Command line jsc should report memory footprint in bytes
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-10-03  Michael Saboff  <msaboff@apple.com>
2
3         Command line jsc should report memory footprint in bytes
4         https://bugs.webkit.org/show_bug.cgi?id=190267
5
6         Reviewed by Mark Lam.
7
8         Change to leave the footprint values from the system unmodified.
9
10         * jsc.cpp:
11         (JSCMemoryFootprint::finishCreation):
12
13 2018-10-03  Mark Lam  <mark.lam@apple.com>
14
15         Suppress unreachable code warning for LLIntAssembly.h code.
16         https://bugs.webkit.org/show_bug.cgi?id=190263
17         <rdar://problem/44986532>
18
19         Reviewed by Saam Barati.
20
21         This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter
22         asm files, and may contain dead code which are harmless, but will trip up the warning.
23         We should suppress the warning so that it doesn't break builds.
24
25         * llint/LowLevelInterpreter.cpp:
26         (JSC::CLoop::execute):
27
28 2018-10-03  Dan Bernstein  <mitz@apple.com>
29
30         JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10
31         https://bugs.webkit.org/show_bug.cgi?id=190250
32
33         Reviewed by Alex Christensen.
34
35         * API/tests/Regress141275.mm:
36         (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF
37           by making the self-retaining explicit.
38
39         * API/tests/testapi.cpp:
40         (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the
41           loop instead of returning from the lambda.
42
43         * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE,
44           CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and
45           CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED.
46
47         * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to
48           UnlinkedFunctionExecutable.h, and let Xcode update the project file.
49
50         * assembler/MacroAssemblerPrinter.cpp:
51         (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing
52           some commas with semicolons.
53
54 2018-10-03  Mark Lam  <mark.lam@apple.com>
55
56         Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX.
57         https://bugs.webkit.org/show_bug.cgi?id=190187
58         <rdar://problem/42512909>
59
60         Reviewed by Michael Saboff.
61
62         Allowing different max string lengths at each level opens up opportunities for
63         bugs to creep in.  With 2 different max length values, it is more difficult to
64         keep the story straight on how we do overflow / bounds checks at each place in
65         the code.  It's also difficult to tell if a seemingly valid check at the WTF level
66         will have bad ramifications at the JSC level.  Also, it's also not meaningful to
67         support a max length > INT_MAX.  To eliminate this class of bugs, we'll
68         standardize on a MaxLength of INT_MAX at all levels.
69
70         We'll also standardize the way we do length overflow checks on using
71         CheckedArithmetic, and add some asserts to document the assumptions of the code.
72
73         * runtime/FunctionConstructor.cpp:
74         (JSC::constructFunctionSkippingEvalEnabledCheck):
75         - Fix OOM error handling which crashed a test after the new MaxLength was applied.
76         * runtime/JSString.h:
77         (JSC::JSString::finishCreation):
78         (JSC::JSString::createHasOtherOwner):
79         (JSC::JSString::setLength):
80         * runtime/JSStringInlines.h:
81         (JSC::jsMakeNontrivialString):
82         * runtime/Operations.h:
83         (JSC::jsString):
84
85 2018-10-03  Koby Boyango  <koby.b@mce-sys.com>
86
87         [JSC] Add a C++ callable overload of objectConstructorSeal
88         https://bugs.webkit.org/show_bug.cgi?id=190137
89
90         Reviewed by Yusuke Suzuki.
91
92         * runtime/ObjectConstructor.cpp:
93         * runtime/ObjectConstructor.h:
94
95 2018-10-02  Dominik Infuehr  <dinfuehr@igalia.com>
96
97         Fix Disassembler-output on ARM Thumb2
98         https://bugs.webkit.org/show_bug.cgi?id=190203
99
100         On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force
101         execution in thumb mode for jumps and calls. The actual machine
102         instructions are still aligned to 2-bytes though. Use dataLocation() as
103         start address for disassembling since it unsets the thumb bit.
104         Until now the disassembler would start at the wrong address (off by 1),
105         resulting in the wrong disassembled machine instructions.
106
107         Reviewed by Mark Lam.
108
109         * disassembler/CapstoneDisassembler.cpp:
110         (JSC::tryToDisassemble):
111
112 2018-10-02  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
113
114         [JSC] Add stub of ExecutableAllocator used when JIT is disabled
115         https://bugs.webkit.org/show_bug.cgi?id=190215
116
117         Reviewed by Mark Lam.
118
119         When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since
120         it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since
121         our MacroAssembler tells machine architecture information. Eventually, we would like to decouple
122         this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER)
123         for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT).
124
125         To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for
126         non-JIT configurations. This does not have any functionality allocating executable memory, thus
127         any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF.
128
129         * jit/ExecutableAllocator.cpp:
130         (JSC::ExecutableAllocator::initializeAllocator):
131         (JSC::ExecutableAllocator::singleton):
132         * jit/ExecutableAllocator.h:
133         (JSC::ExecutableAllocator::isValid const):
134         (JSC::ExecutableAllocator::underMemoryPressure):
135         (JSC::ExecutableAllocator::memoryPressureMultiplier):
136         (JSC::ExecutableAllocator::dumpProfile):
137         (JSC::ExecutableAllocator::allocate):
138         (JSC::ExecutableAllocator::isValidExecutableMemory):
139         (JSC::ExecutableAllocator::committedByteCount):
140         (JSC::ExecutableAllocator::getLock const):
141         (JSC::performJITMemcpy):
142
143 2018-10-01  Dean Jackson  <dino@apple.com>
144
145         Remove CSS Animation Triggers
146         https://bugs.webkit.org/show_bug.cgi?id=190175
147         <rdar://problem/44925626>
148
149         Reviewed by Simon Fraser.
150
151         * Configurations/FeatureDefines.xcconfig:
152
153 2018-10-02  Caio Lima  <ticaiolima@gmail.com>
154
155         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
156         https://bugs.webkit.org/show_bug.cgi?id=190033
157
158         Reviewed by Yusuke Suzuki.
159
160         The implementation of JSBigInt::toStringToGeneric doesn't handle power
161         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
162         implemented JSBigInt::toStringBasePowerOfTwo that follows the
163         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
164         digit.
165
166         * runtime/JSBigInt.cpp:
167         (JSC::JSBigInt::toString):
168         (JSC::JSBigInt::toStringBasePowerOfTwo):
169         * runtime/JSBigInt.h:
170
171 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
172
173         [JSC] Add branchIfNaN and branchIfNotNaN
174         https://bugs.webkit.org/show_bug.cgi?id=190122
175
176         Reviewed by Mark Lam.
177
178         Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable.
179
180         * dfg/DFGSpeculativeJIT.cpp:
181         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
182         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
183         (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand):
184         (JSC::DFG::SpeculativeJIT::compileSpread):
185         (JSC::DFG::SpeculativeJIT::compileNewArray):
186         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
187         (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal):
188         (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
189         (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
190         * dfg/DFGSpeculativeJIT32_64.cpp:
191         (JSC::DFG::SpeculativeJIT::compile):
192         * dfg/DFGSpeculativeJIT64.cpp:
193         (JSC::DFG::SpeculativeJIT::compile):
194         * jit/AssemblyHelpers.cpp:
195         (JSC::AssemblyHelpers::purifyNaN):
196         * jit/AssemblyHelpers.h:
197         (JSC::AssemblyHelpers::branchIfNaN):
198         (JSC::AssemblyHelpers::branchIfNotNaN):
199         * jit/JITPropertyAccess.cpp:
200         (JSC::JIT::emitGenericContiguousPutByVal):
201         (JSC::JIT::emitDoubleLoad):
202         (JSC::JIT::emitFloatTypedArrayGetByVal):
203         * jit/JITPropertyAccess32_64.cpp:
204         (JSC::JIT::emitGenericContiguousPutByVal):
205         * wasm/js/JSToWasm.cpp:
206         (JSC::Wasm::createJSToWasmWrapper):
207
208 2018-10-01  Mark Lam  <mark.lam@apple.com>
209
210         Function.toString() should also copy the source code Functions that are class definitions.
211         https://bugs.webkit.org/show_bug.cgi?id=190186
212         <rdar://problem/44733360>
213
214         Reviewed by Saam Barati.
215
216         Previously, if the Function is a class definition, functionProtoFuncToString()
217         would create a String using StringView::toStringWithoutCopying(), and use that
218         String to make a JSString.  This is not a problem if the underlying SourceProvider
219         (that backs the characters in that StringView) is immortal.  However, this is
220         not always the case in practice.
221
222         This patch fixes this issue by changing functionProtoFuncToString() to create the
223         String using StringView::toString() instead, which makes a copy of the underlying
224         characters buffer.  This detaches the resultant JSString from the SourceProvider
225         characters buffer that it was created from, and ensure that the underlying
226         characters buffer of the string will be alive for the entire lifetime of the
227         JSString.
228
229         * runtime/FunctionPrototype.cpp:
230         (JSC::functionProtoFuncToString):
231
232 2018-10-01  Keith Miller  <keith_miller@apple.com>
233
234         Create a RELEASE_AND_RETURN macro for ExceptionScopes
235         https://bugs.webkit.org/show_bug.cgi?id=190163
236
237         Reviewed by Mark Lam.
238
239         The new RELEASE_AND_RETURN does all the work for cases
240         where you want to return the result of some expression
241         without explicitly checking for an exception. This is
242         much like the existing RETURN_IF_EXCEPTION macro.
243
244         * dfg/DFGOperations.cpp:
245         (JSC::DFG::newTypedArrayWithSize):
246         * interpreter/Interpreter.cpp:
247         (JSC::eval):
248         * jit/JITOperations.cpp:
249         (JSC::getByVal):
250         * jsc.cpp:
251         (functionDollarAgentReceiveBroadcast):
252         * llint/LLIntSlowPaths.cpp:
253         (JSC::LLInt::setUpCall):
254         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
255         (JSC::LLInt::varargsSetup):
256         * profiler/ProfilerDatabase.cpp:
257         (JSC::Profiler::Database::toJSON const):
258         * runtime/AbstractModuleRecord.cpp:
259         (JSC::AbstractModuleRecord::hostResolveImportedModule):
260         * runtime/ArrayConstructor.cpp:
261         (JSC::constructArrayWithSizeQuirk):
262         * runtime/ArrayPrototype.cpp:
263         (JSC::getProperty):
264         (JSC::fastJoin):
265         (JSC::arrayProtoFuncToString):
266         (JSC::arrayProtoFuncToLocaleString):
267         (JSC::arrayProtoFuncJoin):
268         (JSC::arrayProtoFuncPop):
269         (JSC::arrayProtoPrivateFuncConcatMemcpy):
270         * runtime/BigIntConstructor.cpp:
271         (JSC::toBigInt):
272         * runtime/CommonSlowPaths.h:
273         (JSC::CommonSlowPaths::opInByVal):
274         * runtime/ConstructData.cpp:
275         (JSC::construct):
276         * runtime/DateConstructor.cpp:
277         (JSC::dateParse):
278         * runtime/DatePrototype.cpp:
279         (JSC::dateProtoFuncToPrimitiveSymbol):
280         * runtime/DirectArguments.h:
281         * runtime/ErrorConstructor.cpp:
282         (JSC::Interpreter::constructWithErrorConstructor):
283         * runtime/ErrorPrototype.cpp:
284         (JSC::errorProtoFuncToString):
285         * runtime/ExceptionScope.h:
286         * runtime/FunctionConstructor.cpp:
287         (JSC::constructFunction):
288         * runtime/FunctionPrototype.cpp:
289         (JSC::functionProtoFuncToString):
290         * runtime/GenericArgumentsInlines.h:
291         (JSC::GenericArguments<Type>::defineOwnProperty):
292         * runtime/GetterSetter.cpp:
293         (JSC::callGetter):
294         * runtime/IntlCollatorConstructor.cpp:
295         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
296         * runtime/IntlCollatorPrototype.cpp:
297         (JSC::IntlCollatorFuncCompare):
298         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
299         * runtime/IntlDateTimeFormatConstructor.cpp:
300         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
301         * runtime/IntlDateTimeFormatPrototype.cpp:
302         (JSC::IntlDateTimeFormatFuncFormatDateTime):
303         (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts):
304         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
305         * runtime/IntlNumberFormatConstructor.cpp:
306         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
307         * runtime/IntlNumberFormatPrototype.cpp:
308         (JSC::IntlNumberFormatFuncFormatNumber):
309         (JSC::IntlNumberFormatPrototypeFuncFormatToParts):
310         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
311         * runtime/IntlObject.cpp:
312         (JSC::intlNumberOption):
313         * runtime/IntlObjectInlines.h:
314         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
315         * runtime/IntlPluralRules.cpp:
316         (JSC::IntlPluralRules::resolvedOptions):
317         * runtime/IntlPluralRulesConstructor.cpp:
318         (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):
319         * runtime/IntlPluralRulesPrototype.cpp:
320         (JSC::IntlPluralRulesPrototypeFuncSelect):
321         (JSC::IntlPluralRulesPrototypeFuncResolvedOptions):
322         * runtime/JSArray.cpp:
323         (JSC::JSArray::defineOwnProperty):
324         (JSC::JSArray::put):
325         (JSC::JSArray::setLength):
326         (JSC::JSArray::unshiftCountWithAnyIndexingType):
327         * runtime/JSArrayBufferPrototype.cpp:
328         (JSC::arrayBufferProtoGetterFuncByteLength):
329         (JSC::sharedArrayBufferProtoGetterFuncByteLength):
330         * runtime/JSArrayInlines.h:
331         (JSC::toLength):
332         * runtime/JSBoundFunction.cpp:
333         (JSC::boundFunctionCall):
334         (JSC::boundFunctionConstruct):
335         * runtime/JSCJSValue.cpp:
336         (JSC::JSValue::putToPrimitive):
337         * runtime/JSCJSValueInlines.h:
338         (JSC::JSValue::toIndex const):
339         (JSC::JSValue::toPropertyKey const):
340         (JSC::JSValue::get const):
341         (JSC::JSValue::getPropertySlot const):
342         (JSC::JSValue::getOwnPropertySlot const):
343         (JSC::JSValue::equalSlowCaseInline):
344         * runtime/JSDataView.cpp:
345         (JSC::JSDataView::put):
346         (JSC::JSDataView::defineOwnProperty):
347         * runtime/JSFunction.cpp:
348         (JSC::JSFunction::put):
349         (JSC::JSFunction::defineOwnProperty):
350         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
351         (JSC::constructGenericTypedArrayViewWithArguments):
352         (JSC::constructGenericTypedArrayView):
353         * runtime/JSGenericTypedArrayViewInlines.h:
354         (JSC::JSGenericTypedArrayView<Adaptor>::set):
355         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
356         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
357         (JSC::speciesConstruct):
358         (JSC::genericTypedArrayViewProtoFuncJoin):
359         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
360         * runtime/JSGlobalObject.cpp:
361         (JSC::JSGlobalObject::put):
362         * runtime/JSGlobalObjectFunctions.cpp:
363         (JSC::decode):
364         (JSC::globalFuncEval):
365         (JSC::globalFuncProtoGetter):
366         * runtime/JSInternalPromise.cpp:
367         (JSC::JSInternalPromise::then):
368         * runtime/JSModuleEnvironment.cpp:
369         (JSC::JSModuleEnvironment::put):
370         * runtime/JSModuleLoader.cpp:
371         (JSC::JSModuleLoader::provideFetch):
372         (JSC::JSModuleLoader::loadAndEvaluateModule):
373         (JSC::JSModuleLoader::loadModule):
374         (JSC::JSModuleLoader::linkAndEvaluateModule):
375         (JSC::JSModuleLoader::requestImportModule):
376         (JSC::JSModuleLoader::getModuleNamespaceObject):
377         (JSC::moduleLoaderRequestedModules):
378         * runtime/JSONObject.cpp:
379         (JSC::Stringifier::stringify):
380         (JSC::Stringifier::toJSON):
381         (JSC::Walker::walk):
382         (JSC::JSONProtoFuncStringify):
383         * runtime/JSObject.cpp:
384         (JSC::ordinarySetSlow):
385         (JSC::JSObject::putInlineSlow):
386         (JSC::JSObject::toPrimitive const):
387         (JSC::JSObject::hasInstance):
388         (JSC::JSObject::toNumber const):
389         (JSC::JSObject::defineOwnIndexedProperty):
390         (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
391         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
392         (JSC::JSObject::defineOwnNonIndexProperty):
393         * runtime/JSObject.h:
394         (JSC::JSObject::get const):
395         * runtime/JSObjectInlines.h:
396         (JSC::JSObject::getPropertySlot const):
397         (JSC::JSObject::putInlineForJSObject):
398         * runtime/MapConstructor.cpp:
399         (JSC::constructMap):
400         * runtime/NativeErrorConstructor.cpp:
401         (JSC::Interpreter::constructWithNativeErrorConstructor):
402         * runtime/ObjectConstructor.cpp:
403         (JSC::constructObject):
404         (JSC::objectConstructorGetPrototypeOf):
405         (JSC::objectConstructorGetOwnPropertyDescriptor):
406         (JSC::objectConstructorGetOwnPropertyDescriptors):
407         (JSC::objectConstructorGetOwnPropertyNames):
408         (JSC::objectConstructorGetOwnPropertySymbols):
409         (JSC::objectConstructorKeys):
410         (JSC::objectConstructorDefineProperty):
411         (JSC::objectConstructorDefineProperties):
412         (JSC::objectConstructorCreate):
413         * runtime/ObjectPrototype.cpp:
414         (JSC::objectProtoFuncToLocaleString):
415         (JSC::objectProtoFuncToString):
416         * runtime/Operations.cpp:
417         (JSC::jsAddSlowCase):
418         * runtime/Operations.h:
419         (JSC::jsString):
420         (JSC::jsLess):
421         (JSC::jsLessEq):
422         * runtime/ParseInt.h:
423         (JSC::toStringView):
424         * runtime/ProxyConstructor.cpp:
425         (JSC::constructProxyObject):
426         * runtime/ProxyObject.cpp:
427         (JSC::ProxyObject::toStringName):
428         (JSC::performProxyGet):
429         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
430         (JSC::ProxyObject::performHasProperty):
431         (JSC::ProxyObject::getOwnPropertySlotCommon):
432         (JSC::ProxyObject::performPut):
433         (JSC::ProxyObject::putByIndexCommon):
434         (JSC::performProxyCall):
435         (JSC::performProxyConstruct):
436         (JSC::ProxyObject::performDelete):
437         (JSC::ProxyObject::performPreventExtensions):
438         (JSC::ProxyObject::performIsExtensible):
439         (JSC::ProxyObject::performDefineOwnProperty):
440         (JSC::ProxyObject::performSetPrototype):
441         (JSC::ProxyObject::performGetPrototype):
442         * runtime/ReflectObject.cpp:
443         (JSC::reflectObjectConstruct):
444         (JSC::reflectObjectDefineProperty):
445         (JSC::reflectObjectGet):
446         (JSC::reflectObjectGetOwnPropertyDescriptor):
447         (JSC::reflectObjectGetPrototypeOf):
448         (JSC::reflectObjectOwnKeys):
449         (JSC::reflectObjectSet):
450         * runtime/RegExpConstructor.cpp:
451         (JSC::constructRegExp):
452         * runtime/RegExpObject.cpp:
453         (JSC::RegExpObject::defineOwnProperty):
454         (JSC::RegExpObject::matchGlobal):
455         * runtime/RegExpPrototype.cpp:
456         (JSC::regExpProtoFuncTestFast):
457         (JSC::regExpProtoFuncExec):
458         (JSC::regExpProtoFuncToString):
459         * runtime/ScriptExecutable.cpp:
460         (JSC::ScriptExecutable::newCodeBlockFor):
461         * runtime/SetConstructor.cpp:
462         (JSC::constructSet):
463         * runtime/SparseArrayValueMap.cpp:
464         (JSC::SparseArrayValueMap::putEntry):
465         (JSC::SparseArrayEntry::put):
466         * runtime/StringConstructor.cpp:
467         (JSC::stringFromCharCode):
468         (JSC::stringFromCodePoint):
469         * runtime/StringObject.cpp:
470         (JSC::StringObject::put):
471         (JSC::StringObject::putByIndex):
472         (JSC::StringObject::defineOwnProperty):
473         * runtime/StringPrototype.cpp:
474         (JSC::jsSpliceSubstrings):
475         (JSC::jsSpliceSubstringsWithSeparators):
476         (JSC::removeUsingRegExpSearch):
477         (JSC::replaceUsingRegExpSearch):
478         (JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
479         (JSC::replaceUsingStringSearch):
480         (JSC::repeatCharacter):
481         (JSC::replace):
482         (JSC::stringProtoFuncReplaceUsingRegExp):
483         (JSC::stringProtoFuncReplaceUsingStringSearch):
484         (JSC::stringProtoFuncSplitFast):
485         (JSC::stringProtoFuncToLowerCase):
486         (JSC::stringProtoFuncToUpperCase):
487         (JSC::toLocaleCase):
488         (JSC::trimString):
489         (JSC::stringProtoFuncIncludes):
490         (JSC::builtinStringIncludesInternal):
491         (JSC::normalize):
492         (JSC::stringProtoFuncNormalize):
493         * runtime/SymbolPrototype.cpp:
494         (JSC::symbolProtoFuncToString):
495         (JSC::symbolProtoFuncValueOf):
496         * tools/JSDollarVM.cpp:
497         (WTF::functionWasmStreamingParserAddBytes):
498         (JSC::functionGetPrivateProperty):
499         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
500         (JSC::constructJSWebAssemblyCompileError):
501         * wasm/js/WebAssemblyModuleConstructor.cpp:
502         (JSC::constructJSWebAssemblyModule):
503         (JSC::WebAssemblyModuleConstructor::createModule):
504         * wasm/js/WebAssemblyTableConstructor.cpp:
505         (JSC::constructJSWebAssemblyTable):
506         * wasm/js/WebAssemblyWrapperFunction.cpp:
507         (JSC::callWebAssemblyWrapperFunction):
508
509 2018-10-01  Koby Boyango  <koby.b@mce-sys.com>
510
511         [JSC] Add a JSONStringify overload that receives a JSValue space
512         https://bugs.webkit.org/show_bug.cgi?id=190131
513
514         Reviewed by Yusuke Suzuki.
515
516         * runtime/JSONObject.cpp:
517         * runtime/JSONObject.h:
518
519 2018-10-01  Commit Queue  <commit-queue@webkit.org>
520
521         Unreviewed, rolling out r236647.
522         https://bugs.webkit.org/show_bug.cgi?id=190124
523
524         Breaking test stress/big-int-to-string.js (Requested by
525         caiolima_ on #webkit).
526
527         Reverted changeset:
528
529         "[BigInt] BigInt.proptotype.toString is broken when radix is
530         power of 2"
531         https://bugs.webkit.org/show_bug.cgi?id=190033
532         https://trac.webkit.org/changeset/236647
533
534 2018-10-01  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
535
536         [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper
537         https://bugs.webkit.org/show_bug.cgi?id=189498
538
539         Reviewed by Saam Barati.
540
541         To call JS-to-Wasm code we need to convert the result value from wasm function to
542         the JS type. Previously this is done by callWebAssemblyFunction by using swtich
543         over signature.returnType(). But since we know the value of `signature.returnType()`
544         at compiling phase, we can emit a small conversion code directly to JSToWasm glue
545         and remove this switch from callWebAssemblyFunction.
546
547         In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters
548         in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version,
549         we add an implementation for that.
550
551         * jit/AssemblyHelpers.h:
552         (JSC::AssemblyHelpers::boxDouble):
553         * wasm/js/JSToWasm.cpp:
554         (JSC::Wasm::createJSToWasmWrapper):
555         * wasm/js/WebAssemblyFunction.cpp:
556         (JSC::callWebAssemblyFunction):
557
558 2018-09-30  Caio Lima  <ticaiolima@gmail.com>
559
560         [BigInt] BigInt.proptotype.toString is broken when radix is power of 2
561         https://bugs.webkit.org/show_bug.cgi?id=190033
562
563         Reviewed by Yusuke Suzuki.
564
565         The implementation of JSBigInt::toStringToGeneric doesn't handle power
566         of 2 radix when JSBigInt length is >= 2. To handle such cases, we
567         implemented JSBigInt::toStringBasePowerOfTwo that follows the
568         algorithm that groups bits using mask of (2 ^ n) - 1 to extract every
569         digit.
570
571         * runtime/JSBigInt.cpp:
572         (JSC::JSBigInt::toString):
573         (JSC::JSBigInt::toStringBasePowerOfTwo):
574         * runtime/JSBigInt.h:
575
576 2018-09-28  Caio Lima  <ticaiolima@gmail.com>
577
578         [ESNext][BigInt] Implement support for "&"
579         https://bugs.webkit.org/show_bug.cgi?id=186228
580
581         Reviewed by Yusuke Suzuki.
582
583         This patch introduces support of BigInt into bitwise "&" operation.
584         We are also introducing the ValueBitAnd DFG node, that is responsible
585         to take care of JIT for non-Int32 operands. With the introduction of this
586         new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd
587         follows the behavior of ArithAdd and other arithmetic nodes, where
588         the Arith<op> version always results in Number (in the case of
589         ArithBitAnd, its is always an Int32).
590
591         * bytecode/CodeBlock.cpp:
592         (JSC::CodeBlock::finishCreation):
593         * bytecompiler/BytecodeGenerator.cpp:
594         (JSC::BytecodeGenerator::emitBinaryOp):
595         * dfg/DFGAbstractInterpreterInlines.h:
596         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
597         * dfg/DFGBackwardsPropagationPhase.cpp:
598         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
599         (JSC::DFG::BackwardsPropagationPhase::propagate):
600         * dfg/DFGByteCodeParser.cpp:
601         (JSC::DFG::ByteCodeParser::parseBlock):
602         * dfg/DFGClobberize.h:
603         (JSC::DFG::clobberize):
604         * dfg/DFGDoesGC.cpp:
605         (JSC::DFG::doesGC):
606         * dfg/DFGFixupPhase.cpp:
607         (JSC::DFG::FixupPhase::fixupNode):
608         * dfg/DFGNodeType.h:
609         * dfg/DFGOperations.cpp:
610         * dfg/DFGOperations.h:
611         * dfg/DFGPredictionPropagationPhase.cpp:
612         * dfg/DFGSafeToExecute.h:
613         (JSC::DFG::safeToExecute):
614         * dfg/DFGSpeculativeJIT.cpp:
615         (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp):
616         (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
617         * dfg/DFGSpeculativeJIT.h:
618         (JSC::DFG::SpeculativeJIT::bitOp):
619         * dfg/DFGSpeculativeJIT32_64.cpp:
620         (JSC::DFG::SpeculativeJIT::compile):
621         * dfg/DFGSpeculativeJIT64.cpp:
622         (JSC::DFG::SpeculativeJIT::compile):
623         * dfg/DFGStrengthReductionPhase.cpp:
624         (JSC::DFG::StrengthReductionPhase::handleNode):
625         * ftl/FTLCapabilities.cpp:
626         (JSC::FTL::canCompile):
627         * ftl/FTLLowerDFGToB3.cpp:
628         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
629         (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd):
630         (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd):
631         (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted.
632         * jit/JIT.h:
633         * jit/JITArithmetic.cpp:
634         (JSC::JIT::emitBitBinaryOpFastPath):
635         (JSC::JIT::emit_op_bitand):
636         * llint/LowLevelInterpreter32_64.asm:
637         * llint/LowLevelInterpreter64.asm:
638         * runtime/CommonSlowPaths.cpp:
639         (JSC::SLOW_PATH_DECL):
640         * runtime/JSBigInt.cpp:
641         (JSC::JSBigInt::JSBigInt):
642         (JSC::JSBigInt::initialize):
643         (JSC::JSBigInt::createZero):
644         (JSC::JSBigInt::createFrom):
645         (JSC::JSBigInt::bitwiseAnd):
646         (JSC::JSBigInt::absoluteBitwiseOp):
647         (JSC::JSBigInt::absoluteAnd):
648         (JSC::JSBigInt::absoluteOr):
649         (JSC::JSBigInt::absoluteAndNot):
650         (JSC::JSBigInt::absoluteAddOne):
651         (JSC::JSBigInt::absoluteSubOne):
652         * runtime/JSBigInt.h:
653         * runtime/JSCJSValue.h:
654         * runtime/JSCJSValueInlines.h:
655         (JSC::JSValue::toBigIntOrInt32 const):
656
657 2018-09-28  Mark Lam  <mark.lam@apple.com>
658
659         Gardening: speculative build fix.
660         <rdar://problem/44869924>
661
662         Not reviewed.
663
664         * assembler/LinkBuffer.cpp:
665         (JSC::LinkBuffer::copyCompactAndLinkCode):
666
667 2018-09-28  Guillaume Emont  <guijemont@igalia.com>
668
669         [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
670         https://bugs.webkit.org/show_bug.cgi?id=190080
671
672         Reviewed by Mark Lam.
673
674         * assembler/ARMv7Assembler.h:
675         (JSC::ARMv7Assembler::link):
676         (JSC::ARMv7Assembler::linkJumpT1):
677         (JSC::ARMv7Assembler::linkJumpT2):
678         (JSC::ARMv7Assembler::linkJumpT3):
679         (JSC::ARMv7Assembler::linkJumpT4):
680         (JSC::ARMv7Assembler::linkConditionalJumpT4):
681         (JSC::ARMv7Assembler::linkBX):
682         (JSC::ARMv7Assembler::linkConditionalBX):
683         * assembler/MacroAssemblerARMv7.h:
684         (JSC::MacroAssemblerARMv7::link):
685
686 2018-09-27  Saam barati  <sbarati@apple.com>
687
688         Verify the contents of AssemblerBuffer on arm64e
689         https://bugs.webkit.org/show_bug.cgi?id=190057
690         <rdar://problem/38916630>
691
692         Reviewed by Mark Lam.
693
694         * assembler/ARM64Assembler.h:
695         (JSC::ARM64Assembler::ARM64Assembler):
696         (JSC::ARM64Assembler::fillNops):
697         (JSC::ARM64Assembler::link):
698         (JSC::ARM64Assembler::linkJumpOrCall):
699         (JSC::ARM64Assembler::linkCompareAndBranch):
700         (JSC::ARM64Assembler::linkConditionalBranch):
701         (JSC::ARM64Assembler::linkTestAndBranch):
702         (JSC::ARM64Assembler::unlinkedCode): Deleted.
703         * assembler/ARMAssembler.h:
704         (JSC::ARMAssembler::fillNops):
705         * assembler/ARMv7Assembler.h:
706         (JSC::ARMv7Assembler::unlinkedCode): Deleted.
707         * assembler/AbstractMacroAssembler.h:
708         (JSC::AbstractMacroAssembler::emitNops):
709         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
710         * assembler/AssemblerBuffer.h:
711         (JSC::ARM64EHash::ARM64EHash):
712         (JSC::ARM64EHash::update):
713         (JSC::ARM64EHash::hash const):
714         (JSC::ARM64EHash::randomSeed const):
715         (JSC::AssemblerBuffer::AssemblerBuffer):
716         (JSC::AssemblerBuffer::putShort):
717         (JSC::AssemblerBuffer::putIntUnchecked):
718         (JSC::AssemblerBuffer::putInt):
719         (JSC::AssemblerBuffer::hash const):
720         (JSC::AssemblerBuffer::data const):
721         (JSC::AssemblerBuffer::putIntegralUnchecked):
722         (JSC::AssemblerBuffer::append): Deleted.
723         * assembler/LinkBuffer.cpp:
724         (JSC::LinkBuffer::copyCompactAndLinkCode):
725         * assembler/MIPSAssembler.h:
726         (JSC::MIPSAssembler::fillNops):
727         * assembler/MacroAssemblerARM64.h:
728         (JSC::MacroAssemblerARM64::jumpsToLink):
729         (JSC::MacroAssemblerARM64::link):
730         (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
731         * assembler/MacroAssemblerARMv7.h:
732         (JSC::MacroAssemblerARMv7::jumpsToLink):
733         (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
734         * assembler/X86Assembler.h:
735         (JSC::X86Assembler::fillNops):
736
737 2018-09-27  Mark Lam  <mark.lam@apple.com>
738
739         ByValInfo should not use integer offsets.
740         https://bugs.webkit.org/show_bug.cgi?id=190070
741         <rdar://problem/44803430>
742
743         Reviewed by Saam Barati.
744
745         Also moved some fields around to allow the ByValInfo struct to be more densely packed.
746
747         * bytecode/ByValInfo.h:
748         (JSC::ByValInfo::ByValInfo):
749         * jit/JIT.cpp:
750         (JSC::JIT::link):
751         * jit/JITOpcodes.cpp:
752         (JSC::JIT::privateCompileHasIndexedProperty):
753         * jit/JITOpcodes32_64.cpp:
754         (JSC::JIT::privateCompileHasIndexedProperty):
755         * jit/JITPropertyAccess.cpp:
756         (JSC::JIT::privateCompileGetByVal):
757         (JSC::JIT::privateCompileGetByValWithCachedId):
758         (JSC::JIT::privateCompilePutByVal):
759         (JSC::JIT::privateCompilePutByValWithCachedId):
760
761 2018-09-27  Saam barati  <sbarati@apple.com>
762
763         DFG::OSRExit::m_patchableCodeOffset should not be an int
764         https://bugs.webkit.org/show_bug.cgi?id=190066
765         <rdar://problem/39498244>
766
767         Reviewed by Mark Lam.
768
769         * dfg/DFGJITCompiler.cpp:
770         (JSC::DFG::JITCompiler::linkOSRExits):
771         (JSC::DFG::JITCompiler::link):
772         * dfg/DFGOSRExit.cpp:
773         (JSC::DFG::OSRExit::codeLocationForRepatch const):
774         (JSC::DFG::OSRExit::compileOSRExit):
775         (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted.
776         (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted.
777         (JSC::DFG::OSRExit::correctJump): Deleted.
778         * dfg/DFGOSRExit.h:
779         * dfg/DFGOSRExitCompilationInfo.h:
780
781 2018-09-27  Saam barati  <sbarati@apple.com>
782
783         Don't use int offsets in StructureStubInfo
784         https://bugs.webkit.org/show_bug.cgi?id=190064
785         <rdar://problem/44784719>
786
787         Reviewed by Mark Lam.
788
789         * bytecode/InlineAccess.cpp:
790         (JSC::linkCodeInline):
791         * bytecode/StructureStubInfo.h:
792         (JSC::StructureStubInfo::slowPathCallLocation):
793         (JSC::StructureStubInfo::doneLocation):
794         (JSC::StructureStubInfo::slowPathStartLocation):
795         * jit/JITInlineCacheGenerator.cpp:
796         (JSC::JITInlineCacheGenerator::finalize):
797
798 2018-09-27  Mark Lam  <mark.lam@apple.com>
799
800         DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
801         https://bugs.webkit.org/show_bug.cgi?id=190054
802         <rdar://problem/44803543>
803
804         Reviewed by Saam Barati.
805
806         * dfg/DFGJITCode.h:
807         (JSC::DFG::JITCode::appendOSREntryData):
808         * dfg/DFGJITCompiler.cpp:
809         (JSC::DFG::JITCompiler::noticeOSREntry):
810         * dfg/DFGOSREntry.cpp:
811         (JSC::DFG::OSREntryData::dumpInContext const):
812         (JSC::DFG::prepareOSREntry):
813         * dfg/DFGOSREntry.h:
814         * runtime/JSCPtrTag.h:
815
816 2018-09-27  Mark Lam  <mark.lam@apple.com>
817
818         JITMathIC should not use integer offsets into machine code.
819         https://bugs.webkit.org/show_bug.cgi?id=190030
820         <rdar://problem/44803307>
821
822         Reviewed by Saam Barati.
823
824         We'll replace them with CodeLocation smart pointers instead.
825
826         * jit/JITMathIC.h:
827         (JSC::isProfileEmpty):
828
829 2018-09-26  Mark Lam  <mark.lam@apple.com>
830
831         Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
832         https://bugs.webkit.org/show_bug.cgi?id=190022
833         <rdar://problem/44800928>
834
835         Reviewed by Saam Barati.
836
837         * jit/ExecutableAllocator.cpp:
838         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
839         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
840         * jit/ExecutableAllocator.h:
841         (JSC::performJITMemcpy):
842         * runtime/Options.cpp:
843         (JSC::recomputeDependentOptions):
844
845 2018-09-26  Mark Lam  <mark.lam@apple.com>
846
847         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
848         https://bugs.webkit.org/show_bug.cgi?id=190016
849         <rdar://problem/44802875>
850
851         Reviewed by Saam Barati.
852
853         Also assert in performJITMemcpy() that the entire buffer to be copied will fit in
854         JIT memory.
855
856         * assembler/ARM64Assembler.h:
857         (JSC::ARM64Assembler::fillNops):
858         (JSC::ARM64Assembler::replaceWithVMHalt):
859         (JSC::ARM64Assembler::replaceWithJump):
860         (JSC::ARM64Assembler::replaceWithLoad):
861         (JSC::ARM64Assembler::replaceWithAddressComputation):
862         (JSC::ARM64Assembler::setPointer):
863         (JSC::ARM64Assembler::repatchInt32):
864         (JSC::ARM64Assembler::repatchCompact):
865         (JSC::ARM64Assembler::linkJumpOrCall):
866         (JSC::ARM64Assembler::linkCompareAndBranch):
867         (JSC::ARM64Assembler::linkConditionalBranch):
868         (JSC::ARM64Assembler::linkTestAndBranch):
869         * assembler/LinkBuffer.cpp:
870         (JSC::LinkBuffer::copyCompactAndLinkCode):
871         (JSC::LinkBuffer::linkCode):
872         * jit/ExecutableAllocator.h:
873         (JSC::performJITMemcpy):
874
875 2018-09-25  Keith Miller  <keith_miller@apple.com>
876
877         Move Symbol API to SPI
878         https://bugs.webkit.org/show_bug.cgi?id=189946
879
880         Reviewed by Michael Saboff.
881
882         Some of the property access methods on JSValue needed to be moved
883         to a category so that SPI overloads don't result in a compiler
884         error for internal users.
885
886         Additionally, this patch does not move the new enum entry for
887         Symbols in the JSType enumeration.
888
889         * API/JSObjectRef.h:
890         * API/JSObjectRefPrivate.h:
891         * API/JSValue.h:
892         * API/JSValuePrivate.h:
893         * API/JSValueRef.h:
894
895 2018-09-26  Keith Miller  <keith_miller@apple.com>
896
897         We should zero unused property storage when rebalancing array storage.
898         https://bugs.webkit.org/show_bug.cgi?id=188151
899
900         Reviewed by Michael Saboff.
901
902         In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements.
903         This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused
904         property storage.
905
906         * runtime/JSArray.cpp:
907         (JSC::JSArray::unshiftCountSlowCase):
908
909 2018-09-26  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
910
911         Unreviewed, add scope verification handling
912         https://bugs.webkit.org/show_bug.cgi?id=189780
913
914         * runtime/ArrayPrototype.cpp:
915         (JSC::arrayProtoFuncIndexOf):
916         (JSC::arrayProtoFuncLastIndexOf):
917
918 2018-09-26  Koby Boyango  <koby.b@mce.systems>
919
920         [JSC] offlineasm parser should handle CRLF in asm files
921         https://bugs.webkit.org/show_bug.cgi?id=189949
922
923         Reviewed by Mark Lam.
924
925         * offlineasm/parser.rb:
926
927 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
928
929         [JSC] Optimize Array#lastIndexOf
930         https://bugs.webkit.org/show_bug.cgi?id=189780
931
932         Reviewed by Saam Barati.
933
934         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
935         for JSArray with contiguous storage.
936
937         * runtime/ArrayPrototype.cpp:
938         (JSC::arrayProtoFuncLastIndexOf):
939
940 2018-09-25  Saam Barati  <sbarati@apple.com>
941
942         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
943         https://bugs.webkit.org/show_bug.cgi?id=189940
944         <rdar://problem/43640987>
945
946         Reviewed by Mark Lam.
947
948         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
949         CodeBlock. There is nothing semantically wrong with doing that (except for
950         poor naming), however, the poor naming here led us to make a real semantic
951         mistake. We wanted the baseline CodeBlock's constant pool, but we were
952         accessing the FTL CodeBlock's constant pool accidentally. We need to
953         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
954         constant value.
955
956         * bytecode/InlineCallFrame.h:
957         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
958         * ftl/FTLOperations.cpp:
959         (JSC::FTL::operationMaterializeObjectInOSR):
960
961 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
962
963         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
964         https://bugs.webkit.org/show_bug.cgi?id=189962
965         <rdar://problem/44648287>
966
967         Reviewed by Brian Burg.
968
969         * inspector/scripts/codegen/generate_objc_header.py:
970         (ObjCHeaderGenerator._callback_block_for_command):
971         If there are no return parameters include "void" in the block signature.
972
973         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
974         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
975         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
976         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
977         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
978         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
979         Rebaseline test results.
980
981 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
982
983         Remove AUTHORS and THANKS files which are stale
984         https://bugs.webkit.org/show_bug.cgi?id=189941
985
986         Reviewed by Darin Adler.
987
988         Included mentions below so their names are still in ChangeLogs.
989
990         * AUTHORS: Removed.
991         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
992         These authors remain mentioned in copyrights in source files.
993
994         * THANKS: Removed.
995         Richard Moore <rich@kde.org> - for filling the Math object with some life
996         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
997         Marco Pinelli <pinmc@libero.it> - for his patches
998         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
999         
1000 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
1001
1002         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
1003         https://bugs.webkit.org/show_bug.cgi?id=189733
1004
1005         Reviewed by Michael Catanzaro.
1006
1007         * assembler/ARM64Assembler.h:
1008         * assembler/ARMAssembler.h:
1009         (JSC::ARMAssembler::cacheFlush):
1010         * assembler/MacroAssemblerARM.cpp:
1011         (JSC::isVFPPresent):
1012         * assembler/MacroAssemblerARM64.cpp:
1013         * assembler/MacroAssemblerARMv7.cpp:
1014         * assembler/MacroAssemblerMIPS.cpp:
1015         * assembler/MacroAssemblerX86Common.cpp:
1016         * heap/HeapCell.cpp:
1017         * heap/HeapCell.h:
1018         * jit/HostCallReturnValue.h:
1019         * jit/JIT.h:
1020         * jit/JITOperations.cpp:
1021         * jit/ThunkGenerators.cpp:
1022         * runtime/ArrayConventions.cpp:
1023         (JSC::clearArrayMemset):
1024         * runtime/JSBigInt.cpp:
1025         (JSC::JSBigInt::digitDiv):
1026
1027 2018-09-24  Saam Barati  <sbarati@apple.com>
1028
1029         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
1030         https://bugs.webkit.org/show_bug.cgi?id=189922
1031         <rdar://problem/44651275>
1032
1033         Reviewed by Mark Lam.
1034
1035         The implementation was first getting the length to iterate up to,
1036         then getting the starting index. However, getting the starting
1037         index may perform effects. e.g, it could change the length of the
1038         array. This changes it so we verify the length is still valid.
1039
1040         * runtime/ArrayPrototype.cpp:
1041         (JSC::arrayProtoFuncIndexOf):
1042
1043 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1044
1045         offlineasm: fix macro scoping
1046         https://bugs.webkit.org/show_bug.cgi?id=189902
1047
1048         Reviewed by Mark Lam.
1049
1050         In the code below, the reference to `f` in `g`, which should refer to
1051         the outer macro definition will instead refer to the f argument of the
1052         anonymous macro passed to `g`. That leads to this code failing to
1053         compile (f expected 0 args but got 1).
1054         
1055         ```
1056         macro f(x)
1057             move x, t0
1058         end
1059         
1060         macro g(fn)
1061             fn(macro () f(42) end)
1062         end
1063         
1064         g(macro(f) f() end)
1065         ```
1066
1067         * offlineasm/ast.rb:
1068         * offlineasm/transform.rb:
1069
1070 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
1071
1072         Add forEach method for iterating CodeBlock's ValueProfiles
1073         https://bugs.webkit.org/show_bug.cgi?id=189897
1074
1075         Reviewed by Mark Lam.
1076
1077         Add method to abstract how we find ValueProfiles in a CodeBlock in
1078         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
1079         ValueProfiles will be stored in the MetadataTable.
1080
1081         * bytecode/CodeBlock.cpp:
1082         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1083         (JSC::CodeBlock::updateAllValueProfilePredictions):
1084         (JSC::CodeBlock::shouldOptimizeNow):
1085         (JSC::CodeBlock::dumpValueProfiles):
1086         * bytecode/CodeBlock.h:
1087         (JSC::CodeBlock::forEachValueProfile):
1088         (JSC::CodeBlock::numberOfArgumentValueProfiles):
1089         (JSC::CodeBlock::valueProfileForArgument):
1090         (JSC::CodeBlock::numberOfValueProfiles):
1091         (JSC::CodeBlock::valueProfile):
1092         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
1093         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
1094         * tools/HeapVerifier.cpp:
1095         (JSC::HeapVerifier::validateJSCell):
1096
1097 2018-09-24  Saam barati  <sbarati@apple.com>
1098
1099         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
1100         https://bugs.webkit.org/show_bug.cgi?id=189682
1101         <rdar://problem/43557315>
1102
1103         Reviewed by Mark Lam.
1104
1105         Otherwise, if we have code like this:
1106         ```
1107         a: Arguments
1108         b: GetButterfly(@a)
1109         c: ForceExit
1110         d: GetArrayLength(@a, @b)
1111         ```
1112         it will get transformed into this invalid DFG IR:
1113         ```
1114         a: PhantomArguments
1115         b: Check(@a)
1116         c: ForceExit
1117         d: GetArrayLength(@a, @b)
1118         ```
1119         
1120         And we will fail DFG validation since @b does not have a result.
1121         
1122         The fix is to just remove all nodes after the ForceExit and plant an
1123         Unreachable after it. So the above code program will now turn into this:
1124         ```
1125         a: PhantomArguments
1126         b: Check(@a)
1127         c: ForceExit
1128         e: Unreachable
1129         ```
1130
1131         * dfg/DFGArgumentsEliminationPhase.cpp:
1132
1133 2018-09-22  Saam barati  <sbarati@apple.com>
1134
1135         The sampling should not use Strong<CodeBlock> in its machineLocation field
1136         https://bugs.webkit.org/show_bug.cgi?id=189319
1137
1138         Reviewed by Filip Pizlo.
1139
1140         The sampling profiler has a CLI mode where we gather information about inline
1141         call frames. That data structure was using a Strong<CodeBlock>. We were
1142         constructing this Strong<CodeBlock> during GC concurrently to processing all
1143         the Strong handles. This is a bug since we end up corrupting that data
1144         structure. This patch fixes this by just making this data structure use the
1145         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
1146
1147         * inspector/agents/InspectorScriptProfilerAgent.cpp:
1148         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
1149         * runtime/SamplingProfiler.cpp:
1150         (JSC::SamplingProfiler::processUnverifiedStackTraces):
1151
1152         (JSC::SamplingProfiler::reportTopFunctions):
1153         (JSC::SamplingProfiler::reportTopBytecodes):
1154         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
1155         cause a GC to happen while already holding the sampling profiler's
1156         lock.
1157
1158 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1159
1160         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
1161         https://bugs.webkit.org/show_bug.cgi?id=189778
1162
1163         Reviewed by Keith Miller.
1164
1165         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
1166         Linux and macOS respectively. We would like to enable it for non JIT
1167         configurations in X86_64 and ARM64.
1168
1169         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
1170         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
1171         configuration. But it is wrong in the new scenario since we have a build
1172         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
1173         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
1174         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
1175         related to LLInt ASM interpreter and not related to JIT.
1176
1177         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
1178         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
1179         has machine register information that is used in LLInt ASM interpreter.
1180
1181         * API/tests/PingPongStackOverflowTest.cpp:
1182         (testPingPongStackOverflow):
1183         * CMakeLists.txt:
1184         * JavaScriptCore.xcodeproj/project.pbxproj:
1185         * assembler/MaxFrameExtentForSlowPathCall.h:
1186         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
1187         * bytecode/CodeBlock.cpp:
1188         (JSC::CodeBlock::finishCreation):
1189         * bytecode/CodeBlock.h:
1190         (JSC::CodeBlock::calleeSaveRegisters const):
1191         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
1192         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
1193         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
1194         * bytecode/Opcode.h:
1195         (JSC::padOpcodeName):
1196         * heap/Heap.cpp:
1197         (JSC::Heap::gatherJSStackRoots):
1198         (JSC::Heap::stopThePeriphery):
1199         * interpreter/CLoopStack.cpp:
1200         * interpreter/CLoopStack.h:
1201         * interpreter/CLoopStackInlines.h:
1202         * interpreter/EntryFrame.h:
1203         * interpreter/Interpreter.cpp:
1204         (JSC::Interpreter::Interpreter):
1205         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
1206         * interpreter/Interpreter.h:
1207         * interpreter/StackVisitor.cpp:
1208         (JSC::StackVisitor::Frame::calleeSaveRegisters):
1209         * interpreter/VMEntryRecord.h:
1210         * jit/ExecutableAllocator.h:
1211         * jit/FPRInfo.h:
1212         (WTF::printInternal):
1213         * jit/GPRInfo.cpp:
1214         * jit/GPRInfo.h:
1215         (WTF::printInternal):
1216         * jit/HostCallReturnValue.cpp:
1217         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
1218         * jit/HostCallReturnValue.h:
1219         * jit/JITOperations.cpp:
1220         (JSC::getHostCallReturnValueWithExecState): Deleted.
1221         * jit/JITOperationsMSVC64.cpp:
1222         * jit/Reg.cpp:
1223         * jit/Reg.h:
1224         * jit/RegisterAtOffset.cpp:
1225         * jit/RegisterAtOffset.h:
1226         * jit/RegisterAtOffsetList.cpp:
1227         * jit/RegisterAtOffsetList.h:
1228         * jit/RegisterMap.h:
1229         * jit/RegisterSet.cpp:
1230         * jit/RegisterSet.h:
1231         * jit/TempRegisterSet.cpp:
1232         * jit/TempRegisterSet.h:
1233         * llint/LLIntCLoop.cpp:
1234         * llint/LLIntCLoop.h:
1235         * llint/LLIntData.cpp:
1236         (JSC::LLInt::initialize):
1237         (JSC::LLInt::Data::performAssertions):
1238         * llint/LLIntData.h:
1239         * llint/LLIntOfflineAsmConfig.h:
1240         * llint/LLIntOpcode.h:
1241         * llint/LLIntPCRanges.h:
1242         * llint/LLIntSlowPaths.cpp:
1243         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1244         * llint/LLIntSlowPaths.h:
1245         * llint/LLIntThunks.cpp:
1246         * llint/LowLevelInterpreter.cpp:
1247         * llint/LowLevelInterpreter.h:
1248         * runtime/JSCJSValue.h:
1249         * runtime/MachineContext.h:
1250         * runtime/SamplingProfiler.cpp:
1251         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
1252         for LLInt ASM interpreter with non JIT configuration.
1253         * runtime/TestRunnerUtils.cpp:
1254         (JSC::optimizeNextInvocation):
1255         * runtime/VM.cpp:
1256         (JSC::VM::VM):
1257         (JSC::VM::getHostFunction):
1258         (JSC::VM::updateSoftReservedZoneSize):
1259         (JSC::sanitizeStackForVM):
1260         (JSC::VM::committedStackByteCount):
1261         * runtime/VM.h:
1262         * runtime/VMInlines.h:
1263         (JSC::VM::ensureStackCapacityFor):
1264         (JSC::VM::isSafeToRecurseSoft const):
1265
1266 2018-09-21  Keith Miller  <keith_miller@apple.com>
1267
1268         Add Promise SPI
1269         https://bugs.webkit.org/show_bug.cgi?id=189809
1270
1271         Reviewed by Saam Barati.
1272
1273         The Patch adds new SPI to create promises. It's mostly SPI because
1274         I want to see how internal users react to it before we make it
1275         public.
1276
1277         This patch adds a couple of new Obj-C SPI methods. The first
1278         creates a new promise using the same API that JS does where the
1279         user provides an executor callback. If an exception is raised
1280         in/to that callback the promise is automagically rejected. The
1281         other methods create a pre-resolved or rejected promise as this
1282         appears to be a common way to initialize a promise.
1283
1284         I was also considering adding a second version of executor API
1285         where it would catch specific Obj-C exceptions. This would work by
1286         taking a Class paramter and checking isKindOfClass: on the
1287         exception. I decided against this as nothing else in our API
1288         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
1289         corrupt state if an Obj-C exception unwinds through JS frames.
1290
1291         This patch adds a new C function that will create a "deferred"
1292         promise. A deferred promise is a style of creating promise/futures
1293         where the resolve and reject functions are passed as outputs of a
1294         function. I went with this style for the C SPI because we don't have
1295         any concept of forwarding exceptions in the C API.
1296
1297         In order to make the C API work I refactored a bit of the promise code
1298         so that we can call a static method on JSDeferredPromise and just get
1299         the components without allocating an extra cell wrapper.
1300
1301         * API/JSContext.mm:
1302         (+[JSContext currentCallee]):
1303         * API/JSObjectRef.cpp:
1304         (JSObjectMakeDeferredPromise):
1305         * API/JSObjectRefPrivate.h:
1306         * API/JSValue.mm:
1307         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
1308         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
1309         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
1310         * API/JSValuePrivate.h: Added.
1311         * API/JSVirtualMachine.mm:
1312         * API/JSVirtualMachinePrivate.h:
1313         * API/tests/testapi.c:
1314         (main):
1315         * API/tests/testapi.cpp:
1316         (APIContext::operator JSC::ExecState*):
1317         (TestAPI::failed const):
1318         (TestAPI::check):
1319         (TestAPI::basicSymbol):
1320         (TestAPI::symbolsTypeof):
1321         (TestAPI::symbolsGetPropertyForKey):
1322         (TestAPI::symbolsSetPropertyForKey):
1323         (TestAPI::symbolsHasPropertyForKey):
1324         (TestAPI::symbolsDeletePropertyForKey):
1325         (TestAPI::promiseResolveTrue):
1326         (TestAPI::promiseRejectTrue):
1327         (testCAPIViaCpp):
1328         (TestAPI::run): Deleted.
1329         * API/tests/testapi.mm:
1330         (testObjectiveCAPIMain):
1331         (promiseWithExecutor):
1332         (promiseRejectOnJSException):
1333         (promiseCreateResolved):
1334         (promiseCreateRejected):
1335         (parallelPromiseResolveTest):
1336         (testObjectiveCAPI):
1337         * JavaScriptCore.xcodeproj/project.pbxproj:
1338         * runtime/JSInternalPromiseDeferred.cpp:
1339         (JSC::JSInternalPromiseDeferred::create):
1340         * runtime/JSPromise.h:
1341         * runtime/JSPromiseConstructor.cpp:
1342         (JSC::constructPromise):
1343         * runtime/JSPromiseDeferred.cpp:
1344         (JSC::JSPromiseDeferred::createDeferredData):
1345         (JSC::JSPromiseDeferred::create):
1346         (JSC::JSPromiseDeferred::finishCreation):
1347         (JSC::newPromiseCapability): Deleted.
1348         * runtime/JSPromiseDeferred.h:
1349         (JSC::JSPromiseDeferred::promise const):
1350         (JSC::JSPromiseDeferred::resolve const):
1351         (JSC::JSPromiseDeferred::reject const):
1352
1353 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
1354
1355         Unreviewed, rolling out r236359.
1356
1357         Broke the Windows build.
1358
1359         Reverted changeset:
1360
1361         "Add Promise SPI"
1362         https://bugs.webkit.org/show_bug.cgi?id=189809
1363         https://trac.webkit.org/changeset/236359
1364
1365 2018-09-21  Mark Lam  <mark.lam@apple.com>
1366
1367         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
1368         https://bugs.webkit.org/show_bug.cgi?id=189855
1369         <rdar://problem/44680181>
1370
1371         Reviewed by Filip Pizlo.
1372
1373         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
1374         ExecState* argument.  This is intentional so that resolveRope() does not throw
1375         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
1376         get the VM from the cell instead of via the ExecState.
1377
1378         Also removed an obsolete and unused field in JSString.
1379
1380         * runtime/JSString.cpp:
1381         (JSC::JSRopeString::resolveRope const):
1382         (JSC::JSRopeString::outOfMemory const):
1383         * runtime/JSString.h:
1384         (JSC::JSString::tryGetValue const):
1385
1386 2018-09-21  Michael Saboff  <msaboff@apple.com>
1387
1388         Add functions to measure memory footprint to JSC
1389         https://bugs.webkit.org/show_bug.cgi?id=189768
1390
1391         Reviewed by Saam Barati.
1392
1393         Rolling this back in again.
1394
1395         Provide system memory metrics for the current process to aid in memory reduction measurement and
1396         tuning using native JS tests.
1397
1398         * jsc.cpp:
1399         (MemoryFootprint::now):
1400         (MemoryFootprint::resetPeak):
1401         (GlobalObject::finishCreation):
1402         (JSCMemoryFootprint::JSCMemoryFootprint):
1403         (JSCMemoryFootprint::createStructure):
1404         (JSCMemoryFootprint::create):
1405         (JSCMemoryFootprint::finishCreation):
1406         (JSCMemoryFootprint::addProperty):
1407         (functionResetMemoryPeak):
1408
1409 2018-09-21  Keith Miller  <keith_miller@apple.com>
1410
1411         Add Promise SPI
1412         https://bugs.webkit.org/show_bug.cgi?id=189809
1413
1414         Reviewed by Saam Barati.
1415
1416         The Patch adds new SPI to create promises. It's mostly SPI because
1417         I want to see how internal users react to it before we make it
1418         public.
1419
1420         This patch adds a couple of new Obj-C SPI methods. The first
1421         creates a new promise using the same API that JS does where the
1422         user provides an executor callback. If an exception is raised
1423         in/to that callback the promise is automagically rejected. The
1424         other methods create a pre-resolved or rejected promise as this
1425         appears to be a common way to initialize a promise.
1426
1427         I was also considering adding a second version of executor API
1428         where it would catch specific Obj-C exceptions. This would work by
1429         taking a Class paramter and checking isKindOfClass: on the
1430         exception. I decided against this as nothing else in our API
1431         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
1432         corrupt state if an Obj-C exception unwinds through JS frames.
1433
1434         This patch adds a new C function that will create a "deferred"
1435         promise. A deferred promise is a style of creating promise/futures
1436         where the resolve and reject functions are passed as outputs of a
1437         function. I went with this style for the C SPI because we don't have
1438         any concept of forwarding exceptions in the C API.
1439
1440         In order to make the C API work I refactored a bit of the promise code
1441         so that we can call a static method on JSDeferredPromise and just get
1442         the components without allocating an extra cell wrapper.
1443
1444         * API/JSContext.mm:
1445         (+[JSContext currentCallee]):
1446         * API/JSObjectRef.cpp:
1447         (JSObjectMakeDeferredPromise):
1448         * API/JSObjectRefPrivate.h:
1449         * API/JSValue.mm:
1450         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
1451         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
1452         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
1453         * API/JSValuePrivate.h: Added.
1454         * API/JSVirtualMachine.mm:
1455         * API/JSVirtualMachinePrivate.h:
1456         * API/tests/testapi.c:
1457         (main):
1458         * API/tests/testapi.cpp:
1459         (APIContext::operator JSC::ExecState*):
1460         (TestAPI::failed const):
1461         (TestAPI::check):
1462         (TestAPI::basicSymbol):
1463         (TestAPI::symbolsTypeof):
1464         (TestAPI::symbolsGetPropertyForKey):
1465         (TestAPI::symbolsSetPropertyForKey):
1466         (TestAPI::symbolsHasPropertyForKey):
1467         (TestAPI::symbolsDeletePropertyForKey):
1468         (TestAPI::promiseResolveTrue):
1469         (TestAPI::promiseRejectTrue):
1470         (testCAPIViaCpp):
1471         (TestAPI::run): Deleted.
1472         * API/tests/testapi.mm:
1473         (testObjectiveCAPIMain):
1474         (promiseWithExecutor):
1475         (promiseRejectOnJSException):
1476         (promiseCreateResolved):
1477         (promiseCreateRejected):
1478         (parallelPromiseResolveTest):
1479         (testObjectiveCAPI):
1480         * JavaScriptCore.xcodeproj/project.pbxproj:
1481         * runtime/JSInternalPromiseDeferred.cpp:
1482         (JSC::JSInternalPromiseDeferred::create):
1483         * runtime/JSPromise.h:
1484         * runtime/JSPromiseConstructor.cpp:
1485         (JSC::constructPromise):
1486         * runtime/JSPromiseDeferred.cpp:
1487         (JSC::JSPromiseDeferred::createDeferredData):
1488         (JSC::JSPromiseDeferred::create):
1489         (JSC::JSPromiseDeferred::finishCreation):
1490         (JSC::newPromiseCapability): Deleted.
1491         * runtime/JSPromiseDeferred.h:
1492         (JSC::JSPromiseDeferred::promise const):
1493         (JSC::JSPromiseDeferred::resolve const):
1494         (JSC::JSPromiseDeferred::reject const):
1495
1496 2018-09-21  Truitt Savell  <tsavell@apple.com>
1497
1498         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
1499         https://bugs.webkit.org/show_bug.cgi?id=156674
1500
1501         Unreviewed Test Gardening
1502
1503         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
1504         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
1505
1506 2018-09-21  Mike Gorse  <mgorse@suse.com>
1507
1508         Build tools should work when the /usr/bin/python is python3
1509         https://bugs.webkit.org/show_bug.cgi?id=156674
1510
1511         Reviewed by Michael Catanzaro.
1512
1513         * Scripts/cssmin.py:
1514         * Scripts/generate-js-builtins.py:
1515         (do_open):
1516         (generate_bindings_for_builtins_files):
1517         * Scripts/generateIntlCanonicalizeLanguage.py:
1518         * Scripts/jsmin.py:
1519         (JavascriptMinify.minify.write):
1520         (JavascriptMinify):
1521         (JavascriptMinify.minify):
1522         * Scripts/make-js-file-arrays.py:
1523         (chunk):
1524         (main):
1525         * Scripts/wkbuiltins/__init__.py:
1526         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
1527         (generate_section_for_global_private_code_name_macro):
1528         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
1529         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
1530         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
1531         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
1532         * Scripts/wkbuiltins/builtins_model.py:
1533         (BuiltinFunction.__lt__):
1534         (BuiltinsCollection.copyrights):
1535         (BuiltinsCollection._parse_functions):
1536         * disassembler/udis86/ud_opcode.py:
1537         (UdOpcodeTables.pprint.printWalk):
1538         * generate-bytecode-files:
1539         * inspector/scripts/codegen/__init__.py:
1540         * inspector/scripts/codegen/cpp_generator.py:
1541         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
1542         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
1543         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1544         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
1545         (CppBackendDispatcherHeaderGenerator.generate_output):
1546         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
1547         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1548         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
1549         (CppBackendDispatcherImplementationGenerator.generate_output):
1550         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1551         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
1552         (CppFrontendDispatcherHeaderGenerator.generate_output):
1553         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1554         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
1555         (CppFrontendDispatcherImplementationGenerator.generate_output):
1556         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1557         (CppProtocolTypesHeaderGenerator.generate_output):
1558         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
1559         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1560         (CppProtocolTypesImplementationGenerator.generate_output):
1561         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
1562         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
1563         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1564         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
1565         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
1566         * inspector/scripts/codegen/generate_js_backend_commands.py:
1567         (JSBackendCommandsGenerator.should_generate_domain):
1568         (JSBackendCommandsGenerator.domains_to_generate):
1569         (JSBackendCommandsGenerator.generate_output):
1570         (JSBackendCommandsGenerator.generate_domain):
1571         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1572         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
1573         (ObjCBackendDispatcherHeaderGenerator.generate_output):
1574         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1575         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
1576         (ObjCBackendDispatcherImplementationGenerator.generate_output):
1577         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
1578         * inspector/scripts/codegen/generate_objc_configuration_header.py:
1579         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
1580         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1581         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
1582         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
1583         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1584         * inspector/scripts/codegen/generate_objc_header.py:
1585         (ObjCHeaderGenerator.generate_output):
1586         (ObjCHeaderGenerator._generate_type_interface):
1587         * inspector/scripts/codegen/generate_objc_internal_header.py:
1588         (ObjCInternalHeaderGenerator.generate_output):
1589         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1590         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
1591         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
1592         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
1593         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
1594         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1595         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
1596         (ObjCProtocolTypesImplementationGenerator.generate_output):
1597         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
1598         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1599         * inspector/scripts/codegen/generator.py:
1600         (Generator.non_supplemental_domains):
1601         (Generator.open_fields):
1602         (Generator.calculate_types_requiring_shape_assertions):
1603         (Generator._traverse_and_assign_enum_values):
1604         (Generator.stylized_name_for_enum_value):
1605         * inspector/scripts/codegen/models.py:
1606         (find_duplicates):
1607         * inspector/scripts/codegen/objc_generator.py:
1608         * wasm/generateWasm.py:
1609         (opcodeIterator):
1610         * yarr/generateYarrCanonicalizeUnicode:
1611         * yarr/generateYarrUnicodePropertyTables.py:
1612         * yarr/hasher.py:
1613         (stringHash):
1614
1615 2018-09-21  Tomas Popela  <tpopela@redhat.com>
1616
1617         [ARM] Build broken on armv7hl after r235517
1618         https://bugs.webkit.org/show_bug.cgi?id=189831
1619
1620         Reviewed by Yusuke Suzuki.
1621
1622         Add missing implementation of patchebleBranch8() for traditional ARM.
1623
1624         * assembler/MacroAssemblerARM.h:
1625         (JSC::MacroAssemblerARM::patchableBranch8):
1626
1627 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
1628
1629         Unreviewed, rolling out r236293.
1630
1631         Internal build still broken.
1632
1633         Reverted changeset:
1634
1635         "Add functions to measure memory footprint to JSC"
1636         https://bugs.webkit.org/show_bug.cgi?id=189768
1637         https://trac.webkit.org/changeset/236293
1638
1639 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1640
1641         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
1642         https://bugs.webkit.org/show_bug.cgi?id=189558
1643
1644         Reviewed by Mark Lam.
1645
1646         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
1647
1648             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
1649
1650         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
1651         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
1652
1653         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
1654         And we propagate this value to the global atomic counter when rebalance happens.
1655
1656         We also reduce HeapCell::heap() access by using `vm.heap`.
1657
1658         * heap/SlotVisitor.cpp:
1659         (JSC::SlotVisitor::didStartMarking):
1660         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
1661         (JSC::SlotVisitor::drain):
1662         (JSC::SlotVisitor::performIncrementOfDraining):
1663         * heap/SlotVisitor.h:
1664         * heap/SlotVisitorInlines.h:
1665         (JSC::SlotVisitor::reportExtraMemoryVisited):
1666         * runtime/JSString.cpp:
1667         (JSC::JSRopeString::resolveRopeToAtomicString const):
1668         (JSC::JSRopeString::resolveRope const):
1669         * runtime/JSString.h:
1670         (JSC::JSString::finishCreation):
1671         * wasm/js/JSWebAssemblyInstance.cpp:
1672         (JSC::JSWebAssemblyInstance::finishCreation):
1673         * wasm/js/JSWebAssemblyMemory.cpp:
1674         (JSC::JSWebAssemblyMemory::finishCreation):
1675
1676 2018-09-20  Michael Saboff  <msaboff@apple.com>
1677
1678         Add functions to measure memory footprint to JSC
1679         https://bugs.webkit.org/show_bug.cgi?id=189768
1680
1681         Reviewed by Saam Barati.
1682
1683         Rolling this back in.
1684
1685         Provide system memory metrics for the current process to aid in memory reduction measurement and
1686         tuning using native JS tests.
1687
1688         * jsc.cpp:
1689         (MemoryFootprint::now):
1690         (MemoryFootprint::resetPeak):
1691         (GlobalObject::finishCreation):
1692         (JSCMemoryFootprint::JSCMemoryFootprint):
1693         (JSCMemoryFootprint::createStructure):
1694         (JSCMemoryFootprint::create):
1695         (JSCMemoryFootprint::finishCreation):
1696         (JSCMemoryFootprint::addProperty):
1697         (functionResetMemoryPeak):
1698
1699 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
1700
1701         Unreviewed, rolling out r236235.
1702
1703         Breaks internal builds.
1704
1705         Reverted changeset:
1706
1707         "Add functions to measure memory footprint to JSC"
1708         https://bugs.webkit.org/show_bug.cgi?id=189768
1709         https://trac.webkit.org/changeset/236235
1710
1711 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
1712
1713         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
1714         https://bugs.webkit.org/show_bug.cgi?id=189730
1715
1716         Reviewed by Saam Barati.
1717
1718         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
1719
1720         * jit/JITMathIC.h:
1721         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
1722
1723 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1724
1725         [JSC] Optimize Array#indexOf in C++ runtime
1726         https://bugs.webkit.org/show_bug.cgi?id=189507
1727
1728         Reviewed by Saam Barati.
1729
1730         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
1731         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
1732         and actually it is working well, C++ Array#indexOf is called significant amount
1733         of time before tiering up, and it takes 6.74% of jsc main thread samples according
1734         to perf command in Linux. This is because C++ Array#indexOf is too generic and
1735         misses the chance to optimize JSArray cases.
1736
1737         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
1738         access to the given JSArray is non-observable and indexing type is good for the fast
1739         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
1740         babylon web-tooling-benchmark.
1741
1742         * runtime/ArrayPrototype.cpp:
1743         (JSC::arrayProtoFuncIndexOf):
1744         * runtime/JSArray.h:
1745         * runtime/JSArrayInlines.h:
1746         (JSC::JSArray::canDoFastIndexedAccess):
1747         (JSC::toLength):
1748         * runtime/JSCJSValueInlines.h:
1749         (JSC::JSValue::JSValue):
1750         * runtime/JSGlobalObject.h:
1751         * runtime/JSGlobalObjectInlines.h:
1752         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
1753         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
1754         * runtime/MathCommon.h:
1755         (JSC::canBeStrictInt32):
1756         (JSC::canBeInt32):
1757
1758 2018-09-19  Michael Saboff  <msaboff@apple.com>
1759
1760         Add functions to measure memory footprint to JSC
1761         https://bugs.webkit.org/show_bug.cgi?id=189768
1762
1763         Reviewed by Saam Barati.
1764
1765         Provide system memory metrics for the current process to aid in memory reduction measurement and
1766         tuning using native JS tests.
1767
1768         * jsc.cpp:
1769         (MemoryFootprint::now):
1770         (MemoryFootprint::resetPeak):
1771         (GlobalObject::finishCreation):
1772         (JSCMemoryFootprint::JSCMemoryFootprint):
1773         (JSCMemoryFootprint::createStructure):
1774         (JSCMemoryFootprint::create):
1775         (JSCMemoryFootprint::finishCreation):
1776         (JSCMemoryFootprint::addProperty):
1777         (functionResetMemoryPeak):
1778
1779 2018-09-19  Saam barati  <sbarati@apple.com>
1780
1781         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
1782         https://bugs.webkit.org/show_bug.cgi?id=189703
1783
1784         Reviewed by Mark Lam.
1785
1786         This fixes a crash that a TypeProfiler change revealed.
1787
1788         * dfg/DFGSpeculativeJIT64.cpp:
1789         (JSC::DFG::SpeculativeJIT::compile):
1790
1791 2018-09-19  Saam barati  <sbarati@apple.com>
1792
1793         AI rule for MultiPutByOffset executes its effects in the wrong order
1794         https://bugs.webkit.org/show_bug.cgi?id=189757
1795         <rdar://problem/43535257>
1796
1797         Reviewed by Michael Saboff.
1798
1799         The AI rule for MultiPutByOffset was executing effects in the wrong order.
1800         It first executed the transition effects and the effects on the base, and
1801         then executed the filtering effects on the value being stored. However, you
1802         can end up with the wrong type when the base and the value being stored
1803         are the same. E.g, in a program like `o.f = o`. These effects need to happen
1804         in the opposite order, modeling what happens in the runtime executing of
1805         MultiPutByOffset.
1806
1807         * dfg/DFGAbstractInterpreterInlines.h:
1808         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1809
1810 2018-09-18  Mark Lam  <mark.lam@apple.com>
1811
1812         Ensure that ForInContexts are invalidated if their loop local is over-written.
1813         https://bugs.webkit.org/show_bug.cgi?id=189571
1814         <rdar://problem/44402277>
1815
1816         Reviewed by Saam Barati.
1817
1818         Instead of hunting down every place in the BytecodeGenerator that potentially
1819         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
1820         the bytecode range of the loop body when the ForInContext is popped, and
1821         invalidate the context if we ever find the loop temp variable over-written.
1822
1823         This has 2 benefits:
1824         1. It ensures that every type of opcode that can write to the loop temp will be
1825            handled appropriately, not just the op_mov that we've hunted down.
1826         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
1827            every time we emit an op_mov (or other opcodes that can write to a local)
1828            even when we're not inside a for-in loop.
1829
1830         JSC benchmarks show that that this change is performance neutral.
1831
1832         * bytecompiler/BytecodeGenerator.cpp:
1833         (JSC::BytecodeGenerator::pushIndexedForInScope):
1834         (JSC::BytecodeGenerator::popIndexedForInScope):
1835         (JSC::BytecodeGenerator::pushStructureForInScope):
1836         (JSC::BytecodeGenerator::popStructureForInScope):
1837         (JSC::ForInContext::finalize):
1838         (JSC::StructureForInContext::finalize):
1839         (JSC::IndexedForInContext::finalize):
1840         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
1841         * bytecompiler/BytecodeGenerator.h:
1842         (JSC::ForInContext::ForInContext):
1843         (JSC::ForInContext::bodyBytecodeStartOffset const):
1844         (JSC::StructureForInContext::StructureForInContext):
1845         (JSC::IndexedForInContext::IndexedForInContext):
1846         * bytecompiler/NodesCodegen.cpp:
1847         (JSC::PostfixNode::emitResolve):
1848         (JSC::PrefixNode::emitResolve):
1849         (JSC::ReadModifyResolveNode::emitBytecode):
1850         (JSC::AssignResolveNode::emitBytecode):
1851         (JSC::EmptyLetExpression::emitBytecode):
1852         (JSC::ForInNode::emitLoopHeader):
1853         (JSC::ForOfNode::emitBytecode):
1854         (JSC::BindingNode::bindValue const):
1855         (JSC::AssignmentElementNode::bindValue const):
1856         * runtime/CommonSlowPaths.cpp:
1857         (JSC::SLOW_PATH_DECL):
1858
1859 2018-09-17  Devin Rousso  <drousso@apple.com>
1860
1861         Web Inspector: generate CSSKeywordCompletions from backend values
1862         https://bugs.webkit.org/show_bug.cgi?id=189041
1863
1864         Reviewed by Joseph Pecoraro.
1865
1866         * inspector/protocol/CSS.json:
1867         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
1868
1869 2018-09-17  Saam barati  <sbarati@apple.com>
1870
1871         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
1872         https://bugs.webkit.org/show_bug.cgi?id=189676
1873         <rdar://problem/39682897>
1874
1875         Reviewed by Michael Saboff.
1876
1877         Because the incoming value may be TDZ, CheckStructure may end up crashing.
1878         Since the Type Profile does not currently record TDZ values in any of its
1879         data structures, this is not a semantic change in how it will show you data.
1880         It just fixes crashes when we emit a CheckStructure and the incoming value
1881         is TDZ.
1882
1883         * dfg/DFGFixupPhase.cpp:
1884         (JSC::DFG::FixupPhase::fixupNode):
1885         * dfg/DFGNode.h:
1886         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
1887
1888 2018-09-17  Darin Adler  <darin@apple.com>
1889
1890         Use OpaqueJSString rather than JSRetainPtr inside WebKit
1891         https://bugs.webkit.org/show_bug.cgi?id=189652
1892
1893         Reviewed by Saam Barati.
1894
1895         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
1896         JSStringRef.h.
1897
1898         * API/JSContext.mm:
1899         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
1900         than JSStringCreateWithCFString, simplifying the code and also obviating the
1901         need for explicit JSStringRelease.
1902         (-[JSContext setName:]): Ditto.
1903
1904         * API/JSStringRef.cpp:
1905         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
1906         It seems that additional optimization is possible, obviating the need to allocate
1907         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
1908
1909         * API/JSValue.mm:
1910         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
1911         OpaqueJSString::create and adoptRef as appropriate.
1912         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
1913         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
1914         (performPropertyOperation): Ditto.
1915         (-[JSValue invokeMethod:withArguments:]): Ditto.
1916         (valueToObjectWithoutCopy): Ditto.
1917         (containerValueToObject): Ditto.
1918         (valueToString): Ditto.
1919         (objectToValueWithoutCopy): Ditto.
1920         (objectToValue): Ditto.
1921
1922 2018-09-08  Darin Adler  <darin@apple.com>
1923
1924         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
1925         https://bugs.webkit.org/show_bug.cgi?id=189455
1926
1927         Reviewed by Keith Miller.
1928
1929         * API/JSObjectRef.cpp:
1930         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
1931         JSRetainPtr<JSStringRef>.
1932         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
1933         adopt constructor.
1934         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
1935         the array elements are now Ref.
1936
1937         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
1938         it only works for two specific unrelated types, JSStringRef and
1939         JSGlobalContextRef. Simplified the default constructor using data
1940         member initialization. Prepared to make the adopt constructor private
1941         (got everything compiling that way, then made it public again so that
1942         Apple internal software will still build). Got rid of unneeded
1943         templated constructor and assignment operator, since it's not relevant
1944         since there is no inheritance between JSRetainPtr template types.
1945         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
1946         Added move constructor and move assignment operator for slightly better
1947         performance. Simplified implementations of various member functions
1948         so they are more obviously correct, by using leakPtr in more of them
1949         and using std::exchange to make the flow of values more obvious.
1950
1951         * API/JSValue.mm:
1952         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
1953         missing JSStringRelease to fix a leak.
1954
1955         * API/tests/CustomGlobalObjectClassTest.c:
1956         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
1957         (globalObjectSetPrototypeTest): Ditto.
1958         (globalObjectPrivatePropertyTest): Ditto.
1959
1960         * API/tests/ExecutionTimeLimitTest.cpp:
1961         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
1962         (testExecutionTimeLimit): Ditto, lots more.
1963
1964         * API/tests/FunctionOverridesTest.cpp:
1965         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
1966
1967         * API/tests/JSObjectGetProxyTargetTest.cpp:
1968         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
1969         a leak.
1970
1971         * API/tests/PingPongStackOverflowTest.cpp:
1972         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
1973         JSStringRelease to fix leaks.
1974
1975         * API/tests/testapi.c:
1976         (throwException): Added. Helper function for repeated idiom where we want
1977         to throw an exception, but with additional JSStringRelease calls so we don't
1978         have to leak just to keep the code simpler to read.
1979         (MyObject_getProperty): Use throwException.
1980         (MyObject_setProperty): Ditto.
1981         (MyObject_deleteProperty): Ditto.
1982         (isValueEqualToString): Added. Helper function for an idiom where we check
1983         if something is a string and then if it's equal to a particular string
1984         constant, but a version that has an additional JSStringRelease call so we
1985         don't have to leak just to keep the code simpler to read.
1986         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
1987         (MyObject_callAsConstructor): Ditto.
1988         (MyObject_hasInstance): Ditto.
1989         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
1990         (testMarkingConstraintsAndHeapFinalizers): Ditto.
1991
1992 2018-09-14  Saam barati  <sbarati@apple.com>
1993
1994         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
1995         https://bugs.webkit.org/show_bug.cgi?id=189628
1996         <rdar://problem/39481690>
1997
1998         Reviewed by Mark Lam.
1999
2000         An Availability may point to a Node. And that Node may be removed from
2001         the graph, e.g, it's freed and its memory is no longer owned by Graph.
2002         This patch makes it so we no longer dump this metadata by default. If
2003         this metadata is interesting to you, you'll need to go in and change
2004         Graph::dump to dump the needed metadata.
2005
2006         * dfg/DFGGraph.cpp:
2007         (JSC::DFG::Graph::dump):
2008
2009 2018-09-14  Mark Lam  <mark.lam@apple.com>
2010
2011         Refactor some ForInContext code for better encapsulation.
2012         https://bugs.webkit.org/show_bug.cgi?id=189626
2013         <rdar://problem/44466415>
2014
2015         Reviewed by Keith Miller.
2016
2017         1. Add a ForInContext::m_type field to store the context type.  This does not
2018            increase the class size, but eliminates the need for a virtual call to get the
2019            type.
2020
2021            Note: we still need a virtual destructor because we'll be mingling
2022            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
2023
2024         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
2025            convenience methods.
2026
2027         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
2028            to do the casting to the subclass types.  This ensures that we'll properly
2029            assert that the casting is legal.
2030
2031         * bytecompiler/BytecodeGenerator.cpp:
2032         (JSC::BytecodeGenerator::emitGetByVal):
2033         (JSC::BytecodeGenerator::popIndexedForInScope):
2034         (JSC::BytecodeGenerator::popStructureForInScope):
2035         * bytecompiler/BytecodeGenerator.h:
2036         (JSC::ForInContext::type const):
2037         (JSC::ForInContext::isIndexedForInContext const):
2038         (JSC::ForInContext::isStructureForInContext const):
2039         (JSC::ForInContext::asIndexedForInContext):
2040         (JSC::ForInContext::asStructureForInContext):
2041         (JSC::ForInContext::ForInContext):
2042         (JSC::StructureForInContext::StructureForInContext):
2043         (JSC::IndexedForInContext::IndexedForInContext):
2044         (JSC::ForInContext::~ForInContext): Deleted.
2045
2046 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
2047
2048         Web Inspector: Record actions performed on ImageBitmapRenderingContext
2049         https://bugs.webkit.org/show_bug.cgi?id=181341
2050
2051         Reviewed by Joseph Pecoraro.
2052
2053         * inspector/protocol/Recording.json:
2054         * inspector/scripts/codegen/generator.py:
2055
2056 2018-09-14  Mike Gorse  <mgorse@suse.com>
2057
2058         builtins directory causes name conflict on Python 3
2059         https://bugs.webkit.org/show_bug.cgi?id=189552
2060
2061         Reviewed by Michael Catanzaro.
2062
2063         * CMakeLists.txt: builtins -> wkbuiltins.
2064         * DerivedSources.make: builtins -> wkbuiltins.
2065         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
2066           builtins.
2067         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
2068         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
2069         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
2070         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
2071         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
2072         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
2073         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
2074         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
2075         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
2076         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
2077         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
2078         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
2079
2080 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2081
2082         [WebAssembly] Inline WasmContext accessor functions
2083         https://bugs.webkit.org/show_bug.cgi?id=189416
2084
2085         Reviewed by Saam Barati.
2086
2087         WasmContext accessor functions are very small while it resides in the critical path of
2088         JS to Wasm function call. This patch makes them inline to improve performance.
2089         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
2090
2091         * JavaScriptCore.xcodeproj/project.pbxproj:
2092         * Sources.txt:
2093         * interpreter/CallFrame.cpp:
2094         * jit/AssemblyHelpers.cpp:
2095         * wasm/WasmB3IRGenerator.cpp:
2096         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
2097         (JSC::Wasm::Context::useFastTLS):
2098         (JSC::Wasm::Context::load const):
2099         (JSC::Wasm::Context::store):
2100         * wasm/WasmMemoryInformation.cpp:
2101         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
2102         * wasm/js/JSToWasm.cpp:
2103         * wasm/js/WebAssemblyFunction.cpp:
2104
2105 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2106
2107         Move JavaScriptCore files to match Xcode project hierarchy
2108         <https://webkit.org/b/189574>
2109
2110         Reviewed by Filip Pizlo.
2111
2112         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
2113         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
2114         * CMakeLists.txt: Update for new path to
2115         generateYarrUnicodePropertyTables.py, hasher.py and
2116         JSAPIValueWrapper.h.
2117         * DerivedSources.make: Ditto. Add missing dependency on
2118         hasher.py captured by CMakeLists.txt.
2119         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
2120         reference paths. Add hasher.py library to project.
2121         * Sources.txt: Update for new path to
2122         JSAPIValueWrapper.cpp.
2123         * runtime/JSImmutableButterfly.h: Add missing includes
2124         after changes to Sources.txt and regenerating unified
2125         sources.
2126         * runtime/RuntimeType.h: Ditto.
2127         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
2128         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
2129
2130 2018-09-12  David Kilzer  <ddkilzer@apple.com>
2131
2132         Let Xcode have its way with the JavaScriptCore project
2133
2134         * JavaScriptCore.xcodeproj/project.pbxproj:
2135
2136 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
2137
2138         Add IGNORE_WARNING_.* macros
2139         https://bugs.webkit.org/show_bug.cgi?id=188996
2140
2141         Reviewed by Michael Catanzaro.
2142
2143         * API/JSCallbackObject.h:
2144         * API/tests/testapi.c:
2145         * assembler/LinkBuffer.h:
2146         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
2147         * b3/B3LowerToAir.cpp:
2148         * b3/B3Opcode.cpp:
2149         * b3/B3Type.h:
2150         * b3/B3TypeMap.h:
2151         * b3/B3Width.h:
2152         * b3/air/AirArg.cpp:
2153         * b3/air/AirArg.h:
2154         * b3/air/AirCode.h:
2155         * bytecode/Opcode.h:
2156         (JSC::padOpcodeName):
2157         * dfg/DFGSpeculativeJIT.cpp:
2158         (JSC::DFG::SpeculativeJIT::speculateNumber):
2159         (JSC::DFG::SpeculativeJIT::speculateMisc):
2160         * dfg/DFGSpeculativeJIT64.cpp:
2161         * ftl/FTLOutput.h:
2162         * jit/CCallHelpers.h:
2163         (JSC::CCallHelpers::calculatePokeOffset):
2164         * llint/LLIntData.cpp:
2165         * llint/LLIntSlowPaths.cpp:
2166         (JSC::LLInt::slowPathLogF):
2167         * runtime/ConfigFile.cpp:
2168         (JSC::ConfigFile::canonicalizePaths):
2169         * runtime/JSDataViewPrototype.cpp:
2170         * runtime/JSGenericTypedArrayViewConstructor.h:
2171         * runtime/JSGenericTypedArrayViewPrototype.h:
2172         * runtime/Options.cpp:
2173         (JSC::Options::setAliasedOption):
2174         * tools/CodeProfiling.cpp:
2175         * wasm/WasmSections.h:
2176         * wasm/generateWasmValidateInlinesHeader.py:
2177
2178 == Rolled over to ChangeLog-2018-09-11 ==