[iOS] Upstream more ARMv7s bits
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-23  Daniel Bates  <dabates@apple.com>
2
3         [iOS] Upstream more ARMv7s bits
4         https://bugs.webkit.org/show_bug.cgi?id=123052
5
6         Reviewed by Joseph Pecoraro.
7
8         * Configurations/JavaScriptCore.xcconfig:
9
10 2013-10-22  Andreas Kling  <akling@apple.com>
11
12         Minor VM* -> VM& cleanups in HashTable and Keywords.
13         <https://webkit.org/b/123183>
14
15         Turn some VM* variables that will never be null into VM&.
16
17         Reviewed by Geoffrey Garen.
18
19 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
20
21         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
22         https://bugs.webkit.org/show_bug.cgi?id=123179
23
24         Reviewed by Mark Hahnenberg.
25
26         * parser/NodeConstructors.h:
27         (JSC::LogicalOpNode::LogicalOpNode):
28         * parser/ResultType.h:
29         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
30         This is JavaScript (aka Sparta).
31
32 2013-10-22  Commit Queue  <commit-queue@webkit.org>
33
34         Unreviewed, rolling out r157819.
35         http://trac.webkit.org/changeset/157819
36         https://bugs.webkit.org/show_bug.cgi?id=123180
37
38         Broke 32-bit builds (Requested by smfr on #webkit).
39
40         * Configurations/JavaScriptCore.xcconfig:
41         * Configurations/ToolExecutable.xcconfig:
42
43 2013-10-22  Daniel Bates  <dabates@apple.com>
44
45         [iOS] Upstream more ARMv7s bits
46         https://bugs.webkit.org/show_bug.cgi?id=123052
47
48         Reviewed by Joseph Pecoraro.
49
50         * Configurations/JavaScriptCore.xcconfig:
51         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
52         modifying a file in JavaScriptCore/Configurations.
53
54 2013-10-22  Daniel Bates  <dabates@apple.com>
55
56         [iOS] Upstream JSLock changes
57         https://bugs.webkit.org/show_bug.cgi?id=123107
58
59         Reviewed by Geoffrey Garen.
60
61         * runtime/JSLock.cpp:
62         (JSC::JSLock::unlock):
63         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
64         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
65         use pre-increment instead of post-increment when we're not using the return value of the instruction.
66         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
67         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
68         since we don't use the return value of such instructions.
69         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
70         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
71         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
72         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
73         the argument is sufficiently descriptive of its purpose.
74
75 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
76
77         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
78         https://bugs.webkit.org/show_bug.cgi?id=123166
79
80         Reviewed by Michael Saboff.
81
82         * jit/CCallHelpers.h:
83         (JSC::CCallHelpers::setupArgumentsWithExecState):
84
85 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
86
87         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
88         https://bugs.webkit.org/show_bug.cgi?id=123165
89
90         Reviewed by Michael Saboff.
91
92         * jit/JITInlines.h:
93         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
94         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
95         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
96         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
97
98 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
99
100         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
101         https://bugs.webkit.org/show_bug.cgi?id=123092
102
103         Reviewed by Michael Saboff.
104
105         Impacted architectures are SH4 and ARM_TRADITIONAL.
106
107         * assembler/ARMAssembler.h:
108         (JSC::ARMAssembler::buffer):
109         * assembler/AssemblerBufferWithConstantPool.h:
110         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
111         * assembler/LinkBuffer.cpp:
112         (JSC::LinkBuffer::linkCode):
113         * assembler/SH4Assembler.h:
114         (JSC::SH4Assembler::buffer):
115
116 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
117
118         Remove unused stuff in JIT stubs.
119         https://bugs.webkit.org/show_bug.cgi?id=123155
120
121         Reviewed by Michael Saboff.
122
123         * jit/JITStubs.h:
124         * jit/JITStubsARM.h:
125         (JSC::ctiTrampoline):
126         * jit/JITStubsARM64.h:
127         * jit/JITStubsARMv7.h:
128         * jit/JITStubsMIPS.h:
129         * jit/JITStubsSH4.h:
130         * jit/JITStubsX86.h:
131         * jit/JITStubsX86_64.h:
132
133 2013-10-22  Daniel Bates  <dabates@apple.com>
134
135         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
136         https://bugs.webkit.org/show_bug.cgi?id=123115
137         <rdar://problem/13696872>
138
139         Reviewed by Andy Estes.
140
141         Based on a patch by Mark Hahnenberg.
142
143         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
144
145         * API/JSBase.cpp:
146
147 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
148
149         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
150         https://bugs.webkit.org/show_bug.cgi?id=123157
151
152         Reviewed by Andreas Kling.
153
154         * assembler/SH4Assembler.h:
155         (JSC::SH4Assembler::lastRegister):
156         (JSC::SH4Assembler::firstFPRegister):
157         (JSC::SH4Assembler::lastFPRegister):
158
159 2013-10-22  Brian Holt  <brian.holt@samsung.com>
160
161         Build break on ARMv7 after r157209
162         https://bugs.webkit.org/show_bug.cgi?id=122890
163
164         Reviewed by Csaba Osztrogon√°c.
165
166         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
167
168         * assembler/ARMAssembler.h:
169         * assembler/MacroAssemblerARM.h:
170         (JSC::MacroAssemblerARM::firstRegister):
171         (JSC::MacroAssemblerARM::lastRegister):
172         (JSC::MacroAssemblerARM::firstFPRegister):
173         (JSC::MacroAssemblerARM::lastFPRegister):
174
175 2013-10-21  Daniel Bates  <dabates@apple.com>
176
177         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
178         https://bugs.webkit.org/show_bug.cgi?id=123045
179
180         Reviewed by Joseph Pecoraro.
181
182         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
183         to global method table.
184         * runtime/JSGlobalObject.cpp: Ditto.
185         * runtime/JSGlobalObject.h:
186         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
187
188 2013-10-21  Daniel Bates  <dabates@apple.com>
189
190         [iOS] Upstream JSC Objective-C API compiler warning fixes
191         https://bugs.webkit.org/show_bug.cgi?id=123125
192
193         Reviewed by Mark Hahnenberg.
194
195         Based on a patch by Mark Hahnenberg.
196
197         * API/JSValue.mm:
198         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
199         (-[JSValue toSize]): Ditto.
200         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
201
202 2013-10-21  Daniel Bates  <dabates@apple.com>
203
204         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
205         available since iOS 7.0
206         https://bugs.webkit.org/show_bug.cgi?id=123122
207
208         Reviewed by Dan Bernstein.
209
210         * API/JSContext.h:
211         * API/JSManagedValue.h:
212         * API/JSValue.h:
213         * API/JSVirtualMachine.h:
214
215 2013-10-20  Mark Lam  <mark.lam@apple.com>
216
217         Avoid JSC debugger overhead unless needed.
218         https://bugs.webkit.org/show_bug.cgi?id=123084.
219
220         Reviewed by Geoffrey Garen.
221
222         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
223         - If no break on exception is set, we also avoid exception event debug callbacks.
224         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
225           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
226           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
227           returning, the ScriptDebugServer will clear its m_currentCallFrame if
228           needsOpDebugCallbacks() is false.
229
230         * debugger/Debugger.cpp:
231         (JSC::Debugger::Debugger):
232         (JSC::Debugger::setNeedsExceptionCallbacks):
233         (JSC::Debugger::setShouldPause):
234         (JSC::Debugger::updateNumberOfBreakpoints):
235         (JSC::Debugger::updateNeedForOpDebugCallbacks):
236         * debugger/Debugger.h:
237         * interpreter/Interpreter.cpp:
238         (JSC::Interpreter::unwind):
239         (JSC::Interpreter::debug):
240         * jit/JITOpcodes.cpp:
241         (JSC::JIT::emit_op_debug):
242         * jit/JITOpcodes32_64.cpp:
243         (JSC::JIT::emit_op_debug):
244         * llint/LLIntOffsetsExtractor.cpp:
245         * llint/LowLevelInterpreter.asm:
246
247 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
248
249         [WIN] Unreviewed build correction.
250
251         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
252           sources, not header files.
253         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
254
255 2013-10-21  Oliver Hunt  <oliver@apple.com>
256
257         Support computed property names in object literals
258         https://bugs.webkit.org/show_bug.cgi?id=123112
259
260         Reviewed by Michael Saboff.
261
262         Add support for computed property names to the parser.
263
264         * bytecompiler/NodesCodegen.cpp:
265         (JSC::PropertyListNode::emitBytecode):
266         * parser/ASTBuilder.h:
267         (JSC::ASTBuilder::createProperty):
268         (JSC::ASTBuilder::getName):
269         * parser/NodeConstructors.h:
270         (JSC::PropertyNode::PropertyNode):
271         * parser/Nodes.h:
272         (JSC::PropertyNode::expressionName):
273         (JSC::PropertyNode::name):
274         * parser/Parser.cpp:
275         (JSC::::parseProperty):
276         (JSC::::parseStrictObjectLiteral):
277         * parser/SyntaxChecker.h:
278         (JSC::SyntaxChecker::Property::Property):
279         (JSC::SyntaxChecker::createProperty):
280         (JSC::SyntaxChecker::operatorStackPop):
281
282 2013-10-21  Michael Saboff  <msaboff@apple.com>
283
284         Add option so that JSC will crash if it can't allocate executable memory for the JITs
285         https://bugs.webkit.org/show_bug.cgi?id=123048
286         <rdar://problem/12856193>
287
288         Reviewed by Geoffrey Garen.
289
290         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
291         when checking the validity of the executable allocator. The default value for this option is
292         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
293         the app can obtain executable memory.
294
295         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
296         (main):
297         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
298         * runtime/VM.cpp:
299         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
300         is enabled.
301
302 2013-10-21  Nadav Rotem  <nrotem@apple.com>
303
304         Remove AllInOneFile.cpp
305         https://bugs.webkit.org/show_bug.cgi?id=123055
306
307         Reviewed by Csaba Osztrogon√°c.
308
309         * AllInOneFile.cpp: Removed.
310
311 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
312
313         Unreviewed, cleanup a FIXME comment.
314
315         * jit/Repatch.cpp:
316
317 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
318
319         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
320         https://bugs.webkit.org/show_bug.cgi?id=123076
321
322         Reviewed by Sam Weinig.
323         
324         Start preparing for a world in which we are patching code generated by LLVM, which may have
325         very different register usage conventions than our JITs. This requires us being more explicit
326         about the registers we are using. For example, the repatching code shouldn't take for granted
327         that tagMaskRegister holds the TagMask or that the register is even in use.
328
329         * CMakeLists.txt:
330         * GNUmakefile.list.am:
331         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
332         * JavaScriptCore.xcodeproj/project.pbxproj:
333         * assembler/MacroAssembler.h:
334         (JSC::MacroAssembler::numberOfRegisters):
335         (JSC::MacroAssembler::registerIndex):
336         (JSC::MacroAssembler::numberOfFPRegisters):
337         (JSC::MacroAssembler::fpRegisterIndex):
338         (JSC::MacroAssembler::totalNumberOfRegisters):
339         * bytecode/StructureStubInfo.h:
340         * dfg/DFGSpeculativeJIT.cpp:
341         (JSC::DFG::SpeculativeJIT::usedRegisters):
342         * dfg/DFGSpeculativeJIT.h:
343         * ftl/FTLSaveRestore.cpp:
344         (JSC::FTL::bytesForGPRs):
345         (JSC::FTL::bytesForFPRs):
346         (JSC::FTL::offsetOfGPR):
347         (JSC::FTL::offsetOfFPR):
348         * jit/JITInlineCacheGenerator.cpp:
349         (JSC::JITByIdGenerator::JITByIdGenerator):
350         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
351         * jit/JITInlineCacheGenerator.h:
352         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
353         * jit/JITPropertyAccess.cpp:
354         (JSC::JIT::emit_op_get_by_id):
355         (JSC::JIT::emit_op_put_by_id):
356         * jit/JITPropertyAccess32_64.cpp:
357         (JSC::JIT::emit_op_get_by_id):
358         (JSC::JIT::emit_op_put_by_id):
359         * jit/RegisterSet.cpp: Added.
360         (JSC::RegisterSet::specialRegisters):
361         * jit/RegisterSet.h: Added.
362         (JSC::RegisterSet::RegisterSet):
363         (JSC::RegisterSet::set):
364         (JSC::RegisterSet::clear):
365         (JSC::RegisterSet::get):
366         (JSC::RegisterSet::merge):
367         * jit/Repatch.cpp:
368         (JSC::generateProtoChainAccessStub):
369         (JSC::tryCacheGetByID):
370         (JSC::tryBuildGetByIDList):
371         (JSC::emitPutReplaceStub):
372         (JSC::tryRepatchIn):
373         (JSC::linkClosureCall):
374         * jit/TempRegisterSet.cpp: Added.
375         (JSC::TempRegisterSet::TempRegisterSet):
376         * jit/TempRegisterSet.h:
377
378 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
379
380         [sh4] Fix build (broken since r157690).
381         https://bugs.webkit.org/show_bug.cgi?id=123081
382
383         Reviewed by Andreas Kling.
384
385         * assembler/AssemblerBufferWithConstantPool.h:
386         * assembler/SH4Assembler.h:
387         (JSC::SH4Assembler::buffer):
388         (JSC::SH4Assembler::readCallTarget):
389
390 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
391
392         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
393         https://bugs.webkit.org/show_bug.cgi?id=123079
394
395         Reviewed by Geoffrey Garen.
396
397         * jit/TempRegisterSet.h:
398
399 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
400
401         Rename RegisterSet to TempRegisterSet
402         https://bugs.webkit.org/show_bug.cgi?id=123077
403
404         Reviewed by Dan Bernstein.
405
406         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
407         * JavaScriptCore.xcodeproj/project.pbxproj:
408         * bytecode/StructureStubInfo.h:
409         * dfg/DFGJITCompiler.h:
410         * dfg/DFGSpeculativeJIT.h:
411         (JSC::DFG::SpeculativeJIT::usedRegisters):
412         * jit/JITInlineCacheGenerator.cpp:
413         (JSC::JITByIdGenerator::JITByIdGenerator):
414         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
415         * jit/JITInlineCacheGenerator.h:
416         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
417         * jit/JITPropertyAccess.cpp:
418         (JSC::JIT::emit_op_get_by_id):
419         (JSC::JIT::emit_op_put_by_id):
420         * jit/JITPropertyAccess32_64.cpp:
421         (JSC::JIT::emit_op_get_by_id):
422         (JSC::JIT::emit_op_put_by_id):
423         * jit/RegisterSet.h: Removed.
424         * jit/ScratchRegisterAllocator.h:
425         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
426         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
427         (JSC::TempRegisterSet::TempRegisterSet):
428         (JSC::TempRegisterSet::asPOD):
429         (JSC::TempRegisterSet::copyInfo):
430
431 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
432
433         Restructure LinkBuffer to allow for alternate allocation strategies
434         https://bugs.webkit.org/show_bug.cgi?id=123071
435
436         Reviewed by Oliver Hunt.
437         
438         The idea is to eventually allow a LinkBuffer to place the code into an already
439         allocated region of memory.  That region of memory could be the nop-slide left behind
440         by a llvm.webkit.patchpoint.
441
442         * assembler/ARM64Assembler.h:
443         (JSC::ARM64Assembler::buffer):
444         * assembler/AssemblerBuffer.h:
445         * assembler/LinkBuffer.cpp:
446         (JSC::LinkBuffer::copyCompactAndLinkCode):
447         (JSC::LinkBuffer::linkCode):
448         (JSC::LinkBuffer::allocate):
449         (JSC::LinkBuffer::shrink):
450         * assembler/LinkBuffer.h:
451         (JSC::LinkBuffer::LinkBuffer):
452         (JSC::LinkBuffer::didFailToAllocate):
453         * assembler/X86Assembler.h:
454         (JSC::X86Assembler::buffer):
455         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
456
457 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
458
459         Some includes in JSC seem to use an incorrect style
460         https://bugs.webkit.org/show_bug.cgi?id=123057
461
462         Reviewed by Geoffrey Garen.
463
464         Changed pseudo-system includes to user ones.
465
466         * API/JSContextRef.cpp:
467         * API/JSStringRefCF.cpp:
468         * API/JSValueRef.cpp:
469         * API/OpaqueJSString.cpp:
470         * jit/JIT.h:
471         * parser/SyntaxChecker.h:
472         * runtime/WeakGCMap.h:
473
474 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
475
476         Baseline JIT and DFG IC code generation should be unified and rationalized
477         https://bugs.webkit.org/show_bug.cgi?id=122939
478
479         Reviewed by Geoffrey Garen.
480         
481         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
482         some register info and creates JIT inline caches for you. Used this to even furhter
483         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
484         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
485         that it needs to do the equivalent of get_by_id, so with this generator it will be able
486         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
487
488         * CMakeLists.txt:
489         * GNUmakefile.list.am:
490         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
491         * JavaScriptCore.xcodeproj/project.pbxproj:
492         * assembler/AbstractMacroAssembler.h:
493         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
494         * bytecode/CodeBlock.h:
495         (JSC::CodeBlock::ecmaMode):
496         * dfg/DFGInlineCacheWrapper.h: Added.
497         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
498         * dfg/DFGInlineCacheWrapperInlines.h: Added.
499         (JSC::DFG::::finalize):
500         * dfg/DFGJITCompiler.cpp:
501         (JSC::DFG::JITCompiler::link):
502         * dfg/DFGJITCompiler.h:
503         (JSC::DFG::JITCompiler::addGetById):
504         (JSC::DFG::JITCompiler::addPutById):
505         * dfg/DFGSpeculativeJIT32_64.cpp:
506         (JSC::DFG::SpeculativeJIT::cachedGetById):
507         (JSC::DFG::SpeculativeJIT::cachedPutById):
508         * dfg/DFGSpeculativeJIT64.cpp:
509         (JSC::DFG::SpeculativeJIT::cachedGetById):
510         (JSC::DFG::SpeculativeJIT::cachedPutById):
511         (JSC::DFG::SpeculativeJIT::compile):
512         * jit/AssemblyHelpers.h:
513         (JSC::AssemblyHelpers::isStrictModeFor):
514         (JSC::AssemblyHelpers::strictModeFor):
515         * jit/GPRInfo.h:
516         (JSC::JSValueRegs::tagGPR):
517         * jit/JIT.cpp:
518         (JSC::JIT::JIT):
519         (JSC::JIT::privateCompileSlowCases):
520         (JSC::JIT::privateCompile):
521         * jit/JIT.h:
522         * jit/JITInlineCacheGenerator.cpp: Added.
523         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
524         (JSC::JITByIdGenerator::JITByIdGenerator):
525         (JSC::JITByIdGenerator::finalize):
526         (JSC::JITByIdGenerator::generateFastPathChecks):
527         (JSC::JITGetByIdGenerator::generateFastPath):
528         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
529         (JSC::JITPutByIdGenerator::generateFastPath):
530         (JSC::JITPutByIdGenerator::slowPathFunction):
531         * jit/JITInlineCacheGenerator.h: Added.
532         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
533         (JSC::JITInlineCacheGenerator::stubInfo):
534         (JSC::JITByIdGenerator::JITByIdGenerator):
535         (JSC::JITByIdGenerator::reportSlowPathCall):
536         (JSC::JITByIdGenerator::slowPathJump):
537         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
538         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
539         * jit/JITPropertyAccess.cpp:
540         (JSC::JIT::emit_op_get_by_id):
541         (JSC::JIT::emitSlow_op_get_by_id):
542         (JSC::JIT::emit_op_put_by_id):
543         (JSC::JIT::emitSlow_op_put_by_id):
544         * jit/JITPropertyAccess32_64.cpp:
545         (JSC::JIT::emit_op_get_by_id):
546         (JSC::JIT::emitSlow_op_get_by_id):
547         (JSC::JIT::emit_op_put_by_id):
548         (JSC::JIT::emitSlow_op_put_by_id):
549         * jit/RegisterSet.h:
550         (JSC::RegisterSet::set):
551
552 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
553
554         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
555         https://bugs.webkit.org/show_bug.cgi?id=123067
556
557         Reviewed by Geoffrey Garen.
558
559         * API/APICast.h: Include it.
560
561 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
562
563         FTL::Location should treat the offset as an addend in the case of a Register location
564         https://bugs.webkit.org/show_bug.cgi?id=123062
565
566         Reviewed by Sam Weinig.
567
568         * ftl/FTLLocation.cpp:
569         (JSC::FTL::Location::forStackmaps):
570         (JSC::FTL::Location::dump):
571         (JSC::FTL::Location::restoreInto):
572         * ftl/FTLLocation.h:
573         (JSC::FTL::Location::forRegister):
574         (JSC::FTL::Location::hasAddend):
575         (JSC::FTL::Location::addend):
576
577 2013-10-19  Nadav Rotem  <nrotem@apple.com>
578
579         DFG dominators: document and rename stuff.
580         https://bugs.webkit.org/show_bug.cgi?id=123056
581
582         Reviewed by Filip Pizlo.
583
584         Documented the code and renamed some variables.
585
586         * dfg/DFGDominators.cpp:
587         (JSC::DFG::Dominators::compute):
588         (JSC::DFG::Dominators::pruneDominators):
589         * dfg/DFGDominators.h:
590
591 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
592
593         Fix build failure for architectures with 4 argument registers.
594         https://bugs.webkit.org/show_bug.cgi?id=123060
595
596         Reviewed by Michael Saboff.
597
598         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
599         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
600
601         * dfg/DFGSpeculativeJIT.h:
602         (JSC::DFG::SpeculativeJIT::callOperation):
603         * jit/CCallHelpers.h:
604         (JSC::CCallHelpers::setupArgumentsWithExecState):
605         * jit/JITInlines.h:
606         (JSC::JIT::callOperation):
607
608 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
609
610         Unreviewed, fix FTL build.
611
612         * ftl/FTLIntrinsicRepository.h:
613         * ftl/FTLLowerDFGToLLVM.cpp:
614         (JSC::FTL::LowerDFGToLLVM::compileGetById):
615
616 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
617
618         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
619         https://bugs.webkit.org/show_bug.cgi?id=122940
620
621         Reviewed by Oliver Hunt.
622         
623         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
624         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
625         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
626         StructureStubInfo's. It removes some of the need for the compile-time property access
627         records; for example the DFG no longer has to save information about registers in a
628         property access record only to later save it to the stub info.
629         
630         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
631         at any stage of compilation.
632
633         * bytecode/CodeBlock.cpp:
634         (JSC::CodeBlock::printGetByIdCacheStatus):
635         (JSC::CodeBlock::dumpBytecode):
636         (JSC::CodeBlock::~CodeBlock):
637         (JSC::CodeBlock::propagateTransitions):
638         (JSC::CodeBlock::finalizeUnconditionally):
639         (JSC::CodeBlock::addStubInfo):
640         (JSC::CodeBlock::getStubInfoMap):
641         (JSC::CodeBlock::shrinkToFit):
642         * bytecode/CodeBlock.h:
643         (JSC::CodeBlock::begin):
644         (JSC::CodeBlock::end):
645         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
646         * bytecode/CodeOrigin.h:
647         (JSC::CodeOrigin::CodeOrigin):
648         (JSC::CodeOrigin::isHashTableDeletedValue):
649         (JSC::CodeOrigin::hash):
650         (JSC::CodeOriginHash::hash):
651         (JSC::CodeOriginHash::equal):
652         * bytecode/GetByIdStatus.cpp:
653         (JSC::GetByIdStatus::computeFor):
654         * bytecode/GetByIdStatus.h:
655         * bytecode/PutByIdStatus.cpp:
656         (JSC::PutByIdStatus::computeFor):
657         * bytecode/PutByIdStatus.h:
658         * bytecode/StructureStubInfo.h:
659         (JSC::getStructureStubInfoCodeOrigin):
660         * dfg/DFGByteCodeParser.cpp:
661         (JSC::DFG::ByteCodeParser::parseBlock):
662         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
663         * dfg/DFGJITCompiler.cpp:
664         (JSC::DFG::JITCompiler::link):
665         * dfg/DFGJITCompiler.h:
666         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
667         (JSC::DFG::InRecord::InRecord):
668         * dfg/DFGSpeculativeJIT.cpp:
669         (JSC::DFG::SpeculativeJIT::compileIn):
670         * dfg/DFGSpeculativeJIT.h:
671         (JSC::DFG::SpeculativeJIT::callOperation):
672         * dfg/DFGSpeculativeJIT32_64.cpp:
673         (JSC::DFG::SpeculativeJIT::cachedGetById):
674         (JSC::DFG::SpeculativeJIT::cachedPutById):
675         * dfg/DFGSpeculativeJIT64.cpp:
676         (JSC::DFG::SpeculativeJIT::cachedGetById):
677         (JSC::DFG::SpeculativeJIT::cachedPutById):
678         * jit/CCallHelpers.h:
679         (JSC::CCallHelpers::setupArgumentsWithExecState):
680         * jit/JIT.cpp:
681         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
682         (JSC::JIT::privateCompile):
683         * jit/JIT.h:
684         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
685         * jit/JITInlines.h:
686         (JSC::JIT::callOperation):
687         * jit/JITOperations.cpp:
688         * jit/JITOperations.h:
689         * jit/JITPropertyAccess.cpp:
690         (JSC::JIT::emitSlow_op_get_by_id):
691         (JSC::JIT::emitSlow_op_put_by_id):
692         * jit/JITPropertyAccess32_64.cpp:
693         (JSC::JIT::emitSlow_op_get_by_id):
694         (JSC::JIT::emitSlow_op_put_by_id):
695         * jit/Repatch.cpp:
696         (JSC::appropriateGenericPutByIdFunction):
697         (JSC::appropriateListBuildingPutByIdFunction):
698         (JSC::resetPutByID):
699
700 2013-10-18  Oliver Hunt  <oliver@apple.com>
701
702         Spread operator should be performing direct "puts" and not triggering setters
703         https://bugs.webkit.org/show_bug.cgi?id=123047
704
705         Reviewed by Geoffrey Garen.
706
707         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
708         to array construct.  This required a new PutByValDirect node to be introduced to
709         the DFG.  The current implementation simply changes the slow path function that
710         is called, but in future this could be made faster as it does not need to check
711         the prototype chain.
712
713         * bytecode/CodeBlock.cpp:
714         (JSC::CodeBlock::dumpBytecode):
715         (JSC::CodeBlock::CodeBlock):
716         * bytecode/Opcode.h:
717         (JSC::padOpcodeName):
718         * bytecompiler/BytecodeGenerator.cpp:
719         (JSC::BytecodeGenerator::emitDirectPutByVal):
720         * bytecompiler/BytecodeGenerator.h:
721         * bytecompiler/NodesCodegen.cpp:
722         (JSC::ArrayNode::emitBytecode):
723         * dfg/DFGAbstractInterpreterInlines.h:
724         (JSC::DFG::::executeEffects):
725         * dfg/DFGBackwardsPropagationPhase.cpp:
726         (JSC::DFG::BackwardsPropagationPhase::propagate):
727         * dfg/DFGByteCodeParser.cpp:
728         (JSC::DFG::ByteCodeParser::parseBlock):
729         * dfg/DFGCSEPhase.cpp:
730         (JSC::DFG::CSEPhase::getArrayLengthElimination):
731         (JSC::DFG::CSEPhase::getByValLoadElimination):
732         (JSC::DFG::CSEPhase::checkStructureElimination):
733         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
734         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
735         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
736         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
737         (JSC::DFG::CSEPhase::performNodeCSE):
738         * dfg/DFGCapabilities.cpp:
739         (JSC::DFG::capabilityLevel):
740         * dfg/DFGClobberize.h:
741         (JSC::DFG::clobberize):
742         * dfg/DFGFixupPhase.cpp:
743         (JSC::DFG::FixupPhase::fixupNode):
744         * dfg/DFGGraph.h:
745         (JSC::DFG::Graph::clobbersWorld):
746         * dfg/DFGNode.h:
747         (JSC::DFG::Node::hasArrayMode):
748         * dfg/DFGNodeType.h:
749         * dfg/DFGOperations.cpp:
750         (JSC::DFG::putByVal):
751         (JSC::DFG::operationPutByValInternal):
752         * dfg/DFGOperations.h:
753         * dfg/DFGPredictionPropagationPhase.cpp:
754         (JSC::DFG::PredictionPropagationPhase::propagate):
755         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
756         * dfg/DFGSafeToExecute.h:
757         (JSC::DFG::safeToExecute):
758         * dfg/DFGSpeculativeJIT32_64.cpp:
759         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
760         (JSC::DFG::SpeculativeJIT::compile):
761         * dfg/DFGSpeculativeJIT64.cpp:
762         (JSC::DFG::SpeculativeJIT::compile):
763         * dfg/DFGTypeCheckHoistingPhase.cpp:
764         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
765         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
766         * jit/JIT.cpp:
767         (JSC::JIT::privateCompileMainPass):
768         (JSC::JIT::privateCompileSlowCases):
769         * jit/JIT.h:
770         (JSC::JIT::compileDirectPutByVal):
771         * jit/JITOperations.cpp:
772         * jit/JITOperations.h:
773         * jit/JITPropertyAccess.cpp:
774         (JSC::JIT::emitSlow_op_put_by_val):
775         (JSC::JIT::privateCompilePutByVal):
776         * jit/JITPropertyAccess32_64.cpp:
777         (JSC::JIT::emitSlow_op_put_by_val):
778         * llint/LLIntSlowPaths.cpp:
779         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
780         * llint/LLIntSlowPaths.h:
781         * llint/LowLevelInterpreter32_64.asm:
782         * llint/LowLevelInterpreter64.asm:
783
784 2013-10-18  Daniel Bates  <dabates@apple.com>
785
786         [iOS] Export symbol for VM::sharedInstanceExists()
787         https://bugs.webkit.org/show_bug.cgi?id=123046
788
789         Reviewed by Mark Hahnenberg.
790
791         * runtime/VM.h:
792
793 2013-10-18  Daniel Bates  <dabates@apple.com>
794
795         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
796         https://bugs.webkit.org/show_bug.cgi?id=123049
797
798         Reviewed by Mark Hahnenberg.
799
800         * heap/Heap.cpp:
801         (JSC::Heap::setIncrementalSweeper):
802         * heap/Heap.h:
803         * heap/HeapTimer.h:
804         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
805         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
806         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
807         (duplicates the include in the .cpp).
808         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
809         making use of this now, but we'll make use of it in a subsequent patch.
810
811 2013-10-18  Anders Carlsson  <andersca@apple.com>
812
813         Remove spaces between template angle brackets
814         https://bugs.webkit.org/show_bug.cgi?id=123040
815
816         Reviewed by Andreas Kling.
817
818         * API/JSCallbackObject.cpp:
819         (JSC::::create):
820         * API/JSObjectRef.cpp:
821         * bytecode/CodeBlock.h:
822         (JSC::CodeBlock::constants):
823         (JSC::CodeBlock::setConstantRegisters):
824         * bytecode/DFGExitProfile.h:
825         * bytecode/EvalCodeCache.h:
826         * bytecode/Operands.h:
827         * bytecode/UnlinkedCodeBlock.h:
828         (JSC::UnlinkedCodeBlock::constantRegisters):
829         * bytecode/Watchpoint.h:
830         * bytecompiler/BytecodeGenerator.h:
831         * bytecompiler/StaticPropertyAnalysis.h:
832         * bytecompiler/StaticPropertyAnalyzer.h:
833         * dfg/DFGArgumentsSimplificationPhase.cpp:
834         * dfg/DFGBlockInsertionSet.h:
835         * dfg/DFGCSEPhase.cpp:
836         (JSC::DFG::performCSE):
837         (JSC::DFG::performStoreElimination):
838         * dfg/DFGCommonData.h:
839         * dfg/DFGDesiredStructureChains.h:
840         * dfg/DFGDesiredWatchpoints.h:
841         * dfg/DFGJITCompiler.h:
842         * dfg/DFGOSRExitCompiler32_64.cpp:
843         (JSC::DFG::OSRExitCompiler::compileExit):
844         * dfg/DFGOSRExitCompiler64.cpp:
845         (JSC::DFG::OSRExitCompiler::compileExit):
846         * dfg/DFGWorklist.h:
847         * heap/BlockAllocator.h:
848         (JSC::CopiedBlock):
849         (JSC::MarkedBlock):
850         (JSC::WeakBlock):
851         (JSC::MarkStackSegment):
852         (JSC::CopyWorkListSegment):
853         (JSC::HandleBlock):
854         * heap/Heap.h:
855         * heap/Local.h:
856         * heap/MarkedBlock.h:
857         * heap/Strong.h:
858         * jit/AssemblyHelpers.cpp:
859         (JSC::AssemblyHelpers::decodedCodeMapFor):
860         * jit/AssemblyHelpers.h:
861         * jit/SpecializedThunkJIT.h:
862         * parser/Nodes.h:
863         * parser/Parser.cpp:
864         (JSC::::parseIfStatement):
865         * parser/Parser.h:
866         (JSC::Scope::copyCapturedVariablesToVector):
867         (JSC::parse):
868         * parser/ParserArena.h:
869         * parser/SourceProviderCacheItem.h:
870         * profiler/LegacyProfiler.cpp:
871         (JSC::dispatchFunctionToProfiles):
872         * profiler/LegacyProfiler.h:
873         (JSC::LegacyProfiler::currentProfiles):
874         * profiler/ProfileNode.h:
875         (JSC::ProfileNode::children):
876         * profiler/ProfilerDatabase.h:
877         * runtime/Butterfly.h:
878         (JSC::Butterfly::contiguousInt32):
879         (JSC::Butterfly::contiguous):
880         * runtime/GenericTypedArrayViewInlines.h:
881         (JSC::::create):
882         * runtime/Identifier.h:
883         (JSC::Identifier::add):
884         * runtime/JSPromise.h:
885         * runtime/PropertyMapHashTable.h:
886         * runtime/PropertyNameArray.h:
887         * runtime/RegExpCache.h:
888         * runtime/SparseArrayValueMap.h:
889         * runtime/SymbolTable.h:
890         * runtime/VM.h:
891         * tools/CodeProfile.cpp:
892         (JSC::truncateTrace):
893         * tools/CodeProfile.h:
894         * yarr/YarrInterpreter.cpp:
895         * yarr/YarrInterpreter.h:
896         (JSC::Yarr::BytecodePattern::BytecodePattern):
897         * yarr/YarrJIT.cpp:
898         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
899         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
900         (JSC::Yarr::YarrGenerator::opCompileBody):
901         * yarr/YarrPattern.cpp:
902         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
903         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
904         * yarr/YarrPattern.h:
905
906 2013-10-18  Mark Lam  <mark.lam@apple.com>
907
908         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
909         https://bugs.webkit.org/show_bug.cgi?id=123037.
910
911         Reviewed by Geoffrey Garen.
912
913         * jit/JITStubsMSVC64.asm:
914         * jit/JITStubsX86.h:
915         * jit/JITStubsX86_64.h:
916
917 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
918
919         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
920         https://bugs.webkit.org/show_bug.cgi?id=121661
921
922         Reviewed by Mark Hahnenberg.
923         
924         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
925         so I added a return-early check using isCompilationThread().
926         
927         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
928         it is describing: m_offset and the property table. Most structures only have m_offset and report
929         null for the property table. If the property table is there, it will tell you additional
930         information and that information subsumes m_offset - but the m_offset is still there. So, when
931         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
932         machinery to do this.
933         
934         Changing the property table only happens on the main thread.
935         
936         Because the machinery to change the property table is so complex, especially with respect to
937         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
938         called at key points before and after changes to the property table or the offset.
939
940         Most clients of Structure who care about object layout, including the concurrent thread, will
941         want to know m_offset and not the property table. If they want the property table, they will
942         already be super careful. The concurrent thread has special methods for this, like
943         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
944         view of the property table.
945         
946         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
947         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
948         
949         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
950         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
951         because we have found that it helps quickly identify situations where the property table and
952         m_offset get out of sync - mainly because code that changes either of those things will usually
953         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
954         need the property table; it uses the m_offset. The concurrent JIT is correct to call
955         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
956         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
957         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
958         locks, and that same structure is having its property table modified by the main thread, we end
959         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
960         property table modified - instead what happens is that some downstream structure steals the
961         property table and then starts adding things to it. The concurrent thread loads the property
962         table before it's stolen, and hence the badness.
963         
964         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
965         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
966         and then you have a possible crash.
967         
968         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
969         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
970         it's in the concurrent JIT.
971         
972         * runtime/StructureInlines.h:
973         (JSC::Structure::checkOffsetConsistency):
974
975 2013-10-18  Daniel Bates  <dabates@apple.com>
976
977         Add SPI to disable the garbage collector timer
978         https://bugs.webkit.org/show_bug.cgi?id=122921
979
980         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
981         omitted.
982
983         * heap/Heap.cpp:
984         (JSC::Heap::setGarbageCollectionTimerEnabled):
985
986 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
987
988         Group 64-bit specific and 32-bit specific callOperation implementations.
989         https://bugs.webkit.org/show_bug.cgi?id=123024
990
991         Reviewed by Michael Saboff.
992
993         This is not a big deal, but could be less confusing when reading the code.
994
995         * jit/JITInlines.h:
996         (JSC::JIT::callOperation):
997         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
998         (JSC::JIT::callOperationNoExceptionCheck):
999
1000 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1001
1002         Fix a FlushLiveness problem.
1003         https://bugs.webkit.org/show_bug.cgi?id=122984
1004
1005         Reviewed by Filip Pizlo.
1006
1007         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1008         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1009
1010 2013-10-18  Michael Saboff  <msaboff@apple.com>
1011
1012         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1013         https://bugs.webkit.org/show_bug.cgi?id=122982
1014
1015         Reviewed by Geoffrey Garen.
1016
1017         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1018         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1019         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1020         in the process.
1021
1022         * dfg/DFGJITCompiler.cpp:
1023         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1024         * jit/CCallHelpers.h:
1025         (JSC::CCallHelpers::jumpToExceptionHandler):
1026         * jit/JIT.cpp:
1027         (JSC::JIT::privateCompileExceptionHandlers):
1028         * jit/JIT.h:
1029         * jit/JITExceptions.cpp:
1030         (JSC::genericUnwind):
1031         * jit/JITExceptions.h:
1032         * jit/JITInlines.h:
1033         (JSC::JIT::callOperationNoExceptionCheck):
1034         * jit/JITOpcodes.cpp:
1035         (JSC::JIT::emit_op_throw):
1036         * jit/JITOpcodes32_64.cpp:
1037         (JSC::JIT::privateCompileCTINativeCall):
1038         (JSC::JIT::emit_op_throw):
1039         * jit/JITOperations.cpp:
1040         * jit/JITOperations.h:
1041         * jit/JITStubs.cpp:
1042         * jit/JITStubs.h:
1043         * jit/JITStubsARM.h:
1044         * jit/JITStubsARM64.h:
1045         * jit/JITStubsARMv7.h:
1046         * jit/JITStubsMIPS.h:
1047         * jit/JITStubsMSVC64.asm:
1048         * jit/JITStubsSH4.h:
1049         * jit/JITStubsX86.h:
1050         * jit/JITStubsX86_64.h:
1051         * jit/Repatch.cpp:
1052         (JSC::tryBuildGetByIDList):
1053         * jit/SlowPathCall.h:
1054         (JSC::JITSlowPathCall::call):
1055         * jit/ThunkGenerators.cpp:
1056         (JSC::throwExceptionFromCallSlowPathGenerator):
1057         (JSC::nativeForGenerator):
1058         * runtime/VM.h:
1059         (JSC::VM::callFrameForThrowOffset):
1060         (JSC::VM::targetMachinePCForThrowOffset):
1061
1062 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1063
1064         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1065         https://bugs.webkit.org/show_bug.cgi?id=123023
1066
1067         Reviewed by Michael Saboff.
1068
1069         * jit/JITInlines.h:
1070         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1071         using EABI_32BIT_DUMMY_ARG here.
1072
1073 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1074
1075         Unreviewed, another ARM64 build fix.
1076         
1077         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1078         on ARM64 and none of its uses are legit - they should all be using
1079         andPtr(TrustedImm32, blah) anyway.
1080
1081         * assembler/MacroAssembler.h:
1082         * assembler/MacroAssemblerARM64.h:
1083         * dfg/DFGJITCompiler.cpp:
1084         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1085         * jit/JIT.cpp:
1086         (JSC::JIT::privateCompileExceptionHandlers):
1087
1088 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1089
1090         Unreviewed, speculative ARM64 build fix.
1091         
1092         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1093         implemented. So, you have to use TrustedImmPtr in the superclasses.
1094
1095         * assembler/MacroAssemblerARM64.h:
1096         (JSC::MacroAssemblerARM64::store8):
1097         (JSC::MacroAssemblerARM64::branchTest8):
1098
1099 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1100
1101         Unreviewed, speculative ARM build fix.
1102         https://bugs.webkit.org/show_bug.cgi?id=122890
1103         <rdar://problem/15258624>
1104
1105         * assembler/ARM64Assembler.h:
1106         (JSC::ARM64Assembler::firstRegister):
1107         (JSC::ARM64Assembler::lastRegister):
1108         (JSC::ARM64Assembler::firstFPRegister):
1109         (JSC::ARM64Assembler::lastFPRegister):
1110         * assembler/MacroAssemblerARM64.h:
1111         * assembler/MacroAssemblerARMv7.h:
1112
1113 2013-10-17  Andreas Kling  <akling@apple.com>
1114
1115         Pass VM instead of JSGlobalObject to JSONObject constructor.
1116         <https://webkit.org/b/122999>
1117
1118         JSONObject was only use the JSGlobalObject to grab at the VM.
1119         Dodge a few loads by passing the VM directly instead.
1120
1121         Reviewed by Geoffrey Garen.
1122
1123         * runtime/JSONObject.cpp:
1124         (JSC::JSONObject::JSONObject):
1125         (JSC::JSONObject::finishCreation):
1126         * runtime/JSONObject.h:
1127         (JSC::JSONObject::create):
1128
1129 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1130
1131         Removed the JITStackFrame struct
1132         https://bugs.webkit.org/show_bug.cgi?id=123001
1133
1134         Reviewed by Anders Carlsson.
1135
1136         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1137         our helper functions obey the C function call ABI.
1138
1139 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1140
1141         Removed an unused #define
1142         https://bugs.webkit.org/show_bug.cgi?id=123000
1143
1144         Reviewed by Anders Carlsson.
1145
1146         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1147         since it is unused now. This is a step toward using the C stack.
1148
1149 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1150
1151         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1152         https://bugs.webkit.org/show_bug.cgi?id=122973
1153
1154         Reviewed by Michael Saboff.
1155
1156         * jit/ThunkGenerators.cpp:
1157         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1158         so I removed it.
1159
1160         The code acted as if it needed to pass an argument to
1161         lookupExceptionHandler, and as if it passed that argument to itself
1162         through JITStackFrame. However, lookupExceptionHandler does not take
1163         an argument (other than the default ExecState argument), and the code
1164         did not initialize the thing that it thought it passed to itself!
1165
1166 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1167
1168         Run JavaScriptCore tests again on Windows.
1169         https://bugs.webkit.org/show_bug.cgi?id=122787
1170
1171         Reviewed by Tim Horton.
1172
1173         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1174         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1175
1176 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1177
1178         Removed restoreArgumentReference (another use of JITStackFrame)
1179         https://bugs.webkit.org/show_bug.cgi?id=122997
1180
1181         Reviewed by Oliver Hunt.
1182
1183         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1184         toward using the C stack.
1185
1186 2013-10-17  Oliver Hunt  <oliver@apple.com>
1187
1188         Remove JITStubCall.h
1189         https://bugs.webkit.org/show_bug.cgi?id=122991
1190
1191         Reviewed by Geoff Garen.
1192
1193         Happily this is no longer used
1194
1195         * GNUmakefile.list.am:
1196         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1197         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1198         * JavaScriptCore.xcodeproj/project.pbxproj:
1199         * jit/JIT.cpp:
1200         * jit/JITArithmetic.cpp:
1201         * jit/JITArithmetic32_64.cpp:
1202         * jit/JITCall.cpp:
1203         * jit/JITCall32_64.cpp:
1204         * jit/JITOpcodes.cpp:
1205         * jit/JITOpcodes32_64.cpp:
1206         * jit/JITPropertyAccess.cpp:
1207         * jit/JITPropertyAccess32_64.cpp:
1208         * jit/JITStubCall.h: Removed.
1209
1210 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1211
1212         Removed a use of JITSTACKFRAME_ARGS_INDEX
1213         https://bugs.webkit.org/show_bug.cgi?id=122989
1214
1215         Reviewed by Oliver Hunt.
1216
1217         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1218         to using the C stack.
1219
1220 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1221
1222         Change emit_op_catch to use another method to materialize VM
1223         https://bugs.webkit.org/show_bug.cgi?id=122977
1224
1225         Reviewed by Oliver Hunt.
1226
1227         * jit/JITOpcodes.cpp:
1228         (JSC::JIT::emit_op_catch):
1229         * jit/JITOpcodes32_64.cpp:
1230         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1231         on JITStackFrame. It is also faster and simpler.
1232
1233 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1234
1235         Eliminate emitGetJITStubArg() - dead code
1236         https://bugs.webkit.org/show_bug.cgi?id=122975
1237
1238         Reviewed by Anders Carlsson.
1239
1240         * jit/JIT.h:
1241         * jit/JITInlines.h: Removed unused, deprecated function.
1242
1243 2013-10-17  Mark Lam  <mark.lam@apple.com>
1244
1245         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1246         https://bugs.webkit.org/show_bug.cgi?id=122979.
1247
1248         Reviewed by Michael Saboff.
1249
1250         * jit/JITStubs.cpp:
1251         * jit/JITStubs.h:
1252         * jit/JITStubsARM.h:
1253         * jit/JITStubsARM64.h:
1254         * jit/JITStubsARMv7.h:
1255         * jit/JITStubsMIPS.h:
1256         * jit/JITStubsSH4.h:
1257         * jit/JITStubsX86.h:
1258         * jit/JITStubsX86_64.h:
1259         * runtime/VM.cpp:
1260         (JSC::VM::VM):
1261
1262 2013-10-17  Michael Saboff  <msaboff@apple.com>
1263
1264         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1265         https://bugs.webkit.org/show_bug.cgi?id=122974
1266
1267         Reviewed by Geoffrey Garen.
1268
1269         Eliminated unneeded storing to JITStackFrame.
1270
1271         * dfg/DFGJITCompiler.cpp:
1272         (JSC::DFG::JITCompiler::compileFunction):
1273
1274 2013-10-17  Michael Saboff  <msaboff@apple.com>
1275
1276         Transition cti_op_throw and cti_vm_throw to a JIT operation
1277         https://bugs.webkit.org/show_bug.cgi?id=122931
1278
1279         Reviewed by Filip Pizlo.
1280
1281         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1282         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1283         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1284         callOperation to handle the need to provide space for structure return value.
1285
1286         * jit/JIT.h:
1287         * jit/JITInlines.h:
1288         (JSC::JIT::callOperation):
1289         * jit/JITOpcodes.cpp:
1290         (JSC::JIT::emit_op_throw):
1291         * jit/JITOpcodes32_64.cpp:
1292         (JSC::JIT::emit_op_throw):
1293         (JSC::JIT::emit_op_catch):
1294         * jit/JITOperations.cpp:
1295         * jit/JITOperations.h:
1296         * jit/JITStubs.cpp:
1297         * jit/JITStubs.h:
1298         * jit/JITStubsARM.h:
1299         * jit/JITStubsARM64.h:
1300         * jit/JITStubsARMv7.h:
1301         * jit/JITStubsMIPS.h:
1302         * jit/JITStubsMSVC64.asm:
1303         * jit/JITStubsSH4.h:
1304         * jit/JITStubsX86.h:
1305         * jit/JITStubsX86_64.h:
1306         * jit/JSInterfaceJIT.h:
1307
1308 2013-10-17  Mark Lam  <mark.lam@apple.com>
1309
1310         Remove JITStackFrame references in the C Loop LLINT.
1311         https://bugs.webkit.org/show_bug.cgi?id=122950.
1312
1313         Reviewed by Michael Saboff.
1314
1315         * jit/JITStubs.h:
1316         * llint/LowLevelInterpreter.cpp:
1317         (JSC::CLoop::execute):
1318         * offlineasm/cloop.rb:
1319
1320 2013-10-17  Mark Lam  <mark.lam@apple.com>
1321
1322         Remove JITStackFrame references in JIT probes.
1323         https://bugs.webkit.org/show_bug.cgi?id=122947.
1324
1325         Reviewed by Michael Saboff.
1326
1327         * assembler/MacroAssemblerARM.cpp:
1328         (JSC::MacroAssemblerARM::ProbeContext::dump):
1329         * assembler/MacroAssemblerARM.h:
1330         * assembler/MacroAssemblerARMv7.cpp:
1331         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1332         * assembler/MacroAssemblerARMv7.h:
1333         * assembler/MacroAssemblerX86Common.cpp:
1334         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1335         * assembler/MacroAssemblerX86Common.h:
1336         * jit/JITStubsARM.h:
1337         * jit/JITStubsARMv7.h:
1338         * jit/JITStubsX86.h:
1339         * jit/JITStubsX86Common.h:
1340         * jit/JITStubsX86_64.h:
1341
1342 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1343
1344         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1345         https://bugs.webkit.org/show_bug.cgi?id=122949
1346
1347         Reviewed by Andreas Kling.
1348
1349         * jit/CCallHelpers.h:
1350         (JSC::CCallHelpers::setupArgumentsWithExecState):
1351
1352 2013-10-16  Mark Lam  <mark.lam@apple.com>
1353
1354         Transition remaining op_get* JITStubs to JIT operations.
1355         https://bugs.webkit.org/show_bug.cgi?id=122925.
1356
1357         Reviewed by Geoffrey Garen.
1358
1359         Transitioning:
1360             cti_op_get_by_id_generic
1361             cti_op_get_by_val
1362             cti_op_get_by_val_generic
1363             cti_op_get_by_val_string
1364
1365         * dfg/DFGOperations.cpp:
1366         * dfg/DFGOperations.h:
1367         * jit/JIT.h:
1368         * jit/JITInlines.h:
1369         (JSC::JIT::callOperation):
1370         * jit/JITOpcodes.cpp:
1371         (JSC::JIT::emitSlow_op_get_arguments_length):
1372         (JSC::JIT::emitSlow_op_get_argument_by_val):
1373         * jit/JITOpcodes32_64.cpp:
1374         (JSC::JIT::emitSlow_op_get_arguments_length):
1375         (JSC::JIT::emitSlow_op_get_argument_by_val):
1376         * jit/JITOperations.cpp:
1377         * jit/JITOperations.h:
1378         * jit/JITPropertyAccess.cpp:
1379         (JSC::JIT::emitSlow_op_get_by_val):
1380         (JSC::JIT::emitSlow_op_get_by_pname):
1381         (JSC::JIT::privateCompileGetByVal):
1382         * jit/JITPropertyAccess32_64.cpp:
1383         (JSC::JIT::emitSlow_op_get_by_val):
1384         (JSC::JIT::emitSlow_op_get_by_pname):
1385         * jit/JITStubs.cpp:
1386         * jit/JITStubs.h:
1387         * runtime/Executable.cpp:
1388         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1389         * runtime/Options.cpp:
1390         (JSC::Options::initialize):
1391
1392 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1393
1394         Introduce WTF::Bag and start using it for InlineCallFrameSet
1395         https://bugs.webkit.org/show_bug.cgi?id=122941
1396
1397         Reviewed by Geoffrey Garen.
1398         
1399         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1400         SegmentedVectors into Bags as well.
1401
1402         * bytecode/InlineCallFrameSet.cpp:
1403         (JSC::InlineCallFrameSet::add):
1404         * bytecode/InlineCallFrameSet.h:
1405         (JSC::InlineCallFrameSet::begin):
1406         (JSC::InlineCallFrameSet::end):
1407         * dfg/DFGArgumentsSimplificationPhase.cpp:
1408         (JSC::DFG::ArgumentsSimplificationPhase::run):
1409         * dfg/DFGJITCompiler.cpp:
1410         (JSC::DFG::JITCompiler::link):
1411         * dfg/DFGStackLayoutPhase.cpp:
1412         (JSC::DFG::StackLayoutPhase::run):
1413         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1414         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1415
1416 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1417
1418         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1419         https://bugs.webkit.org/show_bug.cgi?id=122905
1420         <rdar://problem/15237856>
1421
1422         Reviewed by Michael Saboff.
1423         
1424         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1425         then always call it to install something that calls CRASH().
1426
1427         * llvm/InitializeLLVM.cpp:
1428         (JSC::llvmCrash):
1429         (JSC::initializeLLVMOnce):
1430         (JSC::initializeLLVM):
1431         * llvm/LLVMAPIFunctions.h:
1432
1433 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1434
1435         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1436         https://bugs.webkit.org/show_bug.cgi?id=122938
1437
1438         Reviewed by Sam Weinig.
1439         
1440         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1441
1442         * jit/Repatch.cpp:
1443         (JSC::tryBuildGetByIDList):
1444
1445 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1446
1447         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1448         https://bugs.webkit.org/show_bug.cgi?id=122937
1449
1450         Reviewed by Geoffrey Garen.
1451         
1452         JITStubCall used to do it.
1453         
1454         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1455
1456         * jit/JIT.h:
1457         (JSC::JIT::appendCall):
1458
1459 2013-10-16  Michael Saboff  <msaboff@apple.com>
1460
1461         transition void cti_op_put_by_val* stubs to JIT operations
1462         https://bugs.webkit.org/show_bug.cgi?id=122903
1463
1464         Reviewed by Geoffrey Garen.
1465
1466         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1467         operationPutByValGeneric.
1468
1469         * jit/CCallHelpers.h:
1470         (JSC::CCallHelpers::setupArgumentsWithExecState):
1471         * jit/JIT.h:
1472         * jit/JITInlines.h:
1473         (JSC::JIT::callOperation):
1474         * jit/JITOperations.cpp:
1475         * jit/JITOperations.h:
1476         * jit/JITPropertyAccess.cpp:
1477         (JSC::JIT::emitSlow_op_put_by_val):
1478         (JSC::JIT::privateCompilePutByVal):
1479         * jit/JITPropertyAccess32_64.cpp:
1480         (JSC::JIT::emitSlow_op_put_by_val):
1481         * jit/JITStubs.cpp:
1482         * jit/JITStubs.h:
1483         * jit/JSInterfaceJIT.h:
1484
1485 2013-10-16  Oliver Hunt  <oliver@apple.com>
1486
1487         Implement ES6 spread operator
1488         https://bugs.webkit.org/show_bug.cgi?id=122911
1489
1490         Reviewed by Michael Saboff.
1491
1492         Implement the ES6 spread operator
1493
1494         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1495         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1496         driven.
1497
1498         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1499         and actually handling the spread.
1500
1501         * bytecompiler/BytecodeGenerator.cpp:
1502         (JSC::BytecodeGenerator::emitNewArray):
1503         (JSC::BytecodeGenerator::emitCall):
1504         (JSC::BytecodeGenerator::emitEnumeration):
1505         * bytecompiler/BytecodeGenerator.h:
1506         * bytecompiler/NodesCodegen.cpp:
1507         (JSC::ArrayNode::emitBytecode):
1508         (JSC::ForOfNode::emitBytecode):
1509         (JSC::SpreadExpressionNode::emitBytecode):
1510         * parser/ASTBuilder.h:
1511         (JSC::ASTBuilder::createSpreadExpression):
1512         * parser/Lexer.cpp:
1513         (JSC::::lex):
1514         * parser/NodeConstructors.h:
1515         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1516         * parser/Nodes.h:
1517         (JSC::ExpressionNode::isSpreadExpression):
1518         (JSC::SpreadExpressionNode::expression):
1519         * parser/Parser.cpp:
1520         (JSC::::parseArrayLiteral):
1521         (JSC::::parseArguments):
1522         (JSC::::parseMemberExpression):
1523         * parser/Parser.h:
1524         (JSC::Parser::getTokenName):
1525         (JSC::Parser::updateErrorMessageSpecialCase):
1526         * parser/ParserTokens.h:
1527         * parser/SyntaxChecker.h:
1528         (JSC::SyntaxChecker::createSpreadExpression):
1529
1530 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1531
1532         Add a useLLInt option to jsc
1533         https://bugs.webkit.org/show_bug.cgi?id=122930
1534
1535         Reviewed by Geoffrey Garen.
1536
1537         * runtime/Executable.cpp:
1538         (JSC::setupLLInt):
1539         (JSC::setupJIT):
1540         (JSC::ScriptExecutable::prepareForExecutionImpl):
1541         * runtime/Options.h:
1542
1543 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1544
1545         Build fix.
1546
1547         Forgot to svn add DeferGC.cpp
1548
1549         * heap/DeferGC.cpp: Added.
1550
1551 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1552
1553         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1554         https://bugs.webkit.org/show_bug.cgi?id=122902
1555
1556         Reviewed by Mark Hahnenberg.
1557         
1558         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1559         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1560         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1561         didn't. Turns out that there's even a helpful method,
1562         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1563
1564         * jit/Repatch.cpp:
1565         (JSC::tryCachePutByID):
1566
1567 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1568
1569         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1570         https://bugs.webkit.org/show_bug.cgi?id=122667
1571
1572         Reviewed by Geoffrey Garen.
1573
1574         The issue this patch is attempting to fix is that there are places in our codebase
1575         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1576         operations that can initiate a garbage collection. Garbage collection then calls 
1577         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1578         always necessarily run during garbage collection). This causes a deadlock.
1579  
1580         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1581         into a thread-local field that indicates that it is unsafe to perform any operation 
1582         that could trigger garbage collection on the current thread. In debug builds, 
1583         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1584         detect deadlocks.
1585  
1586         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1587         which uses the DeferGC mechanism to prevent collections from occurring while the 
1588         lock is held.
1589
1590         * CMakeLists.txt:
1591         * GNUmakefile.list.am:
1592         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1593         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1594         * JavaScriptCore.xcodeproj/project.pbxproj:
1595         * heap/DeferGC.h:
1596         (JSC::DisallowGC::DisallowGC):
1597         (JSC::DisallowGC::~DisallowGC):
1598         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1599         (JSC::DisallowGC::initialize):
1600         * jit/Repatch.cpp:
1601         (JSC::repatchPutByID):
1602         (JSC::buildPutByIdList):
1603         * llint/LLIntSlowPaths.cpp:
1604         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1605         * runtime/ConcurrentJITLock.h:
1606         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1607         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1608         (JSC::ConcurrentJITLockerBase::unlockEarly):
1609         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1610         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1611         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1612         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1613         * runtime/InitializeThreading.cpp:
1614         (JSC::initializeThreadingOnce):
1615         * runtime/JSCellInlines.h:
1616         (JSC::allocateCell):
1617         * runtime/JSSymbolTableObject.h:
1618         (JSC::symbolTablePut):
1619         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1620         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1621         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1622         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1623         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1624         the Structure.
1625         (JSC::Structure::materializePropertyMap):
1626         (JSC::Structure::despecifyDictionaryFunction):
1627         (JSC::Structure::changePrototypeTransition):
1628         (JSC::Structure::despecifyFunctionTransition):
1629         (JSC::Structure::attributeChangeTransition):
1630         (JSC::Structure::toDictionaryTransition):
1631         (JSC::Structure::preventExtensionsTransition):
1632         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1633         (JSC::Structure::isSealed):
1634         (JSC::Structure::isFrozen):
1635         (JSC::Structure::addPropertyWithoutTransition):
1636         (JSC::Structure::removePropertyWithoutTransition):
1637         (JSC::Structure::get):
1638         (JSC::Structure::despecifyFunction):
1639         (JSC::Structure::despecifyAllFunctions):
1640         (JSC::Structure::putSpecificValue):
1641         (JSC::Structure::createPropertyMap):
1642         (JSC::Structure::getPropertyNamesFromStructure):
1643         * runtime/Structure.h:
1644         (JSC::Structure::materializePropertyMapIfNecessary):
1645         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1646         * runtime/StructureInlines.h:
1647         (JSC::Structure::get):
1648         * runtime/SymbolTable.h:
1649         (JSC::SymbolTable::find):
1650         (JSC::SymbolTable::end):
1651
1652 2013-10-16  Daniel Bates  <dabates@apple.com>
1653
1654         Add SPI to disable the garbage collector timer
1655         https://bugs.webkit.org/show_bug.cgi?id=122921
1656
1657         Reviewed by Geoffrey Garen.
1658
1659         Based on a patch by Mark Hahnenberg.
1660
1661         * API/JSBase.cpp:
1662         (JSDisableGCTimer): Added; SPI function.
1663         * API/JSBasePrivate.h:
1664         * heap/BlockAllocator.cpp:
1665         (JSC::createBlockFreeingThread): Added.
1666         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1667         to conditionally create the "block freeing" thread depending on the value of
1668         GCActivityCallback::s_shouldCreateGCTimer.
1669         (JSC::BlockAllocator::~BlockAllocator):
1670         * heap/BlockAllocator.h:
1671         (JSC::BlockAllocator::deallocate):
1672         * heap/Heap.cpp:
1673         (JSC::Heap::didAbandon):
1674         (JSC::Heap::collect):
1675         (JSC::Heap::didAllocate):
1676         * heap/HeapTimer.cpp:
1677         (JSC::HeapTimer::timerDidFire):
1678         * runtime/GCActivityCallback.cpp:
1679         * runtime/GCActivityCallback.h:
1680         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1681         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1682         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1683
1684 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1685
1686         Unreviewed, rolling out r157529.
1687         http://trac.webkit.org/changeset/157529
1688         https://bugs.webkit.org/show_bug.cgi?id=122919
1689
1690         Caused score test failures and some build failures. (Requested
1691         by rfong on #webkit).
1692
1693         * bytecompiler/BytecodeGenerator.cpp:
1694         (JSC::BytecodeGenerator::emitNewArray):
1695         (JSC::BytecodeGenerator::emitCall):
1696         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1697         * bytecompiler/BytecodeGenerator.h:
1698         * bytecompiler/NodesCodegen.cpp:
1699         (JSC::ArrayNode::emitBytecode):
1700         (JSC::CallArguments::CallArguments):
1701         (JSC::ForOfNode::emitBytecode):
1702         (JSC::BindingNode::collectBoundIdentifiers):
1703         * parser/ASTBuilder.h:
1704         * parser/Lexer.cpp:
1705         (JSC::::lex):
1706         * parser/NodeConstructors.h:
1707         (JSC::DotAccessorNode::DotAccessorNode):
1708         * parser/Nodes.h:
1709         * parser/Parser.cpp:
1710         (JSC::::parseArrayLiteral):
1711         (JSC::::parseArguments):
1712         (JSC::::parseMemberExpression):
1713         * parser/Parser.h:
1714         (JSC::Parser::getTokenName):
1715         (JSC::Parser::updateErrorMessageSpecialCase):
1716         * parser/ParserTokens.h:
1717         * parser/SyntaxChecker.h:
1718
1719 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1720
1721         Remove useless architecture specific implementation in DFG.
1722         https://bugs.webkit.org/show_bug.cgi?id=122917.
1723
1724         Reviewed by Michael Saboff.
1725
1726         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1727         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1728
1729         * dfg/DFGSpeculativeJIT.h:
1730
1731 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1732
1733         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1734         https://bugs.webkit.org/show_bug.cgi?id=122916.
1735
1736         Reviewed by Michael Saboff.
1737
1738         This architecture specific function is not used anymore, so get rid of it.
1739
1740         * jit/JIT.h:
1741         * jit/JITInlines.h:
1742
1743 2013-10-16  Oliver Hunt  <oliver@apple.com>
1744
1745         Implement ES6 spread operator
1746         https://bugs.webkit.org/show_bug.cgi?id=122911
1747
1748         Reviewed by Michael Saboff.
1749
1750         Implement the ES6 spread operator
1751
1752         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1753         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1754         driven.
1755
1756         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1757         and actually handling the spread.
1758
1759         * bytecompiler/BytecodeGenerator.cpp:
1760         (JSC::BytecodeGenerator::emitNewArray):
1761         (JSC::BytecodeGenerator::emitCall):
1762         (JSC::BytecodeGenerator::emitEnumeration):
1763         * bytecompiler/BytecodeGenerator.h:
1764         * bytecompiler/NodesCodegen.cpp:
1765         (JSC::ArrayNode::emitBytecode):
1766         (JSC::ForOfNode::emitBytecode):
1767         (JSC::SpreadExpressionNode::emitBytecode):
1768         * parser/ASTBuilder.h:
1769         (JSC::ASTBuilder::createSpreadExpression):
1770         * parser/Lexer.cpp:
1771         (JSC::::lex):
1772         * parser/NodeConstructors.h:
1773         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1774         * parser/Nodes.h:
1775         (JSC::ExpressionNode::isSpreadExpression):
1776         (JSC::SpreadExpressionNode::expression):
1777         * parser/Parser.cpp:
1778         (JSC::::parseArrayLiteral):
1779         (JSC::::parseArguments):
1780         (JSC::::parseMemberExpression):
1781         * parser/Parser.h:
1782         (JSC::Parser::getTokenName):
1783         (JSC::Parser::updateErrorMessageSpecialCase):
1784         * parser/ParserTokens.h:
1785         * parser/SyntaxChecker.h:
1786         (JSC::SyntaxChecker::createSpreadExpression):
1787
1788 2013-10-16  Mark Lam  <mark.lam@apple.com>
1789
1790         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1791         https://bugs.webkit.org/show_bug.cgi?id=122899.
1792
1793         Reviewed by Michael Saboff.
1794
1795         * jit/JITOpcodes32_64.cpp:
1796         (JSC::JIT::emit_op_tear_off_activation):
1797         (JSC::JIT::emit_op_tear_off_arguments):
1798         * jit/JITStubs.cpp:
1799         * jit/JITStubs.h:
1800
1801 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1802
1803         Remove more of the UNINTERRUPTED_SEQUENCE thing
1804         https://bugs.webkit.org/show_bug.cgi?id=122885
1805
1806         Reviewed by Andreas Kling.
1807
1808         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1809
1810         * jit/JIT.h:
1811         * jit/JITInlines.h:
1812
1813 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1814
1815         Get rid of the StructureStubInfo::patch union
1816         https://bugs.webkit.org/show_bug.cgi?id=122877
1817
1818         Reviewed by Sam Weinig.
1819         
1820         Just simplifying code by getting rid of data structures that ain't used no more.
1821         
1822         Note that I replace the patch union with a patch struct. This means we say things like
1823         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1824         encapsulation makes the code more readable: the patch struct contains just those things
1825         that you need to know to perform patching.
1826
1827         * bytecode/StructureStubInfo.h:
1828         * dfg/DFGJITCompiler.cpp:
1829         (JSC::DFG::JITCompiler::link):
1830         * jit/JIT.cpp:
1831         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1832         * jit/Repatch.cpp:
1833         (JSC::repatchByIdSelfAccess):
1834         (JSC::replaceWithJump):
1835         (JSC::linkRestoreScratch):
1836         (JSC::generateProtoChainAccessStub):
1837         (JSC::tryCacheGetByID):
1838         (JSC::getPolymorphicStructureList):
1839         (JSC::patchJumpToGetByIdStub):
1840         (JSC::tryBuildGetByIDList):
1841         (JSC::emitPutReplaceStub):
1842         (JSC::emitPutTransitionStub):
1843         (JSC::tryCachePutByID):
1844         (JSC::tryBuildPutByIdList):
1845         (JSC::tryRepatchIn):
1846         (JSC::resetGetByID):
1847         (JSC::resetPutByID):
1848         (JSC::resetIn):
1849
1850 2013-10-15  Nadav Rotem  <nrotem@apple.com>
1851
1852         FTL: add support for Int52ToValue and fix putByVal of int52s.
1853         https://bugs.webkit.org/show_bug.cgi?id=122873
1854
1855         Reviewed by Filip Pizlo.
1856
1857         * ftl/FTLCapabilities.cpp:
1858         (JSC::FTL::canCompile):
1859         * ftl/FTLLowerDFGToLLVM.cpp:
1860         (JSC::FTL::LowerDFGToLLVM::compileNode):
1861         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
1862         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1863
1864 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1865
1866         Get rid of the UNINTERRUPTED_SEQUENCE thing
1867         https://bugs.webkit.org/show_bug.cgi?id=122876
1868
1869         Reviewed by Mark Hahnenberg.
1870         
1871         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
1872         
1873         Moreover, we should resist the temptation to bring anything like this back. We don't
1874         want to have inline caches that only work if the assembler lays out code in a specific
1875         predetermined way.
1876
1877         * jit/JIT.h:
1878         * jit/JITCall.cpp:
1879         (JSC::JIT::compileOpCall):
1880         * jit/JITCall32_64.cpp:
1881         (JSC::JIT::compileOpCall):
1882
1883 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1884
1885         Baseline JIT should use the DFG GetById IC
1886         https://bugs.webkit.org/show_bug.cgi?id=122861
1887
1888         Reviewed by Oliver Hunt.
1889         
1890         This mostly just kills a ton of code.
1891         
1892         Note that this doesn't yet do all of the simplifications that can be done, but it does
1893         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
1894
1895         * bytecode/CodeBlock.cpp:
1896         (JSC::CodeBlock::resetStubInternal):
1897         * jit/JIT.cpp:
1898         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1899         * jit/JIT.h:
1900         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
1901         * jit/JITInlines.h:
1902         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1903         (JSC::JIT::callOperation):
1904         * jit/JITPropertyAccess.cpp:
1905         (JSC::JIT::compileGetByIdHotPath):
1906         (JSC::JIT::emitSlow_op_get_by_id):
1907         (JSC::JIT::emitSlow_op_get_from_scope):
1908         * jit/JITPropertyAccess32_64.cpp:
1909         (JSC::JIT::compileGetByIdHotPath):
1910         (JSC::JIT::emitSlow_op_get_by_id):
1911         (JSC::JIT::emitSlow_op_get_from_scope):
1912         * jit/JITStubs.cpp:
1913         * jit/JITStubs.h:
1914         * jit/Repatch.cpp:
1915         (JSC::repatchGetByID):
1916         (JSC::buildGetByIDList):
1917         * jit/ThunkGenerators.cpp:
1918         * jit/ThunkGenerators.h:
1919
1920 2013-10-15  Dean Jackson  <dino@apple.com>
1921
1922         Add ENABLE_WEB_ANIMATIONS flag
1923         https://bugs.webkit.org/show_bug.cgi?id=122871
1924
1925         Reviewed by Tim Horton.
1926
1927         Eventually might be http://dev.w3.org/fxtf/web-animations/
1928         but this is just engine-internal work at the moment.
1929
1930         * Configurations/FeatureDefines.xcconfig:
1931
1932 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1933
1934         [sh4] Some calls don't match sh4 ABI.
1935         https://bugs.webkit.org/show_bug.cgi?id=122863
1936
1937         Reviewed by Michael Saboff.
1938
1939         * dfg/DFGSpeculativeJIT.h:
1940         (JSC::DFG::SpeculativeJIT::callOperation):
1941         * jit/CCallHelpers.h:
1942         (JSC::CCallHelpers::setupArgumentsWithExecState):
1943         * jit/JITInlines.h:
1944         (JSC::JIT::callOperation):
1945
1946 2013-10-15  Daniel Bates  <dabates@apple.com>
1947
1948         [iOS] Upstream JavaScriptCore support for ARM64
1949         https://bugs.webkit.org/show_bug.cgi?id=122762
1950
1951         Reviewed by Oliver Hunt and Filip Pizlo.
1952
1953         * Configurations/Base.xcconfig:
1954         * Configurations/DebugRelease.xcconfig:
1955         * Configurations/JavaScriptCore.xcconfig:
1956         * Configurations/ToolExecutable.xcconfig:
1957         * JavaScriptCore.xcodeproj/project.pbxproj:
1958         * assembler/ARM64Assembler.h: Added.
1959         * assembler/AbstractMacroAssembler.h:
1960         (JSC::isARM64):
1961         (JSC::AbstractMacroAssembler::Label::Label):
1962         (JSC::AbstractMacroAssembler::Jump::Jump):
1963         (JSC::AbstractMacroAssembler::Jump::link):
1964         (JSC::AbstractMacroAssembler::Jump::linkTo):
1965         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
1966         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
1967         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
1968         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
1969         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
1970         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
1971         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
1972         (JSC::AbstractMacroAssembler::isTempRegisterValid):
1973         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
1974         (JSC::AbstractMacroAssembler::setTempRegisterValid):
1975         * assembler/LinkBuffer.cpp:
1976         (JSC::LinkBuffer::copyCompactAndLinkCode):
1977         (JSC::LinkBuffer::linkCode):
1978         * assembler/LinkBuffer.h:
1979         * assembler/MacroAssembler.h:
1980         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
1981         (JSC::MacroAssembler::pushToSave):
1982         (JSC::MacroAssembler::popToRestore):
1983         (JSC::MacroAssembler::patchableBranchTest32):
1984         * assembler/MacroAssemblerARM64.h: Added.
1985         * assembler/MacroAssemblerARMv7.h:
1986         * dfg/DFGFixupPhase.cpp:
1987         (JSC::DFG::FixupPhase::fixupNode):
1988         * dfg/DFGOSRExitCompiler32_64.cpp:
1989         (JSC::DFG::OSRExitCompiler::compileExit):
1990         * dfg/DFGOSRExitCompiler64.cpp:
1991         (JSC::DFG::OSRExitCompiler::compileExit):
1992         * dfg/DFGSpeculativeJIT.cpp:
1993         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1994         (JSC::DFG::SpeculativeJIT::compileArithMod):
1995         * disassembler/ARM64/A64DOpcode.cpp: Added.
1996         * disassembler/ARM64/A64DOpcode.h: Added.
1997         * disassembler/ARM64Disassembler.cpp: Added.
1998         * heap/MachineStackMarker.cpp:
1999         (JSC::getPlatformThreadRegisters):
2000         (JSC::otherThreadStackPointer):
2001         * heap/Region.h:
2002         * jit/AssemblyHelpers.h:
2003         (JSC::AssemblyHelpers::debugCall):
2004         * jit/CCallHelpers.h:
2005         * jit/ExecutableAllocator.h:
2006         * jit/FPRInfo.h:
2007         (JSC::FPRInfo::toRegister):
2008         (JSC::FPRInfo::toIndex):
2009         (JSC::FPRInfo::debugName):
2010         * jit/GPRInfo.h:
2011         (JSC::GPRInfo::toRegister):
2012         (JSC::GPRInfo::toIndex):
2013         (JSC::GPRInfo::debugName):
2014         * jit/JITInlines.h:
2015         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2016         * jit/JITOperationWrappers.h:
2017         * jit/JITOperations.cpp:
2018         * jit/JITStubs.cpp:
2019         (JSC::performPlatformSpecificJITAssertions):
2020         (JSC::tryCachePutByID):
2021         * jit/JITStubs.h:
2022         (JSC::JITStackFrame::returnAddressSlot):
2023         * jit/JITStubsARM64.h: Added.
2024         * jit/JSInterfaceJIT.h:
2025         * jit/Repatch.cpp:
2026         (JSC::emitRestoreScratch):
2027         (JSC::generateProtoChainAccessStub):
2028         (JSC::tryCacheGetByID):
2029         (JSC::emitPutReplaceStub):
2030         (JSC::tryCachePutByID):
2031         (JSC::tryRepatchIn):
2032         * jit/ScratchRegisterAllocator.h:
2033         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2034         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2035         * jit/ThunkGenerators.cpp:
2036         (JSC::nativeForGenerator):
2037         (JSC::floorThunkGenerator):
2038         (JSC::ceilThunkGenerator):
2039         * jsc.cpp:
2040         (main):
2041         * llint/LLIntOfflineAsmConfig.h:
2042         * llint/LLIntSlowPaths.cpp:
2043         (JSC::LLInt::handleHostCall):
2044         * llint/LowLevelInterpreter.asm:
2045         * llint/LowLevelInterpreter64.asm:
2046         * offlineasm/arm.rb:
2047         * offlineasm/arm64.rb: Added.
2048         * offlineasm/backends.rb:
2049         * offlineasm/instructions.rb:
2050         * offlineasm/risc.rb:
2051         * offlineasm/transform.rb:
2052         * yarr/YarrJIT.cpp:
2053         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2054         (JSC::Yarr::YarrGenerator::initCallFrame):
2055         (JSC::Yarr::YarrGenerator::removeCallFrame):
2056         (JSC::Yarr::YarrGenerator::generateEnter):
2057         * yarr/YarrJIT.h:
2058
2059 2013-10-15  Mark Lam  <mark.lam@apple.com>
2060
2061         Fix 3 operand sub operation in C loop LLINT.
2062         https://bugs.webkit.org/show_bug.cgi?id=122866.
2063
2064         Reviewed by Geoffrey Garen.
2065
2066         * offlineasm/cloop.rb:
2067
2068 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2069
2070         ObjCCallbackFunctionImpl shouldn't store a JSContext
2071         https://bugs.webkit.org/show_bug.cgi?id=122531
2072
2073         Reviewed by Geoffrey Garen.
2074
2075         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2076         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2077         by looking using the globalObject of the callee when the function callback is invoked.
2078  
2079         Also added a new test that would cause us to crash previously. The test required making 
2080         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2081         in C API callbacks.
2082
2083         * API/JSContextRef.h:
2084         * API/JSContextRefPrivate.h:
2085         * API/ObjCCallbackFunction.mm:
2086         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2087         (JSC::objCCallbackFunctionCallAsFunction):
2088         (objCCallbackFunctionForInvocation):
2089         * API/WebKitAvailability.h:
2090         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2091         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2092         (CallAsConstructor):
2093         (ConstructorFinalize):
2094         (ConstructorClass):
2095         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2096         (-[JSContext valueWithConstructorDescriptor:]):
2097         (currentThisInsideBlockGetterTest):
2098         * API/tests/testapi.mm:
2099         * JavaScriptCore.xcodeproj/project.pbxproj:
2100         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2101
2102 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2103
2104         Fix build after r157457 for architecture with 4 argument registers.
2105         https://bugs.webkit.org/show_bug.cgi?id=122860
2106
2107         Reviewed by Michael Saboff.
2108
2109         * jit/CCallHelpers.h:
2110         (JSC::CCallHelpers::setupStubArguments134):
2111
2112 2013-10-14  Michael Saboff  <msaboff@apple.com>
2113
2114         transition void cti_op_* methods to JIT operations.
2115         https://bugs.webkit.org/show_bug.cgi?id=122617
2116
2117         Reviewed by Geoffrey Garen.
2118
2119         Converted the follow stubs to JIT operations:
2120             cti_handle_watchdog_timer
2121             cti_op_debug
2122             cti_op_pop_scope
2123             cti_op_profile_did_call
2124             cti_op_profile_will_call
2125             cti_op_put_by_index
2126             cti_op_put_getter_setter
2127             cti_op_tear_off_activation
2128             cti_op_tear_off_arguments
2129             cti_op_throw_static_error
2130             cti_optimize
2131
2132         * dfg/DFGOperations.cpp:
2133         * dfg/DFGOperations.h:
2134         * jit/CCallHelpers.h:
2135         (JSC::CCallHelpers::setupArgumentsWithExecState):
2136         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2137         (JSC::CCallHelpers::setupStubArguments):
2138         (JSC::CCallHelpers::setupStubArguments134):
2139         * jit/JIT.cpp:
2140         (JSC::JIT::emitEnterOptimizationCheck):
2141         * jit/JIT.h:
2142         * jit/JITInlines.h:
2143         (JSC::JIT::callOperation):
2144         * jit/JITOpcodes.cpp:
2145         (JSC::JIT::emit_op_tear_off_activation):
2146         (JSC::JIT::emit_op_tear_off_arguments):
2147         (JSC::JIT::emit_op_push_with_scope):
2148         (JSC::JIT::emit_op_pop_scope):
2149         (JSC::JIT::emit_op_push_name_scope):
2150         (JSC::JIT::emit_op_throw_static_error):
2151         (JSC::JIT::emit_op_debug):
2152         (JSC::JIT::emit_op_profile_will_call):
2153         (JSC::JIT::emit_op_profile_did_call):
2154         (JSC::JIT::emitSlow_op_loop_hint):
2155         * jit/JITOpcodes32_64.cpp:
2156         (JSC::JIT::emit_op_push_with_scope):
2157         (JSC::JIT::emit_op_pop_scope):
2158         (JSC::JIT::emit_op_push_name_scope):
2159         (JSC::JIT::emit_op_throw_static_error):
2160         (JSC::JIT::emit_op_debug):
2161         (JSC::JIT::emit_op_profile_will_call):
2162         (JSC::JIT::emit_op_profile_did_call):
2163         * jit/JITOperations.cpp:
2164         * jit/JITOperations.h:
2165         * jit/JITPropertyAccess.cpp:
2166         (JSC::JIT::emit_op_put_by_index):
2167         (JSC::JIT::emit_op_put_getter_setter):
2168         * jit/JITPropertyAccess32_64.cpp:
2169         (JSC::JIT::emit_op_put_by_index):
2170         (JSC::JIT::emit_op_put_getter_setter):
2171         * jit/JITStubs.cpp:
2172         * jit/JITStubs.h:
2173
2174 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2175
2176         [sh4] Introduce const pools in LLINT.
2177         https://bugs.webkit.org/show_bug.cgi?id=122746
2178
2179         Reviewed by Michael Saboff.
2180
2181         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2182         loaded this way:
2183
2184             mov.l .label, rx
2185             bra out
2186             nop
2187             .balign 4
2188             .label: .long immvalue
2189             out:
2190
2191         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2192         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2193
2194         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2195         * offlineasm/sh4.rb:
2196
2197 2013-10-15  Mark Lam  <mark.lam@apple.com>
2198
2199         Fix broken C Loop LLINT build.
2200         https://bugs.webkit.org/show_bug.cgi?id=122839.
2201
2202         Reviewed by Michael Saboff.
2203
2204         * dfg/DFGFlushedAt.cpp:
2205         * jit/JITOperations.h:
2206
2207 2013-10-14  Mark Lam  <mark.lam@apple.com>
2208
2209         Transition *switch* and *scope* JITStubs to JIT operations.
2210         https://bugs.webkit.org/show_bug.cgi?id=122757.
2211
2212         Reviewed by Geoffrey Garen.
2213
2214         Transitioning:
2215             cti_op_switch_char
2216             cti_op_switch_imm
2217             cti_op_switch_string
2218             cti_op_resolve_scope
2219             cti_op_get_from_scope
2220             cti_op_put_to_scope
2221
2222         * jit/JIT.h:
2223         * jit/JITInlines.h:
2224         (JSC::JIT::callOperation):
2225         * jit/JITOpcodes.cpp:
2226         (JSC::JIT::emit_op_switch_imm):
2227         (JSC::JIT::emit_op_switch_char):
2228         (JSC::JIT::emit_op_switch_string):
2229         * jit/JITOpcodes32_64.cpp:
2230         (JSC::JIT::emit_op_switch_imm):
2231         (JSC::JIT::emit_op_switch_char):
2232         (JSC::JIT::emit_op_switch_string):
2233         * jit/JITOperations.cpp:
2234         * jit/JITOperations.h:
2235         * jit/JITPropertyAccess.cpp:
2236         (JSC::JIT::emitSlow_op_resolve_scope):
2237         (JSC::JIT::emitSlow_op_get_from_scope):
2238         (JSC::JIT::emitSlow_op_put_to_scope):
2239         * jit/JITPropertyAccess32_64.cpp:
2240         (JSC::JIT::emitSlow_op_resolve_scope):
2241         (JSC::JIT::emitSlow_op_get_from_scope):
2242         (JSC::JIT::emitSlow_op_put_to_scope):
2243         * jit/JITStubs.cpp:
2244         * jit/JITStubs.h:
2245
2246 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2247
2248         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2249         https://bugs.webkit.org/show_bug.cgi?id=122786
2250
2251         Reviewed by Mark Hahnenberg.
2252
2253         * bytecode/CodeBlock.cpp:
2254         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2255         * jit/Repatch.cpp:
2256         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2257         (JSC::buildPutByIdList): Ditto.
2258
2259 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2260
2261         Add FTL support for LogicalNot(string)
2262         https://bugs.webkit.org/show_bug.cgi?id=122765
2263
2264         Reviewed by Filip Pizlo.
2265
2266         This patch is tested by:
2267         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2268
2269         * ftl/FTLCapabilities.cpp:
2270         (JSC::FTL::canCompile):
2271         * ftl/FTLLowerDFGToLLVM.cpp:
2272         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2273
2274 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2275
2276         [sh4] Fixes after r157404 and r157411.
2277         https://bugs.webkit.org/show_bug.cgi?id=122782
2278
2279         Reviewed by Michael Saboff.
2280
2281         * dfg/DFGSpeculativeJIT.h:
2282         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2283         * jit/CCallHelpers.h:
2284         (JSC::CCallHelpers::setupArgumentsWithExecState):
2285         * jit/JITInlines.h:
2286         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2287         * jit/JITPropertyAccess32_64.cpp:
2288         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2289
2290 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2291
2292         Unreviewed, rolling out r157413.
2293         http://trac.webkit.org/changeset/157413
2294         https://bugs.webkit.org/show_bug.cgi?id=122779
2295
2296         Appears to have caused frequent crashes (Requested by ap on
2297         #webkit).
2298
2299         * CMakeLists.txt:
2300         * GNUmakefile.list.am:
2301         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2302         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2303         * JavaScriptCore.xcodeproj/project.pbxproj:
2304         * heap/DeferGC.cpp: Removed.
2305         * heap/DeferGC.h:
2306         * jit/JITStubs.cpp:
2307         (JSC::tryCacheGetByID):
2308         (JSC::DEFINE_STUB_FUNCTION):
2309         * llint/LLIntSlowPaths.cpp:
2310         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2311         * runtime/ConcurrentJITLock.h:
2312         * runtime/InitializeThreading.cpp:
2313         (JSC::initializeThreadingOnce):
2314         * runtime/JSCellInlines.h:
2315         (JSC::allocateCell):
2316         * runtime/Structure.cpp:
2317         (JSC::Structure::materializePropertyMap):
2318         (JSC::Structure::putSpecificValue):
2319         (JSC::Structure::createPropertyMap):
2320         * runtime/Structure.h:
2321
2322 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2323
2324         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2325         https://bugs.webkit.org/show_bug.cgi?id=122652
2326
2327         Reviewed by Filip Pizlo.
2328
2329         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2330         so we would end up ASSERTing during garbage collection.
2331
2332         * heap/MarkedAllocator.cpp:
2333         (JSC::MarkedAllocator::allocateSlowCase):
2334
2335 2013-10-11  Oliver Hunt  <oliver@apple.com>
2336
2337         Separate out array iteration intrinsics
2338         https://bugs.webkit.org/show_bug.cgi?id=122656
2339
2340         Reviewed by Michael Saboff.
2341
2342         Separate out the intrinsics for key and values iteration
2343         of arrays.
2344
2345         This requires moving moving array iteration into the iterator
2346         instance, rather than the prototype, but this is essentially
2347         unobservable so we'll live with it for now.
2348
2349         * jit/ThunkGenerators.cpp:
2350         (JSC::arrayIteratorNextThunkGenerator):
2351         (JSC::arrayIteratorNextKeyThunkGenerator):
2352         (JSC::arrayIteratorNextValueThunkGenerator):
2353         * jit/ThunkGenerators.h:
2354         * runtime/ArrayIteratorPrototype.cpp:
2355         (JSC::ArrayIteratorPrototype::finishCreation):
2356         * runtime/Intrinsic.h:
2357         * runtime/JSArrayIterator.cpp:
2358         (JSC::JSArrayIterator::finishCreation):
2359         (JSC::createIteratorResult):
2360         (JSC::arrayIteratorNext):
2361         (JSC::arrayIteratorNextKey):
2362         (JSC::arrayIteratorNextValue):
2363         (JSC::arrayIteratorNextGeneric):
2364         * runtime/VM.cpp:
2365         (JSC::thunkGeneratorForIntrinsic):
2366
2367 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2368
2369         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2370         https://bugs.webkit.org/show_bug.cgi?id=122667
2371
2372         Reviewed by Filip Pizlo.
2373
2374         The issue this patch is attempting to fix is that there are places in our codebase
2375         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2376         operations that can initiate a garbage collection. Garbage collection then calls 
2377         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2378         always necessarily run during garbage collection). This causes a deadlock.
2379
2380         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2381         into a thread-local field that indicates that it is unsafe to perform any operation 
2382         that could trigger garbage collection on the current thread. In debug builds, 
2383         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2384         detect deadlocks.
2385
2386         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2387         which uses the DeferGC mechanism to prevent collections from occurring while the 
2388         lock is held.
2389
2390         * CMakeLists.txt:
2391         * GNUmakefile.list.am:
2392         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2393         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2394         * JavaScriptCore.xcodeproj/project.pbxproj:
2395         * heap/DeferGC.cpp: Added.
2396         * heap/DeferGC.h:
2397         (JSC::DisallowGC::DisallowGC):
2398         (JSC::DisallowGC::~DisallowGC):
2399         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2400         (JSC::DisallowGC::initialize):
2401         * jit/JITStubs.cpp:
2402         (JSC::tryCachePutByID):
2403         (JSC::tryCacheGetByID):
2404         (JSC::DEFINE_STUB_FUNCTION):
2405         * llint/LLIntSlowPaths.cpp:
2406         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2407         * runtime/ConcurrentJITLock.h:
2408         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2409         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2410         (JSC::ConcurrentJITLockerBase::unlockEarly):
2411         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2412         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2413         * runtime/InitializeThreading.cpp:
2414         (JSC::initializeThreadingOnce):
2415         * runtime/JSCellInlines.h:
2416         (JSC::allocateCell):
2417         * runtime/Structure.cpp:
2418         (JSC::Structure::materializePropertyMap):
2419         (JSC::Structure::putSpecificValue):
2420         (JSC::Structure::createPropertyMap):
2421         * runtime/Structure.h:
2422
2423 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2424
2425         Baseline JIT should use the DFG's PutById IC
2426         https://bugs.webkit.org/show_bug.cgi?id=122704
2427
2428         Reviewed by Mark Hahnenberg.
2429         
2430         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2431         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2432         
2433         The only complicated part was that the PutById operations assumed that we first did a
2434         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2435         slow paths to deal with EncodedJSValue's.
2436
2437         * bytecode/CodeBlock.cpp:
2438         (JSC::CodeBlock::resetStubInternal):
2439         * bytecode/PutByIdStatus.cpp:
2440         (JSC::PutByIdStatus::computeFor):
2441         * dfg/DFGSpeculativeJIT.h:
2442         (JSC::DFG::SpeculativeJIT::callOperation):
2443         * dfg/DFGSpeculativeJIT32_64.cpp:
2444         (JSC::DFG::SpeculativeJIT::cachedPutById):
2445         * dfg/DFGSpeculativeJIT64.cpp:
2446         (JSC::DFG::SpeculativeJIT::cachedPutById):
2447         * jit/CCallHelpers.h:
2448         (JSC::CCallHelpers::setupArgumentsWithExecState):
2449         * jit/JIT.cpp:
2450         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2451         * jit/JIT.h:
2452         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2453         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2454         * jit/JITInlines.h:
2455         (JSC::JIT::callOperation):
2456         * jit/JITOperationWrappers.h:
2457         * jit/JITOperations.cpp:
2458         * jit/JITOperations.h:
2459         * jit/JITPropertyAccess.cpp:
2460         (JSC::JIT::compileGetByIdHotPath):
2461         (JSC::JIT::compileGetByIdSlowCase):
2462         (JSC::JIT::emit_op_put_by_id):
2463         (JSC::JIT::emitSlow_op_put_by_id):
2464         * jit/JITPropertyAccess32_64.cpp:
2465         (JSC::JIT::compileGetByIdSlowCase):
2466         (JSC::JIT::emit_op_put_by_id):
2467         (JSC::JIT::emitSlow_op_put_by_id):
2468         * jit/JITStubs.cpp:
2469         * jit/JITStubs.h:
2470         * jit/Repatch.cpp:
2471         (JSC::appropriateGenericPutByIdFunction):
2472         (JSC::appropriateListBuildingPutByIdFunction):
2473         (JSC::resetPutByID):
2474
2475 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2476
2477         FTL should have an inefficient but correct implementation of GetById
2478         https://bugs.webkit.org/show_bug.cgi?id=122740
2479
2480         Reviewed by Mark Hahnenberg.
2481         
2482         It took some effort to realize that the node->prediction() check in the DFG backends
2483         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2484         if !prediction.
2485         
2486         But other than that this was an easy patch.
2487
2488         * dfg/DFGByteCodeParser.cpp:
2489         (JSC::DFG::ByteCodeParser::handleGetById):
2490         * dfg/DFGSpeculativeJIT32_64.cpp:
2491         (JSC::DFG::SpeculativeJIT::compile):
2492         * dfg/DFGSpeculativeJIT64.cpp:
2493         (JSC::DFG::SpeculativeJIT::compile):
2494         * ftl/FTLCapabilities.cpp:
2495         (JSC::FTL::canCompile):
2496         * ftl/FTLIntrinsicRepository.h:
2497         * ftl/FTLLowerDFGToLLVM.cpp:
2498         (JSC::FTL::LowerDFGToLLVM::compileNode):
2499         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2500
2501 2013-10-13  Mark Lam  <mark.lam@apple.com>
2502
2503         Transition misc cti_op_* JITStubs to JIT operations.
2504         https://bugs.webkit.org/show_bug.cgi?id=122645.
2505
2506         Reviewed by Michael Saboff.
2507
2508         Stubs converted:
2509             cti_op_check_has_instance
2510             cti_op_create_arguments
2511             cti_op_del_by_id
2512             cti_op_instanceof
2513             cti_to_object
2514             cti_op_push_activation
2515             cti_op_get_pnames
2516             cti_op_load_varargs
2517
2518         * dfg/DFGOperations.cpp:
2519         * dfg/DFGOperations.h:
2520         * jit/CCallHelpers.h:
2521         (JSC::CCallHelpers::setupArgumentsWithExecState):
2522         * jit/JIT.h:
2523         (JSC::JIT::emitStoreCell):
2524         * jit/JITCall.cpp:
2525         (JSC::JIT::compileLoadVarargs):
2526         * jit/JITCall32_64.cpp:
2527         (JSC::JIT::compileLoadVarargs):
2528         * jit/JITInlines.h:
2529         (JSC::JIT::callOperation):
2530         * jit/JITOpcodes.cpp:
2531         (JSC::JIT::emit_op_get_pnames):
2532         (JSC::JIT::emit_op_create_activation):
2533         (JSC::JIT::emit_op_create_arguments):
2534         (JSC::JIT::emitSlow_op_check_has_instance):
2535         (JSC::JIT::emitSlow_op_instanceof):
2536         (JSC::JIT::emitSlow_op_get_argument_by_val):
2537         * jit/JITOpcodes32_64.cpp:
2538         (JSC::JIT::emitSlow_op_check_has_instance):
2539         (JSC::JIT::emitSlow_op_instanceof):
2540         (JSC::JIT::emit_op_get_pnames):
2541         (JSC::JIT::emit_op_create_activation):
2542         (JSC::JIT::emit_op_create_arguments):
2543         (JSC::JIT::emitSlow_op_get_argument_by_val):
2544         * jit/JITOperations.cpp:
2545         * jit/JITOperations.h:
2546         * jit/JITPropertyAccess.cpp:
2547         (JSC::JIT::emit_op_del_by_id):
2548         * jit/JITPropertyAccess32_64.cpp:
2549         (JSC::JIT::emit_op_del_by_id):
2550         * jit/JITStubs.cpp:
2551         * jit/JITStubs.h:
2552
2553 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2554
2555         FTL OSR exit should perform zero extension on values smaller than 64-bit
2556         https://bugs.webkit.org/show_bug.cgi?id=122688
2557
2558         Reviewed by Gavin Barraclough.
2559         
2560         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2561         register will have zeros on the high bits.  In the few cases where the high bits are
2562         non-zero, the DFG sort of tells us this explicitly.
2563
2564         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2565         emit LLVM IR like:
2566
2567             %2 = trunc i64 %1 to i32
2568             stuff %2
2569             call @llvm.webkit.stackmap(...., %2)
2570
2571         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2572         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2573         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2574         from before truncation, and that register may have garbage in the high bits.
2575
2576         This means that on our end, if we want a 32-bit value and we want that value to be
2577         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2578         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2579         end.
2580         
2581         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2582
2583         * ftl/FTLOSRExitCompiler.cpp:
2584         (JSC::FTL::compileStubWithOSRExitStackmap):
2585         * ftl/FTLValueFormat.cpp:
2586         (JSC::FTL::reboxAccordingToFormat):
2587
2588 == Rolled over to ChangeLog-2013-10-13 ==