Disable JIT on IA-32 without SSE2
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
index 78fd246..f0d9adb 100644 (file)
@@ -1,3 +1,265 @@
+2018-08-11  Karo Gyoker  <karogyoker2+webkit@gmail.com>
+
+        Disable JIT on IA-32 without SSE2
+        https://bugs.webkit.org/show_bug.cgi?id=188476
+
+        Reviewed by Yusuke Suzuki.
+
+        On IA-32 CPUs without SSE2 most of the webpages cannot load
+        if the JIT is turned on.
+
+        * runtime/Options.cpp:
+        (JSC::recomputeDependentOptions):
+
+2018-08-10  Joseph Pecoraro  <pecoraro@apple.com>
+
+        Web Inspector: console.log fires getters for deep properties
+        https://bugs.webkit.org/show_bug.cgi?id=187542
+        <rdar://problem/42873158>
+
+        Reviewed by Saam Barati.
+
+        * inspector/InjectedScriptSource.js:
+        (RemoteObject.prototype._isPreviewableObject):
+        Avoid getters/setters when checking for simple properties to preview.
+        Here we avoid invoking `object[property]` if it could be a user getter.
+
+2018-08-10  Keith Miller  <keith_miller@apple.com>
+
+        Slicing an ArrayBuffer with a long number returns an ArrayBuffer with byteLength zero
+        https://bugs.webkit.org/show_bug.cgi?id=185127
+
+        Reviewed by Saam Barati.
+
+        Previously, we would truncate the indicies passed to slice to an
+        int. This meant that the value was not getting properly clamped
+        later.
+
+        This patch also removes a non-spec compliant check that slice was
+        passed at least one argument.
+
+        * runtime/ArrayBuffer.cpp:
+        (JSC::ArrayBuffer::clampValue):
+        (JSC::ArrayBuffer::clampIndex const):
+        (JSC::ArrayBuffer::slice const):
+        * runtime/ArrayBuffer.h:
+        (JSC::ArrayBuffer::clampValue): Deleted.
+        (JSC::ArrayBuffer::clampIndex const): Deleted.
+        * runtime/JSArrayBufferPrototype.cpp:
+        (JSC::arrayBufferProtoFuncSlice):
+
+2018-08-10  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
+
+        Date.UTC should not return NaN with only Year param
+        https://bugs.webkit.org/show_bug.cgi?id=188378
+
+        Reviewed by Keith Miller.
+
+        Date.UTC requires one argument for |year|. But the other ones are optional.
+        This patch fix this handling.
+
+        * runtime/DateConstructor.cpp:
+        (JSC::millisecondsFromComponents):
+
+2018-08-08  Keith Miller  <keith_miller@apple.com>
+
+        Array.prototype.sort should call @toLength instead of ">>> 0"
+        https://bugs.webkit.org/show_bug.cgi?id=188430
+
+        Reviewed by Saam Barati.
+
+        Also add a new function to $vm that will fetch a private
+        property. This can be useful for running builtin helper functions.
+
+        * builtins/ArrayPrototype.js:
+        (sort):
+        * tools/JSDollarVM.cpp:
+        (JSC::functionGetPrivateProperty):
+        (JSC::JSDollarVM::finishCreation):
+
+2018-08-08  Keith Miller  <keith_miller@apple.com>
+
+        Array.prototype.sort should throw TypeError if param is a not callable object
+        https://bugs.webkit.org/show_bug.cgi?id=188382
+
+        Reviewed by Saam Barati.
+
+        Improve spec compatability by checking if the Array.prototype.sort comparator is a function
+        before doing anything else.
+
+        Also, refactor the various helper functions to use let instead of var.
+
+        * builtins/ArrayPrototype.js:
+        (sort.stringComparator):
+        (sort.compactSparse):
+        (sort.compactSlow):
+        (sort.compact):
+        (sort.merge):
+        (sort.mergeSort):
+        (sort.bucketSort):
+        (sort.comparatorSort):
+        (sort.stringSort):
+        (sort):
+
+2018-08-08  Michael Saboff  <msaboff@apple.com>
+
+        Yarr JIT should include annotations with dumpDisassembly=true
+        https://bugs.webkit.org/show_bug.cgi?id=188415
+
+        Reviewed by Yusuke Suzuki.
+
+        Created a YarrDisassembler class that handles annotations similar to the baseline JIT.
+        Given that the Yarr creates matching code bu going through the YarrPattern ops forward and
+        then the backtracking code through the YarrPattern ops in reverse order, the disassembler
+        needs to do the same think.
+
+        Restructured some of the logging code in YarrPattern to eliminate redundent code and factor
+        out simple methods for what was needed by the YarrDisassembler.
+
+        Here is abbreviated sample output after this change.
+
+        Generated JIT code for 8-bit regular expression /ab*c/:
+            Code at [0x469561c03720, 0x469561c03840):
+                0x469561c03720: push %rbp
+                0x469561c03721: mov %rsp, %rbp
+                ...
+                0x469561c03762: sub $0x40, %rsp
+             == Matching ==
+           0:OpBodyAlternativeBegin minimum size 2
+                0x469561c03766: add $0x2, %esi
+                0x469561c03769: cmp %edx, %esi
+                0x469561c0376b: ja 0x469561c037fa
+           1:OpTerm TypePatternCharacter 'a'
+                0x469561c03771: movzx -0x2(%rdi,%rsi), %eax
+                0x469561c03776: cmp $0x61, %eax
+                0x469561c03779: jnz 0x469561c037e9
+           2:OpTerm TypePatternCharacter 'b' {0,...} greedy
+                0x469561c0377f: xor %r9d, %r9d
+                0x469561c03782: cmp %edx, %esi
+                0x469561c03784: jz 0x469561c037a2
+                ...
+                0x469561c0379d: jmp 0x469561c03782
+                0x469561c037a2: mov %r9, 0x8(%rsp)
+           3:OpTerm TypePatternCharacter 'c'
+                0x469561c037a7: movzx -0x1(%rdi,%rsi), %eax
+                0x469561c037ac: cmp $0x63, %eax
+                0x469561c037af: jnz 0x469561c037d1
+           4:OpBodyAlternativeEnd
+                0x469561c037b5: add $0x40, %rsp
+                ...
+                0x469561c037cf: pop %rbp
+                0x469561c037d0: ret
+             == Backtracking ==
+           4:OpBodyAlternativeEnd
+           3:OpTerm TypePatternCharacter 'c'
+           2:OpTerm TypePatternCharacter 'b' {0,...} greedy
+                0x469561c037d1: mov 0x8(%rsp), %r9
+                ...
+                0x469561c037e4: jmp 0x469561c037a2
+           1:OpTerm TypePatternCharacter 'a'
+           0:OpBodyAlternativeBegin minimum size 2
+                0x469561c037e9: mov %rsi, %rax
+                ...
+                0x469561c0382f: pop %rbp
+                0x469561c03830: ret
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * runtime/RegExp.cpp:
+        (JSC::RegExp::compile):
+        (JSC::RegExp::compileMatchOnly):
+        * yarr/YarrDisassembler.cpp: Added.
+        (JSC::Yarr::YarrDisassembler::indentString):
+        (JSC::Yarr::YarrDisassembler::YarrDisassembler):
+        (JSC::Yarr::YarrDisassembler::~YarrDisassembler):
+        (JSC::Yarr::YarrDisassembler::dump):
+        (JSC::Yarr::YarrDisassembler::dumpHeader):
+        (JSC::Yarr::YarrDisassembler::dumpVectorForInstructions):
+        (JSC::Yarr::YarrDisassembler::dumpForInstructions):
+        (JSC::Yarr::YarrDisassembler::dumpDisassembly):
+        * yarr/YarrDisassembler.h: Added.
+        (JSC::Yarr::YarrJITInfo::~YarrJITInfo):
+        (JSC::Yarr::YarrDisassembler::setStartOfCode):
+        (JSC::Yarr::YarrDisassembler::setForGenerate):
+        (JSC::Yarr::YarrDisassembler::setForBacktrack):
+        (JSC::Yarr::YarrDisassembler::setEndOfGenerate):
+        (JSC::Yarr::YarrDisassembler::setEndOfBacktrack):
+        (JSC::Yarr::YarrDisassembler::setEndOfCode):
+        (JSC::Yarr::YarrDisassembler::indentString):
+        * yarr/YarrJIT.cpp:
+        (JSC::Yarr::YarrGenerator::generate):
+        (JSC::Yarr::YarrGenerator::backtrack):
+        (JSC::Yarr::YarrGenerator::YarrGenerator):
+        (JSC::Yarr::YarrGenerator::compile):
+        (JSC::Yarr::jitCompile):
+        * yarr/YarrJIT.h:
+        * yarr/YarrPattern.cpp:
+        (JSC::Yarr::dumpCharacterClass):
+        (JSC::Yarr::PatternTerm::dump):
+        (JSC::Yarr::YarrPattern::dumpPatternString):
+        (JSC::Yarr::YarrPattern::dumpPattern):
+        * yarr/YarrPattern.h:
+
+2018-08-05  Darin Adler  <darin@apple.com>
+
+        [Cocoa] More tweaks and refactoring to prepare for ARC
+        https://bugs.webkit.org/show_bug.cgi?id=188245
+
+        Reviewed by Dan Bernstein.
+
+        * API/JSValue.mm: Use __unsafe_unretained.
+        (JSContainerConvertor::convert): Use auto for compatibility with the above.
+        * API/JSWrapperMap.mm:
+        (allocateConstructorForCustomClass): Use CFTypeRef instead of Protocol *.
+        (-[JSWrapperMap initWithGlobalContextRef:]): Use __unsafe_unretained.
+
+        * heap/Heap.cpp: Updated include for rename: FoundationSPI.h -> objcSPI.h.
+
+2018-08-07  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
+
+        Shrink size of PropertyCondition by packing UniquedStringImpl* and Kind
+        https://bugs.webkit.org/show_bug.cgi?id=188328
+
+        Reviewed by Saam Barati.
+
+        Shrinking the size of PropertyCondition can improve memory consumption by a lot.
+        For example, cnn.com can show 7000 persistent StructureStubClearingWatchpoint
+        and 6000 LLIntPrototypeLoadAdaptiveStructureWatchpoint which have PropertyCondition
+        as a member field.
+
+        This patch shrinks the size of PropertyCondition by packing UniquedStringImpl* and
+        PropertyCondition::Kind into uint64_t data in 64bit architecture. Since our address
+        are within 48bit, we can put PropertyCondition::Kind in this unused bits.
+        To make it easy, we add WTF::CompactPointerTuple<PointerType, Type>, which automatically
+        folds a pointer and 1byte type into 64bit data.
+
+        This change shrinks PropertyCondition from 24bytes to 16bytes.
+
+        * bytecode/PropertyCondition.cpp:
+        (JSC::PropertyCondition::dumpInContext const):
+        (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint const):
+        (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint const):
+        (JSC::PropertyCondition::isStillValid const):
+        (JSC::PropertyCondition::isWatchableWhenValid const):
+        * bytecode/PropertyCondition.h:
+        (JSC::PropertyCondition::PropertyCondition):
+        (JSC::PropertyCondition::presenceWithoutBarrier):
+        (JSC::PropertyCondition::absenceWithoutBarrier):
+        (JSC::PropertyCondition::absenceOfSetEffectWithoutBarrier):
+        (JSC::PropertyCondition::equivalenceWithoutBarrier):
+        (JSC::PropertyCondition::hasPrototypeWithoutBarrier):
+        (JSC::PropertyCondition::operator bool const):
+        (JSC::PropertyCondition::kind const):
+        (JSC::PropertyCondition::uid const):
+        (JSC::PropertyCondition::hasOffset const):
+        (JSC::PropertyCondition::hasAttributes const):
+        (JSC::PropertyCondition::hasPrototype const):
+        (JSC::PropertyCondition::hasRequiredValue const):
+        (JSC::PropertyCondition::hash const):
+        (JSC::PropertyCondition::operator== const):
+        (JSC::PropertyCondition::isHashTableDeletedValue const):
+        (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint const):
+
 2018-08-07  Mark Lam  <mark.lam@apple.com>
 
         Use a more specific PtrTag for PlatformRegisters PC and LR.