[iOS] Upstream more JavaScriptCore build configuration changes
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-23  Daniel Bates  <dabates@apple.com>
2
3         [iOS] Upstream more JavaScriptCore build configuration changes
4         https://bugs.webkit.org/show_bug.cgi?id=123169
5
6         Reviewed by David Kilzer.
7
8         * Configurations/Base.xcconfig:
9         * Configurations/Version.xcconfig:
10         * Configurations/iOS.xcconfig: Added.
11         * JavaScriptCore.xcodeproj/project.pbxproj:
12
13 2013-10-23  Daniel Bates  <dabates@apple.com>
14
15         [iOS] Export DefaultGCActivityCallback member functions
16         https://bugs.webkit.org/show_bug.cgi?id=123175
17
18         Reviewed by David Kilzer.
19
20         * runtime/GCActivityCallback.h:
21
22 2013-10-23  Daniel Bates  <dabates@apple.com>
23
24         [iOS] Upstream more ARMv7s bits
25         https://bugs.webkit.org/show_bug.cgi?id=123052
26
27         Reviewed by Joseph Pecoraro.
28
29         * Configurations/JavaScriptCore.xcconfig:
30
31 2013-10-22  Andreas Kling  <akling@apple.com>
32
33         Minor VM* -> VM& cleanups in HashTable and Keywords.
34         <https://webkit.org/b/123183>
35
36         Turn some VM* variables that will never be null into VM&.
37
38         Reviewed by Geoffrey Garen.
39
40 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
41
42         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
43         https://bugs.webkit.org/show_bug.cgi?id=123179
44
45         Reviewed by Mark Hahnenberg.
46
47         * parser/NodeConstructors.h:
48         (JSC::LogicalOpNode::LogicalOpNode):
49         * parser/ResultType.h:
50         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
51         This is JavaScript (aka Sparta).
52
53 2013-10-22  Commit Queue  <commit-queue@webkit.org>
54
55         Unreviewed, rolling out r157819.
56         http://trac.webkit.org/changeset/157819
57         https://bugs.webkit.org/show_bug.cgi?id=123180
58
59         Broke 32-bit builds (Requested by smfr on #webkit).
60
61         * Configurations/JavaScriptCore.xcconfig:
62         * Configurations/ToolExecutable.xcconfig:
63
64 2013-10-22  Daniel Bates  <dabates@apple.com>
65
66         [iOS] Upstream more ARMv7s bits
67         https://bugs.webkit.org/show_bug.cgi?id=123052
68
69         Reviewed by Joseph Pecoraro.
70
71         * Configurations/JavaScriptCore.xcconfig:
72         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
73         modifying a file in JavaScriptCore/Configurations.
74
75 2013-10-22  Daniel Bates  <dabates@apple.com>
76
77         [iOS] Upstream JSLock changes
78         https://bugs.webkit.org/show_bug.cgi?id=123107
79
80         Reviewed by Geoffrey Garen.
81
82         * runtime/JSLock.cpp:
83         (JSC::JSLock::unlock):
84         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
85         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
86         use pre-increment instead of post-increment when we're not using the return value of the instruction.
87         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
88         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
89         since we don't use the return value of such instructions.
90         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
91         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
92         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
93         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
94         the argument is sufficiently descriptive of its purpose.
95
96 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
97
98         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
99         https://bugs.webkit.org/show_bug.cgi?id=123166
100
101         Reviewed by Michael Saboff.
102
103         * jit/CCallHelpers.h:
104         (JSC::CCallHelpers::setupArgumentsWithExecState):
105
106 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
107
108         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
109         https://bugs.webkit.org/show_bug.cgi?id=123165
110
111         Reviewed by Michael Saboff.
112
113         * jit/JITInlines.h:
114         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
115         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
116         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
117         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
118
119 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
120
121         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
122         https://bugs.webkit.org/show_bug.cgi?id=123092
123
124         Reviewed by Michael Saboff.
125
126         Impacted architectures are SH4 and ARM_TRADITIONAL.
127
128         * assembler/ARMAssembler.h:
129         (JSC::ARMAssembler::buffer):
130         * assembler/AssemblerBufferWithConstantPool.h:
131         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
132         * assembler/LinkBuffer.cpp:
133         (JSC::LinkBuffer::linkCode):
134         * assembler/SH4Assembler.h:
135         (JSC::SH4Assembler::buffer):
136
137 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
138
139         Remove unused stuff in JIT stubs.
140         https://bugs.webkit.org/show_bug.cgi?id=123155
141
142         Reviewed by Michael Saboff.
143
144         * jit/JITStubs.h:
145         * jit/JITStubsARM.h:
146         (JSC::ctiTrampoline):
147         * jit/JITStubsARM64.h:
148         * jit/JITStubsARMv7.h:
149         * jit/JITStubsMIPS.h:
150         * jit/JITStubsSH4.h:
151         * jit/JITStubsX86.h:
152         * jit/JITStubsX86_64.h:
153
154 2013-10-22  Daniel Bates  <dabates@apple.com>
155
156         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
157         https://bugs.webkit.org/show_bug.cgi?id=123115
158         <rdar://problem/13696872>
159
160         Reviewed by Andy Estes.
161
162         Based on a patch by Mark Hahnenberg.
163
164         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
165
166         * API/JSBase.cpp:
167
168 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
169
170         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
171         https://bugs.webkit.org/show_bug.cgi?id=123157
172
173         Reviewed by Andreas Kling.
174
175         * assembler/SH4Assembler.h:
176         (JSC::SH4Assembler::lastRegister):
177         (JSC::SH4Assembler::firstFPRegister):
178         (JSC::SH4Assembler::lastFPRegister):
179
180 2013-10-22  Brian Holt  <brian.holt@samsung.com>
181
182         Build break on ARMv7 after r157209
183         https://bugs.webkit.org/show_bug.cgi?id=122890
184
185         Reviewed by Csaba Osztrogon√°c.
186
187         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
188
189         * assembler/ARMAssembler.h:
190         * assembler/MacroAssemblerARM.h:
191         (JSC::MacroAssemblerARM::firstRegister):
192         (JSC::MacroAssemblerARM::lastRegister):
193         (JSC::MacroAssemblerARM::firstFPRegister):
194         (JSC::MacroAssemblerARM::lastFPRegister):
195
196 2013-10-21  Daniel Bates  <dabates@apple.com>
197
198         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
199         https://bugs.webkit.org/show_bug.cgi?id=123045
200
201         Reviewed by Joseph Pecoraro.
202
203         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
204         to global method table.
205         * runtime/JSGlobalObject.cpp: Ditto.
206         * runtime/JSGlobalObject.h:
207         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
208
209 2013-10-21  Daniel Bates  <dabates@apple.com>
210
211         [iOS] Upstream JSC Objective-C API compiler warning fixes
212         https://bugs.webkit.org/show_bug.cgi?id=123125
213
214         Reviewed by Mark Hahnenberg.
215
216         Based on a patch by Mark Hahnenberg.
217
218         * API/JSValue.mm:
219         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
220         (-[JSValue toSize]): Ditto.
221         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
222
223 2013-10-21  Daniel Bates  <dabates@apple.com>
224
225         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
226         available since iOS 7.0
227         https://bugs.webkit.org/show_bug.cgi?id=123122
228
229         Reviewed by Dan Bernstein.
230
231         * API/JSContext.h:
232         * API/JSManagedValue.h:
233         * API/JSValue.h:
234         * API/JSVirtualMachine.h:
235
236 2013-10-20  Mark Lam  <mark.lam@apple.com>
237
238         Avoid JSC debugger overhead unless needed.
239         https://bugs.webkit.org/show_bug.cgi?id=123084.
240
241         Reviewed by Geoffrey Garen.
242
243         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
244         - If no break on exception is set, we also avoid exception event debug callbacks.
245         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
246           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
247           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
248           returning, the ScriptDebugServer will clear its m_currentCallFrame if
249           needsOpDebugCallbacks() is false.
250
251         * debugger/Debugger.cpp:
252         (JSC::Debugger::Debugger):
253         (JSC::Debugger::setNeedsExceptionCallbacks):
254         (JSC::Debugger::setShouldPause):
255         (JSC::Debugger::updateNumberOfBreakpoints):
256         (JSC::Debugger::updateNeedForOpDebugCallbacks):
257         * debugger/Debugger.h:
258         * interpreter/Interpreter.cpp:
259         (JSC::Interpreter::unwind):
260         (JSC::Interpreter::debug):
261         * jit/JITOpcodes.cpp:
262         (JSC::JIT::emit_op_debug):
263         * jit/JITOpcodes32_64.cpp:
264         (JSC::JIT::emit_op_debug):
265         * llint/LLIntOffsetsExtractor.cpp:
266         * llint/LowLevelInterpreter.asm:
267
268 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
269
270         [WIN] Unreviewed build correction.
271
272         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
273           sources, not header files.
274         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
275
276 2013-10-21  Oliver Hunt  <oliver@apple.com>
277
278         Support computed property names in object literals
279         https://bugs.webkit.org/show_bug.cgi?id=123112
280
281         Reviewed by Michael Saboff.
282
283         Add support for computed property names to the parser.
284
285         * bytecompiler/NodesCodegen.cpp:
286         (JSC::PropertyListNode::emitBytecode):
287         * parser/ASTBuilder.h:
288         (JSC::ASTBuilder::createProperty):
289         (JSC::ASTBuilder::getName):
290         * parser/NodeConstructors.h:
291         (JSC::PropertyNode::PropertyNode):
292         * parser/Nodes.h:
293         (JSC::PropertyNode::expressionName):
294         (JSC::PropertyNode::name):
295         * parser/Parser.cpp:
296         (JSC::::parseProperty):
297         (JSC::::parseStrictObjectLiteral):
298         * parser/SyntaxChecker.h:
299         (JSC::SyntaxChecker::Property::Property):
300         (JSC::SyntaxChecker::createProperty):
301         (JSC::SyntaxChecker::operatorStackPop):
302
303 2013-10-21  Michael Saboff  <msaboff@apple.com>
304
305         Add option so that JSC will crash if it can't allocate executable memory for the JITs
306         https://bugs.webkit.org/show_bug.cgi?id=123048
307         <rdar://problem/12856193>
308
309         Reviewed by Geoffrey Garen.
310
311         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
312         when checking the validity of the executable allocator. The default value for this option is
313         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
314         the app can obtain executable memory.
315
316         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
317         (main):
318         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
319         * runtime/VM.cpp:
320         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
321         is enabled.
322
323 2013-10-21  Nadav Rotem  <nrotem@apple.com>
324
325         Remove AllInOneFile.cpp
326         https://bugs.webkit.org/show_bug.cgi?id=123055
327
328         Reviewed by Csaba Osztrogon√°c.
329
330         * AllInOneFile.cpp: Removed.
331
332 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
333
334         Unreviewed, cleanup a FIXME comment.
335
336         * jit/Repatch.cpp:
337
338 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
339
340         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
341         https://bugs.webkit.org/show_bug.cgi?id=123076
342
343         Reviewed by Sam Weinig.
344         
345         Start preparing for a world in which we are patching code generated by LLVM, which may have
346         very different register usage conventions than our JITs. This requires us being more explicit
347         about the registers we are using. For example, the repatching code shouldn't take for granted
348         that tagMaskRegister holds the TagMask or that the register is even in use.
349
350         * CMakeLists.txt:
351         * GNUmakefile.list.am:
352         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
353         * JavaScriptCore.xcodeproj/project.pbxproj:
354         * assembler/MacroAssembler.h:
355         (JSC::MacroAssembler::numberOfRegisters):
356         (JSC::MacroAssembler::registerIndex):
357         (JSC::MacroAssembler::numberOfFPRegisters):
358         (JSC::MacroAssembler::fpRegisterIndex):
359         (JSC::MacroAssembler::totalNumberOfRegisters):
360         * bytecode/StructureStubInfo.h:
361         * dfg/DFGSpeculativeJIT.cpp:
362         (JSC::DFG::SpeculativeJIT::usedRegisters):
363         * dfg/DFGSpeculativeJIT.h:
364         * ftl/FTLSaveRestore.cpp:
365         (JSC::FTL::bytesForGPRs):
366         (JSC::FTL::bytesForFPRs):
367         (JSC::FTL::offsetOfGPR):
368         (JSC::FTL::offsetOfFPR):
369         * jit/JITInlineCacheGenerator.cpp:
370         (JSC::JITByIdGenerator::JITByIdGenerator):
371         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
372         * jit/JITInlineCacheGenerator.h:
373         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
374         * jit/JITPropertyAccess.cpp:
375         (JSC::JIT::emit_op_get_by_id):
376         (JSC::JIT::emit_op_put_by_id):
377         * jit/JITPropertyAccess32_64.cpp:
378         (JSC::JIT::emit_op_get_by_id):
379         (JSC::JIT::emit_op_put_by_id):
380         * jit/RegisterSet.cpp: Added.
381         (JSC::RegisterSet::specialRegisters):
382         * jit/RegisterSet.h: Added.
383         (JSC::RegisterSet::RegisterSet):
384         (JSC::RegisterSet::set):
385         (JSC::RegisterSet::clear):
386         (JSC::RegisterSet::get):
387         (JSC::RegisterSet::merge):
388         * jit/Repatch.cpp:
389         (JSC::generateProtoChainAccessStub):
390         (JSC::tryCacheGetByID):
391         (JSC::tryBuildGetByIDList):
392         (JSC::emitPutReplaceStub):
393         (JSC::tryRepatchIn):
394         (JSC::linkClosureCall):
395         * jit/TempRegisterSet.cpp: Added.
396         (JSC::TempRegisterSet::TempRegisterSet):
397         * jit/TempRegisterSet.h:
398
399 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
400
401         [sh4] Fix build (broken since r157690).
402         https://bugs.webkit.org/show_bug.cgi?id=123081
403
404         Reviewed by Andreas Kling.
405
406         * assembler/AssemblerBufferWithConstantPool.h:
407         * assembler/SH4Assembler.h:
408         (JSC::SH4Assembler::buffer):
409         (JSC::SH4Assembler::readCallTarget):
410
411 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
412
413         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
414         https://bugs.webkit.org/show_bug.cgi?id=123079
415
416         Reviewed by Geoffrey Garen.
417
418         * jit/TempRegisterSet.h:
419
420 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
421
422         Rename RegisterSet to TempRegisterSet
423         https://bugs.webkit.org/show_bug.cgi?id=123077
424
425         Reviewed by Dan Bernstein.
426
427         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
428         * JavaScriptCore.xcodeproj/project.pbxproj:
429         * bytecode/StructureStubInfo.h:
430         * dfg/DFGJITCompiler.h:
431         * dfg/DFGSpeculativeJIT.h:
432         (JSC::DFG::SpeculativeJIT::usedRegisters):
433         * jit/JITInlineCacheGenerator.cpp:
434         (JSC::JITByIdGenerator::JITByIdGenerator):
435         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
436         * jit/JITInlineCacheGenerator.h:
437         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
438         * jit/JITPropertyAccess.cpp:
439         (JSC::JIT::emit_op_get_by_id):
440         (JSC::JIT::emit_op_put_by_id):
441         * jit/JITPropertyAccess32_64.cpp:
442         (JSC::JIT::emit_op_get_by_id):
443         (JSC::JIT::emit_op_put_by_id):
444         * jit/RegisterSet.h: Removed.
445         * jit/ScratchRegisterAllocator.h:
446         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
447         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
448         (JSC::TempRegisterSet::TempRegisterSet):
449         (JSC::TempRegisterSet::asPOD):
450         (JSC::TempRegisterSet::copyInfo):
451
452 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
453
454         Restructure LinkBuffer to allow for alternate allocation strategies
455         https://bugs.webkit.org/show_bug.cgi?id=123071
456
457         Reviewed by Oliver Hunt.
458         
459         The idea is to eventually allow a LinkBuffer to place the code into an already
460         allocated region of memory.  That region of memory could be the nop-slide left behind
461         by a llvm.webkit.patchpoint.
462
463         * assembler/ARM64Assembler.h:
464         (JSC::ARM64Assembler::buffer):
465         * assembler/AssemblerBuffer.h:
466         * assembler/LinkBuffer.cpp:
467         (JSC::LinkBuffer::copyCompactAndLinkCode):
468         (JSC::LinkBuffer::linkCode):
469         (JSC::LinkBuffer::allocate):
470         (JSC::LinkBuffer::shrink):
471         * assembler/LinkBuffer.h:
472         (JSC::LinkBuffer::LinkBuffer):
473         (JSC::LinkBuffer::didFailToAllocate):
474         * assembler/X86Assembler.h:
475         (JSC::X86Assembler::buffer):
476         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
477
478 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
479
480         Some includes in JSC seem to use an incorrect style
481         https://bugs.webkit.org/show_bug.cgi?id=123057
482
483         Reviewed by Geoffrey Garen.
484
485         Changed pseudo-system includes to user ones.
486
487         * API/JSContextRef.cpp:
488         * API/JSStringRefCF.cpp:
489         * API/JSValueRef.cpp:
490         * API/OpaqueJSString.cpp:
491         * jit/JIT.h:
492         * parser/SyntaxChecker.h:
493         * runtime/WeakGCMap.h:
494
495 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
496
497         Baseline JIT and DFG IC code generation should be unified and rationalized
498         https://bugs.webkit.org/show_bug.cgi?id=122939
499
500         Reviewed by Geoffrey Garen.
501         
502         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
503         some register info and creates JIT inline caches for you. Used this to even furhter
504         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
505         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
506         that it needs to do the equivalent of get_by_id, so with this generator it will be able
507         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
508
509         * CMakeLists.txt:
510         * GNUmakefile.list.am:
511         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
512         * JavaScriptCore.xcodeproj/project.pbxproj:
513         * assembler/AbstractMacroAssembler.h:
514         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
515         * bytecode/CodeBlock.h:
516         (JSC::CodeBlock::ecmaMode):
517         * dfg/DFGInlineCacheWrapper.h: Added.
518         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
519         * dfg/DFGInlineCacheWrapperInlines.h: Added.
520         (JSC::DFG::::finalize):
521         * dfg/DFGJITCompiler.cpp:
522         (JSC::DFG::JITCompiler::link):
523         * dfg/DFGJITCompiler.h:
524         (JSC::DFG::JITCompiler::addGetById):
525         (JSC::DFG::JITCompiler::addPutById):
526         * dfg/DFGSpeculativeJIT32_64.cpp:
527         (JSC::DFG::SpeculativeJIT::cachedGetById):
528         (JSC::DFG::SpeculativeJIT::cachedPutById):
529         * dfg/DFGSpeculativeJIT64.cpp:
530         (JSC::DFG::SpeculativeJIT::cachedGetById):
531         (JSC::DFG::SpeculativeJIT::cachedPutById):
532         (JSC::DFG::SpeculativeJIT::compile):
533         * jit/AssemblyHelpers.h:
534         (JSC::AssemblyHelpers::isStrictModeFor):
535         (JSC::AssemblyHelpers::strictModeFor):
536         * jit/GPRInfo.h:
537         (JSC::JSValueRegs::tagGPR):
538         * jit/JIT.cpp:
539         (JSC::JIT::JIT):
540         (JSC::JIT::privateCompileSlowCases):
541         (JSC::JIT::privateCompile):
542         * jit/JIT.h:
543         * jit/JITInlineCacheGenerator.cpp: Added.
544         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
545         (JSC::JITByIdGenerator::JITByIdGenerator):
546         (JSC::JITByIdGenerator::finalize):
547         (JSC::JITByIdGenerator::generateFastPathChecks):
548         (JSC::JITGetByIdGenerator::generateFastPath):
549         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
550         (JSC::JITPutByIdGenerator::generateFastPath):
551         (JSC::JITPutByIdGenerator::slowPathFunction):
552         * jit/JITInlineCacheGenerator.h: Added.
553         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
554         (JSC::JITInlineCacheGenerator::stubInfo):
555         (JSC::JITByIdGenerator::JITByIdGenerator):
556         (JSC::JITByIdGenerator::reportSlowPathCall):
557         (JSC::JITByIdGenerator::slowPathJump):
558         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
559         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
560         * jit/JITPropertyAccess.cpp:
561         (JSC::JIT::emit_op_get_by_id):
562         (JSC::JIT::emitSlow_op_get_by_id):
563         (JSC::JIT::emit_op_put_by_id):
564         (JSC::JIT::emitSlow_op_put_by_id):
565         * jit/JITPropertyAccess32_64.cpp:
566         (JSC::JIT::emit_op_get_by_id):
567         (JSC::JIT::emitSlow_op_get_by_id):
568         (JSC::JIT::emit_op_put_by_id):
569         (JSC::JIT::emitSlow_op_put_by_id):
570         * jit/RegisterSet.h:
571         (JSC::RegisterSet::set):
572
573 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
574
575         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
576         https://bugs.webkit.org/show_bug.cgi?id=123067
577
578         Reviewed by Geoffrey Garen.
579
580         * API/APICast.h: Include it.
581
582 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
583
584         FTL::Location should treat the offset as an addend in the case of a Register location
585         https://bugs.webkit.org/show_bug.cgi?id=123062
586
587         Reviewed by Sam Weinig.
588
589         * ftl/FTLLocation.cpp:
590         (JSC::FTL::Location::forStackmaps):
591         (JSC::FTL::Location::dump):
592         (JSC::FTL::Location::restoreInto):
593         * ftl/FTLLocation.h:
594         (JSC::FTL::Location::forRegister):
595         (JSC::FTL::Location::hasAddend):
596         (JSC::FTL::Location::addend):
597
598 2013-10-19  Nadav Rotem  <nrotem@apple.com>
599
600         DFG dominators: document and rename stuff.
601         https://bugs.webkit.org/show_bug.cgi?id=123056
602
603         Reviewed by Filip Pizlo.
604
605         Documented the code and renamed some variables.
606
607         * dfg/DFGDominators.cpp:
608         (JSC::DFG::Dominators::compute):
609         (JSC::DFG::Dominators::pruneDominators):
610         * dfg/DFGDominators.h:
611
612 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
613
614         Fix build failure for architectures with 4 argument registers.
615         https://bugs.webkit.org/show_bug.cgi?id=123060
616
617         Reviewed by Michael Saboff.
618
619         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
620         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
621
622         * dfg/DFGSpeculativeJIT.h:
623         (JSC::DFG::SpeculativeJIT::callOperation):
624         * jit/CCallHelpers.h:
625         (JSC::CCallHelpers::setupArgumentsWithExecState):
626         * jit/JITInlines.h:
627         (JSC::JIT::callOperation):
628
629 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
630
631         Unreviewed, fix FTL build.
632
633         * ftl/FTLIntrinsicRepository.h:
634         * ftl/FTLLowerDFGToLLVM.cpp:
635         (JSC::FTL::LowerDFGToLLVM::compileGetById):
636
637 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
638
639         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
640         https://bugs.webkit.org/show_bug.cgi?id=122940
641
642         Reviewed by Oliver Hunt.
643         
644         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
645         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
646         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
647         StructureStubInfo's. It removes some of the need for the compile-time property access
648         records; for example the DFG no longer has to save information about registers in a
649         property access record only to later save it to the stub info.
650         
651         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
652         at any stage of compilation.
653
654         * bytecode/CodeBlock.cpp:
655         (JSC::CodeBlock::printGetByIdCacheStatus):
656         (JSC::CodeBlock::dumpBytecode):
657         (JSC::CodeBlock::~CodeBlock):
658         (JSC::CodeBlock::propagateTransitions):
659         (JSC::CodeBlock::finalizeUnconditionally):
660         (JSC::CodeBlock::addStubInfo):
661         (JSC::CodeBlock::getStubInfoMap):
662         (JSC::CodeBlock::shrinkToFit):
663         * bytecode/CodeBlock.h:
664         (JSC::CodeBlock::begin):
665         (JSC::CodeBlock::end):
666         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
667         * bytecode/CodeOrigin.h:
668         (JSC::CodeOrigin::CodeOrigin):
669         (JSC::CodeOrigin::isHashTableDeletedValue):
670         (JSC::CodeOrigin::hash):
671         (JSC::CodeOriginHash::hash):
672         (JSC::CodeOriginHash::equal):
673         * bytecode/GetByIdStatus.cpp:
674         (JSC::GetByIdStatus::computeFor):
675         * bytecode/GetByIdStatus.h:
676         * bytecode/PutByIdStatus.cpp:
677         (JSC::PutByIdStatus::computeFor):
678         * bytecode/PutByIdStatus.h:
679         * bytecode/StructureStubInfo.h:
680         (JSC::getStructureStubInfoCodeOrigin):
681         * dfg/DFGByteCodeParser.cpp:
682         (JSC::DFG::ByteCodeParser::parseBlock):
683         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
684         * dfg/DFGJITCompiler.cpp:
685         (JSC::DFG::JITCompiler::link):
686         * dfg/DFGJITCompiler.h:
687         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
688         (JSC::DFG::InRecord::InRecord):
689         * dfg/DFGSpeculativeJIT.cpp:
690         (JSC::DFG::SpeculativeJIT::compileIn):
691         * dfg/DFGSpeculativeJIT.h:
692         (JSC::DFG::SpeculativeJIT::callOperation):
693         * dfg/DFGSpeculativeJIT32_64.cpp:
694         (JSC::DFG::SpeculativeJIT::cachedGetById):
695         (JSC::DFG::SpeculativeJIT::cachedPutById):
696         * dfg/DFGSpeculativeJIT64.cpp:
697         (JSC::DFG::SpeculativeJIT::cachedGetById):
698         (JSC::DFG::SpeculativeJIT::cachedPutById):
699         * jit/CCallHelpers.h:
700         (JSC::CCallHelpers::setupArgumentsWithExecState):
701         * jit/JIT.cpp:
702         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
703         (JSC::JIT::privateCompile):
704         * jit/JIT.h:
705         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
706         * jit/JITInlines.h:
707         (JSC::JIT::callOperation):
708         * jit/JITOperations.cpp:
709         * jit/JITOperations.h:
710         * jit/JITPropertyAccess.cpp:
711         (JSC::JIT::emitSlow_op_get_by_id):
712         (JSC::JIT::emitSlow_op_put_by_id):
713         * jit/JITPropertyAccess32_64.cpp:
714         (JSC::JIT::emitSlow_op_get_by_id):
715         (JSC::JIT::emitSlow_op_put_by_id):
716         * jit/Repatch.cpp:
717         (JSC::appropriateGenericPutByIdFunction):
718         (JSC::appropriateListBuildingPutByIdFunction):
719         (JSC::resetPutByID):
720
721 2013-10-18  Oliver Hunt  <oliver@apple.com>
722
723         Spread operator should be performing direct "puts" and not triggering setters
724         https://bugs.webkit.org/show_bug.cgi?id=123047
725
726         Reviewed by Geoffrey Garen.
727
728         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
729         to array construct.  This required a new PutByValDirect node to be introduced to
730         the DFG.  The current implementation simply changes the slow path function that
731         is called, but in future this could be made faster as it does not need to check
732         the prototype chain.
733
734         * bytecode/CodeBlock.cpp:
735         (JSC::CodeBlock::dumpBytecode):
736         (JSC::CodeBlock::CodeBlock):
737         * bytecode/Opcode.h:
738         (JSC::padOpcodeName):
739         * bytecompiler/BytecodeGenerator.cpp:
740         (JSC::BytecodeGenerator::emitDirectPutByVal):
741         * bytecompiler/BytecodeGenerator.h:
742         * bytecompiler/NodesCodegen.cpp:
743         (JSC::ArrayNode::emitBytecode):
744         * dfg/DFGAbstractInterpreterInlines.h:
745         (JSC::DFG::::executeEffects):
746         * dfg/DFGBackwardsPropagationPhase.cpp:
747         (JSC::DFG::BackwardsPropagationPhase::propagate):
748         * dfg/DFGByteCodeParser.cpp:
749         (JSC::DFG::ByteCodeParser::parseBlock):
750         * dfg/DFGCSEPhase.cpp:
751         (JSC::DFG::CSEPhase::getArrayLengthElimination):
752         (JSC::DFG::CSEPhase::getByValLoadElimination):
753         (JSC::DFG::CSEPhase::checkStructureElimination):
754         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
755         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
756         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
757         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
758         (JSC::DFG::CSEPhase::performNodeCSE):
759         * dfg/DFGCapabilities.cpp:
760         (JSC::DFG::capabilityLevel):
761         * dfg/DFGClobberize.h:
762         (JSC::DFG::clobberize):
763         * dfg/DFGFixupPhase.cpp:
764         (JSC::DFG::FixupPhase::fixupNode):
765         * dfg/DFGGraph.h:
766         (JSC::DFG::Graph::clobbersWorld):
767         * dfg/DFGNode.h:
768         (JSC::DFG::Node::hasArrayMode):
769         * dfg/DFGNodeType.h:
770         * dfg/DFGOperations.cpp:
771         (JSC::DFG::putByVal):
772         (JSC::DFG::operationPutByValInternal):
773         * dfg/DFGOperations.h:
774         * dfg/DFGPredictionPropagationPhase.cpp:
775         (JSC::DFG::PredictionPropagationPhase::propagate):
776         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
777         * dfg/DFGSafeToExecute.h:
778         (JSC::DFG::safeToExecute):
779         * dfg/DFGSpeculativeJIT32_64.cpp:
780         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
781         (JSC::DFG::SpeculativeJIT::compile):
782         * dfg/DFGSpeculativeJIT64.cpp:
783         (JSC::DFG::SpeculativeJIT::compile):
784         * dfg/DFGTypeCheckHoistingPhase.cpp:
785         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
786         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
787         * jit/JIT.cpp:
788         (JSC::JIT::privateCompileMainPass):
789         (JSC::JIT::privateCompileSlowCases):
790         * jit/JIT.h:
791         (JSC::JIT::compileDirectPutByVal):
792         * jit/JITOperations.cpp:
793         * jit/JITOperations.h:
794         * jit/JITPropertyAccess.cpp:
795         (JSC::JIT::emitSlow_op_put_by_val):
796         (JSC::JIT::privateCompilePutByVal):
797         * jit/JITPropertyAccess32_64.cpp:
798         (JSC::JIT::emitSlow_op_put_by_val):
799         * llint/LLIntSlowPaths.cpp:
800         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
801         * llint/LLIntSlowPaths.h:
802         * llint/LowLevelInterpreter32_64.asm:
803         * llint/LowLevelInterpreter64.asm:
804
805 2013-10-18  Daniel Bates  <dabates@apple.com>
806
807         [iOS] Export symbol for VM::sharedInstanceExists()
808         https://bugs.webkit.org/show_bug.cgi?id=123046
809
810         Reviewed by Mark Hahnenberg.
811
812         * runtime/VM.h:
813
814 2013-10-18  Daniel Bates  <dabates@apple.com>
815
816         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
817         https://bugs.webkit.org/show_bug.cgi?id=123049
818
819         Reviewed by Mark Hahnenberg.
820
821         * heap/Heap.cpp:
822         (JSC::Heap::setIncrementalSweeper):
823         * heap/Heap.h:
824         * heap/HeapTimer.h:
825         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
826         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
827         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
828         (duplicates the include in the .cpp).
829         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
830         making use of this now, but we'll make use of it in a subsequent patch.
831
832 2013-10-18  Anders Carlsson  <andersca@apple.com>
833
834         Remove spaces between template angle brackets
835         https://bugs.webkit.org/show_bug.cgi?id=123040
836
837         Reviewed by Andreas Kling.
838
839         * API/JSCallbackObject.cpp:
840         (JSC::::create):
841         * API/JSObjectRef.cpp:
842         * bytecode/CodeBlock.h:
843         (JSC::CodeBlock::constants):
844         (JSC::CodeBlock::setConstantRegisters):
845         * bytecode/DFGExitProfile.h:
846         * bytecode/EvalCodeCache.h:
847         * bytecode/Operands.h:
848         * bytecode/UnlinkedCodeBlock.h:
849         (JSC::UnlinkedCodeBlock::constantRegisters):
850         * bytecode/Watchpoint.h:
851         * bytecompiler/BytecodeGenerator.h:
852         * bytecompiler/StaticPropertyAnalysis.h:
853         * bytecompiler/StaticPropertyAnalyzer.h:
854         * dfg/DFGArgumentsSimplificationPhase.cpp:
855         * dfg/DFGBlockInsertionSet.h:
856         * dfg/DFGCSEPhase.cpp:
857         (JSC::DFG::performCSE):
858         (JSC::DFG::performStoreElimination):
859         * dfg/DFGCommonData.h:
860         * dfg/DFGDesiredStructureChains.h:
861         * dfg/DFGDesiredWatchpoints.h:
862         * dfg/DFGJITCompiler.h:
863         * dfg/DFGOSRExitCompiler32_64.cpp:
864         (JSC::DFG::OSRExitCompiler::compileExit):
865         * dfg/DFGOSRExitCompiler64.cpp:
866         (JSC::DFG::OSRExitCompiler::compileExit):
867         * dfg/DFGWorklist.h:
868         * heap/BlockAllocator.h:
869         (JSC::CopiedBlock):
870         (JSC::MarkedBlock):
871         (JSC::WeakBlock):
872         (JSC::MarkStackSegment):
873         (JSC::CopyWorkListSegment):
874         (JSC::HandleBlock):
875         * heap/Heap.h:
876         * heap/Local.h:
877         * heap/MarkedBlock.h:
878         * heap/Strong.h:
879         * jit/AssemblyHelpers.cpp:
880         (JSC::AssemblyHelpers::decodedCodeMapFor):
881         * jit/AssemblyHelpers.h:
882         * jit/SpecializedThunkJIT.h:
883         * parser/Nodes.h:
884         * parser/Parser.cpp:
885         (JSC::::parseIfStatement):
886         * parser/Parser.h:
887         (JSC::Scope::copyCapturedVariablesToVector):
888         (JSC::parse):
889         * parser/ParserArena.h:
890         * parser/SourceProviderCacheItem.h:
891         * profiler/LegacyProfiler.cpp:
892         (JSC::dispatchFunctionToProfiles):
893         * profiler/LegacyProfiler.h:
894         (JSC::LegacyProfiler::currentProfiles):
895         * profiler/ProfileNode.h:
896         (JSC::ProfileNode::children):
897         * profiler/ProfilerDatabase.h:
898         * runtime/Butterfly.h:
899         (JSC::Butterfly::contiguousInt32):
900         (JSC::Butterfly::contiguous):
901         * runtime/GenericTypedArrayViewInlines.h:
902         (JSC::::create):
903         * runtime/Identifier.h:
904         (JSC::Identifier::add):
905         * runtime/JSPromise.h:
906         * runtime/PropertyMapHashTable.h:
907         * runtime/PropertyNameArray.h:
908         * runtime/RegExpCache.h:
909         * runtime/SparseArrayValueMap.h:
910         * runtime/SymbolTable.h:
911         * runtime/VM.h:
912         * tools/CodeProfile.cpp:
913         (JSC::truncateTrace):
914         * tools/CodeProfile.h:
915         * yarr/YarrInterpreter.cpp:
916         * yarr/YarrInterpreter.h:
917         (JSC::Yarr::BytecodePattern::BytecodePattern):
918         * yarr/YarrJIT.cpp:
919         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
920         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
921         (JSC::Yarr::YarrGenerator::opCompileBody):
922         * yarr/YarrPattern.cpp:
923         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
924         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
925         * yarr/YarrPattern.h:
926
927 2013-10-18  Mark Lam  <mark.lam@apple.com>
928
929         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
930         https://bugs.webkit.org/show_bug.cgi?id=123037.
931
932         Reviewed by Geoffrey Garen.
933
934         * jit/JITStubsMSVC64.asm:
935         * jit/JITStubsX86.h:
936         * jit/JITStubsX86_64.h:
937
938 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
939
940         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
941         https://bugs.webkit.org/show_bug.cgi?id=121661
942
943         Reviewed by Mark Hahnenberg.
944         
945         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
946         so I added a return-early check using isCompilationThread().
947         
948         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
949         it is describing: m_offset and the property table. Most structures only have m_offset and report
950         null for the property table. If the property table is there, it will tell you additional
951         information and that information subsumes m_offset - but the m_offset is still there. So, when
952         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
953         machinery to do this.
954         
955         Changing the property table only happens on the main thread.
956         
957         Because the machinery to change the property table is so complex, especially with respect to
958         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
959         called at key points before and after changes to the property table or the offset.
960
961         Most clients of Structure who care about object layout, including the concurrent thread, will
962         want to know m_offset and not the property table. If they want the property table, they will
963         already be super careful. The concurrent thread has special methods for this, like
964         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
965         view of the property table.
966         
967         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
968         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
969         
970         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
971         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
972         because we have found that it helps quickly identify situations where the property table and
973         m_offset get out of sync - mainly because code that changes either of those things will usually
974         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
975         need the property table; it uses the m_offset. The concurrent JIT is correct to call
976         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
977         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
978         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
979         locks, and that same structure is having its property table modified by the main thread, we end
980         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
981         property table modified - instead what happens is that some downstream structure steals the
982         property table and then starts adding things to it. The concurrent thread loads the property
983         table before it's stolen, and hence the badness.
984         
985         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
986         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
987         and then you have a possible crash.
988         
989         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
990         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
991         it's in the concurrent JIT.
992         
993         * runtime/StructureInlines.h:
994         (JSC::Structure::checkOffsetConsistency):
995
996 2013-10-18  Daniel Bates  <dabates@apple.com>
997
998         Add SPI to disable the garbage collector timer
999         https://bugs.webkit.org/show_bug.cgi?id=122921
1000
1001         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
1002         omitted.
1003
1004         * heap/Heap.cpp:
1005         (JSC::Heap::setGarbageCollectionTimerEnabled):
1006
1007 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1008
1009         Group 64-bit specific and 32-bit specific callOperation implementations.
1010         https://bugs.webkit.org/show_bug.cgi?id=123024
1011
1012         Reviewed by Michael Saboff.
1013
1014         This is not a big deal, but could be less confusing when reading the code.
1015
1016         * jit/JITInlines.h:
1017         (JSC::JIT::callOperation):
1018         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1019         (JSC::JIT::callOperationNoExceptionCheck):
1020
1021 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1022
1023         Fix a FlushLiveness problem.
1024         https://bugs.webkit.org/show_bug.cgi?id=122984
1025
1026         Reviewed by Filip Pizlo.
1027
1028         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1029         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1030
1031 2013-10-18  Michael Saboff  <msaboff@apple.com>
1032
1033         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1034         https://bugs.webkit.org/show_bug.cgi?id=122982
1035
1036         Reviewed by Geoffrey Garen.
1037
1038         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1039         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1040         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1041         in the process.
1042
1043         * dfg/DFGJITCompiler.cpp:
1044         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1045         * jit/CCallHelpers.h:
1046         (JSC::CCallHelpers::jumpToExceptionHandler):
1047         * jit/JIT.cpp:
1048         (JSC::JIT::privateCompileExceptionHandlers):
1049         * jit/JIT.h:
1050         * jit/JITExceptions.cpp:
1051         (JSC::genericUnwind):
1052         * jit/JITExceptions.h:
1053         * jit/JITInlines.h:
1054         (JSC::JIT::callOperationNoExceptionCheck):
1055         * jit/JITOpcodes.cpp:
1056         (JSC::JIT::emit_op_throw):
1057         * jit/JITOpcodes32_64.cpp:
1058         (JSC::JIT::privateCompileCTINativeCall):
1059         (JSC::JIT::emit_op_throw):
1060         * jit/JITOperations.cpp:
1061         * jit/JITOperations.h:
1062         * jit/JITStubs.cpp:
1063         * jit/JITStubs.h:
1064         * jit/JITStubsARM.h:
1065         * jit/JITStubsARM64.h:
1066         * jit/JITStubsARMv7.h:
1067         * jit/JITStubsMIPS.h:
1068         * jit/JITStubsMSVC64.asm:
1069         * jit/JITStubsSH4.h:
1070         * jit/JITStubsX86.h:
1071         * jit/JITStubsX86_64.h:
1072         * jit/Repatch.cpp:
1073         (JSC::tryBuildGetByIDList):
1074         * jit/SlowPathCall.h:
1075         (JSC::JITSlowPathCall::call):
1076         * jit/ThunkGenerators.cpp:
1077         (JSC::throwExceptionFromCallSlowPathGenerator):
1078         (JSC::nativeForGenerator):
1079         * runtime/VM.h:
1080         (JSC::VM::callFrameForThrowOffset):
1081         (JSC::VM::targetMachinePCForThrowOffset):
1082
1083 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1084
1085         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1086         https://bugs.webkit.org/show_bug.cgi?id=123023
1087
1088         Reviewed by Michael Saboff.
1089
1090         * jit/JITInlines.h:
1091         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1092         using EABI_32BIT_DUMMY_ARG here.
1093
1094 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1095
1096         Unreviewed, another ARM64 build fix.
1097         
1098         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1099         on ARM64 and none of its uses are legit - they should all be using
1100         andPtr(TrustedImm32, blah) anyway.
1101
1102         * assembler/MacroAssembler.h:
1103         * assembler/MacroAssemblerARM64.h:
1104         * dfg/DFGJITCompiler.cpp:
1105         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1106         * jit/JIT.cpp:
1107         (JSC::JIT::privateCompileExceptionHandlers):
1108
1109 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1110
1111         Unreviewed, speculative ARM64 build fix.
1112         
1113         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1114         implemented. So, you have to use TrustedImmPtr in the superclasses.
1115
1116         * assembler/MacroAssemblerARM64.h:
1117         (JSC::MacroAssemblerARM64::store8):
1118         (JSC::MacroAssemblerARM64::branchTest8):
1119
1120 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1121
1122         Unreviewed, speculative ARM build fix.
1123         https://bugs.webkit.org/show_bug.cgi?id=122890
1124         <rdar://problem/15258624>
1125
1126         * assembler/ARM64Assembler.h:
1127         (JSC::ARM64Assembler::firstRegister):
1128         (JSC::ARM64Assembler::lastRegister):
1129         (JSC::ARM64Assembler::firstFPRegister):
1130         (JSC::ARM64Assembler::lastFPRegister):
1131         * assembler/MacroAssemblerARM64.h:
1132         * assembler/MacroAssemblerARMv7.h:
1133
1134 2013-10-17  Andreas Kling  <akling@apple.com>
1135
1136         Pass VM instead of JSGlobalObject to JSONObject constructor.
1137         <https://webkit.org/b/122999>
1138
1139         JSONObject was only use the JSGlobalObject to grab at the VM.
1140         Dodge a few loads by passing the VM directly instead.
1141
1142         Reviewed by Geoffrey Garen.
1143
1144         * runtime/JSONObject.cpp:
1145         (JSC::JSONObject::JSONObject):
1146         (JSC::JSONObject::finishCreation):
1147         * runtime/JSONObject.h:
1148         (JSC::JSONObject::create):
1149
1150 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1151
1152         Removed the JITStackFrame struct
1153         https://bugs.webkit.org/show_bug.cgi?id=123001
1154
1155         Reviewed by Anders Carlsson.
1156
1157         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1158         our helper functions obey the C function call ABI.
1159
1160 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1161
1162         Removed an unused #define
1163         https://bugs.webkit.org/show_bug.cgi?id=123000
1164
1165         Reviewed by Anders Carlsson.
1166
1167         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1168         since it is unused now. This is a step toward using the C stack.
1169
1170 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1171
1172         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1173         https://bugs.webkit.org/show_bug.cgi?id=122973
1174
1175         Reviewed by Michael Saboff.
1176
1177         * jit/ThunkGenerators.cpp:
1178         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1179         so I removed it.
1180
1181         The code acted as if it needed to pass an argument to
1182         lookupExceptionHandler, and as if it passed that argument to itself
1183         through JITStackFrame. However, lookupExceptionHandler does not take
1184         an argument (other than the default ExecState argument), and the code
1185         did not initialize the thing that it thought it passed to itself!
1186
1187 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1188
1189         Run JavaScriptCore tests again on Windows.
1190         https://bugs.webkit.org/show_bug.cgi?id=122787
1191
1192         Reviewed by Tim Horton.
1193
1194         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1195         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1196
1197 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1198
1199         Removed restoreArgumentReference (another use of JITStackFrame)
1200         https://bugs.webkit.org/show_bug.cgi?id=122997
1201
1202         Reviewed by Oliver Hunt.
1203
1204         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1205         toward using the C stack.
1206
1207 2013-10-17  Oliver Hunt  <oliver@apple.com>
1208
1209         Remove JITStubCall.h
1210         https://bugs.webkit.org/show_bug.cgi?id=122991
1211
1212         Reviewed by Geoff Garen.
1213
1214         Happily this is no longer used
1215
1216         * GNUmakefile.list.am:
1217         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1218         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1219         * JavaScriptCore.xcodeproj/project.pbxproj:
1220         * jit/JIT.cpp:
1221         * jit/JITArithmetic.cpp:
1222         * jit/JITArithmetic32_64.cpp:
1223         * jit/JITCall.cpp:
1224         * jit/JITCall32_64.cpp:
1225         * jit/JITOpcodes.cpp:
1226         * jit/JITOpcodes32_64.cpp:
1227         * jit/JITPropertyAccess.cpp:
1228         * jit/JITPropertyAccess32_64.cpp:
1229         * jit/JITStubCall.h: Removed.
1230
1231 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1232
1233         Removed a use of JITSTACKFRAME_ARGS_INDEX
1234         https://bugs.webkit.org/show_bug.cgi?id=122989
1235
1236         Reviewed by Oliver Hunt.
1237
1238         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1239         to using the C stack.
1240
1241 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1242
1243         Change emit_op_catch to use another method to materialize VM
1244         https://bugs.webkit.org/show_bug.cgi?id=122977
1245
1246         Reviewed by Oliver Hunt.
1247
1248         * jit/JITOpcodes.cpp:
1249         (JSC::JIT::emit_op_catch):
1250         * jit/JITOpcodes32_64.cpp:
1251         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1252         on JITStackFrame. It is also faster and simpler.
1253
1254 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1255
1256         Eliminate emitGetJITStubArg() - dead code
1257         https://bugs.webkit.org/show_bug.cgi?id=122975
1258
1259         Reviewed by Anders Carlsson.
1260
1261         * jit/JIT.h:
1262         * jit/JITInlines.h: Removed unused, deprecated function.
1263
1264 2013-10-17  Mark Lam  <mark.lam@apple.com>
1265
1266         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1267         https://bugs.webkit.org/show_bug.cgi?id=122979.
1268
1269         Reviewed by Michael Saboff.
1270
1271         * jit/JITStubs.cpp:
1272         * jit/JITStubs.h:
1273         * jit/JITStubsARM.h:
1274         * jit/JITStubsARM64.h:
1275         * jit/JITStubsARMv7.h:
1276         * jit/JITStubsMIPS.h:
1277         * jit/JITStubsSH4.h:
1278         * jit/JITStubsX86.h:
1279         * jit/JITStubsX86_64.h:
1280         * runtime/VM.cpp:
1281         (JSC::VM::VM):
1282
1283 2013-10-17  Michael Saboff  <msaboff@apple.com>
1284
1285         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1286         https://bugs.webkit.org/show_bug.cgi?id=122974
1287
1288         Reviewed by Geoffrey Garen.
1289
1290         Eliminated unneeded storing to JITStackFrame.
1291
1292         * dfg/DFGJITCompiler.cpp:
1293         (JSC::DFG::JITCompiler::compileFunction):
1294
1295 2013-10-17  Michael Saboff  <msaboff@apple.com>
1296
1297         Transition cti_op_throw and cti_vm_throw to a JIT operation
1298         https://bugs.webkit.org/show_bug.cgi?id=122931
1299
1300         Reviewed by Filip Pizlo.
1301
1302         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1303         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1304         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1305         callOperation to handle the need to provide space for structure return value.
1306
1307         * jit/JIT.h:
1308         * jit/JITInlines.h:
1309         (JSC::JIT::callOperation):
1310         * jit/JITOpcodes.cpp:
1311         (JSC::JIT::emit_op_throw):
1312         * jit/JITOpcodes32_64.cpp:
1313         (JSC::JIT::emit_op_throw):
1314         (JSC::JIT::emit_op_catch):
1315         * jit/JITOperations.cpp:
1316         * jit/JITOperations.h:
1317         * jit/JITStubs.cpp:
1318         * jit/JITStubs.h:
1319         * jit/JITStubsARM.h:
1320         * jit/JITStubsARM64.h:
1321         * jit/JITStubsARMv7.h:
1322         * jit/JITStubsMIPS.h:
1323         * jit/JITStubsMSVC64.asm:
1324         * jit/JITStubsSH4.h:
1325         * jit/JITStubsX86.h:
1326         * jit/JITStubsX86_64.h:
1327         * jit/JSInterfaceJIT.h:
1328
1329 2013-10-17  Mark Lam  <mark.lam@apple.com>
1330
1331         Remove JITStackFrame references in the C Loop LLINT.
1332         https://bugs.webkit.org/show_bug.cgi?id=122950.
1333
1334         Reviewed by Michael Saboff.
1335
1336         * jit/JITStubs.h:
1337         * llint/LowLevelInterpreter.cpp:
1338         (JSC::CLoop::execute):
1339         * offlineasm/cloop.rb:
1340
1341 2013-10-17  Mark Lam  <mark.lam@apple.com>
1342
1343         Remove JITStackFrame references in JIT probes.
1344         https://bugs.webkit.org/show_bug.cgi?id=122947.
1345
1346         Reviewed by Michael Saboff.
1347
1348         * assembler/MacroAssemblerARM.cpp:
1349         (JSC::MacroAssemblerARM::ProbeContext::dump):
1350         * assembler/MacroAssemblerARM.h:
1351         * assembler/MacroAssemblerARMv7.cpp:
1352         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1353         * assembler/MacroAssemblerARMv7.h:
1354         * assembler/MacroAssemblerX86Common.cpp:
1355         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1356         * assembler/MacroAssemblerX86Common.h:
1357         * jit/JITStubsARM.h:
1358         * jit/JITStubsARMv7.h:
1359         * jit/JITStubsX86.h:
1360         * jit/JITStubsX86Common.h:
1361         * jit/JITStubsX86_64.h:
1362
1363 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1364
1365         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1366         https://bugs.webkit.org/show_bug.cgi?id=122949
1367
1368         Reviewed by Andreas Kling.
1369
1370         * jit/CCallHelpers.h:
1371         (JSC::CCallHelpers::setupArgumentsWithExecState):
1372
1373 2013-10-16  Mark Lam  <mark.lam@apple.com>
1374
1375         Transition remaining op_get* JITStubs to JIT operations.
1376         https://bugs.webkit.org/show_bug.cgi?id=122925.
1377
1378         Reviewed by Geoffrey Garen.
1379
1380         Transitioning:
1381             cti_op_get_by_id_generic
1382             cti_op_get_by_val
1383             cti_op_get_by_val_generic
1384             cti_op_get_by_val_string
1385
1386         * dfg/DFGOperations.cpp:
1387         * dfg/DFGOperations.h:
1388         * jit/JIT.h:
1389         * jit/JITInlines.h:
1390         (JSC::JIT::callOperation):
1391         * jit/JITOpcodes.cpp:
1392         (JSC::JIT::emitSlow_op_get_arguments_length):
1393         (JSC::JIT::emitSlow_op_get_argument_by_val):
1394         * jit/JITOpcodes32_64.cpp:
1395         (JSC::JIT::emitSlow_op_get_arguments_length):
1396         (JSC::JIT::emitSlow_op_get_argument_by_val):
1397         * jit/JITOperations.cpp:
1398         * jit/JITOperations.h:
1399         * jit/JITPropertyAccess.cpp:
1400         (JSC::JIT::emitSlow_op_get_by_val):
1401         (JSC::JIT::emitSlow_op_get_by_pname):
1402         (JSC::JIT::privateCompileGetByVal):
1403         * jit/JITPropertyAccess32_64.cpp:
1404         (JSC::JIT::emitSlow_op_get_by_val):
1405         (JSC::JIT::emitSlow_op_get_by_pname):
1406         * jit/JITStubs.cpp:
1407         * jit/JITStubs.h:
1408         * runtime/Executable.cpp:
1409         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1410         * runtime/Options.cpp:
1411         (JSC::Options::initialize):
1412
1413 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1414
1415         Introduce WTF::Bag and start using it for InlineCallFrameSet
1416         https://bugs.webkit.org/show_bug.cgi?id=122941
1417
1418         Reviewed by Geoffrey Garen.
1419         
1420         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1421         SegmentedVectors into Bags as well.
1422
1423         * bytecode/InlineCallFrameSet.cpp:
1424         (JSC::InlineCallFrameSet::add):
1425         * bytecode/InlineCallFrameSet.h:
1426         (JSC::InlineCallFrameSet::begin):
1427         (JSC::InlineCallFrameSet::end):
1428         * dfg/DFGArgumentsSimplificationPhase.cpp:
1429         (JSC::DFG::ArgumentsSimplificationPhase::run):
1430         * dfg/DFGJITCompiler.cpp:
1431         (JSC::DFG::JITCompiler::link):
1432         * dfg/DFGStackLayoutPhase.cpp:
1433         (JSC::DFG::StackLayoutPhase::run):
1434         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1435         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1436
1437 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1438
1439         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1440         https://bugs.webkit.org/show_bug.cgi?id=122905
1441         <rdar://problem/15237856>
1442
1443         Reviewed by Michael Saboff.
1444         
1445         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1446         then always call it to install something that calls CRASH().
1447
1448         * llvm/InitializeLLVM.cpp:
1449         (JSC::llvmCrash):
1450         (JSC::initializeLLVMOnce):
1451         (JSC::initializeLLVM):
1452         * llvm/LLVMAPIFunctions.h:
1453
1454 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1455
1456         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1457         https://bugs.webkit.org/show_bug.cgi?id=122938
1458
1459         Reviewed by Sam Weinig.
1460         
1461         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1462
1463         * jit/Repatch.cpp:
1464         (JSC::tryBuildGetByIDList):
1465
1466 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1467
1468         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1469         https://bugs.webkit.org/show_bug.cgi?id=122937
1470
1471         Reviewed by Geoffrey Garen.
1472         
1473         JITStubCall used to do it.
1474         
1475         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1476
1477         * jit/JIT.h:
1478         (JSC::JIT::appendCall):
1479
1480 2013-10-16  Michael Saboff  <msaboff@apple.com>
1481
1482         transition void cti_op_put_by_val* stubs to JIT operations
1483         https://bugs.webkit.org/show_bug.cgi?id=122903
1484
1485         Reviewed by Geoffrey Garen.
1486
1487         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1488         operationPutByValGeneric.
1489
1490         * jit/CCallHelpers.h:
1491         (JSC::CCallHelpers::setupArgumentsWithExecState):
1492         * jit/JIT.h:
1493         * jit/JITInlines.h:
1494         (JSC::JIT::callOperation):
1495         * jit/JITOperations.cpp:
1496         * jit/JITOperations.h:
1497         * jit/JITPropertyAccess.cpp:
1498         (JSC::JIT::emitSlow_op_put_by_val):
1499         (JSC::JIT::privateCompilePutByVal):
1500         * jit/JITPropertyAccess32_64.cpp:
1501         (JSC::JIT::emitSlow_op_put_by_val):
1502         * jit/JITStubs.cpp:
1503         * jit/JITStubs.h:
1504         * jit/JSInterfaceJIT.h:
1505
1506 2013-10-16  Oliver Hunt  <oliver@apple.com>
1507
1508         Implement ES6 spread operator
1509         https://bugs.webkit.org/show_bug.cgi?id=122911
1510
1511         Reviewed by Michael Saboff.
1512
1513         Implement the ES6 spread operator
1514
1515         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1516         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1517         driven.
1518
1519         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1520         and actually handling the spread.
1521
1522         * bytecompiler/BytecodeGenerator.cpp:
1523         (JSC::BytecodeGenerator::emitNewArray):
1524         (JSC::BytecodeGenerator::emitCall):
1525         (JSC::BytecodeGenerator::emitEnumeration):
1526         * bytecompiler/BytecodeGenerator.h:
1527         * bytecompiler/NodesCodegen.cpp:
1528         (JSC::ArrayNode::emitBytecode):
1529         (JSC::ForOfNode::emitBytecode):
1530         (JSC::SpreadExpressionNode::emitBytecode):
1531         * parser/ASTBuilder.h:
1532         (JSC::ASTBuilder::createSpreadExpression):
1533         * parser/Lexer.cpp:
1534         (JSC::::lex):
1535         * parser/NodeConstructors.h:
1536         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1537         * parser/Nodes.h:
1538         (JSC::ExpressionNode::isSpreadExpression):
1539         (JSC::SpreadExpressionNode::expression):
1540         * parser/Parser.cpp:
1541         (JSC::::parseArrayLiteral):
1542         (JSC::::parseArguments):
1543         (JSC::::parseMemberExpression):
1544         * parser/Parser.h:
1545         (JSC::Parser::getTokenName):
1546         (JSC::Parser::updateErrorMessageSpecialCase):
1547         * parser/ParserTokens.h:
1548         * parser/SyntaxChecker.h:
1549         (JSC::SyntaxChecker::createSpreadExpression):
1550
1551 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1552
1553         Add a useLLInt option to jsc
1554         https://bugs.webkit.org/show_bug.cgi?id=122930
1555
1556         Reviewed by Geoffrey Garen.
1557
1558         * runtime/Executable.cpp:
1559         (JSC::setupLLInt):
1560         (JSC::setupJIT):
1561         (JSC::ScriptExecutable::prepareForExecutionImpl):
1562         * runtime/Options.h:
1563
1564 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1565
1566         Build fix.
1567
1568         Forgot to svn add DeferGC.cpp
1569
1570         * heap/DeferGC.cpp: Added.
1571
1572 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1573
1574         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1575         https://bugs.webkit.org/show_bug.cgi?id=122902
1576
1577         Reviewed by Mark Hahnenberg.
1578         
1579         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1580         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1581         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1582         didn't. Turns out that there's even a helpful method,
1583         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1584
1585         * jit/Repatch.cpp:
1586         (JSC::tryCachePutByID):
1587
1588 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1589
1590         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1591         https://bugs.webkit.org/show_bug.cgi?id=122667
1592
1593         Reviewed by Geoffrey Garen.
1594
1595         The issue this patch is attempting to fix is that there are places in our codebase
1596         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1597         operations that can initiate a garbage collection. Garbage collection then calls 
1598         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1599         always necessarily run during garbage collection). This causes a deadlock.
1600  
1601         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1602         into a thread-local field that indicates that it is unsafe to perform any operation 
1603         that could trigger garbage collection on the current thread. In debug builds, 
1604         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1605         detect deadlocks.
1606  
1607         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1608         which uses the DeferGC mechanism to prevent collections from occurring while the 
1609         lock is held.
1610
1611         * CMakeLists.txt:
1612         * GNUmakefile.list.am:
1613         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1614         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1615         * JavaScriptCore.xcodeproj/project.pbxproj:
1616         * heap/DeferGC.h:
1617         (JSC::DisallowGC::DisallowGC):
1618         (JSC::DisallowGC::~DisallowGC):
1619         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1620         (JSC::DisallowGC::initialize):
1621         * jit/Repatch.cpp:
1622         (JSC::repatchPutByID):
1623         (JSC::buildPutByIdList):
1624         * llint/LLIntSlowPaths.cpp:
1625         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1626         * runtime/ConcurrentJITLock.h:
1627         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1628         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1629         (JSC::ConcurrentJITLockerBase::unlockEarly):
1630         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1631         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1632         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1633         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1634         * runtime/InitializeThreading.cpp:
1635         (JSC::initializeThreadingOnce):
1636         * runtime/JSCellInlines.h:
1637         (JSC::allocateCell):
1638         * runtime/JSSymbolTableObject.h:
1639         (JSC::symbolTablePut):
1640         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1641         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1642         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1643         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1644         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1645         the Structure.
1646         (JSC::Structure::materializePropertyMap):
1647         (JSC::Structure::despecifyDictionaryFunction):
1648         (JSC::Structure::changePrototypeTransition):
1649         (JSC::Structure::despecifyFunctionTransition):
1650         (JSC::Structure::attributeChangeTransition):
1651         (JSC::Structure::toDictionaryTransition):
1652         (JSC::Structure::preventExtensionsTransition):
1653         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1654         (JSC::Structure::isSealed):
1655         (JSC::Structure::isFrozen):
1656         (JSC::Structure::addPropertyWithoutTransition):
1657         (JSC::Structure::removePropertyWithoutTransition):
1658         (JSC::Structure::get):
1659         (JSC::Structure::despecifyFunction):
1660         (JSC::Structure::despecifyAllFunctions):
1661         (JSC::Structure::putSpecificValue):
1662         (JSC::Structure::createPropertyMap):
1663         (JSC::Structure::getPropertyNamesFromStructure):
1664         * runtime/Structure.h:
1665         (JSC::Structure::materializePropertyMapIfNecessary):
1666         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1667         * runtime/StructureInlines.h:
1668         (JSC::Structure::get):
1669         * runtime/SymbolTable.h:
1670         (JSC::SymbolTable::find):
1671         (JSC::SymbolTable::end):
1672
1673 2013-10-16  Daniel Bates  <dabates@apple.com>
1674
1675         Add SPI to disable the garbage collector timer
1676         https://bugs.webkit.org/show_bug.cgi?id=122921
1677
1678         Reviewed by Geoffrey Garen.
1679
1680         Based on a patch by Mark Hahnenberg.
1681
1682         * API/JSBase.cpp:
1683         (JSDisableGCTimer): Added; SPI function.
1684         * API/JSBasePrivate.h:
1685         * heap/BlockAllocator.cpp:
1686         (JSC::createBlockFreeingThread): Added.
1687         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1688         to conditionally create the "block freeing" thread depending on the value of
1689         GCActivityCallback::s_shouldCreateGCTimer.
1690         (JSC::BlockAllocator::~BlockAllocator):
1691         * heap/BlockAllocator.h:
1692         (JSC::BlockAllocator::deallocate):
1693         * heap/Heap.cpp:
1694         (JSC::Heap::didAbandon):
1695         (JSC::Heap::collect):
1696         (JSC::Heap::didAllocate):
1697         * heap/HeapTimer.cpp:
1698         (JSC::HeapTimer::timerDidFire):
1699         * runtime/GCActivityCallback.cpp:
1700         * runtime/GCActivityCallback.h:
1701         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1702         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1703         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1704
1705 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1706
1707         Unreviewed, rolling out r157529.
1708         http://trac.webkit.org/changeset/157529
1709         https://bugs.webkit.org/show_bug.cgi?id=122919
1710
1711         Caused score test failures and some build failures. (Requested
1712         by rfong on #webkit).
1713
1714         * bytecompiler/BytecodeGenerator.cpp:
1715         (JSC::BytecodeGenerator::emitNewArray):
1716         (JSC::BytecodeGenerator::emitCall):
1717         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1718         * bytecompiler/BytecodeGenerator.h:
1719         * bytecompiler/NodesCodegen.cpp:
1720         (JSC::ArrayNode::emitBytecode):
1721         (JSC::CallArguments::CallArguments):
1722         (JSC::ForOfNode::emitBytecode):
1723         (JSC::BindingNode::collectBoundIdentifiers):
1724         * parser/ASTBuilder.h:
1725         * parser/Lexer.cpp:
1726         (JSC::::lex):
1727         * parser/NodeConstructors.h:
1728         (JSC::DotAccessorNode::DotAccessorNode):
1729         * parser/Nodes.h:
1730         * parser/Parser.cpp:
1731         (JSC::::parseArrayLiteral):
1732         (JSC::::parseArguments):
1733         (JSC::::parseMemberExpression):
1734         * parser/Parser.h:
1735         (JSC::Parser::getTokenName):
1736         (JSC::Parser::updateErrorMessageSpecialCase):
1737         * parser/ParserTokens.h:
1738         * parser/SyntaxChecker.h:
1739
1740 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1741
1742         Remove useless architecture specific implementation in DFG.
1743         https://bugs.webkit.org/show_bug.cgi?id=122917.
1744
1745         Reviewed by Michael Saboff.
1746
1747         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1748         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1749
1750         * dfg/DFGSpeculativeJIT.h:
1751
1752 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1753
1754         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1755         https://bugs.webkit.org/show_bug.cgi?id=122916.
1756
1757         Reviewed by Michael Saboff.
1758
1759         This architecture specific function is not used anymore, so get rid of it.
1760
1761         * jit/JIT.h:
1762         * jit/JITInlines.h:
1763
1764 2013-10-16  Oliver Hunt  <oliver@apple.com>
1765
1766         Implement ES6 spread operator
1767         https://bugs.webkit.org/show_bug.cgi?id=122911
1768
1769         Reviewed by Michael Saboff.
1770
1771         Implement the ES6 spread operator
1772
1773         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1774         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1775         driven.
1776
1777         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1778         and actually handling the spread.
1779
1780         * bytecompiler/BytecodeGenerator.cpp:
1781         (JSC::BytecodeGenerator::emitNewArray):
1782         (JSC::BytecodeGenerator::emitCall):
1783         (JSC::BytecodeGenerator::emitEnumeration):
1784         * bytecompiler/BytecodeGenerator.h:
1785         * bytecompiler/NodesCodegen.cpp:
1786         (JSC::ArrayNode::emitBytecode):
1787         (JSC::ForOfNode::emitBytecode):
1788         (JSC::SpreadExpressionNode::emitBytecode):
1789         * parser/ASTBuilder.h:
1790         (JSC::ASTBuilder::createSpreadExpression):
1791         * parser/Lexer.cpp:
1792         (JSC::::lex):
1793         * parser/NodeConstructors.h:
1794         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1795         * parser/Nodes.h:
1796         (JSC::ExpressionNode::isSpreadExpression):
1797         (JSC::SpreadExpressionNode::expression):
1798         * parser/Parser.cpp:
1799         (JSC::::parseArrayLiteral):
1800         (JSC::::parseArguments):
1801         (JSC::::parseMemberExpression):
1802         * parser/Parser.h:
1803         (JSC::Parser::getTokenName):
1804         (JSC::Parser::updateErrorMessageSpecialCase):
1805         * parser/ParserTokens.h:
1806         * parser/SyntaxChecker.h:
1807         (JSC::SyntaxChecker::createSpreadExpression):
1808
1809 2013-10-16  Mark Lam  <mark.lam@apple.com>
1810
1811         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1812         https://bugs.webkit.org/show_bug.cgi?id=122899.
1813
1814         Reviewed by Michael Saboff.
1815
1816         * jit/JITOpcodes32_64.cpp:
1817         (JSC::JIT::emit_op_tear_off_activation):
1818         (JSC::JIT::emit_op_tear_off_arguments):
1819         * jit/JITStubs.cpp:
1820         * jit/JITStubs.h:
1821
1822 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1823
1824         Remove more of the UNINTERRUPTED_SEQUENCE thing
1825         https://bugs.webkit.org/show_bug.cgi?id=122885
1826
1827         Reviewed by Andreas Kling.
1828
1829         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1830
1831         * jit/JIT.h:
1832         * jit/JITInlines.h:
1833
1834 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1835
1836         Get rid of the StructureStubInfo::patch union
1837         https://bugs.webkit.org/show_bug.cgi?id=122877
1838
1839         Reviewed by Sam Weinig.
1840         
1841         Just simplifying code by getting rid of data structures that ain't used no more.
1842         
1843         Note that I replace the patch union with a patch struct. This means we say things like
1844         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1845         encapsulation makes the code more readable: the patch struct contains just those things
1846         that you need to know to perform patching.
1847
1848         * bytecode/StructureStubInfo.h:
1849         * dfg/DFGJITCompiler.cpp:
1850         (JSC::DFG::JITCompiler::link):
1851         * jit/JIT.cpp:
1852         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1853         * jit/Repatch.cpp:
1854         (JSC::repatchByIdSelfAccess):
1855         (JSC::replaceWithJump):
1856         (JSC::linkRestoreScratch):
1857         (JSC::generateProtoChainAccessStub):
1858         (JSC::tryCacheGetByID):
1859         (JSC::getPolymorphicStructureList):
1860         (JSC::patchJumpToGetByIdStub):
1861         (JSC::tryBuildGetByIDList):
1862         (JSC::emitPutReplaceStub):
1863         (JSC::emitPutTransitionStub):
1864         (JSC::tryCachePutByID):
1865         (JSC::tryBuildPutByIdList):
1866         (JSC::tryRepatchIn):
1867         (JSC::resetGetByID):
1868         (JSC::resetPutByID):
1869         (JSC::resetIn):
1870
1871 2013-10-15  Nadav Rotem  <nrotem@apple.com>
1872
1873         FTL: add support for Int52ToValue and fix putByVal of int52s.
1874         https://bugs.webkit.org/show_bug.cgi?id=122873
1875
1876         Reviewed by Filip Pizlo.
1877
1878         * ftl/FTLCapabilities.cpp:
1879         (JSC::FTL::canCompile):
1880         * ftl/FTLLowerDFGToLLVM.cpp:
1881         (JSC::FTL::LowerDFGToLLVM::compileNode):
1882         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
1883         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1884
1885 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1886
1887         Get rid of the UNINTERRUPTED_SEQUENCE thing
1888         https://bugs.webkit.org/show_bug.cgi?id=122876
1889
1890         Reviewed by Mark Hahnenberg.
1891         
1892         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
1893         
1894         Moreover, we should resist the temptation to bring anything like this back. We don't
1895         want to have inline caches that only work if the assembler lays out code in a specific
1896         predetermined way.
1897
1898         * jit/JIT.h:
1899         * jit/JITCall.cpp:
1900         (JSC::JIT::compileOpCall):
1901         * jit/JITCall32_64.cpp:
1902         (JSC::JIT::compileOpCall):
1903
1904 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1905
1906         Baseline JIT should use the DFG GetById IC
1907         https://bugs.webkit.org/show_bug.cgi?id=122861
1908
1909         Reviewed by Oliver Hunt.
1910         
1911         This mostly just kills a ton of code.
1912         
1913         Note that this doesn't yet do all of the simplifications that can be done, but it does
1914         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
1915
1916         * bytecode/CodeBlock.cpp:
1917         (JSC::CodeBlock::resetStubInternal):
1918         * jit/JIT.cpp:
1919         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1920         * jit/JIT.h:
1921         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
1922         * jit/JITInlines.h:
1923         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1924         (JSC::JIT::callOperation):
1925         * jit/JITPropertyAccess.cpp:
1926         (JSC::JIT::compileGetByIdHotPath):
1927         (JSC::JIT::emitSlow_op_get_by_id):
1928         (JSC::JIT::emitSlow_op_get_from_scope):
1929         * jit/JITPropertyAccess32_64.cpp:
1930         (JSC::JIT::compileGetByIdHotPath):
1931         (JSC::JIT::emitSlow_op_get_by_id):
1932         (JSC::JIT::emitSlow_op_get_from_scope):
1933         * jit/JITStubs.cpp:
1934         * jit/JITStubs.h:
1935         * jit/Repatch.cpp:
1936         (JSC::repatchGetByID):
1937         (JSC::buildGetByIDList):
1938         * jit/ThunkGenerators.cpp:
1939         * jit/ThunkGenerators.h:
1940
1941 2013-10-15  Dean Jackson  <dino@apple.com>
1942
1943         Add ENABLE_WEB_ANIMATIONS flag
1944         https://bugs.webkit.org/show_bug.cgi?id=122871
1945
1946         Reviewed by Tim Horton.
1947
1948         Eventually might be http://dev.w3.org/fxtf/web-animations/
1949         but this is just engine-internal work at the moment.
1950
1951         * Configurations/FeatureDefines.xcconfig:
1952
1953 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1954
1955         [sh4] Some calls don't match sh4 ABI.
1956         https://bugs.webkit.org/show_bug.cgi?id=122863
1957
1958         Reviewed by Michael Saboff.
1959
1960         * dfg/DFGSpeculativeJIT.h:
1961         (JSC::DFG::SpeculativeJIT::callOperation):
1962         * jit/CCallHelpers.h:
1963         (JSC::CCallHelpers::setupArgumentsWithExecState):
1964         * jit/JITInlines.h:
1965         (JSC::JIT::callOperation):
1966
1967 2013-10-15  Daniel Bates  <dabates@apple.com>
1968
1969         [iOS] Upstream JavaScriptCore support for ARM64
1970         https://bugs.webkit.org/show_bug.cgi?id=122762
1971
1972         Reviewed by Oliver Hunt and Filip Pizlo.
1973
1974         * Configurations/Base.xcconfig:
1975         * Configurations/DebugRelease.xcconfig:
1976         * Configurations/JavaScriptCore.xcconfig:
1977         * Configurations/ToolExecutable.xcconfig:
1978         * JavaScriptCore.xcodeproj/project.pbxproj:
1979         * assembler/ARM64Assembler.h: Added.
1980         * assembler/AbstractMacroAssembler.h:
1981         (JSC::isARM64):
1982         (JSC::AbstractMacroAssembler::Label::Label):
1983         (JSC::AbstractMacroAssembler::Jump::Jump):
1984         (JSC::AbstractMacroAssembler::Jump::link):
1985         (JSC::AbstractMacroAssembler::Jump::linkTo):
1986         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
1987         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
1988         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
1989         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
1990         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
1991         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
1992         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
1993         (JSC::AbstractMacroAssembler::isTempRegisterValid):
1994         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
1995         (JSC::AbstractMacroAssembler::setTempRegisterValid):
1996         * assembler/LinkBuffer.cpp:
1997         (JSC::LinkBuffer::copyCompactAndLinkCode):
1998         (JSC::LinkBuffer::linkCode):
1999         * assembler/LinkBuffer.h:
2000         * assembler/MacroAssembler.h:
2001         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
2002         (JSC::MacroAssembler::pushToSave):
2003         (JSC::MacroAssembler::popToRestore):
2004         (JSC::MacroAssembler::patchableBranchTest32):
2005         * assembler/MacroAssemblerARM64.h: Added.
2006         * assembler/MacroAssemblerARMv7.h:
2007         * dfg/DFGFixupPhase.cpp:
2008         (JSC::DFG::FixupPhase::fixupNode):
2009         * dfg/DFGOSRExitCompiler32_64.cpp:
2010         (JSC::DFG::OSRExitCompiler::compileExit):
2011         * dfg/DFGOSRExitCompiler64.cpp:
2012         (JSC::DFG::OSRExitCompiler::compileExit):
2013         * dfg/DFGSpeculativeJIT.cpp:
2014         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2015         (JSC::DFG::SpeculativeJIT::compileArithMod):
2016         * disassembler/ARM64/A64DOpcode.cpp: Added.
2017         * disassembler/ARM64/A64DOpcode.h: Added.
2018         * disassembler/ARM64Disassembler.cpp: Added.
2019         * heap/MachineStackMarker.cpp:
2020         (JSC::getPlatformThreadRegisters):
2021         (JSC::otherThreadStackPointer):
2022         * heap/Region.h:
2023         * jit/AssemblyHelpers.h:
2024         (JSC::AssemblyHelpers::debugCall):
2025         * jit/CCallHelpers.h:
2026         * jit/ExecutableAllocator.h:
2027         * jit/FPRInfo.h:
2028         (JSC::FPRInfo::toRegister):
2029         (JSC::FPRInfo::toIndex):
2030         (JSC::FPRInfo::debugName):
2031         * jit/GPRInfo.h:
2032         (JSC::GPRInfo::toRegister):
2033         (JSC::GPRInfo::toIndex):
2034         (JSC::GPRInfo::debugName):
2035         * jit/JITInlines.h:
2036         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2037         * jit/JITOperationWrappers.h:
2038         * jit/JITOperations.cpp:
2039         * jit/JITStubs.cpp:
2040         (JSC::performPlatformSpecificJITAssertions):
2041         (JSC::tryCachePutByID):
2042         * jit/JITStubs.h:
2043         (JSC::JITStackFrame::returnAddressSlot):
2044         * jit/JITStubsARM64.h: Added.
2045         * jit/JSInterfaceJIT.h:
2046         * jit/Repatch.cpp:
2047         (JSC::emitRestoreScratch):
2048         (JSC::generateProtoChainAccessStub):
2049         (JSC::tryCacheGetByID):
2050         (JSC::emitPutReplaceStub):
2051         (JSC::tryCachePutByID):
2052         (JSC::tryRepatchIn):
2053         * jit/ScratchRegisterAllocator.h:
2054         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2055         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2056         * jit/ThunkGenerators.cpp:
2057         (JSC::nativeForGenerator):
2058         (JSC::floorThunkGenerator):
2059         (JSC::ceilThunkGenerator):
2060         * jsc.cpp:
2061         (main):
2062         * llint/LLIntOfflineAsmConfig.h:
2063         * llint/LLIntSlowPaths.cpp:
2064         (JSC::LLInt::handleHostCall):
2065         * llint/LowLevelInterpreter.asm:
2066         * llint/LowLevelInterpreter64.asm:
2067         * offlineasm/arm.rb:
2068         * offlineasm/arm64.rb: Added.
2069         * offlineasm/backends.rb:
2070         * offlineasm/instructions.rb:
2071         * offlineasm/risc.rb:
2072         * offlineasm/transform.rb:
2073         * yarr/YarrJIT.cpp:
2074         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2075         (JSC::Yarr::YarrGenerator::initCallFrame):
2076         (JSC::Yarr::YarrGenerator::removeCallFrame):
2077         (JSC::Yarr::YarrGenerator::generateEnter):
2078         * yarr/YarrJIT.h:
2079
2080 2013-10-15  Mark Lam  <mark.lam@apple.com>
2081
2082         Fix 3 operand sub operation in C loop LLINT.
2083         https://bugs.webkit.org/show_bug.cgi?id=122866.
2084
2085         Reviewed by Geoffrey Garen.
2086
2087         * offlineasm/cloop.rb:
2088
2089 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2090
2091         ObjCCallbackFunctionImpl shouldn't store a JSContext
2092         https://bugs.webkit.org/show_bug.cgi?id=122531
2093
2094         Reviewed by Geoffrey Garen.
2095
2096         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2097         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2098         by looking using the globalObject of the callee when the function callback is invoked.
2099  
2100         Also added a new test that would cause us to crash previously. The test required making 
2101         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2102         in C API callbacks.
2103
2104         * API/JSContextRef.h:
2105         * API/JSContextRefPrivate.h:
2106         * API/ObjCCallbackFunction.mm:
2107         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2108         (JSC::objCCallbackFunctionCallAsFunction):
2109         (objCCallbackFunctionForInvocation):
2110         * API/WebKitAvailability.h:
2111         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2112         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2113         (CallAsConstructor):
2114         (ConstructorFinalize):
2115         (ConstructorClass):
2116         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2117         (-[JSContext valueWithConstructorDescriptor:]):
2118         (currentThisInsideBlockGetterTest):
2119         * API/tests/testapi.mm:
2120         * JavaScriptCore.xcodeproj/project.pbxproj:
2121         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2122
2123 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2124
2125         Fix build after r157457 for architecture with 4 argument registers.
2126         https://bugs.webkit.org/show_bug.cgi?id=122860
2127
2128         Reviewed by Michael Saboff.
2129
2130         * jit/CCallHelpers.h:
2131         (JSC::CCallHelpers::setupStubArguments134):
2132
2133 2013-10-14  Michael Saboff  <msaboff@apple.com>
2134
2135         transition void cti_op_* methods to JIT operations.
2136         https://bugs.webkit.org/show_bug.cgi?id=122617
2137
2138         Reviewed by Geoffrey Garen.
2139
2140         Converted the follow stubs to JIT operations:
2141             cti_handle_watchdog_timer
2142             cti_op_debug
2143             cti_op_pop_scope
2144             cti_op_profile_did_call
2145             cti_op_profile_will_call
2146             cti_op_put_by_index
2147             cti_op_put_getter_setter
2148             cti_op_tear_off_activation
2149             cti_op_tear_off_arguments
2150             cti_op_throw_static_error
2151             cti_optimize
2152
2153         * dfg/DFGOperations.cpp:
2154         * dfg/DFGOperations.h:
2155         * jit/CCallHelpers.h:
2156         (JSC::CCallHelpers::setupArgumentsWithExecState):
2157         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2158         (JSC::CCallHelpers::setupStubArguments):
2159         (JSC::CCallHelpers::setupStubArguments134):
2160         * jit/JIT.cpp:
2161         (JSC::JIT::emitEnterOptimizationCheck):
2162         * jit/JIT.h:
2163         * jit/JITInlines.h:
2164         (JSC::JIT::callOperation):
2165         * jit/JITOpcodes.cpp:
2166         (JSC::JIT::emit_op_tear_off_activation):
2167         (JSC::JIT::emit_op_tear_off_arguments):
2168         (JSC::JIT::emit_op_push_with_scope):
2169         (JSC::JIT::emit_op_pop_scope):
2170         (JSC::JIT::emit_op_push_name_scope):
2171         (JSC::JIT::emit_op_throw_static_error):
2172         (JSC::JIT::emit_op_debug):
2173         (JSC::JIT::emit_op_profile_will_call):
2174         (JSC::JIT::emit_op_profile_did_call):
2175         (JSC::JIT::emitSlow_op_loop_hint):
2176         * jit/JITOpcodes32_64.cpp:
2177         (JSC::JIT::emit_op_push_with_scope):
2178         (JSC::JIT::emit_op_pop_scope):
2179         (JSC::JIT::emit_op_push_name_scope):
2180         (JSC::JIT::emit_op_throw_static_error):
2181         (JSC::JIT::emit_op_debug):
2182         (JSC::JIT::emit_op_profile_will_call):
2183         (JSC::JIT::emit_op_profile_did_call):
2184         * jit/JITOperations.cpp:
2185         * jit/JITOperations.h:
2186         * jit/JITPropertyAccess.cpp:
2187         (JSC::JIT::emit_op_put_by_index):
2188         (JSC::JIT::emit_op_put_getter_setter):
2189         * jit/JITPropertyAccess32_64.cpp:
2190         (JSC::JIT::emit_op_put_by_index):
2191         (JSC::JIT::emit_op_put_getter_setter):
2192         * jit/JITStubs.cpp:
2193         * jit/JITStubs.h:
2194
2195 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2196
2197         [sh4] Introduce const pools in LLINT.
2198         https://bugs.webkit.org/show_bug.cgi?id=122746
2199
2200         Reviewed by Michael Saboff.
2201
2202         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2203         loaded this way:
2204
2205             mov.l .label, rx
2206             bra out
2207             nop
2208             .balign 4
2209             .label: .long immvalue
2210             out:
2211
2212         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2213         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2214
2215         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2216         * offlineasm/sh4.rb:
2217
2218 2013-10-15  Mark Lam  <mark.lam@apple.com>
2219
2220         Fix broken C Loop LLINT build.
2221         https://bugs.webkit.org/show_bug.cgi?id=122839.
2222
2223         Reviewed by Michael Saboff.
2224
2225         * dfg/DFGFlushedAt.cpp:
2226         * jit/JITOperations.h:
2227
2228 2013-10-14  Mark Lam  <mark.lam@apple.com>
2229
2230         Transition *switch* and *scope* JITStubs to JIT operations.
2231         https://bugs.webkit.org/show_bug.cgi?id=122757.
2232
2233         Reviewed by Geoffrey Garen.
2234
2235         Transitioning:
2236             cti_op_switch_char
2237             cti_op_switch_imm
2238             cti_op_switch_string
2239             cti_op_resolve_scope
2240             cti_op_get_from_scope
2241             cti_op_put_to_scope
2242
2243         * jit/JIT.h:
2244         * jit/JITInlines.h:
2245         (JSC::JIT::callOperation):
2246         * jit/JITOpcodes.cpp:
2247         (JSC::JIT::emit_op_switch_imm):
2248         (JSC::JIT::emit_op_switch_char):
2249         (JSC::JIT::emit_op_switch_string):
2250         * jit/JITOpcodes32_64.cpp:
2251         (JSC::JIT::emit_op_switch_imm):
2252         (JSC::JIT::emit_op_switch_char):
2253         (JSC::JIT::emit_op_switch_string):
2254         * jit/JITOperations.cpp:
2255         * jit/JITOperations.h:
2256         * jit/JITPropertyAccess.cpp:
2257         (JSC::JIT::emitSlow_op_resolve_scope):
2258         (JSC::JIT::emitSlow_op_get_from_scope):
2259         (JSC::JIT::emitSlow_op_put_to_scope):
2260         * jit/JITPropertyAccess32_64.cpp:
2261         (JSC::JIT::emitSlow_op_resolve_scope):
2262         (JSC::JIT::emitSlow_op_get_from_scope):
2263         (JSC::JIT::emitSlow_op_put_to_scope):
2264         * jit/JITStubs.cpp:
2265         * jit/JITStubs.h:
2266
2267 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2268
2269         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2270         https://bugs.webkit.org/show_bug.cgi?id=122786
2271
2272         Reviewed by Mark Hahnenberg.
2273
2274         * bytecode/CodeBlock.cpp:
2275         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2276         * jit/Repatch.cpp:
2277         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2278         (JSC::buildPutByIdList): Ditto.
2279
2280 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2281
2282         Add FTL support for LogicalNot(string)
2283         https://bugs.webkit.org/show_bug.cgi?id=122765
2284
2285         Reviewed by Filip Pizlo.
2286
2287         This patch is tested by:
2288         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2289
2290         * ftl/FTLCapabilities.cpp:
2291         (JSC::FTL::canCompile):
2292         * ftl/FTLLowerDFGToLLVM.cpp:
2293         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2294
2295 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2296
2297         [sh4] Fixes after r157404 and r157411.
2298         https://bugs.webkit.org/show_bug.cgi?id=122782
2299
2300         Reviewed by Michael Saboff.
2301
2302         * dfg/DFGSpeculativeJIT.h:
2303         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2304         * jit/CCallHelpers.h:
2305         (JSC::CCallHelpers::setupArgumentsWithExecState):
2306         * jit/JITInlines.h:
2307         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2308         * jit/JITPropertyAccess32_64.cpp:
2309         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2310
2311 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2312
2313         Unreviewed, rolling out r157413.
2314         http://trac.webkit.org/changeset/157413
2315         https://bugs.webkit.org/show_bug.cgi?id=122779
2316
2317         Appears to have caused frequent crashes (Requested by ap on
2318         #webkit).
2319
2320         * CMakeLists.txt:
2321         * GNUmakefile.list.am:
2322         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2323         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2324         * JavaScriptCore.xcodeproj/project.pbxproj:
2325         * heap/DeferGC.cpp: Removed.
2326         * heap/DeferGC.h:
2327         * jit/JITStubs.cpp:
2328         (JSC::tryCacheGetByID):
2329         (JSC::DEFINE_STUB_FUNCTION):
2330         * llint/LLIntSlowPaths.cpp:
2331         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2332         * runtime/ConcurrentJITLock.h:
2333         * runtime/InitializeThreading.cpp:
2334         (JSC::initializeThreadingOnce):
2335         * runtime/JSCellInlines.h:
2336         (JSC::allocateCell):
2337         * runtime/Structure.cpp:
2338         (JSC::Structure::materializePropertyMap):
2339         (JSC::Structure::putSpecificValue):
2340         (JSC::Structure::createPropertyMap):
2341         * runtime/Structure.h:
2342
2343 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2344
2345         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2346         https://bugs.webkit.org/show_bug.cgi?id=122652
2347
2348         Reviewed by Filip Pizlo.
2349
2350         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2351         so we would end up ASSERTing during garbage collection.
2352
2353         * heap/MarkedAllocator.cpp:
2354         (JSC::MarkedAllocator::allocateSlowCase):
2355
2356 2013-10-11  Oliver Hunt  <oliver@apple.com>
2357
2358         Separate out array iteration intrinsics
2359         https://bugs.webkit.org/show_bug.cgi?id=122656
2360
2361         Reviewed by Michael Saboff.
2362
2363         Separate out the intrinsics for key and values iteration
2364         of arrays.
2365
2366         This requires moving moving array iteration into the iterator
2367         instance, rather than the prototype, but this is essentially
2368         unobservable so we'll live with it for now.
2369
2370         * jit/ThunkGenerators.cpp:
2371         (JSC::arrayIteratorNextThunkGenerator):
2372         (JSC::arrayIteratorNextKeyThunkGenerator):
2373         (JSC::arrayIteratorNextValueThunkGenerator):
2374         * jit/ThunkGenerators.h:
2375         * runtime/ArrayIteratorPrototype.cpp:
2376         (JSC::ArrayIteratorPrototype::finishCreation):
2377         * runtime/Intrinsic.h:
2378         * runtime/JSArrayIterator.cpp:
2379         (JSC::JSArrayIterator::finishCreation):
2380         (JSC::createIteratorResult):
2381         (JSC::arrayIteratorNext):
2382         (JSC::arrayIteratorNextKey):
2383         (JSC::arrayIteratorNextValue):
2384         (JSC::arrayIteratorNextGeneric):
2385         * runtime/VM.cpp:
2386         (JSC::thunkGeneratorForIntrinsic):
2387
2388 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2389
2390         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2391         https://bugs.webkit.org/show_bug.cgi?id=122667
2392
2393         Reviewed by Filip Pizlo.
2394
2395         The issue this patch is attempting to fix is that there are places in our codebase
2396         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2397         operations that can initiate a garbage collection. Garbage collection then calls 
2398         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2399         always necessarily run during garbage collection). This causes a deadlock.
2400
2401         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2402         into a thread-local field that indicates that it is unsafe to perform any operation 
2403         that could trigger garbage collection on the current thread. In debug builds, 
2404         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2405         detect deadlocks.
2406
2407         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2408         which uses the DeferGC mechanism to prevent collections from occurring while the 
2409         lock is held.
2410
2411         * CMakeLists.txt:
2412         * GNUmakefile.list.am:
2413         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2414         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2415         * JavaScriptCore.xcodeproj/project.pbxproj:
2416         * heap/DeferGC.cpp: Added.
2417         * heap/DeferGC.h:
2418         (JSC::DisallowGC::DisallowGC):
2419         (JSC::DisallowGC::~DisallowGC):
2420         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2421         (JSC::DisallowGC::initialize):
2422         * jit/JITStubs.cpp:
2423         (JSC::tryCachePutByID):
2424         (JSC::tryCacheGetByID):
2425         (JSC::DEFINE_STUB_FUNCTION):
2426         * llint/LLIntSlowPaths.cpp:
2427         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2428         * runtime/ConcurrentJITLock.h:
2429         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2430         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2431         (JSC::ConcurrentJITLockerBase::unlockEarly):
2432         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2433         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2434         * runtime/InitializeThreading.cpp:
2435         (JSC::initializeThreadingOnce):
2436         * runtime/JSCellInlines.h:
2437         (JSC::allocateCell):
2438         * runtime/Structure.cpp:
2439         (JSC::Structure::materializePropertyMap):
2440         (JSC::Structure::putSpecificValue):
2441         (JSC::Structure::createPropertyMap):
2442         * runtime/Structure.h:
2443
2444 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2445
2446         Baseline JIT should use the DFG's PutById IC
2447         https://bugs.webkit.org/show_bug.cgi?id=122704
2448
2449         Reviewed by Mark Hahnenberg.
2450         
2451         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2452         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2453         
2454         The only complicated part was that the PutById operations assumed that we first did a
2455         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2456         slow paths to deal with EncodedJSValue's.
2457
2458         * bytecode/CodeBlock.cpp:
2459         (JSC::CodeBlock::resetStubInternal):
2460         * bytecode/PutByIdStatus.cpp:
2461         (JSC::PutByIdStatus::computeFor):
2462         * dfg/DFGSpeculativeJIT.h:
2463         (JSC::DFG::SpeculativeJIT::callOperation):
2464         * dfg/DFGSpeculativeJIT32_64.cpp:
2465         (JSC::DFG::SpeculativeJIT::cachedPutById):
2466         * dfg/DFGSpeculativeJIT64.cpp:
2467         (JSC::DFG::SpeculativeJIT::cachedPutById):
2468         * jit/CCallHelpers.h:
2469         (JSC::CCallHelpers::setupArgumentsWithExecState):
2470         * jit/JIT.cpp:
2471         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2472         * jit/JIT.h:
2473         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2474         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2475         * jit/JITInlines.h:
2476         (JSC::JIT::callOperation):
2477         * jit/JITOperationWrappers.h:
2478         * jit/JITOperations.cpp:
2479         * jit/JITOperations.h:
2480         * jit/JITPropertyAccess.cpp:
2481         (JSC::JIT::compileGetByIdHotPath):
2482         (JSC::JIT::compileGetByIdSlowCase):
2483         (JSC::JIT::emit_op_put_by_id):
2484         (JSC::JIT::emitSlow_op_put_by_id):
2485         * jit/JITPropertyAccess32_64.cpp:
2486         (JSC::JIT::compileGetByIdSlowCase):
2487         (JSC::JIT::emit_op_put_by_id):
2488         (JSC::JIT::emitSlow_op_put_by_id):
2489         * jit/JITStubs.cpp:
2490         * jit/JITStubs.h:
2491         * jit/Repatch.cpp:
2492         (JSC::appropriateGenericPutByIdFunction):
2493         (JSC::appropriateListBuildingPutByIdFunction):
2494         (JSC::resetPutByID):
2495
2496 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2497
2498         FTL should have an inefficient but correct implementation of GetById
2499         https://bugs.webkit.org/show_bug.cgi?id=122740
2500
2501         Reviewed by Mark Hahnenberg.
2502         
2503         It took some effort to realize that the node->prediction() check in the DFG backends
2504         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2505         if !prediction.
2506         
2507         But other than that this was an easy patch.
2508
2509         * dfg/DFGByteCodeParser.cpp:
2510         (JSC::DFG::ByteCodeParser::handleGetById):
2511         * dfg/DFGSpeculativeJIT32_64.cpp:
2512         (JSC::DFG::SpeculativeJIT::compile):
2513         * dfg/DFGSpeculativeJIT64.cpp:
2514         (JSC::DFG::SpeculativeJIT::compile):
2515         * ftl/FTLCapabilities.cpp:
2516         (JSC::FTL::canCompile):
2517         * ftl/FTLIntrinsicRepository.h:
2518         * ftl/FTLLowerDFGToLLVM.cpp:
2519         (JSC::FTL::LowerDFGToLLVM::compileNode):
2520         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2521
2522 2013-10-13  Mark Lam  <mark.lam@apple.com>
2523
2524         Transition misc cti_op_* JITStubs to JIT operations.
2525         https://bugs.webkit.org/show_bug.cgi?id=122645.
2526
2527         Reviewed by Michael Saboff.
2528
2529         Stubs converted:
2530             cti_op_check_has_instance
2531             cti_op_create_arguments
2532             cti_op_del_by_id
2533             cti_op_instanceof
2534             cti_to_object
2535             cti_op_push_activation
2536             cti_op_get_pnames
2537             cti_op_load_varargs
2538
2539         * dfg/DFGOperations.cpp:
2540         * dfg/DFGOperations.h:
2541         * jit/CCallHelpers.h:
2542         (JSC::CCallHelpers::setupArgumentsWithExecState):
2543         * jit/JIT.h:
2544         (JSC::JIT::emitStoreCell):
2545         * jit/JITCall.cpp:
2546         (JSC::JIT::compileLoadVarargs):
2547         * jit/JITCall32_64.cpp:
2548         (JSC::JIT::compileLoadVarargs):
2549         * jit/JITInlines.h:
2550         (JSC::JIT::callOperation):
2551         * jit/JITOpcodes.cpp:
2552         (JSC::JIT::emit_op_get_pnames):
2553         (JSC::JIT::emit_op_create_activation):
2554         (JSC::JIT::emit_op_create_arguments):
2555         (JSC::JIT::emitSlow_op_check_has_instance):
2556         (JSC::JIT::emitSlow_op_instanceof):
2557         (JSC::JIT::emitSlow_op_get_argument_by_val):
2558         * jit/JITOpcodes32_64.cpp:
2559         (JSC::JIT::emitSlow_op_check_has_instance):
2560         (JSC::JIT::emitSlow_op_instanceof):
2561         (JSC::JIT::emit_op_get_pnames):
2562         (JSC::JIT::emit_op_create_activation):
2563         (JSC::JIT::emit_op_create_arguments):
2564         (JSC::JIT::emitSlow_op_get_argument_by_val):
2565         * jit/JITOperations.cpp:
2566         * jit/JITOperations.h:
2567         * jit/JITPropertyAccess.cpp:
2568         (JSC::JIT::emit_op_del_by_id):
2569         * jit/JITPropertyAccess32_64.cpp:
2570         (JSC::JIT::emit_op_del_by_id):
2571         * jit/JITStubs.cpp:
2572         * jit/JITStubs.h:
2573
2574 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2575
2576         FTL OSR exit should perform zero extension on values smaller than 64-bit
2577         https://bugs.webkit.org/show_bug.cgi?id=122688
2578
2579         Reviewed by Gavin Barraclough.
2580         
2581         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2582         register will have zeros on the high bits.  In the few cases where the high bits are
2583         non-zero, the DFG sort of tells us this explicitly.
2584
2585         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2586         emit LLVM IR like:
2587
2588             %2 = trunc i64 %1 to i32
2589             stuff %2
2590             call @llvm.webkit.stackmap(...., %2)
2591
2592         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2593         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2594         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2595         from before truncation, and that register may have garbage in the high bits.
2596
2597         This means that on our end, if we want a 32-bit value and we want that value to be
2598         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2599         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2600         end.
2601         
2602         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2603
2604         * ftl/FTLOSRExitCompiler.cpp:
2605         (JSC::FTL::compileStubWithOSRExitStackmap):
2606         * ftl/FTLValueFormat.cpp:
2607         (JSC::FTL::reboxAccordingToFormat):
2608
2609 == Rolled over to ChangeLog-2013-10-13 ==