Unreviewed, partially revert r191952.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
2
3         Unreviewed, partially revert r191952.
4
5         Removed GCC compiler workarounds (unreachable returns).
6
7         * b3/B3Type.h:
8         (JSC::B3::sizeofType):
9         * b3/air/AirArg.h:
10         (JSC::B3::Air::Arg::isUse):
11         (JSC::B3::Air::Arg::isDef):
12         (JSC::B3::Air::Arg::isGP):
13         (JSC::B3::Air::Arg::isFP):
14         (JSC::B3::Air::Arg::isType):
15         * b3/air/AirCode.h:
16         (JSC::B3::Air::Code::newTmp):
17         (JSC::B3::Air::Code::numTmps):
18
19 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
20
21         Fix the ENABLE(B3_JIT) build on Linux
22         https://bugs.webkit.org/show_bug.cgi?id=150794
23
24         Reviewed by Darin Adler.
25
26         * CMakeLists.txt:
27         * b3/B3HeapRange.h:
28         * b3/B3IndexSet.h:
29         (JSC::B3::IndexSet::Iterable::iterator::operator++):
30         * b3/B3Type.h:
31         (JSC::B3::sizeofType):
32         * b3/air/AirArg.cpp:
33         (JSC::B3::Air::Arg::dump):
34         * b3/air/AirArg.h:
35         (JSC::B3::Air::Arg::isUse):
36         (JSC::B3::Air::Arg::isDef):
37         (JSC::B3::Air::Arg::isGP):
38         (JSC::B3::Air::Arg::isFP):
39         (JSC::B3::Air::Arg::isType):
40         * b3/air/AirCode.h:
41         (JSC::B3::Air::Code::newTmp):
42         (JSC::B3::Air::Code::numTmps):
43         * b3/air/AirSpecial.cpp:
44
45 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
46
47         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
48         https://bugs.webkit.org/show_bug.cgi?id=150793
49
50         Reviewed by Darin Adler.
51
52         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
53         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
54         the ifdef in parseAssignmentExpression.
55         This prevents functionality of parsing arrow function syntax.
56
57         * parser/Lexer.cpp:
58         (JSC::Lexer<T>::lex):
59         * parser/Parser.cpp:
60         (JSC::Parser<LexerType>::parseInner): Deleted.
61         * parser/Parser.h:
62         (JSC::Parser::isArrowFunctionParamters): Deleted.
63         * parser/ParserTokens.h:
64
65 2015-11-02  Michael Saboff  <msaboff@apple.com>
66
67         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
68         https://bugs.webkit.org/show_bug.cgi?id=150745
69
70         Reviewed by Geoffrey Garen.
71
72         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
73         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
74         type of the true caller, that is the function we'll be returning to.
75
76         This can be found by remembering the last call type we find while walking up the inlined
77         frames in InlineCallFrame::getCallerSkippingDeadFrames().
78
79         We can also return directly back to a getter or setter callsite without using a thunk.
80
81         * bytecode/InlineCallFrame.h:
82         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
83         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
84         * dfg/DFGOSRExitCompilerCommon.cpp:
85         (JSC::DFG::reifyInlinedCallFrames):
86         * jit/JITPropertyAccess.cpp:
87         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
88         for reified inlined frames created during OSR exit. 
89         * jit/ThunkGenerators.cpp:
90         (JSC::baselineGetterReturnThunkGenerator): Deleted.
91         (JSC::baselineSetterReturnThunkGenerator): Deleted.
92         * jit/ThunkGenerators.h:
93
94 2015-11-02  Saam barati  <sbarati@apple.com>
95
96         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
97         https://bugs.webkit.org/show_bug.cgi?id=150760
98
99         Reviewed by Geoffrey Garen.
100
101         This is related to using PhantomLocal instead of Flush as 
102         the liveness preservation mechanism for live catch variables. 
103         I'm temporarily switching things back to Flush. This will be a
104         performance hit for try/catch in the DFG. Landing this patch,
105         though, will allow me to land try/catch in the FTL. It also
106         makes try/catch in the DFG sound. I have opened another
107         bug to further investigate using PhantomLocal as the
108         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
109
110         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
111         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
112         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
113         (assert):
114         (let.oThrow.get f):
115         (let.o2.get f):
116         (foo):
117         (f):
118
119 2015-11-02  Andy Estes  <aestes@apple.com>
120
121         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
122         https://bugs.webkit.org/show_bug.cgi?id=150819
123
124         Reviewed by Dan Bernstein.
125
126         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
127
128         * Configurations/Base.xcconfig:
129
130 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
131
132         [Win] MiniBrowser unable to use WebInspector
133         https://bugs.webkit.org/show_bug.cgi?id=150810
134         <rdar://problem/23358514>
135
136         Reviewed by Timothy Hatcher.
137
138         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
139         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
140         parsing error in the JS file.
141         
142         The solution was to switch from using "COMMAND echo" to use the more cross-platform
143         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
144         escaping properly on all platforms.
145
146         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
147
148 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
149
150         B3 should be able to compile a Patchpoint
151         https://bugs.webkit.org/show_bug.cgi?id=150750
152
153         Reviewed by Geoffrey Garen.
154
155         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
156         with a B3::PatchpointSpecial.
157
158         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
159         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
160         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
161         otherwise I would have had to write a lot of boilerplate.
162
163         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
164
165         There were a ton of indexing bugs in B3StackmapSpecial.
166
167         The spiller was broken in case the Def was not the last Arg, since it was adding things
168         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
169         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
170         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
171         order insertions as a rare case. I think that we don't really need to be so paranoid.
172         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
173         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
174         used sort, which is slightly wrong.
175
176         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
177
178         * b3/B3InsertionSet.cpp:
179         (JSC::B3::InsertionSet::execute):
180         * b3/B3LowerToAir.cpp:
181         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
182         (JSC::B3::Air::LowerToAir::appendStore):
183         (JSC::B3::Air::LowerToAir::moveForType):
184         (JSC::B3::Air::LowerToAir::append):
185         (JSC::B3::Air::LowerToAir::ensureSpecial):
186         (JSC::B3::Air::LowerToAir::tryStore):
187         (JSC::B3::Air::LowerToAir::tryStackSlot):
188         (JSC::B3::Air::LowerToAir::tryPatchpoint):
189         (JSC::B3::Air::LowerToAir::tryUpsilon):
190         * b3/B3LoweringMatcher.patterns:
191         * b3/B3PatchpointValue.h:
192         (JSC::B3::PatchpointValue::accepts): Deleted.
193         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
194         * b3/B3Stackmap.h:
195         (JSC::B3::Stackmap::constrain):
196         (JSC::B3::Stackmap::appendConstraint):
197         (JSC::B3::Stackmap::reps):
198         (JSC::B3::Stackmap::clobber):
199         * b3/B3StackmapSpecial.cpp:
200         (JSC::B3::StackmapSpecial::forEachArgImpl):
201         (JSC::B3::StackmapSpecial::isValidImpl):
202         * b3/B3Value.h:
203         * b3/B3ValueRep.h:
204         (JSC::B3::ValueRep::ValueRep):
205         (JSC::B3::ValueRep::reg):
206         (JSC::B3::ValueRep::operator bool):
207         (JSC::B3::ValueRep::isAny):
208         (JSC::B3::ValueRep::isSomeRegister):
209         (JSC::B3::ValueRep::isReg):
210         (JSC::B3::ValueRep::isGPR):
211         (JSC::B3::ValueRep::isFPR):
212         (JSC::B3::ValueRep::gpr):
213         (JSC::B3::ValueRep::fpr):
214         (JSC::B3::ValueRep::isStack):
215         (JSC::B3::ValueRep::offsetFromFP):
216         (JSC::B3::ValueRep::isStackArgument):
217         (JSC::B3::ValueRep::offsetFromSP):
218         (JSC::B3::ValueRep::isConstant):
219         (JSC::B3::ValueRep::value):
220         * b3/air/AirCode.cpp:
221         (JSC::B3::Air::Code::dump):
222         * b3/air/AirInsertionSet.cpp:
223         (JSC::B3::Air::InsertionSet::execute):
224         * b3/testb3.cpp:
225         (JSC::B3::testComplex):
226         (JSC::B3::testSimplePatchpoint):
227         (JSC::B3::run):
228         * dfg/DFGBlockInsertionSet.cpp:
229         (JSC::DFG::BlockInsertionSet::execute):
230
231 2015-11-02  Mark Lam  <mark.lam@apple.com>
232
233         Snippefy op_add for the baseline JIT.
234         https://bugs.webkit.org/show_bug.cgi?id=150129
235
236         Reviewed by Geoffrey Garen and Saam Barati.
237
238         Performance is neutral for both 32-bit and 64-bit on X86_64.
239
240         * CMakeLists.txt:
241         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
242         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
243         * JavaScriptCore.xcodeproj/project.pbxproj:
244         * jit/JIT.h:
245         (JSC::JIT::getOperandConstantInt):
246         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
247           because the snippet needs it.
248
249         * jit/JITAddGenerator.cpp: Added.
250         (JSC::JITAddGenerator::generateFastPath):
251         * jit/JITAddGenerator.h: Added.
252         (JSC::JITAddGenerator::JITAddGenerator):
253         (JSC::JITAddGenerator::endJumpList):
254         (JSC::JITAddGenerator::slowPathJumpList):
255         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
256           is a constant int32_t.  It does not implement an optimization for the case where
257           both operands are constant int32_t.  This is because:
258           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
259           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
260
261           Hence, such an optimization path (for 2 constant int32_t operands) would never
262           be taken, and is why we won't implement it.
263
264         * jit/JITArithmetic.cpp:
265         (JSC::JIT::compileBinaryArithOp):
266         (JSC::JIT::compileBinaryArithOpSlowCase):
267         - Removed op_add cases.  These are no longer used by the op_add emitters.
268
269         (JSC::JIT::emit_op_add):
270         (JSC::JIT::emitSlow_op_add):
271         - Moved out from the JSVALUE64 section to the common section, and reimplemented
272           using the snippet.
273
274         * jit/JITArithmetic32_64.cpp:
275         (JSC::JIT::emitBinaryDoubleOp):
276         (JSC::JIT::emit_op_add): Deleted.
277         (JSC::JIT::emitAdd32Constant): Deleted.
278         (JSC::JIT::emitSlow_op_add): Deleted.
279         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
280           and 64-bit implementations.
281
282         * jit/JITInlines.h:
283         (JSC::JIT::getOperandConstantInt):
284         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
285           because the snippet needs it.
286
287 2015-11-02  Brian Burg  <bburg@apple.com>
288
289         Run sort-Xcode-project-file for the JavaScriptCore project.
290
291         Unreviewed. Many things were out of order following recent B3 commits.
292
293         * JavaScriptCore.xcodeproj/project.pbxproj:
294
295 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
296
297         Rename op_put_getter_setter to op_put_getter_setter_by_id
298         https://bugs.webkit.org/show_bug.cgi?id=150773
299
300         Reviewed by Mark Lam.
301
302         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
303         the other ops' names like op_put_getter_by_id etc.
304
305         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
306
307         * JavaScriptCore.xcodeproj/project.pbxproj:
308         * bytecode/BytecodeList.json:
309         * bytecode/BytecodeUseDef.h:
310         (JSC::computeUsesForBytecodeOffset):
311         (JSC::computeDefsForBytecodeOffset):
312         * bytecode/CodeBlock.cpp:
313         (JSC::CodeBlock::dumpBytecode):
314         * bytecompiler/BytecodeGenerator.cpp:
315         (JSC::BytecodeGenerator::emitPutGetterSetter):
316         * dfg/DFGByteCodeParser.cpp:
317         (JSC::DFG::ByteCodeParser::parseBlock):
318         * dfg/DFGCapabilities.cpp:
319         (JSC::DFG::capabilityLevel):
320         * jit/JIT.cpp:
321         (JSC::JIT::privateCompileMainPass):
322         * jit/JIT.h:
323         * jit/JITPropertyAccess.cpp:
324         (JSC::JIT::emit_op_put_getter_setter_by_id):
325         (JSC::JIT::emit_op_put_getter_setter): Deleted.
326         * jit/JITPropertyAccess32_64.cpp:
327         (JSC::JIT::emit_op_put_getter_setter_by_id):
328         (JSC::JIT::emit_op_put_getter_setter): Deleted.
329         * llint/LLIntSlowPaths.cpp:
330         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
331         * llint/LLIntSlowPaths.h:
332         * llint/LowLevelInterpreter.asm:
333
334 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
335
336         Fix the FTL JIT build with system LLVM on Linux
337         https://bugs.webkit.org/show_bug.cgi?id=150795
338
339         Reviewed by Filip Pizlo.
340
341         * CMakeLists.txt:
342
343 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
344
345         [ES6] Support Generator Syntax
346         https://bugs.webkit.org/show_bug.cgi?id=150769
347
348         Reviewed by Geoffrey Garen.
349
350         This patch implements syntax part of ES6 Generators.
351
352         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
353         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
354         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
355         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
356
357         * Configurations/FeatureDefines.xcconfig:
358         * bytecompiler/NodesCodegen.cpp:
359         (JSC::YieldExprNode::emitBytecode):
360         * parser/ASTBuilder.h:
361         (JSC::ASTBuilder::createYield):
362         * parser/Keywords.table:
363         * parser/NodeConstructors.h:
364         (JSC::YieldExprNode::YieldExprNode):
365         * parser/Nodes.h:
366         * parser/Parser.cpp:
367         (JSC::Parser<LexerType>::Parser):
368         (JSC::Parser<LexerType>::parseInner):
369         (JSC::Parser<LexerType>::parseStatementListItem):
370         (JSC::Parser<LexerType>::parseVariableDeclarationList):
371         (JSC::Parser<LexerType>::parseDestructuringPattern):
372         (JSC::Parser<LexerType>::parseBreakStatement):
373         (JSC::Parser<LexerType>::parseContinueStatement):
374         (JSC::Parser<LexerType>::parseTryStatement):
375         (JSC::Parser<LexerType>::parseStatement):
376         (JSC::stringForFunctionMode):
377         (JSC::Parser<LexerType>::parseFunctionParameters):
378         (JSC::Parser<LexerType>::parseFunctionInfo):
379         (JSC::Parser<LexerType>::parseFunctionDeclaration):
380         (JSC::Parser<LexerType>::parseClass):
381         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
382         (JSC::Parser<LexerType>::parseExportDeclaration):
383         (JSC::Parser<LexerType>::parseAssignmentExpression):
384         (JSC::Parser<LexerType>::parseYieldExpression):
385         (JSC::Parser<LexerType>::parseProperty):
386         (JSC::Parser<LexerType>::parsePropertyMethod):
387         (JSC::Parser<LexerType>::parseGetterSetter):
388         (JSC::Parser<LexerType>::parseFunctionExpression):
389         (JSC::Parser<LexerType>::parsePrimaryExpression):
390         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
391         * parser/Parser.h:
392         (JSC::Scope::Scope):
393         (JSC::Scope::setSourceParseMode):
394         (JSC::Scope::isGenerator):
395         (JSC::Scope::setIsFunction):
396         (JSC::Scope::setIsGenerator):
397         (JSC::Scope::setIsModule):
398         (JSC::Parser::pushScope):
399         (JSC::Parser::isYIELDMaskedAsIDENT):
400         (JSC::Parser::matchSpecIdentifier):
401         (JSC::Parser::saveState):
402         (JSC::Parser::restoreState):
403         * parser/ParserModes.h:
404         (JSC::isFunctionParseMode):
405         (JSC::isModuleParseMode):
406         (JSC::isProgramParseMode):
407         * parser/ParserTokens.h:
408         * parser/SyntaxChecker.h:
409         (JSC::SyntaxChecker::createYield):
410         * tests/stress/generator-methods.js: Added.
411         (Hello.prototype.gen):
412         (Hello.gen):
413         (Hello):
414         (Hello.prototype.set get string_appeared_here):
415         (Hello.string_appeared_here):
416         (Hello.prototype.20):
417         (Hello.20):
418         (Hello.prototype.42):
419         (Hello.42):
420         (let.object.gen):
421         (let.object.set get string_appeared_here):
422         (let.object.20):
423         (let.object.42):
424         * tests/stress/generator-syntax.js: Added.
425         (testSyntax):
426         (testSyntaxError):
427         (testSyntaxError.Hello.prototype.get gen):
428         (testSyntaxError.Hello):
429         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
430         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
431         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
432         (testSyntaxError.value):
433         (testSyntaxError.gen.ng):
434         (testSyntaxError.gen):
435         (testSyntax.gen):
436         * tests/stress/yield-and-line-terminator.js: Added.
437         (testSyntax):
438         (testSyntaxError):
439         (testSyntax.gen):
440         (testSyntaxError.gen):
441         * tests/stress/yield-label-generator.js: Added.
442         (testSyntax):
443         (testSyntaxError):
444         (testSyntaxError.test):
445         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
446         * tests/stress/yield-label.js: Added.
447         (yield):
448         (testSyntaxError):
449         (testSyntaxError.test):
450         * tests/stress/yield-named-accessors-generator.js: Added.
451         (t1.let.object.get yield):
452         (t1.let.object.set yield):
453         (t1):
454         (t2.let.object.get yield):
455         (t2.let.object.set yield):
456         (t2):
457         * tests/stress/yield-named-accessors.js: Added.
458         (t1.let.object.get yield):
459         (t1.let.object.set yield):
460         (t1):
461         (t2.let.object.get yield):
462         (t2.let.object.set yield):
463         (t2):
464         * tests/stress/yield-named-variable-generator.js: Added.
465         (testSyntax):
466         (testSyntaxError):
467         (testSyntaxError.t1):
468         (testSyntaxError.t1.yield):
469         (testSyntax.t1.yield):
470         (testSyntax.t1):
471         * tests/stress/yield-named-variable.js: Added.
472         (testSyntax):
473         (testSyntaxError):
474         (testSyntax.t1):
475         (testSyntaxError.t1):
476         (testSyntax.t1.yield):
477         (testSyntaxError.t1.yield):
478         * tests/stress/yield-out-of-generator.js: Added.
479         (testSyntax):
480         (testSyntaxError):
481         (testSyntaxError.hello):
482         (testSyntaxError.gen.hello):
483         (testSyntaxError.gen):
484         (testSyntax.gen):
485         (testSyntax.gen.ok):
486         (testSyntaxError.gen.ok):
487
488 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
489
490         Dominators should be factored out of the DFG
491         https://bugs.webkit.org/show_bug.cgi?id=150764
492
493         Reviewed by Geoffrey Garen.
494
495         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
496         DFG:
497
498         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
499            future if we wanted to support inverted dominators, we could do it by just creating a
500            DFG::BackwardCFG.
501
502         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
503            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
504            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
505            the DFG.
506
507         * CMakeLists.txt:
508         * JavaScriptCore.xcodeproj/project.pbxproj:
509         * dfg/DFGAnalysis.h: Removed.
510         * dfg/DFGCFG.h: Added.
511         (JSC::DFG::CFG::CFG):
512         (JSC::DFG::CFG::root):
513         (JSC::DFG::CFG::newMap<T>):
514         (JSC::DFG::CFG::successors):
515         (JSC::DFG::CFG::predecessors):
516         (JSC::DFG::CFG::index):
517         (JSC::DFG::CFG::node):
518         (JSC::DFG::CFG::numNodes):
519         (JSC::DFG::CFG::dump):
520         * dfg/DFGCSEPhase.cpp:
521         * dfg/DFGDisassembler.cpp:
522         (JSC::DFG::Disassembler::createDumpList):
523         * dfg/DFGDominators.cpp: Removed.
524         * dfg/DFGDominators.h:
525         (JSC::DFG::Dominators::Dominators):
526         (JSC::DFG::Dominators::strictlyDominates): Deleted.
527         (JSC::DFG::Dominators::dominates): Deleted.
528         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
529         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
530         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
531         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
532         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
533         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
534         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
535         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
536         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
537         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
538         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
539         * dfg/DFGEdgeDominates.h:
540         (JSC::DFG::EdgeDominates::operator()):
541         * dfg/DFGGraph.cpp:
542         (JSC::DFG::Graph::Graph):
543         (JSC::DFG::Graph::dumpBlockHeader):
544         (JSC::DFG::Graph::invalidateCFG):
545         (JSC::DFG::Graph::substituteGetLocal):
546         (JSC::DFG::Graph::handleAssertionFailure):
547         (JSC::DFG::Graph::ensureDominators):
548         (JSC::DFG::Graph::ensurePrePostNumbering):
549         (JSC::DFG::Graph::ensureNaturalLoops):
550         (JSC::DFG::Graph::valueProfileFor):
551         * dfg/DFGGraph.h:
552         (JSC::DFG::Graph::hasDebuggerEnabled):
553         * dfg/DFGLICMPhase.cpp:
554         (JSC::DFG::LICMPhase::run):
555         (JSC::DFG::LICMPhase::attemptHoist):
556         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
557         (JSC::DFG::createPreHeader):
558         (JSC::DFG::LoopPreHeaderCreationPhase::run):
559         * dfg/DFGNaturalLoops.cpp:
560         (JSC::DFG::NaturalLoop::dump):
561         (JSC::DFG::NaturalLoops::NaturalLoops):
562         (JSC::DFG::NaturalLoops::~NaturalLoops):
563         (JSC::DFG::NaturalLoops::loopsOf):
564         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
565         (JSC::DFG::NaturalLoops::compute): Deleted.
566         * dfg/DFGNaturalLoops.h:
567         (JSC::DFG::NaturalLoops::numLoops):
568         * dfg/DFGNode.h:
569         (JSC::DFG::Node::SuccessorsIterable::end):
570         (JSC::DFG::Node::SuccessorsIterable::size):
571         (JSC::DFG::Node::SuccessorsIterable::at):
572         (JSC::DFG::Node::SuccessorsIterable::operator[]):
573         * dfg/DFGOSREntrypointCreationPhase.cpp:
574         (JSC::DFG::OSREntrypointCreationPhase::run):
575         * dfg/DFGObjectAllocationSinkingPhase.cpp:
576         * dfg/DFGPlan.cpp:
577         (JSC::DFG::Plan::compileInThreadImpl):
578         * dfg/DFGPrePostNumbering.cpp:
579         (JSC::DFG::PrePostNumbering::PrePostNumbering):
580         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
581         (JSC::DFG::PrePostNumbering::compute): Deleted.
582         * dfg/DFGPrePostNumbering.h:
583         (JSC::DFG::PrePostNumbering::preNumber):
584         (JSC::DFG::PrePostNumbering::postNumber):
585         * dfg/DFGPutStackSinkingPhase.cpp:
586         * dfg/DFGSSACalculator.cpp:
587         (JSC::DFG::SSACalculator::nonLocalReachingDef):
588         (JSC::DFG::SSACalculator::reachingDefAtTail):
589         * dfg/DFGSSACalculator.h:
590         (JSC::DFG::SSACalculator::computePhis):
591         * dfg/DFGSSAConversionPhase.cpp:
592         (JSC::DFG::SSAConversionPhase::run):
593         * ftl/FTLLink.cpp:
594         (JSC::FTL::link):
595         * ftl/FTLLowerDFGToLLVM.cpp:
596         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
597         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
598         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
599
600 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
601
602         B3::reduceStrength's DCE should be more agro and less wrong
603         https://bugs.webkit.org/show_bug.cgi?id=150748
604
605         Reviewed by Geoffrey Garen.
606
607         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
608         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
609         cycles. It was also probably slower than it needed to be, since it would eliminate all
610         never-referenced things on each fixpoint.
611
612         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
613         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
614         Upsilons, it's a fixpoint. It works fine in the end.
615
616         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
617         writing as a compile time benchmark. So, I include that test in this change. I also include
618         the small lowering extensions that it needed - shifting and zero extending.
619
620         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
621         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
622         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
623         close once we give B3 a register allocator, but still, that's pretty good news for our B3
624         strategy.
625
626         * JavaScriptCore.xcodeproj/project.pbxproj:
627         * assembler/MacroAssemblerX86_64.h:
628         (JSC::MacroAssemblerX86_64::lshift64):
629         (JSC::MacroAssemblerX86_64::rshift64):
630         * assembler/X86Assembler.h:
631         (JSC::X86Assembler::shlq_i8r):
632         (JSC::X86Assembler::shlq_CLr):
633         (JSC::X86Assembler::imull_rr):
634         * b3/B3BasicBlock.cpp:
635         (JSC::B3::BasicBlock::replacePredecessor):
636         (JSC::B3::BasicBlock::dump):
637         (JSC::B3::BasicBlock::removeNops): Deleted.
638         * b3/B3BasicBlock.h:
639         (JSC::B3::BasicBlock::frequency):
640         * b3/B3Common.cpp:
641         (JSC::B3::shouldSaveIRBeforePhase):
642         (JSC::B3::shouldMeasurePhaseTiming):
643         * b3/B3Common.h:
644         (JSC::B3::isRepresentableAsImpl):
645         * b3/B3Generate.cpp:
646         (JSC::B3::generate):
647         (JSC::B3::generateToAir):
648         * b3/B3LowerToAir.cpp:
649         (JSC::B3::Air::LowerToAir::tryAnd):
650         (JSC::B3::Air::LowerToAir::tryShl):
651         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
652         (JSC::B3::Air::LowerToAir::tryTrunc):
653         (JSC::B3::Air::LowerToAir::tryZExt32):
654         (JSC::B3::Air::LowerToAir::tryArgumentReg):
655         * b3/B3LoweringMatcher.patterns:
656         * b3/B3PhaseScope.cpp:
657         (JSC::B3::PhaseScope::PhaseScope):
658         * b3/B3PhaseScope.h:
659         * b3/B3ReduceStrength.cpp:
660         * b3/B3TimingScope.cpp: Added.
661         (JSC::B3::TimingScope::TimingScope):
662         (JSC::B3::TimingScope::~TimingScope):
663         * b3/B3TimingScope.h: Added.
664         * b3/B3Validate.cpp:
665         * b3/air/AirAllocateStack.cpp:
666         (JSC::B3::Air::allocateStack):
667         * b3/air/AirGenerate.cpp:
668         (JSC::B3::Air::generate):
669         * b3/air/AirInstInlines.h:
670         (JSC::B3::Air::ForEach<Arg>::forEach):
671         (JSC::B3::Air::Inst::forEach):
672         (JSC::B3::Air::isLshift32Valid):
673         (JSC::B3::Air::isLshift64Valid):
674         * b3/air/AirLiveness.h:
675         (JSC::B3::Air::Liveness::isAlive):
676         (JSC::B3::Air::Liveness::Liveness):
677         (JSC::B3::Air::Liveness::LocalCalc::execute):
678         * b3/air/AirOpcode.opcodes:
679         * b3/air/AirPhaseScope.cpp:
680         (JSC::B3::Air::PhaseScope::PhaseScope):
681         * b3/air/AirPhaseScope.h:
682         * b3/testb3.cpp:
683         (JSC::B3::testBranchEqualFoldPtr):
684         (JSC::B3::testComplex):
685         (JSC::B3::run):
686         * runtime/Options.h:
687
688 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
689
690         [ES6] Add support for toStringTag
691         https://bugs.webkit.org/show_bug.cgi?id=150696
692
693         Re-landing, as this wasn't the culprit.
694
695         * runtime/ArrayIteratorPrototype.cpp:
696         (JSC::ArrayIteratorPrototype::finishCreation):
697         * runtime/CommonIdentifiers.h:
698         * runtime/JSArrayBufferPrototype.cpp:
699         (JSC::JSArrayBufferPrototype::finishCreation):
700         (JSC::JSArrayBufferPrototype::create):
701         * runtime/JSDataViewPrototype.cpp:
702         (JSC::JSDataViewPrototype::create):
703         (JSC::JSDataViewPrototype::finishCreation):
704         (JSC::JSDataViewPrototype::createStructure):
705         * runtime/JSDataViewPrototype.h:
706         * runtime/JSModuleNamespaceObject.cpp:
707         (JSC::JSModuleNamespaceObject::finishCreation):
708         * runtime/JSONObject.cpp:
709         (JSC::JSONObject::finishCreation):
710         * runtime/JSPromisePrototype.cpp:
711         (JSC::JSPromisePrototype::finishCreation):
712         (JSC::JSPromisePrototype::getOwnPropertySlot):
713         * runtime/JSTypedArrayViewPrototype.cpp:
714         (JSC::typedArrayViewProtoFuncValues):
715         (JSC::typedArrayViewProtoGetterFuncToStringTag):
716         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
717         (JSC::JSTypedArrayViewPrototype::finishCreation):
718         * runtime/MapIteratorPrototype.cpp:
719         (JSC::MapIteratorPrototype::finishCreation):
720         (JSC::MapIteratorPrototypeFuncNext):
721         * runtime/MapPrototype.cpp:
722         (JSC::MapPrototype::finishCreation):
723         * runtime/MathObject.cpp:
724         (JSC::MathObject::finishCreation):
725         * runtime/ObjectPrototype.cpp:
726         (JSC::objectProtoFuncToString):
727         * runtime/SetIteratorPrototype.cpp:
728         (JSC::SetIteratorPrototype::finishCreation):
729         (JSC::SetIteratorPrototypeFuncNext):
730         * runtime/SetPrototype.cpp:
731         (JSC::SetPrototype::finishCreation):
732         * runtime/SmallStrings.cpp:
733         (JSC::SmallStrings::SmallStrings):
734         (JSC::SmallStrings::initializeCommonStrings):
735         (JSC::SmallStrings::visitStrongReferences):
736         * runtime/SmallStrings.h:
737         (JSC::SmallStrings::typeString):
738         (JSC::SmallStrings::objectStringStart):
739         (JSC::SmallStrings::nullObjectString):
740         (JSC::SmallStrings::undefinedObjectString):
741         * runtime/StringIteratorPrototype.cpp:
742         (JSC::StringIteratorPrototype::finishCreation):
743         * runtime/SymbolPrototype.cpp:
744         (JSC::SymbolPrototype::finishCreation):
745         * runtime/WeakMapPrototype.cpp:
746         (JSC::WeakMapPrototype::finishCreation):
747         (JSC::getWeakMapData):
748         * runtime/WeakSetPrototype.cpp:
749         (JSC::WeakSetPrototype::finishCreation):
750         (JSC::getWeakMapData):
751         * tests/es6.yaml:
752         * tests/modules/namespace.js:
753         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
754
755 2015-11-01  Commit Queue  <commit-queue@webkit.org>
756
757         Unreviewed, rolling out r191815 and r191821.
758         https://bugs.webkit.org/show_bug.cgi?id=150781
759
760         Seems to have broken JSC API tests on some platforms
761         (Requested by ap on #webkit).
762
763         Reverted changesets:
764
765         "[ES6] Add support for toStringTag"
766         https://bugs.webkit.org/show_bug.cgi?id=150696
767         http://trac.webkit.org/changeset/191815
768
769         "Unreviewed, forgot to mark tests as passing for new feature."
770         http://trac.webkit.org/changeset/191821
771
772 2015-11-01  Commit Queue  <commit-queue@webkit.org>
773
774         Unreviewed, rolling out r191858.
775         https://bugs.webkit.org/show_bug.cgi?id=150780
776
777         Broke the build (Requested by ap on #webkit).
778
779         Reverted changeset:
780
781         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
782         https://bugs.webkit.org/show_bug.cgi?id=150773
783         http://trac.webkit.org/changeset/191858
784
785 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
786
787         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
788
789         * b3/B3LowerToAir.cpp:
790         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
791
792 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
793
794         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
795
796         * b3/B3LowerToAir.cpp:
797         (JSC::B3::Air::LowerToAir::tryTrunc):
798
799 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
800
801         Rename op_put_getter_setter to op_put_getter_setter_by_id
802         https://bugs.webkit.org/show_bug.cgi?id=150773
803
804         Reviewed by Mark Lam.
805
806         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
807         the other ops' names like op_put_getter_by_id etc.
808
809         * bytecode/BytecodeList.json:
810         * bytecode/BytecodeUseDef.h:
811         (JSC::computeUsesForBytecodeOffset):
812         (JSC::computeDefsForBytecodeOffset):
813         * bytecode/CodeBlock.cpp:
814         (JSC::CodeBlock::dumpBytecode):
815         * bytecompiler/BytecodeGenerator.cpp:
816         (JSC::BytecodeGenerator::emitPutGetterSetter):
817         * dfg/DFGByteCodeParser.cpp:
818         (JSC::DFG::ByteCodeParser::parseBlock):
819         * dfg/DFGCapabilities.cpp:
820         (JSC::DFG::capabilityLevel):
821         * jit/JIT.cpp:
822         (JSC::JIT::privateCompileMainPass):
823         * jit/JIT.h:
824         * jit/JITPropertyAccess.cpp:
825         (JSC::JIT::emit_op_put_getter_setter_by_id):
826         (JSC::JIT::emit_op_put_getter_setter): Deleted.
827         * jit/JITPropertyAccess32_64.cpp:
828         (JSC::JIT::emit_op_put_getter_setter_by_id):
829         (JSC::JIT::emit_op_put_getter_setter): Deleted.
830         * llint/LLIntSlowPaths.cpp:
831         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
832         * llint/LLIntSlowPaths.h:
833         * llint/LowLevelInterpreter.asm:
834
835 2015-10-31  Andreas Kling  <akling@apple.com>
836
837         Add a debug overlay with information about web process resource usage.
838         <https://webkit.org/b/150599>
839
840         Reviewed by Darin Adler.
841
842         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
843         WeakBlock objects, keeping them in a single location that can be sampled by the
844         resource usage overlay thread.
845
846         The bulk of these changes is threading a Heap& through from sites where blocks are
847         allocated or freed.
848
849         * heap/CopiedBlock.cpp:
850         (JSC::CopiedBlock::createNoZeroFill):
851         (JSC::CopiedBlock::destroy):
852         (JSC::CopiedBlock::create):
853         * heap/CopiedBlock.h:
854         * heap/CopiedSpace.cpp:
855         (JSC::CopiedSpace::~CopiedSpace):
856         (JSC::CopiedSpace::tryAllocateOversize):
857         (JSC::CopiedSpace::tryReallocateOversize):
858         * heap/CopiedSpaceInlines.h:
859         (JSC::CopiedSpace::recycleEvacuatedBlock):
860         (JSC::CopiedSpace::recycleBorrowedBlock):
861         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
862         (JSC::CopiedSpace::allocateBlock):
863         (JSC::CopiedSpace::startedCopying):
864         * heap/Heap.cpp:
865         (JSC::Heap::~Heap):
866         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
867         * heap/Heap.h:
868         (JSC::Heap::blockBytesAllocated):
869         * heap/HeapInlines.h:
870         (JSC::Heap::didAllocateBlock):
871         (JSC::Heap::didFreeBlock):
872         * heap/MarkedAllocator.cpp:
873         (JSC::MarkedAllocator::allocateBlock):
874         * heap/MarkedBlock.cpp:
875         (JSC::MarkedBlock::create):
876         (JSC::MarkedBlock::destroy):
877         * heap/MarkedBlock.h:
878         * heap/MarkedSpace.cpp:
879         (JSC::MarkedSpace::freeBlock):
880         * heap/WeakBlock.cpp:
881         (JSC::WeakBlock::create):
882         (JSC::WeakBlock::destroy):
883         * heap/WeakBlock.h:
884         * heap/WeakSet.cpp:
885         (JSC::WeakSet::~WeakSet):
886         (JSC::WeakSet::addAllocator):
887         (JSC::WeakSet::removeAllocator):
888
889 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
890
891         Air should eliminate dead code
892         https://bugs.webkit.org/show_bug.cgi?id=150746
893
894         Reviewed by Geoffrey Garen.
895
896         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
897         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
898         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
899         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
900         runs these rules to fixpoint, and then removes the dead instructions.
901
902         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
903         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
904         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
905         checks are all Specials, and the Special base class by default always claims that the
906         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
907         exotic math constructs; then the Special associated with that thing would claim that there
908         are no effects.
909
910         * JavaScriptCore.xcodeproj/project.pbxproj:
911         * b3/air/AirBasicBlock.h:
912         (JSC::B3::Air::BasicBlock::begin):
913         (JSC::B3::Air::BasicBlock::end):
914         (JSC::B3::Air::BasicBlock::at):
915         (JSC::B3::Air::BasicBlock::last):
916         (JSC::B3::Air::BasicBlock::resize):
917         (JSC::B3::Air::BasicBlock::appendInst):
918         * b3/air/AirEliminateDeadCode.cpp: Added.
919         (JSC::B3::Air::eliminateDeadCode):
920         * b3/air/AirEliminateDeadCode.h: Added.
921         * b3/air/AirGenerate.cpp:
922         (JSC::B3::Air::generate):
923         * b3/air/AirInst.h:
924         * b3/air/AirOpcode.opcodes:
925         * b3/air/AirSpecial.cpp:
926         (JSC::B3::Air::Special::name):
927         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
928         (JSC::B3::Air::Special::dump):
929         * b3/air/AirSpecial.h:
930         * b3/air/opcode_generator.rb:
931
932 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
933
934         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
935         https://bugs.webkit.org/show_bug.cgi?id=150511
936
937         Reviewed by Saam Barati.
938
939         This change adds such a phase. In the process of writing it, I was reminded about the
940         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
941
942         * JavaScriptCore.xcodeproj/project.pbxproj:
943         * b3/air/AirAllocateStack.cpp:
944         (JSC::B3::Air::allocateStack):
945         * b3/air/AirGenerate.cpp:
946         (JSC::B3::Air::generate):
947         * b3/air/AirReportUsedRegisters.cpp: Added.
948         (JSC::B3::Air::reportUsedRegisters):
949         * b3/air/AirReportUsedRegisters.h: Added.
950
951 2015-10-31  Brian Burg  <bburg@apple.com>
952
953         Builtins generator should put WebCore-only wrappers in the per-builtin header
954         https://bugs.webkit.org/show_bug.cgi?id=150539
955
956         Reviewed by Youenn Fablet.
957
958         If generating for WebCore, put the XXXWrapper and related boilerplate
959         in the per-builtin header instead of making a separate XXXWrapper.h.
960
961         Rebaseline the tests.
962
963         * CMakeLists.txt:
964         * DerivedSources.make:
965         * Scripts/builtins/builtins.py:
966         * Scripts/builtins/builtins_generate_separate_header.py:
967         (BuiltinsSeparateHeaderGenerator.generate_output):
968         (generate_header_includes):
969         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
970         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
971         * Scripts/generate-js-builtins.py:
972         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
973         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
974         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
975         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
976
977 2015-10-31  Saam barati  <sbarati@apple.com>
978
979         JSC should have a forceGCSlowPaths option
980         https://bugs.webkit.org/show_bug.cgi?id=150744
981
982         Reviewed by Filip Pizlo.
983
984         This patch implements the forceGCSlowPaths option.
985         It defaults to false, but when it is set to true,
986         the JITs will always allocate objects along the slow
987         path. This will be helpful for writing a certain class
988         of tests. This may also come in handy for debugging
989         later.
990
991         This patch also adds the "forceGCSlowPaths" function
992         in jsc.cpp which sets the option to true. If you
993         use this function in a jsc stress test, it's best
994         to call it as the first thing in the program before
995         we JIT anything.
996
997         * dfg/DFGSpeculativeJIT.h:
998         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
999         * ftl/FTLLowerDFGToLLVM.cpp:
1000         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
1001         * jit/JITInlines.h:
1002         (JSC::JIT::emitAllocateJSObject):
1003         * jsc.cpp:
1004         (GlobalObject::finishCreation):
1005         (functionEdenGC):
1006         (functionForceGCSlowPaths):
1007         (functionHeapSize):
1008         * runtime/Options.h:
1009
1010 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
1011
1012         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
1013         https://bugs.webkit.org/show_bug.cgi?id=150753
1014
1015         Reviewed by Timothy Hatcher.
1016
1017         * parser/Parser.h:
1018         (JSC::Parser<LexerType>::parse):
1019         Only set the directives on the SourceProvider if we were parsing the
1020         entire file (Program or Module), not if we are in function parsing mode.
1021         This was inadvertently clearing the directives stored on the
1022         SourceProvider when the function parse didn't see directives and reset
1023         the values on the source provider.
1024
1025 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1026
1027         [JSC] Add lowering for B3's Sub operation with integers
1028         https://bugs.webkit.org/show_bug.cgi?id=150749
1029
1030         Reviewed by Filip Pizlo.
1031
1032         * b3/B3LowerToAir.cpp:
1033         (JSC::B3::Air::LowerToAir::trySub):
1034         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
1035         * b3/B3LoweringMatcher.patterns:
1036         Identical to Add but obviously NotCommutative.
1037
1038         * b3/B3ReduceStrength.cpp:
1039         Turn Add/Sub with zero into an identity. I only added for
1040         Add since Sub with a constant is always turned into an Add.
1041
1042         Also switched the Sub optimizations to put the strongest first.
1043
1044         * b3/air/AirOpcode.opcodes:
1045         * b3/testb3.cpp:
1046         (JSC::B3::testAddArgImm):
1047         (JSC::B3::testAddImmArg):
1048         (JSC::B3::testSubArgs):
1049         (JSC::B3::testSubArgImm):
1050         (JSC::B3::testSubImmArg):
1051         (JSC::B3::testSubArgs32):
1052         (JSC::B3::testSubArgImm32):
1053         (JSC::B3::testSubImmArg32):
1054         (JSC::B3::testStoreSubLoad):
1055         (JSC::B3::run):
1056
1057 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1058
1059         [JSC] Add the Air Opcode definitions to the Xcode project file
1060         https://bugs.webkit.org/show_bug.cgi?id=150701
1061
1062         Reviewed by Geoffrey Garen.
1063
1064         * JavaScriptCore.xcodeproj/project.pbxproj:
1065         Easier for those who use Xcode :)
1066
1067 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1068
1069         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
1070
1071         * b3/B3ValueRep.h:
1072
1073 2015-10-30  Michael Saboff  <msaboff@apple.com>
1074
1075         Windows X86-64 change for Crash making a tail call from a getter to a host function
1076         https://bugs.webkit.org/show_bug.cgi?id=150737
1077
1078         Reviewed by Geoffrey Garen.
1079
1080         Need to make the same change for Windows X86-64 as was made in change set
1081         http://trac.webkit.org/changeset/191765.
1082
1083         * jit/JITStubsMSVC64.asm:
1084
1085 2015-10-30  Keith Miller  <keith_miller@apple.com>
1086
1087         Unreviewed, forgot to mark tests as passing for new feature.
1088
1089         * tests/es6.yaml:
1090
1091 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1092
1093         B3 should be able to compile a control flow diamond
1094         https://bugs.webkit.org/show_bug.cgi?id=150720
1095
1096         Reviewed by Benjamin Poulain.
1097
1098         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
1099         comparisons and boolean-like operations.
1100
1101         * assembler/MacroAssembler.cpp:
1102         (WTF::printInternal):
1103         * assembler/MacroAssembler.h:
1104         * b3/B3BasicBlockUtils.h:
1105         (JSC::B3::replacePredecessor):
1106         (JSC::B3::resetReachability):
1107         * b3/B3CheckValue.h:
1108         * b3/B3Common.h:
1109         (JSC::B3::isRepresentableAsImpl):
1110         (JSC::B3::isRepresentableAs):
1111         * b3/B3Const32Value.cpp:
1112         (JSC::B3::Const32Value::subConstant):
1113         (JSC::B3::Const32Value::equalConstant):
1114         (JSC::B3::Const32Value::notEqualConstant):
1115         (JSC::B3::Const32Value::dumpMeta):
1116         * b3/B3Const32Value.h:
1117         * b3/B3Const64Value.cpp:
1118         (JSC::B3::Const64Value::subConstant):
1119         (JSC::B3::Const64Value::equalConstant):
1120         (JSC::B3::Const64Value::notEqualConstant):
1121         (JSC::B3::Const64Value::dumpMeta):
1122         * b3/B3Const64Value.h:
1123         * b3/B3ConstDoubleValue.cpp:
1124         (JSC::B3::ConstDoubleValue::subConstant):
1125         (JSC::B3::ConstDoubleValue::equalConstant):
1126         (JSC::B3::ConstDoubleValue::notEqualConstant):
1127         (JSC::B3::ConstDoubleValue::dumpMeta):
1128         * b3/B3ConstDoubleValue.h:
1129         * b3/B3ControlValue.cpp:
1130         (JSC::B3::ControlValue::~ControlValue):
1131         (JSC::B3::ControlValue::convertToJump):
1132         (JSC::B3::ControlValue::dumpMeta):
1133         * b3/B3ControlValue.h:
1134         * b3/B3LowerToAir.cpp:
1135         (JSC::B3::Air::LowerToAir::imm):
1136         (JSC::B3::Air::LowerToAir::tryStackSlot):
1137         (JSC::B3::Air::LowerToAir::tryUpsilon):
1138         (JSC::B3::Air::LowerToAir::tryPhi):
1139         (JSC::B3::Air::LowerToAir::tryBranch):
1140         (JSC::B3::Air::LowerToAir::tryJump):
1141         (JSC::B3::Air::LowerToAir::tryIdentity):
1142         * b3/B3LoweringMatcher.patterns:
1143         * b3/B3Opcode.h:
1144         * b3/B3Procedure.cpp:
1145         (JSC::B3::Procedure::resetReachability):
1146         (JSC::B3::Procedure::dump):
1147         * b3/B3ReduceStrength.cpp:
1148         * b3/B3UpsilonValue.cpp:
1149         (JSC::B3::UpsilonValue::dumpMeta):
1150         * b3/B3UpsilonValue.h:
1151         (JSC::B3::UpsilonValue::accepts): Deleted.
1152         (JSC::B3::UpsilonValue::phi): Deleted.
1153         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
1154         * b3/B3Validate.cpp:
1155         * b3/B3Value.cpp:
1156         (JSC::B3::Value::subConstant):
1157         (JSC::B3::Value::equalConstant):
1158         (JSC::B3::Value::notEqualConstant):
1159         (JSC::B3::Value::returnsBool):
1160         (JSC::B3::Value::asTriState):
1161         (JSC::B3::Value::effects):
1162         * b3/B3Value.h:
1163         * b3/B3ValueInlines.h:
1164         (JSC::B3::Value::asInt32):
1165         (JSC::B3::Value::isInt32):
1166         (JSC::B3::Value::hasInt64):
1167         (JSC::B3::Value::asInt64):
1168         (JSC::B3::Value::isInt64):
1169         (JSC::B3::Value::hasInt):
1170         (JSC::B3::Value::asIntPtr):
1171         (JSC::B3::Value::isIntPtr):
1172         (JSC::B3::Value::hasDouble):
1173         (JSC::B3::Value::asDouble):
1174         (JSC::B3::Value::isEqualToDouble):
1175         (JSC::B3::Value::hasNumber):
1176         (JSC::B3::Value::representableAs):
1177         (JSC::B3::Value::asNumber):
1178         (JSC::B3::Value::stackmap):
1179         * b3/air/AirArg.cpp:
1180         (JSC::B3::Air::Arg::dump):
1181         * b3/air/AirArg.h:
1182         (JSC::B3::Air::Arg::resCond):
1183         (JSC::B3::Air::Arg::doubleCond):
1184         (JSC::B3::Air::Arg::special):
1185         (JSC::B3::Air::Arg::isResCond):
1186         (JSC::B3::Air::Arg::isDoubleCond):
1187         (JSC::B3::Air::Arg::isSpecial):
1188         (JSC::B3::Air::Arg::isGP):
1189         (JSC::B3::Air::Arg::isFP):
1190         (JSC::B3::Air::Arg::asResultCondition):
1191         (JSC::B3::Air::Arg::asDoubleCondition):
1192         (JSC::B3::Air::Arg::Arg):
1193         * b3/air/AirCode.cpp:
1194         (JSC::B3::Air::Code::resetReachability):
1195         (JSC::B3::Air::Code::dump):
1196         * b3/air/AirOpcode.opcodes:
1197         * b3/air/opcode_generator.rb:
1198         * b3/testb3.cpp:
1199         (hiddenTruthBecauseNoReturnIsStupid):
1200         (usage):
1201         (JSC::B3::compile):
1202         (JSC::B3::invoke):
1203         (JSC::B3::compileAndRun):
1204         (JSC::B3::test42):
1205         (JSC::B3::testStoreLoadStackSlot):
1206         (JSC::B3::testBranch):
1207         (JSC::B3::testDiamond):
1208         (JSC::B3::testBranchNotEqual):
1209         (JSC::B3::testBranchFold):
1210         (JSC::B3::testDiamondFold):
1211         (JSC::B3::run):
1212         (run):
1213         (main):
1214
1215 2015-10-30  Keith Miller  <keith_miller@apple.com>
1216
1217         [ES6] Add support for toStringTag
1218         https://bugs.webkit.org/show_bug.cgi?id=150696
1219
1220         Reviewed by Geoffrey Garen.
1221
1222         This patch adds support for Symbol.toStringTag. This is a simple
1223         feature, if an object passed to Object.prototype.toString() has a
1224         toStringTag we use the tag in the string rather than the class info.
1225         Added a test that checks this works for all the default supported classes
1226         along with the corresponding prototype and custom cases.
1227
1228         * runtime/ArrayIteratorPrototype.cpp:
1229         (JSC::ArrayIteratorPrototype::finishCreation):
1230         * runtime/CommonIdentifiers.h:
1231         * runtime/JSArrayBufferPrototype.cpp:
1232         (JSC::JSArrayBufferPrototype::finishCreation):
1233         * runtime/JSDataViewPrototype.cpp:
1234         (JSC::JSDataViewPrototype::finishCreation):
1235         * runtime/JSDataViewPrototype.h:
1236         * runtime/JSModuleNamespaceObject.cpp:
1237         (JSC::JSModuleNamespaceObject::finishCreation):
1238         * runtime/JSONObject.cpp:
1239         (JSC::JSONObject::finishCreation):
1240         * runtime/JSPromisePrototype.cpp:
1241         (JSC::JSPromisePrototype::finishCreation):
1242         * runtime/JSTypedArrayViewPrototype.cpp:
1243         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1244         (JSC::JSTypedArrayViewPrototype::finishCreation):
1245         * runtime/MapIteratorPrototype.cpp:
1246         (JSC::MapIteratorPrototype::finishCreation):
1247         * runtime/MapPrototype.cpp:
1248         (JSC::MapPrototype::finishCreation):
1249         * runtime/MathObject.cpp:
1250         (JSC::MathObject::finishCreation):
1251         * runtime/ObjectPrototype.cpp:
1252         (JSC::objectProtoFuncToString):
1253         * runtime/SetIteratorPrototype.cpp:
1254         (JSC::SetIteratorPrototype::finishCreation):
1255         * runtime/SetPrototype.cpp:
1256         (JSC::SetPrototype::finishCreation):
1257         * runtime/SmallStrings.cpp:
1258         (JSC::SmallStrings::SmallStrings):
1259         (JSC::SmallStrings::initializeCommonStrings):
1260         (JSC::SmallStrings::visitStrongReferences):
1261         * runtime/SmallStrings.h:
1262         (JSC::SmallStrings::objectStringStart):
1263         * runtime/StringIteratorPrototype.cpp:
1264         (JSC::StringIteratorPrototype::finishCreation):
1265         * runtime/SymbolPrototype.cpp:
1266         (JSC::SymbolPrototype::finishCreation):
1267         * runtime/WeakMapPrototype.cpp:
1268         (JSC::WeakMapPrototype::finishCreation):
1269         * runtime/WeakSetPrototype.cpp:
1270         (JSC::WeakSetPrototype::finishCreation):
1271         * tests/modules/namespace.js:
1272         * tests/stress/symbol-tostringtag.js: Added.
1273         (toStr):
1274         (strName):
1275         (classes.string_appeared_here):
1276
1277 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1278
1279         Web Inspector: Do not show JavaScriptCore builtins in inspector
1280         https://bugs.webkit.org/show_bug.cgi?id=146049
1281
1282         Reviewed by Geoffrey Garen.
1283
1284         * debugger/Debugger.cpp:
1285         When gathering scripts to notify the inspector / debuggers about
1286         skip over sources containing host / built-in functions as those
1287         for those won't contain source code developers expect to see.
1288
1289 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1290
1291         Fix typo in "use strict" in TypedArray builtins
1292         https://bugs.webkit.org/show_bug.cgi?id=150709
1293
1294         Reviewed by Geoffrey Garen.
1295
1296         * builtins/TypedArray.prototype.js:
1297         (toLocaleString):
1298
1299 2015-10-29  Philippe Normand  <pnormand@igalia.com>
1300
1301         [GTK][Mac] disable OBJC JSC API
1302         https://bugs.webkit.org/show_bug.cgi?id=150500
1303
1304         Reviewed by Alex Christensen.
1305
1306         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
1307
1308 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1309
1310         Air::handleCalleeSaves shouldn't save/restore the frame pointer
1311         https://bugs.webkit.org/show_bug.cgi?id=150688
1312
1313         Reviewed by Michael Saboff.
1314
1315         We save/restore the FP inside Air::generate().
1316
1317         * b3/air/AirHandleCalleeSaves.cpp:
1318         (JSC::B3::Air::handleCalleeSaves):
1319
1320 2015-10-29  Michael Saboff  <msaboff@apple.com>
1321
1322         Crash making a tail call from a getter to a host function
1323         https://bugs.webkit.org/show_bug.cgi?id=150663
1324
1325         Reviewed by Geoffrey Garen.
1326
1327         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
1328         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
1329
1330         * jit/JITOperations.cpp:
1331
1332 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1333
1334         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
1335         https://bugs.webkit.org/show_bug.cgi?id=150685
1336
1337         Reviewed by Geoffrey Garen.
1338
1339         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
1340         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
1341         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
1342         requires fewer bits.
1343
1344         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
1345         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
1346         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
1347         helper should happily accept either Const32Value or Const64Value.
1348
1349         We already sort of had this with immAnyType(), but it just turns out that anyone using
1350         immAnyType() should really be using imm().
1351
1352         * b3/B3LowerToAir.cpp:
1353         (JSC::B3::Air::LowerToAir::imm):
1354         (JSC::B3::Air::LowerToAir::tryStore):
1355         (JSC::B3::Air::LowerToAir::tryConst64):
1356         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
1357         * b3/testb3.cpp:
1358         (JSC::B3::testAdd1):
1359         (JSC::B3::testAdd1Ptr):
1360         (JSC::B3::testStoreAddLoad):
1361         (JSC::B3::run):
1362
1363 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1364
1365         StoreOpLoad pattern matching should check effects between the Store and Load
1366         https://bugs.webkit.org/show_bug.cgi?id=150534
1367
1368         Reviewed by Geoffrey Garen.
1369
1370         If we turn:
1371
1372             a = Load(addr)
1373             b = Add(a, 42)
1374             Store(b, addr)
1375
1376         Into:
1377
1378             Add $42, (addr)
1379
1380         Then we must make sure that we didn't really have this to begin with:
1381
1382             a = Load(addr)
1383             Store(666, addr)
1384             b = Add(a, 42)
1385             Store(b, addr)
1386
1387         That's because pattern matching doesn't care about control flow, and it finds the Load
1388         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
1389         enough to broadly ask questions about whether such a code motion of the Load is legal.
1390
1391         * b3/B3Effects.cpp:
1392         (JSC::B3::Effects::interferes):
1393         (JSC::B3::Effects::dump):
1394         * b3/B3Effects.h:
1395         (JSC::B3::Effects::mustExecute):
1396         * b3/B3LowerToAir.cpp:
1397         (JSC::B3::Air::LowerToAir::run):
1398         (JSC::B3::Air::LowerToAir::commitInternal):
1399         (JSC::B3::Air::LowerToAir::crossesInterference):
1400         (JSC::B3::Air::LowerToAir::effectiveAddr):
1401         (JSC::B3::Air::LowerToAir::loadAddr):
1402         * b3/B3Procedure.cpp:
1403         (JSC::B3::Procedure::addBlock):
1404         (JSC::B3::Procedure::resetValueOwners):
1405         (JSC::B3::Procedure::resetReachability):
1406         * b3/B3Procedure.h:
1407         * b3/B3Value.cpp:
1408         (JSC::B3::Value::effects):
1409         * b3/B3Value.h:
1410         * b3/testb3.cpp:
1411         (JSC::B3::testStoreAddLoad):
1412         (JSC::B3::testStoreAddLoadInterference):
1413         (JSC::B3::testStoreAddAndLoad):
1414         (JSC::B3::testLoadOffsetUsingAdd):
1415         (JSC::B3::testLoadOffsetUsingAddInterference):
1416         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1417         (JSC::B3::run):
1418
1419 2015-10-29  Brady Eidson  <beidson@apple.com>
1420
1421         Modern IDB: deleteObjectStore support.
1422         https://bugs.webkit.org/show_bug.cgi?id=150673
1423
1424         Reviewed by Alex Christensen.
1425
1426         * runtime/VM.h:
1427
1428 2015-10-29  Mark Lam  <mark.lam@apple.com>
1429
1430         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
1431         https://bugs.webkit.org/show_bug.cgi?id=150687
1432
1433         Unreviewed.
1434
1435         Disabling the feature while it is being debugged.  I'm doing this by effectively
1436         rolling out only the changes in FTLCapabilities.cpp.
1437
1438         * ftl/FTLCapabilities.cpp:
1439         (JSC::FTL::canCompile):
1440
1441 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1442
1443         Unreviewed, fix iOS build.
1444
1445         * assembler/MacroAssemblerARM64.h:
1446         (JSC::MacroAssemblerARM64::store64):
1447
1448 2015-10-29  Alex Christensen  <achristensen@webkit.org>
1449
1450         Fix Mac CMake build
1451         https://bugs.webkit.org/show_bug.cgi?id=150686
1452
1453         Reviewed by Filip Pizlo.
1454
1455         * API/ObjCCallbackFunction.mm:
1456         * CMakeLists.txt:
1457         * PlatformMac.cmake:
1458
1459 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1460
1461         Air needs syntax for escaping StackSlots
1462         https://bugs.webkit.org/show_bug.cgi?id=150430
1463
1464         Reviewed by Geoffrey Garen.
1465
1466         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
1467         instruction for getting the value of an address. This is necessary to support arbitrary
1468         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
1469         this new instruction.
1470
1471         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
1472         would do: it evaluates an address, but does not load from it or store to it.
1473
1474         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
1475         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
1476         that StackSlots may escape, and factors this into its analysis.
1477
1478         * assembler/MacroAssembler.h:
1479         (JSC::MacroAssembler::lea):
1480         * b3/B3AddressMatcher.patterns:
1481         * b3/B3LowerToAir.cpp:
1482         (JSC::B3::Air::LowerToAir::run):
1483         (JSC::B3::Air::LowerToAir::addr):
1484         (JSC::B3::Air::LowerToAir::loadAddr):
1485         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1486         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
1487         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
1488         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1489         (JSC::B3::Air::LowerToAir::tryConst64):
1490         (JSC::B3::Air::LowerToAir::tryFramePointer):
1491         (JSC::B3::Air::LowerToAir::tryStackSlot):
1492         (JSC::B3::Air::LowerToAir::tryIdentity):
1493         * b3/B3LoweringMatcher.patterns:
1494         * b3/B3MemoryValue.cpp:
1495         (JSC::B3::MemoryValue::~MemoryValue):
1496         (JSC::B3::MemoryValue::accessByteSize):
1497         (JSC::B3::MemoryValue::dumpMeta):
1498         * b3/B3MemoryValue.h:
1499         * b3/B3ReduceStrength.cpp:
1500         * b3/B3StackSlotValue.h:
1501         (JSC::B3::StackSlotValue::accepts): Deleted.
1502         * b3/B3Type.h:
1503         (JSC::B3::pointerType):
1504         (JSC::B3::sizeofType):
1505         * b3/B3Validate.cpp:
1506         * b3/B3Value.h:
1507         * b3/air/AirAllocateStack.cpp:
1508         (JSC::B3::Air::allocateStack):
1509         * b3/air/AirArg.h:
1510         (JSC::B3::Air::Arg::isUse):
1511         (JSC::B3::Air::Arg::isDef):
1512         (JSC::B3::Air::Arg::forEachTmp):
1513         * b3/air/AirCode.cpp:
1514         (JSC::B3::Air::Code::addStackSlot):
1515         (JSC::B3::Air::Code::addSpecial):
1516         * b3/air/AirCode.h:
1517         * b3/air/AirOpcode.opcodes:
1518         * b3/air/AirSpillEverything.cpp:
1519         (JSC::B3::Air::spillEverything):
1520         * b3/air/AirStackSlot.h:
1521         (JSC::B3::Air::StackSlot::byteSize):
1522         (JSC::B3::Air::StackSlot::kind):
1523         (JSC::B3::Air::StackSlot::isLocked):
1524         (JSC::B3::Air::StackSlot::index):
1525         (JSC::B3::Air::StackSlot::alignment):
1526         * b3/air/opcode_generator.rb:
1527         * b3/testb3.cpp:
1528         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1529         (JSC::B3::testFramePointer):
1530         (JSC::B3::testStackSlot):
1531         (JSC::B3::testLoadFromFramePointer):
1532         (JSC::B3::testStoreLoadStackSlot):
1533         (JSC::B3::run):
1534
1535 2015-10-29  Saam barati  <sbarati@apple.com>
1536
1537         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
1538         https://bugs.webkit.org/show_bug.cgi?id=150655
1539
1540         Reviewed by Filip Pizlo.
1541
1542         We're recomputing this value for an *OSRExitDescriptor* for every one
1543         of its corresponding *OSRExits*. This is having a multiplicative
1544         effect on offsets because each computation is relative to the previous
1545         value. We must do this computation just once per OSRExitDescriptor.
1546
1547         * ftl/FTLCompile.cpp:
1548         (JSC::FTL::mmAllocateDataSection):
1549
1550 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1551
1552         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
1553         https://bugs.webkit.org/show_bug.cgi?id=150657
1554
1555         Reviewed by Geoffrey Garen.
1556
1557         Also added the ability to store an immediate to memory.
1558
1559         * assembler/MacroAssembler.h:
1560         (JSC::MacroAssembler::storePtr):
1561         * assembler/MacroAssemblerARM64.h:
1562         (JSC::MacroAssemblerARM64::store64):
1563         * assembler/MacroAssemblerX86_64.h:
1564         (JSC::MacroAssemblerX86_64::store64):
1565         * b3/B3LowerToAir.cpp:
1566         (JSC::B3::Air::LowerToAir::imm):
1567         (JSC::B3::Air::LowerToAir::immAnyInt):
1568         (JSC::B3::Air::LowerToAir::immOrTmp):
1569         (JSC::B3::Air::LowerToAir::tryStore):
1570         * b3/air/AirOpcode.opcodes:
1571         * b3/air/AirSpillEverything.cpp:
1572         (JSC::B3::Air::spillEverything):
1573         * b3/testb3.cpp:
1574         (JSC::B3::testStore):
1575         (JSC::B3::testStoreConstant):
1576         (JSC::B3::testStoreConstantPtr):
1577         (JSC::B3::testTrunc):
1578         (JSC::B3::run):
1579
1580 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
1581
1582         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
1583         https://bugs.webkit.org/show_bug.cgi?id=150654
1584
1585         Reviewed by Geoffrey Garen.
1586
1587         * inspector/scripts/codegen/generator.py:
1588
1589 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1590
1591         B3::reduceStrength() should do DCE
1592         https://bugs.webkit.org/show_bug.cgi?id=150656
1593
1594         Reviewed by Saam Barati.
1595
1596         * b3/B3BasicBlock.cpp:
1597         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
1598         * b3/B3BasicBlock.h:
1599         * b3/B3Procedure.cpp:
1600         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
1601         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
1602         * b3/B3Procedure.h:
1603         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
1604         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
1605         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
1606         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
1607         (JSC::B3::Procedure::values):
1608         * b3/B3ProcedureInlines.h:
1609         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
1610         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
1611
1612 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
1613
1614         Web Inspector: Remove unused / duplicate WebSocket timeline records
1615         https://bugs.webkit.org/show_bug.cgi?id=150647
1616
1617         Reviewed by Timothy Hatcher.
1618
1619         * inspector/protocol/Timeline.json:
1620
1621 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1622
1623         B3::LowerToAir should not duplicate Loads
1624         https://bugs.webkit.org/show_bug.cgi?id=150651
1625
1626         Reviewed by Benjamin Poulain.
1627
1628         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
1629         if we haven't already emitted code that uses the Value and the Value has only one direct
1630         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
1631         Value: we won't emit any more code for it in the future.
1632
1633         The optimization to fuse Loads was forgetting to do all of these things, and so generated
1634         code would have a lot of duplicated Loads. That's bad and this change fixes that.
1635
1636         Ordinarily, this is far less tricky because the pattern matcher does this for us via
1637         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
1638         won't need to do this manually very often.
1639
1640         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
1641         debug.
1642
1643         * b3/B3IndexMap.h:
1644         (JSC::B3::IndexMap::IndexMap):
1645         (JSC::B3::IndexMap::resize):
1646         (JSC::B3::IndexMap::operator[]):
1647         * b3/B3LowerToAir.cpp:
1648         (JSC::B3::Air::LowerToAir::tmp):
1649         (JSC::B3::Air::LowerToAir::canBeInternal):
1650         (JSC::B3::Air::LowerToAir::commitInternal):
1651         (JSC::B3::Air::LowerToAir::effectiveAddr):
1652         (JSC::B3::Air::LowerToAir::loadAddr):
1653         (JSC::B3::Air::LowerToAir::appendBinOp):
1654         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1655         (JSC::B3::Air::LowerToAir::acceptInternals):
1656         * b3/B3UseCounts.cpp:
1657         (JSC::B3::UseCounts::UseCounts):
1658
1659 2015-10-28  Mark Lam  <mark.lam@apple.com>
1660
1661         JITSubGenerator::generateFastPath() does not need to be inlined.
1662         https://bugs.webkit.org/show_bug.cgi?id=150645
1663
1664         Reviewed by Geoffrey Garen.
1665
1666         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
1667         perf neutral.
1668
1669         * CMakeLists.txt:
1670         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1671         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1672         * JavaScriptCore.xcodeproj/project.pbxproj:
1673         * ftl/FTLCompile.cpp:
1674         * jit/JITSubGenerator.cpp: Added.
1675         (JSC::JITSubGenerator::generateFastPath):
1676         * jit/JITSubGenerator.h:
1677         (JSC::JITSubGenerator::JITSubGenerator):
1678         (JSC::JITSubGenerator::endJumpList):
1679         (JSC::JITSubGenerator::slowPathJumpList):
1680         (JSC::JITSubGenerator::generateFastPath): Deleted.
1681
1682 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1683
1684         [B3] handleCommutativity should canonicalize commutative operations over non-constants
1685         https://bugs.webkit.org/show_bug.cgi?id=150649
1686
1687         Reviewed by Saam Barati.
1688
1689         Turn this: Add(value1, value2)
1690         Into this: Add(value2, value1)
1691
1692         But ony if value2 should come before value1 according to our total ordering. This will allow
1693         CSE to observe the equality between commuted versions of the same operation, since we will
1694         first canonicalize them into the same order.
1695
1696         * b3/B3ReduceStrength.cpp:
1697
1698 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1699
1700         Unreviewed, fix the build for case sensitive file systems.
1701
1702         * b3/air/AirBasicBlock.h:
1703         * b3/air/AirStackSlot.h:
1704
1705 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1706
1707         Create a super rough prototype of B3
1708         https://bugs.webkit.org/show_bug.cgi?id=150280
1709
1710         Reviewed by Benjamin Poulain.
1711
1712         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
1713         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
1714         for aggressive C-level optimizations and an awesome portable backend. The backend, called
1715         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
1716         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
1717         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
1718         instruction selection, reflectively selects Air opcodes by querying which instruction forms
1719         are possible. Air allows for optimal register allocation and stack layout. Currently the
1720         register allocator isn't written, but the stack layout is.
1721
1722         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
1723         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
1724         stuff added to the instruction selector. But it's a neat start.
1725
1726         * CMakeLists.txt:
1727         * DerivedSources.make:
1728         * JavaScriptCore.xcodeproj/project.pbxproj:
1729         * assembler/MacroAssembler.cpp:
1730         (WTF::printInternal):
1731         * assembler/MacroAssembler.h:
1732         * b3: Added.
1733         * b3/B3AddressMatcher.patterns: Added.
1734         * b3/B3ArgumentRegValue.cpp: Added.
1735         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
1736         (JSC::B3::ArgumentRegValue::dumpMeta):
1737         * b3/B3ArgumentRegValue.h: Added.
1738         * b3/B3BasicBlock.cpp: Added.
1739         (JSC::B3::BasicBlock::BasicBlock):
1740         (JSC::B3::BasicBlock::~BasicBlock):
1741         (JSC::B3::BasicBlock::append):
1742         (JSC::B3::BasicBlock::addPredecessor):
1743         (JSC::B3::BasicBlock::removePredecessor):
1744         (JSC::B3::BasicBlock::replacePredecessor):
1745         (JSC::B3::BasicBlock::removeNops):
1746         (JSC::B3::BasicBlock::dump):
1747         (JSC::B3::BasicBlock::deepDump):
1748         * b3/B3BasicBlock.h: Added.
1749         (JSC::B3::BasicBlock::index):
1750         (JSC::B3::BasicBlock::begin):
1751         (JSC::B3::BasicBlock::end):
1752         (JSC::B3::BasicBlock::size):
1753         (JSC::B3::BasicBlock::at):
1754         (JSC::B3::BasicBlock::last):
1755         (JSC::B3::BasicBlock::values):
1756         (JSC::B3::BasicBlock::numPredecessors):
1757         (JSC::B3::BasicBlock::predecessor):
1758         (JSC::B3::BasicBlock::predecessors):
1759         (JSC::B3::BasicBlock::frequency):
1760         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
1761         (JSC::B3::DeepBasicBlockDump::dump):
1762         (JSC::B3::deepDump):
1763         * b3/B3BasicBlockInlines.h: Added.
1764         (JSC::B3::BasicBlock::appendNew):
1765         (JSC::B3::BasicBlock::numSuccessors):
1766         (JSC::B3::BasicBlock::successor):
1767         (JSC::B3::BasicBlock::successors):
1768         (JSC::B3::BasicBlock::successorBlock):
1769         (JSC::B3::BasicBlock::successorBlocks):
1770         * b3/B3BasicBlockUtils.h: Added.
1771         (JSC::B3::addPredecessor):
1772         (JSC::B3::removePredecessor):
1773         (JSC::B3::replacePredecessor):
1774         (JSC::B3::resetReachability):
1775         (JSC::B3::blocksInPreOrder):
1776         (JSC::B3::blocksInPostOrder):
1777         * b3/B3BlockWorklist.h: Added.
1778         * b3/B3CheckSpecial.cpp: Added.
1779         (JSC::B3::Air::numB3Args):
1780         (JSC::B3::CheckSpecial::CheckSpecial):
1781         (JSC::B3::CheckSpecial::~CheckSpecial):
1782         (JSC::B3::CheckSpecial::hiddenBranch):
1783         (JSC::B3::CheckSpecial::forEachArg):
1784         (JSC::B3::CheckSpecial::isValid):
1785         (JSC::B3::CheckSpecial::admitsStack):
1786         (JSC::B3::CheckSpecial::generate):
1787         (JSC::B3::CheckSpecial::dumpImpl):
1788         (JSC::B3::CheckSpecial::deepDumpImpl):
1789         * b3/B3CheckSpecial.h: Added.
1790         * b3/B3CheckValue.cpp: Added.
1791         (JSC::B3::CheckValue::~CheckValue):
1792         (JSC::B3::CheckValue::dumpMeta):
1793         * b3/B3CheckValue.h: Added.
1794         * b3/B3Common.cpp: Added.
1795         (JSC::B3::shouldDumpIR):
1796         (JSC::B3::shouldDumpIRAtEachPhase):
1797         (JSC::B3::shouldValidateIR):
1798         (JSC::B3::shouldValidateIRAtEachPhase):
1799         (JSC::B3::shouldSaveIRBeforePhase):
1800         * b3/B3Common.h: Added.
1801         (JSC::B3::is64Bit):
1802         (JSC::B3::is32Bit):
1803         * b3/B3Commutativity.cpp: Added.
1804         (WTF::printInternal):
1805         * b3/B3Commutativity.h: Added.
1806         * b3/B3Const32Value.cpp: Added.
1807         (JSC::B3::Const32Value::~Const32Value):
1808         (JSC::B3::Const32Value::negConstant):
1809         (JSC::B3::Const32Value::addConstant):
1810         (JSC::B3::Const32Value::subConstant):
1811         (JSC::B3::Const32Value::dumpMeta):
1812         * b3/B3Const32Value.h: Added.
1813         * b3/B3Const64Value.cpp: Added.
1814         (JSC::B3::Const64Value::~Const64Value):
1815         (JSC::B3::Const64Value::negConstant):
1816         (JSC::B3::Const64Value::addConstant):
1817         (JSC::B3::Const64Value::subConstant):
1818         (JSC::B3::Const64Value::dumpMeta):
1819         * b3/B3Const64Value.h: Added.
1820         * b3/B3ConstDoubleValue.cpp: Added.
1821         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
1822         (JSC::B3::ConstDoubleValue::negConstant):
1823         (JSC::B3::ConstDoubleValue::addConstant):
1824         (JSC::B3::ConstDoubleValue::subConstant):
1825         (JSC::B3::ConstDoubleValue::dumpMeta):
1826         * b3/B3ConstDoubleValue.h: Added.
1827         (JSC::B3::ConstDoubleValue::accepts):
1828         (JSC::B3::ConstDoubleValue::value):
1829         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
1830         * b3/B3ConstPtrValue.h: Added.
1831         (JSC::B3::ConstPtrValue::value):
1832         (JSC::B3::ConstPtrValue::ConstPtrValue):
1833         * b3/B3ControlValue.cpp: Added.
1834         (JSC::B3::ControlValue::~ControlValue):
1835         (JSC::B3::ControlValue::dumpMeta):
1836         * b3/B3ControlValue.h: Added.
1837         * b3/B3Effects.cpp: Added.
1838         (JSC::B3::Effects::dump):
1839         * b3/B3Effects.h: Added.
1840         (JSC::B3::Effects::mustExecute):
1841         * b3/B3FrequencyClass.cpp: Added.
1842         (WTF::printInternal):
1843         * b3/B3FrequencyClass.h: Added.
1844         * b3/B3FrequentedBlock.h: Added.
1845         * b3/B3Generate.cpp: Added.
1846         (JSC::B3::generate):
1847         (JSC::B3::generateToAir):
1848         * b3/B3Generate.h: Added.
1849         * b3/B3GenericFrequentedBlock.h: Added.
1850         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
1851         (JSC::B3::GenericFrequentedBlock::operator==):
1852         (JSC::B3::GenericFrequentedBlock::operator!=):
1853         (JSC::B3::GenericFrequentedBlock::operator bool):
1854         (JSC::B3::GenericFrequentedBlock::block):
1855         (JSC::B3::GenericFrequentedBlock::frequency):
1856         (JSC::B3::GenericFrequentedBlock::dump):
1857         * b3/B3HeapRange.cpp: Added.
1858         (JSC::B3::HeapRange::dump):
1859         * b3/B3HeapRange.h: Added.
1860         (JSC::B3::HeapRange::HeapRange):
1861         (JSC::B3::HeapRange::top):
1862         (JSC::B3::HeapRange::operator==):
1863         (JSC::B3::HeapRange::operator!=):
1864         (JSC::B3::HeapRange::operator bool):
1865         (JSC::B3::HeapRange::begin):
1866         (JSC::B3::HeapRange::end):
1867         (JSC::B3::HeapRange::overlaps):
1868         * b3/B3IndexMap.h: Added.
1869         (JSC::B3::IndexMap::IndexMap):
1870         (JSC::B3::IndexMap::resize):
1871         (JSC::B3::IndexMap::operator[]):
1872         * b3/B3IndexSet.h: Added.
1873         (JSC::B3::IndexSet::IndexSet):
1874         (JSC::B3::IndexSet::add):
1875         (JSC::B3::IndexSet::contains):
1876         (JSC::B3::IndexSet::Iterable::Iterable):
1877         (JSC::B3::IndexSet::Iterable::iterator::iterator):
1878         (JSC::B3::IndexSet::Iterable::iterator::operator*):
1879         (JSC::B3::IndexSet::Iterable::iterator::operator++):
1880         (JSC::B3::IndexSet::Iterable::iterator::operator==):
1881         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
1882         (JSC::B3::IndexSet::Iterable::begin):
1883         (JSC::B3::IndexSet::Iterable::end):
1884         (JSC::B3::IndexSet::values):
1885         (JSC::B3::IndexSet::indices):
1886         (JSC::B3::IndexSet::dump):
1887         * b3/B3InsertionSet.cpp: Added.
1888         (JSC::B3::InsertionSet::execute):
1889         * b3/B3InsertionSet.h: Added.
1890         (JSC::B3::InsertionSet::InsertionSet):
1891         (JSC::B3::InsertionSet::code):
1892         (JSC::B3::InsertionSet::appendInsertion):
1893         (JSC::B3::InsertionSet::insertValue):
1894         * b3/B3InsertionSetInlines.h: Added.
1895         (JSC::B3::InsertionSet::insert):
1896         * b3/B3LowerToAir.cpp: Added.
1897         (JSC::B3::Air::LowerToAir::LowerToAir):
1898         (JSC::B3::Air::LowerToAir::run):
1899         (JSC::B3::Air::LowerToAir::tmp):
1900         (JSC::B3::Air::LowerToAir::effectiveAddr):
1901         (JSC::B3::Air::LowerToAir::addr):
1902         (JSC::B3::Air::LowerToAir::loadAddr):
1903         (JSC::B3::Air::LowerToAir::imm):
1904         (JSC::B3::Air::LowerToAir::immOrTmp):
1905         (JSC::B3::Air::LowerToAir::appendBinOp):
1906         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1907         (JSC::B3::Air::LowerToAir::moveForType):
1908         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
1909         (JSC::B3::Air::LowerToAir::append):
1910         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
1911         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1912         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
1913         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
1914         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
1915         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
1916         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
1917         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
1918         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
1919         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1920         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1921         (JSC::B3::Air::LowerToAir::acceptRoot):
1922         (JSC::B3::Air::LowerToAir::acceptRootLate):
1923         (JSC::B3::Air::LowerToAir::acceptInternals):
1924         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
1925         (JSC::B3::Air::LowerToAir::acceptOperands):
1926         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
1927         (JSC::B3::Air::LowerToAir::tryLoad):
1928         (JSC::B3::Air::LowerToAir::tryAdd):
1929         (JSC::B3::Air::LowerToAir::tryAnd):
1930         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1931         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
1932         (JSC::B3::Air::LowerToAir::tryStore):
1933         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
1934         (JSC::B3::Air::LowerToAir::tryTrunc):
1935         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1936         (JSC::B3::Air::LowerToAir::tryConst32):
1937         (JSC::B3::Air::LowerToAir::tryConst64):
1938         (JSC::B3::Air::LowerToAir::tryIdentity):
1939         (JSC::B3::Air::LowerToAir::tryReturn):
1940         (JSC::B3::lowerToAir):
1941         * b3/B3LowerToAir.h: Added.
1942         * b3/B3LoweringMatcher.patterns: Added.
1943         * b3/B3MemoryValue.cpp: Added.
1944         (JSC::B3::MemoryValue::~MemoryValue):
1945         (JSC::B3::MemoryValue::dumpMeta):
1946         * b3/B3MemoryValue.h: Added.
1947         * b3/B3Opcode.cpp: Added.
1948         (WTF::printInternal):
1949         * b3/B3Opcode.h: Added.
1950         (JSC::B3::isCheckMath):
1951         * b3/B3Origin.cpp: Added.
1952         (JSC::B3::Origin::dump):
1953         * b3/B3Origin.h: Added.
1954         (JSC::B3::Origin::Origin):
1955         (JSC::B3::Origin::operator bool):
1956         (JSC::B3::Origin::data):
1957         * b3/B3PatchpointSpecial.cpp: Added.
1958         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
1959         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
1960         (JSC::B3::PatchpointSpecial::forEachArg):
1961         (JSC::B3::PatchpointSpecial::isValid):
1962         (JSC::B3::PatchpointSpecial::admitsStack):
1963         (JSC::B3::PatchpointSpecial::generate):
1964         (JSC::B3::PatchpointSpecial::dumpImpl):
1965         (JSC::B3::PatchpointSpecial::deepDumpImpl):
1966         * b3/B3PatchpointSpecial.h: Added.
1967         * b3/B3PatchpointValue.cpp: Added.
1968         (JSC::B3::PatchpointValue::~PatchpointValue):
1969         (JSC::B3::PatchpointValue::dumpMeta):
1970         * b3/B3PatchpointValue.h: Added.
1971         (JSC::B3::PatchpointValue::accepts):
1972         (JSC::B3::PatchpointValue::PatchpointValue):
1973         * b3/B3PhaseScope.cpp: Added.
1974         (JSC::B3::PhaseScope::PhaseScope):
1975         (JSC::B3::PhaseScope::~PhaseScope):
1976         * b3/B3PhaseScope.h: Added.
1977         * b3/B3Procedure.cpp: Added.
1978         (JSC::B3::Procedure::Procedure):
1979         (JSC::B3::Procedure::~Procedure):
1980         (JSC::B3::Procedure::addBlock):
1981         (JSC::B3::Procedure::resetReachability):
1982         (JSC::B3::Procedure::dump):
1983         (JSC::B3::Procedure::blocksInPreOrder):
1984         (JSC::B3::Procedure::blocksInPostOrder):
1985         * b3/B3Procedure.h: Added.
1986         (JSC::B3::Procedure::size):
1987         (JSC::B3::Procedure::at):
1988         (JSC::B3::Procedure::operator[]):
1989         (JSC::B3::Procedure::iterator::iterator):
1990         (JSC::B3::Procedure::iterator::operator*):
1991         (JSC::B3::Procedure::iterator::operator++):
1992         (JSC::B3::Procedure::iterator::operator==):
1993         (JSC::B3::Procedure::iterator::operator!=):
1994         (JSC::B3::Procedure::iterator::findNext):
1995         (JSC::B3::Procedure::begin):
1996         (JSC::B3::Procedure::end):
1997         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
1998         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
1999         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
2000         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2001         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
2002         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2003         (JSC::B3::Procedure::ValuesCollection::begin):
2004         (JSC::B3::Procedure::ValuesCollection::end):
2005         (JSC::B3::Procedure::ValuesCollection::size):
2006         (JSC::B3::Procedure::ValuesCollection::at):
2007         (JSC::B3::Procedure::ValuesCollection::operator[]):
2008         (JSC::B3::Procedure::values):
2009         (JSC::B3::Procedure::setLastPhaseName):
2010         (JSC::B3::Procedure::lastPhaseName):
2011         * b3/B3ProcedureInlines.h: Added.
2012         (JSC::B3::Procedure::add):
2013         * b3/B3ReduceStrength.cpp: Added.
2014         (JSC::B3::reduceStrength):
2015         * b3/B3ReduceStrength.h: Added.
2016         * b3/B3StackSlotKind.cpp: Added.
2017         (WTF::printInternal):
2018         * b3/B3StackSlotKind.h: Added.
2019         * b3/B3StackSlotValue.cpp: Added.
2020         (JSC::B3::StackSlotValue::~StackSlotValue):
2021         (JSC::B3::StackSlotValue::dumpMeta):
2022         * b3/B3StackSlotValue.h: Added.
2023         (JSC::B3::StackSlotValue::accepts):
2024         (JSC::B3::StackSlotValue::byteSize):
2025         (JSC::B3::StackSlotValue::kind):
2026         (JSC::B3::StackSlotValue::offsetFromFP):
2027         (JSC::B3::StackSlotValue::setOffsetFromFP):
2028         (JSC::B3::StackSlotValue::StackSlotValue):
2029         * b3/B3Stackmap.cpp: Added.
2030         (JSC::B3::Stackmap::Stackmap):
2031         (JSC::B3::Stackmap::~Stackmap):
2032         (JSC::B3::Stackmap::dump):
2033         * b3/B3Stackmap.h: Added.
2034         (JSC::B3::Stackmap::constrain):
2035         (JSC::B3::Stackmap::reps):
2036         (JSC::B3::Stackmap::clobber):
2037         (JSC::B3::Stackmap::clobbered):
2038         (JSC::B3::Stackmap::setGenerator):
2039         * b3/B3StackmapSpecial.cpp: Added.
2040         (JSC::B3::StackmapSpecial::StackmapSpecial):
2041         (JSC::B3::StackmapSpecial::~StackmapSpecial):
2042         (JSC::B3::StackmapSpecial::reportUsedRegisters):
2043         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2044         (JSC::B3::StackmapSpecial::forEachArgImpl):
2045         (JSC::B3::StackmapSpecial::isValidImpl):
2046         (JSC::B3::StackmapSpecial::admitsStackImpl):
2047         (JSC::B3::StackmapSpecial::appendRepsImpl):
2048         (JSC::B3::StackmapSpecial::repForArg):
2049         * b3/B3StackmapSpecial.h: Added.
2050         * b3/B3SuccessorCollection.h: Added.
2051         (JSC::B3::SuccessorCollection::SuccessorCollection):
2052         (JSC::B3::SuccessorCollection::size):
2053         (JSC::B3::SuccessorCollection::at):
2054         (JSC::B3::SuccessorCollection::operator[]):
2055         (JSC::B3::SuccessorCollection::iterator::iterator):
2056         (JSC::B3::SuccessorCollection::iterator::operator*):
2057         (JSC::B3::SuccessorCollection::iterator::operator++):
2058         (JSC::B3::SuccessorCollection::iterator::operator==):
2059         (JSC::B3::SuccessorCollection::iterator::operator!=):
2060         (JSC::B3::SuccessorCollection::begin):
2061         (JSC::B3::SuccessorCollection::end):
2062         * b3/B3SwitchCase.cpp: Added.
2063         (JSC::B3::SwitchCase::dump):
2064         * b3/B3SwitchCase.h: Added.
2065         (JSC::B3::SwitchCase::SwitchCase):
2066         (JSC::B3::SwitchCase::operator bool):
2067         (JSC::B3::SwitchCase::caseValue):
2068         (JSC::B3::SwitchCase::target):
2069         (JSC::B3::SwitchCase::targetBlock):
2070         * b3/B3SwitchValue.cpp: Added.
2071         (JSC::B3::SwitchValue::~SwitchValue):
2072         (JSC::B3::SwitchValue::removeCase):
2073         (JSC::B3::SwitchValue::appendCase):
2074         (JSC::B3::SwitchValue::dumpMeta):
2075         (JSC::B3::SwitchValue::SwitchValue):
2076         * b3/B3SwitchValue.h: Added.
2077         (JSC::B3::SwitchValue::accepts):
2078         (JSC::B3::SwitchValue::numCaseValues):
2079         (JSC::B3::SwitchValue::caseValue):
2080         (JSC::B3::SwitchValue::caseValues):
2081         (JSC::B3::SwitchValue::fallThrough):
2082         (JSC::B3::SwitchValue::size):
2083         (JSC::B3::SwitchValue::at):
2084         (JSC::B3::SwitchValue::operator[]):
2085         (JSC::B3::SwitchValue::iterator::iterator):
2086         (JSC::B3::SwitchValue::iterator::operator*):
2087         (JSC::B3::SwitchValue::iterator::operator++):
2088         (JSC::B3::SwitchValue::iterator::operator==):
2089         (JSC::B3::SwitchValue::iterator::operator!=):
2090         (JSC::B3::SwitchValue::begin):
2091         (JSC::B3::SwitchValue::end):
2092         * b3/B3Type.cpp: Added.
2093         (WTF::printInternal):
2094         * b3/B3Type.h: Added.
2095         (JSC::B3::isInt):
2096         (JSC::B3::isFloat):
2097         (JSC::B3::pointerType):
2098         * b3/B3UpsilonValue.cpp: Added.
2099         (JSC::B3::UpsilonValue::~UpsilonValue):
2100         (JSC::B3::UpsilonValue::dumpMeta):
2101         * b3/B3UpsilonValue.h: Added.
2102         (JSC::B3::UpsilonValue::accepts):
2103         (JSC::B3::UpsilonValue::phi):
2104         (JSC::B3::UpsilonValue::UpsilonValue):
2105         * b3/B3UseCounts.cpp: Added.
2106         (JSC::B3::UseCounts::UseCounts):
2107         (JSC::B3::UseCounts::~UseCounts):
2108         * b3/B3UseCounts.h: Added.
2109         (JSC::B3::UseCounts::operator[]):
2110         * b3/B3Validate.cpp: Added.
2111         (JSC::B3::validate):
2112         * b3/B3Validate.h: Added.
2113         * b3/B3Value.cpp: Added.
2114         (JSC::B3::Value::~Value):
2115         (JSC::B3::Value::replaceWithIdentity):
2116         (JSC::B3::Value::replaceWithNop):
2117         (JSC::B3::Value::dump):
2118         (JSC::B3::Value::deepDump):
2119         (JSC::B3::Value::negConstant):
2120         (JSC::B3::Value::addConstant):
2121         (JSC::B3::Value::subConstant):
2122         (JSC::B3::Value::effects):
2123         (JSC::B3::Value::performSubstitution):
2124         (JSC::B3::Value::dumpMeta):
2125         (JSC::B3::Value::typeFor):
2126         * b3/B3Value.h: Added.
2127         (JSC::B3::DeepValueDump::DeepValueDump):
2128         (JSC::B3::DeepValueDump::dump):
2129         (JSC::B3::deepDump):
2130         * b3/B3ValueInlines.h: Added.
2131         (JSC::B3::Value::as):
2132         (JSC::B3::Value::isConstant):
2133         (JSC::B3::Value::hasInt32):
2134         (JSC::B3::Value::asInt32):
2135         (JSC::B3::Value::hasInt64):
2136         (JSC::B3::Value::asInt64):
2137         (JSC::B3::Value::hasInt):
2138         (JSC::B3::Value::asInt):
2139         (JSC::B3::Value::isInt):
2140         (JSC::B3::Value::hasIntPtr):
2141         (JSC::B3::Value::asIntPtr):
2142         (JSC::B3::Value::hasDouble):
2143         (JSC::B3::Value::asDouble):
2144         (JSC::B3::Value::stackmap):
2145         * b3/B3ValueRep.cpp: Added.
2146         (JSC::B3::ValueRep::dump):
2147         (WTF::printInternal):
2148         * b3/B3ValueRep.h: Added.
2149         (JSC::B3::ValueRep::ValueRep):
2150         (JSC::B3::ValueRep::reg):
2151         (JSC::B3::ValueRep::stack):
2152         (JSC::B3::ValueRep::stackArgument):
2153         (JSC::B3::ValueRep::constant):
2154         (JSC::B3::ValueRep::constantDouble):
2155         (JSC::B3::ValueRep::kind):
2156         (JSC::B3::ValueRep::operator bool):
2157         (JSC::B3::ValueRep::offsetFromFP):
2158         (JSC::B3::ValueRep::offsetFromSP):
2159         (JSC::B3::ValueRep::value):
2160         (JSC::B3::ValueRep::doubleValue):
2161         * b3/air: Added.
2162         * b3/air/AirAllocateStack.cpp: Added.
2163         (JSC::B3::Air::allocateStack):
2164         * b3/air/AirAllocateStack.h: Added.
2165         * b3/air/AirArg.cpp: Added.
2166         (JSC::B3::Air::Arg::dump):
2167         * b3/air/AirArg.h: Added.
2168         (JSC::B3::Air::Arg::isUse):
2169         (JSC::B3::Air::Arg::isDef):
2170         (JSC::B3::Air::Arg::typeForB3Type):
2171         (JSC::B3::Air::Arg::Arg):
2172         (JSC::B3::Air::Arg::imm):
2173         (JSC::B3::Air::Arg::imm64):
2174         (JSC::B3::Air::Arg::addr):
2175         (JSC::B3::Air::Arg::stack):
2176         (JSC::B3::Air::Arg::callArg):
2177         (JSC::B3::Air::Arg::isValidScale):
2178         (JSC::B3::Air::Arg::logScale):
2179         (JSC::B3::Air::Arg::index):
2180         (JSC::B3::Air::Arg::relCond):
2181         (JSC::B3::Air::Arg::resCond):
2182         (JSC::B3::Air::Arg::special):
2183         (JSC::B3::Air::Arg::operator==):
2184         (JSC::B3::Air::Arg::operator!=):
2185         (JSC::B3::Air::Arg::operator bool):
2186         (JSC::B3::Air::Arg::kind):
2187         (JSC::B3::Air::Arg::isTmp):
2188         (JSC::B3::Air::Arg::isImm):
2189         (JSC::B3::Air::Arg::isImm64):
2190         (JSC::B3::Air::Arg::isAddr):
2191         (JSC::B3::Air::Arg::isStack):
2192         (JSC::B3::Air::Arg::isCallArg):
2193         (JSC::B3::Air::Arg::isIndex):
2194         (JSC::B3::Air::Arg::isRelCond):
2195         (JSC::B3::Air::Arg::isResCond):
2196         (JSC::B3::Air::Arg::isSpecial):
2197         (JSC::B3::Air::Arg::isAlive):
2198         (JSC::B3::Air::Arg::tmp):
2199         (JSC::B3::Air::Arg::value):
2200         (JSC::B3::Air::Arg::pointerValue):
2201         (JSC::B3::Air::Arg::base):
2202         (JSC::B3::Air::Arg::hasOffset):
2203         (JSC::B3::Air::Arg::offset):
2204         (JSC::B3::Air::Arg::stackSlot):
2205         (JSC::B3::Air::Arg::scale):
2206         (JSC::B3::Air::Arg::isGPTmp):
2207         (JSC::B3::Air::Arg::isFPTmp):
2208         (JSC::B3::Air::Arg::isGP):
2209         (JSC::B3::Air::Arg::isFP):
2210         (JSC::B3::Air::Arg::hasType):
2211         (JSC::B3::Air::Arg::type):
2212         (JSC::B3::Air::Arg::isType):
2213         (JSC::B3::Air::Arg::isGPR):
2214         (JSC::B3::Air::Arg::gpr):
2215         (JSC::B3::Air::Arg::isFPR):
2216         (JSC::B3::Air::Arg::fpr):
2217         (JSC::B3::Air::Arg::isReg):
2218         (JSC::B3::Air::Arg::reg):
2219         (JSC::B3::Air::Arg::gpTmpIndex):
2220         (JSC::B3::Air::Arg::fpTmpIndex):
2221         (JSC::B3::Air::Arg::tmpIndex):
2222         (JSC::B3::Air::Arg::withOffset):
2223         (JSC::B3::Air::Arg::forEachTmpFast):
2224         (JSC::B3::Air::Arg::forEachTmp):
2225         (JSC::B3::Air::Arg::asTrustedImm32):
2226         (JSC::B3::Air::Arg::asTrustedImm64):
2227         (JSC::B3::Air::Arg::asTrustedImmPtr):
2228         (JSC::B3::Air::Arg::asAddress):
2229         (JSC::B3::Air::Arg::asBaseIndex):
2230         (JSC::B3::Air::Arg::asRelationalCondition):
2231         (JSC::B3::Air::Arg::asResultCondition):
2232         (JSC::B3::Air::Arg::isHashTableDeletedValue):
2233         (JSC::B3::Air::Arg::hash):
2234         (JSC::B3::Air::ArgHash::hash):
2235         (JSC::B3::Air::ArgHash::equal):
2236         * b3/air/AirBasicBlock.cpp: Added.
2237         (JSC::B3::Air::BasicBlock::addPredecessor):
2238         (JSC::B3::Air::BasicBlock::removePredecessor):
2239         (JSC::B3::Air::BasicBlock::replacePredecessor):
2240         (JSC::B3::Air::BasicBlock::dump):
2241         (JSC::B3::Air::BasicBlock::deepDump):
2242         (JSC::B3::Air::BasicBlock::BasicBlock):
2243         * b3/air/AirBasicBlock.h: Added.
2244         (JSC::B3::Air::BasicBlock::index):
2245         (JSC::B3::Air::BasicBlock::size):
2246         (JSC::B3::Air::BasicBlock::begin):
2247         (JSC::B3::Air::BasicBlock::end):
2248         (JSC::B3::Air::BasicBlock::at):
2249         (JSC::B3::Air::BasicBlock::last):
2250         (JSC::B3::Air::BasicBlock::appendInst):
2251         (JSC::B3::Air::BasicBlock::append):
2252         (JSC::B3::Air::BasicBlock::numSuccessors):
2253         (JSC::B3::Air::BasicBlock::successor):
2254         (JSC::B3::Air::BasicBlock::successors):
2255         (JSC::B3::Air::BasicBlock::successorBlock):
2256         (JSC::B3::Air::BasicBlock::successorBlocks):
2257         (JSC::B3::Air::BasicBlock::numPredecessors):
2258         (JSC::B3::Air::BasicBlock::predecessor):
2259         (JSC::B3::Air::BasicBlock::predecessors):
2260         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
2261         (JSC::B3::Air::DeepBasicBlockDump::dump):
2262         (JSC::B3::Air::deepDump):
2263         * b3/air/AirCCallSpecial.cpp: Added.
2264         (JSC::B3::Air::CCallSpecial::CCallSpecial):
2265         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
2266         (JSC::B3::Air::CCallSpecial::forEachArg):
2267         (JSC::B3::Air::CCallSpecial::isValid):
2268         (JSC::B3::Air::CCallSpecial::admitsStack):
2269         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
2270         (JSC::B3::Air::CCallSpecial::generate):
2271         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2272         (JSC::B3::Air::CCallSpecial::dumpImpl):
2273         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
2274         * b3/air/AirCCallSpecial.h: Added.
2275         * b3/air/AirCode.cpp: Added.
2276         (JSC::B3::Air::Code::Code):
2277         (JSC::B3::Air::Code::~Code):
2278         (JSC::B3::Air::Code::addBlock):
2279         (JSC::B3::Air::Code::addStackSlot):
2280         (JSC::B3::Air::Code::addSpecial):
2281         (JSC::B3::Air::Code::cCallSpecial):
2282         (JSC::B3::Air::Code::resetReachability):
2283         (JSC::B3::Air::Code::dump):
2284         (JSC::B3::Air::Code::findFirstBlockIndex):
2285         (JSC::B3::Air::Code::findNextBlockIndex):
2286         (JSC::B3::Air::Code::findNextBlock):
2287         * b3/air/AirCode.h: Added.
2288         (JSC::B3::Air::Code::newTmp):
2289         (JSC::B3::Air::Code::numTmps):
2290         (JSC::B3::Air::Code::callArgAreaSize):
2291         (JSC::B3::Air::Code::requestCallArgAreaSize):
2292         (JSC::B3::Air::Code::frameSize):
2293         (JSC::B3::Air::Code::setFrameSize):
2294         (JSC::B3::Air::Code::calleeSaveRegisters):
2295         (JSC::B3::Air::Code::size):
2296         (JSC::B3::Air::Code::at):
2297         (JSC::B3::Air::Code::operator[]):
2298         (JSC::B3::Air::Code::iterator::iterator):
2299         (JSC::B3::Air::Code::iterator::operator*):
2300         (JSC::B3::Air::Code::iterator::operator++):
2301         (JSC::B3::Air::Code::iterator::operator==):
2302         (JSC::B3::Air::Code::iterator::operator!=):
2303         (JSC::B3::Air::Code::begin):
2304         (JSC::B3::Air::Code::end):
2305         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
2306         (JSC::B3::Air::Code::StackSlotsCollection::size):
2307         (JSC::B3::Air::Code::StackSlotsCollection::at):
2308         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
2309         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
2310         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
2311         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
2312         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
2313         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
2314         (JSC::B3::Air::Code::StackSlotsCollection::begin):
2315         (JSC::B3::Air::Code::StackSlotsCollection::end):
2316         (JSC::B3::Air::Code::stackSlots):
2317         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
2318         (JSC::B3::Air::Code::SpecialsCollection::size):
2319         (JSC::B3::Air::Code::SpecialsCollection::at):
2320         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
2321         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
2322         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
2323         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
2324         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
2325         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
2326         (JSC::B3::Air::Code::SpecialsCollection::begin):
2327         (JSC::B3::Air::Code::SpecialsCollection::end):
2328         (JSC::B3::Air::Code::specials):
2329         (JSC::B3::Air::Code::setLastPhaseName):
2330         (JSC::B3::Air::Code::lastPhaseName):
2331         * b3/air/AirFrequentedBlock.h: Added.
2332         * b3/air/AirGenerate.cpp: Added.
2333         (JSC::B3::Air::generate):
2334         * b3/air/AirGenerate.h: Added.
2335         * b3/air/AirGenerated.cpp: Added.
2336         * b3/air/AirGenerationContext.h: Added.
2337         * b3/air/AirHandleCalleeSaves.cpp: Added.
2338         (JSC::B3::Air::handleCalleeSaves):
2339         * b3/air/AirHandleCalleeSaves.h: Added.
2340         * b3/air/AirInsertionSet.cpp: Added.
2341         (JSC::B3::Air::InsertionSet::execute):
2342         * b3/air/AirInsertionSet.h: Added.
2343         (JSC::B3::Air::InsertionSet::InsertionSet):
2344         (JSC::B3::Air::InsertionSet::code):
2345         (JSC::B3::Air::InsertionSet::appendInsertion):
2346         (JSC::B3::Air::InsertionSet::insertInst):
2347         (JSC::B3::Air::InsertionSet::insert):
2348         * b3/air/AirInst.cpp: Added.
2349         (JSC::B3::Air::Inst::dump):
2350         * b3/air/AirInst.h: Added.
2351         (JSC::B3::Air::Inst::Inst):
2352         (JSC::B3::Air::Inst::opcode):
2353         (JSC::B3::Air::Inst::forEachTmpFast):
2354         (JSC::B3::Air::Inst::forEachTmp):
2355         * b3/air/AirInstInlines.h: Added.
2356         (JSC::B3::Air::ForEach<Tmp>::forEach):
2357         (JSC::B3::Air::ForEach<Arg>::forEach):
2358         (JSC::B3::Air::Inst::forEach):
2359         (JSC::B3::Air::Inst::hasSpecial):
2360         (JSC::B3::Air::Inst::extraClobberedRegs):
2361         (JSC::B3::Air::Inst::reportUsedRegisters):
2362         (JSC::B3::Air::isShiftValid):
2363         (JSC::B3::Air::isLshift32Valid):
2364         * b3/air/AirLiveness.h: Added.
2365         (JSC::B3::Air::Liveness::Liveness):
2366         (JSC::B3::Air::Liveness::liveAtHead):
2367         (JSC::B3::Air::Liveness::liveAtTail):
2368         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2369         (JSC::B3::Air::Liveness::LocalCalc::live):
2370         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
2371         (JSC::B3::Air::Liveness::LocalCalc::execute):
2372         * b3/air/AirOpcode.opcodes: Added.
2373         * b3/air/AirPhaseScope.cpp: Added.
2374         (JSC::B3::Air::PhaseScope::PhaseScope):
2375         (JSC::B3::Air::PhaseScope::~PhaseScope):
2376         * b3/air/AirPhaseScope.h: Added.
2377         * b3/air/AirRegisterPriority.cpp: Added.
2378         (JSC::B3::Air::gprsInPriorityOrder):
2379         (JSC::B3::Air::fprsInPriorityOrder):
2380         (JSC::B3::Air::regsInPriorityOrder):
2381         * b3/air/AirRegisterPriority.h: Added.
2382         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
2383         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
2384         (JSC::B3::Air::regsInPriorityOrder):
2385         * b3/air/AirSpecial.cpp: Added.
2386         (JSC::B3::Air::Special::Special):
2387         (JSC::B3::Air::Special::~Special):
2388         (JSC::B3::Air::Special::name):
2389         (JSC::B3::Air::Special::dump):
2390         (JSC::B3::Air::Special::deepDump):
2391         * b3/air/AirSpecial.h: Added.
2392         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
2393         (JSC::B3::Air::DeepSpecialDump::dump):
2394         (JSC::B3::Air::deepDump):
2395         * b3/air/AirSpillEverything.cpp: Added.
2396         (JSC::B3::Air::spillEverything):
2397         * b3/air/AirSpillEverything.h: Added.
2398         * b3/air/AirStackSlot.cpp: Added.
2399         (JSC::B3::Air::StackSlot::setOffsetFromFP):
2400         (JSC::B3::Air::StackSlot::dump):
2401         (JSC::B3::Air::StackSlot::deepDump):
2402         (JSC::B3::Air::StackSlot::StackSlot):
2403         * b3/air/AirStackSlot.h: Added.
2404         (JSC::B3::Air::StackSlot::byteSize):
2405         (JSC::B3::Air::StackSlot::kind):
2406         (JSC::B3::Air::StackSlot::index):
2407         (JSC::B3::Air::StackSlot::alignment):
2408         (JSC::B3::Air::StackSlot::value):
2409         (JSC::B3::Air::StackSlot::offsetFromFP):
2410         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
2411         (JSC::B3::Air::DeepStackSlotDump::dump):
2412         (JSC::B3::Air::deepDump):
2413         * b3/air/AirTmp.cpp: Added.
2414         (JSC::B3::Air::Tmp::dump):
2415         * b3/air/AirTmp.h: Added.
2416         (JSC::B3::Air::Tmp::Tmp):
2417         (JSC::B3::Air::Tmp::gpTmpForIndex):
2418         (JSC::B3::Air::Tmp::fpTmpForIndex):
2419         (JSC::B3::Air::Tmp::operator bool):
2420         (JSC::B3::Air::Tmp::isGP):
2421         (JSC::B3::Air::Tmp::isFP):
2422         (JSC::B3::Air::Tmp::isGPR):
2423         (JSC::B3::Air::Tmp::isFPR):
2424         (JSC::B3::Air::Tmp::isReg):
2425         (JSC::B3::Air::Tmp::gpr):
2426         (JSC::B3::Air::Tmp::fpr):
2427         (JSC::B3::Air::Tmp::reg):
2428         (JSC::B3::Air::Tmp::hasTmpIndex):
2429         (JSC::B3::Air::Tmp::gpTmpIndex):
2430         (JSC::B3::Air::Tmp::fpTmpIndex):
2431         (JSC::B3::Air::Tmp::tmpIndex):
2432         (JSC::B3::Air::Tmp::isAlive):
2433         (JSC::B3::Air::Tmp::operator==):
2434         (JSC::B3::Air::Tmp::operator!=):
2435         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
2436         (JSC::B3::Air::Tmp::hash):
2437         (JSC::B3::Air::Tmp::encodeGP):
2438         (JSC::B3::Air::Tmp::encodeFP):
2439         (JSC::B3::Air::Tmp::encodeGPR):
2440         (JSC::B3::Air::Tmp::encodeFPR):
2441         (JSC::B3::Air::Tmp::encodeGPTmp):
2442         (JSC::B3::Air::Tmp::encodeFPTmp):
2443         (JSC::B3::Air::Tmp::isEncodedGP):
2444         (JSC::B3::Air::Tmp::isEncodedFP):
2445         (JSC::B3::Air::Tmp::isEncodedGPR):
2446         (JSC::B3::Air::Tmp::isEncodedFPR):
2447         (JSC::B3::Air::Tmp::isEncodedGPTmp):
2448         (JSC::B3::Air::Tmp::isEncodedFPTmp):
2449         (JSC::B3::Air::Tmp::decodeGPR):
2450         (JSC::B3::Air::Tmp::decodeFPR):
2451         (JSC::B3::Air::Tmp::decodeGPTmp):
2452         (JSC::B3::Air::Tmp::decodeFPTmp):
2453         (JSC::B3::Air::TmpHash::hash):
2454         (JSC::B3::Air::TmpHash::equal):
2455         * b3/air/AirTmpInlines.h: Added.
2456         (JSC::B3::Air::Tmp::Tmp):
2457         * b3/air/AirValidate.cpp: Added.
2458         (JSC::B3::Air::validate):
2459         * b3/air/AirValidate.h: Added.
2460         * b3/air/opcode_generator.rb: Added.
2461         * b3/generate_pattern_matcher.rb: Added.
2462         * b3/testb3.cpp: Added.
2463         (JSC::B3::compileAndRun):
2464         (JSC::B3::test42):
2465         (JSC::B3::testLoad42):
2466         (JSC::B3::testArg):
2467         (JSC::B3::testAddArgs):
2468         (JSC::B3::testAddArgs32):
2469         (JSC::B3::testStore):
2470         (JSC::B3::testTrunc):
2471         (JSC::B3::testAdd1):
2472         (JSC::B3::testStoreAddLoad):
2473         (JSC::B3::testStoreAddAndLoad):
2474         (JSC::B3::testAdd1Uncommuted):
2475         (JSC::B3::testLoadOffset):
2476         (JSC::B3::testLoadOffsetNotConstant):
2477         (JSC::B3::testLoadOffsetUsingAdd):
2478         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2479         (JSC::B3::run):
2480         (run):
2481         (main):
2482         * bytecode/CodeBlock.h:
2483         (JSC::CodeBlock::specializationKind):
2484         * jit/Reg.h:
2485         (JSC::Reg::index):
2486         (JSC::Reg::isSet):
2487         (JSC::Reg::operator bool):
2488         (JSC::Reg::isHashTableDeletedValue):
2489         (JSC::Reg::AllRegsIterable::iterator::iterator):
2490         (JSC::Reg::AllRegsIterable::iterator::operator*):
2491         (JSC::Reg::AllRegsIterable::iterator::operator++):
2492         (JSC::Reg::AllRegsIterable::iterator::operator==):
2493         (JSC::Reg::AllRegsIterable::iterator::operator!=):
2494         (JSC::Reg::AllRegsIterable::begin):
2495         (JSC::Reg::AllRegsIterable::end):
2496         (JSC::Reg::all):
2497         (JSC::Reg::invalid):
2498         (JSC::Reg::operator!): Deleted.
2499         * jit/RegisterAtOffsetList.cpp:
2500         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
2501         * jit/RegisterAtOffsetList.h:
2502         (JSC::RegisterAtOffsetList::clear):
2503         (JSC::RegisterAtOffsetList::size):
2504         (JSC::RegisterAtOffsetList::begin):
2505         (JSC::RegisterAtOffsetList::end):
2506         * jit/RegisterSet.h:
2507         (JSC::RegisterSet::operator==):
2508         (JSC::RegisterSet::hash):
2509         (JSC::RegisterSet::forEach):
2510         (JSC::RegisterSet::setAny):
2511
2512 2015-10-28  Mark Lam  <mark.lam@apple.com>
2513
2514         Rename MacroAssembler::callProbe() to probe().
2515         https://bugs.webkit.org/show_bug.cgi?id=150641
2516
2517         Reviewed by Saam Barati.
2518
2519         To do this, I needed to disambiguate between the low-level probe() from the
2520         high-level version that takes a std::function.  I did this by changing the low-
2521         level version to not take default args anymore.
2522
2523         * assembler/AbstractMacroAssembler.h:
2524         * assembler/MacroAssembler.cpp:
2525         (JSC::stdFunctionCallback):
2526         (JSC::MacroAssembler::probe):
2527         (JSC::MacroAssembler::callProbe): Deleted.
2528         * assembler/MacroAssembler.h:
2529         (JSC::MacroAssembler::urshift32):
2530         * assembler/MacroAssemblerARM.h:
2531         (JSC::MacroAssemblerARM::repatchCall):
2532         * assembler/MacroAssemblerARM64.h:
2533         (JSC::MacroAssemblerARM64::repatchCall):
2534         * assembler/MacroAssemblerARMv7.h:
2535         (JSC::MacroAssemblerARMv7::repatchCall):
2536         * assembler/MacroAssemblerPrinter.h:
2537         (JSC::MacroAssemblerPrinter::print):
2538         * assembler/MacroAssemblerX86Common.h:
2539         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
2540
2541 2015-10-28  Timothy Hatcher  <timothy@apple.com>
2542
2543         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
2544         https://bugs.webkit.org/show_bug.cgi?id=148728
2545
2546         Reviewed by Joseph Pecoraro.
2547
2548         * Scripts/jsmin.py:
2549         (JavascriptMinify.minify): Make backtick a quoting character.
2550
2551 2015-10-28  Brian Burg  <bburg@apple.com>
2552
2553         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
2554         https://bugs.webkit.org/show_bug.cgi?id=150536
2555
2556         Reviewed by Yusuke Suzuki.
2557
2558         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
2559         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
2560
2561         Generate primary header includes separately from secondary header includes so we can
2562         put the guard between the two header groups, as is customary in WebKit C++ code.
2563
2564         New tests:
2565
2566         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
2567         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
2568         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
2569
2570         * Scripts/builtins/builtins_generate_combined_implementation.py:
2571         (BuiltinsCombinedImplementationGenerator.generate_output):
2572         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
2573         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
2574         * Scripts/builtins/builtins_generate_separate_header.py:
2575         (BuiltinsSeparateHeaderGenerator.generate_output):
2576         (generate_secondary_header_includes):
2577         (generate_header_includes): Deleted.
2578         * Scripts/builtins/builtins_generate_separate_implementation.py:
2579         (BuiltinsSeparateImplementationGenerator.generate_output):
2580         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
2581         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
2582         * Scripts/builtins/builtins_generate_separate_wrapper.py:
2583         (BuiltinsSeparateWrapperGenerator.generate_output):
2584         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
2585         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
2586         * Scripts/builtins/builtins_generator.py:
2587         (BuiltinsGenerator.generate_includes_from_entries):
2588         (BuiltinsGenerator):
2589         (BuiltinsGenerator.generate_primary_header_includes):
2590         * Scripts/builtins/builtins_model.py:
2591         (BuiltinObject.__init__):
2592         (BuiltinsCollection.parse_builtins_file):
2593         (BuiltinsCollection._parse_annotations):
2594         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
2595         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
2596         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
2597         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
2598         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
2599         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
2600         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
2601         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
2602         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
2603         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2604         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2605         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2606         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2607
2608 2015-10-28  Mark Lam  <mark.lam@apple.com>
2609
2610         Update FTL to support UntypedUse operands for op_sub.
2611         https://bugs.webkit.org/show_bug.cgi?id=150562
2612
2613         Reviewed by Geoffrey Garen.
2614
2615         * assembler/MacroAssemblerARM64.h:
2616         - make the dataTempRegister and memoryTempRegister public so that we can
2617           move input registers out of them if needed.
2618
2619         * ftl/FTLCapabilities.cpp:
2620         (JSC::FTL::canCompile):
2621         - We can now compile ArithSub.
2622
2623         * ftl/FTLCompile.cpp:
2624         - Added BinaryArithGenerationContext to shuffle registers into a state that is
2625           expected by the baseline snippet generator.  This includes:
2626           1. Making sure that the input and output registers are not in the tag or
2627              scratch registers.
2628           2. Loading the tag registers with expected values.
2629           3. Restoring the registers to their original value on return.
2630         - Added code to implement the ArithSub inline cache.
2631
2632         * ftl/FTLInlineCacheDescriptor.h:
2633         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
2634         (JSC::FTL::ArithSubDescriptor::leftType):
2635         (JSC::FTL::ArithSubDescriptor::rightType):
2636
2637         * ftl/FTLInlineCacheSize.cpp:
2638         (JSC::FTL::sizeOfArithSub):
2639         * ftl/FTLInlineCacheSize.h:
2640
2641         * ftl/FTLLowerDFGToLLVM.cpp:
2642         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
2643         - Added handling for UnusedType for the ArithSub case.
2644
2645         * ftl/FTLState.h:
2646         * jit/GPRInfo.h:
2647         (JSC::GPRInfo::reservedRegisters):
2648
2649         * jit/JITSubGenerator.h:
2650         (JSC::JITSubGenerator::generateFastPath):
2651         - When the result is in the same as one of the input registers, we'll end up
2652           corrupting the input in fast path even if we determine that we need to go to
2653           the slow path.  We now move the input into the scratch register and operate
2654           on that instead and only move the result into the result register only after
2655           the fast path has succeeded.
2656
2657         * tests/stress/op_sub.js:
2658         (o1.valueOf):
2659         (runTest):
2660         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
2661
2662 2015-10-28  Mark Lam  <mark.lam@apple.com>
2663
2664         Fix a typo in ProbeContext::fpr().
2665         https://bugs.webkit.org/show_bug.cgi?id=150629
2666
2667         Reviewed by Yusuke Suzuki.
2668
2669         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
2670
2671         * assembler/AbstractMacroAssembler.h:
2672         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
2673
2674 2015-10-28  Mark Lam  <mark.lam@apple.com>
2675
2676         Add ability to print the PC register from JIT'ed code.
2677         https://bugs.webkit.org/show_bug.cgi?id=150561
2678
2679         Reviewed by Geoffrey Garen.
2680
2681         * assembler/MacroAssemblerPrinter.cpp:
2682         (JSC::printPC):
2683         (JSC::MacroAssemblerPrinter::printCallback):
2684         * assembler/MacroAssemblerPrinter.h:
2685         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
2686
2687 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2688
2689         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
2690         https://bugs.webkit.org/show_bug.cgi?id=150615
2691
2692         Reviewed by Timothy Hatcher.
2693
2694         * inspector/protocol/Timeline.json:
2695
2696 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2697
2698         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
2699         https://bugs.webkit.org/show_bug.cgi?id=150605
2700
2701         Reviewed by Timothy Hatcher.
2702
2703         * inspector/protocol/Timeline.json:
2704
2705 2015-10-27  Michael Saboff  <msaboff@apple.com>
2706
2707         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
2708         https://bugs.webkit.org/show_bug.cgi?id=150580
2709
2710         Reviewed by Mark Lam.
2711
2712         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
2713         them in the shuffler.
2714
2715         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
2716         as we could be making space to spill a register so that we have a spare that we can use for the new
2717         frame's base pointer.
2718
2719         * ftl/FTLJSTailCall.cpp:
2720         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
2721         arguments stored in the stack.
2722         * ftl/FTLLowerDFGToLLVM.cpp:
2723         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
2724         * jit/CallFrameShuffler.cpp:
2725         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
2726
2727 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2728
2729         [ES6] Add DFG/FTL support for accessor put operations
2730         https://bugs.webkit.org/show_bug.cgi?id=148860
2731
2732         Reviewed by Geoffrey Garen.
2733
2734         This patch introduces accessor defining ops into DFG and FTL.
2735         The following DFG nodes are introduced.
2736
2737             op_put_getter_by_id  => PutGetterById
2738             op_put_setter_by_id  => PutSetterById
2739             op_put_getter_setter => PutGetterSetterById
2740             op_put_getter_by_val => PutGetterByVal
2741             op_put_setter_by_val => PutSetterByVal
2742
2743         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
2744
2745         To use operations defined for baseline JIT, we clean up existing operations.
2746         And reuse these operations in DFG and FTL.
2747
2748         * dfg/DFGAbstractInterpreterInlines.h:
2749         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2750         * dfg/DFGByteCodeParser.cpp:
2751         (JSC::DFG::ByteCodeParser::parseBlock):
2752         * dfg/DFGCapabilities.cpp:
2753         (JSC::DFG::capabilityLevel):
2754         * dfg/DFGClobberize.h:
2755         (JSC::DFG::clobberize):
2756         * dfg/DFGDoesGC.cpp:
2757         (JSC::DFG::doesGC):
2758         * dfg/DFGFixupPhase.cpp:
2759         (JSC::DFG::FixupPhase::fixupNode):
2760         * dfg/DFGNode.h:
2761         (JSC::DFG::Node::hasIdentifier):
2762         (JSC::DFG::Node::hasAccessorAttributes):
2763         (JSC::DFG::Node::accessorAttributes):
2764         * dfg/DFGNodeType.h:
2765         * dfg/DFGPredictionPropagationPhase.cpp:
2766         (JSC::DFG::PredictionPropagationPhase::propagate):
2767         * dfg/DFGSafeToExecute.h:
2768         (JSC::DFG::safeToExecute):
2769         * dfg/DFGSpeculativeJIT.cpp:
2770         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
2771         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
2772         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
2773         We should fill all GPRs before calling flushRegisters().
2774         * dfg/DFGSpeculativeJIT.h:
2775         (JSC::DFG::SpeculativeJIT::callOperation):
2776         * dfg/DFGSpeculativeJIT32_64.cpp:
2777         (JSC::DFG::SpeculativeJIT::compile):
2778         * dfg/DFGSpeculativeJIT64.cpp:
2779         (JSC::DFG::SpeculativeJIT::compile):
2780         * ftl/FTLCapabilities.cpp:
2781         (JSC::FTL::canCompile):
2782         * ftl/FTLIntrinsicRepository.h:
2783         * ftl/FTLLowerDFGToLLVM.cpp:
2784         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2785         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
2786         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
2787         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
2788         * jit/JIT.h:
2789         * jit/JITInlines.h:
2790         (JSC::JIT::callOperation):
2791         * jit/JITOperations.cpp:
2792         * jit/JITOperations.h:
2793         * jit/JITPropertyAccess.cpp:
2794         (JSC::JIT::emit_op_put_getter_by_id):
2795         (JSC::JIT::emit_op_put_setter_by_id):
2796         (JSC::JIT::emit_op_put_getter_setter):
2797         * jit/JITPropertyAccess32_64.cpp:
2798         (JSC::JIT::emit_op_put_getter_by_id):
2799         (JSC::JIT::emit_op_put_setter_by_id):
2800         (JSC::JIT::emit_op_put_getter_setter):
2801         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
2802         (shouldBe):
2803         (testAttribute):
2804         (getter.Cocoa.prototype.get hello):
2805         (getter.Cocoa):
2806         (getter):
2807         (setter.Cocoa):
2808         (setter.Cocoa.prototype.set hello):
2809         (setter):
2810         (accessors.Cocoa):
2811         (accessors.Cocoa.prototype.get hello):
2812         (accessors.Cocoa.prototype.set hello):
2813         (accessors):
2814         * tests/stress/dfg-put-accessors-by-id.js: Added.
2815         (shouldBe):
2816         (testAttribute):
2817         (getter.object.get hello):
2818         (getter):
2819         (setter.object.set hello):
2820         (setter):
2821         (accessors.object.get hello):
2822         (accessors.object.set hello):
2823         (accessors):
2824         * tests/stress/dfg-put-getter-by-id-class.js: Added.
2825         (shouldBe):
2826         (testAttribute):
2827         (getter.Cocoa):
2828         (getter.Cocoa.prototype.get hello):
2829         (getter.Cocoa.prototype.get name):
2830         (getter):
2831         * tests/stress/dfg-put-getter-by-id.js: Added.
2832         (shouldBe):
2833         (testAttribute):
2834         (getter.object.get hello):
2835         (getter):
2836         * tests/stress/dfg-put-getter-by-val-class.js: Added.
2837         (shouldBe):
2838         (testAttribute):
2839         (getter.Cocoa):
2840         (getter.Cocoa.prototype.get name):
2841         (getter):
2842         * tests/stress/dfg-put-getter-by-val.js: Added.
2843         (shouldBe):
2844         (testAttribute):
2845         (getter.object.get name):
2846         (getter):
2847         * tests/stress/dfg-put-setter-by-id-class.js: Added.
2848         (shouldBe):
2849         (testAttribute):
2850         (getter.Cocoa):
2851         (getter.Cocoa.prototype.set hello):
2852         (getter.Cocoa.prototype.get name):
2853         (getter):
2854         * tests/stress/dfg-put-setter-by-id.js: Added.
2855         (shouldBe):
2856         (testAttribute):
2857         (setter.object.set hello):
2858         (setter):
2859         * tests/stress/dfg-put-setter-by-val-class.js: Added.
2860         (shouldBe):
2861         (testAttribute):
2862         (setter.Cocoa):
2863         (setter.Cocoa.prototype.set name):
2864         (setter):
2865         * tests/stress/dfg-put-setter-by-val.js: Added.
2866         (shouldBe):
2867         (testAttribute):
2868         (setter.object.set name):
2869         (setter):
2870
2871 2015-10-26  Mark Lam  <mark.lam@apple.com>
2872
2873         Add logging to warn about under-estimated FTL inline cache sizes.
2874         https://bugs.webkit.org/show_bug.cgi?id=150570
2875
2876         Reviewed by Geoffrey Garen.
2877
2878         Added 2 options:
2879         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
2880            estimates that are less than the actual needed code size.
2881
2882            This option is useful for when we add a new IC and want to compute an
2883            estimated size for the IC.  To do this:
2884            1. Build jsc for the target port with a very small IC size (enough to
2885               store the jump instruction needed for the out of line fallback
2886               implementation).
2887            2. Implement a test suite with scenarios that exercise all the code paths in
2888               the IC generator.
2889            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.
2890            4. The max value reported by the dumps will be the worst case size needed to
2891               store the IC.  We should use this value for our estimate.
2892            5. Update the IC's estimated size and rebuild jsc.
2893            6. Re-run (3) and confirm that there are no more error messages about the
2894               IC sizing.
2895
2896         2. JSC_assertICSizing - same as JSC_dumpFailedICSizing except that it also
2897            crashes the VM each time it encounters an inadequate IC size estimate.
2898
2899            This option is useful for regression testing to ensure that our estimates
2900            do not regress.
2901
2902         * ftl/FTLCompile.cpp:
2903         (JSC::FTL::generateInlineIfPossibleOutOfLineIfNot):
2904         * runtime/Options.h:
2905
2906 2015-10-26  Saam barati  <sbarati@apple.com>
2907
2908         r190735 Caused us to maybe trample the base's tag-GPR on 32-bit inline cache when the cache allocates a scratch register and then jumps to the slow path
2909         https://bugs.webkit.org/show_bug.cgi?id=150532
2910
2911         Reviewed by Geoffrey Garen.
2912
2913         The base's tag register used to show up in the used register set
2914         before r190735 because of how the DFG kept track of used register. I changed this 
2915         in my work on inline caching because we don't want to spill these registers
2916         when we have a GetByIdFlush/PutByIdFlush and we use the used register set
2917         as the metric of what to spill. That said, these registers should be locked
2918         and not used as scratch registers by the scratch register allocator. The
2919         reason is that our inline cache may fail and jump to the slow path. The slow
2920         path then uses the base's tag register. If the inline cache used the base's tag
2921         register as a scratch and the inline cache fails and jumps to the slow path, we
2922         have a problem because the tag may now be trampled.
2923
2924         Note that this doesn't mean that we can't trample the base's tag register when making
2925         a call. We can totally trample the register as long as the inline cache succeeds in a GetByIdFlush/PutByIdFlush.
2926         The problem is only when we trample it and then jump to the slow path.
2927
2928         This patch fixes this bug by making StructureStubInfo keep track of the base's
2929         tag GPR. PolymorphicAccess then locks this register when using the ScratchRegisterAllocator.
2930
2931         * bytecode/PolymorphicAccess.cpp:
2932         (JSC::AccessCase::generate):
2933         (JSC::PolymorphicAccess::regenerate):
2934         * bytecode/StructureStubInfo.h:
2935         * dfg/DFGSpeculativeJIT.cpp:
2936         (JSC::DFG::SpeculativeJIT::compileIn):
2937         * jit/JITInlineCacheGenerator.cpp:
2938         (JSC::JITByIdGenerator::JITByIdGenerator):
2939         * tests/stress/regress-150532.js: Added.
2940         (assert):
2941         (randomFunction):
2942         (foo):
2943         (i.switch):
2944
2945 2015-10-24  Brian Burg  <bburg@apple.com>
2946
2947         Teach create_hash_table to omit builtins macros when generating tables for native-only objects
2948         https://bugs.webkit.org/show_bug.cgi?id=150491
2949
2950         Reviewed by Yusuke Suzuki.
2951
2952         In order to support separate compilation for generated builtins files, we need to be able to
2953         include specific builtins headers from generated .lut.h files. However, the create_hash_table
2954         script isn't smart enough to figure out when a generated file might actually contain a builtin.
2955         Without further help, we'd have to include an all-in-one header, mostly defeating the point of
2956         generating separate .h and .cpp files for every builtin.
2957
2958         This patch segregates the pure native and partially builtin sources in the build system, and
2959         gives hints to create_hash_table so that it doesn't even generate checks for builtins if the
2960         input file has no builtin method implementations. Also do some modernization and code cleanup.
2961
2962         * CMakeLists.txt:
2963
2964         Generate each group with different flags to create_hash_table. Change the macro to take
2965         flags through the variable LUT_GENERATOR_FLAGS. Set this as necessary before calling macro.
2966         Add an additional hint to CMake that the .cpp source file depends on the generated file.
2967
2968         * DerivedSources.make:
2969
2970         Generate each group with different flags to create_hash_table. Clean up the 'all' target
2971         so that static dependencies are listed first. Use static patterns to decide which .lut.h
2972         files require which flags. Reduce fragile usages of implicit variables.
2973
2974         * JavaScriptCore.xcodeproj/project.pbxproj:
2975
2976         Add some missing .lut.h files to the Derived Sources group. Sort the project.
2977
2978         * create_hash_table:
2979
2980         Parse options in a sane way using GetOpt::Long. Remove ability to specify a custom namespace
2981         since this isn't actually used anywhere. Normalize placement of newlines in quoted strings.
2982         Only generate builtins macros and includes if the source file is known to have some builtins.
2983
2984 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
2985
2986         Web Inspector: Remove unused ScrollLayer Timeline EventType
2987         https://bugs.webkit.org/show_bug.cgi?id=150518
2988
2989         Reviewed by Timothy Hatcher.
2990
2991         * inspector/protocol/Timeline.json:
2992
2993 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
2994
2995         Web Inspector: Clean up InspectorInstrumentation includes
2996         https://bugs.webkit.org/show_bug.cgi?id=150523
2997
2998         Reviewed by Timothy Hatcher.
2999
3000         * inspector/agents/InspectorConsoleAgent.cpp:
3001         (Inspector::InspectorConsoleAgent::consoleMessageArgumentCounts): Deleted.
3002         * inspector/agents/InspectorConsoleAgent.h:
3003
3004 2015-10-23  Michael Saboff  <msaboff@apple.com>
3005
3006         REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584
3007         https://bugs.webkit.org/show_bug.cgi?id=150513
3008
3009         Reviewed by Saam Barati.
3010
3011         Add check in linkPolymorphicCall() to make sure we have a CodeBlock for the newly added variant.
3012         If not, we turn the call into a virtual call.
3013
3014         The bug was caused by a stack overflow when preparing the function for execution.  This properly
3015         threw an exception, however linkPolymorphicCall() didn't check for this error case.
3016
3017         Added a new test function "failNextNewCodeBlock()" to test tools to simplify the testing.
3018
3019         * API/JSCTestRunnerUtils.cpp:
3020         (JSC::failNextNewCodeBlock):
3021         (JSC::numberOfDFGCompiles):
3022         * API/JSCTestRunnerUtils.h:
3023         * jit/Repatch.cpp:
3024         (JSC::linkPolymorphicCall):
3025         * jsc.cpp:
3026         (GlobalObject::finishCreation):
3027         (functionTransferArrayBuffer):
3028         (functionFailNextNewCodeBlock):
3029         (functionQuit):
3030         * runtime/Executable.cpp:
3031         (JSC::ScriptExecutable::prepareForExecutionImpl):
3032         * runtime/TestRunnerUtils.cpp:
3033         (JSC::optimizeNextInvocation):
3034         (JSC::failNextNewCodeBlock):
3035         (JSC::numberOfDFGCompiles):
3036         * runtime/TestRunnerUtils.h:
3037         * runtime/VM.h:
3038         (JSC::VM::setFailNextNewCodeBlock):
3039         (JSC::VM::getAndClearFailNextNewCodeBlock):
3040         (JSC::VM::stackPointerAtVMEntry):
3041
3042 2015-10-23  Commit Queue  <commit-queue@webkit.org>
3043
3044         Unreviewed, rolling out r191500.
3045         https://bugs.webkit.org/show_bug.cgi?id=150526
3046
3047         Broke two JSC regression tests (Requested by msaboff on
3048         #webkit).
3049
3050         Reverted changeset:
3051
3052         "[ES6] Add DFG/FTL support for accessor put operations"
3053         https://bugs.webkit.org/show_bug.cgi?id=148860
3054         http://trac.webkit.org/changeset/191500
3055
3056 2015-10-23  Yusuke Suzuki  <utatane.tea@gmail.com>
3057
3058         [ES6] Add DFG/FTL support for accessor put operations
3059         https://bugs.webkit.org/show_bug.cgi?id=148860
3060
3061         Reviewed by Geoffrey Garen.
3062
3063         This patch introduces accessor defining ops into DFG and FTL.
3064         The following DFG nodes are introduced.
3065
3066             op_put_getter_by_id  => PutGetterById
3067             op_put_setter_by_id  => PutSetterById
3068             op_put_getter_setter => PutGetterSetterById
3069             op_put_getter_by_val => PutGetterByVal
3070             op_put_setter_by_val => PutSetterByVal
3071
3072         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3073
3074         To use operations defined for baseline JIT, we clean up existing operations.
3075         And reuse these operations in DFG and FTL.
3076
3077         * dfg/DFGAbstractInterpreterInlines.h:
3078         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3079         * dfg/DFGByteCodeParser.cpp:
3080         (JSC::DFG::ByteCodeParser::parseBlock):
3081         * dfg/DFGCapabilities.cpp:
3082         (JSC::DFG::capabilityLevel):
3083         * dfg/DFGClobberize.h:
3084         (JSC::DFG::clobberize):
3085         * dfg/DFGDoesGC.cpp:
3086         (JSC::DFG::doesGC):
3087         * dfg/DFGFixupPhase.cpp:
3088         (JSC::DFG::FixupPhase::fixupNode):
3089         * dfg/DFGNode.h:
3090         (JSC::DFG::Node::hasIdentifier):
3091         (JSC::DFG::Node::hasAccessorAttributes):
3092         (JSC::DFG::Node::accessorAttributes):
3093         * dfg/DFGNodeType.h:
3094         * dfg/DFGPredictionPropagationPhase.cpp:
3095         (JSC::DFG::PredictionPropagationPhase::propagate):
3096         * dfg/DFGSafeToExecute.h:
3097         (JSC::DFG::safeToExecute):
3098         * dfg/DFGSpeculativeJIT.cpp:
3099         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3100         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3101         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3102         * dfg/DFGSpeculativeJIT.h:
3103         (JSC::DFG::SpeculativeJIT::callOperation):
3104         * dfg/DFGSpeculativeJIT32_64.cpp:
3105         (JSC::DFG::SpeculativeJIT::compile):
3106         * dfg/DFGSpeculativeJIT64.cpp:
3107         (JSC::DFG::SpeculativeJIT::compile):
3108         * ftl/FTLCapabilities.cpp:
3109         (JSC::FTL::canCompile):
3110         * ftl/FTLIntrinsicRepository.h:
3111         * ftl/FTLLowerDFGToLLVM.cpp:
3112         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3113         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3114         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3115         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3116         * jit/JIT.h:
3117         * jit/JITInlines.h:
3118         (JSC::JIT::callOperation):
3119         * jit/JITOperations.cpp:
3120         * jit/JITOperations.h:
3121         * jit/JITPropertyAccess.cpp:
3122         (JSC::JIT::emit_op_put_getter_by_id):
3123         (JSC::JIT::emit_op_put_setter_by_id):
3124         (JSC::JIT::emit_op_put_getter_setter):
3125         * jit/JITPropertyAccess32_64.cpp:
3126         (JSC::JIT::emit_op_put_getter_by_id):
3127         (JSC::JIT::emit_op_put_setter_by_id):
3128         (JSC::JIT::emit_op_put_getter_setter):
3129         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3130         (shouldBe):
3131         (testAttribute):
3132         (getter.Cocoa.prototype.get hello):
3133         (getter.Cocoa):
3134         (getter):
3135         (setter.Cocoa):
3136         (setter.Cocoa.prototype.set hello):
3137         (setter):
3138         (accessors.Cocoa):
3139         (accessors.Cocoa.prototype.get hello):
3140         (accessors.Cocoa.prototype.set hello):
3141         (accessors):
3142         * tests/stress/dfg-put-accessors-by-id.js: Added.
3143         (shouldBe):
3144         (testAttribute):
3145         (getter.object.get hello):
3146         (getter):
3147         (setter.object.set hello):
3148         (setter):
3149         (accessors.object.get hello):
3150         (accessors.object.set hello):
3151         (accessors):
3152         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3153         (shouldBe):
3154         (testAttribute):
3155         (getter.Cocoa):
3156         (getter.Cocoa.prototype.get hello):
3157         (getter.Cocoa.prototype.get name):
3158         (getter):
3159         * tests/stress/dfg-put-getter-by-id.js: Added.
3160         (shouldBe):
3161         (testAttribute):
3162         (getter.object.get hello):
3163         (getter):
3164         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3165         (shouldBe):
3166         (testAttribute):
3167         (getter.Cocoa):
3168         (getter.Cocoa.prototype.get name):
3169         (getter):
3170         * tests/stress/dfg-put-getter-by-val.js: Added.
3171         (shouldBe):
3172         (testAttribute):
3173         (getter.object.get name):
3174         (getter):
3175         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3176         (shouldBe):
3177         (testAttribute):
3178         (getter.Cocoa):
3179         (getter.Cocoa.prototype.set hello):
3180         (getter.Cocoa.prototype.get name):
3181         (getter):
3182         * tests/stress/dfg-put-setter-by-id.js: Added.
3183         (shouldBe):
3184         (testAttribute):
3185         (setter.object.set hello):
3186         (setter):
3187         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3188         (shouldBe):
3189         (testAttribute):
3190         (setter.Cocoa):
3191         (setter.Cocoa.prototype.set name):
3192         (setter):
3193         * tests/stress/dfg-put-setter-by-val.js: Added.
3194         (shouldBe):
3195         (testAttribute):
3196         (setter.object.set name):
3197         (setter):
3198
3199 2015-10-22  Joseph Pecoraro  <pecoraro@apple.com>
3200
3201         Web Inspector: Remove unused Timeline GCEvent Record type
3202         https://bugs.webkit.org/show_bug.cgi?id=150477
3203
3204         Reviewed by Timothy Hatcher.
3205
3206         Garbage Collection events go through the Heap domain, not the
3207         Timeline domain (long time ago for Chromium).
3208
3209         * inspector/protocol/Timeline.json:
3210
3211 2015-10-22  Michael Saboff  <msaboff@apple.com>
3212
3213         REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at JavaScriptCore:JSC::ExecState::bytecodeOffset + 174
3214         https://bugs.webkit.org/show_bug.cgi?id=150434
3215
3216         Reviewed by Mark Lam.
3217
3218         Pass the current frame instead of the caller frame to operationVMHandleException when processing an
3219         exception in one of the native thunks.
3220
3221         * jit/JITExceptions.cpp:
3222         (JSC::genericUnwind): Made debug printing of CodeBlock safe for call frames without one.
3223         * jit/JITOpcodes32_64.cpp:
3224         (JSC::JIT::privateCompileCTINativeCall):
3225         * jit/ThunkGenerators.cpp:
3226         (JSC::nativeForGenerator):
3227
3228 2015-10-21  Brian Burg  <bburg@apple.com>
3229
3230         Restructure generate-js-bindings script to be modular and testable
3231         https://bugs.webkit.org/show_bug.cgi?id=149929
3232
3233         Reviewed by Alex Christensen.
3234
3235         This is a new code generator, based on the replay inputs code generator and
3236         the inspector protocol code generator, which produces various files for JS
3237         builtins.
3238
3239         Relative to the generator it replaces, this one consolidates two scripts in
3240         JavaScriptCore and WebCore into a single script with multiple files. Parsed
3241         information about the builtins file is stored in backend-independent model
3242         objects. Each output file has its own code generator that uses the model to
3243         produce resulting code. Generators are additionally parameterized by the target
3244         framework (to choose correct macros and includes) and output mode (one
3245         header/implementation file per builtin or per framework).
3246
3247         It includes a few simple tests of the generator's functionality. These result-
3248         based tests will become increasingly more important as we start to add support
3249         for builtins annotation such as @optional, @internal, etc. to the code generator.
3250
3251         Some of these complexities, such as having two output modes, will be removed in
3252         subsequent patches. This patch is intended to exactly replace the existing
3253         functionality with a unified script that makes additional cleanups straightforward.
3254
3255         Additional cleanup and consolidation between inspector code generator scripts
3256         and this script will be pursued in followup patches.
3257
3258         New tests:
3259
3260         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js
3261         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js
3262         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js
3263         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js
3264         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js
3265         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js
3266         Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js
3267         Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js
3268         Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js
3269         Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js
3270
3271
3272         * CMakeLists.txt:
3273
3274             Copy the scripts that are used by other targets to a staging directory inside
3275             ${DERIVED_SOURCES_DIR}/ForwardingHeaders/JavaScriptCore/Scripts.
3276             Define JavaScriptCore_SCRIPTS_DIR to point here so that the add_custom_command
3277             and shared file lists are identical between JavaScriptCore and WebCore. The staged
3278             scripts are a dependency of the main JavaScriptCore target so that they are
3279             always staged, even if JavaScriptCore itself does not use a particular script.
3280
3281             The output files additionally depend on all builtin generator script files
3282             and input files that are combined into the single header/implementation file.
3283
3284         * DerivedSources.make:
3285
3286             Define JavaScriptCore_SCRIPTS_DIR explicitly so the rule for code generation and
3287             shared file lists are identical between JavaScriptCore and WebCore.
3288
3289             The output files additionally depend on all builtin generator script files
3290             and input files that are combined into the single header/implementation file.
3291
3292         * JavaScriptCore.xcodeproj/project.pbxproj:
3293
3294             Mark the new builtins generator files as private headers so we can use them from
3295             WebCore.
3296
3297         * Scripts/UpdateContents.py: Renamed from Source/JavaScriptCore/UpdateContents.py.
3298         * Scripts/builtins/__init__.py: Added.
3299         * Scripts/builtins/builtins.py: Added.
3300         * Scripts/builtins/builtins_generator.py: Added. This file contains the base generator.
3301         (WK_lcfirst):
3302         (WK_ucfirst):
3303         (BuiltinsGenerator):
3304         (BuiltinsGenerator.__init__):
3305         (BuiltinsGenerator.model):
3306         (BuiltinsGenerator.generate_license):
3307         (BuiltinsGenerator.generate_includes_from_entries):
3308         (BuiltinsGenerator.generate_output):
3309         (BuiltinsGenerator.output_filename):
3310         (BuiltinsGenerator.mangledNameForFunction):
3311         (BuiltinsGenerator.mangledNameForFunction.toCamel):
3312         (BuiltinsGenerator.generate_embedded_code_string_section_for_function):
3313         * Scripts/builtins/builtins_model.py: Added. This file contains builtins model objects.
3314         (ParseException):
3315         (Framework):
3316         (Framework.__init__):
3317         (Framework.setting):
3318         (Framework.fromString):
3319         (Frameworks):
3320         (BuiltinObject):
3321         (BuiltinObject.__init__):
3322         (BuiltinFunction):
3323         (BuiltinFunction.__init__):
3324         (BuiltinFunction.fromString):
3325         (BuiltinFunction.__str__):
3326         (BuiltinsCollection):
3327         (BuiltinsCollection.__init__):
3328         (BuiltinsCollection.parse_builtins_file):
3329         (BuiltinsCollection.copyrights):
3330         (BuiltinsCollection.all_functions):
3331         (BuiltinsCollection._parse_copyright_lines):
3332         (BuiltinsCollection._parse_functions):
3333         * Scripts/builtins/builtins_templates.py: Added.
3334         (BuiltinsGeneratorTemplates):
3335         * Scripts/builtins/builtins_generate_combined_header.py: Added.
3336         (BuiltinsCombinedHeaderGenerator):
3337         (BuiltinsCombinedHeaderGenerator.__init__):
3338         (BuiltinsCombinedHeaderGenerator.output_filename):
3339         (BuiltinsCombinedHeaderGenerator.generate_output):
3340         (BuiltinsCombinedHeaderGenerator.generate_forward_declarations):
3341         (FunctionExecutable):
3342         (VM):
3343         (ConstructAbility):
3344         (generate_section_for_object):
3345         (generate_externs_for_object):
3346         (generate_macros_for_object):
3347         (generate_defines_for_object):
3348         (generate_section_for_code_table_macro):
3349         (generate_section_for_code_name_macro):
3350         * Scripts/builtins/builtins_generate_combined_implementation.py: Added.
3351         (BuiltinsCombinedImplementationGenerator):
3352         (BuiltinsCombinedImplementationGenerator.__init__):
3353         (BuiltinsCombinedImplementationGenerator.output_filename):
3354         (BuiltinsCombinedImplementationGenerator.generate_output):
3355         (BuiltinsCombinedImplementationGenerator.generate_header_includes):
3356         * Scripts/builtins/builtins_generate_separate_header.py: Added.
3357         (BuiltinsSeparateHeaderGenerator):
3358         (BuiltinsSeparateHeaderGenerator.__init__):
3359         (BuiltinsSeparateHeaderGenerator.output_filename):
3360         (BuiltinsSeparateHeaderGenerator.macro_prefix):
3361         (BuiltinsSeparateHeaderGenerator.generate_output):
3362         (BuiltinsSeparateHeaderGenerator.generate_forward_declarations):
3363         (FunctionExecutable):
3364         (generate_header_includes):
3365         (generate_section_for_object):
3366         (generate_externs_for_object):
3367         (generate_macros_for_object):
3368         (generate_defines_for_object):
3369         (generate_section_for_code_table_macro):
3370         (generate_section_for_code_name_macro):
3371         * Scripts/builtins/builtins_generate_separate_implementation.py: Added.
3372         (BuiltinsSeparateImplementationGenerator):
3373         (BuiltinsSeparateImplementationGenerator.__init__):
3374         (BuiltinsSeparateImplementationGenerator.output_filename):
3375         (BuiltinsSeparateImplementationGenerator.macro_prefix):
3376         (BuiltinsSeparateImplementationGenerator.generate_output):
3377         (BuiltinsSeparateImplementationGenerator.generate_header_includes):
3378         * Scripts/builtins/builtins_generate_separate_wrapper.py: Added.
3379         (BuiltinsSeparateWrapperGenerator):
3380         (BuiltinsSeparateWrapperGenerator.__init__):
3381         (BuiltinsSeparateWrapperGenerator.output_filename):
3382         (BuiltinsSeparateWrapperGenerator.macro_prefix):
3383         (BuiltinsSeparateWrapperGenerator.generate_output):
3384         (BuiltinsSeparateWrapperGenerator.generate_header_includes):
3385         * Scripts/generate-js-builtins.py: Added.
3386
3387             Parse command line options, decide which generators and output modes to use.
3388
3389         (generate_bindings_for_builtins_files):
3390         * Scripts/lazywriter.py: Copied from the inspector protocol generator.
3391         (LazyFileWriter):
3392         (LazyFileWriter.__init__):
3393         (LazyFileWriter.write):