[DFG] ToString operation should have fixup for primitives to say this node does not...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-15  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         [DFG] ToString operation should have fixup for primitives to say this node does not have side effects
4         https://bugs.webkit.org/show_bug.cgi?id=169544
5
6         Reviewed by Saam Barati.
7
8         Our DFG ToString only considers well about String operands. While ToString(non cell operand) does not have
9         any side effect, it is not modeled well in DFG.
10
11         This patch introduces a fixup for ToString with NonCellUse edge. If this edge is set, ToString does not
12         clobber things (like ToLowerCase, producing String). And ToString(NonCellUse) allows us to perform CSE!
13
14         Our microbenchmark shows 32.9% improvement due to dropped GetButterfly and CSE for ToString().
15
16                                             baseline                  patched
17
18             template-string-array       12.6284+-0.2766     ^      9.4998+-0.2295        ^ definitely 1.3293x faster
19
20         And SixSpeed template_string.es6 shows 16.68x performance improvement due to LICM onto this non-side-effectful ToString().
21
22                                           baseline                  patched
23
24             template_string.es6     3229.7343+-40.5705    ^    193.6077+-36.3349       ^ definitely 16.6818x faster
25
26         * dfg/DFGAbstractInterpreterInlines.h:
27         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
28         * dfg/DFGClobberize.h:
29         (JSC::DFG::clobberize):
30         * dfg/DFGFixupPhase.cpp:
31         (JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):
32         * dfg/DFGSpeculativeJIT.cpp:
33         (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnCell):
34         (JSC::DFG::SpeculativeJIT::speculateNotCell):
35         * dfg/DFGSpeculativeJIT.h:
36         * dfg/DFGSpeculativeJIT32_64.cpp:
37         (JSC::DFG::SpeculativeJIT::compile):
38         * dfg/DFGSpeculativeJIT64.cpp:
39         (JSC::DFG::SpeculativeJIT::compile):
40         * ftl/FTLLowerDFGToB3.cpp:
41         (JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructor):
42         (JSC::FTL::DFG::LowerDFGToB3::lowNotCell):
43         (JSC::FTL::DFG::LowerDFGToB3::speculateNotCell):
44
45 2017-03-15  Ryan Haddad  <ryanhaddad@apple.com>
46
47         Revert part of r213978 to see if it resolves LayoutTest crashes.
48         https://bugs.webkit.org/show_bug.cgi?id=169729
49
50         Reviewed by Alexey Proskuryakov.
51
52         * JavaScriptCore.xcodeproj/project.pbxproj:
53
54 2017-03-15  Guillaume Emont  <guijemont@igalia.com>
55
56         [jsc][mips] Fix compilation error introduced in r213652
57         https://bugs.webkit.org/show_bug.cgi?id=169723
58
59         Reviewed by Mark Lam.
60
61         The new replaceWithBkpt() contains a lapsus in it
62         (s/code/instructionStart) and won't compile.
63
64         * assembler/MIPSAssembler.h:
65         (JSC::MIPSAssembler::replaceWithBkpt):
66
67 2017-03-15  Daniel Ehrenberg  <littledan@chromium.org>
68
69         Switch back to ISO 4217 for Intl CurrencyDigits data
70         https://bugs.webkit.org/show_bug.cgi?id=169182
71     
72         Previously, a patch switched Intl.NumberFormat to use CLDR data through
73         ICU to get the default number of decimal digits for a currency.
74         However, that change actually violated the ECMA 402 specification,
75         which references ISO 4217 as the data source. This patch reverts to
76         an in-line implementation of that data.
77
78         Reviewed by Saam Barati.
79
80         * runtime/IntlNumberFormat.cpp:
81         (JSC::computeCurrencySortKey):
82         (JSC::extractCurrencySortKey):
83         (JSC::computeCurrencyDigits):
84
85 2017-03-15  Saam Barati  <sbarati@apple.com>
86
87         WebAssembly: When we GC to try to get a fast memory, we should call collectAllGarbage(), not collectSync()
88         https://bugs.webkit.org/show_bug.cgi?id=169704
89
90         Reviewed by Mark Lam.
91
92         We weren't always sweeping the memory needed to free
93         the WasmMemory we wanted to use. collectAllGarbage()
94         will do this if the JS objects wrapping WasmMemory
95         are dead.
96
97         This patch also moves the increment of the allocatedFastMemories
98         integer to be thread safe.
99
100         * wasm/WasmMemory.cpp:
101         (JSC::Wasm::tryGetFastMemory):
102
103 2017-03-15  Mark Lam  <mark.lam@apple.com>
104
105         Fix exception scope verification failures in jsc.cpp.
106         https://bugs.webkit.org/show_bug.cgi?id=164968
107
108         Reviewed by Saam Barati.
109
110         * jsc.cpp:
111         (WTF::CustomGetter::customGetter):
112
113         (GlobalObject::moduleLoaderResolve):
114         (GlobalObject::moduleLoaderFetch):
115         - The only way modules would throw an exception is if we encounter an OutOfMemory
116           error.  This should be extremely rare.  At this point, I don't think it's worth
117           doing the dance to propagate the exception when this happens.  Instead, we'll
118           simply do a RELEASE_ASSERT that we don't see any exceptions here.
119
120         (functionRun):
121         (functionRunString):
122         (functionLoadModule):
123         (functionCheckModuleSyntax):
124         (box):
125         (dumpException):
126         (runWithScripts):
127
128 2017-03-15  Mark Lam  <mark.lam@apple.com>
129
130         Fix missing exception checks in Interpreter.cpp.
131         https://bugs.webkit.org/show_bug.cgi?id=164964
132
133         Reviewed by Saam Barati.
134
135         * interpreter/Interpreter.cpp:
136         (JSC::eval):
137         (JSC::sizeOfVarargs):
138         (JSC::sizeFrameForVarargs):
139         (JSC::Interpreter::executeProgram):
140         (JSC::Interpreter::executeCall):
141         (JSC::Interpreter::executeConstruct):
142         (JSC::Interpreter::prepareForRepeatCall):
143         (JSC::Interpreter::execute):
144
145 2017-03-15  Dean Jackson  <dino@apple.com>
146
147         Sort Xcode project files
148         https://bugs.webkit.org/show_bug.cgi?id=169669
149
150         Reviewed by Antoine Quint.
151
152         * JavaScriptCore.xcodeproj/project.pbxproj:
153
154 2017-03-14  Tomas Popela  <tpopela@redhat.com>
155
156         Wrong condition in offlineasm/risc.rb
157         https://bugs.webkit.org/show_bug.cgi?id=169597
158
159         Reviewed by Mark Lam.
160
161         It's missing the 'and' operator between the conditions.
162
163         * offlineasm/risc.rb:
164
165 2017-03-14  Mark Lam  <mark.lam@apple.com>
166
167         BytecodeGenerator should use the same function to determine if it needs to store the DerivedConstructor in an ArrowFunction lexical environment.
168         https://bugs.webkit.org/show_bug.cgi?id=169647
169         <rdar://problem/31051832>
170
171         Reviewed by Michael Saboff.
172
173         * bytecompiler/BytecodeGenerator.cpp:
174         (JSC::BytecodeGenerator::usesDerivedConstructorInArrowFunctionLexicalEnvironment):
175         (JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
176         (JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
177         * bytecompiler/BytecodeGenerator.h:
178
179 2017-03-14  Brian Burg  <bburg@apple.com>
180
181         [Cocoa] Web Inspector: generated code for parsing an array of primitive-type enums from payload does not work
182         https://bugs.webkit.org/show_bug.cgi?id=169629
183
184         Reviewed by Joseph Pecoraro.
185
186         This was encountered while trying to compile new protocol definitions that support the Actions API.
187
188         * inspector/scripts/codegen/models.py:
189         (EnumType.__repr__): Improve debug logging so fields match the class member names.
190
191         * inspector/scripts/codegen/objc_generator.py:
192         (ObjCGenerator.payload_to_objc_expression_for_member):
193         If the array elements are actually a primitive type, then there's no need to do any
194         conversion from a payload. This happens for free since the payload is a tree of
195         NSDictionary, NSString, NSNumber, etc. 
196
197         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
198         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
199         Rebaseline.
200
201         * inspector/scripts/tests/generic/type-declaration-object-type.json:
202         Add new cases for properties that contain an array with enum type references and an array of anonymous enums.
203
204 2017-03-14  Filip Pizlo  <fpizlo@apple.com>
205
206         Record the HashSet/HashMap operations in DFG/FTL/B3 and replay them in a benchmark
207         https://bugs.webkit.org/show_bug.cgi?id=169590
208
209         Reviewed by Saam Barati.
210         
211         Adds code to support logging some hashtable stuff in the DFG.
212
213         * dfg/DFGAvailabilityMap.cpp:
214         (JSC::DFG::AvailabilityMap::pruneHeap):
215         * dfg/DFGCombinedLiveness.cpp:
216         (JSC::DFG::liveNodesAtHead):
217         (JSC::DFG::CombinedLiveness::CombinedLiveness):
218         * dfg/DFGCombinedLiveness.h:
219         * dfg/DFGLivenessAnalysisPhase.cpp:
220         (JSC::DFG::LivenessAnalysisPhase::run):
221         (JSC::DFG::LivenessAnalysisPhase::processBlock):
222         * dfg/DFGNode.cpp:
223         * dfg/DFGNode.h:
224         * dfg/DFGObjectAllocationSinkingPhase.cpp:
225
226 2017-03-14  Joseph Pecoraro  <pecoraro@apple.com>
227
228         Web Inspector: Remove unused Network protocol event
229         https://bugs.webkit.org/show_bug.cgi?id=169619
230
231         Reviewed by Mark Lam.
232
233         * inspector/protocol/Network.json:
234         This became unused in r213621 and should have been removed
235         from the protocol file then.
236
237 2017-03-14  Mark Lam  <mark.lam@apple.com>
238
239         Add a null check in VMTraps::willDestroyVM() to handle a race condition.
240         https://bugs.webkit.org/show_bug.cgi?id=169620
241
242         Reviewed by Filip Pizlo.
243
244         There exists a race between VMTraps::willDestroyVM() (which removed SignalSenders
245         from its m_signalSenders list) and SignalSender::send() (which removes itself
246         from the list).  In the event that SignalSender::send() removes itself between
247         the time that VMTraps::willDestroyVM() checks if m_signalSenders is empty and the
248         time it takes a sender from m_signalSenders, VMTraps::willDestroyVM() may end up
249         with a NULL sender pointer.  The fix is to add the missing null check before using
250         the sender pointer.
251
252         * runtime/VMTraps.cpp:
253         (JSC::VMTraps::willDestroyVM):
254         (JSC::VMTraps::fireTrap):
255         * runtime/VMTraps.h:
256
257 2017-03-14  Mark Lam  <mark.lam@apple.com>
258
259         Gardening: Speculative build fix for CLoop after r213886.
260         https://bugs.webkit.org/show_bug.cgi?id=169436
261
262         Not reviewed.
263
264         * runtime/MachineContext.h:
265
266 2017-03-14  Yusuke Suzuki  <utatane.tea@gmail.com>
267
268         [JSC] Drop unnecessary pthread_attr_t for JIT enabled Linux / FreeBSD environment
269         https://bugs.webkit.org/show_bug.cgi?id=169592
270
271         Reviewed by Carlos Garcia Campos.
272
273         Since suspended mcontext_t has all the necessary information, we can drop
274         pthread_attr_t allocation and destroy for JIT enabled Linux / FreeBSD environment.
275
276         * heap/MachineStackMarker.cpp:
277         (JSC::MachineThreads::Thread::getRegisters):
278         (JSC::MachineThreads::Thread::Registers::stackPointer):
279         (JSC::MachineThreads::Thread::Registers::framePointer):
280         (JSC::MachineThreads::Thread::Registers::instructionPointer):
281         (JSC::MachineThreads::Thread::Registers::llintPC):
282         (JSC::MachineThreads::Thread::freeRegisters):
283         * heap/MachineStackMarker.h:
284
285 2017-03-14  Zan Dobersek  <zdobersek@igalia.com>
286
287         [GLib] Use USE(GLIB) guards in JavaScriptCore/inspector/EventLoop.cpp
288         https://bugs.webkit.org/show_bug.cgi?id=169594
289
290         Reviewed by Carlos Garcia Campos.
291
292         Instead of PLATFORM(GTK) guards, utilize the USE(GLIB) build guards
293         to guard the GLib-specific includes and invocations in the JSC
294         inspector's EventLoop class implementation.
295
296         * inspector/EventLoop.cpp:
297         (Inspector::EventLoop::cycle):
298
299 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
300
301         [JSC][Linux] Implement VMTrap in Linux ports
302         https://bugs.webkit.org/show_bug.cgi?id=169436
303
304         Reviewed by Mark Lam.
305
306         This patch port VMTrap to Linux ports.
307         We extract MachineContext accessors from various places (wasm/, heap/ and tools/)
308         and use them in all the JSC code.
309
310         * JavaScriptCore.xcodeproj/project.pbxproj:
311         * heap/MachineStackMarker.cpp:
312         (JSC::MachineThreads::Thread::Registers::stackPointer):
313         (JSC::MachineThreads::Thread::Registers::framePointer):
314         (JSC::MachineThreads::Thread::Registers::instructionPointer):
315         (JSC::MachineThreads::Thread::Registers::llintPC):
316         * heap/MachineStackMarker.h:
317         * runtime/MachineContext.h: Added.
318         (JSC::MachineContext::stackPointer):
319         (JSC::MachineContext::framePointer):
320         (JSC::MachineContext::instructionPointer):
321         (JSC::MachineContext::argumentPointer<1>):
322         (JSC::MachineContext::argumentPointer):
323         (JSC::MachineContext::llintInstructionPointer):
324         * runtime/PlatformThread.h:
325         (JSC::platformThreadSignal):
326         * runtime/VMTraps.cpp:
327         (JSC::SignalContext::SignalContext):
328         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
329         * tools/CodeProfiling.cpp:
330         (JSC::profilingTimer):
331         * tools/SigillCrashAnalyzer.cpp:
332         (JSC::SignalContext::SignalContext):
333         (JSC::SignalContext::dump):
334         * tools/VMInspector.cpp:
335         * wasm/WasmFaultSignalHandler.cpp:
336         (JSC::Wasm::trapHandler):
337
338 2017-03-13  Mark Lam  <mark.lam@apple.com>
339
340         Make the HeapVerifier useful again.
341         https://bugs.webkit.org/show_bug.cgi?id=161752
342
343         Reviewed by Filip Pizlo.
344
345         Resurrect the HeapVerifier.  Here's what the verifier now offers:
346
347         1. It captures the list of cells before and after GCs up to N GC cycles.
348            N is set by JSC_numberOfGCCyclesToRecordForVerification.
349            Currently, N defaults to 3.
350
351            This is useful if we're debugging in lldb and want to check if a candidate
352            cell pointer was observed by the GC during the last N GC cycles.  We can do
353            this check buy calling HeapVerifier::checkIfRecorded() with the cell address.
354
355            HeapVerifier::checkIfRecorded() is robust and can be used on bogus addresses.
356            If the candidate cell was previously recorded by the HeapVerifier during a
357            GC cycle, checkIfRecorded() will dump any useful info it has on that cell.
358
359         2. The HeapVerifier will verify that cells in its captured list after a GC are
360            sane.  Some examples of cell insanity are:
361            - the cell claims to belong to a different VM.
362            - the cell has a NULL structureID.
363            - the cell has a NULL structure.
364            - the cell's structure has a NULL structureID.
365            - the cell's structure has a NULL structure.
366            - the cell's structure's structure has a NULL structureID.
367            - the cell's structure's structure has a NULL structure.
368
369            These are all signs of corruption or a GC bug.  The verifier will report any
370            insanity it finds, and then crash with a RELEASE_ASSERT.
371
372         3. Since the HeapVerifier captures list of cells in the heap before and after GCs
373            for the last N GCs, it will also automatically "trim" dead cells those list
374            after the most recent GC.
375
376            "trim" here means that the CellProfile in the HeapVerifier's lists will be
377            updated to reflect that the cell is now dead.  It still keeps a record of the
378            dead cell pointer and the meta data collected about it back when it was alive.
379            As a result, checkIfRecorded() will also report if the candidate cell passed
380            to it is a dead object from a previous GC cycle. 
381
382         4. Each CellProfile captured by the HeapVerifier now track the following info:
383            - the cell's HeapCell::Kind.
384            - the cell's liveness.
385            - if is JSCell, the cell's classInfo()->className.
386            - an associated timestamp.
387            - an associated stack trace.
388
389            Currently, the timestamp is only used for the time when the cell was recorded
390            by the HeapVerifier during GC.  The stack trace is currently unused.
391
392            However, these fields are kept there so that we can instrument the VM (during
393            a debugging session, which requires rebuilding the VM) and record interesting
394            stack traces like that of the time of allocation of the cell.  Since
395            capturing the stack traces for each cell is a very heavy weight operation,
396            the HeapVerifier code does not do this by default.  Instead, we just leave
397            the building blocks for doing so in place to ease future debugging efforts.
398
399         * heap/Heap.cpp:
400         (JSC::Heap::runBeginPhase):
401         (JSC::Heap::runEndPhase):
402         (JSC::Heap::didFinishCollection):
403         * heap/Heap.h:
404         (JSC::Heap::verifier):
405         * heap/MarkedAllocator.h:
406         (JSC::MarkedAllocator::takeLastActiveBlock): Deleted.
407         * heap/MarkedSpace.h:
408         * heap/MarkedSpaceInlines.h:
409         (JSC::MarkedSpace::forEachLiveCell):
410         * tools/CellList.cpp:
411         (JSC::CellList::find):
412         (JSC::CellList::reset):
413         (JSC::CellList::findCell): Deleted.
414         * tools/CellList.h:
415         (JSC::CellList::CellList):
416         (JSC::CellList::name):
417         (JSC::CellList::size):
418         (JSC::CellList::cells):
419         (JSC::CellList::add):
420         (JSC::CellList::reset): Deleted.
421         * tools/CellProfile.h:
422         (JSC::CellProfile::CellProfile):
423         (JSC::CellProfile::cell):
424         (JSC::CellProfile::jsCell):
425         (JSC::CellProfile::isJSCell):
426         (JSC::CellProfile::kind):
427         (JSC::CellProfile::isLive):
428         (JSC::CellProfile::isDead):
429         (JSC::CellProfile::setIsLive):
430         (JSC::CellProfile::setIsDead):
431         (JSC::CellProfile::timestamp):
432         (JSC::CellProfile::className):
433         (JSC::CellProfile::stackTrace):
434         (JSC::CellProfile::setStackTrace):
435         * tools/HeapVerifier.cpp:
436         (JSC::HeapVerifier::startGC):
437         (JSC::HeapVerifier::endGC):
438         (JSC::HeapVerifier::gatherLiveCells):
439         (JSC::trimDeadCellsFromList):
440         (JSC::HeapVerifier::trimDeadCells):
441         (JSC::HeapVerifier::printVerificationHeader):
442         (JSC::HeapVerifier::verifyCellList):
443         (JSC::HeapVerifier::validateCell):
444         (JSC::HeapVerifier::validateJSCell):
445         (JSC::HeapVerifier::verify):
446         (JSC::HeapVerifier::reportCell):
447         (JSC::HeapVerifier::checkIfRecorded):
448         (JSC::HeapVerifier::initializeGCCycle): Deleted.
449         (JSC::GatherCellFunctor::GatherCellFunctor): Deleted.
450         (JSC::GatherCellFunctor::visit): Deleted.
451         (JSC::GatherCellFunctor::operator()): Deleted.
452         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace): Deleted.
453         * tools/HeapVerifier.h:
454         (JSC::HeapVerifier::GCCycle::reset):
455
456 2017-03-13  SKumarMetro  <s.kumar@metrological.com>
457
458         JSC: fix compilation errors for MIPS
459         https://bugs.webkit.org/show_bug.cgi?id=168402
460
461         Reviewed by Mark Lam.
462
463         * assembler/MIPSAssembler.h:
464         (JSC::MIPSAssembler::fillNops):
465         Added.
466         * assembler/MacroAssemblerMIPS.h:
467         Added MacroAssemblerMIPS::numGPRs and MacroAssemblerMIPS::numFPRs .
468         * bytecode/InlineAccess.h:
469         (JSC::InlineAccess::sizeForPropertyAccess):
470         (JSC::InlineAccess::sizeForPropertyReplace):
471         (JSC::InlineAccess::sizeForLengthAccess):
472         Added MIPS cases.
473
474 2017-03-13  Filip Pizlo  <fpizlo@apple.com>
475
476         FTL should not flush strict arguments unless it really needs to
477         https://bugs.webkit.org/show_bug.cgi?id=169519
478
479         Reviewed by Mark Lam.
480         
481         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
482         in DFG SSA IR. It can sometimes unlock other optimizations.
483         
484         Relanding after I fixed the special cases for CreateArguments-style nodes. 
485
486         * dfg/DFGPreciseLocalClobberize.h:
487         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
488
489 2017-03-13  Devin Rousso  <webkit@devinrousso.com>
490
491         Web Inspector: Event Listeners section is missing 'once', 'passive' event listener flags
492         https://bugs.webkit.org/show_bug.cgi?id=167080
493
494         Reviewed by Joseph Pecoraro.
495
496         * inspector/protocol/DOM.json:
497         Add "passive" and "once" items to the EventListener type.
498
499 2017-03-13  Mark Lam  <mark.lam@apple.com>
500
501         Remove obsolete experimental ObjC SPI.
502         https://bugs.webkit.org/show_bug.cgi?id=169569
503
504         Reviewed by Saam Barati.
505
506         * API/JSVirtualMachine.mm:
507         (-[JSVirtualMachine enableSigillCrashAnalyzer]): Deleted.
508         * API/JSVirtualMachinePrivate.h: Removed.
509         * JavaScriptCore.xcodeproj/project.pbxproj:
510
511 2017-03-13  Commit Queue  <commit-queue@webkit.org>
512
513         Unreviewed, rolling out r213856.
514         https://bugs.webkit.org/show_bug.cgi?id=169562
515
516         Breaks JSC stress test stress/super-property-access.js.ftl-
517         eager failing (Requested by mlam|g on #webkit).
518
519         Reverted changeset:
520
521         "FTL should not flush strict arguments unless it really needs
522         to"
523         https://bugs.webkit.org/show_bug.cgi?id=169519
524         http://trac.webkit.org/changeset/213856
525
526 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
527
528         [JSC][Linux] Allow profilers to demangle C++ names
529         https://bugs.webkit.org/show_bug.cgi?id=169559
530
531         Reviewed by Michael Catanzaro.
532
533         Linux also offers dladdr & demangling feature.
534         Thus, we can use it to show the names in profilers.
535         For example, SamplingProfiler tells us the C function names.
536
537         * runtime/SamplingProfiler.cpp:
538         (JSC::SamplingProfiler::StackFrame::displayName):
539         * tools/CodeProfile.cpp:
540         (JSC::symbolName):
541
542 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
543
544         [WTF] Clean up RunLoop and WorkQueue with Seconds and Function
545         https://bugs.webkit.org/show_bug.cgi?id=169537
546
547         Reviewed by Sam Weinig.
548
549         * runtime/Watchdog.cpp:
550         (JSC::Watchdog::startTimer):
551
552 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
553
554         FTL should not flush strict arguments unless it really needs to
555         https://bugs.webkit.org/show_bug.cgi?id=169519
556
557         Reviewed by Mark Lam.
558         
559         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
560         in DFG SSA IR. It can sometimes unlock other optimizations.
561
562         * dfg/DFGPreciseLocalClobberize.h:
563         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
564
565 2017-03-13  Caio Lima  <ticaiolima@gmail.com>
566
567         [JSC] It should be possible create a label named let when parsing Statement in non strict mode
568         https://bugs.webkit.org/show_bug.cgi?id=168684
569
570         Reviewed by Saam Barati.
571
572         This patch is fixing a Parser bug to allow define a label named
573         ```let``` in sloppy mode when parsing a Statement.
574
575         * parser/Parser.cpp:
576         (JSC::Parser<LexerType>::parseStatement):
577
578 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
579
580         Structure::willStoreValueSlow needs to keep the property table alive until the end
581         https://bugs.webkit.org/show_bug.cgi?id=169520
582
583         Reviewed by Michael Saboff.
584
585         We use pointers logically interior to `propertyTable` after doing a GC. We need to prevent the
586         compiler from optimizing away pointers to `propertyTable`.
587         
588         * heap/HeapCell.cpp:
589         (JSC::HeapCell::use):
590         * heap/HeapCell.h:
591         (JSC::HeapCell::use): Introduce API for keeping a pointer alive until some point in execution.
592         * runtime/Structure.cpp:
593         (JSC::Structure::willStoreValueSlow): Use HeapCell::use() to keep the pointer alive.
594
595 2017-03-11  Yusuke Suzuki  <utatane.tea@gmail.com>
596
597         Unreviewed, suprress warnings in JSC B3
598
599         * b3/B3Opcode.cpp:
600
601 2017-03-11  Michael Saboff  <msaboff@apple.com>
602
603         Allow regular expressions to be used when selecting a process name in JSC config file
604         https://bugs.webkit.org/show_bug.cgi?id=169495
605
606         Reviewed by Saam Barati.
607
608         Only added regular expression selectors for unix like platforms.
609
610         * runtime/ConfigFile.cpp:
611         (JSC::ConfigFileScanner::tryConsumeRegExPattern):
612         (JSC::ConfigFile::parse):
613
614 2017-03-11  Jon Lee  <jonlee@apple.com>
615
616         WebGPU prototype - Front-End
617         https://bugs.webkit.org/show_bug.cgi?id=167952
618
619         Reviewed by Dean Jackson.
620
621         * runtime/CommonIdentifiers.h: Add WebGPU objects.
622
623 2017-03-10  Filip Pizlo  <fpizlo@apple.com>
624
625         The JITs should be able to emit fast TLS loads
626         https://bugs.webkit.org/show_bug.cgi?id=169483
627
628         Reviewed by Keith Miller.
629         
630         Added loadFromTLS32/64/Ptr to the MacroAssembler and added a B3 test for this.
631
632         * assembler/ARM64Assembler.h:
633         (JSC::ARM64Assembler::mrs_TPIDRRO_EL0):
634         * assembler/MacroAssembler.h:
635         (JSC::MacroAssembler::loadFromTLSPtr):
636         * assembler/MacroAssemblerARM64.h:
637         (JSC::MacroAssemblerARM64::loadFromTLS32):
638         (JSC::MacroAssemblerARM64::loadFromTLS64):
639         * assembler/MacroAssemblerX86Common.h:
640         (JSC::MacroAssemblerX86Common::loadFromTLS32):
641         * assembler/MacroAssemblerX86_64.h:
642         (JSC::MacroAssemblerX86_64::loadFromTLS64):
643         * assembler/X86Assembler.h:
644         (JSC::X86Assembler::adcl_im):
645         (JSC::X86Assembler::addl_mr):
646         (JSC::X86Assembler::addl_im):
647         (JSC::X86Assembler::andl_im):
648         (JSC::X86Assembler::orl_im):
649         (JSC::X86Assembler::orl_rm):
650         (JSC::X86Assembler::subl_im):
651         (JSC::X86Assembler::cmpb_im):
652         (JSC::X86Assembler::cmpl_rm):
653         (JSC::X86Assembler::cmpl_im):
654         (JSC::X86Assembler::testb_im):
655         (JSC::X86Assembler::movb_i8m):
656         (JSC::X86Assembler::movb_rm):
657         (JSC::X86Assembler::movl_mr):
658         (JSC::X86Assembler::movq_mr):
659         (JSC::X86Assembler::movsxd_rr):
660         (JSC::X86Assembler::gs):
661         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
662         * b3/testb3.cpp:
663         (JSC::B3::testFastTLS):
664         (JSC::B3::run):
665
666 2017-03-10  Alex Christensen  <achristensen@webkit.org>
667
668         Fix watch and tv builds after r213294
669         https://bugs.webkit.org/show_bug.cgi?id=169508
670
671         Reviewed by Dan Bernstein.
672
673         * Configurations/FeatureDefines.xcconfig:
674
675 2017-03-10  Saam Barati  <sbarati@apple.com>
676
677         WebAssembly: Make more demos run
678         https://bugs.webkit.org/show_bug.cgi?id=165510
679         <rdar://problem/29760310>
680
681         Reviewed by Keith Miller.
682
683         This patch makes another Wasm demo run:
684         https://kripken.github.io/BananaBread/cube2/bb.html
685         
686         This patch fixes two bugs:
687         1. When WebAssemblyFunctionType was added, we did not properly
688         update the last JS type value.
689         2. Our code for our JS -> Wasm entrypoint was wrong. It lead to bad
690         code generation where we would emit B3 that would write over r12
691         and rbx (on x86) which is invalid since those are our pinned registers.
692         This patch just rewrites the entrypoint to use hand written assembler
693         code. I was planning on doing this anyways because it's a compile
694         time speed boost.
695         
696         Also, this patch adds support for some new API features:
697         We can now export an import, either via a direct export, or via a Table and the
698         Element section. I've added a new class called WebAssemblyWrapperFunction that
699         just wraps over a JSObject that is a function. Wrapper functions have types
700         associated with them, so if they're re-imported, or called via call_indirect,
701         they can be type checked.
702
703         * CMakeLists.txt:
704         * JavaScriptCore.xcodeproj/project.pbxproj:
705         * runtime/JSGlobalObject.cpp:
706         (JSC::JSGlobalObject::init):
707         (JSC::JSGlobalObject::visitChildren):
708         * runtime/JSGlobalObject.h:
709         (JSC::JSGlobalObject::webAssemblyWrapperFunctionStructure):
710         * runtime/JSType.h:
711         * wasm/JSWebAssemblyCodeBlock.h:
712         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
713         * wasm/WasmB3IRGenerator.cpp:
714         (JSC::Wasm::createJSToWasmWrapper):
715         * wasm/WasmCallingConvention.h:
716         (JSC::Wasm::CallingConvention::headerSizeInBytes):
717         * wasm/js/JSWebAssemblyHelpers.h:
718         (JSC::isWebAssemblyHostFunction):
719         * wasm/js/JSWebAssemblyInstance.cpp:
720         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
721         * wasm/js/JSWebAssemblyInstance.h:
722         (JSC::JSWebAssemblyInstance::importFunction):
723         (JSC::JSWebAssemblyInstance::importFunctions):
724         (JSC::JSWebAssemblyInstance::setImportFunction):
725         * wasm/js/JSWebAssemblyTable.cpp:
726         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
727         (JSC::JSWebAssemblyTable::grow):
728         (JSC::JSWebAssemblyTable::clearFunction):
729         (JSC::JSWebAssemblyTable::setFunction):
730         * wasm/js/JSWebAssemblyTable.h:
731         (JSC::JSWebAssemblyTable::getFunction):
732         * wasm/js/WebAssemblyFunction.cpp:
733         (JSC::callWebAssemblyFunction):
734         * wasm/js/WebAssemblyInstanceConstructor.cpp:
735         (JSC::WebAssemblyInstanceConstructor::createInstance):
736         * wasm/js/WebAssemblyModuleRecord.cpp:
737         (JSC::WebAssemblyModuleRecord::link):
738         (JSC::WebAssemblyModuleRecord::evaluate):
739         * wasm/js/WebAssemblyModuleRecord.h:
740         * wasm/js/WebAssemblyTablePrototype.cpp:
741         (JSC::webAssemblyTableProtoFuncGet):
742         (JSC::webAssemblyTableProtoFuncSet):
743         * wasm/js/WebAssemblyWrapperFunction.cpp: Added.
744         (JSC::callWebAssemblyWrapperFunction):
745         (JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
746         (JSC::WebAssemblyWrapperFunction::create):
747         (JSC::WebAssemblyWrapperFunction::finishCreation):
748         (JSC::WebAssemblyWrapperFunction::createStructure):
749         (JSC::WebAssemblyWrapperFunction::visitChildren):
750         * wasm/js/WebAssemblyWrapperFunction.h: Added.
751         (JSC::WebAssemblyWrapperFunction::signatureIndex):
752         (JSC::WebAssemblyWrapperFunction::wasmEntrypoint):
753         (JSC::WebAssemblyWrapperFunction::function):
754
755 2017-03-10  Mark Lam  <mark.lam@apple.com>
756
757         JSC: BindingNode::bindValue doesn't increase the scope's reference count.
758         https://bugs.webkit.org/show_bug.cgi?id=168546
759         <rdar://problem/30589551>
760
761         Reviewed by Saam Barati.
762
763         We should protect the scope RegisterID with a RefPtr while it is still needed.
764
765         * bytecompiler/NodesCodegen.cpp:
766         (JSC::ForInNode::emitLoopHeader):
767         (JSC::ForOfNode::emitBytecode):
768         (JSC::BindingNode::bindValue):
769
770 2017-03-10  Alex Christensen  <achristensen@webkit.org>
771
772         Fix CMake build.
773
774         * CMakeLists.txt:
775         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
776
777 2017-03-10  Mark Lam  <mark.lam@apple.com>
778
779         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
780         https://bugs.webkit.org/show_bug.cgi?id=169454
781
782         Reviewed by Michael Saboff.
783
784         The underlying implementation is hoisted right out of Assertions.cpp from the
785         implementations of WTFPrintBacktrace().
786
787         The reason we need this StackTrace object is because during heap debugging, we
788         sometimes want to capture the stack trace that allocated the objects of interest.
789         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
790         perturb the execution profile sufficiently that an issue may not reproduce,
791         while alternatively, just capturing the stack trace and deferring printing it
792         till we actually need it later perturbs the execution profile less.
793
794         In addition, just capturing the stack traces (instead of printing them
795         immediately at each capture site) allows us to avoid polluting stdout with tons
796         of stack traces that may be irrelevant.
797
798         For now, we only capture the native stack trace.  We'll leave capturing and
799         integrating the JS stack trace as an exercise for the future if we need it then.
800
801         Here's an example of how to use this StackTrace utility:
802
803             // Capture a stack trace of the top 10 frames.
804             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
805             // Print the trace.
806             dataLog(*trace);
807
808         * CMakeLists.txt:
809         * JavaScriptCore.xcodeproj/project.pbxproj:
810         * tools/StackTrace.cpp: Added.
811         (JSC::StackTrace::instanceSize):
812         (JSC::StackTrace::captureStackTrace):
813         (JSC::StackTrace::dump):
814         * tools/StackTrace.h: Added.
815         (JSC::StackTrace::size):
816         (JSC::StackTrace::StackTrace):
817
818 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
819
820         B3 should have comprehensive support for atomic operations
821         https://bugs.webkit.org/show_bug.cgi?id=162349
822
823         Reviewed by Keith Miller.
824         
825         This adds the following capabilities to B3:
826         
827         - Atomic weak/strong unfenced/fenced compare-and-swap
828         - Atomic add/sub/or/and/xor/xchg
829         - Acquire/release fencing on loads/stores
830         - Fenceless load-load dependencies
831         
832         This adds lowering to the following instructions on x86:
833         
834         - lock cmpxchg
835         - lock xadd
836         - lock add/sub/or/and/xor/xchg
837         
838         This adds lowering to the following instructions on ARM64:
839         
840         - ldar and friends
841         - stlr and friends
842         - ldxr and friends (unfenced LL)
843         - stxr and friends (unfended SC)
844         - ldaxr and friends (fenced LL)
845         - stlxr and friends (fenced SC)
846         - eor as a fenceless load-load dependency
847         
848         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
849         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
850         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
851         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
852         generate the best possible branch sequence on x86 and ARM64.
853         
854         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
855         respect to each other and with respect to rel stores, creating sequential consistency that
856         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
857         fence effects may only target some abstract heaps but not others, so that load elimination and
858         store sinking can still operate across fences if you just tell B3 that the fence does not alias
859         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
860         Even better, it lets you express fine-grained dependencies where the atomics that affect one
861         property in shared memory do not clobber non-atomics that ffect some other property in shared
862         memory.
863         
864         One of my favorite features is Depend, which allows you to express load-load dependencies. On
865         x86 it lowers to nothing, while on ARM64 it lowers to eor.
866         
867         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
868         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
869         
870         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
871         implementations of the Atomics object, for now.
872         
873         * CMakeLists.txt:
874         * JavaScriptCore.xcodeproj/project.pbxproj:
875         * assembler/ARM64Assembler.h:
876         (JSC::ARM64Assembler::ldar):
877         (JSC::ARM64Assembler::ldxr):
878         (JSC::ARM64Assembler::ldaxr):
879         (JSC::ARM64Assembler::stxr):
880         (JSC::ARM64Assembler::stlr):
881         (JSC::ARM64Assembler::stlxr):
882         (JSC::ARM64Assembler::excepnGenerationImmMask):
883         (JSC::ARM64Assembler::exoticLoad):
884         (JSC::ARM64Assembler::storeRelease):
885         (JSC::ARM64Assembler::exoticStore):
886         * assembler/AbstractMacroAssembler.cpp: Added.
887         (WTF::printInternal):
888         * assembler/AbstractMacroAssembler.h:
889         (JSC::AbstractMacroAssemblerBase::invert):
890         * assembler/MacroAssembler.h:
891         * assembler/MacroAssemblerARM64.h:
892         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
893         (JSC::MacroAssemblerARM64::loadAcq8):
894         (JSC::MacroAssemblerARM64::storeRel8):
895         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
896         (JSC::MacroAssemblerARM64::loadAcq16):
897         (JSC::MacroAssemblerARM64::storeRel16):
898         (JSC::MacroAssemblerARM64::loadAcq32):
899         (JSC::MacroAssemblerARM64::loadAcq64):
900         (JSC::MacroAssemblerARM64::storeRel32):
901         (JSC::MacroAssemblerARM64::storeRel64):
902         (JSC::MacroAssemblerARM64::loadLink8):
903         (JSC::MacroAssemblerARM64::loadLinkAcq8):
904         (JSC::MacroAssemblerARM64::storeCond8):
905         (JSC::MacroAssemblerARM64::storeCondRel8):
906         (JSC::MacroAssemblerARM64::loadLink16):
907         (JSC::MacroAssemblerARM64::loadLinkAcq16):
908         (JSC::MacroAssemblerARM64::storeCond16):
909         (JSC::MacroAssemblerARM64::storeCondRel16):
910         (JSC::MacroAssemblerARM64::loadLink32):
911         (JSC::MacroAssemblerARM64::loadLinkAcq32):
912         (JSC::MacroAssemblerARM64::storeCond32):
913         (JSC::MacroAssemblerARM64::storeCondRel32):
914         (JSC::MacroAssemblerARM64::loadLink64):
915         (JSC::MacroAssemblerARM64::loadLinkAcq64):
916         (JSC::MacroAssemblerARM64::storeCond64):
917         (JSC::MacroAssemblerARM64::storeCondRel64):
918         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
919         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
920         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
921         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
922         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
923         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
924         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
925         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
926         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
927         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
928         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
929         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
930         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
931         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
932         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
933         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
934         (JSC::MacroAssemblerARM64::depend32):
935         (JSC::MacroAssemblerARM64::depend64):
936         (JSC::MacroAssemblerARM64::loadLink):
937         (JSC::MacroAssemblerARM64::loadLinkAcq):
938         (JSC::MacroAssemblerARM64::storeCond):
939         (JSC::MacroAssemblerARM64::storeCondRel):
940         (JSC::MacroAssemblerARM64::signExtend):
941         (JSC::MacroAssemblerARM64::branch):
942         (JSC::MacroAssemblerARM64::atomicStrongCAS):
943         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
944         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
945         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
946         (JSC::MacroAssemblerARM64::extractSimpleAddress):
947         (JSC::MacroAssemblerARM64::signExtend<8>):
948         (JSC::MacroAssemblerARM64::signExtend<16>):
949         (JSC::MacroAssemblerARM64::branch<64>):
950         * assembler/MacroAssemblerX86Common.h:
951         (JSC::MacroAssemblerX86Common::add32):
952         (JSC::MacroAssemblerX86Common::and32):
953         (JSC::MacroAssemblerX86Common::and16):
954         (JSC::MacroAssemblerX86Common::and8):
955         (JSC::MacroAssemblerX86Common::neg32):
956         (JSC::MacroAssemblerX86Common::neg16):
957         (JSC::MacroAssemblerX86Common::neg8):
958         (JSC::MacroAssemblerX86Common::or32):
959         (JSC::MacroAssemblerX86Common::or16):
960         (JSC::MacroAssemblerX86Common::or8):
961         (JSC::MacroAssemblerX86Common::sub16):
962         (JSC::MacroAssemblerX86Common::sub8):
963         (JSC::MacroAssemblerX86Common::sub32):
964         (JSC::MacroAssemblerX86Common::xor32):
965         (JSC::MacroAssemblerX86Common::xor16):
966         (JSC::MacroAssemblerX86Common::xor8):
967         (JSC::MacroAssemblerX86Common::not32):
968         (JSC::MacroAssemblerX86Common::not16):
969         (JSC::MacroAssemblerX86Common::not8):
970         (JSC::MacroAssemblerX86Common::store16):
971         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
972         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
973         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
974         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
975         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
976         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
977         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
978         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
979         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
980         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
981         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
982         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
983         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
984         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
985         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
986         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
987         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
988         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
989         (JSC::MacroAssemblerX86Common::atomicAdd8):
990         (JSC::MacroAssemblerX86Common::atomicAdd16):
991         (JSC::MacroAssemblerX86Common::atomicAdd32):
992         (JSC::MacroAssemblerX86Common::atomicSub8):
993         (JSC::MacroAssemblerX86Common::atomicSub16):
994         (JSC::MacroAssemblerX86Common::atomicSub32):
995         (JSC::MacroAssemblerX86Common::atomicAnd8):
996         (JSC::MacroAssemblerX86Common::atomicAnd16):
997         (JSC::MacroAssemblerX86Common::atomicAnd32):
998         (JSC::MacroAssemblerX86Common::atomicOr8):
999         (JSC::MacroAssemblerX86Common::atomicOr16):
1000         (JSC::MacroAssemblerX86Common::atomicOr32):
1001         (JSC::MacroAssemblerX86Common::atomicXor8):
1002         (JSC::MacroAssemblerX86Common::atomicXor16):
1003         (JSC::MacroAssemblerX86Common::atomicXor32):
1004         (JSC::MacroAssemblerX86Common::atomicNeg8):
1005         (JSC::MacroAssemblerX86Common::atomicNeg16):
1006         (JSC::MacroAssemblerX86Common::atomicNeg32):
1007         (JSC::MacroAssemblerX86Common::atomicNot8):
1008         (JSC::MacroAssemblerX86Common::atomicNot16):
1009         (JSC::MacroAssemblerX86Common::atomicNot32):
1010         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
1011         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
1012         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
1013         (JSC::MacroAssemblerX86Common::atomicXchg8):
1014         (JSC::MacroAssemblerX86Common::atomicXchg16):
1015         (JSC::MacroAssemblerX86Common::atomicXchg32):
1016         (JSC::MacroAssemblerX86Common::loadAcq8):
1017         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
1018         (JSC::MacroAssemblerX86Common::loadAcq16):
1019         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
1020         (JSC::MacroAssemblerX86Common::loadAcq32):
1021         (JSC::MacroAssemblerX86Common::storeRel8):
1022         (JSC::MacroAssemblerX86Common::storeRel16):
1023         (JSC::MacroAssemblerX86Common::storeRel32):
1024         (JSC::MacroAssemblerX86Common::storeFence):
1025         (JSC::MacroAssemblerX86Common::loadFence):
1026         (JSC::MacroAssemblerX86Common::replaceWithJump):
1027         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
1028         (JSC::MacroAssemblerX86Common::patchableJumpSize):
1029         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
1030         (JSC::MacroAssemblerX86Common::supportsAVX):
1031         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
1032         (JSC::MacroAssemblerX86Common::x86Condition):
1033         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
1034         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
1035         * assembler/MacroAssemblerX86_64.h:
1036         (JSC::MacroAssemblerX86_64::add64):
1037         (JSC::MacroAssemblerX86_64::and64):
1038         (JSC::MacroAssemblerX86_64::neg64):
1039         (JSC::MacroAssemblerX86_64::or64):
1040         (JSC::MacroAssemblerX86_64::sub64):
1041         (JSC::MacroAssemblerX86_64::xor64):
1042         (JSC::MacroAssemblerX86_64::not64):
1043         (JSC::MacroAssemblerX86_64::store64):
1044         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
1045         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
1046         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
1047         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
1048         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
1049         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
1050         (JSC::MacroAssemblerX86_64::atomicAdd64):
1051         (JSC::MacroAssemblerX86_64::atomicSub64):
1052         (JSC::MacroAssemblerX86_64::atomicAnd64):
1053         (JSC::MacroAssemblerX86_64::atomicOr64):
1054         (JSC::MacroAssemblerX86_64::atomicXor64):
1055         (JSC::MacroAssemblerX86_64::atomicNeg64):
1056         (JSC::MacroAssemblerX86_64::atomicNot64):
1057         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
1058         (JSC::MacroAssemblerX86_64::atomicXchg64):
1059         (JSC::MacroAssemblerX86_64::loadAcq64):
1060         (JSC::MacroAssemblerX86_64::storeRel64):
1061         * assembler/X86Assembler.h:
1062         (JSC::X86Assembler::addl_mr):
1063         (JSC::X86Assembler::addq_mr):
1064         (JSC::X86Assembler::addq_rm):
1065         (JSC::X86Assembler::addq_im):
1066         (JSC::X86Assembler::andl_mr):
1067         (JSC::X86Assembler::andl_rm):
1068         (JSC::X86Assembler::andw_rm):
1069         (JSC::X86Assembler::andb_rm):
1070         (JSC::X86Assembler::andl_im):
1071         (JSC::X86Assembler::andw_im):
1072         (JSC::X86Assembler::andb_im):
1073         (JSC::X86Assembler::andq_mr):
1074         (JSC::X86Assembler::andq_rm):
1075         (JSC::X86Assembler::andq_im):
1076         (JSC::X86Assembler::incq_m):
1077         (JSC::X86Assembler::negq_m):
1078         (JSC::X86Assembler::negl_m):
1079         (JSC::X86Assembler::negw_m):
1080         (JSC::X86Assembler::negb_m):
1081         (JSC::X86Assembler::notl_m):
1082         (JSC::X86Assembler::notw_m):
1083         (JSC::X86Assembler::notb_m):
1084         (JSC::X86Assembler::notq_m):
1085         (JSC::X86Assembler::orl_mr):
1086         (JSC::X86Assembler::orl_rm):
1087         (JSC::X86Assembler::orw_rm):
1088         (JSC::X86Assembler::orb_rm):
1089         (JSC::X86Assembler::orl_im):
1090         (JSC::X86Assembler::orw_im):
1091         (JSC::X86Assembler::orb_im):
1092         (JSC::X86Assembler::orq_mr):
1093         (JSC::X86Assembler::orq_rm):
1094         (JSC::X86Assembler::orq_im):
1095         (JSC::X86Assembler::subl_mr):
1096         (JSC::X86Assembler::subl_rm):
1097         (JSC::X86Assembler::subw_rm):
1098         (JSC::X86Assembler::subb_rm):
1099         (JSC::X86Assembler::subl_im):
1100         (JSC::X86Assembler::subw_im):
1101         (JSC::X86Assembler::subb_im):
1102         (JSC::X86Assembler::subq_mr):
1103         (JSC::X86Assembler::subq_rm):
1104         (JSC::X86Assembler::subq_im):
1105         (JSC::X86Assembler::xorl_mr):
1106         (JSC::X86Assembler::xorl_rm):
1107         (JSC::X86Assembler::xorl_im):
1108         (JSC::X86Assembler::xorw_rm):
1109         (JSC::X86Assembler::xorw_im):
1110         (JSC::X86Assembler::xorb_rm):
1111         (JSC::X86Assembler::xorb_im):
1112         (JSC::X86Assembler::xorq_im):
1113         (JSC::X86Assembler::xorq_rm):
1114         (JSC::X86Assembler::xorq_mr):
1115         (JSC::X86Assembler::xchgb_rm):
1116         (JSC::X86Assembler::xchgw_rm):
1117         (JSC::X86Assembler::xchgl_rm):
1118         (JSC::X86Assembler::xchgq_rm):
1119         (JSC::X86Assembler::movw_im):
1120         (JSC::X86Assembler::movq_i32m):
1121         (JSC::X86Assembler::cmpxchgb_rm):
1122         (JSC::X86Assembler::cmpxchgw_rm):
1123         (JSC::X86Assembler::cmpxchgl_rm):
1124         (JSC::X86Assembler::cmpxchgq_rm):
1125         (JSC::X86Assembler::xaddb_rm):
1126         (JSC::X86Assembler::xaddw_rm):
1127         (JSC::X86Assembler::xaddl_rm):
1128         (JSC::X86Assembler::xaddq_rm):
1129         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
1130         * b3/B3AtomicValue.cpp: Added.
1131         (JSC::B3::AtomicValue::~AtomicValue):
1132         (JSC::B3::AtomicValue::dumpMeta):
1133         (JSC::B3::AtomicValue::cloneImpl):
1134         (JSC::B3::AtomicValue::AtomicValue):
1135         * b3/B3AtomicValue.h: Added.
1136         * b3/B3BasicBlock.h:
1137         * b3/B3BlockInsertionSet.cpp:
1138         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
1139         (JSC::B3::BlockInsertionSet::insert): Deleted.
1140         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
1141         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
1142         (JSC::B3::BlockInsertionSet::execute): Deleted.
1143         * b3/B3BlockInsertionSet.h:
1144         * b3/B3Effects.cpp:
1145         (JSC::B3::Effects::interferes):
1146         (JSC::B3::Effects::operator==):
1147         (JSC::B3::Effects::dump):
1148         * b3/B3Effects.h:
1149         (JSC::B3::Effects::forCall):
1150         (JSC::B3::Effects::mustExecute):
1151         * b3/B3EliminateCommonSubexpressions.cpp:
1152         * b3/B3Generate.cpp:
1153         (JSC::B3::generateToAir):
1154         * b3/B3GenericBlockInsertionSet.h: Added.
1155         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
1156         (JSC::B3::GenericBlockInsertionSet::insert):
1157         (JSC::B3::GenericBlockInsertionSet::insertBefore):
1158         (JSC::B3::GenericBlockInsertionSet::insertAfter):
1159         (JSC::B3::GenericBlockInsertionSet::execute):
1160         * b3/B3HeapRange.h:
1161         (JSC::B3::HeapRange::operator|):
1162         * b3/B3InsertionSet.cpp:
1163         (JSC::B3::InsertionSet::insertClone):
1164         * b3/B3InsertionSet.h:
1165         * b3/B3LegalizeMemoryOffsets.cpp:
1166         * b3/B3LowerMacros.cpp:
1167         (JSC::B3::lowerMacros):
1168         * b3/B3LowerMacrosAfterOptimizations.cpp:
1169         * b3/B3LowerToAir.cpp:
1170         (JSC::B3::Air::LowerToAir::LowerToAir):
1171         (JSC::B3::Air::LowerToAir::run):
1172         (JSC::B3::Air::LowerToAir::effectiveAddr):
1173         (JSC::B3::Air::LowerToAir::addr):
1174         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
1175         (JSC::B3::Air::LowerToAir::appendShift):
1176         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1177         (JSC::B3::Air::LowerToAir::storeOpcode):
1178         (JSC::B3::Air::LowerToAir::createStore):
1179         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
1180         (JSC::B3::Air::LowerToAir::newBlock):
1181         (JSC::B3::Air::LowerToAir::splitBlock):
1182         (JSC::B3::Air::LowerToAir::fillStackmap):
1183         (JSC::B3::Air::LowerToAir::appendX86Div):
1184         (JSC::B3::Air::LowerToAir::appendX86UDiv):
1185         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
1186         (JSC::B3::Air::LowerToAir::storeCondOpcode):
1187         (JSC::B3::Air::LowerToAir::appendCAS):
1188         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
1189         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
1190         (JSC::B3::Air::LowerToAir::lower):
1191         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
1192         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
1193         * b3/B3LowerToAir.h:
1194         * b3/B3MemoryValue.cpp:
1195         (JSC::B3::MemoryValue::isLegalOffset):
1196         (JSC::B3::MemoryValue::accessType):
1197         (JSC::B3::MemoryValue::accessBank):
1198         (JSC::B3::MemoryValue::accessByteSize):
1199         (JSC::B3::MemoryValue::dumpMeta):
1200         (JSC::B3::MemoryValue::MemoryValue):
1201         (JSC::B3::MemoryValue::accessWidth): Deleted.
1202         * b3/B3MemoryValue.h:
1203         * b3/B3MemoryValueInlines.h: Added.
1204         (JSC::B3::MemoryValue::isLegalOffset):
1205         (JSC::B3::MemoryValue::requiresSimpleAddr):
1206         (JSC::B3::MemoryValue::accessWidth):
1207         * b3/B3MoveConstants.cpp:
1208         * b3/B3NativeTraits.h: Added.
1209         * b3/B3Opcode.cpp:
1210         (JSC::B3::storeOpcode):
1211         (WTF::printInternal):
1212         * b3/B3Opcode.h:
1213         (JSC::B3::isLoad):
1214         (JSC::B3::isStore):
1215         (JSC::B3::isLoadStore):
1216         (JSC::B3::isAtomic):
1217         (JSC::B3::isAtomicCAS):
1218         (JSC::B3::isAtomicXchg):
1219         (JSC::B3::isMemoryAccess):
1220         (JSC::B3::signExtendOpcode):
1221         * b3/B3Procedure.cpp:
1222         (JSC::B3::Procedure::dump):
1223         * b3/B3Procedure.h:
1224         (JSC::B3::Procedure::hasQuirks):
1225         (JSC::B3::Procedure::setHasQuirks):
1226         * b3/B3PureCSE.cpp:
1227         (JSC::B3::pureCSE):
1228         * b3/B3PureCSE.h:
1229         * b3/B3ReduceStrength.cpp:
1230         * b3/B3Validate.cpp:
1231         * b3/B3Value.cpp:
1232         (JSC::B3::Value::returnsBool):
1233         (JSC::B3::Value::effects):
1234         (JSC::B3::Value::key):
1235         (JSC::B3::Value::performSubstitution):
1236         (JSC::B3::Value::typeFor):
1237         * b3/B3Value.h:
1238         * b3/B3Width.cpp:
1239         (JSC::B3::bestType):
1240         * b3/B3Width.h:
1241         (JSC::B3::canonicalWidth):
1242         (JSC::B3::isCanonicalWidth):
1243         (JSC::B3::mask):
1244         * b3/air/AirArg.cpp:
1245         (JSC::B3::Air::Arg::jsHash):
1246         (JSC::B3::Air::Arg::dump):
1247         (WTF::printInternal):
1248         * b3/air/AirArg.h:
1249         (JSC::B3::Air::Arg::isAnyUse):
1250         (JSC::B3::Air::Arg::isColdUse):
1251         (JSC::B3::Air::Arg::cooled):
1252         (JSC::B3::Air::Arg::isEarlyUse):
1253         (JSC::B3::Air::Arg::isLateUse):
1254         (JSC::B3::Air::Arg::isAnyDef):
1255         (JSC::B3::Air::Arg::isEarlyDef):
1256         (JSC::B3::Air::Arg::isLateDef):
1257         (JSC::B3::Air::Arg::isZDef):
1258         (JSC::B3::Air::Arg::simpleAddr):
1259         (JSC::B3::Air::Arg::statusCond):
1260         (JSC::B3::Air::Arg::isSimpleAddr):
1261         (JSC::B3::Air::Arg::isMemory):
1262         (JSC::B3::Air::Arg::isStatusCond):
1263         (JSC::B3::Air::Arg::isCondition):
1264         (JSC::B3::Air::Arg::ptr):
1265         (JSC::B3::Air::Arg::base):
1266         (JSC::B3::Air::Arg::isGP):
1267         (JSC::B3::Air::Arg::isFP):
1268         (JSC::B3::Air::Arg::isValidForm):
1269         (JSC::B3::Air::Arg::forEachTmpFast):
1270         (JSC::B3::Air::Arg::forEachTmp):
1271         (JSC::B3::Air::Arg::asAddress):
1272         (JSC::B3::Air::Arg::asStatusCondition):
1273         (JSC::B3::Air::Arg::isInvertible):
1274         (JSC::B3::Air::Arg::inverted):
1275         * b3/air/AirBasicBlock.cpp:
1276         (JSC::B3::Air::BasicBlock::setSuccessors):
1277         * b3/air/AirBasicBlock.h:
1278         * b3/air/AirBlockInsertionSet.cpp: Added.
1279         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
1280         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
1281         * b3/air/AirBlockInsertionSet.h: Added.
1282         * b3/air/AirDumpAsJS.cpp: Removed.
1283         * b3/air/AirDumpAsJS.h: Removed.
1284         * b3/air/AirEliminateDeadCode.cpp:
1285         (JSC::B3::Air::eliminateDeadCode):
1286         * b3/air/AirGenerate.cpp:
1287         (JSC::B3::Air::prepareForGeneration):
1288         * b3/air/AirInstInlines.h:
1289         (JSC::B3::Air::isAtomicStrongCASValid):
1290         (JSC::B3::Air::isBranchAtomicStrongCASValid):
1291         (JSC::B3::Air::isAtomicStrongCAS8Valid):
1292         (JSC::B3::Air::isAtomicStrongCAS16Valid):
1293         (JSC::B3::Air::isAtomicStrongCAS32Valid):
1294         (JSC::B3::Air::isAtomicStrongCAS64Valid):
1295         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
1296         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
1297         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
1298         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
1299         * b3/air/AirOpcode.opcodes:
1300         * b3/air/AirOptimizeBlockOrder.cpp:
1301         (JSC::B3::Air::optimizeBlockOrder):
1302         * b3/air/AirPadInterference.cpp:
1303         (JSC::B3::Air::padInterference):
1304         * b3/air/AirSpillEverything.cpp:
1305         (JSC::B3::Air::spillEverything):
1306         * b3/air/opcode_generator.rb:
1307         * b3/testb3.cpp:
1308         (JSC::B3::testLoadAcq42):
1309         (JSC::B3::testStoreRelAddLoadAcq32):
1310         (JSC::B3::testStoreRelAddLoadAcq8):
1311         (JSC::B3::testStoreRelAddFenceLoadAcq8):
1312         (JSC::B3::testStoreRelAddLoadAcq16):
1313         (JSC::B3::testStoreRelAddLoadAcq64):
1314         (JSC::B3::testTrappingStoreElimination):
1315         (JSC::B3::testX86LeaAddAdd):
1316         (JSC::B3::testX86LeaAddShlLeftScale1):
1317         (JSC::B3::testAtomicWeakCAS):
1318         (JSC::B3::testAtomicStrongCAS):
1319         (JSC::B3::testAtomicXchg):
1320         (JSC::B3::testDepend32):
1321         (JSC::B3::testDepend64):
1322         (JSC::B3::run):
1323         * runtime/Options.h:
1324
1325 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
1326
1327         Unreviewed typo fixes after r213652.
1328         https://bugs.webkit.org/show_bug.cgi?id=168920
1329
1330         * assembler/MacroAssemblerARM.h:
1331         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
1332         * assembler/MacroAssemblerMIPS.h:
1333         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
1334
1335 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
1336
1337         Unreviewed ARM buildfix after r213652.
1338         https://bugs.webkit.org/show_bug.cgi?id=168920
1339
1340         r213652 used replaceWithBrk and replaceWithBkpt names for the same
1341         function, which was inconsistent and caused build error in ARMAssembler.
1342
1343         * assembler/ARM64Assembler.h:
1344         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
1345         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
1346         * assembler/ARMAssembler.h:
1347         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
1348         (JSC::ARMAssembler::replaceWithBrk): Deleted.
1349         * assembler/MacroAssemblerARM64.h:
1350         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1351
1352 2017-03-10  Alex Christensen  <achristensen@webkit.org>
1353
1354         Win64 build fix.
1355
1356         * b3/B3FenceValue.h:
1357         * b3/B3Value.h:
1358         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
1359         doesn't accomplish anything except making Visual Studio mad.
1360         * b3/air/opcode_generator.rb:
1361         winnt.h has naming collisions with enum values from AirOpcode.h.
1362         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
1363         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
1364         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
1365         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
1366
1367 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
1368
1369         Unreviewed, rolling out r213695.
1370
1371         This change broke the Windows build.
1372
1373         Reverted changeset:
1374
1375         "Implement a StackTrace utility object that can capture stack
1376         traces for debugging."
1377         https://bugs.webkit.org/show_bug.cgi?id=169454
1378         http://trac.webkit.org/changeset/213695
1379
1380 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
1381
1382         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
1383         https://bugs.webkit.org/show_bug.cgi?id=167962
1384
1385         Reviewed by Keith Miller.
1386
1387         Object Rest/Spread Destructing proposal is in stage 3[1] and this
1388         Patch is a prototype implementation of it. A simple change over the
1389         parser was necessary to support the new '...' token on Object Pattern
1390         destruction rule. In the bytecode generator side, We changed the
1391         bytecode generated on ObjectPatternNode::bindValue to store in an
1392         array identifiers of already destructed properties, following spec draft
1393         section[2], and then pass it as excludedNames to CopyDataProperties.
1394         The rest destruction the calls copyDataProperties to perform the
1395         copy of rest properties in rhs.
1396
1397         We also implemented CopyDataProperties as private JS global operation
1398         on builtins/GlobalOperations.js following it's specification on [3].
1399         It is implemented using Set object to verify if a property is on
1400         excludedNames to keep this algorithm with O(n + m) complexity, where n
1401         = number of source's own properties and m = excludedNames.length. 
1402
1403         As a requirement to use JSSets as constants, a change in
1404         CodeBlock::create API was necessary, because JSSet creation can throws OOM
1405         exception. Now, CodeBlock::finishCreation returns ```false``` if an
1406         execption is throwed by
1407         CodeBlock::setConstantIdentifierSetRegisters and then we return
1408         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
1409         check if CodeBlock was constructed properly and then, throw OOM
1410         exception to the correct scope.
1411
1412         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
1413         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
1414         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
1415
1416         * builtins/BuiltinNames.h:
1417         * builtins/GlobalOperations.js:
1418         (globalPrivate.copyDataProperties):
1419         * bytecode/CodeBlock.cpp:
1420         (JSC::CodeBlock::finishCreation):
1421         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
1422         * bytecode/CodeBlock.h:
1423         * bytecode/EvalCodeBlock.h:
1424         (JSC::EvalCodeBlock::create):
1425         * bytecode/FunctionCodeBlock.h:
1426         (JSC::FunctionCodeBlock::create):
1427         * bytecode/ModuleProgramCodeBlock.h:
1428         (JSC::ModuleProgramCodeBlock::create):
1429         * bytecode/ProgramCodeBlock.h:
1430         (JSC::ProgramCodeBlock::create):
1431         * bytecode/UnlinkedCodeBlock.h:
1432         (JSC::UnlinkedCodeBlock::addSetConstant):
1433         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
1434         * bytecompiler/BytecodeGenerator.cpp:
1435         (JSC::BytecodeGenerator::emitLoad):
1436         * bytecompiler/BytecodeGenerator.h:
1437         * bytecompiler/NodesCodegen.cpp:
1438         (JSC::ObjectPatternNode::bindValue):
1439         * parser/ASTBuilder.h:
1440         (JSC::ASTBuilder::appendObjectPatternEntry):
1441         (JSC::ASTBuilder::appendObjectPatternRestEntry):
1442         (JSC::ASTBuilder::setContainsObjectRestElement):
1443         * parser/Nodes.h:
1444         (JSC::ObjectPatternNode::appendEntry):
1445         (JSC::ObjectPatternNode::setContainsRestElement):
1446         * parser/Parser.cpp:
1447         (JSC::Parser<LexerType>::parseDestructuringPattern):
1448         (JSC::Parser<LexerType>::parseProperty):
1449         * parser/SyntaxChecker.h:
1450         (JSC::SyntaxChecker::operatorStackPop):
1451         * runtime/JSGlobalObject.cpp:
1452         (JSC::JSGlobalObject::init):
1453         * runtime/JSGlobalObjectFunctions.cpp:
1454         (JSC::privateToObject):
1455         * runtime/JSGlobalObjectFunctions.h:
1456         * runtime/ScriptExecutable.cpp:
1457         (JSC::ScriptExecutable::newCodeBlockFor):
1458
1459 2017-03-09  Mark Lam  <mark.lam@apple.com>
1460
1461         Implement a StackTrace utility object that can capture stack traces for debugging.
1462         https://bugs.webkit.org/show_bug.cgi?id=169454
1463
1464         Reviewed by Michael Saboff.
1465
1466         The underlying implementation is hoisted right out of Assertions.cpp from the
1467         implementations of WTFPrintBacktrace().
1468
1469         The reason we need this StackTrace object is because during heap debugging, we
1470         sometimes want to capture the stack trace that allocated the objects of interest.
1471         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
1472         perturb the execution profile sufficiently that an issue may not reproduce,
1473         while alternatively, just capturing the stack trace and deferring printing it
1474         till we actually need it later perturbs the execution profile less.
1475
1476         In addition, just capturing the stack traces (instead of printing them
1477         immediately at each capture site) allows us to avoid polluting stdout with tons
1478         of stack traces that may be irrelevant.
1479
1480         For now, we only capture the native stack trace.  We'll leave capturing and
1481         integrating the JS stack trace as an exercise for the future if we need it then.
1482
1483         Here's an example of how to use this StackTrace utility:
1484
1485             // Capture a stack trace of the top 10 frames.
1486             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
1487             // Print the trace.
1488             dataLog(*trace);
1489
1490         * CMakeLists.txt:
1491         * JavaScriptCore.xcodeproj/project.pbxproj:
1492         * tools/StackTrace.cpp: Added.
1493         (JSC::StackTrace::instanceSize):
1494         (JSC::StackTrace::captureStackTrace):
1495         (JSC::StackTrace::dump):
1496         * tools/StackTrace.h: Added.
1497         (JSC::StackTrace::StackTrace):
1498         (JSC::StackTrace::size):
1499
1500 2017-03-09  Keith Miller  <keith_miller@apple.com>
1501
1502         WebAssembly: Enable fast memory for WK2
1503         https://bugs.webkit.org/show_bug.cgi?id=169437
1504
1505         Reviewed by Tim Horton.
1506
1507         * JavaScriptCore.xcodeproj/project.pbxproj:
1508
1509 2017-03-09  Matt Baker  <mattbaker@apple.com>
1510
1511         Web Inspector: Add XHR breakpoints UI
1512         https://bugs.webkit.org/show_bug.cgi?id=168763
1513         <rdar://problem/30952439>
1514
1515         Reviewed by Joseph Pecoraro.
1516
1517         * inspector/protocol/DOMDebugger.json:
1518         Added clarifying comments to command descriptions.
1519
1520 2017-03-09  Michael Saboff  <msaboff@apple.com>
1521
1522         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
1523         https://bugs.webkit.org/show_bug.cgi?id=169387
1524
1525         Reviewed by Filip Pizlo.
1526
1527         Added a helper function, processConfigFile(), to process configuration file.
1528         Changed jsc.cpp to use that function in lieu of processing the config file
1529         manually.
1530
1531         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
1532         * jsc.cpp:
1533         (jscmain):
1534         * runtime/ConfigFile.cpp:
1535         (JSC::processConfigFile):
1536         * runtime/ConfigFile.h:
1537
1538 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
1539
1540         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
1541         https://bugs.webkit.org/show_bug.cgi?id=29687
1542         <rdar://problem/19281586>
1543
1544         Reviewed by Matt Baker and Brian Burg.
1545
1546         * inspector/protocol/Network.json:
1547         Add metrics object with optional properties to loadingFinished event.
1548
1549 2017-03-09  Youenn Fablet  <youenn@apple.com>
1550
1551         Minimal build is broken
1552         https://bugs.webkit.org/show_bug.cgi?id=169416
1553
1554         Reviewed by Chris Dumez.
1555
1556         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
1557         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
1558
1559         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
1560         (generate_members):
1561         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
1562         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
1563         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
1564
1565 2017-03-09  Daniel Bates  <dabates@apple.com>
1566
1567         Guard Credential Management implementation behind a runtime enabled feature flag
1568         https://bugs.webkit.org/show_bug.cgi?id=169364
1569         <rdar://problem/30957425>
1570
1571         Reviewed by Brent Fulgham.
1572
1573         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
1574         needed to guard these interfaces behind a runtime enabled feature flag.
1575
1576         * runtime/CommonIdentifiers.h:
1577
1578 2017-03-09  Mark Lam  <mark.lam@apple.com>
1579
1580         Refactoring some HeapVerifier code.
1581         https://bugs.webkit.org/show_bug.cgi?id=169443
1582
1583         Reviewed by Filip Pizlo.
1584
1585         Renamed LiveObjectData to CellProfile.
1586         Renamed LiveObjectList to CellList.
1587         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
1588         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
1589
1590         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
1591
1592         * CMakeLists.txt:
1593         * JavaScriptCore.xcodeproj/project.pbxproj:
1594         * heap/Heap.cpp:
1595         (JSC::Heap::runBeginPhase):
1596         (JSC::Heap::runEndPhase):
1597         * heap/HeapVerifier.cpp: Removed.
1598         * heap/HeapVerifier.h: Removed.
1599         * heap/LiveObjectData.h: Removed.
1600         * heap/LiveObjectList.cpp: Removed.
1601         * heap/LiveObjectList.h: Removed.
1602         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
1603         (JSC::CellList::findCell):
1604         (JSC::LiveObjectList::findObject): Deleted.
1605         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
1606         (JSC::CellList::CellList):
1607         (JSC::CellList::reset):
1608         (JSC::LiveObjectList::LiveObjectList): Deleted.
1609         (JSC::LiveObjectList::reset): Deleted.
1610         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
1611         (JSC::CellProfile::CellProfile):
1612         (JSC::LiveObjectData::LiveObjectData): Deleted.
1613         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
1614         (JSC::GatherCellFunctor::GatherCellFunctor):
1615         (JSC::GatherCellFunctor::visit):
1616         (JSC::GatherCellFunctor::operator()):
1617         (JSC::HeapVerifier::gatherLiveCells):
1618         (JSC::HeapVerifier::cellListForGathering):
1619         (JSC::trimDeadCellsFromList):
1620         (JSC::HeapVerifier::trimDeadCells):
1621         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
1622         (JSC::HeapVerifier::reportCell):
1623         (JSC::HeapVerifier::checkIfRecorded):
1624         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
1625         (JSC::GatherLiveObjFunctor::visit): Deleted.
1626         (JSC::GatherLiveObjFunctor::operator()): Deleted.
1627         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
1628         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
1629         (JSC::trimDeadObjectsFromList): Deleted.
1630         (JSC::HeapVerifier::trimDeadObjects): Deleted.
1631         (JSC::HeapVerifier::reportObject): Deleted.
1632         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
1633
1634 2017-03-09  Anders Carlsson  <andersca@apple.com>
1635
1636         Add delegate support to WebCore
1637         https://bugs.webkit.org/show_bug.cgi?id=169427
1638         Part of rdar://problem/28880714.
1639
1640         Reviewed by Geoffrey Garen.
1641
1642         * Configurations/FeatureDefines.xcconfig:
1643         Add feature define.
1644
1645 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
1646
1647         Web Inspector: Show individual messages in the content pane for a WebSocket
1648         https://bugs.webkit.org/show_bug.cgi?id=169011
1649
1650         Reviewed by Joseph Pecoraro.
1651
1652         Add walltime parameter and correct the description of Timestamp type.
1653
1654         * inspector/protocol/Network.json:
1655
1656 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1657
1658         Unreviewed, fix weak external symbol error.
1659
1660         * heap/SlotVisitor.h:
1661
1662 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1663
1664         std::isnan/isinf should work with WTF time classes
1665         https://bugs.webkit.org/show_bug.cgi?id=164991
1666
1667         Reviewed by Darin Adler.
1668         
1669         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
1670
1671         * runtime/AtomicsObject.cpp:
1672         (JSC::atomicsFuncWait):
1673
1674 2017-03-09  Mark Lam  <mark.lam@apple.com>
1675
1676         Use const AbstractLocker& (instead of const LockHolder&) in more places.
1677         https://bugs.webkit.org/show_bug.cgi?id=169424
1678
1679         Reviewed by Filip Pizlo.
1680
1681         * heap/CodeBlockSet.cpp:
1682         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
1683         * heap/CodeBlockSet.h:
1684         * heap/CodeBlockSetInlines.h:
1685         (JSC::CodeBlockSet::mark):
1686         * heap/ConservativeRoots.cpp:
1687         (JSC::CompositeMarkHook::CompositeMarkHook):
1688         * heap/MachineStackMarker.cpp:
1689         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1690         * heap/MachineStackMarker.h:
1691         * profiler/ProfilerDatabase.cpp:
1692         (JSC::Profiler::Database::ensureBytecodesFor):
1693         * profiler/ProfilerDatabase.h:
1694         * runtime/SamplingProfiler.cpp:
1695         (JSC::FrameWalker::FrameWalker):
1696         (JSC::CFrameWalker::CFrameWalker):
1697         (JSC::SamplingProfiler::createThreadIfNecessary):
1698         (JSC::SamplingProfiler::takeSample):
1699         (JSC::SamplingProfiler::start):
1700         (JSC::SamplingProfiler::pause):
1701         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
1702         (JSC::SamplingProfiler::clearData):
1703         (JSC::SamplingProfiler::releaseStackTraces):
1704         * runtime/SamplingProfiler.h:
1705         (JSC::SamplingProfiler::setStopWatch):
1706         * wasm/WasmMemory.cpp:
1707         (JSC::Wasm::availableFastMemories):
1708         (JSC::Wasm::activeFastMemories):
1709         (JSC::Wasm::viewActiveFastMemories):
1710         * wasm/WasmMemory.h:
1711
1712 2017-03-09  Saam Barati  <sbarati@apple.com>
1713
1714         WebAssembly: Make the Unity AngryBots demo run
1715         https://bugs.webkit.org/show_bug.cgi?id=169268
1716
1717         Reviewed by Keith Miller.
1718
1719         This patch fixes three bugs:
1720         1. The WasmBinding code for making a JS call was off
1721         by 1 in its stack layout code.
1722         2. The WasmBinding code had a "<" comparison instead
1723         of a ">=" comparison. This would cause us to calculate
1724         the wrong frame pointer offset.
1725         3. The code to reload wasm state inside B3IRGenerator didn't
1726         properly represent its effects.
1727
1728         * wasm/WasmB3IRGenerator.cpp:
1729         (JSC::Wasm::restoreWebAssemblyGlobalState):
1730         (JSC::Wasm::parseAndCompile):
1731         * wasm/WasmBinding.cpp:
1732         (JSC::Wasm::wasmToJs):
1733         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1734         (JSC::WebAssemblyInstanceConstructor::createInstance):
1735
1736 2017-03-09  Mark Lam  <mark.lam@apple.com>
1737
1738         Make the VM Traps mechanism non-polling for the DFG and FTL.
1739         https://bugs.webkit.org/show_bug.cgi?id=168920
1740         <rdar://problem/30738588>
1741
1742         Reviewed by Filip Pizlo.
1743
1744         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
1745            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
1746         2. Added assembler functions for overwriting an instruction with a breakpoint.
1747         3. Added a new JettisonDueToVMTraps jettison reason.
1748         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
1749            invalidation points with breakpoint instructions.
1750         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
1751         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
1752            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
1753            Options::usePollingTraps() to always be true.  This makes the VMTraps
1754            implementation fall back to using polling based traps only.
1755
1756         7. Make VMTraps support signal based traps.
1757
1758         Some design and implementation details of signal based VM traps:
1759
1760         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
1761
1762         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
1763           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
1764           we want to trap, and check for the occurence of one of the following events:
1765
1766           a. VMTraps::handleTraps() has been called for the requested trap, or
1767
1768           b. the VM is inactive and is no longer executing any JS code.  We determine
1769              this to be the case if the thread no longer owns the JSLock and the VM's
1770              entryScope is null.
1771
1772              Note: the thread can relinquish the JSLock while the VM's entryScope is not
1773              null.  This happens when the thread calls JSLock::dropAllLocks() before
1774              calling a host function that may block on IO (or whatever).  For our purpose,
1775              this counts as the VM still running JS code, and VM::fireTrap() will still
1776              be waiting.
1777
1778           If the SignalSender does not see either of these events, it will sleep for a
1779           while and then re-send SIGUSR1 and check for the events again.  When it sees
1780           one of these events, it will consider the mutator to have received the trap
1781           request.
1782
1783         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1784           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1785           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1786           safe to jettison the codeBlock.
1787
1788           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1789           insert the breakpoint instructions itself.  This is because we need the
1790           register state of the the mutator thread (that we want to trap in) in order to
1791           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1792           we don't have a generic way for the requester thread to get the register state
1793           of another thread.
1794
1795         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1796           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1797           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1798           baseline JIT code will eventually reach an op_check_traps and call
1799           VMTraps::handleTraps().
1800
1801           If the handler is not trapping at an invalidation point, then it must be
1802           observing an assertion failure (which also uses the breakpoint instruction).
1803           In this case, the handler will defer to the default SIGTRAP handler and crash.
1804
1805         - The reason we need the SignalSender is because SignalSender::send() is called
1806           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1807           send() needs to make use of the VM pointer, and it is not guaranteed that the
1808           VM will outlive the thread.  SignalSender provides the mechanism by which we
1809           can nullify the VM pointer when the VM dies so that the thread does not
1810           continue to use it.
1811
1812         * assembler/ARM64Assembler.h:
1813         (JSC::ARM64Assembler::replaceWithBrk):
1814         * assembler/ARMAssembler.h:
1815         (JSC::ARMAssembler::replaceWithBrk):
1816         * assembler/ARMv7Assembler.h:
1817         (JSC::ARMv7Assembler::replaceWithBkpt):
1818         * assembler/MIPSAssembler.h:
1819         (JSC::MIPSAssembler::replaceWithBkpt):
1820         * assembler/MacroAssemblerARM.h:
1821         (JSC::MacroAssemblerARM::replaceWithJump):
1822         * assembler/MacroAssemblerARM64.h:
1823         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1824         * assembler/MacroAssemblerARMv7.h:
1825         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1826         * assembler/MacroAssemblerMIPS.h:
1827         (JSC::MacroAssemblerMIPS::replaceWithJump):
1828         * assembler/MacroAssemblerX86Common.h:
1829         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1830         * assembler/X86Assembler.h:
1831         (JSC::X86Assembler::replaceWithInt3):
1832         * bytecode/CodeBlock.cpp:
1833         (JSC::CodeBlock::jettison):
1834         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1835         (JSC::CodeBlock::installVMTrapBreakpoints):
1836         * bytecode/CodeBlock.h:
1837         * bytecompiler/BytecodeGenerator.cpp:
1838         (JSC::BytecodeGenerator::emitCheckTraps):
1839         * dfg/DFGCommonData.cpp:
1840         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1841         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1842         * dfg/DFGCommonData.h:
1843         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1844         * dfg/DFGJumpReplacement.cpp:
1845         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1846         * dfg/DFGJumpReplacement.h:
1847         (JSC::DFG::JumpReplacement::dataLocation):
1848         * dfg/DFGNodeType.h:
1849         * heap/CodeBlockSet.cpp:
1850         (JSC::CodeBlockSet::contains):
1851         * heap/CodeBlockSet.h:
1852         * heap/CodeBlockSetInlines.h:
1853         (JSC::CodeBlockSet::iterate):
1854         * heap/Heap.cpp:
1855         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1856         * heap/Heap.h:
1857         * heap/HeapInlines.h:
1858         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1859         * heap/MachineStackMarker.h:
1860         (JSC::MachineThreads::threadsListHead):
1861         * jit/ExecutableAllocator.cpp:
1862         (JSC::ExecutableAllocator::isValidExecutableMemory):
1863         * jit/ExecutableAllocator.h:
1864         * profiler/ProfilerJettisonReason.cpp:
1865         (WTF::printInternal):
1866         * profiler/ProfilerJettisonReason.h:
1867         * runtime/JSLock.cpp:
1868         (JSC::JSLock::didAcquireLock):
1869         * runtime/Options.cpp:
1870         (JSC::overrideDefaults):
1871         * runtime/Options.h:
1872         * runtime/PlatformThread.h:
1873         (JSC::platformThreadSignal):
1874         * runtime/VM.cpp:
1875         (JSC::VM::~VM):
1876         (JSC::VM::ensureWatchdog):
1877         (JSC::VM::handleTraps): Deleted.
1878         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1879         * runtime/VM.h:
1880         (JSC::VM::ownerThread):
1881         (JSC::VM::traps):
1882         (JSC::VM::handleTraps):
1883         (JSC::VM::needTrapHandling):
1884         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1885         * runtime/VMTraps.cpp:
1886         (JSC::VMTraps::vm):
1887         (JSC::SignalContext::SignalContext):
1888         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1889         (JSC::vmIsInactive):
1890         (JSC::findActiveVMAndStackBounds):
1891         (JSC::handleSigusr1):
1892         (JSC::handleSigtrap):
1893         (JSC::installSignalHandlers):
1894         (JSC::sanitizedTopCallFrame):
1895         (JSC::isSaneFrame):
1896         (JSC::VMTraps::tryInstallTrapBreakpoints):
1897         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1898         (JSC::VMTraps::VMTraps):
1899         (JSC::VMTraps::willDestroyVM):
1900         (JSC::VMTraps::addSignalSender):
1901         (JSC::VMTraps::removeSignalSender):
1902         (JSC::VMTraps::SignalSender::willDestroyVM):
1903         (JSC::VMTraps::SignalSender::send):
1904         (JSC::VMTraps::fireTrap):
1905         (JSC::VMTraps::handleTraps):
1906         * runtime/VMTraps.h:
1907         (JSC::VMTraps::~VMTraps):
1908         (JSC::VMTraps::needTrapHandling):
1909         (JSC::VMTraps::notifyGrabAllLocks):
1910         (JSC::VMTraps::SignalSender::SignalSender):
1911         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1912         * tools/VMInspector.cpp:
1913         * tools/VMInspector.h:
1914         (JSC::VMInspector::getLock):
1915         (JSC::VMInspector::iterate):
1916
1917 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1918
1919         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1920         https://bugs.webkit.org/show_bug.cgi?id=169215
1921
1922         Reviewed by Mark Lam.
1923         
1924         This doesn't have a test because it would be a very complicated test.
1925
1926         * runtime/JSObject.h:
1927         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1928
1929 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1930
1931         WTF should make it super easy to do ARM concurrency tricks
1932         https://bugs.webkit.org/show_bug.cgi?id=169300
1933
1934         Reviewed by Mark Lam.
1935         
1936         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1937         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1938         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1939         machine code, I found other opportunities for improvement, like inlining the "am I
1940         marked" part of the marking functions.
1941
1942         * heap/Heap.cpp:
1943         (JSC::Heap::setGCDidJIT):
1944         * heap/HeapInlines.h:
1945         (JSC::Heap::testAndSetMarked):
1946         * heap/LargeAllocation.h:
1947         (JSC::LargeAllocation::isMarked):
1948         (JSC::LargeAllocation::isMarkedConcurrently):
1949         (JSC::LargeAllocation::aboutToMark):
1950         (JSC::LargeAllocation::testAndSetMarked):
1951         * heap/MarkedBlock.h:
1952         (JSC::MarkedBlock::areMarksStaleWithDependency):
1953         (JSC::MarkedBlock::aboutToMark):
1954         (JSC::MarkedBlock::isMarkedConcurrently):
1955         (JSC::MarkedBlock::isMarked):
1956         (JSC::MarkedBlock::testAndSetMarked):
1957         * heap/SlotVisitor.cpp:
1958         (JSC::SlotVisitor::appendSlow):
1959         (JSC::SlotVisitor::appendHiddenSlow):
1960         (JSC::SlotVisitor::appendHiddenSlowImpl):
1961         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1962         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1963         (JSC::SlotVisitor::appendHidden): Deleted.
1964         * heap/SlotVisitor.h:
1965         * heap/SlotVisitorInlines.h:
1966         (JSC::SlotVisitor::appendUnbarriered):
1967         (JSC::SlotVisitor::appendHidden):
1968         (JSC::SlotVisitor::append):
1969         (JSC::SlotVisitor::appendValues):
1970         (JSC::SlotVisitor::appendValuesHidden):
1971         * runtime/CustomGetterSetter.cpp:
1972         * runtime/JSObject.cpp:
1973         (JSC::JSObject::visitButterflyImpl):
1974         * runtime/JSObject.h:
1975
1976 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1977
1978         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1979         https://bugs.webkit.org/show_bug.cgi?id=160124
1980
1981         Reviewed by Mark Lam.
1982
1983         When performing CallVarargs, we will copy values to the stack.
1984         Before actually copying values, we need to adjust the stackPointerRegister
1985         to ensure copied values are in the allocated stack area.
1986         If we do not that, OS can break the values that is stored beyond the stack
1987         pointer. For example, signal stack can be constructed on these area, and
1988         breaks values.
1989
1990         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1991         in Linux port. Since Linux ports use signal to suspend and resume threads,
1992         signal handler is frequently called when enabling sampling profiler. Thus this
1993         crash occurs.
1994
1995         * dfg/DFGSpeculativeJIT32_64.cpp:
1996         (JSC::DFG::SpeculativeJIT::emitCall):
1997         * dfg/DFGSpeculativeJIT64.cpp:
1998         (JSC::DFG::SpeculativeJIT::emitCall):
1999         * ftl/FTLLowerDFGToB3.cpp:
2000         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
2001         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
2002         * jit/SetupVarargsFrame.cpp:
2003         (JSC::emitSetupVarargsFrameFastCase):
2004         * jit/SetupVarargsFrame.h:
2005
2006 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
2007
2008         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
2009         https://bugs.webkit.org/show_bug.cgi?id=164892
2010         <rdar://problem/29320562>
2011
2012         Reviewed by Brian Burg.
2013
2014         * inspector/protocol/Network.json:
2015         Replace "fromDiskCache" property with "source" property which includes
2016         more complete information about the source of this response (network,
2017         memory cache, disk cache, or unknown).
2018
2019         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2020         (_generate_class_for_object_declaration):
2021         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2022         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2023         * inspector/scripts/codegen/generator.py:
2024         (Generator):
2025         (Generator.open_fields):
2026         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
2027         enum and open accessor string symbol that would have the same name, only generate
2028         a specific list of open accessor strings. This reduces the list of exported
2029         symbols from all properties to just the ones that are needed. This can be
2030         cleaned up later if needed.
2031
2032         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
2033         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
2034         Test for open accessors generation.
2035
2036 2017-03-08  Keith Miller  <keith_miller@apple.com>
2037
2038         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
2039         https://bugs.webkit.org/show_bug.cgi?id=169290
2040
2041         Reviewed by Saam Barati.
2042
2043         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
2044         of some wasm fast memory.
2045
2046         * wasm/WasmFaultSignalHandler.cpp:
2047         (JSC::Wasm::trapHandler):
2048         (JSC::Wasm::enableFastMemory):
2049         * wasm/WasmMemory.cpp:
2050         (JSC::Wasm::activeFastMemories):
2051         (JSC::Wasm::viewActiveFastMemories):
2052         (JSC::Wasm::tryGetFastMemory):
2053         (JSC::Wasm::releaseFastMemory):
2054         * wasm/WasmMemory.h:
2055
2056 2017-03-07  Dean Jackson  <dino@apple.com>
2057
2058         Some platforms won't be able to create a GPUDevice
2059         https://bugs.webkit.org/show_bug.cgi?id=169314
2060         <rdar://problems/30907521>
2061
2062         Reviewed by Jon Lee.
2063
2064         Disable WEB_GPU on the iOS Simulator.
2065
2066         * Configurations/FeatureDefines.xcconfig:
2067
2068 2017-03-06  Saam Barati  <sbarati@apple.com>
2069
2070         WebAssembly: Implement the WebAssembly.instantiate API
2071         https://bugs.webkit.org/show_bug.cgi?id=165982
2072         <rdar://problem/29760110>
2073
2074         Reviewed by Keith Miller.
2075
2076         This patch is a straight forward implementation of the WebAssembly.instantiate
2077         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
2078         
2079         I implemented the API in a synchronous manner. We should make it
2080         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
2081
2082         * wasm/JSWebAssembly.cpp:
2083         (JSC::webAssemblyCompileFunc):
2084         (JSC::webAssemblyInstantiateFunc):
2085         (JSC::JSWebAssembly::finishCreation):
2086         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2087         (JSC::constructJSWebAssemblyInstance):
2088         (JSC::WebAssemblyInstanceConstructor::createInstance):
2089         * wasm/js/WebAssemblyInstanceConstructor.h:
2090         * wasm/js/WebAssemblyModuleConstructor.cpp:
2091         (JSC::constructJSWebAssemblyModule):
2092         (JSC::WebAssemblyModuleConstructor::createModule):
2093         * wasm/js/WebAssemblyModuleConstructor.h:
2094
2095 2017-03-06  Michael Saboff  <msaboff@apple.com>
2096
2097         Take advantage of fast permissions switching of JIT memory for devices that support it
2098         https://bugs.webkit.org/show_bug.cgi?id=169155
2099
2100         Reviewed by Saam Barati.
2101
2102         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
2103         control access to JIT memory.
2104
2105         Had to update the Xcode config files to handle various build variations of
2106         public and internal SDKs.
2107
2108         * Configurations/Base.xcconfig:
2109         * Configurations/FeatureDefines.xcconfig:
2110         * jit/ExecutableAllocator.cpp:
2111         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
2112         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
2113         * jit/ExecutableAllocator.h:
2114         (JSC::performJITMemcpy):
2115
2116 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
2117
2118         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
2119         https://bugs.webkit.org/show_bug.cgi?id=168502
2120
2121         Reviewed by Filip Pizlo.
2122
2123         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
2124
2125 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
2126
2127         op_get_by_id_with_this should use inline caching
2128         https://bugs.webkit.org/show_bug.cgi?id=162124
2129
2130         Reviewed by Saam Barati.
2131
2132         This patch is enabling inline cache for op_get_by_id_with_this in all
2133         tiers. It means that operations using ```super.member``` are going to
2134         be able to be optimized by PIC. To enable it, we introduced a new
2135         member of StructureStubInfo.patch named thisGPR, created a new class
2136         to manage the IC named JITGetByIdWithThisGenerator and changed
2137         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
2138         to decide the correct this value on inline caches.
2139         With inline cached enabled, ```super.member``` are ~4.5x faster,
2140         according microbenchmarks.
2141
2142         * bytecode/AccessCase.cpp:
2143         (JSC::AccessCase::generateImpl):
2144         * bytecode/PolymorphicAccess.cpp:
2145         (JSC::PolymorphicAccess::regenerate):
2146         * bytecode/PolymorphicAccess.h:
2147         * bytecode/StructureStubInfo.cpp:
2148         (JSC::StructureStubInfo::reset):
2149         * bytecode/StructureStubInfo.h:
2150         * dfg/DFGFixupPhase.cpp:
2151         (JSC::DFG::FixupPhase::fixupNode):
2152         * dfg/DFGJITCompiler.cpp:
2153         (JSC::DFG::JITCompiler::link):
2154         * dfg/DFGJITCompiler.h:
2155         (JSC::DFG::JITCompiler::addGetByIdWithThis):
2156         * dfg/DFGSpeculativeJIT.cpp:
2157         (JSC::DFG::SpeculativeJIT::compileIn):
2158         * dfg/DFGSpeculativeJIT.h:
2159         (JSC::DFG::SpeculativeJIT::callOperation):
2160         * dfg/DFGSpeculativeJIT32_64.cpp:
2161         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2162         (JSC::DFG::SpeculativeJIT::compile):
2163         * dfg/DFGSpeculativeJIT64.cpp:
2164         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2165         (JSC::DFG::SpeculativeJIT::compile):
2166         * ftl/FTLLowerDFGToB3.cpp:
2167         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
2168         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
2169         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
2170         * jit/CCallHelpers.h:
2171         (JSC::CCallHelpers::setupArgumentsWithExecState):
2172         * jit/ICStats.h:
2173         * jit/JIT.cpp:
2174         (JSC::JIT::JIT):
2175         (JSC::JIT::privateCompileSlowCases):
2176         (JSC::JIT::link):
2177         * jit/JIT.h:
2178         * jit/JITInlineCacheGenerator.cpp:
2179         (JSC::JITByIdGenerator::JITByIdGenerator):
2180         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2181         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
2182         * jit/JITInlineCacheGenerator.h:
2183         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2184         * jit/JITInlines.h:
2185         (JSC::JIT::callOperation):
2186         * jit/JITOperations.cpp:
2187         * jit/JITOperations.h:
2188         * jit/JITPropertyAccess.cpp:
2189         (JSC::JIT::emit_op_get_by_id_with_this):
2190         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2191         * jit/JITPropertyAccess32_64.cpp:
2192         (JSC::JIT::emit_op_get_by_id_with_this):
2193         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2194         * jit/Repatch.cpp:
2195         (JSC::appropriateOptimizingGetByIdFunction):
2196         (JSC::appropriateGenericGetByIdFunction):
2197         (JSC::tryCacheGetByID):
2198         * jit/Repatch.h:
2199         * jsc.cpp:
2200         (WTF::CustomGetter::getOwnPropertySlot):
2201         (WTF::CustomGetter::customGetterAcessor):
2202
2203 2017-03-06  Saam Barati  <sbarati@apple.com>
2204
2205         WebAssembly: implement init_expr for Element
2206         https://bugs.webkit.org/show_bug.cgi?id=165888
2207         <rdar://problem/29760199>
2208
2209         Reviewed by Keith Miller.
2210
2211         This patch fixes a few bugs. The main change is allowing init_expr
2212         for the Element's offset. To do this, I had to fix a couple of
2213         other bugs:
2214         
2215         - I removed our invalid early module-parse-time invalidation
2216         of out of bound Element sections. This is not in the spec because
2217         it can't be validated in the general case when the offset is a
2218         get_global.
2219         
2220         - Our get_global validation inside our init_expr parsing code was simply wrong.
2221         It thought that the index operand to get_global went into the pool of imports,
2222         but it does not. It indexes into the pool of globals. I changed the code to
2223         refer to the global pool instead.
2224
2225         * wasm/WasmFormat.h:
2226         (JSC::Wasm::Element::Element):
2227         * wasm/WasmModuleParser.cpp:
2228         * wasm/js/WebAssemblyModuleRecord.cpp:
2229         (JSC::WebAssemblyModuleRecord::evaluate):
2230
2231 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2232
2233         [JSC] Allow indexed module namespace object fields
2234         https://bugs.webkit.org/show_bug.cgi?id=168870
2235
2236         Reviewed by Saam Barati.
2237
2238         While JS modules cannot expose any indexed bindings,
2239         Wasm modules can expose them. However, module namespace
2240         object currently does not support indexed properties.
2241         This patch allows module namespace objects to offer
2242         indexed binding accesses.
2243
2244         * runtime/JSModuleNamespaceObject.cpp:
2245         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
2246         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
2247         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
2248         * runtime/JSModuleNamespaceObject.h:
2249
2250 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2251
2252         Null pointer crash when loading module with unresolved import also as a script file
2253         https://bugs.webkit.org/show_bug.cgi?id=168971
2254
2255         Reviewed by Saam Barati.
2256
2257         If linking throws an error, this error should be re-thrown
2258         when requesting the same module.
2259
2260         * builtins/ModuleLoaderPrototype.js:
2261         (globalPrivate.newRegistryEntry):
2262         * runtime/JSModuleRecord.cpp:
2263         (JSC::JSModuleRecord::link):
2264
2265 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2266
2267         [GTK][JSCOnly] Enable WebAssembly on Linux environment
2268         https://bugs.webkit.org/show_bug.cgi?id=164032
2269
2270         Reviewed by Michael Catanzaro.
2271
2272         This patch enables WebAssembly on JSCOnly and GTK ports.
2273         Basically, almost all the WASM code is portable to Linux.
2274         One platform-dependent part is faster memory load using SIGBUS
2275         signal handler. This patch ports this part to Linux.
2276
2277         * CMakeLists.txt:
2278         * llint/LLIntSlowPaths.cpp:
2279         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2280         * wasm/WasmFaultSignalHandler.cpp:
2281         (JSC::Wasm::trapHandler):
2282         (JSC::Wasm::enableFastMemory):
2283
2284 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
2285
2286         Currency digits calculation in Intl.NumberFormat should call out to ICU
2287         https://bugs.webkit.org/show_bug.cgi?id=169182
2288
2289         Reviewed by Yusuke Suzuki.
2290
2291         * runtime/IntlNumberFormat.cpp:
2292         (JSC::computeCurrencyDigits):
2293         (JSC::computeCurrencySortKey): Deleted.
2294         (JSC::extractCurrencySortKey): Deleted.
2295
2296 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
2297
2298         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
2299         https://bugs.webkit.org/show_bug.cgi?id=168869
2300
2301         Reviewed by Keith Miller.
2302
2303         * b3/B3Width.h:
2304         * wasm/WasmSections.h:
2305
2306 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
2307
2308         [ARM] Unreviewed buildfix after r213376.
2309
2310         * assembler/ARMAssembler.h:
2311         (JSC::ARMAssembler::isBkpt): Typo fixed.
2312
2313 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
2314
2315         [JSC] build fix after r213399
2316         https://bugs.webkit.org/show_bug.cgi?id=169154
2317
2318         Unreviewed.
2319
2320         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
2321
2322 2017-03-03  Dean Jackson  <dino@apple.com>
2323
2324         Add WebGPU compile flag and experimental feature flag
2325         https://bugs.webkit.org/show_bug.cgi?id=169161
2326         <rdar://problem/30846689>
2327
2328         Reviewed by Tim Horton.
2329
2330         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
2331         and an InternalSetting.
2332
2333         * Configurations/FeatureDefines.xcconfig:
2334
2335 2017-03-03  Michael Saboff  <msaboff@apple.com>
2336
2337         Add support for relative pathnames to JSC config files
2338         https://bugs.webkit.org/show_bug.cgi?id=169154
2339
2340         Reviewed by Saam Barati.
2341
2342         If the config file is a relative path, prepend the current working directory.
2343         After canonicalizing the config file path, we extract its directory path and
2344         use that for the directory for a relative log pathname.
2345
2346         * runtime/ConfigFile.cpp:
2347         (JSC::ConfigFile::ConfigFile):
2348         (JSC::ConfigFile::parse):
2349         (JSC::ConfigFile::canonicalizePaths):
2350         * runtime/ConfigFile.h:
2351
2352 2017-03-03  Michael Saboff  <msaboff@apple.com>
2353
2354         Add load / store exclusive instruction group to ARM64 disassembler
2355         https://bugs.webkit.org/show_bug.cgi?id=169152
2356
2357         Reviewed by Filip Pizlo.
2358
2359         * disassembler/ARM64/A64DOpcode.cpp:
2360         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
2361         * disassembler/ARM64/A64DOpcode.h:
2362         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
2363         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
2364         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
2365         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
2366         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
2367         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
2368         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
2369         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
2370         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
2371
2372 2017-03-03  Keith Miller  <keith_miller@apple.com>
2373
2374         WASM should support faster loads.
2375         https://bugs.webkit.org/show_bug.cgi?id=162693
2376
2377         Reviewed by Saam Barati.
2378
2379         This patch adds support for WebAssembly using a 32-bit address
2380         space for memory (along with some extra space for offset
2381         overflow). With a 32-bit address space (we call them
2382         Signaling/fast memories), we reserve the virtual address space for
2383         2^32 + offset bytes of memory and only mark the usable section as
2384         read/write. If wasm code would read/write out of bounds we use a
2385         custom signal handler to catch the SIGBUS. The signal handler then
2386         checks if the faulting instruction is wasm code and tells the
2387         thread to resume executing from the wasm exception
2388         handler. Otherwise, the signal handler crashes the process, as
2389         usual.
2390
2391         All of the allocations of these memories are managed by the
2392         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
2393         old Signaling memories that are no longer in use. Since getting
2394         the wrong memory can cause recompiles, we try to reserve a memory
2395         for modules that do not import a memory. If a module does import a
2396         memory, we try to guess the type of memory we are going to get
2397         based on the last one allocated.
2398
2399         This patch also changes how the wasm JS-api manages objects. Since
2400         we can compile different versions of code, this patch adds a new
2401         JSWebAssemblyCodeBlock class that holds all the information
2402         specific to running a module in a particular bounds checking
2403         mode. Additionally, the Wasm::Memory object is now a reference
2404         counted class that is shared between the JSWebAssemblyMemory
2405         object and the ArrayBuffer that also views it.
2406
2407         * JavaScriptCore.xcodeproj/project.pbxproj:
2408         * jit/JITThunks.cpp:
2409         (JSC::JITThunks::existingCTIStub):
2410         * jit/JITThunks.h:
2411         * jsc.cpp:
2412         (jscmain):
2413         * runtime/Options.h:
2414         * runtime/VM.cpp:
2415         (JSC::VM::VM):
2416         * runtime/VM.h:
2417         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
2418         (JSC::JSWebAssemblyCodeBlock::create):
2419         (JSC::JSWebAssemblyCodeBlock::createStructure):
2420         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
2421         (JSC::JSWebAssemblyCodeBlock::mode):
2422         (JSC::JSWebAssemblyCodeBlock::module):
2423         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
2424         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
2425         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
2426         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
2427         (JSC::JSWebAssemblyCodeBlock::callees):
2428         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
2429         (JSC::JSWebAssemblyCodeBlock::allocationSize):
2430         * wasm/WasmB3IRGenerator.cpp:
2431         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2432         (JSC::Wasm::getMemoryBaseAndSize):
2433         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
2434         (JSC::Wasm::B3IRGenerator::emitLoadOp):
2435         (JSC::Wasm::B3IRGenerator::emitStoreOp):
2436         * wasm/WasmCallingConvention.h:
2437         * wasm/WasmFaultSignalHandler.cpp: Added.
2438         (JSC::Wasm::trapHandler):
2439         (JSC::Wasm::registerCode):
2440         (JSC::Wasm::unregisterCode):
2441         (JSC::Wasm::fastMemoryEnabled):
2442         (JSC::Wasm::enableFastMemory):
2443         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
2444         * wasm/WasmFormat.h:
2445         (JSC::Wasm::ModuleInformation::importFunctionCount):
2446         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
2447         * wasm/WasmMemory.cpp:
2448         (JSC::Wasm::mmapBytes):
2449         (JSC::Wasm::Memory::lastAllocatedMode):
2450         (JSC::Wasm::availableFastMemories):
2451         (JSC::Wasm::tryGetFastMemory):
2452         (JSC::Wasm::releaseFastMemory):
2453         (JSC::Wasm::Memory::Memory):
2454         (JSC::Wasm::Memory::createImpl):
2455         (JSC::Wasm::Memory::create):
2456         (JSC::Wasm::Memory::~Memory):
2457         (JSC::Wasm::Memory::grow):
2458         (JSC::Wasm::Memory::dump):
2459         (JSC::Wasm::Memory::makeString):
2460         * wasm/WasmMemory.h:
2461         (JSC::Wasm::Memory::operator bool):
2462         (JSC::Wasm::Memory::size):
2463         (JSC::Wasm::Memory::check):
2464         (JSC::Wasm::Memory::Memory): Deleted.
2465         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
2466         (JSC::Wasm::Memory::offsetOfSize): Deleted.
2467         * wasm/WasmMemoryInformation.cpp:
2468         (JSC::Wasm::MemoryInformation::MemoryInformation):
2469         * wasm/WasmMemoryInformation.h:
2470         (JSC::Wasm::MemoryInformation::hasReservedMemory):
2471         (JSC::Wasm::MemoryInformation::takeReservedMemory):
2472         (JSC::Wasm::MemoryInformation::mode):
2473         * wasm/WasmModuleParser.cpp:
2474         * wasm/WasmModuleParser.h:
2475         (JSC::Wasm::ModuleParser::ModuleParser):
2476         * wasm/WasmPlan.cpp:
2477         (JSC::Wasm::Plan::parseAndValidateModule):
2478         (JSC::Wasm::Plan::run):
2479         * wasm/WasmPlan.h:
2480         (JSC::Wasm::Plan::mode):
2481         * wasm/js/JSWebAssemblyCallee.cpp:
2482         (JSC::JSWebAssemblyCallee::finishCreation):
2483         (JSC::JSWebAssemblyCallee::destroy):
2484         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
2485         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
2486         (JSC::JSWebAssemblyCodeBlock::destroy):
2487         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
2488         (JSC::JSWebAssemblyCodeBlock::visitChildren):
2489         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
2490         * wasm/js/JSWebAssemblyInstance.cpp:
2491         (JSC::JSWebAssemblyInstance::setMemory):
2492         (JSC::JSWebAssemblyInstance::finishCreation):
2493         (JSC::JSWebAssemblyInstance::visitChildren):
2494         * wasm/js/JSWebAssemblyInstance.h:
2495         (JSC::JSWebAssemblyInstance::module):
2496         (JSC::JSWebAssemblyInstance::codeBlock):
2497         (JSC::JSWebAssemblyInstance::memoryMode):
2498         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
2499         * wasm/js/JSWebAssemblyMemory.cpp:
2500         (JSC::JSWebAssemblyMemory::create):
2501         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
2502         (JSC::JSWebAssemblyMemory::buffer):
2503         (JSC::JSWebAssemblyMemory::grow):
2504         (JSC::JSWebAssemblyMemory::destroy):
2505         * wasm/js/JSWebAssemblyMemory.h:
2506         (JSC::JSWebAssemblyMemory::memory):
2507         (JSC::JSWebAssemblyMemory::offsetOfMemory):
2508         (JSC::JSWebAssemblyMemory::offsetOfSize):
2509         * wasm/js/JSWebAssemblyModule.cpp:
2510         (JSC::JSWebAssemblyModule::buildCodeBlock):
2511         (JSC::JSWebAssemblyModule::create):
2512         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2513         (JSC::JSWebAssemblyModule::codeBlock):
2514         (JSC::JSWebAssemblyModule::finishCreation):
2515         (JSC::JSWebAssemblyModule::visitChildren):
2516         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
2517         * wasm/js/JSWebAssemblyModule.h:
2518         (JSC::JSWebAssemblyModule::takeReservedMemory):
2519         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
2520         (JSC::JSWebAssemblyModule::codeBlock):
2521         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
2522         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
2523         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
2524         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
2525         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
2526         (JSC::JSWebAssemblyModule::callees): Deleted.
2527         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
2528         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
2529         * wasm/js/WebAssemblyFunction.cpp:
2530         (JSC::callWebAssemblyFunction):
2531         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2532         (JSC::constructJSWebAssemblyInstance):
2533         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2534         (JSC::constructJSWebAssemblyMemory):
2535         * wasm/js/WebAssemblyModuleConstructor.cpp:
2536         (JSC::WebAssemblyModuleConstructor::createModule):
2537         * wasm/js/WebAssemblyModuleRecord.cpp:
2538         (JSC::WebAssemblyModuleRecord::link):
2539         (JSC::WebAssemblyModuleRecord::evaluate):
2540
2541 2017-03-03  Mark Lam  <mark.lam@apple.com>
2542
2543         Gardening: fix broken ARM64 build.
2544         https://bugs.webkit.org/show_bug.cgi?id=169139
2545
2546         Not reviewed.
2547
2548         * assembler/ARM64Assembler.h:
2549         (JSC::ARM64Assembler::excepnGenerationImmMask):
2550
2551 2017-03-03  Mark Lam  <mark.lam@apple.com>
2552
2553         Add MacroAssembler::isBreakpoint() query function.
2554         https://bugs.webkit.org/show_bug.cgi?id=169139
2555
2556         Reviewed by Michael Saboff.
2557
2558         This will be needed soon when we use breakpoint instructions to implement
2559         non-polling VM traps, and need to discern between a VM trap signal and a genuine
2560         assertion breakpoint.
2561
2562         * assembler/ARM64Assembler.h:
2563         (JSC::ARM64Assembler::isBrk):
2564         (JSC::ARM64Assembler::excepnGenerationImmMask):
2565         * assembler/ARMAssembler.h:
2566         (JSC::ARMAssembler::isBkpt):
2567         * assembler/ARMv7Assembler.h:
2568         (JSC::ARMv7Assembler::isBkpt):
2569         * assembler/MIPSAssembler.h:
2570         (JSC::MIPSAssembler::isBkpt):
2571         * assembler/MacroAssemblerARM.h:
2572         (JSC::MacroAssemblerARM::isBreakpoint):
2573         * assembler/MacroAssemblerARM64.h:
2574         (JSC::MacroAssemblerARM64::isBreakpoint):
2575         * assembler/MacroAssemblerARMv7.h:
2576         (JSC::MacroAssemblerARMv7::isBreakpoint):
2577         * assembler/MacroAssemblerMIPS.h:
2578         (JSC::MacroAssemblerMIPS::isBreakpoint):
2579         * assembler/MacroAssemblerX86Common.h:
2580         (JSC::MacroAssemblerX86Common::isBreakpoint):
2581         * assembler/X86Assembler.h:
2582         (JSC::X86Assembler::isInt3):
2583
2584 2017-03-03  Mark Lam  <mark.lam@apple.com>
2585
2586         We should only check for traps that we're able to handle.
2587         https://bugs.webkit.org/show_bug.cgi?id=169136
2588
2589         Reviewed by Michael Saboff.
2590
2591         The execute methods in interpreter were checking for the existence of any traps
2592         (without masking) and only handling a subset of those via a mask.  This can
2593         result in a failed assertion on debug builds.
2594
2595         This patch fixes this by applying the same mask for both the needTrapHandling()
2596         check and the handleTraps() call.  Also added a few assertions.
2597
2598         * interpreter/Interpreter.cpp:
2599         (JSC::Interpreter::executeProgram):
2600         (JSC::Interpreter::executeCall):
2601         (JSC::Interpreter::executeConstruct):
2602         (JSC::Interpreter::execute):
2603         * jit/JITOperations.cpp:
2604         * llint/LLIntSlowPaths.cpp:
2605         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2606
2607 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
2608
2609         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
2610         https://bugs.webkit.org/show_bug.cgi?id=169074
2611
2612         Reviewed by Joseph Pecoraro.
2613
2614         They are not actually cocoa specific.
2615
2616         * inspector/remote/RemoteInspector.cpp:
2617         (Inspector::RemoteInspector::updateTargetListing):
2618         * inspector/remote/RemoteInspector.h:
2619         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2620
2621 2017-03-02  Mark Lam  <mark.lam@apple.com>
2622
2623         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
2624         https://bugs.webkit.org/show_bug.cgi?id=169089
2625
2626         Reviewed by Tim Horton and Joseph Pecoraro.
2627
2628         * runtime/VM.cpp:
2629         (JSC::VM::handleTraps):
2630         * runtime/VM.h:
2631         (JSC::VM::notifyNeedDebuggerBreak):
2632
2633 2017-03-02  Michael Saboff  <msaboff@apple.com>
2634
2635         Add JSC identity when code signing to allow debugging on iOS
2636         https://bugs.webkit.org/show_bug.cgi?id=169099
2637
2638         Reviewed by Filip Pizlo.
2639
2640         * Configurations/JSC.xcconfig:
2641         * Configurations/ToolExecutable.xcconfig:
2642
2643 2017-03-02  Keith Miller  <keith_miller@apple.com>
2644
2645         WebAssemblyFunction should have Function.prototype as its prototype
2646         https://bugs.webkit.org/show_bug.cgi?id=169101
2647
2648         Reviewed by Filip Pizlo.
2649
2650         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
2651         objects should have Function.prototype as their prototype.
2652
2653         * runtime/JSGlobalObject.cpp:
2654         (JSC::JSGlobalObject::init):
2655
2656 2017-03-02  Mark Lam  <mark.lam@apple.com>
2657
2658         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
2659         https://bugs.webkit.org/show_bug.cgi?id=169088
2660
2661         Reviewed by Keith Miller.
2662
2663         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
2664         generated.  This is useful for testing purposes until we have signal based
2665         traps, at which point, we will always emit the op_check_traps bytecode and remove
2666         this option.
2667
2668         Options::usePollingTraps() enables the use of polling VM traps all the time.
2669         This will be useful for benchmark comparisons, (between polling and non-polling
2670         traps), as well as for forcing polling traps later for ports that don't support
2671         signal based traps.
2672
2673         Note: signal based traps are not fully implemented yet.  As a result, if the VM
2674         watchdog is in use, we will force Options::usePollingTraps() to be true.
2675
2676         * bytecompiler/BytecodeGenerator.cpp:
2677         (JSC::BytecodeGenerator::emitCheckTraps):
2678         * dfg/DFGClobberize.h:
2679         (JSC::DFG::clobberize):
2680         * dfg/DFGSpeculativeJIT.cpp:
2681         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2682         * dfg/DFGSpeculativeJIT32_64.cpp:
2683         (JSC::DFG::SpeculativeJIT::compile):
2684         * dfg/DFGSpeculativeJIT64.cpp:
2685         (JSC::DFG::SpeculativeJIT::compile):
2686         * ftl/FTLLowerDFGToB3.cpp:
2687         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2688         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2689         * runtime/Options.cpp:
2690         (JSC::recomputeDependentOptions):
2691         * runtime/Options.h:
2692
2693 2017-03-02  Keith Miller  <keith_miller@apple.com>
2694
2695         Fix addressing mode for B3WasmAddress
2696         https://bugs.webkit.org/show_bug.cgi?id=169092
2697
2698         Reviewed by Filip Pizlo.
2699
2700         Fix the potential addressing modes for B3WasmAddress. ARM does not
2701         support a base + index*1 + offset addressing mode. I think when I
2702         read it the first time I assumed it would always work on both ARM
2703         and X86. While true for X86 it's not true for ARM.
2704
2705         * b3/B3LowerToAir.cpp:
2706         (JSC::B3::Air::LowerToAir::effectiveAddr):
2707
2708 2017-03-02  Mark Lam  <mark.lam@apple.com>
2709
2710         Add support for selective handling of VM traps.
2711         https://bugs.webkit.org/show_bug.cgi?id=169087
2712
2713         Reviewed by Keith Miller.
2714
2715         This is needed because there are some places in the VM where it's appropriate to
2716         handle some types of VM traps but not others.
2717
2718         We implement this selection by using a VMTraps::Mask that allows the user to
2719         specify which traps should be serviced.
2720
2721         * interpreter/Interpreter.cpp:
2722         (JSC::Interpreter::executeProgram):
2723         (JSC::Interpreter::executeCall):
2724         (JSC::Interpreter::executeConstruct):
2725         (JSC::Interpreter::execute):
2726         * runtime/VM.cpp:
2727         (JSC::VM::handleTraps):
2728         * runtime/VM.h:
2729         * runtime/VMTraps.cpp:
2730         (JSC::VMTraps::takeTrap): Deleted.
2731         * runtime/VMTraps.h:
2732         (JSC::VMTraps::Mask::Mask):
2733         (JSC::VMTraps::Mask::allEventTypes):
2734         (JSC::VMTraps::Mask::bits):
2735         (JSC::VMTraps::Mask::init):
2736         (JSC::VMTraps::needTrapHandling):
2737         (JSC::VMTraps::hasTrapForEvent):
2738
2739 2017-03-02  Alex Christensen  <achristensen@webkit.org>
2740
2741         Continue enabling WebRTC
2742         https://bugs.webkit.org/show_bug.cgi?id=169056
2743
2744         Reviewed by Jon Lee.
2745
2746         * Configurations/FeatureDefines.xcconfig:
2747
2748 2017-03-02  Tomas Popela  <tpopela@redhat.com>
2749
2750         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
2751         https://bugs.webkit.org/show_bug.cgi?id=169034
2752
2753         Reviewed by Mark Lam.
2754
2755         It should not assign to offset, but compare to offset.
2756
2757         * runtime/JSGlobalObject.cpp:
2758         (JSC::JSGlobalObject::addStaticGlobals):
2759
2760 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2761
2762         Unreviewed, rolling out r213259.
2763
2764         Broke an internal build
2765
2766         Reverted changeset:
2767
2768         "Continue enabling WebRTC"
2769         https://bugs.webkit.org/show_bug.cgi?id=169056
2770         http://trac.webkit.org/changeset/213259
2771
2772 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2773
2774         Continue enabling WebRTC
2775         https://bugs.webkit.org/show_bug.cgi?id=169056
2776
2777         Reviewed by Jon Lee.
2778
2779         * Configurations/FeatureDefines.xcconfig:
2780
2781 2017-03-01  Michael Saboff  <msaboff@apple.com>
2782
2783         Source/JavaScriptCore/ChangeLog
2784         https://bugs.webkit.org/show_bug.cgi?id=169055
2785
2786         Reviewed by Mark Lam.
2787
2788         Made local copies of options strings for OptionRange and string typed options.
2789
2790         * runtime/Options.cpp:
2791         (JSC::parse):
2792         (JSC::OptionRange::init):
2793
2794 2017-03-01  Mark Lam  <mark.lam@apple.com>
2795
2796         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2797         https://bugs.webkit.org/show_bug.cgi?id=168996
2798
2799         Reviewed by Filip Pizlo and Saam Barati.
2800
2801         PlatformThread is more useful because it allows us to:
2802         1. find the MachineThreads::Thread which is associated with it.
2803         2. suspend / resume threads.
2804         3. send a signal to a thread.
2805
2806         We can't do those with std::thread::id.  We will need one or more of these
2807         capabilities to implement non-polling VM traps later.
2808
2809         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2810         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2811         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2812         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2813
2814         * JavaScriptCore.xcodeproj/project.pbxproj:
2815         * heap/MachineStackMarker.cpp:
2816         (JSC::MachineThreads::Thread::createForCurrentThread):
2817         (JSC::MachineThreads::machineThreadForCurrentThread):
2818         (JSC::MachineThreads::removeThread):
2819         (JSC::MachineThreads::Thread::suspend):
2820         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2821         (JSC::getCurrentPlatformThread): Deleted.
2822         * heap/MachineStackMarker.h:
2823         * runtime/JSCellInlines.h:
2824         (JSC::JSCell::classInfo):
2825         * runtime/JSLock.cpp:
2826         (JSC::JSLock::JSLock):
2827         (JSC::JSLock::lock):
2828         (JSC::JSLock::unlock):
2829         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2830         * runtime/JSLock.h:
2831         (JSC::JSLock::ownerThread):
2832         (JSC::JSLock::currentThreadIsHoldingLock):
2833         * runtime/PlatformThread.h: Added.
2834         (JSC::currentPlatformThread):
2835         * runtime/VM.cpp:
2836         (JSC::VM::~VM):
2837         * runtime/VM.h:
2838         (JSC::VM::ownerThread):
2839         * runtime/Watchdog.cpp:
2840         (JSC::Watchdog::setTimeLimit):
2841         (JSC::Watchdog::shouldTerminate):
2842         (JSC::Watchdog::startTimer):
2843         (JSC::Watchdog::stopTimer):
2844         * tools/JSDollarVMPrototype.cpp:
2845         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2846         * tools/VMInspector.cpp:
2847
2848 2017-03-01  Saam Barati  <sbarati@apple.com>
2849
2850         Implement a mega-disassembler that'll be used in the FTL
2851         https://bugs.webkit.org/show_bug.cgi?id=168685
2852
2853         Reviewed by Mark Lam.
2854
2855         This patch extends the previous Air disassembler to print the
2856         DFG and B3 nodes belonging to particular Air instructions.
2857         The algorithm I'm using to do this is not perfect. For example,
2858         it won't try to print the entire DFG/B3 graph. It'll just print
2859         the related nodes for particular Air instructions. We can make the
2860         algorithm more sophisticated as we get more experience looking at
2861         these IR dumps and get a better feel for what we want out of them.
2862
2863         This is an example of the output:
2864
2865         ...
2866         ...
2867         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2868            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2869                Patch &Patchpoint2, %r20, %r20, %r0, @54
2870          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2871            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2872                Move 32(%r20), %r5, @57
2873                       0x389cc9ac0:    ldur   x5, [x20, #32]
2874         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2875            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2876                Move32 (%r5), %r1, @58
2877                       0x389cc9ac4:    ldur   w1, [x5]
2878            Int32 @59 = Const32(DFG:@115, 92)
2879            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2880            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2881                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2882                       0x389cc9ac8:    cmp    w1, #92
2883                       0x389cc9acc:    b.ne   0x389cc9dac
2884         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2885            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2886                Move 8(%r5), %r4, @64
2887                       0x389cc9ad0:    ldur   x4, [x5, #8]
2888          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2889            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2890                Move32 -8(%r4), %r2, @67
2891                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2892       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2893            Int32 @68 = Const32(DFG:@192, -1)
2894                Move $0xffffffffffffffff, %r1, $-1(@68)
2895                       0x389cc9ad8:    mov    x1, #-1
2896          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2897            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2898                Add32 %r2, %r1, %r1, @69
2899                       0x389cc9adc:    add    w1, w2, w1
2900          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2901            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2902            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2903                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2904                       0x389cc9ae0:    cmp    x0, x22
2905                       0x389cc9ae4:    b.lo   0x389cc9dc0
2906            Int32 @72 = Trunc(@53, DFG:@86)
2907            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2908                And32 %r1, %r0, %r1, @73
2909                       0x389cc9ae8:    and    w1, w1, w0
2910            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2911            Int32 @72 = Trunc(@53, DFG:@86)
2912            Int64 @11 = SlotBase(stack0)
2913            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2914                Move32 %r0, -64(%fp), @76
2915                       0x389cc9aec:    stur   w0, [fp, #-64]
2916            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2917            Int64 @77 = ZExt32(@73, DFG:@12)
2918            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2919                Add64 %r1, %r22, %r3, @78
2920                       0x389cc9af0:    add    x3, x1, x22
2921            Int64 @11 = SlotBase(stack0)
2922            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2923                Move %r3, -72(%fp), @81
2924                       0x389cc9af4:    stur   x3, [fp, #-72]
2925            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2926            Int32 @82 = Trunc(@24, DFG:@10)
2927            Int64 @11 = SlotBase(stack0)
2928            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2929                Move32 %r21, -80(%fp), @85
2930                       0x389cc9af8:    stur   w21, [fp, #-80]
2931           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2932            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2933            Void @90 = Branch(@89, DFG:@129, Terminal)
2934                Branch32 AboveOrEqual, %r1, %r2, @90
2935                       0x389cc9afc:    cmp    w1, w2
2936                       0x389cc9b00:    b.hs   0x389cc9bec
2937         ...
2938         ...
2939
2940         * b3/air/AirDisassembler.cpp:
2941         (JSC::B3::Air::Disassembler::dump):
2942         * b3/air/AirDisassembler.h:
2943         * ftl/FTLCompile.cpp:
2944         (JSC::FTL::compile):
2945         * ftl/FTLLowerDFGToB3.cpp:
2946         (JSC::FTL::DFG::LowerDFGToB3::lower):
2947         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2948         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2949         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2950         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2951
2952 2017-03-01  Mark Lam  <mark.lam@apple.com>
2953
2954         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2955         https://bugs.webkit.org/show_bug.cgi?id=169042
2956
2957         Not reviewed.
2958
2959         Rolling out r213229 and r213202.
2960
2961         * JavaScriptCore.xcodeproj/project.pbxproj:
2962         * heap/MachineStackMarker.cpp:
2963         (JSC::getCurrentPlatformThread):
2964         (JSC::MachineThreads::Thread::createForCurrentThread):
2965         (JSC::MachineThreads::machineThreadForCurrentThread):
2966         (JSC::MachineThreads::removeThread):
2967         (JSC::MachineThreads::Thread::suspend):
2968         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2969         * heap/MachineStackMarker.h:
2970         * runtime/JSCellInlines.h:
2971         (JSC::JSCell::classInfo):
2972         * runtime/JSLock.cpp:
2973         (JSC::JSLock::JSLock):
2974         (JSC::JSLock::lock):
2975         (JSC::JSLock::unlock):
2976         (JSC::JSLock::currentThreadIsHoldingLock):
2977         * runtime/JSLock.h:
2978         (JSC::JSLock::ownerThread):
2979         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2980         * runtime/PlatformThread.h: Removed.
2981         * runtime/VM.cpp:
2982         (JSC::VM::~VM):
2983         * runtime/VM.h:
2984         (JSC::VM::ownerThread):
2985         * runtime/Watchdog.cpp:
2986         (JSC::Watchdog::setTimeLimit):
2987         (JSC::Watchdog::shouldTerminate):
2988         (JSC::Watchdog::startTimer):
2989         (JSC::Watchdog::stopTimer):
2990         * tools/JSDollarVMPrototype.cpp:
2991         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2992         * tools/VMInspector.cpp:
2993
2994 2017-03-01  Mark Lam  <mark.lam@apple.com>
2995
2996         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2997         https://bugs.webkit.org/show_bug.cgi?id=169042
2998
2999         Reviewed by Filip Pizlo.
3000
3001         * runtime/JSLock.h:
3002         (JSC::JSLock::currentThreadIsHoldingLock):
3003
3004 2017-02-28  Brian Burg  <bburg@apple.com>
3005
3006         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
3007         https://bugs.webkit.org/show_bug.cgi?id=168695
3008         <rdar://problem/30643899>
3009
3010         Reviewed by Joseph Pecoraro.
3011
3012         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
3013         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
3014         to gather listing information for RemoteAutomationTargets.
3015
3016         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
3017         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
3018         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
3019
3020         * inspector/remote/RemoteInspector.h:
3021         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
3022
3023         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
3024         (Inspector::RemoteConnectionToTarget::setup):
3025         (Inspector::RemoteConnectionToTarget::close):
3026         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
3027         and use it inside the block later after it may have been destructed already. If that happens,
3028         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
3029
3030         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
3031         (Inspector::RemoteInspector::updateTargetListing):
3032         We need to make sure to request a listing push after the target is updated, so implicitly call
3033         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
3034
3035         (Inspector::RemoteInspector::receivedSetupMessage):
3036         (Inspector::RemoteInspector::receivedDidCloseMessage):
3037         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
3038         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
3039         and asynchronously on the target's queue when the connection to target is opened or closed.
3040
3041 2017-03-01  Tomas Popela  <tpopela@redhat.com>
3042
3043         Leak under Options::setOptions
3044         https://bugs.webkit.org/show_bug.cgi?id=169029
3045
3046         Reviewed by Michael Saboff.
3047
3048         Don't leak the optionsStrCopy variable.
3049
3050         * runtime/Options.cpp:
3051         (JSC::Options::setOptions):
3052
3053 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
3054
3055         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
3056         https://bugs.webkit.org/show_bug.cgi?id=168968
3057
3058         Reviewed by Saam Barati.
3059
3060         This patch decouples dumping bytecode sequence from CodeBlock.
3061         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
3062         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
3063         called Generatorification.
3064
3065         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
3066         this class to dump bytecode sequence.
3067
3068         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
3069         which dumps unlinked bytecode sequence before generatorification if it is enabled.
3070
3071         * CMakeLists.txt:
3072         * JavaScriptCore.xcodeproj/project.pbxproj:
3073         * bytecode/BytecodeDumper.cpp: Added.
3074         (JSC::getStructureID):
3075         (JSC::getSpecialPointer):
3076         (JSC::getPutByIdFlags):
3077         (JSC::getToThisStatus):
3078         (JSC::getPointer):
3079         (JSC::getStructureChain):
3080         (JSC::getStructure):
3081         (JSC::getCallLinkInfo):
3082         (JSC::getBasicBlockLocation):
3083         (JSC::BytecodeDumper<Block>::actualPointerFor):
3084         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
3085         (JSC::beginDumpProfiling):
3086         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
3087         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
3088         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
3089         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
3090         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
3091         (JSC::dumpRareCaseProfile):
3092         (JSC::dumpArithProfile):
3093         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
3094         (JSC::BytecodeDumper<Block>::vm):
3095         (JSC::BytecodeDumper<Block>::identifier):
3096         (JSC::regexpToSourceString):
3097         (JSC::regexpName):
3098         (JSC::printLocationAndOp):
3099         (JSC::isConstantRegisterIndex):
3100         (JSC::debugHookName):
3101         (JSC::BytecodeDumper<Block>::registerName):
3102         (JSC::idName):
3103         (JSC::BytecodeDumper<Block>::constantName):
3104         (JSC::BytecodeDumper<Block>::printUnaryOp):
3105         (JSC::BytecodeDumper<Block>::printBinaryOp):
3106         (JSC::BytecodeDumper<Block>::printConditionalJump):
3107         (JSC::BytecodeDumper<Block>::printGetByIdOp):
3108         (JSC::dumpStructure):
3109         (JSC::dumpChain):
3110         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
3111         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
3112         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
3113         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
3114         (JSC::BytecodeDumper<Block>::printCallOp):
3115         (JSC::BytecodeDumper<Block>::printPutByIdOp):
3116         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
3117         (JSC::BytecodeDumper<Block>::dumpBytecode):
3118         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
3119         (JSC::BytecodeDumper<Block>::dumpConstants):
3120         (JSC::BytecodeDumper<Block>::dumpRegExps):
3121         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
3122         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
3123         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
3124         (JSC::BytecodeDumper<Block>::dumpBlock):
3125         * bytecode/BytecodeDumper.h: Added.
3126         (JSC::BytecodeDumper::BytecodeDumper):
3127         (JSC::BytecodeDumper::block):
3128         (JSC::BytecodeDumper::instructionsBegin):
3129         * bytecode/BytecodeGeneratorification.cpp:
3130         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
3131         (JSC::performGeneratorification):
3132         * bytecode/BytecodeLivenessAnalysis.cpp:
3133         (JSC::BytecodeLivenessAnalysis::dumpResults):
3134         * bytecode/CodeBlock.cpp:
3135         (JSC::CodeBlock::dumpBytecode):
3136         (JSC::CodeBlock::finishCreation):
3137         (JSC::CodeBlock::propagateTransitions):
3138         (JSC::CodeBlock::finalizeLLIntInlineCaches):
3139         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
3140         (JSC::CodeBlock::usesOpcode):
3141         (JSC::CodeBlock::valueProfileForBytecodeOffset):
3142         (JSC::CodeBlock::arithProfileForPC):
3143         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
3144         (JSC::idName): Deleted.
3145         (JSC::CodeBlock::registerName): Deleted.
3146         (JSC::CodeBlock::constantName): Deleted.
3147         (JSC::regexpToSourceString): Deleted.
3148         (JSC::regexpName): Deleted.
3149         (JSC::debugHookName): Deleted.
3150         (JSC::CodeBlock::printUnaryOp): Deleted.
3151         (JSC::CodeBlock::printBinaryOp): Deleted.
3152         (JSC::CodeBlock::printConditionalJump): Deleted.
3153         (JSC::CodeBlock::printGetByIdOp): Deleted.
3154         (JSC::dumpStructure): Deleted.
3155         (JSC::dumpChain): Deleted.
3156         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
3157         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
3158         (JSC::CodeBlock::printCallOp): Deleted.
3159         (JSC::CodeBlock::printPutByIdOp): Deleted.
3160         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
3161         (JSC::CodeBlock::beginDumpProfiling): Deleted.
3162         (JSC::CodeBlock::dumpValueProfiling): Deleted.
3163         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
3164         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
3165         (JSC::CodeBlock::dumpArithProfile): Deleted.
3166         (JSC::CodeBlock::printLocationAndOp): Deleted.
3167         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
3168         * bytecode/CodeBlock.h:
3169         (JSC::CodeBlock::constantRegisters):
3170         (JSC::CodeBlock::numberOfRegExps):
3171         (JSC::CodeBlock::bitVectors):
3172         (JSC::CodeBlock::bitVector):
3173         * bytecode/HandlerInfo.h:
3174         (JSC::HandlerInfoBase::typeName):
3175         * bytecode/UnlinkedCodeBlock.cpp:
3176         (JSC::UnlinkedCodeBlock::dump):
3177         * bytecode/UnlinkedCodeBlock.h:
3178         (JSC::UnlinkedCodeBlock::getConstant):
3179         * bytecode/UnlinkedInstructionStream.cpp:
3180         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
3181         * bytecode/UnlinkedInstructionStream.h:
3182         (JSC::UnlinkedInstructionStream::Reader::next):
3183         * runtime/Options.h:
3184
3185 2017-02-28  Mark Lam  <mark.lam@apple.com>
3186
3187         Change JSLock to stash PlatformThread instead of std::thread::id.
3188         https://bugs.webkit.org/show_bug.cgi?id=168996
3189
3190         Reviewed by Filip Pizlo.
3191
3192         PlatformThread is more useful because it allows us to:
3193         1. find the MachineThreads::Thread which is associated with it.
3194         2. suspend / resume threads.
3195         3. send a signal to a thread.
3196
3197         We can't do those with std::thread::id.  We will need one or more of these
3198         capabilities to implement non-polling VM traps later.
3199
3200         * JavaScriptCore.xcodeproj/project.pbxproj:
3201         * heap/MachineStackMarker.cpp:
3202         (JSC::MachineThreads::Thread::createForCurrentThread):
3203         (JSC::MachineThreads::machineThreadForCurrentThread):
3204         (JSC::MachineThreads::removeThread):
3205         (JSC::MachineThreads::Thread::suspend):
3206         (JSC::MachineThreads::tryCopyOtherThreadStacks):
3207         (JSC::getCurrentPlatformThread): Deleted.
3208         * heap/MachineStackMarker.h:
3209         * runtime/JSCellInlines.h:
3210         (JSC::JSCell::classInfo):
3211         * runtime/JSLock.cpp:
3212         (JSC::JSLock::lock):
3213         (JSC::JSLock::unlock):
3214         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
3215         * runtime/JSLock.h:
3216         (JSC::JSLock::ownerThread):
3217         (JSC::JSLock::currentThreadIsHoldingLock):
3218         * runtime/PlatformThread.h: Added.
3219         (JSC::currentPlatformThread):
3220         * runtime/VM.cpp:
3221         (JSC::VM::~VM):
3222         * runtime/VM.h:
3223         (JSC::VM::ownerThread):
3224         * runtime/Watchdog.cpp:
3225         (JSC::Watchdog::setTimeLimit):
3226         (JSC::Watchdog::shouldTerminate):
3227         (JSC::Watchdog::startTimer):
3228         (JSC::Watchdog::stopTimer):
3229         * tools/JSDollarVMPrototype.cpp:
3230         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
3231         * tools/VMInspector.cpp:
3232
3233 2017-02-28  Mark Lam  <mark.lam@apple.com>
3234
3235         Enable the SigillCrashAnalyzer by default for iOS.
3236         https://bugs.webkit.org/show_bug.cgi?id=168989
3237
3238         Reviewed by Keith Miller.
3239
3240         * runtime/Options.cpp:
3241         (JSC::overrideDefaults):
3242
3243 2017-02-28  Mark Lam  <mark.lam@apple.com>
3244
3245         Remove setExclusiveThread() and peers from the JSLock.
3246         https://bugs.webkit.org/show_bug.cgi?id=168977
3247
3248         Reviewed by Filip Pizlo.
3249
3250         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
3251         Speedometer, we see that removal of exclusive thread status has no measurable
3252         impact on performance.  So, let's remove the code for handling exclusive thread
3253         status, and simplify the JSLock code.
3254
3255         For the records, exclusive thread status does improve JSLock locking/unlocking
3256         time by up to 20%.  However, this difference is not measurable in the way WebCore
3257         uses the JSLock as confirmed by Speedometer.
3258
3259         Also applied a minor optimization in JSLock::lock() to assume the initial lock
3260         entry case (as opposed to the re-entry case).  This appears to shows a small
3261         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
3262         time in a micro-benchmark.
3263
3264         * heap/Heap.cpp:
3265         (JSC::Heap::Heap):
3266         * heap/MachineStackMarker.cpp:
3267         (JSC::MachineThreads::MachineThreads):
3268         (JSC::MachineThreads::addCurrentThread):
3269         * heap/MachineStackMarker.h:
3270         * runtime/JSLock.cpp:
3271         (JSC::JSLock::JSLock):
3272         (JSC::JSLock::lock):
3273         (JSC::JSLock::unlock):
3274         (JSC::JSLock::currentThreadIsHoldingLock):
3275         (JSC::JSLock::dropAllLocks):
3276         (JSC::JSLock::grabAllLocks):
3277         (JSC::JSLock::setExclusiveThread): Deleted.
3278         * runtime/JSLock.h:
3279         (JSC::JSLock::ownerThread):
3280         (JSC::JSLock::hasExclusiveThread): Deleted.
3281         (JSC::JSLock::exclusiveThread): Deleted.
3282         * runtime/VM.h:
3283         (JSC::VM::hasExclusiveThread): Deleted.
3284         (JSC::VM::exclusiveThread): Deleted.
3285         (JSC::VM::setExclusiveThread): Deleted.
3286
3287 2017-02-28  Saam Barati  <sbarati@apple.com>
3288
3289         Arm64 disassembler prints "ars" instead of "asr"
3290         https://bugs.webkit.org/show_bug.cgi?id=168923
3291
3292         Rubber stamped by Michael Saboff.
3293
3294         * disassembler/ARM64/A64DOpcode.cpp:
3295         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
3296
3297 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
3298
3299         Use of arguments in arrow function is slow
3300         https://bugs.webkit.org/show_bug.cgi?id=168829
3301
3302         Reviewed by Saam Barati.
3303
3304         Current patch improves performance access to arguments within arrow functuion
3305         by preventing create arguments variable within arrow function, also allow to cache 
3306         arguments variable. Before arguments variable always have Dynamic resolve type, after 
3307         patch it can be ClosureVar, that increase performance of access to arguments variable
3308         in 9 times inside of the arrow function. 
3309
3310         * bytecompiler/BytecodeGenerator.cpp:
3311         (JSC::BytecodeGenerator::BytecodeGenerator):
3312         * runtime/JSScope.cpp:
3313         (JSC::abstractAccess):
3314
3315 2017-02-28  Michael Saboff  <msaboff@apple.com>
3316
3317         Add ability to configure JSC options from a file
3318         https://bugs.webkit.org/show_bug.cgi?id=168914
3319
3320         Reviewed by Filip Pizlo.
3321
3322         Added the ability to set options and DataLog file location via a configuration file.
3323         The configuration file is specified with the --configFile option to JSC or the
3324         JSC_configFile environment variable.
3325
3326         The file format allows for options conditionally dependent on various attributes.
3327         Currently those attributes are the process name, parent process name and build
3328         type (Release or Debug).  In this patch, the parent process type is not set.
3329         That will be set up in WebKit code with a follow up patch.
3330
3331         Here is an example config file:
3332
3333             logFile = "/tmp/jscLog.%pid.txt"
3334
3335             jscOptions {
3336                 dumpOptions = 2
3337             }
3338
3339             build == "Debug" {
3340                 jscOptions {
3341                     useConcurrentJIT = false
3342                     dumpDisassembly = true
3343                 }
3344             }
3345
3346             build == "Release" && processName == "jsc" {
3347                 jscOptions {
3348                     asyncDisassembly = true
3349                 }
3350             }
3351
3352         Eliminated the prior options file code.
3353
3354         * CMakeLists.txt:
3355         * JavaScriptCore.xcodeproj/project.pbxproj:
3356         * jsc.cpp:
3357         (jscmain):
3358         * runtime/ConfigFile.cpp: Added.
3359         (JSC::ConfigFileScanner::ConfigFileScanner):
3360         (JSC::ConfigFileScanner::start):
3361         (JSC::ConfigFileScanner::lineNumber):
3362         (JSC::ConfigFileScanner::currentBuffer):
3363         (JSC::ConfigFileScanner::atFileEnd):
3364         (JSC::ConfigFileScanner::tryConsume):
3365         (JSC::ConfigFileScanner::tryConsumeString):