Consider removing double load for accessing the instructions from LLInt
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-11-12  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2
3         Consider removing double load for accessing the instructions from LLInt
4         https://bugs.webkit.org/show_bug.cgi?id=190932
5
6         Reviewed by Mark Lam.
7
8         Changing InstructionStream to RefCountedArray like structure involves so much changes
9         including BytecodeGraph, PreciseJumpTargets etc. Instead, CodeBlock simply hold a raw
10         pointer to the InstructionStream's data. Since InstructionStream is not changed
11         anymore, this pointer is valid while CodeBlock is live.
12
13         * bytecode/CodeBlock.cpp:
14         (JSC::CodeBlock::CodeBlock):
15         * bytecode/CodeBlock.h:
16         * bytecode/InstructionStream.h:
17         (JSC::InstructionStream::rawPointer const):
18         * llint/LowLevelInterpreter.asm:
19         * llint/LowLevelInterpreter32_64.asm:
20         * llint/LowLevelInterpreter64.asm:
21
22 2018-11-18  Fujii Hironori  <Hironori.Fujii@sony.com>
23
24         REGRESSION(r238039) WebCore::JSDOMGlobalObject::createStructure is using JSC::Structure::create without including StructureInlines.h
25         https://bugs.webkit.org/show_bug.cgi?id=191626
26
27         Reviewed by Yusuke Suzuki.
28
29         JSC::Structure::create is used everywhere. It should be defined in
30         Structure.h, not in StructureInlines.h.
31
32         * runtime/Structure.h:
33         (JSC::Structure::create): Moved.
34         * runtime/StructureInlines.h: Moved JSC::Structure::create.
35
36 2018-11-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
37
38         Unreviewed, rolling in the rest of r237254
39         https://bugs.webkit.org/show_bug.cgi?id=190340
40
41         * parser/ParserModes.h:
42         * parser/ParserTokens.h:
43         (JSC::JSTextPosition::JSTextPosition):
44         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
45         * runtime/CodeCache.cpp:
46         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
47         * runtime/FunctionConstructor.cpp:
48         (JSC::constructFunctionSkippingEvalEnabledCheck):
49
50 2018-11-17  Devin Rousso  <drousso@apple.com>
51
52         Web Inspector: Network: add button to show system certificate dialog
53         https://bugs.webkit.org/show_bug.cgi?id=191458
54         <rdar://problem/45977019>
55
56         Reviewed by Joseph Pecoraro.
57
58         * inspector/protocol/Network.json:
59         Add `getSerializedCertificate` command.
60
61 2018-11-17  Dominik Infuehr  <dinfuehr@igalia.com>
62
63         Fix build with disabled DFG/FTL
64         https://bugs.webkit.org/show_bug.cgi?id=191256
65
66         Reviewed by Yusuke Suzuki.
67
68         Fix compilation errors and warnings with both DFG and FTL
69         disabled at compile-time.
70
71         * bytecode/CodeBlock.cpp:
72         (JSC::CodeBlock::getICStatusMap):
73         * bytecode/InByIdStatus.cpp:
74         (JSC::InByIdStatus::computeFor):
75         * bytecode/PutByIdStatus.cpp:
76         (JSC::PutByIdStatus::computeFor):
77         (JSC::PutByIdStatus::hasExitSite): Deleted.
78         * bytecode/PutByIdStatus.h:
79         * jit/JITOpcodes.cpp:
80         (JSC::JIT::emit_op_catch):
81
82 2018-11-16  Joseph Pecoraro  <pecoraro@apple.com>
83
84         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Local Inspector)
85         https://bugs.webkit.org/show_bug.cgi?id=191740
86         <rdar://problem/45470897>
87
88         Reviewed by Timothy Hatcher.
89
90         * inspector/InspectorFrontendChannel.h:
91         Expose EnumTraits for ConnectionType for WebKit IPC messages.
92
93 2018-11-16  Filip Pizlo  <fpizlo@apple.com>
94
95         All users of ArrayBuffer should agree on the same max size
96         https://bugs.webkit.org/show_bug.cgi?id=191771
97
98         Reviewed by Mark Lam.
99
100         Array buffers cannot be larger than 0x7fffffff, because otherwise loading typedArray.length in the DFG/FTL would produce
101         a uint32 or would require a signedness check, neither of which sounds reasonable. It's better to just bound their max size
102         instead.
103
104         * runtime/ArrayBuffer.cpp:
105         (JSC::ArrayBufferContents::ArrayBufferContents):
106         (JSC::ArrayBufferContents::tryAllocate):
107         (JSC::ArrayBufferContents::transferTo):
108         (JSC::ArrayBufferContents::copyTo):
109         (JSC::ArrayBufferContents::shareWith):
110         * runtime/ArrayBuffer.h:
111         * wasm/WasmMemory.cpp:
112         (JSC::Wasm::Memory::tryCreate):
113         (JSC::Wasm::Memory::grow):
114         * wasm/WasmPageCount.h:
115
116 2018-11-16  Saam Barati  <sbarati@apple.com>
117
118         KnownCellUse should also have SpecCellCheck as its type filter
119         https://bugs.webkit.org/show_bug.cgi?id=191729
120         <rdar://problem/45872852>
121
122         Reviewed by Filip Pizlo.
123
124         We write transformations in the compiler like this where we emit edges with
125         KnownCellUse if we know we're inserting code at a point where we're dominated
126         by a Cell check:
127         
128         a: SomeValue
129         b: Something(Cell:@a)
130         c: SomethingElse(@b)
131         d: CheckNotEmpty(@a)
132         
133         =>
134         
135         a: SomeValue
136         b: Something(Cell:@a)
137         e: RandomOtherThing(KnownCellUse:@a)
138         c: SomethingElse(@b)
139         d: CheckNotEmpty(@a)
140         
141         However, doing this used to lead to subtly incorrect programs since KnownCellUse
142         did not allow the empty value to flow through it. We used to end up incorrectly
143         deleting @d in the above program. We fix this, we make KnownCellUse allow the empty
144         value to flow through.
145
146         * dfg/DFGUseKind.h:
147         (JSC::DFG::typeFilterFor):
148
149 2018-11-16  Tadeu Zagallo  <tzagallo@apple.com>
150
151         Fix assertion failure on BytecodeGenerator::recordOpcode
152         https://bugs.webkit.org/show_bug.cgi?id=191724
153         <rdar://problem/45724395>
154
155         Reviewed by Saam Barati.
156
157         Since https://bugs.webkit.org/show_bug.cgi?id=187373, we were not
158         restoring m_lastInstruction after patching the bytecode when
159         finalizing StructureForInContexts, only m_lastOpcodeID, which led to
160         the assertion failure.
161
162         * bytecompiler/BytecodeGenerator.cpp:
163         (JSC::StructureForInContext::finalize):
164
165 2018-11-15  Mark Lam  <mark.lam@apple.com>
166
167         RegExpObject's collectMatches should not be using JSArray::push to fill in its match results.
168         https://bugs.webkit.org/show_bug.cgi?id=191730
169         <rdar://problem/46048517>
170
171         Reviewed by Saam Barati.
172
173         According to the spec https://www.ecma-international.org/ecma-262/9.0/index.html#sec-regexp.prototype-@@match,
174         the RegExp match results are filled in using the spec's CreateDataProperty()
175         function which does not consult the prototype for setters.  JSArray:push()
176         consults the prototype for setters.  We should be using putDirectIndex() instead.
177
178         * runtime/RegExpObjectInlines.h:
179         (JSC::collectMatches):
180
181 2018-11-15  Mark Lam  <mark.lam@apple.com>
182
183         RegExp operations should not take fast patch if lastIndex is not numeric.
184         https://bugs.webkit.org/show_bug.cgi?id=191731
185         <rdar://problem/46017305>
186
187         Reviewed by Saam Barati.
188
189         This is because if lastIndex is an object with a valueOf() method, it can execute
190         arbitrary code which may have side effects, and side effects are not permitted by
191         the RegExp fast paths.
192
193         * builtins/RegExpPrototype.js:
194         (globalPrivate.hasObservableSideEffectsForRegExpMatch):
195         (overriddenName.string_appeared_here.search):
196         (globalPrivate.hasObservableSideEffectsForRegExpSplit):
197         (intrinsic.RegExpTestIntrinsic.test):
198         * builtins/StringPrototype.js:
199         (globalPrivate.hasObservableSideEffectsForStringReplace):
200
201 2018-11-15  Keith Rollin  <krollin@apple.com>
202
203         Delete old .xcfilelist files
204         https://bugs.webkit.org/show_bug.cgi?id=191669
205         <rdar://problem/46081994>
206
207         Reviewed by Chris Dumez.
208
209         .xcfilelist files were created and added to the Xcode project files in
210         https://trac.webkit.org/changeset/238008/webkit. However, they caused
211         build issues and they were removed from the Xcode projects in
212         https://trac.webkit.org/changeset/238055/webkit. This check-in removes
213         the files from the repository altogether. They'll ultimately be
214         replaced with new files with names that indicate whether the
215         associated files are inputs to the Run Script phase or are files
216         created by the Run Script phase.
217
218         * DerivedSources.xcfilelist: Removed.
219         * UnifiedSources.xcfilelist: Removed.
220
221 2018-11-14  Keith Rollin  <krollin@apple.com>
222
223         Move scripts for Derived and Unified Sources to external files
224         https://bugs.webkit.org/show_bug.cgi?id=191670
225         <rdar://problem/46082278>
226
227         Reviewed by Keith Miller.
228
229         Move the scripts in the Generate Derived Sources and Generate Unified
230         Sources Run Script phases from the Xcode projects to external shell
231         script files. Then invoke those scripts from the Run Script phases.
232         This refactoring is being performed to support later work that will
233         invoke these scripts in other contexts.
234
235         The scripts were maintained as-is when making the move. I did a little
236         reformatting and added 'set -e' to the top of each file, but that's
237         it.
238
239         * JavaScriptCore.xcodeproj/project.pbxproj:
240         * Scripts/generate-derived-sources.sh: Added.
241         * Scripts/generate-unified-sources.sh: Added.
242
243 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
244
245         Web Inspector: Pass Inspector::FrontendChannel as a reference connect/disconnect methods
246         https://bugs.webkit.org/show_bug.cgi?id=191612
247
248         Reviewed by Matt Baker.
249
250         * inspector/InspectorFrontendRouter.cpp:
251         (Inspector::FrontendRouter::connectFrontend):
252         (Inspector::FrontendRouter::disconnectFrontend):
253         * inspector/InspectorFrontendRouter.h:
254         * inspector/JSGlobalObjectInspectorController.cpp:
255         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
256         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
257         * inspector/JSGlobalObjectInspectorController.h:
258         * inspector/remote/RemoteControllableTarget.h:
259         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
260         (Inspector::RemoteConnectionToTarget::setup):
261         (Inspector::RemoteConnectionToTarget::close):
262         * inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:
263         (Inspector::RemoteConnectionToTarget::setup):
264         (Inspector::RemoteConnectionToTarget::close):
265         * runtime/JSGlobalObjectDebuggable.cpp:
266         (JSC::JSGlobalObjectDebuggable::connect):
267         (JSC::JSGlobalObjectDebuggable::disconnect):
268         * runtime/JSGlobalObjectDebuggable.h:
269
270 2018-11-14  Joseph Pecoraro  <pecoraro@apple.com>
271
272         Web Inspector: Keep Web Inspector window alive across process swaps (PSON) (Remote Inspector)
273         https://bugs.webkit.org/show_bug.cgi?id=191494
274         <rdar://problem/45469854>
275
276         Reviewed by Devin Rousso.
277
278         * CMakeLists.txt:
279         * DerivedSources.make:
280         * JavaScriptCore.xcodeproj/project.pbxproj:
281         * Sources.txt:
282         New domain and resources.
283
284         * inspector/protocol/Target.json: Added.
285         New protocol domain, modeled after Worker.json, to allow for
286         multiplexing between different targets.
287
288         * inspector/InspectorTarget.h:
289         Each target will instantiate an InspectorTarget and must
290         provide an identifier, type, and means of connecting/disconnecting
291         to a frontend channel.
292
293         * inspector/agents/InspectorTargetAgent.cpp: Added.
294         (Inspector::InspectorTargetAgent::InspectorTargetAgent):
295         (Inspector::InspectorTargetAgent::didCreateFrontendAndBackend):
296         (Inspector::InspectorTargetAgent::willDestroyFrontendAndBackend):
297         (Inspector::InspectorTargetAgent::exists):
298         (Inspector::InspectorTargetAgent::initialized):
299         (Inspector::InspectorTargetAgent::sendMessageToTarget):
300         (Inspector::InspectorTargetAgent::sendMessageFromTargetToFrontend):
301         (Inspector::targetTypeToProtocolType):
302         (Inspector::buildTargetInfoObject):
303         (Inspector::InspectorTargetAgent::targetCreated):
304         (Inspector::InspectorTargetAgent::targetTerminated):
305         (Inspector::InspectorTargetAgent::connectToTargets):
306         (Inspector::InspectorTargetAgent::disconnectFromTargets):
307         * inspector/agents/InspectorTargetAgent.h: Added.
308         TargetAgent holds a list of targets, and connects/disconnects to each
309         of the targets when a frontend connects/disconnects.
310
311         * inspector/scripts/codegen/generator.py:
312         Better enum casing of ServiceWorker.
313
314 2018-11-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
315
316         Unreviewed, rolling in CodeCache in r237254
317         https://bugs.webkit.org/show_bug.cgi?id=190340
318
319         Land the CodeCache part without adding an additional hash value.
320
321         * bytecode/UnlinkedFunctionExecutable.cpp:
322         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
323         * bytecode/UnlinkedFunctionExecutable.h:
324         * parser/SourceCodeKey.h:
325         (JSC::SourceCodeKey::SourceCodeKey):
326         (JSC::SourceCodeKey::operator== const):
327         * runtime/CodeCache.cpp:
328         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
329         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
330         * runtime/CodeCache.h:
331         * runtime/FunctionConstructor.cpp:
332         (JSC::constructFunctionSkippingEvalEnabledCheck):
333         * runtime/FunctionExecutable.cpp:
334         (JSC::FunctionExecutable::fromGlobalCode):
335         * runtime/FunctionExecutable.h:
336
337 2018-11-13  Saam Barati  <sbarati@apple.com>
338
339         ProxyObject should check for VMInquiry and return early before throwing a stack overflow exception
340         https://bugs.webkit.org/show_bug.cgi?id=191601
341
342         Reviewed by Mark Lam.
343
344         This doesn't fix any bugs today, but it may reduce future bugs. It was
345         always weird that ProxyObject::getOwnPropertySlot with VMInquiry might
346         throw a stack overflow error instead of just returning false like it
347         normally does when VMInquiry is passed in.
348
349         * runtime/ProxyObject.cpp:
350         (JSC::ProxyObject::getOwnPropertySlotCommon):
351
352 2018-11-13  Saam Barati  <sbarati@apple.com>
353
354         TypeProfileLog::processLogEntries should stash away any pending exceptions and re-apply them to the VM
355         https://bugs.webkit.org/show_bug.cgi?id=191600
356
357         Reviewed by Mark Lam.
358
359         processLogEntries will call into calculatedClassName, which will clear
360         any exceptions it encounters (it assumes that they're stack overflow exceptions).
361         However, this code may be called when an exception is already pending on the 
362         VM (e.g, when we throw an exception in the DFG, we compile an OSR exit
363         offramp, which may compile a baseline codeblock, which will process
364         the type profiler log). To get around this, processLogEntires should stash
365         away and re-apply any pending exceptions.
366
367         * dfg/DFGDriver.cpp:
368         (JSC::DFG::compileImpl):
369         * dfg/DFGOperations.cpp:
370         * inspector/agents/InspectorRuntimeAgent.cpp:
371         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
372         * jit/JIT.cpp:
373         (JSC::JIT::doMainThreadPreparationBeforeCompile):
374         * jit/JITOperations.cpp:
375         * runtime/CommonSlowPaths.cpp:
376         (JSC::SLOW_PATH_DECL):
377         * runtime/TypeProfilerLog.cpp:
378         (JSC::TypeProfilerLog::processLogEntries):
379         * runtime/TypeProfilerLog.h:
380         * runtime/VM.cpp:
381         (JSC::VM::dumpTypeProfilerData):
382         * runtime/VM.h:
383         (JSC::VM::DeferExceptionScope::DeferExceptionScope):
384         * tools/JSDollarVM.cpp:
385         (JSC::functionFindTypeForExpression):
386         (JSC::functionReturnTypeFor):
387
388 2018-11-13  Ryan Haddad  <ryanhaddad@apple.com>
389
390         Unreviewed, rolling out r238132.
391
392         The test added with this change is timing out on Debug JSC
393         bots.
394
395         Reverted changeset:
396
397         "[BigInt] JSBigInt::createWithLength should throw when length
398         is greater than JSBigInt::maxLength"
399         https://bugs.webkit.org/show_bug.cgi?id=190836
400         https://trac.webkit.org/changeset/238132
401
402 2018-11-12  Mark Lam  <mark.lam@apple.com>
403
404         Add OOM detection to StringPrototype's substituteBackreferences().
405         https://bugs.webkit.org/show_bug.cgi?id=191563
406         <rdar://problem/45720428>
407
408         Reviewed by Saam Barati.
409
410         * dfg/DFGStrengthReductionPhase.cpp:
411         (JSC::DFG::StrengthReductionPhase::handleNode):
412         * runtime/StringPrototype.cpp:
413         (JSC::substituteBackreferencesSlow):
414         (JSC::substituteBackreferencesInline):
415         (JSC::substituteBackreferences):
416         (JSC::replaceUsingRegExpSearch):
417         (JSC::replaceUsingStringSearch):
418         * runtime/StringPrototype.h:
419
420 2018-11-13  Mark Lam  <mark.lam@apple.com>
421
422         LLIntSlowPath's llint_loop_osr and llint_replace should set the topCallFrame.
423         https://bugs.webkit.org/show_bug.cgi?id=191579
424         <rdar://problem/45942472>
425
426         Reviewed by Saam Barati.
427
428         Both of these functions do a lot of work.  It would be good for the topCallFrame
429         to be correct should we need to throw an exception.
430
431         For example, we've observed the following crash trace:
432
433           * frame #0: WTFCrash() at Assertions.cpp:253
434             frame #1: ...
435             frame #2: JSC::StructureIDTable::get(this=0x00006040000162f0, structureID=1874583248) at StructureIDTable.h:129
436             frame #3: JSC::VM::getStructure(this=0x0000604000016210, id=4022066896) at VM.h:705
437             frame #4: JSC::JSCell::structure(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:125
438             frame #5: JSC::JSCell::classInfo(this=0x00007ffeefbbde30, vm=0x0000604000016210) const at JSCellInlines.h:335
439             frame #6: JSC::JSCell::inherits(this=0x00007ffeefbbde30, vm=0x0000604000016210, info=0x0000000105eaf020) const at JSCellInlines.h:302
440             frame #7: JSC::JSObject* JSC::jsCast<JSC::JSObject*, JSC::JSCell>(from=0x00007ffeefbbde30) at JSCast.h:36
441             frame #8: JSC::asObject(cell=0x00007ffeefbbde30) at JSObject.h:1299
442             frame #9: JSC::asObject(value=JSValue @ 0x00007ffeefbba380) at JSObject.h:1304
443             frame #10: JSC::Register::object(this=0x00007ffeefbbdd58) const at JSObject.h:1514
444             frame #11: JSC::ExecState::jsCallee(this=0x00007ffeefbbdd40) const at CallFrame.h:107
445             frame #12: JSC::ExecState::isStackOverflowFrame(this=0x00007ffeefbbdd40) const at CallFrameInlines.h:36
446             frame #13: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:52
447             frame #14: JSC::StackVisitor::StackVisitor(this=0x00007ffeefbba860, startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800) at StackVisitor.cpp:41
448             frame #15: void JSC::StackVisitor::visit<(JSC::StackVisitor::EmptyEntryFrameAction)0, JSC::Interpreter::getStackTrace(JSC::JSCell*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow, 16ul>&, unsigned long, unsigned long)::$_3>(startFrame=0x00007ffeefbbdd40, vm=0x0000631000000800, functor=0x00007ffeefbbaa60)::$_3 const&) at StackVisitor.h:147
449             frame #16: JSC::Interpreter::getStackTrace(this=0x0000602000005db0, owner=0x000062d00020cbe0, results=0x00006020000249d0, framesToSkip=0, maxStackSize=1) at Interpreter.cpp:437
450             frame #17: JSC::getStackTrace(exec=0x000062d00002c048, vm=0x0000631000000800, obj=0x000062d00020cbe0, useCurrentFrame=true) at Error.cpp:170
451             frame #18: JSC::ErrorInstance::finishCreation(this=0x000062d00020cbe0, exec=0x000062d00002c048, vm=0x0000631000000800, message=0x00007ffeefbbb800, useCurrentFrame=true) at ErrorInstance.cpp:119
452             frame #19: JSC::ErrorInstance::create(exec=0x000062d00002c048, vm=0x0000631000000800, structure=0x000062d0000f5730, message=0x00007ffeefbbb800, appender=0x0000000000000000, type=TypeNothing, useCurrentFrame=true)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred), JSC::RuntimeType, bool) at ErrorInstance.h:49
453             frame #20: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800, appender=0x0000000000000000)(WTF::String const&, WTF::String const&, JSC::RuntimeType, JSC::ErrorInstance::SourceTextWhereErrorOccurred)) at Error.cpp:68
454             frame #21: JSC::createRangeError(exec=0x000062d00002c048, globalObject=0x000062d00002c000, message=0x00007ffeefbbb800) at Error.cpp:316
455             frame #22: JSC::createStackOverflowError(exec=0x000062d00002c048, globalObject=0x000062d00002c000) at ExceptionHelpers.cpp:77
456             frame #23: JSC::createStackOverflowError(exec=0x000062d00002c048) at ExceptionHelpers.cpp:72
457             frame #24: JSC::throwStackOverflowError(exec=0x000062d00002c048, scope=0x00007ffeefbbbaa0) at ExceptionHelpers.cpp:335
458             frame #25: JSC::ProxyObject::getOwnPropertySlotCommon(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbba80, slot=0x00007ffeefbbc720) at ProxyObject.cpp:372
459             frame #26: JSC::ProxyObject::getOwnPropertySlot(object=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbd40, slot=0x00007ffeefbbc720) at ProxyObject.cpp:395
460             frame #27: JSC::JSObject::getNonIndexPropertySlot(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbbea0, slot=0x00007ffeefbbc720) at JSObjectInlines.h:150
461             frame #28: bool JSC::JSObject::getPropertySlot<false>(this=0x000062d000200e40, exec=0x000062d00002c048, propertyName=PropertyName @ 0x00007ffeefbbc320, slot=0x00007ffeefbbc720) at JSObject.h:1424
462             frame #29: JSC::JSObject::calculatedClassName(object=0x000062d000200e40) at JSObject.cpp:535
463             frame #30: JSC::Structure::toStructureShape(this=0x000062d000007410, value=JSValue @ 0x00007ffeefbbcae0, sawPolyProtoStructure=0x00007ffeefbbcf60) at Structure.cpp:1142
464             frame #31: JSC::TypeProfilerLog::processLogEntries(this=0x000060400000a950, reason=0x00007ffeefbbd5c0) at TypeProfilerLog.cpp:89
465             frame #32: JSC::JIT::doMainThreadPreparationBeforeCompile(this=0x0000619000034da0) at JIT.cpp:951
466             frame #33: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:43
467             frame #34: JSC::JITWorklist::Plan::Plan(this=0x0000619000034d80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:42
468             frame #35: JSC::JITWorklist::compileLater(this=0x0000616000001b80, codeBlock=0x000062d0001d88c0, loopOSREntryBytecodeOffset=0) at JITWorklist.cpp:256
469             frame #36: JSC::LLInt::jitCompileAndSetHeuristics(codeBlock=0x000062d0001d88c0, exec=0x00007ffeefbbde30, loopOSREntryBytecodeOffset=0) at LLIntSlowPaths.cpp:391
470             frame #37: llint_replace(exec=0x00007ffeefbbde30, pc=0x00006040000161ba) at LLIntSlowPaths.cpp:516
471             frame #38: llint_entry at LowLevelInterpreter64.asm:98
472             frame #39: vmEntryToJavaScript at LowLevelInterpreter64.asm:296
473             ...
474
475         This crash occurred because StackVisitor was seeing an invalid topCallFrame while
476         trying to capture the Error stack while throwing a StackOverflowError below
477         llint_replace.  While in this specific example, it is questionable whether we
478         should be executing JS code below TypeProfilerLog::processLogEntries(), it is
479         correct to have set the topCallFrame in llint_replace.  We do this by calling
480         LLINT_BEGIN_NO_SET_PC() at the top of llint_replace.
481
482         We also do the same for llint_osr.
483         
484         Note: both of these LLInt slow path functions are called with a fully initialized
485         CallFrame.  Hence, there's no issue with setting topCallFrame to their CallFrames
486         for these functions.
487
488         * llint/LLIntSlowPaths.cpp:
489         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
490
491 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
492
493         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
494         https://bugs.webkit.org/show_bug.cgi?id=190836
495
496         Reviewed by Saam Barati.
497
498         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
499         where we allocate a BigInt trusting the length received as argument.
500         With this additional method, we now check if length passed to
501         `JSBigInt::createWithLength` is not greater than JSBigInt::maxLength.
502         When the length is greater than maxLength, we then throw OOM
503         exception.
504         This required change the interface of some JSBigInt operations to
505         receive `ExecState*` instead of `VM&`. We changed only operations that
506         can throw because of OOM.
507         We beleive that this approach of throwing instead of finishing the
508         execution abruptly is better because JS programs can catch such
509         exception and handle this issue properly.
510
511         * dfg/DFGOperations.cpp:
512         * jit/JITOperations.cpp:
513         * runtime/CommonSlowPaths.cpp:
514         (JSC::SLOW_PATH_DECL):
515         * runtime/JSBigInt.cpp:
516         (JSC::JSBigInt::createZero):
517         (JSC::JSBigInt::tryCreateWithLength):
518         (JSC::JSBigInt::createWithLengthUnchecked):
519         (JSC::JSBigInt::createFrom):
520         (JSC::JSBigInt::multiply):
521         (JSC::JSBigInt::divide):
522         (JSC::JSBigInt::copy):
523         (JSC::JSBigInt::unaryMinus):
524         (JSC::JSBigInt::remainder):
525         (JSC::JSBigInt::add):
526         (JSC::JSBigInt::sub):
527         (JSC::JSBigInt::bitwiseAnd):
528         (JSC::JSBigInt::bitwiseOr):
529         (JSC::JSBigInt::bitwiseXor):
530         (JSC::JSBigInt::absoluteAdd):
531         (JSC::JSBigInt::absoluteSub):
532         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
533         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
534         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
535         (JSC::JSBigInt::absoluteBitwiseOp):
536         (JSC::JSBigInt::absoluteAddOne):
537         (JSC::JSBigInt::absoluteSubOne):
538         (JSC::JSBigInt::toStringGeneric):
539         (JSC::JSBigInt::rightTrim):
540         (JSC::JSBigInt::allocateFor):
541         (JSC::JSBigInt::createWithLength): Deleted.
542         * runtime/JSBigInt.h:
543         * runtime/Operations.cpp:
544         (JSC::jsAddSlowCase):
545         * runtime/Operations.h:
546         (JSC::jsSub):
547         (JSC::jsMul):
548
549 2018-11-12  Devin Rousso  <drousso@apple.com>
550
551         Web Inspector: Network: show secure certificate details per-request
552         https://bugs.webkit.org/show_bug.cgi?id=191447
553         <rdar://problem/30019476>
554
555         Reviewed by Joseph Pecoraro.
556
557         Add Security domain to hold security related protocol types.
558
559         * CMakeLists.txt:
560         * DerivedSources.make:
561         * inspector/protocol/Network.json:
562         * inspector/protocol/Security.json: Added.
563         * inspector/scripts/codegen/objc_generator.py:
564         (ObjCGenerator):
565
566 2018-11-12  Saam barati  <sbarati@apple.com>
567
568         Unreviewed. Rollout 238026: It caused ~8% JetStream 2 regressions on some iOS devices
569         https://bugs.webkit.org/show_bug.cgi?id=191555
570
571         * bytecode/UnlinkedFunctionExecutable.cpp:
572         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
573         * bytecode/UnlinkedFunctionExecutable.h:
574         * parser/SourceCodeKey.h:
575         (JSC::SourceCodeKey::SourceCodeKey):
576         (JSC::SourceCodeKey::operator== const):
577         * runtime/CodeCache.cpp:
578         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
579         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
580         * runtime/CodeCache.h:
581         * runtime/FunctionConstructor.cpp:
582         (JSC::constructFunctionSkippingEvalEnabledCheck):
583         * runtime/FunctionExecutable.cpp:
584         (JSC::FunctionExecutable::fromGlobalCode):
585         * runtime/FunctionExecutable.h:
586
587 2018-11-11  Benjamin Poulain  <benjamin@webkit.org>
588
589         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
590         https://bugs.webkit.org/show_bug.cgi?id=191492
591
592         Reviewed by Alex Christensen.
593
594         Rename file.
595
596         * API/JSValue.mm:
597
598 2018-11-10  Benjamin Poulain  <benjamin@webkit.org>
599
600         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
601         https://bugs.webkit.org/show_bug.cgi?id=191492
602
603         Reviewed by Alex Christensen.
604
605         * API/JSValue.mm:
606
607 2018-11-10  Michael Catanzaro  <mcatanzaro@igalia.com>
608
609         Unreviewed, silence -Wunused-variable warning
610
611         * bytecode/Opcode.h:
612         (JSC::padOpcodeName):
613
614 2018-11-09  Keith Rollin  <krollin@apple.com>
615
616         Unreviewed build fix after https://bugs.webkit.org/show_bug.cgi?id=191324
617
618         Remove the use of .xcfilelists until their side-effects are better
619         understood.
620
621         * JavaScriptCore.xcodeproj/project.pbxproj:
622
623 2018-11-09  Keith Miller  <keith_miller@apple.com>
624
625         LLInt VectorSizeOffset should be based on offset extraction
626         https://bugs.webkit.org/show_bug.cgi?id=191468
627
628         Reviewed by Yusuke Suzuki.
629
630         This patch also adds some usings to LLIntOffsetsExtractor that
631         make it possible to use the bare names of Vector/RefCountedArray
632         in offsets extraction.
633
634         * llint/LLIntOffsetsExtractor.cpp:
635         * llint/LowLevelInterpreter.asm:
636
637 2018-11-09  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
638
639         Unreviewed, rolling in CodeCache in r237254
640         https://bugs.webkit.org/show_bug.cgi?id=190340
641
642         Land the CodeCache part, which uses DefaultHash<>::Hash instead of computeHash.
643
644         * bytecode/UnlinkedFunctionExecutable.cpp:
645         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
646         * bytecode/UnlinkedFunctionExecutable.h:
647         * parser/SourceCodeKey.h:
648         (JSC::SourceCodeKey::SourceCodeKey):
649         (JSC::SourceCodeKey::operator== const):
650         * runtime/CodeCache.cpp:
651         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
652         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
653         * runtime/CodeCache.h:
654         * runtime/FunctionConstructor.cpp:
655         (JSC::constructFunctionSkippingEvalEnabledCheck):
656         * runtime/FunctionExecutable.cpp:
657         (JSC::FunctionExecutable::fromGlobalCode):
658         * runtime/FunctionExecutable.h:
659
660 2018-11-08  Keith Miller  <keith_miller@apple.com>
661
662         put_by_val opcodes need to add the number tag as a 64-bit register
663         https://bugs.webkit.org/show_bug.cgi?id=191456
664
665         Reviewed by Saam Barati.
666
667         Previously the LLInt would add it as a pointer sized value. That is
668         wrong if pointer size is less 64-bits.
669
670         * llint/LowLevelInterpreter64.asm:
671
672 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
673
674         [JSC] isStrWhiteSpace seems redundant with Lexer<UChar>::isWhiteSpace
675         https://bugs.webkit.org/show_bug.cgi?id=191439
676
677         Reviewed by Saam Barati.
678
679         * CMakeLists.txt:
680         * runtime/ParseInt.h:
681         (JSC::isStrWhiteSpace):
682         Define isStrWhiteSpace in terms of isWhiteSpace and isLineTerminator.
683
684 2018-11-08  Michael Saboff  <msaboff@apple.com>
685
686         Options::useRegExpJIT() should use jitEnabledByDefault() just like useJIT()
687         https://bugs.webkit.org/show_bug.cgi?id=191444
688
689         Reviewed by Saam Barati.
690
691         * runtime/Options.h:
692
693 2018-11-08  Fujii Hironori  <Hironori.Fujii@sony.com>
694
695         [Win] UDis86Disassembler.cpp: warning: format specifies type 'unsigned long' but the argument has type 'uintptr_t' (aka 'unsigned long long')
696         https://bugs.webkit.org/show_bug.cgi?id=191416
697
698         Reviewed by Saam Barati.
699
700         * disassembler/UDis86Disassembler.cpp:
701         (JSC::tryToDisassembleWithUDis86): Use PRIxPTR for uintptr_t.
702
703 2018-11-08  Keith Rollin  <krollin@apple.com>
704
705         Create .xcfilelist files
706         https://bugs.webkit.org/show_bug.cgi?id=191324
707         <rdar://problem/45852819>
708
709         Reviewed by Alex Christensen.
710
711         As part of preparing for enabling XCBuild, create and use .xcfilelist
712         files. These files are using during Run Script build phases in an
713         Xcode project. If a Run Script build phase produces new files that are
714         used later as inputs to subsequent build phases, XCBuild needs to know
715         about these files. These files can be either specified in an "output
716         files" section of the Run Script phase editor, or in .xcfilelist files
717         that are associated with the Run Script build phase.
718
719         This patch takes the second approach. It consists of three sets of changes:
720
721         - Modify the DerivedSources.make files to have a
722           'print_all_generated_files" target that produces a list of the files
723           they create.
724
725         - Create a shell script that produces .xcfilelist files from the
726           output of the previous step, as well as for the files created in the
727           Generate Unified Sources build steps.
728
729         - Add the new .xcfilelist files to the associated projects.
730
731         Note that, with these changes, the Xcode workspace and projects can no
732         longer be fully loaded into Xcode 9. Xcode will attempt to load the
733         projects that have .xcfilelist files associated with them, but will
734         fail and display a placeholder for those projects instead. It's
735         expected that all developers are using Xcode 10 by now and that not
736         being able to load into Xcode 9 is not a practical issue. Keep in mind
737         that this is strictly an IDE issue, and that the projects can still be
738         built with `xcodebuild`.
739
740         Also note that the shell script that creates the .xcfilelist files can
741         also be used to verify that the set of files that's currently checked
742         in is up-to-date. This checking can be used as part of a check-in hook
743         or part of check-webkit-style to sooner catch cases where the
744         .xcfilelist files need to be regenerated.
745
746         * DerivedSources.make:
747         * DerivedSources.xcfilelist: Added.
748         * JavaScriptCore.xcodeproj/project.pbxproj:
749         * UnifiedSources.xcfilelist: Added.
750
751 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
752
753         U+180E is no longer a whitespace character
754         https://bugs.webkit.org/show_bug.cgi?id=191415
755
756         Reviewed by Saam Barati.
757
758         Mongolian Vowel Separator stopped being a valid whitespace character as of ES2016.
759         (https://github.com/tc39/ecma262/pull/300)
760
761         * parser/Lexer.h:
762         (JSC::Lexer<UChar>::isWhiteSpace):
763         * runtime/ParseInt.h:
764         (JSC::isStrWhiteSpace):
765         * yarr/create_regex_tables:
766
767 2018-11-08  Keith Miller  <keith_miller@apple.com>
768
769         jitEnabledByDefault() should be on useJIT not useBaselineJIT
770         https://bugs.webkit.org/show_bug.cgi?id=191434
771
772         Reviewed by Saam Barati.
773
774         * runtime/Options.h:
775
776 2018-11-08  Joseph Pecoraro  <pecoraro@apple.com>
777
778         Web Inspector: Restrict domains at the target level instead of only at the window level
779         https://bugs.webkit.org/show_bug.cgi?id=191344
780
781         Reviewed by Devin Rousso.
782
783         * inspector/protocol/Console.json:
784         * inspector/protocol/Debugger.json:
785         * inspector/protocol/Heap.json:
786         * inspector/protocol/Runtime.json:
787         Remove workerSupported as it is now no longer necessary. It is implied
788         by availability being empty (meaning it is supported everywhere).
789
790         * inspector/protocol/Inspector.json:
791         * inspector/protocol/ScriptProfiler.json:
792         Restrict to "javascript" and "web" debuggables, not available in workers.
793
794         * inspector/protocol/Worker.json:
795         Cleanup, remove empty types list.
796         
797         * inspector/protocol/Recording.json:
798         Cleanup, only expose this in the "web" domain for now.
799
800         * inspector/scripts/codegen/generate_js_backend_commands.py:
801         (JSBackendCommandsGenerator.generate_domain):
802         * inspector/scripts/codegen/models.py:
803         (Protocol.parse_domain):
804         Allow a list of debuggable types. Add "worker" even though it is unused
805         since that is a type we would want to allow or consider.
806
807         (Domain.__init__):
808         (Domains):
809         Remove now unnecessary workerSupported code.
810         Allow availability on a domain with only types.
811
812         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Removed.
813         * inspector/scripts/tests/generic/worker-supported-domains.json: Removed.
814
815 2018-11-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
816
817         Consider removing double load for accessing the MetadataTable from LLInt
818         https://bugs.webkit.org/show_bug.cgi?id=190933
819
820         Reviewed by Keith Miller.
821
822         This patch removes double load for accesses to MetadataTable from LLInt.
823         MetadataTable is now specially RefCounted class, which has interesting memory layout.
824         When refcount becomes 0, MetadataTable asks UnlinkedMetadataTable to destroy itself.
825
826         * bytecode/CodeBlock.cpp:
827         (JSC::CodeBlock::finishCreation):
828         (JSC::CodeBlock::estimatedSize):
829         (JSC::CodeBlock::visitChildren):
830         * bytecode/CodeBlock.h:
831         (JSC::CodeBlock::metadata):
832         * bytecode/CodeBlockInlines.h:
833         (JSC::CodeBlock::forEachValueProfile):
834         (JSC::CodeBlock::forEachArrayProfile):
835         (JSC::CodeBlock::forEachArrayAllocationProfile):
836         (JSC::CodeBlock::forEachObjectAllocationProfile):
837         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
838         * bytecode/MetadataTable.cpp:
839         (JSC::MetadataTable::MetadataTable):
840         (JSC::MetadataTable::~MetadataTable):
841         (JSC::MetadataTable::sizeInBytes):
842         * bytecode/MetadataTable.h:
843         (JSC::MetadataTable::get):
844         (JSC::MetadataTable::forEach):
845         (JSC::MetadataTable::ref const):
846         (JSC::MetadataTable::deref const):
847         (JSC::MetadataTable::refCount const):
848         (JSC::MetadataTable::hasOneRef const):
849         (JSC::MetadataTable::buffer):
850         (JSC::MetadataTable::linkingData const):
851         (JSC::MetadataTable::getImpl):
852         * bytecode/UnlinkedMetadataTable.h:
853         (JSC::UnlinkedMetadataTable::buffer const):
854         * bytecode/UnlinkedMetadataTableInlines.h:
855         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
856         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
857         (JSC::UnlinkedMetadataTable::addEntry):
858         (JSC::UnlinkedMetadataTable::sizeInBytes):
859         (JSC::UnlinkedMetadataTable::finalize):
860         (JSC::UnlinkedMetadataTable::link):
861         (JSC::UnlinkedMetadataTable::unlink):
862         * llint/LowLevelInterpreter.asm:
863         * llint/LowLevelInterpreter32_64.asm:
864
865 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
866
867         [BigInt] Add support to BigInt into ValueAdd
868         https://bugs.webkit.org/show_bug.cgi?id=186177
869
870         Reviewed by Keith Miller.
871
872         We are adding a very primitive specialization case of BigInts into ValueAdd.
873         When compiling a speculated version of this node to BigInt, we are currently
874         calling 'operationAddBigInt', a function that expects only BigInts as
875         parameter and effectly add numbers using JSBigInt::add. To properly
876         speculate BigInt operands, we changed ArithProfile to observe when
877         its result is a BigInt. With this new observation, we are able to identify
878         when ValueAdd results into a String or BigInt.
879
880         Here are some numbers for this specialization running
881         microbenchmarks:
882
883         big-int-simple-add                   21.5411+-1.1096  ^  15.3502+-0.7027  ^ definitely 1.4033x faster
884         big-int-add-prediction-propagation   13.7762+-0.5578  ^  10.8117+-0.5330  ^ definitely 1.2742x faster
885
886         * bytecode/ArithProfile.cpp:
887         (JSC::ArithProfile::emitObserveResult):
888         (JSC::ArithProfile::shouldEmitSetNonNumeric const):
889         (JSC::ArithProfile::shouldEmitSetBigInt const):
890         (JSC::ArithProfile::emitSetNonNumeric const):
891         (JSC::ArithProfile::emitSetBigInt const):
892         (WTF::printInternal):
893         (JSC::ArithProfile::shouldEmitSetNonNumber const): Deleted.
894         (JSC::ArithProfile::emitSetNonNumber const): Deleted.
895         * bytecode/ArithProfile.h:
896         (JSC::ArithProfile::observedUnaryInt):
897         (JSC::ArithProfile::observedUnaryNumber):
898         (JSC::ArithProfile::observedBinaryIntInt):
899         (JSC::ArithProfile::observedBinaryNumberInt):
900         (JSC::ArithProfile::observedBinaryIntNumber):
901         (JSC::ArithProfile::observedBinaryNumberNumber):
902         (JSC::ArithProfile::didObserveNonInt32 const):
903         (JSC::ArithProfile::didObserveNonNumeric const):
904         (JSC::ArithProfile::didObserveBigInt const):
905         (JSC::ArithProfile::setObservedNonNumeric):
906         (JSC::ArithProfile::setObservedBigInt):
907         (JSC::ArithProfile::observeResult):
908         (JSC::ArithProfile::didObserveNonNumber const): Deleted.
909         (JSC::ArithProfile::setObservedNonNumber): Deleted.
910         * dfg/DFGByteCodeParser.cpp:
911         (JSC::DFG::ByteCodeParser::makeSafe):
912         * dfg/DFGFixupPhase.cpp:
913         (JSC::DFG::FixupPhase::fixupNode):
914         * dfg/DFGNode.h:
915         (JSC::DFG::Node::mayHaveNonNumericResult):
916         (JSC::DFG::Node::mayHaveBigIntResult):
917         (JSC::DFG::Node::mayHaveNonNumberResult): Deleted.
918         * dfg/DFGNodeFlags.cpp:
919         (JSC::DFG::dumpNodeFlags):
920         * dfg/DFGNodeFlags.h:
921         * dfg/DFGOperations.cpp:
922         * dfg/DFGOperations.h:
923         * dfg/DFGPredictionPropagationPhase.cpp:
924         * dfg/DFGSpeculativeJIT.cpp:
925         (JSC::DFG::SpeculativeJIT::compileValueAdd):
926         * ftl/FTLLowerDFGToB3.cpp:
927         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
928         * runtime/CommonSlowPaths.cpp:
929         (JSC::updateArithProfileForUnaryArithOp):
930         (JSC::updateArithProfileForBinaryArithOp):
931
932 2018-11-07  Joseph Pecoraro  <pecoraro@apple.com>
933
934         Web Inspector: Fix "Javascript" => "JavaScript" enum in protocol generated objects
935         https://bugs.webkit.org/show_bug.cgi?id=191340
936
937         Reviewed by Devin Rousso.
938
939         * inspector/ConsoleMessage.cpp:
940         (Inspector::messageSourceValue):
941         Use new enum name.
942
943         * inspector/scripts/codegen/generator.py:
944         Correct the casing of "JavaScript".
945
946 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
947
948         Align wide opcodes in the instruction stream
949         https://bugs.webkit.org/show_bug.cgi?id=191254
950
951         Reviewed by Keith Miller.
952
953         Pad the bytecode with nops to ensure that wide opcodes are 4-byte
954         aligned on platforms that don't like unaligned memory access.
955
956         For that, add a new type to represent jump targets, BoundLabel, which
957         delays computing the offset in case we need to emit nops for padding.
958         Extra padding is also emitted before op_yield and at the of each
959         BytecodeWriter fragment, to ensure that the bytecode remains aligned
960         after the rewriting.
961
962         As a side effect, we can longer guarantee that the point immediately
963         before emitting an opcode is the start of that opcode, since nops
964         might be emitted in between if the opcode needs to be wide. To fix
965         that, we only take the offset of opcodes after they have been emitted,
966         using `m_lastInstruction.offset()`.
967
968         * bytecode/BytecodeDumper.h:
969         (JSC::BytecodeDumper::dumpValue):
970         * bytecode/BytecodeGeneratorification.cpp:
971         (JSC::BytecodeGeneratorification::run):
972         * bytecode/BytecodeList.rb:
973         * bytecode/BytecodeRewriter.h:
974         (JSC::BytecodeRewriter::Fragment::align):
975         (JSC::BytecodeRewriter::insertFragmentBefore):
976         (JSC::BytecodeRewriter::insertFragmentAfter):
977         * bytecode/Fits.h:
978         * bytecode/InstructionStream.h:
979         (JSC::InstructionStreamWriter::ref):
980         * bytecode/PreciseJumpTargetsInlines.h:
981         (JSC::updateStoredJumpTargetsForInstruction):
982         * bytecompiler/BytecodeGenerator.cpp:
983         (JSC::Label::setLocation):
984         (JSC::BoundLabel::target):
985         (JSC::BoundLabel::saveTarget):
986         (JSC::BoundLabel::commitTarget):
987         (JSC::BytecodeGenerator::generate):
988         (JSC::BytecodeGenerator::recordOpcode):
989         (JSC::BytecodeGenerator::alignWideOpcode):
990         (JSC::BytecodeGenerator::emitProfileControlFlow):
991         (JSC::BytecodeGenerator::emitResolveScope):
992         (JSC::BytecodeGenerator::emitGetFromScope):
993         (JSC::BytecodeGenerator::emitPutToScope):
994         (JSC::BytecodeGenerator::emitGetById):
995         (JSC::BytecodeGenerator::emitDirectGetById):
996         (JSC::BytecodeGenerator::emitPutById):
997         (JSC::BytecodeGenerator::emitDirectPutById):
998         (JSC::BytecodeGenerator::emitGetByVal):
999         (JSC::BytecodeGenerator::emitCreateThis):
1000         (JSC::BytecodeGenerator::beginSwitch):
1001         (JSC::BytecodeGenerator::endSwitch):
1002         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1003         (JSC::BytecodeGenerator::emitYieldPoint):
1004         (JSC::BytecodeGenerator::emitToThis):
1005         (JSC::Label::bind): Deleted.
1006         * bytecompiler/BytecodeGenerator.h:
1007         (JSC::BytecodeGenerator::recordOpcode): Deleted.
1008         * bytecompiler/Label.h:
1009         (JSC::BoundLabel::BoundLabel):
1010         (JSC::BoundLabel::operator int):
1011         (JSC::Label::bind):
1012         * generator/Opcode.rb:
1013
1014 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
1015
1016         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
1017         https://bugs.webkit.org/show_bug.cgi?id=191184
1018
1019         Reviewed by Saam Barati.
1020
1021         Fix API test on CLoop: we can only disable the LLInt when the JIT is enabled.
1022
1023         * API/tests/PingPongStackOverflowTest.cpp:
1024         (testPingPongStackOverflow):
1025
1026 2018-11-06  Justin Fan  <justin_fan@apple.com>
1027
1028         [WebGPU] Experimental prototype for WebGPURenderPipeline and WebGPUSwapChain
1029         https://bugs.webkit.org/show_bug.cgi?id=191291
1030
1031         Reviewed by Myles Maxfield.
1032
1033         Properly disable WEBGPU on all non-Metal platforms for now.
1034
1035         * Configurations/FeatureDefines.xcconfig:
1036
1037 2018-11-06  Keith Rollin  <krollin@apple.com>
1038
1039         Adjust handling of Include paths that need quoting
1040         https://bugs.webkit.org/show_bug.cgi?id=191314
1041         <rdar://problem/45849143>
1042
1043         Reviewed by Dan Bernstein.
1044
1045         There are several places in the JavaScriptCore Xcode project where the
1046         paths defined in HEADER_SEARCH_PATHS are quoted. That is, the
1047         definitions look like:
1048
1049             HEADER_SEARCH_PATHS = (
1050                 "\"${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore\"",
1051                 "\"${BUILT_PRODUCTS_DIR}/LLIntOffsets/${ARCHS}\"",
1052                 "\"$(JAVASCRIPTCORE_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders\"",
1053                 "$(inherited)",
1054             );
1055
1056         The idea here is presumably to have the resulting $(CPP) command have
1057         -I options where the associated paths are themselves quoted,
1058         protecting against space characters in the paths.
1059
1060         This approach to quote management can break under Xcode 9. If
1061         .xcfilelist files are added to the project, the 'objectVersion' value
1062         in the Xcode project file is changed from 46 to 51. If a project with
1063         objectVersion=51 is presented to Xcode 9 (as can happen when we build
1064         for older OS's), it produces build lines where the quotes are escaped,
1065         thereby becoming part of the path. The build then fails because a
1066         search for a file normally found in a directory called "Foo" will be
1067         looked for in "\"Foo\"", which doesn't exist.
1068
1069         Simply removing the escaped quotes from the HEADER_SEARCH_PATHS
1070         definition doesn't work, leading to paths that need quoting due to
1071         space characters but that don't get this quoting (the part of the path
1072         after the space appears to simply go missing).
1073
1074         Removing the escaped quotes from the HEADER_SEARCH_PATHS and moving
1075         the definitions to the .xcconfig fixes this problem.
1076
1077         * Configurations/ToolExecutable.xcconfig:
1078         * JavaScriptCore.xcodeproj/project.pbxproj:
1079
1080 2018-11-06  Michael Saboff  <msaboff@apple.com>
1081
1082         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
1083         https://bugs.webkit.org/show_bug.cgi?id=191271
1084
1085         Reviewed by Saam Barati.
1086
1087         Fixed use of ThrowScope my adding release() calls.  Found a few places where we needed
1088         RETURN_IF_EXCEPTION().  After some code inspections determined that we need to cover the
1089         exception bubbling for String.match() with a global RegExp as well as String.replace()
1090         and String.search().
1091
1092         * runtime/RegExpObjectInlines.h:
1093         (JSC::RegExpObject::matchInline):
1094         (JSC::collectMatches):
1095         * runtime/RegExpPrototype.cpp:
1096         (JSC::regExpProtoFuncSearchFast):
1097         * runtime/StringPrototype.cpp:
1098         (JSC::removeUsingRegExpSearch):
1099         (JSC::replaceUsingRegExpSearch):
1100
1101 2018-11-05  Don Olmstead  <don.olmstead@sony.com>
1102
1103         Fix typos in closing ENABLE guards
1104         https://bugs.webkit.org/show_bug.cgi?id=191273
1105
1106         Reviewed by Keith Miller.
1107
1108         * ftl/FTLForOSREntryJITCode.h:
1109         * ftl/FTLJITCode.h:
1110         * jsc.cpp:
1111         * wasm/WasmMemoryInformation.h:
1112         * wasm/WasmPageCount.h:
1113
1114 2018-11-05  Keith Miller  <keith_miller@apple.com>
1115
1116         Make static_asserts in APICast into bitwise_cast
1117         https://bugs.webkit.org/show_bug.cgi?id=191272
1118
1119         Reviewed by Filip Pizlo.
1120
1121         * API/APICast.h:
1122         (toJS):
1123         (toJSForGC):
1124         (toRef):
1125
1126 2018-11-05  Dominik Infuehr  <dinfuehr@igalia.com>
1127
1128         Enable LLInt on ARMv7/Linux
1129         https://bugs.webkit.org/show_bug.cgi?id=191190
1130
1131         Reviewed by Yusuke Suzuki.
1132
1133         After enabling the new bytecode format in r237547, C_LOOP was
1134         forced on all 32-bit platforms. Now enable LLInt again on
1135         ARMv7-Thumb2/Linux.
1136
1137         This adds a callee-saved register in ARMv7/Linux for the metadataTable and
1138         stores/restores it on LLInt function calls. It also introduces the globaladdr-
1139         instruction for the ARM-offlineasm to access the opcode-table.
1140
1141         * jit/GPRInfo.h:
1142         * jit/RegisterSet.cpp:
1143         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
1144         * llint/LowLevelInterpreter.asm:
1145         * llint/LowLevelInterpreter32_64.asm:
1146         * offlineasm/arm.rb:
1147         * offlineasm/asm.rb:
1148         * offlineasm/instructions.rb:
1149
1150 2018-11-05  Fujii Hironori  <Hironori.Fujii@sony.com>
1151
1152         [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class"
1153         https://bugs.webkit.org/show_bug.cgi?id=191146
1154
1155         Reviewed by Yusuke Suzuki.
1156
1157         * jit/JIT.h: Changed is64BitType from a template class method to a
1158         template inner class.
1159
1160 2018-11-02  Keith Miller  <keith_miller@apple.com>
1161
1162         Assert JSValues can fit into a pointer when API casting
1163         https://bugs.webkit.org/show_bug.cgi?id=191220
1164
1165         Reviewed by Michael Saboff.
1166
1167         * API/APICast.h:
1168         (toJS):
1169         (toJSForGC):
1170         (toRef):
1171
1172 2018-11-02  Michael Saboff  <msaboff@apple.com>
1173
1174         Rolling in r237753 with unreviewed build fix.
1175
1176         Fixed issues with DECLARE_THROW_SCOPE placement.
1177
1178 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
1179
1180         Unreviewed, rolling out r237753.
1181
1182         Introduced JSC test failures
1183
1184         Reverted changeset:
1185
1186         "Running out of stack space not properly handled in
1187         RegExp::compile() and its callers"
1188         https://bugs.webkit.org/show_bug.cgi?id=191206
1189         https://trac.webkit.org/changeset/237753
1190
1191 2018-11-02  Michael Saboff  <msaboff@apple.com>
1192
1193         Running out of stack space not properly handled in RegExp::compile() and its callers
1194         https://bugs.webkit.org/show_bug.cgi?id=191206
1195
1196         Reviewed by Filip Pizlo.
1197
1198         Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
1199         up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
1200         to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.
1201
1202         * runtime/RegExp.cpp:
1203         (JSC::RegExp::compile):
1204         (JSC::RegExp::compileMatchOnly):
1205         * runtime/RegExp.h:
1206         * runtime/RegExpInlines.h:
1207         (JSC::RegExp::compileIfNecessary):
1208         (JSC::RegExp::matchInline):
1209         (JSC::RegExp::compileIfNecessaryMatchOnly):
1210         * runtime/RegExpObjectInlines.h:
1211         (JSC::RegExpObject::execInline):
1212         * yarr/YarrErrorCode.h:
1213         (JSC::Yarr::hasHardError):
1214
1215 2018-11-02  Keith Miller  <keith_miller@apple.com>
1216
1217         API should use wrapper object if address is 32-bit
1218         https://bugs.webkit.org/show_bug.cgi?id=191203
1219
1220         Reviewed by Filip Pizlo.
1221
1222         * API/APICast.h:
1223         (toJS):
1224         (toJSForGC):
1225         (toRef):
1226
1227 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
1228
1229         Metadata should not be copyable
1230         https://bugs.webkit.org/show_bug.cgi?id=191193
1231
1232         Reviewed by Keith Miller.
1233
1234         We should only ever hold references to the entry in the metadata table.
1235
1236         * bytecode/CodeBlock.cpp:
1237         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1238         * dfg/DFGByteCodeParser.cpp:
1239         (JSC::DFG::ByteCodeParser::parseBlock):
1240         * generator/Metadata.rb:
1241
1242 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
1243
1244         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
1245         https://bugs.webkit.org/show_bug.cgi?id=191175
1246
1247         Reviewed by Keith Miller.
1248
1249         https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled
1250
1251         * jit/JITExceptions.cpp:
1252         (JSC::genericUnwind):
1253         * llint/LLIntData.h:
1254         (JSC::LLInt::getWideCodePtr):
1255
1256 2018-11-01  Fujii Hironori  <Hironori.Fujii@sony.com>
1257
1258         Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h
1259         https://bugs.webkit.org/show_bug.cgi?id=189693
1260
1261         Reviewed by Yusuke Suzuki.
1262
1263         * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>.
1264         * API/JSStringRef.cpp: Ditto.
1265         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
1266         * wasm/WasmParser.h: Ditto.
1267
1268 2018-11-01  Keith Miller  <keith_miller@apple.com>
1269
1270         Unreviewed, JavaScriptCore should only guarantee to produce a
1271         modulemap if we are building for iOSMac.
1272
1273         * Configurations/JavaScriptCore.xcconfig:
1274
1275 2018-10-31  Devin Rousso  <drousso@apple.com>
1276
1277         Web Inspector: Canvas: create a setting for auto-recording newly created contexts
1278         https://bugs.webkit.org/show_bug.cgi?id=190856
1279
1280         Reviewed by Brian Burg.
1281
1282         * inspector/protocol/Canvas.json:
1283         Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record
1284         immediately after a context is created.
1285
1286         * inspector/protocol/Recording.json:
1287         Add `creation` value for `Initiator` enum.
1288
1289 2018-10-31  Devin Rousso  <drousso@apple.com>
1290
1291         Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls
1292         https://bugs.webkit.org/show_bug.cgi?id=190641
1293         <rdar://problem/45319049>
1294
1295         Reviewed by Joseph Pecoraro.
1296
1297         * inspector/protocol/DOM.json:
1298         Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine
1299         whether a video element's low power state has changed.
1300
1301 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1302
1303         Adjust inlining threshold for new bytecode format
1304         https://bugs.webkit.org/show_bug.cgi?id=191115
1305
1306         Reviewed by Saam Barati.
1307
1308         The new format reduced the number of operands for many opcodes, which
1309         changed inlining decisions and impacted performance negatively.
1310
1311         * runtime/Options.h:
1312
1313 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
1314
1315         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
1316         https://bugs.webkit.org/show_bug.cgi?id=191108
1317         <rdar://problem/45690700>
1318
1319         Reviewed by Saam Barati.
1320
1321         When linking the handler, we need to check whether the target op_catch is
1322         wide or narrow in order to chose the right code pointer for the handler.
1323
1324         * bytecode/CodeBlock.cpp:
1325         (JSC::CodeBlock::finishCreation):
1326
1327 2018-10-31  Dominik Infuehr  <dinfuehr@igalia.com>
1328
1329         Align entries in metadata table
1330         https://bugs.webkit.org/show_bug.cgi?id=191062
1331
1332         Reviewed by Filip Pizlo.
1333
1334         Entries in the metadata table need to be aligned on some 32-bit
1335         architectures.
1336
1337         * bytecode/MetadataTable.h:
1338         (JSC::MetadataTable::forEach):
1339         * bytecode/Opcode.cpp:
1340         (JSC::metadataAlignment):
1341         * bytecode/Opcode.h:
1342         * bytecode/UnlinkedMetadataTableInlines.h:
1343         (JSC::UnlinkedMetadataTable::finalize):
1344         * generator/Section.rb:
1345
1346 2018-10-31  Jim Mason  <jmason@ibinx.com>
1347
1348         Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp
1349         https://bugs.webkit.org/show_bug.cgi?id=191063
1350
1351         Reviewed by Yusuke Suzuki.
1352
1353         * wasm/WasmFaultSignalHandler.cpp:
1354
1355 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1356
1357         [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions
1358         https://bugs.webkit.org/show_bug.cgi?id=191092
1359
1360         Reviewed by Saam Barati.
1361
1362         Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the
1363         following things to tighten LLInt ASM code.
1364
1365         1. Remove unnecessary load instructions. Use jmp with BaseIndex directly.
1366         2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical
1367         since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is
1368         a power of two, we convert it to lshift instruction.
1369
1370         * llint/LowLevelInterpreter32_64.asm:
1371         * llint/LowLevelInterpreter64.asm:
1372         * offlineasm/arm64.rb:
1373         * offlineasm/instructions.rb:
1374         * offlineasm/x86.rb:
1375
1376 2018-10-30  Don Olmstead  <don.olmstead@sony.com>
1377
1378         [PlayStation] Enable JavaScriptCore
1379         https://bugs.webkit.org/show_bug.cgi?id=191072
1380
1381         Reviewed by Brent Fulgham.
1382
1383         Add platform files for the PlayStation port.
1384
1385         * PlatformPlayStation.cmake: Added.
1386
1387 2018-10-30  Alexey Proskuryakov  <ap@apple.com>
1388
1389         Clean up some obsolete MAX_ALLOWED macros
1390         https://bugs.webkit.org/show_bug.cgi?id=190916
1391
1392         Reviewed by Tim Horton.
1393
1394         * API/JSManagedValue.mm:
1395         * API/JSVirtualMachine.mm:
1396         * API/JSWrapperMap.mm:
1397
1398 2018-10-30  Ross Kirsling  <ross.kirsling@sony.com>
1399
1400         useProbeOSRExit causes failures for Win64 DFG JIT
1401         https://bugs.webkit.org/show_bug.cgi?id=190656
1402
1403         Reviewed by Keith Miller.
1404
1405         * assembler/ProbeContext.cpp:
1406         (JSC::Probe::executeProbe):
1407         If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
1408         then let's just call lowWatermarkFromVisitingDirtyPages instead.
1409
1410         * dfg/DFGOSRExit.cpp:
1411         (JSC::DFG::OSRExit::executeOSRExit):
1412         The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
1413         mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
1414         (Also, stop redundantly setting the stack pointer twice in a row.)
1415
1416 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1417
1418         "Unreviewed, partial rolling in r237254"
1419         https://bugs.webkit.org/show_bug.cgi?id=190340
1420
1421         This only adds Parser.{cpp,h}. And it is not used in this patch.
1422         It examines that the regression is related to exact Parser changes.
1423
1424         * parser/Parser.cpp:
1425         (JSC::Parser<LexerType>::parseInner):
1426         (JSC::Parser<LexerType>::parseSingleFunction):
1427         (JSC::Parser<LexerType>::parseFunctionInfo):
1428         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1429         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
1430         * parser/Parser.h:
1431         (JSC::Parser<LexerType>::parse):
1432         (JSC::parse):
1433         (JSC::parseFunctionForFunctionConstructor):
1434
1435 2018-10-29  Mark Lam  <mark.lam@apple.com>
1436
1437         Correctly detect string overflow when using the 'Function' constructor.
1438         https://bugs.webkit.org/show_bug.cgi?id=184883
1439         <rdar://problem/36320331>
1440
1441         Reviewed by Saam Barati.
1442
1443         Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if
1444         we detect an overflow.
1445
1446         * runtime/FunctionConstructor.cpp:
1447         (JSC::constructFunctionSkippingEvalEnabledCheck):
1448         * runtime/JSGlobalObjectFunctions.cpp:
1449         (JSC::encode):
1450         (JSC::decode):
1451         * runtime/JSONObject.cpp:
1452         (JSC::Stringifier::stringify):
1453         (JSC::Stringifier::appendStringifiedValue):
1454
1455 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1456
1457         Unreviewed, fix JSC on arm64e after r237547
1458         https://bugs.webkit.org/show_bug.cgi?id=187373
1459
1460         Unreviewed.
1461
1462         Remove unused move guarded by POINTER_PROFILING that was trashing the
1463         metadata on arm64e.
1464
1465         * llint/LowLevelInterpreter64.asm:
1466
1467 2018-10-29  Keith Miller  <keith_miller@apple.com>
1468
1469         JSC should explicitly list its modulemap file
1470         https://bugs.webkit.org/show_bug.cgi?id=191032
1471
1472         Reviewed by Saam Barati.
1473
1474         The automagically generated module map file for JSC will
1475         include headers where they may not work out of the box.
1476         This patch makes it so we now export the same modulemap
1477         that used to be provided via the legacy system.
1478
1479         * Configurations/JavaScriptCore.xcconfig:
1480         * JavaScriptCore.modulemap: Added.
1481         * JavaScriptCore.xcodeproj/project.pbxproj:
1482
1483 2018-10-29  Tim Horton  <timothy_horton@apple.com>
1484
1485         Modernize WebKit nibs and lprojs for localization's sake
1486         https://bugs.webkit.org/show_bug.cgi?id=190911
1487         <rdar://problem/45349466>
1488
1489         Reviewed by Dan Bernstein.
1490
1491         * JavaScriptCore.xcodeproj/project.pbxproj:
1492         English->en
1493
1494 2018-10-29  Commit Queue  <commit-queue@webkit.org>
1495
1496         Unreviewed, rolling out r237492.
1497         https://bugs.webkit.org/show_bug.cgi?id=191035
1498
1499         "It regresses JetStream 2 by 5% on some iOS devices"
1500         (Requested by saamyjoon on #webkit).
1501
1502         Reverted changeset:
1503
1504         "Unreviewed, partial rolling in r237254"
1505         https://bugs.webkit.org/show_bug.cgi?id=190340
1506         https://trac.webkit.org/changeset/237492
1507
1508 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1509
1510         Add support for GetStack FlushedDouble
1511         https://bugs.webkit.org/show_bug.cgi?id=191012
1512         <rdar://problem/45265141>
1513
1514         Reviewed by Saam Barati.
1515
1516         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
1517         for doubles, but it turns out it may arise from the PutStack sinking
1518         phase: if we sink a PutStack into a successor block, other predecessors
1519         will emit a GetStack followed by a Upsilon.
1520
1521         * ftl/FTLLowerDFGToB3.cpp:
1522         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
1523
1524 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1525
1526         New bytecode format for JSC
1527         https://bugs.webkit.org/show_bug.cgi?id=187373
1528         <rdar://problem/44186758>
1529
1530         Reviewed by Filip Pizlo.
1531
1532         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
1533         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
1534         operands) and might contain an extra operand, the metadataID. The metadataID is used to
1535         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
1536
1537         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
1538         and types to all its operands. Additionally, reading a bytecode from the instruction stream
1539         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
1540         operands directly from the stream.
1541
1542
1543         * CMakeLists.txt:
1544         * DerivedSources.make:
1545         * JavaScriptCore.xcodeproj/project.pbxproj:
1546         * Sources.txt:
1547         * assembler/MacroAssemblerCodeRef.h:
1548         (JSC::ReturnAddressPtr::ReturnAddressPtr):
1549         (JSC::ReturnAddressPtr::value const):
1550         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
1551         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
1552         * bytecode/ArithProfile.h:
1553         (JSC::ArithProfile::ArithProfile):
1554         * bytecode/ArrayAllocationProfile.h:
1555         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
1556         * bytecode/ArrayProfile.h:
1557         * bytecode/BytecodeBasicBlock.cpp:
1558         (JSC::isJumpTarget):
1559         (JSC::BytecodeBasicBlock::computeImpl):
1560         (JSC::BytecodeBasicBlock::compute):
1561         * bytecode/BytecodeBasicBlock.h:
1562         (JSC::BytecodeBasicBlock::leaderOffset const):
1563         (JSC::BytecodeBasicBlock::totalLength const):
1564         (JSC::BytecodeBasicBlock::offsets const):
1565         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
1566         (JSC::BytecodeBasicBlock::addLength):
1567         * bytecode/BytecodeDumper.cpp:
1568         (JSC::BytecodeDumper<Block>::printLocationAndOp):
1569         (JSC::BytecodeDumper<Block>::dumpBytecode):
1570         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
1571         (JSC::BytecodeDumper<Block>::dumpConstants):
1572         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
1573         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
1574         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
1575         (JSC::BytecodeDumper<Block>::dumpBlock):
1576         * bytecode/BytecodeDumper.h:
1577         (JSC::BytecodeDumper::dumpOperand):
1578         (JSC::BytecodeDumper::dumpValue):
1579         (JSC::BytecodeDumper::BytecodeDumper):
1580         (JSC::BytecodeDumper::block const):
1581         * bytecode/BytecodeGeneratorification.cpp:
1582         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
1583         (JSC::BytecodeGeneratorification::enterPoint const):
1584         (JSC::BytecodeGeneratorification::instructions const):
1585         (JSC::GeneratorLivenessAnalysis::run):
1586         (JSC::BytecodeGeneratorification::run):
1587         (JSC::performGeneratorification):
1588         * bytecode/BytecodeGeneratorification.h:
1589         * bytecode/BytecodeGraph.h:
1590         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
1591         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
1592         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
1593         (JSC::BytecodeGraph::BytecodeGraph):
1594         * bytecode/BytecodeKills.h:
1595         * bytecode/BytecodeList.json: Removed.
1596         * bytecode/BytecodeList.rb: Added.
1597         * bytecode/BytecodeLivenessAnalysis.cpp:
1598         (JSC::BytecodeLivenessAnalysis::dumpResults):
1599         * bytecode/BytecodeLivenessAnalysis.h:
1600         * bytecode/BytecodeLivenessAnalysisInlines.h:
1601         (JSC::isValidRegisterForLiveness):
1602         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
1603         * bytecode/BytecodeRewriter.cpp:
1604         (JSC::BytecodeRewriter::applyModification):
1605         (JSC::BytecodeRewriter::execute):
1606         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
1607         (JSC::BytecodeRewriter::insertImpl):
1608         (JSC::BytecodeRewriter::adjustJumpTarget):
1609         (JSC::BytecodeRewriter::adjustJumpTargets):
1610         * bytecode/BytecodeRewriter.h:
1611         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
1612         (JSC::BytecodeRewriter::Fragment::Fragment):
1613         (JSC::BytecodeRewriter::Fragment::appendInstruction):
1614         (JSC::BytecodeRewriter::BytecodeRewriter):
1615         (JSC::BytecodeRewriter::insertFragmentBefore):
1616         (JSC::BytecodeRewriter::insertFragmentAfter):
1617         (JSC::BytecodeRewriter::removeBytecode):
1618         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
1619         (JSC::BytecodeRewriter::adjustJumpTarget):
1620         * bytecode/BytecodeUseDef.h:
1621         (JSC::computeUsesForBytecodeOffset):
1622         (JSC::computeDefsForBytecodeOffset):
1623         * bytecode/CallLinkStatus.cpp:
1624         (JSC::CallLinkStatus::computeFromLLInt):
1625         * bytecode/CodeBlock.cpp:
1626         (JSC::CodeBlock::dumpBytecode):
1627         (JSC::CodeBlock::CodeBlock):
1628         (JSC::CodeBlock::finishCreation):
1629         (JSC::CodeBlock::estimatedSize):
1630         (JSC::CodeBlock::visitChildren):
1631         (JSC::CodeBlock::propagateTransitions):
1632         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1633         (JSC::CodeBlock::addJITAddIC):
1634         (JSC::CodeBlock::addJITMulIC):
1635         (JSC::CodeBlock::addJITSubIC):
1636         (JSC::CodeBlock::addJITNegIC):
1637         (JSC::CodeBlock::stronglyVisitStrongReferences):
1638         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
1639         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
1640         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
1641         (JSC::CodeBlock::getArrayProfile):
1642         (JSC::CodeBlock::updateAllArrayPredictions):
1643         (JSC::CodeBlock::predictedMachineCodeSize):
1644         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
1645         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
1646         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1647         (JSC::CodeBlock::validate):
1648         (JSC::CodeBlock::outOfLineJumpOffset):
1649         (JSC::CodeBlock::outOfLineJumpTarget):
1650         (JSC::CodeBlock::arithProfileForBytecodeOffset):
1651         (JSC::CodeBlock::arithProfileForPC):
1652         (JSC::CodeBlock::couldTakeSpecialFastCase):
1653         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1654         * bytecode/CodeBlock.h:
1655         (JSC::CodeBlock::addMathIC):
1656         (JSC::CodeBlock::outOfLineJumpOffset):
1657         (JSC::CodeBlock::bytecodeOffset):
1658         (JSC::CodeBlock::instructions const):
1659         (JSC::CodeBlock::instructionCount const):
1660         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1661         (JSC::CodeBlock::metadata):
1662         (JSC::CodeBlock::metadataSizeInBytes):
1663         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
1664         (JSC::CodeBlock::totalNumberOfValueProfiles):
1665         * bytecode/CodeBlockInlines.h: Added.
1666         (JSC::CodeBlock::forEachValueProfile):
1667         (JSC::CodeBlock::forEachArrayProfile):
1668         (JSC::CodeBlock::forEachArrayAllocationProfile):
1669         (JSC::CodeBlock::forEachObjectAllocationProfile):
1670         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
1671         * bytecode/Fits.h: Added.
1672         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1673         * bytecode/GetByIdStatus.cpp:
1674         (JSC::GetByIdStatus::computeFromLLInt):
1675         * bytecode/Instruction.h:
1676         (JSC::Instruction::Instruction):
1677         (JSC::Instruction::Impl::opcodeID const):
1678         (JSC::Instruction::opcodeID const):
1679         (JSC::Instruction::name const):
1680         (JSC::Instruction::isWide const):
1681         (JSC::Instruction::size const):
1682         (JSC::Instruction::is const):
1683         (JSC::Instruction::as const):
1684         (JSC::Instruction::cast):
1685         (JSC::Instruction::cast const):
1686         (JSC::Instruction::narrow const):
1687         (JSC::Instruction::wide const):
1688         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1689         (JSC::InstructionStream::InstructionStream):
1690         (JSC::InstructionStream::sizeInBytes const):
1691         * bytecode/InstructionStream.h: Added.
1692         (JSC::InstructionStream::BaseRef::BaseRef):
1693         (JSC::InstructionStream::BaseRef::operator=):
1694         (JSC::InstructionStream::BaseRef::operator-> const):
1695         (JSC::InstructionStream::BaseRef::ptr const):
1696         (JSC::InstructionStream::BaseRef::operator!= const):
1697         (JSC::InstructionStream::BaseRef::next const):
1698         (JSC::InstructionStream::BaseRef::offset const):
1699         (JSC::InstructionStream::BaseRef::isValid const):
1700         (JSC::InstructionStream::BaseRef::unwrap const):
1701         (JSC::InstructionStream::MutableRef::freeze const):
1702         (JSC::InstructionStream::MutableRef::operator->):
1703         (JSC::InstructionStream::MutableRef::ptr):
1704         (JSC::InstructionStream::MutableRef::operator Ref):
1705         (JSC::InstructionStream::MutableRef::unwrap):
1706         (JSC::InstructionStream::iterator::operator*):
1707         (JSC::InstructionStream::iterator::operator++):
1708         (JSC::InstructionStream::begin const):
1709         (JSC::InstructionStream::end const):
1710         (JSC::InstructionStream::at const):
1711         (JSC::InstructionStream::size const):
1712         (JSC::InstructionStreamWriter::InstructionStreamWriter):
1713         (JSC::InstructionStreamWriter::ref):
1714         (JSC::InstructionStreamWriter::seek):
1715         (JSC::InstructionStreamWriter::position):
1716         (JSC::InstructionStreamWriter::write):
1717         (JSC::InstructionStreamWriter::rewind):
1718         (JSC::InstructionStreamWriter::finalize):
1719         (JSC::InstructionStreamWriter::swap):
1720         (JSC::InstructionStreamWriter::iterator::operator*):
1721         (JSC::InstructionStreamWriter::iterator::operator++):
1722         (JSC::InstructionStreamWriter::begin):
1723         (JSC::InstructionStreamWriter::end):
1724         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
1725         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
1726         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
1727         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
1728         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
1729         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1730         (JSC::MetadataTable::MetadataTable):
1731         (JSC::DeallocTable::withOpcodeType):
1732         (JSC::MetadataTable::~MetadataTable):
1733         (JSC::MetadataTable::sizeInBytes):
1734         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
1735         (JSC::MetadataTable::get):
1736         (JSC::MetadataTable::forEach):
1737         (JSC::MetadataTable::getImpl):
1738         * bytecode/Opcode.cpp:
1739         (JSC::metadataSize):
1740         * bytecode/Opcode.h:
1741         (JSC::padOpcodeName):
1742         * bytecode/OpcodeInlines.h:
1743         (JSC::isOpcodeShape):
1744         (JSC::getOpcodeType):
1745         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1746         * bytecode/PreciseJumpTargets.cpp:
1747         (JSC::getJumpTargetsForInstruction):
1748         (JSC::computePreciseJumpTargetsInternal):
1749         (JSC::computePreciseJumpTargets):
1750         (JSC::recomputePreciseJumpTargets):
1751         (JSC::findJumpTargetsForInstruction):
1752         * bytecode/PreciseJumpTargets.h:
1753         * bytecode/PreciseJumpTargetsInlines.h:
1754         (JSC::jumpTargetForInstruction):
1755         (JSC::extractStoredJumpTargetsForInstruction):
1756         (JSC::updateStoredJumpTargetsForInstruction):
1757         * bytecode/PutByIdStatus.cpp:
1758         (JSC::PutByIdStatus::computeFromLLInt):
1759         * bytecode/SpecialPointer.cpp:
1760         (WTF::printInternal):
1761         * bytecode/SpecialPointer.h:
1762         * bytecode/UnlinkedCodeBlock.cpp:
1763         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1764         (JSC::UnlinkedCodeBlock::visitChildren):
1765         (JSC::UnlinkedCodeBlock::estimatedSize):
1766         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1767         (JSC::dumpLineColumnEntry):
1768         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
1769         (JSC::UnlinkedCodeBlock::setInstructions):
1770         (JSC::UnlinkedCodeBlock::instructions const):
1771         (JSC::UnlinkedCodeBlock::applyModification):
1772         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
1773         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1774         * bytecode/UnlinkedCodeBlock.h:
1775         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
1776         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
1777         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
1778         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
1779         (JSC::UnlinkedCodeBlock::metadata):
1780         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
1781         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1782         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
1783         * bytecode/UnlinkedInstructionStream.cpp: Removed.
1784         * bytecode/UnlinkedInstructionStream.h: Removed.
1785         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1786         * bytecode/UnlinkedMetadataTableInlines.h: Added.
1787         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1788         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
1789         (JSC::UnlinkedMetadataTable::addEntry):
1790         (JSC::UnlinkedMetadataTable::sizeInBytes):
1791         (JSC::UnlinkedMetadataTable::finalize):
1792         (JSC::UnlinkedMetadataTable::link):
1793         (JSC::UnlinkedMetadataTable::unlink):
1794         * bytecode/VirtualRegister.cpp:
1795         (JSC::VirtualRegister::VirtualRegister):
1796         * bytecode/VirtualRegister.h:
1797         * bytecompiler/BytecodeGenerator.cpp:
1798         (JSC::Label::setLocation):
1799         (JSC::Label::bind):
1800         (JSC::BytecodeGenerator::generate):
1801         (JSC::BytecodeGenerator::BytecodeGenerator):
1802         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
1803         (JSC::BytecodeGenerator::emitEnter):
1804         (JSC::BytecodeGenerator::emitLoopHint):
1805         (JSC::BytecodeGenerator::emitJump):
1806         (JSC::BytecodeGenerator::emitCheckTraps):
1807         (JSC::BytecodeGenerator::rewind):
1808         (JSC::BytecodeGenerator::fuseCompareAndJump):
1809         (JSC::BytecodeGenerator::fuseTestAndJmp):
1810         (JSC::BytecodeGenerator::emitJumpIfTrue):
1811         (JSC::BytecodeGenerator::emitJumpIfFalse):
1812         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1813         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1814         (JSC::BytecodeGenerator::moveLinkTimeConstant):
1815         (JSC::BytecodeGenerator::moveEmptyValue):
1816         (JSC::BytecodeGenerator::emitMove):
1817         (JSC::BytecodeGenerator::emitUnaryOp):
1818         (JSC::BytecodeGenerator::emitBinaryOp):
1819         (JSC::BytecodeGenerator::emitToObject):
1820         (JSC::BytecodeGenerator::emitToNumber):
1821         (JSC::BytecodeGenerator::emitToString):
1822         (JSC::BytecodeGenerator::emitTypeOf):
1823         (JSC::BytecodeGenerator::emitInc):
1824         (JSC::BytecodeGenerator::emitDec):
1825         (JSC::BytecodeGenerator::emitEqualityOp):
1826         (JSC::BytecodeGenerator::emitProfileType):
1827         (JSC::BytecodeGenerator::emitProfileControlFlow):
1828         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1829         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
1830         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1831         (JSC::BytecodeGenerator::emitOverridesHasInstance):
1832         (JSC::BytecodeGenerator::emitResolveScope):
1833         (JSC::BytecodeGenerator::emitGetFromScope):
1834         (JSC::BytecodeGenerator::emitPutToScope):
1835         (JSC::BytecodeGenerator::emitInstanceOf):
1836         (JSC::BytecodeGenerator::emitInstanceOfCustom):
1837         (JSC::BytecodeGenerator::emitInByVal):
1838         (JSC::BytecodeGenerator::emitInById):
1839         (JSC::BytecodeGenerator::emitTryGetById):
1840         (JSC::BytecodeGenerator::emitGetById):
1841         (JSC::BytecodeGenerator::emitDirectGetById):
1842         (JSC::BytecodeGenerator::emitPutById):
1843         (JSC::BytecodeGenerator::emitDirectPutById):
1844         (JSC::BytecodeGenerator::emitPutGetterById):
1845         (JSC::BytecodeGenerator::emitPutSetterById):
1846         (JSC::BytecodeGenerator::emitPutGetterSetter):
1847         (JSC::BytecodeGenerator::emitPutGetterByVal):
1848         (JSC::BytecodeGenerator::emitPutSetterByVal):
1849         (JSC::BytecodeGenerator::emitDeleteById):
1850         (JSC::BytecodeGenerator::emitGetByVal):
1851         (JSC::BytecodeGenerator::emitPutByVal):
1852         (JSC::BytecodeGenerator::emitDirectPutByVal):
1853         (JSC::BytecodeGenerator::emitDeleteByVal):
1854         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
1855         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
1856         (JSC::BytecodeGenerator::emitIdWithProfile):
1857         (JSC::BytecodeGenerator::emitUnreachable):
1858         (JSC::BytecodeGenerator::emitGetArgument):
1859         (JSC::BytecodeGenerator::emitCreateThis):
1860         (JSC::BytecodeGenerator::emitTDZCheck):
1861         (JSC::BytecodeGenerator::emitNewObject):
1862         (JSC::BytecodeGenerator::emitNewArrayBuffer):
1863         (JSC::BytecodeGenerator::emitNewArray):
1864         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
1865         (JSC::BytecodeGenerator::emitNewArrayWithSize):
1866         (JSC::BytecodeGenerator::emitNewRegExp):
1867         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1868         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
1869         (JSC::BytecodeGenerator::emitNewFunction):
1870         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
1871         (JSC::BytecodeGenerator::emitCall):
1872         (JSC::BytecodeGenerator::emitCallInTailPosition):
1873         (JSC::BytecodeGenerator::emitCallEval):
1874         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
1875         (JSC::BytecodeGenerator::emitCallVarargs):
1876         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
1877         (JSC::BytecodeGenerator::emitConstructVarargs):
1878         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
1879         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
1880         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
1881         (JSC::BytecodeGenerator::emitCallDefineProperty):
1882         (JSC::BytecodeGenerator::emitReturn):
1883         (JSC::BytecodeGenerator::emitEnd):
1884         (JSC::BytecodeGenerator::emitConstruct):
1885         (JSC::BytecodeGenerator::emitStrcat):
1886         (JSC::BytecodeGenerator::emitToPrimitive):
1887         (JSC::BytecodeGenerator::emitGetScope):
1888         (JSC::BytecodeGenerator::emitPushWithScope):
1889         (JSC::BytecodeGenerator::emitGetParentScope):
1890         (JSC::BytecodeGenerator::emitDebugHook):
1891         (JSC::BytecodeGenerator::emitCatch):
1892         (JSC::BytecodeGenerator::emitThrow):
1893         (JSC::BytecodeGenerator::emitArgumentCount):
1894         (JSC::BytecodeGenerator::emitThrowStaticError):
1895         (JSC::BytecodeGenerator::beginSwitch):
1896         (JSC::prepareJumpTableForSwitch):
1897         (JSC::prepareJumpTableForStringSwitch):
1898         (JSC::BytecodeGenerator::endSwitch):
1899         (JSC::BytecodeGenerator::emitGetEnumerableLength):
1900         (JSC::BytecodeGenerator::emitHasGenericProperty):
1901         (JSC::BytecodeGenerator::emitHasIndexedProperty):
1902         (JSC::BytecodeGenerator::emitHasStructureProperty):
1903         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
1904         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
1905         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
1906         (JSC::BytecodeGenerator::emitToIndexString):
1907         (JSC::BytecodeGenerator::emitIsCellWithType):
1908         (JSC::BytecodeGenerator::emitIsObject):
1909         (JSC::BytecodeGenerator::emitIsNumber):
1910         (JSC::BytecodeGenerator::emitIsUndefined):
1911         (JSC::BytecodeGenerator::emitIsEmpty):
1912         (JSC::BytecodeGenerator::emitRestParameter):
1913         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1914         (JSC::BytecodeGenerator::emitYieldPoint):
1915         (JSC::BytecodeGenerator::emitYield):
1916         (JSC::BytecodeGenerator::emitGetAsyncIterator):
1917         (JSC::BytecodeGenerator::emitDelegateYield):
1918         (JSC::BytecodeGenerator::emitFinallyCompletion):
1919         (JSC::BytecodeGenerator::emitJumpIf):
1920         (JSC::ForInContext::finalize):
1921         (JSC::StructureForInContext::finalize):
1922         (JSC::IndexedForInContext::finalize):
1923         (JSC::StaticPropertyAnalysis::record):
1924         (JSC::BytecodeGenerator::emitToThis):
1925         * bytecompiler/BytecodeGenerator.h:
1926         (JSC::StructureForInContext::addGetInst):
1927         (JSC::BytecodeGenerator::recordOpcode):
1928         (JSC::BytecodeGenerator::addMetadataFor):
1929         (JSC::BytecodeGenerator::emitUnaryOp):
1930         (JSC::BytecodeGenerator::kill):
1931         (JSC::BytecodeGenerator::instructions const):
1932         (JSC::BytecodeGenerator::write):
1933         (JSC::BytecodeGenerator::withWriter):
1934         * bytecompiler/Label.h:
1935         (JSC::Label::Label):
1936         (JSC::Label::bind):
1937         * bytecompiler/NodesCodegen.cpp:
1938         (JSC::ArrayNode::emitBytecode):
1939         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
1940         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1941         (JSC::BitwiseNotNode::emitBytecode):
1942         (JSC::BinaryOpNode::emitBytecode):
1943         (JSC::EqualNode::emitBytecode):
1944         (JSC::StrictEqualNode::emitBytecode):
1945         (JSC::emitReadModifyAssignment):
1946         (JSC::ForInNode::emitBytecode):
1947         (JSC::CaseBlockNode::emitBytecodeForBlock):
1948         (JSC::FunctionNode::emitBytecode):
1949         (JSC::ClassExprNode::emitBytecode):
1950         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
1951         (WTF::printInternal):
1952         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1953         * bytecompiler/RegisterID.h:
1954         * bytecompiler/StaticPropertyAnalysis.h:
1955         (JSC::StaticPropertyAnalysis::create):
1956         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
1957         * bytecompiler/StaticPropertyAnalyzer.h:
1958         (JSC::StaticPropertyAnalyzer::createThis):
1959         (JSC::StaticPropertyAnalyzer::newObject):
1960         (JSC::StaticPropertyAnalyzer::putById):
1961         (JSC::StaticPropertyAnalyzer::mov):
1962         (JSC::StaticPropertyAnalyzer::kill):
1963         * dfg/DFGByteCodeParser.cpp:
1964         (JSC::DFG::ByteCodeParser::addCall):
1965         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1966         (JSC::DFG::ByteCodeParser::getArrayMode):
1967         (JSC::DFG::ByteCodeParser::handleCall):
1968         (JSC::DFG::ByteCodeParser::handleVarargsCall):
1969         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
1970         (JSC::DFG::ByteCodeParser::inlineCall):
1971         (JSC::DFG::ByteCodeParser::handleCallVariant):
1972         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
1973         (JSC::DFG::ByteCodeParser::handleInlining):
1974         (JSC::DFG::ByteCodeParser::handleMinMax):
1975         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1976         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
1977         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
1978         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
1979         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
1980         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
1981         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1982         (JSC::DFG::ByteCodeParser::handleGetById):
1983         (JSC::DFG::ByteCodeParser::handlePutById):
1984         (JSC::DFG::ByteCodeParser::parseGetById):
1985         (JSC::DFG::ByteCodeParser::parseBlock):
1986         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1987         (JSC::DFG::ByteCodeParser::handlePutByVal):
1988         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
1989         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
1990         (JSC::DFG::ByteCodeParser::handleNewFunc):
1991         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
1992         (JSC::DFG::ByteCodeParser::parse):
1993         * dfg/DFGCapabilities.cpp:
1994         (JSC::DFG::capabilityLevel):
1995         * dfg/DFGCapabilities.h:
1996         (JSC::DFG::capabilityLevel):
1997         * dfg/DFGOSREntry.cpp:
1998         (JSC::DFG::prepareCatchOSREntry):
1999         * dfg/DFGSpeculativeJIT.cpp:
2000         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2001         (JSC::DFG::SpeculativeJIT::compileValueSub):
2002         (JSC::DFG::SpeculativeJIT::compileValueNegate):
2003         (JSC::DFG::SpeculativeJIT::compileArithMul):
2004         * ftl/FTLLowerDFGToB3.cpp:
2005         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2006         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2007         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
2008         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
2009         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
2010         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
2011         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
2012         * ftl/FTLOperations.cpp:
2013         (JSC::FTL::operationMaterializeObjectInOSR):
2014         * generate-bytecode-files: Removed.
2015         * generator/Argument.rb: Added.
2016         * generator/Assertion.rb: Added.
2017         * generator/DSL.rb: Added.
2018         * generator/Fits.rb: Added.
2019         * generator/GeneratedFile.rb: Added.
2020         * generator/Metadata.rb: Added.
2021         * generator/Opcode.rb: Added.
2022         * generator/OpcodeGroup.rb: Added.
2023         * generator/Options.rb: Added.
2024         * generator/Section.rb: Added.
2025         * generator/Template.rb: Added.
2026         * generator/Type.rb: Added.
2027         * generator/main.rb: Added.
2028         * interpreter/AbstractPC.h:
2029         * interpreter/CallFrame.cpp:
2030         (JSC::CallFrame::currentVPC const):
2031         (JSC::CallFrame::setCurrentVPC):
2032         * interpreter/CallFrame.h:
2033         (JSC::CallSiteIndex::CallSiteIndex):
2034         (JSC::ExecState::setReturnPC):
2035         * interpreter/Interpreter.cpp:
2036         (WTF::printInternal):
2037         * interpreter/Interpreter.h:
2038         * interpreter/InterpreterInlines.h:
2039         * interpreter/StackVisitor.cpp:
2040         (JSC::StackVisitor::Frame::dump const):
2041         * interpreter/VMEntryRecord.h:
2042         * jit/JIT.cpp:
2043         (JSC::JIT::JIT):
2044         (JSC::JIT::emitSlowCaseCall):
2045         (JSC::JIT::privateCompileMainPass):
2046         (JSC::JIT::privateCompileSlowCases):
2047         (JSC::JIT::compileWithoutLinking):
2048         (JSC::JIT::link):
2049         * jit/JIT.h:
2050         * jit/JITArithmetic.cpp:
2051         (JSC::JIT::emit_op_jless):
2052         (JSC::JIT::emit_op_jlesseq):
2053         (JSC::JIT::emit_op_jgreater):
2054         (JSC::JIT::emit_op_jgreatereq):
2055         (JSC::JIT::emit_op_jnless):
2056         (JSC::JIT::emit_op_jnlesseq):
2057         (JSC::JIT::emit_op_jngreater):
2058         (JSC::JIT::emit_op_jngreatereq):
2059         (JSC::JIT::emitSlow_op_jless):
2060         (JSC::JIT::emitSlow_op_jlesseq):
2061         (JSC::JIT::emitSlow_op_jgreater):
2062         (JSC::JIT::emitSlow_op_jgreatereq):
2063         (JSC::JIT::emitSlow_op_jnless):
2064         (JSC::JIT::emitSlow_op_jnlesseq):
2065         (JSC::JIT::emitSlow_op_jngreater):
2066         (JSC::JIT::emitSlow_op_jngreatereq):
2067         (JSC::JIT::emit_op_below):
2068         (JSC::JIT::emit_op_beloweq):
2069         (JSC::JIT::emit_op_jbelow):
2070         (JSC::JIT::emit_op_jbeloweq):
2071         (JSC::JIT::emit_op_unsigned):
2072         (JSC::JIT::emit_compareAndJump):
2073         (JSC::JIT::emit_compareUnsignedAndJump):
2074         (JSC::JIT::emit_compareUnsigned):
2075         (JSC::JIT::emit_compareAndJumpSlow):
2076         (JSC::JIT::emit_op_inc):
2077         (JSC::JIT::emit_op_dec):
2078         (JSC::JIT::emit_op_mod):
2079         (JSC::JIT::emitSlow_op_mod):
2080         (JSC::JIT::emit_op_negate):
2081         (JSC::JIT::emitSlow_op_negate):
2082         (JSC::JIT::emitBitBinaryOpFastPath):
2083         (JSC::JIT::emit_op_bitand):
2084         (JSC::JIT::emit_op_bitor):
2085         (JSC::JIT::emit_op_bitxor):
2086         (JSC::JIT::emit_op_lshift):
2087         (JSC::JIT::emitRightShiftFastPath):
2088         (JSC::JIT::emit_op_rshift):
2089         (JSC::JIT::emit_op_urshift):
2090         (JSC::getOperandTypes):
2091         (JSC::JIT::emit_op_add):
2092         (JSC::JIT::emitSlow_op_add):
2093         (JSC::JIT::emitMathICFast):
2094         (JSC::JIT::emitMathICSlow):
2095         (JSC::JIT::emit_op_div):
2096         (JSC::JIT::emit_op_mul):
2097         (JSC::JIT::emitSlow_op_mul):
2098         (JSC::JIT::emit_op_sub):
2099         (JSC::JIT::emitSlow_op_sub):
2100         * jit/JITCall.cpp:
2101         (JSC::JIT::emitPutCallResult):
2102         (JSC::JIT::compileSetupFrame):
2103         (JSC::JIT::compileCallEval):
2104         (JSC::JIT::compileCallEvalSlowCase):
2105         (JSC::JIT::compileTailCall):
2106         (JSC::JIT::compileOpCall):
2107         (JSC::JIT::compileOpCallSlowCase):
2108         (JSC::JIT::emit_op_call):
2109         (JSC::JIT::emit_op_tail_call):
2110         (JSC::JIT::emit_op_call_eval):
2111         (JSC::JIT::emit_op_call_varargs):
2112         (JSC::JIT::emit_op_tail_call_varargs):
2113         (JSC::JIT::emit_op_tail_call_forward_arguments):
2114         (JSC::JIT::emit_op_construct_varargs):
2115         (JSC::JIT::emit_op_construct):
2116         (JSC::JIT::emitSlow_op_call):
2117         (JSC::JIT::emitSlow_op_tail_call):
2118         (JSC::JIT::emitSlow_op_call_eval):
2119         (JSC::JIT::emitSlow_op_call_varargs):
2120         (JSC::JIT::emitSlow_op_tail_call_varargs):
2121         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
2122         (JSC::JIT::emitSlow_op_construct_varargs):
2123         (JSC::JIT::emitSlow_op_construct):
2124         * jit/JITDisassembler.cpp:
2125         (JSC::JITDisassembler::JITDisassembler):
2126         * jit/JITExceptions.cpp:
2127         (JSC::genericUnwind):
2128         * jit/JITInlines.h:
2129         (JSC::JIT::emitDoubleGetByVal):
2130         (JSC::JIT::emitLoadForArrayMode):
2131         (JSC::JIT::emitContiguousGetByVal):
2132         (JSC::JIT::emitArrayStorageGetByVal):
2133         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2134         (JSC::JIT::sampleInstruction):
2135         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
2136         (JSC::JIT::emitValueProfilingSite):
2137         (JSC::JIT::jumpTarget):
2138         (JSC::JIT::copiedGetPutInfo):
2139         (JSC::JIT::copiedArithProfile):
2140         * jit/JITMathIC.h:
2141         (JSC::isProfileEmpty):
2142         (JSC::JITBinaryMathIC::JITBinaryMathIC):
2143         (JSC::JITUnaryMathIC::JITUnaryMathIC):
2144         * jit/JITOpcodes.cpp:
2145         (JSC::JIT::emit_op_mov):
2146         (JSC::JIT::emit_op_end):
2147         (JSC::JIT::emit_op_jmp):
2148         (JSC::JIT::emit_op_new_object):
2149         (JSC::JIT::emitSlow_op_new_object):
2150         (JSC::JIT::emit_op_overrides_has_instance):
2151         (JSC::JIT::emit_op_instanceof):
2152         (JSC::JIT::emitSlow_op_instanceof):
2153         (JSC::JIT::emit_op_instanceof_custom):
2154         (JSC::JIT::emit_op_is_empty):
2155         (JSC::JIT::emit_op_is_undefined):
2156         (JSC::JIT::emit_op_is_boolean):
2157         (JSC::JIT::emit_op_is_number):
2158         (JSC::JIT::emit_op_is_cell_with_type):
2159         (JSC::JIT::emit_op_is_object):
2160         (JSC::JIT::emit_op_ret):
2161         (JSC::JIT::emit_op_to_primitive):
2162         (JSC::JIT::emit_op_set_function_name):
2163         (JSC::JIT::emit_op_not):
2164         (JSC::JIT::emit_op_jfalse):
2165         (JSC::JIT::emit_op_jeq_null):
2166         (JSC::JIT::emit_op_jneq_null):
2167         (JSC::JIT::emit_op_jneq_ptr):
2168         (JSC::JIT::emit_op_eq):
2169         (JSC::JIT::emit_op_jeq):
2170         (JSC::JIT::emit_op_jtrue):
2171         (JSC::JIT::emit_op_neq):
2172         (JSC::JIT::emit_op_jneq):
2173         (JSC::JIT::emit_op_throw):
2174         (JSC::JIT::compileOpStrictEq):
2175         (JSC::JIT::emit_op_stricteq):
2176         (JSC::JIT::emit_op_nstricteq):
2177         (JSC::JIT::compileOpStrictEqJump):
2178         (JSC::JIT::emit_op_jstricteq):
2179         (JSC::JIT::emit_op_jnstricteq):
2180         (JSC::JIT::emitSlow_op_jstricteq):
2181         (JSC::JIT::emitSlow_op_jnstricteq):
2182         (JSC::JIT::emit_op_to_number):
2183         (JSC::JIT::emit_op_to_string):
2184         (JSC::JIT::emit_op_to_object):
2185         (JSC::JIT::emit_op_catch):
2186         (JSC::JIT::emit_op_identity_with_profile):
2187         (JSC::JIT::emit_op_get_parent_scope):
2188         (JSC::JIT::emit_op_switch_imm):
2189         (JSC::JIT::emit_op_switch_char):
2190         (JSC::JIT::emit_op_switch_string):
2191         (JSC::JIT::emit_op_debug):
2192         (JSC::JIT::emit_op_eq_null):
2193         (JSC::JIT::emit_op_neq_null):
2194         (JSC::JIT::emit_op_enter):
2195         (JSC::JIT::emit_op_get_scope):
2196         (JSC::JIT::emit_op_to_this):
2197         (JSC::JIT::emit_op_create_this):
2198         (JSC::JIT::emit_op_check_tdz):
2199         (JSC::JIT::emitSlow_op_eq):
2200         (JSC::JIT::emitSlow_op_neq):
2201         (JSC::JIT::emitSlow_op_jeq):
2202         (JSC::JIT::emitSlow_op_jneq):
2203         (JSC::JIT::emitSlow_op_instanceof_custom):
2204         (JSC::JIT::emit_op_loop_hint):
2205         (JSC::JIT::emitSlow_op_loop_hint):
2206         (JSC::JIT::emit_op_check_traps):
2207         (JSC::JIT::emit_op_nop):
2208         (JSC::JIT::emit_op_super_sampler_begin):
2209         (JSC::JIT::emit_op_super_sampler_end):
2210         (JSC::JIT::emitSlow_op_check_traps):
2211         (JSC::JIT::emit_op_new_regexp):
2212         (JSC::JIT::emitNewFuncCommon):
2213         (JSC::JIT::emit_op_new_func):
2214         (JSC::JIT::emit_op_new_generator_func):
2215         (JSC::JIT::emit_op_new_async_generator_func):
2216         (JSC::JIT::emit_op_new_async_func):
2217         (JSC::JIT::emitNewFuncExprCommon):
2218         (JSC::JIT::emit_op_new_func_exp):
2219         (JSC::JIT::emit_op_new_generator_func_exp):
2220         (JSC::JIT::emit_op_new_async_func_exp):
2221         (JSC::JIT::emit_op_new_async_generator_func_exp):
2222         (JSC::JIT::emit_op_new_array):
2223         (JSC::JIT::emit_op_new_array_with_size):
2224         (JSC::JIT::emit_op_has_structure_property):
2225         (JSC::JIT::privateCompileHasIndexedProperty):
2226         (JSC::JIT::emit_op_has_indexed_property):
2227         (JSC::JIT::emitSlow_op_has_indexed_property):
2228         (JSC::JIT::emit_op_get_direct_pname):
2229         (JSC::JIT::emit_op_enumerator_structure_pname):
2230         (JSC::JIT::emit_op_enumerator_generic_pname):
2231         (JSC::JIT::emit_op_profile_type):
2232         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2233         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2234         (JSC::JIT::emit_op_profile_control_flow):
2235         (JSC::JIT::emit_op_argument_count):
2236         (JSC::JIT::emit_op_get_rest_length):
2237         (JSC::JIT::emit_op_get_argument):
2238         * jit/JITOpcodes32_64.cpp:
2239         (JSC::JIT::emit_op_to_this):
2240         * jit/JITOperations.cpp:
2241         * jit/JITOperations.h:
2242         * jit/JITPropertyAccess.cpp:
2243         (JSC::JIT::emit_op_get_by_val):
2244         (JSC::JIT::emitGetByValWithCachedId):
2245         (JSC::JIT::emitSlow_op_get_by_val):
2246         (JSC::JIT::emit_op_put_by_val_direct):
2247         (JSC::JIT::emit_op_put_by_val):
2248         (JSC::JIT::emitGenericContiguousPutByVal):
2249         (JSC::JIT::emitArrayStoragePutByVal):
2250         (JSC::JIT::emitPutByValWithCachedId):
2251         (JSC::JIT::emitSlow_op_put_by_val):
2252         (JSC::JIT::emit_op_put_getter_by_id):
2253         (JSC::JIT::emit_op_put_setter_by_id):
2254         (JSC::JIT::emit_op_put_getter_setter_by_id):
2255         (JSC::JIT::emit_op_put_getter_by_val):
2256         (JSC::JIT::emit_op_put_setter_by_val):
2257         (JSC::JIT::emit_op_del_by_id):
2258         (JSC::JIT::emit_op_del_by_val):
2259         (JSC::JIT::emit_op_try_get_by_id):
2260         (JSC::JIT::emitSlow_op_try_get_by_id):
2261         (JSC::JIT::emit_op_get_by_id_direct):
2262         (JSC::JIT::emitSlow_op_get_by_id_direct):
2263         (JSC::JIT::emit_op_get_by_id):
2264         (JSC::JIT::emit_op_get_by_id_with_this):
2265         (JSC::JIT::emitSlow_op_get_by_id):
2266         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2267         (JSC::JIT::emit_op_put_by_id):
2268         (JSC::JIT::emitSlow_op_put_by_id):
2269         (JSC::JIT::emit_op_in_by_id):
2270         (JSC::JIT::emitSlow_op_in_by_id):
2271         (JSC::JIT::emit_op_resolve_scope):
2272         (JSC::JIT::emit_op_get_from_scope):
2273         (JSC::JIT::emitSlow_op_get_from_scope):
2274         (JSC::JIT::emit_op_put_to_scope):
2275         (JSC::JIT::emitSlow_op_put_to_scope):
2276         (JSC::JIT::emit_op_get_from_arguments):
2277         (JSC::JIT::emit_op_put_to_arguments):
2278         (JSC::JIT::privateCompileGetByVal):
2279         (JSC::JIT::privateCompileGetByValWithCachedId):
2280         (JSC::JIT::privateCompilePutByVal):
2281         (JSC::JIT::privateCompilePutByValWithCachedId):
2282         (JSC::JIT::emitDoubleLoad):
2283         (JSC::JIT::emitContiguousLoad):
2284         (JSC::JIT::emitArrayStorageLoad):
2285         (JSC::JIT::emitDirectArgumentsGetByVal):
2286         (JSC::JIT::emitScopedArgumentsGetByVal):
2287         (JSC::JIT::emitIntTypedArrayGetByVal):
2288         (JSC::JIT::emitFloatTypedArrayGetByVal):
2289         (JSC::JIT::emitIntTypedArrayPutByVal):
2290         (JSC::JIT::emitFloatTypedArrayPutByVal):
2291         * jit/RegisterSet.cpp:
2292         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2293         * jit/SlowPathCall.h:
2294         (JSC::JITSlowPathCall::JITSlowPathCall):
2295         * llint/LLIntData.cpp:
2296         (JSC::LLInt::initialize):
2297         (JSC::LLInt::Data::performAssertions):
2298         * llint/LLIntData.h:
2299         (JSC::LLInt::exceptionInstructions):
2300         (JSC::LLInt::opcodeMap):
2301         (JSC::LLInt::opcodeMapWide):
2302         (JSC::LLInt::getOpcode):
2303         (JSC::LLInt::getOpcodeWide):
2304         (JSC::LLInt::getWideCodePtr):
2305         * llint/LLIntOffsetsExtractor.cpp:
2306         * llint/LLIntSlowPaths.cpp:
2307         (JSC::LLInt::llint_trace_operand):
2308         (JSC::LLInt::llint_trace_value):
2309         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2310         (JSC::LLInt::entryOSR):
2311         (JSC::LLInt::setupGetByIdPrototypeCache):
2312         (JSC::LLInt::getByVal):
2313         (JSC::LLInt::handleHostCall):
2314         (JSC::LLInt::setUpCall):
2315         (JSC::LLInt::genericCall):
2316         (JSC::LLInt::varargsSetup):
2317         (JSC::LLInt::commonCallEval):
2318         * llint/LLIntSlowPaths.h:
2319         * llint/LowLevelInterpreter.asm:
2320         * llint/LowLevelInterpreter.cpp:
2321         (JSC::CLoopRegister::operator const Instruction*):
2322         (JSC::CLoop::execute):
2323         * llint/LowLevelInterpreter32_64.asm:
2324         * llint/LowLevelInterpreter64.asm:
2325         * offlineasm/arm64.rb:
2326         * offlineasm/asm.rb:
2327         * offlineasm/ast.rb:
2328         * offlineasm/cloop.rb:
2329         * offlineasm/generate_offset_extractor.rb:
2330         * offlineasm/instructions.rb:
2331         * offlineasm/offsets.rb:
2332         * offlineasm/parser.rb:
2333         * offlineasm/transform.rb:
2334         * offlineasm/x86.rb:
2335         * parser/ResultType.h:
2336         (JSC::ResultType::dump const):
2337         (JSC::OperandTypes::first const):
2338         (JSC::OperandTypes::second const):
2339         (JSC::OperandTypes::dump const):
2340         * profiler/ProfilerBytecodeSequence.cpp:
2341         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
2342         * runtime/CommonSlowPaths.cpp:
2343         (JSC::SLOW_PATH_DECL):
2344         (JSC::updateArithProfileForUnaryArithOp):
2345         (JSC::updateArithProfileForBinaryArithOp):
2346         * runtime/CommonSlowPaths.h:
2347         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
2348         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
2349         * runtime/ExceptionFuzz.cpp:
2350         (JSC::doExceptionFuzzing):
2351         * runtime/ExceptionFuzz.h:
2352         (JSC::doExceptionFuzzingIfEnabled):
2353         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2354         (JSC::GetPutInfo::dump const):
2355         (WTF::printInternal):
2356         * runtime/GetPutInfo.h:
2357         (JSC::GetPutInfo::operand const):
2358         * runtime/JSCPoison.h:
2359         * runtime/JSType.cpp: Added.
2360         (WTF::printInternal):
2361         * runtime/JSType.h:
2362         * runtime/SamplingProfiler.cpp:
2363         (JSC::SamplingProfiler::StackFrame::displayName):
2364         * runtime/SamplingProfiler.h:
2365         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
2366         * runtime/SlowPathReturnType.h:
2367         (JSC::encodeResult):
2368         (JSC::decodeResult):
2369         * runtime/VM.h:
2370         * runtime/Watchdog.h:
2371         * tools/HeapVerifier.cpp:
2372
2373 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2374
2375         Unreviewed, partial rolling in r237254
2376         https://bugs.webkit.org/show_bug.cgi?id=190340
2377
2378         We do not use the added function right now to investigate what is the reason of the regression.
2379         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
2380         seems culprit of the regression on iOS devices.
2381
2382         * bytecode/UnlinkedFunctionExecutable.cpp:
2383         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2384         * bytecode/UnlinkedFunctionExecutable.h:
2385         * parser/SourceCodeKey.h:
2386         (JSC::SourceCodeKey::SourceCodeKey):
2387         (JSC::SourceCodeKey::operator== const):
2388         * runtime/CodeCache.cpp:
2389         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2390         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2391         * runtime/CodeCache.h:
2392         * runtime/FunctionConstructor.cpp:
2393         (JSC::constructFunctionSkippingEvalEnabledCheck):
2394         * runtime/FunctionExecutable.cpp:
2395         (JSC::FunctionExecutable::fromGlobalCode):
2396         * runtime/FunctionExecutable.h:
2397
2398 2018-10-26  Commit Queue  <commit-queue@webkit.org>
2399
2400         Unreviewed, rolling out r237479 and r237484.
2401         https://bugs.webkit.org/show_bug.cgi?id=190978
2402
2403         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
2404
2405         Reverted changesets:
2406
2407         "New bytecode format for JSC"
2408         https://bugs.webkit.org/show_bug.cgi?id=187373
2409         https://trac.webkit.org/changeset/237479
2410
2411         "Gardening: Build fix after r237479."
2412         https://bugs.webkit.org/show_bug.cgi?id=187373
2413         https://trac.webkit.org/changeset/237484
2414
2415 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
2416
2417         Gardening: Build fix after r237479.
2418         https://bugs.webkit.org/show_bug.cgi?id=187373
2419
2420         Unreviewed.
2421
2422         * Configurations/JSC.xcconfig:
2423         * JavaScriptCore.xcodeproj/project.pbxproj:
2424         * llint/LLIntData.cpp:
2425         (JSC::LLInt::initialize):
2426
2427 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
2428
2429         New bytecode format for JSC
2430         https://bugs.webkit.org/show_bug.cgi?id=187373
2431         <rdar://problem/44186758>
2432
2433         Reviewed by Filip Pizlo.
2434
2435         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
2436         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
2437         operands) and might contain an extra operand, the metadataID. The metadataID is used to
2438         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
2439
2440         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
2441         and types to all its operands. Additionally, reading a bytecode from the instruction stream
2442         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
2443         operands directly from the stream.
2444
2445
2446         * CMakeLists.txt:
2447         * DerivedSources.make:
2448         * JavaScriptCore.xcodeproj/project.pbxproj:
2449         * Sources.txt:
2450         * assembler/MacroAssemblerCodeRef.h:
2451         (JSC::ReturnAddressPtr::ReturnAddressPtr):
2452         (JSC::ReturnAddressPtr::value const):
2453         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
2454         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
2455         * bytecode/ArithProfile.h:
2456         (JSC::ArithProfile::ArithProfile):
2457         * bytecode/ArrayAllocationProfile.h:
2458         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
2459         * bytecode/ArrayProfile.h:
2460         * bytecode/BytecodeBasicBlock.cpp:
2461         (JSC::isJumpTarget):
2462         (JSC::BytecodeBasicBlock::computeImpl):
2463         (JSC::BytecodeBasicBlock::compute):
2464         * bytecode/BytecodeBasicBlock.h:
2465         (JSC::BytecodeBasicBlock::leaderOffset const):
2466         (JSC::BytecodeBasicBlock::totalLength const):
2467         (JSC::BytecodeBasicBlock::offsets const):
2468         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
2469         (JSC::BytecodeBasicBlock::addLength):
2470         * bytecode/BytecodeDumper.cpp:
2471         (JSC::BytecodeDumper<Block>::printLocationAndOp):
2472         (JSC::BytecodeDumper<Block>::dumpBytecode):
2473         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2474         (JSC::BytecodeDumper<Block>::dumpConstants):
2475         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2476         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2477         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2478         (JSC::BytecodeDumper<Block>::dumpBlock):
2479         * bytecode/BytecodeDumper.h:
2480         (JSC::BytecodeDumper::dumpOperand):
2481         (JSC::BytecodeDumper::dumpValue):
2482         (JSC::BytecodeDumper::BytecodeDumper):
2483         (JSC::BytecodeDumper::block const):
2484         * bytecode/BytecodeGeneratorification.cpp:
2485         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2486         (JSC::BytecodeGeneratorification::enterPoint const):
2487         (JSC::BytecodeGeneratorification::instructions const):
2488         (JSC::GeneratorLivenessAnalysis::run):
2489         (JSC::BytecodeGeneratorification::run):
2490         (JSC::performGeneratorification):
2491         * bytecode/BytecodeGeneratorification.h:
2492         * bytecode/BytecodeGraph.h:
2493         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
2494         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
2495         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
2496         (JSC::BytecodeGraph::BytecodeGraph):
2497         * bytecode/BytecodeKills.h:
2498         * bytecode/BytecodeList.json: Removed.
2499         * bytecode/BytecodeList.rb: Added.
2500         * bytecode/BytecodeLivenessAnalysis.cpp:
2501         (JSC::BytecodeLivenessAnalysis::dumpResults):
2502         * bytecode/BytecodeLivenessAnalysis.h:
2503         * bytecode/BytecodeLivenessAnalysisInlines.h:
2504         (JSC::isValidRegisterForLiveness):
2505         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
2506         * bytecode/BytecodeRewriter.cpp:
2507         (JSC::BytecodeRewriter::applyModification):
2508         (JSC::BytecodeRewriter::execute):
2509         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
2510         (JSC::BytecodeRewriter::insertImpl):
2511         (JSC::BytecodeRewriter::adjustJumpTarget):
2512         (JSC::BytecodeRewriter::adjustJumpTargets):
2513         * bytecode/BytecodeRewriter.h:
2514         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
2515         (JSC::BytecodeRewriter::Fragment::Fragment):
2516         (JSC::BytecodeRewriter::Fragment::appendInstruction):
2517         (JSC::BytecodeRewriter::BytecodeRewriter):
2518         (JSC::BytecodeRewriter::insertFragmentBefore):
2519         (JSC::BytecodeRewriter::insertFragmentAfter):
2520         (JSC::BytecodeRewriter::removeBytecode):
2521         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
2522         (JSC::BytecodeRewriter::adjustJumpTarget):
2523         * bytecode/BytecodeUseDef.h:
2524         (JSC::computeUsesForBytecodeOffset):
2525         (JSC::computeDefsForBytecodeOffset):
2526         * bytecode/CallLinkStatus.cpp:
2527         (JSC::CallLinkStatus::computeFromLLInt):
2528         * bytecode/CodeBlock.cpp:
2529         (JSC::CodeBlock::dumpBytecode):
2530         (JSC::CodeBlock::CodeBlock):
2531         (JSC::CodeBlock::finishCreation):
2532         (JSC::CodeBlock::estimatedSize):
2533         (JSC::CodeBlock::visitChildren):
2534         (JSC::CodeBlock::propagateTransitions):
2535         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2536         (JSC::CodeBlock::addJITAddIC):
2537         (JSC::CodeBlock::addJITMulIC):
2538         (JSC::CodeBlock::addJITSubIC):
2539         (JSC::CodeBlock::addJITNegIC):
2540         (JSC::CodeBlock::stronglyVisitStrongReferences):
2541         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
2542         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
2543         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2544         (JSC::CodeBlock::getArrayProfile):
2545         (JSC::CodeBlock::updateAllArrayPredictions):
2546         (JSC::CodeBlock::predictedMachineCodeSize):
2547         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
2548         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2549         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2550         (JSC::CodeBlock::validate):
2551         (JSC::CodeBlock::outOfLineJumpOffset):
2552         (JSC::CodeBlock::outOfLineJumpTarget):
2553         (JSC::CodeBlock::arithProfileForBytecodeOffset):
2554         (JSC::CodeBlock::arithProfileForPC):
2555         (JSC::CodeBlock::couldTakeSpecialFastCase):
2556         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2557         * bytecode/CodeBlock.h:
2558         (JSC::CodeBlock::addMathIC):
2559         (JSC::CodeBlock::outOfLineJumpOffset):
2560         (JSC::CodeBlock::bytecodeOffset):
2561         (JSC::CodeBlock::instructions const):
2562         (JSC::CodeBlock::instructionCount const):
2563         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2564         (JSC::CodeBlock::metadata):
2565         (JSC::CodeBlock::metadataSizeInBytes):
2566         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
2567         (JSC::CodeBlock::totalNumberOfValueProfiles):
2568         * bytecode/CodeBlockInlines.h: Added.
2569         (JSC::CodeBlock::forEachValueProfile):
2570         (JSC::CodeBlock::forEachArrayProfile):
2571         (JSC::CodeBlock::forEachArrayAllocationProfile):
2572         (JSC::CodeBlock::forEachObjectAllocationProfile):
2573         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2574         * bytecode/Fits.h: Added.
2575         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2576         * bytecode/GetByIdStatus.cpp:
2577         (JSC::GetByIdStatus::computeFromLLInt):
2578         * bytecode/Instruction.h:
2579         (JSC::Instruction::Instruction):
2580         (JSC::Instruction::Impl::opcodeID const):
2581         (JSC::Instruction::opcodeID const):
2582         (JSC::Instruction::name const):
2583         (JSC::Instruction::isWide const):
2584         (JSC::Instruction::size const):
2585         (JSC::Instruction::is const):
2586         (JSC::Instruction::as const):
2587         (JSC::Instruction::cast):
2588         (JSC::Instruction::cast const):
2589         (JSC::Instruction::narrow const):
2590         (JSC::Instruction::wide const):
2591         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2592         (JSC::InstructionStream::InstructionStream):
2593         (JSC::InstructionStream::sizeInBytes const):
2594         * bytecode/InstructionStream.h: Added.
2595         (JSC::InstructionStream::BaseRef::BaseRef):
2596         (JSC::InstructionStream::BaseRef::operator=):
2597         (JSC::InstructionStream::BaseRef::operator-> const):
2598         (JSC::InstructionStream::BaseRef::ptr const):
2599         (JSC::InstructionStream::BaseRef::operator!= const):
2600         (JSC::InstructionStream::BaseRef::next const):
2601         (JSC::InstructionStream::BaseRef::offset const):
2602         (JSC::InstructionStream::BaseRef::isValid const):
2603         (JSC::InstructionStream::BaseRef::unwrap const):
2604         (JSC::InstructionStream::MutableRef::freeze const):
2605         (JSC::InstructionStream::MutableRef::operator->):
2606         (JSC::InstructionStream::MutableRef::ptr):
2607         (JSC::InstructionStream::MutableRef::operator Ref):
2608         (JSC::InstructionStream::MutableRef::unwrap):
2609         (JSC::InstructionStream::iterator::operator*):
2610         (JSC::InstructionStream::iterator::operator++):
2611         (JSC::InstructionStream::begin const):
2612         (JSC::InstructionStream::end const):
2613         (JSC::InstructionStream::at const):
2614         (JSC::InstructionStream::size const):
2615         (JSC::InstructionStreamWriter::InstructionStreamWriter):
2616         (JSC::InstructionStreamWriter::ref):
2617         (JSC::InstructionStreamWriter::seek):
2618         (JSC::InstructionStreamWriter::position):
2619         (JSC::InstructionStreamWriter::write):
2620         (JSC::InstructionStreamWriter::rewind):
2621         (JSC::InstructionStreamWriter::finalize):
2622         (JSC::InstructionStreamWriter::swap):
2623         (JSC::InstructionStreamWriter::iterator::operator*):
2624         (JSC::InstructionStreamWriter::iterator::operator++):
2625         (JSC::InstructionStreamWriter::begin):
2626         (JSC::InstructionStreamWriter::end):
2627         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
2628         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
2629         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
2630         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
2631         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
2632         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2633         (JSC::MetadataTable::MetadataTable):
2634         (JSC::DeallocTable::withOpcodeType):
2635         (JSC::MetadataTable::~MetadataTable):
2636         (JSC::MetadataTable::sizeInBytes):
2637         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
2638         (JSC::MetadataTable::get):
2639         (JSC::MetadataTable::forEach):
2640         (JSC::MetadataTable::getImpl):
2641         * bytecode/Opcode.cpp:
2642         (JSC::metadataSize):
2643         * bytecode/Opcode.h:
2644         (JSC::padOpcodeName):
2645         * bytecode/OpcodeInlines.h:
2646         (JSC::isOpcodeShape):
2647         (JSC::getOpcodeType):
2648         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2649         * bytecode/PreciseJumpTargets.cpp:
2650         (JSC::getJumpTargetsForInstruction):
2651         (JSC::computePreciseJumpTargetsInternal):
2652         (JSC::computePreciseJumpTargets):
2653         (JSC::recomputePreciseJumpTargets):
2654         (JSC::findJumpTargetsForInstruction):
2655         * bytecode/PreciseJumpTargets.h:
2656         * bytecode/PreciseJumpTargetsInlines.h:
2657         (JSC::jumpTargetForInstruction):
2658         (JSC::extractStoredJumpTargetsForInstruction):
2659         (JSC::updateStoredJumpTargetsForInstruction):
2660         * bytecode/PutByIdStatus.cpp:
2661         (JSC::PutByIdStatus::computeFromLLInt):
2662         * bytecode/SpecialPointer.cpp:
2663         (WTF::printInternal):
2664         * bytecode/SpecialPointer.h:
2665         * bytecode/UnlinkedCodeBlock.cpp:
2666         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2667         (JSC::UnlinkedCodeBlock::visitChildren):
2668         (JSC::UnlinkedCodeBlock::estimatedSize):
2669         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
2670         (JSC::dumpLineColumnEntry):
2671         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
2672         (JSC::UnlinkedCodeBlock::setInstructions):
2673         (JSC::UnlinkedCodeBlock::instructions const):
2674         (JSC::UnlinkedCodeBlock::applyModification):
2675         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
2676         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2677         * bytecode/UnlinkedCodeBlock.h:
2678         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
2679         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
2680         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
2681         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
2682         (JSC::UnlinkedCodeBlock::metadata):
2683         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
2684         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2685         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
2686         * bytecode/UnlinkedInstructionStream.cpp: Removed.
2687         * bytecode/UnlinkedInstructionStream.h: Removed.
2688         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2689         * bytecode/UnlinkedMetadataTableInlines.h: Added.
2690         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
2691         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
2692         (JSC::UnlinkedMetadataTable::addEntry):
2693         (JSC::UnlinkedMetadataTable::sizeInBytes):
2694         (JSC::UnlinkedMetadataTable::finalize):
2695         (JSC::UnlinkedMetadataTable::link):
2696         (JSC::UnlinkedMetadataTable::unlink):
2697         * bytecode/VirtualRegister.cpp:
2698         (JSC::VirtualRegister::VirtualRegister):
2699         * bytecode/VirtualRegister.h:
2700         * bytecompiler/BytecodeGenerator.cpp:
2701         (JSC::Label::setLocation):
2702         (JSC::Label::bind):
2703         (JSC::BytecodeGenerator::generate):
2704         (JSC::BytecodeGenerator::BytecodeGenerator):
2705         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2706         (JSC::BytecodeGenerator::emitEnter):
2707         (JSC::BytecodeGenerator::emitLoopHint):
2708         (JSC::BytecodeGenerator::emitJump):
2709         (JSC::BytecodeGenerator::emitCheckTraps):
2710         (JSC::BytecodeGenerator::rewind):
2711         (JSC::BytecodeGenerator::fuseCompareAndJump):
2712         (JSC::BytecodeGenerator::fuseTestAndJmp):
2713         (JSC::BytecodeGenerator::emitJumpIfTrue):
2714         (JSC::BytecodeGenerator::emitJumpIfFalse):
2715         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2716         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2717         (JSC::BytecodeGenerator::moveLinkTimeConstant):
2718         (JSC::BytecodeGenerator::moveEmptyValue):
2719         (JSC::BytecodeGenerator::emitMove):
2720         (JSC::BytecodeGenerator::emitUnaryOp):
2721         (JSC::BytecodeGenerator::emitBinaryOp):
2722         (JSC::BytecodeGenerator::emitToObject):
2723         (JSC::BytecodeGenerator::emitToNumber):
2724         (JSC::BytecodeGenerator::emitToString):
2725         (JSC::BytecodeGenerator::emitTypeOf):
2726         (JSC::BytecodeGenerator::emitInc):
2727         (JSC::BytecodeGenerator::emitDec):
2728         (JSC::BytecodeGenerator::emitEqualityOp):
2729         (JSC::BytecodeGenerator::emitProfileType):
2730         (JSC::BytecodeGenerator::emitProfileControlFlow):
2731         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2732         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
2733         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
2734         (JSC::BytecodeGenerator::emitOverridesHasInstance):
2735         (JSC::BytecodeGenerator::emitResolveScope):
2736         (JSC::BytecodeGenerator::emitGetFromScope):
2737         (JSC::BytecodeGenerator::emitPutToScope):
2738         (JSC::BytecodeGenerator::emitInstanceOf):
2739         (JSC::BytecodeGenerator::emitInstanceOfCustom):
2740         (JSC::BytecodeGenerator::emitInByVal):
2741         (JSC::BytecodeGenerator::emitInById):
2742         (JSC::BytecodeGenerator::emitTryGetById):
2743         (JSC::BytecodeGenerator::emitGetById):
2744         (JSC::BytecodeGenerator::emitDirectGetById):
2745         (JSC::BytecodeGenerator::emitPutById):
2746         (JSC::BytecodeGenerator::emitDirectPutById):
2747         (JSC::BytecodeGenerator::emitPutGetterById):
2748         (JSC::BytecodeGenerator::emitPutSetterById):
2749         (JSC::BytecodeGenerator::emitPutGetterSetter):
2750         (JSC::BytecodeGenerator::emitPutGetterByVal):
2751         (JSC::BytecodeGenerator::emitPutSetterByVal):
2752         (JSC::BytecodeGenerator::emitDeleteById):
2753         (JSC::BytecodeGenerator::emitGetByVal):
2754         (JSC::BytecodeGenerator::emitPutByVal):
2755         (JSC::BytecodeGenerator::emitDirectPutByVal):
2756         (JSC::BytecodeGenerator::emitDeleteByVal):
2757         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
2758         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
2759         (JSC::BytecodeGenerator::emitIdWithProfile):
2760         (JSC::BytecodeGenerator::emitUnreachable):
2761         (JSC::BytecodeGenerator::emitGetArgument):
2762         (JSC::BytecodeGenerator::emitCreateThis):
2763         (JSC::BytecodeGenerator::emitTDZCheck):
2764         (JSC::BytecodeGenerator::emitNewObject):
2765         (JSC::BytecodeGenerator::emitNewArrayBuffer):
2766         (JSC::BytecodeGenerator::emitNewArray):
2767         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
2768         (JSC::BytecodeGenerator::emitNewArrayWithSize):
2769         (JSC::BytecodeGenerator::emitNewRegExp):
2770         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
2771         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
2772         (JSC::BytecodeGenerator::emitNewFunction):
2773         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
2774         (JSC::BytecodeGenerator::emitCall):
2775         (JSC::BytecodeGenerator::emitCallInTailPosition):
2776         (JSC::BytecodeGenerator::emitCallEval):
2777         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2778         (JSC::BytecodeGenerator::emitCallVarargs):
2779         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
2780         (JSC::BytecodeGenerator::emitConstructVarargs):
2781         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
2782         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
2783         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
2784         (JSC::BytecodeGenerator::emitCallDefineProperty):
2785         (JSC::BytecodeGenerator::emitReturn):
2786         (JSC::BytecodeGenerator::emitEnd):
2787         (JSC::BytecodeGenerator::emitConstruct):
2788         (JSC::BytecodeGenerator::emitStrcat):
2789         (JSC::BytecodeGenerator::emitToPrimitive):
2790         (JSC::BytecodeGenerator::emitGetScope):
2791         (JSC::BytecodeGenerator::emitPushWithScope):
2792         (JSC::BytecodeGenerator::emitGetParentScope):
2793         (JSC::BytecodeGenerator::emitDebugHook):
2794         (JSC::BytecodeGenerator::emitCatch):
2795         (JSC::BytecodeGenerator::emitThrow):
2796         (JSC::BytecodeGenerator::emitArgumentCount):
2797         (JSC::BytecodeGenerator::emitThrowStaticError):
2798         (JSC::BytecodeGenerator::beginSwitch):
2799         (JSC::prepareJumpTableForSwitch):
2800         (JSC::prepareJumpTableForStringSwitch):
2801         (JSC::BytecodeGenerator::endSwitch):
2802         (JSC::BytecodeGenerator::emitGetEnumerableLength):
2803         (JSC::BytecodeGenerator::emitHasGenericProperty):
2804         (JSC::BytecodeGenerator::emitHasIndexedProperty):
2805         (JSC::BytecodeGenerator::emitHasStructureProperty):
2806         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
2807         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
2808         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
2809         (JSC::BytecodeGenerator::emitToIndexString):
2810         (JSC::BytecodeGenerator::emitIsCellWithType):
2811         (JSC::BytecodeGenerator::emitIsObject):
2812         (JSC::BytecodeGenerator::emitIsNumber):
2813         (JSC::BytecodeGenerator::emitIsUndefined):
2814         (JSC::BytecodeGenerator::emitIsEmpty):
2815         (JSC::BytecodeGenerator::emitRestParameter):
2816         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2817         (JSC::BytecodeGenerator::emitYieldPoint):
2818         (JSC::BytecodeGenerator::emitYield):
2819         (JSC::BytecodeGenerator::emitGetAsyncIterator):
2820         (JSC::BytecodeGenerator::emitDelegateYield):
2821         (JSC::BytecodeGenerator::emitFinallyCompletion):
2822         (JSC::BytecodeGenerator::emitJumpIf):
2823         (JSC::ForInContext::finalize):
2824         (JSC::StructureForInContext::finalize):
2825         (JSC::IndexedForInContext::finalize):
2826         (JSC::StaticPropertyAnalysis::record):
2827         (JSC::BytecodeGenerator::emitToThis):
2828         * bytecompiler/BytecodeGenerator.h:
2829         (JSC::StructureForInContext::addGetInst):
2830         (JSC::BytecodeGenerator::recordOpcode):
2831         (JSC::BytecodeGenerator::addMetadataFor):
2832         (JSC::BytecodeGenerator::emitUnaryOp):
2833         (JSC::BytecodeGenerator::kill):
2834         (JSC::BytecodeGenerator::instructions const):
2835         (JSC::BytecodeGenerator::write):
2836         (JSC::BytecodeGenerator::withWriter):
2837         * bytecompiler/Label.h:
2838         (JSC::Label::Label):
2839         (JSC::Label::bind):
2840         * bytecompiler/NodesCodegen.cpp:
2841         (JSC::ArrayNode::emitBytecode):
2842         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
2843         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2844         (JSC::BitwiseNotNode::emitBytecode):
2845         (JSC::BinaryOpNode::emitBytecode):
2846         (JSC::EqualNode::emitBytecode):
2847         (JSC::StrictEqualNode::emitBytecode):
2848         (JSC::emitReadModifyAssignment):
2849         (JSC::ForInNode::emitBytecode):
2850         (JSC::CaseBlockNode::emitBytecodeForBlock):
2851         (JSC::FunctionNode::emitBytecode):
2852         (JSC::ClassExprNode::emitBytecode):
2853         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
2854         (WTF::printInternal):
2855         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2856         * bytecompiler/RegisterID.h:
2857         * bytecompiler/StaticPropertyAnalysis.h:
2858         (JSC::StaticPropertyAnalysis::create):
2859         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
2860         * bytecompiler/StaticPropertyAnalyzer.h:
2861         (JSC::StaticPropertyAnalyzer::createThis):
2862         (JSC::StaticPropertyAnalyzer::newObject):
2863         (JSC::StaticPropertyAnalyzer::putById):
2864         (JSC::StaticPropertyAnalyzer::mov):
2865         (JSC::StaticPropertyAnalyzer::kill):
2866         * dfg/DFGByteCodeParser.cpp:
2867         (JSC::DFG::ByteCodeParser::addCall):
2868         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2869         (JSC::DFG::ByteCodeParser::getArrayMode):
2870         (JSC::DFG::ByteCodeParser::handleCall):
2871         (JSC::DFG::ByteCodeParser::handleVarargsCall):
2872         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
2873         (JSC::DFG::ByteCodeParser::inlineCall):
2874         (JSC::DFG::ByteCodeParser::handleCallVariant):
2875         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
2876         (JSC::DFG::ByteCodeParser::handleInlining):
2877         (JSC::DFG::ByteCodeParser::handleMinMax):
2878         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
2879         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
2880         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
2881         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
2882         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
2883         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
2884         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2885         (JSC::DFG::ByteCodeParser::handleGetById):
2886         (JSC::DFG::ByteCodeParser::handlePutById):
2887         (JSC::DFG::ByteCodeParser::parseGetById):
2888         (JSC::DFG::ByteCodeParser::parseBlock):
2889         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2890         (JSC::DFG::ByteCodeParser::handlePutByVal):
2891         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
2892         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
2893         (JSC::DFG::ByteCodeParser::handleNewFunc):
2894         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
2895         (JSC::DFG::ByteCodeParser::parse):
2896         * dfg/DFGCapabilities.cpp:
2897         (JSC::DFG::capabilityLevel):
2898         * dfg/DFGCapabilities.h:
2899         (JSC::DFG::capabilityLevel):
2900         * dfg/DFGOSREntry.cpp:
2901         (JSC::DFG::prepareCatchOSREntry):
2902         * dfg/DFGSpeculativeJIT.cpp:
2903         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2904         (JSC::DFG::SpeculativeJIT::compileValueSub):
2905         (JSC::DFG::SpeculativeJIT::compileValueNegate):
2906         (JSC::DFG::SpeculativeJIT::compileArithMul):
2907         * ftl/FTLLowerDFGToB3.cpp:
2908         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2909         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2910         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
2911         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
2912         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
2913         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
2914         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
2915         * ftl/FTLOperations.cpp:
2916         (JSC::FTL::operationMaterializeObjectInOSR):
2917         * generate-bytecode-files: Removed.
2918         * generator/Argument.rb: Added.
2919         * generator/Assertion.rb: Added.
2920         * generator/DSL.rb: Added.
2921         * generator/Fits.rb: Added.
2922         * generator/GeneratedFile.rb: Added.
2923         * generator/Metadata.rb: Added.
2924         * generator/Opcode.rb: Added.
2925         * generator/OpcodeGroup.rb: Added.
2926         * generator/Options.rb: Added.
2927         * generator/Section.rb: Added.
2928         * generator/Template.rb: Added.
2929         * generator/Type.rb: Added.
2930         * generator/main.rb: Added.
2931         * interpreter/AbstractPC.h:
2932         * interpreter/CallFrame.cpp:
2933         (JSC::CallFrame::currentVPC const):
2934         (JSC::CallFrame::setCurrentVPC):
2935         * interpreter/CallFrame.h:
2936         (JSC::CallSiteIndex::CallSiteIndex):
2937         (JSC::ExecState::setReturnPC):
2938         * interpreter/Interpreter.cpp:
2939         (WTF::printInternal):
2940         * interpreter/Interpreter.h:
2941         * interpreter/InterpreterInlines.h:
2942         * interpreter/StackVisitor.cpp:
2943         (JSC::StackVisitor::Frame::dump const):
2944         * interpreter/VMEntryRecord.h:
2945         * jit/JIT.cpp:
2946         (JSC::JIT::JIT):
2947         (JSC::JIT::emitSlowCaseCall):
2948         (JSC::JIT::privateCompileMainPass):
2949         (JSC::JIT::privateCompileSlowCases):
2950         (JSC::JIT::compileWithoutLinking):
2951         (JSC::JIT::link):
2952         * jit/JIT.h:
2953         * jit/JITArithmetic.cpp:
2954         (JSC::JIT::emit_op_jless):
2955         (JSC::JIT::emit_op_jlesseq):
2956         (JSC::JIT::emit_op_jgreater):
2957         (JSC::JIT::emit_op_jgreatereq):
2958         (JSC::JIT::emit_op_jnless):
2959         (JSC::JIT::emit_op_jnlesseq):
2960         (JSC::JIT::emit_op_jngreater):
2961         (JSC::JIT::emit_op_jngreatereq):
2962         (JSC::JIT::emitSlow_op_jless):
2963         (JSC::JIT::emitSlow_op_jlesseq):
2964         (JSC::JIT::emitSlow_op_jgreater):
2965         (JSC::JIT::emitSlow_op_jgreatereq):
2966         (JSC::JIT::emitSlow_op_jnless):
2967         (JSC::JIT::emitSlow_op_jnlesseq):
2968         (JSC::JIT::emitSlow_op_jngreater):
2969         (JSC::JIT::emitSlow_op_jngreatereq):
2970         (JSC::JIT::emit_op_below):
2971         (JSC::JIT::emit_op_beloweq):
2972         (JSC::JIT::emit_op_jbelow):
2973         (JSC::JIT::emit_op_jbeloweq):
2974         (JSC::JIT::emit_op_unsigned):
2975         (JSC::JIT::emit_compareAndJump):
2976         (JSC::JIT::emit_compareUnsignedAndJump):
2977         (JSC::JIT::emit_compareUnsigned):
2978         (JSC::JIT::emit_compareAndJumpSlow):
2979         (JSC::JIT::emit_op_inc):
2980         (JSC::JIT::emit_op_dec):
2981         (JSC::JIT::emit_op_mod):
2982         (JSC::JIT::emitSlow_op_mod):
2983         (JSC::JIT::emit_op_negate):
2984         (JSC::JIT::emitSlow_op_negate):
2985         (JSC::JIT::emitBitBinaryOpFastPath):
2986         (JSC::JIT::emit_op_bitand):
2987         (JSC::JIT::emit_op_bitor):
2988         (JSC::JIT::emit_op_bitxor):
2989         (JSC::JIT::emit_op_lshift):
2990         (JSC::JIT::emitRightShiftFastPath):
2991         (JSC::JIT::emit_op_rshift):
2992         (JSC::JIT::emit_op_urshift):
2993         (JSC::getOperandTypes):
2994         (JSC::JIT::emit_op_add):
2995         (JSC::JIT::emitSlow_op_add):
2996         (JSC::JIT::emitMathICFast):
2997         (JSC::JIT::emitMathICSlow):
2998         (JSC::JIT::emit_op_div):
2999         (JSC::JIT::emit_op_mul):
3000         (JSC::JIT::emitSlow_op_mul):
3001         (JSC::JIT::emit_op_sub):
3002         (JSC::JIT::emitSlow_op_sub):
3003         * jit/JITCall.cpp:
3004         (JSC::JIT::emitPutCallResult):
3005         (JSC::JIT::compileSetupFrame):
3006         (JSC::JIT::compileCallEval):
3007         (JSC::JIT::compileCallEvalSlowCase):
3008         (JSC::JIT::compileTailCall):
3009         (JSC::JIT::compileOpCall):
3010         (JSC::JIT::compileOpCallSlowCase):
3011         (JSC::JIT::emit_op_call):
3012         (JSC::JIT::emit_op_tail_call):
3013         (JSC::JIT::emit_op_call_eval):
3014         (JSC::JIT::emit_op_call_varargs):
3015         (JSC::JIT::emit_op_tail_call_varargs):
3016         (JSC::JIT::emit_op_tail_call_forward_arguments):
3017         (JSC::JIT::emit_op_construct_varargs):
3018         (JSC::JIT::emit_op_construct):
3019         (JSC::JIT::emitSlow_op_call):
3020         (JSC::JIT::emitSlow_op_tail_call):
3021         (JSC::JIT::emitSlow_op_call_eval):
3022         (JSC::JIT::emitSlow_op_call_varargs):
3023         (JSC::JIT::emitSlow_op_tail_call_varargs):
3024         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
3025         (JSC::JIT::emitSlow_op_construct_varargs):
3026         (JSC::JIT::emitSlow_op_construct):
3027         * jit/JITDisassembler.cpp:
3028         (JSC::JITDisassembler::JITDisassembler):
3029         * jit/JITExceptions.cpp:
3030         (JSC::genericUnwind):
3031         * jit/JITInlines.h:
3032         (JSC::JIT::emitDoubleGetByVal):
3033         (JSC::JIT::emitLoadForArrayMode):
3034         (JSC::JIT::emitContiguousGetByVal):
3035         (JSC::JIT::emitArrayStorageGetByVal):
3036         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
3037         (JSC::JIT::sampleInstruction):
3038         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
3039         (JSC::JIT::emitValueProfilingSite):
3040         (JSC::JIT::jumpTarget):
3041         (JSC::JIT::copiedGetPutInfo):
3042         (JSC::JIT::copiedArithProfile):
3043         * jit/JITMathIC.h:
3044         (JSC::isProfileEmpty):
3045         (JSC::JITBinaryMathIC::JITBinaryMathIC):
3046         (JSC::JITUnaryMathIC::JITUnaryMathIC):
3047         * jit/JITOpcodes.cpp:
3048         (JSC::JIT::emit_op_mov):
3049         (JSC::JIT::emit_op_end):
3050         (JSC::JIT::emit_op_jmp):
3051         (JSC::JIT::emit_op_new_object):
3052         (JSC::JIT::emitSlow_op_new_object):
3053         (JSC::JIT::emit_op_overrides_has_instance):
3054         (JSC::JIT::emit_op_instanceof):
3055         (JSC::JIT::emitSlow_op_instanceof):
3056         (JSC::JIT::emit_op_instanceof_custom):
3057         (JSC::JIT::emit_op_is_empty):
3058         (JSC::JIT::emit_op_is_undefined):
3059         (JSC::JIT::emit_op_is_boolean):
3060         (JSC::JIT::emit_op_is_number):
3061         (JSC::JIT::emit_op_is_cell_with_type):
3062         (JSC::JIT::emit_op_is_object):
3063         (JSC::JIT::emit_op_ret):
3064         (JSC::JIT::emit_op_to_primitive):
3065         (JSC::JIT::emit_op_set_function_name):
3066         (JSC::JIT::emit_op_not):
3067         (JSC::JIT::emit_op_jfalse):
3068         (JSC::JIT::emit_op_jeq_null):
3069         (JSC::JIT::emit_op_jneq_null):
3070         (JSC::JIT::emit_op_jneq_ptr):
3071         (JSC::JIT::emit_op_eq):
3072         (JSC::JIT::emit_op_jeq):
3073         (JSC::JIT::emit_op_jtrue):
3074         (JSC::JIT::emit_op_neq):
3075         (JSC::JIT::emit_op_jneq):
3076         (JSC::JIT::emit_op_throw):
3077         (JSC::JIT::compileOpStrictEq):
3078         (JSC::JIT::emit_op_stricteq):
3079         (JSC::JIT::emit_op_nstricteq):
3080         (JSC::JIT::compileOpStrictEqJump):
3081         (JSC::JIT::emit_op_jstricteq):
3082         (JSC::JIT::emit_op_jnstricteq):
3083         (JSC::JIT::emitSlow_op_jstricteq):
3084         (JSC::JIT::emitSlow_op_jnstricteq):
3085         (JSC::JIT::emit_op_to_number):
3086         (JSC::JIT::emit_op_to_string):
3087         (JSC::JIT::emit_op_to_object):
3088         (JSC::JIT::emit_op_catch):
3089         (JSC::JIT::emit_op_identity_with_profile):
3090         (JSC::JIT::emit_op_get_parent_scope):
3091         (JSC::JIT::emit_op_switch_imm):
3092         (JSC::JIT::emit_op_switch_char):
3093         (JSC::JIT::emit_op_switch_string):
3094         (JSC::JIT::emit_op_debug):
3095         (JSC::JIT::emit_op_eq_null):
3096         (JSC::JIT::emit_op_neq_null):
3097         (JSC::JIT::emit_op_enter):
3098         (JSC::JIT::emit_op_get_scope):
3099         (JSC::JIT::emit_op_to_this):
3100         (JSC::JIT::emit_op_create_this):
3101         (JSC::JIT::emit_op_check_tdz):
3102         (JSC::JIT::emitSlow_op_eq):
3103         (JSC::JIT::emitSlow_op_neq):
3104         (JSC::JIT::emitSlow_op_jeq):
3105         (JSC::JIT::emitSlow_op_jneq):
3106         (JSC::JIT::emitSlow_op_instanceof_custom):
3107         (JSC::JIT::emit_op_loop_hint):
3108         (JSC::JIT::emitSlow_op_loop_hint):
3109         (JSC::JIT::emit_op_check_traps):
3110         (JSC::JIT::emit_op_nop):
3111         (JSC::JIT::emit_op_super_sampler_begin):
3112         (JSC::JIT::emit_op_super_sampler_end):
3113         (JSC::JIT::emitSlow_op_check_traps):
3114         (JSC::JIT::emit_op_new_regexp):
3115         (JSC::JIT::emitNewFuncCommon):
3116         (JSC::JIT::emit_op_new_func):
3117         (JSC::JIT::emit_op_new_generator_func):
3118         (JSC::JIT::emit_op_new_async_generator_func):
3119         (JSC::JIT::emit_op_new_async_func):
3120         (JSC::JIT::emitNewFuncExprCommon):
3121         (JSC::JIT::emit_op_new_func_exp):
3122         (JSC::JIT::emit_op_new_generator_func_exp):
3123         (JSC::JIT::emit_op_new_async_func_exp):
3124         (JSC::JIT::emit_op_new_async_generator_func_exp):
3125         (JSC::JIT::emit_op_new_array):
3126         (JSC::JIT::emit_op_new_array_with_size):
3127         (JSC::JIT::emit_op_has_structure_property):
3128         (JSC::JIT::privateCompileHasIndexedProperty):
3129         (JSC::JIT::emit_op_has_indexed_property):
3130         (JSC::JIT::emitSlow_op_has_indexed_property):
3131         (JSC::JIT::emit_op_get_direct_pname):
3132         (JSC::JIT::emit_op_enumerator_structure_pname):
3133         (JSC::JIT::emit_op_enumerator_generic_pname):
3134         (JSC::JIT::emit_op_profile_type):
3135         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
3136         (JSC::JIT::emit_op_log_shadow_chicken_tail):
3137         (JSC::JIT::emit_op_profile_control_flow):
3138         (JSC::JIT::emit_op_argument_count):
3139         (JSC::JIT::emit_op_get_rest_length):
3140         (JSC::JIT::emit_op_get_argument):
3141         * jit/JITOpcodes32_64.cpp:
3142         (JSC::JIT::emit_op_to_this):
3143         * jit/JITOperations.cpp:
3144         * jit/JITOperations.h:
3145         * jit/JITPropertyAccess.cpp:
3146         (JSC::JIT::emit_op_get_by_val):
3147         (JSC::JIT::emitGetByValWithCachedId):
3148         (JSC::JIT::emitSlow_op_get_by_val):
3149         (JSC::JIT::emit_op_put_by_val_direct):
3150         (JSC::JIT::emit_op_put_by_val):
3151         (JSC::JIT::emitGenericContiguousPutByVal):
3152         (JSC::JIT::emitArrayStoragePutByVal):
3153         (JSC::JIT::emitPutByValWithCachedId):
3154         (JSC::JIT::emitSlow_op_put_by_val):
3155         (JSC::JIT::emit_op_put_getter_by_id):
3156         (JSC::JIT::emit_op_put_setter_by_id):
3157         (JSC::JIT::emit_op_put_getter_setter_by_id):
3158         (JSC::JIT::emit_op_put_getter_by_val):
3159         (JSC::JIT::emit_op_put_setter_by_val):
3160         (JSC::JIT::emit_op_del_by_id):
3161         (JSC::JIT::emit_op_del_by_val):
3162         (JSC::JIT::emit_op_try_get_by_id):
3163         (JSC::JIT::emitSlow_op_try_get_by_id):
3164         (JSC::JIT::emit_op_get_by_id_direct):
3165         (JSC::JIT::emitSlow_op_get_by_id_direct):
3166         (JSC::JIT::emit_op_get_by_id):
3167         (JSC::JIT::emit_op_get_by_id_with_this):
3168         (JSC::JIT::emitSlow_op_get_by_id):
3169         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3170         (JSC::JIT::emit_op_put_by_id):
3171         (JSC::JIT::emitSlow_op_put_by_id):
3172         (JSC::JIT::emit_op_in_by_id):
3173         (JSC::JIT::emitSlow_op_in_by_id):
3174         (JSC::JIT::emit_op_resolve_scope):
3175         (JSC::JIT::emit_op_get_from_scope):
3176         (JSC::JIT::emitSlow_op_get_from_scope):
3177         (JSC::JIT::emit_op_put_to_scope):
3178         (JSC::JIT::emitSlow_op_put_to_scope):
3179         (JSC::JIT::emit_op_get_from_arguments):
3180         (JSC::JIT::emit_op_put_to_arguments):
3181         (JSC::JIT::privateCompileGetByVal):
3182         (JSC::JIT::privateCompileGetByValWithCachedId):
3183         (JSC::JIT::privateCompilePutByVal):
3184         (JSC::JIT::privateCompilePutByValWithCachedId):
3185         (JSC::JIT::emitDoubleLoad):
3186         (JSC::JIT::emitContiguousLoad):
3187         (JSC::JIT::emitArrayStorageLoad):
3188         (JSC::JIT::emitDirectArgumentsGetByVal):
3189         (JSC::JIT::emitScopedArgumentsGetByVal):
3190         (JSC::JIT::emitIntTypedArrayGetByVal):
3191         (JSC::JIT::emitFloatTypedArrayGetByVal):
3192         (JSC::JIT::emitIntTypedArrayPutByVal):
3193         (JSC::JIT::emitFloatTypedArrayPutByVal):
3194         * jit/RegisterSet.cpp:
3195         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
3196         * jit/SlowPathCall.h:
3197         (JSC::JITSlowPathCall::JITSlowPathCall):
3198         * llint/LLIntData.cpp:
3199         (JSC::LLInt::initialize):
3200         (JSC::LLInt::Data::performAssertions):
3201         * llint/LLIntData.h:
3202         (JSC::LLInt::exceptionInstructions):
3203         (JSC::LLInt::opcodeMap):
3204         (JSC::LLInt::opcodeMapWide):
3205         (JSC::LLInt::getOpcode):
3206         (JSC::LLInt::getOpcodeWide):
3207         (JSC::LLInt::getWideCodePtr):
3208         * llint/LLIntOffsetsExtractor.cpp:
3209         * llint/LLIntSlowPaths.cpp:
3210         (JSC::LLInt::llint_trace_operand):
3211         (JSC::LLInt::llint_trace_value):
3212         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3213         (JSC::LLInt::entryOSR):
3214         (JSC::LLInt::setupGetByIdPrototypeCache):
3215         (JSC::LLInt::getByVal):
3216         (JSC::LLInt::handleHostCall):
3217         (JSC::LLInt::setUpCall):
3218         (JSC::LLInt::genericCall):
3219         (JSC::LLInt::varargsSetup):
3220         (JSC::LLInt::commonCallEval):
3221         * llint/LLIntSlowPaths.h:
3222         * llint/LowLevelInterpreter.asm:
3223         * llint/LowLevelInterpreter.cpp:
3224         (JSC::CLoopRegister::operator const Instruction*):
3225         (JSC::CLoop::execute):
3226         * llint/LowLevelInterpreter32_64.asm:
3227         * llint/LowLevelInterpreter64.asm:
3228         * offlineasm/arm64.rb:
3229         * offlineasm/asm.rb:
3230         * offlineasm/ast.rb:
3231         * offlineasm/cloop.rb:
3232         * offlineasm/generate_offset_extractor.rb:
3233         * offlineasm/instructions.rb:
3234         * offlineasm/offsets.rb:
3235         * offlineasm/parser.rb:
3236         * offlineasm/transform.rb:
3237         * offlineasm/x86.rb:
3238         * parser/ResultType.h:
3239         (JSC::ResultType::dump const):
3240         (JSC::OperandTypes::first const):
3241         (JSC::OperandTypes::second const):
3242         (JSC::OperandTypes::dump const):
3243         * profiler/ProfilerBytecodeSequence.cpp:
3244         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
3245         * runtime/CommonSlowPaths.cpp:
3246         (JSC::SLOW_PATH_DECL):
3247         (JSC::updateArithProfileForUnaryArithOp):
3248         (JSC::updateArithProfileForBinaryArithOp):
3249         * runtime/CommonSlowPaths.h:
3250         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
3251         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
3252         * runtime/ExceptionFuzz.cpp:
3253         (JSC::doExceptionFuzzing):
3254         * runtime/ExceptionFuzz.h:
3255         (JSC::doExceptionFuzzingIfEnabled):
3256         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
3257         (JSC::GetPutInfo::dump const):
3258         (WTF::printInternal):
3259         * runtime/GetPutInfo.h:
3260         (JSC::GetPutInfo::operand const):
3261         * runtime/JSCPoison.h:
3262         * runtime/JSType.cpp: Added.
3263         (WTF::printInternal):
3264         * runtime/JSType.h:
3265         * runtime/SamplingProfiler.cpp:
3266         (JSC::SamplingProfiler::StackFrame::displayName):
3267         * runtime/SamplingProfiler.h:
3268         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
3269         * runtime/SlowPathReturnType.h:
3270         (JSC::encodeResult):
3271         (JSC::decodeResult):
3272         * runtime/VM.h:
3273         * runtime/Watchdog.h:
3274         * tools/HeapVerifier.cpp:
3275
3276 2018-10-26  Commit Queue  <commit-queue@webkit.org>
3277
3278         Unreviewed, rolling out r237445.
3279         https://bugs.webkit.org/show_bug.cgi?id=190972
3280
3281         Cause performance regression on iOS devices (Requested by
3282         yusukesuzuki on #webkit).
3283
3284         Reverted changeset:
3285
3286         "Unreviewed, partial rolling in r237254"
3287         https://bugs.webkit.org/show_bug.cgi?id=190340
3288         https://trac.webkit.org/changeset/237445
3289
3290 2018-10-26  Mark Lam  <mark.lam@apple.com>
3291
3292         Fix missing edge cases with JSGlobalObjects having a bad time.
3293         https://bugs.webkit.org/show_bug.cgi?id=189028
3294         <rdar://problem/45204939>
3295
3296         Reviewed by Saam Barati.
3297
3298         Consider the following scenario:
3299
3300             let object O1 (of global G1) have an indexing type that is not SlowPut.
3301             let global G2 have a bad time.
3302             let object O2 (of global G2) be set as the prototype of O1.
3303             let object O3 (of global G2) have indexed accessors.
3304
3305         In the existing code, if we set O3 as O2's prototype, we'll have a bug where
3306         O1 will not be made aware that that there are indexed accessors in its prototype
3307         chain.
3308
3309         In this patch, we solve this issue by introducing a new invariant:
3310
3311             A prototype chain is considered to possibly have indexed accessors if any
3312             object in the chain belongs to a global object that is having a bad time.
3313
3314         We apply this invariant as follows:
3315
3316         1. Enhance JSGlobalObject::haveABadTime() to also check if other global objects are
3317            affected by it having a bad time.  If so, it also ensures that those affected
3318            global objects have a bad time.
3319
3320            The original code for JSGlobalObject::haveABadTime() uses a ObjectsWithBrokenIndexingFinder
3321            to find all objects affected by the global object having a bad time.  We enhance
3322            ObjectsWithBrokenIndexingFinder to also check for the possibility that any global
3323            objects may be affected by other global objects having a bad time i.e.
3324
3325                 let g1 = global1
3326                 let g2 = global2
3327                 let o1 = an object in g1
3328                 let o2 = an object in g2
3329
3330                 let g1 have a bad time
3331                 g2 is affected if
3332                     o1 is in the prototype chain of o2,
3333                     and o2 may be a prototype.
3334
3335            If the ObjectsWithBrokenIndexingFinder does find the possibility of other global
3336            objects being affected, it will abort its heap scan and let haveABadTime() take
3337            a slow path to do a more complete multi global object scan.
3338
3339            The slow path works as follows:
3340
3341            1. Iterate the heap and record the graph of all global object dependencies.
3342
3343               For each global object, record the list of other global objects that are
3344               affected by it.
3345
3346            2. Compute a list of global objects that need to have a bad time using the
3347               current global object dependency graph.
3348
3349            3. For each global object in the list of affected global objects, fire their
3350               HaveABadTime watchpoint and convert all their array structures to the
3351               SlowPut alternatives.
3352
3353            4. Re-run ObjectsWithBrokenIndexingFinder to find all objects that are affected
3354               by any of the globals in the list from (2).
3355
3356         2. Enhance Structure::mayInterceptIndexedAccesses() to also return true if the
3357            structure's global object is having a bad time.
3358
3359         Note: there are 3 scenarios that we need to consider:
3360
3361             let g1 = global1
3362             let g2 = global2
3363             let o1 = an object in g1
3364             let o2 = an object in g2
3365
3366             Scenario 1: o2 is a prototype, and
3367                         g1 has a bad time after o1 is inserted into the o2's prototype chain.
3368
3369             Scenario 2: o2 is a prototype, and
3370                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
3371
3372             Scenario 3: o2 is NOT a prototype, and
3373                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
3374
3375             For scenario 1, when g1 has a bad time, we need to also make sure g2 has
3376             a bad time.  This is handled by enhancement 1 above.
3377