[iOS] Export symbol for VM::sharedInstanceExists()
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-18  Daniel Bates  <dabates@apple.com>
2
3         [iOS] Export symbol for VM::sharedInstanceExists()
4         https://bugs.webkit.org/show_bug.cgi?id=123046
5
6         Reviewed by Mark Hahnenberg.
7
8         * runtime/VM.h:
9
10 2013-10-18  Daniel Bates  <dabates@apple.com>
11
12         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
13         https://bugs.webkit.org/show_bug.cgi?id=123049
14
15         Reviewed by Mark Hahnenberg.
16
17         * heap/Heap.cpp:
18         (JSC::Heap::setIncrementalSweeper):
19         * heap/Heap.h:
20         * heap/HeapTimer.h:
21         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
22         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
23         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
24         (duplicates the include in the .cpp).
25         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
26         making use of this now, but we'll make use of it in a subsequent patch.
27
28 2013-10-18  Anders Carlsson  <andersca@apple.com>
29
30         Remove spaces between template angle brackets
31         https://bugs.webkit.org/show_bug.cgi?id=123040
32
33         Reviewed by Andreas Kling.
34
35         * API/JSCallbackObject.cpp:
36         (JSC::::create):
37         * API/JSObjectRef.cpp:
38         * bytecode/CodeBlock.h:
39         (JSC::CodeBlock::constants):
40         (JSC::CodeBlock::setConstantRegisters):
41         * bytecode/DFGExitProfile.h:
42         * bytecode/EvalCodeCache.h:
43         * bytecode/Operands.h:
44         * bytecode/UnlinkedCodeBlock.h:
45         (JSC::UnlinkedCodeBlock::constantRegisters):
46         * bytecode/Watchpoint.h:
47         * bytecompiler/BytecodeGenerator.h:
48         * bytecompiler/StaticPropertyAnalysis.h:
49         * bytecompiler/StaticPropertyAnalyzer.h:
50         * dfg/DFGArgumentsSimplificationPhase.cpp:
51         * dfg/DFGBlockInsertionSet.h:
52         * dfg/DFGCSEPhase.cpp:
53         (JSC::DFG::performCSE):
54         (JSC::DFG::performStoreElimination):
55         * dfg/DFGCommonData.h:
56         * dfg/DFGDesiredStructureChains.h:
57         * dfg/DFGDesiredWatchpoints.h:
58         * dfg/DFGJITCompiler.h:
59         * dfg/DFGOSRExitCompiler32_64.cpp:
60         (JSC::DFG::OSRExitCompiler::compileExit):
61         * dfg/DFGOSRExitCompiler64.cpp:
62         (JSC::DFG::OSRExitCompiler::compileExit):
63         * dfg/DFGWorklist.h:
64         * heap/BlockAllocator.h:
65         (JSC::CopiedBlock):
66         (JSC::MarkedBlock):
67         (JSC::WeakBlock):
68         (JSC::MarkStackSegment):
69         (JSC::CopyWorkListSegment):
70         (JSC::HandleBlock):
71         * heap/Heap.h:
72         * heap/Local.h:
73         * heap/MarkedBlock.h:
74         * heap/Strong.h:
75         * jit/AssemblyHelpers.cpp:
76         (JSC::AssemblyHelpers::decodedCodeMapFor):
77         * jit/AssemblyHelpers.h:
78         * jit/SpecializedThunkJIT.h:
79         * parser/Nodes.h:
80         * parser/Parser.cpp:
81         (JSC::::parseIfStatement):
82         * parser/Parser.h:
83         (JSC::Scope::copyCapturedVariablesToVector):
84         (JSC::parse):
85         * parser/ParserArena.h:
86         * parser/SourceProviderCacheItem.h:
87         * profiler/LegacyProfiler.cpp:
88         (JSC::dispatchFunctionToProfiles):
89         * profiler/LegacyProfiler.h:
90         (JSC::LegacyProfiler::currentProfiles):
91         * profiler/ProfileNode.h:
92         (JSC::ProfileNode::children):
93         * profiler/ProfilerDatabase.h:
94         * runtime/Butterfly.h:
95         (JSC::Butterfly::contiguousInt32):
96         (JSC::Butterfly::contiguous):
97         * runtime/GenericTypedArrayViewInlines.h:
98         (JSC::::create):
99         * runtime/Identifier.h:
100         (JSC::Identifier::add):
101         * runtime/JSPromise.h:
102         * runtime/PropertyMapHashTable.h:
103         * runtime/PropertyNameArray.h:
104         * runtime/RegExpCache.h:
105         * runtime/SparseArrayValueMap.h:
106         * runtime/SymbolTable.h:
107         * runtime/VM.h:
108         * tools/CodeProfile.cpp:
109         (JSC::truncateTrace):
110         * tools/CodeProfile.h:
111         * yarr/YarrInterpreter.cpp:
112         * yarr/YarrInterpreter.h:
113         (JSC::Yarr::BytecodePattern::BytecodePattern):
114         * yarr/YarrJIT.cpp:
115         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
116         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
117         (JSC::Yarr::YarrGenerator::opCompileBody):
118         * yarr/YarrPattern.cpp:
119         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
120         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
121         * yarr/YarrPattern.h:
122
123 2013-10-18  Mark Lam  <mark.lam@apple.com>
124
125         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
126         https://bugs.webkit.org/show_bug.cgi?id=123037.
127
128         Reviewed by Geoffrey Garen.
129
130         * jit/JITStubsMSVC64.asm:
131         * jit/JITStubsX86.h:
132         * jit/JITStubsX86_64.h:
133
134 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
135
136         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
137         https://bugs.webkit.org/show_bug.cgi?id=121661
138
139         Reviewed by Mark Hahnenberg.
140         
141         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
142         so I added a return-early check using isCompilationThread().
143         
144         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
145         it is describing: m_offset and the property table. Most structures only have m_offset and report
146         null for the property table. If the property table is there, it will tell you additional
147         information and that information subsumes m_offset - but the m_offset is still there. So, when
148         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
149         machinery to do this.
150         
151         Changing the property table only happens on the main thread.
152         
153         Because the machinery to change the property table is so complex, especially with respect to
154         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
155         called at key points before and after changes to the property table or the offset.
156
157         Most clients of Structure who care about object layout, including the concurrent thread, will
158         want to know m_offset and not the property table. If they want the property table, they will
159         already be super careful. The concurrent thread has special methods for this, like
160         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
161         view of the property table.
162         
163         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
164         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
165         
166         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
167         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
168         because we have found that it helps quickly identify situations where the property table and
169         m_offset get out of sync - mainly because code that changes either of those things will usually
170         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
171         need the property table; it uses the m_offset. The concurrent JIT is correct to call
172         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
173         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
174         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
175         locks, and that same structure is having its property table modified by the main thread, we end
176         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
177         property table modified - instead what happens is that some downstream structure steals the
178         property table and then starts adding things to it. The concurrent thread loads the property
179         table before it's stolen, and hence the badness.
180         
181         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
182         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
183         and then you have a possible crash.
184         
185         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
186         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
187         it's in the concurrent JIT.
188         
189         * runtime/StructureInlines.h:
190         (JSC::Structure::checkOffsetConsistency):
191
192 2013-10-18  Daniel Bates  <dabates@apple.com>
193
194         Add SPI to disable the garbage collector timer
195         https://bugs.webkit.org/show_bug.cgi?id=122921
196
197         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
198         omitted.
199
200         * heap/Heap.cpp:
201         (JSC::Heap::setGarbageCollectionTimerEnabled):
202
203 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
204
205         Group 64-bit specific and 32-bit specific callOperation implementations.
206         https://bugs.webkit.org/show_bug.cgi?id=123024
207
208         Reviewed by Michael Saboff.
209
210         This is not a big deal, but could be less confusing when reading the code.
211
212         * jit/JITInlines.h:
213         (JSC::JIT::callOperation):
214         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
215         (JSC::JIT::callOperationNoExceptionCheck):
216
217 2013-10-18  Nadav Rotem  <nrotem@apple.com>
218
219         Fix a FlushLiveness problem.
220         https://bugs.webkit.org/show_bug.cgi?id=122984
221
222         Reviewed by Filip Pizlo.
223
224         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
225         (JSC::DFG::FlushLivenessAnalysisPhase::process):
226
227 2013-10-18  Michael Saboff  <msaboff@apple.com>
228
229         Change native function call stubs to use JIT operations instead of ctiVMHandleException
230         https://bugs.webkit.org/show_bug.cgi?id=122982
231
232         Reviewed by Geoffrey Garen.
233
234         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
235         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
236         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
237         in the process.
238
239         * dfg/DFGJITCompiler.cpp:
240         (JSC::DFG::JITCompiler::compileExceptionHandlers):
241         * jit/CCallHelpers.h:
242         (JSC::CCallHelpers::jumpToExceptionHandler):
243         * jit/JIT.cpp:
244         (JSC::JIT::privateCompileExceptionHandlers):
245         * jit/JIT.h:
246         * jit/JITExceptions.cpp:
247         (JSC::genericUnwind):
248         * jit/JITExceptions.h:
249         * jit/JITInlines.h:
250         (JSC::JIT::callOperationNoExceptionCheck):
251         * jit/JITOpcodes.cpp:
252         (JSC::JIT::emit_op_throw):
253         * jit/JITOpcodes32_64.cpp:
254         (JSC::JIT::privateCompileCTINativeCall):
255         (JSC::JIT::emit_op_throw):
256         * jit/JITOperations.cpp:
257         * jit/JITOperations.h:
258         * jit/JITStubs.cpp:
259         * jit/JITStubs.h:
260         * jit/JITStubsARM.h:
261         * jit/JITStubsARM64.h:
262         * jit/JITStubsARMv7.h:
263         * jit/JITStubsMIPS.h:
264         * jit/JITStubsMSVC64.asm:
265         * jit/JITStubsSH4.h:
266         * jit/JITStubsX86.h:
267         * jit/JITStubsX86_64.h:
268         * jit/Repatch.cpp:
269         (JSC::tryBuildGetByIDList):
270         * jit/SlowPathCall.h:
271         (JSC::JITSlowPathCall::call):
272         * jit/ThunkGenerators.cpp:
273         (JSC::throwExceptionFromCallSlowPathGenerator):
274         (JSC::nativeForGenerator):
275         * runtime/VM.h:
276         (JSC::VM::callFrameForThrowOffset):
277         (JSC::VM::targetMachinePCForThrowOffset):
278
279 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
280
281         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
282         https://bugs.webkit.org/show_bug.cgi?id=123023
283
284         Reviewed by Michael Saboff.
285
286         * jit/JITInlines.h:
287         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
288         using EABI_32BIT_DUMMY_ARG here.
289
290 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
291
292         Unreviewed, another ARM64 build fix.
293         
294         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
295         on ARM64 and none of its uses are legit - they should all be using
296         andPtr(TrustedImm32, blah) anyway.
297
298         * assembler/MacroAssembler.h:
299         * assembler/MacroAssemblerARM64.h:
300         * dfg/DFGJITCompiler.cpp:
301         (JSC::DFG::JITCompiler::compileExceptionHandlers):
302         * jit/JIT.cpp:
303         (JSC::JIT::privateCompileExceptionHandlers):
304
305 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
306
307         Unreviewed, speculative ARM64 build fix.
308         
309         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
310         implemented. So, you have to use TrustedImmPtr in the superclasses.
311
312         * assembler/MacroAssemblerARM64.h:
313         (JSC::MacroAssemblerARM64::store8):
314         (JSC::MacroAssemblerARM64::branchTest8):
315
316 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
317
318         Unreviewed, speculative ARM build fix.
319         https://bugs.webkit.org/show_bug.cgi?id=122890
320         <rdar://problem/15258624>
321
322         * assembler/ARM64Assembler.h:
323         (JSC::ARM64Assembler::firstRegister):
324         (JSC::ARM64Assembler::lastRegister):
325         (JSC::ARM64Assembler::firstFPRegister):
326         (JSC::ARM64Assembler::lastFPRegister):
327         * assembler/MacroAssemblerARM64.h:
328         * assembler/MacroAssemblerARMv7.h:
329
330 2013-10-17  Andreas Kling  <akling@apple.com>
331
332         Pass VM instead of JSGlobalObject to JSONObject constructor.
333         <https://webkit.org/b/122999>
334
335         JSONObject was only use the JSGlobalObject to grab at the VM.
336         Dodge a few loads by passing the VM directly instead.
337
338         Reviewed by Geoffrey Garen.
339
340         * runtime/JSONObject.cpp:
341         (JSC::JSONObject::JSONObject):
342         (JSC::JSONObject::finishCreation):
343         * runtime/JSONObject.h:
344         (JSC::JSONObject::create):
345
346 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
347
348         Removed the JITStackFrame struct
349         https://bugs.webkit.org/show_bug.cgi?id=123001
350
351         Reviewed by Anders Carlsson.
352
353         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
354         our helper functions obey the C function call ABI.
355
356 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
357
358         Removed an unused #define
359         https://bugs.webkit.org/show_bug.cgi?id=123000
360
361         Reviewed by Anders Carlsson.
362
363         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
364         since it is unused now. This is a step toward using the C stack.
365
366 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
367
368         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
369         https://bugs.webkit.org/show_bug.cgi?id=122973
370
371         Reviewed by Michael Saboff.
372
373         * jit/ThunkGenerators.cpp:
374         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
375         so I removed it.
376
377         The code acted as if it needed to pass an argument to
378         lookupExceptionHandler, and as if it passed that argument to itself
379         through JITStackFrame. However, lookupExceptionHandler does not take
380         an argument (other than the default ExecState argument), and the code
381         did not initialize the thing that it thought it passed to itself!
382
383 2013-10-17  Alex Christensen  <achristensen@webkit.org>
384
385         Run JavaScriptCore tests again on Windows.
386         https://bugs.webkit.org/show_bug.cgi?id=122787
387
388         Reviewed by Tim Horton.
389
390         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
391         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
392
393 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
394
395         Removed restoreArgumentReference (another use of JITStackFrame)
396         https://bugs.webkit.org/show_bug.cgi?id=122997
397
398         Reviewed by Oliver Hunt.
399
400         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
401         toward using the C stack.
402
403 2013-10-17  Oliver Hunt  <oliver@apple.com>
404
405         Remove JITStubCall.h
406         https://bugs.webkit.org/show_bug.cgi?id=122991
407
408         Reviewed by Geoff Garen.
409
410         Happily this is no longer used
411
412         * GNUmakefile.list.am:
413         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
414         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
415         * JavaScriptCore.xcodeproj/project.pbxproj:
416         * jit/JIT.cpp:
417         * jit/JITArithmetic.cpp:
418         * jit/JITArithmetic32_64.cpp:
419         * jit/JITCall.cpp:
420         * jit/JITCall32_64.cpp:
421         * jit/JITOpcodes.cpp:
422         * jit/JITOpcodes32_64.cpp:
423         * jit/JITPropertyAccess.cpp:
424         * jit/JITPropertyAccess32_64.cpp:
425         * jit/JITStubCall.h: Removed.
426
427 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
428
429         Removed a use of JITSTACKFRAME_ARGS_INDEX
430         https://bugs.webkit.org/show_bug.cgi?id=122989
431
432         Reviewed by Oliver Hunt.
433
434         * jit/JITStubCall.h: Removed an unused function. This is one step closer
435         to using the C stack.
436
437 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
438
439         Change emit_op_catch to use another method to materialize VM
440         https://bugs.webkit.org/show_bug.cgi?id=122977
441
442         Reviewed by Oliver Hunt.
443
444         * jit/JITOpcodes.cpp:
445         (JSC::JIT::emit_op_catch):
446         * jit/JITOpcodes32_64.cpp:
447         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
448         on JITStackFrame. It is also faster and simpler.
449
450 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
451
452         Eliminate emitGetJITStubArg() - dead code
453         https://bugs.webkit.org/show_bug.cgi?id=122975
454
455         Reviewed by Anders Carlsson.
456
457         * jit/JIT.h:
458         * jit/JITInlines.h: Removed unused, deprecated function.
459
460 2013-10-17  Mark Lam  <mark.lam@apple.com>
461
462         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
463         https://bugs.webkit.org/show_bug.cgi?id=122979.
464
465         Reviewed by Michael Saboff.
466
467         * jit/JITStubs.cpp:
468         * jit/JITStubs.h:
469         * jit/JITStubsARM.h:
470         * jit/JITStubsARM64.h:
471         * jit/JITStubsARMv7.h:
472         * jit/JITStubsMIPS.h:
473         * jit/JITStubsSH4.h:
474         * jit/JITStubsX86.h:
475         * jit/JITStubsX86_64.h:
476         * runtime/VM.cpp:
477         (JSC::VM::VM):
478
479 2013-10-17  Michael Saboff  <msaboff@apple.com>
480
481         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
482         https://bugs.webkit.org/show_bug.cgi?id=122974
483
484         Reviewed by Geoffrey Garen.
485
486         Eliminated unneeded storing to JITStackFrame.
487
488         * dfg/DFGJITCompiler.cpp:
489         (JSC::DFG::JITCompiler::compileFunction):
490
491 2013-10-17  Michael Saboff  <msaboff@apple.com>
492
493         Transition cti_op_throw and cti_vm_throw to a JIT operation
494         https://bugs.webkit.org/show_bug.cgi?id=122931
495
496         Reviewed by Filip Pizlo.
497
498         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
499         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
500         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
501         callOperation to handle the need to provide space for structure return value.
502
503         * jit/JIT.h:
504         * jit/JITInlines.h:
505         (JSC::JIT::callOperation):
506         * jit/JITOpcodes.cpp:
507         (JSC::JIT::emit_op_throw):
508         * jit/JITOpcodes32_64.cpp:
509         (JSC::JIT::emit_op_throw):
510         (JSC::JIT::emit_op_catch):
511         * jit/JITOperations.cpp:
512         * jit/JITOperations.h:
513         * jit/JITStubs.cpp:
514         * jit/JITStubs.h:
515         * jit/JITStubsARM.h:
516         * jit/JITStubsARM64.h:
517         * jit/JITStubsARMv7.h:
518         * jit/JITStubsMIPS.h:
519         * jit/JITStubsMSVC64.asm:
520         * jit/JITStubsSH4.h:
521         * jit/JITStubsX86.h:
522         * jit/JITStubsX86_64.h:
523         * jit/JSInterfaceJIT.h:
524
525 2013-10-17  Mark Lam  <mark.lam@apple.com>
526
527         Remove JITStackFrame references in the C Loop LLINT.
528         https://bugs.webkit.org/show_bug.cgi?id=122950.
529
530         Reviewed by Michael Saboff.
531
532         * jit/JITStubs.h:
533         * llint/LowLevelInterpreter.cpp:
534         (JSC::CLoop::execute):
535         * offlineasm/cloop.rb:
536
537 2013-10-17  Mark Lam  <mark.lam@apple.com>
538
539         Remove JITStackFrame references in JIT probes.
540         https://bugs.webkit.org/show_bug.cgi?id=122947.
541
542         Reviewed by Michael Saboff.
543
544         * assembler/MacroAssemblerARM.cpp:
545         (JSC::MacroAssemblerARM::ProbeContext::dump):
546         * assembler/MacroAssemblerARM.h:
547         * assembler/MacroAssemblerARMv7.cpp:
548         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
549         * assembler/MacroAssemblerARMv7.h:
550         * assembler/MacroAssemblerX86Common.cpp:
551         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
552         * assembler/MacroAssemblerX86Common.h:
553         * jit/JITStubsARM.h:
554         * jit/JITStubsARMv7.h:
555         * jit/JITStubsX86.h:
556         * jit/JITStubsX86Common.h:
557         * jit/JITStubsX86_64.h:
558
559 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
560
561         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
562         https://bugs.webkit.org/show_bug.cgi?id=122949
563
564         Reviewed by Andreas Kling.
565
566         * jit/CCallHelpers.h:
567         (JSC::CCallHelpers::setupArgumentsWithExecState):
568
569 2013-10-16  Mark Lam  <mark.lam@apple.com>
570
571         Transition remaining op_get* JITStubs to JIT operations.
572         https://bugs.webkit.org/show_bug.cgi?id=122925.
573
574         Reviewed by Geoffrey Garen.
575
576         Transitioning:
577             cti_op_get_by_id_generic
578             cti_op_get_by_val
579             cti_op_get_by_val_generic
580             cti_op_get_by_val_string
581
582         * dfg/DFGOperations.cpp:
583         * dfg/DFGOperations.h:
584         * jit/JIT.h:
585         * jit/JITInlines.h:
586         (JSC::JIT::callOperation):
587         * jit/JITOpcodes.cpp:
588         (JSC::JIT::emitSlow_op_get_arguments_length):
589         (JSC::JIT::emitSlow_op_get_argument_by_val):
590         * jit/JITOpcodes32_64.cpp:
591         (JSC::JIT::emitSlow_op_get_arguments_length):
592         (JSC::JIT::emitSlow_op_get_argument_by_val):
593         * jit/JITOperations.cpp:
594         * jit/JITOperations.h:
595         * jit/JITPropertyAccess.cpp:
596         (JSC::JIT::emitSlow_op_get_by_val):
597         (JSC::JIT::emitSlow_op_get_by_pname):
598         (JSC::JIT::privateCompileGetByVal):
599         * jit/JITPropertyAccess32_64.cpp:
600         (JSC::JIT::emitSlow_op_get_by_val):
601         (JSC::JIT::emitSlow_op_get_by_pname):
602         * jit/JITStubs.cpp:
603         * jit/JITStubs.h:
604         * runtime/Executable.cpp:
605         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
606         * runtime/Options.cpp:
607         (JSC::Options::initialize):
608
609 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
610
611         Introduce WTF::Bag and start using it for InlineCallFrameSet
612         https://bugs.webkit.org/show_bug.cgi?id=122941
613
614         Reviewed by Geoffrey Garen.
615         
616         Use Bag for InlineCallFrameSet. If this works out then I'll make other
617         SegmentedVectors into Bags as well.
618
619         * bytecode/InlineCallFrameSet.cpp:
620         (JSC::InlineCallFrameSet::add):
621         * bytecode/InlineCallFrameSet.h:
622         (JSC::InlineCallFrameSet::begin):
623         (JSC::InlineCallFrameSet::end):
624         * dfg/DFGArgumentsSimplificationPhase.cpp:
625         (JSC::DFG::ArgumentsSimplificationPhase::run):
626         * dfg/DFGJITCompiler.cpp:
627         (JSC::DFG::JITCompiler::link):
628         * dfg/DFGStackLayoutPhase.cpp:
629         (JSC::DFG::StackLayoutPhase::run):
630         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
631         (JSC::DFG::VirtualRegisterAllocationPhase::run):
632
633 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
634
635         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
636         https://bugs.webkit.org/show_bug.cgi?id=122905
637         <rdar://problem/15237856>
638
639         Reviewed by Michael Saboff.
640         
641         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
642         then always call it to install something that calls CRASH().
643
644         * llvm/InitializeLLVM.cpp:
645         (JSC::llvmCrash):
646         (JSC::initializeLLVMOnce):
647         (JSC::initializeLLVM):
648         * llvm/LLVMAPIFunctions.h:
649
650 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
651
652         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
653         https://bugs.webkit.org/show_bug.cgi?id=122938
654
655         Reviewed by Sam Weinig.
656         
657         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
658
659         * jit/Repatch.cpp:
660         (JSC::tryBuildGetByIDList):
661
662 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
663
664         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
665         https://bugs.webkit.org/show_bug.cgi?id=122937
666
667         Reviewed by Geoffrey Garen.
668         
669         JITStubCall used to do it.
670         
671         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
672
673         * jit/JIT.h:
674         (JSC::JIT::appendCall):
675
676 2013-10-16  Michael Saboff  <msaboff@apple.com>
677
678         transition void cti_op_put_by_val* stubs to JIT operations
679         https://bugs.webkit.org/show_bug.cgi?id=122903
680
681         Reviewed by Geoffrey Garen.
682
683         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
684         operationPutByValGeneric.
685
686         * jit/CCallHelpers.h:
687         (JSC::CCallHelpers::setupArgumentsWithExecState):
688         * jit/JIT.h:
689         * jit/JITInlines.h:
690         (JSC::JIT::callOperation):
691         * jit/JITOperations.cpp:
692         * jit/JITOperations.h:
693         * jit/JITPropertyAccess.cpp:
694         (JSC::JIT::emitSlow_op_put_by_val):
695         (JSC::JIT::privateCompilePutByVal):
696         * jit/JITPropertyAccess32_64.cpp:
697         (JSC::JIT::emitSlow_op_put_by_val):
698         * jit/JITStubs.cpp:
699         * jit/JITStubs.h:
700         * jit/JSInterfaceJIT.h:
701
702 2013-10-16  Oliver Hunt  <oliver@apple.com>
703
704         Implement ES6 spread operator
705         https://bugs.webkit.org/show_bug.cgi?id=122911
706
707         Reviewed by Michael Saboff.
708
709         Implement the ES6 spread operator
710
711         This has a little bit of refactoring to move the enumeration logic out ForOfNode
712         and into BytecodeGenerator, and then adds the logic to make it nicely callback
713         driven.
714
715         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
716         and actually handling the spread.
717
718         * bytecompiler/BytecodeGenerator.cpp:
719         (JSC::BytecodeGenerator::emitNewArray):
720         (JSC::BytecodeGenerator::emitCall):
721         (JSC::BytecodeGenerator::emitEnumeration):
722         * bytecompiler/BytecodeGenerator.h:
723         * bytecompiler/NodesCodegen.cpp:
724         (JSC::ArrayNode::emitBytecode):
725         (JSC::ForOfNode::emitBytecode):
726         (JSC::SpreadExpressionNode::emitBytecode):
727         * parser/ASTBuilder.h:
728         (JSC::ASTBuilder::createSpreadExpression):
729         * parser/Lexer.cpp:
730         (JSC::::lex):
731         * parser/NodeConstructors.h:
732         (JSC::SpreadExpressionNode::SpreadExpressionNode):
733         * parser/Nodes.h:
734         (JSC::ExpressionNode::isSpreadExpression):
735         (JSC::SpreadExpressionNode::expression):
736         * parser/Parser.cpp:
737         (JSC::::parseArrayLiteral):
738         (JSC::::parseArguments):
739         (JSC::::parseMemberExpression):
740         * parser/Parser.h:
741         (JSC::Parser::getTokenName):
742         (JSC::Parser::updateErrorMessageSpecialCase):
743         * parser/ParserTokens.h:
744         * parser/SyntaxChecker.h:
745         (JSC::SyntaxChecker::createSpreadExpression):
746
747 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
748
749         Add a useLLInt option to jsc
750         https://bugs.webkit.org/show_bug.cgi?id=122930
751
752         Reviewed by Geoffrey Garen.
753
754         * runtime/Executable.cpp:
755         (JSC::setupLLInt):
756         (JSC::setupJIT):
757         (JSC::ScriptExecutable::prepareForExecutionImpl):
758         * runtime/Options.h:
759
760 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
761
762         Build fix.
763
764         Forgot to svn add DeferGC.cpp
765
766         * heap/DeferGC.cpp: Added.
767
768 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
769
770         r157411 fails run-javascriptcore-tests when run with Baseline JIT
771         https://bugs.webkit.org/show_bug.cgi?id=122902
772
773         Reviewed by Mark Hahnenberg.
774         
775         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
776         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
777         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
778         didn't. Turns out that there's even a helpful method,
779         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
780
781         * jit/Repatch.cpp:
782         (JSC::tryCachePutByID):
783
784 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
785
786         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
787         https://bugs.webkit.org/show_bug.cgi?id=122667
788
789         Reviewed by Geoffrey Garen.
790
791         The issue this patch is attempting to fix is that there are places in our codebase
792         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
793         operations that can initiate a garbage collection. Garbage collection then calls 
794         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
795         always necessarily run during garbage collection). This causes a deadlock.
796  
797         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
798         into a thread-local field that indicates that it is unsafe to perform any operation 
799         that could trigger garbage collection on the current thread. In debug builds, 
800         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
801         detect deadlocks.
802  
803         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
804         which uses the DeferGC mechanism to prevent collections from occurring while the 
805         lock is held.
806
807         * CMakeLists.txt:
808         * GNUmakefile.list.am:
809         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
810         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
811         * JavaScriptCore.xcodeproj/project.pbxproj:
812         * heap/DeferGC.h:
813         (JSC::DisallowGC::DisallowGC):
814         (JSC::DisallowGC::~DisallowGC):
815         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
816         (JSC::DisallowGC::initialize):
817         * jit/Repatch.cpp:
818         (JSC::repatchPutByID):
819         (JSC::buildPutByIdList):
820         * llint/LLIntSlowPaths.cpp:
821         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
822         * runtime/ConcurrentJITLock.h:
823         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
824         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
825         (JSC::ConcurrentJITLockerBase::unlockEarly):
826         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
827         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
828         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
829         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
830         * runtime/InitializeThreading.cpp:
831         (JSC::initializeThreadingOnce):
832         * runtime/JSCellInlines.h:
833         (JSC::allocateCell):
834         * runtime/JSSymbolTableObject.h:
835         (JSC::symbolTablePut):
836         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
837         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
838         before the caller has a chance to use the newly created PropertyTable. The garbage collection
839         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
840         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
841         the Structure.
842         (JSC::Structure::materializePropertyMap):
843         (JSC::Structure::despecifyDictionaryFunction):
844         (JSC::Structure::changePrototypeTransition):
845         (JSC::Structure::despecifyFunctionTransition):
846         (JSC::Structure::attributeChangeTransition):
847         (JSC::Structure::toDictionaryTransition):
848         (JSC::Structure::preventExtensionsTransition):
849         (JSC::Structure::takePropertyTableOrCloneIfPinned):
850         (JSC::Structure::isSealed):
851         (JSC::Structure::isFrozen):
852         (JSC::Structure::addPropertyWithoutTransition):
853         (JSC::Structure::removePropertyWithoutTransition):
854         (JSC::Structure::get):
855         (JSC::Structure::despecifyFunction):
856         (JSC::Structure::despecifyAllFunctions):
857         (JSC::Structure::putSpecificValue):
858         (JSC::Structure::createPropertyMap):
859         (JSC::Structure::getPropertyNamesFromStructure):
860         * runtime/Structure.h:
861         (JSC::Structure::materializePropertyMapIfNecessary):
862         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
863         * runtime/StructureInlines.h:
864         (JSC::Structure::get):
865         * runtime/SymbolTable.h:
866         (JSC::SymbolTable::find):
867         (JSC::SymbolTable::end):
868
869 2013-10-16  Daniel Bates  <dabates@apple.com>
870
871         Add SPI to disable the garbage collector timer
872         https://bugs.webkit.org/show_bug.cgi?id=122921
873
874         Reviewed by Geoffrey Garen.
875
876         Based on a patch by Mark Hahnenberg.
877
878         * API/JSBase.cpp:
879         (JSDisableGCTimer): Added; SPI function.
880         * API/JSBasePrivate.h:
881         * heap/BlockAllocator.cpp:
882         (JSC::createBlockFreeingThread): Added.
883         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
884         to conditionally create the "block freeing" thread depending on the value of
885         GCActivityCallback::s_shouldCreateGCTimer.
886         (JSC::BlockAllocator::~BlockAllocator):
887         * heap/BlockAllocator.h:
888         (JSC::BlockAllocator::deallocate):
889         * heap/Heap.cpp:
890         (JSC::Heap::didAbandon):
891         (JSC::Heap::collect):
892         (JSC::Heap::didAllocate):
893         * heap/HeapTimer.cpp:
894         (JSC::HeapTimer::timerDidFire):
895         * runtime/GCActivityCallback.cpp:
896         * runtime/GCActivityCallback.h:
897         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
898         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
899         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
900
901 2013-10-16  Commit Queue  <commit-queue@webkit.org>
902
903         Unreviewed, rolling out r157529.
904         http://trac.webkit.org/changeset/157529
905         https://bugs.webkit.org/show_bug.cgi?id=122919
906
907         Caused score test failures and some build failures. (Requested
908         by rfong on #webkit).
909
910         * bytecompiler/BytecodeGenerator.cpp:
911         (JSC::BytecodeGenerator::emitNewArray):
912         (JSC::BytecodeGenerator::emitCall):
913         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
914         * bytecompiler/BytecodeGenerator.h:
915         * bytecompiler/NodesCodegen.cpp:
916         (JSC::ArrayNode::emitBytecode):
917         (JSC::CallArguments::CallArguments):
918         (JSC::ForOfNode::emitBytecode):
919         (JSC::BindingNode::collectBoundIdentifiers):
920         * parser/ASTBuilder.h:
921         * parser/Lexer.cpp:
922         (JSC::::lex):
923         * parser/NodeConstructors.h:
924         (JSC::DotAccessorNode::DotAccessorNode):
925         * parser/Nodes.h:
926         * parser/Parser.cpp:
927         (JSC::::parseArrayLiteral):
928         (JSC::::parseArguments):
929         (JSC::::parseMemberExpression):
930         * parser/Parser.h:
931         (JSC::Parser::getTokenName):
932         (JSC::Parser::updateErrorMessageSpecialCase):
933         * parser/ParserTokens.h:
934         * parser/SyntaxChecker.h:
935
936 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
937
938         Remove useless architecture specific implementation in DFG.
939         https://bugs.webkit.org/show_bug.cgi?id=122917.
940
941         Reviewed by Michael Saboff.
942
943         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
944         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
945
946         * dfg/DFGSpeculativeJIT.h:
947
948 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
949
950         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
951         https://bugs.webkit.org/show_bug.cgi?id=122916.
952
953         Reviewed by Michael Saboff.
954
955         This architecture specific function is not used anymore, so get rid of it.
956
957         * jit/JIT.h:
958         * jit/JITInlines.h:
959
960 2013-10-16  Oliver Hunt  <oliver@apple.com>
961
962         Implement ES6 spread operator
963         https://bugs.webkit.org/show_bug.cgi?id=122911
964
965         Reviewed by Michael Saboff.
966
967         Implement the ES6 spread operator
968
969         This has a little bit of refactoring to move the enumeration logic out ForOfNode
970         and into BytecodeGenerator, and then adds the logic to make it nicely callback
971         driven.
972
973         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
974         and actually handling the spread.
975
976         * bytecompiler/BytecodeGenerator.cpp:
977         (JSC::BytecodeGenerator::emitNewArray):
978         (JSC::BytecodeGenerator::emitCall):
979         (JSC::BytecodeGenerator::emitEnumeration):
980         * bytecompiler/BytecodeGenerator.h:
981         * bytecompiler/NodesCodegen.cpp:
982         (JSC::ArrayNode::emitBytecode):
983         (JSC::ForOfNode::emitBytecode):
984         (JSC::SpreadExpressionNode::emitBytecode):
985         * parser/ASTBuilder.h:
986         (JSC::ASTBuilder::createSpreadExpression):
987         * parser/Lexer.cpp:
988         (JSC::::lex):
989         * parser/NodeConstructors.h:
990         (JSC::SpreadExpressionNode::SpreadExpressionNode):
991         * parser/Nodes.h:
992         (JSC::ExpressionNode::isSpreadExpression):
993         (JSC::SpreadExpressionNode::expression):
994         * parser/Parser.cpp:
995         (JSC::::parseArrayLiteral):
996         (JSC::::parseArguments):
997         (JSC::::parseMemberExpression):
998         * parser/Parser.h:
999         (JSC::Parser::getTokenName):
1000         (JSC::Parser::updateErrorMessageSpecialCase):
1001         * parser/ParserTokens.h:
1002         * parser/SyntaxChecker.h:
1003         (JSC::SyntaxChecker::createSpreadExpression):
1004
1005 2013-10-16  Mark Lam  <mark.lam@apple.com>
1006
1007         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1008         https://bugs.webkit.org/show_bug.cgi?id=122899.
1009
1010         Reviewed by Michael Saboff.
1011
1012         * jit/JITOpcodes32_64.cpp:
1013         (JSC::JIT::emit_op_tear_off_activation):
1014         (JSC::JIT::emit_op_tear_off_arguments):
1015         * jit/JITStubs.cpp:
1016         * jit/JITStubs.h:
1017
1018 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1019
1020         Remove more of the UNINTERRUPTED_SEQUENCE thing
1021         https://bugs.webkit.org/show_bug.cgi?id=122885
1022
1023         Reviewed by Andreas Kling.
1024
1025         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1026
1027         * jit/JIT.h:
1028         * jit/JITInlines.h:
1029
1030 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1031
1032         Get rid of the StructureStubInfo::patch union
1033         https://bugs.webkit.org/show_bug.cgi?id=122877
1034
1035         Reviewed by Sam Weinig.
1036         
1037         Just simplifying code by getting rid of data structures that ain't used no more.
1038         
1039         Note that I replace the patch union with a patch struct. This means we say things like
1040         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1041         encapsulation makes the code more readable: the patch struct contains just those things
1042         that you need to know to perform patching.
1043
1044         * bytecode/StructureStubInfo.h:
1045         * dfg/DFGJITCompiler.cpp:
1046         (JSC::DFG::JITCompiler::link):
1047         * jit/JIT.cpp:
1048         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1049         * jit/Repatch.cpp:
1050         (JSC::repatchByIdSelfAccess):
1051         (JSC::replaceWithJump):
1052         (JSC::linkRestoreScratch):
1053         (JSC::generateProtoChainAccessStub):
1054         (JSC::tryCacheGetByID):
1055         (JSC::getPolymorphicStructureList):
1056         (JSC::patchJumpToGetByIdStub):
1057         (JSC::tryBuildGetByIDList):
1058         (JSC::emitPutReplaceStub):
1059         (JSC::emitPutTransitionStub):
1060         (JSC::tryCachePutByID):
1061         (JSC::tryBuildPutByIdList):
1062         (JSC::tryRepatchIn):
1063         (JSC::resetGetByID):
1064         (JSC::resetPutByID):
1065         (JSC::resetIn):
1066
1067 2013-10-15  Nadav Rotem  <nrotem@apple.com>
1068
1069         FTL: add support for Int52ToValue and fix putByVal of int52s.
1070         https://bugs.webkit.org/show_bug.cgi?id=122873
1071
1072         Reviewed by Filip Pizlo.
1073
1074         * ftl/FTLCapabilities.cpp:
1075         (JSC::FTL::canCompile):
1076         * ftl/FTLLowerDFGToLLVM.cpp:
1077         (JSC::FTL::LowerDFGToLLVM::compileNode):
1078         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
1079         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1080
1081 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1082
1083         Get rid of the UNINTERRUPTED_SEQUENCE thing
1084         https://bugs.webkit.org/show_bug.cgi?id=122876
1085
1086         Reviewed by Mark Hahnenberg.
1087         
1088         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
1089         
1090         Moreover, we should resist the temptation to bring anything like this back. We don't
1091         want to have inline caches that only work if the assembler lays out code in a specific
1092         predetermined way.
1093
1094         * jit/JIT.h:
1095         * jit/JITCall.cpp:
1096         (JSC::JIT::compileOpCall):
1097         * jit/JITCall32_64.cpp:
1098         (JSC::JIT::compileOpCall):
1099
1100 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1101
1102         Baseline JIT should use the DFG GetById IC
1103         https://bugs.webkit.org/show_bug.cgi?id=122861
1104
1105         Reviewed by Oliver Hunt.
1106         
1107         This mostly just kills a ton of code.
1108         
1109         Note that this doesn't yet do all of the simplifications that can be done, but it does
1110         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
1111
1112         * bytecode/CodeBlock.cpp:
1113         (JSC::CodeBlock::resetStubInternal):
1114         * jit/JIT.cpp:
1115         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1116         * jit/JIT.h:
1117         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
1118         * jit/JITInlines.h:
1119         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1120         (JSC::JIT::callOperation):
1121         * jit/JITPropertyAccess.cpp:
1122         (JSC::JIT::compileGetByIdHotPath):
1123         (JSC::JIT::emitSlow_op_get_by_id):
1124         (JSC::JIT::emitSlow_op_get_from_scope):
1125         * jit/JITPropertyAccess32_64.cpp:
1126         (JSC::JIT::compileGetByIdHotPath):
1127         (JSC::JIT::emitSlow_op_get_by_id):
1128         (JSC::JIT::emitSlow_op_get_from_scope):
1129         * jit/JITStubs.cpp:
1130         * jit/JITStubs.h:
1131         * jit/Repatch.cpp:
1132         (JSC::repatchGetByID):
1133         (JSC::buildGetByIDList):
1134         * jit/ThunkGenerators.cpp:
1135         * jit/ThunkGenerators.h:
1136
1137 2013-10-15  Dean Jackson  <dino@apple.com>
1138
1139         Add ENABLE_WEB_ANIMATIONS flag
1140         https://bugs.webkit.org/show_bug.cgi?id=122871
1141
1142         Reviewed by Tim Horton.
1143
1144         Eventually might be http://dev.w3.org/fxtf/web-animations/
1145         but this is just engine-internal work at the moment.
1146
1147         * Configurations/FeatureDefines.xcconfig:
1148
1149 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1150
1151         [sh4] Some calls don't match sh4 ABI.
1152         https://bugs.webkit.org/show_bug.cgi?id=122863
1153
1154         Reviewed by Michael Saboff.
1155
1156         * dfg/DFGSpeculativeJIT.h:
1157         (JSC::DFG::SpeculativeJIT::callOperation):
1158         * jit/CCallHelpers.h:
1159         (JSC::CCallHelpers::setupArgumentsWithExecState):
1160         * jit/JITInlines.h:
1161         (JSC::JIT::callOperation):
1162
1163 2013-10-15  Daniel Bates  <dabates@apple.com>
1164
1165         [iOS] Upstream JavaScriptCore support for ARM64
1166         https://bugs.webkit.org/show_bug.cgi?id=122762
1167
1168         Reviewed by Oliver Hunt and Filip Pizlo.
1169
1170         * Configurations/Base.xcconfig:
1171         * Configurations/DebugRelease.xcconfig:
1172         * Configurations/JavaScriptCore.xcconfig:
1173         * Configurations/ToolExecutable.xcconfig:
1174         * JavaScriptCore.xcodeproj/project.pbxproj:
1175         * assembler/ARM64Assembler.h: Added.
1176         * assembler/AbstractMacroAssembler.h:
1177         (JSC::isARM64):
1178         (JSC::AbstractMacroAssembler::Label::Label):
1179         (JSC::AbstractMacroAssembler::Jump::Jump):
1180         (JSC::AbstractMacroAssembler::Jump::link):
1181         (JSC::AbstractMacroAssembler::Jump::linkTo):
1182         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
1183         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
1184         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
1185         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
1186         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
1187         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
1188         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
1189         (JSC::AbstractMacroAssembler::isTempRegisterValid):
1190         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
1191         (JSC::AbstractMacroAssembler::setTempRegisterValid):
1192         * assembler/LinkBuffer.cpp:
1193         (JSC::LinkBuffer::copyCompactAndLinkCode):
1194         (JSC::LinkBuffer::linkCode):
1195         * assembler/LinkBuffer.h:
1196         * assembler/MacroAssembler.h:
1197         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
1198         (JSC::MacroAssembler::pushToSave):
1199         (JSC::MacroAssembler::popToRestore):
1200         (JSC::MacroAssembler::patchableBranchTest32):
1201         * assembler/MacroAssemblerARM64.h: Added.
1202         * assembler/MacroAssemblerARMv7.h:
1203         * dfg/DFGFixupPhase.cpp:
1204         (JSC::DFG::FixupPhase::fixupNode):
1205         * dfg/DFGOSRExitCompiler32_64.cpp:
1206         (JSC::DFG::OSRExitCompiler::compileExit):
1207         * dfg/DFGOSRExitCompiler64.cpp:
1208         (JSC::DFG::OSRExitCompiler::compileExit):
1209         * dfg/DFGSpeculativeJIT.cpp:
1210         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1211         (JSC::DFG::SpeculativeJIT::compileArithMod):
1212         * disassembler/ARM64/A64DOpcode.cpp: Added.
1213         * disassembler/ARM64/A64DOpcode.h: Added.
1214         * disassembler/ARM64Disassembler.cpp: Added.
1215         * heap/MachineStackMarker.cpp:
1216         (JSC::getPlatformThreadRegisters):
1217         (JSC::otherThreadStackPointer):
1218         * heap/Region.h:
1219         * jit/AssemblyHelpers.h:
1220         (JSC::AssemblyHelpers::debugCall):
1221         * jit/CCallHelpers.h:
1222         * jit/ExecutableAllocator.h:
1223         * jit/FPRInfo.h:
1224         (JSC::FPRInfo::toRegister):
1225         (JSC::FPRInfo::toIndex):
1226         (JSC::FPRInfo::debugName):
1227         * jit/GPRInfo.h:
1228         (JSC::GPRInfo::toRegister):
1229         (JSC::GPRInfo::toIndex):
1230         (JSC::GPRInfo::debugName):
1231         * jit/JITInlines.h:
1232         (JSC::JIT::restoreArgumentReferenceForTrampoline):
1233         * jit/JITOperationWrappers.h:
1234         * jit/JITOperations.cpp:
1235         * jit/JITStubs.cpp:
1236         (JSC::performPlatformSpecificJITAssertions):
1237         (JSC::tryCachePutByID):
1238         * jit/JITStubs.h:
1239         (JSC::JITStackFrame::returnAddressSlot):
1240         * jit/JITStubsARM64.h: Added.
1241         * jit/JSInterfaceJIT.h:
1242         * jit/Repatch.cpp:
1243         (JSC::emitRestoreScratch):
1244         (JSC::generateProtoChainAccessStub):
1245         (JSC::tryCacheGetByID):
1246         (JSC::emitPutReplaceStub):
1247         (JSC::tryCachePutByID):
1248         (JSC::tryRepatchIn):
1249         * jit/ScratchRegisterAllocator.h:
1250         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1251         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1252         * jit/ThunkGenerators.cpp:
1253         (JSC::nativeForGenerator):
1254         (JSC::floorThunkGenerator):
1255         (JSC::ceilThunkGenerator):
1256         * jsc.cpp:
1257         (main):
1258         * llint/LLIntOfflineAsmConfig.h:
1259         * llint/LLIntSlowPaths.cpp:
1260         (JSC::LLInt::handleHostCall):
1261         * llint/LowLevelInterpreter.asm:
1262         * llint/LowLevelInterpreter64.asm:
1263         * offlineasm/arm.rb:
1264         * offlineasm/arm64.rb: Added.
1265         * offlineasm/backends.rb:
1266         * offlineasm/instructions.rb:
1267         * offlineasm/risc.rb:
1268         * offlineasm/transform.rb:
1269         * yarr/YarrJIT.cpp:
1270         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
1271         (JSC::Yarr::YarrGenerator::initCallFrame):
1272         (JSC::Yarr::YarrGenerator::removeCallFrame):
1273         (JSC::Yarr::YarrGenerator::generateEnter):
1274         * yarr/YarrJIT.h:
1275
1276 2013-10-15  Mark Lam  <mark.lam@apple.com>
1277
1278         Fix 3 operand sub operation in C loop LLINT.
1279         https://bugs.webkit.org/show_bug.cgi?id=122866.
1280
1281         Reviewed by Geoffrey Garen.
1282
1283         * offlineasm/cloop.rb:
1284
1285 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1286
1287         ObjCCallbackFunctionImpl shouldn't store a JSContext
1288         https://bugs.webkit.org/show_bug.cgi?id=122531
1289
1290         Reviewed by Geoffrey Garen.
1291
1292         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
1293         in the common case. It's also no longer necessary in that we can look up the current JSContext 
1294         by looking using the globalObject of the callee when the function callback is invoked.
1295  
1296         Also added a new test that would cause us to crash previously. The test required making 
1297         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
1298         in C API callbacks.
1299
1300         * API/JSContextRef.h:
1301         * API/JSContextRefPrivate.h:
1302         * API/ObjCCallbackFunction.mm:
1303         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
1304         (JSC::objCCallbackFunctionCallAsFunction):
1305         (objCCallbackFunctionForInvocation):
1306         * API/WebKitAvailability.h:
1307         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
1308         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
1309         (CallAsConstructor):
1310         (ConstructorFinalize):
1311         (ConstructorClass):
1312         (+[JSValue valueWithConstructorDescriptor:inContext:]):
1313         (-[JSContext valueWithConstructorDescriptor:]):
1314         (currentThisInsideBlockGetterTest):
1315         * API/tests/testapi.mm:
1316         * JavaScriptCore.xcodeproj/project.pbxproj:
1317         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
1318
1319 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1320
1321         Fix build after r157457 for architecture with 4 argument registers.
1322         https://bugs.webkit.org/show_bug.cgi?id=122860
1323
1324         Reviewed by Michael Saboff.
1325
1326         * jit/CCallHelpers.h:
1327         (JSC::CCallHelpers::setupStubArguments134):
1328
1329 2013-10-14  Michael Saboff  <msaboff@apple.com>
1330
1331         transition void cti_op_* methods to JIT operations.
1332         https://bugs.webkit.org/show_bug.cgi?id=122617
1333
1334         Reviewed by Geoffrey Garen.
1335
1336         Converted the follow stubs to JIT operations:
1337             cti_handle_watchdog_timer
1338             cti_op_debug
1339             cti_op_pop_scope
1340             cti_op_profile_did_call
1341             cti_op_profile_will_call
1342             cti_op_put_by_index
1343             cti_op_put_getter_setter
1344             cti_op_tear_off_activation
1345             cti_op_tear_off_arguments
1346             cti_op_throw_static_error
1347             cti_optimize
1348
1349         * dfg/DFGOperations.cpp:
1350         * dfg/DFGOperations.h:
1351         * jit/CCallHelpers.h:
1352         (JSC::CCallHelpers::setupArgumentsWithExecState):
1353         (JSC::CCallHelpers::setupThreeStubArgsGPR):
1354         (JSC::CCallHelpers::setupStubArguments):
1355         (JSC::CCallHelpers::setupStubArguments134):
1356         * jit/JIT.cpp:
1357         (JSC::JIT::emitEnterOptimizationCheck):
1358         * jit/JIT.h:
1359         * jit/JITInlines.h:
1360         (JSC::JIT::callOperation):
1361         * jit/JITOpcodes.cpp:
1362         (JSC::JIT::emit_op_tear_off_activation):
1363         (JSC::JIT::emit_op_tear_off_arguments):
1364         (JSC::JIT::emit_op_push_with_scope):
1365         (JSC::JIT::emit_op_pop_scope):
1366         (JSC::JIT::emit_op_push_name_scope):
1367         (JSC::JIT::emit_op_throw_static_error):
1368         (JSC::JIT::emit_op_debug):
1369         (JSC::JIT::emit_op_profile_will_call):
1370         (JSC::JIT::emit_op_profile_did_call):
1371         (JSC::JIT::emitSlow_op_loop_hint):
1372         * jit/JITOpcodes32_64.cpp:
1373         (JSC::JIT::emit_op_push_with_scope):
1374         (JSC::JIT::emit_op_pop_scope):
1375         (JSC::JIT::emit_op_push_name_scope):
1376         (JSC::JIT::emit_op_throw_static_error):
1377         (JSC::JIT::emit_op_debug):
1378         (JSC::JIT::emit_op_profile_will_call):
1379         (JSC::JIT::emit_op_profile_did_call):
1380         * jit/JITOperations.cpp:
1381         * jit/JITOperations.h:
1382         * jit/JITPropertyAccess.cpp:
1383         (JSC::JIT::emit_op_put_by_index):
1384         (JSC::JIT::emit_op_put_getter_setter):
1385         * jit/JITPropertyAccess32_64.cpp:
1386         (JSC::JIT::emit_op_put_by_index):
1387         (JSC::JIT::emit_op_put_getter_setter):
1388         * jit/JITStubs.cpp:
1389         * jit/JITStubs.h:
1390
1391 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1392
1393         [sh4] Introduce const pools in LLINT.
1394         https://bugs.webkit.org/show_bug.cgi?id=122746
1395
1396         Reviewed by Michael Saboff.
1397
1398         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
1399         loaded this way:
1400
1401             mov.l .label, rx
1402             bra out
1403             nop
1404             .balign 4
1405             .label: .long immvalue
1406             out:
1407
1408         This change introduces const pools for sh4 implementation to avoid lots of useless branches
1409         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
1410
1411         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
1412         * offlineasm/sh4.rb:
1413
1414 2013-10-15  Mark Lam  <mark.lam@apple.com>
1415
1416         Fix broken C Loop LLINT build.
1417         https://bugs.webkit.org/show_bug.cgi?id=122839.
1418
1419         Reviewed by Michael Saboff.
1420
1421         * dfg/DFGFlushedAt.cpp:
1422         * jit/JITOperations.h:
1423
1424 2013-10-14  Mark Lam  <mark.lam@apple.com>
1425
1426         Transition *switch* and *scope* JITStubs to JIT operations.
1427         https://bugs.webkit.org/show_bug.cgi?id=122757.
1428
1429         Reviewed by Geoffrey Garen.
1430
1431         Transitioning:
1432             cti_op_switch_char
1433             cti_op_switch_imm
1434             cti_op_switch_string
1435             cti_op_resolve_scope
1436             cti_op_get_from_scope
1437             cti_op_put_to_scope
1438
1439         * jit/JIT.h:
1440         * jit/JITInlines.h:
1441         (JSC::JIT::callOperation):
1442         * jit/JITOpcodes.cpp:
1443         (JSC::JIT::emit_op_switch_imm):
1444         (JSC::JIT::emit_op_switch_char):
1445         (JSC::JIT::emit_op_switch_string):
1446         * jit/JITOpcodes32_64.cpp:
1447         (JSC::JIT::emit_op_switch_imm):
1448         (JSC::JIT::emit_op_switch_char):
1449         (JSC::JIT::emit_op_switch_string):
1450         * jit/JITOperations.cpp:
1451         * jit/JITOperations.h:
1452         * jit/JITPropertyAccess.cpp:
1453         (JSC::JIT::emitSlow_op_resolve_scope):
1454         (JSC::JIT::emitSlow_op_get_from_scope):
1455         (JSC::JIT::emitSlow_op_put_to_scope):
1456         * jit/JITPropertyAccess32_64.cpp:
1457         (JSC::JIT::emitSlow_op_resolve_scope):
1458         (JSC::JIT::emitSlow_op_get_from_scope):
1459         (JSC::JIT::emitSlow_op_put_to_scope):
1460         * jit/JITStubs.cpp:
1461         * jit/JITStubs.h:
1462
1463 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
1464
1465         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
1466         https://bugs.webkit.org/show_bug.cgi?id=122786
1467
1468         Reviewed by Mark Hahnenberg.
1469
1470         * bytecode/CodeBlock.cpp:
1471         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
1472         * jit/Repatch.cpp:
1473         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
1474         (JSC::buildPutByIdList): Ditto.
1475
1476 2013-10-14  Nadav Rotem  <nrotem@apple.com>
1477
1478         Add FTL support for LogicalNot(string)
1479         https://bugs.webkit.org/show_bug.cgi?id=122765
1480
1481         Reviewed by Filip Pizlo.
1482
1483         This patch is tested by:
1484         regress/script-tests/emscripten-cube2hash.js.ftl-eager
1485
1486         * ftl/FTLCapabilities.cpp:
1487         (JSC::FTL::canCompile):
1488         * ftl/FTLLowerDFGToLLVM.cpp:
1489         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
1490
1491 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
1492
1493         [sh4] Fixes after r157404 and r157411.
1494         https://bugs.webkit.org/show_bug.cgi?id=122782
1495
1496         Reviewed by Michael Saboff.
1497
1498         * dfg/DFGSpeculativeJIT.h:
1499         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
1500         * jit/CCallHelpers.h:
1501         (JSC::CCallHelpers::setupArgumentsWithExecState):
1502         * jit/JITInlines.h:
1503         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
1504         * jit/JITPropertyAccess32_64.cpp:
1505         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
1506
1507 2013-10-14  Commit Queue  <commit-queue@webkit.org>
1508
1509         Unreviewed, rolling out r157413.
1510         http://trac.webkit.org/changeset/157413
1511         https://bugs.webkit.org/show_bug.cgi?id=122779
1512
1513         Appears to have caused frequent crashes (Requested by ap on
1514         #webkit).
1515
1516         * CMakeLists.txt:
1517         * GNUmakefile.list.am:
1518         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1519         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1520         * JavaScriptCore.xcodeproj/project.pbxproj:
1521         * heap/DeferGC.cpp: Removed.
1522         * heap/DeferGC.h:
1523         * jit/JITStubs.cpp:
1524         (JSC::tryCacheGetByID):
1525         (JSC::DEFINE_STUB_FUNCTION):
1526         * llint/LLIntSlowPaths.cpp:
1527         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1528         * runtime/ConcurrentJITLock.h:
1529         * runtime/InitializeThreading.cpp:
1530         (JSC::initializeThreadingOnce):
1531         * runtime/JSCellInlines.h:
1532         (JSC::allocateCell):
1533         * runtime/Structure.cpp:
1534         (JSC::Structure::materializePropertyMap):
1535         (JSC::Structure::putSpecificValue):
1536         (JSC::Structure::createPropertyMap):
1537         * runtime/Structure.h:
1538
1539 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1540
1541         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
1542         https://bugs.webkit.org/show_bug.cgi?id=122652
1543
1544         Reviewed by Filip Pizlo.
1545
1546         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
1547         so we would end up ASSERTing during garbage collection.
1548
1549         * heap/MarkedAllocator.cpp:
1550         (JSC::MarkedAllocator::allocateSlowCase):
1551
1552 2013-10-11  Oliver Hunt  <oliver@apple.com>
1553
1554         Separate out array iteration intrinsics
1555         https://bugs.webkit.org/show_bug.cgi?id=122656
1556
1557         Reviewed by Michael Saboff.
1558
1559         Separate out the intrinsics for key and values iteration
1560         of arrays.
1561
1562         This requires moving moving array iteration into the iterator
1563         instance, rather than the prototype, but this is essentially
1564         unobservable so we'll live with it for now.
1565
1566         * jit/ThunkGenerators.cpp:
1567         (JSC::arrayIteratorNextThunkGenerator):
1568         (JSC::arrayIteratorNextKeyThunkGenerator):
1569         (JSC::arrayIteratorNextValueThunkGenerator):
1570         * jit/ThunkGenerators.h:
1571         * runtime/ArrayIteratorPrototype.cpp:
1572         (JSC::ArrayIteratorPrototype::finishCreation):
1573         * runtime/Intrinsic.h:
1574         * runtime/JSArrayIterator.cpp:
1575         (JSC::JSArrayIterator::finishCreation):
1576         (JSC::createIteratorResult):
1577         (JSC::arrayIteratorNext):
1578         (JSC::arrayIteratorNextKey):
1579         (JSC::arrayIteratorNextValue):
1580         (JSC::arrayIteratorNextGeneric):
1581         * runtime/VM.cpp:
1582         (JSC::thunkGeneratorForIntrinsic):
1583
1584 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1585
1586         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1587         https://bugs.webkit.org/show_bug.cgi?id=122667
1588
1589         Reviewed by Filip Pizlo.
1590
1591         The issue this patch is attempting to fix is that there are places in our codebase
1592         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1593         operations that can initiate a garbage collection. Garbage collection then calls 
1594         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1595         always necessarily run during garbage collection). This causes a deadlock.
1596
1597         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1598         into a thread-local field that indicates that it is unsafe to perform any operation 
1599         that could trigger garbage collection on the current thread. In debug builds, 
1600         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1601         detect deadlocks.
1602
1603         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1604         which uses the DeferGC mechanism to prevent collections from occurring while the 
1605         lock is held.
1606
1607         * CMakeLists.txt:
1608         * GNUmakefile.list.am:
1609         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1610         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1611         * JavaScriptCore.xcodeproj/project.pbxproj:
1612         * heap/DeferGC.cpp: Added.
1613         * heap/DeferGC.h:
1614         (JSC::DisallowGC::DisallowGC):
1615         (JSC::DisallowGC::~DisallowGC):
1616         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1617         (JSC::DisallowGC::initialize):
1618         * jit/JITStubs.cpp:
1619         (JSC::tryCachePutByID):
1620         (JSC::tryCacheGetByID):
1621         (JSC::DEFINE_STUB_FUNCTION):
1622         * llint/LLIntSlowPaths.cpp:
1623         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1624         * runtime/ConcurrentJITLock.h:
1625         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1626         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1627         (JSC::ConcurrentJITLockerBase::unlockEarly):
1628         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1629         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1630         * runtime/InitializeThreading.cpp:
1631         (JSC::initializeThreadingOnce):
1632         * runtime/JSCellInlines.h:
1633         (JSC::allocateCell):
1634         * runtime/Structure.cpp:
1635         (JSC::Structure::materializePropertyMap):
1636         (JSC::Structure::putSpecificValue):
1637         (JSC::Structure::createPropertyMap):
1638         * runtime/Structure.h:
1639
1640 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
1641
1642         Baseline JIT should use the DFG's PutById IC
1643         https://bugs.webkit.org/show_bug.cgi?id=122704
1644
1645         Reviewed by Mark Hahnenberg.
1646         
1647         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
1648         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
1649         
1650         The only complicated part was that the PutById operations assumed that we first did a
1651         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
1652         slow paths to deal with EncodedJSValue's.
1653
1654         * bytecode/CodeBlock.cpp:
1655         (JSC::CodeBlock::resetStubInternal):
1656         * bytecode/PutByIdStatus.cpp:
1657         (JSC::PutByIdStatus::computeFor):
1658         * dfg/DFGSpeculativeJIT.h:
1659         (JSC::DFG::SpeculativeJIT::callOperation):
1660         * dfg/DFGSpeculativeJIT32_64.cpp:
1661         (JSC::DFG::SpeculativeJIT::cachedPutById):
1662         * dfg/DFGSpeculativeJIT64.cpp:
1663         (JSC::DFG::SpeculativeJIT::cachedPutById):
1664         * jit/CCallHelpers.h:
1665         (JSC::CCallHelpers::setupArgumentsWithExecState):
1666         * jit/JIT.cpp:
1667         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1668         * jit/JIT.h:
1669         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
1670         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
1671         * jit/JITInlines.h:
1672         (JSC::JIT::callOperation):
1673         * jit/JITOperationWrappers.h:
1674         * jit/JITOperations.cpp:
1675         * jit/JITOperations.h:
1676         * jit/JITPropertyAccess.cpp:
1677         (JSC::JIT::compileGetByIdHotPath):
1678         (JSC::JIT::compileGetByIdSlowCase):
1679         (JSC::JIT::emit_op_put_by_id):
1680         (JSC::JIT::emitSlow_op_put_by_id):
1681         * jit/JITPropertyAccess32_64.cpp:
1682         (JSC::JIT::compileGetByIdSlowCase):
1683         (JSC::JIT::emit_op_put_by_id):
1684         (JSC::JIT::emitSlow_op_put_by_id):
1685         * jit/JITStubs.cpp:
1686         * jit/JITStubs.h:
1687         * jit/Repatch.cpp:
1688         (JSC::appropriateGenericPutByIdFunction):
1689         (JSC::appropriateListBuildingPutByIdFunction):
1690         (JSC::resetPutByID):
1691
1692 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
1693
1694         FTL should have an inefficient but correct implementation of GetById
1695         https://bugs.webkit.org/show_bug.cgi?id=122740
1696
1697         Reviewed by Mark Hahnenberg.
1698         
1699         It took some effort to realize that the node->prediction() check in the DFG backends
1700         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
1701         if !prediction.
1702         
1703         But other than that this was an easy patch.
1704
1705         * dfg/DFGByteCodeParser.cpp:
1706         (JSC::DFG::ByteCodeParser::handleGetById):
1707         * dfg/DFGSpeculativeJIT32_64.cpp:
1708         (JSC::DFG::SpeculativeJIT::compile):
1709         * dfg/DFGSpeculativeJIT64.cpp:
1710         (JSC::DFG::SpeculativeJIT::compile):
1711         * ftl/FTLCapabilities.cpp:
1712         (JSC::FTL::canCompile):
1713         * ftl/FTLIntrinsicRepository.h:
1714         * ftl/FTLLowerDFGToLLVM.cpp:
1715         (JSC::FTL::LowerDFGToLLVM::compileNode):
1716         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1717
1718 2013-10-13  Mark Lam  <mark.lam@apple.com>
1719
1720         Transition misc cti_op_* JITStubs to JIT operations.
1721         https://bugs.webkit.org/show_bug.cgi?id=122645.
1722
1723         Reviewed by Michael Saboff.
1724
1725         Stubs converted:
1726             cti_op_check_has_instance
1727             cti_op_create_arguments
1728             cti_op_del_by_id
1729             cti_op_instanceof
1730             cti_to_object
1731             cti_op_push_activation
1732             cti_op_get_pnames
1733             cti_op_load_varargs
1734
1735         * dfg/DFGOperations.cpp:
1736         * dfg/DFGOperations.h:
1737         * jit/CCallHelpers.h:
1738         (JSC::CCallHelpers::setupArgumentsWithExecState):
1739         * jit/JIT.h:
1740         (JSC::JIT::emitStoreCell):
1741         * jit/JITCall.cpp:
1742         (JSC::JIT::compileLoadVarargs):
1743         * jit/JITCall32_64.cpp:
1744         (JSC::JIT::compileLoadVarargs):
1745         * jit/JITInlines.h:
1746         (JSC::JIT::callOperation):
1747         * jit/JITOpcodes.cpp:
1748         (JSC::JIT::emit_op_get_pnames):
1749         (JSC::JIT::emit_op_create_activation):
1750         (JSC::JIT::emit_op_create_arguments):
1751         (JSC::JIT::emitSlow_op_check_has_instance):
1752         (JSC::JIT::emitSlow_op_instanceof):
1753         (JSC::JIT::emitSlow_op_get_argument_by_val):
1754         * jit/JITOpcodes32_64.cpp:
1755         (JSC::JIT::emitSlow_op_check_has_instance):
1756         (JSC::JIT::emitSlow_op_instanceof):
1757         (JSC::JIT::emit_op_get_pnames):
1758         (JSC::JIT::emit_op_create_activation):
1759         (JSC::JIT::emit_op_create_arguments):
1760         (JSC::JIT::emitSlow_op_get_argument_by_val):
1761         * jit/JITOperations.cpp:
1762         * jit/JITOperations.h:
1763         * jit/JITPropertyAccess.cpp:
1764         (JSC::JIT::emit_op_del_by_id):
1765         * jit/JITPropertyAccess32_64.cpp:
1766         (JSC::JIT::emit_op_del_by_id):
1767         * jit/JITStubs.cpp:
1768         * jit/JITStubs.h:
1769
1770 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
1771
1772         FTL OSR exit should perform zero extension on values smaller than 64-bit
1773         https://bugs.webkit.org/show_bug.cgi?id=122688
1774
1775         Reviewed by Gavin Barraclough.
1776         
1777         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
1778         register will have zeros on the high bits.  In the few cases where the high bits are
1779         non-zero, the DFG sort of tells us this explicitly.
1780
1781         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
1782         emit LLVM IR like:
1783
1784             %2 = trunc i64 %1 to i32
1785             stuff %2
1786             call @llvm.webkit.stackmap(...., %2)
1787
1788         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
1789         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
1790         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
1791         from before truncation, and that register may have garbage in the high bits.
1792
1793         This means that on our end, if we want a 32-bit value and we want that value to be
1794         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
1795         cheap, so we should just do it and not make it a requirement that LLVM does it on its
1796         end.
1797         
1798         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
1799
1800         * ftl/FTLOSRExitCompiler.cpp:
1801         (JSC::FTL::compileStubWithOSRExitStackmap):
1802         * ftl/FTLValueFormat.cpp:
1803         (JSC::FTL::reboxAccordingToFormat):
1804
1805 == Rolled over to ChangeLog-2013-10-13 ==