG::putByVal):
947         (JSC::DFG::operationPutByValInternal):
948         * dfg/DFGOperations.h:
949         * dfg/DFGPredictionPropagationPhase.cpp:
950         (JSC::DFG::PredictionPropagationPhase::propagate):
951         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
952         * dfg/DFGSafeToExecute.h:
953         (JSC::DFG::safeToExecute):
954         * dfg/DFGSpeculativeJIT32_64.cpp:
955         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
956         (JSC::DFG::SpeculativeJIT::compile):
957         * dfg/DFGSpeculativeJIT64.cpp:
958         (JSC::DFG::SpeculativeJIT::compile):
959         * dfg/DFGTypeCheckHoistingPhase.cpp:
960         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
961         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
962         * jit/JIT.cpp:
963         (JSC::JIT::privateCompileMainPass):
964         (JSC::JIT::privateCompileSlowCases):
965         * jit/JIT.h:
966         (JSC::JIT::compileDirectPutByVal):
967         * jit/JITOperations.cpp:
968         * jit/JITOperations.h:
969         * jit/JITPropertyAccess.cpp:
970         (JSC::JIT::emitSlow_op_put_by_val):
971         (JSC::JIT::privateCompilePutByVal):
972         * jit/JITPropertyAccess32_64.cpp:
973         (JSC::JIT::emitSlow_op_put_by_val):
974         * llint/LLIntSlowPaths.cpp:
975         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
976         * llint/LLIntSlowPaths.h:
977         * llint/LowLevelInterpreter32_64.asm:
978         * llint/LowLevelInterpreter64.asm:
979
980 2013-10-18  Daniel Bates  <dabates@apple.com>
981
982         [iOS] Export symbol for VM::sharedInstanceExists()
983         https://bugs.webkit.org/show_bug.cgi?id=123046
984
985         Reviewed by Mark Hahnenberg.
986
987         * runtime/VM.h:
988
989 2013-10-18  Daniel Bates  <dabates@apple.com>
990
991         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
992         https://bugs.webkit.org/show_bug.cgi?id=123049
993
994         Reviewed by Mark Hahnenberg.
995
996         * heap/Heap.cpp:
997         (JSC::Heap::setIncrementalSweeper):
998         * heap/Heap.h:
999         * heap/HeapTimer.h:
1000         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
1001         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
1002         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
1003         (duplicates the include in the .cpp).
1004         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
1005         making use of this now, but we'll make use of it in a subsequent patch.
1006
1007 2013-10-18  Anders Carlsson  <andersca@apple.com>
1008
1009         Remove spaces between template angle brackets
1010         https://bugs.webkit.org/show_bug.cgi?id=123040
1011
1012         Reviewed by Andreas Kling.
1013
1014         * API/JSCallbackObject.cpp:
1015         (JSC::::create):
1016         * API/JSObjectRef.cpp:
1017         * bytecode/CodeBlock.h:
1018         (JSC::CodeBlock::constants):
1019         (JSC::CodeBlock::setConstantRegisters):
1020         * bytecode/DFGExitProfile.h:
1021         * bytecode/EvalCodeCache.h:
1022         * bytecode/Operands.h:
1023         * bytecode/UnlinkedCodeBlock.h:
1024         (JSC::UnlinkedCodeBlock::constantRegisters):
1025         * bytecode/Watchpoint.h:
1026         * bytecompiler/BytecodeGenerator.h:
1027         * bytecompiler/StaticPropertyAnalysis.h:
1028         * bytecompiler/StaticPropertyAnalyzer.h:
1029         * dfg/DFGArgumentsSimplificationPhase.cpp:
1030         * dfg/DFGBlockInsertionSet.h:
1031         * dfg/DFGCSEPhase.cpp:
1032         (JSC::DFG::performCSE):
1033         (JSC::DFG::performStoreElimination):
1034         * dfg/DFGCommonData.h:
1035         * dfg/DFGDesiredStructureChains.h:
1036         * dfg/DFGDesiredWatchpoints.h:
1037         * dfg/DFGJITCompiler.h:
1038         * dfg/DFGOSRExitCompiler32_64.cpp:
1039         (JSC::DFG::OSRExitCompiler::compileExit):
1040         * dfg/DFGOSRExitCompiler64.cpp:
1041         (JSC::DFG::OSRExitCompiler::compileExit):
1042         * dfg/DFGWorklist.h:
1043         * heap/BlockAllocator.h:
1044         (JSC::CopiedBlock):
1045         (JSC::MarkedBlock):
1046         (JSC::WeakBlock):
1047         (JSC::MarkStackSegment):
1048         (JSC::CopyWorkListSegment):
1049         (JSC::HandleBlock):
1050         * heap/Heap.h:
1051         * heap/Local.h:
1052         * heap/MarkedBlock.h:
1053         * heap/Strong.h:
1054         * jit/AssemblyHelpers.cpp:
1055         (JSC::AssemblyHelpers::decodedCodeMapFor):
1056         * jit/AssemblyHelpers.h:
1057         * jit/SpecializedThunkJIT.h:
1058         * parser/Nodes.h:
1059         * parser/Parser.cpp:
1060         (JSC::::parseIfStatement):
1061         * parser/Parser.h:
1062         (JSC::Scope::copyCapturedVariablesToVector):
1063         (JSC::parse):
1064         * parser/ParserArena.h:
1065         * parser/SourceProviderCacheItem.h:
1066         * profiler/LegacyProfiler.cpp:
1067         (JSC::dispatchFunctionToProfiles):
1068         * profiler/LegacyProfiler.h:
1069         (JSC::LegacyProfiler::currentProfiles):
1070         * profiler/ProfileNode.h:
1071         (JSC::ProfileNode::children):
1072         * profiler/ProfilerDatabase.h:
1073         * runtime/Butterfly.h:
1074         (JSC::Butterfly::contiguousInt32):
1075         (JSC::Butterfly::contiguous):
1076         * runtime/GenericTypedArrayViewInlines.h:
1077         (JSC::::create):
1078         * runtime/Identifier.h:
1079         (JSC::Identifier::add):
1080         * runtime/JSPromise.h:
1081         * runtime/PropertyMapHashTable.h:
1082         * runtime/PropertyNameArray.h:
1083         * runtime/RegExpCache.h:
1084         * runtime/SparseArrayValueMap.h:
1085         * runtime/SymbolTable.h:
1086         * runtime/VM.h:
1087         * tools/CodeProfile.cpp:
1088         (JSC::truncateTrace):
1089         * tools/CodeProfile.h:
1090         * yarr/YarrInterpreter.cpp:
1091         * yarr/YarrInterpreter.h:
1092         (JSC::Yarr::BytecodePattern::BytecodePattern):
1093         * yarr/YarrJIT.cpp:
1094         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
1095         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
1096         (JSC::Yarr::YarrGenerator::opCompileBody):
1097         * yarr/YarrPattern.cpp:
1098         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
1099         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1100         * yarr/YarrPattern.h:
1101
1102 2013-10-18  Mark Lam  <mark.lam@apple.com>
1103
1104         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
1105         https://bugs.webkit.org/show_bug.cgi?id=123037.
1106
1107         Reviewed by Geoffrey Garen.
1108
1109         * jit/JITStubsMSVC64.asm:
1110         * jit/JITStubsX86.h:
1111         * jit/JITStubsX86_64.h:
1112
1113 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1114
1115         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
1116         https://bugs.webkit.org/show_bug.cgi?id=121661
1117
1118         Reviewed by Mark Hahnenberg.
1119         
1120         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
1121         so I added a return-early check using isCompilationThread().
1122         
1123         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
1124         it is describing: m_offset and the property table. Most structures only have m_offset and report
1125         null for the property table. If the property table is there, it will tell you additional
1126         information and that information subsumes m_offset - but the m_offset is still there. So, when
1127         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
1128         machinery to do this.
1129         
1130         Changing the property table only happens on the main thread.
1131         
1132         Because the machinery to change the property table is so complex, especially with respect to
1133         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
1134         called at key points before and after changes to the property table or the offset.
1135
1136         Most clients of Structure who care about object layout, including the concurrent thread, will
1137         want to know m_offset and not the property table. If they want the property table, they will
1138         already be super careful. The concurrent thread has special methods for this, like
1139         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
1140         view of the property table.
1141         
1142         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
1143         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
1144         
1145         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
1146         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
1147         because we have found that it helps quickly identify situations where the property table and
1148         m_offset get out of sync - mainly because code that changes either of those things will usually
1149         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
1150         need the property table; it uses the m_offset. The concurrent JIT is correct to call
1151         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
1152         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
1153         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
1154         locks, and that same structure is having its property table modified by the main thread, we end
1155         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
1156         property table modified - instead what happens is that some downstream structure steals the
1157         property table and then starts adding things to it. The concurrent thread loads the property
1158         table before it's stolen, and hence the badness.
1159         
1160         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
1161         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
1162         and then you have a possible crash.
1163         
1164         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
1165         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
1166         it's in the concurrent JIT.
1167         
1168         * runtime/StructureInlines.h:
1169         (JSC::Structure::checkOffsetConsistency):
1170
1171 2013-10-18  Daniel Bates  <dabates@apple.com>
1172
1173         Add SPI to disable the garbage collector timer
1174         https://bugs.webkit.org/show_bug.cgi?id=122921
1175
1176         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
1177         omitted.
1178
1179         * heap/Heap.cpp:
1180         (JSC::Heap::setGarbageCollectionTimerEnabled):
1181
1182 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1183
1184         Group 64-bit specific and 32-bit specific callOperation implementations.
1185         https://bugs.webkit.org/show_bug.cgi?id=123024
1186
1187         Reviewed by Michael Saboff.
1188
1189         This is not a big deal, but could be less confusing when reading the code.
1190
1191         * jit/JITInlines.h:
1192         (JSC::JIT::callOperation):
1193         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1194         (JSC::JIT::callOperationNoExceptionCheck):
1195
1196 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1197
1198         Fix a FlushLiveness problem.
1199         https://bugs.webkit.org/show_bug.cgi?id=122984
1200
1201         Reviewed by Filip Pizlo.
1202
1203         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1204         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1205
1206 2013-10-18  Michael Saboff  <msaboff@apple.com>
1207
1208         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1209         https://bugs.webkit.org/show_bug.cgi?id=122982
1210
1211         Reviewed by Geoffrey Garen.
1212
1213         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1214         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1215         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1216         in the process.
1217
1218         * dfg/DFGJITCompiler.cpp:
1219         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1220         * jit/CCallHelpers.h:
1221         (JSC::CCallHelpers::jumpToExceptionHandler):
1222         * jit/JIT.cpp:
1223         (JSC::JIT::privateCompileExceptionHandlers):
1224         * jit/JIT.h:
1225         * jit/JITExceptions.cpp:
1226         (JSC::genericUnwind):
1227         * jit/JITExceptions.h:
1228         * jit/JITInlines.h:
1229         (JSC::JIT::callOperationNoExceptionCheck):
1230         * jit/JITOpcodes.cpp:
1231         (JSC::JIT::emit_op_throw):
1232         * jit/JITOpcodes32_64.cpp:
1233         (JSC::JIT::privateCompileCTINativeCall):
1234         (JSC::JIT::emit_op_throw):
1235         * jit/JITOperations.cpp:
1236         * jit/JITOperations.h:
1237         * jit/JITStubs.cpp:
1238         * jit/JITStubs.h:
1239         * jit/JITStubsARM.h:
1240         * jit/JITStubsARM64.h:
1241         * jit/JITStubsARMv7.h:
1242         * jit/JITStubsMIPS.h:
1243         * jit/JITStubsMSVC64.asm:
1244         * jit/JITStubsSH4.h:
1245         * jit/JITStubsX86.h:
1246         * jit/JITStubsX86_64.h:
1247         * jit/Repatch.cpp:
1248         (JSC::tryBuildGetByIDList):
1249         * jit/SlowPathCall.h:
1250         (JSC::JITSlowPathCall::call):
1251         * jit/ThunkGenerators.cpp:
1252         (JSC::throwExceptionFromCallSlowPathGenerator):
1253         (JSC::nativeForGenerator):
1254         * runtime/VM.h:
1255         (JSC::VM::callFrameForThrowOffset):
1256         (JSC::VM::targetMachinePCForThrowOffset):
1257
1258 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1259
1260         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1261         https://bugs.webkit.org/show_bug.cgi?id=123023
1262
1263         Reviewed by Michael Saboff.
1264
1265         * jit/JITInlines.h:
1266         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1267         using EABI_32BIT_DUMMY_ARG here.
1268
1269 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1270
1271         Unreviewed, another ARM64 build fix.
1272         
1273         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1274         on ARM64 and none of its uses are legit - they should all be using
1275         andPtr(TrustedImm32, blah) anyway.
1276
1277         * assembler/MacroAssembler.h:
1278         * assembler/MacroAssemblerARM64.h:
1279         * dfg/DFGJITCompiler.cpp:
1280         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1281         * jit/JIT.cpp:
1282         (JSC::JIT::privateCompileExceptionHandlers):
1283
1284 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1285
1286         Unreviewed, speculative ARM64 build fix.
1287         
1288         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1289         implemented. So, you have to use TrustedImmPtr in the superclasses.
1290
1291         * assembler/MacroAssemblerARM64.h:
1292         (JSC::MacroAssemblerARM64::store8):
1293         (JSC::MacroAssemblerARM64::branchTest8):
1294
1295 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1296
1297         Unreviewed, speculative ARM build fix.
1298         https://bugs.webkit.org/show_bug.cgi?id=122890
1299         <rdar://problem/15258624>
1300
1301         * assembler/ARM64Assembler.h:
1302         (JSC::ARM64Assembler::firstRegister):
1303         (JSC::ARM64Assembler::lastRegister):
1304         (JSC::ARM64Assembler::firstFPRegister):
1305         (JSC::ARM64Assembler::lastFPRegister):
1306         * assembler/MacroAssemblerARM64.h:
1307         * assembler/MacroAssemblerARMv7.h:
1308
1309 2013-10-17  Andreas Kling  <akling@apple.com>
1310
1311         Pass VM instead of JSGlobalObject to JSONObject constructor.
1312         <https://webkit.org/b/122999>
1313
1314         JSONObject was only use the JSGlobalObject to grab at the VM.
1315         Dodge a few loads by passing the VM directly instead.
1316
1317         Reviewed by Geoffrey Garen.
1318
1319         * runtime/JSONObject.cpp:
1320         (JSC::JSONObject::JSONObject):
1321         (JSC::JSONObject::finishCreation):
1322         * runtime/JSONObject.h:
1323         (JSC::JSONObject::create):
1324
1325 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1326
1327         Removed the JITStackFrame struct
1328         https://bugs.webkit.org/show_bug.cgi?id=123001
1329
1330         Reviewed by Anders Carlsson.
1331
1332         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1333         our helper functions obey the C function call ABI.
1334
1335 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1336
1337         Removed an unused #define
1338         https://bugs.webkit.org/show_bug.cgi?id=123000
1339
1340         Reviewed by Anders Carlsson.
1341
1342         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1343         since it is unused now. This is a step toward using the C stack.
1344
1345 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1346
1347         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1348         https://bugs.webkit.org/show_bug.cgi?id=122973
1349
1350         Reviewed by Michael Saboff.
1351
1352         * jit/ThunkGenerators.cpp:
1353         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1354         so I removed it.
1355
1356         The code acted as if it needed to pass an argument to
1357         lookupExceptionHandler, and as if it passed that argument to itself
1358         through JITStackFrame. However, lookupExceptionHandler does not take
1359         an argument (other than the default ExecState argument), and the code
1360         did not initialize the thing that it thought it passed to itself!
1361
1362 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1363
1364         Run JavaScriptCore tests again on Windows.
1365         https://bugs.webkit.org/show_bug.cgi?id=122787
1366
1367         Reviewed by Tim Horton.
1368
1369         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1370         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1371
1372 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1373
1374         Removed restoreArgumentReference (another use of JITStackFrame)
1375         https://bugs.webkit.org/show_bug.cgi?id=122997
1376
1377         Reviewed by Oliver Hunt.
1378
1379         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1380         toward using the C stack.
1381
1382 2013-10-17  Oliver Hunt  <oliver@apple.com>
1383
1384         Remove JITStubCall.h
1385         https://bugs.webkit.org/show_bug.cgi?id=122991
1386
1387         Reviewed by Geoff Garen.
1388
1389         Happily this is no longer used
1390
1391         * GNUmakefile.list.am:
1392         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1393         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1394         * JavaScriptCore.xcodeproj/project.pbxproj:
1395         * jit/JIT.cpp:
1396         * jit/JITArithmetic.cpp:
1397         * jit/JITArithmetic32_64.cpp:
1398         * jit/JITCall.cpp:
1399         * jit/JITCall32_64.cpp:
1400         * jit/JITOpcodes.cpp:
1401         * jit/JITOpcodes32_64.cpp:
1402         * jit/JITPropertyAccess.cpp:
1403         * jit/JITPropertyAccess32_64.cpp:
1404         * jit/JITStubCall.h: Removed.
1405
1406 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1407
1408         Removed a use of JITSTACKFRAME_ARGS_INDEX
1409         https://bugs.webkit.org/show_bug.cgi?id=122989
1410
1411         Reviewed by Oliver Hunt.
1412
1413         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1414         to using the C stack.
1415
1416 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1417
1418         Change emit_op_catch to use another method to materialize VM
1419         https://bugs.webkit.org/show_bug.cgi?id=122977
1420
1421         Reviewed by Oliver Hunt.
1422
1423         * jit/JITOpcodes.cpp:
1424         (JSC::JIT::emit_op_catch):
1425         * jit/JITOpcodes32_64.cpp:
1426         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1427         on JITStackFrame. It is also faster and simpler.
1428
1429 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1430
1431         Eliminate emitGetJITStubArg() - dead code
1432         https://bugs.webkit.org/show_bug.cgi?id=122975
1433
1434         Reviewed by Anders Carlsson.
1435
1436         * jit/JIT.h:
1437         * jit/JITInlines.h: Removed unused, deprecated function.
1438
1439 2013-10-17  Mark Lam  <mark.lam@apple.com>
1440
1441         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1442         https://bugs.webkit.org/show_bug.cgi?id=122979.
1443
1444         Reviewed by Michael Saboff.
1445
1446         * jit/JITStubs.cpp:
1447         * jit/JITStubs.h:
1448         * jit/JITStubsARM.h:
1449         * jit/JITStubsARM64.h:
1450         * jit/JITStubsARMv7.h:
1451         * jit/JITStubsMIPS.h:
1452         * jit/JITStubsSH4.h:
1453         * jit/JITStubsX86.h:
1454         * jit/JITStubsX86_64.h:
1455         * runtime/VM.cpp:
1456         (JSC::VM::VM):
1457
1458 2013-10-17  Michael Saboff  <msaboff@apple.com>
1459
1460         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1461         https://bugs.webkit.org/show_bug.cgi?id=122974
1462
1463         Reviewed by Geoffrey Garen.
1464
1465         Eliminated unneeded storing to JITStackFrame.
1466
1467         * dfg/DFGJITCompiler.cpp:
1468         (JSC::DFG::JITCompiler::compileFunction):
1469
1470 2013-10-17  Michael Saboff  <msaboff@apple.com>
1471
1472         Transition cti_op_throw and cti_vm_throw to a JIT operation
1473         https://bugs.webkit.org/show_bug.cgi?id=122931
1474
1475         Reviewed by Filip Pizlo.
1476
1477         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1478         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1479         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1480         callOperation to handle the need to provide space for structure return value.
1481
1482         * jit/JIT.h:
1483         * jit/JITInlines.h:
1484         (JSC::JIT::callOperation):
1485         * jit/JITOpcodes.cpp:
1486         (JSC::JIT::emit_op_throw):
1487         * jit/JITOpcodes32_64.cpp:
1488         (JSC::JIT::emit_op_throw):
1489         (JSC::JIT::emit_op_catch):
1490         * jit/JITOperations.cpp:
1491         * jit/JITOperations.h:
1492         * jit/JITStubs.cpp:
1493         * jit/JITStubs.h:
1494         * jit/JITStubsARM.h:
1495         * jit/JITStubsARM64.h:
1496         * jit/JITStubsARMv7.h:
1497         * jit/JITStubsMIPS.h:
1498         * jit/JITStubsMSVC64.asm:
1499         * jit/JITStubsSH4.h:
1500         * jit/JITStubsX86.h:
1501         * jit/JITStubsX86_64.h:
1502         * jit/JSInterfaceJIT.h:
1503
1504 2013-10-17  Mark Lam  <mark.lam@apple.com>
1505
1506         Remove JITStackFrame references in the C Loop LLINT.
1507         https://bugs.webkit.org/show_bug.cgi?id=122950.
1508
1509         Reviewed by Michael Saboff.
1510
1511         * jit/JITStubs.h:
1512         * llint/LowLevelInterpreter.cpp:
1513         (JSC::CLoop::execute):
1514         * offlineasm/cloop.rb:
1515
1516 2013-10-17  Mark Lam  <mark.lam@apple.com>
1517
1518         Remove JITStackFrame references in JIT probes.
1519         https://bugs.webkit.org/show_bug.cgi?id=122947.
1520
1521         Reviewed by Michael Saboff.
1522
1523         * assembler/MacroAssemblerARM.cpp:
1524         (JSC::MacroAssemblerARM::ProbeContext::dump):
1525         * assembler/MacroAssemblerARM.h:
1526         * assembler/MacroAssemblerARMv7.cpp:
1527         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1528         * assembler/MacroAssemblerARMv7.h:
1529         * assembler/MacroAssemblerX86Common.cpp:
1530         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1531         * assembler/MacroAssemblerX86Common.h:
1532         * jit/JITStubsARM.h:
1533         * jit/JITStubsARMv7.h:
1534         * jit/JITStubsX86.h:
1535         * jit/JITStubsX86Common.h:
1536         * jit/JITStubsX86_64.h:
1537
1538 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1539
1540         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1541         https://bugs.webkit.org/show_bug.cgi?id=122949
1542
1543         Reviewed by Andreas Kling.
1544
1545         * jit/CCallHelpers.h:
1546         (JSC::CCallHelpers::setupArgumentsWithExecState):
1547
1548 2013-10-16  Mark Lam  <mark.lam@apple.com>
1549
1550         Transition remaining op_get* JITStubs to JIT operations.
1551         https://bugs.webkit.org/show_bug.cgi?id=122925.
1552
1553         Reviewed by Geoffrey Garen.
1554
1555         Transitioning:
1556             cti_op_get_by_id_generic
1557             cti_op_get_by_val
1558             cti_op_get_by_val_generic
1559             cti_op_get_by_val_string
1560
1561         * dfg/DFGOperations.cpp:
1562         * dfg/DFGOperations.h:
1563         * jit/JIT.h:
1564         * jit/JITInlines.h:
1565         (JSC::JIT::callOperation):
1566         * jit/JITOpcodes.cpp:
1567         (JSC::JIT::emitSlow_op_get_arguments_length):
1568         (JSC::JIT::emitSlow_op_get_argument_by_val):
1569         * jit/JITOpcodes32_64.cpp:
1570         (JSC::JIT::emitSlow_op_get_arguments_length):
1571         (JSC::JIT::emitSlow_op_get_argument_by_val):
1572         * jit/JITOperations.cpp:
1573         * jit/JITOperations.h:
1574         * jit/JITPropertyAccess.cpp:
1575         (JSC::JIT::emitSlow_op_get_by_val):
1576         (JSC::JIT::emitSlow_op_get_by_pname):
1577         (JSC::JIT::privateCompileGetByVal):
1578         * jit/JITPropertyAccess32_64.cpp:
1579         (JSC::JIT::emitSlow_op_get_by_val):
1580         (JSC::JIT::emitSlow_op_get_by_pname):
1581         * jit/JITStubs.cpp:
1582         * jit/JITStubs.h:
1583         * runtime/Executable.cpp:
1584         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1585         * runtime/Options.cpp:
1586         (JSC::Options::initialize):
1587
1588 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1589
1590         Introduce WTF::Bag and start using it for InlineCallFrameSet
1591         https://bugs.webkit.org/show_bug.cgi?id=122941
1592
1593         Reviewed by Geoffrey Garen.
1594         
1595         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1596         SegmentedVectors into Bags as well.
1597
1598         * bytecode/InlineCallFrameSet.cpp:
1599         (JSC::InlineCallFrameSet::add):
1600         * bytecode/InlineCallFrameSet.h:
1601         (JSC::InlineCallFrameSet::begin):
1602         (JSC::InlineCallFrameSet::end):
1603         * dfg/DFGArgumentsSimplificationPhase.cpp:
1604         (JSC::DFG::ArgumentsSimplificationPhase::run):
1605         * dfg/DFGJITCompiler.cpp:
1606         (JSC::DFG::JITCompiler::link):
1607         * dfg/DFGStackLayoutPhase.cpp:
1608         (JSC::DFG::StackLayoutPhase::run):
1609         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1610         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1611
1612 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1613
1614         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1615         https://bugs.webkit.org/show_bug.cgi?id=122905
1616         <rdar://problem/15237856>
1617
1618         Reviewed by Michael Saboff.
1619         
1620         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1621         then always call it to install something that calls CRASH().
1622
1623         * llvm/InitializeLLVM.cpp:
1624         (JSC::llvmCrash):
1625         (JSC::initializeLLVMOnce):
1626         (JSC::initializeLLVM):
1627         * llvm/LLVMAPIFunctions.h:
1628
1629 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1630
1631         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1632         https://bugs.webkit.org/show_bug.cgi?id=122938
1633
1634         Reviewed by Sam Weinig.
1635         
1636         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1637
1638         * jit/Repatch.cpp:
1639         (JSC::tryBuildGetByIDList):
1640
1641 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1642
1643         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1644         https://bugs.webkit.org/show_bug.cgi?id=122937
1645
1646         Reviewed by Geoffrey Garen.
1647         
1648         JITStubCall used to do it.
1649         
1650         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1651
1652         * jit/JIT.h:
1653         (JSC::JIT::appendCall):
1654
1655 2013-10-16  Michael Saboff  <msaboff@apple.com>
1656
1657         transition void cti_op_put_by_val* stubs to JIT operations
1658         https://bugs.webkit.org/show_bug.cgi?id=122903
1659
1660         Reviewed by Geoffrey Garen.
1661
1662         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1663         operationPutByValGeneric.
1664
1665         * jit/CCallHelpers.h:
1666         (JSC::CCallHelpers::setupArgumentsWithExecState):
1667         * jit/JIT.h:
1668         * jit/JITInlines.h:
1669         (JSC::JIT::callOperation):
1670         * jit/JITOperations.cpp:
1671         * jit/JITOperations.h:
1672         * jit/JITPropertyAccess.cpp:
1673         (JSC::JIT::emitSlow_op_put_by_val):
1674         (JSC::JIT::privateCompilePutByVal):
1675         * jit/JITPropertyAccess32_64.cpp:
1676         (JSC::JIT::emitSlow_op_put_by_val):
1677         * jit/JITStubs.cpp:
1678         * jit/JITStubs.h:
1679         * jit/JSInterfaceJIT.h:
1680
1681 2013-10-16  Oliver Hunt  <oliver@apple.com>
1682
1683         Implement ES6 spread operator
1684         https://bugs.webkit.org/show_bug.cgi?id=122911
1685
1686         Reviewed by Michael Saboff.
1687
1688         Implement the ES6 spread operator
1689
1690         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1691         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1692         driven.
1693
1694         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1695         and actually handling the spread.
1696
1697         * bytecompiler/BytecodeGenerator.cpp:
1698         (JSC::BytecodeGenerator::emitNewArray):
1699         (JSC::BytecodeGenerator::emitCall):
1700         (JSC::BytecodeGenerator::emitEnumeration):
1701         * bytecompiler/BytecodeGenerator.h:
1702         * bytecompiler/NodesCodegen.cpp:
1703         (JSC::ArrayNode::emitBytecode):
1704         (JSC::ForOfNode::emitBytecode):
1705         (JSC::SpreadExpressionNode::emitBytecode):
1706         * parser/ASTBuilder.h:
1707         (JSC::ASTBuilder::createSpreadExpression):
1708         * parser/Lexer.cpp:
1709         (JSC::::lex):
1710         * parser/NodeConstructors.h:
1711         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1712         * parser/Nodes.h:
1713         (JSC::ExpressionNode::isSpreadExpression):
1714         (JSC::SpreadExpressionNode::expression):
1715         * parser/Parser.cpp:
1716         (JSC::::parseArrayLiteral):
1717         (JSC::::parseArguments):
1718         (JSC::::parseMemberExpression):
1719         * parser/Parser.h:
1720         (JSC::Parser::getTokenName):
1721         (JSC::Parser::updateErrorMessageSpecialCase):
1722         * parser/ParserTokens.h:
1723         * parser/SyntaxChecker.h:
1724         (JSC::SyntaxChecker::createSpreadExpression):
1725
1726 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1727
1728         Add a useLLInt option to jsc
1729         https://bugs.webkit.org/show_bug.cgi?id=122930
1730
1731         Reviewed by Geoffrey Garen.
1732
1733         * runtime/Executable.cpp:
1734         (JSC::setupLLInt):
1735         (JSC::setupJIT):
1736         (JSC::ScriptExecutable::prepareForExecutionImpl):
1737         * runtime/Options.h:
1738
1739 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1740
1741         Build fix.
1742
1743         Forgot to svn add DeferGC.cpp
1744
1745         * heap/DeferGC.cpp: Added.
1746
1747 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1748
1749         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1750         https://bugs.webkit.org/show_bug.cgi?id=122902
1751
1752         Reviewed by Mark Hahnenberg.
1753         
1754         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1755         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1756         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1757         didn't. Turns out that there's even a helpful method,
1758         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1759
1760         * jit/Repatch.cpp:
1761         (JSC::tryCachePutByID):
1762
1763 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1764
1765         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1766         https://bugs.webkit.org/show_bug.cgi?id=122667
1767
1768         Reviewed by Geoffrey Garen.
1769
1770         The issue this patch is attempting to fix is that there are places in our codebase
1771         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1772         operations that can initiate a garbage collection. Garbage collection then calls 
1773         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1774         always necessarily run during garbage collection). This causes a deadlock.
1775  
1776         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1777         into a thread-local field that indicates that it is unsafe to perform any operation 
1778         that could trigger garbage collection on the current thread. In debug builds, 
1779         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1780         detect deadlocks.
1781  
1782         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1783         which uses the DeferGC mechanism to prevent collections from occurring while the 
1784         lock is held.
1785
1786         * CMakeLists.txt:
1787         * GNUmakefile.list.am:
1788         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1789         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1790         * JavaScriptCore.xcodeproj/project.pbxproj:
1791         * heap/DeferGC.h:
1792         (JSC::DisallowGC::DisallowGC):
1793         (JSC::DisallowGC::~DisallowGC):
1794         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1795         (JSC::DisallowGC::initialize):
1796         * jit/Repatch.cpp:
1797         (JSC::repatchPutByID):
1798         (JSC::buildPutByIdList):
1799         * llint/LLIntSlowPaths.cpp:
1800         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1801         * runtime/ConcurrentJITLock.h:
1802         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1803         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1804         (JSC::ConcurrentJITLockerBase::unlockEarly):
1805         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1806         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1807         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1808         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1809         * runtime/InitializeThreading.cpp:
1810         (JSC::initializeThreadingOnce):
1811         * runtime/JSCellInlines.h:
1812         (JSC::allocateCell):
1813         * runtime/JSSymbolTableObject.h:
1814         (JSC::symbolTablePut):
1815         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1816         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1817         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1818         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1819         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1820         the Structure.
1821         (JSC::Structure::materializePropertyMap):
1822         (JSC::Structure::despecifyDictionaryFunction):
1823         (JSC::Structure::changePrototypeTransition):
1824         (JSC::Structure::despecifyFunctionTransition):
1825         (JSC::Structure::attributeChangeTransition):
1826         (JSC::Structure::toDictionaryTransition):
1827         (JSC::Structure::preventExtensionsTransition):
1828         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1829         (JSC::Structure::isSealed):
1830         (JSC::Structure::isFrozen):
1831         (JSC::Structure::addPropertyWithoutTransition):
1832         (JSC::Structure::removePropertyWithoutTransition):
1833         (JSC::Structure::get):
1834         (JSC::Structure::despecifyFunction):
1835         (JSC::Structure::despecifyAllFunctions):
1836         (JSC::Structure::putSpecificValue):
1837         (JSC::Structure::createPropertyMap):
1838         (JSC::Structure::getPropertyNamesFromStructure):
1839         * runtime/Structure.h:
1840         (JSC::Structure::materializePropertyMapIfNecessary):
1841         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1842         * runtime/StructureInlines.h:
1843         (JSC::Structure::get):
1844         * runtime/SymbolTable.h:
1845         (JSC::SymbolTable::find):
1846         (JSC::SymbolTable::end):
1847
1848 2013-10-16  Daniel Bates  <dabates@apple.com>
1849
1850         Add SPI to disable the garbage collector timer
1851         https://bugs.webkit.org/show_bug.cgi?id=122921
1852
1853         Reviewed by Geoffrey Garen.
1854
1855         Based on a patch by Mark Hahnenberg.
1856
1857         * API/JSBase.cpp:
1858         (JSDisableGCTimer): Added; SPI function.
1859         * API/JSBasePrivate.h:
1860         * heap/BlockAllocator.cpp:
1861         (JSC::createBlockFreeingThread): Added.
1862         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1863         to conditionally create the "block freeing" thread depending on the value of
1864         GCActivityCallback::s_shouldCreateGCTimer.
1865         (JSC::BlockAllocator::~BlockAllocator):
1866         * heap/BlockAllocator.h:
1867         (JSC::BlockAllocator::deallocate):
1868         * heap/Heap.cpp:
1869         (JSC::Heap::didAbandon):
1870         (JSC::Heap::collect):
1871         (JSC::Heap::didAllocate):
1872         * heap/HeapTimer.cpp:
1873         (JSC::HeapTimer::timerDidFire):
1874         * runtime/GCActivityCallback.cpp:
1875         * runtime/GCActivityCallback.h:
1876         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1877         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1878         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1879
1880 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1881
1882         Unreviewed, rolling out r157529.
1883         http://trac.webkit.org/changeset/157529
1884         https://bugs.webkit.org/show_bug.cgi?id=122919
1885
1886         Caused score test failures and some build failures. (Requested
1887         by rfong on #webkit).
1888
1889         * bytecompiler/BytecodeGenerator.cpp:
1890         (JSC::BytecodeGenerator::emitNewArray):
1891         (JSC::BytecodeGenerator::emitCall):
1892         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1893         * bytecompiler/BytecodeGenerator.h:
1894         * bytecompiler/NodesCodegen.cpp:
1895         (JSC::ArrayNode::emitBytecode):
1896         (JSC::CallArguments::CallArguments):
1897         (JSC::ForOfNode::emitBytecode):
1898         (JSC::BindingNode::collectBoundIdentifiers):
1899         * parser/ASTBuilder.h:
1900         * parser/Lexer.cpp:
1901         (JSC::::lex):
1902         * parser/NodeConstructors.h:
1903         (JSC::DotAccessorNode::DotAccessorNode):
1904         * parser/Nodes.h:
1905         * parser/Parser.cpp:
1906         (JSC::::parseArrayLiteral):
1907         (JSC::::parseArguments):
1908         (JSC::::parseMemberExpression):
1909         * parser/Parser.h:
1910         (JSC::Parser::getTokenName):
1911         (JSC::Parser::updateErrorMessageSpecialCase):
1912         * parser/ParserTokens.h:
1913         * parser/SyntaxChecker.h:
1914
1915 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1916
1917         Remove useless architecture specific implementation in DFG.
1918         https://bugs.webkit.org/show_bug.cgi?id=122917.
1919
1920         Reviewed by Michael Saboff.
1921
1922         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1923         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1924
1925         * dfg/DFGSpeculativeJIT.h:
1926
1927 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1928
1929         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1930         https://bugs.webkit.org/show_bug.cgi?id=122916.
1931
1932         Reviewed by Michael Saboff.
1933
1934         This architecture specific function is not used anymore, so get rid of it.
1935
1936         * jit/JIT.h:
1937         * jit/JITInlines.h:
1938
1939 2013-10-16  Oliver Hunt  <oliver@apple.com>
1940
1941         Implement ES6 spread operator
1942         https://bugs.webkit.org/show_bug.cgi?id=122911
1943
1944         Reviewed by Michael Saboff.
1945
1946         Implement the ES6 spread operator
1947
1948         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1949         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1950         driven.
1951
1952         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1953         and actually handling the spread.
1954
1955         * bytecompiler/BytecodeGenerator.cpp:
1956         (JSC::BytecodeGenerator::emitNewArray):
1957         (JSC::BytecodeGenerator::emitCall):
1958         (JSC::BytecodeGenerator::emitEnumeration):
1959         * bytecompiler/BytecodeGenerator.h:
1960         * bytecompiler/NodesCodegen.cpp:
1961         (JSC::ArrayNode::emitBytecode):
1962         (JSC::ForOfNode::emitBytecode):
1963         (JSC::SpreadExpressionNode::emitBytecode):
1964         * parser/ASTBuilder.h:
1965         (JSC::ASTBuilder::createSpreadExpression):
1966         * parser/Lexer.cpp:
1967         (JSC::::lex):
1968         * parser/NodeConstructors.h:
1969         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1970         * parser/Nodes.h:
1971         (JSC::ExpressionNode::isSpreadExpression):
1972         (JSC::SpreadExpressionNode::expression):
1973         * parser/Parser.cpp:
1974         (JSC::::parseArrayLiteral):
1975         (JSC::::parseArguments):
1976         (JSC::::parseMemberExpression):
1977         * parser/Parser.h:
1978         (JSC::Parser::getTokenName):
1979         (JSC::Parser::updateErrorMessageSpecialCase):
1980         * parser/ParserTokens.h:
1981         * parser/SyntaxChecker.h:
1982         (JSC::SyntaxChecker::createSpreadExpression):
1983
1984 2013-10-16  Mark Lam  <mark.lam@apple.com>
1985
1986         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1987         https://bugs.webkit.org/show_bug.cgi?id=122899.
1988
1989         Reviewed by Michael Saboff.
1990
1991         * jit/JITOpcodes32_64.cpp:
1992         (JSC::JIT::emit_op_tear_off_activation):
1993         (JSC::JIT::emit_op_tear_off_arguments):
1994         * jit/JITStubs.cpp:
1995         * jit/JITStubs.h:
1996
1997 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1998
1999         Remove more of the UNINTERRUPTED_SEQUENCE thing
2000         https://bugs.webkit.org/show_bug.cgi?id=122885
2001
2002         Reviewed by Andreas Kling.
2003
2004         It was not completely removed by r157481, leading to build failure for sh4 architecture.
2005
2006         * jit/JIT.h:
2007         * jit/JITInlines.h:
2008
2009 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2010
2011         Get rid of the StructureStubInfo::patch union
2012         https://bugs.webkit.org/show_bug.cgi?id=122877
2013
2014         Reviewed by Sam Weinig.
2015         
2016         Just simplifying code by getting rid of data structures that ain't used no more.
2017         
2018         Note that I replace the patch union with a patch struct. This means we say things like
2019         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
2020         encapsulation makes the code more readable: the patch struct contains just those things
2021         that you need to know to perform patching.
2022
2023         * bytecode/StructureStubInfo.h:
2024         * dfg/DFGJITCompiler.cpp:
2025         (JSC::DFG::JITCompiler::link):
2026         * jit/JIT.cpp:
2027         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2028         * jit/Repatch.cpp:
2029         (JSC::repatchByIdSelfAccess):
2030         (JSC::replaceWithJump):
2031         (JSC::linkRestoreScratch):
2032         (JSC::generateProtoChainAccessStub):
2033         (JSC::tryCacheGetByID):
2034         (JSC::getPolymorphicStructureList):
2035         (JSC::patchJumpToGetByIdStub):
2036         (JSC::tryBuildGetByIDList):
2037         (JSC::emitPutReplaceStub):
2038         (JSC::emitPutTransitionStub):
2039         (JSC::tryCachePutByID):
2040         (JSC::tryBuildPutByIdList):
2041         (JSC::tryRepatchIn):
2042         (JSC::resetGetByID):
2043         (JSC::resetPutByID):
2044         (JSC::resetIn):
2045
2046 2013-10-15  Nadav Rotem  <nrotem@apple.com>
2047
2048         FTL: add support for Int52ToValue and fix putByVal of int52s.
2049         https://bugs.webkit.org/show_bug.cgi?id=122873
2050
2051         Reviewed by Filip Pizlo.
2052
2053         * ftl/FTLCapabilities.cpp:
2054         (JSC::FTL::canCompile):
2055         * ftl/FTLLowerDFGToLLVM.cpp:
2056         (JSC::FTL::LowerDFGToLLVM::compileNode):
2057         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
2058         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2059
2060 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2061
2062         Get rid of the UNINTERRUPTED_SEQUENCE thing
2063         https://bugs.webkit.org/show_bug.cgi?id=122876
2064
2065         Reviewed by Mark Hahnenberg.
2066         
2067         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
2068         
2069         Moreover, we should resist the temptation to bring anything like this back. We don't
2070         want to have inline caches that only work if the assembler lays out code in a specific
2071         predetermined way.
2072
2073         * jit/JIT.h:
2074         * jit/JITCall.cpp:
2075         (JSC::JIT::compileOpCall):
2076         * jit/JITCall32_64.cpp:
2077         (JSC::JIT::compileOpCall):
2078
2079 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2080
2081         Baseline JIT should use the DFG GetById IC
2082         https://bugs.webkit.org/show_bug.cgi?id=122861
2083
2084         Reviewed by Oliver Hunt.
2085         
2086         This mostly just kills a ton of code.
2087         
2088         Note that this doesn't yet do all of the simplifications that can be done, but it does
2089         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
2090
2091         * bytecode/CodeBlock.cpp:
2092         (JSC::CodeBlock::resetStubInternal):
2093         * jit/JIT.cpp:
2094         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2095         * jit/JIT.h:
2096         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2097         * jit/JITInlines.h:
2098         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2099         (JSC::JIT::callOperation):
2100         * jit/JITPropertyAccess.cpp:
2101         (JSC::JIT::compileGetByIdHotPath):
2102         (JSC::JIT::emitSlow_op_get_by_id):
2103         (JSC::JIT::emitSlow_op_get_from_scope):
2104         * jit/JITPropertyAccess32_64.cpp:
2105         (JSC::JIT::compileGetByIdHotPath):
2106         (JSC::JIT::emitSlow_op_get_by_id):
2107         (JSC::JIT::emitSlow_op_get_from_scope):
2108         * jit/JITStubs.cpp:
2109         * jit/JITStubs.h:
2110         * jit/Repatch.cpp:
2111         (JSC::repatchGetByID):
2112         (JSC::buildGetByIDList):
2113         * jit/ThunkGenerators.cpp:
2114         * jit/ThunkGenerators.h:
2115
2116 2013-10-15  Dean Jackson  <dino@apple.com>
2117
2118         Add ENABLE_WEB_ANIMATIONS flag
2119         https://bugs.webkit.org/show_bug.cgi?id=122871
2120
2121         Reviewed by Tim Horton.
2122
2123         Eventually might be http://dev.w3.org/fxtf/web-animations/
2124         but this is just engine-internal work at the moment.
2125
2126         * Configurations/FeatureDefines.xcconfig:
2127
2128 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2129
2130         [sh4] Some calls don't match sh4 ABI.
2131         https://bugs.webkit.org/show_bug.cgi?id=122863
2132
2133         Reviewed by Michael Saboff.
2134
2135         * dfg/DFGSpeculativeJIT.h:
2136         (JSC::DFG::SpeculativeJIT::callOperation):
2137         * jit/CCallHelpers.h:
2138         (JSC::CCallHelpers::setupArgumentsWithExecState):
2139         * jit/JITInlines.h:
2140         (JSC::JIT::callOperation):
2141
2142 2013-10-15  Daniel Bates  <dabates@apple.com>
2143
2144         [iOS] Upstream JavaScriptCore support for ARM64
2145         https://bugs.webkit.org/show_bug.cgi?id=122762
2146
2147         Reviewed by Oliver Hunt and Filip Pizlo.
2148
2149         * Configurations/Base.xcconfig:
2150         * Configurations/DebugRelease.xcconfig:
2151         * Configurations/JavaScriptCore.xcconfig:
2152         * Configurations/ToolExecutable.xcconfig:
2153         * JavaScriptCore.xcodeproj/project.pbxproj:
2154         * assembler/ARM64Assembler.h: Added.
2155         * assembler/AbstractMacroAssembler.h:
2156         (JSC::isARM64):
2157         (JSC::AbstractMacroAssembler::Label::Label):
2158         (JSC::AbstractMacroAssembler::Jump::Jump):
2159         (JSC::AbstractMacroAssembler::Jump::link):
2160         (JSC::AbstractMacroAssembler::Jump::linkTo):
2161         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
2162         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
2163         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
2164         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
2165         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
2166         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
2167         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
2168         (JSC::AbstractMacroAssembler::isTempRegisterValid):
2169         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
2170         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2171         * assembler/LinkBuffer.cpp:
2172         (JSC::LinkBuffer::copyCompactAndLinkCode):
2173         (JSC::LinkBuffer::linkCode):
2174         * assembler/LinkBuffer.h:
2175         * assembler/MacroAssembler.h:
2176         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
2177         (JSC::MacroAssembler::pushToSave):
2178         (JSC::MacroAssembler::popToRestore):
2179         (JSC::MacroAssembler::patchableBranchTest32):
2180         * assembler/MacroAssemblerARM64.h: Added.
2181         * assembler/MacroAssemblerARMv7.h:
2182         * dfg/DFGFixupPhase.cpp:
2183         (JSC::DFG::FixupPhase::fixupNode):
2184         * dfg/DFGOSRExitCompiler32_64.cpp:
2185         (JSC::DFG::OSRExitCompiler::compileExit):
2186         * dfg/DFGOSRExitCompiler64.cpp:
2187         (JSC::DFG::OSRExitCompiler::compileExit):
2188         * dfg/DFGSpeculativeJIT.cpp:
2189         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2190         (JSC::DFG::SpeculativeJIT::compileArithMod):
2191         * disassembler/ARM64/A64DOpcode.cpp: Added.
2192         * disassembler/ARM64/A64DOpcode.h: Added.
2193         * disassembler/ARM64Disassembler.cpp: Added.
2194         * heap/MachineStackMarker.cpp:
2195         (JSC::getPlatformThreadRegisters):
2196         (JSC::otherThreadStackPointer):
2197         * heap/Region.h:
2198         * jit/AssemblyHelpers.h:
2199         (JSC::AssemblyHelpers::debugCall):
2200         * jit/CCallHelpers.h:
2201         * jit/ExecutableAllocator.h:
2202         * jit/FPRInfo.h:
2203         (JSC::FPRInfo::toRegister):
2204         (JSC::FPRInfo::toIndex):
2205         (JSC::FPRInfo::debugName):
2206         * jit/GPRInfo.h:
2207         (JSC::GPRInfo::toRegister):
2208         (JSC::GPRInfo::toIndex):
2209         (JSC::GPRInfo::debugName):
2210         * jit/JITInlines.h:
2211         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2212         * jit/JITOperationWrappers.h:
2213         * jit/JITOperations.cpp:
2214         * jit/JITStubs.cpp:
2215         (JSC::performPlatformSpecificJITAssertions):
2216         (JSC::tryCachePutByID):
2217         * jit/JITStubs.h:
2218         (JSC::JITStackFrame::returnAddressSlot):
2219         * jit/JITStubsARM64.h: Added.
2220         * jit/JSInterfaceJIT.h:
2221         * jit/Repatch.cpp:
2222         (JSC::emitRestoreScratch):
2223         (JSC::generateProtoChainAccessStub):
2224         (JSC::tryCacheGetByID):
2225         (JSC::emitPutReplaceStub):
2226         (JSC::tryCachePutByID):
2227         (JSC::tryRepatchIn):
2228         * jit/ScratchRegisterAllocator.h:
2229         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2230         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2231         * jit/ThunkGenerators.cpp:
2232         (JSC::nativeForGenerator):
2233         (JSC::floorThunkGenerator):
2234         (JSC::ceilThunkGenerator):
2235         * jsc.cpp:
2236         (main):
2237         * llint/LLIntOfflineAsmConfig.h:
2238         * llint/LLIntSlowPaths.cpp:
2239         (JSC::LLInt::handleHostCall):
2240         * llint/LowLevelInterpreter.asm:
2241         * llint/LowLevelInterpreter64.asm:
2242         * offlineasm/arm.rb:
2243         * offlineasm/arm64.rb: Added.
2244         * offlineasm/backends.rb:
2245         * offlineasm/instructions.rb:
2246         * offlineasm/risc.rb:
2247         * offlineasm/transform.rb:
2248         * yarr/YarrJIT.cpp:
2249         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2250         (JSC::Yarr::YarrGenerator::initCallFrame):
2251         (JSC::Yarr::YarrGenerator::removeCallFrame):
2252         (JSC::Yarr::YarrGenerator::generateEnter):
2253         * yarr/YarrJIT.h:
2254
2255 2013-10-15  Mark Lam  <mark.lam@apple.com>
2256
2257         Fix 3 operand sub operation in C loop LLINT.
2258         https://bugs.webkit.org/show_bug.cgi?id=122866.
2259
2260         Reviewed by Geoffrey Garen.
2261
2262         * offlineasm/cloop.rb:
2263
2264 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2265
2266         ObjCCallbackFunctionImpl shouldn't store a JSContext
2267         https://bugs.webkit.org/show_bug.cgi?id=122531
2268
2269         Reviewed by Geoffrey Garen.
2270
2271         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2272         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2273         by looking using the globalObject of the callee when the function callback is invoked.
2274  
2275         Also added a new test that would cause us to crash previously. The test required making 
2276         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2277         in C API callbacks.
2278
2279         * API/JSContextRef.h:
2280         * API/JSContextRefPrivate.h:
2281         * API/ObjCCallbackFunction.mm:
2282         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2283         (JSC::objCCallbackFunctionCallAsFunction):
2284         (objCCallbackFunctionForInvocation):
2285         * API/WebKitAvailability.h:
2286         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2287         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2288         (CallAsConstructor):
2289         (ConstructorFinalize):
2290         (ConstructorClass):
2291         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2292         (-[JSContext valueWithConstructorDescriptor:]):
2293         (currentThisInsideBlockGetterTest):
2294         * API/tests/testapi.mm:
2295         * JavaScriptCore.xcodeproj/project.pbxproj:
2296         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2297
2298 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2299
2300         Fix build after r157457 for architecture with 4 argument registers.
2301         https://bugs.webkit.org/show_bug.cgi?id=122860
2302
2303         Reviewed by Michael Saboff.
2304
2305         * jit/CCallHelpers.h:
2306         (JSC::CCallHelpers::setupStubArguments134):
2307
2308 2013-10-14  Michael Saboff  <msaboff@apple.com>
2309
2310         transition void cti_op_* methods to JIT operations.
2311         https://bugs.webkit.org/show_bug.cgi?id=122617
2312
2313         Reviewed by Geoffrey Garen.
2314
2315         Converted the follow stubs to JIT operations:
2316             cti_handle_watchdog_timer
2317             cti_op_debug
2318             cti_op_pop_scope
2319             cti_op_profile_did_call
2320             cti_op_profile_will_call
2321             cti_op_put_by_index
2322             cti_op_put_getter_setter
2323             cti_op_tear_off_activation
2324             cti_op_tear_off_arguments
2325             cti_op_throw_static_error
2326             cti_optimize
2327
2328         * dfg/DFGOperations.cpp:
2329         * dfg/DFGOperations.h:
2330         * jit/CCallHelpers.h:
2331         (JSC::CCallHelpers::setupArgumentsWithExecState):
2332         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2333         (JSC::CCallHelpers::setupStubArguments):
2334         (JSC::CCallHelpers::setupStubArguments134):
2335         * jit/JIT.cpp:
2336         (JSC::JIT::emitEnterOptimizationCheck):
2337         * jit/JIT.h:
2338         * jit/JITInlines.h:
2339         (JSC::JIT::callOperation):
2340         * jit/JITOpcodes.cpp:
2341         (JSC::JIT::emit_op_tear_off_activation):
2342         (JSC::JIT::emit_op_tear_off_arguments):
2343         (JSC::JIT::emit_op_push_with_scope):
2344         (JSC::JIT::emit_op_pop_scope):
2345         (JSC::JIT::emit_op_push_name_scope):
2346         (JSC::JIT::emit_op_throw_static_error):
2347         (JSC::JIT::emit_op_debug):
2348         (JSC::JIT::emit_op_profile_will_call):
2349         (JSC::JIT::emit_op_profile_did_call):
2350         (JSC::JIT::emitSlow_op_loop_hint):
2351         * jit/JITOpcodes32_64.cpp:
2352         (JSC::JIT::emit_op_push_with_scope):
2353         (JSC::JIT::emit_op_pop_scope):
2354         (JSC::JIT::emit_op_push_name_scope):
2355         (JSC::JIT::emit_op_throw_static_error):
2356         (JSC::JIT::emit_op_debug):
2357         (JSC::JIT::emit_op_profile_will_call):
2358         (JSC::JIT::emit_op_profile_did_call):
2359         * jit/JITOperations.cpp:
2360         * jit/JITOperations.h:
2361         * jit/JITPropertyAccess.cpp:
2362         (JSC::JIT::emit_op_put_by_index):
2363         (JSC::JIT::emit_op_put_getter_setter):
2364         * jit/JITPropertyAccess32_64.cpp:
2365         (JSC::JIT::emit_op_put_by_index):
2366         (JSC::JIT::emit_op_put_getter_setter):
2367         * jit/JITStubs.cpp:
2368         * jit/JITStubs.h:
2369
2370 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2371
2372         [sh4] Introduce const pools in LLINT.
2373         https://bugs.webkit.org/show_bug.cgi?id=122746
2374
2375         Reviewed by Michael Saboff.
2376
2377         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2378         loaded this way:
2379
2380             mov.l .label, rx
2381             bra out
2382             nop
2383             .balign 4
2384             .label: .long immvalue
2385             out:
2386
2387         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2388         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2389
2390         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2391         * offlineasm/sh4.rb:
2392
2393 2013-10-15  Mark Lam  <mark.lam@apple.com>
2394
2395         Fix broken C Loop LLINT build.
2396         https://bugs.webkit.org/show_bug.cgi?id=122839.
2397
2398         Reviewed by Michael Saboff.
2399
2400         * dfg/DFGFlushedAt.cpp:
2401         * jit/JITOperations.h:
2402
2403 2013-10-14  Mark Lam  <mark.lam@apple.com>
2404
2405         Transition *switch* and *scope* JITStubs to JIT operations.
2406         https://bugs.webkit.org/show_bug.cgi?id=122757.
2407
2408         Reviewed by Geoffrey Garen.
2409
2410         Transitioning:
2411             cti_op_switch_char
2412             cti_op_switch_imm
2413             cti_op_switch_string
2414             cti_op_resolve_scope
2415             cti_op_get_from_scope
2416             cti_op_put_to_scope
2417
2418         * jit/JIT.h:
2419         * jit/JITInlines.h:
2420         (JSC::JIT::callOperation):
2421         * jit/JITOpcodes.cpp:
2422         (JSC::JIT::emit_op_switch_imm):
2423         (JSC::JIT::emit_op_switch_char):
2424         (JSC::JIT::emit_op_switch_string):
2425         * jit/JITOpcodes32_64.cpp:
2426         (JSC::JIT::emit_op_switch_imm):
2427         (JSC::JIT::emit_op_switch_char):
2428         (JSC::JIT::emit_op_switch_string):
2429         * jit/JITOperations.cpp:
2430         * jit/JITOperations.h:
2431         * jit/JITPropertyAccess.cpp:
2432         (JSC::JIT::emitSlow_op_resolve_scope):
2433         (JSC::JIT::emitSlow_op_get_from_scope):
2434         (JSC::JIT::emitSlow_op_put_to_scope):
2435         * jit/JITPropertyAccess32_64.cpp:
2436         (JSC::JIT::emitSlow_op_resolve_scope):
2437         (JSC::JIT::emitSlow_op_get_from_scope):
2438         (JSC::JIT::emitSlow_op_put_to_scope):
2439         * jit/JITStubs.cpp:
2440         * jit/JITStubs.h:
2441
2442 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2443
2444         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2445         https://bugs.webkit.org/show_bug.cgi?id=122786
2446
2447         Reviewed by Mark Hahnenberg.
2448
2449         * bytecode/CodeBlock.cpp:
2450         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2451         * jit/Repatch.cpp:
2452         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2453         (JSC::buildPutByIdList): Ditto.
2454
2455 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2456
2457         Add FTL support for LogicalNot(string)
2458         https://bugs.webkit.org/show_bug.cgi?id=122765
2459
2460         Reviewed by Filip Pizlo.
2461
2462         This patch is tested by:
2463         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2464
2465         * ftl/FTLCapabilities.cpp:
2466         (JSC::FTL::canCompile):
2467         * ftl/FTLLowerDFGToLLVM.cpp:
2468         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2469
2470 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2471
2472         [sh4] Fixes after r157404 and r157411.
2473         https://bugs.webkit.org/show_bug.cgi?id=122782
2474
2475         Reviewed by Michael Saboff.
2476
2477         * dfg/DFGSpeculativeJIT.h:
2478         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2479         * jit/CCallHelpers.h:
2480         (JSC::CCallHelpers::setupArgumentsWithExecState):
2481         * jit/JITInlines.h:
2482         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2483         * jit/JITPropertyAccess32_64.cpp:
2484         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2485
2486 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2487
2488         Unreviewed, rolling out r157413.
2489         http://trac.webkit.org/changeset/157413
2490         https://bugs.webkit.org/show_bug.cgi?id=122779
2491
2492         Appears to have caused frequent crashes (Requested by ap on
2493         #webkit).
2494
2495         * CMakeLists.txt:
2496         * GNUmakefile.list.am:
2497         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2498         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2499         * JavaScriptCore.xcodeproj/project.pbxproj:
2500         * heap/DeferGC.cpp: Removed.
2501         * heap/DeferGC.h:
2502         * jit/JITStubs.cpp:
2503         (JSC::tryCacheGetByID):
2504         (JSC::DEFINE_STUB_FUNCTION):
2505         * llint/LLIntSlowPaths.cpp:
2506         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2507         * runtime/ConcurrentJITLock.h:
2508         * runtime/InitializeThreading.cpp:
2509         (JSC::initializeThreadingOnce):
2510         * runtime/JSCellInlines.h:
2511         (JSC::allocateCell):
2512         * runtime/Structure.cpp:
2513         (JSC::Structure::materializePropertyMap):
2514         (JSC::Structure::putSpecificValue):
2515         (JSC::Structure::createPropertyMap):
2516         * runtime/Structure.h:
2517
2518 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2519
2520         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2521         https://bugs.webkit.org/show_bug.cgi?id=122652
2522
2523         Reviewed by Filip Pizlo.
2524
2525         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2526         so we would end up ASSERTing during garbage collection.
2527
2528         * heap/MarkedAllocator.cpp:
2529         (JSC::MarkedAllocator::allocateSlowCase):
2530
2531 2013-10-11  Oliver Hunt  <oliver@apple.com>
2532
2533         Separate out array iteration intrinsics
2534         https://bugs.webkit.org/show_bug.cgi?id=122656
2535
2536         Reviewed by Michael Saboff.
2537
2538         Separate out the intrinsics for key and values iteration
2539         of arrays.
2540
2541         This requires moving moving array iteration into the iterator
2542         instance, rather than the prototype, but this is essentially
2543         unobservable so we'll live with it for now.
2544
2545         * jit/ThunkGenerators.cpp:
2546         (JSC::arrayIteratorNextThunkGenerator):
2547         (JSC::arrayIteratorNextKeyThunkGenerator):
2548         (JSC::arrayIteratorNextValueThunkGenerator):
2549         * jit/ThunkGenerators.h:
2550         * runtime/ArrayIteratorPrototype.cpp:
2551         (JSC::ArrayIteratorPrototype::finishCreation):
2552         * runtime/Intrinsic.h:
2553         * runtime/JSArrayIterator.cpp:
2554         (JSC::JSArrayIterator::finishCreation):
2555         (JSC::createIteratorResult):
2556         (JSC::arrayIteratorNext):
2557         (JSC::arrayIteratorNextKey):
2558         (JSC::arrayIteratorNextValue):
2559         (JSC::arrayIteratorNextGeneric):
2560         * runtime/VM.cpp:
2561         (JSC::thunkGeneratorForIntrinsic):
2562
2563 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2564
2565         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2566         https://bugs.webkit.org/show_bug.cgi?id=122667
2567
2568         Reviewed by Filip Pizlo.
2569
2570         The issue this patch is attempting to fix is that there are places in our codebase
2571         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2572         operations that can initiate a garbage collection. Garbage collection then calls 
2573         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2574         always necessarily run during garbage collection). This causes a deadlock.
2575
2576         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2577         into a thread-local field that indicates that it is unsafe to perform any operation 
2578         that could trigger garbage collection on the current thread. In debug builds, 
2579         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2580         detect deadlocks.
2581
2582         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2583         which uses the DeferGC mechanism to prevent collections from occurring while the 
2584         lock is held.
2585
2586         * CMakeLists.txt:
2587         * GNUmakefile.list.am:
2588         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2589         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2590         * JavaScriptCore.xcodeproj/project.pbxproj:
2591         * heap/DeferGC.cpp: Added.
2592         * heap/DeferGC.h:
2593         (JSC::DisallowGC::DisallowGC):
2594         (JSC::DisallowGC::~DisallowGC):
2595         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2596         (JSC::DisallowGC::initialize):
2597         * jit/JITStubs.cpp:
2598         (JSC::tryCachePutByID):
2599         (JSC::tryCacheGetByID):
2600         (JSC::DEFINE_STUB_FUNCTION):
2601         * llint/LLIntSlowPaths.cpp:
2602         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2603         * runtime/ConcurrentJITLock.h:
2604         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2605         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2606         (JSC::ConcurrentJITLockerBase::unlockEarly):
2607         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2608         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2609         * runtime/InitializeThreading.cpp:
2610         (JSC::initializeThreadingOnce):
2611         * runtime/JSCellInlines.h:
2612         (JSC::allocateCell):
2613         * runtime/Structure.cpp:
2614         (JSC::Structure::materializePropertyMap):
2615         (JSC::Structure::putSpecificValue):
2616         (JSC::Structure::createPropertyMap):
2617         * runtime/Structure.h:
2618
2619 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2620
2621         Baseline JIT should use the DFG's PutById IC
2622         https://bugs.webkit.org/show_bug.cgi?id=122704
2623
2624         Reviewed by Mark Hahnenberg.
2625         
2626         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2627         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2628         
2629         The only complicated part was that the PutById operations assumed that we first did a
2630         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2631         slow paths to deal with EncodedJSValue's.
2632
2633         * bytecode/CodeBlock.cpp:
2634         (JSC::CodeBlock::resetStubInternal):
2635         * bytecode/PutByIdStatus.cpp:
2636         (JSC::PutByIdStatus::computeFor):
2637         * dfg/DFGSpeculativeJIT.h:
2638         (JSC::DFG::SpeculativeJIT::callOperation):
2639         * dfg/DFGSpeculativeJIT32_64.cpp:
2640         (JSC::DFG::SpeculativeJIT::cachedPutById):
2641         * dfg/DFGSpeculativeJIT64.cpp:
2642         (JSC::DFG::SpeculativeJIT::cachedPutById):
2643         * jit/CCallHelpers.h:
2644         (JSC::CCallHelpers::setupArgumentsWithExecState):
2645         * jit/JIT.cpp:
2646         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2647         * jit/JIT.h:
2648         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2649         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2650         * jit/JITInlines.h:
2651         (JSC::JIT::callOperation):
2652         * jit/JITOperationWrappers.h:
2653         * jit/JITOperations.cpp:
2654         * jit/JITOperations.h:
2655         * jit/JITPropertyAccess.cpp:
2656         (JSC::JIT::compileGetByIdHotPath):
2657         (JSC::JIT::compileGetByIdSlowCase):
2658         (JSC::JIT::emit_op_put_by_id):
2659         (JSC::JIT::emitSlow_op_put_by_id):
2660         * jit/JITPropertyAccess32_64.cpp:
2661         (JSC::JIT::compileGetByIdSlowCase):
2662         (JSC::JIT::emit_op_put_by_id):
2663         (JSC::JIT::emitSlow_op_put_by_id):
2664         * jit/JITStubs.cpp:
2665         * jit/JITStubs.h:
2666         * jit/Repatch.cpp:
2667         (JSC::appropriateGenericPutByIdFunction):
2668         (JSC::appropriateListBuildingPutByIdFunction):
2669         (JSC::resetPutByID):
2670
2671 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2672
2673         FTL should have an inefficient but correct implementation of GetById
2674         https://bugs.webkit.org/show_bug.cgi?id=122740
2675
2676         Reviewed by Mark Hahnenberg.
2677         
2678         It took some effort to realize that the node->prediction() check in the DFG backends
2679         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2680         if !prediction.
2681         
2682         But other than that this was an easy patch.
2683
2684         * dfg/DFGByteCodeParser.cpp:
2685         (JSC::DFG::ByteCodeParser::handleGetById):
2686         * dfg/DFGSpeculativeJIT32_64.cpp:
2687         (JSC::DFG::SpeculativeJIT::compile):
2688         * dfg/DFGSpeculativeJIT64.cpp:
2689         (JSC::DFG::SpeculativeJIT::compile):
2690         * ftl/FTLCapabilities.cpp:
2691         (JSC::FTL::canCompile):
2692         * ftl/FTLIntrinsicRepository.h:
2693         * ftl/FTLLowerDFGToLLVM.cpp:
2694         (JSC::FTL::LowerDFGToLLVM::compileNode):
2695         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2696
2697 2013-10-13  Mark Lam  <mark.lam@apple.com>
2698
2699         Transition misc cti_op_* JITStubs to JIT operations.
2700         https://bugs.webkit.org/show_bug.cgi?id=122645.
2701
2702         Reviewed by Michael Saboff.
2703
2704         Stubs converted:
2705             cti_op_check_has_instance
2706             cti_op_create_arguments
2707             cti_op_del_by_id
2708             cti_op_instanceof
2709             cti_to_object
2710             cti_op_push_activation
2711             cti_op_get_pnames
2712             cti_op_load_varargs
2713
2714         * dfg/DFGOperations.cpp:
2715         * dfg/DFGOperations.h:
2716         * jit/CCallHelpers.h:
2717         (JSC::CCallHelpers::setupArgumentsWithExecState):
2718         * jit/JIT.h:
2719         (JSC::JIT::emitStoreCell):
2720         * jit/JITCall.cpp:
2721         (JSC::JIT::compileLoadVarargs):
2722         * jit/JITCall32_64.cpp:
2723         (JSC::JIT::compileLoadVarargs):
2724         * jit/JITInlines.h:
2725         (JSC::JIT::callOperation):
2726         * jit/JITOpcodes.cpp:
2727         (JSC::JIT::emit_op_get_pnames):
2728         (JSC::JIT::emit_op_create_activation):
2729         (JSC::JIT::emit_op_create_arguments):
2730         (JSC::JIT::emitSlow_op_check_has_instance):
2731         (JSC::JIT::emitSlow_op_instanceof):
2732         (JSC::JIT::emitSlow_op_get_argument_by_val):
2733         * jit/JITOpcodes32_64.cpp:
2734         (JSC::JIT::emitSlow_op_check_has_instance):
2735         (JSC::JIT::emitSlow_op_instanceof):
2736         (JSC::JIT::emit_op_get_pnames):
2737         (JSC::JIT::emit_op_create_activation):
2738         (JSC::JIT::emit_op_create_arguments):
2739         (JSC::JIT::emitSlow_op_get_argument_by_val):
2740         * jit/JITOperations.cpp:
2741         * jit/JITOperations.h:
2742         * jit/JITPropertyAccess.cpp:
2743         (JSC::JIT::emit_op_del_by_id):
2744         * jit/JITPropertyAccess32_64.cpp:
2745         (JSC::JIT::emit_op_del_by_id):
2746         * jit/JITStubs.cpp:
2747         * jit/JITStubs.h:
2748
2749 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2750
2751         FTL OSR exit should perform zero extension on values smaller than 64-bit
2752         https://bugs.webkit.org/show_bug.cgi?id=122688
2753
2754         Reviewed by Gavin Barraclough.
2755         
2756         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2757         register will have zeros on the high bits.  In the few cases where the high bits are
2758         non-zero, the DFG sort of tells us this explicitly.
2759
2760         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2761         emit LLVM IR like:
2762
2763             %2 = trunc i64 %1 to i32
2764             stuff %2
2765             call @llvm.webkit.stackmap(...., %2)
2766
2767         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2768         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2769         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2770         from before truncation, and that register may have garbage in the high bits.
2771
2772         This means that on our end, if we want a 32-bit value and we want that value to be
2773         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2774         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2775         end.
2776         
2777         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2778
2779         * ftl/FTLOSRExitCompiler.cpp:
2780         (JSC::FTL::compileStubWithOSRExitStackmap):
2781         * ftl/FTLValueFormat.cpp:
2782         (JSC::FTL::reboxAccordingToFormat):
2783
2784 == Rolled over to ChangeLog-2013-10-13 ==