RegExpObject's collectMatches should not be using JSArray::push to fill in its match...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-11-15  Mark Lam  <mark.lam@apple.com>
2
3         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
4         https://bugs.webkit.org/show_bug.cgi?id=191730
5         <rdar://problem/46048517>
6
7         Reviewed by Saam Barati.
8
9         According to the spec https://www.ecma-international.org/ecma-262/9.0/index.html#sec-regexp.prototype-@@match,
10         the RegExp match results are filled in using the spec's CreateDataProperty()
11         function which does not consult the prototype for setters.  JSArray:push()
12         consults the prototype for setters.  We should be using putDirectIndex() instead.
13
14         * runtime/RegExpObjectInlines.h:
15         (JSC::collectMatches):
16
17 2018-11-15  Mark Lam  <mark.lam@apple.com>
18
19         RegExp operations should not take fast patch if lastIndex is not numeric.
20         https://bugs.webkit.org/show_bug.cgi?id=191731
21         <rdar://problem/46017305>
22
23         Reviewed by Saam Barati.
24
25         This is because if lastIndex is an object with a valueOf() method, it can execute
26         arbitrary code which may have side effects, and side effects are not permitted by
27         the RegExp fast paths.
28
29         * builtins/RegExpPrototype.js:
30         (globalPrivate.hasObservableSideEffectsForRegExpMatch):
31         (overriddenName.string_appeared_here.search):
32         (globalPrivate.hasObservableSideEffectsForRegExpSplit):
33         (intrinsic.RegExpTestIntrinsic.test):
34         * builtins/StringPrototype.js:
35         (globalPrivate.hasObservableSideEffectsForStringReplace):
36
37 2018-11-15  Keith Rollin  <krollin@apple.com>
38
39         Delete old .xcfilelist files
40         https://bugs.webkit.org/show_bug.cgi?id=191669
41         <rdar://problem/46081994>
42
43         Reviewed by Chris Dumez.
44
45         .xcfilelist files were created and added to the Xcode project files in
46         https://trac.webkit.org/changeset/238008/webkit. However, they caused
47         build issues and they were removed from the Xcode projects in
48         https://trac.webkit.org/changeset/238055/webkit. This check-in removes
49         the files from the repository altogether. They'll ultimately be
50         replaced with new files with names that indicate whether the
51         associated files are inputs to the Run Script phase or are files
52         created by the Run Script phase.
53
54         * DerivedSources.xcfilelist: Removed.
55         * UnifiedSources.xcfilelist: Removed.
56
57 2018-11-14  Keith Rollin  <krollin@apple.com>
58
59         Move scripts for Derived and Unified Sources to external files
60         https://bugs.webkit.org/show_bug.cgi?id=191670
61         <rdar://problem/46082278>
62
63         Reviewed by Keith Miller.
64
65         Move the scripts in the Generate Derived Sources and Generate Unified
66         Sources Run Script phases from the Xcode projects to external shell
67         script files. Then invoke those scripts from the Run Script phases.
68         This refactoring is being performed to support later work that will
69         invoke these scripts in other contexts.
70
71         The scripts were maintained as-is when making the move. I did a little
72         reformatting and added 'set -e' to the top of each file, but that's
73         it.
74
75         * JavaScriptCore.xcodeproj/project.pbxproj:
76         * Scripts/generate-derived-sources.sh: Added.
77         * Scripts/generate-unified-sources.sh: Added.
78
79 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
80
81         Web Inspector: Pass Inspector::FrontendChannel as a reference connect/disconnect methods
82         https://bugs.webkit.org/show_bug.cgi?id=191612
83
84         Reviewed by Matt Baker.
85
86         * inspector/InspectorFrontendRouter.cpp:
87         (Inspector::FrontendRouter::connectFrontend):
88         (Inspector::FrontendRouter::disconnectFrontend):
89         * inspector/InspectorFrontendRouter.h:
90         * inspector/JSGlobalObjectInspectorController.cpp:
91         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
92         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
93         * inspector/JSGlobalObjectInspectorController.h:
94         * inspector/remote/RemoteControllableTarget.h:
95         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
96         (Inspector::RemoteConnectionToTarget::setup):
97         (Inspector::RemoteConnectionToTarget::close):
98         * inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:
99         (Inspector::RemoteConnectionToTarget::setup):
100         (Inspector::RemoteConnectionToTarget::close):
101         * runtime/JSGlobalObjectDebuggable.cpp:
102         (JSC::JSGlobalObjectDebuggable::connect):
103         (JSC::JSGlobalObjectDebuggable::disconnect):
104         * runtime/JSGlobalObjectDebuggable.h:
105
106 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
107
108         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Remote Inspector)
109         https://bugs.webkit.org/show_bug.cgi?id=191494
110         <rdar://problem/45469854>
111
112         Reviewed by Devin Rousso.
113
114         * CMakeLists.txt:
115         * DerivedSources.make:
116         * JavaScriptCore.xcodeproj/project.pbxproj:
117         * Sources.txt:
118         New domain and resources.
119
120         * inspector/protocol/Target.json: Added.
121         New protocol domain, modeled after Worker.json, to allow for
122         multiplexing between different targets.
123
124         * inspector/InspectorTarget.h:
125         Each target will instantiate an InspectorTarget and must
126         provide an identifier, type, and means of connecting/disconnecting
127         to a frontend channel.
128
129         * inspector/agents/InspectorTargetAgent.cpp: Added.
130         (Inspector::InspectorTargetAgent::InspectorTargetAgent):
131         (Inspector::InspectorTargetAgent::didCreateFrontendAndBackend):
132         (Inspector::InspectorTargetAgent::willDestroyFrontendAndBackend):
133         (Inspector::InspectorTargetAgent::exists):
134         (Inspector::InspectorTargetAgent::initialized):
135         (Inspector::InspectorTargetAgent::sendMessageToTarget):
136         (Inspector::InspectorTargetAgent::sendMessageFromTargetToFrontend):
137         (Inspector::targetTypeToProtocolType):
138         (Inspector::buildTargetInfoObject):
139         (Inspector::InspectorTargetAgent::targetCreated):
140         (Inspector::InspectorTargetAgent::targetTerminated):
141         (Inspector::InspectorTargetAgent::connectToTargets):
142         (Inspector::InspectorTargetAgent::disconnectFromTargets):
143         * inspector/agents/InspectorTargetAgent.h: Added.
144         TargetAgent holds a list of targets, and connects/disconnects to each
145         of the targets when a frontend connects/disconnects.
146
147         * inspector/scripts/codegen/generator.py:
148         Better enum casing of ServiceWorker.
149
150 2018-11-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
151
152         Unreviewed, rolling in CodeCache in r237254
153         https://bugs.webkit.org/show_bug.cgi?id=190340
154
155         Land the CodeCache part without adding an additional hash value.
156
157         * bytecode/UnlinkedFunctionExecutable.cpp:
158         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
159         * bytecode/UnlinkedFunctionExecutable.h:
160         * parser/SourceCodeKey.h:
161         (JSC::SourceCodeKey::SourceCodeKey):
162         (JSC::SourceCodeKey::operator== const):
163         * runtime/CodeCache.cpp:
164         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
165         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
166         * runtime/CodeCache.h:
167         * runtime/FunctionConstructor.cpp:
168         (JSC::constructFunctionSkippingEvalEnabledCheck):
169         * runtime/FunctionExecutable.cpp:
170         (JSC::FunctionExecutable::fromGlobalCode):
171         * runtime/FunctionExecutable.h:
172
173 2018-11-13  Saam Barati  <sbarati@apple.com>
174
175         ProxyObject should check for VMInquiry and return early before throwing a stack overflow exception
176         https://bugs.webkit.org/show_bug.cgi?id=191601
177
178         Reviewed by Mark Lam.
179
180         This doesn't fix any bugs today, but it may reduce future bugs. It was
181         always weird that ProxyObject::getOwnPropertySlot with VMInquiry might
182         throw a stack overflow error instead of just returning false like it
183         normally does when VMInquiry is passed in.
184
185         * runtime/ProxyObject.cpp:
186         (JSC::ProxyObject::getOwnPropertySlotCommon):
187
188 2018-11-13  Saam Barati  <sbarati@apple.com>
189
190         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
191         https://bugs.webkit.org/show_bug.cgi?id=191600
192
193         Reviewed by Mark Lam.
194
195         processLogEntries will call into calculatedClassName, which will clear
196         any exceptions it encounters (it assumes that they're stack overflow exceptions).
197         However, this code may be called when an exception is already pending on the 
198         VM (e.g, when we throw an exception in the DFG, we compile an OSR exit
199         offramp, which may compile a baseline codeblock, which will process
200         the type profiler log). To get around this, processLogEntires should stash
201         away and re-apply any pending exceptions.
202
203         * dfg/DFGDriver.cpp:
204         (JSC::DFG::compileImpl):
205         * dfg/DFGOperations.cpp:
206         * inspector/agents/InspectorRuntimeAgent.cpp:
207         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
208         * jit/JIT.cpp:
209         (JSC::JIT::doMainThreadPreparationBeforeCompile):
210         * jit/JITOperations.cpp:
211         * runtime/CommonSlowPaths.cpp:
212         (JSC::SLOW_PATH_DECL):
213         * runtime/TypeProfilerLog.cpp:
214         (JSC::TypeProfilerLog::processLogEntries):
215         * runtime/TypeProfilerLog.h:
216         * runtime/VM.cpp:
217         (JSC::VM::dumpTypeProfilerData):
218         * runtime/VM.h:
219         (JSC::VM::DeferExceptionScope::DeferExceptionScope):
220         * tools/JSDollarVM.cpp:
221         (JSC::functionFindTypeForExpression):
222         (JSC::functionReturnTypeFor):
223
224 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
225
226         Unreviewed, rolling out r238132.
227
228         The test added with this change is timing out on Debug JSC
229         bots.
230
231         Reverted changeset:
232
233         "[BigInt] JSBigInt::createWithLength should throw when length
234         is greater than JSBigInt::maxLength"
235         https://bugs.webkit.org/show_bug.cgi?id=190836
236         https://trac.webkit.org/changeset/238132
237
238 2018-11-12  Mark Lam  <mark.lam@apple.com>
239
240         Add OOM detection to StringPrototype's substituteBackreferences().
241         https://bugs.webkit.org/show_bug.cgi?id=191563
242         <rdar://problem/45720428>
243
244         Reviewed by Saam Barati.
245
246         * dfg/DFGStrengthReductionPhase.cpp:
247         (JSC::DFG::StrengthReductionPhase::handleNode):
248         * runtime/StringPrototype.cpp:
249         (JSC::substituteBackreferencesSlow):
250         (JSC::substituteBackreferencesInline):
251         (JSC::substituteBackreferences):
252         (JSC::replaceUsingRegExpSearch):
253         (JSC::replaceUsingStringSearch):
254         * runtime/StringPrototype.h:
255
256 2018-11-13  Mark Lam  <mark.lam@apple.com>
257
258         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
259         https://bugs.webkit.org/show_bug.cgi?id=191579
260         <rdar://problem/45942472>
261
262         Reviewed by Saam Barati.
263
264         Both of these functions do a lot of work.  It would be good for the topCallFrame
265         to be correct should we need to throw an exception.
266
267         For example, we've observed the following crash trace:
268
269           * frame #0: WTFCrash() at Assertions.cpp:253
270             frame #1: ...
271             frame #2: JSC::StructureIDTable::get(this=0x00006040000162f0, structureID=1874583248) at StructureIDTable.h:129
272             frame #3: JSC::VM::getStructure(this=0x0000604000016210, id=4022066896) at VM.h:705
273             frame #4: JSC::JSCell::structure(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:125
274             frame #5: JSC::JSCell::classInfo(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:335
275             frame #6: JSC::JSCell::inherits(this=0x00007ffeefbbde30, vm=0x0000604000016210, info=0x0000000105eaf020) const at JSCellInlines.h:302
276             frame #7: JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(from=0x00007ffeefbbde30) at JSCast.h:36
277             frame #8: JSC::asObject(cell=0x00007ffeefbbde30) at JSObject.h:1299
278             frame #9: JSC::asObject(value=JSValue @ 0x00007ffeefbba380) at JSObject.h:1304
279             frame #10: JSC::Register::object(this=0x00007ffeefbbdd58) const at JSObject.h:1514
280             frame #11: JSC::ExecState::jsCallee(this=0x00007ffeefbbdd40) const at CallFrame.h:107
281             frame #12: JSC::ExecState::isStackOverflowFrame(this=0x00007ffeefbbdd40) const at CallFrameInlines.h:36
282             frame #13: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:52
283             frame #14: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:41
284             frame #15: void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>&, unsigned long, unsigned long)::$_3>(startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800, functor=0x00007ffeefbbaa60)::$_3 const&) at StackVisitor.h:147
285             frame #16: JSC::Interpreter::getStackTrace(this=0x0000602000005db0, owner=0x000062d00020cbe0, results=0x00006020000249d0, framesToSkip=0, maxStackSize=1) at Interpreter.cpp:437
286             frame #17: JSC::getStackTrace(exec=0x000062d00002c048, vm=0x0000631000000800, obj=0x000062d00020cbe0, useCurrentFrame=true) at Error.cpp:170
287             frame #18: JSC::ErrorInstance::finishCreation(this=0x000062d00020cbe0, exec=0x000062d00002c048, vm=0x0000631000000800, message=0x00007ffeefbbb800, useCurrentFrame=true) at ErrorInstance.cpp:119
288             frame #19: JSC::ErrorInstance::create(exec=0x000062d00002c048, vm=0x0000631000000800, structure=0x000062d0000f5730, message=0x00007ffeefbbb800, appender=0x0000000000000000, type=TypeNothing, useCurrentFrame=true)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool) at ErrorInstance.h:49
289             frame #20: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800, appender=0x0000000000000000)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred)) at Error.cpp:68
290             frame #21: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800) at Error.cpp:316
291             frame #22: JSC::createStackOverflowError(exec=0x000062d00002c048, globalObject=0x000062d00002c000) at ExceptionHelpers.cpp:77
292             frame #23: JSC::createStackOverflowError(exec=0x000062d00002c048) at ExceptionHelpers.cpp:72
293             frame #24: JSC::throwStackOverflowError(exec=0x000062d00002c048, scope=0x00007ffeefbbbaa0) at ExceptionHelpers.cpp:335
294             frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372
295             frame #26: JSC::ProxyObject::getOwnPropertySlot(object=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbd40, slot=0x00007ffeefbbc720) at ProxyObject.cpp:395
296             frame #27: JSC::JSObject::getNonIndexPropertySlot(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbea0, slot=0x00007ffeefbbc720) at JSObjectInlines.h:150
297             frame #28: bool JSC::JSObject::getPropertySlot<false>(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbc320, slot=0x00007ffeefbbc720) at JSObject.h:1424
298             frame #29: JSC::JSObject::calculatedClassName(object=0x000062d000200e40) at JSObject.cpp:535
299             frame #30: JSC::Structure::toStructureShape(this=0x000062d000007410, value=JSValue @ 0x00007ffeefbbcae0, sawPolyProtoStructure=0x00007ffeefbbcf60) at Structure.cpp:1142
300             frame #31: JSC::TypeProfilerLog::processLogEntries(this=0x000060400000a950, reason=0x00007ffeefbbd5c0) at TypeProfilerLog.cpp:89
301             frame #32: JSC::JIT::doMainThreadPreparationBeforeCompile(this=0x0000619000034da0) at JIT.cpp:951
302             frame #33: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:43
303             frame #34: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:42
304             frame #35: JSC::JITWorklist::compileLater(this=0x0000616000001b80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:256
305             frame #36: JSC::LLInt::jitCompileAndSetHeuristics(codeBlock=0x000062d0001d88c0, exec=0x00007ffeefbbde30, loopOSREntryBytecodeOffset=0) at LLIntSlowPaths.cpp:391
306             frame #37: llint_replace(exec=0x00007ffeefbbde30, pc=0x00006040000161ba) at LLIntSlowPaths.cpp:516
307             frame #38: llint_entry at LowLevelInterpreter64.asm:98
308             frame #39: vmEntryToJavaScript at LowLevelInterpreter64.asm:296
309             ...
310
311         This crash occurred because StackVisitor was seeing an invalid topCallFrame while
312         trying to capture the Error stack while throwing a StackOverflowError below
313         llint_replace.  While in this specific example, it is questionable whether we
314         should be executing JS code below TypeProfilerLog::processLogEntries(), it is
315         correct to have set the topCallFrame in llint_replace.  We do this by calling
316         LLINT_BEGIN_NO_SET_PC() at the top of llint_replace.
317
318         We also do the same for llint_osr.
319         
320         Note: both of these LLInt slow path functions are called with a fully initialized
321         CallFrame.  Hence, there's no issue with setting topCallFrame to their CallFrames
322         for these functions.
323
324         * llint/LLIntSlowPaths.cpp:
325         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
326
327 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
328
329         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
330         https://bugs.webkit.org/show_bug.cgi?id=190836
331
332         Reviewed by Saam Barati.
333
334         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
335         where we allocate a BigInt trusting the length received as argument.
336         With this additional method, we now check if length passed to
337         `JSBigInt::createWithLength` is not greater than JSBigInt::maxLength.
338         When the length is greater than maxLength, we then throw OOM
339         exception.
340         This required change the interface of some JSBigInt operations to
341         receive `ExecState*` instead of `VM&`. We changed only operations that
342         can throw because of OOM.
343         We beleive that this approach of throwing instead of finishing the
344         execution abruptly is better because JS programs can catch such
345         exception and handle this issue properly.
346
347         * dfg/DFGOperations.cpp:
348         * jit/JITOperations.cpp:
349         * runtime/CommonSlowPaths.cpp:
350         (JSC::SLOW_PATH_DECL):
351         * runtime/JSBigInt.cpp:
352         (JSC::JSBigInt::createZero):
353         (JSC::JSBigInt::tryCreateWithLength):
354         (JSC::JSBigInt::createWithLengthUnchecked):
355         (JSC::JSBigInt::createFrom):
356         (JSC::JSBigInt::multiply):
357         (JSC::JSBigInt::divide):
358         (JSC::JSBigInt::copy):
359         (JSC::JSBigInt::unaryMinus):
360         (JSC::JSBigInt::remainder):
361         (JSC::JSBigInt::add):
362         (JSC::JSBigInt::sub):
363         (JSC::JSBigInt::bitwiseAnd):
364         (JSC::JSBigInt::bitwiseOr):
365         (JSC::JSBigInt::bitwiseXor):
366         (JSC::JSBigInt::absoluteAdd):
367         (JSC::JSBigInt::absoluteSub):
368         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
369         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
370         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
371         (JSC::JSBigInt::absoluteBitwiseOp):
372         (JSC::JSBigInt::absoluteAddOne):
373         (JSC::JSBigInt::absoluteSubOne):
374         (JSC::JSBigInt::toStringGeneric):
375         (JSC::JSBigInt::rightTrim):
376         (JSC::JSBigInt::allocateFor):
377         (JSC::JSBigInt::createWithLength): Deleted.
378         * runtime/JSBigInt.h:
379         * runtime/Operations.cpp:
380         (JSC::jsAddSlowCase):
381         * runtime/Operations.h:
382         (JSC::jsSub):
383         (JSC::jsMul):
384
385 2018-11-12  Devin Rousso  <drousso@apple.com>
386
387         Web Inspector: Network: show secure certificate details per-request
388         https://bugs.webkit.org/show_bug.cgi?id=191447
389         <rdar://problem/30019476>
390
391         Reviewed by Joseph Pecoraro.
392
393         Add Security domain to hold security related protocol types.
394
395         * CMakeLists.txt:
396         * DerivedSources.make:
397         * inspector/protocol/Network.json:
398         * inspector/protocol/Security.json: Added.
399         * inspector/scripts/codegen/objc_generator.py:
400         (ObjCGenerator):
401
402 2018-11-12  Saam barati  <sbarati@apple.com>
403
404         Unreviewed. Rollout 238026: It caused ~8% JetStream 2 regressions on some iOS devices
405         https://bugs.webkit.org/show_bug.cgi?id=191555
406
407         * bytecode/UnlinkedFunctionExecutable.cpp:
408         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
409         * bytecode/UnlinkedFunctionExecutable.h:
410         * parser/SourceCodeKey.h:
411         (JSC::SourceCodeKey::SourceCodeKey):
412         (JSC::SourceCodeKey::operator== const):
413         * runtime/CodeCache.cpp:
414         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
415         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
416         * runtime/CodeCache.h:
417         * runtime/FunctionConstructor.cpp:
418         (JSC::constructFunctionSkippingEvalEnabledCheck):
419         * runtime/FunctionExecutable.cpp:
420         (JSC::FunctionExecutable::fromGlobalCode):
421         * runtime/FunctionExecutable.h:
422
423 2018-11-11  Benjamin Poulain  <benjamin@webkit.org>
424
425         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
426         https://bugs.webkit.org/show_bug.cgi?id=191492
427
428         Reviewed by Alex Christensen.
429
430         Rename file.
431
432         * API/JSValue.mm:
433
434 2018-11-10  Benjamin Poulain  <benjamin@webkit.org>
435
436         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
437         https://bugs.webkit.org/show_bug.cgi?id=191492
438
439         Reviewed by Alex Christensen.
440
441         * API/JSValue.mm:
442
443 2018-11-10  Michael Catanzaro  <mcatanzaro@igalia.com>
444
445         Unreviewed, silence -Wunused-variable warning
446
447         * bytecode/Opcode.h:
448         (JSC::padOpcodeName):
449
450 2018-11-09  Keith Rollin  <krollin@apple.com>
451
452         Unreviewed build fix after https://bugs.webkit.org/show_bug.cgi?id=191324
453
454         Remove the use of .xcfilelists until their side-effects are better
455         understood.
456
457         * JavaScriptCore.xcodeproj/project.pbxproj:
458
459 2018-11-09  Keith Miller  <keith_miller@apple.com>
460
461         LLInt VectorSizeOffset should be based on offset extraction
462         https://bugs.webkit.org/show_bug.cgi?id=191468
463
464         Reviewed by Yusuke Suzuki.
465
466         This patch also adds some usings to LLIntOffsetsExtractor that
467         make it possible to use the bare names of Vector/RefCountedArray
468         in offsets extraction.
469
470         * llint/LLIntOffsetsExtractor.cpp:
471         * llint/LowLevelInterpreter.asm:
472
473 2018-11-09  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
474
475         Unreviewed, rolling in CodeCache in r237254
476         https://bugs.webkit.org/show_bug.cgi?id=190340
477
478         Land the CodeCache part, which uses DefaultHash<>::Hash instead of computeHash.
479
480         * bytecode/UnlinkedFunctionExecutable.cpp:
481         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
482         * bytecode/UnlinkedFunctionExecutable.h:
483         * parser/SourceCodeKey.h:
484         (JSC::SourceCodeKey::SourceCodeKey):
485         (JSC::SourceCodeKey::operator== const):
486         * runtime/CodeCache.cpp:
487         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
488         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
489         * runtime/CodeCache.h:
490         * runtime/FunctionConstructor.cpp:
491         (JSC::constructFunctionSkippingEvalEnabledCheck):
492         * runtime/FunctionExecutable.cpp:
493         (JSC::FunctionExecutable::fromGlobalCode):
494         * runtime/FunctionExecutable.h:
495
496 2018-11-08  Keith Miller  <keith_miller@apple.com>
497
498         put_by_val opcodes need to add the number tag as a 64-bit register
499         https://bugs.webkit.org/show_bug.cgi?id=191456
500
501         Reviewed by Saam Barati.
502
503         Previously the LLInt would add it as a pointer sized value. That is
504         wrong if pointer size is less 64-bits.
505
506         * llint/LowLevelInterpreter64.asm:
507
508 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
509
510         [JSC] isStrWhiteSpace seems redundant with Lexer<UChar>::isWhiteSpace
511         https://bugs.webkit.org/show_bug.cgi?id=191439
512
513         Reviewed by Saam Barati.
514
515         * CMakeLists.txt:
516         * runtime/ParseInt.h:
517         (JSC::isStrWhiteSpace):
518         Define isStrWhiteSpace in terms of isWhiteSpace and isLineTerminator.
519
520 2018-11-08  Michael Saboff  <msaboff@apple.com>
521
522         Options::useRegExpJIT() should use jitEnabledByDefault() just like useJIT()
523         https://bugs.webkit.org/show_bug.cgi?id=191444
524
525         Reviewed by Saam Barati.
526
527         * runtime/Options.h:
528
529 2018-11-08  Fujii Hironori  <Hironori.Fujii@sony.com>
530
531         [Win] UDis86Disassembler.cpp: warning: format specifies type 'unsigned long' but the argument has type 'uintptr_t' (aka 'unsigned long long')
532         https://bugs.webkit.org/show_bug.cgi?id=191416
533
534         Reviewed by Saam Barati.
535
536         * disassembler/UDis86Disassembler.cpp:
537         (JSC::tryToDisassembleWithUDis86): Use PRIxPTR for uintptr_t.
538
539 2018-11-08  Keith Rollin  <krollin@apple.com>
540
541         Create .xcfilelist files
542         https://bugs.webkit.org/show_bug.cgi?id=191324
543         <rdar://problem/45852819>
544
545         Reviewed by Alex Christensen.
546
547         As part of preparing for enabling XCBuild, create and use .xcfilelist
548         files. These files are using during Run Script build phases in an
549         Xcode project. If a Run Script build phase produces new files that are
550         used later as inputs to subsequent build phases, XCBuild needs to know
551         about these files. These files can be either specified in an "output
552         files" section of the Run Script phase editor, or in .xcfilelist files
553         that are associated with the Run Script build phase.
554
555         This patch takes the second approach. It consists of three sets of changes:
556
557         - Modify the DerivedSources.make files to have a
558           'print_all_generated_files" target that produces a list of the files
559           they create.
560
561         - Create a shell script that produces .xcfilelist files from the
562           output of the previous step, as well as for the files created in the
563           Generate Unified Sources build steps.
564
565         - Add the new .xcfilelist files to the associated projects.
566
567         Note that, with these changes, the Xcode workspace and projects can no
568         longer be fully loaded into Xcode 9. Xcode will attempt to load the
569         projects that have .xcfilelist files associated with them, but will
570         fail and display a placeholder for those projects instead. It's
571         expected that all developers are using Xcode 10 by now and that not
572         being able to load into Xcode 9 is not a practical issue. Keep in mind
573         that this is strictly an IDE issue, and that the projects can still be
574         built with `xcodebuild`.
575
576         Also note that the shell script that creates the .xcfilelist files can
577         also be used to verify that the set of files that's currently checked
578         in is up-to-date. This checking can be used as part of a check-in hook
579         or part of check-webkit-style to sooner catch cases where the
580         .xcfilelist files need to be regenerated.
581
582         * DerivedSources.make:
583         * DerivedSources.xcfilelist: Added.
584         * JavaScriptCore.xcodeproj/project.pbxproj:
585         * UnifiedSources.xcfilelist: Added.
586
587 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
588
589         U+180E is no longer a whitespace character
590         https://bugs.webkit.org/show_bug.cgi?id=191415
591
592         Reviewed by Saam Barati.
593
594         Mongolian Vowel Separator stopped being a valid whitespace character as of ES2016.
595         (https://github.com/tc39/ecma262/pull/300)
596
597         * parser/Lexer.h:
598         (JSC::Lexer<UChar>::isWhiteSpace):
599         * runtime/ParseInt.h:
600         (JSC::isStrWhiteSpace):
601         * yarr/create_regex_tables:
602
603 2018-11-08  Keith Miller  <keith_miller@apple.com>
604
605         jitEnabledByDefault() should be on useJIT not useBaselineJIT
606         https://bugs.webkit.org/show_bug.cgi?id=191434
607
608         Reviewed by Saam Barati.
609
610         * runtime/Options.h:
611
612 2018-11-08  Joseph Pecoraro  <pecoraro@apple.com>
613
614         Web Inspector: Restrict domains at the target level instead of only at the window level
615         https://bugs.webkit.org/show_bug.cgi?id=191344
616
617         Reviewed by Devin Rousso.
618
619         * inspector/protocol/Console.json:
620         * inspector/protocol/Debugger.json:
621         * inspector/protocol/Heap.json:
622         * inspector/protocol/Runtime.json:
623         Remove workerSupported as it is now no longer necessary. It is implied
624         by availability being empty (meaning it is supported everywhere).
625
626         * inspector/protocol/Inspector.json:
627         * inspector/protocol/ScriptProfiler.json:
628         Restrict to "javascript" and "web" debuggables, not available in workers.
629
630         * inspector/protocol/Worker.json:
631         Cleanup, remove empty types list.
632         
633         * inspector/protocol/Recording.json:
634         Cleanup, only expose this in the "web" domain for now.
635
636         * inspector/scripts/codegen/generate_js_backend_commands.py:
637         (JSBackendCommandsGenerator.generate_domain):
638         * inspector/scripts/codegen/models.py:
639         (Protocol.parse_domain):
640         Allow a list of debuggable types. Add "worker" even though it is unused
641         since that is a type we would want to allow or consider.
642
643         (Domain.__init__):
644         (Domains):
645         Remove now unnecessary workerSupported code.
646         Allow availability on a domain with only types.
647
648         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Removed.
649         * inspector/scripts/tests/generic/worker-supported-domains.json: Removed.
650
651 2018-11-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
652
653         Consider removing double load for accessing the MetadataTable from LLInt
654         https://bugs.webkit.org/show_bug.cgi?id=190933
655
656         Reviewed by Keith Miller.
657
658         This patch removes double load for accesses to MetadataTable from LLInt.
659         MetadataTable is now specially RefCounted class, which has interesting memory layout.
660         When refcount becomes 0, MetadataTable asks UnlinkedMetadataTable to destroy itself.
661
662         * bytecode/CodeBlock.cpp:
663         (JSC::CodeBlock::finishCreation):
664         (JSC::CodeBlock::estimatedSize):
665         (JSC::CodeBlock::visitChildren):
666         * bytecode/CodeBlock.h:
667         (JSC::CodeBlock::metadata):
668         * bytecode/CodeBlockInlines.h:
669         (JSC::CodeBlock::forEachValueProfile):
670         (JSC::CodeBlock::forEachArrayProfile):
671         (JSC::CodeBlock::forEachArrayAllocationProfile):
672         (JSC::CodeBlock::forEachObjectAllocationProfile):
673         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
674         * bytecode/MetadataTable.cpp:
675         (JSC::MetadataTable::MetadataTable):
676         (JSC::MetadataTable::~MetadataTable):
677         (JSC::MetadataTable::sizeInBytes):
678         * bytecode/MetadataTable.h:
679         (JSC::MetadataTable::get):
680         (JSC::MetadataTable::forEach):
681         (JSC::MetadataTable::ref const):
682         (JSC::MetadataTable::deref const):
683         (JSC::MetadataTable::refCount const):
684         (JSC::MetadataTable::hasOneRef const):
685         (JSC::MetadataTable::buffer):
686         (JSC::MetadataTable::linkingData const):
687         (JSC::MetadataTable::getImpl):
688         * bytecode/UnlinkedMetadataTable.h:
689         (JSC::UnlinkedMetadataTable::buffer const):
690         * bytecode/UnlinkedMetadataTableInlines.h:
691         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
692         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
693         (JSC::UnlinkedMetadataTable::addEntry):
694         (JSC::UnlinkedMetadataTable::sizeInBytes):
695         (JSC::UnlinkedMetadataTable::finalize):
696         (JSC::UnlinkedMetadataTable::link):
697         (JSC::UnlinkedMetadataTable::unlink):
698         * llint/LowLevelInterpreter.asm:
699         * llint/LowLevelInterpreter32_64.asm:
700
701 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
702
703         [BigInt] Add support to BigInt into ValueAdd
704         https://bugs.webkit.org/show_bug.cgi?id=186177
705
706         Reviewed by Keith Miller.
707
708         We are adding a very primitive specialization case of BigInts into ValueAdd.
709         When compiling a speculated version of this node to BigInt, we are currently
710         calling 'operationAddBigInt', a function that expects only BigInts as
711         parameter and effectly add numbers using JSBigInt::add. To properly
712         speculate BigInt operands, we changed ArithProfile to observe when
713         its result is a BigInt. With this new observation, we are able to identify
714         when ValueAdd results into a String or BigInt.
715
716         Here are some numbers for this specialization running
717         microbenchmarks:
718
719         big-int-simple-add                   21.5411+-1.1096  ^  15.3502+-0.7027  ^ definitely 1.4033x faster
720         big-int-add-prediction-propagation   13.7762+-0.5578  ^  10.8117+-0.5330  ^ definitely 1.2742x faster
721
722         * bytecode/ArithProfile.cpp:
723         (JSC::ArithProfile::emitObserveResult):
724         (JSC::ArithProfile::shouldEmitSetNonNumeric const):
725         (JSC::ArithProfile::shouldEmitSetBigInt const):
726         (JSC::ArithProfile::emitSetNonNumeric const):
727         (JSC::ArithProfile::emitSetBigInt const):
728         (WTF::printInternal):
729         (JSC::ArithProfile::shouldEmitSetNonNumber const): Deleted.
730         (JSC::ArithProfile::emitSetNonNumber const): Deleted.
731         * bytecode/ArithProfile.h:
732         (JSC::ArithProfile::observedUnaryInt):
733         (JSC::ArithProfile::observedUnaryNumber):
734         (JSC::ArithProfile::observedBinaryIntInt):
735         (JSC::ArithProfile::observedBinaryNumberInt):
736         (JSC::ArithProfile::observedBinaryIntNumber):
737         (JSC::ArithProfile::observedBinaryNumberNumber):
738         (JSC::ArithProfile::didObserveNonInt32 const):
739         (JSC::ArithProfile::didObserveNonNumeric const):
740         (JSC::ArithProfile::didObserveBigInt const):
741         (JSC::ArithProfile::setObservedNonNumeric):
742         (JSC::ArithProfile::setObservedBigInt):
743         (JSC::ArithProfile::observeResult):
744         (JSC::ArithProfile::didObserveNonNumber const): Deleted.
745         (JSC::ArithProfile::setObservedNonNumber): Deleted.
746         * dfg/DFGByteCodeParser.cpp:
747         (JSC::DFG::ByteCodeParser::makeSafe):
748         * dfg/DFGFixupPhase.cpp:
749         (JSC::DFG::FixupPhase::fixupNode):
750         * dfg/DFGNode.h:
751         (JSC::DFG::Node::mayHaveNonNumericResult):
752         (JSC::DFG::Node::mayHaveBigIntResult):
753         (JSC::DFG::Node::mayHaveNonNumberResult): Deleted.
754         * dfg/DFGNodeFlags.cpp:
755         (JSC::DFG::dumpNodeFlags):
756         * dfg/DFGNodeFlags.h:
757         * dfg/DFGOperations.cpp:
758         * dfg/DFGOperations.h:
759         * dfg/DFGPredictionPropagationPhase.cpp:
760         * dfg/DFGSpeculativeJIT.cpp:
761         (JSC::DFG::SpeculativeJIT::compileValueAdd):
762         * ftl/FTLLowerDFGToB3.cpp:
763         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
764         * runtime/CommonSlowPaths.cpp:
765         (JSC::updateArithProfileForUnaryArithOp):
766         (JSC::updateArithProfileForBinaryArithOp):
767
768 2018-11-07  Joseph Pecoraro  <pecoraro@apple.com>
769
770         Web Inspector: Fix "Javascript" => "JavaScript" enum in protocol generated objects
771         https://bugs.webkit.org/show_bug.cgi?id=191340
772
773         Reviewed by Devin Rousso.
774
775         * inspector/ConsoleMessage.cpp:
776         (Inspector::messageSourceValue):
777         Use new enum name.
778
779         * inspector/scripts/codegen/generator.py:
780         Correct the casing of "JavaScript".
781
782 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
783
784         Align wide opcodes in the instruction stream
785         https://bugs.webkit.org/show_bug.cgi?id=191254
786
787         Reviewed by Keith Miller.
788
789         Pad the bytecode with nops to ensure that wide opcodes are 4-byte
790         aligned on platforms that don't like unaligned memory access.
791
792         For that, add a new type to represent jump targets, BoundLabel, which
793         delays computing the offset in case we need to emit nops for padding.
794         Extra padding is also emitted before op_yield and at the of each
795         BytecodeWriter fragment, to ensure that the bytecode remains aligned
796         after the rewriting.
797
798         As a side effect, we can longer guarantee that the point immediately
799         before emitting an opcode is the start of that opcode, since nops
800         might be emitted in between if the opcode needs to be wide. To fix
801         that, we only take the offset of opcodes after they have been emitted,
802         using `m_lastInstruction.offset()`.
803
804         * bytecode/BytecodeDumper.h:
805         (JSC::BytecodeDumper::dumpValue):
806         * bytecode/BytecodeGeneratorification.cpp:
807         (JSC::BytecodeGeneratorification::run):
808         * bytecode/BytecodeList.rb:
809         * bytecode/BytecodeRewriter.h:
810         (JSC::BytecodeRewriter::Fragment::align):
811         (JSC::BytecodeRewriter::insertFragmentBefore):
812         (JSC::BytecodeRewriter::insertFragmentAfter):
813         * bytecode/Fits.h:
814         * bytecode/InstructionStream.h:
815         (JSC::InstructionStreamWriter::ref):
816         * bytecode/PreciseJumpTargetsInlines.h:
817         (JSC::updateStoredJumpTargetsForInstruction):
818         * bytecompiler/BytecodeGenerator.cpp:
819         (JSC::Label::setLocation):
820         (JSC::BoundLabel::target):
821         (JSC::BoundLabel::saveTarget):
822         (JSC::BoundLabel::commitTarget):
823         (JSC::BytecodeGenerator::generate):
824         (JSC::BytecodeGenerator::recordOpcode):
825         (JSC::BytecodeGenerator::alignWideOpcode):
826         (JSC::BytecodeGenerator::emitProfileControlFlow):
827         (JSC::BytecodeGenerator::emitResolveScope):
828         (JSC::BytecodeGenerator::emitGetFromScope):
829         (JSC::BytecodeGenerator::emitPutToScope):
830         (JSC::BytecodeGenerator::emitGetById):
831         (JSC::BytecodeGenerator::emitDirectGetById):
832         (JSC::BytecodeGenerator::emitPutById):
833         (JSC::BytecodeGenerator::emitDirectPutById):
834         (JSC::BytecodeGenerator::emitGetByVal):
835         (JSC::BytecodeGenerator::emitCreateThis):
836         (JSC::BytecodeGenerator::beginSwitch):
837         (JSC::BytecodeGenerator::endSwitch):
838         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
839         (JSC::BytecodeGenerator::emitYieldPoint):
840         (JSC::BytecodeGenerator::emitToThis):
841         (JSC::Label::bind): Deleted.
842         * bytecompiler/BytecodeGenerator.h:
843         (JSC::BytecodeGenerator::recordOpcode): Deleted.
844         * bytecompiler/Label.h:
845         (JSC::BoundLabel::BoundLabel):
846         (JSC::BoundLabel::operator int):
847         (JSC::Label::bind):
848         * generator/Opcode.rb:
849
850 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
851
852         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
853         https://bugs.webkit.org/show_bug.cgi?id=191184
854
855         Reviewed by Saam Barati.
856
857         Fix API test on CLoop: we can only disable the LLInt when the JIT is enabled.
858
859         * API/tests/PingPongStackOverflowTest.cpp:
860         (testPingPongStackOverflow):
861
862 2018-11-06  Justin Fan  <justin_fan@apple.com>
863
864         [WebGPU] Experimental prototype for WebGPURenderPipeline and WebGPUSwapChain
865         https://bugs.webkit.org/show_bug.cgi?id=191291
866
867         Reviewed by Myles Maxfield.
868
869         Properly disable WEBGPU on all non-Metal platforms for now.
870
871         * Configurations/FeatureDefines.xcconfig:
872
873 2018-11-06  Keith Rollin  <krollin@apple.com>
874
875         Adjust handling of Include paths that need quoting
876         https://bugs.webkit.org/show_bug.cgi?id=191314
877         <rdar://problem/45849143>
878
879         Reviewed by Dan Bernstein.
880
881         There are several places in the JavaScriptCore Xcode project where the
882         paths defined in HEADER_SEARCH_PATHS are quoted. That is, the
883         definitions look like:
884
885             HEADER_SEARCH_PATHS = (
886                 "\"${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore\"",
887                 "\"${BUILT_PRODUCTS_DIR}/LLIntOffsets/${ARCHS}\"",
888                 "\"$(JAVASCRIPTCORE_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders\"",
889                 "$(inherited)",
890             );
891
892         The idea here is presumably to have the resulting $(CPP) command have
893         -I options where the associated paths are themselves quoted,
894         protecting against space characters in the paths.
895
896         This approach to quote management can break under Xcode 9. If
897         .xcfilelist files are added to the project, the 'objectVersion' value
898         in the Xcode project file is changed from 46 to 51. If a project with
899         objectVersion=51 is presented to Xcode 9 (as can happen when we build
900         for older OS's), it produces build lines where the quotes are escaped,
901         thereby becoming part of the path. The build then fails because a
902         search for a file normally found in a directory called "Foo" will be
903         looked for in "\"Foo\"", which doesn't exist.
904
905         Simply removing the escaped quotes from the HEADER_SEARCH_PATHS
906         definition doesn't work, leading to paths that need quoting due to
907         space characters but that don't get this quoting (the part of the path
908         after the space appears to simply go missing).
909
910         Removing the escaped quotes from the HEADER_SEARCH_PATHS and moving
911         the definitions to the .xcconfig fixes this problem.
912
913         * Configurations/ToolExecutable.xcconfig:
914         * JavaScriptCore.xcodeproj/project.pbxproj:
915
916 2018-11-06  Michael Saboff  <msaboff@apple.com>
917
918         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
919         https://bugs.webkit.org/show_bug.cgi?id=191271
920
921         Reviewed by Saam Barati.
922
923         Fixed use of ThrowScope my adding release() calls.  Found a few places where we needed
924         RETURN_IF_EXCEPTION().  After some code inspections determined that we need to cover the
925         exception bubbling for String.match() with a global RegExp as well as String.replace()
926         and String.search().
927
928         * runtime/RegExpObjectInlines.h:
929         (JSC::RegExpObject::matchInline):
930         (JSC::collectMatches):
931         * runtime/RegExpPrototype.cpp:
932         (JSC::regExpProtoFuncSearchFast):
933         * runtime/StringPrototype.cpp:
934         (JSC::removeUsingRegExpSearch):
935         (JSC::replaceUsingRegExpSearch):
936
937 2018-11-05  Don Olmstead  <don.olmstead@sony.com>
938
939         Fix typos in closing ENABLE guards
940         https://bugs.webkit.org/show_bug.cgi?id=191273
941
942         Reviewed by Keith Miller.
943
944         * ftl/FTLForOSREntryJITCode.h:
945         * ftl/FTLJITCode.h:
946         * jsc.cpp:
947         * wasm/WasmMemoryInformation.h:
948         * wasm/WasmPageCount.h:
949
950 2018-11-05  Keith Miller  <keith_miller@apple.com>
951
952         Make static_asserts in APICast into bitwise_cast
953         https://bugs.webkit.org/show_bug.cgi?id=191272
954
955         Reviewed by Filip Pizlo.
956
957         * API/APICast.h:
958         (toJS):
959         (toJSForGC):
960         (toRef):
961
962 2018-11-05  Dominik Infuehr  <dinfuehr@igalia.com>
963
964         Enable LLInt on ARMv7/Linux
965         https://bugs.webkit.org/show_bug.cgi?id=191190
966
967         Reviewed by Yusuke Suzuki.
968
969         After enabling the new bytecode format in r237547, C_LOOP was
970         forced on all 32-bit platforms. Now enable LLInt again on
971         ARMv7-Thumb2/Linux.
972
973         This adds a callee-saved register in ARMv7/Linux for the metadataTable and
974         stores/restores it on LLInt function calls. It also introduces the globaladdr-
975         instruction for the ARM-offlineasm to access the opcode-table.
976
977         * jit/GPRInfo.h:
978         * jit/RegisterSet.cpp:
979         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
980         * llint/LowLevelInterpreter.asm:
981         * llint/LowLevelInterpreter32_64.asm:
982         * offlineasm/arm.rb:
983         * offlineasm/asm.rb:
984         * offlineasm/instructions.rb:
985
986 2018-11-05  Fujii Hironori  <Hironori.Fujii@sony.com>
987
988         [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class"
989         https://bugs.webkit.org/show_bug.cgi?id=191146
990
991         Reviewed by Yusuke Suzuki.
992
993         * jit/JIT.h: Changed is64BitType from a template class method to a
994         template inner class.
995
996 2018-11-02  Keith Miller  <keith_miller@apple.com>
997
998         Assert JSValues can fit into a pointer when API casting
999         https://bugs.webkit.org/show_bug.cgi?id=191220
1000
1001         Reviewed by Michael Saboff.
1002
1003         * API/APICast.h:
1004         (toJS):
1005         (toJSForGC):
1006         (toRef):
1007
1008 2018-11-02  Michael Saboff  <msaboff@apple.com>
1009
1010         Rolling in r237753 with unreviewed build fix.
1011
1012         Fixed issues with DECLARE_THROW_SCOPE placement.
1013
1014 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
1015
1016         Unreviewed, rolling out r237753.
1017
1018         Introduced JSC test failures
1019
1020         Reverted changeset:
1021
1022         "Running out of stack space not properly handled in
1023         RegExp::compile() and its callers"
1024         https://bugs.webkit.org/show_bug.cgi?id=191206
1025         https://trac.webkit.org/changeset/237753
1026
1027 2018-11-02  Michael Saboff  <msaboff@apple.com>
1028
1029         Running out of stack space not properly handled in RegExp::compile() and its callers
1030         https://bugs.webkit.org/show_bug.cgi?id=191206
1031
1032         Reviewed by Filip Pizlo.
1033
1034         Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
1035         up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
1036         to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.
1037
1038         * runtime/RegExp.cpp:
1039         (JSC::RegExp::compile):
1040         (JSC::RegExp::compileMatchOnly):
1041         * runtime/RegExp.h:
1042         * runtime/RegExpInlines.h:
1043         (JSC::RegExp::compileIfNecessary):
1044         (JSC::RegExp::matchInline):
1045         (JSC::RegExp::compileIfNecessaryMatchOnly):
1046         * runtime/RegExpObjectInlines.h:
1047         (JSC::RegExpObject::execInline):
1048         * yarr/YarrErrorCode.h:
1049         (JSC::Yarr::hasHardError):
1050
1051 2018-11-02  Keith Miller  <keith_miller@apple.com>
1052
1053         API should use wrapper object if address is 32-bit
1054         https://bugs.webkit.org/show_bug.cgi?id=191203
1055
1056         Reviewed by Filip Pizlo.
1057
1058         * API/APICast.h:
1059         (toJS):
1060         (toJSForGC):
1061         (toRef):
1062
1063 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
1064
1065         Metadata should not be copyable
1066         https://bugs.webkit.org/show_bug.cgi?id=191193
1067
1068         Reviewed by Keith Miller.
1069
1070         We should only ever hold references to the entry in the metadata table.
1071
1072         * bytecode/CodeBlock.cpp:
1073         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1074         * dfg/DFGByteCodeParser.cpp:
1075         (JSC::DFG::ByteCodeParser::parseBlock):
1076         * generator/Metadata.rb:
1077
1078 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
1079
1080         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
1081         https://bugs.webkit.org/show_bug.cgi?id=191175
1082
1083         Reviewed by Keith Miller.
1084
1085         https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled
1086
1087         * jit/JITExceptions.cpp:
1088         (JSC::genericUnwind):
1089         * llint/LLIntData.h:
1090         (JSC::LLInt::getWideCodePtr):
1091
1092 2018-11-01  Fujii Hironori  <Hironori.Fujii@sony.com>
1093
1094         Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h
1095         https://bugs.webkit.org/show_bug.cgi?id=189693
1096
1097         Reviewed by Yusuke Suzuki.
1098
1099         * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>.
1100         * API/JSStringRef.cpp: Ditto.
1101         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
1102         * wasm/WasmParser.h: Ditto.
1103
1104 2018-11-01  Keith Miller  <keith_miller@apple.com>
1105
1106         Unreviewed, JavaScriptCore should only guarantee to produce a
1107         modulemap if we are building for iOSMac.
1108
1109         * Configurations/JavaScriptCore.xcconfig:
1110
1111 2018-10-31  Devin Rousso  <drousso@apple.com>
1112
1113         Web Inspector: Canvas: create a setting for auto-recording newly created contexts
1114         https://bugs.webkit.org/show_bug.cgi?id=190856
1115
1116         Reviewed by Brian Burg.
1117
1118         * inspector/protocol/Canvas.json:
1119         Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record
1120         immediately after a context is created.
1121
1122         * inspector/protocol/Recording.json:
1123         Add `creation` value for `Initiator` enum.
1124
1125 2018-10-31  Devin Rousso  <drousso@apple.com>
1126
1127         Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls
1128         https://bugs.webkit.org/show_bug.cgi?id=190641
1129         <rdar://problem/45319049>
1130
1131         Reviewed by Joseph Pecoraro.
1132
1133         * inspector/protocol/DOM.json:
1134         Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine
1135         whether a video element's low power state has changed.
1136
1137 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1138
1139         Adjust inlining threshold for new bytecode format
1140         https://bugs.webkit.org/show_bug.cgi?id=191115
1141
1142         Reviewed by Saam Barati.
1143
1144         The new format reduced the number of operands for many opcodes, which
1145         changed inlining decisions and impacted performance negatively.
1146
1147         * runtime/Options.h:
1148
1149 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1150
1151         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
1152         https://bugs.webkit.org/show_bug.cgi?id=191108
1153         <rdar://problem/45690700>
1154
1155         Reviewed by Saam Barati.
1156
1157         When linking the handler, we need to check whether the target op_catch is
1158         wide or narrow in order to chose the right code pointer for the handler.
1159
1160         * bytecode/CodeBlock.cpp:
1161         (JSC::CodeBlock::finishCreation):
1162
1163 2018-10-31  Dominik Infuehr  <dinfuehr@igalia.com>
1164
1165         Align entries in metadata table
1166         https://bugs.webkit.org/show_bug.cgi?id=191062
1167
1168         Reviewed by Filip Pizlo.
1169
1170         Entries in the metadata table need to be aligned on some 32-bit
1171         architectures.
1172
1173         * bytecode/MetadataTable.h:
1174         (JSC::MetadataTable::forEach):
1175         * bytecode/Opcode.cpp:
1176         (JSC::metadataAlignment):
1177         * bytecode/Opcode.h:
1178         * bytecode/UnlinkedMetadataTableInlines.h:
1179         (JSC::UnlinkedMetadataTable::finalize):
1180         * generator/Section.rb:
1181
1182 2018-10-31  Jim Mason  <jmason@ibinx.com>
1183
1184         Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp
1185         https://bugs.webkit.org/show_bug.cgi?id=191063
1186
1187         Reviewed by Yusuke Suzuki.
1188
1189         * wasm/WasmFaultSignalHandler.cpp:
1190
1191 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1192
1193         [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions
1194         https://bugs.webkit.org/show_bug.cgi?id=191092
1195
1196         Reviewed by Saam Barati.
1197
1198         Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the
1199         following things to tighten LLInt ASM code.
1200
1201         1. Remove unnecessary load instructions. Use jmp with BaseIndex directly.
1202         2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical
1203         since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is
1204         a power of two, we convert it to lshift instruction.
1205
1206         * llint/LowLevelInterpreter32_64.asm:
1207         * llint/LowLevelInterpreter64.asm:
1208         * offlineasm/arm64.rb:
1209         * offlineasm/instructions.rb:
1210         * offlineasm/x86.rb:
1211
1212 2018-10-30  Don Olmstead  <don.olmstead@sony.com>
1213
1214         [PlayStation] Enable JavaScriptCore
1215         https://bugs.webkit.org/show_bug.cgi?id=191072
1216
1217         Reviewed by Brent Fulgham.
1218
1219         Add platform files for the PlayStation port.
1220
1221         * PlatformPlayStation.cmake: Added.
1222
1223 2018-10-30  Alexey Proskuryakov  <ap@apple.com>
1224
1225         Clean up some obsolete MAX_ALLOWED macros
1226         https://bugs.webkit.org/show_bug.cgi?id=190916
1227
1228         Reviewed by Tim Horton.
1229
1230         * API/JSManagedValue.mm:
1231         * API/JSVirtualMachine.mm:
1232         * API/JSWrapperMap.mm:
1233
1234 2018-10-30  Ross Kirsling  <ross.kirsling@sony.com>
1235
1236         useProbeOSRExit causes failures for Win64 DFG JIT
1237         https://bugs.webkit.org/show_bug.cgi?id=190656
1238
1239         Reviewed by Keith Miller.
1240
1241         * assembler/ProbeContext.cpp:
1242         (JSC::Probe::executeProbe):
1243         If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
1244         then let's just call lowWatermarkFromVisitingDirtyPages instead.
1245
1246         * dfg/DFGOSRExit.cpp:
1247         (JSC::DFG::OSRExit::executeOSRExit):
1248         The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
1249         mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
1250         (Also, stop redundantly setting the stack pointer twice in a row.)
1251
1252 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1253
1254         "Unreviewed, partial rolling in r237254"
1255         https://bugs.webkit.org/show_bug.cgi?id=190340
1256
1257         This only adds Parser.{cpp,h}. And it is not used in this patch.
1258         It examines that the regression is related to exact Parser changes.
1259
1260         * parser/Parser.cpp:
1261         (JSC::Parser<LexerType>::parseInner):
1262         (JSC::Parser<LexerType>::parseSingleFunction):
1263         (JSC::Parser<LexerType>::parseFunctionInfo):
1264         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1265         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
1266         * parser/Parser.h:
1267         (JSC::Parser<LexerType>::parse):
1268         (JSC::parse):
1269         (JSC::parseFunctionForFunctionConstructor):
1270
1271 2018-10-29  Mark Lam  <mark.lam@apple.com>
1272
1273         Correctly detect string overflow when using the 'Function' constructor.
1274         https://bugs.webkit.org/show_bug.cgi?id=184883
1275         <rdar://problem/36320331>
1276
1277         Reviewed by Saam Barati.
1278
1279         Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if
1280         we detect an overflow.
1281
1282         * runtime/FunctionConstructor.cpp:
1283         (JSC::constructFunctionSkippingEvalEnabledCheck):
1284         * runtime/JSGlobalObjectFunctions.cpp:
1285         (JSC::encode):
1286         (JSC::decode):
1287         * runtime/JSONObject.cpp:
1288         (JSC::Stringifier::stringify):
1289         (JSC::Stringifier::appendStringifiedValue):
1290
1291 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1292
1293         Unreviewed, fix JSC on arm64e after r237547
1294         https://bugs.webkit.org/show_bug.cgi?id=187373
1295
1296         Unreviewed.
1297
1298         Remove unused move guarded by POINTER_PROFILING that was trashing the
1299         metadata on arm64e.
1300
1301         * llint/LowLevelInterpreter64.asm:
1302
1303 2018-10-29  Keith Miller  <keith_miller@apple.com>
1304
1305         JSC should explicitly list its modulemap file
1306         https://bugs.webkit.org/show_bug.cgi?id=191032
1307
1308         Reviewed by Saam Barati.
1309
1310         The automagically generated module map file for JSC will
1311         include headers where they may not work out of the box.
1312         This patch makes it so we now export the same modulemap
1313         that used to be provided via the legacy system.
1314
1315         * Configurations/JavaScriptCore.xcconfig:
1316         * JavaScriptCore.modulemap: Added.
1317         * JavaScriptCore.xcodeproj/project.pbxproj:
1318
1319 2018-10-29  Tim Horton  <timothy_horton@apple.com>
1320
1321         Modernize WebKit nibs and lprojs for localization's sake
1322         https://bugs.webkit.org/show_bug.cgi?id=190911
1323         <rdar://problem/45349466>
1324
1325         Reviewed by Dan Bernstein.
1326
1327         * JavaScriptCore.xcodeproj/project.pbxproj:
1328         English->en
1329
1330 2018-10-29  Commit Queue  <commit-queue@webkit.org>
1331
1332         Unreviewed, rolling out r237492.
1333         https://bugs.webkit.org/show_bug.cgi?id=191035
1334
1335         "It regresses JetStream 2 by 5% on some iOS devices"
1336         (Requested by saamyjoon on #webkit).
1337
1338         Reverted changeset:
1339
1340         "Unreviewed, partial rolling in r237254"
1341         https://bugs.webkit.org/show_bug.cgi?id=190340
1342         https://trac.webkit.org/changeset/237492
1343
1344 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1345
1346         Add support for GetStack FlushedDouble
1347         https://bugs.webkit.org/show_bug.cgi?id=191012
1348         <rdar://problem/45265141>
1349
1350         Reviewed by Saam Barati.
1351
1352         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
1353         for doubles, but it turns out it may arise from the PutStack sinking
1354         phase: if we sink a PutStack into a successor block, other predecessors
1355         will emit a GetStack followed by a Upsilon.
1356
1357         * ftl/FTLLowerDFGToB3.cpp:
1358         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
1359
1360 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1361
1362         New bytecode format for JSC
1363         https://bugs.webkit.org/show_bug.cgi?id=187373
1364         <rdar://problem/44186758>
1365
1366         Reviewed by Filip Pizlo.
1367
1368         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
1369         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
1370         operands) and might contain an extra operand, the metadataID. The metadataID is used to
1371         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
1372
1373         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
1374         and types to all its operands. Additionally, reading a bytecode from the instruction stream
1375         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
1376         operands directly from the stream.
1377
1378
1379         * CMakeLists.txt:
1380         * DerivedSources.make:
1381         * JavaScriptCore.xcodeproj/project.pbxproj:
1382         * Sources.txt:
1383         * assembler/MacroAssemblerCodeRef.h:
1384         (JSC::ReturnAddressPtr::ReturnAddressPtr):
1385         (JSC::ReturnAddressPtr::value const):
1386         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
1387         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
1388         * bytecode/ArithProfile.h:
1389         (JSC::ArithProfile::ArithProfile):
1390         * bytecode/ArrayAllocationProfile.h:
1391         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
1392         * bytecode/ArrayProfile.h:
1393         * bytecode/BytecodeBasicBlock.cpp:
1394         (JSC::isJumpTarget):
1395         (JSC::BytecodeBasicBlock::computeImpl):
1396         (JSC::BytecodeBasicBlock::compute):
1397         * bytecode/BytecodeBasicBlock.h:
1398         (JSC::BytecodeBasicBlock::leaderOffset const):
1399         (JSC::BytecodeBasicBlock::totalLength const):
1400         (JSC::BytecodeBasicBlock::offsets const):
1401         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
1402         (JSC::BytecodeBasicBlock::addLength):
1403         * bytecode/BytecodeDumper.cpp:
1404         (JSC::BytecodeDumper<Block>::printLocationAndOp):
1405         (JSC::BytecodeDumper<Block>::dumpBytecode):
1406         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
1407         (JSC::BytecodeDumper<Block>::dumpConstants):
1408         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
1409         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
1410         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
1411         (JSC::BytecodeDumper<Block>::dumpBlock):
1412         * bytecode/BytecodeDumper.h:
1413         (JSC::BytecodeDumper::dumpOperand):
1414         (JSC::BytecodeDumper::dumpValue):
1415         (JSC::BytecodeDumper::BytecodeDumper):
1416         (JSC::BytecodeDumper::block const):
1417         * bytecode/BytecodeGeneratorification.cpp:
1418         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
1419         (JSC::BytecodeGeneratorification::enterPoint const):
1420         (JSC::BytecodeGeneratorification::instructions const):
1421         (JSC::GeneratorLivenessAnalysis::run):
1422         (JSC::BytecodeGeneratorification::run):
1423         (JSC::performGeneratorification):
1424         * bytecode/BytecodeGeneratorification.h:
1425         * bytecode/BytecodeGraph.h:
1426         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
1427         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
1428         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
1429         (JSC::BytecodeGraph::BytecodeGraph):
1430         * bytecode/BytecodeKills.h:
1431         * bytecode/BytecodeList.json: Removed.
1432         * bytecode/BytecodeList.rb: Added.
1433         * bytecode/BytecodeLivenessAnalysis.cpp:
1434         (JSC::BytecodeLivenessAnalysis::dumpResults):
1435         * bytecode/BytecodeLivenessAnalysis.h:
1436         * bytecode/BytecodeLivenessAnalysisInlines.h:
1437         (JSC::isValidRegisterForLiveness):
1438         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
1439         * bytecode/BytecodeRewriter.cpp:
1440         (JSC::BytecodeRewriter::applyModification):
1441         (JSC::BytecodeRewriter::execute):
1442         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
1443         (JSC::BytecodeRewriter::insertImpl):
1444         (JSC::BytecodeRewriter::adjustJumpTarget):
1445         (JSC::BytecodeRewriter::adjustJumpTargets):
1446         * bytecode/BytecodeRewriter.h:
1447         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
1448         (JSC::BytecodeRewriter::Fragment::Fragment):
1449         (JSC::BytecodeRewriter::Fragment::appendInstruction):
1450         (JSC::BytecodeRewriter::BytecodeRewriter):
1451         (JSC::BytecodeRewriter::insertFragmentBefore):
1452         (JSC::BytecodeRewriter::insertFragmentAfter):
1453         (JSC::BytecodeRewriter::removeBytecode):
1454         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
1455         (JSC::BytecodeRewriter::adjustJumpTarget):
1456         * bytecode/BytecodeUseDef.h:
1457         (JSC::computeUsesForBytecodeOffset):
1458         (JSC::computeDefsForBytecodeOffset):
1459         * bytecode/CallLinkStatus.cpp:
1460         (JSC::CallLinkStatus::computeFromLLInt):
1461         * bytecode/CodeBlock.cpp:
1462         (JSC::CodeBlock::dumpBytecode):
1463         (JSC::CodeBlock::CodeBlock):
1464         (JSC::CodeBlock::finishCreation):
1465         (JSC::CodeBlock::estimatedSize):
1466         (JSC::CodeBlock::visitChildren):
1467         (JSC::CodeBlock::propagateTransitions):
1468         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1469         (JSC::CodeBlock::addJITAddIC):
1470         (JSC::CodeBlock::addJITMulIC):
1471         (JSC::CodeBlock::addJITSubIC):
1472         (JSC::CodeBlock::addJITNegIC):
1473         (JSC::CodeBlock::stronglyVisitStrongReferences):
1474         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
1475         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
1476         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
1477         (JSC::CodeBlock::getArrayProfile):
1478         (JSC::CodeBlock::updateAllArrayPredictions):
1479         (JSC::CodeBlock::predictedMachineCodeSize):
1480         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
1481         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
1482         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1483         (JSC::CodeBlock::validate):
1484         (JSC::CodeBlock::outOfLineJumpOffset):
1485         (JSC::CodeBlock::outOfLineJumpTarget):
1486         (JSC::CodeBlock::arithProfileForBytecodeOffset):
1487         (JSC::CodeBlock::arithProfileForPC):
1488         (JSC::CodeBlock::couldTakeSpecialFastCase):
1489         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1490         * bytecode/CodeBlock.h:
1491         (JSC::CodeBlock::addMathIC):
1492         (JSC::CodeBlock::outOfLineJumpOffset):
1493         (JSC::CodeBlock::bytecodeOffset):
1494         (JSC::CodeBlock::instructions const):
1495         (JSC::CodeBlock::instructionCount const):
1496         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1497         (JSC::CodeBlock::metadata):
1498         (JSC::CodeBlock::metadataSizeInBytes):
1499         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
1500         (JSC::CodeBlock::totalNumberOfValueProfiles):
1501         * bytecode/CodeBlockInlines.h: Added.
1502         (JSC::CodeBlock::forEachValueProfile):
1503         (JSC::CodeBlock::forEachArrayProfile):
1504         (JSC::CodeBlock::forEachArrayAllocationProfile):
1505         (JSC::CodeBlock::forEachObjectAllocationProfile):
1506         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
1507         * bytecode/Fits.h: Added.
1508         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1509         * bytecode/GetByIdStatus.cpp:
1510         (JSC::GetByIdStatus::computeFromLLInt):
1511         * bytecode/Instruction.h:
1512         (JSC::Instruction::Instruction):
1513         (JSC::Instruction::Impl::opcodeID const):
1514         (JSC::Instruction::opcodeID const):
1515         (JSC::Instruction::name const):
1516         (JSC::Instruction::isWide const):
1517         (JSC::Instruction::size const):
1518         (JSC::Instruction::is const):
1519         (JSC::Instruction::as const):
1520         (JSC::Instruction::cast):
1521         (JSC::Instruction::cast const):
1522         (JSC::Instruction::narrow const):
1523         (JSC::Instruction::wide const):
1524         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1525         (JSC::InstructionStream::InstructionStream):
1526         (JSC::InstructionStream::sizeInBytes const):
1527         * bytecode/InstructionStream.h: Added.
1528         (JSC::InstructionStream::BaseRef::BaseRef):
1529         (JSC::InstructionStream::BaseRef::operator=):
1530         (JSC::InstructionStream::BaseRef::operator-> const):
1531         (JSC::InstructionStream::BaseRef::ptr const):
1532         (JSC::InstructionStream::BaseRef::operator!= const):
1533         (JSC::InstructionStream::BaseRef::next const):
1534         (JSC::InstructionStream::BaseRef::offset const):
1535         (JSC::InstructionStream::BaseRef::isValid const):
1536         (JSC::InstructionStream::BaseRef::unwrap const):
1537         (JSC::InstructionStream::MutableRef::freeze const):
1538         (JSC::InstructionStream::MutableRef::operator->):
1539         (JSC::InstructionStream::MutableRef::ptr):
1540         (JSC::InstructionStream::MutableRef::operator Ref):
1541         (JSC::InstructionStream::MutableRef::unwrap):
1542         (JSC::InstructionStream::iterator::operator*):
1543         (JSC::InstructionStream::iterator::operator++):
1544         (JSC::InstructionStream::begin const):
1545         (JSC::InstructionStream::end const):
1546         (JSC::InstructionStream::at const):
1547         (JSC::InstructionStream::size const):
1548         (JSC::InstructionStreamWriter::InstructionStreamWriter):
1549         (JSC::InstructionStreamWriter::ref):
1550         (JSC::InstructionStreamWriter::seek):
1551         (JSC::InstructionStreamWriter::position):
1552         (JSC::InstructionStreamWriter::write):
1553         (JSC::InstructionStreamWriter::rewind):
1554         (JSC::InstructionStreamWriter::finalize):
1555         (JSC::InstructionStreamWriter::swap):
1556         (JSC::InstructionStreamWriter::iterator::operator*):
1557         (JSC::InstructionStreamWriter::iterator::operator++):
1558         (JSC::InstructionStreamWriter::begin):
1559         (JSC::InstructionStreamWriter::end):
1560         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
1561         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
1562         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
1563         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
1564         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
1565         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1566         (JSC::MetadataTable::MetadataTable):
1567         (JSC::DeallocTable::withOpcodeType):
1568         (JSC::MetadataTable::~MetadataTable):
1569         (JSC::MetadataTable::sizeInBytes):
1570         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
1571         (JSC::MetadataTable::get):
1572         (JSC::MetadataTable::forEach):
1573         (JSC::MetadataTable::getImpl):
1574         * bytecode/Opcode.cpp:
1575         (JSC::metadataSize):
1576         * bytecode/Opcode.h:
1577         (JSC::padOpcodeName):
1578         * bytecode/OpcodeInlines.h:
1579         (JSC::isOpcodeShape):
1580         (JSC::getOpcodeType):
1581         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1582         * bytecode/PreciseJumpTargets.cpp:
1583         (JSC::getJumpTargetsForInstruction):
1584         (JSC::computePreciseJumpTargetsInternal):
1585         (JSC::computePreciseJumpTargets):
1586         (JSC::recomputePreciseJumpTargets):
1587         (JSC::findJumpTargetsForInstruction):
1588         * bytecode/PreciseJumpTargets.h:
1589         * bytecode/PreciseJumpTargetsInlines.h:
1590         (JSC::jumpTargetForInstruction):
1591         (JSC::extractStoredJumpTargetsForInstruction):
1592         (JSC::updateStoredJumpTargetsForInstruction):
1593         * bytecode/PutByIdStatus.cpp:
1594         (JSC::PutByIdStatus::computeFromLLInt):
1595         * bytecode/SpecialPointer.cpp:
1596         (WTF::printInternal):
1597         * bytecode/SpecialPointer.h:
1598         * bytecode/UnlinkedCodeBlock.cpp:
1599         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1600         (JSC::UnlinkedCodeBlock::visitChildren):
1601         (JSC::UnlinkedCodeBlock::estimatedSize):
1602         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1603         (JSC::dumpLineColumnEntry):
1604         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
1605         (JSC::UnlinkedCodeBlock::setInstructions):
1606         (JSC::UnlinkedCodeBlock::instructions const):
1607         (JSC::UnlinkedCodeBlock::applyModification):
1608         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
1609         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1610         * bytecode/UnlinkedCodeBlock.h:
1611         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
1612         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
1613         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
1614         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
1615         (JSC::UnlinkedCodeBlock::metadata):
1616         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
1617         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1618         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
1619         * bytecode/UnlinkedInstructionStream.cpp: Removed.
1620         * bytecode/UnlinkedInstructionStream.h: Removed.
1621         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1622         * bytecode/UnlinkedMetadataTableInlines.h: Added.
1623         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1624         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
1625         (JSC::UnlinkedMetadataTable::addEntry):
1626         (JSC::UnlinkedMetadataTable::sizeInBytes):
1627         (JSC::UnlinkedMetadataTable::finalize):
1628         (JSC::UnlinkedMetadataTable::link):
1629         (JSC::UnlinkedMetadataTable::unlink):
1630         * bytecode/VirtualRegister.cpp:
1631         (JSC::VirtualRegister::VirtualRegister):
1632         * bytecode/VirtualRegister.h:
1633         * bytecompiler/BytecodeGenerator.cpp:
1634         (JSC::Label::setLocation):
1635         (JSC::Label::bind):
1636         (JSC::BytecodeGenerator::generate):
1637         (JSC::BytecodeGenerator::BytecodeGenerator):
1638         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
1639         (JSC::BytecodeGenerator::emitEnter):
1640         (JSC::BytecodeGenerator::emitLoopHint):
1641         (JSC::BytecodeGenerator::emitJump):
1642         (JSC::BytecodeGenerator::emitCheckTraps):
1643         (JSC::BytecodeGenerator::rewind):
1644         (JSC::BytecodeGenerator::fuseCompareAndJump):
1645         (JSC::BytecodeGenerator::fuseTestAndJmp):
1646         (JSC::BytecodeGenerator::emitJumpIfTrue):
1647         (JSC::BytecodeGenerator::emitJumpIfFalse):
1648         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1649         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1650         (JSC::BytecodeGenerator::moveLinkTimeConstant):
1651         (JSC::BytecodeGenerator::moveEmptyValue):
1652         (JSC::BytecodeGenerator::emitMove):
1653         (JSC::BytecodeGenerator::emitUnaryOp):
1654         (JSC::BytecodeGenerator::emitBinaryOp):
1655         (JSC::BytecodeGenerator::emitToObject):
1656         (JSC::BytecodeGenerator::emitToNumber):
1657         (JSC::BytecodeGenerator::emitToString):
1658         (JSC::BytecodeGenerator::emitTypeOf):
1659         (JSC::BytecodeGenerator::emitInc):
1660         (JSC::BytecodeGenerator::emitDec):
1661         (JSC::BytecodeGenerator::emitEqualityOp):
1662         (JSC::BytecodeGenerator::emitProfileType):
1663         (JSC::BytecodeGenerator::emitProfileControlFlow):
1664         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1665         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
1666         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1667         (JSC::BytecodeGenerator::emitOverridesHasInstance):
1668         (JSC::BytecodeGenerator::emitResolveScope):
1669         (JSC::BytecodeGenerator::emitGetFromScope):
1670         (JSC::BytecodeGenerator::emitPutToScope):
1671         (JSC::BytecodeGenerator::emitInstanceOf):
1672         (JSC::BytecodeGenerator::emitInstanceOfCustom):
1673         (JSC::BytecodeGenerator::emitInByVal):
1674         (JSC::BytecodeGenerator::emitInById):
1675         (JSC::BytecodeGenerator::emitTryGetById):
1676         (JSC::BytecodeGenerator::emitGetById):
1677         (JSC::BytecodeGenerator::emitDirectGetById):
1678         (JSC::BytecodeGenerator::emitPutById):
1679         (JSC::BytecodeGenerator::emitDirectPutById):
1680         (JSC::BytecodeGenerator::emitPutGetterById):
1681         (JSC::BytecodeGenerator::emitPutSetterById):
1682         (JSC::BytecodeGenerator::emitPutGetterSetter):
1683         (JSC::BytecodeGenerator::emitPutGetterByVal):
1684         (JSC::BytecodeGenerator::emitPutSetterByVal):
1685         (JSC::BytecodeGenerator::emitDeleteById):
1686         (JSC::BytecodeGenerator::emitGetByVal):
1687         (JSC::BytecodeGenerator::emitPutByVal):
1688         (JSC::BytecodeGenerator::emitDirectPutByVal):
1689         (JSC::BytecodeGenerator::emitDeleteByVal):
1690         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
1691         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
1692         (JSC::BytecodeGenerator::emitIdWithProfile):
1693         (JSC::BytecodeGenerator::emitUnreachable):
1694         (JSC::BytecodeGenerator::emitGetArgument):
1695         (JSC::BytecodeGenerator::emitCreateThis):
1696         (JSC::BytecodeGenerator::emitTDZCheck):
1697         (JSC::BytecodeGenerator::emitNewObject):
1698         (JSC::BytecodeGenerator::emitNewArrayBuffer):
1699         (JSC::BytecodeGenerator::emitNewArray):
1700         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
1701         (JSC::BytecodeGenerator::emitNewArrayWithSize):
1702         (JSC::BytecodeGenerator::emitNewRegExp):
1703         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1704         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
1705         (JSC::BytecodeGenerator::emitNewFunction):
1706         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
1707         (JSC::BytecodeGenerator::emitCall):
1708         (JSC::BytecodeGenerator::emitCallInTailPosition):
1709         (JSC::BytecodeGenerator::emitCallEval):
1710         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
1711         (JSC::BytecodeGenerator::emitCallVarargs):
1712         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
1713         (JSC::BytecodeGenerator::emitConstructVarargs):
1714         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
1715         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
1716         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
1717         (JSC::BytecodeGenerator::emitCallDefineProperty):
1718         (JSC::BytecodeGenerator::emitReturn):
1719         (JSC::BytecodeGenerator::emitEnd):
1720         (JSC::BytecodeGenerator::emitConstruct):
1721         (JSC::BytecodeGenerator::emitStrcat):
1722         (JSC::BytecodeGenerator::emitToPrimitive):
1723         (JSC::BytecodeGenerator::emitGetScope):
1724         (JSC::BytecodeGenerator::emitPushWithScope):
1725         (JSC::BytecodeGenerator::emitGetParentScope):
1726         (JSC::BytecodeGenerator::emitDebugHook):
1727         (JSC::BytecodeGenerator::emitCatch):
1728         (JSC::BytecodeGenerator::emitThrow):
1729         (JSC::BytecodeGenerator::emitArgumentCount):
1730         (JSC::BytecodeGenerator::emitThrowStaticError):
1731         (JSC::BytecodeGenerator::beginSwitch):
1732         (JSC::prepareJumpTableForSwitch):
1733         (JSC::prepareJumpTableForStringSwitch):
1734         (JSC::BytecodeGenerator::endSwitch):
1735         (JSC::BytecodeGenerator::emitGetEnumerableLength):
1736         (JSC::BytecodeGenerator::emitHasGenericProperty):
1737         (JSC::BytecodeGenerator::emitHasIndexedProperty):
1738         (JSC::BytecodeGenerator::emitHasStructureProperty):
1739         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
1740         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
1741         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
1742         (JSC::BytecodeGenerator::emitToIndexString):
1743         (JSC::BytecodeGenerator::emitIsCellWithType):
1744         (JSC::BytecodeGenerator::emitIsObject):
1745         (JSC::BytecodeGenerator::emitIsNumber):
1746         (JSC::BytecodeGenerator::emitIsUndefined):
1747         (JSC::BytecodeGenerator::emitIsEmpty):
1748         (JSC::BytecodeGenerator::emitRestParameter):
1749         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1750         (JSC::BytecodeGenerator::emitYieldPoint):
1751         (JSC::BytecodeGenerator::emitYield):
1752         (JSC::BytecodeGenerator::emitGetAsyncIterator):
1753         (JSC::BytecodeGenerator::emitDelegateYield):
1754         (JSC::BytecodeGenerator::emitFinallyCompletion):
1755         (JSC::BytecodeGenerator::emitJumpIf):
1756         (JSC::ForInContext::finalize):
1757         (JSC::StructureForInContext::finalize):
1758         (JSC::IndexedForInContext::finalize):
1759         (JSC::StaticPropertyAnalysis::record):
1760         (JSC::BytecodeGenerator::emitToThis):
1761         * bytecompiler/BytecodeGenerator.h:
1762         (JSC::StructureForInContext::addGetInst):
1763         (JSC::BytecodeGenerator::recordOpcode):
1764         (JSC::BytecodeGenerator::addMetadataFor):
1765         (JSC::BytecodeGenerator::emitUnaryOp):
1766         (JSC::BytecodeGenerator::kill):
1767         (JSC::BytecodeGenerator::instructions const):
1768         (JSC::BytecodeGenerator::write):
1769         (JSC::BytecodeGenerator::withWriter):
1770         * bytecompiler/Label.h:
1771         (JSC::Label::Label):
1772         (JSC::Label::bind):
1773         * bytecompiler/NodesCodegen.cpp:
1774         (JSC::ArrayNode::emitBytecode):
1775         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
1776         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1777         (JSC::BitwiseNotNode::emitBytecode):
1778         (JSC::BinaryOpNode::emitBytecode):
1779         (JSC::EqualNode::emitBytecode):
1780         (JSC::StrictEqualNode::emitBytecode):
1781         (JSC::emitReadModifyAssignment):
1782         (JSC::ForInNode::emitBytecode):
1783         (JSC::CaseBlockNode::emitBytecodeForBlock):
1784         (JSC::FunctionNode::emitBytecode):
1785         (JSC::ClassExprNode::emitBytecode):
1786         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
1787         (WTF::printInternal):
1788         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1789         * bytecompiler/RegisterID.h:
1790         * bytecompiler/StaticPropertyAnalysis.h:
1791         (JSC::StaticPropertyAnalysis::create):
1792         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
1793         * bytecompiler/StaticPropertyAnalyzer.h:
1794         (JSC::StaticPropertyAnalyzer::createThis):
1795         (JSC::StaticPropertyAnalyzer::newObject):
1796         (JSC::StaticPropertyAnalyzer::putById):
1797         (JSC::StaticPropertyAnalyzer::mov):
1798         (JSC::StaticPropertyAnalyzer::kill):
1799         * dfg/DFGByteCodeParser.cpp:
1800         (JSC::DFG::ByteCodeParser::addCall):
1801         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1802         (JSC::DFG::ByteCodeParser::getArrayMode):
1803         (JSC::DFG::ByteCodeParser::handleCall):
1804         (JSC::DFG::ByteCodeParser::handleVarargsCall):
1805         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
1806         (JSC::DFG::ByteCodeParser::inlineCall):
1807         (JSC::DFG::ByteCodeParser::handleCallVariant):
1808         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
1809         (JSC::DFG::ByteCodeParser::handleInlining):
1810         (JSC::DFG::ByteCodeParser::handleMinMax):
1811         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1812         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
1813         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
1814         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
1815         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
1816         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
1817         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1818         (JSC::DFG::ByteCodeParser::handleGetById):
1819         (JSC::DFG::ByteCodeParser::handlePutById):
1820         (JSC::DFG::ByteCodeParser::parseGetById):
1821         (JSC::DFG::ByteCodeParser::parseBlock):
1822         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1823         (JSC::DFG::ByteCodeParser::handlePutByVal):
1824         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
1825         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
1826         (JSC::DFG::ByteCodeParser::handleNewFunc):
1827         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
1828         (JSC::DFG::ByteCodeParser::parse):
1829         * dfg/DFGCapabilities.cpp:
1830         (JSC::DFG::capabilityLevel):
1831         * dfg/DFGCapabilities.h:
1832         (JSC::DFG::capabilityLevel):
1833         * dfg/DFGOSREntry.cpp:
1834         (JSC::DFG::prepareCatchOSREntry):
1835         * dfg/DFGSpeculativeJIT.cpp:
1836         (JSC::DFG::SpeculativeJIT::compileValueAdd):
1837         (JSC::DFG::SpeculativeJIT::compileValueSub):
1838         (JSC::DFG::SpeculativeJIT::compileValueNegate):
1839         (JSC::DFG::SpeculativeJIT::compileArithMul):
1840         * ftl/FTLLowerDFGToB3.cpp:
1841         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
1842         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
1843         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
1844         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
1845         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
1846         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
1847         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
1848         * ftl/FTLOperations.cpp:
1849         (JSC::FTL::operationMaterializeObjectInOSR):
1850         * generate-bytecode-files: Removed.
1851         * generator/Argument.rb: Added.
1852         * generator/Assertion.rb: Added.
1853         * generator/DSL.rb: Added.
1854         * generator/Fits.rb: Added.
1855         * generator/GeneratedFile.rb: Added.
1856         * generator/Metadata.rb: Added.
1857         * generator/Opcode.rb: Added.
1858         * generator/OpcodeGroup.rb: Added.
1859         * generator/Options.rb: Added.
1860         * generator/Section.rb: Added.
1861         * generator/Template.rb: Added.
1862         * generator/Type.rb: Added.
1863         * generator/main.rb: Added.
1864         * interpreter/AbstractPC.h:
1865         * interpreter/CallFrame.cpp:
1866         (JSC::CallFrame::currentVPC const):
1867         (JSC::CallFrame::setCurrentVPC):
1868         * interpreter/CallFrame.h:
1869         (JSC::CallSiteIndex::CallSiteIndex):
1870         (JSC::ExecState::setReturnPC):
1871         * interpreter/Interpreter.cpp:
1872         (WTF::printInternal):
1873         * interpreter/Interpreter.h:
1874         * interpreter/InterpreterInlines.h:
1875         * interpreter/StackVisitor.cpp:
1876         (JSC::StackVisitor::Frame::dump const):
1877         * interpreter/VMEntryRecord.h:
1878         * jit/JIT.cpp:
1879         (JSC::JIT::JIT):
1880         (JSC::JIT::emitSlowCaseCall):
1881         (JSC::JIT::privateCompileMainPass):
1882         (JSC::JIT::privateCompileSlowCases):
1883         (JSC::JIT::compileWithoutLinking):
1884         (JSC::JIT::link):
1885         * jit/JIT.h:
1886         * jit/JITArithmetic.cpp:
1887         (JSC::JIT::emit_op_jless):
1888         (JSC::JIT::emit_op_jlesseq):
1889         (JSC::JIT::emit_op_jgreater):
1890         (JSC::JIT::emit_op_jgreatereq):
1891         (JSC::JIT::emit_op_jnless):
1892         (JSC::JIT::emit_op_jnlesseq):
1893         (JSC::JIT::emit_op_jngreater):
1894         (JSC::JIT::emit_op_jngreatereq):
1895         (JSC::JIT::emitSlow_op_jless):
1896         (JSC::JIT::emitSlow_op_jlesseq):
1897         (JSC::JIT::emitSlow_op_jgreater):
1898         (JSC::JIT::emitSlow_op_jgreatereq):
1899         (JSC::JIT::emitSlow_op_jnless):
1900         (JSC::JIT::emitSlow_op_jnlesseq):
1901         (JSC::JIT::emitSlow_op_jngreater):
1902         (JSC::JIT::emitSlow_op_jngreatereq):
1903         (JSC::JIT::emit_op_below):
1904         (JSC::JIT::emit_op_beloweq):
1905         (JSC::JIT::emit_op_jbelow):
1906         (JSC::JIT::emit_op_jbeloweq):
1907         (JSC::JIT::emit_op_unsigned):
1908         (JSC::JIT::emit_compareAndJump):
1909         (JSC::JIT::emit_compareUnsignedAndJump):
1910         (JSC::JIT::emit_compareUnsigned):
1911         (JSC::JIT::emit_compareAndJumpSlow):
1912         (JSC::JIT::emit_op_inc):
1913         (JSC::JIT::emit_op_dec):
1914         (JSC::JIT::emit_op_mod):
1915         (JSC::JIT::emitSlow_op_mod):
1916         (JSC::JIT::emit_op_negate):
1917         (JSC::JIT::emitSlow_op_negate):
1918         (JSC::JIT::emitBitBinaryOpFastPath):
1919         (JSC::JIT::emit_op_bitand):
1920         (JSC::JIT::emit_op_bitor):
1921         (JSC::JIT::emit_op_bitxor):
1922         (JSC::JIT::emit_op_lshift):
1923         (JSC::JIT::emitRightShiftFastPath):
1924         (JSC::JIT::emit_op_rshift):
1925         (JSC::JIT::emit_op_urshift):
1926         (JSC::getOperandTypes):
1927         (JSC::JIT::emit_op_add):
1928         (JSC::JIT::emitSlow_op_add):
1929         (JSC::JIT::emitMathICFast):
1930         (JSC::JIT::emitMathICSlow):
1931         (JSC::JIT::emit_op_div):
1932         (JSC::JIT::emit_op_mul):
1933         (JSC::JIT::emitSlow_op_mul):
1934         (JSC::JIT::emit_op_sub):
1935         (JSC::JIT::emitSlow_op_sub):
1936         * jit/JITCall.cpp:
1937         (JSC::JIT::emitPutCallResult):
1938         (JSC::JIT::compileSetupFrame):
1939         (JSC::JIT::compileCallEval):
1940         (JSC::JIT::compileCallEvalSlowCase):
1941         (JSC::JIT::compileTailCall):
1942         (JSC::JIT::compileOpCall):
1943         (JSC::JIT::compileOpCallSlowCase):
1944         (JSC::JIT::emit_op_call):
1945         (JSC::JIT::emit_op_tail_call):
1946         (JSC::JIT::emit_op_call_eval):
1947         (JSC::JIT::emit_op_call_varargs):
1948         (JSC::JIT::emit_op_tail_call_varargs):
1949         (JSC::JIT::emit_op_tail_call_forward_arguments):
1950         (JSC::JIT::emit_op_construct_varargs):
1951         (JSC::JIT::emit_op_construct):
1952         (JSC::JIT::emitSlow_op_call):
1953         (JSC::JIT::emitSlow_op_tail_call):
1954         (JSC::JIT::emitSlow_op_call_eval):
1955         (JSC::JIT::emitSlow_op_call_varargs):
1956         (JSC::JIT::emitSlow_op_tail_call_varargs):
1957         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
1958         (JSC::JIT::emitSlow_op_construct_varargs):
1959         (JSC::JIT::emitSlow_op_construct):
1960         * jit/JITDisassembler.cpp:
1961         (JSC::JITDisassembler::JITDisassembler):
1962         * jit/JITExceptions.cpp:
1963         (JSC::genericUnwind):
1964         * jit/JITInlines.h:
1965         (JSC::JIT::emitDoubleGetByVal):
1966         (JSC::JIT::emitLoadForArrayMode):
1967         (JSC::JIT::emitContiguousGetByVal):
1968         (JSC::JIT::emitArrayStorageGetByVal):
1969         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1970         (JSC::JIT::sampleInstruction):
1971         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
1972         (JSC::JIT::emitValueProfilingSite):
1973         (JSC::JIT::jumpTarget):
1974         (JSC::JIT::copiedGetPutInfo):
1975         (JSC::JIT::copiedArithProfile):
1976         * jit/JITMathIC.h:
1977         (JSC::isProfileEmpty):
1978         (JSC::JITBinaryMathIC::JITBinaryMathIC):
1979         (JSC::JITUnaryMathIC::JITUnaryMathIC):
1980         * jit/JITOpcodes.cpp:
1981         (JSC::JIT::emit_op_mov):
1982         (JSC::JIT::emit_op_end):
1983         (JSC::JIT::emit_op_jmp):
1984         (JSC::JIT::emit_op_new_object):
1985         (JSC::JIT::emitSlow_op_new_object):
1986         (JSC::JIT::emit_op_overrides_has_instance):
1987         (JSC::JIT::emit_op_instanceof):
1988         (JSC::JIT::emitSlow_op_instanceof):
1989         (JSC::JIT::emit_op_instanceof_custom):
1990         (JSC::JIT::emit_op_is_empty):
1991         (JSC::JIT::emit_op_is_undefined):
1992         (JSC::JIT::emit_op_is_boolean):
1993         (JSC::JIT::emit_op_is_number):
1994         (JSC::JIT::emit_op_is_cell_with_type):
1995         (JSC::JIT::emit_op_is_object):
1996         (JSC::JIT::emit_op_ret):
1997         (JSC::JIT::emit_op_to_primitive):
1998         (JSC::JIT::emit_op_set_function_name):
1999         (JSC::JIT::emit_op_not):
2000         (JSC::JIT::emit_op_jfalse):
2001         (JSC::JIT::emit_op_jeq_null):
2002         (JSC::JIT::emit_op_jneq_null):
2003         (JSC::JIT::emit_op_jneq_ptr):
2004         (JSC::JIT::emit_op_eq):
2005         (JSC::JIT::emit_op_jeq):
2006         (JSC::JIT::emit_op_jtrue):
2007         (JSC::JIT::emit_op_neq):
2008         (JSC::JIT::emit_op_jneq):
2009         (JSC::JIT::emit_op_throw):
2010         (JSC::JIT::compileOpStrictEq):
2011         (JSC::JIT::emit_op_stricteq):
2012         (JSC::JIT::emit_op_nstricteq):
2013         (JSC::JIT::compileOpStrictEqJump):
2014         (JSC::JIT::emit_op_jstricteq):
2015         (JSC::JIT::emit_op_jnstricteq):
2016         (JSC::JIT::emitSlow_op_jstricteq):
2017         (JSC::JIT::emitSlow_op_jnstricteq):
2018         (JSC::JIT::emit_op_to_number):
2019         (JSC::JIT::emit_op_to_string):
2020         (JSC::JIT::emit_op_to_object):
2021         (JSC::JIT::emit_op_catch):
2022         (JSC::JIT::emit_op_identity_with_profile):
2023         (JSC::JIT::emit_op_get_parent_scope):
2024         (JSC::JIT::emit_op_switch_imm):
2025         (JSC::JIT::emit_op_switch_char):
2026         (JSC::JIT::emit_op_switch_string):
2027         (JSC::JIT::emit_op_debug):
2028         (JSC::JIT::emit_op_eq_null):
2029         (JSC::JIT::emit_op_neq_null):
2030         (JSC::JIT::emit_op_enter):
2031         (JSC::JIT::emit_op_get_scope):
2032         (JSC::JIT::emit_op_to_this):
2033         (JSC::JIT::emit_op_create_this):
2034         (JSC::JIT::emit_op_check_tdz):
2035         (JSC::JIT::emitSlow_op_eq):
2036         (JSC::JIT::emitSlow_op_neq):
2037         (JSC::JIT::emitSlow_op_jeq):
2038         (JSC::JIT::emitSlow_op_jneq):
2039         (JSC::JIT::emitSlow_op_instanceof_custom):
2040         (JSC::JIT::emit_op_loop_hint):
2041         (JSC::JIT::emitSlow_op_loop_hint):
2042         (JSC::JIT::emit_op_check_traps):
2043         (JSC::JIT::emit_op_nop):
2044         (JSC::JIT::emit_op_super_sampler_begin):
2045         (JSC::JIT::emit_op_super_sampler_end):
2046         (JSC::JIT::emitSlow_op_check_traps):
2047         (JSC::JIT::emit_op_new_regexp):
2048         (JSC::JIT::emitNewFuncCommon):
2049         (JSC::JIT::emit_op_new_func):
2050         (JSC::JIT::emit_op_new_generator_func):
2051         (JSC::JIT::emit_op_new_async_generator_func):
2052         (JSC::JIT::emit_op_new_async_func):
2053         (JSC::JIT::emitNewFuncExprCommon):
2054         (JSC::JIT::emit_op_new_func_exp):
2055         (JSC::JIT::emit_op_new_generator_func_exp):
2056         (JSC::JIT::emit_op_new_async_func_exp):
2057         (JSC::JIT::emit_op_new_async_generator_func_exp):
2058         (JSC::JIT::emit_op_new_array):
2059         (JSC::JIT::emit_op_new_array_with_size):
2060         (JSC::JIT::emit_op_has_structure_property):
2061         (JSC::JIT::privateCompileHasIndexedProperty):
2062         (JSC::JIT::emit_op_has_indexed_property):
2063         (JSC::JIT::emitSlow_op_has_indexed_property):
2064         (JSC::JIT::emit_op_get_direct_pname):
2065         (JSC::JIT::emit_op_enumerator_structure_pname):
2066         (JSC::JIT::emit_op_enumerator_generic_pname):
2067         (JSC::JIT::emit_op_profile_type):
2068         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2069         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2070         (JSC::JIT::emit_op_profile_control_flow):
2071         (JSC::JIT::emit_op_argument_count):
2072         (JSC::JIT::emit_op_get_rest_length):
2073         (JSC::JIT::emit_op_get_argument):
2074         * jit/JITOpcodes32_64.cpp:
2075         (JSC::JIT::emit_op_to_this):
2076         * jit/JITOperations.cpp:
2077         * jit/JITOperations.h:
2078         * jit/JITPropertyAccess.cpp:
2079         (JSC::JIT::emit_op_get_by_val):
2080         (JSC::JIT::emitGetByValWithCachedId):
2081         (JSC::JIT::emitSlow_op_get_by_val):
2082         (JSC::JIT::emit_op_put_by_val_direct):
2083         (JSC::JIT::emit_op_put_by_val):
2084         (JSC::JIT::emitGenericContiguousPutByVal):
2085         (JSC::JIT::emitArrayStoragePutByVal):
2086         (JSC::JIT::emitPutByValWithCachedId):
2087         (JSC::JIT::emitSlow_op_put_by_val):
2088         (JSC::JIT::emit_op_put_getter_by_id):
2089         (JSC::JIT::emit_op_put_setter_by_id):
2090         (JSC::JIT::emit_op_put_getter_setter_by_id):
2091         (JSC::JIT::emit_op_put_getter_by_val):
2092         (JSC::JIT::emit_op_put_setter_by_val):
2093         (JSC::JIT::emit_op_del_by_id):
2094         (JSC::JIT::emit_op_del_by_val):
2095         (JSC::JIT::emit_op_try_get_by_id):
2096         (JSC::JIT::emitSlow_op_try_get_by_id):
2097         (JSC::JIT::emit_op_get_by_id_direct):
2098         (JSC::JIT::emitSlow_op_get_by_id_direct):
2099         (JSC::JIT::emit_op_get_by_id):
2100         (JSC::JIT::emit_op_get_by_id_with_this):
2101         (JSC::JIT::emitSlow_op_get_by_id):
2102         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2103         (JSC::JIT::emit_op_put_by_id):
2104         (JSC::JIT::emitSlow_op_put_by_id):
2105         (JSC::JIT::emit_op_in_by_id):
2106         (JSC::JIT::emitSlow_op_in_by_id):
2107         (JSC::JIT::emit_op_resolve_scope):
2108         (JSC::JIT::emit_op_get_from_scope):
2109         (JSC::JIT::emitSlow_op_get_from_scope):
2110         (JSC::JIT::emit_op_put_to_scope):
2111         (JSC::JIT::emitSlow_op_put_to_scope):
2112         (JSC::JIT::emit_op_get_from_arguments):
2113         (JSC::JIT::emit_op_put_to_arguments):
2114         (JSC::JIT::privateCompileGetByVal):
2115         (JSC::JIT::privateCompileGetByValWithCachedId):
2116         (JSC::JIT::privateCompilePutByVal):
2117         (JSC::JIT::privateCompilePutByValWithCachedId):
2118         (JSC::JIT::emitDoubleLoad):
2119         (JSC::JIT::emitContiguousLoad):
2120         (JSC::JIT::emitArrayStorageLoad):
2121         (JSC::JIT::emitDirectArgumentsGetByVal):
2122         (JSC::JIT::emitScopedArgumentsGetByVal):
2123         (JSC::JIT::emitIntTypedArrayGetByVal):
2124         (JSC::JIT::emitFloatTypedArrayGetByVal):
2125         (JSC::JIT::emitIntTypedArrayPutByVal):
2126         (JSC::JIT::emitFloatTypedArrayPutByVal):
2127         * jit/RegisterSet.cpp:
2128         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2129         * jit/SlowPathCall.h:
2130         (JSC::JITSlowPathCall::JITSlowPathCall):
2131         * llint/LLIntData.cpp:
2132         (JSC::LLInt::initialize):
2133         (JSC::LLInt::Data::performAssertions):
2134         * llint/LLIntData.h:
2135         (JSC::LLInt::exceptionInstructions):
2136         (JSC::LLInt::opcodeMap):
2137         (JSC::LLInt::opcodeMapWide):
2138         (JSC::LLInt::getOpcode):
2139         (JSC::LLInt::getOpcodeWide):
2140         (JSC::LLInt::getWideCodePtr):
2141         * llint/LLIntOffsetsExtractor.cpp:
2142         * llint/LLIntSlowPaths.cpp:
2143         (JSC::LLInt::llint_trace_operand):
2144         (JSC::LLInt::llint_trace_value):
2145         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2146         (JSC::LLInt::entryOSR):
2147         (JSC::LLInt::setupGetByIdPrototypeCache):
2148         (JSC::LLInt::getByVal):
2149         (JSC::LLInt::handleHostCall):
2150         (JSC::LLInt::setUpCall):
2151         (JSC::LLInt::genericCall):
2152         (JSC::LLInt::varargsSetup):
2153         (JSC::LLInt::commonCallEval):
2154         * llint/LLIntSlowPaths.h:
2155         * llint/LowLevelInterpreter.asm:
2156         * llint/LowLevelInterpreter.cpp:
2157         (JSC::CLoopRegister::operator const Instruction*):
2158         (JSC::CLoop::execute):
2159         * llint/LowLevelInterpreter32_64.asm:
2160         * llint/LowLevelInterpreter64.asm:
2161         * offlineasm/arm64.rb:
2162         * offlineasm/asm.rb:
2163         * offlineasm/ast.rb:
2164         * offlineasm/cloop.rb:
2165         * offlineasm/generate_offset_extractor.rb:
2166         * offlineasm/instructions.rb:
2167         * offlineasm/offsets.rb:
2168         * offlineasm/parser.rb:
2169         * offlineasm/transform.rb:
2170         * offlineasm/x86.rb:
2171         * parser/ResultType.h:
2172         (JSC::ResultType::dump const):
2173         (JSC::OperandTypes::first const):
2174         (JSC::OperandTypes::second const):
2175         (JSC::OperandTypes::dump const):
2176         * profiler/ProfilerBytecodeSequence.cpp:
2177         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
2178         * runtime/CommonSlowPaths.cpp:
2179         (JSC::SLOW_PATH_DECL):
2180         (JSC::updateArithProfileForUnaryArithOp):
2181         (JSC::updateArithProfileForBinaryArithOp):
2182         * runtime/CommonSlowPaths.h:
2183         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
2184         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
2185         * runtime/ExceptionFuzz.cpp:
2186         (JSC::doExceptionFuzzing):
2187         * runtime/ExceptionFuzz.h:
2188         (JSC::doExceptionFuzzingIfEnabled):
2189         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2190         (JSC::GetPutInfo::dump const):
2191         (WTF::printInternal):
2192         * runtime/GetPutInfo.h:
2193         (JSC::GetPutInfo::operand const):
2194         * runtime/JSCPoison.h:
2195         * runtime/JSType.cpp: Added.
2196         (WTF::printInternal):
2197         * runtime/JSType.h:
2198         * runtime/SamplingProfiler.cpp:
2199         (JSC::SamplingProfiler::StackFrame::displayName):
2200         * runtime/SamplingProfiler.h:
2201         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
2202         * runtime/SlowPathReturnType.h:
2203         (JSC::encodeResult):
2204         (JSC::decodeResult):
2205         * runtime/VM.h:
2206         * runtime/Watchdog.h:
2207         * tools/HeapVerifier.cpp:
2208
2209 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2210
2211         Unreviewed, partial rolling in r237254
2212         https://bugs.webkit.org/show_bug.cgi?id=190340
2213
2214         We do not use the added function right now to investigate what is the reason of the regression.
2215         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
2216         seems culprit of the regression on iOS devices.
2217
2218         * bytecode/UnlinkedFunctionExecutable.cpp:
2219         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2220         * bytecode/UnlinkedFunctionExecutable.h:
2221         * parser/SourceCodeKey.h:
2222         (JSC::SourceCodeKey::SourceCodeKey):
2223         (JSC::SourceCodeKey::operator== const):
2224         * runtime/CodeCache.cpp:
2225         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2226         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2227         * runtime/CodeCache.h:
2228         * runtime/FunctionConstructor.cpp:
2229         (JSC::constructFunctionSkippingEvalEnabledCheck):
2230         * runtime/FunctionExecutable.cpp:
2231         (JSC::FunctionExecutable::fromGlobalCode):
2232         * runtime/FunctionExecutable.h:
2233
2234 2018-10-26  Commit Queue  <commit-queue@webkit.org>
2235
2236         Unreviewed, rolling out r237479 and r237484.
2237         https://bugs.webkit.org/show_bug.cgi?id=190978
2238
2239         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
2240
2241         Reverted changesets:
2242
2243         "New bytecode format for JSC"
2244         https://bugs.webkit.org/show_bug.cgi?id=187373
2245         https://trac.webkit.org/changeset/237479
2246
2247         "Gardening: Build fix after r237479."
2248         https://bugs.webkit.org/show_bug.cgi?id=187373
2249         https://trac.webkit.org/changeset/237484
2250
2251 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
2252
2253         Gardening: Build fix after r237479.
2254         https://bugs.webkit.org/show_bug.cgi?id=187373
2255
2256         Unreviewed.
2257
2258         * Configurations/JSC.xcconfig:
2259         * JavaScriptCore.xcodeproj/project.pbxproj:
2260         * llint/LLIntData.cpp:
2261         (JSC::LLInt::initialize):
2262
2263 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
2264
2265         New bytecode format for JSC
2266         https://bugs.webkit.org/show_bug.cgi?id=187373
2267         <rdar://problem/44186758>
2268
2269         Reviewed by Filip Pizlo.
2270
2271         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
2272         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
2273         operands) and might contain an extra operand, the metadataID. The metadataID is used to
2274         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
2275
2276         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
2277         and types to all its operands. Additionally, reading a bytecode from the instruction stream
2278         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
2279         operands directly from the stream.
2280
2281
2282         * CMakeLists.txt:
2283         * DerivedSources.make:
2284         * JavaScriptCore.xcodeproj/project.pbxproj:
2285         * Sources.txt:
2286         * assembler/MacroAssemblerCodeRef.h:
2287         (JSC::ReturnAddressPtr::ReturnAddressPtr):
2288         (JSC::ReturnAddressPtr::value const):
2289         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
2290         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
2291         * bytecode/ArithProfile.h:
2292         (JSC::ArithProfile::ArithProfile):
2293         * bytecode/ArrayAllocationProfile.h:
2294         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
2295         * bytecode/ArrayProfile.h:
2296         * bytecode/BytecodeBasicBlock.cpp:
2297         (JSC::isJumpTarget):
2298         (JSC::BytecodeBasicBlock::computeImpl):
2299         (JSC::BytecodeBasicBlock::compute):
2300         * bytecode/BytecodeBasicBlock.h:
2301         (JSC::BytecodeBasicBlock::leaderOffset const):
2302         (JSC::BytecodeBasicBlock::totalLength const):
2303         (JSC::BytecodeBasicBlock::offsets const):
2304         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
2305         (JSC::BytecodeBasicBlock::addLength):
2306         * bytecode/BytecodeDumper.cpp:
2307         (JSC::BytecodeDumper<Block>::printLocationAndOp):
2308         (JSC::BytecodeDumper<Block>::dumpBytecode):
2309         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2310         (JSC::BytecodeDumper<Block>::dumpConstants):
2311         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2312         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2313         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2314         (JSC::BytecodeDumper<Block>::dumpBlock):
2315         * bytecode/BytecodeDumper.h:
2316         (JSC::BytecodeDumper::dumpOperand):
2317         (JSC::BytecodeDumper::dumpValue):
2318         (JSC::BytecodeDumper::BytecodeDumper):
2319         (JSC::BytecodeDumper::block const):
2320         * bytecode/BytecodeGeneratorification.cpp:
2321         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2322         (JSC::BytecodeGeneratorification::enterPoint const):
2323         (JSC::BytecodeGeneratorification::instructions const):
2324         (JSC::GeneratorLivenessAnalysis::run):
2325         (JSC::BytecodeGeneratorification::run):
2326         (JSC::performGeneratorification):
2327         * bytecode/BytecodeGeneratorification.h:
2328         * bytecode/BytecodeGraph.h:
2329         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
2330         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
2331         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
2332         (JSC::BytecodeGraph::BytecodeGraph):
2333         * bytecode/BytecodeKills.h:
2334         * bytecode/BytecodeList.json: Removed.
2335         * bytecode/BytecodeList.rb: Added.
2336         * bytecode/BytecodeLivenessAnalysis.cpp:
2337         (JSC::BytecodeLivenessAnalysis::dumpResults):
2338         * bytecode/BytecodeLivenessAnalysis.h:
2339         * bytecode/BytecodeLivenessAnalysisInlines.h:
2340         (JSC::isValidRegisterForLiveness):
2341         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
2342         * bytecode/BytecodeRewriter.cpp:
2343         (JSC::BytecodeRewriter::applyModification):
2344         (JSC::BytecodeRewriter::execute):
2345         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
2346         (JSC::BytecodeRewriter::insertImpl):
2347         (JSC::BytecodeRewriter::adjustJumpTarget):
2348         (JSC::BytecodeRewriter::adjustJumpTargets):
2349         * bytecode/BytecodeRewriter.h:
2350         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
2351         (JSC::BytecodeRewriter::Fragment::Fragment):
2352         (JSC::BytecodeRewriter::Fragment::appendInstruction):
2353         (JSC::BytecodeRewriter::BytecodeRewriter):
2354         (JSC::BytecodeRewriter::insertFragmentBefore):
2355         (JSC::BytecodeRewriter::insertFragmentAfter):
2356         (JSC::BytecodeRewriter::removeBytecode):
2357         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
2358         (JSC::BytecodeRewriter::adjustJumpTarget):
2359         * bytecode/BytecodeUseDef.h:
2360         (JSC::computeUsesForBytecodeOffset):
2361         (JSC::computeDefsForBytecodeOffset):
2362         * bytecode/CallLinkStatus.cpp:
2363         (JSC::CallLinkStatus::computeFromLLInt):
2364         * bytecode/CodeBlock.cpp:
2365         (JSC::CodeBlock::dumpBytecode):
2366         (JSC::CodeBlock::CodeBlock):
2367         (JSC::CodeBlock::finishCreation):
2368         (JSC::CodeBlock::estimatedSize):
2369         (JSC::CodeBlock::visitChildren):
2370         (JSC::CodeBlock::propagateTransitions):
2371         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2372         (JSC::CodeBlock::addJITAddIC):
2373         (JSC::CodeBlock::addJITMulIC):
2374         (JSC::CodeBlock::addJITSubIC):
2375         (JSC::CodeBlock::addJITNegIC):
2376         (JSC::CodeBlock::stronglyVisitStrongReferences):
2377         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
2378         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
2379         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2380         (JSC::CodeBlock::getArrayProfile):
2381         (JSC::CodeBlock::updateAllArrayPredictions):
2382         (JSC::CodeBlock::predictedMachineCodeSize):
2383         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
2384         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2385         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2386         (JSC::CodeBlock::validate):
2387         (JSC::CodeBlock::outOfLineJumpOffset):
2388         (JSC::CodeBlock::outOfLineJumpTarget):
2389         (JSC::CodeBlock::arithProfileForBytecodeOffset):
2390         (JSC::CodeBlock::arithProfileForPC):
2391         (JSC::CodeBlock::couldTakeSpecialFastCase):
2392         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2393         * bytecode/CodeBlock.h:
2394         (JSC::CodeBlock::addMathIC):
2395         (JSC::CodeBlock::outOfLineJumpOffset):
2396         (JSC::CodeBlock::bytecodeOffset):
2397         (JSC::CodeBlock::instructions const):
2398         (JSC::CodeBlock::instructionCount const):
2399         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2400         (JSC::CodeBlock::metadata):
2401         (JSC::CodeBlock::metadataSizeInBytes):
2402         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
2403         (JSC::CodeBlock::totalNumberOfValueProfiles):
2404         * bytecode/CodeBlockInlines.h: Added.
2405         (JSC::CodeBlock::forEachValueProfile):
2406         (JSC::CodeBlock::forEachArrayProfile):
2407         (JSC::CodeBlock::forEachArrayAllocationProfile):
2408         (JSC::CodeBlock::forEachObjectAllocationProfile):
2409         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2410         * bytecode/Fits.h: Added.
2411         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2412         * bytecode/GetByIdStatus.cpp:
2413         (JSC::GetByIdStatus::computeFromLLInt):
2414         * bytecode/Instruction.h:
2415         (JSC::Instruction::Instruction):
2416         (JSC::Instruction::Impl::opcodeID const):
2417         (JSC::Instruction::opcodeID const):
2418         (JSC::Instruction::name const):
2419         (JSC::Instruction::isWide const):
2420         (JSC::Instruction::size const):
2421         (JSC::Instruction::is const):
2422         (JSC::Instruction::as const):
2423         (JSC::Instruction::cast):
2424         (JSC::Instruction::cast const):
2425         (JSC::Instruction::narrow const):
2426         (JSC::Instruction::wide const):
2427         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2428         (JSC::InstructionStream::InstructionStream):
2429         (JSC::InstructionStream::sizeInBytes const):
2430         * bytecode/InstructionStream.h: Added.
2431         (JSC::InstructionStream::BaseRef::BaseRef):
2432         (JSC::InstructionStream::BaseRef::operator=):
2433         (JSC::InstructionStream::BaseRef::operator-> const):
2434         (JSC::InstructionStream::BaseRef::ptr const):
2435         (JSC::InstructionStream::BaseRef::operator!= const):
2436         (JSC::InstructionStream::BaseRef::next const):
2437         (JSC::InstructionStream::BaseRef::offset const):
2438         (JSC::InstructionStream::BaseRef::isValid const):
2439         (JSC::InstructionStream::BaseRef::unwrap const):
2440         (JSC::InstructionStream::MutableRef::freeze const):
2441         (JSC::InstructionStream::MutableRef::operator->):
2442         (JSC::InstructionStream::MutableRef::ptr):
2443         (JSC::InstructionStream::MutableRef::operator Ref):
2444         (JSC::InstructionStream::MutableRef::unwrap):
2445         (JSC::InstructionStream::iterator::operator*):
2446         (JSC::InstructionStream::iterator::operator++):
2447         (JSC::InstructionStream::begin const):
2448         (JSC::InstructionStream::end const):
2449         (JSC::InstructionStream::at const):
2450         (JSC::InstructionStream::size const):
2451         (JSC::InstructionStreamWriter::InstructionStreamWriter):
2452         (JSC::InstructionStreamWriter::ref):
2453         (JSC::InstructionStreamWriter::seek):
2454         (JSC::InstructionStreamWriter::position):
2455         (JSC::InstructionStreamWriter::write):
2456         (JSC::InstructionStreamWriter::rewind):
2457         (JSC::InstructionStreamWriter::finalize):
2458         (JSC::InstructionStreamWriter::swap):
2459         (JSC::InstructionStreamWriter::iterator::operator*):
2460         (JSC::InstructionStreamWriter::iterator::operator++):
2461         (JSC::InstructionStreamWriter::begin):
2462         (JSC::InstructionStreamWriter::end):
2463         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
2464         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
2465         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
2466         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
2467         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
2468         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2469         (JSC::MetadataTable::MetadataTable):
2470         (JSC::DeallocTable::withOpcodeType):
2471         (JSC::MetadataTable::~MetadataTable):
2472         (JSC::MetadataTable::sizeInBytes):
2473         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
2474         (JSC::MetadataTable::get):
2475         (JSC::MetadataTable::forEach):
2476         (JSC::MetadataTable::getImpl):
2477         * bytecode/Opcode.cpp:
2478         (JSC::metadataSize):
2479         * bytecode/Opcode.h:
2480         (JSC::padOpcodeName):
2481         * bytecode/OpcodeInlines.h:
2482         (JSC::isOpcodeShape):
2483         (JSC::getOpcodeType):
2484         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2485         * bytecode/PreciseJumpTargets.cpp:
2486         (JSC::getJumpTargetsForInstruction):
2487         (JSC::computePreciseJumpTargetsInternal):
2488         (JSC::computePreciseJumpTargets):
2489         (JSC::recomputePreciseJumpTargets):
2490         (JSC::findJumpTargetsForInstruction):
2491         * bytecode/PreciseJumpTargets.h:
2492         * bytecode/PreciseJumpTargetsInlines.h:
2493         (JSC::jumpTargetForInstruction):
2494         (JSC::extractStoredJumpTargetsForInstruction):
2495         (JSC::updateStoredJumpTargetsForInstruction):
2496         * bytecode/PutByIdStatus.cpp:
2497         (JSC::PutByIdStatus::computeFromLLInt):
2498         * bytecode/SpecialPointer.cpp:
2499         (WTF::printInternal):
2500         * bytecode/SpecialPointer.h:
2501         * bytecode/UnlinkedCodeBlock.cpp:
2502         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2503         (JSC::UnlinkedCodeBlock::visitChildren):
2504         (JSC::UnlinkedCodeBlock::estimatedSize):
2505         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
2506         (JSC::dumpLineColumnEntry):
2507         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
2508         (JSC::UnlinkedCodeBlock::setInstructions):
2509         (JSC::UnlinkedCodeBlock::instructions const):
2510         (JSC::UnlinkedCodeBlock::applyModification):
2511         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
2512         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2513         * bytecode/UnlinkedCodeBlock.h:
2514         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
2515         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
2516         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
2517         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
2518         (JSC::UnlinkedCodeBlock::metadata):
2519         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
2520         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2521         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
2522         * bytecode/UnlinkedInstructionStream.cpp: Removed.
2523         * bytecode/UnlinkedInstructionStream.h: Removed.
2524         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2525         * bytecode/UnlinkedMetadataTableInlines.h: Added.
2526         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
2527         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
2528         (JSC::UnlinkedMetadataTable::addEntry):
2529         (JSC::UnlinkedMetadataTable::sizeInBytes):
2530         (JSC::UnlinkedMetadataTable::finalize):
2531         (JSC::UnlinkedMetadataTable::link):
2532         (JSC::UnlinkedMetadataTable::unlink):
2533         * bytecode/VirtualRegister.cpp:
2534         (JSC::VirtualRegister::VirtualRegister):
2535         * bytecode/VirtualRegister.h:
2536         * bytecompiler/BytecodeGenerator.cpp:
2537         (JSC::Label::setLocation):
2538         (JSC::Label::bind):
2539         (JSC::BytecodeGenerator::generate):
2540         (JSC::BytecodeGenerator::BytecodeGenerator):
2541         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2542         (JSC::BytecodeGenerator::emitEnter):
2543         (JSC::BytecodeGenerator::emitLoopHint):
2544         (JSC::BytecodeGenerator::emitJump):
2545         (JSC::BytecodeGenerator::emitCheckTraps):
2546         (JSC::BytecodeGenerator::rewind):
2547         (JSC::BytecodeGenerator::fuseCompareAndJump):
2548         (JSC::BytecodeGenerator::fuseTestAndJmp):
2549         (JSC::BytecodeGenerator::emitJumpIfTrue):
2550         (JSC::BytecodeGenerator::emitJumpIfFalse):
2551         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2552         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2553         (JSC::BytecodeGenerator::moveLinkTimeConstant):
2554         (JSC::BytecodeGenerator::moveEmptyValue):
2555         (JSC::BytecodeGenerator::emitMove):
2556         (JSC::BytecodeGenerator::emitUnaryOp):
2557         (JSC::BytecodeGenerator::emitBinaryOp):
2558         (JSC::BytecodeGenerator::emitToObject):
2559         (JSC::BytecodeGenerator::emitToNumber):
2560         (JSC::BytecodeGenerator::emitToString):
2561         (JSC::BytecodeGenerator::emitTypeOf):
2562         (JSC::BytecodeGenerator::emitInc):
2563         (JSC::BytecodeGenerator::emitDec):
2564         (JSC::BytecodeGenerator::emitEqualityOp):
2565         (JSC::BytecodeGenerator::emitProfileType):
2566         (JSC::BytecodeGenerator::emitProfileControlFlow):
2567         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2568         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
2569         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
2570         (JSC::BytecodeGenerator::emitOverridesHasInstance):
2571         (JSC::BytecodeGenerator::emitResolveScope):
2572         (JSC::BytecodeGenerator::emitGetFromScope):
2573         (JSC::BytecodeGenerator::emitPutToScope):
2574         (JSC::BytecodeGenerator::emitInstanceOf):
2575         (JSC::BytecodeGenerator::emitInstanceOfCustom):
2576         (JSC::BytecodeGenerator::emitInByVal):
2577         (JSC::BytecodeGenerator::emitInById):
2578         (JSC::BytecodeGenerator::emitTryGetById):
2579         (JSC::BytecodeGenerator::emitGetById):
2580         (JSC::BytecodeGenerator::emitDirectGetById):
2581         (JSC::BytecodeGenerator::emitPutById):
2582         (JSC::BytecodeGenerator::emitDirectPutById):
2583         (JSC::BytecodeGenerator::emitPutGetterById):
2584         (JSC::BytecodeGenerator::emitPutSetterById):
2585         (JSC::BytecodeGenerator::emitPutGetterSetter):
2586         (JSC::BytecodeGenerator::emitPutGetterByVal):
2587         (JSC::BytecodeGenerator::emitPutSetterByVal):
2588         (JSC::BytecodeGenerator::emitDeleteById):
2589         (JSC::BytecodeGenerator::emitGetByVal):
2590         (JSC::BytecodeGenerator::emitPutByVal):
2591         (JSC::BytecodeGenerator::emitDirectPutByVal):
2592         (JSC::BytecodeGenerator::emitDeleteByVal):
2593         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
2594         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
2595         (JSC::BytecodeGenerator::emitIdWithProfile):
2596         (JSC::BytecodeGenerator::emitUnreachable):
2597         (JSC::BytecodeGenerator::emitGetArgument):
2598         (JSC::BytecodeGenerator::emitCreateThis):
2599         (JSC::BytecodeGenerator::emitTDZCheck):
2600         (JSC::BytecodeGenerator::emitNewObject):
2601         (JSC::BytecodeGenerator::emitNewArrayBuffer):
2602         (JSC::BytecodeGenerator::emitNewArray):
2603         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
2604         (JSC::BytecodeGenerator::emitNewArrayWithSize):
2605         (JSC::BytecodeGenerator::emitNewRegExp):
2606         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
2607         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
2608         (JSC::BytecodeGenerator::emitNewFunction):
2609         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
2610         (JSC::BytecodeGenerator::emitCall):
2611         (JSC::BytecodeGenerator::emitCallInTailPosition):
2612         (JSC::BytecodeGenerator::emitCallEval):
2613         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2614         (JSC::BytecodeGenerator::emitCallVarargs):
2615         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
2616         (JSC::BytecodeGenerator::emitConstructVarargs):
2617         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
2618         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
2619         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
2620         (JSC::BytecodeGenerator::emitCallDefineProperty):
2621         (JSC::BytecodeGenerator::emitReturn):
2622         (JSC::BytecodeGenerator::emitEnd):
2623         (JSC::BytecodeGenerator::emitConstruct):
2624         (JSC::BytecodeGenerator::emitStrcat):
2625         (JSC::BytecodeGenerator::emitToPrimitive):
2626         (JSC::BytecodeGenerator::emitGetScope):
2627         (JSC::BytecodeGenerator::emitPushWithScope):
2628         (JSC::BytecodeGenerator::emitGetParentScope):
2629         (JSC::BytecodeGenerator::emitDebugHook):
2630         (JSC::BytecodeGenerator::emitCatch):
2631         (JSC::BytecodeGenerator::emitThrow):
2632         (JSC::BytecodeGenerator::emitArgumentCount):
2633         (JSC::BytecodeGenerator::emitThrowStaticError):
2634         (JSC::BytecodeGenerator::beginSwitch):
2635         (JSC::prepareJumpTableForSwitch):
2636         (JSC::prepareJumpTableForStringSwitch):
2637         (JSC::BytecodeGenerator::endSwitch):
2638         (JSC::BytecodeGenerator::emitGetEnumerableLength):
2639         (JSC::BytecodeGenerator::emitHasGenericProperty):
2640         (JSC::BytecodeGenerator::emitHasIndexedProperty):
2641         (JSC::BytecodeGenerator::emitHasStructureProperty):
2642         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
2643         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
2644         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
2645         (JSC::BytecodeGenerator::emitToIndexString):
2646         (JSC::BytecodeGenerator::emitIsCellWithType):
2647         (JSC::BytecodeGenerator::emitIsObject):
2648         (JSC::BytecodeGenerator::emitIsNumber):
2649         (JSC::BytecodeGenerator::emitIsUndefined):
2650         (JSC::BytecodeGenerator::emitIsEmpty):
2651         (JSC::BytecodeGenerator::emitRestParameter):
2652         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2653         (JSC::BytecodeGenerator::emitYieldPoint):
2654         (JSC::BytecodeGenerator::emitYield):
2655         (JSC::BytecodeGenerator::emitGetAsyncIterator):
2656         (JSC::BytecodeGenerator::emitDelegateYield):
2657         (JSC::BytecodeGenerator::emitFinallyCompletion):
2658         (JSC::BytecodeGenerator::emitJumpIf):
2659         (JSC::ForInContext::finalize):
2660         (JSC::StructureForInContext::finalize):
2661         (JSC::IndexedForInContext::finalize):
2662         (JSC::StaticPropertyAnalysis::record):
2663         (JSC::BytecodeGenerator::emitToThis):
2664         * bytecompiler/BytecodeGenerator.h:
2665         (JSC::StructureForInContext::addGetInst):
2666         (JSC::BytecodeGenerator::recordOpcode):
2667         (JSC::BytecodeGenerator::addMetadataFor):
2668         (JSC::BytecodeGenerator::emitUnaryOp):
2669         (JSC::BytecodeGenerator::kill):
2670         (JSC::BytecodeGenerator::instructions const):
2671         (JSC::BytecodeGenerator::write):
2672         (JSC::BytecodeGenerator::withWriter):
2673         * bytecompiler/Label.h:
2674         (JSC::Label::Label):
2675         (JSC::Label::bind):
2676         * bytecompiler/NodesCodegen.cpp:
2677         (JSC::ArrayNode::emitBytecode):
2678         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
2679         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2680         (JSC::BitwiseNotNode::emitBytecode):
2681         (JSC::BinaryOpNode::emitBytecode):
2682         (JSC::EqualNode::emitBytecode):
2683         (JSC::StrictEqualNode::emitBytecode):
2684         (JSC::emitReadModifyAssignment):
2685         (JSC::ForInNode::emitBytecode):
2686         (JSC::CaseBlockNode::emitBytecodeForBlock):
2687         (JSC::FunctionNode::emitBytecode):
2688         (JSC::ClassExprNode::emitBytecode):
2689         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
2690         (WTF::printInternal):
2691         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2692         * bytecompiler/RegisterID.h:
2693         * bytecompiler/StaticPropertyAnalysis.h:
2694         (JSC::StaticPropertyAnalysis::create):
2695         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
2696         * bytecompiler/StaticPropertyAnalyzer.h:
2697         (JSC::StaticPropertyAnalyzer::createThis):
2698         (JSC::StaticPropertyAnalyzer::newObject):
2699         (JSC::StaticPropertyAnalyzer::putById):
2700         (JSC::StaticPropertyAnalyzer::mov):
2701         (JSC::StaticPropertyAnalyzer::kill):
2702         * dfg/DFGByteCodeParser.cpp:
2703         (JSC::DFG::ByteCodeParser::addCall):
2704         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2705         (JSC::DFG::ByteCodeParser::getArrayMode):
2706         (JSC::DFG::ByteCodeParser::handleCall):
2707         (JSC::DFG::ByteCodeParser::handleVarargsCall):
2708         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
2709         (JSC::DFG::ByteCodeParser::inlineCall):
2710         (JSC::DFG::ByteCodeParser::handleCallVariant):
2711         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
2712         (JSC::DFG::ByteCodeParser::handleInlining):
2713         (JSC::DFG::ByteCodeParser::handleMinMax):
2714         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
2715         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
2716         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
2717         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
2718         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
2719         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
2720         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2721         (JSC::DFG::ByteCodeParser::handleGetById):
2722         (JSC::DFG::ByteCodeParser::handlePutById):
2723         (JSC::DFG::ByteCodeParser::parseGetById):
2724         (JSC::DFG::ByteCodeParser::parseBlock):
2725         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2726         (JSC::DFG::ByteCodeParser::handlePutByVal):
2727         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
2728         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
2729         (JSC::DFG::ByteCodeParser::handleNewFunc):
2730         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
2731         (JSC::DFG::ByteCodeParser::parse):
2732         * dfg/DFGCapabilities.cpp:
2733         (JSC::DFG::capabilityLevel):
2734         * dfg/DFGCapabilities.h:
2735         (JSC::DFG::capabilityLevel):
2736         * dfg/DFGOSREntry.cpp:
2737         (JSC::DFG::prepareCatchOSREntry):
2738         * dfg/DFGSpeculativeJIT.cpp:
2739         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2740         (JSC::DFG::SpeculativeJIT::compileValueSub):
2741         (JSC::DFG::SpeculativeJIT::compileValueNegate):
2742         (JSC::DFG::SpeculativeJIT::compileArithMul):
2743         * ftl/FTLLowerDFGToB3.cpp:
2744         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2745         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2746         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
2747         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
2748         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
2749         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
2750         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
2751         * ftl/FTLOperations.cpp:
2752         (JSC::FTL::operationMaterializeObjectInOSR):
2753         * generate-bytecode-files: Removed.
2754         * generator/Argument.rb: Added.
2755         * generator/Assertion.rb: Added.
2756         * generator/DSL.rb: Added.
2757         * generator/Fits.rb: Added.
2758         * generator/GeneratedFile.rb: Added.
2759         * generator/Metadata.rb: Added.
2760         * generator/Opcode.rb: Added.
2761         * generator/OpcodeGroup.rb: Added.
2762         * generator/Options.rb: Added.
2763         * generator/Section.rb: Added.
2764         * generator/Template.rb: Added.
2765         * generator/Type.rb: Added.
2766         * generator/main.rb: Added.
2767         * interpreter/AbstractPC.h:
2768         * interpreter/CallFrame.cpp:
2769         (JSC::CallFrame::currentVPC const):
2770         (JSC::CallFrame::setCurrentVPC):
2771         * interpreter/CallFrame.h:
2772         (JSC::CallSiteIndex::CallSiteIndex):
2773         (JSC::ExecState::setReturnPC):
2774         * interpreter/Interpreter.cpp:
2775         (WTF::printInternal):
2776         * interpreter/Interpreter.h:
2777         * interpreter/InterpreterInlines.h:
2778         * interpreter/StackVisitor.cpp:
2779         (JSC::StackVisitor::Frame::dump const):
2780         * interpreter/VMEntryRecord.h:
2781         * jit/JIT.cpp:
2782         (JSC::JIT::JIT):
2783         (JSC::JIT::emitSlowCaseCall):
2784         (JSC::JIT::privateCompileMainPass):
2785         (JSC::JIT::privateCompileSlowCases):
2786         (JSC::JIT::compileWithoutLinking):
2787         (JSC::JIT::link):
2788         * jit/JIT.h:
2789         * jit/JITArithmetic.cpp:
2790         (JSC::JIT::emit_op_jless):
2791         (JSC::JIT::emit_op_jlesseq):
2792         (JSC::JIT::emit_op_jgreater):
2793         (JSC::JIT::emit_op_jgreatereq):
2794         (JSC::JIT::emit_op_jnless):
2795         (JSC::JIT::emit_op_jnlesseq):
2796         (JSC::JIT::emit_op_jngreater):
2797         (JSC::JIT::emit_op_jngreatereq):
2798         (JSC::JIT::emitSlow_op_jless):
2799         (JSC::JIT::emitSlow_op_jlesseq):
2800         (JSC::JIT::emitSlow_op_jgreater):
2801         (JSC::JIT::emitSlow_op_jgreatereq):
2802         (JSC::JIT::emitSlow_op_jnless):
2803         (JSC::JIT::emitSlow_op_jnlesseq):
2804         (JSC::JIT::emitSlow_op_jngreater):
2805         (JSC::JIT::emitSlow_op_jngreatereq):
2806         (JSC::JIT::emit_op_below):
2807         (JSC::JIT::emit_op_beloweq):
2808         (JSC::JIT::emit_op_jbelow):
2809         (JSC::JIT::emit_op_jbeloweq):
2810         (JSC::JIT::emit_op_unsigned):
2811         (JSC::JIT::emit_compareAndJump):
2812         (JSC::JIT::emit_compareUnsignedAndJump):
2813         (JSC::JIT::emit_compareUnsigned):
2814         (JSC::JIT::emit_compareAndJumpSlow):
2815         (JSC::JIT::emit_op_inc):
2816         (JSC::JIT::emit_op_dec):
2817         (JSC::JIT::emit_op_mod):
2818         (JSC::JIT::emitSlow_op_mod):
2819         (JSC::JIT::emit_op_negate):
2820         (JSC::JIT::emitSlow_op_negate):
2821         (JSC::JIT::emitBitBinaryOpFastPath):
2822         (JSC::JIT::emit_op_bitand):
2823         (JSC::JIT::emit_op_bitor):
2824         (JSC::JIT::emit_op_bitxor):
2825         (JSC::JIT::emit_op_lshift):
2826         (JSC::JIT::emitRightShiftFastPath):
2827         (JSC::JIT::emit_op_rshift):
2828         (JSC::JIT::emit_op_urshift):
2829         (JSC::getOperandTypes):
2830         (JSC::JIT::emit_op_add):
2831         (JSC::JIT::emitSlow_op_add):
2832         (JSC::JIT::emitMathICFast):
2833         (JSC::JIT::emitMathICSlow):
2834         (JSC::JIT::emit_op_div):
2835         (JSC::JIT::emit_op_mul):
2836         (JSC::JIT::emitSlow_op_mul):
2837         (JSC::JIT::emit_op_sub):
2838         (JSC::JIT::emitSlow_op_sub):
2839         * jit/JITCall.cpp:
2840         (JSC::JIT::emitPutCallResult):
2841         (JSC::JIT::compileSetupFrame):
2842         (JSC::JIT::compileCallEval):
2843         (JSC::JIT::compileCallEvalSlowCase):
2844         (JSC::JIT::compileTailCall):
2845         (JSC::JIT::compileOpCall):
2846         (JSC::JIT::compileOpCallSlowCase):
2847         (JSC::JIT::emit_op_call):
2848         (JSC::JIT::emit_op_tail_call):
2849         (JSC::JIT::emit_op_call_eval):
2850         (JSC::JIT::emit_op_call_varargs):
2851         (JSC::JIT::emit_op_tail_call_varargs):
2852         (JSC::JIT::emit_op_tail_call_forward_arguments):
2853         (JSC::JIT::emit_op_construct_varargs):
2854         (JSC::JIT::emit_op_construct):
2855         (JSC::JIT::emitSlow_op_call):
2856         (JSC::JIT::emitSlow_op_tail_call):
2857         (JSC::JIT::emitSlow_op_call_eval):
2858         (JSC::JIT::emitSlow_op_call_varargs):
2859         (JSC::JIT::emitSlow_op_tail_call_varargs):
2860         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
2861         (JSC::JIT::emitSlow_op_construct_varargs):
2862         (JSC::JIT::emitSlow_op_construct):
2863         * jit/JITDisassembler.cpp:
2864         (JSC::JITDisassembler::JITDisassembler):
2865         * jit/JITExceptions.cpp:
2866         (JSC::genericUnwind):
2867         * jit/JITInlines.h:
2868         (JSC::JIT::emitDoubleGetByVal):
2869         (JSC::JIT::emitLoadForArrayMode):
2870         (JSC::JIT::emitContiguousGetByVal):
2871         (JSC::JIT::emitArrayStorageGetByVal):
2872         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2873         (JSC::JIT::sampleInstruction):
2874         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
2875         (JSC::JIT::emitValueProfilingSite):
2876         (JSC::JIT::jumpTarget):
2877         (JSC::JIT::copiedGetPutInfo):
2878         (JSC::JIT::copiedArithProfile):
2879         * jit/JITMathIC.h:
2880         (JSC::isProfileEmpty):
2881         (JSC::JITBinaryMathIC::JITBinaryMathIC):
2882         (JSC::JITUnaryMathIC::JITUnaryMathIC):
2883         * jit/JITOpcodes.cpp:
2884         (JSC::JIT::emit_op_mov):
2885         (JSC::JIT::emit_op_end):
2886         (JSC::JIT::emit_op_jmp):
2887         (JSC::JIT::emit_op_new_object):
2888         (JSC::JIT::emitSlow_op_new_object):
2889         (JSC::JIT::emit_op_overrides_has_instance):
2890         (JSC::JIT::emit_op_instanceof):
2891         (JSC::JIT::emitSlow_op_instanceof):
2892         (JSC::JIT::emit_op_instanceof_custom):
2893         (JSC::JIT::emit_op_is_empty):
2894         (JSC::JIT::emit_op_is_undefined):
2895         (JSC::JIT::emit_op_is_boolean):
2896         (JSC::JIT::emit_op_is_number):
2897         (JSC::JIT::emit_op_is_cell_with_type):
2898         (JSC::JIT::emit_op_is_object):
2899         (JSC::JIT::emit_op_ret):
2900         (JSC::JIT::emit_op_to_primitive):
2901         (JSC::JIT::emit_op_set_function_name):
2902         (JSC::JIT::emit_op_not):
2903         (JSC::JIT::emit_op_jfalse):
2904         (JSC::JIT::emit_op_jeq_null):
2905         (JSC::JIT::emit_op_jneq_null):
2906         (JSC::JIT::emit_op_jneq_ptr):
2907         (JSC::JIT::emit_op_eq):
2908         (JSC::JIT::emit_op_jeq):
2909         (JSC::JIT::emit_op_jtrue):
2910         (JSC::JIT::emit_op_neq):
2911         (JSC::JIT::emit_op_jneq):
2912         (JSC::JIT::emit_op_throw):
2913         (JSC::JIT::compileOpStrictEq):
2914         (JSC::JIT::emit_op_stricteq):
2915         (JSC::JIT::emit_op_nstricteq):
2916         (JSC::JIT::compileOpStrictEqJump):
2917         (JSC::JIT::emit_op_jstricteq):
2918         (JSC::JIT::emit_op_jnstricteq):
2919         (JSC::JIT::emitSlow_op_jstricteq):
2920         (JSC::JIT::emitSlow_op_jnstricteq):
2921         (JSC::JIT::emit_op_to_number):
2922         (JSC::JIT::emit_op_to_string):
2923         (JSC::JIT::emit_op_to_object):
2924         (JSC::JIT::emit_op_catch):
2925         (JSC::JIT::emit_op_identity_with_profile):
2926         (JSC::JIT::emit_op_get_parent_scope):
2927         (JSC::JIT::emit_op_switch_imm):
2928         (JSC::JIT::emit_op_switch_char):
2929         (JSC::JIT::emit_op_switch_string):
2930         (JSC::JIT::emit_op_debug):
2931         (JSC::JIT::emit_op_eq_null):
2932         (JSC::JIT::emit_op_neq_null):
2933         (JSC::JIT::emit_op_enter):
2934         (JSC::JIT::emit_op_get_scope):
2935         (JSC::JIT::emit_op_to_this):
2936         (JSC::JIT::emit_op_create_this):
2937         (JSC::JIT::emit_op_check_tdz):
2938         (JSC::JIT::emitSlow_op_eq):
2939         (JSC::JIT::emitSlow_op_neq):
2940         (JSC::JIT::emitSlow_op_jeq):
2941         (JSC::JIT::emitSlow_op_jneq):
2942         (JSC::JIT::emitSlow_op_instanceof_custom):
2943         (JSC::JIT::emit_op_loop_hint):
2944         (JSC::JIT::emitSlow_op_loop_hint):
2945         (JSC::JIT::emit_op_check_traps):
2946         (JSC::JIT::emit_op_nop):
2947         (JSC::JIT::emit_op_super_sampler_begin):
2948         (JSC::JIT::emit_op_super_sampler_end):
2949         (JSC::JIT::emitSlow_op_check_traps):
2950         (JSC::JIT::emit_op_new_regexp):
2951         (JSC::JIT::emitNewFuncCommon):
2952         (JSC::JIT::emit_op_new_func):
2953         (JSC::JIT::emit_op_new_generator_func):
2954         (JSC::JIT::emit_op_new_async_generator_func):
2955         (JSC::JIT::emit_op_new_async_func):
2956         (JSC::JIT::emitNewFuncExprCommon):
2957         (JSC::JIT::emit_op_new_func_exp):
2958         (JSC::JIT::emit_op_new_generator_func_exp):
2959         (JSC::JIT::emit_op_new_async_func_exp):
2960         (JSC::JIT::emit_op_new_async_generator_func_exp):
2961         (JSC::JIT::emit_op_new_array):
2962         (JSC::JIT::emit_op_new_array_with_size):
2963         (JSC::JIT::emit_op_has_structure_property):
2964         (JSC::JIT::privateCompileHasIndexedProperty):
2965         (JSC::JIT::emit_op_has_indexed_property):
2966         (JSC::JIT::emitSlow_op_has_indexed_property):
2967         (JSC::JIT::emit_op_get_direct_pname):
2968         (JSC::JIT::emit_op_enumerator_structure_pname):
2969         (JSC::JIT::emit_op_enumerator_generic_pname):
2970         (JSC::JIT::emit_op_profile_type):
2971         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2972         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2973         (JSC::JIT::emit_op_profile_control_flow):
2974         (JSC::JIT::emit_op_argument_count):
2975         (JSC::JIT::emit_op_get_rest_length):
2976         (JSC::JIT::emit_op_get_argument):
2977         * jit/JITOpcodes32_64.cpp:
2978         (JSC::JIT::emit_op_to_this):
2979         * jit/JITOperations.cpp:
2980         * jit/JITOperations.h:
2981         * jit/JITPropertyAccess.cpp:
2982         (JSC::JIT::emit_op_get_by_val):
2983         (JSC::JIT::emitGetByValWithCachedId):
2984         (JSC::JIT::emitSlow_op_get_by_val):
2985         (JSC::JIT::emit_op_put_by_val_direct):
2986         (JSC::JIT::emit_op_put_by_val):
2987         (JSC::JIT::emitGenericContiguousPutByVal):
2988         (JSC::JIT::emitArrayStoragePutByVal):
2989         (JSC::JIT::emitPutByValWithCachedId):
2990         (JSC::JIT::emitSlow_op_put_by_val):
2991         (JSC::JIT::emit_op_put_getter_by_id):
2992         (JSC::JIT::emit_op_put_setter_by_id):
2993         (JSC::JIT::emit_op_put_getter_setter_by_id):
2994         (JSC::JIT::emit_op_put_getter_by_val):
2995         (JSC::JIT::emit_op_put_setter_by_val):
2996         (JSC::JIT::emit_op_del_by_id):
2997         (JSC::JIT::emit_op_del_by_val):
2998         (JSC::JIT::emit_op_try_get_by_id):
2999         (JSC::JIT::emitSlow_op_try_get_by_id):
3000         (JSC::JIT::emit_op_get_by_id_direct):
3001         (JSC::JIT::emitSlow_op_get_by_id_direct):
3002         (JSC::JIT::emit_op_get_by_id):
3003         (JSC::JIT::emit_op_get_by_id_with_this):
3004         (JSC::JIT::emitSlow_op_get_by_id):
3005         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3006         (JSC::JIT::emit_op_put_by_id):
3007         (JSC::JIT::emitSlow_op_put_by_id):
3008         (JSC::JIT::emit_op_in_by_id):
3009         (JSC::JIT::emitSlow_op_in_by_id):
3010         (JSC::JIT::emit_op_resolve_scope):
3011         (JSC::JIT::emit_op_get_from_scope):
3012         (JSC::JIT::emitSlow_op_get_from_scope):
3013         (JSC::JIT::emit_op_put_to_scope):
3014         (JSC::JIT::emitSlow_op_put_to_scope):
3015         (JSC::JIT::emit_op_get_from_arguments):
3016         (JSC::JIT::emit_op_put_to_arguments):
3017         (JSC::JIT::privateCompileGetByVal):
3018         (JSC::JIT::privateCompileGetByValWithCachedId):
3019         (JSC::JIT::privateCompilePutByVal):
3020         (JSC::JIT::privateCompilePutByValWithCachedId):
3021         (JSC::JIT::emitDoubleLoad):
3022         (JSC::JIT::emitContiguousLoad):
3023         (JSC::JIT::emitArrayStorageLoad):
3024         (JSC::JIT::emitDirectArgumentsGetByVal):
3025         (JSC::JIT::emitScopedArgumentsGetByVal):
3026         (JSC::JIT::emitIntTypedArrayGetByVal):
3027         (JSC::JIT::emitFloatTypedArrayGetByVal):
3028         (JSC::JIT::emitIntTypedArrayPutByVal):
3029         (JSC::JIT::emitFloatTypedArrayPutByVal):
3030         * jit/RegisterSet.cpp:
3031         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
3032         * jit/SlowPathCall.h:
3033         (JSC::JITSlowPathCall::JITSlowPathCall):
3034         * llint/LLIntData.cpp:
3035         (JSC::LLInt::initialize):
3036         (JSC::LLInt::Data::performAssertions):
3037         * llint/LLIntData.h:
3038         (JSC::LLInt::exceptionInstructions):
3039         (JSC::LLInt::opcodeMap):
3040         (JSC::LLInt::opcodeMapWide):
3041         (JSC::LLInt::getOpcode):
3042         (JSC::LLInt::getOpcodeWide):
3043         (JSC::LLInt::getWideCodePtr):
3044         * llint/LLIntOffsetsExtractor.cpp:
3045         * llint/LLIntSlowPaths.cpp:
3046         (JSC::LLInt::llint_trace_operand):
3047         (JSC::LLInt::llint_trace_value):
3048         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3049         (JSC::LLInt::entryOSR):
3050         (JSC::LLInt::setupGetByIdPrototypeCache):
3051         (JSC::LLInt::getByVal):
3052         (JSC::LLInt::handleHostCall):
3053         (JSC::LLInt::setUpCall):
3054         (JSC::LLInt::genericCall):
3055         (JSC::LLInt::varargsSetup):
3056         (JSC::LLInt::commonCallEval):
3057         * llint/LLIntSlowPaths.h:
3058         * llint/LowLevelInterpreter.asm:
3059         * llint/LowLevelInterpreter.cpp:
3060         (JSC::CLoopRegister::operator const Instruction*):
3061         (JSC::CLoop::execute):
3062         * llint/LowLevelInterpreter32_64.asm:
3063         * llint/LowLevelInterpreter64.asm:
3064         * offlineasm/arm64.rb:
3065         * offlineasm/asm.rb:
3066         * offlineasm/ast.rb:
3067         * offlineasm/cloop.rb:
3068         * offlineasm/generate_offset_extractor.rb:
3069         * offlineasm/instructions.rb:
3070         * offlineasm/offsets.rb:
3071         * offlineasm/parser.rb:
3072         * offlineasm/transform.rb:
3073         * offlineasm/x86.rb:
3074         * parser/ResultType.h:
3075         (JSC::ResultType::dump const):
3076         (JSC::OperandTypes::first const):
3077         (JSC::OperandTypes::second const):
3078         (JSC::OperandTypes::dump const):
3079         * profiler/ProfilerBytecodeSequence.cpp:
3080         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
3081         * runtime/CommonSlowPaths.cpp:
3082         (JSC::SLOW_PATH_DECL):
3083         (JSC::updateArithProfileForUnaryArithOp):
3084         (JSC::updateArithProfileForBinaryArithOp):
3085         * runtime/CommonSlowPaths.h:
3086         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
3087         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
3088         * runtime/ExceptionFuzz.cpp:
3089         (JSC::doExceptionFuzzing):
3090         * runtime/ExceptionFuzz.h:
3091         (JSC::doExceptionFuzzingIfEnabled):
3092         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3093         (JSC::GetPutInfo::dump const):
3094         (WTF::printInternal):
3095         * runtime/GetPutInfo.h:
3096         (JSC::GetPutInfo::operand const):
3097         * runtime/JSCPoison.h:
3098         * runtime/JSType.cpp: Added.
3099         (WTF::printInternal):
3100         * runtime/JSType.h:
3101         * runtime/SamplingProfiler.cpp:
3102         (JSC::SamplingProfiler::StackFrame::displayName):
3103         * runtime/SamplingProfiler.h:
3104         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
3105         * runtime/SlowPathReturnType.h:
3106         (JSC::encodeResult):
3107         (JSC::decodeResult):
3108         * runtime/VM.h:
3109         * runtime/Watchdog.h:
3110         * tools/HeapVerifier.cpp:
3111
3112 2018-10-26  Commit Queue  <commit-queue@webkit.org>
3113
3114         Unreviewed, rolling out r237445.
3115         https://bugs.webkit.org/show_bug.cgi?id=190972
3116
3117         Cause performance regression on iOS devices (Requested by
3118         yusukesuzuki on #webkit).
3119
3120         Reverted changeset:
3121
3122         "Unreviewed, partial rolling in r237254"
3123         https://bugs.webkit.org/show_bug.cgi?id=190340
3124         https://trac.webkit.org/changeset/237445
3125
3126 2018-10-26  Mark Lam  <mark.lam@apple.com>
3127
3128         Fix missing edge cases with JSGlobalObjects having a bad time.
3129         https://bugs.webkit.org/show_bug.cgi?id=189028
3130         <rdar://problem/45204939>
3131
3132         Reviewed by Saam Barati.
3133
3134         Consider the following scenario:
3135
3136             let object O1 (of global G1) have an indexing type that is not SlowPut.
3137             let global G2 have a bad time.
3138             let object O2 (of global G2) be set as the prototype of O1.
3139             let object O3 (of global G2) have indexed accessors.
3140
3141         In the existing code, if we set O3 as O2's prototype, we'll have a bug where
3142         O1 will not be made aware that that there are indexed accessors in its prototype
3143         chain.
3144
3145         In this patch, we solve this issue by introducing a new invariant:
3146
3147             A prototype chain is considered to possibly have indexed accessors if any
3148             object in the chain belongs to a global object that is having a bad time.
3149
3150         We apply this invariant as follows:
3151
3152         1. Enhance JSGlobalObject::haveABadTime() to also check if other global objects are
3153            affected by it having a bad time.  If so, it also ensures that those affected
3154            global objects have a bad time.
3155
3156            The original code for JSGlobalObject::haveABadTime() uses a ObjectsWithBrokenIndexingFinder
3157            to find all objects affected by the global object having a bad time.  We enhance
3158            ObjectsWithBrokenIndexingFinder to also check for the possibility that any global
3159            objects may be affected by other global objects having a bad time i.e.
3160
3161                 let g1 = global1
3162                 let g2 = global2
3163                 let o1 = an object in g1
3164                 let o2 = an object in g2
3165
3166                 let g1 have a bad time
3167                 g2 is affected if
3168                     o1 is in the prototype chain of o2,
3169                     and o2 may be a prototype.
3170
3171            If the ObjectsWithBrokenIndexingFinder does find the possibility of other global
3172            objects being affected, it will abort its heap scan and let haveABadTime() take
3173            a slow path to do a more complete multi global object scan.
3174
3175            The slow path works as follows:
3176
3177            1. Iterate the heap and record the graph of all global object dependencies.
3178
3179               For each global object, record the list of other global objects that are
3180               affected by it.
3181
3182            2. Compute a list of global objects that need to have a bad time using the
3183               current global object dependency graph.
3184
3185            3. For each global object in the list of affected global objects, fire their
3186               HaveABadTime watchpoint and convert all their array structures to the
3187               SlowPut alternatives.
3188
3189            4. Re-run ObjectsWithBrokenIndexingFinder to find all objects that are affected
3190               by any of the globals in the list from (2).
3191
3192         2. Enhance Structure::mayInterceptIndexedAccesses() to also return true if the
3193            structure's global object is having a bad time.
3194
3195         Note: there are 3 scenarios that we need to consider:
3196
3197             let g1 = global1
3198             let g2 = global2
3199             let o1 = an object in g1
3200             let o2 = an object in g2
3201
3202             Scenario 1: o2 is a prototype, and
3203                         g1 has a bad time after o1 is inserted into the o2's prototype chain.
3204
3205             Scenario 2: o2 is a prototype, and
3206                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
3207
3208             Scenario 3: o2 is NOT a prototype, and
3209                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
3210
3211             For scenario 1, when g1 has a bad time, we need to also make sure g2 has
3212             a bad time.  This is handled by enhancement 1 above.
3213
3214             For scenario 2, when o1 is inserted into o2's prototype chain, we need to check
3215             if o1's global object has a bad time.  If so, then we need to make sure o2's
3216             global also has a bad time (because o2 is a prototype) and convert o2's
3217             storage type to SlowPut.  This is handled by enhancement 2 above in conjunction
3218             with JSObject::setPrototypeDirect().
3219
3220             For scenario 3, when o1 is inserted into o2's prototype chain, we need to check
3221             if o1's global object has a bad time.  If so, then we only need to convert o2's
3222             storage type to SlowPut (because o2 is NOT a prototype).  This is handled by
3223             enhancement 2 above.
3224
3225         3. Also add $vm.isHavingABadTime(), $vm.createGlobalObject() to enable us to
3226            write some tests for this issue.
3227
3228         * runtime/JSGlobalObject.cpp:
3229         (JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
3230         (JSC::JSGlobalObject::haveABadTime):
3231         * runtime/JSGlobalObject.h:
3232         * runtime/JSObject.h:
3233         (JSC::JSObject::mayInterceptIndexedAccesses): Deleted.
3234         * runtime/JSObjectInlines.h:
3235         (JSC::JSObject::mayInterceptIndexedAccesses):
3236         * runtime/Structure.h:
3237         * runtime/StructureInlines.h:
3238         (JSC::Structure::mayInterceptIndexedAccesses const):
3239         * tools/JSDollarVM.cpp:
3240         (JSC::functionHaveABadTime):
3241         (JSC::functionIsHavingABadTime):
3242         (JSC::functionCreateGlobalObject):
3243         (JSC::JSDollarVM::finishCreation):
3244
3245 2018-10-26  Keith Miller  <keith_miller@apple.com>
3246
3247         JSC xcconfig should set DEFINES_MODULE
3248         https://bugs.webkit.org/show_bug.cgi?id=190952
3249
3250         Reviewed by Mark Lam.
3251
3252         This should mean that the JavaScriptCore.framework will have a module map.
3253
3254         * Configurations/JavaScriptCore.xcconfig:
3255
3256 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3257
3258         [JSC] havingABadTimeWatchpoint is not required in Array#indexOf optimization
3259         https://bugs.webkit.org/show_bug.cgi?id=190941
3260
3261         Reviewed by Saam Barati.
3262
3263         While "Rest" operation fast path requires havingABadTimeWatchpoint since it allocates
3264         JSArray, Array#{indexOf,lastIndexOf} do not require it when we use the fast path for them.
3265         This patch removes watching on havingABadTimeWatchpoint in Array#indexOf. The test causing
3266         "havingABadTime" is already included in our test suites (e.g. array-indexof-have-a-bad-time.js).
3267
3268         * dfg/DFGByteCodeParser.cpp:
3269         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3270         * runtime/JSArrayInlines.h:
3271         (JSC::JSArray::canDoFastIndexedAccess):
3272         * runtime/JSGlobalObject.h:
3273         * runtime/JSGlobalObjectInlines.h:
3274         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
3275         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable): Deleted.
3276
3277 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3278
3279         Unreviewed, partial rolling in r237254
3280         https://bugs.webkit.org/show_bug.cgi?id=190340
3281
3282         We do not use the added function right now to investigate what is the reason of the regression.
3283         If it causes the regression, it seems that Parser.cpp's inlining decision seems culprit.
3284
3285         * bytecode/UnlinkedFunctionExecutable.cpp:
3286         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3287         * bytecode/UnlinkedFunctionExecutable.h:
3288         * parser/Parser.cpp:
3289         (JSC::Parser<LexerType>::parseInner):
3290         (JSC::Parser<LexerType>::parseSingleFunction):
3291         (JSC::Parser<LexerType>::parseFunctionInfo):
3292         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3293         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
3294         * parser/Parser.h:
3295         (JSC::Parser<LexerType>::parse):
3296         (JSC::parse):
3297         (JSC::parseFunctionForFunctionConstructor):
3298         * parser/ParserModes.h:
3299         * parser/ParserTokens.h:
3300         (JSC::JSTextPosition::JSTextPosition):
3301         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
3302         * parser/SourceCodeKey.h:
3303         (JSC::SourceCodeKey::SourceCodeKey):
3304         (JSC::SourceCodeKey::operator== const):
3305         * runtime/CodeCache.cpp:
3306         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3307         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3308         * runtime/CodeCache.h:
3309         * runtime/FunctionConstructor.cpp:
3310         (JSC::constructFunctionSkippingEvalEnabledCheck):
3311         * runtime/FunctionExecutable.cpp:
3312         (JSC::FunctionExecutable::fromGlobalCode):
3313         * runtime/FunctionExecutable.h:
3314
3315 2018-10-25  Brent Fulgham  <bfulgham@apple.com>
3316
3317         Unreviewed build fix for Visual Studio 2017
3318
3319         * API/tests/testapi.c:
3320         (testMarkingConstraintsAndHeapFinalizers):
3321         (main):
3322
3323 2018-10-25  Devin Rousso  <drousso@apple.com>
3324
3325         Web Inspector: display fullscreen enter/exit events in Timelines and Network node waterfalls
3326         https://bugs.webkit.org/show_bug.cgi?id=189874
3327         <rdar://problem/44700000>
3328
3329         Reviewed by Joseph Pecoraro.
3330
3331         * inspector/protocol/DOM.json:
3332         Allow `data` to be passed to the frontend with `didFireEvent`.
3333
3334 2018-10-25  Ross Kirsling  <ross.kirsling@sony.com>
3335
3336         Cleanup: inline constexpr is redundant as constexpr implies inline
3337         https://bugs.webkit.org/show_bug.cgi?id=190819
3338
3339         Reviewed by Mark Lam.
3340
3341         * bytecode/ArrayProfile.h:
3342         (JSC::asArrayModes):
3343         * runtime/IndexingType.h:
3344         (JSC::isCopyOnWrite):
3345         * runtime/MathCommon.h:
3346         (JSC::maxSafeInteger):
3347         (JSC::minSafeInteger):
3348         * runtime/StackAlignment.h:
3349         (JSC::stackAlignmentBytes):
3350         (JSC::stackAlignmentRegisters):
3351
3352 2018-10-24  Megan Gardner  <megan_gardner@apple.com>
3353
3354         Turn on Conic Gradients
3355         https://bugs.webkit.org/show_bug.cgi?id=190810
3356
3357         Reviewed by Tim Horton.
3358
3359         * Configurations/FeatureDefines.xcconfig:
3360
3361 2018-10-24  Michael Saboff  <msaboff@apple.com>
3362
3363         Increase executable memory pool from 64MB to 128MB for ARM64
3364         https://bugs.webkit.org/show_bug.cgi?id=190453
3365
3366         Unreviewed, rolling back in r237024.
3367
3368         The original change did impact ARES-6 performance by 4-8%.  That will
3369         be investigated separately.
3370
3371 2018-10-22  Keith Rollin  <krollin@apple.com>
3372
3373         Use Location = "Relative to Build Products" rather than "Relative to Group"
3374         https://bugs.webkit.org/show_bug.cgi?id=190781