[sh4] Fix build (broken since r157690).
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
2
3         [sh4] Fix build (broken since r157690).
4         https://bugs.webkit.org/show_bug.cgi?id=123081
5
6         Reviewed by Andreas Kling.
7
8         * assembler/AssemblerBufferWithConstantPool.h:
9         * assembler/SH4Assembler.h:
10         (JSC::SH4Assembler::buffer):
11         (JSC::SH4Assembler::readCallTarget):
12
13 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
14
15         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
16         https://bugs.webkit.org/show_bug.cgi?id=123079
17
18         Reviewed by Geoffrey Garen.
19
20         * jit/TempRegisterSet.h:
21
22 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
23
24         Rename RegisterSet to TempRegisterSet
25         https://bugs.webkit.org/show_bug.cgi?id=123077
26
27         Reviewed by Dan Bernstein.
28
29         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
30         * JavaScriptCore.xcodeproj/project.pbxproj:
31         * bytecode/StructureStubInfo.h:
32         * dfg/DFGJITCompiler.h:
33         * dfg/DFGSpeculativeJIT.h:
34         (JSC::DFG::SpeculativeJIT::usedRegisters):
35         * jit/JITInlineCacheGenerator.cpp:
36         (JSC::JITByIdGenerator::JITByIdGenerator):
37         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
38         * jit/JITInlineCacheGenerator.h:
39         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
40         * jit/JITPropertyAccess.cpp:
41         (JSC::JIT::emit_op_get_by_id):
42         (JSC::JIT::emit_op_put_by_id):
43         * jit/JITPropertyAccess32_64.cpp:
44         (JSC::JIT::emit_op_get_by_id):
45         (JSC::JIT::emit_op_put_by_id):
46         * jit/RegisterSet.h: Removed.
47         * jit/ScratchRegisterAllocator.h:
48         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
49         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
50         (JSC::TempRegisterSet::TempRegisterSet):
51         (JSC::TempRegisterSet::asPOD):
52         (JSC::TempRegisterSet::copyInfo):
53
54 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
55
56         Restructure LinkBuffer to allow for alternate allocation strategies
57         https://bugs.webkit.org/show_bug.cgi?id=123071
58
59         Reviewed by Oliver Hunt.
60         
61         The idea is to eventually allow a LinkBuffer to place the code into an already
62         allocated region of memory.  That region of memory could be the nop-slide left behind
63         by a llvm.webkit.patchpoint.
64
65         * assembler/ARM64Assembler.h:
66         (JSC::ARM64Assembler::buffer):
67         * assembler/AssemblerBuffer.h:
68         * assembler/LinkBuffer.cpp:
69         (JSC::LinkBuffer::copyCompactAndLinkCode):
70         (JSC::LinkBuffer::linkCode):
71         (JSC::LinkBuffer::allocate):
72         (JSC::LinkBuffer::shrink):
73         * assembler/LinkBuffer.h:
74         (JSC::LinkBuffer::LinkBuffer):
75         (JSC::LinkBuffer::didFailToAllocate):
76         * assembler/X86Assembler.h:
77         (JSC::X86Assembler::buffer):
78         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
79
80 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
81
82         Some includes in JSC seem to use an incorrect style
83         https://bugs.webkit.org/show_bug.cgi?id=123057
84
85         Reviewed by Geoffrey Garen.
86
87         Changed pseudo-system includes to user ones.
88
89         * API/JSContextRef.cpp:
90         * API/JSStringRefCF.cpp:
91         * API/JSValueRef.cpp:
92         * API/OpaqueJSString.cpp:
93         * jit/JIT.h:
94         * parser/SyntaxChecker.h:
95         * runtime/WeakGCMap.h:
96
97 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
98
99         Baseline JIT and DFG IC code generation should be unified and rationalized
100         https://bugs.webkit.org/show_bug.cgi?id=122939
101
102         Reviewed by Geoffrey Garen.
103         
104         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
105         some register info and creates JIT inline caches for you. Used this to even furhter
106         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
107         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
108         that it needs to do the equivalent of get_by_id, so with this generator it will be able
109         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
110
111         * CMakeLists.txt:
112         * GNUmakefile.list.am:
113         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
114         * JavaScriptCore.xcodeproj/project.pbxproj:
115         * assembler/AbstractMacroAssembler.h:
116         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
117         * bytecode/CodeBlock.h:
118         (JSC::CodeBlock::ecmaMode):
119         * dfg/DFGInlineCacheWrapper.h: Added.
120         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
121         * dfg/DFGInlineCacheWrapperInlines.h: Added.
122         (JSC::DFG::::finalize):
123         * dfg/DFGJITCompiler.cpp:
124         (JSC::DFG::JITCompiler::link):
125         * dfg/DFGJITCompiler.h:
126         (JSC::DFG::JITCompiler::addGetById):
127         (JSC::DFG::JITCompiler::addPutById):
128         * dfg/DFGSpeculativeJIT32_64.cpp:
129         (JSC::DFG::SpeculativeJIT::cachedGetById):
130         (JSC::DFG::SpeculativeJIT::cachedPutById):
131         * dfg/DFGSpeculativeJIT64.cpp:
132         (JSC::DFG::SpeculativeJIT::cachedGetById):
133         (JSC::DFG::SpeculativeJIT::cachedPutById):
134         (JSC::DFG::SpeculativeJIT::compile):
135         * jit/AssemblyHelpers.h:
136         (JSC::AssemblyHelpers::isStrictModeFor):
137         (JSC::AssemblyHelpers::strictModeFor):
138         * jit/GPRInfo.h:
139         (JSC::JSValueRegs::tagGPR):
140         * jit/JIT.cpp:
141         (JSC::JIT::JIT):
142         (JSC::JIT::privateCompileSlowCases):
143         (JSC::JIT::privateCompile):
144         * jit/JIT.h:
145         * jit/JITInlineCacheGenerator.cpp: Added.
146         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
147         (JSC::JITByIdGenerator::JITByIdGenerator):
148         (JSC::JITByIdGenerator::finalize):
149         (JSC::JITByIdGenerator::generateFastPathChecks):
150         (JSC::JITGetByIdGenerator::generateFastPath):
151         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
152         (JSC::JITPutByIdGenerator::generateFastPath):
153         (JSC::JITPutByIdGenerator::slowPathFunction):
154         * jit/JITInlineCacheGenerator.h: Added.
155         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
156         (JSC::JITInlineCacheGenerator::stubInfo):
157         (JSC::JITByIdGenerator::JITByIdGenerator):
158         (JSC::JITByIdGenerator::reportSlowPathCall):
159         (JSC::JITByIdGenerator::slowPathJump):
160         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
161         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
162         * jit/JITPropertyAccess.cpp:
163         (JSC::JIT::emit_op_get_by_id):
164         (JSC::JIT::emitSlow_op_get_by_id):
165         (JSC::JIT::emit_op_put_by_id):
166         (JSC::JIT::emitSlow_op_put_by_id):
167         * jit/JITPropertyAccess32_64.cpp:
168         (JSC::JIT::emit_op_get_by_id):
169         (JSC::JIT::emitSlow_op_get_by_id):
170         (JSC::JIT::emit_op_put_by_id):
171         (JSC::JIT::emitSlow_op_put_by_id):
172         * jit/RegisterSet.h:
173         (JSC::RegisterSet::set):
174
175 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
176
177         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
178         https://bugs.webkit.org/show_bug.cgi?id=123067
179
180         Reviewed by Geoffrey Garen.
181
182         * API/APICast.h: Include it.
183
184 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
185
186         FTL::Location should treat the offset as an addend in the case of a Register location
187         https://bugs.webkit.org/show_bug.cgi?id=123062
188
189         Reviewed by Sam Weinig.
190
191         * ftl/FTLLocation.cpp:
192         (JSC::FTL::Location::forStackmaps):
193         (JSC::FTL::Location::dump):
194         (JSC::FTL::Location::restoreInto):
195         * ftl/FTLLocation.h:
196         (JSC::FTL::Location::forRegister):
197         (JSC::FTL::Location::hasAddend):
198         (JSC::FTL::Location::addend):
199
200 2013-10-19  Nadav Rotem  <nrotem@apple.com>
201
202         DFG dominators: document and rename stuff.
203         https://bugs.webkit.org/show_bug.cgi?id=123056
204
205         Reviewed by Filip Pizlo.
206
207         Documented the code and renamed some variables.
208
209         * dfg/DFGDominators.cpp:
210         (JSC::DFG::Dominators::compute):
211         (JSC::DFG::Dominators::pruneDominators):
212         * dfg/DFGDominators.h:
213
214 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
215
216         Fix build failure for architectures with 4 argument registers.
217         https://bugs.webkit.org/show_bug.cgi?id=123060
218
219         Reviewed by Michael Saboff.
220
221         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
222         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
223
224         * dfg/DFGSpeculativeJIT.h:
225         (JSC::DFG::SpeculativeJIT::callOperation):
226         * jit/CCallHelpers.h:
227         (JSC::CCallHelpers::setupArgumentsWithExecState):
228         * jit/JITInlines.h:
229         (JSC::JIT::callOperation):
230
231 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
232
233         Unreviewed, fix FTL build.
234
235         * ftl/FTLIntrinsicRepository.h:
236         * ftl/FTLLowerDFGToLLVM.cpp:
237         (JSC::FTL::LowerDFGToLLVM::compileGetById):
238
239 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
240
241         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
242         https://bugs.webkit.org/show_bug.cgi?id=122940
243
244         Reviewed by Oliver Hunt.
245         
246         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
247         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
248         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
249         StructureStubInfo's. It removes some of the need for the compile-time property access
250         records; for example the DFG no longer has to save information about registers in a
251         property access record only to later save it to the stub info.
252         
253         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
254         at any stage of compilation.
255
256         * bytecode/CodeBlock.cpp:
257         (JSC::CodeBlock::printGetByIdCacheStatus):
258         (JSC::CodeBlock::dumpBytecode):
259         (JSC::CodeBlock::~CodeBlock):
260         (JSC::CodeBlock::propagateTransitions):
261         (JSC::CodeBlock::finalizeUnconditionally):
262         (JSC::CodeBlock::addStubInfo):
263         (JSC::CodeBlock::getStubInfoMap):
264         (JSC::CodeBlock::shrinkToFit):
265         * bytecode/CodeBlock.h:
266         (JSC::CodeBlock::begin):
267         (JSC::CodeBlock::end):
268         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
269         * bytecode/CodeOrigin.h:
270         (JSC::CodeOrigin::CodeOrigin):
271         (JSC::CodeOrigin::isHashTableDeletedValue):
272         (JSC::CodeOrigin::hash):
273         (JSC::CodeOriginHash::hash):
274         (JSC::CodeOriginHash::equal):
275         * bytecode/GetByIdStatus.cpp:
276         (JSC::GetByIdStatus::computeFor):
277         * bytecode/GetByIdStatus.h:
278         * bytecode/PutByIdStatus.cpp:
279         (JSC::PutByIdStatus::computeFor):
280         * bytecode/PutByIdStatus.h:
281         * bytecode/StructureStubInfo.h:
282         (JSC::getStructureStubInfoCodeOrigin):
283         * dfg/DFGByteCodeParser.cpp:
284         (JSC::DFG::ByteCodeParser::parseBlock):
285         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
286         * dfg/DFGJITCompiler.cpp:
287         (JSC::DFG::JITCompiler::link):
288         * dfg/DFGJITCompiler.h:
289         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
290         (JSC::DFG::InRecord::InRecord):
291         * dfg/DFGSpeculativeJIT.cpp:
292         (JSC::DFG::SpeculativeJIT::compileIn):
293         * dfg/DFGSpeculativeJIT.h:
294         (JSC::DFG::SpeculativeJIT::callOperation):
295         * dfg/DFGSpeculativeJIT32_64.cpp:
296         (JSC::DFG::SpeculativeJIT::cachedGetById):
297         (JSC::DFG::SpeculativeJIT::cachedPutById):
298         * dfg/DFGSpeculativeJIT64.cpp:
299         (JSC::DFG::SpeculativeJIT::cachedGetById):
300         (JSC::DFG::SpeculativeJIT::cachedPutById):
301         * jit/CCallHelpers.h:
302         (JSC::CCallHelpers::setupArgumentsWithExecState):
303         * jit/JIT.cpp:
304         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
305         (JSC::JIT::privateCompile):
306         * jit/JIT.h:
307         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
308         * jit/JITInlines.h:
309         (JSC::JIT::callOperation):
310         * jit/JITOperations.cpp:
311         * jit/JITOperations.h:
312         * jit/JITPropertyAccess.cpp:
313         (JSC::JIT::emitSlow_op_get_by_id):
314         (JSC::JIT::emitSlow_op_put_by_id):
315         * jit/JITPropertyAccess32_64.cpp:
316         (JSC::JIT::emitSlow_op_get_by_id):
317         (JSC::JIT::emitSlow_op_put_by_id):
318         * jit/Repatch.cpp:
319         (JSC::appropriateGenericPutByIdFunction):
320         (JSC::appropriateListBuildingPutByIdFunction):
321         (JSC::resetPutByID):
322
323 2013-10-18  Oliver Hunt  <oliver@apple.com>
324
325         Spread operator should be performing direct "puts" and not triggering setters
326         https://bugs.webkit.org/show_bug.cgi?id=123047
327
328         Reviewed by Geoffrey Garen.
329
330         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
331         to array construct.  This required a new PutByValDirect node to be introduced to
332         the DFG.  The current implementation simply changes the slow path function that
333         is called, but in future this could be made faster as it does not need to check
334         the prototype chain.
335
336         * bytecode/CodeBlock.cpp:
337         (JSC::CodeBlock::dumpBytecode):
338         (JSC::CodeBlock::CodeBlock):
339         * bytecode/Opcode.h:
340         (JSC::padOpcodeName):
341         * bytecompiler/BytecodeGenerator.cpp:
342         (JSC::BytecodeGenerator::emitDirectPutByVal):
343         * bytecompiler/BytecodeGenerator.h:
344         * bytecompiler/NodesCodegen.cpp:
345         (JSC::ArrayNode::emitBytecode):
346         * dfg/DFGAbstractInterpreterInlines.h:
347         (JSC::DFG::::executeEffects):
348         * dfg/DFGBackwardsPropagationPhase.cpp:
349         (JSC::DFG::BackwardsPropagationPhase::propagate):
350         * dfg/DFGByteCodeParser.cpp:
351         (JSC::DFG::ByteCodeParser::parseBlock):
352         * dfg/DFGCSEPhase.cpp:
353         (JSC::DFG::CSEPhase::getArrayLengthElimination):
354         (JSC::DFG::CSEPhase::getByValLoadElimination):
355         (JSC::DFG::CSEPhase::checkStructureElimination):
356         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
357         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
358         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
359         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
360         (JSC::DFG::CSEPhase::performNodeCSE):
361         * dfg/DFGCapabilities.cpp:
362         (JSC::DFG::capabilityLevel):
363         * dfg/DFGClobberize.h:
364         (JSC::DFG::clobberize):
365         * dfg/DFGFixupPhase.cpp:
366         (JSC::DFG::FixupPhase::fixupNode):
367         * dfg/DFGGraph.h:
368         (JSC::DFG::Graph::clobbersWorld):
369         * dfg/DFGNode.h:
370         (JSC::DFG::Node::hasArrayMode):
371         * dfg/DFGNodeType.h:
372         * dfg/DFGOperations.cpp:
373         (JSC::DFG::putByVal):
374         (JSC::DFG::operationPutByValInternal):
375         * dfg/DFGOperations.h:
376         * dfg/DFGPredictionPropagationPhase.cpp:
377         (JSC::DFG::PredictionPropagationPhase::propagate):
378         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
379         * dfg/DFGSafeToExecute.h:
380         (JSC::DFG::safeToExecute):
381         * dfg/DFGSpeculativeJIT32_64.cpp:
382         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
383         (JSC::DFG::SpeculativeJIT::compile):
384         * dfg/DFGSpeculativeJIT64.cpp:
385         (JSC::DFG::SpeculativeJIT::compile):
386         * dfg/DFGTypeCheckHoistingPhase.cpp:
387         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
388         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
389         * jit/JIT.cpp:
390         (JSC::JIT::privateCompileMainPass):
391         (JSC::JIT::privateCompileSlowCases):
392         * jit/JIT.h:
393         (JSC::JIT::compileDirectPutByVal):
394         * jit/JITOperations.cpp:
395         * jit/JITOperations.h:
396         * jit/JITPropertyAccess.cpp:
397         (JSC::JIT::emitSlow_op_put_by_val):
398         (JSC::JIT::privateCompilePutByVal):
399         * jit/JITPropertyAccess32_64.cpp:
400         (JSC::JIT::emitSlow_op_put_by_val):
401         * llint/LLIntSlowPaths.cpp:
402         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
403         * llint/LLIntSlowPaths.h:
404         * llint/LowLevelInterpreter32_64.asm:
405         * llint/LowLevelInterpreter64.asm:
406
407 2013-10-18  Daniel Bates  <dabates@apple.com>
408
409         [iOS] Export symbol for VM::sharedInstanceExists()
410         https://bugs.webkit.org/show_bug.cgi?id=123046
411
412         Reviewed by Mark Hahnenberg.
413
414         * runtime/VM.h:
415
416 2013-10-18  Daniel Bates  <dabates@apple.com>
417
418         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
419         https://bugs.webkit.org/show_bug.cgi?id=123049
420
421         Reviewed by Mark Hahnenberg.
422
423         * heap/Heap.cpp:
424         (JSC::Heap::setIncrementalSweeper):
425         * heap/Heap.h:
426         * heap/HeapTimer.h:
427         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
428         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
429         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
430         (duplicates the include in the .cpp).
431         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
432         making use of this now, but we'll make use of it in a subsequent patch.
433
434 2013-10-18  Anders Carlsson  <andersca@apple.com>
435
436         Remove spaces between template angle brackets
437         https://bugs.webkit.org/show_bug.cgi?id=123040
438
439         Reviewed by Andreas Kling.
440
441         * API/JSCallbackObject.cpp:
442         (JSC::::create):
443         * API/JSObjectRef.cpp:
444         * bytecode/CodeBlock.h:
445         (JSC::CodeBlock::constants):
446         (JSC::CodeBlock::setConstantRegisters):
447         * bytecode/DFGExitProfile.h:
448         * bytecode/EvalCodeCache.h:
449         * bytecode/Operands.h:
450         * bytecode/UnlinkedCodeBlock.h:
451         (JSC::UnlinkedCodeBlock::constantRegisters):
452         * bytecode/Watchpoint.h:
453         * bytecompiler/BytecodeGenerator.h:
454         * bytecompiler/StaticPropertyAnalysis.h:
455         * bytecompiler/StaticPropertyAnalyzer.h:
456         * dfg/DFGArgumentsSimplificationPhase.cpp:
457         * dfg/DFGBlockInsertionSet.h:
458         * dfg/DFGCSEPhase.cpp:
459         (JSC::DFG::performCSE):
460         (JSC::DFG::performStoreElimination):
461         * dfg/DFGCommonData.h:
462         * dfg/DFGDesiredStructureChains.h:
463         * dfg/DFGDesiredWatchpoints.h:
464         * dfg/DFGJITCompiler.h:
465         * dfg/DFGOSRExitCompiler32_64.cpp:
466         (JSC::DFG::OSRExitCompiler::compileExit):
467         * dfg/DFGOSRExitCompiler64.cpp:
468         (JSC::DFG::OSRExitCompiler::compileExit):
469         * dfg/DFGWorklist.h:
470         * heap/BlockAllocator.h:
471         (JSC::CopiedBlock):
472         (JSC::MarkedBlock):
473         (JSC::WeakBlock):
474         (JSC::MarkStackSegment):
475         (JSC::CopyWorkListSegment):
476         (JSC::HandleBlock):
477         * heap/Heap.h:
478         * heap/Local.h:
479         * heap/MarkedBlock.h:
480         * heap/Strong.h:
481         * jit/AssemblyHelpers.cpp:
482         (JSC::AssemblyHelpers::decodedCodeMapFor):
483         * jit/AssemblyHelpers.h:
484         * jit/SpecializedThunkJIT.h:
485         * parser/Nodes.h:
486         * parser/Parser.cpp:
487         (JSC::::parseIfStatement):
488         * parser/Parser.h:
489         (JSC::Scope::copyCapturedVariablesToVector):
490         (JSC::parse):
491         * parser/ParserArena.h:
492         * parser/SourceProviderCacheItem.h:
493         * profiler/LegacyProfiler.cpp:
494         (JSC::dispatchFunctionToProfiles):
495         * profiler/LegacyProfiler.h:
496         (JSC::LegacyProfiler::currentProfiles):
497         * profiler/ProfileNode.h:
498         (JSC::ProfileNode::children):
499         * profiler/ProfilerDatabase.h:
500         * runtime/Butterfly.h:
501         (JSC::Butterfly::contiguousInt32):
502         (JSC::Butterfly::contiguous):
503         * runtime/GenericTypedArrayViewInlines.h:
504         (JSC::::create):
505         * runtime/Identifier.h:
506         (JSC::Identifier::add):
507         * runtime/JSPromise.h:
508         * runtime/PropertyMapHashTable.h:
509         * runtime/PropertyNameArray.h:
510         * runtime/RegExpCache.h:
511         * runtime/SparseArrayValueMap.h:
512         * runtime/SymbolTable.h:
513         * runtime/VM.h:
514         * tools/CodeProfile.cpp:
515         (JSC::truncateTrace):
516         * tools/CodeProfile.h:
517         * yarr/YarrInterpreter.cpp:
518         * yarr/YarrInterpreter.h:
519         (JSC::Yarr::BytecodePattern::BytecodePattern):
520         * yarr/YarrJIT.cpp:
521         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
522         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
523         (JSC::Yarr::YarrGenerator::opCompileBody):
524         * yarr/YarrPattern.cpp:
525         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
526         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
527         * yarr/YarrPattern.h:
528
529 2013-10-18  Mark Lam  <mark.lam@apple.com>
530
531         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
532         https://bugs.webkit.org/show_bug.cgi?id=123037.
533
534         Reviewed by Geoffrey Garen.
535
536         * jit/JITStubsMSVC64.asm:
537         * jit/JITStubsX86.h:
538         * jit/JITStubsX86_64.h:
539
540 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
541
542         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
543         https://bugs.webkit.org/show_bug.cgi?id=121661
544
545         Reviewed by Mark Hahnenberg.
546         
547         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
548         so I added a return-early check using isCompilationThread().
549         
550         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
551         it is describing: m_offset and the property table. Most structures only have m_offset and report
552         null for the property table. If the property table is there, it will tell you additional
553         information and that information subsumes m_offset - but the m_offset is still there. So, when
554         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
555         machinery to do this.
556         
557         Changing the property table only happens on the main thread.
558         
559         Because the machinery to change the property table is so complex, especially with respect to
560         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
561         called at key points before and after changes to the property table or the offset.
562
563         Most clients of Structure who care about object layout, including the concurrent thread, will
564         want to know m_offset and not the property table. If they want the property table, they will
565         already be super careful. The concurrent thread has special methods for this, like
566         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
567         view of the property table.
568         
569         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
570         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
571         
572         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
573         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
574         because we have found that it helps quickly identify situations where the property table and
575         m_offset get out of sync - mainly because code that changes either of those things will usually
576         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
577         need the property table; it uses the m_offset. The concurrent JIT is correct to call
578         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
579         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
580         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
581         locks, and that same structure is having its property table modified by the main thread, we end
582         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
583         property table modified - instead what happens is that some downstream structure steals the
584         property table and then starts adding things to it. The concurrent thread loads the property
585         table before it's stolen, and hence the badness.
586         
587         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
588         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
589         and then you have a possible crash.
590         
591         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
592         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
593         it's in the concurrent JIT.
594         
595         * runtime/StructureInlines.h:
596         (JSC::Structure::checkOffsetConsistency):
597
598 2013-10-18  Daniel Bates  <dabates@apple.com>
599
600         Add SPI to disable the garbage collector timer
601         https://bugs.webkit.org/show_bug.cgi?id=122921
602
603         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
604         omitted.
605
606         * heap/Heap.cpp:
607         (JSC::Heap::setGarbageCollectionTimerEnabled):
608
609 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
610
611         Group 64-bit specific and 32-bit specific callOperation implementations.
612         https://bugs.webkit.org/show_bug.cgi?id=123024
613
614         Reviewed by Michael Saboff.
615
616         This is not a big deal, but could be less confusing when reading the code.
617
618         * jit/JITInlines.h:
619         (JSC::JIT::callOperation):
620         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
621         (JSC::JIT::callOperationNoExceptionCheck):
622
623 2013-10-18  Nadav Rotem  <nrotem@apple.com>
624
625         Fix a FlushLiveness problem.
626         https://bugs.webkit.org/show_bug.cgi?id=122984
627
628         Reviewed by Filip Pizlo.
629
630         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
631         (JSC::DFG::FlushLivenessAnalysisPhase::process):
632
633 2013-10-18  Michael Saboff  <msaboff@apple.com>
634
635         Change native function call stubs to use JIT operations instead of ctiVMHandleException
636         https://bugs.webkit.org/show_bug.cgi?id=122982
637
638         Reviewed by Geoffrey Garen.
639
640         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
641         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
642         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
643         in the process.
644
645         * dfg/DFGJITCompiler.cpp:
646         (JSC::DFG::JITCompiler::compileExceptionHandlers):
647         * jit/CCallHelpers.h:
648         (JSC::CCallHelpers::jumpToExceptionHandler):
649         * jit/JIT.cpp:
650         (JSC::JIT::privateCompileExceptionHandlers):
651         * jit/JIT.h:
652         * jit/JITExceptions.cpp:
653         (JSC::genericUnwind):
654         * jit/JITExceptions.h:
655         * jit/JITInlines.h:
656         (JSC::JIT::callOperationNoExceptionCheck):
657         * jit/JITOpcodes.cpp:
658         (JSC::JIT::emit_op_throw):
659         * jit/JITOpcodes32_64.cpp:
660         (JSC::JIT::privateCompileCTINativeCall):
661         (JSC::JIT::emit_op_throw):
662         * jit/JITOperations.cpp:
663         * jit/JITOperations.h:
664         * jit/JITStubs.cpp:
665         * jit/JITStubs.h:
666         * jit/JITStubsARM.h:
667         * jit/JITStubsARM64.h:
668         * jit/JITStubsARMv7.h:
669         * jit/JITStubsMIPS.h:
670         * jit/JITStubsMSVC64.asm:
671         * jit/JITStubsSH4.h:
672         * jit/JITStubsX86.h:
673         * jit/JITStubsX86_64.h:
674         * jit/Repatch.cpp:
675         (JSC::tryBuildGetByIDList):
676         * jit/SlowPathCall.h:
677         (JSC::JITSlowPathCall::call):
678         * jit/ThunkGenerators.cpp:
679         (JSC::throwExceptionFromCallSlowPathGenerator):
680         (JSC::nativeForGenerator):
681         * runtime/VM.h:
682         (JSC::VM::callFrameForThrowOffset):
683         (JSC::VM::targetMachinePCForThrowOffset):
684
685 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
686
687         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
688         https://bugs.webkit.org/show_bug.cgi?id=123023
689
690         Reviewed by Michael Saboff.
691
692         * jit/JITInlines.h:
693         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
694         using EABI_32BIT_DUMMY_ARG here.
695
696 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
697
698         Unreviewed, another ARM64 build fix.
699         
700         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
701         on ARM64 and none of its uses are legit - they should all be using
702         andPtr(TrustedImm32, blah) anyway.
703
704         * assembler/MacroAssembler.h:
705         * assembler/MacroAssemblerARM64.h:
706         * dfg/DFGJITCompiler.cpp:
707         (JSC::DFG::JITCompiler::compileExceptionHandlers):
708         * jit/JIT.cpp:
709         (JSC::JIT::privateCompileExceptionHandlers):
710
711 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
712
713         Unreviewed, speculative ARM64 build fix.
714         
715         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
716         implemented. So, you have to use TrustedImmPtr in the superclasses.
717
718         * assembler/MacroAssemblerARM64.h:
719         (JSC::MacroAssemblerARM64::store8):
720         (JSC::MacroAssemblerARM64::branchTest8):
721
722 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
723
724         Unreviewed, speculative ARM build fix.
725         https://bugs.webkit.org/show_bug.cgi?id=122890
726         <rdar://problem/15258624>
727
728         * assembler/ARM64Assembler.h:
729         (JSC::ARM64Assembler::firstRegister):
730         (JSC::ARM64Assembler::lastRegister):
731         (JSC::ARM64Assembler::firstFPRegister):
732         (JSC::ARM64Assembler::lastFPRegister):
733         * assembler/MacroAssemblerARM64.h:
734         * assembler/MacroAssemblerARMv7.h:
735
736 2013-10-17  Andreas Kling  <akling@apple.com>
737
738         Pass VM instead of JSGlobalObject to JSONObject constructor.
739         <https://webkit.org/b/122999>
740
741         JSONObject was only use the JSGlobalObject to grab at the VM.
742         Dodge a few loads by passing the VM directly instead.
743
744         Reviewed by Geoffrey Garen.
745
746         * runtime/JSONObject.cpp:
747         (JSC::JSONObject::JSONObject):
748         (JSC::JSONObject::finishCreation):
749         * runtime/JSONObject.h:
750         (JSC::JSONObject::create):
751
752 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
753
754         Removed the JITStackFrame struct
755         https://bugs.webkit.org/show_bug.cgi?id=123001
756
757         Reviewed by Anders Carlsson.
758
759         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
760         our helper functions obey the C function call ABI.
761
762 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
763
764         Removed an unused #define
765         https://bugs.webkit.org/show_bug.cgi?id=123000
766
767         Reviewed by Anders Carlsson.
768
769         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
770         since it is unused now. This is a step toward using the C stack.
771
772 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
773
774         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
775         https://bugs.webkit.org/show_bug.cgi?id=122973
776
777         Reviewed by Michael Saboff.
778
779         * jit/ThunkGenerators.cpp:
780         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
781         so I removed it.
782
783         The code acted as if it needed to pass an argument to
784         lookupExceptionHandler, and as if it passed that argument to itself
785         through JITStackFrame. However, lookupExceptionHandler does not take
786         an argument (other than the default ExecState argument), and the code
787         did not initialize the thing that it thought it passed to itself!
788
789 2013-10-17  Alex Christensen  <achristensen@webkit.org>
790
791         Run JavaScriptCore tests again on Windows.
792         https://bugs.webkit.org/show_bug.cgi?id=122787
793
794         Reviewed by Tim Horton.
795
796         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
797         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
798
799 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
800
801         Removed restoreArgumentReference (another use of JITStackFrame)
802         https://bugs.webkit.org/show_bug.cgi?id=122997
803
804         Reviewed by Oliver Hunt.
805
806         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
807         toward using the C stack.
808
809 2013-10-17  Oliver Hunt  <oliver@apple.com>
810
811         Remove JITStubCall.h
812         https://bugs.webkit.org/show_bug.cgi?id=122991
813
814         Reviewed by Geoff Garen.
815
816         Happily this is no longer used
817
818         * GNUmakefile.list.am:
819         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
820         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
821         * JavaScriptCore.xcodeproj/project.pbxproj:
822         * jit/JIT.cpp:
823         * jit/JITArithmetic.cpp:
824         * jit/JITArithmetic32_64.cpp:
825         * jit/JITCall.cpp:
826         * jit/JITCall32_64.cpp:
827         * jit/JITOpcodes.cpp:
828         * jit/JITOpcodes32_64.cpp:
829         * jit/JITPropertyAccess.cpp:
830         * jit/JITPropertyAccess32_64.cpp:
831         * jit/JITStubCall.h: Removed.
832
833 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
834
835         Removed a use of JITSTACKFRAME_ARGS_INDEX
836         https://bugs.webkit.org/show_bug.cgi?id=122989
837
838         Reviewed by Oliver Hunt.
839
840         * jit/JITStubCall.h: Removed an unused function. This is one step closer
841         to using the C stack.
842
843 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
844
845         Change emit_op_catch to use another method to materialize VM
846         https://bugs.webkit.org/show_bug.cgi?id=122977
847
848         Reviewed by Oliver Hunt.
849
850         * jit/JITOpcodes.cpp:
851         (JSC::JIT::emit_op_catch):
852         * jit/JITOpcodes32_64.cpp:
853         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
854         on JITStackFrame. It is also faster and simpler.
855
856 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
857
858         Eliminate emitGetJITStubArg() - dead code
859         https://bugs.webkit.org/show_bug.cgi?id=122975
860
861         Reviewed by Anders Carlsson.
862
863         * jit/JIT.h:
864         * jit/JITInlines.h: Removed unused, deprecated function.
865
866 2013-10-17  Mark Lam  <mark.lam@apple.com>
867
868         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
869         https://bugs.webkit.org/show_bug.cgi?id=122979.
870
871         Reviewed by Michael Saboff.
872
873         * jit/JITStubs.cpp:
874         * jit/JITStubs.h:
875         * jit/JITStubsARM.h:
876         * jit/JITStubsARM64.h:
877         * jit/JITStubsARMv7.h:
878         * jit/JITStubsMIPS.h:
879         * jit/JITStubsSH4.h:
880         * jit/JITStubsX86.h:
881         * jit/JITStubsX86_64.h:
882         * runtime/VM.cpp:
883         (JSC::VM::VM):
884
885 2013-10-17  Michael Saboff  <msaboff@apple.com>
886
887         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
888         https://bugs.webkit.org/show_bug.cgi?id=122974
889
890         Reviewed by Geoffrey Garen.
891
892         Eliminated unneeded storing to JITStackFrame.
893
894         * dfg/DFGJITCompiler.cpp:
895         (JSC::DFG::JITCompiler::compileFunction):
896
897 2013-10-17  Michael Saboff  <msaboff@apple.com>
898
899         Transition cti_op_throw and cti_vm_throw to a JIT operation
900         https://bugs.webkit.org/show_bug.cgi?id=122931
901
902         Reviewed by Filip Pizlo.
903
904         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
905         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
906         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
907         callOperation to handle the need to provide space for structure return value.
908
909         * jit/JIT.h:
910         * jit/JITInlines.h:
911         (JSC::JIT::callOperation):
912         * jit/JITOpcodes.cpp:
913         (JSC::JIT::emit_op_throw):
914         * jit/JITOpcodes32_64.cpp:
915         (JSC::JIT::emit_op_throw):
916         (JSC::JIT::emit_op_catch):
917         * jit/JITOperations.cpp:
918         * jit/JITOperations.h:
919         * jit/JITStubs.cpp:
920         * jit/JITStubs.h:
921         * jit/JITStubsARM.h:
922         * jit/JITStubsARM64.h:
923         * jit/JITStubsARMv7.h:
924         * jit/JITStubsMIPS.h:
925         * jit/JITStubsMSVC64.asm:
926         * jit/JITStubsSH4.h:
927         * jit/JITStubsX86.h:
928         * jit/JITStubsX86_64.h:
929         * jit/JSInterfaceJIT.h:
930
931 2013-10-17  Mark Lam  <mark.lam@apple.com>
932
933         Remove JITStackFrame references in the C Loop LLINT.
934         https://bugs.webkit.org/show_bug.cgi?id=122950.
935
936         Reviewed by Michael Saboff.
937
938         * jit/JITStubs.h:
939         * llint/LowLevelInterpreter.cpp:
940         (JSC::CLoop::execute):
941         * offlineasm/cloop.rb:
942
943 2013-10-17  Mark Lam  <mark.lam@apple.com>
944
945         Remove JITStackFrame references in JIT probes.
946         https://bugs.webkit.org/show_bug.cgi?id=122947.
947
948         Reviewed by Michael Saboff.
949
950         * assembler/MacroAssemblerARM.cpp:
951         (JSC::MacroAssemblerARM::ProbeContext::dump):
952         * assembler/MacroAssemblerARM.h:
953         * assembler/MacroAssemblerARMv7.cpp:
954         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
955         * assembler/MacroAssemblerARMv7.h:
956         * assembler/MacroAssemblerX86Common.cpp:
957         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
958         * assembler/MacroAssemblerX86Common.h:
959         * jit/JITStubsARM.h:
960         * jit/JITStubsARMv7.h:
961         * jit/JITStubsX86.h:
962         * jit/JITStubsX86Common.h:
963         * jit/JITStubsX86_64.h:
964
965 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
966
967         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
968         https://bugs.webkit.org/show_bug.cgi?id=122949
969
970         Reviewed by Andreas Kling.
971
972         * jit/CCallHelpers.h:
973         (JSC::CCallHelpers::setupArgumentsWithExecState):
974
975 2013-10-16  Mark Lam  <mark.lam@apple.com>
976
977         Transition remaining op_get* JITStubs to JIT operations.
978         https://bugs.webkit.org/show_bug.cgi?id=122925.
979
980         Reviewed by Geoffrey Garen.
981
982         Transitioning:
983             cti_op_get_by_id_generic
984             cti_op_get_by_val
985             cti_op_get_by_val_generic
986             cti_op_get_by_val_string
987
988         * dfg/DFGOperations.cpp:
989         * dfg/DFGOperations.h:
990         * jit/JIT.h:
991         * jit/JITInlines.h:
992         (JSC::JIT::callOperation):
993         * jit/JITOpcodes.cpp:
994         (JSC::JIT::emitSlow_op_get_arguments_length):
995         (JSC::JIT::emitSlow_op_get_argument_by_val):
996         * jit/JITOpcodes32_64.cpp:
997         (JSC::JIT::emitSlow_op_get_arguments_length):
998         (JSC::JIT::emitSlow_op_get_argument_by_val):
999         * jit/JITOperations.cpp:
1000         * jit/JITOperations.h:
1001         * jit/JITPropertyAccess.cpp:
1002         (JSC::JIT::emitSlow_op_get_by_val):
1003         (JSC::JIT::emitSlow_op_get_by_pname):
1004         (JSC::JIT::privateCompileGetByVal):
1005         * jit/JITPropertyAccess32_64.cpp:
1006         (JSC::JIT::emitSlow_op_get_by_val):
1007         (JSC::JIT::emitSlow_op_get_by_pname):
1008         * jit/JITStubs.cpp:
1009         * jit/JITStubs.h:
1010         * runtime/Executable.cpp:
1011         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1012         * runtime/Options.cpp:
1013         (JSC::Options::initialize):
1014
1015 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1016
1017         Introduce WTF::Bag and start using it for InlineCallFrameSet
1018         https://bugs.webkit.org/show_bug.cgi?id=122941
1019
1020         Reviewed by Geoffrey Garen.
1021         
1022         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1023         SegmentedVectors into Bags as well.
1024
1025         * bytecode/InlineCallFrameSet.cpp:
1026         (JSC::InlineCallFrameSet::add):
1027         * bytecode/InlineCallFrameSet.h:
1028         (JSC::InlineCallFrameSet::begin):
1029         (JSC::InlineCallFrameSet::end):
1030         * dfg/DFGArgumentsSimplificationPhase.cpp:
1031         (JSC::DFG::ArgumentsSimplificationPhase::run):
1032         * dfg/DFGJITCompiler.cpp:
1033         (JSC::DFG::JITCompiler::link):
1034         * dfg/DFGStackLayoutPhase.cpp:
1035         (JSC::DFG::StackLayoutPhase::run):
1036         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1037         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1038
1039 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1040
1041         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1042         https://bugs.webkit.org/show_bug.cgi?id=122905
1043         <rdar://problem/15237856>
1044
1045         Reviewed by Michael Saboff.
1046         
1047         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1048         then always call it to install something that calls CRASH().
1049
1050         * llvm/InitializeLLVM.cpp:
1051         (JSC::llvmCrash):
1052         (JSC::initializeLLVMOnce):
1053         (JSC::initializeLLVM):
1054         * llvm/LLVMAPIFunctions.h:
1055
1056 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1057
1058         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1059         https://bugs.webkit.org/show_bug.cgi?id=122938
1060
1061         Reviewed by Sam Weinig.
1062         
1063         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1064
1065         * jit/Repatch.cpp:
1066         (JSC::tryBuildGetByIDList):
1067
1068 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1069
1070         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1071         https://bugs.webkit.org/show_bug.cgi?id=122937
1072
1073         Reviewed by Geoffrey Garen.
1074         
1075         JITStubCall used to do it.
1076         
1077         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1078
1079         * jit/JIT.h:
1080         (JSC::JIT::appendCall):
1081
1082 2013-10-16  Michael Saboff  <msaboff@apple.com>
1083
1084         transition void cti_op_put_by_val* stubs to JIT operations
1085         https://bugs.webkit.org/show_bug.cgi?id=122903
1086
1087         Reviewed by Geoffrey Garen.
1088
1089         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1090         operationPutByValGeneric.
1091
1092         * jit/CCallHelpers.h:
1093         (JSC::CCallHelpers::setupArgumentsWithExecState):
1094         * jit/JIT.h:
1095         * jit/JITInlines.h:
1096         (JSC::JIT::callOperation):
1097         * jit/JITOperations.cpp:
1098         * jit/JITOperations.h:
1099         * jit/JITPropertyAccess.cpp:
1100         (JSC::JIT::emitSlow_op_put_by_val):
1101         (JSC::JIT::privateCompilePutByVal):
1102         * jit/JITPropertyAccess32_64.cpp:
1103         (JSC::JIT::emitSlow_op_put_by_val):
1104         * jit/JITStubs.cpp:
1105         * jit/JITStubs.h:
1106         * jit/JSInterfaceJIT.h:
1107
1108 2013-10-16  Oliver Hunt  <oliver@apple.com>
1109
1110         Implement ES6 spread operator
1111         https://bugs.webkit.org/show_bug.cgi?id=122911
1112
1113         Reviewed by Michael Saboff.
1114
1115         Implement the ES6 spread operator
1116
1117         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1118         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1119         driven.
1120
1121         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1122         and actually handling the spread.
1123
1124         * bytecompiler/BytecodeGenerator.cpp:
1125         (JSC::BytecodeGenerator::emitNewArray):
1126         (JSC::BytecodeGenerator::emitCall):
1127         (JSC::BytecodeGenerator::emitEnumeration):
1128         * bytecompiler/BytecodeGenerator.h:
1129         * bytecompiler/NodesCodegen.cpp:
1130         (JSC::ArrayNode::emitBytecode):
1131         (JSC::ForOfNode::emitBytecode):
1132         (JSC::SpreadExpressionNode::emitBytecode):
1133         * parser/ASTBuilder.h:
1134         (JSC::ASTBuilder::createSpreadExpression):
1135         * parser/Lexer.cpp:
1136         (JSC::::lex):
1137         * parser/NodeConstructors.h:
1138         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1139         * parser/Nodes.h:
1140         (JSC::ExpressionNode::isSpreadExpression):
1141         (JSC::SpreadExpressionNode::expression):
1142         * parser/Parser.cpp:
1143         (JSC::::parseArrayLiteral):
1144         (JSC::::parseArguments):
1145         (JSC::::parseMemberExpression):
1146         * parser/Parser.h:
1147         (JSC::Parser::getTokenName):
1148         (JSC::Parser::updateErrorMessageSpecialCase):
1149         * parser/ParserTokens.h:
1150         * parser/SyntaxChecker.h:
1151         (JSC::SyntaxChecker::createSpreadExpression):
1152
1153 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1154
1155         Add a useLLInt option to jsc
1156         https://bugs.webkit.org/show_bug.cgi?id=122930
1157
1158         Reviewed by Geoffrey Garen.
1159
1160         * runtime/Executable.cpp:
1161         (JSC::setupLLInt):
1162         (JSC::setupJIT):
1163         (JSC::ScriptExecutable::prepareForExecutionImpl):
1164         * runtime/Options.h:
1165
1166 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1167
1168         Build fix.
1169
1170         Forgot to svn add DeferGC.cpp
1171
1172         * heap/DeferGC.cpp: Added.
1173
1174 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1175
1176         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1177         https://bugs.webkit.org/show_bug.cgi?id=122902
1178
1179         Reviewed by Mark Hahnenberg.
1180         
1181         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1182         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1183         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1184         didn't. Turns out that there's even a helpful method,
1185         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1186
1187         * jit/Repatch.cpp:
1188         (JSC::tryCachePutByID):
1189
1190 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1191
1192         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1193         https://bugs.webkit.org/show_bug.cgi?id=122667
1194
1195         Reviewed by Geoffrey Garen.
1196
1197         The issue this patch is attempting to fix is that there are places in our codebase
1198         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1199         operations that can initiate a garbage collection. Garbage collection then calls 
1200         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1201         always necessarily run during garbage collection). This causes a deadlock.
1202  
1203         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1204         into a thread-local field that indicates that it is unsafe to perform any operation 
1205         that could trigger garbage collection on the current thread. In debug builds, 
1206         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1207         detect deadlocks.
1208  
1209         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1210         which uses the DeferGC mechanism to prevent collections from occurring while the 
1211         lock is held.
1212
1213         * CMakeLists.txt:
1214         * GNUmakefile.list.am:
1215         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1216         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1217         * JavaScriptCore.xcodeproj/project.pbxproj:
1218         * heap/DeferGC.h:
1219         (JSC::DisallowGC::DisallowGC):
1220         (JSC::DisallowGC::~DisallowGC):
1221         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1222         (JSC::DisallowGC::initialize):
1223         * jit/Repatch.cpp:
1224         (JSC::repatchPutByID):
1225         (JSC::buildPutByIdList):
1226         * llint/LLIntSlowPaths.cpp:
1227         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1228         * runtime/ConcurrentJITLock.h:
1229         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1230         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1231         (JSC::ConcurrentJITLockerBase::unlockEarly):
1232         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1233         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1234         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1235         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1236         * runtime/InitializeThreading.cpp:
1237         (JSC::initializeThreadingOnce):
1238         * runtime/JSCellInlines.h:
1239         (JSC::allocateCell):
1240         * runtime/JSSymbolTableObject.h:
1241         (JSC::symbolTablePut):
1242         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1243         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1244         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1245         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1246         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1247         the Structure.
1248         (JSC::Structure::materializePropertyMap):
1249         (JSC::Structure::despecifyDictionaryFunction):
1250         (JSC::Structure::changePrototypeTransition):
1251         (JSC::Structure::despecifyFunctionTransition):
1252         (JSC::Structure::attributeChangeTransition):
1253         (JSC::Structure::toDictionaryTransition):
1254         (JSC::Structure::preventExtensionsTransition):
1255         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1256         (JSC::Structure::isSealed):
1257         (JSC::Structure::isFrozen):
1258         (JSC::Structure::addPropertyWithoutTransition):
1259         (JSC::Structure::removePropertyWithoutTransition):
1260         (JSC::Structure::get):
1261         (JSC::Structure::despecifyFunction):
1262         (JSC::Structure::despecifyAllFunctions):
1263         (JSC::Structure::putSpecificValue):
1264         (JSC::Structure::createPropertyMap):
1265         (JSC::Structure::getPropertyNamesFromStructure):
1266         * runtime/Structure.h:
1267         (JSC::Structure::materializePropertyMapIfNecessary):
1268         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1269         * runtime/StructureInlines.h:
1270         (JSC::Structure::get):
1271         * runtime/SymbolTable.h:
1272         (JSC::SymbolTable::find):
1273         (JSC::SymbolTable::end):
1274
1275 2013-10-16  Daniel Bates  <dabates@apple.com>
1276
1277         Add SPI to disable the garbage collector timer
1278         https://bugs.webkit.org/show_bug.cgi?id=122921
1279
1280         Reviewed by Geoffrey Garen.
1281
1282         Based on a patch by Mark Hahnenberg.
1283
1284         * API/JSBase.cpp:
1285         (JSDisableGCTimer): Added; SPI function.
1286         * API/JSBasePrivate.h:
1287         * heap/BlockAllocator.cpp:
1288         (JSC::createBlockFreeingThread): Added.
1289         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1290         to conditionally create the "block freeing" thread depending on the value of
1291         GCActivityCallback::s_shouldCreateGCTimer.
1292         (JSC::BlockAllocator::~BlockAllocator):
1293         * heap/BlockAllocator.h:
1294         (JSC::BlockAllocator::deallocate):
1295         * heap/Heap.cpp:
1296         (JSC::Heap::didAbandon):
1297         (JSC::Heap::collect):
1298         (JSC::Heap::didAllocate):
1299         * heap/HeapTimer.cpp:
1300         (JSC::HeapTimer::timerDidFire):
1301         * runtime/GCActivityCallback.cpp:
1302         * runtime/GCActivityCallback.h:
1303         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1304         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1305         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1306
1307 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1308
1309         Unreviewed, rolling out r157529.
1310         http://trac.webkit.org/changeset/157529
1311         https://bugs.webkit.org/show_bug.cgi?id=122919
1312
1313         Caused score test failures and some build failures. (Requested
1314         by rfong on #webkit).
1315
1316         * bytecompiler/BytecodeGenerator.cpp:
1317         (JSC::BytecodeGenerator::emitNewArray):
1318         (JSC::BytecodeGenerator::emitCall):
1319         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1320         * bytecompiler/BytecodeGenerator.h:
1321         * bytecompiler/NodesCodegen.cpp:
1322         (JSC::ArrayNode::emitBytecode):
1323         (JSC::CallArguments::CallArguments):
1324         (JSC::ForOfNode::emitBytecode):
1325         (JSC::BindingNode::collectBoundIdentifiers):
1326         * parser/ASTBuilder.h:
1327         * parser/Lexer.cpp:
1328         (JSC::::lex):
1329         * parser/NodeConstructors.h:
1330         (JSC::DotAccessorNode::DotAccessorNode):
1331         * parser/Nodes.h:
1332         * parser/Parser.cpp:
1333         (JSC::::parseArrayLiteral):
1334         (JSC::::parseArguments):
1335         (JSC::::parseMemberExpression):
1336         * parser/Parser.h:
1337         (JSC::Parser::getTokenName):
1338         (JSC::Parser::updateErrorMessageSpecialCase):
1339         * parser/ParserTokens.h:
1340         * parser/SyntaxChecker.h:
1341
1342 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1343
1344         Remove useless architecture specific implementation in DFG.
1345         https://bugs.webkit.org/show_bug.cgi?id=122917.
1346
1347         Reviewed by Michael Saboff.
1348
1349         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1350         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1351
1352         * dfg/DFGSpeculativeJIT.h:
1353
1354 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1355
1356         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1357         https://bugs.webkit.org/show_bug.cgi?id=122916.
1358
1359         Reviewed by Michael Saboff.
1360
1361         This architecture specific function is not used anymore, so get rid of it.
1362
1363         * jit/JIT.h:
1364         * jit/JITInlines.h:
1365
1366 2013-10-16  Oliver Hunt  <oliver@apple.com>
1367
1368         Implement ES6 spread operator
1369         https://bugs.webkit.org/show_bug.cgi?id=122911
1370
1371         Reviewed by Michael Saboff.
1372
1373         Implement the ES6 spread operator
1374
1375         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1376         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1377         driven.
1378
1379         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1380         and actually handling the spread.
1381
1382         * bytecompiler/BytecodeGenerator.cpp:
1383         (JSC::BytecodeGenerator::emitNewArray):
1384         (JSC::BytecodeGenerator::emitCall):
1385         (JSC::BytecodeGenerator::emitEnumeration):
1386         * bytecompiler/BytecodeGenerator.h:
1387         * bytecompiler/NodesCodegen.cpp:
1388         (JSC::ArrayNode::emitBytecode):
1389         (JSC::ForOfNode::emitBytecode):
1390         (JSC::SpreadExpressionNode::emitBytecode):
1391         * parser/ASTBuilder.h:
1392         (JSC::ASTBuilder::createSpreadExpression):
1393         * parser/Lexer.cpp:
1394         (JSC::::lex):
1395         * parser/NodeConstructors.h:
1396         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1397         * parser/Nodes.h:
1398         (JSC::ExpressionNode::isSpreadExpression):
1399         (JSC::SpreadExpressionNode::expression):
1400         * parser/Parser.cpp:
1401         (JSC::::parseArrayLiteral):
1402         (JSC::::parseArguments):
1403         (JSC::::parseMemberExpression):
1404         * parser/Parser.h:
1405         (JSC::Parser::getTokenName):
1406         (JSC::Parser::updateErrorMessageSpecialCase):
1407         * parser/ParserTokens.h:
1408         * parser/SyntaxChecker.h:
1409         (JSC::SyntaxChecker::createSpreadExpression):
1410
1411 2013-10-16  Mark Lam  <mark.lam@apple.com>
1412
1413         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1414         https://bugs.webkit.org/show_bug.cgi?id=122899.
1415
1416         Reviewed by Michael Saboff.
1417
1418         * jit/JITOpcodes32_64.cpp:
1419         (JSC::JIT::emit_op_tear_off_activation):
1420         (JSC::JIT::emit_op_tear_off_arguments):
1421         * jit/JITStubs.cpp:
1422         * jit/JITStubs.h:
1423
1424 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1425
1426         Remove more of the UNINTERRUPTED_SEQUENCE thing
1427         https://bugs.webkit.org/show_bug.cgi?id=122885
1428
1429         Reviewed by Andreas Kling.
1430
1431         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1432
1433         * jit/JIT.h:
1434         * jit/JITInlines.h:
1435
1436 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1437
1438         Get rid of the StructureStubInfo::patch union
1439         https://bugs.webkit.org/show_bug.cgi?id=122877
1440
1441         Reviewed by Sam Weinig.
1442         
1443         Just simplifying code by getting rid of data structures that ain't used no more.
1444         
1445         Note that I replace the patch union with a patch struct. This means we say things like
1446         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1447         encapsulation makes the code more readable: the patch struct contains just those things
1448         that you need to know to perform patching.
1449
1450         * bytecode/StructureStubInfo.h:
1451         * dfg/DFGJITCompiler.cpp:
1452         (JSC::DFG::JITCompiler::link):
1453         * jit/JIT.cpp:
1454         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1455         * jit/Repatch.cpp:
1456         (JSC::repatchByIdSelfAccess):
1457         (JSC::replaceWithJump):
1458         (JSC::linkRestoreScratch):
1459         (JSC::generateProtoChainAccessStub):
1460         (JSC::tryCacheGetByID):
1461         (JSC::getPolymorphicStructureList):
1462         (JSC::patchJumpToGetByIdStub):
1463         (JSC::tryBuildGetByIDList):
1464         (JSC::emitPutReplaceStub):
1465         (JSC::emitPutTransitionStub):
1466         (JSC::tryCachePutByID):
1467         (JSC::tryBuildPutByIdList):
1468         (JSC::tryRepatchIn):
1469         (JSC::resetGetByID):
1470         (JSC::resetPutByID):
1471         (JSC::resetIn):
1472
1473 2013-10-15  Nadav Rotem  <nrotem@apple.com>
1474
1475         FTL: add support for Int52ToValue and fix putByVal of int52s.
1476         https://bugs.webkit.org/show_bug.cgi?id=122873
1477
1478         Reviewed by Filip Pizlo.
1479
1480         * ftl/FTLCapabilities.cpp:
1481         (JSC::FTL::canCompile):
1482         * ftl/FTLLowerDFGToLLVM.cpp:
1483         (JSC::FTL::LowerDFGToLLVM::compileNode):
1484         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
1485         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1486
1487 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1488
1489         Get rid of the UNINTERRUPTED_SEQUENCE thing
1490         https://bugs.webkit.org/show_bug.cgi?id=122876
1491
1492         Reviewed by Mark Hahnenberg.
1493         
1494         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
1495         
1496         Moreover, we should resist the temptation to bring anything like this back. We don't
1497         want to have inline caches that only work if the assembler lays out code in a specific
1498         predetermined way.
1499
1500         * jit/JIT.h:
1501         * jit/JITCall.cpp:
1502         (JSC::JIT::compileOpCall):
1503         * jit/JITCall32_64.cpp:
1504         (JSC::JIT::compileOpCall):
1505
1506 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1507
1508         Baseline JIT should use the DFG GetById IC
1509         https://bugs.webkit.org/show_bug.cgi?id=122861
1510
1511         Reviewed by Oliver Hunt.
1512         
1513         This mostly just kills a ton of code.
1514         
1515         Note that this doesn't yet do all of the simplifications that can be done, but it does
1516         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
1517
1518         * bytecode/CodeBlock.cpp:
1519         (JSC::CodeBlock::resetStubInternal):
1520         * jit/JIT.cpp:
1521         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1522         * jit/JIT.h:
1523         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
1524         * jit/JITInlines.h:
1525         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1526         (JSC::JIT::callOperation):
1527         * jit/JITPropertyAccess.cpp:
1528         (JSC::JIT::compileGetByIdHotPath):
1529         (JSC::JIT::emitSlow_op_get_by_id):
1530         (JSC::JIT::emitSlow_op_get_from_scope):
1531         * jit/JITPropertyAccess32_64.cpp:
1532         (JSC::JIT::compileGetByIdHotPath):
1533         (JSC::JIT::emitSlow_op_get_by_id):
1534         (JSC::JIT::emitSlow_op_get_from_scope):
1535         * jit/JITStubs.cpp:
1536         * jit/JITStubs.h:
1537         * jit/Repatch.cpp:
1538         (JSC::repatchGetByID):
1539         (JSC::buildGetByIDList):
1540         * jit/ThunkGenerators.cpp:
1541         * jit/ThunkGenerators.h:
1542
1543 2013-10-15  Dean Jackson  <dino@apple.com>
1544
1545         Add ENABLE_WEB_ANIMATIONS flag
1546         https://bugs.webkit.org/show_bug.cgi?id=122871
1547
1548         Reviewed by Tim Horton.
1549
1550         Eventually might be http://dev.w3.org/fxtf/web-animations/
1551         but this is just engine-internal work at the moment.
1552
1553         * Configurations/FeatureDefines.xcconfig:
1554
1555 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1556
1557         [sh4] Some calls don't match sh4 ABI.
1558         https://bugs.webkit.org/show_bug.cgi?id=122863
1559
1560         Reviewed by Michael Saboff.
1561
1562         * dfg/DFGSpeculativeJIT.h:
1563         (JSC::DFG::SpeculativeJIT::callOperation):
1564         * jit/CCallHelpers.h:
1565         (JSC::CCallHelpers::setupArgumentsWithExecState):
1566         * jit/JITInlines.h:
1567         (JSC::JIT::callOperation):
1568
1569 2013-10-15  Daniel Bates  <dabates@apple.com>
1570
1571         [iOS] Upstream JavaScriptCore support for ARM64
1572         https://bugs.webkit.org/show_bug.cgi?id=122762
1573
1574         Reviewed by Oliver Hunt and Filip Pizlo.
1575
1576         * Configurations/Base.xcconfig:
1577         * Configurations/DebugRelease.xcconfig:
1578         * Configurations/JavaScriptCore.xcconfig:
1579         * Configurations/ToolExecutable.xcconfig:
1580         * JavaScriptCore.xcodeproj/project.pbxproj:
1581         * assembler/ARM64Assembler.h: Added.
1582         * assembler/AbstractMacroAssembler.h:
1583         (JSC::isARM64):
1584         (JSC::AbstractMacroAssembler::Label::Label):
1585         (JSC::AbstractMacroAssembler::Jump::Jump):
1586         (JSC::AbstractMacroAssembler::Jump::link):
1587         (JSC::AbstractMacroAssembler::Jump::linkTo):
1588         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
1589         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
1590         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
1591         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
1592         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
1593         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
1594         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
1595         (JSC::AbstractMacroAssembler::isTempRegisterValid):
1596         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
1597         (JSC::AbstractMacroAssembler::setTempRegisterValid):
1598         * assembler/LinkBuffer.cpp:
1599         (JSC::LinkBuffer::copyCompactAndLinkCode):
1600         (JSC::LinkBuffer::linkCode):
1601         * assembler/LinkBuffer.h:
1602         * assembler/MacroAssembler.h:
1603         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
1604         (JSC::MacroAssembler::pushToSave):
1605         (JSC::MacroAssembler::popToRestore):
1606         (JSC::MacroAssembler::patchableBranchTest32):
1607         * assembler/MacroAssemblerARM64.h: Added.
1608         * assembler/MacroAssemblerARMv7.h:
1609         * dfg/DFGFixupPhase.cpp:
1610         (JSC::DFG::FixupPhase::fixupNode):
1611         * dfg/DFGOSRExitCompiler32_64.cpp:
1612         (JSC::DFG::OSRExitCompiler::compileExit):
1613         * dfg/DFGOSRExitCompiler64.cpp:
1614         (JSC::DFG::OSRExitCompiler::compileExit):
1615         * dfg/DFGSpeculativeJIT.cpp:
1616         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1617         (JSC::DFG::SpeculativeJIT::compileArithMod):
1618         * disassembler/ARM64/A64DOpcode.cpp: Added.
1619         * disassembler/ARM64/A64DOpcode.h: Added.
1620         * disassembler/ARM64Disassembler.cpp: Added.
1621         * heap/MachineStackMarker.cpp:
1622         (JSC::getPlatformThreadRegisters):
1623         (JSC::otherThreadStackPointer):
1624         * heap/Region.h:
1625         * jit/AssemblyHelpers.h:
1626         (JSC::AssemblyHelpers::debugCall):
1627         * jit/CCallHelpers.h:
1628         * jit/ExecutableAllocator.h:
1629         * jit/FPRInfo.h:
1630         (JSC::FPRInfo::toRegister):
1631         (JSC::FPRInfo::toIndex):
1632         (JSC::FPRInfo::debugName):
1633         * jit/GPRInfo.h:
1634         (JSC::GPRInfo::toRegister):
1635         (JSC::GPRInfo::toIndex):
1636         (JSC::GPRInfo::debugName):
1637         * jit/JITInlines.h:
1638         (JSC::JIT::restoreArgumentReferenceForTrampoline):
1639         * jit/JITOperationWrappers.h:
1640         * jit/JITOperations.cpp:
1641         * jit/JITStubs.cpp:
1642         (JSC::performPlatformSpecificJITAssertions):
1643         (JSC::tryCachePutByID):
1644         * jit/JITStubs.h:
1645         (JSC::JITStackFrame::returnAddressSlot):
1646         * jit/JITStubsARM64.h: Added.
1647         * jit/JSInterfaceJIT.h:
1648         * jit/Repatch.cpp:
1649         (JSC::emitRestoreScratch):
1650         (JSC::generateProtoChainAccessStub):
1651         (JSC::tryCacheGetByID):
1652         (JSC::emitPutReplaceStub):
1653         (JSC::tryCachePutByID):
1654         (JSC::tryRepatchIn):
1655         * jit/ScratchRegisterAllocator.h:
1656         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1657         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1658         * jit/ThunkGenerators.cpp:
1659         (JSC::nativeForGenerator):
1660         (JSC::floorThunkGenerator):
1661         (JSC::ceilThunkGenerator):
1662         * jsc.cpp:
1663         (main):
1664         * llint/LLIntOfflineAsmConfig.h:
1665         * llint/LLIntSlowPaths.cpp:
1666         (JSC::LLInt::handleHostCall):
1667         * llint/LowLevelInterpreter.asm:
1668         * llint/LowLevelInterpreter64.asm:
1669         * offlineasm/arm.rb:
1670         * offlineasm/arm64.rb: Added.
1671         * offlineasm/backends.rb:
1672         * offlineasm/instructions.rb:
1673         * offlineasm/risc.rb:
1674         * offlineasm/transform.rb:
1675         * yarr/YarrJIT.cpp:
1676         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
1677         (JSC::Yarr::YarrGenerator::initCallFrame):
1678         (JSC::Yarr::YarrGenerator::removeCallFrame):
1679         (JSC::Yarr::YarrGenerator::generateEnter):
1680         * yarr/YarrJIT.h:
1681
1682 2013-10-15  Mark Lam  <mark.lam@apple.com>
1683
1684         Fix 3 operand sub operation in C loop LLINT.
1685         https://bugs.webkit.org/show_bug.cgi?id=122866.
1686
1687         Reviewed by Geoffrey Garen.
1688
1689         * offlineasm/cloop.rb:
1690
1691 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1692
1693         ObjCCallbackFunctionImpl shouldn't store a JSContext
1694         https://bugs.webkit.org/show_bug.cgi?id=122531
1695
1696         Reviewed by Geoffrey Garen.
1697
1698         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
1699         in the common case. It's also no longer necessary in that we can look up the current JSContext 
1700         by looking using the globalObject of the callee when the function callback is invoked.
1701  
1702         Also added a new test that would cause us to crash previously. The test required making 
1703         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
1704         in C API callbacks.
1705
1706         * API/JSContextRef.h:
1707         * API/JSContextRefPrivate.h:
1708         * API/ObjCCallbackFunction.mm:
1709         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
1710         (JSC::objCCallbackFunctionCallAsFunction):
1711         (objCCallbackFunctionForInvocation):
1712         * API/WebKitAvailability.h:
1713         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
1714         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
1715         (CallAsConstructor):
1716         (ConstructorFinalize):
1717         (ConstructorClass):
1718         (+[JSValue valueWithConstructorDescriptor:inContext:]):
1719         (-[JSContext valueWithConstructorDescriptor:]):
1720         (currentThisInsideBlockGetterTest):
1721         * API/tests/testapi.mm:
1722         * JavaScriptCore.xcodeproj/project.pbxproj:
1723         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
1724
1725 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1726
1727         Fix build after r157457 for architecture with 4 argument registers.
1728         https://bugs.webkit.org/show_bug.cgi?id=122860
1729
1730         Reviewed by Michael Saboff.
1731
1732         * jit/CCallHelpers.h:
1733         (JSC::CCallHelpers::setupStubArguments134):
1734
1735 2013-10-14  Michael Saboff  <msaboff@apple.com>
1736
1737         transition void cti_op_* methods to JIT operations.
1738         https://bugs.webkit.org/show_bug.cgi?id=122617
1739
1740         Reviewed by Geoffrey Garen.
1741
1742         Converted the follow stubs to JIT operations:
1743             cti_handle_watchdog_timer
1744             cti_op_debug
1745             cti_op_pop_scope
1746             cti_op_profile_did_call
1747             cti_op_profile_will_call
1748             cti_op_put_by_index
1749             cti_op_put_getter_setter
1750             cti_op_tear_off_activation
1751             cti_op_tear_off_arguments
1752             cti_op_throw_static_error
1753             cti_optimize
1754
1755         * dfg/DFGOperations.cpp:
1756         * dfg/DFGOperations.h:
1757         * jit/CCallHelpers.h:
1758         (JSC::CCallHelpers::setupArgumentsWithExecState):
1759         (JSC::CCallHelpers::setupThreeStubArgsGPR):
1760         (JSC::CCallHelpers::setupStubArguments):
1761         (JSC::CCallHelpers::setupStubArguments134):
1762         * jit/JIT.cpp:
1763         (JSC::JIT::emitEnterOptimizationCheck):
1764         * jit/JIT.h:
1765         * jit/JITInlines.h:
1766         (JSC::JIT::callOperation):
1767         * jit/JITOpcodes.cpp:
1768         (JSC::JIT::emit_op_tear_off_activation):
1769         (JSC::JIT::emit_op_tear_off_arguments):
1770         (JSC::JIT::emit_op_push_with_scope):
1771         (JSC::JIT::emit_op_pop_scope):
1772         (JSC::JIT::emit_op_push_name_scope):
1773         (JSC::JIT::emit_op_throw_static_error):
1774         (JSC::JIT::emit_op_debug):
1775         (JSC::JIT::emit_op_profile_will_call):
1776         (JSC::JIT::emit_op_profile_did_call):
1777         (JSC::JIT::emitSlow_op_loop_hint):
1778         * jit/JITOpcodes32_64.cpp:
1779         (JSC::JIT::emit_op_push_with_scope):
1780         (JSC::JIT::emit_op_pop_scope):
1781         (JSC::JIT::emit_op_push_name_scope):
1782         (JSC::JIT::emit_op_throw_static_error):
1783         (JSC::JIT::emit_op_debug):
1784         (JSC::JIT::emit_op_profile_will_call):
1785         (JSC::JIT::emit_op_profile_did_call):
1786         * jit/JITOperations.cpp:
1787         * jit/JITOperations.h:
1788         * jit/JITPropertyAccess.cpp:
1789         (JSC::JIT::emit_op_put_by_index):
1790         (JSC::JIT::emit_op_put_getter_setter):
1791         * jit/JITPropertyAccess32_64.cpp:
1792         (JSC::JIT::emit_op_put_by_index):
1793         (JSC::JIT::emit_op_put_getter_setter):
1794         * jit/JITStubs.cpp:
1795         * jit/JITStubs.h:
1796
1797 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1798
1799         [sh4] Introduce const pools in LLINT.
1800         https://bugs.webkit.org/show_bug.cgi?id=122746
1801
1802         Reviewed by Michael Saboff.
1803
1804         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
1805         loaded this way:
1806
1807             mov.l .label, rx
1808             bra out
1809             nop
1810             .balign 4
1811             .label: .long immvalue
1812             out:
1813
1814         This change introduces const pools for sh4 implementation to avoid lots of useless branches
1815         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
1816
1817         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
1818         * offlineasm/sh4.rb:
1819
1820 2013-10-15  Mark Lam  <mark.lam@apple.com>
1821
1822         Fix broken C Loop LLINT build.
1823         https://bugs.webkit.org/show_bug.cgi?id=122839.
1824
1825         Reviewed by Michael Saboff.
1826
1827         * dfg/DFGFlushedAt.cpp:
1828         * jit/JITOperations.h:
1829
1830 2013-10-14  Mark Lam  <mark.lam@apple.com>
1831
1832         Transition *switch* and *scope* JITStubs to JIT operations.
1833         https://bugs.webkit.org/show_bug.cgi?id=122757.
1834
1835         Reviewed by Geoffrey Garen.
1836
1837         Transitioning:
1838             cti_op_switch_char
1839             cti_op_switch_imm
1840             cti_op_switch_string
1841             cti_op_resolve_scope
1842             cti_op_get_from_scope
1843             cti_op_put_to_scope
1844
1845         * jit/JIT.h:
1846         * jit/JITInlines.h:
1847         (JSC::JIT::callOperation):
1848         * jit/JITOpcodes.cpp:
1849         (JSC::JIT::emit_op_switch_imm):
1850         (JSC::JIT::emit_op_switch_char):
1851         (JSC::JIT::emit_op_switch_string):
1852         * jit/JITOpcodes32_64.cpp:
1853         (JSC::JIT::emit_op_switch_imm):
1854         (JSC::JIT::emit_op_switch_char):
1855         (JSC::JIT::emit_op_switch_string):
1856         * jit/JITOperations.cpp:
1857         * jit/JITOperations.h:
1858         * jit/JITPropertyAccess.cpp:
1859         (JSC::JIT::emitSlow_op_resolve_scope):
1860         (JSC::JIT::emitSlow_op_get_from_scope):
1861         (JSC::JIT::emitSlow_op_put_to_scope):
1862         * jit/JITPropertyAccess32_64.cpp:
1863         (JSC::JIT::emitSlow_op_resolve_scope):
1864         (JSC::JIT::emitSlow_op_get_from_scope):
1865         (JSC::JIT::emitSlow_op_put_to_scope):
1866         * jit/JITStubs.cpp:
1867         * jit/JITStubs.h:
1868
1869 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
1870
1871         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
1872         https://bugs.webkit.org/show_bug.cgi?id=122786
1873
1874         Reviewed by Mark Hahnenberg.
1875
1876         * bytecode/CodeBlock.cpp:
1877         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
1878         * jit/Repatch.cpp:
1879         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
1880         (JSC::buildPutByIdList): Ditto.
1881
1882 2013-10-14  Nadav Rotem  <nrotem@apple.com>
1883
1884         Add FTL support for LogicalNot(string)
1885         https://bugs.webkit.org/show_bug.cgi?id=122765
1886
1887         Reviewed by Filip Pizlo.
1888
1889         This patch is tested by:
1890         regress/script-tests/emscripten-cube2hash.js.ftl-eager
1891
1892         * ftl/FTLCapabilities.cpp:
1893         (JSC::FTL::canCompile):
1894         * ftl/FTLLowerDFGToLLVM.cpp:
1895         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
1896
1897 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
1898
1899         [sh4] Fixes after r157404 and r157411.
1900         https://bugs.webkit.org/show_bug.cgi?id=122782
1901
1902         Reviewed by Michael Saboff.
1903
1904         * dfg/DFGSpeculativeJIT.h:
1905         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
1906         * jit/CCallHelpers.h:
1907         (JSC::CCallHelpers::setupArgumentsWithExecState):
1908         * jit/JITInlines.h:
1909         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
1910         * jit/JITPropertyAccess32_64.cpp:
1911         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
1912
1913 2013-10-14  Commit Queue  <commit-queue@webkit.org>
1914
1915         Unreviewed, rolling out r157413.
1916         http://trac.webkit.org/changeset/157413
1917         https://bugs.webkit.org/show_bug.cgi?id=122779
1918
1919         Appears to have caused frequent crashes (Requested by ap on
1920         #webkit).
1921
1922         * CMakeLists.txt:
1923         * GNUmakefile.list.am:
1924         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1925         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1926         * JavaScriptCore.xcodeproj/project.pbxproj:
1927         * heap/DeferGC.cpp: Removed.
1928         * heap/DeferGC.h:
1929         * jit/JITStubs.cpp:
1930         (JSC::tryCacheGetByID):
1931         (JSC::DEFINE_STUB_FUNCTION):
1932         * llint/LLIntSlowPaths.cpp:
1933         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1934         * runtime/ConcurrentJITLock.h:
1935         * runtime/InitializeThreading.cpp:
1936         (JSC::initializeThreadingOnce):
1937         * runtime/JSCellInlines.h:
1938         (JSC::allocateCell):
1939         * runtime/Structure.cpp:
1940         (JSC::Structure::materializePropertyMap):
1941         (JSC::Structure::putSpecificValue):
1942         (JSC::Structure::createPropertyMap):
1943         * runtime/Structure.h:
1944
1945 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1946
1947         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
1948         https://bugs.webkit.org/show_bug.cgi?id=122652
1949
1950         Reviewed by Filip Pizlo.
1951
1952         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
1953         so we would end up ASSERTing during garbage collection.
1954
1955         * heap/MarkedAllocator.cpp:
1956         (JSC::MarkedAllocator::allocateSlowCase):
1957
1958 2013-10-11  Oliver Hunt  <oliver@apple.com>
1959
1960         Separate out array iteration intrinsics
1961         https://bugs.webkit.org/show_bug.cgi?id=122656
1962
1963         Reviewed by Michael Saboff.
1964
1965         Separate out the intrinsics for key and values iteration
1966         of arrays.
1967
1968         This requires moving moving array iteration into the iterator
1969         instance, rather than the prototype, but this is essentially
1970         unobservable so we'll live with it for now.
1971
1972         * jit/ThunkGenerators.cpp:
1973         (JSC::arrayIteratorNextThunkGenerator):
1974         (JSC::arrayIteratorNextKeyThunkGenerator):
1975         (JSC::arrayIteratorNextValueThunkGenerator):
1976         * jit/ThunkGenerators.h:
1977         * runtime/ArrayIteratorPrototype.cpp:
1978         (JSC::ArrayIteratorPrototype::finishCreation):
1979         * runtime/Intrinsic.h:
1980         * runtime/JSArrayIterator.cpp:
1981         (JSC::JSArrayIterator::finishCreation):
1982         (JSC::createIteratorResult):
1983         (JSC::arrayIteratorNext):
1984         (JSC::arrayIteratorNextKey):
1985         (JSC::arrayIteratorNextValue):
1986         (JSC::arrayIteratorNextGeneric):
1987         * runtime/VM.cpp:
1988         (JSC::thunkGeneratorForIntrinsic):
1989
1990 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1991
1992         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1993         https://bugs.webkit.org/show_bug.cgi?id=122667
1994
1995         Reviewed by Filip Pizlo.
1996
1997         The issue this patch is attempting to fix is that there are places in our codebase
1998         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1999         operations that can initiate a garbage collection. Garbage collection then calls 
2000         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2001         always necessarily run during garbage collection). This causes a deadlock.
2002
2003         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2004         into a thread-local field that indicates that it is unsafe to perform any operation 
2005         that could trigger garbage collection on the current thread. In debug builds, 
2006         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2007         detect deadlocks.
2008
2009         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2010         which uses the DeferGC mechanism to prevent collections from occurring while the 
2011         lock is held.
2012
2013         * CMakeLists.txt:
2014         * GNUmakefile.list.am:
2015         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2016         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2017         * JavaScriptCore.xcodeproj/project.pbxproj:
2018         * heap/DeferGC.cpp: Added.
2019         * heap/DeferGC.h:
2020         (JSC::DisallowGC::DisallowGC):
2021         (JSC::DisallowGC::~DisallowGC):
2022         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2023         (JSC::DisallowGC::initialize):
2024         * jit/JITStubs.cpp:
2025         (JSC::tryCachePutByID):
2026         (JSC::tryCacheGetByID):
2027         (JSC::DEFINE_STUB_FUNCTION):
2028         * llint/LLIntSlowPaths.cpp:
2029         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2030         * runtime/ConcurrentJITLock.h:
2031         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2032         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2033         (JSC::ConcurrentJITLockerBase::unlockEarly):
2034         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2035         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2036         * runtime/InitializeThreading.cpp:
2037         (JSC::initializeThreadingOnce):
2038         * runtime/JSCellInlines.h:
2039         (JSC::allocateCell):
2040         * runtime/Structure.cpp:
2041         (JSC::Structure::materializePropertyMap):
2042         (JSC::Structure::putSpecificValue):
2043         (JSC::Structure::createPropertyMap):
2044         * runtime/Structure.h:
2045
2046 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2047
2048         Baseline JIT should use the DFG's PutById IC
2049         https://bugs.webkit.org/show_bug.cgi?id=122704
2050
2051         Reviewed by Mark Hahnenberg.
2052         
2053         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2054         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2055         
2056         The only complicated part was that the PutById operations assumed that we first did a
2057         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2058         slow paths to deal with EncodedJSValue's.
2059
2060         * bytecode/CodeBlock.cpp:
2061         (JSC::CodeBlock::resetStubInternal):
2062         * bytecode/PutByIdStatus.cpp:
2063         (JSC::PutByIdStatus::computeFor):
2064         * dfg/DFGSpeculativeJIT.h:
2065         (JSC::DFG::SpeculativeJIT::callOperation):
2066         * dfg/DFGSpeculativeJIT32_64.cpp:
2067         (JSC::DFG::SpeculativeJIT::cachedPutById):
2068         * dfg/DFGSpeculativeJIT64.cpp:
2069         (JSC::DFG::SpeculativeJIT::cachedPutById):
2070         * jit/CCallHelpers.h:
2071         (JSC::CCallHelpers::setupArgumentsWithExecState):
2072         * jit/JIT.cpp:
2073         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2074         * jit/JIT.h:
2075         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2076         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2077         * jit/JITInlines.h:
2078         (JSC::JIT::callOperation):
2079         * jit/JITOperationWrappers.h:
2080         * jit/JITOperations.cpp:
2081         * jit/JITOperations.h:
2082         * jit/JITPropertyAccess.cpp:
2083         (JSC::JIT::compileGetByIdHotPath):
2084         (JSC::JIT::compileGetByIdSlowCase):
2085         (JSC::JIT::emit_op_put_by_id):
2086         (JSC::JIT::emitSlow_op_put_by_id):
2087         * jit/JITPropertyAccess32_64.cpp:
2088         (JSC::JIT::compileGetByIdSlowCase):
2089         (JSC::JIT::emit_op_put_by_id):
2090         (JSC::JIT::emitSlow_op_put_by_id):
2091         * jit/JITStubs.cpp:
2092         * jit/JITStubs.h:
2093         * jit/Repatch.cpp:
2094         (JSC::appropriateGenericPutByIdFunction):
2095         (JSC::appropriateListBuildingPutByIdFunction):
2096         (JSC::resetPutByID):
2097
2098 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2099
2100         FTL should have an inefficient but correct implementation of GetById
2101         https://bugs.webkit.org/show_bug.cgi?id=122740
2102
2103         Reviewed by Mark Hahnenberg.
2104         
2105         It took some effort to realize that the node->prediction() check in the DFG backends
2106         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2107         if !prediction.
2108         
2109         But other than that this was an easy patch.
2110
2111         * dfg/DFGByteCodeParser.cpp:
2112         (JSC::DFG::ByteCodeParser::handleGetById):
2113         * dfg/DFGSpeculativeJIT32_64.cpp:
2114         (JSC::DFG::SpeculativeJIT::compile):
2115         * dfg/DFGSpeculativeJIT64.cpp:
2116         (JSC::DFG::SpeculativeJIT::compile):
2117         * ftl/FTLCapabilities.cpp:
2118         (JSC::FTL::canCompile):
2119         * ftl/FTLIntrinsicRepository.h:
2120         * ftl/FTLLowerDFGToLLVM.cpp:
2121         (JSC::FTL::LowerDFGToLLVM::compileNode):
2122         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2123
2124 2013-10-13  Mark Lam  <mark.lam@apple.com>
2125
2126         Transition misc cti_op_* JITStubs to JIT operations.
2127         https://bugs.webkit.org/show_bug.cgi?id=122645.
2128
2129         Reviewed by Michael Saboff.
2130
2131         Stubs converted:
2132             cti_op_check_has_instance
2133             cti_op_create_arguments
2134             cti_op_del_by_id
2135             cti_op_instanceof
2136             cti_to_object
2137             cti_op_push_activation
2138             cti_op_get_pnames
2139             cti_op_load_varargs
2140
2141         * dfg/DFGOperations.cpp:
2142         * dfg/DFGOperations.h:
2143         * jit/CCallHelpers.h:
2144         (JSC::CCallHelpers::setupArgumentsWithExecState):
2145         * jit/JIT.h:
2146         (JSC::JIT::emitStoreCell):
2147         * jit/JITCall.cpp:
2148         (JSC::JIT::compileLoadVarargs):
2149         * jit/JITCall32_64.cpp:
2150         (JSC::JIT::compileLoadVarargs):
2151         * jit/JITInlines.h:
2152         (JSC::JIT::callOperation):
2153         * jit/JITOpcodes.cpp:
2154         (JSC::JIT::emit_op_get_pnames):
2155         (JSC::JIT::emit_op_create_activation):
2156         (JSC::JIT::emit_op_create_arguments):
2157         (JSC::JIT::emitSlow_op_check_has_instance):
2158         (JSC::JIT::emitSlow_op_instanceof):
2159         (JSC::JIT::emitSlow_op_get_argument_by_val):
2160         * jit/JITOpcodes32_64.cpp:
2161         (JSC::JIT::emitSlow_op_check_has_instance):
2162         (JSC::JIT::emitSlow_op_instanceof):
2163         (JSC::JIT::emit_op_get_pnames):
2164         (JSC::JIT::emit_op_create_activation):
2165         (JSC::JIT::emit_op_create_arguments):
2166         (JSC::JIT::emitSlow_op_get_argument_by_val):
2167         * jit/JITOperations.cpp:
2168         * jit/JITOperations.h:
2169         * jit/JITPropertyAccess.cpp:
2170         (JSC::JIT::emit_op_del_by_id):
2171         * jit/JITPropertyAccess32_64.cpp:
2172         (JSC::JIT::emit_op_del_by_id):
2173         * jit/JITStubs.cpp:
2174         * jit/JITStubs.h:
2175
2176 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2177
2178         FTL OSR exit should perform zero extension on values smaller than 64-bit
2179         https://bugs.webkit.org/show_bug.cgi?id=122688
2180
2181         Reviewed by Gavin Barraclough.
2182         
2183         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2184         register will have zeros on the high bits.  In the few cases where the high bits are
2185         non-zero, the DFG sort of tells us this explicitly.
2186
2187         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2188         emit LLVM IR like:
2189
2190             %2 = trunc i64 %1 to i32
2191             stuff %2
2192             call @llvm.webkit.stackmap(...., %2)
2193
2194         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2195         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2196         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2197         from before truncation, and that register may have garbage in the high bits.
2198
2199         This means that on our end, if we want a 32-bit value and we want that value to be
2200         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2201         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2202         end.
2203         
2204         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2205
2206         * ftl/FTLOSRExitCompiler.cpp:
2207         (JSC::FTL::compileStubWithOSRExitStackmap):
2208         * ftl/FTLValueFormat.cpp:
2209         (JSC::FTL::reboxAccordingToFormat):
2210
2211 == Rolled over to ChangeLog-2013-10-13 ==