e6dbe4532f7531b365cc78d8ac095c8dbf5c17e5
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-11-15  Mark Lam  <mark.lam@apple.com>
2
3         RegExp operations should not take fast patch if lastIndex is not numeric.
4         https://bugs.webkit.org/show_bug.cgi?id=191731
5         <rdar://problem/46017305>
6
7         Reviewed by Saam Barati.
8
9         This is because if lastIndex is an object with a valueOf() method, it can execute
10         arbitrary code which may have side effects, and side effects are not permitted by
11         the RegExp fast paths.
12
13         * builtins/RegExpPrototype.js:
14         (globalPrivate.hasObservableSideEffectsForRegExpMatch):
15         (overriddenName.string_appeared_here.search):
16         (globalPrivate.hasObservableSideEffectsForRegExpSplit):
17         (intrinsic.RegExpTestIntrinsic.test):
18         * builtins/StringPrototype.js:
19         (globalPrivate.hasObservableSideEffectsForStringReplace):
20
21 2018-11-15  Keith Rollin  <krollin@apple.com>
22
23         Delete old .xcfilelist files
24         https://bugs.webkit.org/show_bug.cgi?id=191669
25         <rdar://problem/46081994>
26
27         Reviewed by Chris Dumez.
28
29         .xcfilelist files were created and added to the Xcode project files in
30         https://trac.webkit.org/changeset/238008/webkit. However, they caused
31         build issues and they were removed from the Xcode projects in
32         https://trac.webkit.org/changeset/238055/webkit. This check-in removes
33         the files from the repository altogether. They'll ultimately be
34         replaced with new files with names that indicate whether the
35         associated files are inputs to the Run Script phase or are files
36         created by the Run Script phase.
37
38         * DerivedSources.xcfilelist: Removed.
39         * UnifiedSources.xcfilelist: Removed.
40
41 2018-11-14  Keith Rollin  <krollin@apple.com>
42
43         Move scripts for Derived and Unified Sources to external files
44         https://bugs.webkit.org/show_bug.cgi?id=191670
45         <rdar://problem/46082278>
46
47         Reviewed by Keith Miller.
48
49         Move the scripts in the Generate Derived Sources and Generate Unified
50         Sources Run Script phases from the Xcode projects to external shell
51         script files. Then invoke those scripts from the Run Script phases.
52         This refactoring is being performed to support later work that will
53         invoke these scripts in other contexts.
54
55         The scripts were maintained as-is when making the move. I did a little
56         reformatting and added 'set -e' to the top of each file, but that's
57         it.
58
59         * JavaScriptCore.xcodeproj/project.pbxproj:
60         * Scripts/generate-derived-sources.sh: Added.
61         * Scripts/generate-unified-sources.sh: Added.
62
63 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
64
65         Web Inspector: Pass Inspector::FrontendChannel as a reference connect/disconnect methods
66         https://bugs.webkit.org/show_bug.cgi?id=191612
67
68         Reviewed by Matt Baker.
69
70         * inspector/InspectorFrontendRouter.cpp:
71         (Inspector::FrontendRouter::connectFrontend):
72         (Inspector::FrontendRouter::disconnectFrontend):
73         * inspector/InspectorFrontendRouter.h:
74         * inspector/JSGlobalObjectInspectorController.cpp:
75         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
76         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
77         * inspector/JSGlobalObjectInspectorController.h:
78         * inspector/remote/RemoteControllableTarget.h:
79         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
80         (Inspector::RemoteConnectionToTarget::setup):
81         (Inspector::RemoteConnectionToTarget::close):
82         * inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:
83         (Inspector::RemoteConnectionToTarget::setup):
84         (Inspector::RemoteConnectionToTarget::close):
85         * runtime/JSGlobalObjectDebuggable.cpp:
86         (JSC::JSGlobalObjectDebuggable::connect):
87         (JSC::JSGlobalObjectDebuggable::disconnect):
88         * runtime/JSGlobalObjectDebuggable.h:
89
90 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
91
92         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Remote Inspector)
93         https://bugs.webkit.org/show_bug.cgi?id=191494
94         <rdar://problem/45469854>
95
96         Reviewed by Devin Rousso.
97
98         * CMakeLists.txt:
99         * DerivedSources.make:
100         * JavaScriptCore.xcodeproj/project.pbxproj:
101         * Sources.txt:
102         New domain and resources.
103
104         * inspector/protocol/Target.json: Added.
105         New protocol domain, modeled after Worker.json, to allow for
106         multiplexing between different targets.
107
108         * inspector/InspectorTarget.h:
109         Each target will instantiate an InspectorTarget and must
110         provide an identifier, type, and means of connecting/disconnecting
111         to a frontend channel.
112
113         * inspector/agents/InspectorTargetAgent.cpp: Added.
114         (Inspector::InspectorTargetAgent::InspectorTargetAgent):
115         (Inspector::InspectorTargetAgent::didCreateFrontendAndBackend):
116         (Inspector::InspectorTargetAgent::willDestroyFrontendAndBackend):
117         (Inspector::InspectorTargetAgent::exists):
118         (Inspector::InspectorTargetAgent::initialized):
119         (Inspector::InspectorTargetAgent::sendMessageToTarget):
120         (Inspector::InspectorTargetAgent::sendMessageFromTargetToFrontend):
121         (Inspector::targetTypeToProtocolType):
122         (Inspector::buildTargetInfoObject):
123         (Inspector::InspectorTargetAgent::targetCreated):
124         (Inspector::InspectorTargetAgent::targetTerminated):
125         (Inspector::InspectorTargetAgent::connectToTargets):
126         (Inspector::InspectorTargetAgent::disconnectFromTargets):
127         * inspector/agents/InspectorTargetAgent.h: Added.
128         TargetAgent holds a list of targets, and connects/disconnects to each
129         of the targets when a frontend connects/disconnects.
130
131         * inspector/scripts/codegen/generator.py:
132         Better enum casing of ServiceWorker.
133
134 2018-11-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
135
136         Unreviewed, rolling in CodeCache in r237254
137         https://bugs.webkit.org/show_bug.cgi?id=190340
138
139         Land the CodeCache part without adding an additional hash value.
140
141         * bytecode/UnlinkedFunctionExecutable.cpp:
142         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
143         * bytecode/UnlinkedFunctionExecutable.h:
144         * parser/SourceCodeKey.h:
145         (JSC::SourceCodeKey::SourceCodeKey):
146         (JSC::SourceCodeKey::operator== const):
147         * runtime/CodeCache.cpp:
148         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
149         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
150         * runtime/CodeCache.h:
151         * runtime/FunctionConstructor.cpp:
152         (JSC::constructFunctionSkippingEvalEnabledCheck):
153         * runtime/FunctionExecutable.cpp:
154         (JSC::FunctionExecutable::fromGlobalCode):
155         * runtime/FunctionExecutable.h:
156
157 2018-11-13  Saam Barati  <sbarati@apple.com>
158
159         ProxyObject should check for VMInquiry and return early before throwing a stack overflow exception
160         https://bugs.webkit.org/show_bug.cgi?id=191601
161
162         Reviewed by Mark Lam.
163
164         This doesn't fix any bugs today, but it may reduce future bugs. It was
165         always weird that ProxyObject::getOwnPropertySlot with VMInquiry might
166         throw a stack overflow error instead of just returning false like it
167         normally does when VMInquiry is passed in.
168
169         * runtime/ProxyObject.cpp:
170         (JSC::ProxyObject::getOwnPropertySlotCommon):
171
172 2018-11-13  Saam Barati  <sbarati@apple.com>
173
174         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
175         https://bugs.webkit.org/show_bug.cgi?id=191600
176
177         Reviewed by Mark Lam.
178
179         processLogEntries will call into calculatedClassName, which will clear
180         any exceptions it encounters (it assumes that they're stack overflow exceptions).
181         However, this code may be called when an exception is already pending on the 
182         VM (e.g, when we throw an exception in the DFG, we compile an OSR exit
183         offramp, which may compile a baseline codeblock, which will process
184         the type profiler log). To get around this, processLogEntires should stash
185         away and re-apply any pending exceptions.
186
187         * dfg/DFGDriver.cpp:
188         (JSC::DFG::compileImpl):
189         * dfg/DFGOperations.cpp:
190         * inspector/agents/InspectorRuntimeAgent.cpp:
191         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
192         * jit/JIT.cpp:
193         (JSC::JIT::doMainThreadPreparationBeforeCompile):
194         * jit/JITOperations.cpp:
195         * runtime/CommonSlowPaths.cpp:
196         (JSC::SLOW_PATH_DECL):
197         * runtime/TypeProfilerLog.cpp:
198         (JSC::TypeProfilerLog::processLogEntries):
199         * runtime/TypeProfilerLog.h:
200         * runtime/VM.cpp:
201         (JSC::VM::dumpTypeProfilerData):
202         * runtime/VM.h:
203         (JSC::VM::DeferExceptionScope::DeferExceptionScope):
204         * tools/JSDollarVM.cpp:
205         (JSC::functionFindTypeForExpression):
206         (JSC::functionReturnTypeFor):
207
208 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
209
210         Unreviewed, rolling out r238132.
211
212         The test added with this change is timing out on Debug JSC
213         bots.
214
215         Reverted changeset:
216
217         "[BigInt] JSBigInt::createWithLength should throw when length
218         is greater than JSBigInt::maxLength"
219         https://bugs.webkit.org/show_bug.cgi?id=190836
220         https://trac.webkit.org/changeset/238132
221
222 2018-11-12  Mark Lam  <mark.lam@apple.com>
223
224         Add OOM detection to StringPrototype's substituteBackreferences().
225         https://bugs.webkit.org/show_bug.cgi?id=191563
226         <rdar://problem/45720428>
227
228         Reviewed by Saam Barati.
229
230         * dfg/DFGStrengthReductionPhase.cpp:
231         (JSC::DFG::StrengthReductionPhase::handleNode):
232         * runtime/StringPrototype.cpp:
233         (JSC::substituteBackreferencesSlow):
234         (JSC::substituteBackreferencesInline):
235         (JSC::substituteBackreferences):
236         (JSC::replaceUsingRegExpSearch):
237         (JSC::replaceUsingStringSearch):
238         * runtime/StringPrototype.h:
239
240 2018-11-13  Mark Lam  <mark.lam@apple.com>
241
242         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
243         https://bugs.webkit.org/show_bug.cgi?id=191579
244         <rdar://problem/45942472>
245
246         Reviewed by Saam Barati.
247
248         Both of these functions do a lot of work.  It would be good for the topCallFrame
249         to be correct should we need to throw an exception.
250
251         For example, we've observed the following crash trace:
252
253           * frame #0: WTFCrash() at Assertions.cpp:253
254             frame #1: ...
255             frame #2: JSC::StructureIDTable::get(this=0x00006040000162f0, structureID=1874583248) at StructureIDTable.h:129
256             frame #3: JSC::VM::getStructure(this=0x0000604000016210, id=4022066896) at VM.h:705
257             frame #4: JSC::JSCell::structure(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:125
258             frame #5: JSC::JSCell::classInfo(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:335
259             frame #6: JSC::JSCell::inherits(this=0x00007ffeefbbde30, vm=0x0000604000016210, info=0x0000000105eaf020) const at JSCellInlines.h:302
260             frame #7: JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(from=0x00007ffeefbbde30) at JSCast.h:36
261             frame #8: JSC::asObject(cell=0x00007ffeefbbde30) at JSObject.h:1299
262             frame #9: JSC::asObject(value=JSValue @ 0x00007ffeefbba380) at JSObject.h:1304
263             frame #10: JSC::Register::object(this=0x00007ffeefbbdd58) const at JSObject.h:1514
264             frame #11: JSC::ExecState::jsCallee(this=0x00007ffeefbbdd40) const at CallFrame.h:107
265             frame #12: JSC::ExecState::isStackOverflowFrame(this=0x00007ffeefbbdd40) const at CallFrameInlines.h:36
266             frame #13: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:52
267             frame #14: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:41
268             frame #15: void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>&, unsigned long, unsigned long)::$_3>(startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800, functor=0x00007ffeefbbaa60)::$_3 const&) at StackVisitor.h:147
269             frame #16: JSC::Interpreter::getStackTrace(this=0x0000602000005db0, owner=0x000062d00020cbe0, results=0x00006020000249d0, framesToSkip=0, maxStackSize=1) at Interpreter.cpp:437
270             frame #17: JSC::getStackTrace(exec=0x000062d00002c048, vm=0x0000631000000800, obj=0x000062d00020cbe0, useCurrentFrame=true) at Error.cpp:170
271             frame #18: JSC::ErrorInstance::finishCreation(this=0x000062d00020cbe0, exec=0x000062d00002c048, vm=0x0000631000000800, message=0x00007ffeefbbb800, useCurrentFrame=true) at ErrorInstance.cpp:119
272             frame #19: JSC::ErrorInstance::create(exec=0x000062d00002c048, vm=0x0000631000000800, structure=0x000062d0000f5730, message=0x00007ffeefbbb800, appender=0x0000000000000000, type=TypeNothing, useCurrentFrame=true)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool) at ErrorInstance.h:49
273             frame #20: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800, appender=0x0000000000000000)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred)) at Error.cpp:68
274             frame #21: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800) at Error.cpp:316
275             frame #22: JSC::createStackOverflowError(exec=0x000062d00002c048, globalObject=0x000062d00002c000) at ExceptionHelpers.cpp:77
276             frame #23: JSC::createStackOverflowError(exec=0x000062d00002c048) at ExceptionHelpers.cpp:72
277             frame #24: JSC::throwStackOverflowError(exec=0x000062d00002c048, scope=0x00007ffeefbbbaa0) at ExceptionHelpers.cpp:335
278             frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372
279             frame #26: JSC::ProxyObject::getOwnPropertySlot(object=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbd40, slot=0x00007ffeefbbc720) at ProxyObject.cpp:395
280             frame #27: JSC::JSObject::getNonIndexPropertySlot(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbea0, slot=0x00007ffeefbbc720) at JSObjectInlines.h:150
281             frame #28: bool JSC::JSObject::getPropertySlot<false>(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbc320, slot=0x00007ffeefbbc720) at JSObject.h:1424
282             frame #29: JSC::JSObject::calculatedClassName(object=0x000062d000200e40) at JSObject.cpp:535
283             frame #30: JSC::Structure::toStructureShape(this=0x000062d000007410, value=JSValue @ 0x00007ffeefbbcae0, sawPolyProtoStructure=0x00007ffeefbbcf60) at Structure.cpp:1142
284             frame #31: JSC::TypeProfilerLog::processLogEntries(this=0x000060400000a950, reason=0x00007ffeefbbd5c0) at TypeProfilerLog.cpp:89
285             frame #32: JSC::JIT::doMainThreadPreparationBeforeCompile(this=0x0000619000034da0) at JIT.cpp:951
286             frame #33: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:43
287             frame #34: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:42
288             frame #35: JSC::JITWorklist::compileLater(this=0x0000616000001b80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:256
289             frame #36: JSC::LLInt::jitCompileAndSetHeuristics(codeBlock=0x000062d0001d88c0, exec=0x00007ffeefbbde30, loopOSREntryBytecodeOffset=0) at LLIntSlowPaths.cpp:391
290             frame #37: llint_replace(exec=0x00007ffeefbbde30, pc=0x00006040000161ba) at LLIntSlowPaths.cpp:516
291             frame #38: llint_entry at LowLevelInterpreter64.asm:98
292             frame #39: vmEntryToJavaScript at LowLevelInterpreter64.asm:296
293             ...
294
295         This crash occurred because StackVisitor was seeing an invalid topCallFrame while
296         trying to capture the Error stack while throwing a StackOverflowError below
297         llint_replace.  While in this specific example, it is questionable whether we
298         should be executing JS code below TypeProfilerLog::processLogEntries(), it is
299         correct to have set the topCallFrame in llint_replace.  We do this by calling
300         LLINT_BEGIN_NO_SET_PC() at the top of llint_replace.
301
302         We also do the same for llint_osr.
303         
304         Note: both of these LLInt slow path functions are called with a fully initialized
305         CallFrame.  Hence, there's no issue with setting topCallFrame to their CallFrames
306         for these functions.
307
308         * llint/LLIntSlowPaths.cpp:
309         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
310
311 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
312
313         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
314         https://bugs.webkit.org/show_bug.cgi?id=190836
315
316         Reviewed by Saam Barati.
317
318         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
319         where we allocate a BigInt trusting the length received as argument.
320         With this additional method, we now check if length passed to
321         `JSBigInt::createWithLength` is not greater than JSBigInt::maxLength.
322         When the length is greater than maxLength, we then throw OOM
323         exception.
324         This required change the interface of some JSBigInt operations to
325         receive `ExecState*` instead of `VM&`. We changed only operations that
326         can throw because of OOM.
327         We beleive that this approach of throwing instead of finishing the
328         execution abruptly is better because JS programs can catch such
329         exception and handle this issue properly.
330
331         * dfg/DFGOperations.cpp:
332         * jit/JITOperations.cpp:
333         * runtime/CommonSlowPaths.cpp:
334         (JSC::SLOW_PATH_DECL):
335         * runtime/JSBigInt.cpp:
336         (JSC::JSBigInt::createZero):
337         (JSC::JSBigInt::tryCreateWithLength):
338         (JSC::JSBigInt::createWithLengthUnchecked):
339         (JSC::JSBigInt::createFrom):
340         (JSC::JSBigInt::multiply):
341         (JSC::JSBigInt::divide):
342         (JSC::JSBigInt::copy):
343         (JSC::JSBigInt::unaryMinus):
344         (JSC::JSBigInt::remainder):
345         (JSC::JSBigInt::add):
346         (JSC::JSBigInt::sub):
347         (JSC::JSBigInt::bitwiseAnd):
348         (JSC::JSBigInt::bitwiseOr):
349         (JSC::JSBigInt::bitwiseXor):
350         (JSC::JSBigInt::absoluteAdd):
351         (JSC::JSBigInt::absoluteSub):
352         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
353         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
354         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
355         (JSC::JSBigInt::absoluteBitwiseOp):
356         (JSC::JSBigInt::absoluteAddOne):
357         (JSC::JSBigInt::absoluteSubOne):
358         (JSC::JSBigInt::toStringGeneric):
359         (JSC::JSBigInt::rightTrim):
360         (JSC::JSBigInt::allocateFor):
361         (JSC::JSBigInt::createWithLength): Deleted.
362         * runtime/JSBigInt.h:
363         * runtime/Operations.cpp:
364         (JSC::jsAddSlowCase):
365         * runtime/Operations.h:
366         (JSC::jsSub):
367         (JSC::jsMul):
368
369 2018-11-12  Devin Rousso  <drousso@apple.com>
370
371         Web Inspector: Network: show secure certificate details per-request
372         https://bugs.webkit.org/show_bug.cgi?id=191447
373         <rdar://problem/30019476>
374
375         Reviewed by Joseph Pecoraro.
376
377         Add Security domain to hold security related protocol types.
378
379         * CMakeLists.txt:
380         * DerivedSources.make:
381         * inspector/protocol/Network.json:
382         * inspector/protocol/Security.json: Added.
383         * inspector/scripts/codegen/objc_generator.py:
384         (ObjCGenerator):
385
386 2018-11-12  Saam barati  <sbarati@apple.com>
387
388         Unreviewed. Rollout 238026: It caused ~8% JetStream 2 regressions on some iOS devices
389         https://bugs.webkit.org/show_bug.cgi?id=191555
390
391         * bytecode/UnlinkedFunctionExecutable.cpp:
392         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
393         * bytecode/UnlinkedFunctionExecutable.h:
394         * parser/SourceCodeKey.h:
395         (JSC::SourceCodeKey::SourceCodeKey):
396         (JSC::SourceCodeKey::operator== const):
397         * runtime/CodeCache.cpp:
398         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
399         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
400         * runtime/CodeCache.h:
401         * runtime/FunctionConstructor.cpp:
402         (JSC::constructFunctionSkippingEvalEnabledCheck):
403         * runtime/FunctionExecutable.cpp:
404         (JSC::FunctionExecutable::fromGlobalCode):
405         * runtime/FunctionExecutable.h:
406
407 2018-11-11  Benjamin Poulain  <benjamin@webkit.org>
408
409         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
410         https://bugs.webkit.org/show_bug.cgi?id=191492
411
412         Reviewed by Alex Christensen.
413
414         Rename file.
415
416         * API/JSValue.mm:
417
418 2018-11-10  Benjamin Poulain  <benjamin@webkit.org>
419
420         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
421         https://bugs.webkit.org/show_bug.cgi?id=191492
422
423         Reviewed by Alex Christensen.
424
425         * API/JSValue.mm:
426
427 2018-11-10  Michael Catanzaro  <mcatanzaro@igalia.com>
428
429         Unreviewed, silence -Wunused-variable warning
430
431         * bytecode/Opcode.h:
432         (JSC::padOpcodeName):
433
434 2018-11-09  Keith Rollin  <krollin@apple.com>
435
436         Unreviewed build fix after https://bugs.webkit.org/show_bug.cgi?id=191324
437
438         Remove the use of .xcfilelists until their side-effects are better
439         understood.
440
441         * JavaScriptCore.xcodeproj/project.pbxproj:
442
443 2018-11-09  Keith Miller  <keith_miller@apple.com>
444
445         LLInt VectorSizeOffset should be based on offset extraction
446         https://bugs.webkit.org/show_bug.cgi?id=191468
447
448         Reviewed by Yusuke Suzuki.
449
450         This patch also adds some usings to LLIntOffsetsExtractor that
451         make it possible to use the bare names of Vector/RefCountedArray
452         in offsets extraction.
453
454         * llint/LLIntOffsetsExtractor.cpp:
455         * llint/LowLevelInterpreter.asm:
456
457 2018-11-09  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
458
459         Unreviewed, rolling in CodeCache in r237254
460         https://bugs.webkit.org/show_bug.cgi?id=190340
461
462         Land the CodeCache part, which uses DefaultHash<>::Hash instead of computeHash.
463
464         * bytecode/UnlinkedFunctionExecutable.cpp:
465         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
466         * bytecode/UnlinkedFunctionExecutable.h:
467         * parser/SourceCodeKey.h:
468         (JSC::SourceCodeKey::SourceCodeKey):
469         (JSC::SourceCodeKey::operator== const):
470         * runtime/CodeCache.cpp:
471         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
472         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
473         * runtime/CodeCache.h:
474         * runtime/FunctionConstructor.cpp:
475         (JSC::constructFunctionSkippingEvalEnabledCheck):
476         * runtime/FunctionExecutable.cpp:
477         (JSC::FunctionExecutable::fromGlobalCode):
478         * runtime/FunctionExecutable.h:
479
480 2018-11-08  Keith Miller  <keith_miller@apple.com>
481
482         put_by_val opcodes need to add the number tag as a 64-bit register
483         https://bugs.webkit.org/show_bug.cgi?id=191456
484
485         Reviewed by Saam Barati.
486
487         Previously the LLInt would add it as a pointer sized value. That is
488         wrong if pointer size is less 64-bits.
489
490         * llint/LowLevelInterpreter64.asm:
491
492 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
493
494         [JSC] isStrWhiteSpace seems redundant with Lexer<UChar>::isWhiteSpace
495         https://bugs.webkit.org/show_bug.cgi?id=191439
496
497         Reviewed by Saam Barati.
498
499         * CMakeLists.txt:
500         * runtime/ParseInt.h:
501         (JSC::isStrWhiteSpace):
502         Define isStrWhiteSpace in terms of isWhiteSpace and isLineTerminator.
503
504 2018-11-08  Michael Saboff  <msaboff@apple.com>
505
506         Options::useRegExpJIT() should use jitEnabledByDefault() just like useJIT()
507         https://bugs.webkit.org/show_bug.cgi?id=191444
508
509         Reviewed by Saam Barati.
510
511         * runtime/Options.h:
512
513 2018-11-08  Fujii Hironori  <Hironori.Fujii@sony.com>
514
515         [Win] UDis86Disassembler.cpp: warning: format specifies type 'unsigned long' but the argument has type 'uintptr_t' (aka 'unsigned long long')
516         https://bugs.webkit.org/show_bug.cgi?id=191416
517
518         Reviewed by Saam Barati.
519
520         * disassembler/UDis86Disassembler.cpp:
521         (JSC::tryToDisassembleWithUDis86): Use PRIxPTR for uintptr_t.
522
523 2018-11-08  Keith Rollin  <krollin@apple.com>
524
525         Create .xcfilelist files
526         https://bugs.webkit.org/show_bug.cgi?id=191324
527         <rdar://problem/45852819>
528
529         Reviewed by Alex Christensen.
530
531         As part of preparing for enabling XCBuild, create and use .xcfilelist
532         files. These files are using during Run Script build phases in an
533         Xcode project. If a Run Script build phase produces new files that are
534         used later as inputs to subsequent build phases, XCBuild needs to know
535         about these files. These files can be either specified in an "output
536         files" section of the Run Script phase editor, or in .xcfilelist files
537         that are associated with the Run Script build phase.
538
539         This patch takes the second approach. It consists of three sets of changes:
540
541         - Modify the DerivedSources.make files to have a
542           'print_all_generated_files" target that produces a list of the files
543           they create.
544
545         - Create a shell script that produces .xcfilelist files from the
546           output of the previous step, as well as for the files created in the
547           Generate Unified Sources build steps.
548
549         - Add the new .xcfilelist files to the associated projects.
550
551         Note that, with these changes, the Xcode workspace and projects can no
552         longer be fully loaded into Xcode 9. Xcode will attempt to load the
553         projects that have .xcfilelist files associated with them, but will
554         fail and display a placeholder for those projects instead. It's
555         expected that all developers are using Xcode 10 by now and that not
556         being able to load into Xcode 9 is not a practical issue. Keep in mind
557         that this is strictly an IDE issue, and that the projects can still be
558         built with `xcodebuild`.
559
560         Also note that the shell script that creates the .xcfilelist files can
561         also be used to verify that the set of files that's currently checked
562         in is up-to-date. This checking can be used as part of a check-in hook
563         or part of check-webkit-style to sooner catch cases where the
564         .xcfilelist files need to be regenerated.
565
566         * DerivedSources.make:
567         * DerivedSources.xcfilelist: Added.
568         * JavaScriptCore.xcodeproj/project.pbxproj:
569         * UnifiedSources.xcfilelist: Added.
570
571 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
572
573         U+180E is no longer a whitespace character
574         https://bugs.webkit.org/show_bug.cgi?id=191415
575
576         Reviewed by Saam Barati.
577
578         Mongolian Vowel Separator stopped being a valid whitespace character as of ES2016.
579         (https://github.com/tc39/ecma262/pull/300)
580
581         * parser/Lexer.h:
582         (JSC::Lexer<UChar>::isWhiteSpace):
583         * runtime/ParseInt.h:
584         (JSC::isStrWhiteSpace):
585         * yarr/create_regex_tables:
586
587 2018-11-08  Keith Miller  <keith_miller@apple.com>
588
589         jitEnabledByDefault() should be on useJIT not useBaselineJIT
590         https://bugs.webkit.org/show_bug.cgi?id=191434
591
592         Reviewed by Saam Barati.
593
594         * runtime/Options.h:
595
596 2018-11-08  Joseph Pecoraro  <pecoraro@apple.com>
597
598         Web Inspector: Restrict domains at the target level instead of only at the window level
599         https://bugs.webkit.org/show_bug.cgi?id=191344
600
601         Reviewed by Devin Rousso.
602
603         * inspector/protocol/Console.json:
604         * inspector/protocol/Debugger.json:
605         * inspector/protocol/Heap.json:
606         * inspector/protocol/Runtime.json:
607         Remove workerSupported as it is now no longer necessary. It is implied
608         by availability being empty (meaning it is supported everywhere).
609
610         * inspector/protocol/Inspector.json:
611         * inspector/protocol/ScriptProfiler.json:
612         Restrict to "javascript" and "web" debuggables, not available in workers.
613
614         * inspector/protocol/Worker.json:
615         Cleanup, remove empty types list.
616         
617         * inspector/protocol/Recording.json:
618         Cleanup, only expose this in the "web" domain for now.
619
620         * inspector/scripts/codegen/generate_js_backend_commands.py:
621         (JSBackendCommandsGenerator.generate_domain):
622         * inspector/scripts/codegen/models.py:
623         (Protocol.parse_domain):
624         Allow a list of debuggable types. Add "worker" even though it is unused
625         since that is a type we would want to allow or consider.
626
627         (Domain.__init__):
628         (Domains):
629         Remove now unnecessary workerSupported code.
630         Allow availability on a domain with only types.
631
632         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Removed.
633         * inspector/scripts/tests/generic/worker-supported-domains.json: Removed.
634
635 2018-11-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
636
637         Consider removing double load for accessing the MetadataTable from LLInt
638         https://bugs.webkit.org/show_bug.cgi?id=190933
639
640         Reviewed by Keith Miller.
641
642         This patch removes double load for accesses to MetadataTable from LLInt.
643         MetadataTable is now specially RefCounted class, which has interesting memory layout.
644         When refcount becomes 0, MetadataTable asks UnlinkedMetadataTable to destroy itself.
645
646         * bytecode/CodeBlock.cpp:
647         (JSC::CodeBlock::finishCreation):
648         (JSC::CodeBlock::estimatedSize):
649         (JSC::CodeBlock::visitChildren):
650         * bytecode/CodeBlock.h:
651         (JSC::CodeBlock::metadata):
652         * bytecode/CodeBlockInlines.h:
653         (JSC::CodeBlock::forEachValueProfile):
654         (JSC::CodeBlock::forEachArrayProfile):
655         (JSC::CodeBlock::forEachArrayAllocationProfile):
656         (JSC::CodeBlock::forEachObjectAllocationProfile):
657         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
658         * bytecode/MetadataTable.cpp:
659         (JSC::MetadataTable::MetadataTable):
660         (JSC::MetadataTable::~MetadataTable):
661         (JSC::MetadataTable::sizeInBytes):
662         * bytecode/MetadataTable.h:
663         (JSC::MetadataTable::get):
664         (JSC::MetadataTable::forEach):
665         (JSC::MetadataTable::ref const):
666         (JSC::MetadataTable::deref const):
667         (JSC::MetadataTable::refCount const):
668         (JSC::MetadataTable::hasOneRef const):
669         (JSC::MetadataTable::buffer):
670         (JSC::MetadataTable::linkingData const):
671         (JSC::MetadataTable::getImpl):
672         * bytecode/UnlinkedMetadataTable.h:
673         (JSC::UnlinkedMetadataTable::buffer const):
674         * bytecode/UnlinkedMetadataTableInlines.h:
675         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
676         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
677         (JSC::UnlinkedMetadataTable::addEntry):
678         (JSC::UnlinkedMetadataTable::sizeInBytes):
679         (JSC::UnlinkedMetadataTable::finalize):
680         (JSC::UnlinkedMetadataTable::link):
681         (JSC::UnlinkedMetadataTable::unlink):
682         * llint/LowLevelInterpreter.asm:
683         * llint/LowLevelInterpreter32_64.asm:
684
685 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
686
687         [BigInt] Add support to BigInt into ValueAdd
688         https://bugs.webkit.org/show_bug.cgi?id=186177
689
690         Reviewed by Keith Miller.
691
692         We are adding a very primitive specialization case of BigInts into ValueAdd.
693         When compiling a speculated version of this node to BigInt, we are currently
694         calling 'operationAddBigInt', a function that expects only BigInts as
695         parameter and effectly add numbers using JSBigInt::add. To properly
696         speculate BigInt operands, we changed ArithProfile to observe when
697         its result is a BigInt. With this new observation, we are able to identify
698         when ValueAdd results into a String or BigInt.
699
700         Here are some numbers for this specialization running
701         microbenchmarks:
702
703         big-int-simple-add                   21.5411+-1.1096  ^  15.3502+-0.7027  ^ definitely 1.4033x faster
704         big-int-add-prediction-propagation   13.7762+-0.5578  ^  10.8117+-0.5330  ^ definitely 1.2742x faster
705
706         * bytecode/ArithProfile.cpp:
707         (JSC::ArithProfile::emitObserveResult):
708         (JSC::ArithProfile::shouldEmitSetNonNumeric const):
709         (JSC::ArithProfile::shouldEmitSetBigInt const):
710         (JSC::ArithProfile::emitSetNonNumeric const):
711         (JSC::ArithProfile::emitSetBigInt const):
712         (WTF::printInternal):
713         (JSC::ArithProfile::shouldEmitSetNonNumber const): Deleted.
714         (JSC::ArithProfile::emitSetNonNumber const): Deleted.
715         * bytecode/ArithProfile.h:
716         (JSC::ArithProfile::observedUnaryInt):
717         (JSC::ArithProfile::observedUnaryNumber):
718         (JSC::ArithProfile::observedBinaryIntInt):
719         (JSC::ArithProfile::observedBinaryNumberInt):
720         (JSC::ArithProfile::observedBinaryIntNumber):
721         (JSC::ArithProfile::observedBinaryNumberNumber):
722         (JSC::ArithProfile::didObserveNonInt32 const):
723         (JSC::ArithProfile::didObserveNonNumeric const):
724         (JSC::ArithProfile::didObserveBigInt const):
725         (JSC::ArithProfile::setObservedNonNumeric):
726         (JSC::ArithProfile::setObservedBigInt):
727         (JSC::ArithProfile::observeResult):
728         (JSC::ArithProfile::didObserveNonNumber const): Deleted.
729         (JSC::ArithProfile::setObservedNonNumber): Deleted.
730         * dfg/DFGByteCodeParser.cpp:
731         (JSC::DFG::ByteCodeParser::makeSafe):
732         * dfg/DFGFixupPhase.cpp:
733         (JSC::DFG::FixupPhase::fixupNode):
734         * dfg/DFGNode.h:
735         (JSC::DFG::Node::mayHaveNonNumericResult):
736         (JSC::DFG::Node::mayHaveBigIntResult):
737         (JSC::DFG::Node::mayHaveNonNumberResult): Deleted.
738         * dfg/DFGNodeFlags.cpp:
739         (JSC::DFG::dumpNodeFlags):
740         * dfg/DFGNodeFlags.h:
741         * dfg/DFGOperations.cpp:
742         * dfg/DFGOperations.h:
743         * dfg/DFGPredictionPropagationPhase.cpp:
744         * dfg/DFGSpeculativeJIT.cpp:
745         (JSC::DFG::SpeculativeJIT::compileValueAdd):
746         * ftl/FTLLowerDFGToB3.cpp:
747         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
748         * runtime/CommonSlowPaths.cpp:
749         (JSC::updateArithProfileForUnaryArithOp):
750         (JSC::updateArithProfileForBinaryArithOp):
751
752 2018-11-07  Joseph Pecoraro  <pecoraro@apple.com>
753
754         Web Inspector: Fix "Javascript" => "JavaScript" enum in protocol generated objects
755         https://bugs.webkit.org/show_bug.cgi?id=191340
756
757         Reviewed by Devin Rousso.
758
759         * inspector/ConsoleMessage.cpp:
760         (Inspector::messageSourceValue):
761         Use new enum name.
762
763         * inspector/scripts/codegen/generator.py:
764         Correct the casing of "JavaScript".
765
766 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
767
768         Align wide opcodes in the instruction stream
769         https://bugs.webkit.org/show_bug.cgi?id=191254
770
771         Reviewed by Keith Miller.
772
773         Pad the bytecode with nops to ensure that wide opcodes are 4-byte
774         aligned on platforms that don't like unaligned memory access.
775
776         For that, add a new type to represent jump targets, BoundLabel, which
777         delays computing the offset in case we need to emit nops for padding.
778         Extra padding is also emitted before op_yield and at the of each
779         BytecodeWriter fragment, to ensure that the bytecode remains aligned
780         after the rewriting.
781
782         As a side effect, we can longer guarantee that the point immediately
783         before emitting an opcode is the start of that opcode, since nops
784         might be emitted in between if the opcode needs to be wide. To fix
785         that, we only take the offset of opcodes after they have been emitted,
786         using `m_lastInstruction.offset()`.
787
788         * bytecode/BytecodeDumper.h:
789         (JSC::BytecodeDumper::dumpValue):
790         * bytecode/BytecodeGeneratorification.cpp:
791         (JSC::BytecodeGeneratorification::run):
792         * bytecode/BytecodeList.rb:
793         * bytecode/BytecodeRewriter.h:
794         (JSC::BytecodeRewriter::Fragment::align):
795         (JSC::BytecodeRewriter::insertFragmentBefore):
796         (JSC::BytecodeRewriter::insertFragmentAfter):
797         * bytecode/Fits.h:
798         * bytecode/InstructionStream.h:
799         (JSC::InstructionStreamWriter::ref):
800         * bytecode/PreciseJumpTargetsInlines.h:
801         (JSC::updateStoredJumpTargetsForInstruction):
802         * bytecompiler/BytecodeGenerator.cpp:
803         (JSC::Label::setLocation):
804         (JSC::BoundLabel::target):
805         (JSC::BoundLabel::saveTarget):
806         (JSC::BoundLabel::commitTarget):
807         (JSC::BytecodeGenerator::generate):
808         (JSC::BytecodeGenerator::recordOpcode):
809         (JSC::BytecodeGenerator::alignWideOpcode):
810         (JSC::BytecodeGenerator::emitProfileControlFlow):
811         (JSC::BytecodeGenerator::emitResolveScope):
812         (JSC::BytecodeGenerator::emitGetFromScope):
813         (JSC::BytecodeGenerator::emitPutToScope):
814         (JSC::BytecodeGenerator::emitGetById):
815         (JSC::BytecodeGenerator::emitDirectGetById):
816         (JSC::BytecodeGenerator::emitPutById):
817         (JSC::BytecodeGenerator::emitDirectPutById):
818         (JSC::BytecodeGenerator::emitGetByVal):
819         (JSC::BytecodeGenerator::emitCreateThis):
820         (JSC::BytecodeGenerator::beginSwitch):
821         (JSC::BytecodeGenerator::endSwitch):
822         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
823         (JSC::BytecodeGenerator::emitYieldPoint):
824         (JSC::BytecodeGenerator::emitToThis):
825         (JSC::Label::bind): Deleted.
826         * bytecompiler/BytecodeGenerator.h:
827         (JSC::BytecodeGenerator::recordOpcode): Deleted.
828         * bytecompiler/Label.h:
829         (JSC::BoundLabel::BoundLabel):
830         (JSC::BoundLabel::operator int):
831         (JSC::Label::bind):
832         * generator/Opcode.rb:
833
834 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
835
836         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
837         https://bugs.webkit.org/show_bug.cgi?id=191184
838
839         Reviewed by Saam Barati.
840
841         Fix API test on CLoop: we can only disable the LLInt when the JIT is enabled.
842
843         * API/tests/PingPongStackOverflowTest.cpp:
844         (testPingPongStackOverflow):
845
846 2018-11-06  Justin Fan  <justin_fan@apple.com>
847
848         [WebGPU] Experimental prototype for WebGPURenderPipeline and WebGPUSwapChain
849         https://bugs.webkit.org/show_bug.cgi?id=191291
850
851         Reviewed by Myles Maxfield.
852
853         Properly disable WEBGPU on all non-Metal platforms for now.
854
855         * Configurations/FeatureDefines.xcconfig:
856
857 2018-11-06  Keith Rollin  <krollin@apple.com>
858
859         Adjust handling of Include paths that need quoting
860         https://bugs.webkit.org/show_bug.cgi?id=191314
861         <rdar://problem/45849143>
862
863         Reviewed by Dan Bernstein.
864
865         There are several places in the JavaScriptCore Xcode project where the
866         paths defined in HEADER_SEARCH_PATHS are quoted. That is, the
867         definitions look like:
868
869             HEADER_SEARCH_PATHS = (
870                 "\"${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore\"",
871                 "\"${BUILT_PRODUCTS_DIR}/LLIntOffsets/${ARCHS}\"",
872                 "\"$(JAVASCRIPTCORE_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders\"",
873                 "$(inherited)",
874             );
875
876         The idea here is presumably to have the resulting $(CPP) command have
877         -I options where the associated paths are themselves quoted,
878         protecting against space characters in the paths.
879
880         This approach to quote management can break under Xcode 9. If
881         .xcfilelist files are added to the project, the 'objectVersion' value
882         in the Xcode project file is changed from 46 to 51. If a project with
883         objectVersion=51 is presented to Xcode 9 (as can happen when we build
884         for older OS's), it produces build lines where the quotes are escaped,
885         thereby becoming part of the path. The build then fails because a
886         search for a file normally found in a directory called "Foo" will be
887         looked for in "\"Foo\"", which doesn't exist.
888
889         Simply removing the escaped quotes from the HEADER_SEARCH_PATHS
890         definition doesn't work, leading to paths that need quoting due to
891         space characters but that don't get this quoting (the part of the path
892         after the space appears to simply go missing).
893
894         Removing the escaped quotes from the HEADER_SEARCH_PATHS and moving
895         the definitions to the .xcconfig fixes this problem.
896
897         * Configurations/ToolExecutable.xcconfig:
898         * JavaScriptCore.xcodeproj/project.pbxproj:
899
900 2018-11-06  Michael Saboff  <msaboff@apple.com>
901
902         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
903         https://bugs.webkit.org/show_bug.cgi?id=191271
904
905         Reviewed by Saam Barati.
906
907         Fixed use of ThrowScope my adding release() calls.  Found a few places where we needed
908         RETURN_IF_EXCEPTION().  After some code inspections determined that we need to cover the
909         exception bubbling for String.match() with a global RegExp as well as String.replace()
910         and String.search().
911
912         * runtime/RegExpObjectInlines.h:
913         (JSC::RegExpObject::matchInline):
914         (JSC::collectMatches):
915         * runtime/RegExpPrototype.cpp:
916         (JSC::regExpProtoFuncSearchFast):
917         * runtime/StringPrototype.cpp:
918         (JSC::removeUsingRegExpSearch):
919         (JSC::replaceUsingRegExpSearch):
920
921 2018-11-05  Don Olmstead  <don.olmstead@sony.com>
922
923         Fix typos in closing ENABLE guards
924         https://bugs.webkit.org/show_bug.cgi?id=191273
925
926         Reviewed by Keith Miller.
927
928         * ftl/FTLForOSREntryJITCode.h:
929         * ftl/FTLJITCode.h:
930         * jsc.cpp:
931         * wasm/WasmMemoryInformation.h:
932         * wasm/WasmPageCount.h:
933
934 2018-11-05  Keith Miller  <keith_miller@apple.com>
935
936         Make static_asserts in APICast into bitwise_cast
937         https://bugs.webkit.org/show_bug.cgi?id=191272
938
939         Reviewed by Filip Pizlo.
940
941         * API/APICast.h:
942         (toJS):
943         (toJSForGC):
944         (toRef):
945
946 2018-11-05  Dominik Infuehr  <dinfuehr@igalia.com>
947
948         Enable LLInt on ARMv7/Linux
949         https://bugs.webkit.org/show_bug.cgi?id=191190
950
951         Reviewed by Yusuke Suzuki.
952
953         After enabling the new bytecode format in r237547, C_LOOP was
954         forced on all 32-bit platforms. Now enable LLInt again on
955         ARMv7-Thumb2/Linux.
956
957         This adds a callee-saved register in ARMv7/Linux for the metadataTable and
958         stores/restores it on LLInt function calls. It also introduces the globaladdr-
959         instruction for the ARM-offlineasm to access the opcode-table.
960
961         * jit/GPRInfo.h:
962         * jit/RegisterSet.cpp:
963         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
964         * llint/LowLevelInterpreter.asm:
965         * llint/LowLevelInterpreter32_64.asm:
966         * offlineasm/arm.rb:
967         * offlineasm/asm.rb:
968         * offlineasm/instructions.rb:
969
970 2018-11-05  Fujii Hironori  <Hironori.Fujii@sony.com>
971
972         [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class"
973         https://bugs.webkit.org/show_bug.cgi?id=191146
974
975         Reviewed by Yusuke Suzuki.
976
977         * jit/JIT.h: Changed is64BitType from a template class method to a
978         template inner class.
979
980 2018-11-02  Keith Miller  <keith_miller@apple.com>
981
982         Assert JSValues can fit into a pointer when API casting
983         https://bugs.webkit.org/show_bug.cgi?id=191220
984
985         Reviewed by Michael Saboff.
986
987         * API/APICast.h:
988         (toJS):
989         (toJSForGC):
990         (toRef):
991
992 2018-11-02  Michael Saboff  <msaboff@apple.com>
993
994         Rolling in r237753 with unreviewed build fix.
995
996         Fixed issues with DECLARE_THROW_SCOPE placement.
997
998 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
999
1000         Unreviewed, rolling out r237753.
1001
1002         Introduced JSC test failures
1003
1004         Reverted changeset:
1005
1006         "Running out of stack space not properly handled in
1007         RegExp::compile() and its callers"
1008         https://bugs.webkit.org/show_bug.cgi?id=191206
1009         https://trac.webkit.org/changeset/237753
1010
1011 2018-11-02  Michael Saboff  <msaboff@apple.com>
1012
1013         Running out of stack space not properly handled in RegExp::compile() and its callers
1014         https://bugs.webkit.org/show_bug.cgi?id=191206
1015
1016         Reviewed by Filip Pizlo.
1017
1018         Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
1019         up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
1020         to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.
1021
1022         * runtime/RegExp.cpp:
1023         (JSC::RegExp::compile):
1024         (JSC::RegExp::compileMatchOnly):
1025         * runtime/RegExp.h:
1026         * runtime/RegExpInlines.h:
1027         (JSC::RegExp::compileIfNecessary):
1028         (JSC::RegExp::matchInline):
1029         (JSC::RegExp::compileIfNecessaryMatchOnly):
1030         * runtime/RegExpObjectInlines.h:
1031         (JSC::RegExpObject::execInline):
1032         * yarr/YarrErrorCode.h:
1033         (JSC::Yarr::hasHardError):
1034
1035 2018-11-02  Keith Miller  <keith_miller@apple.com>
1036
1037         API should use wrapper object if address is 32-bit
1038         https://bugs.webkit.org/show_bug.cgi?id=191203
1039
1040         Reviewed by Filip Pizlo.
1041
1042         * API/APICast.h:
1043         (toJS):
1044         (toJSForGC):
1045         (toRef):
1046
1047 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
1048
1049         Metadata should not be copyable
1050         https://bugs.webkit.org/show_bug.cgi?id=191193
1051
1052         Reviewed by Keith Miller.
1053
1054         We should only ever hold references to the entry in the metadata table.
1055
1056         * bytecode/CodeBlock.cpp:
1057         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1058         * dfg/DFGByteCodeParser.cpp:
1059         (JSC::DFG::ByteCodeParser::parseBlock):
1060         * generator/Metadata.rb:
1061
1062 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
1063
1064         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
1065         https://bugs.webkit.org/show_bug.cgi?id=191175
1066
1067         Reviewed by Keith Miller.
1068
1069         https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled
1070
1071         * jit/JITExceptions.cpp:
1072         (JSC::genericUnwind):
1073         * llint/LLIntData.h:
1074         (JSC::LLInt::getWideCodePtr):
1075
1076 2018-11-01  Fujii Hironori  <Hironori.Fujii@sony.com>
1077
1078         Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h
1079         https://bugs.webkit.org/show_bug.cgi?id=189693
1080
1081         Reviewed by Yusuke Suzuki.
1082
1083         * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>.
1084         * API/JSStringRef.cpp: Ditto.
1085         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
1086         * wasm/WasmParser.h: Ditto.
1087
1088 2018-11-01  Keith Miller  <keith_miller@apple.com>
1089
1090         Unreviewed, JavaScriptCore should only guarantee to produce a
1091         modulemap if we are building for iOSMac.
1092
1093         * Configurations/JavaScriptCore.xcconfig:
1094
1095 2018-10-31  Devin Rousso  <drousso@apple.com>
1096
1097         Web Inspector: Canvas: create a setting for auto-recording newly created contexts
1098         https://bugs.webkit.org/show_bug.cgi?id=190856
1099
1100         Reviewed by Brian Burg.
1101
1102         * inspector/protocol/Canvas.json:
1103         Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record
1104         immediately after a context is created.
1105
1106         * inspector/protocol/Recording.json:
1107         Add `creation` value for `Initiator` enum.
1108
1109 2018-10-31  Devin Rousso  <drousso@apple.com>
1110
1111         Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls
1112         https://bugs.webkit.org/show_bug.cgi?id=190641
1113         <rdar://problem/45319049>
1114
1115         Reviewed by Joseph Pecoraro.
1116
1117         * inspector/protocol/DOM.json:
1118         Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine
1119         whether a video element's low power state has changed.
1120
1121 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1122
1123         Adjust inlining threshold for new bytecode format
1124         https://bugs.webkit.org/show_bug.cgi?id=191115
1125
1126         Reviewed by Saam Barati.
1127
1128         The new format reduced the number of operands for many opcodes, which
1129         changed inlining decisions and impacted performance negatively.
1130
1131         * runtime/Options.h:
1132
1133 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1134
1135         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
1136         https://bugs.webkit.org/show_bug.cgi?id=191108
1137         <rdar://problem/45690700>
1138
1139         Reviewed by Saam Barati.
1140
1141         When linking the handler, we need to check whether the target op_catch is
1142         wide or narrow in order to chose the right code pointer for the handler.
1143
1144         * bytecode/CodeBlock.cpp:
1145         (JSC::CodeBlock::finishCreation):
1146
1147 2018-10-31  Dominik Infuehr  <dinfuehr@igalia.com>
1148
1149         Align entries in metadata table
1150         https://bugs.webkit.org/show_bug.cgi?id=191062
1151
1152         Reviewed by Filip Pizlo.
1153
1154         Entries in the metadata table need to be aligned on some 32-bit
1155         architectures.
1156
1157         * bytecode/MetadataTable.h:
1158         (JSC::MetadataTable::forEach):
1159         * bytecode/Opcode.cpp:
1160         (JSC::metadataAlignment):
1161         * bytecode/Opcode.h:
1162         * bytecode/UnlinkedMetadataTableInlines.h:
1163         (JSC::UnlinkedMetadataTable::finalize):
1164         * generator/Section.rb:
1165
1166 2018-10-31  Jim Mason  <jmason@ibinx.com>
1167
1168         Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp
1169         https://bugs.webkit.org/show_bug.cgi?id=191063
1170
1171         Reviewed by Yusuke Suzuki.
1172
1173         * wasm/WasmFaultSignalHandler.cpp:
1174
1175 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1176
1177         [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions
1178         https://bugs.webkit.org/show_bug.cgi?id=191092
1179
1180         Reviewed by Saam Barati.
1181
1182         Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the
1183         following things to tighten LLInt ASM code.
1184
1185         1. Remove unnecessary load instructions. Use jmp with BaseIndex directly.
1186         2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical
1187         since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is
1188         a power of two, we convert it to lshift instruction.
1189
1190         * llint/LowLevelInterpreter32_64.asm:
1191         * llint/LowLevelInterpreter64.asm:
1192         * offlineasm/arm64.rb:
1193         * offlineasm/instructions.rb:
1194         * offlineasm/x86.rb:
1195
1196 2018-10-30  Don Olmstead  <don.olmstead@sony.com>
1197
1198         [PlayStation] Enable JavaScriptCore
1199         https://bugs.webkit.org/show_bug.cgi?id=191072
1200
1201         Reviewed by Brent Fulgham.
1202
1203         Add platform files for the PlayStation port.
1204
1205         * PlatformPlayStation.cmake: Added.
1206
1207 2018-10-30  Alexey Proskuryakov  <ap@apple.com>
1208
1209         Clean up some obsolete MAX_ALLOWED macros
1210         https://bugs.webkit.org/show_bug.cgi?id=190916
1211
1212         Reviewed by Tim Horton.
1213
1214         * API/JSManagedValue.mm:
1215         * API/JSVirtualMachine.mm:
1216         * API/JSWrapperMap.mm:
1217
1218 2018-10-30  Ross Kirsling  <ross.kirsling@sony.com>
1219
1220         useProbeOSRExit causes failures for Win64 DFG JIT
1221         https://bugs.webkit.org/show_bug.cgi?id=190656
1222
1223         Reviewed by Keith Miller.
1224
1225         * assembler/ProbeContext.cpp:
1226         (JSC::Probe::executeProbe):
1227         If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
1228         then let's just call lowWatermarkFromVisitingDirtyPages instead.
1229
1230         * dfg/DFGOSRExit.cpp:
1231         (JSC::DFG::OSRExit::executeOSRExit):
1232         The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
1233         mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
1234         (Also, stop redundantly setting the stack pointer twice in a row.)
1235
1236 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1237
1238         "Unreviewed, partial rolling in r237254"
1239         https://bugs.webkit.org/show_bug.cgi?id=190340
1240
1241         This only adds Parser.{cpp,h}. And it is not used in this patch.
1242         It examines that the regression is related to exact Parser changes.
1243
1244         * parser/Parser.cpp:
1245         (JSC::Parser<LexerType>::parseInner):
1246         (JSC::Parser<LexerType>::parseSingleFunction):
1247         (JSC::Parser<LexerType>::parseFunctionInfo):
1248         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1249         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
1250         * parser/Parser.h:
1251         (JSC::Parser<LexerType>::parse):
1252         (JSC::parse):
1253         (JSC::parseFunctionForFunctionConstructor):
1254
1255 2018-10-29  Mark Lam  <mark.lam@apple.com>
1256
1257         Correctly detect string overflow when using the 'Function' constructor.
1258         https://bugs.webkit.org/show_bug.cgi?id=184883
1259         <rdar://problem/36320331>
1260
1261         Reviewed by Saam Barati.
1262
1263         Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if
1264         we detect an overflow.
1265
1266         * runtime/FunctionConstructor.cpp:
1267         (JSC::constructFunctionSkippingEvalEnabledCheck):
1268         * runtime/JSGlobalObjectFunctions.cpp:
1269         (JSC::encode):
1270         (JSC::decode):
1271         * runtime/JSONObject.cpp:
1272         (JSC::Stringifier::stringify):
1273         (JSC::Stringifier::appendStringifiedValue):
1274
1275 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1276
1277         Unreviewed, fix JSC on arm64e after r237547
1278         https://bugs.webkit.org/show_bug.cgi?id=187373
1279
1280         Unreviewed.
1281
1282         Remove unused move guarded by POINTER_PROFILING that was trashing the
1283         metadata on arm64e.
1284
1285         * llint/LowLevelInterpreter64.asm:
1286
1287 2018-10-29  Keith Miller  <keith_miller@apple.com>
1288
1289         JSC should explicitly list its modulemap file
1290         https://bugs.webkit.org/show_bug.cgi?id=191032
1291
1292         Reviewed by Saam Barati.
1293
1294         The automagically generated module map file for JSC will
1295         include headers where they may not work out of the box.
1296         This patch makes it so we now export the same modulemap
1297         that used to be provided via the legacy system.
1298
1299         * Configurations/JavaScriptCore.xcconfig:
1300         * JavaScriptCore.modulemap: Added.
1301         * JavaScriptCore.xcodeproj/project.pbxproj:
1302
1303 2018-10-29  Tim Horton  <timothy_horton@apple.com>
1304
1305         Modernize WebKit nibs and lprojs for localization's sake
1306         https://bugs.webkit.org/show_bug.cgi?id=190911
1307         <rdar://problem/45349466>
1308
1309         Reviewed by Dan Bernstein.
1310
1311         * JavaScriptCore.xcodeproj/project.pbxproj:
1312         English->en
1313
1314 2018-10-29  Commit Queue  <commit-queue@webkit.org>
1315
1316         Unreviewed, rolling out r237492.
1317         https://bugs.webkit.org/show_bug.cgi?id=191035
1318
1319         "It regresses JetStream 2 by 5% on some iOS devices"
1320         (Requested by saamyjoon on #webkit).
1321
1322         Reverted changeset:
1323
1324         "Unreviewed, partial rolling in r237254"
1325         https://bugs.webkit.org/show_bug.cgi?id=190340
1326         https://trac.webkit.org/changeset/237492
1327
1328 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1329
1330         Add support for GetStack FlushedDouble
1331         https://bugs.webkit.org/show_bug.cgi?id=191012
1332         <rdar://problem/45265141>
1333
1334         Reviewed by Saam Barati.
1335
1336         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
1337         for doubles, but it turns out it may arise from the PutStack sinking
1338         phase: if we sink a PutStack into a successor block, other predecessors
1339         will emit a GetStack followed by a Upsilon.
1340
1341         * ftl/FTLLowerDFGToB3.cpp:
1342         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
1343
1344 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1345
1346         New bytecode format for JSC
1347         https://bugs.webkit.org/show_bug.cgi?id=187373
1348         <rdar://problem/44186758>
1349
1350         Reviewed by Filip Pizlo.
1351
1352         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
1353         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
1354         operands) and might contain an extra operand, the metadataID. The metadataID is used to
1355         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
1356
1357         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
1358         and types to all its operands. Additionally, reading a bytecode from the instruction stream
1359         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
1360         operands directly from the stream.
1361
1362
1363         * CMakeLists.txt:
1364         * DerivedSources.make:
1365         * JavaScriptCore.xcodeproj/project.pbxproj:
1366         * Sources.txt:
1367         * assembler/MacroAssemblerCodeRef.h:
1368         (JSC::ReturnAddressPtr::ReturnAddressPtr):
1369         (JSC::ReturnAddressPtr::value const):
1370         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
1371         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
1372         * bytecode/ArithProfile.h:
1373         (JSC::ArithProfile::ArithProfile):
1374         * bytecode/ArrayAllocationProfile.h:
1375         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
1376         * bytecode/ArrayProfile.h:
1377         * bytecode/BytecodeBasicBlock.cpp:
1378         (JSC::isJumpTarget):
1379         (JSC::BytecodeBasicBlock::computeImpl):
1380         (JSC::BytecodeBasicBlock::compute):
1381         * bytecode/BytecodeBasicBlock.h:
1382         (JSC::BytecodeBasicBlock::leaderOffset const):
1383         (JSC::BytecodeBasicBlock::totalLength const):
1384         (JSC::BytecodeBasicBlock::offsets const):
1385         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
1386         (JSC::BytecodeBasicBlock::addLength):
1387         * bytecode/BytecodeDumper.cpp:
1388         (JSC::BytecodeDumper<Block>::printLocationAndOp):
1389         (JSC::BytecodeDumper<Block>::dumpBytecode):
1390         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
1391         (JSC::BytecodeDumper<Block>::dumpConstants):
1392         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
1393         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
1394         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
1395         (JSC::BytecodeDumper<Block>::dumpBlock):
1396         * bytecode/BytecodeDumper.h:
1397         (JSC::BytecodeDumper::dumpOperand):
1398         (JSC::BytecodeDumper::dumpValue):
1399         (JSC::BytecodeDumper::BytecodeDumper):
1400         (JSC::BytecodeDumper::block const):
1401         * bytecode/BytecodeGeneratorification.cpp:
1402         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
1403         (JSC::BytecodeGeneratorification::enterPoint const):
1404         (JSC::BytecodeGeneratorification::instructions const):
1405         (JSC::GeneratorLivenessAnalysis::run):
1406         (JSC::BytecodeGeneratorification::run):
1407         (JSC::performGeneratorification):
1408         * bytecode/BytecodeGeneratorification.h:
1409         * bytecode/BytecodeGraph.h:
1410         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
1411         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
1412         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
1413         (JSC::BytecodeGraph::BytecodeGraph):
1414         * bytecode/BytecodeKills.h:
1415         * bytecode/BytecodeList.json: Removed.
1416         * bytecode/BytecodeList.rb: Added.
1417         * bytecode/BytecodeLivenessAnalysis.cpp:
1418         (JSC::BytecodeLivenessAnalysis::dumpResults):
1419         * bytecode/BytecodeLivenessAnalysis.h:
1420         * bytecode/BytecodeLivenessAnalysisInlines.h:
1421         (JSC::isValidRegisterForLiveness):
1422         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
1423         * bytecode/BytecodeRewriter.cpp:
1424         (JSC::BytecodeRewriter::applyModification):
1425         (JSC::BytecodeRewriter::execute):
1426         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
1427         (JSC::BytecodeRewriter::insertImpl):
1428         (JSC::BytecodeRewriter::adjustJumpTarget):
1429         (JSC::BytecodeRewriter::adjustJumpTargets):
1430         * bytecode/BytecodeRewriter.h:
1431         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
1432         (JSC::BytecodeRewriter::Fragment::Fragment):
1433         (JSC::BytecodeRewriter::Fragment::appendInstruction):
1434         (JSC::BytecodeRewriter::BytecodeRewriter):
1435         (JSC::BytecodeRewriter::insertFragmentBefore):
1436         (JSC::BytecodeRewriter::insertFragmentAfter):
1437         (JSC::BytecodeRewriter::removeBytecode):
1438         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
1439         (JSC::BytecodeRewriter::adjustJumpTarget):
1440         * bytecode/BytecodeUseDef.h:
1441         (JSC::computeUsesForBytecodeOffset):
1442         (JSC::computeDefsForBytecodeOffset):
1443         * bytecode/CallLinkStatus.cpp:
1444         (JSC::CallLinkStatus::computeFromLLInt):
1445         * bytecode/CodeBlock.cpp:
1446         (JSC::CodeBlock::dumpBytecode):
1447         (JSC::CodeBlock::CodeBlock):
1448         (JSC::CodeBlock::finishCreation):
1449         (JSC::CodeBlock::estimatedSize):
1450         (JSC::CodeBlock::visitChildren):
1451         (JSC::CodeBlock::propagateTransitions):
1452         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1453         (JSC::CodeBlock::addJITAddIC):
1454         (JSC::CodeBlock::addJITMulIC):
1455         (JSC::CodeBlock::addJITSubIC):
1456         (JSC::CodeBlock::addJITNegIC):
1457         (JSC::CodeBlock::stronglyVisitStrongReferences):
1458         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
1459         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
1460         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
1461         (JSC::CodeBlock::getArrayProfile):
1462         (JSC::CodeBlock::updateAllArrayPredictions):
1463         (JSC::CodeBlock::predictedMachineCodeSize):
1464         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
1465         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
1466         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1467         (JSC::CodeBlock::validate):
1468         (JSC::CodeBlock::outOfLineJumpOffset):
1469         (JSC::CodeBlock::outOfLineJumpTarget):
1470         (JSC::CodeBlock::arithProfileForBytecodeOffset):
1471         (JSC::CodeBlock::arithProfileForPC):
1472         (JSC::CodeBlock::couldTakeSpecialFastCase):
1473         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1474         * bytecode/CodeBlock.h:
1475         (JSC::CodeBlock::addMathIC):
1476         (JSC::CodeBlock::outOfLineJumpOffset):
1477         (JSC::CodeBlock::bytecodeOffset):
1478         (JSC::CodeBlock::instructions const):
1479         (JSC::CodeBlock::instructionCount const):
1480         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1481         (JSC::CodeBlock::metadata):
1482         (JSC::CodeBlock::metadataSizeInBytes):
1483         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
1484         (JSC::CodeBlock::totalNumberOfValueProfiles):
1485         * bytecode/CodeBlockInlines.h: Added.
1486         (JSC::CodeBlock::forEachValueProfile):
1487         (JSC::CodeBlock::forEachArrayProfile):
1488         (JSC::CodeBlock::forEachArrayAllocationProfile):
1489         (JSC::CodeBlock::forEachObjectAllocationProfile):
1490         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
1491         * bytecode/Fits.h: Added.
1492         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1493         * bytecode/GetByIdStatus.cpp:
1494         (JSC::GetByIdStatus::computeFromLLInt):
1495         * bytecode/Instruction.h:
1496         (JSC::Instruction::Instruction):
1497         (JSC::Instruction::Impl::opcodeID const):
1498         (JSC::Instruction::opcodeID const):
1499         (JSC::Instruction::name const):
1500         (JSC::Instruction::isWide const):
1501         (JSC::Instruction::size const):
1502         (JSC::Instruction::is const):
1503         (JSC::Instruction::as const):
1504         (JSC::Instruction::cast):
1505         (JSC::Instruction::cast const):
1506         (JSC::Instruction::narrow const):
1507         (JSC::Instruction::wide const):
1508         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1509         (JSC::InstructionStream::InstructionStream):
1510         (JSC::InstructionStream::sizeInBytes const):
1511         * bytecode/InstructionStream.h: Added.
1512         (JSC::InstructionStream::BaseRef::BaseRef):
1513         (JSC::InstructionStream::BaseRef::operator=):
1514         (JSC::InstructionStream::BaseRef::operator-> const):
1515         (JSC::InstructionStream::BaseRef::ptr const):
1516         (JSC::InstructionStream::BaseRef::operator!= const):
1517         (JSC::InstructionStream::BaseRef::next const):
1518         (JSC::InstructionStream::BaseRef::offset const):
1519         (JSC::InstructionStream::BaseRef::isValid const):
1520         (JSC::InstructionStream::BaseRef::unwrap const):
1521         (JSC::InstructionStream::MutableRef::freeze const):
1522         (JSC::InstructionStream::MutableRef::operator->):
1523         (JSC::InstructionStream::MutableRef::ptr):
1524         (JSC::InstructionStream::MutableRef::operator Ref):
1525         (JSC::InstructionStream::MutableRef::unwrap):
1526         (JSC::InstructionStream::iterator::operator*):
1527         (JSC::InstructionStream::iterator::operator++):
1528         (JSC::InstructionStream::begin const):
1529         (JSC::InstructionStream::end const):
1530         (JSC::InstructionStream::at const):
1531         (JSC::InstructionStream::size const):
1532         (JSC::InstructionStreamWriter::InstructionStreamWriter):
1533         (JSC::InstructionStreamWriter::ref):
1534         (JSC::InstructionStreamWriter::seek):
1535         (JSC::InstructionStreamWriter::position):
1536         (JSC::InstructionStreamWriter::write):
1537         (JSC::InstructionStreamWriter::rewind):
1538         (JSC::InstructionStreamWriter::finalize):
1539         (JSC::InstructionStreamWriter::swap):
1540         (JSC::InstructionStreamWriter::iterator::operator*):
1541         (JSC::InstructionStreamWriter::iterator::operator++):
1542         (JSC::InstructionStreamWriter::begin):
1543         (JSC::InstructionStreamWriter::end):
1544         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
1545         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
1546         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
1547         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
1548         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
1549         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1550         (JSC::MetadataTable::MetadataTable):
1551         (JSC::DeallocTable::withOpcodeType):
1552         (JSC::MetadataTable::~MetadataTable):
1553         (JSC::MetadataTable::sizeInBytes):
1554         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
1555         (JSC::MetadataTable::get):
1556         (JSC::MetadataTable::forEach):
1557         (JSC::MetadataTable::getImpl):
1558         * bytecode/Opcode.cpp:
1559         (JSC::metadataSize):
1560         * bytecode/Opcode.h:
1561         (JSC::padOpcodeName):
1562         * bytecode/OpcodeInlines.h:
1563         (JSC::isOpcodeShape):
1564         (JSC::getOpcodeType):
1565         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1566         * bytecode/PreciseJumpTargets.cpp:
1567         (JSC::getJumpTargetsForInstruction):
1568         (JSC::computePreciseJumpTargetsInternal):
1569         (JSC::computePreciseJumpTargets):
1570         (JSC::recomputePreciseJumpTargets):
1571         (JSC::findJumpTargetsForInstruction):
1572         * bytecode/PreciseJumpTargets.h:
1573         * bytecode/PreciseJumpTargetsInlines.h:
1574         (JSC::jumpTargetForInstruction):
1575         (JSC::extractStoredJumpTargetsForInstruction):
1576         (JSC::updateStoredJumpTargetsForInstruction):
1577         * bytecode/PutByIdStatus.cpp:
1578         (JSC::PutByIdStatus::computeFromLLInt):
1579         * bytecode/SpecialPointer.cpp:
1580         (WTF::printInternal):
1581         * bytecode/SpecialPointer.h:
1582         * bytecode/UnlinkedCodeBlock.cpp:
1583         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1584         (JSC::UnlinkedCodeBlock::visitChildren):
1585         (JSC::UnlinkedCodeBlock::estimatedSize):
1586         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1587         (JSC::dumpLineColumnEntry):
1588         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
1589         (JSC::UnlinkedCodeBlock::setInstructions):
1590         (JSC::UnlinkedCodeBlock::instructions const):
1591         (JSC::UnlinkedCodeBlock::applyModification):
1592         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
1593         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1594         * bytecode/UnlinkedCodeBlock.h:
1595         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
1596         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
1597         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
1598         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
1599         (JSC::UnlinkedCodeBlock::metadata):
1600         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
1601         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1602         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
1603         * bytecode/UnlinkedInstructionStream.cpp: Removed.
1604         * bytecode/UnlinkedInstructionStream.h: Removed.
1605         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1606         * bytecode/UnlinkedMetadataTableInlines.h: Added.
1607         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1608         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
1609         (JSC::UnlinkedMetadataTable::addEntry):
1610         (JSC::UnlinkedMetadataTable::sizeInBytes):
1611         (JSC::UnlinkedMetadataTable::finalize):
1612         (JSC::UnlinkedMetadataTable::link):
1613         (JSC::UnlinkedMetadataTable::unlink):
1614         * bytecode/VirtualRegister.cpp:
1615         (JSC::VirtualRegister::VirtualRegister):
1616         * bytecode/VirtualRegister.h:
1617         * bytecompiler/BytecodeGenerator.cpp:
1618         (JSC::Label::setLocation):
1619         (JSC::Label::bind):
1620         (JSC::BytecodeGenerator::generate):
1621         (JSC::BytecodeGenerator::BytecodeGenerator):
1622         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
1623         (JSC::BytecodeGenerator::emitEnter):
1624         (JSC::BytecodeGenerator::emitLoopHint):
1625         (JSC::BytecodeGenerator::emitJump):
1626         (JSC::BytecodeGenerator::emitCheckTraps):
1627         (JSC::BytecodeGenerator::rewind):
1628         (JSC::BytecodeGenerator::fuseCompareAndJump):
1629         (JSC::BytecodeGenerator::fuseTestAndJmp):
1630         (JSC::BytecodeGenerator::emitJumpIfTrue):
1631         (JSC::BytecodeGenerator::emitJumpIfFalse):
1632         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1633         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1634         (JSC::BytecodeGenerator::moveLinkTimeConstant):
1635         (JSC::BytecodeGenerator::moveEmptyValue):
1636         (JSC::BytecodeGenerator::emitMove):
1637         (JSC::BytecodeGenerator::emitUnaryOp):
1638         (JSC::BytecodeGenerator::emitBinaryOp):
1639         (JSC::BytecodeGenerator::emitToObject):
1640         (JSC::BytecodeGenerator::emitToNumber):
1641         (JSC::BytecodeGenerator::emitToString):
1642         (JSC::BytecodeGenerator::emitTypeOf):
1643         (JSC::BytecodeGenerator::emitInc):
1644         (JSC::BytecodeGenerator::emitDec):
1645         (JSC::BytecodeGenerator::emitEqualityOp):
1646         (JSC::BytecodeGenerator::emitProfileType):
1647         (JSC::BytecodeGenerator::emitProfileControlFlow):
1648         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1649         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
1650         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1651         (JSC::BytecodeGenerator::emitOverridesHasInstance):
1652         (JSC::BytecodeGenerator::emitResolveScope):
1653         (JSC::BytecodeGenerator::emitGetFromScope):
1654         (JSC::BytecodeGenerator::emitPutToScope):
1655         (JSC::BytecodeGenerator::emitInstanceOf):
1656         (JSC::BytecodeGenerator::emitInstanceOfCustom):
1657         (JSC::BytecodeGenerator::emitInByVal):
1658         (JSC::BytecodeGenerator::emitInById):
1659         (JSC::BytecodeGenerator::emitTryGetById):
1660         (JSC::BytecodeGenerator::emitGetById):
1661         (JSC::BytecodeGenerator::emitDirectGetById):
1662         (JSC::BytecodeGenerator::emitPutById):
1663         (JSC::BytecodeGenerator::emitDirectPutById):
1664         (JSC::BytecodeGenerator::emitPutGetterById):
1665         (JSC::BytecodeGenerator::emitPutSetterById):
1666         (JSC::BytecodeGenerator::emitPutGetterSetter):
1667         (JSC::BytecodeGenerator::emitPutGetterByVal):
1668         (JSC::BytecodeGenerator::emitPutSetterByVal):
1669         (JSC::BytecodeGenerator::emitDeleteById):
1670         (JSC::BytecodeGenerator::emitGetByVal):
1671         (JSC::BytecodeGenerator::emitPutByVal):
1672         (JSC::BytecodeGenerator::emitDirectPutByVal):
1673         (JSC::BytecodeGenerator::emitDeleteByVal):
1674         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
1675         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
1676         (JSC::BytecodeGenerator::emitIdWithProfile):
1677         (JSC::BytecodeGenerator::emitUnreachable):
1678         (JSC::BytecodeGenerator::emitGetArgument):
1679         (JSC::BytecodeGenerator::emitCreateThis):
1680         (JSC::BytecodeGenerator::emitTDZCheck):
1681         (JSC::BytecodeGenerator::emitNewObject):
1682         (JSC::BytecodeGenerator::emitNewArrayBuffer):
1683         (JSC::BytecodeGenerator::emitNewArray):
1684         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
1685         (JSC::BytecodeGenerator::emitNewArrayWithSize):
1686         (JSC::BytecodeGenerator::emitNewRegExp):
1687         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1688         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
1689         (JSC::BytecodeGenerator::emitNewFunction):
1690         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
1691         (JSC::BytecodeGenerator::emitCall):
1692         (JSC::BytecodeGenerator::emitCallInTailPosition):
1693         (JSC::BytecodeGenerator::emitCallEval):
1694         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
1695         (JSC::BytecodeGenerator::emitCallVarargs):
1696         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
1697         (JSC::BytecodeGenerator::emitConstructVarargs):
1698         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
1699         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
1700         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
1701         (JSC::BytecodeGenerator::emitCallDefineProperty):
1702         (JSC::BytecodeGenerator::emitReturn):
1703         (JSC::BytecodeGenerator::emitEnd):
1704         (JSC::BytecodeGenerator::emitConstruct):
1705         (JSC::BytecodeGenerator::emitStrcat):
1706         (JSC::BytecodeGenerator::emitToPrimitive):
1707         (JSC::BytecodeGenerator::emitGetScope):
1708         (JSC::BytecodeGenerator::emitPushWithScope):
1709         (JSC::BytecodeGenerator::emitGetParentScope):
1710         (JSC::BytecodeGenerator::emitDebugHook):
1711         (JSC::BytecodeGenerator::emitCatch):
1712         (JSC::BytecodeGenerator::emitThrow):
1713         (JSC::BytecodeGenerator::emitArgumentCount):
1714         (JSC::BytecodeGenerator::emitThrowStaticError):
1715         (JSC::BytecodeGenerator::beginSwitch):
1716         (JSC::prepareJumpTableForSwitch):
1717         (JSC::prepareJumpTableForStringSwitch):
1718         (JSC::BytecodeGenerator::endSwitch):
1719         (JSC::BytecodeGenerator::emitGetEnumerableLength):
1720         (JSC::BytecodeGenerator::emitHasGenericProperty):
1721         (JSC::BytecodeGenerator::emitHasIndexedProperty):
1722         (JSC::BytecodeGenerator::emitHasStructureProperty):
1723         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
1724         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
1725         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
1726         (JSC::BytecodeGenerator::emitToIndexString):
1727         (JSC::BytecodeGenerator::emitIsCellWithType):
1728         (JSC::BytecodeGenerator::emitIsObject):
1729         (JSC::BytecodeGenerator::emitIsNumber):
1730         (JSC::BytecodeGenerator::emitIsUndefined):
1731         (JSC::BytecodeGenerator::emitIsEmpty):
1732         (JSC::BytecodeGenerator::emitRestParameter):
1733         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1734         (JSC::BytecodeGenerator::emitYieldPoint):
1735         (JSC::BytecodeGenerator::emitYield):
1736         (JSC::BytecodeGenerator::emitGetAsyncIterator):
1737         (JSC::BytecodeGenerator::emitDelegateYield):
1738         (JSC::BytecodeGenerator::emitFinallyCompletion):
1739         (JSC::BytecodeGenerator::emitJumpIf):
1740         (JSC::ForInContext::finalize):
1741         (JSC::StructureForInContext::finalize):
1742         (JSC::IndexedForInContext::finalize):
1743         (JSC::StaticPropertyAnalysis::record):
1744         (JSC::BytecodeGenerator::emitToThis):
1745         * bytecompiler/BytecodeGenerator.h:
1746         (JSC::StructureForInContext::addGetInst):
1747         (JSC::BytecodeGenerator::recordOpcode):
1748         (JSC::BytecodeGenerator::addMetadataFor):
1749         (JSC::BytecodeGenerator::emitUnaryOp):
1750         (JSC::BytecodeGenerator::kill):
1751         (JSC::BytecodeGenerator::instructions const):
1752         (JSC::BytecodeGenerator::write):
1753         (JSC::BytecodeGenerator::withWriter):
1754         * bytecompiler/Label.h:
1755         (JSC::Label::Label):
1756         (JSC::Label::bind):
1757         * bytecompiler/NodesCodegen.cpp:
1758         (JSC::ArrayNode::emitBytecode):
1759         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
1760         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1761         (JSC::BitwiseNotNode::emitBytecode):
1762         (JSC::BinaryOpNode::emitBytecode):
1763         (JSC::EqualNode::emitBytecode):
1764         (JSC::StrictEqualNode::emitBytecode):
1765         (JSC::emitReadModifyAssignment):
1766         (JSC::ForInNode::emitBytecode):
1767         (JSC::CaseBlockNode::emitBytecodeForBlock):
1768         (JSC::FunctionNode::emitBytecode):
1769         (JSC::ClassExprNode::emitBytecode):
1770         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
1771         (WTF::printInternal):
1772         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1773         * bytecompiler/RegisterID.h:
1774         * bytecompiler/StaticPropertyAnalysis.h:
1775         (JSC::StaticPropertyAnalysis::create):
1776         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
1777         * bytecompiler/StaticPropertyAnalyzer.h:
1778         (JSC::StaticPropertyAnalyzer::createThis):
1779         (JSC::StaticPropertyAnalyzer::newObject):
1780         (JSC::StaticPropertyAnalyzer::putById):
1781         (JSC::StaticPropertyAnalyzer::mov):
1782         (JSC::StaticPropertyAnalyzer::kill):
1783         * dfg/DFGByteCodeParser.cpp:
1784         (JSC::DFG::ByteCodeParser::addCall):
1785         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1786         (JSC::DFG::ByteCodeParser::getArrayMode):
1787         (JSC::DFG::ByteCodeParser::handleCall):
1788         (JSC::DFG::ByteCodeParser::handleVarargsCall):
1789         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
1790         (JSC::DFG::ByteCodeParser::inlineCall):
1791         (JSC::DFG::ByteCodeParser::handleCallVariant):
1792         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
1793         (JSC::DFG::ByteCodeParser::handleInlining):
1794         (JSC::DFG::ByteCodeParser::handleMinMax):
1795         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1796         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
1797         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
1798         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
1799         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
1800         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
1801         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1802         (JSC::DFG::ByteCodeParser::handleGetById):
1803         (JSC::DFG::ByteCodeParser::handlePutById):
1804         (JSC::DFG::ByteCodeParser::parseGetById):
1805         (JSC::DFG::ByteCodeParser::parseBlock):
1806         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1807         (JSC::DFG::ByteCodeParser::handlePutByVal):
1808         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
1809         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
1810         (JSC::DFG::ByteCodeParser::handleNewFunc):
1811         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
1812         (JSC::DFG::ByteCodeParser::parse):
1813         * dfg/DFGCapabilities.cpp:
1814         (JSC::DFG::capabilityLevel):
1815         * dfg/DFGCapabilities.h:
1816         (JSC::DFG::capabilityLevel):
1817         * dfg/DFGOSREntry.cpp:
1818         (JSC::DFG::prepareCatchOSREntry):
1819         * dfg/DFGSpeculativeJIT.cpp:
1820         (JSC::DFG::SpeculativeJIT::compileValueAdd):
1821         (JSC::DFG::SpeculativeJIT::compileValueSub):
1822         (JSC::DFG::SpeculativeJIT::compileValueNegate):
1823         (JSC::DFG::SpeculativeJIT::compileArithMul):
1824         * ftl/FTLLowerDFGToB3.cpp:
1825         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
1826         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
1827         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
1828         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
1829         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
1830         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
1831         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
1832         * ftl/FTLOperations.cpp:
1833         (JSC::FTL::operationMaterializeObjectInOSR):
1834         * generate-bytecode-files: Removed.
1835         * generator/Argument.rb: Added.
1836         * generator/Assertion.rb: Added.
1837         * generator/DSL.rb: Added.
1838         * generator/Fits.rb: Added.
1839         * generator/GeneratedFile.rb: Added.
1840         * generator/Metadata.rb: Added.
1841         * generator/Opcode.rb: Added.
1842         * generator/OpcodeGroup.rb: Added.
1843         * generator/Options.rb: Added.
1844         * generator/Section.rb: Added.
1845         * generator/Template.rb: Added.
1846         * generator/Type.rb: Added.
1847         * generator/main.rb: Added.
1848         * interpreter/AbstractPC.h:
1849         * interpreter/CallFrame.cpp:
1850         (JSC::CallFrame::currentVPC const):
1851         (JSC::CallFrame::setCurrentVPC):
1852         * interpreter/CallFrame.h:
1853         (JSC::CallSiteIndex::CallSiteIndex):
1854         (JSC::ExecState::setReturnPC):
1855         * interpreter/Interpreter.cpp:
1856         (WTF::printInternal):
1857         * interpreter/Interpreter.h:
1858         * interpreter/InterpreterInlines.h:
1859         * interpreter/StackVisitor.cpp:
1860         (JSC::StackVisitor::Frame::dump const):
1861         * interpreter/VMEntryRecord.h:
1862         * jit/JIT.cpp:
1863         (JSC::JIT::JIT):
1864         (JSC::JIT::emitSlowCaseCall):
1865         (JSC::JIT::privateCompileMainPass):
1866         (JSC::JIT::privateCompileSlowCases):
1867         (JSC::JIT::compileWithoutLinking):
1868         (JSC::JIT::link):
1869         * jit/JIT.h:
1870         * jit/JITArithmetic.cpp:
1871         (JSC::JIT::emit_op_jless):
1872         (JSC::JIT::emit_op_jlesseq):
1873         (JSC::JIT::emit_op_jgreater):
1874         (JSC::JIT::emit_op_jgreatereq):
1875         (JSC::JIT::emit_op_jnless):
1876         (JSC::JIT::emit_op_jnlesseq):
1877         (JSC::JIT::emit_op_jngreater):
1878         (JSC::JIT::emit_op_jngreatereq):
1879         (JSC::JIT::emitSlow_op_jless):
1880         (JSC::JIT::emitSlow_op_jlesseq):
1881         (JSC::JIT::emitSlow_op_jgreater):
1882         (JSC::JIT::emitSlow_op_jgreatereq):
1883         (JSC::JIT::emitSlow_op_jnless):
1884         (JSC::JIT::emitSlow_op_jnlesseq):
1885         (JSC::JIT::emitSlow_op_jngreater):
1886         (JSC::JIT::emitSlow_op_jngreatereq):
1887         (JSC::JIT::emit_op_below):
1888         (JSC::JIT::emit_op_beloweq):
1889         (JSC::JIT::emit_op_jbelow):
1890         (JSC::JIT::emit_op_jbeloweq):
1891         (JSC::JIT::emit_op_unsigned):
1892         (JSC::JIT::emit_compareAndJump):
1893         (JSC::JIT::emit_compareUnsignedAndJump):
1894         (JSC::JIT::emit_compareUnsigned):
1895         (JSC::JIT::emit_compareAndJumpSlow):
1896         (JSC::JIT::emit_op_inc):
1897         (JSC::JIT::emit_op_dec):
1898         (JSC::JIT::emit_op_mod):
1899         (JSC::JIT::emitSlow_op_mod):
1900         (JSC::JIT::emit_op_negate):
1901         (JSC::JIT::emitSlow_op_negate):
1902         (JSC::JIT::emitBitBinaryOpFastPath):
1903         (JSC::JIT::emit_op_bitand):
1904         (JSC::JIT::emit_op_bitor):
1905         (JSC::JIT::emit_op_bitxor):
1906         (JSC::JIT::emit_op_lshift):
1907         (JSC::JIT::emitRightShiftFastPath):
1908         (JSC::JIT::emit_op_rshift):
1909         (JSC::JIT::emit_op_urshift):
1910         (JSC::getOperandTypes):
1911         (JSC::JIT::emit_op_add):
1912         (JSC::JIT::emitSlow_op_add):
1913         (JSC::JIT::emitMathICFast):
1914         (JSC::JIT::emitMathICSlow):
1915         (JSC::JIT::emit_op_div):
1916         (JSC::JIT::emit_op_mul):
1917         (JSC::JIT::emitSlow_op_mul):
1918         (JSC::JIT::emit_op_sub):
1919         (JSC::JIT::emitSlow_op_sub):
1920         * jit/JITCall.cpp:
1921         (JSC::JIT::emitPutCallResult):
1922         (JSC::JIT::compileSetupFrame):
1923         (JSC::JIT::compileCallEval):
1924         (JSC::JIT::compileCallEvalSlowCase):
1925         (JSC::JIT::compileTailCall):
1926         (JSC::JIT::compileOpCall):
1927         (JSC::JIT::compileOpCallSlowCase):
1928         (JSC::JIT::emit_op_call):
1929         (JSC::JIT::emit_op_tail_call):
1930         (JSC::JIT::emit_op_call_eval):
1931         (JSC::JIT::emit_op_call_varargs):
1932         (JSC::JIT::emit_op_tail_call_varargs):
1933         (JSC::JIT::emit_op_tail_call_forward_arguments):
1934         (JSC::JIT::emit_op_construct_varargs):
1935         (JSC::JIT::emit_op_construct):
1936         (JSC::JIT::emitSlow_op_call):
1937         (JSC::JIT::emitSlow_op_tail_call):
1938         (JSC::JIT::emitSlow_op_call_eval):
1939         (JSC::JIT::emitSlow_op_call_varargs):
1940         (JSC::JIT::emitSlow_op_tail_call_varargs):
1941         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
1942         (JSC::JIT::emitSlow_op_construct_varargs):
1943         (JSC::JIT::emitSlow_op_construct):
1944         * jit/JITDisassembler.cpp:
1945         (JSC::JITDisassembler::JITDisassembler):
1946         * jit/JITExceptions.cpp:
1947         (JSC::genericUnwind):
1948         * jit/JITInlines.h:
1949         (JSC::JIT::emitDoubleGetByVal):
1950         (JSC::JIT::emitLoadForArrayMode):
1951         (JSC::JIT::emitContiguousGetByVal):
1952         (JSC::JIT::emitArrayStorageGetByVal):
1953         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1954         (JSC::JIT::sampleInstruction):
1955         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
1956         (JSC::JIT::emitValueProfilingSite):
1957         (JSC::JIT::jumpTarget):
1958         (JSC::JIT::copiedGetPutInfo):
1959         (JSC::JIT::copiedArithProfile):
1960         * jit/JITMathIC.h:
1961         (JSC::isProfileEmpty):
1962         (JSC::JITBinaryMathIC::JITBinaryMathIC):
1963         (JSC::JITUnaryMathIC::JITUnaryMathIC):
1964         * jit/JITOpcodes.cpp:
1965         (JSC::JIT::emit_op_mov):
1966         (JSC::JIT::emit_op_end):
1967         (JSC::JIT::emit_op_jmp):
1968         (JSC::JIT::emit_op_new_object):
1969         (JSC::JIT::emitSlow_op_new_object):
1970         (JSC::JIT::emit_op_overrides_has_instance):
1971         (JSC::JIT::emit_op_instanceof):
1972         (JSC::JIT::emitSlow_op_instanceof):
1973         (JSC::JIT::emit_op_instanceof_custom):
1974         (JSC::JIT::emit_op_is_empty):
1975         (JSC::JIT::emit_op_is_undefined):
1976         (JSC::JIT::emit_op_is_boolean):
1977         (JSC::JIT::emit_op_is_number):
1978         (JSC::JIT::emit_op_is_cell_with_type):
1979         (JSC::JIT::emit_op_is_object):
1980         (JSC::JIT::emit_op_ret):
1981         (JSC::JIT::emit_op_to_primitive):
1982         (JSC::JIT::emit_op_set_function_name):
1983         (JSC::JIT::emit_op_not):
1984         (JSC::JIT::emit_op_jfalse):
1985         (JSC::JIT::emit_op_jeq_null):
1986         (JSC::JIT::emit_op_jneq_null):
1987         (JSC::JIT::emit_op_jneq_ptr):
1988         (JSC::JIT::emit_op_eq):
1989         (JSC::JIT::emit_op_jeq):
1990         (JSC::JIT::emit_op_jtrue):
1991         (JSC::JIT::emit_op_neq):
1992         (JSC::JIT::emit_op_jneq):
1993         (JSC::JIT::emit_op_throw):
1994         (JSC::JIT::compileOpStrictEq):
1995         (JSC::JIT::emit_op_stricteq):
1996         (JSC::JIT::emit_op_nstricteq):
1997         (JSC::JIT::compileOpStrictEqJump):
1998         (JSC::JIT::emit_op_jstricteq):
1999         (JSC::JIT::emit_op_jnstricteq):
2000         (JSC::JIT::emitSlow_op_jstricteq):
2001         (JSC::JIT::emitSlow_op_jnstricteq):
2002         (JSC::JIT::emit_op_to_number):
2003         (JSC::JIT::emit_op_to_string):
2004         (JSC::JIT::emit_op_to_object):
2005         (JSC::JIT::emit_op_catch):
2006         (JSC::JIT::emit_op_identity_with_profile):
2007         (JSC::JIT::emit_op_get_parent_scope):
2008         (JSC::JIT::emit_op_switch_imm):
2009         (JSC::JIT::emit_op_switch_char):
2010         (JSC::JIT::emit_op_switch_string):
2011         (JSC::JIT::emit_op_debug):
2012         (JSC::JIT::emit_op_eq_null):
2013         (JSC::JIT::emit_op_neq_null):
2014         (JSC::JIT::emit_op_enter):
2015         (JSC::JIT::emit_op_get_scope):
2016         (JSC::JIT::emit_op_to_this):
2017         (JSC::JIT::emit_op_create_this):
2018         (JSC::JIT::emit_op_check_tdz):
2019         (JSC::JIT::emitSlow_op_eq):
2020         (JSC::JIT::emitSlow_op_neq):
2021         (JSC::JIT::emitSlow_op_jeq):
2022         (JSC::JIT::emitSlow_op_jneq):
2023         (JSC::JIT::emitSlow_op_instanceof_custom):
2024         (JSC::JIT::emit_op_loop_hint):
2025         (JSC::JIT::emitSlow_op_loop_hint):
2026         (JSC::JIT::emit_op_check_traps):
2027         (JSC::JIT::emit_op_nop):
2028         (JSC::JIT::emit_op_super_sampler_begin):
2029         (JSC::JIT::emit_op_super_sampler_end):
2030         (JSC::JIT::emitSlow_op_check_traps):
2031         (JSC::JIT::emit_op_new_regexp):
2032         (JSC::JIT::emitNewFuncCommon):
2033         (JSC::JIT::emit_op_new_func):
2034         (JSC::JIT::emit_op_new_generator_func):
2035         (JSC::JIT::emit_op_new_async_generator_func):
2036         (JSC::JIT::emit_op_new_async_func):
2037         (JSC::JIT::emitNewFuncExprCommon):
2038         (JSC::JIT::emit_op_new_func_exp):
2039         (JSC::JIT::emit_op_new_generator_func_exp):
2040         (JSC::JIT::emit_op_new_async_func_exp):
2041         (JSC::JIT::emit_op_new_async_generator_func_exp):
2042         (JSC::JIT::emit_op_new_array):
2043         (JSC::JIT::emit_op_new_array_with_size):
2044         (JSC::JIT::emit_op_has_structure_property):
2045         (JSC::JIT::privateCompileHasIndexedProperty):
2046         (JSC::JIT::emit_op_has_indexed_property):
2047         (JSC::JIT::emitSlow_op_has_indexed_property):
2048         (JSC::JIT::emit_op_get_direct_pname):
2049         (JSC::JIT::emit_op_enumerator_structure_pname):
2050         (JSC::JIT::emit_op_enumerator_generic_pname):
2051         (JSC::JIT::emit_op_profile_type):
2052         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2053         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2054         (JSC::JIT::emit_op_profile_control_flow):
2055         (JSC::JIT::emit_op_argument_count):
2056         (JSC::JIT::emit_op_get_rest_length):
2057         (JSC::JIT::emit_op_get_argument):
2058         * jit/JITOpcodes32_64.cpp:
2059         (JSC::JIT::emit_op_to_this):
2060         * jit/JITOperations.cpp:
2061         * jit/JITOperations.h:
2062         * jit/JITPropertyAccess.cpp:
2063         (JSC::JIT::emit_op_get_by_val):
2064         (JSC::JIT::emitGetByValWithCachedId):
2065         (JSC::JIT::emitSlow_op_get_by_val):
2066         (JSC::JIT::emit_op_put_by_val_direct):
2067         (JSC::JIT::emit_op_put_by_val):
2068         (JSC::JIT::emitGenericContiguousPutByVal):
2069         (JSC::JIT::emitArrayStoragePutByVal):
2070         (JSC::JIT::emitPutByValWithCachedId):
2071         (JSC::JIT::emitSlow_op_put_by_val):
2072         (JSC::JIT::emit_op_put_getter_by_id):
2073         (JSC::JIT::emit_op_put_setter_by_id):
2074         (JSC::JIT::emit_op_put_getter_setter_by_id):
2075         (JSC::JIT::emit_op_put_getter_by_val):
2076         (JSC::JIT::emit_op_put_setter_by_val):
2077         (JSC::JIT::emit_op_del_by_id):
2078         (JSC::JIT::emit_op_del_by_val):
2079         (JSC::JIT::emit_op_try_get_by_id):
2080         (JSC::JIT::emitSlow_op_try_get_by_id):
2081         (JSC::JIT::emit_op_get_by_id_direct):
2082         (JSC::JIT::emitSlow_op_get_by_id_direct):
2083         (JSC::JIT::emit_op_get_by_id):
2084         (JSC::JIT::emit_op_get_by_id_with_this):
2085         (JSC::JIT::emitSlow_op_get_by_id):
2086         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2087         (JSC::JIT::emit_op_put_by_id):
2088         (JSC::JIT::emitSlow_op_put_by_id):
2089         (JSC::JIT::emit_op_in_by_id):
2090         (JSC::JIT::emitSlow_op_in_by_id):
2091         (JSC::JIT::emit_op_resolve_scope):
2092         (JSC::JIT::emit_op_get_from_scope):
2093         (JSC::JIT::emitSlow_op_get_from_scope):
2094         (JSC::JIT::emit_op_put_to_scope):
2095         (JSC::JIT::emitSlow_op_put_to_scope):
2096         (JSC::JIT::emit_op_get_from_arguments):
2097         (JSC::JIT::emit_op_put_to_arguments):
2098         (JSC::JIT::privateCompileGetByVal):
2099         (JSC::JIT::privateCompileGetByValWithCachedId):
2100         (JSC::JIT::privateCompilePutByVal):
2101         (JSC::JIT::privateCompilePutByValWithCachedId):
2102         (JSC::JIT::emitDoubleLoad):
2103         (JSC::JIT::emitContiguousLoad):
2104         (JSC::JIT::emitArrayStorageLoad):
2105         (JSC::JIT::emitDirectArgumentsGetByVal):
2106         (JSC::JIT::emitScopedArgumentsGetByVal):
2107         (JSC::JIT::emitIntTypedArrayGetByVal):
2108         (JSC::JIT::emitFloatTypedArrayGetByVal):
2109         (JSC::JIT::emitIntTypedArrayPutByVal):
2110         (JSC::JIT::emitFloatTypedArrayPutByVal):
2111         * jit/RegisterSet.cpp:
2112         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2113         * jit/SlowPathCall.h:
2114         (JSC::JITSlowPathCall::JITSlowPathCall):
2115         * llint/LLIntData.cpp:
2116         (JSC::LLInt::initialize):
2117         (JSC::LLInt::Data::performAssertions):
2118         * llint/LLIntData.h:
2119         (JSC::LLInt::exceptionInstructions):
2120         (JSC::LLInt::opcodeMap):
2121         (JSC::LLInt::opcodeMapWide):
2122         (JSC::LLInt::getOpcode):
2123         (JSC::LLInt::getOpcodeWide):
2124         (JSC::LLInt::getWideCodePtr):
2125         * llint/LLIntOffsetsExtractor.cpp:
2126         * llint/LLIntSlowPaths.cpp:
2127         (JSC::LLInt::llint_trace_operand):
2128         (JSC::LLInt::llint_trace_value):
2129         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2130         (JSC::LLInt::entryOSR):
2131         (JSC::LLInt::setupGetByIdPrototypeCache):
2132         (JSC::LLInt::getByVal):
2133         (JSC::LLInt::handleHostCall):
2134         (JSC::LLInt::setUpCall):
2135         (JSC::LLInt::genericCall):
2136         (JSC::LLInt::varargsSetup):
2137         (JSC::LLInt::commonCallEval):
2138         * llint/LLIntSlowPaths.h:
2139         * llint/LowLevelInterpreter.asm:
2140         * llint/LowLevelInterpreter.cpp:
2141         (JSC::CLoopRegister::operator const Instruction*):
2142         (JSC::CLoop::execute):
2143         * llint/LowLevelInterpreter32_64.asm:
2144         * llint/LowLevelInterpreter64.asm:
2145         * offlineasm/arm64.rb:
2146         * offlineasm/asm.rb:
2147         * offlineasm/ast.rb:
2148         * offlineasm/cloop.rb:
2149         * offlineasm/generate_offset_extractor.rb:
2150         * offlineasm/instructions.rb:
2151         * offlineasm/offsets.rb:
2152         * offlineasm/parser.rb:
2153         * offlineasm/transform.rb:
2154         * offlineasm/x86.rb:
2155         * parser/ResultType.h:
2156         (JSC::ResultType::dump const):
2157         (JSC::OperandTypes::first const):
2158         (JSC::OperandTypes::second const):
2159         (JSC::OperandTypes::dump const):
2160         * profiler/ProfilerBytecodeSequence.cpp:
2161         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
2162         * runtime/CommonSlowPaths.cpp:
2163         (JSC::SLOW_PATH_DECL):
2164         (JSC::updateArithProfileForUnaryArithOp):
2165         (JSC::updateArithProfileForBinaryArithOp):
2166         * runtime/CommonSlowPaths.h:
2167         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
2168         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
2169         * runtime/ExceptionFuzz.cpp:
2170         (JSC::doExceptionFuzzing):
2171         * runtime/ExceptionFuzz.h:
2172         (JSC::doExceptionFuzzingIfEnabled):
2173         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2174         (JSC::GetPutInfo::dump const):
2175         (WTF::printInternal):
2176         * runtime/GetPutInfo.h:
2177         (JSC::GetPutInfo::operand const):
2178         * runtime/JSCPoison.h:
2179         * runtime/JSType.cpp: Added.
2180         (WTF::printInternal):
2181         * runtime/JSType.h:
2182         * runtime/SamplingProfiler.cpp:
2183         (JSC::SamplingProfiler::StackFrame::displayName):
2184         * runtime/SamplingProfiler.h:
2185         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
2186         * runtime/SlowPathReturnType.h:
2187         (JSC::encodeResult):
2188         (JSC::decodeResult):
2189         * runtime/VM.h:
2190         * runtime/Watchdog.h:
2191         * tools/HeapVerifier.cpp:
2192
2193 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2194
2195         Unreviewed, partial rolling in r237254
2196         https://bugs.webkit.org/show_bug.cgi?id=190340
2197
2198         We do not use the added function right now to investigate what is the reason of the regression.
2199         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
2200         seems culprit of the regression on iOS devices.
2201
2202         * bytecode/UnlinkedFunctionExecutable.cpp:
2203         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2204         * bytecode/UnlinkedFunctionExecutable.h:
2205         * parser/SourceCodeKey.h:
2206         (JSC::SourceCodeKey::SourceCodeKey):
2207         (JSC::SourceCodeKey::operator== const):
2208         * runtime/CodeCache.cpp:
2209         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2210         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2211         * runtime/CodeCache.h:
2212         * runtime/FunctionConstructor.cpp:
2213         (JSC::constructFunctionSkippingEvalEnabledCheck):
2214         * runtime/FunctionExecutable.cpp:
2215         (JSC::FunctionExecutable::fromGlobalCode):
2216         * runtime/FunctionExecutable.h:
2217
2218 2018-10-26  Commit Queue  <commit-queue@webkit.org>
2219
2220         Unreviewed, rolling out r237479 and r237484.
2221         https://bugs.webkit.org/show_bug.cgi?id=190978
2222
2223         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
2224
2225         Reverted changesets:
2226
2227         "New bytecode format for JSC"
2228         https://bugs.webkit.org/show_bug.cgi?id=187373
2229         https://trac.webkit.org/changeset/237479
2230
2231         "Gardening: Build fix after r237479."
2232         https://bugs.webkit.org/show_bug.cgi?id=187373
2233         https://trac.webkit.org/changeset/237484
2234
2235 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
2236
2237         Gardening: Build fix after r237479.
2238         https://bugs.webkit.org/show_bug.cgi?id=187373
2239
2240         Unreviewed.
2241
2242         * Configurations/JSC.xcconfig:
2243         * JavaScriptCore.xcodeproj/project.pbxproj:
2244         * llint/LLIntData.cpp:
2245         (JSC::LLInt::initialize):
2246
2247 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
2248
2249         New bytecode format for JSC
2250         https://bugs.webkit.org/show_bug.cgi?id=187373
2251         <rdar://problem/44186758>
2252
2253         Reviewed by Filip Pizlo.
2254
2255         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
2256         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
2257         operands) and might contain an extra operand, the metadataID. The metadataID is used to
2258         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
2259
2260         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
2261         and types to all its operands. Additionally, reading a bytecode from the instruction stream
2262         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
2263         operands directly from the stream.
2264
2265
2266         * CMakeLists.txt:
2267         * DerivedSources.make:
2268         * JavaScriptCore.xcodeproj/project.pbxproj:
2269         * Sources.txt:
2270         * assembler/MacroAssemblerCodeRef.h:
2271         (JSC::ReturnAddressPtr::ReturnAddressPtr):
2272         (JSC::ReturnAddressPtr::value const):
2273         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
2274         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
2275         * bytecode/ArithProfile.h:
2276         (JSC::ArithProfile::ArithProfile):
2277         * bytecode/ArrayAllocationProfile.h:
2278         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
2279         * bytecode/ArrayProfile.h:
2280         * bytecode/BytecodeBasicBlock.cpp:
2281         (JSC::isJumpTarget):
2282         (JSC::BytecodeBasicBlock::computeImpl):
2283         (JSC::BytecodeBasicBlock::compute):
2284         * bytecode/BytecodeBasicBlock.h:
2285         (JSC::BytecodeBasicBlock::leaderOffset const):
2286         (JSC::BytecodeBasicBlock::totalLength const):
2287         (JSC::BytecodeBasicBlock::offsets const):
2288         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
2289         (JSC::BytecodeBasicBlock::addLength):
2290         * bytecode/BytecodeDumper.cpp:
2291         (JSC::BytecodeDumper<Block>::printLocationAndOp):
2292         (JSC::BytecodeDumper<Block>::dumpBytecode):
2293         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2294         (JSC::BytecodeDumper<Block>::dumpConstants):
2295         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2296         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2297         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2298         (JSC::BytecodeDumper<Block>::dumpBlock):
2299         * bytecode/BytecodeDumper.h:
2300         (JSC::BytecodeDumper::dumpOperand):
2301         (JSC::BytecodeDumper::dumpValue):
2302         (JSC::BytecodeDumper::BytecodeDumper):
2303         (JSC::BytecodeDumper::block const):
2304         * bytecode/BytecodeGeneratorification.cpp:
2305         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2306         (JSC::BytecodeGeneratorification::enterPoint const):
2307         (JSC::BytecodeGeneratorification::instructions const):
2308         (JSC::GeneratorLivenessAnalysis::run):
2309         (JSC::BytecodeGeneratorification::run):
2310         (JSC::performGeneratorification):
2311         * bytecode/BytecodeGeneratorification.h:
2312         * bytecode/BytecodeGraph.h:
2313         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
2314         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
2315         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
2316         (JSC::BytecodeGraph::BytecodeGraph):
2317         * bytecode/BytecodeKills.h:
2318         * bytecode/BytecodeList.json: Removed.
2319         * bytecode/BytecodeList.rb: Added.
2320         * bytecode/BytecodeLivenessAnalysis.cpp:
2321         (JSC::BytecodeLivenessAnalysis::dumpResults):
2322         * bytecode/BytecodeLivenessAnalysis.h:
2323         * bytecode/BytecodeLivenessAnalysisInlines.h:
2324         (JSC::isValidRegisterForLiveness):
2325         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
2326         * bytecode/BytecodeRewriter.cpp:
2327         (JSC::BytecodeRewriter::applyModification):
2328         (JSC::BytecodeRewriter::execute):
2329         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
2330         (JSC::BytecodeRewriter::insertImpl):
2331         (JSC::BytecodeRewriter::adjustJumpTarget):
2332         (JSC::BytecodeRewriter::adjustJumpTargets):
2333         * bytecode/BytecodeRewriter.h:
2334         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
2335         (JSC::BytecodeRewriter::Fragment::Fragment):
2336         (JSC::BytecodeRewriter::Fragment::appendInstruction):
2337         (JSC::BytecodeRewriter::BytecodeRewriter):
2338         (JSC::BytecodeRewriter::insertFragmentBefore):
2339         (JSC::BytecodeRewriter::insertFragmentAfter):
2340         (JSC::BytecodeRewriter::removeBytecode):
2341         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
2342         (JSC::BytecodeRewriter::adjustJumpTarget):
2343         * bytecode/BytecodeUseDef.h:
2344         (JSC::computeUsesForBytecodeOffset):
2345         (JSC::computeDefsForBytecodeOffset):
2346         * bytecode/CallLinkStatus.cpp:
2347         (JSC::CallLinkStatus::computeFromLLInt):
2348         * bytecode/CodeBlock.cpp:
2349         (JSC::CodeBlock::dumpBytecode):
2350         (JSC::CodeBlock::CodeBlock):
2351         (JSC::CodeBlock::finishCreation):
2352         (JSC::CodeBlock::estimatedSize):
2353         (JSC::CodeBlock::visitChildren):
2354         (JSC::CodeBlock::propagateTransitions):
2355         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2356         (JSC::CodeBlock::addJITAddIC):
2357         (JSC::CodeBlock::addJITMulIC):
2358         (JSC::CodeBlock::addJITSubIC):
2359         (JSC::CodeBlock::addJITNegIC):
2360         (JSC::CodeBlock::stronglyVisitStrongReferences):
2361         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
2362         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
2363         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2364         (JSC::CodeBlock::getArrayProfile):
2365         (JSC::CodeBlock::updateAllArrayPredictions):
2366         (JSC::CodeBlock::predictedMachineCodeSize):
2367         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
2368         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2369         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2370         (JSC::CodeBlock::validate):
2371         (JSC::CodeBlock::outOfLineJumpOffset):
2372         (JSC::CodeBlock::outOfLineJumpTarget):
2373         (JSC::CodeBlock::arithProfileForBytecodeOffset):
2374         (JSC::CodeBlock::arithProfileForPC):
2375         (JSC::CodeBlock::couldTakeSpecialFastCase):
2376         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2377         * bytecode/CodeBlock.h:
2378         (JSC::CodeBlock::addMathIC):
2379         (JSC::CodeBlock::outOfLineJumpOffset):
2380         (JSC::CodeBlock::bytecodeOffset):
2381         (JSC::CodeBlock::instructions const):
2382         (JSC::CodeBlock::instructionCount const):
2383         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2384         (JSC::CodeBlock::metadata):
2385         (JSC::CodeBlock::metadataSizeInBytes):
2386         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
2387         (JSC::CodeBlock::totalNumberOfValueProfiles):
2388         * bytecode/CodeBlockInlines.h: Added.
2389         (JSC::CodeBlock::forEachValueProfile):
2390         (JSC::CodeBlock::forEachArrayProfile):
2391         (JSC::CodeBlock::forEachArrayAllocationProfile):
2392         (JSC::CodeBlock::forEachObjectAllocationProfile):
2393         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2394         * bytecode/Fits.h: Added.
2395         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2396         * bytecode/GetByIdStatus.cpp:
2397         (JSC::GetByIdStatus::computeFromLLInt):
2398         * bytecode/Instruction.h:
2399         (JSC::Instruction::Instruction):
2400         (JSC::Instruction::Impl::opcodeID const):
2401         (JSC::Instruction::opcodeID const):
2402         (JSC::Instruction::name const):
2403         (JSC::Instruction::isWide const):
2404         (JSC::Instruction::size const):
2405         (JSC::Instruction::is const):
2406         (JSC::Instruction::as const):
2407         (JSC::Instruction::cast):
2408         (JSC::Instruction::cast const):
2409         (JSC::Instruction::narrow const):
2410         (JSC::Instruction::wide const):
2411         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2412         (JSC::InstructionStream::InstructionStream):
2413         (JSC::InstructionStream::sizeInBytes const):
2414         * bytecode/InstructionStream.h: Added.
2415         (JSC::InstructionStream::BaseRef::BaseRef):
2416         (JSC::InstructionStream::BaseRef::operator=):
2417         (JSC::InstructionStream::BaseRef::operator-> const):
2418         (JSC::InstructionStream::BaseRef::ptr const):
2419         (JSC::InstructionStream::BaseRef::operator!= const):
2420         (JSC::InstructionStream::BaseRef::next const):
2421         (JSC::InstructionStream::BaseRef::offset const):
2422         (JSC::InstructionStream::BaseRef::isValid const):
2423         (JSC::InstructionStream::BaseRef::unwrap const):
2424         (JSC::InstructionStream::MutableRef::freeze const):
2425         (JSC::InstructionStream::MutableRef::operator->):
2426         (JSC::InstructionStream::MutableRef::ptr):
2427         (JSC::InstructionStream::MutableRef::operator Ref):
2428         (JSC::InstructionStream::MutableRef::unwrap):
2429         (JSC::InstructionStream::iterator::operator*):
2430         (JSC::InstructionStream::iterator::operator++):
2431         (JSC::InstructionStream::begin const):
2432         (JSC::InstructionStream::end const):
2433         (JSC::InstructionStream::at const):
2434         (JSC::InstructionStream::size const):
2435         (JSC::InstructionStreamWriter::InstructionStreamWriter):
2436         (JSC::InstructionStreamWriter::ref):
2437         (JSC::InstructionStreamWriter::seek):
2438         (JSC::InstructionStreamWriter::position):
2439         (JSC::InstructionStreamWriter::write):
2440         (JSC::InstructionStreamWriter::rewind):
2441         (JSC::InstructionStreamWriter::finalize):
2442         (JSC::InstructionStreamWriter::swap):
2443         (JSC::InstructionStreamWriter::iterator::operator*):
2444         (JSC::InstructionStreamWriter::iterator::operator++):
2445         (JSC::InstructionStreamWriter::begin):
2446         (JSC::InstructionStreamWriter::end):
2447         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
2448         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
2449         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
2450         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
2451         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
2452         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2453         (JSC::MetadataTable::MetadataTable):
2454         (JSC::DeallocTable::withOpcodeType):
2455         (JSC::MetadataTable::~MetadataTable):
2456         (JSC::MetadataTable::sizeInBytes):
2457         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
2458         (JSC::MetadataTable::get):
2459         (JSC::MetadataTable::forEach):
2460         (JSC::MetadataTable::getImpl):
2461         * bytecode/Opcode.cpp:
2462         (JSC::metadataSize):
2463         * bytecode/Opcode.h:
2464         (JSC::padOpcodeName):
2465         * bytecode/OpcodeInlines.h:
2466         (JSC::isOpcodeShape):
2467         (JSC::getOpcodeType):
2468         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2469         * bytecode/PreciseJumpTargets.cpp:
2470         (JSC::getJumpTargetsForInstruction):
2471         (JSC::computePreciseJumpTargetsInternal):
2472         (JSC::computePreciseJumpTargets):
2473         (JSC::recomputePreciseJumpTargets):
2474         (JSC::findJumpTargetsForInstruction):
2475         * bytecode/PreciseJumpTargets.h:
2476         * bytecode/PreciseJumpTargetsInlines.h:
2477         (JSC::jumpTargetForInstruction):
2478         (JSC::extractStoredJumpTargetsForInstruction):
2479         (JSC::updateStoredJumpTargetsForInstruction):
2480         * bytecode/PutByIdStatus.cpp:
2481         (JSC::PutByIdStatus::computeFromLLInt):
2482         * bytecode/SpecialPointer.cpp:
2483         (WTF::printInternal):
2484         * bytecode/SpecialPointer.h:
2485         * bytecode/UnlinkedCodeBlock.cpp:
2486         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2487         (JSC::UnlinkedCodeBlock::visitChildren):
2488         (JSC::UnlinkedCodeBlock::estimatedSize):
2489         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
2490         (JSC::dumpLineColumnEntry):
2491         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
2492         (JSC::UnlinkedCodeBlock::setInstructions):
2493         (JSC::UnlinkedCodeBlock::instructions const):
2494         (JSC::UnlinkedCodeBlock::applyModification):
2495         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
2496         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2497         * bytecode/UnlinkedCodeBlock.h:
2498         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
2499         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
2500         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
2501         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
2502         (JSC::UnlinkedCodeBlock::metadata):
2503         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
2504         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2505         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
2506         * bytecode/UnlinkedInstructionStream.cpp: Removed.
2507         * bytecode/UnlinkedInstructionStream.h: Removed.
2508         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2509         * bytecode/UnlinkedMetadataTableInlines.h: Added.
2510         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
2511         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
2512         (JSC::UnlinkedMetadataTable::addEntry):
2513         (JSC::UnlinkedMetadataTable::sizeInBytes):
2514         (JSC::UnlinkedMetadataTable::finalize):
2515         (JSC::UnlinkedMetadataTable::link):
2516         (JSC::UnlinkedMetadataTable::unlink):
2517         * bytecode/VirtualRegister.cpp:
2518         (JSC::VirtualRegister::VirtualRegister):
2519         * bytecode/VirtualRegister.h:
2520         * bytecompiler/BytecodeGenerator.cpp:
2521         (JSC::Label::setLocation):
2522         (JSC::Label::bind):
2523         (JSC::BytecodeGenerator::generate):
2524         (JSC::BytecodeGenerator::BytecodeGenerator):
2525         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2526         (JSC::BytecodeGenerator::emitEnter):
2527         (JSC::BytecodeGenerator::emitLoopHint):
2528         (JSC::BytecodeGenerator::emitJump):
2529         (JSC::BytecodeGenerator::emitCheckTraps):
2530         (JSC::BytecodeGenerator::rewind):
2531         (JSC::BytecodeGenerator::fuseCompareAndJump):
2532         (JSC::BytecodeGenerator::fuseTestAndJmp):
2533         (JSC::BytecodeGenerator::emitJumpIfTrue):
2534         (JSC::BytecodeGenerator::emitJumpIfFalse):
2535         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2536         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2537         (JSC::BytecodeGenerator::moveLinkTimeConstant):
2538         (JSC::BytecodeGenerator::moveEmptyValue):
2539         (JSC::BytecodeGenerator::emitMove):
2540         (JSC::BytecodeGenerator::emitUnaryOp):
2541         (JSC::BytecodeGenerator::emitBinaryOp):
2542         (JSC::BytecodeGenerator::emitToObject):
2543         (JSC::BytecodeGenerator::emitToNumber):
2544         (JSC::BytecodeGenerator::emitToString):
2545         (JSC::BytecodeGenerator::emitTypeOf):
2546         (JSC::BytecodeGenerator::emitInc):
2547         (JSC::BytecodeGenerator::emitDec):
2548         (JSC::BytecodeGenerator::emitEqualityOp):
2549         (JSC::BytecodeGenerator::emitProfileType):
2550         (JSC::BytecodeGenerator::emitProfileControlFlow):
2551         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2552         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
2553         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
2554         (JSC::BytecodeGenerator::emitOverridesHasInstance):
2555         (JSC::BytecodeGenerator::emitResolveScope):
2556         (JSC::BytecodeGenerator::emitGetFromScope):
2557         (JSC::BytecodeGenerator::emitPutToScope):
2558         (JSC::BytecodeGenerator::emitInstanceOf):
2559         (JSC::BytecodeGenerator::emitInstanceOfCustom):
2560         (JSC::BytecodeGenerator::emitInByVal):
2561         (JSC::BytecodeGenerator::emitInById):
2562         (JSC::BytecodeGenerator::emitTryGetById):
2563         (JSC::BytecodeGenerator::emitGetById):
2564         (JSC::BytecodeGenerator::emitDirectGetById):
2565         (JSC::BytecodeGenerator::emitPutById):
2566         (JSC::BytecodeGenerator::emitDirectPutById):
2567         (JSC::BytecodeGenerator::emitPutGetterById):
2568         (JSC::BytecodeGenerator::emitPutSetterById):
2569         (JSC::BytecodeGenerator::emitPutGetterSetter):
2570         (JSC::BytecodeGenerator::emitPutGetterByVal):
2571         (JSC::BytecodeGenerator::emitPutSetterByVal):
2572         (JSC::BytecodeGenerator::emitDeleteById):
2573         (JSC::BytecodeGenerator::emitGetByVal):
2574         (JSC::BytecodeGenerator::emitPutByVal):
2575         (JSC::BytecodeGenerator::emitDirectPutByVal):
2576         (JSC::BytecodeGenerator::emitDeleteByVal):
2577         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
2578         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
2579         (JSC::BytecodeGenerator::emitIdWithProfile):
2580         (JSC::BytecodeGenerator::emitUnreachable):
2581         (JSC::BytecodeGenerator::emitGetArgument):
2582         (JSC::BytecodeGenerator::emitCreateThis):
2583         (JSC::BytecodeGenerator::emitTDZCheck):
2584         (JSC::BytecodeGenerator::emitNewObject):
2585         (JSC::BytecodeGenerator::emitNewArrayBuffer):
2586         (JSC::BytecodeGenerator::emitNewArray):
2587         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
2588         (JSC::BytecodeGenerator::emitNewArrayWithSize):
2589         (JSC::BytecodeGenerator::emitNewRegExp):
2590         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
2591         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
2592         (JSC::BytecodeGenerator::emitNewFunction):
2593         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
2594         (JSC::BytecodeGenerator::emitCall):
2595         (JSC::BytecodeGenerator::emitCallInTailPosition):
2596         (JSC::BytecodeGenerator::emitCallEval):
2597         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2598         (JSC::BytecodeGenerator::emitCallVarargs):
2599         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
2600         (JSC::BytecodeGenerator::emitConstructVarargs):
2601         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
2602         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
2603         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
2604         (JSC::BytecodeGenerator::emitCallDefineProperty):
2605         (JSC::BytecodeGenerator::emitReturn):
2606         (JSC::BytecodeGenerator::emitEnd):
2607         (JSC::BytecodeGenerator::emitConstruct):
2608         (JSC::BytecodeGenerator::emitStrcat):
2609         (JSC::BytecodeGenerator::emitToPrimitive):
2610         (JSC::BytecodeGenerator::emitGetScope):
2611         (JSC::BytecodeGenerator::emitPushWithScope):
2612         (JSC::BytecodeGenerator::emitGetParentScope):
2613         (JSC::BytecodeGenerator::emitDebugHook):
2614         (JSC::BytecodeGenerator::emitCatch):
2615         (JSC::BytecodeGenerator::emitThrow):
2616         (JSC::BytecodeGenerator::emitArgumentCount):
2617         (JSC::BytecodeGenerator::emitThrowStaticError):
2618         (JSC::BytecodeGenerator::beginSwitch):
2619         (JSC::prepareJumpTableForSwitch):
2620         (JSC::prepareJumpTableForStringSwitch):
2621         (JSC::BytecodeGenerator::endSwitch):
2622         (JSC::BytecodeGenerator::emitGetEnumerableLength):
2623         (JSC::BytecodeGenerator::emitHasGenericProperty):
2624         (JSC::BytecodeGenerator::emitHasIndexedProperty):
2625         (JSC::BytecodeGenerator::emitHasStructureProperty):
2626         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
2627         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
2628         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
2629         (JSC::BytecodeGenerator::emitToIndexString):
2630         (JSC::BytecodeGenerator::emitIsCellWithType):
2631         (JSC::BytecodeGenerator::emitIsObject):
2632         (JSC::BytecodeGenerator::emitIsNumber):
2633         (JSC::BytecodeGenerator::emitIsUndefined):
2634         (JSC::BytecodeGenerator::emitIsEmpty):
2635         (JSC::BytecodeGenerator::emitRestParameter):
2636         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2637         (JSC::BytecodeGenerator::emitYieldPoint):
2638         (JSC::BytecodeGenerator::emitYield):
2639         (JSC::BytecodeGenerator::emitGetAsyncIterator):
2640         (JSC::BytecodeGenerator::emitDelegateYield):
2641         (JSC::BytecodeGenerator::emitFinallyCompletion):
2642         (JSC::BytecodeGenerator::emitJumpIf):
2643         (JSC::ForInContext::finalize):
2644         (JSC::StructureForInContext::finalize):
2645         (JSC::IndexedForInContext::finalize):
2646         (JSC::StaticPropertyAnalysis::record):
2647         (JSC::BytecodeGenerator::emitToThis):
2648         * bytecompiler/BytecodeGenerator.h:
2649         (JSC::StructureForInContext::addGetInst):
2650         (JSC::BytecodeGenerator::recordOpcode):
2651         (JSC::BytecodeGenerator::addMetadataFor):
2652         (JSC::BytecodeGenerator::emitUnaryOp):
2653         (JSC::BytecodeGenerator::kill):
2654         (JSC::BytecodeGenerator::instructions const):
2655         (JSC::BytecodeGenerator::write):
2656         (JSC::BytecodeGenerator::withWriter):
2657         * bytecompiler/Label.h:
2658         (JSC::Label::Label):
2659         (JSC::Label::bind):
2660         * bytecompiler/NodesCodegen.cpp:
2661         (JSC::ArrayNode::emitBytecode):
2662         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
2663         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2664         (JSC::BitwiseNotNode::emitBytecode):
2665         (JSC::BinaryOpNode::emitBytecode):
2666         (JSC::EqualNode::emitBytecode):
2667         (JSC::StrictEqualNode::emitBytecode):
2668         (JSC::emitReadModifyAssignment):
2669         (JSC::ForInNode::emitBytecode):
2670         (JSC::CaseBlockNode::emitBytecodeForBlock):
2671         (JSC::FunctionNode::emitBytecode):
2672         (JSC::ClassExprNode::emitBytecode):
2673         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
2674         (WTF::printInternal):
2675         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2676         * bytecompiler/RegisterID.h:
2677         * bytecompiler/StaticPropertyAnalysis.h:
2678         (JSC::StaticPropertyAnalysis::create):
2679         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
2680         * bytecompiler/StaticPropertyAnalyzer.h:
2681         (JSC::StaticPropertyAnalyzer::createThis):
2682         (JSC::StaticPropertyAnalyzer::newObject):
2683         (JSC::StaticPropertyAnalyzer::putById):
2684         (JSC::StaticPropertyAnalyzer::mov):
2685         (JSC::StaticPropertyAnalyzer::kill):
2686         * dfg/DFGByteCodeParser.cpp:
2687         (JSC::DFG::ByteCodeParser::addCall):
2688         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2689         (JSC::DFG::ByteCodeParser::getArrayMode):
2690         (JSC::DFG::ByteCodeParser::handleCall):
2691         (JSC::DFG::ByteCodeParser::handleVarargsCall):
2692         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
2693         (JSC::DFG::ByteCodeParser::inlineCall):
2694         (JSC::DFG::ByteCodeParser::handleCallVariant):
2695         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
2696         (JSC::DFG::ByteCodeParser::handleInlining):
2697         (JSC::DFG::ByteCodeParser::handleMinMax):
2698         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
2699         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
2700         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
2701         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
2702         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
2703         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
2704         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2705         (JSC::DFG::ByteCodeParser::handleGetById):
2706         (JSC::DFG::ByteCodeParser::handlePutById):
2707         (JSC::DFG::ByteCodeParser::parseGetById):
2708         (JSC::DFG::ByteCodeParser::parseBlock):
2709         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2710         (JSC::DFG::ByteCodeParser::handlePutByVal):
2711         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
2712         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
2713         (JSC::DFG::ByteCodeParser::handleNewFunc):
2714         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
2715         (JSC::DFG::ByteCodeParser::parse):
2716         * dfg/DFGCapabilities.cpp:
2717         (JSC::DFG::capabilityLevel):
2718         * dfg/DFGCapabilities.h:
2719         (JSC::DFG::capabilityLevel):
2720         * dfg/DFGOSREntry.cpp:
2721         (JSC::DFG::prepareCatchOSREntry):
2722         * dfg/DFGSpeculativeJIT.cpp:
2723         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2724         (JSC::DFG::SpeculativeJIT::compileValueSub):
2725         (JSC::DFG::SpeculativeJIT::compileValueNegate):
2726         (JSC::DFG::SpeculativeJIT::compileArithMul):
2727         * ftl/FTLLowerDFGToB3.cpp:
2728         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2729         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2730         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
2731         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
2732         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
2733         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
2734         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
2735         * ftl/FTLOperations.cpp:
2736         (JSC::FTL::operationMaterializeObjectInOSR):
2737         * generate-bytecode-files: Removed.
2738         * generator/Argument.rb: Added.
2739         * generator/Assertion.rb: Added.
2740         * generator/DSL.rb: Added.
2741         * generator/Fits.rb: Added.
2742         * generator/GeneratedFile.rb: Added.
2743         * generator/Metadata.rb: Added.
2744         * generator/Opcode.rb: Added.
2745         * generator/OpcodeGroup.rb: Added.
2746         * generator/Options.rb: Added.
2747         * generator/Section.rb: Added.
2748         * generator/Template.rb: Added.
2749         * generator/Type.rb: Added.
2750         * generator/main.rb: Added.
2751         * interpreter/AbstractPC.h:
2752         * interpreter/CallFrame.cpp:
2753         (JSC::CallFrame::currentVPC const):
2754         (JSC::CallFrame::setCurrentVPC):
2755         * interpreter/CallFrame.h:
2756         (JSC::CallSiteIndex::CallSiteIndex):
2757         (JSC::ExecState::setReturnPC):
2758         * interpreter/Interpreter.cpp:
2759         (WTF::printInternal):
2760         * interpreter/Interpreter.h:
2761         * interpreter/InterpreterInlines.h:
2762         * interpreter/StackVisitor.cpp:
2763         (JSC::StackVisitor::Frame::dump const):
2764         * interpreter/VMEntryRecord.h:
2765         * jit/JIT.cpp:
2766         (JSC::JIT::JIT):
2767         (JSC::JIT::emitSlowCaseCall):
2768         (JSC::JIT::privateCompileMainPass):
2769         (JSC::JIT::privateCompileSlowCases):
2770         (JSC::JIT::compileWithoutLinking):
2771         (JSC::JIT::link):
2772         * jit/JIT.h:
2773         * jit/JITArithmetic.cpp:
2774         (JSC::JIT::emit_op_jless):
2775         (JSC::JIT::emit_op_jlesseq):
2776         (JSC::JIT::emit_op_jgreater):
2777         (JSC::JIT::emit_op_jgreatereq):
2778         (JSC::JIT::emit_op_jnless):
2779         (JSC::JIT::emit_op_jnlesseq):
2780         (JSC::JIT::emit_op_jngreater):
2781         (JSC::JIT::emit_op_jngreatereq):
2782         (JSC::JIT::emitSlow_op_jless):
2783         (JSC::JIT::emitSlow_op_jlesseq):
2784         (JSC::JIT::emitSlow_op_jgreater):
2785         (JSC::JIT::emitSlow_op_jgreatereq):
2786         (JSC::JIT::emitSlow_op_jnless):
2787         (JSC::JIT::emitSlow_op_jnlesseq):
2788         (JSC::JIT::emitSlow_op_jngreater):
2789         (JSC::JIT::emitSlow_op_jngreatereq):
2790         (JSC::JIT::emit_op_below):
2791         (JSC::JIT::emit_op_beloweq):
2792         (JSC::JIT::emit_op_jbelow):
2793         (JSC::JIT::emit_op_jbeloweq):
2794         (JSC::JIT::emit_op_unsigned):
2795         (JSC::JIT::emit_compareAndJump):
2796         (JSC::JIT::emit_compareUnsignedAndJump):
2797         (JSC::JIT::emit_compareUnsigned):
2798         (JSC::JIT::emit_compareAndJumpSlow):
2799         (JSC::JIT::emit_op_inc):
2800         (JSC::JIT::emit_op_dec):
2801         (JSC::JIT::emit_op_mod):
2802         (JSC::JIT::emitSlow_op_mod):
2803         (JSC::JIT::emit_op_negate):
2804         (JSC::JIT::emitSlow_op_negate):
2805         (JSC::JIT::emitBitBinaryOpFastPath):
2806         (JSC::JIT::emit_op_bitand):
2807         (JSC::JIT::emit_op_bitor):
2808         (JSC::JIT::emit_op_bitxor):
2809         (JSC::JIT::emit_op_lshift):
2810         (JSC::JIT::emitRightShiftFastPath):
2811         (JSC::JIT::emit_op_rshift):
2812         (JSC::JIT::emit_op_urshift):
2813         (JSC::getOperandTypes):
2814         (JSC::JIT::emit_op_add):
2815         (JSC::JIT::emitSlow_op_add):
2816         (JSC::JIT::emitMathICFast):
2817         (JSC::JIT::emitMathICSlow):
2818         (JSC::JIT::emit_op_div):
2819         (JSC::JIT::emit_op_mul):
2820         (JSC::JIT::emitSlow_op_mul):
2821         (JSC::JIT::emit_op_sub):
2822         (JSC::JIT::emitSlow_op_sub):
2823         * jit/JITCall.cpp:
2824         (JSC::JIT::emitPutCallResult):
2825         (JSC::JIT::compileSetupFrame):
2826         (JSC::JIT::compileCallEval):
2827         (JSC::JIT::compileCallEvalSlowCase):
2828         (JSC::JIT::compileTailCall):
2829         (JSC::JIT::compileOpCall):
2830         (JSC::JIT::compileOpCallSlowCase):
2831         (JSC::JIT::emit_op_call):
2832         (JSC::JIT::emit_op_tail_call):
2833         (JSC::JIT::emit_op_call_eval):
2834         (JSC::JIT::emit_op_call_varargs):
2835         (JSC::JIT::emit_op_tail_call_varargs):
2836         (JSC::JIT::emit_op_tail_call_forward_arguments):
2837         (JSC::JIT::emit_op_construct_varargs):
2838         (JSC::JIT::emit_op_construct):
2839         (JSC::JIT::emitSlow_op_call):
2840         (JSC::JIT::emitSlow_op_tail_call):
2841         (JSC::JIT::emitSlow_op_call_eval):
2842         (JSC::JIT::emitSlow_op_call_varargs):
2843         (JSC::JIT::emitSlow_op_tail_call_varargs):
2844         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
2845         (JSC::JIT::emitSlow_op_construct_varargs):
2846         (JSC::JIT::emitSlow_op_construct):
2847         * jit/JITDisassembler.cpp:
2848         (JSC::JITDisassembler::JITDisassembler):
2849         * jit/JITExceptions.cpp:
2850         (JSC::genericUnwind):
2851         * jit/JITInlines.h:
2852         (JSC::JIT::emitDoubleGetByVal):
2853         (JSC::JIT::emitLoadForArrayMode):
2854         (JSC::JIT::emitContiguousGetByVal):
2855         (JSC::JIT::emitArrayStorageGetByVal):
2856         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2857         (JSC::JIT::sampleInstruction):
2858         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
2859         (JSC::JIT::emitValueProfilingSite):
2860         (JSC::JIT::jumpTarget):
2861         (JSC::JIT::copiedGetPutInfo):
2862         (JSC::JIT::copiedArithProfile):
2863         * jit/JITMathIC.h:
2864         (JSC::isProfileEmpty):
2865         (JSC::JITBinaryMathIC::JITBinaryMathIC):
2866         (JSC::JITUnaryMathIC::JITUnaryMathIC):
2867         * jit/JITOpcodes.cpp:
2868         (JSC::JIT::emit_op_mov):
2869         (JSC::JIT::emit_op_end):
2870         (JSC::JIT::emit_op_jmp):
2871         (JSC::JIT::emit_op_new_object):
2872         (JSC::JIT::emitSlow_op_new_object):
2873         (JSC::JIT::emit_op_overrides_has_instance):
2874         (JSC::JIT::emit_op_instanceof):
2875         (JSC::JIT::emitSlow_op_instanceof):
2876         (JSC::JIT::emit_op_instanceof_custom):
2877         (JSC::JIT::emit_op_is_empty):
2878         (JSC::JIT::emit_op_is_undefined):
2879         (JSC::JIT::emit_op_is_boolean):
2880         (JSC::JIT::emit_op_is_number):
2881         (JSC::JIT::emit_op_is_cell_with_type):
2882         (JSC::JIT::emit_op_is_object):
2883         (JSC::JIT::emit_op_ret):
2884         (JSC::JIT::emit_op_to_primitive):
2885         (JSC::JIT::emit_op_set_function_name):
2886         (JSC::JIT::emit_op_not):
2887         (JSC::JIT::emit_op_jfalse):
2888         (JSC::JIT::emit_op_jeq_null):
2889         (JSC::JIT::emit_op_jneq_null):
2890         (JSC::JIT::emit_op_jneq_ptr):
2891         (JSC::JIT::emit_op_eq):
2892         (JSC::JIT::emit_op_jeq):
2893         (JSC::JIT::emit_op_jtrue):
2894         (JSC::JIT::emit_op_neq):
2895         (JSC::JIT::emit_op_jneq):
2896         (JSC::JIT::emit_op_throw):
2897         (JSC::JIT::compileOpStrictEq):
2898         (JSC::JIT::emit_op_stricteq):
2899         (JSC::JIT::emit_op_nstricteq):
2900         (JSC::JIT::compileOpStrictEqJump):
2901         (JSC::JIT::emit_op_jstricteq):
2902         (JSC::JIT::emit_op_jnstricteq):
2903         (JSC::JIT::emitSlow_op_jstricteq):
2904         (JSC::JIT::emitSlow_op_jnstricteq):
2905         (JSC::JIT::emit_op_to_number):
2906         (JSC::JIT::emit_op_to_string):
2907         (JSC::JIT::emit_op_to_object):
2908         (JSC::JIT::emit_op_catch):
2909         (JSC::JIT::emit_op_identity_with_profile):
2910         (JSC::JIT::emit_op_get_parent_scope):
2911         (JSC::JIT::emit_op_switch_imm):
2912         (JSC::JIT::emit_op_switch_char):
2913         (JSC::JIT::emit_op_switch_string):
2914         (JSC::JIT::emit_op_debug):
2915         (JSC::JIT::emit_op_eq_null):
2916         (JSC::JIT::emit_op_neq_null):
2917         (JSC::JIT::emit_op_enter):
2918         (JSC::JIT::emit_op_get_scope):
2919         (JSC::JIT::emit_op_to_this):
2920         (JSC::JIT::emit_op_create_this):
2921         (JSC::JIT::emit_op_check_tdz):
2922         (JSC::JIT::emitSlow_op_eq):
2923         (JSC::JIT::emitSlow_op_neq):
2924         (JSC::JIT::emitSlow_op_jeq):
2925         (JSC::JIT::emitSlow_op_jneq):
2926         (JSC::JIT::emitSlow_op_instanceof_custom):
2927         (JSC::JIT::emit_op_loop_hint):
2928         (JSC::JIT::emitSlow_op_loop_hint):
2929         (JSC::JIT::emit_op_check_traps):
2930         (JSC::JIT::emit_op_nop):
2931         (JSC::JIT::emit_op_super_sampler_begin):
2932         (JSC::JIT::emit_op_super_sampler_end):
2933         (JSC::JIT::emitSlow_op_check_traps):
2934         (JSC::JIT::emit_op_new_regexp):
2935         (JSC::JIT::emitNewFuncCommon):
2936         (JSC::JIT::emit_op_new_func):
2937         (JSC::JIT::emit_op_new_generator_func):
2938         (JSC::JIT::emit_op_new_async_generator_func):
2939         (JSC::JIT::emit_op_new_async_func):
2940         (JSC::JIT::emitNewFuncExprCommon):
2941         (JSC::JIT::emit_op_new_func_exp):
2942         (JSC::JIT::emit_op_new_generator_func_exp):
2943         (JSC::JIT::emit_op_new_async_func_exp):
2944         (JSC::JIT::emit_op_new_async_generator_func_exp):
2945         (JSC::JIT::emit_op_new_array):
2946         (JSC::JIT::emit_op_new_array_with_size):
2947         (JSC::JIT::emit_op_has_structure_property):
2948         (JSC::JIT::privateCompileHasIndexedProperty):
2949         (JSC::JIT::emit_op_has_indexed_property):
2950         (JSC::JIT::emitSlow_op_has_indexed_property):
2951         (JSC::JIT::emit_op_get_direct_pname):
2952         (JSC::JIT::emit_op_enumerator_structure_pname):
2953         (JSC::JIT::emit_op_enumerator_generic_pname):
2954         (JSC::JIT::emit_op_profile_type):
2955         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2956         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2957         (JSC::JIT::emit_op_profile_control_flow):
2958         (JSC::JIT::emit_op_argument_count):
2959         (JSC::JIT::emit_op_get_rest_length):
2960         (JSC::JIT::emit_op_get_argument):
2961         * jit/JITOpcodes32_64.cpp:
2962         (JSC::JIT::emit_op_to_this):
2963         * jit/JITOperations.cpp:
2964         * jit/JITOperations.h:
2965         * jit/JITPropertyAccess.cpp:
2966         (JSC::JIT::emit_op_get_by_val):
2967         (JSC::JIT::emitGetByValWithCachedId):
2968         (JSC::JIT::emitSlow_op_get_by_val):
2969         (JSC::JIT::emit_op_put_by_val_direct):
2970         (JSC::JIT::emit_op_put_by_val):
2971         (JSC::JIT::emitGenericContiguousPutByVal):
2972         (JSC::JIT::emitArrayStoragePutByVal):
2973         (JSC::JIT::emitPutByValWithCachedId):
2974         (JSC::JIT::emitSlow_op_put_by_val):
2975         (JSC::JIT::emit_op_put_getter_by_id):
2976         (JSC::JIT::emit_op_put_setter_by_id):
2977         (JSC::JIT::emit_op_put_getter_setter_by_id):
2978         (JSC::JIT::emit_op_put_getter_by_val):
2979         (JSC::JIT::emit_op_put_setter_by_val):
2980         (JSC::JIT::emit_op_del_by_id):
2981         (JSC::JIT::emit_op_del_by_val):
2982         (JSC::JIT::emit_op_try_get_by_id):
2983         (JSC::JIT::emitSlow_op_try_get_by_id):
2984         (JSC::JIT::emit_op_get_by_id_direct):
2985         (JSC::JIT::emitSlow_op_get_by_id_direct):
2986         (JSC::JIT::emit_op_get_by_id):
2987         (JSC::JIT::emit_op_get_by_id_with_this):
2988         (JSC::JIT::emitSlow_op_get_by_id):
2989         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2990         (JSC::JIT::emit_op_put_by_id):
2991         (JSC::JIT::emitSlow_op_put_by_id):
2992         (JSC::JIT::emit_op_in_by_id):
2993         (JSC::JIT::emitSlow_op_in_by_id):
2994         (JSC::JIT::emit_op_resolve_scope):
2995         (JSC::JIT::emit_op_get_from_scope):
2996         (JSC::JIT::emitSlow_op_get_from_scope):
2997         (JSC::JIT::emit_op_put_to_scope):
2998         (JSC::JIT::emitSlow_op_put_to_scope):
2999         (JSC::JIT::emit_op_get_from_arguments):
3000         (JSC::JIT::emit_op_put_to_arguments):
3001         (JSC::JIT::privateCompileGetByVal):
3002         (JSC::JIT::privateCompileGetByValWithCachedId):
3003         (JSC::JIT::privateCompilePutByVal):
3004         (JSC::JIT::privateCompilePutByValWithCachedId):
3005         (JSC::JIT::emitDoubleLoad):
3006         (JSC::JIT::emitContiguousLoad):
3007         (JSC::JIT::emitArrayStorageLoad):
3008         (JSC::JIT::emitDirectArgumentsGetByVal):
3009         (JSC::JIT::emitScopedArgumentsGetByVal):
3010         (JSC::JIT::emitIntTypedArrayGetByVal):
3011         (JSC::JIT::emitFloatTypedArrayGetByVal):
3012         (JSC::JIT::emitIntTypedArrayPutByVal):
3013         (JSC::JIT::emitFloatTypedArrayPutByVal):
3014         * jit/RegisterSet.cpp:
3015         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
3016         * jit/SlowPathCall.h:
3017         (JSC::JITSlowPathCall::JITSlowPathCall):
3018         * llint/LLIntData.cpp:
3019         (JSC::LLInt::initialize):
3020         (JSC::LLInt::Data::performAssertions):
3021         * llint/LLIntData.h:
3022         (JSC::LLInt::exceptionInstructions):
3023         (JSC::LLInt::opcodeMap):
3024         (JSC::LLInt::opcodeMapWide):
3025         (JSC::LLInt::getOpcode):
3026         (JSC::LLInt::getOpcodeWide):
3027         (JSC::LLInt::getWideCodePtr):
3028         * llint/LLIntOffsetsExtractor.cpp:
3029         * llint/LLIntSlowPaths.cpp:
3030         (JSC::LLInt::llint_trace_operand):
3031         (JSC::LLInt::llint_trace_value):
3032         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3033         (JSC::LLInt::entryOSR):
3034         (JSC::LLInt::setupGetByIdPrototypeCache):
3035         (JSC::LLInt::getByVal):
3036         (JSC::LLInt::handleHostCall):
3037         (JSC::LLInt::setUpCall):
3038         (JSC::LLInt::genericCall):
3039         (JSC::LLInt::varargsSetup):
3040         (JSC::LLInt::commonCallEval):
3041         * llint/LLIntSlowPaths.h:
3042         * llint/LowLevelInterpreter.asm:
3043         * llint/LowLevelInterpreter.cpp:
3044         (JSC::CLoopRegister::operator const Instruction*):
3045         (JSC::CLoop::execute):
3046         * llint/LowLevelInterpreter32_64.asm:
3047         * llint/LowLevelInterpreter64.asm:
3048         * offlineasm/arm64.rb:
3049         * offlineasm/asm.rb:
3050         * offlineasm/ast.rb:
3051         * offlineasm/cloop.rb:
3052         * offlineasm/generate_offset_extractor.rb:
3053         * offlineasm/instructions.rb:
3054         * offlineasm/offsets.rb:
3055         * offlineasm/parser.rb:
3056         * offlineasm/transform.rb:
3057         * offlineasm/x86.rb:
3058         * parser/ResultType.h:
3059         (JSC::ResultType::dump const):
3060         (JSC::OperandTypes::first const):
3061         (JSC::OperandTypes::second const):
3062         (JSC::OperandTypes::dump const):
3063         * profiler/ProfilerBytecodeSequence.cpp:
3064         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
3065         * runtime/CommonSlowPaths.cpp:
3066         (JSC::SLOW_PATH_DECL):
3067         (JSC::updateArithProfileForUnaryArithOp):
3068         (JSC::updateArithProfileForBinaryArithOp):
3069         * runtime/CommonSlowPaths.h:
3070         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
3071         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
3072         * runtime/ExceptionFuzz.cpp:
3073         (JSC::doExceptionFuzzing):
3074         * runtime/ExceptionFuzz.h:
3075         (JSC::doExceptionFuzzingIfEnabled):
3076         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3077         (JSC::GetPutInfo::dump const):
3078         (WTF::printInternal):
3079         * runtime/GetPutInfo.h:
3080         (JSC::GetPutInfo::operand const):
3081         * runtime/JSCPoison.h:
3082         * runtime/JSType.cpp: Added.
3083         (WTF::printInternal):
3084         * runtime/JSType.h:
3085         * runtime/SamplingProfiler.cpp:
3086         (JSC::SamplingProfiler::StackFrame::displayName):
3087         * runtime/SamplingProfiler.h:
3088         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
3089         * runtime/SlowPathReturnType.h:
3090         (JSC::encodeResult):
3091         (JSC::decodeResult):
3092         * runtime/VM.h:
3093         * runtime/Watchdog.h:
3094         * tools/HeapVerifier.cpp:
3095
3096 2018-10-26  Commit Queue  <commit-queue@webkit.org>
3097
3098         Unreviewed, rolling out r237445.
3099         https://bugs.webkit.org/show_bug.cgi?id=190972
3100
3101         Cause performance regression on iOS devices (Requested by
3102         yusukesuzuki on #webkit).
3103
3104         Reverted changeset:
3105
3106         "Unreviewed, partial rolling in r237254"
3107         https://bugs.webkit.org/show_bug.cgi?id=190340
3108         https://trac.webkit.org/changeset/237445
3109
3110 2018-10-26  Mark Lam  <mark.lam@apple.com>
3111
3112         Fix missing edge cases with JSGlobalObjects having a bad time.
3113         https://bugs.webkit.org/show_bug.cgi?id=189028
3114         <rdar://problem/45204939>
3115
3116         Reviewed by Saam Barati.
3117
3118         Consider the following scenario:
3119
3120             let object O1 (of global G1) have an indexing type that is not SlowPut.
3121             let global G2 have a bad time.
3122             let object O2 (of global G2) be set as the prototype of O1.
3123             let object O3 (of global G2) have indexed accessors.
3124
3125         In the existing code, if we set O3 as O2's prototype, we'll have a bug where
3126         O1 will not be made aware that that there are indexed accessors in its prototype
3127         chain.
3128
3129         In this patch, we solve this issue by introducing a new invariant:
3130
3131             A prototype chain is considered to possibly have indexed accessors if any
3132             object in the chain belongs to a global object that is having a bad time.
3133
3134         We apply this invariant as follows:
3135
3136         1. Enhance JSGlobalObject::haveABadTime() to also check if other global objects are
3137            affected by it having a bad time.  If so, it also ensures that those affected
3138            global objects have a bad time.
3139
3140            The original code for JSGlobalObject::haveABadTime() uses a ObjectsWithBrokenIndexingFinder
3141            to find all objects affected by the global object having a bad time.  We enhance
3142            ObjectsWithBrokenIndexingFinder to also check for the possibility that any global
3143            objects may be affected by other global objects having a bad time i.e.
3144
3145                 let g1 = global1
3146                 let g2 = global2
3147                 let o1 = an object in g1
3148                 let o2 = an object in g2
3149
3150                 let g1 have a bad time
3151                 g2 is affected if
3152                     o1 is in the prototype chain of o2,
3153                     and o2 may be a prototype.
3154
3155            If the ObjectsWithBrokenIndexingFinder does find the possibility of other global
3156            objects being affected, it will abort its heap scan and let haveABadTime() take
3157            a slow path to do a more complete multi global object scan.
3158
3159            The slow path works as follows:
3160
3161            1. Iterate the heap and record the graph of all global object dependencies.
3162
3163               For each global object, record the list of other global objects that are
3164               affected by it.
3165
3166            2. Compute a list of global objects that need to have a bad time using the
3167               current global object dependency graph.
3168
3169            3. For each global object in the list of affected global objects, fire their
3170               HaveABadTime watchpoint and convert all their array structures to the
3171               SlowPut alternatives.
3172
3173            4. Re-run ObjectsWithBrokenIndexingFinder to find all objects that are affected
3174               by any of the globals in the list from (2).
3175
3176         2. Enhance Structure::mayInterceptIndexedAccesses() to also return true if the
3177            structure's global object is having a bad time.
3178
3179         Note: there are 3 scenarios that we need to consider:
3180
3181             let g1 = global1
3182             let g2 = global2
3183             let o1 = an object in g1
3184             let o2 = an object in g2
3185
3186             Scenario 1: o2 is a prototype, and
3187                         g1 has a bad time after o1 is inserted into the o2's prototype chain.
3188
3189             Scenario 2: o2 is a prototype, and
3190                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
3191
3192             Scenario 3: o2 is NOT a prototype, and
3193                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
3194
3195             For scenario 1, when g1 has a bad time, we need to also make sure g2 has
3196             a bad time.  This is handled by enhancement 1 above.
3197
3198             For scenario 2, when o1 is inserted into o2's prototype chain, we need to check
3199             if o1's global object has a bad time.  If so, then we need to make sure o2's
3200             global also has a bad time (because o2 is a prototype) and convert o2's
3201             storage type to SlowPut.  This is handled by enhancement 2 above in conjunction
3202             with JSObject::setPrototypeDirect().
3203
3204             For scenario 3, when o1 is inserted into o2's prototype chain, we need to check
3205             if o1's global object has a bad time.  If so, then we only need to convert o2's
3206             storage type to SlowPut (because o2 is NOT a prototype).  This is handled by
3207             enhancement 2 above.
3208
3209         3. Also add $vm.isHavingABadTime(), $vm.createGlobalObject() to enable us to
3210            write some tests for this issue.
3211
3212         * runtime/JSGlobalObject.cpp:
3213         (JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
3214         (JSC::JSGlobalObject::haveABadTime):
3215         * runtime/JSGlobalObject.h:
3216         * runtime/JSObject.h:
3217         (JSC::JSObject::mayInterceptIndexedAccesses): Deleted.
3218         * runtime/JSObjectInlines.h:
3219         (JSC::JSObject::mayInterceptIndexedAccesses):
3220         * runtime/Structure.h:
3221         * runtime/StructureInlines.h:
3222         (JSC::Structure::mayInterceptIndexedAccesses const):
3223         * tools/JSDollarVM.cpp:
3224         (JSC::functionHaveABadTime):
3225         (JSC::functionIsHavingABadTime):
3226         (JSC::functionCreateGlobalObject):
3227         (JSC::JSDollarVM::finishCreation):
3228
3229 2018-10-26  Keith Miller  <keith_miller@apple.com>
3230
3231         JSC xcconfig should set DEFINES_MODULE
3232         https://bugs.webkit.org/show_bug.cgi?id=190952
3233
3234         Reviewed by Mark Lam.
3235
3236         This should mean that the JavaScriptCore.framework will have a module map.
3237
3238         * Configurations/JavaScriptCore.xcconfig:
3239
3240 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3241
3242         [JSC] havingABadTimeWatchpoint is not required in Array#indexOf optimization
3243         https://bugs.webkit.org/show_bug.cgi?id=190941
3244
3245         Reviewed by Saam Barati.
3246
3247         While "Rest" operation fast path requires havingABadTimeWatchpoint since it allocates
3248         JSArray, Array#{indexOf,lastIndexOf} do not require it when we use the fast path for them.
3249         This patch removes watching on havingABadTimeWatchpoint in Array#indexOf. The test causing
3250         "havingABadTime" is already included in our test suites (e.g. array-indexof-have-a-bad-time.js).
3251
3252         * dfg/DFGByteCodeParser.cpp:
3253         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3254         * runtime/JSArrayInlines.h:
3255         (JSC::JSArray::canDoFastIndexedAccess):
3256         * runtime/JSGlobalObject.h:
3257         * runtime/JSGlobalObjectInlines.h:
3258         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
3259         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable): Deleted.
3260
3261 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3262
3263         Unreviewed, partial rolling in r237254
3264         https://bugs.webkit.org/show_bug.cgi?id=190340
3265
3266         We do not use the added function right now to investigate what is the reason of the regression.
3267         If it causes the regression, it seems that Parser.cpp's inlining decision seems culprit.
3268
3269         * bytecode/UnlinkedFunctionExecutable.cpp:
3270         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3271         * bytecode/UnlinkedFunctionExecutable.h:
3272         * parser/Parser.cpp:
3273         (JSC::Parser<LexerType>::parseInner):
3274         (JSC::Parser<LexerType>::parseSingleFunction):
3275         (JSC::Parser<LexerType>::parseFunctionInfo):
3276         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3277         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
3278         * parser/Parser.h:
3279         (JSC::Parser<LexerType>::parse):
3280         (JSC::parse):
3281         (JSC::parseFunctionForFunctionConstructor):
3282         * parser/ParserModes.h:
3283         * parser/ParserTokens.h:
3284         (JSC::JSTextPosition::JSTextPosition):
3285         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
3286         * parser/SourceCodeKey.h:
3287         (JSC::SourceCodeKey::SourceCodeKey):
3288         (JSC::SourceCodeKey::operator== const):
3289         * runtime/CodeCache.cpp:
3290         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3291         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3292         * runtime/CodeCache.h:
3293         * runtime/FunctionConstructor.cpp:
3294         (JSC::constructFunctionSkippingEvalEnabledCheck):
3295         * runtime/FunctionExecutable.cpp:
3296         (JSC::FunctionExecutable::fromGlobalCode):
3297         * runtime/FunctionExecutable.h:
3298
3299 2018-10-25  Brent Fulgham  <bfulgham@apple.com>
3300
3301         Unreviewed build fix for Visual Studio 2017
3302
3303         * API/tests/testapi.c:
3304         (testMarkingConstraintsAndHeapFinalizers):
3305         (main):
3306
3307 2018-10-25  Devin Rousso  <drousso@apple.com>
3308
3309         Web Inspector: display fullscreen enter/exit events in Timelines and Network node waterfalls
3310         https://bugs.webkit.org/show_bug.cgi?id=189874
3311         <rdar://problem/44700000>
3312
3313         Reviewed by Joseph Pecoraro.
3314
3315         * inspector/protocol/DOM.json:
3316         Allow `data` to be passed to the frontend with `didFireEvent`.
3317
3318 2018-10-25  Ross Kirsling  <ross.kirsling@sony.com>
3319
3320         Cleanup: inline constexpr is redundant as constexpr implies inline
3321         https://bugs.webkit.org/show_bug.cgi?id=190819
3322
3323         Reviewed by Mark Lam.
3324
3325         * bytecode/ArrayProfile.h:
3326         (JSC::asArrayModes):
3327         * runtime/IndexingType.h:
3328         (JSC::isCopyOnWrite):
3329         * runtime/MathCommon.h:
3330         (JSC::maxSafeInteger):
3331         (JSC::minSafeInteger):
3332         * runtime/StackAlignment.h:
3333         (JSC::stackAlignmentBytes):
3334         (JSC::stackAlignmentRegisters):
3335
3336 2018-10-24  Megan Gardner  <megan_gardner@apple.com>
3337
3338         Turn on Conic Gradients
3339         https://bugs.webkit.org/show_bug.cgi?id=190810
3340
3341         Reviewed by Tim Horton.
3342
3343         * Configurations/FeatureDefines.xcconfig:
3344
3345 2018-10-24  Michael Saboff  <msaboff@apple.com>
3346
3347         Increase executable memory pool from 64MB to 128MB for ARM64
3348         https://bugs.webkit.org/show_bug.cgi?id=190453
3349
3350         Unreviewed, rolling back in r237024.
3351
3352         The original change did impact ARES-6 performance by 4-8%.  That will
3353         be investigated separately.
3354
3355 2018-10-22  Keith Rollin  <krollin@apple.com>
3356
3357         Use Location = "Relative to Build Products" rather than "Relative to Group"
3358         https://bugs.webkit.org/show_bug.cgi?id=190781
3359
3360         Reviewed by Alexey Proskuryakov.
3361
3362         Almost all Derived Files are included in Xcode projects with the
3363         Location attribute set to "Relative to Group". While this currently
3364         works, the Derived Files can no longer be found when enabling XCBuild
3365         (which has stricter requirements). Fix this by setting the Location
3366         attribute to "Relative to Build Products".
3367
3368         * JavaScriptCore.xcodeproj/project.pbxproj:
3369
3370 2018-10-22  Mark Lam  <mark.lam@apple.com>
3371
3372         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
3373         https://bugs.webkit.org/show_bug.cgi?id=190515
3374         <rdar://problem/45222379>
3375
3376         Reviewed by Saam Barati.
3377
3378         1. Fixes calls to asArrayModes() to take a structure's IndexingMode instead of
3379            IndexingType.
3380
3381         2. DFG's compileNewArrayBuffer()'s HaveABadTime case was previously using the
3382            node's indexingType (instead of indexingMode) to choose the array structure
3383            to use for creating an array buffer with.  This turns out to not be an issue
3384            because when the VM is in having a bad time, all the
3385            arrayStructureForIndexingTypeDuringAllocation structure pointers will point to
3386            the SlowPutArrayStorage structure anyway.  However, to be strictly correct,
3387            we'll fix it to use the structure for the node's indexingMode.
3388
3389         * dfg/DFGAbstractValue.cpp:
3390         (JSC::DFG::AbstractValue::set):
3391         (JSC::DFG::AbstractValue::mergeOSREntryValue):
3392         * dfg/DFGAbstractValue.h:
3393         (JSC::DFG::AbstractValue::validate const):
3394         * dfg/DFGOSRExit.cpp:
3395         (JSC::DFG::OSRExit::executeOSRExit):
3396         * dfg/DFGRegisteredStructureSet.cpp:
3397         (JSC::DFG::RegisteredStructureSet::arrayModesFromStructures const):
3398         * dfg/DFGSpeculativeJIT.cpp:
3399         (JSC::DFG::SpeculativeJIT::compileNewArrayBuffer):
3400
3401 2018-10-19  Commit Queue  <commit-queue@webkit.org>
3402
3403         Unreviewed, rolling out r237254.
3404         https://bugs.webkit.org/show_bug.cgi?id=190760
3405
3406         "It regresses JetStream 2 by 5% on some iOS devices"
3407         (Requested by saamyjoon on #webkit).
3408
3409         Reverted changeset:
3410
3411         "[JSC] JSC should have "parseFunction" to optimize Function
3412         constructor"
3413         https://bugs.webkit.org/show_bug.cgi?id=190340
3414         https://trac.webkit.org/changeset/237254
3415
3416 2018-10-19  Saam Barati  <sbarati@apple.com>
3417
3418         vmCall should check if we exit before emitting an OSR exit due to exceptions
3419         https://bugs.webkit.org/show_bug.cgi?id=190740
3420         <rdar://problem/45220139>
3421
3422         Reviewed by Mark Lam.
3423
3424         The bug we were seeing is the MovHint removal phase would
3425         eliminate a superfluous MovHint. This left a certain range
3426         of nodes in a state where they would not be able to reconstruct
3427         values for an OSR exit. This is OK, since this phase proved those
3428         nodes don't exit. However, some of these nodes may use the vmCall
3429         construct in FTLLower. vmCall used to unconditionally emit an
3430         exception check after each call. However, if such a call happens
3431         in the range of nodes where we can't exit, we would end up generating
3432         an invalid exit (and running with validateFTLOSRExitLiveness flag
3433         would find this issue).
3434         
3435         This patch makes vmCall check to see if the node can exit before
3436         emitting an exception check. A node not being able to exit implies
3437         that it can't exit for exceptions, therefore, by definition, it can't
3438         throw an exception.
3439
3440         * ftl/FTLLowerDFGToB3.cpp:
3441         (JSC::FTL::DFG::LowerDFGToB3::vmCall):
3442
3443 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
3444
3445         [ESNext][BigInt] Implement support for "^"
3446         https://bugs.webkit.org/show_bug.cgi?id=186235
3447
3448         Reviewed by Yusuke Suzuki.
3449
3450         This patch is introducing support for BigInt into bitwise xor
3451         operation. We are including only support into LLInt and Baseline.
3452
3453         * runtime/CommonSlowPaths.cpp:
3454         (JSC::SLOW_PATH_DECL):
3455         * runtime/JSBigInt.cpp:
3456         (JSC::JSBigInt::bitwiseXor):
3457         (JSC::JSBigInt::absoluteXor):
3458         * runtime/JSBigInt.h:
3459
3460 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
3461
3462         [BigInt] Add ValueSub into DFG
3463         https://bugs.webkit.org/show_bug.cgi?id=186176
3464
3465         Reviewed by Yusuke Suzuki.
3466
3467         We are introducing in this patch a new node called ValueSub. This node
3468         is necessary due to introduction of BigInt, making subtraction
3469         operations result in non-Number values in some cases. In such case, ValueSub is
3470         responsible to handle Untyped and BigInt operations.
3471         In addition, we are also creating a speculative path when both
3472         operands are BigInt. According to a simple BigInt subtraction microbenchmark,
3473         this represents a speedup of ~1.2x faster.
3474
3475         big-int-simple-sub    14.6427+-0.5652    ^    11.9559+-0.6485   ^   definitely 1.2247x faster
3476
3477         * dfg/DFGAbstractInterpreterInlines.h:
3478         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3479         * dfg/DFGByteCodeParser.cpp:
3480         (JSC::DFG::ByteCodeParser::parseBlock):
3481         * dfg/DFGClobberize.h:
3482         (JSC::DFG::clobberize):
3483         * dfg/DFGDoesGC.cpp:
3484         (JSC::DFG::doesGC):
3485         * dfg/DFGFixupPhase.cpp:
3486         (JSC::DFG::FixupPhase::fixupNode):
3487         * dfg/DFGGraph.h:
3488         (JSC::DFG::Graph::addSpeculationMode):
3489         * dfg/DFGNodeType.h:
3490         * dfg/DFGOperations.cpp:
3491         * dfg/DFGOperations.h:
3492         * dfg/DFGPredictionPropagationPhase.cpp:
3493         * dfg/DFGSafeToExecute.h:
3494         (JSC::DFG::safeToExecute):
3495         * dfg/DFGSpeculativeJIT.cpp:
3496         (JSC::DFG::SpeculativeJIT::compileValueSub):
3497         (JSC::DFG::SpeculativeJIT::compileArithSub):
3498         * dfg/DFGSpeculativeJIT.h:
3499         * dfg/DFGSpeculativeJIT32_64.cpp:
3500         (JSC::DFG::SpeculativeJIT::compile):
3501         * dfg/DFGSpeculativeJIT64.cpp:
3502         (JSC::DFG::SpeculativeJIT::compile):
3503         * dfg/DFGValidate.cpp:
3504         * ftl/FTLCapabilities.cpp:
3505         (JSC::FTL::canCompile):
3506         * ftl/FTLLowerDFGToB3.cpp:
3507         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3508         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
3509         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
3510
3511 2018-10-18  Alexey Proskuryakov  <ap@apple.com>
3512
3513         Switch from PLATFORM(IOS) to PLATFORM(IOS_FAMILY)
3514         https://bugs.webkit.org/show_bug.cgi?id=190729
3515
3516         Reviewed by Tim Horton.
3517
3518         * API/JSBase.cpp:
3519         * API/JSWrapperMap.mm:
3520         * assembler/ARM64Assembler.h:
3521         (JSC::ARM64Assembler::cacheFlush):
3522         * assembler/ARMv7Assembler.h:
3523         (JSC::ARMv7Assembler::cacheFlush):
3524         * assembler/AssemblerCommon.h:
3525         (JSC::isIOS):
3526         * heap/FullGCActivityCallback.cpp:
3527         (JSC::FullGCActivityCallback::doCollection):
3528         * heap/Heap.cpp:
3529         (JSC::Heap::overCriticalMemoryThreshold):
3530         (JSC::Heap::updateAllocationLimits):
3531         (JSC::Heap::collectIfNecessaryOrDefer):
3532         * heap/Heap.h:
3533         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
3534         (Inspector::RemoteConnectionToTarget::dispatchAsyncOnTarget):
3535         * jit/ExecutableAllocator.cpp:
3536         (JSC::allowJIT):
3537         * jit/ExecutableAllocator.h:
3538         * jit/RegisterSet.cpp:
3539         (JSC::RegisterSet::reservedHardwareRegisters):
3540         (JSC::RegisterSet::calleeSaveRegisters):
3541         * jit/ThunkGenerators.cpp:
3542         * jsc.cpp:
3543         (main):
3544         * runtime/MathCommon.cpp:
3545         * runtime/Options.cpp:
3546         (JSC::overrideDefaults):
3547         (JSC::recomputeDependentOptions):
3548         * runtime/Options.h:
3549
3550 2018-10-18  Ross Kirsling  <ross.kirsling@sony.com>
3551
3552         delete expression should not throw without a reference
3553         https://bugs.webkit.org/show_bug.cgi?id=190637
3554
3555         Reviewed by Yusuke Suzuki.
3556
3557         * parser/Parser.cpp:
3558         (JSC::Parser<LexerType>::parseUnaryExpression):
3559         Eliminate non-spec-compliant switch case.
3560
3561 2018-10-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3562
3563         [JSC] JSC should have "parseFunction" to optimize Function constructor
3564         https://bugs.webkit.org/show_bug.cgi?id=190340
3565
3566         Reviewed by Mark Lam.
3567
3568         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
3569         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
3570         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
3571         is really costly and ideally we should meet the above requirement by the one time parsing.
3572
3573         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
3574         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
3575         For example, if we run the code,
3576
3577             Function('/*', '*/){')
3578
3579         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
3580         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
3581         that, in our implementation, we first create the entire string.
3582
3583             function anonymous(/*) {
3584                 */){
3585             }
3586
3587         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
3588         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
3589         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
3590         above example while we parse the entire function only once. And we do not need to create two strings too.
3591
3592         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
3593         significantly sped up (28.2%).
3594
3595         Before:
3596             uglify-js:  2.94 runs/s
3597         After:
3598             uglify-js:  3.77 runs/s
3599
3600         * bytecode/UnlinkedFunctionExecutable.cpp:
3601         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3602         * bytecode/UnlinkedFunctionExecutable.h:
3603         * parser/Parser.cpp:
3604         (JSC::Parser<LexerType>::parseInner):
3605         (JSC::Parser<LexerType>::parseSingleFunction):
3606         (JSC::Parser<LexerType>::parseFunctionInfo):
3607         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3608         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
3609         * parser/Parser.h:
3610         (JSC::Parser<LexerType>::parse):
3611         (JSC::parse):
3612         (JSC::parseFunctionForFunctionConstructor):
3613         * parser/ParserModes.h:
3614         * parser/ParserTokens.h:
3615         (JSC::JSTextPosition::JSTextPosition):
3616         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
3617         * parser/SourceCodeKey.h:
3618         (JSC::SourceCodeKey::SourceCodeKey):
3619         (JSC::SourceCodeKey::operator== const):
3620         * runtime/CodeCache.cpp:
3621         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3622         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3623         * runtime/CodeCache.h:
3624         * runtime/FunctionConstructor.cpp:
3625         (JSC::constructFunctionSkippingEvalEnabledCheck):
3626         * runtime/FunctionExecutable.cpp:
3627         (JSC::FunctionExecutable::fromGlobalCode):
3628         * runtime/FunctionExecutable.h:
3629
3630 2018-10-18  Commit Queue  <commit-queue@webkit.org>
3631
3632         Unreviewed, rolling out r237242.
3633         https://bugs.webkit.org/show_bug.cgi?id=190701
3634
3635         it breaks "stress/sampling-profiler-basic.js" (Requested by
3636         caiolima on #webkit).
3637
3638         Reverted changeset:
3639
3640         "[BigInt] Add ValueSub into DFG"
3641         https://bugs.webkit.org/show_bug.cgi?id=186176
3642         https://trac.webkit.org/changeset/237242
3643
3644 2018-10-18  Takafumi Kubota  <takafumi.kubota1012@sslab.ics.keio.ac.jp>
3645
3646         Missing #pragma once in WasmOpcodeOrigin.h
3647         https://bugs.webkit.org/show_bug.cgi?id=190699
3648
3649         Reviewed by Yusuke Suzuki.
3650
3651         This patch add ''#pragma once'' into WasmOpcodeOrigin.h to avoid the
3652         multiple inclusion that can happen in the unified build
3653         configuration.
3654
3655         * wasm/WasmOpcodeOrigin.h:
3656
3657 2018-10-17  Wenson Hsieh  <wenson_hsieh@apple.com>
3658
3659         Enable the datalist element by default on iOS and macOS
3660         https://bugs.webkit.org/show_bug.cgi?id=190594
3661         <rdar://problem/45281159>
3662
3663         Reviewed by Ryosuke Niwa and Tim Horton.
3664
3665         * Configurations/FeatureDefines.xcconfig:
3666
3667 2018-10-17  Caio Lima  <ticaiolima@gmail.com>
3668
3669         [BigInt] Add ValueSub into DFG
3670         https://bugs.webkit.org/show_bug.cgi?id=186176
3671
3672         Reviewed by Yusuke Suzuki.
3673
3674         We are introducing in this patch a new node called ValueSub. This node
3675         is necessary due to introduction of BigInt, making subtraction
3676         operations result in non-Number values in some cases. In such case, ValueSub is
3677         responsible to handle Untyped and BigInt operations.
3678         In addition, we are also creating a speculative path when both
3679         operands are BigInt. According to a simple BigInt subtraction microbenchmark,
3680         this represents a speedup of ~1.2x faster.
3681
3682         big-int-simple-sub    14.6427+-0.5652    ^    11.9559+-0.6485   ^   definitely 1.2247x faster
3683
3684         * dfg/DFGAbstractInterpreterInlines.h:
3685         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3686         * dfg/DFGByteCodeParser.cpp:
3687         (JSC::DFG::ByteCodeParser::parseBlock):
3688         * dfg/DFGClobberize.h:
3689         (JSC::DFG::clobberize):
3690         * dfg/DFGDoesGC.cpp:
3691         (JSC::DFG::doesGC):
3692         * dfg/DFGFixupPhase.cpp:
3693         (JSC::DFG::FixupPhase::fixupNode):
3694         * dfg/DFGGraph.h:
3695         (JSC::DFG::Graph::addSpeculationMode):
3696         * dfg/DFGNodeType.h:
3697         * dfg/DFGOperations.cpp:
3698         * dfg/DFGOperations.h:
3699         * dfg/DFGPredictionPropagationPhase.cpp:
3700         * dfg/DFGSafeToExecute.h:
3701         (JSC::DFG::safeToExecute):
3702         * dfg/DFGSpeculativeJIT.cpp:
3703         (JSC::DFG::SpeculativeJIT::compileValueSub):
3704         (JSC::DFG::SpeculativeJIT::compileArithSub):
3705         * dfg/DFGSpeculativeJIT.h:
3706         * dfg/DFGSpeculativeJIT32_64.cpp:
3707         (JSC::DFG::SpeculativeJIT::compile):
3708         * dfg/DFGSpeculativeJIT64.cpp:
3709         (JSC::DFG::SpeculativeJIT::compile):
3710         * dfg/DFGValidate.cpp:
3711         * ftl/FTLCapabilities.cpp:
3712         (JSC::FTL::canCompile):
3713         * ftl/FTLLowerDFGToB3.cpp:
3714         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3715         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
3716         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
3717
3718 2018-10-17  Mark Lam  <mark.lam@apple.com>
3719
3720         The parser should not emit a ApplyFunctionCallDotNode for Reflect.apply.
3721         https://bugs.webkit.org/show_bug.cgi?id=190671
3722         <rdar://problem/45201145>
3723
3724         Reviewed by Saam Barati.
3725
3726         The bytecode generator does not currently know how to inline Reflect.apply (see
3727         https://bugs.webkit.org/show_bug.cgi?id=190668).  Hence, it's a waste of time to
3728         emit the ApplyFunctionCallDotNode since the function check against Function.apply
3729         that it will generate will always fail.
3730
3731         Also fixed CallVariant::dump() to be able to handle dumping a non-executable
3732         callee.  Reflect.apply used to trip this up.  Any object with an apply property
3733         invoked as a function could also trip this up.  This is now fixed.
3734
3735         * bytecode/CallVariant.cpp:
3736         (JSC::CallVariant::dump const):
3737         * bytecompiler/NodesCodegen.cpp:
3738         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3739         * parser/ASTBuilder.h:
3740         (JSC::ASTBuilder::makeFunctionCallNode):
3741
3742 2018-10-17  Commit Queue  <commit-queue@webkit.org>
3743
3744         Unreviewed, rolling out r237024.
3745         https://bugs.webkit.org/show_bug.cgi?id=190673
3746
3747         "It regressed ARES6 on iOS devices by 4-8%" (Requested by
3748         saamyjoon on #webkit).
3749
3750         Reverted changeset:
3751
3752         "Increase executable memory pool from 64MB to 128MB for ARM64"
3753         https://bugs.webkit.org/show_bug.cgi?id=190453
3754         https://trac.webkit.org/changeset/237024
3755
3756 2018-10-17  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3757
3758         [JSC] Use WTF::Function instead of std::function
3759         https://bugs.webkit.org/show_bug.cgi?id=190665
3760
3761         Reviewed by Keith Miller.
3762
3763         We should use WTF::Function as much as possible. It allocates memory from bmalloc instead of standard malloc.
3764
3765         * runtime/JSNativeStdFunction.h:
3766
3767 2018-10-17  Keith Miller  <keith_miller@apple.com>
3768
3769         Remove debug logging from generate_offsets_extractor.rb
3770         https://bugs.webkit.org/show_bug.cgi?id=190667
3771
3772         Reviewed by Mark Lam.
3773
3774         * offlineasm/generate_offset_extractor.rb:
3775
3776 2018-10-17  Keith Miller  <keith_miller@apple.com>
3777
3778         AI does not clear Phantom allocation nodes.
3779         https://bugs.webkit.org/show_bug.cgi?id=190694
3780
3781         Reviewed by Saam Barati.
3782
3783         Phantom nodes claim to have a result so they should make sure they clear
3784         their abstract values.
3785
3786         * dfg/DFGAbstractInterpreterInlines.h:
3787         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3788
3789 2018-10-17  Keith Miller  <keith_miller@apple.com>
3790
3791         Unreviewed, fix windows build.
3792
3793         * offlineasm/generate_offset_extractor.rb:
3794
3795 2018-10-17  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3796
3797         [JSC] More aggressively use `constexpr` in LowLevelInterpreter.asm for constant values
3798         https://bugs.webkit.org/show_bug.cgi?id=190659
3799
3800         Reviewed by Keith Miller.
3801
3802         Asking the actual constant value to the JSC binary is always the best way to get the correct value.
3803         The value is correctly updated once the original value is changed. We would like to encourage this
3804         approach more in LowLevelInterpreter.asm.
3805
3806         This patch expands the coverage of this approach. We make ObservedType, ResultType, and ArithProfile
3807         constexpr-friendly to produce the magic value used in LowLevelInterpreter.asm at compiling time.
3808         This change allows us to easily extend ArithProfile in the future to adopt BigInt efficiently.
3809
3810         We additionally use `constexpr` for several constant values in LowLevelInterpreter.asm.
3811
3812         * assembler/MaxFrameExtentForSlowPathCall.h:
3813         Use this value in LowLevelInterpreter.asm directly. We also make them constexpr. And we add CPU(ARM64E).
3814
3815         * bytecode/ArithProfile.h:
3816         (JSC::ObservedType::ObservedType):
3817         (JSC::ObservedType::sawInt32 const):
3818         (JSC::ObservedType::isOnlyInt32 const):
3819         (JSC::ObservedType::sawNumber const):
3820         (JSC::ObservedType::isOnlyNumber const):
3821         (JSC::ObservedType::sawNonNumber const):
3822         (JSC::ObservedType::isOnlyNonNumber const):
3823         (JSC::ObservedType::isEmpty const):
3824         (JSC::ObservedType::bits const):
3825         (JSC::ObservedType::withInt32 const):
3826         (JSC::ObservedType::withNumber const):
3827         (JSC::ObservedType::withNonNumber const):
3828         (JSC::ObservedType::withoutNonNumber const):
3829         (JSC::ObservedType::operator== const):
3830         (JSC::ArithProfile::ArithProfile):
3831         (JSC::ArithProfile::fromInt):
3832         (JSC::ArithProfile::observedUnaryInt):
3833         (JSC::ArithProfile::observedUnaryNumber):
3834         (JSC::ArithProfile::observedBinaryIntInt):
3835         (JSC::ArithProfile::observedBinaryNumberInt):
3836         (JSC::ArithProfile::observedBinaryIntNumber):
3837         (JSC::ArithProfile::observedBinaryNumberNumber):
3838         (JSC::ArithProfile::lhsObservedType const):
3839         (JSC::ArithProfile::rhsObservedType const):
3840         (JSC::ArithProfile::bits const):
3841         Make ObservedType and ArithProfile constexpr-friendly.
3842
3843         * llint/LLIntData.cpp:
3844         (JSC::LLInt::Data::performAssertions):
3845         Make several ASSERTs to STATIC_ASSERTs. Remove some unnecessary checks.
3846         * llint/LLIntOffsetsExtractor.cpp:
3847         * llint/LowLevelInterpreter.asm:
3848         Remove unused constant values. Use constexpr more and more aggressively.
3849
3850         * parser/ResultType.h:
3851         (JSC::ResultType::ResultType):
3852         (JSC::ResultType::isInt32 const):
3853         (JSC::ResultType::definitelyIsNumber const):
3854         (JSC::ResultType::definitelyIsString const):
3855         (JSC::ResultType::definitelyIsBoolean const):
3856         (JSC::ResultType::definitelyIsBigInt const):
3857         (JSC::ResultType::mightBeNumber const):
3858         (JSC::ResultType::isNotNumber const):
3859         (JSC::ResultType::mightBeBigInt const):
3860         (JSC::ResultType::isNotBigInt const):
3861         (JSC::ResultType::nullType):
3862         (JSC::ResultType::booleanType):
3863         (JSC::ResultType::numberType):
3864         (JSC::ResultType::numberTypeIsInt32):
3865         (JSC::ResultType::stringOrNumberType):
3866         (JSC::ResultType::addResultType):
3867         (JSC::ResultType::stringType):
3868         (JSC::ResultType::bigIntType):
3869         (JSC::ResultType::unknownType):
3870         (JSC::ResultType::forAdd):
3871         (JSC::ResultType::forLogicalOp):
3872         (JSC::ResultType::forBitOp):
3873         (JSC::ResultType::bits const):
3874         Make ResultType constexpr-friendly.
3875
3876         * runtime/JSCJSValue.h:
3877         Use offsetof instead of OBJECT_OFFSETOF. It is OK since EncodedValueDescriptor is POD.
3878         This change makes TagOffset and PayloadOffset macros constexpr-friendly while OBJECT_OFFSETOF
3879         cannot be used in constexpr since it uses reinterpret_cast.
3880
3881 2018-10-17  Keith Miller  <keith_miller@apple.com>
3882
3883         Unreviewed revert Fujii's revert in r237214 with new WinCairo build fix.
3884
3885 2018-10-16  Mark Lam  <mark.lam@apple.com>
3886
3887         GetIndexedPropertyStorage can GC.
3888         https://bugs.webkit.org/show_bug.cgi?id=190625
3889         <rdar://problem/45309366>
3890
3891         Reviewed by Saam Barati.
3892
3893         This is because if the ArrayMode type is String, the DFG and FTL will be emitting
3894         a call to operationResolveRope, and operationResolveRope can GC.  This patch
3895         updates doesGC() to reflect this.
3896
3897         * dfg/DFGDoesGC.cpp:
3898         (JSC::DFG::doesGC):
3899
3900 2018-10-16  Fujii Hironori  <Hironori.Fujii@sony.com>
3901
3902         Unreviewed, rolling out r237188, r237189, and r237197.
3903
3904         It breaks WinCairo Debug builds and Release LayoutTests
3905
3906         Reverted changesets:
3907
3908         https://bugs.webkit.org/show_bug.cgi?id=189708
3909         https://trac.webkit.org/changeset/237188
3910
3911         "Unreviewed, forgot to add untracked files."
3912         https://trac.webkit.org/changeset/237189
3913
3914         "isASTErroneous in offlineasm should de-macroify before
3915         looking for Errors"
3916         https://bugs.webkit.org/show_bug.cgi?id=190634
3917         https://trac.webkit.org/changeset/237197
3918
3919 2018-10-16  Devin Rousso  <drousso@apple.com>
3920
3921         Web Inspector: Canvas: capture previously saved states and add them to the recording payload
3922         https://bugs.webkit.org/show_bug.cgi?id=190473
3923
3924         Reviewed by Joseph Pecoraro.
3925
3926         * inspector/protocol/Recording.json:
3927         Add `states` key to `InitialState` object.
3928
3929 2018-10-16  Keith Miller  <keith_miller@apple.com>
3930
3931         isASTErroneous in offlineasm should de-macroify before looking for Errors
3932         https://bugs.webkit.org/show_bug.cgi?id=190634
3933
3934         Reviewed by Mark Lam.
3935
3936         If a macro isn't usable in a configuration it might still cause us to
3937         think the ast is invalid. This change runs the de-macroifier before
3938         looking for errors.
3939
3940         Also, it adds a missing include to Printer.h.
3941
3942         * assembler/Printer.h:
3943         * offlineasm/settings.rb:
3944