FTL should be able to do some simple inline caches using LLVM patchpoints
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
2
3         FTL should be able to do some simple inline caches using LLVM patchpoints
4         https://bugs.webkit.org/show_bug.cgi?id=123164
5
6         Reviewed by Mark Hahnenberg.
7         
8         This implements GetById inline caches in the FTL using llvm.webkit.patchpoint.
9         
10         The idea is that we ask LLVM for a nop slide the size of a GetById inline
11         cache and then fill in the code after LLVM compilation is complete. For now, we
12         just use the system calling convention for the arguments and return. We also
13         still make some assumptions about registers that aren't correct. But, most of
14         the scaffolding is there and this will successfully patch an inline cache.
15
16         * JavaScriptCore.xcodeproj/project.pbxproj:
17         * assembler/AbstractMacroAssembler.h:
18         * assembler/LinkBuffer.cpp:
19         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
20         (JSC::LinkBuffer::linkCode):
21         (JSC::LinkBuffer::allocate):
22         * assembler/LinkBuffer.h:
23         (JSC::LinkBuffer::LinkBuffer):
24         (JSC::LinkBuffer::link):
25         * ftl/FTLAbbreviations.h:
26         (JSC::FTL::constNull):
27         (JSC::FTL::buildCall):
28         * ftl/FTLCapabilities.cpp:
29         (JSC::FTL::canCompile):
30         * ftl/FTLCompile.cpp:
31         (JSC::FTL::fixFunctionBasedOnStackMaps):
32         * ftl/FTLInlineCacheDescriptor.h: Added.
33         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
34         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
35         (JSC::FTL::GetByIdDescriptor::stackmapID):
36         (JSC::FTL::GetByIdDescriptor::codeOrigin):
37         (JSC::FTL::GetByIdDescriptor::uid):
38         * ftl/FTLInlineCacheSize.cpp: Added.
39         (JSC::FTL::sizeOfGetById):
40         (JSC::FTL::sizeOfPutById):
41         * ftl/FTLInlineCacheSize.h: Added.
42         * ftl/FTLIntrinsicRepository.h:
43         * ftl/FTLJITFinalizer.cpp:
44         (JSC::FTL::JITFinalizer::finalizeFunction):
45         * ftl/FTLJITFinalizer.h:
46         * ftl/FTLLocation.cpp:
47         (JSC::FTL::Location::directGPR):
48         * ftl/FTLLocation.h:
49         * ftl/FTLLowerDFGToLLVM.cpp:
50         (JSC::FTL::LowerDFGToLLVM::compileGetById):
51         * ftl/FTLOutput.h:
52         (JSC::FTL::Output::call):
53         * ftl/FTLSlowPathCall.cpp: Added.
54         (JSC::FTL::callOperation):
55         * ftl/FTLSlowPathCall.h: Added.
56         (JSC::FTL::SlowPathCall::SlowPathCall):
57         (JSC::FTL::SlowPathCall::call):
58         (JSC::FTL::SlowPathCall::key):
59         * ftl/FTLSlowPathCallKey.cpp: Added.
60         (JSC::FTL::SlowPathCallKey::dump):
61         * ftl/FTLSlowPathCallKey.h: Added.
62         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
63         (JSC::FTL::SlowPathCallKey::usedRegisters):
64         (JSC::FTL::SlowPathCallKey::callTarget):
65         (JSC::FTL::SlowPathCallKey::offset):
66         (JSC::FTL::SlowPathCallKey::isEmptyValue):
67         (JSC::FTL::SlowPathCallKey::isDeletedValue):
68         (JSC::FTL::SlowPathCallKey::operator==):
69         (JSC::FTL::SlowPathCallKey::hash):
70         (JSC::FTL::SlowPathCallKeyHash::hash):
71         (JSC::FTL::SlowPathCallKeyHash::equal):
72         * ftl/FTLStackMaps.cpp:
73         (JSC::FTL::StackMaps::Location::directGPR):
74         * ftl/FTLStackMaps.h:
75         * ftl/FTLState.h:
76         * ftl/FTLThunks.cpp:
77         (JSC::FTL::slowPathCallThunkGenerator):
78         * ftl/FTLThunks.h:
79         (JSC::FTL::Thunks::getSlowPathCallThunk):
80         * jit/CCallHelpers.h:
81         (JSC::CCallHelpers::setupArguments):
82         * jit/GPRInfo.h:
83         * jit/JITInlineCacheGenerator.cpp:
84         (JSC::garbageStubInfo):
85         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
86         (JSC::JITByIdGenerator::finalize):
87         * jit/JITInlineCacheGenerator.h:
88         (JSC::JITByIdGenerator::slowPathBegin):
89         * jit/RegisterSet.cpp:
90         (JSC::RegisterSet::stackRegisters):
91         (JSC::RegisterSet::specialRegisters):
92         (JSC::RegisterSet::calleeSaveRegisters):
93         (JSC::RegisterSet::allGPRs):
94         (JSC::RegisterSet::allFPRs):
95         (JSC::RegisterSet::allRegisters):
96         (JSC::RegisterSet::dump):
97         * jit/RegisterSet.h:
98         (JSC::RegisterSet::exclude):
99         (JSC::RegisterSet::numberOfSetRegisters):
100         (JSC::RegisterSet::RegisterSet):
101         (JSC::RegisterSet::isEmptyValue):
102         (JSC::RegisterSet::isDeletedValue):
103         (JSC::RegisterSet::operator==):
104         (JSC::RegisterSet::hash):
105         (JSC::RegisterSetHash::hash):
106         (JSC::RegisterSetHash::equal):
107         * runtime/Options.h:
108
109 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
110
111         jitCompileAndSetHeuristics should DeferGCForAWhile
112         https://bugs.webkit.org/show_bug.cgi?id=123196
113
114         Reviewed by Mark Hahnenberg.
115         
116         This fixes random crashes in V8v7/raytrace. I only see those crashes on exactly one of
117         my machines. I don't think this is testable; we just need to steadily converge towards
118         getting our uses of DeferGC to be right and then be careful not to regress. We're not
119         there yet, obviously.
120         
121         * llint/LLIntSlowPaths.cpp:
122         (JSC::LLInt::jitCompileAndSetHeuristics):
123
124 2013-10-23  Daniel Bates  <dabates@apple.com>
125
126         [iOS] Upstream more JavaScriptCore build configuration changes
127         https://bugs.webkit.org/show_bug.cgi?id=123169
128
129         Reviewed by David Kilzer.
130
131         * Configurations/Base.xcconfig:
132         * Configurations/Version.xcconfig:
133         * Configurations/iOS.xcconfig: Added.
134         * JavaScriptCore.xcodeproj/project.pbxproj:
135
136 2013-10-23  Daniel Bates  <dabates@apple.com>
137
138         [iOS] Export DefaultGCActivityCallback member functions
139         https://bugs.webkit.org/show_bug.cgi?id=123175
140
141         Reviewed by David Kilzer.
142
143         * runtime/GCActivityCallback.h:
144
145 2013-10-23  Daniel Bates  <dabates@apple.com>
146
147         [iOS] Upstream more ARMv7s bits
148         https://bugs.webkit.org/show_bug.cgi?id=123052
149
150         Reviewed by Joseph Pecoraro.
151
152         * Configurations/JavaScriptCore.xcconfig:
153
154 2013-10-22  Andreas Kling  <akling@apple.com>
155
156         Minor VM* -> VM& cleanups in HashTable and Keywords.
157         <https://webkit.org/b/123183>
158
159         Turn some VM* variables that will never be null into VM&.
160
161         Reviewed by Geoffrey Garen.
162
163 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
164
165         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
166         https://bugs.webkit.org/show_bug.cgi?id=123179
167
168         Reviewed by Mark Hahnenberg.
169
170         * parser/NodeConstructors.h:
171         (JSC::LogicalOpNode::LogicalOpNode):
172         * parser/ResultType.h:
173         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
174         This is JavaScript (aka Sparta).
175
176 2013-10-22  Commit Queue  <commit-queue@webkit.org>
177
178         Unreviewed, rolling out r157819.
179         http://trac.webkit.org/changeset/157819
180         https://bugs.webkit.org/show_bug.cgi?id=123180
181
182         Broke 32-bit builds (Requested by smfr on #webkit).
183
184         * Configurations/JavaScriptCore.xcconfig:
185         * Configurations/ToolExecutable.xcconfig:
186
187 2013-10-22  Daniel Bates  <dabates@apple.com>
188
189         [iOS] Upstream more ARMv7s bits
190         https://bugs.webkit.org/show_bug.cgi?id=123052
191
192         Reviewed by Joseph Pecoraro.
193
194         * Configurations/JavaScriptCore.xcconfig:
195         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
196         modifying a file in JavaScriptCore/Configurations.
197
198 2013-10-22  Daniel Bates  <dabates@apple.com>
199
200         [iOS] Upstream JSLock changes
201         https://bugs.webkit.org/show_bug.cgi?id=123107
202
203         Reviewed by Geoffrey Garen.
204
205         * runtime/JSLock.cpp:
206         (JSC::JSLock::unlock):
207         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
208         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
209         use pre-increment instead of post-increment when we're not using the return value of the instruction.
210         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
211         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
212         since we don't use the return value of such instructions.
213         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
214         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
215         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
216         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
217         the argument is sufficiently descriptive of its purpose.
218
219 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
220
221         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
222         https://bugs.webkit.org/show_bug.cgi?id=123166
223
224         Reviewed by Michael Saboff.
225
226         * jit/CCallHelpers.h:
227         (JSC::CCallHelpers::setupArgumentsWithExecState):
228
229 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
230
231         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
232         https://bugs.webkit.org/show_bug.cgi?id=123165
233
234         Reviewed by Michael Saboff.
235
236         * jit/JITInlines.h:
237         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
238         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
239         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
240         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
241
242 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
243
244         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
245         https://bugs.webkit.org/show_bug.cgi?id=123092
246
247         Reviewed by Michael Saboff.
248
249         Impacted architectures are SH4 and ARM_TRADITIONAL.
250
251         * assembler/ARMAssembler.h:
252         (JSC::ARMAssembler::buffer):
253         * assembler/AssemblerBufferWithConstantPool.h:
254         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
255         * assembler/LinkBuffer.cpp:
256         (JSC::LinkBuffer::linkCode):
257         * assembler/SH4Assembler.h:
258         (JSC::SH4Assembler::buffer):
259
260 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
261
262         Remove unused stuff in JIT stubs.
263         https://bugs.webkit.org/show_bug.cgi?id=123155
264
265         Reviewed by Michael Saboff.
266
267         * jit/JITStubs.h:
268         * jit/JITStubsARM.h:
269         (JSC::ctiTrampoline):
270         * jit/JITStubsARM64.h:
271         * jit/JITStubsARMv7.h:
272         * jit/JITStubsMIPS.h:
273         * jit/JITStubsSH4.h:
274         * jit/JITStubsX86.h:
275         * jit/JITStubsX86_64.h:
276
277 2013-10-22  Daniel Bates  <dabates@apple.com>
278
279         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
280         https://bugs.webkit.org/show_bug.cgi?id=123115
281         <rdar://problem/13696872>
282
283         Reviewed by Andy Estes.
284
285         Based on a patch by Mark Hahnenberg.
286
287         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
288
289         * API/JSBase.cpp:
290
291 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
292
293         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
294         https://bugs.webkit.org/show_bug.cgi?id=123157
295
296         Reviewed by Andreas Kling.
297
298         * assembler/SH4Assembler.h:
299         (JSC::SH4Assembler::lastRegister):
300         (JSC::SH4Assembler::firstFPRegister):
301         (JSC::SH4Assembler::lastFPRegister):
302
303 2013-10-22  Brian Holt  <brian.holt@samsung.com>
304
305         Build break on ARMv7 after r157209
306         https://bugs.webkit.org/show_bug.cgi?id=122890
307
308         Reviewed by Csaba Osztrogon√°c.
309
310         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
311
312         * assembler/ARMAssembler.h:
313         * assembler/MacroAssemblerARM.h:
314         (JSC::MacroAssemblerARM::firstRegister):
315         (JSC::MacroAssemblerARM::lastRegister):
316         (JSC::MacroAssemblerARM::firstFPRegister):
317         (JSC::MacroAssemblerARM::lastFPRegister):
318
319 2013-10-21  Daniel Bates  <dabates@apple.com>
320
321         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
322         https://bugs.webkit.org/show_bug.cgi?id=123045
323
324         Reviewed by Joseph Pecoraro.
325
326         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
327         to global method table.
328         * runtime/JSGlobalObject.cpp: Ditto.
329         * runtime/JSGlobalObject.h:
330         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
331
332 2013-10-21  Daniel Bates  <dabates@apple.com>
333
334         [iOS] Upstream JSC Objective-C API compiler warning fixes
335         https://bugs.webkit.org/show_bug.cgi?id=123125
336
337         Reviewed by Mark Hahnenberg.
338
339         Based on a patch by Mark Hahnenberg.
340
341         * API/JSValue.mm:
342         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
343         (-[JSValue toSize]): Ditto.
344         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
345
346 2013-10-21  Daniel Bates  <dabates@apple.com>
347
348         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
349         available since iOS 7.0
350         https://bugs.webkit.org/show_bug.cgi?id=123122
351
352         Reviewed by Dan Bernstein.
353
354         * API/JSContext.h:
355         * API/JSManagedValue.h:
356         * API/JSValue.h:
357         * API/JSVirtualMachine.h:
358
359 2013-10-20  Mark Lam  <mark.lam@apple.com>
360
361         Avoid JSC debugger overhead unless needed.
362         https://bugs.webkit.org/show_bug.cgi?id=123084.
363
364         Reviewed by Geoffrey Garen.
365
366         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
367         - If no break on exception is set, we also avoid exception event debug callbacks.
368         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
369           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
370           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
371           returning, the ScriptDebugServer will clear its m_currentCallFrame if
372           needsOpDebugCallbacks() is false.
373
374         * debugger/Debugger.cpp:
375         (JSC::Debugger::Debugger):
376         (JSC::Debugger::setNeedsExceptionCallbacks):
377         (JSC::Debugger::setShouldPause):
378         (JSC::Debugger::updateNumberOfBreakpoints):
379         (JSC::Debugger::updateNeedForOpDebugCallbacks):
380         * debugger/Debugger.h:
381         * interpreter/Interpreter.cpp:
382         (JSC::Interpreter::unwind):
383         (JSC::Interpreter::debug):
384         * jit/JITOpcodes.cpp:
385         (JSC::JIT::emit_op_debug):
386         * jit/JITOpcodes32_64.cpp:
387         (JSC::JIT::emit_op_debug):
388         * llint/LLIntOffsetsExtractor.cpp:
389         * llint/LowLevelInterpreter.asm:
390
391 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
392
393         [WIN] Unreviewed build correction.
394
395         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
396           sources, not header files.
397         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
398
399 2013-10-21  Oliver Hunt  <oliver@apple.com>
400
401         Support computed property names in object literals
402         https://bugs.webkit.org/show_bug.cgi?id=123112
403
404         Reviewed by Michael Saboff.
405
406         Add support for computed property names to the parser.
407
408         * bytecompiler/NodesCodegen.cpp:
409         (JSC::PropertyListNode::emitBytecode):
410         * parser/ASTBuilder.h:
411         (JSC::ASTBuilder::createProperty):
412         (JSC::ASTBuilder::getName):
413         * parser/NodeConstructors.h:
414         (JSC::PropertyNode::PropertyNode):
415         * parser/Nodes.h:
416         (JSC::PropertyNode::expressionName):
417         (JSC::PropertyNode::name):
418         * parser/Parser.cpp:
419         (JSC::::parseProperty):
420         (JSC::::parseStrictObjectLiteral):
421         * parser/SyntaxChecker.h:
422         (JSC::SyntaxChecker::Property::Property):
423         (JSC::SyntaxChecker::createProperty):
424         (JSC::SyntaxChecker::operatorStackPop):
425
426 2013-10-21  Michael Saboff  <msaboff@apple.com>
427
428         Add option so that JSC will crash if it can't allocate executable memory for the JITs
429         https://bugs.webkit.org/show_bug.cgi?id=123048
430         <rdar://problem/12856193>
431
432         Reviewed by Geoffrey Garen.
433
434         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
435         when checking the validity of the executable allocator. The default value for this option is
436         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
437         the app can obtain executable memory.
438
439         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
440         (main):
441         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
442         * runtime/VM.cpp:
443         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
444         is enabled.
445
446 2013-10-21  Nadav Rotem  <nrotem@apple.com>
447
448         Remove AllInOneFile.cpp
449         https://bugs.webkit.org/show_bug.cgi?id=123055
450
451         Reviewed by Csaba Osztrogon√°c.
452
453         * AllInOneFile.cpp: Removed.
454
455 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
456
457         Unreviewed, cleanup a FIXME comment.
458
459         * jit/Repatch.cpp:
460
461 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
462
463         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
464         https://bugs.webkit.org/show_bug.cgi?id=123076
465
466         Reviewed by Sam Weinig.
467         
468         Start preparing for a world in which we are patching code generated by LLVM, which may have
469         very different register usage conventions than our JITs. This requires us being more explicit
470         about the registers we are using. For example, the repatching code shouldn't take for granted
471         that tagMaskRegister holds the TagMask or that the register is even in use.
472
473         * CMakeLists.txt:
474         * GNUmakefile.list.am:
475         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
476         * JavaScriptCore.xcodeproj/project.pbxproj:
477         * assembler/MacroAssembler.h:
478         (JSC::MacroAssembler::numberOfRegisters):
479         (JSC::MacroAssembler::registerIndex):
480         (JSC::MacroAssembler::numberOfFPRegisters):
481         (JSC::MacroAssembler::fpRegisterIndex):
482         (JSC::MacroAssembler::totalNumberOfRegisters):
483         * bytecode/StructureStubInfo.h:
484         * dfg/DFGSpeculativeJIT.cpp:
485         (JSC::DFG::SpeculativeJIT::usedRegisters):
486         * dfg/DFGSpeculativeJIT.h:
487         * ftl/FTLSaveRestore.cpp:
488         (JSC::FTL::bytesForGPRs):
489         (JSC::FTL::bytesForFPRs):
490         (JSC::FTL::offsetOfGPR):
491         (JSC::FTL::offsetOfFPR):
492         * jit/JITInlineCacheGenerator.cpp:
493         (JSC::JITByIdGenerator::JITByIdGenerator):
494         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
495         * jit/JITInlineCacheGenerator.h:
496         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
497         * jit/JITPropertyAccess.cpp:
498         (JSC::JIT::emit_op_get_by_id):
499         (JSC::JIT::emit_op_put_by_id):
500         * jit/JITPropertyAccess32_64.cpp:
501         (JSC::JIT::emit_op_get_by_id):
502         (JSC::JIT::emit_op_put_by_id):
503         * jit/RegisterSet.cpp: Added.
504         (JSC::RegisterSet::specialRegisters):
505         * jit/RegisterSet.h: Added.
506         (JSC::RegisterSet::RegisterSet):
507         (JSC::RegisterSet::set):
508         (JSC::RegisterSet::clear):
509         (JSC::RegisterSet::get):
510         (JSC::RegisterSet::merge):
511         * jit/Repatch.cpp:
512         (JSC::generateProtoChainAccessStub):
513         (JSC::tryCacheGetByID):
514         (JSC::tryBuildGetByIDList):
515         (JSC::emitPutReplaceStub):
516         (JSC::tryRepatchIn):
517         (JSC::linkClosureCall):
518         * jit/TempRegisterSet.cpp: Added.
519         (JSC::TempRegisterSet::TempRegisterSet):
520         * jit/TempRegisterSet.h:
521
522 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
523
524         [sh4] Fix build (broken since r157690).
525         https://bugs.webkit.org/show_bug.cgi?id=123081
526
527         Reviewed by Andreas Kling.
528
529         * assembler/AssemblerBufferWithConstantPool.h:
530         * assembler/SH4Assembler.h:
531         (JSC::SH4Assembler::buffer):
532         (JSC::SH4Assembler::readCallTarget):
533
534 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
535
536         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
537         https://bugs.webkit.org/show_bug.cgi?id=123079
538
539         Reviewed by Geoffrey Garen.
540
541         * jit/TempRegisterSet.h:
542
543 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
544
545         Rename RegisterSet to TempRegisterSet
546         https://bugs.webkit.org/show_bug.cgi?id=123077
547
548         Reviewed by Dan Bernstein.
549
550         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
551         * JavaScriptCore.xcodeproj/project.pbxproj:
552         * bytecode/StructureStubInfo.h:
553         * dfg/DFGJITCompiler.h:
554         * dfg/DFGSpeculativeJIT.h:
555         (JSC::DFG::SpeculativeJIT::usedRegisters):
556         * jit/JITInlineCacheGenerator.cpp:
557         (JSC::JITByIdGenerator::JITByIdGenerator):
558         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
559         * jit/JITInlineCacheGenerator.h:
560         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
561         * jit/JITPropertyAccess.cpp:
562         (JSC::JIT::emit_op_get_by_id):
563         (JSC::JIT::emit_op_put_by_id):
564         * jit/JITPropertyAccess32_64.cpp:
565         (JSC::JIT::emit_op_get_by_id):
566         (JSC::JIT::emit_op_put_by_id):
567         * jit/RegisterSet.h: Removed.
568         * jit/ScratchRegisterAllocator.h:
569         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
570         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
571         (JSC::TempRegisterSet::TempRegisterSet):
572         (JSC::TempRegisterSet::asPOD):
573         (JSC::TempRegisterSet::copyInfo):
574
575 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
576
577         Restructure LinkBuffer to allow for alternate allocation strategies
578         https://bugs.webkit.org/show_bug.cgi?id=123071
579
580         Reviewed by Oliver Hunt.
581         
582         The idea is to eventually allow a LinkBuffer to place the code into an already
583         allocated region of memory.  That region of memory could be the nop-slide left behind
584         by a llvm.webkit.patchpoint.
585
586         * assembler/ARM64Assembler.h:
587         (JSC::ARM64Assembler::buffer):
588         * assembler/AssemblerBuffer.h:
589         * assembler/LinkBuffer.cpp:
590         (JSC::LinkBuffer::copyCompactAndLinkCode):
591         (JSC::LinkBuffer::linkCode):
592         (JSC::LinkBuffer::allocate):
593         (JSC::LinkBuffer::shrink):
594         * assembler/LinkBuffer.h:
595         (JSC::LinkBuffer::LinkBuffer):
596         (JSC::LinkBuffer::didFailToAllocate):
597         * assembler/X86Assembler.h:
598         (JSC::X86Assembler::buffer):
599         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
600
601 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
602
603         Some includes in JSC seem to use an incorrect style
604         https://bugs.webkit.org/show_bug.cgi?id=123057
605
606         Reviewed by Geoffrey Garen.
607
608         Changed pseudo-system includes to user ones.
609
610         * API/JSContextRef.cpp:
611         * API/JSStringRefCF.cpp:
612         * API/JSValueRef.cpp:
613         * API/OpaqueJSString.cpp:
614         * jit/JIT.h:
615         * parser/SyntaxChecker.h:
616         * runtime/WeakGCMap.h:
617
618 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
619
620         Baseline JIT and DFG IC code generation should be unified and rationalized
621         https://bugs.webkit.org/show_bug.cgi?id=122939
622
623         Reviewed by Geoffrey Garen.
624         
625         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
626         some register info and creates JIT inline caches for you. Used this to even furhter
627         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
628         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
629         that it needs to do the equivalent of get_by_id, so with this generator it will be able
630         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
631
632         * CMakeLists.txt:
633         * GNUmakefile.list.am:
634         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
635         * JavaScriptCore.xcodeproj/project.pbxproj:
636         * assembler/AbstractMacroAssembler.h:
637         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
638         * bytecode/CodeBlock.h:
639         (JSC::CodeBlock::ecmaMode):
640         * dfg/DFGInlineCacheWrapper.h: Added.
641         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
642         * dfg/DFGInlineCacheWrapperInlines.h: Added.
643         (JSC::DFG::::finalize):
644         * dfg/DFGJITCompiler.cpp:
645         (JSC::DFG::JITCompiler::link):
646         * dfg/DFGJITCompiler.h:
647         (JSC::DFG::JITCompiler::addGetById):
648         (JSC::DFG::JITCompiler::addPutById):
649         * dfg/DFGSpeculativeJIT32_64.cpp:
650         (JSC::DFG::SpeculativeJIT::cachedGetById):
651         (JSC::DFG::SpeculativeJIT::cachedPutById):
652         * dfg/DFGSpeculativeJIT64.cpp:
653         (JSC::DFG::SpeculativeJIT::cachedGetById):
654         (JSC::DFG::SpeculativeJIT::cachedPutById):
655         (JSC::DFG::SpeculativeJIT::compile):
656         * jit/AssemblyHelpers.h:
657         (JSC::AssemblyHelpers::isStrictModeFor):
658         (JSC::AssemblyHelpers::strictModeFor):
659         * jit/GPRInfo.h:
660         (JSC::JSValueRegs::tagGPR):
661         * jit/JIT.cpp:
662         (JSC::JIT::JIT):
663         (JSC::JIT::privateCompileSlowCases):
664         (JSC::JIT::privateCompile):
665         * jit/JIT.h:
666         * jit/JITInlineCacheGenerator.cpp: Added.
667         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
668         (JSC::JITByIdGenerator::JITByIdGenerator):
669         (JSC::JITByIdGenerator::finalize):
670         (JSC::JITByIdGenerator::generateFastPathChecks):
671         (JSC::JITGetByIdGenerator::generateFastPath):
672         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
673         (JSC::JITPutByIdGenerator::generateFastPath):
674         (JSC::JITPutByIdGenerator::slowPathFunction):
675         * jit/JITInlineCacheGenerator.h: Added.
676         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
677         (JSC::JITInlineCacheGenerator::stubInfo):
678         (JSC::JITByIdGenerator::JITByIdGenerator):
679         (JSC::JITByIdGenerator::reportSlowPathCall):
680         (JSC::JITByIdGenerator::slowPathJump):
681         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
682         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
683         * jit/JITPropertyAccess.cpp:
684         (JSC::JIT::emit_op_get_by_id):
685         (JSC::JIT::emitSlow_op_get_by_id):
686         (JSC::JIT::emit_op_put_by_id):
687         (JSC::JIT::emitSlow_op_put_by_id):
688         * jit/JITPropertyAccess32_64.cpp:
689         (JSC::JIT::emit_op_get_by_id):
690         (JSC::JIT::emitSlow_op_get_by_id):
691         (JSC::JIT::emit_op_put_by_id):
692         (JSC::JIT::emitSlow_op_put_by_id):
693         * jit/RegisterSet.h:
694         (JSC::RegisterSet::set):
695
696 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
697
698         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
699         https://bugs.webkit.org/show_bug.cgi?id=123067
700
701         Reviewed by Geoffrey Garen.
702
703         * API/APICast.h: Include it.
704
705 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
706
707         FTL::Location should treat the offset as an addend in the case of a Register location
708         https://bugs.webkit.org/show_bug.cgi?id=123062
709
710         Reviewed by Sam Weinig.
711
712         * ftl/FTLLocation.cpp:
713         (JSC::FTL::Location::forStackmaps):
714         (JSC::FTL::Location::dump):
715         (JSC::FTL::Location::restoreInto):
716         * ftl/FTLLocation.h:
717         (JSC::FTL::Location::forRegister):
718         (JSC::FTL::Location::hasAddend):
719         (JSC::FTL::Location::addend):
720
721 2013-10-19  Nadav Rotem  <nrotem@apple.com>
722
723         DFG dominators: document and rename stuff.
724         https://bugs.webkit.org/show_bug.cgi?id=123056
725
726         Reviewed by Filip Pizlo.
727
728         Documented the code and renamed some variables.
729
730         * dfg/DFGDominators.cpp:
731         (JSC::DFG::Dominators::compute):
732         (JSC::DFG::Dominators::pruneDominators):
733         * dfg/DFGDominators.h:
734
735 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
736
737         Fix build failure for architectures with 4 argument registers.
738         https://bugs.webkit.org/show_bug.cgi?id=123060
739
740         Reviewed by Michael Saboff.
741
742         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
743         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
744
745         * dfg/DFGSpeculativeJIT.h:
746         (JSC::DFG::SpeculativeJIT::callOperation):
747         * jit/CCallHelpers.h:
748         (JSC::CCallHelpers::setupArgumentsWithExecState):
749         * jit/JITInlines.h:
750         (JSC::JIT::callOperation):
751
752 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
753
754         Unreviewed, fix FTL build.
755
756         * ftl/FTLIntrinsicRepository.h:
757         * ftl/FTLLowerDFGToLLVM.cpp:
758         (JSC::FTL::LowerDFGToLLVM::compileGetById):
759
760 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
761
762         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
763         https://bugs.webkit.org/show_bug.cgi?id=122940
764
765         Reviewed by Oliver Hunt.
766         
767         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
768         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
769         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
770         StructureStubInfo's. It removes some of the need for the compile-time property access
771         records; for example the DFG no longer has to save information about registers in a
772         property access record only to later save it to the stub info.
773         
774         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
775         at any stage of compilation.
776
777         * bytecode/CodeBlock.cpp:
778         (JSC::CodeBlock::printGetByIdCacheStatus):
779         (JSC::CodeBlock::dumpBytecode):
780         (JSC::CodeBlock::~CodeBlock):
781         (JSC::CodeBlock::propagateTransitions):
782         (JSC::CodeBlock::finalizeUnconditionally):
783         (JSC::CodeBlock::addStubInfo):
784         (JSC::CodeBlock::getStubInfoMap):
785         (JSC::CodeBlock::shrinkToFit):
786         * bytecode/CodeBlock.h:
787         (JSC::CodeBlock::begin):
788         (JSC::CodeBlock::end):
789         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
790         * bytecode/CodeOrigin.h:
791         (JSC::CodeOrigin::CodeOrigin):
792         (JSC::CodeOrigin::isHashTableDeletedValue):
793         (JSC::CodeOrigin::hash):
794         (JSC::CodeOriginHash::hash):
795         (JSC::CodeOriginHash::equal):
796         * bytecode/GetByIdStatus.cpp:
797         (JSC::GetByIdStatus::computeFor):
798         * bytecode/GetByIdStatus.h:
799         * bytecode/PutByIdStatus.cpp:
800         (JSC::PutByIdStatus::computeFor):
801         * bytecode/PutByIdStatus.h:
802         * bytecode/StructureStubInfo.h:
803         (JSC::getStructureStubInfoCodeOrigin):
804         * dfg/DFGByteCodeParser.cpp:
805         (JSC::DFG::ByteCodeParser::parseBlock):
806         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
807         * dfg/DFGJITCompiler.cpp:
808         (JSC::DFG::JITCompiler::link):
809         * dfg/DFGJITCompiler.h:
810         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
811         (JSC::DFG::InRecord::InRecord):
812         * dfg/DFGSpeculativeJIT.cpp:
813         (JSC::DFG::SpeculativeJIT::compileIn):
814         * dfg/DFGSpeculativeJIT.h:
815         (JSC::DFG::SpeculativeJIT::callOperation):
816         * dfg/DFGSpeculativeJIT32_64.cpp:
817         (JSC::DFG::SpeculativeJIT::cachedGetById):
818         (JSC::DFG::SpeculativeJIT::cachedPutById):
819         * dfg/DFGSpeculativeJIT64.cpp:
820         (JSC::DFG::SpeculativeJIT::cachedGetById):
821         (JSC::DFG::SpeculativeJIT::cachedPutById):
822         * jit/CCallHelpers.h:
823         (JSC::CCallHelpers::setupArgumentsWithExecState):
824         * jit/JIT.cpp:
825         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
826         (JSC::JIT::privateCompile):
827         * jit/JIT.h:
828         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
829         * jit/JITInlines.h:
830         (JSC::JIT::callOperation):
831         * jit/JITOperations.cpp:
832         * jit/JITOperations.h:
833         * jit/JITPropertyAccess.cpp:
834         (JSC::JIT::emitSlow_op_get_by_id):
835         (JSC::JIT::emitSlow_op_put_by_id):
836         * jit/JITPropertyAccess32_64.cpp:
837         (JSC::JIT::emitSlow_op_get_by_id):
838         (JSC::JIT::emitSlow_op_put_by_id):
839         * jit/Repatch.cpp:
840         (JSC::appropriateGenericPutByIdFunction):
841         (JSC::appropriateListBuildingPutByIdFunction):
842         (JSC::resetPutByID):
843
844 2013-10-18  Oliver Hunt  <oliver@apple.com>
845
846         Spread operator should be performing direct "puts" and not triggering setters
847         https://bugs.webkit.org/show_bug.cgi?id=123047
848
849         Reviewed by Geoffrey Garen.
850
851         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
852         to array construct.  This required a new PutByValDirect node to be introduced to
853         the DFG.  The current implementation simply changes the slow path function that
854         is called, but in future this could be made faster as it does not need to check
855         the prototype chain.
856
857         * bytecode/CodeBlock.cpp:
858         (JSC::CodeBlock::dumpBytecode):
859         (JSC::CodeBlock::CodeBlock):
860         * bytecode/Opcode.h:
861         (JSC::padOpcodeName):
862         * bytecompiler/BytecodeGenerator.cpp:
863         (JSC::BytecodeGenerator::emitDirectPutByVal):
864         * bytecompiler/BytecodeGenerator.h:
865         * bytecompiler/NodesCodegen.cpp:
866         (JSC::ArrayNode::emitBytecode):
867         * dfg/DFGAbstractInterpreterInlines.h:
868         (JSC::DFG::::executeEffects):
869         * dfg/DFGBackwardsPropagationPhase.cpp:
870         (JSC::DFG::BackwardsPropagationPhase::propagate):
871         * dfg/DFGByteCodeParser.cpp:
872         (JSC::DFG::ByteCodeParser::parseBlock):
873         * dfg/DFGCSEPhase.cpp:
874         (JSC::DFG::CSEPhase::getArrayLengthElimination):
875         (JSC::DFG::CSEPhase::getByValLoadElimination):
876         (JSC::DFG::CSEPhase::checkStructureElimination):
877         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
878         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
879         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
880         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
881         (JSC::DFG::CSEPhase::performNodeCSE):
882         * dfg/DFGCapabilities.cpp:
883         (JSC::DFG::capabilityLevel):
884         * dfg/DFGClobberize.h:
885         (JSC::DFG::clobberize):
886         * dfg/DFGFixupPhase.cpp:
887         (JSC::DFG::FixupPhase::fixupNode):
888         * dfg/DFGGraph.h:
889         (JSC::DFG::Graph::clobbersWorld):
890         * dfg/DFGNode.h:
891         (JSC::DFG::Node::hasArrayMode):
892         * dfg/DFGNodeType.h:
893         * dfg/DFGOperations.cpp:
894         (JSC::DFG::putByVal):
895         (JSC::DFG::operationPutByValInternal):
896         * dfg/DFGOperations.h:
897         * dfg/DFGPredictionPropagationPhase.cpp:
898         (JSC::DFG::PredictionPropagationPhase::propagate):
899         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
900         * dfg/DFGSafeToExecute.h:
901         (JSC::DFG::safeToExecute):
902         * dfg/DFGSpeculativeJIT32_64.cpp:
903         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
904         (JSC::DFG::SpeculativeJIT::compile):
905         * dfg/DFGSpeculativeJIT64.cpp:
906         (JSC::DFG::SpeculativeJIT::compile):
907         * dfg/DFGTypeCheckHoistingPhase.cpp:
908         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
909         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
910         * jit/JIT.cpp:
911         (JSC::JIT::privateCompileMainPass):
912         (JSC::JIT::privateCompileSlowCases):
913         * jit/JIT.h:
914         (JSC::JIT::compileDirectPutByVal):
915         * jit/JITOperations.cpp:
916         * jit/JITOperations.h:
917         * jit/JITPropertyAccess.cpp:
918         (JSC::JIT::emitSlow_op_put_by_val):
919         (JSC::JIT::privateCompilePutByVal):
920         * jit/JITPropertyAccess32_64.cpp:
921         (JSC::JIT::emitSlow_op_put_by_val):
922         * llint/LLIntSlowPaths.cpp:
923         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
924         * llint/LLIntSlowPaths.h:
925         * llint/LowLevelInterpreter32_64.asm:
926         * llint/LowLevelInterpreter64.asm:
927
928 2013-10-18  Daniel Bates  <dabates@apple.com>
929
930         [iOS] Export symbol for VM::sharedInstanceExists()
931         https://bugs.webkit.org/show_bug.cgi?id=123046
932
933         Reviewed by Mark Hahnenberg.
934
935         * runtime/VM.h:
936
937 2013-10-18  Daniel Bates  <dabates@apple.com>
938
939         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
940         https://bugs.webkit.org/show_bug.cgi?id=123049
941
942         Reviewed by Mark Hahnenberg.
943
944         * heap/Heap.cpp:
945         (JSC::Heap::setIncrementalSweeper):
946         * heap/Heap.h:
947         * heap/HeapTimer.h:
948         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
949         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
950         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
951         (duplicates the include in the .cpp).
952         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
953         making use of this now, but we'll make use of it in a subsequent patch.
954
955 2013-10-18  Anders Carlsson  <andersca@apple.com>
956
957         Remove spaces between template angle brackets
958         https://bugs.webkit.org/show_bug.cgi?id=123040
959
960         Reviewed by Andreas Kling.
961
962         * API/JSCallbackObject.cpp:
963         (JSC::::create):
964         * API/JSObjectRef.cpp:
965         * bytecode/CodeBlock.h:
966         (JSC::CodeBlock::constants):
967         (JSC::CodeBlock::setConstantRegisters):
968         * bytecode/DFGExitProfile.h:
969         * bytecode/EvalCodeCache.h:
970         * bytecode/Operands.h:
971         * bytecode/UnlinkedCodeBlock.h:
972         (JSC::UnlinkedCodeBlock::constantRegisters):
973         * bytecode/Watchpoint.h:
974         * bytecompiler/BytecodeGenerator.h:
975         * bytecompiler/StaticPropertyAnalysis.h:
976         * bytecompiler/StaticPropertyAnalyzer.h:
977         * dfg/DFGArgumentsSimplificationPhase.cpp:
978         * dfg/DFGBlockInsertionSet.h:
979         * dfg/DFGCSEPhase.cpp:
980         (JSC::DFG::performCSE):
981         (JSC::DFG::performStoreElimination):
982         * dfg/DFGCommonData.h:
983         * dfg/DFGDesiredStructureChains.h:
984         * dfg/DFGDesiredWatchpoints.h:
985         * dfg/DFGJITCompiler.h:
986         * dfg/DFGOSRExitCompiler32_64.cpp:
987         (JSC::DFG::OSRExitCompiler::compileExit):
988         * dfg/DFGOSRExitCompiler64.cpp:
989         (JSC::DFG::OSRExitCompiler::compileExit):
990         * dfg/DFGWorklist.h:
991         * heap/BlockAllocator.h:
992         (JSC::CopiedBlock):
993         (JSC::MarkedBlock):
994         (JSC::WeakBlock):
995         (JSC::MarkStackSegment):
996         (JSC::CopyWorkListSegment):
997         (JSC::HandleBlock):
998         * heap/Heap.h:
999         * heap/Local.h:
1000         * heap/MarkedBlock.h:
1001         * heap/Strong.h:
1002         * jit/AssemblyHelpers.cpp:
1003         (JSC::AssemblyHelpers::decodedCodeMapFor):
1004         * jit/AssemblyHelpers.h:
1005         * jit/SpecializedThunkJIT.h:
1006         * parser/Nodes.h:
1007         * parser/Parser.cpp:
1008         (JSC::::parseIfStatement):
1009         * parser/Parser.h:
1010         (JSC::Scope::copyCapturedVariablesToVector):
1011         (JSC::parse):
1012         * parser/ParserArena.h:
1013         * parser/SourceProviderCacheItem.h:
1014         * profiler/LegacyProfiler.cpp:
1015         (JSC::dispatchFunctionToProfiles):
1016         * profiler/LegacyProfiler.h:
1017         (JSC::LegacyProfiler::currentProfiles):
1018         * profiler/ProfileNode.h:
1019         (JSC::ProfileNode::children):
1020         * profiler/ProfilerDatabase.h:
1021         * runtime/Butterfly.h:
1022         (JSC::Butterfly::contiguousInt32):
1023         (JSC::Butterfly::contiguous):
1024         * runtime/GenericTypedArrayViewInlines.h:
1025         (JSC::::create):
1026         * runtime/Identifier.h:
1027         (JSC::Identifier::add):
1028         * runtime/JSPromise.h:
1029         * runtime/PropertyMapHashTable.h:
1030         * runtime/PropertyNameArray.h:
1031         * runtime/RegExpCache.h:
1032         * runtime/SparseArrayValueMap.h:
1033         * runtime/SymbolTable.h:
1034         * runtime/VM.h:
1035         * tools/CodeProfile.cpp:
1036         (JSC::truncateTrace):
1037         * tools/CodeProfile.h:
1038         * yarr/YarrInterpreter.cpp:
1039         * yarr/YarrInterpreter.h:
1040         (JSC::Yarr::BytecodePattern::BytecodePattern):
1041         * yarr/YarrJIT.cpp:
1042         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
1043         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
1044         (JSC::Yarr::YarrGenerator::opCompileBody):
1045         * yarr/YarrPattern.cpp:
1046         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
1047         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1048         * yarr/YarrPattern.h:
1049
1050 2013-10-18  Mark Lam  <mark.lam@apple.com>
1051
1052         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
1053         https://bugs.webkit.org/show_bug.cgi?id=123037.
1054
1055         Reviewed by Geoffrey Garen.
1056
1057         * jit/JITStubsMSVC64.asm:
1058         * jit/JITStubsX86.h:
1059         * jit/JITStubsX86_64.h:
1060
1061 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1062
1063         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
1064         https://bugs.webkit.org/show_bug.cgi?id=121661
1065
1066         Reviewed by Mark Hahnenberg.
1067         
1068         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
1069         so I added a return-early check using isCompilationThread().
1070         
1071         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
1072         it is describing: m_offset and the property table. Most structures only have m_offset and report
1073         null for the property table. If the property table is there, it will tell you additional
1074         information and that information subsumes m_offset - but the m_offset is still there. So, when
1075         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
1076         machinery to do this.
1077         
1078         Changing the property table only happens on the main thread.
1079         
1080         Because the machinery to change the property table is so complex, especially with respect to
1081         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
1082         called at key points before and after changes to the property table or the offset.
1083
1084         Most clients of Structure who care about object layout, including the concurrent thread, will
1085         want to know m_offset and not the property table. If they want the property table, they will
1086         already be super careful. The concurrent thread has special methods for this, like
1087         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
1088         view of the property table.
1089         
1090         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
1091         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
1092         
1093         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
1094         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
1095         because we have found that it helps quickly identify situations where the property table and
1096         m_offset get out of sync - mainly because code that changes either of those things will usually
1097         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
1098         need the property table; it uses the m_offset. The concurrent JIT is correct to call
1099         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
1100         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
1101         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
1102         locks, and that same structure is having its property table modified by the main thread, we end
1103         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
1104         property table modified - instead what happens is that some downstream structure steals the
1105         property table and then starts adding things to it. The concurrent thread loads the property
1106         table before it's stolen, and hence the badness.
1107         
1108         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
1109         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
1110         and then you have a possible crash.
1111         
1112         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
1113         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
1114         it's in the concurrent JIT.
1115         
1116         * runtime/StructureInlines.h:
1117         (JSC::Structure::checkOffsetConsistency):
1118
1119 2013-10-18  Daniel Bates  <dabates@apple.com>
1120
1121         Add SPI to disable the garbage collector timer
1122         https://bugs.webkit.org/show_bug.cgi?id=122921
1123
1124         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
1125         omitted.
1126
1127         * heap/Heap.cpp:
1128         (JSC::Heap::setGarbageCollectionTimerEnabled):
1129
1130 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1131
1132         Group 64-bit specific and 32-bit specific callOperation implementations.
1133         https://bugs.webkit.org/show_bug.cgi?id=123024
1134
1135         Reviewed by Michael Saboff.
1136
1137         This is not a big deal, but could be less confusing when reading the code.
1138
1139         * jit/JITInlines.h:
1140         (JSC::JIT::callOperation):
1141         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1142         (JSC::JIT::callOperationNoExceptionCheck):
1143
1144 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1145
1146         Fix a FlushLiveness problem.
1147         https://bugs.webkit.org/show_bug.cgi?id=122984
1148
1149         Reviewed by Filip Pizlo.
1150
1151         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1152         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1153
1154 2013-10-18  Michael Saboff  <msaboff@apple.com>
1155
1156         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1157         https://bugs.webkit.org/show_bug.cgi?id=122982
1158
1159         Reviewed by Geoffrey Garen.
1160
1161         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1162         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1163         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1164         in the process.
1165
1166         * dfg/DFGJITCompiler.cpp:
1167         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1168         * jit/CCallHelpers.h:
1169         (JSC::CCallHelpers::jumpToExceptionHandler):
1170         * jit/JIT.cpp:
1171         (JSC::JIT::privateCompileExceptionHandlers):
1172         * jit/JIT.h:
1173         * jit/JITExceptions.cpp:
1174         (JSC::genericUnwind):
1175         * jit/JITExceptions.h:
1176         * jit/JITInlines.h:
1177         (JSC::JIT::callOperationNoExceptionCheck):
1178         * jit/JITOpcodes.cpp:
1179         (JSC::JIT::emit_op_throw):
1180         * jit/JITOpcodes32_64.cpp:
1181         (JSC::JIT::privateCompileCTINativeCall):
1182         (JSC::JIT::emit_op_throw):
1183         * jit/JITOperations.cpp:
1184         * jit/JITOperations.h:
1185         * jit/JITStubs.cpp:
1186         * jit/JITStubs.h:
1187         * jit/JITStubsARM.h:
1188         * jit/JITStubsARM64.h:
1189         * jit/JITStubsARMv7.h:
1190         * jit/JITStubsMIPS.h:
1191         * jit/JITStubsMSVC64.asm:
1192         * jit/JITStubsSH4.h:
1193         * jit/JITStubsX86.h:
1194         * jit/JITStubsX86_64.h:
1195         * jit/Repatch.cpp:
1196         (JSC::tryBuildGetByIDList):
1197         * jit/SlowPathCall.h:
1198         (JSC::JITSlowPathCall::call):
1199         * jit/ThunkGenerators.cpp:
1200         (JSC::throwExceptionFromCallSlowPathGenerator):
1201         (JSC::nativeForGenerator):
1202         * runtime/VM.h:
1203         (JSC::VM::callFrameForThrowOffset):
1204         (JSC::VM::targetMachinePCForThrowOffset):
1205
1206 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1207
1208         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1209         https://bugs.webkit.org/show_bug.cgi?id=123023
1210
1211         Reviewed by Michael Saboff.
1212
1213         * jit/JITInlines.h:
1214         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1215         using EABI_32BIT_DUMMY_ARG here.
1216
1217 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1218
1219         Unreviewed, another ARM64 build fix.
1220         
1221         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1222         on ARM64 and none of its uses are legit - they should all be using
1223         andPtr(TrustedImm32, blah) anyway.
1224
1225         * assembler/MacroAssembler.h:
1226         * assembler/MacroAssemblerARM64.h:
1227         * dfg/DFGJITCompiler.cpp:
1228         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1229         * jit/JIT.cpp:
1230         (JSC::JIT::privateCompileExceptionHandlers):
1231
1232 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1233
1234         Unreviewed, speculative ARM64 build fix.
1235         
1236         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1237         implemented. So, you have to use TrustedImmPtr in the superclasses.
1238
1239         * assembler/MacroAssemblerARM64.h:
1240         (JSC::MacroAssemblerARM64::store8):
1241         (JSC::MacroAssemblerARM64::branchTest8):
1242
1243 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1244
1245         Unreviewed, speculative ARM build fix.
1246         https://bugs.webkit.org/show_bug.cgi?id=122890
1247         <rdar://problem/15258624>
1248
1249         * assembler/ARM64Assembler.h:
1250         (JSC::ARM64Assembler::firstRegister):
1251         (JSC::ARM64Assembler::lastRegister):
1252         (JSC::ARM64Assembler::firstFPRegister):
1253         (JSC::ARM64Assembler::lastFPRegister):
1254         * assembler/MacroAssemblerARM64.h:
1255         * assembler/MacroAssemblerARMv7.h:
1256
1257 2013-10-17  Andreas Kling  <akling@apple.com>
1258
1259         Pass VM instead of JSGlobalObject to JSONObject constructor.
1260         <https://webkit.org/b/122999>
1261
1262         JSONObject was only use the JSGlobalObject to grab at the VM.
1263         Dodge a few loads by passing the VM directly instead.
1264
1265         Reviewed by Geoffrey Garen.
1266
1267         * runtime/JSONObject.cpp:
1268         (JSC::JSONObject::JSONObject):
1269         (JSC::JSONObject::finishCreation):
1270         * runtime/JSONObject.h:
1271         (JSC::JSONObject::create):
1272
1273 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1274
1275         Removed the JITStackFrame struct
1276         https://bugs.webkit.org/show_bug.cgi?id=123001
1277
1278         Reviewed by Anders Carlsson.
1279
1280         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1281         our helper functions obey the C function call ABI.
1282
1283 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1284
1285         Removed an unused #define
1286         https://bugs.webkit.org/show_bug.cgi?id=123000
1287
1288         Reviewed by Anders Carlsson.
1289
1290         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1291         since it is unused now. This is a step toward using the C stack.
1292
1293 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1294
1295         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1296         https://bugs.webkit.org/show_bug.cgi?id=122973
1297
1298         Reviewed by Michael Saboff.
1299
1300         * jit/ThunkGenerators.cpp:
1301         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1302         so I removed it.
1303
1304         The code acted as if it needed to pass an argument to
1305         lookupExceptionHandler, and as if it passed that argument to itself
1306         through JITStackFrame. However, lookupExceptionHandler does not take
1307         an argument (other than the default ExecState argument), and the code
1308         did not initialize the thing that it thought it passed to itself!
1309
1310 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1311
1312         Run JavaScriptCore tests again on Windows.
1313         https://bugs.webkit.org/show_bug.cgi?id=122787
1314
1315         Reviewed by Tim Horton.
1316
1317         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1318         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1319
1320 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1321
1322         Removed restoreArgumentReference (another use of JITStackFrame)
1323         https://bugs.webkit.org/show_bug.cgi?id=122997
1324
1325         Reviewed by Oliver Hunt.
1326
1327         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1328         toward using the C stack.
1329
1330 2013-10-17  Oliver Hunt  <oliver@apple.com>
1331
1332         Remove JITStubCall.h
1333         https://bugs.webkit.org/show_bug.cgi?id=122991
1334
1335         Reviewed by Geoff Garen.
1336
1337         Happily this is no longer used
1338
1339         * GNUmakefile.list.am:
1340         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1341         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1342         * JavaScriptCore.xcodeproj/project.pbxproj:
1343         * jit/JIT.cpp:
1344         * jit/JITArithmetic.cpp:
1345         * jit/JITArithmetic32_64.cpp:
1346         * jit/JITCall.cpp:
1347         * jit/JITCall32_64.cpp:
1348         * jit/JITOpcodes.cpp:
1349         * jit/JITOpcodes32_64.cpp:
1350         * jit/JITPropertyAccess.cpp:
1351         * jit/JITPropertyAccess32_64.cpp:
1352         * jit/JITStubCall.h: Removed.
1353
1354 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1355
1356         Removed a use of JITSTACKFRAME_ARGS_INDEX
1357         https://bugs.webkit.org/show_bug.cgi?id=122989
1358
1359         Reviewed by Oliver Hunt.
1360
1361         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1362         to using the C stack.
1363
1364 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1365
1366         Change emit_op_catch to use another method to materialize VM
1367         https://bugs.webkit.org/show_bug.cgi?id=122977
1368
1369         Reviewed by Oliver Hunt.
1370
1371         * jit/JITOpcodes.cpp:
1372         (JSC::JIT::emit_op_catch):
1373         * jit/JITOpcodes32_64.cpp:
1374         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1375         on JITStackFrame. It is also faster and simpler.
1376
1377 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1378
1379         Eliminate emitGetJITStubArg() - dead code
1380         https://bugs.webkit.org/show_bug.cgi?id=122975
1381
1382         Reviewed by Anders Carlsson.
1383
1384         * jit/JIT.h:
1385         * jit/JITInlines.h: Removed unused, deprecated function.
1386
1387 2013-10-17  Mark Lam  <mark.lam@apple.com>
1388
1389         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1390         https://bugs.webkit.org/show_bug.cgi?id=122979.
1391
1392         Reviewed by Michael Saboff.
1393
1394         * jit/JITStubs.cpp:
1395         * jit/JITStubs.h:
1396         * jit/JITStubsARM.h:
1397         * jit/JITStubsARM64.h:
1398         * jit/JITStubsARMv7.h:
1399         * jit/JITStubsMIPS.h:
1400         * jit/JITStubsSH4.h:
1401         * jit/JITStubsX86.h:
1402         * jit/JITStubsX86_64.h:
1403         * runtime/VM.cpp:
1404         (JSC::VM::VM):
1405
1406 2013-10-17  Michael Saboff  <msaboff@apple.com>
1407
1408         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1409         https://bugs.webkit.org/show_bug.cgi?id=122974
1410
1411         Reviewed by Geoffrey Garen.
1412
1413         Eliminated unneeded storing to JITStackFrame.
1414
1415         * dfg/DFGJITCompiler.cpp:
1416         (JSC::DFG::JITCompiler::compileFunction):
1417
1418 2013-10-17  Michael Saboff  <msaboff@apple.com>
1419
1420         Transition cti_op_throw and cti_vm_throw to a JIT operation
1421         https://bugs.webkit.org/show_bug.cgi?id=122931
1422
1423         Reviewed by Filip Pizlo.
1424
1425         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1426         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1427         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1428         callOperation to handle the need to provide space for structure return value.
1429
1430         * jit/JIT.h:
1431         * jit/JITInlines.h:
1432         (JSC::JIT::callOperation):
1433         * jit/JITOpcodes.cpp:
1434         (JSC::JIT::emit_op_throw):
1435         * jit/JITOpcodes32_64.cpp:
1436         (JSC::JIT::emit_op_throw):
1437         (JSC::JIT::emit_op_catch):
1438         * jit/JITOperations.cpp:
1439         * jit/JITOperations.h:
1440         * jit/JITStubs.cpp:
1441         * jit/JITStubs.h:
1442         * jit/JITStubsARM.h:
1443         * jit/JITStubsARM64.h:
1444         * jit/JITStubsARMv7.h:
1445         * jit/JITStubsMIPS.h:
1446         * jit/JITStubsMSVC64.asm:
1447         * jit/JITStubsSH4.h:
1448         * jit/JITStubsX86.h:
1449         * jit/JITStubsX86_64.h:
1450         * jit/JSInterfaceJIT.h:
1451
1452 2013-10-17  Mark Lam  <mark.lam@apple.com>
1453
1454         Remove JITStackFrame references in the C Loop LLINT.
1455         https://bugs.webkit.org/show_bug.cgi?id=122950.
1456
1457         Reviewed by Michael Saboff.
1458
1459         * jit/JITStubs.h:
1460         * llint/LowLevelInterpreter.cpp:
1461         (JSC::CLoop::execute):
1462         * offlineasm/cloop.rb:
1463
1464 2013-10-17  Mark Lam  <mark.lam@apple.com>
1465
1466         Remove JITStackFrame references in JIT probes.
1467         https://bugs.webkit.org/show_bug.cgi?id=122947.
1468
1469         Reviewed by Michael Saboff.
1470
1471         * assembler/MacroAssemblerARM.cpp:
1472         (JSC::MacroAssemblerARM::ProbeContext::dump):
1473         * assembler/MacroAssemblerARM.h:
1474         * assembler/MacroAssemblerARMv7.cpp:
1475         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1476         * assembler/MacroAssemblerARMv7.h:
1477         * assembler/MacroAssemblerX86Common.cpp:
1478         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1479         * assembler/MacroAssemblerX86Common.h:
1480         * jit/JITStubsARM.h:
1481         * jit/JITStubsARMv7.h:
1482         * jit/JITStubsX86.h:
1483         * jit/JITStubsX86Common.h:
1484         * jit/JITStubsX86_64.h:
1485
1486 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1487
1488         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1489         https://bugs.webkit.org/show_bug.cgi?id=122949
1490
1491         Reviewed by Andreas Kling.
1492
1493         * jit/CCallHelpers.h:
1494         (JSC::CCallHelpers::setupArgumentsWithExecState):
1495
1496 2013-10-16  Mark Lam  <mark.lam@apple.com>
1497
1498         Transition remaining op_get* JITStubs to JIT operations.
1499         https://bugs.webkit.org/show_bug.cgi?id=122925.
1500
1501         Reviewed by Geoffrey Garen.
1502
1503         Transitioning:
1504             cti_op_get_by_id_generic
1505             cti_op_get_by_val
1506             cti_op_get_by_val_generic
1507             cti_op_get_by_val_string
1508
1509         * dfg/DFGOperations.cpp:
1510         * dfg/DFGOperations.h:
1511         * jit/JIT.h:
1512         * jit/JITInlines.h:
1513         (JSC::JIT::callOperation):
1514         * jit/JITOpcodes.cpp:
1515         (JSC::JIT::emitSlow_op_get_arguments_length):
1516         (JSC::JIT::emitSlow_op_get_argument_by_val):
1517         * jit/JITOpcodes32_64.cpp:
1518         (JSC::JIT::emitSlow_op_get_arguments_length):
1519         (JSC::JIT::emitSlow_op_get_argument_by_val):
1520         * jit/JITOperations.cpp:
1521         * jit/JITOperations.h:
1522         * jit/JITPropertyAccess.cpp:
1523         (JSC::JIT::emitSlow_op_get_by_val):
1524         (JSC::JIT::emitSlow_op_get_by_pname):
1525         (JSC::JIT::privateCompileGetByVal):
1526         * jit/JITPropertyAccess32_64.cpp:
1527         (JSC::JIT::emitSlow_op_get_by_val):
1528         (JSC::JIT::emitSlow_op_get_by_pname):
1529         * jit/JITStubs.cpp:
1530         * jit/JITStubs.h:
1531         * runtime/Executable.cpp:
1532         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1533         * runtime/Options.cpp:
1534         (JSC::Options::initialize):
1535
1536 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1537
1538         Introduce WTF::Bag and start using it for InlineCallFrameSet
1539         https://bugs.webkit.org/show_bug.cgi?id=122941
1540
1541         Reviewed by Geoffrey Garen.
1542         
1543         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1544         SegmentedVectors into Bags as well.
1545
1546         * bytecode/InlineCallFrameSet.cpp:
1547         (JSC::InlineCallFrameSet::add):
1548         * bytecode/InlineCallFrameSet.h:
1549         (JSC::InlineCallFrameSet::begin):
1550         (JSC::InlineCallFrameSet::end):
1551         * dfg/DFGArgumentsSimplificationPhase.cpp:
1552         (JSC::DFG::ArgumentsSimplificationPhase::run):
1553         * dfg/DFGJITCompiler.cpp:
1554         (JSC::DFG::JITCompiler::link):
1555         * dfg/DFGStackLayoutPhase.cpp:
1556         (JSC::DFG::StackLayoutPhase::run):
1557         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1558         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1559
1560 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1561
1562         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1563         https://bugs.webkit.org/show_bug.cgi?id=122905
1564         <rdar://problem/15237856>
1565
1566         Reviewed by Michael Saboff.
1567         
1568         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1569         then always call it to install something that calls CRASH().
1570
1571         * llvm/InitializeLLVM.cpp:
1572         (JSC::llvmCrash):
1573         (JSC::initializeLLVMOnce):
1574         (JSC::initializeLLVM):
1575         * llvm/LLVMAPIFunctions.h:
1576
1577 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1578
1579         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1580         https://bugs.webkit.org/show_bug.cgi?id=122938
1581
1582         Reviewed by Sam Weinig.
1583         
1584         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1585
1586         * jit/Repatch.cpp:
1587         (JSC::tryBuildGetByIDList):
1588
1589 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1590
1591         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1592         https://bugs.webkit.org/show_bug.cgi?id=122937
1593
1594         Reviewed by Geoffrey Garen.
1595         
1596         JITStubCall used to do it.
1597         
1598         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1599
1600         * jit/JIT.h:
1601         (JSC::JIT::appendCall):
1602
1603 2013-10-16  Michael Saboff  <msaboff@apple.com>
1604
1605         transition void cti_op_put_by_val* stubs to JIT operations
1606         https://bugs.webkit.org/show_bug.cgi?id=122903
1607
1608         Reviewed by Geoffrey Garen.
1609
1610         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1611         operationPutByValGeneric.
1612
1613         * jit/CCallHelpers.h:
1614         (JSC::CCallHelpers::setupArgumentsWithExecState):
1615         * jit/JIT.h:
1616         * jit/JITInlines.h:
1617         (JSC::JIT::callOperation):
1618         * jit/JITOperations.cpp:
1619         * jit/JITOperations.h:
1620         * jit/JITPropertyAccess.cpp:
1621         (JSC::JIT::emitSlow_op_put_by_val):
1622         (JSC::JIT::privateCompilePutByVal):
1623         * jit/JITPropertyAccess32_64.cpp:
1624         (JSC::JIT::emitSlow_op_put_by_val):
1625         * jit/JITStubs.cpp:
1626         * jit/JITStubs.h:
1627         * jit/JSInterfaceJIT.h:
1628
1629 2013-10-16  Oliver Hunt  <oliver@apple.com>
1630
1631         Implement ES6 spread operator
1632         https://bugs.webkit.org/show_bug.cgi?id=122911
1633
1634         Reviewed by Michael Saboff.
1635
1636         Implement the ES6 spread operator
1637
1638         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1639         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1640         driven.
1641
1642         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1643         and actually handling the spread.
1644
1645         * bytecompiler/BytecodeGenerator.cpp:
1646         (JSC::BytecodeGenerator::emitNewArray):
1647         (JSC::BytecodeGenerator::emitCall):
1648         (JSC::BytecodeGenerator::emitEnumeration):
1649         * bytecompiler/BytecodeGenerator.h:
1650         * bytecompiler/NodesCodegen.cpp:
1651         (JSC::ArrayNode::emitBytecode):
1652         (JSC::ForOfNode::emitBytecode):
1653         (JSC::SpreadExpressionNode::emitBytecode):
1654         * parser/ASTBuilder.h:
1655         (JSC::ASTBuilder::createSpreadExpression):
1656         * parser/Lexer.cpp:
1657         (JSC::::lex):
1658         * parser/NodeConstructors.h:
1659         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1660         * parser/Nodes.h:
1661         (JSC::ExpressionNode::isSpreadExpression):
1662         (JSC::SpreadExpressionNode::expression):
1663         * parser/Parser.cpp:
1664         (JSC::::parseArrayLiteral):
1665         (JSC::::parseArguments):
1666         (JSC::::parseMemberExpression):
1667         * parser/Parser.h:
1668         (JSC::Parser::getTokenName):
1669         (JSC::Parser::updateErrorMessageSpecialCase):
1670         * parser/ParserTokens.h:
1671         * parser/SyntaxChecker.h:
1672         (JSC::SyntaxChecker::createSpreadExpression):
1673
1674 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1675
1676         Add a useLLInt option to jsc
1677         https://bugs.webkit.org/show_bug.cgi?id=122930
1678
1679         Reviewed by Geoffrey Garen.
1680
1681         * runtime/Executable.cpp:
1682         (JSC::setupLLInt):
1683         (JSC::setupJIT):
1684         (JSC::ScriptExecutable::prepareForExecutionImpl):
1685         * runtime/Options.h:
1686
1687 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1688
1689         Build fix.
1690
1691         Forgot to svn add DeferGC.cpp
1692
1693         * heap/DeferGC.cpp: Added.
1694
1695 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1696
1697         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1698         https://bugs.webkit.org/show_bug.cgi?id=122902
1699
1700         Reviewed by Mark Hahnenberg.
1701         
1702         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1703         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1704         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1705         didn't. Turns out that there's even a helpful method,
1706         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1707
1708         * jit/Repatch.cpp:
1709         (JSC::tryCachePutByID):
1710
1711 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1712
1713         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1714         https://bugs.webkit.org/show_bug.cgi?id=122667
1715
1716         Reviewed by Geoffrey Garen.
1717
1718         The issue this patch is attempting to fix is that there are places in our codebase
1719         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1720         operations that can initiate a garbage collection. Garbage collection then calls 
1721         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1722         always necessarily run during garbage collection). This causes a deadlock.
1723  
1724         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1725         into a thread-local field that indicates that it is unsafe to perform any operation 
1726         that could trigger garbage collection on the current thread. In debug builds, 
1727         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1728         detect deadlocks.
1729  
1730         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1731         which uses the DeferGC mechanism to prevent collections from occurring while the 
1732         lock is held.
1733
1734         * CMakeLists.txt:
1735         * GNUmakefile.list.am:
1736         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1737         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1738         * JavaScriptCore.xcodeproj/project.pbxproj:
1739         * heap/DeferGC.h:
1740         (JSC::DisallowGC::DisallowGC):
1741         (JSC::DisallowGC::~DisallowGC):
1742         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1743         (JSC::DisallowGC::initialize):
1744         * jit/Repatch.cpp:
1745         (JSC::repatchPutByID):
1746         (JSC::buildPutByIdList):
1747         * llint/LLIntSlowPaths.cpp:
1748         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1749         * runtime/ConcurrentJITLock.h:
1750         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1751         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1752         (JSC::ConcurrentJITLockerBase::unlockEarly):
1753         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1754         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1755         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1756         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1757         * runtime/InitializeThreading.cpp:
1758         (JSC::initializeThreadingOnce):
1759         * runtime/JSCellInlines.h:
1760         (JSC::allocateCell):
1761         * runtime/JSSymbolTableObject.h:
1762         (JSC::symbolTablePut):
1763         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1764         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1765         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1766         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1767         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1768         the Structure.
1769         (JSC::Structure::materializePropertyMap):
1770         (JSC::Structure::despecifyDictionaryFunction):
1771         (JSC::Structure::changePrototypeTransition):
1772         (JSC::Structure::despecifyFunctionTransition):
1773         (JSC::Structure::attributeChangeTransition):
1774         (JSC::Structure::toDictionaryTransition):
1775         (JSC::Structure::preventExtensionsTransition):
1776         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1777         (JSC::Structure::isSealed):
1778         (JSC::Structure::isFrozen):
1779         (JSC::Structure::addPropertyWithoutTransition):
1780         (JSC::Structure::removePropertyWithoutTransition):
1781         (JSC::Structure::get):
1782         (JSC::Structure::despecifyFunction):
1783         (JSC::Structure::despecifyAllFunctions):
1784         (JSC::Structure::putSpecificValue):
1785         (JSC::Structure::createPropertyMap):
1786         (JSC::Structure::getPropertyNamesFromStructure):
1787         * runtime/Structure.h:
1788         (JSC::Structure::materializePropertyMapIfNecessary):
1789         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1790         * runtime/StructureInlines.h:
1791         (JSC::Structure::get):
1792         * runtime/SymbolTable.h:
1793         (JSC::SymbolTable::find):
1794         (JSC::SymbolTable::end):
1795
1796 2013-10-16  Daniel Bates  <dabates@apple.com>
1797
1798         Add SPI to disable the garbage collector timer
1799         https://bugs.webkit.org/show_bug.cgi?id=122921
1800
1801         Reviewed by Geoffrey Garen.
1802
1803         Based on a patch by Mark Hahnenberg.
1804
1805         * API/JSBase.cpp:
1806         (JSDisableGCTimer): Added; SPI function.
1807         * API/JSBasePrivate.h:
1808         * heap/BlockAllocator.cpp:
1809         (JSC::createBlockFreeingThread): Added.
1810         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1811         to conditionally create the "block freeing" thread depending on the value of
1812         GCActivityCallback::s_shouldCreateGCTimer.
1813         (JSC::BlockAllocator::~BlockAllocator):
1814         * heap/BlockAllocator.h:
1815         (JSC::BlockAllocator::deallocate):
1816         * heap/Heap.cpp:
1817         (JSC::Heap::didAbandon):
1818         (JSC::Heap::collect):
1819         (JSC::Heap::didAllocate):
1820         * heap/HeapTimer.cpp:
1821         (JSC::HeapTimer::timerDidFire):
1822         * runtime/GCActivityCallback.cpp:
1823         * runtime/GCActivityCallback.h:
1824         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1825         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1826         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1827
1828 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1829
1830         Unreviewed, rolling out r157529.
1831         http://trac.webkit.org/changeset/157529
1832         https://bugs.webkit.org/show_bug.cgi?id=122919
1833
1834         Caused score test failures and some build failures. (Requested
1835         by rfong on #webkit).
1836
1837         * bytecompiler/BytecodeGenerator.cpp:
1838         (JSC::BytecodeGenerator::emitNewArray):
1839         (JSC::BytecodeGenerator::emitCall):
1840         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1841         * bytecompiler/BytecodeGenerator.h:
1842         * bytecompiler/NodesCodegen.cpp:
1843         (JSC::ArrayNode::emitBytecode):
1844         (JSC::CallArguments::CallArguments):
1845         (JSC::ForOfNode::emitBytecode):
1846         (JSC::BindingNode::collectBoundIdentifiers):
1847         * parser/ASTBuilder.h:
1848         * parser/Lexer.cpp:
1849         (JSC::::lex):
1850         * parser/NodeConstructors.h:
1851         (JSC::DotAccessorNode::DotAccessorNode):
1852         * parser/Nodes.h:
1853         * parser/Parser.cpp:
1854         (JSC::::parseArrayLiteral):
1855         (JSC::::parseArguments):
1856         (JSC::::parseMemberExpression):
1857         * parser/Parser.h:
1858         (JSC::Parser::getTokenName):
1859         (JSC::Parser::updateErrorMessageSpecialCase):
1860         * parser/ParserTokens.h:
1861         * parser/SyntaxChecker.h:
1862
1863 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1864
1865         Remove useless architecture specific implementation in DFG.
1866         https://bugs.webkit.org/show_bug.cgi?id=122917.
1867
1868         Reviewed by Michael Saboff.
1869
1870         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1871         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1872
1873         * dfg/DFGSpeculativeJIT.h:
1874
1875 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1876
1877         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1878         https://bugs.webkit.org/show_bug.cgi?id=122916.
1879
1880         Reviewed by Michael Saboff.
1881
1882         This architecture specific function is not used anymore, so get rid of it.
1883
1884         * jit/JIT.h:
1885         * jit/JITInlines.h:
1886
1887 2013-10-16  Oliver Hunt  <oliver@apple.com>
1888
1889         Implement ES6 spread operator
1890         https://bugs.webkit.org/show_bug.cgi?id=122911
1891
1892         Reviewed by Michael Saboff.
1893
1894         Implement the ES6 spread operator
1895
1896         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1897         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1898         driven.
1899
1900         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1901         and actually handling the spread.
1902
1903         * bytecompiler/BytecodeGenerator.cpp:
1904         (JSC::BytecodeGenerator::emitNewArray):
1905         (JSC::BytecodeGenerator::emitCall):
1906         (JSC::BytecodeGenerator::emitEnumeration):
1907         * bytecompiler/BytecodeGenerator.h:
1908         * bytecompiler/NodesCodegen.cpp:
1909         (JSC::ArrayNode::emitBytecode):
1910         (JSC::ForOfNode::emitBytecode):
1911         (JSC::SpreadExpressionNode::emitBytecode):
1912         * parser/ASTBuilder.h:
1913         (JSC::ASTBuilder::createSpreadExpression):
1914         * parser/Lexer.cpp:
1915         (JSC::::lex):
1916         * parser/NodeConstructors.h:
1917         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1918         * parser/Nodes.h:
1919         (JSC::ExpressionNode::isSpreadExpression):
1920         (JSC::SpreadExpressionNode::expression):
1921         * parser/Parser.cpp:
1922         (JSC::::parseArrayLiteral):
1923         (JSC::::parseArguments):
1924         (JSC::::parseMemberExpression):
1925         * parser/Parser.h:
1926         (JSC::Parser::getTokenName):
1927         (JSC::Parser::updateErrorMessageSpecialCase):
1928         * parser/ParserTokens.h:
1929         * parser/SyntaxChecker.h:
1930         (JSC::SyntaxChecker::createSpreadExpression):
1931
1932 2013-10-16  Mark Lam  <mark.lam@apple.com>
1933
1934         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1935         https://bugs.webkit.org/show_bug.cgi?id=122899.
1936
1937         Reviewed by Michael Saboff.
1938
1939         * jit/JITOpcodes32_64.cpp:
1940         (JSC::JIT::emit_op_tear_off_activation):
1941         (JSC::JIT::emit_op_tear_off_arguments):
1942         * jit/JITStubs.cpp:
1943         * jit/JITStubs.h:
1944
1945 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1946
1947         Remove more of the UNINTERRUPTED_SEQUENCE thing
1948         https://bugs.webkit.org/show_bug.cgi?id=122885
1949
1950         Reviewed by Andreas Kling.
1951
1952         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1953
1954         * jit/JIT.h:
1955         * jit/JITInlines.h:
1956
1957 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1958
1959         Get rid of the StructureStubInfo::patch union
1960         https://bugs.webkit.org/show_bug.cgi?id=122877
1961
1962         Reviewed by Sam Weinig.
1963         
1964         Just simplifying code by getting rid of data structures that ain't used no more.
1965         
1966         Note that I replace the patch union with a patch struct. This means we say things like
1967         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1968         encapsulation makes the code more readable: the patch struct contains just those things
1969         that you need to know to perform patching.
1970
1971         * bytecode/StructureStubInfo.h:
1972         * dfg/DFGJITCompiler.cpp:
1973         (JSC::DFG::JITCompiler::link):
1974         * jit/JIT.cpp:
1975         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1976         * jit/Repatch.cpp:
1977         (JSC::repatchByIdSelfAccess):
1978         (JSC::replaceWithJump):
1979         (JSC::linkRestoreScratch):
1980         (JSC::generateProtoChainAccessStub):
1981         (JSC::tryCacheGetByID):
1982         (JSC::getPolymorphicStructureList):
1983         (JSC::patchJumpToGetByIdStub):
1984         (JSC::tryBuildGetByIDList):
1985         (JSC::emitPutReplaceStub):
1986         (JSC::emitPutTransitionStub):
1987         (JSC::tryCachePutByID):
1988         (JSC::tryBuildPutByIdList):
1989         (JSC::tryRepatchIn):
1990         (JSC::resetGetByID):
1991         (JSC::resetPutByID):
1992         (JSC::resetIn):
1993
1994 2013-10-15  Nadav Rotem  <nrotem@apple.com>
1995
1996         FTL: add support for Int52ToValue and fix putByVal of int52s.
1997         https://bugs.webkit.org/show_bug.cgi?id=122873
1998
1999         Reviewed by Filip Pizlo.
2000
2001         * ftl/FTLCapabilities.cpp:
2002         (JSC::FTL::canCompile):
2003         * ftl/FTLLowerDFGToLLVM.cpp:
2004         (JSC::FTL::LowerDFGToLLVM::compileNode):
2005         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
2006         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2007
2008 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2009
2010         Get rid of the UNINTERRUPTED_SEQUENCE thing
2011         https://bugs.webkit.org/show_bug.cgi?id=122876
2012
2013         Reviewed by Mark Hahnenberg.
2014         
2015         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
2016         
2017         Moreover, we should resist the temptation to bring anything like this back. We don't
2018         want to have inline caches that only work if the assembler lays out code in a specific
2019         predetermined way.
2020
2021         * jit/JIT.h:
2022         * jit/JITCall.cpp:
2023         (JSC::JIT::compileOpCall):
2024         * jit/JITCall32_64.cpp:
2025         (JSC::JIT::compileOpCall):
2026
2027 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2028
2029         Baseline JIT should use the DFG GetById IC
2030         https://bugs.webkit.org/show_bug.cgi?id=122861
2031
2032         Reviewed by Oliver Hunt.
2033         
2034         This mostly just kills a ton of code.
2035         
2036         Note that this doesn't yet do all of the simplifications that can be done, but it does
2037         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
2038
2039         * bytecode/CodeBlock.cpp:
2040         (JSC::CodeBlock::resetStubInternal):
2041         * jit/JIT.cpp:
2042         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2043         * jit/JIT.h:
2044         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2045         * jit/JITInlines.h:
2046         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2047         (JSC::JIT::callOperation):
2048         * jit/JITPropertyAccess.cpp:
2049         (JSC::JIT::compileGetByIdHotPath):
2050         (JSC::JIT::emitSlow_op_get_by_id):
2051         (JSC::JIT::emitSlow_op_get_from_scope):
2052         * jit/JITPropertyAccess32_64.cpp:
2053         (JSC::JIT::compileGetByIdHotPath):
2054         (JSC::JIT::emitSlow_op_get_by_id):
2055         (JSC::JIT::emitSlow_op_get_from_scope):
2056         * jit/JITStubs.cpp:
2057         * jit/JITStubs.h:
2058         * jit/Repatch.cpp:
2059         (JSC::repatchGetByID):
2060         (JSC::buildGetByIDList):
2061         * jit/ThunkGenerators.cpp:
2062         * jit/ThunkGenerators.h:
2063
2064 2013-10-15  Dean Jackson  <dino@apple.com>
2065
2066         Add ENABLE_WEB_ANIMATIONS flag
2067         https://bugs.webkit.org/show_bug.cgi?id=122871
2068
2069         Reviewed by Tim Horton.
2070
2071         Eventually might be http://dev.w3.org/fxtf/web-animations/
2072         but this is just engine-internal work at the moment.
2073
2074         * Configurations/FeatureDefines.xcconfig:
2075
2076 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2077
2078         [sh4] Some calls don't match sh4 ABI.
2079         https://bugs.webkit.org/show_bug.cgi?id=122863
2080
2081         Reviewed by Michael Saboff.
2082
2083         * dfg/DFGSpeculativeJIT.h:
2084         (JSC::DFG::SpeculativeJIT::callOperation):
2085         * jit/CCallHelpers.h:
2086         (JSC::CCallHelpers::setupArgumentsWithExecState):
2087         * jit/JITInlines.h:
2088         (JSC::JIT::callOperation):
2089
2090 2013-10-15  Daniel Bates  <dabates@apple.com>
2091
2092         [iOS] Upstream JavaScriptCore support for ARM64
2093         https://bugs.webkit.org/show_bug.cgi?id=122762
2094
2095         Reviewed by Oliver Hunt and Filip Pizlo.
2096
2097         * Configurations/Base.xcconfig:
2098         * Configurations/DebugRelease.xcconfig:
2099         * Configurations/JavaScriptCore.xcconfig:
2100         * Configurations/ToolExecutable.xcconfig:
2101         * JavaScriptCore.xcodeproj/project.pbxproj:
2102         * assembler/ARM64Assembler.h: Added.
2103         * assembler/AbstractMacroAssembler.h:
2104         (JSC::isARM64):
2105         (JSC::AbstractMacroAssembler::Label::Label):
2106         (JSC::AbstractMacroAssembler::Jump::Jump):
2107         (JSC::AbstractMacroAssembler::Jump::link):
2108         (JSC::AbstractMacroAssembler::Jump::linkTo):
2109         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
2110         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
2111         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
2112         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
2113         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
2114         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
2115         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
2116         (JSC::AbstractMacroAssembler::isTempRegisterValid):
2117         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
2118         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2119         * assembler/LinkBuffer.cpp:
2120         (JSC::LinkBuffer::copyCompactAndLinkCode):
2121         (JSC::LinkBuffer::linkCode):
2122         * assembler/LinkBuffer.h:
2123         * assembler/MacroAssembler.h:
2124         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
2125         (JSC::MacroAssembler::pushToSave):
2126         (JSC::MacroAssembler::popToRestore):
2127         (JSC::MacroAssembler::patchableBranchTest32):
2128         * assembler/MacroAssemblerARM64.h: Added.
2129         * assembler/MacroAssemblerARMv7.h:
2130         * dfg/DFGFixupPhase.cpp:
2131         (JSC::DFG::FixupPhase::fixupNode):
2132         * dfg/DFGOSRExitCompiler32_64.cpp:
2133         (JSC::DFG::OSRExitCompiler::compileExit):
2134         * dfg/DFGOSRExitCompiler64.cpp:
2135         (JSC::DFG::OSRExitCompiler::compileExit):
2136         * dfg/DFGSpeculativeJIT.cpp:
2137         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2138         (JSC::DFG::SpeculativeJIT::compileArithMod):
2139         * disassembler/ARM64/A64DOpcode.cpp: Added.
2140         * disassembler/ARM64/A64DOpcode.h: Added.
2141         * disassembler/ARM64Disassembler.cpp: Added.
2142         * heap/MachineStackMarker.cpp:
2143         (JSC::getPlatformThreadRegisters):
2144         (JSC::otherThreadStackPointer):
2145         * heap/Region.h:
2146         * jit/AssemblyHelpers.h:
2147         (JSC::AssemblyHelpers::debugCall):
2148         * jit/CCallHelpers.h:
2149         * jit/ExecutableAllocator.h:
2150         * jit/FPRInfo.h:
2151         (JSC::FPRInfo::toRegister):
2152         (JSC::FPRInfo::toIndex):
2153         (JSC::FPRInfo::debugName):
2154         * jit/GPRInfo.h:
2155         (JSC::GPRInfo::toRegister):
2156         (JSC::GPRInfo::toIndex):
2157         (JSC::GPRInfo::debugName):
2158         * jit/JITInlines.h:
2159         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2160         * jit/JITOperationWrappers.h:
2161         * jit/JITOperations.cpp:
2162         * jit/JITStubs.cpp:
2163         (JSC::performPlatformSpecificJITAssertions):
2164         (JSC::tryCachePutByID):
2165         * jit/JITStubs.h:
2166         (JSC::JITStackFrame::returnAddressSlot):
2167         * jit/JITStubsARM64.h: Added.
2168         * jit/JSInterfaceJIT.h:
2169         * jit/Repatch.cpp:
2170         (JSC::emitRestoreScratch):
2171         (JSC::generateProtoChainAccessStub):
2172         (JSC::tryCacheGetByID):
2173         (JSC::emitPutReplaceStub):
2174         (JSC::tryCachePutByID):
2175         (JSC::tryRepatchIn):
2176         * jit/ScratchRegisterAllocator.h:
2177         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2178         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2179         * jit/ThunkGenerators.cpp:
2180         (JSC::nativeForGenerator):
2181         (JSC::floorThunkGenerator):
2182         (JSC::ceilThunkGenerator):
2183         * jsc.cpp:
2184         (main):
2185         * llint/LLIntOfflineAsmConfig.h:
2186         * llint/LLIntSlowPaths.cpp:
2187         (JSC::LLInt::handleHostCall):
2188         * llint/LowLevelInterpreter.asm:
2189         * llint/LowLevelInterpreter64.asm:
2190         * offlineasm/arm.rb:
2191         * offlineasm/arm64.rb: Added.
2192         * offlineasm/backends.rb:
2193         * offlineasm/instructions.rb:
2194         * offlineasm/risc.rb:
2195         * offlineasm/transform.rb:
2196         * yarr/YarrJIT.cpp:
2197         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2198         (JSC::Yarr::YarrGenerator::initCallFrame):
2199         (JSC::Yarr::YarrGenerator::removeCallFrame):
2200         (JSC::Yarr::YarrGenerator::generateEnter):
2201         * yarr/YarrJIT.h:
2202
2203 2013-10-15  Mark Lam  <mark.lam@apple.com>
2204
2205         Fix 3 operand sub operation in C loop LLINT.
2206         https://bugs.webkit.org/show_bug.cgi?id=122866.
2207
2208         Reviewed by Geoffrey Garen.
2209
2210         * offlineasm/cloop.rb:
2211
2212 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2213
2214         ObjCCallbackFunctionImpl shouldn't store a JSContext
2215         https://bugs.webkit.org/show_bug.cgi?id=122531
2216
2217         Reviewed by Geoffrey Garen.
2218
2219         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2220         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2221         by looking using the globalObject of the callee when the function callback is invoked.
2222  
2223         Also added a new test that would cause us to crash previously. The test required making 
2224         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2225         in C API callbacks.
2226
2227         * API/JSContextRef.h:
2228         * API/JSContextRefPrivate.h:
2229         * API/ObjCCallbackFunction.mm:
2230         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2231         (JSC::objCCallbackFunctionCallAsFunction):
2232         (objCCallbackFunctionForInvocation):
2233         * API/WebKitAvailability.h:
2234         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2235         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2236         (CallAsConstructor):
2237         (ConstructorFinalize):
2238         (ConstructorClass):
2239         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2240         (-[JSContext valueWithConstructorDescriptor:]):
2241         (currentThisInsideBlockGetterTest):
2242         * API/tests/testapi.mm:
2243         * JavaScriptCore.xcodeproj/project.pbxproj:
2244         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2245
2246 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2247
2248         Fix build after r157457 for architecture with 4 argument registers.
2249         https://bugs.webkit.org/show_bug.cgi?id=122860
2250
2251         Reviewed by Michael Saboff.
2252
2253         * jit/CCallHelpers.h:
2254         (JSC::CCallHelpers::setupStubArguments134):
2255
2256 2013-10-14  Michael Saboff  <msaboff@apple.com>
2257
2258         transition void cti_op_* methods to JIT operations.
2259         https://bugs.webkit.org/show_bug.cgi?id=122617
2260
2261         Reviewed by Geoffrey Garen.
2262
2263         Converted the follow stubs to JIT operations:
2264             cti_handle_watchdog_timer
2265             cti_op_debug
2266             cti_op_pop_scope
2267             cti_op_profile_did_call
2268             cti_op_profile_will_call
2269             cti_op_put_by_index
2270             cti_op_put_getter_setter
2271             cti_op_tear_off_activation
2272             cti_op_tear_off_arguments
2273             cti_op_throw_static_error
2274             cti_optimize
2275
2276         * dfg/DFGOperations.cpp:
2277         * dfg/DFGOperations.h:
2278         * jit/CCallHelpers.h:
2279         (JSC::CCallHelpers::setupArgumentsWithExecState):
2280         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2281         (JSC::CCallHelpers::setupStubArguments):
2282         (JSC::CCallHelpers::setupStubArguments134):
2283         * jit/JIT.cpp:
2284         (JSC::JIT::emitEnterOptimizationCheck):
2285         * jit/JIT.h:
2286         * jit/JITInlines.h:
2287         (JSC::JIT::callOperation):
2288         * jit/JITOpcodes.cpp:
2289         (JSC::JIT::emit_op_tear_off_activation):
2290         (JSC::JIT::emit_op_tear_off_arguments):
2291         (JSC::JIT::emit_op_push_with_scope):
2292         (JSC::JIT::emit_op_pop_scope):
2293         (JSC::JIT::emit_op_push_name_scope):
2294         (JSC::JIT::emit_op_throw_static_error):
2295         (JSC::JIT::emit_op_debug):
2296         (JSC::JIT::emit_op_profile_will_call):
2297         (JSC::JIT::emit_op_profile_did_call):
2298         (JSC::JIT::emitSlow_op_loop_hint):
2299         * jit/JITOpcodes32_64.cpp:
2300         (JSC::JIT::emit_op_push_with_scope):
2301         (JSC::JIT::emit_op_pop_scope):
2302         (JSC::JIT::emit_op_push_name_scope):
2303         (JSC::JIT::emit_op_throw_static_error):
2304         (JSC::JIT::emit_op_debug):
2305         (JSC::JIT::emit_op_profile_will_call):
2306         (JSC::JIT::emit_op_profile_did_call):
2307         * jit/JITOperations.cpp:
2308         * jit/JITOperations.h:
2309         * jit/JITPropertyAccess.cpp:
2310         (JSC::JIT::emit_op_put_by_index):
2311         (JSC::JIT::emit_op_put_getter_setter):
2312         * jit/JITPropertyAccess32_64.cpp:
2313         (JSC::JIT::emit_op_put_by_index):
2314         (JSC::JIT::emit_op_put_getter_setter):
2315         * jit/JITStubs.cpp:
2316         * jit/JITStubs.h:
2317
2318 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2319
2320         [sh4] Introduce const pools in LLINT.
2321         https://bugs.webkit.org/show_bug.cgi?id=122746
2322
2323         Reviewed by Michael Saboff.
2324
2325         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2326         loaded this way:
2327
2328             mov.l .label, rx
2329             bra out
2330             nop
2331             .balign 4
2332             .label: .long immvalue
2333             out:
2334
2335         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2336         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2337
2338         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2339         * offlineasm/sh4.rb:
2340
2341 2013-10-15  Mark Lam  <mark.lam@apple.com>
2342
2343         Fix broken C Loop LLINT build.
2344         https://bugs.webkit.org/show_bug.cgi?id=122839.
2345
2346         Reviewed by Michael Saboff.
2347
2348         * dfg/DFGFlushedAt.cpp:
2349         * jit/JITOperations.h:
2350
2351 2013-10-14  Mark Lam  <mark.lam@apple.com>
2352
2353         Transition *switch* and *scope* JITStubs to JIT operations.
2354         https://bugs.webkit.org/show_bug.cgi?id=122757.
2355
2356         Reviewed by Geoffrey Garen.
2357
2358         Transitioning:
2359             cti_op_switch_char
2360             cti_op_switch_imm
2361             cti_op_switch_string
2362             cti_op_resolve_scope
2363             cti_op_get_from_scope
2364             cti_op_put_to_scope
2365
2366         * jit/JIT.h:
2367         * jit/JITInlines.h:
2368         (JSC::JIT::callOperation):
2369         * jit/JITOpcodes.cpp:
2370         (JSC::JIT::emit_op_switch_imm):
2371         (JSC::JIT::emit_op_switch_char):
2372         (JSC::JIT::emit_op_switch_string):
2373         * jit/JITOpcodes32_64.cpp:
2374         (JSC::JIT::emit_op_switch_imm):
2375         (JSC::JIT::emit_op_switch_char):
2376         (JSC::JIT::emit_op_switch_string):
2377         * jit/JITOperations.cpp:
2378         * jit/JITOperations.h:
2379         * jit/JITPropertyAccess.cpp:
2380         (JSC::JIT::emitSlow_op_resolve_scope):
2381         (JSC::JIT::emitSlow_op_get_from_scope):
2382         (JSC::JIT::emitSlow_op_put_to_scope):
2383         * jit/JITPropertyAccess32_64.cpp:
2384         (JSC::JIT::emitSlow_op_resolve_scope):
2385         (JSC::JIT::emitSlow_op_get_from_scope):
2386         (JSC::JIT::emitSlow_op_put_to_scope):
2387         * jit/JITStubs.cpp:
2388         * jit/JITStubs.h:
2389
2390 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2391
2392         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2393         https://bugs.webkit.org/show_bug.cgi?id=122786
2394
2395         Reviewed by Mark Hahnenberg.
2396
2397         * bytecode/CodeBlock.cpp:
2398         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2399         * jit/Repatch.cpp:
2400         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2401         (JSC::buildPutByIdList): Ditto.
2402
2403 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2404
2405         Add FTL support for LogicalNot(string)
2406         https://bugs.webkit.org/show_bug.cgi?id=122765
2407
2408         Reviewed by Filip Pizlo.
2409
2410         This patch is tested by:
2411         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2412
2413         * ftl/FTLCapabilities.cpp:
2414         (JSC::FTL::canCompile):
2415         * ftl/FTLLowerDFGToLLVM.cpp:
2416         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2417
2418 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2419
2420         [sh4] Fixes after r157404 and r157411.
2421         https://bugs.webkit.org/show_bug.cgi?id=122782
2422
2423         Reviewed by Michael Saboff.
2424
2425         * dfg/DFGSpeculativeJIT.h:
2426         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2427         * jit/CCallHelpers.h:
2428         (JSC::CCallHelpers::setupArgumentsWithExecState):
2429         * jit/JITInlines.h:
2430         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2431         * jit/JITPropertyAccess32_64.cpp:
2432         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2433
2434 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2435
2436         Unreviewed, rolling out r157413.
2437         http://trac.webkit.org/changeset/157413
2438         https://bugs.webkit.org/show_bug.cgi?id=122779
2439
2440         Appears to have caused frequent crashes (Requested by ap on
2441         #webkit).
2442
2443         * CMakeLists.txt:
2444         * GNUmakefile.list.am:
2445         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2446         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2447         * JavaScriptCore.xcodeproj/project.pbxproj:
2448         * heap/DeferGC.cpp: Removed.
2449         * heap/DeferGC.h:
2450         * jit/JITStubs.cpp:
2451         (JSC::tryCacheGetByID):
2452         (JSC::DEFINE_STUB_FUNCTION):
2453         * llint/LLIntSlowPaths.cpp:
2454         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2455         * runtime/ConcurrentJITLock.h:
2456         * runtime/InitializeThreading.cpp:
2457         (JSC::initializeThreadingOnce):
2458         * runtime/JSCellInlines.h:
2459         (JSC::allocateCell):
2460         * runtime/Structure.cpp:
2461         (JSC::Structure::materializePropertyMap):
2462         (JSC::Structure::putSpecificValue):
2463         (JSC::Structure::createPropertyMap):
2464         * runtime/Structure.h:
2465
2466 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2467
2468         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2469         https://bugs.webkit.org/show_bug.cgi?id=122652
2470
2471         Reviewed by Filip Pizlo.
2472
2473         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2474         so we would end up ASSERTing during garbage collection.
2475
2476         * heap/MarkedAllocator.cpp:
2477         (JSC::MarkedAllocator::allocateSlowCase):
2478
2479 2013-10-11  Oliver Hunt  <oliver@apple.com>
2480
2481         Separate out array iteration intrinsics
2482         https://bugs.webkit.org/show_bug.cgi?id=122656
2483
2484         Reviewed by Michael Saboff.
2485
2486         Separate out the intrinsics for key and values iteration
2487         of arrays.
2488
2489         This requires moving moving array iteration into the iterator
2490         instance, rather than the prototype, but this is essentially
2491         unobservable so we'll live with it for now.
2492
2493         * jit/ThunkGenerators.cpp:
2494         (JSC::arrayIteratorNextThunkGenerator):
2495         (JSC::arrayIteratorNextKeyThunkGenerator):
2496         (JSC::arrayIteratorNextValueThunkGenerator):
2497         * jit/ThunkGenerators.h:
2498         * runtime/ArrayIteratorPrototype.cpp:
2499         (JSC::ArrayIteratorPrototype::finishCreation):
2500         * runtime/Intrinsic.h:
2501         * runtime/JSArrayIterator.cpp:
2502         (JSC::JSArrayIterator::finishCreation):
2503         (JSC::createIteratorResult):
2504         (JSC::arrayIteratorNext):
2505         (JSC::arrayIteratorNextKey):
2506         (JSC::arrayIteratorNextValue):
2507         (JSC::arrayIteratorNextGeneric):
2508         * runtime/VM.cpp:
2509         (JSC::thunkGeneratorForIntrinsic):
2510
2511 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2512
2513         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2514         https://bugs.webkit.org/show_bug.cgi?id=122667
2515
2516         Reviewed by Filip Pizlo.
2517
2518         The issue this patch is attempting to fix is that there are places in our codebase
2519         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2520         operations that can initiate a garbage collection. Garbage collection then calls 
2521         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2522         always necessarily run during garbage collection). This causes a deadlock.
2523
2524         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2525         into a thread-local field that indicates that it is unsafe to perform any operation 
2526         that could trigger garbage collection on the current thread. In debug builds, 
2527         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2528         detect deadlocks.
2529
2530         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2531         which uses the DeferGC mechanism to prevent collections from occurring while the 
2532         lock is held.
2533
2534         * CMakeLists.txt:
2535         * GNUmakefile.list.am:
2536         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2537         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2538         * JavaScriptCore.xcodeproj/project.pbxproj:
2539         * heap/DeferGC.cpp: Added.
2540         * heap/DeferGC.h:
2541         (JSC::DisallowGC::DisallowGC):
2542         (JSC::DisallowGC::~DisallowGC):
2543         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2544         (JSC::DisallowGC::initialize):
2545         * jit/JITStubs.cpp:
2546         (JSC::tryCachePutByID):
2547         (JSC::tryCacheGetByID):
2548         (JSC::DEFINE_STUB_FUNCTION):
2549         * llint/LLIntSlowPaths.cpp:
2550         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2551         * runtime/ConcurrentJITLock.h:
2552         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2553         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2554         (JSC::ConcurrentJITLockerBase::unlockEarly):
2555         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2556         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2557         * runtime/InitializeThreading.cpp:
2558         (JSC::initializeThreadingOnce):
2559         * runtime/JSCellInlines.h:
2560         (JSC::allocateCell):
2561         * runtime/Structure.cpp:
2562         (JSC::Structure::materializePropertyMap):
2563         (JSC::Structure::putSpecificValue):
2564         (JSC::Structure::createPropertyMap):
2565         * runtime/Structure.h:
2566
2567 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2568
2569         Baseline JIT should use the DFG's PutById IC
2570         https://bugs.webkit.org/show_bug.cgi?id=122704
2571
2572         Reviewed by Mark Hahnenberg.
2573         
2574         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2575         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2576         
2577         The only complicated part was that the PutById operations assumed that we first did a
2578         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2579         slow paths to deal with EncodedJSValue's.
2580
2581         * bytecode/CodeBlock.cpp:
2582         (JSC::CodeBlock::resetStubInternal):
2583         * bytecode/PutByIdStatus.cpp:
2584         (JSC::PutByIdStatus::computeFor):
2585         * dfg/DFGSpeculativeJIT.h:
2586         (JSC::DFG::SpeculativeJIT::callOperation):
2587         * dfg/DFGSpeculativeJIT32_64.cpp:
2588         (JSC::DFG::SpeculativeJIT::cachedPutById):
2589         * dfg/DFGSpeculativeJIT64.cpp:
2590         (JSC::DFG::SpeculativeJIT::cachedPutById):
2591         * jit/CCallHelpers.h:
2592         (JSC::CCallHelpers::setupArgumentsWithExecState):
2593         * jit/JIT.cpp:
2594         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2595         * jit/JIT.h:
2596         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2597         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2598         * jit/JITInlines.h:
2599         (JSC::JIT::callOperation):
2600         * jit/JITOperationWrappers.h:
2601         * jit/JITOperations.cpp:
2602         * jit/JITOperations.h:
2603         * jit/JITPropertyAccess.cpp:
2604         (JSC::JIT::compileGetByIdHotPath):
2605         (JSC::JIT::compileGetByIdSlowCase):
2606         (JSC::JIT::emit_op_put_by_id):
2607         (JSC::JIT::emitSlow_op_put_by_id):
2608         * jit/JITPropertyAccess32_64.cpp:
2609         (JSC::JIT::compileGetByIdSlowCase):
2610         (JSC::JIT::emit_op_put_by_id):
2611         (JSC::JIT::emitSlow_op_put_by_id):
2612         * jit/JITStubs.cpp:
2613         * jit/JITStubs.h:
2614         * jit/Repatch.cpp:
2615         (JSC::appropriateGenericPutByIdFunction):
2616         (JSC::appropriateListBuildingPutByIdFunction):
2617         (JSC::resetPutByID):
2618
2619 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2620
2621         FTL should have an inefficient but correct implementation of GetById
2622         https://bugs.webkit.org/show_bug.cgi?id=122740
2623
2624         Reviewed by Mark Hahnenberg.
2625         
2626         It took some effort to realize that the node->prediction() check in the DFG backends
2627         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2628         if !prediction.
2629         
2630         But other than that this was an easy patch.
2631
2632         * dfg/DFGByteCodeParser.cpp:
2633         (JSC::DFG::ByteCodeParser::handleGetById):
2634         * dfg/DFGSpeculativeJIT32_64.cpp:
2635         (JSC::DFG::SpeculativeJIT::compile):
2636         * dfg/DFGSpeculativeJIT64.cpp:
2637         (JSC::DFG::SpeculativeJIT::compile):
2638         * ftl/FTLCapabilities.cpp:
2639         (JSC::FTL::canCompile):
2640         * ftl/FTLIntrinsicRepository.h:
2641         * ftl/FTLLowerDFGToLLVM.cpp:
2642         (JSC::FTL::LowerDFGToLLVM::compileNode):
2643         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2644
2645 2013-10-13  Mark Lam  <mark.lam@apple.com>
2646
2647         Transition misc cti_op_* JITStubs to JIT operations.
2648         https://bugs.webkit.org/show_bug.cgi?id=122645.
2649
2650         Reviewed by Michael Saboff.
2651
2652         Stubs converted:
2653             cti_op_check_has_instance
2654             cti_op_create_arguments
2655             cti_op_del_by_id
2656             cti_op_instanceof
2657             cti_to_object
2658             cti_op_push_activation
2659             cti_op_get_pnames
2660             cti_op_load_varargs
2661
2662         * dfg/DFGOperations.cpp:
2663         * dfg/DFGOperations.h:
2664         * jit/CCallHelpers.h:
2665         (JSC::CCallHelpers::setupArgumentsWithExecState):
2666         * jit/JIT.h:
2667         (JSC::JIT::emitStoreCell):
2668         * jit/JITCall.cpp:
2669         (JSC::JIT::compileLoadVarargs):
2670         * jit/JITCall32_64.cpp:
2671         (JSC::JIT::compileLoadVarargs):
2672         * jit/JITInlines.h:
2673         (JSC::JIT::callOperation):
2674         * jit/JITOpcodes.cpp:
2675         (JSC::JIT::emit_op_get_pnames):
2676         (JSC::JIT::emit_op_create_activation):
2677         (JSC::JIT::emit_op_create_arguments):
2678         (JSC::JIT::emitSlow_op_check_has_instance):
2679         (JSC::JIT::emitSlow_op_instanceof):
2680         (JSC::JIT::emitSlow_op_get_argument_by_val):
2681         * jit/JITOpcodes32_64.cpp:
2682         (JSC::JIT::emitSlow_op_check_has_instance):
2683         (JSC::JIT::emitSlow_op_instanceof):
2684         (JSC::JIT::emit_op_get_pnames):
2685         (JSC::JIT::emit_op_create_activation):
2686         (JSC::JIT::emit_op_create_arguments):
2687         (JSC::JIT::emitSlow_op_get_argument_by_val):
2688         * jit/JITOperations.cpp:
2689         * jit/JITOperations.h:
2690         * jit/JITPropertyAccess.cpp:
2691         (JSC::JIT::emit_op_del_by_id):
2692         * jit/JITPropertyAccess32_64.cpp:
2693         (JSC::JIT::emit_op_del_by_id):
2694         * jit/JITStubs.cpp:
2695         * jit/JITStubs.h:
2696
2697 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2698
2699         FTL OSR exit should perform zero extension on values smaller than 64-bit
2700         https://bugs.webkit.org/show_bug.cgi?id=122688
2701
2702         Reviewed by Gavin Barraclough.
2703         
2704         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2705         register will have zeros on the high bits.  In the few cases where the high bits are
2706         non-zero, the DFG sort of tells us this explicitly.
2707
2708         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2709         emit LLVM IR like:
2710
2711             %2 = trunc i64 %1 to i32
2712             stuff %2
2713             call @llvm.webkit.stackmap(...., %2)
2714
2715         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2716         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2717         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2718         from before truncation, and that register may have garbage in the high bits.
2719
2720         This means that on our end, if we want a 32-bit value and we want that value to be
2721         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2722         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2723         end.
2724         
2725         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2726
2727         * ftl/FTLOSRExitCompiler.cpp:
2728         (JSC::FTL::compileStubWithOSRExitStackmap):
2729         * ftl/FTLValueFormat.cpp:
2730         (JSC::FTL::reboxAccordingToFormat):
2731
2732 == Rolled over to ChangeLog-2013-10-13 ==