Change local variable register allocation to start at offset -1
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-29  Michael Saboff  <msaboff@apple.com>
2
3         Change local variable register allocation to start at offset -1
4         https://bugs.webkit.org/show_bug.cgi?id=123182
5
6         Reviewed by Geoffrey Garen.
7
8         Adjusted the virtual register mapping down by one slot.  Reduced
9         the CallFrame header slots offsets by one.  They now start at 0.
10         Changed arity fixup to no longer skip passed register slot 0 as this
11         is now part of the CallFrame header.
12
13         * bytecode/VirtualRegister.h:
14         (JSC::operandIsLocal):
15         (JSC::operandIsArgument):
16         (JSC::VirtualRegister::localToOperand):
17         (JSC::VirtualRegister::operandToLocal):
18           Adjusted functions for shift in mapping from local to register offset.
19
20         * dfg/DFGByteCodeParser.cpp:
21         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
22         (JSC::DFG::ByteCodeParser::addCall):
23         (JSC::DFG::ByteCodeParser::handleInlining):
24         (JSC::DFG::ByteCodeParser::parseBlock):
25         * dfg/DFGVariableEventStream.cpp:
26         (JSC::DFG::VariableEventStream::reconstruct):
27         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
28         (JSC::DFG::VirtualRegisterAllocationPhase::run):
29         * interpreter/CallFrame.h:
30         (JSC::ExecState::frameExtent):
31         (JSC::ExecState::offsetFor):
32         * interpreter/Interpreter.cpp:
33         (JSC::loadVarargs):
34         (JSC::Interpreter::dumpRegisters):
35         (JSC::Interpreter::executeCall):
36         * llint/LLIntData.cpp:
37         (JSC::LLInt::Data::performAssertions):
38         * llint/LowLevelInterpreter.asm:
39           Adjusted math to accomodate for shift in call frame slots.
40
41         * dfg/DFGJITCompiler.cpp:
42         (JSC::DFG::JITCompiler::compileFunction):
43         * dfg/DFGSpeculativeJIT.h:
44         (JSC::DFG::SpeculativeJIT::calleeFrameOffset):
45         * interpreter/CallFrame.cpp:
46         (JSC::CallFrame::frameExtentInternal):
47         * interpreter/JSStackInlines.h:
48         (JSC::JSStack::pushFrame):
49         * jit/JIT.cpp:
50         (JSC::JIT::privateCompile):
51         * jit/JITOperations.cpp:
52         * llint/LLIntSlowPaths.cpp:
53         (JSC::LLInt::llint_slow_path_stack_check):
54         * runtime/CommonSlowPaths.h:
55         (JSC::CommonSlowPaths::arityCheckFor):
56           Fixed offset calculation to use VirtualRegister and related calculation instead of
57           doing seperate calculations.
58
59         * interpreter/JSStack.h:
60           Adjusted CallFrame slots down by one.  Did some miscellaneous fixing of dumpRegisters()
61           in the process of testing the fixes.
62
63         * jit/ThunkGenerators.cpp:
64         (JSC::arityFixup):
65           Changed arity fixup to no longer skip passed register slot 0 as this
66           is now part of the CallFrame header.
67
68         * llint/LowLevelInterpreter32_64.asm:
69         * llint/LowLevelInterpreter64.asm:
70           Changed arity fixup to no longer skip passed register slot 0 as this
71           is now part of the CallFrame header.  Updated op_enter processing for
72           the change in local registers.
73
74         * runtime/JSGlobalObject.h:
75           Removed the now unneeded extra slot in the global callframe
76
77 2013-10-29  Julien Brianceau  <jbriance@cisco.com>
78
79         [arm] Fix lots of crashes because of 4th argument register trampling.
80         https://bugs.webkit.org/show_bug.cgi?id=123421
81
82         Reviewed by Michael Saboff.
83
84         r3 register is the 4th argument register for ARM and also a scratch
85         register in the baseline JIT for this architecture. We can use r6
86         instead, as this used to be the timeoutCheckRegister and it is no
87         longer used since r148119.
88
89         * assembler/ARMAssembler.h: Temp register is now r6 instead of r3 for ARM.
90         * assembler/MacroAssemblerARMv7.h: Temp register is now r6 instead of r3 for ARMv7.
91         * jit/GPRInfo.h: Add r3 properly in GPRInfo for ARM.
92         (JSC::GPRInfo::toRegister):
93         (JSC::GPRInfo::toIndex):
94         * jit/JITStubsARM.h:
95         (JSC::ctiTrampoline): Remove obsolete timeoutCheckRegister init.
96         * jit/JITStubsARMv7.h:
97         (JSC::ctiTrampoline): Remove obsolete timeoutCheckRegister init.
98         * jit/JSInterfaceJIT.h: Remove useless stuff.
99         * yarr/YarrJIT.cpp: Use r3 and not the new scratch register r6.
100         (JSC::Yarr::YarrGenerator::generateEnter): r8 register doesn't need to be saved.
101         (JSC::Yarr::YarrGenerator::generateReturn):
102
103 2013-10-29  Julien Brianceau  <jbriance@cisco.com>
104
105         Fix CPU(ARM_TRADITIONAL) build after r157690.
106         https://bugs.webkit.org/show_bug.cgi?id=123247
107
108         Reviewed by Michael Saboff.
109
110         Since r157690, the executableCopy function has been removed from AssemblerBuffer.h
111         and the copy of executable code occurs in the linkCode function (in LinkBuffer.cpp).
112         As the constant pool for jumps is updated in the executableCopy function of ARM_TRADITIONAL,
113         this part of code still needs to be called and absolute jumps must be corrected to anticipate
114         the copy of the executable code through memcpy.
115
116         * assembler/ARMAssembler.cpp:
117         (JSC::ARMAssembler::prepareExecutableCopy): Rename executableCopy to prepareExecutableCopy
118         and correct absolute jump values using the delta between the source and destination buffers.
119         * assembler/ARMAssembler.h:
120         * assembler/LinkBuffer.cpp:
121         (JSC::LinkBuffer::linkCode): Call prepareExecutableCopy just before the memcpy.
122
123 2013-10-28  Filip Pizlo  <fpizlo@apple.com>
124
125         OSRExit::m_watchpointIndex should be in OSRExitCompilationInfo
126         https://bugs.webkit.org/show_bug.cgi?id=123423
127
128         Reviewed by Mark Hahnenberg.
129         
130         Also enable ExitKind to tell you if it's a watchpoint.
131
132         * bytecode/ExitKind.cpp:
133         (JSC::exitKindToString):
134         * bytecode/ExitKind.h:
135         (JSC::isWatchpoint):
136         * dfg/DFGByteCodeParser.cpp:
137         (JSC::DFG::ByteCodeParser::setLocal):
138         (JSC::DFG::ByteCodeParser::setArgument):
139         (JSC::DFG::ByteCodeParser::handleCall):
140         (JSC::DFG::ByteCodeParser::handleGetById):
141         (JSC::DFG::ByteCodeParser::parseBlock):
142         * dfg/DFGJITCompiler.cpp:
143         (JSC::DFG::JITCompiler::linkOSRExits):
144         (JSC::DFG::JITCompiler::link):
145         * dfg/DFGJITCompiler.h:
146         (JSC::DFG::JITCompiler::appendExitInfo):
147         * dfg/DFGOSRExit.cpp:
148         (JSC::DFG::OSRExit::OSRExit):
149         * dfg/DFGOSRExit.h:
150         * dfg/DFGOSRExitCompilationInfo.h:
151         (JSC::DFG::OSRExitCompilationInfo::OSRExitCompilationInfo):
152         * dfg/DFGOSRExitCompiler.cpp:
153         * dfg/DFGSpeculativeJIT.cpp:
154         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
155         * dfg/DFGSpeculativeJIT32_64.cpp:
156         (JSC::DFG::SpeculativeJIT::compile):
157         * dfg/DFGSpeculativeJIT64.cpp:
158         (JSC::DFG::SpeculativeJIT::compile):
159
160 2013-10-28  Myles C. Maxfield  <mmaxfield@apple.com>
161
162         Parsing support for -webkit-text-decoration-skip: ink
163         https://bugs.webkit.org/show_bug.cgi?id=123358
164
165         Reviewed by Dean Jackson.
166
167         Adding ENABLE(CSS3_TEXT_DECORATION)
168
169         * Configurations/FeatureDefines.xcconfig:
170
171 2013-10-24  Filip Pizlo  <fpizlo@apple.com>
172
173         Get rid of InlineStart so that I don't have to implement it in FTL
174         https://bugs.webkit.org/show_bug.cgi?id=123302
175
176         Reviewed by Geoffrey Garen.
177         
178         InlineStart was a special instruction that we would insert at the top of inlined code,
179         so that the backend could capture the OSR state of arguments to an inlined call. It used
180         to be that only the backend had this information, so this instruction was sort of an ugly
181         callback from the backend for filling in some data structures.
182         
183         But in the time since when that code was written (two years ago?), we rationalized how
184         variables work. It's now the case that variables that the runtime must know about are
185         treated specially in IR (they are "flushed") and we know how we will represent them even
186         before we get to the backend. The last place that makes changes to their representation
187         is the StackLayoutPhase.
188         
189         So, this patch gets rid of InlineStart, but keeps around the special meta-data that the
190         instruction had. Instead of handling the bookkeeping in the backend, we handle it in
191         StackLayoutPhase. This means that the DFG and FTL can share code for handling this
192         bookkeeping. This also means that now the FTL can compile code blocks that had inlining.
193         
194         Of course, giving the FTL the ability to handle code blocks that had inlining means that
195         we're going to have new bugs. Sure enough, the FTL's linker didn't handle inline call
196         frames. This patch also fixes that.
197
198         * dfg/DFGAbstractInterpreterInlines.h:
199         (JSC::DFG::::executeEffects):
200         * dfg/DFGByteCodeParser.cpp:
201         (JSC::DFG::ByteCodeParser::handleInlining):
202         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
203         * dfg/DFGClobberize.h:
204         (JSC::DFG::clobberize):
205         * dfg/DFGFixupPhase.cpp:
206         (JSC::DFG::FixupPhase::fixupNode):
207         * dfg/DFGGraph.h:
208         * dfg/DFGNode.h:
209         * dfg/DFGNodeType.h:
210         * dfg/DFGPredictionPropagationPhase.cpp:
211         (JSC::DFG::PredictionPropagationPhase::propagate):
212         * dfg/DFGSafeToExecute.h:
213         (JSC::DFG::safeToExecute):
214         * dfg/DFGSpeculativeJIT.cpp:
215         * dfg/DFGSpeculativeJIT.h:
216         * dfg/DFGSpeculativeJIT32_64.cpp:
217         (JSC::DFG::SpeculativeJIT::compile):
218         * dfg/DFGSpeculativeJIT64.cpp:
219         (JSC::DFG::SpeculativeJIT::compile):
220         * dfg/DFGStackLayoutPhase.cpp:
221         (JSC::DFG::StackLayoutPhase::run):
222         * ftl/FTLLink.cpp:
223         (JSC::FTL::link):
224
225 2013-10-24  Filip Pizlo  <fpizlo@apple.com>
226
227         The GetById->GetByOffset AI-based optimization should actually do things
228         https://bugs.webkit.org/show_bug.cgi?id=123299
229
230         Reviewed by Oliver Hunt.
231         
232         20% speed-up on Octane/gbemu.
233
234         * bytecode/GetByIdStatus.cpp:
235         (JSC::GetByIdStatus::computeFor): Actually finish filling in the Status by setting the state. Previously it would remain set to NoInformation, meaning that this whole method was a no-op.
236
237 2013-10-28  Carlos Garcia Campos  <cgarcia@igalia.com>
238
239         Unreviewed. Fix make distcheck.
240
241         * GNUmakefile.list.am: Add missing files to compilation.
242
243 2013-10-25  Oliver Hunt  <oliver@apple.com>
244
245         Refactor parser rollback logic
246         https://bugs.webkit.org/show_bug.cgi?id=123372
247
248         Reviewed by Brady Eidson.
249
250         Add a sane abstraction for rollbacks in the parser.
251
252         * parser/Parser.cpp:
253         (JSC::::parseSourceElements):
254         (JSC::::parseObjectLiteral):
255         * parser/Parser.h:
256         (JSC::Parser::createSavePoint):
257         (JSC::Parser::restoreSavePoint):
258
259 2013-10-25  peavo@outlook.com  <peavo@outlook.com>
260
261         [Win] Javascript crash with DFG JIT enabled.
262         https://bugs.webkit.org/show_bug.cgi?id=121001
263
264         Reviewed by Geoffrey Garen.
265
266         On windows, using register GPRInfo::regT0 as parameter to e.g. JIT::storeDouble(..., GPRInfo::regT0)),
267         results in a call to JIT::storeDouble(FPRegisterID src, const void* address),
268         where the address parameter gets the value of GPRInfo::regT0, which is 0 (eax on Windows).
269         This causes the register to be written to address 0, hence the crash.
270   
271         * assembler/MacroAssemblerX86.h:
272         (JSC::MacroAssemblerX86::storeDouble): Assert if we try to generate code which writes to a null pointer.
273         * dfg/DFGOSRExitCompiler32_64.cpp:
274         (JSC::DFG::OSRExitCompiler::compileExit): Use address in regT0 as parameter.
275         * dfg/DFGThunks.cpp:
276         (JSC::DFG::osrExitGenerationThunkGenerator): Ditto.
277
278 2013-10-25  Oliver Hunt  <oliver@apple.com>
279
280         Fix a number of problems with destructuring of arguments
281         https://bugs.webkit.org/show_bug.cgi?id=123357
282
283         Reviewed by Filip Pizlo.
284
285         This renames the destructuring node's emitBytecode to bindValue
286         in order to remove the existing confusion over what was happening.
287
288         We then fix an incorrect fall through in the destructuring arguments
289         logic, and fix the then exposed bug where we placed the index rather
290         than value into the bound property.
291
292         * bytecompiler/BytecodeGenerator.cpp:
293         (JSC::BytecodeGenerator::BytecodeGenerator):
294         * bytecompiler/NodesCodegen.cpp:
295         (JSC::ForInNode::emitBytecode):
296         (JSC::ForOfNode::emitBytecode):
297         (JSC::DeconstructingAssignmentNode::emitBytecode):
298         (JSC::ArrayPatternNode::bindValue):
299         (JSC::ArrayPatternNode::emitDirectBinding):
300         (JSC::ObjectPatternNode::bindValue):
301         (JSC::BindingNode::bindValue):
302         * parser/Nodes.h:
303
304 2013-10-25  Joseph Pecoraro  <pecoraro@apple.com>
305
306         Upstream ENABLE(REMOTE_INSPECTOR) and enable on iOS and Mac
307         https://bugs.webkit.org/show_bug.cgi?id=123111
308
309         Reviewed by Timothy Hatcher.
310
311         * Configurations/FeatureDefines.xcconfig:
312
313 2013-10-25  Oliver Hunt  <oliver@apple.com>
314
315         Fix MSVC again
316
317         * parser/Parser.cpp:
318
319 2013-10-25  Oliver Hunt  <oliver@apple.com>
320
321         Fix MSVC
322
323         * parser/Parser.cpp:
324
325 2013-10-25  Oliver Hunt  <oliver@apple.com>
326
327         Improve JSC Parser error messages
328         https://bugs.webkit.org/show_bug.cgi?id=123341
329
330         Reviewed by Andreas Kling.
331
332         This patch moves away from the current cludgy mechanisms used to produce
333         error messages and moves to something closer to case by case errors.
334
335         This results in a large change size as previously we may just have
336         'failIfFalse(foo)', but now the logic becomes either
337         'failIfFalseWithMessage(foo, "Cannot do blah with ", foo->thing())'
338         Or alternatively
339
340         if (!foo)
341             check for 'interesting' errors, before falling back to generic error
342
343         This means that this patch is large, but produces no semantic changes, and
344         only hits slow (e.g. error) paths.
345
346         * parser/Parser.cpp:
347         (JSC::::Parser):
348         (JSC::::parseSourceElements):
349         (JSC::::parseVarDeclaration):
350         (JSC::::parseConstDeclaration):
351         (JSC::::parseDoWhileStatement):
352         (JSC::::parseWhileStatement):
353         (JSC::::parseVarDeclarationList):
354         (JSC::::createBindingPattern):
355         (JSC::::parseDeconstructionPattern):
356         (JSC::::parseConstDeclarationList):
357         (JSC::::parseForStatement):
358         (JSC::::parseBreakStatement):
359         (JSC::::parseContinueStatement):
360         (JSC::::parseReturnStatement):
361         (JSC::::parseThrowStatement):
362         (JSC::::parseWithStatement):
363         (JSC::::parseSwitchStatement):
364         (JSC::::parseSwitchClauses):
365         (JSC::::parseSwitchDefaultClause):
366         (JSC::::parseTryStatement):
367         (JSC::::parseDebuggerStatement):
368         (JSC::::parseBlockStatement):
369         (JSC::::parseStatement):
370         (JSC::::parseFormalParameters):
371         (JSC::::parseFunctionBody):
372         (JSC::stringForFunctionMode):
373         (JSC::::parseFunctionInfo):
374         (JSC::::parseFunctionDeclaration):
375         (JSC::::parseExpressionOrLabelStatement):
376         (JSC::::parseExpressionStatement):
377         (JSC::::parseIfStatement):
378         (JSC::::parseExpression):
379         (JSC::::parseAssignmentExpression):
380         (JSC::::parseConditionalExpression):
381         (JSC::::parseBinaryExpression):
382         (JSC::::parseProperty):
383         (JSC::::parseObjectLiteral):
384         (JSC::::parseStrictObjectLiteral):
385         (JSC::::parseArrayLiteral):
386         (JSC::::parsePrimaryExpression):
387         (JSC::::parseArguments):
388         (JSC::::parseMemberExpression):
389         (JSC::operatorString):
390         (JSC::::parseUnaryExpression):
391         (JSC::::printUnexpectedTokenText):
392         * parser/Parser.h:
393         (JSC::Scope::hasDeclaredVariable):
394         (JSC::Scope::hasDeclaredParameter):
395         (JSC::Parser::hasDeclaredVariable):
396         (JSC::Parser::hasDeclaredParameter):
397         (JSC::Parser::setErrorMessage):
398
399 2013-10-24  Mark Rowe  <mrowe@apple.com>
400
401         Remove references to OS X 10.7 from Xcode configuration settings.
402
403         Now that we're not building for OS X 10.7 they're no longer needed.
404
405         Reviewed by Anders Carlsson.
406
407         * Configurations/Base.xcconfig:
408         * Configurations/DebugRelease.xcconfig:
409         * Configurations/FeatureDefines.xcconfig:
410         * Configurations/Version.xcconfig:
411
412 2013-10-24  Mark Rowe  <mrowe@apple.com>
413
414         <rdar://problem/15312643> Prepare for the mysterious future.
415
416         Reviewed by David Kilzer.
417
418         * Configurations/Base.xcconfig:
419         * Configurations/DebugRelease.xcconfig:
420         * Configurations/FeatureDefines.xcconfig:
421         * Configurations/Version.xcconfig:
422
423 2013-10-24  Mark Lam  <mark.lam@apple.com>
424
425         Better way to fix part of broken C Loop LLINT build.
426         https://bugs.webkit.org/show_bug.cgi?id=123271.
427
428         Reviewed by Geoffrey Garen.
429
430         Undoing offline asm hackery.
431
432         * llint/LowLevelInterpreter.cpp:
433         * llint/LowLevelInterpreter32_64.asm:
434         * llint/LowLevelInterpreter64.asm:
435         * offlineasm/cloop.rb:
436         * offlineasm/instructions.rb:
437
438 2013-10-24  Mark Lam  <mark.lam@apple.com>
439
440         Fix broken C Loop LLINT build.
441         https://bugs.webkit.org/show_bug.cgi?id=123271.
442
443         Reviewed by Michael Saboff.
444
445         * bytecode/CodeBlock.cpp:
446         (JSC::CodeBlock::printGetByIdCacheStatus): Added an UNUSED_PARAM().
447         (JSC::CodeBlock::dumpBytecode): Added #if ENABLE(JIT) to JIT only code.
448         * bytecode/GetByIdStatus.cpp:
449         (JSC::GetByIdStatus::computeFor): Added an UNUSED_PARAM().
450         * bytecode/PutByIdStatus.cpp:
451         (JSC::PutByIdStatus::computeFor): Added an UNUSED_PARAM().
452         * bytecode/StructureStubInfo.h:
453         - Added a stub StubInfoMap for non-JIT builds. StubInfoMap is still used
454           in function prototypes even when !ENABLE(JIT). Rather that adding #if's
455           in many places, we just provide a stub/placeholder implementation that
456           is unused but keeps the compiler happy.
457         * jit/JITOperations.h: Added #if ENABLE(JIT).
458         * llint/LowLevelInterpreter32_64.asm:
459         * llint/LowLevelInterpreter64.asm:
460         - The putByVal() macro reifies a slow path which is never taken in one case.
461           This translates into a label that is never used in the C Loop LLINT. The
462           C++ compiler doesn't like unused labels. So, we fix this by adding a
463           cloopUnusedLabel offline asm instruction that synthesizes the following:
464
465               if (false) goto unusedLabel;
466
467           This keeps the C++ compiler happy without changing code behavior.
468         * offlineasm/cloop.rb: Implementing cloopUnusedLabel.
469         * offlineasm/instructions.rb: Declaring cloopUnusedLabel.
470         * runtime/Executable.cpp:
471         (JSC::setupJIT): Added UNUSED_PARAM()s.
472         (JSC::ScriptExecutable::prepareForExecutionImpl):
473         - run-javascriptcore-tests have phases that forces the LLINT to be off
474           which in turn asserts that the JIT is enabled. With the C Loop LLINT,
475           this combination is illegal. So, we override the setup code here to
476           always use the LLINT if !ENABLE(JIT) regardless of what options are
477           passed in.
478
479 2013-10-24  peavo@outlook.com  <peavo@outlook.com>
480
481         Uninitialized member causes crash when DFG JIT is not enabled.
482         https://bugs.webkit.org/show_bug.cgi?id=123270
483
484         Reviewed by Brent Fulgham.
485
486         The data member sizeOfLastScratchBuffer in the VM class is only initialized if DFG JIT is enabled, even though it's defined regardless.
487         This causes an early crash on Windows, which doesn't have DFG JIT enabled.
488
489         * runtime/VM.cpp:
490         (JSC::VM::VM): Initialize sizeOfLastScratchBuffer member regardless of whether DFG JIT is enabled.
491
492 2013-10-24  Ryuan Choi  <ryuan.choi@samsung.com>
493
494         [EFL] Build break with latest EFL 1.8 libraries.
495         https://bugs.webkit.org/show_bug.cgi?id=123245
496
497         Reviewed by Gyuyoung Kim.
498
499         After fixed build break on EFL 1.8 at r138326, EFL libraries are changed
500         Eo typedef and splitted header files which contain version macro.
501
502         * PlatformEfl.cmake: Added EO path to include directories.
503         * heap/HeapTimer.h: Changed Ecore_Timer typedef when EO exist.
504
505 2013-10-23  Filip Pizlo  <fpizlo@apple.com>
506
507         Put all uses of LLVM intrinsics behind a single Option
508         https://bugs.webkit.org/show_bug.cgi?id=123219
509
510         Reviewed by Mark Hahnenberg.
511
512         * ftl/FTLExitThunkGenerator.cpp:
513         (JSC::FTL::ExitThunkGenerator::emitThunk):
514         * ftl/FTLLowerDFGToLLVM.cpp:
515         (JSC::FTL::generateExitThunks):
516         (JSC::FTL::LowerDFGToLLVM::compileGetById):
517         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
518         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
519         * ftl/FTLOSRExitCompiler.cpp:
520         (JSC::FTL::compileFTLOSRExit):
521         * runtime/Options.h:
522
523 2013-10-23  Daniel Bates  <dabates@apple.com>
524
525         Fix JavaScriptCore build targets following <http://trac.webkit.org/changeset/157864>
526         (https://bugs.webkit.org/show_bug.cgi?id=123169)
527
528         Tell Xcode that the supported platforms for all JavaScriptCore targets are iOS and OS X.
529
530         * Configurations/Base.xcconfig:
531
532 2013-10-23  Michael Saboff  <msaboff@apple.com>
533
534         LLInt arity check exception processing should start unwinding from caller
535         https://bugs.webkit.org/show_bug.cgi?id=123209
536
537         Reviewed by Oliver Hunt.
538
539         Use the caller frame returned from slow_path_call_arityCheck to process exceptions.
540
541         * llint/LowLevelInterpreter32_64.asm:
542         * llint/LowLevelInterpreter64.asm:
543
544 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
545
546         FTL should be able to do some simple inline caches using LLVM patchpoints
547         https://bugs.webkit.org/show_bug.cgi?id=123164
548
549         Reviewed by Mark Hahnenberg.
550         
551         This implements GetById inline caches in the FTL using llvm.webkit.patchpoint.
552         
553         The idea is that we ask LLVM for a nop slide the size of a GetById inline
554         cache and then fill in the code after LLVM compilation is complete. For now, we
555         just use the system calling convention for the arguments and return. We also
556         still make some assumptions about registers that aren't correct. But, most of
557         the scaffolding is there and this will successfully patch an inline cache.
558
559         * JavaScriptCore.xcodeproj/project.pbxproj:
560         * assembler/AbstractMacroAssembler.h:
561         * assembler/LinkBuffer.cpp:
562         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
563         (JSC::LinkBuffer::linkCode):
564         (JSC::LinkBuffer::allocate):
565         * assembler/LinkBuffer.h:
566         (JSC::LinkBuffer::LinkBuffer):
567         (JSC::LinkBuffer::link):
568         * ftl/FTLAbbreviations.h:
569         (JSC::FTL::constNull):
570         (JSC::FTL::buildCall):
571         * ftl/FTLCapabilities.cpp:
572         (JSC::FTL::canCompile):
573         * ftl/FTLCompile.cpp:
574         (JSC::FTL::fixFunctionBasedOnStackMaps):
575         * ftl/FTLInlineCacheDescriptor.h: Added.
576         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
577         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
578         (JSC::FTL::GetByIdDescriptor::stackmapID):
579         (JSC::FTL::GetByIdDescriptor::codeOrigin):
580         (JSC::FTL::GetByIdDescriptor::uid):
581         * ftl/FTLInlineCacheSize.cpp: Added.
582         (JSC::FTL::sizeOfGetById):
583         (JSC::FTL::sizeOfPutById):
584         * ftl/FTLInlineCacheSize.h: Added.
585         * ftl/FTLIntrinsicRepository.h:
586         * ftl/FTLJITFinalizer.cpp:
587         (JSC::FTL::JITFinalizer::finalizeFunction):
588         * ftl/FTLJITFinalizer.h:
589         * ftl/FTLLocation.cpp:
590         (JSC::FTL::Location::directGPR):
591         * ftl/FTLLocation.h:
592         * ftl/FTLLowerDFGToLLVM.cpp:
593         (JSC::FTL::LowerDFGToLLVM::compileGetById):
594         * ftl/FTLOutput.h:
595         (JSC::FTL::Output::call):
596         * ftl/FTLSlowPathCall.cpp: Added.
597         (JSC::FTL::callOperation):
598         * ftl/FTLSlowPathCall.h: Added.
599         (JSC::FTL::SlowPathCall::SlowPathCall):
600         (JSC::FTL::SlowPathCall::call):
601         (JSC::FTL::SlowPathCall::key):
602         * ftl/FTLSlowPathCallKey.cpp: Added.
603         (JSC::FTL::SlowPathCallKey::dump):
604         * ftl/FTLSlowPathCallKey.h: Added.
605         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
606         (JSC::FTL::SlowPathCallKey::usedRegisters):
607         (JSC::FTL::SlowPathCallKey::callTarget):
608         (JSC::FTL::SlowPathCallKey::offset):
609         (JSC::FTL::SlowPathCallKey::isEmptyValue):
610         (JSC::FTL::SlowPathCallKey::isDeletedValue):
611         (JSC::FTL::SlowPathCallKey::operator==):
612         (JSC::FTL::SlowPathCallKey::hash):
613         (JSC::FTL::SlowPathCallKeyHash::hash):
614         (JSC::FTL::SlowPathCallKeyHash::equal):
615         * ftl/FTLStackMaps.cpp:
616         (JSC::FTL::StackMaps::Location::directGPR):
617         * ftl/FTLStackMaps.h:
618         * ftl/FTLState.h:
619         * ftl/FTLThunks.cpp:
620         (JSC::FTL::slowPathCallThunkGenerator):
621         * ftl/FTLThunks.h:
622         (JSC::FTL::Thunks::getSlowPathCallThunk):
623         * jit/CCallHelpers.h:
624         (JSC::CCallHelpers::setupArguments):
625         * jit/GPRInfo.h:
626         * jit/JITInlineCacheGenerator.cpp:
627         (JSC::garbageStubInfo):
628         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
629         (JSC::JITByIdGenerator::finalize):
630         * jit/JITInlineCacheGenerator.h:
631         (JSC::JITByIdGenerator::slowPathBegin):
632         * jit/RegisterSet.cpp:
633         (JSC::RegisterSet::stackRegisters):
634         (JSC::RegisterSet::specialRegisters):
635         (JSC::RegisterSet::calleeSaveRegisters):
636         (JSC::RegisterSet::allGPRs):
637         (JSC::RegisterSet::allFPRs):
638         (JSC::RegisterSet::allRegisters):
639         (JSC::RegisterSet::dump):
640         * jit/RegisterSet.h:
641         (JSC::RegisterSet::exclude):
642         (JSC::RegisterSet::numberOfSetRegisters):
643         (JSC::RegisterSet::RegisterSet):
644         (JSC::RegisterSet::isEmptyValue):
645         (JSC::RegisterSet::isDeletedValue):
646         (JSC::RegisterSet::operator==):
647         (JSC::RegisterSet::hash):
648         (JSC::RegisterSetHash::hash):
649         (JSC::RegisterSetHash::equal):
650         * runtime/Options.h:
651
652 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
653
654         jitCompileAndSetHeuristics should DeferGCForAWhile
655         https://bugs.webkit.org/show_bug.cgi?id=123196
656
657         Reviewed by Mark Hahnenberg.
658         
659         This fixes random crashes in V8v7/raytrace. I only see those crashes on exactly one of
660         my machines. I don't think this is testable; we just need to steadily converge towards
661         getting our uses of DeferGC to be right and then be careful not to regress. We're not
662         there yet, obviously.
663         
664         * llint/LLIntSlowPaths.cpp:
665         (JSC::LLInt::jitCompileAndSetHeuristics):
666
667 2013-10-23  Daniel Bates  <dabates@apple.com>
668
669         [iOS] Upstream more JavaScriptCore build configuration changes
670         https://bugs.webkit.org/show_bug.cgi?id=123169
671
672         Reviewed by David Kilzer.
673
674         * Configurations/Base.xcconfig:
675         * Configurations/Version.xcconfig:
676         * Configurations/iOS.xcconfig: Added.
677         * JavaScriptCore.xcodeproj/project.pbxproj:
678
679 2013-10-23  Daniel Bates  <dabates@apple.com>
680
681         [iOS] Export DefaultGCActivityCallback member functions
682         https://bugs.webkit.org/show_bug.cgi?id=123175
683
684         Reviewed by David Kilzer.
685
686         * runtime/GCActivityCallback.h:
687
688 2013-10-23  Daniel Bates  <dabates@apple.com>
689
690         [iOS] Upstream more ARMv7s bits
691         https://bugs.webkit.org/show_bug.cgi?id=123052
692
693         Reviewed by Joseph Pecoraro.
694
695         * Configurations/JavaScriptCore.xcconfig:
696
697 2013-10-22  Andreas Kling  <akling@apple.com>
698
699         Minor VM* -> VM& cleanups in HashTable and Keywords.
700         <https://webkit.org/b/123183>
701
702         Turn some VM* variables that will never be null into VM&.
703
704         Reviewed by Geoffrey Garen.
705
706 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
707
708         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
709         https://bugs.webkit.org/show_bug.cgi?id=123179
710
711         Reviewed by Mark Hahnenberg.
712
713         * parser/NodeConstructors.h:
714         (JSC::LogicalOpNode::LogicalOpNode):
715         * parser/ResultType.h:
716         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
717         This is JavaScript (aka Sparta).
718
719 2013-10-22  Commit Queue  <commit-queue@webkit.org>
720
721         Unreviewed, rolling out r157819.
722         http://trac.webkit.org/changeset/157819
723         https://bugs.webkit.org/show_bug.cgi?id=123180
724
725         Broke 32-bit builds (Requested by smfr on #webkit).
726
727         * Configurations/JavaScriptCore.xcconfig:
728         * Configurations/ToolExecutable.xcconfig:
729
730 2013-10-22  Daniel Bates  <dabates@apple.com>
731
732         [iOS] Upstream more ARMv7s bits
733         https://bugs.webkit.org/show_bug.cgi?id=123052
734
735         Reviewed by Joseph Pecoraro.
736
737         * Configurations/JavaScriptCore.xcconfig:
738         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
739         modifying a file in JavaScriptCore/Configurations.
740
741 2013-10-22  Daniel Bates  <dabates@apple.com>
742
743         [iOS] Upstream JSLock changes
744         https://bugs.webkit.org/show_bug.cgi?id=123107
745
746         Reviewed by Geoffrey Garen.
747
748         * runtime/JSLock.cpp:
749         (JSC::JSLock::unlock):
750         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
751         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
752         use pre-increment instead of post-increment when we're not using the return value of the instruction.
753         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
754         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
755         since we don't use the return value of such instructions.
756         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
757         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
758         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
759         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
760         the argument is sufficiently descriptive of its purpose.
761
762 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
763
764         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
765         https://bugs.webkit.org/show_bug.cgi?id=123166
766
767         Reviewed by Michael Saboff.
768
769         * jit/CCallHelpers.h:
770         (JSC::CCallHelpers::setupArgumentsWithExecState):
771
772 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
773
774         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
775         https://bugs.webkit.org/show_bug.cgi?id=123165
776
777         Reviewed by Michael Saboff.
778
779         * jit/JITInlines.h:
780         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
781         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
782         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
783         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
784
785 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
786
787         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
788         https://bugs.webkit.org/show_bug.cgi?id=123092
789
790         Reviewed by Michael Saboff.
791
792         Impacted architectures are SH4 and ARM_TRADITIONAL.
793
794         * assembler/ARMAssembler.h:
795         (JSC::ARMAssembler::buffer):
796         * assembler/AssemblerBufferWithConstantPool.h:
797         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
798         * assembler/LinkBuffer.cpp:
799         (JSC::LinkBuffer::linkCode):
800         * assembler/SH4Assembler.h:
801         (JSC::SH4Assembler::buffer):
802
803 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
804
805         Remove unused stuff in JIT stubs.
806         https://bugs.webkit.org/show_bug.cgi?id=123155
807
808         Reviewed by Michael Saboff.
809
810         * jit/JITStubs.h:
811         * jit/JITStubsARM.h:
812         (JSC::ctiTrampoline):
813         * jit/JITStubsARM64.h:
814         * jit/JITStubsARMv7.h:
815         * jit/JITStubsMIPS.h:
816         * jit/JITStubsSH4.h:
817         * jit/JITStubsX86.h:
818         * jit/JITStubsX86_64.h:
819
820 2013-10-22  Daniel Bates  <dabates@apple.com>
821
822         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
823         https://bugs.webkit.org/show_bug.cgi?id=123115
824         <rdar://problem/13696872>
825
826         Reviewed by Andy Estes.
827
828         Based on a patch by Mark Hahnenberg.
829
830         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
831
832         * API/JSBase.cpp:
833
834 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
835
836         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
837         https://bugs.webkit.org/show_bug.cgi?id=123157
838
839         Reviewed by Andreas Kling.
840
841         * assembler/SH4Assembler.h:
842         (JSC::SH4Assembler::lastRegister):
843         (JSC::SH4Assembler::firstFPRegister):
844         (JSC::SH4Assembler::lastFPRegister):
845
846 2013-10-22  Brian Holt  <brian.holt@samsung.com>
847
848         Build break on ARMv7 after r157209
849         https://bugs.webkit.org/show_bug.cgi?id=122890
850
851         Reviewed by Csaba Osztrogon√°c.
852
853         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
854
855         * assembler/ARMAssembler.h:
856         * assembler/MacroAssemblerARM.h:
857         (JSC::MacroAssemblerARM::firstRegister):
858         (JSC::MacroAssemblerARM::lastRegister):
859         (JSC::MacroAssemblerARM::firstFPRegister):
860         (JSC::MacroAssemblerARM::lastFPRegister):
861
862 2013-10-21  Daniel Bates  <dabates@apple.com>
863
864         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
865         https://bugs.webkit.org/show_bug.cgi?id=123045
866
867         Reviewed by Joseph Pecoraro.
868
869         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
870         to global method table.
871         * runtime/JSGlobalObject.cpp: Ditto.
872         * runtime/JSGlobalObject.h:
873         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
874
875 2013-10-21  Daniel Bates  <dabates@apple.com>
876
877         [iOS] Upstream JSC Objective-C API compiler warning fixes
878         https://bugs.webkit.org/show_bug.cgi?id=123125
879
880         Reviewed by Mark Hahnenberg.
881
882         Based on a patch by Mark Hahnenberg.
883
884         * API/JSValue.mm:
885         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
886         (-[JSValue toSize]): Ditto.
887         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
888
889 2013-10-21  Daniel Bates  <dabates@apple.com>
890
891         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
892         available since iOS 7.0
893         https://bugs.webkit.org/show_bug.cgi?id=123122
894
895         Reviewed by Dan Bernstein.
896
897         * API/JSContext.h:
898         * API/JSManagedValue.h:
899         * API/JSValue.h:
900         * API/JSVirtualMachine.h:
901
902 2013-10-20  Mark Lam  <mark.lam@apple.com>
903
904         Avoid JSC debugger overhead unless needed.
905         https://bugs.webkit.org/show_bug.cgi?id=123084.
906
907         Reviewed by Geoffrey Garen.
908
909         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
910         - If no break on exception is set, we also avoid exception event debug callbacks.
911         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
912           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
913           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
914           returning, the ScriptDebugServer will clear its m_currentCallFrame if
915           needsOpDebugCallbacks() is false.
916
917         * debugger/Debugger.cpp:
918         (JSC::Debugger::Debugger):
919         (JSC::Debugger::setNeedsExceptionCallbacks):
920         (JSC::Debugger::setShouldPause):
921         (JSC::Debugger::updateNumberOfBreakpoints):
922         (JSC::Debugger::updateNeedForOpDebugCallbacks):
923         * debugger/Debugger.h:
924         * interpreter/Interpreter.cpp:
925         (JSC::Interpreter::unwind):
926         (JSC::Interpreter::debug):
927         * jit/JITOpcodes.cpp:
928         (JSC::JIT::emit_op_debug):
929         * jit/JITOpcodes32_64.cpp:
930         (JSC::JIT::emit_op_debug):
931         * llint/LLIntOffsetsExtractor.cpp:
932         * llint/LowLevelInterpreter.asm:
933
934 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
935
936         [WIN] Unreviewed build correction.
937
938         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
939           sources, not header files.
940         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
941
942 2013-10-21  Oliver Hunt  <oliver@apple.com>
943
944         Support computed property names in object literals
945         https://bugs.webkit.org/show_bug.cgi?id=123112
946
947         Reviewed by Michael Saboff.
948
949         Add support for computed property names to the parser.
950
951         * bytecompiler/NodesCodegen.cpp:
952         (JSC::PropertyListNode::emitBytecode):
953         * parser/ASTBuilder.h:
954         (JSC::ASTBuilder::createProperty):
955         (JSC::ASTBuilder::getName):
956         * parser/NodeConstructors.h:
957         (JSC::PropertyNode::PropertyNode):
958         * parser/Nodes.h:
959         (JSC::PropertyNode::expressionName):
960         (JSC::PropertyNode::name):
961         * parser/Parser.cpp:
962         (JSC::::parseProperty):
963         (JSC::::parseStrictObjectLiteral):
964         * parser/SyntaxChecker.h:
965         (JSC::SyntaxChecker::Property::Property):
966         (JSC::SyntaxChecker::createProperty):
967         (JSC::SyntaxChecker::operatorStackPop):
968
969 2013-10-21  Michael Saboff  <msaboff@apple.com>
970
971         Add option so that JSC will crash if it can't allocate executable memory for the JITs
972         https://bugs.webkit.org/show_bug.cgi?id=123048
973         <rdar://problem/12856193>
974
975         Reviewed by Geoffrey Garen.
976
977         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
978         when checking the validity of the executable allocator. The default value for this option is
979         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
980         the app can obtain executable memory.
981
982         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
983         (main):
984         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
985         * runtime/VM.cpp:
986         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
987         is enabled.
988
989 2013-10-21  Nadav Rotem  <nrotem@apple.com>
990
991         Remove AllInOneFile.cpp
992         https://bugs.webkit.org/show_bug.cgi?id=123055
993
994         Reviewed by Csaba Osztrogon√°c.
995
996         * AllInOneFile.cpp: Removed.
997
998 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
999
1000         Unreviewed, cleanup a FIXME comment.
1001
1002         * jit/Repatch.cpp:
1003
1004 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
1005
1006         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
1007         https://bugs.webkit.org/show_bug.cgi?id=123076
1008
1009         Reviewed by Sam Weinig.
1010         
1011         Start preparing for a world in which we are patching code generated by LLVM, which may have
1012         very different register usage conventions than our JITs. This requires us being more explicit
1013         about the registers we are using. For example, the repatching code shouldn't take for granted
1014         that tagMaskRegister holds the TagMask or that the register is even in use.
1015
1016         * CMakeLists.txt:
1017         * GNUmakefile.list.am:
1018         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1019         * JavaScriptCore.xcodeproj/project.pbxproj:
1020         * assembler/MacroAssembler.h:
1021         (JSC::MacroAssembler::numberOfRegisters):
1022         (JSC::MacroAssembler::registerIndex):
1023         (JSC::MacroAssembler::numberOfFPRegisters):
1024         (JSC::MacroAssembler::fpRegisterIndex):
1025         (JSC::MacroAssembler::totalNumberOfRegisters):
1026         * bytecode/StructureStubInfo.h:
1027         * dfg/DFGSpeculativeJIT.cpp:
1028         (JSC::DFG::SpeculativeJIT::usedRegisters):
1029         * dfg/DFGSpeculativeJIT.h:
1030         * ftl/FTLSaveRestore.cpp:
1031         (JSC::FTL::bytesForGPRs):
1032         (JSC::FTL::bytesForFPRs):
1033         (JSC::FTL::offsetOfGPR):
1034         (JSC::FTL::offsetOfFPR):
1035         * jit/JITInlineCacheGenerator.cpp:
1036         (JSC::JITByIdGenerator::JITByIdGenerator):
1037         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
1038         * jit/JITInlineCacheGenerator.h:
1039         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
1040         * jit/JITPropertyAccess.cpp:
1041         (JSC::JIT::emit_op_get_by_id):
1042         (JSC::JIT::emit_op_put_by_id):
1043         * jit/JITPropertyAccess32_64.cpp:
1044         (JSC::JIT::emit_op_get_by_id):
1045         (JSC::JIT::emit_op_put_by_id):
1046         * jit/RegisterSet.cpp: Added.
1047         (JSC::RegisterSet::specialRegisters):
1048         * jit/RegisterSet.h: Added.
1049         (JSC::RegisterSet::RegisterSet):
1050         (JSC::RegisterSet::set):
1051         (JSC::RegisterSet::clear):
1052         (JSC::RegisterSet::get):
1053         (JSC::RegisterSet::merge):
1054         * jit/Repatch.cpp:
1055         (JSC::generateProtoChainAccessStub):
1056         (JSC::tryCacheGetByID):
1057         (JSC::tryBuildGetByIDList):
1058         (JSC::emitPutReplaceStub):
1059         (JSC::tryRepatchIn):
1060         (JSC::linkClosureCall):
1061         * jit/TempRegisterSet.cpp: Added.
1062         (JSC::TempRegisterSet::TempRegisterSet):
1063         * jit/TempRegisterSet.h:
1064
1065 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
1066
1067         [sh4] Fix build (broken since r157690).
1068         https://bugs.webkit.org/show_bug.cgi?id=123081
1069
1070         Reviewed by Andreas Kling.
1071
1072         * assembler/AssemblerBufferWithConstantPool.h:
1073         * assembler/SH4Assembler.h:
1074         (JSC::SH4Assembler::buffer):
1075         (JSC::SH4Assembler::readCallTarget):
1076
1077 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
1078
1079         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
1080         https://bugs.webkit.org/show_bug.cgi?id=123079
1081
1082         Reviewed by Geoffrey Garen.
1083
1084         * jit/TempRegisterSet.h:
1085
1086 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
1087
1088         Rename RegisterSet to TempRegisterSet
1089         https://bugs.webkit.org/show_bug.cgi?id=123077
1090
1091         Reviewed by Dan Bernstein.
1092
1093         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1094         * JavaScriptCore.xcodeproj/project.pbxproj:
1095         * bytecode/StructureStubInfo.h:
1096         * dfg/DFGJITCompiler.h:
1097         * dfg/DFGSpeculativeJIT.h:
1098         (JSC::DFG::SpeculativeJIT::usedRegisters):
1099         * jit/JITInlineCacheGenerator.cpp:
1100         (JSC::JITByIdGenerator::JITByIdGenerator):
1101         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
1102         * jit/JITInlineCacheGenerator.h:
1103         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
1104         * jit/JITPropertyAccess.cpp:
1105         (JSC::JIT::emit_op_get_by_id):
1106         (JSC::JIT::emit_op_put_by_id):
1107         * jit/JITPropertyAccess32_64.cpp:
1108         (JSC::JIT::emit_op_get_by_id):
1109         (JSC::JIT::emit_op_put_by_id):
1110         * jit/RegisterSet.h: Removed.
1111         * jit/ScratchRegisterAllocator.h:
1112         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
1113         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
1114         (JSC::TempRegisterSet::TempRegisterSet):
1115         (JSC::TempRegisterSet::asPOD):
1116         (JSC::TempRegisterSet::copyInfo):
1117
1118 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
1119
1120         Restructure LinkBuffer to allow for alternate allocation strategies
1121         https://bugs.webkit.org/show_bug.cgi?id=123071
1122
1123         Reviewed by Oliver Hunt.
1124         
1125         The idea is to eventually allow a LinkBuffer to place the code into an already
1126         allocated region of memory.  That region of memory could be the nop-slide left behind
1127         by a llvm.webkit.patchpoint.
1128
1129         * assembler/ARM64Assembler.h:
1130         (JSC::ARM64Assembler::buffer):
1131         * assembler/AssemblerBuffer.h:
1132         * assembler/LinkBuffer.cpp:
1133         (JSC::LinkBuffer::copyCompactAndLinkCode):
1134         (JSC::LinkBuffer::linkCode):
1135         (JSC::LinkBuffer::allocate):
1136         (JSC::LinkBuffer::shrink):
1137         * assembler/LinkBuffer.h:
1138         (JSC::LinkBuffer::LinkBuffer):
1139         (JSC::LinkBuffer::didFailToAllocate):
1140         * assembler/X86Assembler.h:
1141         (JSC::X86Assembler::buffer):
1142         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
1143
1144 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
1145
1146         Some includes in JSC seem to use an incorrect style
1147         https://bugs.webkit.org/show_bug.cgi?id=123057
1148
1149         Reviewed by Geoffrey Garen.
1150
1151         Changed pseudo-system includes to user ones.
1152
1153         * API/JSContextRef.cpp:
1154         * API/JSStringRefCF.cpp:
1155         * API/JSValueRef.cpp:
1156         * API/OpaqueJSString.cpp:
1157         * jit/JIT.h:
1158         * parser/SyntaxChecker.h:
1159         * runtime/WeakGCMap.h:
1160
1161 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
1162
1163         Baseline JIT and DFG IC code generation should be unified and rationalized
1164         https://bugs.webkit.org/show_bug.cgi?id=122939
1165
1166         Reviewed by Geoffrey Garen.
1167         
1168         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
1169         some register info and creates JIT inline caches for you. Used this to even furhter
1170         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
1171         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
1172         that it needs to do the equivalent of get_by_id, so with this generator it will be able
1173         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
1174
1175         * CMakeLists.txt:
1176         * GNUmakefile.list.am:
1177         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1178         * JavaScriptCore.xcodeproj/project.pbxproj:
1179         * assembler/AbstractMacroAssembler.h:
1180         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
1181         * bytecode/CodeBlock.h:
1182         (JSC::CodeBlock::ecmaMode):
1183         * dfg/DFGInlineCacheWrapper.h: Added.
1184         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
1185         * dfg/DFGInlineCacheWrapperInlines.h: Added.
1186         (JSC::DFG::::finalize):
1187         * dfg/DFGJITCompiler.cpp:
1188         (JSC::DFG::JITCompiler::link):
1189         * dfg/DFGJITCompiler.h:
1190         (JSC::DFG::JITCompiler::addGetById):
1191         (JSC::DFG::JITCompiler::addPutById):
1192         * dfg/DFGSpeculativeJIT32_64.cpp:
1193         (JSC::DFG::SpeculativeJIT::cachedGetById):
1194         (JSC::DFG::SpeculativeJIT::cachedPutById):
1195         * dfg/DFGSpeculativeJIT64.cpp:
1196         (JSC::DFG::SpeculativeJIT::cachedGetById):
1197         (JSC::DFG::SpeculativeJIT::cachedPutById):
1198         (JSC::DFG::SpeculativeJIT::compile):
1199         * jit/AssemblyHelpers.h:
1200         (JSC::AssemblyHelpers::isStrictModeFor):
1201         (JSC::AssemblyHelpers::strictModeFor):
1202         * jit/GPRInfo.h:
1203         (JSC::JSValueRegs::tagGPR):
1204         * jit/JIT.cpp:
1205         (JSC::JIT::JIT):
1206         (JSC::JIT::privateCompileSlowCases):
1207         (JSC::JIT::privateCompile):
1208         * jit/JIT.h:
1209         * jit/JITInlineCacheGenerator.cpp: Added.
1210         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
1211         (JSC::JITByIdGenerator::JITByIdGenerator):
1212         (JSC::JITByIdGenerator::finalize):
1213         (JSC::JITByIdGenerator::generateFastPathChecks):
1214         (JSC::JITGetByIdGenerator::generateFastPath):
1215         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
1216         (JSC::JITPutByIdGenerator::generateFastPath):
1217         (JSC::JITPutByIdGenerator::slowPathFunction):
1218         * jit/JITInlineCacheGenerator.h: Added.
1219         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
1220         (JSC::JITInlineCacheGenerator::stubInfo):
1221         (JSC::JITByIdGenerator::JITByIdGenerator):
1222         (JSC::JITByIdGenerator::reportSlowPathCall):
1223         (JSC::JITByIdGenerator::slowPathJump):
1224         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
1225         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
1226         * jit/JITPropertyAccess.cpp:
1227         (JSC::JIT::emit_op_get_by_id):
1228         (JSC::JIT::emitSlow_op_get_by_id):
1229         (JSC::JIT::emit_op_put_by_id):
1230         (JSC::JIT::emitSlow_op_put_by_id):
1231         * jit/JITPropertyAccess32_64.cpp:
1232         (JSC::JIT::emit_op_get_by_id):
1233         (JSC::JIT::emitSlow_op_get_by_id):
1234         (JSC::JIT::emit_op_put_by_id):
1235         (JSC::JIT::emitSlow_op_put_by_id):
1236         * jit/RegisterSet.h:
1237         (JSC::RegisterSet::set):
1238
1239 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
1240
1241         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
1242         https://bugs.webkit.org/show_bug.cgi?id=123067
1243
1244         Reviewed by Geoffrey Garen.
1245
1246         * API/APICast.h: Include it.
1247
1248 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
1249
1250         FTL::Location should treat the offset as an addend in the case of a Register location
1251         https://bugs.webkit.org/show_bug.cgi?id=123062
1252
1253         Reviewed by Sam Weinig.
1254
1255         * ftl/FTLLocation.cpp:
1256         (JSC::FTL::Location::forStackmaps):
1257         (JSC::FTL::Location::dump):
1258         (JSC::FTL::Location::restoreInto):
1259         * ftl/FTLLocation.h:
1260         (JSC::FTL::Location::forRegister):
1261         (JSC::FTL::Location::hasAddend):
1262         (JSC::FTL::Location::addend):
1263
1264 2013-10-19  Nadav Rotem  <nrotem@apple.com>
1265
1266         DFG dominators: document and rename stuff.
1267         https://bugs.webkit.org/show_bug.cgi?id=123056
1268
1269         Reviewed by Filip Pizlo.
1270
1271         Documented the code and renamed some variables.
1272
1273         * dfg/DFGDominators.cpp:
1274         (JSC::DFG::Dominators::compute):
1275         (JSC::DFG::Dominators::pruneDominators):
1276         * dfg/DFGDominators.h:
1277
1278 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
1279
1280         Fix build failure for architectures with 4 argument registers.
1281         https://bugs.webkit.org/show_bug.cgi?id=123060
1282
1283         Reviewed by Michael Saboff.
1284
1285         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
1286         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
1287
1288         * dfg/DFGSpeculativeJIT.h:
1289         (JSC::DFG::SpeculativeJIT::callOperation):
1290         * jit/CCallHelpers.h:
1291         (JSC::CCallHelpers::setupArgumentsWithExecState):
1292         * jit/JITInlines.h:
1293         (JSC::JIT::callOperation):
1294
1295 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1296
1297         Unreviewed, fix FTL build.
1298
1299         * ftl/FTLIntrinsicRepository.h:
1300         * ftl/FTLLowerDFGToLLVM.cpp:
1301         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1302
1303 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1304
1305         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
1306         https://bugs.webkit.org/show_bug.cgi?id=122940
1307
1308         Reviewed by Oliver Hunt.
1309         
1310         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
1311         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
1312         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
1313         StructureStubInfo's. It removes some of the need for the compile-time property access
1314         records; for example the DFG no longer has to save information about registers in a
1315         property access record only to later save it to the stub info.
1316         
1317         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
1318         at any stage of compilation.
1319
1320         * bytecode/CodeBlock.cpp:
1321         (JSC::CodeBlock::printGetByIdCacheStatus):
1322         (JSC::CodeBlock::dumpBytecode):
1323         (JSC::CodeBlock::~CodeBlock):
1324         (JSC::CodeBlock::propagateTransitions):
1325         (JSC::CodeBlock::finalizeUnconditionally):
1326         (JSC::CodeBlock::addStubInfo):
1327         (JSC::CodeBlock::getStubInfoMap):
1328         (JSC::CodeBlock::shrinkToFit):
1329         * bytecode/CodeBlock.h:
1330         (JSC::CodeBlock::begin):
1331         (JSC::CodeBlock::end):
1332         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
1333         * bytecode/CodeOrigin.h:
1334         (JSC::CodeOrigin::CodeOrigin):
1335         (JSC::CodeOrigin::isHashTableDeletedValue):
1336         (JSC::CodeOrigin::hash):
1337         (JSC::CodeOriginHash::hash):
1338         (JSC::CodeOriginHash::equal):
1339         * bytecode/GetByIdStatus.cpp:
1340         (JSC::GetByIdStatus::computeFor):
1341         * bytecode/GetByIdStatus.h:
1342         * bytecode/PutByIdStatus.cpp:
1343         (JSC::PutByIdStatus::computeFor):
1344         * bytecode/PutByIdStatus.h:
1345         * bytecode/StructureStubInfo.h:
1346         (JSC::getStructureStubInfoCodeOrigin):
1347         * dfg/DFGByteCodeParser.cpp:
1348         (JSC::DFG::ByteCodeParser::parseBlock):
1349         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1350         * dfg/DFGJITCompiler.cpp:
1351         (JSC::DFG::JITCompiler::link):
1352         * dfg/DFGJITCompiler.h:
1353         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
1354         (JSC::DFG::InRecord::InRecord):
1355         * dfg/DFGSpeculativeJIT.cpp:
1356         (JSC::DFG::SpeculativeJIT::compileIn):
1357         * dfg/DFGSpeculativeJIT.h:
1358         (JSC::DFG::SpeculativeJIT::callOperation):
1359         * dfg/DFGSpeculativeJIT32_64.cpp:
1360         (JSC::DFG::SpeculativeJIT::cachedGetById):
1361         (JSC::DFG::SpeculativeJIT::cachedPutById):
1362         * dfg/DFGSpeculativeJIT64.cpp:
1363         (JSC::DFG::SpeculativeJIT::cachedGetById):
1364         (JSC::DFG::SpeculativeJIT::cachedPutById):
1365         * jit/CCallHelpers.h:
1366         (JSC::CCallHelpers::setupArgumentsWithExecState):
1367         * jit/JIT.cpp:
1368         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1369         (JSC::JIT::privateCompile):
1370         * jit/JIT.h:
1371         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
1372         * jit/JITInlines.h:
1373         (JSC::JIT::callOperation):
1374         * jit/JITOperations.cpp:
1375         * jit/JITOperations.h:
1376         * jit/JITPropertyAccess.cpp:
1377         (JSC::JIT::emitSlow_op_get_by_id):
1378         (JSC::JIT::emitSlow_op_put_by_id):
1379         * jit/JITPropertyAccess32_64.cpp:
1380         (JSC::JIT::emitSlow_op_get_by_id):
1381         (JSC::JIT::emitSlow_op_put_by_id):
1382         * jit/Repatch.cpp:
1383         (JSC::appropriateGenericPutByIdFunction):
1384         (JSC::appropriateListBuildingPutByIdFunction):
1385         (JSC::resetPutByID):
1386
1387 2013-10-18  Oliver Hunt  <oliver@apple.com>
1388
1389         Spread operator should be performing direct "puts" and not triggering setters
1390         https://bugs.webkit.org/show_bug.cgi?id=123047
1391
1392         Reviewed by Geoffrey Garen.
1393
1394         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
1395         to array construct.  This required a new PutByValDirect node to be introduced to
1396         the DFG.  The current implementation simply changes the slow path function that
1397         is called, but in future this could be made faster as it does not need to check
1398         the prototype chain.
1399
1400         * bytecode/CodeBlock.cpp:
1401         (JSC::CodeBlock::dumpBytecode):
1402         (JSC::CodeBlock::CodeBlock):
1403         * bytecode/Opcode.h:
1404         (JSC::padOpcodeName):
1405         * bytecompiler/BytecodeGenerator.cpp:
1406         (JSC::BytecodeGenerator::emitDirectPutByVal):
1407         * bytecompiler/BytecodeGenerator.h:
1408         * bytecompiler/NodesCodegen.cpp:
1409         (JSC::ArrayNode::emitBytecode):
1410         * dfg/DFGAbstractInterpreterInlines.h:
1411         (JSC::DFG::::executeEffects):
1412         * dfg/DFGBackwardsPropagationPhase.cpp:
1413         (JSC::DFG::BackwardsPropagationPhase::propagate):
1414         * dfg/DFGByteCodeParser.cpp:
1415         (JSC::DFG::ByteCodeParser::parseBlock):
1416         * dfg/DFGCSEPhase.cpp:
1417         (JSC::DFG::CSEPhase::getArrayLengthElimination):
1418         (JSC::DFG::CSEPhase::getByValLoadElimination):
1419         (JSC::DFG::CSEPhase::checkStructureElimination):
1420         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
1421         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1422         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
1423         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1424         (JSC::DFG::CSEPhase::performNodeCSE):
1425         * dfg/DFGCapabilities.cpp:
1426         (JSC::DFG::capabilityLevel):
1427         * dfg/DFGClobberize.h:
1428         (JSC::DFG::clobberize):
1429         * dfg/DFGFixupPhase.cpp:
1430         (JSC::DFG::FixupPhase::fixupNode):
1431         * dfg/DFGGraph.h:
1432         (JSC::DFG::Graph::clobbersWorld):
1433         * dfg/DFGNode.h:
1434         (JSC::DFG::Node::hasArrayMode):
1435         * dfg/DFGNodeType.h:
1436         * dfg/DFGOperations.cpp:
1437         (JSC::DFG::putByVal):
1438         (JSC::DFG::operationPutByValInternal):
1439         * dfg/DFGOperations.h:
1440         * dfg/DFGPredictionPropagationPhase.cpp:
1441         (JSC::DFG::PredictionPropagationPhase::propagate):
1442         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
1443         * dfg/DFGSafeToExecute.h:
1444         (JSC::DFG::safeToExecute):
1445         * dfg/DFGSpeculativeJIT32_64.cpp:
1446         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
1447         (JSC::DFG::SpeculativeJIT::compile):
1448         * dfg/DFGSpeculativeJIT64.cpp:
1449         (JSC::DFG::SpeculativeJIT::compile):
1450         * dfg/DFGTypeCheckHoistingPhase.cpp:
1451         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
1452         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
1453         * jit/JIT.cpp:
1454         (JSC::JIT::privateCompileMainPass):
1455         (JSC::JIT::privateCompileSlowCases):
1456         * jit/JIT.h:
1457         (JSC::JIT::compileDirectPutByVal):
1458         * jit/JITOperations.cpp:
1459         * jit/JITOperations.h:
1460         * jit/JITPropertyAccess.cpp:
1461         (JSC::JIT::emitSlow_op_put_by_val):
1462         (JSC::JIT::privateCompilePutByVal):
1463         * jit/JITPropertyAccess32_64.cpp:
1464         (JSC::JIT::emitSlow_op_put_by_val):
1465         * llint/LLIntSlowPaths.cpp:
1466         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1467         * llint/LLIntSlowPaths.h:
1468         * llint/LowLevelInterpreter32_64.asm:
1469         * llint/LowLevelInterpreter64.asm:
1470
1471 2013-10-18  Daniel Bates  <dabates@apple.com>
1472
1473         [iOS] Export symbol for VM::sharedInstanceExists()
1474         https://bugs.webkit.org/show_bug.cgi?id=123046
1475
1476         Reviewed by Mark Hahnenberg.
1477
1478         * runtime/VM.h:
1479
1480 2013-10-18  Daniel Bates  <dabates@apple.com>
1481
1482         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
1483         https://bugs.webkit.org/show_bug.cgi?id=123049
1484
1485         Reviewed by Mark Hahnenberg.
1486
1487         * heap/Heap.cpp:
1488         (JSC::Heap::setIncrementalSweeper):
1489         * heap/Heap.h:
1490         * heap/HeapTimer.h:
1491         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
1492         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
1493         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
1494         (duplicates the include in the .cpp).
1495         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
1496         making use of this now, but we'll make use of it in a subsequent patch.
1497
1498 2013-10-18  Anders Carlsson  <andersca@apple.com>
1499
1500         Remove spaces between template angle brackets
1501         https://bugs.webkit.org/show_bug.cgi?id=123040
1502
1503         Reviewed by Andreas Kling.
1504
1505         * API/JSCallbackObject.cpp:
1506         (JSC::::create):
1507         * API/JSObjectRef.cpp:
1508         * bytecode/CodeBlock.h:
1509         (JSC::CodeBlock::constants):
1510         (JSC::CodeBlock::setConstantRegisters):
1511         * bytecode/DFGExitProfile.h:
1512         * bytecode/EvalCodeCache.h:
1513         * bytecode/Operands.h:
1514         * bytecode/UnlinkedCodeBlock.h:
1515         (JSC::UnlinkedCodeBlock::constantRegisters):
1516         * bytecode/Watchpoint.h:
1517         * bytecompiler/BytecodeGenerator.h:
1518         * bytecompiler/StaticPropertyAnalysis.h:
1519         * bytecompiler/StaticPropertyAnalyzer.h:
1520         * dfg/DFGArgumentsSimplificationPhase.cpp:
1521         * dfg/DFGBlockInsertionSet.h:
1522         * dfg/DFGCSEPhase.cpp:
1523         (JSC::DFG::performCSE):
1524         (JSC::DFG::performStoreElimination):
1525         * dfg/DFGCommonData.h:
1526         * dfg/DFGDesiredStructureChains.h:
1527         * dfg/DFGDesiredWatchpoints.h:
1528         * dfg/DFGJITCompiler.h:
1529         * dfg/DFGOSRExitCompiler32_64.cpp:
1530         (JSC::DFG::OSRExitCompiler::compileExit):
1531         * dfg/DFGOSRExitCompiler64.cpp:
1532         (JSC::DFG::OSRExitCompiler::compileExit):
1533         * dfg/DFGWorklist.h:
1534         * heap/BlockAllocator.h:
1535         (JSC::CopiedBlock):
1536         (JSC::MarkedBlock):
1537         (JSC::WeakBlock):
1538         (JSC::MarkStackSegment):
1539         (JSC::CopyWorkListSegment):
1540         (JSC::HandleBlock):
1541         * heap/Heap.h:
1542         * heap/Local.h:
1543         * heap/MarkedBlock.h:
1544         * heap/Strong.h:
1545         * jit/AssemblyHelpers.cpp:
1546         (JSC::AssemblyHelpers::decodedCodeMapFor):
1547         * jit/AssemblyHelpers.h:
1548         * jit/SpecializedThunkJIT.h:
1549         * parser/Nodes.h:
1550         * parser/Parser.cpp:
1551         (JSC::::parseIfStatement):
1552         * parser/Parser.h:
1553         (JSC::Scope::copyCapturedVariablesToVector):
1554         (JSC::parse):
1555         * parser/ParserArena.h:
1556         * parser/SourceProviderCacheItem.h:
1557         * profiler/LegacyProfiler.cpp:
1558         (JSC::dispatchFunctionToProfiles):
1559         * profiler/LegacyProfiler.h:
1560         (JSC::LegacyProfiler::currentProfiles):
1561         * profiler/ProfileNode.h:
1562         (JSC::ProfileNode::children):
1563         * profiler/ProfilerDatabase.h:
1564         * runtime/Butterfly.h:
1565         (JSC::Butterfly::contiguousInt32):
1566         (JSC::Butterfly::contiguous):
1567         * runtime/GenericTypedArrayViewInlines.h:
1568         (JSC::::create):
1569         * runtime/Identifier.h:
1570         (JSC::Identifier::add):
1571         * runtime/JSPromise.h:
1572         * runtime/PropertyMapHashTable.h:
1573         * runtime/PropertyNameArray.h:
1574         * runtime/RegExpCache.h:
1575         * runtime/SparseArrayValueMap.h:
1576         * runtime/SymbolTable.h:
1577         * runtime/VM.h:
1578         * tools/CodeProfile.cpp:
1579         (JSC::truncateTrace):
1580         * tools/CodeProfile.h:
1581         * yarr/YarrInterpreter.cpp:
1582         * yarr/YarrInterpreter.h:
1583         (JSC::Yarr::BytecodePattern::BytecodePattern):
1584         * yarr/YarrJIT.cpp:
1585         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
1586         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
1587         (JSC::Yarr::YarrGenerator::opCompileBody):
1588         * yarr/YarrPattern.cpp:
1589         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
1590         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1591         * yarr/YarrPattern.h:
1592
1593 2013-10-18  Mark Lam  <mark.lam@apple.com>
1594
1595         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
1596         https://bugs.webkit.org/show_bug.cgi?id=123037.
1597
1598         Reviewed by Geoffrey Garen.
1599
1600         * jit/JITStubsMSVC64.asm:
1601         * jit/JITStubsX86.h:
1602         * jit/JITStubsX86_64.h:
1603
1604 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1605
1606         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
1607         https://bugs.webkit.org/show_bug.cgi?id=121661
1608
1609         Reviewed by Mark Hahnenberg.
1610         
1611         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
1612         so I added a return-early check using isCompilationThread().
1613         
1614         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
1615         it is describing: m_offset and the property table. Most structures only have m_offset and report
1616         null for the property table. If the property table is there, it will tell you additional
1617         information and that information subsumes m_offset - but the m_offset is still there. So, when
1618         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
1619         machinery to do this.
1620         
1621         Changing the property table only happens on the main thread.
1622         
1623         Because the machinery to change the property table is so complex, especially with respect to
1624         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
1625         called at key points before and after changes to the property table or the offset.
1626
1627         Most clients of Structure who care about object layout, including the concurrent thread, will
1628         want to know m_offset and not the property table. If they want the property table, they will
1629         already be super careful. The concurrent thread has special methods for this, like
1630         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
1631         view of the property table.
1632         
1633         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
1634         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
1635         
1636         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
1637         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
1638         because we have found that it helps quickly identify situations where the property table and
1639         m_offset get out of sync - mainly because code that changes either of those things will usually
1640         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
1641         need the property table; it uses the m_offset. The concurrent JIT is correct to call
1642         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
1643         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
1644         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
1645         locks, and that same structure is having its property table modified by the main thread, we end
1646         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
1647         property table modified - instead what happens is that some downstream structure steals the
1648         property table and then starts adding things to it. The concurrent thread loads the property
1649         table before it's stolen, and hence the badness.
1650         
1651         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
1652         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
1653         and then you have a possible crash.
1654         
1655         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
1656         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
1657         it's in the concurrent JIT.
1658         
1659         * runtime/StructureInlines.h:
1660         (JSC::Structure::checkOffsetConsistency):
1661
1662 2013-10-18  Daniel Bates  <dabates@apple.com>
1663
1664         Add SPI to disable the garbage collector timer
1665         https://bugs.webkit.org/show_bug.cgi?id=122921
1666
1667         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
1668         omitted.
1669
1670         * heap/Heap.cpp:
1671         (JSC::Heap::setGarbageCollectionTimerEnabled):
1672
1673 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1674
1675         Group 64-bit specific and 32-bit specific callOperation implementations.
1676         https://bugs.webkit.org/show_bug.cgi?id=123024
1677
1678         Reviewed by Michael Saboff.
1679
1680         This is not a big deal, but could be less confusing when reading the code.
1681
1682         * jit/JITInlines.h:
1683         (JSC::JIT::callOperation):
1684         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1685         (JSC::JIT::callOperationNoExceptionCheck):
1686
1687 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1688
1689         Fix a FlushLiveness problem.
1690         https://bugs.webkit.org/show_bug.cgi?id=122984
1691
1692         Reviewed by Filip Pizlo.
1693
1694         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1695         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1696
1697 2013-10-18  Michael Saboff  <msaboff@apple.com>
1698
1699         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1700         https://bugs.webkit.org/show_bug.cgi?id=122982
1701
1702         Reviewed by Geoffrey Garen.
1703
1704         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1705         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1706         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1707         in the process.
1708
1709         * dfg/DFGJITCompiler.cpp:
1710         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1711         * jit/CCallHelpers.h:
1712         (JSC::CCallHelpers::jumpToExceptionHandler):
1713         * jit/JIT.cpp:
1714         (JSC::JIT::privateCompileExceptionHandlers):
1715         * jit/JIT.h:
1716         * jit/JITExceptions.cpp:
1717         (JSC::genericUnwind):
1718         * jit/JITExceptions.h:
1719         * jit/JITInlines.h:
1720         (JSC::JIT::callOperationNoExceptionCheck):
1721         * jit/JITOpcodes.cpp:
1722         (JSC::JIT::emit_op_throw):
1723         * jit/JITOpcodes32_64.cpp:
1724         (JSC::JIT::privateCompileCTINativeCall):
1725         (JSC::JIT::emit_op_throw):
1726         * jit/JITOperations.cpp:
1727         * jit/JITOperations.h:
1728         * jit/JITStubs.cpp:
1729         * jit/JITStubs.h:
1730         * jit/JITStubsARM.h:
1731         * jit/JITStubsARM64.h:
1732         * jit/JITStubsARMv7.h:
1733         * jit/JITStubsMIPS.h:
1734         * jit/JITStubsMSVC64.asm:
1735         * jit/JITStubsSH4.h:
1736         * jit/JITStubsX86.h:
1737         * jit/JITStubsX86_64.h:
1738         * jit/Repatch.cpp:
1739         (JSC::tryBuildGetByIDList):
1740         * jit/SlowPathCall.h:
1741         (JSC::JITSlowPathCall::call):
1742         * jit/ThunkGenerators.cpp:
1743         (JSC::throwExceptionFromCallSlowPathGenerator):
1744         (JSC::nativeForGenerator):
1745         * runtime/VM.h:
1746         (JSC::VM::callFrameForThrowOffset):
1747         (JSC::VM::targetMachinePCForThrowOffset):
1748
1749 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1750
1751         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1752         https://bugs.webkit.org/show_bug.cgi?id=123023
1753
1754         Reviewed by Michael Saboff.
1755
1756         * jit/JITInlines.h:
1757         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1758         using EABI_32BIT_DUMMY_ARG here.
1759
1760 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1761
1762         Unreviewed, another ARM64 build fix.
1763         
1764         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1765         on ARM64 and none of its uses are legit - they should all be using
1766         andPtr(TrustedImm32, blah) anyway.
1767
1768         * assembler/MacroAssembler.h:
1769         * assembler/MacroAssemblerARM64.h:
1770         * dfg/DFGJITCompiler.cpp:
1771         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1772         * jit/JIT.cpp:
1773         (JSC::JIT::privateCompileExceptionHandlers):
1774
1775 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1776
1777         Unreviewed, speculative ARM64 build fix.
1778         
1779         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1780         implemented. So, you have to use TrustedImmPtr in the superclasses.
1781
1782         * assembler/MacroAssemblerARM64.h:
1783         (JSC::MacroAssemblerARM64::store8):
1784         (JSC::MacroAssemblerARM64::branchTest8):
1785
1786 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1787
1788         Unreviewed, speculative ARM build fix.
1789         https://bugs.webkit.org/show_bug.cgi?id=122890
1790         <rdar://problem/15258624>
1791
1792         * assembler/ARM64Assembler.h:
1793         (JSC::ARM64Assembler::firstRegister):
1794         (JSC::ARM64Assembler::lastRegister):
1795         (JSC::ARM64Assembler::firstFPRegister):
1796         (JSC::ARM64Assembler::lastFPRegister):
1797         * assembler/MacroAssemblerARM64.h:
1798         * assembler/MacroAssemblerARMv7.h:
1799
1800 2013-10-17  Andreas Kling  <akling@apple.com>
1801
1802         Pass VM instead of JSGlobalObject to JSONObject constructor.
1803         <https://webkit.org/b/122999>
1804
1805         JSONObject was only use the JSGlobalObject to grab at the VM.
1806         Dodge a few loads by passing the VM directly instead.
1807
1808         Reviewed by Geoffrey Garen.
1809
1810         * runtime/JSONObject.cpp:
1811         (JSC::JSONObject::JSONObject):
1812         (JSC::JSONObject::finishCreation):
1813         * runtime/JSONObject.h:
1814         (JSC::JSONObject::create):
1815
1816 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1817
1818         Removed the JITStackFrame struct
1819         https://bugs.webkit.org/show_bug.cgi?id=123001
1820
1821         Reviewed by Anders Carlsson.
1822
1823         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1824         our helper functions obey the C function call ABI.
1825
1826 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1827
1828         Removed an unused #define
1829         https://bugs.webkit.org/show_bug.cgi?id=123000
1830
1831         Reviewed by Anders Carlsson.
1832
1833         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1834         since it is unused now. This is a step toward using the C stack.
1835
1836 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1837
1838         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1839         https://bugs.webkit.org/show_bug.cgi?id=122973
1840
1841         Reviewed by Michael Saboff.
1842
1843         * jit/ThunkGenerators.cpp:
1844         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1845         so I removed it.
1846
1847         The code acted as if it needed to pass an argument to
1848         lookupExceptionHandler, and as if it passed that argument to itself
1849         through JITStackFrame. However, lookupExceptionHandler does not take
1850         an argument (other than the default ExecState argument), and the code
1851         did not initialize the thing that it thought it passed to itself!
1852
1853 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1854
1855         Run JavaScriptCore tests again on Windows.
1856         https://bugs.webkit.org/show_bug.cgi?id=122787
1857
1858         Reviewed by Tim Horton.
1859
1860         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1861         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1862
1863 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1864
1865         Removed restoreArgumentReference (another use of JITStackFrame)
1866         https://bugs.webkit.org/show_bug.cgi?id=122997
1867
1868         Reviewed by Oliver Hunt.
1869
1870         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1871         toward using the C stack.
1872
1873 2013-10-17  Oliver Hunt  <oliver@apple.com>
1874
1875         Remove JITStubCall.h
1876         https://bugs.webkit.org/show_bug.cgi?id=122991
1877
1878         Reviewed by Geoff Garen.
1879
1880         Happily this is no longer used
1881
1882         * GNUmakefile.list.am:
1883         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1884         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1885         * JavaScriptCore.xcodeproj/project.pbxproj:
1886         * jit/JIT.cpp:
1887         * jit/JITArithmetic.cpp:
1888         * jit/JITArithmetic32_64.cpp:
1889         * jit/JITCall.cpp:
1890         * jit/JITCall32_64.cpp:
1891         * jit/JITOpcodes.cpp:
1892         * jit/JITOpcodes32_64.cpp:
1893         * jit/JITPropertyAccess.cpp:
1894         * jit/JITPropertyAccess32_64.cpp:
1895         * jit/JITStubCall.h: Removed.
1896
1897 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1898
1899         Removed a use of JITSTACKFRAME_ARGS_INDEX
1900         https://bugs.webkit.org/show_bug.cgi?id=122989
1901
1902         Reviewed by Oliver Hunt.
1903
1904         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1905         to using the C stack.
1906
1907 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1908
1909         Change emit_op_catch to use another method to materialize VM
1910         https://bugs.webkit.org/show_bug.cgi?id=122977
1911
1912         Reviewed by Oliver Hunt.
1913
1914         * jit/JITOpcodes.cpp:
1915         (JSC::JIT::emit_op_catch):
1916         * jit/JITOpcodes32_64.cpp:
1917         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1918         on JITStackFrame. It is also faster and simpler.
1919
1920 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1921
1922         Eliminate emitGetJITStubArg() - dead code
1923         https://bugs.webkit.org/show_bug.cgi?id=122975
1924
1925         Reviewed by Anders Carlsson.
1926
1927         * jit/JIT.h:
1928         * jit/JITInlines.h: Removed unused, deprecated function.
1929
1930 2013-10-17  Mark Lam  <mark.lam@apple.com>
1931
1932         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1933         https://bugs.webkit.org/show_bug.cgi?id=122979.
1934
1935         Reviewed by Michael Saboff.
1936
1937         * jit/JITStubs.cpp:
1938         * jit/JITStubs.h:
1939         * jit/JITStubsARM.h:
1940         * jit/JITStubsARM64.h:
1941         * jit/JITStubsARMv7.h:
1942         * jit/JITStubsMIPS.h:
1943         * jit/JITStubsSH4.h:
1944         * jit/JITStubsX86.h:
1945         * jit/JITStubsX86_64.h:
1946         * runtime/VM.cpp:
1947         (JSC::VM::VM):
1948
1949 2013-10-17  Michael Saboff  <msaboff@apple.com>
1950
1951         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1952         https://bugs.webkit.org/show_bug.cgi?id=122974
1953
1954         Reviewed by Geoffrey Garen.
1955
1956         Eliminated unneeded storing to JITStackFrame.
1957
1958         * dfg/DFGJITCompiler.cpp:
1959         (JSC::DFG::JITCompiler::compileFunction):
1960
1961 2013-10-17  Michael Saboff  <msaboff@apple.com>
1962
1963         Transition cti_op_throw and cti_vm_throw to a JIT operation
1964         https://bugs.webkit.org/show_bug.cgi?id=122931
1965
1966         Reviewed by Filip Pizlo.
1967
1968         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1969         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1970         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1971         callOperation to handle the need to provide space for structure return value.
1972
1973         * jit/JIT.h:
1974         * jit/JITInlines.h:
1975         (JSC::JIT::callOperation):
1976         * jit/JITOpcodes.cpp:
1977         (JSC::JIT::emit_op_throw):
1978         * jit/JITOpcodes32_64.cpp:
1979         (JSC::JIT::emit_op_throw):
1980         (JSC::JIT::emit_op_catch):
1981         * jit/JITOperations.cpp:
1982         * jit/JITOperations.h:
1983         * jit/JITStubs.cpp:
1984         * jit/JITStubs.h:
1985         * jit/JITStubsARM.h:
1986         * jit/JITStubsARM64.h:
1987         * jit/JITStubsARMv7.h:
1988         * jit/JITStubsMIPS.h:
1989         * jit/JITStubsMSVC64.asm:
1990         * jit/JITStubsSH4.h:
1991         * jit/JITStubsX86.h:
1992         * jit/JITStubsX86_64.h:
1993         * jit/JSInterfaceJIT.h:
1994
1995 2013-10-17  Mark Lam  <mark.lam@apple.com>
1996
1997         Remove JITStackFrame references in the C Loop LLINT.
1998         https://bugs.webkit.org/show_bug.cgi?id=122950.
1999
2000         Reviewed by Michael Saboff.
2001
2002         * jit/JITStubs.h:
2003         * llint/LowLevelInterpreter.cpp:
2004         (JSC::CLoop::execute):
2005         * offlineasm/cloop.rb:
2006
2007 2013-10-17  Mark Lam  <mark.lam@apple.com>
2008
2009         Remove JITStackFrame references in JIT probes.
2010         https://bugs.webkit.org/show_bug.cgi?id=122947.
2011
2012         Reviewed by Michael Saboff.
2013
2014         * assembler/MacroAssemblerARM.cpp:
2015         (JSC::MacroAssemblerARM::ProbeContext::dump):
2016         * assembler/MacroAssemblerARM.h:
2017         * assembler/MacroAssemblerARMv7.cpp:
2018         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
2019         * assembler/MacroAssemblerARMv7.h:
2020         * assembler/MacroAssemblerX86Common.cpp:
2021         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
2022         * assembler/MacroAssemblerX86Common.h:
2023         * jit/JITStubsARM.h:
2024         * jit/JITStubsARMv7.h:
2025         * jit/JITStubsX86.h:
2026         * jit/JITStubsX86Common.h:
2027         * jit/JITStubsX86_64.h:
2028
2029 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
2030
2031         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
2032         https://bugs.webkit.org/show_bug.cgi?id=122949
2033
2034         Reviewed by Andreas Kling.
2035
2036         * jit/CCallHelpers.h:
2037         (JSC::CCallHelpers::setupArgumentsWithExecState):
2038
2039 2013-10-16  Mark Lam  <mark.lam@apple.com>
2040
2041         Transition remaining op_get* JITStubs to JIT operations.
2042         https://bugs.webkit.org/show_bug.cgi?id=122925.
2043
2044         Reviewed by Geoffrey Garen.
2045
2046         Transitioning:
2047             cti_op_get_by_id_generic
2048             cti_op_get_by_val
2049             cti_op_get_by_val_generic
2050             cti_op_get_by_val_string
2051
2052         * dfg/DFGOperations.cpp:
2053         * dfg/DFGOperations.h:
2054         * jit/JIT.h:
2055         * jit/JITInlines.h:
2056         (JSC::JIT::callOperation):
2057         * jit/JITOpcodes.cpp:
2058         (JSC::JIT::emitSlow_op_get_arguments_length):
2059         (JSC::JIT::emitSlow_op_get_argument_by_val):
2060         * jit/JITOpcodes32_64.cpp:
2061         (JSC::JIT::emitSlow_op_get_arguments_length):
2062         (JSC::JIT::emitSlow_op_get_argument_by_val):
2063         * jit/JITOperations.cpp:
2064         * jit/JITOperations.h:
2065         * jit/JITPropertyAccess.cpp:
2066         (JSC::JIT::emitSlow_op_get_by_val):
2067         (JSC::JIT::emitSlow_op_get_by_pname):
2068         (JSC::JIT::privateCompileGetByVal):
2069         * jit/JITPropertyAccess32_64.cpp:
2070         (JSC::JIT::emitSlow_op_get_by_val):
2071         (JSC::JIT::emitSlow_op_get_by_pname):
2072         * jit/JITStubs.cpp:
2073         * jit/JITStubs.h:
2074         * runtime/Executable.cpp:
2075         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
2076         * runtime/Options.cpp:
2077         (JSC::Options::initialize):
2078
2079 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
2080
2081         Introduce WTF::Bag and start using it for InlineCallFrameSet
2082         https://bugs.webkit.org/show_bug.cgi?id=122941
2083
2084         Reviewed by Geoffrey Garen.
2085         
2086         Use Bag for InlineCallFrameSet. If this works out then I'll make other
2087         SegmentedVectors into Bags as well.
2088
2089         * bytecode/InlineCallFrameSet.cpp:
2090         (JSC::InlineCallFrameSet::add):
2091         * bytecode/InlineCallFrameSet.h:
2092         (JSC::InlineCallFrameSet::begin):
2093         (JSC::InlineCallFrameSet::end):
2094         * dfg/DFGArgumentsSimplificationPhase.cpp:
2095         (JSC::DFG::ArgumentsSimplificationPhase::run):
2096         * dfg/DFGJITCompiler.cpp:
2097         (JSC::DFG::JITCompiler::link):
2098         * dfg/DFGStackLayoutPhase.cpp:
2099         (JSC::DFG::StackLayoutPhase::run):
2100         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2101         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2102
2103 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
2104
2105         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
2106         https://bugs.webkit.org/show_bug.cgi?id=122905
2107         <rdar://problem/15237856>
2108
2109         Reviewed by Michael Saboff.
2110         
2111         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
2112         then always call it to install something that calls CRASH().
2113
2114         * llvm/InitializeLLVM.cpp:
2115         (JSC::llvmCrash):
2116         (JSC::initializeLLVMOnce):
2117         (JSC::initializeLLVM):
2118         * llvm/LLVMAPIFunctions.h:
2119
2120 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
2121
2122         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
2123         https://bugs.webkit.org/show_bug.cgi?id=122938
2124
2125         Reviewed by Sam Weinig.
2126         
2127         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
2128
2129         * jit/Repatch.cpp:
2130         (JSC::tryBuildGetByIDList):
2131
2132 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
2133
2134         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
2135         https://bugs.webkit.org/show_bug.cgi?id=122937
2136
2137         Reviewed by Geoffrey Garen.
2138         
2139         JITStubCall used to do it.
2140         
2141         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
2142
2143         * jit/JIT.h:
2144         (JSC::JIT::appendCall):
2145
2146 2013-10-16  Michael Saboff  <msaboff@apple.com>
2147
2148         transition void cti_op_put_by_val* stubs to JIT operations
2149         https://bugs.webkit.org/show_bug.cgi?id=122903
2150
2151         Reviewed by Geoffrey Garen.
2152
2153         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
2154         operationPutByValGeneric.
2155
2156         * jit/CCallHelpers.h:
2157         (JSC::CCallHelpers::setupArgumentsWithExecState):
2158         * jit/JIT.h:
2159         * jit/JITInlines.h:
2160         (JSC::JIT::callOperation):
2161         * jit/JITOperations.cpp:
2162         * jit/JITOperations.h:
2163         * jit/JITPropertyAccess.cpp:
2164         (JSC::JIT::emitSlow_op_put_by_val):
2165         (JSC::JIT::privateCompilePutByVal):
2166         * jit/JITPropertyAccess32_64.cpp:
2167         (JSC::JIT::emitSlow_op_put_by_val):
2168         * jit/JITStubs.cpp:
2169         * jit/JITStubs.h:
2170         * jit/JSInterfaceJIT.h:
2171
2172 2013-10-16  Oliver Hunt  <oliver@apple.com>
2173
2174         Implement ES6 spread operator
2175         https://bugs.webkit.org/show_bug.cgi?id=122911
2176
2177         Reviewed by Michael Saboff.
2178
2179         Implement the ES6 spread operator
2180
2181         This has a little bit of refactoring to move the enumeration logic out ForOfNode
2182         and into BytecodeGenerator, and then adds the logic to make it nicely callback
2183         driven.
2184
2185         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
2186         and actually handling the spread.
2187
2188         * bytecompiler/BytecodeGenerator.cpp:
2189         (JSC::BytecodeGenerator::emitNewArray):
2190         (JSC::BytecodeGenerator::emitCall):
2191         (JSC::BytecodeGenerator::emitEnumeration):
2192         * bytecompiler/BytecodeGenerator.h:
2193         * bytecompiler/NodesCodegen.cpp:
2194         (JSC::ArrayNode::emitBytecode):
2195         (JSC::ForOfNode::emitBytecode):
2196         (JSC::SpreadExpressionNode::emitBytecode):
2197         * parser/ASTBuilder.h:
2198         (JSC::ASTBuilder::createSpreadExpression):
2199         * parser/Lexer.cpp:
2200         (JSC::::lex):
2201         * parser/NodeConstructors.h:
2202         (JSC::SpreadExpressionNode::SpreadExpressionNode):
2203         * parser/Nodes.h:
2204         (JSC::ExpressionNode::isSpreadExpression):
2205         (JSC::SpreadExpressionNode::expression):
2206         * parser/Parser.cpp:
2207         (JSC::::parseArrayLiteral):
2208         (JSC::::parseArguments):
2209         (JSC::::parseMemberExpression):
2210         * parser/Parser.h:
2211         (JSC::Parser::getTokenName):
2212         (JSC::Parser::updateErrorMessageSpecialCase):
2213         * parser/ParserTokens.h:
2214         * parser/SyntaxChecker.h:
2215         (JSC::SyntaxChecker::createSpreadExpression):
2216
2217 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
2218
2219         Add a useLLInt option to jsc
2220         https://bugs.webkit.org/show_bug.cgi?id=122930
2221
2222         Reviewed by Geoffrey Garen.
2223
2224         * runtime/Executable.cpp:
2225         (JSC::setupLLInt):
2226         (JSC::setupJIT):
2227         (JSC::ScriptExecutable::prepareForExecutionImpl):
2228         * runtime/Options.h:
2229
2230 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
2231
2232         Build fix.
2233
2234         Forgot to svn add DeferGC.cpp
2235
2236         * heap/DeferGC.cpp: Added.
2237
2238 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
2239
2240         r157411 fails run-javascriptcore-tests when run with Baseline JIT
2241         https://bugs.webkit.org/show_bug.cgi?id=122902
2242
2243         Reviewed by Mark Hahnenberg.
2244         
2245         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
2246         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
2247         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
2248         didn't. Turns out that there's even a helpful method,
2249         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
2250
2251         * jit/Repatch.cpp:
2252         (JSC::tryCachePutByID):
2253
2254 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
2255
2256         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2257         https://bugs.webkit.org/show_bug.cgi?id=122667
2258
2259         Reviewed by Geoffrey Garen.
2260
2261         The issue this patch is attempting to fix is that there are places in our codebase
2262         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2263         operations that can initiate a garbage collection. Garbage collection then calls 
2264         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2265         always necessarily run during garbage collection). This causes a deadlock.
2266  
2267         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2268         into a thread-local field that indicates that it is unsafe to perform any operation 
2269         that could trigger garbage collection on the current thread. In debug builds, 
2270         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2271         detect deadlocks.
2272  
2273         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2274         which uses the DeferGC mechanism to prevent collections from occurring while the 
2275         lock is held.
2276
2277         * CMakeLists.txt:
2278         * GNUmakefile.list.am:
2279         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2280         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2281         * JavaScriptCore.xcodeproj/project.pbxproj:
2282         * heap/DeferGC.h:
2283         (JSC::DisallowGC::DisallowGC):
2284         (JSC::DisallowGC::~DisallowGC):
2285         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2286         (JSC::DisallowGC::initialize):
2287         * jit/Repatch.cpp:
2288         (JSC::repatchPutByID):
2289         (JSC::buildPutByIdList):
2290         * llint/LLIntSlowPaths.cpp:
2291         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2292         * runtime/ConcurrentJITLock.h:
2293         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2294         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2295         (JSC::ConcurrentJITLockerBase::unlockEarly):
2296         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2297         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
2298         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
2299         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2300         * runtime/InitializeThreading.cpp:
2301         (JSC::initializeThreadingOnce):
2302         * runtime/JSCellInlines.h:
2303         (JSC::allocateCell):
2304         * runtime/JSSymbolTableObject.h:
2305         (JSC::symbolTablePut):
2306         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
2307         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
2308         before the caller has a chance to use the newly created PropertyTable. The garbage collection
2309         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
2310         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
2311         the Structure.
2312         (JSC::Structure::materializePropertyMap):
2313         (JSC::Structure::despecifyDictionaryFunction):
2314         (JSC::Structure::changePrototypeTransition):
2315         (JSC::Structure::despecifyFunctionTransition):
2316         (JSC::Structure::attributeChangeTransition):
2317         (JSC::Structure::toDictionaryTransition):
2318         (JSC::Structure::preventExtensionsTransition):
2319         (JSC::Structure::takePropertyTableOrCloneIfPinned):
2320         (JSC::Structure::isSealed):
2321         (JSC::Structure::isFrozen):
2322         (JSC::Structure::addPropertyWithoutTransition):
2323         (JSC::Structure::removePropertyWithoutTransition):
2324         (JSC::Structure::get):
2325         (JSC::Structure::despecifyFunction):
2326         (JSC::Structure::despecifyAllFunctions):
2327         (JSC::Structure::putSpecificValue):
2328         (JSC::Structure::createPropertyMap):
2329         (JSC::Structure::getPropertyNamesFromStructure):
2330         * runtime/Structure.h:
2331         (JSC::Structure::materializePropertyMapIfNecessary):
2332         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
2333         * runtime/StructureInlines.h:
2334         (JSC::Structure::get):
2335         * runtime/SymbolTable.h:
2336         (JSC::SymbolTable::find):
2337         (JSC::SymbolTable::end):
2338
2339 2013-10-16  Daniel Bates  <dabates@apple.com>
2340
2341         Add SPI to disable the garbage collector timer
2342         https://bugs.webkit.org/show_bug.cgi?id=122921
2343
2344         Reviewed by Geoffrey Garen.
2345
2346         Based on a patch by Mark Hahnenberg.
2347
2348         * API/JSBase.cpp:
2349         (JSDisableGCTimer): Added; SPI function.
2350         * API/JSBasePrivate.h:
2351         * heap/BlockAllocator.cpp:
2352         (JSC::createBlockFreeingThread): Added.
2353         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
2354         to conditionally create the "block freeing" thread depending on the value of
2355         GCActivityCallback::s_shouldCreateGCTimer.
2356         (JSC::BlockAllocator::~BlockAllocator):
2357         * heap/BlockAllocator.h:
2358         (JSC::BlockAllocator::deallocate):
2359         * heap/Heap.cpp:
2360         (JSC::Heap::didAbandon):
2361         (JSC::Heap::collect):
2362         (JSC::Heap::didAllocate):
2363         * heap/HeapTimer.cpp:
2364         (JSC::HeapTimer::timerDidFire):
2365         * runtime/GCActivityCallback.cpp:
2366         * runtime/GCActivityCallback.h:
2367         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
2368         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
2369         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
2370
2371 2013-10-16  Commit Queue  <commit-queue@webkit.org>
2372
2373         Unreviewed, rolling out r157529.
2374         http://trac.webkit.org/changeset/157529
2375         https://bugs.webkit.org/show_bug.cgi?id=122919
2376
2377         Caused score test failures and some build failures. (Requested
2378         by rfong on #webkit).
2379
2380         * bytecompiler/BytecodeGenerator.cpp:
2381         (JSC::BytecodeGenerator::emitNewArray):
2382         (JSC::BytecodeGenerator::emitCall):
2383         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
2384         * bytecompiler/BytecodeGenerator.h:
2385         * bytecompiler/NodesCodegen.cpp:
2386         (JSC::ArrayNode::emitBytecode):
2387         (JSC::CallArguments::CallArguments):
2388         (JSC::ForOfNode::emitBytecode):
2389         (JSC::BindingNode::collectBoundIdentifiers):
2390         * parser/ASTBuilder.h:
2391         * parser/Lexer.cpp:
2392         (JSC::::lex):
2393         * parser/NodeConstructors.h:
2394         (JSC::DotAccessorNode::DotAccessorNode):
2395         * parser/Nodes.h:
2396         * parser/Parser.cpp:
2397         (JSC::::parseArrayLiteral):
2398         (JSC::::parseArguments):
2399         (JSC::::parseMemberExpression):
2400         * parser/Parser.h:
2401         (JSC::Parser::getTokenName):
2402         (JSC::Parser::updateErrorMessageSpecialCase):
2403         * parser/ParserTokens.h:
2404         * parser/SyntaxChecker.h:
2405
2406 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2407
2408         Remove useless architecture specific implementation in DFG.
2409         https://bugs.webkit.org/show_bug.cgi?id=122917.
2410
2411         Reviewed by Michael Saboff.
2412
2413         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
2414         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
2415
2416         * dfg/DFGSpeculativeJIT.h:
2417
2418 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2419
2420         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
2421         https://bugs.webkit.org/show_bug.cgi?id=122916.
2422
2423         Reviewed by Michael Saboff.
2424
2425         This architecture specific function is not used anymore, so get rid of it.
2426
2427         * jit/JIT.h:
2428         * jit/JITInlines.h:
2429
2430 2013-10-16  Oliver Hunt  <oliver@apple.com>
2431
2432         Implement ES6 spread operator
2433         https://bugs.webkit.org/show_bug.cgi?id=122911
2434
2435         Reviewed by Michael Saboff.
2436
2437         Implement the ES6 spread operator
2438
2439         This has a little bit of refactoring to move the enumeration logic out ForOfNode
2440         and into BytecodeGenerator, and then adds the logic to make it nicely callback
2441         driven.
2442
2443         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
2444         and actually handling the spread.
2445
2446         * bytecompiler/BytecodeGenerator.cpp:
2447         (JSC::BytecodeGenerator::emitNewArray):
2448         (JSC::BytecodeGenerator::emitCall):
2449         (JSC::BytecodeGenerator::emitEnumeration):
2450         * bytecompiler/BytecodeGenerator.h:
2451         * bytecompiler/NodesCodegen.cpp:
2452         (JSC::ArrayNode::emitBytecode):
2453         (JSC::ForOfNode::emitBytecode):
2454         (JSC::SpreadExpressionNode::emitBytecode):
2455         * parser/ASTBuilder.h:
2456         (JSC::ASTBuilder::createSpreadExpression):
2457         * parser/Lexer.cpp:
2458         (JSC::::lex):
2459         * parser/NodeConstructors.h:
2460         (JSC::SpreadExpressionNode::SpreadExpressionNode):
2461         * parser/Nodes.h:
2462         (JSC::ExpressionNode::isSpreadExpression):
2463         (JSC::SpreadExpressionNode::expression):
2464         * parser/Parser.cpp:
2465         (JSC::::parseArrayLiteral):
2466         (JSC::::parseArguments):
2467         (JSC::::parseMemberExpression):
2468         * parser/Parser.h:
2469         (JSC::Parser::getTokenName):
2470         (JSC::Parser::updateErrorMessageSpecialCase):
2471         * parser/ParserTokens.h:
2472         * parser/SyntaxChecker.h:
2473         (JSC::SyntaxChecker::createSpreadExpression):
2474
2475 2013-10-16  Mark Lam  <mark.lam@apple.com>
2476
2477         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
2478         https://bugs.webkit.org/show_bug.cgi?id=122899.
2479
2480         Reviewed by Michael Saboff.
2481
2482         * jit/JITOpcodes32_64.cpp:
2483         (JSC::JIT::emit_op_tear_off_activation):
2484         (JSC::JIT::emit_op_tear_off_arguments):
2485         * jit/JITStubs.cpp:
2486         * jit/JITStubs.h:
2487
2488 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
2489
2490         Remove more of the UNINTERRUPTED_SEQUENCE thing
2491         https://bugs.webkit.org/show_bug.cgi?id=122885
2492
2493         Reviewed by Andreas Kling.
2494
2495         It was not completely removed by r157481, leading to build failure for sh4 architecture.
2496
2497         * jit/JIT.h:
2498         * jit/JITInlines.h:
2499
2500 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2501
2502         Get rid of the StructureStubInfo::patch union
2503         https://bugs.webkit.org/show_bug.cgi?id=122877
2504
2505         Reviewed by Sam Weinig.
2506         
2507         Just simplifying code by getting rid of data structures that ain't used no more.
2508         
2509         Note that I replace the patch union with a patch struct. This means we say things like
2510         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
2511         encapsulation makes the code more readable: the patch struct contains just those things
2512         that you need to know to perform patching.
2513
2514         * bytecode/StructureStubInfo.h:
2515         * dfg/DFGJITCompiler.cpp:
2516         (JSC::DFG::JITCompiler::link):
2517         * jit/JIT.cpp:
2518         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2519         * jit/Repatch.cpp:
2520         (JSC::repatchByIdSelfAccess):
2521         (JSC::replaceWithJump):
2522         (JSC::linkRestoreScratch):
2523         (JSC::generateProtoChainAccessStub):
2524         (JSC::tryCacheGetByID):
2525         (JSC::getPolymorphicStructureList):
2526         (JSC::patchJumpToGetByIdStub):
2527         (JSC::tryBuildGetByIDList):
2528         (JSC::emitPutReplaceStub):
2529         (JSC::emitPutTransitionStub):
2530         (JSC::tryCachePutByID):
2531         (JSC::tryBuildPutByIdList):
2532         (JSC::tryRepatchIn):
2533         (JSC::resetGetByID):
2534         (JSC::resetPutByID):
2535         (JSC::resetIn):
2536
2537 2013-10-15  Nadav Rotem  <nrotem@apple.com>
2538
2539         FTL: add support for Int52ToValue and fix putByVal of int52s.
2540         https://bugs.webkit.org/show_bug.cgi?id=122873
2541
2542         Reviewed by Filip Pizlo.
2543
2544         * ftl/FTLCapabilities.cpp:
2545         (JSC::FTL::canCompile):
2546         * ftl/FTLLowerDFGToLLVM.cpp:
2547         (JSC::FTL::LowerDFGToLLVM::compileNode):
2548         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
2549         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2550
2551 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2552
2553         Get rid of the UNINTERRUPTED_SEQUENCE thing
2554         https://bugs.webkit.org/show_bug.cgi?id=122876
2555
2556         Reviewed by Mark Hahnenberg.
2557         
2558         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
2559         
2560         Moreover, we should resist the temptation to bring anything like this back. We don't
2561         want to have inline caches that only work if the assembler lays out code in a specific
2562         predetermined way.
2563
2564         * jit/JIT.h:
2565         * jit/JITCall.cpp:
2566         (JSC::JIT::compileOpCall):
2567         * jit/JITCall32_64.cpp:
2568         (JSC::JIT::compileOpCall):
2569
2570 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2571
2572         Baseline JIT should use the DFG GetById IC
2573         https://bugs.webkit.org/show_bug.cgi?id=122861
2574
2575         Reviewed by Oliver Hunt.
2576         
2577         This mostly just kills a ton of code.
2578         
2579         Note that this doesn't yet do all of the simplifications that can be done, but it does
2580         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
2581
2582         * bytecode/CodeBlock.cpp:
2583         (JSC::CodeBlock::resetStubInternal):
2584         * jit/JIT.cpp:
2585         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2586         * jit/JIT.h:
2587         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2588         * jit/JITInlines.h:
2589         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2590         (JSC::JIT::callOperation):
2591         * jit/JITPropertyAccess.cpp:
2592         (JSC::JIT::compileGetByIdHotPath):
2593         (JSC::JIT::emitSlow_op_get_by_id):
2594         (JSC::JIT::emitSlow_op_get_from_scope):
2595         * jit/JITPropertyAccess32_64.cpp:
2596         (JSC::JIT::compileGetByIdHotPath):
2597         (JSC::JIT::emitSlow_op_get_by_id):
2598         (JSC::JIT::emitSlow_op_get_from_scope):
2599         * jit/JITStubs.cpp:
2600         * jit/JITStubs.h:
2601         * jit/Repatch.cpp:
2602         (JSC::repatchGetByID):
2603         (JSC::buildGetByIDList):
2604         * jit/ThunkGenerators.cpp:
2605         * jit/ThunkGenerators.h:
2606
2607 2013-10-15  Dean Jackson  <dino@apple.com>
2608
2609         Add ENABLE_WEB_ANIMATIONS flag
2610         https://bugs.webkit.org/show_bug.cgi?id=122871
2611
2612         Reviewed by Tim Horton.
2613
2614         Eventually might be http://dev.w3.org/fxtf/web-animations/
2615         but this is just engine-internal work at the moment.
2616
2617         * Configurations/FeatureDefines.xcconfig:
2618
2619 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2620
2621         [sh4] Some calls don't match sh4 ABI.
2622         https://bugs.webkit.org/show_bug.cgi?id=122863
2623
2624         Reviewed by Michael Saboff.
2625
2626         * dfg/DFGSpeculativeJIT.h:
2627         (JSC::DFG::SpeculativeJIT::callOperation):
2628         * jit/CCallHelpers.h:
2629         (JSC::CCallHelpers::setupArgumentsWithExecState):
2630         * jit/JITInlines.h:
2631         (JSC::JIT::callOperation):
2632
2633 2013-10-15  Daniel Bates  <dabates@apple.com>
2634
2635         [iOS] Upstream JavaScriptCore support for ARM64
2636         https://bugs.webkit.org/show_bug.cgi?id=122762
2637
2638         Reviewed by Oliver Hunt and Filip Pizlo.
2639
2640         * Configurations/Base.xcconfig:
2641         * Configurations/DebugRelease.xcconfig:
2642         * Configurations/JavaScriptCore.xcconfig:
2643         * Configurations/ToolExecutable.xcconfig:
2644         * JavaScriptCore.xcodeproj/project.pbxproj:
2645         * assembler/ARM64Assembler.h: Added.
2646         * assembler/AbstractMacroAssembler.h:
2647         (JSC::isARM64):
2648         (JSC::AbstractMacroAssembler::Label::Label):
2649         (JSC::AbstractMacroAssembler::Jump::Jump):
2650         (JSC::AbstractMacroAssembler::Jump::link):
2651         (JSC::AbstractMacroAssembler::Jump::linkTo):
2652         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
2653         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
2654         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
2655         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
2656         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
2657         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
2658         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
2659         (JSC::AbstractMacroAssembler::isTempRegisterValid):
2660         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
2661         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2662         * assembler/LinkBuffer.cpp:
2663         (JSC::LinkBuffer::copyCompactAndLinkCode):
2664         (JSC::LinkBuffer::linkCode):
2665         * assembler/LinkBuffer.h:
2666         * assembler/MacroAssembler.h:
2667         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
2668         (JSC::MacroAssembler::pushToSave):
2669         (JSC::MacroAssembler::popToRestore):
2670         (JSC::MacroAssembler::patchableBranchTest32):
2671         * assembler/MacroAssemblerARM64.h: Added.
2672         * assembler/MacroAssemblerARMv7.h:
2673         * dfg/DFGFixupPhase.cpp:
2674         (JSC::DFG::FixupPhase::fixupNode):
2675         * dfg/DFGOSRExitCompiler32_64.cpp:
2676         (JSC::DFG::OSRExitCompiler::compileExit):
2677         * dfg/DFGOSRExitCompiler64.cpp:
2678         (JSC::DFG::OSRExitCompiler::compileExit):
2679         * dfg/DFGSpeculativeJIT.cpp:
2680         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2681         (JSC::DFG::SpeculativeJIT::compileArithMod):
2682         * disassembler/ARM64/A64DOpcode.cpp: Added.
2683         * disassembler/ARM64/A64DOpcode.h: Added.
2684         * disassembler/ARM64Disassembler.cpp: Added.
2685         * heap/MachineStackMarker.cpp:
2686         (JSC::getPlatformThreadRegisters):
2687         (JSC::otherThreadStackPointer):
2688         * heap/Region.h:
2689         * jit/AssemblyHelpers.h:
2690         (JSC::AssemblyHelpers::debugCall):
2691         * jit/CCallHelpers.h:
2692         * jit/ExecutableAllocator.h:
2693         * jit/FPRInfo.h:
2694         (JSC::FPRInfo::toRegister):
2695         (JSC::FPRInfo::toIndex):
2696         (JSC::FPRInfo::debugName):
2697         * jit/GPRInfo.h:
2698         (JSC::GPRInfo::toRegister):
2699         (JSC::GPRInfo::toIndex):
2700         (JSC::GPRInfo::debugName):
2701         * jit/JITInlines.h:
2702         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2703         * jit/JITOperationWrappers.h:
2704         * jit/JITOperations.cpp:
2705         * jit/JITStubs.cpp:
2706         (JSC::performPlatformSpecificJITAssertions):
2707         (JSC::tryCachePutByID):
2708         * jit/JITStubs.h:
2709         (JSC::JITStackFrame::returnAddressSlot):
2710         * jit/JITStubsARM64.h: Added.
2711         * jit/JSInterfaceJIT.h:
2712         * jit/Repatch.cpp:
2713         (JSC::emitRestoreScratch):
2714         (JSC::generateProtoChainAccessStub):
2715         (JSC::tryCacheGetByID):
2716         (JSC::emitPutReplaceStub):
2717         (JSC::tryCachePutByID):
2718         (JSC::tryRepatchIn):
2719         * jit/ScratchRegisterAllocator.h:
2720         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2721         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2722         * jit/ThunkGenerators.cpp:
2723         (JSC::nativeForGenerator):
2724         (JSC::floorThunkGenerator):
2725         (JSC::ceilThunkGenerator):
2726         * jsc.cpp:
2727         (main):
2728         * llint/LLIntOfflineAsmConfig.h:
2729         * llint/LLIntSlowPaths.cpp:
2730         (JSC::LLInt::handleHostCall):
2731         * llint/LowLevelInterpreter.asm:
2732         * llint/LowLevelInterpreter64.asm:
2733         * offlineasm/arm.rb:
2734         * offlineasm/arm64.rb: Added.
2735         * offlineasm/backends.rb:
2736         * offlineasm/instructions.rb:
2737         * offlineasm/risc.rb:
2738         * offlineasm/transform.rb:
2739         * yarr/YarrJIT.cpp:
2740         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2741         (JSC::Yarr::YarrGenerator::initCallFrame):
2742         (JSC::Yarr::YarrGenerator::removeCallFrame):
2743         (JSC::Yarr::YarrGenerator::generateEnter):
2744         * yarr/YarrJIT.h:
2745
2746 2013-10-15  Mark Lam  <mark.lam@apple.com>
2747
2748         Fix 3 operand sub operation in C loop LLINT.
2749         https://bugs.webkit.org/show_bug.cgi?id=122866.
2750
2751         Reviewed by Geoffrey Garen.
2752
2753         * offlineasm/cloop.rb:
2754
2755 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2756
2757         ObjCCallbackFunctionImpl shouldn't store a JSContext
2758         https://bugs.webkit.org/show_bug.cgi?id=122531
2759
2760         Reviewed by Geoffrey Garen.
2761
2762         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2763         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2764         by looking using the globalObject of the callee when the function callback is invoked.
2765  
2766         Also added a new test that would cause us to crash previously. The test required making 
2767         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2768         in C API callbacks.
2769
2770         * API/JSContextRef.h:
2771         * API/JSContextRefPrivate.h:
2772         * API/ObjCCallbackFunction.mm:
2773         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2774         (JSC::objCCallbackFunctionCallAsFunction):
2775         (objCCallbackFunctionForInvocation):
2776         * API/WebKitAvailability.h:
2777         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2778         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2779         (CallAsConstructor):
2780         (ConstructorFinalize):
2781         (ConstructorClass):
2782         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2783         (-[JSContext valueWithConstructorDescriptor:]):
2784         (currentThisInsideBlockGetterTest):
2785         * API/tests/testapi.mm:
2786         * JavaScriptCore.xcodeproj/project.pbxproj:
2787         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2788
2789 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2790
2791         Fix build after r157457 for architecture with 4 argument registers.
2792         https://bugs.webkit.org/show_bug.cgi?id=122860
2793
2794         Reviewed by Michael Saboff.
2795
2796         * jit/CCallHelpers.h:
2797         (JSC::CCallHelpers::setupStubArguments134):
2798
2799 2013-10-14  Michael Saboff  <msaboff@apple.com>
2800
2801         transition void cti_op_* methods to JIT operations.
2802         https://bugs.webkit.org/show_bug.cgi?id=122617
2803
2804         Reviewed by Geoffrey Garen.
2805
2806         Converted the follow stubs to JIT operations:
2807             cti_handle_watchdog_timer
2808             cti_op_debug
2809             cti_op_pop_scope
2810             cti_op_profile_did_call
2811             cti_op_profile_will_call
2812             cti_op_put_by_index
2813             cti_op_put_getter_setter
2814             cti_op_tear_off_activation
2815             cti_op_tear_off_arguments
2816             cti_op_throw_static_error
2817             cti_optimize
2818
2819         * dfg/DFGOperations.cpp:
2820         * dfg/DFGOperations.h:
2821         * jit/CCallHelpers.h:
2822         (JSC::CCallHelpers::setupArgumentsWithExecState):
2823         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2824         (JSC::CCallHelpers::setupStubArguments):
2825         (JSC::CCallHelpers::setupStubArguments134):
2826         * jit/JIT.cpp:
2827         (JSC::JIT::emitEnterOptimizationCheck):
2828         * jit/JIT.h:
2829         * jit/JITInlines.h:
2830         (JSC::JIT::callOperation):
2831         * jit/JITOpcodes.cpp:
2832         (JSC::JIT::emit_op_tear_off_activation):
2833         (JSC::JIT::emit_op_tear_off_arguments):
2834         (JSC::JIT::emit_op_push_with_scope):
2835         (JSC::JIT::emit_op_pop_scope):
2836         (JSC::JIT::emit_op_push_name_scope):
2837         (JSC::JIT::emit_op_throw_static_error):
2838         (JSC::JIT::emit_op_debug):
2839         (JSC::JIT::emit_op_profile_will_call):
2840         (JSC::JIT::emit_op_profile_did_call):
2841         (JSC::JIT::emitSlow_op_loop_hint):
2842         * jit/JITOpcodes32_64.cpp:
2843         (JSC::JIT::emit_op_push_with_scope):
2844         (JSC::JIT::emit_op_pop_scope):
2845         (JSC::JIT::emit_op_push_name_scope):
2846         (JSC::JIT::emit_op_throw_static_error):
2847         (JSC::JIT::emit_op_debug):
2848         (JSC::JIT::emit_op_profile_will_call):
2849         (JSC::JIT::emit_op_profile_did_call):
2850         * jit/JITOperations.cpp:
2851         * jit/JITOperations.h:
2852         * jit/JITPropertyAccess.cpp:
2853         (JSC::JIT::emit_op_put_by_index):
2854         (JSC::JIT::emit_op_put_getter_setter):
2855         * jit/JITPropertyAccess32_64.cpp:
2856         (JSC::JIT::emit_op_put_by_index):
2857         (JSC::JIT::emit_op_put_getter_setter):
2858         * jit/JITStubs.cpp:
2859         * jit/JITStubs.h:
2860
2861 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2862
2863         [sh4] Introduce const pools in LLINT.
2864         https://bugs.webkit.org/show_bug.cgi?id=122746
2865
2866         Reviewed by Michael Saboff.
2867
2868         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2869         loaded this way:
2870
2871             mov.l .label, rx
2872             bra out
2873             nop
2874             .balign 4
2875             .label: .long immvalue
2876             out:
2877
2878         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2879         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2880
2881         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2882         * offlineasm/sh4.rb:
2883
2884 2013-10-15  Mark Lam  <mark.lam@apple.com>
2885
2886         Fix broken C Loop LLINT build.
2887         https://bugs.webkit.org/show_bug.cgi?id=122839.
2888
2889         Reviewed by Michael Saboff.
2890
2891         * dfg/DFGFlushedAt.cpp:
2892         * jit/JITOperations.h:
2893
2894 2013-10-14  Mark Lam  <mark.lam@apple.com>
2895
2896         Transition *switch* and *scope* JITStubs to JIT operations.
2897         https://bugs.webkit.org/show_bug.cgi?id=122757.
2898
2899         Reviewed by Geoffrey Garen.
2900
2901         Transitioning:
2902             cti_op_switch_char
2903             cti_op_switch_imm
2904             cti_op_switch_string
2905             cti_op_resolve_scope
2906             cti_op_get_from_scope
2907             cti_op_put_to_scope
2908
2909         * jit/JIT.h:
2910         * jit/JITInlines.h:
2911         (JSC::JIT::callOperation):
2912         * jit/JITOpcodes.cpp:
2913         (JSC::JIT::emit_op_switch_imm):
2914         (JSC::JIT::emit_op_switch_char):
2915         (JSC::JIT::emit_op_switch_string):
2916         * jit/JITOpcodes32_64.cpp:
2917         (JSC::JIT::emit_op_switch_imm):
2918         (JSC::JIT::emit_op_switch_char):
2919         (JSC::JIT::emit_op_switch_string):
2920         * jit/JITOperations.cpp:
2921         * jit/JITOperations.h:
2922         * jit/JITPropertyAccess.cpp:
2923         (JSC::JIT::emitSlow_op_resolve_scope):
2924         (JSC::JIT::emitSlow_op_get_from_scope):
2925         (JSC::JIT::emitSlow_op_put_to_scope):
2926         * jit/JITPropertyAccess32_64.cpp:
2927         (JSC::JIT::emitSlow_op_resolve_scope):
2928         (JSC::JIT::emitSlow_op_get_from_scope):
2929         (JSC::JIT::emitSlow_op_put_to_scope):
2930         * jit/JITStubs.cpp:
2931         * jit/JITStubs.h:
2932
2933 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2934
2935         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2936         https://bugs.webkit.org/show_bug.cgi?id=122786
2937
2938         Reviewed by Mark Hahnenberg.
2939
2940         * bytecode/CodeBlock.cpp:
2941         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2942         * jit/Repatch.cpp:
2943         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2944         (JSC::buildPutByIdList): Ditto.
2945
2946 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2947
2948         Add FTL support for LogicalNot(string)
2949         https://bugs.webkit.org/show_bug.cgi?id=122765
2950
2951         Reviewed by Filip Pizlo.
2952
2953         This patch is tested by:
2954         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2955
2956         * ftl/FTLCapabilities.cpp:
2957         (JSC::FTL::canCompile):
2958         * ftl/FTLLowerDFGToLLVM.cpp:
2959         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2960
2961 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2962
2963         [sh4] Fixes after r157404 and r157411.
2964         https://bugs.webkit.org/show_bug.cgi?id=122782
2965
2966         Reviewed by Michael Saboff.
2967
2968         * dfg/DFGSpeculativeJIT.h:
2969         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2970         * jit/CCallHelpers.h:
2971         (JSC::CCallHelpers::setupArgumentsWithExecState):
2972         * jit/JITInlines.h:
2973         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2974         * jit/JITPropertyAccess32_64.cpp:
2975         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2976
2977 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2978
2979         Unreviewed, rolling out r157413.
2980         http://trac.webkit.org/changeset/157413
2981         https://bugs.webkit.org/show_bug.cgi?id=122779
2982
2983         Appears to have caused frequent crashes (Requested by ap on
2984         #webkit).
2985
2986         * CMakeLists.txt:
2987         * GNUmakefile.list.am:
2988         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2989         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2990         * JavaScriptCore.xcodeproj/project.pbxproj:
2991         * heap/DeferGC.cpp: Removed.
2992         * heap/DeferGC.h:
2993         * jit/JITStubs.cpp:
2994         (JSC::tryCacheGetByID):
2995         (JSC::DEFINE_STUB_FUNCTION):
2996         * llint/LLIntSlowPaths.cpp:
2997         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2998         * runtime/ConcurrentJITLock.h:
2999         * runtime/InitializeThreading.cpp:
3000         (JSC::initializeThreadingOnce):
3001         * runtime/JSCellInlines.h:
3002         (JSC::allocateCell):
3003         * runtime/Structure.cpp:
3004         (JSC::Structure::materializePropertyMap):
3005         (JSC::Structure::putSpecificValue):
3006         (JSC::Structure::createPropertyMap):
3007         * runtime/Structure.h:
3008
3009 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
3010
3011         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
3012         https://bugs.webkit.org/show_bug.cgi?id=122652
3013
3014         Reviewed by Filip Pizlo.
3015
3016         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
3017         so we would end up ASSERTing during garbage collection.
3018
3019         * heap/MarkedAllocator.cpp:
3020         (JSC::MarkedAllocator::allocateSlowCase):
3021
3022 2013-10-11  Oliver Hunt  <oliver@apple.com>
3023
3024         Separate out array iteration intrinsics
3025         https://bugs.webkit.org/show_bug.cgi?id=122656
3026
3027         Reviewed by Michael Saboff.
3028
3029         Separate out the intrinsics for key and values iteration
3030         of arrays.
3031
3032         This requires moving moving array iteration into the iterator
3033         instance, rather than the prototype, but this is essentially
3034         unobservable so we'll live with it for now.
3035
3036         * jit/ThunkGenerators.cpp:
3037         (JSC::arrayIteratorNextThunkGenerator):
3038         (JSC::arrayIteratorNextKeyThunkGenerator):
3039         (JSC::arrayIteratorNextValueThunkGenerator):
3040         * jit/ThunkGenerators.h:
3041         * runtime/ArrayIteratorPrototype.cpp:
3042         (JSC::ArrayIteratorPrototype::finishCreation):
3043         * runtime/Intrinsic.h:
3044         * runtime/JSArrayIterator.cpp:
3045         (JSC::JSArrayIterator::finishCreation):
3046         (JSC::createIteratorResult):
3047         (JSC::arrayIteratorNext):
3048         (JSC::arrayIteratorNextKey):
3049         (JSC::arrayIteratorNextValue):
3050         (JSC::arrayIteratorNextGeneric):
3051         * runtime/VM.cpp:
3052         (JSC::thunkGeneratorForIntrinsic):
3053
3054 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
3055
3056         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
3057         https://bugs.webkit.org/show_bug.cgi?id=122667
3058
3059         Reviewed by Filip Pizlo.
3060
3061         The issue this patch is attempting to fix is that there are places in our codebase
3062         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
3063         operations that can initiate a garbage collection. Garbage collection then calls 
3064         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
3065         always necessarily run during garbage collection). This causes a deadlock.
3066
3067         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
3068         into a thread-local field that indicates that it is unsafe to perform any operation 
3069         that could trigger garbage collection on the current thread. In debug builds, 
3070         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
3071         detect deadlocks.
3072
3073         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
3074         which uses the DeferGC mechanism to prevent collections from occurring while the 
3075         lock is held.
3076
3077         * CMakeLists.txt:
3078         * GNUmakefile.list.am:
3079         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3080         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3081         * JavaScriptCore.xcodeproj/project.pbxproj:
3082         * heap/DeferGC.cpp: Added.
3083         * heap/DeferGC.h:
3084         (JSC::DisallowGC::DisallowGC):
3085         (JSC::DisallowGC::~DisallowGC):
3086         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
3087         (JSC::DisallowGC::initialize):
3088         * jit/JITStubs.cpp:
3089         (JSC::tryCachePutByID):
3090         (JSC::tryCacheGetByID):
3091         (JSC::DEFINE_STUB_FUNCTION):
3092         * llint/LLIntSlowPaths.cpp:
3093         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3094         * runtime/ConcurrentJITLock.h:
3095         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
3096         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
3097         (JSC::ConcurrentJITLockerBase::unlockEarly):
3098         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
3099         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
3100         * runtime/InitializeThreading.cpp:
3101         (JSC::initializeThreadingOnce):
3102         * runtime/JSCellInlines.h:
3103         (JSC::allocateCell):
3104         * runtime/Structure.cpp:
3105         (JSC::Structure::materializePropertyMap):
3106         (JSC::Structure::putSpecificValue):
3107         (JSC::Structure::createPropertyMap):
3108         * runtime/Structure.h:
3109
3110 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
3111
3112         Baseline JIT should use the DFG's PutById IC
3113         https://bugs.webkit.org/show_bug.cgi?id=122704
3114
3115         Reviewed by Mark Hahnenberg.
3116         
3117         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
3118         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
3119         
3120         The only complicated part was that the PutById operations assumed that we first did a
3121         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
3122         slow paths to deal with EncodedJSValue's.
3123
3124         * bytecode/CodeBlock.cpp:
3125         (JSC::CodeBlock::resetStubInternal):
3126         * bytecode/PutByIdStatus.cpp:
3127         (JSC::PutByIdStatus::computeFor):
3128         * dfg/DFGSpeculativeJIT.h:
3129         (JSC::DFG::SpeculativeJIT::callOperation):
3130         * dfg/DFGSpeculativeJIT32_64.cpp:
3131         (JSC::DFG::SpeculativeJIT::cachedPutById):
3132         * dfg/DFGSpeculativeJIT64.cpp:
3133         (JSC::DFG::SpeculativeJIT::cachedPutById):
3134         * jit/CCallHelpers.h:
3135         (JSC::CCallHelpers::setupArgumentsWithExecState):
3136         * jit/JIT.cpp:
3137         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
3138         * jit/JIT.h:
3139         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
3140         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
3141         * jit/JITInlines.h:
3142         (JSC::JIT::callOperation):
3143         * jit/JITOperationWrappers.h:
3144         * jit/JITOperations.cpp:
3145         * jit/JITOperations.h:
3146         * jit/JITPropertyAccess.cpp:
3147         (JSC::JIT::compileGetByIdHotPath):
3148         (JSC::JIT::compileGetByIdSlowCase):
3149         (JSC::JIT::emit_op_put_by_id):
3150         (JSC::JIT::emitSlow_op_put_by_id):
3151         * jit/JITPropertyAccess32_64.cpp:
3152         (JSC::JIT::compileGetByIdSlowCase):
3153         (JSC::JIT::emit_op_put_by_id):
3154         (JSC::JIT::emitSlow_op_put_by_id):
3155         * jit/JITStubs.cpp:
3156         * jit/JITStubs.h:
3157         * jit/Repatch.cpp:
3158         (JSC::appropriateGenericPutByIdFunction):
3159         (JSC::appropriateListBuildingPutByIdFunction):
3160         (JSC::resetPutByID):
3161
3162 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
3163
3164         FTL should have an inefficient but correct implementation of GetById
3165         https://bugs.webkit.org/show_bug.cgi?id=122740
3166
3167         Reviewed by Mark Hahnenberg.
3168         
3169         It took some effort to realize that the node->prediction() check in the DFG backends
3170         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
3171         if !prediction.
3172         
3173         But other than that this was an easy patch.
3174
3175         * dfg/DFGByteCodeParser.cpp:
3176         (JSC::DFG::ByteCodeParser::handleGetById):
3177         * dfg/DFGSpeculativeJIT32_64.cpp:
3178         (JSC::DFG::SpeculativeJIT::compile):
3179         * dfg/DFGSpeculativeJIT64.cpp:
3180         (JSC::DFG::SpeculativeJIT::compile):
3181         * ftl/FTLCapabilities.cpp:
3182         (JSC::FTL::canCompile):
3183         * ftl/FTLIntrinsicRepository.h:
3184         * ftl/FTLLowerDFGToLLVM.cpp:
3185         (JSC::FTL::LowerDFGToLLVM::compileNode):
3186         (JSC::FTL::LowerDFGToLLVM::compileGetById):
3187
3188 2013-10-13  Mark Lam  <mark.lam@apple.com>
3189
3190         Transition misc cti_op_* JITStubs to JIT operations.
3191         https://bugs.webkit.org/show_bug.cgi?id=122645.
3192
3193         Reviewed by Michael Saboff.
3194
3195         Stubs converted:
3196             cti_op_check_has_instance
3197             cti_op_create_arguments
3198             cti_op_del_by_id
3199             cti_op_instanceof
3200             cti_to_object
3201             cti_op_push_activation
3202             cti_op_get_pnames
3203             cti_op_load_varargs
3204
3205         * dfg/DFGOperations.cpp:
3206         * dfg/DFGOperations.h:
3207         * jit/CCallHelpers.h:
3208         (JSC::CCallHelpers::setupArgumentsWithExecState):
3209         * jit/JIT.h:
3210         (JSC::JIT::emitStoreCell):
3211         * jit/JITCall.cpp:
3212         (JSC::JIT::compileLoadVarargs):
3213         * jit/JITCall32_64.cpp:
3214         (JSC::JIT::compileLoadVarargs):
3215         * jit/JITInlines.h:
3216         (JSC::JIT::callOperation):
3217         * jit/JITOpcodes.cpp:
3218         (JSC::JIT::emit_op_get_pnames):
3219         (JSC::JIT::emit_op_create_activation):
3220         (JSC::JIT::emit_op_create_arguments):
3221         (JSC::JIT::emitSlow_op_check_has_instance):
3222         (JSC::JIT::emitSlow_op_instanceof):
3223         (JSC::JIT::emitSlow_op_get_argument_by_val):
3224         * jit/JITOpcodes32_64.cpp:
3225         (JSC::JIT::emitSlow_op_check_has_instance):
3226         (JSC::JIT::emitSlow_op_instanceof):
3227         (JSC::JIT::emit_op_get_pnames):
3228         (JSC::JIT::emit_op_create_activation):
3229         (JSC::JIT::emit_op_create_arguments):
3230         (JSC::JIT::emitSlow_op_get_argument_by_val):
3231         * jit/JITOperations.cpp:
3232         * jit/JITOperations.h:
3233         * jit/JITPropertyAccess.cpp:
3234         (JSC::JIT::emit_op_del_by_id):
3235         * jit/JITPropertyAccess32_64.cpp:
3236         (JSC::JIT::emit_op_del_by_id):
3237         * jit/JITStubs.cpp:
3238         * jit/JITStubs.h:
3239
3240 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
3241
3242         FTL OSR exit should perform zero extension on values smaller than 64-bit
3243         https://bugs.webkit.org/show_bug.cgi?id=122688
3244
3245         Reviewed by Gavin Barraclough.
3246         
3247         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
3248         register will have zeros on the high bits.  In the few cases where the high bits are
3249         non-zero, the DFG sort of tells us this explicitly.
3250
3251         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
3252         emit LLVM IR like:
3253
3254             %2 = trunc i64 %1 to i32
3255             stuff %2
3256             call @llvm.webkit.stackmap(...., %2)
3257
3258         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
3259         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
3260         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
3261         from before truncation, and that register may have garbage in the high bits.
3262
3263         This means that on our end, if we want a 32-bit value and we want that value to be
3264         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
3265         cheap, so we should just do it and not make it a requirement that LLVM does it on its
3266         end.
3267         
3268         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
3269
3270         * ftl/FTLOSRExitCompiler.cpp:
3271         (JSC::FTL::compileStubWithOSRExitStackmap):
3272         * ftl/FTLValueFormat.cpp:
3273         (JSC::FTL::reboxAccordingToFormat):
3274
3275 == Rolled over to ChangeLog-2013-10-13 ==