[Re-landing] Implement a StackTrace utility object that can capture stack traces...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-10  Mark Lam  <mark.lam@apple.com>
2
3         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
4         https://bugs.webkit.org/show_bug.cgi?id=169454
5
6         Reviewed by Michael Saboff.
7
8         The underlying implementation is hoisted right out of Assertions.cpp from the
9         implementations of WTFPrintBacktrace().
10
11         The reason we need this StackTrace object is because during heap debugging, we
12         sometimes want to capture the stack trace that allocated the objects of interest.
13         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
14         perturb the execution profile sufficiently that an issue may not reproduce,
15         while alternatively, just capturing the stack trace and deferring printing it
16         till we actually need it later perturbs the execution profile less.
17
18         In addition, just capturing the stack traces (instead of printing them
19         immediately at each capture site) allows us to avoid polluting stdout with tons
20         of stack traces that may be irrelevant.
21
22         For now, we only capture the native stack trace.  We'll leave capturing and
23         integrating the JS stack trace as an exercise for the future if we need it then.
24
25         Here's an example of how to use this StackTrace utility:
26
27             // Capture a stack trace of the top 10 frames.
28             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
29             // Print the trace.
30             dataLog(*trace);
31
32         * CMakeLists.txt:
33         * JavaScriptCore.xcodeproj/project.pbxproj:
34         * tools/StackTrace.cpp: Added.
35         (JSC::StackTrace::instanceSize):
36         (JSC::StackTrace::captureStackTrace):
37         (JSC::StackTrace::dump):
38         * tools/StackTrace.h: Added.
39         (JSC::StackTrace::size):
40         (JSC::StackTrace::StackTrace):
41
42 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
43
44         B3 should have comprehensive support for atomic operations
45         https://bugs.webkit.org/show_bug.cgi?id=162349
46
47         Reviewed by Keith Miller.
48         
49         This adds the following capabilities to B3:
50         
51         - Atomic weak/strong unfenced/fenced compare-and-swap
52         - Atomic add/sub/or/and/xor/xchg
53         - Acquire/release fencing on loads/stores
54         - Fenceless load-load dependencies
55         
56         This adds lowering to the following instructions on x86:
57         
58         - lock cmpxchg
59         - lock xadd
60         - lock add/sub/or/and/xor/xchg
61         
62         This adds lowering to the following instructions on ARM64:
63         
64         - ldar and friends
65         - stlr and friends
66         - ldxr and friends (unfenced LL)
67         - stxr and friends (unfended SC)
68         - ldaxr and friends (fenced LL)
69         - stlxr and friends (fenced SC)
70         - eor as a fenceless load-load dependency
71         
72         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
73         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
74         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
75         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
76         generate the best possible branch sequence on x86 and ARM64.
77         
78         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
79         respect to each other and with respect to rel stores, creating sequential consistency that
80         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
81         fence effects may only target some abstract heaps but not others, so that load elimination and
82         store sinking can still operate across fences if you just tell B3 that the fence does not alias
83         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
84         Even better, it lets you express fine-grained dependencies where the atomics that affect one
85         property in shared memory do not clobber non-atomics that ffect some other property in shared
86         memory.
87         
88         One of my favorite features is Depend, which allows you to express load-load dependencies. On
89         x86 it lowers to nothing, while on ARM64 it lowers to eor.
90         
91         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
92         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
93         
94         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
95         implementations of the Atomics object, for now.
96         
97         * CMakeLists.txt:
98         * JavaScriptCore.xcodeproj/project.pbxproj:
99         * assembler/ARM64Assembler.h:
100         (JSC::ARM64Assembler::ldar):
101         (JSC::ARM64Assembler::ldxr):
102         (JSC::ARM64Assembler::ldaxr):
103         (JSC::ARM64Assembler::stxr):
104         (JSC::ARM64Assembler::stlr):
105         (JSC::ARM64Assembler::stlxr):
106         (JSC::ARM64Assembler::excepnGenerationImmMask):
107         (JSC::ARM64Assembler::exoticLoad):
108         (JSC::ARM64Assembler::storeRelease):
109         (JSC::ARM64Assembler::exoticStore):
110         * assembler/AbstractMacroAssembler.cpp: Added.
111         (WTF::printInternal):
112         * assembler/AbstractMacroAssembler.h:
113         (JSC::AbstractMacroAssemblerBase::invert):
114         * assembler/MacroAssembler.h:
115         * assembler/MacroAssemblerARM64.h:
116         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
117         (JSC::MacroAssemblerARM64::loadAcq8):
118         (JSC::MacroAssemblerARM64::storeRel8):
119         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
120         (JSC::MacroAssemblerARM64::loadAcq16):
121         (JSC::MacroAssemblerARM64::storeRel16):
122         (JSC::MacroAssemblerARM64::loadAcq32):
123         (JSC::MacroAssemblerARM64::loadAcq64):
124         (JSC::MacroAssemblerARM64::storeRel32):
125         (JSC::MacroAssemblerARM64::storeRel64):
126         (JSC::MacroAssemblerARM64::loadLink8):
127         (JSC::MacroAssemblerARM64::loadLinkAcq8):
128         (JSC::MacroAssemblerARM64::storeCond8):
129         (JSC::MacroAssemblerARM64::storeCondRel8):
130         (JSC::MacroAssemblerARM64::loadLink16):
131         (JSC::MacroAssemblerARM64::loadLinkAcq16):
132         (JSC::MacroAssemblerARM64::storeCond16):
133         (JSC::MacroAssemblerARM64::storeCondRel16):
134         (JSC::MacroAssemblerARM64::loadLink32):
135         (JSC::MacroAssemblerARM64::loadLinkAcq32):
136         (JSC::MacroAssemblerARM64::storeCond32):
137         (JSC::MacroAssemblerARM64::storeCondRel32):
138         (JSC::MacroAssemblerARM64::loadLink64):
139         (JSC::MacroAssemblerARM64::loadLinkAcq64):
140         (JSC::MacroAssemblerARM64::storeCond64):
141         (JSC::MacroAssemblerARM64::storeCondRel64):
142         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
143         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
144         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
145         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
146         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
147         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
148         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
149         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
150         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
151         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
152         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
153         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
154         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
155         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
156         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
157         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
158         (JSC::MacroAssemblerARM64::depend32):
159         (JSC::MacroAssemblerARM64::depend64):
160         (JSC::MacroAssemblerARM64::loadLink):
161         (JSC::MacroAssemblerARM64::loadLinkAcq):
162         (JSC::MacroAssemblerARM64::storeCond):
163         (JSC::MacroAssemblerARM64::storeCondRel):
164         (JSC::MacroAssemblerARM64::signExtend):
165         (JSC::MacroAssemblerARM64::branch):
166         (JSC::MacroAssemblerARM64::atomicStrongCAS):
167         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
168         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
169         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
170         (JSC::MacroAssemblerARM64::extractSimpleAddress):
171         (JSC::MacroAssemblerARM64::signExtend<8>):
172         (JSC::MacroAssemblerARM64::signExtend<16>):
173         (JSC::MacroAssemblerARM64::branch<64>):
174         * assembler/MacroAssemblerX86Common.h:
175         (JSC::MacroAssemblerX86Common::add32):
176         (JSC::MacroAssemblerX86Common::and32):
177         (JSC::MacroAssemblerX86Common::and16):
178         (JSC::MacroAssemblerX86Common::and8):
179         (JSC::MacroAssemblerX86Common::neg32):
180         (JSC::MacroAssemblerX86Common::neg16):
181         (JSC::MacroAssemblerX86Common::neg8):
182         (JSC::MacroAssemblerX86Common::or32):
183         (JSC::MacroAssemblerX86Common::or16):
184         (JSC::MacroAssemblerX86Common::or8):
185         (JSC::MacroAssemblerX86Common::sub16):
186         (JSC::MacroAssemblerX86Common::sub8):
187         (JSC::MacroAssemblerX86Common::sub32):
188         (JSC::MacroAssemblerX86Common::xor32):
189         (JSC::MacroAssemblerX86Common::xor16):
190         (JSC::MacroAssemblerX86Common::xor8):
191         (JSC::MacroAssemblerX86Common::not32):
192         (JSC::MacroAssemblerX86Common::not16):
193         (JSC::MacroAssemblerX86Common::not8):
194         (JSC::MacroAssemblerX86Common::store16):
195         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
196         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
197         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
198         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
199         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
200         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
201         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
202         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
203         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
204         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
205         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
206         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
207         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
208         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
209         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
210         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
211         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
212         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
213         (JSC::MacroAssemblerX86Common::atomicAdd8):
214         (JSC::MacroAssemblerX86Common::atomicAdd16):
215         (JSC::MacroAssemblerX86Common::atomicAdd32):
216         (JSC::MacroAssemblerX86Common::atomicSub8):
217         (JSC::MacroAssemblerX86Common::atomicSub16):
218         (JSC::MacroAssemblerX86Common::atomicSub32):
219         (JSC::MacroAssemblerX86Common::atomicAnd8):
220         (JSC::MacroAssemblerX86Common::atomicAnd16):
221         (JSC::MacroAssemblerX86Common::atomicAnd32):
222         (JSC::MacroAssemblerX86Common::atomicOr8):
223         (JSC::MacroAssemblerX86Common::atomicOr16):
224         (JSC::MacroAssemblerX86Common::atomicOr32):
225         (JSC::MacroAssemblerX86Common::atomicXor8):
226         (JSC::MacroAssemblerX86Common::atomicXor16):
227         (JSC::MacroAssemblerX86Common::atomicXor32):
228         (JSC::MacroAssemblerX86Common::atomicNeg8):
229         (JSC::MacroAssemblerX86Common::atomicNeg16):
230         (JSC::MacroAssemblerX86Common::atomicNeg32):
231         (JSC::MacroAssemblerX86Common::atomicNot8):
232         (JSC::MacroAssemblerX86Common::atomicNot16):
233         (JSC::MacroAssemblerX86Common::atomicNot32):
234         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
235         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
236         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
237         (JSC::MacroAssemblerX86Common::atomicXchg8):
238         (JSC::MacroAssemblerX86Common::atomicXchg16):
239         (JSC::MacroAssemblerX86Common::atomicXchg32):
240         (JSC::MacroAssemblerX86Common::loadAcq8):
241         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
242         (JSC::MacroAssemblerX86Common::loadAcq16):
243         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
244         (JSC::MacroAssemblerX86Common::loadAcq32):
245         (JSC::MacroAssemblerX86Common::storeRel8):
246         (JSC::MacroAssemblerX86Common::storeRel16):
247         (JSC::MacroAssemblerX86Common::storeRel32):
248         (JSC::MacroAssemblerX86Common::storeFence):
249         (JSC::MacroAssemblerX86Common::loadFence):
250         (JSC::MacroAssemblerX86Common::replaceWithJump):
251         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
252         (JSC::MacroAssemblerX86Common::patchableJumpSize):
253         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
254         (JSC::MacroAssemblerX86Common::supportsAVX):
255         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
256         (JSC::MacroAssemblerX86Common::x86Condition):
257         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
258         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
259         * assembler/MacroAssemblerX86_64.h:
260         (JSC::MacroAssemblerX86_64::add64):
261         (JSC::MacroAssemblerX86_64::and64):
262         (JSC::MacroAssemblerX86_64::neg64):
263         (JSC::MacroAssemblerX86_64::or64):
264         (JSC::MacroAssemblerX86_64::sub64):
265         (JSC::MacroAssemblerX86_64::xor64):
266         (JSC::MacroAssemblerX86_64::not64):
267         (JSC::MacroAssemblerX86_64::store64):
268         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
269         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
270         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
271         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
272         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
273         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
274         (JSC::MacroAssemblerX86_64::atomicAdd64):
275         (JSC::MacroAssemblerX86_64::atomicSub64):
276         (JSC::MacroAssemblerX86_64::atomicAnd64):
277         (JSC::MacroAssemblerX86_64::atomicOr64):
278         (JSC::MacroAssemblerX86_64::atomicXor64):
279         (JSC::MacroAssemblerX86_64::atomicNeg64):
280         (JSC::MacroAssemblerX86_64::atomicNot64):
281         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
282         (JSC::MacroAssemblerX86_64::atomicXchg64):
283         (JSC::MacroAssemblerX86_64::loadAcq64):
284         (JSC::MacroAssemblerX86_64::storeRel64):
285         * assembler/X86Assembler.h:
286         (JSC::X86Assembler::addl_mr):
287         (JSC::X86Assembler::addq_mr):
288         (JSC::X86Assembler::addq_rm):
289         (JSC::X86Assembler::addq_im):
290         (JSC::X86Assembler::andl_mr):
291         (JSC::X86Assembler::andl_rm):
292         (JSC::X86Assembler::andw_rm):
293         (JSC::X86Assembler::andb_rm):
294         (JSC::X86Assembler::andl_im):
295         (JSC::X86Assembler::andw_im):
296         (JSC::X86Assembler::andb_im):
297         (JSC::X86Assembler::andq_mr):
298         (JSC::X86Assembler::andq_rm):
299         (JSC::X86Assembler::andq_im):
300         (JSC::X86Assembler::incq_m):
301         (JSC::X86Assembler::negq_m):
302         (JSC::X86Assembler::negl_m):
303         (JSC::X86Assembler::negw_m):
304         (JSC::X86Assembler::negb_m):
305         (JSC::X86Assembler::notl_m):
306         (JSC::X86Assembler::notw_m):
307         (JSC::X86Assembler::notb_m):
308         (JSC::X86Assembler::notq_m):
309         (JSC::X86Assembler::orl_mr):
310         (JSC::X86Assembler::orl_rm):
311         (JSC::X86Assembler::orw_rm):
312         (JSC::X86Assembler::orb_rm):
313         (JSC::X86Assembler::orl_im):
314         (JSC::X86Assembler::orw_im):
315         (JSC::X86Assembler::orb_im):
316         (JSC::X86Assembler::orq_mr):
317         (JSC::X86Assembler::orq_rm):
318         (JSC::X86Assembler::orq_im):
319         (JSC::X86Assembler::subl_mr):
320         (JSC::X86Assembler::subl_rm):
321         (JSC::X86Assembler::subw_rm):
322         (JSC::X86Assembler::subb_rm):
323         (JSC::X86Assembler::subl_im):
324         (JSC::X86Assembler::subw_im):
325         (JSC::X86Assembler::subb_im):
326         (JSC::X86Assembler::subq_mr):
327         (JSC::X86Assembler::subq_rm):
328         (JSC::X86Assembler::subq_im):
329         (JSC::X86Assembler::xorl_mr):
330         (JSC::X86Assembler::xorl_rm):
331         (JSC::X86Assembler::xorl_im):
332         (JSC::X86Assembler::xorw_rm):
333         (JSC::X86Assembler::xorw_im):
334         (JSC::X86Assembler::xorb_rm):
335         (JSC::X86Assembler::xorb_im):
336         (JSC::X86Assembler::xorq_im):
337         (JSC::X86Assembler::xorq_rm):
338         (JSC::X86Assembler::xorq_mr):
339         (JSC::X86Assembler::xchgb_rm):
340         (JSC::X86Assembler::xchgw_rm):
341         (JSC::X86Assembler::xchgl_rm):
342         (JSC::X86Assembler::xchgq_rm):
343         (JSC::X86Assembler::movw_im):
344         (JSC::X86Assembler::movq_i32m):
345         (JSC::X86Assembler::cmpxchgb_rm):
346         (JSC::X86Assembler::cmpxchgw_rm):
347         (JSC::X86Assembler::cmpxchgl_rm):
348         (JSC::X86Assembler::cmpxchgq_rm):
349         (JSC::X86Assembler::xaddb_rm):
350         (JSC::X86Assembler::xaddw_rm):
351         (JSC::X86Assembler::xaddl_rm):
352         (JSC::X86Assembler::xaddq_rm):
353         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
354         * b3/B3AtomicValue.cpp: Added.
355         (JSC::B3::AtomicValue::~AtomicValue):
356         (JSC::B3::AtomicValue::dumpMeta):
357         (JSC::B3::AtomicValue::cloneImpl):
358         (JSC::B3::AtomicValue::AtomicValue):
359         * b3/B3AtomicValue.h: Added.
360         * b3/B3BasicBlock.h:
361         * b3/B3BlockInsertionSet.cpp:
362         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
363         (JSC::B3::BlockInsertionSet::insert): Deleted.
364         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
365         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
366         (JSC::B3::BlockInsertionSet::execute): Deleted.
367         * b3/B3BlockInsertionSet.h:
368         * b3/B3Effects.cpp:
369         (JSC::B3::Effects::interferes):
370         (JSC::B3::Effects::operator==):
371         (JSC::B3::Effects::dump):
372         * b3/B3Effects.h:
373         (JSC::B3::Effects::forCall):
374         (JSC::B3::Effects::mustExecute):
375         * b3/B3EliminateCommonSubexpressions.cpp:
376         * b3/B3Generate.cpp:
377         (JSC::B3::generateToAir):
378         * b3/B3GenericBlockInsertionSet.h: Added.
379         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
380         (JSC::B3::GenericBlockInsertionSet::insert):
381         (JSC::B3::GenericBlockInsertionSet::insertBefore):
382         (JSC::B3::GenericBlockInsertionSet::insertAfter):
383         (JSC::B3::GenericBlockInsertionSet::execute):
384         * b3/B3HeapRange.h:
385         (JSC::B3::HeapRange::operator|):
386         * b3/B3InsertionSet.cpp:
387         (JSC::B3::InsertionSet::insertClone):
388         * b3/B3InsertionSet.h:
389         * b3/B3LegalizeMemoryOffsets.cpp:
390         * b3/B3LowerMacros.cpp:
391         (JSC::B3::lowerMacros):
392         * b3/B3LowerMacrosAfterOptimizations.cpp:
393         * b3/B3LowerToAir.cpp:
394         (JSC::B3::Air::LowerToAir::LowerToAir):
395         (JSC::B3::Air::LowerToAir::run):
396         (JSC::B3::Air::LowerToAir::effectiveAddr):
397         (JSC::B3::Air::LowerToAir::addr):
398         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
399         (JSC::B3::Air::LowerToAir::appendShift):
400         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
401         (JSC::B3::Air::LowerToAir::storeOpcode):
402         (JSC::B3::Air::LowerToAir::createStore):
403         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
404         (JSC::B3::Air::LowerToAir::newBlock):
405         (JSC::B3::Air::LowerToAir::splitBlock):
406         (JSC::B3::Air::LowerToAir::fillStackmap):
407         (JSC::B3::Air::LowerToAir::appendX86Div):
408         (JSC::B3::Air::LowerToAir::appendX86UDiv):
409         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
410         (JSC::B3::Air::LowerToAir::storeCondOpcode):
411         (JSC::B3::Air::LowerToAir::appendCAS):
412         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
413         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
414         (JSC::B3::Air::LowerToAir::lower):
415         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
416         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
417         * b3/B3LowerToAir.h:
418         * b3/B3MemoryValue.cpp:
419         (JSC::B3::MemoryValue::isLegalOffset):
420         (JSC::B3::MemoryValue::accessType):
421         (JSC::B3::MemoryValue::accessBank):
422         (JSC::B3::MemoryValue::accessByteSize):
423         (JSC::B3::MemoryValue::dumpMeta):
424         (JSC::B3::MemoryValue::MemoryValue):
425         (JSC::B3::MemoryValue::accessWidth): Deleted.
426         * b3/B3MemoryValue.h:
427         * b3/B3MemoryValueInlines.h: Added.
428         (JSC::B3::MemoryValue::isLegalOffset):
429         (JSC::B3::MemoryValue::requiresSimpleAddr):
430         (JSC::B3::MemoryValue::accessWidth):
431         * b3/B3MoveConstants.cpp:
432         * b3/B3NativeTraits.h: Added.
433         * b3/B3Opcode.cpp:
434         (JSC::B3::storeOpcode):
435         (WTF::printInternal):
436         * b3/B3Opcode.h:
437         (JSC::B3::isLoad):
438         (JSC::B3::isStore):
439         (JSC::B3::isLoadStore):
440         (JSC::B3::isAtomic):
441         (JSC::B3::isAtomicCAS):
442         (JSC::B3::isAtomicXchg):
443         (JSC::B3::isMemoryAccess):
444         (JSC::B3::signExtendOpcode):
445         * b3/B3Procedure.cpp:
446         (JSC::B3::Procedure::dump):
447         * b3/B3Procedure.h:
448         (JSC::B3::Procedure::hasQuirks):
449         (JSC::B3::Procedure::setHasQuirks):
450         * b3/B3PureCSE.cpp:
451         (JSC::B3::pureCSE):
452         * b3/B3PureCSE.h:
453         * b3/B3ReduceStrength.cpp:
454         * b3/B3Validate.cpp:
455         * b3/B3Value.cpp:
456         (JSC::B3::Value::returnsBool):
457         (JSC::B3::Value::effects):
458         (JSC::B3::Value::key):
459         (JSC::B3::Value::performSubstitution):
460         (JSC::B3::Value::typeFor):
461         * b3/B3Value.h:
462         * b3/B3Width.cpp:
463         (JSC::B3::bestType):
464         * b3/B3Width.h:
465         (JSC::B3::canonicalWidth):
466         (JSC::B3::isCanonicalWidth):
467         (JSC::B3::mask):
468         * b3/air/AirArg.cpp:
469         (JSC::B3::Air::Arg::jsHash):
470         (JSC::B3::Air::Arg::dump):
471         (WTF::printInternal):
472         * b3/air/AirArg.h:
473         (JSC::B3::Air::Arg::isAnyUse):
474         (JSC::B3::Air::Arg::isColdUse):
475         (JSC::B3::Air::Arg::cooled):
476         (JSC::B3::Air::Arg::isEarlyUse):
477         (JSC::B3::Air::Arg::isLateUse):
478         (JSC::B3::Air::Arg::isAnyDef):
479         (JSC::B3::Air::Arg::isEarlyDef):
480         (JSC::B3::Air::Arg::isLateDef):
481         (JSC::B3::Air::Arg::isZDef):
482         (JSC::B3::Air::Arg::simpleAddr):
483         (JSC::B3::Air::Arg::statusCond):
484         (JSC::B3::Air::Arg::isSimpleAddr):
485         (JSC::B3::Air::Arg::isMemory):
486         (JSC::B3::Air::Arg::isStatusCond):
487         (JSC::B3::Air::Arg::isCondition):
488         (JSC::B3::Air::Arg::ptr):
489         (JSC::B3::Air::Arg::base):
490         (JSC::B3::Air::Arg::isGP):
491         (JSC::B3::Air::Arg::isFP):
492         (JSC::B3::Air::Arg::isValidForm):
493         (JSC::B3::Air::Arg::forEachTmpFast):
494         (JSC::B3::Air::Arg::forEachTmp):
495         (JSC::B3::Air::Arg::asAddress):
496         (JSC::B3::Air::Arg::asStatusCondition):
497         (JSC::B3::Air::Arg::isInvertible):
498         (JSC::B3::Air::Arg::inverted):
499         * b3/air/AirBasicBlock.cpp:
500         (JSC::B3::Air::BasicBlock::setSuccessors):
501         * b3/air/AirBasicBlock.h:
502         * b3/air/AirBlockInsertionSet.cpp: Added.
503         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
504         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
505         * b3/air/AirBlockInsertionSet.h: Added.
506         * b3/air/AirDumpAsJS.cpp: Removed.
507         * b3/air/AirDumpAsJS.h: Removed.
508         * b3/air/AirEliminateDeadCode.cpp:
509         (JSC::B3::Air::eliminateDeadCode):
510         * b3/air/AirGenerate.cpp:
511         (JSC::B3::Air::prepareForGeneration):
512         * b3/air/AirInstInlines.h:
513         (JSC::B3::Air::isAtomicStrongCASValid):
514         (JSC::B3::Air::isBranchAtomicStrongCASValid):
515         (JSC::B3::Air::isAtomicStrongCAS8Valid):
516         (JSC::B3::Air::isAtomicStrongCAS16Valid):
517         (JSC::B3::Air::isAtomicStrongCAS32Valid):
518         (JSC::B3::Air::isAtomicStrongCAS64Valid):
519         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
520         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
521         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
522         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
523         * b3/air/AirOpcode.opcodes:
524         * b3/air/AirOptimizeBlockOrder.cpp:
525         (JSC::B3::Air::optimizeBlockOrder):
526         * b3/air/AirPadInterference.cpp:
527         (JSC::B3::Air::padInterference):
528         * b3/air/AirSpillEverything.cpp:
529         (JSC::B3::Air::spillEverything):
530         * b3/air/opcode_generator.rb:
531         * b3/testb3.cpp:
532         (JSC::B3::testLoadAcq42):
533         (JSC::B3::testStoreRelAddLoadAcq32):
534         (JSC::B3::testStoreRelAddLoadAcq8):
535         (JSC::B3::testStoreRelAddFenceLoadAcq8):
536         (JSC::B3::testStoreRelAddLoadAcq16):
537         (JSC::B3::testStoreRelAddLoadAcq64):
538         (JSC::B3::testTrappingStoreElimination):
539         (JSC::B3::testX86LeaAddAdd):
540         (JSC::B3::testX86LeaAddShlLeftScale1):
541         (JSC::B3::testAtomicWeakCAS):
542         (JSC::B3::testAtomicStrongCAS):
543         (JSC::B3::testAtomicXchg):
544         (JSC::B3::testDepend32):
545         (JSC::B3::testDepend64):
546         (JSC::B3::run):
547         * runtime/Options.h:
548
549 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
550
551         Unreviewed typo fixes after r213652.
552         https://bugs.webkit.org/show_bug.cgi?id=168920
553
554         * assembler/MacroAssemblerARM.h:
555         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
556         * assembler/MacroAssemblerMIPS.h:
557         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
558
559 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
560
561         Unreviewed ARM buildfix after r213652.
562         https://bugs.webkit.org/show_bug.cgi?id=168920
563
564         r213652 used replaceWithBrk and replaceWithBkpt names for the same
565         function, which was inconsistent and caused build error in ARMAssembler.
566
567         * assembler/ARM64Assembler.h:
568         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
569         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
570         * assembler/ARMAssembler.h:
571         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
572         (JSC::ARMAssembler::replaceWithBrk): Deleted.
573         * assembler/MacroAssemblerARM64.h:
574         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
575
576 2017-03-10  Alex Christensen  <achristensen@webkit.org>
577
578         Win64 build fix.
579
580         * b3/B3FenceValue.h:
581         * b3/B3Value.h:
582         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
583         doesn't accomplish anything except making Visual Studio mad.
584         * b3/air/opcode_generator.rb:
585         winnt.h has naming collisions with enum values from AirOpcode.h.
586         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
587         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
588         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
589         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
590
591 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
592
593         Unreviewed, rolling out r213695.
594
595         This change broke the Windows build.
596
597         Reverted changeset:
598
599         "Implement a StackTrace utility object that can capture stack
600         traces for debugging."
601         https://bugs.webkit.org/show_bug.cgi?id=169454
602         http://trac.webkit.org/changeset/213695
603
604 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
605
606         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
607         https://bugs.webkit.org/show_bug.cgi?id=167962
608
609         Reviewed by Keith Miller.
610
611         Object Rest/Spread Destructing proposal is in stage 3[1] and this
612         Patch is a prototype implementation of it. A simple change over the
613         parser was necessary to support the new '...' token on Object Pattern
614         destruction rule. In the bytecode generator side, We changed the
615         bytecode generated on ObjectPatternNode::bindValue to store in an
616         array identifiers of already destructed properties, following spec draft
617         section[2], and then pass it as excludedNames to CopyDataProperties.
618         The rest destruction the calls copyDataProperties to perform the
619         copy of rest properties in rhs.
620
621         We also implemented CopyDataProperties as private JS global operation
622         on builtins/GlobalOperations.js following it's specification on [3].
623         It is implemented using Set object to verify if a property is on
624         excludedNames to keep this algorithm with O(n + m) complexity, where n
625         = number of source's own properties and m = excludedNames.length. 
626
627         As a requirement to use JSSets as constants, a change in
628         CodeBlock::create API was necessary, because JSSet creation can throws OOM
629         exception. Now, CodeBlock::finishCreation returns ```false``` if an
630         execption is throwed by
631         CodeBlock::setConstantIdentifierSetRegisters and then we return
632         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
633         check if CodeBlock was constructed properly and then, throw OOM
634         exception to the correct scope.
635
636         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
637         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
638         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
639
640         * builtins/BuiltinNames.h:
641         * builtins/GlobalOperations.js:
642         (globalPrivate.copyDataProperties):
643         * bytecode/CodeBlock.cpp:
644         (JSC::CodeBlock::finishCreation):
645         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
646         * bytecode/CodeBlock.h:
647         * bytecode/EvalCodeBlock.h:
648         (JSC::EvalCodeBlock::create):
649         * bytecode/FunctionCodeBlock.h:
650         (JSC::FunctionCodeBlock::create):
651         * bytecode/ModuleProgramCodeBlock.h:
652         (JSC::ModuleProgramCodeBlock::create):
653         * bytecode/ProgramCodeBlock.h:
654         (JSC::ProgramCodeBlock::create):
655         * bytecode/UnlinkedCodeBlock.h:
656         (JSC::UnlinkedCodeBlock::addSetConstant):
657         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
658         * bytecompiler/BytecodeGenerator.cpp:
659         (JSC::BytecodeGenerator::emitLoad):
660         * bytecompiler/BytecodeGenerator.h:
661         * bytecompiler/NodesCodegen.cpp:
662         (JSC::ObjectPatternNode::bindValue):
663         * parser/ASTBuilder.h:
664         (JSC::ASTBuilder::appendObjectPatternEntry):
665         (JSC::ASTBuilder::appendObjectPatternRestEntry):
666         (JSC::ASTBuilder::setContainsObjectRestElement):
667         * parser/Nodes.h:
668         (JSC::ObjectPatternNode::appendEntry):
669         (JSC::ObjectPatternNode::setContainsRestElement):
670         * parser/Parser.cpp:
671         (JSC::Parser<LexerType>::parseDestructuringPattern):
672         (JSC::Parser<LexerType>::parseProperty):
673         * parser/SyntaxChecker.h:
674         (JSC::SyntaxChecker::operatorStackPop):
675         * runtime/JSGlobalObject.cpp:
676         (JSC::JSGlobalObject::init):
677         * runtime/JSGlobalObjectFunctions.cpp:
678         (JSC::privateToObject):
679         * runtime/JSGlobalObjectFunctions.h:
680         * runtime/ScriptExecutable.cpp:
681         (JSC::ScriptExecutable::newCodeBlockFor):
682
683 2017-03-09  Mark Lam  <mark.lam@apple.com>
684
685         Implement a StackTrace utility object that can capture stack traces for debugging.
686         https://bugs.webkit.org/show_bug.cgi?id=169454
687
688         Reviewed by Michael Saboff.
689
690         The underlying implementation is hoisted right out of Assertions.cpp from the
691         implementations of WTFPrintBacktrace().
692
693         The reason we need this StackTrace object is because during heap debugging, we
694         sometimes want to capture the stack trace that allocated the objects of interest.
695         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
696         perturb the execution profile sufficiently that an issue may not reproduce,
697         while alternatively, just capturing the stack trace and deferring printing it
698         till we actually need it later perturbs the execution profile less.
699
700         In addition, just capturing the stack traces (instead of printing them
701         immediately at each capture site) allows us to avoid polluting stdout with tons
702         of stack traces that may be irrelevant.
703
704         For now, we only capture the native stack trace.  We'll leave capturing and
705         integrating the JS stack trace as an exercise for the future if we need it then.
706
707         Here's an example of how to use this StackTrace utility:
708
709             // Capture a stack trace of the top 10 frames.
710             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
711             // Print the trace.
712             dataLog(*trace);
713
714         * CMakeLists.txt:
715         * JavaScriptCore.xcodeproj/project.pbxproj:
716         * tools/StackTrace.cpp: Added.
717         (JSC::StackTrace::instanceSize):
718         (JSC::StackTrace::captureStackTrace):
719         (JSC::StackTrace::dump):
720         * tools/StackTrace.h: Added.
721         (JSC::StackTrace::StackTrace):
722         (JSC::StackTrace::size):
723
724 2017-03-09  Keith Miller  <keith_miller@apple.com>
725
726         WebAssembly: Enable fast memory for WK2
727         https://bugs.webkit.org/show_bug.cgi?id=169437
728
729         Reviewed by Tim Horton.
730
731         * JavaScriptCore.xcodeproj/project.pbxproj:
732
733 2017-03-09  Matt Baker  <mattbaker@apple.com>
734
735         Web Inspector: Add XHR breakpoints UI
736         https://bugs.webkit.org/show_bug.cgi?id=168763
737         <rdar://problem/30952439>
738
739         Reviewed by Joseph Pecoraro.
740
741         * inspector/protocol/DOMDebugger.json:
742         Added clarifying comments to command descriptions.
743
744 2017-03-09  Michael Saboff  <msaboff@apple.com>
745
746         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
747         https://bugs.webkit.org/show_bug.cgi?id=169387
748
749         Reviewed by Filip Pizlo.
750
751         Added a helper function, processConfigFile(), to process configuration file.
752         Changed jsc.cpp to use that function in lieu of processing the config file
753         manually.
754
755         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
756         * jsc.cpp:
757         (jscmain):
758         * runtime/ConfigFile.cpp:
759         (JSC::processConfigFile):
760         * runtime/ConfigFile.h:
761
762 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
763
764         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
765         https://bugs.webkit.org/show_bug.cgi?id=29687
766         <rdar://problem/19281586>
767
768         Reviewed by Matt Baker and Brian Burg.
769
770         * inspector/protocol/Network.json:
771         Add metrics object with optional properties to loadingFinished event.
772
773 2017-03-09  Youenn Fablet  <youenn@apple.com>
774
775         Minimal build is broken
776         https://bugs.webkit.org/show_bug.cgi?id=169416
777
778         Reviewed by Chris Dumez.
779
780         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
781         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
782
783         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
784         (generate_members):
785         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
786         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
787         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
788
789 2017-03-09  Daniel Bates  <dabates@apple.com>
790
791         Guard Credential Management implementation behind a runtime enabled feature flag
792         https://bugs.webkit.org/show_bug.cgi?id=169364
793         <rdar://problem/30957425>
794
795         Reviewed by Brent Fulgham.
796
797         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
798         needed to guard these interfaces behind a runtime enabled feature flag.
799
800         * runtime/CommonIdentifiers.h:
801
802 2017-03-09  Mark Lam  <mark.lam@apple.com>
803
804         Refactoring some HeapVerifier code.
805         https://bugs.webkit.org/show_bug.cgi?id=169443
806
807         Reviewed by Filip Pizlo.
808
809         Renamed LiveObjectData to CellProfile.
810         Renamed LiveObjectList to CellList.
811         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
812         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
813
814         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
815
816         * CMakeLists.txt:
817         * JavaScriptCore.xcodeproj/project.pbxproj:
818         * heap/Heap.cpp:
819         (JSC::Heap::runBeginPhase):
820         (JSC::Heap::runEndPhase):
821         * heap/HeapVerifier.cpp: Removed.
822         * heap/HeapVerifier.h: Removed.
823         * heap/LiveObjectData.h: Removed.
824         * heap/LiveObjectList.cpp: Removed.
825         * heap/LiveObjectList.h: Removed.
826         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
827         (JSC::CellList::findCell):
828         (JSC::LiveObjectList::findObject): Deleted.
829         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
830         (JSC::CellList::CellList):
831         (JSC::CellList::reset):
832         (JSC::LiveObjectList::LiveObjectList): Deleted.
833         (JSC::LiveObjectList::reset): Deleted.
834         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
835         (JSC::CellProfile::CellProfile):
836         (JSC::LiveObjectData::LiveObjectData): Deleted.
837         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
838         (JSC::GatherCellFunctor::GatherCellFunctor):
839         (JSC::GatherCellFunctor::visit):
840         (JSC::GatherCellFunctor::operator()):
841         (JSC::HeapVerifier::gatherLiveCells):
842         (JSC::HeapVerifier::cellListForGathering):
843         (JSC::trimDeadCellsFromList):
844         (JSC::HeapVerifier::trimDeadCells):
845         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
846         (JSC::HeapVerifier::reportCell):
847         (JSC::HeapVerifier::checkIfRecorded):
848         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
849         (JSC::GatherLiveObjFunctor::visit): Deleted.
850         (JSC::GatherLiveObjFunctor::operator()): Deleted.
851         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
852         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
853         (JSC::trimDeadObjectsFromList): Deleted.
854         (JSC::HeapVerifier::trimDeadObjects): Deleted.
855         (JSC::HeapVerifier::reportObject): Deleted.
856         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
857
858 2017-03-09  Anders Carlsson  <andersca@apple.com>
859
860         Add delegate support to WebCore
861         https://bugs.webkit.org/show_bug.cgi?id=169427
862         Part of rdar://problem/28880714.
863
864         Reviewed by Geoffrey Garen.
865
866         * Configurations/FeatureDefines.xcconfig:
867         Add feature define.
868
869 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
870
871         Web Inspector: Show individual messages in the content pane for a WebSocket
872         https://bugs.webkit.org/show_bug.cgi?id=169011
873
874         Reviewed by Joseph Pecoraro.
875
876         Add walltime parameter and correct the description of Timestamp type.
877
878         * inspector/protocol/Network.json:
879
880 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
881
882         Unreviewed, fix weak external symbol error.
883
884         * heap/SlotVisitor.h:
885
886 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
887
888         std::isnan/isinf should work with WTF time classes
889         https://bugs.webkit.org/show_bug.cgi?id=164991
890
891         Reviewed by Darin Adler.
892         
893         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
894
895         * runtime/AtomicsObject.cpp:
896         (JSC::atomicsFuncWait):
897
898 2017-03-09  Mark Lam  <mark.lam@apple.com>
899
900         Use const AbstractLocker& (instead of const LockHolder&) in more places.
901         https://bugs.webkit.org/show_bug.cgi?id=169424
902
903         Reviewed by Filip Pizlo.
904
905         * heap/CodeBlockSet.cpp:
906         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
907         * heap/CodeBlockSet.h:
908         * heap/CodeBlockSetInlines.h:
909         (JSC::CodeBlockSet::mark):
910         * heap/ConservativeRoots.cpp:
911         (JSC::CompositeMarkHook::CompositeMarkHook):
912         * heap/MachineStackMarker.cpp:
913         (JSC::MachineThreads::tryCopyOtherThreadStacks):
914         * heap/MachineStackMarker.h:
915         * profiler/ProfilerDatabase.cpp:
916         (JSC::Profiler::Database::ensureBytecodesFor):
917         * profiler/ProfilerDatabase.h:
918         * runtime/SamplingProfiler.cpp:
919         (JSC::FrameWalker::FrameWalker):
920         (JSC::CFrameWalker::CFrameWalker):
921         (JSC::SamplingProfiler::createThreadIfNecessary):
922         (JSC::SamplingProfiler::takeSample):
923         (JSC::SamplingProfiler::start):
924         (JSC::SamplingProfiler::pause):
925         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
926         (JSC::SamplingProfiler::clearData):
927         (JSC::SamplingProfiler::releaseStackTraces):
928         * runtime/SamplingProfiler.h:
929         (JSC::SamplingProfiler::setStopWatch):
930         * wasm/WasmMemory.cpp:
931         (JSC::Wasm::availableFastMemories):
932         (JSC::Wasm::activeFastMemories):
933         (JSC::Wasm::viewActiveFastMemories):
934         * wasm/WasmMemory.h:
935
936 2017-03-09  Saam Barati  <sbarati@apple.com>
937
938         WebAssembly: Make the Unity AngryBots demo run
939         https://bugs.webkit.org/show_bug.cgi?id=169268
940
941         Reviewed by Keith Miller.
942
943         This patch fixes three bugs:
944         1. The WasmBinding code for making a JS call was off
945         by 1 in its stack layout code.
946         2. The WasmBinding code had a "<" comparison instead
947         of a ">=" comparison. This would cause us to calculate
948         the wrong frame pointer offset.
949         3. The code to reload wasm state inside B3IRGenerator didn't
950         properly represent its effects.
951
952         * wasm/WasmB3IRGenerator.cpp:
953         (JSC::Wasm::restoreWebAssemblyGlobalState):
954         (JSC::Wasm::parseAndCompile):
955         * wasm/WasmBinding.cpp:
956         (JSC::Wasm::wasmToJs):
957         * wasm/js/WebAssemblyInstanceConstructor.cpp:
958         (JSC::WebAssemblyInstanceConstructor::createInstance):
959
960 2017-03-09  Mark Lam  <mark.lam@apple.com>
961
962         Make the VM Traps mechanism non-polling for the DFG and FTL.
963         https://bugs.webkit.org/show_bug.cgi?id=168920
964         <rdar://problem/30738588>
965
966         Reviewed by Filip Pizlo.
967
968         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
969            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
970         2. Added assembler functions for overwriting an instruction with a breakpoint.
971         3. Added a new JettisonDueToVMTraps jettison reason.
972         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
973            invalidation points with breakpoint instructions.
974         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
975         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
976            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
977            Options::usePollingTraps() to always be true.  This makes the VMTraps
978            implementation fall back to using polling based traps only.
979
980         7. Make VMTraps support signal based traps.
981
982         Some design and implementation details of signal based VM traps:
983
984         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
985
986         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
987           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
988           we want to trap, and check for the occurence of one of the following events:
989
990           a. VMTraps::handleTraps() has been called for the requested trap, or
991
992           b. the VM is inactive and is no longer executing any JS code.  We determine
993              this to be the case if the thread no longer owns the JSLock and the VM's
994              entryScope is null.
995
996              Note: the thread can relinquish the JSLock while the VM's entryScope is not
997              null.  This happens when the thread calls JSLock::dropAllLocks() before
998              calling a host function that may block on IO (or whatever).  For our purpose,
999              this counts as the VM still running JS code, and VM::fireTrap() will still
1000              be waiting.
1001
1002           If the SignalSender does not see either of these events, it will sleep for a
1003           while and then re-send SIGUSR1 and check for the events again.  When it sees
1004           one of these events, it will consider the mutator to have received the trap
1005           request.
1006
1007         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1008           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1009           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1010           safe to jettison the codeBlock.
1011
1012           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1013           insert the breakpoint instructions itself.  This is because we need the
1014           register state of the the mutator thread (that we want to trap in) in order to
1015           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1016           we don't have a generic way for the requester thread to get the register state
1017           of another thread.
1018
1019         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1020           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1021           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1022           baseline JIT code will eventually reach an op_check_traps and call
1023           VMTraps::handleTraps().
1024
1025           If the handler is not trapping at an invalidation point, then it must be
1026           observing an assertion failure (which also uses the breakpoint instruction).
1027           In this case, the handler will defer to the default SIGTRAP handler and crash.
1028
1029         - The reason we need the SignalSender is because SignalSender::send() is called
1030           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1031           send() needs to make use of the VM pointer, and it is not guaranteed that the
1032           VM will outlive the thread.  SignalSender provides the mechanism by which we
1033           can nullify the VM pointer when the VM dies so that the thread does not
1034           continue to use it.
1035
1036         * assembler/ARM64Assembler.h:
1037         (JSC::ARM64Assembler::replaceWithBrk):
1038         * assembler/ARMAssembler.h:
1039         (JSC::ARMAssembler::replaceWithBrk):
1040         * assembler/ARMv7Assembler.h:
1041         (JSC::ARMv7Assembler::replaceWithBkpt):
1042         * assembler/MIPSAssembler.h:
1043         (JSC::MIPSAssembler::replaceWithBkpt):
1044         * assembler/MacroAssemblerARM.h:
1045         (JSC::MacroAssemblerARM::replaceWithJump):
1046         * assembler/MacroAssemblerARM64.h:
1047         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1048         * assembler/MacroAssemblerARMv7.h:
1049         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1050         * assembler/MacroAssemblerMIPS.h:
1051         (JSC::MacroAssemblerMIPS::replaceWithJump):
1052         * assembler/MacroAssemblerX86Common.h:
1053         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1054         * assembler/X86Assembler.h:
1055         (JSC::X86Assembler::replaceWithInt3):
1056         * bytecode/CodeBlock.cpp:
1057         (JSC::CodeBlock::jettison):
1058         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1059         (JSC::CodeBlock::installVMTrapBreakpoints):
1060         * bytecode/CodeBlock.h:
1061         * bytecompiler/BytecodeGenerator.cpp:
1062         (JSC::BytecodeGenerator::emitCheckTraps):
1063         * dfg/DFGCommonData.cpp:
1064         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1065         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1066         * dfg/DFGCommonData.h:
1067         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1068         * dfg/DFGJumpReplacement.cpp:
1069         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1070         * dfg/DFGJumpReplacement.h:
1071         (JSC::DFG::JumpReplacement::dataLocation):
1072         * dfg/DFGNodeType.h:
1073         * heap/CodeBlockSet.cpp:
1074         (JSC::CodeBlockSet::contains):
1075         * heap/CodeBlockSet.h:
1076         * heap/CodeBlockSetInlines.h:
1077         (JSC::CodeBlockSet::iterate):
1078         * heap/Heap.cpp:
1079         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1080         * heap/Heap.h:
1081         * heap/HeapInlines.h:
1082         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1083         * heap/MachineStackMarker.h:
1084         (JSC::MachineThreads::threadsListHead):
1085         * jit/ExecutableAllocator.cpp:
1086         (JSC::ExecutableAllocator::isValidExecutableMemory):
1087         * jit/ExecutableAllocator.h:
1088         * profiler/ProfilerJettisonReason.cpp:
1089         (WTF::printInternal):
1090         * profiler/ProfilerJettisonReason.h:
1091         * runtime/JSLock.cpp:
1092         (JSC::JSLock::didAcquireLock):
1093         * runtime/Options.cpp:
1094         (JSC::overrideDefaults):
1095         * runtime/Options.h:
1096         * runtime/PlatformThread.h:
1097         (JSC::platformThreadSignal):
1098         * runtime/VM.cpp:
1099         (JSC::VM::~VM):
1100         (JSC::VM::ensureWatchdog):
1101         (JSC::VM::handleTraps): Deleted.
1102         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1103         * runtime/VM.h:
1104         (JSC::VM::ownerThread):
1105         (JSC::VM::traps):
1106         (JSC::VM::handleTraps):
1107         (JSC::VM::needTrapHandling):
1108         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1109         * runtime/VMTraps.cpp:
1110         (JSC::VMTraps::vm):
1111         (JSC::SignalContext::SignalContext):
1112         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1113         (JSC::vmIsInactive):
1114         (JSC::findActiveVMAndStackBounds):
1115         (JSC::handleSigusr1):
1116         (JSC::handleSigtrap):
1117         (JSC::installSignalHandlers):
1118         (JSC::sanitizedTopCallFrame):
1119         (JSC::isSaneFrame):
1120         (JSC::VMTraps::tryInstallTrapBreakpoints):
1121         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1122         (JSC::VMTraps::VMTraps):
1123         (JSC::VMTraps::willDestroyVM):
1124         (JSC::VMTraps::addSignalSender):
1125         (JSC::VMTraps::removeSignalSender):
1126         (JSC::VMTraps::SignalSender::willDestroyVM):
1127         (JSC::VMTraps::SignalSender::send):
1128         (JSC::VMTraps::fireTrap):
1129         (JSC::VMTraps::handleTraps):
1130         * runtime/VMTraps.h:
1131         (JSC::VMTraps::~VMTraps):
1132         (JSC::VMTraps::needTrapHandling):
1133         (JSC::VMTraps::notifyGrabAllLocks):
1134         (JSC::VMTraps::SignalSender::SignalSender):
1135         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1136         * tools/VMInspector.cpp:
1137         * tools/VMInspector.h:
1138         (JSC::VMInspector::getLock):
1139         (JSC::VMInspector::iterate):
1140
1141 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1142
1143         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1144         https://bugs.webkit.org/show_bug.cgi?id=169215
1145
1146         Reviewed by Mark Lam.
1147         
1148         This doesn't have a test because it would be a very complicated test.
1149
1150         * runtime/JSObject.h:
1151         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1152
1153 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1154
1155         WTF should make it super easy to do ARM concurrency tricks
1156         https://bugs.webkit.org/show_bug.cgi?id=169300
1157
1158         Reviewed by Mark Lam.
1159         
1160         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1161         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1162         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1163         machine code, I found other opportunities for improvement, like inlining the "am I
1164         marked" part of the marking functions.
1165
1166         * heap/Heap.cpp:
1167         (JSC::Heap::setGCDidJIT):
1168         * heap/HeapInlines.h:
1169         (JSC::Heap::testAndSetMarked):
1170         * heap/LargeAllocation.h:
1171         (JSC::LargeAllocation::isMarked):
1172         (JSC::LargeAllocation::isMarkedConcurrently):
1173         (JSC::LargeAllocation::aboutToMark):
1174         (JSC::LargeAllocation::testAndSetMarked):
1175         * heap/MarkedBlock.h:
1176         (JSC::MarkedBlock::areMarksStaleWithDependency):
1177         (JSC::MarkedBlock::aboutToMark):
1178         (JSC::MarkedBlock::isMarkedConcurrently):
1179         (JSC::MarkedBlock::isMarked):
1180         (JSC::MarkedBlock::testAndSetMarked):
1181         * heap/SlotVisitor.cpp:
1182         (JSC::SlotVisitor::appendSlow):
1183         (JSC::SlotVisitor::appendHiddenSlow):
1184         (JSC::SlotVisitor::appendHiddenSlowImpl):
1185         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1186         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1187         (JSC::SlotVisitor::appendHidden): Deleted.
1188         * heap/SlotVisitor.h:
1189         * heap/SlotVisitorInlines.h:
1190         (JSC::SlotVisitor::appendUnbarriered):
1191         (JSC::SlotVisitor::appendHidden):
1192         (JSC::SlotVisitor::append):
1193         (JSC::SlotVisitor::appendValues):
1194         (JSC::SlotVisitor::appendValuesHidden):
1195         * runtime/CustomGetterSetter.cpp:
1196         * runtime/JSObject.cpp:
1197         (JSC::JSObject::visitButterflyImpl):
1198         * runtime/JSObject.h:
1199
1200 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1201
1202         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1203         https://bugs.webkit.org/show_bug.cgi?id=160124
1204
1205         Reviewed by Mark Lam.
1206
1207         When performing CallVarargs, we will copy values to the stack.
1208         Before actually copying values, we need to adjust the stackPointerRegister
1209         to ensure copied values are in the allocated stack area.
1210         If we do not that, OS can break the values that is stored beyond the stack
1211         pointer. For example, signal stack can be constructed on these area, and
1212         breaks values.
1213
1214         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1215         in Linux port. Since Linux ports use signal to suspend and resume threads,
1216         signal handler is frequently called when enabling sampling profiler. Thus this
1217         crash occurs.
1218
1219         * dfg/DFGSpeculativeJIT32_64.cpp:
1220         (JSC::DFG::SpeculativeJIT::emitCall):
1221         * dfg/DFGSpeculativeJIT64.cpp:
1222         (JSC::DFG::SpeculativeJIT::emitCall):
1223         * ftl/FTLLowerDFGToB3.cpp:
1224         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1225         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1226         * jit/SetupVarargsFrame.cpp:
1227         (JSC::emitSetupVarargsFrameFastCase):
1228         * jit/SetupVarargsFrame.h:
1229
1230 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
1231
1232         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
1233         https://bugs.webkit.org/show_bug.cgi?id=164892
1234         <rdar://problem/29320562>
1235
1236         Reviewed by Brian Burg.
1237
1238         * inspector/protocol/Network.json:
1239         Replace "fromDiskCache" property with "source" property which includes
1240         more complete information about the source of this response (network,
1241         memory cache, disk cache, or unknown).
1242
1243         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1244         (_generate_class_for_object_declaration):
1245         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1246         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1247         * inspector/scripts/codegen/generator.py:
1248         (Generator):
1249         (Generator.open_fields):
1250         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
1251         enum and open accessor string symbol that would have the same name, only generate
1252         a specific list of open accessor strings. This reduces the list of exported
1253         symbols from all properties to just the ones that are needed. This can be
1254         cleaned up later if needed.
1255
1256         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
1257         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
1258         Test for open accessors generation.
1259
1260 2017-03-08  Keith Miller  <keith_miller@apple.com>
1261
1262         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
1263         https://bugs.webkit.org/show_bug.cgi?id=169290
1264
1265         Reviewed by Saam Barati.
1266
1267         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
1268         of some wasm fast memory.
1269
1270         * wasm/WasmFaultSignalHandler.cpp:
1271         (JSC::Wasm::trapHandler):
1272         (JSC::Wasm::enableFastMemory):
1273         * wasm/WasmMemory.cpp:
1274         (JSC::Wasm::activeFastMemories):
1275         (JSC::Wasm::viewActiveFastMemories):
1276         (JSC::Wasm::tryGetFastMemory):
1277         (JSC::Wasm::releaseFastMemory):
1278         * wasm/WasmMemory.h:
1279
1280 2017-03-07  Dean Jackson  <dino@apple.com>
1281
1282         Some platforms won't be able to create a GPUDevice
1283         https://bugs.webkit.org/show_bug.cgi?id=169314
1284         <rdar://problems/30907521>
1285
1286         Reviewed by Jon Lee.
1287
1288         Disable WEB_GPU on the iOS Simulator.
1289
1290         * Configurations/FeatureDefines.xcconfig:
1291
1292 2017-03-06  Saam Barati  <sbarati@apple.com>
1293
1294         WebAssembly: Implement the WebAssembly.instantiate API
1295         https://bugs.webkit.org/show_bug.cgi?id=165982
1296         <rdar://problem/29760110>
1297
1298         Reviewed by Keith Miller.
1299
1300         This patch is a straight forward implementation of the WebAssembly.instantiate
1301         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
1302         
1303         I implemented the API in a synchronous manner. We should make it
1304         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
1305
1306         * wasm/JSWebAssembly.cpp:
1307         (JSC::webAssemblyCompileFunc):
1308         (JSC::webAssemblyInstantiateFunc):
1309         (JSC::JSWebAssembly::finishCreation):
1310         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1311         (JSC::constructJSWebAssemblyInstance):
1312         (JSC::WebAssemblyInstanceConstructor::createInstance):
1313         * wasm/js/WebAssemblyInstanceConstructor.h:
1314         * wasm/js/WebAssemblyModuleConstructor.cpp:
1315         (JSC::constructJSWebAssemblyModule):
1316         (JSC::WebAssemblyModuleConstructor::createModule):
1317         * wasm/js/WebAssemblyModuleConstructor.h:
1318
1319 2017-03-06  Michael Saboff  <msaboff@apple.com>
1320
1321         Take advantage of fast permissions switching of JIT memory for devices that support it
1322         https://bugs.webkit.org/show_bug.cgi?id=169155
1323
1324         Reviewed by Saam Barati.
1325
1326         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
1327         control access to JIT memory.
1328
1329         Had to update the Xcode config files to handle various build variations of
1330         public and internal SDKs.
1331
1332         * Configurations/Base.xcconfig:
1333         * Configurations/FeatureDefines.xcconfig:
1334         * jit/ExecutableAllocator.cpp:
1335         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1336         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1337         * jit/ExecutableAllocator.h:
1338         (JSC::performJITMemcpy):
1339
1340 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
1341
1342         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
1343         https://bugs.webkit.org/show_bug.cgi?id=168502
1344
1345         Reviewed by Filip Pizlo.
1346
1347         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
1348
1349 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
1350
1351         op_get_by_id_with_this should use inline caching
1352         https://bugs.webkit.org/show_bug.cgi?id=162124
1353
1354         Reviewed by Saam Barati.
1355
1356         This patch is enabling inline cache for op_get_by_id_with_this in all
1357         tiers. It means that operations using ```super.member``` are going to
1358         be able to be optimized by PIC. To enable it, we introduced a new
1359         member of StructureStubInfo.patch named thisGPR, created a new class
1360         to manage the IC named JITGetByIdWithThisGenerator and changed
1361         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
1362         to decide the correct this value on inline caches.
1363         With inline cached enabled, ```super.member``` are ~4.5x faster,
1364         according microbenchmarks.
1365
1366         * bytecode/AccessCase.cpp:
1367         (JSC::AccessCase::generateImpl):
1368         * bytecode/PolymorphicAccess.cpp:
1369         (JSC::PolymorphicAccess::regenerate):
1370         * bytecode/PolymorphicAccess.h:
1371         * bytecode/StructureStubInfo.cpp:
1372         (JSC::StructureStubInfo::reset):
1373         * bytecode/StructureStubInfo.h:
1374         * dfg/DFGFixupPhase.cpp:
1375         (JSC::DFG::FixupPhase::fixupNode):
1376         * dfg/DFGJITCompiler.cpp:
1377         (JSC::DFG::JITCompiler::link):
1378         * dfg/DFGJITCompiler.h:
1379         (JSC::DFG::JITCompiler::addGetByIdWithThis):
1380         * dfg/DFGSpeculativeJIT.cpp:
1381         (JSC::DFG::SpeculativeJIT::compileIn):
1382         * dfg/DFGSpeculativeJIT.h:
1383         (JSC::DFG::SpeculativeJIT::callOperation):
1384         * dfg/DFGSpeculativeJIT32_64.cpp:
1385         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1386         (JSC::DFG::SpeculativeJIT::compile):
1387         * dfg/DFGSpeculativeJIT64.cpp:
1388         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1389         (JSC::DFG::SpeculativeJIT::compile):
1390         * ftl/FTLLowerDFGToB3.cpp:
1391         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
1392         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
1393         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
1394         * jit/CCallHelpers.h:
1395         (JSC::CCallHelpers::setupArgumentsWithExecState):
1396         * jit/ICStats.h:
1397         * jit/JIT.cpp:
1398         (JSC::JIT::JIT):
1399         (JSC::JIT::privateCompileSlowCases):
1400         (JSC::JIT::link):
1401         * jit/JIT.h:
1402         * jit/JITInlineCacheGenerator.cpp:
1403         (JSC::JITByIdGenerator::JITByIdGenerator):
1404         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1405         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
1406         * jit/JITInlineCacheGenerator.h:
1407         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1408         * jit/JITInlines.h:
1409         (JSC::JIT::callOperation):
1410         * jit/JITOperations.cpp:
1411         * jit/JITOperations.h:
1412         * jit/JITPropertyAccess.cpp:
1413         (JSC::JIT::emit_op_get_by_id_with_this):
1414         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1415         * jit/JITPropertyAccess32_64.cpp:
1416         (JSC::JIT::emit_op_get_by_id_with_this):
1417         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1418         * jit/Repatch.cpp:
1419         (JSC::appropriateOptimizingGetByIdFunction):
1420         (JSC::appropriateGenericGetByIdFunction):
1421         (JSC::tryCacheGetByID):
1422         * jit/Repatch.h:
1423         * jsc.cpp:
1424         (WTF::CustomGetter::getOwnPropertySlot):
1425         (WTF::CustomGetter::customGetterAcessor):
1426
1427 2017-03-06  Saam Barati  <sbarati@apple.com>
1428
1429         WebAssembly: implement init_expr for Element
1430         https://bugs.webkit.org/show_bug.cgi?id=165888
1431         <rdar://problem/29760199>
1432
1433         Reviewed by Keith Miller.
1434
1435         This patch fixes a few bugs. The main change is allowing init_expr
1436         for the Element's offset. To do this, I had to fix a couple of
1437         other bugs:
1438         
1439         - I removed our invalid early module-parse-time invalidation
1440         of out of bound Element sections. This is not in the spec because
1441         it can't be validated in the general case when the offset is a
1442         get_global.
1443         
1444         - Our get_global validation inside our init_expr parsing code was simply wrong.
1445         It thought that the index operand to get_global went into the pool of imports,
1446         but it does not. It indexes into the pool of globals. I changed the code to
1447         refer to the global pool instead.
1448
1449         * wasm/WasmFormat.h:
1450         (JSC::Wasm::Element::Element):
1451         * wasm/WasmModuleParser.cpp:
1452         * wasm/js/WebAssemblyModuleRecord.cpp:
1453         (JSC::WebAssemblyModuleRecord::evaluate):
1454
1455 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1456
1457         [JSC] Allow indexed module namespace object fields
1458         https://bugs.webkit.org/show_bug.cgi?id=168870
1459
1460         Reviewed by Saam Barati.
1461
1462         While JS modules cannot expose any indexed bindings,
1463         Wasm modules can expose them. However, module namespace
1464         object currently does not support indexed properties.
1465         This patch allows module namespace objects to offer
1466         indexed binding accesses.
1467
1468         * runtime/JSModuleNamespaceObject.cpp:
1469         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
1470         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1471         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
1472         * runtime/JSModuleNamespaceObject.h:
1473
1474 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1475
1476         Null pointer crash when loading module with unresolved import also as a script file
1477         https://bugs.webkit.org/show_bug.cgi?id=168971
1478
1479         Reviewed by Saam Barati.
1480
1481         If linking throws an error, this error should be re-thrown
1482         when requesting the same module.
1483
1484         * builtins/ModuleLoaderPrototype.js:
1485         (globalPrivate.newRegistryEntry):
1486         * runtime/JSModuleRecord.cpp:
1487         (JSC::JSModuleRecord::link):
1488
1489 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1490
1491         [GTK][JSCOnly] Enable WebAssembly on Linux environment
1492         https://bugs.webkit.org/show_bug.cgi?id=164032
1493
1494         Reviewed by Michael Catanzaro.
1495
1496         This patch enables WebAssembly on JSCOnly and GTK ports.
1497         Basically, almost all the WASM code is portable to Linux.
1498         One platform-dependent part is faster memory load using SIGBUS
1499         signal handler. This patch ports this part to Linux.
1500
1501         * CMakeLists.txt:
1502         * llint/LLIntSlowPaths.cpp:
1503         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1504         * wasm/WasmFaultSignalHandler.cpp:
1505         (JSC::Wasm::trapHandler):
1506         (JSC::Wasm::enableFastMemory):
1507
1508 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
1509
1510         Currency digits calculation in Intl.NumberFormat should call out to ICU
1511         https://bugs.webkit.org/show_bug.cgi?id=169182
1512
1513         Reviewed by Yusuke Suzuki.
1514
1515         * runtime/IntlNumberFormat.cpp:
1516         (JSC::computeCurrencyDigits):
1517         (JSC::computeCurrencySortKey): Deleted.
1518         (JSC::extractCurrencySortKey): Deleted.
1519
1520 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
1521
1522         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
1523         https://bugs.webkit.org/show_bug.cgi?id=168869
1524
1525         Reviewed by Keith Miller.
1526
1527         * b3/B3Width.h:
1528         * wasm/WasmSections.h:
1529
1530 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
1531
1532         [ARM] Unreviewed buildfix after r213376.
1533
1534         * assembler/ARMAssembler.h:
1535         (JSC::ARMAssembler::isBkpt): Typo fixed.
1536
1537 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1538
1539         [JSC] build fix after r213399
1540         https://bugs.webkit.org/show_bug.cgi?id=169154
1541
1542         Unreviewed.
1543
1544         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
1545
1546 2017-03-03  Dean Jackson  <dino@apple.com>
1547
1548         Add WebGPU compile flag and experimental feature flag
1549         https://bugs.webkit.org/show_bug.cgi?id=169161
1550         <rdar://problem/30846689>
1551
1552         Reviewed by Tim Horton.
1553
1554         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
1555         and an InternalSetting.
1556
1557         * Configurations/FeatureDefines.xcconfig:
1558
1559 2017-03-03  Michael Saboff  <msaboff@apple.com>
1560
1561         Add support for relative pathnames to JSC config files
1562         https://bugs.webkit.org/show_bug.cgi?id=169154
1563
1564         Reviewed by Saam Barati.
1565
1566         If the config file is a relative path, prepend the current working directory.
1567         After canonicalizing the config file path, we extract its directory path and
1568         use that for the directory for a relative log pathname.
1569
1570         * runtime/ConfigFile.cpp:
1571         (JSC::ConfigFile::ConfigFile):
1572         (JSC::ConfigFile::parse):
1573         (JSC::ConfigFile::canonicalizePaths):
1574         * runtime/ConfigFile.h:
1575
1576 2017-03-03  Michael Saboff  <msaboff@apple.com>
1577
1578         Add load / store exclusive instruction group to ARM64 disassembler
1579         https://bugs.webkit.org/show_bug.cgi?id=169152
1580
1581         Reviewed by Filip Pizlo.
1582
1583         * disassembler/ARM64/A64DOpcode.cpp:
1584         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
1585         * disassembler/ARM64/A64DOpcode.h:
1586         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
1587         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
1588         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
1589         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
1590         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
1591         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
1592         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
1593         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
1594         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
1595
1596 2017-03-03  Keith Miller  <keith_miller@apple.com>
1597
1598         WASM should support faster loads.
1599         https://bugs.webkit.org/show_bug.cgi?id=162693
1600
1601         Reviewed by Saam Barati.
1602
1603         This patch adds support for WebAssembly using a 32-bit address
1604         space for memory (along with some extra space for offset
1605         overflow). With a 32-bit address space (we call them
1606         Signaling/fast memories), we reserve the virtual address space for
1607         2^32 + offset bytes of memory and only mark the usable section as
1608         read/write. If wasm code would read/write out of bounds we use a
1609         custom signal handler to catch the SIGBUS. The signal handler then
1610         checks if the faulting instruction is wasm code and tells the
1611         thread to resume executing from the wasm exception
1612         handler. Otherwise, the signal handler crashes the process, as
1613         usual.
1614
1615         All of the allocations of these memories are managed by the
1616         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
1617         old Signaling memories that are no longer in use. Since getting
1618         the wrong memory can cause recompiles, we try to reserve a memory
1619         for modules that do not import a memory. If a module does import a
1620         memory, we try to guess the type of memory we are going to get
1621         based on the last one allocated.
1622
1623         This patch also changes how the wasm JS-api manages objects. Since
1624         we can compile different versions of code, this patch adds a new
1625         JSWebAssemblyCodeBlock class that holds all the information
1626         specific to running a module in a particular bounds checking
1627         mode. Additionally, the Wasm::Memory object is now a reference
1628         counted class that is shared between the JSWebAssemblyMemory
1629         object and the ArrayBuffer that also views it.
1630
1631         * JavaScriptCore.xcodeproj/project.pbxproj:
1632         * jit/JITThunks.cpp:
1633         (JSC::JITThunks::existingCTIStub):
1634         * jit/JITThunks.h:
1635         * jsc.cpp:
1636         (jscmain):
1637         * runtime/Options.h:
1638         * runtime/VM.cpp:
1639         (JSC::VM::VM):
1640         * runtime/VM.h:
1641         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
1642         (JSC::JSWebAssemblyCodeBlock::create):
1643         (JSC::JSWebAssemblyCodeBlock::createStructure):
1644         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
1645         (JSC::JSWebAssemblyCodeBlock::mode):
1646         (JSC::JSWebAssemblyCodeBlock::module):
1647         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
1648         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
1649         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
1650         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
1651         (JSC::JSWebAssemblyCodeBlock::callees):
1652         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
1653         (JSC::JSWebAssemblyCodeBlock::allocationSize):
1654         * wasm/WasmB3IRGenerator.cpp:
1655         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1656         (JSC::Wasm::getMemoryBaseAndSize):
1657         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1658         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1659         (JSC::Wasm::B3IRGenerator::emitStoreOp):
1660         * wasm/WasmCallingConvention.h:
1661         * wasm/WasmFaultSignalHandler.cpp: Added.
1662         (JSC::Wasm::trapHandler):
1663         (JSC::Wasm::registerCode):
1664         (JSC::Wasm::unregisterCode):
1665         (JSC::Wasm::fastMemoryEnabled):
1666         (JSC::Wasm::enableFastMemory):
1667         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
1668         * wasm/WasmFormat.h:
1669         (JSC::Wasm::ModuleInformation::importFunctionCount):
1670         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
1671         * wasm/WasmMemory.cpp:
1672         (JSC::Wasm::mmapBytes):
1673         (JSC::Wasm::Memory::lastAllocatedMode):
1674         (JSC::Wasm::availableFastMemories):
1675         (JSC::Wasm::tryGetFastMemory):
1676         (JSC::Wasm::releaseFastMemory):
1677         (JSC::Wasm::Memory::Memory):
1678         (JSC::Wasm::Memory::createImpl):
1679         (JSC::Wasm::Memory::create):
1680         (JSC::Wasm::Memory::~Memory):
1681         (JSC::Wasm::Memory::grow):
1682         (JSC::Wasm::Memory::dump):
1683         (JSC::Wasm::Memory::makeString):
1684         * wasm/WasmMemory.h:
1685         (JSC::Wasm::Memory::operator bool):
1686         (JSC::Wasm::Memory::size):
1687         (JSC::Wasm::Memory::check):
1688         (JSC::Wasm::Memory::Memory): Deleted.
1689         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
1690         (JSC::Wasm::Memory::offsetOfSize): Deleted.
1691         * wasm/WasmMemoryInformation.cpp:
1692         (JSC::Wasm::MemoryInformation::MemoryInformation):
1693         * wasm/WasmMemoryInformation.h:
1694         (JSC::Wasm::MemoryInformation::hasReservedMemory):
1695         (JSC::Wasm::MemoryInformation::takeReservedMemory):
1696         (JSC::Wasm::MemoryInformation::mode):
1697         * wasm/WasmModuleParser.cpp:
1698         * wasm/WasmModuleParser.h:
1699         (JSC::Wasm::ModuleParser::ModuleParser):
1700         * wasm/WasmPlan.cpp:
1701         (JSC::Wasm::Plan::parseAndValidateModule):
1702         (JSC::Wasm::Plan::run):
1703         * wasm/WasmPlan.h:
1704         (JSC::Wasm::Plan::mode):
1705         * wasm/js/JSWebAssemblyCallee.cpp:
1706         (JSC::JSWebAssemblyCallee::finishCreation):
1707         (JSC::JSWebAssemblyCallee::destroy):
1708         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
1709         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
1710         (JSC::JSWebAssemblyCodeBlock::destroy):
1711         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1712         (JSC::JSWebAssemblyCodeBlock::visitChildren):
1713         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
1714         * wasm/js/JSWebAssemblyInstance.cpp:
1715         (JSC::JSWebAssemblyInstance::setMemory):
1716         (JSC::JSWebAssemblyInstance::finishCreation):
1717         (JSC::JSWebAssemblyInstance::visitChildren):
1718         * wasm/js/JSWebAssemblyInstance.h:
1719         (JSC::JSWebAssemblyInstance::module):
1720         (JSC::JSWebAssemblyInstance::codeBlock):
1721         (JSC::JSWebAssemblyInstance::memoryMode):
1722         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
1723         * wasm/js/JSWebAssemblyMemory.cpp:
1724         (JSC::JSWebAssemblyMemory::create):
1725         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
1726         (JSC::JSWebAssemblyMemory::buffer):
1727         (JSC::JSWebAssemblyMemory::grow):
1728         (JSC::JSWebAssemblyMemory::destroy):
1729         * wasm/js/JSWebAssemblyMemory.h:
1730         (JSC::JSWebAssemblyMemory::memory):
1731         (JSC::JSWebAssemblyMemory::offsetOfMemory):
1732         (JSC::JSWebAssemblyMemory::offsetOfSize):
1733         * wasm/js/JSWebAssemblyModule.cpp:
1734         (JSC::JSWebAssemblyModule::buildCodeBlock):
1735         (JSC::JSWebAssemblyModule::create):
1736         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1737         (JSC::JSWebAssemblyModule::codeBlock):
1738         (JSC::JSWebAssemblyModule::finishCreation):
1739         (JSC::JSWebAssemblyModule::visitChildren):
1740         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
1741         * wasm/js/JSWebAssemblyModule.h:
1742         (JSC::JSWebAssemblyModule::takeReservedMemory):
1743         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
1744         (JSC::JSWebAssemblyModule::codeBlock):
1745         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
1746         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
1747         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
1748         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
1749         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
1750         (JSC::JSWebAssemblyModule::callees): Deleted.
1751         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
1752         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
1753         * wasm/js/WebAssemblyFunction.cpp:
1754         (JSC::callWebAssemblyFunction):
1755         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1756         (JSC::constructJSWebAssemblyInstance):
1757         * wasm/js/WebAssemblyMemoryConstructor.cpp:
1758         (JSC::constructJSWebAssemblyMemory):
1759         * wasm/js/WebAssemblyModuleConstructor.cpp:
1760         (JSC::WebAssemblyModuleConstructor::createModule):
1761         * wasm/js/WebAssemblyModuleRecord.cpp:
1762         (JSC::WebAssemblyModuleRecord::link):
1763         (JSC::WebAssemblyModuleRecord::evaluate):
1764
1765 2017-03-03  Mark Lam  <mark.lam@apple.com>
1766
1767         Gardening: fix broken ARM64 build.
1768         https://bugs.webkit.org/show_bug.cgi?id=169139
1769
1770         Not reviewed.
1771
1772         * assembler/ARM64Assembler.h:
1773         (JSC::ARM64Assembler::excepnGenerationImmMask):
1774
1775 2017-03-03  Mark Lam  <mark.lam@apple.com>
1776
1777         Add MacroAssembler::isBreakpoint() query function.
1778         https://bugs.webkit.org/show_bug.cgi?id=169139
1779
1780         Reviewed by Michael Saboff.
1781
1782         This will be needed soon when we use breakpoint instructions to implement
1783         non-polling VM traps, and need to discern between a VM trap signal and a genuine
1784         assertion breakpoint.
1785
1786         * assembler/ARM64Assembler.h:
1787         (JSC::ARM64Assembler::isBrk):
1788         (JSC::ARM64Assembler::excepnGenerationImmMask):
1789         * assembler/ARMAssembler.h:
1790         (JSC::ARMAssembler::isBkpt):
1791         * assembler/ARMv7Assembler.h:
1792         (JSC::ARMv7Assembler::isBkpt):
1793         * assembler/MIPSAssembler.h:
1794         (JSC::MIPSAssembler::isBkpt):
1795         * assembler/MacroAssemblerARM.h:
1796         (JSC::MacroAssemblerARM::isBreakpoint):
1797         * assembler/MacroAssemblerARM64.h:
1798         (JSC::MacroAssemblerARM64::isBreakpoint):
1799         * assembler/MacroAssemblerARMv7.h:
1800         (JSC::MacroAssemblerARMv7::isBreakpoint):
1801         * assembler/MacroAssemblerMIPS.h:
1802         (JSC::MacroAssemblerMIPS::isBreakpoint):
1803         * assembler/MacroAssemblerX86Common.h:
1804         (JSC::MacroAssemblerX86Common::isBreakpoint):
1805         * assembler/X86Assembler.h:
1806         (JSC::X86Assembler::isInt3):
1807
1808 2017-03-03  Mark Lam  <mark.lam@apple.com>
1809
1810         We should only check for traps that we're able to handle.
1811         https://bugs.webkit.org/show_bug.cgi?id=169136
1812
1813         Reviewed by Michael Saboff.
1814
1815         The execute methods in interpreter were checking for the existence of any traps
1816         (without masking) and only handling a subset of those via a mask.  This can
1817         result in a failed assertion on debug builds.
1818
1819         This patch fixes this by applying the same mask for both the needTrapHandling()
1820         check and the handleTraps() call.  Also added a few assertions.
1821
1822         * interpreter/Interpreter.cpp:
1823         (JSC::Interpreter::executeProgram):
1824         (JSC::Interpreter::executeCall):
1825         (JSC::Interpreter::executeConstruct):
1826         (JSC::Interpreter::execute):
1827         * jit/JITOperations.cpp:
1828         * llint/LLIntSlowPaths.cpp:
1829         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1830
1831 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
1832
1833         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
1834         https://bugs.webkit.org/show_bug.cgi?id=169074
1835
1836         Reviewed by Joseph Pecoraro.
1837
1838         They are not actually cocoa specific.
1839
1840         * inspector/remote/RemoteInspector.cpp:
1841         (Inspector::RemoteInspector::updateTargetListing):
1842         * inspector/remote/RemoteInspector.h:
1843         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
1844
1845 2017-03-02  Mark Lam  <mark.lam@apple.com>
1846
1847         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
1848         https://bugs.webkit.org/show_bug.cgi?id=169089
1849
1850         Reviewed by Tim Horton and Joseph Pecoraro.
1851
1852         * runtime/VM.cpp:
1853         (JSC::VM::handleTraps):
1854         * runtime/VM.h:
1855         (JSC::VM::notifyNeedDebuggerBreak):
1856
1857 2017-03-02  Michael Saboff  <msaboff@apple.com>
1858
1859         Add JSC identity when code signing to allow debugging on iOS
1860         https://bugs.webkit.org/show_bug.cgi?id=169099
1861
1862         Reviewed by Filip Pizlo.
1863
1864         * Configurations/JSC.xcconfig:
1865         * Configurations/ToolExecutable.xcconfig:
1866
1867 2017-03-02  Keith Miller  <keith_miller@apple.com>
1868
1869         WebAssemblyFunction should have Function.prototype as its prototype
1870         https://bugs.webkit.org/show_bug.cgi?id=169101
1871
1872         Reviewed by Filip Pizlo.
1873
1874         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
1875         objects should have Function.prototype as their prototype.
1876
1877         * runtime/JSGlobalObject.cpp:
1878         (JSC::JSGlobalObject::init):
1879
1880 2017-03-02  Mark Lam  <mark.lam@apple.com>
1881
1882         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
1883         https://bugs.webkit.org/show_bug.cgi?id=169088
1884
1885         Reviewed by Keith Miller.
1886
1887         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
1888         generated.  This is useful for testing purposes until we have signal based
1889         traps, at which point, we will always emit the op_check_traps bytecode and remove
1890         this option.
1891
1892         Options::usePollingTraps() enables the use of polling VM traps all the time.
1893         This will be useful for benchmark comparisons, (between polling and non-polling
1894         traps), as well as for forcing polling traps later for ports that don't support
1895         signal based traps.
1896
1897         Note: signal based traps are not fully implemented yet.  As a result, if the VM
1898         watchdog is in use, we will force Options::usePollingTraps() to be true.
1899
1900         * bytecompiler/BytecodeGenerator.cpp:
1901         (JSC::BytecodeGenerator::emitCheckTraps):
1902         * dfg/DFGClobberize.h:
1903         (JSC::DFG::clobberize):
1904         * dfg/DFGSpeculativeJIT.cpp:
1905         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
1906         * dfg/DFGSpeculativeJIT32_64.cpp:
1907         (JSC::DFG::SpeculativeJIT::compile):
1908         * dfg/DFGSpeculativeJIT64.cpp:
1909         (JSC::DFG::SpeculativeJIT::compile):
1910         * ftl/FTLLowerDFGToB3.cpp:
1911         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1912         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
1913         * runtime/Options.cpp:
1914         (JSC::recomputeDependentOptions):
1915         * runtime/Options.h:
1916
1917 2017-03-02  Keith Miller  <keith_miller@apple.com>
1918
1919         Fix addressing mode for B3WasmAddress
1920         https://bugs.webkit.org/show_bug.cgi?id=169092
1921
1922         Reviewed by Filip Pizlo.
1923
1924         Fix the potential addressing modes for B3WasmAddress. ARM does not
1925         support a base + index*1 + offset addressing mode. I think when I
1926         read it the first time I assumed it would always work on both ARM
1927         and X86. While true for X86 it's not true for ARM.
1928
1929         * b3/B3LowerToAir.cpp:
1930         (JSC::B3::Air::LowerToAir::effectiveAddr):
1931
1932 2017-03-02  Mark Lam  <mark.lam@apple.com>
1933
1934         Add support for selective handling of VM traps.
1935         https://bugs.webkit.org/show_bug.cgi?id=169087
1936
1937         Reviewed by Keith Miller.
1938
1939         This is needed because there are some places in the VM where it's appropriate to
1940         handle some types of VM traps but not others.
1941
1942         We implement this selection by using a VMTraps::Mask that allows the user to
1943         specify which traps should be serviced.
1944
1945         * interpreter/Interpreter.cpp:
1946         (JSC::Interpreter::executeProgram):
1947         (JSC::Interpreter::executeCall):
1948         (JSC::Interpreter::executeConstruct):
1949         (JSC::Interpreter::execute):
1950         * runtime/VM.cpp:
1951         (JSC::VM::handleTraps):
1952         * runtime/VM.h:
1953         * runtime/VMTraps.cpp:
1954         (JSC::VMTraps::takeTrap): Deleted.
1955         * runtime/VMTraps.h:
1956         (JSC::VMTraps::Mask::Mask):
1957         (JSC::VMTraps::Mask::allEventTypes):
1958         (JSC::VMTraps::Mask::bits):
1959         (JSC::VMTraps::Mask::init):
1960         (JSC::VMTraps::needTrapHandling):
1961         (JSC::VMTraps::hasTrapForEvent):
1962
1963 2017-03-02  Alex Christensen  <achristensen@webkit.org>
1964
1965         Continue enabling WebRTC
1966         https://bugs.webkit.org/show_bug.cgi?id=169056
1967
1968         Reviewed by Jon Lee.
1969
1970         * Configurations/FeatureDefines.xcconfig:
1971
1972 2017-03-02  Tomas Popela  <tpopela@redhat.com>
1973
1974         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
1975         https://bugs.webkit.org/show_bug.cgi?id=169034
1976
1977         Reviewed by Mark Lam.
1978
1979         It should not assign to offset, but compare to offset.
1980
1981         * runtime/JSGlobalObject.cpp:
1982         (JSC::JSGlobalObject::addStaticGlobals):
1983
1984 2017-03-01  Alex Christensen  <achristensen@webkit.org>
1985
1986         Unreviewed, rolling out r213259.
1987
1988         Broke an internal build
1989
1990         Reverted changeset:
1991
1992         "Continue enabling WebRTC"
1993         https://bugs.webkit.org/show_bug.cgi?id=169056
1994         http://trac.webkit.org/changeset/213259
1995
1996 2017-03-01  Alex Christensen  <achristensen@webkit.org>
1997
1998         Continue enabling WebRTC
1999         https://bugs.webkit.org/show_bug.cgi?id=169056
2000
2001         Reviewed by Jon Lee.
2002
2003         * Configurations/FeatureDefines.xcconfig:
2004
2005 2017-03-01  Michael Saboff  <msaboff@apple.com>
2006
2007         Source/JavaScriptCore/ChangeLog
2008         https://bugs.webkit.org/show_bug.cgi?id=169055
2009
2010         Reviewed by Mark Lam.
2011
2012         Made local copies of options strings for OptionRange and string typed options.
2013
2014         * runtime/Options.cpp:
2015         (JSC::parse):
2016         (JSC::OptionRange::init):
2017
2018 2017-03-01  Mark Lam  <mark.lam@apple.com>
2019
2020         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2021         https://bugs.webkit.org/show_bug.cgi?id=168996
2022
2023         Reviewed by Filip Pizlo and Saam Barati.
2024
2025         PlatformThread is more useful because it allows us to:
2026         1. find the MachineThreads::Thread which is associated with it.
2027         2. suspend / resume threads.
2028         3. send a signal to a thread.
2029
2030         We can't do those with std::thread::id.  We will need one or more of these
2031         capabilities to implement non-polling VM traps later.
2032
2033         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2034         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2035         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2036         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2037
2038         * JavaScriptCore.xcodeproj/project.pbxproj:
2039         * heap/MachineStackMarker.cpp:
2040         (JSC::MachineThreads::Thread::createForCurrentThread):
2041         (JSC::MachineThreads::machineThreadForCurrentThread):
2042         (JSC::MachineThreads::removeThread):
2043         (JSC::MachineThreads::Thread::suspend):
2044         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2045         (JSC::getCurrentPlatformThread): Deleted.
2046         * heap/MachineStackMarker.h:
2047         * runtime/JSCellInlines.h:
2048         (JSC::JSCell::classInfo):
2049         * runtime/JSLock.cpp:
2050         (JSC::JSLock::JSLock):
2051         (JSC::JSLock::lock):
2052         (JSC::JSLock::unlock):
2053         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2054         * runtime/JSLock.h:
2055         (JSC::JSLock::ownerThread):
2056         (JSC::JSLock::currentThreadIsHoldingLock):
2057         * runtime/PlatformThread.h: Added.
2058         (JSC::currentPlatformThread):
2059         * runtime/VM.cpp:
2060         (JSC::VM::~VM):
2061         * runtime/VM.h:
2062         (JSC::VM::ownerThread):
2063         * runtime/Watchdog.cpp:
2064         (JSC::Watchdog::setTimeLimit):
2065         (JSC::Watchdog::shouldTerminate):
2066         (JSC::Watchdog::startTimer):
2067         (JSC::Watchdog::stopTimer):
2068         * tools/JSDollarVMPrototype.cpp:
2069         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2070         * tools/VMInspector.cpp:
2071
2072 2017-03-01  Saam Barati  <sbarati@apple.com>
2073
2074         Implement a mega-disassembler that'll be used in the FTL
2075         https://bugs.webkit.org/show_bug.cgi?id=168685
2076
2077         Reviewed by Mark Lam.
2078
2079         This patch extends the previous Air disassembler to print the
2080         DFG and B3 nodes belonging to particular Air instructions.
2081         The algorithm I'm using to do this is not perfect. For example,
2082         it won't try to print the entire DFG/B3 graph. It'll just print
2083         the related nodes for particular Air instructions. We can make the
2084         algorithm more sophisticated as we get more experience looking at
2085         these IR dumps and get a better feel for what we want out of them.
2086
2087         This is an example of the output:
2088
2089         ...
2090         ...
2091         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2092            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2093                Patch &Patchpoint2, %r20, %r20, %r0, @54
2094          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2095            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2096                Move 32(%r20), %r5, @57
2097                       0x389cc9ac0:    ldur   x5, [x20, #32]
2098         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2099            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2100                Move32 (%r5), %r1, @58
2101                       0x389cc9ac4:    ldur   w1, [x5]
2102            Int32 @59 = Const32(DFG:@115, 92)
2103            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2104            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2105                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2106                       0x389cc9ac8:    cmp    w1, #92
2107                       0x389cc9acc:    b.ne   0x389cc9dac
2108         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2109            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2110                Move 8(%r5), %r4, @64
2111                       0x389cc9ad0:    ldur   x4, [x5, #8]
2112          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2113            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2114                Move32 -8(%r4), %r2, @67
2115                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2116       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2117            Int32 @68 = Const32(DFG:@192, -1)
2118                Move $0xffffffffffffffff, %r1, $-1(@68)
2119                       0x389cc9ad8:    mov    x1, #-1
2120          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2121            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2122                Add32 %r2, %r1, %r1, @69
2123                       0x389cc9adc:    add    w1, w2, w1
2124          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2125            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2126            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2127                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2128                       0x389cc9ae0:    cmp    x0, x22
2129                       0x389cc9ae4:    b.lo   0x389cc9dc0
2130            Int32 @72 = Trunc(@53, DFG:@86)
2131            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2132                And32 %r1, %r0, %r1, @73
2133                       0x389cc9ae8:    and    w1, w1, w0
2134            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2135            Int32 @72 = Trunc(@53, DFG:@86)
2136            Int64 @11 = SlotBase(stack0)
2137            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2138                Move32 %r0, -64(%fp), @76
2139                       0x389cc9aec:    stur   w0, [fp, #-64]
2140            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2141            Int64 @77 = ZExt32(@73, DFG:@12)
2142            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2143                Add64 %r1, %r22, %r3, @78
2144                       0x389cc9af0:    add    x3, x1, x22
2145            Int64 @11 = SlotBase(stack0)
2146            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2147                Move %r3, -72(%fp), @81
2148                       0x389cc9af4:    stur   x3, [fp, #-72]
2149            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2150            Int32 @82 = Trunc(@24, DFG:@10)
2151            Int64 @11 = SlotBase(stack0)
2152            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2153                Move32 %r21, -80(%fp), @85
2154                       0x389cc9af8:    stur   w21, [fp, #-80]
2155           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2156            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2157            Void @90 = Branch(@89, DFG:@129, Terminal)
2158                Branch32 AboveOrEqual, %r1, %r2, @90
2159                       0x389cc9afc:    cmp    w1, w2
2160                       0x389cc9b00:    b.hs   0x389cc9bec
2161         ...
2162         ...
2163
2164         * b3/air/AirDisassembler.cpp:
2165         (JSC::B3::Air::Disassembler::dump):
2166         * b3/air/AirDisassembler.h:
2167         * ftl/FTLCompile.cpp:
2168         (JSC::FTL::compile):
2169         * ftl/FTLLowerDFGToB3.cpp:
2170         (JSC::FTL::DFG::LowerDFGToB3::lower):
2171         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2172         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2173         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2174         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2175
2176 2017-03-01  Mark Lam  <mark.lam@apple.com>
2177
2178         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2179         https://bugs.webkit.org/show_bug.cgi?id=169042
2180
2181         Not reviewed.
2182
2183         Rolling out r213229 and r213202.
2184
2185         * JavaScriptCore.xcodeproj/project.pbxproj:
2186         * heap/MachineStackMarker.cpp:
2187         (JSC::getCurrentPlatformThread):
2188         (JSC::MachineThreads::Thread::createForCurrentThread):
2189         (JSC::MachineThreads::machineThreadForCurrentThread):
2190         (JSC::MachineThreads::removeThread):
2191         (JSC::MachineThreads::Thread::suspend):
2192         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2193         * heap/MachineStackMarker.h:
2194         * runtime/JSCellInlines.h:
2195         (JSC::JSCell::classInfo):
2196         * runtime/JSLock.cpp:
2197         (JSC::JSLock::JSLock):
2198         (JSC::JSLock::lock):
2199         (JSC::JSLock::unlock):
2200         (JSC::JSLock::currentThreadIsHoldingLock):
2201         * runtime/JSLock.h:
2202         (JSC::JSLock::ownerThread):
2203         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2204         * runtime/PlatformThread.h: Removed.
2205         * runtime/VM.cpp:
2206         (JSC::VM::~VM):
2207         * runtime/VM.h:
2208         (JSC::VM::ownerThread):
2209         * runtime/Watchdog.cpp:
2210         (JSC::Watchdog::setTimeLimit):
2211         (JSC::Watchdog::shouldTerminate):
2212         (JSC::Watchdog::startTimer):
2213         (JSC::Watchdog::stopTimer):
2214         * tools/JSDollarVMPrototype.cpp:
2215         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2216         * tools/VMInspector.cpp:
2217
2218 2017-03-01  Mark Lam  <mark.lam@apple.com>
2219
2220         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2221         https://bugs.webkit.org/show_bug.cgi?id=169042
2222
2223         Reviewed by Filip Pizlo.
2224
2225         * runtime/JSLock.h:
2226         (JSC::JSLock::currentThreadIsHoldingLock):
2227
2228 2017-02-28  Brian Burg  <bburg@apple.com>
2229
2230         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
2231         https://bugs.webkit.org/show_bug.cgi?id=168695
2232         <rdar://problem/30643899>
2233
2234         Reviewed by Joseph Pecoraro.
2235
2236         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
2237         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
2238         to gather listing information for RemoteAutomationTargets.
2239
2240         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
2241         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
2242         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
2243
2244         * inspector/remote/RemoteInspector.h:
2245         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
2246
2247         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2248         (Inspector::RemoteConnectionToTarget::setup):
2249         (Inspector::RemoteConnectionToTarget::close):
2250         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
2251         and use it inside the block later after it may have been destructed already. If that happens,
2252         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
2253
2254         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2255         (Inspector::RemoteInspector::updateTargetListing):
2256         We need to make sure to request a listing push after the target is updated, so implicitly call
2257         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
2258
2259         (Inspector::RemoteInspector::receivedSetupMessage):
2260         (Inspector::RemoteInspector::receivedDidCloseMessage):
2261         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
2262         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
2263         and asynchronously on the target's queue when the connection to target is opened or closed.
2264
2265 2017-03-01  Tomas Popela  <tpopela@redhat.com>
2266
2267         Leak under Options::setOptions
2268         https://bugs.webkit.org/show_bug.cgi?id=169029
2269
2270         Reviewed by Michael Saboff.
2271
2272         Don't leak the optionsStrCopy variable.
2273
2274         * runtime/Options.cpp:
2275         (JSC::Options::setOptions):
2276
2277 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2278
2279         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
2280         https://bugs.webkit.org/show_bug.cgi?id=168968
2281
2282         Reviewed by Saam Barati.
2283
2284         This patch decouples dumping bytecode sequence from CodeBlock.
2285         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
2286         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
2287         called Generatorification.
2288
2289         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
2290         this class to dump bytecode sequence.
2291
2292         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
2293         which dumps unlinked bytecode sequence before generatorification if it is enabled.
2294
2295         * CMakeLists.txt:
2296         * JavaScriptCore.xcodeproj/project.pbxproj:
2297         * bytecode/BytecodeDumper.cpp: Added.
2298         (JSC::getStructureID):
2299         (JSC::getSpecialPointer):
2300         (JSC::getPutByIdFlags):
2301         (JSC::getToThisStatus):
2302         (JSC::getPointer):
2303         (JSC::getStructureChain):
2304         (JSC::getStructure):
2305         (JSC::getCallLinkInfo):
2306         (JSC::getBasicBlockLocation):
2307         (JSC::BytecodeDumper<Block>::actualPointerFor):
2308         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
2309         (JSC::beginDumpProfiling):
2310         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
2311         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
2312         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
2313         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
2314         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
2315         (JSC::dumpRareCaseProfile):
2316         (JSC::dumpArithProfile):
2317         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
2318         (JSC::BytecodeDumper<Block>::vm):
2319         (JSC::BytecodeDumper<Block>::identifier):
2320         (JSC::regexpToSourceString):
2321         (JSC::regexpName):
2322         (JSC::printLocationAndOp):
2323         (JSC::isConstantRegisterIndex):
2324         (JSC::debugHookName):
2325         (JSC::BytecodeDumper<Block>::registerName):
2326         (JSC::idName):
2327         (JSC::BytecodeDumper<Block>::constantName):
2328         (JSC::BytecodeDumper<Block>::printUnaryOp):
2329         (JSC::BytecodeDumper<Block>::printBinaryOp):
2330         (JSC::BytecodeDumper<Block>::printConditionalJump):
2331         (JSC::BytecodeDumper<Block>::printGetByIdOp):
2332         (JSC::dumpStructure):
2333         (JSC::dumpChain):
2334         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
2335         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
2336         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
2337         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
2338         (JSC::BytecodeDumper<Block>::printCallOp):
2339         (JSC::BytecodeDumper<Block>::printPutByIdOp):
2340         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
2341         (JSC::BytecodeDumper<Block>::dumpBytecode):
2342         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2343         (JSC::BytecodeDumper<Block>::dumpConstants):
2344         (JSC::BytecodeDumper<Block>::dumpRegExps):
2345         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2346         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2347         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2348         (JSC::BytecodeDumper<Block>::dumpBlock):
2349         * bytecode/BytecodeDumper.h: Added.
2350         (JSC::BytecodeDumper::BytecodeDumper):
2351         (JSC::BytecodeDumper::block):
2352         (JSC::BytecodeDumper::instructionsBegin):
2353         * bytecode/BytecodeGeneratorification.cpp:
2354         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2355         (JSC::performGeneratorification):
2356         * bytecode/BytecodeLivenessAnalysis.cpp:
2357         (JSC::BytecodeLivenessAnalysis::dumpResults):
2358         * bytecode/CodeBlock.cpp:
2359         (JSC::CodeBlock::dumpBytecode):
2360         (JSC::CodeBlock::finishCreation):
2361         (JSC::CodeBlock::propagateTransitions):
2362         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2363         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2364         (JSC::CodeBlock::usesOpcode):
2365         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2366         (JSC::CodeBlock::arithProfileForPC):
2367         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2368         (JSC::idName): Deleted.
2369         (JSC::CodeBlock::registerName): Deleted.
2370         (JSC::CodeBlock::constantName): Deleted.
2371         (JSC::regexpToSourceString): Deleted.
2372         (JSC::regexpName): Deleted.
2373         (JSC::debugHookName): Deleted.
2374         (JSC::CodeBlock::printUnaryOp): Deleted.
2375         (JSC::CodeBlock::printBinaryOp): Deleted.
2376         (JSC::CodeBlock::printConditionalJump): Deleted.
2377         (JSC::CodeBlock::printGetByIdOp): Deleted.
2378         (JSC::dumpStructure): Deleted.
2379         (JSC::dumpChain): Deleted.
2380         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
2381         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
2382         (JSC::CodeBlock::printCallOp): Deleted.
2383         (JSC::CodeBlock::printPutByIdOp): Deleted.
2384         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
2385         (JSC::CodeBlock::beginDumpProfiling): Deleted.
2386         (JSC::CodeBlock::dumpValueProfiling): Deleted.
2387         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
2388         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
2389         (JSC::CodeBlock::dumpArithProfile): Deleted.
2390         (JSC::CodeBlock::printLocationAndOp): Deleted.
2391         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
2392         * bytecode/CodeBlock.h:
2393         (JSC::CodeBlock::constantRegisters):
2394         (JSC::CodeBlock::numberOfRegExps):
2395         (JSC::CodeBlock::bitVectors):
2396         (JSC::CodeBlock::bitVector):
2397         * bytecode/HandlerInfo.h:
2398         (JSC::HandlerInfoBase::typeName):
2399         * bytecode/UnlinkedCodeBlock.cpp:
2400         (JSC::UnlinkedCodeBlock::dump):
2401         * bytecode/UnlinkedCodeBlock.h:
2402         (JSC::UnlinkedCodeBlock::getConstant):
2403         * bytecode/UnlinkedInstructionStream.cpp:
2404         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
2405         * bytecode/UnlinkedInstructionStream.h:
2406         (JSC::UnlinkedInstructionStream::Reader::next):
2407         * runtime/Options.h:
2408
2409 2017-02-28  Mark Lam  <mark.lam@apple.com>
2410
2411         Change JSLock to stash PlatformThread instead of std::thread::id.
2412         https://bugs.webkit.org/show_bug.cgi?id=168996
2413
2414         Reviewed by Filip Pizlo.
2415
2416         PlatformThread is more useful because it allows us to:
2417         1. find the MachineThreads::Thread which is associated with it.
2418         2. suspend / resume threads.
2419         3. send a signal to a thread.
2420
2421         We can't do those with std::thread::id.  We will need one or more of these
2422         capabilities to implement non-polling VM traps later.
2423
2424         * JavaScriptCore.xcodeproj/project.pbxproj:
2425         * heap/MachineStackMarker.cpp:
2426         (JSC::MachineThreads::Thread::createForCurrentThread):
2427         (JSC::MachineThreads::machineThreadForCurrentThread):
2428         (JSC::MachineThreads::removeThread):
2429         (JSC::MachineThreads::Thread::suspend):
2430         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2431         (JSC::getCurrentPlatformThread): Deleted.
2432         * heap/MachineStackMarker.h:
2433         * runtime/JSCellInlines.h:
2434         (JSC::JSCell::classInfo):
2435         * runtime/JSLock.cpp:
2436         (JSC::JSLock::lock):
2437         (JSC::JSLock::unlock):
2438         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2439         * runtime/JSLock.h:
2440         (JSC::JSLock::ownerThread):
2441         (JSC::JSLock::currentThreadIsHoldingLock):
2442         * runtime/PlatformThread.h: Added.
2443         (JSC::currentPlatformThread):
2444         * runtime/VM.cpp:
2445         (JSC::VM::~VM):
2446         * runtime/VM.h:
2447         (JSC::VM::ownerThread):
2448         * runtime/Watchdog.cpp:
2449         (JSC::Watchdog::setTimeLimit):
2450         (JSC::Watchdog::shouldTerminate):
2451         (JSC::Watchdog::startTimer):
2452         (JSC::Watchdog::stopTimer):
2453         * tools/JSDollarVMPrototype.cpp:
2454         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2455         * tools/VMInspector.cpp:
2456
2457 2017-02-28  Mark Lam  <mark.lam@apple.com>
2458
2459         Enable the SigillCrashAnalyzer by default for iOS.
2460         https://bugs.webkit.org/show_bug.cgi?id=168989
2461
2462         Reviewed by Keith Miller.
2463
2464         * runtime/Options.cpp:
2465         (JSC::overrideDefaults):
2466
2467 2017-02-28  Mark Lam  <mark.lam@apple.com>
2468
2469         Remove setExclusiveThread() and peers from the JSLock.
2470         https://bugs.webkit.org/show_bug.cgi?id=168977
2471
2472         Reviewed by Filip Pizlo.
2473
2474         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
2475         Speedometer, we see that removal of exclusive thread status has no measurable
2476         impact on performance.  So, let's remove the code for handling exclusive thread
2477         status, and simplify the JSLock code.
2478
2479         For the records, exclusive thread status does improve JSLock locking/unlocking
2480         time by up to 20%.  However, this difference is not measurable in the way WebCore
2481         uses the JSLock as confirmed by Speedometer.
2482
2483         Also applied a minor optimization in JSLock::lock() to assume the initial lock
2484         entry case (as opposed to the re-entry case).  This appears to shows a small
2485         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
2486         time in a micro-benchmark.
2487
2488         * heap/Heap.cpp:
2489         (JSC::Heap::Heap):
2490         * heap/MachineStackMarker.cpp:
2491         (JSC::MachineThreads::MachineThreads):
2492         (JSC::MachineThreads::addCurrentThread):
2493         * heap/MachineStackMarker.h:
2494         * runtime/JSLock.cpp:
2495         (JSC::JSLock::JSLock):
2496         (JSC::JSLock::lock):
2497         (JSC::JSLock::unlock):
2498         (JSC::JSLock::currentThreadIsHoldingLock):
2499         (JSC::JSLock::dropAllLocks):
2500         (JSC::JSLock::grabAllLocks):
2501         (JSC::JSLock::setExclusiveThread): Deleted.
2502         * runtime/JSLock.h:
2503         (JSC::JSLock::ownerThread):
2504         (JSC::JSLock::hasExclusiveThread): Deleted.
2505         (JSC::JSLock::exclusiveThread): Deleted.
2506         * runtime/VM.h:
2507         (JSC::VM::hasExclusiveThread): Deleted.
2508         (JSC::VM::exclusiveThread): Deleted.
2509         (JSC::VM::setExclusiveThread): Deleted.
2510
2511 2017-02-28  Saam Barati  <sbarati@apple.com>
2512
2513         Arm64 disassembler prints "ars" instead of "asr"
2514         https://bugs.webkit.org/show_bug.cgi?id=168923
2515
2516         Rubber stamped by Michael Saboff.
2517
2518         * disassembler/ARM64/A64DOpcode.cpp:
2519         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2520
2521 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
2522
2523         Use of arguments in arrow function is slow
2524         https://bugs.webkit.org/show_bug.cgi?id=168829
2525
2526         Reviewed by Saam Barati.
2527
2528         Current patch improves performance access to arguments within arrow functuion
2529         by preventing create arguments variable within arrow function, also allow to cache 
2530         arguments variable. Before arguments variable always have Dynamic resolve type, after 
2531         patch it can be ClosureVar, that increase performance of access to arguments variable
2532         in 9 times inside of the arrow function. 
2533
2534         * bytecompiler/BytecodeGenerator.cpp:
2535         (JSC::BytecodeGenerator::BytecodeGenerator):
2536         * runtime/JSScope.cpp:
2537         (JSC::abstractAccess):
2538
2539 2017-02-28  Michael Saboff  <msaboff@apple.com>
2540
2541         Add ability to configure JSC options from a file
2542         https://bugs.webkit.org/show_bug.cgi?id=168914
2543
2544         Reviewed by Filip Pizlo.
2545
2546         Added the ability to set options and DataLog file location via a configuration file.
2547         The configuration file is specified with the --configFile option to JSC or the
2548         JSC_configFile environment variable.
2549
2550         The file format allows for options conditionally dependent on various attributes.
2551         Currently those attributes are the process name, parent process name and build
2552         type (Release or Debug).  In this patch, the parent process type is not set.
2553         That will be set up in WebKit code with a follow up patch.
2554
2555         Here is an example config file:
2556
2557             logFile = "/tmp/jscLog.%pid.txt"
2558
2559             jscOptions {
2560                 dumpOptions = 2
2561             }
2562
2563             build == "Debug" {
2564                 jscOptions {
2565                     useConcurrentJIT = false
2566                     dumpDisassembly = true
2567                 }
2568             }
2569
2570             build == "Release" && processName == "jsc" {
2571                 jscOptions {
2572                     asyncDisassembly = true
2573                 }
2574             }
2575
2576         Eliminated the prior options file code.
2577
2578         * CMakeLists.txt:
2579         * JavaScriptCore.xcodeproj/project.pbxproj:
2580         * jsc.cpp:
2581         (jscmain):
2582         * runtime/ConfigFile.cpp: Added.
2583         (JSC::ConfigFileScanner::ConfigFileScanner):
2584         (JSC::ConfigFileScanner::start):
2585         (JSC::ConfigFileScanner::lineNumber):
2586         (JSC::ConfigFileScanner::currentBuffer):
2587         (JSC::ConfigFileScanner::atFileEnd):
2588         (JSC::ConfigFileScanner::tryConsume):
2589         (JSC::ConfigFileScanner::tryConsumeString):
2590         (JSC::ConfigFileScanner::tryConsumeUpto):
2591         (JSC::ConfigFileScanner::fillBufferIfNeeded):
2592         (JSC::ConfigFileScanner::fillBuffer):
2593         (JSC::ConfigFile::ConfigFile):
2594         (JSC::ConfigFile::setProcessName):
2595         (JSC::ConfigFile::setParentProcessName):
2596         (JSC::ConfigFile::parse):
2597         * runtime/ConfigFile.h: Added.
2598         * runtime/Options.cpp:
2599         (JSC::Options::initialize):
2600         (JSC::Options::setOptions):
2601         * runtime/Options.h:
2602
2603 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2604
2605         Begin enabling WebRTC on 64-bit
2606         https://bugs.webkit.org/show_bug.cgi?id=168915
2607
2608         Reviewed by Eric Carlson.
2609
2610         * Configurations/FeatureDefines.xcconfig:
2611
2612 2017-02-27  Mark Lam  <mark.lam@apple.com>
2613
2614         Introduce a VM Traps mechanism and refactor Watchdog to use it.
2615         https://bugs.webkit.org/show_bug.cgi?id=168842
2616
2617         Reviewed by Filip Pizlo.
2618
2619         Currently, the traps mechanism is only used for the JSC watchdog, and for
2620         asynchronous termination requests (which is currently only used for worker
2621         threads termination).
2622
2623         This first cut of the traps mechanism still relies on polling from DFG and FTL
2624         code.  This is done to keep the patch as small as possible.  The work to do
2625         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
2626         another patch.
2627
2628         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
2629         flag to enable the traps polling in the DFG and FTL code.  When we have the
2630         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
2631         the VM::m_needAsynchronousTerminationSupport flag.
2632
2633         Note: this patch also separates asynchronous termination support from the JSC
2634         watchdog.  This separation allows us to significantly simplify the locking
2635         requirements in the watchdog code, and make it easier to reason about its
2636         correctness.
2637
2638         * CMakeLists.txt:
2639         * JavaScriptCore.xcodeproj/project.pbxproj:
2640         * bytecode/BytecodeList.json:
2641         * bytecode/BytecodeUseDef.h:
2642         (JSC::computeUsesForBytecodeOffset):
2643         (JSC::computeDefsForBytecodeOffset):
2644         * bytecode/CodeBlock.cpp:
2645         (JSC::CodeBlock::dumpBytecode):
2646         * bytecompiler/BytecodeGenerator.cpp:
2647         (JSC::BytecodeGenerator::BytecodeGenerator):
2648         (JSC::BytecodeGenerator::emitLoopHint):
2649         (JSC::BytecodeGenerator::emitCheckTraps):
2650         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
2651         * bytecompiler/BytecodeGenerator.h:
2652         * dfg/DFGAbstractInterpreterInlines.h:
2653         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2654         * dfg/DFGByteCodeParser.cpp:
2655         (JSC::DFG::ByteCodeParser::parseBlock):
2656         * dfg/DFGCapabilities.cpp:
2657         (JSC::DFG::capabilityLevel):
2658         * dfg/DFGClobberize.h:
2659         (JSC::DFG::clobberize):
2660         * dfg/DFGDoesGC.cpp:
2661         (JSC::DFG::doesGC):
2662         * dfg/DFGFixupPhase.cpp:
2663         (JSC::DFG::FixupPhase::fixupNode):
2664         * dfg/DFGNodeType.h:
2665         * dfg/DFGPredictionPropagationPhase.cpp:
2666         * dfg/DFGSafeToExecute.h:
2667         (JSC::DFG::safeToExecute):
2668         * dfg/DFGSpeculativeJIT.cpp:
2669         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2670         * dfg/DFGSpeculativeJIT.h:
2671         * dfg/DFGSpeculativeJIT32_64.cpp:
2672         (JSC::DFG::SpeculativeJIT::compile):
2673         * dfg/DFGSpeculativeJIT64.cpp:
2674         (JSC::DFG::SpeculativeJIT::compile):
2675         * ftl/FTLCapabilities.cpp:
2676         (JSC::FTL::canCompile):
2677         * ftl/FTLLowerDFGToB3.cpp:
2678         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2679         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2680         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
2681         * interpreter/Interpreter.cpp:
2682         (JSC::Interpreter::executeProgram):
2683         (JSC::Interpreter::executeCall):
2684         (JSC::Interpreter::executeConstruct):
2685         (JSC::Interpreter::execute):
2686         * jit/JIT.cpp:
2687         (JSC::JIT::privateCompileMainPass):
2688         (JSC::JIT::privateCompileSlowCases):
2689         * jit/JIT.h:
2690         * jit/JITOpcodes.cpp:
2691         (JSC::JIT::emit_op_check_traps):
2692         (JSC::JIT::emitSlow_op_check_traps):
2693         (JSC::JIT::emit_op_watchdog): Deleted.
2694         (JSC::JIT::emitSlow_op_watchdog): Deleted.
2695         * jit/JITOperations.cpp:
2696         * jit/JITOperations.h:
2697         * llint/LLIntSlowPaths.cpp:
2698         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2699         * llint/LLIntSlowPaths.h:
2700         * llint/LowLevelInterpreter.asm:
2701         * llint/LowLevelInterpreter32_64.asm:
2702         * llint/LowLevelInterpreter64.asm:
2703         * runtime/VM.cpp:
2704         (JSC::VM::~VM):
2705         (JSC::VM::ensureWatchdog):
2706         (JSC::VM::handleTraps):
2707         * runtime/VM.h:
2708         (JSC::VM::ownerThread):
2709         (JSC::VM::needTrapHandling):
2710         (JSC::VM::needTrapHandlingAddress):
2711         (JSC::VM::notifyNeedTermination):
2712         (JSC::VM::notifyNeedWatchdogCheck):
2713         (JSC::VM::needAsynchronousTerminationSupport):
2714         (JSC::VM::setNeedAsynchronousTerminationSupport):
2715         * runtime/VMInlines.h:
2716         (JSC::VM::shouldTriggerTermination): Deleted.
2717         * runtime/VMTraps.cpp: Added.
2718         (JSC::VMTraps::fireTrap):
2719         (JSC::VMTraps::takeTrap):
2720         * runtime/VMTraps.h: Added.
2721         (JSC::VMTraps::needTrapHandling):
2722         (JSC::VMTraps::needTrapHandlingAddress):
2723         (JSC::VMTraps::hasTrapForEvent):
2724         (JSC::VMTraps::setTrapForEvent):
2725         (JSC::VMTraps::clearTrapForEvent):
2726         * runtime/Watchdog.cpp:
2727         (JSC::Watchdog::Watchdog):
2728         (JSC::Watchdog::setTimeLimit):
2729         (JSC::Watchdog::shouldTerminate):
2730         (JSC::Watchdog::enteredVM):
2731         (JSC::Watchdog::exitedVM):
2732         (JSC::Watchdog::startTimer):
2733         (JSC::Watchdog::stopTimer):
2734         (JSC::Watchdog::willDestroyVM):
2735         (JSC::Watchdog::terminateSoon): Deleted.
2736         (JSC::Watchdog::shouldTerminateSlow): Deleted.
2737         * runtime/Watchdog.h:
2738         (JSC::Watchdog::shouldTerminate): Deleted.
2739         (JSC::Watchdog::timerDidFireAddress): Deleted.
2740
2741 2017-02-27  Commit Queue  <commit-queue@webkit.org>
2742
2743         Unreviewed, rolling out r213019.
2744         https://bugs.webkit.org/show_bug.cgi?id=168925
2745
2746         "It broke 32-bit jsc tests in debug builds" (Requested by
2747         saamyjoon on #webkit).
2748
2749         Reverted changeset:
2750
2751         "op_get_by_id_with_this should use inline caching"
2752         https://bugs.webkit.org/show_bug.cgi?id=162124
2753         http://trac.webkit.org/changeset/213019
2754
2755 2017-02-27  JF Bastien  <jfbastien@apple.com>
2756
2757         WebAssembly: miscellaneous spec fixes part deux
2758         https://bugs.webkit.org/show_bug.cgi?id=168861
2759
2760         Reviewed by Keith Miller.
2761
2762         * wasm/WasmFunctionParser.h: add some FIXME
2763
2764 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2765
2766         [libwebrtc] Enable WebRTC in some Production Builds
2767         https://bugs.webkit.org/show_bug.cgi?id=168858
2768
2769         * Configurations/FeatureDefines.xcconfig:
2770
2771 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
2772
2773         op_get_by_id_with_this should use inline caching
2774         https://bugs.webkit.org/show_bug.cgi?id=162124
2775
2776         Reviewed by Saam Barati.
2777
2778         This patch is enabling inline cache for op_get_by_id_with_this in all
2779         tiers. It means that operations using ```super.member``` are going to
2780         be able to be optimized by PIC. To enable it, we introduced a new
2781         member of StructureStubInfo.patch named thisGPR, created a new class
2782         to manage the IC named JITGetByIdWithThisGenerator and changed
2783         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
2784         to decide the correct this value on inline caches.
2785         With inline cached enabled, ```super.member``` are ~4.5x faster,
2786         according microbenchmarks.
2787
2788         * bytecode/AccessCase.cpp:
2789         (JSC::AccessCase::generateImpl):
2790         * bytecode/PolymorphicAccess.cpp:
2791         (JSC::PolymorphicAccess::regenerate):
2792         * bytecode/PolymorphicAccess.h:
2793         * bytecode/StructureStubInfo.cpp:
2794         (JSC::StructureStubInfo::reset):
2795         * bytecode/StructureStubInfo.h:
2796         * dfg/DFGFixupPhase.cpp:
2797         (JSC::DFG::FixupPhase::fixupNode):
2798         * dfg/DFGJITCompiler.cpp:
2799         (JSC::DFG::JITCompiler::link):
2800         * dfg/DFGJITCompiler.h:
2801         (JSC::DFG::JITCompiler::addGetByIdWithThis):
2802         * dfg/DFGSpeculativeJIT.cpp:
2803         (JSC::DFG::SpeculativeJIT::compileIn):
2804         * dfg/DFGSpeculativeJIT.h:
2805         (JSC::DFG::SpeculativeJIT::callOperation):
2806         * dfg/DFGSpeculativeJIT32_64.cpp:
2807         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2808         (JSC::DFG::SpeculativeJIT::compile):
2809         * dfg/DFGSpeculativeJIT64.cpp:
2810         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2811         (JSC::DFG::SpeculativeJIT::compile):
2812         * ftl/FTLLowerDFGToB3.cpp:
2813         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
2814         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
2815         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
2816         * jit/CCallHelpers.h:
2817         (JSC::CCallHelpers::setupArgumentsWithExecState):
2818         * jit/ICStats.h:
2819         * jit/JIT.cpp:
2820         (JSC::JIT::JIT):
2821         (JSC::JIT::privateCompileSlowCases):
2822         (JSC::JIT::link):
2823         * jit/JIT.h:
2824         * jit/JITInlineCacheGenerator.cpp:
2825         (JSC::JITByIdGenerator::JITByIdGenerator):
2826         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2827         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
2828         * jit/JITInlineCacheGenerator.h:
2829         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2830         * jit/JITInlines.h:
2831         (JSC::JIT::callOperation):
2832         * jit/JITOperations.cpp:
2833         * jit/JITOperations.h:
2834         * jit/JITPropertyAccess.cpp:
2835         (JSC::JIT::emit_op_get_by_id_with_this):
2836         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2837         * jit/JITPropertyAccess32_64.cpp:
2838         (JSC::JIT::emit_op_get_by_id_with_this):
2839         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2840         * jit/Repatch.cpp:
2841         (JSC::appropriateOptimizingGetByIdFunction):
2842         (JSC::appropriateGenericGetByIdFunction):
2843         (JSC::tryCacheGetByID):
2844         * jit/Repatch.h:
2845         * jsc.cpp:
2846         (WTF::CustomGetter::getOwnPropertySlot):
2847         (WTF::CustomGetter::customGetterAcessor):
2848
2849 2017-02-24  JF Bastien  <jfbastien@apple.com>
2850
2851         WebAssembly: miscellaneous spec fixes
2852         https://bugs.webkit.org/show_bug.cgi?id=168822
2853
2854         Reviewed by Saam Barati.
2855
2856         * wasm/WasmModuleParser.cpp: "unknown" sections are now called "custom" sections
2857         * wasm/WasmSections.h:
2858         (JSC::Wasm::validateOrder):
2859         (JSC::Wasm::makeString): fix ASSERT_UNREACHABLE bug in printing
2860         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2861         (JSC::constructJSWebAssemblyInstance): disallow i64 import
2862         * wasm/js/WebAssemblyModuleRecord.cpp:
2863         (JSC::WebAssemblyModuleRecord::link): disallow i64 export
2864         (JSC::WebAssemblyModuleRecord::evaluate):
2865
2866 2017-02-24  Filip Pizlo  <fpizlo@apple.com>
2867
2868         Move Arg::Type and Arg::Width out into the B3 namespace, since they are general concepts
2869         https://bugs.webkit.org/show_bug.cgi?id=168833
2870
2871         Reviewed by Saam Barati.
2872         
2873         I want to use the Air::Arg::Type and Air::Arg::Width concepts in B3. We are already
2874         doing this a bit, and it's akward because of the namespacing. Throughout B3 we take the
2875         approach that if something is not specific to Air, then it should be in the B3
2876         namespace.
2877         
2878         This moves Air::Arg::Type to B3::Bank. This moves Air::Arg::Width to B3::Width.
2879         
2880         I renamed Arg::Type to Bank because there is already a B3::Type and because Arg::Type
2881         was never really a type. Its purpose was always to identify register banks, and we use
2882         this enum when the thing we care about is whether the value is most appropriate for
2883         GPRs or FPRs.
2884         
2885         I kept both as non-enum classes because I think that we've learned that terse compiler
2886         code is a good thing. I don't want to say Bank::GP when I can say GP. With Width, the
2887         argument is even stronger, since you cannot say Width::8 but you can say Width8.
2888
2889         * CMakeLists.txt:
2890         * JavaScriptCore.xcodeproj/project.pbxproj:
2891         * b3/B3Bank.cpp: Added.
2892         (WTF::printInternal):
2893         * b3/B3Bank.h: Added.
2894         (JSC::B3::forEachBank):
2895         (JSC::B3::bankForType):
2896         * b3/B3CheckSpecial.cpp:
2897         (JSC::B3::CheckSpecial::forEachArg):
2898         * b3/B3LegalizeMemoryOffsets.cpp:
2899         * b3/B3LowerToAir.cpp:
2900         (JSC::B3::Air::LowerToAir::run):
2901         (JSC::B3::Air::LowerToAir::tmp):
2902         (JSC::B3::Air::LowerToAir::scaleForShl):
2903         (JSC::B3::Air::LowerToAir::effectiveAddr):
2904         (JSC::B3::Air::LowerToAir::addr):
2905         (JSC::B3::Air::LowerToAir::createGenericCompare):
2906         (JSC::B3::Air::LowerToAir::createBranch):
2907         (JSC::B3::Air::LowerToAir::createCompare):
2908         (JSC::B3::Air::LowerToAir::createSelect):
2909         (JSC::B3::Air::LowerToAir::lower):
2910         * b3/B3MemoryValue.cpp:
2911         (JSC::B3::MemoryValue::accessWidth):
2912         * b3/B3MemoryValue.h:
2913         * b3/B3MoveConstants.cpp:
2914         * b3/B3PatchpointSpecial.cpp:
2915         (JSC::B3::PatchpointSpecial::forEachArg):
2916         * b3/B3StackmapSpecial.cpp:
2917         (JSC::B3::StackmapSpecial::forEachArgImpl):
2918         * b3/B3Value.h:
2919         * b3/B3Variable.h:
2920         (JSC::B3::Variable::width):
2921         (JSC::B3::Variable::bank):
2922         * b3/B3WasmAddressValue.h:
2923         * b3/B3Width.cpp: Added.
2924         (WTF::printInternal):
2925         * b3/B3Width.h: Added.
2926         (JSC::B3::pointerWidth):
2927         (JSC::B3::widthForType):
2928         (JSC::B3::conservativeWidth):
2929         (JSC::B3::minimumWidth):
2930         (JSC::B3::bytes):
2931         (JSC::B3::widthForBytes):
2932         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
2933         * b3/air/AirAllocateStack.cpp:
2934         (JSC::B3::Air::allocateStack):
2935         * b3/air/AirArg.cpp:
2936         (JSC::B3::Air::Arg::canRepresent):
2937         (JSC::B3::Air::Arg::isCompatibleBank):
2938         (JSC::B3::Air::Arg::isCompatibleType): Deleted.
2939         * b3/air/AirArg.h:
2940         (JSC::B3::Air::Arg::hasBank):
2941         (JSC::B3::Air::Arg::bank):
2942         (JSC::B3::Air::Arg::isBank):
2943         (JSC::B3::Air::Arg::forEachTmp):
2944         (JSC::B3::Air::Arg::forEachType): Deleted.
2945         (JSC::B3::Air::Arg::pointerWidth): Deleted.
2946         (JSC::B3::Air::Arg::typeForB3Type): Deleted.
2947         (JSC::B3::Air::Arg::widthForB3Type): Deleted.
2948         (JSC::B3::Air::Arg::conservativeWidth): Deleted.
2949         (JSC::B3::Air::Arg::minimumWidth): Deleted.
2950         (JSC::B3::Air::Arg::bytes): Deleted.
2951         (JSC::B3::Air::Arg::widthForBytes): Deleted.
2952         (JSC::B3::Air::Arg::hasType): Deleted.
2953         (JSC::B3::Air::Arg::type): Deleted.
2954         (JSC::B3::Air::Arg::isType): Deleted.
2955         * b3/air/AirArgInlines.h:
2956         (JSC::B3::Air::ArgThingHelper<Tmp>::forEach):
2957         (JSC::B3::Air::ArgThingHelper<Arg>::forEach):
2958         (JSC::B3::Air::ArgThingHelper<Reg>::forEach):
2959         (JSC::B3::Air::Arg::forEach):
2960         * b3/air/AirCCallSpecial.cpp:
2961         (JSC::B3::Air::CCallSpecial::forEachArg):
2962         * b3/air/AirCCallingConvention.cpp:
2963         * b3/air/AirCode.cpp:
2964         (JSC::B3::Air::Code::Code):
2965         (JSC::B3::Air::Code::setRegsInPriorityOrder):
2966         (JSC::B3::Air::Code::pinRegister):
2967         * b3/air/AirCode.h:
2968         (JSC::B3::Air::Code::regsInPriorityOrder):
2969         (JSC::B3::Air::Code::newTmp):
2970         (JSC::B3::Air::Code::numTmps):
2971         (JSC::B3::Air::Code::regsInPriorityOrderImpl):
2972         * b3/air/AirCustom.cpp:
2973         (JSC::B3::Air::PatchCustom::isValidForm):
2974         (JSC::B3::Air::ShuffleCustom::isValidForm):
2975         * b3/air/AirCustom.h:
2976         (JSC::B3::Air::PatchCustom::forEachArg):
2977         (JSC::B3::Air::CCallCustom::forEachArg):
2978         (JSC::B3::Air::ColdCCallCustom::forEachArg):
2979         (JSC::B3::Air::ShuffleCustom::forEachArg):
2980         (JSC::B3::Air::WasmBoundsCheckCustom::forEachArg):
2981         * b3/air/AirDumpAsJS.cpp:
2982         (JSC::B3::Air::dumpAsJS):
2983         * b3/air/AirEliminateDeadCode.cpp:
2984         (JSC::B3::Air::eliminateDeadCode):
2985         * b3/air/AirEmitShuffle.cpp:
2986         (JSC::B3::Air::emitShuffle):
2987         * b3/air/AirEmitShuffle.h:
2988         (JSC::B3::Air::ShufflePair::ShufflePair):
2989         (JSC::B3::Air::ShufflePair::width):
2990         * b3/air/AirFixObviousSpills.cpp:
2991         * b3/air/AirFixPartialRegisterStalls.cpp:
2992         (JSC::B3::Air::fixPartialRegisterStalls):
2993         * b3/air/AirInst.cpp:
2994         (JSC::B3::Air::Inst::hasArgEffects):
2995         * b3/air/AirInst.h:
2996         (JSC::B3::Air::Inst::forEachTmp):
2997         * b3/air/AirInstInlines.h:
2998         (JSC::B3::Air::Inst::forEach):
2999         (JSC::B3::Air::Inst::forEachDef):
3000         (JSC::B3::Air::Inst::forEachDefWithExtraClobberedRegs):
3001         * b3/air/AirLiveness.h:
3002         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
3003         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
3004         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
3005         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
3006         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
3007         (JSC::B3::Air::RegLivenessAdapter::acceptsBank):
3008         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
3009         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute):
3010         (JSC::B3::Air::TmpLivenessAdapter::acceptsType): Deleted.
3011         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsType): Deleted.
3012         (JSC::B3::Air::RegLivenessAdapter::acceptsType): Deleted.
3013         * b3/air/AirLogRegisterPressure.cpp:
3014         (JSC::B3::Air::logRegisterPressure):
3015         * b3/air/AirLowerAfterRegAlloc.cpp:
3016         (JSC::B3::Air::lowerAfterRegAlloc):
3017         * b3/air/AirLowerMacros.cpp:
3018         (JSC::B3::Air::lowerMacros):
3019         * b3/air/AirPadInterference.cpp:
3020         (JSC::B3::Air::padInterference):
3021         * b3/air/AirReportUsedRegisters.cpp:
3022         (JSC::B3::Air::reportUsedRegisters):
3023         * b3/air/AirSpillEverything.cpp:
3024         (JSC::B3::Air::spillEverything):
3025         * b3/air/AirTmpInlines.h:
3026         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex): Deleted.
3027         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::lastMachineRegisterIndex): Deleted.
3028         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
3029         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex): Deleted.
3030         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::lastMachineRegisterIndex): Deleted.
3031         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
3032         * b3/air/AirTmpWidth.cpp:
3033         (JSC::B3::Air::TmpWidth::recompute):
3034         * b3/air/AirTmpWidth.h:
3035         (JSC::B3::Air::TmpWidth::width):
3036         (JSC::B3::Air::TmpWidth::requiredWidth):
3037         (JSC::B3::Air::TmpWidth::defWidth):
3038         (JSC::B3::Air::TmpWidth::useWidth):
3039         (JSC::B3::Air::TmpWidth::Widths::Widths):
3040         * b3/air/AirUseCounts.h:
3041         (JSC::B3::Air::UseCounts::UseCounts):
3042         * b3/air/AirValidate.cpp:
3043         * b3/air/opcode_generator.rb:
3044         * b3/air/testair.cpp:
3045         (JSC::B3::Air::compile): Deleted.
3046         (JSC::B3::Air::invoke): Deleted.
3047         (JSC::B3::Air::compileAndRun): Deleted.
3048         (JSC::B3::Air::testSimple): Deleted.
3049         (JSC::B3::Air::loadConstantImpl): Deleted.
3050         (JSC::B3::Air::loadConstant): Deleted.
3051         (JSC::B3::Air::loadDoubleConstant): Deleted.
3052         (JSC::B3::Air::testShuffleSimpleSwap): Deleted.
3053         (JSC::B3::Air::testShuffleSimpleShift): Deleted.
3054         (JSC::B3::Air::testShuffleLongShift): Deleted.
3055         (JSC::B3::Air::testShuffleLongShiftBackwards): Deleted.
3056         (JSC::B3::Air::testShuffleSimpleRotate): Deleted.
3057         (JSC::B3::Air::testShuffleSimpleBroadcast): Deleted.
3058         (JSC::B3::Air::testShuffleBroadcastAllRegs): Deleted.
3059         (JSC::B3::Air::testShuffleTreeShift): Deleted.
3060         (JSC::B3::Air::testShuffleTreeShiftBackward): Deleted.
3061         (JSC::B3::Air::testShuffleTreeShiftOtherBackward): Deleted.
3062         (JSC::B3::Air::testShuffleMultipleShifts): Deleted.
3063         (JSC::B3::Air::testShuffleRotateWithFringe): Deleted.
3064         (JSC::B3::Air::testShuffleRotateWithFringeInWeirdOrder): Deleted.
3065         (JSC::B3::Air::testShuffleRotateWithLongFringe): Deleted.
3066         (JSC::B3::Air::testShuffleMultipleRotates): Deleted.
3067         (JSC::B3::Air::testShuffleShiftAndRotate): Deleted.
3068         (JSC::B3::Air::testShuffleShiftAllRegs): Deleted.
3069         (JSC::B3::Air::testShuffleRotateAllRegs): Deleted.
3070         (JSC::B3::Air::testShuffleSimpleSwap64): Deleted.
3071         (JSC::B3::Air::testShuffleSimpleShift64): Deleted.
3072         (JSC::B3::Air::testShuffleSwapMixedWidth): Deleted.
3073         (JSC::B3::Air::testShuffleShiftMixedWidth): Deleted.
3074         (JSC::B3::Air::testShuffleShiftMemory): Deleted.
3075         (JSC::B3::Air::testShuffleShiftMemoryLong): Deleted.
3076         (JSC::B3::Air::testShuffleShiftMemoryAllRegs): Deleted.
3077         (JSC::B3::Air::testShuffleShiftMemoryAllRegs64): Deleted.
3078         (JSC::B3::Air::combineHiLo): Deleted.
3079         (JSC::B3::Air::testShuffleShiftMemoryAllRegsMixedWidth): Deleted.
3080         (JSC::B3::Air::testShuffleRotateMemory): Deleted.
3081         (JSC::B3::Air::testShuffleRotateMemory64): Deleted.
3082         (JSC::B3::Air::testShuffleRotateMemoryMixedWidth): Deleted.
3083         (JSC::B3::Air::testShuffleRotateMemoryAllRegs64): Deleted.
3084         (JSC::B3::Air::testShuffleRotateMemoryAllRegsMixedWidth): Deleted.
3085         (JSC::B3::Air::testShuffleSwapDouble): Deleted.
3086         (JSC::B3::Air::testShuffleShiftDouble): Deleted.
3087         (JSC::B3::Air::testX86VMULSD): Deleted.
3088         (JSC::B3::Air::testX86VMULSDDestRex): Deleted.
3089         (JSC::B3::Air::testX86VMULSDOp1DestRex): Deleted.
3090         (JSC::B3::Air::testX86VMULSDOp2DestRex): Deleted.
3091         (JSC::B3::Air::testX86VMULSDOpsDestRex): Deleted.
3092         (JSC::B3::Air::testX86VMULSDAddr): Deleted.
3093         (JSC::B3::Air::testX86VMULSDAddrOpRexAddr): Deleted.
3094         (JSC::B3::Air::testX86VMULSDDestRexAddr): Deleted.
3095         (JSC::B3::Air::testX86VMULSDRegOpDestRexAddr): Deleted.
3096         (JSC::B3::Air::testX86VMULSDAddrOpDestRexAddr): Deleted.
3097         (JSC::B3::Air::testX86VMULSDBaseNeedsRex): Deleted.
3098         (JSC::B3::Air::testX86VMULSDIndexNeedsRex): Deleted.
3099         (JSC::B3::Air::testX86VMULSDBaseIndexNeedRex): Deleted.
3100         (JSC::B3::Air::run): Deleted.
3101
3102 2017-02-24  Keith Miller  <keith_miller@apple.com>
3103
3104         We should be able to use std::tuples as keys in HashMap
3105         https://bugs.webkit.org/show_bug.cgi?id=168805
3106
3107         Reviewed by Filip Pizlo.
3108
3109         Convert the mess of std::pairs we used as the keys in PrototypeMap
3110         to a std::tuple. I also plan on using this for a HashMap in wasm.
3111
3112         * JavaScriptCore.xcodeproj/project.pbxproj:
3113         * runtime/PrototypeMap.cpp:
3114         (JSC::PrototypeMap::createEmptyStructure):
3115         (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
3116         * runtime/PrototypeMap.h:
3117
3118 2017-02-24  Saam Barati  <sbarati@apple.com>
3119
3120         Unreviewed. Remove inaccurate copy-paste comment from r212939.
3121
3122         * dfg/DFGOperations.cpp:
3123
3124 2017-02-23  Saam Barati  <sbarati@apple.com>
3125
3126         Intrinsicify parseInt
3127         https://bugs.webkit.org/show_bug.cgi?id=168627
3128
3129         Reviewed by Filip Pizlo.
3130
3131         This patch makes parseInt an intrinsic in the DFG and FTL.
3132         We do our best to eliminate this node. If we speculate that
3133         the first operand to the operation is an int32, and that there
3134         isn't a second operand, we convert to the identity of the first
3135         operand. That's because parseInt(someInt) === someInt.
3136         
3137         If the first operand is proven to be an integer, and the second
3138         operand is the integer 0 or the integer 10, we can eliminate the
3139         node by making it an identity over its first operand. That's
3140         because parseInt(someInt, 0) === someInt and parseInt(someInt, 10) === someInt.
3141         
3142         If we are not able to constant fold the node away, we try to remove
3143         checks. The most common use case of parseInt is that its first operand
3144         is a proven string. The DFG might be able to remove type checks in this
3145         case. We also set up CSE rules for parseInt(someString, someIntRadix)
3146         because it's a "pure" operation (modulo resolving a rope).
3147
3148         This looks to be a 4% Octane/Box2D progression.
3149
3150         * dfg/DFGAbstractInterpreterInlines.h:
3151         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3152         * dfg/DFGByteCodeParser.cpp:
3153         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3154         * dfg/DFGClobberize.h:
3155         (JSC::DFG::clobberize):
3156         * dfg/DFGConstantFoldingPhase.cpp:
3157         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3158         * dfg/DFGDoesGC.cpp:
3159         (JSC::DFG::doesGC):
3160         * dfg/DFGFixupPhase.cpp:
3161         (JSC::DFG::FixupPhase::fixupNode):
3162         * dfg/DFGNode.h:
3163         (JSC::DFG::Node::hasHeapPrediction):
3164         * dfg/DFGNodeType.h:
3165         * dfg/DFGOperations.cpp:
3166         (JSC::DFG::parseIntResult):
3167         * dfg/DFGOperations.h:
3168         * dfg/DFGPredictionPropagationPhase.cpp:
3169         * dfg/DFGSafeToExecute.h:
3170         (JSC::DFG::safeToExecute):
3171         * dfg/DFGSpeculativeJIT.cpp:
3172         (JSC::DFG::SpeculativeJIT::compileParseInt):
3173         * dfg/DFGSpeculativeJIT.h:
3174         (JSC::DFG::SpeculativeJIT::callOperation):
3175         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
3176         * dfg/DFGSpeculativeJIT32_64.cpp:
3177         (JSC::DFG::SpeculativeJIT::compile):
3178         * dfg/DFGSpeculativeJIT64.cpp:
3179         (JSC::DFG::SpeculativeJIT::compile):
3180         * ftl/FTLCapabilities.cpp:
3181         (JSC::FTL::canCompile):
3182         * ftl/FTLLowerDFGToB3.cpp:
3183         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3184         (JSC::FTL::DFG::LowerDFGToB3::compileParseInt):
3185         * jit/JITOperations.h:
3186         * parser/Lexer.cpp:
3187         * runtime/ErrorInstance.cpp:
3188         * runtime/Intrinsic.h:
3189         * runtime/JSGlobalObject.cpp:
3190         (JSC::JSGlobalObject::init):
3191         * runtime/JSGlobalObjectFunctions.cpp:
3192         (JSC::toStringView): Deleted.
3193         (JSC::isStrWhiteSpace): Deleted.
3194         (JSC::parseDigit): Deleted.
3195         (JSC::parseIntOverflow): Deleted.
3196         (JSC::parseInt): Deleted.
3197         * runtime/JSGlobalObjectFunctions.h:
3198         * runtime/ParseInt.h: Added.
3199         (JSC::parseDigit):
3200         (JSC::parseIntOverflow):
3201         (JSC::isStrWhiteSpace):
3202         (JSC::parseInt):
3203         (JSC::toStringView):
3204         * runtime/StringPrototype.cpp:
3205
3206 2017-02-23  JF Bastien  <jfbastien@apple.com>
3207
3208         WebAssembly: support 0x1 version
3209         https://bugs.webkit.org/show_bug.cgi?id=168672
3210
3211         Reviewed by Keith Miller.
3212
3213         * wasm/wasm.json: update the version number, everything is based
3214         on its value
3215
3216 2017-02-23  Saam Barati  <sbarati@apple.com>
3217
3218         Make Briggs fixpoint validation run only with validateGraphAtEachPhase
3219         https://bugs.webkit.org/show_bug.cgi?id=168795
3220
3221         Rubber stamped by Keith Miller.
3222
3223         The Briggs allocator was running intensive validation
3224         on each step of the fixpoint. Instead, it now will just
3225         do it when shouldValidateIRAtEachPhase() is true because
3226         doing this for all !ASSERT_DISABLED builds takes too long.
3227
3228         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3229
3230 2017-02-23  Filip Pizlo  <fpizlo@apple.com>
3231
3232         SpeculativeJIT::compilePutByValForIntTypedArray should only do the constant-folding optimization when the constant passes the type check
3233         https://bugs.webkit.org/show_bug.cgi?id=168787
3234
3235         Reviewed by Michael Saboff and Mark Lam.
3236
3237         * dfg/DFGSpeculativeJIT.cpp:
3238         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3239
3240 2017-02-23  Mark Lam  <mark.lam@apple.com>
3241
3242         Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
3243         https://bugs.webkit.org/show_bug.cgi?id=168786
3244
3245         Reviewed by Filip Pizlo.
3246
3247         In practice, we will always have multiple instructions after invalidation points,
3248         and have enough room in the JIT buffer for the invalidation point to work with.
3249         However, as a precaution, we can guarantee that there's enough room by always
3250         emitting a label just before we link the buffer.  The label will emit nop padding
3251         if needed.
3252
3253         * assembler/LinkBuffer.cpp:
3254         (JSC::LinkBuffer::linkCode):
3255
3256 2017-02-23  Keith Miller  <keith_miller@apple.com>
3257
3258         Unreviewed, fix the cloop build. Needed a #if.
3259
3260         * jit/ExecutableAllocator.cpp:
3261
3262 2017-02-22  Carlos Garcia Campos  <cgarcia@igalia.com>
3263
3264         Better handle Thread and RunLoop initialization
3265         https://bugs.webkit.org/show_bug.cgi?id=167828
3266
3267         Reviewed by Yusuke Suzuki.
3268
3269         * runtime/InitializeThreading.cpp:
3270         (JSC::initializeThreading): Do not initialize double_conversion, that is already initialized by WTF, and GC
3271         threads that will be initialized by WTF main thread when needed.
3272
3273 2017-02-22  JF Bastien  <jfbastien@apple.com>
3274
3275         WebAssembly: clear out insignificant i32 bits when calling JavaScript
3276         https://bugs.webkit.org/show_bug.cgi?id=166677
3277
3278         Reviewed by Keith Miller.
3279
3280         When WebAssembly calls JavaScript it needs to clear out the
3281         insignificant bits of int32 values:
3282
3283           +------------------- tag
3284           |  +---------------- insignificant
3285           |  |   +------------ 32-bit integer value
3286           |  |   |
3287           |--|---|-------|
3288         0xffff0000ffffffff
3289
3290         At least some JavaScript code assumes that these bits are all
3291         zero. In the wasm-to-wasm.js example we store a 64-bit value in an
3292         object with lo / hi fields, each containing 32-bit integers. We
3293         then load these back, and the baseline compiler fails its
3294         comparison because it first checks the value are the same type
3295         (yes, because the int32 tag is set in both), and then whether they
3296         have the same value (no, because comparing the two registers
3297         fails). We could argue that the baseline compiler is wrong for
3298         performing a 64-bit comparison, but it doesn't really matter
3299         because there's not much of a point in breaking that invariant for
3300         WebAssembly's sake.
3301
3302         * wasm/WasmBinding.cpp:
3303         (JSC::Wasm::wasmToJs):
3304
3305 2017-02-22  Keith Miller  <keith_miller@apple.com>
3306
3307         Remove the demand executable allocator
3308         https://bugs.webkit.org/show_bug.cgi?id=168754
3309
3310         Reviewed by Saam Barati.
3311
3312         We currently only use the demand executable allocator for non-iOS 32-bit platforms.
3313         Benchmark results on a MBP indicate there is no appreciable performance difference
3314         between a the fixed and demand allocators. In a future patch I will go back through
3315         this code and remove more of the abstractions.
3316
3317         * JavaScriptCore.xcodeproj/project.pbxproj:
3318         * jit/ExecutableAllocator.cpp:
3319         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
3320         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
3321         (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
3322         (JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
3323         (JSC::ExecutableAllocator::initializeAllocator):
3324         (JSC::ExecutableAllocator::ExecutableAllocator):
3325         (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
3326         (JSC::ExecutableAllocator::isValid):
3327         (JSC::ExecutableAllocator::underMemoryPressure):
3328         (JSC::ExecutableAllocator::memoryPressureMultiplier):
3329         (JSC::ExecutableAllocator::allocate):
3330         (JSC::ExecutableAllocator::isValidExecutableMemory):
3331         (JSC::ExecutableAllocator::getLock):
3332         (JSC::ExecutableAllocator::committedByteCount):
3333         (JSC::ExecutableAllocator::dumpProfile):
3334         (JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
3335         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
3336         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
3337         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
3338         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
3339         (JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
3340         (JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
3341         (JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
3342         (JSC::DemandExecutableAllocator::allocators): Deleted.
3343         (JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
3344         * jit/ExecutableAllocator.h:
3345         * jit/ExecutableAllocatorFixedVMPool.cpp: Removed.
3346         * jit/JITStubRoutine.h:
3347         (JSC::JITStubRoutine::canPerformRangeFilter):
3348         (JSC::JITStubRoutine::filteringStartAddress):
3349         (JSC::JITStubRoutine::filteringExtentSize):
3350
3351 2017-02-22  Saam Barati  <sbarati@apple.com>
3352
3353         Add biased coloring to Briggs and IRC
3354         https://bugs.webkit.org/show_bug.cgi?id=168611
3355