46cdcd8565e1085eab06f95d274b54cb32bedd41
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
2
3         Move the Liveness<> adapters from AirLiveness.h to AirLivenessAdapter.h.
4
5         Rubber stamped by Keith Miller.
6         
7         This will make it easier to write other code that uses those adapters.
8
9         * JavaScriptCore.xcodeproj/project.pbxproj:
10         * b3/air/AirLiveness.h:
11         (JSC::B3::Air::LivenessAdapter::LivenessAdapter): Deleted.
12         (JSC::B3::Air::LivenessAdapter::blockSize): Deleted.
13         (JSC::B3::Air::LivenessAdapter::forEachUse): Deleted.
14         (JSC::B3::Air::LivenessAdapter::forEachDef): Deleted.
15         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter): Deleted.
16         (JSC::B3::Air::TmpLivenessAdapter::numIndices): Deleted.
17         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank): Deleted.
18         (JSC::B3::Air::TmpLivenessAdapter::acceptsRole): Deleted.
19         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex): Deleted.
20         (JSC::B3::Air::TmpLivenessAdapter::indexToValue): Deleted.
21         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter): Deleted.
22         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices): Deleted.
23         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank): Deleted.
24         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole): Deleted.
25         (JSC::B3::Air::StackSlotLivenessAdapter::valueToIndex): Deleted.
26         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue): Deleted.
27         * b3/air/AirLivenessAdapter.h: Added.
28         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
29         (JSC::B3::Air::LivenessAdapter::blockSize):
30         (JSC::B3::Air::LivenessAdapter::forEachUse):
31         (JSC::B3::Air::LivenessAdapter::forEachDef):
32         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
33         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
34         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
35         (JSC::B3::Air::TmpLivenessAdapter::acceptsRole):
36         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
37         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
38         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
39         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
40         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
41         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole):
42         (JSC::B3::Air::StackSlotLivenessAdapter::valueToIndex):
43         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
44
45 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
46
47         WTF::Liveness should have an API that focuses on actions at instruction boundaries
48         https://bugs.webkit.org/show_bug.cgi?id=170407
49
50         Reviewed by Keith Miller.
51         
52         Adopt changes to the WTF::Liveness<> API. Instead of having separate functions for the
53         early/late versions of uses and defs, we now have just a use/def API. Those
54         automatically take care of eary/late issues as needed.
55         
56         This reduces the API surface between WTF::Liveness<> and its clients, which makes it
57         easier to implement some other optimizations I'm thinking about.
58
59         * b3/B3VariableLiveness.h:
60         (JSC::B3::VariableLivenessAdapter::forEachUse):
61         (JSC::B3::VariableLivenessAdapter::forEachDef):
62         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse): Deleted.
63         (JSC::B3::VariableLivenessAdapter::forEachLateUse): Deleted.
64         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef): Deleted.
65         (JSC::B3::VariableLivenessAdapter::forEachLateDef): Deleted.
66         * b3/air/AirLiveness.h:
67         (JSC::B3::Air::LivenessAdapter::blockSize):
68         (JSC::B3::Air::LivenessAdapter::forEachUse):
69         (JSC::B3::Air::LivenessAdapter::forEachDef):
70         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse): Deleted.
71         (JSC::B3::Air::LivenessAdapter::forEachLateUse): Deleted.
72         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef): Deleted.
73         (JSC::B3::Air::LivenessAdapter::forEachLateDef): Deleted.
74
75 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
76
77         Inst::forEachArg could compile to more compact code
78         https://bugs.webkit.org/show_bug.cgi?id=170406
79
80         Reviewed by Sam Weinig.
81         
82         Prior to this change, Inst::forEachArg compiled to a ginormous ALWAYS_INLINE switch statement.
83         It had one case for each opcode, and then each of those cases would have a switch statement over
84         the number of operands. Then the cases of that switch statement would have a sequence of calls to
85         the passed lambda. This meant that every user of forEachArg would generate an insane amount of
86         code. It also meant that the inlining achieved nothing, since the lambda would surely then not
87         be inlined - and if it was, then the icache pressure due to code bloat would surely negate any
88         benefits.
89         
90         This replaces that code with a loop over a compact look-up table. We use the opcode and number of
91         operands as keys into that look-up table. The table only takes about 20KB. It has one byte for
92         each argument in each overload of each opcode.
93         
94         I can't measure any reproducible change in performance, but the JavaScriptCore framework binary
95         shrinks by 2.7 MB. This is a 15% reduction in JavaScriptCore binary size.
96
97         * JavaScriptCore.xcodeproj/project.pbxproj:
98         * b3/B3Width.h:
99         * b3/air/AirCustom.h:
100         (JSC::B3::Air::PatchCustom::forEachArg):
101         * b3/air/AirFormTable.h: Added.
102         (JSC::B3::Air::decodeFormRole):
103         (JSC::B3::Air::decodeFormBank):
104         (JSC::B3::Air::decodeFormWidth):
105         * b3/air/AirInst.h:
106         * b3/air/opcode_generator.rb:
107
108 2017-04-03  Keith Miller  <keith_miller@apple.com>
109
110         WebAssembly: remove lastAllocatedMode from Memory
111         https://bugs.webkit.org/show_bug.cgi?id=170405
112
113         Reviewed by Mark Lam.
114
115         It's not used anymore so there isn't any point in keeping it around.
116
117         * wasm/WasmMemory.cpp:
118         (JSC::Wasm::Memory::createImpl):
119         (JSC::Wasm::Memory::lastAllocatedMode): Deleted.
120         * wasm/WasmMemory.h:
121
122 2017-04-03  Zan Dobersek  <zdobersek@igalia.com>
123
124         [jsc] Add patchableJumpSize() for MIPS
125         https://bugs.webkit.org/show_bug.cgi?id=169716
126
127         Reviewed by Yusuke Suzuki.
128
129         * assembler/MIPSAssembler.h:
130         (JSC::MIPSAssembler::patchableJumpSize): Added.
131         * assembler/MacroAssemblerMIPS.h:
132         (JSC::MacroAssemblerMIPS::patchableJumpSize): Added.
133
134 2017-04-03  Guillaume Emont  <guijemont@igalia.com>
135
136         [jsc] implement MIPSAssembler::relinkJumpToNop()
137         https://bugs.webkit.org/show_bug.cgi?id=169720
138
139         Reviewed by Yusuke Suzuki.
140
141         * assembler/MIPSAssembler.h:
142         (JSC::MIPSAssembler::relinkJumpToNop): Added.
143
144 2017-04-02  Carlos Garcia Campos  <cgarcia@igalia.com>
145
146         Share implementation of JSRunLoopTimer::timerDidFire
147         https://bugs.webkit.org/show_bug.cgi?id=170392
148
149         Reviewed by Michael Catanzaro.
150
151         The code is cross-platform but it's duplicated in CF and GLib implementations, it could be shared instead.
152
153         * runtime/JSRunLoopTimer.cpp:
154         (JSC::JSRunLoopTimer::timerDidFire): Move common implementation here.
155         (JSC::JSRunLoopTimer::setRunLoop): Use timerDidFireCallback.
156         (JSC::JSRunLoopTimer::timerDidFireCallback): Call JSRunLoopTimer::timerDidFire().
157         * runtime/JSRunLoopTimer.h:
158
159 2017-04-01  Oleksandr Skachkov  <gskachkov@gmail.com>
160
161         Object with numerical keys with gaps gets filled by NaN values
162         https://bugs.webkit.org/show_bug.cgi?id=164412
163
164         Reviewed by Mark Lam.
165
166         This patch fixes issue when object have two properties 
167         with name as number. The issue appears when during invoking 
168         convertDoubleToArrayStorage, array is filled by pNaN and 
169         method converting it to real NaN. This happeneds because a 
170         pNaN in a Double array is a hole, and Double arrays cannot 
171         have NaN values. To fix issue we need to check value and 
172         clear it if it pNaN.
173
174         * runtime/JSObject.cpp:
175         (JSC::JSObject::convertDoubleToArrayStorage):
176
177 2017-03-31  Saam Barati  <sbarati@apple.com>
178
179         WebAssembly: Make our calls out to JS PIC friendly
180         https://bugs.webkit.org/show_bug.cgi?id=170261
181
182         Reviewed by Keith Miller.
183
184         This patch removes a direct call from the module to the Wasm to JS stub.
185         Instead, we do an indirect call to the stub by loading the stub's executable
186         address off of the CodeBlock. This is to make the code we emit for comply with
187         requirements needed for PIC.
188         
189         Adding this indirection is not ideal. Although this patch is neutral on
190         WasmBench, we really want to get back to a world where we have an IC
191         call infrastructure. This patch is obviously a regression on some
192         types of programs. I've filed this bug to make sure we implement a
193         PIC compliant Wasm to JS call IC:
194         https://bugs.webkit.org/show_bug.cgi?id=170375
195
196         * wasm/WasmB3IRGenerator.cpp:
197         * wasm/WasmFormat.h:
198         * wasm/WasmPlan.cpp:
199         (JSC::Wasm::Plan::complete):
200         * wasm/js/JSWebAssemblyCodeBlock.cpp:
201         (JSC::JSWebAssemblyCodeBlock::initialize):
202         * wasm/js/JSWebAssemblyCodeBlock.h:
203         (JSC::JSWebAssemblyCodeBlock::create):
204         (JSC::JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub):
205         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
206         (JSC::JSWebAssemblyCodeBlock::allocationSize):
207         (JSC::JSWebAssemblyCodeBlock::importWasmToJSStub):
208         * wasm/js/JSWebAssemblyInstance.cpp:
209         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
210         * wasm/js/JSWebAssemblyInstance.h:
211         (JSC::JSWebAssemblyInstance::offsetOfCodeBlock):
212
213 2017-03-31  Keith Miller  <keith_miller@apple.com>
214
215         WebAssembly: webAssemblyB3OptimizationLevel should use defaultB3OptLevel by default
216         https://bugs.webkit.org/show_bug.cgi?id=170378
217
218         Reviewed by Saam Barati.
219
220         * runtime/Options.h:
221         * wasm/WasmB3IRGenerator.h:
222
223 2017-03-31  Keith Miller  <keith_miller@apple.com>
224
225         WebAssembly: Add compilation level option
226         https://bugs.webkit.org/show_bug.cgi?id=170374
227
228         Reviewed by Mark Lam.
229
230         This patch adds an option, webAssemblyB3OptimizationLevel, which
231         changes the optimization mode wasm passes to B3.
232
233         * runtime/Options.h:
234         * wasm/WasmPlan.cpp:
235         (JSC::Wasm::Plan::compileFunctions):
236
237 2017-03-31  Saam Barati  <sbarati@apple.com>
238
239         WebAssembly: Strip WasmParser and WasmFunctionParser from knowing about VM
240         https://bugs.webkit.org/show_bug.cgi?id=170312
241
242         Reviewed by Mark Lam.
243
244         This is another step towards PIC-ifying Wasm. This patch removes
245         the VM field that is no longer used.
246
247         * wasm/WasmB3IRGenerator.cpp:
248         (JSC::Wasm::parseAndCompile):
249         * wasm/WasmB3IRGenerator.h:
250         * wasm/WasmFunctionParser.h:
251         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
252         * wasm/WasmModuleParser.h:
253         (JSC::Wasm::ModuleParser::ModuleParser):
254         * wasm/WasmParser.h:
255         (JSC::Wasm::Parser<SuccessType>::Parser):
256         * wasm/WasmPlan.cpp:
257         (JSC::Wasm::Plan::parseAndValidateModule):
258         (JSC::Wasm::Plan::compileFunctions):
259         * wasm/WasmValidate.cpp:
260         (JSC::Wasm::validateFunction):
261         * wasm/WasmValidate.h:
262
263 2017-03-31  Saam Barati  <sbarati@apple.com>
264
265         WebAssembly: Ref count Signature and SignatureInformation should not care about VM
266         https://bugs.webkit.org/show_bug.cgi?id=170316
267
268         Reviewed by Keith Miller.
269
270         This is yet again another step towards PIC-ifying Wasm.
271         Signature should be ref counted so we can tell when
272         no code is holding onto a Signature. This makes it easy
273         to free unused Signatures. Also, this patch rids SignatureInfo
274         of any VM knowledge. Now, there is just a single SignatureInfo that
275         lives in a process.
276
277         * runtime/VM.h:
278         * wasm/WasmB3IRGenerator.cpp:
279         (JSC::Wasm::createJSToWasmWrapper):
280         (JSC::Wasm::parseAndCompile):
281         * wasm/WasmB3IRGenerator.h:
282         * wasm/WasmBinding.cpp:
283         (JSC::Wasm::wasmToJs):
284         * wasm/WasmCallingConvention.h:
285         (JSC::Wasm::CallingConvention::loadArguments):
286         * wasm/WasmFormat.h:
287         * wasm/WasmFunctionParser.h:
288         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
289         * wasm/WasmModuleParser.cpp:
290         * wasm/WasmPlan.cpp:
291         (JSC::Wasm::Plan::parseAndValidateModule):
292         (JSC::Wasm::Plan::compileFunctions):
293         (JSC::Wasm::Plan::complete):
294         * wasm/WasmSignature.cpp:
295         (JSC::Wasm::Signature::hash):
296         (JSC::Wasm::Signature::tryCreate):
297         (JSC::Wasm::SignatureInformation::SignatureInformation):
298         (JSC::Wasm::SignatureInformation::singleton):
299         (JSC::Wasm::SignatureInformation::adopt):
300         (JSC::Wasm::SignatureInformation::get):
301         (JSC::Wasm::SignatureInformation::tryCleanup):
302         (JSC::Wasm::Signature::create): Deleted.
303         (JSC::Wasm::Signature::createInvalid): Deleted.
304         (JSC::Wasm::Signature::destroy): Deleted.
305         (JSC::Wasm::SignatureInformation::~SignatureInformation): Deleted.
306         * wasm/WasmSignature.h:
307         (JSC::Wasm::Signature::allocatedSize):
308         (JSC::Wasm::Signature::operator==):
309         * wasm/WasmValidate.cpp:
310         (JSC::Wasm::validateFunction):
311         * wasm/WasmValidate.h:
312         * wasm/js/JSWebAssemblyModule.cpp:
313         (JSC::JSWebAssemblyModule::destroy):
314         * wasm/js/WebAssemblyFunction.cpp:
315         (JSC::callWebAssemblyFunction):
316         * wasm/js/WebAssemblyFunction.h:
317         * wasm/js/WebAssemblyModuleRecord.cpp:
318         (JSC::WebAssemblyModuleRecord::link):
319         (JSC::WebAssemblyModuleRecord::evaluate):
320         * wasm/js/WebAssemblyWrapperFunction.cpp:
321         (JSC::WebAssemblyWrapperFunction::create):
322         * wasm/js/WebAssemblyWrapperFunction.h:
323
324 2017-03-31  Mark Lam  <mark.lam@apple.com>
325
326         Array.prototype.splice() should not be using JSArray::tryCreateForInitializationPrivate().
327         https://bugs.webkit.org/show_bug.cgi?id=170303
328         <rdar://problem/31358281>
329
330         Reviewed by Filip Pizlo.
331
332         This is because it needs to call getProperty() later to get the values for
333         initializing the array.  getProperty() can execute arbitrary code and potentially
334         trigger the GC.  This is not allowed for clients of JSArray::tryCreateForInitializationPrivate().
335
336         * runtime/ArrayPrototype.cpp:
337         (JSC::arrayProtoFuncSplice):
338         (JSC::copySplicedArrayElements): Deleted.
339
340 2017-03-31  Oleksandr Skachkov  <gskachkov@gmail.com>
341
342         String.prototype.replace incorrectly applies "special replacement parameters" when passed a function
343         https://bugs.webkit.org/show_bug.cgi?id=170151
344
345         Reviewed by Saam Barati.
346
347         This patch fixes issue for String.prototype.replace when passed a function 
348         with special symbols "$$". It happeneds because substituteBackreferences applies 
349         unconditionally, but according to the spec it should be applied only for text 
350         21.1.3.16.8 https://tc39.github.io/ecma262/#sec-string.prototype.replace
351
352         * runtime/StringPrototype.cpp:
353         (JSC::replaceUsingStringSearch):
354
355 2017-03-30  Saam Barati  <sbarati@apple.com>
356
357         WebAssembly: When Wasm calls to C, it should use Wasm::Context* instead of ExecState* to get VM
358         https://bugs.webkit.org/show_bug.cgi?id=170185
359
360         Reviewed by Michael Saboff.
361
362         This is one more step in the direction of PIC-ified Wasm.
363         When we lift WasmCallee above VM, we will no longer be
364         able to get VM from ExecState*. This patch ensures that
365         we don't do that from within the Wasm runtime. Instead,
366         we use the Wasm::Context* to get the VM.
367
368         This patch also adds a new class, Wasm::Thunks. There
369         is a single Wasm::Thunks that lives in the process. It
370         is responsible for generating a thunk that Wasm relies on.
371         The only such thunk right now is the exception throwing
372         thunk.
373
374         This patch also rids WasmFaultSignalHandler from any knowledge
375         of VM. Previously, it relied on VM to get the exception handling
376         thunk.
377
378         The only part of the Wasm runtime that will be allowed
379         to get VM& from ExecState will be WasmBinding. In the
380         future, we plan to keep the calls out to JS to keep
381         a JSCell as the callee.
382
383         * JavaScriptCore.xcodeproj/project.pbxproj:
384         * dfg/DFGOSREntry.cpp:
385         (JSC::DFG::prepareOSREntry):
386         * ftl/FTLOSRExitCompiler.cpp:
387         (JSC::FTL::compileStub):
388         * interpreter/Interpreter.cpp:
389         (JSC::UnwindFunctor::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
390         * jit/AssemblyHelpers.cpp:
391         (JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
392         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBufferImpl):
393         * jit/AssemblyHelpers.h:
394         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
395         * jit/ThunkGenerators.cpp:
396         (JSC::throwExceptionFromWasmThunkGenerator): Deleted.
397         * jit/ThunkGenerators.h:
398         * runtime/InitializeThreading.cpp:
399         (JSC::initializeThreading):
400         * runtime/VM.cpp:
401         (JSC::VM::VM):
402         (JSC::VM::getAllCalleeSaveRegisterOffsets):
403         * runtime/VM.h:
404         (JSC::VM::topVMEntryFrameOffset):
405         (JSC::VM::getAllCalleeSaveRegisterOffsets): Deleted.
406         * wasm/WasmB3IRGenerator.cpp:
407         (JSC::Wasm::B3IRGenerator::emitExceptionCheck):
408         * wasm/WasmFaultSignalHandler.cpp:
409         (JSC::Wasm::trapHandler):
410         * wasm/WasmMemory.cpp:
411         (JSC::Wasm::tryGetFastMemory):
412         * wasm/WasmThunks.cpp: Added.
413         (JSC::Wasm::throwExceptionFromWasmThunkGenerator):
414         (JSC::Wasm::Thunks::initialize):
415         (JSC::Wasm::Thunks::singleton):
416         (JSC::Wasm::Thunks::stub):
417         (JSC::Wasm::Thunks::existingStub):
418         * wasm/WasmThunks.h: Added.
419         * wasm/js/JSWebAssemblyInstance.cpp:
420         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
421         * wasm/js/JSWebAssemblyInstance.h:
422         (JSC::JSWebAssemblyInstance::offsetOfVM):
423         * wasm/js/JSWebAssemblyMemory.cpp:
424         (JSC::JSWebAssemblyMemory::grow):
425         * wasm/js/JSWebAssemblyMemory.h:
426         * wasm/js/WebAssemblyMemoryPrototype.cpp:
427         (JSC::webAssemblyMemoryProtoFuncGrow):
428
429 2017-03-30  Mark Lam  <mark.lam@apple.com>
430
431         IntlObject should not be using JSArray::initializeIndex().
432         https://bugs.webkit.org/show_bug.cgi?id=170302
433         <rdar://problem/31356918>
434
435         Reviewed by Saam Barati.
436
437         JSArray::initializeIndex() is only meant to be used with arrays created using
438         JSArray::tryCreateForInitializationPrivate() under very constrained conditions.
439
440         * runtime/IntlObject.cpp:
441         (JSC::canonicalizeLocaleList):
442         (JSC::intlObjectFuncGetCanonicalLocales):
443
444 2017-03-30  Filip Pizlo  <fpizlo@apple.com>
445
446         Air should support linear scan for optLevel<2
447         https://bugs.webkit.org/show_bug.cgi?id=170161
448
449         Reviewed by Saam Barati.
450         
451         This changes the default opt level of B3 to 2. It makes the other opt levels useful by adding a
452         new register allocator. This new linear scan allocator will produce significantly worse code.
453         But it will produce that code a lot faster than IRC or Briggs.
454         
455         The opt levels are:
456             0: no optimizations, linear scan
457             1: some optimizations, linear scan
458             2: full optimizations, graph coloring (IRC or Briggs based on CPU)
459         
460         What we used to call optLevel=1 is not called optLevel=2, or better yet,
461         optLevel=B3::defaultOptLevel(). We no longer have anything like the old optLevel=0 (which did no
462         optimizations but ran graph coloring).
463         
464         allocateRegistersByLinearScan() faithfully implements Massimiliano Poletto and Vivek Sarkar's
465         famous algorithm. It uses the variant that handles clobbered registers by avoiding assigning
466         ranges to those registers if the range overlaps a clobber. It's engineered to allocate registers
467         very quickly and generate inefficient code without falling off a cliff.
468         
469         The new optLevel=1 speeds up B3 by a factor of 2, and results in a 80% throughput regression.
470         Linear scan runs 4.7x faster than graph coloring on average.
471
472         * CMakeLists.txt:
473         * JavaScriptCore.xcodeproj/project.pbxproj:
474         * b3/B3BasicBlockUtils.h:
475         (JSC::B3::blocksInPreOrder):
476         (JSC::B3::blocksInPostOrder):
477         * b3/B3BlockWorklist.h:
478         * b3/B3CFG.h:
479         (JSC::B3::CFG::newMap):
480         * b3/B3Common.h:
481         (JSC::B3::defaultOptLevel):
482         * b3/B3Compile.h:
483         * b3/B3DuplicateTails.cpp:
484         * b3/B3EliminateCommonSubexpressions.cpp:
485         * b3/B3FixSSA.cpp:
486         (JSC::B3::demoteValues):
487         (JSC::B3::fixSSA):
488         * b3/B3FixSSA.h:
489         * b3/B3Generate.cpp:
490         (JSC::B3::prepareForGeneration):
491         (JSC::B3::generateToAir):
492         * b3/B3Generate.h:
493         * b3/B3HeapRange.cpp: Removed.
494         * b3/B3HeapRange.h:
495         (JSC::B3::HeapRange::HeapRange): Deleted.
496         (JSC::B3::HeapRange::top): Deleted.
497         (JSC::B3::HeapRange::operator==): Deleted.
498         (JSC::B3::HeapRange::operator!=): Deleted.
499         (JSC::B3::HeapRange::operator|): Deleted.
500         (JSC::B3::HeapRange::operator bool): Deleted.
501         (JSC::B3::HeapRange::begin): Deleted.
502         (JSC::B3::HeapRange::end): Deleted.
503         (JSC::B3::HeapRange::overlaps): Deleted.
504         * b3/B3LowerToAir.cpp:
505         * b3/B3MoveConstants.cpp:
506         * b3/B3PhiChildren.h:
507         * b3/B3Procedure.cpp:
508         (JSC::B3::Procedure::dump):
509         (JSC::B3::Procedure::deleteOrphans):
510         (JSC::B3::Procedure::setBlockOrderImpl):
511         * b3/B3ReduceDoubleToFloat.cpp:
512         * b3/B3ReduceStrength.cpp:
513         * b3/B3SSACalculator.h:
514         * b3/B3UseCounts.h:
515         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
516         * b3/air/AirAllocateRegistersByLinearScan.cpp: Added.
517         (JSC::B3::Air::allocateRegistersByLinearScan):
518         * b3/air/AirAllocateRegistersByLinearScan.h: Added.
519         * b3/air/AirAllocateStack.cpp:
520         (JSC::B3::Air::allocateStack):
521         * b3/air/AirArg.cpp:
522         (WTF::printInternal):
523         * b3/air/AirArg.h:
524         (JSC::B3::Air::Arg::activeAt):
525         (JSC::B3::Air::Arg::timing):
526         (JSC::B3::Air::Arg::forEachPhase):
527         * b3/air/AirBasicBlock.h:
528         * b3/air/AirBlockWorklist.h:
529         * b3/air/AirCFG.h:
530         (JSC::B3::Air::CFG::newMap):
531         * b3/air/AirEliminateDeadCode.cpp:
532         (JSC::B3::Air::eliminateDeadCode):
533         * b3/air/AirFixObviousSpills.cpp:
534         * b3/air/AirFixPartialRegisterStalls.cpp:
535         (JSC::B3::Air::fixPartialRegisterStalls):
536         * b3/air/AirFixSpillsAfterTerminals.cpp: Added.
537         (JSC::B3::Air::fixSpillsAfterTerminals):
538         * b3/air/AirFixSpillsAfterTerminals.h: Added.
539         * b3/air/AirGenerate.cpp:
540         (JSC::B3::Air::prepareForGeneration):
541         (JSC::B3::Air::generate):
542         * b3/air/AirGenerate.h:
543         * b3/air/AirGenerationContext.h:
544         * b3/air/AirInsertionSet.h:
545         * b3/air/AirInst.cpp:
546         (JSC::B3::Air::Inst::needsPadding):
547         * b3/air/AirLowerAfterRegAlloc.cpp:
548         (JSC::B3::Air::lowerAfterRegAlloc):
549         * b3/air/AirLowerEntrySwitch.cpp:
550         (JSC::B3::Air::lowerEntrySwitch):
551         * b3/air/AirOpcode.opcodes:
552         * b3/air/AirPhaseInsertionSet.cpp: Added.
553         (JSC::B3::Air::PhaseInsertionSet::execute):
554         * b3/air/AirPhaseInsertionSet.h: Added.
555         (JSC::B3::Air::PhaseInsertion::PhaseInsertion):
556         (JSC::B3::Air::PhaseInsertion::phase):
557         (JSC::B3::Air::PhaseInsertion::operator<):
558         (JSC::B3::Air::PhaseInsertionSet::PhaseInsertionSet):
559         (JSC::B3::Air::PhaseInsertionSet::appendInsertion):
560         (JSC::B3::Air::PhaseInsertionSet::insertInst):
561         (JSC::B3::Air::PhaseInsertionSet::insert):
562         * b3/air/AirRegLiveness.h:
563         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
564         * b3/air/AirSpillEverything.cpp:
565         (JSC::B3::Air::spillEverything):
566         * b3/air/AirTmp.cpp:
567         * b3/air/AirTmp.h:
568         (JSC::B3::Air::Tmp::tmpForIndex):
569         * b3/air/AirTmpInlines.h:
570         (JSC::B3::Air::Tmp::Indexed::Indexed):
571         (JSC::B3::Air::Tmp::Indexed::index):
572         (JSC::B3::Air::Tmp::AbsolutelyIndexed::AbsolutelyIndexed):
573         (JSC::B3::Air::Tmp::AbsolutelyIndexed::index):
574         (JSC::B3::Air::Tmp::indexed):
575         (JSC::B3::Air::Tmp::absolutelyIndexed):
576         (JSC::B3::Air::Tmp::tmpForAbsoluteIndex):
577         * b3/testb3.cpp:
578         (JSC::B3::compile):
579         (JSC::B3::testMulLoadTwice):
580         * jit/RegisterSet.h:
581         (JSC::RegisterSet::add):
582         (JSC::RegisterSet::remove):
583         * runtime/Options.h:
584         * wasm/WasmB3IRGenerator.h:
585
586 2017-03-30  Youenn Fablet  <youenn@apple.com>
587
588         Clean up RTCDataChannel
589         https://bugs.webkit.org/show_bug.cgi?id=169732
590
591         Reviewed by Chris Dumez.
592
593         * runtime/CommonIdentifiers.h: Adding RTCDataChannelEvent.
594
595 2017-03-30  Saam Barati  <sbarati@apple.com>
596
597         WebAssembly: pass Wasm::Context* to vmEntryToWasm when not using fast TLS
598         https://bugs.webkit.org/show_bug.cgi?id=170182
599
600         Reviewed by Mark Lam.
601
602         This is one more step in the direction of PIC-ified Wasm.
603         I'm removing assumptions that a wasm callee is a cell. We used to use
604         the callee to get the WasmContext off the callee's VM. Instead,
605         this patch makes it so that we pass in the context as a parameter
606         to the JS entrypoint.
607
608         * heap/MarkedBlock.h:
609         (JSC::MarkedBlock::offsetOfVM): Deleted.
610         * jit/AssemblyHelpers.cpp:
611         (JSC::AssemblyHelpers::loadWasmContext):
612         (JSC::AssemblyHelpers::storeWasmContext):
613         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
614         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
615         * jsc.cpp:
616         (functionTestWasmModuleFunctions):
617         * runtime/VM.h:
618         (JSC::VM::wasmContextOffset): Deleted.
619         * wasm/WasmB3IRGenerator.cpp:
620         (JSC::Wasm::B3IRGenerator::materializeWasmContext):
621         (JSC::Wasm::B3IRGenerator::restoreWasmContext):
622         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
623         (JSC::Wasm::createJSToWasmWrapper):
624         * wasm/WasmContext.cpp:
625         (JSC::Wasm::loadContext):
626         (JSC::Wasm::storeContext):
627         (JSC::loadWasmContext): Deleted.
628         (JSC::storeWasmContext): Deleted.
629         * wasm/WasmContext.h:
630         (JSC::Wasm::useFastTLS):
631         (JSC::Wasm::useFastTLSForContext):
632         * wasm/WasmMemoryInformation.cpp:
633         (JSC::Wasm::PinnedRegisterInfo::get):
634         * wasm/WasmMemoryInformation.h:
635         (JSC::Wasm::useFastTLS): Deleted.
636         (JSC::Wasm::useFastTLSForWasmContext): Deleted.
637         * wasm/js/WebAssemblyFunction.cpp:
638         (JSC::callWebAssemblyFunction):
639
640 2017-03-30  JF Bastien  <jfbastien@apple.com>
641
642         WebAssembly: fix misc JS API implementation inconsistencies
643         https://bugs.webkit.org/show_bug.cgi?id=170187
644
645         Reviewed by Keith Miller.
646
647         Auto-generate lookup tables.
648         Methods should be on prototype.
649         Exception returns should be idiomatic.
650
651         * wasm/JSWebAssembly.cpp: validate / compile / instantiate should
652         be on the prototype
653         (JSC::JSWebAssembly::create):
654         (JSC::JSWebAssembly::finishCreation):
655         (JSC::reject): Deleted.
656         (JSC::webAssemblyCompileFunc): Deleted.
657         (JSC::resolve): Deleted.
658         (JSC::instantiate): Deleted.
659         (JSC::compileAndInstantiate): Deleted.
660         (JSC::webAssemblyInstantiateFunc): Deleted.
661         (JSC::webAssemblyValidateFunc): Deleted.
662         * wasm/JSWebAssembly.h:
663         * wasm/js/WebAssemblyMemoryPrototype.cpp: move from JSWebAssembly.cpp
664         (JSC::webAssemblyMemoryProtoFuncBuffer):
665         (JSC::WebAssemblyMemoryPrototype::create):
666         (JSC::WebAssemblyMemoryPrototype::finishCreation):
667         * wasm/js/WebAssemblyMemoryPrototype.h:
668         * wasm/js/WebAssemblyPrototype.cpp:
669         (JSC::reject):
670         (JSC::webAssemblyCompileFunc):
671         (JSC::resolve):
672         (JSC::instantiate):
673         (JSC::compileAndInstantiate):
674         (JSC::webAssemblyInstantiateFunc):
675         (JSC::webAssemblyValidateFunc):
676         (JSC::webAssemblyFunctionValidate): Deleted.
677         (JSC::webAssemblyFunctionCompile): Deleted.
678         * wasm/js/WebAssemblyTablePrototype.cpp:
679         (JSC::webAssemblyTableProtoFuncGrow):
680         (JSC::webAssemblyTableProtoFuncGet):
681         (JSC::webAssemblyTableProtoFuncSet):
682         (JSC::WebAssemblyTablePrototype::create):
683         (JSC::WebAssemblyTablePrototype::finishCreation):
684         * wasm/js/WebAssemblyTablePrototype.h:
685
686 2017-03-29  Keith Miller  <keith_miller@apple.com>
687
688         Unreviewed, fix the build, again. Hopefully for the last time, again!
689
690         * runtime/Options.cpp:
691
692 2017-03-29  Keith Miller  <keith_miller@apple.com>
693
694         Unreviewed, fix the build, again. Hopefully for the last time!
695
696         * runtime/Options.cpp:
697         (JSC::parse):
698
699 2017-03-29  Keith Miller  <keith_miller@apple.com>
700
701         Unreviewed, windows build fix.
702
703         * runtime/Options.cpp:
704         (JSC::parse):
705
706 2017-03-29  Keith Miller  <keith_miller@apple.com>
707
708         WebAssembly: B3IRGenerator should pool constants
709         https://bugs.webkit.org/show_bug.cgi?id=170266
710
711         Reviewed by Filip Pizlo.
712
713         This patch adds a HashMap to B3IRGenerator that contains all the constants used in a function.
714         B3IRGenerator then uses an InsertionSet to add all those constants to the root BB. This doesn't
715         appear to be a compile time improvement but it could be valuable in the future.
716
717         * b3/B3Opcode.h:
718         (JSC::B3::opcodeForConstant):
719         * b3/B3Procedure.cpp:
720         (JSC::B3::Procedure::addConstant):
721         * b3/B3Procedure.h:
722         * wasm/WasmB3IRGenerator.cpp:
723         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
724         (JSC::Wasm::B3IRGenerator::constant):
725         (JSC::Wasm::B3IRGenerator::insertConstants):
726         (JSC::Wasm::B3IRGenerator::addConstant):
727         (JSC::Wasm::B3IRGenerator::dump):
728         (JSC::Wasm::parseAndCompile):
729         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
730         (JSC::Wasm::B3IRGenerator::zeroForType): Deleted.
731         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
732         (generateConstCode):
733
734 2017-03-29  Saam Barati  <sbarati@apple.com>
735
736         LinkBuffer and ExecutableAllocator shouldn't have anything to do with VM
737         https://bugs.webkit.org/show_bug.cgi?id=170210
738
739         Reviewed by Mark Lam.
740
741         This is one more step in the direction of PIC-ified Wasm.
742         LinkBuffer and ExecutableAllocator have no business knowing about VM.
743
744         * assembler/LinkBuffer.cpp:
745         (JSC::LinkBuffer::allocate):
746         * assembler/LinkBuffer.h:
747         (JSC::LinkBuffer::LinkBuffer):
748         (JSC::LinkBuffer::vm): Deleted.
749         * b3/B3Compile.cpp:
750         (JSC::B3::compile):
751         * b3/B3Compile.h:
752         * b3/air/testair.cpp:
753         * b3/testb3.cpp:
754         (JSC::B3::compileProc):
755         (JSC::B3::compileAndRun):
756         (JSC::B3::testLoadAcq42):
757         (JSC::B3::testAddArgZeroImmZDef):
758         (JSC::B3::testAddLoadTwice):
759         (JSC::B3::testMulLoadTwice):
760         (JSC::B3::testMulAddArgsLeft):
761         (JSC::B3::testMulAddArgsRight):
762         (JSC::B3::testMulAddArgsLeft32):
763         (JSC::B3::testMulAddArgsRight32):
764         (JSC::B3::testMulSubArgsLeft):
765         (JSC::B3::testMulSubArgsRight):
766         (JSC::B3::testMulSubArgsLeft32):
767         (JSC::B3::testMulSubArgsRight32):
768         (JSC::B3::testMulNegArgs):
769         (JSC::B3::testMulNegArgs32):
770         (JSC::B3::testCompareFloatToDoubleThroughPhi):
771         (JSC::B3::testDoubleToFloatThroughPhi):
772         (JSC::B3::testReduceFloatToDoubleValidates):
773         (JSC::B3::testDoubleProducerPhiToFloatConversion):
774         (JSC::B3::testDoubleProducerPhiToFloatConversionWithDoubleConsumer):
775         (JSC::B3::testDoubleProducerPhiWithNonFloatConst):
776         (JSC::B3::testIToD64Arg):
777         (JSC::B3::testIToF64Arg):
778         (JSC::B3::testIToD32Arg):
779         (JSC::B3::testIToF32Arg):
780         (JSC::B3::testIToD64Mem):
781         (JSC::B3::testIToF64Mem):
782         (JSC::B3::testIToD32Mem):
783         (JSC::B3::testIToF32Mem):
784         (JSC::B3::testIToDReducedToIToF64Arg):
785         (JSC::B3::testIToDReducedToIToF32Arg):
786         (JSC::B3::testStoreRelAddLoadAcq32):
787         (JSC::B3::testStoreRelAddLoadAcq8):
788         (JSC::B3::testStoreRelAddFenceLoadAcq8):
789         (JSC::B3::testStoreRelAddLoadAcq16):
790         (JSC::B3::testStoreRelAddLoadAcq64):
791         (JSC::B3::testBranch):
792         (JSC::B3::testBranchPtr):
793         (JSC::B3::testDiamond):
794         (JSC::B3::testBranchNotEqual):
795         (JSC::B3::testBranchNotEqualCommute):
796         (JSC::B3::testBranchNotEqualNotEqual):
797         (JSC::B3::testBranchEqual):
798         (JSC::B3::testBranchEqualEqual):
799         (JSC::B3::testBranchEqualCommute):
800         (JSC::B3::testBranchEqualEqual1):
801         (JSC::B3::testBranchLoadPtr):
802         (JSC::B3::testBranchLoad32):
803         (JSC::B3::testBranchLoad8S):
804         (JSC::B3::testBranchLoad8Z):
805         (JSC::B3::testBranchLoad16S):
806         (JSC::B3::testBranchLoad16Z):
807         (JSC::B3::testBranch8WithLoad8ZIndex):
808         (JSC::B3::testComplex):
809         (JSC::B3::testSimpleCheck):
810         (JSC::B3::testCheckFalse):
811         (JSC::B3::testCheckTrue):
812         (JSC::B3::testCheckLessThan):
813         (JSC::B3::testCheckMegaCombo):
814         (JSC::B3::testCheckTrickyMegaCombo):
815         (JSC::B3::testCheckTwoMegaCombos):
816         (JSC::B3::testCheckTwoNonRedundantMegaCombos):
817         (JSC::B3::testCheckAddImm):
818         (JSC::B3::testCheckAddImmCommute):
819         (JSC::B3::testCheckAddImmSomeRegister):
820         (JSC::B3::testCheckAdd):
821         (JSC::B3::testCheckAdd64):
822         (JSC::B3::testCheckAddFold):
823         (JSC::B3::testCheckAddFoldFail):
824         (JSC::B3::testCheckAddSelfOverflow64):
825         (JSC::B3::testCheckAddSelfOverflow32):
826         (JSC::B3::testCheckSubImm):
827         (JSC::B3::testCheckSubBadImm):
828         (JSC::B3::testCheckSub):
829         (JSC::B3::testCheckSub64):
830         (JSC::B3::testCheckSubFold):
831         (JSC::B3::testCheckSubFoldFail):
832         (JSC::B3::testCheckNeg):
833         (JSC::B3::testCheckNeg64):
834         (JSC::B3::testCheckMul):
835         (JSC::B3::testCheckMulMemory):
836         (JSC::B3::testCheckMul2):
837         (JSC::B3::testCheckMul64):
838         (JSC::B3::testCheckMulFold):
839         (JSC::B3::testCheckMulFoldFail):
840         (JSC::B3::testCheckMul64SShr):
841         (JSC::B3::testSwitch):
842         (JSC::B3::testSwitchChillDiv):
843         (JSC::B3::testSwitchTargettingSameBlock):
844         (JSC::B3::testSwitchTargettingSameBlockFoldPathConstant):
845         (JSC::B3::testBasicSelect):
846         (JSC::B3::testSelectTest):
847         (JSC::B3::testSelectCompareDouble):
848         (JSC::B3::testSelectDouble):
849         (JSC::B3::testSelectDoubleTest):
850         (JSC::B3::testSelectDoubleCompareDouble):
851         (JSC::B3::testSelectFloatCompareFloat):
852         (JSC::B3::testSelectFold):
853         (JSC::B3::testSelectInvert):
854         (JSC::B3::testCheckSelect):
855         (JSC::B3::testCheckSelectCheckSelect):
856         (JSC::B3::testCheckSelectAndCSE):
857         (JSC::B3::testTrivialInfiniteLoop):
858         (JSC::B3::testFoldPathEqual):
859         (JSC::B3::testLShiftSelf32):
860         (JSC::B3::testRShiftSelf32):
861         (JSC::B3::testURShiftSelf32):
862         (JSC::B3::testLShiftSelf64):
863         (JSC::B3::testRShiftSelf64):
864         (JSC::B3::testURShiftSelf64):
865         (JSC::B3::testPatchpointDoubleRegs):
866         (JSC::B3::testSpillDefSmallerThanUse):
867         (JSC::B3::testSpillUseLargerThanDef):
868         (JSC::B3::testLateRegister):
869         (JSC::B3::testInterpreter):
870         (JSC::B3::testEntrySwitchSimple):
871         (JSC::B3::testEntrySwitchNoEntrySwitch):
872         (JSC::B3::testEntrySwitchWithCommonPaths):
873         (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
874         (JSC::B3::testEntrySwitchLoop):
875         (JSC::B3::testSomeEarlyRegister):
876         (JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled):
877         (JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled2):
878         (JSC::B3::testPatchpointTerminalReturnValue):
879         (JSC::B3::testMemoryFence):
880         (JSC::B3::testStoreFence):
881         (JSC::B3::testLoadFence):
882         (JSC::B3::testPCOriginMapDoesntInsertNops):
883         (JSC::B3::testPinRegisters):
884         (JSC::B3::testX86LeaAddAddShlLeft):
885         (JSC::B3::testX86LeaAddAddShlRight):
886         (JSC::B3::testX86LeaAddAdd):
887         (JSC::B3::testX86LeaAddShlRight):
888         (JSC::B3::testX86LeaAddShlLeftScale1):
889         (JSC::B3::testX86LeaAddShlLeftScale2):
890         (JSC::B3::testX86LeaAddShlLeftScale4):
891         (JSC::B3::testX86LeaAddShlLeftScale8):
892         (JSC::B3::testAddShl32):
893         (JSC::B3::testAddShl64):
894         (JSC::B3::testAddShl65):
895         (JSC::B3::testLoadBaseIndexShift2):
896         (JSC::B3::testLoadBaseIndexShift32):
897         (JSC::B3::testOptimizeMaterialization):
898         (JSC::B3::testAtomicWeakCAS):
899         (JSC::B3::testAtomicStrongCAS):
900         (JSC::B3::testAtomicXchg):
901         (JSC::B3::testDepend32):
902         (JSC::B3::testDepend64):
903         (JSC::B3::testWasmBoundsCheck):
904         (JSC::B3::testWasmAddress):
905         (JSC::B3::run):
906         (JSC::B3::compile): Deleted.
907         * bytecode/PolymorphicAccess.cpp:
908         (JSC::PolymorphicAccess::regenerate):
909         * dfg/DFGJITCompiler.cpp:
910         (JSC::DFG::JITCompiler::compile):
911         (JSC::DFG::JITCompiler::compileFunction):
912         * dfg/DFGLazyJSValue.cpp:
913         (JSC::DFG::LazyJSValue::emit):
914         * dfg/DFGOSRExitCompiler.cpp:
915         * dfg/DFGSpeculativeJIT32_64.cpp:
916         (JSC::DFG::SpeculativeJIT::emitCall):
917         * dfg/DFGSpeculativeJIT64.cpp:
918         (JSC::DFG::SpeculativeJIT::emitCall):
919         * dfg/DFGThunks.cpp:
920         (JSC::DFG::osrExitGenerationThunkGenerator):
921         (JSC::DFG::osrEntryThunkGenerator):
922         * ftl/FTLCompile.cpp:
923         (JSC::FTL::compile):
924         * ftl/FTLLazySlowPath.cpp:
925         (JSC::FTL::LazySlowPath::generate):
926         * ftl/FTLLink.cpp:
927         (JSC::FTL::link):
928         * ftl/FTLLowerDFGToB3.cpp:
929         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
930         (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
931         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
932         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
933         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
934         * ftl/FTLOSRExitCompiler.cpp:
935         (JSC::FTL::compileStub):
936         * ftl/FTLOSRExitHandle.cpp:
937         (JSC::FTL::OSRExitHandle::emitExitThunk):
938         * ftl/FTLSlowPathCall.cpp:
939         (JSC::FTL::SlowPathCallContext::makeCall):
940         * ftl/FTLSlowPathCall.h:
941         (JSC::FTL::callOperation):
942         * ftl/FTLState.h:
943         * ftl/FTLThunks.cpp:
944         (JSC::FTL::genericGenerationThunkGenerator):
945         (JSC::FTL::slowPathCallThunkGenerator):
946         * ftl/FTLThunks.h:
947         (JSC::FTL::generateIfNecessary):
948         (JSC::FTL::Thunks::getSlowPathCallThunk):
949         * jit/AssemblyHelpers.cpp:
950         (JSC::AssemblyHelpers::emitDumbVirtualCall):
951         * jit/AssemblyHelpers.h:
952         * jit/ExecutableAllocator.cpp:
953         (JSC::ExecutableAllocator::initializeAllocator):
954         (JSC::ExecutableAllocator::singleton):
955         (JSC::ExecutableAllocator::ExecutableAllocator):
956         (JSC::ExecutableAllocator::allocate):
957         * jit/ExecutableAllocator.h:
958         * jit/JIT.cpp:
959         (JSC::JIT::compileWithoutLinking):
960         * jit/JITCall.cpp:
961         (JSC::JIT::compileCallEvalSlowCase):
962         * jit/JITMathIC.h:
963         (JSC::JITMathIC::generateOutOfLine):
964         * jit/JITOpcodes.cpp:
965         (JSC::JIT::privateCompileHasIndexedProperty):
966         * jit/JITOpcodes32_64.cpp:
967         (JSC::JIT::privateCompileHasIndexedProperty):
968         * jit/JITOperations.cpp:
969         * jit/JITOperations.h:
970         * jit/JITPropertyAccess.cpp:
971         (JSC::JIT::stringGetByValStubGenerator):
972         (JSC::JIT::privateCompileGetByVal):
973         (JSC::JIT::privateCompileGetByValWithCachedId):
974         (JSC::JIT::privateCompilePutByVal):
975         (JSC::JIT::privateCompilePutByValWithCachedId):
976         * jit/JITPropertyAccess32_64.cpp:
977         (JSC::JIT::stringGetByValStubGenerator):
978         * jit/JITStubRoutine.h:
979         * jit/Repatch.cpp:
980         (JSC::ftlThunkAwareRepatchCall):
981         (JSC::linkPolymorphicCall):
982         * jit/SpecializedThunkJIT.h:
983         (JSC::SpecializedThunkJIT::finalize):
984         * jit/ThunkGenerators.cpp:
985         (JSC::throwExceptionFromCallSlowPathGenerator):
986         (JSC::linkCallThunkGenerator):
987         (JSC::linkPolymorphicCallThunkGenerator):
988         (JSC::virtualThunkFor):
989         (JSC::nativeForGenerator):
990         (JSC::arityFixupGenerator):
991         (JSC::unreachableGenerator):
992         (JSC::boundThisNoArgsFunctionCallGenerator):
993         (JSC::throwExceptionFromWasmThunkGenerator):
994         * llint/LLIntThunks.cpp:
995         (JSC::LLInt::generateThunkWithJumpTo):
996         * runtime/SamplingProfiler.cpp:
997         (JSC::SamplingProfiler::takeSample):
998         * runtime/VM.cpp:
999         (JSC::VM::VM):
1000         * runtime/VM.h:
1001         * runtime/VMTraps.cpp:
1002         (JSC::VMTraps::tryInstallTrapBreakpoints):
1003         * tools/VMInspector.cpp:
1004         * wasm/WasmBinding.cpp:
1005         (JSC::Wasm::wasmToJs):
1006         (JSC::Wasm::wasmToWasm):
1007         (JSC::Wasm::exitStubGenerator):
1008         * wasm/WasmPlan.cpp:
1009         (JSC::Wasm::Plan::complete):
1010         * yarr/YarrJIT.cpp:
1011         (JSC::Yarr::YarrGenerator::compile):
1012         (JSC::Yarr::jitCompile):
1013
1014 2017-03-29  Keith Miller  <keith_miller@apple.com>
1015
1016         WebAssembly: Worklist should periodically check in to see if there are higher priority jobs to do.
1017         https://bugs.webkit.org/show_bug.cgi?id=170204
1018
1019         Reviewed by Saam Barati.
1020
1021         This patch makes it so that Wasm::Plan's compileFunctions method can return periodically
1022         to its caller. The main use for this is if a user asynchronously compiles a wasm module
1023         then later synchronously compiles another module. In this case we want to be able to pause
1024         compilation of other worklists.
1025
1026         This patch also adds support for size_t Options.
1027
1028         * runtime/Options.cpp:
1029         (JSC::parse):
1030         (JSC::Option::dump):
1031         (JSC::Option::operator==):
1032         * runtime/Options.h:
1033         * wasm/WasmPlan.cpp:
1034         (JSC::Wasm::Plan::moveToState):
1035         (JSC::Wasm::Plan::ThreadCountHolder::~ThreadCountHolder):
1036         (JSC::Wasm::Plan::compileFunctions):
1037         * wasm/WasmPlan.h:
1038         * wasm/WasmWorklist.cpp:
1039
1040 2017-03-29  Mark Lam  <mark.lam@apple.com>
1041
1042         Remove obsolete references to HeapTimer in JavaScriptCore.order.
1043         https://bugs.webkit.org/show_bug.cgi?id=170252
1044
1045         Reviewed by Saam Barati.
1046
1047         The HeapTimer was renamed to JSRunLoopTimer back in r214504.  These HeapTimer
1048         entries are now no longer meaningful.
1049
1050         * JavaScriptCore.order:
1051
1052 2017-03-29  JF Bastien  <jfbastien@apple.com>
1053
1054         WebAssembly: add shell-only Memory mode helper
1055         https://bugs.webkit.org/show_bug.cgi?id=170227
1056
1057         Reviewed by Mark Lam.
1058
1059         * jsc.cpp:
1060         (GlobalObject::finishCreation):
1061         (functionWebAssemblyMemoryMode):
1062         * wasm/WasmMemory.h:
1063         * wasm/js/JSWebAssemblyInstance.h:
1064         * wasm/js/JSWebAssemblyMemory.h:
1065
1066 2017-03-29  Keith Miller  <keith_miller@apple.com>
1067
1068         WebAssembly: pack OpcodeOrigin to fit in a pointer
1069         https://bugs.webkit.org/show_bug.cgi?id=170244
1070
1071         Reviewed by Michael Saboff.
1072
1073         This patch makes it so we don't have to have allocate the OpcodeOrigin and can just
1074         pack all the data into the pointer B3::Origin already has.
1075
1076         * wasm/WasmB3IRGenerator.cpp:
1077         (JSC::Wasm::parseAndCompile):
1078         * wasm/WasmOpcodeOrigin.cpp:
1079         (JSC::Wasm::OpcodeOrigin::dump):
1080         * wasm/WasmOpcodeOrigin.h:
1081         (JSC::Wasm::OpcodeOrigin::OpcodeOrigin):
1082         (JSC::Wasm::OpcodeOrigin::opcode):
1083         (JSC::Wasm::OpcodeOrigin::location):
1084
1085 2017-03-29  JF Bastien  <jfbastien@apple.com>
1086
1087         WebAssembly: NFC s/goto/lambda/g
1088         https://bugs.webkit.org/show_bug.cgi?id=170242
1089
1090         Reviewed by Mark Lam.
1091
1092         Lambdas are more in-style than the goto I just used.
1093
1094         * wasm/WasmMemory.cpp:
1095         (JSC::Wasm::tryGetFastMemory):
1096
1097 2017-03-28  Saam Barati  <sbarati@apple.com>
1098
1099         AssemblyHelpers should not have a VM field
1100         https://bugs.webkit.org/show_bug.cgi?id=170207
1101
1102         Reviewed by Yusuke Suzuki.
1103
1104         APIs that need VM should take one as a parameter. When doing position
1105         independent code for Wasm, we can't tie code generation to a VM.
1106
1107         * b3/B3Compile.cpp:
1108         (JSC::B3::compile):
1109         * b3/air/testair.cpp:
1110         * b3/testb3.cpp:
1111         (JSC::B3::testEntrySwitchSimple):
1112         (JSC::B3::testEntrySwitchNoEntrySwitch):
1113         (JSC::B3::testEntrySwitchWithCommonPaths):
1114         (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
1115         (JSC::B3::testEntrySwitchLoop):
1116         * bytecode/AccessCase.cpp:
1117         (JSC::AccessCase::generateWithGuard):
1118         (JSC::AccessCase::generateImpl):
1119         * bytecode/DOMJITAccessCasePatchpointParams.cpp:
1120         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
1121         * bytecode/InlineAccess.cpp:
1122         (JSC::InlineAccess::dumpCacheSizesAndCrash):
1123         (JSC::InlineAccess::generateSelfPropertyAccess):
1124         (JSC::InlineAccess::generateSelfPropertyReplace):
1125         (JSC::InlineAccess::generateArrayLength):
1126         (JSC::InlineAccess::rewireStubAsJump):
1127         * bytecode/InlineAccess.h:
1128         * bytecode/PolymorphicAccess.cpp:
1129         (JSC::AccessGenerationState::emitExplicitExceptionHandler):
1130         (JSC::PolymorphicAccess::regenerate):
1131         * bytecode/PolymorphicAccess.h:
1132         (JSC::AccessGenerationState::AccessGenerationState):
1133         * dfg/DFGJITCompiler.cpp:
1134         (JSC::DFG::JITCompiler::JITCompiler):
1135         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1136         (JSC::DFG::JITCompiler::link):
1137         (JSC::DFG::JITCompiler::compile):
1138         (JSC::DFG::JITCompiler::compileFunction):
1139         (JSC::DFG::JITCompiler::exceptionCheck):
1140         * dfg/DFGJITCompiler.h:
1141         (JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
1142         (JSC::DFG::JITCompiler::fastExceptionCheck):
1143         (JSC::DFG::JITCompiler::vm):
1144         * dfg/DFGOSRExitCompiler.cpp:
1145         * dfg/DFGOSRExitCompiler.h:
1146         * dfg/DFGOSRExitCompiler32_64.cpp:
1147         (JSC::DFG::OSRExitCompiler::compileExit):
1148         * dfg/DFGOSRExitCompiler64.cpp:
1149         (JSC::DFG::OSRExitCompiler::compileExit):
1150         * dfg/DFGOSRExitCompilerCommon.cpp:
1151         (JSC::DFG::adjustAndJumpToTarget):
1152         * dfg/DFGOSRExitCompilerCommon.h:
1153         * dfg/DFGSpeculativeJIT.cpp:
1154         (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
1155         (JSC::DFG::SpeculativeJIT::checkArray):
1156         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
1157         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
1158         (JSC::DFG::SpeculativeJIT::compileMakeRope):
1159         (JSC::DFG::SpeculativeJIT::compileGetGlobalObject):
1160         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
1161         (JSC::DFG::SpeculativeJIT::compileCreateActivation):
1162         (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
1163         (JSC::DFG::SpeculativeJIT::compileSpread):
1164         (JSC::DFG::SpeculativeJIT::compileArraySlice):
1165         (JSC::DFG::SpeculativeJIT::compileNukeStructureAndSetButterfly):
1166         (JSC::DFG::SpeculativeJIT::compileNewStringObject):
1167         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
1168         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
1169         * dfg/DFGSpeculativeJIT.h:
1170         (JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
1171         (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
1172         (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
1173         (JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
1174         * dfg/DFGSpeculativeJIT32_64.cpp:
1175         (JSC::DFG::SpeculativeJIT::emitCall):
1176         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1177         (JSC::DFG::SpeculativeJIT::emitBranch):
1178         (JSC::DFG::SpeculativeJIT::compile):
1179         * dfg/DFGSpeculativeJIT64.cpp:
1180         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
1181         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
1182         (JSC::DFG::SpeculativeJIT::emitCall):
1183         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1184         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1185         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1186         (JSC::DFG::SpeculativeJIT::emitBranch):
1187         (JSC::DFG::SpeculativeJIT::compile):
1188         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
1189         * dfg/DFGThunks.cpp:
1190         (JSC::DFG::osrEntryThunkGenerator):
1191         * ftl/FTLCompile.cpp:
1192         (JSC::FTL::compile):
1193         * ftl/FTLJITFinalizer.h:
1194         * ftl/FTLLazySlowPath.cpp:
1195         (JSC::FTL::LazySlowPath::generate):
1196         * ftl/FTLLazySlowPathCall.h:
1197         (JSC::FTL::createLazyCallGenerator):
1198         * ftl/FTLLink.cpp:
1199         (JSC::FTL::link):
1200         * ftl/FTLLowerDFGToB3.cpp:
1201         (JSC::FTL::DFG::LowerDFGToB3::lower):
1202         (JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
1203         (JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
1204         (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
1205         (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
1206         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
1207         (JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
1208         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1209         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1210         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
1211         (JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull):
1212         (JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
1213         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
1214         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
1215         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
1216         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
1217         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
1218         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
1219         (JSC::FTL::DFG::LowerDFGToB3::buildTypeOf):
1220         * ftl/FTLOSRExitCompiler.cpp:
1221         (JSC::FTL::compileStub):
1222         * ftl/FTLSlowPathCall.h:
1223         (JSC::FTL::callOperation):
1224         * ftl/FTLState.h:
1225         (JSC::FTL::State::vm):
1226         * ftl/FTLThunks.cpp:
1227         (JSC::FTL::genericGenerationThunkGenerator):
1228         (JSC::FTL::slowPathCallThunkGenerator):
1229         * jit/AssemblyHelpers.cpp:
1230         (JSC::AssemblyHelpers::jitReleaseAssertNoException):
1231         (JSC::AssemblyHelpers::callExceptionFuzz):
1232         (JSC::AssemblyHelpers::emitJumpIfException):
1233         (JSC::AssemblyHelpers::emitExceptionCheck):
1234         (JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
1235         (JSC::AssemblyHelpers::emitLoadStructure):
1236         (JSC::AssemblyHelpers::emitRandomThunk):
1237         (JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
1238         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
1239         (JSC::AssemblyHelpers::debugCall):
1240         * jit/AssemblyHelpers.h:
1241         (JSC::AssemblyHelpers::AssemblyHelpers):
1242         (JSC::AssemblyHelpers::codeBlock):
1243         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
1244         (JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMEntryFrameCalleeSavesBuffer):
1245         (JSC::AssemblyHelpers::barrierBranch):
1246         (JSC::AssemblyHelpers::barrierStoreLoadFence):
1247         (JSC::AssemblyHelpers::mutatorFence):
1248         (JSC::AssemblyHelpers::storeButterfly):
1249         (JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):
1250         (JSC::AssemblyHelpers::jumpIfMutatorFenceNotNeeded):
1251         (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
1252         (JSC::AssemblyHelpers::emitAllocateJSObject):
1253         (JSC::AssemblyHelpers::emitAllocateVariableSizedCell):
1254         (JSC::AssemblyHelpers::emitAllocateVariableSizedJSObject):
1255         (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
1256         (JSC::AssemblyHelpers::vm): Deleted.
1257         (JSC::AssemblyHelpers::debugCall): Deleted.
1258         * jit/CCallHelpers.cpp:
1259         (JSC::CCallHelpers::ensureShadowChickenPacket):
1260         * jit/CCallHelpers.h:
1261         (JSC::CCallHelpers::CCallHelpers):
1262         (JSC::CCallHelpers::jumpToExceptionHandler):
1263         * jit/JIT.cpp:
1264         (JSC::JIT::emitEnterOptimizationCheck):
1265         (JSC::JIT::privateCompileExceptionHandlers):
1266         * jit/JIT.h:
1267         (JSC::JIT::exceptionCheck):
1268         (JSC::JIT::exceptionCheckWithCallFrameRollback):
1269         * jit/JITMathIC.h:
1270         (JSC::JITMathIC::generateOutOfLine):
1271         * jit/JITOpcodes.cpp:
1272         (JSC::JIT::emit_op_instanceof):
1273         (JSC::JIT::emit_op_is_undefined):
1274         (JSC::JIT::emit_op_jfalse):
1275         (JSC::JIT::emit_op_jeq_null):
1276         (JSC::JIT::emit_op_jneq_null):
1277         (JSC::JIT::emit_op_jtrue):
1278         (JSC::JIT::emit_op_throw):
1279         (JSC::JIT::emit_op_catch):
1280         (JSC::JIT::emit_op_eq_null):
1281         (JSC::JIT::emit_op_neq_null):
1282         (JSC::JIT::emitSlow_op_loop_hint):
1283         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1284         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1285         * jit/JITOpcodes32_64.cpp:
1286         (JSC::JIT::privateCompileCTINativeCall):
1287         (JSC::JIT::emit_op_new_object):
1288         (JSC::JIT::emit_op_jfalse):
1289         (JSC::JIT::emit_op_jtrue):
1290         (JSC::JIT::emit_op_throw):
1291         (JSC::JIT::emit_op_catch):
1292         (JSC::JIT::emit_op_create_this):
1293         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1294         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1295         * jit/JITPropertyAccess.cpp:
1296         (JSC::JIT::emitWriteBarrier):
1297         * jit/JSInterfaceJIT.h:
1298         (JSC::JSInterfaceJIT::JSInterfaceJIT):
1299         (JSC::JSInterfaceJIT::vm):
1300         * jit/Repatch.cpp:
1301         (JSC::tryCacheGetByID):
1302         (JSC::tryCachePutByID):
1303         (JSC::linkPolymorphicCall):
1304         (JSC::resetGetByID):
1305         (JSC::resetPutByID):
1306         * jit/SetupVarargsFrame.cpp:
1307         (JSC::emitSetupVarargsFrameFastCase):
1308         * jit/SetupVarargsFrame.h:
1309         * jit/SpecializedThunkJIT.h:
1310         (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
1311         * jit/ThunkGenerators.cpp:
1312         (JSC::throwExceptionFromCallSlowPathGenerator):
1313         (JSC::linkCallThunkGenerator):
1314         (JSC::linkPolymorphicCallThunkGenerator):
1315         (JSC::virtualThunkFor):
1316         (JSC::nativeForGenerator):
1317         (JSC::randomThunkGenerator):
1318         (JSC::boundThisNoArgsFunctionCallGenerator):
1319         (JSC::throwExceptionFromWasmThunkGenerator):
1320         * wasm/WasmB3IRGenerator.cpp:
1321         (JSC::Wasm::parseAndCompile):
1322         * wasm/WasmBinding.cpp:
1323         (JSC::Wasm::wasmToJs):
1324         (JSC::Wasm::wasmToWasm):
1325
1326 2017-03-28  Keith Miller  <keith_miller@apple.com>
1327
1328         WebAssembly: We should have Origins
1329         https://bugs.webkit.org/show_bug.cgi?id=170217
1330
1331         Reviewed by Mark Lam.
1332
1333         This patch adds wasm origins for B3::Values, called OpcodeOrigin. Currently,
1334         OpcodeOrigin just tracks the original opcode and the location of that opcode.
1335
1336         Here's a sample:
1337
1338         BB#0: ; frequency = 1.000000
1339             Int64 @4 = Patchpoint(generator = 0x10f487fa8, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister)
1340             Int64 @5 = FramePointer()
1341             Void @8 = Store(@4, @5, offset = 24, ControlDependent|Writes:Top)
1342             Int64 @10 = Const64(0)
1343             Void @12 = Store($0(@10), @5, offset = 16, ControlDependent|Writes:Top)
1344             Int64 @13 = Patchpoint(generator = 0x10f4be7f0, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister, ExitsSideways|ControlDependent|WritesPinned|ReadsPinned|Fence|Writes:Top|Reads:Top)
1345             Int64 @16 = ArgumentReg(%rdi)
1346             Int64 @18 = ArgumentReg(%rsi)
1347             Int32 @22 = Trunc(@18, Wasm: {opcode: I64Rotl, location: 5})
1348             Int64 @23 = RotL(@16, @22, Wasm: {opcode: I64Rotl, location: 5})
1349             Void @27 = Return(@23, Terminal, Wasm: {opcode: End, location: 6})
1350
1351         * JavaScriptCore.xcodeproj/project.pbxproj:
1352         * b3/B3Value.cpp:
1353         (JSC::B3::Value::deepDump):
1354         * wasm/WasmB3IRGenerator.cpp:
1355         (JSC::Wasm::B3IRGenerator::setParser):
1356         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
1357         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1358         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1359         (JSC::Wasm::B3IRGenerator::emitStoreOp):
1360         (JSC::Wasm::B3IRGenerator::addConstant):
1361         (JSC::Wasm::B3IRGenerator::addLoop):
1362         (JSC::Wasm::B3IRGenerator::unify):
1363         (JSC::Wasm::parseAndCompile):
1364         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
1365         (JSC::Wasm::getMemoryBaseAndSize): Deleted.
1366         * wasm/WasmFunctionParser.h:
1367         (JSC::Wasm::FunctionParser::currentOpcode):
1368         (JSC::Wasm::FunctionParser::currentOpcodeStartingOffset):
1369         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
1370         * wasm/WasmOpcodeOrigin.cpp: Added.
1371         (JSC::Wasm::OpcodeOrigin::dump):
1372         * wasm/WasmOpcodeOrigin.h: Added.
1373         (JSC::Wasm::OpcodeOrigin::OpcodeOrigin):
1374         * wasm/WasmValidate.cpp:
1375         (JSC::Wasm::Validate::setParser):
1376         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
1377         (CodeGenerator.generate):
1378         (generateB3OpCode):
1379         (generateConstCode):
1380
1381 2017-03-28  JF Bastien  <jfbastien@apple.com>
1382
1383         WebAssembly: option to crash if no fast memory is available
1384         https://bugs.webkit.org/show_bug.cgi?id=170219
1385
1386         Reviewed by Mark Lam.
1387
1388         * runtime/Options.h:
1389         * wasm/WasmMemory.cpp:
1390         (JSC::Wasm::webAssemblyCouldntGetFastMemory):
1391         (JSC::Wasm::tryGetFastMemory):
1392
1393 2017-03-28  Mark Lam  <mark.lam@apple.com>
1394
1395         The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
1396         https://bugs.webkit.org/show_bug.cgi?id=170213
1397         <rdar://problem/30755345>
1398
1399         Reviewed by Filip Pizlo.
1400
1401         The current condition for stealing the conn isn't tight enough.  Restricting the
1402         stealing to when m_currentPhase == NotRunning ensures that the Collector is
1403         really done running.
1404
1405         No test because this issue only manifests with a race condition that is difficult
1406         to reproduce on demand.
1407
1408         * heap/Heap.cpp:
1409         (JSC::Heap::requestCollection):
1410
1411 2017-03-28  Keith Miller  <keith_miller@apple.com>
1412
1413         WebAssembly: Make WebAssembly.instantiate/compile truly asynchronous
1414         https://bugs.webkit.org/show_bug.cgi?id=169187
1415
1416         Reviewed by Saam Barati.
1417
1418         This patch allows WebAssembly compilations to happen asynchronously.
1419         To do so, it refactors how much of the compilation happens and adds
1420         new infrastructure for async promises.
1421
1422         First, there is a new class, PromiseDeferredTimer that lives on
1423         the VM.  PromiseDeferredTimer will manage the life-cycle of async
1424         pending promises and any dependencies that promise
1425         needs. PromiseDeferredTimer automagically releases the pending
1426         promise and dependencies once the JSPromiseDeferred is resolved or
1427         rejected. Additionally, PromiseDeferredTimer provides a mechanism
1428         to poll the run-loop whenever the async task needs to synchronize
1429         with the JS thread. Normally, that will be whenever the async task
1430         finishes. In the case of Web Assembly we also use this feature for
1431         the compile + instantiate case, where we might have more work
1432         after the first async task completes (more on that later).
1433
1434         The next class is Wasm::Worklist, which is used to manage Wasm
1435         compilation tasks. The worklist class works similarly to the
1436         DFG/FTL Worklists. It has a pool of threads that it manages. One
1437         interesting aspect of Wasm Worklist is that it can synchronously
1438         compile a plan that is already potentially running
1439         asynchronously. This can occur if a user calls
1440         WebAssembly.instantiate() then new WebAssembly.instantiate() on
1441         the same module. In that case the Wasm Worklist will bump the
1442         priority of the running pending Plan and block the JS thread.
1443
1444         This patch also makes some of the Wasm Plan code cleaner. Since we
1445         now defer all compilation to instantiation time, we no longer need
1446         to guess at which memory we are going to get. Also, Wasm Plans now
1447         track the work they have done with a state enum.
1448
1449         Finally, this patch makes renamed HeapTimer to JSRunLoopTimer. It
1450         also adds changes test262AsyncTest to a more generic testing
1451         infrastructure. Now, in addition to the old functionality, you can
1452         call asyncTest() with the number of tests you expect. When the jsc
1453         CLI exits, it will guarantee that asyncTestPassed() is called that
1454         many times.
1455
1456         * CMakeLists.txt:
1457         * JavaScriptCore.xcodeproj/project.pbxproj:
1458         * heap/GCActivityCallback.h:
1459         * heap/IncrementalSweeper.cpp:
1460         (JSC::IncrementalSweeper::scheduleTimer):
1461         (JSC::IncrementalSweeper::IncrementalSweeper):
1462         * heap/IncrementalSweeper.h:
1463         * heap/StopIfNecessaryTimer.cpp:
1464         (JSC::StopIfNecessaryTimer::StopIfNecessaryTimer):
1465         * heap/StopIfNecessaryTimer.h:
1466         * heap/StrongInlines.h:
1467         * jsc.cpp:
1468         (GlobalObject::finishCreation):
1469         (printInternal):
1470         (functionAsyncTestStart):
1471         (functionAsyncTestPassed):
1472         (functionTestWasmModuleFunctions):
1473         (CommandLine::parseArguments):
1474         (runJSC):
1475         * runtime/JSPromiseDeferred.cpp:
1476         (JSC::JSPromiseDeferred::resolve):
1477         (JSC::JSPromiseDeferred::reject):
1478         * runtime/JSPromiseDeferred.h:
1479         (JSC::JSPromiseDeferred::promiseAsyncPending):
1480         * runtime/JSRunLoopTimer.cpp: Renamed from Source/JavaScriptCore/heap/HeapTimer.cpp.
1481         (JSC::JSRunLoopTimer::JSRunLoopTimer):
1482         (JSC::JSRunLoopTimer::setRunLoop):
1483         (JSC::JSRunLoopTimer::~JSRunLoopTimer):
1484         (JSC::JSRunLoopTimer::timerDidFire):
1485         (JSC::JSRunLoopTimer::scheduleTimer):
1486         (JSC::JSRunLoopTimer::cancelTimer):
1487         (JSC::JSRunLoopTimer::invalidate):
1488         * runtime/JSRunLoopTimer.h: Copied from Source/JavaScriptCore/heap/HeapTimer.h.
1489         * runtime/Options.h:
1490         * runtime/PromiseDeferredTimer.cpp: Added.
1491         (JSC::PromiseDeferredTimer::PromiseDeferredTimer):
1492         (JSC::PromiseDeferredTimer::doWork):
1493         (JSC::PromiseDeferredTimer::runRunLoop):
1494         (JSC::PromiseDeferredTimer::addPendingPromise):
1495         (JSC::PromiseDeferredTimer::cancelPendingPromise):
1496         (JSC::PromiseDeferredTimer::scheduleWorkSoon):
1497         (JSC::PromiseDeferredTimer::scheduleBlockedTask):
1498         * runtime/PromiseDeferredTimer.h: Renamed from Source/JavaScriptCore/heap/HeapTimer.h.
1499         (JSC::PromiseDeferredTimer::stopRunningTasks):
1500         * runtime/VM.cpp:
1501         (JSC::VM::VM):
1502         (JSC::VM::~VM):
1503         * runtime/VM.h:
1504         * wasm/JSWebAssembly.cpp:
1505         (JSC::reject):
1506         (JSC::webAssemblyCompileFunc):
1507         (JSC::resolve):
1508         (JSC::instantiate):
1509         (JSC::compileAndInstantiate):
1510         (JSC::webAssemblyInstantiateFunc):
1511         (JSC::webAssemblyValidateFunc):
1512         * wasm/WasmB3IRGenerator.cpp:
1513         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1514         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1515         (JSC::Wasm::B3IRGenerator::memoryKind):
1516         (JSC::Wasm::parseAndCompile):
1517         * wasm/WasmB3IRGenerator.h:
1518         * wasm/WasmFormat.h:
1519         (JSC::Wasm::ModuleInformation::internalFunctionCount):
1520         * wasm/WasmFunctionParser.h:
1521         * wasm/WasmMemory.h:
1522         * wasm/WasmMemoryInformation.cpp:
1523         (JSC::Wasm::MemoryInformation::MemoryInformation):
1524         * wasm/WasmMemoryInformation.h:
1525         (JSC::Wasm::MemoryInformation::maximum):
1526         (JSC::Wasm::MemoryInformation::hasReservedMemory): Deleted.
1527         (JSC::Wasm::MemoryInformation::takeReservedMemory): Deleted.
1528         (JSC::Wasm::MemoryInformation::mode): Deleted.
1529         * wasm/WasmModuleParser.cpp:
1530         * wasm/WasmModuleParser.h:
1531         (JSC::Wasm::ModuleParser::ModuleParser):
1532         * wasm/WasmPlan.cpp:
1533         (JSC::Wasm::Plan::Plan):
1534         (JSC::Wasm::Plan::stateString):
1535         (JSC::Wasm::Plan::moveToState):
1536         (JSC::Wasm::Plan::fail):
1537         (JSC::Wasm::Plan::parseAndValidateModule):
1538         (JSC::Wasm::Plan::prepare):
1539         (JSC::Wasm::Plan::ThreadCountHolder::ThreadCountHolder):
1540         (JSC::Wasm::Plan::ThreadCountHolder::~ThreadCountHolder):
1541         (JSC::Wasm::Plan::compileFunctions):
1542         (JSC::Wasm::Plan::complete):
1543         (JSC::Wasm::Plan::waitForCompletion):
1544         (JSC::Wasm::Plan::cancel):
1545         (JSC::Wasm::Plan::run): Deleted.
1546         (JSC::Wasm::Plan::initializeCallees): Deleted.
1547         * wasm/WasmPlan.h:
1548         (JSC::Wasm::Plan::dontFinalize):
1549         (JSC::Wasm::Plan::exports):
1550         (JSC::Wasm::Plan::internalFunctionCount):
1551         (JSC::Wasm::Plan::takeModuleInformation):
1552         (JSC::Wasm::Plan::takeCallLinkInfos):
1553         (JSC::Wasm::Plan::takeWasmExitStubs):
1554         (JSC::Wasm::Plan::setModeAndPromise):
1555         (JSC::Wasm::Plan::mode):
1556         (JSC::Wasm::Plan::pendingPromise):
1557         (JSC::Wasm::Plan::vm):
1558         (JSC::Wasm::Plan::errorMessage):
1559         (JSC::Wasm::Plan::failed):
1560         (JSC::Wasm::Plan::hasWork):
1561         (JSC::Wasm::Plan::hasBeenPrepared):
1562         * wasm/WasmPlanInlines.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
1563         (JSC::Wasm::Plan::initializeCallees):
1564         * wasm/WasmValidate.cpp:
1565         * wasm/WasmWorklist.cpp: Added.
1566         (JSC::Wasm::Worklist::priorityString):
1567         (JSC::Wasm::Worklist::QueueElement::setToNextPriority):
1568         (JSC::Wasm::Worklist::iterate):
1569         (JSC::Wasm::Worklist::enqueue):
1570         (JSC::Wasm::Worklist::completePlanSynchronously):
1571         (JSC::Wasm::Worklist::stopAllPlansForVM):
1572         (JSC::Wasm::Worklist::Worklist):
1573         (JSC::Wasm::Worklist::~Worklist):
1574         (JSC::Wasm::existingWorklistOrNull):
1575         (JSC::Wasm::ensureWorklist):
1576         * wasm/WasmWorklist.h: Added.
1577         (JSC::Wasm::Worklist::nextTicket):
1578         (JSC::Wasm::Worklist::Comparator::operator()):
1579         * wasm/js/JSWebAssemblyCallee.h:
1580         * wasm/js/JSWebAssemblyCodeBlock.cpp:
1581         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
1582         (JSC::JSWebAssemblyCodeBlock::initialize):
1583         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1584         * wasm/js/JSWebAssemblyCodeBlock.h:
1585         (JSC::JSWebAssemblyCodeBlock::create):
1586         (JSC::JSWebAssemblyCodeBlock::initialized):
1587         (JSC::JSWebAssemblyCodeBlock::plan):
1588         (JSC::JSWebAssemblyCodeBlock::runnable):
1589         (JSC::JSWebAssemblyCodeBlock::errorMessage):
1590         (JSC::JSWebAssemblyCodeBlock::callees):
1591         * wasm/js/JSWebAssemblyHelpers.h:
1592         (JSC::createSourceBufferFromValue):
1593         * wasm/js/JSWebAssemblyInstance.cpp:
1594         (JSC::JSWebAssemblyInstance::finishCreation):
1595         (JSC::JSWebAssemblyInstance::visitChildren):
1596         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
1597         (JSC::JSWebAssemblyInstance::finalizeCreation):
1598         (JSC::JSWebAssemblyInstance::create):
1599         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
1600         * wasm/js/JSWebAssemblyInstance.h:
1601         (JSC::JSWebAssemblyInstance::codeBlock):
1602         (JSC::JSWebAssemblyInstance::initialized):
1603         (JSC::JSWebAssemblyInstance::module):
1604         (JSC::JSWebAssemblyInstance::importFunction):
1605         (JSC::JSWebAssemblyInstance::setMemory):
1606         (JSC::JSWebAssemblyInstance::table):
1607         (JSC::JSWebAssemblyInstance::importFunctions):
1608         (JSC::JSWebAssemblyInstance::setImportFunction): Deleted.
1609         (JSC::JSWebAssemblyInstance::setTable): Deleted.
1610         * wasm/js/JSWebAssemblyModule.cpp:
1611         (JSC::JSWebAssemblyModule::createStub):
1612         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1613         (JSC::JSWebAssemblyModule::finishCreation):
1614         (JSC::JSWebAssemblyModule::setCodeBlock):
1615         (JSC::JSWebAssemblyModule::buildCodeBlock): Deleted.
1616         (JSC::JSWebAssemblyModule::create): Deleted.
1617         (JSC::JSWebAssemblyModule::codeBlock): Deleted.
1618         * wasm/js/JSWebAssemblyModule.h:
1619         (JSC::JSWebAssemblyModule::moduleInformation):
1620         (JSC::JSWebAssemblyModule::codeBlock):
1621         (JSC::JSWebAssemblyModule::source):
1622         (JSC::JSWebAssemblyModule::takeReservedMemory): Deleted.
1623         (JSC::JSWebAssemblyModule::codeBlockFor): Deleted.
1624         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1625         (JSC::constructJSWebAssemblyInstance):
1626         (JSC::WebAssemblyInstanceConstructor::createInstance): Deleted.
1627         * wasm/js/WebAssemblyModuleConstructor.cpp:
1628         (JSC::WebAssemblyModuleConstructor::createModule):
1629         * wasm/js/WebAssemblyModulePrototype.cpp:
1630         (JSC::webAssemblyModuleProtoImports):
1631         (JSC::webAssemblyModuleProtoExports):
1632         * wasm/js/WebAssemblyModuleRecord.cpp:
1633         (JSC::WebAssemblyModuleRecord::finishCreation):
1634         (JSC::WebAssemblyModuleRecord::link):
1635         (JSC::WebAssemblyModuleRecord::evaluate):
1636         * wasm/js/WebAssemblyModuleRecord.h:
1637
1638 2017-03-28  Yusuke Suzuki  <utatane.tea@gmail.com>
1639
1640         WebAssembly: add fallback to use pinned register to load/store state
1641         https://bugs.webkit.org/show_bug.cgi?id=169773
1642
1643         Reviewed by Saam Barati.
1644
1645         This patch adds a new pinned register to hold JSWebAssemblyInstance,
1646         which is used to represent the context of running Wasm code.
1647         While we use fast TLS to hold the context in macOS, we do not have
1648         any system reserved fast TLS slot in the other systems. This pinned
1649         register approach is used in these systems. These changes decouple
1650         VM from Wasm module to make Wasm module position independent code.
1651
1652         While using fast TLS could be beneficial in x64 systems which number of
1653         registers is relatively small, pinned register approach could be
1654         beneficial in ARM64 which has plenty of registers. In macOS, we can
1655         switch the implementation with the runtime flag. Thus macOS port can
1656         compare the performance and decide which implementation is used after
1657         landing this patch.
1658
1659         * heap/MarkedBlock.h:
1660         (JSC::MarkedBlock::offsetOfVM):
1661         * jit/AssemblyHelpers.cpp:
1662         (JSC::AssemblyHelpers::loadWasmContext):
1663         (JSC::AssemblyHelpers::storeWasmContext):
1664         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
1665         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
1666         * jit/AssemblyHelpers.h:
1667         (JSC::AssemblyHelpers::loadWasmContext): Deleted.
1668         (JSC::AssemblyHelpers::storeWasmContext): Deleted.
1669         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister): Deleted.
1670         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister): Deleted.
1671         * jit/Repatch.cpp:
1672         (JSC::webAssemblyOwner):
1673         (JSC::linkFor):
1674         (JSC::linkPolymorphicCall):
1675         (JSC::isWebAssemblyToJSCallee): Deleted.
1676         * jit/ThunkGenerators.cpp:
1677         (JSC::throwExceptionFromWasmThunkGenerator):
1678         * llint/LLIntData.cpp:
1679         (JSC::LLInt::Data::performAssertions):
1680         * llint/LowLevelInterpreter.asm:
1681         * runtime/JSCell.cpp:
1682         (JSC::JSCell::isAnyWasmCallee):
1683         * runtime/JSCellInlines.h:
1684         (JSC::isWebAssemblyToJSCallee):
1685         * runtime/JSType.h:
1686         * runtime/StackFrame.cpp:
1687         (JSC::StackFrame::functionName):
1688         * runtime/VM.cpp:
1689         (JSC::VM::VM):
1690         * runtime/VM.h:
1691         (JSC::VM::wasmContextOffset):
1692         * wasm/WasmB3IRGenerator.cpp:
1693         (JSC::Wasm::B3IRGenerator::materializeWasmContext):
1694         (JSC::Wasm::B3IRGenerator::restoreWasmContext):
1695         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1696         (JSC::Wasm::getMemoryBaseAndSize):
1697         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
1698         (JSC::Wasm::createJSToWasmWrapper):
1699         (JSC::Wasm::loadWasmContext): Deleted.
1700         (JSC::Wasm::storeWasmContext): Deleted.
1701         (JSC::Wasm::restoreWebAssemblyGlobalState): Deleted.
1702         * wasm/WasmBinding.cpp:
1703         (JSC::Wasm::wasmToJs):
1704         * wasm/WasmContext.cpp:
1705         (JSC::loadWasmContext):
1706         (JSC::storeWasmContext):
1707         * wasm/WasmContext.h:
1708         * wasm/WasmMemoryInformation.cpp:
1709         (JSC::Wasm::getPinnedRegisters):
1710         (JSC::Wasm::PinnedRegisterInfo::get):
1711         (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
1712         * wasm/WasmMemoryInformation.h:
1713         (JSC::Wasm::PinnedRegisterInfo::toSave):
1714         (JSC::Wasm::useFastTLS):
1715         (JSC::Wasm::useFastTLSForWasmContext):
1716         * wasm/js/JSWebAssemblyInstance.cpp:
1717         (JSC::JSWebAssemblyInstance::finishCreation):
1718         (JSC::JSWebAssemblyInstance::visitChildren):
1719         * wasm/js/JSWebAssemblyInstance.h:
1720         (JSC::JSWebAssemblyInstance::offsetOfCallee):
1721         * wasm/js/JSWebAssemblyModule.cpp:
1722         (JSC::JSWebAssemblyModule::finishCreation):
1723         (JSC::JSWebAssemblyModule::visitChildren):
1724         * wasm/js/JSWebAssemblyModule.h:
1725         (JSC::JSWebAssemblyModule::callee):
1726         * wasm/js/WebAssemblyFunction.cpp:
1727         (JSC::callWebAssemblyFunction):
1728         (JSC::WebAssemblyFunction::create):
1729         * wasm/js/WebAssemblyToJSCallee.cpp:
1730         (JSC::WebAssemblyToJSCallee::create):
1731         (JSC::WebAssemblyToJSCallee::createStructure):
1732         (JSC::WebAssemblyToJSCallee::finishCreation):
1733         (JSC::WebAssemblyToJSCallee::visitChildren):
1734         (JSC::WebAssemblyToJSCallee::destroy): Deleted.
1735         * wasm/js/WebAssemblyToJSCallee.h:
1736
1737 2017-03-28  Brian Burg  <bburg@apple.com>
1738
1739         Web Inspector: Add "Disable Caches" option that only applies to the inspected page while Web Inspector is open
1740         https://bugs.webkit.org/show_bug.cgi?id=169865
1741         <rdar://problem/31250573>
1742
1743         Reviewed by Joseph Pecoraro.
1744
1745         * inspector/protocol/Network.json:
1746         Rename the command for disabling resource caching to match the WebCore::Page
1747         flag. This also removes the possibility that this could be confused for the old,
1748         buggy command that this patch rips out.
1749
1750 2017-03-25  Yusuke Suzuki  <utatane.tea@gmail.com>
1751
1752         [JSC] Move platformThreadSignal to WTF
1753         https://bugs.webkit.org/show_bug.cgi?id=170097
1754
1755         Reviewed by Mark Lam.
1756
1757         It is a small clean up towards https://bugs.webkit.org/show_bug.cgi?id=170027.
1758         platformThreadSignal uses PlatformThread in JSC, but it can be implemented in
1759         WTF ThreadIdentifier.
1760
1761         * runtime/JSLock.cpp:
1762         (JSC::JSLock::lock):
1763         * runtime/JSLock.h:
1764         (JSC::JSLock::ownerThread):
1765         (JSC::JSLock::currentThreadIsHoldingLock):
1766         * runtime/PlatformThread.h:
1767         (JSC::platformThreadSignal): Deleted.
1768         * runtime/VM.h:
1769         (JSC::VM::ownerThread):
1770         * runtime/VMTraps.cpp:
1771         (JSC::VMTraps::SignalSender::send):
1772
1773 2017-03-28  JF Bastien  <jfbastien@apple.com>
1774
1775         WebAssembly: implement Module imports/exports
1776         https://bugs.webkit.org/show_bug.cgi?id=166982
1777
1778         Reviewed by Saam Barati.
1779
1780         As defined in: https://github.com/WebAssembly/design/commit/18cbacb90cd3584dd5c9aa3d392e4e55f66af6ab
1781
1782         * wasm/WasmFormat.h:
1783         (JSC::Wasm::makeString): use uppercase instead, it was only used
1784         for diagnostic but is now used for the expected JS property's
1785         capitalization
1786         * wasm/js/WebAssemblyModulePrototype.cpp:
1787         (JSC::webAssemblyModuleProtoImports):
1788         (JSC::webAssemblyModuleProtoExports):
1789
1790 2017-03-27  JF Bastien  <jfbastien@apple.com>
1791
1792         WebAssembly: JSWebAssemblyCodeBlock.h belongs in JavaScriptCore/wasm/js not JavaScriptCore/wasm
1793         https://bugs.webkit.org/show_bug.cgi?id=170160
1794
1795         Reviewed by Mark Lam.
1796
1797         * JavaScriptCore.xcodeproj/project.pbxproj:
1798         * wasm/js/JSWebAssemblyCodeBlock.h: Renamed from Source/JavaScriptCore/wasm/JSWebAssemblyCodeBlock.h.
1799
1800 2017-03-27  JF Bastien  <jfbastien@apple.com>
1801
1802         WebAssembly: misc memory testing
1803         https://bugs.webkit.org/show_bug.cgi?id=170137
1804
1805         Reviewed by Keith Miller.
1806
1807         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1808         (JSC::WebAssemblyInstanceConstructor::createInstance): improve error messages
1809
1810 2017-03-27  Michael Saboff  <msaboff@apple.com>
1811
1812         Add ARM64 system instructions to disassembler
1813         https://bugs.webkit.org/show_bug.cgi?id=170084
1814
1815         Reviewed by Saam Barati.
1816
1817         This changes adds support for MRS and MSR instructions, and refactors the DMB
1818         disassembly to handle all of the barrier instructions.
1819
1820         * disassembler/ARM64/A64DOpcode.cpp:
1821         (JSC::ARM64Disassembler::A64DOpcodeMSRImmediate::format):
1822         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::format):
1823         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::format):
1824         (JSC::ARM64Disassembler::A64DOpcodeDmb::format): Deleted.
1825         * disassembler/ARM64/A64DOpcode.h:
1826         (JSC::ARM64Disassembler::A64DOpcodeSystem::lBit):
1827         (JSC::ARM64Disassembler::A64DOpcodeSystem::op0):
1828         (JSC::ARM64Disassembler::A64DOpcodeSystem::op1):
1829         (JSC::ARM64Disassembler::A64DOpcodeSystem::crN):
1830         (JSC::ARM64Disassembler::A64DOpcodeSystem::crM):
1831         (JSC::ARM64Disassembler::A64DOpcodeSystem::op2):
1832         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::opName):
1833         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::systemRegister):
1834         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::opName):
1835         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::option):
1836         (JSC::ARM64Disassembler::A64DOpcodeDmb::opName): Deleted.
1837         (JSC::ARM64Disassembler::A64DOpcodeDmb::option): Deleted.
1838         (JSC::ARM64Disassembler::A64DOpcodeDmb::crM): Deleted.
1839
1840 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
1841
1842         B3::fixSSA should do liveness pruning
1843         https://bugs.webkit.org/show_bug.cgi?id=170111
1844
1845         Reviewed by Saam Barati.
1846         
1847         This moves all of the logic of Air::Liveness<> to WTF::Liveness<> and then uses that to
1848         create B3::VariableLiveness. Then this uses VariableLiveness::LiveAtHead to prune Phi
1849         construction.
1850         
1851         This makes B3::fixSSA run twice as fast. This is a 13% progression on WasmBench compile
1852         times.
1853
1854         * CMakeLists.txt:
1855         * JavaScriptCore.xcodeproj/project.pbxproj:
1856         * b3/B3BasicBlock.h:
1857         (JSC::B3::BasicBlock::get):
1858         * b3/B3FixSSA.cpp:
1859         (JSC::B3::fixSSA):
1860         * b3/B3VariableLiveness.cpp: Added.
1861         (JSC::B3::VariableLiveness::VariableLiveness):
1862         (JSC::B3::VariableLiveness::~VariableLiveness):
1863         * b3/B3VariableLiveness.h: Added.
1864         (JSC::B3::VariableLivenessAdapter::VariableLivenessAdapter):
1865         (JSC::B3::VariableLivenessAdapter::numIndices):
1866         (JSC::B3::VariableLivenessAdapter::valueToIndex):
1867         (JSC::B3::VariableLivenessAdapter::indexToValue):
1868         (JSC::B3::VariableLivenessAdapter::blockSize):
1869         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse):
1870         (JSC::B3::VariableLivenessAdapter::forEachLateUse):
1871         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef):
1872         (JSC::B3::VariableLivenessAdapter::forEachLateDef):
1873         * b3/air/AirCFG.h: Added.
1874         (JSC::B3::Air::CFG::CFG):
1875         (JSC::B3::Air::CFG::root):
1876         (JSC::B3::Air::CFG::newMap):
1877         (JSC::B3::Air::CFG::successors):
1878         (JSC::B3::Air::CFG::predecessors):
1879         (JSC::B3::Air::CFG::index):
1880         (JSC::B3::Air::CFG::node):
1881         (JSC::B3::Air::CFG::numNodes):
1882         (JSC::B3::Air::CFG::dump):
1883         * b3/air/AirCode.cpp:
1884         (JSC::B3::Air::Code::Code):
1885         * b3/air/AirCode.h:
1886         (JSC::B3::Air::Code::cfg):
1887         * b3/air/AirLiveness.h:
1888         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
1889         (JSC::B3::Air::LivenessAdapter::blockSize):
1890         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse):
1891         (JSC::B3::Air::LivenessAdapter::forEachLateUse):
1892         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef):
1893         (JSC::B3::Air::LivenessAdapter::forEachLateDef):
1894         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
1895         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
1896         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
1897         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
1898         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
1899         (JSC::B3::Air::Liveness::Liveness):
1900         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc): Deleted.
1901         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable): Deleted.
1902         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator): Deleted.
1903         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++): Deleted.
1904         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*): Deleted.
1905         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==): Deleted.
1906         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=): Deleted.
1907         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin): Deleted.
1908         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end): Deleted.
1909         (JSC::B3::Air::Liveness::LocalCalc::Iterable::contains): Deleted.
1910         (JSC::B3::Air::Liveness::LocalCalc::live): Deleted.
1911         (JSC::B3::Air::Liveness::LocalCalc::isLive): Deleted.
1912         (JSC::B3::Air::Liveness::LocalCalc::execute): Deleted.
1913         (JSC::B3::Air::Liveness::rawLiveAtHead): Deleted.
1914         (JSC::B3::Air::Liveness::Iterable::Iterable): Deleted.
1915         (JSC::B3::Air::Liveness::Iterable::iterator::iterator): Deleted.
1916         (JSC::B3::Air::Liveness::Iterable::iterator::operator*): Deleted.
1917         (JSC::B3::Air::Liveness::Iterable::iterator::operator++): Deleted.
1918         (JSC::B3::Air::Liveness::Iterable::iterator::operator==): Deleted.
1919         (JSC::B3::Air::Liveness::Iterable::iterator::operator!=): Deleted.
1920         (JSC::B3::Air::Liveness::Iterable::begin): Deleted.
1921         (JSC::B3::Air::Liveness::Iterable::end): Deleted.
1922         (JSC::B3::Air::Liveness::Iterable::contains): Deleted.
1923         (JSC::B3::Air::Liveness::liveAtHead): Deleted.
1924         (JSC::B3::Air::Liveness::liveAtTail): Deleted.
1925         (JSC::B3::Air::Liveness::workset): Deleted.
1926
1927 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
1928
1929         Air::Liveness shouldn't need HashSets
1930         https://bugs.webkit.org/show_bug.cgi?id=170102
1931
1932         Reviewed by Yusuke Suzuki.
1933         
1934         This converts Air::Liveness<> to no longer use HashSets or BitVectors. This turns out to be
1935         easy because it's cheap enough to do a sorted merge of the things being added to liveAtHead and
1936         the things in the predecessors' liveAtTail. This turns out to be faster - it's a 2% overall
1937         compile time progression on WasmBench.
1938         
1939         * b3/B3LowerToAir.cpp:
1940         (JSC::B3::Air::LowerToAir::lower): Add a FIXME unrelated to this patch.
1941         * b3/air/AirLiveness.h:
1942         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
1943         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc):
1944         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead):
1945         (JSC::B3::Air::AbstractLiveness::liveAtHead):
1946         (JSC::B3::Air::AbstractLiveness::liveAtTail):
1947         * b3/air/AirTmp.h:
1948         (JSC::B3::Air::Tmp::bank):
1949         (JSC::B3::Air::Tmp::tmpIndex):
1950         * dfg/DFGStoreBarrierClusteringPhase.cpp:
1951
1952 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
1953
1954         Air should use RegisterSet for RegLiveness
1955         https://bugs.webkit.org/show_bug.cgi?id=170108
1956
1957         Reviewed by Yusuke Suzuki.
1958         
1959         The biggest change here is the introduction of the new RegLiveness class. This is a
1960         drop-in replacement for the old RegLiveness, which was a specialization of
1961         AbstractLiveness<>, but it's about 30% faster. It gets its speed boost from just using
1962         sets everywhere, which is efficient for registers since RegisterSet is just two (on
1963         x86-64) or three 32-bit (on ARM64) statically allocated words. This looks like a 1%
1964         compile time progression on WasmBench.
1965
1966         * CMakeLists.txt:
1967         * JavaScriptCore.xcodeproj/project.pbxproj:
1968         * b3/B3TimingScope.cpp: Records phase timing totals.
1969         (JSC::B3::TimingScope::TimingScope):
1970         (JSC::B3::TimingScope::~TimingScope):
1971         * b3/B3TimingScope.h:
1972         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
1973         (JSC::B3::Air::allocateRegistersByGraphColoring):
1974         * b3/air/AirLiveness.h: Move code around and rename a bit to make it more like RegLiveness; in particular we want the `iterator` to be called `iterator` not `Iterator`, and we want it to be internal to its iterable. Also rename this template to Liveness, to match the header filename.
1975         (JSC::B3::Air::Liveness::Liveness):
1976         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
1977         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable):
1978         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator):
1979         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++):
1980         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*):
1981         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==):
1982         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=):
1983         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin):
1984         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end):
1985         (JSC::B3::Air::Liveness::Iterable::Iterable):
1986         (JSC::B3::Air::Liveness::Iterable::iterator::iterator):
1987         (JSC::B3::Air::RegLivenessAdapter::RegLivenessAdapter): Deleted.
1988         (JSC::B3::Air::RegLivenessAdapter::numIndices): Deleted.
1989         (JSC::B3::Air::RegLivenessAdapter::acceptsBank): Deleted.
1990         (JSC::B3::Air::RegLivenessAdapter::acceptsRole): Deleted.
1991         (JSC::B3::Air::RegLivenessAdapter::valueToIndex): Deleted.
1992         (JSC::B3::Air::RegLivenessAdapter::indexToValue): Deleted.
1993         (JSC::B3::Air::AbstractLiveness::AbstractLiveness): Deleted.
1994         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc): Deleted.
1995         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::Iterator): Deleted.
1996         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator++): Deleted.
1997         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator*): Deleted.
1998         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator==): Deleted.
1999         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator!=): Deleted.
2000         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::Iterable): Deleted.
2001         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::begin): Deleted.
2002         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::end): Deleted.
2003         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::contains): Deleted.
2004         (JSC::B3::Air::AbstractLiveness::LocalCalc::live): Deleted.
2005         (JSC::B3::Air::AbstractLiveness::LocalCalc::isLive): Deleted.
2006         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute): Deleted.
2007         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead): Deleted.
2008         (JSC::B3::Air::AbstractLiveness::Iterable::Iterable): Deleted.
2009         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::iterator): Deleted.
2010         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator*): Deleted.
2011         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator++): Deleted.
2012         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator==): Deleted.
2013         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator!=): Deleted.
2014         (JSC::B3::Air::AbstractLiveness::Iterable::begin): Deleted.
2015         (JSC::B3::Air::AbstractLiveness::Iterable::end): Deleted.
2016         (JSC::B3::Air::AbstractLiveness::Iterable::contains): Deleted.
2017         (JSC::B3::Air::AbstractLiveness::liveAtHead): Deleted.
2018         (JSC::B3::Air::AbstractLiveness::liveAtTail): Deleted.
2019         (JSC::B3::Air::AbstractLiveness::workset): Deleted.
2020         * b3/air/AirLogRegisterPressure.cpp:
2021         * b3/air/AirLowerAfterRegAlloc.cpp:
2022         * b3/air/AirRegLiveness.cpp: Added.
2023         (JSC::B3::Air::RegLiveness::RegLiveness):
2024         (JSC::B3::Air::RegLiveness::~RegLiveness):
2025         (JSC::B3::Air::RegLiveness::LocalCalc::execute):
2026         * b3/air/AirRegLiveness.h: Added.
2027         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
2028         (JSC::B3::Air::RegLiveness::LocalCalc::live):
2029         (JSC::B3::Air::RegLiveness::LocalCalc::isLive):
2030         (JSC::B3::Air::RegLiveness::liveAtHead):
2031         (JSC::B3::Air::RegLiveness::liveAtTail):
2032         * b3/air/AirReportUsedRegisters.cpp:
2033         * jit/RegisterSet.h:
2034         (JSC::RegisterSet::add):
2035         (JSC::RegisterSet::remove):
2036         (JSC::RegisterSet::contains):
2037         (JSC::RegisterSet::subsumes):
2038         (JSC::RegisterSet::iterator::iterator):
2039         (JSC::RegisterSet::iterator::operator*):
2040         (JSC::RegisterSet::iterator::operator++):
2041         (JSC::RegisterSet::iterator::operator==):
2042         (JSC::RegisterSet::iterator::operator!=):
2043         (JSC::RegisterSet::begin):
2044         (JSC::RegisterSet::end):
2045
2046 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
2047
2048         Fix wasm by returning after we do TLS.
2049
2050         Rubber stamped by Keith Miller.
2051
2052         * jit/AssemblyHelpers.h:
2053         (JSC::AssemblyHelpers::storeWasmContext):
2054
2055 2017-03-24  Mark Lam  <mark.lam@apple.com>
2056
2057         Add some instrumentation in Heap::resumeThePeriphery() to help debug an issue.
2058         https://bugs.webkit.org/show_bug.cgi?id=170086
2059         <rdar://problem/31253673>
2060
2061         Reviewed by Saam Barati.
2062
2063         Adding some instrumentation in Heap::resumeThePeriphery() to dump some Heap state
2064         just before we RELEASE_ASSERT_NOT_REACHED.
2065
2066         * heap/Heap.cpp:
2067         (JSC::Heap::resumeThePeriphery):
2068
2069 2017-03-24  JF Bastien  <jfbastien@apple.com>
2070
2071         WebAssembly: store state in TLS instead of on VM
2072         https://bugs.webkit.org/show_bug.cgi?id=169611
2073
2074         Reviewed by Filip Pizlo.
2075
2076         Using thread-local storage instead of VM makes code more position
2077         independent. We used to store the WebAssembly top Instance (the
2078         latest one in the call stack) on VM, now we instead store it in
2079         TLS. This top Instance is used to access a bunch of state such as
2080         Memory location, size, table (for call_indirect), etc.
2081
2082         Instead of calling it "top", which is confusing, we now just call
2083         it WasmContext.
2084
2085         Making the code PIC means future patches will be able to
2086         postMessage and structured clone into IDB without having to
2087         recompile the code. This wasn't possible before because we
2088         hard-coded the address of VM at compilation time. That doesn't
2089         work between workers, and doesn't work across reloads (which IDB
2090         is intended to do).
2091
2092         It'll also potentially make code faster once we start tuning
2093         what's in TLS, what's in which of the 4 free slots, and what's in
2094         pinned registers. I'm leaving this tuning for later because
2095         there's lower lying fruit for us to pick.
2096
2097         * CMakeLists.txt:
2098         * JavaScriptCore.xcodeproj/project.pbxproj:
2099         * assembler/AbstractMacroAssembler.h:
2100         * assembler/AllowMacroScratchRegisterUsageIf.h: Copied from assembler/AllowMacroScratchRegisterUsage.h.
2101         (JSC::AllowMacroScratchRegisterUsageIf::AllowMacroScratchRegisterUsageIf):
2102         (JSC::AllowMacroScratchRegisterUsageIf::~AllowMacroScratchRegisterUsageIf):
2103         * assembler/MacroAssembler.h:
2104         (JSC::MacroAssembler::storeToTLSPtr): we previously didn't have
2105         the code required to store to TLS, only to load
2106         * assembler/MacroAssemblerARM64.h:
2107         (JSC::MacroAssemblerARM64::loadFromTLSPtrNeedsMacroScratchRegister):
2108         (JSC::MacroAssemblerARM64::storeToTLS32):
2109         (JSC::MacroAssemblerARM64::storeToTLS64):
2110         (JSC::MacroAssemblerARM64::storeToTLSPtrNeedsMacroScratchRegister):
2111         * assembler/MacroAssemblerX86Common.h:
2112         (JSC::MacroAssemblerX86Common::loadFromTLSPtrNeedsMacroScratchRegister):
2113         (JSC::MacroAssemblerX86Common::storeToTLS32):
2114         (JSC::MacroAssemblerX86Common::storeToTLSPtrNeedsMacroScratchRegister):
2115         * assembler/MacroAssemblerX86_64.h:
2116         (JSC::MacroAssemblerX86_64::loadFromTLS64): was loading 32-bit instead of 64-bit
2117         (JSC::MacroAssemblerX86_64::storeToTLS64):
2118         * assembler/X86Assembler.h:
2119         (JSC::X86Assembler::movl_rm):
2120         (JSC::X86Assembler::movq_rm):
2121         * b3/testb3.cpp:
2122         (JSC::B3::testFastTLSLoad):
2123         (JSC::B3::testFastTLSStore):
2124         (JSC::B3::run):
2125         * jit/AssemblyHelpers.h:
2126         (JSC::AssemblyHelpers::loadWasmContext):
2127         (JSC::AssemblyHelpers::storeWasmContext):
2128         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
2129         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
2130         * jit/Repatch.cpp:
2131         (JSC::webAssemblyOwner):
2132         * jit/ThunkGenerators.cpp:
2133         (JSC::throwExceptionFromWasmThunkGenerator):
2134         * runtime/Options.h:
2135         * runtime/VM.cpp:
2136         (JSC::VM::VM):
2137         * runtime/VM.h:
2138         * wasm/WasmB3IRGenerator.cpp:
2139         (JSC::Wasm::loadWasmContext):
2140         (JSC::Wasm::storeWasmContext):
2141         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2142         (JSC::Wasm::getMemoryBaseAndSize):
2143         (JSC::Wasm::restoreWebAssemblyGlobalState):
2144         (JSC::Wasm::createJSToWasmWrapper):
2145         (JSC::Wasm::parseAndCompile):
2146         * wasm/WasmBinding.cpp:
2147         (JSC::Wasm::materializeImportJSCell):
2148         (JSC::Wasm::wasmToJs):
2149         (JSC::Wasm::wasmToWasm):
2150         * wasm/WasmContext.cpp: Added.
2151         (JSC::loadWasmContext):
2152         (JSC::storeWasmContext):
2153         * wasm/WasmContext.h: Added. Replaces "top" JSWebAssemblyInstance.
2154         * wasm/js/WebAssemblyFunction.cpp:
2155         (JSC::callWebAssemblyFunction):
2156         * wasm/js/WebAssemblyInstanceConstructor.h:
2157
2158 2017-03-24  JF Bastien  <jfbastien@apple.com>
2159
2160         WebAssembly: spec-tests/memory.wast.js fails in debug
2161         https://bugs.webkit.org/show_bug.cgi?id=169794
2162
2163         Reviewed by Keith Miller.
2164
2165         The failure was due to empty memories (with maximum size 0). Those
2166         only occur in tests and in code that's trying to trip us. This
2167         patch adds memory mode "none" which represents no memory. It can
2168         work with either bounds checked or signaling code because it never
2169         contains loads and stores.
2170
2171         The spec tests which were failing did the following:
2172             > (module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
2173             > (assert_return (invoke "memsize") (i32.const 0))
2174             > (module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
2175             > (assert_return (invoke "memsize") (i32.const 0))
2176             > (module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
2177             > (assert_return (invoke "memsize") (i32.const 1))
2178
2179         * wasm/WasmB3IRGenerator.cpp:
2180         (JSC::Wasm::B3IRGenerator::memoryKind):
2181         * wasm/WasmMemory.cpp:
2182         (JSC::Wasm::tryGetFastMemory):
2183         (JSC::Wasm::releaseFastMemory):
2184         (JSC::Wasm::Memory::Memory):
2185         (JSC::Wasm::Memory::createImpl):
2186         (JSC::Wasm::Memory::create):
2187         (JSC::Wasm::Memory::grow):
2188         (JSC::Wasm::Memory::makeString):
2189         * wasm/WasmMemory.h:
2190         * wasm/WasmMemoryInformation.cpp:
2191         (JSC::Wasm::MemoryInformation::MemoryInformation):
2192         * wasm/js/JSWebAssemblyCodeBlock.cpp:
2193         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
2194         * wasm/js/JSWebAssemblyModule.cpp:
2195         (JSC::JSWebAssemblyModule::codeBlock):
2196         (JSC::JSWebAssemblyModule::finishCreation):
2197         * wasm/js/JSWebAssemblyModule.h:
2198         (JSC::JSWebAssemblyModule::codeBlock):
2199         (JSC::JSWebAssemblyModule::codeBlockFor):
2200
2201 2017-03-24  Mark Lam  <mark.lam@apple.com>
2202
2203         Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
2204         https://bugs.webkit.org/show_bug.cgi?id=170064
2205         <rdar://problem/31246098>
2206
2207         Reviewed by Geoffrey Garen.
2208
2209         * runtime/ArrayPrototype.cpp:
2210         (JSC::arrayProtoPrivateFuncConcatMemcpy):
2211         * runtime/JSArray.cpp:
2212         (JSC::JSArray::fastSlice):
2213
2214 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
2215
2216         [JSC] Use jsNontrivialString agressively for ToString(Int52)
2217         https://bugs.webkit.org/show_bug.cgi?id=170002
2218
2219         Reviewed by Sam Weinig.
2220
2221         We use the same logic used for Int32 to use jsNontvirialString.
2222         After single character check, produced string is always longer than 1.
2223         Thus, we can use jsNontrivialString.
2224
2225         * runtime/NumberPrototype.cpp:
2226         (JSC::int52ToString):
2227
2228 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
2229
2230         [JSC] Use WeakRandom for SamplingProfiler interval fluctuation
2231         https://bugs.webkit.org/show_bug.cgi?id=170045
2232
2233         Reviewed by Mark Lam.
2234
2235         It is unnecessary to use cryptographicallyRandomNumber for SamplingProfiler
2236         interval fluctuation. Use WeakRandom instead.
2237
2238         * runtime/SamplingProfiler.cpp:
2239         (JSC::SamplingProfiler::SamplingProfiler):
2240         (JSC::SamplingProfiler::timerLoop):
2241         * runtime/SamplingProfiler.h:
2242
2243 2017-03-23  Mark Lam  <mark.lam@apple.com>
2244
2245         Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
2246         https://bugs.webkit.org/show_bug.cgi?id=170025
2247         <rdar://problem/31228679>
2248
2249         Reviewed by Saam Barati.
2250
2251         * runtime/ArrayPrototype.cpp:
2252         (JSC::copySplicedArrayElements):
2253         (JSC::arrayProtoFuncSplice):
2254
2255 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
2256
2257         [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
2258         https://bugs.webkit.org/show_bug.cgi?id=169998
2259
2260         Reviewed by Saam Barati.
2261
2262         Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
2263         We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
2264         We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.
2265
2266         This patch tighten the conditions of addShouldSpeculateAnyInt.
2267
2268         1. Honor DoubleConstant.
2269
2270         When executing imaging-darkroom, we have a thing like that,
2271
2272             132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
2273             1320:< 1:loc38>        Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
2274             1321:< 1:loc39>        Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
2275             133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)
2276
2277         The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
2278         of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
2279         While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
2280         severe performance regression.
2281
2282         Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.
2283
2284         One thing can be found that we have DoubleConstant in the RHS. It means that we have `1.0` instead of `1` in the code.
2285         We can see the code like `lhs - 1.0` instead of `lhs - 1` in imaging-darkroom. It offers good information that lhs and
2286         the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
2287         it in Int52.
2288
2289         So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
2290         Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.
2291
2292         2. Two Int52Rep(Double) conversions are not desirable.
2293
2294         We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
2295         decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
2296         rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
2297         cheap since only one Double to Int52 conversion could be required.
2298         This recovers some regression in assorted tests while keeping kraken crypto improvements.
2299
2300         3. Avoid frequent Int52 to JSValue conversions.
2301
2302         Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
2303         Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
2304         converting Int52, performing ArithAdd, and soon converting back to JSValue.
2305
2306         The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
2307         And still it keeps kraken crypto improvements.
2308
2309                                                    baseline                  patched
2310
2311         imaging-darkroom                       201.112+-3.192      ^     189.532+-2.883         ^ definitely 1.0611x faster
2312         stanford-crypto-pbkdf2                 103.953+-2.325            100.926+-2.396           might be 1.0300x faster
2313         stanford-crypto-sha256-iterative        35.103+-1.071      ?      36.049+-1.143         ? might be 1.0270x slower
2314
2315         * dfg/DFGGraph.h:
2316         (JSC::DFG::Graph::addShouldSpeculateAnyInt):
2317
2318 == Rolled over to ChangeLog-2017-03-23 ==