[Win] Switch to CMake
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-09-25  Alex Christensen  <achristensen@webkit.org>
2
3         [Win] Switch to CMake
4         https://bugs.webkit.org/show_bug.cgi?id=148111
5
6         Reviewed by Brent Fulgham.
7
8         * JavaScriptCore.vcxproj/JavaScriptCore.proj:
9
10 2015-09-24  Mark Lam  <mark.lam@apple.com>
11
12         Remove the use of "Immediate" in JIT function names.
13         https://bugs.webkit.org/show_bug.cgi?id=149542
14
15         Reviewed by Geoffrey Garen.
16
17         We will rename the following:
18             isOperandConstantImmediateDouble => isOperandConstantDouble
19             isOperandConstantImmediateInt => isOperandConstantInt
20             isOperandConstantImmediateChar => isOperandConstantChar
21
22             getOperandConstantImmediateInt => getOperandConstantInt
23             getConstantOperandImmediateInt => getOperandConstantInt
24
25             emitJumpIfImmediateInteger => emitJumpIfInt
26             emitJumpIfNotImmediateInteger => emitJumpIfNotInt
27             emitJumpIfNotImmediateIntegers => emitJumpIfNotInt
28             emitPatchableJumpIfNotImmediateInteger => emitPatchableJumpIfNotInt
29             emitJumpSlowCaseIfNotImmediateInteger => emitJumpSlowCaseIfNotInt
30             emitJumpSlowCaseIfNotImmediateNumber => emitJumpSlowCaseIfNotNumber
31             emitJumpSlowCaseIfNotImmediateIntegers => emitJumpSlowCaseIfNotInt
32             emitFastArithReTagImmediate => emitTagInt
33             emitTagAsBoolImmediate => emitTagBool
34             emitJumpIfImmediateNumber => emitJumpIfNumber
35             emitJumpIfNotImmediateNumber => emitJumpIfNotNumber
36             emitFastArithImmToInt - Deleted because this is an empty function.
37             emitFastArithIntToImmNoCheck => emitTagInt
38             emitPutImmediateToCallFrameHeader => emitPutToCallFrameHeader
39
40         This is purely a refactoring patch to do the renaming.  There is no behavior
41         change.
42
43         * dfg/DFGJITCompiler.cpp:
44         (JSC::DFG::JITCompiler::compileEntry):
45         (JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
46         * jit/AssemblyHelpers.h:
47         (JSC::AssemblyHelpers::emitPutToCallFrameHeader):
48         (JSC::AssemblyHelpers::emitPutImmediateToCallFrameHeader): Deleted.
49         * jit/JIT.cpp:
50         (JSC::JIT::privateCompile):
51         * jit/JIT.h:
52         (JSC::JIT::emitStoreCell):
53         (JSC::JIT::getSlowCase):
54         * jit/JITArithmetic.cpp:
55         (JSC::JIT::emit_op_negate):
56         (JSC::JIT::emit_op_lshift):
57         (JSC::JIT::emit_op_rshift):
58         (JSC::JIT::emitSlow_op_rshift):
59         (JSC::JIT::emit_op_urshift):
60         (JSC::JIT::emitSlow_op_urshift):
61         (JSC::JIT::emit_op_unsigned):
62         (JSC::JIT::emit_compareAndJump):
63         (JSC::JIT::emit_compareAndJumpSlow):
64         (JSC::JIT::emit_op_bitand):
65         (JSC::JIT::emit_op_inc):
66         (JSC::JIT::emit_op_dec):
67         (JSC::JIT::emit_op_mod):
68         (JSC::JIT::compileBinaryArithOp):
69         (JSC::JIT::compileBinaryArithOpSlowCase):
70         (JSC::JIT::emit_op_add):
71         (JSC::JIT::emitSlow_op_add):
72         (JSC::JIT::emit_op_mul):
73         (JSC::JIT::emitSlow_op_mul):
74         (JSC::JIT::emit_op_div):
75         (JSC::JIT::emitSlow_op_div):
76         * jit/JITArithmetic32_64.cpp:
77         (JSC::JIT::emit_compareAndJump):
78         (JSC::JIT::emit_compareAndJumpSlow):
79         (JSC::JIT::emit_op_lshift):
80         (JSC::JIT::emitSlow_op_lshift):
81         (JSC::JIT::emitRightShift):
82         (JSC::JIT::emitRightShiftSlowCase):
83         (JSC::JIT::emit_op_bitand):
84         (JSC::JIT::emitSlow_op_bitand):
85         (JSC::JIT::emit_op_bitor):
86         (JSC::JIT::emitSlow_op_bitor):
87         (JSC::JIT::emit_op_bitxor):
88         (JSC::JIT::emitSlow_op_bitxor):
89         (JSC::JIT::emit_op_add):
90         (JSC::JIT::emitSlow_op_add):
91         (JSC::JIT::emit_op_sub):
92         (JSC::JIT::emitSlow_op_sub):
93         * jit/JITInlines.h:
94         (JSC::JIT::emitArrayStorageGetByVal):
95         (JSC::JIT::isOperandConstantDouble):
96         (JSC::JIT::isOperandConstantChar):
97         (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
98         (JSC::JIT::isOperandConstantInt):
99         (JSC::JIT::getOperandConstantInt):
100         (JSC::JIT::emitGetVirtualRegisters):
101         (JSC::JIT::emitLoadInt32ToDouble):
102         (JSC::JIT::emitJumpIfInt):
103         (JSC::JIT::emitJumpIfNotInt):
104         (JSC::JIT::emitPatchableJumpIfNotInt):
105         (JSC::JIT::emitJumpSlowCaseIfNotInt):
106         (JSC::JIT::emitJumpSlowCaseIfNotNumber):
107         (JSC::JIT::emitTagBool):
108         (JSC::JIT::isOperandConstantImmediateDouble): Deleted.
109         (JSC::JIT::isOperandConstantImmediateChar): Deleted.
110         (JSC::JIT::isOperandConstantImmediateInt): Deleted.
111         (JSC::JIT::getOperandConstantImmediateInt): Deleted.
112         (JSC::JIT::getConstantOperandImmediateInt): Deleted.
113         (JSC::JIT::emitJumpIfImmediateInteger): Deleted.
114         (JSC::JIT::emitJumpIfNotImmediateInteger): Deleted.
115         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger): Deleted.
116         (JSC::JIT::emitJumpIfNotImmediateIntegers): Deleted.
117         (JSC::JIT::emitJumpSlowCaseIfNotImmediateInteger): Deleted.
118         (JSC::JIT::emitJumpSlowCaseIfNotImmediateIntegers): Deleted.
119         (JSC::JIT::emitJumpSlowCaseIfNotImmediateNumber): Deleted.
120         (JSC::JIT::emitFastArithReTagImmediate): Deleted.
121         (JSC::JIT::emitTagAsBoolImmediate): Deleted.
122         * jit/JITOpcodes.cpp:
123         (JSC::JIT::emit_op_is_undefined):
124         (JSC::JIT::emit_op_is_boolean):
125         (JSC::JIT::emit_op_is_number):
126         (JSC::JIT::emit_op_is_string):
127         (JSC::JIT::emit_op_is_object):
128         (JSC::JIT::emit_op_jfalse):
129         (JSC::JIT::emit_op_eq):
130         (JSC::JIT::emit_op_jtrue):
131         (JSC::JIT::emit_op_neq):
132         (JSC::JIT::emit_op_bitxor):
133         (JSC::JIT::emit_op_bitor):
134         (JSC::JIT::compileOpStrictEq):
135         (JSC::JIT::emit_op_to_number):
136         (JSC::JIT::emit_op_eq_null):
137         (JSC::JIT::emit_op_neq_null):
138         (JSC::JIT::emitSlow_op_eq):
139         (JSC::JIT::emitSlow_op_neq):
140         (JSC::JIT::emit_op_profile_type):
141         * jit/JITOpcodes32_64.cpp:
142         (JSC::JIT::privateCompileCTINativeCall):
143         * jit/JITPropertyAccess.cpp:
144         (JSC::JIT::emit_op_get_by_val):
145         (JSC::JIT::emit_op_put_by_val):
146         (JSC::JIT::emitGenericContiguousPutByVal):
147         (JSC::JIT::emit_op_put_by_id):
148         (JSC::JIT::emitIntTypedArrayPutByVal):
149         (JSC::JIT::emitFloatTypedArrayPutByVal):
150         * jit/JSInterfaceJIT.h:
151         (JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
152         (JSC::JSInterfaceJIT::emitJumpIfNumber):
153         (JSC::JSInterfaceJIT::emitJumpIfNotNumber):
154         (JSC::JSInterfaceJIT::emitLoadDouble):
155         (JSC::JSInterfaceJIT::emitTagInt):
156         (JSC::JSInterfaceJIT::emitPutToCallFrameHeader):
157         (JSC::JSInterfaceJIT::emitJumpIfImmediateNumber): Deleted.
158         (JSC::JSInterfaceJIT::emitJumpIfNotImmediateNumber): Deleted.
159         (JSC::JSInterfaceJIT::emitFastArithImmToInt): Deleted.
160         (JSC::JSInterfaceJIT::emitFastArithIntToImmNoCheck): Deleted.
161         (JSC::JSInterfaceJIT::emitPutImmediateToCallFrameHeader): Deleted.
162         * jit/ThunkGenerators.cpp:
163         (JSC::nativeForGenerator):
164         * wasm/WASMFunctionCompiler.h:
165         (JSC::WASMFunctionCompiler::startFunction):
166         (JSC::WASMFunctionCompiler::endFunction):
167
168 2015-09-24  Michael Saboff  <msaboff@apple.com>
169
170         [ES6] Implement tail calls in the DFG
171         https://bugs.webkit.org/show_bug.cgi?id=148663
172
173         Reviewed by Filip Pizlo.
174
175         jsc-tailcall: Implement the tail call opcodes in the DFG
176         https://bugs.webkit.org/show_bug.cgi?id=146850
177
178         This patch adds support for tail calls in the DFG. This requires a slightly high number of nodes:
179
180          - TailCall and TailCallVarargs are straightforward. They are terminal
181            nodes and have the semantics of an actual tail call.
182
183          - TailCallInlinedCaller and TailCallVarargsInlinedCaller are here to perform a
184            tail call inside an inlined function. They are non terminal nodes,
185            and are performing the call as a regular call after popping an
186            appropriate number of inlined tail call frames.
187
188          - TailCallForwardVarargs and TailCallForwardVarargsInlinedCaller are the
189            extension of TailCallVarargs and TailCallVarargsInlinedCaller to enable
190            the varargs forwarding optimization so that we don't lose
191            performance with a tail call instead of a regular call.
192
193         This also required two broad kind of changes:
194
195          - Changes in the JIT itself (DFGSpeculativeJIT) are pretty
196            straightforward since they are just an extension of the baseline JIT
197            changes introduced previously.
198
199          - Changes in the runtime are mostly related with handling inline call
200            frames. The idea here is that we have a special TailCall type for
201            call frames that indicates to the various pieces of code walking the
202            inline call frame that they should (recursively) skip the caller in
203            their analysis.
204
205         * bytecode/CallMode.h:
206         (JSC::specializationKindFor):
207         * bytecode/CodeOrigin.cpp:
208         (JSC::CodeOrigin::inlineDepthForCallFrame):
209         (JSC::CodeOrigin::isApproximatelyEqualTo):
210         (JSC::CodeOrigin::approximateHash):
211         (JSC::CodeOrigin::inlineStack):
212         * bytecode/CodeOrigin.h:
213         * bytecode/InlineCallFrame.cpp:
214         (JSC::InlineCallFrame::dumpInContext):
215         (WTF::printInternal):
216         * bytecode/InlineCallFrame.h:
217         (JSC::InlineCallFrame::callModeFor):
218         (JSC::InlineCallFrame::kindFor):
219         (JSC::InlineCallFrame::varargsKindFor):
220         (JSC::InlineCallFrame::specializationKindFor):
221         (JSC::InlineCallFrame::isVarargs):
222         (JSC::InlineCallFrame::isTail):
223         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
224         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
225         (JSC::InlineCallFrame::getCallerInlineFrameSkippingDeadFrames):
226         * dfg/DFGAbstractInterpreterInlines.h:
227         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
228         * dfg/DFGArgumentsEliminationPhase.cpp:
229         * dfg/DFGBasicBlock.h:
230         (JSC::DFG::BasicBlock::findTerminal):
231         * dfg/DFGByteCodeParser.cpp:
232         (JSC::DFG::ByteCodeParser::inlineCallFrame):
233         (JSC::DFG::ByteCodeParser::allInlineFramesAreTailCalls):
234         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
235         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
236         (JSC::DFG::ByteCodeParser::addCall):
237         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
238         (JSC::DFG::ByteCodeParser::getPrediction):
239         (JSC::DFG::ByteCodeParser::handleCall):
240         (JSC::DFG::ByteCodeParser::handleVarargsCall):
241         (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
242         (JSC::DFG::ByteCodeParser::inliningCost):
243         (JSC::DFG::ByteCodeParser::inlineCall):
244         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
245         (JSC::DFG::ByteCodeParser::parseBlock):
246         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
247         (JSC::DFG::ByteCodeParser::parseCodeBlock):
248         * dfg/DFGCapabilities.cpp:
249         (JSC::DFG::capabilityLevel):
250         * dfg/DFGClobberize.h:
251         (JSC::DFG::clobberize):
252         * dfg/DFGDoesGC.cpp:
253         (JSC::DFG::doesGC):
254         * dfg/DFGFixupPhase.cpp:
255         (JSC::DFG::FixupPhase::fixupNode):
256         * dfg/DFGGraph.cpp:
257         (JSC::DFG::Graph::isLiveInBytecode):
258         * dfg/DFGGraph.h:
259         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
260         * dfg/DFGInPlaceAbstractState.cpp:
261         (JSC::DFG::InPlaceAbstractState::mergeToSuccessors):
262         * dfg/DFGJITCompiler.cpp:
263         (JSC::DFG::JITCompiler::willCatchExceptionInMachineFrame):
264         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
265         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::willCatchException):
266         * dfg/DFGNode.h:
267         (JSC::DFG::Node::hasCallVarargsData):
268         (JSC::DFG::Node::isTerminal):
269         (JSC::DFG::Node::hasHeapPrediction):
270         * dfg/DFGNodeType.h:
271         * dfg/DFGOSRExitCompilerCommon.cpp:
272         (JSC::DFG::handleExitCounts):
273         (JSC::DFG::reifyInlinedCallFrames):
274         (JSC::DFG::osrWriteBarrier):
275         * dfg/DFGOSRExitPreparation.cpp:
276         (JSC::DFG::prepareCodeOriginForOSRExit):
277         * dfg/DFGOperations.cpp:
278         * dfg/DFGPreciseLocalClobberize.h:
279         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
280         * dfg/DFGPredictionPropagationPhase.cpp:
281         (JSC::DFG::PredictionPropagationPhase::propagate):
282         * dfg/DFGSafeToExecute.h:
283         (JSC::DFG::safeToExecute):
284         * dfg/DFGSpeculativeJIT32_64.cpp:
285         (JSC::DFG::SpeculativeJIT::emitCall):
286         (JSC::DFG::SpeculativeJIT::compile):
287         * dfg/DFGSpeculativeJIT64.cpp:
288         (JSC::DFG::SpeculativeJIT::emitCall):
289         (JSC::DFG::SpeculativeJIT::compile):
290         * dfg/DFGValidate.cpp:
291         (JSC::DFG::Validate::validateSSA):
292         * dfg/DFGVarargsForwardingPhase.cpp:
293         * interpreter/CallFrame.cpp:
294         (JSC::CallFrame::bytecodeOffset):
295         * interpreter/StackVisitor.cpp:
296         (JSC::StackVisitor::gotoNextFrame):
297
298 2015-09-23  Filip Pizlo  <fpizlo@apple.com>
299
300         Remove special case code for the no-parallel-GC case
301         https://bugs.webkit.org/show_bug.cgi?id=149512
302
303         Reviewed by Mark Lam.
304
305         Make serial GC just a parallel GC where the helper threads don't do anything. Also make the
306         idle thread calculation a bit more explicit.
307
308         The main outcome is that we no longer use Options::numberOfGCMarkers() as much, so the code is
309         resilient against the number of GC markers changing.
310
311         * heap/Heap.h:
312         * heap/SlotVisitor.cpp:
313         (JSC::SlotVisitor::donateKnownParallel):
314         (JSC::SlotVisitor::drain):
315         (JSC::SlotVisitor::drainFromShared):
316
317 2015-09-23  Filip Pizlo  <fpizlo@apple.com>
318
319         PolymorphicAccess should remember that it checked an ObjectPropertyCondition with a check on some structure
320         https://bugs.webkit.org/show_bug.cgi?id=149514
321
322         Reviewed by Oliver Hunt.
323
324         When we checked an ObjectPropertyCondition using an explicit structure check, we would forget to
325         note the structure in any weak reference table and we would attempt to regenerate the condition
326         check even if the condition became invalid.
327
328         We need to account for this better and we need to prune AccessCases that have an invalid condition
329         set. This change does both.
330
331         * bytecode/PolymorphicAccess.cpp:
332         (JSC::AccessGenerationState::addWatchpoint):
333         (JSC::AccessCase::alternateBase):
334         (JSC::AccessCase::couldStillSucceed):
335         (JSC::AccessCase::canReplace):
336         (JSC::AccessCase::generate):
337         (JSC::PolymorphicAccess::regenerateWithCases):
338         (JSC::PolymorphicAccess::visitWeak):
339         (JSC::PolymorphicAccess::regenerate):
340         * bytecode/PolymorphicAccess.h:
341         (JSC::AccessCase::callLinkInfo):
342         * tests/stress/make-dictionary-repatch.js: Added. This used to crash on a release assert. If we removed the release assert, this would return bad results.
343
344 2015-09-24  Mark Lam  <mark.lam@apple.com>
345
346         We should only expect a RareCaseProfile to exist if the rare case actually exists.
347         https://bugs.webkit.org/show_bug.cgi?id=149531
348
349         Reviewed by Saam Barati.
350
351         The current code that calls rareCaseProfileForBytecodeOffset() assumes that it
352         will always return a non-null RareCaseProfile.  As a result, op_add in the
353         baseline JIT is forced to add a dummy slow case that will never be taken, only to
354         ensure that the RareCaseProfile for that bytecode is created.  This profile will
355         always produce a counter value of 0 (since that path will never be taken).
356
357         Instead, we'll make the callers of rareCaseProfileForBytecodeOffset() check if
358         the profile actually exist before dereferencing it.
359
360         * bytecode/CodeBlock.cpp:
361         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
362         (JSC::CodeBlock::rareCaseProfileCountForBytecodeOffset):
363         (JSC::CodeBlock::capabilityLevel):
364         * bytecode/CodeBlock.h:
365         (JSC::CodeBlock::addRareCaseProfile):
366         (JSC::CodeBlock::numberOfRareCaseProfiles):
367         (JSC::CodeBlock::likelyToTakeSlowCase):
368         (JSC::CodeBlock::couldTakeSlowCase):
369         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
370         (JSC::CodeBlock::likelyToTakeAnySlowCase):
371         (JSC::CodeBlock::rareCaseProfile): Deleted.
372         * jit/JITArithmetic.cpp:
373         (JSC::JIT::emit_op_add):
374         (JSC::JIT::emitSlow_op_add):
375         * jit/JITArithmetic32_64.cpp:
376         (JSC::JIT::emit_op_add):
377         (JSC::JIT::emitSlow_op_add):
378
379 2015-09-24  Ryosuke Niwa  <rniwa@webkit.org>
380
381         Ran sort-Xcode-project-file.
382
383         * JavaScriptCore.xcodeproj/project.pbxproj:
384
385 2015-09-24  Youenn Fablet  <youenn.fablet@crf.canon.fr>
386
387         [Streams API] Add support for JS builtins constructor
388         https://bugs.webkit.org/show_bug.cgi?id=149497
389
390         Reviewed by Darin Adler.
391
392         * runtime/JSFunction.h: exporting createBuiltinFunction.
393
394 2015-09-23  Saam barati  <sbarati@apple.com>
395
396         JSC allows invalid var declarations when the declared name is the same as a let/const variable
397         https://bugs.webkit.org/show_bug.cgi?id=147600
398
399         Reviewed by Yusuke Suzuki.
400
401         We had an ordering bug where if you first declared a "let"
402         variable then a "var" variable with the same name, you wouldn't
403         get a syntax error. But, if you did it in the reverse order,
404         you would. This patch fixes this syntax error to be order independent.
405
406         * parser/Parser.cpp:
407         (JSC::Parser<LexerType>::parseVariableDeclarationList):
408         (JSC::Parser<LexerType>::createBindingPattern):
409         (JSC::Parser<LexerType>::parseFunctionDeclaration):
410         * parser/Parser.h:
411         (JSC::Scope::declareVariable):
412
413 2015-09-23  Filip Pizlo  <fpizlo@apple.com>
414
415         Parallel copy phase synchronization should be simplified
416         https://bugs.webkit.org/show_bug.cgi?id=149509
417
418         Reviewed by Mark Lam.
419
420         Before this change, we didn't wait for the copy phase to finish before starting to do things to
421         copied space that presumed that copying was done. Copied space would "detect" that nobody was
422         copying anymore by waiting for all loaned blocks to be returned. But that would succeed if some
423         thread had not yet started copying. So, we had weird hacks to ensure that a block was loaned
424         before any threads started. It also meant that we had two separate mechanisms for waiting for
425         copying threads to finish - one mechanism in the Heap phase logic and another in the
426         CopiedSpace::doneCopying() method.
427
428         We can get rid of a lot of the weirdness by just having a sound shutdown sequence:
429
430         1) Threads concur on when there is no more work. We already have this; once
431            Heap::getNextBlocksToCopy() returns no work in any thread, it will also return no work in
432            any other thread that asks for work.
433         2) Main thread waits for the threads to not be copying anymore.
434         3) Do whatever we need to do after copying finishes.
435
436         Currently, we do (3) before (2) and so we have weird problems. This just changes the code to do
437         (3) after (2), and so we can get rid of the synchronization in doneCopying() and we can safely
438         call startCopying() inside GCThread. This also means that we don't need to make CopyVisitor a
439         property of GCThread. Instead, GCThread just instantiates its own CopyVisitor when it needs to.
440
441         * heap/CopiedSpace.cpp:
442         (JSC::CopiedSpace::doneCopying):
443         * heap/GCThread.cpp:
444         (JSC::GCThread::GCThread):
445         (JSC::GCThread::slotVisitor):
446         (JSC::GCThread::waitForNextPhase):
447         (JSC::GCThread::gcThreadMain):
448         (JSC::GCThread::copyVisitor): Deleted.
449         * heap/GCThread.h:
450         * heap/Heap.cpp:
451         (JSC::Heap::Heap):
452         (JSC::Heap::copyBackingStores):
453         (JSC::Heap::gatherStackRoots):
454
455 2015-09-23  Joseph Pecoraro  <pecoraro@apple.com>
456
457         Remove unimplemented method Heap::showStatistics
458         https://bugs.webkit.org/show_bug.cgi?id=149507
459
460         Reviewed by Darin Adler.
461
462         * heap/Heap.h:
463
464 2015-09-23  Tim Horton  <timothy_horton@apple.com>
465
466         Hopefully fix the production build.
467
468         * JavaScriptCore.xcodeproj/project.pbxproj:
469         * PlatformWin.cmake:
470
471 2015-09-23  Youenn Fablet  <youenn.fablet@crf.canon.fr>
472
473         [Streams API] Implement ReadableStream pipeThrough
474         https://bugs.webkit.org/show_bug.cgi?id=147556
475
476         Reviewed by Darin Adler.
477
478         Updating BuiltIns infrastructure to make it reusable from WebCore.
479         Extracting macros from BuiltinNames and createBuiltinExecutable from BuiltinExecutables.
480         Updated generate-js-builtins to allow generating builtin CPP/H files in WebCore namespace.
481
482         * JavaScriptCore.xcodeproj/project.pbxproj:
483         * builtins/BuiltinExecutables.cpp:
484         (JSC::BuiltinExecutables::createDefaultConstructor):
485         (JSC::BuiltinExecutables::createBuiltinExecutable):
486         (JSC::createBuiltinExecutable):
487         (JSC::createExecutableInternal):
488         * builtins/BuiltinExecutables.h:
489         * builtins/BuiltinNames.h:
490         (JSC::BuiltinNames::BuiltinNames): Deleted.
491         * builtins/BuiltinUtils.h: Extracting code from BuiltinNames and BuiltinExecutables.h.
492         * bytecode/UnlinkedFunctionExecutable.h:
493         * generate-js-builtins:
494         (getFunctions):
495         (writeIncludeDirectives):
496
497 2015-09-22  Mark Lam  <mark.lam@apple.com>
498
499         Gardening: speculative non-JIT build fix after r189999.
500
501         Not reviewed.
502
503         * bytecode/ValueRecovery.h:
504         (JSC::ValueRecovery::jsValueRegs):
505
506 2015-09-22  Filip Pizlo  <fpizlo@apple.com>
507
508         GCThreadSharedData is just a bad way of saying Heap
509         https://bugs.webkit.org/show_bug.cgi?id=149435
510
511         Reviewed by Mark Lam.
512
513         This removes the GCThreadSharedData class and moves its members into Heap. This is a net
514         simplification since GCThreadSharedData had a 1-to-1 mapping to Heap and the two classes had a
515         vast contract with a lot of interdependencies. Heap would call a lot of GCThreadSharedData
516         methods; now a lot of those are inlined since they were only called from the one place in Heap.
517         This makes it a lot easier to see what is going on. For example, you no longer have to look at
518         code in two places (Heap and GCThreadSharedData) to figure out the timing and synchronization
519         of GC phases - all of that code is in Heap now.
520
521         This also removes weird indirections in other places. It used to be that a lot of GC helper
522         classes woud have a pointer to GCThreadSharedData, and then would use that to get to Heap, VM,
523         and the visitors. Now these helpers just point to Heap.
524
525         I think that GCThreadSharedData was only useful for defining the set of things that we need to
526         know to collect garbage. That's how we decided if something would go into GCThreadSharedData
527         instead of Heap. But I think that separating things into multiple classes usually makes the
528         code less hackable, so there should be a very high bar for doing this in a way that produces a
529         1-to-1 mapping between two classes - where one instance of one of the classes is always paired
530         with exactly one instance of the other class and vice-versa.
531
532         * CMakeLists.txt:
533         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
534         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
535         * JavaScriptCore.xcodeproj/project.pbxproj:
536         * heap/CopiedSpace.h:
537         * heap/CopyVisitor.cpp:
538         (JSC::CopyVisitor::CopyVisitor):
539         (JSC::CopyVisitor::copyFromShared):
540         * heap/CopyVisitor.h:
541         * heap/CopyVisitorInlines.h:
542         (JSC::CopyVisitor::allocateNewSpaceSlow):
543         (JSC::CopyVisitor::startCopying):
544         (JSC::CopyVisitor::doneCopying):
545         (JSC::CopyVisitor::didCopy):
546         * heap/GCThread.cpp:
547         (JSC::GCThread::GCThread):
548         (JSC::GCThread::waitForNextPhase):
549         (JSC::GCThread::gcThreadMain):
550         * heap/GCThread.h:
551         * heap/GCThreadSharedData.cpp: Removed.
552         * heap/GCThreadSharedData.h: Removed.
553         * heap/Heap.cpp:
554         (JSC::Heap::Heap):
555         (JSC::Heap::~Heap):
556         (JSC::Heap::isPagedOut):
557         (JSC::Heap::markRoots):
558         (JSC::Heap::copyBackingStores):
559         (JSC::Heap::updateObjectCounts):
560         (JSC::Heap::resetVisitors):
561         (JSC::Heap::objectCount):
562         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
563         (JSC::Heap::threadVisitCount):
564         (JSC::Heap::threadBytesVisited):
565         (JSC::Heap::threadBytesCopied):
566         (JSC::Heap::startNextPhase):
567         (JSC::Heap::endCurrentPhase):
568         * heap/Heap.h:
569         * heap/HeapInlines.h:
570         (JSC::Heap::unregisterWeakGCMap):
571         (JSC::Heap::getNextBlocksToCopy):
572         * heap/ListableHandler.h:
573         * heap/SlotVisitor.cpp:
574         (JSC::SlotVisitor::SlotVisitor):
575         (JSC::SlotVisitor::didStartMarking):
576         (JSC::SlotVisitor::reset):
577         (JSC::SlotVisitor::donateKnownParallel):
578         (JSC::SlotVisitor::drain):
579         (JSC::SlotVisitor::drainFromShared):
580         (JSC::SlotVisitor::mergeOpaqueRoots):
581         (JSC::SlotVisitor::harvestWeakReferences):
582         (JSC::SlotVisitor::finalizeUnconditionalFinalizers):
583         * heap/SlotVisitor.h:
584         (JSC::SlotVisitor::markStack):
585         (JSC::SlotVisitor::isEmpty):
586         (JSC::SlotVisitor::sharedData): Deleted.
587         * heap/SlotVisitorInlines.h:
588         (JSC::SlotVisitor::addWeakReferenceHarvester):
589         (JSC::SlotVisitor::addUnconditionalFinalizer):
590         (JSC::SlotVisitor::addOpaqueRoot):
591         (JSC::SlotVisitor::containsOpaqueRoot):
592         (JSC::SlotVisitor::containsOpaqueRootTriState):
593         (JSC::SlotVisitor::opaqueRootCount):
594         (JSC::SlotVisitor::mergeOpaqueRootsIfNecessary):
595         (JSC::SlotVisitor::copyLater):
596         (JSC::SlotVisitor::heap):
597         (JSC::SlotVisitor::vm):
598
599 2015-09-22  Saam barati  <sbarati@apple.com>
600
601         Web Inspector: [ES6] Improve Type Profiler Support for Arrow Functions
602         https://bugs.webkit.org/show_bug.cgi?id=143171
603
604         Reviewed by Joseph Pecoraro.
605
606         We now need to take into account TypeProfilerSearchDescriptor when
607         hashing results for type profiler queries. Before, we've gotten
608         away with not doing this because before we would never have a text 
609         collision between a return type text offset and a normal expression text
610         offset. But, with arrow functions, we will have collisions when
611         the arrow function doesn't have parens around its single parameter.
612         I.e: "param => { ... };"
613
614         * runtime/TypeProfiler.cpp:
615         (JSC::TypeProfiler::findLocation):
616         * runtime/TypeProfiler.h:
617         (JSC::QueryKey::QueryKey):
618         (JSC::QueryKey::isHashTableDeletedValue):
619         (JSC::QueryKey::operator==):
620         (JSC::QueryKey::hash):
621         * tests/typeProfiler/arrow-functions.js: Added.
622
623 2015-09-22  Filip Pizlo  <fpizlo@apple.com>
624
625         Get rid of ENABLE(PARALLEL_GC)
626         https://bugs.webkit.org/show_bug.cgi?id=149436
627
628         Reviewed by Mark Lam.
629
630         We always enable parallel GC everywhere but Windows, and it doesn't look like it was disabled
631         there for any good reason. So, get rid of the flag.
632
633         The only effect of this change is that parallel GC will now be enabled on Windows, provided
634         that the CPU detection finds more than one.
635
636         * heap/GCThread.cpp:
637         (JSC::GCThread::gcThreadMain):
638         * heap/GCThreadSharedData.cpp:
639         (JSC::GCThreadSharedData::resetChildren):
640         (JSC::GCThreadSharedData::childBytesCopied):
641         (JSC::GCThreadSharedData::GCThreadSharedData):
642         (JSC::GCThreadSharedData::~GCThreadSharedData):
643         (JSC::GCThreadSharedData::reset):
644         (JSC::GCThreadSharedData::didStartMarking):
645         * heap/Heap.cpp:
646         (JSC::Heap::converge):
647         (JSC::Heap::visitWeakHandles):
648         (JSC::Heap::updateObjectCounts):
649         (JSC::Heap::resetVisitors):
650         * heap/MarkedBlock.h:
651         * heap/SlotVisitor.cpp:
652         (JSC::SlotVisitor::didStartMarking):
653         (JSC::SlotVisitor::reset):
654         (JSC::SlotVisitor::drain):
655         (JSC::SlotVisitor::drainFromShared):
656         (JSC::SlotVisitor::mergeOpaqueRoots):
657         (JSC::JSString::tryHashConsLock):
658         (JSC::JSString::releaseHashConsLock):
659         * heap/SlotVisitorInlines.h:
660         (JSC::SlotVisitor::addOpaqueRoot):
661         (JSC::SlotVisitor::containsOpaqueRoot):
662         (JSC::SlotVisitor::containsOpaqueRootTriState):
663         (JSC::SlotVisitor::opaqueRootCount):
664         (JSC::SlotVisitor::mergeOpaqueRootsIfNecessary):
665         * runtime/Options.cpp:
666         (JSC::computeNumberOfGCMarkers):
667
668 2015-09-22  Sukolsak Sakshuwong  <sukolsak@gmail.com>
669
670         Implement min and max instructions in WebAssembly
671         https://bugs.webkit.org/show_bug.cgi?id=149454
672
673         Reviewed by Geoffrey Garen.
674
675         This patch implements min and max instructions in WebAssembly.
676
677         * tests/stress/wasm-arithmetic-float64.js:
678         * tests/stress/wasm-arithmetic-int32.js:
679         * tests/stress/wasm/arithmetic-float64.wasm:
680         * tests/stress/wasm/arithmetic-int32.wasm:
681         * wasm/WASMFunctionCompiler.h:
682         (JSC::WASMFunctionCompiler::buildMinOrMaxI32):
683         (JSC::WASMFunctionCompiler::buildMinOrMaxF64):
684         * wasm/WASMFunctionParser.cpp:
685         (JSC::WASMFunctionParser::parseExpressionI32):
686         (JSC::WASMFunctionParser::parseMinOrMaxExpressionI32):
687         (JSC::WASMFunctionParser::parseExpressionF64):
688         (JSC::WASMFunctionParser::parseMinOrMaxExpressionF64):
689         * wasm/WASMFunctionParser.h:
690         * wasm/WASMFunctionSyntaxChecker.h:
691         (JSC::WASMFunctionSyntaxChecker::buildMinOrMaxI32):
692         (JSC::WASMFunctionSyntaxChecker::buildMinOrMaxF64):
693
694 2015-09-22  Filip Pizlo  <fpizlo@apple.com>
695
696         Get rid of ENABLE(GGC)
697         https://bugs.webkit.org/show_bug.cgi?id=149472
698
699         Reviewed by Mark Hahnenberg and Mark Lam.
700
701         Getting rid of this feature flag allows us to remove a lot of yuck.
702
703         * bytecode/CodeBlock.h:
704         (JSC::CodeBlockSet::mark):
705         (JSC::ScriptExecutable::forEachCodeBlock):
706         * bytecode/PolymorphicAccess.cpp:
707         (JSC::AccessCase::generate):
708         * dfg/DFGOSRExitCompilerCommon.cpp:
709         (JSC::DFG::reifyInlinedCallFrames):
710         (JSC::DFG::osrWriteBarrier):
711         (JSC::DFG::adjustAndJumpToTarget):
712         * dfg/DFGSpeculativeJIT.cpp:
713         (JSC::DFG::SpeculativeJIT::linkBranches):
714         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
715         (JSC::DFG::SpeculativeJIT::writeBarrier):
716         * dfg/DFGSpeculativeJIT.h:
717         (JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
718         (JSC::DFG::SpeculativeJIT::selectScratchGPR):
719         * dfg/DFGSpeculativeJIT32_64.cpp:
720         (JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
721         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
722         (JSC::DFG::SpeculativeJIT::compile):
723         (JSC::DFG::SpeculativeJIT::writeBarrier):
724         (JSC::DFG::SpeculativeJIT::moveTrueTo):
725         * dfg/DFGSpeculativeJIT64.cpp:
726         (JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
727         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
728         (JSC::DFG::SpeculativeJIT::compile):
729         (JSC::DFG::SpeculativeJIT::writeBarrier):
730         (JSC::DFG::SpeculativeJIT::moveTrueTo):
731         * ftl/FTLLowerDFGToLLVM.cpp:
732         (JSC::FTL::DFG::LowerDFGToLLVM::emitStoreBarrier):
733         * heap/CodeBlockSet.cpp:
734         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
735         (JSC::CodeBlockSet::dump):
736         * heap/Heap.cpp:
737         (JSC::Heap::Heap):
738         (JSC::Heap::markRoots):
739         (JSC::Heap::clearRememberedSet):
740         (JSC::Heap::updateObjectCounts):
741         (JSC::Heap::flushWriteBarrierBuffer):
742         (JSC::Heap::shouldDoFullCollection):
743         (JSC::Heap::addLogicallyEmptyWeakBlock):
744         * heap/HeapInlines.h:
745         (JSC::Heap::isWriteBarrierEnabled):
746         (JSC::Heap::writeBarrier):
747         (JSC::Heap::reportExtraMemoryAllocated):
748         (JSC::Heap::reportExtraMemoryVisited):
749         * heap/MarkedBlock.cpp:
750         (JSC::MarkedBlock::clearMarks):
751         * heap/MarkedSpace.cpp:
752         (JSC::MarkedSpace::resetAllocators):
753         (JSC::MarkedSpace::visitWeakSets):
754         * heap/MarkedSpace.h:
755         (JSC::MarkedSpace::didAllocateInBlock):
756         (JSC::MarkedSpace::objectCount):
757         * jit/JITPropertyAccess.cpp:
758         (JSC::JIT::emitWriteBarrier):
759         (JSC::JIT::emitIdentifierCheck):
760         (JSC::JIT::privateCompilePutByVal):
761         * llint/LLIntOfflineAsmConfig.h:
762         * llint/LowLevelInterpreter32_64.asm:
763         * llint/LowLevelInterpreter64.asm:
764
765 2015-09-22  Saam barati  <sbarati@apple.com>
766
767         the toInt32 operation inside DFGSpeculativeJIT.cpp can't throw so we shouldn't emit an exceptionCheck after it.
768         https://bugs.webkit.org/show_bug.cgi?id=149467
769
770         Reviewed by Mark Lam.
771
772         The callOperation for toInt32 won't store a call site index in the call frame.
773         Therefore, if this is the first callOperation in the current compilation, 
774         and we emit an exception check inside a try block, we will hit an assertion 
775         saying that we must have DFGCommonData::codeOrigins.size() be > 0 inside
776         DFGCommonData::lastCallSite(). Therefore, it is imperative that we don't 
777         emit exception checks for callOperations that don't throw exceptions and 
778         don't store a call site index in the call frame.
779
780         * dfg/DFGCommonData.cpp:
781         (JSC::DFG::CommonData::lastCallSite):
782         * dfg/DFGSpeculativeJIT.cpp:
783         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
784         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
785
786 2015-09-22  Sukolsak Sakshuwong  <sukolsak@gmail.com>
787
788         Implement the conditional instruction in WebAssembly
789         https://bugs.webkit.org/show_bug.cgi?id=149451
790
791         Reviewed by Geoffrey Garen.
792
793         This patch implements the conditional (ternary) instruction in WebAssembly.
794         This is basically "condition ? exp1 : exp2" in JavaScript.
795         
796         The use of context.discard() in WASMFunctionParser::parseConditional()
797         is not ideal. We don't discard anything. We just use it to decrement the
798         stack top in the WebAssembly baseline JIT. When we optimize the JIT by
799         storing results directly into the destination like the JavaScript
800         baseline JIT, the code will look like this:
801
802             ContextExpression temp = context.newTemporary();
803             ContextExpression condition = parseExpressionI32(context);
804             context.jumpToTargetIf(Context::JumpCondition::Zero, condition, elseTarget);
805
806             parseExpression(context, temp, expressionType);
807             context.jumpToTarget(end);
808
809             context.linkTarget(elseTarget);
810             parseExpression(context, temp, expressionType);
811             context.linkTarget(end);
812
813             return temp;
814
815         which looks cleaner than using discard().
816
817         * tests/stress/wasm-control-flow.js:
818         * tests/stress/wasm/control-flow.wasm:
819         * wasm/WASMFunctionParser.cpp:
820         (JSC::WASMFunctionParser::parseExpressionI32):
821         (JSC::WASMFunctionParser::parseExpressionF32):
822         (JSC::WASMFunctionParser::parseExpressionF64):
823         (JSC::WASMFunctionParser::parseConditional):
824         * wasm/WASMFunctionParser.h:
825
826 2015-09-22  Commit Queue  <commit-queue@webkit.org>
827
828         Unreviewed, rolling out r189616.
829         https://bugs.webkit.org/show_bug.cgi?id=149456
830
831         suspected cause of multiple regressions (Requested by kling on
832         #webkit).
833
834         Reverted changeset:
835
836         "[JSC] Weak should only accept cell pointees."
837         https://bugs.webkit.org/show_bug.cgi?id=148955
838         http://trac.webkit.org/changeset/189616
839
840 2015-09-22  Saam barati  <sbarati@apple.com>
841
842         Web Inspector: Basic Block Annotations and Type Profiler annotations wrong for script with "class" with default constructor
843         https://bugs.webkit.org/show_bug.cgi?id=149248
844
845         Reviewed by Mark Lam.
846
847         We keep track of which functions have and have not
848         executed so we can show visually, inside the inspector,
849         which functions have and have not executed. With a default
850         constructor, our parser parses code that isn't in the actual
851         JavaScript source code of the user. Our parser would then
852         give us a range of starting at "1" to "1 + default constructor length"
853         as being the text range of a function. But, this would then pollute
854         actual source code that was at these ranges.
855
856         Therefore, we should treat these default constructor source 
857         codes as having "invalid" ranges. We use [UINT_MAX, UINT_MAX] 
858         as the invalid range. This range has the effect of not polluting 
859         valid ranges inside the source code.
860
861         * bytecode/UnlinkedFunctionExecutable.cpp:
862         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
863         (JSC::UnlinkedFunctionExecutable::setInvalidTypeProfilingOffsets):
864         * bytecode/UnlinkedFunctionExecutable.h:
865         * bytecompiler/BytecodeGenerator.cpp:
866         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
867
868 2015-09-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
869
870         Implement the comma instruction in WebAssembly
871         https://bugs.webkit.org/show_bug.cgi?id=149425
872
873         Reviewed by Geoffrey Garen.
874
875         This patch implements the comma instruction in WebAssembly. The comma
876         instruction evaluates the left operand and then the right operand and
877         returns the value of the right operand.
878
879         * tests/stress/wasm-comma.js: Added.
880         (shouldBe):
881         * wasm/WASMFunctionCompiler.h:
882         (JSC::WASMFunctionCompiler::discard):
883         * wasm/WASMFunctionParser.cpp:
884         (JSC::WASMFunctionParser::parseExpressionI32):
885         (JSC::WASMFunctionParser::parseExpressionF32):
886         (JSC::WASMFunctionParser::parseExpressionF64):
887         (JSC::WASMFunctionParser::parseComma):
888         * wasm/WASMFunctionParser.h:
889         * wasm/WASMFunctionSyntaxChecker.h:
890         (JSC::WASMFunctionSyntaxChecker::discard):
891
892 2015-09-21  Filip Pizlo  <fpizlo@apple.com>
893
894         Always use the compiler's CAS implementation and get rid of ENABLE(COMPARE_AND_SWAP)
895         https://bugs.webkit.org/show_bug.cgi?id=149438
896
897         Reviewed by Mark Lam.
898
899         * heap/HeapInlines.h:
900         (JSC::Heap::reportExtraMemoryVisited):
901         (JSC::Heap::deprecatedReportExtraMemory):
902
903 2015-09-21  Saam barati  <sbarati@apple.com>
904
905         functionProtoFuncToString should not rely on typeProfilingEndOffset()
906         https://bugs.webkit.org/show_bug.cgi?id=149429
907
908         Reviewed by Geoffrey Garen.
909
910         We should be able to freely change typeProfilingEndOffset()
911         without worrying we will break Function.prototype.toString.
912
913         * runtime/FunctionPrototype.cpp:
914         (JSC::functionProtoFuncToString):
915
916 2015-09-21  Commit Queue  <commit-queue@webkit.org>
917
918         Unreviewed, rolling out r190086.
919         https://bugs.webkit.org/show_bug.cgi?id=149427
920
921         Broke LayoutTests/inspector/model/remote-object.htm (Requested
922         by saamyjoon on #webkit).
923
924         Reverted changeset:
925
926         "Web Inspector: Basic Block Annotations and Type Profiler
927         annotations wrong for script with "class" with default
928         constructor"
929         https://bugs.webkit.org/show_bug.cgi?id=149248
930         http://trac.webkit.org/changeset/190086
931
932 2015-09-21  Saam barati  <sbarati@apple.com>
933
934         Web Inspector: Basic Block Annotations and Type Profiler annotations wrong for script with "class" with default constructor
935         https://bugs.webkit.org/show_bug.cgi?id=149248
936
937         Reviewed by Mark Lam.
938
939         We keep track of which functions have and have not
940         executed so we can show visually, inside the inspector,
941         which functions have and have not executed. With a default
942         constructor, our parser parses code that isn't in the actual
943         JavaScript source code of the user. Our parser would then
944         give us a range of starting at "1" to "1 + default constructor length"
945         as being the text range of a function. But, this would then pollute
946         actual source code that was at these ranges.
947
948         Therefore, we should treat these default constructor source 
949         codes as having "invalid" ranges. We use [UINT_MAX, UINT_MAX] 
950         as the invalid range. This range has the effect of not polluting 
951         valid ranges inside the source code.
952
953         * bytecode/UnlinkedFunctionExecutable.cpp:
954         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
955         (JSC::UnlinkedFunctionExecutable::setInvalidTypeProfilingOffsets):
956         * bytecode/UnlinkedFunctionExecutable.h:
957         * bytecompiler/BytecodeGenerator.cpp:
958         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
959
960 2015-09-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
961
962         Implement call statements and call expressions of type void in WebAssembly
963         https://bugs.webkit.org/show_bug.cgi?id=149411
964
965         Reviewed by Mark Lam.
966
967         Call instructions in WebAssembly can be both statements and expressions.
968         This patch implements call statements. It also implements call
969         expressions of type void. The only place where call expressions of type
970         void can occur is the left-hand side of the comma (,) operator, which
971         will be implemented in a subsequent patch. The comma operator requires
972         both of its operands to be expressions.
973
974         * tests/stress/wasm-calls.js:
975         * tests/stress/wasm/calls.wasm:
976         * wasm/WASMConstants.h:
977         * wasm/WASMFunctionParser.cpp:
978         (JSC::WASMFunctionParser::parseStatement):
979         (JSC::WASMFunctionParser::parseExpression):
980         (JSC::WASMFunctionParser::parseExpressionI32):
981         (JSC::WASMFunctionParser::parseExpressionF32):
982         (JSC::WASMFunctionParser::parseExpressionF64):
983         (JSC::WASMFunctionParser::parseExpressionVoid):
984         (JSC::WASMFunctionParser::parseCallInternal):
985         (JSC::WASMFunctionParser::parseCallIndirect):
986         (JSC::WASMFunctionParser::parseCallImport):
987         * wasm/WASMFunctionParser.h:
988         * wasm/WASMReader.cpp:
989         (JSC::WASMReader::readOpExpressionVoid):
990         * wasm/WASMReader.h:
991
992 2015-09-21  Filip Pizlo  <fpizlo@apple.com>
993
994         JSC should infer property types
995         https://bugs.webkit.org/show_bug.cgi?id=148610
996
997         Reviewed by Geoffrey Garen.
998
999         This change brings recursive type inference to JavaScript object properties in JSC. We check that a
1000         value being stored into a property obeys a property's type before we do the store. If it doesn't,
1001         we broaden the property's type to include the new value. If optimized code was relying on the old
1002         type, we deoptimize that code.
1003
1004         The type system that this supports includes important primitive types like Int32 and Boolean. But
1005         it goes further and also includes a type kind called ObjectWithStructure, which means that we
1006         expect the property to always point to objects with a particular structure. This only works for
1007         leaf structures (i.e. structures that have a valid transition watchpoint set). Invalidation of the
1008         transition set causes the property type to become Object (meaning an object with any structure).
1009         This capability gives us recursive type inference. It's possible for an expression like "o.f.g.h"
1010         to execute without any type checks if .f and .g are both ObjectWithStructure.
1011
1012         The type inference of a property is tracked by an InferredType instance, which is a JSCell. This
1013         means that it manages its own memory. That's convenient. For example, when the DFG is interested in
1014         one of these, it can just list the InferredType as a weak reference in addition to setting a
1015         watchpoint. This ensures that even if the InferredType is dropped by the owning structure, the DFG
1016         won't read a dangling pointer. A mapping from property name to InferredType is implemented by
1017         InferredTypeTable, which is also a JSCell. Each Structure may point to some InferredTypeTable.
1018
1019         This feature causes programs to be happier (run faster without otherwise doing bad things like
1020         using lots of memory) when four conditions hold:
1021
1022         1) A property converges to one of the types that we support.
1023         2) The property is loaded from more frequently than it is stored to.
1024         3) The stores are all cached, so that we statically emit a type check.
1025         4) We don't allocate a lot of meta-data for the property's type.
1026
1027         We maximize the likelihood of (1) by having a rich type system. But having a rich type system means
1028         that a reflective put to a property has to have a large switch over the inferred type to decide how
1029         to do the type check. That's why we need (3). We ensure (3) by having every reflective property
1030         store (i.e. putDirectInternal in any context that isn't PutById) force the inferred type to become
1031         Top. We don't really worry about ensuring (2); this is statistically true for most programs
1032         already.
1033
1034         Probably the most subtle trickery goes into (4). Logically we'd like to say that each
1035         (Structure, Property) maps to its own InferredType. If structure S1 has a transition edge to S2,
1036         then we could ensure that the InferredType I1 where (S1, Property)->I1 has a data flow constraint
1037         to I2 where (S2, Property)->I2. That would work, but it would involve a lot of memory. And when I1
1038         gets invalidated in some way, it would have to tell I2 about it, and then I2 might tell other
1039         InferredType objects downstream. That's madness. So, the first major compromise that we make here
1040         is to say that if some property has some InferredType at some Structure, then anytime we
1041         transition from that Structure, the new Structure shares the same InferredType for that property.
1042         This unifies the type of the property over the entire transition tree starting at the Structure at
1043         which the property was added. But this would still mean that each Structure would have its own
1044         InferredTypeTable. We don't want that because experience with PropertyTable shows that this can be
1045         a major memory hog. So, we don't create an InferredTypeTable until someone adds a property that is
1046         subject to type inference (i.e. it was added non-reflectively), and we share that InferredTypeTable
1047         with the entire structure transition tree rooted at the Structure that had the first inferred
1048         property. We also drop the InferredTypeTable anytime that we do a dictionary transition, and we
1049         don't allow further property type inference if a structure had ever been a dictionary.
1050
1051         This is a 3% speed-up on Octane and a 12% speed-up on Kraken on my setup. It's not a significant
1052         slow-down on any benchmark I ran.
1053
1054         * CMakeLists.txt:
1055         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1056         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1057         * JavaScriptCore.xcodeproj/project.pbxproj:
1058         * assembler/MacroAssemblerARM64.h:
1059         (JSC::MacroAssemblerARM64::branchTest64):
1060         * assembler/MacroAssemblerX86_64.h:
1061         (JSC::MacroAssemblerX86_64::branchTest64):
1062         (JSC::MacroAssemblerX86_64::test64):
1063         * bytecode/PolymorphicAccess.cpp:
1064         (JSC::AccessCase::generate):
1065         * bytecode/PutByIdFlags.cpp:
1066         (WTF::printInternal):
1067         * bytecode/PutByIdFlags.h:
1068         (JSC::encodeStructureID):
1069         (JSC::decodeStructureID):
1070         * bytecode/PutByIdStatus.cpp:
1071         (JSC::PutByIdStatus::computeFromLLInt):
1072         (JSC::PutByIdStatus::computeFor):
1073         (JSC::PutByIdStatus::computeForStubInfo):
1074         * bytecode/PutByIdVariant.cpp:
1075         (JSC::PutByIdVariant::operator=):
1076         (JSC::PutByIdVariant::replace):
1077         (JSC::PutByIdVariant::transition):
1078         (JSC::PutByIdVariant::setter):
1079         (JSC::PutByIdVariant::attemptToMerge):
1080         (JSC::PutByIdVariant::dumpInContext):
1081         * bytecode/PutByIdVariant.h:
1082         (JSC::PutByIdVariant::newStructure):
1083         (JSC::PutByIdVariant::requiredType):
1084         * bytecode/UnlinkedCodeBlock.h:
1085         (JSC::UnlinkedInstruction::UnlinkedInstruction):
1086         * bytecode/Watchpoint.h:
1087         (JSC::InlineWatchpointSet::touch):
1088         (JSC::InlineWatchpointSet::isBeingWatched):
1089         * bytecompiler/BytecodeGenerator.cpp:
1090         (JSC::BytecodeGenerator::addConstantValue):
1091         (JSC::BytecodeGenerator::emitPutById):
1092         (JSC::BytecodeGenerator::emitDirectPutById):
1093         * dfg/DFGAbstractInterpreter.h:
1094         (JSC::DFG::AbstractInterpreter::filter):
1095         (JSC::DFG::AbstractInterpreter::filterByValue):
1096         * dfg/DFGAbstractInterpreterInlines.h:
1097         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1098         (JSC::DFG::AbstractInterpreter<AbstractStateType>::filter):
1099         * dfg/DFGAbstractValue.cpp:
1100         (JSC::DFG::AbstractValue::setType):
1101         (JSC::DFG::AbstractValue::set):
1102         (JSC::DFG::AbstractValue::fixTypeForRepresentation):
1103         (JSC::DFG::AbstractValue::mergeOSREntryValue):
1104         (JSC::DFG::AbstractValue::isType):
1105         (JSC::DFG::AbstractValue::filter):
1106         (JSC::DFG::AbstractValue::filterValueByType):
1107         * dfg/DFGAbstractValue.h:
1108         (JSC::DFG::AbstractValue::setType):
1109         (JSC::DFG::AbstractValue::isType):
1110         (JSC::DFG::AbstractValue::validate):
1111         * dfg/DFGByteCodeParser.cpp:
1112         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1113         (JSC::DFG::ByteCodeParser::handleGetByOffset):
1114         (JSC::DFG::ByteCodeParser::handlePutByOffset):
1115         (JSC::DFG::ByteCodeParser::load):
1116         (JSC::DFG::ByteCodeParser::store):
1117         (JSC::DFG::ByteCodeParser::handleGetById):
1118         (JSC::DFG::ByteCodeParser::handlePutById):
1119         * dfg/DFGClobbersExitState.cpp:
1120         (JSC::DFG::clobbersExitState):
1121         * dfg/DFGConstantFoldingPhase.cpp:
1122         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1123         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
1124         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
1125         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
1126         * dfg/DFGDesiredInferredType.h: Added.
1127         (JSC::DFG::DesiredInferredType::DesiredInferredType):
1128         (JSC::DFG::DesiredInferredType::operator bool):
1129         (JSC::DFG::DesiredInferredType::object):
1130         (JSC::DFG::DesiredInferredType::expected):
1131         (JSC::DFG::DesiredInferredType::isStillValid):
1132         (JSC::DFG::DesiredInferredType::add):
1133         (JSC::DFG::DesiredInferredType::operator==):
1134         (JSC::DFG::DesiredInferredType::operator!=):
1135         (JSC::DFG::DesiredInferredType::isHashTableDeletedValue):
1136         (JSC::DFG::DesiredInferredType::hash):
1137         (JSC::DFG::DesiredInferredType::dumpInContext):
1138         (JSC::DFG::DesiredInferredType::dump):
1139         (JSC::DFG::DesiredInferredTypeHash::hash):
1140         (JSC::DFG::DesiredInferredTypeHash::equal):
1141         * dfg/DFGDesiredWatchpoints.cpp:
1142         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
1143         (JSC::DFG::InferredTypeAdaptor::add):
1144         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
1145         (JSC::DFG::DesiredWatchpoints::~DesiredWatchpoints):
1146         (JSC::DFG::DesiredWatchpoints::addLazily):
1147         (JSC::DFG::DesiredWatchpoints::consider):
1148         (JSC::DFG::DesiredWatchpoints::reallyAdd):
1149         (JSC::DFG::DesiredWatchpoints::areStillValid):
1150         (JSC::DFG::DesiredWatchpoints::dumpInContext):
1151         * dfg/DFGDesiredWatchpoints.h:
1152         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
1153         (JSC::DFG::InferredTypeAdaptor::hasBeenInvalidated):
1154         (JSC::DFG::InferredTypeAdaptor::dumpInContext):
1155         (JSC::DFG::DesiredWatchpoints::isWatched):
1156         * dfg/DFGFixupPhase.cpp:
1157         (JSC::DFG::FixupPhase::fixupNode):
1158         * dfg/DFGGraph.cpp:
1159         (JSC::DFG::Graph::dump):
1160         (JSC::DFG::Graph::isSafeToLoad):
1161         (JSC::DFG::Graph::inferredTypeFor):
1162         (JSC::DFG::Graph::livenessFor):
1163         (JSC::DFG::Graph::tryGetConstantProperty):
1164         (JSC::DFG::Graph::inferredValueForProperty):
1165         (JSC::DFG::Graph::tryGetConstantClosureVar):
1166         * dfg/DFGGraph.h:
1167         (JSC::DFG::Graph::registerInferredType):
1168         (JSC::DFG::Graph::inferredTypeForProperty):
1169         * dfg/DFGInferredTypeCheck.cpp: Added.
1170         (JSC::DFG::insertInferredTypeCheck):
1171         * dfg/DFGInferredTypeCheck.h: Added.
1172         * dfg/DFGNode.h:
1173         * dfg/DFGObjectAllocationSinkingPhase.cpp:
1174         * dfg/DFGPropertyTypeKey.h: Added.
1175         (JSC::DFG::PropertyTypeKey::PropertyTypeKey):
1176         (JSC::DFG::PropertyTypeKey::operator bool):
1177         (JSC::DFG::PropertyTypeKey::structure):
1178         (JSC::DFG::PropertyTypeKey::uid):
1179         (JSC::DFG::PropertyTypeKey::operator==):
1180         (JSC::DFG::PropertyTypeKey::operator!=):
1181         (JSC::DFG::PropertyTypeKey::hash):
1182         (JSC::DFG::PropertyTypeKey::isHashTableDeletedValue):
1183         (JSC::DFG::PropertyTypeKey::dumpInContext):
1184         (JSC::DFG::PropertyTypeKey::dump):
1185         (JSC::DFG::PropertyTypeKey::deletedUID):
1186         (JSC::DFG::PropertyTypeKeyHash::hash):
1187         (JSC::DFG::PropertyTypeKeyHash::equal):
1188         * dfg/DFGSafeToExecute.h:
1189         (JSC::DFG::SafeToExecuteEdge::operator()):
1190         (JSC::DFG::safeToExecute):
1191         * dfg/DFGSpeculativeJIT.cpp:
1192         (JSC::DFG::SpeculativeJIT::compileTypeOf):
1193         (JSC::DFG::SpeculativeJIT::compileCheckStructure):
1194         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
1195         (JSC::DFG::SpeculativeJIT::speculateCell):
1196         (JSC::DFG::SpeculativeJIT::speculateCellOrOther):
1197         (JSC::DFG::SpeculativeJIT::speculateObject):
1198         (JSC::DFG::SpeculativeJIT::speculate):
1199         * dfg/DFGSpeculativeJIT.h:
1200         * dfg/DFGSpeculativeJIT32_64.cpp:
1201         (JSC::DFG::SpeculativeJIT::compile):
1202         * dfg/DFGSpeculativeJIT64.cpp:
1203         (JSC::DFG::SpeculativeJIT::compile):
1204         * dfg/DFGStoreBarrierInsertionPhase.cpp:
1205         * dfg/DFGStructureAbstractValue.h:
1206         (JSC::DFG::StructureAbstractValue::at):
1207         (JSC::DFG::StructureAbstractValue::operator[]):
1208         (JSC::DFG::StructureAbstractValue::onlyStructure):
1209         (JSC::DFG::StructureAbstractValue::forEach):
1210         * dfg/DFGUseKind.cpp:
1211         (WTF::printInternal):
1212         * dfg/DFGUseKind.h:
1213         (JSC::DFG::typeFilterFor):
1214         * dfg/DFGValidate.cpp:
1215         (JSC::DFG::Validate::validate):
1216         * ftl/FTLCapabilities.cpp:
1217         (JSC::FTL::canCompile):
1218         * ftl/FTLLowerDFGToLLVM.cpp:
1219         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckStructure):
1220         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckCell):
1221         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiPutByOffset):
1222         (JSC::FTL::DFG::LowerDFGToLLVM::numberOrNotCellToInt32):
1223         (JSC::FTL::DFG::LowerDFGToLLVM::checkInferredType):
1224         (JSC::FTL::DFG::LowerDFGToLLVM::loadProperty):
1225         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1226         (JSC::FTL::DFG::LowerDFGToLLVM::speculateCell):
1227         (JSC::FTL::DFG::LowerDFGToLLVM::speculateCellOrOther):
1228         (JSC::FTL::DFG::LowerDFGToLLVM::speculateMachineInt):
1229         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
1230         * jit/AssemblyHelpers.cpp:
1231         (JSC::AssemblyHelpers::decodedCodeMapFor):
1232         (JSC::AssemblyHelpers::branchIfNotType):
1233         (JSC::AssemblyHelpers::purifyNaN):
1234         * jit/AssemblyHelpers.h:
1235         (JSC::AssemblyHelpers::branchIfEqual):
1236         (JSC::AssemblyHelpers::branchIfNotCell):
1237         (JSC::AssemblyHelpers::branchIfCell):
1238         (JSC::AssemblyHelpers::branchIfNotOther):
1239         (JSC::AssemblyHelpers::branchIfInt32):
1240         (JSC::AssemblyHelpers::branchIfNotInt32):
1241         (JSC::AssemblyHelpers::branchIfNumber):
1242         (JSC::AssemblyHelpers::branchIfNotNumber):
1243         (JSC::AssemblyHelpers::branchIfEmpty):
1244         (JSC::AssemblyHelpers::branchStructure):
1245         * jit/Repatch.cpp:
1246         (JSC::tryCachePutByID):
1247         * llint/LLIntSlowPaths.cpp:
1248         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1249         * llint/LowLevelInterpreter.asm:
1250         * llint/LowLevelInterpreter32_64.asm:
1251         * llint/LowLevelInterpreter64.asm:
1252         * runtime/InferredType.cpp: Added.
1253         (JSC::InferredType::create):
1254         (JSC::InferredType::destroy):
1255         (JSC::InferredType::createStructure):
1256         (JSC::InferredType::visitChildren):
1257         (JSC::InferredType::kindForFlags):
1258         (JSC::InferredType::Descriptor::forValue):
1259         (JSC::InferredType::Descriptor::forFlags):
1260         (JSC::InferredType::Descriptor::putByIdFlags):
1261         (JSC::InferredType::Descriptor::merge):
1262         (JSC::InferredType::Descriptor::removeStructure):
1263         (JSC::InferredType::Descriptor::subsumes):
1264         (JSC::InferredType::Descriptor::dumpInContext):
1265         (JSC::InferredType::Descriptor::dump):
1266         (JSC::InferredType::InferredType):
1267         (JSC::InferredType::~InferredType):
1268         (JSC::InferredType::canWatch):
1269         (JSC::InferredType::addWatchpoint):
1270         (JSC::InferredType::dump):
1271         (JSC::InferredType::willStoreValueSlow):
1272         (JSC::InferredType::makeTopSlow):
1273         (JSC::InferredType::set):
1274         (JSC::InferredType::removeStructure):
1275         (JSC::InferredType::InferredStructureWatchpoint::fireInternal):
1276         (JSC::InferredType::InferredStructureFinalizer::finalizeUnconditionally):
1277         (JSC::InferredType::InferredStructure::InferredStructure):
1278         (WTF::printInternal):
1279         * runtime/InferredType.h: Added.
1280         * runtime/InferredTypeTable.cpp: Added.
1281         (JSC::InferredTypeTable::create):
1282         (JSC::InferredTypeTable::destroy):
1283         (JSC::InferredTypeTable::createStructure):
1284         (JSC::InferredTypeTable::visitChildren):
1285         (JSC::InferredTypeTable::get):
1286         (JSC::InferredTypeTable::willStoreValue):
1287         (JSC::InferredTypeTable::makeTop):
1288         (JSC::InferredTypeTable::InferredTypeTable):
1289         (JSC::InferredTypeTable::~InferredTypeTable):
1290         * runtime/InferredTypeTable.h: Added.
1291         * runtime/JSObject.h:
1292         (JSC::JSObject::putDirectInternal):
1293         (JSC::JSObject::putDirectWithoutTransition):
1294         * runtime/Structure.cpp:
1295         (JSC::Structure::materializePropertyMap):
1296         (JSC::Structure::addPropertyTransition):
1297         (JSC::Structure::removePropertyTransition):
1298         (JSC::Structure::startWatchingInternalProperties):
1299         (JSC::Structure::willStoreValueSlow):
1300         (JSC::Structure::visitChildren):
1301         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1302         * runtime/Structure.h:
1303         (JSC::PropertyMapEntry::PropertyMapEntry):
1304         * runtime/StructureInlines.h:
1305         (JSC::Structure::get):
1306         * runtime/VM.cpp:
1307         (JSC::VM::VM):
1308         * runtime/VM.h:
1309         * tests/stress/prop-type-boolean-then-string.js: Added.
1310         * tests/stress/prop-type-int32-then-string.js: Added.
1311         * tests/stress/prop-type-number-then-string.js: Added.
1312         * tests/stress/prop-type-object-or-other-then-string.js: Added.
1313         * tests/stress/prop-type-object-then-string.js: Added.
1314         * tests/stress/prop-type-other-then-string.js: Added.
1315         * tests/stress/prop-type-string-then-object.js: Added.
1316         * tests/stress/prop-type-struct-or-other-then-string.js: Added.
1317         * tests/stress/prop-type-struct-then-object.js: Added.
1318         * tests/stress/prop-type-struct-then-object-opt.js: Added.
1319         * tests/stress/prop-type-struct-then-object-opt-fold.js: Added.
1320         * tests/stress/prop-type-struct-then-object-opt-multi.js: Added.
1321
1322 2015-09-21  Filip Pizlo  <fpizlo@apple.com>
1323
1324         WebCore shouldn't have to include DFG headers
1325         https://bugs.webkit.org/show_bug.cgi?id=149337
1326
1327         Reviewed by Michael Saboff.
1328
1329         This does some simple rewiring and outlining of CodeBlock/Heap functionality so that
1330         those headers don't have to include DFG headers. As a result, WebCore no longer includes
1331         DFG headers, except for two fairly innocent ones (DFGCommon.h and DFGCompilationMode.h).
1332         This also changes the Xcode project file so that all but those two headers are Project
1333         rather than Private. So, if WebCore accidentally includes any of them, we'll get a build
1334         error.
1335
1336         The main group of headers that this prevents WebCore from including are the DFGDesired*.h
1337         files and whatever those include. Those headers used to be fairly simple, but now they
1338         are growing in complexity (especially with things like http://webkit.org/b/148610). So,
1339         it makes sense to make sure they don't leak out of JSC.
1340
1341         * JavaScriptCore.xcodeproj/project.pbxproj:
1342         * bytecode/CallLinkInfo.cpp:
1343         (JSC::CallLinkInfo::CallLinkInfo):
1344         (JSC::CallLinkInfo::~CallLinkInfo):
1345         (JSC::CallLinkInfo::clearStub):
1346         (JSC::CallLinkInfo::visitWeak):
1347         (JSC::CallLinkInfo::setFrameShuffleData):
1348         * bytecode/CallLinkInfo.h:
1349         (JSC::CallLinkInfo::isVarargsCallType):
1350         (JSC::CallLinkInfo::specializationKindFor):
1351         (JSC::CallLinkInfo::frameShuffleData):
1352         (JSC::CallLinkInfo::CallLinkInfo): Deleted.
1353         (JSC::CallLinkInfo::~CallLinkInfo): Deleted.
1354         (JSC::CallLinkInfo::setFrameShuffleData): Deleted.
1355         * bytecode/CodeBlock.cpp:
1356         (JSC::CodeBlock::getOrAddArrayProfile):
1357         (JSC::CodeBlock::codeOrigins):
1358         (JSC::CodeBlock::numberOfDFGIdentifiers):
1359         (JSC::CodeBlock::identifier):
1360         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1361         * bytecode/CodeBlock.h:
1362         (JSC::CodeBlock::hasExpressionInfo):
1363         (JSC::CodeBlock::hasCodeOrigins):
1364         (JSC::CodeBlock::numberOfIdentifiers):
1365         (JSC::CodeBlock::identifier):
1366         (JSC::CodeBlock::codeOrigins): Deleted.
1367         (JSC::CodeBlock::numberOfDFGIdentifiers): Deleted.
1368         * bytecode/CodeOrigin.h:
1369         * dfg/DFGDesiredIdentifiers.cpp:
1370         * heap/Heap.cpp:
1371         (JSC::Heap::didFinishIterating):
1372         (JSC::Heap::completeAllDFGPlans):
1373         (JSC::Heap::markRoots):
1374         (JSC::Heap::deleteAllCodeBlocks):
1375         * heap/Heap.h:
1376         * heap/HeapInlines.h:
1377         (JSC::Heap::deprecatedReportExtraMemory):
1378         (JSC::Heap::forEachCodeBlock):
1379         (JSC::Heap::forEachProtectedCell):
1380         * runtime/Executable.h:
1381         * runtime/JSCInlines.h:
1382         (JSC::Heap::forEachCodeBlock): Deleted.
1383
1384 2015-09-21 Aleksandr Skachkov   <gskachkov@gmail.com>
1385
1386         Web Inspector: arrow function names are never inferred, call frames are labeled (anonymous function)
1387         https://bugs.webkit.org/show_bug.cgi?id=148318
1388
1389         Reviewed by Saam Barati.
1390
1391         Tiny change to support of the inferred name in arrow function
1392  
1393         * parser/ASTBuilder.h:
1394         (JSC::ASTBuilder::createAssignResolve):
1395
1396 2015-09-19 Aleksandr Skachkov   <gskachkov@gmail.com>
1397
1398         New tests introduced in r188545 fail on 32 bit ARM
1399         https://bugs.webkit.org/show_bug.cgi?id=148376
1400
1401         Reviewed by Saam Barati.
1402
1403         Added correct support of the ARM CPU in JIT functions that are related to arrow function.
1404
1405
1406         * dfg/DFGSpeculativeJIT.cpp:
1407         (JSC::DFG::SpeculativeJIT::compileNewFunction):
1408         * dfg/DFGSpeculativeJIT.h:
1409         (JSC::DFG::SpeculativeJIT::callOperation):
1410         * jit/JIT.h:
1411         * jit/JITInlines.h:
1412         (JSC::JIT::callOperation):
1413         * jit/JITOpcodes.cpp:
1414         (JSC::JIT::emitNewFuncExprCommon):
1415
1416 2015-09-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1417
1418         Implement Store expressions in WebAssembly
1419         https://bugs.webkit.org/show_bug.cgi?id=149395
1420
1421         Reviewed by Geoffrey Garen.
1422
1423         The Store instruction in WebAssembly stores a value in the linear memory
1424         at the given index. It can be both a statement and an expression. When
1425         it is an expression, it returns the assigned value. This patch
1426         implements Store as an expression.
1427
1428         Since Store uses two operands, which are the index and the value, we
1429         need to pop the two operands from the stack and push the value back to
1430         the stack. We can simply implement this by copying the value to where
1431         the index is in the stack.
1432
1433         * tests/stress/wasm-linear-memory.js:
1434         * wasm/WASMFunctionCompiler.h:
1435         (JSC::WASMFunctionCompiler::buildStore):
1436         * wasm/WASMFunctionParser.cpp:
1437         (JSC::WASMFunctionParser::parseStatement):
1438         (JSC::WASMFunctionParser::parseExpressionI32):
1439         (JSC::WASMFunctionParser::parseExpressionF32):
1440         (JSC::WASMFunctionParser::parseExpressionF64):
1441         (JSC::WASMFunctionParser::parseStore):
1442         * wasm/WASMFunctionParser.h:
1443         * wasm/WASMFunctionSyntaxChecker.h:
1444         (JSC::WASMFunctionSyntaxChecker::buildStore):
1445
1446 2015-09-20  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1447
1448         Implement SetLocal and SetGlobal expressions in WebAssembly
1449         https://bugs.webkit.org/show_bug.cgi?id=149383
1450
1451         Reviewed by Saam Barati.
1452
1453         SetLocal and SetGlobal in WebAssembly can be both statements and
1454         expressions. We have implemented the statement version. This patch
1455         implements the expression version.
1456
1457         SetLocal and SetGlobal expressions return the assigned value.
1458         Since SetLocal and SetGlobal use only one operand, which is the assigned
1459         value, we can simply implement them by not removing the value from the
1460         top of the stack.
1461
1462         * tests/stress/wasm-globals.js:
1463         * tests/stress/wasm-locals.js:
1464         * tests/stress/wasm/globals.wasm:
1465         * tests/stress/wasm/locals.wasm:
1466         * wasm/WASMConstants.h:
1467         * wasm/WASMFunctionCompiler.h:
1468         (JSC::WASMFunctionCompiler::buildSetLocal):
1469         (JSC::WASMFunctionCompiler::buildSetGlobal):
1470         * wasm/WASMFunctionParser.cpp:
1471         (JSC::WASMFunctionParser::parseStatement):
1472         (JSC::WASMFunctionParser::parseExpressionI32):
1473         (JSC::WASMFunctionParser::parseExpressionF32):
1474         (JSC::WASMFunctionParser::parseExpressionF64):
1475         (JSC::WASMFunctionParser::parseSetLocal):
1476         (JSC::WASMFunctionParser::parseSetGlobal):
1477         (JSC::WASMFunctionParser::parseSetLocalStatement): Deleted.
1478         (JSC::WASMFunctionParser::parseSetGlobalStatement): Deleted.
1479         * wasm/WASMFunctionParser.h:
1480         * wasm/WASMFunctionSyntaxChecker.h:
1481         (JSC::WASMFunctionSyntaxChecker::buildSetLocal):
1482         (JSC::WASMFunctionSyntaxChecker::buildSetGlobal):
1483
1484 2015-09-19 Aleksandr Skachkov    <gskachkov@gmail.com>
1485
1486         [ES6] Added controlFlowProfiler test for arrow function
1487         https://bugs.webkit.org/show_bug.cgi?id=145638
1488
1489         Reviewed by Saam Barati.
1490
1491         * Source/JavaScriptCore/tests/controlFlowProfiler/arrowfunction-expression.js: added
1492
1493 2015-09-20  Youenn Fablet  <youenn.fablet@crf.canon.fr>
1494
1495         Remove XHR_TIMEOUT compilation guard
1496         https://bugs.webkit.org/show_bug.cgi?id=149260
1497
1498         Reviewed by Benjamin Poulain.
1499
1500         * Configurations/FeatureDefines.xcconfig:
1501
1502 2015-09-19  Yusuke Suzuki  <utatane.tea@gmail.com>
1503
1504         [GTK] Unreviewed, should check the result of fread
1505         https://bugs.webkit.org/show_bug.cgi?id=148917
1506
1507         Suppress the build warning on GTK with GCC.
1508
1509         * jsc.cpp:
1510         (fillBufferWithContentsOfFile):
1511         (fetchModuleFromLocalFileSystem):
1512
1513 2015-09-19  Saam barati  <sbarati@apple.com>
1514
1515         VariableEnvironmentNode should inherit from ParserArenaDeletable because VariableEnvironment's must have their destructors run
1516         https://bugs.webkit.org/show_bug.cgi?id=149359
1517
1518         Reviewed by Andreas Kling.
1519
1520         VariableEnvironment must have its destructor run.
1521         Therefore, VariableEnvironmentNode should inherit from ParserArenaDeletable.
1522         Also, anything that inherits from VariableEnvironmentNode must use
1523         ParserArenaDeletable's operator new. Also, any other nodes that own
1524         a VariableEnvironment must also have their destructors run.
1525
1526         * parser/Nodes.h:
1527         (JSC::VariableEnvironmentNode::VariableEnvironmentNode):
1528
1529 2015-09-18  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1530
1531         Remove duplicate code in the WebAssembly parser
1532         https://bugs.webkit.org/show_bug.cgi?id=149361
1533
1534         Reviewed by Saam Barati.
1535
1536         Refactor the methods for parsing GetLocal and GetGlobal in WebAssembly
1537         to remove duplicate code.
1538
1539         * wasm/WASMFunctionParser.cpp:
1540         (JSC::nameOfType):
1541         (JSC::WASMFunctionParser::parseExpressionI32):
1542         (JSC::WASMFunctionParser::parseExpressionF32):
1543         (JSC::WASMFunctionParser::parseExpressionF64):
1544         (JSC::WASMFunctionParser::parseUnaryExpressionF64):
1545         (JSC::WASMFunctionParser::parseBinaryExpressionF64):
1546         (JSC::WASMFunctionParser::parseGetLocalExpression):
1547         (JSC::WASMFunctionParser::parseGetGlobalExpression):
1548         (JSC::WASMFunctionParser::parseGetLocalExpressionI32): Deleted.
1549         (JSC::WASMFunctionParser::parseGetGlobalExpressionI32): Deleted.
1550         (JSC::WASMFunctionParser::parseGetLocalExpressionF32): Deleted.
1551         (JSC::WASMFunctionParser::parseGetGlobalExpressionF32): Deleted.
1552         (JSC::WASMFunctionParser::parseGetLocalExpressionF64): Deleted.
1553         (JSC::WASMFunctionParser::parseGetGlobalExpressionF64): Deleted.
1554         * wasm/WASMFunctionParser.h:
1555
1556 2015-09-18  Saam barati  <sbarati@apple.com>
1557
1558         Refactor common code between GetCatchHandlerFunctor and UnwindFunctor
1559         https://bugs.webkit.org/show_bug.cgi?id=149276
1560
1561         Reviewed by Mark Lam.
1562
1563         There is currently code copy-pasted between these
1564         two functors. Lets not do that. It's better to write
1565         a function, even if the function is small.
1566
1567         I also did a bit of renaming to make the intent of the
1568         unwindCallFrame function clear. The name of the function
1569         didn't really indicate what it did. It decided if it was
1570         okay to unwind further, and it also notified the debugger.
1571         I've renamed the function to notifyDebuggerOfUnwinding.
1572         And I've inlined the logic of deciding if it's okay
1573         to unwind further into UnwindFunctor itself.
1574
1575         * interpreter/Interpreter.cpp:
1576         (JSC::Interpreter::isOpcode):
1577         (JSC::getStackFrameCodeType):
1578         (JSC::Interpreter::stackTraceAsString):
1579         (JSC::findExceptionHandler):
1580         (JSC::GetCatchHandlerFunctor::GetCatchHandlerFunctor):
1581         (JSC::GetCatchHandlerFunctor::operator()):
1582         (JSC::notifyDebuggerOfUnwinding):
1583         (JSC::UnwindFunctor::UnwindFunctor):
1584         (JSC::UnwindFunctor::operator()):
1585         (JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
1586         (JSC::unwindCallFrame): Deleted.
1587
1588 2015-09-18  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1589
1590         Implement the arithmetic instructions for doubles in WebAssembly
1591         https://bugs.webkit.org/show_bug.cgi?id=148945
1592
1593         Reviewed by Geoffrey Garen.
1594
1595         This patch implements the arithmetic instructions for doubles (float64)
1596         in WebAssembly.
1597
1598         * tests/stress/wasm-arithmetic-float64.js:
1599         * tests/stress/wasm/arithmetic-float64.wasm:
1600         * wasm/WASMFunctionCompiler.h:
1601         (JSC::WASMFunctionCompiler::buildUnaryF64):
1602         (JSC::WASMFunctionCompiler::buildBinaryF64):
1603         (JSC::WASMFunctionCompiler::callOperation):
1604         * wasm/WASMFunctionParser.cpp:
1605         (JSC::WASMFunctionParser::parseExpressionF64):
1606         (JSC::WASMFunctionParser::parseUnaryExpressionF64):
1607         (JSC::WASMFunctionParser::parseBinaryExpressionF64):
1608         * wasm/WASMFunctionParser.h:
1609         * wasm/WASMFunctionSyntaxChecker.h:
1610         (JSC::WASMFunctionSyntaxChecker::buildUnaryF64):
1611         (JSC::WASMFunctionSyntaxChecker::buildBinaryF32):
1612         (JSC::WASMFunctionSyntaxChecker::buildBinaryF64):
1613
1614 2015-09-18  Basile Clement  <basile_clement@apple.com>
1615
1616         [ES6] Tail call fast path should efficiently reuse the frame's stack space
1617         https://bugs.webkit.org/show_bug.cgi?id=148662
1618
1619         Reviewed by Geoffrey Garen.
1620
1621         This introduces a new class (CallFrameShuffler) that is responsible for
1622         efficiently building the new frames when performing a tail call. In
1623         order for Repatch to know about the position of arguments on the
1624         stack/registers (e.g. for polymorphic call inline caches), we store a
1625         CallFrameShuffleData in the CallLinkInfo. Otherwise, the JIT and DFG
1626         compiler are now using CallFrameShuffler instead of
1627         CCallHelpers::prepareForTailCallSlow() to build the frame for a tail
1628         call.
1629
1630         When taking a slow path, we still build the frame as if doing a regular
1631         call, because we could throw an exception and need the caller's frame
1632         at that point. This means that for virtual calls, we don't benefit from
1633         the efficient frame move for now.
1634
1635         * CMakeLists.txt:
1636         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1637         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1638         * JavaScriptCore.xcodeproj/project.pbxproj:
1639         * assembler/ARMv7Assembler.h:
1640         (JSC::ARMv7Assembler::firstRegister):
1641         (JSC::ARMv7Assembler::lastRegister):
1642         (JSC::ARMv7Assembler::firstFPRegister):
1643         (JSC::ARMv7Assembler::lastFPRegister):
1644         * assembler/AbortReason.h:
1645         * bytecode/CallLinkInfo.h:
1646         (JSC::CallLinkInfo::setFrameShuffleData):
1647         (JSC::CallLinkInfo::frameShuffleData):
1648         * bytecode/ValueRecovery.h:
1649         (JSC::ValueRecovery::inRegister):
1650         * dfg/DFGGenerationInfo.h:
1651         (JSC::DFG::GenerationInfo::recovery):
1652         * jit/CachedRecovery.cpp: Added.
1653         (JSC::CachedRecovery::loadsIntoFPR):
1654         (JSC::CachedRecovery::loadsIntoGPR):
1655         * jit/CachedRecovery.h: Added.
1656         (JSC::CachedRecovery::CachedRecovery):
1657         (JSC::CachedRecovery::targets):
1658         (JSC::CachedRecovery::addTarget):
1659         (JSC::CachedRecovery::removeTarget):
1660         (JSC::CachedRecovery::clearTargets):
1661         (JSC::CachedRecovery::setWantedJSValueRegs):
1662         (JSC::CachedRecovery::setWantedFPR):
1663         (JSC::CachedRecovery::boxingRequiresGPR):
1664         (JSC::CachedRecovery::boxingRequiresFPR):
1665         (JSC::CachedRecovery::recovery):
1666         (JSC::CachedRecovery::setRecovery):
1667         (JSC::CachedRecovery::wantedJSValueRegs):
1668         (JSC::CachedRecovery::wantedFPR):
1669         * jit/CallFrameShuffleData.cpp: Added.
1670         (JSC::CallFrameShuffleData::setupCalleeSaveRegisters):
1671         * jit/CallFrameShuffleData.h: Added.
1672         * jit/CallFrameShuffler.cpp: Added.
1673         (JSC::CallFrameShuffler::CallFrameShuffler):
1674         (JSC::CallFrameShuffler::dump):
1675         (JSC::CallFrameShuffler::getCachedRecovery):
1676         (JSC::CallFrameShuffler::setCachedRecovery):
1677         (JSC::CallFrameShuffler::spill):
1678         (JSC::CallFrameShuffler::emitDeltaCheck):
1679         (JSC::CallFrameShuffler::prepareForSlowPath):
1680         (JSC::CallFrameShuffler::prepareForTailCall):
1681         (JSC::CallFrameShuffler::tryWrites):
1682         (JSC::CallFrameShuffler::performSafeWrites):
1683         (JSC::CallFrameShuffler::prepareAny):
1684         * jit/CallFrameShuffler.h: Added.
1685         (JSC::CallFrameShuffler::lockGPR):
1686         (JSC::CallFrameShuffler::acquireGPR):
1687         (JSC::CallFrameShuffler::releaseGPR):
1688         (JSC::CallFrameShuffler::snapshot):
1689         (JSC::CallFrameShuffler::setCalleeJSValueRegs):
1690         (JSC::CallFrameShuffler::assumeCalleeIsCell):
1691         (JSC::CallFrameShuffler::canBox):
1692         (JSC::CallFrameShuffler::ensureBox):
1693         (JSC::CallFrameShuffler::ensureLoad):
1694         (JSC::CallFrameShuffler::canLoadAndBox):
1695         (JSC::CallFrameShuffler::updateRecovery):
1696         (JSC::CallFrameShuffler::clearCachedRecovery):
1697         (JSC::CallFrameShuffler::addCachedRecovery):
1698         (JSC::CallFrameShuffler::numLocals):
1699         (JSC::CallFrameShuffler::getOld):
1700         (JSC::CallFrameShuffler::setOld):
1701         (JSC::CallFrameShuffler::firstOld):
1702         (JSC::CallFrameShuffler::lastOld):
1703         (JSC::CallFrameShuffler::isValidOld):
1704         (JSC::CallFrameShuffler::argCount):
1705         (JSC::CallFrameShuffler::getNew):
1706         (JSC::CallFrameShuffler::setNew):
1707         (JSC::CallFrameShuffler::addNew):
1708         (JSC::CallFrameShuffler::firstNew):
1709         (JSC::CallFrameShuffler::lastNew):
1710         (JSC::CallFrameShuffler::isValidNew):
1711         (JSC::CallFrameShuffler::newAsOld):
1712         (JSC::CallFrameShuffler::getFreeRegister):
1713         (JSC::CallFrameShuffler::getFreeGPR):
1714         (JSC::CallFrameShuffler::getFreeFPR):
1715         (JSC::CallFrameShuffler::hasFreeRegister):
1716         (JSC::CallFrameShuffler::ensureRegister):
1717         (JSC::CallFrameShuffler::ensureGPR):
1718         (JSC::CallFrameShuffler::ensureFPR):
1719         (JSC::CallFrameShuffler::addressForOld):
1720         (JSC::CallFrameShuffler::isUndecided):
1721         (JSC::CallFrameShuffler::isSlowPath):
1722         (JSC::CallFrameShuffler::addressForNew):
1723         (JSC::CallFrameShuffler::dangerFrontier):
1724         (JSC::CallFrameShuffler::isDangerNew):
1725         (JSC::CallFrameShuffler::updateDangerFrontier):
1726         (JSC::CallFrameShuffler::hasOnlySafeWrites):
1727         * jit/CallFrameShuffler32_64.cpp: Added.
1728         (JSC::CallFrameShuffler::emitStore):
1729         (JSC::CallFrameShuffler::emitBox):
1730         (JSC::CallFrameShuffler::emitLoad):
1731         (JSC::CallFrameShuffler::canLoad):
1732         (JSC::CallFrameShuffler::emitDisplace):
1733         * jit/CallFrameShuffler64.cpp: Added.
1734         (JSC::CallFrameShuffler::emitStore):
1735         (JSC::CallFrameShuffler::emitBox):
1736         (JSC::CallFrameShuffler::emitLoad):
1737         (JSC::CallFrameShuffler::canLoad):
1738         (JSC::CallFrameShuffler::emitDisplace):
1739         * jit/JITCall.cpp:
1740         (JSC::JIT::compileOpCall):
1741         (JSC::JIT::compileOpCallSlowCase):
1742         * jit/RegisterMap.cpp:
1743         (JSC::RegisterMap::RegisterMap):
1744         (JSC::GPRMap::GPRMap):
1745         (JSC::FPRMap::FPRMap):
1746         * jit/Repatch.cpp:
1747         (JSC::linkPolymorphicCall):
1748
1749 2015-09-18  Saam barati  <sbarati@apple.com>
1750
1751         Implement try/catch in the DFG.
1752         https://bugs.webkit.org/show_bug.cgi?id=147374
1753
1754         Reviewed by Filip Pizlo.
1755
1756         This patch implements try/catch inside the DFG JIT.
1757         It also prevents tier up to the FTL for any functions
1758         that have an op_catch in them that are DFG compiled.
1759
1760         This patch accomplishes implementing try/catch inside
1761         the DFG by OSR exiting to op_catch when an exception is thrown.
1762         We can OSR exit from an exception inside the DFG in two ways:
1763         1) We have a JS call (can also be via implicit getter/setter in GetById/PutById)
1764         2) We have an exception when returing from a callOperation
1765
1766         In the case of (1), we get to the OSR exit from genericUnwind because
1767         the exception was thrown in a child call frame. This means these
1768         OSR exits must act as defacto op_catches (even though we will still OSR
1769         exit to a baseline op_catch). That means they must restore the stack pointer
1770         and call frame.
1771
1772         In the case of (2), we can skip genericUnwind because we know the exception 
1773         check will take us to a particular OSR exit. Instead, we link these
1774         exception checks as jumps to a particular OSR exit.
1775
1776         Both types of OSR exits will exit into op_catch inside the baseline JIT.
1777         Because they exit to op_catch, these OSR exits must set callFrameForCatch
1778         to the proper call frame pointer.
1779
1780         We "handle" all exceptions inside the machine frame of the DFG code
1781         block. This means the machine code block is responsible for "catching"
1782         exceptions of any inlined frames' try/catch. OSR exit will then exit to 
1783         the proper baseline CodeBlock after reifying the inlined frames
1784         (DFG::OSRExit::m_codeOrigin corresponds to the op_catch we will exit to). 
1785         Also, genericUnwind will never consult an inlined call frame's CodeBlock to 
1786         see if they can catch the exception because they can't. We always unwind to the 
1787         next machine code block frame. The DFG CodeBlock changes how the exception 
1788         handler table is keyed: it is now keyed by CallSiteIndex for DFG code blocks. 
1789
1790         So, when consulting call sites that throw, we keep track of the CallSiteIndex,
1791         and the HandlerInfo for the corresponding baseline exception handler for
1792         that particular CallSiteIndex (if an exception at that call site will be caught). 
1793         Then, when we're inside DFG::JITCompiler::link(), we install new HandlerInfo's
1794         inside the DFG CodeBlock and key it by the corresponding CallSiteIndex.
1795         (The CodeBlock only has HandlerInfos for the OSR exits that are to be arrived
1796         at from genericUnwind).
1797
1798         Also, each OSR exit will know if it acting as an exception handler, and
1799         whether or not it will be arrived at from genericUnwind. When we know we 
1800         will arrive at an OSR exit from genericUnwind, we set the corresponding 
1801         HandlerInfo's nativeCode CodeLocationLabel field to be the OSR exit.
1802
1803         This patch also introduces a new Phase inside the DFG that ensures
1804         that DFG CodeBlocks that handle exceptions take the necessary
1805         steps to keep live variables at "op_catch" live according the
1806         OSR exit value recovery machinery. We accomplish this by flushing
1807         all live op_catch variables to the stack when inside a "try" block.
1808
1809         * CMakeLists.txt:
1810         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1811         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1812         * JavaScriptCore.xcodeproj/project.pbxproj:
1813         * bytecode/CodeBlock.cpp:
1814         (JSC::CodeBlock::handlerForBytecodeOffset):
1815         (JSC::CodeBlock::handlerForIndex):
1816         * bytecode/CodeBlock.h:
1817         (JSC::CodeBlock::clearExceptionHandlers):
1818         (JSC::CodeBlock::appendExceptionHandler):
1819         * bytecode/PreciseJumpTargets.cpp:
1820         (JSC::computePreciseJumpTargets):
1821         * dfg/DFGByteCodeParser.cpp:
1822         (JSC::DFG::ByteCodeParser::getLocal):
1823         (JSC::DFG::ByteCodeParser::setLocal):
1824         (JSC::DFG::ByteCodeParser::parseBlock):
1825         * dfg/DFGCapabilities.cpp:
1826         (JSC::DFG::capabilityLevel):
1827         * dfg/DFGCommonData.cpp:
1828         (JSC::DFG::CommonData::addCodeOrigin):
1829         (JSC::DFG::CommonData::lastCallSite):
1830         (JSC::DFG::CommonData::shrinkToFit):
1831         * dfg/DFGCommonData.h:
1832         * dfg/DFGGraph.h:
1833         * dfg/DFGJITCompiler.cpp:
1834         (JSC::DFG::JITCompiler::linkOSRExits):
1835         (JSC::DFG::JITCompiler::link):
1836         (JSC::DFG::JITCompiler::compile):
1837         (JSC::DFG::JITCompiler::noticeOSREntry):
1838         (JSC::DFG::JITCompiler::appendExceptionHandlingOSRExit):
1839         (JSC::DFG::JITCompiler::willCatchExceptionInMachineFrame):
1840         (JSC::DFG::JITCompiler::exceptionCheck):
1841         (JSC::DFG::JITCompiler::recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded):
1842         * dfg/DFGJITCompiler.h:
1843         (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
1844         (JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
1845         (JSC::DFG::JITCompiler::appendCall):
1846         (JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
1847         (JSC::DFG::JITCompiler::blockHeads):
1848         (JSC::DFG::JITCompiler::exceptionCheck): Deleted.
1849         * dfg/DFGLiveCatchVariablePreservationPhase.cpp: Added.
1850         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::FlushLiveCatchVariablesInsertionPhase):
1851         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::run):
1852         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::willCatchException):
1853         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::handleBlock):
1854         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::newVariableAccessData):
1855         (JSC::DFG::performLiveCatchVariablePreservationPhase):
1856         * dfg/DFGLiveCatchVariablePreservationPhase.h: Added.
1857         * dfg/DFGOSRExit.cpp:
1858         (JSC::DFG::OSRExit::OSRExit):
1859         (JSC::DFG::OSRExit::setPatchableCodeOffset):
1860         * dfg/DFGOSRExit.h:
1861         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
1862         * dfg/DFGOSRExitCompiler.cpp:
1863         * dfg/DFGOSRExitCompiler32_64.cpp:
1864         (JSC::DFG::OSRExitCompiler::compileExit):
1865         * dfg/DFGOSRExitCompiler64.cpp:
1866         (JSC::DFG::OSRExitCompiler::compileExit):
1867         * dfg/DFGOSRExitCompilerCommon.cpp:
1868         (JSC::DFG::osrWriteBarrier):
1869         (JSC::DFG::adjustAndJumpToTarget):
1870         * dfg/DFGOSRExitCompilerCommon.h:
1871         * dfg/DFGPlan.cpp:
1872         (JSC::DFG::Plan::compileInThreadImpl):
1873         * dfg/DFGSlowPathGenerator.h:
1874         (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
1875         (JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
1876         (JSC::DFG::SlowPathGenerator::generate):
1877         * dfg/DFGSpeculativeJIT.h:
1878         * dfg/DFGSpeculativeJIT32_64.cpp:
1879         (JSC::DFG::SpeculativeJIT::cachedGetById):
1880         (JSC::DFG::SpeculativeJIT::cachedPutById):
1881         (JSC::DFG::SpeculativeJIT::emitCall):
1882         * dfg/DFGSpeculativeJIT64.cpp:
1883         (JSC::DFG::SpeculativeJIT::cachedGetById):
1884         (JSC::DFG::SpeculativeJIT::cachedPutById):
1885         (JSC::DFG::SpeculativeJIT::emitCall):
1886         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1887         (JSC::DFG::TierUpCheckInjectionPhase::run):
1888         * ftl/FTLOSRExitCompiler.cpp:
1889         (JSC::FTL::compileStub):
1890         * interpreter/Interpreter.cpp:
1891         (JSC::GetCatchHandlerFunctor::operator()):
1892         (JSC::UnwindFunctor::operator()):
1893         * interpreter/StackVisitor.cpp:
1894         (JSC::StackVisitor::gotoNextFrame):
1895         (JSC::StackVisitor::unwindToMachineCodeBlockFrame):
1896         (JSC::StackVisitor::readFrame):
1897         * interpreter/StackVisitor.h:
1898         (JSC::StackVisitor::operator*):
1899         (JSC::StackVisitor::operator->):
1900         * jit/AssemblyHelpers.cpp:
1901         (JSC::AssemblyHelpers::emitExceptionCheck):
1902         (JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
1903         (JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
1904         * jit/AssemblyHelpers.h:
1905         (JSC::AssemblyHelpers::emitCount):
1906         * jit/JITExceptions.cpp:
1907         (JSC::genericUnwind):
1908         * jit/JITOpcodes.cpp:
1909         (JSC::JIT::emit_op_catch):
1910         * jit/JITOpcodes32_64.cpp:
1911         (JSC::JIT::emit_op_catch):
1912         * llint/LowLevelInterpreter32_64.asm:
1913         * llint/LowLevelInterpreter64.asm:
1914         * runtime/VM.cpp:
1915         (JSC::VM::VM):
1916         * runtime/VM.h:
1917         (JSC::VM::clearException):
1918         (JSC::VM::clearLastException):
1919         (JSC::VM::addressOfCallFrameForCatch):
1920         (JSC::VM::exception):
1921         (JSC::VM::addressOfException):
1922         * tests/stress/dfg-exception-try-catch-in-constructor-with-inlined-throw.js: Added.
1923         (f):
1924         (bar):
1925         (Foo):
1926         * tests/stress/es6-for-of-loop-exception.js: Added.
1927         (assert):
1928         (shouldThrowInvalidConstAssignment):
1929         (baz):
1930         (foo):
1931         * tests/stress/exception-dfg-inlined-frame-not-strict-equal.js: Added.
1932         (assert):
1933         (o.valueOf):
1934         (o.toString):
1935         (read):
1936         (bar):
1937         (foo):
1938         * tests/stress/exception-dfg-not-strict-equal.js: Added.
1939         (foo):
1940         (o.valueOf):
1941         (o.toString):
1942         (assert):
1943         (shouldDoSomethingInFinally):
1944         (catch):
1945         * tests/stress/exception-dfg-operation-read-value.js: Added.
1946         (assert):
1947         (o.valueOf):
1948         (o.toString):
1949         (read):
1950         (foo):
1951         * tests/stress/exception-dfg-throw-from-catch-block.js: Added.
1952         (assert):
1953         (baz):
1954         (bar):
1955         (foo):
1956
1957 2015-09-18  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1958
1959         Implement linear memory instructions in WebAssembly
1960         https://bugs.webkit.org/show_bug.cgi?id=149326
1961
1962         Reviewed by Geoffrey Garen.
1963
1964         This patch implements linear memory instructions in WebAssembly.[1] To
1965         use the linear memory, an ArrayBuffer must be passed to loadWebAssembly().
1966
1967         Notes:
1968         - We limit the ArrayBuffer's byte length to 2^31 - 1. This enables us to
1969           use only one comparison (unsigned greater than) to check for
1970           out-of-bounds access.
1971         - There is no consensus yet on what should happen when an out-of-bounds
1972           access occurs.[2] For now, we throw an error when that happens.
1973         - In asm.js, a heap access looks like this: int32Array[i >> 2]. Note
1974           that ">> 2" is part of the syntax and is required. pack-asmjs will
1975           produce bytecodes that look something like "LoadI32, i" (not
1976           "LoadI32, ShiftRightI32, i, 2"). The requirement of the shift operator
1977           prevents unaligned accesses in asm.js. (There is a proposal to support
1978           unaligned accesses in the future version of asm.js using DataView.[3])
1979           The WebAssembly spec allows unaligned accesses.[4] But since we use
1980           asm.js for testing, we follow asm.js's behaviors for now.
1981
1982         [1]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#linear-memory
1983         [2]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#out-of-bounds
1984         [3]: https://wiki.mozilla.org/Javascript:SpiderMonkey:OdinMonkey#Possible_asm.js_extensions_that_don.27t_require_new_JS_features
1985         [4]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#alignment
1986
1987         * jit/JITOperations.cpp:
1988         * jit/JITOperations.h:
1989         * jsc.cpp:
1990         (GlobalObject::finishCreation):
1991         (functionLoadWebAssembly):
1992         * tests/stress/wasm-linear-memory.js: Added.
1993         (shouldBe):
1994         (shouldThrow):
1995         * tests/stress/wasm/linear-memory.wasm: Added.
1996         * wasm/JSWASMModule.cpp:
1997         (JSC::JSWASMModule::JSWASMModule):
1998         (JSC::JSWASMModule::visitChildren):
1999         * wasm/JSWASMModule.h:
2000         (JSC::JSWASMModule::create):
2001         (JSC::JSWASMModule::arrayBuffer):
2002         (JSC::JSWASMModule::JSWASMModule): Deleted.
2003         * wasm/WASMConstants.h:
2004         * wasm/WASMFunctionCompiler.h:
2005         (JSC::sizeOfMemoryType):
2006         (JSC::WASMFunctionCompiler::MemoryAddress::MemoryAddress):
2007         (JSC::WASMFunctionCompiler::endFunction):
2008         (JSC::WASMFunctionCompiler::buildLoad):
2009         (JSC::WASMFunctionCompiler::buildStore):
2010         * wasm/WASMFunctionParser.cpp:
2011         (JSC::WASMFunctionParser::parseStatement):
2012         (JSC::WASMFunctionParser::parseExpressionI32):
2013         (JSC::WASMFunctionParser::parseExpressionF32):
2014         (JSC::WASMFunctionParser::parseExpressionF64):
2015         (JSC::WASMFunctionParser::parseMemoryAddress):
2016         (JSC::WASMFunctionParser::parseLoad):
2017         (JSC::WASMFunctionParser::parseStore):
2018         * wasm/WASMFunctionParser.h:
2019         * wasm/WASMFunctionSyntaxChecker.h:
2020         (JSC::WASMFunctionSyntaxChecker::MemoryAddress::MemoryAddress):
2021         (JSC::WASMFunctionSyntaxChecker::buildLoad):
2022         (JSC::WASMFunctionSyntaxChecker::buildStore):
2023         * wasm/WASMModuleParser.cpp:
2024         (JSC::WASMModuleParser::WASMModuleParser):
2025         (JSC::WASMModuleParser::parseModule):
2026         (JSC::parseWebAssembly):
2027         (JSC::WASMModuleParser::parse): Deleted.
2028         * wasm/WASMModuleParser.h:
2029
2030 2015-09-18  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2031
2032         Implement type conversion instructions in WebAssembly
2033         https://bugs.webkit.org/show_bug.cgi?id=149340
2034
2035         Reviewed by Mark Lam.
2036
2037         This patch implements some type conversion instructions in WebAssembly.
2038         The WebAssembly spec has a lot more type conversion instructions than
2039         what are available in asm.js.[1] We only implement the ones that are in
2040         asm.js for now because we can only test those.
2041
2042         [1]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md
2043
2044         * tests/stress/wasm-type-conversion.js:
2045         * tests/stress/wasm/type-conversion.wasm:
2046         * wasm/WASMConstants.h:
2047         * wasm/WASMFunctionCompiler.h:
2048         (JSC::operationConvertUnsignedInt32ToDouble):
2049         (JSC::WASMFunctionCompiler::buildConvertType):
2050         (JSC::WASMFunctionCompiler::callOperation):
2051         * wasm/WASMFunctionParser.cpp:
2052         (JSC::WASMFunctionParser::parseExpressionI32):
2053         (JSC::WASMFunctionParser::parseExpressionF32):
2054         (JSC::WASMFunctionParser::parseExpressionF64):
2055         (JSC::WASMFunctionParser::parseConvertType):
2056         * wasm/WASMFunctionParser.h:
2057         * wasm/WASMFunctionSyntaxChecker.h:
2058         (JSC::WASMFunctionSyntaxChecker::buildConvertType):
2059
2060 2015-09-18  Alex Christensen  <achristensen@webkit.org>
2061
2062         Fix tests on Windows after switching to CMake.
2063         https://bugs.webkit.org/show_bug.cgi?id=149339
2064
2065         Reviewed by Brent Fulgham.
2066
2067         * shell/PlatformWin.cmake:
2068         Build testapi and testRegExp (which doesn't seem to be used any more).
2069
2070 2015-09-17  Brian Burg  <bburg@apple.com>
2071
2072         ASSERT(!m_frontendRouter->hasLocalFrontend()) when running Web Inspector tests
2073         https://bugs.webkit.org/show_bug.cgi?id=149006
2074
2075         Reviewed by Joseph Pecoraro.
2076
2077         Prior to disconnecting, we need to know how many frontends remain connected.
2078
2079         * inspector/InspectorFrontendRouter.h: Add frontendCount().
2080
2081 2015-09-18  Yusuke Suzuki  <utatane.tea@gmail.com>
2082
2083         Explicitly specify builtin JS files dependency
2084         https://bugs.webkit.org/show_bug.cgi?id=149323
2085
2086         Reviewed by Alex Christensen.
2087
2088         JSCBuiltins.{h,cpp} in CMakeLists.txt and DerivedSources.make just depend on the builtins directory.
2089         As a result, even if we modify builtins/*.js code, regenerating JSCBuiltins.{h,cpp} does not occur.
2090         As the same to the cpp sources, let's list up the JS files explicitly.
2091
2092         * CMakeLists.txt:
2093         * DerivedSources.make:
2094
2095 2015-09-18  Michael Saboff  <msaboff@apple.com>
2096
2097         Remove register preservation and restoration stub code
2098         https://bugs.webkit.org/show_bug.cgi?id=149335
2099
2100         Reviewed by Mark Lam.
2101
2102         Delete the register preservation and restoration thunks and related plumbing.
2103
2104         Much of this change is removing the unneeded RegisterPreservationMode parameter
2105         from various functions.
2106
2107         * CMakeLists.txt:
2108         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2109         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2110         * JavaScriptCore.xcodeproj/project.pbxproj:
2111         * bytecode/CallLinkInfo.h:
2112         (JSC::CallLinkInfo::isVarargsCallType):
2113         (JSC::CallLinkInfo::CallLinkInfo):
2114         (JSC::CallLinkInfo::isVarargs):
2115         (JSC::CallLinkInfo::isLinked):
2116         (JSC::CallLinkInfo::setUpCallFromFTL):
2117         (JSC::CallLinkInfo::registerPreservationMode): Deleted.
2118         * ftl/FTLJITCode.cpp:
2119         (JSC::FTL::JITCode::initializeAddressForCall):
2120         (JSC::FTL::JITCode::addressForCall):
2121         * ftl/FTLJITCode.h:
2122         * ftl/FTLOSREntry.cpp:
2123         (JSC::FTL::prepareOSREntry):
2124         * ftl/FTLOSRExitCompiler.cpp:
2125         (JSC::FTL::compileStub):
2126         * jit/JITCode.cpp:
2127         (JSC::JITCode::execute):
2128         (JSC::DirectJITCode::initializeCodeRef):
2129         (JSC::DirectJITCode::addressForCall):
2130         (JSC::NativeJITCode::initializeCodeRef):
2131         (JSC::NativeJITCode::addressForCall):
2132         (JSC::DirectJITCode::ensureWrappers): Deleted.
2133         * jit/JITCode.h:
2134         (JSC::JITCode::jitTypeFor):
2135         (JSC::JITCode::executableAddress):
2136         * jit/JITOperations.cpp:
2137         * jit/RegisterPreservationWrapperGenerator.cpp: Removed.
2138         * jit/RegisterPreservationWrapperGenerator.h: Removed.
2139         * jit/Repatch.cpp:
2140         (JSC::linkPolymorphicCall):
2141         * jit/ThunkGenerators.cpp:
2142         (JSC::virtualThunkFor):
2143         * jit/ThunkGenerators.h:
2144         * llint/LLIntSlowPaths.cpp:
2145         (JSC::LLInt::entryOSR):
2146         (JSC::LLInt::setUpCall):
2147         * runtime/Executable.cpp:
2148         (JSC::ExecutableBase::clearCode):
2149         (JSC::ScriptExecutable::installCode):
2150         (JSC::WebAssemblyExecutable::prepareForExecution):
2151         * runtime/Executable.h:
2152         (JSC::ExecutableBase::generatedJITCodeFor):
2153         (JSC::ExecutableBase::entrypointFor):
2154         (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
2155         * runtime/RegisterPreservationMode.h: Removed.
2156
2157 2015-09-17  Joseph Pecoraro  <pecoraro@apple.com>
2158
2159         Web Inspector: Remove unused canClearBrowserCookies / canClearBrowserCache protocol methods
2160         https://bugs.webkit.org/show_bug.cgi?id=149307
2161
2162         Reviewed by Brian Burg.
2163
2164         * inspector/protocol/Network.json:
2165         Remove unused protocol methods.
2166
2167 2015-09-17  Commit Queue  <commit-queue@webkit.org>
2168
2169         Unreviewed, rolling out r189938, r189952, and r189956.
2170         https://bugs.webkit.org/show_bug.cgi?id=149329
2171
2172         Broke Web Workers (Requested by ap on #webkit).
2173
2174         Reverted changesets:
2175
2176         "Implement try/catch in the DFG."
2177         https://bugs.webkit.org/show_bug.cgi?id=147374
2178         http://trac.webkit.org/changeset/189938
2179
2180         "CLoop build fix after r189938."
2181         http://trac.webkit.org/changeset/189952
2182
2183         "add a regress test for richards with try/catch."
2184         https://bugs.webkit.org/show_bug.cgi?id=149301
2185         http://trac.webkit.org/changeset/189956
2186
2187 2015-09-17  Ryosuke Niwa  <rniwa@webkit.org>
2188
2189         CLoop build fix after r189938.
2190
2191         * interpreter/StackVisitor.cpp:
2192         (JSC::StackVisitor::unwindToMachineCodeBlockFrame):
2193
2194 2015-09-17  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2195
2196         Convert return values from JavaScript functions to the expected types in WebAssembly
2197         https://bugs.webkit.org/show_bug.cgi?id=149200
2198
2199         Reviewed by Mark Lam.
2200
2201         When a WebAssembly function calls a JavaScript function, there is no
2202         guarantee that the JavaScript function will always return values of the
2203         type we expect. This patch converts the return values to the expected
2204         types.
2205
2206         (The reverse is also true: When a WebAssembly function is called from a
2207         JavaScript function, there is no guarantee that the arguments to the
2208         WebAssembly function will always be of the types we expect. We have
2209         fixed this in Bug 149033.)
2210
2211         We don't need to type check the return values if the callee is a
2212         WebAssembly function. We don't need to type check the arguments if the
2213         caller is a WebAssembly function. This optimization will be
2214         implemented in the future. See https://bugs.webkit.org/show_bug.cgi?id=149310
2215
2216         * tests/stress/wasm-type-conversion.js:
2217         * tests/stress/wasm/type-conversion.wasm:
2218         * wasm/WASMFunctionCompiler.h:
2219         (JSC::WASMFunctionCompiler::startFunction):
2220         (JSC::WASMFunctionCompiler::buildReturn):
2221         (JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
2222         (JSC::WASMFunctionCompiler::callAndUnboxResult):
2223         (JSC::WASMFunctionCompiler::convertValueToInt32):
2224         (JSC::WASMFunctionCompiler::convertValueToDouble):
2225         (JSC::WASMFunctionCompiler::convertDoubleToValue):
2226         (JSC::WASMFunctionCompiler::loadValueAndConvertToInt32): Deleted.
2227         (JSC::WASMFunctionCompiler::loadValueAndConvertToDouble): Deleted.
2228         * wasm/WASMFunctionParser.cpp:
2229         (JSC::WASMFunctionParser::parseExpressionI32):
2230         (JSC::WASMFunctionParser::parseExpressionF32):
2231         (JSC::WASMFunctionParser::parseExpressionF64):
2232         (JSC::WASMFunctionParser::parseCallInternalExpressionI32): Deleted.
2233         * wasm/WASMFunctionParser.h:
2234
2235 2015-09-17  Yusuke Suzuki  <utatane.tea@gmail.com>
2236
2237         [ES6] Add more fine-grained APIs and additional hooks to control module loader from WebCore
2238         https://bugs.webkit.org/show_bug.cgi?id=149129
2239
2240         Reviewed by Saam Barati.
2241
2242         No behavior change.
2243
2244         Module tag `<script type="module>` will be executed asynchronously.
2245         But we would like to fetch the resources before when the postTask-ed task is performed.
2246         So instead of 1 API that fetch, instantiate and execute the module,
2247         we need 2 fine-grained APIs.
2248
2249         1. Fetch and initialize a module, but not execute it yet.
2250         2. Link and execute a module specified by the key (this will be invoked asynchronously).
2251
2252         And to instrument the script execution (like reporting the execution time of the module to
2253         the inspector), we need a hook to inject code around an execution of a module body.
2254
2255         * builtins/ModuleLoaderObject.js:
2256         (moduleEvaluation):
2257         (loadAndEvaluateModule):
2258         (loadModule):
2259         (linkAndEvaluateModule):
2260         * jsc.cpp:
2261         (functionLoadModule):
2262         (runWithScripts):
2263         * runtime/Completion.cpp:
2264         (JSC::identifierToJSValue):
2265         (JSC::createSymbolForEntryPointModule):
2266         (JSC::rejectPromise):
2267         (JSC::loadAndEvaluateModule):
2268         (JSC::loadModule):
2269         (JSC::linkAndEvaluateModule):
2270         (JSC::evaluateModule): Deleted.
2271         * runtime/Completion.h:
2272         * runtime/JSGlobalObject.cpp:
2273         * runtime/JSGlobalObject.h:
2274         * runtime/JSModuleRecord.cpp:
2275         (JSC::JSModuleRecord::evaluate):
2276         (JSC::JSModuleRecord::execute): Deleted.
2277         * runtime/JSModuleRecord.h:
2278         * runtime/ModuleLoaderObject.cpp:
2279         (JSC::ModuleLoaderObject::loadAndEvaluateModule):
2280         (JSC::ModuleLoaderObject::linkAndEvaluateModule):
2281         (JSC::ModuleLoaderObject::evaluate):
2282         (JSC::moduleLoaderObjectEvaluate):
2283         * runtime/ModuleLoaderObject.h:
2284
2285 2015-09-17  Saam barati  <sbarati@apple.com>
2286
2287         Implement try/catch in the DFG.
2288         https://bugs.webkit.org/show_bug.cgi?id=147374
2289
2290         Reviewed by Filip Pizlo.
2291
2292         This patch implements try/catch inside the DFG JIT.
2293         It also prevents tier up to the FTL for any functions
2294         that have an op_catch in them that are DFG compiled.
2295
2296         This patch accomplishes implementing try/catch inside
2297         the DFG by OSR exiting to op_catch when an exception is thrown.
2298         We can OSR exit from an exception inside the DFG in two ways:
2299         1) We have a JS call (can also be via implicit getter/setter in GetById/PutById)
2300         2) We have an exception when returing from a callOperation
2301
2302         In the case of (1), we get to the OSR exit from genericUnwind because
2303         the exception was thrown in a child call frame. This means these
2304         OSR exits must act as defacto op_catches (even though we will still OSR
2305         exit to a baseline op_catch). That means they must restore the stack pointer
2306         and call frame.
2307
2308         In the case of (2), we can skip genericUnwind because we know the exception 
2309         check will take us to a particular OSR exit. Instead, we link these
2310         exception checks as jumps to a particular OSR exit.
2311
2312         Both types of OSR exits will exit into op_catch inside the baseline JIT.
2313         Because they exit to op_catch, these OSR exits must set callFrameForCatch
2314         to the proper call frame pointer.
2315
2316         We "handle" all exceptions inside the machine frame of the DFG code
2317         block. This means the machine code block is responsible for "catching"
2318         exceptions of any inlined frames' try/catch. OSR exit will then exit to 
2319         the proper baseline CodeBlock after reifying the inlined frames
2320         (DFG::OSRExit::m_codeOrigin corresponds to the op_catch we will exit to). 
2321         Also, genericUnwind will never consult an inlined call frame's CodeBlock to 
2322         see if they can catch the exception because they can't. We always unwind to the 
2323         next machine code block frame. The DFG CodeBlock changes how the exception 
2324         handler table is keyed: it is now keyed by CallSiteIndex for DFG code blocks. 
2325
2326         So, when consulting call sites that throw, we keep track of the CallSiteIndex,
2327         and the HandlerInfo for the corresponding baseline exception handler for
2328         that particular CallSiteIndex (if an exception at that call site will be caught). 
2329         Then, when we're inside DFG::JITCompiler::link(), we install new HandlerInfo's
2330         inside the DFG CodeBlock and key it by the corresponding CallSiteIndex.
2331         (The CodeBlock only has HandlerInfos for the OSR exits that are to be arrived
2332         at from genericUnwind).
2333
2334         Also, each OSR exit will know if it acting as an exception handler, and
2335         whether or not it will be arrived at from genericUnwind. When we know we 
2336         will arrive at an OSR exit from genericUnwind, we set the corresponding 
2337         HandlerInfo's nativeCode CodeLocationLabel field to be the OSR exit.
2338
2339         This patch also introduces a new Phase inside the DFG that ensures
2340         that DFG CodeBlocks that handle exceptions take the necessary
2341         steps to keep live variables at "op_catch" live according the
2342         OSR exit value recovery machinery. We accomplish this by flushing
2343         all live op_catch variables to the stack when inside a "try" block.
2344
2345         * CMakeLists.txt:
2346         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2347         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2348         * JavaScriptCore.xcodeproj/project.pbxproj:
2349         * bytecode/CodeBlock.cpp:
2350         (JSC::CodeBlock::handlerForBytecodeOffset):
2351         (JSC::CodeBlock::handlerForIndex):
2352         * bytecode/CodeBlock.h:
2353         (JSC::CodeBlock::clearExceptionHandlers):
2354         (JSC::CodeBlock::appendExceptionHandler):
2355         * bytecode/PreciseJumpTargets.cpp:
2356         (JSC::computePreciseJumpTargets):
2357         * dfg/DFGByteCodeParser.cpp:
2358         (JSC::DFG::ByteCodeParser::getLocal):
2359         (JSC::DFG::ByteCodeParser::setLocal):
2360         (JSC::DFG::ByteCodeParser::parseBlock):
2361         * dfg/DFGCapabilities.cpp:
2362         (JSC::DFG::capabilityLevel):
2363         * dfg/DFGCommonData.cpp:
2364         (JSC::DFG::CommonData::addCodeOrigin):
2365         (JSC::DFG::CommonData::lastCallSite):
2366         (JSC::DFG::CommonData::shrinkToFit):
2367         * dfg/DFGCommonData.h:
2368         * dfg/DFGGraph.h:
2369         * dfg/DFGJITCompiler.cpp:
2370         (JSC::DFG::JITCompiler::linkOSRExits):
2371         (JSC::DFG::JITCompiler::link):
2372         (JSC::DFG::JITCompiler::compile):
2373         (JSC::DFG::JITCompiler::noticeOSREntry):
2374         (JSC::DFG::JITCompiler::appendExceptionHandlingOSRExit):
2375         (JSC::DFG::JITCompiler::willCatchExceptionInMachineFrame):
2376         (JSC::DFG::JITCompiler::exceptionCheck):
2377         (JSC::DFG::JITCompiler::recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded):
2378         * dfg/DFGJITCompiler.h:
2379         (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
2380         (JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
2381         (JSC::DFG::JITCompiler::appendCall):
2382         (JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
2383         (JSC::DFG::JITCompiler::blockHeads):
2384         (JSC::DFG::JITCompiler::exceptionCheck): Deleted.
2385         * dfg/DFGLiveCatchVariablePreservationPhase.cpp: Added.
2386         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::FlushLiveCatchVariablesInsertionPhase):
2387         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::run):
2388         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::willCatchException):
2389         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::handleBlock):
2390         (JSC::DFG::FlushLiveCatchVariablesInsertionPhase::newVariableAccessData):
2391         (JSC::DFG::performLiveCatchVariablePreservationPhase):
2392         * dfg/DFGLiveCatchVariablePreservationPhase.h: Added.
2393         * dfg/DFGOSRExit.cpp:
2394         (JSC::DFG::OSRExit::OSRExit):
2395         (JSC::DFG::OSRExit::setPatchableCodeOffset):
2396         * dfg/DFGOSRExit.h:
2397         (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
2398         * dfg/DFGOSRExitCompiler.cpp:
2399         * dfg/DFGOSRExitCompiler32_64.cpp:
2400         (JSC::DFG::OSRExitCompiler::compileExit):
2401         * dfg/DFGOSRExitCompiler64.cpp:
2402         (JSC::DFG::OSRExitCompiler::compileExit):
2403         * dfg/DFGOSRExitCompilerCommon.cpp:
2404         (JSC::DFG::osrWriteBarrier):
2405         (JSC::DFG::adjustAndJumpToTarget):
2406         * dfg/DFGOSRExitCompilerCommon.h:
2407         * dfg/DFGPlan.cpp:
2408         (JSC::DFG::Plan::compileInThreadImpl):
2409         * dfg/DFGSlowPathGenerator.h:
2410         (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
2411         (JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
2412         (JSC::DFG::SlowPathGenerator::generate):
2413         * dfg/DFGSpeculativeJIT.h:
2414         * dfg/DFGSpeculativeJIT32_64.cpp:
2415         (JSC::DFG::SpeculativeJIT::cachedGetById):
2416         (JSC::DFG::SpeculativeJIT::cachedPutById):
2417         (JSC::DFG::SpeculativeJIT::emitCall):
2418         * dfg/DFGSpeculativeJIT64.cpp:
2419         (JSC::DFG::SpeculativeJIT::cachedGetById):
2420         (JSC::DFG::SpeculativeJIT::cachedPutById):
2421         (JSC::DFG::SpeculativeJIT::emitCall):
2422         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2423         (JSC::DFG::TierUpCheckInjectionPhase::run):
2424         * ftl/FTLOSRExitCompiler.cpp:
2425         (JSC::FTL::compileStub):
2426         * interpreter/Interpreter.cpp:
2427         (JSC::GetCatchHandlerFunctor::operator()):
2428         (JSC::UnwindFunctor::operator()):
2429         * interpreter/StackVisitor.cpp:
2430         (JSC::StackVisitor::gotoNextFrame):
2431         (JSC::StackVisitor::unwindToMachineCodeBlockFrame):
2432         (JSC::StackVisitor::readFrame):
2433         * interpreter/StackVisitor.h:
2434         (JSC::StackVisitor::operator*):
2435         (JSC::StackVisitor::operator->):
2436         * jit/AssemblyHelpers.cpp:
2437         (JSC::AssemblyHelpers::emitExceptionCheck):
2438         (JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
2439         (JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
2440         * jit/AssemblyHelpers.h:
2441         (JSC::AssemblyHelpers::emitCount):
2442         * jit/JITExceptions.cpp:
2443         (JSC::genericUnwind):
2444         * jit/JITOpcodes.cpp:
2445         (JSC::JIT::emit_op_catch):
2446         * jit/JITOpcodes32_64.cpp:
2447         (JSC::JIT::emit_op_catch):
2448         * llint/LowLevelInterpreter32_64.asm:
2449         * llint/LowLevelInterpreter64.asm:
2450         * runtime/VM.h:
2451         (JSC::VM::clearException):
2452         (JSC::VM::clearLastException):
2453         (JSC::VM::addressOfCallFrameForCatch):
2454         (JSC::VM::exception):
2455         (JSC::VM::addressOfException):
2456         * tests/stress/dfg-exception-try-catch-in-constructor-with-inlined-throw.js: Added.
2457         (f):
2458         (bar):
2459         (Foo):
2460         * tests/stress/es6-for-of-loop-exception.js: Added.
2461         (assert):
2462         (shouldThrowInvalidConstAssignment):
2463         (baz):
2464         (foo):
2465         * tests/stress/exception-dfg-inlined-frame-not-strict-equal.js: Added.
2466         (assert):
2467         (o.valueOf):
2468         (o.toString):
2469         (read):
2470         (bar):
2471         (foo):
2472         * tests/stress/exception-dfg-not-strict-equal.js: Added.
2473         (foo):
2474         (o.valueOf):
2475         (o.toString):
2476         (assert):
2477         (shouldDoSomethingInFinally):
2478         (catch):
2479         * tests/stress/exception-dfg-operation-read-value.js: Added.
2480         (assert):
2481         (o.valueOf):
2482         (o.toString):
2483         (read):
2484         (foo):
2485         * tests/stress/exception-dfg-throw-from-catch-block.js: Added.
2486         (assert):
2487         (baz):
2488         (bar):
2489         (foo):
2490
2491 2015-09-17  Filip Pizlo  <fpizlo@apple.com>
2492
2493         0.0 should really be 0.0
2494         https://bugs.webkit.org/show_bug.cgi?id=149283
2495
2496         Reviewed by Mark Lam.
2497
2498         A while ago (http://trac.webkit.org/changeset/180813) we introduced the idea that if the
2499         user wrote a number with a decimal point (like "0.0") then we should treat that number as
2500         a double. That's probably a pretty good idea. But, we ended up doing it inconsistently.
2501         The DFG would indeed treat such a number as a double by consulting the
2502         SourceCodeRepresentation, but the other execution engines would still see Int32:0.
2503
2504         This patch makes it consistent.
2505
2506         This is necessary for property type inference to perform well. Otherwise, a store of a
2507         constant would change type from the baseline engine to the DFG, which would then cause
2508         a storm of property type invalidations and recompilations.
2509
2510         * bytecompiler/BytecodeGenerator.cpp:
2511         (JSC::BytecodeGenerator::addConstantValue):
2512
2513 2015-09-17  Filip Pizlo  <fpizlo@apple.com>
2514
2515         stress/exit-from-getter.js.ftl-eager occasionally traps in debug
2516         https://bugs.webkit.org/show_bug.cgi?id=149096
2517
2518         Reviewed by Geoffrey Garen.
2519
2520         JS calls to getters/setters in get/put inline caches need to reset SP after the call, as our
2521         calling convention requires.
2522
2523         * bytecode/PolymorphicAccess.cpp:
2524         (JSC::AccessCase::generate): Fix the bug.
2525         * ftl/FTLLink.cpp:
2526         (JSC::FTL::link): Adds some verbiage about why the FTL stack offset logic is correct.
2527         * tests/stress/getter-arity.js: Added. Other tests would flaky crash before the patch. This test instacrashes before the patch.
2528
2529 2015-09-17  Saam barati  <sbarati@apple.com>
2530
2531         Interpreter::unwind() shouldn't be responsible for filtering out uncatchable exceptions
2532         https://bugs.webkit.org/show_bug.cgi?id=149228
2533
2534         Reviewed by Mark Lam.
2535
2536         op_catch is now responsible for filtering exceptions that
2537         aren't catchable. When op_catch encounters an uncatchable
2538         exception, it will call back into genericUnwind and throw
2539         the exception further down the call stack. This is necessary
2540         in a later patch that will implement exception handling
2541         in the DFG, and part of that patch includes exception
2542         handling that doesn't go through genericUnwind. The DFG try/catch
2543         patch will not go through genericUnwind when it knows that
2544         an exception check after a callOperation will be caught inside the 
2545         machine frame or any inlined frames. This patch enables that 
2546         patch by destroying the notion that all exception handling must 
2547         filter through genericUnwind.
2548
2549         This patch maintains compatibility with the debugger and
2550         profiler by ensuring we notify the debugger when an
2551         exception is thrown inside VM::throwException and not
2552         in genericUnwind. It also notifies the profiler that we've
2553         potentially changed call frames inside op_catch.
2554
2555         * debugger/Debugger.cpp:
2556         (JSC::Debugger::pauseIfNeeded):
2557         * interpreter/Interpreter.cpp:
2558         (JSC::unwindCallFrame):
2559         (JSC::getStackFrameCodeType):
2560         (JSC::UnwindFunctor::operator()):
2561         (JSC::Interpreter::unwind):
2562         (JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
2563         (JSC::checkedReturn):
2564         * interpreter/Interpreter.h:
2565         (JSC::SuspendExceptionScope::SuspendExceptionScope):
2566         (JSC::SuspendExceptionScope::~SuspendExceptionScope):
2567         (JSC::Interpreter::sampler):
2568         * jit/JIT.h:
2569         * jit/JITInlines.h:
2570         (JSC::JIT::callOperation):
2571         (JSC::JIT::callOperationNoExceptionCheck):
2572         * jit/JITOpcodes.cpp:
2573         (JSC::JIT::emit_op_catch):
2574         * jit/JITOpcodes32_64.cpp:
2575         (JSC::JIT::emit_op_catch):
2576         * jit/JITOperations.cpp:
2577         * jit/JITOperations.h:
2578         * llint/LLIntSlowPaths.cpp:
2579         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2580         (JSC::LLInt::llint_throw_stack_overflow_error):
2581         * llint/LLIntSlowPaths.h:
2582         * llint/LowLevelInterpreter32_64.asm:
2583         * llint/LowLevelInterpreter64.asm:
2584         * runtime/ExceptionHelpers.cpp:
2585         (JSC::isTerminatedExecutionException):
2586         * runtime/VM.cpp:
2587         (JSC::VM::throwException):
2588         * runtime/VM.h:
2589         (JSC::VM::targetMachinePCForThrowOffset):
2590         (JSC::VM::restorePreviousException):
2591         (JSC::VM::clearException):
2592         (JSC::VM::clearLastException):
2593         (JSC::VM::exception):
2594         (JSC::VM::addressOfException):
2595         (JSC::VM::setException):
2596
2597 2015-09-17  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2598
2599         Calling a float function on x86 in WebAssembly incorrectly returns a double
2600         https://bugs.webkit.org/show_bug.cgi?id=149254
2601
2602         Reviewed by Michael Saboff.
2603
2604         In WebAssembly on x86 (32-bit), when we call a function that returns a
2605         float or a double, we use the FSTP instruction to read the return value
2606         from the FPU register stack. The FSTP instruction converts the value to
2607         single-precision or double-precision floating-point format, depending on
2608         the destination operand. Currently, we always use double as the
2609         destination, which is wrong. This patch uses the correct return type.
2610         This should fix the test errors in tests/stress/wasm-arithmetic-float32.js
2611
2612         * assembler/X86Assembler.h:
2613         (JSC::X86Assembler::fstps):
2614         * wasm/WASMFunctionCompiler.h:
2615         (JSC::WASMFunctionCompiler::appendCallSetResult):
2616         (JSC::WASMFunctionCompiler::callOperation):
2617
2618 2015-09-17  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2619
2620         Save and restore callee save registers in WebAssembly
2621         https://bugs.webkit.org/show_bug.cgi?id=149247
2622
2623         Reviewed by Michael Saboff.
2624
2625         Save callee save registers when entering WebAssembly functions
2626         and restore them when returning.
2627
2628         * jit/RegisterSet.cpp:
2629         (JSC::RegisterSet::webAssemblyCalleeSaveRegisters):
2630         * jit/RegisterSet.h:
2631         * wasm/WASMFunctionCompiler.h:
2632         (JSC::WASMFunctionCompiler::startFunction):
2633         (JSC::WASMFunctionCompiler::endFunction):
2634         (JSC::WASMFunctionCompiler::buildReturn):
2635         (JSC::WASMFunctionCompiler::localAddress):
2636         (JSC::WASMFunctionCompiler::temporaryAddress):
2637         (JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
2638         (JSC::WASMFunctionCompiler::callAndUnboxResult):
2639
2640 2015-09-16  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2641
2642         Implement indirect calls in WebAssembly
2643         https://bugs.webkit.org/show_bug.cgi?id=149100
2644
2645         Reviewed by Geoffrey Garen.
2646
2647         This patch implement indirect calls for WebAssembly files generated by
2648         pack-asmjs <https://github.com/WebAssembly/polyfill-prototype-1>.
2649         pack-asmjs uses the same indirect call model as asm.js. In asm.js, an
2650         indirect call looks like this:
2651             t[i & n](...)
2652         where t is a variable referring to an array of functions with the same
2653         signature, i is an integer expression, n is an integer that is equal to
2654         (t.length - 1), and t.length is a power of two. pack-asmjs does not
2655         use the '&' operator nor n in the WebAssembly output, but the semantics
2656         is still the same as asm.js.
2657
2658         * tests/stress/wasm-calls.js:
2659         * tests/stress/wasm/calls.wasm:
2660         * wasm/WASMFormat.h:
2661         * wasm/WASMFunctionCompiler.h:
2662         (JSC::WASMFunctionCompiler::buildCallIndirect):
2663         * wasm/WASMFunctionParser.cpp:
2664         (JSC::WASMFunctionParser::parseExpressionI32):
2665         (JSC::WASMFunctionParser::parseExpressionF32):
2666         (JSC::WASMFunctionParser::parseExpressionF64):
2667         (JSC::WASMFunctionParser::parseCallIndirect):
2668         * wasm/WASMFunctionParser.h:
2669         * wasm/WASMFunctionSyntaxChecker.h:
2670         (JSC::WASMFunctionSyntaxChecker::buildCallIndirect):
2671         * wasm/WASMModuleParser.cpp:
2672         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
2673         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
2674
2675 2015-09-16  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2676
2677         Fix 32-bit build issues in WebAssembly
2678         https://bugs.webkit.org/show_bug.cgi?id=149240
2679
2680         Reviewed by Geoffrey Garen.
2681
2682         Fix the syntax error and replace the instructions that are not available on
2683         64-bit platforms.
2684
2685         * wasm/WASMFunctionCompiler.h:
2686         (JSC::WASMFunctionCompiler::startFunction):
2687         (JSC::WASMFunctionCompiler::endFunction):
2688         (JSC::WASMFunctionCompiler::buildReturn):
2689         (JSC::WASMFunctionCompiler::callAndUnboxResult):
2690         (JSC::WASMFunctionCompiler::loadValueAndConvertToDouble):
2691
2692 2015-09-16  Geoffrey Garen  <ggaren@apple.com>
2693
2694         JavaScriptCore should discard baseline code after some time
2695         https://bugs.webkit.org/show_bug.cgi?id=149220
2696
2697         Reviewed by Saam Barati.
2698
2699         This is a bit more complicated than discarding optimized code because
2700         the engine previously assumed that we would never discard baseline code.
2701
2702         * bytecode/CodeBlock.cpp:
2703         (JSC::CodeBlock::CodeBlock): Record creation time (and compute time since
2704         creation) instead of install time because CodeBlocks can be installed
2705         more than once, and we don't want to have to worry about edge cases
2706         created by CodeBlocks seeming to get younger.
2707
2708         (JSC::CodeBlock::visitAggregate): Be explicit about only doing the 
2709         weak reference fixpoint for optimized CodeBlocks. We used to avoid the
2710         fixpoint for baseline CodeBlocks implicitly, since they would always
2711         visit themselves strongly right away. But now baseline CodeBlocks might
2712         not visit themselves strongly, since they might choose to jettison due
2713         to old age.
2714
2715         (JSC::CodeBlock::shouldVisitStrongly): Add old age as a reason not to
2716         visit ourselves strongly, so that baseline CodeBlocks can jettison due
2717         to old age.
2718
2719         (JSC::CodeBlock::shouldJettisonDueToWeakReference): Be explicit about
2720         only jettisoning optimized CodeBlocks due to weak references so that we
2721         don't confuse ourselves into thinking that we will jettison a baseline
2722         CodeBlock due to weak references.
2723
2724         (JSC::CodeBlock::shouldJettisonDueToOldAge): Updated to use creation time.
2725
2726         (JSC::CodeBlock::visitOSRExitTargets): Clarify a comment and add an
2727         ASSERT to help record some things I discovered while debugging.
2728
2729         (JSC::CodeBlock::jettison): Allow a baseline CodeBlock to jettison. Don't
2730         assume that we have an alternative or a profiler.
2731
2732         (JSC::CodeBlock::install): Deleted.
2733         * bytecode/CodeBlock.h:
2734         (JSC::CodeBlock::releaseAlternative): Deleted.
2735         (JSC::CodeBlock::setInstallTime): Deleted.
2736         (JSC::CodeBlock::timeSinceInstall): Deleted.
2737
2738         * dfg/DFGOSRExitPreparation.cpp:
2739         (JSC::DFG::prepareCodeOriginForOSRExit): Simplified the computation of
2740         baseline CodeBlock.
2741
2742         * dfg/DFGPlan.cpp:
2743         (JSC::DFG::Plan::checkLivenessAndVisitChildren): Be sure to strongly
2744         visit our inline callframes because we assume that an optimized CodeBlock
2745         will keep its OSR exit targets alive, but the CodeBlock object won't be
2746         able to mark them for itself until compilation has completed (since it
2747         won't have a JITCode object yet).
2748
2749         * dfg/DFGToFTLDeferredCompilationCallback.cpp:
2750         (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
2751         Updated for interface change.
2752
2753         * jit/JITCode.h:
2754         (JSC::JITCode::timeToLive): Provide a time to live for interpreter and
2755         baseline code, so they will jettison when old. Use seconds in our
2756         code so that we don't need comments. Make DFG 2X interpreter+baseline,
2757         and FTL 2X DFG+interpreter+baseline, also matching the time we allot
2758         before throwing away all code.
2759
2760         * jit/JITToDFGDeferredCompilationCallback.cpp:
2761         (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete):
2762         * llint/LLIntSlowPaths.cpp:
2763         (JSC::LLInt::jitCompileAndSetHeuristics): Updated for interface change.
2764
2765         * runtime/Executable.cpp:
2766         (JSC::ScriptExecutable::installCode): Allow our caller to install nullptr,
2767         since we need to do this when jettisoning a baseline CodeBlock. Require
2768         our caller to specify the details of the installation because we can't
2769         rely on a non-null CodeBlock in order to compute them.
2770
2771         (JSC::ScriptExecutable::newCodeBlockFor):
2772         (JSC::ScriptExecutable::prepareForExecutionImpl):
2773         * runtime/Executable.h:
2774         (JSC::ScriptExecutable::recordParse): Updated for interface change.
2775
2776         * runtime/Options.h: Renamed the CodeBlock liveness option since it now
2777         controls baseline and optimized code.
2778
2779 2015-09-16  Geoffrey Garen  <ggaren@apple.com>
2780
2781         Remove obsolete code for deleting CodeBlocks
2782         https://bugs.webkit.org/show_bug.cgi?id=149231
2783
2784         Reviewed by Mark Lam.
2785
2786         * heap/Heap.cpp:
2787         (JSC::Heap::deleteAllCodeBlocks): ASSERT that we're called in a valid
2788         state, and do the compiler waiting ourselves instead of having our
2789         caller do it. This is more appropriate to our new limited use.
2790
2791         (JSC::Heap::collectImpl):
2792         (JSC::Heap::deleteOldCode): Deleted. Don't call deleteAllCodeBlocks
2793         periodically because it's not such a good idea to delete everything
2794         at once, and CodeBlocks now have a more precise individual policy for
2795         when to delete. Also, this function used to fail all or nearly all of
2796         the time because its invariants that we were not executing or compiling
2797         could not be met.
2798
2799         * heap/Heap.h:
2800
2801         * jsc.cpp:
2802         (GlobalObject::finishCreation):
2803         (functionDeleteAllCompiledCode): Deleted.
2804         * tests/stress/deleteAllCompiledCode.js: Removed. Removed this testing
2805         code because it did not do what it thought it did. All of this code
2806         was guaranteed to no-op since it would run JavaScript to call a function
2807         that would return early because JavaScript was running.
2808
2809         * runtime/VM.cpp:
2810         (JSC::VM::deleteAllCode): This code is simpler now becaue 
2811         heap.deleteAllCodeBlocks does some work for us.
2812
2813         * runtime/VMEntryScope.cpp:
2814         (JSC::VMEntryScope::VMEntryScope): Don't delete code on VM entry. This
2815         policy was old, and it dated back to a time when we 
2816
2817             (a) couldn't run in the interpreter if compilation failed;
2818
2819             (b) didn't reduce the rate of compilation in response to executable
2820             memory pressure;
2821
2822             (c) didn't throw away individual CodeBlocks automatically.
2823
2824 2015-09-16  Michael Saboff  <msaboff@apple.com>
2825
2826         [ES6] Implement tail calls in the LLInt and Baseline JIT
2827         https://bugs.webkit.org/show_bug.cgi?id=148661
2828
2829         Fix for the breakage of Speedometer/Full.html (https://bugs.webkit.org/show_bug.cgi?id=149162).
2830
2831         Reviewed by Filip Pizlo.
2832         Changed SetupVarargsFrame.cpp::emitSetVarargsFrame to align the callframe size to be a
2833         multiple of stackAlignmentRegisters() in addition to the location of the new frame.
2834
2835         Fixed Reviewed by Filip Pizlo.
2836
2837         * CMakeLists.txt:
2838         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2839         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2840         * JavaScriptCore.xcodeproj/project.pbxproj:
2841         * assembler/AbortReason.h:
2842         * assembler/AbstractMacroAssembler.h:
2843         (JSC::AbstractMacroAssembler::Call::Call):
2844         (JSC::AbstractMacroAssembler::repatchNearCall):
2845         (JSC::AbstractMacroAssembler::repatchCompact):
2846         * assembler/CodeLocation.h:
2847         (JSC::CodeLocationNearCall::CodeLocationNearCall):
2848         (JSC::CodeLocationNearCall::callMode):
2849         (JSC::CodeLocationCommon::callAtOffset):
2850         (JSC::CodeLocationCommon::nearCallAtOffset):
2851         (JSC::CodeLocationCommon::dataLabelPtrAtOffset):
2852         * assembler/LinkBuffer.h:
2853         (JSC::LinkBuffer::locationOfNearCall):
2854         (JSC::LinkBuffer::locationOf):
2855         * assembler/MacroAssemblerARM.h:
2856         (JSC::MacroAssemblerARM::nearCall):
2857         (JSC::MacroAssemblerARM::nearTailCall):
2858         (JSC::MacroAssemblerARM::call):
2859         (JSC::MacroAssemblerARM::linkCall):
2860         * assembler/MacroAssemblerARM64.h:
2861         (JSC::MacroAssemblerARM64::nearCall):
2862         (JSC::MacroAssemblerARM64::nearTailCall):
2863         (JSC::MacroAssemblerARM64::ret):
2864         (JSC::MacroAssemblerARM64::linkCall):
2865         * assembler/MacroAssemblerARMv7.h:
2866         (JSC::MacroAssemblerARMv7::nearCall):
2867         (JSC::MacroAssemblerARMv7::nearTailCall):
2868         (JSC::MacroAssemblerARMv7::call):
2869         (JSC::MacroAssemblerARMv7::linkCall):
2870         * assembler/MacroAssemblerMIPS.h:
2871         (JSC::MacroAssemblerMIPS::nearCall):
2872         (JSC::MacroAssemblerMIPS::nearTailCall):
2873         (JSC::MacroAssemblerMIPS::call):
2874         (JSC::MacroAssemblerMIPS::linkCall):
2875         (JSC::MacroAssemblerMIPS::repatchCall):
2876         * assembler/MacroAssemblerSH4.h:
2877         (JSC::MacroAssemblerSH4::call):
2878         (JSC::MacroAssemblerSH4::nearTailCall):
2879         (JSC::MacroAssemblerSH4::nearCall):
2880         (JSC::MacroAssemblerSH4::linkCall):
2881         (JSC::MacroAssemblerSH4::repatchCall):
2882         * assembler/MacroAssemblerX86.h:
2883         (JSC::MacroAssemblerX86::linkCall):
2884         * assembler/MacroAssemblerX86Common.h:
2885         (JSC::MacroAssemblerX86Common::breakpoint):
2886         (JSC::MacroAssemblerX86Common::nearTailCall):
2887         (JSC::MacroAssemblerX86Common::nearCall):
2888         * assembler/MacroAssemblerX86_64.h:
2889         (JSC::MacroAssemblerX86_64::linkCall):
2890         * bytecode/BytecodeList.json:
2891         * bytecode/BytecodeUseDef.h:
2892         (JSC::computeUsesForBytecodeOffset):
2893         (JSC::computeDefsForBytecodeOffset):
2894         * bytecode/CallLinkInfo.h:
2895         (JSC::CallLinkInfo::callTypeFor):
2896         (JSC::CallLinkInfo::isVarargsCallType):
2897         (JSC::CallLinkInfo::CallLinkInfo):
2898         (JSC::CallLinkInfo::specializationKind):
2899         (JSC::CallLinkInfo::callModeFor):
2900         (JSC::CallLinkInfo::callMode):
2901         (JSC::CallLinkInfo::isTailCall):
2902         (JSC::CallLinkInfo::isVarargs):
2903         (JSC::CallLinkInfo::registerPreservationMode):
2904         * bytecode/CallLinkStatus.cpp:
2905         (JSC::CallLinkStatus::computeFromLLInt):
2906         * bytecode/CodeBlock.cpp:
2907         (JSC::CodeBlock::dumpBytecode):
2908         (JSC::CodeBlock::CodeBlock):
2909         * bytecompiler/BytecodeGenerator.cpp:
2910         (JSC::BytecodeGenerator::BytecodeGenerator):
2911         (JSC::BytecodeGenerator::emitCallInTailPosition):
2912         (JSC::BytecodeGenerator::emitCallEval):
2913         (JSC::BytecodeGenerator::emitCall):
2914         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
2915         (JSC::BytecodeGenerator::emitConstructVarargs):
2916         * bytecompiler/NodesCodegen.cpp:
2917         (JSC::CallArguments::CallArguments):
2918         (JSC::LabelNode::emitBytecode):
2919         * dfg/DFGByteCodeParser.cpp:
2920         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
2921         * ftl/FTLLowerDFGToLLVM.cpp:
2922         (JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):
2923         * interpreter/Interpreter.h:
2924         (JSC::Interpreter::isCallBytecode):
2925         (JSC::calleeFrameForVarargs):
2926         * jit/CCallHelpers.h:
2927         (JSC::CCallHelpers::jumpToExceptionHandler):
2928         (JSC::CCallHelpers::prepareForTailCallSlow):
2929         * jit/JIT.cpp:
2930         (JSC::JIT::privateCompileMainPass):
2931         (JSC::JIT::privateCompileSlowCases):
2932         * jit/JIT.h:
2933         * jit/JITCall.cpp:
2934         (JSC::JIT::compileOpCall):
2935         (JSC::JIT::compileOpCallSlowCase):
2936         (JSC::JIT::emit_op_call):
2937         (JSC::JIT::emit_op_tail_call):
2938         (JSC::JIT::emit_op_call_eval):
2939         (JSC::JIT::emit_op_call_varargs):
2940         (JSC::JIT::emit_op_tail_call_varargs):
2941         (JSC::JIT::emit_op_construct_varargs):
2942         (JSC::JIT::emitSlow_op_call):
2943         (JSC::JIT::emitSlow_op_tail_call):
2944         (JSC::JIT::emitSlow_op_call_eval):
2945         (JSC::JIT::emitSlow_op_call_varargs):
2946         (JSC::JIT::emitSlow_op_tail_call_varargs):
2947         (JSC::JIT::emitSlow_op_construct_varargs):
2948         * jit/JITCall32_64.cpp:
2949         (JSC::JIT::emitSlow_op_call):
2950         (JSC::JIT::emitSlow_op_tail_call):
2951         (JSC::JIT::emitSlow_op_call_eval):
2952         (JSC::JIT::emitSlow_op_call_varargs):
2953         (JSC::JIT::emitSlow_op_tail_call_varargs):
2954         (JSC::JIT::emitSlow_op_construct_varargs):
2955         (JSC::JIT::emit_op_call):
2956         (JSC::JIT::emit_op_tail_call):
2957         (JSC::JIT::emit_op_call_eval):
2958         (JSC::JIT::emit_op_call_varargs):
2959         (JSC::JIT::emit_op_tail_call_varargs):
2960         (JSC::JIT::emit_op_construct_varargs):
2961         (JSC::JIT::compileOpCall):
2962         (JSC::JIT::compileOpCallSlowCase):
2963         * jit/JITInlines.h:
2964         (JSC::JIT::emitNakedCall):
2965         (JSC::JIT::emitNakedTailCall):
2966         (JSC::JIT::updateTopCallFrame):
2967         * jit/JITOperations.cpp:
2968         * jit/JITOperations.h:
2969         * jit/Repatch.cpp:
2970         (JSC::linkVirtualFor):
2971         (JSC::linkPolymorphicCall):
2972         * jit/SetupVarargsFrame.cpp:
2973         (JSC::emitSetVarargsFrame):
2974         * jit/ThunkGenerators.cpp:
2975         (JSC::throwExceptionFromCallSlowPathGenerator):
2976         (JSC::slowPathFor):
2977         (JSC::linkCallThunkGenerator):
2978         (JSC::virtualThunkFor):
2979         (JSC::arityFixupGenerator):
2980         (JSC::unreachableGenerator):
2981         (JSC::baselineGetterReturnThunkGenerator):
2982         * jit/ThunkGenerators.h:
2983         * llint/LowLevelInterpreter.asm:
2984         * llint/LowLevelInterpreter32_64.asm:
2985         * llint/LowLevelInterpreter64.asm:
2986         * runtime/CommonSlowPaths.h:
2987         (JSC::CommonSlowPaths::arityCheckFor):
2988         (JSC::CommonSlowPaths::opIn):
2989
2990 2015-09-15  Michael Saboff  <msaboff@apple.com>
2991
2992         Rollout r189774 and 189818.
2993
2994         Broke Speedometer/Full.html
2995
2996         Not reviewed.
2997
2998         * CMakeLists.txt:
2999         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3000         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3001         * JavaScriptCore.xcodeproj/project.pbxproj:
3002         * assembler/AbortReason.h:
3003         * assembler/AbstractMacroAssembler.h:
3004         (JSC::AbstractMacroAssembler::Call::Call):
3005         (JSC::AbstractMacroAssembler::repatchNearCall):
3006         (JSC::AbstractMacroAssembler::repatchCompact):
3007         * assembler/CodeLocation.h:
3008         (JSC::CodeLocationNearCall::CodeLocationNearCall):
3009         (JSC::CodeLocationCommon::callAtOffset):
3010         (JSC::CodeLocationCommon::nearCallAtOffset):
3011         (JSC::CodeLocationCommon::dataLabelPtrAtOffset):
3012         (JSC::CodeLocationNearCall::callMode): Deleted.
3013         * assembler/LinkBuffer.h:
3014         (JSC::LinkBuffer::locationOfNearCall):
3015         (JSC::LinkBuffer::locationOf):
3016         * assembler/MacroAssemblerARM.h:
3017         (JSC::MacroAssemblerARM::nearCall):
3018         (JSC::MacroAssemblerARM::call):
3019         (JSC::MacroAssemblerARM::linkCall):
3020         (JSC::MacroAssemblerARM::nearTailCall): Deleted.
3021         * assembler/MacroAssemblerARM64.h:
3022         (JSC::MacroAssemblerARM64::nearCall):
3023         (JSC::MacroAssemblerARM64::ret):
3024         (JSC::MacroAssemblerARM64::linkCall):
3025         (JSC::MacroAssemblerARM64::nearTailCall): Deleted.
3026         * assembler/MacroAssemblerARMv7.h:
3027         (JSC::MacroAssemblerARMv7::nearCall):
3028         (JSC::MacroAssemblerARMv7::call):
3029         (JSC::MacroAssemblerARMv7::linkCall):
3030         (JSC::MacroAssemblerARMv7::nearTailCall): Deleted.
3031         * assembler/MacroAssemblerMIPS.h:
3032         (JSC::MacroAssemblerMIPS::nearCall):
3033         (JSC::MacroAssemblerMIPS::call):
3034         (JSC::MacroAssemblerMIPS::linkCall):
3035         (JSC::MacroAssemblerMIPS::repatchCall):
3036         (JSC::MacroAssemblerMIPS::nearTailCall): Deleted.
3037         * assembler/MacroAssemblerSH4.h:
3038         (JSC::MacroAssemblerSH4::call):
3039         (JSC::MacroAssemblerSH4::nearCall):
3040         (JSC::MacroAssemblerSH4::linkCall):
3041         (JSC::MacroAssemblerSH4::repatchCall):
3042         (JSC::MacroAssemblerSH4::nearTailCall): Deleted.
3043         * assembler/MacroAssemblerX86.h:
3044         (JSC::MacroAssemblerX86::linkCall):
3045         * assembler/MacroAssemblerX86Common.h:
3046         (JSC::MacroAssemblerX86Common::breakpoint):
3047         (JSC::MacroAssemblerX86Common::nearCall):
3048         (JSC::MacroAssemblerX86Common::nearTailCall): Deleted.
3049         * assembler/MacroAssemblerX86_64.h:
3050         (JSC::MacroAssemblerX86_64::linkCall):
3051         * bytecode/BytecodeList.json:
3052         * bytecode/BytecodeUseDef.h:
3053         (JSC::computeUsesForBytecodeOffset):
3054         (JSC::computeDefsForBytecodeOffset):
3055         * bytecode/CallLinkInfo.h:
3056         (JSC::CallLinkInfo::callTypeFor):
3057         (JSC::CallLinkInfo::CallLinkInfo):
3058         (JSC::CallLinkInfo::specializationKind):
3059         (JSC::CallLinkInfo::registerPreservationMode):
3060         (JSC::CallLinkInfo::isVarargsCallType): Deleted.
3061         (JSC::CallLinkInfo::callModeFor): Deleted.
3062         (JSC::CallLinkInfo::callMode): Deleted.
3063         (JSC::CallLinkInfo::isTailCall): Deleted.
3064         (JSC::CallLinkInfo::isVarargs): Deleted.
3065         * bytecode/CallLinkStatus.cpp:
3066         (JSC::CallLinkStatus::computeFromLLInt):
3067         * bytecode/CodeBlock.cpp:
3068         (JSC::CodeBlock::dumpBytecode):
3069         (JSC::CodeBlock::CodeBlock):
3070         * bytecompiler/BytecodeGenerator.cpp:
3071         (JSC::BytecodeGenerator::BytecodeGenerator):
3072         (JSC::BytecodeGenerator::emitCallInTailPosition):
3073         (JSC::BytecodeGenerator::emitCallEval):
3074         (JSC::BytecodeGenerator::emitCall):
3075         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
3076         (JSC::BytecodeGenerator::emitConstructVarargs):
3077         * bytecompiler/NodesCodegen.cpp:
3078         (JSC::CallArguments::CallArguments):
3079         (JSC::LabelNode::emitBytecode):
3080         * dfg/DFGByteCodeParser.cpp:
3081         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
3082         * ftl/FTLLowerDFGToLLVM.cpp:
3083         (JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):
3084         * interpreter/Interpreter.h:
3085         (JSC::Interpreter::isCallBytecode):
3086         * jit/CCallHelpers.h:
3087         (JSC::CCallHelpers::jumpToExceptionHandler):
3088         (JSC::CCallHelpers::prepareForTailCallSlow): Deleted.
3089         * jit/JIT.cpp:
3090         (JSC::JIT::privateCompileMainPass):
3091         (JSC::JIT::privateCompileSlowCases):
3092         * jit/JIT.h:
3093         * jit/JITCall.cpp:
3094         (JSC::JIT::compileOpCall):
3095         (JSC::JIT::compileOpCallSlowCase):
3096         (JSC::JIT::emit_op_call):
3097         (JSC::JIT::emit_op_call_eval):
3098         (JSC::JIT::emit_op_call_varargs):
3099         (JSC::JIT::emit_op_construct_varargs):
3100         (JSC::JIT::emitSlow_op_call):
3101         (JSC::JIT::emitSlow_op_call_eval):
3102         (JSC::JIT::emitSlow_op_call_varargs):
3103         (JSC::JIT::emitSlow_op_construct_varargs):
3104         (JSC::JIT::emit_op_tail_call): Deleted.
3105         (JSC::JIT::emit_op_tail_call_varargs): Deleted.
3106         (JSC::JIT::emitSlow_op_tail_call): Deleted.
3107         (JSC::JIT::emitSlow_op_tail_call_varargs): Deleted.
3108         * jit/JITCall32_64.cpp:
3109         (JSC::JIT::emitSlow_op_call):
3110         (JSC::JIT::emitSlow_op_call_eval):
3111         (JSC::JIT::emitSlow_op_call_varargs):
3112         (JSC::JIT::emitSlow_op_construct_varargs):
3113         (JSC::JIT::emit_op_call):
3114         (JSC::JIT::emit_op_call_eval):
3115         (JSC::JIT::emit_op_call_varargs):
3116         (JSC::JIT::emit_op_construct_varargs):
3117         (JSC::JIT::compileOpCall):
3118         (JSC::JIT::compileOpCallSlowCase):
3119         (JSC::JIT::emitSlow_op_tail_call): Deleted.
3120         (JSC::JIT::emitSlow_op_tail_call_varargs): Deleted.
3121         (JSC::JIT::emit_op_tail_call): Deleted.
3122         (JSC::JIT::emit_op_tail_call_varargs): Deleted.
3123         * jit/JITInlines.h:
3124         (JSC::JIT::emitNakedCall):
3125         (JSC::JIT::updateTopCallFrame):
3126         (JSC::JIT::emitNakedTailCall): Deleted.
3127         * jit/JITOperations.cpp:
3128         * jit/JITOperations.h:
3129         * jit/Repatch.cpp:
3130         (JSC::linkVirtualFor):
3131         (JSC::linkPolymorphicCall):
3132         * jit/ThunkGenerators.cpp:
3133         (JSC::throwExceptionFromCallSlowPathGenerator):
3134         (JSC::slowPathFor):
3135         (JSC::linkCallThunkGenerator):
3136         (JSC::virtualThunkFor):
3137         (JSC::arityFixupGenerator):
3138         (JSC::baselineGetterReturnThunkGenerator):
3139         (JSC::unreachableGenerator): Deleted.
3140         * jit/ThunkGenerators.h:
3141         * llint/LowLevelInterpreter.asm:
3142         * llint/LowLevelInterpreter32_64.asm:
3143         * llint/LowLevelInterpreter64.asm:
3144         * runtime/CommonSlowPaths.h:
3145         (JSC::CommonSlowPaths::arityCheckFor):
3146         (JSC::CommonSlowPaths::opIn):
3147         * tests/stress/mutual-tail-call-no-stack-overflow.js: Removed.
3148         * tests/stress/tail-call-no-stack-overflow.js: Removed.
3149         * tests/stress/tail-call-recognize.js: Removed.
3150         * tests/stress/tail-call-varargs-no-stack-overflow.js: Removed.
3151         * tests/stress/tail-calls-dont-overwrite-live-stack.js: Removed.
3152
3153 2015-09-15  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3154
3155         Implement imported global variables in WebAssembly
3156         https://bugs.webkit.org/show_bug.cgi?id=149206
3157
3158         Reviewed by Filip Pizlo.
3159
3160         Values can now be imported to a WebAssembly module through properties of
3161         the imports object that is passed to loadWebAssembly(). In order to
3162         avoid any side effect when accessing the imports object, we check that
3163         the properties are data properties. We also check that each value is a
3164         primitive and is not a Symbol. According to the ECMA262 6.0 spec,
3165         calling ToNumber() on a primitive that is not a Symbol should not cause
3166         any side effect.[1]
3167
3168         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-tonumber
3169
3170         * tests/stress/wasm-globals.js:
3171         * tests/stress/wasm/globals.wasm:
3172         * wasm/WASMModuleParser.cpp:
3173         (JSC::WASMModuleParser::parseModule):
3174         (JSC::WASMModuleParser::parseGlobalSection):
3175         * wasm/WASMModuleParser.h:
3176
3177 2015-09-15  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3178
3179         Fix asm.js errors in WebAssembly tests
3180         https://bugs.webkit.org/show_bug.cgi?id=149203
3181
3182         Reviewed by Geoffrey Garen.
3183
3184         Our WebAssembly implementation uses asm.js for testing. Using Firefox to
3185         parse asm.js reveals many errors that are not caught by pack-asmjs. For
3186         example,
3187         - asm.js does not allow the use of the multiplication operator (*) to
3188           multiply two integers, because the result can be so large that some
3189           lower bits of precision are lost. Math.imul is used instead.
3190         - an int variable must be coerced to either signed (via x|0) or unsigned
3191           (via x>>>0) before it's returned.
3192
3193         * tests/stress/wasm-arithmetic-int32.js:
3194         * tests/stress/wasm-calls.js:
3195         * tests/stress/wasm-control-flow.js:
3196         * tests/stress/wasm-globals.js:
3197         * tests/stress/wasm-locals.js:
3198         * tests/stress/wasm-relational.js:
3199         * tests/stress/wasm/control-flow.wasm:
3200
3201 2015-09-15  Ryosuke Niwa  <rniwa@webkit.org>
3202
3203         Add ShadowRoot interface and Element.prototype.attachShadow
3204         https://bugs.webkit.org/show_bug.cgi?id=149187
3205
3206         Reviewed by Antti Koivisto.
3207
3208         * Configurations/FeatureDefines.xcconfig:
3209
3210 2015-09-15  Joseph Pecoraro  <pecoraro@apple.com>
3211
3212         Web Inspector: Paused Debugger prevents page reload
3213         https://bugs.webkit.org/show_bug.cgi?id=148174
3214
3215         Reviewed by Brian Burg.
3216
3217         * debugger/Debugger.h:
3218         (JSC::Debugger::suppressAllPauses):
3219         (JSC::Debugger::setSuppressAllPauses):
3220         * debugger/Debugger.cpp:
3221         (JSC::Debugger::Debugger):
3222         (JSC::Debugger::pauseIfNeeded):
3223         * inspector/agents/InspectorDebuggerAgent.h:
3224         * inspector/agents/InspectorDebuggerAgent.cpp:
3225         (Inspector::InspectorDebuggerAgent::setSuppressAllPauses):
3226         Provide a way to suppress pauses.
3227
3228 2015-09-15  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3229
3230         Implement calls to JavaScript functions in WebAssembly
3231         https://bugs.webkit.org/show_bug.cgi?id=149093
3232
3233         Reviewed by Filip Pizlo.
3234
3235         This patch implements calls to JavaScript functions in WebAssembly.
3236         WebAssembly functions can only call JavaScript functions that are
3237         imported to their module via an object that is passed into
3238         loadWebAssembly(). References to JavaScript functions are resolved at
3239         the module's load time, just like asm.js.
3240
3241         * jsc.cpp:
3242         (GlobalObject::finishCreation):
3243         (functionLoadWebAssembly):
3244         * tests/stress/wasm-calls.js:
3245         * tests/stress/wasm/calls.wasm:
3246         * wasm/JSWASMModule.cpp:
3247         (JSC::JSWASMModule::visitChildren):
3248         * wasm/JSWASMModule.h:
3249         (JSC::JSWASMModule::importedFunctions):
3250         * wasm/WASMFunctionCompiler.h:
3251         (JSC::WASMFunctionCompiler::buildCallImport):
3252         * wasm/WASMFunctionParser.cpp:
3253         (JSC::WASMFunctionParser::parseExpressionI32):
3254         (JSC::WASMFunctionParser::parseExpressionF64):
3255         (JSC::WASMFunctionParser::parseCallImport):
3256         * wasm/WASMFunctionParser.h:
3257         * wasm/WASMFunctionSyntaxChecker.h:
3258         (JSC::WASMFunctionSyntaxChecker::buildCallInternal):
3259         (JSC::WASMFunctionSyntaxChecker::buildCallImport):
3260         (JSC::WASMFunctionSyntaxChecker::updateTempStackHeightForCall):
3261         * wasm/WASMModuleParser.cpp:
3262         (JSC::WASMModuleParser::WASMModuleParser):
3263         (JSC::WASMModuleParser::parse):
3264         (JSC::WASMModuleParser::parseModule):
3265         (JSC::WASMModuleParser::parseFunctionImportSection):
3266         (JSC::WASMModuleParser::getImportedValue):
3267         (JSC::parseWebAssembly):
3268         * wasm/WASMModuleParser.h:
3269
3270 2015-09-15  Csaba Osztrogon√°c  <ossy@webkit.org>
3271
3272         Fix the !ENABLE(DFG_JIT) build after r188696
3273         https://bugs.webkit.org/show_bug.cgi?id=149158
3274
3275         Reviewed by Yusuke Suzuki.
3276
3277         * bytecode/GetByIdStatus.cpp:
3278         * bytecode/GetByIdStatus.h:
3279
3280 2015-09-15  Saam barati  <sbarati@apple.com>
3281
3282         functions that use try/catch will allocate a top level JSLexicalEnvironment even when it is not necessary
3283         https://bugs.webkit.org/show_bug.cgi?id=148169
3284
3285         Reviewed by Geoffrey Garen.
3286
3287         We used to do this before we had proper lexical scoping
3288         in the bytecode generator. There is absolutely no reason
3289         why need to allocate a top-level "var" activation when a
3290         function/program uses a "catch" block.
3291
3292         * parser/ASTBuilder.h:
3293         (JSC::ASTBuilder::createTryStatement):
3294         (JSC::ASTBuilder::incConstants):
3295         (JSC::ASTBuilder::usesThis):
3296         (JSC::ASTBuilder::usesArguments):
3297         (JSC::ASTBuilder::usesWith):
3298         (JSC::ASTBuilder::usesEval):
3299         (JSC::ASTBuilder::usesCatch): Deleted.
3300         * parser/Nodes.h:
3301         (JSC::ScopeNode::isStrictMode):
3302         (JSC::ScopeNode::setUsesArguments):
3303         (JSC::ScopeNode::usesThis):
3304         (JSC::ScopeNode::needsActivation):
3305         (JSC::ScopeNode::hasCapturedVariables):
3306         (JSC::ScopeNode::captures):
3307         (JSC::ScopeNode::needsActivationForMoreThanVariables): Deleted.
3308         * parser/ParserModes.h:
3309         * runtime/Executable.h:
3310         (JSC::ScriptExecutable::usesEval):
3311         (JSC::ScriptExecutable::usesArguments):
3312         (JSC::ScriptExecutable::needsActivation):
3313         (JSC::ScriptExecutable::isStrictMode):
3314         (JSC::ScriptExecutable::ecmaMode):
3315
3316 2015-09-15  Michael Saboff  <msaboff@apple.com>
3317
3318         REGRESSION(r189774): CLoop doesn't build after r189774
3319         https://bugs.webkit.org/show_bug.cgi?id=149171
3320
3321         Unreviewed build fix for the C Loop.
3322
3323         Added needed C Loop label opcodes.
3324
3325         * bytecode/BytecodeList.json:
3326
3327 2015-09-15  Andy VanWagoner  <thetalecrafter@gmail.com>
3328
3329         [INTL] Implement supportedLocalesOf on Intl Constructors
3330         https://bugs.webkit.org/show_bug.cgi?id=147599
3331
3332         Reviewed by Benjamin Poulain.
3333
3334         Implements all of the abstract operations used by supportedLocalesOf,
3335         except during canonicalization it does not replace redundant tags,
3336         or subtags with their preferred values.
3337
3338         * icu/unicode/ucal.h: Added.
3339         * icu/unicode/udat.h: Added.
3340         * icu/unicode/umisc.h: Added.
3341         * icu/unicode/unum.h: Added.
3342         * icu/unicode/utypes.h: Clear the U_SHOW_CPLUSPLUS_API flag to prevent C++ headers from being included.
3343         * runtime/CommonIdentifiers.h: Adde localeMatcher.
3344         * runtime/IntlCollatorConstructor.cpp:
3345         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Implemented.
3346         * runtime/IntlDateTimeFormatConstructor.cpp:
3347         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Implemented.
3348 &n