Improve JSC Parser error messages
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-25  Oliver Hunt  <oliver@apple.com>
2
3         Improve JSC Parser error messages
4         https://bugs.webkit.org/show_bug.cgi?id=123341
5
6         Reviewed by Andreas Kling.
7
8         This patch moves away from the current cludgy mechanisms used to produce
9         error messages and moves to something closer to case by case errors.
10
11         This results in a large change size as previously we may just have
12         'failIfFalse(foo)', but now the logic becomes either
13         'failIfFalseWithMessage(foo, "Cannot do blah with ", foo->thing())'
14         Or alternatively
15
16         if (!foo)
17             check for 'interesting' errors, before falling back to generic error
18
19         This means that this patch is large, but produces no semantic changes, and
20         only hits slow (e.g. error) paths.
21
22         * parser/Parser.cpp:
23         (JSC::::Parser):
24         (JSC::::parseSourceElements):
25         (JSC::::parseVarDeclaration):
26         (JSC::::parseConstDeclaration):
27         (JSC::::parseDoWhileStatement):
28         (JSC::::parseWhileStatement):
29         (JSC::::parseVarDeclarationList):
30         (JSC::::createBindingPattern):
31         (JSC::::parseDeconstructionPattern):
32         (JSC::::parseConstDeclarationList):
33         (JSC::::parseForStatement):
34         (JSC::::parseBreakStatement):
35         (JSC::::parseContinueStatement):
36         (JSC::::parseReturnStatement):
37         (JSC::::parseThrowStatement):
38         (JSC::::parseWithStatement):
39         (JSC::::parseSwitchStatement):
40         (JSC::::parseSwitchClauses):
41         (JSC::::parseSwitchDefaultClause):
42         (JSC::::parseTryStatement):
43         (JSC::::parseDebuggerStatement):
44         (JSC::::parseBlockStatement):
45         (JSC::::parseStatement):
46         (JSC::::parseFormalParameters):
47         (JSC::::parseFunctionBody):
48         (JSC::stringForFunctionMode):
49         (JSC::::parseFunctionInfo):
50         (JSC::::parseFunctionDeclaration):
51         (JSC::::parseExpressionOrLabelStatement):
52         (JSC::::parseExpressionStatement):
53         (JSC::::parseIfStatement):
54         (JSC::::parseExpression):
55         (JSC::::parseAssignmentExpression):
56         (JSC::::parseConditionalExpression):
57         (JSC::::parseBinaryExpression):
58         (JSC::::parseProperty):
59         (JSC::::parseObjectLiteral):
60         (JSC::::parseStrictObjectLiteral):
61         (JSC::::parseArrayLiteral):
62         (JSC::::parsePrimaryExpression):
63         (JSC::::parseArguments):
64         (JSC::::parseMemberExpression):
65         (JSC::operatorString):
66         (JSC::::parseUnaryExpression):
67         (JSC::::printUnexpectedTokenText):
68         * parser/Parser.h:
69         (JSC::Scope::hasDeclaredVariable):
70         (JSC::Scope::hasDeclaredParameter):
71         (JSC::Parser::hasDeclaredVariable):
72         (JSC::Parser::hasDeclaredParameter):
73         (JSC::Parser::setErrorMessage):
74
75 2013-10-24  Mark Rowe  <mrowe@apple.com>
76
77         Remove references to OS X 10.7 from Xcode configuration settings.
78
79         Now that we're not building for OS X 10.7 they're no longer needed.
80
81         Reviewed by Anders Carlsson.
82
83         * Configurations/Base.xcconfig:
84         * Configurations/DebugRelease.xcconfig:
85         * Configurations/FeatureDefines.xcconfig:
86         * Configurations/Version.xcconfig:
87
88 2013-10-24  Mark Rowe  <mrowe@apple.com>
89
90         <rdar://problem/15312643> Prepare for the mysterious future.
91
92         Reviewed by David Kilzer.
93
94         * Configurations/Base.xcconfig:
95         * Configurations/DebugRelease.xcconfig:
96         * Configurations/FeatureDefines.xcconfig:
97         * Configurations/Version.xcconfig:
98
99 2013-10-24  Mark Lam  <mark.lam@apple.com>
100
101         Better way to fix part of broken C Loop LLINT build.
102         https://bugs.webkit.org/show_bug.cgi?id=123271.
103
104         Reviewed by Geoffrey Garen.
105
106         Undoing offline asm hackery.
107
108         * llint/LowLevelInterpreter.cpp:
109         * llint/LowLevelInterpreter32_64.asm:
110         * llint/LowLevelInterpreter64.asm:
111         * offlineasm/cloop.rb:
112         * offlineasm/instructions.rb:
113
114 2013-10-24  Mark Lam  <mark.lam@apple.com>
115
116         Fix broken C Loop LLINT build.
117         https://bugs.webkit.org/show_bug.cgi?id=123271.
118
119         Reviewed by Michael Saboff.
120
121         * bytecode/CodeBlock.cpp:
122         (JSC::CodeBlock::printGetByIdCacheStatus): Added an UNUSED_PARAM().
123         (JSC::CodeBlock::dumpBytecode): Added #if ENABLE(JIT) to JIT only code.
124         * bytecode/GetByIdStatus.cpp:
125         (JSC::GetByIdStatus::computeFor): Added an UNUSED_PARAM().
126         * bytecode/PutByIdStatus.cpp:
127         (JSC::PutByIdStatus::computeFor): Added an UNUSED_PARAM().
128         * bytecode/StructureStubInfo.h:
129         - Added a stub StubInfoMap for non-JIT builds. StubInfoMap is still used
130           in function prototypes even when !ENABLE(JIT). Rather that adding #if's
131           in many places, we just provide a stub/placeholder implementation that
132           is unused but keeps the compiler happy.
133         * jit/JITOperations.h: Added #if ENABLE(JIT).
134         * llint/LowLevelInterpreter32_64.asm:
135         * llint/LowLevelInterpreter64.asm:
136         - The putByVal() macro reifies a slow path which is never taken in one case.
137           This translates into a label that is never used in the C Loop LLINT. The
138           C++ compiler doesn't like unused labels. So, we fix this by adding a
139           cloopUnusedLabel offline asm instruction that synthesizes the following:
140
141               if (false) goto unusedLabel;
142
143           This keeps the C++ compiler happy without changing code behavior.
144         * offlineasm/cloop.rb: Implementing cloopUnusedLabel.
145         * offlineasm/instructions.rb: Declaring cloopUnusedLabel.
146         * runtime/Executable.cpp:
147         (JSC::setupJIT): Added UNUSED_PARAM()s.
148         (JSC::ScriptExecutable::prepareForExecutionImpl):
149         - run-javascriptcore-tests have phases that forces the LLINT to be off
150           which in turn asserts that the JIT is enabled. With the C Loop LLINT,
151           this combination is illegal. So, we override the setup code here to
152           always use the LLINT if !ENABLE(JIT) regardless of what options are
153           passed in.
154
155 2013-10-24  peavo@outlook.com  <peavo@outlook.com>
156
157         Uninitialized member causes crash when DFG JIT is not enabled.
158         https://bugs.webkit.org/show_bug.cgi?id=123270
159
160         Reviewed by Brent Fulgham.
161
162         The data member sizeOfLastScratchBuffer in the VM class is only initialized if DFG JIT is enabled, even though it's defined regardless.
163         This causes an early crash on Windows, which doesn't have DFG JIT enabled.
164
165         * runtime/VM.cpp:
166         (JSC::VM::VM): Initialize sizeOfLastScratchBuffer member regardless of whether DFG JIT is enabled.
167
168 2013-10-24  Ryuan Choi  <ryuan.choi@samsung.com>
169
170         [EFL] Build break with latest EFL 1.8 libraries.
171         https://bugs.webkit.org/show_bug.cgi?id=123245
172
173         Reviewed by Gyuyoung Kim.
174
175         After fixed build break on EFL 1.8 at r138326, EFL libraries are changed
176         Eo typedef and splitted header files which contain version macro.
177
178         * PlatformEfl.cmake: Added EO path to include directories.
179         * heap/HeapTimer.h: Changed Ecore_Timer typedef when EO exist.
180
181 2013-10-23  Filip Pizlo  <fpizlo@apple.com>
182
183         Put all uses of LLVM intrinsics behind a single Option
184         https://bugs.webkit.org/show_bug.cgi?id=123219
185
186         Reviewed by Mark Hahnenberg.
187
188         * ftl/FTLExitThunkGenerator.cpp:
189         (JSC::FTL::ExitThunkGenerator::emitThunk):
190         * ftl/FTLLowerDFGToLLVM.cpp:
191         (JSC::FTL::generateExitThunks):
192         (JSC::FTL::LowerDFGToLLVM::compileGetById):
193         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
194         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
195         * ftl/FTLOSRExitCompiler.cpp:
196         (JSC::FTL::compileFTLOSRExit):
197         * runtime/Options.h:
198
199 2013-10-23  Daniel Bates  <dabates@apple.com>
200
201         Fix JavaScriptCore build targets following <http://trac.webkit.org/changeset/157864>
202         (https://bugs.webkit.org/show_bug.cgi?id=123169)
203
204         Tell Xcode that the supported platforms for all JavaScriptCore targets are iOS and OS X.
205
206         * Configurations/Base.xcconfig:
207
208 2013-10-23  Michael Saboff  <msaboff@apple.com>
209
210         LLInt arity check exception processing should start unwinding from caller
211         https://bugs.webkit.org/show_bug.cgi?id=123209
212
213         Reviewed by Oliver Hunt.
214
215         Use the caller frame returned from slow_path_call_arityCheck to process exceptions.
216
217         * llint/LowLevelInterpreter32_64.asm:
218         * llint/LowLevelInterpreter64.asm:
219
220 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
221
222         FTL should be able to do some simple inline caches using LLVM patchpoints
223         https://bugs.webkit.org/show_bug.cgi?id=123164
224
225         Reviewed by Mark Hahnenberg.
226         
227         This implements GetById inline caches in the FTL using llvm.webkit.patchpoint.
228         
229         The idea is that we ask LLVM for a nop slide the size of a GetById inline
230         cache and then fill in the code after LLVM compilation is complete. For now, we
231         just use the system calling convention for the arguments and return. We also
232         still make some assumptions about registers that aren't correct. But, most of
233         the scaffolding is there and this will successfully patch an inline cache.
234
235         * JavaScriptCore.xcodeproj/project.pbxproj:
236         * assembler/AbstractMacroAssembler.h:
237         * assembler/LinkBuffer.cpp:
238         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
239         (JSC::LinkBuffer::linkCode):
240         (JSC::LinkBuffer::allocate):
241         * assembler/LinkBuffer.h:
242         (JSC::LinkBuffer::LinkBuffer):
243         (JSC::LinkBuffer::link):
244         * ftl/FTLAbbreviations.h:
245         (JSC::FTL::constNull):
246         (JSC::FTL::buildCall):
247         * ftl/FTLCapabilities.cpp:
248         (JSC::FTL::canCompile):
249         * ftl/FTLCompile.cpp:
250         (JSC::FTL::fixFunctionBasedOnStackMaps):
251         * ftl/FTLInlineCacheDescriptor.h: Added.
252         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
253         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
254         (JSC::FTL::GetByIdDescriptor::stackmapID):
255         (JSC::FTL::GetByIdDescriptor::codeOrigin):
256         (JSC::FTL::GetByIdDescriptor::uid):
257         * ftl/FTLInlineCacheSize.cpp: Added.
258         (JSC::FTL::sizeOfGetById):
259         (JSC::FTL::sizeOfPutById):
260         * ftl/FTLInlineCacheSize.h: Added.
261         * ftl/FTLIntrinsicRepository.h:
262         * ftl/FTLJITFinalizer.cpp:
263         (JSC::FTL::JITFinalizer::finalizeFunction):
264         * ftl/FTLJITFinalizer.h:
265         * ftl/FTLLocation.cpp:
266         (JSC::FTL::Location::directGPR):
267         * ftl/FTLLocation.h:
268         * ftl/FTLLowerDFGToLLVM.cpp:
269         (JSC::FTL::LowerDFGToLLVM::compileGetById):
270         * ftl/FTLOutput.h:
271         (JSC::FTL::Output::call):
272         * ftl/FTLSlowPathCall.cpp: Added.
273         (JSC::FTL::callOperation):
274         * ftl/FTLSlowPathCall.h: Added.
275         (JSC::FTL::SlowPathCall::SlowPathCall):
276         (JSC::FTL::SlowPathCall::call):
277         (JSC::FTL::SlowPathCall::key):
278         * ftl/FTLSlowPathCallKey.cpp: Added.
279         (JSC::FTL::SlowPathCallKey::dump):
280         * ftl/FTLSlowPathCallKey.h: Added.
281         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
282         (JSC::FTL::SlowPathCallKey::usedRegisters):
283         (JSC::FTL::SlowPathCallKey::callTarget):
284         (JSC::FTL::SlowPathCallKey::offset):
285         (JSC::FTL::SlowPathCallKey::isEmptyValue):
286         (JSC::FTL::SlowPathCallKey::isDeletedValue):
287         (JSC::FTL::SlowPathCallKey::operator==):
288         (JSC::FTL::SlowPathCallKey::hash):
289         (JSC::FTL::SlowPathCallKeyHash::hash):
290         (JSC::FTL::SlowPathCallKeyHash::equal):
291         * ftl/FTLStackMaps.cpp:
292         (JSC::FTL::StackMaps::Location::directGPR):
293         * ftl/FTLStackMaps.h:
294         * ftl/FTLState.h:
295         * ftl/FTLThunks.cpp:
296         (JSC::FTL::slowPathCallThunkGenerator):
297         * ftl/FTLThunks.h:
298         (JSC::FTL::Thunks::getSlowPathCallThunk):
299         * jit/CCallHelpers.h:
300         (JSC::CCallHelpers::setupArguments):
301         * jit/GPRInfo.h:
302         * jit/JITInlineCacheGenerator.cpp:
303         (JSC::garbageStubInfo):
304         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
305         (JSC::JITByIdGenerator::finalize):
306         * jit/JITInlineCacheGenerator.h:
307         (JSC::JITByIdGenerator::slowPathBegin):
308         * jit/RegisterSet.cpp:
309         (JSC::RegisterSet::stackRegisters):
310         (JSC::RegisterSet::specialRegisters):
311         (JSC::RegisterSet::calleeSaveRegisters):
312         (JSC::RegisterSet::allGPRs):
313         (JSC::RegisterSet::allFPRs):
314         (JSC::RegisterSet::allRegisters):
315         (JSC::RegisterSet::dump):
316         * jit/RegisterSet.h:
317         (JSC::RegisterSet::exclude):
318         (JSC::RegisterSet::numberOfSetRegisters):
319         (JSC::RegisterSet::RegisterSet):
320         (JSC::RegisterSet::isEmptyValue):
321         (JSC::RegisterSet::isDeletedValue):
322         (JSC::RegisterSet::operator==):
323         (JSC::RegisterSet::hash):
324         (JSC::RegisterSetHash::hash):
325         (JSC::RegisterSetHash::equal):
326         * runtime/Options.h:
327
328 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
329
330         jitCompileAndSetHeuristics should DeferGCForAWhile
331         https://bugs.webkit.org/show_bug.cgi?id=123196
332
333         Reviewed by Mark Hahnenberg.
334         
335         This fixes random crashes in V8v7/raytrace. I only see those crashes on exactly one of
336         my machines. I don't think this is testable; we just need to steadily converge towards
337         getting our uses of DeferGC to be right and then be careful not to regress. We're not
338         there yet, obviously.
339         
340         * llint/LLIntSlowPaths.cpp:
341         (JSC::LLInt::jitCompileAndSetHeuristics):
342
343 2013-10-23  Daniel Bates  <dabates@apple.com>
344
345         [iOS] Upstream more JavaScriptCore build configuration changes
346         https://bugs.webkit.org/show_bug.cgi?id=123169
347
348         Reviewed by David Kilzer.
349
350         * Configurations/Base.xcconfig:
351         * Configurations/Version.xcconfig:
352         * Configurations/iOS.xcconfig: Added.
353         * JavaScriptCore.xcodeproj/project.pbxproj:
354
355 2013-10-23  Daniel Bates  <dabates@apple.com>
356
357         [iOS] Export DefaultGCActivityCallback member functions
358         https://bugs.webkit.org/show_bug.cgi?id=123175
359
360         Reviewed by David Kilzer.
361
362         * runtime/GCActivityCallback.h:
363
364 2013-10-23  Daniel Bates  <dabates@apple.com>
365
366         [iOS] Upstream more ARMv7s bits
367         https://bugs.webkit.org/show_bug.cgi?id=123052
368
369         Reviewed by Joseph Pecoraro.
370
371         * Configurations/JavaScriptCore.xcconfig:
372
373 2013-10-22  Andreas Kling  <akling@apple.com>
374
375         Minor VM* -> VM& cleanups in HashTable and Keywords.
376         <https://webkit.org/b/123183>
377
378         Turn some VM* variables that will never be null into VM&.
379
380         Reviewed by Geoffrey Garen.
381
382 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
383
384         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
385         https://bugs.webkit.org/show_bug.cgi?id=123179
386
387         Reviewed by Mark Hahnenberg.
388
389         * parser/NodeConstructors.h:
390         (JSC::LogicalOpNode::LogicalOpNode):
391         * parser/ResultType.h:
392         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
393         This is JavaScript (aka Sparta).
394
395 2013-10-22  Commit Queue  <commit-queue@webkit.org>
396
397         Unreviewed, rolling out r157819.
398         http://trac.webkit.org/changeset/157819
399         https://bugs.webkit.org/show_bug.cgi?id=123180
400
401         Broke 32-bit builds (Requested by smfr on #webkit).
402
403         * Configurations/JavaScriptCore.xcconfig:
404         * Configurations/ToolExecutable.xcconfig:
405
406 2013-10-22  Daniel Bates  <dabates@apple.com>
407
408         [iOS] Upstream more ARMv7s bits
409         https://bugs.webkit.org/show_bug.cgi?id=123052
410
411         Reviewed by Joseph Pecoraro.
412
413         * Configurations/JavaScriptCore.xcconfig:
414         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
415         modifying a file in JavaScriptCore/Configurations.
416
417 2013-10-22  Daniel Bates  <dabates@apple.com>
418
419         [iOS] Upstream JSLock changes
420         https://bugs.webkit.org/show_bug.cgi?id=123107
421
422         Reviewed by Geoffrey Garen.
423
424         * runtime/JSLock.cpp:
425         (JSC::JSLock::unlock):
426         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
427         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
428         use pre-increment instead of post-increment when we're not using the return value of the instruction.
429         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
430         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
431         since we don't use the return value of such instructions.
432         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
433         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
434         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
435         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
436         the argument is sufficiently descriptive of its purpose.
437
438 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
439
440         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
441         https://bugs.webkit.org/show_bug.cgi?id=123166
442
443         Reviewed by Michael Saboff.
444
445         * jit/CCallHelpers.h:
446         (JSC::CCallHelpers::setupArgumentsWithExecState):
447
448 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
449
450         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
451         https://bugs.webkit.org/show_bug.cgi?id=123165
452
453         Reviewed by Michael Saboff.
454
455         * jit/JITInlines.h:
456         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
457         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
458         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
459         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
460
461 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
462
463         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
464         https://bugs.webkit.org/show_bug.cgi?id=123092
465
466         Reviewed by Michael Saboff.
467
468         Impacted architectures are SH4 and ARM_TRADITIONAL.
469
470         * assembler/ARMAssembler.h:
471         (JSC::ARMAssembler::buffer):
472         * assembler/AssemblerBufferWithConstantPool.h:
473         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
474         * assembler/LinkBuffer.cpp:
475         (JSC::LinkBuffer::linkCode):
476         * assembler/SH4Assembler.h:
477         (JSC::SH4Assembler::buffer):
478
479 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
480
481         Remove unused stuff in JIT stubs.
482         https://bugs.webkit.org/show_bug.cgi?id=123155
483
484         Reviewed by Michael Saboff.
485
486         * jit/JITStubs.h:
487         * jit/JITStubsARM.h:
488         (JSC::ctiTrampoline):
489         * jit/JITStubsARM64.h:
490         * jit/JITStubsARMv7.h:
491         * jit/JITStubsMIPS.h:
492         * jit/JITStubsSH4.h:
493         * jit/JITStubsX86.h:
494         * jit/JITStubsX86_64.h:
495
496 2013-10-22  Daniel Bates  <dabates@apple.com>
497
498         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
499         https://bugs.webkit.org/show_bug.cgi?id=123115
500         <rdar://problem/13696872>
501
502         Reviewed by Andy Estes.
503
504         Based on a patch by Mark Hahnenberg.
505
506         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
507
508         * API/JSBase.cpp:
509
510 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
511
512         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
513         https://bugs.webkit.org/show_bug.cgi?id=123157
514
515         Reviewed by Andreas Kling.
516
517         * assembler/SH4Assembler.h:
518         (JSC::SH4Assembler::lastRegister):
519         (JSC::SH4Assembler::firstFPRegister):
520         (JSC::SH4Assembler::lastFPRegister):
521
522 2013-10-22  Brian Holt  <brian.holt@samsung.com>
523
524         Build break on ARMv7 after r157209
525         https://bugs.webkit.org/show_bug.cgi?id=122890
526
527         Reviewed by Csaba Osztrogonác.
528
529         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
530
531         * assembler/ARMAssembler.h:
532         * assembler/MacroAssemblerARM.h:
533         (JSC::MacroAssemblerARM::firstRegister):
534         (JSC::MacroAssemblerARM::lastRegister):
535         (JSC::MacroAssemblerARM::firstFPRegister):
536         (JSC::MacroAssemblerARM::lastFPRegister):
537
538 2013-10-21  Daniel Bates  <dabates@apple.com>
539
540         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
541         https://bugs.webkit.org/show_bug.cgi?id=123045
542
543         Reviewed by Joseph Pecoraro.
544
545         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
546         to global method table.
547         * runtime/JSGlobalObject.cpp: Ditto.
548         * runtime/JSGlobalObject.h:
549         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
550
551 2013-10-21  Daniel Bates  <dabates@apple.com>
552
553         [iOS] Upstream JSC Objective-C API compiler warning fixes
554         https://bugs.webkit.org/show_bug.cgi?id=123125
555
556         Reviewed by Mark Hahnenberg.
557
558         Based on a patch by Mark Hahnenberg.
559
560         * API/JSValue.mm:
561         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
562         (-[JSValue toSize]): Ditto.
563         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
564
565 2013-10-21  Daniel Bates  <dabates@apple.com>
566
567         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
568         available since iOS 7.0
569         https://bugs.webkit.org/show_bug.cgi?id=123122
570
571         Reviewed by Dan Bernstein.
572
573         * API/JSContext.h:
574         * API/JSManagedValue.h:
575         * API/JSValue.h:
576         * API/JSVirtualMachine.h:
577
578 2013-10-20  Mark Lam  <mark.lam@apple.com>
579
580         Avoid JSC debugger overhead unless needed.
581         https://bugs.webkit.org/show_bug.cgi?id=123084.
582
583         Reviewed by Geoffrey Garen.
584
585         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
586         - If no break on exception is set, we also avoid exception event debug callbacks.
587         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
588           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
589           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
590           returning, the ScriptDebugServer will clear its m_currentCallFrame if
591           needsOpDebugCallbacks() is false.
592
593         * debugger/Debugger.cpp:
594         (JSC::Debugger::Debugger):
595         (JSC::Debugger::setNeedsExceptionCallbacks):
596         (JSC::Debugger::setShouldPause):
597         (JSC::Debugger::updateNumberOfBreakpoints):
598         (JSC::Debugger::updateNeedForOpDebugCallbacks):
599         * debugger/Debugger.h:
600         * interpreter/Interpreter.cpp:
601         (JSC::Interpreter::unwind):
602         (JSC::Interpreter::debug):
603         * jit/JITOpcodes.cpp:
604         (JSC::JIT::emit_op_debug):
605         * jit/JITOpcodes32_64.cpp:
606         (JSC::JIT::emit_op_debug):
607         * llint/LLIntOffsetsExtractor.cpp:
608         * llint/LowLevelInterpreter.asm:
609
610 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
611
612         [WIN] Unreviewed build correction.
613
614         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
615           sources, not header files.
616         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
617
618 2013-10-21  Oliver Hunt  <oliver@apple.com>
619
620         Support computed property names in object literals
621         https://bugs.webkit.org/show_bug.cgi?id=123112
622
623         Reviewed by Michael Saboff.
624
625         Add support for computed property names to the parser.
626
627         * bytecompiler/NodesCodegen.cpp:
628         (JSC::PropertyListNode::emitBytecode):
629         * parser/ASTBuilder.h:
630         (JSC::ASTBuilder::createProperty):
631         (JSC::ASTBuilder::getName):
632         * parser/NodeConstructors.h:
633         (JSC::PropertyNode::PropertyNode):
634         * parser/Nodes.h:
635         (JSC::PropertyNode::expressionName):
636         (JSC::PropertyNode::name):
637         * parser/Parser.cpp:
638         (JSC::::parseProperty):
639         (JSC::::parseStrictObjectLiteral):
640         * parser/SyntaxChecker.h:
641         (JSC::SyntaxChecker::Property::Property):
642         (JSC::SyntaxChecker::createProperty):
643         (JSC::SyntaxChecker::operatorStackPop):
644
645 2013-10-21  Michael Saboff  <msaboff@apple.com>
646
647         Add option so that JSC will crash if it can't allocate executable memory for the JITs
648         https://bugs.webkit.org/show_bug.cgi?id=123048
649         <rdar://problem/12856193>
650
651         Reviewed by Geoffrey Garen.
652
653         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
654         when checking the validity of the executable allocator. The default value for this option is
655         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
656         the app can obtain executable memory.
657
658         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
659         (main):
660         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
661         * runtime/VM.cpp:
662         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
663         is enabled.
664
665 2013-10-21  Nadav Rotem  <nrotem@apple.com>
666
667         Remove AllInOneFile.cpp
668         https://bugs.webkit.org/show_bug.cgi?id=123055
669
670         Reviewed by Csaba Osztrogonác.
671
672         * AllInOneFile.cpp: Removed.
673
674 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
675
676         Unreviewed, cleanup a FIXME comment.
677
678         * jit/Repatch.cpp:
679
680 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
681
682         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
683         https://bugs.webkit.org/show_bug.cgi?id=123076
684
685         Reviewed by Sam Weinig.
686         
687         Start preparing for a world in which we are patching code generated by LLVM, which may have
688         very different register usage conventions than our JITs. This requires us being more explicit
689         about the registers we are using. For example, the repatching code shouldn't take for granted
690         that tagMaskRegister holds the TagMask or that the register is even in use.
691
692         * CMakeLists.txt:
693         * GNUmakefile.list.am:
694         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
695         * JavaScriptCore.xcodeproj/project.pbxproj:
696         * assembler/MacroAssembler.h:
697         (JSC::MacroAssembler::numberOfRegisters):
698         (JSC::MacroAssembler::registerIndex):
699         (JSC::MacroAssembler::numberOfFPRegisters):
700         (JSC::MacroAssembler::fpRegisterIndex):
701         (JSC::MacroAssembler::totalNumberOfRegisters):
702         * bytecode/StructureStubInfo.h:
703         * dfg/DFGSpeculativeJIT.cpp:
704         (JSC::DFG::SpeculativeJIT::usedRegisters):
705         * dfg/DFGSpeculativeJIT.h:
706         * ftl/FTLSaveRestore.cpp:
707         (JSC::FTL::bytesForGPRs):
708         (JSC::FTL::bytesForFPRs):
709         (JSC::FTL::offsetOfGPR):
710         (JSC::FTL::offsetOfFPR):
711         * jit/JITInlineCacheGenerator.cpp:
712         (JSC::JITByIdGenerator::JITByIdGenerator):
713         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
714         * jit/JITInlineCacheGenerator.h:
715         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
716         * jit/JITPropertyAccess.cpp:
717         (JSC::JIT::emit_op_get_by_id):
718         (JSC::JIT::emit_op_put_by_id):
719         * jit/JITPropertyAccess32_64.cpp:
720         (JSC::JIT::emit_op_get_by_id):
721         (JSC::JIT::emit_op_put_by_id):
722         * jit/RegisterSet.cpp: Added.
723         (JSC::RegisterSet::specialRegisters):
724         * jit/RegisterSet.h: Added.
725         (JSC::RegisterSet::RegisterSet):
726         (JSC::RegisterSet::set):
727         (JSC::RegisterSet::clear):
728         (JSC::RegisterSet::get):
729         (JSC::RegisterSet::merge):
730         * jit/Repatch.cpp:
731         (JSC::generateProtoChainAccessStub):
732         (JSC::tryCacheGetByID):
733         (JSC::tryBuildGetByIDList):
734         (JSC::emitPutReplaceStub):
735         (JSC::tryRepatchIn):
736         (JSC::linkClosureCall):
737         * jit/TempRegisterSet.cpp: Added.
738         (JSC::TempRegisterSet::TempRegisterSet):
739         * jit/TempRegisterSet.h:
740
741 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
742
743         [sh4] Fix build (broken since r157690).
744         https://bugs.webkit.org/show_bug.cgi?id=123081
745
746         Reviewed by Andreas Kling.
747
748         * assembler/AssemblerBufferWithConstantPool.h:
749         * assembler/SH4Assembler.h:
750         (JSC::SH4Assembler::buffer):
751         (JSC::SH4Assembler::readCallTarget):
752
753 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
754
755         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
756         https://bugs.webkit.org/show_bug.cgi?id=123079
757
758         Reviewed by Geoffrey Garen.
759
760         * jit/TempRegisterSet.h:
761
762 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
763
764         Rename RegisterSet to TempRegisterSet
765         https://bugs.webkit.org/show_bug.cgi?id=123077
766
767         Reviewed by Dan Bernstein.
768
769         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
770         * JavaScriptCore.xcodeproj/project.pbxproj:
771         * bytecode/StructureStubInfo.h:
772         * dfg/DFGJITCompiler.h:
773         * dfg/DFGSpeculativeJIT.h:
774         (JSC::DFG::SpeculativeJIT::usedRegisters):
775         * jit/JITInlineCacheGenerator.cpp:
776         (JSC::JITByIdGenerator::JITByIdGenerator):
777         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
778         * jit/JITInlineCacheGenerator.h:
779         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
780         * jit/JITPropertyAccess.cpp:
781         (JSC::JIT::emit_op_get_by_id):
782         (JSC::JIT::emit_op_put_by_id):
783         * jit/JITPropertyAccess32_64.cpp:
784         (JSC::JIT::emit_op_get_by_id):
785         (JSC::JIT::emit_op_put_by_id):
786         * jit/RegisterSet.h: Removed.
787         * jit/ScratchRegisterAllocator.h:
788         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
789         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
790         (JSC::TempRegisterSet::TempRegisterSet):
791         (JSC::TempRegisterSet::asPOD):
792         (JSC::TempRegisterSet::copyInfo):
793
794 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
795
796         Restructure LinkBuffer to allow for alternate allocation strategies
797         https://bugs.webkit.org/show_bug.cgi?id=123071
798
799         Reviewed by Oliver Hunt.
800         
801         The idea is to eventually allow a LinkBuffer to place the code into an already
802         allocated region of memory.  That region of memory could be the nop-slide left behind
803         by a llvm.webkit.patchpoint.
804
805         * assembler/ARM64Assembler.h:
806         (JSC::ARM64Assembler::buffer):
807         * assembler/AssemblerBuffer.h:
808         * assembler/LinkBuffer.cpp:
809         (JSC::LinkBuffer::copyCompactAndLinkCode):
810         (JSC::LinkBuffer::linkCode):
811         (JSC::LinkBuffer::allocate):
812         (JSC::LinkBuffer::shrink):
813         * assembler/LinkBuffer.h:
814         (JSC::LinkBuffer::LinkBuffer):
815         (JSC::LinkBuffer::didFailToAllocate):
816         * assembler/X86Assembler.h:
817         (JSC::X86Assembler::buffer):
818         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
819
820 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
821
822         Some includes in JSC seem to use an incorrect style
823         https://bugs.webkit.org/show_bug.cgi?id=123057
824
825         Reviewed by Geoffrey Garen.
826
827         Changed pseudo-system includes to user ones.
828
829         * API/JSContextRef.cpp:
830         * API/JSStringRefCF.cpp:
831         * API/JSValueRef.cpp:
832         * API/OpaqueJSString.cpp:
833         * jit/JIT.h:
834         * parser/SyntaxChecker.h:
835         * runtime/WeakGCMap.h:
836
837 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
838
839         Baseline JIT and DFG IC code generation should be unified and rationalized
840         https://bugs.webkit.org/show_bug.cgi?id=122939
841
842         Reviewed by Geoffrey Garen.
843         
844         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
845         some register info and creates JIT inline caches for you. Used this to even furhter
846         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
847         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
848         that it needs to do the equivalent of get_by_id, so with this generator it will be able
849         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
850
851         * CMakeLists.txt:
852         * GNUmakefile.list.am:
853         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
854         * JavaScriptCore.xcodeproj/project.pbxproj:
855         * assembler/AbstractMacroAssembler.h:
856         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
857         * bytecode/CodeBlock.h:
858         (JSC::CodeBlock::ecmaMode):
859         * dfg/DFGInlineCacheWrapper.h: Added.
860         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
861         * dfg/DFGInlineCacheWrapperInlines.h: Added.
862         (JSC::DFG::::finalize):
863         * dfg/DFGJITCompiler.cpp:
864         (JSC::DFG::JITCompiler::link):
865         * dfg/DFGJITCompiler.h:
866         (JSC::DFG::JITCompiler::addGetById):
867         (JSC::DFG::JITCompiler::addPutById):
868         * dfg/DFGSpeculativeJIT32_64.cpp:
869         (JSC::DFG::SpeculativeJIT::cachedGetById):
870         (JSC::DFG::SpeculativeJIT::cachedPutById):
871         * dfg/DFGSpeculativeJIT64.cpp:
872         (JSC::DFG::SpeculativeJIT::cachedGetById):
873         (JSC::DFG::SpeculativeJIT::cachedPutById):
874         (JSC::DFG::SpeculativeJIT::compile):
875         * jit/AssemblyHelpers.h:
876         (JSC::AssemblyHelpers::isStrictModeFor):
877         (JSC::AssemblyHelpers::strictModeFor):
878         * jit/GPRInfo.h:
879         (JSC::JSValueRegs::tagGPR):
880         * jit/JIT.cpp:
881         (JSC::JIT::JIT):
882         (JSC::JIT::privateCompileSlowCases):
883         (JSC::JIT::privateCompile):
884         * jit/JIT.h:
885         * jit/JITInlineCacheGenerator.cpp: Added.
886         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
887         (JSC::JITByIdGenerator::JITByIdGenerator):
888         (JSC::JITByIdGenerator::finalize):
889         (JSC::JITByIdGenerator::generateFastPathChecks):
890         (JSC::JITGetByIdGenerator::generateFastPath):
891         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
892         (JSC::JITPutByIdGenerator::generateFastPath):
893         (JSC::JITPutByIdGenerator::slowPathFunction):
894         * jit/JITInlineCacheGenerator.h: Added.
895         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
896         (JSC::JITInlineCacheGenerator::stubInfo):
897         (JSC::JITByIdGenerator::JITByIdGenerator):
898         (JSC::JITByIdGenerator::reportSlowPathCall):
899         (JSC::JITByIdGenerator::slowPathJump):
900         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
901         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
902         * jit/JITPropertyAccess.cpp:
903         (JSC::JIT::emit_op_get_by_id):
904         (JSC::JIT::emitSlow_op_get_by_id):
905         (JSC::JIT::emit_op_put_by_id):
906         (JSC::JIT::emitSlow_op_put_by_id):
907         * jit/JITPropertyAccess32_64.cpp:
908         (JSC::JIT::emit_op_get_by_id):
909         (JSC::JIT::emitSlow_op_get_by_id):
910         (JSC::JIT::emit_op_put_by_id):
911         (JSC::JIT::emitSlow_op_put_by_id):
912         * jit/RegisterSet.h:
913         (JSC::RegisterSet::set):
914
915 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
916
917         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
918         https://bugs.webkit.org/show_bug.cgi?id=123067
919
920         Reviewed by Geoffrey Garen.
921
922         * API/APICast.h: Include it.
923
924 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
925
926         FTL::Location should treat the offset as an addend in the case of a Register location
927         https://bugs.webkit.org/show_bug.cgi?id=123062
928
929         Reviewed by Sam Weinig.
930
931         * ftl/FTLLocation.cpp:
932         (JSC::FTL::Location::forStackmaps):
933         (JSC::FTL::Location::dump):
934         (JSC::FTL::Location::restoreInto):
935         * ftl/FTLLocation.h:
936         (JSC::FTL::Location::forRegister):
937         (JSC::FTL::Location::hasAddend):
938         (JSC::FTL::Location::addend):
939
940 2013-10-19  Nadav Rotem  <nrotem@apple.com>
941
942         DFG dominators: document and rename stuff.
943         https://bugs.webkit.org/show_bug.cgi?id=123056
944
945         Reviewed by Filip Pizlo.
946
947         Documented the code and renamed some variables.
948
949         * dfg/DFGDominators.cpp:
950         (JSC::DFG::Dominators::compute):
951         (JSC::DFG::Dominators::pruneDominators):
952         * dfg/DFGDominators.h:
953
954 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
955
956         Fix build failure for architectures with 4 argument registers.
957         https://bugs.webkit.org/show_bug.cgi?id=123060
958
959         Reviewed by Michael Saboff.
960
961         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
962         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
963
964         * dfg/DFGSpeculativeJIT.h:
965         (JSC::DFG::SpeculativeJIT::callOperation):
966         * jit/CCallHelpers.h:
967         (JSC::CCallHelpers::setupArgumentsWithExecState):
968         * jit/JITInlines.h:
969         (JSC::JIT::callOperation):
970
971 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
972
973         Unreviewed, fix FTL build.
974
975         * ftl/FTLIntrinsicRepository.h:
976         * ftl/FTLLowerDFGToLLVM.cpp:
977         (JSC::FTL::LowerDFGToLLVM::compileGetById):
978
979 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
980
981         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
982         https://bugs.webkit.org/show_bug.cgi?id=122940
983
984         Reviewed by Oliver Hunt.
985         
986         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
987         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
988         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
989         StructureStubInfo's. It removes some of the need for the compile-time property access
990         records; for example the DFG no longer has to save information about registers in a
991         property access record only to later save it to the stub info.
992         
993         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
994         at any stage of compilation.
995
996         * bytecode/CodeBlock.cpp:
997         (JSC::CodeBlock::printGetByIdCacheStatus):
998         (JSC::CodeBlock::dumpBytecode):
999         (JSC::CodeBlock::~CodeBlock):
1000         (JSC::CodeBlock::propagateTransitions):
1001         (JSC::CodeBlock::finalizeUnconditionally):
1002         (JSC::CodeBlock::addStubInfo):
1003         (JSC::CodeBlock::getStubInfoMap):
1004         (JSC::CodeBlock::shrinkToFit):
1005         * bytecode/CodeBlock.h:
1006         (JSC::CodeBlock::begin):
1007         (JSC::CodeBlock::end):
1008         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
1009         * bytecode/CodeOrigin.h:
1010         (JSC::CodeOrigin::CodeOrigin):
1011         (JSC::CodeOrigin::isHashTableDeletedValue):
1012         (JSC::CodeOrigin::hash):
1013         (JSC::CodeOriginHash::hash):
1014         (JSC::CodeOriginHash::equal):
1015         * bytecode/GetByIdStatus.cpp:
1016         (JSC::GetByIdStatus::computeFor):
1017         * bytecode/GetByIdStatus.h:
1018         * bytecode/PutByIdStatus.cpp:
1019         (JSC::PutByIdStatus::computeFor):
1020         * bytecode/PutByIdStatus.h:
1021         * bytecode/StructureStubInfo.h:
1022         (JSC::getStructureStubInfoCodeOrigin):
1023         * dfg/DFGByteCodeParser.cpp:
1024         (JSC::DFG::ByteCodeParser::parseBlock):
1025         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1026         * dfg/DFGJITCompiler.cpp:
1027         (JSC::DFG::JITCompiler::link):
1028         * dfg/DFGJITCompiler.h:
1029         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
1030         (JSC::DFG::InRecord::InRecord):
1031         * dfg/DFGSpeculativeJIT.cpp:
1032         (JSC::DFG::SpeculativeJIT::compileIn):
1033         * dfg/DFGSpeculativeJIT.h:
1034         (JSC::DFG::SpeculativeJIT::callOperation):
1035         * dfg/DFGSpeculativeJIT32_64.cpp:
1036         (JSC::DFG::SpeculativeJIT::cachedGetById):
1037         (JSC::DFG::SpeculativeJIT::cachedPutById):
1038         * dfg/DFGSpeculativeJIT64.cpp:
1039         (JSC::DFG::SpeculativeJIT::cachedGetById):
1040         (JSC::DFG::SpeculativeJIT::cachedPutById):
1041         * jit/CCallHelpers.h:
1042         (JSC::CCallHelpers::setupArgumentsWithExecState):
1043         * jit/JIT.cpp:
1044         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1045         (JSC::JIT::privateCompile):
1046         * jit/JIT.h:
1047         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
1048         * jit/JITInlines.h:
1049         (JSC::JIT::callOperation):
1050         * jit/JITOperations.cpp:
1051         * jit/JITOperations.h:
1052         * jit/JITPropertyAccess.cpp:
1053         (JSC::JIT::emitSlow_op_get_by_id):
1054         (JSC::JIT::emitSlow_op_put_by_id):
1055         * jit/JITPropertyAccess32_64.cpp:
1056         (JSC::JIT::emitSlow_op_get_by_id):
1057         (JSC::JIT::emitSlow_op_put_by_id):
1058         * jit/Repatch.cpp:
1059         (JSC::appropriateGenericPutByIdFunction):
1060         (JSC::appropriateListBuildingPutByIdFunction):
1061         (JSC::resetPutByID):
1062
1063 2013-10-18  Oliver Hunt  <oliver@apple.com>
1064
1065         Spread operator should be performing direct "puts" and not triggering setters
1066         https://bugs.webkit.org/show_bug.cgi?id=123047
1067
1068         Reviewed by Geoffrey Garen.
1069
1070         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
1071         to array construct.  This required a new PutByValDirect node to be introduced to
1072         the DFG.  The current implementation simply changes the slow path function that
1073         is called, but in future this could be made faster as it does not need to check
1074         the prototype chain.
1075
1076         * bytecode/CodeBlock.cpp:
1077         (JSC::CodeBlock::dumpBytecode):
1078         (JSC::CodeBlock::CodeBlock):
1079         * bytecode/Opcode.h:
1080         (JSC::padOpcodeName):
1081         * bytecompiler/BytecodeGenerator.cpp:
1082         (JSC::BytecodeGenerator::emitDirectPutByVal):
1083         * bytecompiler/BytecodeGenerator.h:
1084         * bytecompiler/NodesCodegen.cpp:
1085         (JSC::ArrayNode::emitBytecode):
1086         * dfg/DFGAbstractInterpreterInlines.h:
1087         (JSC::DFG::::executeEffects):
1088         * dfg/DFGBackwardsPropagationPhase.cpp:
1089         (JSC::DFG::BackwardsPropagationPhase::propagate):
1090         * dfg/DFGByteCodeParser.cpp:
1091         (JSC::DFG::ByteCodeParser::parseBlock):
1092         * dfg/DFGCSEPhase.cpp:
1093         (JSC::DFG::CSEPhase::getArrayLengthElimination):
1094         (JSC::DFG::CSEPhase::getByValLoadElimination):
1095         (JSC::DFG::CSEPhase::checkStructureElimination):
1096         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
1097         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1098         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
1099         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1100         (JSC::DFG::CSEPhase::performNodeCSE):
1101         * dfg/DFGCapabilities.cpp:
1102         (JSC::DFG::capabilityLevel):
1103         * dfg/DFGClobberize.h:
1104         (JSC::DFG::clobberize):
1105         * dfg/DFGFixupPhase.cpp:
1106         (JSC::DFG::FixupPhase::fixupNode):
1107         * dfg/DFGGraph.h:
1108         (JSC::DFG::Graph::clobbersWorld):
1109         * dfg/DFGNode.h:
1110         (JSC::DFG::Node::hasArrayMode):
1111         * dfg/DFGNodeType.h:
1112         * dfg/DFGOperations.cpp:
1113         (JSC::DFG::putByVal):
1114         (JSC::DFG::operationPutByValInternal):
1115         * dfg/DFGOperations.h:
1116         * dfg/DFGPredictionPropagationPhase.cpp:
1117         (JSC::DFG::PredictionPropagationPhase::propagate):
1118         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
1119         * dfg/DFGSafeToExecute.h:
1120         (JSC::DFG::safeToExecute):
1121         * dfg/DFGSpeculativeJIT32_64.cpp:
1122         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
1123         (JSC::DFG::SpeculativeJIT::compile):
1124         * dfg/DFGSpeculativeJIT64.cpp:
1125         (JSC::DFG::SpeculativeJIT::compile):
1126         * dfg/DFGTypeCheckHoistingPhase.cpp:
1127         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
1128         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
1129         * jit/JIT.cpp:
1130         (JSC::JIT::privateCompileMainPass):
1131         (JSC::JIT::privateCompileSlowCases):
1132         * jit/JIT.h:
1133         (JSC::JIT::compileDirectPutByVal):
1134         * jit/JITOperations.cpp:
1135         * jit/JITOperations.h:
1136         * jit/JITPropertyAccess.cpp:
1137         (JSC::JIT::emitSlow_op_put_by_val):
1138         (JSC::JIT::privateCompilePutByVal):
1139         * jit/JITPropertyAccess32_64.cpp:
1140         (JSC::JIT::emitSlow_op_put_by_val):
1141         * llint/LLIntSlowPaths.cpp:
1142         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1143         * llint/LLIntSlowPaths.h:
1144         * llint/LowLevelInterpreter32_64.asm:
1145         * llint/LowLevelInterpreter64.asm:
1146
1147 2013-10-18  Daniel Bates  <dabates@apple.com>
1148
1149         [iOS] Export symbol for VM::sharedInstanceExists()
1150         https://bugs.webkit.org/show_bug.cgi?id=123046
1151
1152         Reviewed by Mark Hahnenberg.
1153
1154         * runtime/VM.h:
1155
1156 2013-10-18  Daniel Bates  <dabates@apple.com>
1157
1158         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
1159         https://bugs.webkit.org/show_bug.cgi?id=123049
1160
1161         Reviewed by Mark Hahnenberg.
1162
1163         * heap/Heap.cpp:
1164         (JSC::Heap::setIncrementalSweeper):
1165         * heap/Heap.h:
1166         * heap/HeapTimer.h:
1167         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
1168         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
1169         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
1170         (duplicates the include in the .cpp).
1171         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
1172         making use of this now, but we'll make use of it in a subsequent patch.
1173
1174 2013-10-18  Anders Carlsson  <andersca@apple.com>
1175
1176         Remove spaces between template angle brackets
1177         https://bugs.webkit.org/show_bug.cgi?id=123040
1178
1179         Reviewed by Andreas Kling.
1180
1181         * API/JSCallbackObject.cpp:
1182         (JSC::::create):
1183         * API/JSObjectRef.cpp:
1184         * bytecode/CodeBlock.h:
1185         (JSC::CodeBlock::constants):
1186         (JSC::CodeBlock::setConstantRegisters):
1187         * bytecode/DFGExitProfile.h:
1188         * bytecode/EvalCodeCache.h:
1189         * bytecode/Operands.h:
1190         * bytecode/UnlinkedCodeBlock.h:
1191         (JSC::UnlinkedCodeBlock::constantRegisters):
1192         * bytecode/Watchpoint.h:
1193         * bytecompiler/BytecodeGenerator.h:
1194         * bytecompiler/StaticPropertyAnalysis.h:
1195         * bytecompiler/StaticPropertyAnalyzer.h:
1196         * dfg/DFGArgumentsSimplificationPhase.cpp:
1197         * dfg/DFGBlockInsertionSet.h:
1198         * dfg/DFGCSEPhase.cpp:
1199         (JSC::DFG::performCSE):
1200         (JSC::DFG::performStoreElimination):
1201         * dfg/DFGCommonData.h:
1202         * dfg/DFGDesiredStructureChains.h:
1203         * dfg/DFGDesiredWatchpoints.h:
1204         * dfg/DFGJITCompiler.h:
1205         * dfg/DFGOSRExitCompiler32_64.cpp:
1206         (JSC::DFG::OSRExitCompiler::compileExit):
1207         * dfg/DFGOSRExitCompiler64.cpp:
1208         (JSC::DFG::OSRExitCompiler::compileExit):
1209         * dfg/DFGWorklist.h:
1210         * heap/BlockAllocator.h:
1211         (JSC::CopiedBlock):
1212         (JSC::MarkedBlock):
1213         (JSC::WeakBlock):
1214         (JSC::MarkStackSegment):
1215         (JSC::CopyWorkListSegment):
1216         (JSC::HandleBlock):
1217         * heap/Heap.h:
1218         * heap/Local.h:
1219         * heap/MarkedBlock.h:
1220         * heap/Strong.h:
1221         * jit/AssemblyHelpers.cpp:
1222         (JSC::AssemblyHelpers::decodedCodeMapFor):
1223         * jit/AssemblyHelpers.h:
1224         * jit/SpecializedThunkJIT.h:
1225         * parser/Nodes.h:
1226         * parser/Parser.cpp:
1227         (JSC::::parseIfStatement):
1228         * parser/Parser.h:
1229         (JSC::Scope::copyCapturedVariablesToVector):
1230         (JSC::parse):
1231         * parser/ParserArena.h:
1232         * parser/SourceProviderCacheItem.h:
1233         * profiler/LegacyProfiler.cpp:
1234         (JSC::dispatchFunctionToProfiles):
1235         * profiler/LegacyProfiler.h:
1236         (JSC::LegacyProfiler::currentProfiles):
1237         * profiler/ProfileNode.h:
1238         (JSC::ProfileNode::children):
1239         * profiler/ProfilerDatabase.h:
1240         * runtime/Butterfly.h:
1241         (JSC::Butterfly::contiguousInt32):
1242         (JSC::Butterfly::contiguous):
1243         * runtime/GenericTypedArrayViewInlines.h:
1244         (JSC::::create):
1245         * runtime/Identifier.h:
1246         (JSC::Identifier::add):
1247         * runtime/JSPromise.h:
1248         * runtime/PropertyMapHashTable.h:
1249         * runtime/PropertyNameArray.h:
1250         * runtime/RegExpCache.h:
1251         * runtime/SparseArrayValueMap.h:
1252         * runtime/SymbolTable.h:
1253         * runtime/VM.h:
1254         * tools/CodeProfile.cpp:
1255         (JSC::truncateTrace):
1256         * tools/CodeProfile.h:
1257         * yarr/YarrInterpreter.cpp:
1258         * yarr/YarrInterpreter.h:
1259         (JSC::Yarr::BytecodePattern::BytecodePattern):
1260         * yarr/YarrJIT.cpp:
1261         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
1262         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
1263         (JSC::Yarr::YarrGenerator::opCompileBody):
1264         * yarr/YarrPattern.cpp:
1265         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
1266         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1267         * yarr/YarrPattern.h:
1268
1269 2013-10-18  Mark Lam  <mark.lam@apple.com>
1270
1271         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
1272         https://bugs.webkit.org/show_bug.cgi?id=123037.
1273
1274         Reviewed by Geoffrey Garen.
1275
1276         * jit/JITStubsMSVC64.asm:
1277         * jit/JITStubsX86.h:
1278         * jit/JITStubsX86_64.h:
1279
1280 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1281
1282         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
1283         https://bugs.webkit.org/show_bug.cgi?id=121661
1284
1285         Reviewed by Mark Hahnenberg.
1286         
1287         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
1288         so I added a return-early check using isCompilationThread().
1289         
1290         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
1291         it is describing: m_offset and the property table. Most structures only have m_offset and report
1292         null for the property table. If the property table is there, it will tell you additional
1293         information and that information subsumes m_offset - but the m_offset is still there. So, when
1294         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
1295         machinery to do this.
1296         
1297         Changing the property table only happens on the main thread.
1298         
1299         Because the machinery to change the property table is so complex, especially with respect to
1300         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
1301         called at key points before and after changes to the property table or the offset.
1302
1303         Most clients of Structure who care about object layout, including the concurrent thread, will
1304         want to know m_offset and not the property table. If they want the property table, they will
1305         already be super careful. The concurrent thread has special methods for this, like
1306         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
1307         view of the property table.
1308         
1309         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
1310         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
1311         
1312         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
1313         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
1314         because we have found that it helps quickly identify situations where the property table and
1315         m_offset get out of sync - mainly because code that changes either of those things will usually
1316         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
1317         need the property table; it uses the m_offset. The concurrent JIT is correct to call
1318         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
1319         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
1320         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
1321         locks, and that same structure is having its property table modified by the main thread, we end
1322         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
1323         property table modified - instead what happens is that some downstream structure steals the
1324         property table and then starts adding things to it. The concurrent thread loads the property
1325         table before it's stolen, and hence the badness.
1326         
1327         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
1328         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
1329         and then you have a possible crash.
1330         
1331         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
1332         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
1333         it's in the concurrent JIT.
1334         
1335         * runtime/StructureInlines.h:
1336         (JSC::Structure::checkOffsetConsistency):
1337
1338 2013-10-18  Daniel Bates  <dabates@apple.com>
1339
1340         Add SPI to disable the garbage collector timer
1341         https://bugs.webkit.org/show_bug.cgi?id=122921
1342
1343         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
1344         omitted.
1345
1346         * heap/Heap.cpp:
1347         (JSC::Heap::setGarbageCollectionTimerEnabled):
1348
1349 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1350
1351         Group 64-bit specific and 32-bit specific callOperation implementations.
1352         https://bugs.webkit.org/show_bug.cgi?id=123024
1353
1354         Reviewed by Michael Saboff.
1355
1356         This is not a big deal, but could be less confusing when reading the code.
1357
1358         * jit/JITInlines.h:
1359         (JSC::JIT::callOperation):
1360         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1361         (JSC::JIT::callOperationNoExceptionCheck):
1362
1363 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1364
1365         Fix a FlushLiveness problem.
1366         https://bugs.webkit.org/show_bug.cgi?id=122984
1367
1368         Reviewed by Filip Pizlo.
1369
1370         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1371         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1372
1373 2013-10-18  Michael Saboff  <msaboff@apple.com>
1374
1375         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1376         https://bugs.webkit.org/show_bug.cgi?id=122982
1377
1378         Reviewed by Geoffrey Garen.
1379
1380         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1381         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1382         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1383         in the process.
1384
1385         * dfg/DFGJITCompiler.cpp:
1386         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1387         * jit/CCallHelpers.h:
1388         (JSC::CCallHelpers::jumpToExceptionHandler):
1389         * jit/JIT.cpp:
1390         (JSC::JIT::privateCompileExceptionHandlers):
1391         * jit/JIT.h:
1392         * jit/JITExceptions.cpp:
1393         (JSC::genericUnwind):
1394         * jit/JITExceptions.h:
1395         * jit/JITInlines.h:
1396         (JSC::JIT::callOperationNoExceptionCheck):
1397         * jit/JITOpcodes.cpp:
1398         (JSC::JIT::emit_op_throw):
1399         * jit/JITOpcodes32_64.cpp:
1400         (JSC::JIT::privateCompileCTINativeCall):
1401         (JSC::JIT::emit_op_throw):
1402         * jit/JITOperations.cpp:
1403         * jit/JITOperations.h:
1404         * jit/JITStubs.cpp:
1405         * jit/JITStubs.h:
1406         * jit/JITStubsARM.h:
1407         * jit/JITStubsARM64.h:
1408         * jit/JITStubsARMv7.h:
1409         * jit/JITStubsMIPS.h:
1410         * jit/JITStubsMSVC64.asm:
1411         * jit/JITStubsSH4.h:
1412         * jit/JITStubsX86.h:
1413         * jit/JITStubsX86_64.h:
1414         * jit/Repatch.cpp:
1415         (JSC::tryBuildGetByIDList):
1416         * jit/SlowPathCall.h:
1417         (JSC::JITSlowPathCall::call):
1418         * jit/ThunkGenerators.cpp:
1419         (JSC::throwExceptionFromCallSlowPathGenerator):
1420         (JSC::nativeForGenerator):
1421         * runtime/VM.h:
1422         (JSC::VM::callFrameForThrowOffset):
1423         (JSC::VM::targetMachinePCForThrowOffset):
1424
1425 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1426
1427         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1428         https://bugs.webkit.org/show_bug.cgi?id=123023
1429
1430         Reviewed by Michael Saboff.
1431
1432         * jit/JITInlines.h:
1433         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1434         using EABI_32BIT_DUMMY_ARG here.
1435
1436 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1437
1438         Unreviewed, another ARM64 build fix.
1439         
1440         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1441         on ARM64 and none of its uses are legit - they should all be using
1442         andPtr(TrustedImm32, blah) anyway.
1443
1444         * assembler/MacroAssembler.h:
1445         * assembler/MacroAssemblerARM64.h:
1446         * dfg/DFGJITCompiler.cpp:
1447         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1448         * jit/JIT.cpp:
1449         (JSC::JIT::privateCompileExceptionHandlers):
1450
1451 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1452
1453         Unreviewed, speculative ARM64 build fix.
1454         
1455         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1456         implemented. So, you have to use TrustedImmPtr in the superclasses.
1457
1458         * assembler/MacroAssemblerARM64.h:
1459         (JSC::MacroAssemblerARM64::store8):
1460         (JSC::MacroAssemblerARM64::branchTest8):
1461
1462 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1463
1464         Unreviewed, speculative ARM build fix.
1465         https://bugs.webkit.org/show_bug.cgi?id=122890
1466         <rdar://problem/15258624>
1467
1468         * assembler/ARM64Assembler.h:
1469         (JSC::ARM64Assembler::firstRegister):
1470         (JSC::ARM64Assembler::lastRegister):
1471         (JSC::ARM64Assembler::firstFPRegister):
1472         (JSC::ARM64Assembler::lastFPRegister):
1473         * assembler/MacroAssemblerARM64.h:
1474         * assembler/MacroAssemblerARMv7.h:
1475
1476 2013-10-17  Andreas Kling  <akling@apple.com>
1477
1478         Pass VM instead of JSGlobalObject to JSONObject constructor.
1479         <https://webkit.org/b/122999>
1480
1481         JSONObject was only use the JSGlobalObject to grab at the VM.
1482         Dodge a few loads by passing the VM directly instead.
1483
1484         Reviewed by Geoffrey Garen.
1485
1486         * runtime/JSONObject.cpp:
1487         (JSC::JSONObject::JSONObject):
1488         (JSC::JSONObject::finishCreation):
1489         * runtime/JSONObject.h:
1490         (JSC::JSONObject::create):
1491
1492 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1493
1494         Removed the JITStackFrame struct
1495         https://bugs.webkit.org/show_bug.cgi?id=123001
1496
1497         Reviewed by Anders Carlsson.
1498
1499         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1500         our helper functions obey the C function call ABI.
1501
1502 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1503
1504         Removed an unused #define
1505         https://bugs.webkit.org/show_bug.cgi?id=123000
1506
1507         Reviewed by Anders Carlsson.
1508
1509         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1510         since it is unused now. This is a step toward using the C stack.
1511
1512 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1513
1514         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1515         https://bugs.webkit.org/show_bug.cgi?id=122973
1516
1517         Reviewed by Michael Saboff.
1518
1519         * jit/ThunkGenerators.cpp:
1520         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1521         so I removed it.
1522
1523         The code acted as if it needed to pass an argument to
1524         lookupExceptionHandler, and as if it passed that argument to itself
1525         through JITStackFrame. However, lookupExceptionHandler does not take
1526         an argument (other than the default ExecState argument), and the code
1527         did not initialize the thing that it thought it passed to itself!
1528
1529 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1530
1531         Run JavaScriptCore tests again on Windows.
1532         https://bugs.webkit.org/show_bug.cgi?id=122787
1533
1534         Reviewed by Tim Horton.
1535
1536         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1537         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1538
1539 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1540
1541         Removed restoreArgumentReference (another use of JITStackFrame)
1542         https://bugs.webkit.org/show_bug.cgi?id=122997
1543
1544         Reviewed by Oliver Hunt.
1545
1546         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1547         toward using the C stack.
1548
1549 2013-10-17  Oliver Hunt  <oliver@apple.com>
1550
1551         Remove JITStubCall.h
1552         https://bugs.webkit.org/show_bug.cgi?id=122991
1553
1554         Reviewed by Geoff Garen.
1555
1556         Happily this is no longer used
1557
1558         * GNUmakefile.list.am:
1559         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1560         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1561         * JavaScriptCore.xcodeproj/project.pbxproj:
1562         * jit/JIT.cpp:
1563         * jit/JITArithmetic.cpp:
1564         * jit/JITArithmetic32_64.cpp:
1565         * jit/JITCall.cpp:
1566         * jit/JITCall32_64.cpp:
1567         * jit/JITOpcodes.cpp:
1568         * jit/JITOpcodes32_64.cpp:
1569         * jit/JITPropertyAccess.cpp:
1570         * jit/JITPropertyAccess32_64.cpp:
1571         * jit/JITStubCall.h: Removed.
1572
1573 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1574
1575         Removed a use of JITSTACKFRAME_ARGS_INDEX
1576         https://bugs.webkit.org/show_bug.cgi?id=122989
1577
1578         Reviewed by Oliver Hunt.
1579
1580         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1581         to using the C stack.
1582
1583 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1584
1585         Change emit_op_catch to use another method to materialize VM
1586         https://bugs.webkit.org/show_bug.cgi?id=122977
1587
1588         Reviewed by Oliver Hunt.
1589
1590         * jit/JITOpcodes.cpp:
1591         (JSC::JIT::emit_op_catch):
1592         * jit/JITOpcodes32_64.cpp:
1593         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1594         on JITStackFrame. It is also faster and simpler.
1595
1596 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1597
1598         Eliminate emitGetJITStubArg() - dead code
1599         https://bugs.webkit.org/show_bug.cgi?id=122975
1600
1601         Reviewed by Anders Carlsson.
1602
1603         * jit/JIT.h:
1604         * jit/JITInlines.h: Removed unused, deprecated function.
1605
1606 2013-10-17  Mark Lam  <mark.lam@apple.com>
1607
1608         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1609         https://bugs.webkit.org/show_bug.cgi?id=122979.
1610
1611         Reviewed by Michael Saboff.
1612
1613         * jit/JITStubs.cpp:
1614         * jit/JITStubs.h:
1615         * jit/JITStubsARM.h:
1616         * jit/JITStubsARM64.h:
1617         * jit/JITStubsARMv7.h:
1618         * jit/JITStubsMIPS.h:
1619         * jit/JITStubsSH4.h:
1620         * jit/JITStubsX86.h:
1621         * jit/JITStubsX86_64.h:
1622         * runtime/VM.cpp:
1623         (JSC::VM::VM):
1624
1625 2013-10-17  Michael Saboff  <msaboff@apple.com>
1626
1627         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1628         https://bugs.webkit.org/show_bug.cgi?id=122974
1629
1630         Reviewed by Geoffrey Garen.
1631
1632         Eliminated unneeded storing to JITStackFrame.
1633
1634         * dfg/DFGJITCompiler.cpp:
1635         (JSC::DFG::JITCompiler::compileFunction):
1636
1637 2013-10-17  Michael Saboff  <msaboff@apple.com>
1638
1639         Transition cti_op_throw and cti_vm_throw to a JIT operation
1640         https://bugs.webkit.org/show_bug.cgi?id=122931
1641
1642         Reviewed by Filip Pizlo.
1643
1644         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1645         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1646         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1647         callOperation to handle the need to provide space for structure return value.
1648
1649         * jit/JIT.h:
1650         * jit/JITInlines.h:
1651         (JSC::JIT::callOperation):
1652         * jit/JITOpcodes.cpp:
1653         (JSC::JIT::emit_op_throw):
1654         * jit/JITOpcodes32_64.cpp:
1655         (JSC::JIT::emit_op_throw):
1656         (JSC::JIT::emit_op_catch):
1657         * jit/JITOperations.cpp:
1658         * jit/JITOperations.h:
1659         * jit/JITStubs.cpp:
1660         * jit/JITStubs.h:
1661         * jit/JITStubsARM.h:
1662         * jit/JITStubsARM64.h:
1663         * jit/JITStubsARMv7.h:
1664         * jit/JITStubsMIPS.h:
1665         * jit/JITStubsMSVC64.asm:
1666         * jit/JITStubsSH4.h:
1667         * jit/JITStubsX86.h:
1668         * jit/JITStubsX86_64.h:
1669         * jit/JSInterfaceJIT.h:
1670
1671 2013-10-17  Mark Lam  <mark.lam@apple.com>
1672
1673         Remove JITStackFrame references in the C Loop LLINT.
1674         https://bugs.webkit.org/show_bug.cgi?id=122950.
1675
1676         Reviewed by Michael Saboff.
1677
1678         * jit/JITStubs.h:
1679         * llint/LowLevelInterpreter.cpp:
1680         (JSC::CLoop::execute):
1681         * offlineasm/cloop.rb:
1682
1683 2013-10-17  Mark Lam  <mark.lam@apple.com>
1684
1685         Remove JITStackFrame references in JIT probes.
1686         https://bugs.webkit.org/show_bug.cgi?id=122947.
1687
1688         Reviewed by Michael Saboff.
1689
1690         * assembler/MacroAssemblerARM.cpp:
1691         (JSC::MacroAssemblerARM::ProbeContext::dump):
1692         * assembler/MacroAssemblerARM.h:
1693         * assembler/MacroAssemblerARMv7.cpp:
1694         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1695         * assembler/MacroAssemblerARMv7.h:
1696         * assembler/MacroAssemblerX86Common.cpp:
1697         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1698         * assembler/MacroAssemblerX86Common.h:
1699         * jit/JITStubsARM.h:
1700         * jit/JITStubsARMv7.h:
1701         * jit/JITStubsX86.h:
1702         * jit/JITStubsX86Common.h:
1703         * jit/JITStubsX86_64.h:
1704
1705 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1706
1707         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1708         https://bugs.webkit.org/show_bug.cgi?id=122949
1709
1710         Reviewed by Andreas Kling.
1711
1712         * jit/CCallHelpers.h:
1713         (JSC::CCallHelpers::setupArgumentsWithExecState):
1714
1715 2013-10-16  Mark Lam  <mark.lam@apple.com>
1716
1717         Transition remaining op_get* JITStubs to JIT operations.
1718         https://bugs.webkit.org/show_bug.cgi?id=122925.
1719
1720         Reviewed by Geoffrey Garen.
1721
1722         Transitioning:
1723             cti_op_get_by_id_generic
1724             cti_op_get_by_val
1725             cti_op_get_by_val_generic
1726             cti_op_get_by_val_string
1727
1728         * dfg/DFGOperations.cpp:
1729         * dfg/DFGOperations.h:
1730         * jit/JIT.h:
1731         * jit/JITInlines.h:
1732         (JSC::JIT::callOperation):
1733         * jit/JITOpcodes.cpp:
1734         (JSC::JIT::emitSlow_op_get_arguments_length):
1735         (JSC::JIT::emitSlow_op_get_argument_by_val):
1736         * jit/JITOpcodes32_64.cpp:
1737         (JSC::JIT::emitSlow_op_get_arguments_length):
1738         (JSC::JIT::emitSlow_op_get_argument_by_val):
1739         * jit/JITOperations.cpp:
1740         * jit/JITOperations.h:
1741         * jit/JITPropertyAccess.cpp:
1742         (JSC::JIT::emitSlow_op_get_by_val):
1743         (JSC::JIT::emitSlow_op_get_by_pname):
1744         (JSC::JIT::privateCompileGetByVal):
1745         * jit/JITPropertyAccess32_64.cpp:
1746         (JSC::JIT::emitSlow_op_get_by_val):
1747         (JSC::JIT::emitSlow_op_get_by_pname):
1748         * jit/JITStubs.cpp:
1749         * jit/JITStubs.h:
1750         * runtime/Executable.cpp:
1751         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1752         * runtime/Options.cpp:
1753         (JSC::Options::initialize):
1754
1755 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1756
1757         Introduce WTF::Bag and start using it for InlineCallFrameSet
1758         https://bugs.webkit.org/show_bug.cgi?id=122941
1759
1760         Reviewed by Geoffrey Garen.
1761         
1762         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1763         SegmentedVectors into Bags as well.
1764
1765         * bytecode/InlineCallFrameSet.cpp:
1766         (JSC::InlineCallFrameSet::add):
1767         * bytecode/InlineCallFrameSet.h:
1768         (JSC::InlineCallFrameSet::begin):
1769         (JSC::InlineCallFrameSet::end):
1770         * dfg/DFGArgumentsSimplificationPhase.cpp:
1771         (JSC::DFG::ArgumentsSimplificationPhase::run):
1772         * dfg/DFGJITCompiler.cpp:
1773         (JSC::DFG::JITCompiler::link):
1774         * dfg/DFGStackLayoutPhase.cpp:
1775         (JSC::DFG::StackLayoutPhase::run):
1776         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1777         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1778
1779 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1780
1781         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1782         https://bugs.webkit.org/show_bug.cgi?id=122905
1783         <rdar://problem/15237856>
1784
1785         Reviewed by Michael Saboff.
1786         
1787         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1788         then always call it to install something that calls CRASH().
1789
1790         * llvm/InitializeLLVM.cpp:
1791         (JSC::llvmCrash):
1792         (JSC::initializeLLVMOnce):
1793         (JSC::initializeLLVM):
1794         * llvm/LLVMAPIFunctions.h:
1795
1796 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1797
1798         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1799         https://bugs.webkit.org/show_bug.cgi?id=122938
1800
1801         Reviewed by Sam Weinig.
1802         
1803         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1804
1805         * jit/Repatch.cpp:
1806         (JSC::tryBuildGetByIDList):
1807
1808 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1809
1810         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1811         https://bugs.webkit.org/show_bug.cgi?id=122937
1812
1813         Reviewed by Geoffrey Garen.
1814         
1815         JITStubCall used to do it.
1816         
1817         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1818
1819         * jit/JIT.h:
1820         (JSC::JIT::appendCall):
1821
1822 2013-10-16  Michael Saboff  <msaboff@apple.com>
1823
1824         transition void cti_op_put_by_val* stubs to JIT operations
1825         https://bugs.webkit.org/show_bug.cgi?id=122903
1826
1827         Reviewed by Geoffrey Garen.
1828
1829         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1830         operationPutByValGeneric.
1831
1832         * jit/CCallHelpers.h:
1833         (JSC::CCallHelpers::setupArgumentsWithExecState):
1834         * jit/JIT.h:
1835         * jit/JITInlines.h:
1836         (JSC::JIT::callOperation):
1837         * jit/JITOperations.cpp:
1838         * jit/JITOperations.h:
1839         * jit/JITPropertyAccess.cpp:
1840         (JSC::JIT::emitSlow_op_put_by_val):
1841         (JSC::JIT::privateCompilePutByVal):
1842         * jit/JITPropertyAccess32_64.cpp:
1843         (JSC::JIT::emitSlow_op_put_by_val):
1844         * jit/JITStubs.cpp:
1845         * jit/JITStubs.h:
1846         * jit/JSInterfaceJIT.h:
1847
1848 2013-10-16  Oliver Hunt  <oliver@apple.com>
1849
1850         Implement ES6 spread operator
1851         https://bugs.webkit.org/show_bug.cgi?id=122911
1852
1853         Reviewed by Michael Saboff.
1854
1855         Implement the ES6 spread operator
1856
1857         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1858         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1859         driven.
1860
1861         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1862         and actually handling the spread.
1863
1864         * bytecompiler/BytecodeGenerator.cpp:
1865         (JSC::BytecodeGenerator::emitNewArray):
1866         (JSC::BytecodeGenerator::emitCall):
1867         (JSC::BytecodeGenerator::emitEnumeration):
1868         * bytecompiler/BytecodeGenerator.h:
1869         * bytecompiler/NodesCodegen.cpp:
1870         (JSC::ArrayNode::emitBytecode):
1871         (JSC::ForOfNode::emitBytecode):
1872         (JSC::SpreadExpressionNode::emitBytecode):
1873         * parser/ASTBuilder.h:
1874         (JSC::ASTBuilder::createSpreadExpression):
1875         * parser/Lexer.cpp:
1876         (JSC::::lex):
1877         * parser/NodeConstructors.h:
1878         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1879         * parser/Nodes.h:
1880         (JSC::ExpressionNode::isSpreadExpression):
1881         (JSC::SpreadExpressionNode::expression):
1882         * parser/Parser.cpp:
1883         (JSC::::parseArrayLiteral):
1884         (JSC::::parseArguments):
1885         (JSC::::parseMemberExpression):
1886         * parser/Parser.h:
1887         (JSC::Parser::getTokenName):
1888         (JSC::Parser::updateErrorMessageSpecialCase):
1889         * parser/ParserTokens.h:
1890         * parser/SyntaxChecker.h:
1891         (JSC::SyntaxChecker::createSpreadExpression):
1892
1893 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1894
1895         Add a useLLInt option to jsc
1896         https://bugs.webkit.org/show_bug.cgi?id=122930
1897
1898         Reviewed by Geoffrey Garen.
1899
1900         * runtime/Executable.cpp:
1901         (JSC::setupLLInt):
1902         (JSC::setupJIT):
1903         (JSC::ScriptExecutable::prepareForExecutionImpl):
1904         * runtime/Options.h:
1905
1906 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1907
1908         Build fix.
1909
1910         Forgot to svn add DeferGC.cpp
1911
1912         * heap/DeferGC.cpp: Added.
1913
1914 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1915
1916         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1917         https://bugs.webkit.org/show_bug.cgi?id=122902
1918
1919         Reviewed by Mark Hahnenberg.
1920         
1921         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1922         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1923         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1924         didn't. Turns out that there's even a helpful method,
1925         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1926
1927         * jit/Repatch.cpp:
1928         (JSC::tryCachePutByID):
1929
1930 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1931
1932         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1933         https://bugs.webkit.org/show_bug.cgi?id=122667
1934
1935         Reviewed by Geoffrey Garen.
1936
1937         The issue this patch is attempting to fix is that there are places in our codebase
1938         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1939         operations that can initiate a garbage collection. Garbage collection then calls 
1940         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1941         always necessarily run during garbage collection). This causes a deadlock.
1942  
1943         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1944         into a thread-local field that indicates that it is unsafe to perform any operation 
1945         that could trigger garbage collection on the current thread. In debug builds, 
1946         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1947         detect deadlocks.
1948  
1949         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1950         which uses the DeferGC mechanism to prevent collections from occurring while the 
1951         lock is held.
1952
1953         * CMakeLists.txt:
1954         * GNUmakefile.list.am:
1955         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1956         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1957         * JavaScriptCore.xcodeproj/project.pbxproj:
1958         * heap/DeferGC.h:
1959         (JSC::DisallowGC::DisallowGC):
1960         (JSC::DisallowGC::~DisallowGC):
1961         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1962         (JSC::DisallowGC::initialize):
1963         * jit/Repatch.cpp:
1964         (JSC::repatchPutByID):
1965         (JSC::buildPutByIdList):
1966         * llint/LLIntSlowPaths.cpp:
1967         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1968         * runtime/ConcurrentJITLock.h:
1969         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1970         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1971         (JSC::ConcurrentJITLockerBase::unlockEarly):
1972         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1973         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1974         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1975         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1976         * runtime/InitializeThreading.cpp:
1977         (JSC::initializeThreadingOnce):
1978         * runtime/JSCellInlines.h:
1979         (JSC::allocateCell):
1980         * runtime/JSSymbolTableObject.h:
1981         (JSC::symbolTablePut):
1982         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1983         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1984         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1985         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1986         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1987         the Structure.
1988         (JSC::Structure::materializePropertyMap):
1989         (JSC::Structure::despecifyDictionaryFunction):
1990         (JSC::Structure::changePrototypeTransition):
1991         (JSC::Structure::despecifyFunctionTransition):
1992         (JSC::Structure::attributeChangeTransition):
1993         (JSC::Structure::toDictionaryTransition):
1994         (JSC::Structure::preventExtensionsTransition):
1995         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1996         (JSC::Structure::isSealed):
1997         (JSC::Structure::isFrozen):
1998         (JSC::Structure::addPropertyWithoutTransition):
1999         (JSC::Structure::removePropertyWithoutTransition):
2000         (JSC::Structure::get):
2001         (JSC::Structure::despecifyFunction):
2002         (JSC::Structure::despecifyAllFunctions):
2003         (JSC::Structure::putSpecificValue):
2004         (JSC::Structure::createPropertyMap):
2005         (JSC::Structure::getPropertyNamesFromStructure):
2006         * runtime/Structure.h:
2007         (JSC::Structure::materializePropertyMapIfNecessary):
2008         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
2009         * runtime/StructureInlines.h:
2010         (JSC::Structure::get):
2011         * runtime/SymbolTable.h:
2012         (JSC::SymbolTable::find):
2013         (JSC::SymbolTable::end):
2014
2015 2013-10-16  Daniel Bates  <dabates@apple.com>
2016
2017         Add SPI to disable the garbage collector timer
2018         https://bugs.webkit.org/show_bug.cgi?id=122921
2019
2020         Reviewed by Geoffrey Garen.
2021
2022         Based on a patch by Mark Hahnenberg.
2023
2024         * API/JSBase.cpp:
2025         (JSDisableGCTimer): Added; SPI function.
2026         * API/JSBasePrivate.h:
2027         * heap/BlockAllocator.cpp:
2028         (JSC::createBlockFreeingThread): Added.
2029         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
2030         to conditionally create the "block freeing" thread depending on the value of
2031         GCActivityCallback::s_shouldCreateGCTimer.
2032         (JSC::BlockAllocator::~BlockAllocator):
2033         * heap/BlockAllocator.h:
2034         (JSC::BlockAllocator::deallocate):
2035         * heap/Heap.cpp:
2036         (JSC::Heap::didAbandon):
2037         (JSC::Heap::collect):
2038         (JSC::Heap::didAllocate):
2039         * heap/HeapTimer.cpp:
2040         (JSC::HeapTimer::timerDidFire):
2041         * runtime/GCActivityCallback.cpp:
2042         * runtime/GCActivityCallback.h:
2043         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
2044         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
2045         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
2046
2047 2013-10-16  Commit Queue  <commit-queue@webkit.org>
2048
2049         Unreviewed, rolling out r157529.
2050         http://trac.webkit.org/changeset/157529
2051         https://bugs.webkit.org/show_bug.cgi?id=122919
2052
2053         Caused score test failures and some build failures. (Requested
2054         by rfong on #webkit).
2055
2056         * bytecompiler/BytecodeGenerator.cpp:
2057         (JSC::BytecodeGenerator::emitNewArray):
2058         (JSC::BytecodeGenerator::emitCall):
2059         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
2060         * bytecompiler/BytecodeGenerator.h:
2061         * bytecompiler/NodesCodegen.cpp:
2062         (JSC::ArrayNode::emitBytecode):
2063         (JSC::CallArguments::CallArguments):
2064         (JSC::ForOfNode::emitBytecode):
2065         (JSC::BindingNode::collectBoundIdentifiers):
2066         * parser/ASTBuilder.h:
2067         * parser/Lexer.cpp:
2068         (JSC::::lex):
2069         * parser/NodeConstructors.h:
2070         (JSC::DotAccessorNode::DotAccessorNode):
2071         * parser/Nodes.h:
2072         * parser/Parser.cpp:
2073         (JSC::::parseArrayLiteral):
2074         (JSC::::parseArguments):
2075         (JSC::::parseMemberExpression):
2076         * parser/Parser.h:
2077         (JSC::Parser::getTokenName):
2078         (JSC::Parser::updateErrorMessageSpecialCase):
2079         * parser/ParserTokens.h:
2080         * parser/SyntaxChecker.h:
2081
2082 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2083
2084         Remove useless architecture specific implementation in DFG.
2085         https://bugs.webkit.org/show_bug.cgi?id=122917.
2086
2087         Reviewed by Michael Saboff.
2088
2089         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
2090         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
2091
2092         * dfg/DFGSpeculativeJIT.h:
2093
2094 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2095
2096         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
2097         https://bugs.webkit.org/show_bug.cgi?id=122916.
2098
2099         Reviewed by Michael Saboff.
2100
2101         This architecture specific function is not used anymore, so get rid of it.
2102
2103         * jit/JIT.h:
2104         * jit/JITInlines.h:
2105
2106 2013-10-16  Oliver Hunt  <oliver@apple.com>
2107
2108         Implement ES6 spread operator
2109         https://bugs.webkit.org/show_bug.cgi?id=122911
2110
2111         Reviewed by Michael Saboff.
2112
2113         Implement the ES6 spread operator
2114
2115         This has a little bit of refactoring to move the enumeration logic out ForOfNode
2116         and into BytecodeGenerator, and then adds the logic to make it nicely callback
2117         driven.
2118
2119         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
2120         and actually handling the spread.
2121
2122         * bytecompiler/BytecodeGenerator.cpp:
2123         (JSC::BytecodeGenerator::emitNewArray):
2124         (JSC::BytecodeGenerator::emitCall):
2125         (JSC::BytecodeGenerator::emitEnumeration):
2126         * bytecompiler/BytecodeGenerator.h:
2127         * bytecompiler/NodesCodegen.cpp:
2128         (JSC::ArrayNode::emitBytecode):
2129         (JSC::ForOfNode::emitBytecode):
2130         (JSC::SpreadExpressionNode::emitBytecode):
2131         * parser/ASTBuilder.h:
2132         (JSC::ASTBuilder::createSpreadExpression):
2133         * parser/Lexer.cpp:
2134         (JSC::::lex):
2135         * parser/NodeConstructors.h:
2136         (JSC::SpreadExpressionNode::SpreadExpressionNode):
2137         * parser/Nodes.h:
2138         (JSC::ExpressionNode::isSpreadExpression):
2139         (JSC::SpreadExpressionNode::expression):
2140         * parser/Parser.cpp:
2141         (JSC::::parseArrayLiteral):
2142         (JSC::::parseArguments):
2143         (JSC::::parseMemberExpression):
2144         * parser/Parser.h:
2145         (JSC::Parser::getTokenName):
2146         (JSC::Parser::updateErrorMessageSpecialCase):
2147         * parser/ParserTokens.h:
2148         * parser/SyntaxChecker.h:
2149         (JSC::SyntaxChecker::createSpreadExpression):
2150
2151 2013-10-16  Mark Lam  <mark.lam@apple.com>
2152
2153         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
2154         https://bugs.webkit.org/show_bug.cgi?id=122899.
2155
2156         Reviewed by Michael Saboff.
2157
2158         * jit/JITOpcodes32_64.cpp:
2159         (JSC::JIT::emit_op_tear_off_activation):
2160         (JSC::JIT::emit_op_tear_off_arguments):
2161         * jit/JITStubs.cpp:
2162         * jit/JITStubs.h:
2163
2164 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2165
2166         Remove more of the UNINTERRUPTED_SEQUENCE thing
2167         https://bugs.webkit.org/show_bug.cgi?id=122885
2168
2169         Reviewed by Andreas Kling.
2170
2171         It was not completely removed by r157481, leading to build failure for sh4 architecture.
2172
2173         * jit/JIT.h:
2174         * jit/JITInlines.h:
2175
2176 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2177
2178         Get rid of the StructureStubInfo::patch union
2179         https://bugs.webkit.org/show_bug.cgi?id=122877
2180
2181         Reviewed by Sam Weinig.
2182         
2183         Just simplifying code by getting rid of data structures that ain't used no more.
2184         
2185         Note that I replace the patch union with a patch struct. This means we say things like
2186         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
2187         encapsulation makes the code more readable: the patch struct contains just those things
2188         that you need to know to perform patching.
2189
2190         * bytecode/StructureStubInfo.h:
2191         * dfg/DFGJITCompiler.cpp:
2192         (JSC::DFG::JITCompiler::link):
2193         * jit/JIT.cpp:
2194         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2195         * jit/Repatch.cpp:
2196         (JSC::repatchByIdSelfAccess):
2197         (JSC::replaceWithJump):
2198         (JSC::linkRestoreScratch):
2199         (JSC::generateProtoChainAccessStub):
2200         (JSC::tryCacheGetByID):
2201         (JSC::getPolymorphicStructureList):
2202         (JSC::patchJumpToGetByIdStub):
2203         (JSC::tryBuildGetByIDList):
2204         (JSC::emitPutReplaceStub):
2205         (JSC::emitPutTransitionStub):
2206         (JSC::tryCachePutByID):
2207         (JSC::tryBuildPutByIdList):
2208         (JSC::tryRepatchIn):
2209         (JSC::resetGetByID):
2210         (JSC::resetPutByID):
2211         (JSC::resetIn):
2212
2213 2013-10-15  Nadav Rotem  <nrotem@apple.com>
2214
2215         FTL: add support for Int52ToValue and fix putByVal of int52s.
2216         https://bugs.webkit.org/show_bug.cgi?id=122873
2217
2218         Reviewed by Filip Pizlo.
2219
2220         * ftl/FTLCapabilities.cpp:
2221         (JSC::FTL::canCompile):
2222         * ftl/FTLLowerDFGToLLVM.cpp:
2223         (JSC::FTL::LowerDFGToLLVM::compileNode):
2224         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
2225         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2226
2227 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2228
2229         Get rid of the UNINTERRUPTED_SEQUENCE thing
2230         https://bugs.webkit.org/show_bug.cgi?id=122876
2231
2232         Reviewed by Mark Hahnenberg.
2233         
2234         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
2235         
2236         Moreover, we should resist the temptation to bring anything like this back. We don't
2237         want to have inline caches that only work if the assembler lays out code in a specific
2238         predetermined way.
2239
2240         * jit/JIT.h:
2241         * jit/JITCall.cpp:
2242         (JSC::JIT::compileOpCall):
2243         * jit/JITCall32_64.cpp:
2244         (JSC::JIT::compileOpCall):
2245
2246 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2247
2248         Baseline JIT should use the DFG GetById IC
2249         https://bugs.webkit.org/show_bug.cgi?id=122861
2250
2251         Reviewed by Oliver Hunt.
2252         
2253         This mostly just kills a ton of code.
2254         
2255         Note that this doesn't yet do all of the simplifications that can be done, but it does
2256         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
2257
2258         * bytecode/CodeBlock.cpp:
2259         (JSC::CodeBlock::resetStubInternal):
2260         * jit/JIT.cpp:
2261         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2262         * jit/JIT.h:
2263         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2264         * jit/JITInlines.h:
2265         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2266         (JSC::JIT::callOperation):
2267         * jit/JITPropertyAccess.cpp:
2268         (JSC::JIT::compileGetByIdHotPath):
2269         (JSC::JIT::emitSlow_op_get_by_id):
2270         (JSC::JIT::emitSlow_op_get_from_scope):
2271         * jit/JITPropertyAccess32_64.cpp:
2272         (JSC::JIT::compileGetByIdHotPath):
2273         (JSC::JIT::emitSlow_op_get_by_id):
2274         (JSC::JIT::emitSlow_op_get_from_scope):
2275         * jit/JITStubs.cpp:
2276         * jit/JITStubs.h:
2277         * jit/Repatch.cpp:
2278         (JSC::repatchGetByID):
2279         (JSC::buildGetByIDList):
2280         * jit/ThunkGenerators.cpp:
2281         * jit/ThunkGenerators.h:
2282
2283 2013-10-15  Dean Jackson  <dino@apple.com>
2284
2285         Add ENABLE_WEB_ANIMATIONS flag
2286         https://bugs.webkit.org/show_bug.cgi?id=122871
2287
2288         Reviewed by Tim Horton.
2289
2290         Eventually might be http://dev.w3.org/fxtf/web-animations/
2291         but this is just engine-internal work at the moment.
2292
2293         * Configurations/FeatureDefines.xcconfig:
2294
2295 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2296
2297         [sh4] Some calls don't match sh4 ABI.
2298         https://bugs.webkit.org/show_bug.cgi?id=122863
2299
2300         Reviewed by Michael Saboff.
2301
2302         * dfg/DFGSpeculativeJIT.h:
2303         (JSC::DFG::SpeculativeJIT::callOperation):
2304         * jit/CCallHelpers.h:
2305         (JSC::CCallHelpers::setupArgumentsWithExecState):
2306         * jit/JITInlines.h:
2307         (JSC::JIT::callOperation):
2308
2309 2013-10-15  Daniel Bates  <dabates@apple.com>
2310
2311         [iOS] Upstream JavaScriptCore support for ARM64
2312         https://bugs.webkit.org/show_bug.cgi?id=122762
2313
2314         Reviewed by Oliver Hunt and Filip Pizlo.
2315
2316         * Configurations/Base.xcconfig:
2317         * Configurations/DebugRelease.xcconfig:
2318         * Configurations/JavaScriptCore.xcconfig:
2319         * Configurations/ToolExecutable.xcconfig:
2320         * JavaScriptCore.xcodeproj/project.pbxproj:
2321         * assembler/ARM64Assembler.h: Added.
2322         * assembler/AbstractMacroAssembler.h:
2323         (JSC::isARM64):
2324         (JSC::AbstractMacroAssembler::Label::Label):
2325         (JSC::AbstractMacroAssembler::Jump::Jump):
2326         (JSC::AbstractMacroAssembler::Jump::link):
2327         (JSC::AbstractMacroAssembler::Jump::linkTo):
2328         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
2329         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
2330         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
2331         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
2332         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
2333         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
2334         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
2335         (JSC::AbstractMacroAssembler::isTempRegisterValid):
2336         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
2337         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2338         * assembler/LinkBuffer.cpp:
2339         (JSC::LinkBuffer::copyCompactAndLinkCode):
2340         (JSC::LinkBuffer::linkCode):
2341         * assembler/LinkBuffer.h:
2342         * assembler/MacroAssembler.h:
2343         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
2344         (JSC::MacroAssembler::pushToSave):
2345         (JSC::MacroAssembler::popToRestore):
2346         (JSC::MacroAssembler::patchableBranchTest32):
2347         * assembler/MacroAssemblerARM64.h: Added.
2348         * assembler/MacroAssemblerARMv7.h:
2349         * dfg/DFGFixupPhase.cpp:
2350         (JSC::DFG::FixupPhase::fixupNode):
2351         * dfg/DFGOSRExitCompiler32_64.cpp:
2352         (JSC::DFG::OSRExitCompiler::compileExit):
2353         * dfg/DFGOSRExitCompiler64.cpp:
2354         (JSC::DFG::OSRExitCompiler::compileExit):
2355         * dfg/DFGSpeculativeJIT.cpp:
2356         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2357         (JSC::DFG::SpeculativeJIT::compileArithMod):
2358         * disassembler/ARM64/A64DOpcode.cpp: Added.
2359         * disassembler/ARM64/A64DOpcode.h: Added.
2360         * disassembler/ARM64Disassembler.cpp: Added.
2361         * heap/MachineStackMarker.cpp:
2362         (JSC::getPlatformThreadRegisters):
2363         (JSC::otherThreadStackPointer):
2364         * heap/Region.h:
2365         * jit/AssemblyHelpers.h:
2366         (JSC::AssemblyHelpers::debugCall):
2367         * jit/CCallHelpers.h:
2368         * jit/ExecutableAllocator.h:
2369         * jit/FPRInfo.h:
2370         (JSC::FPRInfo::toRegister):
2371         (JSC::FPRInfo::toIndex):
2372         (JSC::FPRInfo::debugName):
2373         * jit/GPRInfo.h:
2374         (JSC::GPRInfo::toRegister):
2375         (JSC::GPRInfo::toIndex):
2376         (JSC::GPRInfo::debugName):
2377         * jit/JITInlines.h:
2378         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2379         * jit/JITOperationWrappers.h:
2380         * jit/JITOperations.cpp:
2381         * jit/JITStubs.cpp:
2382         (JSC::performPlatformSpecificJITAssertions):
2383         (JSC::tryCachePutByID):
2384         * jit/JITStubs.h:
2385         (JSC::JITStackFrame::returnAddressSlot):
2386         * jit/JITStubsARM64.h: Added.
2387         * jit/JSInterfaceJIT.h:
2388         * jit/Repatch.cpp:
2389         (JSC::emitRestoreScratch):
2390         (JSC::generateProtoChainAccessStub):
2391         (JSC::tryCacheGetByID):
2392         (JSC::emitPutReplaceStub):
2393         (JSC::tryCachePutByID):
2394         (JSC::tryRepatchIn):
2395         * jit/ScratchRegisterAllocator.h:
2396         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2397         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2398         * jit/ThunkGenerators.cpp:
2399         (JSC::nativeForGenerator):
2400         (JSC::floorThunkGenerator):
2401         (JSC::ceilThunkGenerator):
2402         * jsc.cpp:
2403         (main):
2404         * llint/LLIntOfflineAsmConfig.h:
2405         * llint/LLIntSlowPaths.cpp:
2406         (JSC::LLInt::handleHostCall):
2407         * llint/LowLevelInterpreter.asm:
2408         * llint/LowLevelInterpreter64.asm:
2409         * offlineasm/arm.rb:
2410         * offlineasm/arm64.rb: Added.
2411         * offlineasm/backends.rb:
2412         * offlineasm/instructions.rb:
2413         * offlineasm/risc.rb:
2414         * offlineasm/transform.rb:
2415         * yarr/YarrJIT.cpp:
2416         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2417         (JSC::Yarr::YarrGenerator::initCallFrame):
2418         (JSC::Yarr::YarrGenerator::removeCallFrame):
2419         (JSC::Yarr::YarrGenerator::generateEnter):
2420         * yarr/YarrJIT.h:
2421
2422 2013-10-15  Mark Lam  <mark.lam@apple.com>
2423
2424         Fix 3 operand sub operation in C loop LLINT.
2425         https://bugs.webkit.org/show_bug.cgi?id=122866.
2426
2427         Reviewed by Geoffrey Garen.
2428
2429         * offlineasm/cloop.rb:
2430
2431 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2432
2433         ObjCCallbackFunctionImpl shouldn't store a JSContext
2434         https://bugs.webkit.org/show_bug.cgi?id=122531
2435
2436         Reviewed by Geoffrey Garen.
2437
2438         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2439         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2440         by looking using the globalObject of the callee when the function callback is invoked.
2441  
2442         Also added a new test that would cause us to crash previously. The test required making 
2443         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2444         in C API callbacks.
2445
2446         * API/JSContextRef.h:
2447         * API/JSContextRefPrivate.h:
2448         * API/ObjCCallbackFunction.mm:
2449         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2450         (JSC::objCCallbackFunctionCallAsFunction):
2451         (objCCallbackFunctionForInvocation):
2452         * API/WebKitAvailability.h:
2453         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2454         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2455         (CallAsConstructor):
2456         (ConstructorFinalize):
2457         (ConstructorClass):
2458         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2459         (-[JSContext valueWithConstructorDescriptor:]):
2460         (currentThisInsideBlockGetterTest):
2461         * API/tests/testapi.mm:
2462         * JavaScriptCore.xcodeproj/project.pbxproj:
2463         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2464
2465 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2466
2467         Fix build after r157457 for architecture with 4 argument registers.
2468         https://bugs.webkit.org/show_bug.cgi?id=122860
2469
2470         Reviewed by Michael Saboff.
2471
2472         * jit/CCallHelpers.h:
2473         (JSC::CCallHelpers::setupStubArguments134):
2474
2475 2013-10-14  Michael Saboff  <msaboff@apple.com>
2476
2477         transition void cti_op_* methods to JIT operations.
2478         https://bugs.webkit.org/show_bug.cgi?id=122617
2479
2480         Reviewed by Geoffrey Garen.
2481
2482         Converted the follow stubs to JIT operations:
2483             cti_handle_watchdog_timer
2484             cti_op_debug
2485             cti_op_pop_scope
2486             cti_op_profile_did_call
2487             cti_op_profile_will_call
2488             cti_op_put_by_index
2489             cti_op_put_getter_setter
2490             cti_op_tear_off_activation
2491             cti_op_tear_off_arguments
2492             cti_op_throw_static_error
2493             cti_optimize
2494
2495         * dfg/DFGOperations.cpp:
2496         * dfg/DFGOperations.h:
2497         * jit/CCallHelpers.h:
2498         (JSC::CCallHelpers::setupArgumentsWithExecState):
2499         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2500         (JSC::CCallHelpers::setupStubArguments):
2501         (JSC::CCallHelpers::setupStubArguments134):
2502         * jit/JIT.cpp:
2503         (JSC::JIT::emitEnterOptimizationCheck):
2504         * jit/JIT.h:
2505         * jit/JITInlines.h:
2506         (JSC::JIT::callOperation):
2507         * jit/JITOpcodes.cpp:
2508         (JSC::JIT::emit_op_tear_off_activation):
2509         (JSC::JIT::emit_op_tear_off_arguments):
2510         (JSC::JIT::emit_op_push_with_scope):
2511         (JSC::JIT::emit_op_pop_scope):
2512         (JSC::JIT::emit_op_push_name_scope):
2513         (JSC::JIT::emit_op_throw_static_error):
2514         (JSC::JIT::emit_op_debug):
2515         (JSC::JIT::emit_op_profile_will_call):
2516         (JSC::JIT::emit_op_profile_did_call):
2517         (JSC::JIT::emitSlow_op_loop_hint):
2518         * jit/JITOpcodes32_64.cpp:
2519         (JSC::JIT::emit_op_push_with_scope):
2520         (JSC::JIT::emit_op_pop_scope):
2521         (JSC::JIT::emit_op_push_name_scope):
2522         (JSC::JIT::emit_op_throw_static_error):
2523         (JSC::JIT::emit_op_debug):
2524         (JSC::JIT::emit_op_profile_will_call):
2525         (JSC::JIT::emit_op_profile_did_call):
2526         * jit/JITOperations.cpp:
2527         * jit/JITOperations.h:
2528         * jit/JITPropertyAccess.cpp:
2529         (JSC::JIT::emit_op_put_by_index):
2530         (JSC::JIT::emit_op_put_getter_setter):
2531         * jit/JITPropertyAccess32_64.cpp:
2532         (JSC::JIT::emit_op_put_by_index):
2533         (JSC::JIT::emit_op_put_getter_setter):
2534         * jit/JITStubs.cpp:
2535         * jit/JITStubs.h:
2536
2537 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2538
2539         [sh4] Introduce const pools in LLINT.
2540         https://bugs.webkit.org/show_bug.cgi?id=122746
2541
2542         Reviewed by Michael Saboff.
2543
2544         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2545         loaded this way:
2546
2547             mov.l .label, rx
2548             bra out
2549             nop
2550             .balign 4
2551             .label: .long immvalue
2552             out:
2553
2554         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2555         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2556
2557         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2558         * offlineasm/sh4.rb:
2559
2560 2013-10-15  Mark Lam  <mark.lam@apple.com>
2561
2562         Fix broken C Loop LLINT build.
2563         https://bugs.webkit.org/show_bug.cgi?id=122839.
2564
2565         Reviewed by Michael Saboff.
2566
2567         * dfg/DFGFlushedAt.cpp:
2568         * jit/JITOperations.h:
2569
2570 2013-10-14  Mark Lam  <mark.lam@apple.com>
2571
2572         Transition *switch* and *scope* JITStubs to JIT operations.
2573         https://bugs.webkit.org/show_bug.cgi?id=122757.
2574
2575         Reviewed by Geoffrey Garen.
2576
2577         Transitioning:
2578             cti_op_switch_char
2579             cti_op_switch_imm
2580             cti_op_switch_string
2581             cti_op_resolve_scope
2582             cti_op_get_from_scope
2583             cti_op_put_to_scope
2584
2585         * jit/JIT.h:
2586         * jit/JITInlines.h:
2587         (JSC::JIT::callOperation):
2588         * jit/JITOpcodes.cpp:
2589         (JSC::JIT::emit_op_switch_imm):
2590         (JSC::JIT::emit_op_switch_char):
2591         (JSC::JIT::emit_op_switch_string):
2592         * jit/JITOpcodes32_64.cpp:
2593         (JSC::JIT::emit_op_switch_imm):
2594         (JSC::JIT::emit_op_switch_char):
2595         (JSC::JIT::emit_op_switch_string):
2596         * jit/JITOperations.cpp:
2597         * jit/JITOperations.h:
2598         * jit/JITPropertyAccess.cpp:
2599         (JSC::JIT::emitSlow_op_resolve_scope):
2600         (JSC::JIT::emitSlow_op_get_from_scope):
2601         (JSC::JIT::emitSlow_op_put_to_scope):
2602         * jit/JITPropertyAccess32_64.cpp:
2603         (JSC::JIT::emitSlow_op_resolve_scope):
2604         (JSC::JIT::emitSlow_op_get_from_scope):
2605         (JSC::JIT::emitSlow_op_put_to_scope):
2606         * jit/JITStubs.cpp:
2607         * jit/JITStubs.h:
2608
2609 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2610
2611         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2612         https://bugs.webkit.org/show_bug.cgi?id=122786
2613
2614         Reviewed by Mark Hahnenberg.
2615
2616         * bytecode/CodeBlock.cpp:
2617         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2618         * jit/Repatch.cpp:
2619         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2620         (JSC::buildPutByIdList): Ditto.
2621
2622 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2623
2624         Add FTL support for LogicalNot(string)
2625         https://bugs.webkit.org/show_bug.cgi?id=122765
2626
2627         Reviewed by Filip Pizlo.
2628
2629         This patch is tested by:
2630         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2631
2632         * ftl/FTLCapabilities.cpp:
2633         (JSC::FTL::canCompile):
2634         * ftl/FTLLowerDFGToLLVM.cpp:
2635         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2636
2637 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2638
2639         [sh4] Fixes after r157404 and r157411.
2640         https://bugs.webkit.org/show_bug.cgi?id=122782
2641
2642         Reviewed by Michael Saboff.
2643
2644         * dfg/DFGSpeculativeJIT.h:
2645         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2646         * jit/CCallHelpers.h:
2647         (JSC::CCallHelpers::setupArgumentsWithExecState):
2648         * jit/JITInlines.h:
2649         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2650         * jit/JITPropertyAccess32_64.cpp:
2651         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2652
2653 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2654
2655         Unreviewed, rolling out r157413.
2656         http://trac.webkit.org/changeset/157413
2657         https://bugs.webkit.org/show_bug.cgi?id=122779
2658
2659         Appears to have caused frequent crashes (Requested by ap on
2660         #webkit).
2661
2662         * CMakeLists.txt:
2663         * GNUmakefile.list.am:
2664         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2665         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2666         * JavaScriptCore.xcodeproj/project.pbxproj:
2667         * heap/DeferGC.cpp: Removed.
2668         * heap/DeferGC.h:
2669         * jit/JITStubs.cpp:
2670         (JSC::tryCacheGetByID):
2671         (JSC::DEFINE_STUB_FUNCTION):
2672         * llint/LLIntSlowPaths.cpp:
2673         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2674         * runtime/ConcurrentJITLock.h:
2675         * runtime/InitializeThreading.cpp:
2676         (JSC::initializeThreadingOnce):
2677         * runtime/JSCellInlines.h:
2678         (JSC::allocateCell):
2679         * runtime/Structure.cpp:
2680         (JSC::Structure::materializePropertyMap):
2681         (JSC::Structure::putSpecificValue):
2682         (JSC::Structure::createPropertyMap):
2683         * runtime/Structure.h:
2684
2685 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2686
2687         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2688         https://bugs.webkit.org/show_bug.cgi?id=122652
2689
2690         Reviewed by Filip Pizlo.
2691
2692         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2693         so we would end up ASSERTing during garbage collection.
2694
2695         * heap/MarkedAllocator.cpp:
2696         (JSC::MarkedAllocator::allocateSlowCase):
2697
2698 2013-10-11  Oliver Hunt  <oliver@apple.com>
2699
2700         Separate out array iteration intrinsics
2701         https://bugs.webkit.org/show_bug.cgi?id=122656
2702
2703         Reviewed by Michael Saboff.
2704
2705         Separate out the intrinsics for key and values iteration
2706         of arrays.
2707
2708         This requires moving moving array iteration into the iterator
2709         instance, rather than the prototype, but this is essentially
2710         unobservable so we'll live with it for now.
2711
2712         * jit/ThunkGenerators.cpp:
2713         (JSC::arrayIteratorNextThunkGenerator):
2714         (JSC::arrayIteratorNextKeyThunkGenerator):
2715         (JSC::arrayIteratorNextValueThunkGenerator):
2716         * jit/ThunkGenerators.h:
2717         * runtime/ArrayIteratorPrototype.cpp:
2718         (JSC::ArrayIteratorPrototype::finishCreation):
2719         * runtime/Intrinsic.h:
2720         * runtime/JSArrayIterator.cpp:
2721         (JSC::JSArrayIterator::finishCreation):
2722         (JSC::createIteratorResult):
2723         (JSC::arrayIteratorNext):
2724         (JSC::arrayIteratorNextKey):
2725         (JSC::arrayIteratorNextValue):
2726         (JSC::arrayIteratorNextGeneric):
2727         * runtime/VM.cpp:
2728         (JSC::thunkGeneratorForIntrinsic):
2729
2730 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2731
2732         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2733         https://bugs.webkit.org/show_bug.cgi?id=122667
2734
2735         Reviewed by Filip Pizlo.
2736
2737         The issue this patch is attempting to fix is that there are places in our codebase
2738         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2739         operations that can initiate a garbage collection. Garbage collection then calls 
2740         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2741         always necessarily run during garbage collection). This causes a deadlock.
2742
2743         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2744         into a thread-local field that indicates that it is unsafe to perform any operation 
2745         that could trigger garbage collection on the current thread. In debug builds, 
2746         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2747         detect deadlocks.
2748
2749         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2750         which uses the DeferGC mechanism to prevent collections from occurring while the 
2751         lock is held.
2752
2753         * CMakeLists.txt:
2754         * GNUmakefile.list.am:
2755         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2756         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2757         * JavaScriptCore.xcodeproj/project.pbxproj:
2758         * heap/DeferGC.cpp: Added.
2759         * heap/DeferGC.h:
2760         (JSC::DisallowGC::DisallowGC):
2761         (JSC::DisallowGC::~DisallowGC):
2762         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2763         (JSC::DisallowGC::initialize):
2764         * jit/JITStubs.cpp:
2765         (JSC::tryCachePutByID):
2766         (JSC::tryCacheGetByID):
2767         (JSC::DEFINE_STUB_FUNCTION):
2768         * llint/LLIntSlowPaths.cpp:
2769         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2770         * runtime/ConcurrentJITLock.h:
2771         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2772         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2773         (JSC::ConcurrentJITLockerBase::unlockEarly):
2774         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2775         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2776         * runtime/InitializeThreading.cpp:
2777         (JSC::initializeThreadingOnce):
2778         * runtime/JSCellInlines.h:
2779         (JSC::allocateCell):
2780         * runtime/Structure.cpp:
2781         (JSC::Structure::materializePropertyMap):
2782         (JSC::Structure::putSpecificValue):
2783         (JSC::Structure::createPropertyMap):
2784         * runtime/Structure.h:
2785
2786 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2787
2788         Baseline JIT should use the DFG's PutById IC
2789         https://bugs.webkit.org/show_bug.cgi?id=122704
2790
2791         Reviewed by Mark Hahnenberg.
2792         
2793         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2794         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2795         
2796         The only complicated part was that the PutById operations assumed that we first did a
2797         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2798         slow paths to deal with EncodedJSValue's.
2799
2800         * bytecode/CodeBlock.cpp:
2801         (JSC::CodeBlock::resetStubInternal):
2802         * bytecode/PutByIdStatus.cpp:
2803         (JSC::PutByIdStatus::computeFor):
2804         * dfg/DFGSpeculativeJIT.h:
2805         (JSC::DFG::SpeculativeJIT::callOperation):
2806         * dfg/DFGSpeculativeJIT32_64.cpp:
2807         (JSC::DFG::SpeculativeJIT::cachedPutById):
2808         * dfg/DFGSpeculativeJIT64.cpp:
2809         (JSC::DFG::SpeculativeJIT::cachedPutById):
2810         * jit/CCallHelpers.h:
2811         (JSC::CCallHelpers::setupArgumentsWithExecState):
2812         * jit/JIT.cpp:
2813         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2814         * jit/JIT.h:
2815         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2816         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2817         * jit/JITInlines.h:
2818         (JSC::JIT::callOperation):
2819         * jit/JITOperationWrappers.h:
2820         * jit/JITOperations.cpp:
2821         * jit/JITOperations.h:
2822         * jit/JITPropertyAccess.cpp:
2823         (JSC::JIT::compileGetByIdHotPath):
2824         (JSC::JIT::compileGetByIdSlowCase):
2825         (JSC::JIT::emit_op_put_by_id):
2826         (JSC::JIT::emitSlow_op_put_by_id):
2827         * jit/JITPropertyAccess32_64.cpp:
2828         (JSC::JIT::compileGetByIdSlowCase):
2829         (JSC::JIT::emit_op_put_by_id):
2830         (JSC::JIT::emitSlow_op_put_by_id):
2831         * jit/JITStubs.cpp:
2832         * jit/JITStubs.h:
2833         * jit/Repatch.cpp:
2834         (JSC::appropriateGenericPutByIdFunction):
2835         (JSC::appropriateListBuildingPutByIdFunction):
2836         (JSC::resetPutByID):
2837
2838 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2839
2840         FTL should have an inefficient but correct implementation of GetById
2841         https://bugs.webkit.org/show_bug.cgi?id=122740
2842
2843         Reviewed by Mark Hahnenberg.
2844         
2845         It took some effort to realize that the node->prediction() check in the DFG backends
2846         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2847         if !prediction.
2848         
2849         But other than that this was an easy patch.
2850
2851         * dfg/DFGByteCodeParser.cpp:
2852         (JSC::DFG::ByteCodeParser::handleGetById):
2853         * dfg/DFGSpeculativeJIT32_64.cpp:
2854         (JSC::DFG::SpeculativeJIT::compile):
2855         * dfg/DFGSpeculativeJIT64.cpp:
2856         (JSC::DFG::SpeculativeJIT::compile):
2857         * ftl/FTLCapabilities.cpp:
2858         (JSC::FTL::canCompile):
2859         * ftl/FTLIntrinsicRepository.h:
2860         * ftl/FTLLowerDFGToLLVM.cpp:
2861         (JSC::FTL::LowerDFGToLLVM::compileNode):
2862         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2863
2864 2013-10-13  Mark Lam  <mark.lam@apple.com>
2865
2866         Transition misc cti_op_* JITStubs to JIT operations.
2867         https://bugs.webkit.org/show_bug.cgi?id=122645.
2868
2869         Reviewed by Michael Saboff.
2870
2871         Stubs converted:
2872             cti_op_check_has_instance
2873             cti_op_create_arguments
2874             cti_op_del_by_id
2875             cti_op_instanceof
2876             cti_to_object
2877             cti_op_push_activation
2878             cti_op_get_pnames
2879             cti_op_load_varargs
2880
2881         * dfg/DFGOperations.cpp:
2882         * dfg/DFGOperations.h:
2883         * jit/CCallHelpers.h:
2884         (JSC::CCallHelpers::setupArgumentsWithExecState):
2885         * jit/JIT.h:
2886         (JSC::JIT::emitStoreCell):
2887         * jit/JITCall.cpp:
2888         (JSC::JIT::compileLoadVarargs):
2889         * jit/JITCall32_64.cpp:
2890         (JSC::JIT::compileLoadVarargs):
2891         * jit/JITInlines.h:
2892         (JSC::JIT::callOperation):
2893         * jit/JITOpcodes.cpp:
2894         (JSC::JIT::emit_op_get_pnames):
2895         (JSC::JIT::emit_op_create_activation):
2896         (JSC::JIT::emit_op_create_arguments):
2897         (JSC::JIT::emitSlow_op_check_has_instance):
2898         (JSC::JIT::emitSlow_op_instanceof):
2899         (JSC::JIT::emitSlow_op_get_argument_by_val):
2900         * jit/JITOpcodes32_64.cpp:
2901         (JSC::JIT::emitSlow_op_check_has_instance):
2902         (JSC::JIT::emitSlow_op_instanceof):
2903         (JSC::JIT::emit_op_get_pnames):
2904         (JSC::JIT::emit_op_create_activation):
2905         (JSC::JIT::emit_op_create_arguments):
2906         (JSC::JIT::emitSlow_op_get_argument_by_val):
2907         * jit/JITOperations.cpp:
2908         * jit/JITOperations.h:
2909         * jit/JITPropertyAccess.cpp:
2910         (JSC::JIT::emit_op_del_by_id):
2911         * jit/JITPropertyAccess32_64.cpp:
2912         (JSC::JIT::emit_op_del_by_id):
2913         * jit/JITStubs.cpp:
2914         * jit/JITStubs.h:
2915
2916 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2917
2918         FTL OSR exit should perform zero extension on values smaller than 64-bit
2919         https://bugs.webkit.org/show_bug.cgi?id=122688
2920
2921         Reviewed by Gavin Barraclough.
2922         
2923         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2924         register will have zeros on the high bits.  In the few cases where the high bits are
2925         non-zero, the DFG sort of tells us this explicitly.
2926
2927         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2928         emit LLVM IR like:
2929
2930             %2 = trunc i64 %1 to i32
2931             stuff %2
2932             call @llvm.webkit.stackmap(...., %2)
2933
2934         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2935         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2936         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2937         from before truncation, and that register may have garbage in the high bits.
2938
2939         This means that on our end, if we want a 32-bit value and we want that value to be
2940         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2941         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2942         end.
2943         
2944         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2945
2946         * ftl/FTLOSRExitCompiler.cpp:
2947         (JSC::FTL::compileStubWithOSRExitStackmap):
2948         * ftl/FTLValueFormat.cpp:
2949         (JSC::FTL::reboxAccordingToFormat):
2950
2951 == Rolled over to ChangeLog-2013-10-13 ==