Make the HeapVerifier useful again.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-13  Mark Lam  <mark.lam@apple.com>
2
3         Make the HeapVerifier useful again.
4         https://bugs.webkit.org/show_bug.cgi?id=161752
5
6         Reviewed by Filip Pizlo.
7
8         Resurrect the HeapVerifier.  Here's what the verifier now offers:
9
10         1. It captures the list of cells before and after GCs up to N GC cycles.
11            N is set by JSC_numberOfGCCyclesToRecordForVerification.
12            Currently, N defaults to 3.
13
14            This is useful if we're debugging in lldb and want to check if a candidate
15            cell pointer was observed by the GC during the last N GC cycles.  We can do
16            this check buy calling HeapVerifier::checkIfRecorded() with the cell address.
17
18            HeapVerifier::checkIfRecorded() is robust and can be used on bogus addresses.
19            If the candidate cell was previously recorded by the HeapVerifier during a
20            GC cycle, checkIfRecorded() will dump any useful info it has on that cell.
21
22         2. The HeapVerifier will verify that cells in its captured list after a GC are
23            sane.  Some examples of cell insanity are:
24            - the cell claims to belong to a different VM.
25            - the cell has a NULL structureID.
26            - the cell has a NULL structure.
27            - the cell's structure has a NULL structureID.
28            - the cell's structure has a NULL structure.
29            - the cell's structure's structure has a NULL structureID.
30            - the cell's structure's structure has a NULL structure.
31
32            These are all signs of corruption or a GC bug.  The verifier will report any
33            insanity it finds, and then crash with a RELEASE_ASSERT.
34
35         3. Since the HeapVerifier captures list of cells in the heap before and after GCs
36            for the last N GCs, it will also automatically "trim" dead cells those list
37            after the most recent GC.
38
39            "trim" here means that the CellProfile in the HeapVerifier's lists will be
40            updated to reflect that the cell is now dead.  It still keeps a record of the
41            dead cell pointer and the meta data collected about it back when it was alive.
42            As a result, checkIfRecorded() will also report if the candidate cell passed
43            to it is a dead object from a previous GC cycle. 
44
45         4. Each CellProfile captured by the HeapVerifier now track the following info:
46            - the cell's HeapCell::Kind.
47            - the cell's liveness.
48            - if is JSCell, the cell's classInfo()->className.
49            - an associated timestamp.
50            - an associated stack trace.
51
52            Currently, the timestamp is only used for the time when the cell was recorded
53            by the HeapVerifier during GC.  The stack trace is currently unused.
54
55            However, these fields are kept there so that we can instrument the VM (during
56            a debugging session, which requires rebuilding the VM) and record interesting
57            stack traces like that of the time of allocation of the cell.  Since
58            capturing the stack traces for each cell is a very heavy weight operation,
59            the HeapVerifier code does not do this by default.  Instead, we just leave
60            the building blocks for doing so in place to ease future debugging efforts.
61
62         * heap/Heap.cpp:
63         (JSC::Heap::runBeginPhase):
64         (JSC::Heap::runEndPhase):
65         (JSC::Heap::didFinishCollection):
66         * heap/Heap.h:
67         (JSC::Heap::verifier):
68         * heap/MarkedAllocator.h:
69         (JSC::MarkedAllocator::takeLastActiveBlock): Deleted.
70         * heap/MarkedSpace.h:
71         * heap/MarkedSpaceInlines.h:
72         (JSC::MarkedSpace::forEachLiveCell):
73         * tools/CellList.cpp:
74         (JSC::CellList::find):
75         (JSC::CellList::reset):
76         (JSC::CellList::findCell): Deleted.
77         * tools/CellList.h:
78         (JSC::CellList::CellList):
79         (JSC::CellList::name):
80         (JSC::CellList::size):
81         (JSC::CellList::cells):
82         (JSC::CellList::add):
83         (JSC::CellList::reset): Deleted.
84         * tools/CellProfile.h:
85         (JSC::CellProfile::CellProfile):
86         (JSC::CellProfile::cell):
87         (JSC::CellProfile::jsCell):
88         (JSC::CellProfile::isJSCell):
89         (JSC::CellProfile::kind):
90         (JSC::CellProfile::isLive):
91         (JSC::CellProfile::isDead):
92         (JSC::CellProfile::setIsLive):
93         (JSC::CellProfile::setIsDead):
94         (JSC::CellProfile::timestamp):
95         (JSC::CellProfile::className):
96         (JSC::CellProfile::stackTrace):
97         (JSC::CellProfile::setStackTrace):
98         * tools/HeapVerifier.cpp:
99         (JSC::HeapVerifier::startGC):
100         (JSC::HeapVerifier::endGC):
101         (JSC::HeapVerifier::gatherLiveCells):
102         (JSC::trimDeadCellsFromList):
103         (JSC::HeapVerifier::trimDeadCells):
104         (JSC::HeapVerifier::printVerificationHeader):
105         (JSC::HeapVerifier::verifyCellList):
106         (JSC::HeapVerifier::validateCell):
107         (JSC::HeapVerifier::validateJSCell):
108         (JSC::HeapVerifier::verify):
109         (JSC::HeapVerifier::reportCell):
110         (JSC::HeapVerifier::checkIfRecorded):
111         (JSC::HeapVerifier::initializeGCCycle): Deleted.
112         (JSC::GatherCellFunctor::GatherCellFunctor): Deleted.
113         (JSC::GatherCellFunctor::visit): Deleted.
114         (JSC::GatherCellFunctor::operator()): Deleted.
115         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace): Deleted.
116         * tools/HeapVerifier.h:
117         (JSC::HeapVerifier::GCCycle::reset):
118
119 2017-03-13  SKumarMetro  <s.kumar@metrological.com>
120
121         JSC: fix compilation errors for MIPS
122         https://bugs.webkit.org/show_bug.cgi?id=168402
123
124         Reviewed by Mark Lam.
125
126         * assembler/MIPSAssembler.h:
127         (JSC::MIPSAssembler::fillNops):
128         Added.
129         * assembler/MacroAssemblerMIPS.h:
130         Added MacroAssemblerMIPS::numGPRs and MacroAssemblerMIPS::numFPRs .
131         * bytecode/InlineAccess.h:
132         (JSC::InlineAccess::sizeForPropertyAccess):
133         (JSC::InlineAccess::sizeForPropertyReplace):
134         (JSC::InlineAccess::sizeForLengthAccess):
135         Added MIPS cases.
136
137 2017-03-13  Filip Pizlo  <fpizlo@apple.com>
138
139         FTL should not flush strict arguments unless it really needs to
140         https://bugs.webkit.org/show_bug.cgi?id=169519
141
142         Reviewed by Mark Lam.
143         
144         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
145         in DFG SSA IR. It can sometimes unlock other optimizations.
146         
147         Relanding after I fixed the special cases for CreateArguments-style nodes. 
148
149         * dfg/DFGPreciseLocalClobberize.h:
150         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
151
152 2017-03-13  Devin Rousso  <webkit@devinrousso.com>
153
154         Web Inspector: Event Listeners section is missing 'once', 'passive' event listener flags
155         https://bugs.webkit.org/show_bug.cgi?id=167080
156
157         Reviewed by Joseph Pecoraro.
158
159         * inspector/protocol/DOM.json:
160         Add "passive" and "once" items to the EventListener type.
161
162 2017-03-13  Mark Lam  <mark.lam@apple.com>
163
164         Remove obsolete experimental ObjC SPI.
165         https://bugs.webkit.org/show_bug.cgi?id=169569
166
167         Reviewed by Saam Barati.
168
169         * API/JSVirtualMachine.mm:
170         (-[JSVirtualMachine enableSigillCrashAnalyzer]): Deleted.
171         * API/JSVirtualMachinePrivate.h: Removed.
172         * JavaScriptCore.xcodeproj/project.pbxproj:
173
174 2017-03-13  Commit Queue  <commit-queue@webkit.org>
175
176         Unreviewed, rolling out r213856.
177         https://bugs.webkit.org/show_bug.cgi?id=169562
178
179         Breaks JSC stress test stress/super-property-access.js.ftl-
180         eager failing (Requested by mlam|g on #webkit).
181
182         Reverted changeset:
183
184         "FTL should not flush strict arguments unless it really needs
185         to"
186         https://bugs.webkit.org/show_bug.cgi?id=169519
187         http://trac.webkit.org/changeset/213856
188
189 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
190
191         [JSC][Linux] Allow profilers to demangle C++ names
192         https://bugs.webkit.org/show_bug.cgi?id=169559
193
194         Reviewed by Michael Catanzaro.
195
196         Linux also offers dladdr & demangling feature.
197         Thus, we can use it to show the names in profilers.
198         For example, SamplingProfiler tells us the C function names.
199
200         * runtime/SamplingProfiler.cpp:
201         (JSC::SamplingProfiler::StackFrame::displayName):
202         * tools/CodeProfile.cpp:
203         (JSC::symbolName):
204
205 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
206
207         [WTF] Clean up RunLoop and WorkQueue with Seconds and Function
208         https://bugs.webkit.org/show_bug.cgi?id=169537
209
210         Reviewed by Sam Weinig.
211
212         * runtime/Watchdog.cpp:
213         (JSC::Watchdog::startTimer):
214
215 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
216
217         FTL should not flush strict arguments unless it really needs to
218         https://bugs.webkit.org/show_bug.cgi?id=169519
219
220         Reviewed by Mark Lam.
221         
222         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
223         in DFG SSA IR. It can sometimes unlock other optimizations.
224
225         * dfg/DFGPreciseLocalClobberize.h:
226         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
227
228 2017-03-13  Caio Lima  <ticaiolima@gmail.com>
229
230         [JSC] It should be possible create a label named let when parsing Statement in non strict mode
231         https://bugs.webkit.org/show_bug.cgi?id=168684
232
233         Reviewed by Saam Barati.
234
235         This patch is fixing a Parser bug to allow define a label named
236         ```let``` in sloppy mode when parsing a Statement.
237
238         * parser/Parser.cpp:
239         (JSC::Parser<LexerType>::parseStatement):
240
241 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
242
243         Structure::willStoreValueSlow needs to keep the property table alive until the end
244         https://bugs.webkit.org/show_bug.cgi?id=169520
245
246         Reviewed by Michael Saboff.
247
248         We use pointers logically interior to `propertyTable` after doing a GC. We need to prevent the
249         compiler from optimizing away pointers to `propertyTable`.
250         
251         * heap/HeapCell.cpp:
252         (JSC::HeapCell::use):
253         * heap/HeapCell.h:
254         (JSC::HeapCell::use): Introduce API for keeping a pointer alive until some point in execution.
255         * runtime/Structure.cpp:
256         (JSC::Structure::willStoreValueSlow): Use HeapCell::use() to keep the pointer alive.
257
258 2017-03-11  Yusuke Suzuki  <utatane.tea@gmail.com>
259
260         Unreviewed, suprress warnings in JSC B3
261
262         * b3/B3Opcode.cpp:
263
264 2017-03-11  Michael Saboff  <msaboff@apple.com>
265
266         Allow regular expressions to be used when selecting a process name in JSC config file
267         https://bugs.webkit.org/show_bug.cgi?id=169495
268
269         Reviewed by Saam Barati.
270
271         Only added regular expression selectors for unix like platforms.
272
273         * runtime/ConfigFile.cpp:
274         (JSC::ConfigFileScanner::tryConsumeRegExPattern):
275         (JSC::ConfigFile::parse):
276
277 2017-03-11  Jon Lee  <jonlee@apple.com>
278
279         WebGPU prototype - Front-End
280         https://bugs.webkit.org/show_bug.cgi?id=167952
281
282         Reviewed by Dean Jackson.
283
284         * runtime/CommonIdentifiers.h: Add WebGPU objects.
285
286 2017-03-10  Filip Pizlo  <fpizlo@apple.com>
287
288         The JITs should be able to emit fast TLS loads
289         https://bugs.webkit.org/show_bug.cgi?id=169483
290
291         Reviewed by Keith Miller.
292         
293         Added loadFromTLS32/64/Ptr to the MacroAssembler and added a B3 test for this.
294
295         * assembler/ARM64Assembler.h:
296         (JSC::ARM64Assembler::mrs_TPIDRRO_EL0):
297         * assembler/MacroAssembler.h:
298         (JSC::MacroAssembler::loadFromTLSPtr):
299         * assembler/MacroAssemblerARM64.h:
300         (JSC::MacroAssemblerARM64::loadFromTLS32):
301         (JSC::MacroAssemblerARM64::loadFromTLS64):
302         * assembler/MacroAssemblerX86Common.h:
303         (JSC::MacroAssemblerX86Common::loadFromTLS32):
304         * assembler/MacroAssemblerX86_64.h:
305         (JSC::MacroAssemblerX86_64::loadFromTLS64):
306         * assembler/X86Assembler.h:
307         (JSC::X86Assembler::adcl_im):
308         (JSC::X86Assembler::addl_mr):
309         (JSC::X86Assembler::addl_im):
310         (JSC::X86Assembler::andl_im):
311         (JSC::X86Assembler::orl_im):
312         (JSC::X86Assembler::orl_rm):
313         (JSC::X86Assembler::subl_im):
314         (JSC::X86Assembler::cmpb_im):
315         (JSC::X86Assembler::cmpl_rm):
316         (JSC::X86Assembler::cmpl_im):
317         (JSC::X86Assembler::testb_im):
318         (JSC::X86Assembler::movb_i8m):
319         (JSC::X86Assembler::movb_rm):
320         (JSC::X86Assembler::movl_mr):
321         (JSC::X86Assembler::movq_mr):
322         (JSC::X86Assembler::movsxd_rr):
323         (JSC::X86Assembler::gs):
324         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
325         * b3/testb3.cpp:
326         (JSC::B3::testFastTLS):
327         (JSC::B3::run):
328
329 2017-03-10  Alex Christensen  <achristensen@webkit.org>
330
331         Fix watch and tv builds after r213294
332         https://bugs.webkit.org/show_bug.cgi?id=169508
333
334         Reviewed by Dan Bernstein.
335
336         * Configurations/FeatureDefines.xcconfig:
337
338 2017-03-10  Saam Barati  <sbarati@apple.com>
339
340         WebAssembly: Make more demos run
341         https://bugs.webkit.org/show_bug.cgi?id=165510
342         <rdar://problem/29760310>
343
344         Reviewed by Keith Miller.
345
346         This patch makes another Wasm demo run:
347         https://kripken.github.io/BananaBread/cube2/bb.html
348         
349         This patch fixes two bugs:
350         1. When WebAssemblyFunctionType was added, we did not properly
351         update the last JS type value.
352         2. Our code for our JS -> Wasm entrypoint was wrong. It lead to bad
353         code generation where we would emit B3 that would write over r12
354         and rbx (on x86) which is invalid since those are our pinned registers.
355         This patch just rewrites the entrypoint to use hand written assembler
356         code. I was planning on doing this anyways because it's a compile
357         time speed boost.
358         
359         Also, this patch adds support for some new API features:
360         We can now export an import, either via a direct export, or via a Table and the
361         Element section. I've added a new class called WebAssemblyWrapperFunction that
362         just wraps over a JSObject that is a function. Wrapper functions have types
363         associated with them, so if they're re-imported, or called via call_indirect,
364         they can be type checked.
365
366         * CMakeLists.txt:
367         * JavaScriptCore.xcodeproj/project.pbxproj:
368         * runtime/JSGlobalObject.cpp:
369         (JSC::JSGlobalObject::init):
370         (JSC::JSGlobalObject::visitChildren):
371         * runtime/JSGlobalObject.h:
372         (JSC::JSGlobalObject::webAssemblyWrapperFunctionStructure):
373         * runtime/JSType.h:
374         * wasm/JSWebAssemblyCodeBlock.h:
375         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
376         * wasm/WasmB3IRGenerator.cpp:
377         (JSC::Wasm::createJSToWasmWrapper):
378         * wasm/WasmCallingConvention.h:
379         (JSC::Wasm::CallingConvention::headerSizeInBytes):
380         * wasm/js/JSWebAssemblyHelpers.h:
381         (JSC::isWebAssemblyHostFunction):
382         * wasm/js/JSWebAssemblyInstance.cpp:
383         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
384         * wasm/js/JSWebAssemblyInstance.h:
385         (JSC::JSWebAssemblyInstance::importFunction):
386         (JSC::JSWebAssemblyInstance::importFunctions):
387         (JSC::JSWebAssemblyInstance::setImportFunction):
388         * wasm/js/JSWebAssemblyTable.cpp:
389         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
390         (JSC::JSWebAssemblyTable::grow):
391         (JSC::JSWebAssemblyTable::clearFunction):
392         (JSC::JSWebAssemblyTable::setFunction):
393         * wasm/js/JSWebAssemblyTable.h:
394         (JSC::JSWebAssemblyTable::getFunction):
395         * wasm/js/WebAssemblyFunction.cpp:
396         (JSC::callWebAssemblyFunction):
397         * wasm/js/WebAssemblyInstanceConstructor.cpp:
398         (JSC::WebAssemblyInstanceConstructor::createInstance):
399         * wasm/js/WebAssemblyModuleRecord.cpp:
400         (JSC::WebAssemblyModuleRecord::link):
401         (JSC::WebAssemblyModuleRecord::evaluate):
402         * wasm/js/WebAssemblyModuleRecord.h:
403         * wasm/js/WebAssemblyTablePrototype.cpp:
404         (JSC::webAssemblyTableProtoFuncGet):
405         (JSC::webAssemblyTableProtoFuncSet):
406         * wasm/js/WebAssemblyWrapperFunction.cpp: Added.
407         (JSC::callWebAssemblyWrapperFunction):
408         (JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
409         (JSC::WebAssemblyWrapperFunction::create):
410         (JSC::WebAssemblyWrapperFunction::finishCreation):
411         (JSC::WebAssemblyWrapperFunction::createStructure):
412         (JSC::WebAssemblyWrapperFunction::visitChildren):
413         * wasm/js/WebAssemblyWrapperFunction.h: Added.
414         (JSC::WebAssemblyWrapperFunction::signatureIndex):
415         (JSC::WebAssemblyWrapperFunction::wasmEntrypoint):
416         (JSC::WebAssemblyWrapperFunction::function):
417
418 2017-03-10  Mark Lam  <mark.lam@apple.com>
419
420         JSC: BindingNode::bindValue doesn't increase the scope's reference count.
421         https://bugs.webkit.org/show_bug.cgi?id=168546
422         <rdar://problem/30589551>
423
424         Reviewed by Saam Barati.
425
426         We should protect the scope RegisterID with a RefPtr while it is still needed.
427
428         * bytecompiler/NodesCodegen.cpp:
429         (JSC::ForInNode::emitLoopHeader):
430         (JSC::ForOfNode::emitBytecode):
431         (JSC::BindingNode::bindValue):
432
433 2017-03-10  Alex Christensen  <achristensen@webkit.org>
434
435         Fix CMake build.
436
437         * CMakeLists.txt:
438         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
439
440 2017-03-10  Mark Lam  <mark.lam@apple.com>
441
442         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
443         https://bugs.webkit.org/show_bug.cgi?id=169454
444
445         Reviewed by Michael Saboff.
446
447         The underlying implementation is hoisted right out of Assertions.cpp from the
448         implementations of WTFPrintBacktrace().
449
450         The reason we need this StackTrace object is because during heap debugging, we
451         sometimes want to capture the stack trace that allocated the objects of interest.
452         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
453         perturb the execution profile sufficiently that an issue may not reproduce,
454         while alternatively, just capturing the stack trace and deferring printing it
455         till we actually need it later perturbs the execution profile less.
456
457         In addition, just capturing the stack traces (instead of printing them
458         immediately at each capture site) allows us to avoid polluting stdout with tons
459         of stack traces that may be irrelevant.
460
461         For now, we only capture the native stack trace.  We'll leave capturing and
462         integrating the JS stack trace as an exercise for the future if we need it then.
463
464         Here's an example of how to use this StackTrace utility:
465
466             // Capture a stack trace of the top 10 frames.
467             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
468             // Print the trace.
469             dataLog(*trace);
470
471         * CMakeLists.txt:
472         * JavaScriptCore.xcodeproj/project.pbxproj:
473         * tools/StackTrace.cpp: Added.
474         (JSC::StackTrace::instanceSize):
475         (JSC::StackTrace::captureStackTrace):
476         (JSC::StackTrace::dump):
477         * tools/StackTrace.h: Added.
478         (JSC::StackTrace::size):
479         (JSC::StackTrace::StackTrace):
480
481 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
482
483         B3 should have comprehensive support for atomic operations
484         https://bugs.webkit.org/show_bug.cgi?id=162349
485
486         Reviewed by Keith Miller.
487         
488         This adds the following capabilities to B3:
489         
490         - Atomic weak/strong unfenced/fenced compare-and-swap
491         - Atomic add/sub/or/and/xor/xchg
492         - Acquire/release fencing on loads/stores
493         - Fenceless load-load dependencies
494         
495         This adds lowering to the following instructions on x86:
496         
497         - lock cmpxchg
498         - lock xadd
499         - lock add/sub/or/and/xor/xchg
500         
501         This adds lowering to the following instructions on ARM64:
502         
503         - ldar and friends
504         - stlr and friends
505         - ldxr and friends (unfenced LL)
506         - stxr and friends (unfended SC)
507         - ldaxr and friends (fenced LL)
508         - stlxr and friends (fenced SC)
509         - eor as a fenceless load-load dependency
510         
511         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
512         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
513         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
514         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
515         generate the best possible branch sequence on x86 and ARM64.
516         
517         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
518         respect to each other and with respect to rel stores, creating sequential consistency that
519         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
520         fence effects may only target some abstract heaps but not others, so that load elimination and
521         store sinking can still operate across fences if you just tell B3 that the fence does not alias
522         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
523         Even better, it lets you express fine-grained dependencies where the atomics that affect one
524         property in shared memory do not clobber non-atomics that ffect some other property in shared
525         memory.
526         
527         One of my favorite features is Depend, which allows you to express load-load dependencies. On
528         x86 it lowers to nothing, while on ARM64 it lowers to eor.
529         
530         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
531         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
532         
533         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
534         implementations of the Atomics object, for now.
535         
536         * CMakeLists.txt:
537         * JavaScriptCore.xcodeproj/project.pbxproj:
538         * assembler/ARM64Assembler.h:
539         (JSC::ARM64Assembler::ldar):
540         (JSC::ARM64Assembler::ldxr):
541         (JSC::ARM64Assembler::ldaxr):
542         (JSC::ARM64Assembler::stxr):
543         (JSC::ARM64Assembler::stlr):
544         (JSC::ARM64Assembler::stlxr):
545         (JSC::ARM64Assembler::excepnGenerationImmMask):
546         (JSC::ARM64Assembler::exoticLoad):
547         (JSC::ARM64Assembler::storeRelease):
548         (JSC::ARM64Assembler::exoticStore):
549         * assembler/AbstractMacroAssembler.cpp: Added.
550         (WTF::printInternal):
551         * assembler/AbstractMacroAssembler.h:
552         (JSC::AbstractMacroAssemblerBase::invert):
553         * assembler/MacroAssembler.h:
554         * assembler/MacroAssemblerARM64.h:
555         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
556         (JSC::MacroAssemblerARM64::loadAcq8):
557         (JSC::MacroAssemblerARM64::storeRel8):
558         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
559         (JSC::MacroAssemblerARM64::loadAcq16):
560         (JSC::MacroAssemblerARM64::storeRel16):
561         (JSC::MacroAssemblerARM64::loadAcq32):
562         (JSC::MacroAssemblerARM64::loadAcq64):
563         (JSC::MacroAssemblerARM64::storeRel32):
564         (JSC::MacroAssemblerARM64::storeRel64):
565         (JSC::MacroAssemblerARM64::loadLink8):
566         (JSC::MacroAssemblerARM64::loadLinkAcq8):
567         (JSC::MacroAssemblerARM64::storeCond8):
568         (JSC::MacroAssemblerARM64::storeCondRel8):
569         (JSC::MacroAssemblerARM64::loadLink16):
570         (JSC::MacroAssemblerARM64::loadLinkAcq16):
571         (JSC::MacroAssemblerARM64::storeCond16):
572         (JSC::MacroAssemblerARM64::storeCondRel16):
573         (JSC::MacroAssemblerARM64::loadLink32):
574         (JSC::MacroAssemblerARM64::loadLinkAcq32):
575         (JSC::MacroAssemblerARM64::storeCond32):
576         (JSC::MacroAssemblerARM64::storeCondRel32):
577         (JSC::MacroAssemblerARM64::loadLink64):
578         (JSC::MacroAssemblerARM64::loadLinkAcq64):
579         (JSC::MacroAssemblerARM64::storeCond64):
580         (JSC::MacroAssemblerARM64::storeCondRel64):
581         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
582         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
583         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
584         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
585         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
586         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
587         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
588         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
589         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
590         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
591         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
592         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
593         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
594         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
595         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
596         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
597         (JSC::MacroAssemblerARM64::depend32):
598         (JSC::MacroAssemblerARM64::depend64):
599         (JSC::MacroAssemblerARM64::loadLink):
600         (JSC::MacroAssemblerARM64::loadLinkAcq):
601         (JSC::MacroAssemblerARM64::storeCond):
602         (JSC::MacroAssemblerARM64::storeCondRel):
603         (JSC::MacroAssemblerARM64::signExtend):
604         (JSC::MacroAssemblerARM64::branch):
605         (JSC::MacroAssemblerARM64::atomicStrongCAS):
606         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
607         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
608         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
609         (JSC::MacroAssemblerARM64::extractSimpleAddress):
610         (JSC::MacroAssemblerARM64::signExtend<8>):
611         (JSC::MacroAssemblerARM64::signExtend<16>):
612         (JSC::MacroAssemblerARM64::branch<64>):
613         * assembler/MacroAssemblerX86Common.h:
614         (JSC::MacroAssemblerX86Common::add32):
615         (JSC::MacroAssemblerX86Common::and32):
616         (JSC::MacroAssemblerX86Common::and16):
617         (JSC::MacroAssemblerX86Common::and8):
618         (JSC::MacroAssemblerX86Common::neg32):
619         (JSC::MacroAssemblerX86Common::neg16):
620         (JSC::MacroAssemblerX86Common::neg8):
621         (JSC::MacroAssemblerX86Common::or32):
622         (JSC::MacroAssemblerX86Common::or16):
623         (JSC::MacroAssemblerX86Common::or8):
624         (JSC::MacroAssemblerX86Common::sub16):
625         (JSC::MacroAssemblerX86Common::sub8):
626         (JSC::MacroAssemblerX86Common::sub32):
627         (JSC::MacroAssemblerX86Common::xor32):
628         (JSC::MacroAssemblerX86Common::xor16):
629         (JSC::MacroAssemblerX86Common::xor8):
630         (JSC::MacroAssemblerX86Common::not32):
631         (JSC::MacroAssemblerX86Common::not16):
632         (JSC::MacroAssemblerX86Common::not8):
633         (JSC::MacroAssemblerX86Common::store16):
634         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
635         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
636         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
637         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
638         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
639         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
640         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
641         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
642         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
643         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
644         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
645         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
646         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
647         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
648         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
649         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
650         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
651         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
652         (JSC::MacroAssemblerX86Common::atomicAdd8):
653         (JSC::MacroAssemblerX86Common::atomicAdd16):
654         (JSC::MacroAssemblerX86Common::atomicAdd32):
655         (JSC::MacroAssemblerX86Common::atomicSub8):
656         (JSC::MacroAssemblerX86Common::atomicSub16):
657         (JSC::MacroAssemblerX86Common::atomicSub32):
658         (JSC::MacroAssemblerX86Common::atomicAnd8):
659         (JSC::MacroAssemblerX86Common::atomicAnd16):
660         (JSC::MacroAssemblerX86Common::atomicAnd32):
661         (JSC::MacroAssemblerX86Common::atomicOr8):
662         (JSC::MacroAssemblerX86Common::atomicOr16):
663         (JSC::MacroAssemblerX86Common::atomicOr32):
664         (JSC::MacroAssemblerX86Common::atomicXor8):
665         (JSC::MacroAssemblerX86Common::atomicXor16):
666         (JSC::MacroAssemblerX86Common::atomicXor32):
667         (JSC::MacroAssemblerX86Common::atomicNeg8):
668         (JSC::MacroAssemblerX86Common::atomicNeg16):
669         (JSC::MacroAssemblerX86Common::atomicNeg32):
670         (JSC::MacroAssemblerX86Common::atomicNot8):
671         (JSC::MacroAssemblerX86Common::atomicNot16):
672         (JSC::MacroAssemblerX86Common::atomicNot32):
673         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
674         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
675         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
676         (JSC::MacroAssemblerX86Common::atomicXchg8):
677         (JSC::MacroAssemblerX86Common::atomicXchg16):
678         (JSC::MacroAssemblerX86Common::atomicXchg32):
679         (JSC::MacroAssemblerX86Common::loadAcq8):
680         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
681         (JSC::MacroAssemblerX86Common::loadAcq16):
682         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
683         (JSC::MacroAssemblerX86Common::loadAcq32):
684         (JSC::MacroAssemblerX86Common::storeRel8):
685         (JSC::MacroAssemblerX86Common::storeRel16):
686         (JSC::MacroAssemblerX86Common::storeRel32):
687         (JSC::MacroAssemblerX86Common::storeFence):
688         (JSC::MacroAssemblerX86Common::loadFence):
689         (JSC::MacroAssemblerX86Common::replaceWithJump):
690         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
691         (JSC::MacroAssemblerX86Common::patchableJumpSize):
692         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
693         (JSC::MacroAssemblerX86Common::supportsAVX):
694         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
695         (JSC::MacroAssemblerX86Common::x86Condition):
696         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
697         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
698         * assembler/MacroAssemblerX86_64.h:
699         (JSC::MacroAssemblerX86_64::add64):
700         (JSC::MacroAssemblerX86_64::and64):
701         (JSC::MacroAssemblerX86_64::neg64):
702         (JSC::MacroAssemblerX86_64::or64):
703         (JSC::MacroAssemblerX86_64::sub64):
704         (JSC::MacroAssemblerX86_64::xor64):
705         (JSC::MacroAssemblerX86_64::not64):
706         (JSC::MacroAssemblerX86_64::store64):
707         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
708         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
709         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
710         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
711         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
712         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
713         (JSC::MacroAssemblerX86_64::atomicAdd64):
714         (JSC::MacroAssemblerX86_64::atomicSub64):
715         (JSC::MacroAssemblerX86_64::atomicAnd64):
716         (JSC::MacroAssemblerX86_64::atomicOr64):
717         (JSC::MacroAssemblerX86_64::atomicXor64):
718         (JSC::MacroAssemblerX86_64::atomicNeg64):
719         (JSC::MacroAssemblerX86_64::atomicNot64):
720         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
721         (JSC::MacroAssemblerX86_64::atomicXchg64):
722         (JSC::MacroAssemblerX86_64::loadAcq64):
723         (JSC::MacroAssemblerX86_64::storeRel64):
724         * assembler/X86Assembler.h:
725         (JSC::X86Assembler::addl_mr):
726         (JSC::X86Assembler::addq_mr):
727         (JSC::X86Assembler::addq_rm):
728         (JSC::X86Assembler::addq_im):
729         (JSC::X86Assembler::andl_mr):
730         (JSC::X86Assembler::andl_rm):
731         (JSC::X86Assembler::andw_rm):
732         (JSC::X86Assembler::andb_rm):
733         (JSC::X86Assembler::andl_im):
734         (JSC::X86Assembler::andw_im):
735         (JSC::X86Assembler::andb_im):
736         (JSC::X86Assembler::andq_mr):
737         (JSC::X86Assembler::andq_rm):
738         (JSC::X86Assembler::andq_im):
739         (JSC::X86Assembler::incq_m):
740         (JSC::X86Assembler::negq_m):
741         (JSC::X86Assembler::negl_m):
742         (JSC::X86Assembler::negw_m):
743         (JSC::X86Assembler::negb_m):
744         (JSC::X86Assembler::notl_m):
745         (JSC::X86Assembler::notw_m):
746         (JSC::X86Assembler::notb_m):
747         (JSC::X86Assembler::notq_m):
748         (JSC::X86Assembler::orl_mr):
749         (JSC::X86Assembler::orl_rm):
750         (JSC::X86Assembler::orw_rm):
751         (JSC::X86Assembler::orb_rm):
752         (JSC::X86Assembler::orl_im):
753         (JSC::X86Assembler::orw_im):
754         (JSC::X86Assembler::orb_im):
755         (JSC::X86Assembler::orq_mr):
756         (JSC::X86Assembler::orq_rm):
757         (JSC::X86Assembler::orq_im):
758         (JSC::X86Assembler::subl_mr):
759         (JSC::X86Assembler::subl_rm):
760         (JSC::X86Assembler::subw_rm):
761         (JSC::X86Assembler::subb_rm):
762         (JSC::X86Assembler::subl_im):
763         (JSC::X86Assembler::subw_im):
764         (JSC::X86Assembler::subb_im):
765         (JSC::X86Assembler::subq_mr):
766         (JSC::X86Assembler::subq_rm):
767         (JSC::X86Assembler::subq_im):
768         (JSC::X86Assembler::xorl_mr):
769         (JSC::X86Assembler::xorl_rm):
770         (JSC::X86Assembler::xorl_im):
771         (JSC::X86Assembler::xorw_rm):
772         (JSC::X86Assembler::xorw_im):
773         (JSC::X86Assembler::xorb_rm):
774         (JSC::X86Assembler::xorb_im):
775         (JSC::X86Assembler::xorq_im):
776         (JSC::X86Assembler::xorq_rm):
777         (JSC::X86Assembler::xorq_mr):
778         (JSC::X86Assembler::xchgb_rm):
779         (JSC::X86Assembler::xchgw_rm):
780         (JSC::X86Assembler::xchgl_rm):
781         (JSC::X86Assembler::xchgq_rm):
782         (JSC::X86Assembler::movw_im):
783         (JSC::X86Assembler::movq_i32m):
784         (JSC::X86Assembler::cmpxchgb_rm):
785         (JSC::X86Assembler::cmpxchgw_rm):
786         (JSC::X86Assembler::cmpxchgl_rm):
787         (JSC::X86Assembler::cmpxchgq_rm):
788         (JSC::X86Assembler::xaddb_rm):
789         (JSC::X86Assembler::xaddw_rm):
790         (JSC::X86Assembler::xaddl_rm):
791         (JSC::X86Assembler::xaddq_rm):
792         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
793         * b3/B3AtomicValue.cpp: Added.
794         (JSC::B3::AtomicValue::~AtomicValue):
795         (JSC::B3::AtomicValue::dumpMeta):
796         (JSC::B3::AtomicValue::cloneImpl):
797         (JSC::B3::AtomicValue::AtomicValue):
798         * b3/B3AtomicValue.h: Added.
799         * b3/B3BasicBlock.h:
800         * b3/B3BlockInsertionSet.cpp:
801         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
802         (JSC::B3::BlockInsertionSet::insert): Deleted.
803         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
804         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
805         (JSC::B3::BlockInsertionSet::execute): Deleted.
806         * b3/B3BlockInsertionSet.h:
807         * b3/B3Effects.cpp:
808         (JSC::B3::Effects::interferes):
809         (JSC::B3::Effects::operator==):
810         (JSC::B3::Effects::dump):
811         * b3/B3Effects.h:
812         (JSC::B3::Effects::forCall):
813         (JSC::B3::Effects::mustExecute):
814         * b3/B3EliminateCommonSubexpressions.cpp:
815         * b3/B3Generate.cpp:
816         (JSC::B3::generateToAir):
817         * b3/B3GenericBlockInsertionSet.h: Added.
818         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
819         (JSC::B3::GenericBlockInsertionSet::insert):
820         (JSC::B3::GenericBlockInsertionSet::insertBefore):
821         (JSC::B3::GenericBlockInsertionSet::insertAfter):
822         (JSC::B3::GenericBlockInsertionSet::execute):
823         * b3/B3HeapRange.h:
824         (JSC::B3::HeapRange::operator|):
825         * b3/B3InsertionSet.cpp:
826         (JSC::B3::InsertionSet::insertClone):
827         * b3/B3InsertionSet.h:
828         * b3/B3LegalizeMemoryOffsets.cpp:
829         * b3/B3LowerMacros.cpp:
830         (JSC::B3::lowerMacros):
831         * b3/B3LowerMacrosAfterOptimizations.cpp:
832         * b3/B3LowerToAir.cpp:
833         (JSC::B3::Air::LowerToAir::LowerToAir):
834         (JSC::B3::Air::LowerToAir::run):
835         (JSC::B3::Air::LowerToAir::effectiveAddr):
836         (JSC::B3::Air::LowerToAir::addr):
837         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
838         (JSC::B3::Air::LowerToAir::appendShift):
839         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
840         (JSC::B3::Air::LowerToAir::storeOpcode):
841         (JSC::B3::Air::LowerToAir::createStore):
842         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
843         (JSC::B3::Air::LowerToAir::newBlock):
844         (JSC::B3::Air::LowerToAir::splitBlock):
845         (JSC::B3::Air::LowerToAir::fillStackmap):
846         (JSC::B3::Air::LowerToAir::appendX86Div):
847         (JSC::B3::Air::LowerToAir::appendX86UDiv):
848         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
849         (JSC::B3::Air::LowerToAir::storeCondOpcode):
850         (JSC::B3::Air::LowerToAir::appendCAS):
851         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
852         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
853         (JSC::B3::Air::LowerToAir::lower):
854         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
855         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
856         * b3/B3LowerToAir.h:
857         * b3/B3MemoryValue.cpp:
858         (JSC::B3::MemoryValue::isLegalOffset):
859         (JSC::B3::MemoryValue::accessType):
860         (JSC::B3::MemoryValue::accessBank):
861         (JSC::B3::MemoryValue::accessByteSize):
862         (JSC::B3::MemoryValue::dumpMeta):
863         (JSC::B3::MemoryValue::MemoryValue):
864         (JSC::B3::MemoryValue::accessWidth): Deleted.
865         * b3/B3MemoryValue.h:
866         * b3/B3MemoryValueInlines.h: Added.
867         (JSC::B3::MemoryValue::isLegalOffset):
868         (JSC::B3::MemoryValue::requiresSimpleAddr):
869         (JSC::B3::MemoryValue::accessWidth):
870         * b3/B3MoveConstants.cpp:
871         * b3/B3NativeTraits.h: Added.
872         * b3/B3Opcode.cpp:
873         (JSC::B3::storeOpcode):
874         (WTF::printInternal):
875         * b3/B3Opcode.h:
876         (JSC::B3::isLoad):
877         (JSC::B3::isStore):
878         (JSC::B3::isLoadStore):
879         (JSC::B3::isAtomic):
880         (JSC::B3::isAtomicCAS):
881         (JSC::B3::isAtomicXchg):
882         (JSC::B3::isMemoryAccess):
883         (JSC::B3::signExtendOpcode):
884         * b3/B3Procedure.cpp:
885         (JSC::B3::Procedure::dump):
886         * b3/B3Procedure.h:
887         (JSC::B3::Procedure::hasQuirks):
888         (JSC::B3::Procedure::setHasQuirks):
889         * b3/B3PureCSE.cpp:
890         (JSC::B3::pureCSE):
891         * b3/B3PureCSE.h:
892         * b3/B3ReduceStrength.cpp:
893         * b3/B3Validate.cpp:
894         * b3/B3Value.cpp:
895         (JSC::B3::Value::returnsBool):
896         (JSC::B3::Value::effects):
897         (JSC::B3::Value::key):
898         (JSC::B3::Value::performSubstitution):
899         (JSC::B3::Value::typeFor):
900         * b3/B3Value.h:
901         * b3/B3Width.cpp:
902         (JSC::B3::bestType):
903         * b3/B3Width.h:
904         (JSC::B3::canonicalWidth):
905         (JSC::B3::isCanonicalWidth):
906         (JSC::B3::mask):
907         * b3/air/AirArg.cpp:
908         (JSC::B3::Air::Arg::jsHash):
909         (JSC::B3::Air::Arg::dump):
910         (WTF::printInternal):
911         * b3/air/AirArg.h:
912         (JSC::B3::Air::Arg::isAnyUse):
913         (JSC::B3::Air::Arg::isColdUse):
914         (JSC::B3::Air::Arg::cooled):
915         (JSC::B3::Air::Arg::isEarlyUse):
916         (JSC::B3::Air::Arg::isLateUse):
917         (JSC::B3::Air::Arg::isAnyDef):
918         (JSC::B3::Air::Arg::isEarlyDef):
919         (JSC::B3::Air::Arg::isLateDef):
920         (JSC::B3::Air::Arg::isZDef):
921         (JSC::B3::Air::Arg::simpleAddr):
922         (JSC::B3::Air::Arg::statusCond):
923         (JSC::B3::Air::Arg::isSimpleAddr):
924         (JSC::B3::Air::Arg::isMemory):
925         (JSC::B3::Air::Arg::isStatusCond):
926         (JSC::B3::Air::Arg::isCondition):
927         (JSC::B3::Air::Arg::ptr):
928         (JSC::B3::Air::Arg::base):
929         (JSC::B3::Air::Arg::isGP):
930         (JSC::B3::Air::Arg::isFP):
931         (JSC::B3::Air::Arg::isValidForm):
932         (JSC::B3::Air::Arg::forEachTmpFast):
933         (JSC::B3::Air::Arg::forEachTmp):
934         (JSC::B3::Air::Arg::asAddress):
935         (JSC::B3::Air::Arg::asStatusCondition):
936         (JSC::B3::Air::Arg::isInvertible):
937         (JSC::B3::Air::Arg::inverted):
938         * b3/air/AirBasicBlock.cpp:
939         (JSC::B3::Air::BasicBlock::setSuccessors):
940         * b3/air/AirBasicBlock.h:
941         * b3/air/AirBlockInsertionSet.cpp: Added.
942         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
943         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
944         * b3/air/AirBlockInsertionSet.h: Added.
945         * b3/air/AirDumpAsJS.cpp: Removed.
946         * b3/air/AirDumpAsJS.h: Removed.
947         * b3/air/AirEliminateDeadCode.cpp:
948         (JSC::B3::Air::eliminateDeadCode):
949         * b3/air/AirGenerate.cpp:
950         (JSC::B3::Air::prepareForGeneration):
951         * b3/air/AirInstInlines.h:
952         (JSC::B3::Air::isAtomicStrongCASValid):
953         (JSC::B3::Air::isBranchAtomicStrongCASValid):
954         (JSC::B3::Air::isAtomicStrongCAS8Valid):
955         (JSC::B3::Air::isAtomicStrongCAS16Valid):
956         (JSC::B3::Air::isAtomicStrongCAS32Valid):
957         (JSC::B3::Air::isAtomicStrongCAS64Valid):
958         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
959         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
960         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
961         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
962         * b3/air/AirOpcode.opcodes:
963         * b3/air/AirOptimizeBlockOrder.cpp:
964         (JSC::B3::Air::optimizeBlockOrder):
965         * b3/air/AirPadInterference.cpp:
966         (JSC::B3::Air::padInterference):
967         * b3/air/AirSpillEverything.cpp:
968         (JSC::B3::Air::spillEverything):
969         * b3/air/opcode_generator.rb:
970         * b3/testb3.cpp:
971         (JSC::B3::testLoadAcq42):
972         (JSC::B3::testStoreRelAddLoadAcq32):
973         (JSC::B3::testStoreRelAddLoadAcq8):
974         (JSC::B3::testStoreRelAddFenceLoadAcq8):
975         (JSC::B3::testStoreRelAddLoadAcq16):
976         (JSC::B3::testStoreRelAddLoadAcq64):
977         (JSC::B3::testTrappingStoreElimination):
978         (JSC::B3::testX86LeaAddAdd):
979         (JSC::B3::testX86LeaAddShlLeftScale1):
980         (JSC::B3::testAtomicWeakCAS):
981         (JSC::B3::testAtomicStrongCAS):
982         (JSC::B3::testAtomicXchg):
983         (JSC::B3::testDepend32):
984         (JSC::B3::testDepend64):
985         (JSC::B3::run):
986         * runtime/Options.h:
987
988 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
989
990         Unreviewed typo fixes after r213652.
991         https://bugs.webkit.org/show_bug.cgi?id=168920
992
993         * assembler/MacroAssemblerARM.h:
994         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
995         * assembler/MacroAssemblerMIPS.h:
996         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
997
998 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
999
1000         Unreviewed ARM buildfix after r213652.
1001         https://bugs.webkit.org/show_bug.cgi?id=168920
1002
1003         r213652 used replaceWithBrk and replaceWithBkpt names for the same
1004         function, which was inconsistent and caused build error in ARMAssembler.
1005
1006         * assembler/ARM64Assembler.h:
1007         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
1008         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
1009         * assembler/ARMAssembler.h:
1010         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
1011         (JSC::ARMAssembler::replaceWithBrk): Deleted.
1012         * assembler/MacroAssemblerARM64.h:
1013         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1014
1015 2017-03-10  Alex Christensen  <achristensen@webkit.org>
1016
1017         Win64 build fix.
1018
1019         * b3/B3FenceValue.h:
1020         * b3/B3Value.h:
1021         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
1022         doesn't accomplish anything except making Visual Studio mad.
1023         * b3/air/opcode_generator.rb:
1024         winnt.h has naming collisions with enum values from AirOpcode.h.
1025         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
1026         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
1027         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
1028         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
1029
1030 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
1031
1032         Unreviewed, rolling out r213695.
1033
1034         This change broke the Windows build.
1035
1036         Reverted changeset:
1037
1038         "Implement a StackTrace utility object that can capture stack
1039         traces for debugging."
1040         https://bugs.webkit.org/show_bug.cgi?id=169454
1041         http://trac.webkit.org/changeset/213695
1042
1043 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
1044
1045         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
1046         https://bugs.webkit.org/show_bug.cgi?id=167962
1047
1048         Reviewed by Keith Miller.
1049
1050         Object Rest/Spread Destructing proposal is in stage 3[1] and this
1051         Patch is a prototype implementation of it. A simple change over the
1052         parser was necessary to support the new '...' token on Object Pattern
1053         destruction rule. In the bytecode generator side, We changed the
1054         bytecode generated on ObjectPatternNode::bindValue to store in an
1055         array identifiers of already destructed properties, following spec draft
1056         section[2], and then pass it as excludedNames to CopyDataProperties.
1057         The rest destruction the calls copyDataProperties to perform the
1058         copy of rest properties in rhs.
1059
1060         We also implemented CopyDataProperties as private JS global operation
1061         on builtins/GlobalOperations.js following it's specification on [3].
1062         It is implemented using Set object to verify if a property is on
1063         excludedNames to keep this algorithm with O(n + m) complexity, where n
1064         = number of source's own properties and m = excludedNames.length. 
1065
1066         As a requirement to use JSSets as constants, a change in
1067         CodeBlock::create API was necessary, because JSSet creation can throws OOM
1068         exception. Now, CodeBlock::finishCreation returns ```false``` if an
1069         execption is throwed by
1070         CodeBlock::setConstantIdentifierSetRegisters and then we return
1071         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
1072         check if CodeBlock was constructed properly and then, throw OOM
1073         exception to the correct scope.
1074
1075         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
1076         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
1077         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
1078
1079         * builtins/BuiltinNames.h:
1080         * builtins/GlobalOperations.js:
1081         (globalPrivate.copyDataProperties):
1082         * bytecode/CodeBlock.cpp:
1083         (JSC::CodeBlock::finishCreation):
1084         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
1085         * bytecode/CodeBlock.h:
1086         * bytecode/EvalCodeBlock.h:
1087         (JSC::EvalCodeBlock::create):
1088         * bytecode/FunctionCodeBlock.h:
1089         (JSC::FunctionCodeBlock::create):
1090         * bytecode/ModuleProgramCodeBlock.h:
1091         (JSC::ModuleProgramCodeBlock::create):
1092         * bytecode/ProgramCodeBlock.h:
1093         (JSC::ProgramCodeBlock::create):
1094         * bytecode/UnlinkedCodeBlock.h:
1095         (JSC::UnlinkedCodeBlock::addSetConstant):
1096         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
1097         * bytecompiler/BytecodeGenerator.cpp:
1098         (JSC::BytecodeGenerator::emitLoad):
1099         * bytecompiler/BytecodeGenerator.h:
1100         * bytecompiler/NodesCodegen.cpp:
1101         (JSC::ObjectPatternNode::bindValue):
1102         * parser/ASTBuilder.h:
1103         (JSC::ASTBuilder::appendObjectPatternEntry):
1104         (JSC::ASTBuilder::appendObjectPatternRestEntry):
1105         (JSC::ASTBuilder::setContainsObjectRestElement):
1106         * parser/Nodes.h:
1107         (JSC::ObjectPatternNode::appendEntry):
1108         (JSC::ObjectPatternNode::setContainsRestElement):
1109         * parser/Parser.cpp:
1110         (JSC::Parser<LexerType>::parseDestructuringPattern):
1111         (JSC::Parser<LexerType>::parseProperty):
1112         * parser/SyntaxChecker.h:
1113         (JSC::SyntaxChecker::operatorStackPop):
1114         * runtime/JSGlobalObject.cpp:
1115         (JSC::JSGlobalObject::init):
1116         * runtime/JSGlobalObjectFunctions.cpp:
1117         (JSC::privateToObject):
1118         * runtime/JSGlobalObjectFunctions.h:
1119         * runtime/ScriptExecutable.cpp:
1120         (JSC::ScriptExecutable::newCodeBlockFor):
1121
1122 2017-03-09  Mark Lam  <mark.lam@apple.com>
1123
1124         Implement a StackTrace utility object that can capture stack traces for debugging.
1125         https://bugs.webkit.org/show_bug.cgi?id=169454
1126
1127         Reviewed by Michael Saboff.
1128
1129         The underlying implementation is hoisted right out of Assertions.cpp from the
1130         implementations of WTFPrintBacktrace().
1131
1132         The reason we need this StackTrace object is because during heap debugging, we
1133         sometimes want to capture the stack trace that allocated the objects of interest.
1134         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
1135         perturb the execution profile sufficiently that an issue may not reproduce,
1136         while alternatively, just capturing the stack trace and deferring printing it
1137         till we actually need it later perturbs the execution profile less.
1138
1139         In addition, just capturing the stack traces (instead of printing them
1140         immediately at each capture site) allows us to avoid polluting stdout with tons
1141         of stack traces that may be irrelevant.
1142
1143         For now, we only capture the native stack trace.  We'll leave capturing and
1144         integrating the JS stack trace as an exercise for the future if we need it then.
1145
1146         Here's an example of how to use this StackTrace utility:
1147
1148             // Capture a stack trace of the top 10 frames.
1149             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
1150             // Print the trace.
1151             dataLog(*trace);
1152
1153         * CMakeLists.txt:
1154         * JavaScriptCore.xcodeproj/project.pbxproj:
1155         * tools/StackTrace.cpp: Added.
1156         (JSC::StackTrace::instanceSize):
1157         (JSC::StackTrace::captureStackTrace):
1158         (JSC::StackTrace::dump):
1159         * tools/StackTrace.h: Added.
1160         (JSC::StackTrace::StackTrace):
1161         (JSC::StackTrace::size):
1162
1163 2017-03-09  Keith Miller  <keith_miller@apple.com>
1164
1165         WebAssembly: Enable fast memory for WK2
1166         https://bugs.webkit.org/show_bug.cgi?id=169437
1167
1168         Reviewed by Tim Horton.
1169
1170         * JavaScriptCore.xcodeproj/project.pbxproj:
1171
1172 2017-03-09  Matt Baker  <mattbaker@apple.com>
1173
1174         Web Inspector: Add XHR breakpoints UI
1175         https://bugs.webkit.org/show_bug.cgi?id=168763
1176         <rdar://problem/30952439>
1177
1178         Reviewed by Joseph Pecoraro.
1179
1180         * inspector/protocol/DOMDebugger.json:
1181         Added clarifying comments to command descriptions.
1182
1183 2017-03-09  Michael Saboff  <msaboff@apple.com>
1184
1185         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
1186         https://bugs.webkit.org/show_bug.cgi?id=169387
1187
1188         Reviewed by Filip Pizlo.
1189
1190         Added a helper function, processConfigFile(), to process configuration file.
1191         Changed jsc.cpp to use that function in lieu of processing the config file
1192         manually.
1193
1194         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
1195         * jsc.cpp:
1196         (jscmain):
1197         * runtime/ConfigFile.cpp:
1198         (JSC::processConfigFile):
1199         * runtime/ConfigFile.h:
1200
1201 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
1202
1203         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
1204         https://bugs.webkit.org/show_bug.cgi?id=29687
1205         <rdar://problem/19281586>
1206
1207         Reviewed by Matt Baker and Brian Burg.
1208
1209         * inspector/protocol/Network.json:
1210         Add metrics object with optional properties to loadingFinished event.
1211
1212 2017-03-09  Youenn Fablet  <youenn@apple.com>
1213
1214         Minimal build is broken
1215         https://bugs.webkit.org/show_bug.cgi?id=169416
1216
1217         Reviewed by Chris Dumez.
1218
1219         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
1220         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
1221
1222         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
1223         (generate_members):
1224         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
1225         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
1226         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
1227
1228 2017-03-09  Daniel Bates  <dabates@apple.com>
1229
1230         Guard Credential Management implementation behind a runtime enabled feature flag
1231         https://bugs.webkit.org/show_bug.cgi?id=169364
1232         <rdar://problem/30957425>
1233
1234         Reviewed by Brent Fulgham.
1235
1236         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
1237         needed to guard these interfaces behind a runtime enabled feature flag.
1238
1239         * runtime/CommonIdentifiers.h:
1240
1241 2017-03-09  Mark Lam  <mark.lam@apple.com>
1242
1243         Refactoring some HeapVerifier code.
1244         https://bugs.webkit.org/show_bug.cgi?id=169443
1245
1246         Reviewed by Filip Pizlo.
1247
1248         Renamed LiveObjectData to CellProfile.
1249         Renamed LiveObjectList to CellList.
1250         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
1251         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
1252
1253         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
1254
1255         * CMakeLists.txt:
1256         * JavaScriptCore.xcodeproj/project.pbxproj:
1257         * heap/Heap.cpp:
1258         (JSC::Heap::runBeginPhase):
1259         (JSC::Heap::runEndPhase):
1260         * heap/HeapVerifier.cpp: Removed.
1261         * heap/HeapVerifier.h: Removed.
1262         * heap/LiveObjectData.h: Removed.
1263         * heap/LiveObjectList.cpp: Removed.
1264         * heap/LiveObjectList.h: Removed.
1265         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
1266         (JSC::CellList::findCell):
1267         (JSC::LiveObjectList::findObject): Deleted.
1268         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
1269         (JSC::CellList::CellList):
1270         (JSC::CellList::reset):
1271         (JSC::LiveObjectList::LiveObjectList): Deleted.
1272         (JSC::LiveObjectList::reset): Deleted.
1273         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
1274         (JSC::CellProfile::CellProfile):
1275         (JSC::LiveObjectData::LiveObjectData): Deleted.
1276         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
1277         (JSC::GatherCellFunctor::GatherCellFunctor):
1278         (JSC::GatherCellFunctor::visit):
1279         (JSC::GatherCellFunctor::operator()):
1280         (JSC::HeapVerifier::gatherLiveCells):
1281         (JSC::HeapVerifier::cellListForGathering):
1282         (JSC::trimDeadCellsFromList):
1283         (JSC::HeapVerifier::trimDeadCells):
1284         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
1285         (JSC::HeapVerifier::reportCell):
1286         (JSC::HeapVerifier::checkIfRecorded):
1287         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
1288         (JSC::GatherLiveObjFunctor::visit): Deleted.
1289         (JSC::GatherLiveObjFunctor::operator()): Deleted.
1290         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
1291         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
1292         (JSC::trimDeadObjectsFromList): Deleted.
1293         (JSC::HeapVerifier::trimDeadObjects): Deleted.
1294         (JSC::HeapVerifier::reportObject): Deleted.
1295         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
1296
1297 2017-03-09  Anders Carlsson  <andersca@apple.com>
1298
1299         Add delegate support to WebCore
1300         https://bugs.webkit.org/show_bug.cgi?id=169427
1301         Part of rdar://problem/28880714.
1302
1303         Reviewed by Geoffrey Garen.
1304
1305         * Configurations/FeatureDefines.xcconfig:
1306         Add feature define.
1307
1308 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
1309
1310         Web Inspector: Show individual messages in the content pane for a WebSocket
1311         https://bugs.webkit.org/show_bug.cgi?id=169011
1312
1313         Reviewed by Joseph Pecoraro.
1314
1315         Add walltime parameter and correct the description of Timestamp type.
1316
1317         * inspector/protocol/Network.json:
1318
1319 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1320
1321         Unreviewed, fix weak external symbol error.
1322
1323         * heap/SlotVisitor.h:
1324
1325 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1326
1327         std::isnan/isinf should work with WTF time classes
1328         https://bugs.webkit.org/show_bug.cgi?id=164991
1329
1330         Reviewed by Darin Adler.
1331         
1332         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
1333
1334         * runtime/AtomicsObject.cpp:
1335         (JSC::atomicsFuncWait):
1336
1337 2017-03-09  Mark Lam  <mark.lam@apple.com>
1338
1339         Use const AbstractLocker& (instead of const LockHolder&) in more places.
1340         https://bugs.webkit.org/show_bug.cgi?id=169424
1341
1342         Reviewed by Filip Pizlo.
1343
1344         * heap/CodeBlockSet.cpp:
1345         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
1346         * heap/CodeBlockSet.h:
1347         * heap/CodeBlockSetInlines.h:
1348         (JSC::CodeBlockSet::mark):
1349         * heap/ConservativeRoots.cpp:
1350         (JSC::CompositeMarkHook::CompositeMarkHook):
1351         * heap/MachineStackMarker.cpp:
1352         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1353         * heap/MachineStackMarker.h:
1354         * profiler/ProfilerDatabase.cpp:
1355         (JSC::Profiler::Database::ensureBytecodesFor):
1356         * profiler/ProfilerDatabase.h:
1357         * runtime/SamplingProfiler.cpp:
1358         (JSC::FrameWalker::FrameWalker):
1359         (JSC::CFrameWalker::CFrameWalker):
1360         (JSC::SamplingProfiler::createThreadIfNecessary):
1361         (JSC::SamplingProfiler::takeSample):
1362         (JSC::SamplingProfiler::start):
1363         (JSC::SamplingProfiler::pause):
1364         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
1365         (JSC::SamplingProfiler::clearData):
1366         (JSC::SamplingProfiler::releaseStackTraces):
1367         * runtime/SamplingProfiler.h:
1368         (JSC::SamplingProfiler::setStopWatch):
1369         * wasm/WasmMemory.cpp:
1370         (JSC::Wasm::availableFastMemories):
1371         (JSC::Wasm::activeFastMemories):
1372         (JSC::Wasm::viewActiveFastMemories):
1373         * wasm/WasmMemory.h:
1374
1375 2017-03-09  Saam Barati  <sbarati@apple.com>
1376
1377         WebAssembly: Make the Unity AngryBots demo run
1378         https://bugs.webkit.org/show_bug.cgi?id=169268
1379
1380         Reviewed by Keith Miller.
1381
1382         This patch fixes three bugs:
1383         1. The WasmBinding code for making a JS call was off
1384         by 1 in its stack layout code.
1385         2. The WasmBinding code had a "<" comparison instead
1386         of a ">=" comparison. This would cause us to calculate
1387         the wrong frame pointer offset.
1388         3. The code to reload wasm state inside B3IRGenerator didn't
1389         properly represent its effects.
1390
1391         * wasm/WasmB3IRGenerator.cpp:
1392         (JSC::Wasm::restoreWebAssemblyGlobalState):
1393         (JSC::Wasm::parseAndCompile):
1394         * wasm/WasmBinding.cpp:
1395         (JSC::Wasm::wasmToJs):
1396         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1397         (JSC::WebAssemblyInstanceConstructor::createInstance):
1398
1399 2017-03-09  Mark Lam  <mark.lam@apple.com>
1400
1401         Make the VM Traps mechanism non-polling for the DFG and FTL.
1402         https://bugs.webkit.org/show_bug.cgi?id=168920
1403         <rdar://problem/30738588>
1404
1405         Reviewed by Filip Pizlo.
1406
1407         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
1408            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
1409         2. Added assembler functions for overwriting an instruction with a breakpoint.
1410         3. Added a new JettisonDueToVMTraps jettison reason.
1411         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
1412            invalidation points with breakpoint instructions.
1413         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
1414         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
1415            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
1416            Options::usePollingTraps() to always be true.  This makes the VMTraps
1417            implementation fall back to using polling based traps only.
1418
1419         7. Make VMTraps support signal based traps.
1420
1421         Some design and implementation details of signal based VM traps:
1422
1423         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
1424
1425         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
1426           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
1427           we want to trap, and check for the occurence of one of the following events:
1428
1429           a. VMTraps::handleTraps() has been called for the requested trap, or
1430
1431           b. the VM is inactive and is no longer executing any JS code.  We determine
1432              this to be the case if the thread no longer owns the JSLock and the VM's
1433              entryScope is null.
1434
1435              Note: the thread can relinquish the JSLock while the VM's entryScope is not
1436              null.  This happens when the thread calls JSLock::dropAllLocks() before
1437              calling a host function that may block on IO (or whatever).  For our purpose,
1438              this counts as the VM still running JS code, and VM::fireTrap() will still
1439              be waiting.
1440
1441           If the SignalSender does not see either of these events, it will sleep for a
1442           while and then re-send SIGUSR1 and check for the events again.  When it sees
1443           one of these events, it will consider the mutator to have received the trap
1444           request.
1445
1446         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1447           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1448           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1449           safe to jettison the codeBlock.
1450
1451           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1452           insert the breakpoint instructions itself.  This is because we need the
1453           register state of the the mutator thread (that we want to trap in) in order to
1454           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1455           we don't have a generic way for the requester thread to get the register state
1456           of another thread.
1457
1458         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1459           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1460           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1461           baseline JIT code will eventually reach an op_check_traps and call
1462           VMTraps::handleTraps().
1463
1464           If the handler is not trapping at an invalidation point, then it must be
1465           observing an assertion failure (which also uses the breakpoint instruction).
1466           In this case, the handler will defer to the default SIGTRAP handler and crash.
1467
1468         - The reason we need the SignalSender is because SignalSender::send() is called
1469           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1470           send() needs to make use of the VM pointer, and it is not guaranteed that the
1471           VM will outlive the thread.  SignalSender provides the mechanism by which we
1472           can nullify the VM pointer when the VM dies so that the thread does not
1473           continue to use it.
1474
1475         * assembler/ARM64Assembler.h:
1476         (JSC::ARM64Assembler::replaceWithBrk):
1477         * assembler/ARMAssembler.h:
1478         (JSC::ARMAssembler::replaceWithBrk):
1479         * assembler/ARMv7Assembler.h:
1480         (JSC::ARMv7Assembler::replaceWithBkpt):
1481         * assembler/MIPSAssembler.h:
1482         (JSC::MIPSAssembler::replaceWithBkpt):
1483         * assembler/MacroAssemblerARM.h:
1484         (JSC::MacroAssemblerARM::replaceWithJump):
1485         * assembler/MacroAssemblerARM64.h:
1486         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1487         * assembler/MacroAssemblerARMv7.h:
1488         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1489         * assembler/MacroAssemblerMIPS.h:
1490         (JSC::MacroAssemblerMIPS::replaceWithJump):
1491         * assembler/MacroAssemblerX86Common.h:
1492         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1493         * assembler/X86Assembler.h:
1494         (JSC::X86Assembler::replaceWithInt3):
1495         * bytecode/CodeBlock.cpp:
1496         (JSC::CodeBlock::jettison):
1497         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1498         (JSC::CodeBlock::installVMTrapBreakpoints):
1499         * bytecode/CodeBlock.h:
1500         * bytecompiler/BytecodeGenerator.cpp:
1501         (JSC::BytecodeGenerator::emitCheckTraps):
1502         * dfg/DFGCommonData.cpp:
1503         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1504         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1505         * dfg/DFGCommonData.h:
1506         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1507         * dfg/DFGJumpReplacement.cpp:
1508         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1509         * dfg/DFGJumpReplacement.h:
1510         (JSC::DFG::JumpReplacement::dataLocation):
1511         * dfg/DFGNodeType.h:
1512         * heap/CodeBlockSet.cpp:
1513         (JSC::CodeBlockSet::contains):
1514         * heap/CodeBlockSet.h:
1515         * heap/CodeBlockSetInlines.h:
1516         (JSC::CodeBlockSet::iterate):
1517         * heap/Heap.cpp:
1518         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1519         * heap/Heap.h:
1520         * heap/HeapInlines.h:
1521         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1522         * heap/MachineStackMarker.h:
1523         (JSC::MachineThreads::threadsListHead):
1524         * jit/ExecutableAllocator.cpp:
1525         (JSC::ExecutableAllocator::isValidExecutableMemory):
1526         * jit/ExecutableAllocator.h:
1527         * profiler/ProfilerJettisonReason.cpp:
1528         (WTF::printInternal):
1529         * profiler/ProfilerJettisonReason.h:
1530         * runtime/JSLock.cpp:
1531         (JSC::JSLock::didAcquireLock):
1532         * runtime/Options.cpp:
1533         (JSC::overrideDefaults):
1534         * runtime/Options.h:
1535         * runtime/PlatformThread.h:
1536         (JSC::platformThreadSignal):
1537         * runtime/VM.cpp:
1538         (JSC::VM::~VM):
1539         (JSC::VM::ensureWatchdog):
1540         (JSC::VM::handleTraps): Deleted.
1541         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1542         * runtime/VM.h:
1543         (JSC::VM::ownerThread):
1544         (JSC::VM::traps):
1545         (JSC::VM::handleTraps):
1546         (JSC::VM::needTrapHandling):
1547         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1548         * runtime/VMTraps.cpp:
1549         (JSC::VMTraps::vm):
1550         (JSC::SignalContext::SignalContext):
1551         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1552         (JSC::vmIsInactive):
1553         (JSC::findActiveVMAndStackBounds):
1554         (JSC::handleSigusr1):
1555         (JSC::handleSigtrap):
1556         (JSC::installSignalHandlers):
1557         (JSC::sanitizedTopCallFrame):
1558         (JSC::isSaneFrame):
1559         (JSC::VMTraps::tryInstallTrapBreakpoints):
1560         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1561         (JSC::VMTraps::VMTraps):
1562         (JSC::VMTraps::willDestroyVM):
1563         (JSC::VMTraps::addSignalSender):
1564         (JSC::VMTraps::removeSignalSender):
1565         (JSC::VMTraps::SignalSender::willDestroyVM):
1566         (JSC::VMTraps::SignalSender::send):
1567         (JSC::VMTraps::fireTrap):
1568         (JSC::VMTraps::handleTraps):
1569         * runtime/VMTraps.h:
1570         (JSC::VMTraps::~VMTraps):
1571         (JSC::VMTraps::needTrapHandling):
1572         (JSC::VMTraps::notifyGrabAllLocks):
1573         (JSC::VMTraps::SignalSender::SignalSender):
1574         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1575         * tools/VMInspector.cpp:
1576         * tools/VMInspector.h:
1577         (JSC::VMInspector::getLock):
1578         (JSC::VMInspector::iterate):
1579
1580 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1581
1582         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1583         https://bugs.webkit.org/show_bug.cgi?id=169215
1584
1585         Reviewed by Mark Lam.
1586         
1587         This doesn't have a test because it would be a very complicated test.
1588
1589         * runtime/JSObject.h:
1590         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1591
1592 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1593
1594         WTF should make it super easy to do ARM concurrency tricks
1595         https://bugs.webkit.org/show_bug.cgi?id=169300
1596
1597         Reviewed by Mark Lam.
1598         
1599         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1600         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1601         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1602         machine code, I found other opportunities for improvement, like inlining the "am I
1603         marked" part of the marking functions.
1604
1605         * heap/Heap.cpp:
1606         (JSC::Heap::setGCDidJIT):
1607         * heap/HeapInlines.h:
1608         (JSC::Heap::testAndSetMarked):
1609         * heap/LargeAllocation.h:
1610         (JSC::LargeAllocation::isMarked):
1611         (JSC::LargeAllocation::isMarkedConcurrently):
1612         (JSC::LargeAllocation::aboutToMark):
1613         (JSC::LargeAllocation::testAndSetMarked):
1614         * heap/MarkedBlock.h:
1615         (JSC::MarkedBlock::areMarksStaleWithDependency):
1616         (JSC::MarkedBlock::aboutToMark):
1617         (JSC::MarkedBlock::isMarkedConcurrently):
1618         (JSC::MarkedBlock::isMarked):
1619         (JSC::MarkedBlock::testAndSetMarked):
1620         * heap/SlotVisitor.cpp:
1621         (JSC::SlotVisitor::appendSlow):
1622         (JSC::SlotVisitor::appendHiddenSlow):
1623         (JSC::SlotVisitor::appendHiddenSlowImpl):
1624         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1625         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1626         (JSC::SlotVisitor::appendHidden): Deleted.
1627         * heap/SlotVisitor.h:
1628         * heap/SlotVisitorInlines.h:
1629         (JSC::SlotVisitor::appendUnbarriered):
1630         (JSC::SlotVisitor::appendHidden):
1631         (JSC::SlotVisitor::append):
1632         (JSC::SlotVisitor::appendValues):
1633         (JSC::SlotVisitor::appendValuesHidden):
1634         * runtime/CustomGetterSetter.cpp:
1635         * runtime/JSObject.cpp:
1636         (JSC::JSObject::visitButterflyImpl):
1637         * runtime/JSObject.h:
1638
1639 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1640
1641         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1642         https://bugs.webkit.org/show_bug.cgi?id=160124
1643
1644         Reviewed by Mark Lam.
1645
1646         When performing CallVarargs, we will copy values to the stack.
1647         Before actually copying values, we need to adjust the stackPointerRegister
1648         to ensure copied values are in the allocated stack area.
1649         If we do not that, OS can break the values that is stored beyond the stack
1650         pointer. For example, signal stack can be constructed on these area, and
1651         breaks values.
1652
1653         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1654         in Linux port. Since Linux ports use signal to suspend and resume threads,
1655         signal handler is frequently called when enabling sampling profiler. Thus this
1656         crash occurs.
1657
1658         * dfg/DFGSpeculativeJIT32_64.cpp:
1659         (JSC::DFG::SpeculativeJIT::emitCall):
1660         * dfg/DFGSpeculativeJIT64.cpp:
1661         (JSC::DFG::SpeculativeJIT::emitCall):
1662         * ftl/FTLLowerDFGToB3.cpp:
1663         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1664         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1665         * jit/SetupVarargsFrame.cpp:
1666         (JSC::emitSetupVarargsFrameFastCase):
1667         * jit/SetupVarargsFrame.h:
1668
1669 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
1670
1671         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
1672         https://bugs.webkit.org/show_bug.cgi?id=164892
1673         <rdar://problem/29320562>
1674
1675         Reviewed by Brian Burg.
1676
1677         * inspector/protocol/Network.json:
1678         Replace "fromDiskCache" property with "source" property which includes
1679         more complete information about the source of this response (network,
1680         memory cache, disk cache, or unknown).
1681
1682         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1683         (_generate_class_for_object_declaration):
1684         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1685         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1686         * inspector/scripts/codegen/generator.py:
1687         (Generator):
1688         (Generator.open_fields):
1689         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
1690         enum and open accessor string symbol that would have the same name, only generate
1691         a specific list of open accessor strings. This reduces the list of exported
1692         symbols from all properties to just the ones that are needed. This can be
1693         cleaned up later if needed.
1694
1695         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
1696         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
1697         Test for open accessors generation.
1698
1699 2017-03-08  Keith Miller  <keith_miller@apple.com>
1700
1701         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
1702         https://bugs.webkit.org/show_bug.cgi?id=169290
1703
1704         Reviewed by Saam Barati.
1705
1706         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
1707         of some wasm fast memory.
1708
1709         * wasm/WasmFaultSignalHandler.cpp:
1710         (JSC::Wasm::trapHandler):
1711         (JSC::Wasm::enableFastMemory):
1712         * wasm/WasmMemory.cpp:
1713         (JSC::Wasm::activeFastMemories):
1714         (JSC::Wasm::viewActiveFastMemories):
1715         (JSC::Wasm::tryGetFastMemory):
1716         (JSC::Wasm::releaseFastMemory):
1717         * wasm/WasmMemory.h:
1718
1719 2017-03-07  Dean Jackson  <dino@apple.com>
1720
1721         Some platforms won't be able to create a GPUDevice
1722         https://bugs.webkit.org/show_bug.cgi?id=169314
1723         <rdar://problems/30907521>
1724
1725         Reviewed by Jon Lee.
1726
1727         Disable WEB_GPU on the iOS Simulator.
1728
1729         * Configurations/FeatureDefines.xcconfig:
1730
1731 2017-03-06  Saam Barati  <sbarati@apple.com>
1732
1733         WebAssembly: Implement the WebAssembly.instantiate API
1734         https://bugs.webkit.org/show_bug.cgi?id=165982
1735         <rdar://problem/29760110>
1736
1737         Reviewed by Keith Miller.
1738
1739         This patch is a straight forward implementation of the WebAssembly.instantiate
1740         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
1741         
1742         I implemented the API in a synchronous manner. We should make it
1743         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
1744
1745         * wasm/JSWebAssembly.cpp:
1746         (JSC::webAssemblyCompileFunc):
1747         (JSC::webAssemblyInstantiateFunc):
1748         (JSC::JSWebAssembly::finishCreation):
1749         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1750         (JSC::constructJSWebAssemblyInstance):
1751         (JSC::WebAssemblyInstanceConstructor::createInstance):
1752         * wasm/js/WebAssemblyInstanceConstructor.h:
1753         * wasm/js/WebAssemblyModuleConstructor.cpp:
1754         (JSC::constructJSWebAssemblyModule):
1755         (JSC::WebAssemblyModuleConstructor::createModule):
1756         * wasm/js/WebAssemblyModuleConstructor.h:
1757
1758 2017-03-06  Michael Saboff  <msaboff@apple.com>
1759
1760         Take advantage of fast permissions switching of JIT memory for devices that support it
1761         https://bugs.webkit.org/show_bug.cgi?id=169155
1762
1763         Reviewed by Saam Barati.
1764
1765         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
1766         control access to JIT memory.
1767
1768         Had to update the Xcode config files to handle various build variations of
1769         public and internal SDKs.
1770
1771         * Configurations/Base.xcconfig:
1772         * Configurations/FeatureDefines.xcconfig:
1773         * jit/ExecutableAllocator.cpp:
1774         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1775         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1776         * jit/ExecutableAllocator.h:
1777         (JSC::performJITMemcpy):
1778
1779 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
1780
1781         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
1782         https://bugs.webkit.org/show_bug.cgi?id=168502
1783
1784         Reviewed by Filip Pizlo.
1785
1786         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
1787
1788 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
1789
1790         op_get_by_id_with_this should use inline caching
1791         https://bugs.webkit.org/show_bug.cgi?id=162124
1792
1793         Reviewed by Saam Barati.
1794
1795         This patch is enabling inline cache for op_get_by_id_with_this in all
1796         tiers. It means that operations using ```super.member``` are going to
1797         be able to be optimized by PIC. To enable it, we introduced a new
1798         member of StructureStubInfo.patch named thisGPR, created a new class
1799         to manage the IC named JITGetByIdWithThisGenerator and changed
1800         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
1801         to decide the correct this value on inline caches.
1802         With inline cached enabled, ```super.member``` are ~4.5x faster,
1803         according microbenchmarks.
1804
1805         * bytecode/AccessCase.cpp:
1806         (JSC::AccessCase::generateImpl):
1807         * bytecode/PolymorphicAccess.cpp:
1808         (JSC::PolymorphicAccess::regenerate):
1809         * bytecode/PolymorphicAccess.h:
1810         * bytecode/StructureStubInfo.cpp:
1811         (JSC::StructureStubInfo::reset):
1812         * bytecode/StructureStubInfo.h:
1813         * dfg/DFGFixupPhase.cpp:
1814         (JSC::DFG::FixupPhase::fixupNode):
1815         * dfg/DFGJITCompiler.cpp:
1816         (JSC::DFG::JITCompiler::link):
1817         * dfg/DFGJITCompiler.h:
1818         (JSC::DFG::JITCompiler::addGetByIdWithThis):
1819         * dfg/DFGSpeculativeJIT.cpp:
1820         (JSC::DFG::SpeculativeJIT::compileIn):
1821         * dfg/DFGSpeculativeJIT.h:
1822         (JSC::DFG::SpeculativeJIT::callOperation):
1823         * dfg/DFGSpeculativeJIT32_64.cpp:
1824         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1825         (JSC::DFG::SpeculativeJIT::compile):
1826         * dfg/DFGSpeculativeJIT64.cpp:
1827         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1828         (JSC::DFG::SpeculativeJIT::compile):
1829         * ftl/FTLLowerDFGToB3.cpp:
1830         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
1831         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
1832         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
1833         * jit/CCallHelpers.h:
1834         (JSC::CCallHelpers::setupArgumentsWithExecState):
1835         * jit/ICStats.h:
1836         * jit/JIT.cpp:
1837         (JSC::JIT::JIT):
1838         (JSC::JIT::privateCompileSlowCases):
1839         (JSC::JIT::link):
1840         * jit/JIT.h:
1841         * jit/JITInlineCacheGenerator.cpp:
1842         (JSC::JITByIdGenerator::JITByIdGenerator):
1843         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1844         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
1845         * jit/JITInlineCacheGenerator.h:
1846         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1847         * jit/JITInlines.h:
1848         (JSC::JIT::callOperation):
1849         * jit/JITOperations.cpp:
1850         * jit/JITOperations.h:
1851         * jit/JITPropertyAccess.cpp:
1852         (JSC::JIT::emit_op_get_by_id_with_this):
1853         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1854         * jit/JITPropertyAccess32_64.cpp:
1855         (JSC::JIT::emit_op_get_by_id_with_this):
1856         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1857         * jit/Repatch.cpp:
1858         (JSC::appropriateOptimizingGetByIdFunction):
1859         (JSC::appropriateGenericGetByIdFunction):
1860         (JSC::tryCacheGetByID):
1861         * jit/Repatch.h:
1862         * jsc.cpp:
1863         (WTF::CustomGetter::getOwnPropertySlot):
1864         (WTF::CustomGetter::customGetterAcessor):
1865
1866 2017-03-06  Saam Barati  <sbarati@apple.com>
1867
1868         WebAssembly: implement init_expr for Element
1869         https://bugs.webkit.org/show_bug.cgi?id=165888
1870         <rdar://problem/29760199>
1871
1872         Reviewed by Keith Miller.
1873
1874         This patch fixes a few bugs. The main change is allowing init_expr
1875         for the Element's offset. To do this, I had to fix a couple of
1876         other bugs:
1877         
1878         - I removed our invalid early module-parse-time invalidation
1879         of out of bound Element sections. This is not in the spec because
1880         it can't be validated in the general case when the offset is a
1881         get_global.
1882         
1883         - Our get_global validation inside our init_expr parsing code was simply wrong.
1884         It thought that the index operand to get_global went into the pool of imports,
1885         but it does not. It indexes into the pool of globals. I changed the code to
1886         refer to the global pool instead.
1887
1888         * wasm/WasmFormat.h:
1889         (JSC::Wasm::Element::Element):
1890         * wasm/WasmModuleParser.cpp:
1891         * wasm/js/WebAssemblyModuleRecord.cpp:
1892         (JSC::WebAssemblyModuleRecord::evaluate):
1893
1894 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1895
1896         [JSC] Allow indexed module namespace object fields
1897         https://bugs.webkit.org/show_bug.cgi?id=168870
1898
1899         Reviewed by Saam Barati.
1900
1901         While JS modules cannot expose any indexed bindings,
1902         Wasm modules can expose them. However, module namespace
1903         object currently does not support indexed properties.
1904         This patch allows module namespace objects to offer
1905         indexed binding accesses.
1906
1907         * runtime/JSModuleNamespaceObject.cpp:
1908         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
1909         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1910         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
1911         * runtime/JSModuleNamespaceObject.h:
1912
1913 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1914
1915         Null pointer crash when loading module with unresolved import also as a script file
1916         https://bugs.webkit.org/show_bug.cgi?id=168971
1917
1918         Reviewed by Saam Barati.
1919
1920         If linking throws an error, this error should be re-thrown
1921         when requesting the same module.
1922
1923         * builtins/ModuleLoaderPrototype.js:
1924         (globalPrivate.newRegistryEntry):
1925         * runtime/JSModuleRecord.cpp:
1926         (JSC::JSModuleRecord::link):
1927
1928 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1929
1930         [GTK][JSCOnly] Enable WebAssembly on Linux environment
1931         https://bugs.webkit.org/show_bug.cgi?id=164032
1932
1933         Reviewed by Michael Catanzaro.
1934
1935         This patch enables WebAssembly on JSCOnly and GTK ports.
1936         Basically, almost all the WASM code is portable to Linux.
1937         One platform-dependent part is faster memory load using SIGBUS
1938         signal handler. This patch ports this part to Linux.
1939
1940         * CMakeLists.txt:
1941         * llint/LLIntSlowPaths.cpp:
1942         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1943         * wasm/WasmFaultSignalHandler.cpp:
1944         (JSC::Wasm::trapHandler):
1945         (JSC::Wasm::enableFastMemory):
1946
1947 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
1948
1949         Currency digits calculation in Intl.NumberFormat should call out to ICU
1950         https://bugs.webkit.org/show_bug.cgi?id=169182
1951
1952         Reviewed by Yusuke Suzuki.
1953
1954         * runtime/IntlNumberFormat.cpp:
1955         (JSC::computeCurrencyDigits):
1956         (JSC::computeCurrencySortKey): Deleted.
1957         (JSC::extractCurrencySortKey): Deleted.
1958
1959 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
1960
1961         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
1962         https://bugs.webkit.org/show_bug.cgi?id=168869
1963
1964         Reviewed by Keith Miller.
1965
1966         * b3/B3Width.h:
1967         * wasm/WasmSections.h:
1968
1969 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
1970
1971         [ARM] Unreviewed buildfix after r213376.
1972
1973         * assembler/ARMAssembler.h:
1974         (JSC::ARMAssembler::isBkpt): Typo fixed.
1975
1976 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1977
1978         [JSC] build fix after r213399
1979         https://bugs.webkit.org/show_bug.cgi?id=169154
1980
1981         Unreviewed.
1982
1983         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
1984
1985 2017-03-03  Dean Jackson  <dino@apple.com>
1986
1987         Add WebGPU compile flag and experimental feature flag
1988         https://bugs.webkit.org/show_bug.cgi?id=169161
1989         <rdar://problem/30846689>
1990
1991         Reviewed by Tim Horton.
1992
1993         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
1994         and an InternalSetting.
1995
1996         * Configurations/FeatureDefines.xcconfig:
1997
1998 2017-03-03  Michael Saboff  <msaboff@apple.com>
1999
2000         Add support for relative pathnames to JSC config files
2001         https://bugs.webkit.org/show_bug.cgi?id=169154
2002
2003         Reviewed by Saam Barati.
2004
2005         If the config file is a relative path, prepend the current working directory.
2006         After canonicalizing the config file path, we extract its directory path and
2007         use that for the directory for a relative log pathname.
2008
2009         * runtime/ConfigFile.cpp:
2010         (JSC::ConfigFile::ConfigFile):
2011         (JSC::ConfigFile::parse):
2012         (JSC::ConfigFile::canonicalizePaths):
2013         * runtime/ConfigFile.h:
2014
2015 2017-03-03  Michael Saboff  <msaboff@apple.com>
2016
2017         Add load / store exclusive instruction group to ARM64 disassembler
2018         https://bugs.webkit.org/show_bug.cgi?id=169152
2019
2020         Reviewed by Filip Pizlo.
2021
2022         * disassembler/ARM64/A64DOpcode.cpp:
2023         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
2024         * disassembler/ARM64/A64DOpcode.h:
2025         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
2026         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
2027         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
2028         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
2029         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
2030         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
2031         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
2032         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
2033         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
2034
2035 2017-03-03  Keith Miller  <keith_miller@apple.com>
2036
2037         WASM should support faster loads.
2038         https://bugs.webkit.org/show_bug.cgi?id=162693
2039
2040         Reviewed by Saam Barati.
2041
2042         This patch adds support for WebAssembly using a 32-bit address
2043         space for memory (along with some extra space for offset
2044         overflow). With a 32-bit address space (we call them
2045         Signaling/fast memories), we reserve the virtual address space for
2046         2^32 + offset bytes of memory and only mark the usable section as
2047         read/write. If wasm code would read/write out of bounds we use a
2048         custom signal handler to catch the SIGBUS. The signal handler then
2049         checks if the faulting instruction is wasm code and tells the
2050         thread to resume executing from the wasm exception
2051         handler. Otherwise, the signal handler crashes the process, as
2052         usual.
2053
2054         All of the allocations of these memories are managed by the
2055         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
2056         old Signaling memories that are no longer in use. Since getting
2057         the wrong memory can cause recompiles, we try to reserve a memory
2058         for modules that do not import a memory. If a module does import a
2059         memory, we try to guess the type of memory we are going to get
2060         based on the last one allocated.
2061
2062         This patch also changes how the wasm JS-api manages objects. Since
2063         we can compile different versions of code, this patch adds a new
2064         JSWebAssemblyCodeBlock class that holds all the information
2065         specific to running a module in a particular bounds checking
2066         mode. Additionally, the Wasm::Memory object is now a reference
2067         counted class that is shared between the JSWebAssemblyMemory
2068         object and the ArrayBuffer that also views it.
2069
2070         * JavaScriptCore.xcodeproj/project.pbxproj:
2071         * jit/JITThunks.cpp:
2072         (JSC::JITThunks::existingCTIStub):
2073         * jit/JITThunks.h:
2074         * jsc.cpp:
2075         (jscmain):
2076         * runtime/Options.h:
2077         * runtime/VM.cpp:
2078         (JSC::VM::VM):
2079         * runtime/VM.h:
2080         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
2081         (JSC::JSWebAssemblyCodeBlock::create):
2082         (JSC::JSWebAssemblyCodeBlock::createStructure):
2083         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
2084         (JSC::JSWebAssemblyCodeBlock::mode):
2085         (JSC::JSWebAssemblyCodeBlock::module):
2086         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
2087         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
2088         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
2089         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
2090         (JSC::JSWebAssemblyCodeBlock::callees):
2091         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
2092         (JSC::JSWebAssemblyCodeBlock::allocationSize):
2093         * wasm/WasmB3IRGenerator.cpp:
2094         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2095         (JSC::Wasm::getMemoryBaseAndSize):
2096         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
2097         (JSC::Wasm::B3IRGenerator::emitLoadOp):
2098         (JSC::Wasm::B3IRGenerator::emitStoreOp):
2099         * wasm/WasmCallingConvention.h:
2100         * wasm/WasmFaultSignalHandler.cpp: Added.
2101         (JSC::Wasm::trapHandler):
2102         (JSC::Wasm::registerCode):
2103         (JSC::Wasm::unregisterCode):
2104         (JSC::Wasm::fastMemoryEnabled):
2105         (JSC::Wasm::enableFastMemory):
2106         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
2107         * wasm/WasmFormat.h:
2108         (JSC::Wasm::ModuleInformation::importFunctionCount):
2109         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
2110         * wasm/WasmMemory.cpp:
2111         (JSC::Wasm::mmapBytes):
2112         (JSC::Wasm::Memory::lastAllocatedMode):
2113         (JSC::Wasm::availableFastMemories):
2114         (JSC::Wasm::tryGetFastMemory):
2115         (JSC::Wasm::releaseFastMemory):
2116         (JSC::Wasm::Memory::Memory):
2117         (JSC::Wasm::Memory::createImpl):
2118         (JSC::Wasm::Memory::create):
2119         (JSC::Wasm::Memory::~Memory):
2120         (JSC::Wasm::Memory::grow):
2121         (JSC::Wasm::Memory::dump):
2122         (JSC::Wasm::Memory::makeString):
2123         * wasm/WasmMemory.h:
2124         (JSC::Wasm::Memory::operator bool):
2125         (JSC::Wasm::Memory::size):
2126         (JSC::Wasm::Memory::check):
2127         (JSC::Wasm::Memory::Memory): Deleted.
2128         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
2129         (JSC::Wasm::Memory::offsetOfSize): Deleted.
2130         * wasm/WasmMemoryInformation.cpp:
2131         (JSC::Wasm::MemoryInformation::MemoryInformation):
2132         * wasm/WasmMemoryInformation.h:
2133         (JSC::Wasm::MemoryInformation::hasReservedMemory):
2134         (JSC::Wasm::MemoryInformation::takeReservedMemory):
2135         (JSC::Wasm::MemoryInformation::mode):
2136         * wasm/WasmModuleParser.cpp:
2137         * wasm/WasmModuleParser.h:
2138         (JSC::Wasm::ModuleParser::ModuleParser):
2139         * wasm/WasmPlan.cpp:
2140         (JSC::Wasm::Plan::parseAndValidateModule):
2141         (JSC::Wasm::Plan::run):
2142         * wasm/WasmPlan.h:
2143         (JSC::Wasm::Plan::mode):
2144         * wasm/js/JSWebAssemblyCallee.cpp:
2145         (JSC::JSWebAssemblyCallee::finishCreation):
2146         (JSC::JSWebAssemblyCallee::destroy):
2147         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
2148         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
2149         (JSC::JSWebAssemblyCodeBlock::destroy):
2150         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
2151         (JSC::JSWebAssemblyCodeBlock::visitChildren):
2152         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
2153         * wasm/js/JSWebAssemblyInstance.cpp:
2154         (JSC::JSWebAssemblyInstance::setMemory):
2155         (JSC::JSWebAssemblyInstance::finishCreation):
2156         (JSC::JSWebAssemblyInstance::visitChildren):
2157         * wasm/js/JSWebAssemblyInstance.h:
2158         (JSC::JSWebAssemblyInstance::module):
2159         (JSC::JSWebAssemblyInstance::codeBlock):
2160         (JSC::JSWebAssemblyInstance::memoryMode):
2161         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
2162         * wasm/js/JSWebAssemblyMemory.cpp:
2163         (JSC::JSWebAssemblyMemory::create):
2164         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
2165         (JSC::JSWebAssemblyMemory::buffer):
2166         (JSC::JSWebAssemblyMemory::grow):
2167         (JSC::JSWebAssemblyMemory::destroy):
2168         * wasm/js/JSWebAssemblyMemory.h:
2169         (JSC::JSWebAssemblyMemory::memory):
2170         (JSC::JSWebAssemblyMemory::offsetOfMemory):
2171         (JSC::JSWebAssemblyMemory::offsetOfSize):
2172         * wasm/js/JSWebAssemblyModule.cpp:
2173         (JSC::JSWebAssemblyModule::buildCodeBlock):
2174         (JSC::JSWebAssemblyModule::create):
2175         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2176         (JSC::JSWebAssemblyModule::codeBlock):
2177         (JSC::JSWebAssemblyModule::finishCreation):
2178         (JSC::JSWebAssemblyModule::visitChildren):
2179         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
2180         * wasm/js/JSWebAssemblyModule.h:
2181         (JSC::JSWebAssemblyModule::takeReservedMemory):
2182         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
2183         (JSC::JSWebAssemblyModule::codeBlock):
2184         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
2185         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
2186         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
2187         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
2188         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
2189         (JSC::JSWebAssemblyModule::callees): Deleted.
2190         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
2191         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
2192         * wasm/js/WebAssemblyFunction.cpp:
2193         (JSC::callWebAssemblyFunction):
2194         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2195         (JSC::constructJSWebAssemblyInstance):
2196         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2197         (JSC::constructJSWebAssemblyMemory):
2198         * wasm/js/WebAssemblyModuleConstructor.cpp:
2199         (JSC::WebAssemblyModuleConstructor::createModule):
2200         * wasm/js/WebAssemblyModuleRecord.cpp:
2201         (JSC::WebAssemblyModuleRecord::link):
2202         (JSC::WebAssemblyModuleRecord::evaluate):
2203
2204 2017-03-03  Mark Lam  <mark.lam@apple.com>
2205
2206         Gardening: fix broken ARM64 build.
2207         https://bugs.webkit.org/show_bug.cgi?id=169139
2208
2209         Not reviewed.
2210
2211         * assembler/ARM64Assembler.h:
2212         (JSC::ARM64Assembler::excepnGenerationImmMask):
2213
2214 2017-03-03  Mark Lam  <mark.lam@apple.com>
2215
2216         Add MacroAssembler::isBreakpoint() query function.
2217         https://bugs.webkit.org/show_bug.cgi?id=169139
2218
2219         Reviewed by Michael Saboff.
2220
2221         This will be needed soon when we use breakpoint instructions to implement
2222         non-polling VM traps, and need to discern between a VM trap signal and a genuine
2223         assertion breakpoint.
2224
2225         * assembler/ARM64Assembler.h:
2226         (JSC::ARM64Assembler::isBrk):
2227         (JSC::ARM64Assembler::excepnGenerationImmMask):
2228         * assembler/ARMAssembler.h:
2229         (JSC::ARMAssembler::isBkpt):
2230         * assembler/ARMv7Assembler.h:
2231         (JSC::ARMv7Assembler::isBkpt):
2232         * assembler/MIPSAssembler.h:
2233         (JSC::MIPSAssembler::isBkpt):
2234         * assembler/MacroAssemblerARM.h:
2235         (JSC::MacroAssemblerARM::isBreakpoint):
2236         * assembler/MacroAssemblerARM64.h:
2237         (JSC::MacroAssemblerARM64::isBreakpoint):
2238         * assembler/MacroAssemblerARMv7.h:
2239         (JSC::MacroAssemblerARMv7::isBreakpoint):
2240         * assembler/MacroAssemblerMIPS.h:
2241         (JSC::MacroAssemblerMIPS::isBreakpoint):
2242         * assembler/MacroAssemblerX86Common.h:
2243         (JSC::MacroAssemblerX86Common::isBreakpoint):
2244         * assembler/X86Assembler.h:
2245         (JSC::X86Assembler::isInt3):
2246
2247 2017-03-03  Mark Lam  <mark.lam@apple.com>
2248
2249         We should only check for traps that we're able to handle.
2250         https://bugs.webkit.org/show_bug.cgi?id=169136
2251
2252         Reviewed by Michael Saboff.
2253
2254         The execute methods in interpreter were checking for the existence of any traps
2255         (without masking) and only handling a subset of those via a mask.  This can
2256         result in a failed assertion on debug builds.
2257
2258         This patch fixes this by applying the same mask for both the needTrapHandling()
2259         check and the handleTraps() call.  Also added a few assertions.
2260
2261         * interpreter/Interpreter.cpp:
2262         (JSC::Interpreter::executeProgram):
2263         (JSC::Interpreter::executeCall):
2264         (JSC::Interpreter::executeConstruct):
2265         (JSC::Interpreter::execute):
2266         * jit/JITOperations.cpp:
2267         * llint/LLIntSlowPaths.cpp:
2268         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2269
2270 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
2271
2272         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
2273         https://bugs.webkit.org/show_bug.cgi?id=169074
2274
2275         Reviewed by Joseph Pecoraro.
2276
2277         They are not actually cocoa specific.
2278
2279         * inspector/remote/RemoteInspector.cpp:
2280         (Inspector::RemoteInspector::updateTargetListing):
2281         * inspector/remote/RemoteInspector.h:
2282         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2283
2284 2017-03-02  Mark Lam  <mark.lam@apple.com>
2285
2286         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
2287         https://bugs.webkit.org/show_bug.cgi?id=169089
2288
2289         Reviewed by Tim Horton and Joseph Pecoraro.
2290
2291         * runtime/VM.cpp:
2292         (JSC::VM::handleTraps):
2293         * runtime/VM.h:
2294         (JSC::VM::notifyNeedDebuggerBreak):
2295
2296 2017-03-02  Michael Saboff  <msaboff@apple.com>
2297
2298         Add JSC identity when code signing to allow debugging on iOS
2299         https://bugs.webkit.org/show_bug.cgi?id=169099
2300
2301         Reviewed by Filip Pizlo.
2302
2303         * Configurations/JSC.xcconfig:
2304         * Configurations/ToolExecutable.xcconfig:
2305
2306 2017-03-02  Keith Miller  <keith_miller@apple.com>
2307
2308         WebAssemblyFunction should have Function.prototype as its prototype
2309         https://bugs.webkit.org/show_bug.cgi?id=169101
2310
2311         Reviewed by Filip Pizlo.
2312
2313         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
2314         objects should have Function.prototype as their prototype.
2315
2316         * runtime/JSGlobalObject.cpp:
2317         (JSC::JSGlobalObject::init):
2318
2319 2017-03-02  Mark Lam  <mark.lam@apple.com>
2320
2321         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
2322         https://bugs.webkit.org/show_bug.cgi?id=169088
2323
2324         Reviewed by Keith Miller.
2325
2326         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
2327         generated.  This is useful for testing purposes until we have signal based
2328         traps, at which point, we will always emit the op_check_traps bytecode and remove
2329         this option.
2330
2331         Options::usePollingTraps() enables the use of polling VM traps all the time.
2332         This will be useful for benchmark comparisons, (between polling and non-polling
2333         traps), as well as for forcing polling traps later for ports that don't support
2334         signal based traps.
2335
2336         Note: signal based traps are not fully implemented yet.  As a result, if the VM
2337         watchdog is in use, we will force Options::usePollingTraps() to be true.
2338
2339         * bytecompiler/BytecodeGenerator.cpp:
2340         (JSC::BytecodeGenerator::emitCheckTraps):
2341         * dfg/DFGClobberize.h:
2342         (JSC::DFG::clobberize):
2343         * dfg/DFGSpeculativeJIT.cpp:
2344         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2345         * dfg/DFGSpeculativeJIT32_64.cpp:
2346         (JSC::DFG::SpeculativeJIT::compile):
2347         * dfg/DFGSpeculativeJIT64.cpp:
2348         (JSC::DFG::SpeculativeJIT::compile):
2349         * ftl/FTLLowerDFGToB3.cpp:
2350         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2351         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2352         * runtime/Options.cpp:
2353         (JSC::recomputeDependentOptions):
2354         * runtime/Options.h:
2355
2356 2017-03-02  Keith Miller  <keith_miller@apple.com>
2357
2358         Fix addressing mode for B3WasmAddress
2359         https://bugs.webkit.org/show_bug.cgi?id=169092
2360
2361         Reviewed by Filip Pizlo.
2362
2363         Fix the potential addressing modes for B3WasmAddress. ARM does not
2364         support a base + index*1 + offset addressing mode. I think when I
2365         read it the first time I assumed it would always work on both ARM
2366         and X86. While true for X86 it's not true for ARM.
2367
2368         * b3/B3LowerToAir.cpp:
2369         (JSC::B3::Air::LowerToAir::effectiveAddr):
2370
2371 2017-03-02  Mark Lam  <mark.lam@apple.com>
2372
2373         Add support for selective handling of VM traps.
2374         https://bugs.webkit.org/show_bug.cgi?id=169087
2375
2376         Reviewed by Keith Miller.
2377
2378         This is needed because there are some places in the VM where it's appropriate to
2379         handle some types of VM traps but not others.
2380
2381         We implement this selection by using a VMTraps::Mask that allows the user to
2382         specify which traps should be serviced.
2383
2384         * interpreter/Interpreter.cpp:
2385         (JSC::Interpreter::executeProgram):
2386         (JSC::Interpreter::executeCall):
2387         (JSC::Interpreter::executeConstruct):
2388         (JSC::Interpreter::execute):
2389         * runtime/VM.cpp:
2390         (JSC::VM::handleTraps):
2391         * runtime/VM.h:
2392         * runtime/VMTraps.cpp:
2393         (JSC::VMTraps::takeTrap): Deleted.
2394         * runtime/VMTraps.h:
2395         (JSC::VMTraps::Mask::Mask):
2396         (JSC::VMTraps::Mask::allEventTypes):
2397         (JSC::VMTraps::Mask::bits):
2398         (JSC::VMTraps::Mask::init):
2399         (JSC::VMTraps::needTrapHandling):
2400         (JSC::VMTraps::hasTrapForEvent):
2401
2402 2017-03-02  Alex Christensen  <achristensen@webkit.org>
2403
2404         Continue enabling WebRTC
2405         https://bugs.webkit.org/show_bug.cgi?id=169056
2406
2407         Reviewed by Jon Lee.
2408
2409         * Configurations/FeatureDefines.xcconfig:
2410
2411 2017-03-02  Tomas Popela  <tpopela@redhat.com>
2412
2413         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
2414         https://bugs.webkit.org/show_bug.cgi?id=169034
2415
2416         Reviewed by Mark Lam.
2417
2418         It should not assign to offset, but compare to offset.
2419
2420         * runtime/JSGlobalObject.cpp:
2421         (JSC::JSGlobalObject::addStaticGlobals):
2422
2423 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2424
2425         Unreviewed, rolling out r213259.
2426
2427         Broke an internal build
2428
2429         Reverted changeset:
2430
2431         "Continue enabling WebRTC"
2432         https://bugs.webkit.org/show_bug.cgi?id=169056
2433         http://trac.webkit.org/changeset/213259
2434
2435 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2436
2437         Continue enabling WebRTC
2438         https://bugs.webkit.org/show_bug.cgi?id=169056
2439
2440         Reviewed by Jon Lee.
2441
2442         * Configurations/FeatureDefines.xcconfig:
2443
2444 2017-03-01  Michael Saboff  <msaboff@apple.com>
2445
2446         Source/JavaScriptCore/ChangeLog
2447         https://bugs.webkit.org/show_bug.cgi?id=169055
2448
2449         Reviewed by Mark Lam.
2450
2451         Made local copies of options strings for OptionRange and string typed options.
2452
2453         * runtime/Options.cpp:
2454         (JSC::parse):
2455         (JSC::OptionRange::init):
2456
2457 2017-03-01  Mark Lam  <mark.lam@apple.com>
2458
2459         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2460         https://bugs.webkit.org/show_bug.cgi?id=168996
2461
2462         Reviewed by Filip Pizlo and Saam Barati.
2463
2464         PlatformThread is more useful because it allows us to:
2465         1. find the MachineThreads::Thread which is associated with it.
2466         2. suspend / resume threads.
2467         3. send a signal to a thread.
2468
2469         We can't do those with std::thread::id.  We will need one or more of these
2470         capabilities to implement non-polling VM traps later.
2471
2472         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2473         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2474         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2475         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2476
2477         * JavaScriptCore.xcodeproj/project.pbxproj:
2478         * heap/MachineStackMarker.cpp:
2479         (JSC::MachineThreads::Thread::createForCurrentThread):
2480         (JSC::MachineThreads::machineThreadForCurrentThread):
2481         (JSC::MachineThreads::removeThread):
2482         (JSC::MachineThreads::Thread::suspend):
2483         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2484         (JSC::getCurrentPlatformThread): Deleted.
2485         * heap/MachineStackMarker.h:
2486         * runtime/JSCellInlines.h:
2487         (JSC::JSCell::classInfo):
2488         * runtime/JSLock.cpp:
2489         (JSC::JSLock::JSLock):
2490         (JSC::JSLock::lock):
2491         (JSC::JSLock::unlock):
2492         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2493         * runtime/JSLock.h:
2494         (JSC::JSLock::ownerThread):
2495         (JSC::JSLock::currentThreadIsHoldingLock):
2496         * runtime/PlatformThread.h: Added.
2497         (JSC::currentPlatformThread):
2498         * runtime/VM.cpp:
2499         (JSC::VM::~VM):
2500         * runtime/VM.h:
2501         (JSC::VM::ownerThread):
2502         * runtime/Watchdog.cpp:
2503         (JSC::Watchdog::setTimeLimit):
2504         (JSC::Watchdog::shouldTerminate):
2505         (JSC::Watchdog::startTimer):
2506         (JSC::Watchdog::stopTimer):
2507         * tools/JSDollarVMPrototype.cpp:
2508         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2509         * tools/VMInspector.cpp:
2510
2511 2017-03-01  Saam Barati  <sbarati@apple.com>
2512
2513         Implement a mega-disassembler that'll be used in the FTL
2514         https://bugs.webkit.org/show_bug.cgi?id=168685
2515
2516         Reviewed by Mark Lam.
2517
2518         This patch extends the previous Air disassembler to print the
2519         DFG and B3 nodes belonging to particular Air instructions.
2520         The algorithm I'm using to do this is not perfect. For example,
2521         it won't try to print the entire DFG/B3 graph. It'll just print
2522         the related nodes for particular Air instructions. We can make the
2523         algorithm more sophisticated as we get more experience looking at
2524         these IR dumps and get a better feel for what we want out of them.
2525
2526         This is an example of the output:
2527
2528         ...
2529         ...
2530         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2531            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2532                Patch &Patchpoint2, %r20, %r20, %r0, @54
2533          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2534            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2535                Move 32(%r20), %r5, @57
2536                       0x389cc9ac0:    ldur   x5, [x20, #32]
2537         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2538            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2539                Move32 (%r5), %r1, @58
2540                       0x389cc9ac4:    ldur   w1, [x5]
2541            Int32 @59 = Const32(DFG:@115, 92)
2542            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2543            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2544                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2545                       0x389cc9ac8:    cmp    w1, #92
2546                       0x389cc9acc:    b.ne   0x389cc9dac
2547         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2548            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2549                Move 8(%r5), %r4, @64
2550                       0x389cc9ad0:    ldur   x4, [x5, #8]
2551          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2552            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2553                Move32 -8(%r4), %r2, @67
2554                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2555       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2556            Int32 @68 = Const32(DFG:@192, -1)
2557                Move $0xffffffffffffffff, %r1, $-1(@68)
2558                       0x389cc9ad8:    mov    x1, #-1
2559          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2560            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2561                Add32 %r2, %r1, %r1, @69
2562                       0x389cc9adc:    add    w1, w2, w1
2563          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2564            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2565            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2566                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2567                       0x389cc9ae0:    cmp    x0, x22
2568                       0x389cc9ae4:    b.lo   0x389cc9dc0
2569            Int32 @72 = Trunc(@53, DFG:@86)
2570            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2571                And32 %r1, %r0, %r1, @73
2572                       0x389cc9ae8:    and    w1, w1, w0
2573            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2574            Int32 @72 = Trunc(@53, DFG:@86)
2575            Int64 @11 = SlotBase(stack0)
2576            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2577                Move32 %r0, -64(%fp), @76
2578                       0x389cc9aec:    stur   w0, [fp, #-64]
2579            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2580            Int64 @77 = ZExt32(@73, DFG:@12)
2581            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2582                Add64 %r1, %r22, %r3, @78
2583                       0x389cc9af0:    add    x3, x1, x22
2584            Int64 @11 = SlotBase(stack0)
2585            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2586                Move %r3, -72(%fp), @81
2587                       0x389cc9af4:    stur   x3, [fp, #-72]
2588            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2589            Int32 @82 = Trunc(@24, DFG:@10)
2590            Int64 @11 = SlotBase(stack0)
2591            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2592                Move32 %r21, -80(%fp), @85
2593                       0x389cc9af8:    stur   w21, [fp, #-80]
2594           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2595            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2596            Void @90 = Branch(@89, DFG:@129, Terminal)
2597                Branch32 AboveOrEqual, %r1, %r2, @90
2598                       0x389cc9afc:    cmp    w1, w2
2599                       0x389cc9b00:    b.hs   0x389cc9bec
2600         ...
2601         ...
2602
2603         * b3/air/AirDisassembler.cpp:
2604         (JSC::B3::Air::Disassembler::dump):
2605         * b3/air/AirDisassembler.h:
2606         * ftl/FTLCompile.cpp:
2607         (JSC::FTL::compile):
2608         * ftl/FTLLowerDFGToB3.cpp:
2609         (JSC::FTL::DFG::LowerDFGToB3::lower):
2610         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2611         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2612         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2613         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2614
2615 2017-03-01  Mark Lam  <mark.lam@apple.com>
2616
2617         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2618         https://bugs.webkit.org/show_bug.cgi?id=169042
2619
2620         Not reviewed.
2621
2622         Rolling out r213229 and r213202.
2623
2624         * JavaScriptCore.xcodeproj/project.pbxproj:
2625         * heap/MachineStackMarker.cpp:
2626         (JSC::getCurrentPlatformThread):
2627         (JSC::MachineThreads::Thread::createForCurrentThread):
2628         (JSC::MachineThreads::machineThreadForCurrentThread):
2629         (JSC::MachineThreads::removeThread):
2630         (JSC::MachineThreads::Thread::suspend):
2631         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2632         * heap/MachineStackMarker.h:
2633         * runtime/JSCellInlines.h:
2634         (JSC::JSCell::classInfo):
2635         * runtime/JSLock.cpp:
2636         (JSC::JSLock::JSLock):
2637         (JSC::JSLock::lock):
2638         (JSC::JSLock::unlock):
2639         (JSC::JSLock::currentThreadIsHoldingLock):
2640         * runtime/JSLock.h:
2641         (JSC::JSLock::ownerThread):
2642         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2643         * runtime/PlatformThread.h: Removed.
2644         * runtime/VM.cpp:
2645         (JSC::VM::~VM):
2646         * runtime/VM.h:
2647         (JSC::VM::ownerThread):
2648         * runtime/Watchdog.cpp:
2649         (JSC::Watchdog::setTimeLimit):
2650         (JSC::Watchdog::shouldTerminate):
2651         (JSC::Watchdog::startTimer):
2652         (JSC::Watchdog::stopTimer):
2653         * tools/JSDollarVMPrototype.cpp:
2654         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2655         * tools/VMInspector.cpp:
2656
2657 2017-03-01  Mark Lam  <mark.lam@apple.com>
2658
2659         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2660         https://bugs.webkit.org/show_bug.cgi?id=169042
2661
2662         Reviewed by Filip Pizlo.
2663
2664         * runtime/JSLock.h:
2665         (JSC::JSLock::currentThreadIsHoldingLock):
2666
2667 2017-02-28  Brian Burg  <bburg@apple.com>
2668
2669         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
2670         https://bugs.webkit.org/show_bug.cgi?id=168695
2671         <rdar://problem/30643899>
2672
2673         Reviewed by Joseph Pecoraro.
2674
2675         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
2676         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
2677         to gather listing information for RemoteAutomationTargets.
2678
2679         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
2680         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
2681         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
2682
2683         * inspector/remote/RemoteInspector.h:
2684         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
2685
2686         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2687         (Inspector::RemoteConnectionToTarget::setup):
2688         (Inspector::RemoteConnectionToTarget::close):
2689         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
2690         and use it inside the block later after it may have been destructed already. If that happens,
2691         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
2692
2693         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2694         (Inspector::RemoteInspector::updateTargetListing):
2695         We need to make sure to request a listing push after the target is updated, so implicitly call
2696         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
2697
2698         (Inspector::RemoteInspector::receivedSetupMessage):
2699         (Inspector::RemoteInspector::receivedDidCloseMessage):
2700         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
2701         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
2702         and asynchronously on the target's queue when the connection to target is opened or closed.
2703
2704 2017-03-01  Tomas Popela  <tpopela@redhat.com>
2705
2706         Leak under Options::setOptions
2707         https://bugs.webkit.org/show_bug.cgi?id=169029
2708
2709         Reviewed by Michael Saboff.
2710
2711         Don't leak the optionsStrCopy variable.
2712
2713         * runtime/Options.cpp:
2714         (JSC::Options::setOptions):
2715
2716 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2717
2718         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
2719         https://bugs.webkit.org/show_bug.cgi?id=168968
2720
2721         Reviewed by Saam Barati.
2722
2723         This patch decouples dumping bytecode sequence from CodeBlock.
2724         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
2725         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
2726         called Generatorification.
2727
2728         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
2729         this class to dump bytecode sequence.
2730
2731         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
2732         which dumps unlinked bytecode sequence before generatorification if it is enabled.
2733
2734         * CMakeLists.txt:
2735         * JavaScriptCore.xcodeproj/project.pbxproj:
2736         * bytecode/BytecodeDumper.cpp: Added.
2737         (JSC::getStructureID):
2738         (JSC::getSpecialPointer):
2739         (JSC::getPutByIdFlags):
2740         (JSC::getToThisStatus):
2741         (JSC::getPointer):
2742         (JSC::getStructureChain):
2743         (JSC::getStructure):
2744         (JSC::getCallLinkInfo):
2745         (JSC::getBasicBlockLocation):
2746         (JSC::BytecodeDumper<Block>::actualPointerFor):
2747         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
2748         (JSC::beginDumpProfiling):
2749         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
2750         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
2751         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
2752         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
2753         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
2754         (JSC::dumpRareCaseProfile):
2755         (JSC::dumpArithProfile):
2756         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
2757         (JSC::BytecodeDumper<Block>::vm):
2758         (JSC::BytecodeDumper<Block>::identifier):
2759         (JSC::regexpToSourceString):
2760         (JSC::regexpName):
2761         (JSC::printLocationAndOp):
2762         (JSC::isConstantRegisterIndex):
2763         (JSC::debugHookName):
2764         (JSC::BytecodeDumper<Block>::registerName):
2765         (JSC::idName):
2766         (JSC::BytecodeDumper<Block>::constantName):
2767         (JSC::BytecodeDumper<Block>::printUnaryOp):
2768         (JSC::BytecodeDumper<Block>::printBinaryOp):
2769         (JSC::BytecodeDumper<Block>::printConditionalJump):
2770         (JSC::BytecodeDumper<Block>::printGetByIdOp):
2771         (JSC::dumpStructure):
2772         (JSC::dumpChain):
2773         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
2774         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
2775         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
2776         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
2777         (JSC::BytecodeDumper<Block>::printCallOp):
2778         (JSC::BytecodeDumper<Block>::printPutByIdOp):
2779         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
2780         (JSC::BytecodeDumper<Block>::dumpBytecode):
2781         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2782         (JSC::BytecodeDumper<Block>::dumpConstants):
2783         (JSC::BytecodeDumper<Block>::dumpRegExps):
2784         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2785         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2786         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2787         (JSC::BytecodeDumper<Block>::dumpBlock):
2788         * bytecode/BytecodeDumper.h: Added.
2789         (JSC::BytecodeDumper::BytecodeDumper):
2790         (JSC::BytecodeDumper::block):
2791         (JSC::BytecodeDumper::instructionsBegin):
2792         * bytecode/BytecodeGeneratorification.cpp:
2793         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2794         (JSC::performGeneratorification):
2795         * bytecode/BytecodeLivenessAnalysis.cpp:
2796         (JSC::BytecodeLivenessAnalysis::dumpResults):
2797         * bytecode/CodeBlock.cpp:
2798         (JSC::CodeBlock::dumpBytecode):
2799         (JSC::CodeBlock::finishCreation):
2800         (JSC::CodeBlock::propagateTransitions):
2801         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2802         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2803         (JSC::CodeBlock::usesOpcode):
2804         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2805         (JSC::CodeBlock::arithProfileForPC):
2806         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2807         (JSC::idName): Deleted.
2808         (JSC::CodeBlock::registerName): Deleted.
2809         (JSC::CodeBlock::constantName): Deleted.
2810         (JSC::regexpToSourceString): Deleted.
2811         (JSC::regexpName): Deleted.
2812         (JSC::debugHookName): Deleted.
2813         (JSC::CodeBlock::printUnaryOp): Deleted.
2814         (JSC::CodeBlock::printBinaryOp): Deleted.
2815         (JSC::CodeBlock::printConditionalJump): Deleted.
2816         (JSC::CodeBlock::printGetByIdOp): Deleted.
2817         (JSC::dumpStructure): Deleted.
2818         (JSC::dumpChain): Deleted.
2819         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
2820         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
2821         (JSC::CodeBlock::printCallOp): Deleted.
2822         (JSC::CodeBlock::printPutByIdOp): Deleted.
2823         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
2824         (JSC::CodeBlock::beginDumpProfiling): Deleted.
2825         (JSC::CodeBlock::dumpValueProfiling): Deleted.
2826         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
2827         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
2828         (JSC::CodeBlock::dumpArithProfile): Deleted.
2829         (JSC::CodeBlock::printLocationAndOp): Deleted.
2830         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
2831         * bytecode/CodeBlock.h:
2832         (JSC::CodeBlock::constantRegisters):
2833         (JSC::CodeBlock::numberOfRegExps):
2834         (JSC::CodeBlock::bitVectors):
2835         (JSC::CodeBlock::bitVector):
2836         * bytecode/HandlerInfo.h:
2837         (JSC::HandlerInfoBase::typeName):
2838         * bytecode/UnlinkedCodeBlock.cpp:
2839         (JSC::UnlinkedCodeBlock::dump):
2840         * bytecode/UnlinkedCodeBlock.h:
2841         (JSC::UnlinkedCodeBlock::getConstant):
2842         * bytecode/UnlinkedInstructionStream.cpp:
2843         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
2844         * bytecode/UnlinkedInstructionStream.h:
2845         (JSC::UnlinkedInstructionStream::Reader::next):
2846         * runtime/Options.h:
2847
2848 2017-02-28  Mark Lam  <mark.lam@apple.com>
2849
2850         Change JSLock to stash PlatformThread instead of std::thread::id.
2851         https://bugs.webkit.org/show_bug.cgi?id=168996
2852
2853         Reviewed by Filip Pizlo.
2854
2855         PlatformThread is more useful because it allows us to:
2856         1. find the MachineThreads::Thread which is associated with it.
2857         2. suspend / resume threads.
2858         3. send a signal to a thread.
2859
2860         We can't do those with std::thread::id.  We will need one or more of these
2861         capabilities to implement non-polling VM traps later.
2862
2863         * JavaScriptCore.xcodeproj/project.pbxproj:
2864         * heap/MachineStackMarker.cpp:
2865         (JSC::MachineThreads::Thread::createForCurrentThread):
2866         (JSC::MachineThreads::machineThreadForCurrentThread):
2867         (JSC::MachineThreads::removeThread):
2868         (JSC::MachineThreads::Thread::suspend):
2869         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2870         (JSC::getCurrentPlatformThread): Deleted.
2871         * heap/MachineStackMarker.h:
2872         * runtime/JSCellInlines.h:
2873         (JSC::JSCell::classInfo):
2874         * runtime/JSLock.cpp:
2875         (JSC::JSLock::lock):
2876         (JSC::JSLock::unlock):
2877         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2878         * runtime/JSLock.h:
2879         (JSC::JSLock::ownerThread):
2880         (JSC::JSLock::currentThreadIsHoldingLock):
2881         * runtime/PlatformThread.h: Added.
2882         (JSC::currentPlatformThread):
2883         * runtime/VM.cpp:
2884         (JSC::VM::~VM):
2885         * runtime/VM.h:
2886         (JSC::VM::ownerThread):
2887         * runtime/Watchdog.cpp:
2888         (JSC::Watchdog::setTimeLimit):
2889         (JSC::Watchdog::shouldTerminate):
2890         (JSC::Watchdog::startTimer):
2891         (JSC::Watchdog::stopTimer):
2892         * tools/JSDollarVMPrototype.cpp:
2893         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2894         * tools/VMInspector.cpp:
2895
2896 2017-02-28  Mark Lam  <mark.lam@apple.com>
2897
2898         Enable the SigillCrashAnalyzer by default for iOS.
2899         https://bugs.webkit.org/show_bug.cgi?id=168989
2900
2901         Reviewed by Keith Miller.
2902
2903         * runtime/Options.cpp:
2904         (JSC::overrideDefaults):
2905
2906 2017-02-28  Mark Lam  <mark.lam@apple.com>
2907
2908         Remove setExclusiveThread() and peers from the JSLock.
2909         https://bugs.webkit.org/show_bug.cgi?id=168977
2910
2911         Reviewed by Filip Pizlo.
2912
2913         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
2914         Speedometer, we see that removal of exclusive thread status has no measurable
2915         impact on performance.  So, let's remove the code for handling exclusive thread
2916         status, and simplify the JSLock code.
2917
2918         For the records, exclusive thread status does improve JSLock locking/unlocking
2919         time by up to 20%.  However, this difference is not measurable in the way WebCore
2920         uses the JSLock as confirmed by Speedometer.
2921
2922         Also applied a minor optimization in JSLock::lock() to assume the initial lock
2923         entry case (as opposed to the re-entry case).  This appears to shows a small
2924         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
2925         time in a micro-benchmark.
2926
2927         * heap/Heap.cpp:
2928         (JSC::Heap::Heap):
2929         * heap/MachineStackMarker.cpp:
2930         (JSC::MachineThreads::MachineThreads):
2931         (JSC::MachineThreads::addCurrentThread):
2932         * heap/MachineStackMarker.h:
2933         * runtime/JSLock.cpp:
2934         (JSC::JSLock::JSLock):
2935         (JSC::JSLock::lock):
2936         (JSC::JSLock::unlock):
2937         (JSC::JSLock::currentThreadIsHoldingLock):
2938         (JSC::JSLock::dropAllLocks):
2939         (JSC::JSLock::grabAllLocks):
2940         (JSC::JSLock::setExclusiveThread): Deleted.
2941         * runtime/JSLock.h:
2942         (JSC::JSLock::ownerThread):
2943         (JSC::JSLock::hasExclusiveThread): Deleted.
2944         (JSC::JSLock::exclusiveThread): Deleted.
2945         * runtime/VM.h:
2946         (JSC::VM::hasExclusiveThread): Deleted.
2947         (JSC::VM::exclusiveThread): Deleted.
2948         (JSC::VM::setExclusiveThread): Deleted.
2949
2950 2017-02-28  Saam Barati  <sbarati@apple.com>
2951
2952         Arm64 disassembler prints "ars" instead of "asr"
2953         https://bugs.webkit.org/show_bug.cgi?id=168923
2954
2955         Rubber stamped by Michael Saboff.
2956
2957         * disassembler/ARM64/A64DOpcode.cpp:
2958         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2959
2960 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
2961
2962         Use of arguments in arrow function is slow
2963         https://bugs.webkit.org/show_bug.cgi?id=168829
2964
2965         Reviewed by Saam Barati.
2966
2967         Current patch improves performance access to arguments within arrow functuion
2968         by preventing create arguments variable within arrow function, also allow to cache 
2969         arguments variable. Before arguments variable always have Dynamic resolve type, after 
2970         patch it can be ClosureVar, that increase performance of access to arguments variable
2971         in 9 times inside of the arrow function. 
2972
2973         * bytecompiler/BytecodeGenerator.cpp:
2974         (JSC::BytecodeGenerator::BytecodeGenerator):
2975         * runtime/JSScope.cpp:
2976         (JSC::abstractAccess):
2977
2978 2017-02-28  Michael Saboff  <msaboff@apple.com>
2979
2980         Add ability to configure JSC options from a file
2981         https://bugs.webkit.org/show_bug.cgi?id=168914
2982
2983         Reviewed by Filip Pizlo.
2984
2985         Added the ability to set options and DataLog file location via a configuration file.
2986         The configuration file is specified with the --configFile option to JSC or the
2987         JSC_configFile environment variable.
2988
2989         The file format allows for options conditionally dependent on various attributes.
2990         Currently those attributes are the process name, parent process name and build
2991         type (Release or Debug).  In this patch, the parent process type is not set.
2992         That will be set up in WebKit code with a follow up patch.
2993
2994         Here is an example config file:
2995
2996             logFile = "/tmp/jscLog.%pid.txt"
2997
2998             jscOptions {
2999                 dumpOptions = 2
3000             }
3001
3002             build == "Debug" {
3003                 jscOptions {
3004                     useConcurrentJIT = false
3005                     dumpDisassembly = true
3006                 }
3007             }
3008
3009             build == "Release" && processName == "jsc" {
3010                 jscOptions {
3011                     asyncDisassembly = true
3012                 }
3013             }
3014
3015         Eliminated the prior options file code.
3016
3017         * CMakeLists.txt:
3018         * JavaScriptCore.xcodeproj/project.pbxproj:
3019         * jsc.cpp:
3020         (jscmain):
3021         * runtime/ConfigFile.cpp: Added.
3022         (JSC::ConfigFileScanner::ConfigFileScanner):
3023         (JSC::ConfigFileScanner::start):
3024         (JSC::ConfigFileScanner::lineNumber):
3025         (JSC::ConfigFileScanner::currentBuffer):
3026         (JSC::ConfigFileScanner::atFileEnd):
3027         (JSC::ConfigFileScanner::tryConsume):
3028         (JSC::ConfigFileScanner::tryConsumeString):
3029         (JSC::ConfigFileScanner::tryConsumeUpto):
3030         (JSC::ConfigFileScanner::fillBufferIfNeeded):
3031         (JSC::ConfigFileScanner::fillBuffer):
3032         (JSC::ConfigFile::ConfigFile):
3033         (JSC::ConfigFile::setProcessName):
3034         (JSC::ConfigFile::setParentProcessName):
3035         (JSC::ConfigFile::parse):
3036         * runtime/ConfigFile.h: Added.
3037         * runtime/Options.cpp:
3038         (JSC::Options::initialize):
3039         (JSC::Options::setOptions):
3040         * runtime/Options.h:
3041
3042 2017-02-27  Alex Christensen  <achristensen@webkit.org>
3043
3044         Begin enabling WebRTC on 64-bit
3045         https://bugs.webkit.org/show_bug.cgi?id=168915
3046
3047         Reviewed by Eric Carlson.
3048
3049         * Configurations/FeatureDefines.xcconfig:
3050
3051 2017-02-27  Mark Lam  <mark.lam@apple.com>
3052
3053         Introduce a VM Traps mechanism and refactor Watchdog to use it.
3054         https://bugs.webkit.org/show_bug.cgi?id=168842
3055
3056         Reviewed by Filip Pizlo.
3057
3058         Currently, the traps mechanism is only used for the JSC watchdog, and for
3059         asynchronous termination requests (which is currently only used for worker
3060         threads termination).
3061
3062         This first cut of the traps mechanism still relies on polling from DFG and FTL
3063         code.  This is done to keep the patch as small as possible.  The work to do
3064         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
3065         another patch.
3066
3067         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
3068         flag to enable the traps polling in the DFG and FTL code.  When we have the
3069         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
3070         the VM::m_needAsynchronousTerminationSupport flag.
3071
3072         Note: this patch also separates asynchronous termination support from the JSC
3073         watchdog.  This separation allows us to significantly simplify the locking
3074         requirements in the watchdog code, and make it easier to reason about its
3075         correctness.
3076
3077         * CMakeLists.txt:
3078         * JavaScriptCore.xcodeproj/project.pbxproj:
3079         * bytecode/BytecodeList.json:
3080         * bytecode/BytecodeUseDef.h:
3081         (JSC::computeUsesForBytecodeOffset):
3082         (JSC::computeDefsForBytecodeOffset):
3083         * bytecode/CodeBlock.cpp:
3084         (JSC::CodeBlock::dumpBytecode):
3085         * bytecompiler/BytecodeGenerator.cpp:
3086         (JSC::BytecodeGenerator::BytecodeGenerator):
3087         (JSC::BytecodeGenerator::emitLoopHint):
3088         (JSC::BytecodeGenerator::emitCheckTraps):
3089         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
3090         * bytecompiler/BytecodeGenerator.h:
3091         * dfg/DFGAbstractInterpreterInlines.h:
3092         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3093         * dfg/DFGByteCodeParser.cpp:
3094         (JSC::DFG::ByteCodeParser::parseBlock):
3095         * dfg/DFGCapabilities.cpp:
3096         (JSC::DFG::capabilityLevel):
3097         * dfg/DFGClobberize.h:
3098         (JSC::DFG::clobberize):
3099         * dfg/DFGDoesGC.cpp:
3100         (JSC::DFG::doesGC):
3101         * dfg/DFGFixupPhase.cpp:
3102         (JSC::DFG::FixupPhase::fixupNode):
3103         * dfg/DFGNodeType.h:
3104         * dfg/DFGPredictionPropagationPhase.cpp:
3105         * dfg/DFGSafeToExecute.h:
3106         (JSC::DFG::safeToExecute):
3107         * dfg/DFGSpeculativeJIT.cpp:
3108         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
3109         * dfg/DFGSpeculativeJIT.h:
3110         * dfg/DFGSpeculativeJIT32_64.cpp:
3111         (JSC::DFG::SpeculativeJIT::compile):
3112         * dfg/DFGSpeculativeJIT64.cpp:
3113         (JSC::DFG::SpeculativeJIT::compile):
3114         * ftl/FTLCapabilities.cpp:
3115         (JSC::FTL::canCompile):
3116         * ftl/FTLLowerDFGToB3.cpp:
3117         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3118         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
3119         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
3120         * interpreter/Interpreter.cpp:
3121         (JSC::Interpreter::executeProgram):
3122         (JSC::Interpreter::executeCall):
3123         (JSC::Interpreter::executeConstruct):
3124         (JSC::Interpreter::execute):
3125         * jit/JIT.cpp:
3126         (JSC::JIT::privateCompileMainPass):
3127         (JSC::JIT::privateCompileSlowCases):
3128         * jit/JIT.h:
3129         * jit/JITOpcodes.cpp:
3130         (JSC::JIT::emit_op_check_traps):
3131         (JSC::JIT::emitSlow_op_check_traps):
3132         (JSC::JIT::emit_op_watchdog): Deleted.
3133         (JSC::JIT::emitSlow_op_watchdog): Deleted.
3134         * jit/JITOperations.cpp:
3135         * jit/JITOperations.h:
3136         * llint/LLIntSlowPaths.cpp:
3137         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3138         * llint/LLIntSlowPaths.h:
3139         * llint/LowLevelInterpreter.asm:
3140         * llint/LowLevelInterpreter32_64.asm:
3141         * llint/LowLevelInterpreter64.asm:
3142         * runtime/VM.cpp:
3143         (JSC::VM::~VM):
3144         (JSC::VM::ensureWatchdog):
3145         (JSC::VM::handleTraps):
3146         * runtime/VM.h:
3147         (JSC::VM::ownerThread):
3148         (JSC::VM::needTrapHandling):
3149         (JSC::VM::needTrapHandlingAddress):
3150         (JSC::VM::notifyNeedTermination):
3151         (JSC::VM::notifyNeedWatchdogCheck):
3152         (JSC::VM::needAsynchronousTerminationSupport):
3153         (JSC::VM::setNeedAsynchronousTerminationSupport):
3154         * runtime/VMInlines.h:
3155         (JSC::VM::shouldTriggerTermination): Deleted.
3156         * runtime/VMTraps.cpp: Added.
3157         (JSC::VMTraps::fireTrap):
3158         (JSC::VMTraps::takeTrap):
3159         * runtime/VMTraps.h: Added.
3160         (JSC::VMTraps::needTrapHandling):
3161         (JSC::VMTraps::needTrapHandlingAddress):
3162         (JSC::VMTraps::hasTrapForEvent):
3163         (JSC::VMTraps::setTrapForEvent):
3164         (JSC::VMTraps::clearTrapForEvent):
3165         * runtime/Watchdog.cpp:
3166         (JSC::Watchdog::Watchdog):
3167         (JSC::Watchdog::setTimeLimit):
3168         (JSC::Watchdog::shouldTerminate):
3169         (JSC::Watchdog::enteredVM):
3170         (JSC::Watchdog::exitedVM):
3171         (JSC::Watchdog::startTimer):
3172         (JSC::Watchdog::stopTimer):
3173         (JSC::Watchdog::willDestroyVM):
3174         (JSC::Watchdog::terminateSoon): Deleted.
3175         (JSC::Watchdog::shouldTerminateSlow): Deleted.
3176         * runtime/Watchdog.h:
3177         (JSC::Watchdog::shouldTerminate): Deleted.
3178         (JSC::Watchdog::timerDidFireAddress): Deleted.
3179
3180 2017-02-27  Commit Queue  <commit-queue@webkit.org>
3181
3182         Unreviewed, rolling out r213019.
3183         https://bugs.webkit.org/show_bug.cgi?id=168925
3184
3185         "It broke 32-bit jsc tests in debug builds" (Requested by
3186         saamyjoon on #webkit).
3187
3188         Reverted changeset:
3189
3190         "op_get_by_id_with_this should use inline caching"
3191         https://bugs.webkit.org/show_bug.cgi?id=162124
3192         http://trac.webkit.org/changeset/213019
3193
3194 2017-02-27  JF Bastien  <jfbastien@apple.com>
3195
3196         WebAssembly: miscellaneous spec fixes part deux
3197         https://bugs.webkit.org/show_bug.cgi?id=168861
3198
3199         Reviewed by Keith Miller.
3200
3201         * wasm/WasmFunctionParser.h: add some FIXME
3202
3203 2017-02-27  Alex Christensen  <achristensen@webkit.org>
3204
3205         [libwebrtc] Enable WebRTC in some Production Builds
3206         https://bugs.webkit.org/show_bug.cgi?id=168858
3207
3208         * Configurations/FeatureDefines.xcconfig:
3209
3210 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
3211
3212         op_get_by_id_with_this should use inline caching
3213         https://bugs.webkit.org/show_bug.cgi?id=162124
3214
3215         Reviewed by Saam Barati.
3216
3217         This patch is enabling inline cache for op_get_by_id_with_this in all
3218         tiers. It means that operations using ```super.member``` are going to
3219         be able to be optimized by PIC. To enable it, we introduced a new
3220         member of StructureStubInfo.patch named thisGPR, created a new class
3221         to manage the IC named JITGetByIdWithThisGenerator and changed
3222         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
3223         to decide the correct this value on inline caches.
3224         With inline cached enabled, ```super.member``` are ~4.5x faster,
3225         according microbenchmarks.
3226
3227         * bytecode/AccessCase.cpp:
3228         (JSC::AccessCase::generateImpl):
3229         * bytecode/PolymorphicAccess.cpp:
3230         (JSC::PolymorphicAccess::regenerate):
3231         * bytecode/PolymorphicAccess.h:
3232         * bytecode/StructureStubInfo.cpp:
3233         (JSC::StructureStubInfo::reset):
3234         * bytecode/StructureStubInfo.h:
3235         * dfg/DFGFixupPhase.cpp:
3236         (JSC::DFG::FixupPhase::fixupNode):
3237         * dfg/DFGJITCompiler.cpp:
3238         (JSC::DFG::JITCompiler::link):
3239         * dfg/DFGJITCompiler.h:
3240         (JSC::DFG::JITCompiler::addGetByIdWithThis):
3241         * dfg/DFGSpeculativeJIT.cpp:
3242         (JSC::DFG::SpeculativeJIT::compileIn):
3243         * dfg/DFGSpeculativeJIT.h:
3244         (JSC::DFG::SpeculativeJIT::callOperation):
3245         * dfg/DFGSpeculativeJIT32_64.cpp:
3246         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3247         (JSC::DFG::SpeculativeJIT::compile):
3248         * dfg/DFGSpeculativeJIT64.cpp:
3249         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3250         (JSC::DFG::SpeculativeJIT::compile):
3251         * ftl/FTLLowerDFGToB3.cpp:
3252         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
3253         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
3254         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
3255         * jit/CCallHelpers.h:
3256         (JSC::CCallHelpers::setupArgumentsWithExecState):
3257         * jit/ICStats.h:
3258         * jit/JIT.cpp:
3259         (JSC::JIT::JIT):
3260         (JSC::JIT::privateCompileSlowCases):
3261         (JSC::JIT::link):
3262         * jit/JIT.h:
3263         * jit/JITInlineCacheGenerator.cpp:
3264         (JSC::JITByIdGenerator::JITByIdGenerator):
3265         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
3266         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
3267         * jit/JITInlineCacheGenerator.h:
3268         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
3269         * jit/JITInlines.h:
3270         (JSC::JIT::callOperation):
3271         * jit/JITOperations.cpp:
3272         * jit/JITOperations.h:
3273         * jit/JITPropertyAccess.cpp:
3274         (JSC::JIT::emit_op_get_by_id_with_this):
3275         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3276         * jit/JITPropertyAccess32_64.cpp:
3277         (JSC::JIT::emit_op_get_by_id_with_this):
3278         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3279         * jit/Repatch.cpp:
3280         (JSC::appropriateOptimizingGetByIdFunction):
3281         (JSC::appropriateGenericGetByIdFunction):
3282         (JSC::tryCacheGetByID):
3283         * jit/Repatch.h:
3284         * jsc.cpp:
3285         (WTF::CustomGetter::getOwnPropertySlot):
3286         (WTF::CustomGetter::customGetterAcessor):
3287
3288 2017-02-24  JF Bastien  <jfbastien@apple.com>
3289
3290         WebAssembly: miscellaneous spec fixes
3291         https://bugs.webkit.org/show_bug.cgi?id=168822
3292
3293         Reviewed by Saam Barati.
3294
3295         * wasm/WasmModuleParser.cpp: "unknown" sections are now called "custom" sections
3296         * wasm/WasmSections.h:
3297         (JSC::Wasm::validateOrder):
3298         (JSC::Wasm::makeString): fix ASSERT_UNREACHABLE bug in printing
3299         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3300         (JSC::constructJSWebAssemblyInstance): disallow i64 import
3301         * wasm/js/WebAssemblyModuleRecord.cpp:
3302         (JSC::WebAssemblyModuleRecord::link): disallow i64 export
3303         (JSC::WebAssemblyModuleRecord::evaluate):
3304
3305 2017-02-24  Filip Pizlo  <fpizlo@apple.com>
3306
3307         Move Arg::Type and Arg::Width out into the B3 namespace, since they are general concepts
3308         https://bugs.webkit.org/show_bug.cgi?id=168833
3309
3310         Reviewed by Saam Barati.
3311         
3312         I want to use the Air::Arg::Type and Air::Arg::Width concepts in B3. We are already
3313         doing this a bit, and it's akward because of the namespacing. Throughout B3 we take the
3314         approach that if something is not specific to Air, then it should be in the B3
3315         namespace.
3316         
3317         This moves Air::Arg::Type to B3::Bank. This moves Air::Arg::Width to B3::Width.
3318         
3319         I renamed Arg::Type to Bank because there is already a B3::Type and because Arg::Type
3320         was never really a type. Its purpose was always to identify register banks, and we use
3321         this enum when the thing we care about is whether the value is most appropriate for
3322         GPRs or FPRs.
3323         
3324         I kept both as non-enum classes because I think that we've learned that terse compiler
3325         code is a good thing. I don't want to say Bank::GP when I can say GP. With Width, the
3326         argument is even stronger, since you cannot say Width::8 but you can say Width8.
3327
3328         * CMakeLists.txt:
3329         * JavaScriptCore.xcodeproj/project.pbxproj:
3330         * b3/B3Bank.cpp: Added.
3331         (WTF::printInternal):
3332         * b3/B3Bank.h: Added.
3333         (JSC::B3::forEachBank):
3334         (JSC::B3::bankForType):
3335         * b3/B3CheckSpecial.cpp:
3336         (JSC::B3::CheckSpecial::forEachArg):
3337         * b3/B3LegalizeMemoryOffsets.cpp:
3338         * b3/B3LowerToAir.cpp:
3339         (JSC::B3::Air::LowerToAir::run):
3340         (JSC::B3::Air::LowerToAir::tmp):
3341         (JSC::B3::Air::LowerToAir::scaleForShl):
3342         (JSC::B3::Air::LowerToAir::effectiveAddr):
3343         (JSC::B3::Air::LowerToAir::addr):
3344         (JSC::B3::Air::LowerToAir::createGenericCompare):
3345         (JSC::B3::Air::LowerToAir::createBranch):
3346         (JSC::B3::Air::LowerToAir::createCompare):
3347         (JSC::B3::Air::LowerToAir::createSelect):
3348         (JSC::B3::Air::LowerToAir::lower):
3349         * b3/B3MemoryValue.cpp:
3350         (JSC::B3::MemoryValue::accessWidth):
3351         * b3/B3MemoryValue.h:
3352         * b3/B3MoveConstants.cpp:
3353         * b3/B3PatchpointSpecial.cpp:
3354         (JSC::B3::PatchpointSpecial::forEachArg):
3355         * b3/B3StackmapSpecial.cpp:
3356         (JSC::B3::StackmapSpecial::forEachArgImpl):
3357         * b3/B3Value.h:
3358         * b3/B3Variable.h:
3359         (JSC::B3::Variable::width):
3360         (JSC::B3::Variable::bank):
3361         * b3/B3WasmAddressValue.h: