[Streams API] streams should not directly use Number and related methods
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2
3         [Streams API] streams should not directly use Number and related methods
4         https://bugs.webkit.org/show_bug.cgi?id=151499
5
6         Reviewed by Darin Adler.
7
8         * runtime/CommonIdentifiers.h: Adding isNaN as private symbol.
9         * runtime/JSGlobalObject.cpp:
10         (JSC::JSGlobalObject::init): Adding @isNaN function.
11
12 2015-12-01  Csaba Osztrogonác  <ossy@webkit.org>
13
14         Don't hide the argument name inside for block in AirIteratedRegisterCoalescing.cpp
15         https://bugs.webkit.org/show_bug.cgi?id=151622
16
17         Reviewed by Darin Adler.
18
19         * b3/air/AirIteratedRegisterCoalescing.cpp:
20         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
21
22 2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>
23
24         [Streams API] Remove use of @catch for exposed promises
25         https://bugs.webkit.org/show_bug.cgi?id=151625
26
27         Reviewed by Darin Adler.
28
29         * runtime/JSPromisePrototype.cpp:
30         (JSC::JSPromisePrototype::addOwnInternalSlots): Removing @catch from the prototype as it is not safe.
31
32 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
33
34         B3::ValueRep::Any should translate into a Arg::ColdUse role in Air
35         https://bugs.webkit.org/show_bug.cgi?id=151174
36
37         Reviewed by Geoffrey Garen and Benjamin Poulain.
38
39         This teaches the register allocator that it should pick spills based on whichever tmp has the
40         highest score:
41
42             score(tmp) = degree(tmp) / sum(for each use of tmp, block->frequency)
43
44         In other words, the numerator is the number of edges in the inteference graph and the denominator
45         is an estimate of the dynamic number of uses.
46
47         This also extends Arg::Role to know that there is such a thing as ColdUse, i.e. a Use that
48         doesn't count as such for the above formula. Because LateUse is always used in contexts where we
49         want it to be Cold, I've defined LateUse to imply ColdUse.
50
51         This gets rid of all spilling inside the hot loop in Kraken/imaging-gaussian-blur. But more
52         importantly, it makes our register allocator use a well-known heuristic based on reusable
53         building blocks like the new Air::UseCounts. Even if the heuristic is slightly wrong, the right
54         heuristic probably uses the same building blocks.
55
56         * JavaScriptCore.xcodeproj/project.pbxproj:
57         * b3/B3StackmapSpecial.cpp:
58         (JSC::B3::StackmapSpecial::forEachArgImpl):
59         * b3/B3ValueRep.h:
60         * b3/air/AirArg.cpp:
61         (WTF::printInternal):
62         * b3/air/AirArg.h:
63         (JSC::B3::Air::Arg::isAnyUse):
64         (JSC::B3::Air::Arg::isColdUse):
65         (JSC::B3::Air::Arg::isWarmUse):
66         (JSC::B3::Air::Arg::isEarlyUse):
67         (JSC::B3::Air::Arg::isDef):
68         * b3/air/AirIteratedRegisterCoalescing.cpp:
69         (JSC::B3::Air::iteratedRegisterCoalescing):
70         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::IteratedRegisterCoalescingAllocator): Deleted.
71         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocatedReg): Deleted.
72         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::tmpArraySize): Deleted.
73         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees): Deleted.
74         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build): Deleted.
75         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::selectSpill): Deleted.
76         (JSC::B3::Air::isUselessMoveInst): Deleted.
77         (JSC::B3::Air::assignRegisterToTmpInProgram): Deleted.
78         (JSC::B3::Air::addSpillAndFillToProgram): Deleted.
79         (JSC::B3::Air::iteratedRegisterCoalescingOnType): Deleted.
80         * b3/air/AirLiveness.h:
81         * b3/air/AirSpillEverything.cpp:
82         (JSC::B3::Air::spillEverything):
83         * b3/air/AirUseCounts.h: Added.
84         (JSC::B3::Air::UseCounts::Counts::dump):
85         (JSC::B3::Air::UseCounts::UseCounts):
86         (JSC::B3::Air::UseCounts::operator[]):
87         (JSC::B3::Air::UseCounts::dump):
88         * runtime/Options.h:
89
90 2015-11-30  Csaba Osztrogonác  <ossy@webkit.org>
91
92         Fix the !ENABLE(DFG_JIT) build after r192699
93         https://bugs.webkit.org/show_bug.cgi?id=151616
94
95         Reviewed by Darin Adler.
96
97         * assembler/MacroAssembler.h:
98
99 2015-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
100
101         Object::{freeze, seal} perform preventExtensionsTransition twice
102         https://bugs.webkit.org/show_bug.cgi?id=151606
103
104         Reviewed by Darin Adler.
105
106         In Structure::{freezeTransition, sealTransition}, we perform preventExtensionsTransition.
107         So it is unnecessary to perform preventExtensionsTransition before executing Structure::{freezeTransition, sealTransition}.
108
109         * runtime/JSObject.cpp:
110         (JSC::JSObject::seal):
111         (JSC::JSObject::freeze):
112         (JSC::JSObject::preventExtensions):
113         * tests/stress/freeze-and-seal-should-prevent-extensions.js: Added.
114         (shouldBe):
115         (shouldThrow):
116
117 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
118
119         [JSC] Add Sqrt to B3
120         https://bugs.webkit.org/show_bug.cgi?id=151692
121
122         Reviewed by Geoffrey Garen.
123
124         * assembler/MacroAssemblerX86Common.h:
125         (JSC::MacroAssemblerX86Common::sqrtDouble):
126         * assembler/X86Assembler.h:
127         (JSC::X86Assembler::sqrtsd_mr):
128         * b3/B3LowerToAir.cpp:
129         (JSC::B3::Air::LowerToAir::lower):
130         * b3/B3Opcode.cpp:
131         (WTF::printInternal):
132         * b3/B3Opcode.h:
133         * b3/B3Validate.cpp:
134         * b3/B3Value.cpp:
135         (JSC::B3::Value::effects):
136         (JSC::B3::Value::key):
137         (JSC::B3::Value::typeFor):
138         * b3/air/AirOpcode.opcodes:
139         * b3/testb3.cpp:
140         (JSC::B3::testSqrtArg):
141         (JSC::B3::testSqrtImm):
142         (JSC::B3::testSqrtMem):
143         (JSC::B3::run):
144         * ftl/FTLB3Output.h:
145         (JSC::FTL::Output::doubleSqrt):
146
147 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
148
149         FTL lazy slow paths should work with B3
150         https://bugs.webkit.org/show_bug.cgi?id=151667
151
152         Reviewed by Geoffrey Garen.
153
154         This adds all of the glue necessary to make FTL::LazySlowPath work with B3. The B3 approach
155         allows us to put all of the code in FTL::LowerDFGToLLVM, instead of having supporting data
156         structures on the side and a bunch of complex code in FTLCompile.cpp.
157
158         * b3/B3CheckSpecial.cpp:
159         (JSC::B3::CheckSpecial::generate):
160         * b3/B3LowerToAir.cpp:
161         (JSC::B3::Air::LowerToAir::run):
162         * b3/B3PatchpointSpecial.cpp:
163         (JSC::B3::PatchpointSpecial::generate):
164         * b3/B3StackmapValue.h:
165         * ftl/FTLJSTailCall.cpp:
166         (JSC::FTL::DFG::recoveryFor):
167         (JSC::FTL::JSTailCall::emit):
168         * ftl/FTLLazySlowPath.cpp:
169         (JSC::FTL::LazySlowPath::LazySlowPath):
170         (JSC::FTL::LazySlowPath::generate):
171         * ftl/FTLLazySlowPath.h:
172         (JSC::FTL::LazySlowPath::createGenerator):
173         (JSC::FTL::LazySlowPath::patchableJump):
174         (JSC::FTL::LazySlowPath::done):
175         (JSC::FTL::LazySlowPath::patchpoint):
176         (JSC::FTL::LazySlowPath::usedRegisters):
177         (JSC::FTL::LazySlowPath::callSiteIndex):
178         (JSC::FTL::LazySlowPath::stub):
179         * ftl/FTLLocation.cpp:
180         (JSC::FTL::Location::forValueRep):
181         (JSC::FTL::Location::forStackmaps):
182         (JSC::FTL::Location::dump):
183         (JSC::FTL::Location::isGPR):
184         (JSC::FTL::Location::gpr):
185         (JSC::FTL::Location::isFPR):
186         (JSC::FTL::Location::fpr):
187         (JSC::FTL::Location::restoreInto):
188         * ftl/FTLLocation.h:
189         (JSC::FTL::Location::Location):
190         (JSC::FTL::Location::forRegister):
191         (JSC::FTL::Location::forIndirect):
192         (JSC::FTL::Location::forConstant):
193         (JSC::FTL::Location::kind):
194         (JSC::FTL::Location::hasReg):
195         (JSC::FTL::Location::reg):
196         (JSC::FTL::Location::hasOffset):
197         (JSC::FTL::Location::offset):
198         (JSC::FTL::Location::hash):
199         (JSC::FTL::Location::hasDwarfRegNum): Deleted.
200         (JSC::FTL::Location::dwarfRegNum): Deleted.
201         (JSC::FTL::Location::hasDwarfReg): Deleted.
202         (JSC::FTL::Location::dwarfReg): Deleted.
203         * ftl/FTLLowerDFGToLLVM.cpp:
204         (JSC::FTL::DFG::LowerDFGToLLVM::LowerDFGToLLVM):
205         (JSC::FTL::DFG::LowerDFGToLLVM::lazySlowPath):
206         * jit/RegisterSet.cpp:
207         (JSC::RegisterSet::stubUnavailableRegisters):
208         (JSC::RegisterSet::macroScratchRegisters):
209         (JSC::RegisterSet::calleeSaveRegisters):
210         * jit/RegisterSet.h:
211
212 2015-11-30  Geoffrey Garen  <ggaren@apple.com>
213
214         Use a better RNG for Math.random()
215         https://bugs.webkit.org/show_bug.cgi?id=151641
216
217         Reviewed by Anders Carlsson.
218
219         Updated for interface change.
220
221         * runtime/JSGlobalObject.cpp:
222         (JSC::JSGlobalObject::setInputCursor):
223
224 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
225
226         [JSC] Speed up Air Liveness Analysis on Tmps
227         https://bugs.webkit.org/show_bug.cgi?id=151556
228
229         Reviewed by Filip Pizlo.
230
231         Liveness Analysis scales poorly on large graphs like the ones
232         generated by testComplex().
233         This patch introduces a faster of Liveness using the continuous indices
234         of values instead of the values themselves.
235
236         There are two main areas of improvements:
237         1) Reduce the cost of doing a LocalCalc over a BasicBlock.
238         2) Reduce how many LocalCalc are needed to converge to a solution.
239
240         Most of the costs of LocalCalc are from HashSet manipulations.
241         The HashSet operations are O(1) but the constant is large enough
242         to be a problem.
243
244         I used a similar trick as the Register Allocator to remove hashing
245         and collision handling: the absolute value of the Tmp is used as an index
246         into a flat array.
247
248         I used Briggs's Sparse Set implementation for the local live information
249         at each instruction. It has great properties for doing the local calculation:
250         -No memory reallocation.
251         -O(1) add() and remove() with a small constant.
252         -Strict O(n) iteration.
253         -O(1) clear().
254
255         The values Live-At-Head are now stored into a Vector. The Sparse Set
256         is used to maintain the Tmp uniqueness.
257
258         When forwarding new liveness at head to the predecessor, I start by removing
259         everything that was already in live-at-head. We can assume that any value
260         in that list has already been added to the predecessors.
261         This leaves us with a small-ish number of Tmps to add to live-at-head
262         and to the predecessors.
263
264         The speed up convergence, I used the same trick as DFG's liveness: keep
265         a set of dirty blocks to process. In practice, all the blocks without
266         back-edges converge quickly, and we only propagate liveness as needed.
267
268         This patch reduces the time taken by "testComplex(64, 384)" by another 5%.
269
270         The remaining things to do for Liveness are:
271         -Skip the first block for the fix point (it is often large and doing a local
272          calc on it is useless).
273         -Find a better Data Structure for live-at-tail (updating the HashSet takes
274          > 50% of the total convergence time).
275
276         * JavaScriptCore.xcodeproj/project.pbxproj:
277         * b3/air/AirIteratedRegisterCoalescing.cpp:
278         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build):
279         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::getAlias):
280         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::getAliasWhenSpilling):
281         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocatedReg):
282         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::tmpArraySize):
283         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees):
284         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
285         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdge):
286         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::makeWorkList):
287         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::simplify):
288         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::forEachAdjacent):
289         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::hasBeenSimplified):
290         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::decrementDegree):
291         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::forEachNodeMoves):
292         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::isMoveRelated):
293         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::enableMovesOnValue):
294         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::precoloredCoalescingHeuristic):
295         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::conservativeHeuristic):
296         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addWorkList):
297         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::combine):
298         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::freezeMoves):
299         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::selectSpill):
300         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::assignColors):
301         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::dumpInterferenceGraphInDot):
302         (JSC::B3::Air::iteratedRegisterCoalescingOnType):
303         (JSC::B3::Air::iteratedRegisterCoalescing):
304         (JSC::B3::Air::AbsoluteTmpHelper<Arg::GP>::absoluteIndex): Deleted.
305         (JSC::B3::Air::AbsoluteTmpHelper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
306         (JSC::B3::Air::AbsoluteTmpHelper<Arg::FP>::absoluteIndex): Deleted.
307         (JSC::B3::Air::AbsoluteTmpHelper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
308         * b3/air/AirReportUsedRegisters.cpp:
309         (JSC::B3::Air::reportUsedRegisters):
310         * b3/air/AirTmpInlines.h:
311         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex):
312         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex):
313         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex):
314         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex):
315         * b3/air/AirLiveness.h: Added.
316
317 2015-11-30  Saam barati  <sbarati@apple.com>
318
319         FTL OSR Exits that are exception handlers should not have two different entrances. Instead, we should have two discrete OSR exits that do different things.
320         https://bugs.webkit.org/show_bug.cgi?id=151404
321
322         Reviewed by Filip Pizlo.
323
324         * ftl/FTLCompile.cpp:
325         (JSC::FTL::mmAllocateDataSection):
326         * ftl/FTLExceptionHandlerManager.cpp:
327         (JSC::FTL::ExceptionHandlerManager::addNewExit):
328         (JSC::FTL::ExceptionHandlerManager::addNewCallOperationExit):
329         (JSC::FTL::ExceptionHandlerManager::callOperationExceptionTarget):
330         (JSC::FTL::ExceptionHandlerManager::lazySlowPathExceptionTarget):
331         (JSC::FTL::ExceptionHandlerManager::callOperationOSRExit):
332         (JSC::FTL::ExceptionHandlerManager::getByIdOSRExit): Deleted.
333         (JSC::FTL::ExceptionHandlerManager::subOSRExit): Deleted.
334         * ftl/FTLExceptionHandlerManager.h:
335         * ftl/FTLExitThunkGenerator.cpp:
336         (JSC::FTL::ExitThunkGenerator::emitThunk):
337         * ftl/FTLOSRExit.cpp:
338         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
339         (JSC::FTL::OSRExitDescriptor::isExceptionHandler):
340         (JSC::FTL::OSRExit::OSRExit):
341         (JSC::FTL::OSRExit::spillRegistersToSpillSlot):
342         (JSC::FTL::OSRExit::recoverRegistersFromSpillSlot):
343         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
344         (JSC::FTL::OSRExit::willArriveAtOSRExitFromGenericUnwind):
345         (JSC::FTL::OSRExit::willArriveAtOSRExitFromCallOperation):
346         (JSC::FTL::OSRExit::needsRegisterRecoveryOnGenericUnwindOSRExitPath):
347         (JSC::FTL::OSRExitDescriptor::willArriveAtExitFromIndirectExceptionCheck): Deleted.
348         (JSC::FTL::OSRExitDescriptor::mightArriveAtOSRExitFromGenericUnwind): Deleted.
349         (JSC::FTL::OSRExitDescriptor::mightArriveAtOSRExitFromCallOperation): Deleted.
350         (JSC::FTL::OSRExitDescriptor::needsRegisterRecoveryOnGenericUnwindOSRExitPath): Deleted.
351         * ftl/FTLOSRExit.h:
352         * ftl/FTLOSRExitCompilationInfo.h:
353         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
354         * ftl/FTLOSRExitCompiler.cpp:
355         (JSC::FTL::compileFTLOSRExit):
356
357 2015-11-30  Mark Lam  <mark.lam@apple.com>
358
359         Refactor the op_add, op_sub, and op_mul snippets to use the SnippetOperand class.
360         https://bugs.webkit.org/show_bug.cgi?id=151678
361
362         Reviewed by Geoffrey Garen.
363
364         * dfg/DFGSpeculativeJIT.cpp:
365         (JSC::DFG::SpeculativeJIT::compileValueAdd):
366         (JSC::DFG::SpeculativeJIT::compileArithSub):
367         * ftl/FTLCompile.cpp:
368         * jit/JITAddGenerator.cpp:
369         (JSC::JITAddGenerator::generateFastPath):
370         * jit/JITAddGenerator.h:
371         (JSC::JITAddGenerator::JITAddGenerator):
372         * jit/JITArithmetic.cpp:
373         (JSC::JIT::emit_op_add):
374         (JSC::JIT::emit_op_mul):
375         (JSC::JIT::emit_op_sub):
376         * jit/JITMulGenerator.cpp:
377         (JSC::JITMulGenerator::generateFastPath):
378         * jit/JITMulGenerator.h:
379         (JSC::JITMulGenerator::JITMulGenerator):
380         * jit/JITSubGenerator.cpp:
381         (JSC::JITSubGenerator::generateFastPath):
382         * jit/JITSubGenerator.h:
383         (JSC::JITSubGenerator::JITSubGenerator):
384         * jit/SnippetOperand.h:
385         (JSC::SnippetOperand::isPositiveConstInt32):
386
387 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
388
389         B3 stackmaps should support early clobber
390         https://bugs.webkit.org/show_bug.cgi?id=151668
391
392         Reviewed by Geoffrey Garen.
393
394         While starting work on FTL lazy slow paths, I realized that we needed some way to say that r11 is
395         off limits. Not just that it's clobbered, but that it cannot be used for any input values to a
396         stackmap.
397
398         In LLVM we do this by having the AnyRegCC forbid r11.
399
400         In B3, we want something more flexible. In this and other cases, what we really want is an early
401         clobber set. B3 already supported a late clobber set for every stackmap value. Late clobber means
402         that the act of performing the operation will cause garbage to be written into those registers.
403         But here we want: assume that garbage magically appears in those registers in the moment before
404         the operation executes. Any registers in that set will be off-limits to the inputs to the
405         stackmap. This should be great for other things, like the way the we handle exceptions.
406
407         For the simple r11 issue, what we want is to call the StackmapValue::clobber() method, which now
408         means both early and late clobber. It's the weapon of choice whenever you're unsure.
409
410         This adds the early clobber feature, does some minor Inst refactoring to make this less scary,
411         and adds a test. The test is simple but it's very comprehensive - for example it tests the
412         early-clobber-after-Move special case.
413
414         * b3/B3StackmapSpecial.cpp:
415         (JSC::B3::StackmapSpecial::extraClobberedRegs):
416         (JSC::B3::StackmapSpecial::extraEarlyClobberedRegs):
417         (JSC::B3::StackmapSpecial::forEachArgImpl):
418         * b3/B3StackmapSpecial.h:
419         * b3/B3StackmapValue.cpp:
420         (JSC::B3::StackmapValue::dumpMeta):
421         (JSC::B3::StackmapValue::StackmapValue):
422         * b3/B3StackmapValue.h:
423         * b3/air/AirCCallSpecial.cpp:
424         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
425         (JSC::B3::Air::CCallSpecial::extraEarlyClobberedRegs):
426         (JSC::B3::Air::CCallSpecial::dumpImpl):
427         * b3/air/AirCCallSpecial.h:
428         * b3/air/AirInst.h:
429         * b3/air/AirInstInlines.h:
430         (JSC::B3::Air::Inst::extraClobberedRegs):
431         (JSC::B3::Air::Inst::extraEarlyClobberedRegs):
432         (JSC::B3::Air::Inst::forEachTmpWithExtraClobberedRegs):
433         (JSC::B3::Air::Inst::reportUsedRegisters):
434         (JSC::B3::Air::Inst::forEachDefAndExtraClobberedTmp): Deleted.
435         * b3/air/AirIteratedRegisterCoalescing.cpp:
436         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::IteratedRegisterCoalescingAllocator):
437         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build):
438         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocate):
439         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees):
440         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
441         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdge):
442         (JSC::B3::Air::iteratedRegisterCoalescingOnType):
443         (JSC::B3::Air::iteratedRegisterCoalescing):
444         * b3/air/AirSpecial.h:
445         * b3/air/AirSpillEverything.cpp:
446         (JSC::B3::Air::spillEverything):
447         * b3/testb3.cpp:
448         (JSC::B3::testSimplePatchpointWithoutOuputClobbersGPArgs):
449         (JSC::B3::testSimplePatchpointWithOuputClobbersGPArgs):
450         (JSC::B3::testSimplePatchpointWithoutOuputClobbersFPArgs):
451         (JSC::B3::testSimplePatchpointWithOuputClobbersFPArgs):
452         (JSC::B3::testPatchpointWithEarlyClobber):
453         (JSC::B3::testPatchpointCallArg):
454         (JSC::B3::run):
455         * dfg/DFGCommon.h:
456
457 2015-11-30  Mark Lam  <mark.lam@apple.com>
458
459         Snippefy op_div for the baseline JIT.
460         https://bugs.webkit.org/show_bug.cgi?id=151607
461
462         Reviewed by Geoffrey Garen.
463
464         * CMakeLists.txt:
465         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
466         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
467         * JavaScriptCore.xcodeproj/project.pbxproj:
468
469         * jit/JIT.h:
470         * jit/JITArithmetic.cpp:
471         (JSC::JIT::emit_op_div):
472         (JSC::JIT::emitSlow_op_div):
473         (JSC::JIT::compileBinaryArithOpSlowCase): Deleted.
474
475         * jit/JITArithmetic32_64.cpp:
476         (JSC::JIT::emitBinaryDoubleOp):
477         (JSC::JIT::emit_op_div): Deleted.
478         (JSC::JIT::emitSlow_op_div): Deleted.
479         - Removed the 32-bit specific op_div implementation.  The 64-bit version with the
480           op_div snippet can now service both 32-bit and 64-bit.
481  
482         * jit/JITDivGenerator.cpp: Added.
483         (JSC::JITDivGenerator::loadOperand):
484         (JSC::JITDivGenerator::generateFastPath):
485         * jit/JITDivGenerator.h: Added.
486         (JSC::JITDivGenerator::JITDivGenerator):
487         (JSC::JITDivGenerator::didEmitFastPath):
488         (JSC::JITDivGenerator::endJumpList):
489         (JSC::JITDivGenerator::slowPathJumpList):
490  
491         * jit/JITInlines.h:
492         (JSC::JIT::getOperandConstantDouble): Added.
493  
494         * jit/SnippetOperand.h: Added.
495         (JSC::SnippetOperand::SnippetOperand):
496         (JSC::SnippetOperand::mightBeNumber):
497         (JSC::SnippetOperand::definitelyIsNumber):
498         (JSC::SnippetOperand::isConst):
499         (JSC::SnippetOperand::isConstInt32):
500         (JSC::SnippetOperand::isConstDouble):
501         (JSC::SnippetOperand::asRawBits):
502         (JSC::SnippetOperand::asConstInt32):
503         (JSC::SnippetOperand::asConstDouble):
504         (JSC::SnippetOperand::setConstInt32):
505         (JSC::SnippetOperand::setConstDouble):
506         - The SnippetOperand encapsulates operand constness, const type, and profiling
507           information.  As a result:
508           1. The argument list to the JITDivGenerator constructor is now more concise.
509           2. The logic of the JITDivGenerator is now less verbose and easier to express.
510
511         * parser/ResultType.h:
512         (JSC::ResultType::isInt32):
513         (JSC::ResultType::definitelyIsNumber):
514         (JSC::ResultType::definitelyIsString):
515         (JSC::ResultType::definitelyIsBoolean):
516         (JSC::ResultType::mightBeNumber):
517         (JSC::ResultType::isNotNumber):
518         - Made these functions const because they were always meant to be const.
519           This also allows me to enforce constness in the SnippetOperand.
520
521 2015-11-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
522
523         Fix coding style of Intl code
524         https://bugs.webkit.org/show_bug.cgi?id=151491
525
526         Reviewed by Darin Adler.
527
528         This patch does three things:
529         1. Rename pointers and references to ExecState from "exec" to "state".
530         2. Pass parameters by references instead of pointers if the parameters
531            are required.
532         3. Remove the word "get" from the names of functions that don't return
533            values through out arguments.
534
535         * runtime/IntlCollator.cpp:
536         (JSC::IntlCollatorFuncCompare):
537         * runtime/IntlCollatorConstructor.cpp:
538         (JSC::initializeCollator):
539         (JSC::constructIntlCollator):
540         (JSC::callIntlCollator):
541         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
542         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
543         * runtime/IntlDateTimeFormat.cpp:
544         (JSC::IntlDateTimeFormatFuncFormatDateTime):
545         * runtime/IntlDateTimeFormatConstructor.cpp:
546         (JSC::constructIntlDateTimeFormat):
547         (JSC::callIntlDateTimeFormat):
548         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
549         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
550         * runtime/IntlDateTimeFormatPrototype.cpp:
551         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
552         (JSC::IntlDateTimeFormatPrototypeGetterFormat):
553         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
554         * runtime/IntlNumberFormat.cpp:
555         (JSC::IntlNumberFormatFuncFormatNumber):
556         * runtime/IntlNumberFormatConstructor.cpp:
557         (JSC::constructIntlNumberFormat):
558         (JSC::callIntlNumberFormat):
559         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
560         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
561         * runtime/IntlNumberFormatPrototype.cpp:
562         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
563         (JSC::IntlNumberFormatPrototypeGetterFormat):
564         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
565         * runtime/IntlObject.cpp:
566         (JSC::intlBooleanOption):
567         (JSC::intlStringOption):
568         (JSC::privateUseLangTag):
569         (JSC::canonicalLangTag):
570         (JSC::grandfatheredLangTag):
571         (JSC::canonicalizeLanguageTag):
572         (JSC::canonicalizeLocaleList):
573         (JSC::lookupSupportedLocales):
574         (JSC::bestFitSupportedLocales):
575         (JSC::supportedLocales):
576         (JSC::getIntlBooleanOption): Deleted.
577         (JSC::getIntlStringOption): Deleted.
578         (JSC::getPrivateUseLangTag): Deleted.
579         (JSC::getCanonicalLangTag): Deleted.
580         (JSC::getGrandfatheredLangTag): Deleted.
581         * runtime/IntlObject.h:
582
583 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
584
585         [JSC] Simplify the loop that remove useless Air instructions
586         https://bugs.webkit.org/show_bug.cgi?id=151652
587
588         Reviewed by Andreas Kling.
589
590         * b3/air/AirEliminateDeadCode.cpp:
591         (JSC::B3::Air::eliminateDeadCode):
592         Use Vector's removeAllMatching() instead of custom code.
593
594         It is likely faster too since we remove few values and Vector
595         is good at doing that.
596
597 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
598
599         B3 should be be clever about choosing which child to reuse for result in two-operand commutative operations
600         https://bugs.webkit.org/show_bug.cgi?id=151321
601
602         Reviewed by Geoffrey Garen.
603
604         When lowering a commutative operation to a two-operand instruction, you have a choice of which
605         child value to move into the result tmp. For example we might have:
606
607             @x = Add(@y, @z)
608
609         Assuming no three-operand add is available, we could either lower it to this:
610
611             Move %y, %x
612             Add %z, %x
613
614         or to this:
615
616             Move %z, %x
617             Add %y, %x
618
619         Which is better depends on the likelihood of coalescing with %x. If it's more likely that %y will
620         coalesce with %x, then we want to use the first form. Otherwise, we should use the second form.
621
622         This implements two heuristics for selecting the right form, and makes those heuristics reusable
623         within the B3->Air lowering by abstracting it as preferRightForResult(). For non-commutative
624         operations we must use the first form, so the first form is the default. The heuristics are:
625
626         - If the right child has only one user, then use the second form instead. This is profitable because
627           that means that @z dies at the Add, so using the second form means that the Move will be coalesced
628           away.
629
630         - If one of the children is a Phi that this operation (the Add in this case) flows into via some
631           Upsilon - possibly transitively through other Phis - then use the form that cases a Move on that
632           child. This overrides everything else, and is meant to optimize variables that accumulate in a
633           loop.
634
635         This required adding a reusable PhiChildren analysis, so I wrote one. It has an API that is mostly
636         based on iterators, and a higher-level API for looking at transitive children that is based on
637         functors.
638
639         I was originally implementing this for completeness, but when looking at how it interacted with
640         imaging-gaussian-blur, I realized the need for some heuristic for the loop-accumulator case. This
641         helps a lot on that benchmark. This widens the overall lead that B3 has on imaging-gaussian-blur, but
642         steady-state runs that exclude compile latency still show a slight deficit. That will most likely get
643         fixed by https://bugs.webkit.org/show_bug.cgi?id=151174.
644
645         No new tests because the commutativity appears to be covered by existing tests, and anyway, there are
646         no correctness implications to commuting a commutative operation.
647
648         * CMakeLists.txt:
649         * JavaScriptCore.xcodeproj/project.pbxproj:
650         * b3/B3LowerToAir.cpp:
651         (JSC::B3::Air::LowerToAir::LowerToAir):
652         (JSC::B3::Air::LowerToAir::canBeInternal):
653         (JSC::B3::Air::LowerToAir::appendUnOp):
654         (JSC::B3::Air::LowerToAir::preferRightForResult):
655         (JSC::B3::Air::LowerToAir::appendBinOp):
656         (JSC::B3::Air::LowerToAir::lower):
657         * b3/B3PhiChildren.cpp: Added.
658         (JSC::B3::PhiChildren::PhiChildren):
659         (JSC::B3::PhiChildren::~PhiChildren):
660         * b3/B3PhiChildren.h: Added.
661         (JSC::B3::PhiChildren::ValueCollection::ValueCollection):
662         (JSC::B3::PhiChildren::ValueCollection::size):
663         (JSC::B3::PhiChildren::ValueCollection::at):
664         (JSC::B3::PhiChildren::ValueCollection::operator[]):
665         (JSC::B3::PhiChildren::ValueCollection::contains):
666         (JSC::B3::PhiChildren::ValueCollection::iterator::iterator):
667         (JSC::B3::PhiChildren::ValueCollection::iterator::operator*):
668         (JSC::B3::PhiChildren::ValueCollection::iterator::operator++):
669         (JSC::B3::PhiChildren::ValueCollection::iterator::operator==):
670         (JSC::B3::PhiChildren::ValueCollection::iterator::operator!=):
671         (JSC::B3::PhiChildren::ValueCollection::begin):
672         (JSC::B3::PhiChildren::ValueCollection::end):
673         (JSC::B3::PhiChildren::UpsilonCollection::UpsilonCollection):
674         (JSC::B3::PhiChildren::UpsilonCollection::size):
675         (JSC::B3::PhiChildren::UpsilonCollection::at):
676         (JSC::B3::PhiChildren::UpsilonCollection::operator[]):
677         (JSC::B3::PhiChildren::UpsilonCollection::contains):
678         (JSC::B3::PhiChildren::UpsilonCollection::begin):
679         (JSC::B3::PhiChildren::UpsilonCollection::end):
680         (JSC::B3::PhiChildren::UpsilonCollection::values):
681         (JSC::B3::PhiChildren::UpsilonCollection::forAllTransitiveIncomingValues):
682         (JSC::B3::PhiChildren::UpsilonCollection::transitivelyUses):
683         (JSC::B3::PhiChildren::at):
684         (JSC::B3::PhiChildren::operator[]):
685         * b3/B3Procedure.cpp:
686         (JSC::B3::Procedure::Procedure):
687         * b3/B3Procedure.h:
688         * b3/B3UseCounts.cpp:
689         (JSC::B3::UseCounts::UseCounts):
690         * b3/B3UseCounts.h:
691         (JSC::B3::UseCounts::numUses):
692         (JSC::B3::UseCounts::numUsingInstructions):
693         (JSC::B3::UseCounts::operator[]): Deleted.
694
695 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
696
697         REGRESSION(r192812): This change seems to have broken the iOS builds (Requested by ryanhaddad on #webkit).
698         https://bugs.webkit.org/show_bug.cgi?id=151669
699
700         Unreviewed, fix build.
701
702         * dfg/DFGCommon.h:
703
704 2015-11-30  Saam barati  <sbarati@apple.com>
705
706         implement op_get_rest_length so that we can allocate the rest array with the right size from the start
707         https://bugs.webkit.org/show_bug.cgi?id=151467
708
709         Reviewed by Geoffrey Garen and Mark Lam.
710
711         This patch implements op_get_rest_length which returns the length
712         that the rest parameter array will be. We're implementing this because
713         it might be a constant value in the presence of inlining in the DFG.
714         We will take advantage of this optimization opportunity in a future patch:
715         https://bugs.webkit.org/show_bug.cgi?id=151454
716         to emit better code for op_copy_rest.
717
718         op_get_rest_length has two operands: 
719         1) a destination
720         2) A constant indicating the number of parameters to skip when copying the rest array.
721
722         op_get_rest_length lowers to a JSConstant node when we're inlined
723         and not a varargs call (in this case, we statically know the arguments
724         length). When that condition isn't met, we lower op_get_rest_length to 
725         GetRestArray. GetRestArray produces its result as an int32.
726
727         * bytecode/BytecodeList.json:
728         * bytecode/BytecodeUseDef.h:
729         (JSC::computeUsesForBytecodeOffset):
730         (JSC::computeDefsForBytecodeOffset):
731         * bytecode/CodeBlock.cpp:
732         (JSC::CodeBlock::dumpBytecode):
733         * bytecompiler/BytecodeGenerator.cpp:
734         (JSC::BytecodeGenerator::emitNewArray):
735         (JSC::BytecodeGenerator::emitNewArrayWithSize):
736         (JSC::BytecodeGenerator::emitNewFunction):
737         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
738         (JSC::BytecodeGenerator::emitRestParameter):
739         * bytecompiler/BytecodeGenerator.h:
740         * bytecompiler/NodesCodegen.cpp:
741         (JSC::RestParameterNode::emit):
742         * dfg/DFGAbstractInterpreterInlines.h:
743         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
744         * dfg/DFGByteCodeParser.cpp:
745         (JSC::DFG::ByteCodeParser::parseBlock):
746         * dfg/DFGCapabilities.cpp:
747         (JSC::DFG::capabilityLevel):
748         * dfg/DFGClobberize.h:
749         (JSC::DFG::clobberize):
750         * dfg/DFGDoesGC.cpp:
751         (JSC::DFG::doesGC):
752         * dfg/DFGFixupPhase.cpp:
753         (JSC::DFG::FixupPhase::fixupNode):
754         * dfg/DFGMayExit.cpp:
755         (JSC::DFG::mayExit):
756         * dfg/DFGNode.h:
757         (JSC::DFG::Node::numberOfArgumentsToSkip):
758         * dfg/DFGNodeType.h:
759         * dfg/DFGOperations.cpp:
760         * dfg/DFGOperations.h:
761         * dfg/DFGPredictionPropagationPhase.cpp:
762         (JSC::DFG::PredictionPropagationPhase::propagate):
763         * dfg/DFGSafeToExecute.h:
764         (JSC::DFG::safeToExecute):
765         * dfg/DFGSpeculativeJIT.cpp:
766         (JSC::DFG::SpeculativeJIT::compileCopyRest):
767         (JSC::DFG::SpeculativeJIT::compileGetRestLength):
768         (JSC::DFG::SpeculativeJIT::compileNotifyWrite):
769         * dfg/DFGSpeculativeJIT.h:
770         (JSC::DFG::SpeculativeJIT::callOperation):
771         * dfg/DFGSpeculativeJIT32_64.cpp:
772         (JSC::DFG::SpeculativeJIT::compile):
773         * dfg/DFGSpeculativeJIT64.cpp:
774         (JSC::DFG::SpeculativeJIT::compile):
775         * ftl/FTLCapabilities.cpp:
776         (JSC::FTL::canCompile):
777         * ftl/FTLLowerDFGToLLVM.cpp:
778         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
779         (JSC::FTL::DFG::LowerDFGToLLVM::compileCopyRest):
780         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetRestLength):
781         (JSC::FTL::DFG::LowerDFGToLLVM::compileNewObject):
782         * jit/JIT.cpp:
783         (JSC::JIT::privateCompileMainPass):
784         * jit/JIT.h:
785         * jit/JITOpcodes.cpp:
786         (JSC::JIT::emit_op_copy_rest):
787         (JSC::JIT::emit_op_get_rest_length):
788         * llint/LowLevelInterpreter.asm:
789         * llint/LowLevelInterpreter32_64.asm:
790         * llint/LowLevelInterpreter64.asm:
791         * runtime/CommonSlowPaths.cpp:
792         (JSC::SLOW_PATH_DECL):
793
794 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
795
796         MacroAssembler needs an API for disabling scratch registers
797         https://bugs.webkit.org/show_bug.cgi?id=151010
798
799         Reviewed by Saam Barati and Michael Saboff.
800
801         This adds two scope classes, DisallowMacroScratchRegisterUsage and
802         AllowMacroScratchRegisterUsage. The default is that the scratch registers are enabled. Air
803         disables them before generation.
804
805         Henceforth the pattern inside B3 stackmap generator callbacks will be that you can only use
806         AllowMacroScratchRegisterUsage if you've either supplied the scratch register as a clobbered
807         register and arranged for all of the stackmap values to be late uses, or you're writing a test
808         and you're OK with it being fragile with respect to scratch registers. The latter holds in most
809         of testb3.
810
811         * JavaScriptCore.xcodeproj/project.pbxproj:
812         * assembler/AbstractMacroAssembler.h:
813         (JSC::optimizeForX86):
814         (JSC::AbstractMacroAssembler::setTempRegisterValid):
815         * assembler/AllowMacroScratchRegisterUsage.h: Added.
816         (JSC::AllowMacroScratchRegisterUsage::AllowMacroScratchRegisterUsage):
817         (JSC::AllowMacroScratchRegisterUsage::~AllowMacroScratchRegisterUsage):
818         * assembler/DisallowMacroScratchRegisterUsage.h: Added.
819         (JSC::DisallowMacroScratchRegisterUsage::DisallowMacroScratchRegisterUsage):
820         (JSC::DisallowMacroScratchRegisterUsage::~DisallowMacroScratchRegisterUsage):
821         * assembler/MacroAssemblerX86Common.h:
822         (JSC::MacroAssemblerX86Common::scratchRegister):
823         (JSC::MacroAssemblerX86Common::loadDouble):
824         (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
825         * assembler/MacroAssemblerX86_64.h:
826         (JSC::MacroAssemblerX86_64::add32):
827         (JSC::MacroAssemblerX86_64::and32):
828         (JSC::MacroAssemblerX86_64::or32):
829         (JSC::MacroAssemblerX86_64::sub32):
830         (JSC::MacroAssemblerX86_64::load8):
831         (JSC::MacroAssemblerX86_64::addDouble):
832         (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
833         (JSC::MacroAssemblerX86_64::store32):
834         (JSC::MacroAssemblerX86_64::store8):
835         (JSC::MacroAssemblerX86_64::callWithSlowPathReturnType):
836         (JSC::MacroAssemblerX86_64::call):
837         (JSC::MacroAssemblerX86_64::jump):
838         (JSC::MacroAssemblerX86_64::tailRecursiveCall):
839         (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
840         (JSC::MacroAssemblerX86_64::branchAdd32):
841         (JSC::MacroAssemblerX86_64::add64):
842         (JSC::MacroAssemblerX86_64::addPtrNoFlags):
843         (JSC::MacroAssemblerX86_64::and64):
844         (JSC::MacroAssemblerX86_64::lshift64):
845         (JSC::MacroAssemblerX86_64::or64):
846         (JSC::MacroAssemblerX86_64::sub64):
847         (JSC::MacroAssemblerX86_64::store64):
848         (JSC::MacroAssemblerX86_64::store64WithAddressOffsetPatch):
849         (JSC::MacroAssemblerX86_64::branch64):
850         (JSC::MacroAssemblerX86_64::branchPtr):
851         (JSC::MacroAssemblerX86_64::branchTest64):
852         (JSC::MacroAssemblerX86_64::test64):
853         (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
854         (JSC::MacroAssemblerX86_64::branch32WithPatch):
855         (JSC::MacroAssemblerX86_64::storePtrWithPatch):
856         (JSC::MacroAssemblerX86_64::branch8):
857         (JSC::MacroAssemblerX86_64::branchTest8):
858         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
859         (JSC::MacroAssemblerX86_64::readCallTarget):
860         (JSC::MacroAssemblerX86_64::haveScratchRegisterForBlinding):
861         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
862         (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranchPtrWithPatch):
863         (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranch32WithPatch):
864         (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranchPtrWithPatch):
865         (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranch32WithPatch):
866         (JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch):
867         (JSC::MacroAssemblerX86_64::repatchCall):
868         (JSC::MacroAssemblerX86_64::add64AndSetFlags):
869         * b3/air/AirGenerate.cpp:
870         (JSC::B3::Air::generate):
871         * b3/testb3.cpp:
872         (JSC::B3::testSimplePatchpoint):
873         (JSC::B3::testSimplePatchpointWithoutOuputClobbersGPArgs):
874         (JSC::B3::testSimplePatchpointWithOuputClobbersGPArgs):
875         (JSC::B3::testSimplePatchpointWithoutOuputClobbersFPArgs):
876         (JSC::B3::testSimplePatchpointWithOuputClobbersFPArgs):
877         (JSC::B3::testPatchpointCallArg):
878         (JSC::B3::testPatchpointFixedRegister):
879         (JSC::B3::testPatchpointAny):
880         (JSC::B3::testPatchpointAnyImm):
881         (JSC::B3::testSimpleCheck):
882         (JSC::B3::testCheckLessThan):
883         (JSC::B3::testCheckMegaCombo):
884         (JSC::B3::testCheckAddImm):
885         (JSC::B3::testCheckAddImmCommute):
886         (JSC::B3::testCheckAddImmSomeRegister):
887         (JSC::B3::testCheckAdd):
888         (JSC::B3::testCheckAdd64):
889         (JSC::B3::testCheckAddFoldFail):
890         (JSC::B3::testCheckSubImm):
891         (JSC::B3::testCheckSubBadImm):
892         (JSC::B3::testCheckSub):
893         (JSC::B3::testCheckSub64):
894         (JSC::B3::testCheckSubFoldFail):
895         (JSC::B3::testCheckNeg):
896         (JSC::B3::testCheckNeg64):
897         (JSC::B3::testCheckMul):
898         (JSC::B3::testCheckMulMemory):
899         (JSC::B3::testCheckMul2):
900         (JSC::B3::testCheckMul64):
901         (JSC::B3::testCheckMulFoldFail):
902         (JSC::B3::genericTestCompare):
903         * dfg/DFGCommon.h:
904         * jit/GPRInfo.h:
905         (JSC::GPRInfo::toRegister):
906         (JSC::GPRInfo::reservedRegisters):
907
908 2015-11-26  Mark Lam  <mark.lam@apple.com>
909
910         [ARM64] stress/op_div.js is failing on some divide by 0 cases.
911         https://bugs.webkit.org/show_bug.cgi?id=151515
912
913         Reviewed by Saam Barati.
914
915         * dfg/DFGSpeculativeJIT.cpp:
916         (JSC::DFG::SpeculativeJIT::compileArithDiv):
917         - Added a check for the divide by zero case.
918         * tests/stress/op_div.js:
919         - Un-skipped the test.
920
921 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
922
923         [cmake] Add testb3 to the build system
924         https://bugs.webkit.org/show_bug.cgi?id=151619
925
926         Reviewed by Gyuyoung Kim.
927
928         * shell/CMakeLists.txt:
929
930 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
931
932         Use mark pragmas only if it is supported
933         https://bugs.webkit.org/show_bug.cgi?id=151621
934
935         Reviewed by Mark Lam.
936
937         * b3/air/AirIteratedRegisterCoalescing.cpp:
938
939 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
940
941         Fix the ENABLE(B3_JIT) build with GCC in B3Procedure.h
942         https://bugs.webkit.org/show_bug.cgi?id=151620
943
944         Reviewed by Mark Lam.
945
946         * b3/B3Procedure.h:
947
948 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
949
950         [cmake] Add new B3 source files to the build system
951         https://bugs.webkit.org/show_bug.cgi?id=151618
952
953         Reviewed by Gyuyoung Kim.
954
955         * CMakeLists.txt:
956
957 2015-11-26  Carlos Garcia Campos  <cgarcia@igalia.com>
958
959         [GLIB] Implement garbage collector timers
960         https://bugs.webkit.org/show_bug.cgi?id=151391
961
962         Reviewed by Žan Doberšek.
963
964         Add GLib implementation using GSource.
965
966         * heap/EdenGCActivityCallback.cpp:
967         * heap/FullGCActivityCallback.cpp:
968         * heap/GCActivityCallback.cpp:
969         (JSC::GCActivityCallback::GCActivityCallback):
970         (JSC::GCActivityCallback::scheduleTimer):
971         (JSC::GCActivityCallback::cancelTimer):
972         * heap/GCActivityCallback.h:
973         * heap/Heap.cpp:
974         (JSC::Heap::Heap):
975         * heap/HeapTimer.cpp:
976         (JSC::HeapTimer::HeapTimer):
977         (JSC::HeapTimer::~HeapTimer):
978         (JSC::HeapTimer::timerDidFire):
979         * heap/HeapTimer.h:
980         * heap/IncrementalSweeper.cpp:
981         (JSC::IncrementalSweeper::IncrementalSweeper):
982         (JSC::IncrementalSweeper::scheduleTimer):
983         (JSC::IncrementalSweeper::cancelTimer):
984         * heap/IncrementalSweeper.h:
985
986 2015-11-24  Caitlin Potter  <caitp@igalia.com>
987
988         [JSC] support Computed Property Names in destructuring Patterns
989         https://bugs.webkit.org/show_bug.cgi?id=151494
990
991         Reviewed by Saam Barati.
992
993         Add support for computed property names in destructuring BindingPatterns
994         and AssignmentPatterns.
995
996         Productions BindingProperty(1) and AssignmentProperty(2) allow for any valid
997         PropertName(3), including ComputedPropertyName(4)
998
999         1: http://tc39.github.io/ecma262/#prod-BindingProperty
1000         2: http://tc39.github.io/ecma262/#prod-AssignmentProperty
1001         3: http://tc39.github.io/ecma262/#prod-PropertyName
1002         4: http://tc39.github.io/ecma262/#prod-ComputedPropertyName
1003
1004         * bytecompiler/NodesCodegen.cpp:
1005         (JSC::ObjectPatternNode::bindValue):
1006         * parser/ASTBuilder.h:
1007         (JSC::ASTBuilder::appendObjectPatternEntry):
1008         * parser/Nodes.h:
1009         (JSC::ObjectPatternNode::appendEntry):
1010         * parser/Parser.cpp:
1011         (JSC::Parser<LexerType>::parseDestructuringPattern):
1012         * parser/SyntaxChecker.h:
1013         (JSC::SyntaxChecker::operatorStackPop):
1014         * tests/es6.yaml:
1015         * tests/es6/destructuring_assignment_computed_properties.js: Added.
1016         (test):
1017         (test.computeName):
1018         (test.loadValue):
1019         (test.out.get a):
1020         (test.out.set a):
1021         (test.out.get b):
1022         (test.out.set b):
1023         (test.out.get c):
1024         (test.out.set c):
1025         (test.get var):
1026
1027 2015-11-24  Commit Queue  <commit-queue@webkit.org>
1028
1029         Unreviewed, rolling out r192536, r192722, and r192743.
1030         https://bugs.webkit.org/show_bug.cgi?id=151593
1031
1032         Still causing trouble. (Requested by kling on #webkit).
1033
1034         Reverted changesets:
1035
1036         "[JSC] JSPropertyNameEnumerator could be destructorless."
1037         https://bugs.webkit.org/show_bug.cgi?id=151242
1038         http://trac.webkit.org/changeset/192536
1039
1040         "REGRESSION(r192536): Null pointer dereference in
1041         JSPropertyNameEnumerator::visitChildren()."
1042         https://bugs.webkit.org/show_bug.cgi?id=151495
1043         http://trac.webkit.org/changeset/192722
1044
1045         "REGRESSION(r192536): Null pointer dereference in
1046         JSPropertyNameEnumerator::visitChildren()."
1047         https://bugs.webkit.org/show_bug.cgi?id=151495
1048         http://trac.webkit.org/changeset/192743
1049
1050 2015-11-23  Brian Burg  <bburg@apple.com>
1051
1052         Unreviewed, fix the Mac CMake build after r192793.
1053
1054         * PlatformMac.cmake:
1055
1056 2015-11-20  Brian Burg  <bburg@apple.com>
1057
1058         Web Inspector: RemoteInspector should track targets and connections for remote automation
1059         https://bugs.webkit.org/show_bug.cgi?id=151042
1060
1061         Reviewed by Joseph Pecoraro.
1062
1063         Refactor RemoteInspector so it can be used to send listings of different target types.
1064         First, rename Debuggable to RemoteInspectionTarget, and pull things not specific to
1065         remote inspection into the base class RemoteControllableTarget and its Connection class.
1066
1067         Add a new RemoteControllableTarget called RemoteAutomationTarget, used by UIProcess
1068         to support remote UI automation via webinspectord. On the protocol side, this target
1069         uses a new WIRTypeKey called WIRTypeAutomation to distiguish the listing from
1070         Web and JavaScript listings and avoid inventing a new listing mechanism.
1071
1072         * API/JSContextRef.cpp:
1073         (JSGlobalContextGetDebuggerRunLoop):
1074         (JSGlobalContextSetDebuggerRunLoop):
1075         * JavaScriptCore.xcodeproj/project.pbxproj:
1076         * inspector/InspectorFrontendChannel.h:
1077         * inspector/remote/RemoteAutomationTarget.cpp: Added.
1078         (Inspector::RemoteAutomationTarget::setAutomationAllowed): Added.
1079         * inspector/remote/RemoteAutomationTarget.h: Added.
1080         * inspector/remote/RemoteConnectionToTarget.h: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggableConnection.h.
1081         (Inspector::RemoteTargetBlock::RemoteTargetBlock):
1082         (Inspector::RemoteTargetBlock::~RemoteTargetBlock):
1083         (Inspector::RemoteTargetBlock::operator=):
1084         (Inspector::RemoteTargetBlock::operator()):
1085         * inspector/remote/RemoteConnectionToTarget.mm: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggableConnection.mm.
1086         (Inspector::RemoteTargetHandleRunSourceGlobal):
1087         (Inspector::RemoteTargetQueueTaskOnGlobalQueue):
1088         (Inspector::RemoteTargetInitializeGlobalQueue):
1089         (Inspector::RemoteTargetHandleRunSourceWithInfo):
1090         (Inspector::RemoteConnectionToTarget::RemoteConnectionToTarget):
1091         (Inspector::RemoteConnectionToTarget::~RemoteConnectionToTarget):
1092         (Inspector::RemoteConnectionToTarget::destination):
1093         (Inspector::RemoteConnectionToTarget::connectionIdentifier):
1094         (Inspector::RemoteConnectionToTarget::dispatchAsyncOnTarget):
1095         (Inspector::RemoteConnectionToTarget::setup):
1096         (Inspector::RemoteConnectionToTarget::targetClosed):
1097         (Inspector::RemoteConnectionToTarget::close):
1098         (Inspector::RemoteConnectionToTarget::sendMessageToTarget):
1099         (Inspector::RemoteConnectionToTarget::sendMessageToFrontend):
1100         (Inspector::RemoteConnectionToTarget::setupRunLoop):
1101         (Inspector::RemoteConnectionToTarget::teardownRunLoop):
1102         (Inspector::RemoteConnectionToTarget::queueTaskOnPrivateRunLoop):
1103         * inspector/remote/RemoteControllableTarget.cpp: Added.
1104         (Inspector::RemoteControllableTarget::~RemoteControllableTarget):
1105         (Inspector::RemoteControllableTarget::init):
1106         (Inspector::RemoteControllableTarget::update):
1107         * inspector/remote/RemoteControllableTarget.h: Added.
1108         * inspector/remote/RemoteInspectionTarget.cpp: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggable.cpp.
1109         (Inspector::RemoteInspectionTarget::remoteControlAllowed):
1110         (Inspector::RemoteInspectionTarget::setRemoteDebuggingAllowed):
1111         (Inspector::RemoteInspectionTarget::pauseWaitingForAutomaticInspection):
1112         (Inspector::RemoteInspectionTarget::unpauseForInitializedInspector):
1113         * inspector/remote/RemoteInspectionTarget.h: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggable.h.
1114         (isType):
1115         * inspector/remote/RemoteInspector.h:
1116
1117             Code to manage Debuggables now works with RemoteControllableTargets and doesn't
1118             care whether the target is for Inspection or Automation. Listing data with target-
1119             and type-specific information are captured when clients call into RemoteInspector
1120             since that's the easiest time to gather this information on the right thread.
1121             Use the is<> / downcast<> machinery when we need a concrete Target type.
1122
1123         * inspector/remote/RemoteInspector.mm:
1124         (Inspector::RemoteInspector::nextAvailableIdentifier):
1125         (Inspector::RemoteInspector::registerTarget): renamed from registerDebuggable.
1126         (Inspector::RemoteInspector::unregisterTarget): renamed from unregisterDebuggable.
1127         (Inspector::RemoteInspector::updateTarget): renamed from updateDebuggable.
1128         (Inspector::RemoteInspector::updateAutomaticInspectionCandidate):
1129         (Inspector::RemoteInspector::sendMessageToRemote):
1130         (Inspector::RemoteInspector::setupFailed):
1131         (Inspector::RemoteInspector::stopInternal):
1132         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1133         (Inspector::RemoteInspector::xpcConnectionFailed):
1134         (Inspector::RemoteInspector::listingForTarget):
1135         (Inspector::RemoteInspector::listingForInspectionTarget):
1136         (Inspector::RemoteInspector::listingForAutomationTarget):
1137         (Inspector::RemoteInspector::pushListingsNow):
1138         (Inspector::RemoteInspector::pushListingsSoon):
1139         (Inspector::RemoteInspector::receivedSetupMessage):
1140         (Inspector::RemoteInspector::receivedDataMessage):
1141         (Inspector::RemoteInspector::receivedDidCloseMessage):
1142         (Inspector::RemoteInspector::receivedGetListingMessage):
1143         (Inspector::RemoteInspector::receivedIndicateMessage):
1144         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
1145         (Inspector::RemoteInspector::RemoteInspector): Deleted.
1146         (Inspector::RemoteInspector::registerDebuggable): Deleted.
1147         (Inspector::RemoteInspector::unregisterDebuggable): Deleted.
1148         (Inspector::RemoteInspector::updateDebuggable): Deleted.
1149         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate): Deleted.
1150         (Inspector::RemoteInspector::sendMessageToRemoteFrontend): Deleted.
1151         (Inspector::RemoteInspector::listingForDebuggable): Deleted.
1152         (Inspector::RemoteInspector::pushListingNow): Deleted.
1153         (Inspector::RemoteInspector::pushListingSoon): Deleted.
1154         * inspector/remote/RemoteInspectorConstants.h:
1155         * runtime/JSGlobalObjectDebuggable.cpp:
1156         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemote):
1157         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
1158         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend): Deleted.
1159         * runtime/JSGlobalObjectDebuggable.h:
1160
1161 2015-11-23  Brian Burg  <bburg@apple.com>
1162
1163         Rename JavaScriptCore builtins files to match exposed object names
1164         https://bugs.webkit.org/show_bug.cgi?id=151549
1165
1166         Reviewed by Youenn Fablet.
1167
1168         As a subtask of unifying code generation for WebCore and JSC builtins, we need to get rid of
1169         differences between builtins filenames (e.g., Promise.prototype.js) and the name of the
1170         generated Builtin object (PromisePrototype).
1171
1172         If we don't do this, then both build systems need special hacks to normalize the object name
1173         from the file name. It's easier to just normalize the filename.
1174
1175         * CMakeLists.txt:
1176         * DerivedSources.make:
1177         * JavaScriptCore.xcodeproj/project.pbxproj:
1178         * builtins/ArrayIteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/ArrayIterator.prototype.js.
1179         * builtins/ArrayPrototype.js: Renamed from Source/JavaScriptCore/builtins/Array.prototype.js.
1180         * builtins/FunctionPrototype.js: Renamed from Source/JavaScriptCore/builtins/Function.prototype.js.
1181         * builtins/IteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/Iterator.prototype.js.
1182         * builtins/PromiseOperations.js: Renamed from Source/JavaScriptCore/builtins/Operations.Promise.js.
1183         * builtins/PromisePrototype.js: Renamed from Source/JavaScriptCore/builtins/Promise.prototype.js.
1184         * builtins/StringIteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/StringIterator.prototype.js.
1185         * builtins/TypedArrayPrototype.js: Renamed from Source/JavaScriptCore/builtins/TypedArray.prototype.js.
1186
1187 2015-11-23  Andreas Kling  <akling@apple.com>
1188
1189         REGRESSION(r192536): Null pointer dereference in JSPropertyNameEnumerator::visitChildren().
1190         <https://webkit.org/b/151495>
1191
1192         Reviewed by Mark Lam
1193
1194         The test I added when fixing this bug the first time caught another bug when
1195         run on 32-bit: jsString() can also cause GC, so we have to make sure that
1196         JSPropertyNameEnumerator::m_propertyNames is null until after the array it
1197         points to has been populated.
1198
1199         Test: property-name-enumerator-gc-151495.js
1200
1201         * runtime/JSPropertyNameEnumerator.cpp:
1202         (JSC::JSPropertyNameEnumerator::finishCreation):
1203
1204 == Rolled over to ChangeLog-2015-11-21 ==