Unreviewed, rolling out r157819.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-22  Commit Queue  <commit-queue@webkit.org>
2
3         Unreviewed, rolling out r157819.
4         http://trac.webkit.org/changeset/157819
5         https://bugs.webkit.org/show_bug.cgi?id=123180
6
7         Broke 32-bit builds (Requested by smfr on #webkit).
8
9         * Configurations/JavaScriptCore.xcconfig:
10         * Configurations/ToolExecutable.xcconfig:
11
12 2013-10-22  Daniel Bates  <dabates@apple.com>
13
14         [iOS] Upstream more ARMv7s bits
15         https://bugs.webkit.org/show_bug.cgi?id=123052
16
17         Reviewed by Joseph Pecoraro.
18
19         * Configurations/JavaScriptCore.xcconfig:
20         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
21         modifying a file in JavaScriptCore/Configurations.
22
23 2013-10-22  Daniel Bates  <dabates@apple.com>
24
25         [iOS] Upstream JSLock changes
26         https://bugs.webkit.org/show_bug.cgi?id=123107
27
28         Reviewed by Geoffrey Garen.
29
30         * runtime/JSLock.cpp:
31         (JSC::JSLock::unlock):
32         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
33         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
34         use pre-increment instead of post-increment when we're not using the return value of the instruction.
35         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
36         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
37         since we don't use the return value of such instructions.
38         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
39         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
40         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
41         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
42         the argument is sufficiently descriptive of its purpose.
43
44 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
45
46         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
47         https://bugs.webkit.org/show_bug.cgi?id=123166
48
49         Reviewed by Michael Saboff.
50
51         * jit/CCallHelpers.h:
52         (JSC::CCallHelpers::setupArgumentsWithExecState):
53
54 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
55
56         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
57         https://bugs.webkit.org/show_bug.cgi?id=123165
58
59         Reviewed by Michael Saboff.
60
61         * jit/JITInlines.h:
62         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
63         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
64         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
65         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
66
67 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
68
69         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
70         https://bugs.webkit.org/show_bug.cgi?id=123092
71
72         Reviewed by Michael Saboff.
73
74         Impacted architectures are SH4 and ARM_TRADITIONAL.
75
76         * assembler/ARMAssembler.h:
77         (JSC::ARMAssembler::buffer):
78         * assembler/AssemblerBufferWithConstantPool.h:
79         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
80         * assembler/LinkBuffer.cpp:
81         (JSC::LinkBuffer::linkCode):
82         * assembler/SH4Assembler.h:
83         (JSC::SH4Assembler::buffer):
84
85 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
86
87         Remove unused stuff in JIT stubs.
88         https://bugs.webkit.org/show_bug.cgi?id=123155
89
90         Reviewed by Michael Saboff.
91
92         * jit/JITStubs.h:
93         * jit/JITStubsARM.h:
94         (JSC::ctiTrampoline):
95         * jit/JITStubsARM64.h:
96         * jit/JITStubsARMv7.h:
97         * jit/JITStubsMIPS.h:
98         * jit/JITStubsSH4.h:
99         * jit/JITStubsX86.h:
100         * jit/JITStubsX86_64.h:
101
102 2013-10-22  Daniel Bates  <dabates@apple.com>
103
104         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
105         https://bugs.webkit.org/show_bug.cgi?id=123115
106         <rdar://problem/13696872>
107
108         Reviewed by Andy Estes.
109
110         Based on a patch by Mark Hahnenberg.
111
112         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
113
114         * API/JSBase.cpp:
115
116 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
117
118         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
119         https://bugs.webkit.org/show_bug.cgi?id=123157
120
121         Reviewed by Andreas Kling.
122
123         * assembler/SH4Assembler.h:
124         (JSC::SH4Assembler::lastRegister):
125         (JSC::SH4Assembler::firstFPRegister):
126         (JSC::SH4Assembler::lastFPRegister):
127
128 2013-10-22  Brian Holt  <brian.holt@samsung.com>
129
130         Build break on ARMv7 after r157209
131         https://bugs.webkit.org/show_bug.cgi?id=122890
132
133         Reviewed by Csaba Osztrogon√°c.
134
135         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
136
137         * assembler/ARMAssembler.h:
138         * assembler/MacroAssemblerARM.h:
139         (JSC::MacroAssemblerARM::firstRegister):
140         (JSC::MacroAssemblerARM::lastRegister):
141         (JSC::MacroAssemblerARM::firstFPRegister):
142         (JSC::MacroAssemblerARM::lastFPRegister):
143
144 2013-10-21  Daniel Bates  <dabates@apple.com>
145
146         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
147         https://bugs.webkit.org/show_bug.cgi?id=123045
148
149         Reviewed by Joseph Pecoraro.
150
151         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
152         to global method table.
153         * runtime/JSGlobalObject.cpp: Ditto.
154         * runtime/JSGlobalObject.h:
155         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
156
157 2013-10-21  Daniel Bates  <dabates@apple.com>
158
159         [iOS] Upstream JSC Objective-C API compiler warning fixes
160         https://bugs.webkit.org/show_bug.cgi?id=123125
161
162         Reviewed by Mark Hahnenberg.
163
164         Based on a patch by Mark Hahnenberg.
165
166         * API/JSValue.mm:
167         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
168         (-[JSValue toSize]): Ditto.
169         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
170
171 2013-10-21  Daniel Bates  <dabates@apple.com>
172
173         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
174         available since iOS 7.0
175         https://bugs.webkit.org/show_bug.cgi?id=123122
176
177         Reviewed by Dan Bernstein.
178
179         * API/JSContext.h:
180         * API/JSManagedValue.h:
181         * API/JSValue.h:
182         * API/JSVirtualMachine.h:
183
184 2013-10-20  Mark Lam  <mark.lam@apple.com>
185
186         Avoid JSC debugger overhead unless needed.
187         https://bugs.webkit.org/show_bug.cgi?id=123084.
188
189         Reviewed by Geoffrey Garen.
190
191         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
192         - If no break on exception is set, we also avoid exception event debug callbacks.
193         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
194           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
195           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
196           returning, the ScriptDebugServer will clear its m_currentCallFrame if
197           needsOpDebugCallbacks() is false.
198
199         * debugger/Debugger.cpp:
200         (JSC::Debugger::Debugger):
201         (JSC::Debugger::setNeedsExceptionCallbacks):
202         (JSC::Debugger::setShouldPause):
203         (JSC::Debugger::updateNumberOfBreakpoints):
204         (JSC::Debugger::updateNeedForOpDebugCallbacks):
205         * debugger/Debugger.h:
206         * interpreter/Interpreter.cpp:
207         (JSC::Interpreter::unwind):
208         (JSC::Interpreter::debug):
209         * jit/JITOpcodes.cpp:
210         (JSC::JIT::emit_op_debug):
211         * jit/JITOpcodes32_64.cpp:
212         (JSC::JIT::emit_op_debug):
213         * llint/LLIntOffsetsExtractor.cpp:
214         * llint/LowLevelInterpreter.asm:
215
216 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
217
218         [WIN] Unreviewed build correction.
219
220         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
221           sources, not header files.
222         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
223
224 2013-10-21  Oliver Hunt  <oliver@apple.com>
225
226         Support computed property names in object literals
227         https://bugs.webkit.org/show_bug.cgi?id=123112
228
229         Reviewed by Michael Saboff.
230
231         Add support for computed property names to the parser.
232
233         * bytecompiler/NodesCodegen.cpp:
234         (JSC::PropertyListNode::emitBytecode):
235         * parser/ASTBuilder.h:
236         (JSC::ASTBuilder::createProperty):
237         (JSC::ASTBuilder::getName):
238         * parser/NodeConstructors.h:
239         (JSC::PropertyNode::PropertyNode):
240         * parser/Nodes.h:
241         (JSC::PropertyNode::expressionName):
242         (JSC::PropertyNode::name):
243         * parser/Parser.cpp:
244         (JSC::::parseProperty):
245         (JSC::::parseStrictObjectLiteral):
246         * parser/SyntaxChecker.h:
247         (JSC::SyntaxChecker::Property::Property):
248         (JSC::SyntaxChecker::createProperty):
249         (JSC::SyntaxChecker::operatorStackPop):
250
251 2013-10-21  Michael Saboff  <msaboff@apple.com>
252
253         Add option so that JSC will crash if it can't allocate executable memory for the JITs
254         https://bugs.webkit.org/show_bug.cgi?id=123048
255         <rdar://problem/12856193>
256
257         Reviewed by Geoffrey Garen.
258
259         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
260         when checking the validity of the executable allocator. The default value for this option is
261         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
262         the app can obtain executable memory.
263
264         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
265         (main):
266         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
267         * runtime/VM.cpp:
268         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
269         is enabled.
270
271 2013-10-21  Nadav Rotem  <nrotem@apple.com>
272
273         Remove AllInOneFile.cpp
274         https://bugs.webkit.org/show_bug.cgi?id=123055
275
276         Reviewed by Csaba Osztrogon√°c.
277
278         * AllInOneFile.cpp: Removed.
279
280 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
281
282         Unreviewed, cleanup a FIXME comment.
283
284         * jit/Repatch.cpp:
285
286 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
287
288         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
289         https://bugs.webkit.org/show_bug.cgi?id=123076
290
291         Reviewed by Sam Weinig.
292         
293         Start preparing for a world in which we are patching code generated by LLVM, which may have
294         very different register usage conventions than our JITs. This requires us being more explicit
295         about the registers we are using. For example, the repatching code shouldn't take for granted
296         that tagMaskRegister holds the TagMask or that the register is even in use.
297
298         * CMakeLists.txt:
299         * GNUmakefile.list.am:
300         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
301         * JavaScriptCore.xcodeproj/project.pbxproj:
302         * assembler/MacroAssembler.h:
303         (JSC::MacroAssembler::numberOfRegisters):
304         (JSC::MacroAssembler::registerIndex):
305         (JSC::MacroAssembler::numberOfFPRegisters):
306         (JSC::MacroAssembler::fpRegisterIndex):
307         (JSC::MacroAssembler::totalNumberOfRegisters):
308         * bytecode/StructureStubInfo.h:
309         * dfg/DFGSpeculativeJIT.cpp:
310         (JSC::DFG::SpeculativeJIT::usedRegisters):
311         * dfg/DFGSpeculativeJIT.h:
312         * ftl/FTLSaveRestore.cpp:
313         (JSC::FTL::bytesForGPRs):
314         (JSC::FTL::bytesForFPRs):
315         (JSC::FTL::offsetOfGPR):
316         (JSC::FTL::offsetOfFPR):
317         * jit/JITInlineCacheGenerator.cpp:
318         (JSC::JITByIdGenerator::JITByIdGenerator):
319         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
320         * jit/JITInlineCacheGenerator.h:
321         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
322         * jit/JITPropertyAccess.cpp:
323         (JSC::JIT::emit_op_get_by_id):
324         (JSC::JIT::emit_op_put_by_id):
325         * jit/JITPropertyAccess32_64.cpp:
326         (JSC::JIT::emit_op_get_by_id):
327         (JSC::JIT::emit_op_put_by_id):
328         * jit/RegisterSet.cpp: Added.
329         (JSC::RegisterSet::specialRegisters):
330         * jit/RegisterSet.h: Added.
331         (JSC::RegisterSet::RegisterSet):
332         (JSC::RegisterSet::set):
333         (JSC::RegisterSet::clear):
334         (JSC::RegisterSet::get):
335         (JSC::RegisterSet::merge):
336         * jit/Repatch.cpp:
337         (JSC::generateProtoChainAccessStub):
338         (JSC::tryCacheGetByID):
339         (JSC::tryBuildGetByIDList):
340         (JSC::emitPutReplaceStub):
341         (JSC::tryRepatchIn):
342         (JSC::linkClosureCall):
343         * jit/TempRegisterSet.cpp: Added.
344         (JSC::TempRegisterSet::TempRegisterSet):
345         * jit/TempRegisterSet.h:
346
347 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
348
349         [sh4] Fix build (broken since r157690).
350         https://bugs.webkit.org/show_bug.cgi?id=123081
351
352         Reviewed by Andreas Kling.
353
354         * assembler/AssemblerBufferWithConstantPool.h:
355         * assembler/SH4Assembler.h:
356         (JSC::SH4Assembler::buffer):
357         (JSC::SH4Assembler::readCallTarget):
358
359 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
360
361         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
362         https://bugs.webkit.org/show_bug.cgi?id=123079
363
364         Reviewed by Geoffrey Garen.
365
366         * jit/TempRegisterSet.h:
367
368 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
369
370         Rename RegisterSet to TempRegisterSet
371         https://bugs.webkit.org/show_bug.cgi?id=123077
372
373         Reviewed by Dan Bernstein.
374
375         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
376         * JavaScriptCore.xcodeproj/project.pbxproj:
377         * bytecode/StructureStubInfo.h:
378         * dfg/DFGJITCompiler.h:
379         * dfg/DFGSpeculativeJIT.h:
380         (JSC::DFG::SpeculativeJIT::usedRegisters):
381         * jit/JITInlineCacheGenerator.cpp:
382         (JSC::JITByIdGenerator::JITByIdGenerator):
383         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
384         * jit/JITInlineCacheGenerator.h:
385         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
386         * jit/JITPropertyAccess.cpp:
387         (JSC::JIT::emit_op_get_by_id):
388         (JSC::JIT::emit_op_put_by_id):
389         * jit/JITPropertyAccess32_64.cpp:
390         (JSC::JIT::emit_op_get_by_id):
391         (JSC::JIT::emit_op_put_by_id):
392         * jit/RegisterSet.h: Removed.
393         * jit/ScratchRegisterAllocator.h:
394         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
395         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
396         (JSC::TempRegisterSet::TempRegisterSet):
397         (JSC::TempRegisterSet::asPOD):
398         (JSC::TempRegisterSet::copyInfo):
399
400 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
401
402         Restructure LinkBuffer to allow for alternate allocation strategies
403         https://bugs.webkit.org/show_bug.cgi?id=123071
404
405         Reviewed by Oliver Hunt.
406         
407         The idea is to eventually allow a LinkBuffer to place the code into an already
408         allocated region of memory.  That region of memory could be the nop-slide left behind
409         by a llvm.webkit.patchpoint.
410
411         * assembler/ARM64Assembler.h:
412         (JSC::ARM64Assembler::buffer):
413         * assembler/AssemblerBuffer.h:
414         * assembler/LinkBuffer.cpp:
415         (JSC::LinkBuffer::copyCompactAndLinkCode):
416         (JSC::LinkBuffer::linkCode):
417         (JSC::LinkBuffer::allocate):
418         (JSC::LinkBuffer::shrink):
419         * assembler/LinkBuffer.h:
420         (JSC::LinkBuffer::LinkBuffer):
421         (JSC::LinkBuffer::didFailToAllocate):
422         * assembler/X86Assembler.h:
423         (JSC::X86Assembler::buffer):
424         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
425
426 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
427
428         Some includes in JSC seem to use an incorrect style
429         https://bugs.webkit.org/show_bug.cgi?id=123057
430
431         Reviewed by Geoffrey Garen.
432
433         Changed pseudo-system includes to user ones.
434
435         * API/JSContextRef.cpp:
436         * API/JSStringRefCF.cpp:
437         * API/JSValueRef.cpp:
438         * API/OpaqueJSString.cpp:
439         * jit/JIT.h:
440         * parser/SyntaxChecker.h:
441         * runtime/WeakGCMap.h:
442
443 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
444
445         Baseline JIT and DFG IC code generation should be unified and rationalized
446         https://bugs.webkit.org/show_bug.cgi?id=122939
447
448         Reviewed by Geoffrey Garen.
449         
450         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
451         some register info and creates JIT inline caches for you. Used this to even furhter
452         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
453         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
454         that it needs to do the equivalent of get_by_id, so with this generator it will be able
455         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
456
457         * CMakeLists.txt:
458         * GNUmakefile.list.am:
459         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
460         * JavaScriptCore.xcodeproj/project.pbxproj:
461         * assembler/AbstractMacroAssembler.h:
462         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
463         * bytecode/CodeBlock.h:
464         (JSC::CodeBlock::ecmaMode):
465         * dfg/DFGInlineCacheWrapper.h: Added.
466         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
467         * dfg/DFGInlineCacheWrapperInlines.h: Added.
468         (JSC::DFG::::finalize):
469         * dfg/DFGJITCompiler.cpp:
470         (JSC::DFG::JITCompiler::link):
471         * dfg/DFGJITCompiler.h:
472         (JSC::DFG::JITCompiler::addGetById):
473         (JSC::DFG::JITCompiler::addPutById):
474         * dfg/DFGSpeculativeJIT32_64.cpp:
475         (JSC::DFG::SpeculativeJIT::cachedGetById):
476         (JSC::DFG::SpeculativeJIT::cachedPutById):
477         * dfg/DFGSpeculativeJIT64.cpp:
478         (JSC::DFG::SpeculativeJIT::cachedGetById):
479         (JSC::DFG::SpeculativeJIT::cachedPutById):
480         (JSC::DFG::SpeculativeJIT::compile):
481         * jit/AssemblyHelpers.h:
482         (JSC::AssemblyHelpers::isStrictModeFor):
483         (JSC::AssemblyHelpers::strictModeFor):
484         * jit/GPRInfo.h:
485         (JSC::JSValueRegs::tagGPR):
486         * jit/JIT.cpp:
487         (JSC::JIT::JIT):
488         (JSC::JIT::privateCompileSlowCases):
489         (JSC::JIT::privateCompile):
490         * jit/JIT.h:
491         * jit/JITInlineCacheGenerator.cpp: Added.
492         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
493         (JSC::JITByIdGenerator::JITByIdGenerator):
494         (JSC::JITByIdGenerator::finalize):
495         (JSC::JITByIdGenerator::generateFastPathChecks):
496         (JSC::JITGetByIdGenerator::generateFastPath):
497         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
498         (JSC::JITPutByIdGenerator::generateFastPath):
499         (JSC::JITPutByIdGenerator::slowPathFunction):
500         * jit/JITInlineCacheGenerator.h: Added.
501         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
502         (JSC::JITInlineCacheGenerator::stubInfo):
503         (JSC::JITByIdGenerator::JITByIdGenerator):
504         (JSC::JITByIdGenerator::reportSlowPathCall):
505         (JSC::JITByIdGenerator::slowPathJump):
506         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
507         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
508         * jit/JITPropertyAccess.cpp:
509         (JSC::JIT::emit_op_get_by_id):
510         (JSC::JIT::emitSlow_op_get_by_id):
511         (JSC::JIT::emit_op_put_by_id):
512         (JSC::JIT::emitSlow_op_put_by_id):
513         * jit/JITPropertyAccess32_64.cpp:
514         (JSC::JIT::emit_op_get_by_id):
515         (JSC::JIT::emitSlow_op_get_by_id):
516         (JSC::JIT::emit_op_put_by_id):
517         (JSC::JIT::emitSlow_op_put_by_id):
518         * jit/RegisterSet.h:
519         (JSC::RegisterSet::set):
520
521 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
522
523         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
524         https://bugs.webkit.org/show_bug.cgi?id=123067
525
526         Reviewed by Geoffrey Garen.
527
528         * API/APICast.h: Include it.
529
530 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
531
532         FTL::Location should treat the offset as an addend in the case of a Register location
533         https://bugs.webkit.org/show_bug.cgi?id=123062
534
535         Reviewed by Sam Weinig.
536
537         * ftl/FTLLocation.cpp:
538         (JSC::FTL::Location::forStackmaps):
539         (JSC::FTL::Location::dump):
540         (JSC::FTL::Location::restoreInto):
541         * ftl/FTLLocation.h:
542         (JSC::FTL::Location::forRegister):
543         (JSC::FTL::Location::hasAddend):
544         (JSC::FTL::Location::addend):
545
546 2013-10-19  Nadav Rotem  <nrotem@apple.com>
547
548         DFG dominators: document and rename stuff.
549         https://bugs.webkit.org/show_bug.cgi?id=123056
550
551         Reviewed by Filip Pizlo.
552
553         Documented the code and renamed some variables.
554
555         * dfg/DFGDominators.cpp:
556         (JSC::DFG::Dominators::compute):
557         (JSC::DFG::Dominators::pruneDominators):
558         * dfg/DFGDominators.h:
559
560 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
561
562         Fix build failure for architectures with 4 argument registers.
563         https://bugs.webkit.org/show_bug.cgi?id=123060
564
565         Reviewed by Michael Saboff.
566
567         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
568         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
569
570         * dfg/DFGSpeculativeJIT.h:
571         (JSC::DFG::SpeculativeJIT::callOperation):
572         * jit/CCallHelpers.h:
573         (JSC::CCallHelpers::setupArgumentsWithExecState):
574         * jit/JITInlines.h:
575         (JSC::JIT::callOperation):
576
577 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
578
579         Unreviewed, fix FTL build.
580
581         * ftl/FTLIntrinsicRepository.h:
582         * ftl/FTLLowerDFGToLLVM.cpp:
583         (JSC::FTL::LowerDFGToLLVM::compileGetById):
584
585 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
586
587         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
588         https://bugs.webkit.org/show_bug.cgi?id=122940
589
590         Reviewed by Oliver Hunt.
591         
592         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
593         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
594         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
595         StructureStubInfo's. It removes some of the need for the compile-time property access
596         records; for example the DFG no longer has to save information about registers in a
597         property access record only to later save it to the stub info.
598         
599         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
600         at any stage of compilation.
601
602         * bytecode/CodeBlock.cpp:
603         (JSC::CodeBlock::printGetByIdCacheStatus):
604         (JSC::CodeBlock::dumpBytecode):
605         (JSC::CodeBlock::~CodeBlock):
606         (JSC::CodeBlock::propagateTransitions):
607         (JSC::CodeBlock::finalizeUnconditionally):
608         (JSC::CodeBlock::addStubInfo):
609         (JSC::CodeBlock::getStubInfoMap):
610         (JSC::CodeBlock::shrinkToFit):
611         * bytecode/CodeBlock.h:
612         (JSC::CodeBlock::begin):
613         (JSC::CodeBlock::end):
614         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
615         * bytecode/CodeOrigin.h:
616         (JSC::CodeOrigin::CodeOrigin):
617         (JSC::CodeOrigin::isHashTableDeletedValue):
618         (JSC::CodeOrigin::hash):
619         (JSC::CodeOriginHash::hash):
620         (JSC::CodeOriginHash::equal):
621         * bytecode/GetByIdStatus.cpp:
622         (JSC::GetByIdStatus::computeFor):
623         * bytecode/GetByIdStatus.h:
624         * bytecode/PutByIdStatus.cpp:
625         (JSC::PutByIdStatus::computeFor):
626         * bytecode/PutByIdStatus.h:
627         * bytecode/StructureStubInfo.h:
628         (JSC::getStructureStubInfoCodeOrigin):
629         * dfg/DFGByteCodeParser.cpp:
630         (JSC::DFG::ByteCodeParser::parseBlock):
631         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
632         * dfg/DFGJITCompiler.cpp:
633         (JSC::DFG::JITCompiler::link):
634         * dfg/DFGJITCompiler.h:
635         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
636         (JSC::DFG::InRecord::InRecord):
637         * dfg/DFGSpeculativeJIT.cpp:
638         (JSC::DFG::SpeculativeJIT::compileIn):
639         * dfg/DFGSpeculativeJIT.h:
640         (JSC::DFG::SpeculativeJIT::callOperation):
641         * dfg/DFGSpeculativeJIT32_64.cpp:
642         (JSC::DFG::SpeculativeJIT::cachedGetById):
643         (JSC::DFG::SpeculativeJIT::cachedPutById):
644         * dfg/DFGSpeculativeJIT64.cpp:
645         (JSC::DFG::SpeculativeJIT::cachedGetById):
646         (JSC::DFG::SpeculativeJIT::cachedPutById):
647         * jit/CCallHelpers.h:
648         (JSC::CCallHelpers::setupArgumentsWithExecState):
649         * jit/JIT.cpp:
650         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
651         (JSC::JIT::privateCompile):
652         * jit/JIT.h:
653         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
654         * jit/JITInlines.h:
655         (JSC::JIT::callOperation):
656         * jit/JITOperations.cpp:
657         * jit/JITOperations.h:
658         * jit/JITPropertyAccess.cpp:
659         (JSC::JIT::emitSlow_op_get_by_id):
660         (JSC::JIT::emitSlow_op_put_by_id):
661         * jit/JITPropertyAccess32_64.cpp:
662         (JSC::JIT::emitSlow_op_get_by_id):
663         (JSC::JIT::emitSlow_op_put_by_id):
664         * jit/Repatch.cpp:
665         (JSC::appropriateGenericPutByIdFunction):
666         (JSC::appropriateListBuildingPutByIdFunction):
667         (JSC::resetPutByID):
668
669 2013-10-18  Oliver Hunt  <oliver@apple.com>
670
671         Spread operator should be performing direct "puts" and not triggering setters
672         https://bugs.webkit.org/show_bug.cgi?id=123047
673
674         Reviewed by Geoffrey Garen.
675
676         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
677         to array construct.  This required a new PutByValDirect node to be introduced to
678         the DFG.  The current implementation simply changes the slow path function that
679         is called, but in future this could be made faster as it does not need to check
680         the prototype chain.
681
682         * bytecode/CodeBlock.cpp:
683         (JSC::CodeBlock::dumpBytecode):
684         (JSC::CodeBlock::CodeBlock):
685         * bytecode/Opcode.h:
686         (JSC::padOpcodeName):
687         * bytecompiler/BytecodeGenerator.cpp:
688         (JSC::BytecodeGenerator::emitDirectPutByVal):
689         * bytecompiler/BytecodeGenerator.h:
690         * bytecompiler/NodesCodegen.cpp:
691         (JSC::ArrayNode::emitBytecode):
692         * dfg/DFGAbstractInterpreterInlines.h:
693         (JSC::DFG::::executeEffects):
694         * dfg/DFGBackwardsPropagationPhase.cpp:
695         (JSC::DFG::BackwardsPropagationPhase::propagate):
696         * dfg/DFGByteCodeParser.cpp:
697         (JSC::DFG::ByteCodeParser::parseBlock):
698         * dfg/DFGCSEPhase.cpp:
699         (JSC::DFG::CSEPhase::getArrayLengthElimination):
700         (JSC::DFG::CSEPhase::getByValLoadElimination):
701         (JSC::DFG::CSEPhase::checkStructureElimination):
702         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
703         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
704         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
705         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
706         (JSC::DFG::CSEPhase::performNodeCSE):
707         * dfg/DFGCapabilities.cpp:
708         (JSC::DFG::capabilityLevel):
709         * dfg/DFGClobberize.h:
710         (JSC::DFG::clobberize):
711         * dfg/DFGFixupPhase.cpp:
712         (JSC::DFG::FixupPhase::fixupNode):
713         * dfg/DFGGraph.h:
714         (JSC::DFG::Graph::clobbersWorld):
715         * dfg/DFGNode.h:
716         (JSC::DFG::Node::hasArrayMode):
717         * dfg/DFGNodeType.h:
718         * dfg/DFGOperations.cpp:
719         (JSC::DFG::putByVal):
720         (JSC::DFG::operationPutByValInternal):
721         * dfg/DFGOperations.h:
722         * dfg/DFGPredictionPropagationPhase.cpp:
723         (JSC::DFG::PredictionPropagationPhase::propagate):
724         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
725         * dfg/DFGSafeToExecute.h:
726         (JSC::DFG::safeToExecute):
727         * dfg/DFGSpeculativeJIT32_64.cpp:
728         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
729         (JSC::DFG::SpeculativeJIT::compile):
730         * dfg/DFGSpeculativeJIT64.cpp:
731         (JSC::DFG::SpeculativeJIT::compile):
732         * dfg/DFGTypeCheckHoistingPhase.cpp:
733         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
734         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
735         * jit/JIT.cpp:
736         (JSC::JIT::privateCompileMainPass):
737         (JSC::JIT::privateCompileSlowCases):
738         * jit/JIT.h:
739         (JSC::JIT::compileDirectPutByVal):
740         * jit/JITOperations.cpp:
741         * jit/JITOperations.h:
742         * jit/JITPropertyAccess.cpp:
743         (JSC::JIT::emitSlow_op_put_by_val):
744         (JSC::JIT::privateCompilePutByVal):
745         * jit/JITPropertyAccess32_64.cpp:
746         (JSC::JIT::emitSlow_op_put_by_val):
747         * llint/LLIntSlowPaths.cpp:
748         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
749         * llint/LLIntSlowPaths.h:
750         * llint/LowLevelInterpreter32_64.asm:
751         * llint/LowLevelInterpreter64.asm:
752
753 2013-10-18  Daniel Bates  <dabates@apple.com>
754
755         [iOS] Export symbol for VM::sharedInstanceExists()
756         https://bugs.webkit.org/show_bug.cgi?id=123046
757
758         Reviewed by Mark Hahnenberg.
759
760         * runtime/VM.h:
761
762 2013-10-18  Daniel Bates  <dabates@apple.com>
763
764         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
765         https://bugs.webkit.org/show_bug.cgi?id=123049
766
767         Reviewed by Mark Hahnenberg.
768
769         * heap/Heap.cpp:
770         (JSC::Heap::setIncrementalSweeper):
771         * heap/Heap.h:
772         * heap/HeapTimer.h:
773         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
774         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
775         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
776         (duplicates the include in the .cpp).
777         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
778         making use of this now, but we'll make use of it in a subsequent patch.
779
780 2013-10-18  Anders Carlsson  <andersca@apple.com>
781
782         Remove spaces between template angle brackets
783         https://bugs.webkit.org/show_bug.cgi?id=123040
784
785         Reviewed by Andreas Kling.
786
787         * API/JSCallbackObject.cpp:
788         (JSC::::create):
789         * API/JSObjectRef.cpp:
790         * bytecode/CodeBlock.h:
791         (JSC::CodeBlock::constants):
792         (JSC::CodeBlock::setConstantRegisters):
793         * bytecode/DFGExitProfile.h:
794         * bytecode/EvalCodeCache.h:
795         * bytecode/Operands.h:
796         * bytecode/UnlinkedCodeBlock.h:
797         (JSC::UnlinkedCodeBlock::constantRegisters):
798         * bytecode/Watchpoint.h:
799         * bytecompiler/BytecodeGenerator.h:
800         * bytecompiler/StaticPropertyAnalysis.h:
801         * bytecompiler/StaticPropertyAnalyzer.h:
802         * dfg/DFGArgumentsSimplificationPhase.cpp:
803         * dfg/DFGBlockInsertionSet.h:
804         * dfg/DFGCSEPhase.cpp:
805         (JSC::DFG::performCSE):
806         (JSC::DFG::performStoreElimination):
807         * dfg/DFGCommonData.h:
808         * dfg/DFGDesiredStructureChains.h:
809         * dfg/DFGDesiredWatchpoints.h:
810         * dfg/DFGJITCompiler.h:
811         * dfg/DFGOSRExitCompiler32_64.cpp:
812         (JSC::DFG::OSRExitCompiler::compileExit):
813         * dfg/DFGOSRExitCompiler64.cpp:
814         (JSC::DFG::OSRExitCompiler::compileExit):
815         * dfg/DFGWorklist.h:
816         * heap/BlockAllocator.h:
817         (JSC::CopiedBlock):
818         (JSC::MarkedBlock):
819         (JSC::WeakBlock):
820         (JSC::MarkStackSegment):
821         (JSC::CopyWorkListSegment):
822         (JSC::HandleBlock):
823         * heap/Heap.h:
824         * heap/Local.h:
825         * heap/MarkedBlock.h:
826         * heap/Strong.h:
827         * jit/AssemblyHelpers.cpp:
828         (JSC::AssemblyHelpers::decodedCodeMapFor):
829         * jit/AssemblyHelpers.h:
830         * jit/SpecializedThunkJIT.h:
831         * parser/Nodes.h:
832         * parser/Parser.cpp:
833         (JSC::::parseIfStatement):
834         * parser/Parser.h:
835         (JSC::Scope::copyCapturedVariablesToVector):
836         (JSC::parse):
837         * parser/ParserArena.h:
838         * parser/SourceProviderCacheItem.h:
839         * profiler/LegacyProfiler.cpp:
840         (JSC::dispatchFunctionToProfiles):
841         * profiler/LegacyProfiler.h:
842         (JSC::LegacyProfiler::currentProfiles):
843         * profiler/ProfileNode.h:
844         (JSC::ProfileNode::children):
845         * profiler/ProfilerDatabase.h:
846         * runtime/Butterfly.h:
847         (JSC::Butterfly::contiguousInt32):
848         (JSC::Butterfly::contiguous):
849         * runtime/GenericTypedArrayViewInlines.h:
850         (JSC::::create):
851         * runtime/Identifier.h:
852         (JSC::Identifier::add):
853         * runtime/JSPromise.h:
854         * runtime/PropertyMapHashTable.h:
855         * runtime/PropertyNameArray.h:
856         * runtime/RegExpCache.h:
857         * runtime/SparseArrayValueMap.h:
858         * runtime/SymbolTable.h:
859         * runtime/VM.h:
860         * tools/CodeProfile.cpp:
861         (JSC::truncateTrace):
862         * tools/CodeProfile.h:
863         * yarr/YarrInterpreter.cpp:
864         * yarr/YarrInterpreter.h:
865         (JSC::Yarr::BytecodePattern::BytecodePattern):
866         * yarr/YarrJIT.cpp:
867         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
868         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
869         (JSC::Yarr::YarrGenerator::opCompileBody):
870         * yarr/YarrPattern.cpp:
871         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
872         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
873         * yarr/YarrPattern.h:
874
875 2013-10-18  Mark Lam  <mark.lam@apple.com>
876
877         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
878         https://bugs.webkit.org/show_bug.cgi?id=123037.
879
880         Reviewed by Geoffrey Garen.
881
882         * jit/JITStubsMSVC64.asm:
883         * jit/JITStubsX86.h:
884         * jit/JITStubsX86_64.h:
885
886 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
887
888         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
889         https://bugs.webkit.org/show_bug.cgi?id=121661
890
891         Reviewed by Mark Hahnenberg.
892         
893         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
894         so I added a return-early check using isCompilationThread().
895         
896         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
897         it is describing: m_offset and the property table. Most structures only have m_offset and report
898         null for the property table. If the property table is there, it will tell you additional
899         information and that information subsumes m_offset - but the m_offset is still there. So, when
900         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
901         machinery to do this.
902         
903         Changing the property table only happens on the main thread.
904         
905         Because the machinery to change the property table is so complex, especially with respect to
906         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
907         called at key points before and after changes to the property table or the offset.
908
909         Most clients of Structure who care about object layout, including the concurrent thread, will
910         want to know m_offset and not the property table. If they want the property table, they will
911         already be super careful. The concurrent thread has special methods for this, like
912         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
913         view of the property table.
914         
915         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
916         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
917         
918         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
919         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
920         because we have found that it helps quickly identify situations where the property table and
921         m_offset get out of sync - mainly because code that changes either of those things will usually
922         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
923         need the property table; it uses the m_offset. The concurrent JIT is correct to call
924         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
925         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
926         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
927         locks, and that same structure is having its property table modified by the main thread, we end
928         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
929         property table modified - instead what happens is that some downstream structure steals the
930         property table and then starts adding things to it. The concurrent thread loads the property
931         table before it's stolen, and hence the badness.
932         
933         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
934         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
935         and then you have a possible crash.
936         
937         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
938         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
939         it's in the concurrent JIT.
940         
941         * runtime/StructureInlines.h:
942         (JSC::Structure::checkOffsetConsistency):
943
944 2013-10-18  Daniel Bates  <dabates@apple.com>
945
946         Add SPI to disable the garbage collector timer
947         https://bugs.webkit.org/show_bug.cgi?id=122921
948
949         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
950         omitted.
951
952         * heap/Heap.cpp:
953         (JSC::Heap::setGarbageCollectionTimerEnabled):
954
955 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
956
957         Group 64-bit specific and 32-bit specific callOperation implementations.
958         https://bugs.webkit.org/show_bug.cgi?id=123024
959
960         Reviewed by Michael Saboff.
961
962         This is not a big deal, but could be less confusing when reading the code.
963
964         * jit/JITInlines.h:
965         (JSC::JIT::callOperation):
966         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
967         (JSC::JIT::callOperationNoExceptionCheck):
968
969 2013-10-18  Nadav Rotem  <nrotem@apple.com>
970
971         Fix a FlushLiveness problem.
972         https://bugs.webkit.org/show_bug.cgi?id=122984
973
974         Reviewed by Filip Pizlo.
975
976         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
977         (JSC::DFG::FlushLivenessAnalysisPhase::process):
978
979 2013-10-18  Michael Saboff  <msaboff@apple.com>
980
981         Change native function call stubs to use JIT operations instead of ctiVMHandleException
982         https://bugs.webkit.org/show_bug.cgi?id=122982
983
984         Reviewed by Geoffrey Garen.
985
986         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
987         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
988         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
989         in the process.
990
991         * dfg/DFGJITCompiler.cpp:
992         (JSC::DFG::JITCompiler::compileExceptionHandlers):
993         * jit/CCallHelpers.h:
994         (JSC::CCallHelpers::jumpToExceptionHandler):
995         * jit/JIT.cpp:
996         (JSC::JIT::privateCompileExceptionHandlers):
997         * jit/JIT.h:
998         * jit/JITExceptions.cpp:
999         (JSC::genericUnwind):
1000         * jit/JITExceptions.h:
1001         * jit/JITInlines.h:
1002         (JSC::JIT::callOperationNoExceptionCheck):
1003         * jit/JITOpcodes.cpp:
1004         (JSC::JIT::emit_op_throw):
1005         * jit/JITOpcodes32_64.cpp:
1006         (JSC::JIT::privateCompileCTINativeCall):
1007         (JSC::JIT::emit_op_throw):
1008         * jit/JITOperations.cpp:
1009         * jit/JITOperations.h:
1010         * jit/JITStubs.cpp:
1011         * jit/JITStubs.h:
1012         * jit/JITStubsARM.h:
1013         * jit/JITStubsARM64.h:
1014         * jit/JITStubsARMv7.h:
1015         * jit/JITStubsMIPS.h:
1016         * jit/JITStubsMSVC64.asm:
1017         * jit/JITStubsSH4.h:
1018         * jit/JITStubsX86.h:
1019         * jit/JITStubsX86_64.h:
1020         * jit/Repatch.cpp:
1021         (JSC::tryBuildGetByIDList):
1022         * jit/SlowPathCall.h:
1023         (JSC::JITSlowPathCall::call):
1024         * jit/ThunkGenerators.cpp:
1025         (JSC::throwExceptionFromCallSlowPathGenerator):
1026         (JSC::nativeForGenerator):
1027         * runtime/VM.h:
1028         (JSC::VM::callFrameForThrowOffset):
1029         (JSC::VM::targetMachinePCForThrowOffset):
1030
1031 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1032
1033         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1034         https://bugs.webkit.org/show_bug.cgi?id=123023
1035
1036         Reviewed by Michael Saboff.
1037
1038         * jit/JITInlines.h:
1039         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1040         using EABI_32BIT_DUMMY_ARG here.
1041
1042 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1043
1044         Unreviewed, another ARM64 build fix.
1045         
1046         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1047         on ARM64 and none of its uses are legit - they should all be using
1048         andPtr(TrustedImm32, blah) anyway.
1049
1050         * assembler/MacroAssembler.h:
1051         * assembler/MacroAssemblerARM64.h:
1052         * dfg/DFGJITCompiler.cpp:
1053         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1054         * jit/JIT.cpp:
1055         (JSC::JIT::privateCompileExceptionHandlers):
1056
1057 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1058
1059         Unreviewed, speculative ARM64 build fix.
1060         
1061         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1062         implemented. So, you have to use TrustedImmPtr in the superclasses.
1063
1064         * assembler/MacroAssemblerARM64.h:
1065         (JSC::MacroAssemblerARM64::store8):
1066         (JSC::MacroAssemblerARM64::branchTest8):
1067
1068 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1069
1070         Unreviewed, speculative ARM build fix.
1071         https://bugs.webkit.org/show_bug.cgi?id=122890
1072         <rdar://problem/15258624>
1073
1074         * assembler/ARM64Assembler.h:
1075         (JSC::ARM64Assembler::firstRegister):
1076         (JSC::ARM64Assembler::lastRegister):
1077         (JSC::ARM64Assembler::firstFPRegister):
1078         (JSC::ARM64Assembler::lastFPRegister):
1079         * assembler/MacroAssemblerARM64.h:
1080         * assembler/MacroAssemblerARMv7.h:
1081
1082 2013-10-17  Andreas Kling  <akling@apple.com>
1083
1084         Pass VM instead of JSGlobalObject to JSONObject constructor.
1085         <https://webkit.org/b/122999>
1086
1087         JSONObject was only use the JSGlobalObject to grab at the VM.
1088         Dodge a few loads by passing the VM directly instead.
1089
1090         Reviewed by Geoffrey Garen.
1091
1092         * runtime/JSONObject.cpp:
1093         (JSC::JSONObject::JSONObject):
1094         (JSC::JSONObject::finishCreation):
1095         * runtime/JSONObject.h:
1096         (JSC::JSONObject::create):
1097
1098 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1099
1100         Removed the JITStackFrame struct
1101         https://bugs.webkit.org/show_bug.cgi?id=123001
1102
1103         Reviewed by Anders Carlsson.
1104
1105         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1106         our helper functions obey the C function call ABI.
1107
1108 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1109
1110         Removed an unused #define
1111         https://bugs.webkit.org/show_bug.cgi?id=123000
1112
1113         Reviewed by Anders Carlsson.
1114
1115         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1116         since it is unused now. This is a step toward using the C stack.
1117
1118 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1119
1120         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1121         https://bugs.webkit.org/show_bug.cgi?id=122973
1122
1123         Reviewed by Michael Saboff.
1124
1125         * jit/ThunkGenerators.cpp:
1126         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1127         so I removed it.
1128
1129         The code acted as if it needed to pass an argument to
1130         lookupExceptionHandler, and as if it passed that argument to itself
1131         through JITStackFrame. However, lookupExceptionHandler does not take
1132         an argument (other than the default ExecState argument), and the code
1133         did not initialize the thing that it thought it passed to itself!
1134
1135 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1136
1137         Run JavaScriptCore tests again on Windows.
1138         https://bugs.webkit.org/show_bug.cgi?id=122787
1139
1140         Reviewed by Tim Horton.
1141
1142         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1143         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1144
1145 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1146
1147         Removed restoreArgumentReference (another use of JITStackFrame)
1148         https://bugs.webkit.org/show_bug.cgi?id=122997
1149
1150         Reviewed by Oliver Hunt.
1151
1152         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1153         toward using the C stack.
1154
1155 2013-10-17  Oliver Hunt  <oliver@apple.com>
1156
1157         Remove JITStubCall.h
1158         https://bugs.webkit.org/show_bug.cgi?id=122991
1159
1160         Reviewed by Geoff Garen.
1161
1162         Happily this is no longer used
1163
1164         * GNUmakefile.list.am:
1165         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1166         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1167         * JavaScriptCore.xcodeproj/project.pbxproj:
1168         * jit/JIT.cpp:
1169         * jit/JITArithmetic.cpp:
1170         * jit/JITArithmetic32_64.cpp:
1171         * jit/JITCall.cpp:
1172         * jit/JITCall32_64.cpp:
1173         * jit/JITOpcodes.cpp:
1174         * jit/JITOpcodes32_64.cpp:
1175         * jit/JITPropertyAccess.cpp:
1176         * jit/JITPropertyAccess32_64.cpp:
1177         * jit/JITStubCall.h: Removed.
1178
1179 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1180
1181         Removed a use of JITSTACKFRAME_ARGS_INDEX
1182         https://bugs.webkit.org/show_bug.cgi?id=122989
1183
1184         Reviewed by Oliver Hunt.
1185
1186         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1187         to using the C stack.
1188
1189 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1190
1191         Change emit_op_catch to use another method to materialize VM
1192         https://bugs.webkit.org/show_bug.cgi?id=122977
1193
1194         Reviewed by Oliver Hunt.
1195
1196         * jit/JITOpcodes.cpp:
1197         (JSC::JIT::emit_op_catch):
1198         * jit/JITOpcodes32_64.cpp:
1199         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1200         on JITStackFrame. It is also faster and simpler.
1201
1202 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1203
1204         Eliminate emitGetJITStubArg() - dead code
1205         https://bugs.webkit.org/show_bug.cgi?id=122975
1206
1207         Reviewed by Anders Carlsson.
1208
1209         * jit/JIT.h:
1210         * jit/JITInlines.h: Removed unused, deprecated function.
1211
1212 2013-10-17  Mark Lam  <mark.lam@apple.com>
1213
1214         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1215         https://bugs.webkit.org/show_bug.cgi?id=122979.
1216
1217         Reviewed by Michael Saboff.
1218
1219         * jit/JITStubs.cpp:
1220         * jit/JITStubs.h:
1221         * jit/JITStubsARM.h:
1222         * jit/JITStubsARM64.h:
1223         * jit/JITStubsARMv7.h:
1224         * jit/JITStubsMIPS.h:
1225         * jit/JITStubsSH4.h:
1226         * jit/JITStubsX86.h:
1227         * jit/JITStubsX86_64.h:
1228         * runtime/VM.cpp:
1229         (JSC::VM::VM):
1230
1231 2013-10-17  Michael Saboff  <msaboff@apple.com>
1232
1233         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1234         https://bugs.webkit.org/show_bug.cgi?id=122974
1235
1236         Reviewed by Geoffrey Garen.
1237
1238         Eliminated unneeded storing to JITStackFrame.
1239
1240         * dfg/DFGJITCompiler.cpp:
1241         (JSC::DFG::JITCompiler::compileFunction):
1242
1243 2013-10-17  Michael Saboff  <msaboff@apple.com>
1244
1245         Transition cti_op_throw and cti_vm_throw to a JIT operation
1246         https://bugs.webkit.org/show_bug.cgi?id=122931
1247
1248         Reviewed by Filip Pizlo.
1249
1250         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1251         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1252         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1253         callOperation to handle the need to provide space for structure return value.
1254
1255         * jit/JIT.h:
1256         * jit/JITInlines.h:
1257         (JSC::JIT::callOperation):
1258         * jit/JITOpcodes.cpp:
1259         (JSC::JIT::emit_op_throw):
1260         * jit/JITOpcodes32_64.cpp:
1261         (JSC::JIT::emit_op_throw):
1262         (JSC::JIT::emit_op_catch):
1263         * jit/JITOperations.cpp:
1264         * jit/JITOperations.h:
1265         * jit/JITStubs.cpp:
1266         * jit/JITStubs.h:
1267         * jit/JITStubsARM.h:
1268         * jit/JITStubsARM64.h:
1269         * jit/JITStubsARMv7.h:
1270         * jit/JITStubsMIPS.h:
1271         * jit/JITStubsMSVC64.asm:
1272         * jit/JITStubsSH4.h:
1273         * jit/JITStubsX86.h:
1274         * jit/JITStubsX86_64.h:
1275         * jit/JSInterfaceJIT.h:
1276
1277 2013-10-17  Mark Lam  <mark.lam@apple.com>
1278
1279         Remove JITStackFrame references in the C Loop LLINT.
1280         https://bugs.webkit.org/show_bug.cgi?id=122950.
1281
1282         Reviewed by Michael Saboff.
1283
1284         * jit/JITStubs.h:
1285         * llint/LowLevelInterpreter.cpp:
1286         (JSC::CLoop::execute):
1287         * offlineasm/cloop.rb:
1288
1289 2013-10-17  Mark Lam  <mark.lam@apple.com>
1290
1291         Remove JITStackFrame references in JIT probes.
1292         https://bugs.webkit.org/show_bug.cgi?id=122947.
1293
1294         Reviewed by Michael Saboff.
1295
1296         * assembler/MacroAssemblerARM.cpp:
1297         (JSC::MacroAssemblerARM::ProbeContext::dump):
1298         * assembler/MacroAssemblerARM.h:
1299         * assembler/MacroAssemblerARMv7.cpp:
1300         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1301         * assembler/MacroAssemblerARMv7.h:
1302         * assembler/MacroAssemblerX86Common.cpp:
1303         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1304         * assembler/MacroAssemblerX86Common.h:
1305         * jit/JITStubsARM.h:
1306         * jit/JITStubsARMv7.h:
1307         * jit/JITStubsX86.h:
1308         * jit/JITStubsX86Common.h:
1309         * jit/JITStubsX86_64.h:
1310
1311 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1312
1313         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1314         https://bugs.webkit.org/show_bug.cgi?id=122949
1315
1316         Reviewed by Andreas Kling.
1317
1318         * jit/CCallHelpers.h:
1319         (JSC::CCallHelpers::setupArgumentsWithExecState):
1320
1321 2013-10-16  Mark Lam  <mark.lam@apple.com>
1322
1323         Transition remaining op_get* JITStubs to JIT operations.
1324         https://bugs.webkit.org/show_bug.cgi?id=122925.
1325
1326         Reviewed by Geoffrey Garen.
1327
1328         Transitioning:
1329             cti_op_get_by_id_generic
1330             cti_op_get_by_val
1331             cti_op_get_by_val_generic
1332             cti_op_get_by_val_string
1333
1334         * dfg/DFGOperations.cpp:
1335         * dfg/DFGOperations.h:
1336         * jit/JIT.h:
1337         * jit/JITInlines.h:
1338         (JSC::JIT::callOperation):
1339         * jit/JITOpcodes.cpp:
1340         (JSC::JIT::emitSlow_op_get_arguments_length):
1341         (JSC::JIT::emitSlow_op_get_argument_by_val):
1342         * jit/JITOpcodes32_64.cpp:
1343         (JSC::JIT::emitSlow_op_get_arguments_length):
1344         (JSC::JIT::emitSlow_op_get_argument_by_val):
1345         * jit/JITOperations.cpp:
1346         * jit/JITOperations.h:
1347         * jit/JITPropertyAccess.cpp:
1348         (JSC::JIT::emitSlow_op_get_by_val):
1349         (JSC::JIT::emitSlow_op_get_by_pname):
1350         (JSC::JIT::privateCompileGetByVal):
1351         * jit/JITPropertyAccess32_64.cpp:
1352         (JSC::JIT::emitSlow_op_get_by_val):
1353         (JSC::JIT::emitSlow_op_get_by_pname):
1354         * jit/JITStubs.cpp:
1355         * jit/JITStubs.h:
1356         * runtime/Executable.cpp:
1357         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1358         * runtime/Options.cpp:
1359         (JSC::Options::initialize):
1360
1361 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1362
1363         Introduce WTF::Bag and start using it for InlineCallFrameSet
1364         https://bugs.webkit.org/show_bug.cgi?id=122941
1365
1366         Reviewed by Geoffrey Garen.
1367         
1368         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1369         SegmentedVectors into Bags as well.
1370
1371         * bytecode/InlineCallFrameSet.cpp:
1372         (JSC::InlineCallFrameSet::add):
1373         * bytecode/InlineCallFrameSet.h:
1374         (JSC::InlineCallFrameSet::begin):
1375         (JSC::InlineCallFrameSet::end):
1376         * dfg/DFGArgumentsSimplificationPhase.cpp:
1377         (JSC::DFG::ArgumentsSimplificationPhase::run):
1378         * dfg/DFGJITCompiler.cpp:
1379         (JSC::DFG::JITCompiler::link):
1380         * dfg/DFGStackLayoutPhase.cpp:
1381         (JSC::DFG::StackLayoutPhase::run):
1382         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1383         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1384
1385 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1386
1387         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1388         https://bugs.webkit.org/show_bug.cgi?id=122905
1389         <rdar://problem/15237856>
1390
1391         Reviewed by Michael Saboff.
1392         
1393         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1394         then always call it to install something that calls CRASH().
1395
1396         * llvm/InitializeLLVM.cpp:
1397         (JSC::llvmCrash):
1398         (JSC::initializeLLVMOnce):
1399         (JSC::initializeLLVM):
1400         * llvm/LLVMAPIFunctions.h:
1401
1402 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1403
1404         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1405         https://bugs.webkit.org/show_bug.cgi?id=122938
1406
1407         Reviewed by Sam Weinig.
1408         
1409         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1410
1411         * jit/Repatch.cpp:
1412         (JSC::tryBuildGetByIDList):
1413
1414 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1415
1416         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1417         https://bugs.webkit.org/show_bug.cgi?id=122937
1418
1419         Reviewed by Geoffrey Garen.
1420         
1421         JITStubCall used to do it.
1422         
1423         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1424
1425         * jit/JIT.h:
1426         (JSC::JIT::appendCall):
1427
1428 2013-10-16  Michael Saboff  <msaboff@apple.com>
1429
1430         transition void cti_op_put_by_val* stubs to JIT operations
1431         https://bugs.webkit.org/show_bug.cgi?id=122903
1432
1433         Reviewed by Geoffrey Garen.
1434
1435         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1436         operationPutByValGeneric.
1437
1438         * jit/CCallHelpers.h:
1439         (JSC::CCallHelpers::setupArgumentsWithExecState):
1440         * jit/JIT.h:
1441         * jit/JITInlines.h:
1442         (JSC::JIT::callOperation):
1443         * jit/JITOperations.cpp:
1444         * jit/JITOperations.h:
1445         * jit/JITPropertyAccess.cpp:
1446         (JSC::JIT::emitSlow_op_put_by_val):
1447         (JSC::JIT::privateCompilePutByVal):
1448         * jit/JITPropertyAccess32_64.cpp:
1449         (JSC::JIT::emitSlow_op_put_by_val):
1450         * jit/JITStubs.cpp:
1451         * jit/JITStubs.h:
1452         * jit/JSInterfaceJIT.h:
1453
1454 2013-10-16  Oliver Hunt  <oliver@apple.com>
1455
1456         Implement ES6 spread operator
1457         https://bugs.webkit.org/show_bug.cgi?id=122911
1458
1459         Reviewed by Michael Saboff.
1460
1461         Implement the ES6 spread operator
1462
1463         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1464         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1465         driven.
1466
1467         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1468         and actually handling the spread.
1469
1470         * bytecompiler/BytecodeGenerator.cpp:
1471         (JSC::BytecodeGenerator::emitNewArray):
1472         (JSC::BytecodeGenerator::emitCall):
1473         (JSC::BytecodeGenerator::emitEnumeration):
1474         * bytecompiler/BytecodeGenerator.h:
1475         * bytecompiler/NodesCodegen.cpp:
1476         (JSC::ArrayNode::emitBytecode):
1477         (JSC::ForOfNode::emitBytecode):
1478         (JSC::SpreadExpressionNode::emitBytecode):
1479         * parser/ASTBuilder.h:
1480         (JSC::ASTBuilder::createSpreadExpression):
1481         * parser/Lexer.cpp:
1482         (JSC::::lex):
1483         * parser/NodeConstructors.h:
1484         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1485         * parser/Nodes.h:
1486         (JSC::ExpressionNode::isSpreadExpression):
1487         (JSC::SpreadExpressionNode::expression):
1488         * parser/Parser.cpp:
1489         (JSC::::parseArrayLiteral):
1490         (JSC::::parseArguments):
1491         (JSC::::parseMemberExpression):
1492         * parser/Parser.h:
1493         (JSC::Parser::getTokenName):
1494         (JSC::Parser::updateErrorMessageSpecialCase):
1495         * parser/ParserTokens.h:
1496         * parser/SyntaxChecker.h:
1497         (JSC::SyntaxChecker::createSpreadExpression):
1498
1499 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1500
1501         Add a useLLInt option to jsc
1502         https://bugs.webkit.org/show_bug.cgi?id=122930
1503
1504         Reviewed by Geoffrey Garen.
1505
1506         * runtime/Executable.cpp:
1507         (JSC::setupLLInt):
1508         (JSC::setupJIT):
1509         (JSC::ScriptExecutable::prepareForExecutionImpl):
1510         * runtime/Options.h:
1511
1512 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1513
1514         Build fix.
1515
1516         Forgot to svn add DeferGC.cpp
1517
1518         * heap/DeferGC.cpp: Added.
1519
1520 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1521
1522         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1523         https://bugs.webkit.org/show_bug.cgi?id=122902
1524
1525         Reviewed by Mark Hahnenberg.
1526         
1527         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1528         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1529         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1530         didn't. Turns out that there's even a helpful method,
1531         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1532
1533         * jit/Repatch.cpp:
1534         (JSC::tryCachePutByID):
1535
1536 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1537
1538         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1539         https://bugs.webkit.org/show_bug.cgi?id=122667
1540
1541         Reviewed by Geoffrey Garen.
1542
1543         The issue this patch is attempting to fix is that there are places in our codebase
1544         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1545         operations that can initiate a garbage collection. Garbage collection then calls 
1546         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1547         always necessarily run during garbage collection). This causes a deadlock.
1548  
1549         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1550         into a thread-local field that indicates that it is unsafe to perform any operation 
1551         that could trigger garbage collection on the current thread. In debug builds, 
1552         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1553         detect deadlocks.
1554  
1555         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1556         which uses the DeferGC mechanism to prevent collections from occurring while the 
1557         lock is held.
1558
1559         * CMakeLists.txt:
1560         * GNUmakefile.list.am:
1561         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1562         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1563         * JavaScriptCore.xcodeproj/project.pbxproj:
1564         * heap/DeferGC.h:
1565         (JSC::DisallowGC::DisallowGC):
1566         (JSC::DisallowGC::~DisallowGC):
1567         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1568         (JSC::DisallowGC::initialize):
1569         * jit/Repatch.cpp:
1570         (JSC::repatchPutByID):
1571         (JSC::buildPutByIdList):
1572         * llint/LLIntSlowPaths.cpp:
1573         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1574         * runtime/ConcurrentJITLock.h:
1575         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1576         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1577         (JSC::ConcurrentJITLockerBase::unlockEarly):
1578         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1579         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1580         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1581         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1582         * runtime/InitializeThreading.cpp:
1583         (JSC::initializeThreadingOnce):
1584         * runtime/JSCellInlines.h:
1585         (JSC::allocateCell):
1586         * runtime/JSSymbolTableObject.h:
1587         (JSC::symbolTablePut):
1588         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1589         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1590         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1591         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1592         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1593         the Structure.
1594         (JSC::Structure::materializePropertyMap):
1595         (JSC::Structure::despecifyDictionaryFunction):
1596         (JSC::Structure::changePrototypeTransition):
1597         (JSC::Structure::despecifyFunctionTransition):
1598         (JSC::Structure::attributeChangeTransition):
1599         (JSC::Structure::toDictionaryTransition):
1600         (JSC::Structure::preventExtensionsTransition):
1601         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1602         (JSC::Structure::isSealed):
1603         (JSC::Structure::isFrozen):
1604         (JSC::Structure::addPropertyWithoutTransition):
1605         (JSC::Structure::removePropertyWithoutTransition):
1606         (JSC::Structure::get):
1607         (JSC::Structure::despecifyFunction):
1608         (JSC::Structure::despecifyAllFunctions):
1609         (JSC::Structure::putSpecificValue):
1610         (JSC::Structure::createPropertyMap):
1611         (JSC::Structure::getPropertyNamesFromStructure):
1612         * runtime/Structure.h:
1613         (JSC::Structure::materializePropertyMapIfNecessary):
1614         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1615         * runtime/StructureInlines.h:
1616         (JSC::Structure::get):
1617         * runtime/SymbolTable.h:
1618         (JSC::SymbolTable::find):
1619         (JSC::SymbolTable::end):
1620
1621 2013-10-16  Daniel Bates  <dabates@apple.com>
1622
1623         Add SPI to disable the garbage collector timer
1624         https://bugs.webkit.org/show_bug.cgi?id=122921
1625
1626         Reviewed by Geoffrey Garen.
1627
1628         Based on a patch by Mark Hahnenberg.
1629
1630         * API/JSBase.cpp:
1631         (JSDisableGCTimer): Added; SPI function.
1632         * API/JSBasePrivate.h:
1633         * heap/BlockAllocator.cpp:
1634         (JSC::createBlockFreeingThread): Added.
1635         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1636         to conditionally create the "block freeing" thread depending on the value of
1637         GCActivityCallback::s_shouldCreateGCTimer.
1638         (JSC::BlockAllocator::~BlockAllocator):
1639         * heap/BlockAllocator.h:
1640         (JSC::BlockAllocator::deallocate):
1641         * heap/Heap.cpp:
1642         (JSC::Heap::didAbandon):
1643         (JSC::Heap::collect):
1644         (JSC::Heap::didAllocate):
1645         * heap/HeapTimer.cpp:
1646         (JSC::HeapTimer::timerDidFire):
1647         * runtime/GCActivityCallback.cpp:
1648         * runtime/GCActivityCallback.h:
1649         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1650         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1651         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1652
1653 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1654
1655         Unreviewed, rolling out r157529.
1656         http://trac.webkit.org/changeset/157529
1657         https://bugs.webkit.org/show_bug.cgi?id=122919
1658
1659         Caused score test failures and some build failures. (Requested
1660         by rfong on #webkit).
1661
1662         * bytecompiler/BytecodeGenerator.cpp:
1663         (JSC::BytecodeGenerator::emitNewArray):
1664         (JSC::BytecodeGenerator::emitCall):
1665         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1666         * bytecompiler/BytecodeGenerator.h:
1667         * bytecompiler/NodesCodegen.cpp:
1668         (JSC::ArrayNode::emitBytecode):
1669         (JSC::CallArguments::CallArguments):
1670         (JSC::ForOfNode::emitBytecode):
1671         (JSC::BindingNode::collectBoundIdentifiers):
1672         * parser/ASTBuilder.h:
1673         * parser/Lexer.cpp:
1674         (JSC::::lex):
1675         * parser/NodeConstructors.h:
1676         (JSC::DotAccessorNode::DotAccessorNode):
1677         * parser/Nodes.h:
1678         * parser/Parser.cpp:
1679         (JSC::::parseArrayLiteral):
1680         (JSC::::parseArguments):
1681         (JSC::::parseMemberExpression):
1682         * parser/Parser.h:
1683         (JSC::Parser::getTokenName):
1684         (JSC::Parser::updateErrorMessageSpecialCase):
1685         * parser/ParserTokens.h:
1686         * parser/SyntaxChecker.h:
1687
1688 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1689
1690         Remove useless architecture specific implementation in DFG.
1691         https://bugs.webkit.org/show_bug.cgi?id=122917.
1692
1693         Reviewed by Michael Saboff.
1694
1695         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1696         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1697
1698         * dfg/DFGSpeculativeJIT.h:
1699
1700 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1701
1702         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1703         https://bugs.webkit.org/show_bug.cgi?id=122916.
1704
1705         Reviewed by Michael Saboff.
1706
1707         This architecture specific function is not used anymore, so get rid of it.
1708
1709         * jit/JIT.h:
1710         * jit/JITInlines.h:
1711
1712 2013-10-16  Oliver Hunt  <oliver@apple.com>
1713
1714         Implement ES6 spread operator
1715         https://bugs.webkit.org/show_bug.cgi?id=122911
1716
1717         Reviewed by Michael Saboff.
1718
1719         Implement the ES6 spread operator
1720
1721         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1722         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1723         driven.
1724
1725         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1726         and actually handling the spread.
1727
1728         * bytecompiler/BytecodeGenerator.cpp:
1729         (JSC::BytecodeGenerator::emitNewArray):
1730         (JSC::BytecodeGenerator::emitCall):
1731         (JSC::BytecodeGenerator::emitEnumeration):
1732         * bytecompiler/BytecodeGenerator.h:
1733         * bytecompiler/NodesCodegen.cpp:
1734         (JSC::ArrayNode::emitBytecode):
1735         (JSC::ForOfNode::emitBytecode):
1736         (JSC::SpreadExpressionNode::emitBytecode):
1737         * parser/ASTBuilder.h:
1738         (JSC::ASTBuilder::createSpreadExpression):
1739         * parser/Lexer.cpp:
1740         (JSC::::lex):
1741         * parser/NodeConstructors.h:
1742         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1743         * parser/Nodes.h:
1744         (JSC::ExpressionNode::isSpreadExpression):
1745         (JSC::SpreadExpressionNode::expression):
1746         * parser/Parser.cpp:
1747         (JSC::::parseArrayLiteral):
1748         (JSC::::parseArguments):
1749         (JSC::::parseMemberExpression):
1750         * parser/Parser.h:
1751         (JSC::Parser::getTokenName):
1752         (JSC::Parser::updateErrorMessageSpecialCase):
1753         * parser/ParserTokens.h:
1754         * parser/SyntaxChecker.h:
1755         (JSC::SyntaxChecker::createSpreadExpression):
1756
1757 2013-10-16  Mark Lam  <mark.lam@apple.com>
1758
1759         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1760         https://bugs.webkit.org/show_bug.cgi?id=122899.
1761
1762         Reviewed by Michael Saboff.
1763
1764         * jit/JITOpcodes32_64.cpp:
1765         (JSC::JIT::emit_op_tear_off_activation):
1766         (JSC::JIT::emit_op_tear_off_arguments):
1767         * jit/JITStubs.cpp:
1768         * jit/JITStubs.h:
1769
1770 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1771
1772         Remove more of the UNINTERRUPTED_SEQUENCE thing
1773         https://bugs.webkit.org/show_bug.cgi?id=122885
1774
1775         Reviewed by Andreas Kling.
1776
1777         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1778
1779         * jit/JIT.h:
1780         * jit/JITInlines.h:
1781
1782 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1783
1784         Get rid of the StructureStubInfo::patch union
1785         https://bugs.webkit.org/show_bug.cgi?id=122877
1786
1787         Reviewed by Sam Weinig.
1788         
1789         Just simplifying code by getting rid of data structures that ain't used no more.
1790         
1791         Note that I replace the patch union with a patch struct. This means we say things like
1792         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1793         encapsulation makes the code more readable: the patch struct contains just those things
1794         that you need to know to perform patching.
1795
1796         * bytecode/StructureStubInfo.h:
1797         * dfg/DFGJITCompiler.cpp:
1798         (JSC::DFG::JITCompiler::link):
1799         * jit/JIT.cpp:
1800         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1801         * jit/Repatch.cpp:
1802         (JSC::repatchByIdSelfAccess):
1803         (JSC::replaceWithJump):
1804         (JSC::linkRestoreScratch):
1805         (JSC::generateProtoChainAccessStub):
1806         (JSC::tryCacheGetByID):
1807         (JSC::getPolymorphicStructureList):
1808         (JSC::patchJumpToGetByIdStub):
1809         (JSC::tryBuildGetByIDList):
1810         (JSC::emitPutReplaceStub):
1811         (JSC::emitPutTransitionStub):
1812         (JSC::tryCachePutByID):
1813         (JSC::tryBuildPutByIdList):
1814         (JSC::tryRepatchIn):
1815         (JSC::resetGetByID):
1816         (JSC::resetPutByID):
1817         (JSC::resetIn):
1818
1819 2013-10-15  Nadav Rotem  <nrotem@apple.com>
1820
1821         FTL: add support for Int52ToValue and fix putByVal of int52s.
1822         https://bugs.webkit.org/show_bug.cgi?id=122873
1823
1824         Reviewed by Filip Pizlo.
1825
1826         * ftl/FTLCapabilities.cpp:
1827         (JSC::FTL::canCompile):
1828         * ftl/FTLLowerDFGToLLVM.cpp:
1829         (JSC::FTL::LowerDFGToLLVM::compileNode):
1830         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
1831         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1832
1833 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1834
1835         Get rid of the UNINTERRUPTED_SEQUENCE thing
1836         https://bugs.webkit.org/show_bug.cgi?id=122876
1837
1838         Reviewed by Mark Hahnenberg.
1839         
1840         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
1841         
1842         Moreover, we should resist the temptation to bring anything like this back. We don't
1843         want to have inline caches that only work if the assembler lays out code in a specific
1844         predetermined way.
1845
1846         * jit/JIT.h:
1847         * jit/JITCall.cpp:
1848         (JSC::JIT::compileOpCall):
1849         * jit/JITCall32_64.cpp:
1850         (JSC::JIT::compileOpCall):
1851
1852 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1853
1854         Baseline JIT should use the DFG GetById IC
1855         https://bugs.webkit.org/show_bug.cgi?id=122861
1856
1857         Reviewed by Oliver Hunt.
1858         
1859         This mostly just kills a ton of code.
1860         
1861         Note that this doesn't yet do all of the simplifications that can be done, but it does
1862         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
1863
1864         * bytecode/CodeBlock.cpp:
1865         (JSC::CodeBlock::resetStubInternal):
1866         * jit/JIT.cpp:
1867         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1868         * jit/JIT.h:
1869         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
1870         * jit/JITInlines.h:
1871         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1872         (JSC::JIT::callOperation):
1873         * jit/JITPropertyAccess.cpp:
1874         (JSC::JIT::compileGetByIdHotPath):
1875         (JSC::JIT::emitSlow_op_get_by_id):
1876         (JSC::JIT::emitSlow_op_get_from_scope):
1877         * jit/JITPropertyAccess32_64.cpp:
1878         (JSC::JIT::compileGetByIdHotPath):
1879         (JSC::JIT::emitSlow_op_get_by_id):
1880         (JSC::JIT::emitSlow_op_get_from_scope):
1881         * jit/JITStubs.cpp:
1882         * jit/JITStubs.h:
1883         * jit/Repatch.cpp:
1884         (JSC::repatchGetByID):
1885         (JSC::buildGetByIDList):
1886         * jit/ThunkGenerators.cpp:
1887         * jit/ThunkGenerators.h:
1888
1889 2013-10-15  Dean Jackson  <dino@apple.com>
1890
1891         Add ENABLE_WEB_ANIMATIONS flag
1892         https://bugs.webkit.org/show_bug.cgi?id=122871
1893
1894         Reviewed by Tim Horton.
1895
1896         Eventually might be http://dev.w3.org/fxtf/web-animations/
1897         but this is just engine-internal work at the moment.
1898
1899         * Configurations/FeatureDefines.xcconfig:
1900
1901 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1902
1903         [sh4] Some calls don't match sh4 ABI.
1904         https://bugs.webkit.org/show_bug.cgi?id=122863
1905
1906         Reviewed by Michael Saboff.
1907
1908         * dfg/DFGSpeculativeJIT.h:
1909         (JSC::DFG::SpeculativeJIT::callOperation):
1910         * jit/CCallHelpers.h:
1911         (JSC::CCallHelpers::setupArgumentsWithExecState):
1912         * jit/JITInlines.h:
1913         (JSC::JIT::callOperation):
1914
1915 2013-10-15  Daniel Bates  <dabates@apple.com>
1916
1917         [iOS] Upstream JavaScriptCore support for ARM64
1918         https://bugs.webkit.org/show_bug.cgi?id=122762
1919
1920         Reviewed by Oliver Hunt and Filip Pizlo.
1921
1922         * Configurations/Base.xcconfig:
1923         * Configurations/DebugRelease.xcconfig:
1924         * Configurations/JavaScriptCore.xcconfig:
1925         * Configurations/ToolExecutable.xcconfig:
1926         * JavaScriptCore.xcodeproj/project.pbxproj:
1927         * assembler/ARM64Assembler.h: Added.
1928         * assembler/AbstractMacroAssembler.h:
1929         (JSC::isARM64):
1930         (JSC::AbstractMacroAssembler::Label::Label):
1931         (JSC::AbstractMacroAssembler::Jump::Jump):
1932         (JSC::AbstractMacroAssembler::Jump::link):
1933         (JSC::AbstractMacroAssembler::Jump::linkTo):
1934         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
1935         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
1936         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
1937         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
1938         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
1939         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
1940         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
1941         (JSC::AbstractMacroAssembler::isTempRegisterValid):
1942         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
1943         (JSC::AbstractMacroAssembler::setTempRegisterValid):
1944         * assembler/LinkBuffer.cpp:
1945         (JSC::LinkBuffer::copyCompactAndLinkCode):
1946         (JSC::LinkBuffer::linkCode):
1947         * assembler/LinkBuffer.h:
1948         * assembler/MacroAssembler.h:
1949         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
1950         (JSC::MacroAssembler::pushToSave):
1951         (JSC::MacroAssembler::popToRestore):
1952         (JSC::MacroAssembler::patchableBranchTest32):
1953         * assembler/MacroAssemblerARM64.h: Added.
1954         * assembler/MacroAssemblerARMv7.h:
1955         * dfg/DFGFixupPhase.cpp:
1956         (JSC::DFG::FixupPhase::fixupNode):
1957         * dfg/DFGOSRExitCompiler32_64.cpp:
1958         (JSC::DFG::OSRExitCompiler::compileExit):
1959         * dfg/DFGOSRExitCompiler64.cpp:
1960         (JSC::DFG::OSRExitCompiler::compileExit):
1961         * dfg/DFGSpeculativeJIT.cpp:
1962         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1963         (JSC::DFG::SpeculativeJIT::compileArithMod):
1964         * disassembler/ARM64/A64DOpcode.cpp: Added.
1965         * disassembler/ARM64/A64DOpcode.h: Added.
1966         * disassembler/ARM64Disassembler.cpp: Added.
1967         * heap/MachineStackMarker.cpp:
1968         (JSC::getPlatformThreadRegisters):
1969         (JSC::otherThreadStackPointer):
1970         * heap/Region.h:
1971         * jit/AssemblyHelpers.h:
1972         (JSC::AssemblyHelpers::debugCall):
1973         * jit/CCallHelpers.h:
1974         * jit/ExecutableAllocator.h:
1975         * jit/FPRInfo.h:
1976         (JSC::FPRInfo::toRegister):
1977         (JSC::FPRInfo::toIndex):
1978         (JSC::FPRInfo::debugName):
1979         * jit/GPRInfo.h:
1980         (JSC::GPRInfo::toRegister):
1981         (JSC::GPRInfo::toIndex):
1982         (JSC::GPRInfo::debugName):
1983         * jit/JITInlines.h:
1984         (JSC::JIT::restoreArgumentReferenceForTrampoline):
1985         * jit/JITOperationWrappers.h:
1986         * jit/JITOperations.cpp:
1987         * jit/JITStubs.cpp:
1988         (JSC::performPlatformSpecificJITAssertions):
1989         (JSC::tryCachePutByID):
1990         * jit/JITStubs.h:
1991         (JSC::JITStackFrame::returnAddressSlot):
1992         * jit/JITStubsARM64.h: Added.
1993         * jit/JSInterfaceJIT.h:
1994         * jit/Repatch.cpp:
1995         (JSC::emitRestoreScratch):
1996         (JSC::generateProtoChainAccessStub):
1997         (JSC::tryCacheGetByID):
1998         (JSC::emitPutReplaceStub):
1999         (JSC::tryCachePutByID):
2000         (JSC::tryRepatchIn):
2001         * jit/ScratchRegisterAllocator.h:
2002         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2003         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2004         * jit/ThunkGenerators.cpp:
2005         (JSC::nativeForGenerator):
2006         (JSC::floorThunkGenerator):
2007         (JSC::ceilThunkGenerator):
2008         * jsc.cpp:
2009         (main):
2010         * llint/LLIntOfflineAsmConfig.h:
2011         * llint/LLIntSlowPaths.cpp:
2012         (JSC::LLInt::handleHostCall):
2013         * llint/LowLevelInterpreter.asm:
2014         * llint/LowLevelInterpreter64.asm:
2015         * offlineasm/arm.rb:
2016         * offlineasm/arm64.rb: Added.
2017         * offlineasm/backends.rb:
2018         * offlineasm/instructions.rb:
2019         * offlineasm/risc.rb:
2020         * offlineasm/transform.rb:
2021         * yarr/YarrJIT.cpp:
2022         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2023         (JSC::Yarr::YarrGenerator::initCallFrame):
2024         (JSC::Yarr::YarrGenerator::removeCallFrame):
2025         (JSC::Yarr::YarrGenerator::generateEnter):
2026         * yarr/YarrJIT.h:
2027
2028 2013-10-15  Mark Lam  <mark.lam@apple.com>
2029
2030         Fix 3 operand sub operation in C loop LLINT.
2031         https://bugs.webkit.org/show_bug.cgi?id=122866.
2032
2033         Reviewed by Geoffrey Garen.
2034
2035         * offlineasm/cloop.rb:
2036
2037 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2038
2039         ObjCCallbackFunctionImpl shouldn't store a JSContext
2040         https://bugs.webkit.org/show_bug.cgi?id=122531
2041
2042         Reviewed by Geoffrey Garen.
2043
2044         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2045         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2046         by looking using the globalObject of the callee when the function callback is invoked.
2047  
2048         Also added a new test that would cause us to crash previously. The test required making 
2049         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2050         in C API callbacks.
2051
2052         * API/JSContextRef.h:
2053         * API/JSContextRefPrivate.h:
2054         * API/ObjCCallbackFunction.mm:
2055         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2056         (JSC::objCCallbackFunctionCallAsFunction):
2057         (objCCallbackFunctionForInvocation):
2058         * API/WebKitAvailability.h:
2059         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2060         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2061         (CallAsConstructor):
2062         (ConstructorFinalize):
2063         (ConstructorClass):
2064         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2065         (-[JSContext valueWithConstructorDescriptor:]):
2066         (currentThisInsideBlockGetterTest):
2067         * API/tests/testapi.mm:
2068         * JavaScriptCore.xcodeproj/project.pbxproj:
2069         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2070
2071 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2072
2073         Fix build after r157457 for architecture with 4 argument registers.
2074         https://bugs.webkit.org/show_bug.cgi?id=122860
2075
2076         Reviewed by Michael Saboff.
2077
2078         * jit/CCallHelpers.h:
2079         (JSC::CCallHelpers::setupStubArguments134):
2080
2081 2013-10-14  Michael Saboff  <msaboff@apple.com>
2082
2083         transition void cti_op_* methods to JIT operations.
2084         https://bugs.webkit.org/show_bug.cgi?id=122617
2085
2086         Reviewed by Geoffrey Garen.
2087
2088         Converted the follow stubs to JIT operations:
2089             cti_handle_watchdog_timer
2090             cti_op_debug
2091             cti_op_pop_scope
2092             cti_op_profile_did_call
2093             cti_op_profile_will_call
2094             cti_op_put_by_index
2095             cti_op_put_getter_setter
2096             cti_op_tear_off_activation
2097             cti_op_tear_off_arguments
2098             cti_op_throw_static_error
2099             cti_optimize
2100
2101         * dfg/DFGOperations.cpp:
2102         * dfg/DFGOperations.h:
2103         * jit/CCallHelpers.h:
2104         (JSC::CCallHelpers::setupArgumentsWithExecState):
2105         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2106         (JSC::CCallHelpers::setupStubArguments):
2107         (JSC::CCallHelpers::setupStubArguments134):
2108         * jit/JIT.cpp:
2109         (JSC::JIT::emitEnterOptimizationCheck):
2110         * jit/JIT.h:
2111         * jit/JITInlines.h:
2112         (JSC::JIT::callOperation):
2113         * jit/JITOpcodes.cpp:
2114         (JSC::JIT::emit_op_tear_off_activation):
2115         (JSC::JIT::emit_op_tear_off_arguments):
2116         (JSC::JIT::emit_op_push_with_scope):
2117         (JSC::JIT::emit_op_pop_scope):
2118         (JSC::JIT::emit_op_push_name_scope):
2119         (JSC::JIT::emit_op_throw_static_error):
2120         (JSC::JIT::emit_op_debug):
2121         (JSC::JIT::emit_op_profile_will_call):
2122         (JSC::JIT::emit_op_profile_did_call):
2123         (JSC::JIT::emitSlow_op_loop_hint):
2124         * jit/JITOpcodes32_64.cpp:
2125         (JSC::JIT::emit_op_push_with_scope):
2126         (JSC::JIT::emit_op_pop_scope):
2127         (JSC::JIT::emit_op_push_name_scope):
2128         (JSC::JIT::emit_op_throw_static_error):
2129         (JSC::JIT::emit_op_debug):
2130         (JSC::JIT::emit_op_profile_will_call):
2131         (JSC::JIT::emit_op_profile_did_call):
2132         * jit/JITOperations.cpp:
2133         * jit/JITOperations.h:
2134         * jit/JITPropertyAccess.cpp:
2135         (JSC::JIT::emit_op_put_by_index):
2136         (JSC::JIT::emit_op_put_getter_setter):
2137         * jit/JITPropertyAccess32_64.cpp:
2138         (JSC::JIT::emit_op_put_by_index):
2139         (JSC::JIT::emit_op_put_getter_setter):
2140         * jit/JITStubs.cpp:
2141         * jit/JITStubs.h:
2142
2143 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2144
2145         [sh4] Introduce const pools in LLINT.
2146         https://bugs.webkit.org/show_bug.cgi?id=122746
2147
2148         Reviewed by Michael Saboff.
2149
2150         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2151         loaded this way:
2152
2153             mov.l .label, rx
2154             bra out
2155             nop
2156             .balign 4
2157             .label: .long immvalue
2158             out:
2159
2160         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2161         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2162
2163         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2164         * offlineasm/sh4.rb:
2165
2166 2013-10-15  Mark Lam  <mark.lam@apple.com>
2167
2168         Fix broken C Loop LLINT build.
2169         https://bugs.webkit.org/show_bug.cgi?id=122839.
2170
2171         Reviewed by Michael Saboff.
2172
2173         * dfg/DFGFlushedAt.cpp:
2174         * jit/JITOperations.h:
2175
2176 2013-10-14  Mark Lam  <mark.lam@apple.com>
2177
2178         Transition *switch* and *scope* JITStubs to JIT operations.
2179         https://bugs.webkit.org/show_bug.cgi?id=122757.
2180
2181         Reviewed by Geoffrey Garen.
2182
2183         Transitioning:
2184             cti_op_switch_char
2185             cti_op_switch_imm
2186             cti_op_switch_string
2187             cti_op_resolve_scope
2188             cti_op_get_from_scope
2189             cti_op_put_to_scope
2190
2191         * jit/JIT.h:
2192         * jit/JITInlines.h:
2193         (JSC::JIT::callOperation):
2194         * jit/JITOpcodes.cpp:
2195         (JSC::JIT::emit_op_switch_imm):
2196         (JSC::JIT::emit_op_switch_char):
2197         (JSC::JIT::emit_op_switch_string):
2198         * jit/JITOpcodes32_64.cpp:
2199         (JSC::JIT::emit_op_switch_imm):
2200         (JSC::JIT::emit_op_switch_char):
2201         (JSC::JIT::emit_op_switch_string):
2202         * jit/JITOperations.cpp:
2203         * jit/JITOperations.h:
2204         * jit/JITPropertyAccess.cpp:
2205         (JSC::JIT::emitSlow_op_resolve_scope):
2206         (JSC::JIT::emitSlow_op_get_from_scope):
2207         (JSC::JIT::emitSlow_op_put_to_scope):
2208         * jit/JITPropertyAccess32_64.cpp:
2209         (JSC::JIT::emitSlow_op_resolve_scope):
2210         (JSC::JIT::emitSlow_op_get_from_scope):
2211         (JSC::JIT::emitSlow_op_put_to_scope):
2212         * jit/JITStubs.cpp:
2213         * jit/JITStubs.h:
2214
2215 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2216
2217         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2218         https://bugs.webkit.org/show_bug.cgi?id=122786
2219
2220         Reviewed by Mark Hahnenberg.
2221
2222         * bytecode/CodeBlock.cpp:
2223         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2224         * jit/Repatch.cpp:
2225         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2226         (JSC::buildPutByIdList): Ditto.
2227
2228 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2229
2230         Add FTL support for LogicalNot(string)
2231         https://bugs.webkit.org/show_bug.cgi?id=122765
2232
2233         Reviewed by Filip Pizlo.
2234
2235         This patch is tested by:
2236         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2237
2238         * ftl/FTLCapabilities.cpp:
2239         (JSC::FTL::canCompile):
2240         * ftl/FTLLowerDFGToLLVM.cpp:
2241         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2242
2243 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2244
2245         [sh4] Fixes after r157404 and r157411.
2246         https://bugs.webkit.org/show_bug.cgi?id=122782
2247
2248         Reviewed by Michael Saboff.
2249
2250         * dfg/DFGSpeculativeJIT.h:
2251         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2252         * jit/CCallHelpers.h:
2253         (JSC::CCallHelpers::setupArgumentsWithExecState):
2254         * jit/JITInlines.h:
2255         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2256         * jit/JITPropertyAccess32_64.cpp:
2257         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2258
2259 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2260
2261         Unreviewed, rolling out r157413.
2262         http://trac.webkit.org/changeset/157413
2263         https://bugs.webkit.org/show_bug.cgi?id=122779
2264
2265         Appears to have caused frequent crashes (Requested by ap on
2266         #webkit).
2267
2268         * CMakeLists.txt:
2269         * GNUmakefile.list.am:
2270         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2271         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2272         * JavaScriptCore.xcodeproj/project.pbxproj:
2273         * heap/DeferGC.cpp: Removed.
2274         * heap/DeferGC.h:
2275         * jit/JITStubs.cpp:
2276         (JSC::tryCacheGetByID):
2277         (JSC::DEFINE_STUB_FUNCTION):
2278         * llint/LLIntSlowPaths.cpp:
2279         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2280         * runtime/ConcurrentJITLock.h:
2281         * runtime/InitializeThreading.cpp:
2282         (JSC::initializeThreadingOnce):
2283         * runtime/JSCellInlines.h:
2284         (JSC::allocateCell):
2285         * runtime/Structure.cpp:
2286         (JSC::Structure::materializePropertyMap):
2287         (JSC::Structure::putSpecificValue):
2288         (JSC::Structure::createPropertyMap):
2289         * runtime/Structure.h:
2290
2291 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2292
2293         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2294         https://bugs.webkit.org/show_bug.cgi?id=122652
2295
2296         Reviewed by Filip Pizlo.
2297
2298         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2299         so we would end up ASSERTing during garbage collection.
2300
2301         * heap/MarkedAllocator.cpp:
2302         (JSC::MarkedAllocator::allocateSlowCase):
2303
2304 2013-10-11  Oliver Hunt  <oliver@apple.com>
2305
2306         Separate out array iteration intrinsics
2307         https://bugs.webkit.org/show_bug.cgi?id=122656
2308
2309         Reviewed by Michael Saboff.
2310
2311         Separate out the intrinsics for key and values iteration
2312         of arrays.
2313
2314         This requires moving moving array iteration into the iterator
2315         instance, rather than the prototype, but this is essentially
2316         unobservable so we'll live with it for now.
2317
2318         * jit/ThunkGenerators.cpp:
2319         (JSC::arrayIteratorNextThunkGenerator):
2320         (JSC::arrayIteratorNextKeyThunkGenerator):
2321         (JSC::arrayIteratorNextValueThunkGenerator):
2322         * jit/ThunkGenerators.h:
2323         * runtime/ArrayIteratorPrototype.cpp:
2324         (JSC::ArrayIteratorPrototype::finishCreation):
2325         * runtime/Intrinsic.h:
2326         * runtime/JSArrayIterator.cpp:
2327         (JSC::JSArrayIterator::finishCreation):
2328         (JSC::createIteratorResult):
2329         (JSC::arrayIteratorNext):
2330         (JSC::arrayIteratorNextKey):
2331         (JSC::arrayIteratorNextValue):
2332         (JSC::arrayIteratorNextGeneric):
2333         * runtime/VM.cpp:
2334         (JSC::thunkGeneratorForIntrinsic):
2335
2336 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2337
2338         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2339         https://bugs.webkit.org/show_bug.cgi?id=122667
2340
2341         Reviewed by Filip Pizlo.
2342
2343         The issue this patch is attempting to fix is that there are places in our codebase
2344         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2345         operations that can initiate a garbage collection. Garbage collection then calls 
2346         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2347         always necessarily run during garbage collection). This causes a deadlock.
2348
2349         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2350         into a thread-local field that indicates that it is unsafe to perform any operation 
2351         that could trigger garbage collection on the current thread. In debug builds, 
2352         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2353         detect deadlocks.
2354
2355         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2356         which uses the DeferGC mechanism to prevent collections from occurring while the 
2357         lock is held.
2358
2359         * CMakeLists.txt:
2360         * GNUmakefile.list.am:
2361         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2362         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2363         * JavaScriptCore.xcodeproj/project.pbxproj:
2364         * heap/DeferGC.cpp: Added.
2365         * heap/DeferGC.h:
2366         (JSC::DisallowGC::DisallowGC):
2367         (JSC::DisallowGC::~DisallowGC):
2368         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2369         (JSC::DisallowGC::initialize):
2370         * jit/JITStubs.cpp:
2371         (JSC::tryCachePutByID):
2372         (JSC::tryCacheGetByID):
2373         (JSC::DEFINE_STUB_FUNCTION):
2374         * llint/LLIntSlowPaths.cpp:
2375         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2376         * runtime/ConcurrentJITLock.h:
2377         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2378         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2379         (JSC::ConcurrentJITLockerBase::unlockEarly):
2380         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2381         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2382         * runtime/InitializeThreading.cpp:
2383         (JSC::initializeThreadingOnce):
2384         * runtime/JSCellInlines.h:
2385         (JSC::allocateCell):
2386         * runtime/Structure.cpp:
2387         (JSC::Structure::materializePropertyMap):
2388         (JSC::Structure::putSpecificValue):
2389         (JSC::Structure::createPropertyMap):
2390         * runtime/Structure.h:
2391
2392 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2393
2394         Baseline JIT should use the DFG's PutById IC
2395         https://bugs.webkit.org/show_bug.cgi?id=122704
2396
2397         Reviewed by Mark Hahnenberg.
2398         
2399         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2400         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2401         
2402         The only complicated part was that the PutById operations assumed that we first did a
2403         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2404         slow paths to deal with EncodedJSValue's.
2405
2406         * bytecode/CodeBlock.cpp:
2407         (JSC::CodeBlock::resetStubInternal):
2408         * bytecode/PutByIdStatus.cpp:
2409         (JSC::PutByIdStatus::computeFor):
2410         * dfg/DFGSpeculativeJIT.h:
2411         (JSC::DFG::SpeculativeJIT::callOperation):
2412         * dfg/DFGSpeculativeJIT32_64.cpp:
2413         (JSC::DFG::SpeculativeJIT::cachedPutById):
2414         * dfg/DFGSpeculativeJIT64.cpp:
2415         (JSC::DFG::SpeculativeJIT::cachedPutById):
2416         * jit/CCallHelpers.h:
2417         (JSC::CCallHelpers::setupArgumentsWithExecState):
2418         * jit/JIT.cpp:
2419         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2420         * jit/JIT.h:
2421         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2422         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2423         * jit/JITInlines.h:
2424         (JSC::JIT::callOperation):
2425         * jit/JITOperationWrappers.h:
2426         * jit/JITOperations.cpp:
2427         * jit/JITOperations.h:
2428         * jit/JITPropertyAccess.cpp:
2429         (JSC::JIT::compileGetByIdHotPath):
2430         (JSC::JIT::compileGetByIdSlowCase):
2431         (JSC::JIT::emit_op_put_by_id):
2432         (JSC::JIT::emitSlow_op_put_by_id):
2433         * jit/JITPropertyAccess32_64.cpp:
2434         (JSC::JIT::compileGetByIdSlowCase):
2435         (JSC::JIT::emit_op_put_by_id):
2436         (JSC::JIT::emitSlow_op_put_by_id):
2437         * jit/JITStubs.cpp:
2438         * jit/JITStubs.h:
2439         * jit/Repatch.cpp:
2440         (JSC::appropriateGenericPutByIdFunction):
2441         (JSC::appropriateListBuildingPutByIdFunction):
2442         (JSC::resetPutByID):
2443
2444 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2445
2446         FTL should have an inefficient but correct implementation of GetById
2447         https://bugs.webkit.org/show_bug.cgi?id=122740
2448
2449         Reviewed by Mark Hahnenberg.
2450         
2451         It took some effort to realize that the node->prediction() check in the DFG backends
2452         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2453         if !prediction.
2454         
2455         But other than that this was an easy patch.
2456
2457         * dfg/DFGByteCodeParser.cpp:
2458         (JSC::DFG::ByteCodeParser::handleGetById):
2459         * dfg/DFGSpeculativeJIT32_64.cpp:
2460         (JSC::DFG::SpeculativeJIT::compile):
2461         * dfg/DFGSpeculativeJIT64.cpp:
2462         (JSC::DFG::SpeculativeJIT::compile):
2463         * ftl/FTLCapabilities.cpp:
2464         (JSC::FTL::canCompile):
2465         * ftl/FTLIntrinsicRepository.h:
2466         * ftl/FTLLowerDFGToLLVM.cpp:
2467         (JSC::FTL::LowerDFGToLLVM::compileNode):
2468         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2469
2470 2013-10-13  Mark Lam  <mark.lam@apple.com>
2471
2472         Transition misc cti_op_* JITStubs to JIT operations.
2473         https://bugs.webkit.org/show_bug.cgi?id=122645.
2474
2475         Reviewed by Michael Saboff.
2476
2477         Stubs converted:
2478             cti_op_check_has_instance
2479             cti_op_create_arguments
2480             cti_op_del_by_id
2481             cti_op_instanceof
2482             cti_to_object
2483             cti_op_push_activation
2484             cti_op_get_pnames
2485             cti_op_load_varargs
2486
2487         * dfg/DFGOperations.cpp:
2488         * dfg/DFGOperations.h:
2489         * jit/CCallHelpers.h:
2490         (JSC::CCallHelpers::setupArgumentsWithExecState):
2491         * jit/JIT.h:
2492         (JSC::JIT::emitStoreCell):
2493         * jit/JITCall.cpp:
2494         (JSC::JIT::compileLoadVarargs):
2495         * jit/JITCall32_64.cpp:
2496         (JSC::JIT::compileLoadVarargs):
2497         * jit/JITInlines.h:
2498         (JSC::JIT::callOperation):
2499         * jit/JITOpcodes.cpp:
2500         (JSC::JIT::emit_op_get_pnames):
2501         (JSC::JIT::emit_op_create_activation):
2502         (JSC::JIT::emit_op_create_arguments):
2503         (JSC::JIT::emitSlow_op_check_has_instance):
2504         (JSC::JIT::emitSlow_op_instanceof):
2505         (JSC::JIT::emitSlow_op_get_argument_by_val):
2506         * jit/JITOpcodes32_64.cpp:
2507         (JSC::JIT::emitSlow_op_check_has_instance):
2508         (JSC::JIT::emitSlow_op_instanceof):
2509         (JSC::JIT::emit_op_get_pnames):
2510         (JSC::JIT::emit_op_create_activation):
2511         (JSC::JIT::emit_op_create_arguments):
2512         (JSC::JIT::emitSlow_op_get_argument_by_val):
2513         * jit/JITOperations.cpp:
2514         * jit/JITOperations.h:
2515         * jit/JITPropertyAccess.cpp:
2516         (JSC::JIT::emit_op_del_by_id):
2517         * jit/JITPropertyAccess32_64.cpp:
2518         (JSC::JIT::emit_op_del_by_id):
2519         * jit/JITStubs.cpp:
2520         * jit/JITStubs.h:
2521
2522 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2523
2524         FTL OSR exit should perform zero extension on values smaller than 64-bit
2525         https://bugs.webkit.org/show_bug.cgi?id=122688
2526
2527         Reviewed by Gavin Barraclough.
2528         
2529         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2530         register will have zeros on the high bits.  In the few cases where the high bits are
2531         non-zero, the DFG sort of tells us this explicitly.
2532
2533         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2534         emit LLVM IR like:
2535
2536             %2 = trunc i64 %1 to i32
2537             stuff %2
2538             call @llvm.webkit.stackmap(...., %2)
2539
2540         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2541         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2542         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2543         from before truncation, and that register may have garbage in the high bits.
2544
2545         This means that on our end, if we want a 32-bit value and we want that value to be
2546         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2547         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2548         end.
2549         
2550         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2551
2552         * ftl/FTLOSRExitCompiler.cpp:
2553         (JSC::FTL::compileStubWithOSRExitStackmap):
2554         * ftl/FTLValueFormat.cpp:
2555         (JSC::FTL::reboxAccordingToFormat):
2556
2557 == Rolled over to ChangeLog-2013-10-13 ==