[BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-11-13  Caio Lima  <ticaiolima@gmail.com>
2
3         [BigInt] JSBigInt::createWithLength should throw when length is greater than JSBigInt::maxLength
4         https://bugs.webkit.org/show_bug.cgi?id=190836
5
6         Reviewed by Saam Barati.
7
8         In this patch we are creating a new method called `JSBigInt::createWithLengthUnchecked`
9         where we allocate a BigInt trusting the length received as argument.
10         With this additional method, we now check if length passed to
11         `JSBigInt::createWithLength` is not greater than JSBigInt::maxLength.
12         When the length is greater than maxLength, we then throw OOM
13         exception.
14         This required change the interface of some JSBigInt operations to
15         receive `ExecState*` instead of `VM&`. We changed only operations that
16         can throw because of OOM.
17         We beleive that this approach of throwing instead of finishing the
18         execution abruptly is better because JS programs can catch such
19         exception and handle this issue properly.
20
21         * dfg/DFGOperations.cpp:
22         * jit/JITOperations.cpp:
23         * runtime/CommonSlowPaths.cpp:
24         (JSC::SLOW_PATH_DECL):
25         * runtime/JSBigInt.cpp:
26         (JSC::JSBigInt::createZero):
27         (JSC::JSBigInt::tryCreateWithLength):
28         (JSC::JSBigInt::createWithLengthUnchecked):
29         (JSC::JSBigInt::createFrom):
30         (JSC::JSBigInt::multiply):
31         (JSC::JSBigInt::divide):
32         (JSC::JSBigInt::copy):
33         (JSC::JSBigInt::unaryMinus):
34         (JSC::JSBigInt::remainder):
35         (JSC::JSBigInt::add):
36         (JSC::JSBigInt::sub):
37         (JSC::JSBigInt::bitwiseAnd):
38         (JSC::JSBigInt::bitwiseOr):
39         (JSC::JSBigInt::bitwiseXor):
40         (JSC::JSBigInt::absoluteAdd):
41         (JSC::JSBigInt::absoluteSub):
42         (JSC::JSBigInt::absoluteDivWithDigitDivisor):
43         (JSC::JSBigInt::absoluteDivWithBigIntDivisor):
44         (JSC::JSBigInt::absoluteLeftShiftAlwaysCopy):
45         (JSC::JSBigInt::absoluteBitwiseOp):
46         (JSC::JSBigInt::absoluteAddOne):
47         (JSC::JSBigInt::absoluteSubOne):
48         (JSC::JSBigInt::toStringGeneric):
49         (JSC::JSBigInt::rightTrim):
50         (JSC::JSBigInt::allocateFor):
51         (JSC::JSBigInt::createWithLength): Deleted.
52         * runtime/JSBigInt.h:
53         * runtime/Operations.cpp:
54         (JSC::jsAddSlowCase):
55         * runtime/Operations.h:
56         (JSC::jsSub):
57         (JSC::jsMul):
58
59 2018-11-12  Devin Rousso  <drousso@apple.com>
60
61         Web Inspector: Network: show secure certificate details per-request
62         https://bugs.webkit.org/show_bug.cgi?id=191447
63         <rdar://problem/30019476>
64
65         Reviewed by Joseph Pecoraro.
66
67         Add Security domain to hold security related protocol types.
68
69         * CMakeLists.txt:
70         * DerivedSources.make:
71         * inspector/protocol/Network.json:
72         * inspector/protocol/Security.json: Added.
73         * inspector/scripts/codegen/objc_generator.py:
74         (ObjCGenerator):
75
76 2018-11-12  Saam barati  <sbarati@apple.com>
77
78         Unreviewed. Rollout 238026: It caused ~8% JetStream 2 regressions on some iOS devices
79         https://bugs.webkit.org/show_bug.cgi?id=191555
80
81         * bytecode/UnlinkedFunctionExecutable.cpp:
82         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
83         * bytecode/UnlinkedFunctionExecutable.h:
84         * parser/SourceCodeKey.h:
85         (JSC::SourceCodeKey::SourceCodeKey):
86         (JSC::SourceCodeKey::operator== const):
87         * runtime/CodeCache.cpp:
88         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
89         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
90         * runtime/CodeCache.h:
91         * runtime/FunctionConstructor.cpp:
92         (JSC::constructFunctionSkippingEvalEnabledCheck):
93         * runtime/FunctionExecutable.cpp:
94         (JSC::FunctionExecutable::fromGlobalCode):
95         * runtime/FunctionExecutable.h:
96
97 2018-11-11  Benjamin Poulain  <benjamin@webkit.org>
98
99         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
100         https://bugs.webkit.org/show_bug.cgi?id=191492
101
102         Reviewed by Alex Christensen.
103
104         Rename file.
105
106         * API/JSValue.mm:
107
108 2018-11-10  Benjamin Poulain  <benjamin@webkit.org>
109
110         Fix a fixme: rename wtfObjcMsgSend to wtfObjCMsgSend
111         https://bugs.webkit.org/show_bug.cgi?id=191492
112
113         Reviewed by Alex Christensen.
114
115         * API/JSValue.mm:
116
117 2018-11-10  Michael Catanzaro  <mcatanzaro@igalia.com>
118
119         Unreviewed, silence -Wunused-variable warning
120
121         * bytecode/Opcode.h:
122         (JSC::padOpcodeName):
123
124 2018-11-09  Keith Rollin  <krollin@apple.com>
125
126         Unreviewed build fix after https://bugs.webkit.org/show_bug.cgi?id=191324
127
128         Remove the use of .xcfilelists until their side-effects are better
129         understood.
130
131         * JavaScriptCore.xcodeproj/project.pbxproj:
132
133 2018-11-09  Keith Miller  <keith_miller@apple.com>
134
135         LLInt VectorSizeOffset should be based on offset extraction
136         https://bugs.webkit.org/show_bug.cgi?id=191468
137
138         Reviewed by Yusuke Suzuki.
139
140         This patch also adds some usings to LLIntOffsetsExtractor that
141         make it possible to use the bare names of Vector/RefCountedArray
142         in offsets extraction.
143
144         * llint/LLIntOffsetsExtractor.cpp:
145         * llint/LowLevelInterpreter.asm:
146
147 2018-11-09  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
148
149         Unreviewed, rolling in CodeCache in r237254
150         https://bugs.webkit.org/show_bug.cgi?id=190340
151
152         Land the CodeCache part, which uses DefaultHash<>::Hash instead of computeHash.
153
154         * bytecode/UnlinkedFunctionExecutable.cpp:
155         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
156         * bytecode/UnlinkedFunctionExecutable.h:
157         * parser/SourceCodeKey.h:
158         (JSC::SourceCodeKey::SourceCodeKey):
159         (JSC::SourceCodeKey::operator== const):
160         * runtime/CodeCache.cpp:
161         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
162         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
163         * runtime/CodeCache.h:
164         * runtime/FunctionConstructor.cpp:
165         (JSC::constructFunctionSkippingEvalEnabledCheck):
166         * runtime/FunctionExecutable.cpp:
167         (JSC::FunctionExecutable::fromGlobalCode):
168         * runtime/FunctionExecutable.h:
169
170 2018-11-08  Keith Miller  <keith_miller@apple.com>
171
172         put_by_val opcodes need to add the number tag as a 64-bit register
173         https://bugs.webkit.org/show_bug.cgi?id=191456
174
175         Reviewed by Saam Barati.
176
177         Previously the LLInt would add it as a pointer sized value. That is
178         wrong if pointer size is less 64-bits.
179
180         * llint/LowLevelInterpreter64.asm:
181
182 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
183
184         [JSC] isStrWhiteSpace seems redundant with Lexer<UChar>::isWhiteSpace
185         https://bugs.webkit.org/show_bug.cgi?id=191439
186
187         Reviewed by Saam Barati.
188
189         * CMakeLists.txt:
190         * runtime/ParseInt.h:
191         (JSC::isStrWhiteSpace):
192         Define isStrWhiteSpace in terms of isWhiteSpace and isLineTerminator.
193
194 2018-11-08  Michael Saboff  <msaboff@apple.com>
195
196         Options::useRegExpJIT() should use jitEnabledByDefault() just like useJIT()
197         https://bugs.webkit.org/show_bug.cgi?id=191444
198
199         Reviewed by Saam Barati.
200
201         * runtime/Options.h:
202
203 2018-11-08  Fujii Hironori  <Hironori.Fujii@sony.com>
204
205         [Win] UDis86Disassembler.cpp: warning: format specifies type 'unsigned long' but the argument has type 'uintptr_t' (aka 'unsigned long long')
206         https://bugs.webkit.org/show_bug.cgi?id=191416
207
208         Reviewed by Saam Barati.
209
210         * disassembler/UDis86Disassembler.cpp:
211         (JSC::tryToDisassembleWithUDis86): Use PRIxPTR for uintptr_t.
212
213 2018-11-08  Keith Rollin  <krollin@apple.com>
214
215         Create .xcfilelist files
216         https://bugs.webkit.org/show_bug.cgi?id=191324
217         <rdar://problem/45852819>
218
219         Reviewed by Alex Christensen.
220
221         As part of preparing for enabling XCBuild, create and use .xcfilelist
222         files. These files are using during Run Script build phases in an
223         Xcode project. If a Run Script build phase produces new files that are
224         used later as inputs to subsequent build phases, XCBuild needs to know
225         about these files. These files can be either specified in an "output
226         files" section of the Run Script phase editor, or in .xcfilelist files
227         that are associated with the Run Script build phase.
228
229         This patch takes the second approach. It consists of three sets of changes:
230
231         - Modify the DerivedSources.make files to have a
232           'print_all_generated_files" target that produces a list of the files
233           they create.
234
235         - Create a shell script that produces .xcfilelist files from the
236           output of the previous step, as well as for the files created in the
237           Generate Unified Sources build steps.
238
239         - Add the new .xcfilelist files to the associated projects.
240
241         Note that, with these changes, the Xcode workspace and projects can no
242         longer be fully loaded into Xcode 9. Xcode will attempt to load the
243         projects that have .xcfilelist files associated with them, but will
244         fail and display a placeholder for those projects instead. It's
245         expected that all developers are using Xcode 10 by now and that not
246         being able to load into Xcode 9 is not a practical issue. Keep in mind
247         that this is strictly an IDE issue, and that the projects can still be
248         built with `xcodebuild`.
249
250         Also note that the shell script that creates the .xcfilelist files can
251         also be used to verify that the set of files that's currently checked
252         in is up-to-date. This checking can be used as part of a check-in hook
253         or part of check-webkit-style to sooner catch cases where the
254         .xcfilelist files need to be regenerated.
255
256         * DerivedSources.make:
257         * DerivedSources.xcfilelist: Added.
258         * JavaScriptCore.xcodeproj/project.pbxproj:
259         * UnifiedSources.xcfilelist: Added.
260
261 2018-11-08  Ross Kirsling  <ross.kirsling@sony.com>
262
263         U+180E is no longer a whitespace character
264         https://bugs.webkit.org/show_bug.cgi?id=191415
265
266         Reviewed by Saam Barati.
267
268         Mongolian Vowel Separator stopped being a valid whitespace character as of ES2016.
269         (https://github.com/tc39/ecma262/pull/300)
270
271         * parser/Lexer.h:
272         (JSC::Lexer<UChar>::isWhiteSpace):
273         * runtime/ParseInt.h:
274         (JSC::isStrWhiteSpace):
275         * yarr/create_regex_tables:
276
277 2018-11-08  Keith Miller  <keith_miller@apple.com>
278
279         jitEnabledByDefault() should be on useJIT not useBaselineJIT
280         https://bugs.webkit.org/show_bug.cgi?id=191434
281
282         Reviewed by Saam Barati.
283
284         * runtime/Options.h:
285
286 2018-11-08  Joseph Pecoraro  <pecoraro@apple.com>
287
288         Web Inspector: Restrict domains at the target level instead of only at the window level
289         https://bugs.webkit.org/show_bug.cgi?id=191344
290
291         Reviewed by Devin Rousso.
292
293         * inspector/protocol/Console.json:
294         * inspector/protocol/Debugger.json:
295         * inspector/protocol/Heap.json:
296         * inspector/protocol/Runtime.json:
297         Remove workerSupported as it is now no longer necessary. It is implied
298         by availability being empty (meaning it is supported everywhere).
299
300         * inspector/protocol/Inspector.json:
301         * inspector/protocol/ScriptProfiler.json:
302         Restrict to "javascript" and "web" debuggables, not available in workers.
303
304         * inspector/protocol/Worker.json:
305         Cleanup, remove empty types list.
306         
307         * inspector/protocol/Recording.json:
308         Cleanup, only expose this in the "web" domain for now.
309
310         * inspector/scripts/codegen/generate_js_backend_commands.py:
311         (JSBackendCommandsGenerator.generate_domain):
312         * inspector/scripts/codegen/models.py:
313         (Protocol.parse_domain):
314         Allow a list of debuggable types. Add "worker" even though it is unused
315         since that is a type we would want to allow or consider.
316
317         (Domain.__init__):
318         (Domains):
319         Remove now unnecessary workerSupported code.
320         Allow availability on a domain with only types.
321
322         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Removed.
323         * inspector/scripts/tests/generic/worker-supported-domains.json: Removed.
324
325 2018-11-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
326
327         Consider removing double load for accessing the MetadataTable from LLInt
328         https://bugs.webkit.org/show_bug.cgi?id=190933
329
330         Reviewed by Keith Miller.
331
332         This patch removes double load for accesses to MetadataTable from LLInt.
333         MetadataTable is now specially RefCounted class, which has interesting memory layout.
334         When refcount becomes 0, MetadataTable asks UnlinkedMetadataTable to destroy itself.
335
336         * bytecode/CodeBlock.cpp:
337         (JSC::CodeBlock::finishCreation):
338         (JSC::CodeBlock::estimatedSize):
339         (JSC::CodeBlock::visitChildren):
340         * bytecode/CodeBlock.h:
341         (JSC::CodeBlock::metadata):
342         * bytecode/CodeBlockInlines.h:
343         (JSC::CodeBlock::forEachValueProfile):
344         (JSC::CodeBlock::forEachArrayProfile):
345         (JSC::CodeBlock::forEachArrayAllocationProfile):
346         (JSC::CodeBlock::forEachObjectAllocationProfile):
347         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
348         * bytecode/MetadataTable.cpp:
349         (JSC::MetadataTable::MetadataTable):
350         (JSC::MetadataTable::~MetadataTable):
351         (JSC::MetadataTable::sizeInBytes):
352         * bytecode/MetadataTable.h:
353         (JSC::MetadataTable::get):
354         (JSC::MetadataTable::forEach):
355         (JSC::MetadataTable::ref const):
356         (JSC::MetadataTable::deref const):
357         (JSC::MetadataTable::refCount const):
358         (JSC::MetadataTable::hasOneRef const):
359         (JSC::MetadataTable::buffer):
360         (JSC::MetadataTable::linkingData const):
361         (JSC::MetadataTable::getImpl):
362         * bytecode/UnlinkedMetadataTable.h:
363         (JSC::UnlinkedMetadataTable::buffer const):
364         * bytecode/UnlinkedMetadataTableInlines.h:
365         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
366         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
367         (JSC::UnlinkedMetadataTable::addEntry):
368         (JSC::UnlinkedMetadataTable::sizeInBytes):
369         (JSC::UnlinkedMetadataTable::finalize):
370         (JSC::UnlinkedMetadataTable::link):
371         (JSC::UnlinkedMetadataTable::unlink):
372         * llint/LowLevelInterpreter.asm:
373         * llint/LowLevelInterpreter32_64.asm:
374
375 2018-11-07  Caio Lima  <ticaiolima@gmail.com>
376
377         [BigInt] Add support to BigInt into ValueAdd
378         https://bugs.webkit.org/show_bug.cgi?id=186177
379
380         Reviewed by Keith Miller.
381
382         We are adding a very primitive specialization case of BigInts into ValueAdd.
383         When compiling a speculated version of this node to BigInt, we are currently
384         calling 'operationAddBigInt', a function that expects only BigInts as
385         parameter and effectly add numbers using JSBigInt::add. To properly
386         speculate BigInt operands, we changed ArithProfile to observe when
387         its result is a BigInt. With this new observation, we are able to identify
388         when ValueAdd results into a String or BigInt.
389
390         Here are some numbers for this specialization running
391         microbenchmarks:
392
393         big-int-simple-add                   21.5411+-1.1096  ^  15.3502+-0.7027  ^ definitely 1.4033x faster
394         big-int-add-prediction-propagation   13.7762+-0.5578  ^  10.8117+-0.5330  ^ definitely 1.2742x faster
395
396         * bytecode/ArithProfile.cpp:
397         (JSC::ArithProfile::emitObserveResult):
398         (JSC::ArithProfile::shouldEmitSetNonNumeric const):
399         (JSC::ArithProfile::shouldEmitSetBigInt const):
400         (JSC::ArithProfile::emitSetNonNumeric const):
401         (JSC::ArithProfile::emitSetBigInt const):
402         (WTF::printInternal):
403         (JSC::ArithProfile::shouldEmitSetNonNumber const): Deleted.
404         (JSC::ArithProfile::emitSetNonNumber const): Deleted.
405         * bytecode/ArithProfile.h:
406         (JSC::ArithProfile::observedUnaryInt):
407         (JSC::ArithProfile::observedUnaryNumber):
408         (JSC::ArithProfile::observedBinaryIntInt):
409         (JSC::ArithProfile::observedBinaryNumberInt):
410         (JSC::ArithProfile::observedBinaryIntNumber):
411         (JSC::ArithProfile::observedBinaryNumberNumber):
412         (JSC::ArithProfile::didObserveNonInt32 const):
413         (JSC::ArithProfile::didObserveNonNumeric const):
414         (JSC::ArithProfile::didObserveBigInt const):
415         (JSC::ArithProfile::setObservedNonNumeric):
416         (JSC::ArithProfile::setObservedBigInt):
417         (JSC::ArithProfile::observeResult):
418         (JSC::ArithProfile::didObserveNonNumber const): Deleted.
419         (JSC::ArithProfile::setObservedNonNumber): Deleted.
420         * dfg/DFGByteCodeParser.cpp:
421         (JSC::DFG::ByteCodeParser::makeSafe):
422         * dfg/DFGFixupPhase.cpp:
423         (JSC::DFG::FixupPhase::fixupNode):
424         * dfg/DFGNode.h:
425         (JSC::DFG::Node::mayHaveNonNumericResult):
426         (JSC::DFG::Node::mayHaveBigIntResult):
427         (JSC::DFG::Node::mayHaveNonNumberResult): Deleted.
428         * dfg/DFGNodeFlags.cpp:
429         (JSC::DFG::dumpNodeFlags):
430         * dfg/DFGNodeFlags.h:
431         * dfg/DFGOperations.cpp:
432         * dfg/DFGOperations.h:
433         * dfg/DFGPredictionPropagationPhase.cpp:
434         * dfg/DFGSpeculativeJIT.cpp:
435         (JSC::DFG::SpeculativeJIT::compileValueAdd):
436         * ftl/FTLLowerDFGToB3.cpp:
437         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
438         * runtime/CommonSlowPaths.cpp:
439         (JSC::updateArithProfileForUnaryArithOp):
440         (JSC::updateArithProfileForBinaryArithOp):
441
442 2018-11-07  Joseph Pecoraro  <pecoraro@apple.com>
443
444         Web Inspector: Fix "Javascript" => "JavaScript" enum in protocol generated objects
445         https://bugs.webkit.org/show_bug.cgi?id=191340
446
447         Reviewed by Devin Rousso.
448
449         * inspector/ConsoleMessage.cpp:
450         (Inspector::messageSourceValue):
451         Use new enum name.
452
453         * inspector/scripts/codegen/generator.py:
454         Correct the casing of "JavaScript".
455
456 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
457
458         Align wide opcodes in the instruction stream
459         https://bugs.webkit.org/show_bug.cgi?id=191254
460
461         Reviewed by Keith Miller.
462
463         Pad the bytecode with nops to ensure that wide opcodes are 4-byte
464         aligned on platforms that don't like unaligned memory access.
465
466         For that, add a new type to represent jump targets, BoundLabel, which
467         delays computing the offset in case we need to emit nops for padding.
468         Extra padding is also emitted before op_yield and at the of each
469         BytecodeWriter fragment, to ensure that the bytecode remains aligned
470         after the rewriting.
471
472         As a side effect, we can longer guarantee that the point immediately
473         before emitting an opcode is the start of that opcode, since nops
474         might be emitted in between if the opcode needs to be wide. To fix
475         that, we only take the offset of opcodes after they have been emitted,
476         using `m_lastInstruction.offset()`.
477
478         * bytecode/BytecodeDumper.h:
479         (JSC::BytecodeDumper::dumpValue):
480         * bytecode/BytecodeGeneratorification.cpp:
481         (JSC::BytecodeGeneratorification::run):
482         * bytecode/BytecodeList.rb:
483         * bytecode/BytecodeRewriter.h:
484         (JSC::BytecodeRewriter::Fragment::align):
485         (JSC::BytecodeRewriter::insertFragmentBefore):
486         (JSC::BytecodeRewriter::insertFragmentAfter):
487         * bytecode/Fits.h:
488         * bytecode/InstructionStream.h:
489         (JSC::InstructionStreamWriter::ref):
490         * bytecode/PreciseJumpTargetsInlines.h:
491         (JSC::updateStoredJumpTargetsForInstruction):
492         * bytecompiler/BytecodeGenerator.cpp:
493         (JSC::Label::setLocation):
494         (JSC::BoundLabel::target):
495         (JSC::BoundLabel::saveTarget):
496         (JSC::BoundLabel::commitTarget):
497         (JSC::BytecodeGenerator::generate):
498         (JSC::BytecodeGenerator::recordOpcode):
499         (JSC::BytecodeGenerator::alignWideOpcode):
500         (JSC::BytecodeGenerator::emitProfileControlFlow):
501         (JSC::BytecodeGenerator::emitResolveScope):
502         (JSC::BytecodeGenerator::emitGetFromScope):
503         (JSC::BytecodeGenerator::emitPutToScope):
504         (JSC::BytecodeGenerator::emitGetById):
505         (JSC::BytecodeGenerator::emitDirectGetById):
506         (JSC::BytecodeGenerator::emitPutById):
507         (JSC::BytecodeGenerator::emitDirectPutById):
508         (JSC::BytecodeGenerator::emitGetByVal):
509         (JSC::BytecodeGenerator::emitCreateThis):
510         (JSC::BytecodeGenerator::beginSwitch):
511         (JSC::BytecodeGenerator::endSwitch):
512         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
513         (JSC::BytecodeGenerator::emitYieldPoint):
514         (JSC::BytecodeGenerator::emitToThis):
515         (JSC::Label::bind): Deleted.
516         * bytecompiler/BytecodeGenerator.h:
517         (JSC::BytecodeGenerator::recordOpcode): Deleted.
518         * bytecompiler/Label.h:
519         (JSC::BoundLabel::BoundLabel):
520         (JSC::BoundLabel::operator int):
521         (JSC::Label::bind):
522         * generator/Opcode.rb:
523
524 2018-11-07  Tadeu Zagallo  <tzagallo@apple.com>
525
526         REGRESSION(r237547): Test failures on 32-bit JSC since the JIT was disabled
527         https://bugs.webkit.org/show_bug.cgi?id=191184
528
529         Reviewed by Saam Barati.
530
531         Fix API test on CLoop: we can only disable the LLInt when the JIT is enabled.
532
533         * API/tests/PingPongStackOverflowTest.cpp:
534         (testPingPongStackOverflow):
535
536 2018-11-06  Justin Fan  <justin_fan@apple.com>
537
538         [WebGPU] Experimental prototype for WebGPURenderPipeline and WebGPUSwapChain
539         https://bugs.webkit.org/show_bug.cgi?id=191291
540
541         Reviewed by Myles Maxfield.
542
543         Properly disable WEBGPU on all non-Metal platforms for now.
544
545         * Configurations/FeatureDefines.xcconfig:
546
547 2018-11-06  Keith Rollin  <krollin@apple.com>
548
549         Adjust handling of Include paths that need quoting
550         https://bugs.webkit.org/show_bug.cgi?id=191314
551         <rdar://problem/45849143>
552
553         Reviewed by Dan Bernstein.
554
555         There are several places in the JavaScriptCore Xcode project where the
556         paths defined in HEADER_SEARCH_PATHS are quoted. That is, the
557         definitions look like:
558
559             HEADER_SEARCH_PATHS = (
560                 "\"${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore\"",
561                 "\"${BUILT_PRODUCTS_DIR}/LLIntOffsets/${ARCHS}\"",
562                 "\"$(JAVASCRIPTCORE_FRAMEWORKS_DIR)/JavaScriptCore.framework/PrivateHeaders\"",
563                 "$(inherited)",
564             );
565
566         The idea here is presumably to have the resulting $(CPP) command have
567         -I options where the associated paths are themselves quoted,
568         protecting against space characters in the paths.
569
570         This approach to quote management can break under Xcode 9. If
571         .xcfilelist files are added to the project, the 'objectVersion' value
572         in the Xcode project file is changed from 46 to 51. If a project with
573         objectVersion=51 is presented to Xcode 9 (as can happen when we build
574         for older OS's), it produces build lines where the quotes are escaped,
575         thereby becoming part of the path. The build then fails because a
576         search for a file normally found in a directory called "Foo" will be
577         looked for in "\"Foo\"", which doesn't exist.
578
579         Simply removing the escaped quotes from the HEADER_SEARCH_PATHS
580         definition doesn't work, leading to paths that need quoting due to
581         space characters but that don't get this quoting (the part of the path
582         after the space appears to simply go missing).
583
584         Removing the escaped quotes from the HEADER_SEARCH_PATHS and moving
585         the definitions to the .xcconfig fixes this problem.
586
587         * Configurations/ToolExecutable.xcconfig:
588         * JavaScriptCore.xcodeproj/project.pbxproj:
589
590 2018-11-06  Michael Saboff  <msaboff@apple.com>
591
592         Multiple stress/regexp-compile-oom.js tests are failing on High Sierra Debug and Release JSC testers.
593         https://bugs.webkit.org/show_bug.cgi?id=191271
594
595         Reviewed by Saam Barati.
596
597         Fixed use of ThrowScope my adding release() calls.  Found a few places where we needed
598         RETURN_IF_EXCEPTION().  After some code inspections determined that we need to cover the
599         exception bubbling for String.match() with a global RegExp as well as String.replace()
600         and String.search().
601
602         * runtime/RegExpObjectInlines.h:
603         (JSC::RegExpObject::matchInline):
604         (JSC::collectMatches):
605         * runtime/RegExpPrototype.cpp:
606         (JSC::regExpProtoFuncSearchFast):
607         * runtime/StringPrototype.cpp:
608         (JSC::removeUsingRegExpSearch):
609         (JSC::replaceUsingRegExpSearch):
610
611 2018-11-05  Don Olmstead  <don.olmstead@sony.com>
612
613         Fix typos in closing ENABLE guards
614         https://bugs.webkit.org/show_bug.cgi?id=191273
615
616         Reviewed by Keith Miller.
617
618         * ftl/FTLForOSREntryJITCode.h:
619         * ftl/FTLJITCode.h:
620         * jsc.cpp:
621         * wasm/WasmMemoryInformation.h:
622         * wasm/WasmPageCount.h:
623
624 2018-11-05  Keith Miller  <keith_miller@apple.com>
625
626         Make static_asserts in APICast into bitwise_cast
627         https://bugs.webkit.org/show_bug.cgi?id=191272
628
629         Reviewed by Filip Pizlo.
630
631         * API/APICast.h:
632         (toJS):
633         (toJSForGC):
634         (toRef):
635
636 2018-11-05  Dominik Infuehr  <dinfuehr@igalia.com>
637
638         Enable LLInt on ARMv7/Linux
639         https://bugs.webkit.org/show_bug.cgi?id=191190
640
641         Reviewed by Yusuke Suzuki.
642
643         After enabling the new bytecode format in r237547, C_LOOP was
644         forced on all 32-bit platforms. Now enable LLInt again on
645         ARMv7-Thumb2/Linux.
646
647         This adds a callee-saved register in ARMv7/Linux for the metadataTable and
648         stores/restores it on LLInt function calls. It also introduces the globaladdr-
649         instruction for the ARM-offlineasm to access the opcode-table.
650
651         * jit/GPRInfo.h:
652         * jit/RegisterSet.cpp:
653         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
654         * llint/LowLevelInterpreter.asm:
655         * llint/LowLevelInterpreter32_64.asm:
656         * offlineasm/arm.rb:
657         * offlineasm/asm.rb:
658         * offlineasm/instructions.rb:
659
660 2018-11-05  Fujii Hironori  <Hironori.Fujii@sony.com>
661
662         [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class"
663         https://bugs.webkit.org/show_bug.cgi?id=191146
664
665         Reviewed by Yusuke Suzuki.
666
667         * jit/JIT.h: Changed is64BitType from a template class method to a
668         template inner class.
669
670 2018-11-02  Keith Miller  <keith_miller@apple.com>
671
672         Assert JSValues can fit into a pointer when API casting
673         https://bugs.webkit.org/show_bug.cgi?id=191220
674
675         Reviewed by Michael Saboff.
676
677         * API/APICast.h:
678         (toJS):
679         (toJSForGC):
680         (toRef):
681
682 2018-11-02  Michael Saboff  <msaboff@apple.com>
683
684         Rolling in r237753 with unreviewed build fix.
685
686         Fixed issues with DECLARE_THROW_SCOPE placement.
687
688 2018-11-02  Ryan Haddad  <ryanhaddad@apple.com>
689
690         Unreviewed, rolling out r237753.
691
692         Introduced JSC test failures
693
694         Reverted changeset:
695
696         "Running out of stack space not properly handled in
697         RegExp::compile() and its callers"
698         https://bugs.webkit.org/show_bug.cgi?id=191206
699         https://trac.webkit.org/changeset/237753
700
701 2018-11-02  Michael Saboff  <msaboff@apple.com>
702
703         Running out of stack space not properly handled in RegExp::compile() and its callers
704         https://bugs.webkit.org/show_bug.cgi?id=191206
705
706         Reviewed by Filip Pizlo.
707
708         Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code.  Bubbled those errors
709         up to where they are turned into the appropriate exceptions in matchInline().  If the errors are not due
710         to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack.
711
712         * runtime/RegExp.cpp:
713         (JSC::RegExp::compile):
714         (JSC::RegExp::compileMatchOnly):
715         * runtime/RegExp.h:
716         * runtime/RegExpInlines.h:
717         (JSC::RegExp::compileIfNecessary):
718         (JSC::RegExp::matchInline):
719         (JSC::RegExp::compileIfNecessaryMatchOnly):
720         * runtime/RegExpObjectInlines.h:
721         (JSC::RegExpObject::execInline):
722         * yarr/YarrErrorCode.h:
723         (JSC::Yarr::hasHardError):
724
725 2018-11-02  Keith Miller  <keith_miller@apple.com>
726
727         API should use wrapper object if address is 32-bit
728         https://bugs.webkit.org/show_bug.cgi?id=191203
729
730         Reviewed by Filip Pizlo.
731
732         * API/APICast.h:
733         (toJS):
734         (toJSForGC):
735         (toRef):
736
737 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
738
739         Metadata should not be copyable
740         https://bugs.webkit.org/show_bug.cgi?id=191193
741
742         Reviewed by Keith Miller.
743
744         We should only ever hold references to the entry in the metadata table.
745
746         * bytecode/CodeBlock.cpp:
747         (JSC::CodeBlock::finalizeLLIntInlineCaches):
748         * dfg/DFGByteCodeParser.cpp:
749         (JSC::DFG::ByteCodeParser::parseBlock):
750         * generator/Metadata.rb:
751
752 2018-11-02  Tadeu Zagallo  <tzagallo@apple.com>
753
754         REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled
755         https://bugs.webkit.org/show_bug.cgi?id=191175
756
757         Reviewed by Keith Miller.
758
759         https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled
760
761         * jit/JITExceptions.cpp:
762         (JSC::genericUnwind):
763         * llint/LLIntData.h:
764         (JSC::LLInt::getWideCodePtr):
765
766 2018-11-01  Fujii Hironori  <Hironori.Fujii@sony.com>
767
768         Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h
769         https://bugs.webkit.org/show_bug.cgi?id=189693
770
771         Reviewed by Yusuke Suzuki.
772
773         * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>.
774         * API/JSStringRef.cpp: Ditto.
775         * runtime/JSGlobalObjectFunctions.cpp: Ditto.
776         * wasm/WasmParser.h: Ditto.
777
778 2018-11-01  Keith Miller  <keith_miller@apple.com>
779
780         Unreviewed, JavaScriptCore should only guarantee to produce a
781         modulemap if we are building for iOSMac.
782
783         * Configurations/JavaScriptCore.xcconfig:
784
785 2018-10-31  Devin Rousso  <drousso@apple.com>
786
787         Web Inspector: Canvas: create a setting for auto-recording newly created contexts
788         https://bugs.webkit.org/show_bug.cgi?id=190856
789
790         Reviewed by Brian Burg.
791
792         * inspector/protocol/Canvas.json:
793         Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record
794         immediately after a context is created.
795
796         * inspector/protocol/Recording.json:
797         Add `creation` value for `Initiator` enum.
798
799 2018-10-31  Devin Rousso  <drousso@apple.com>
800
801         Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls
802         https://bugs.webkit.org/show_bug.cgi?id=190641
803         <rdar://problem/45319049>
804
805         Reviewed by Joseph Pecoraro.
806
807         * inspector/protocol/DOM.json:
808         Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine
809         whether a video element's low power state has changed.
810
811 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
812
813         Adjust inlining threshold for new bytecode format
814         https://bugs.webkit.org/show_bug.cgi?id=191115
815
816         Reviewed by Saam Barati.
817
818         The new format reduced the number of operands for many opcodes, which
819         changed inlining decisions and impacted performance negatively.
820
821         * runtime/Options.h:
822
823 2018-10-31  Tadeu Zagallo  <tzagallo@apple.com>
824
825         REGRESSION(r237547): Exception handlers should be aware of wide opcodes
826         https://bugs.webkit.org/show_bug.cgi?id=191108
827         <rdar://problem/45690700>
828
829         Reviewed by Saam Barati.
830
831         When linking the handler, we need to check whether the target op_catch is
832         wide or narrow in order to chose the right code pointer for the handler.
833
834         * bytecode/CodeBlock.cpp:
835         (JSC::CodeBlock::finishCreation):
836
837 2018-10-31  Dominik Infuehr  <dinfuehr@igalia.com>
838
839         Align entries in metadata table
840         https://bugs.webkit.org/show_bug.cgi?id=191062
841
842         Reviewed by Filip Pizlo.
843
844         Entries in the metadata table need to be aligned on some 32-bit
845         architectures.
846
847         * bytecode/MetadataTable.h:
848         (JSC::MetadataTable::forEach):
849         * bytecode/Opcode.cpp:
850         (JSC::metadataAlignment):
851         * bytecode/Opcode.h:
852         * bytecode/UnlinkedMetadataTableInlines.h:
853         (JSC::UnlinkedMetadataTable::finalize):
854         * generator/Section.rb:
855
856 2018-10-31  Jim Mason  <jmason@ibinx.com>
857
858         Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp
859         https://bugs.webkit.org/show_bug.cgi?id=191063
860
861         Reviewed by Yusuke Suzuki.
862
863         * wasm/WasmFaultSignalHandler.cpp:
864
865 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
866
867         [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions
868         https://bugs.webkit.org/show_bug.cgi?id=191092
869
870         Reviewed by Saam Barati.
871
872         Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the
873         following things to tighten LLInt ASM code.
874
875         1. Remove unnecessary load instructions. Use jmp with BaseIndex directly.
876         2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical
877         since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is
878         a power of two, we convert it to lshift instruction.
879
880         * llint/LowLevelInterpreter32_64.asm:
881         * llint/LowLevelInterpreter64.asm:
882         * offlineasm/arm64.rb:
883         * offlineasm/instructions.rb:
884         * offlineasm/x86.rb:
885
886 2018-10-30  Don Olmstead  <don.olmstead@sony.com>
887
888         [PlayStation] Enable JavaScriptCore
889         https://bugs.webkit.org/show_bug.cgi?id=191072
890
891         Reviewed by Brent Fulgham.
892
893         Add platform files for the PlayStation port.
894
895         * PlatformPlayStation.cmake: Added.
896
897 2018-10-30  Alexey Proskuryakov  <ap@apple.com>
898
899         Clean up some obsolete MAX_ALLOWED macros
900         https://bugs.webkit.org/show_bug.cgi?id=190916
901
902         Reviewed by Tim Horton.
903
904         * API/JSManagedValue.mm:
905         * API/JSVirtualMachine.mm:
906         * API/JSWrapperMap.mm:
907
908 2018-10-30  Ross Kirsling  <ross.kirsling@sony.com>
909
910         useProbeOSRExit causes failures for Win64 DFG JIT
911         https://bugs.webkit.org/show_bug.cgi?id=190656
912
913         Reviewed by Keith Miller.
914
915         * assembler/ProbeContext.cpp:
916         (JSC::Probe::executeProbe):
917         If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
918         then let's just call lowWatermarkFromVisitingDirtyPages instead.
919
920         * dfg/DFGOSRExit.cpp:
921         (JSC::DFG::OSRExit::executeOSRExit):
922         The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
923         mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
924         (Also, stop redundantly setting the stack pointer twice in a row.)
925
926 2018-10-30  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
927
928         "Unreviewed, partial rolling in r237254"
929         https://bugs.webkit.org/show_bug.cgi?id=190340
930
931         This only adds Parser.{cpp,h}. And it is not used in this patch.
932         It examines that the regression is related to exact Parser changes.
933
934         * parser/Parser.cpp:
935         (JSC::Parser<LexerType>::parseInner):
936         (JSC::Parser<LexerType>::parseSingleFunction):
937         (JSC::Parser<LexerType>::parseFunctionInfo):
938         (JSC::Parser<LexerType>::parseFunctionDeclaration):
939         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
940         * parser/Parser.h:
941         (JSC::Parser<LexerType>::parse):
942         (JSC::parse):
943         (JSC::parseFunctionForFunctionConstructor):
944
945 2018-10-29  Mark Lam  <mark.lam@apple.com>
946
947         Correctly detect string overflow when using the 'Function' constructor.
948         https://bugs.webkit.org/show_bug.cgi?id=184883
949         <rdar://problem/36320331>
950
951         Reviewed by Saam Barati.
952
953         Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if
954         we detect an overflow.
955
956         * runtime/FunctionConstructor.cpp:
957         (JSC::constructFunctionSkippingEvalEnabledCheck):
958         * runtime/JSGlobalObjectFunctions.cpp:
959         (JSC::encode):
960         (JSC::decode):
961         * runtime/JSONObject.cpp:
962         (JSC::Stringifier::stringify):
963         (JSC::Stringifier::appendStringifiedValue):
964
965 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
966
967         Unreviewed, fix JSC on arm64e after r237547
968         https://bugs.webkit.org/show_bug.cgi?id=187373
969
970         Unreviewed.
971
972         Remove unused move guarded by POINTER_PROFILING that was trashing the
973         metadata on arm64e.
974
975         * llint/LowLevelInterpreter64.asm:
976
977 2018-10-29  Keith Miller  <keith_miller@apple.com>
978
979         JSC should explicitly list its modulemap file
980         https://bugs.webkit.org/show_bug.cgi?id=191032
981
982         Reviewed by Saam Barati.
983
984         The automagically generated module map file for JSC will
985         include headers where they may not work out of the box.
986         This patch makes it so we now export the same modulemap
987         that used to be provided via the legacy system.
988
989         * Configurations/JavaScriptCore.xcconfig:
990         * JavaScriptCore.modulemap: Added.
991         * JavaScriptCore.xcodeproj/project.pbxproj:
992
993 2018-10-29  Tim Horton  <timothy_horton@apple.com>
994
995         Modernize WebKit nibs and lprojs for localization's sake
996         https://bugs.webkit.org/show_bug.cgi?id=190911
997         <rdar://problem/45349466>
998
999         Reviewed by Dan Bernstein.
1000
1001         * JavaScriptCore.xcodeproj/project.pbxproj:
1002         English->en
1003
1004 2018-10-29  Commit Queue  <commit-queue@webkit.org>
1005
1006         Unreviewed, rolling out r237492.
1007         https://bugs.webkit.org/show_bug.cgi?id=191035
1008
1009         "It regresses JetStream 2 by 5% on some iOS devices"
1010         (Requested by saamyjoon on #webkit).
1011
1012         Reverted changeset:
1013
1014         "Unreviewed, partial rolling in r237254"
1015         https://bugs.webkit.org/show_bug.cgi?id=190340
1016         https://trac.webkit.org/changeset/237492
1017
1018 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1019
1020         Add support for GetStack FlushedDouble
1021         https://bugs.webkit.org/show_bug.cgi?id=191012
1022         <rdar://problem/45265141>
1023
1024         Reviewed by Saam Barati.
1025
1026         LowerDFGToB3::compileGetStack assumed that we would not emit GetStack
1027         for doubles, but it turns out it may arise from the PutStack sinking
1028         phase: if we sink a PutStack into a successor block, other predecessors
1029         will emit a GetStack followed by a Upsilon.
1030
1031         * ftl/FTLLowerDFGToB3.cpp:
1032         (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
1033
1034 2018-10-29  Tadeu Zagallo  <tzagallo@apple.com>
1035
1036         New bytecode format for JSC
1037         https://bugs.webkit.org/show_bug.cgi?id=187373
1038         <rdar://problem/44186758>
1039
1040         Reviewed by Filip Pizlo.
1041
1042         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
1043         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
1044         operands) and might contain an extra operand, the metadataID. The metadataID is used to
1045         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
1046
1047         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
1048         and types to all its operands. Additionally, reading a bytecode from the instruction stream
1049         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
1050         operands directly from the stream.
1051
1052
1053         * CMakeLists.txt:
1054         * DerivedSources.make:
1055         * JavaScriptCore.xcodeproj/project.pbxproj:
1056         * Sources.txt:
1057         * assembler/MacroAssemblerCodeRef.h:
1058         (JSC::ReturnAddressPtr::ReturnAddressPtr):
1059         (JSC::ReturnAddressPtr::value const):
1060         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
1061         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
1062         * bytecode/ArithProfile.h:
1063         (JSC::ArithProfile::ArithProfile):
1064         * bytecode/ArrayAllocationProfile.h:
1065         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
1066         * bytecode/ArrayProfile.h:
1067         * bytecode/BytecodeBasicBlock.cpp:
1068         (JSC::isJumpTarget):
1069         (JSC::BytecodeBasicBlock::computeImpl):
1070         (JSC::BytecodeBasicBlock::compute):
1071         * bytecode/BytecodeBasicBlock.h:
1072         (JSC::BytecodeBasicBlock::leaderOffset const):
1073         (JSC::BytecodeBasicBlock::totalLength const):
1074         (JSC::BytecodeBasicBlock::offsets const):
1075         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
1076         (JSC::BytecodeBasicBlock::addLength):
1077         * bytecode/BytecodeDumper.cpp:
1078         (JSC::BytecodeDumper<Block>::printLocationAndOp):
1079         (JSC::BytecodeDumper<Block>::dumpBytecode):
1080         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
1081         (JSC::BytecodeDumper<Block>::dumpConstants):
1082         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
1083         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
1084         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
1085         (JSC::BytecodeDumper<Block>::dumpBlock):
1086         * bytecode/BytecodeDumper.h:
1087         (JSC::BytecodeDumper::dumpOperand):
1088         (JSC::BytecodeDumper::dumpValue):
1089         (JSC::BytecodeDumper::BytecodeDumper):
1090         (JSC::BytecodeDumper::block const):
1091         * bytecode/BytecodeGeneratorification.cpp:
1092         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
1093         (JSC::BytecodeGeneratorification::enterPoint const):
1094         (JSC::BytecodeGeneratorification::instructions const):
1095         (JSC::GeneratorLivenessAnalysis::run):
1096         (JSC::BytecodeGeneratorification::run):
1097         (JSC::performGeneratorification):
1098         * bytecode/BytecodeGeneratorification.h:
1099         * bytecode/BytecodeGraph.h:
1100         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
1101         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
1102         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
1103         (JSC::BytecodeGraph::BytecodeGraph):
1104         * bytecode/BytecodeKills.h:
1105         * bytecode/BytecodeList.json: Removed.
1106         * bytecode/BytecodeList.rb: Added.
1107         * bytecode/BytecodeLivenessAnalysis.cpp:
1108         (JSC::BytecodeLivenessAnalysis::dumpResults):
1109         * bytecode/BytecodeLivenessAnalysis.h:
1110         * bytecode/BytecodeLivenessAnalysisInlines.h:
1111         (JSC::isValidRegisterForLiveness):
1112         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
1113         * bytecode/BytecodeRewriter.cpp:
1114         (JSC::BytecodeRewriter::applyModification):
1115         (JSC::BytecodeRewriter::execute):
1116         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
1117         (JSC::BytecodeRewriter::insertImpl):
1118         (JSC::BytecodeRewriter::adjustJumpTarget):
1119         (JSC::BytecodeRewriter::adjustJumpTargets):
1120         * bytecode/BytecodeRewriter.h:
1121         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
1122         (JSC::BytecodeRewriter::Fragment::Fragment):
1123         (JSC::BytecodeRewriter::Fragment::appendInstruction):
1124         (JSC::BytecodeRewriter::BytecodeRewriter):
1125         (JSC::BytecodeRewriter::insertFragmentBefore):
1126         (JSC::BytecodeRewriter::insertFragmentAfter):
1127         (JSC::BytecodeRewriter::removeBytecode):
1128         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
1129         (JSC::BytecodeRewriter::adjustJumpTarget):
1130         * bytecode/BytecodeUseDef.h:
1131         (JSC::computeUsesForBytecodeOffset):
1132         (JSC::computeDefsForBytecodeOffset):
1133         * bytecode/CallLinkStatus.cpp:
1134         (JSC::CallLinkStatus::computeFromLLInt):
1135         * bytecode/CodeBlock.cpp:
1136         (JSC::CodeBlock::dumpBytecode):
1137         (JSC::CodeBlock::CodeBlock):
1138         (JSC::CodeBlock::finishCreation):
1139         (JSC::CodeBlock::estimatedSize):
1140         (JSC::CodeBlock::visitChildren):
1141         (JSC::CodeBlock::propagateTransitions):
1142         (JSC::CodeBlock::finalizeLLIntInlineCaches):
1143         (JSC::CodeBlock::addJITAddIC):
1144         (JSC::CodeBlock::addJITMulIC):
1145         (JSC::CodeBlock::addJITSubIC):
1146         (JSC::CodeBlock::addJITNegIC):
1147         (JSC::CodeBlock::stronglyVisitStrongReferences):
1148         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
1149         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
1150         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
1151         (JSC::CodeBlock::getArrayProfile):
1152         (JSC::CodeBlock::updateAllArrayPredictions):
1153         (JSC::CodeBlock::predictedMachineCodeSize):
1154         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
1155         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
1156         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1157         (JSC::CodeBlock::validate):
1158         (JSC::CodeBlock::outOfLineJumpOffset):
1159         (JSC::CodeBlock::outOfLineJumpTarget):
1160         (JSC::CodeBlock::arithProfileForBytecodeOffset):
1161         (JSC::CodeBlock::arithProfileForPC):
1162         (JSC::CodeBlock::couldTakeSpecialFastCase):
1163         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1164         * bytecode/CodeBlock.h:
1165         (JSC::CodeBlock::addMathIC):
1166         (JSC::CodeBlock::outOfLineJumpOffset):
1167         (JSC::CodeBlock::bytecodeOffset):
1168         (JSC::CodeBlock::instructions const):
1169         (JSC::CodeBlock::instructionCount const):
1170         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1171         (JSC::CodeBlock::metadata):
1172         (JSC::CodeBlock::metadataSizeInBytes):
1173         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
1174         (JSC::CodeBlock::totalNumberOfValueProfiles):
1175         * bytecode/CodeBlockInlines.h: Added.
1176         (JSC::CodeBlock::forEachValueProfile):
1177         (JSC::CodeBlock::forEachArrayProfile):
1178         (JSC::CodeBlock::forEachArrayAllocationProfile):
1179         (JSC::CodeBlock::forEachObjectAllocationProfile):
1180         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
1181         * bytecode/Fits.h: Added.
1182         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1183         * bytecode/GetByIdStatus.cpp:
1184         (JSC::GetByIdStatus::computeFromLLInt):
1185         * bytecode/Instruction.h:
1186         (JSC::Instruction::Instruction):
1187         (JSC::Instruction::Impl::opcodeID const):
1188         (JSC::Instruction::opcodeID const):
1189         (JSC::Instruction::name const):
1190         (JSC::Instruction::isWide const):
1191         (JSC::Instruction::size const):
1192         (JSC::Instruction::is const):
1193         (JSC::Instruction::as const):
1194         (JSC::Instruction::cast):
1195         (JSC::Instruction::cast const):
1196         (JSC::Instruction::narrow const):
1197         (JSC::Instruction::wide const):
1198         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1199         (JSC::InstructionStream::InstructionStream):
1200         (JSC::InstructionStream::sizeInBytes const):
1201         * bytecode/InstructionStream.h: Added.
1202         (JSC::InstructionStream::BaseRef::BaseRef):
1203         (JSC::InstructionStream::BaseRef::operator=):
1204         (JSC::InstructionStream::BaseRef::operator-> const):
1205         (JSC::InstructionStream::BaseRef::ptr const):
1206         (JSC::InstructionStream::BaseRef::operator!= const):
1207         (JSC::InstructionStream::BaseRef::next const):
1208         (JSC::InstructionStream::BaseRef::offset const):
1209         (JSC::InstructionStream::BaseRef::isValid const):
1210         (JSC::InstructionStream::BaseRef::unwrap const):
1211         (JSC::InstructionStream::MutableRef::freeze const):
1212         (JSC::InstructionStream::MutableRef::operator->):
1213         (JSC::InstructionStream::MutableRef::ptr):
1214         (JSC::InstructionStream::MutableRef::operator Ref):
1215         (JSC::InstructionStream::MutableRef::unwrap):
1216         (JSC::InstructionStream::iterator::operator*):
1217         (JSC::InstructionStream::iterator::operator++):
1218         (JSC::InstructionStream::begin const):
1219         (JSC::InstructionStream::end const):
1220         (JSC::InstructionStream::at const):
1221         (JSC::InstructionStream::size const):
1222         (JSC::InstructionStreamWriter::InstructionStreamWriter):
1223         (JSC::InstructionStreamWriter::ref):
1224         (JSC::InstructionStreamWriter::seek):
1225         (JSC::InstructionStreamWriter::position):
1226         (JSC::InstructionStreamWriter::write):
1227         (JSC::InstructionStreamWriter::rewind):
1228         (JSC::InstructionStreamWriter::finalize):
1229         (JSC::InstructionStreamWriter::swap):
1230         (JSC::InstructionStreamWriter::iterator::operator*):
1231         (JSC::InstructionStreamWriter::iterator::operator++):
1232         (JSC::InstructionStreamWriter::begin):
1233         (JSC::InstructionStreamWriter::end):
1234         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
1235         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
1236         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
1237         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
1238         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
1239         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1240         (JSC::MetadataTable::MetadataTable):
1241         (JSC::DeallocTable::withOpcodeType):
1242         (JSC::MetadataTable::~MetadataTable):
1243         (JSC::MetadataTable::sizeInBytes):
1244         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
1245         (JSC::MetadataTable::get):
1246         (JSC::MetadataTable::forEach):
1247         (JSC::MetadataTable::getImpl):
1248         * bytecode/Opcode.cpp:
1249         (JSC::metadataSize):
1250         * bytecode/Opcode.h:
1251         (JSC::padOpcodeName):
1252         * bytecode/OpcodeInlines.h:
1253         (JSC::isOpcodeShape):
1254         (JSC::getOpcodeType):
1255         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1256         * bytecode/PreciseJumpTargets.cpp:
1257         (JSC::getJumpTargetsForInstruction):
1258         (JSC::computePreciseJumpTargetsInternal):
1259         (JSC::computePreciseJumpTargets):
1260         (JSC::recomputePreciseJumpTargets):
1261         (JSC::findJumpTargetsForInstruction):
1262         * bytecode/PreciseJumpTargets.h:
1263         * bytecode/PreciseJumpTargetsInlines.h:
1264         (JSC::jumpTargetForInstruction):
1265         (JSC::extractStoredJumpTargetsForInstruction):
1266         (JSC::updateStoredJumpTargetsForInstruction):
1267         * bytecode/PutByIdStatus.cpp:
1268         (JSC::PutByIdStatus::computeFromLLInt):
1269         * bytecode/SpecialPointer.cpp:
1270         (WTF::printInternal):
1271         * bytecode/SpecialPointer.h:
1272         * bytecode/UnlinkedCodeBlock.cpp:
1273         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1274         (JSC::UnlinkedCodeBlock::visitChildren):
1275         (JSC::UnlinkedCodeBlock::estimatedSize):
1276         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1277         (JSC::dumpLineColumnEntry):
1278         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
1279         (JSC::UnlinkedCodeBlock::setInstructions):
1280         (JSC::UnlinkedCodeBlock::instructions const):
1281         (JSC::UnlinkedCodeBlock::applyModification):
1282         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
1283         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1284         * bytecode/UnlinkedCodeBlock.h:
1285         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
1286         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
1287         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
1288         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
1289         (JSC::UnlinkedCodeBlock::metadata):
1290         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
1291         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
1292         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
1293         * bytecode/UnlinkedInstructionStream.cpp: Removed.
1294         * bytecode/UnlinkedInstructionStream.h: Removed.
1295         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
1296         * bytecode/UnlinkedMetadataTableInlines.h: Added.
1297         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
1298         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
1299         (JSC::UnlinkedMetadataTable::addEntry):
1300         (JSC::UnlinkedMetadataTable::sizeInBytes):
1301         (JSC::UnlinkedMetadataTable::finalize):
1302         (JSC::UnlinkedMetadataTable::link):
1303         (JSC::UnlinkedMetadataTable::unlink):
1304         * bytecode/VirtualRegister.cpp:
1305         (JSC::VirtualRegister::VirtualRegister):
1306         * bytecode/VirtualRegister.h:
1307         * bytecompiler/BytecodeGenerator.cpp:
1308         (JSC::Label::setLocation):
1309         (JSC::Label::bind):
1310         (JSC::BytecodeGenerator::generate):
1311         (JSC::BytecodeGenerator::BytecodeGenerator):
1312         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
1313         (JSC::BytecodeGenerator::emitEnter):
1314         (JSC::BytecodeGenerator::emitLoopHint):
1315         (JSC::BytecodeGenerator::emitJump):
1316         (JSC::BytecodeGenerator::emitCheckTraps):
1317         (JSC::BytecodeGenerator::rewind):
1318         (JSC::BytecodeGenerator::fuseCompareAndJump):
1319         (JSC::BytecodeGenerator::fuseTestAndJmp):
1320         (JSC::BytecodeGenerator::emitJumpIfTrue):
1321         (JSC::BytecodeGenerator::emitJumpIfFalse):
1322         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1323         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1324         (JSC::BytecodeGenerator::moveLinkTimeConstant):
1325         (JSC::BytecodeGenerator::moveEmptyValue):
1326         (JSC::BytecodeGenerator::emitMove):
1327         (JSC::BytecodeGenerator::emitUnaryOp):
1328         (JSC::BytecodeGenerator::emitBinaryOp):
1329         (JSC::BytecodeGenerator::emitToObject):
1330         (JSC::BytecodeGenerator::emitToNumber):
1331         (JSC::BytecodeGenerator::emitToString):
1332         (JSC::BytecodeGenerator::emitTypeOf):
1333         (JSC::BytecodeGenerator::emitInc):
1334         (JSC::BytecodeGenerator::emitDec):
1335         (JSC::BytecodeGenerator::emitEqualityOp):
1336         (JSC::BytecodeGenerator::emitProfileType):
1337         (JSC::BytecodeGenerator::emitProfileControlFlow):
1338         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1339         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
1340         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1341         (JSC::BytecodeGenerator::emitOverridesHasInstance):
1342         (JSC::BytecodeGenerator::emitResolveScope):
1343         (JSC::BytecodeGenerator::emitGetFromScope):
1344         (JSC::BytecodeGenerator::emitPutToScope):
1345         (JSC::BytecodeGenerator::emitInstanceOf):
1346         (JSC::BytecodeGenerator::emitInstanceOfCustom):
1347         (JSC::BytecodeGenerator::emitInByVal):
1348         (JSC::BytecodeGenerator::emitInById):
1349         (JSC::BytecodeGenerator::emitTryGetById):
1350         (JSC::BytecodeGenerator::emitGetById):
1351         (JSC::BytecodeGenerator::emitDirectGetById):
1352         (JSC::BytecodeGenerator::emitPutById):
1353         (JSC::BytecodeGenerator::emitDirectPutById):
1354         (JSC::BytecodeGenerator::emitPutGetterById):
1355         (JSC::BytecodeGenerator::emitPutSetterById):
1356         (JSC::BytecodeGenerator::emitPutGetterSetter):
1357         (JSC::BytecodeGenerator::emitPutGetterByVal):
1358         (JSC::BytecodeGenerator::emitPutSetterByVal):
1359         (JSC::BytecodeGenerator::emitDeleteById):
1360         (JSC::BytecodeGenerator::emitGetByVal):
1361         (JSC::BytecodeGenerator::emitPutByVal):
1362         (JSC::BytecodeGenerator::emitDirectPutByVal):
1363         (JSC::BytecodeGenerator::emitDeleteByVal):
1364         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
1365         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
1366         (JSC::BytecodeGenerator::emitIdWithProfile):
1367         (JSC::BytecodeGenerator::emitUnreachable):
1368         (JSC::BytecodeGenerator::emitGetArgument):
1369         (JSC::BytecodeGenerator::emitCreateThis):
1370         (JSC::BytecodeGenerator::emitTDZCheck):
1371         (JSC::BytecodeGenerator::emitNewObject):
1372         (JSC::BytecodeGenerator::emitNewArrayBuffer):
1373         (JSC::BytecodeGenerator::emitNewArray):
1374         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
1375         (JSC::BytecodeGenerator::emitNewArrayWithSize):
1376         (JSC::BytecodeGenerator::emitNewRegExp):
1377         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1378         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
1379         (JSC::BytecodeGenerator::emitNewFunction):
1380         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
1381         (JSC::BytecodeGenerator::emitCall):
1382         (JSC::BytecodeGenerator::emitCallInTailPosition):
1383         (JSC::BytecodeGenerator::emitCallEval):
1384         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
1385         (JSC::BytecodeGenerator::emitCallVarargs):
1386         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
1387         (JSC::BytecodeGenerator::emitConstructVarargs):
1388         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
1389         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
1390         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
1391         (JSC::BytecodeGenerator::emitCallDefineProperty):
1392         (JSC::BytecodeGenerator::emitReturn):
1393         (JSC::BytecodeGenerator::emitEnd):
1394         (JSC::BytecodeGenerator::emitConstruct):
1395         (JSC::BytecodeGenerator::emitStrcat):
1396         (JSC::BytecodeGenerator::emitToPrimitive):
1397         (JSC::BytecodeGenerator::emitGetScope):
1398         (JSC::BytecodeGenerator::emitPushWithScope):
1399         (JSC::BytecodeGenerator::emitGetParentScope):
1400         (JSC::BytecodeGenerator::emitDebugHook):
1401         (JSC::BytecodeGenerator::emitCatch):
1402         (JSC::BytecodeGenerator::emitThrow):
1403         (JSC::BytecodeGenerator::emitArgumentCount):
1404         (JSC::BytecodeGenerator::emitThrowStaticError):
1405         (JSC::BytecodeGenerator::beginSwitch):
1406         (JSC::prepareJumpTableForSwitch):
1407         (JSC::prepareJumpTableForStringSwitch):
1408         (JSC::BytecodeGenerator::endSwitch):
1409         (JSC::BytecodeGenerator::emitGetEnumerableLength):
1410         (JSC::BytecodeGenerator::emitHasGenericProperty):
1411         (JSC::BytecodeGenerator::emitHasIndexedProperty):
1412         (JSC::BytecodeGenerator::emitHasStructureProperty):
1413         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
1414         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
1415         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
1416         (JSC::BytecodeGenerator::emitToIndexString):
1417         (JSC::BytecodeGenerator::emitIsCellWithType):
1418         (JSC::BytecodeGenerator::emitIsObject):
1419         (JSC::BytecodeGenerator::emitIsNumber):
1420         (JSC::BytecodeGenerator::emitIsUndefined):
1421         (JSC::BytecodeGenerator::emitIsEmpty):
1422         (JSC::BytecodeGenerator::emitRestParameter):
1423         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1424         (JSC::BytecodeGenerator::emitYieldPoint):
1425         (JSC::BytecodeGenerator::emitYield):
1426         (JSC::BytecodeGenerator::emitGetAsyncIterator):
1427         (JSC::BytecodeGenerator::emitDelegateYield):
1428         (JSC::BytecodeGenerator::emitFinallyCompletion):
1429         (JSC::BytecodeGenerator::emitJumpIf):
1430         (JSC::ForInContext::finalize):
1431         (JSC::StructureForInContext::finalize):
1432         (JSC::IndexedForInContext::finalize):
1433         (JSC::StaticPropertyAnalysis::record):
1434         (JSC::BytecodeGenerator::emitToThis):
1435         * bytecompiler/BytecodeGenerator.h:
1436         (JSC::StructureForInContext::addGetInst):
1437         (JSC::BytecodeGenerator::recordOpcode):
1438         (JSC::BytecodeGenerator::addMetadataFor):
1439         (JSC::BytecodeGenerator::emitUnaryOp):
1440         (JSC::BytecodeGenerator::kill):
1441         (JSC::BytecodeGenerator::instructions const):
1442         (JSC::BytecodeGenerator::write):
1443         (JSC::BytecodeGenerator::withWriter):
1444         * bytecompiler/Label.h:
1445         (JSC::Label::Label):
1446         (JSC::Label::bind):
1447         * bytecompiler/NodesCodegen.cpp:
1448         (JSC::ArrayNode::emitBytecode):
1449         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
1450         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1451         (JSC::BitwiseNotNode::emitBytecode):
1452         (JSC::BinaryOpNode::emitBytecode):
1453         (JSC::EqualNode::emitBytecode):
1454         (JSC::StrictEqualNode::emitBytecode):
1455         (JSC::emitReadModifyAssignment):
1456         (JSC::ForInNode::emitBytecode):
1457         (JSC::CaseBlockNode::emitBytecodeForBlock):
1458         (JSC::FunctionNode::emitBytecode):
1459         (JSC::ClassExprNode::emitBytecode):
1460         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
1461         (WTF::printInternal):
1462         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1463         * bytecompiler/RegisterID.h:
1464         * bytecompiler/StaticPropertyAnalysis.h:
1465         (JSC::StaticPropertyAnalysis::create):
1466         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
1467         * bytecompiler/StaticPropertyAnalyzer.h:
1468         (JSC::StaticPropertyAnalyzer::createThis):
1469         (JSC::StaticPropertyAnalyzer::newObject):
1470         (JSC::StaticPropertyAnalyzer::putById):
1471         (JSC::StaticPropertyAnalyzer::mov):
1472         (JSC::StaticPropertyAnalyzer::kill):
1473         * dfg/DFGByteCodeParser.cpp:
1474         (JSC::DFG::ByteCodeParser::addCall):
1475         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1476         (JSC::DFG::ByteCodeParser::getArrayMode):
1477         (JSC::DFG::ByteCodeParser::handleCall):
1478         (JSC::DFG::ByteCodeParser::handleVarargsCall):
1479         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
1480         (JSC::DFG::ByteCodeParser::inlineCall):
1481         (JSC::DFG::ByteCodeParser::handleCallVariant):
1482         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
1483         (JSC::DFG::ByteCodeParser::handleInlining):
1484         (JSC::DFG::ByteCodeParser::handleMinMax):
1485         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1486         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
1487         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
1488         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
1489         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
1490         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
1491         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1492         (JSC::DFG::ByteCodeParser::handleGetById):
1493         (JSC::DFG::ByteCodeParser::handlePutById):
1494         (JSC::DFG::ByteCodeParser::parseGetById):
1495         (JSC::DFG::ByteCodeParser::parseBlock):
1496         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1497         (JSC::DFG::ByteCodeParser::handlePutByVal):
1498         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
1499         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
1500         (JSC::DFG::ByteCodeParser::handleNewFunc):
1501         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
1502         (JSC::DFG::ByteCodeParser::parse):
1503         * dfg/DFGCapabilities.cpp:
1504         (JSC::DFG::capabilityLevel):
1505         * dfg/DFGCapabilities.h:
1506         (JSC::DFG::capabilityLevel):
1507         * dfg/DFGOSREntry.cpp:
1508         (JSC::DFG::prepareCatchOSREntry):
1509         * dfg/DFGSpeculativeJIT.cpp:
1510         (JSC::DFG::SpeculativeJIT::compileValueAdd):
1511         (JSC::DFG::SpeculativeJIT::compileValueSub):
1512         (JSC::DFG::SpeculativeJIT::compileValueNegate):
1513         (JSC::DFG::SpeculativeJIT::compileArithMul):
1514         * ftl/FTLLowerDFGToB3.cpp:
1515         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
1516         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
1517         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
1518         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
1519         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
1520         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
1521         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
1522         * ftl/FTLOperations.cpp:
1523         (JSC::FTL::operationMaterializeObjectInOSR):
1524         * generate-bytecode-files: Removed.
1525         * generator/Argument.rb: Added.
1526         * generator/Assertion.rb: Added.
1527         * generator/DSL.rb: Added.
1528         * generator/Fits.rb: Added.
1529         * generator/GeneratedFile.rb: Added.
1530         * generator/Metadata.rb: Added.
1531         * generator/Opcode.rb: Added.
1532         * generator/OpcodeGroup.rb: Added.
1533         * generator/Options.rb: Added.
1534         * generator/Section.rb: Added.
1535         * generator/Template.rb: Added.
1536         * generator/Type.rb: Added.
1537         * generator/main.rb: Added.
1538         * interpreter/AbstractPC.h:
1539         * interpreter/CallFrame.cpp:
1540         (JSC::CallFrame::currentVPC const):
1541         (JSC::CallFrame::setCurrentVPC):
1542         * interpreter/CallFrame.h:
1543         (JSC::CallSiteIndex::CallSiteIndex):
1544         (JSC::ExecState::setReturnPC):
1545         * interpreter/Interpreter.cpp:
1546         (WTF::printInternal):
1547         * interpreter/Interpreter.h:
1548         * interpreter/InterpreterInlines.h:
1549         * interpreter/StackVisitor.cpp:
1550         (JSC::StackVisitor::Frame::dump const):
1551         * interpreter/VMEntryRecord.h:
1552         * jit/JIT.cpp:
1553         (JSC::JIT::JIT):
1554         (JSC::JIT::emitSlowCaseCall):
1555         (JSC::JIT::privateCompileMainPass):
1556         (JSC::JIT::privateCompileSlowCases):
1557         (JSC::JIT::compileWithoutLinking):
1558         (JSC::JIT::link):
1559         * jit/JIT.h:
1560         * jit/JITArithmetic.cpp:
1561         (JSC::JIT::emit_op_jless):
1562         (JSC::JIT::emit_op_jlesseq):
1563         (JSC::JIT::emit_op_jgreater):
1564         (JSC::JIT::emit_op_jgreatereq):
1565         (JSC::JIT::emit_op_jnless):
1566         (JSC::JIT::emit_op_jnlesseq):
1567         (JSC::JIT::emit_op_jngreater):
1568         (JSC::JIT::emit_op_jngreatereq):
1569         (JSC::JIT::emitSlow_op_jless):
1570         (JSC::JIT::emitSlow_op_jlesseq):
1571         (JSC::JIT::emitSlow_op_jgreater):
1572         (JSC::JIT::emitSlow_op_jgreatereq):
1573         (JSC::JIT::emitSlow_op_jnless):
1574         (JSC::JIT::emitSlow_op_jnlesseq):
1575         (JSC::JIT::emitSlow_op_jngreater):
1576         (JSC::JIT::emitSlow_op_jngreatereq):
1577         (JSC::JIT::emit_op_below):
1578         (JSC::JIT::emit_op_beloweq):
1579         (JSC::JIT::emit_op_jbelow):
1580         (JSC::JIT::emit_op_jbeloweq):
1581         (JSC::JIT::emit_op_unsigned):
1582         (JSC::JIT::emit_compareAndJump):
1583         (JSC::JIT::emit_compareUnsignedAndJump):
1584         (JSC::JIT::emit_compareUnsigned):
1585         (JSC::JIT::emit_compareAndJumpSlow):
1586         (JSC::JIT::emit_op_inc):
1587         (JSC::JIT::emit_op_dec):
1588         (JSC::JIT::emit_op_mod):
1589         (JSC::JIT::emitSlow_op_mod):
1590         (JSC::JIT::emit_op_negate):
1591         (JSC::JIT::emitSlow_op_negate):
1592         (JSC::JIT::emitBitBinaryOpFastPath):
1593         (JSC::JIT::emit_op_bitand):
1594         (JSC::JIT::emit_op_bitor):
1595         (JSC::JIT::emit_op_bitxor):
1596         (JSC::JIT::emit_op_lshift):
1597         (JSC::JIT::emitRightShiftFastPath):
1598         (JSC::JIT::emit_op_rshift):
1599         (JSC::JIT::emit_op_urshift):
1600         (JSC::getOperandTypes):
1601         (JSC::JIT::emit_op_add):
1602         (JSC::JIT::emitSlow_op_add):
1603         (JSC::JIT::emitMathICFast):
1604         (JSC::JIT::emitMathICSlow):
1605         (JSC::JIT::emit_op_div):
1606         (JSC::JIT::emit_op_mul):
1607         (JSC::JIT::emitSlow_op_mul):
1608         (JSC::JIT::emit_op_sub):
1609         (JSC::JIT::emitSlow_op_sub):
1610         * jit/JITCall.cpp:
1611         (JSC::JIT::emitPutCallResult):
1612         (JSC::JIT::compileSetupFrame):
1613         (JSC::JIT::compileCallEval):
1614         (JSC::JIT::compileCallEvalSlowCase):
1615         (JSC::JIT::compileTailCall):
1616         (JSC::JIT::compileOpCall):
1617         (JSC::JIT::compileOpCallSlowCase):
1618         (JSC::JIT::emit_op_call):
1619         (JSC::JIT::emit_op_tail_call):
1620         (JSC::JIT::emit_op_call_eval):
1621         (JSC::JIT::emit_op_call_varargs):
1622         (JSC::JIT::emit_op_tail_call_varargs):
1623         (JSC::JIT::emit_op_tail_call_forward_arguments):
1624         (JSC::JIT::emit_op_construct_varargs):
1625         (JSC::JIT::emit_op_construct):
1626         (JSC::JIT::emitSlow_op_call):
1627         (JSC::JIT::emitSlow_op_tail_call):
1628         (JSC::JIT::emitSlow_op_call_eval):
1629         (JSC::JIT::emitSlow_op_call_varargs):
1630         (JSC::JIT::emitSlow_op_tail_call_varargs):
1631         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
1632         (JSC::JIT::emitSlow_op_construct_varargs):
1633         (JSC::JIT::emitSlow_op_construct):
1634         * jit/JITDisassembler.cpp:
1635         (JSC::JITDisassembler::JITDisassembler):
1636         * jit/JITExceptions.cpp:
1637         (JSC::genericUnwind):
1638         * jit/JITInlines.h:
1639         (JSC::JIT::emitDoubleGetByVal):
1640         (JSC::JIT::emitLoadForArrayMode):
1641         (JSC::JIT::emitContiguousGetByVal):
1642         (JSC::JIT::emitArrayStorageGetByVal):
1643         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1644         (JSC::JIT::sampleInstruction):
1645         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
1646         (JSC::JIT::emitValueProfilingSite):
1647         (JSC::JIT::jumpTarget):
1648         (JSC::JIT::copiedGetPutInfo):
1649         (JSC::JIT::copiedArithProfile):
1650         * jit/JITMathIC.h:
1651         (JSC::isProfileEmpty):
1652         (JSC::JITBinaryMathIC::JITBinaryMathIC):
1653         (JSC::JITUnaryMathIC::JITUnaryMathIC):
1654         * jit/JITOpcodes.cpp:
1655         (JSC::JIT::emit_op_mov):
1656         (JSC::JIT::emit_op_end):
1657         (JSC::JIT::emit_op_jmp):
1658         (JSC::JIT::emit_op_new_object):
1659         (JSC::JIT::emitSlow_op_new_object):
1660         (JSC::JIT::emit_op_overrides_has_instance):
1661         (JSC::JIT::emit_op_instanceof):
1662         (JSC::JIT::emitSlow_op_instanceof):
1663         (JSC::JIT::emit_op_instanceof_custom):
1664         (JSC::JIT::emit_op_is_empty):
1665         (JSC::JIT::emit_op_is_undefined):
1666         (JSC::JIT::emit_op_is_boolean):
1667         (JSC::JIT::emit_op_is_number):
1668         (JSC::JIT::emit_op_is_cell_with_type):
1669         (JSC::JIT::emit_op_is_object):
1670         (JSC::JIT::emit_op_ret):
1671         (JSC::JIT::emit_op_to_primitive):
1672         (JSC::JIT::emit_op_set_function_name):
1673         (JSC::JIT::emit_op_not):
1674         (JSC::JIT::emit_op_jfalse):
1675         (JSC::JIT::emit_op_jeq_null):
1676         (JSC::JIT::emit_op_jneq_null):
1677         (JSC::JIT::emit_op_jneq_ptr):
1678         (JSC::JIT::emit_op_eq):
1679         (JSC::JIT::emit_op_jeq):
1680         (JSC::JIT::emit_op_jtrue):
1681         (JSC::JIT::emit_op_neq):
1682         (JSC::JIT::emit_op_jneq):
1683         (JSC::JIT::emit_op_throw):
1684         (JSC::JIT::compileOpStrictEq):
1685         (JSC::JIT::emit_op_stricteq):
1686         (JSC::JIT::emit_op_nstricteq):
1687         (JSC::JIT::compileOpStrictEqJump):
1688         (JSC::JIT::emit_op_jstricteq):
1689         (JSC::JIT::emit_op_jnstricteq):
1690         (JSC::JIT::emitSlow_op_jstricteq):
1691         (JSC::JIT::emitSlow_op_jnstricteq):
1692         (JSC::JIT::emit_op_to_number):
1693         (JSC::JIT::emit_op_to_string):
1694         (JSC::JIT::emit_op_to_object):
1695         (JSC::JIT::emit_op_catch):
1696         (JSC::JIT::emit_op_identity_with_profile):
1697         (JSC::JIT::emit_op_get_parent_scope):
1698         (JSC::JIT::emit_op_switch_imm):
1699         (JSC::JIT::emit_op_switch_char):
1700         (JSC::JIT::emit_op_switch_string):
1701         (JSC::JIT::emit_op_debug):
1702         (JSC::JIT::emit_op_eq_null):
1703         (JSC::JIT::emit_op_neq_null):
1704         (JSC::JIT::emit_op_enter):
1705         (JSC::JIT::emit_op_get_scope):
1706         (JSC::JIT::emit_op_to_this):
1707         (JSC::JIT::emit_op_create_this):
1708         (JSC::JIT::emit_op_check_tdz):
1709         (JSC::JIT::emitSlow_op_eq):
1710         (JSC::JIT::emitSlow_op_neq):
1711         (JSC::JIT::emitSlow_op_jeq):
1712         (JSC::JIT::emitSlow_op_jneq):
1713         (JSC::JIT::emitSlow_op_instanceof_custom):
1714         (JSC::JIT::emit_op_loop_hint):
1715         (JSC::JIT::emitSlow_op_loop_hint):
1716         (JSC::JIT::emit_op_check_traps):
1717         (JSC::JIT::emit_op_nop):
1718         (JSC::JIT::emit_op_super_sampler_begin):
1719         (JSC::JIT::emit_op_super_sampler_end):
1720         (JSC::JIT::emitSlow_op_check_traps):
1721         (JSC::JIT::emit_op_new_regexp):
1722         (JSC::JIT::emitNewFuncCommon):
1723         (JSC::JIT::emit_op_new_func):
1724         (JSC::JIT::emit_op_new_generator_func):
1725         (JSC::JIT::emit_op_new_async_generator_func):
1726         (JSC::JIT::emit_op_new_async_func):
1727         (JSC::JIT::emitNewFuncExprCommon):
1728         (JSC::JIT::emit_op_new_func_exp):
1729         (JSC::JIT::emit_op_new_generator_func_exp):
1730         (JSC::JIT::emit_op_new_async_func_exp):
1731         (JSC::JIT::emit_op_new_async_generator_func_exp):
1732         (JSC::JIT::emit_op_new_array):
1733         (JSC::JIT::emit_op_new_array_with_size):
1734         (JSC::JIT::emit_op_has_structure_property):
1735         (JSC::JIT::privateCompileHasIndexedProperty):
1736         (JSC::JIT::emit_op_has_indexed_property):
1737         (JSC::JIT::emitSlow_op_has_indexed_property):
1738         (JSC::JIT::emit_op_get_direct_pname):
1739         (JSC::JIT::emit_op_enumerator_structure_pname):
1740         (JSC::JIT::emit_op_enumerator_generic_pname):
1741         (JSC::JIT::emit_op_profile_type):
1742         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1743         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1744         (JSC::JIT::emit_op_profile_control_flow):
1745         (JSC::JIT::emit_op_argument_count):
1746         (JSC::JIT::emit_op_get_rest_length):
1747         (JSC::JIT::emit_op_get_argument):
1748         * jit/JITOpcodes32_64.cpp:
1749         (JSC::JIT::emit_op_to_this):
1750         * jit/JITOperations.cpp:
1751         * jit/JITOperations.h:
1752         * jit/JITPropertyAccess.cpp:
1753         (JSC::JIT::emit_op_get_by_val):
1754         (JSC::JIT::emitGetByValWithCachedId):
1755         (JSC::JIT::emitSlow_op_get_by_val):
1756         (JSC::JIT::emit_op_put_by_val_direct):
1757         (JSC::JIT::emit_op_put_by_val):
1758         (JSC::JIT::emitGenericContiguousPutByVal):
1759         (JSC::JIT::emitArrayStoragePutByVal):
1760         (JSC::JIT::emitPutByValWithCachedId):
1761         (JSC::JIT::emitSlow_op_put_by_val):
1762         (JSC::JIT::emit_op_put_getter_by_id):
1763         (JSC::JIT::emit_op_put_setter_by_id):
1764         (JSC::JIT::emit_op_put_getter_setter_by_id):
1765         (JSC::JIT::emit_op_put_getter_by_val):
1766         (JSC::JIT::emit_op_put_setter_by_val):
1767         (JSC::JIT::emit_op_del_by_id):
1768         (JSC::JIT::emit_op_del_by_val):
1769         (JSC::JIT::emit_op_try_get_by_id):
1770         (JSC::JIT::emitSlow_op_try_get_by_id):
1771         (JSC::JIT::emit_op_get_by_id_direct):
1772         (JSC::JIT::emitSlow_op_get_by_id_direct):
1773         (JSC::JIT::emit_op_get_by_id):
1774         (JSC::JIT::emit_op_get_by_id_with_this):
1775         (JSC::JIT::emitSlow_op_get_by_id):
1776         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1777         (JSC::JIT::emit_op_put_by_id):
1778         (JSC::JIT::emitSlow_op_put_by_id):
1779         (JSC::JIT::emit_op_in_by_id):
1780         (JSC::JIT::emitSlow_op_in_by_id):
1781         (JSC::JIT::emit_op_resolve_scope):
1782         (JSC::JIT::emit_op_get_from_scope):
1783         (JSC::JIT::emitSlow_op_get_from_scope):
1784         (JSC::JIT::emit_op_put_to_scope):
1785         (JSC::JIT::emitSlow_op_put_to_scope):
1786         (JSC::JIT::emit_op_get_from_arguments):
1787         (JSC::JIT::emit_op_put_to_arguments):
1788         (JSC::JIT::privateCompileGetByVal):
1789         (JSC::JIT::privateCompileGetByValWithCachedId):
1790         (JSC::JIT::privateCompilePutByVal):
1791         (JSC::JIT::privateCompilePutByValWithCachedId):
1792         (JSC::JIT::emitDoubleLoad):
1793         (JSC::JIT::emitContiguousLoad):
1794         (JSC::JIT::emitArrayStorageLoad):
1795         (JSC::JIT::emitDirectArgumentsGetByVal):
1796         (JSC::JIT::emitScopedArgumentsGetByVal):
1797         (JSC::JIT::emitIntTypedArrayGetByVal):
1798         (JSC::JIT::emitFloatTypedArrayGetByVal):
1799         (JSC::JIT::emitIntTypedArrayPutByVal):
1800         (JSC::JIT::emitFloatTypedArrayPutByVal):
1801         * jit/RegisterSet.cpp:
1802         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
1803         * jit/SlowPathCall.h:
1804         (JSC::JITSlowPathCall::JITSlowPathCall):
1805         * llint/LLIntData.cpp:
1806         (JSC::LLInt::initialize):
1807         (JSC::LLInt::Data::performAssertions):
1808         * llint/LLIntData.h:
1809         (JSC::LLInt::exceptionInstructions):
1810         (JSC::LLInt::opcodeMap):
1811         (JSC::LLInt::opcodeMapWide):
1812         (JSC::LLInt::getOpcode):
1813         (JSC::LLInt::getOpcodeWide):
1814         (JSC::LLInt::getWideCodePtr):
1815         * llint/LLIntOffsetsExtractor.cpp:
1816         * llint/LLIntSlowPaths.cpp:
1817         (JSC::LLInt::llint_trace_operand):
1818         (JSC::LLInt::llint_trace_value):
1819         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1820         (JSC::LLInt::entryOSR):
1821         (JSC::LLInt::setupGetByIdPrototypeCache):
1822         (JSC::LLInt::getByVal):
1823         (JSC::LLInt::handleHostCall):
1824         (JSC::LLInt::setUpCall):
1825         (JSC::LLInt::genericCall):
1826         (JSC::LLInt::varargsSetup):
1827         (JSC::LLInt::commonCallEval):
1828         * llint/LLIntSlowPaths.h:
1829         * llint/LowLevelInterpreter.asm:
1830         * llint/LowLevelInterpreter.cpp:
1831         (JSC::CLoopRegister::operator const Instruction*):
1832         (JSC::CLoop::execute):
1833         * llint/LowLevelInterpreter32_64.asm:
1834         * llint/LowLevelInterpreter64.asm:
1835         * offlineasm/arm64.rb:
1836         * offlineasm/asm.rb:
1837         * offlineasm/ast.rb:
1838         * offlineasm/cloop.rb:
1839         * offlineasm/generate_offset_extractor.rb:
1840         * offlineasm/instructions.rb:
1841         * offlineasm/offsets.rb:
1842         * offlineasm/parser.rb:
1843         * offlineasm/transform.rb:
1844         * offlineasm/x86.rb:
1845         * parser/ResultType.h:
1846         (JSC::ResultType::dump const):
1847         (JSC::OperandTypes::first const):
1848         (JSC::OperandTypes::second const):
1849         (JSC::OperandTypes::dump const):
1850         * profiler/ProfilerBytecodeSequence.cpp:
1851         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
1852         * runtime/CommonSlowPaths.cpp:
1853         (JSC::SLOW_PATH_DECL):
1854         (JSC::updateArithProfileForUnaryArithOp):
1855         (JSC::updateArithProfileForBinaryArithOp):
1856         * runtime/CommonSlowPaths.h:
1857         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
1858         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
1859         * runtime/ExceptionFuzz.cpp:
1860         (JSC::doExceptionFuzzing):
1861         * runtime/ExceptionFuzz.h:
1862         (JSC::doExceptionFuzzingIfEnabled):
1863         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
1864         (JSC::GetPutInfo::dump const):
1865         (WTF::printInternal):
1866         * runtime/GetPutInfo.h:
1867         (JSC::GetPutInfo::operand const):
1868         * runtime/JSCPoison.h:
1869         * runtime/JSType.cpp: Added.
1870         (WTF::printInternal):
1871         * runtime/JSType.h:
1872         * runtime/SamplingProfiler.cpp:
1873         (JSC::SamplingProfiler::StackFrame::displayName):
1874         * runtime/SamplingProfiler.h:
1875         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
1876         * runtime/SlowPathReturnType.h:
1877         (JSC::encodeResult):
1878         (JSC::decodeResult):
1879         * runtime/VM.h:
1880         * runtime/Watchdog.h:
1881         * tools/HeapVerifier.cpp:
1882
1883 2018-10-27  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1884
1885         Unreviewed, partial rolling in r237254
1886         https://bugs.webkit.org/show_bug.cgi?id=190340
1887
1888         We do not use the added function right now to investigate what is the reason of the regression.
1889         It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision
1890         seems culprit of the regression on iOS devices.
1891
1892         * bytecode/UnlinkedFunctionExecutable.cpp:
1893         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
1894         * bytecode/UnlinkedFunctionExecutable.h:
1895         * parser/SourceCodeKey.h:
1896         (JSC::SourceCodeKey::SourceCodeKey):
1897         (JSC::SourceCodeKey::operator== const):
1898         * runtime/CodeCache.cpp:
1899         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1900         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
1901         * runtime/CodeCache.h:
1902         * runtime/FunctionConstructor.cpp:
1903         (JSC::constructFunctionSkippingEvalEnabledCheck):
1904         * runtime/FunctionExecutable.cpp:
1905         (JSC::FunctionExecutable::fromGlobalCode):
1906         * runtime/FunctionExecutable.h:
1907
1908 2018-10-26  Commit Queue  <commit-queue@webkit.org>
1909
1910         Unreviewed, rolling out r237479 and r237484.
1911         https://bugs.webkit.org/show_bug.cgi?id=190978
1912
1913         broke JSC on iOS (Requested by tadeuzagallo on #webkit).
1914
1915         Reverted changesets:
1916
1917         "New bytecode format for JSC"
1918         https://bugs.webkit.org/show_bug.cgi?id=187373
1919         https://trac.webkit.org/changeset/237479
1920
1921         "Gardening: Build fix after r237479."
1922         https://bugs.webkit.org/show_bug.cgi?id=187373
1923         https://trac.webkit.org/changeset/237484
1924
1925 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
1926
1927         Gardening: Build fix after r237479.
1928         https://bugs.webkit.org/show_bug.cgi?id=187373
1929
1930         Unreviewed.
1931
1932         * Configurations/JSC.xcconfig:
1933         * JavaScriptCore.xcodeproj/project.pbxproj:
1934         * llint/LLIntData.cpp:
1935         (JSC::LLInt::initialize):
1936
1937 2018-10-26  Tadeu Zagallo  <tzagallo@apple.com>
1938
1939         New bytecode format for JSC
1940         https://bugs.webkit.org/show_bug.cgi?id=187373
1941         <rdar://problem/44186758>
1942
1943         Reviewed by Filip Pizlo.
1944
1945         Replace unlinked and linked bytecode with a new immutable bytecode that does not embed
1946         any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte
1947         operands) and might contain an extra operand, the metadataID. The metadataID is used to
1948         access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable).
1949
1950         Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names
1951         and types to all its operands. Additionally, reading a bytecode from the instruction stream
1952         requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary
1953         operands directly from the stream.
1954
1955
1956         * CMakeLists.txt:
1957         * DerivedSources.make:
1958         * JavaScriptCore.xcodeproj/project.pbxproj:
1959         * Sources.txt:
1960         * assembler/MacroAssemblerCodeRef.h:
1961         (JSC::ReturnAddressPtr::ReturnAddressPtr):
1962         (JSC::ReturnAddressPtr::value const):
1963         (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
1964         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
1965         * bytecode/ArithProfile.h:
1966         (JSC::ArithProfile::ArithProfile):
1967         * bytecode/ArrayAllocationProfile.h:
1968         (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
1969         * bytecode/ArrayProfile.h:
1970         * bytecode/BytecodeBasicBlock.cpp:
1971         (JSC::isJumpTarget):
1972         (JSC::BytecodeBasicBlock::computeImpl):
1973         (JSC::BytecodeBasicBlock::compute):
1974         * bytecode/BytecodeBasicBlock.h:
1975         (JSC::BytecodeBasicBlock::leaderOffset const):
1976         (JSC::BytecodeBasicBlock::totalLength const):
1977         (JSC::BytecodeBasicBlock::offsets const):
1978         (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
1979         (JSC::BytecodeBasicBlock::addLength):
1980         * bytecode/BytecodeDumper.cpp:
1981         (JSC::BytecodeDumper<Block>::printLocationAndOp):
1982         (JSC::BytecodeDumper<Block>::dumpBytecode):
1983         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
1984         (JSC::BytecodeDumper<Block>::dumpConstants):
1985         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
1986         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
1987         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
1988         (JSC::BytecodeDumper<Block>::dumpBlock):
1989         * bytecode/BytecodeDumper.h:
1990         (JSC::BytecodeDumper::dumpOperand):
1991         (JSC::BytecodeDumper::dumpValue):
1992         (JSC::BytecodeDumper::BytecodeDumper):
1993         (JSC::BytecodeDumper::block const):
1994         * bytecode/BytecodeGeneratorification.cpp:
1995         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
1996         (JSC::BytecodeGeneratorification::enterPoint const):
1997         (JSC::BytecodeGeneratorification::instructions const):
1998         (JSC::GeneratorLivenessAnalysis::run):
1999         (JSC::BytecodeGeneratorification::run):
2000         (JSC::performGeneratorification):
2001         * bytecode/BytecodeGeneratorification.h:
2002         * bytecode/BytecodeGraph.h:
2003         (JSC::BytecodeGraph::blockContainsBytecodeOffset):
2004         (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
2005         (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
2006         (JSC::BytecodeGraph::BytecodeGraph):
2007         * bytecode/BytecodeKills.h:
2008         * bytecode/BytecodeList.json: Removed.
2009         * bytecode/BytecodeList.rb: Added.
2010         * bytecode/BytecodeLivenessAnalysis.cpp:
2011         (JSC::BytecodeLivenessAnalysis::dumpResults):
2012         * bytecode/BytecodeLivenessAnalysis.h:
2013         * bytecode/BytecodeLivenessAnalysisInlines.h:
2014         (JSC::isValidRegisterForLiveness):
2015         (JSC::BytecodeLivenessPropagation::stepOverInstruction):
2016         * bytecode/BytecodeRewriter.cpp:
2017         (JSC::BytecodeRewriter::applyModification):
2018         (JSC::BytecodeRewriter::execute):
2019         (JSC::BytecodeRewriter::adjustJumpTargetsInFragment):
2020         (JSC::BytecodeRewriter::insertImpl):
2021         (JSC::BytecodeRewriter::adjustJumpTarget):
2022         (JSC::BytecodeRewriter::adjustJumpTargets):
2023         * bytecode/BytecodeRewriter.h:
2024         (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
2025         (JSC::BytecodeRewriter::Fragment::Fragment):
2026         (JSC::BytecodeRewriter::Fragment::appendInstruction):
2027         (JSC::BytecodeRewriter::BytecodeRewriter):
2028         (JSC::BytecodeRewriter::insertFragmentBefore):
2029         (JSC::BytecodeRewriter::insertFragmentAfter):
2030         (JSC::BytecodeRewriter::removeBytecode):
2031         (JSC::BytecodeRewriter::adjustAbsoluteOffset):
2032         (JSC::BytecodeRewriter::adjustJumpTarget):
2033         * bytecode/BytecodeUseDef.h:
2034         (JSC::computeUsesForBytecodeOffset):
2035         (JSC::computeDefsForBytecodeOffset):
2036         * bytecode/CallLinkStatus.cpp:
2037         (JSC::CallLinkStatus::computeFromLLInt):
2038         * bytecode/CodeBlock.cpp:
2039         (JSC::CodeBlock::dumpBytecode):
2040         (JSC::CodeBlock::CodeBlock):
2041         (JSC::CodeBlock::finishCreation):
2042         (JSC::CodeBlock::estimatedSize):
2043         (JSC::CodeBlock::visitChildren):
2044         (JSC::CodeBlock::propagateTransitions):
2045         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2046         (JSC::CodeBlock::addJITAddIC):
2047         (JSC::CodeBlock::addJITMulIC):
2048         (JSC::CodeBlock::addJITSubIC):
2049         (JSC::CodeBlock::addJITNegIC):
2050         (JSC::CodeBlock::stronglyVisitStrongReferences):
2051         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset):
2052         (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow):
2053         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2054         (JSC::CodeBlock::getArrayProfile):
2055         (JSC::CodeBlock::updateAllArrayPredictions):
2056         (JSC::CodeBlock::predictedMachineCodeSize):
2057         (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset):
2058         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2059         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2060         (JSC::CodeBlock::validate):
2061         (JSC::CodeBlock::outOfLineJumpOffset):
2062         (JSC::CodeBlock::outOfLineJumpTarget):
2063         (JSC::CodeBlock::arithProfileForBytecodeOffset):
2064         (JSC::CodeBlock::arithProfileForPC):
2065         (JSC::CodeBlock::couldTakeSpecialFastCase):
2066         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2067         * bytecode/CodeBlock.h:
2068         (JSC::CodeBlock::addMathIC):
2069         (JSC::CodeBlock::outOfLineJumpOffset):
2070         (JSC::CodeBlock::bytecodeOffset):
2071         (JSC::CodeBlock::instructions const):
2072         (JSC::CodeBlock::instructionCount const):
2073         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
2074         (JSC::CodeBlock::metadata):
2075         (JSC::CodeBlock::metadataSizeInBytes):
2076         (JSC::CodeBlock::numberOfNonArgumentValueProfiles):
2077         (JSC::CodeBlock::totalNumberOfValueProfiles):
2078         * bytecode/CodeBlockInlines.h: Added.
2079         (JSC::CodeBlock::forEachValueProfile):
2080         (JSC::CodeBlock::forEachArrayProfile):
2081         (JSC::CodeBlock::forEachArrayAllocationProfile):
2082         (JSC::CodeBlock::forEachObjectAllocationProfile):
2083         (JSC::CodeBlock::forEachLLIntCallLinkInfo):
2084         * bytecode/Fits.h: Added.
2085         * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2086         * bytecode/GetByIdStatus.cpp:
2087         (JSC::GetByIdStatus::computeFromLLInt):
2088         * bytecode/Instruction.h:
2089         (JSC::Instruction::Instruction):
2090         (JSC::Instruction::Impl::opcodeID const):
2091         (JSC::Instruction::opcodeID const):
2092         (JSC::Instruction::name const):
2093         (JSC::Instruction::isWide const):
2094         (JSC::Instruction::size const):
2095         (JSC::Instruction::is const):
2096         (JSC::Instruction::as const):
2097         (JSC::Instruction::cast):
2098         (JSC::Instruction::cast const):
2099         (JSC::Instruction::narrow const):
2100         (JSC::Instruction::wide const):
2101         * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2102         (JSC::InstructionStream::InstructionStream):
2103         (JSC::InstructionStream::sizeInBytes const):
2104         * bytecode/InstructionStream.h: Added.
2105         (JSC::InstructionStream::BaseRef::BaseRef):
2106         (JSC::InstructionStream::BaseRef::operator=):
2107         (JSC::InstructionStream::BaseRef::operator-> const):
2108         (JSC::InstructionStream::BaseRef::ptr const):
2109         (JSC::InstructionStream::BaseRef::operator!= const):
2110         (JSC::InstructionStream::BaseRef::next const):
2111         (JSC::InstructionStream::BaseRef::offset const):
2112         (JSC::InstructionStream::BaseRef::isValid const):
2113         (JSC::InstructionStream::BaseRef::unwrap const):
2114         (JSC::InstructionStream::MutableRef::freeze const):
2115         (JSC::InstructionStream::MutableRef::operator->):
2116         (JSC::InstructionStream::MutableRef::ptr):
2117         (JSC::InstructionStream::MutableRef::operator Ref):
2118         (JSC::InstructionStream::MutableRef::unwrap):
2119         (JSC::InstructionStream::iterator::operator*):
2120         (JSC::InstructionStream::iterator::operator++):
2121         (JSC::InstructionStream::begin const):
2122         (JSC::InstructionStream::end const):
2123         (JSC::InstructionStream::at const):
2124         (JSC::InstructionStream::size const):
2125         (JSC::InstructionStreamWriter::InstructionStreamWriter):
2126         (JSC::InstructionStreamWriter::ref):
2127         (JSC::InstructionStreamWriter::seek):
2128         (JSC::InstructionStreamWriter::position):
2129         (JSC::InstructionStreamWriter::write):
2130         (JSC::InstructionStreamWriter::rewind):
2131         (JSC::InstructionStreamWriter::finalize):
2132         (JSC::InstructionStreamWriter::swap):
2133         (JSC::InstructionStreamWriter::iterator::operator*):
2134         (JSC::InstructionStreamWriter::iterator::operator++):
2135         (JSC::InstructionStreamWriter::begin):
2136         (JSC::InstructionStreamWriter::end):
2137         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
2138         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint):
2139         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
2140         (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache):
2141         * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h:
2142         * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2143         (JSC::MetadataTable::MetadataTable):
2144         (JSC::DeallocTable::withOpcodeType):
2145         (JSC::MetadataTable::~MetadataTable):
2146         (JSC::MetadataTable::sizeInBytes):
2147         * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h.
2148         (JSC::MetadataTable::get):
2149         (JSC::MetadataTable::forEach):
2150         (JSC::MetadataTable::getImpl):
2151         * bytecode/Opcode.cpp:
2152         (JSC::metadataSize):
2153         * bytecode/Opcode.h:
2154         (JSC::padOpcodeName):
2155         * bytecode/OpcodeInlines.h:
2156         (JSC::isOpcodeShape):
2157         (JSC::getOpcodeType):
2158         * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2159         * bytecode/PreciseJumpTargets.cpp:
2160         (JSC::getJumpTargetsForInstruction):
2161         (JSC::computePreciseJumpTargetsInternal):
2162         (JSC::computePreciseJumpTargets):
2163         (JSC::recomputePreciseJumpTargets):
2164         (JSC::findJumpTargetsForInstruction):
2165         * bytecode/PreciseJumpTargets.h:
2166         * bytecode/PreciseJumpTargetsInlines.h:
2167         (JSC::jumpTargetForInstruction):
2168         (JSC::extractStoredJumpTargetsForInstruction):
2169         (JSC::updateStoredJumpTargetsForInstruction):
2170         * bytecode/PutByIdStatus.cpp:
2171         (JSC::PutByIdStatus::computeFromLLInt):
2172         * bytecode/SpecialPointer.cpp:
2173         (WTF::printInternal):
2174         * bytecode/SpecialPointer.h:
2175         * bytecode/UnlinkedCodeBlock.cpp:
2176         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2177         (JSC::UnlinkedCodeBlock::visitChildren):
2178         (JSC::UnlinkedCodeBlock::estimatedSize):
2179         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
2180         (JSC::dumpLineColumnEntry):
2181         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const):
2182         (JSC::UnlinkedCodeBlock::setInstructions):
2183         (JSC::UnlinkedCodeBlock::instructions const):
2184         (JSC::UnlinkedCodeBlock::applyModification):
2185         (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget):
2186         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2187         * bytecode/UnlinkedCodeBlock.h:
2188         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction):
2189         (JSC::UnlinkedCodeBlock::propertyAccessInstructions const):
2190         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
2191         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
2192         (JSC::UnlinkedCodeBlock::metadata):
2193         (JSC::UnlinkedCodeBlock::metadataSizeInBytes):
2194         (JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
2195         (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets):
2196         * bytecode/UnlinkedInstructionStream.cpp: Removed.
2197         * bytecode/UnlinkedInstructionStream.h: Removed.
2198         * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h.
2199         * bytecode/UnlinkedMetadataTableInlines.h: Added.
2200         (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable):
2201         (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable):
2202         (JSC::UnlinkedMetadataTable::addEntry):
2203         (JSC::UnlinkedMetadataTable::sizeInBytes):
2204         (JSC::UnlinkedMetadataTable::finalize):
2205         (JSC::UnlinkedMetadataTable::link):
2206         (JSC::UnlinkedMetadataTable::unlink):
2207         * bytecode/VirtualRegister.cpp:
2208         (JSC::VirtualRegister::VirtualRegister):
2209         * bytecode/VirtualRegister.h:
2210         * bytecompiler/BytecodeGenerator.cpp:
2211         (JSC::Label::setLocation):
2212         (JSC::Label::bind):
2213         (JSC::BytecodeGenerator::generate):
2214         (JSC::BytecodeGenerator::BytecodeGenerator):
2215         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2216         (JSC::BytecodeGenerator::emitEnter):
2217         (JSC::BytecodeGenerator::emitLoopHint):
2218         (JSC::BytecodeGenerator::emitJump):
2219         (JSC::BytecodeGenerator::emitCheckTraps):
2220         (JSC::BytecodeGenerator::rewind):
2221         (JSC::BytecodeGenerator::fuseCompareAndJump):
2222         (JSC::BytecodeGenerator::fuseTestAndJmp):
2223         (JSC::BytecodeGenerator::emitJumpIfTrue):
2224         (JSC::BytecodeGenerator::emitJumpIfFalse):
2225         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2226         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2227         (JSC::BytecodeGenerator::moveLinkTimeConstant):
2228         (JSC::BytecodeGenerator::moveEmptyValue):
2229         (JSC::BytecodeGenerator::emitMove):
2230         (JSC::BytecodeGenerator::emitUnaryOp):
2231         (JSC::BytecodeGenerator::emitBinaryOp):
2232         (JSC::BytecodeGenerator::emitToObject):
2233         (JSC::BytecodeGenerator::emitToNumber):
2234         (JSC::BytecodeGenerator::emitToString):
2235         (JSC::BytecodeGenerator::emitTypeOf):
2236         (JSC::BytecodeGenerator::emitInc):
2237         (JSC::BytecodeGenerator::emitDec):
2238         (JSC::BytecodeGenerator::emitEqualityOp):
2239         (JSC::BytecodeGenerator::emitProfileType):
2240         (JSC::BytecodeGenerator::emitProfileControlFlow):
2241         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2242         (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval):
2243         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
2244         (JSC::BytecodeGenerator::emitOverridesHasInstance):
2245         (JSC::BytecodeGenerator::emitResolveScope):
2246         (JSC::BytecodeGenerator::emitGetFromScope):
2247         (JSC::BytecodeGenerator::emitPutToScope):
2248         (JSC::BytecodeGenerator::emitInstanceOf):
2249         (JSC::BytecodeGenerator::emitInstanceOfCustom):
2250         (JSC::BytecodeGenerator::emitInByVal):
2251         (JSC::BytecodeGenerator::emitInById):
2252         (JSC::BytecodeGenerator::emitTryGetById):
2253         (JSC::BytecodeGenerator::emitGetById):
2254         (JSC::BytecodeGenerator::emitDirectGetById):
2255         (JSC::BytecodeGenerator::emitPutById):
2256         (JSC::BytecodeGenerator::emitDirectPutById):
2257         (JSC::BytecodeGenerator::emitPutGetterById):
2258         (JSC::BytecodeGenerator::emitPutSetterById):
2259         (JSC::BytecodeGenerator::emitPutGetterSetter):
2260         (JSC::BytecodeGenerator::emitPutGetterByVal):
2261         (JSC::BytecodeGenerator::emitPutSetterByVal):
2262         (JSC::BytecodeGenerator::emitDeleteById):
2263         (JSC::BytecodeGenerator::emitGetByVal):
2264         (JSC::BytecodeGenerator::emitPutByVal):
2265         (JSC::BytecodeGenerator::emitDirectPutByVal):
2266         (JSC::BytecodeGenerator::emitDeleteByVal):
2267         (JSC::BytecodeGenerator::emitSuperSamplerBegin):
2268         (JSC::BytecodeGenerator::emitSuperSamplerEnd):
2269         (JSC::BytecodeGenerator::emitIdWithProfile):
2270         (JSC::BytecodeGenerator::emitUnreachable):
2271         (JSC::BytecodeGenerator::emitGetArgument):
2272         (JSC::BytecodeGenerator::emitCreateThis):
2273         (JSC::BytecodeGenerator::emitTDZCheck):
2274         (JSC::BytecodeGenerator::emitNewObject):
2275         (JSC::BytecodeGenerator::emitNewArrayBuffer):
2276         (JSC::BytecodeGenerator::emitNewArray):
2277         (JSC::BytecodeGenerator::emitNewArrayWithSpread):
2278         (JSC::BytecodeGenerator::emitNewArrayWithSize):
2279         (JSC::BytecodeGenerator::emitNewRegExp):
2280         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
2281         (JSC::BytecodeGenerator::emitNewDefaultConstructor):
2282         (JSC::BytecodeGenerator::emitNewFunction):
2283         (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
2284         (JSC::BytecodeGenerator::emitCall):
2285         (JSC::BytecodeGenerator::emitCallInTailPosition):
2286         (JSC::BytecodeGenerator::emitCallEval):
2287         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2288         (JSC::BytecodeGenerator::emitCallVarargs):
2289         (JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
2290         (JSC::BytecodeGenerator::emitConstructVarargs):
2291         (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
2292         (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary):
2293         (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary):
2294         (JSC::BytecodeGenerator::emitCallDefineProperty):
2295         (JSC::BytecodeGenerator::emitReturn):
2296         (JSC::BytecodeGenerator::emitEnd):
2297         (JSC::BytecodeGenerator::emitConstruct):
2298         (JSC::BytecodeGenerator::emitStrcat):
2299         (JSC::BytecodeGenerator::emitToPrimitive):
2300         (JSC::BytecodeGenerator::emitGetScope):
2301         (JSC::BytecodeGenerator::emitPushWithScope):
2302         (JSC::BytecodeGenerator::emitGetParentScope):
2303         (JSC::BytecodeGenerator::emitDebugHook):
2304         (JSC::BytecodeGenerator::emitCatch):
2305         (JSC::BytecodeGenerator::emitThrow):
2306         (JSC::BytecodeGenerator::emitArgumentCount):
2307         (JSC::BytecodeGenerator::emitThrowStaticError):
2308         (JSC::BytecodeGenerator::beginSwitch):
2309         (JSC::prepareJumpTableForSwitch):
2310         (JSC::prepareJumpTableForStringSwitch):
2311         (JSC::BytecodeGenerator::endSwitch):
2312         (JSC::BytecodeGenerator::emitGetEnumerableLength):
2313         (JSC::BytecodeGenerator::emitHasGenericProperty):
2314         (JSC::BytecodeGenerator::emitHasIndexedProperty):
2315         (JSC::BytecodeGenerator::emitHasStructureProperty):
2316         (JSC::BytecodeGenerator::emitGetPropertyEnumerator):
2317         (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
2318         (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
2319         (JSC::BytecodeGenerator::emitToIndexString):
2320         (JSC::BytecodeGenerator::emitIsCellWithType):
2321         (JSC::BytecodeGenerator::emitIsObject):
2322         (JSC::BytecodeGenerator::emitIsNumber):
2323         (JSC::BytecodeGenerator::emitIsUndefined):
2324         (JSC::BytecodeGenerator::emitIsEmpty):
2325         (JSC::BytecodeGenerator::emitRestParameter):
2326         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
2327         (JSC::BytecodeGenerator::emitYieldPoint):
2328         (JSC::BytecodeGenerator::emitYield):
2329         (JSC::BytecodeGenerator::emitGetAsyncIterator):
2330         (JSC::BytecodeGenerator::emitDelegateYield):
2331         (JSC::BytecodeGenerator::emitFinallyCompletion):
2332         (JSC::BytecodeGenerator::emitJumpIf):
2333         (JSC::ForInContext::finalize):
2334         (JSC::StructureForInContext::finalize):
2335         (JSC::IndexedForInContext::finalize):
2336         (JSC::StaticPropertyAnalysis::record):
2337         (JSC::BytecodeGenerator::emitToThis):
2338         * bytecompiler/BytecodeGenerator.h:
2339         (JSC::StructureForInContext::addGetInst):
2340         (JSC::BytecodeGenerator::recordOpcode):
2341         (JSC::BytecodeGenerator::addMetadataFor):
2342         (JSC::BytecodeGenerator::emitUnaryOp):
2343         (JSC::BytecodeGenerator::kill):
2344         (JSC::BytecodeGenerator::instructions const):
2345         (JSC::BytecodeGenerator::write):
2346         (JSC::BytecodeGenerator::withWriter):
2347         * bytecompiler/Label.h:
2348         (JSC::Label::Label):
2349         (JSC::Label::bind):
2350         * bytecompiler/NodesCodegen.cpp:
2351         (JSC::ArrayNode::emitBytecode):
2352         (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount):
2353         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2354         (JSC::BitwiseNotNode::emitBytecode):
2355         (JSC::BinaryOpNode::emitBytecode):
2356         (JSC::EqualNode::emitBytecode):
2357         (JSC::StrictEqualNode::emitBytecode):
2358         (JSC::emitReadModifyAssignment):
2359         (JSC::ForInNode::emitBytecode):
2360         (JSC::CaseBlockNode::emitBytecodeForBlock):
2361         (JSC::FunctionNode::emitBytecode):
2362         (JSC::ClassExprNode::emitBytecode):
2363         * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp.
2364         (WTF::printInternal):
2365         * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2366         * bytecompiler/RegisterID.h:
2367         * bytecompiler/StaticPropertyAnalysis.h:
2368         (JSC::StaticPropertyAnalysis::create):
2369         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
2370         * bytecompiler/StaticPropertyAnalyzer.h:
2371         (JSC::StaticPropertyAnalyzer::createThis):
2372         (JSC::StaticPropertyAnalyzer::newObject):
2373         (JSC::StaticPropertyAnalyzer::putById):
2374         (JSC::StaticPropertyAnalyzer::mov):
2375         (JSC::StaticPropertyAnalyzer::kill):
2376         * dfg/DFGByteCodeParser.cpp:
2377         (JSC::DFG::ByteCodeParser::addCall):
2378         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2379         (JSC::DFG::ByteCodeParser::getArrayMode):
2380         (JSC::DFG::ByteCodeParser::handleCall):
2381         (JSC::DFG::ByteCodeParser::handleVarargsCall):
2382         (JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
2383         (JSC::DFG::ByteCodeParser::inlineCall):
2384         (JSC::DFG::ByteCodeParser::handleCallVariant):
2385         (JSC::DFG::ByteCodeParser::handleVarargsInlining):
2386         (JSC::DFG::ByteCodeParser::handleInlining):
2387         (JSC::DFG::ByteCodeParser::handleMinMax):
2388         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
2389         (JSC::DFG::ByteCodeParser::handleDOMJITCall):
2390         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
2391         (JSC::DFG::ByteCodeParser::handleDOMJITGetter):
2392         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
2393         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
2394         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2395         (JSC::DFG::ByteCodeParser::handleGetById):
2396         (JSC::DFG::ByteCodeParser::handlePutById):
2397         (JSC::DFG::ByteCodeParser::parseGetById):
2398         (JSC::DFG::ByteCodeParser::parseBlock):
2399         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2400         (JSC::DFG::ByteCodeParser::handlePutByVal):
2401         (JSC::DFG::ByteCodeParser::handlePutAccessorById):
2402         (JSC::DFG::ByteCodeParser::handlePutAccessorByVal):
2403         (JSC::DFG::ByteCodeParser::handleNewFunc):
2404         (JSC::DFG::ByteCodeParser::handleNewFuncExp):
2405         (JSC::DFG::ByteCodeParser::parse):
2406         * dfg/DFGCapabilities.cpp:
2407         (JSC::DFG::capabilityLevel):
2408         * dfg/DFGCapabilities.h:
2409         (JSC::DFG::capabilityLevel):
2410         * dfg/DFGOSREntry.cpp:
2411         (JSC::DFG::prepareCatchOSREntry):
2412         * dfg/DFGSpeculativeJIT.cpp:
2413         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2414         (JSC::DFG::SpeculativeJIT::compileValueSub):
2415         (JSC::DFG::SpeculativeJIT::compileValueNegate):
2416         (JSC::DFG::SpeculativeJIT::compileArithMul):
2417         * ftl/FTLLowerDFGToB3.cpp:
2418         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
2419         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
2420         (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
2421         (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
2422         (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
2423         (JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
2424         (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
2425         * ftl/FTLOperations.cpp:
2426         (JSC::FTL::operationMaterializeObjectInOSR):
2427         * generate-bytecode-files: Removed.
2428         * generator/Argument.rb: Added.
2429         * generator/Assertion.rb: Added.
2430         * generator/DSL.rb: Added.
2431         * generator/Fits.rb: Added.
2432         * generator/GeneratedFile.rb: Added.
2433         * generator/Metadata.rb: Added.
2434         * generator/Opcode.rb: Added.
2435         * generator/OpcodeGroup.rb: Added.
2436         * generator/Options.rb: Added.
2437         * generator/Section.rb: Added.
2438         * generator/Template.rb: Added.
2439         * generator/Type.rb: Added.
2440         * generator/main.rb: Added.
2441         * interpreter/AbstractPC.h:
2442         * interpreter/CallFrame.cpp:
2443         (JSC::CallFrame::currentVPC const):
2444         (JSC::CallFrame::setCurrentVPC):
2445         * interpreter/CallFrame.h:
2446         (JSC::CallSiteIndex::CallSiteIndex):
2447         (JSC::ExecState::setReturnPC):
2448         * interpreter/Interpreter.cpp:
2449         (WTF::printInternal):
2450         * interpreter/Interpreter.h:
2451         * interpreter/InterpreterInlines.h:
2452         * interpreter/StackVisitor.cpp:
2453         (JSC::StackVisitor::Frame::dump const):
2454         * interpreter/VMEntryRecord.h:
2455         * jit/JIT.cpp:
2456         (JSC::JIT::JIT):
2457         (JSC::JIT::emitSlowCaseCall):
2458         (JSC::JIT::privateCompileMainPass):
2459         (JSC::JIT::privateCompileSlowCases):
2460         (JSC::JIT::compileWithoutLinking):
2461         (JSC::JIT::link):
2462         * jit/JIT.h:
2463         * jit/JITArithmetic.cpp:
2464         (JSC::JIT::emit_op_jless):
2465         (JSC::JIT::emit_op_jlesseq):
2466         (JSC::JIT::emit_op_jgreater):
2467         (JSC::JIT::emit_op_jgreatereq):
2468         (JSC::JIT::emit_op_jnless):
2469         (JSC::JIT::emit_op_jnlesseq):
2470         (JSC::JIT::emit_op_jngreater):
2471         (JSC::JIT::emit_op_jngreatereq):
2472         (JSC::JIT::emitSlow_op_jless):
2473         (JSC::JIT::emitSlow_op_jlesseq):
2474         (JSC::JIT::emitSlow_op_jgreater):
2475         (JSC::JIT::emitSlow_op_jgreatereq):
2476         (JSC::JIT::emitSlow_op_jnless):
2477         (JSC::JIT::emitSlow_op_jnlesseq):
2478         (JSC::JIT::emitSlow_op_jngreater):
2479         (JSC::JIT::emitSlow_op_jngreatereq):
2480         (JSC::JIT::emit_op_below):
2481         (JSC::JIT::emit_op_beloweq):
2482         (JSC::JIT::emit_op_jbelow):
2483         (JSC::JIT::emit_op_jbeloweq):
2484         (JSC::JIT::emit_op_unsigned):
2485         (JSC::JIT::emit_compareAndJump):
2486         (JSC::JIT::emit_compareUnsignedAndJump):
2487         (JSC::JIT::emit_compareUnsigned):
2488         (JSC::JIT::emit_compareAndJumpSlow):
2489         (JSC::JIT::emit_op_inc):
2490         (JSC::JIT::emit_op_dec):
2491         (JSC::JIT::emit_op_mod):
2492         (JSC::JIT::emitSlow_op_mod):
2493         (JSC::JIT::emit_op_negate):
2494         (JSC::JIT::emitSlow_op_negate):
2495         (JSC::JIT::emitBitBinaryOpFastPath):
2496         (JSC::JIT::emit_op_bitand):
2497         (JSC::JIT::emit_op_bitor):
2498         (JSC::JIT::emit_op_bitxor):
2499         (JSC::JIT::emit_op_lshift):
2500         (JSC::JIT::emitRightShiftFastPath):
2501         (JSC::JIT::emit_op_rshift):
2502         (JSC::JIT::emit_op_urshift):
2503         (JSC::getOperandTypes):
2504         (JSC::JIT::emit_op_add):
2505         (JSC::JIT::emitSlow_op_add):
2506         (JSC::JIT::emitMathICFast):
2507         (JSC::JIT::emitMathICSlow):
2508         (JSC::JIT::emit_op_div):
2509         (JSC::JIT::emit_op_mul):
2510         (JSC::JIT::emitSlow_op_mul):
2511         (JSC::JIT::emit_op_sub):
2512         (JSC::JIT::emitSlow_op_sub):
2513         * jit/JITCall.cpp:
2514         (JSC::JIT::emitPutCallResult):
2515         (JSC::JIT::compileSetupFrame):
2516         (JSC::JIT::compileCallEval):
2517         (JSC::JIT::compileCallEvalSlowCase):
2518         (JSC::JIT::compileTailCall):
2519         (JSC::JIT::compileOpCall):
2520         (JSC::JIT::compileOpCallSlowCase):
2521         (JSC::JIT::emit_op_call):
2522         (JSC::JIT::emit_op_tail_call):
2523         (JSC::JIT::emit_op_call_eval):
2524         (JSC::JIT::emit_op_call_varargs):
2525         (JSC::JIT::emit_op_tail_call_varargs):
2526         (JSC::JIT::emit_op_tail_call_forward_arguments):
2527         (JSC::JIT::emit_op_construct_varargs):
2528         (JSC::JIT::emit_op_construct):
2529         (JSC::JIT::emitSlow_op_call):
2530         (JSC::JIT::emitSlow_op_tail_call):
2531         (JSC::JIT::emitSlow_op_call_eval):
2532         (JSC::JIT::emitSlow_op_call_varargs):
2533         (JSC::JIT::emitSlow_op_tail_call_varargs):
2534         (JSC::JIT::emitSlow_op_tail_call_forward_arguments):
2535         (JSC::JIT::emitSlow_op_construct_varargs):
2536         (JSC::JIT::emitSlow_op_construct):
2537         * jit/JITDisassembler.cpp:
2538         (JSC::JITDisassembler::JITDisassembler):
2539         * jit/JITExceptions.cpp:
2540         (JSC::genericUnwind):
2541         * jit/JITInlines.h:
2542         (JSC::JIT::emitDoubleGetByVal):
2543         (JSC::JIT::emitLoadForArrayMode):
2544         (JSC::JIT::emitContiguousGetByVal):
2545         (JSC::JIT::emitArrayStorageGetByVal):
2546         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2547         (JSC::JIT::sampleInstruction):
2548         (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
2549         (JSC::JIT::emitValueProfilingSite):
2550         (JSC::JIT::jumpTarget):
2551         (JSC::JIT::copiedGetPutInfo):
2552         (JSC::JIT::copiedArithProfile):
2553         * jit/JITMathIC.h:
2554         (JSC::isProfileEmpty):
2555         (JSC::JITBinaryMathIC::JITBinaryMathIC):
2556         (JSC::JITUnaryMathIC::JITUnaryMathIC):
2557         * jit/JITOpcodes.cpp:
2558         (JSC::JIT::emit_op_mov):
2559         (JSC::JIT::emit_op_end):
2560         (JSC::JIT::emit_op_jmp):
2561         (JSC::JIT::emit_op_new_object):
2562         (JSC::JIT::emitSlow_op_new_object):
2563         (JSC::JIT::emit_op_overrides_has_instance):
2564         (JSC::JIT::emit_op_instanceof):
2565         (JSC::JIT::emitSlow_op_instanceof):
2566         (JSC::JIT::emit_op_instanceof_custom):
2567         (JSC::JIT::emit_op_is_empty):
2568         (JSC::JIT::emit_op_is_undefined):
2569         (JSC::JIT::emit_op_is_boolean):
2570         (JSC::JIT::emit_op_is_number):
2571         (JSC::JIT::emit_op_is_cell_with_type):
2572         (JSC::JIT::emit_op_is_object):
2573         (JSC::JIT::emit_op_ret):
2574         (JSC::JIT::emit_op_to_primitive):
2575         (JSC::JIT::emit_op_set_function_name):
2576         (JSC::JIT::emit_op_not):
2577         (JSC::JIT::emit_op_jfalse):
2578         (JSC::JIT::emit_op_jeq_null):
2579         (JSC::JIT::emit_op_jneq_null):
2580         (JSC::JIT::emit_op_jneq_ptr):
2581         (JSC::JIT::emit_op_eq):
2582         (JSC::JIT::emit_op_jeq):
2583         (JSC::JIT::emit_op_jtrue):
2584         (JSC::JIT::emit_op_neq):
2585         (JSC::JIT::emit_op_jneq):
2586         (JSC::JIT::emit_op_throw):
2587         (JSC::JIT::compileOpStrictEq):
2588         (JSC::JIT::emit_op_stricteq):
2589         (JSC::JIT::emit_op_nstricteq):
2590         (JSC::JIT::compileOpStrictEqJump):
2591         (JSC::JIT::emit_op_jstricteq):
2592         (JSC::JIT::emit_op_jnstricteq):
2593         (JSC::JIT::emitSlow_op_jstricteq):
2594         (JSC::JIT::emitSlow_op_jnstricteq):
2595         (JSC::JIT::emit_op_to_number):
2596         (JSC::JIT::emit_op_to_string):
2597         (JSC::JIT::emit_op_to_object):
2598         (JSC::JIT::emit_op_catch):
2599         (JSC::JIT::emit_op_identity_with_profile):
2600         (JSC::JIT::emit_op_get_parent_scope):
2601         (JSC::JIT::emit_op_switch_imm):
2602         (JSC::JIT::emit_op_switch_char):
2603         (JSC::JIT::emit_op_switch_string):
2604         (JSC::JIT::emit_op_debug):
2605         (JSC::JIT::emit_op_eq_null):
2606         (JSC::JIT::emit_op_neq_null):
2607         (JSC::JIT::emit_op_enter):
2608         (JSC::JIT::emit_op_get_scope):
2609         (JSC::JIT::emit_op_to_this):
2610         (JSC::JIT::emit_op_create_this):
2611         (JSC::JIT::emit_op_check_tdz):
2612         (JSC::JIT::emitSlow_op_eq):
2613         (JSC::JIT::emitSlow_op_neq):
2614         (JSC::JIT::emitSlow_op_jeq):
2615         (JSC::JIT::emitSlow_op_jneq):
2616         (JSC::JIT::emitSlow_op_instanceof_custom):
2617         (JSC::JIT::emit_op_loop_hint):
2618         (JSC::JIT::emitSlow_op_loop_hint):
2619         (JSC::JIT::emit_op_check_traps):
2620         (JSC::JIT::emit_op_nop):
2621         (JSC::JIT::emit_op_super_sampler_begin):
2622         (JSC::JIT::emit_op_super_sampler_end):
2623         (JSC::JIT::emitSlow_op_check_traps):
2624         (JSC::JIT::emit_op_new_regexp):
2625         (JSC::JIT::emitNewFuncCommon):
2626         (JSC::JIT::emit_op_new_func):
2627         (JSC::JIT::emit_op_new_generator_func):
2628         (JSC::JIT::emit_op_new_async_generator_func):
2629         (JSC::JIT::emit_op_new_async_func):
2630         (JSC::JIT::emitNewFuncExprCommon):
2631         (JSC::JIT::emit_op_new_func_exp):
2632         (JSC::JIT::emit_op_new_generator_func_exp):
2633         (JSC::JIT::emit_op_new_async_func_exp):
2634         (JSC::JIT::emit_op_new_async_generator_func_exp):
2635         (JSC::JIT::emit_op_new_array):
2636         (JSC::JIT::emit_op_new_array_with_size):
2637         (JSC::JIT::emit_op_has_structure_property):
2638         (JSC::JIT::privateCompileHasIndexedProperty):
2639         (JSC::JIT::emit_op_has_indexed_property):
2640         (JSC::JIT::emitSlow_op_has_indexed_property):
2641         (JSC::JIT::emit_op_get_direct_pname):
2642         (JSC::JIT::emit_op_enumerator_structure_pname):
2643         (JSC::JIT::emit_op_enumerator_generic_pname):
2644         (JSC::JIT::emit_op_profile_type):
2645         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
2646         (JSC::JIT::emit_op_log_shadow_chicken_tail):
2647         (JSC::JIT::emit_op_profile_control_flow):
2648         (JSC::JIT::emit_op_argument_count):
2649         (JSC::JIT::emit_op_get_rest_length):
2650         (JSC::JIT::emit_op_get_argument):
2651         * jit/JITOpcodes32_64.cpp:
2652         (JSC::JIT::emit_op_to_this):
2653         * jit/JITOperations.cpp:
2654         * jit/JITOperations.h:
2655         * jit/JITPropertyAccess.cpp:
2656         (JSC::JIT::emit_op_get_by_val):
2657         (JSC::JIT::emitGetByValWithCachedId):
2658         (JSC::JIT::emitSlow_op_get_by_val):
2659         (JSC::JIT::emit_op_put_by_val_direct):
2660         (JSC::JIT::emit_op_put_by_val):
2661         (JSC::JIT::emitGenericContiguousPutByVal):
2662         (JSC::JIT::emitArrayStoragePutByVal):
2663         (JSC::JIT::emitPutByValWithCachedId):
2664         (JSC::JIT::emitSlow_op_put_by_val):
2665         (JSC::JIT::emit_op_put_getter_by_id):
2666         (JSC::JIT::emit_op_put_setter_by_id):
2667         (JSC::JIT::emit_op_put_getter_setter_by_id):
2668         (JSC::JIT::emit_op_put_getter_by_val):
2669         (JSC::JIT::emit_op_put_setter_by_val):
2670         (JSC::JIT::emit_op_del_by_id):
2671         (JSC::JIT::emit_op_del_by_val):
2672         (JSC::JIT::emit_op_try_get_by_id):
2673         (JSC::JIT::emitSlow_op_try_get_by_id):
2674         (JSC::JIT::emit_op_get_by_id_direct):
2675         (JSC::JIT::emitSlow_op_get_by_id_direct):
2676         (JSC::JIT::emit_op_get_by_id):
2677         (JSC::JIT::emit_op_get_by_id_with_this):
2678         (JSC::JIT::emitSlow_op_get_by_id):
2679         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2680         (JSC::JIT::emit_op_put_by_id):
2681         (JSC::JIT::emitSlow_op_put_by_id):
2682         (JSC::JIT::emit_op_in_by_id):
2683         (JSC::JIT::emitSlow_op_in_by_id):
2684         (JSC::JIT::emit_op_resolve_scope):
2685         (JSC::JIT::emit_op_get_from_scope):
2686         (JSC::JIT::emitSlow_op_get_from_scope):
2687         (JSC::JIT::emit_op_put_to_scope):
2688         (JSC::JIT::emitSlow_op_put_to_scope):
2689         (JSC::JIT::emit_op_get_from_arguments):
2690         (JSC::JIT::emit_op_put_to_arguments):
2691         (JSC::JIT::privateCompileGetByVal):
2692         (JSC::JIT::privateCompileGetByValWithCachedId):
2693         (JSC::JIT::privateCompilePutByVal):
2694         (JSC::JIT::privateCompilePutByValWithCachedId):
2695         (JSC::JIT::emitDoubleLoad):
2696         (JSC::JIT::emitContiguousLoad):
2697         (JSC::JIT::emitArrayStorageLoad):
2698         (JSC::JIT::emitDirectArgumentsGetByVal):
2699         (JSC::JIT::emitScopedArgumentsGetByVal):
2700         (JSC::JIT::emitIntTypedArrayGetByVal):
2701         (JSC::JIT::emitFloatTypedArrayGetByVal):
2702         (JSC::JIT::emitIntTypedArrayPutByVal):
2703         (JSC::JIT::emitFloatTypedArrayPutByVal):
2704         * jit/RegisterSet.cpp:
2705         (JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
2706         * jit/SlowPathCall.h:
2707         (JSC::JITSlowPathCall::JITSlowPathCall):
2708         * llint/LLIntData.cpp:
2709         (JSC::LLInt::initialize):
2710         (JSC::LLInt::Data::performAssertions):
2711         * llint/LLIntData.h:
2712         (JSC::LLInt::exceptionInstructions):
2713         (JSC::LLInt::opcodeMap):
2714         (JSC::LLInt::opcodeMapWide):
2715         (JSC::LLInt::getOpcode):
2716         (JSC::LLInt::getOpcodeWide):
2717         (JSC::LLInt::getWideCodePtr):
2718         * llint/LLIntOffsetsExtractor.cpp:
2719         * llint/LLIntSlowPaths.cpp:
2720         (JSC::LLInt::llint_trace_operand):
2721         (JSC::LLInt::llint_trace_value):
2722         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2723         (JSC::LLInt::entryOSR):
2724         (JSC::LLInt::setupGetByIdPrototypeCache):
2725         (JSC::LLInt::getByVal):
2726         (JSC::LLInt::handleHostCall):
2727         (JSC::LLInt::setUpCall):
2728         (JSC::LLInt::genericCall):
2729         (JSC::LLInt::varargsSetup):
2730         (JSC::LLInt::commonCallEval):
2731         * llint/LLIntSlowPaths.h:
2732         * llint/LowLevelInterpreter.asm:
2733         * llint/LowLevelInterpreter.cpp:
2734         (JSC::CLoopRegister::operator const Instruction*):
2735         (JSC::CLoop::execute):
2736         * llint/LowLevelInterpreter32_64.asm:
2737         * llint/LowLevelInterpreter64.asm:
2738         * offlineasm/arm64.rb:
2739         * offlineasm/asm.rb:
2740         * offlineasm/ast.rb:
2741         * offlineasm/cloop.rb:
2742         * offlineasm/generate_offset_extractor.rb:
2743         * offlineasm/instructions.rb:
2744         * offlineasm/offsets.rb:
2745         * offlineasm/parser.rb:
2746         * offlineasm/transform.rb:
2747         * offlineasm/x86.rb:
2748         * parser/ResultType.h:
2749         (JSC::ResultType::dump const):
2750         (JSC::OperandTypes::first const):
2751         (JSC::OperandTypes::second const):
2752         (JSC::OperandTypes::dump const):
2753         * profiler/ProfilerBytecodeSequence.cpp:
2754         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
2755         * runtime/CommonSlowPaths.cpp:
2756         (JSC::SLOW_PATH_DECL):
2757         (JSC::updateArithProfileForUnaryArithOp):
2758         (JSC::updateArithProfileForBinaryArithOp):
2759         * runtime/CommonSlowPaths.h:
2760         (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
2761         (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
2762         * runtime/ExceptionFuzz.cpp:
2763         (JSC::doExceptionFuzzing):
2764         * runtime/ExceptionFuzz.h:
2765         (JSC::doExceptionFuzzingIfEnabled):
2766         * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp.
2767         (JSC::GetPutInfo::dump const):
2768         (WTF::printInternal):
2769         * runtime/GetPutInfo.h:
2770         (JSC::GetPutInfo::operand const):
2771         * runtime/JSCPoison.h:
2772         * runtime/JSType.cpp: Added.
2773         (WTF::printInternal):
2774         * runtime/JSType.h:
2775         * runtime/SamplingProfiler.cpp:
2776         (JSC::SamplingProfiler::StackFrame::displayName):
2777         * runtime/SamplingProfiler.h:
2778         (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
2779         * runtime/SlowPathReturnType.h:
2780         (JSC::encodeResult):
2781         (JSC::decodeResult):
2782         * runtime/VM.h:
2783         * runtime/Watchdog.h:
2784         * tools/HeapVerifier.cpp:
2785
2786 2018-10-26  Commit Queue  <commit-queue@webkit.org>
2787
2788         Unreviewed, rolling out r237445.
2789         https://bugs.webkit.org/show_bug.cgi?id=190972
2790
2791         Cause performance regression on iOS devices (Requested by
2792         yusukesuzuki on #webkit).
2793
2794         Reverted changeset:
2795
2796         "Unreviewed, partial rolling in r237254"
2797         https://bugs.webkit.org/show_bug.cgi?id=190340
2798         https://trac.webkit.org/changeset/237445
2799
2800 2018-10-26  Mark Lam  <mark.lam@apple.com>
2801
2802         Fix missing edge cases with JSGlobalObjects having a bad time.
2803         https://bugs.webkit.org/show_bug.cgi?id=189028
2804         <rdar://problem/45204939>
2805
2806         Reviewed by Saam Barati.
2807
2808         Consider the following scenario:
2809
2810             let object O1 (of global G1) have an indexing type that is not SlowPut.
2811             let global G2 have a bad time.
2812             let object O2 (of global G2) be set as the prototype of O1.
2813             let object O3 (of global G2) have indexed accessors.
2814
2815         In the existing code, if we set O3 as O2's prototype, we'll have a bug where
2816         O1 will not be made aware that that there are indexed accessors in its prototype
2817         chain.
2818
2819         In this patch, we solve this issue by introducing a new invariant:
2820
2821             A prototype chain is considered to possibly have indexed accessors if any
2822             object in the chain belongs to a global object that is having a bad time.
2823
2824         We apply this invariant as follows:
2825
2826         1. Enhance JSGlobalObject::haveABadTime() to also check if other global objects are
2827            affected by it having a bad time.  If so, it also ensures that those affected
2828            global objects have a bad time.
2829
2830            The original code for JSGlobalObject::haveABadTime() uses a ObjectsWithBrokenIndexingFinder
2831            to find all objects affected by the global object having a bad time.  We enhance
2832            ObjectsWithBrokenIndexingFinder to also check for the possibility that any global
2833            objects may be affected by other global objects having a bad time i.e.
2834
2835                 let g1 = global1
2836                 let g2 = global2
2837                 let o1 = an object in g1
2838                 let o2 = an object in g2
2839
2840                 let g1 have a bad time
2841                 g2 is affected if
2842                     o1 is in the prototype chain of o2,
2843                     and o2 may be a prototype.
2844
2845            If the ObjectsWithBrokenIndexingFinder does find the possibility of other global
2846            objects being affected, it will abort its heap scan and let haveABadTime() take
2847            a slow path to do a more complete multi global object scan.
2848
2849            The slow path works as follows:
2850
2851            1. Iterate the heap and record the graph of all global object dependencies.
2852
2853               For each global object, record the list of other global objects that are
2854               affected by it.
2855
2856            2. Compute a list of global objects that need to have a bad time using the
2857               current global object dependency graph.
2858
2859            3. For each global object in the list of affected global objects, fire their
2860               HaveABadTime watchpoint and convert all their array structures to the
2861               SlowPut alternatives.
2862
2863            4. Re-run ObjectsWithBrokenIndexingFinder to find all objects that are affected
2864               by any of the globals in the list from (2).
2865
2866         2. Enhance Structure::mayInterceptIndexedAccesses() to also return true if the
2867            structure's global object is having a bad time.
2868
2869         Note: there are 3 scenarios that we need to consider:
2870
2871             let g1 = global1
2872             let g2 = global2
2873             let o1 = an object in g1
2874             let o2 = an object in g2
2875
2876             Scenario 1: o2 is a prototype, and
2877                         g1 has a bad time after o1 is inserted into the o2's prototype chain.
2878
2879             Scenario 2: o2 is a prototype, and
2880                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
2881
2882             Scenario 3: o2 is NOT a prototype, and
2883                         o1 is inserted into the o2's prototype chain after g1 has a bad time.
2884
2885             For scenario 1, when g1 has a bad time, we need to also make sure g2 has
2886             a bad time.  This is handled by enhancement 1 above.
2887
2888             For scenario 2, when o1 is inserted into o2's prototype chain, we need to check
2889             if o1's global object has a bad time.  If so, then we need to make sure o2's
2890             global also has a bad time (because o2 is a prototype) and convert o2's
2891             storage type to SlowPut.  This is handled by enhancement 2 above in conjunction
2892             with JSObject::setPrototypeDirect().
2893
2894             For scenario 3, when o1 is inserted into o2's prototype chain, we need to check
2895             if o1's global object has a bad time.  If so, then we only need to convert o2's
2896             storage type to SlowPut (because o2 is NOT a prototype).  This is handled by
2897             enhancement 2 above.
2898
2899         3. Also add $vm.isHavingABadTime(), $vm.createGlobalObject() to enable us to
2900            write some tests for this issue.
2901
2902         * runtime/JSGlobalObject.cpp:
2903         (JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
2904         (JSC::JSGlobalObject::haveABadTime):
2905         * runtime/JSGlobalObject.h:
2906         * runtime/JSObject.h:
2907         (JSC::JSObject::mayInterceptIndexedAccesses): Deleted.
2908         * runtime/JSObjectInlines.h:
2909         (JSC::JSObject::mayInterceptIndexedAccesses):
2910         * runtime/Structure.h:
2911         * runtime/StructureInlines.h:
2912         (JSC::Structure::mayInterceptIndexedAccesses const):
2913         * tools/JSDollarVM.cpp:
2914         (JSC::functionHaveABadTime):
2915         (JSC::functionIsHavingABadTime):
2916         (JSC::functionCreateGlobalObject):
2917         (JSC::JSDollarVM::finishCreation):
2918
2919 2018-10-26  Keith Miller  <keith_miller@apple.com>
2920
2921         JSC xcconfig should set DEFINES_MODULE
2922         https://bugs.webkit.org/show_bug.cgi?id=190952
2923
2924         Reviewed by Mark Lam.
2925
2926         This should mean that the JavaScriptCore.framework will have a module map.
2927
2928         * Configurations/JavaScriptCore.xcconfig:
2929
2930 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2931
2932         [JSC] havingABadTimeWatchpoint is not required in Array#indexOf optimization
2933         https://bugs.webkit.org/show_bug.cgi?id=190941
2934
2935         Reviewed by Saam Barati.
2936
2937         While "Rest" operation fast path requires havingABadTimeWatchpoint since it allocates
2938         JSArray, Array#{indexOf,lastIndexOf} do not require it when we use the fast path for them.
2939         This patch removes watching on havingABadTimeWatchpoint in Array#indexOf. The test causing
2940         "havingABadTime" is already included in our test suites (e.g. array-indexof-have-a-bad-time.js).
2941
2942         * dfg/DFGByteCodeParser.cpp:
2943         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
2944         * runtime/JSArrayInlines.h:
2945         (JSC::JSArray::canDoFastIndexedAccess):
2946         * runtime/JSGlobalObject.h:
2947         * runtime/JSGlobalObjectInlines.h:
2948         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
2949         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable): Deleted.
2950
2951 2018-10-25  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2952
2953         Unreviewed, partial rolling in r237254
2954         https://bugs.webkit.org/show_bug.cgi?id=190340
2955
2956         We do not use the added function right now to investigate what is the reason of the regression.
2957         If it causes the regression, it seems that Parser.cpp's inlining decision seems culprit.
2958
2959         * bytecode/UnlinkedFunctionExecutable.cpp:
2960         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
2961         * bytecode/UnlinkedFunctionExecutable.h:
2962         * parser/Parser.cpp:
2963         (JSC::Parser<LexerType>::parseInner):
2964         (JSC::Parser<LexerType>::parseSingleFunction):
2965         (JSC::Parser<LexerType>::parseFunctionInfo):
2966         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2967         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
2968         * parser/Parser.h:
2969         (JSC::Parser<LexerType>::parse):
2970         (JSC::parse):
2971         (JSC::parseFunctionForFunctionConstructor):
2972         * parser/ParserModes.h:
2973         * parser/ParserTokens.h:
2974         (JSC::JSTextPosition::JSTextPosition):
2975         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
2976         * parser/SourceCodeKey.h:
2977         (JSC::SourceCodeKey::SourceCodeKey):
2978         (JSC::SourceCodeKey::operator== const):
2979         * runtime/CodeCache.cpp:
2980         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2981         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
2982         * runtime/CodeCache.h:
2983         * runtime/FunctionConstructor.cpp:
2984         (JSC::constructFunctionSkippingEvalEnabledCheck):
2985         * runtime/FunctionExecutable.cpp:
2986         (JSC::FunctionExecutable::fromGlobalCode):
2987         * runtime/FunctionExecutable.h:
2988
2989 2018-10-25  Brent Fulgham  <bfulgham@apple.com>
2990
2991         Unreviewed build fix for Visual Studio 2017
2992
2993         * API/tests/testapi.c:
2994         (testMarkingConstraintsAndHeapFinalizers):
2995         (main):
2996
2997 2018-10-25  Devin Rousso  <drousso@apple.com>
2998
2999         Web Inspector: display fullscreen enter/exit events in Timelines and Network node waterfalls
3000         https://bugs.webkit.org/show_bug.cgi?id=189874
3001         <rdar://problem/44700000>
3002
3003         Reviewed by Joseph Pecoraro.
3004
3005         * inspector/protocol/DOM.json:
3006         Allow `data` to be passed to the frontend with `didFireEvent`.
3007
3008 2018-10-25  Ross Kirsling  <ross.kirsling@sony.com>
3009
3010         Cleanup: inline constexpr is redundant as constexpr implies inline
3011         https://bugs.webkit.org/show_bug.cgi?id=190819
3012
3013         Reviewed by Mark Lam.
3014
3015         * bytecode/ArrayProfile.h:
3016         (JSC::asArrayModes):
3017         * runtime/IndexingType.h:
3018         (JSC::isCopyOnWrite):
3019         * runtime/MathCommon.h:
3020         (JSC::maxSafeInteger):
3021         (JSC::minSafeInteger):
3022         * runtime/StackAlignment.h:
3023         (JSC::stackAlignmentBytes):
3024         (JSC::stackAlignmentRegisters):
3025
3026 2018-10-24  Megan Gardner  <megan_gardner@apple.com>
3027
3028         Turn on Conic Gradients
3029         https://bugs.webkit.org/show_bug.cgi?id=190810
3030
3031         Reviewed by Tim Horton.
3032
3033         * Configurations/FeatureDefines.xcconfig:
3034
3035 2018-10-24  Michael Saboff  <msaboff@apple.com>
3036
3037         Increase executable memory pool from 64MB to 128MB for ARM64
3038         https://bugs.webkit.org/show_bug.cgi?id=190453
3039
3040         Unreviewed, rolling back in r237024.
3041
3042         The original change did impact ARES-6 performance by 4-8%.  That will
3043         be investigated separately.
3044
3045 2018-10-22  Keith Rollin  <krollin@apple.com>
3046
3047         Use Location = "Relative to Build Products" rather than "Relative to Group"
3048         https://bugs.webkit.org/show_bug.cgi?id=190781
3049
3050         Reviewed by Alexey Proskuryakov.
3051
3052         Almost all Derived Files are included in Xcode projects with the
3053         Location attribute set to "Relative to Group". While this currently
3054         works, the Derived Files can no longer be found when enabling XCBuild
3055         (which has stricter requirements). Fix this by setting the Location
3056         attribute to "Relative to Build Products".
3057
3058         * JavaScriptCore.xcodeproj/project.pbxproj:
3059
3060 2018-10-22  Mark Lam  <mark.lam@apple.com>
3061
3062         DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType.
3063         https://bugs.webkit.org/show_bug.cgi?id=190515
3064         <rdar://problem/45222379>
3065
3066         Reviewed by Saam Barati.
3067
3068         1. Fixes calls to asArrayModes() to take a structure's IndexingMode instead of
3069            IndexingType.
3070
3071         2. DFG's compileNewArrayBuffer()'s HaveABadTime case was previously using the
3072            node's indexingType (instead of indexingMode) to choose the array structure
3073            to use for creating an array buffer with.  This turns out to not be an issue
3074            because when the VM is in having a bad time, all the
3075            arrayStructureForIndexingTypeDuringAllocation structure pointers will point to
3076            the SlowPutArrayStorage structure anyway.  However, to be strictly correct,
3077            we'll fix it to use the structure for the node's indexingMode.
3078
3079         * dfg/DFGAbstractValue.cpp:
3080         (JSC::DFG::AbstractValue::set):
3081         (JSC::DFG::AbstractValue::mergeOSREntryValue):
3082         * dfg/DFGAbstractValue.h:
3083         (JSC::DFG::AbstractValue::validate const):
3084         * dfg/DFGOSRExit.cpp:
3085         (JSC::DFG::OSRExit::executeOSRExit):
3086         * dfg/DFGRegisteredStructureSet.cpp:
3087         (JSC::DFG::RegisteredStructureSet::arrayModesFromStructures const):
3088         * dfg/DFGSpeculativeJIT.cpp:
3089         (JSC::DFG::SpeculativeJIT::compileNewArrayBuffer):
3090
3091 2018-10-19  Commit Queue  <commit-queue@webkit.org>
3092
3093         Unreviewed, rolling out r237254.
3094         https://bugs.webkit.org/show_bug.cgi?id=190760
3095
3096         "It regresses JetStream 2 by 5% on some iOS devices"
3097         (Requested by saamyjoon on #webkit).
3098
3099         Reverted changeset:
3100
3101         "[JSC] JSC should have "parseFunction" to optimize Function
3102         constructor"
3103         https://bugs.webkit.org/show_bug.cgi?id=190340
3104         https://trac.webkit.org/changeset/237254
3105
3106 2018-10-19  Saam Barati  <sbarati@apple.com>
3107
3108         vmCall should check if we exit before emitting an OSR exit due to exceptions
3109         https://bugs.webkit.org/show_bug.cgi?id=190740
3110         <rdar://problem/45220139>
3111
3112         Reviewed by Mark Lam.
3113
3114         The bug we were seeing is the MovHint removal phase would
3115         eliminate a superfluous MovHint. This left a certain range
3116         of nodes in a state where they would not be able to reconstruct
3117         values for an OSR exit. This is OK, since this phase proved those
3118         nodes don't exit. However, some of these nodes may use the vmCall
3119         construct in FTLLower. vmCall used to unconditionally emit an
3120         exception check after each call. However, if such a call happens
3121         in the range of nodes where we can't exit, we would end up generating
3122         an invalid exit (and running with validateFTLOSRExitLiveness flag
3123         would find this issue).
3124         
3125         This patch makes vmCall check to see if the node can exit before
3126         emitting an exception check. A node not being able to exit implies
3127         that it can't exit for exceptions, therefore, by definition, it can't
3128         throw an exception.
3129
3130         * ftl/FTLLowerDFGToB3.cpp:
3131         (JSC::FTL::DFG::LowerDFGToB3::vmCall):
3132
3133 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
3134
3135         [ESNext][BigInt] Implement support for "^"
3136         https://bugs.webkit.org/show_bug.cgi?id=186235
3137
3138         Reviewed by Yusuke Suzuki.
3139
3140         This patch is introducing support for BigInt into bitwise xor
3141         operation. We are including only support into LLInt and Baseline.
3142
3143         * runtime/CommonSlowPaths.cpp:
3144         (JSC::SLOW_PATH_DECL):
3145         * runtime/JSBigInt.cpp:
3146         (JSC::JSBigInt::bitwiseXor):
3147         (JSC::JSBigInt::absoluteXor):
3148         * runtime/JSBigInt.h:
3149
3150 2018-10-19  Caio Lima  <ticaiolima@gmail.com>
3151
3152         [BigInt] Add ValueSub into DFG
3153         https://bugs.webkit.org/show_bug.cgi?id=186176
3154
3155         Reviewed by Yusuke Suzuki.
3156
3157         We are introducing in this patch a new node called ValueSub. This node
3158         is necessary due to introduction of BigInt, making subtraction
3159         operations result in non-Number values in some cases. In such case, ValueSub is
3160         responsible to handle Untyped and BigInt operations.
3161         In addition, we are also creating a speculative path when both
3162         operands are BigInt. According to a simple BigInt subtraction microbenchmark,
3163         this represents a speedup of ~1.2x faster.
3164
3165         big-int-simple-sub    14.6427+-0.5652    ^    11.9559+-0.6485   ^   definitely 1.2247x faster
3166
3167         * dfg/DFGAbstractInterpreterInlines.h:
3168         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3169         * dfg/DFGByteCodeParser.cpp:
3170         (JSC::DFG::ByteCodeParser::parseBlock):
3171         * dfg/DFGClobberize.h:
3172         (JSC::DFG::clobberize):
3173         * dfg/DFGDoesGC.cpp:
3174         (JSC::DFG::doesGC):
3175         * dfg/DFGFixupPhase.cpp:
3176         (JSC::DFG::FixupPhase::fixupNode):
3177         * dfg/DFGGraph.h:
3178         (JSC::DFG::Graph::addSpeculationMode):
3179         * dfg/DFGNodeType.h:
3180         * dfg/DFGOperations.cpp:
3181         * dfg/DFGOperations.h:
3182         * dfg/DFGPredictionPropagationPhase.cpp:
3183         * dfg/DFGSafeToExecute.h:
3184         (JSC::DFG::safeToExecute):
3185         * dfg/DFGSpeculativeJIT.cpp:
3186         (JSC::DFG::SpeculativeJIT::compileValueSub):
3187         (JSC::DFG::SpeculativeJIT::compileArithSub):
3188         * dfg/DFGSpeculativeJIT.h:
3189         * dfg/DFGSpeculativeJIT32_64.cpp:
3190         (JSC::DFG::SpeculativeJIT::compile):
3191         * dfg/DFGSpeculativeJIT64.cpp:
3192         (JSC::DFG::SpeculativeJIT::compile):
3193         * dfg/DFGValidate.cpp:
3194         * ftl/FTLCapabilities.cpp:
3195         (JSC::FTL::canCompile):
3196         * ftl/FTLLowerDFGToB3.cpp:
3197         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3198         (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
3199         (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
3200
3201 2018-10-18  Alexey Proskuryakov  <ap@apple.com>
3202
3203         Switch from PLATFORM(IOS) to PLATFORM(IOS_FAMILY)
3204         https://bugs.webkit.org/show_bug.cgi?id=190729
3205
3206         Reviewed by Tim Horton.
3207
3208         * API/JSBase.cpp:
3209         * API/JSWrapperMap.mm:
3210         * assembler/ARM64Assembler.h:
3211         (JSC::ARM64Assembler::cacheFlush):
3212         * assembler/ARMv7Assembler.h:
3213         (JSC::ARMv7Assembler::cacheFlush):
3214         * assembler/AssemblerCommon.h:
3215         (JSC::isIOS):
3216         * heap/FullGCActivityCallback.cpp:
3217         (JSC::FullGCActivityCallback::doCollection):
3218         * heap/Heap.cpp:
3219         (JSC::Heap::overCriticalMemoryThreshold):
3220         (JSC::Heap::updateAllocationLimits):
3221         (JSC::Heap::collectIfNecessaryOrDefer):
3222         * heap/Heap.h:
3223         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
3224         (Inspector::RemoteConnectionToTarget::dispatchAsyncOnTarget):
3225         * jit/ExecutableAllocator.cpp:
3226         (JSC::allowJIT):
3227         * jit/ExecutableAllocator.h:
3228         * jit/RegisterSet.cpp:
3229         (JSC::RegisterSet::reservedHardwareRegisters):
3230         (JSC::RegisterSet::calleeSaveRegisters):
3231         * jit/ThunkGenerators.cpp:
3232         * jsc.cpp:
3233         (main):
3234         * runtime/MathCommon.cpp:
3235         * runtime/Options.cpp:
3236         (JSC::overrideDefaults):
3237         (JSC::recomputeDependentOptions):
3238         * runtime/Options.h:
3239
3240 2018-10-18  Ross Kirsling  <ross.kirsling@sony.com>
3241
3242         delete expression should not throw without a reference
3243         https://bugs.webkit.org/show_bug.cgi?id=190637
3244
3245         Reviewed by Yusuke Suzuki.
3246
3247         * parser/Parser.cpp:
3248         (JSC::Parser<LexerType>::parseUnaryExpression):
3249         Eliminate non-spec-compliant switch case.
3250
3251 2018-10-18  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
3252
3253         [JSC] JSC should have "parseFunction" to optimize Function constructor
3254         https://bugs.webkit.org/show_bug.cgi?id=190340
3255
3256         Reviewed by Mark Lam.
3257
3258         The current Function constructor is suboptimal. We parse the piece of the same code three times to meet
3259         the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function.
3260         And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation
3261         is really costly and ideally we should meet the above requirement by the one time parsing.
3262
3263         To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function
3264         takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser.
3265         For example, if we run the code,
3266
3267             Function('/*', '*/){')
3268
3269         According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter
3270         string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing
3271         that, in our implementation, we first create the entire string.
3272
3273             function anonymous(/*) {
3274                 */){
3275             }
3276
3277         And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case,
3278         the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token
3279         offset of the parameters is the given end position. This check allows us to raise the error correctly to the
3280         above example while we parse the entire function only once. And we do not need to create two strings too.
3281
3282         This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is
3283         significantly sped up (28.2%).
3284
3285         Before:
3286             uglify-js:  2.94 runs/s
3287         After:
3288             uglify-js:  3.77 runs/s
3289
3290         * bytecode/UnlinkedFunctionExecutable.cpp:
3291         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
3292         * bytecode/UnlinkedFunctionExecutable.h:
3293         * parser/Parser.cpp:
3294         (JSC::Parser<LexerType>::parseInner):
3295         (JSC::Parser<LexerType>::parseSingleFunction):
3296         (JSC::Parser<LexerType>::parseFunctionInfo):
3297         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3298         (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
3299         * parser/Parser.h:
3300         (JSC::Parser<LexerType>::parse):
3301         (JSC::parse):
3302         (JSC::parseFunctionForFunctionConstructor):
3303         * parser/ParserModes.h:
3304         * parser/ParserTokens.h:
3305         (JSC::JSTextPosition::JSTextPosition):
3306         (JSC::JSTokenLocation::JSTokenLocation): Deleted.
3307         * parser/SourceCodeKey.h:
3308         (JSC::SourceCodeKey::SourceCodeKey):
3309         (JSC::SourceCodeKey::operator== const):
3310         * runtime/CodeCache.cpp:
3311         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
3312         (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
3313         * runtime/CodeCache.h:
3314         * runtime/FunctionConstructor.cpp:
3315         (JSC::constructFunctionSkippingEvalEnabledCheck):
3316         * runtime/FunctionExecutable.cpp:
3317         (JSC::FunctionExecutable::fromGlobalCode):
3318         * runtime/FunctionExecutable.h:
3319
3320 2018-10-18  Commit Queue  <commit-queue@webkit.org>
3321
3322         Unreviewed, rolling out r237242.
3323         https://bugs.webkit.org/show_bug.cgi?id=190701
3324
3325         it breaks "stress/sampling-profiler-basic.js" (Requested by
3326         caiolima on #webkit).
3327
3328         Reverted changeset:
3329
3330         "[BigInt] Add ValueSub into DFG"
3331         https://bugs.webkit.org/show_bug.cgi?id=186176
3332         https://trac.webkit.org/changeset/237242
3333
3334 2018-10-18  Takafumi Kubota  <takafumi.kubota1012@sslab.ics.keio.ac.jp>
3335
3336         Missing #pragma once in WasmOpcodeOrigin.h
3337         https://bugs.webkit.org/show_bug.cgi?id=190699
3338
3339         Reviewed by Yusuke Suzuki.
3340
3341         This patch add ''#pragma once'' into WasmOpcodeOrigin.h to avoid the
3342         multiple inclusion that can happen in the unified build
3343         configuration.
3344
3345         * wasm/WasmOpcodeOrigin.h:
3346
3347 2018-10-17  Wenson Hsieh  <wenson_hsieh@apple.com>
3348
3349         Enable the datalist element by default on iOS and macOS
3350         https://bugs.webkit.org/show_bug.cgi?id=190594
3351         <rdar://problem/45281159>
3352
3353         Reviewed by Ryosuke Niwa and Tim Horton.
3354
3355         * Configurations/FeatureDefines.xcconfig:
3356
3357 2018-10-17  Caio Lima  <ticaiolima@gmail.com>
3358
3359         [BigInt] Add ValueSub into DFG
3360         https://bugs.webkit.org/show_bug.cgi?id=186176
3361
3362         Reviewed by Yusuke Suzuki.
3363
3364         We are introducing in this patch a new node called ValueSub. This node
3365         is necessary due to introduction of BigInt, making subtraction
3366         operations result in non-Number values in some cases. In such case, ValueSub is
3367         responsible to handle Untyped and BigInt operations.
3368         In addition, we are also creating a speculative path when both
3369         operands are BigInt. According to a simple BigInt subtraction microbenchmark,
3370         this represents a speedup of ~1.2x faster.
3371
3372         big-int-simple-sub    14.6427+-0.5652    ^    11.9559+-0.6485   ^   definitely 1.2247x faster
3373
3374         * dfg/DFGAbstractInterpreterInlines.h:
3375         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3376         * dfg/DFGByteCodeParser.cpp:
3377         (JSC::DFG::ByteCodeParser::parseBlock):
3378         * dfg/DFGClobberize.h:
3379         (JSC::DFG::clobberize):
3380         * dfg/DFGDoesGC.cpp:
3381         (JSC::DFG::doesGC):
3382         * dfg/DFGFixupPhase.cpp:
3383         (JSC::DFG::FixupPhase::fixupNode):
3384         * dfg/DFGGraph.h:
3385         (JSC::DFG::Graph::addSpeculationMode):
3386         * dfg/DFGNodeType.h:
3387         * dfg/DFGOperations.cpp:
3388         * dfg/DFGOperations.h:
3389         * dfg/DFGPredictionPropagationPhase.cpp:
3390         * dfg/DFGSafeToExecute.h:
3391         (JSC::DFG::safeToExecute):
3392         * dfg/DFGSpeculativeJIT.cpp:
3393