WebAssembly: implement Module imports/exports
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-28  JF Bastien  <jfbastien@apple.com>
2
3         WebAssembly: implement Module imports/exports
4         https://bugs.webkit.org/show_bug.cgi?id=166982
5
6         Reviewed by Saam Barati.
7
8         As defined in: https://github.com/WebAssembly/design/commit/18cbacb90cd3584dd5c9aa3d392e4e55f66af6ab
9
10         * wasm/WasmFormat.h:
11         (JSC::Wasm::makeString): use uppercase instead, it was only used
12         for diagnostic but is now used for the expected JS property's
13         capitalization
14         * wasm/js/WebAssemblyModulePrototype.cpp:
15         (JSC::webAssemblyModuleProtoImports):
16         (JSC::webAssemblyModuleProtoExports):
17
18 2017-03-27  JF Bastien  <jfbastien@apple.com>
19
20         WebAssembly: JSWebAssemblyCodeBlock.h belongs in JavaScriptCore/wasm/js not JavaScriptCore/wasm
21         https://bugs.webkit.org/show_bug.cgi?id=170160
22
23         Reviewed by Mark Lam.
24
25         * JavaScriptCore.xcodeproj/project.pbxproj:
26         * wasm/js/JSWebAssemblyCodeBlock.h: Renamed from Source/JavaScriptCore/wasm/JSWebAssemblyCodeBlock.h.
27
28 2017-03-27  JF Bastien  <jfbastien@apple.com>
29
30         WebAssembly: misc memory testing
31         https://bugs.webkit.org/show_bug.cgi?id=170137
32
33         Reviewed by Keith Miller.
34
35         * wasm/js/WebAssemblyInstanceConstructor.cpp:
36         (JSC::WebAssemblyInstanceConstructor::createInstance): improve error messages
37
38 2017-03-27  Michael Saboff  <msaboff@apple.com>
39
40         Add ARM64 system instructions to disassembler
41         https://bugs.webkit.org/show_bug.cgi?id=170084
42
43         Reviewed by Saam Barati.
44
45         This changes adds support for MRS and MSR instructions, and refactors the DMB
46         disassembly to handle all of the barrier instructions.
47
48         * disassembler/ARM64/A64DOpcode.cpp:
49         (JSC::ARM64Disassembler::A64DOpcodeMSRImmediate::format):
50         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::format):
51         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::format):
52         (JSC::ARM64Disassembler::A64DOpcodeDmb::format): Deleted.
53         * disassembler/ARM64/A64DOpcode.h:
54         (JSC::ARM64Disassembler::A64DOpcodeSystem::lBit):
55         (JSC::ARM64Disassembler::A64DOpcodeSystem::op0):
56         (JSC::ARM64Disassembler::A64DOpcodeSystem::op1):
57         (JSC::ARM64Disassembler::A64DOpcodeSystem::crN):
58         (JSC::ARM64Disassembler::A64DOpcodeSystem::crM):
59         (JSC::ARM64Disassembler::A64DOpcodeSystem::op2):
60         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::opName):
61         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::systemRegister):
62         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::opName):
63         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::option):
64         (JSC::ARM64Disassembler::A64DOpcodeDmb::opName): Deleted.
65         (JSC::ARM64Disassembler::A64DOpcodeDmb::option): Deleted.
66         (JSC::ARM64Disassembler::A64DOpcodeDmb::crM): Deleted.
67
68 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
69
70         B3::fixSSA should do liveness pruning
71         https://bugs.webkit.org/show_bug.cgi?id=170111
72
73         Reviewed by Saam Barati.
74         
75         This moves all of the logic of Air::Liveness<> to WTF::Liveness<> and then uses that to
76         create B3::VariableLiveness. Then this uses VariableLiveness::LiveAtHead to prune Phi
77         construction.
78         
79         This makes B3::fixSSA run twice as fast. This is a 13% progression on WasmBench compile
80         times.
81
82         * CMakeLists.txt:
83         * JavaScriptCore.xcodeproj/project.pbxproj:
84         * b3/B3BasicBlock.h:
85         (JSC::B3::BasicBlock::get):
86         * b3/B3FixSSA.cpp:
87         (JSC::B3::fixSSA):
88         * b3/B3VariableLiveness.cpp: Added.
89         (JSC::B3::VariableLiveness::VariableLiveness):
90         (JSC::B3::VariableLiveness::~VariableLiveness):
91         * b3/B3VariableLiveness.h: Added.
92         (JSC::B3::VariableLivenessAdapter::VariableLivenessAdapter):
93         (JSC::B3::VariableLivenessAdapter::numIndices):
94         (JSC::B3::VariableLivenessAdapter::valueToIndex):
95         (JSC::B3::VariableLivenessAdapter::indexToValue):
96         (JSC::B3::VariableLivenessAdapter::blockSize):
97         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse):
98         (JSC::B3::VariableLivenessAdapter::forEachLateUse):
99         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef):
100         (JSC::B3::VariableLivenessAdapter::forEachLateDef):
101         * b3/air/AirCFG.h: Added.
102         (JSC::B3::Air::CFG::CFG):
103         (JSC::B3::Air::CFG::root):
104         (JSC::B3::Air::CFG::newMap):
105         (JSC::B3::Air::CFG::successors):
106         (JSC::B3::Air::CFG::predecessors):
107         (JSC::B3::Air::CFG::index):
108         (JSC::B3::Air::CFG::node):
109         (JSC::B3::Air::CFG::numNodes):
110         (JSC::B3::Air::CFG::dump):
111         * b3/air/AirCode.cpp:
112         (JSC::B3::Air::Code::Code):
113         * b3/air/AirCode.h:
114         (JSC::B3::Air::Code::cfg):
115         * b3/air/AirLiveness.h:
116         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
117         (JSC::B3::Air::LivenessAdapter::blockSize):
118         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse):
119         (JSC::B3::Air::LivenessAdapter::forEachLateUse):
120         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef):
121         (JSC::B3::Air::LivenessAdapter::forEachLateDef):
122         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
123         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
124         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
125         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
126         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
127         (JSC::B3::Air::Liveness::Liveness):
128         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc): Deleted.
129         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable): Deleted.
130         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator): Deleted.
131         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++): Deleted.
132         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*): Deleted.
133         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==): Deleted.
134         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=): Deleted.
135         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin): Deleted.
136         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end): Deleted.
137         (JSC::B3::Air::Liveness::LocalCalc::Iterable::contains): Deleted.
138         (JSC::B3::Air::Liveness::LocalCalc::live): Deleted.
139         (JSC::B3::Air::Liveness::LocalCalc::isLive): Deleted.
140         (JSC::B3::Air::Liveness::LocalCalc::execute): Deleted.
141         (JSC::B3::Air::Liveness::rawLiveAtHead): Deleted.
142         (JSC::B3::Air::Liveness::Iterable::Iterable): Deleted.
143         (JSC::B3::Air::Liveness::Iterable::iterator::iterator): Deleted.
144         (JSC::B3::Air::Liveness::Iterable::iterator::operator*): Deleted.
145         (JSC::B3::Air::Liveness::Iterable::iterator::operator++): Deleted.
146         (JSC::B3::Air::Liveness::Iterable::iterator::operator==): Deleted.
147         (JSC::B3::Air::Liveness::Iterable::iterator::operator!=): Deleted.
148         (JSC::B3::Air::Liveness::Iterable::begin): Deleted.
149         (JSC::B3::Air::Liveness::Iterable::end): Deleted.
150         (JSC::B3::Air::Liveness::Iterable::contains): Deleted.
151         (JSC::B3::Air::Liveness::liveAtHead): Deleted.
152         (JSC::B3::Air::Liveness::liveAtTail): Deleted.
153         (JSC::B3::Air::Liveness::workset): Deleted.
154
155 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
156
157         Air::Liveness shouldn't need HashSets
158         https://bugs.webkit.org/show_bug.cgi?id=170102
159
160         Reviewed by Yusuke Suzuki.
161         
162         This converts Air::Liveness<> to no longer use HashSets or BitVectors. This turns out to be
163         easy because it's cheap enough to do a sorted merge of the things being added to liveAtHead and
164         the things in the predecessors' liveAtTail. This turns out to be faster - it's a 2% overall
165         compile time progression on WasmBench.
166         
167         * b3/B3LowerToAir.cpp:
168         (JSC::B3::Air::LowerToAir::lower): Add a FIXME unrelated to this patch.
169         * b3/air/AirLiveness.h:
170         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
171         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc):
172         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead):
173         (JSC::B3::Air::AbstractLiveness::liveAtHead):
174         (JSC::B3::Air::AbstractLiveness::liveAtTail):
175         * b3/air/AirTmp.h:
176         (JSC::B3::Air::Tmp::bank):
177         (JSC::B3::Air::Tmp::tmpIndex):
178         * dfg/DFGStoreBarrierClusteringPhase.cpp:
179
180 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
181
182         Air should use RegisterSet for RegLiveness
183         https://bugs.webkit.org/show_bug.cgi?id=170108
184
185         Reviewed by Yusuke Suzuki.
186         
187         The biggest change here is the introduction of the new RegLiveness class. This is a
188         drop-in replacement for the old RegLiveness, which was a specialization of
189         AbstractLiveness<>, but it's about 30% faster. It gets its speed boost from just using
190         sets everywhere, which is efficient for registers since RegisterSet is just two (on
191         x86-64) or three 32-bit (on ARM64) statically allocated words. This looks like a 1%
192         compile time progression on WasmBench.
193
194         * CMakeLists.txt:
195         * JavaScriptCore.xcodeproj/project.pbxproj:
196         * b3/B3TimingScope.cpp: Records phase timing totals.
197         (JSC::B3::TimingScope::TimingScope):
198         (JSC::B3::TimingScope::~TimingScope):
199         * b3/B3TimingScope.h:
200         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
201         (JSC::B3::Air::allocateRegistersByGraphColoring):
202         * b3/air/AirLiveness.h: Move code around and rename a bit to make it more like RegLiveness; in particular we want the `iterator` to be called `iterator` not `Iterator`, and we want it to be internal to its iterable. Also rename this template to Liveness, to match the header filename.
203         (JSC::B3::Air::Liveness::Liveness):
204         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
205         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable):
206         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator):
207         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++):
208         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*):
209         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==):
210         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=):
211         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin):
212         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end):
213         (JSC::B3::Air::Liveness::Iterable::Iterable):
214         (JSC::B3::Air::Liveness::Iterable::iterator::iterator):
215         (JSC::B3::Air::RegLivenessAdapter::RegLivenessAdapter): Deleted.
216         (JSC::B3::Air::RegLivenessAdapter::numIndices): Deleted.
217         (JSC::B3::Air::RegLivenessAdapter::acceptsBank): Deleted.
218         (JSC::B3::Air::RegLivenessAdapter::acceptsRole): Deleted.
219         (JSC::B3::Air::RegLivenessAdapter::valueToIndex): Deleted.
220         (JSC::B3::Air::RegLivenessAdapter::indexToValue): Deleted.
221         (JSC::B3::Air::AbstractLiveness::AbstractLiveness): Deleted.
222         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc): Deleted.
223         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::Iterator): Deleted.
224         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator++): Deleted.
225         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator*): Deleted.
226         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator==): Deleted.
227         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator!=): Deleted.
228         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::Iterable): Deleted.
229         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::begin): Deleted.
230         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::end): Deleted.
231         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::contains): Deleted.
232         (JSC::B3::Air::AbstractLiveness::LocalCalc::live): Deleted.
233         (JSC::B3::Air::AbstractLiveness::LocalCalc::isLive): Deleted.
234         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute): Deleted.
235         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead): Deleted.
236         (JSC::B3::Air::AbstractLiveness::Iterable::Iterable): Deleted.
237         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::iterator): Deleted.
238         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator*): Deleted.
239         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator++): Deleted.
240         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator==): Deleted.
241         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator!=): Deleted.
242         (JSC::B3::Air::AbstractLiveness::Iterable::begin): Deleted.
243         (JSC::B3::Air::AbstractLiveness::Iterable::end): Deleted.
244         (JSC::B3::Air::AbstractLiveness::Iterable::contains): Deleted.
245         (JSC::B3::Air::AbstractLiveness::liveAtHead): Deleted.
246         (JSC::B3::Air::AbstractLiveness::liveAtTail): Deleted.
247         (JSC::B3::Air::AbstractLiveness::workset): Deleted.
248         * b3/air/AirLogRegisterPressure.cpp:
249         * b3/air/AirLowerAfterRegAlloc.cpp:
250         * b3/air/AirRegLiveness.cpp: Added.
251         (JSC::B3::Air::RegLiveness::RegLiveness):
252         (JSC::B3::Air::RegLiveness::~RegLiveness):
253         (JSC::B3::Air::RegLiveness::LocalCalc::execute):
254         * b3/air/AirRegLiveness.h: Added.
255         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
256         (JSC::B3::Air::RegLiveness::LocalCalc::live):
257         (JSC::B3::Air::RegLiveness::LocalCalc::isLive):
258         (JSC::B3::Air::RegLiveness::liveAtHead):
259         (JSC::B3::Air::RegLiveness::liveAtTail):
260         * b3/air/AirReportUsedRegisters.cpp:
261         * jit/RegisterSet.h:
262         (JSC::RegisterSet::add):
263         (JSC::RegisterSet::remove):
264         (JSC::RegisterSet::contains):
265         (JSC::RegisterSet::subsumes):
266         (JSC::RegisterSet::iterator::iterator):
267         (JSC::RegisterSet::iterator::operator*):
268         (JSC::RegisterSet::iterator::operator++):
269         (JSC::RegisterSet::iterator::operator==):
270         (JSC::RegisterSet::iterator::operator!=):
271         (JSC::RegisterSet::begin):
272         (JSC::RegisterSet::end):
273
274 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
275
276         Fix wasm by returning after we do TLS.
277
278         Rubber stamped by Keith Miller.
279
280         * jit/AssemblyHelpers.h:
281         (JSC::AssemblyHelpers::storeWasmContext):
282
283 2017-03-24  Mark Lam  <mark.lam@apple.com>
284
285         Add some instrumentation in Heap::resumeThePeriphery() to help debug an issue.
286         https://bugs.webkit.org/show_bug.cgi?id=170086
287         <rdar://problem/31253673>
288
289         Reviewed by Saam Barati.
290
291         Adding some instrumentation in Heap::resumeThePeriphery() to dump some Heap state
292         just before we RELEASE_ASSERT_NOT_REACHED.
293
294         * heap/Heap.cpp:
295         (JSC::Heap::resumeThePeriphery):
296
297 2017-03-24  JF Bastien  <jfbastien@apple.com>
298
299         WebAssembly: store state in TLS instead of on VM
300         https://bugs.webkit.org/show_bug.cgi?id=169611
301
302         Reviewed by Filip Pizlo.
303
304         Using thread-local storage instead of VM makes code more position
305         independent. We used to store the WebAssembly top Instance (the
306         latest one in the call stack) on VM, now we instead store it in
307         TLS. This top Instance is used to access a bunch of state such as
308         Memory location, size, table (for call_indirect), etc.
309
310         Instead of calling it "top", which is confusing, we now just call
311         it WasmContext.
312
313         Making the code PIC means future patches will be able to
314         postMessage and structured clone into IDB without having to
315         recompile the code. This wasn't possible before because we
316         hard-coded the address of VM at compilation time. That doesn't
317         work between workers, and doesn't work across reloads (which IDB
318         is intended to do).
319
320         It'll also potentially make code faster once we start tuning
321         what's in TLS, what's in which of the 4 free slots, and what's in
322         pinned registers. I'm leaving this tuning for later because
323         there's lower lying fruit for us to pick.
324
325         * CMakeLists.txt:
326         * JavaScriptCore.xcodeproj/project.pbxproj:
327         * assembler/AbstractMacroAssembler.h:
328         * assembler/AllowMacroScratchRegisterUsageIf.h: Copied from assembler/AllowMacroScratchRegisterUsage.h.
329         (JSC::AllowMacroScratchRegisterUsageIf::AllowMacroScratchRegisterUsageIf):
330         (JSC::AllowMacroScratchRegisterUsageIf::~AllowMacroScratchRegisterUsageIf):
331         * assembler/MacroAssembler.h:
332         (JSC::MacroAssembler::storeToTLSPtr): we previously didn't have
333         the code required to store to TLS, only to load
334         * assembler/MacroAssemblerARM64.h:
335         (JSC::MacroAssemblerARM64::loadFromTLSPtrNeedsMacroScratchRegister):
336         (JSC::MacroAssemblerARM64::storeToTLS32):
337         (JSC::MacroAssemblerARM64::storeToTLS64):
338         (JSC::MacroAssemblerARM64::storeToTLSPtrNeedsMacroScratchRegister):
339         * assembler/MacroAssemblerX86Common.h:
340         (JSC::MacroAssemblerX86Common::loadFromTLSPtrNeedsMacroScratchRegister):
341         (JSC::MacroAssemblerX86Common::storeToTLS32):
342         (JSC::MacroAssemblerX86Common::storeToTLSPtrNeedsMacroScratchRegister):
343         * assembler/MacroAssemblerX86_64.h:
344         (JSC::MacroAssemblerX86_64::loadFromTLS64): was loading 32-bit instead of 64-bit
345         (JSC::MacroAssemblerX86_64::storeToTLS64):
346         * assembler/X86Assembler.h:
347         (JSC::X86Assembler::movl_rm):
348         (JSC::X86Assembler::movq_rm):
349         * b3/testb3.cpp:
350         (JSC::B3::testFastTLSLoad):
351         (JSC::B3::testFastTLSStore):
352         (JSC::B3::run):
353         * jit/AssemblyHelpers.h:
354         (JSC::AssemblyHelpers::loadWasmContext):
355         (JSC::AssemblyHelpers::storeWasmContext):
356         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
357         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
358         * jit/Repatch.cpp:
359         (JSC::webAssemblyOwner):
360         * jit/ThunkGenerators.cpp:
361         (JSC::throwExceptionFromWasmThunkGenerator):
362         * runtime/Options.h:
363         * runtime/VM.cpp:
364         (JSC::VM::VM):
365         * runtime/VM.h:
366         * wasm/WasmB3IRGenerator.cpp:
367         (JSC::Wasm::loadWasmContext):
368         (JSC::Wasm::storeWasmContext):
369         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
370         (JSC::Wasm::getMemoryBaseAndSize):
371         (JSC::Wasm::restoreWebAssemblyGlobalState):
372         (JSC::Wasm::createJSToWasmWrapper):
373         (JSC::Wasm::parseAndCompile):
374         * wasm/WasmBinding.cpp:
375         (JSC::Wasm::materializeImportJSCell):
376         (JSC::Wasm::wasmToJs):
377         (JSC::Wasm::wasmToWasm):
378         * wasm/WasmContext.cpp: Added.
379         (JSC::loadWasmContext):
380         (JSC::storeWasmContext):
381         * wasm/WasmContext.h: Added. Replaces "top" JSWebAssemblyInstance.
382         * wasm/js/WebAssemblyFunction.cpp:
383         (JSC::callWebAssemblyFunction):
384         * wasm/js/WebAssemblyInstanceConstructor.h:
385
386 2017-03-24  JF Bastien  <jfbastien@apple.com>
387
388         WebAssembly: spec-tests/memory.wast.js fails in debug
389         https://bugs.webkit.org/show_bug.cgi?id=169794
390
391         Reviewed by Keith Miller.
392
393         The failure was due to empty memories (with maximum size 0). Those
394         only occur in tests and in code that's trying to trip us. This
395         patch adds memory mode "none" which represents no memory. It can
396         work with either bounds checked or signaling code because it never
397         contains loads and stores.
398
399         The spec tests which were failing did the following:
400             > (module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
401             > (assert_return (invoke "memsize") (i32.const 0))
402             > (module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
403             > (assert_return (invoke "memsize") (i32.const 0))
404             > (module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
405             > (assert_return (invoke "memsize") (i32.const 1))
406
407         * wasm/WasmB3IRGenerator.cpp:
408         (JSC::Wasm::B3IRGenerator::memoryKind):
409         * wasm/WasmMemory.cpp:
410         (JSC::Wasm::tryGetFastMemory):
411         (JSC::Wasm::releaseFastMemory):
412         (JSC::Wasm::Memory::Memory):
413         (JSC::Wasm::Memory::createImpl):
414         (JSC::Wasm::Memory::create):
415         (JSC::Wasm::Memory::grow):
416         (JSC::Wasm::Memory::makeString):
417         * wasm/WasmMemory.h:
418         * wasm/WasmMemoryInformation.cpp:
419         (JSC::Wasm::MemoryInformation::MemoryInformation):
420         * wasm/js/JSWebAssemblyCodeBlock.cpp:
421         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
422         * wasm/js/JSWebAssemblyModule.cpp:
423         (JSC::JSWebAssemblyModule::codeBlock):
424         (JSC::JSWebAssemblyModule::finishCreation):
425         * wasm/js/JSWebAssemblyModule.h:
426         (JSC::JSWebAssemblyModule::codeBlock):
427         (JSC::JSWebAssemblyModule::codeBlockFor):
428
429 2017-03-24  Mark Lam  <mark.lam@apple.com>
430
431         Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
432         https://bugs.webkit.org/show_bug.cgi?id=170064
433         <rdar://problem/31246098>
434
435         Reviewed by Geoffrey Garen.
436
437         * runtime/ArrayPrototype.cpp:
438         (JSC::arrayProtoPrivateFuncConcatMemcpy):
439         * runtime/JSArray.cpp:
440         (JSC::JSArray::fastSlice):
441
442 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
443
444         [JSC] Use jsNontrivialString agressively for ToString(Int52)
445         https://bugs.webkit.org/show_bug.cgi?id=170002
446
447         Reviewed by Sam Weinig.
448
449         We use the same logic used for Int32 to use jsNontvirialString.
450         After single character check, produced string is always longer than 1.
451         Thus, we can use jsNontrivialString.
452
453         * runtime/NumberPrototype.cpp:
454         (JSC::int52ToString):
455
456 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
457
458         [JSC] Use WeakRandom for SamplingProfiler interval fluctuation
459         https://bugs.webkit.org/show_bug.cgi?id=170045
460
461         Reviewed by Mark Lam.
462
463         It is unnecessary to use cryptographicallyRandomNumber for SamplingProfiler
464         interval fluctuation. Use WeakRandom instead.
465
466         * runtime/SamplingProfiler.cpp:
467         (JSC::SamplingProfiler::SamplingProfiler):
468         (JSC::SamplingProfiler::timerLoop):
469         * runtime/SamplingProfiler.h:
470
471 2017-03-23  Mark Lam  <mark.lam@apple.com>
472
473         Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
474         https://bugs.webkit.org/show_bug.cgi?id=170025
475         <rdar://problem/31228679>
476
477         Reviewed by Saam Barati.
478
479         * runtime/ArrayPrototype.cpp:
480         (JSC::copySplicedArrayElements):
481         (JSC::arrayProtoFuncSplice):
482
483 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
484
485         [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
486         https://bugs.webkit.org/show_bug.cgi?id=169998
487
488         Reviewed by Saam Barati.
489
490         Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
491         We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
492         We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.
493
494         This patch tighten the conditions of addShouldSpeculateAnyInt.
495
496         1. Honor DoubleConstant.
497
498         When executing imaging-darkroom, we have a thing like that,
499
500             132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
501             1320:< 1:loc38>        Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
502             1321:< 1:loc39>        Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
503             133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)
504
505         The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
506         of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
507         While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
508         severe performance regression.
509
510         Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.
511
512         One thing can be found that we have DoubleConstant in the RHS. It means that we have `1.0` instead of `1` in the code.
513         We can see the code like `lhs - 1.0` instead of `lhs - 1` in imaging-darkroom. It offers good information that lhs and
514         the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
515         it in Int52.
516
517         So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
518         Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.
519
520         2. Two Int52Rep(Double) conversions are not desirable.
521
522         We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
523         decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
524         rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
525         cheap since only one Double to Int52 conversion could be required.
526         This recovers some regression in assorted tests while keeping kraken crypto improvements.
527
528         3. Avoid frequent Int52 to JSValue conversions.
529
530         Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
531         Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
532         converting Int52, performing ArithAdd, and soon converting back to JSValue.
533
534         The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
535         And still it keeps kraken crypto improvements.
536
537                                                    baseline                  patched
538
539         imaging-darkroom                       201.112+-3.192      ^     189.532+-2.883         ^ definitely 1.0611x faster
540         stanford-crypto-pbkdf2                 103.953+-2.325            100.926+-2.396           might be 1.0300x faster
541         stanford-crypto-sha256-iterative        35.103+-1.071      ?      36.049+-1.143         ? might be 1.0270x slower
542
543         * dfg/DFGGraph.h:
544         (JSC::DFG::Graph::addShouldSpeculateAnyInt):
545
546 == Rolled over to ChangeLog-2017-03-23 ==