libllvmForJSC shouldn't call exit(1) on report_fatal_error()
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
2
3         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
4         https://bugs.webkit.org/show_bug.cgi?id=122905
5         <rdar://problem/15237856>
6
7         Reviewed by Michael Saboff.
8         
9         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
10         then always call it to install something that calls CRASH().
11
12         * llvm/InitializeLLVM.cpp:
13         (JSC::llvmCrash):
14         (JSC::initializeLLVMOnce):
15         (JSC::initializeLLVM):
16         * llvm/LLVMAPIFunctions.h:
17
18 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
19
20         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
21         https://bugs.webkit.org/show_bug.cgi?id=122938
22
23         Reviewed by Sam Weinig.
24         
25         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
26
27         * jit/Repatch.cpp:
28         (JSC::tryBuildGetByIDList):
29
30 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
31
32         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
33         https://bugs.webkit.org/show_bug.cgi?id=122937
34
35         Reviewed by Geoffrey Garen.
36         
37         JITStubCall used to do it.
38         
39         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
40
41         * jit/JIT.h:
42         (JSC::JIT::appendCall):
43
44 2013-10-16  Michael Saboff  <msaboff@apple.com>
45
46         transition void cti_op_put_by_val* stubs to JIT operations
47         https://bugs.webkit.org/show_bug.cgi?id=122903
48
49         Reviewed by Geoffrey Garen.
50
51         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
52         operationPutByValGeneric.
53
54         * jit/CCallHelpers.h:
55         (JSC::CCallHelpers::setupArgumentsWithExecState):
56         * jit/JIT.h:
57         * jit/JITInlines.h:
58         (JSC::JIT::callOperation):
59         * jit/JITOperations.cpp:
60         * jit/JITOperations.h:
61         * jit/JITPropertyAccess.cpp:
62         (JSC::JIT::emitSlow_op_put_by_val):
63         (JSC::JIT::privateCompilePutByVal):
64         * jit/JITPropertyAccess32_64.cpp:
65         (JSC::JIT::emitSlow_op_put_by_val):
66         * jit/JITStubs.cpp:
67         * jit/JITStubs.h:
68         * jit/JSInterfaceJIT.h:
69
70 2013-10-16  Oliver Hunt  <oliver@apple.com>
71
72         Implement ES6 spread operator
73         https://bugs.webkit.org/show_bug.cgi?id=122911
74
75         Reviewed by Michael Saboff.
76
77         Implement the ES6 spread operator
78
79         This has a little bit of refactoring to move the enumeration logic out ForOfNode
80         and into BytecodeGenerator, and then adds the logic to make it nicely callback
81         driven.
82
83         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
84         and actually handling the spread.
85
86         * bytecompiler/BytecodeGenerator.cpp:
87         (JSC::BytecodeGenerator::emitNewArray):
88         (JSC::BytecodeGenerator::emitCall):
89         (JSC::BytecodeGenerator::emitEnumeration):
90         * bytecompiler/BytecodeGenerator.h:
91         * bytecompiler/NodesCodegen.cpp:
92         (JSC::ArrayNode::emitBytecode):
93         (JSC::ForOfNode::emitBytecode):
94         (JSC::SpreadExpressionNode::emitBytecode):
95         * parser/ASTBuilder.h:
96         (JSC::ASTBuilder::createSpreadExpression):
97         * parser/Lexer.cpp:
98         (JSC::::lex):
99         * parser/NodeConstructors.h:
100         (JSC::SpreadExpressionNode::SpreadExpressionNode):
101         * parser/Nodes.h:
102         (JSC::ExpressionNode::isSpreadExpression):
103         (JSC::SpreadExpressionNode::expression):
104         * parser/Parser.cpp:
105         (JSC::::parseArrayLiteral):
106         (JSC::::parseArguments):
107         (JSC::::parseMemberExpression):
108         * parser/Parser.h:
109         (JSC::Parser::getTokenName):
110         (JSC::Parser::updateErrorMessageSpecialCase):
111         * parser/ParserTokens.h:
112         * parser/SyntaxChecker.h:
113         (JSC::SyntaxChecker::createSpreadExpression):
114
115 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
116
117         Add a useLLInt option to jsc
118         https://bugs.webkit.org/show_bug.cgi?id=122930
119
120         Reviewed by Geoffrey Garen.
121
122         * runtime/Executable.cpp:
123         (JSC::setupLLInt):
124         (JSC::setupJIT):
125         (JSC::ScriptExecutable::prepareForExecutionImpl):
126         * runtime/Options.h:
127
128 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
129
130         Build fix.
131
132         Forgot to svn add DeferGC.cpp
133
134         * heap/DeferGC.cpp: Added.
135
136 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
137
138         r157411 fails run-javascriptcore-tests when run with Baseline JIT
139         https://bugs.webkit.org/show_bug.cgi?id=122902
140
141         Reviewed by Mark Hahnenberg.
142         
143         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
144         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
145         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
146         didn't. Turns out that there's even a helpful method,
147         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
148
149         * jit/Repatch.cpp:
150         (JSC::tryCachePutByID):
151
152 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
153
154         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
155         https://bugs.webkit.org/show_bug.cgi?id=122667
156
157         Reviewed by Geoffrey Garen.
158
159         The issue this patch is attempting to fix is that there are places in our codebase
160         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
161         operations that can initiate a garbage collection. Garbage collection then calls 
162         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
163         always necessarily run during garbage collection). This causes a deadlock.
164  
165         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
166         into a thread-local field that indicates that it is unsafe to perform any operation 
167         that could trigger garbage collection on the current thread. In debug builds, 
168         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
169         detect deadlocks.
170  
171         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
172         which uses the DeferGC mechanism to prevent collections from occurring while the 
173         lock is held.
174
175         * CMakeLists.txt:
176         * GNUmakefile.list.am:
177         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
178         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
179         * JavaScriptCore.xcodeproj/project.pbxproj:
180         * heap/DeferGC.h:
181         (JSC::DisallowGC::DisallowGC):
182         (JSC::DisallowGC::~DisallowGC):
183         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
184         (JSC::DisallowGC::initialize):
185         * jit/Repatch.cpp:
186         (JSC::repatchPutByID):
187         (JSC::buildPutByIdList):
188         * llint/LLIntSlowPaths.cpp:
189         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
190         * runtime/ConcurrentJITLock.h:
191         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
192         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
193         (JSC::ConcurrentJITLockerBase::unlockEarly):
194         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
195         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
196         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
197         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
198         * runtime/InitializeThreading.cpp:
199         (JSC::initializeThreadingOnce):
200         * runtime/JSCellInlines.h:
201         (JSC::allocateCell):
202         * runtime/JSSymbolTableObject.h:
203         (JSC::symbolTablePut):
204         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
205         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
206         before the caller has a chance to use the newly created PropertyTable. The garbage collection
207         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
208         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
209         the Structure.
210         (JSC::Structure::materializePropertyMap):
211         (JSC::Structure::despecifyDictionaryFunction):
212         (JSC::Structure::changePrototypeTransition):
213         (JSC::Structure::despecifyFunctionTransition):
214         (JSC::Structure::attributeChangeTransition):
215         (JSC::Structure::toDictionaryTransition):
216         (JSC::Structure::preventExtensionsTransition):
217         (JSC::Structure::takePropertyTableOrCloneIfPinned):
218         (JSC::Structure::isSealed):
219         (JSC::Structure::isFrozen):
220         (JSC::Structure::addPropertyWithoutTransition):
221         (JSC::Structure::removePropertyWithoutTransition):
222         (JSC::Structure::get):
223         (JSC::Structure::despecifyFunction):
224         (JSC::Structure::despecifyAllFunctions):
225         (JSC::Structure::putSpecificValue):
226         (JSC::Structure::createPropertyMap):
227         (JSC::Structure::getPropertyNamesFromStructure):
228         * runtime/Structure.h:
229         (JSC::Structure::materializePropertyMapIfNecessary):
230         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
231         * runtime/StructureInlines.h:
232         (JSC::Structure::get):
233         * runtime/SymbolTable.h:
234         (JSC::SymbolTable::find):
235         (JSC::SymbolTable::end):
236
237 2013-10-16  Daniel Bates  <dabates@apple.com>
238
239         Add SPI to disable the garbage collector timer
240         https://bugs.webkit.org/show_bug.cgi?id=122921
241
242         Reviewed by Geoffrey Garen.
243
244         Based on a patch by Mark Hahnenberg.
245
246         * API/JSBase.cpp:
247         (JSDisableGCTimer): Added; SPI function.
248         * API/JSBasePrivate.h:
249         * heap/BlockAllocator.cpp:
250         (JSC::createBlockFreeingThread): Added.
251         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
252         to conditionally create the "block freeing" thread depending on the value of
253         GCActivityCallback::s_shouldCreateGCTimer.
254         (JSC::BlockAllocator::~BlockAllocator):
255         * heap/BlockAllocator.h:
256         (JSC::BlockAllocator::deallocate):
257         * heap/Heap.cpp:
258         (JSC::Heap::didAbandon):
259         (JSC::Heap::collect):
260         (JSC::Heap::didAllocate):
261         * heap/HeapTimer.cpp:
262         (JSC::HeapTimer::timerDidFire):
263         * runtime/GCActivityCallback.cpp:
264         * runtime/GCActivityCallback.h:
265         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
266         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
267         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
268
269 2013-10-16  Commit Queue  <commit-queue@webkit.org>
270
271         Unreviewed, rolling out r157529.
272         http://trac.webkit.org/changeset/157529
273         https://bugs.webkit.org/show_bug.cgi?id=122919
274
275         Caused score test failures and some build failures. (Requested
276         by rfong on #webkit).
277
278         * bytecompiler/BytecodeGenerator.cpp:
279         (JSC::BytecodeGenerator::emitNewArray):
280         (JSC::BytecodeGenerator::emitCall):
281         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
282         * bytecompiler/BytecodeGenerator.h:
283         * bytecompiler/NodesCodegen.cpp:
284         (JSC::ArrayNode::emitBytecode):
285         (JSC::CallArguments::CallArguments):
286         (JSC::ForOfNode::emitBytecode):
287         (JSC::BindingNode::collectBoundIdentifiers):
288         * parser/ASTBuilder.h:
289         * parser/Lexer.cpp:
290         (JSC::::lex):
291         * parser/NodeConstructors.h:
292         (JSC::DotAccessorNode::DotAccessorNode):
293         * parser/Nodes.h:
294         * parser/Parser.cpp:
295         (JSC::::parseArrayLiteral):
296         (JSC::::parseArguments):
297         (JSC::::parseMemberExpression):
298         * parser/Parser.h:
299         (JSC::Parser::getTokenName):
300         (JSC::Parser::updateErrorMessageSpecialCase):
301         * parser/ParserTokens.h:
302         * parser/SyntaxChecker.h:
303
304 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
305
306         Remove useless architecture specific implementation in DFG.
307         https://bugs.webkit.org/show_bug.cgi?id=122917.
308
309         Reviewed by Michael Saboff.
310
311         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
312         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
313
314         * dfg/DFGSpeculativeJIT.h:
315
316 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
317
318         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
319         https://bugs.webkit.org/show_bug.cgi?id=122916.
320
321         Reviewed by Michael Saboff.
322
323         This architecture specific function is not used anymore, so get rid of it.
324
325         * jit/JIT.h:
326         * jit/JITInlines.h:
327
328 2013-10-16  Oliver Hunt  <oliver@apple.com>
329
330         Implement ES6 spread operator
331         https://bugs.webkit.org/show_bug.cgi?id=122911
332
333         Reviewed by Michael Saboff.
334
335         Implement the ES6 spread operator
336
337         This has a little bit of refactoring to move the enumeration logic out ForOfNode
338         and into BytecodeGenerator, and then adds the logic to make it nicely callback
339         driven.
340
341         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
342         and actually handling the spread.
343
344         * bytecompiler/BytecodeGenerator.cpp:
345         (JSC::BytecodeGenerator::emitNewArray):
346         (JSC::BytecodeGenerator::emitCall):
347         (JSC::BytecodeGenerator::emitEnumeration):
348         * bytecompiler/BytecodeGenerator.h:
349         * bytecompiler/NodesCodegen.cpp:
350         (JSC::ArrayNode::emitBytecode):
351         (JSC::ForOfNode::emitBytecode):
352         (JSC::SpreadExpressionNode::emitBytecode):
353         * parser/ASTBuilder.h:
354         (JSC::ASTBuilder::createSpreadExpression):
355         * parser/Lexer.cpp:
356         (JSC::::lex):
357         * parser/NodeConstructors.h:
358         (JSC::SpreadExpressionNode::SpreadExpressionNode):
359         * parser/Nodes.h:
360         (JSC::ExpressionNode::isSpreadExpression):
361         (JSC::SpreadExpressionNode::expression):
362         * parser/Parser.cpp:
363         (JSC::::parseArrayLiteral):
364         (JSC::::parseArguments):
365         (JSC::::parseMemberExpression):
366         * parser/Parser.h:
367         (JSC::Parser::getTokenName):
368         (JSC::Parser::updateErrorMessageSpecialCase):
369         * parser/ParserTokens.h:
370         * parser/SyntaxChecker.h:
371         (JSC::SyntaxChecker::createSpreadExpression):
372
373 2013-10-16  Mark Lam  <mark.lam@apple.com>
374
375         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
376         https://bugs.webkit.org/show_bug.cgi?id=122899.
377
378         Reviewed by Michael Saboff.
379
380         * jit/JITOpcodes32_64.cpp:
381         (JSC::JIT::emit_op_tear_off_activation):
382         (JSC::JIT::emit_op_tear_off_arguments):
383         * jit/JITStubs.cpp:
384         * jit/JITStubs.h:
385
386 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
387
388         Remove more of the UNINTERRUPTED_SEQUENCE thing
389         https://bugs.webkit.org/show_bug.cgi?id=122885
390
391         Reviewed by Andreas Kling.
392
393         It was not completely removed by r157481, leading to build failure for sh4 architecture.
394
395         * jit/JIT.h:
396         * jit/JITInlines.h:
397
398 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
399
400         Get rid of the StructureStubInfo::patch union
401         https://bugs.webkit.org/show_bug.cgi?id=122877
402
403         Reviewed by Sam Weinig.
404         
405         Just simplifying code by getting rid of data structures that ain't used no more.
406         
407         Note that I replace the patch union with a patch struct. This means we say things like
408         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
409         encapsulation makes the code more readable: the patch struct contains just those things
410         that you need to know to perform patching.
411
412         * bytecode/StructureStubInfo.h:
413         * dfg/DFGJITCompiler.cpp:
414         (JSC::DFG::JITCompiler::link):
415         * jit/JIT.cpp:
416         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
417         * jit/Repatch.cpp:
418         (JSC::repatchByIdSelfAccess):
419         (JSC::replaceWithJump):
420         (JSC::linkRestoreScratch):
421         (JSC::generateProtoChainAccessStub):
422         (JSC::tryCacheGetByID):
423         (JSC::getPolymorphicStructureList):
424         (JSC::patchJumpToGetByIdStub):
425         (JSC::tryBuildGetByIDList):
426         (JSC::emitPutReplaceStub):
427         (JSC::emitPutTransitionStub):
428         (JSC::tryCachePutByID):
429         (JSC::tryBuildPutByIdList):
430         (JSC::tryRepatchIn):
431         (JSC::resetGetByID):
432         (JSC::resetPutByID):
433         (JSC::resetIn):
434
435 2013-10-15  Nadav Rotem  <nrotem@apple.com>
436
437         FTL: add support for Int52ToValue and fix putByVal of int52s.
438         https://bugs.webkit.org/show_bug.cgi?id=122873
439
440         Reviewed by Filip Pizlo.
441
442         * ftl/FTLCapabilities.cpp:
443         (JSC::FTL::canCompile):
444         * ftl/FTLLowerDFGToLLVM.cpp:
445         (JSC::FTL::LowerDFGToLLVM::compileNode):
446         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
447         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
448
449 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
450
451         Get rid of the UNINTERRUPTED_SEQUENCE thing
452         https://bugs.webkit.org/show_bug.cgi?id=122876
453
454         Reviewed by Mark Hahnenberg.
455         
456         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
457         
458         Moreover, we should resist the temptation to bring anything like this back. We don't
459         want to have inline caches that only work if the assembler lays out code in a specific
460         predetermined way.
461
462         * jit/JIT.h:
463         * jit/JITCall.cpp:
464         (JSC::JIT::compileOpCall):
465         * jit/JITCall32_64.cpp:
466         (JSC::JIT::compileOpCall):
467
468 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
469
470         Baseline JIT should use the DFG GetById IC
471         https://bugs.webkit.org/show_bug.cgi?id=122861
472
473         Reviewed by Oliver Hunt.
474         
475         This mostly just kills a ton of code.
476         
477         Note that this doesn't yet do all of the simplifications that can be done, but it does
478         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
479
480         * bytecode/CodeBlock.cpp:
481         (JSC::CodeBlock::resetStubInternal):
482         * jit/JIT.cpp:
483         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
484         * jit/JIT.h:
485         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
486         * jit/JITInlines.h:
487         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
488         (JSC::JIT::callOperation):
489         * jit/JITPropertyAccess.cpp:
490         (JSC::JIT::compileGetByIdHotPath):
491         (JSC::JIT::emitSlow_op_get_by_id):
492         (JSC::JIT::emitSlow_op_get_from_scope):
493         * jit/JITPropertyAccess32_64.cpp:
494         (JSC::JIT::compileGetByIdHotPath):
495         (JSC::JIT::emitSlow_op_get_by_id):
496         (JSC::JIT::emitSlow_op_get_from_scope):
497         * jit/JITStubs.cpp:
498         * jit/JITStubs.h:
499         * jit/Repatch.cpp:
500         (JSC::repatchGetByID):
501         (JSC::buildGetByIDList):
502         * jit/ThunkGenerators.cpp:
503         * jit/ThunkGenerators.h:
504
505 2013-10-15  Dean Jackson  <dino@apple.com>
506
507         Add ENABLE_WEB_ANIMATIONS flag
508         https://bugs.webkit.org/show_bug.cgi?id=122871
509
510         Reviewed by Tim Horton.
511
512         Eventually might be http://dev.w3.org/fxtf/web-animations/
513         but this is just engine-internal work at the moment.
514
515         * Configurations/FeatureDefines.xcconfig:
516
517 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
518
519         [sh4] Some calls don't match sh4 ABI.
520         https://bugs.webkit.org/show_bug.cgi?id=122863
521
522         Reviewed by Michael Saboff.
523
524         * dfg/DFGSpeculativeJIT.h:
525         (JSC::DFG::SpeculativeJIT::callOperation):
526         * jit/CCallHelpers.h:
527         (JSC::CCallHelpers::setupArgumentsWithExecState):
528         * jit/JITInlines.h:
529         (JSC::JIT::callOperation):
530
531 2013-10-15  Daniel Bates  <dabates@apple.com>
532
533         [iOS] Upstream JavaScriptCore support for ARM64
534         https://bugs.webkit.org/show_bug.cgi?id=122762
535
536         Reviewed by Oliver Hunt and Filip Pizlo.
537
538         * Configurations/Base.xcconfig:
539         * Configurations/DebugRelease.xcconfig:
540         * Configurations/JavaScriptCore.xcconfig:
541         * Configurations/ToolExecutable.xcconfig:
542         * JavaScriptCore.xcodeproj/project.pbxproj:
543         * assembler/ARM64Assembler.h: Added.
544         * assembler/AbstractMacroAssembler.h:
545         (JSC::isARM64):
546         (JSC::AbstractMacroAssembler::Label::Label):
547         (JSC::AbstractMacroAssembler::Jump::Jump):
548         (JSC::AbstractMacroAssembler::Jump::link):
549         (JSC::AbstractMacroAssembler::Jump::linkTo):
550         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
551         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
552         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
553         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
554         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
555         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
556         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
557         (JSC::AbstractMacroAssembler::isTempRegisterValid):
558         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
559         (JSC::AbstractMacroAssembler::setTempRegisterValid):
560         * assembler/LinkBuffer.cpp:
561         (JSC::LinkBuffer::copyCompactAndLinkCode):
562         (JSC::LinkBuffer::linkCode):
563         * assembler/LinkBuffer.h:
564         * assembler/MacroAssembler.h:
565         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
566         (JSC::MacroAssembler::pushToSave):
567         (JSC::MacroAssembler::popToRestore):
568         (JSC::MacroAssembler::patchableBranchTest32):
569         * assembler/MacroAssemblerARM64.h: Added.
570         * assembler/MacroAssemblerARMv7.h:
571         * dfg/DFGFixupPhase.cpp:
572         (JSC::DFG::FixupPhase::fixupNode):
573         * dfg/DFGOSRExitCompiler32_64.cpp:
574         (JSC::DFG::OSRExitCompiler::compileExit):
575         * dfg/DFGOSRExitCompiler64.cpp:
576         (JSC::DFG::OSRExitCompiler::compileExit):
577         * dfg/DFGSpeculativeJIT.cpp:
578         (JSC::DFG::SpeculativeJIT::compileArithDiv):
579         (JSC::DFG::SpeculativeJIT::compileArithMod):
580         * disassembler/ARM64/A64DOpcode.cpp: Added.
581         * disassembler/ARM64/A64DOpcode.h: Added.
582         * disassembler/ARM64Disassembler.cpp: Added.
583         * heap/MachineStackMarker.cpp:
584         (JSC::getPlatformThreadRegisters):
585         (JSC::otherThreadStackPointer):
586         * heap/Region.h:
587         * jit/AssemblyHelpers.h:
588         (JSC::AssemblyHelpers::debugCall):
589         * jit/CCallHelpers.h:
590         * jit/ExecutableAllocator.h:
591         * jit/FPRInfo.h:
592         (JSC::FPRInfo::toRegister):
593         (JSC::FPRInfo::toIndex):
594         (JSC::FPRInfo::debugName):
595         * jit/GPRInfo.h:
596         (JSC::GPRInfo::toRegister):
597         (JSC::GPRInfo::toIndex):
598         (JSC::GPRInfo::debugName):
599         * jit/JITInlines.h:
600         (JSC::JIT::restoreArgumentReferenceForTrampoline):
601         * jit/JITOperationWrappers.h:
602         * jit/JITOperations.cpp:
603         * jit/JITStubs.cpp:
604         (JSC::performPlatformSpecificJITAssertions):
605         (JSC::tryCachePutByID):
606         * jit/JITStubs.h:
607         (JSC::JITStackFrame::returnAddressSlot):
608         * jit/JITStubsARM64.h: Added.
609         * jit/JSInterfaceJIT.h:
610         * jit/Repatch.cpp:
611         (JSC::emitRestoreScratch):
612         (JSC::generateProtoChainAccessStub):
613         (JSC::tryCacheGetByID):
614         (JSC::emitPutReplaceStub):
615         (JSC::tryCachePutByID):
616         (JSC::tryRepatchIn):
617         * jit/ScratchRegisterAllocator.h:
618         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
619         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
620         * jit/ThunkGenerators.cpp:
621         (JSC::nativeForGenerator):
622         (JSC::floorThunkGenerator):
623         (JSC::ceilThunkGenerator):
624         * jsc.cpp:
625         (main):
626         * llint/LLIntOfflineAsmConfig.h:
627         * llint/LLIntSlowPaths.cpp:
628         (JSC::LLInt::handleHostCall):
629         * llint/LowLevelInterpreter.asm:
630         * llint/LowLevelInterpreter64.asm:
631         * offlineasm/arm.rb:
632         * offlineasm/arm64.rb: Added.
633         * offlineasm/backends.rb:
634         * offlineasm/instructions.rb:
635         * offlineasm/risc.rb:
636         * offlineasm/transform.rb:
637         * yarr/YarrJIT.cpp:
638         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
639         (JSC::Yarr::YarrGenerator::initCallFrame):
640         (JSC::Yarr::YarrGenerator::removeCallFrame):
641         (JSC::Yarr::YarrGenerator::generateEnter):
642         * yarr/YarrJIT.h:
643
644 2013-10-15  Mark Lam  <mark.lam@apple.com>
645
646         Fix 3 operand sub operation in C loop LLINT.
647         https://bugs.webkit.org/show_bug.cgi?id=122866.
648
649         Reviewed by Geoffrey Garen.
650
651         * offlineasm/cloop.rb:
652
653 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
654
655         ObjCCallbackFunctionImpl shouldn't store a JSContext
656         https://bugs.webkit.org/show_bug.cgi?id=122531
657
658         Reviewed by Geoffrey Garen.
659
660         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
661         in the common case. It's also no longer necessary in that we can look up the current JSContext 
662         by looking using the globalObject of the callee when the function callback is invoked.
663  
664         Also added a new test that would cause us to crash previously. The test required making 
665         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
666         in C API callbacks.
667
668         * API/JSContextRef.h:
669         * API/JSContextRefPrivate.h:
670         * API/ObjCCallbackFunction.mm:
671         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
672         (JSC::objCCallbackFunctionCallAsFunction):
673         (objCCallbackFunctionForInvocation):
674         * API/WebKitAvailability.h:
675         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
676         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
677         (CallAsConstructor):
678         (ConstructorFinalize):
679         (ConstructorClass):
680         (+[JSValue valueWithConstructorDescriptor:inContext:]):
681         (-[JSContext valueWithConstructorDescriptor:]):
682         (currentThisInsideBlockGetterTest):
683         * API/tests/testapi.mm:
684         * JavaScriptCore.xcodeproj/project.pbxproj:
685         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
686
687 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
688
689         Fix build after r157457 for architecture with 4 argument registers.
690         https://bugs.webkit.org/show_bug.cgi?id=122860
691
692         Reviewed by Michael Saboff.
693
694         * jit/CCallHelpers.h:
695         (JSC::CCallHelpers::setupStubArguments134):
696
697 2013-10-14  Michael Saboff  <msaboff@apple.com>
698
699         transition void cti_op_* methods to JIT operations.
700         https://bugs.webkit.org/show_bug.cgi?id=122617
701
702         Reviewed by Geoffrey Garen.
703
704         Converted the follow stubs to JIT operations:
705             cti_handle_watchdog_timer
706             cti_op_debug
707             cti_op_pop_scope
708             cti_op_profile_did_call
709             cti_op_profile_will_call
710             cti_op_put_by_index
711             cti_op_put_getter_setter
712             cti_op_tear_off_activation
713             cti_op_tear_off_arguments
714             cti_op_throw_static_error
715             cti_optimize
716
717         * dfg/DFGOperations.cpp:
718         * dfg/DFGOperations.h:
719         * jit/CCallHelpers.h:
720         (JSC::CCallHelpers::setupArgumentsWithExecState):
721         (JSC::CCallHelpers::setupThreeStubArgsGPR):
722         (JSC::CCallHelpers::setupStubArguments):
723         (JSC::CCallHelpers::setupStubArguments134):
724         * jit/JIT.cpp:
725         (JSC::JIT::emitEnterOptimizationCheck):
726         * jit/JIT.h:
727         * jit/JITInlines.h:
728         (JSC::JIT::callOperation):
729         * jit/JITOpcodes.cpp:
730         (JSC::JIT::emit_op_tear_off_activation):
731         (JSC::JIT::emit_op_tear_off_arguments):
732         (JSC::JIT::emit_op_push_with_scope):
733         (JSC::JIT::emit_op_pop_scope):
734         (JSC::JIT::emit_op_push_name_scope):
735         (JSC::JIT::emit_op_throw_static_error):
736         (JSC::JIT::emit_op_debug):
737         (JSC::JIT::emit_op_profile_will_call):
738         (JSC::JIT::emit_op_profile_did_call):
739         (JSC::JIT::emitSlow_op_loop_hint):
740         * jit/JITOpcodes32_64.cpp:
741         (JSC::JIT::emit_op_push_with_scope):
742         (JSC::JIT::emit_op_pop_scope):
743         (JSC::JIT::emit_op_push_name_scope):
744         (JSC::JIT::emit_op_throw_static_error):
745         (JSC::JIT::emit_op_debug):
746         (JSC::JIT::emit_op_profile_will_call):
747         (JSC::JIT::emit_op_profile_did_call):
748         * jit/JITOperations.cpp:
749         * jit/JITOperations.h:
750         * jit/JITPropertyAccess.cpp:
751         (JSC::JIT::emit_op_put_by_index):
752         (JSC::JIT::emit_op_put_getter_setter):
753         * jit/JITPropertyAccess32_64.cpp:
754         (JSC::JIT::emit_op_put_by_index):
755         (JSC::JIT::emit_op_put_getter_setter):
756         * jit/JITStubs.cpp:
757         * jit/JITStubs.h:
758
759 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
760
761         [sh4] Introduce const pools in LLINT.
762         https://bugs.webkit.org/show_bug.cgi?id=122746
763
764         Reviewed by Michael Saboff.
765
766         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
767         loaded this way:
768
769             mov.l .label, rx
770             bra out
771             nop
772             .balign 4
773             .label: .long immvalue
774             out:
775
776         This change introduces const pools for sh4 implementation to avoid lots of useless branches
777         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
778
779         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
780         * offlineasm/sh4.rb:
781
782 2013-10-15  Mark Lam  <mark.lam@apple.com>
783
784         Fix broken C Loop LLINT build.
785         https://bugs.webkit.org/show_bug.cgi?id=122839.
786
787         Reviewed by Michael Saboff.
788
789         * dfg/DFGFlushedAt.cpp:
790         * jit/JITOperations.h:
791
792 2013-10-14  Mark Lam  <mark.lam@apple.com>
793
794         Transition *switch* and *scope* JITStubs to JIT operations.
795         https://bugs.webkit.org/show_bug.cgi?id=122757.
796
797         Reviewed by Geoffrey Garen.
798
799         Transitioning:
800             cti_op_switch_char
801             cti_op_switch_imm
802             cti_op_switch_string
803             cti_op_resolve_scope
804             cti_op_get_from_scope
805             cti_op_put_to_scope
806
807         * jit/JIT.h:
808         * jit/JITInlines.h:
809         (JSC::JIT::callOperation):
810         * jit/JITOpcodes.cpp:
811         (JSC::JIT::emit_op_switch_imm):
812         (JSC::JIT::emit_op_switch_char):
813         (JSC::JIT::emit_op_switch_string):
814         * jit/JITOpcodes32_64.cpp:
815         (JSC::JIT::emit_op_switch_imm):
816         (JSC::JIT::emit_op_switch_char):
817         (JSC::JIT::emit_op_switch_string):
818         * jit/JITOperations.cpp:
819         * jit/JITOperations.h:
820         * jit/JITPropertyAccess.cpp:
821         (JSC::JIT::emitSlow_op_resolve_scope):
822         (JSC::JIT::emitSlow_op_get_from_scope):
823         (JSC::JIT::emitSlow_op_put_to_scope):
824         * jit/JITPropertyAccess32_64.cpp:
825         (JSC::JIT::emitSlow_op_resolve_scope):
826         (JSC::JIT::emitSlow_op_get_from_scope):
827         (JSC::JIT::emitSlow_op_put_to_scope):
828         * jit/JITStubs.cpp:
829         * jit/JITStubs.h:
830
831 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
832
833         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
834         https://bugs.webkit.org/show_bug.cgi?id=122786
835
836         Reviewed by Mark Hahnenberg.
837
838         * bytecode/CodeBlock.cpp:
839         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
840         * jit/Repatch.cpp:
841         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
842         (JSC::buildPutByIdList): Ditto.
843
844 2013-10-14  Nadav Rotem  <nrotem@apple.com>
845
846         Add FTL support for LogicalNot(string)
847         https://bugs.webkit.org/show_bug.cgi?id=122765
848
849         Reviewed by Filip Pizlo.
850
851         This patch is tested by:
852         regress/script-tests/emscripten-cube2hash.js.ftl-eager
853
854         * ftl/FTLCapabilities.cpp:
855         (JSC::FTL::canCompile):
856         * ftl/FTLLowerDFGToLLVM.cpp:
857         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
858
859 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
860
861         [sh4] Fixes after r157404 and r157411.
862         https://bugs.webkit.org/show_bug.cgi?id=122782
863
864         Reviewed by Michael Saboff.
865
866         * dfg/DFGSpeculativeJIT.h:
867         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
868         * jit/CCallHelpers.h:
869         (JSC::CCallHelpers::setupArgumentsWithExecState):
870         * jit/JITInlines.h:
871         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
872         * jit/JITPropertyAccess32_64.cpp:
873         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
874
875 2013-10-14  Commit Queue  <commit-queue@webkit.org>
876
877         Unreviewed, rolling out r157413.
878         http://trac.webkit.org/changeset/157413
879         https://bugs.webkit.org/show_bug.cgi?id=122779
880
881         Appears to have caused frequent crashes (Requested by ap on
882         #webkit).
883
884         * CMakeLists.txt:
885         * GNUmakefile.list.am:
886         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
887         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
888         * JavaScriptCore.xcodeproj/project.pbxproj:
889         * heap/DeferGC.cpp: Removed.
890         * heap/DeferGC.h:
891         * jit/JITStubs.cpp:
892         (JSC::tryCacheGetByID):
893         (JSC::DEFINE_STUB_FUNCTION):
894         * llint/LLIntSlowPaths.cpp:
895         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
896         * runtime/ConcurrentJITLock.h:
897         * runtime/InitializeThreading.cpp:
898         (JSC::initializeThreadingOnce):
899         * runtime/JSCellInlines.h:
900         (JSC::allocateCell):
901         * runtime/Structure.cpp:
902         (JSC::Structure::materializePropertyMap):
903         (JSC::Structure::putSpecificValue):
904         (JSC::Structure::createPropertyMap):
905         * runtime/Structure.h:
906
907 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
908
909         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
910         https://bugs.webkit.org/show_bug.cgi?id=122652
911
912         Reviewed by Filip Pizlo.
913
914         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
915         so we would end up ASSERTing during garbage collection.
916
917         * heap/MarkedAllocator.cpp:
918         (JSC::MarkedAllocator::allocateSlowCase):
919
920 2013-10-11  Oliver Hunt  <oliver@apple.com>
921
922         Separate out array iteration intrinsics
923         https://bugs.webkit.org/show_bug.cgi?id=122656
924
925         Reviewed by Michael Saboff.
926
927         Separate out the intrinsics for key and values iteration
928         of arrays.
929
930         This requires moving moving array iteration into the iterator
931         instance, rather than the prototype, but this is essentially
932         unobservable so we'll live with it for now.
933
934         * jit/ThunkGenerators.cpp:
935         (JSC::arrayIteratorNextThunkGenerator):
936         (JSC::arrayIteratorNextKeyThunkGenerator):
937         (JSC::arrayIteratorNextValueThunkGenerator):
938         * jit/ThunkGenerators.h:
939         * runtime/ArrayIteratorPrototype.cpp:
940         (JSC::ArrayIteratorPrototype::finishCreation):
941         * runtime/Intrinsic.h:
942         * runtime/JSArrayIterator.cpp:
943         (JSC::JSArrayIterator::finishCreation):
944         (JSC::createIteratorResult):
945         (JSC::arrayIteratorNext):
946         (JSC::arrayIteratorNextKey):
947         (JSC::arrayIteratorNextValue):
948         (JSC::arrayIteratorNextGeneric):
949         * runtime/VM.cpp:
950         (JSC::thunkGeneratorForIntrinsic):
951
952 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
953
954         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
955         https://bugs.webkit.org/show_bug.cgi?id=122667
956
957         Reviewed by Filip Pizlo.
958
959         The issue this patch is attempting to fix is that there are places in our codebase
960         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
961         operations that can initiate a garbage collection. Garbage collection then calls 
962         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
963         always necessarily run during garbage collection). This causes a deadlock.
964
965         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
966         into a thread-local field that indicates that it is unsafe to perform any operation 
967         that could trigger garbage collection on the current thread. In debug builds, 
968         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
969         detect deadlocks.
970
971         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
972         which uses the DeferGC mechanism to prevent collections from occurring while the 
973         lock is held.
974
975         * CMakeLists.txt:
976         * GNUmakefile.list.am:
977         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
978         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
979         * JavaScriptCore.xcodeproj/project.pbxproj:
980         * heap/DeferGC.cpp: Added.
981         * heap/DeferGC.h:
982         (JSC::DisallowGC::DisallowGC):
983         (JSC::DisallowGC::~DisallowGC):
984         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
985         (JSC::DisallowGC::initialize):
986         * jit/JITStubs.cpp:
987         (JSC::tryCachePutByID):
988         (JSC::tryCacheGetByID):
989         (JSC::DEFINE_STUB_FUNCTION):
990         * llint/LLIntSlowPaths.cpp:
991         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
992         * runtime/ConcurrentJITLock.h:
993         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
994         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
995         (JSC::ConcurrentJITLockerBase::unlockEarly):
996         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
997         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
998         * runtime/InitializeThreading.cpp:
999         (JSC::initializeThreadingOnce):
1000         * runtime/JSCellInlines.h:
1001         (JSC::allocateCell):
1002         * runtime/Structure.cpp:
1003         (JSC::Structure::materializePropertyMap):
1004         (JSC::Structure::putSpecificValue):
1005         (JSC::Structure::createPropertyMap):
1006         * runtime/Structure.h:
1007
1008 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
1009
1010         Baseline JIT should use the DFG's PutById IC
1011         https://bugs.webkit.org/show_bug.cgi?id=122704
1012
1013         Reviewed by Mark Hahnenberg.
1014         
1015         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
1016         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
1017         
1018         The only complicated part was that the PutById operations assumed that we first did a
1019         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
1020         slow paths to deal with EncodedJSValue's.
1021
1022         * bytecode/CodeBlock.cpp:
1023         (JSC::CodeBlock::resetStubInternal):
1024         * bytecode/PutByIdStatus.cpp:
1025         (JSC::PutByIdStatus::computeFor):
1026         * dfg/DFGSpeculativeJIT.h:
1027         (JSC::DFG::SpeculativeJIT::callOperation):
1028         * dfg/DFGSpeculativeJIT32_64.cpp:
1029         (JSC::DFG::SpeculativeJIT::cachedPutById):
1030         * dfg/DFGSpeculativeJIT64.cpp:
1031         (JSC::DFG::SpeculativeJIT::cachedPutById):
1032         * jit/CCallHelpers.h:
1033         (JSC::CCallHelpers::setupArgumentsWithExecState):
1034         * jit/JIT.cpp:
1035         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1036         * jit/JIT.h:
1037         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
1038         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
1039         * jit/JITInlines.h:
1040         (JSC::JIT::callOperation):
1041         * jit/JITOperationWrappers.h:
1042         * jit/JITOperations.cpp:
1043         * jit/JITOperations.h:
1044         * jit/JITPropertyAccess.cpp:
1045         (JSC::JIT::compileGetByIdHotPath):
1046         (JSC::JIT::compileGetByIdSlowCase):
1047         (JSC::JIT::emit_op_put_by_id):
1048         (JSC::JIT::emitSlow_op_put_by_id):
1049         * jit/JITPropertyAccess32_64.cpp:
1050         (JSC::JIT::compileGetByIdSlowCase):
1051         (JSC::JIT::emit_op_put_by_id):
1052         (JSC::JIT::emitSlow_op_put_by_id):
1053         * jit/JITStubs.cpp:
1054         * jit/JITStubs.h:
1055         * jit/Repatch.cpp:
1056         (JSC::appropriateGenericPutByIdFunction):
1057         (JSC::appropriateListBuildingPutByIdFunction):
1058         (JSC::resetPutByID):
1059
1060 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
1061
1062         FTL should have an inefficient but correct implementation of GetById
1063         https://bugs.webkit.org/show_bug.cgi?id=122740
1064
1065         Reviewed by Mark Hahnenberg.
1066         
1067         It took some effort to realize that the node->prediction() check in the DFG backends
1068         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
1069         if !prediction.
1070         
1071         But other than that this was an easy patch.
1072
1073         * dfg/DFGByteCodeParser.cpp:
1074         (JSC::DFG::ByteCodeParser::handleGetById):
1075         * dfg/DFGSpeculativeJIT32_64.cpp:
1076         (JSC::DFG::SpeculativeJIT::compile):
1077         * dfg/DFGSpeculativeJIT64.cpp:
1078         (JSC::DFG::SpeculativeJIT::compile):
1079         * ftl/FTLCapabilities.cpp:
1080         (JSC::FTL::canCompile):
1081         * ftl/FTLIntrinsicRepository.h:
1082         * ftl/FTLLowerDFGToLLVM.cpp:
1083         (JSC::FTL::LowerDFGToLLVM::compileNode):
1084         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1085
1086 2013-10-13  Mark Lam  <mark.lam@apple.com>
1087
1088         Transition misc cti_op_* JITStubs to JIT operations.
1089         https://bugs.webkit.org/show_bug.cgi?id=122645.
1090
1091         Reviewed by Michael Saboff.
1092
1093         Stubs converted:
1094             cti_op_check_has_instance
1095             cti_op_create_arguments
1096             cti_op_del_by_id
1097             cti_op_instanceof
1098             cti_to_object
1099             cti_op_push_activation
1100             cti_op_get_pnames
1101             cti_op_load_varargs
1102
1103         * dfg/DFGOperations.cpp:
1104         * dfg/DFGOperations.h:
1105         * jit/CCallHelpers.h:
1106         (JSC::CCallHelpers::setupArgumentsWithExecState):
1107         * jit/JIT.h:
1108         (JSC::JIT::emitStoreCell):
1109         * jit/JITCall.cpp:
1110         (JSC::JIT::compileLoadVarargs):
1111         * jit/JITCall32_64.cpp:
1112         (JSC::JIT::compileLoadVarargs):
1113         * jit/JITInlines.h:
1114         (JSC::JIT::callOperation):
1115         * jit/JITOpcodes.cpp:
1116         (JSC::JIT::emit_op_get_pnames):
1117         (JSC::JIT::emit_op_create_activation):
1118         (JSC::JIT::emit_op_create_arguments):
1119         (JSC::JIT::emitSlow_op_check_has_instance):
1120         (JSC::JIT::emitSlow_op_instanceof):
1121         (JSC::JIT::emitSlow_op_get_argument_by_val):
1122         * jit/JITOpcodes32_64.cpp:
1123         (JSC::JIT::emitSlow_op_check_has_instance):
1124         (JSC::JIT::emitSlow_op_instanceof):
1125         (JSC::JIT::emit_op_get_pnames):
1126         (JSC::JIT::emit_op_create_activation):
1127         (JSC::JIT::emit_op_create_arguments):
1128         (JSC::JIT::emitSlow_op_get_argument_by_val):
1129         * jit/JITOperations.cpp:
1130         * jit/JITOperations.h:
1131         * jit/JITPropertyAccess.cpp:
1132         (JSC::JIT::emit_op_del_by_id):
1133         * jit/JITPropertyAccess32_64.cpp:
1134         (JSC::JIT::emit_op_del_by_id):
1135         * jit/JITStubs.cpp:
1136         * jit/JITStubs.h:
1137
1138 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
1139
1140         FTL OSR exit should perform zero extension on values smaller than 64-bit
1141         https://bugs.webkit.org/show_bug.cgi?id=122688
1142
1143         Reviewed by Gavin Barraclough.
1144         
1145         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
1146         register will have zeros on the high bits.  In the few cases where the high bits are
1147         non-zero, the DFG sort of tells us this explicitly.
1148
1149         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
1150         emit LLVM IR like:
1151
1152             %2 = trunc i64 %1 to i32
1153             stuff %2
1154             call @llvm.webkit.stackmap(...., %2)
1155
1156         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
1157         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
1158         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
1159         from before truncation, and that register may have garbage in the high bits.
1160
1161         This means that on our end, if we want a 32-bit value and we want that value to be
1162         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
1163         cheap, so we should just do it and not make it a requirement that LLVM does it on its
1164         end.
1165         
1166         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
1167
1168         * ftl/FTLOSRExitCompiler.cpp:
1169         (JSC::FTL::compileStubWithOSRExitStackmap):
1170         * ftl/FTLValueFormat.cpp:
1171         (JSC::FTL::reboxAccordingToFormat):
1172
1173 == Rolled over to ChangeLog-2013-10-13 ==