0a1e76950d65b4f7aea76a849ace56eabb512ecf
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-04  Xabier Rodriguez Calvar  <calvaris@igalia.com>
2
3         Remove bogus global internal functions for properties and prototype retrieval
4         https://bugs.webkit.org/show_bug.cgi?id=150892
5
6         Reviewed by Darin Adler.
7
8         Global @getOwnPropertyNames and @getPrototypeOf point to the floor function, so it is bogus dead code.
9
10         * runtime/JSGlobalObject.cpp:
11         (JSC::JSGlobalObject::init): Removed global @getOwnPropertyNames and @getPrototypeOf.
12
13 2015-11-03  Benjamin Poulain  <bpoulain@apple.com>
14
15         [JSC] Add B3-to-Air lowering for BitXor
16         https://bugs.webkit.org/show_bug.cgi?id=150872
17
18         Reviewed by Filip Pizlo.
19
20         * assembler/MacroAssemblerX86Common.h:
21         (JSC::MacroAssemblerX86Common::xor32):
22         Fix the indentation.
23
24         * b3/B3Const32Value.cpp:
25         (JSC::B3::Const32Value::bitXorConstant):
26         * b3/B3Const32Value.h:
27         * b3/B3Const64Value.cpp:
28         (JSC::B3::Const64Value::bitXorConstant):
29         * b3/B3Const64Value.h:
30         * b3/B3LowerToAir.cpp:
31         (JSC::B3::Air::LowerToAir::tryXor):
32         * b3/B3LoweringMatcher.patterns:
33         * b3/B3ReduceStrength.cpp:
34         * b3/B3Value.cpp:
35         (JSC::B3::Value::bitXorConstant):
36         * b3/B3Value.h:
37         * b3/air/AirOpcode.opcodes:
38         * b3/testb3.cpp:
39         (JSC::B3::testBitXorArgs):
40         (JSC::B3::testBitXorSameArg):
41         (JSC::B3::testBitXorImms):
42         (JSC::B3::testBitXorArgImm):
43         (JSC::B3::testBitXorImmArg):
44         (JSC::B3::testBitXorBitXorArgImmImm):
45         (JSC::B3::testBitXorImmBitXorArgImm):
46         (JSC::B3::testBitXorArgs32):
47         (JSC::B3::testBitXorSameArg32):
48         (JSC::B3::testBitXorImms32):
49         (JSC::B3::testBitXorArgImm32):
50         (JSC::B3::testBitXorImmArg32):
51         (JSC::B3::testBitXorBitXorArgImmImm32):
52         (JSC::B3::testBitXorImmBitXorArgImm32):
53         (JSC::B3::run):
54
55 2015-11-03  Mark Lam  <mark.lam@apple.com>
56
57         Add op_add tests to compare behavior of JIT generated code to the LLINT's.
58         https://bugs.webkit.org/show_bug.cgi?id=150864
59
60         Reviewed by Saam Barati.
61
62         * tests/stress/op_add.js: Added.
63         (o1.valueOf):
64         (generateScenarios):
65         (printScenarios):
66         (testCases.func):
67         (func):
68         (initializeTestCases):
69         (runTest):
70
71 2015-11-03  Mark Lam  <mark.lam@apple.com>
72
73         Rename DFG's compileAdd to compileArithAdd.
74         https://bugs.webkit.org/show_bug.cgi?id=150866
75
76         Reviewed by Benjamin Poulain.
77
78         The function is only supposed to generate code to do arithmetic addition on
79         numeric types.  Naming it compileArithAdd() is more accurate, and is consistent
80         with the name of the node it emits code for (i.e. ArithAdd) as well as other
81         compiler functions for analogous operations e.g. compileArithSub.
82
83         * dfg/DFGSpeculativeJIT.cpp:
84         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
85         (JSC::DFG::SpeculativeJIT::compileArithAdd):
86         (JSC::DFG::SpeculativeJIT::compileAdd): Deleted.
87         * dfg/DFGSpeculativeJIT.h:
88         * dfg/DFGSpeculativeJIT32_64.cpp:
89         (JSC::DFG::SpeculativeJIT::compile):
90         * dfg/DFGSpeculativeJIT64.cpp:
91         (JSC::DFG::SpeculativeJIT::compile):
92
93 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
94
95         Web Inspector: Remove duplication among ScriptDebugServer subclasses
96         https://bugs.webkit.org/show_bug.cgi?id=150860
97
98         Reviewed by Timothy Hatcher.
99
100         ScriptDebugServer expects a list of listeners to dispatch events to.
101         However each of its subclasses had their own implementation of the
102         list because of different handling when the first was added or when
103         the last was removed. Extract common code into ScriptDebugServer
104         which simplifies things.
105
106         Subclasses now only implement a virtual methods "attachDebugger"
107         and "detachDebugger" which is the unique work done when the first
108         listener is added or last is removed.
109
110         * inspector/JSGlobalObjectScriptDebugServer.cpp:
111         (Inspector::JSGlobalObjectScriptDebugServer::attachDebugger):
112         (Inspector::JSGlobalObjectScriptDebugServer::detachDebugger):
113         (Inspector::JSGlobalObjectScriptDebugServer::addListener): Deleted.
114         (Inspector::JSGlobalObjectScriptDebugServer::removeListener): Deleted.
115         * inspector/JSGlobalObjectScriptDebugServer.h:
116         * inspector/ScriptDebugServer.cpp:
117         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
118         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
119         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
120         (Inspector::ScriptDebugServer::sourceParsed):
121         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
122         (Inspector::ScriptDebugServer::addListener):
123         (Inspector::ScriptDebugServer::removeListener):
124         * inspector/ScriptDebugServer.h:
125         * inspector/agents/InspectorDebuggerAgent.cpp:
126         (Inspector::InspectorDebuggerAgent::enable):
127         (Inspector::InspectorDebuggerAgent::disable):
128         * inspector/agents/InspectorDebuggerAgent.h:
129         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
130         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer): Deleted.
131         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer): Deleted.
132         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
133
134         * inspector/ScriptDebugListener.h:
135         (Inspector::ScriptDebugListener::Script::Script):
136         Drive-by convert Script to a struct, it has public fields and is used as such.
137
138 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
139
140         B3::LowerToAir should recognize Neg (i.e. Sub($0, value))
141         https://bugs.webkit.org/show_bug.cgi?id=150759
142
143         Reviewed by Benjamin Poulain.
144
145         Adds various forms of Sub(0, value) and compiles them as Neg. Also fixes a bug in
146         StoreSubLoad. This bug was correctness-benign, so I couldn't add a test for it.
147
148         * b3/B3LowerToAir.cpp:
149         (JSC::B3::Air::LowerToAir::immOrTmp):
150         (JSC::B3::Air::LowerToAir::appendUnOp):
151         (JSC::B3::Air::LowerToAir::appendBinOp):
152         (JSC::B3::Air::LowerToAir::tryAppendStoreUnOp):
153         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
154         (JSC::B3::Air::LowerToAir::trySub):
155         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
156         * b3/B3LoweringMatcher.patterns:
157         * b3/air/AirOpcode.opcodes:
158         * b3/testb3.cpp:
159         (JSC::B3::testAdd1Ptr):
160         (JSC::B3::testNeg32):
161         (JSC::B3::testNegPtr):
162         (JSC::B3::testStoreAddLoad):
163         (JSC::B3::testStoreAddAndLoad):
164         (JSC::B3::testStoreNegLoad32):
165         (JSC::B3::testStoreNegLoadPtr):
166         (JSC::B3::testAdd1Uncommuted):
167         (JSC::B3::run):
168
169 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
170
171         B3::Values that have effects should allow specification of custom HeapRanges
172         https://bugs.webkit.org/show_bug.cgi?id=150535
173
174         Reviewed by Benjamin Poulain.
175
176         Add a Effects field to calls and patchpoints. Add a HeapRange to MemoryValues.
177
178         In the process, I created a class for the CCall opcode, so that it has somewhere to put
179         the Effects field.
180
181         While doing this, I realized that we didn't have a good way of ensuring that an opcode
182         that requires a specific subclass was actually created with that subclass. So, I added
183         assertions for this.
184
185         * CMakeLists.txt:
186         * JavaScriptCore.xcodeproj/project.pbxproj:
187         * b3/B3ArgumentRegValue.h:
188         * b3/B3CCallValue.cpp: Added.
189         * b3/B3CCallValue.h: Added.
190         * b3/B3CheckValue.h:
191         * b3/B3Const32Value.h:
192         * b3/B3Const64Value.h:
193         * b3/B3ConstDoubleValue.h:
194         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
195         * b3/B3ControlValue.h:
196         * b3/B3Effects.h:
197         (JSC::B3::Effects::forCall):
198         (JSC::B3::Effects::mustExecute):
199         * b3/B3MemoryValue.h:
200         * b3/B3PatchpointValue.h:
201         * b3/B3StackSlotValue.h:
202         * b3/B3UpsilonValue.h:
203         * b3/B3Value.cpp:
204         (JSC::B3::Value::effects):
205         (JSC::B3::Value::dumpMeta):
206         (JSC::B3::Value::checkOpcode):
207         (JSC::B3::Value::typeFor):
208         * b3/B3Value.h:
209
210 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
211
212         B3::Stackmap should be a superclass of B3::PatchpointValue and B3::CheckValue rather than being one of their members
213         https://bugs.webkit.org/show_bug.cgi?id=150831
214
215         Rubber stamped by Benjamin Poulain.
216
217         Previously, Stackmap was a value that PatchpointValue and CheckValue would hold as a field.
218         We'd have convenient ways of getting this field, like via Value::stackmap(). But this was a
219         bit ridiculous, since Stackmap is logically just a common supertype for Patchpointvalue and
220         CheckValue. This patch makes this reality by replacing Stackmap with StackmapValue. This makes
221         the code a lot more reasonable.
222
223         I also needed to make dumping a bit more customizable, so I changed dumpMeta() to take a
224         CommaPrinter&. This gives subclasses better control over whether or not to emit a comma. Also
225         it's now possible for subclasses of Value to customize how children are printed. StackmapValue
226         uses this to print the children and their reps together like:
227
228             Int32 @2 = Patchpoint(@0:SomeRegister, @1:SomeRegister, generator = 0x1107ec010, clobbered = [], usedRegisters = [], ExitsSideways|ControlDependent|Writes:Top|Reads:Top)
229
230         This has no behavior change, it's just a big refactoring. You can see how much simpler this
231         makes things by looking at the testSimplePatchpoint() test.
232
233         * CMakeLists.txt:
234         * JavaScriptCore.xcodeproj/project.pbxproj:
235         * b3/B3ArgumentRegValue.cpp:
236         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
237         (JSC::B3::ArgumentRegValue::dumpMeta):
238         * b3/B3ArgumentRegValue.h:
239         * b3/B3CheckSpecial.cpp:
240         (JSC::B3::CheckSpecial::generate):
241         * b3/B3CheckValue.cpp:
242         (JSC::B3::CheckValue::~CheckValue):
243         (JSC::B3::CheckValue::CheckValue):
244         (JSC::B3::CheckValue::dumpMeta): Deleted.
245         * b3/B3CheckValue.h:
246         (JSC::B3::CheckValue::accepts):
247         * b3/B3Const32Value.cpp:
248         (JSC::B3::Const32Value::notEqualConstant):
249         (JSC::B3::Const32Value::dumpMeta):
250         * b3/B3Const32Value.h:
251         * b3/B3Const64Value.cpp:
252         (JSC::B3::Const64Value::notEqualConstant):
253         (JSC::B3::Const64Value::dumpMeta):
254         * b3/B3Const64Value.h:
255         * b3/B3ConstDoubleValue.cpp:
256         (JSC::B3::ConstDoubleValue::notEqualConstant):
257         (JSC::B3::ConstDoubleValue::dumpMeta):
258         * b3/B3ConstDoubleValue.h:
259         * b3/B3ConstrainedValue.cpp: Added.
260         (JSC::B3::ConstrainedValue::dump):
261         * b3/B3ConstrainedValue.h: Added.
262         (JSC::B3::ConstrainedValue::ConstrainedValue):
263         (JSC::B3::ConstrainedValue::operator bool):
264         (JSC::B3::ConstrainedValue::value):
265         (JSC::B3::ConstrainedValue::rep):
266         * b3/B3ControlValue.cpp:
267         (JSC::B3::ControlValue::convertToJump):
268         (JSC::B3::ControlValue::dumpMeta):
269         * b3/B3ControlValue.h:
270         * b3/B3LowerToAir.cpp:
271         (JSC::B3::Air::LowerToAir::tryPatchpoint):
272         * b3/B3MemoryValue.cpp:
273         (JSC::B3::MemoryValue::accessByteSize):
274         (JSC::B3::MemoryValue::dumpMeta):
275         * b3/B3MemoryValue.h:
276         * b3/B3PatchpointSpecial.cpp:
277         (JSC::B3::PatchpointSpecial::generate):
278         * b3/B3PatchpointValue.cpp:
279         (JSC::B3::PatchpointValue::~PatchpointValue):
280         (JSC::B3::PatchpointValue::PatchpointValue):
281         (JSC::B3::PatchpointValue::dumpMeta): Deleted.
282         * b3/B3PatchpointValue.h:
283         (JSC::B3::PatchpointValue::accepts):
284         * b3/B3StackSlotValue.cpp:
285         (JSC::B3::StackSlotValue::~StackSlotValue):
286         (JSC::B3::StackSlotValue::dumpMeta):
287         * b3/B3StackSlotValue.h:
288         * b3/B3Stackmap.cpp: Removed.
289         * b3/B3Stackmap.h: Removed.
290         * b3/B3StackmapSpecial.cpp:
291         (JSC::B3::StackmapSpecial::reportUsedRegisters):
292         (JSC::B3::StackmapSpecial::extraClobberedRegs):
293         (JSC::B3::StackmapSpecial::forEachArgImpl):
294         (JSC::B3::StackmapSpecial::isValidImpl):
295         (JSC::B3::StackmapSpecial::admitsStackImpl):
296         * b3/B3StackmapSpecial.h:
297         * b3/B3StackmapValue.cpp: Added.
298         (JSC::B3::StackmapValue::~StackmapValue):
299         (JSC::B3::StackmapValue::append):
300         (JSC::B3::StackmapValue::setConstrainedChild):
301         (JSC::B3::StackmapValue::setConstraint):
302         (JSC::B3::StackmapValue::dumpChildren):
303         (JSC::B3::StackmapValue::dumpMeta):
304         (JSC::B3::StackmapValue::StackmapValue):
305         * b3/B3StackmapValue.h: Added.
306         * b3/B3SwitchValue.cpp:
307         (JSC::B3::SwitchValue::appendCase):
308         (JSC::B3::SwitchValue::dumpMeta):
309         (JSC::B3::SwitchValue::SwitchValue):
310         * b3/B3SwitchValue.h:
311         * b3/B3UpsilonValue.cpp:
312         (JSC::B3::UpsilonValue::~UpsilonValue):
313         (JSC::B3::UpsilonValue::dumpMeta):
314         * b3/B3UpsilonValue.h:
315         * b3/B3Validate.cpp:
316         * b3/B3Value.cpp:
317         (JSC::B3::Value::dump):
318         (JSC::B3::Value::dumpChildren):
319         (JSC::B3::Value::deepDump):
320         (JSC::B3::Value::performSubstitution):
321         (JSC::B3::Value::dumpMeta):
322         * b3/B3Value.h:
323         * b3/B3ValueInlines.h:
324         (JSC::B3::Value::asNumber):
325         (JSC::B3::Value::stackmap): Deleted.
326         * b3/B3ValueRep.h:
327         (JSC::B3::ValueRep::kind):
328         (JSC::B3::ValueRep::operator==):
329         (JSC::B3::ValueRep::operator!=):
330         (JSC::B3::ValueRep::operator bool):
331         (JSC::B3::ValueRep::isAny):
332         * b3/air/AirInstInlines.h:
333         * b3/testb3.cpp:
334         (JSC::B3::testSimplePatchpoint):
335
336 2015-11-03  Benjamin Poulain  <bpoulain@apple.com>
337
338         [JSC] Add Air lowering for BitOr and impove BitAnd
339         https://bugs.webkit.org/show_bug.cgi?id=150827
340
341         Reviewed by Filip Pizlo.
342
343         In this patch:
344         -B3 to Air lowering for BirOr.
345         -Codegen for BitOr.
346         -Strength reduction for BitOr and BitAnd.
347         -Tests for BitAnd and BitOr.
348         -Bug fix: Move64 with a negative value was destroying the top bits.
349
350         * b3/B3Const32Value.cpp:
351         (JSC::B3::Const32Value::bitAndConstant):
352         (JSC::B3::Const32Value::bitOrConstant):
353         * b3/B3Const32Value.h:
354         * b3/B3Const64Value.cpp:
355         (JSC::B3::Const64Value::bitAndConstant):
356         (JSC::B3::Const64Value::bitOrConstant):
357         * b3/B3Const64Value.h:
358         * b3/B3LowerToAir.cpp:
359         (JSC::B3::Air::LowerToAir::immForMove):
360         (JSC::B3::Air::LowerToAir::immOrTmpForMove):
361         (JSC::B3::Air::LowerToAir::tryOr):
362         (JSC::B3::Air::LowerToAir::tryConst64):
363         (JSC::B3::Air::LowerToAir::tryUpsilon):
364         (JSC::B3::Air::LowerToAir::tryIdentity):
365         (JSC::B3::Air::LowerToAir::tryReturn):
366         (JSC::B3::Air::LowerToAir::immOrTmp): Deleted.
367         * b3/B3LoweringMatcher.patterns:
368         * b3/B3ReduceStrength.cpp:
369         * b3/B3Value.cpp:
370         (JSC::B3::Value::bitAndConstant):
371         (JSC::B3::Value::bitOrConstant):
372         * b3/B3Value.h:
373         * b3/air/AirOpcode.opcodes:
374         * b3/testb3.cpp:
375         (JSC::B3::testReturnConst64):
376         (JSC::B3::testBitAndArgs):
377         (JSC::B3::testBitAndSameArg):
378         (JSC::B3::testBitAndImms):
379         (JSC::B3::testBitAndArgImm):
380         (JSC::B3::testBitAndImmArg):
381         (JSC::B3::testBitAndBitAndArgImmImm):
382         (JSC::B3::testBitAndImmBitAndArgImm):
383         (JSC::B3::testBitAndArgs32):
384         (JSC::B3::testBitAndSameArg32):
385         (JSC::B3::testBitAndImms32):
386         (JSC::B3::testBitAndArgImm32):
387         (JSC::B3::testBitAndImmArg32):
388         (JSC::B3::testBitAndBitAndArgImmImm32):
389         (JSC::B3::testBitAndImmBitAndArgImm32):
390         (JSC::B3::testBitOrArgs):
391         (JSC::B3::testBitOrSameArg):
392         (JSC::B3::testBitOrImms):
393         (JSC::B3::testBitOrArgImm):
394         (JSC::B3::testBitOrImmArg):
395         (JSC::B3::testBitOrBitOrArgImmImm):
396         (JSC::B3::testBitOrImmBitOrArgImm):
397         (JSC::B3::testBitOrArgs32):
398         (JSC::B3::testBitOrSameArg32):
399         (JSC::B3::testBitOrImms32):
400         (JSC::B3::testBitOrArgImm32):
401         (JSC::B3::testBitOrImmArg32):
402         (JSC::B3::testBitOrBitOrArgImmImm32):
403         (JSC::B3::testBitOrImmBitOrArgImm32):
404         (JSC::B3::run):
405
406 2015-11-03  Saam barati  <sbarati@apple.com>
407
408         Rewrite "const" as "var" for iTunes/iBooks on the Mac
409         https://bugs.webkit.org/show_bug.cgi?id=150852
410
411         Reviewed by Geoffrey Garen.
412
413         VM now has a setting indicating if we should treat
414         "const" variables as "var" to more closely match
415         JSC's previous implementation of "const" before ES6.
416
417         * parser/Parser.h:
418         (JSC::Parser::next):
419         (JSC::Parser::nextExpectIdentifier):
420         * runtime/VM.h:
421         (JSC::VM::setShouldRewriteConstAsVar):
422         (JSC::VM::shouldRewriteConstAsVar):
423
424 2015-11-03  Mark Lam  <mark.lam@apple.com>
425
426         Fix some inefficiencies in the baseline usage of JITAddGenerator.
427         https://bugs.webkit.org/show_bug.cgi?id=150850
428
429         Reviewed by Michael Saboff.
430
431         1. emit_op_add() was loading the operands twice.  Removed the redundant load.
432         2. The snippet may decide that it wants to go the slow path route all the time.
433            In that case, emit_op_add will end up emitting a branch to an out of line
434            slow path followed by some dead code to store the result of the fast path
435            on to the stack.
436            We now check if the snippet determined that there's no fast path, and just
437            emit the slow path inline, and skip the dead store of the fast path result.
438
439         * jit/JITArithmetic.cpp:
440         (JSC::JIT::emit_op_add):
441
442 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
443
444         B3::LowerToAir should do copy propagation
445         https://bugs.webkit.org/show_bug.cgi?id=150775
446
447         Reviewed by Geoffrey Garen.
448
449         What we are trying to do is remove the unnecessary Move's and Move32's from Trunc and ZExt32.
450         You could think of this as an Air optimization, and indeed, Air is powerful enough that we
451         could write a phase that does copy propagation through Move's and Move32's. For Move32's it
452         would only copy-propagate if it proved that the value was already zero-extended. We could
453         know this by just adding a Def32 role to Air.
454
455         But this patch takes a different approach: we ensure that we don't generate such redundant
456         Move's and Move32's to begin with. The reason is that it's much cheaper to do analysis over
457         B3 than over Air. So, whenever possible, and optimization should be implemented in B3. In
458         this case the optimization can't quite be implemented in B3 because you cannot remove a Trunc
459         or ZExt32 without violating the B3 type system. So, the best place to do this optimization is
460         during lowering: we can use B3 for our analysis and we can use Air to express the
461         transformation.
462
463         Copy propagating during B3->Air lowering is natural because we are creating "SSA-like" Tmps
464         from the B3 Values. They are SSA-like in the sense that except the tmp for a Phi, we know
465         that the Tmp will be assigned once and that the assignment will dominate all uses. So, if we
466         see an operation like Trunc that is semantically just a Move, we can skip the Move and just
467         claim that the Trunc has the same Tmp as its child. We do something similar for ZExt32,
468         except with that one we have to analyze IR to ensure that the value will actually be zero
469         extended. Note that this kind of reasoning about how Tmps work in Air is only possible in the
470         B3->Air lowering, since at that point we know for sure which Tmps behave this way. If we
471         wanted to do anything like this as a later Air phase, we'd have to do more analysis to first
472         prove that Tmps behave in this way.
473
474         * b3/B3LowerToAir.cpp:
475         (JSC::B3::Air::LowerToAir::run):
476         (JSC::B3::Air::LowerToAir::highBitsAreZero):
477         (JSC::B3::Air::LowerToAir::shouldCopyPropagate):
478         (JSC::B3::Air::LowerToAir::tmp):
479         (JSC::B3::Air::LowerToAir::tryStore):
480         (JSC::B3::Air::LowerToAir::tryTrunc):
481         (JSC::B3::Air::LowerToAir::tryZExt32):
482         (JSC::B3::Air::LowerToAir::tryIdentity):
483         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg): Deleted.
484         * b3/B3LoweringMatcher.patterns:
485
486 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
487
488         Web Inspector: Move ScriptDebugServer::Task to WorkerScriptDebugServer where it is actually used
489         https://bugs.webkit.org/show_bug.cgi?id=150847
490
491         Reviewed by Timothy Hatcher.
492
493         * inspector/ScriptDebugServer.h:
494         Remove Task from here, it isn't needed in the general case.
495
496         * parser/SourceProvider.h:
497         Remove unimplemented method.
498
499 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
500
501         Web Inspector: Handle or Remove ParseHTML Timeline Event Records
502         https://bugs.webkit.org/show_bug.cgi?id=150689
503
504         Reviewed by Timothy Hatcher.
505
506         * inspector/protocol/Timeline.json:
507
508 2015-11-03  Michael Saboff  <msaboff@apple.com>
509
510         Rename InlineCallFrame:: getCallerSkippingDeadFrames to something more descriptive
511         https://bugs.webkit.org/show_bug.cgi?id=150832
512
513         Reviewed by Geoffrey Garen.
514
515         Renamed InlineCallFrame::getCallerSkippingDeadFrames() to getCallerSkippingTailCalls().
516         Did similar renaming to helper InlineCallFrame::computeCallerSkippingTailCalls() and
517         InlineCallFrame::getCallerInlineFrameSkippingTailCalls().
518
519         * bytecode/InlineCallFrame.h:
520         (JSC::InlineCallFrame::computeCallerSkippingTailCalls):
521         (JSC::InlineCallFrame::getCallerSkippingTailCalls):
522         (JSC::InlineCallFrame::getCallerInlineFrameSkippingTailCalls):
523         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames): Deleted.
524         (JSC::InlineCallFrame::getCallerSkippingDeadFrames): Deleted.
525         (JSC::InlineCallFrame::getCallerInlineFrameSkippingDeadFrames): Deleted.
526         * dfg/DFGByteCodeParser.cpp:
527         (JSC::DFG::ByteCodeParser::allInlineFramesAreTailCalls):
528         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
529         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
530         * dfg/DFGGraph.cpp:
531         (JSC::DFG::Graph::isLiveInBytecode):
532         * dfg/DFGGraph.h:
533         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
534         * dfg/DFGOSRExitCompilerCommon.cpp:
535         (JSC::DFG::reifyInlinedCallFrames):
536         * dfg/DFGPreciseLocalClobberize.h:
537         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
538         * dfg/DFGSpeculativeJIT32_64.cpp:
539         (JSC::DFG::SpeculativeJIT::emitCall):
540         * dfg/DFGSpeculativeJIT64.cpp:
541         (JSC::DFG::SpeculativeJIT::emitCall):
542         * ftl/FTLLowerDFGToLLVM.cpp:
543         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
544         * interpreter/StackVisitor.cpp:
545         (JSC::StackVisitor::gotoNextFrame):
546
547 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
548
549         B3/Air should use bubble sort for their insertion sets, because it's faster than std::stable_sort
550         https://bugs.webkit.org/show_bug.cgi?id=150828
551
552         Reviewed by Geoffrey Garen.
553
554         Undo the 2% compile time regression caused by http://trac.webkit.org/changeset/191913.
555
556         * b3/B3InsertionSet.cpp:
557         (JSC::B3::InsertionSet::execute): Switch to bubble sort.
558         * b3/air/AirInsertionSet.cpp:
559         (JSC::B3::Air::InsertionSet::execute): Switch to bubble sort.
560         * dfg/DFGBlockInsertionSet.cpp:
561         (JSC::DFG::BlockInsertionSet::execute): Switch back to quicksort.
562
563 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
564
565         Unreviewed, partially revert r191952.
566
567         Removed GCC compiler workarounds (unreachable returns).
568
569         * b3/B3Type.h:
570         (JSC::B3::sizeofType):
571         * b3/air/AirArg.h:
572         (JSC::B3::Air::Arg::isUse):
573         (JSC::B3::Air::Arg::isDef):
574         (JSC::B3::Air::Arg::isGP):
575         (JSC::B3::Air::Arg::isFP):
576         (JSC::B3::Air::Arg::isType):
577         * b3/air/AirCode.h:
578         (JSC::B3::Air::Code::newTmp):
579         (JSC::B3::Air::Code::numTmps):
580
581 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
582
583         Fix the ENABLE(B3_JIT) build on Linux
584         https://bugs.webkit.org/show_bug.cgi?id=150794
585
586         Reviewed by Darin Adler.
587
588         * CMakeLists.txt:
589         * b3/B3HeapRange.h:
590         * b3/B3IndexSet.h:
591         (JSC::B3::IndexSet::Iterable::iterator::operator++):
592         * b3/B3Type.h:
593         (JSC::B3::sizeofType):
594         * b3/air/AirArg.cpp:
595         (JSC::B3::Air::Arg::dump):
596         * b3/air/AirArg.h:
597         (JSC::B3::Air::Arg::isUse):
598         (JSC::B3::Air::Arg::isDef):
599         (JSC::B3::Air::Arg::isGP):
600         (JSC::B3::Air::Arg::isFP):
601         (JSC::B3::Air::Arg::isType):
602         * b3/air/AirCode.h:
603         (JSC::B3::Air::Code::newTmp):
604         (JSC::B3::Air::Code::numTmps):
605         * b3/air/AirSpecial.cpp:
606
607 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
608
609         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
610         https://bugs.webkit.org/show_bug.cgi?id=150793
611
612         Reviewed by Darin Adler.
613
614         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
615         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
616         the ifdef in parseAssignmentExpression.
617         This prevents functionality of parsing arrow function syntax.
618
619         * parser/Lexer.cpp:
620         (JSC::Lexer<T>::lex):
621         * parser/Parser.cpp:
622         (JSC::Parser<LexerType>::parseInner): Deleted.
623         * parser/Parser.h:
624         (JSC::Parser::isArrowFunctionParamters): Deleted.
625         * parser/ParserTokens.h:
626
627 2015-11-02  Michael Saboff  <msaboff@apple.com>
628
629         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
630         https://bugs.webkit.org/show_bug.cgi?id=150745
631
632         Reviewed by Geoffrey Garen.
633
634         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
635         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
636         type of the true caller, that is the function we'll be returning to.
637
638         This can be found by remembering the last call type we find while walking up the inlined
639         frames in InlineCallFrame::getCallerSkippingDeadFrames().
640
641         We can also return directly back to a getter or setter callsite without using a thunk.
642
643         * bytecode/InlineCallFrame.h:
644         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
645         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
646         * dfg/DFGOSRExitCompilerCommon.cpp:
647         (JSC::DFG::reifyInlinedCallFrames):
648         * jit/JITPropertyAccess.cpp:
649         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
650         for reified inlined frames created during OSR exit. 
651         * jit/ThunkGenerators.cpp:
652         (JSC::baselineGetterReturnThunkGenerator): Deleted.
653         (JSC::baselineSetterReturnThunkGenerator): Deleted.
654         * jit/ThunkGenerators.h:
655
656 2015-11-02  Saam barati  <sbarati@apple.com>
657
658         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
659         https://bugs.webkit.org/show_bug.cgi?id=150760
660
661         Reviewed by Geoffrey Garen.
662
663         This is related to using PhantomLocal instead of Flush as 
664         the liveness preservation mechanism for live catch variables. 
665         I'm temporarily switching things back to Flush. This will be a
666         performance hit for try/catch in the DFG. Landing this patch,
667         though, will allow me to land try/catch in the FTL. It also
668         makes try/catch in the DFG sound. I have opened another
669         bug to further investigate using PhantomLocal as the
670         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
671
672         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
673         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
674         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
675         (assert):
676         (let.oThrow.get f):
677         (let.o2.get f):
678         (foo):
679         (f):
680
681 2015-11-02  Andy Estes  <aestes@apple.com>
682
683         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
684         https://bugs.webkit.org/show_bug.cgi?id=150819
685
686         Reviewed by Dan Bernstein.
687
688         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
689
690         * Configurations/Base.xcconfig:
691
692 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
693
694         [Win] MiniBrowser unable to use WebInspector
695         https://bugs.webkit.org/show_bug.cgi?id=150810
696         <rdar://problem/23358514>
697
698         Reviewed by Timothy Hatcher.
699
700         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
701         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
702         parsing error in the JS file.
703         
704         The solution was to switch from using "COMMAND echo" to use the more cross-platform
705         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
706         escaping properly on all platforms.
707
708         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
709
710 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
711
712         B3 should be able to compile a Patchpoint
713         https://bugs.webkit.org/show_bug.cgi?id=150750
714
715         Reviewed by Geoffrey Garen.
716
717         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
718         with a B3::PatchpointSpecial.
719
720         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
721         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
722         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
723         otherwise I would have had to write a lot of boilerplate.
724
725         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
726
727         There were a ton of indexing bugs in B3StackmapSpecial.
728
729         The spiller was broken in case the Def was not the last Arg, since it was adding things
730         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
731         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
732         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
733         order insertions as a rare case. I think that we don't really need to be so paranoid.
734         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
735         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
736         used sort, which is slightly wrong.
737
738         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
739
740         * b3/B3InsertionSet.cpp:
741         (JSC::B3::InsertionSet::execute):
742         * b3/B3LowerToAir.cpp:
743         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
744         (JSC::B3::Air::LowerToAir::appendStore):
745         (JSC::B3::Air::LowerToAir::moveForType):
746         (JSC::B3::Air::LowerToAir::append):
747         (JSC::B3::Air::LowerToAir::ensureSpecial):
748         (JSC::B3::Air::LowerToAir::tryStore):
749         (JSC::B3::Air::LowerToAir::tryStackSlot):
750         (JSC::B3::Air::LowerToAir::tryPatchpoint):
751         (JSC::B3::Air::LowerToAir::tryUpsilon):
752         * b3/B3LoweringMatcher.patterns:
753         * b3/B3PatchpointValue.h:
754         (JSC::B3::PatchpointValue::accepts): Deleted.
755         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
756         * b3/B3Stackmap.h:
757         (JSC::B3::Stackmap::constrain):
758         (JSC::B3::Stackmap::appendConstraint):
759         (JSC::B3::Stackmap::reps):
760         (JSC::B3::Stackmap::clobber):
761         * b3/B3StackmapSpecial.cpp:
762         (JSC::B3::StackmapSpecial::forEachArgImpl):
763         (JSC::B3::StackmapSpecial::isValidImpl):
764         * b3/B3Value.h:
765         * b3/B3ValueRep.h:
766         (JSC::B3::ValueRep::ValueRep):
767         (JSC::B3::ValueRep::reg):
768         (JSC::B3::ValueRep::operator bool):
769         (JSC::B3::ValueRep::isAny):
770         (JSC::B3::ValueRep::isSomeRegister):
771         (JSC::B3::ValueRep::isReg):
772         (JSC::B3::ValueRep::isGPR):
773         (JSC::B3::ValueRep::isFPR):
774         (JSC::B3::ValueRep::gpr):
775         (JSC::B3::ValueRep::fpr):
776         (JSC::B3::ValueRep::isStack):
777         (JSC::B3::ValueRep::offsetFromFP):
778         (JSC::B3::ValueRep::isStackArgument):
779         (JSC::B3::ValueRep::offsetFromSP):
780         (JSC::B3::ValueRep::isConstant):
781         (JSC::B3::ValueRep::value):
782         * b3/air/AirCode.cpp:
783         (JSC::B3::Air::Code::dump):
784         * b3/air/AirInsertionSet.cpp:
785         (JSC::B3::Air::InsertionSet::execute):
786         * b3/testb3.cpp:
787         (JSC::B3::testComplex):
788         (JSC::B3::testSimplePatchpoint):
789         (JSC::B3::run):
790         * dfg/DFGBlockInsertionSet.cpp:
791         (JSC::DFG::BlockInsertionSet::execute):
792
793 2015-11-02  Mark Lam  <mark.lam@apple.com>
794
795         Snippefy op_add for the baseline JIT.
796         https://bugs.webkit.org/show_bug.cgi?id=150129
797
798         Reviewed by Geoffrey Garen and Saam Barati.
799
800         Performance is neutral for both 32-bit and 64-bit on X86_64.
801
802         * CMakeLists.txt:
803         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
804         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
805         * JavaScriptCore.xcodeproj/project.pbxproj:
806         * jit/JIT.h:
807         (JSC::JIT::getOperandConstantInt):
808         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
809           because the snippet needs it.
810
811         * jit/JITAddGenerator.cpp: Added.
812         (JSC::JITAddGenerator::generateFastPath):
813         * jit/JITAddGenerator.h: Added.
814         (JSC::JITAddGenerator::JITAddGenerator):
815         (JSC::JITAddGenerator::endJumpList):
816         (JSC::JITAddGenerator::slowPathJumpList):
817         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
818           is a constant int32_t.  It does not implement an optimization for the case where
819           both operands are constant int32_t.  This is because:
820           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
821           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
822
823           Hence, such an optimization path (for 2 constant int32_t operands) would never
824           be taken, and is why we won't implement it.
825
826         * jit/JITArithmetic.cpp:
827         (JSC::JIT::compileBinaryArithOp):
828         (JSC::JIT::compileBinaryArithOpSlowCase):
829         - Removed op_add cases.  These are no longer used by the op_add emitters.
830
831         (JSC::JIT::emit_op_add):
832         (JSC::JIT::emitSlow_op_add):
833         - Moved out from the JSVALUE64 section to the common section, and reimplemented
834           using the snippet.
835
836         * jit/JITArithmetic32_64.cpp:
837         (JSC::JIT::emitBinaryDoubleOp):
838         (JSC::JIT::emit_op_add): Deleted.
839         (JSC::JIT::emitAdd32Constant): Deleted.
840         (JSC::JIT::emitSlow_op_add): Deleted.
841         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
842           and 64-bit implementations.
843
844         * jit/JITInlines.h:
845         (JSC::JIT::getOperandConstantInt):
846         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
847           because the snippet needs it.
848
849 2015-11-02  Brian Burg  <bburg@apple.com>
850
851         Run sort-Xcode-project-file for the JavaScriptCore project.
852
853         Unreviewed. Many things were out of order following recent B3 commits.
854
855         * JavaScriptCore.xcodeproj/project.pbxproj:
856
857 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
858
859         Rename op_put_getter_setter to op_put_getter_setter_by_id
860         https://bugs.webkit.org/show_bug.cgi?id=150773
861
862         Reviewed by Mark Lam.
863
864         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
865         the other ops' names like op_put_getter_by_id etc.
866
867         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
868
869         * JavaScriptCore.xcodeproj/project.pbxproj:
870         * bytecode/BytecodeList.json:
871         * bytecode/BytecodeUseDef.h:
872         (JSC::computeUsesForBytecodeOffset):
873         (JSC::computeDefsForBytecodeOffset):
874         * bytecode/CodeBlock.cpp:
875         (JSC::CodeBlock::dumpBytecode):
876         * bytecompiler/BytecodeGenerator.cpp:
877         (JSC::BytecodeGenerator::emitPutGetterSetter):
878         * dfg/DFGByteCodeParser.cpp:
879         (JSC::DFG::ByteCodeParser::parseBlock):
880         * dfg/DFGCapabilities.cpp:
881         (JSC::DFG::capabilityLevel):
882         * jit/JIT.cpp:
883         (JSC::JIT::privateCompileMainPass):
884         * jit/JIT.h:
885         * jit/JITPropertyAccess.cpp:
886         (JSC::JIT::emit_op_put_getter_setter_by_id):
887         (JSC::JIT::emit_op_put_getter_setter): Deleted.
888         * jit/JITPropertyAccess32_64.cpp:
889         (JSC::JIT::emit_op_put_getter_setter_by_id):
890         (JSC::JIT::emit_op_put_getter_setter): Deleted.
891         * llint/LLIntSlowPaths.cpp:
892         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
893         * llint/LLIntSlowPaths.h:
894         * llint/LowLevelInterpreter.asm:
895
896 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
897
898         Fix the FTL JIT build with system LLVM on Linux
899         https://bugs.webkit.org/show_bug.cgi?id=150795
900
901         Reviewed by Filip Pizlo.
902
903         * CMakeLists.txt:
904
905 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
906
907         [ES6] Support Generator Syntax
908         https://bugs.webkit.org/show_bug.cgi?id=150769
909
910         Reviewed by Geoffrey Garen.
911
912         This patch implements syntax part of ES6 Generators.
913
914         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
915         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
916         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
917         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
918
919         * Configurations/FeatureDefines.xcconfig:
920         * bytecompiler/NodesCodegen.cpp:
921         (JSC::YieldExprNode::emitBytecode):
922         * parser/ASTBuilder.h:
923         (JSC::ASTBuilder::createYield):
924         * parser/Keywords.table:
925         * parser/NodeConstructors.h:
926         (JSC::YieldExprNode::YieldExprNode):
927         * parser/Nodes.h:
928         * parser/Parser.cpp:
929         (JSC::Parser<LexerType>::Parser):
930         (JSC::Parser<LexerType>::parseInner):
931         (JSC::Parser<LexerType>::parseStatementListItem):
932         (JSC::Parser<LexerType>::parseVariableDeclarationList):
933         (JSC::Parser<LexerType>::parseDestructuringPattern):
934         (JSC::Parser<LexerType>::parseBreakStatement):
935         (JSC::Parser<LexerType>::parseContinueStatement):
936         (JSC::Parser<LexerType>::parseTryStatement):
937         (JSC::Parser<LexerType>::parseStatement):
938         (JSC::stringForFunctionMode):
939         (JSC::Parser<LexerType>::parseFunctionParameters):
940         (JSC::Parser<LexerType>::parseFunctionInfo):
941         (JSC::Parser<LexerType>::parseFunctionDeclaration):
942         (JSC::Parser<LexerType>::parseClass):
943         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
944         (JSC::Parser<LexerType>::parseExportDeclaration):
945         (JSC::Parser<LexerType>::parseAssignmentExpression):
946         (JSC::Parser<LexerType>::parseYieldExpression):
947         (JSC::Parser<LexerType>::parseProperty):
948         (JSC::Parser<LexerType>::parsePropertyMethod):
949         (JSC::Parser<LexerType>::parseGetterSetter):
950         (JSC::Parser<LexerType>::parseFunctionExpression):
951         (JSC::Parser<LexerType>::parsePrimaryExpression):
952         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
953         * parser/Parser.h:
954         (JSC::Scope::Scope):
955         (JSC::Scope::setSourceParseMode):
956         (JSC::Scope::isGenerator):
957         (JSC::Scope::setIsFunction):
958         (JSC::Scope::setIsGenerator):
959         (JSC::Scope::setIsModule):
960         (JSC::Parser::pushScope):
961         (JSC::Parser::isYIELDMaskedAsIDENT):
962         (JSC::Parser::matchSpecIdentifier):
963         (JSC::Parser::saveState):
964         (JSC::Parser::restoreState):
965         * parser/ParserModes.h:
966         (JSC::isFunctionParseMode):
967         (JSC::isModuleParseMode):
968         (JSC::isProgramParseMode):
969         * parser/ParserTokens.h:
970         * parser/SyntaxChecker.h:
971         (JSC::SyntaxChecker::createYield):
972         * tests/stress/generator-methods.js: Added.
973         (Hello.prototype.gen):
974         (Hello.gen):
975         (Hello):
976         (Hello.prototype.set get string_appeared_here):
977         (Hello.string_appeared_here):
978         (Hello.prototype.20):
979         (Hello.20):
980         (Hello.prototype.42):
981         (Hello.42):
982         (let.object.gen):
983         (let.object.set get string_appeared_here):
984         (let.object.20):
985         (let.object.42):
986         * tests/stress/generator-syntax.js: Added.
987         (testSyntax):
988         (testSyntaxError):
989         (testSyntaxError.Hello.prototype.get gen):
990         (testSyntaxError.Hello):
991         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
992         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
993         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
994         (testSyntaxError.value):
995         (testSyntaxError.gen.ng):
996         (testSyntaxError.gen):
997         (testSyntax.gen):
998         * tests/stress/yield-and-line-terminator.js: Added.
999         (testSyntax):
1000         (testSyntaxError):
1001         (testSyntax.gen):
1002         (testSyntaxError.gen):
1003         * tests/stress/yield-label-generator.js: Added.
1004         (testSyntax):
1005         (testSyntaxError):
1006         (testSyntaxError.test):
1007         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
1008         * tests/stress/yield-label.js: Added.
1009         (yield):
1010         (testSyntaxError):
1011         (testSyntaxError.test):
1012         * tests/stress/yield-named-accessors-generator.js: Added.
1013         (t1.let.object.get yield):
1014         (t1.let.object.set yield):
1015         (t1):
1016         (t2.let.object.get yield):
1017         (t2.let.object.set yield):
1018         (t2):
1019         * tests/stress/yield-named-accessors.js: Added.
1020         (t1.let.object.get yield):
1021         (t1.let.object.set yield):
1022         (t1):
1023         (t2.let.object.get yield):
1024         (t2.let.object.set yield):
1025         (t2):
1026         * tests/stress/yield-named-variable-generator.js: Added.
1027         (testSyntax):
1028         (testSyntaxError):
1029         (testSyntaxError.t1):
1030         (testSyntaxError.t1.yield):
1031         (testSyntax.t1.yield):
1032         (testSyntax.t1):
1033         * tests/stress/yield-named-variable.js: Added.
1034         (testSyntax):
1035         (testSyntaxError):
1036         (testSyntax.t1):
1037         (testSyntaxError.t1):
1038         (testSyntax.t1.yield):
1039         (testSyntaxError.t1.yield):
1040         * tests/stress/yield-out-of-generator.js: Added.
1041         (testSyntax):
1042         (testSyntaxError):
1043         (testSyntaxError.hello):
1044         (testSyntaxError.gen.hello):
1045         (testSyntaxError.gen):
1046         (testSyntax.gen):
1047         (testSyntax.gen.ok):
1048         (testSyntaxError.gen.ok):
1049
1050 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1051
1052         Dominators should be factored out of the DFG
1053         https://bugs.webkit.org/show_bug.cgi?id=150764
1054
1055         Reviewed by Geoffrey Garen.
1056
1057         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
1058         DFG:
1059
1060         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
1061            future if we wanted to support inverted dominators, we could do it by just creating a
1062            DFG::BackwardCFG.
1063
1064         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
1065            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
1066            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
1067            the DFG.
1068
1069         * CMakeLists.txt:
1070         * JavaScriptCore.xcodeproj/project.pbxproj:
1071         * dfg/DFGAnalysis.h: Removed.
1072         * dfg/DFGCFG.h: Added.
1073         (JSC::DFG::CFG::CFG):
1074         (JSC::DFG::CFG::root):
1075         (JSC::DFG::CFG::newMap<T>):
1076         (JSC::DFG::CFG::successors):
1077         (JSC::DFG::CFG::predecessors):
1078         (JSC::DFG::CFG::index):
1079         (JSC::DFG::CFG::node):
1080         (JSC::DFG::CFG::numNodes):
1081         (JSC::DFG::CFG::dump):
1082         * dfg/DFGCSEPhase.cpp:
1083         * dfg/DFGDisassembler.cpp:
1084         (JSC::DFG::Disassembler::createDumpList):
1085         * dfg/DFGDominators.cpp: Removed.
1086         * dfg/DFGDominators.h:
1087         (JSC::DFG::Dominators::Dominators):
1088         (JSC::DFG::Dominators::strictlyDominates): Deleted.
1089         (JSC::DFG::Dominators::dominates): Deleted.
1090         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
1091         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
1092         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
1093         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
1094         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
1095         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
1096         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
1097         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
1098         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
1099         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
1100         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
1101         * dfg/DFGEdgeDominates.h:
1102         (JSC::DFG::EdgeDominates::operator()):
1103         * dfg/DFGGraph.cpp:
1104         (JSC::DFG::Graph::Graph):
1105         (JSC::DFG::Graph::dumpBlockHeader):
1106         (JSC::DFG::Graph::invalidateCFG):
1107         (JSC::DFG::Graph::substituteGetLocal):
1108         (JSC::DFG::Graph::handleAssertionFailure):
1109         (JSC::DFG::Graph::ensureDominators):
1110         (JSC::DFG::Graph::ensurePrePostNumbering):
1111         (JSC::DFG::Graph::ensureNaturalLoops):
1112         (JSC::DFG::Graph::valueProfileFor):
1113         * dfg/DFGGraph.h:
1114         (JSC::DFG::Graph::hasDebuggerEnabled):
1115         * dfg/DFGLICMPhase.cpp:
1116         (JSC::DFG::LICMPhase::run):
1117         (JSC::DFG::LICMPhase::attemptHoist):
1118         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1119         (JSC::DFG::createPreHeader):
1120         (JSC::DFG::LoopPreHeaderCreationPhase::run):
1121         * dfg/DFGNaturalLoops.cpp:
1122         (JSC::DFG::NaturalLoop::dump):
1123         (JSC::DFG::NaturalLoops::NaturalLoops):
1124         (JSC::DFG::NaturalLoops::~NaturalLoops):
1125         (JSC::DFG::NaturalLoops::loopsOf):
1126         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
1127         (JSC::DFG::NaturalLoops::compute): Deleted.
1128         * dfg/DFGNaturalLoops.h:
1129         (JSC::DFG::NaturalLoops::numLoops):
1130         * dfg/DFGNode.h:
1131         (JSC::DFG::Node::SuccessorsIterable::end):
1132         (JSC::DFG::Node::SuccessorsIterable::size):
1133         (JSC::DFG::Node::SuccessorsIterable::at):
1134         (JSC::DFG::Node::SuccessorsIterable::operator[]):
1135         * dfg/DFGOSREntrypointCreationPhase.cpp:
1136         (JSC::DFG::OSREntrypointCreationPhase::run):
1137         * dfg/DFGObjectAllocationSinkingPhase.cpp:
1138         * dfg/DFGPlan.cpp:
1139         (JSC::DFG::Plan::compileInThreadImpl):
1140         * dfg/DFGPrePostNumbering.cpp:
1141         (JSC::DFG::PrePostNumbering::PrePostNumbering):
1142         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
1143         (JSC::DFG::PrePostNumbering::compute): Deleted.
1144         * dfg/DFGPrePostNumbering.h:
1145         (JSC::DFG::PrePostNumbering::preNumber):
1146         (JSC::DFG::PrePostNumbering::postNumber):
1147         * dfg/DFGPutStackSinkingPhase.cpp:
1148         * dfg/DFGSSACalculator.cpp:
1149         (JSC::DFG::SSACalculator::nonLocalReachingDef):
1150         (JSC::DFG::SSACalculator::reachingDefAtTail):
1151         * dfg/DFGSSACalculator.h:
1152         (JSC::DFG::SSACalculator::computePhis):
1153         * dfg/DFGSSAConversionPhase.cpp:
1154         (JSC::DFG::SSAConversionPhase::run):
1155         * ftl/FTLLink.cpp:
1156         (JSC::FTL::link):
1157         * ftl/FTLLowerDFGToLLVM.cpp:
1158         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
1159         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
1160         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
1161
1162 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1163
1164         B3::reduceStrength's DCE should be more agro and less wrong
1165         https://bugs.webkit.org/show_bug.cgi?id=150748
1166
1167         Reviewed by Geoffrey Garen.
1168
1169         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
1170         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
1171         cycles. It was also probably slower than it needed to be, since it would eliminate all
1172         never-referenced things on each fixpoint.
1173
1174         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
1175         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
1176         Upsilons, it's a fixpoint. It works fine in the end.
1177
1178         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
1179         writing as a compile time benchmark. So, I include that test in this change. I also include
1180         the small lowering extensions that it needed - shifting and zero extending.
1181
1182         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
1183         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
1184         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
1185         close once we give B3 a register allocator, but still, that's pretty good news for our B3
1186         strategy.
1187
1188         * JavaScriptCore.xcodeproj/project.pbxproj:
1189         * assembler/MacroAssemblerX86_64.h:
1190         (JSC::MacroAssemblerX86_64::lshift64):
1191         (JSC::MacroAssemblerX86_64::rshift64):
1192         * assembler/X86Assembler.h:
1193         (JSC::X86Assembler::shlq_i8r):
1194         (JSC::X86Assembler::shlq_CLr):
1195         (JSC::X86Assembler::imull_rr):
1196         * b3/B3BasicBlock.cpp:
1197         (JSC::B3::BasicBlock::replacePredecessor):
1198         (JSC::B3::BasicBlock::dump):
1199         (JSC::B3::BasicBlock::removeNops): Deleted.
1200         * b3/B3BasicBlock.h:
1201         (JSC::B3::BasicBlock::frequency):
1202         * b3/B3Common.cpp:
1203         (JSC::B3::shouldSaveIRBeforePhase):
1204         (JSC::B3::shouldMeasurePhaseTiming):
1205         * b3/B3Common.h:
1206         (JSC::B3::isRepresentableAsImpl):
1207         * b3/B3Generate.cpp:
1208         (JSC::B3::generate):
1209         (JSC::B3::generateToAir):
1210         * b3/B3LowerToAir.cpp:
1211         (JSC::B3::Air::LowerToAir::tryAnd):
1212         (JSC::B3::Air::LowerToAir::tryShl):
1213         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1214         (JSC::B3::Air::LowerToAir::tryTrunc):
1215         (JSC::B3::Air::LowerToAir::tryZExt32):
1216         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1217         * b3/B3LoweringMatcher.patterns:
1218         * b3/B3PhaseScope.cpp:
1219         (JSC::B3::PhaseScope::PhaseScope):
1220         * b3/B3PhaseScope.h:
1221         * b3/B3ReduceStrength.cpp:
1222         * b3/B3TimingScope.cpp: Added.
1223         (JSC::B3::TimingScope::TimingScope):
1224         (JSC::B3::TimingScope::~TimingScope):
1225         * b3/B3TimingScope.h: Added.
1226         * b3/B3Validate.cpp:
1227         * b3/air/AirAllocateStack.cpp:
1228         (JSC::B3::Air::allocateStack):
1229         * b3/air/AirGenerate.cpp:
1230         (JSC::B3::Air::generate):
1231         * b3/air/AirInstInlines.h:
1232         (JSC::B3::Air::ForEach<Arg>::forEach):
1233         (JSC::B3::Air::Inst::forEach):
1234         (JSC::B3::Air::isLshift32Valid):
1235         (JSC::B3::Air::isLshift64Valid):
1236         * b3/air/AirLiveness.h:
1237         (JSC::B3::Air::Liveness::isAlive):
1238         (JSC::B3::Air::Liveness::Liveness):
1239         (JSC::B3::Air::Liveness::LocalCalc::execute):
1240         * b3/air/AirOpcode.opcodes:
1241         * b3/air/AirPhaseScope.cpp:
1242         (JSC::B3::Air::PhaseScope::PhaseScope):
1243         * b3/air/AirPhaseScope.h:
1244         * b3/testb3.cpp:
1245         (JSC::B3::testBranchEqualFoldPtr):
1246         (JSC::B3::testComplex):
1247         (JSC::B3::run):
1248         * runtime/Options.h:
1249
1250 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
1251
1252         [ES6] Add support for toStringTag
1253         https://bugs.webkit.org/show_bug.cgi?id=150696
1254
1255         Re-landing, as this wasn't the culprit.
1256
1257         * runtime/ArrayIteratorPrototype.cpp:
1258         (JSC::ArrayIteratorPrototype::finishCreation):
1259         * runtime/CommonIdentifiers.h:
1260         * runtime/JSArrayBufferPrototype.cpp:
1261         (JSC::JSArrayBufferPrototype::finishCreation):
1262         (JSC::JSArrayBufferPrototype::create):
1263         * runtime/JSDataViewPrototype.cpp:
1264         (JSC::JSDataViewPrototype::create):
1265         (JSC::JSDataViewPrototype::finishCreation):
1266         (JSC::JSDataViewPrototype::createStructure):
1267         * runtime/JSDataViewPrototype.h:
1268         * runtime/JSModuleNamespaceObject.cpp:
1269         (JSC::JSModuleNamespaceObject::finishCreation):
1270         * runtime/JSONObject.cpp:
1271         (JSC::JSONObject::finishCreation):
1272         * runtime/JSPromisePrototype.cpp:
1273         (JSC::JSPromisePrototype::finishCreation):
1274         (JSC::JSPromisePrototype::getOwnPropertySlot):
1275         * runtime/JSTypedArrayViewPrototype.cpp:
1276         (JSC::typedArrayViewProtoFuncValues):
1277         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1278         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
1279         (JSC::JSTypedArrayViewPrototype::finishCreation):
1280         * runtime/MapIteratorPrototype.cpp:
1281         (JSC::MapIteratorPrototype::finishCreation):
1282         (JSC::MapIteratorPrototypeFuncNext):
1283         * runtime/MapPrototype.cpp:
1284         (JSC::MapPrototype::finishCreation):
1285         * runtime/MathObject.cpp:
1286         (JSC::MathObject::finishCreation):
1287         * runtime/ObjectPrototype.cpp:
1288         (JSC::objectProtoFuncToString):
1289         * runtime/SetIteratorPrototype.cpp:
1290         (JSC::SetIteratorPrototype::finishCreation):
1291         (JSC::SetIteratorPrototypeFuncNext):
1292         * runtime/SetPrototype.cpp:
1293         (JSC::SetPrototype::finishCreation):
1294         * runtime/SmallStrings.cpp:
1295         (JSC::SmallStrings::SmallStrings):
1296         (JSC::SmallStrings::initializeCommonStrings):
1297         (JSC::SmallStrings::visitStrongReferences):
1298         * runtime/SmallStrings.h:
1299         (JSC::SmallStrings::typeString):
1300         (JSC::SmallStrings::objectStringStart):
1301         (JSC::SmallStrings::nullObjectString):
1302         (JSC::SmallStrings::undefinedObjectString):
1303         * runtime/StringIteratorPrototype.cpp:
1304         (JSC::StringIteratorPrototype::finishCreation):
1305         * runtime/SymbolPrototype.cpp:
1306         (JSC::SymbolPrototype::finishCreation):
1307         * runtime/WeakMapPrototype.cpp:
1308         (JSC::WeakMapPrototype::finishCreation):
1309         (JSC::getWeakMapData):
1310         * runtime/WeakSetPrototype.cpp:
1311         (JSC::WeakSetPrototype::finishCreation):
1312         (JSC::getWeakMapData):
1313         * tests/es6.yaml:
1314         * tests/modules/namespace.js:
1315         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
1316
1317 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1318
1319         Unreviewed, rolling out r191815 and r191821.
1320         https://bugs.webkit.org/show_bug.cgi?id=150781
1321
1322         Seems to have broken JSC API tests on some platforms
1323         (Requested by ap on #webkit).
1324
1325         Reverted changesets:
1326
1327         "[ES6] Add support for toStringTag"
1328         https://bugs.webkit.org/show_bug.cgi?id=150696
1329         http://trac.webkit.org/changeset/191815
1330
1331         "Unreviewed, forgot to mark tests as passing for new feature."
1332         http://trac.webkit.org/changeset/191821
1333
1334 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1335
1336         Unreviewed, rolling out r191858.
1337         https://bugs.webkit.org/show_bug.cgi?id=150780
1338
1339         Broke the build (Requested by ap on #webkit).
1340
1341         Reverted changeset:
1342
1343         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
1344         https://bugs.webkit.org/show_bug.cgi?id=150773
1345         http://trac.webkit.org/changeset/191858
1346
1347 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1348
1349         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
1350
1351         * b3/B3LowerToAir.cpp:
1352         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1353
1354 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1355
1356         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
1357
1358         * b3/B3LowerToAir.cpp:
1359         (JSC::B3::Air::LowerToAir::tryTrunc):
1360
1361 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1362
1363         Rename op_put_getter_setter to op_put_getter_setter_by_id
1364         https://bugs.webkit.org/show_bug.cgi?id=150773
1365
1366         Reviewed by Mark Lam.
1367
1368         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
1369         the other ops' names like op_put_getter_by_id etc.
1370
1371         * bytecode/BytecodeList.json:
1372         * bytecode/BytecodeUseDef.h:
1373         (JSC::computeUsesForBytecodeOffset):
1374         (JSC::computeDefsForBytecodeOffset):
1375         * bytecode/CodeBlock.cpp:
1376         (JSC::CodeBlock::dumpBytecode):
1377         * bytecompiler/BytecodeGenerator.cpp:
1378         (JSC::BytecodeGenerator::emitPutGetterSetter):
1379         * dfg/DFGByteCodeParser.cpp:
1380         (JSC::DFG::ByteCodeParser::parseBlock):
1381         * dfg/DFGCapabilities.cpp:
1382         (JSC::DFG::capabilityLevel):
1383         * jit/JIT.cpp:
1384         (JSC::JIT::privateCompileMainPass):
1385         * jit/JIT.h:
1386         * jit/JITPropertyAccess.cpp:
1387         (JSC::JIT::emit_op_put_getter_setter_by_id):
1388         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1389         * jit/JITPropertyAccess32_64.cpp:
1390         (JSC::JIT::emit_op_put_getter_setter_by_id):
1391         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1392         * llint/LLIntSlowPaths.cpp:
1393         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1394         * llint/LLIntSlowPaths.h:
1395         * llint/LowLevelInterpreter.asm:
1396
1397 2015-10-31  Andreas Kling  <akling@apple.com>
1398
1399         Add a debug overlay with information about web process resource usage.
1400         <https://webkit.org/b/150599>
1401
1402         Reviewed by Darin Adler.
1403
1404         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
1405         WeakBlock objects, keeping them in a single location that can be sampled by the
1406         resource usage overlay thread.
1407
1408         The bulk of these changes is threading a Heap& through from sites where blocks are
1409         allocated or freed.
1410
1411         * heap/CopiedBlock.cpp:
1412         (JSC::CopiedBlock::createNoZeroFill):
1413         (JSC::CopiedBlock::destroy):
1414         (JSC::CopiedBlock::create):
1415         * heap/CopiedBlock.h:
1416         * heap/CopiedSpace.cpp:
1417         (JSC::CopiedSpace::~CopiedSpace):
1418         (JSC::CopiedSpace::tryAllocateOversize):
1419         (JSC::CopiedSpace::tryReallocateOversize):
1420         * heap/CopiedSpaceInlines.h:
1421         (JSC::CopiedSpace::recycleEvacuatedBlock):
1422         (JSC::CopiedSpace::recycleBorrowedBlock):
1423         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1424         (JSC::CopiedSpace::allocateBlock):
1425         (JSC::CopiedSpace::startedCopying):
1426         * heap/Heap.cpp:
1427         (JSC::Heap::~Heap):
1428         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
1429         * heap/Heap.h:
1430         (JSC::Heap::blockBytesAllocated):
1431         * heap/HeapInlines.h:
1432         (JSC::Heap::didAllocateBlock):
1433         (JSC::Heap::didFreeBlock):
1434         * heap/MarkedAllocator.cpp:
1435         (JSC::MarkedAllocator::allocateBlock):
1436         * heap/MarkedBlock.cpp:
1437         (JSC::MarkedBlock::create):
1438         (JSC::MarkedBlock::destroy):
1439         * heap/MarkedBlock.h:
1440         * heap/MarkedSpace.cpp:
1441         (JSC::MarkedSpace::freeBlock):
1442         * heap/WeakBlock.cpp:
1443         (JSC::WeakBlock::create):
1444         (JSC::WeakBlock::destroy):
1445         * heap/WeakBlock.h:
1446         * heap/WeakSet.cpp:
1447         (JSC::WeakSet::~WeakSet):
1448         (JSC::WeakSet::addAllocator):
1449         (JSC::WeakSet::removeAllocator):
1450
1451 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1452
1453         Air should eliminate dead code
1454         https://bugs.webkit.org/show_bug.cgi?id=150746
1455
1456         Reviewed by Geoffrey Garen.
1457
1458         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
1459         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
1460         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
1461         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
1462         runs these rules to fixpoint, and then removes the dead instructions.
1463
1464         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
1465         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
1466         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
1467         checks are all Specials, and the Special base class by default always claims that the
1468         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
1469         exotic math constructs; then the Special associated with that thing would claim that there
1470         are no effects.
1471
1472         * JavaScriptCore.xcodeproj/project.pbxproj:
1473         * b3/air/AirBasicBlock.h:
1474         (JSC::B3::Air::BasicBlock::begin):
1475         (JSC::B3::Air::BasicBlock::end):
1476         (JSC::B3::Air::BasicBlock::at):
1477         (JSC::B3::Air::BasicBlock::last):
1478         (JSC::B3::Air::BasicBlock::resize):
1479         (JSC::B3::Air::BasicBlock::appendInst):
1480         * b3/air/AirEliminateDeadCode.cpp: Added.
1481         (JSC::B3::Air::eliminateDeadCode):
1482         * b3/air/AirEliminateDeadCode.h: Added.
1483         * b3/air/AirGenerate.cpp:
1484         (JSC::B3::Air::generate):
1485         * b3/air/AirInst.h:
1486         * b3/air/AirOpcode.opcodes:
1487         * b3/air/AirSpecial.cpp:
1488         (JSC::B3::Air::Special::name):
1489         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
1490         (JSC::B3::Air::Special::dump):
1491         * b3/air/AirSpecial.h:
1492         * b3/air/opcode_generator.rb:
1493
1494 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1495
1496         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
1497         https://bugs.webkit.org/show_bug.cgi?id=150511
1498
1499         Reviewed by Saam Barati.
1500
1501         This change adds such a phase. In the process of writing it, I was reminded about the
1502         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
1503
1504         * JavaScriptCore.xcodeproj/project.pbxproj:
1505         * b3/air/AirAllocateStack.cpp:
1506         (JSC::B3::Air::allocateStack):
1507         * b3/air/AirGenerate.cpp:
1508         (JSC::B3::Air::generate):
1509         * b3/air/AirReportUsedRegisters.cpp: Added.
1510         (JSC::B3::Air::reportUsedRegisters):
1511         * b3/air/AirReportUsedRegisters.h: Added.
1512
1513 2015-10-31  Brian Burg  <bburg@apple.com>
1514
1515         Builtins generator should put WebCore-only wrappers in the per-builtin header
1516         https://bugs.webkit.org/show_bug.cgi?id=150539
1517
1518         Reviewed by Youenn Fablet.
1519
1520         If generating for WebCore, put the XXXWrapper and related boilerplate
1521         in the per-builtin header instead of making a separate XXXWrapper.h.
1522
1523         Rebaseline the tests.
1524
1525         * CMakeLists.txt:
1526         * DerivedSources.make:
1527         * Scripts/builtins/builtins.py:
1528         * Scripts/builtins/builtins_generate_separate_header.py:
1529         (BuiltinsSeparateHeaderGenerator.generate_output):
1530         (generate_header_includes):
1531         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
1532         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
1533         * Scripts/generate-js-builtins.py:
1534         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
1535         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
1536         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
1537         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
1538
1539 2015-10-31  Saam barati  <sbarati@apple.com>
1540
1541         JSC should have a forceGCSlowPaths option
1542         https://bugs.webkit.org/show_bug.cgi?id=150744
1543
1544         Reviewed by Filip Pizlo.
1545
1546         This patch implements the forceGCSlowPaths option.
1547         It defaults to false, but when it is set to true,
1548         the JITs will always allocate objects along the slow
1549         path. This will be helpful for writing a certain class
1550         of tests. This may also come in handy for debugging
1551         later.
1552
1553         This patch also adds the "forceGCSlowPaths" function
1554         in jsc.cpp which sets the option to true. If you
1555         use this function in a jsc stress test, it's best
1556         to call it as the first thing in the program before
1557         we JIT anything.
1558
1559         * dfg/DFGSpeculativeJIT.h:
1560         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
1561         * ftl/FTLLowerDFGToLLVM.cpp:
1562         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
1563         * jit/JITInlines.h:
1564         (JSC::JIT::emitAllocateJSObject):
1565         * jsc.cpp:
1566         (GlobalObject::finishCreation):
1567         (functionEdenGC):
1568         (functionForceGCSlowPaths):
1569         (functionHeapSize):
1570         * runtime/Options.h:
1571
1572 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
1573
1574         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
1575         https://bugs.webkit.org/show_bug.cgi?id=150753
1576
1577         Reviewed by Timothy Hatcher.
1578
1579         * parser/Parser.h:
1580         (JSC::Parser<LexerType>::parse):
1581         Only set the directives on the SourceProvider if we were parsing the
1582         entire file (Program or Module), not if we are in function parsing mode.
1583         This was inadvertently clearing the directives stored on the
1584         SourceProvider when the function parse didn't see directives and reset
1585         the values on the source provider.
1586
1587 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1588
1589         [JSC] Add lowering for B3's Sub operation with integers
1590         https://bugs.webkit.org/show_bug.cgi?id=150749
1591
1592         Reviewed by Filip Pizlo.
1593
1594         * b3/B3LowerToAir.cpp:
1595         (JSC::B3::Air::LowerToAir::trySub):
1596         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
1597         * b3/B3LoweringMatcher.patterns:
1598         Identical to Add but obviously NotCommutative.
1599
1600         * b3/B3ReduceStrength.cpp:
1601         Turn Add/Sub with zero into an identity. I only added for
1602         Add since Sub with a constant is always turned into an Add.
1603
1604         Also switched the Sub optimizations to put the strongest first.
1605
1606         * b3/air/AirOpcode.opcodes:
1607         * b3/testb3.cpp:
1608         (JSC::B3::testAddArgImm):
1609         (JSC::B3::testAddImmArg):
1610         (JSC::B3::testSubArgs):
1611         (JSC::B3::testSubArgImm):
1612         (JSC::B3::testSubImmArg):
1613         (JSC::B3::testSubArgs32):
1614         (JSC::B3::testSubArgImm32):
1615         (JSC::B3::testSubImmArg32):
1616         (JSC::B3::testStoreSubLoad):
1617         (JSC::B3::run):
1618
1619 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1620
1621         [JSC] Add the Air Opcode definitions to the Xcode project file
1622         https://bugs.webkit.org/show_bug.cgi?id=150701
1623
1624         Reviewed by Geoffrey Garen.
1625
1626         * JavaScriptCore.xcodeproj/project.pbxproj:
1627         Easier for those who use Xcode :)
1628
1629 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1630
1631         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
1632
1633         * b3/B3ValueRep.h:
1634
1635 2015-10-30  Michael Saboff  <msaboff@apple.com>
1636
1637         Windows X86-64 change for Crash making a tail call from a getter to a host function
1638         https://bugs.webkit.org/show_bug.cgi?id=150737
1639
1640         Reviewed by Geoffrey Garen.
1641
1642         Need to make the same change for Windows X86-64 as was made in change set
1643         http://trac.webkit.org/changeset/191765.
1644
1645         * jit/JITStubsMSVC64.asm:
1646
1647 2015-10-30  Keith Miller  <keith_miller@apple.com>
1648
1649         Unreviewed, forgot to mark tests as passing for new feature.
1650
1651         * tests/es6.yaml:
1652
1653 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1654
1655         B3 should be able to compile a control flow diamond
1656         https://bugs.webkit.org/show_bug.cgi?id=150720
1657
1658         Reviewed by Benjamin Poulain.
1659
1660         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
1661         comparisons and boolean-like operations.
1662
1663         * assembler/MacroAssembler.cpp:
1664         (WTF::printInternal):
1665         * assembler/MacroAssembler.h:
1666         * b3/B3BasicBlockUtils.h:
1667         (JSC::B3::replacePredecessor):
1668         (JSC::B3::resetReachability):
1669         * b3/B3CheckValue.h:
1670         * b3/B3Common.h:
1671         (JSC::B3::isRepresentableAsImpl):
1672         (JSC::B3::isRepresentableAs):
1673         * b3/B3Const32Value.cpp:
1674         (JSC::B3::Const32Value::subConstant):
1675         (JSC::B3::Const32Value::equalConstant):
1676         (JSC::B3::Const32Value::notEqualConstant):
1677         (JSC::B3::Const32Value::dumpMeta):
1678         * b3/B3Const32Value.h:
1679         * b3/B3Const64Value.cpp:
1680         (JSC::B3::Const64Value::subConstant):
1681         (JSC::B3::Const64Value::equalConstant):
1682         (JSC::B3::Const64Value::notEqualConstant):
1683         (JSC::B3::Const64Value::dumpMeta):
1684         * b3/B3Const64Value.h:
1685         * b3/B3ConstDoubleValue.cpp:
1686         (JSC::B3::ConstDoubleValue::subConstant):
1687         (JSC::B3::ConstDoubleValue::equalConstant):
1688         (JSC::B3::ConstDoubleValue::notEqualConstant):
1689         (JSC::B3::ConstDoubleValue::dumpMeta):
1690         * b3/B3ConstDoubleValue.h:
1691         * b3/B3ControlValue.cpp:
1692         (JSC::B3::ControlValue::~ControlValue):
1693         (JSC::B3::ControlValue::convertToJump):
1694         (JSC::B3::ControlValue::dumpMeta):
1695         * b3/B3ControlValue.h:
1696         * b3/B3LowerToAir.cpp:
1697         (JSC::B3::Air::LowerToAir::imm):
1698         (JSC::B3::Air::LowerToAir::tryStackSlot):
1699         (JSC::B3::Air::LowerToAir::tryUpsilon):
1700         (JSC::B3::Air::LowerToAir::tryPhi):
1701         (JSC::B3::Air::LowerToAir::tryBranch):
1702         (JSC::B3::Air::LowerToAir::tryJump):
1703         (JSC::B3::Air::LowerToAir::tryIdentity):
1704         * b3/B3LoweringMatcher.patterns:
1705         * b3/B3Opcode.h:
1706         * b3/B3Procedure.cpp:
1707         (JSC::B3::Procedure::resetReachability):
1708         (JSC::B3::Procedure::dump):
1709         * b3/B3ReduceStrength.cpp:
1710         * b3/B3UpsilonValue.cpp:
1711         (JSC::B3::UpsilonValue::dumpMeta):
1712         * b3/B3UpsilonValue.h:
1713         (JSC::B3::UpsilonValue::accepts): Deleted.
1714         (JSC::B3::UpsilonValue::phi): Deleted.
1715         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
1716         * b3/B3Validate.cpp:
1717         * b3/B3Value.cpp:
1718         (JSC::B3::Value::subConstant):
1719         (JSC::B3::Value::equalConstant):
1720         (JSC::B3::Value::notEqualConstant):
1721         (JSC::B3::Value::returnsBool):
1722         (JSC::B3::Value::asTriState):
1723         (JSC::B3::Value::effects):
1724         * b3/B3Value.h:
1725         * b3/B3ValueInlines.h:
1726         (JSC::B3::Value::asInt32):
1727         (JSC::B3::Value::isInt32):
1728         (JSC::B3::Value::hasInt64):
1729         (JSC::B3::Value::asInt64):
1730         (JSC::B3::Value::isInt64):
1731         (JSC::B3::Value::hasInt):
1732         (JSC::B3::Value::asIntPtr):
1733         (JSC::B3::Value::isIntPtr):
1734         (JSC::B3::Value::hasDouble):
1735         (JSC::B3::Value::asDouble):
1736         (JSC::B3::Value::isEqualToDouble):
1737         (JSC::B3::Value::hasNumber):
1738         (JSC::B3::Value::representableAs):
1739         (JSC::B3::Value::asNumber):
1740         (JSC::B3::Value::stackmap):
1741         * b3/air/AirArg.cpp:
1742         (JSC::B3::Air::Arg::dump):
1743         * b3/air/AirArg.h:
1744         (JSC::B3::Air::Arg::resCond):
1745         (JSC::B3::Air::Arg::doubleCond):
1746         (JSC::B3::Air::Arg::special):
1747         (JSC::B3::Air::Arg::isResCond):
1748         (JSC::B3::Air::Arg::isDoubleCond):
1749         (JSC::B3::Air::Arg::isSpecial):
1750         (JSC::B3::Air::Arg::isGP):
1751         (JSC::B3::Air::Arg::isFP):
1752         (JSC::B3::Air::Arg::asResultCondition):
1753         (JSC::B3::Air::Arg::asDoubleCondition):
1754         (JSC::B3::Air::Arg::Arg):
1755         * b3/air/AirCode.cpp:
1756         (JSC::B3::Air::Code::resetReachability):
1757         (JSC::B3::Air::Code::dump):
1758         * b3/air/AirOpcode.opcodes:
1759         * b3/air/opcode_generator.rb:
1760         * b3/testb3.cpp:
1761         (hiddenTruthBecauseNoReturnIsStupid):
1762         (usage):
1763         (JSC::B3::compile):
1764         (JSC::B3::invoke):
1765         (JSC::B3::compileAndRun):
1766         (JSC::B3::test42):
1767         (JSC::B3::testStoreLoadStackSlot):
1768         (JSC::B3::testBranch):
1769         (JSC::B3::testDiamond):
1770         (JSC::B3::testBranchNotEqual):
1771         (JSC::B3::testBranchFold):
1772         (JSC::B3::testDiamondFold):
1773         (JSC::B3::run):
1774         (run):
1775         (main):
1776
1777 2015-10-30  Keith Miller  <keith_miller@apple.com>
1778
1779         [ES6] Add support for toStringTag
1780         https://bugs.webkit.org/show_bug.cgi?id=150696
1781
1782         Reviewed by Geoffrey Garen.
1783
1784         This patch adds support for Symbol.toStringTag. This is a simple
1785         feature, if an object passed to Object.prototype.toString() has a
1786         toStringTag we use the tag in the string rather than the class info.
1787         Added a test that checks this works for all the default supported classes
1788         along with the corresponding prototype and custom cases.
1789
1790         * runtime/ArrayIteratorPrototype.cpp:
1791         (JSC::ArrayIteratorPrototype::finishCreation):
1792         * runtime/CommonIdentifiers.h:
1793         * runtime/JSArrayBufferPrototype.cpp:
1794         (JSC::JSArrayBufferPrototype::finishCreation):
1795         * runtime/JSDataViewPrototype.cpp:
1796         (JSC::JSDataViewPrototype::finishCreation):
1797         * runtime/JSDataViewPrototype.h:
1798         * runtime/JSModuleNamespaceObject.cpp:
1799         (JSC::JSModuleNamespaceObject::finishCreation):
1800         * runtime/JSONObject.cpp:
1801         (JSC::JSONObject::finishCreation):
1802         * runtime/JSPromisePrototype.cpp:
1803         (JSC::JSPromisePrototype::finishCreation):
1804         * runtime/JSTypedArrayViewPrototype.cpp:
1805         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1806         (JSC::JSTypedArrayViewPrototype::finishCreation):
1807         * runtime/MapIteratorPrototype.cpp:
1808         (JSC::MapIteratorPrototype::finishCreation):
1809         * runtime/MapPrototype.cpp:
1810         (JSC::MapPrototype::finishCreation):
1811         * runtime/MathObject.cpp:
1812         (JSC::MathObject::finishCreation):
1813         * runtime/ObjectPrototype.cpp:
1814         (JSC::objectProtoFuncToString):
1815         * runtime/SetIteratorPrototype.cpp:
1816         (JSC::SetIteratorPrototype::finishCreation):
1817         * runtime/SetPrototype.cpp:
1818         (JSC::SetPrototype::finishCreation):
1819         * runtime/SmallStrings.cpp:
1820         (JSC::SmallStrings::SmallStrings):
1821         (JSC::SmallStrings::initializeCommonStrings):
1822         (JSC::SmallStrings::visitStrongReferences):
1823         * runtime/SmallStrings.h:
1824         (JSC::SmallStrings::objectStringStart):
1825         * runtime/StringIteratorPrototype.cpp:
1826         (JSC::StringIteratorPrototype::finishCreation):
1827         * runtime/SymbolPrototype.cpp:
1828         (JSC::SymbolPrototype::finishCreation):
1829         * runtime/WeakMapPrototype.cpp:
1830         (JSC::WeakMapPrototype::finishCreation):
1831         * runtime/WeakSetPrototype.cpp:
1832         (JSC::WeakSetPrototype::finishCreation):
1833         * tests/modules/namespace.js:
1834         * tests/stress/symbol-tostringtag.js: Added.
1835         (toStr):
1836         (strName):
1837         (classes.string_appeared_here):
1838
1839 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1840
1841         Web Inspector: Do not show JavaScriptCore builtins in inspector
1842         https://bugs.webkit.org/show_bug.cgi?id=146049
1843
1844         Reviewed by Geoffrey Garen.
1845
1846         * debugger/Debugger.cpp:
1847         When gathering scripts to notify the inspector / debuggers about
1848         skip over sources containing host / built-in functions as those
1849         for those won't contain source code developers expect to see.
1850
1851 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1852
1853         Fix typo in "use strict" in TypedArray builtins
1854         https://bugs.webkit.org/show_bug.cgi?id=150709
1855
1856         Reviewed by Geoffrey Garen.
1857
1858         * builtins/TypedArray.prototype.js:
1859         (toLocaleString):
1860
1861 2015-10-29  Philippe Normand  <pnormand@igalia.com>
1862
1863         [GTK][Mac] disable OBJC JSC API
1864         https://bugs.webkit.org/show_bug.cgi?id=150500
1865
1866         Reviewed by Alex Christensen.
1867
1868         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
1869
1870 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1871
1872         Air::handleCalleeSaves shouldn't save/restore the frame pointer
1873         https://bugs.webkit.org/show_bug.cgi?id=150688
1874
1875         Reviewed by Michael Saboff.
1876
1877         We save/restore the FP inside Air::generate().
1878
1879         * b3/air/AirHandleCalleeSaves.cpp:
1880         (JSC::B3::Air::handleCalleeSaves):
1881
1882 2015-10-29  Michael Saboff  <msaboff@apple.com>
1883
1884         Crash making a tail call from a getter to a host function
1885         https://bugs.webkit.org/show_bug.cgi?id=150663
1886
1887         Reviewed by Geoffrey Garen.
1888
1889         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
1890         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
1891
1892         * jit/JITOperations.cpp:
1893
1894 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1895
1896         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
1897         https://bugs.webkit.org/show_bug.cgi?id=150685
1898
1899         Reviewed by Geoffrey Garen.
1900
1901         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
1902         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
1903         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
1904         requires fewer bits.
1905
1906         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
1907         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
1908         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
1909         helper should happily accept either Const32Value or Const64Value.
1910
1911         We already sort of had this with immAnyType(), but it just turns out that anyone using
1912         immAnyType() should really be using imm().
1913
1914         * b3/B3LowerToAir.cpp:
1915         (JSC::B3::Air::LowerToAir::imm):
1916         (JSC::B3::Air::LowerToAir::tryStore):
1917         (JSC::B3::Air::LowerToAir::tryConst64):
1918         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
1919         * b3/testb3.cpp:
1920         (JSC::B3::testAdd1):
1921         (JSC::B3::testAdd1Ptr):
1922         (JSC::B3::testStoreAddLoad):
1923         (JSC::B3::run):
1924
1925 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1926
1927         StoreOpLoad pattern matching should check effects between the Store and Load
1928         https://bugs.webkit.org/show_bug.cgi?id=150534
1929
1930         Reviewed by Geoffrey Garen.
1931
1932         If we turn:
1933
1934             a = Load(addr)
1935             b = Add(a, 42)
1936             Store(b, addr)
1937
1938         Into:
1939
1940             Add $42, (addr)
1941
1942         Then we must make sure that we didn't really have this to begin with:
1943
1944             a = Load(addr)
1945             Store(666, addr)
1946             b = Add(a, 42)
1947             Store(b, addr)
1948
1949         That's because pattern matching doesn't care about control flow, and it finds the Load
1950         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
1951         enough to broadly ask questions about whether such a code motion of the Load is legal.
1952
1953         * b3/B3Effects.cpp:
1954         (JSC::B3::Effects::interferes):
1955         (JSC::B3::Effects::dump):
1956         * b3/B3Effects.h:
1957         (JSC::B3::Effects::mustExecute):
1958         * b3/B3LowerToAir.cpp:
1959         (JSC::B3::Air::LowerToAir::run):
1960         (JSC::B3::Air::LowerToAir::commitInternal):
1961         (JSC::B3::Air::LowerToAir::crossesInterference):
1962         (JSC::B3::Air::LowerToAir::effectiveAddr):
1963         (JSC::B3::Air::LowerToAir::loadAddr):
1964         * b3/B3Procedure.cpp:
1965         (JSC::B3::Procedure::addBlock):
1966         (JSC::B3::Procedure::resetValueOwners):
1967         (JSC::B3::Procedure::resetReachability):
1968         * b3/B3Procedure.h:
1969         * b3/B3Value.cpp:
1970         (JSC::B3::Value::effects):
1971         * b3/B3Value.h:
1972         * b3/testb3.cpp:
1973         (JSC::B3::testStoreAddLoad):
1974         (JSC::B3::testStoreAddLoadInterference):
1975         (JSC::B3::testStoreAddAndLoad):
1976         (JSC::B3::testLoadOffsetUsingAdd):
1977         (JSC::B3::testLoadOffsetUsingAddInterference):
1978         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1979         (JSC::B3::run):
1980
1981 2015-10-29  Brady Eidson  <beidson@apple.com>
1982
1983         Modern IDB: deleteObjectStore support.
1984         https://bugs.webkit.org/show_bug.cgi?id=150673
1985
1986         Reviewed by Alex Christensen.
1987
1988         * runtime/VM.h:
1989
1990 2015-10-29  Mark Lam  <mark.lam@apple.com>
1991
1992         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
1993         https://bugs.webkit.org/show_bug.cgi?id=150687
1994
1995         Unreviewed.
1996
1997         Disabling the feature while it is being debugged.  I'm doing this by effectively
1998         rolling out only the changes in FTLCapabilities.cpp.
1999
2000         * ftl/FTLCapabilities.cpp:
2001         (JSC::FTL::canCompile):
2002
2003 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
2004
2005         Unreviewed, fix iOS build.
2006
2007         * assembler/MacroAssemblerARM64.h:
2008         (JSC::MacroAssemblerARM64::store64):
2009
2010 2015-10-29  Alex Christensen  <achristensen@webkit.org>
2011
2012         Fix Mac CMake build
2013         https://bugs.webkit.org/show_bug.cgi?id=150686
2014
2015         Reviewed by Filip Pizlo.
2016
2017         * API/ObjCCallbackFunction.mm:
2018         * CMakeLists.txt:
2019         * PlatformMac.cmake:
2020
2021 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
2022
2023         Air needs syntax for escaping StackSlots
2024         https://bugs.webkit.org/show_bug.cgi?id=150430
2025
2026         Reviewed by Geoffrey Garen.
2027
2028         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
2029         instruction for getting the value of an address. This is necessary to support arbitrary
2030         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
2031         this new instruction.
2032
2033         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
2034         would do: it evaluates an address, but does not load from it or store to it.
2035
2036         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
2037         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
2038         that StackSlots may escape, and factors this into its analysis.
2039
2040         * assembler/MacroAssembler.h:
2041         (JSC::MacroAssembler::lea):
2042         * b3/B3AddressMatcher.patterns:
2043         * b3/B3LowerToAir.cpp:
2044         (JSC::B3::Air::LowerToAir::run):
2045         (JSC::B3::Air::LowerToAir::addr):
2046         (JSC::B3::Air::LowerToAir::loadAddr):
2047         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
2048         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
2049         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
2050         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
2051         (JSC::B3::Air::LowerToAir::tryConst64):
2052         (JSC::B3::Air::LowerToAir::tryFramePointer):
2053         (JSC::B3::Air::LowerToAir::tryStackSlot):
2054         (JSC::B3::Air::LowerToAir::tryIdentity):
2055         * b3/B3LoweringMatcher.patterns:
2056         * b3/B3MemoryValue.cpp:
2057         (JSC::B3::MemoryValue::~MemoryValue):
2058         (JSC::B3::MemoryValue::accessByteSize):
2059         (JSC::B3::MemoryValue::dumpMeta):
2060         * b3/B3MemoryValue.h:
2061         * b3/B3ReduceStrength.cpp:
2062         * b3/B3StackSlotValue.h:
2063         (JSC::B3::StackSlotValue::accepts): Deleted.
2064         * b3/B3Type.h:
2065         (JSC::B3::pointerType):
2066         (JSC::B3::sizeofType):
2067         * b3/B3Validate.cpp:
2068         * b3/B3Value.h:
2069         * b3/air/AirAllocateStack.cpp:
2070         (JSC::B3::Air::allocateStack):
2071         * b3/air/AirArg.h:
2072         (JSC::B3::Air::Arg::isUse):
2073         (JSC::B3::Air::Arg::isDef):
2074         (JSC::B3::Air::Arg::forEachTmp):
2075         * b3/air/AirCode.cpp:
2076         (JSC::B3::Air::Code::addStackSlot):
2077         (JSC::B3::Air::Code::addSpecial):
2078         * b3/air/AirCode.h:
2079         * b3/air/AirOpcode.opcodes:
2080         * b3/air/AirSpillEverything.cpp:
2081         (JSC::B3::Air::spillEverything):
2082         * b3/air/AirStackSlot.h:
2083         (JSC::B3::Air::StackSlot::byteSize):
2084         (JSC::B3::Air::StackSlot::kind):
2085         (JSC::B3::Air::StackSlot::isLocked):
2086         (JSC::B3::Air::StackSlot::index):
2087         (JSC::B3::Air::StackSlot::alignment):
2088         * b3/air/opcode_generator.rb:
2089         * b3/testb3.cpp:
2090         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2091         (JSC::B3::testFramePointer):
2092         (JSC::B3::testStackSlot):
2093         (JSC::B3::testLoadFromFramePointer):
2094         (JSC::B3::testStoreLoadStackSlot):
2095         (JSC::B3::run):
2096
2097 2015-10-29  Saam barati  <sbarati@apple.com>
2098
2099         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
2100         https://bugs.webkit.org/show_bug.cgi?id=150655
2101
2102         Reviewed by Filip Pizlo.
2103
2104         We're recomputing this value for an *OSRExitDescriptor* for every one
2105         of its corresponding *OSRExits*. This is having a multiplicative
2106         effect on offsets because each computation is relative to the previous
2107         value. We must do this computation just once per OSRExitDescriptor.
2108
2109         * ftl/FTLCompile.cpp:
2110         (JSC::FTL::mmAllocateDataSection):
2111
2112 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2113
2114         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
2115         https://bugs.webkit.org/show_bug.cgi?id=150657
2116
2117         Reviewed by Geoffrey Garen.
2118
2119         Also added the ability to store an immediate to memory.
2120
2121         * assembler/MacroAssembler.h:
2122         (JSC::MacroAssembler::storePtr):
2123         * assembler/MacroAssemblerARM64.h:
2124         (JSC::MacroAssemblerARM64::store64):
2125         * assembler/MacroAssemblerX86_64.h:
2126         (JSC::MacroAssemblerX86_64::store64):
2127         * b3/B3LowerToAir.cpp:
2128         (JSC::B3::Air::LowerToAir::imm):
2129         (JSC::B3::Air::LowerToAir::immAnyInt):
2130         (JSC::B3::Air::LowerToAir::immOrTmp):
2131         (JSC::B3::Air::LowerToAir::tryStore):
2132         * b3/air/AirOpcode.opcodes:
2133         * b3/air/AirSpillEverything.cpp:
2134         (JSC::B3::Air::spillEverything):
2135         * b3/testb3.cpp:
2136         (JSC::B3::testStore):
2137         (JSC::B3::testStoreConstant):
2138         (JSC::B3::testStoreConstantPtr):
2139         (JSC::B3::testTrunc):
2140         (JSC::B3::run):
2141
2142 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2143
2144         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
2145         https://bugs.webkit.org/show_bug.cgi?id=150654
2146
2147         Reviewed by Geoffrey Garen.
2148
2149         * inspector/scripts/codegen/generator.py:
2150
2151 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2152
2153         B3::reduceStrength() should do DCE
2154         https://bugs.webkit.org/show_bug.cgi?id=150656
2155
2156         Reviewed by Saam Barati.
2157
2158         * b3/B3BasicBlock.cpp:
2159         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
2160         * b3/B3BasicBlock.h:
2161         * b3/B3Procedure.cpp:
2162         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
2163         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
2164         * b3/B3Procedure.h:
2165         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
2166         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2167         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2168         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
2169         (JSC::B3::Procedure::values):
2170         * b3/B3ProcedureInlines.h:
2171         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
2172         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
2173
2174 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2175
2176         Web Inspector: Remove unused / duplicate WebSocket timeline records
2177         https://bugs.webkit.org/show_bug.cgi?id=150647
2178
2179         Reviewed by Timothy Hatcher.
2180
2181         * inspector/protocol/Timeline.json:
2182
2183 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2184
2185         B3::LowerToAir should not duplicate Loads
2186         https://bugs.webkit.org/show_bug.cgi?id=150651
2187
2188         Reviewed by Benjamin Poulain.
2189
2190         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
2191         if we haven't already emitted code that uses the Value and the Value has only one direct
2192         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
2193         Value: we won't emit any more code for it in the future.
2194
2195         The optimization to fuse Loads was forgetting to do all of these things, and so generated
2196         code would have a lot of duplicated Loads. That's bad and this change fixes that.
2197
2198         Ordinarily, this is far less tricky because the pattern matcher does this for us via
2199         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
2200         won't need to do this manually very often.
2201
2202         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
2203         debug.
2204
2205         * b3/B3IndexMap.h:
2206         (JSC::B3::IndexMap::IndexMap):
2207         (JSC::B3::IndexMap::resize):
2208         (JSC::B3::IndexMap::operator[]):
2209         * b3/B3LowerToAir.cpp:
2210         (JSC::B3::Air::LowerToAir::tmp):
2211         (JSC::B3::Air::LowerToAir::canBeInternal):
2212         (JSC::B3::Air::LowerToAir::commitInternal):
2213         (JSC::B3::Air::LowerToAir::effectiveAddr):
2214         (JSC::B3::Air::LowerToAir::loadAddr):
2215         (JSC::B3::Air::LowerToAir::appendBinOp):
2216         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2217         (JSC::B3::Air::LowerToAir::acceptInternals):
2218         * b3/B3UseCounts.cpp:
2219         (JSC::B3::UseCounts::UseCounts):
2220
2221 2015-10-28  Mark Lam  <mark.lam@apple.com>
2222
2223         JITSubGenerator::generateFastPath() does not need to be inlined.
2224         https://bugs.webkit.org/show_bug.cgi?id=150645
2225
2226         Reviewed by Geoffrey Garen.
2227
2228         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
2229         perf neutral.
2230
2231         * CMakeLists.txt:
2232         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2233         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2234         * JavaScriptCore.xcodeproj/project.pbxproj:
2235         * ftl/FTLCompile.cpp:
2236         * jit/JITSubGenerator.cpp: Added.
2237         (JSC::JITSubGenerator::generateFastPath):
2238         * jit/JITSubGenerator.h:
2239         (JSC::JITSubGenerator::JITSubGenerator):
2240         (JSC::JITSubGenerator::endJumpList):
2241         (JSC::JITSubGenerator::slowPathJumpList):
2242         (JSC::JITSubGenerator::generateFastPath): Deleted.
2243
2244 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2245
2246         [B3] handleCommutativity should canonicalize commutative operations over non-constants
2247         https://bugs.webkit.org/show_bug.cgi?id=150649
2248
2249         Reviewed by Saam Barati.
2250
2251         Turn this: Add(value1, value2)
2252         Into this: Add(value2, value1)
2253
2254         But ony if value2 should come before value1 according to our total ordering. This will allow
2255         CSE to observe the equality between commuted versions of the same operation, since we will
2256         first canonicalize them into the same order.
2257
2258         * b3/B3ReduceStrength.cpp:
2259
2260 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2261
2262         Unreviewed, fix the build for case sensitive file systems.
2263
2264         * b3/air/AirBasicBlock.h:
2265         * b3/air/AirStackSlot.h:
2266
2267 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2268
2269         Create a super rough prototype of B3
2270         https://bugs.webkit.org/show_bug.cgi?id=150280
2271
2272         Reviewed by Benjamin Poulain.
2273
2274         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
2275         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
2276         for aggressive C-level optimizations and an awesome portable backend. The backend, called
2277         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
2278         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
2279         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
2280         instruction selection, reflectively selects Air opcodes by querying which instruction forms
2281         are possible. Air allows for optimal register allocation and stack layout. Currently the
2282         register allocator isn't written, but the stack layout is.
2283
2284         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
2285         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
2286         stuff added to the instruction selector. But it's a neat start.
2287
2288         * CMakeLists.txt:
2289         * DerivedSources.make:
2290         * JavaScriptCore.xcodeproj/project.pbxproj:
2291         * assembler/MacroAssembler.cpp:
2292         (WTF::printInternal):
2293         * assembler/MacroAssembler.h:
2294         * b3: Added.
2295         * b3/B3AddressMatcher.patterns: Added.
2296         * b3/B3ArgumentRegValue.cpp: Added.
2297         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
2298         (JSC::B3::ArgumentRegValue::dumpMeta):
2299         * b3/B3ArgumentRegValue.h: Added.
2300         * b3/B3BasicBlock.cpp: Added.
2301         (JSC::B3::BasicBlock::BasicBlock):
2302         (JSC::B3::BasicBlock::~BasicBlock):
2303         (JSC::B3::BasicBlock::append):
2304         (JSC::B3::BasicBlock::addPredecessor):
2305         (JSC::B3::BasicBlock::removePredecessor):
2306         (JSC::B3::BasicBlock::replacePredecessor):
2307         (JSC::B3::BasicBlock::removeNops):
2308         (JSC::B3::BasicBlock::dump):
2309         (JSC::B3::BasicBlock::deepDump):
2310         * b3/B3BasicBlock.h: Added.
2311         (JSC::B3::BasicBlock::index):
2312         (JSC::B3::BasicBlock::begin):
2313         (JSC::B3::BasicBlock::end):
2314         (JSC::B3::BasicBlock::size):
2315         (JSC::B3::BasicBlock::at):
2316         (JSC::B3::BasicBlock::last):
2317         (JSC::B3::BasicBlock::values):
2318         (JSC::B3::BasicBlock::numPredecessors):
2319         (JSC::B3::BasicBlock::predecessor):
2320         (JSC::B3::BasicBlock::predecessors):
2321         (JSC::B3::BasicBlock::frequency):
2322         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
2323         (JSC::B3::DeepBasicBlockDump::dump):
2324         (JSC::B3::deepDump):
2325         * b3/B3BasicBlockInlines.h: Added.
2326         (JSC::B3::BasicBlock::appendNew):
2327         (JSC::B3::BasicBlock::numSuccessors):
2328         (JSC::B3::BasicBlock::successor):
2329         (JSC::B3::BasicBlock::successors):
2330         (JSC::B3::BasicBlock::successorBlock):
2331         (JSC::B3::BasicBlock::successorBlocks):
2332         * b3/B3BasicBlockUtils.h: Added.
2333         (JSC::B3::addPredecessor):
2334         (JSC::B3::removePredecessor):
2335         (JSC::B3::replacePredecessor):
2336         (JSC::B3::resetReachability):
2337         (JSC::B3::blocksInPreOrder):
2338         (JSC::B3::blocksInPostOrder):
2339         * b3/B3BlockWorklist.h: Added.
2340         * b3/B3CheckSpecial.cpp: Added.
2341         (JSC::B3::Air::numB3Args):
2342         (JSC::B3::CheckSpecial::CheckSpecial):
2343         (JSC::B3::CheckSpecial::~CheckSpecial):
2344         (JSC::B3::CheckSpecial::hiddenBranch):
2345         (JSC::B3::CheckSpecial::forEachArg):
2346         (JSC::B3::CheckSpecial::isValid):
2347         (JSC::B3::CheckSpecial::admitsStack):
2348         (JSC::B3::CheckSpecial::generate):
2349         (JSC::B3::CheckSpecial::dumpImpl):
2350         (JSC::B3::CheckSpecial::deepDumpImpl):
2351         * b3/B3CheckSpecial.h: Added.
2352         * b3/B3CheckValue.cpp: Added.
2353         (JSC::B3::CheckValue::~CheckValue):
2354         (JSC::B3::CheckValue::dumpMeta):
2355         * b3/B3CheckValue.h: Added.
2356         * b3/B3Common.cpp: Added.
2357         (JSC::B3::shouldDumpIR):
2358         (JSC::B3::shouldDumpIRAtEachPhase):
2359         (JSC::B3::shouldValidateIR):
2360         (JSC::B3::shouldValidateIRAtEachPhase):
2361         (JSC::B3::shouldSaveIRBeforePhase):
2362         * b3/B3Common.h: Added.
2363         (JSC::B3::is64Bit):
2364         (JSC::B3::is32Bit):
2365         * b3/B3Commutativity.cpp: Added.
2366         (WTF::printInternal):
2367         * b3/B3Commutativity.h: Added.
2368         * b3/B3Const32Value.cpp: Added.
2369         (JSC::B3::Const32Value::~Const32Value):
2370         (JSC::B3::Const32Value::negConstant):
2371         (JSC::B3::Const32Value::addConstant):
2372         (JSC::B3::Const32Value::subConstant):
2373         (JSC::B3::Const32Value::dumpMeta):
2374         * b3/B3Const32Value.h: Added.
2375         * b3/B3Const64Value.cpp: Added.
2376         (JSC::B3::Const64Value::~Const64Value):
2377         (JSC::B3::Const64Value::negConstant):
2378         (JSC::B3::Const64Value::addConstant):
2379         (JSC::B3::Const64Value::subConstant):
2380         (JSC::B3::Const64Value::dumpMeta):
2381         * b3/B3Const64Value.h: Added.
2382         * b3/B3ConstDoubleValue.cpp: Added.
2383         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
2384         (JSC::B3::ConstDoubleValue::negConstant):
2385         (JSC::B3::ConstDoubleValue::addConstant):
2386         (JSC::B3::ConstDoubleValue::subConstant):
2387         (JSC::B3::ConstDoubleValue::dumpMeta):
2388         * b3/B3ConstDoubleValue.h: Added.
2389         (JSC::B3::ConstDoubleValue::accepts):
2390         (JSC::B3::ConstDoubleValue::value):
2391         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
2392         * b3/B3ConstPtrValue.h: Added.
2393         (JSC::B3::ConstPtrValue::value):
2394         (JSC::B3::ConstPtrValue::ConstPtrValue):
2395         * b3/B3ControlValue.cpp: Added.
2396         (JSC::B3::ControlValue::~ControlValue):
2397         (JSC::B3::ControlValue::dumpMeta):
2398         * b3/B3ControlValue.h: Added.
2399         * b3/B3Effects.cpp: Added.
2400         (JSC::B3::Effects::dump):
2401         * b3/B3Effects.h: Added.
2402         (JSC::B3::Effects::mustExecute):
2403         * b3/B3FrequencyClass.cpp: Added.
2404         (WTF::printInternal):
2405         * b3/B3FrequencyClass.h: Added.
2406         * b3/B3FrequentedBlock.h: Added.
2407         * b3/B3Generate.cpp: Added.
2408         (JSC::B3::generate):
2409         (JSC::B3::generateToAir):
2410         * b3/B3Generate.h: Added.
2411         * b3/B3GenericFrequentedBlock.h: Added.
2412         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
2413         (JSC::B3::GenericFrequentedBlock::operator==):
2414         (JSC::B3::GenericFrequentedBlock::operator!=):
2415         (JSC::B3::GenericFrequentedBlock::operator bool):
2416         (JSC::B3::GenericFrequentedBlock::block):
2417         (JSC::B3::GenericFrequentedBlock::frequency):
2418         (JSC::B3::GenericFrequentedBlock::dump):
2419         * b3/B3HeapRange.cpp: Added.
2420         (JSC::B3::HeapRange::dump):
2421         * b3/B3HeapRange.h: Added.
2422         (JSC::B3::HeapRange::HeapRange):
2423         (JSC::B3::HeapRange::top):
2424         (JSC::B3::HeapRange::operator==):
2425         (JSC::B3::HeapRange::operator!=):
2426         (JSC::B3::HeapRange::operator bool):
2427         (JSC::B3::HeapRange::begin):
2428         (JSC::B3::HeapRange::end):
2429         (JSC::B3::HeapRange::overlaps):
2430         * b3/B3IndexMap.h: Added.
2431         (JSC::B3::IndexMap::IndexMap):
2432         (JSC::B3::IndexMap::resize):
2433         (JSC::B3::IndexMap::operator[]):
2434         * b3/B3IndexSet.h: Added.
2435         (JSC::B3::IndexSet::IndexSet):
2436         (JSC::B3::IndexSet::add):
2437         (JSC::B3::IndexSet::contains):
2438         (JSC::B3::IndexSet::Iterable::Iterable):
2439         (JSC::B3::IndexSet::Iterable::iterator::iterator):
2440         (JSC::B3::IndexSet::Iterable::iterator::operator*):
2441         (JSC::B3::IndexSet::Iterable::iterator::operator++):
2442         (JSC::B3::IndexSet::Iterable::iterator::operator==):
2443         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
2444         (JSC::B3::IndexSet::Iterable::begin):
2445         (JSC::B3::IndexSet::Iterable::end):
2446         (JSC::B3::IndexSet::values):
2447         (JSC::B3::IndexSet::indices):
2448         (JSC::B3::IndexSet::dump):
2449         * b3/B3InsertionSet.cpp: Added.
2450         (JSC::B3::InsertionSet::execute):
2451         * b3/B3InsertionSet.h: Added.
2452         (JSC::B3::InsertionSet::InsertionSet):
2453         (JSC::B3::InsertionSet::code):
2454         (JSC::B3::InsertionSet::appendInsertion):
2455         (JSC::B3::InsertionSet::insertValue):
2456         * b3/B3InsertionSetInlines.h: Added.
2457         (JSC::B3::InsertionSet::insert):
2458         * b3/B3LowerToAir.cpp: Added.
2459         (JSC::B3::Air::LowerToAir::LowerToAir):
2460         (JSC::B3::Air::LowerToAir::run):
2461         (JSC::B3::Air::LowerToAir::tmp):
2462         (JSC::B3::Air::LowerToAir::effectiveAddr):
2463         (JSC::B3::Air::LowerToAir::addr):
2464         (JSC::B3::Air::LowerToAir::loadAddr):
2465         (JSC::B3::Air::LowerToAir::imm):
2466         (JSC::B3::Air::LowerToAir::immOrTmp):
2467         (JSC::B3::Air::LowerToAir::appendBinOp):
2468         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2469         (JSC::B3::Air::LowerToAir::moveForType):
2470         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
2471         (JSC::B3::Air::LowerToAir::append):
2472         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
2473         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
2474         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
2475         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
2476         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
2477         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
2478         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
2479         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
2480         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
2481         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
2482         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
2483         (JSC::B3::Air::LowerToAir::acceptRoot):
2484         (JSC::B3::Air::LowerToAir::acceptRootLate):
2485         (JSC::B3::Air::LowerToAir::acceptInternals):
2486         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
2487         (JSC::B3::Air::LowerToAir::acceptOperands):
2488         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
2489         (JSC::B3::Air::LowerToAir::tryLoad):
2490         (JSC::B3::Air::LowerToAir::tryAdd):
2491         (JSC::B3::Air::LowerToAir::tryAnd):
2492         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
2493         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
2494         (JSC::B3::Air::LowerToAir::tryStore):
2495         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
2496         (JSC::B3::Air::LowerToAir::tryTrunc):
2497         (JSC::B3::Air::LowerToAir::tryArgumentReg):
2498         (JSC::B3::Air::LowerToAir::tryConst32):
2499         (JSC::B3::Air::LowerToAir::tryConst64):
2500         (JSC::B3::Air::LowerToAir::tryIdentity):
2501         (JSC::B3::Air::LowerToAir::tryReturn):
2502         (JSC::B3::lowerToAir):
2503         * b3/B3LowerToAir.h: Added.
2504         * b3/B3LoweringMatcher.patterns: Added.
2505         * b3/B3MemoryValue.cpp: Added.
2506         (JSC::B3::MemoryValue::~MemoryValue):
2507         (JSC::B3::MemoryValue::dumpMeta):
2508         * b3/B3MemoryValue.h: Added.
2509         * b3/B3Opcode.cpp: Added.
2510         (WTF::printInternal):
2511         * b3/B3Opcode.h: Added.
2512         (JSC::B3::isCheckMath):
2513         * b3/B3Origin.cpp: Added.
2514         (JSC::B3::Origin::dump):
2515         * b3/B3Origin.h: Added.
2516         (JSC::B3::Origin::Origin):
2517         (JSC::B3::Origin::operator bool):
2518         (JSC::B3::Origin::data):
2519         * b3/B3PatchpointSpecial.cpp: Added.
2520         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
2521         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
2522         (JSC::B3::PatchpointSpecial::forEachArg):
2523         (JSC::B3::PatchpointSpecial::isValid):
2524         (JSC::B3::PatchpointSpecial::admitsStack):
2525         (JSC::B3::PatchpointSpecial::generate):
2526         (JSC::B3::PatchpointSpecial::dumpImpl):
2527         (JSC::B3::PatchpointSpecial::deepDumpImpl):
2528         * b3/B3PatchpointSpecial.h: Added.
2529         * b3/B3PatchpointValue.cpp: Added.
2530         (JSC::B3::PatchpointValue::~PatchpointValue):
2531         (JSC::B3::PatchpointValue::dumpMeta):
2532         * b3/B3PatchpointValue.h: Added.
2533         (JSC::B3::PatchpointValue::accepts):
2534         (JSC::B3::PatchpointValue::PatchpointValue):
2535         * b3/B3PhaseScope.cpp: Added.
2536         (JSC::B3::PhaseScope::PhaseScope):
2537         (JSC::B3::PhaseScope::~PhaseScope):
2538         * b3/B3PhaseScope.h: Added.
2539         * b3/B3Procedure.cpp: Added.
2540         (JSC::B3::Procedure::Procedure):
2541         (JSC::B3::Procedure::~Procedure):
2542         (JSC::B3::Procedure::addBlock):
2543         (JSC::B3::Procedure::resetReachability):
2544         (JSC::B3::Procedure::dump):
2545         (JSC::B3::Procedure::blocksInPreOrder):
2546         (JSC::B3::Procedure::blocksInPostOrder):
2547         * b3/B3Procedure.h: Added.
2548         (JSC::B3::Procedure::size):
2549         (JSC::B3::Procedure::at):
2550         (JSC::B3::Procedure::operator[]):
2551         (JSC::B3::Procedure::iterator::iterator):
2552         (JSC::B3::Procedure::iterator::operator*):
2553         (JSC::B3::Procedure::iterator::operator++):
2554         (JSC::B3::Procedure::iterator::operator==):
2555         (JSC::B3::Procedure::iterator::operator!=):
2556         (JSC::B3::Procedure::iterator::findNext):
2557         (JSC::B3::Procedure::begin):
2558         (JSC::B3::Procedure::end):
2559         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
2560         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
2561         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
2562         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2563         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
2564         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2565         (JSC::B3::Procedure::ValuesCollection::begin):
2566         (JSC::B3::Procedure::ValuesCollection::end):
2567         (JSC::B3::Procedure::ValuesCollection::size):
2568         (JSC::B3::Procedure::ValuesCollection::at):
2569         (JSC::B3::Procedure::ValuesCollection::operator[]):
2570         (JSC::B3::Procedure::values):
2571         (JSC::B3::Procedure::setLastPhaseName):
2572         (JSC::B3::Procedure::lastPhaseName):
2573         * b3/B3ProcedureInlines.h: Added.
2574         (JSC::B3::Procedure::add):
2575         * b3/B3ReduceStrength.cpp: Added.
2576         (JSC::B3::reduceStrength):
2577         * b3/B3ReduceStrength.h: Added.
2578         * b3/B3StackSlotKind.cpp: Added.
2579         (WTF::printInternal):
2580         * b3/B3StackSlotKind.h: Added.
2581         * b3/B3StackSlotValue.cpp: Added.
2582         (JSC::B3::StackSlotValue::~StackSlotValue):
2583         (JSC::B3::StackSlotValue::dumpMeta):
2584         * b3/B3StackSlotValue.h: Added.
2585         (JSC::B3::StackSlotValue::accepts):
2586         (JSC::B3::StackSlotValue::byteSize):
2587         (JSC::B3::StackSlotValue::kind):
2588         (JSC::B3::StackSlotValue::offsetFromFP):
2589         (JSC::B3::StackSlotValue::setOffsetFromFP):
2590         (JSC::B3::StackSlotValue::StackSlotValue):
2591         * b3/B3Stackmap.cpp: Added.
2592         (JSC::B3::Stackmap::Stackmap):
2593         (JSC::B3::Stackmap::~Stackmap):
2594         (JSC::B3::Stackmap::dump):
2595         * b3/B3Stackmap.h: Added.
2596         (JSC::B3::Stackmap::constrain):
2597         (JSC::B3::Stackmap::reps):
2598         (JSC::B3::Stackmap::clobber):
2599         (JSC::B3::Stackmap::clobbered):
2600         (JSC::B3::Stackmap::setGenerator):
2601         * b3/B3StackmapSpecial.cpp: Added.
2602         (JSC::B3::StackmapSpecial::StackmapSpecial):
2603         (JSC::B3::StackmapSpecial::~StackmapSpecial):
2604         (JSC::B3::StackmapSpecial::reportUsedRegisters):
2605         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2606         (JSC::B3::StackmapSpecial::forEachArgImpl):
2607         (JSC::B3::StackmapSpecial::isValidImpl):
2608         (JSC::B3::StackmapSpecial::admitsStackImpl):
2609         (JSC::B3::StackmapSpecial::appendRepsImpl):
2610         (JSC::B3::StackmapSpecial::repForArg):
2611         * b3/B3StackmapSpecial.h: Added.
2612         * b3/B3SuccessorCollection.h: Added.
2613         (JSC::B3::SuccessorCollection::SuccessorCollection):
2614         (JSC::B3::SuccessorCollection::size):
2615         (JSC::B3::SuccessorCollection::at):
2616         (JSC::B3::SuccessorCollection::operator[]):
2617         (JSC::B3::SuccessorCollection::iterator::iterator):
2618         (JSC::B3::SuccessorCollection::iterator::operator*):
2619         (JSC::B3::SuccessorCollection::iterator::operator++):
2620         (JSC::B3::SuccessorCollection::iterator::operator==):
2621         (JSC::B3::SuccessorCollection::iterator::operator!=):
2622         (JSC::B3::SuccessorCollection::begin):
2623         (JSC::B3::SuccessorCollection::end):
2624         * b3/B3SwitchCase.cpp: Added.
2625         (JSC::B3::SwitchCase::dump):
2626         * b3/B3SwitchCase.h: Added.
2627         (JSC::B3::SwitchCase::SwitchCase):
2628         (JSC::B3::SwitchCase::operator bool):
2629         (JSC::B3::SwitchCase::caseValue):
2630         (JSC::B3::SwitchCase::target):
2631         (JSC::B3::SwitchCase::targetBlock):
2632         * b3/B3SwitchValue.cpp: Added.
2633         (JSC::B3::SwitchValue::~SwitchValue):
2634         (JSC::B3::SwitchValue::removeCase):
2635         (JSC::B3::SwitchValue::appendCase):
2636         (JSC::B3::SwitchValue::dumpMeta):
2637         (JSC::B3::SwitchValue::SwitchValue):
2638         * b3/B3SwitchValue.h: Added.
2639         (JSC::B3::SwitchValue::accepts):
2640         (JSC::B3::SwitchValue::numCaseValues):
2641         (JSC::B3::SwitchValue::caseValue):
2642         (JSC::B3::SwitchValue::caseValues):
2643         (JSC::B3::SwitchValue::fallThrough):
2644         (JSC::B3::SwitchValue::size):
2645         (JSC::B3::SwitchValue::at):
2646         (JSC::B3::SwitchValue::operator[]):
2647         (JSC::B3::SwitchValue::iterator::iterator):
2648         (JSC::B3::SwitchValue::iterator::operator*):
2649         (JSC::B3::SwitchValue::iterator::operator++):
2650         (JSC::B3::SwitchValue::iterator::operator==):
2651         (JSC::B3::SwitchValue::iterator::operator!=):
2652         (JSC::B3::SwitchValue::begin):
2653         (JSC::B3::SwitchValue::end):
2654         * b3/B3Type.cpp: Added.
2655         (WTF::printInternal):
2656         * b3/B3Type.h: Added.
2657         (JSC::B3::isInt):
2658         (JSC::B3::isFloat):
2659         (JSC::B3::pointerType):
2660         * b3/B3UpsilonValue.cpp: Added.
2661         (JSC::B3::UpsilonValue::~UpsilonValue):
2662         (JSC::B3::UpsilonValue::dumpMeta):
2663         * b3/B3UpsilonValue.h: Added.
2664         (JSC::B3::UpsilonValue::accepts):
2665         (JSC::B3::UpsilonValue::phi):
2666         (JSC::B3::UpsilonValue::UpsilonValue):
2667         * b3/B3UseCounts.cpp: Added.
2668         (JSC::B3::UseCounts::UseCounts):
2669         (JSC::B3::UseCounts::~UseCounts):
2670         * b3/B3UseCounts.h: Added.
2671         (JSC::B3::UseCounts::operator[]):
2672         * b3/B3Validate.cpp: Added.
2673         (JSC::B3::validate):
2674         * b3/B3Validate.h: Added.
2675         * b3/B3Value.cpp: Added.
2676         (JSC::B3::Value::~Value):
2677         (JSC::B3::Value::replaceWithIdentity):
2678         (JSC::B3::Value::replaceWithNop):
2679         (JSC::B3::Value::dump):
2680         (JSC::B3::Value::deepDump):
2681         (JSC::B3::Value::negConstant):
2682         (JSC::B3::Value::addConstant):
2683         (JSC::B3::Value::subConstant):
2684         (JSC::B3::Value::effects):
2685         (JSC::B3::Value::performSubstitution):
2686         (JSC::B3::Value::dumpMeta):
2687         (JSC::B3::Value::typeFor):
2688         * b3/B3Value.h: Added.
2689         (JSC::B3::DeepValueDump::DeepValueDump):
2690         (JSC::B3::DeepValueDump::dump):
2691         (JSC::B3::deepDump):
2692         * b3/B3ValueInlines.h: Added.
2693         (JSC::B3::Value::as):
2694         (JSC::B3::Value::isConstant):
2695         (JSC::B3::Value::hasInt32):
2696         (JSC::B3::Value::asInt32):
2697         (JSC::B3::Value::hasInt64):
2698         (JSC::B3::Value::asInt64):
2699         (JSC::B3::Value::hasInt):
2700         (JSC::B3::Value::asInt):
2701         (JSC::B3::Value::isInt):
2702         (JSC::B3::Value::hasIntPtr):
2703         (JSC::B3::Value::asIntPtr):
2704         (JSC::B3::Value::hasDouble):
2705         (JSC::B3::Value::asDouble):
2706         (JSC::B3::Value::stackmap):
2707         * b3/B3ValueRep.cpp: Added.
2708         (JSC::B3::ValueRep::dump):
2709         (WTF::printInternal):
2710         * b3/B3ValueRep.h: Added.
2711         (JSC::B3::ValueRep::ValueRep):
2712         (JSC::B3::ValueRep::reg):
2713         (JSC::B3::ValueRep::stack):
2714         (JSC::B3::ValueRep::stackArgument):
2715         (JSC::B3::ValueRep::constant):
2716         (JSC::B3::ValueRep::constantDouble):
2717         (JSC::B3::ValueRep::kind):
2718         (JSC::B3::ValueRep::operator bool):
2719         (JSC::B3::ValueRep::offsetFromFP):
2720         (JSC::B3::ValueRep::offsetFromSP):
2721         (JSC::B3::ValueRep::value):
2722         (JSC::B3::ValueRep::doubleValue):
2723         * b3/air: Added.
2724         * b3/air/AirAllocateStack.cpp: Added.
2725         (JSC::B3::Air::allocateStack):
2726         * b3/air/AirAllocateStack.h: Added.
2727         * b3/air/AirArg.cpp: Added.
2728         (JSC::B3::Air::Arg::dump):
2729         * b3/air/AirArg.h: Added.
2730         (JSC::B3::Air::Arg::isUse):
2731         (JSC::B3::Air::Arg::isDef):
2732         (JSC::B3::Air::Arg::typeForB3Type):
2733         (JSC::B3::Air::Arg::Arg):
2734         (JSC::B3::Air::Arg::imm):
2735         (JSC::B3::Air::Arg::imm64):
2736         (JSC::B3::Air::Arg::addr):
2737         (JSC::B3::Air::Arg::stack):
2738         (JSC::B3::Air::Arg::callArg):
2739         (JSC::B3::Air::Arg::isValidScale):
2740         (JSC::B3::Air::Arg::logScale):
2741         (JSC::B3::Air::Arg::index):
2742         (JSC::B3::Air::Arg::relCond):
2743         (JSC::B3::Air::Arg::resCond):
2744         (JSC::B3::Air::Arg::special):
2745         (JSC::B3::Air::Arg::operator==):
2746         (JSC::B3::Air::Arg::operator!=):
2747         (JSC::B3::Air::Arg::operator bool):
2748         (JSC::B3::Air::Arg::kind):
2749         (JSC::B3::Air::Arg::isTmp):
2750         (JSC::B3::Air::Arg::isImm):
2751         (JSC::B3::Air::Arg::isImm64):
2752         (JSC::B3::Air::Arg::isAddr):
2753         (JSC::B3::Air::Arg::isStack):
2754         (JSC::B3::Air::Arg::isCallArg):
2755         (JSC::B3::Air::Arg::isIndex):
2756         (JSC::B3::Air::Arg::isRelCond):
2757         (JSC::B3::Air::Arg::isResCond):
2758         (JSC::B3::Air::Arg::isSpecial):
2759         (JSC::B3::Air::Arg::isAlive):
2760         (JSC::B3::Air::Arg::tmp):
2761         (JSC::B3::Air::Arg::value):
2762         (JSC::B3::Air::Arg::pointerValue):
2763         (JSC::B3::Air::Arg::base):
2764         (JSC::B3::Air::Arg::hasOffset):
2765         (JSC::B3::Air::Arg::offset):
2766         (JSC::B3::Air::Arg::stackSlot):
2767         (JSC::B3::Air::Arg::scale):
2768         (JSC::B3::Air::Arg::isGPTmp):
2769         (JSC::B3::Air::Arg::isFPTmp):
2770         (JSC::B3::Air::Arg::isGP):
2771         (JSC::B3::Air::Arg::isFP):
2772         (JSC::B3::Air::Arg::hasType):
2773         (JSC::B3::Air::Arg::type):
2774         (JSC::B3::Air::Arg::isType):
2775         (JSC::B3::Air::Arg::isGPR):
2776         (JSC::B3::Air::Arg::gpr):
2777         (JSC::B3::Air::Arg::isFPR):
2778         (JSC::B3::Air::Arg::fpr):
2779         (JSC::B3::Air::Arg::isReg):
2780         (JSC::B3::Air::Arg::reg):
2781         (JSC::B3::Air::Arg::gpTmpIndex):
2782         (JSC::B3::Air::Arg::fpTmpIndex):
2783         (JSC::B3::Air::Arg::tmpIndex):
2784         (JSC::B3::Air::Arg::withOffset):
2785         (JSC::B3::Air::Arg::forEachTmpFast):
2786         (JSC::B3::Air::Arg::forEachTmp):
2787         (JSC::B3::Air::Arg::asTrustedImm32):
2788         (JSC::B3::Air::Arg::asTrustedImm64):
2789         (JSC::B3::Air::Arg::asTrustedImmPtr):
2790         (JSC::B3::Air::Arg::asAddress):
2791         (JSC::B3::Air::Arg::asBaseIndex):
2792         (JSC::B3::Air::Arg::asRelationalCondition):
2793         (JSC::B3::Air::Arg::asResultCondition):
2794         (JSC::B3::Air::Arg::isHashTableDeletedValue):
2795         (JSC::B3::Air::Arg::hash):
2796         (JSC::B3::Air::ArgHash::hash):
2797         (JSC::B3::Air::ArgHash::equal):
2798         * b3/air/AirBasicBlock.cpp: Added.
2799         (JSC::B3::Air::BasicBlock::addPredecessor):
2800         (JSC::B3::Air::BasicBlock::removePredecessor):
2801         (JSC::B3::Air::BasicBlock::replacePredecessor):
2802         (JSC::B3::Air::BasicBlock::dump):
2803         (JSC::B3::Air::BasicBlock::deepDump):
2804         (JSC::B3::Air::BasicBlock::BasicBlock):
2805         * b3/air/AirBasicBlock.h: Added.
2806         (JSC::B3::Air::BasicBlock::index):
2807         (JSC::B3::Air::BasicBlock::size):
2808         (JSC::B3::Air::BasicBlock::begin):
2809         (JSC::B3::Air::BasicBlock::end):
2810         (JSC::B3::Air::BasicBlock::at):
2811         (JSC::B3::Air::BasicBlock::last):
2812         (JSC::B3::Air::BasicBlock::appendInst):
2813         (JSC::B3::Air::BasicBlock::append):
2814         (JSC::B3::Air::BasicBlock::numSuccessors):
2815         (JSC::B3::Air::BasicBlock::successor):
2816         (JSC::B3::Air::BasicBlock::successors):
2817         (JSC::B3::Air::BasicBlock::successorBlock):
2818         (JSC::B3::Air::BasicBlock::successorBlocks):
2819         (JSC::B3::Air::BasicBlock::numPredecessors):
2820         (JSC::B3::Air::BasicBlock::predecessor):
2821         (JSC::B3::Air::BasicBlock::predecessors):
2822         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
2823         (JSC::B3::Air::DeepBasicBlockDump::dump):
2824         (JSC::B3::Air::deepDump):
2825         * b3/air/AirCCallSpecial.cpp: Added.
2826         (JSC::B3::Air::CCallSpecial::CCallSpecial):
2827         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
2828         (JSC::B3::Air::CCallSpecial::forEachArg):
2829         (JSC::B3::Air::CCallSpecial::isValid):
2830         (JSC::B3::Air::CCallSpecial::admitsStack):
2831         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
2832         (JSC::B3::Air::CCallSpecial::generate):
2833         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2834         (JSC::B3::Air::CCallSpecial::dumpImpl):
2835         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
2836         * b3/air/AirCCallSpecial.h: Added.
2837         * b3/air/AirCode.cpp: Added.
2838         (JSC::B3::Air::Code::Code):
2839         (JSC::B3::Air::Code::~Code):
2840         (JSC::B3::Air::Code::addBlock):
2841         (JSC::B3::Air::Code::addStackSlot):
2842         (JSC::B3::Air::Code::addSpecial):
2843         (JSC::B3::Air::Code::cCallSpecial):
2844         (JSC::B3::Air::Code::resetReachability):
2845         (JSC::B3::Air::Code::dump):
2846         (JSC::B3::Air::Code::findFirstBlockIndex):
2847         (JSC::B3::Air::Code::findNextBlockIndex):
2848         (JSC::B3::Air::Code::findNextBlock):
2849         * b3/air/AirCode.h: Added.
2850         (JSC::B3::Air::Code::newTmp):
2851         (JSC::B3::Air::Code::numTmps):
2852         (JSC::B3::Air::Code::callArgAreaSize):
2853         (JSC::B3::Air::Code::requestCallArgAreaSize):
2854         (JSC::B3::Air::Code::frameSize):
2855         (JSC::B3::Air::Code::setFrameSize):
2856         (JSC::B3::Air::Code::calleeSaveRegisters):
2857         (JSC::B3::Air::Code::size):
2858         (JSC::B3::Air::Code::at):
2859         (JSC::B3::Air::Code::operator[]):
2860         (JSC::B3::Air::Code::iterator::iterator):
2861         (JSC::B3::Air::Code::iterator::operator*):
2862         (JSC::B3::Air::Code::iterator::operator++):
2863         (JSC::B3::Air::Code::iterator::operator==):
2864         (JSC::B3::Air::Code::iterator::operator!=):
2865         (JSC::B3::Air::Code::begin):
2866         (JSC::B3::Air::Code::end):
2867         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
2868         (JSC::B3::Air::Code::StackSlotsCollection::size):
2869         (JSC::B3::Air::Code::StackSlotsCollection::at):
2870         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
2871         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
2872         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
2873         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
2874         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
2875         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
2876         (JSC::B3::Air::Code::StackSlotsCollection::begin):
2877         (JSC::B3::Air::Code::StackSlotsCollection::end):
2878         (JSC::B3::Air::Code::stackSlots):
2879         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
2880         (JSC::B3::Air::Code::SpecialsCollection::size):
2881         (JSC::B3::Air::Code::SpecialsCollection::at):
2882         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
2883         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
2884         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
2885         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
2886         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
2887         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
2888         (JSC::B3::Air::Code::SpecialsCollection::begin):
2889         (JSC::B3::Air::Code::SpecialsCollection::end):
2890         (JSC::B3::Air::Code::specials):
2891         (JSC::B3::Air::Code::setLastPhaseName):
2892         (JSC::B3::Air::Code::lastPhaseName):
2893         * b3/air/AirFrequentedBlock.h: Added.
2894         * b3/air/AirGenerate.cpp: Added.
2895         (JSC::B3::Air::generate):
2896         * b3/air/AirGenerate.h: Added.
2897         * b3/air/AirGenerated.cpp: Added.
2898         * b3/air/AirGenerationContext.h: Added.
2899         * b3/air/AirHandleCalleeSaves.cpp: Added.
2900         (JSC::B3::Air::handleCalleeSaves):
2901         * b3/air/AirHandleCalleeSaves.h: Added.
2902         * b3/air/AirInsertionSet.cpp: Added.
2903         (JSC::B3::Air::InsertionSet::execute):
2904         * b3/air/AirInsertionSet.h: Added.
2905         (JSC::B3::Air::InsertionSet::InsertionSet):
2906         (JSC::B3::Air::InsertionSet::code):
2907         (JSC::B3::Air::InsertionSet::appendInsertion):
2908         (JSC::B3::Air::InsertionSet::insertInst):
2909         (JSC::B3::Air::InsertionSet::insert):
2910         * b3/air/AirInst.cpp: Added.
2911         (JSC::B3::Air::Inst::dump):
2912         * b3/air/AirInst.h: Added.
2913         (JSC::B3::Air::Inst::Inst):
2914         (JSC::B3::Air::Inst::opcode):
2915         (JSC::B3::Air::Inst::forEachTmpFast):
2916         (JSC::B3::Air::Inst::forEachTmp):
2917         * b3/air/AirInstInlines.h: Added.
2918         (JSC::B3::Air::ForEach<Tmp>::forEach):
2919         (JSC::B3::Air::ForEach<Arg>::forEach):
2920         (JSC::B3::Air::Inst::forEach):
2921         (JSC::B3::Air::Inst::hasSpecial):
2922         (JSC::B3::Air::Inst::extraClobberedRegs):
2923         (JSC::B3::Air::Inst::reportUsedRegisters):
2924         (JSC::B3::Air::isShiftValid):
2925         (JSC::B3::Air::isLshift32Valid):
2926         * b3/air/AirLiveness.h: Added.
2927         (JSC::B3::Air::Liveness::Liveness):
2928         (JSC::B3::Air::Liveness::liveAtHead):
2929         (JSC::B3::Air::Liveness::liveAtTail):
2930         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2931         (JSC::B3::Air::Liveness::LocalCalc::live):
2932         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
2933         (JSC::B3::Air::Liveness::LocalCalc::execute):
2934         * b3/air/AirOpcode.opcodes: Added.
2935         * b3/air/AirPhaseScope.cpp: Added.
2936         (JSC::B3::Air::PhaseScope::PhaseScope):
2937         (JSC::B3::Air::PhaseScope::~PhaseScope):
2938         * b3/air/AirPhaseScope.h: Added.
2939         * b3/air/AirRegisterPriority.cpp: Added.
2940         (JSC::B3::Air::gprsInPriorityOrder):
2941         (JSC::B3::Air::fprsInPriorityOrder):
2942         (JSC::B3::Air::regsInPriorityOrder):
2943         * b3/air/AirRegisterPriority.h: Added.
2944         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
2945         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
2946         (JSC::B3::Air::regsInPriorityOrder):
2947         * b3/air/AirSpecial.cpp: Added.
2948         (JSC::B3::Air::Special::Special):
2949         (JSC::B3::Air::Special::~Special):
2950         (JSC::B3::Air::Special::name):
2951         (JSC::B3::Air::Special::dump):
2952         (JSC::B3::Air::Special::deepDump):
2953         * b3/air/AirSpecial.h: Added.
2954         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
2955         (JSC::B3::Air::DeepSpecialDump::dump):
2956         (JSC::B3::Air::deepDump):
2957         * b3/air/AirSpillEverything.cpp: Added.
2958         (JSC::B3::Air::spillEverything):
2959         * b3/air/AirSpillEverything.h: Added.
2960         * b3/air/AirStackSlot.cpp: Added.
2961         (JSC::B3::Air::StackSlot::setOffsetFromFP):
2962         (JSC::B3::Air::StackSlot::dump):
2963         (JSC::B3::Air::StackSlot::deepDump):
2964         (JSC::B3::Air::StackSlot::StackSlot):
2965         * b3/air/AirStackSlot.h: Added.
2966         (JSC::B3::Air::StackSlot::byteSize):
2967         (JSC::B3::Air::StackSlot::kind):
2968         (JSC::B3::Air::StackSlot::index):
2969         (JSC::B3::Air::StackSlot::alignment):
2970         (JSC::B3::Air::StackSlot::value):
2971         (JSC::B3::Air::StackSlot::offsetFromFP):
2972         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
2973         (JSC::B3::Air::DeepStackSlotDump::dump):
2974         (JSC::B3::Air::deepDump):
2975         * b3/air/AirTmp.cpp: Added.
2976         (JSC::B3::Air::Tmp::dump):
2977         * b3/air/AirTmp.h: Added.
2978         (JSC::B3::Air::Tmp::Tmp):
2979         (JSC::B3::Air::Tmp::gpTmpForIndex):
2980         (JSC::B3::Air::Tmp::fpTmpForIndex):
2981         (JSC::B3::Air::Tmp::operator bool):
2982         (JSC::B3::Air::Tmp::isGP):
2983         (JSC::B3::Air::Tmp::isFP):
2984         (JSC::B3::Air::Tmp::isGPR):
2985         (JSC::B3::Air::Tmp::isFPR):
2986         (JSC::B3::Air::Tmp::isReg):
2987         (JSC::B3::Air::Tmp::gpr):
2988         (JSC::B3::Air::Tmp::fpr):
2989         (JSC::B3::Air::Tmp::reg):
2990         (JSC::B3::Air::Tmp::hasTmpIndex):
2991         (JSC::B3::Air::Tmp::gpTmpIndex):
2992         (JSC::B3::Air::Tmp::fpTmpIndex):
2993         (JSC::B3::Air::Tmp::tmpIndex):
2994         (JSC::B3::Air::Tmp::isAlive):
2995         (JSC::B3::Air::Tmp::operator==):
2996         (JSC::B3::Air::Tmp::operator!=):
2997         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
2998         (JSC::B3::Air::Tmp::hash):
2999         (JSC::B3::Air::Tmp::encodeGP):
3000         (JSC::B3::Air::Tmp::encodeFP):
3001         (JSC::B3::Air::Tmp::encodeGPR):
3002         (JSC::B3::Air::Tmp::encodeFPR):
3003         (JSC::B3::Air::Tmp::encodeGPTmp):
3004         (JSC::B3::Air::Tmp::encodeFPTmp):
3005         (JSC::B3::Air::Tmp::isEncodedGP):
3006         (JSC::B3::Air::Tmp::isEncodedFP):
3007         (JSC::B3::Air::Tmp::isEncodedGPR):
3008         (JSC::B3::Air::Tmp::isEncodedFPR):
3009         (JSC::B3::Air::Tmp::isEncodedGPTmp):
3010         (JSC::B3::Air::Tmp::isEncodedFPTmp):
3011         (JSC::B3::Air::Tmp::decodeGPR):
3012         (JSC::B3::Air::Tmp::decodeFPR):
3013         (JSC::B3::Air::Tmp::decodeGPTmp):
3014         (JSC::B3::Air::Tmp::decodeFPTmp):
3015         (JSC::B3::Air::TmpHash::hash):
3016         (JSC::B3::Air::TmpHash::equal):
3017         * b3/air/AirTmpInlines.h: Added.
3018         (JSC::B3::Air::Tmp::Tmp):
3019         * b3/air/AirValidate.cpp: Added.
3020         (JSC::B3::Air::validate):
3021         * b3/air/AirValidate.h: Added.
3022         * b3/air/opcode_generator.rb: Added.
3023         * b3/generate_pattern_matcher.rb: Added.
3024         * b3/testb3.cpp: Added.
3025         (JSC::B3::compileAndRun):
3026         (JSC::B3::test42):
3027         (JSC::B3::testLoad42):
3028         (JSC::B3::testArg):
3029         (JSC::B3::testAddArgs):
3030         (JSC::B3::testAddArgs32):
3031         (JSC::B3::testStore):
3032         (JSC::B3::testTrunc):
3033         (JSC::B3::testAdd1):
3034         (JSC::B3::testStoreAddLoad):
3035         (JSC::B3::testStoreAddAndLoad):
3036         (JSC::B3::testAdd1Uncommuted):
3037         (JSC::B3::testLoadOffset):
3038         (JSC::B3::testLoadOffsetNotConstant):
3039         (JSC::B3::testLoadOffsetUsingAdd):
3040         (JSC::B3::testLoadOffsetUsingAddNotConstant):
3041         (JSC::B3::run):
3042         (run):
3043         (main):
3044         * bytecode/CodeBlock.h:
3045         (JSC::CodeBlock::specializationKind):
3046         * jit/Reg.h:
3047         (JSC::Reg::index):
3048         (JSC::Reg::isSet):
3049         (JSC::Reg::operator bool):
3050         (JSC::Reg::isHashTableDeletedValue):
3051         (JSC::Reg::AllRegsIterable::iterator::iterator):
3052         (JSC::Reg::AllRegsIterable::iterator::operator*):
3053         (JSC::Reg::AllRegsIterable::iterator::operator++):
3054         (JSC::Reg::AllRegsIterable::iterator::operator==):
3055         (JSC::Reg::AllRegsIterable::iterator::operator!=):
3056         (JSC::Reg::AllRegsIterable::begin):
3057         (JSC::Reg::AllRegsIterable::end):
3058         (JSC::Reg::all):
3059         (JSC::Reg::invalid):
3060         (JSC::Reg::operator!): Deleted.
3061         * jit/RegisterAtOffsetList.cpp:
3062         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
3063         * jit/RegisterAtOffsetList.h:
3064         (JSC::RegisterAtOffsetList::clear):
3065         (JSC::RegisterAtOffsetList::size):
3066         (JSC::RegisterAtOffsetList::begin):
3067         (JSC::RegisterAtOffsetList::end):
3068         * jit/RegisterSet.h:
3069         (JSC::RegisterSet::operator==):
3070         (JSC::RegisterSet::hash):
3071         (JSC::RegisterSet::forEach):
3072         (JSC::RegisterSet::setAny):
3073
3074 2015-10-28  Mark Lam  <mark.lam@apple.com>
3075
3076         Rename MacroAssembler::callProbe() to probe().
3077         https://bugs.webkit.org/show_bug.cgi?id=150641
3078
3079         Reviewed by Saam Barati.
3080
3081         To do this, I needed to disambiguate between the low-level probe() from the
3082         high-level version that takes a std::function.  I did this by changing the low-
3083         level version to not take default args anymore.
3084
3085         * assembler/AbstractMacroAssembler.h:
3086         * assembler/MacroAssembler.cpp:
3087         (JSC::stdFunctionCallback):
3088         (JSC::MacroAssembler::probe):
3089         (JSC::MacroAssembler::callProbe): Deleted.
3090         * assembler/MacroAssembler.h:
3091         (JSC::MacroAssembler::urshift32):
3092         * assembler/MacroAssemblerARM.h:
3093         (JSC::MacroAssemblerARM::repatchCall):
3094         * assembler/MacroAssemblerARM64.h:
3095         (JSC::MacroAssemblerARM64::repatchCall):
3096         * assembler/MacroAssemblerARMv7.h:
3097         (JSC::MacroAssemblerARMv7::repatchCall):
3098         * assembler/MacroAssemblerPrinter.h:
3099         (JSC::MacroAssemblerPrinter::print):
3100         * assembler/MacroAssemblerX86Common.h:
3101         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
3102
3103 2015-10-28  Timothy Hatcher  <timothy@apple.com>
3104
3105         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
3106         https://bugs.webkit.org/show_bug.cgi?id=148728
3107
3108         Reviewed by Joseph Pecoraro.
3109
3110         * Scripts/jsmin.py:
3111         (JavascriptMinify.minify): Make backtick a quoting character.
3112
3113 2015-10-28  Brian Burg  <bburg@apple.com>
3114
3115         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
3116         https://bugs.webkit.org/show_bug.cgi?id=150536
3117
3118         Reviewed by Yusuke Suzuki.
3119
3120         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
3121         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
3122
3123         Generate primary header includes separately from secondary header includes so we can
3124         put the guard between the two header groups, as is customary in WebKit C++ code.
3125
3126         New tests:
3127
3128         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
3129         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
3130         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
3131
3132         * Scripts/builtins/builtins_generate_combined_implementation.py:
3133         (BuiltinsCombinedImplementationGenerator.generate_output):
3134         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
3135         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
3136         * Scripts/builtins/builtins_generate_separate_header.py:
3137         (BuiltinsSeparateHeaderGenerator.generate_output):
3138         (generate_secondary_header_includes):
3139         (generate_header_includes): Deleted.
3140         * Scripts/builtins/builtins_generate_separate_implementation.py:
3141         (BuiltinsSeparateImplementationGenerator.generate_output):
3142         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
3143         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
3144         * Scripts/builtins/builtins_generate_separate_wrapper.py:
3145         (BuiltinsSeparateWrapperGenerator.generate_output):
3146         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
3147         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
3148         * Scripts/builtins/builtins_generator.py:
3149         (BuiltinsGenerator.generate_includes_from_entries):
3150         (BuiltinsGenerator):
3151         (BuiltinsGenerator.generate_primary_header_includes):
3152         * Scripts/builtins/builtins_model.py:
3153         (BuiltinObject.__init__):
3154         (BuiltinsCollection.parse_builtins_file):
3155         (BuiltinsCollection._parse_annotations):
3156         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
3157         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
3158         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
3159         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
3160         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
3161         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
3162         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
3163         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
3164         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
3165         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
3166         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
3167         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
3168         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
3169
3170 2015-10-28  Mark Lam  <mark.lam@apple.com>
3171
3172         Update FTL to support UntypedUse operands for op_sub.
3173         https://bugs.webkit.org/show_bug.cgi?id=150562
3174
3175         Reviewed by Geoffrey Garen.
3176
3177         * assembler/MacroAssemblerARM64.h:
3178         - make the dataTempRegister and memoryTempRegister public so that we can
3179           move input registers out of them if needed.
3180
3181         * ftl/FTLCapabilities.cpp:
3182         (JSC::FTL::canCompile):
3183         - We can now compile ArithSub.
3184
3185         * ftl/FTLCompile.cpp:
3186         - Added BinaryArithGenerationContext to shuffle registers into a state that is
3187           expected by the baseline snippet generator.  This includes:
3188           1. Making sure that the input and output registers are not in the tag or
3189              scratch registers.
3190           2. Loading the tag registers with expected values.
3191           3. Restoring the registers to their original value on return.
3192         - Added code to implement the ArithSub inline cache.
3193
3194         * ftl/FTLInlineCacheDescriptor.h:
3195         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
3196         (JSC::FTL::ArithSubDescriptor::leftType):
3197         (JSC::FTL::ArithSubDescriptor::rightType):
3198
3199         * ftl/FTLInlineCacheSize.cpp:
3200         (JSC::FTL::sizeOfArithSub):
3201         * ftl/FTLInlineCacheSize.h:
3202
3203         * ftl/FTLLowerDFGToLLVM.cpp:
3204         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
3205         - Added handling for UnusedType for the ArithSub case.
3206
3207         * ftl/FTLState.h:
3208         * jit/GPRInfo.h:
3209         (JSC::GPRInfo::reservedRegisters):
3210
3211         * jit/JITSubGenerator.h:
3212         (JSC::JITSubGenerator::generateFastPath):
3213         - When the result is in the same as one of the input registers, we'll end up
3214           corrupting the input in fast path even if we determine that we need to go to
3215           the slow path.  We now move the input into the scratch register and operate
3216           on that instead and only move the result into the result register only after
3217           the fast path has succeeded.
3218
3219         * tests/stress/op_sub.js:
3220         (o1.valueOf):
3221         (runTest):
3222         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
3223
3224 2015-10-28  Mark Lam  <mark.lam@apple.com>
3225
3226         Fix a typo in ProbeContext::fpr().
3227         https://bugs.webkit.org/show_bug.cgi?id=150629
3228
3229         Reviewed by Yusuke Suzuki.
3230
3231         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
3232
3233         * assembler/AbstractMacroAssembler.h:
3234         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
3235
3236 2015-10-28  Mark Lam  <mark.lam@apple.com>
3237
3238         Add ability to print the PC register from JIT'ed code.
3239         https://bugs.webkit.org/show_bug.cgi?id=150561
3240
3241         Reviewed by Geoffrey Garen.
3242
3243         * assembler/MacroAssemblerPrinter.cpp:
3244         (JSC::printPC):
3245         (JSC::MacroAssemblerPrinter::printCallback):
3246         * assembler/MacroAssemblerPrinter.h:
3247         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
3248
3249 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
3250
3251         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
3252         https://bugs.webkit.org/show_bug.cgi?id=150615
3253
3254         Reviewed by Timothy Hatcher.
3255
3256         * inspector/protocol/Timeline.json:
3257
3258 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
3259
3260         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
3261         https://bugs.webkit.org/show_bug.cgi?id=150605
3262
3263         Reviewed by Timothy Hatcher.
3264
3265         * inspector/protocol/Timeline.json:
3266
3267 2015-10-27  Michael Saboff  <msaboff@apple.com>
3268
3269         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
3270         https://bugs.webkit.org/show_bug.cgi?id=150580
3271
3272         Reviewed by Mark Lam.
3273
3274         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
3275         them in the shuffler.
3276
3277         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
3278         as we could be making space to spill a register so that we have a spare that we can use for the new
3279         frame's base pointer.
3280
3281         * ftl/FTLJSTailCall.cpp:
3282         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
3283         arguments stored in the stack.
3284         * ftl/FTLLowerDFGToLLVM.cpp:
3285         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
3286         * jit/CallFrameShuffler.cpp:
3287         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
3288
3289 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3290
3291         [ES6] Add DFG/FTL support for accessor put operations
3292         https://bugs.webkit.org/show_bug.cgi?id=148860
3293
3294         Reviewed by Geoffrey Garen.
3295
3296         This patch introduces accessor defining ops into DFG and FTL.
3297         The following DFG nodes are introduced.
3298
3299             op_put_getter_by_id  => PutGetterById
3300             op_put_setter_by_id  => PutSetterById
3301             op_put_getter_setter => PutGetterSetterById
3302             op_put_getter_by_val => PutGetterByVal
3303             op_put_setter_by_val => PutSetterByVal
3304
3305         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3306
3307         To use operations defined for baseline JIT, we clean up existing operations.
3308         And reuse these operations in DFG and FTL.
3309
3310         * dfg/DFGAbstractInterpreterInlines.h:
3311         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3312         * dfg/DFGByteCodeParser.cpp:
3313         (JSC::DFG::ByteCodeParser::parseBlock):
3314         * dfg/DFGCapabilities.cpp:
3315         (JSC::DFG::capabilityLevel):
3316         * dfg/DFGClobberize.h:
3317         (JSC::DFG::clobberize):
3318         * dfg/DFGDoesGC.cpp:
3319         (JSC::DFG::doesGC):
3320         * dfg/DFGFixupPhase.cpp:
3321         (JSC::DFG::FixupPhase::fixupNode):
3322         * dfg/DFGNode.h:
3323         (JSC::DFG::Node::hasIdentifier):
3324         (JSC::DFG::Node::hasAccessorAttributes):
3325         (JSC::DFG::Node::accessorAttributes):
3326         * dfg/DFGNodeType.h:
3327         * dfg/DFGPredictionPropagationPhase.cpp:
3328         (JSC::DFG::PredictionPropagationPhase::propagate):
3329         * dfg/DFGSafeToExecute.h:
3330         (JSC::DFG::safeToExecute):
3331         * dfg/DFGSpeculativeJIT.cpp:
3332         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3333         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3334         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3335         We should fill all GPRs before calling flushRegisters().
3336         * dfg/DFGSpeculativeJIT.h:
3337         (JSC::DFG::SpeculativeJIT::callOperation):
3338         * dfg/DFGSpeculativeJIT32_64.cpp:
3339         (JSC::DFG::SpeculativeJIT::compile):
3340         * dfg/DFGSpeculativeJIT64.cpp:
3341         (JSC::DFG::SpeculativeJIT::compile):
3342         * ftl/FTLCapabilities.cpp:
3343         (JSC::FTL::canCompile):
3344         * ftl/FTLIntrinsicRepository.h:
3345         * ftl/FTLLowerDFGToLLVM.cpp:
3346         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3347         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3348         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3349         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3350         * jit/JIT.h:
3351         * jit/JITInlines.h:
3352         (JSC::JIT::callOperation):
3353         * jit/JITOperations.cpp:
3354         * jit/JITOperations.h:
3355         * jit/JITPropertyAccess.cpp:
3356         (JSC::JIT::emit_op_put_getter_by_id):
3357         (JSC::JIT::emit_op_put_setter_by_id):
3358         (JSC::JIT::emit_op_put_getter_setter):
3359         * jit/JITPropertyAccess32_64.cpp:
3360         (JSC::JIT::emit_op_put_getter_by_id):
3361         (JSC::JIT::emit_op_put_setter_by_id):
3362         (JSC::JIT::emit_op_put_getter_setter):
3363         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3364         (shouldBe):
3365         (testAttribute):
3366         (getter.Cocoa.prototype.get hello):
3367         (getter.Cocoa):
3368         (getter):
3369         (setter.Cocoa):
3370         (setter.Cocoa.prototype.set hello):
3371         (setter):
3372         (accessors.Cocoa):
3373         (accessors.Cocoa.prototype.get hello):
3374         (accessors.Cocoa.prototype.set hello):
3375         (accessors):
3376         * tests/stress/dfg-put-accessors-by-id.js: Added.
3377         (shouldBe):
3378         (testAttribute):
3379         (getter.object.get hello):
3380         (getter):
3381         (setter.object.set hello):
3382         (setter):
3383         (accessors.object.get hello):
3384         (accessors.object.set hello):
3385         (accessors):
3386         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3387         (shouldBe):
3388         (testAttribute):
3389         (getter.Cocoa):
3390         (getter.Cocoa.prototype.get hello):
3391         (getter.Cocoa.prototype.get name):
3392         (getter):
3393         * tests/stress/dfg-put-getter-by-id.js: Added.
3394         (shouldBe):
3395         (testAttribute):
3396         (getter.object.get hello):
3397         (getter):
3398         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3399         (shouldBe):
3400         (testAttribute):
3401         (getter.Cocoa):
3402         (getter.Cocoa.prototype.get name):
3403         (getter):
3404         * tests/stress/dfg-put-getter-by-val.js: Added.
3405         (shouldBe):
3406         (testAttribute):
3407         (getter.object.get name):
3408         (getter):
3409         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3410         (shouldBe):
3411         (testAttribute):
3412         (getter.Cocoa):
3413         (getter.Cocoa.prototype.set hello):
3414         (getter.Cocoa.prototype.get name):
3415         (getter):
3416         * tests/stress/dfg-put-setter-by-id.js: Added.
3417         (shouldBe):
3418         (testAttribute):
3419         (setter.object.set hello):
3420         (setter):
3421         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3422         (shouldBe):
3423         (testAttribute):
3424         (setter.Cocoa):
3425         (setter.Cocoa.prototype.set name):
3426         (setter):
3427         * tests/stress/dfg-put-setter-by-val.js: Added.
3428         (shouldBe):
3429         (testAttribute):
3430         (setter.object.set name):
3431         (setter):
3432
3433 2015-10-26  Mark Lam  <mark.lam@apple.com>
3434
3435         Add logging to warn about under-estimated FTL inline cache sizes.
3436         https://bugs.webkit.org/show_bug.cgi?id=150570
3437
3438         Reviewed by Geoffrey Garen.
3439
3440         Added 2 options:
3441         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
3442            estimates that are less than the actual needed code size.
3443
3444            This option is useful for when we add a new IC and want to compute an
3445            estimated size for the IC.  To do this:
3446            1. Build jsc for the target port with a very small IC size (enough to
3447               store the jump instruction needed for the out of line fallback
3448               implementation).
3449            2. Implement a test suite with scenarios that exercise all the code paths in
3450               the IC generator.
3451            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.
3452            4. The max value reported by the dumps will be the worst case size needed to
3453               store the IC.  We should use this value for our estimate.
3454            5. Update the IC's estimated size and rebuild jsc.
3455            6. Re-run (3) and confirm that there are no more error messages about the
3456               IC sizing.
3457
3458         2. JSC_assertICSizing - same as JSC_dumpFailedICSizing except that it also
3459            crashes the VM each time it encounters an inadequate IC size estimate.
3460
3461            This option is useful for regression testing to ensure that our estimates
3462            do not regress.
3463
3464         * ftl/FTLCompile.cpp:
3465         (JSC::FTL::generateInlineIfPossibleOutOfLineIfNot):
3466         * runtime/Options.h:
3467
3468 2015-10-26  Saam barati  <sbarati@apple.com>
3469
3470         r190735 Caused us to maybe trample the base's tag-GPR on 32-bit inline cache when the cache allocates a scratch register and then jumps to the slow path
3471         https://bugs.webkit.org/show_bug.cgi?id=150532
3472
3473         Reviewed by Geoffrey Garen.
3474
3475         The base's tag register used to show up in the used register set
3476         before r190735 because of how the DFG kept track of used register. I changed this 
3477         in my work on inline caching because we don't want to spill these registers
3478         when we have a GetByIdFlush/PutByIdFlush and we use the used register set
3479         as the metric of what to spill. That said, these registers should be locked
3480         and not used as scratch registers by the scratch register allocator. The
3481         reason is that our inline cache may fail and jump to the slow path. The slow
3482         path then uses the base's tag register. If the inline cache used the base's tag
3483         register as a scratch and the inline cache fails and jumps to the slow path, we
3484         have a problem because the tag may now be trampled.
3485
3486         Note that this doesn't mean that we can't trample the base's tag register when making
3487         a call. We can totally trample the register as long as the inline cache succeeds in a GetByIdFlush/PutByIdFlush.
3488         The problem is only when we trample it and then jump to the slow path.
3489
3490         This patch fixes this bug by making StructureStubInfo keep track of the base's
3491         tag GPR. PolymorphicAccess then locks this register when using the ScratchRegisterAllocator.
3492
3493         * bytecode/PolymorphicAccess.cpp:
3494         (JSC::AccessCase::generate):
3495         (JSC::PolymorphicAccess::regenerate):
3496         * bytecode/StructureStubInfo.h:
3497         * dfg/DFGSpeculativeJIT.cpp:
3498         (JSC::DFG::SpeculativeJIT::compileIn):
3499         * jit/JITInlineCacheGenerator.cpp:
3500         (JSC::JITByIdGenerator::JITByIdGenerator):
3501         * tests/stress/regress-150532.js: Added.
3502         (assert):
3503         (randomFunction):
3504         (foo):
3505         (i.switch):
3506
3507 2015-10-24  Brian Burg  <bburg@apple.com>
3508
3509         Teach create_hash_table to omit builtins macros when generating tables for native-only objects
3510         https://bugs.webkit.org/show_bug.cgi?id=150491
3511
3512         Reviewed by Yusuke Suzuki.
3513
3514         In order to support separate compilation for generated builtins files, we need to be able to
3515         include specific builtins headers from generated .lut.h files. However, the create_hash_table
3516         script isn't smart enough to figure out when a generated file might actually contain a builtin.
3517         Without further help, we'd have to include an all-in-one header, mostly defeating the point of
3518         generating separate .h and .cpp files for every builtin.
3519
3520         This patch segregates the pure native and partially builtin sources in the build system, and
3521         gives hints to create_hash_table so that it doesn't even generate checks for builtins if the
3522         input file has no builtin method implementations. Also do some modernization and code cleanup.
3523
3524         * CMakeLists.txt:
3525
3526         Generate each group with different flags to create_hash_table. Change the macro to take
3527         flags through the variable LUT_GENERATOR_FLAGS. Set this as necessary before calling macro.
3528         Add an additional hint to CMake that the .cpp source file depends on the generated file.
3529
3530         * DerivedSources.make:
3531
3532         Generate each group with different flags to create_hash_table. Clean up the 'all' target
3533         so that static dependencies are listed first. Use static patterns to decide which .lut.h
3534         files require which flags. Reduce fragile usages of implicit variables.
3535
3536         * JavaScriptCore.xcodeproj/project.pbxproj:
3537
3538         Add some missing .lut.h files to the Derived Sources group. Sort the project.
3539
3540         * create_hash_table:
3541
3542         Parse options in a sane way using GetOpt::Long. Remove ability to specify a custom namespace
3543         since this isn't actually used anywhere. Normalize placement of newlines in quoted strings.
3544         Only generate builtins macros and includes if the source file is known to have some builtins.
3545
3546 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
3547
3548         Web Inspector: Remove unused ScrollLayer Timeline EventType
3549         https://bugs.webkit.org/show_bug.cgi?id=150518
3550
3551         Reviewed by Timothy Hatcher.
3552
3553         * inspector/protocol/Timeline.json:
3554
3555 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
3556
3557         Web Inspector: Clean up InspectorInstrumentation includes
3558         https://bugs.webkit.org/show_bug.cgi?id=150523
3559
3560         Reviewed by Timothy Hatcher.
3561
3562         * inspector/agents/InspectorConsoleAgent.cpp:
3563         (Inspector::InspectorConsoleAgent::consoleMessageArgumentCounts): Deleted.
3564         * inspector/agents/InspectorConsoleAgent.h:
3565
3566 2015-10-23  Michael Saboff  <msaboff@apple.com>
3567
3568         REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584
3569         https://bugs.webkit.org/show_bug.cgi?id=150513
3570
3571         Reviewed by Saam Barati.
3572
3573         Add check in linkPolymorphicCall() to make sure we have a CodeBlock for the newly added variant.
3574         If not, we turn the call into a virtual call.
3575
3576         The bug was caused by a stack overflow when preparing the function for execution.  This properly
3577         threw an exception, however linkPolymorphicCall() didn't check for this error case.
3578
3579         Added a new test function "failNextNewCodeBlock()" to test tools to simplify the testing.
3580
3581         * API/JSCTestRunnerUtils.cpp:
3582         (JSC::failNextNewCodeBlock):
3583         (JSC::numberOfDFGCompiles):
3584         * API/JSCTestRunnerUtils.h:
3585         * jit/Repatch.cpp:
3586         (JSC::linkPolymorphicCall):
3587         * jsc.cpp:
3588         (GlobalObject::finishCreation):
3589         (functionTransferArrayBuffer):
3590         (functionFailNextNewCodeBlock):
3591         (functionQuit):
3592         * runtime/Executable.cpp:
3593         (JSC::ScriptExecutable::prepareForExecutionImpl):
3594         * runtime/TestRunnerUtils.cpp:
3595         (JSC::optimizeNextInvocation):
3596         (JSC::failNextNewCodeBlock):
3597         (JSC::numberOfDFGCompiles):
3598         * runtime/TestRunnerUtils.h:
3599         * runtime/VM.h:
3600         (JSC::VM::setFailNextNewCodeBlock):
3601         (JSC::VM::getAndClearFailNextNewCodeBlock):
3602         (JSC::VM::stackPointerAtVMEntry):
3603
3604 2015-10-23  Commit Queue  <commit-queue@webkit.org>
3605
3606         Unreviewed, rolling out r191500.
3607         https://bugs.webkit.org/show_bug.cgi?id=150526
3608
3609         Broke two JSC regression tests (Requested by msaboff on
3610         #webkit).
3611
3612         Reverted changeset:
3613
3614         "[ES6] Add DFG/FTL support for accessor put operations"
3615         https://bugs.webkit.org/show_bug.cgi?id=148860
3616         http://trac.webkit.org/changeset/191500
3617
3618 2015-10-23  Yusuke Suzuki  <utatane.tea@gmail.com>
3619
3620         [ES6] Add DFG/FTL support for accessor put operations
3621         https://bugs.webkit.org/show_bug.cgi?id=148860
3622
3623         Reviewed by Geoffrey Garen.
3624
3625         This patch introduces accessor defining ops into DFG and FTL.
3626         The following DFG nodes are introduced.
3627
3628             op_put_getter_by_id  => PutGetterById
3629             op_put_setter_by_id  => PutSetterById
3630             op_put_getter_setter => PutGetterSetterById
3631             op_put_getter_by_val => PutGetterByVal
3632             op_put_setter_by_val => PutSetterByVal
3633
3634         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3635
3636         To use operations defined for baseline JIT, we clean up existing operations.
3637         And reuse these operations in DFG and FTL.
3638
3639         * dfg/DFGAbstractInterpreterInlines.h:
3640         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3641         * dfg/DFGByteCodeParser.cpp:
3642         (JSC::DFG::ByteCodeParser::parseBlock):
3643         * dfg/DFGCapabilities.cpp:
3644         (JSC::DFG::capabilityLevel):
3645         * dfg/DFGClobberize.h:
3646         (JSC::DFG::clobberize):
3647         * dfg/DFGDoesGC.cpp:
3648         (JSC::DFG::doesGC):
3649         * dfg/DFGFixupPhase.cpp:
3650         (JSC::DFG::FixupPhase::fixupNode):
3651         * dfg/DFGNode.h:
3652         (JSC::DFG::Node::hasIdentifier):
3653         (JSC::DFG::Node::hasAccessorAttributes):
3654         (JSC::DFG::Node::accessorAttributes):
3655         * dfg/DFGNodeType.h:
3656         * dfg/DFGPredictionPropagationPhase.cpp:
3657         (JSC::DFG::PredictionPropagationPhase::propagate):
3658         * dfg/DFGSafeToExecute.h:
3659         (JSC::DFG::safeToExecute):
3660         * dfg/DFGSpeculativeJIT.cpp:
3661         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3662         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3663         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3664         * dfg/DFGSpeculativeJIT.h:
3665         (JSC::DFG::SpeculativeJIT::callOperation):
3666         * dfg/DFGSpeculativeJIT32_64.cpp:
3667         (JSC::DFG::SpeculativeJIT::compile):
3668         * dfg/DFGSpeculativeJIT64.cpp:
3669         (JSC::DFG::SpeculativeJIT::compile):
3670         * ftl/FTLCapabilities.cpp:
3671         (JSC::FTL::canCompile):
3672         * ftl/FTLIntrinsicRepository.h:
3673         * ftl/FTLLowerDFGToLLVM.cpp:
3674         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3675         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3676         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3677         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3678         * jit/JIT.h:
3679         * jit/JITInlines.h:
3680         (JSC::JIT::callOperation):
3681         * jit/JITOperations.cpp:
3682         * jit/JITOperations.h:
3683         * jit/JITPropertyAccess.cpp:
3684         (JSC::JIT::emit_op_put_getter_by_id):
3685         (JSC::JIT::emit_op_put_setter_by_id):
3686         (JSC::JIT::emit_op_put_getter_setter):
3687         * jit/JITPropertyAccess32_64.cpp:
3688         (JSC::JIT::emit_op_put_getter_by_id):
3689         (JSC::JIT::emit_op_put_setter_by_id):
3690         (JSC::JIT::emit_op_put_getter_setter):
3691         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3692         (shouldBe):
3693         (testAttribute):
3694         (getter.Cocoa.prototype.get hello):
3695         (getter.Cocoa):
3696         (getter):
3697         (setter.Cocoa):
3698         (setter.Cocoa.prototype.set hello):
3699         (setter):
3700         (accessors.Cocoa):
3701         (accessors.Cocoa.prototype.get hello):
3702         (accessors.Cocoa.prototype.set hello):
3703         (accessors):
3704         * tests/stress/dfg-put-accessors-by-id.js: Added.
3705         (shouldBe):
3706         (testAttribute):
3707         (getter.object.get hello):
3708         (getter):
3709         (setter.object.set hello):
3710         (setter):
3711         (accessors.object.get hello):
3712         (accessors.object.set hello):
3713         (accessors):
3714         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3715         (shouldBe):
3716         (testAttribute):
3717         (getter.Cocoa):
3718         (getter.Cocoa.prototype.get hello):
3719         (getter.Cocoa.prototype.get name):
3720         (getter):
3721         * tests/stress/dfg-put-getter-by-id.js: Added.
3722         (shouldBe):
3723         (testAttribute):
3724         (getter.object.get hello):
3725         (getter):
3726         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3727         (shouldBe):
3728         (testAttribute):
3729         (getter.Cocoa):
3730         (getter.Cocoa.prototype.get name):
3731         (getter):
3732         * tests/stress/dfg-put-getter-by-val.js: Added.
3733         (shouldBe):
3734         (testAttribute):
3735         (getter.object.get name):
3736         (getter):
3737         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3738         (shouldBe):
3739         (testAttribute):
3740         (getter.Cocoa):
3741         (getter.Cocoa.prototype.set hello):
3742         (getter.Cocoa.prototype.get name):
3743         (getter):
3744         * tests/stress/dfg-put-setter-by-id.js: Added.
3745         (shouldBe):
3746         (testAttribute):
3747         (setter.object.set hello):
3748         (setter):
3749         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3750         (shouldBe):
3751         (testAttribute):
3752         (setter.Cocoa):
3753         (setter.Cocoa.prototype.set name):
3754         (setter):
3755         * tests/stress/dfg-put-setter-by-val.js: Added.
3756         (shouldBe):
3757         (testAttribute):
3758         (setter.object.set name):
3759         (setter):
3760
3761 2015-10-22  Joseph Pecoraro  <pecoraro@apple.com>
3762
3763         Web Inspector: Remove unused Timeline GCEvent Record type
3764         https://bugs.webkit.org/show_bug.cgi?id=150477
3765
3766         Reviewed by Timothy Hatcher.
3767
3768         Garbage Collection events go through the Heap domain, not the
3769         Timeline domain (long time ago for Chromium).
3770
3771         * inspector/protocol/Timeline.json:
3772
3773 2015-10-22  Michael Saboff  <msaboff@apple.com>
3774
3775         REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at JavaScriptCore:JSC::ExecState::bytecodeOffset + 174
3776         https://bugs.webkit.org/show_bug.cgi?id=150434
3777
3778         Reviewed by Mark Lam.
3779
3780         Pass the current frame instead of the caller frame to operationVMHandleException when processing an
3781         exception in one of the native thunks.
3782
3783         * jit/JITExceptions.cpp:
3784         (JSC::genericUnwind): Made debug printing of CodeBlock safe for call frames without one.
3785         * jit/JITOpcodes32_64.cpp:
3786         (JSC::JIT::privateCompileCTINativeCall):
3787         * jit/ThunkGenerators.cpp:
3788         (JSC::nativeForGenerator):
3789
3790 2015-10-21  Brian Burg  <bburg@apple.com>
3791
3792         Restructure generate-js-bindings script to be modular and testable
3793         https://bugs.webkit.org/show_bug.cgi?id=149929
3794
3795         Reviewed by Alex Christensen.
3796
3797         This is a new code generator, based on the replay inputs code generator and
3798         the inspector protocol code generator, which produces various files for JS
3799         builtins.
3800
3801         Relative to the generator it replaces, this one consolidates two scripts in
3802         JavaScriptCore and WebCore into a single script with multiple files. Parsed
3803         information about the builtins file is stored in backend-independent model
3804         objects. Each output file has its own code generator that uses the model to
3805         produce resulting code. Generators are additionally parameterized by the target
3806         framework (to choose correct macros and includes) and output mode (one
3807         header/implementation file per builtin or per framework).
3808
3809         It includes a few simple tests of the generator's functionality. These result-
3810         based tests will become increasingly more important as we start to add support
3811         for builtins annotation such as @optional, @internal, etc. to the code generator.
3812
3813         Some of these complexities, such as having two output modes, will be removed in
3814         subsequent patches. This patch is intended to exactly replace the existing
3815         functionality with a unified script that makes additional cleanups straightforward.
3816
3817         Additional cleanup and consolidation between inspector code generator scripts
3818         and this script will be pursued in followup patches.
3819
3820         New tests:
3821
3822         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js
3823         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js
3824         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js
3825         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js
3826         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js
3827         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js
3828         Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js
3829         Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js
3830         Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js
3831         Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js
3832
3833
3834         * CMakeLists.txt:
3835
3836             Copy the scripts that are used by other targets to a staging directory inside
3837             ${DERIVED_SOURCES_DIR}/ForwardingHeaders/JavaScriptCore/Scripts.
3838             Define JavaScriptCore_SCRIPTS_DIR to point here so that the add_custom_command
3839             and shared file lists are identical between JavaScriptCore and WebCore. The staged
3840             scripts are a dependency of the main JavaScriptCore target so that they are
3841             always staged, even if JavaScriptCore itself does not use a particular script.
3842
3843             The output files additionally depend on all builtin generator script files
3844             and input files that are combined into the single header/implementation file.
3845
3846         * DerivedSources.make:
3847
3848             Define JavaScriptCore_SCRIPTS_DIR explicitly so the rule for code generation and
3849             shared file lists are identical between JavaScriptCore and WebCore.
3850
3851             The output files additionally depend on all builtin generator script files
3852             and input files that are combined into the single header/implementation file.
3853
3854         * JavaScriptCore.xcodeproj/project.pbxproj:
3855
3856             Mark the new builtins generator files as private headers so we can use them from
3857             WebCore.
3858
3859         * Scripts/UpdateContents.py: Renamed from Source/JavaScriptCore/UpdateContents.py.
3860         * Scripts/builtins/__init__.py: Added.
3861         * Scripts/builtins/builtins.py: Added.
3862         * Scripts/builtins/builtins_generator.py: Added. This file contains the base generator.
3863         (WK_lcfirst):
3864         (WK_ucfirst):
3865         (BuiltinsGenerator):
3866         (BuiltinsGenerator.__init__):
3867         (BuiltinsGenerator.model):
3868         (BuiltinsGenerator.generate_license):
3869         (BuiltinsGenerator.generate_includes_from_entries):
3870         (BuiltinsGenerator.generate_output):
3871         (BuiltinsGenerator.output_filename):
3872         (BuiltinsGenerator.mangledNameForFunction):
3873         (BuiltinsGenerator.mangledNameForFunction.toCamel):
3874         (BuiltinsGenerator.generate_embedded_code_string_section_for_function):
3875         * Scripts/builtins/builtins_model.py: Added. This file contains builtins model objects.
3876         (ParseException):
3877         (Framework):
3878         (Framework.__init__):
3879         (Framework.setting):
3880         (Framework.fromString):
3881         (Frameworks):
3882         (BuiltinObject):
3883         (BuiltinObject.__init__):
3884         (BuiltinFunction):
3885         (BuiltinFunction.__init__):
3886         (BuiltinFunction.fromString):
3887         (BuiltinFunction.__str__):
3888         (BuiltinsCollection):
3889         (BuiltinsCollection.__init__):
3890         (BuiltinsCollection.parse_builtins_file):
3891         (BuiltinsCollection.copyrights):
3892         (BuiltinsCollection.all_functions):
3893         (BuiltinsCollection._parse_copyright_lines):
3894         (BuiltinsCollection._parse_functions):
3895         * Scripts/builtins/builtins_templates.py: Added.
3896         (BuiltinsGeneratorTemplates):
3897         * Scripts/builtins/builtins_generate_combined_header.py: Added.
3898         (BuiltinsCombinedHeaderGenerator):
3899         (BuiltinsCombinedHeaderGenerator.__init__):
3900         (BuiltinsCombinedHeaderGenerator.output_filename):
3901         (BuiltinsCombinedHeaderGenerator.generate_output):
3902         (BuiltinsCombinedHeaderGenerator.generate_forward_declarations):
3903         (FunctionExecutable):
3904         (VM):
3905         (ConstructAbility):
3906         (generate_section_for_object):
3907         (generate_externs_for_object):
3908         (generate_macros_for_object):
3909         (generate_defines_for_object):
3910         (generate_section_for_code_table_macro):
3911         (generate_section_for_code_name_macro):
3912         * Scripts/builtins/builtins_generate_combined_implementation.py: Added.
3913         (BuiltinsCombinedImplementationGenerator):
3914         (BuiltinsCombinedImplementationGenerator.__init__):
3915         (BuiltinsCombinedImplementationGenerator.output_filename):
3916         (BuiltinsCombinedImplementationGenerator.generate_output):
3917         (BuiltinsCombinedImplementationGenerator.generate_header_includes):
3918         * Scripts/builtins/builtins_generate_separate_header.py: Added.
3919         (BuiltinsSeparateHeaderGenerator):
3920         (BuiltinsSeparateHeaderGenerator.__init__):
3921         (BuiltinsSeparateHeaderGenerator.output_filename):
3922         (BuiltinsSeparateHeaderGenerator.macro_prefix):
3923         (BuiltinsSeparateHeaderGenerator.generate_output):
3924         (BuiltinsSeparateHeaderGenerator.generate_forward_declarations):
3925         (FunctionExecutable):
3926         (generate_header_includes):
3927         (generate_section_for_object):
3928         (generate_externs_for_object):
3929         (generate_macros_for_object):
3930         (generate_defines_for_object):
3931         (generate_section_for_code_table_macro):
3932         (generate_section_for_code_name_macro):
3933         * Scripts/builtins/builtins_generate_separate_implementation.py: Added.
3934         (BuiltinsSeparateImplementationGenerator):
3935         (BuiltinsSeparateImplementationGenerator.__init__):
3936         (BuiltinsSeparateImplementationGenerator.output_filename):
3937         (BuiltinsSeparateImplementationGenerator.macro_prefix):
3938         (BuiltinsSeparateImplementationGenerator.generate_output):
3939         (BuiltinsSeparateImplementationGenerator.generate_header_includes):
3940         * Scripts/builtins/builtins_generate_separate_wrapper.py: Added.
3941         (BuiltinsSeparateWrapperGenerator):
3942         (BuiltinsSeparateWrapperGenerator.__init__):
3943         (BuiltinsSeparateWrapperGenerator.output_filename):
3944         (BuiltinsSeparateWrapperGenerator.macro_prefix):
3945         (BuiltinsSeparateWrapperGenerator.generate_output):
3946         (BuiltinsSeparateWrapperGenerator.generate_header_includes):
3947         * Scripts/generate-js-builtins.py: Added.
3948
3949             Parse command line options, decide which generators and output modes to use.
3950
3951         (generate_bindings_for_builtins_files):
3952         * Scripts/lazywriter.py: Copied from the inspector protocol generator.
3953         (LazyFileWriter):
3954         (LazyFileWriter.__init__):
3955         (LazyFileWriter.write):
3956         (LazyFileWriter.close):
3957         * Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js: Added.
3958         * Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js: Added.