64f75095c00981de2a1c4a134d054d3cce52d4ac
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-09-25  Saam Barati  <sbarati@apple.com>
2
3         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
4         https://bugs.webkit.org/show_bug.cgi?id=189940
5         <rdar://problem/43640987>
6
7         Reviewed by Mark Lam.
8
9         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
10         CodeBlock. There is nothing semantically wrong with doing that (except for
11         poor naming), however, the poor naming here led us to make a real semantic
12         mistake. We wanted the baseline CodeBlock's constant pool, but we were
13         accessing the FTL CodeBlock's constant pool accidentally. We need to
14         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
15         constant value.
16
17         * bytecode/InlineCallFrame.h:
18         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
19         * ftl/FTLOperations.cpp:
20         (JSC::FTL::operationMaterializeObjectInOSR):
21
22 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
23
24         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
25         https://bugs.webkit.org/show_bug.cgi?id=189962
26         <rdar://problem/44648287>
27
28         Reviewed by Brian Burg.
29
30         * inspector/scripts/codegen/generate_objc_header.py:
31         (ObjCHeaderGenerator._callback_block_for_command):
32         If there are no return parameters include "void" in the block signature.
33
34         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
35         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
36         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
37         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
38         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
39         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
40         Rebaseline test results.
41
42 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
43
44         Remove AUTHORS and THANKS files which are stale
45         https://bugs.webkit.org/show_bug.cgi?id=189941
46
47         Reviewed by Darin Adler.
48
49         Included mentions below so their names are still in ChangeLogs.
50
51         * AUTHORS: Removed.
52         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
53         These authors remain mentioned in copyrights in source files.
54
55         * THANKS: Removed.
56         Richard Moore <rich@kde.org> - for filling the Math object with some life
57         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
58         Marco Pinelli <pinmc@libero.it> - for his patches
59         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
60         
61 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
62
63         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
64         https://bugs.webkit.org/show_bug.cgi?id=189733
65
66         Reviewed by Michael Catanzaro.
67
68         * assembler/ARM64Assembler.h:
69         * assembler/ARMAssembler.h:
70         (JSC::ARMAssembler::cacheFlush):
71         * assembler/MacroAssemblerARM.cpp:
72         (JSC::isVFPPresent):
73         * assembler/MacroAssemblerARM64.cpp:
74         * assembler/MacroAssemblerARMv7.cpp:
75         * assembler/MacroAssemblerMIPS.cpp:
76         * assembler/MacroAssemblerX86Common.cpp:
77         * heap/HeapCell.cpp:
78         * heap/HeapCell.h:
79         * jit/HostCallReturnValue.h:
80         * jit/JIT.h:
81         * jit/JITOperations.cpp:
82         * jit/ThunkGenerators.cpp:
83         * runtime/ArrayConventions.cpp:
84         (JSC::clearArrayMemset):
85         * runtime/JSBigInt.cpp:
86         (JSC::JSBigInt::digitDiv):
87
88 2018-09-24  Saam Barati  <sbarati@apple.com>
89
90         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
91         https://bugs.webkit.org/show_bug.cgi?id=189922
92         <rdar://problem/44651275>
93
94         Reviewed by Mark Lam.
95
96         The implementation was first getting the length to iterate up to,
97         then getting the starting index. However, getting the starting
98         index may perform effects. e.g, it could change the length of the
99         array. This changes it so we verify the length is still valid.
100
101         * runtime/ArrayPrototype.cpp:
102         (JSC::arrayProtoFuncIndexOf):
103
104 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
105
106         offlineasm: fix macro scoping
107         https://bugs.webkit.org/show_bug.cgi?id=189902
108
109         Reviewed by Mark Lam.
110
111         In the code below, the reference to `f` in `g`, which should refer to
112         the outer macro definition will instead refer to the f argument of the
113         anonymous macro passed to `g`. That leads to this code failing to
114         compile (f expected 0 args but got 1).
115         
116         ```
117         macro f(x)
118             move x, t0
119         end
120         
121         macro g(fn)
122             fn(macro () f(42) end)
123         end
124         
125         g(macro(f) f() end)
126         ```
127
128         * offlineasm/ast.rb:
129         * offlineasm/transform.rb:
130
131 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
132
133         Add forEach method for iterating CodeBlock's ValueProfiles
134         https://bugs.webkit.org/show_bug.cgi?id=189897
135
136         Reviewed by Mark Lam.
137
138         Add method to abstract how we find ValueProfiles in a CodeBlock in
139         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
140         ValueProfiles will be stored in the MetadataTable.
141
142         * bytecode/CodeBlock.cpp:
143         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
144         (JSC::CodeBlock::updateAllValueProfilePredictions):
145         (JSC::CodeBlock::shouldOptimizeNow):
146         (JSC::CodeBlock::dumpValueProfiles):
147         * bytecode/CodeBlock.h:
148         (JSC::CodeBlock::forEachValueProfile):
149         (JSC::CodeBlock::numberOfArgumentValueProfiles):
150         (JSC::CodeBlock::valueProfileForArgument):
151         (JSC::CodeBlock::numberOfValueProfiles):
152         (JSC::CodeBlock::valueProfile):
153         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
154         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
155         * tools/HeapVerifier.cpp:
156         (JSC::HeapVerifier::validateJSCell):
157
158 2018-09-24  Saam barati  <sbarati@apple.com>
159
160         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
161         https://bugs.webkit.org/show_bug.cgi?id=189682
162         <rdar://problem/43557315>
163
164         Reviewed by Mark Lam.
165
166         Otherwise, if we have code like this:
167         ```
168         a: Arguments
169         b: GetButterfly(@a)
170         c: ForceExit
171         d: GetArrayLength(@a, @b)
172         ```
173         it will get transformed into this invalid DFG IR:
174         ```
175         a: PhantomArguments
176         b: Check(@a)
177         c: ForceExit
178         d: GetArrayLength(@a, @b)
179         ```
180         
181         And we will fail DFG validation since @b does not have a result.
182         
183         The fix is to just remove all nodes after the ForceExit and plant an
184         Unreachable after it. So the above code program will now turn into this:
185         ```
186         a: PhantomArguments
187         b: Check(@a)
188         c: ForceExit
189         e: Unreachable
190         ```
191
192         * dfg/DFGArgumentsEliminationPhase.cpp:
193
194 2018-09-22  Saam barati  <sbarati@apple.com>
195
196         The sampling should not use Strong<CodeBlock> in its machineLocation field
197         https://bugs.webkit.org/show_bug.cgi?id=189319
198
199         Reviewed by Filip Pizlo.
200
201         The sampling profiler has a CLI mode where we gather information about inline
202         call frames. That data structure was using a Strong<CodeBlock>. We were
203         constructing this Strong<CodeBlock> during GC concurrently to processing all
204         the Strong handles. This is a bug since we end up corrupting that data
205         structure. This patch fixes this by just making this data structure use the
206         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
207
208         * inspector/agents/InspectorScriptProfilerAgent.cpp:
209         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
210         * runtime/SamplingProfiler.cpp:
211         (JSC::SamplingProfiler::processUnverifiedStackTraces):
212
213         (JSC::SamplingProfiler::reportTopFunctions):
214         (JSC::SamplingProfiler::reportTopBytecodes):
215         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
216         cause a GC to happen while already holding the sampling profiler's
217         lock.
218
219 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
220
221         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
222         https://bugs.webkit.org/show_bug.cgi?id=189778
223
224         Reviewed by Keith Miller.
225
226         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
227         Linux and macOS respectively. We would like to enable it for non JIT
228         configurations in X86_64 and ARM64.
229
230         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
231         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
232         configuration. But it is wrong in the new scenario since we have a build
233         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
234         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
235         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
236         related to LLInt ASM interpreter and not related to JIT.
237
238         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
239         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
240         has machine register information that is used in LLInt ASM interpreter.
241
242         * API/tests/PingPongStackOverflowTest.cpp:
243         (testPingPongStackOverflow):
244         * CMakeLists.txt:
245         * JavaScriptCore.xcodeproj/project.pbxproj:
246         * assembler/MaxFrameExtentForSlowPathCall.h:
247         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
248         * bytecode/CodeBlock.cpp:
249         (JSC::CodeBlock::finishCreation):
250         * bytecode/CodeBlock.h:
251         (JSC::CodeBlock::calleeSaveRegisters const):
252         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
253         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
254         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
255         * bytecode/Opcode.h:
256         (JSC::padOpcodeName):
257         * heap/Heap.cpp:
258         (JSC::Heap::gatherJSStackRoots):
259         (JSC::Heap::stopThePeriphery):
260         * interpreter/CLoopStack.cpp:
261         * interpreter/CLoopStack.h:
262         * interpreter/CLoopStackInlines.h:
263         * interpreter/EntryFrame.h:
264         * interpreter/Interpreter.cpp:
265         (JSC::Interpreter::Interpreter):
266         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
267         * interpreter/Interpreter.h:
268         * interpreter/StackVisitor.cpp:
269         (JSC::StackVisitor::Frame::calleeSaveRegisters):
270         * interpreter/VMEntryRecord.h:
271         * jit/ExecutableAllocator.h:
272         * jit/FPRInfo.h:
273         (WTF::printInternal):
274         * jit/GPRInfo.cpp:
275         * jit/GPRInfo.h:
276         (WTF::printInternal):
277         * jit/HostCallReturnValue.cpp:
278         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
279         * jit/HostCallReturnValue.h:
280         * jit/JITOperations.cpp:
281         (JSC::getHostCallReturnValueWithExecState): Deleted.
282         * jit/JITOperationsMSVC64.cpp:
283         * jit/Reg.cpp:
284         * jit/Reg.h:
285         * jit/RegisterAtOffset.cpp:
286         * jit/RegisterAtOffset.h:
287         * jit/RegisterAtOffsetList.cpp:
288         * jit/RegisterAtOffsetList.h:
289         * jit/RegisterMap.h:
290         * jit/RegisterSet.cpp:
291         * jit/RegisterSet.h:
292         * jit/TempRegisterSet.cpp:
293         * jit/TempRegisterSet.h:
294         * llint/LLIntCLoop.cpp:
295         * llint/LLIntCLoop.h:
296         * llint/LLIntData.cpp:
297         (JSC::LLInt::initialize):
298         (JSC::LLInt::Data::performAssertions):
299         * llint/LLIntData.h:
300         * llint/LLIntOfflineAsmConfig.h:
301         * llint/LLIntOpcode.h:
302         * llint/LLIntPCRanges.h:
303         * llint/LLIntSlowPaths.cpp:
304         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
305         * llint/LLIntSlowPaths.h:
306         * llint/LLIntThunks.cpp:
307         * llint/LowLevelInterpreter.cpp:
308         * llint/LowLevelInterpreter.h:
309         * runtime/JSCJSValue.h:
310         * runtime/MachineContext.h:
311         * runtime/SamplingProfiler.cpp:
312         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
313         for LLInt ASM interpreter with non JIT configuration.
314         * runtime/TestRunnerUtils.cpp:
315         (JSC::optimizeNextInvocation):
316         * runtime/VM.cpp:
317         (JSC::VM::VM):
318         (JSC::VM::getHostFunction):
319         (JSC::VM::updateSoftReservedZoneSize):
320         (JSC::sanitizeStackForVM):
321         (JSC::VM::committedStackByteCount):
322         * runtime/VM.h:
323         * runtime/VMInlines.h:
324         (JSC::VM::ensureStackCapacityFor):
325         (JSC::VM::isSafeToRecurseSoft const):
326
327 2018-09-21  Keith Miller  <keith_miller@apple.com>
328
329         Add Promise SPI
330         https://bugs.webkit.org/show_bug.cgi?id=189809
331
332         Reviewed by Saam Barati.
333
334         The Patch adds new SPI to create promises. It's mostly SPI because
335         I want to see how internal users react to it before we make it
336         public.
337
338         This patch adds a couple of new Obj-C SPI methods. The first
339         creates a new promise using the same API that JS does where the
340         user provides an executor callback. If an exception is raised
341         in/to that callback the promise is automagically rejected. The
342         other methods create a pre-resolved or rejected promise as this
343         appears to be a common way to initialize a promise.
344
345         I was also considering adding a second version of executor API
346         where it would catch specific Obj-C exceptions. This would work by
347         taking a Class paramter and checking isKindOfClass: on the
348         exception. I decided against this as nothing else in our API
349         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
350         corrupt state if an Obj-C exception unwinds through JS frames.
351
352         This patch adds a new C function that will create a "deferred"
353         promise. A deferred promise is a style of creating promise/futures
354         where the resolve and reject functions are passed as outputs of a
355         function. I went with this style for the C SPI because we don't have
356         any concept of forwarding exceptions in the C API.
357
358         In order to make the C API work I refactored a bit of the promise code
359         so that we can call a static method on JSDeferredPromise and just get
360         the components without allocating an extra cell wrapper.
361
362         * API/JSContext.mm:
363         (+[JSContext currentCallee]):
364         * API/JSObjectRef.cpp:
365         (JSObjectMakeDeferredPromise):
366         * API/JSObjectRefPrivate.h:
367         * API/JSValue.mm:
368         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
369         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
370         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
371         * API/JSValuePrivate.h: Added.
372         * API/JSVirtualMachine.mm:
373         * API/JSVirtualMachinePrivate.h:
374         * API/tests/testapi.c:
375         (main):
376         * API/tests/testapi.cpp:
377         (APIContext::operator JSC::ExecState*):
378         (TestAPI::failed const):
379         (TestAPI::check):
380         (TestAPI::basicSymbol):
381         (TestAPI::symbolsTypeof):
382         (TestAPI::symbolsGetPropertyForKey):
383         (TestAPI::symbolsSetPropertyForKey):
384         (TestAPI::symbolsHasPropertyForKey):
385         (TestAPI::symbolsDeletePropertyForKey):
386         (TestAPI::promiseResolveTrue):
387         (TestAPI::promiseRejectTrue):
388         (testCAPIViaCpp):
389         (TestAPI::run): Deleted.
390         * API/tests/testapi.mm:
391         (testObjectiveCAPIMain):
392         (promiseWithExecutor):
393         (promiseRejectOnJSException):
394         (promiseCreateResolved):
395         (promiseCreateRejected):
396         (parallelPromiseResolveTest):
397         (testObjectiveCAPI):
398         * JavaScriptCore.xcodeproj/project.pbxproj:
399         * runtime/JSInternalPromiseDeferred.cpp:
400         (JSC::JSInternalPromiseDeferred::create):
401         * runtime/JSPromise.h:
402         * runtime/JSPromiseConstructor.cpp:
403         (JSC::constructPromise):
404         * runtime/JSPromiseDeferred.cpp:
405         (JSC::JSPromiseDeferred::createDeferredData):
406         (JSC::JSPromiseDeferred::create):
407         (JSC::JSPromiseDeferred::finishCreation):
408         (JSC::newPromiseCapability): Deleted.
409         * runtime/JSPromiseDeferred.h:
410         (JSC::JSPromiseDeferred::promise const):
411         (JSC::JSPromiseDeferred::resolve const):
412         (JSC::JSPromiseDeferred::reject const):
413
414 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
415
416         Unreviewed, rolling out r236359.
417
418         Broke the Windows build.
419
420         Reverted changeset:
421
422         "Add Promise SPI"
423         https://bugs.webkit.org/show_bug.cgi?id=189809
424         https://trac.webkit.org/changeset/236359
425
426 2018-09-21  Mark Lam  <mark.lam@apple.com>
427
428         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
429         https://bugs.webkit.org/show_bug.cgi?id=189855
430         <rdar://problem/44680181>
431
432         Reviewed by Filip Pizlo.
433
434         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
435         ExecState* argument.  This is intentional so that resolveRope() does not throw
436         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
437         get the VM from the cell instead of via the ExecState.
438
439         Also removed an obsolete and unused field in JSString.
440
441         * runtime/JSString.cpp:
442         (JSC::JSRopeString::resolveRope const):
443         (JSC::JSRopeString::outOfMemory const):
444         * runtime/JSString.h:
445         (JSC::JSString::tryGetValue const):
446
447 2018-09-21  Michael Saboff  <msaboff@apple.com>
448
449         Add functions to measure memory footprint to JSC
450         https://bugs.webkit.org/show_bug.cgi?id=189768
451
452         Reviewed by Saam Barati.
453
454         Rolling this back in again.
455
456         Provide system memory metrics for the current process to aid in memory reduction measurement and
457         tuning using native JS tests.
458
459         * jsc.cpp:
460         (MemoryFootprint::now):
461         (MemoryFootprint::resetPeak):
462         (GlobalObject::finishCreation):
463         (JSCMemoryFootprint::JSCMemoryFootprint):
464         (JSCMemoryFootprint::createStructure):
465         (JSCMemoryFootprint::create):
466         (JSCMemoryFootprint::finishCreation):
467         (JSCMemoryFootprint::addProperty):
468         (functionResetMemoryPeak):
469
470 2018-09-21  Keith Miller  <keith_miller@apple.com>
471
472         Add Promise SPI
473         https://bugs.webkit.org/show_bug.cgi?id=189809
474
475         Reviewed by Saam Barati.
476
477         The Patch adds new SPI to create promises. It's mostly SPI because
478         I want to see how internal users react to it before we make it
479         public.
480
481         This patch adds a couple of new Obj-C SPI methods. The first
482         creates a new promise using the same API that JS does where the
483         user provides an executor callback. If an exception is raised
484         in/to that callback the promise is automagically rejected. The
485         other methods create a pre-resolved or rejected promise as this
486         appears to be a common way to initialize a promise.
487
488         I was also considering adding a second version of executor API
489         where it would catch specific Obj-C exceptions. This would work by
490         taking a Class paramter and checking isKindOfClass: on the
491         exception. I decided against this as nothing else in our API
492         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
493         corrupt state if an Obj-C exception unwinds through JS frames.
494
495         This patch adds a new C function that will create a "deferred"
496         promise. A deferred promise is a style of creating promise/futures
497         where the resolve and reject functions are passed as outputs of a
498         function. I went with this style for the C SPI because we don't have
499         any concept of forwarding exceptions in the C API.
500
501         In order to make the C API work I refactored a bit of the promise code
502         so that we can call a static method on JSDeferredPromise and just get
503         the components without allocating an extra cell wrapper.
504
505         * API/JSContext.mm:
506         (+[JSContext currentCallee]):
507         * API/JSObjectRef.cpp:
508         (JSObjectMakeDeferredPromise):
509         * API/JSObjectRefPrivate.h:
510         * API/JSValue.mm:
511         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
512         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
513         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
514         * API/JSValuePrivate.h: Added.
515         * API/JSVirtualMachine.mm:
516         * API/JSVirtualMachinePrivate.h:
517         * API/tests/testapi.c:
518         (main):
519         * API/tests/testapi.cpp:
520         (APIContext::operator JSC::ExecState*):
521         (TestAPI::failed const):
522         (TestAPI::check):
523         (TestAPI::basicSymbol):
524         (TestAPI::symbolsTypeof):
525         (TestAPI::symbolsGetPropertyForKey):
526         (TestAPI::symbolsSetPropertyForKey):
527         (TestAPI::symbolsHasPropertyForKey):
528         (TestAPI::symbolsDeletePropertyForKey):
529         (TestAPI::promiseResolveTrue):
530         (TestAPI::promiseRejectTrue):
531         (testCAPIViaCpp):
532         (TestAPI::run): Deleted.
533         * API/tests/testapi.mm:
534         (testObjectiveCAPIMain):
535         (promiseWithExecutor):
536         (promiseRejectOnJSException):
537         (promiseCreateResolved):
538         (promiseCreateRejected):
539         (parallelPromiseResolveTest):
540         (testObjectiveCAPI):
541         * JavaScriptCore.xcodeproj/project.pbxproj:
542         * runtime/JSInternalPromiseDeferred.cpp:
543         (JSC::JSInternalPromiseDeferred::create):
544         * runtime/JSPromise.h:
545         * runtime/JSPromiseConstructor.cpp:
546         (JSC::constructPromise):
547         * runtime/JSPromiseDeferred.cpp:
548         (JSC::JSPromiseDeferred::createDeferredData):
549         (JSC::JSPromiseDeferred::create):
550         (JSC::JSPromiseDeferred::finishCreation):
551         (JSC::newPromiseCapability): Deleted.
552         * runtime/JSPromiseDeferred.h:
553         (JSC::JSPromiseDeferred::promise const):
554         (JSC::JSPromiseDeferred::resolve const):
555         (JSC::JSPromiseDeferred::reject const):
556
557 2018-09-21  Truitt Savell  <tsavell@apple.com>
558
559         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
560         https://bugs.webkit.org/show_bug.cgi?id=156674
561
562         Unreviewed Test Gardening
563
564         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
565         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
566
567 2018-09-21  Mike Gorse  <mgorse@suse.com>
568
569         Build tools should work when the /usr/bin/python is python3
570         https://bugs.webkit.org/show_bug.cgi?id=156674
571
572         Reviewed by Michael Catanzaro.
573
574         * Scripts/cssmin.py:
575         * Scripts/generate-js-builtins.py:
576         (do_open):
577         (generate_bindings_for_builtins_files):
578         * Scripts/generateIntlCanonicalizeLanguage.py:
579         * Scripts/jsmin.py:
580         (JavascriptMinify.minify.write):
581         (JavascriptMinify):
582         (JavascriptMinify.minify):
583         * Scripts/make-js-file-arrays.py:
584         (chunk):
585         (main):
586         * Scripts/wkbuiltins/__init__.py:
587         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
588         (generate_section_for_global_private_code_name_macro):
589         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
590         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
591         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
592         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
593         * Scripts/wkbuiltins/builtins_model.py:
594         (BuiltinFunction.__lt__):
595         (BuiltinsCollection.copyrights):
596         (BuiltinsCollection._parse_functions):
597         * disassembler/udis86/ud_opcode.py:
598         (UdOpcodeTables.pprint.printWalk):
599         * generate-bytecode-files:
600         * inspector/scripts/codegen/__init__.py:
601         * inspector/scripts/codegen/cpp_generator.py:
602         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
603         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
604         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
605         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
606         (CppBackendDispatcherHeaderGenerator.generate_output):
607         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
608         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
609         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
610         (CppBackendDispatcherImplementationGenerator.generate_output):
611         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
612         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
613         (CppFrontendDispatcherHeaderGenerator.generate_output):
614         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
615         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
616         (CppFrontendDispatcherImplementationGenerator.generate_output):
617         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
618         (CppProtocolTypesHeaderGenerator.generate_output):
619         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
620         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
621         (CppProtocolTypesImplementationGenerator.generate_output):
622         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
623         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
624         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
625         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
626         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
627         * inspector/scripts/codegen/generate_js_backend_commands.py:
628         (JSBackendCommandsGenerator.should_generate_domain):
629         (JSBackendCommandsGenerator.domains_to_generate):
630         (JSBackendCommandsGenerator.generate_output):
631         (JSBackendCommandsGenerator.generate_domain):
632         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
633         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
634         (ObjCBackendDispatcherHeaderGenerator.generate_output):
635         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
636         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
637         (ObjCBackendDispatcherImplementationGenerator.generate_output):
638         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
639         * inspector/scripts/codegen/generate_objc_configuration_header.py:
640         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
641         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
642         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
643         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
644         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
645         * inspector/scripts/codegen/generate_objc_header.py:
646         (ObjCHeaderGenerator.generate_output):
647         (ObjCHeaderGenerator._generate_type_interface):
648         * inspector/scripts/codegen/generate_objc_internal_header.py:
649         (ObjCInternalHeaderGenerator.generate_output):
650         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
651         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
652         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
653         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
654         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
655         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
656         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
657         (ObjCProtocolTypesImplementationGenerator.generate_output):
658         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
659         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
660         * inspector/scripts/codegen/generator.py:
661         (Generator.non_supplemental_domains):
662         (Generator.open_fields):
663         (Generator.calculate_types_requiring_shape_assertions):
664         (Generator._traverse_and_assign_enum_values):
665         (Generator.stylized_name_for_enum_value):
666         * inspector/scripts/codegen/models.py:
667         (find_duplicates):
668         * inspector/scripts/codegen/objc_generator.py:
669         * wasm/generateWasm.py:
670         (opcodeIterator):
671         * yarr/generateYarrCanonicalizeUnicode:
672         * yarr/generateYarrUnicodePropertyTables.py:
673         * yarr/hasher.py:
674         (stringHash):
675
676 2018-09-21  Tomas Popela  <tpopela@redhat.com>
677
678         [ARM] Build broken on armv7hl after r235517
679         https://bugs.webkit.org/show_bug.cgi?id=189831
680
681         Reviewed by Yusuke Suzuki.
682
683         Add missing implementation of patchebleBranch8() for traditional ARM.
684
685         * assembler/MacroAssemblerARM.h:
686         (JSC::MacroAssemblerARM::patchableBranch8):
687
688 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
689
690         Unreviewed, rolling out r236293.
691
692         Internal build still broken.
693
694         Reverted changeset:
695
696         "Add functions to measure memory footprint to JSC"
697         https://bugs.webkit.org/show_bug.cgi?id=189768
698         https://trac.webkit.org/changeset/236293
699
700 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
701
702         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
703         https://bugs.webkit.org/show_bug.cgi?id=189558
704
705         Reviewed by Mark Lam.
706
707         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
708
709             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
710
711         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
712         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
713
714         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
715         And we propagate this value to the global atomic counter when rebalance happens.
716
717         We also reduce HeapCell::heap() access by using `vm.heap`.
718
719         * heap/SlotVisitor.cpp:
720         (JSC::SlotVisitor::didStartMarking):
721         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
722         (JSC::SlotVisitor::drain):
723         (JSC::SlotVisitor::performIncrementOfDraining):
724         * heap/SlotVisitor.h:
725         * heap/SlotVisitorInlines.h:
726         (JSC::SlotVisitor::reportExtraMemoryVisited):
727         * runtime/JSString.cpp:
728         (JSC::JSRopeString::resolveRopeToAtomicString const):
729         (JSC::JSRopeString::resolveRope const):
730         * runtime/JSString.h:
731         (JSC::JSString::finishCreation):
732         * wasm/js/JSWebAssemblyInstance.cpp:
733         (JSC::JSWebAssemblyInstance::finishCreation):
734         * wasm/js/JSWebAssemblyMemory.cpp:
735         (JSC::JSWebAssemblyMemory::finishCreation):
736
737 2018-09-20  Michael Saboff  <msaboff@apple.com>
738
739         Add functions to measure memory footprint to JSC
740         https://bugs.webkit.org/show_bug.cgi?id=189768
741
742         Reviewed by Saam Barati.
743
744         Rolling this back in.
745
746         Provide system memory metrics for the current process to aid in memory reduction measurement and
747         tuning using native JS tests.
748
749         * jsc.cpp:
750         (MemoryFootprint::now):
751         (MemoryFootprint::resetPeak):
752         (GlobalObject::finishCreation):
753         (JSCMemoryFootprint::JSCMemoryFootprint):
754         (JSCMemoryFootprint::createStructure):
755         (JSCMemoryFootprint::create):
756         (JSCMemoryFootprint::finishCreation):
757         (JSCMemoryFootprint::addProperty):
758         (functionResetMemoryPeak):
759
760 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
761
762         Unreviewed, rolling out r236235.
763
764         Breaks internal builds.
765
766         Reverted changeset:
767
768         "Add functions to measure memory footprint to JSC"
769         https://bugs.webkit.org/show_bug.cgi?id=189768
770         https://trac.webkit.org/changeset/236235
771
772 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
773
774         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
775         https://bugs.webkit.org/show_bug.cgi?id=189730
776
777         Reviewed by Saam Barati.
778
779         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
780
781         * jit/JITMathIC.h:
782         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
783
784 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
785
786         [JSC] Optimize Array#indexOf in C++ runtime
787         https://bugs.webkit.org/show_bug.cgi?id=189507
788
789         Reviewed by Saam Barati.
790
791         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
792         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
793         and actually it is working well, C++ Array#indexOf is called significant amount
794         of time before tiering up, and it takes 6.74% of jsc main thread samples according
795         to perf command in Linux. This is because C++ Array#indexOf is too generic and
796         misses the chance to optimize JSArray cases.
797
798         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
799         access to the given JSArray is non-observable and indexing type is good for the fast
800         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
801         babylon web-tooling-benchmark.
802
803         * runtime/ArrayPrototype.cpp:
804         (JSC::arrayProtoFuncIndexOf):
805         * runtime/JSArray.h:
806         * runtime/JSArrayInlines.h:
807         (JSC::JSArray::canDoFastIndexedAccess):
808         (JSC::toLength):
809         * runtime/JSCJSValueInlines.h:
810         (JSC::JSValue::JSValue):
811         * runtime/JSGlobalObject.h:
812         * runtime/JSGlobalObjectInlines.h:
813         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
814         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
815         * runtime/MathCommon.h:
816         (JSC::canBeStrictInt32):
817         (JSC::canBeInt32):
818
819 2018-09-19  Michael Saboff  <msaboff@apple.com>
820
821         Add functions to measure memory footprint to JSC
822         https://bugs.webkit.org/show_bug.cgi?id=189768
823
824         Reviewed by Saam Barati.
825
826         Provide system memory metrics for the current process to aid in memory reduction measurement and
827         tuning using native JS tests.
828
829         * jsc.cpp:
830         (MemoryFootprint::now):
831         (MemoryFootprint::resetPeak):
832         (GlobalObject::finishCreation):
833         (JSCMemoryFootprint::JSCMemoryFootprint):
834         (JSCMemoryFootprint::createStructure):
835         (JSCMemoryFootprint::create):
836         (JSCMemoryFootprint::finishCreation):
837         (JSCMemoryFootprint::addProperty):
838         (functionResetMemoryPeak):
839
840 2018-09-19  Saam barati  <sbarati@apple.com>
841
842         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
843         https://bugs.webkit.org/show_bug.cgi?id=189703
844
845         Reviewed by Mark Lam.
846
847         This fixes a crash that a TypeProfiler change revealed.
848
849         * dfg/DFGSpeculativeJIT64.cpp:
850         (JSC::DFG::SpeculativeJIT::compile):
851
852 2018-09-19  Saam barati  <sbarati@apple.com>
853
854         AI rule for MultiPutByOffset executes its effects in the wrong order
855         https://bugs.webkit.org/show_bug.cgi?id=189757
856         <rdar://problem/43535257>
857
858         Reviewed by Michael Saboff.
859
860         The AI rule for MultiPutByOffset was executing effects in the wrong order.
861         It first executed the transition effects and the effects on the base, and
862         then executed the filtering effects on the value being stored. However, you
863         can end up with the wrong type when the base and the value being stored
864         are the same. E.g, in a program like `o.f = o`. These effects need to happen
865         in the opposite order, modeling what happens in the runtime executing of
866         MultiPutByOffset.
867
868         * dfg/DFGAbstractInterpreterInlines.h:
869         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
870
871 2018-09-18  Mark Lam  <mark.lam@apple.com>
872
873         Ensure that ForInContexts are invalidated if their loop local is over-written.
874         https://bugs.webkit.org/show_bug.cgi?id=189571
875         <rdar://problem/44402277>
876
877         Reviewed by Saam Barati.
878
879         Instead of hunting down every place in the BytecodeGenerator that potentially
880         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
881         the bytecode range of the loop body when the ForInContext is popped, and
882         invalidate the context if we ever find the loop temp variable over-written.
883
884         This has 2 benefits:
885         1. It ensures that every type of opcode that can write to the loop temp will be
886            handled appropriately, not just the op_mov that we've hunted down.
887         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
888            every time we emit an op_mov (or other opcodes that can write to a local)
889            even when we're not inside a for-in loop.
890
891         JSC benchmarks show that that this change is performance neutral.
892
893         * bytecompiler/BytecodeGenerator.cpp:
894         (JSC::BytecodeGenerator::pushIndexedForInScope):
895         (JSC::BytecodeGenerator::popIndexedForInScope):
896         (JSC::BytecodeGenerator::pushStructureForInScope):
897         (JSC::BytecodeGenerator::popStructureForInScope):
898         (JSC::ForInContext::finalize):
899         (JSC::StructureForInContext::finalize):
900         (JSC::IndexedForInContext::finalize):
901         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
902         * bytecompiler/BytecodeGenerator.h:
903         (JSC::ForInContext::ForInContext):
904         (JSC::ForInContext::bodyBytecodeStartOffset const):
905         (JSC::StructureForInContext::StructureForInContext):
906         (JSC::IndexedForInContext::IndexedForInContext):
907         * bytecompiler/NodesCodegen.cpp:
908         (JSC::PostfixNode::emitResolve):
909         (JSC::PrefixNode::emitResolve):
910         (JSC::ReadModifyResolveNode::emitBytecode):
911         (JSC::AssignResolveNode::emitBytecode):
912         (JSC::EmptyLetExpression::emitBytecode):
913         (JSC::ForInNode::emitLoopHeader):
914         (JSC::ForOfNode::emitBytecode):
915         (JSC::BindingNode::bindValue const):
916         (JSC::AssignmentElementNode::bindValue const):
917         * runtime/CommonSlowPaths.cpp:
918         (JSC::SLOW_PATH_DECL):
919
920 2018-09-17  Devin Rousso  <drousso@apple.com>
921
922         Web Inspector: generate CSSKeywordCompletions from backend values
923         https://bugs.webkit.org/show_bug.cgi?id=189041
924
925         Reviewed by Joseph Pecoraro.
926
927         * inspector/protocol/CSS.json:
928         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
929
930 2018-09-17  Saam barati  <sbarati@apple.com>
931
932         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
933         https://bugs.webkit.org/show_bug.cgi?id=189676
934         <rdar://problem/39682897>
935
936         Reviewed by Michael Saboff.
937
938         Because the incoming value may be TDZ, CheckStructure may end up crashing.
939         Since the Type Profile does not currently record TDZ values in any of its
940         data structures, this is not a semantic change in how it will show you data.
941         It just fixes crashes when we emit a CheckStructure and the incoming value
942         is TDZ.
943
944         * dfg/DFGFixupPhase.cpp:
945         (JSC::DFG::FixupPhase::fixupNode):
946         * dfg/DFGNode.h:
947         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
948
949 2018-09-17  Darin Adler  <darin@apple.com>
950
951         Use OpaqueJSString rather than JSRetainPtr inside WebKit
952         https://bugs.webkit.org/show_bug.cgi?id=189652
953
954         Reviewed by Saam Barati.
955
956         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
957         JSStringRef.h.
958
959         * API/JSContext.mm:
960         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
961         than JSStringCreateWithCFString, simplifying the code and also obviating the
962         need for explicit JSStringRelease.
963         (-[JSContext setName:]): Ditto.
964
965         * API/JSStringRef.cpp:
966         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
967         It seems that additional optimization is possible, obviating the need to allocate
968         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
969
970         * API/JSValue.mm:
971         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
972         OpaqueJSString::create and adoptRef as appropriate.
973         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
974         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
975         (performPropertyOperation): Ditto.
976         (-[JSValue invokeMethod:withArguments:]): Ditto.
977         (valueToObjectWithoutCopy): Ditto.
978         (containerValueToObject): Ditto.
979         (valueToString): Ditto.
980         (objectToValueWithoutCopy): Ditto.
981         (objectToValue): Ditto.
982
983 2018-09-08  Darin Adler  <darin@apple.com>
984
985         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
986         https://bugs.webkit.org/show_bug.cgi?id=189455
987
988         Reviewed by Keith Miller.
989
990         * API/JSObjectRef.cpp:
991         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
992         JSRetainPtr<JSStringRef>.
993         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
994         adopt constructor.
995         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
996         the array elements are now Ref.
997
998         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
999         it only works for two specific unrelated types, JSStringRef and
1000         JSGlobalContextRef. Simplified the default constructor using data
1001         member initialization. Prepared to make the adopt constructor private
1002         (got everything compiling that way, then made it public again so that
1003         Apple internal software will still build). Got rid of unneeded
1004         templated constructor and assignment operator, since it's not relevant
1005         since there is no inheritance between JSRetainPtr template types.
1006         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
1007         Added move constructor and move assignment operator for slightly better
1008         performance. Simplified implementations of various member functions
1009         so they are more obviously correct, by using leakPtr in more of them
1010         and using std::exchange to make the flow of values more obvious.
1011
1012         * API/JSValue.mm:
1013         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
1014         missing JSStringRelease to fix a leak.
1015
1016         * API/tests/CustomGlobalObjectClassTest.c:
1017         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
1018         (globalObjectSetPrototypeTest): Ditto.
1019         (globalObjectPrivatePropertyTest): Ditto.
1020
1021         * API/tests/ExecutionTimeLimitTest.cpp:
1022         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
1023         (testExecutionTimeLimit): Ditto, lots more.
1024
1025         * API/tests/FunctionOverridesTest.cpp:
1026         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
1027
1028         * API/tests/JSObjectGetProxyTargetTest.cpp:
1029         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
1030         a leak.
1031
1032         * API/tests/PingPongStackOverflowTest.cpp:
1033         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
1034         JSStringRelease to fix leaks.
1035
1036         * API/tests/testapi.c:
1037         (throwException): Added. Helper function for repeated idiom where we want
1038         to throw an exception, but with additional JSStringRelease calls so we don't
1039         have to leak just to keep the code simpler to read.
1040         (MyObject_getProperty): Use throwException.
1041         (MyObject_setProperty): Ditto.
1042         (MyObject_deleteProperty): Ditto.
1043         (isValueEqualToString): Added. Helper function for an idiom where we check
1044         if something is a string and then if it's equal to a particular string
1045         constant, but a version that has an additional JSStringRelease call so we
1046         don't have to leak just to keep the code simpler to read.
1047         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
1048         (MyObject_callAsConstructor): Ditto.
1049         (MyObject_hasInstance): Ditto.
1050         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
1051         (testMarkingConstraintsAndHeapFinalizers): Ditto.
1052
1053 2018-09-14  Saam barati  <sbarati@apple.com>
1054
1055         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
1056         https://bugs.webkit.org/show_bug.cgi?id=189628
1057         <rdar://problem/39481690>
1058
1059         Reviewed by Mark Lam.
1060
1061         An Availability may point to a Node. And that Node may be removed from
1062         the graph, e.g, it's freed and its memory is no longer owned by Graph.
1063         This patch makes it so we no longer dump this metadata by default. If
1064         this metadata is interesting to you, you'll need to go in and change
1065         Graph::dump to dump the needed metadata.
1066
1067         * dfg/DFGGraph.cpp:
1068         (JSC::DFG::Graph::dump):
1069
1070 2018-09-14  Mark Lam  <mark.lam@apple.com>
1071
1072         Refactor some ForInContext code for better encapsulation.
1073         https://bugs.webkit.org/show_bug.cgi?id=189626
1074         <rdar://problem/44466415>
1075
1076         Reviewed by Keith Miller.
1077
1078         1. Add a ForInContext::m_type field to store the context type.  This does not
1079            increase the class size, but eliminates the need for a virtual call to get the
1080            type.
1081
1082            Note: we still need a virtual destructor because we'll be mingling
1083            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
1084
1085         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
1086            convenience methods.
1087
1088         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
1089            to do the casting to the subclass types.  This ensures that we'll properly
1090            assert that the casting is legal.
1091
1092         * bytecompiler/BytecodeGenerator.cpp:
1093         (JSC::BytecodeGenerator::emitGetByVal):
1094         (JSC::BytecodeGenerator::popIndexedForInScope):
1095         (JSC::BytecodeGenerator::popStructureForInScope):
1096         * bytecompiler/BytecodeGenerator.h:
1097         (JSC::ForInContext::type const):
1098         (JSC::ForInContext::isIndexedForInContext const):
1099         (JSC::ForInContext::isStructureForInContext const):
1100         (JSC::ForInContext::asIndexedForInContext):
1101         (JSC::ForInContext::asStructureForInContext):
1102         (JSC::ForInContext::ForInContext):
1103         (JSC::StructureForInContext::StructureForInContext):
1104         (JSC::IndexedForInContext::IndexedForInContext):
1105         (JSC::ForInContext::~ForInContext): Deleted.
1106
1107 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
1108
1109         Web Inspector: Record actions performed on ImageBitmapRenderingContext
1110         https://bugs.webkit.org/show_bug.cgi?id=181341
1111
1112         Reviewed by Joseph Pecoraro.
1113
1114         * inspector/protocol/Recording.json:
1115         * inspector/scripts/codegen/generator.py:
1116
1117 2018-09-14  Mike Gorse  <mgorse@suse.com>
1118
1119         builtins directory causes name conflict on Python 3
1120         https://bugs.webkit.org/show_bug.cgi?id=189552
1121
1122         Reviewed by Michael Catanzaro.
1123
1124         * CMakeLists.txt: builtins -> wkbuiltins.
1125         * DerivedSources.make: builtins -> wkbuiltins.
1126         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
1127           builtins.
1128         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
1129         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
1130         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
1131         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
1132         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
1133         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
1134         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
1135         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
1136         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
1137         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
1138         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
1139         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
1140
1141 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1142
1143         [WebAssembly] Inline WasmContext accessor functions
1144         https://bugs.webkit.org/show_bug.cgi?id=189416
1145
1146         Reviewed by Saam Barati.
1147
1148         WasmContext accessor functions are very small while it resides in the critical path of
1149         JS to Wasm function call. This patch makes them inline to improve performance.
1150         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
1151
1152         * JavaScriptCore.xcodeproj/project.pbxproj:
1153         * Sources.txt:
1154         * interpreter/CallFrame.cpp:
1155         * jit/AssemblyHelpers.cpp:
1156         * wasm/WasmB3IRGenerator.cpp:
1157         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
1158         (JSC::Wasm::Context::useFastTLS):
1159         (JSC::Wasm::Context::load const):
1160         (JSC::Wasm::Context::store):
1161         * wasm/WasmMemoryInformation.cpp:
1162         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
1163         * wasm/js/JSToWasm.cpp:
1164         * wasm/js/WebAssemblyFunction.cpp:
1165
1166 2018-09-12  David Kilzer  <ddkilzer@apple.com>
1167
1168         Move JavaScriptCore files to match Xcode project hierarchy
1169         <https://webkit.org/b/189574>
1170
1171         Reviewed by Filip Pizlo.
1172
1173         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
1174         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
1175         * CMakeLists.txt: Update for new path to
1176         generateYarrUnicodePropertyTables.py, hasher.py and
1177         JSAPIValueWrapper.h.
1178         * DerivedSources.make: Ditto. Add missing dependency on
1179         hasher.py captured by CMakeLists.txt.
1180         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
1181         reference paths. Add hasher.py library to project.
1182         * Sources.txt: Update for new path to
1183         JSAPIValueWrapper.cpp.
1184         * runtime/JSImmutableButterfly.h: Add missing includes
1185         after changes to Sources.txt and regenerating unified
1186         sources.
1187         * runtime/RuntimeType.h: Ditto.
1188         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
1189         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
1190
1191 2018-09-12  David Kilzer  <ddkilzer@apple.com>
1192
1193         Let Xcode have its way with the JavaScriptCore project
1194
1195         * JavaScriptCore.xcodeproj/project.pbxproj:
1196
1197 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
1198
1199         Add IGNORE_WARNING_.* macros
1200         https://bugs.webkit.org/show_bug.cgi?id=188996
1201
1202         Reviewed by Michael Catanzaro.
1203
1204         * API/JSCallbackObject.h:
1205         * API/tests/testapi.c:
1206         * assembler/LinkBuffer.h:
1207         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1208         * b3/B3LowerToAir.cpp:
1209         * b3/B3Opcode.cpp:
1210         * b3/B3Type.h:
1211         * b3/B3TypeMap.h:
1212         * b3/B3Width.h:
1213         * b3/air/AirArg.cpp:
1214         * b3/air/AirArg.h:
1215         * b3/air/AirCode.h:
1216         * bytecode/Opcode.h:
1217         (JSC::padOpcodeName):
1218         * dfg/DFGSpeculativeJIT.cpp:
1219         (JSC::DFG::SpeculativeJIT::speculateNumber):
1220         (JSC::DFG::SpeculativeJIT::speculateMisc):
1221         * dfg/DFGSpeculativeJIT64.cpp:
1222         * ftl/FTLOutput.h:
1223         * jit/CCallHelpers.h:
1224         (JSC::CCallHelpers::calculatePokeOffset):
1225         * llint/LLIntData.cpp:
1226         * llint/LLIntSlowPaths.cpp:
1227         (JSC::LLInt::slowPathLogF):
1228         * runtime/ConfigFile.cpp:
1229         (JSC::ConfigFile::canonicalizePaths):
1230         * runtime/JSDataViewPrototype.cpp:
1231         * runtime/JSGenericTypedArrayViewConstructor.h:
1232         * runtime/JSGenericTypedArrayViewPrototype.h:
1233         * runtime/Options.cpp:
1234         (JSC::Options::setAliasedOption):
1235         * tools/CodeProfiling.cpp:
1236         * wasm/WasmSections.h:
1237         * wasm/generateWasmValidateInlinesHeader.py:
1238
1239 == Rolled over to ChangeLog-2018-09-11 ==