Fix incorrect capacity delta calculation reported in SparseArrayValueMap::add().
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-04-03  Mark Lam  <mark.lam@apple.com>
2
3         Fix incorrect capacity delta calculation reported in SparseArrayValueMap::add().
4         https://bugs.webkit.org/show_bug.cgi?id=170412
5         <rdar://problem/29697336>
6
7         Reviewed by Filip Pizlo.
8
9         Here's an example of code that will trigger underflow in the "deprecatedExtraMemory"
10         reported by SparseArrayValueMap::add() that is added to Heap::m_deprecatedExtraMemorySize:
11         
12             arr = new Array;
13             Object.defineProperty(arr, 18, ({writable: true, configurable: true}));
14             for (var i = 0; i < 3; ++i) {
15                 Array.prototype.push.apply(arr, ["", () => {}, {}]);
16                 Array.prototype.sort.apply(arr, [() => {}, []]);
17             }
18
19         However, Heap::m_deprecatedExtraMemorySize is only 1 of 3 values that are added
20         up to form the result of Heap::extraMemorySize().  Heap::m_extraMemorySize and
21         Heap::m_arrayBuffers.size() are the other 2.
22
23         While Heap::m_arrayBuffers.size() is bounded by actual allocated memory, both
24         Heap::m_deprecatedExtraMemorySize and Heap::m_extraMemorySize are added to
25         without any bounds checks, and they are only reset to 0 at the start of a full
26         GC.  As a result, if we have a long sequence of eden GCs with a lot of additions
27         to Heap::m_extraMemorySize and/or Heap::m_deprecatedExtraMemorySize, then these
28         values could theoretically overflow.  Coupling this with the underflow from
29         SparseArrayValueMap::add(), the result for Heap::extraMemorySize() can easily
30         overflow.  Note: Heap::extraMemorySize() is used to compute the value
31         currentHeapSize.
32
33         If multiple conditions line up just right, the above overflows can result in this
34         debug assertion failure during an eden GC:
35
36             ASSERT(currentHeapSize >= m_sizeAfterLastCollect);
37
38         Otherwise, the effects of the overflows will only result in the computed
39         currentHeapSize not being representative of actual memory usage, and therefore,
40         a full GC may be triggered earlier or later than is ideal.
41
42         This patch ensures that SparseArrayValueMap::add() cannot underflow
43         Heap::m_deprecatedExtraMemorySize.  It also adds overflows checks in the
44         calculations of Heap::m_deprecatedExtraMemorySize, Heap::m_extraMemorySize, and
45         Heap::extraMemorySize() so that their values are saturated appropriately to
46         ensure that GC collections are triggered based on representative memory usage.
47
48         * heap/Heap.cpp:
49         (JSC::Heap::deprecatedReportExtraMemorySlowCase):
50         (JSC::Heap::extraMemorySize):
51         (JSC::Heap::updateAllocationLimits):
52         (JSC::Heap::reportExtraMemoryVisited):
53         * runtime/SparseArrayValueMap.cpp:
54         (JSC::SparseArrayValueMap::add):
55
56 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
57
58         Move the Liveness<> adapters from AirLiveness.h to AirLivenessAdapter.h.
59
60         Rubber stamped by Keith Miller.
61         
62         This will make it easier to write other code that uses those adapters.
63
64         * JavaScriptCore.xcodeproj/project.pbxproj:
65         * b3/air/AirLiveness.h:
66         (JSC::B3::Air::LivenessAdapter::LivenessAdapter): Deleted.
67         (JSC::B3::Air::LivenessAdapter::blockSize): Deleted.
68         (JSC::B3::Air::LivenessAdapter::forEachUse): Deleted.
69         (JSC::B3::Air::LivenessAdapter::forEachDef): Deleted.
70         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter): Deleted.
71         (JSC::B3::Air::TmpLivenessAdapter::numIndices): Deleted.
72         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank): Deleted.
73         (JSC::B3::Air::TmpLivenessAdapter::acceptsRole): Deleted.
74         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex): Deleted.
75         (JSC::B3::Air::TmpLivenessAdapter::indexToValue): Deleted.
76         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter): Deleted.
77         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices): Deleted.
78         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank): Deleted.
79         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole): Deleted.
80         (JSC::B3::Air::StackSlotLivenessAdapter::valueToIndex): Deleted.
81         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue): Deleted.
82         * b3/air/AirLivenessAdapter.h: Added.
83         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
84         (JSC::B3::Air::LivenessAdapter::blockSize):
85         (JSC::B3::Air::LivenessAdapter::forEachUse):
86         (JSC::B3::Air::LivenessAdapter::forEachDef):
87         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
88         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
89         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
90         (JSC::B3::Air::TmpLivenessAdapter::acceptsRole):
91         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
92         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
93         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
94         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
95         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
96         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole):
97         (JSC::B3::Air::StackSlotLivenessAdapter::valueToIndex):
98         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
99
100 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
101
102         WTF::Liveness should have an API that focuses on actions at instruction boundaries
103         https://bugs.webkit.org/show_bug.cgi?id=170407
104
105         Reviewed by Keith Miller.
106         
107         Adopt changes to the WTF::Liveness<> API. Instead of having separate functions for the
108         early/late versions of uses and defs, we now have just a use/def API. Those
109         automatically take care of eary/late issues as needed.
110         
111         This reduces the API surface between WTF::Liveness<> and its clients, which makes it
112         easier to implement some other optimizations I'm thinking about.
113
114         * b3/B3VariableLiveness.h:
115         (JSC::B3::VariableLivenessAdapter::forEachUse):
116         (JSC::B3::VariableLivenessAdapter::forEachDef):
117         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse): Deleted.
118         (JSC::B3::VariableLivenessAdapter::forEachLateUse): Deleted.
119         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef): Deleted.
120         (JSC::B3::VariableLivenessAdapter::forEachLateDef): Deleted.
121         * b3/air/AirLiveness.h:
122         (JSC::B3::Air::LivenessAdapter::blockSize):
123         (JSC::B3::Air::LivenessAdapter::forEachUse):
124         (JSC::B3::Air::LivenessAdapter::forEachDef):
125         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse): Deleted.
126         (JSC::B3::Air::LivenessAdapter::forEachLateUse): Deleted.
127         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef): Deleted.
128         (JSC::B3::Air::LivenessAdapter::forEachLateDef): Deleted.
129
130 2017-04-03  Filip Pizlo  <fpizlo@apple.com>
131
132         Inst::forEachArg could compile to more compact code
133         https://bugs.webkit.org/show_bug.cgi?id=170406
134
135         Reviewed by Sam Weinig.
136         
137         Prior to this change, Inst::forEachArg compiled to a ginormous ALWAYS_INLINE switch statement.
138         It had one case for each opcode, and then each of those cases would have a switch statement over
139         the number of operands. Then the cases of that switch statement would have a sequence of calls to
140         the passed lambda. This meant that every user of forEachArg would generate an insane amount of
141         code. It also meant that the inlining achieved nothing, since the lambda would surely then not
142         be inlined - and if it was, then the icache pressure due to code bloat would surely negate any
143         benefits.
144         
145         This replaces that code with a loop over a compact look-up table. We use the opcode and number of
146         operands as keys into that look-up table. The table only takes about 20KB. It has one byte for
147         each argument in each overload of each opcode.
148         
149         I can't measure any reproducible change in performance, but the JavaScriptCore framework binary
150         shrinks by 2.7 MB. This is a 15% reduction in JavaScriptCore binary size.
151
152         * JavaScriptCore.xcodeproj/project.pbxproj:
153         * b3/B3Width.h:
154         * b3/air/AirCustom.h:
155         (JSC::B3::Air::PatchCustom::forEachArg):
156         * b3/air/AirFormTable.h: Added.
157         (JSC::B3::Air::decodeFormRole):
158         (JSC::B3::Air::decodeFormBank):
159         (JSC::B3::Air::decodeFormWidth):
160         * b3/air/AirInst.h:
161         * b3/air/opcode_generator.rb:
162
163 2017-04-03  Keith Miller  <keith_miller@apple.com>
164
165         WebAssembly: remove lastAllocatedMode from Memory
166         https://bugs.webkit.org/show_bug.cgi?id=170405
167
168         Reviewed by Mark Lam.
169
170         It's not used anymore so there isn't any point in keeping it around.
171
172         * wasm/WasmMemory.cpp:
173         (JSC::Wasm::Memory::createImpl):
174         (JSC::Wasm::Memory::lastAllocatedMode): Deleted.
175         * wasm/WasmMemory.h:
176
177 2017-04-03  Zan Dobersek  <zdobersek@igalia.com>
178
179         [jsc] Add patchableJumpSize() for MIPS
180         https://bugs.webkit.org/show_bug.cgi?id=169716
181
182         Reviewed by Yusuke Suzuki.
183
184         * assembler/MIPSAssembler.h:
185         (JSC::MIPSAssembler::patchableJumpSize): Added.
186         * assembler/MacroAssemblerMIPS.h:
187         (JSC::MacroAssemblerMIPS::patchableJumpSize): Added.
188
189 2017-04-03  Guillaume Emont  <guijemont@igalia.com>
190
191         [jsc] implement MIPSAssembler::relinkJumpToNop()
192         https://bugs.webkit.org/show_bug.cgi?id=169720
193
194         Reviewed by Yusuke Suzuki.
195
196         * assembler/MIPSAssembler.h:
197         (JSC::MIPSAssembler::relinkJumpToNop): Added.
198
199 2017-04-02  Carlos Garcia Campos  <cgarcia@igalia.com>
200
201         Share implementation of JSRunLoopTimer::timerDidFire
202         https://bugs.webkit.org/show_bug.cgi?id=170392
203
204         Reviewed by Michael Catanzaro.
205
206         The code is cross-platform but it's duplicated in CF and GLib implementations, it could be shared instead.
207
208         * runtime/JSRunLoopTimer.cpp:
209         (JSC::JSRunLoopTimer::timerDidFire): Move common implementation here.
210         (JSC::JSRunLoopTimer::setRunLoop): Use timerDidFireCallback.
211         (JSC::JSRunLoopTimer::timerDidFireCallback): Call JSRunLoopTimer::timerDidFire().
212         * runtime/JSRunLoopTimer.h:
213
214 2017-04-01  Oleksandr Skachkov  <gskachkov@gmail.com>
215
216         Object with numerical keys with gaps gets filled by NaN values
217         https://bugs.webkit.org/show_bug.cgi?id=164412
218
219         Reviewed by Mark Lam.
220
221         This patch fixes issue when object have two properties 
222         with name as number. The issue appears when during invoking 
223         convertDoubleToArrayStorage, array is filled by pNaN and 
224         method converting it to real NaN. This happeneds because a 
225         pNaN in a Double array is a hole, and Double arrays cannot 
226         have NaN values. To fix issue we need to check value and 
227         clear it if it pNaN.
228
229         * runtime/JSObject.cpp:
230         (JSC::JSObject::convertDoubleToArrayStorage):
231
232 2017-03-31  Saam Barati  <sbarati@apple.com>
233
234         WebAssembly: Make our calls out to JS PIC friendly
235         https://bugs.webkit.org/show_bug.cgi?id=170261
236
237         Reviewed by Keith Miller.
238
239         This patch removes a direct call from the module to the Wasm to JS stub.
240         Instead, we do an indirect call to the stub by loading the stub's executable
241         address off of the CodeBlock. This is to make the code we emit for comply with
242         requirements needed for PIC.
243         
244         Adding this indirection is not ideal. Although this patch is neutral on
245         WasmBench, we really want to get back to a world where we have an IC
246         call infrastructure. This patch is obviously a regression on some
247         types of programs. I've filed this bug to make sure we implement a
248         PIC compliant Wasm to JS call IC:
249         https://bugs.webkit.org/show_bug.cgi?id=170375
250
251         * wasm/WasmB3IRGenerator.cpp:
252         * wasm/WasmFormat.h:
253         * wasm/WasmPlan.cpp:
254         (JSC::Wasm::Plan::complete):
255         * wasm/js/JSWebAssemblyCodeBlock.cpp:
256         (JSC::JSWebAssemblyCodeBlock::initialize):
257         * wasm/js/JSWebAssemblyCodeBlock.h:
258         (JSC::JSWebAssemblyCodeBlock::create):
259         (JSC::JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub):
260         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
261         (JSC::JSWebAssemblyCodeBlock::allocationSize):
262         (JSC::JSWebAssemblyCodeBlock::importWasmToJSStub):
263         * wasm/js/JSWebAssemblyInstance.cpp:
264         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
265         * wasm/js/JSWebAssemblyInstance.h:
266         (JSC::JSWebAssemblyInstance::offsetOfCodeBlock):
267
268 2017-03-31  Keith Miller  <keith_miller@apple.com>
269
270         WebAssembly: webAssemblyB3OptimizationLevel should use defaultB3OptLevel by default
271         https://bugs.webkit.org/show_bug.cgi?id=170378
272
273         Reviewed by Saam Barati.
274
275         * runtime/Options.h:
276         * wasm/WasmB3IRGenerator.h:
277
278 2017-03-31  Keith Miller  <keith_miller@apple.com>
279
280         WebAssembly: Add compilation level option
281         https://bugs.webkit.org/show_bug.cgi?id=170374
282
283         Reviewed by Mark Lam.
284
285         This patch adds an option, webAssemblyB3OptimizationLevel, which
286         changes the optimization mode wasm passes to B3.
287
288         * runtime/Options.h:
289         * wasm/WasmPlan.cpp:
290         (JSC::Wasm::Plan::compileFunctions):
291
292 2017-03-31  Saam Barati  <sbarati@apple.com>
293
294         WebAssembly: Strip WasmParser and WasmFunctionParser from knowing about VM
295         https://bugs.webkit.org/show_bug.cgi?id=170312
296
297         Reviewed by Mark Lam.
298
299         This is another step towards PIC-ifying Wasm. This patch removes
300         the VM field that is no longer used.
301
302         * wasm/WasmB3IRGenerator.cpp:
303         (JSC::Wasm::parseAndCompile):
304         * wasm/WasmB3IRGenerator.h:
305         * wasm/WasmFunctionParser.h:
306         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
307         * wasm/WasmModuleParser.h:
308         (JSC::Wasm::ModuleParser::ModuleParser):
309         * wasm/WasmParser.h:
310         (JSC::Wasm::Parser<SuccessType>::Parser):
311         * wasm/WasmPlan.cpp:
312         (JSC::Wasm::Plan::parseAndValidateModule):
313         (JSC::Wasm::Plan::compileFunctions):
314         * wasm/WasmValidate.cpp:
315         (JSC::Wasm::validateFunction):
316         * wasm/WasmValidate.h:
317
318 2017-03-31  Saam Barati  <sbarati@apple.com>
319
320         WebAssembly: Ref count Signature and SignatureInformation should not care about VM
321         https://bugs.webkit.org/show_bug.cgi?id=170316
322
323         Reviewed by Keith Miller.
324
325         This is yet again another step towards PIC-ifying Wasm.
326         Signature should be ref counted so we can tell when
327         no code is holding onto a Signature. This makes it easy
328         to free unused Signatures. Also, this patch rids SignatureInfo
329         of any VM knowledge. Now, there is just a single SignatureInfo that
330         lives in a process.
331
332         * runtime/VM.h:
333         * wasm/WasmB3IRGenerator.cpp:
334         (JSC::Wasm::createJSToWasmWrapper):
335         (JSC::Wasm::parseAndCompile):
336         * wasm/WasmB3IRGenerator.h:
337         * wasm/WasmBinding.cpp:
338         (JSC::Wasm::wasmToJs):
339         * wasm/WasmCallingConvention.h:
340         (JSC::Wasm::CallingConvention::loadArguments):
341         * wasm/WasmFormat.h:
342         * wasm/WasmFunctionParser.h:
343         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
344         * wasm/WasmModuleParser.cpp:
345         * wasm/WasmPlan.cpp:
346         (JSC::Wasm::Plan::parseAndValidateModule):
347         (JSC::Wasm::Plan::compileFunctions):
348         (JSC::Wasm::Plan::complete):
349         * wasm/WasmSignature.cpp:
350         (JSC::Wasm::Signature::hash):
351         (JSC::Wasm::Signature::tryCreate):
352         (JSC::Wasm::SignatureInformation::SignatureInformation):
353         (JSC::Wasm::SignatureInformation::singleton):
354         (JSC::Wasm::SignatureInformation::adopt):
355         (JSC::Wasm::SignatureInformation::get):
356         (JSC::Wasm::SignatureInformation::tryCleanup):
357         (JSC::Wasm::Signature::create): Deleted.
358         (JSC::Wasm::Signature::createInvalid): Deleted.
359         (JSC::Wasm::Signature::destroy): Deleted.
360         (JSC::Wasm::SignatureInformation::~SignatureInformation): Deleted.
361         * wasm/WasmSignature.h:
362         (JSC::Wasm::Signature::allocatedSize):
363         (JSC::Wasm::Signature::operator==):
364         * wasm/WasmValidate.cpp:
365         (JSC::Wasm::validateFunction):
366         * wasm/WasmValidate.h:
367         * wasm/js/JSWebAssemblyModule.cpp:
368         (JSC::JSWebAssemblyModule::destroy):
369         * wasm/js/WebAssemblyFunction.cpp:
370         (JSC::callWebAssemblyFunction):
371         * wasm/js/WebAssemblyFunction.h:
372         * wasm/js/WebAssemblyModuleRecord.cpp:
373         (JSC::WebAssemblyModuleRecord::link):
374         (JSC::WebAssemblyModuleRecord::evaluate):
375         * wasm/js/WebAssemblyWrapperFunction.cpp:
376         (JSC::WebAssemblyWrapperFunction::create):
377         * wasm/js/WebAssemblyWrapperFunction.h:
378
379 2017-03-31  Mark Lam  <mark.lam@apple.com>
380
381         Array.prototype.splice() should not be using JSArray::tryCreateForInitializationPrivate().
382         https://bugs.webkit.org/show_bug.cgi?id=170303
383         <rdar://problem/31358281>
384
385         Reviewed by Filip Pizlo.
386
387         This is because it needs to call getProperty() later to get the values for
388         initializing the array.  getProperty() can execute arbitrary code and potentially
389         trigger the GC.  This is not allowed for clients of JSArray::tryCreateForInitializationPrivate().
390
391         * runtime/ArrayPrototype.cpp:
392         (JSC::arrayProtoFuncSplice):
393         (JSC::copySplicedArrayElements): Deleted.
394
395 2017-03-31  Oleksandr Skachkov  <gskachkov@gmail.com>
396
397         String.prototype.replace incorrectly applies "special replacement parameters" when passed a function
398         https://bugs.webkit.org/show_bug.cgi?id=170151
399
400         Reviewed by Saam Barati.
401
402         This patch fixes issue for String.prototype.replace when passed a function 
403         with special symbols "$$". It happeneds because substituteBackreferences applies 
404         unconditionally, but according to the spec it should be applied only for text 
405         21.1.3.16.8 https://tc39.github.io/ecma262/#sec-string.prototype.replace
406
407         * runtime/StringPrototype.cpp:
408         (JSC::replaceUsingStringSearch):
409
410 2017-03-30  Saam Barati  <sbarati@apple.com>
411
412         WebAssembly: When Wasm calls to C, it should use Wasm::Context* instead of ExecState* to get VM
413         https://bugs.webkit.org/show_bug.cgi?id=170185
414
415         Reviewed by Michael Saboff.
416
417         This is one more step in the direction of PIC-ified Wasm.
418         When we lift WasmCallee above VM, we will no longer be
419         able to get VM from ExecState*. This patch ensures that
420         we don't do that from within the Wasm runtime. Instead,
421         we use the Wasm::Context* to get the VM.
422
423         This patch also adds a new class, Wasm::Thunks. There
424         is a single Wasm::Thunks that lives in the process. It
425         is responsible for generating a thunk that Wasm relies on.
426         The only such thunk right now is the exception throwing
427         thunk.
428
429         This patch also rids WasmFaultSignalHandler from any knowledge
430         of VM. Previously, it relied on VM to get the exception handling
431         thunk.
432
433         The only part of the Wasm runtime that will be allowed
434         to get VM& from ExecState will be WasmBinding. In the
435         future, we plan to keep the calls out to JS to keep
436         a JSCell as the callee.
437
438         * JavaScriptCore.xcodeproj/project.pbxproj:
439         * dfg/DFGOSREntry.cpp:
440         (JSC::DFG::prepareOSREntry):
441         * ftl/FTLOSRExitCompiler.cpp:
442         (JSC::FTL::compileStub):
443         * interpreter/Interpreter.cpp:
444         (JSC::UnwindFunctor::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
445         * jit/AssemblyHelpers.cpp:
446         (JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
447         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBufferImpl):
448         * jit/AssemblyHelpers.h:
449         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
450         * jit/ThunkGenerators.cpp:
451         (JSC::throwExceptionFromWasmThunkGenerator): Deleted.
452         * jit/ThunkGenerators.h:
453         * runtime/InitializeThreading.cpp:
454         (JSC::initializeThreading):
455         * runtime/VM.cpp:
456         (JSC::VM::VM):
457         (JSC::VM::getAllCalleeSaveRegisterOffsets):
458         * runtime/VM.h:
459         (JSC::VM::topVMEntryFrameOffset):
460         (JSC::VM::getAllCalleeSaveRegisterOffsets): Deleted.
461         * wasm/WasmB3IRGenerator.cpp:
462         (JSC::Wasm::B3IRGenerator::emitExceptionCheck):
463         * wasm/WasmFaultSignalHandler.cpp:
464         (JSC::Wasm::trapHandler):
465         * wasm/WasmMemory.cpp:
466         (JSC::Wasm::tryGetFastMemory):
467         * wasm/WasmThunks.cpp: Added.
468         (JSC::Wasm::throwExceptionFromWasmThunkGenerator):
469         (JSC::Wasm::Thunks::initialize):
470         (JSC::Wasm::Thunks::singleton):
471         (JSC::Wasm::Thunks::stub):
472         (JSC::Wasm::Thunks::existingStub):
473         * wasm/WasmThunks.h: Added.
474         * wasm/js/JSWebAssemblyInstance.cpp:
475         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
476         * wasm/js/JSWebAssemblyInstance.h:
477         (JSC::JSWebAssemblyInstance::offsetOfVM):
478         * wasm/js/JSWebAssemblyMemory.cpp:
479         (JSC::JSWebAssemblyMemory::grow):
480         * wasm/js/JSWebAssemblyMemory.h:
481         * wasm/js/WebAssemblyMemoryPrototype.cpp:
482         (JSC::webAssemblyMemoryProtoFuncGrow):
483
484 2017-03-30  Mark Lam  <mark.lam@apple.com>
485
486         IntlObject should not be using JSArray::initializeIndex().
487         https://bugs.webkit.org/show_bug.cgi?id=170302
488         <rdar://problem/31356918>
489
490         Reviewed by Saam Barati.
491
492         JSArray::initializeIndex() is only meant to be used with arrays created using
493         JSArray::tryCreateForInitializationPrivate() under very constrained conditions.
494
495         * runtime/IntlObject.cpp:
496         (JSC::canonicalizeLocaleList):
497         (JSC::intlObjectFuncGetCanonicalLocales):
498
499 2017-03-30  Filip Pizlo  <fpizlo@apple.com>
500
501         Air should support linear scan for optLevel<2
502         https://bugs.webkit.org/show_bug.cgi?id=170161
503
504         Reviewed by Saam Barati.
505         
506         This changes the default opt level of B3 to 2. It makes the other opt levels useful by adding a
507         new register allocator. This new linear scan allocator will produce significantly worse code.
508         But it will produce that code a lot faster than IRC or Briggs.
509         
510         The opt levels are:
511             0: no optimizations, linear scan
512             1: some optimizations, linear scan
513             2: full optimizations, graph coloring (IRC or Briggs based on CPU)
514         
515         What we used to call optLevel=1 is not called optLevel=2, or better yet,
516         optLevel=B3::defaultOptLevel(). We no longer have anything like the old optLevel=0 (which did no
517         optimizations but ran graph coloring).
518         
519         allocateRegistersByLinearScan() faithfully implements Massimiliano Poletto and Vivek Sarkar's
520         famous algorithm. It uses the variant that handles clobbered registers by avoiding assigning
521         ranges to those registers if the range overlaps a clobber. It's engineered to allocate registers
522         very quickly and generate inefficient code without falling off a cliff.
523         
524         The new optLevel=1 speeds up B3 by a factor of 2, and results in a 80% throughput regression.
525         Linear scan runs 4.7x faster than graph coloring on average.
526
527         * CMakeLists.txt:
528         * JavaScriptCore.xcodeproj/project.pbxproj:
529         * b3/B3BasicBlockUtils.h:
530         (JSC::B3::blocksInPreOrder):
531         (JSC::B3::blocksInPostOrder):
532         * b3/B3BlockWorklist.h:
533         * b3/B3CFG.h:
534         (JSC::B3::CFG::newMap):
535         * b3/B3Common.h:
536         (JSC::B3::defaultOptLevel):
537         * b3/B3Compile.h:
538         * b3/B3DuplicateTails.cpp:
539         * b3/B3EliminateCommonSubexpressions.cpp:
540         * b3/B3FixSSA.cpp:
541         (JSC::B3::demoteValues):
542         (JSC::B3::fixSSA):
543         * b3/B3FixSSA.h:
544         * b3/B3Generate.cpp:
545         (JSC::B3::prepareForGeneration):
546         (JSC::B3::generateToAir):
547         * b3/B3Generate.h:
548         * b3/B3HeapRange.cpp: Removed.
549         * b3/B3HeapRange.h:
550         (JSC::B3::HeapRange::HeapRange): Deleted.
551         (JSC::B3::HeapRange::top): Deleted.
552         (JSC::B3::HeapRange::operator==): Deleted.
553         (JSC::B3::HeapRange::operator!=): Deleted.
554         (JSC::B3::HeapRange::operator|): Deleted.
555         (JSC::B3::HeapRange::operator bool): Deleted.
556         (JSC::B3::HeapRange::begin): Deleted.
557         (JSC::B3::HeapRange::end): Deleted.
558         (JSC::B3::HeapRange::overlaps): Deleted.
559         * b3/B3LowerToAir.cpp:
560         * b3/B3MoveConstants.cpp:
561         * b3/B3PhiChildren.h:
562         * b3/B3Procedure.cpp:
563         (JSC::B3::Procedure::dump):
564         (JSC::B3::Procedure::deleteOrphans):
565         (JSC::B3::Procedure::setBlockOrderImpl):
566         * b3/B3ReduceDoubleToFloat.cpp:
567         * b3/B3ReduceStrength.cpp:
568         * b3/B3SSACalculator.h:
569         * b3/B3UseCounts.h:
570         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
571         * b3/air/AirAllocateRegistersByLinearScan.cpp: Added.
572         (JSC::B3::Air::allocateRegistersByLinearScan):
573         * b3/air/AirAllocateRegistersByLinearScan.h: Added.
574         * b3/air/AirAllocateStack.cpp:
575         (JSC::B3::Air::allocateStack):
576         * b3/air/AirArg.cpp:
577         (WTF::printInternal):
578         * b3/air/AirArg.h:
579         (JSC::B3::Air::Arg::activeAt):
580         (JSC::B3::Air::Arg::timing):
581         (JSC::B3::Air::Arg::forEachPhase):
582         * b3/air/AirBasicBlock.h:
583         * b3/air/AirBlockWorklist.h:
584         * b3/air/AirCFG.h:
585         (JSC::B3::Air::CFG::newMap):
586         * b3/air/AirEliminateDeadCode.cpp:
587         (JSC::B3::Air::eliminateDeadCode):
588         * b3/air/AirFixObviousSpills.cpp:
589         * b3/air/AirFixPartialRegisterStalls.cpp:
590         (JSC::B3::Air::fixPartialRegisterStalls):
591         * b3/air/AirFixSpillsAfterTerminals.cpp: Added.
592         (JSC::B3::Air::fixSpillsAfterTerminals):
593         * b3/air/AirFixSpillsAfterTerminals.h: Added.
594         * b3/air/AirGenerate.cpp:
595         (JSC::B3::Air::prepareForGeneration):
596         (JSC::B3::Air::generate):
597         * b3/air/AirGenerate.h:
598         * b3/air/AirGenerationContext.h:
599         * b3/air/AirInsertionSet.h:
600         * b3/air/AirInst.cpp:
601         (JSC::B3::Air::Inst::needsPadding):
602         * b3/air/AirLowerAfterRegAlloc.cpp:
603         (JSC::B3::Air::lowerAfterRegAlloc):
604         * b3/air/AirLowerEntrySwitch.cpp:
605         (JSC::B3::Air::lowerEntrySwitch):
606         * b3/air/AirOpcode.opcodes:
607         * b3/air/AirPhaseInsertionSet.cpp: Added.
608         (JSC::B3::Air::PhaseInsertionSet::execute):
609         * b3/air/AirPhaseInsertionSet.h: Added.
610         (JSC::B3::Air::PhaseInsertion::PhaseInsertion):
611         (JSC::B3::Air::PhaseInsertion::phase):
612         (JSC::B3::Air::PhaseInsertion::operator<):
613         (JSC::B3::Air::PhaseInsertionSet::PhaseInsertionSet):
614         (JSC::B3::Air::PhaseInsertionSet::appendInsertion):
615         (JSC::B3::Air::PhaseInsertionSet::insertInst):
616         (JSC::B3::Air::PhaseInsertionSet::insert):
617         * b3/air/AirRegLiveness.h:
618         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
619         * b3/air/AirSpillEverything.cpp:
620         (JSC::B3::Air::spillEverything):
621         * b3/air/AirTmp.cpp:
622         * b3/air/AirTmp.h:
623         (JSC::B3::Air::Tmp::tmpForIndex):
624         * b3/air/AirTmpInlines.h:
625         (JSC::B3::Air::Tmp::Indexed::Indexed):
626         (JSC::B3::Air::Tmp::Indexed::index):
627         (JSC::B3::Air::Tmp::AbsolutelyIndexed::AbsolutelyIndexed):
628         (JSC::B3::Air::Tmp::AbsolutelyIndexed::index):
629         (JSC::B3::Air::Tmp::indexed):
630         (JSC::B3::Air::Tmp::absolutelyIndexed):
631         (JSC::B3::Air::Tmp::tmpForAbsoluteIndex):
632         * b3/testb3.cpp:
633         (JSC::B3::compile):
634         (JSC::B3::testMulLoadTwice):
635         * jit/RegisterSet.h:
636         (JSC::RegisterSet::add):
637         (JSC::RegisterSet::remove):
638         * runtime/Options.h:
639         * wasm/WasmB3IRGenerator.h:
640
641 2017-03-30  Youenn Fablet  <youenn@apple.com>
642
643         Clean up RTCDataChannel
644         https://bugs.webkit.org/show_bug.cgi?id=169732
645
646         Reviewed by Chris Dumez.
647
648         * runtime/CommonIdentifiers.h: Adding RTCDataChannelEvent.
649
650 2017-03-30  Saam Barati  <sbarati@apple.com>
651
652         WebAssembly: pass Wasm::Context* to vmEntryToWasm when not using fast TLS
653         https://bugs.webkit.org/show_bug.cgi?id=170182
654
655         Reviewed by Mark Lam.
656
657         This is one more step in the direction of PIC-ified Wasm.
658         I'm removing assumptions that a wasm callee is a cell. We used to use
659         the callee to get the WasmContext off the callee's VM. Instead,
660         this patch makes it so that we pass in the context as a parameter
661         to the JS entrypoint.
662
663         * heap/MarkedBlock.h:
664         (JSC::MarkedBlock::offsetOfVM): Deleted.
665         * jit/AssemblyHelpers.cpp:
666         (JSC::AssemblyHelpers::loadWasmContext):
667         (JSC::AssemblyHelpers::storeWasmContext):
668         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
669         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
670         * jsc.cpp:
671         (functionTestWasmModuleFunctions):
672         * runtime/VM.h:
673         (JSC::VM::wasmContextOffset): Deleted.
674         * wasm/WasmB3IRGenerator.cpp:
675         (JSC::Wasm::B3IRGenerator::materializeWasmContext):
676         (JSC::Wasm::B3IRGenerator::restoreWasmContext):
677         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
678         (JSC::Wasm::createJSToWasmWrapper):
679         * wasm/WasmContext.cpp:
680         (JSC::Wasm::loadContext):
681         (JSC::Wasm::storeContext):
682         (JSC::loadWasmContext): Deleted.
683         (JSC::storeWasmContext): Deleted.
684         * wasm/WasmContext.h:
685         (JSC::Wasm::useFastTLS):
686         (JSC::Wasm::useFastTLSForContext):
687         * wasm/WasmMemoryInformation.cpp:
688         (JSC::Wasm::PinnedRegisterInfo::get):
689         * wasm/WasmMemoryInformation.h:
690         (JSC::Wasm::useFastTLS): Deleted.
691         (JSC::Wasm::useFastTLSForWasmContext): Deleted.
692         * wasm/js/WebAssemblyFunction.cpp:
693         (JSC::callWebAssemblyFunction):
694
695 2017-03-30  JF Bastien  <jfbastien@apple.com>
696
697         WebAssembly: fix misc JS API implementation inconsistencies
698         https://bugs.webkit.org/show_bug.cgi?id=170187
699
700         Reviewed by Keith Miller.
701
702         Auto-generate lookup tables.
703         Methods should be on prototype.
704         Exception returns should be idiomatic.
705
706         * wasm/JSWebAssembly.cpp: validate / compile / instantiate should
707         be on the prototype
708         (JSC::JSWebAssembly::create):
709         (JSC::JSWebAssembly::finishCreation):
710         (JSC::reject): Deleted.
711         (JSC::webAssemblyCompileFunc): Deleted.
712         (JSC::resolve): Deleted.
713         (JSC::instantiate): Deleted.
714         (JSC::compileAndInstantiate): Deleted.
715         (JSC::webAssemblyInstantiateFunc): Deleted.
716         (JSC::webAssemblyValidateFunc): Deleted.
717         * wasm/JSWebAssembly.h:
718         * wasm/js/WebAssemblyMemoryPrototype.cpp: move from JSWebAssembly.cpp
719         (JSC::webAssemblyMemoryProtoFuncBuffer):
720         (JSC::WebAssemblyMemoryPrototype::create):
721         (JSC::WebAssemblyMemoryPrototype::finishCreation):
722         * wasm/js/WebAssemblyMemoryPrototype.h:
723         * wasm/js/WebAssemblyPrototype.cpp:
724         (JSC::reject):
725         (JSC::webAssemblyCompileFunc):
726         (JSC::resolve):
727         (JSC::instantiate):
728         (JSC::compileAndInstantiate):
729         (JSC::webAssemblyInstantiateFunc):
730         (JSC::webAssemblyValidateFunc):
731         (JSC::webAssemblyFunctionValidate): Deleted.
732         (JSC::webAssemblyFunctionCompile): Deleted.
733         * wasm/js/WebAssemblyTablePrototype.cpp:
734         (JSC::webAssemblyTableProtoFuncGrow):
735         (JSC::webAssemblyTableProtoFuncGet):
736         (JSC::webAssemblyTableProtoFuncSet):
737         (JSC::WebAssemblyTablePrototype::create):
738         (JSC::WebAssemblyTablePrototype::finishCreation):
739         * wasm/js/WebAssemblyTablePrototype.h:
740
741 2017-03-29  Keith Miller  <keith_miller@apple.com>
742
743         Unreviewed, fix the build, again. Hopefully for the last time, again!
744
745         * runtime/Options.cpp:
746
747 2017-03-29  Keith Miller  <keith_miller@apple.com>
748
749         Unreviewed, fix the build, again. Hopefully for the last time!
750
751         * runtime/Options.cpp:
752         (JSC::parse):
753
754 2017-03-29  Keith Miller  <keith_miller@apple.com>
755
756         Unreviewed, windows build fix.
757
758         * runtime/Options.cpp:
759         (JSC::parse):
760
761 2017-03-29  Keith Miller  <keith_miller@apple.com>
762
763         WebAssembly: B3IRGenerator should pool constants
764         https://bugs.webkit.org/show_bug.cgi?id=170266
765
766         Reviewed by Filip Pizlo.
767
768         This patch adds a HashMap to B3IRGenerator that contains all the constants used in a function.
769         B3IRGenerator then uses an InsertionSet to add all those constants to the root BB. This doesn't
770         appear to be a compile time improvement but it could be valuable in the future.
771
772         * b3/B3Opcode.h:
773         (JSC::B3::opcodeForConstant):
774         * b3/B3Procedure.cpp:
775         (JSC::B3::Procedure::addConstant):
776         * b3/B3Procedure.h:
777         * wasm/WasmB3IRGenerator.cpp:
778         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
779         (JSC::Wasm::B3IRGenerator::constant):
780         (JSC::Wasm::B3IRGenerator::insertConstants):
781         (JSC::Wasm::B3IRGenerator::addConstant):
782         (JSC::Wasm::B3IRGenerator::dump):
783         (JSC::Wasm::parseAndCompile):
784         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
785         (JSC::Wasm::B3IRGenerator::zeroForType): Deleted.
786         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
787         (generateConstCode):
788
789 2017-03-29  Saam Barati  <sbarati@apple.com>
790
791         LinkBuffer and ExecutableAllocator shouldn't have anything to do with VM
792         https://bugs.webkit.org/show_bug.cgi?id=170210
793
794         Reviewed by Mark Lam.
795
796         This is one more step in the direction of PIC-ified Wasm.
797         LinkBuffer and ExecutableAllocator have no business knowing about VM.
798
799         * assembler/LinkBuffer.cpp:
800         (JSC::LinkBuffer::allocate):
801         * assembler/LinkBuffer.h:
802         (JSC::LinkBuffer::LinkBuffer):
803         (JSC::LinkBuffer::vm): Deleted.
804         * b3/B3Compile.cpp:
805         (JSC::B3::compile):
806         * b3/B3Compile.h:
807         * b3/air/testair.cpp:
808         * b3/testb3.cpp:
809         (JSC::B3::compileProc):
810         (JSC::B3::compileAndRun):
811         (JSC::B3::testLoadAcq42):
812         (JSC::B3::testAddArgZeroImmZDef):
813         (JSC::B3::testAddLoadTwice):
814         (JSC::B3::testMulLoadTwice):
815         (JSC::B3::testMulAddArgsLeft):
816         (JSC::B3::testMulAddArgsRight):
817         (JSC::B3::testMulAddArgsLeft32):
818         (JSC::B3::testMulAddArgsRight32):
819         (JSC::B3::testMulSubArgsLeft):
820         (JSC::B3::testMulSubArgsRight):
821         (JSC::B3::testMulSubArgsLeft32):
822         (JSC::B3::testMulSubArgsRight32):
823         (JSC::B3::testMulNegArgs):
824         (JSC::B3::testMulNegArgs32):
825         (JSC::B3::testCompareFloatToDoubleThroughPhi):
826         (JSC::B3::testDoubleToFloatThroughPhi):
827         (JSC::B3::testReduceFloatToDoubleValidates):
828         (JSC::B3::testDoubleProducerPhiToFloatConversion):
829         (JSC::B3::testDoubleProducerPhiToFloatConversionWithDoubleConsumer):
830         (JSC::B3::testDoubleProducerPhiWithNonFloatConst):
831         (JSC::B3::testIToD64Arg):
832         (JSC::B3::testIToF64Arg):
833         (JSC::B3::testIToD32Arg):
834         (JSC::B3::testIToF32Arg):
835         (JSC::B3::testIToD64Mem):
836         (JSC::B3::testIToF64Mem):
837         (JSC::B3::testIToD32Mem):
838         (JSC::B3::testIToF32Mem):
839         (JSC::B3::testIToDReducedToIToF64Arg):
840         (JSC::B3::testIToDReducedToIToF32Arg):
841         (JSC::B3::testStoreRelAddLoadAcq32):
842         (JSC::B3::testStoreRelAddLoadAcq8):
843         (JSC::B3::testStoreRelAddFenceLoadAcq8):
844         (JSC::B3::testStoreRelAddLoadAcq16):
845         (JSC::B3::testStoreRelAddLoadAcq64):
846         (JSC::B3::testBranch):
847         (JSC::B3::testBranchPtr):
848         (JSC::B3::testDiamond):
849         (JSC::B3::testBranchNotEqual):
850         (JSC::B3::testBranchNotEqualCommute):
851         (JSC::B3::testBranchNotEqualNotEqual):
852         (JSC::B3::testBranchEqual):
853         (JSC::B3::testBranchEqualEqual):
854         (JSC::B3::testBranchEqualCommute):
855         (JSC::B3::testBranchEqualEqual1):
856         (JSC::B3::testBranchLoadPtr):
857         (JSC::B3::testBranchLoad32):
858         (JSC::B3::testBranchLoad8S):
859         (JSC::B3::testBranchLoad8Z):
860         (JSC::B3::testBranchLoad16S):
861         (JSC::B3::testBranchLoad16Z):
862         (JSC::B3::testBranch8WithLoad8ZIndex):
863         (JSC::B3::testComplex):
864         (JSC::B3::testSimpleCheck):
865         (JSC::B3::testCheckFalse):
866         (JSC::B3::testCheckTrue):
867         (JSC::B3::testCheckLessThan):
868         (JSC::B3::testCheckMegaCombo):
869         (JSC::B3::testCheckTrickyMegaCombo):
870         (JSC::B3::testCheckTwoMegaCombos):
871         (JSC::B3::testCheckTwoNonRedundantMegaCombos):
872         (JSC::B3::testCheckAddImm):
873         (JSC::B3::testCheckAddImmCommute):
874         (JSC::B3::testCheckAddImmSomeRegister):
875         (JSC::B3::testCheckAdd):
876         (JSC::B3::testCheckAdd64):
877         (JSC::B3::testCheckAddFold):
878         (JSC::B3::testCheckAddFoldFail):
879         (JSC::B3::testCheckAddSelfOverflow64):
880         (JSC::B3::testCheckAddSelfOverflow32):
881         (JSC::B3::testCheckSubImm):
882         (JSC::B3::testCheckSubBadImm):
883         (JSC::B3::testCheckSub):
884         (JSC::B3::testCheckSub64):
885         (JSC::B3::testCheckSubFold):
886         (JSC::B3::testCheckSubFoldFail):
887         (JSC::B3::testCheckNeg):
888         (JSC::B3::testCheckNeg64):
889         (JSC::B3::testCheckMul):
890         (JSC::B3::testCheckMulMemory):
891         (JSC::B3::testCheckMul2):
892         (JSC::B3::testCheckMul64):
893         (JSC::B3::testCheckMulFold):
894         (JSC::B3::testCheckMulFoldFail):
895         (JSC::B3::testCheckMul64SShr):
896         (JSC::B3::testSwitch):
897         (JSC::B3::testSwitchChillDiv):
898         (JSC::B3::testSwitchTargettingSameBlock):
899         (JSC::B3::testSwitchTargettingSameBlockFoldPathConstant):
900         (JSC::B3::testBasicSelect):
901         (JSC::B3::testSelectTest):
902         (JSC::B3::testSelectCompareDouble):
903         (JSC::B3::testSelectDouble):
904         (JSC::B3::testSelectDoubleTest):
905         (JSC::B3::testSelectDoubleCompareDouble):
906         (JSC::B3::testSelectFloatCompareFloat):
907         (JSC::B3::testSelectFold):
908         (JSC::B3::testSelectInvert):
909         (JSC::B3::testCheckSelect):
910         (JSC::B3::testCheckSelectCheckSelect):
911         (JSC::B3::testCheckSelectAndCSE):
912         (JSC::B3::testTrivialInfiniteLoop):
913         (JSC::B3::testFoldPathEqual):
914         (JSC::B3::testLShiftSelf32):
915         (JSC::B3::testRShiftSelf32):
916         (JSC::B3::testURShiftSelf32):
917         (JSC::B3::testLShiftSelf64):
918         (JSC::B3::testRShiftSelf64):
919         (JSC::B3::testURShiftSelf64):
920         (JSC::B3::testPatchpointDoubleRegs):
921         (JSC::B3::testSpillDefSmallerThanUse):
922         (JSC::B3::testSpillUseLargerThanDef):
923         (JSC::B3::testLateRegister):
924         (JSC::B3::testInterpreter):
925         (JSC::B3::testEntrySwitchSimple):
926         (JSC::B3::testEntrySwitchNoEntrySwitch):
927         (JSC::B3::testEntrySwitchWithCommonPaths):
928         (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
929         (JSC::B3::testEntrySwitchLoop):
930         (JSC::B3::testSomeEarlyRegister):
931         (JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled):
932         (JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled2):
933         (JSC::B3::testPatchpointTerminalReturnValue):
934         (JSC::B3::testMemoryFence):
935         (JSC::B3::testStoreFence):
936         (JSC::B3::testLoadFence):
937         (JSC::B3::testPCOriginMapDoesntInsertNops):
938         (JSC::B3::testPinRegisters):
939         (JSC::B3::testX86LeaAddAddShlLeft):
940         (JSC::B3::testX86LeaAddAddShlRight):
941         (JSC::B3::testX86LeaAddAdd):
942         (JSC::B3::testX86LeaAddShlRight):
943         (JSC::B3::testX86LeaAddShlLeftScale1):
944         (JSC::B3::testX86LeaAddShlLeftScale2):
945         (JSC::B3::testX86LeaAddShlLeftScale4):
946         (JSC::B3::testX86LeaAddShlLeftScale8):
947         (JSC::B3::testAddShl32):
948         (JSC::B3::testAddShl64):
949         (JSC::B3::testAddShl65):
950         (JSC::B3::testLoadBaseIndexShift2):
951         (JSC::B3::testLoadBaseIndexShift32):
952         (JSC::B3::testOptimizeMaterialization):
953         (JSC::B3::testAtomicWeakCAS):
954         (JSC::B3::testAtomicStrongCAS):
955         (JSC::B3::testAtomicXchg):
956         (JSC::B3::testDepend32):
957         (JSC::B3::testDepend64):
958         (JSC::B3::testWasmBoundsCheck):
959         (JSC::B3::testWasmAddress):
960         (JSC::B3::run):
961         (JSC::B3::compile): Deleted.
962         * bytecode/PolymorphicAccess.cpp:
963         (JSC::PolymorphicAccess::regenerate):
964         * dfg/DFGJITCompiler.cpp:
965         (JSC::DFG::JITCompiler::compile):
966         (JSC::DFG::JITCompiler::compileFunction):
967         * dfg/DFGLazyJSValue.cpp:
968         (JSC::DFG::LazyJSValue::emit):
969         * dfg/DFGOSRExitCompiler.cpp:
970         * dfg/DFGSpeculativeJIT32_64.cpp:
971         (JSC::DFG::SpeculativeJIT::emitCall):
972         * dfg/DFGSpeculativeJIT64.cpp:
973         (JSC::DFG::SpeculativeJIT::emitCall):
974         * dfg/DFGThunks.cpp:
975         (JSC::DFG::osrExitGenerationThunkGenerator):
976         (JSC::DFG::osrEntryThunkGenerator):
977         * ftl/FTLCompile.cpp:
978         (JSC::FTL::compile):
979         * ftl/FTLLazySlowPath.cpp:
980         (JSC::FTL::LazySlowPath::generate):
981         * ftl/FTLLink.cpp:
982         (JSC::FTL::link):
983         * ftl/FTLLowerDFGToB3.cpp:
984         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
985         (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
986         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
987         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
988         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
989         * ftl/FTLOSRExitCompiler.cpp:
990         (JSC::FTL::compileStub):
991         * ftl/FTLOSRExitHandle.cpp:
992         (JSC::FTL::OSRExitHandle::emitExitThunk):
993         * ftl/FTLSlowPathCall.cpp:
994         (JSC::FTL::SlowPathCallContext::makeCall):
995         * ftl/FTLSlowPathCall.h:
996         (JSC::FTL::callOperation):
997         * ftl/FTLState.h:
998         * ftl/FTLThunks.cpp:
999         (JSC::FTL::genericGenerationThunkGenerator):
1000         (JSC::FTL::slowPathCallThunkGenerator):
1001         * ftl/FTLThunks.h:
1002         (JSC::FTL::generateIfNecessary):
1003         (JSC::FTL::Thunks::getSlowPathCallThunk):
1004         * jit/AssemblyHelpers.cpp:
1005         (JSC::AssemblyHelpers::emitDumbVirtualCall):
1006         * jit/AssemblyHelpers.h:
1007         * jit/ExecutableAllocator.cpp:
1008         (JSC::ExecutableAllocator::initializeAllocator):
1009         (JSC::ExecutableAllocator::singleton):
1010         (JSC::ExecutableAllocator::ExecutableAllocator):
1011         (JSC::ExecutableAllocator::allocate):
1012         * jit/ExecutableAllocator.h:
1013         * jit/JIT.cpp:
1014         (JSC::JIT::compileWithoutLinking):
1015         * jit/JITCall.cpp:
1016         (JSC::JIT::compileCallEvalSlowCase):
1017         * jit/JITMathIC.h:
1018         (JSC::JITMathIC::generateOutOfLine):
1019         * jit/JITOpcodes.cpp:
1020         (JSC::JIT::privateCompileHasIndexedProperty):
1021         * jit/JITOpcodes32_64.cpp:
1022         (JSC::JIT::privateCompileHasIndexedProperty):
1023         * jit/JITOperations.cpp:
1024         * jit/JITOperations.h:
1025         * jit/JITPropertyAccess.cpp:
1026         (JSC::JIT::stringGetByValStubGenerator):
1027         (JSC::JIT::privateCompileGetByVal):
1028         (JSC::JIT::privateCompileGetByValWithCachedId):
1029         (JSC::JIT::privateCompilePutByVal):
1030         (JSC::JIT::privateCompilePutByValWithCachedId):
1031         * jit/JITPropertyAccess32_64.cpp:
1032         (JSC::JIT::stringGetByValStubGenerator):
1033         * jit/JITStubRoutine.h:
1034         * jit/Repatch.cpp:
1035         (JSC::ftlThunkAwareRepatchCall):
1036         (JSC::linkPolymorphicCall):
1037         * jit/SpecializedThunkJIT.h:
1038         (JSC::SpecializedThunkJIT::finalize):
1039         * jit/ThunkGenerators.cpp:
1040         (JSC::throwExceptionFromCallSlowPathGenerator):
1041         (JSC::linkCallThunkGenerator):
1042         (JSC::linkPolymorphicCallThunkGenerator):
1043         (JSC::virtualThunkFor):
1044         (JSC::nativeForGenerator):
1045         (JSC::arityFixupGenerator):
1046         (JSC::unreachableGenerator):
1047         (JSC::boundThisNoArgsFunctionCallGenerator):
1048         (JSC::throwExceptionFromWasmThunkGenerator):
1049         * llint/LLIntThunks.cpp:
1050         (JSC::LLInt::generateThunkWithJumpTo):
1051         * runtime/SamplingProfiler.cpp:
1052         (JSC::SamplingProfiler::takeSample):
1053         * runtime/VM.cpp:
1054         (JSC::VM::VM):
1055         * runtime/VM.h:
1056         * runtime/VMTraps.cpp:
1057         (JSC::VMTraps::tryInstallTrapBreakpoints):
1058         * tools/VMInspector.cpp:
1059         * wasm/WasmBinding.cpp:
1060         (JSC::Wasm::wasmToJs):
1061         (JSC::Wasm::wasmToWasm):
1062         (JSC::Wasm::exitStubGenerator):
1063         * wasm/WasmPlan.cpp:
1064         (JSC::Wasm::Plan::complete):
1065         * yarr/YarrJIT.cpp:
1066         (JSC::Yarr::YarrGenerator::compile):
1067         (JSC::Yarr::jitCompile):
1068
1069 2017-03-29  Keith Miller  <keith_miller@apple.com>
1070
1071         WebAssembly: Worklist should periodically check in to see if there are higher priority jobs to do.
1072         https://bugs.webkit.org/show_bug.cgi?id=170204
1073
1074         Reviewed by Saam Barati.
1075
1076         This patch makes it so that Wasm::Plan's compileFunctions method can return periodically
1077         to its caller. The main use for this is if a user asynchronously compiles a wasm module
1078         then later synchronously compiles another module. In this case we want to be able to pause
1079         compilation of other worklists.
1080
1081         This patch also adds support for size_t Options.
1082
1083         * runtime/Options.cpp:
1084         (JSC::parse):
1085         (JSC::Option::dump):
1086         (JSC::Option::operator==):
1087         * runtime/Options.h:
1088         * wasm/WasmPlan.cpp:
1089         (JSC::Wasm::Plan::moveToState):
1090         (JSC::Wasm::Plan::ThreadCountHolder::~ThreadCountHolder):
1091         (JSC::Wasm::Plan::compileFunctions):
1092         * wasm/WasmPlan.h:
1093         * wasm/WasmWorklist.cpp:
1094
1095 2017-03-29  Mark Lam  <mark.lam@apple.com>
1096
1097         Remove obsolete references to HeapTimer in JavaScriptCore.order.
1098         https://bugs.webkit.org/show_bug.cgi?id=170252
1099
1100         Reviewed by Saam Barati.
1101
1102         The HeapTimer was renamed to JSRunLoopTimer back in r214504.  These HeapTimer
1103         entries are now no longer meaningful.
1104
1105         * JavaScriptCore.order:
1106
1107 2017-03-29  JF Bastien  <jfbastien@apple.com>
1108
1109         WebAssembly: add shell-only Memory mode helper
1110         https://bugs.webkit.org/show_bug.cgi?id=170227
1111
1112         Reviewed by Mark Lam.
1113
1114         * jsc.cpp:
1115         (GlobalObject::finishCreation):
1116         (functionWebAssemblyMemoryMode):
1117         * wasm/WasmMemory.h:
1118         * wasm/js/JSWebAssemblyInstance.h:
1119         * wasm/js/JSWebAssemblyMemory.h:
1120
1121 2017-03-29  Keith Miller  <keith_miller@apple.com>
1122
1123         WebAssembly: pack OpcodeOrigin to fit in a pointer
1124         https://bugs.webkit.org/show_bug.cgi?id=170244
1125
1126         Reviewed by Michael Saboff.
1127
1128         This patch makes it so we don't have to have allocate the OpcodeOrigin and can just
1129         pack all the data into the pointer B3::Origin already has.
1130
1131         * wasm/WasmB3IRGenerator.cpp:
1132         (JSC::Wasm::parseAndCompile):
1133         * wasm/WasmOpcodeOrigin.cpp:
1134         (JSC::Wasm::OpcodeOrigin::dump):
1135         * wasm/WasmOpcodeOrigin.h:
1136         (JSC::Wasm::OpcodeOrigin::OpcodeOrigin):
1137         (JSC::Wasm::OpcodeOrigin::opcode):
1138         (JSC::Wasm::OpcodeOrigin::location):
1139
1140 2017-03-29  JF Bastien  <jfbastien@apple.com>
1141
1142         WebAssembly: NFC s/goto/lambda/g
1143         https://bugs.webkit.org/show_bug.cgi?id=170242
1144
1145         Reviewed by Mark Lam.
1146
1147         Lambdas are more in-style than the goto I just used.
1148
1149         * wasm/WasmMemory.cpp:
1150         (JSC::Wasm::tryGetFastMemory):
1151
1152 2017-03-28  Saam Barati  <sbarati@apple.com>
1153
1154         AssemblyHelpers should not have a VM field
1155         https://bugs.webkit.org/show_bug.cgi?id=170207
1156
1157         Reviewed by Yusuke Suzuki.
1158
1159         APIs that need VM should take one as a parameter. When doing position
1160         independent code for Wasm, we can't tie code generation to a VM.
1161
1162         * b3/B3Compile.cpp:
1163         (JSC::B3::compile):
1164         * b3/air/testair.cpp:
1165         * b3/testb3.cpp:
1166         (JSC::B3::testEntrySwitchSimple):
1167         (JSC::B3::testEntrySwitchNoEntrySwitch):
1168         (JSC::B3::testEntrySwitchWithCommonPaths):
1169         (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
1170         (JSC::B3::testEntrySwitchLoop):
1171         * bytecode/AccessCase.cpp:
1172         (JSC::AccessCase::generateWithGuard):
1173         (JSC::AccessCase::generateImpl):
1174         * bytecode/DOMJITAccessCasePatchpointParams.cpp:
1175         (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
1176         * bytecode/InlineAccess.cpp:
1177         (JSC::InlineAccess::dumpCacheSizesAndCrash):
1178         (JSC::InlineAccess::generateSelfPropertyAccess):
1179         (JSC::InlineAccess::generateSelfPropertyReplace):
1180         (JSC::InlineAccess::generateArrayLength):
1181         (JSC::InlineAccess::rewireStubAsJump):
1182         * bytecode/InlineAccess.h:
1183         * bytecode/PolymorphicAccess.cpp:
1184         (JSC::AccessGenerationState::emitExplicitExceptionHandler):
1185         (JSC::PolymorphicAccess::regenerate):
1186         * bytecode/PolymorphicAccess.h:
1187         (JSC::AccessGenerationState::AccessGenerationState):
1188         * dfg/DFGJITCompiler.cpp:
1189         (JSC::DFG::JITCompiler::JITCompiler):
1190         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1191         (JSC::DFG::JITCompiler::link):
1192         (JSC::DFG::JITCompiler::compile):
1193         (JSC::DFG::JITCompiler::compileFunction):
1194         (JSC::DFG::JITCompiler::exceptionCheck):
1195         * dfg/DFGJITCompiler.h:
1196         (JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
1197         (JSC::DFG::JITCompiler::fastExceptionCheck):
1198         (JSC::DFG::JITCompiler::vm):
1199         * dfg/DFGOSRExitCompiler.cpp:
1200         * dfg/DFGOSRExitCompiler.h:
1201         * dfg/DFGOSRExitCompiler32_64.cpp:
1202         (JSC::DFG::OSRExitCompiler::compileExit):
1203         * dfg/DFGOSRExitCompiler64.cpp:
1204         (JSC::DFG::OSRExitCompiler::compileExit):
1205         * dfg/DFGOSRExitCompilerCommon.cpp:
1206         (JSC::DFG::adjustAndJumpToTarget):
1207         * dfg/DFGOSRExitCompilerCommon.h:
1208         * dfg/DFGSpeculativeJIT.cpp:
1209         (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
1210         (JSC::DFG::SpeculativeJIT::checkArray):
1211         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
1212         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
1213         (JSC::DFG::SpeculativeJIT::compileMakeRope):
1214         (JSC::DFG::SpeculativeJIT::compileGetGlobalObject):
1215         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
1216         (JSC::DFG::SpeculativeJIT::compileCreateActivation):
1217         (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
1218         (JSC::DFG::SpeculativeJIT::compileSpread):
1219         (JSC::DFG::SpeculativeJIT::compileArraySlice):
1220         (JSC::DFG::SpeculativeJIT::compileNukeStructureAndSetButterfly):
1221         (JSC::DFG::SpeculativeJIT::compileNewStringObject):
1222         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
1223         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
1224         * dfg/DFGSpeculativeJIT.h:
1225         (JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
1226         (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
1227         (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
1228         (JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
1229         * dfg/DFGSpeculativeJIT32_64.cpp:
1230         (JSC::DFG::SpeculativeJIT::emitCall):
1231         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1232         (JSC::DFG::SpeculativeJIT::emitBranch):
1233         (JSC::DFG::SpeculativeJIT::compile):
1234         * dfg/DFGSpeculativeJIT64.cpp:
1235         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
1236         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
1237         (JSC::DFG::SpeculativeJIT::emitCall):
1238         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1239         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1240         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1241         (JSC::DFG::SpeculativeJIT::emitBranch):
1242         (JSC::DFG::SpeculativeJIT::compile):
1243         (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
1244         * dfg/DFGThunks.cpp:
1245         (JSC::DFG::osrEntryThunkGenerator):
1246         * ftl/FTLCompile.cpp:
1247         (JSC::FTL::compile):
1248         * ftl/FTLJITFinalizer.h:
1249         * ftl/FTLLazySlowPath.cpp:
1250         (JSC::FTL::LazySlowPath::generate):
1251         * ftl/FTLLazySlowPathCall.h:
1252         (JSC::FTL::createLazyCallGenerator):
1253         * ftl/FTLLink.cpp:
1254         (JSC::FTL::link):
1255         * ftl/FTLLowerDFGToB3.cpp:
1256         (JSC::FTL::DFG::LowerDFGToB3::lower):
1257         (JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
1258         (JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
1259         (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
1260         (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
1261         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
1262         (JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
1263         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1264         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1265         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
1266         (JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull):
1267         (JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
1268         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
1269         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
1270         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
1271         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
1272         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
1273         (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
1274         (JSC::FTL::DFG::LowerDFGToB3::buildTypeOf):
1275         * ftl/FTLOSRExitCompiler.cpp:
1276         (JSC::FTL::compileStub):
1277         * ftl/FTLSlowPathCall.h:
1278         (JSC::FTL::callOperation):
1279         * ftl/FTLState.h:
1280         (JSC::FTL::State::vm):
1281         * ftl/FTLThunks.cpp:
1282         (JSC::FTL::genericGenerationThunkGenerator):
1283         (JSC::FTL::slowPathCallThunkGenerator):
1284         * jit/AssemblyHelpers.cpp:
1285         (JSC::AssemblyHelpers::jitReleaseAssertNoException):
1286         (JSC::AssemblyHelpers::callExceptionFuzz):
1287         (JSC::AssemblyHelpers::emitJumpIfException):
1288         (JSC::AssemblyHelpers::emitExceptionCheck):
1289         (JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
1290         (JSC::AssemblyHelpers::emitLoadStructure):
1291         (JSC::AssemblyHelpers::emitRandomThunk):
1292         (JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
1293         (JSC::AssemblyHelpers::emitConvertValueToBoolean):
1294         (JSC::AssemblyHelpers::debugCall):
1295         * jit/AssemblyHelpers.h:
1296         (JSC::AssemblyHelpers::AssemblyHelpers):
1297         (JSC::AssemblyHelpers::codeBlock):
1298         (JSC::AssemblyHelpers::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
1299         (JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMEntryFrameCalleeSavesBuffer):
1300         (JSC::AssemblyHelpers::barrierBranch):
1301         (JSC::AssemblyHelpers::barrierStoreLoadFence):
1302         (JSC::AssemblyHelpers::mutatorFence):
1303         (JSC::AssemblyHelpers::storeButterfly):
1304         (JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):
1305         (JSC::AssemblyHelpers::jumpIfMutatorFenceNotNeeded):
1306         (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
1307         (JSC::AssemblyHelpers::emitAllocateJSObject):
1308         (JSC::AssemblyHelpers::emitAllocateVariableSizedCell):
1309         (JSC::AssemblyHelpers::emitAllocateVariableSizedJSObject):
1310         (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
1311         (JSC::AssemblyHelpers::vm): Deleted.
1312         (JSC::AssemblyHelpers::debugCall): Deleted.
1313         * jit/CCallHelpers.cpp:
1314         (JSC::CCallHelpers::ensureShadowChickenPacket):
1315         * jit/CCallHelpers.h:
1316         (JSC::CCallHelpers::CCallHelpers):
1317         (JSC::CCallHelpers::jumpToExceptionHandler):
1318         * jit/JIT.cpp:
1319         (JSC::JIT::emitEnterOptimizationCheck):
1320         (JSC::JIT::privateCompileExceptionHandlers):
1321         * jit/JIT.h:
1322         (JSC::JIT::exceptionCheck):
1323         (JSC::JIT::exceptionCheckWithCallFrameRollback):
1324         * jit/JITMathIC.h:
1325         (JSC::JITMathIC::generateOutOfLine):
1326         * jit/JITOpcodes.cpp:
1327         (JSC::JIT::emit_op_instanceof):
1328         (JSC::JIT::emit_op_is_undefined):
1329         (JSC::JIT::emit_op_jfalse):
1330         (JSC::JIT::emit_op_jeq_null):
1331         (JSC::JIT::emit_op_jneq_null):
1332         (JSC::JIT::emit_op_jtrue):
1333         (JSC::JIT::emit_op_throw):
1334         (JSC::JIT::emit_op_catch):
1335         (JSC::JIT::emit_op_eq_null):
1336         (JSC::JIT::emit_op_neq_null):
1337         (JSC::JIT::emitSlow_op_loop_hint):
1338         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1339         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1340         * jit/JITOpcodes32_64.cpp:
1341         (JSC::JIT::privateCompileCTINativeCall):
1342         (JSC::JIT::emit_op_new_object):
1343         (JSC::JIT::emit_op_jfalse):
1344         (JSC::JIT::emit_op_jtrue):
1345         (JSC::JIT::emit_op_throw):
1346         (JSC::JIT::emit_op_catch):
1347         (JSC::JIT::emit_op_create_this):
1348         (JSC::JIT::emit_op_log_shadow_chicken_prologue):
1349         (JSC::JIT::emit_op_log_shadow_chicken_tail):
1350         * jit/JITPropertyAccess.cpp:
1351         (JSC::JIT::emitWriteBarrier):
1352         * jit/JSInterfaceJIT.h:
1353         (JSC::JSInterfaceJIT::JSInterfaceJIT):
1354         (JSC::JSInterfaceJIT::vm):
1355         * jit/Repatch.cpp:
1356         (JSC::tryCacheGetByID):
1357         (JSC::tryCachePutByID):
1358         (JSC::linkPolymorphicCall):
1359         (JSC::resetGetByID):
1360         (JSC::resetPutByID):
1361         * jit/SetupVarargsFrame.cpp:
1362         (JSC::emitSetupVarargsFrameFastCase):
1363         * jit/SetupVarargsFrame.h:
1364         * jit/SpecializedThunkJIT.h:
1365         (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
1366         * jit/ThunkGenerators.cpp:
1367         (JSC::throwExceptionFromCallSlowPathGenerator):
1368         (JSC::linkCallThunkGenerator):
1369         (JSC::linkPolymorphicCallThunkGenerator):
1370         (JSC::virtualThunkFor):
1371         (JSC::nativeForGenerator):
1372         (JSC::randomThunkGenerator):
1373         (JSC::boundThisNoArgsFunctionCallGenerator):
1374         (JSC::throwExceptionFromWasmThunkGenerator):
1375         * wasm/WasmB3IRGenerator.cpp:
1376         (JSC::Wasm::parseAndCompile):
1377         * wasm/WasmBinding.cpp:
1378         (JSC::Wasm::wasmToJs):
1379         (JSC::Wasm::wasmToWasm):
1380
1381 2017-03-28  Keith Miller  <keith_miller@apple.com>
1382
1383         WebAssembly: We should have Origins
1384         https://bugs.webkit.org/show_bug.cgi?id=170217
1385
1386         Reviewed by Mark Lam.
1387
1388         This patch adds wasm origins for B3::Values, called OpcodeOrigin. Currently,
1389         OpcodeOrigin just tracks the original opcode and the location of that opcode.
1390
1391         Here's a sample:
1392
1393         BB#0: ; frequency = 1.000000
1394             Int64 @4 = Patchpoint(generator = 0x10f487fa8, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister)
1395             Int64 @5 = FramePointer()
1396             Void @8 = Store(@4, @5, offset = 24, ControlDependent|Writes:Top)
1397             Int64 @10 = Const64(0)
1398             Void @12 = Store($0(@10), @5, offset = 16, ControlDependent|Writes:Top)
1399             Int64 @13 = Patchpoint(generator = 0x10f4be7f0, earlyClobbered = [], lateClobbered = [], usedRegisters = [], resultConstraint = SomeRegister, ExitsSideways|ControlDependent|WritesPinned|ReadsPinned|Fence|Writes:Top|Reads:Top)
1400             Int64 @16 = ArgumentReg(%rdi)
1401             Int64 @18 = ArgumentReg(%rsi)
1402             Int32 @22 = Trunc(@18, Wasm: {opcode: I64Rotl, location: 5})
1403             Int64 @23 = RotL(@16, @22, Wasm: {opcode: I64Rotl, location: 5})
1404             Void @27 = Return(@23, Terminal, Wasm: {opcode: End, location: 6})
1405
1406         * JavaScriptCore.xcodeproj/project.pbxproj:
1407         * b3/B3Value.cpp:
1408         (JSC::B3::Value::deepDump):
1409         * wasm/WasmB3IRGenerator.cpp:
1410         (JSC::Wasm::B3IRGenerator::setParser):
1411         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
1412         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1413         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1414         (JSC::Wasm::B3IRGenerator::emitStoreOp):
1415         (JSC::Wasm::B3IRGenerator::addConstant):
1416         (JSC::Wasm::B3IRGenerator::addLoop):
1417         (JSC::Wasm::B3IRGenerator::unify):
1418         (JSC::Wasm::parseAndCompile):
1419         (JSC::Wasm::B3IRGenerator::emitChecksForModOrDiv):
1420         (JSC::Wasm::getMemoryBaseAndSize): Deleted.
1421         * wasm/WasmFunctionParser.h:
1422         (JSC::Wasm::FunctionParser::currentOpcode):
1423         (JSC::Wasm::FunctionParser::currentOpcodeStartingOffset):
1424         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
1425         * wasm/WasmOpcodeOrigin.cpp: Added.
1426         (JSC::Wasm::OpcodeOrigin::dump):
1427         * wasm/WasmOpcodeOrigin.h: Added.
1428         (JSC::Wasm::OpcodeOrigin::OpcodeOrigin):
1429         * wasm/WasmValidate.cpp:
1430         (JSC::Wasm::Validate::setParser):
1431         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
1432         (CodeGenerator.generate):
1433         (generateB3OpCode):
1434         (generateConstCode):
1435
1436 2017-03-28  JF Bastien  <jfbastien@apple.com>
1437
1438         WebAssembly: option to crash if no fast memory is available
1439         https://bugs.webkit.org/show_bug.cgi?id=170219
1440
1441         Reviewed by Mark Lam.
1442
1443         * runtime/Options.h:
1444         * wasm/WasmMemory.cpp:
1445         (JSC::Wasm::webAssemblyCouldntGetFastMemory):
1446         (JSC::Wasm::tryGetFastMemory):
1447
1448 2017-03-28  Mark Lam  <mark.lam@apple.com>
1449
1450         The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
1451         https://bugs.webkit.org/show_bug.cgi?id=170213
1452         <rdar://problem/30755345>
1453
1454         Reviewed by Filip Pizlo.
1455
1456         The current condition for stealing the conn isn't tight enough.  Restricting the
1457         stealing to when m_currentPhase == NotRunning ensures that the Collector is
1458         really done running.
1459
1460         No test because this issue only manifests with a race condition that is difficult
1461         to reproduce on demand.
1462
1463         * heap/Heap.cpp:
1464         (JSC::Heap::requestCollection):
1465
1466 2017-03-28  Keith Miller  <keith_miller@apple.com>
1467
1468         WebAssembly: Make WebAssembly.instantiate/compile truly asynchronous
1469         https://bugs.webkit.org/show_bug.cgi?id=169187
1470
1471         Reviewed by Saam Barati.
1472
1473         This patch allows WebAssembly compilations to happen asynchronously.
1474         To do so, it refactors how much of the compilation happens and adds
1475         new infrastructure for async promises.
1476
1477         First, there is a new class, PromiseDeferredTimer that lives on
1478         the VM.  PromiseDeferredTimer will manage the life-cycle of async
1479         pending promises and any dependencies that promise
1480         needs. PromiseDeferredTimer automagically releases the pending
1481         promise and dependencies once the JSPromiseDeferred is resolved or
1482         rejected. Additionally, PromiseDeferredTimer provides a mechanism
1483         to poll the run-loop whenever the async task needs to synchronize
1484         with the JS thread. Normally, that will be whenever the async task
1485         finishes. In the case of Web Assembly we also use this feature for
1486         the compile + instantiate case, where we might have more work
1487         after the first async task completes (more on that later).
1488
1489         The next class is Wasm::Worklist, which is used to manage Wasm
1490         compilation tasks. The worklist class works similarly to the
1491         DFG/FTL Worklists. It has a pool of threads that it manages. One
1492         interesting aspect of Wasm Worklist is that it can synchronously
1493         compile a plan that is already potentially running
1494         asynchronously. This can occur if a user calls
1495         WebAssembly.instantiate() then new WebAssembly.instantiate() on
1496         the same module. In that case the Wasm Worklist will bump the
1497         priority of the running pending Plan and block the JS thread.
1498
1499         This patch also makes some of the Wasm Plan code cleaner. Since we
1500         now defer all compilation to instantiation time, we no longer need
1501         to guess at which memory we are going to get. Also, Wasm Plans now
1502         track the work they have done with a state enum.
1503
1504         Finally, this patch makes renamed HeapTimer to JSRunLoopTimer. It
1505         also adds changes test262AsyncTest to a more generic testing
1506         infrastructure. Now, in addition to the old functionality, you can
1507         call asyncTest() with the number of tests you expect. When the jsc
1508         CLI exits, it will guarantee that asyncTestPassed() is called that
1509         many times.
1510
1511         * CMakeLists.txt:
1512         * JavaScriptCore.xcodeproj/project.pbxproj:
1513         * heap/GCActivityCallback.h:
1514         * heap/IncrementalSweeper.cpp:
1515         (JSC::IncrementalSweeper::scheduleTimer):
1516         (JSC::IncrementalSweeper::IncrementalSweeper):
1517         * heap/IncrementalSweeper.h:
1518         * heap/StopIfNecessaryTimer.cpp:
1519         (JSC::StopIfNecessaryTimer::StopIfNecessaryTimer):
1520         * heap/StopIfNecessaryTimer.h:
1521         * heap/StrongInlines.h:
1522         * jsc.cpp:
1523         (GlobalObject::finishCreation):
1524         (printInternal):
1525         (functionAsyncTestStart):
1526         (functionAsyncTestPassed):
1527         (functionTestWasmModuleFunctions):
1528         (CommandLine::parseArguments):
1529         (runJSC):
1530         * runtime/JSPromiseDeferred.cpp:
1531         (JSC::JSPromiseDeferred::resolve):
1532         (JSC::JSPromiseDeferred::reject):
1533         * runtime/JSPromiseDeferred.h:
1534         (JSC::JSPromiseDeferred::promiseAsyncPending):
1535         * runtime/JSRunLoopTimer.cpp: Renamed from Source/JavaScriptCore/heap/HeapTimer.cpp.
1536         (JSC::JSRunLoopTimer::JSRunLoopTimer):
1537         (JSC::JSRunLoopTimer::setRunLoop):
1538         (JSC::JSRunLoopTimer::~JSRunLoopTimer):
1539         (JSC::JSRunLoopTimer::timerDidFire):
1540         (JSC::JSRunLoopTimer::scheduleTimer):
1541         (JSC::JSRunLoopTimer::cancelTimer):
1542         (JSC::JSRunLoopTimer::invalidate):
1543         * runtime/JSRunLoopTimer.h: Copied from Source/JavaScriptCore/heap/HeapTimer.h.
1544         * runtime/Options.h:
1545         * runtime/PromiseDeferredTimer.cpp: Added.
1546         (JSC::PromiseDeferredTimer::PromiseDeferredTimer):
1547         (JSC::PromiseDeferredTimer::doWork):
1548         (JSC::PromiseDeferredTimer::runRunLoop):
1549         (JSC::PromiseDeferredTimer::addPendingPromise):
1550         (JSC::PromiseDeferredTimer::cancelPendingPromise):
1551         (JSC::PromiseDeferredTimer::scheduleWorkSoon):
1552         (JSC::PromiseDeferredTimer::scheduleBlockedTask):
1553         * runtime/PromiseDeferredTimer.h: Renamed from Source/JavaScriptCore/heap/HeapTimer.h.
1554         (JSC::PromiseDeferredTimer::stopRunningTasks):
1555         * runtime/VM.cpp:
1556         (JSC::VM::VM):
1557         (JSC::VM::~VM):
1558         * runtime/VM.h:
1559         * wasm/JSWebAssembly.cpp:
1560         (JSC::reject):
1561         (JSC::webAssemblyCompileFunc):
1562         (JSC::resolve):
1563         (JSC::instantiate):
1564         (JSC::compileAndInstantiate):
1565         (JSC::webAssemblyInstantiateFunc):
1566         (JSC::webAssemblyValidateFunc):
1567         * wasm/WasmB3IRGenerator.cpp:
1568         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1569         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1570         (JSC::Wasm::B3IRGenerator::memoryKind):
1571         (JSC::Wasm::parseAndCompile):
1572         * wasm/WasmB3IRGenerator.h:
1573         * wasm/WasmFormat.h:
1574         (JSC::Wasm::ModuleInformation::internalFunctionCount):
1575         * wasm/WasmFunctionParser.h:
1576         * wasm/WasmMemory.h:
1577         * wasm/WasmMemoryInformation.cpp:
1578         (JSC::Wasm::MemoryInformation::MemoryInformation):
1579         * wasm/WasmMemoryInformation.h:
1580         (JSC::Wasm::MemoryInformation::maximum):
1581         (JSC::Wasm::MemoryInformation::hasReservedMemory): Deleted.
1582         (JSC::Wasm::MemoryInformation::takeReservedMemory): Deleted.
1583         (JSC::Wasm::MemoryInformation::mode): Deleted.
1584         * wasm/WasmModuleParser.cpp:
1585         * wasm/WasmModuleParser.h:
1586         (JSC::Wasm::ModuleParser::ModuleParser):
1587         * wasm/WasmPlan.cpp:
1588         (JSC::Wasm::Plan::Plan):
1589         (JSC::Wasm::Plan::stateString):
1590         (JSC::Wasm::Plan::moveToState):
1591         (JSC::Wasm::Plan::fail):
1592         (JSC::Wasm::Plan::parseAndValidateModule):
1593         (JSC::Wasm::Plan::prepare):
1594         (JSC::Wasm::Plan::ThreadCountHolder::ThreadCountHolder):
1595         (JSC::Wasm::Plan::ThreadCountHolder::~ThreadCountHolder):
1596         (JSC::Wasm::Plan::compileFunctions):
1597         (JSC::Wasm::Plan::complete):
1598         (JSC::Wasm::Plan::waitForCompletion):
1599         (JSC::Wasm::Plan::cancel):
1600         (JSC::Wasm::Plan::run): Deleted.
1601         (JSC::Wasm::Plan::initializeCallees): Deleted.
1602         * wasm/WasmPlan.h:
1603         (JSC::Wasm::Plan::dontFinalize):
1604         (JSC::Wasm::Plan::exports):
1605         (JSC::Wasm::Plan::internalFunctionCount):
1606         (JSC::Wasm::Plan::takeModuleInformation):
1607         (JSC::Wasm::Plan::takeCallLinkInfos):
1608         (JSC::Wasm::Plan::takeWasmExitStubs):
1609         (JSC::Wasm::Plan::setModeAndPromise):
1610         (JSC::Wasm::Plan::mode):
1611         (JSC::Wasm::Plan::pendingPromise):
1612         (JSC::Wasm::Plan::vm):
1613         (JSC::Wasm::Plan::errorMessage):
1614         (JSC::Wasm::Plan::failed):
1615         (JSC::Wasm::Plan::hasWork):
1616         (JSC::Wasm::Plan::hasBeenPrepared):
1617         * wasm/WasmPlanInlines.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
1618         (JSC::Wasm::Plan::initializeCallees):
1619         * wasm/WasmValidate.cpp:
1620         * wasm/WasmWorklist.cpp: Added.
1621         (JSC::Wasm::Worklist::priorityString):
1622         (JSC::Wasm::Worklist::QueueElement::setToNextPriority):
1623         (JSC::Wasm::Worklist::iterate):
1624         (JSC::Wasm::Worklist::enqueue):
1625         (JSC::Wasm::Worklist::completePlanSynchronously):
1626         (JSC::Wasm::Worklist::stopAllPlansForVM):
1627         (JSC::Wasm::Worklist::Worklist):
1628         (JSC::Wasm::Worklist::~Worklist):
1629         (JSC::Wasm::existingWorklistOrNull):
1630         (JSC::Wasm::ensureWorklist):
1631         * wasm/WasmWorklist.h: Added.
1632         (JSC::Wasm::Worklist::nextTicket):
1633         (JSC::Wasm::Worklist::Comparator::operator()):
1634         * wasm/js/JSWebAssemblyCallee.h:
1635         * wasm/js/JSWebAssemblyCodeBlock.cpp:
1636         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
1637         (JSC::JSWebAssemblyCodeBlock::initialize):
1638         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1639         * wasm/js/JSWebAssemblyCodeBlock.h:
1640         (JSC::JSWebAssemblyCodeBlock::create):
1641         (JSC::JSWebAssemblyCodeBlock::initialized):
1642         (JSC::JSWebAssemblyCodeBlock::plan):
1643         (JSC::JSWebAssemblyCodeBlock::runnable):
1644         (JSC::JSWebAssemblyCodeBlock::errorMessage):
1645         (JSC::JSWebAssemblyCodeBlock::callees):
1646         * wasm/js/JSWebAssemblyHelpers.h:
1647         (JSC::createSourceBufferFromValue):
1648         * wasm/js/JSWebAssemblyInstance.cpp:
1649         (JSC::JSWebAssemblyInstance::finishCreation):
1650         (JSC::JSWebAssemblyInstance::visitChildren):
1651         (JSC::JSWebAssemblyInstance::addUnitializedCodeBlock):
1652         (JSC::JSWebAssemblyInstance::finalizeCreation):
1653         (JSC::JSWebAssemblyInstance::create):
1654         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
1655         * wasm/js/JSWebAssemblyInstance.h:
1656         (JSC::JSWebAssemblyInstance::codeBlock):
1657         (JSC::JSWebAssemblyInstance::initialized):
1658         (JSC::JSWebAssemblyInstance::module):
1659         (JSC::JSWebAssemblyInstance::importFunction):
1660         (JSC::JSWebAssemblyInstance::setMemory):
1661         (JSC::JSWebAssemblyInstance::table):
1662         (JSC::JSWebAssemblyInstance::importFunctions):
1663         (JSC::JSWebAssemblyInstance::setImportFunction): Deleted.
1664         (JSC::JSWebAssemblyInstance::setTable): Deleted.
1665         * wasm/js/JSWebAssemblyModule.cpp:
1666         (JSC::JSWebAssemblyModule::createStub):
1667         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1668         (JSC::JSWebAssemblyModule::finishCreation):
1669         (JSC::JSWebAssemblyModule::setCodeBlock):
1670         (JSC::JSWebAssemblyModule::buildCodeBlock): Deleted.
1671         (JSC::JSWebAssemblyModule::create): Deleted.
1672         (JSC::JSWebAssemblyModule::codeBlock): Deleted.
1673         * wasm/js/JSWebAssemblyModule.h:
1674         (JSC::JSWebAssemblyModule::moduleInformation):
1675         (JSC::JSWebAssemblyModule::codeBlock):
1676         (JSC::JSWebAssemblyModule::source):
1677         (JSC::JSWebAssemblyModule::takeReservedMemory): Deleted.
1678         (JSC::JSWebAssemblyModule::codeBlockFor): Deleted.
1679         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1680         (JSC::constructJSWebAssemblyInstance):
1681         (JSC::WebAssemblyInstanceConstructor::createInstance): Deleted.
1682         * wasm/js/WebAssemblyModuleConstructor.cpp:
1683         (JSC::WebAssemblyModuleConstructor::createModule):
1684         * wasm/js/WebAssemblyModulePrototype.cpp:
1685         (JSC::webAssemblyModuleProtoImports):
1686         (JSC::webAssemblyModuleProtoExports):
1687         * wasm/js/WebAssemblyModuleRecord.cpp:
1688         (JSC::WebAssemblyModuleRecord::finishCreation):
1689         (JSC::WebAssemblyModuleRecord::link):
1690         (JSC::WebAssemblyModuleRecord::evaluate):
1691         * wasm/js/WebAssemblyModuleRecord.h:
1692
1693 2017-03-28  Yusuke Suzuki  <utatane.tea@gmail.com>
1694
1695         WebAssembly: add fallback to use pinned register to load/store state
1696         https://bugs.webkit.org/show_bug.cgi?id=169773
1697
1698         Reviewed by Saam Barati.
1699
1700         This patch adds a new pinned register to hold JSWebAssemblyInstance,
1701         which is used to represent the context of running Wasm code.
1702         While we use fast TLS to hold the context in macOS, we do not have
1703         any system reserved fast TLS slot in the other systems. This pinned
1704         register approach is used in these systems. These changes decouple
1705         VM from Wasm module to make Wasm module position independent code.
1706
1707         While using fast TLS could be beneficial in x64 systems which number of
1708         registers is relatively small, pinned register approach could be
1709         beneficial in ARM64 which has plenty of registers. In macOS, we can
1710         switch the implementation with the runtime flag. Thus macOS port can
1711         compare the performance and decide which implementation is used after
1712         landing this patch.
1713
1714         * heap/MarkedBlock.h:
1715         (JSC::MarkedBlock::offsetOfVM):
1716         * jit/AssemblyHelpers.cpp:
1717         (JSC::AssemblyHelpers::loadWasmContext):
1718         (JSC::AssemblyHelpers::storeWasmContext):
1719         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
1720         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
1721         * jit/AssemblyHelpers.h:
1722         (JSC::AssemblyHelpers::loadWasmContext): Deleted.
1723         (JSC::AssemblyHelpers::storeWasmContext): Deleted.
1724         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister): Deleted.
1725         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister): Deleted.
1726         * jit/Repatch.cpp:
1727         (JSC::webAssemblyOwner):
1728         (JSC::linkFor):
1729         (JSC::linkPolymorphicCall):
1730         (JSC::isWebAssemblyToJSCallee): Deleted.
1731         * jit/ThunkGenerators.cpp:
1732         (JSC::throwExceptionFromWasmThunkGenerator):
1733         * llint/LLIntData.cpp:
1734         (JSC::LLInt::Data::performAssertions):
1735         * llint/LowLevelInterpreter.asm:
1736         * runtime/JSCell.cpp:
1737         (JSC::JSCell::isAnyWasmCallee):
1738         * runtime/JSCellInlines.h:
1739         (JSC::isWebAssemblyToJSCallee):
1740         * runtime/JSType.h:
1741         * runtime/StackFrame.cpp:
1742         (JSC::StackFrame::functionName):
1743         * runtime/VM.cpp:
1744         (JSC::VM::VM):
1745         * runtime/VM.h:
1746         (JSC::VM::wasmContextOffset):
1747         * wasm/WasmB3IRGenerator.cpp:
1748         (JSC::Wasm::B3IRGenerator::materializeWasmContext):
1749         (JSC::Wasm::B3IRGenerator::restoreWasmContext):
1750         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1751         (JSC::Wasm::getMemoryBaseAndSize):
1752         (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
1753         (JSC::Wasm::createJSToWasmWrapper):
1754         (JSC::Wasm::loadWasmContext): Deleted.
1755         (JSC::Wasm::storeWasmContext): Deleted.
1756         (JSC::Wasm::restoreWebAssemblyGlobalState): Deleted.
1757         * wasm/WasmBinding.cpp:
1758         (JSC::Wasm::wasmToJs):
1759         * wasm/WasmContext.cpp:
1760         (JSC::loadWasmContext):
1761         (JSC::storeWasmContext):
1762         * wasm/WasmContext.h:
1763         * wasm/WasmMemoryInformation.cpp:
1764         (JSC::Wasm::getPinnedRegisters):
1765         (JSC::Wasm::PinnedRegisterInfo::get):
1766         (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
1767         * wasm/WasmMemoryInformation.h:
1768         (JSC::Wasm::PinnedRegisterInfo::toSave):
1769         (JSC::Wasm::useFastTLS):
1770         (JSC::Wasm::useFastTLSForWasmContext):
1771         * wasm/js/JSWebAssemblyInstance.cpp:
1772         (JSC::JSWebAssemblyInstance::finishCreation):
1773         (JSC::JSWebAssemblyInstance::visitChildren):
1774         * wasm/js/JSWebAssemblyInstance.h:
1775         (JSC::JSWebAssemblyInstance::offsetOfCallee):
1776         * wasm/js/JSWebAssemblyModule.cpp:
1777         (JSC::JSWebAssemblyModule::finishCreation):
1778         (JSC::JSWebAssemblyModule::visitChildren):
1779         * wasm/js/JSWebAssemblyModule.h:
1780         (JSC::JSWebAssemblyModule::callee):
1781         * wasm/js/WebAssemblyFunction.cpp:
1782         (JSC::callWebAssemblyFunction):
1783         (JSC::WebAssemblyFunction::create):
1784         * wasm/js/WebAssemblyToJSCallee.cpp:
1785         (JSC::WebAssemblyToJSCallee::create):
1786         (JSC::WebAssemblyToJSCallee::createStructure):
1787         (JSC::WebAssemblyToJSCallee::finishCreation):
1788         (JSC::WebAssemblyToJSCallee::visitChildren):
1789         (JSC::WebAssemblyToJSCallee::destroy): Deleted.
1790         * wasm/js/WebAssemblyToJSCallee.h:
1791
1792 2017-03-28  Brian Burg  <bburg@apple.com>
1793
1794         Web Inspector: Add "Disable Caches" option that only applies to the inspected page while Web Inspector is open
1795         https://bugs.webkit.org/show_bug.cgi?id=169865
1796         <rdar://problem/31250573>
1797
1798         Reviewed by Joseph Pecoraro.
1799
1800         * inspector/protocol/Network.json:
1801         Rename the command for disabling resource caching to match the WebCore::Page
1802         flag. This also removes the possibility that this could be confused for the old,
1803         buggy command that this patch rips out.
1804
1805 2017-03-25  Yusuke Suzuki  <utatane.tea@gmail.com>
1806
1807         [JSC] Move platformThreadSignal to WTF
1808         https://bugs.webkit.org/show_bug.cgi?id=170097
1809
1810         Reviewed by Mark Lam.
1811
1812         It is a small clean up towards https://bugs.webkit.org/show_bug.cgi?id=170027.
1813         platformThreadSignal uses PlatformThread in JSC, but it can be implemented in
1814         WTF ThreadIdentifier.
1815
1816         * runtime/JSLock.cpp:
1817         (JSC::JSLock::lock):
1818         * runtime/JSLock.h:
1819         (JSC::JSLock::ownerThread):
1820         (JSC::JSLock::currentThreadIsHoldingLock):
1821         * runtime/PlatformThread.h:
1822         (JSC::platformThreadSignal): Deleted.
1823         * runtime/VM.h:
1824         (JSC::VM::ownerThread):
1825         * runtime/VMTraps.cpp:
1826         (JSC::VMTraps::SignalSender::send):
1827
1828 2017-03-28  JF Bastien  <jfbastien@apple.com>
1829
1830         WebAssembly: implement Module imports/exports
1831         https://bugs.webkit.org/show_bug.cgi?id=166982
1832
1833         Reviewed by Saam Barati.
1834
1835         As defined in: https://github.com/WebAssembly/design/commit/18cbacb90cd3584dd5c9aa3d392e4e55f66af6ab
1836
1837         * wasm/WasmFormat.h:
1838         (JSC::Wasm::makeString): use uppercase instead, it was only used
1839         for diagnostic but is now used for the expected JS property's
1840         capitalization
1841         * wasm/js/WebAssemblyModulePrototype.cpp:
1842         (JSC::webAssemblyModuleProtoImports):
1843         (JSC::webAssemblyModuleProtoExports):
1844
1845 2017-03-27  JF Bastien  <jfbastien@apple.com>
1846
1847         WebAssembly: JSWebAssemblyCodeBlock.h belongs in JavaScriptCore/wasm/js not JavaScriptCore/wasm
1848         https://bugs.webkit.org/show_bug.cgi?id=170160
1849
1850         Reviewed by Mark Lam.
1851
1852         * JavaScriptCore.xcodeproj/project.pbxproj:
1853         * wasm/js/JSWebAssemblyCodeBlock.h: Renamed from Source/JavaScriptCore/wasm/JSWebAssemblyCodeBlock.h.
1854
1855 2017-03-27  JF Bastien  <jfbastien@apple.com>
1856
1857         WebAssembly: misc memory testing
1858         https://bugs.webkit.org/show_bug.cgi?id=170137
1859
1860         Reviewed by Keith Miller.
1861
1862         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1863         (JSC::WebAssemblyInstanceConstructor::createInstance): improve error messages
1864
1865 2017-03-27  Michael Saboff  <msaboff@apple.com>
1866
1867         Add ARM64 system instructions to disassembler
1868         https://bugs.webkit.org/show_bug.cgi?id=170084
1869
1870         Reviewed by Saam Barati.
1871
1872         This changes adds support for MRS and MSR instructions, and refactors the DMB
1873         disassembly to handle all of the barrier instructions.
1874
1875         * disassembler/ARM64/A64DOpcode.cpp:
1876         (JSC::ARM64Disassembler::A64DOpcodeMSRImmediate::format):
1877         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::format):
1878         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::format):
1879         (JSC::ARM64Disassembler::A64DOpcodeDmb::format): Deleted.
1880         * disassembler/ARM64/A64DOpcode.h:
1881         (JSC::ARM64Disassembler::A64DOpcodeSystem::lBit):
1882         (JSC::ARM64Disassembler::A64DOpcodeSystem::op0):
1883         (JSC::ARM64Disassembler::A64DOpcodeSystem::op1):
1884         (JSC::ARM64Disassembler::A64DOpcodeSystem::crN):
1885         (JSC::ARM64Disassembler::A64DOpcodeSystem::crM):
1886         (JSC::ARM64Disassembler::A64DOpcodeSystem::op2):
1887         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::opName):
1888         (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::systemRegister):
1889         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::opName):
1890         (JSC::ARM64Disassembler::A64DOpcodeSystemSync::option):
1891         (JSC::ARM64Disassembler::A64DOpcodeDmb::opName): Deleted.
1892         (JSC::ARM64Disassembler::A64DOpcodeDmb::option): Deleted.
1893         (JSC::ARM64Disassembler::A64DOpcodeDmb::crM): Deleted.
1894
1895 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
1896
1897         B3::fixSSA should do liveness pruning
1898         https://bugs.webkit.org/show_bug.cgi?id=170111
1899
1900         Reviewed by Saam Barati.
1901         
1902         This moves all of the logic of Air::Liveness<> to WTF::Liveness<> and then uses that to
1903         create B3::VariableLiveness. Then this uses VariableLiveness::LiveAtHead to prune Phi
1904         construction.
1905         
1906         This makes B3::fixSSA run twice as fast. This is a 13% progression on WasmBench compile
1907         times.
1908
1909         * CMakeLists.txt:
1910         * JavaScriptCore.xcodeproj/project.pbxproj:
1911         * b3/B3BasicBlock.h:
1912         (JSC::B3::BasicBlock::get):
1913         * b3/B3FixSSA.cpp:
1914         (JSC::B3::fixSSA):
1915         * b3/B3VariableLiveness.cpp: Added.
1916         (JSC::B3::VariableLiveness::VariableLiveness):
1917         (JSC::B3::VariableLiveness::~VariableLiveness):
1918         * b3/B3VariableLiveness.h: Added.
1919         (JSC::B3::VariableLivenessAdapter::VariableLivenessAdapter):
1920         (JSC::B3::VariableLivenessAdapter::numIndices):
1921         (JSC::B3::VariableLivenessAdapter::valueToIndex):
1922         (JSC::B3::VariableLivenessAdapter::indexToValue):
1923         (JSC::B3::VariableLivenessAdapter::blockSize):
1924         (JSC::B3::VariableLivenessAdapter::forEachEarlyUse):
1925         (JSC::B3::VariableLivenessAdapter::forEachLateUse):
1926         (JSC::B3::VariableLivenessAdapter::forEachEarlyDef):
1927         (JSC::B3::VariableLivenessAdapter::forEachLateDef):
1928         * b3/air/AirCFG.h: Added.
1929         (JSC::B3::Air::CFG::CFG):
1930         (JSC::B3::Air::CFG::root):
1931         (JSC::B3::Air::CFG::newMap):
1932         (JSC::B3::Air::CFG::successors):
1933         (JSC::B3::Air::CFG::predecessors):
1934         (JSC::B3::Air::CFG::index):
1935         (JSC::B3::Air::CFG::node):
1936         (JSC::B3::Air::CFG::numNodes):
1937         (JSC::B3::Air::CFG::dump):
1938         * b3/air/AirCode.cpp:
1939         (JSC::B3::Air::Code::Code):
1940         * b3/air/AirCode.h:
1941         (JSC::B3::Air::Code::cfg):
1942         * b3/air/AirLiveness.h:
1943         (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
1944         (JSC::B3::Air::LivenessAdapter::blockSize):
1945         (JSC::B3::Air::LivenessAdapter::forEachEarlyUse):
1946         (JSC::B3::Air::LivenessAdapter::forEachLateUse):
1947         (JSC::B3::Air::LivenessAdapter::forEachEarlyDef):
1948         (JSC::B3::Air::LivenessAdapter::forEachLateDef):
1949         (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
1950         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
1951         (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
1952         (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
1953         (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
1954         (JSC::B3::Air::Liveness::Liveness):
1955         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc): Deleted.
1956         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable): Deleted.
1957         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator): Deleted.
1958         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++): Deleted.
1959         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*): Deleted.
1960         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==): Deleted.
1961         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=): Deleted.
1962         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin): Deleted.
1963         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end): Deleted.
1964         (JSC::B3::Air::Liveness::LocalCalc::Iterable::contains): Deleted.
1965         (JSC::B3::Air::Liveness::LocalCalc::live): Deleted.
1966         (JSC::B3::Air::Liveness::LocalCalc::isLive): Deleted.
1967         (JSC::B3::Air::Liveness::LocalCalc::execute): Deleted.
1968         (JSC::B3::Air::Liveness::rawLiveAtHead): Deleted.
1969         (JSC::B3::Air::Liveness::Iterable::Iterable): Deleted.
1970         (JSC::B3::Air::Liveness::Iterable::iterator::iterator): Deleted.
1971         (JSC::B3::Air::Liveness::Iterable::iterator::operator*): Deleted.
1972         (JSC::B3::Air::Liveness::Iterable::iterator::operator++): Deleted.
1973         (JSC::B3::Air::Liveness::Iterable::iterator::operator==): Deleted.
1974         (JSC::B3::Air::Liveness::Iterable::iterator::operator!=): Deleted.
1975         (JSC::B3::Air::Liveness::Iterable::begin): Deleted.
1976         (JSC::B3::Air::Liveness::Iterable::end): Deleted.
1977         (JSC::B3::Air::Liveness::Iterable::contains): Deleted.
1978         (JSC::B3::Air::Liveness::liveAtHead): Deleted.
1979         (JSC::B3::Air::Liveness::liveAtTail): Deleted.
1980         (JSC::B3::Air::Liveness::workset): Deleted.
1981
1982 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
1983
1984         Air::Liveness shouldn't need HashSets
1985         https://bugs.webkit.org/show_bug.cgi?id=170102
1986
1987         Reviewed by Yusuke Suzuki.
1988         
1989         This converts Air::Liveness<> to no longer use HashSets or BitVectors. This turns out to be
1990         easy because it's cheap enough to do a sorted merge of the things being added to liveAtHead and
1991         the things in the predecessors' liveAtTail. This turns out to be faster - it's a 2% overall
1992         compile time progression on WasmBench.
1993         
1994         * b3/B3LowerToAir.cpp:
1995         (JSC::B3::Air::LowerToAir::lower): Add a FIXME unrelated to this patch.
1996         * b3/air/AirLiveness.h:
1997         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
1998         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc):
1999         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead):
2000         (JSC::B3::Air::AbstractLiveness::liveAtHead):
2001         (JSC::B3::Air::AbstractLiveness::liveAtTail):
2002         * b3/air/AirTmp.h:
2003         (JSC::B3::Air::Tmp::bank):
2004         (JSC::B3::Air::Tmp::tmpIndex):
2005         * dfg/DFGStoreBarrierClusteringPhase.cpp:
2006
2007 2017-03-26  Filip Pizlo  <fpizlo@apple.com>
2008
2009         Air should use RegisterSet for RegLiveness
2010         https://bugs.webkit.org/show_bug.cgi?id=170108
2011
2012         Reviewed by Yusuke Suzuki.
2013         
2014         The biggest change here is the introduction of the new RegLiveness class. This is a
2015         drop-in replacement for the old RegLiveness, which was a specialization of
2016         AbstractLiveness<>, but it's about 30% faster. It gets its speed boost from just using
2017         sets everywhere, which is efficient for registers since RegisterSet is just two (on
2018         x86-64) or three 32-bit (on ARM64) statically allocated words. This looks like a 1%
2019         compile time progression on WasmBench.
2020
2021         * CMakeLists.txt:
2022         * JavaScriptCore.xcodeproj/project.pbxproj:
2023         * b3/B3TimingScope.cpp: Records phase timing totals.
2024         (JSC::B3::TimingScope::TimingScope):
2025         (JSC::B3::TimingScope::~TimingScope):
2026         * b3/B3TimingScope.h:
2027         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
2028         (JSC::B3::Air::allocateRegistersByGraphColoring):
2029         * b3/air/AirLiveness.h: Move code around and rename a bit to make it more like RegLiveness; in particular we want the `iterator` to be called `iterator` not `Iterator`, and we want it to be internal to its iterable. Also rename this template to Liveness, to match the header filename.
2030         (JSC::B3::Air::Liveness::Liveness):
2031         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2032         (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable):
2033         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator):
2034         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++):
2035         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*):
2036         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==):
2037         (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=):
2038         (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin):
2039         (JSC::B3::Air::Liveness::LocalCalc::Iterable::end):
2040         (JSC::B3::Air::Liveness::Iterable::Iterable):
2041         (JSC::B3::Air::Liveness::Iterable::iterator::iterator):
2042         (JSC::B3::Air::RegLivenessAdapter::RegLivenessAdapter): Deleted.
2043         (JSC::B3::Air::RegLivenessAdapter::numIndices): Deleted.
2044         (JSC::B3::Air::RegLivenessAdapter::acceptsBank): Deleted.
2045         (JSC::B3::Air::RegLivenessAdapter::acceptsRole): Deleted.
2046         (JSC::B3::Air::RegLivenessAdapter::valueToIndex): Deleted.
2047         (JSC::B3::Air::RegLivenessAdapter::indexToValue): Deleted.
2048         (JSC::B3::Air::AbstractLiveness::AbstractLiveness): Deleted.
2049         (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc): Deleted.
2050         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::Iterator): Deleted.
2051         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator++): Deleted.
2052         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator*): Deleted.
2053         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator==): Deleted.
2054         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator!=): Deleted.
2055         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::Iterable): Deleted.
2056         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::begin): Deleted.
2057         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::end): Deleted.
2058         (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::contains): Deleted.
2059         (JSC::B3::Air::AbstractLiveness::LocalCalc::live): Deleted.
2060         (JSC::B3::Air::AbstractLiveness::LocalCalc::isLive): Deleted.
2061         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute): Deleted.
2062         (JSC::B3::Air::AbstractLiveness::rawLiveAtHead): Deleted.
2063         (JSC::B3::Air::AbstractLiveness::Iterable::Iterable): Deleted.
2064         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::iterator): Deleted.
2065         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator*): Deleted.
2066         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator++): Deleted.
2067         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator==): Deleted.
2068         (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator!=): Deleted.
2069         (JSC::B3::Air::AbstractLiveness::Iterable::begin): Deleted.
2070         (JSC::B3::Air::AbstractLiveness::Iterable::end): Deleted.
2071         (JSC::B3::Air::AbstractLiveness::Iterable::contains): Deleted.
2072         (JSC::B3::Air::AbstractLiveness::liveAtHead): Deleted.
2073         (JSC::B3::Air::AbstractLiveness::liveAtTail): Deleted.
2074         (JSC::B3::Air::AbstractLiveness::workset): Deleted.
2075         * b3/air/AirLogRegisterPressure.cpp:
2076         * b3/air/AirLowerAfterRegAlloc.cpp:
2077         * b3/air/AirRegLiveness.cpp: Added.
2078         (JSC::B3::Air::RegLiveness::RegLiveness):
2079         (JSC::B3::Air::RegLiveness::~RegLiveness):
2080         (JSC::B3::Air::RegLiveness::LocalCalc::execute):
2081         * b3/air/AirRegLiveness.h: Added.
2082         (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
2083         (JSC::B3::Air::RegLiveness::LocalCalc::live):
2084         (JSC::B3::Air::RegLiveness::LocalCalc::isLive):
2085         (JSC::B3::Air::RegLiveness::liveAtHead):
2086         (JSC::B3::Air::RegLiveness::liveAtTail):
2087         * b3/air/AirReportUsedRegisters.cpp:
2088         * jit/RegisterSet.h:
2089         (JSC::RegisterSet::add):
2090         (JSC::RegisterSet::remove):
2091         (JSC::RegisterSet::contains):
2092         (JSC::RegisterSet::subsumes):
2093         (JSC::RegisterSet::iterator::iterator):
2094         (JSC::RegisterSet::iterator::operator*):
2095         (JSC::RegisterSet::iterator::operator++):
2096         (JSC::RegisterSet::iterator::operator==):
2097         (JSC::RegisterSet::iterator::operator!=):
2098         (JSC::RegisterSet::begin):
2099         (JSC::RegisterSet::end):
2100
2101 2017-03-25  Filip Pizlo  <fpizlo@apple.com>
2102
2103         Fix wasm by returning after we do TLS.
2104
2105         Rubber stamped by Keith Miller.
2106
2107         * jit/AssemblyHelpers.h:
2108         (JSC::AssemblyHelpers::storeWasmContext):
2109
2110 2017-03-24  Mark Lam  <mark.lam@apple.com>
2111
2112         Add some instrumentation in Heap::resumeThePeriphery() to help debug an issue.
2113         https://bugs.webkit.org/show_bug.cgi?id=170086
2114         <rdar://problem/31253673>
2115
2116         Reviewed by Saam Barati.
2117
2118         Adding some instrumentation in Heap::resumeThePeriphery() to dump some Heap state
2119         just before we RELEASE_ASSERT_NOT_REACHED.
2120
2121         * heap/Heap.cpp:
2122         (JSC::Heap::resumeThePeriphery):
2123
2124 2017-03-24  JF Bastien  <jfbastien@apple.com>
2125
2126         WebAssembly: store state in TLS instead of on VM
2127         https://bugs.webkit.org/show_bug.cgi?id=169611
2128
2129         Reviewed by Filip Pizlo.
2130
2131         Using thread-local storage instead of VM makes code more position
2132         independent. We used to store the WebAssembly top Instance (the
2133         latest one in the call stack) on VM, now we instead store it in
2134         TLS. This top Instance is used to access a bunch of state such as
2135         Memory location, size, table (for call_indirect), etc.
2136
2137         Instead of calling it "top", which is confusing, we now just call
2138         it WasmContext.
2139
2140         Making the code PIC means future patches will be able to
2141         postMessage and structured clone into IDB without having to
2142         recompile the code. This wasn't possible before because we
2143         hard-coded the address of VM at compilation time. That doesn't
2144         work between workers, and doesn't work across reloads (which IDB
2145         is intended to do).
2146
2147         It'll also potentially make code faster once we start tuning
2148         what's in TLS, what's in which of the 4 free slots, and what's in
2149         pinned registers. I'm leaving this tuning for later because
2150         there's lower lying fruit for us to pick.
2151
2152         * CMakeLists.txt:
2153         * JavaScriptCore.xcodeproj/project.pbxproj:
2154         * assembler/AbstractMacroAssembler.h:
2155         * assembler/AllowMacroScratchRegisterUsageIf.h: Copied from assembler/AllowMacroScratchRegisterUsage.h.
2156         (JSC::AllowMacroScratchRegisterUsageIf::AllowMacroScratchRegisterUsageIf):
2157         (JSC::AllowMacroScratchRegisterUsageIf::~AllowMacroScratchRegisterUsageIf):
2158         * assembler/MacroAssembler.h:
2159         (JSC::MacroAssembler::storeToTLSPtr): we previously didn't have
2160         the code required to store to TLS, only to load
2161         * assembler/MacroAssemblerARM64.h:
2162         (JSC::MacroAssemblerARM64::loadFromTLSPtrNeedsMacroScratchRegister):
2163         (JSC::MacroAssemblerARM64::storeToTLS32):
2164         (JSC::MacroAssemblerARM64::storeToTLS64):
2165         (JSC::MacroAssemblerARM64::storeToTLSPtrNeedsMacroScratchRegister):
2166         * assembler/MacroAssemblerX86Common.h:
2167         (JSC::MacroAssemblerX86Common::loadFromTLSPtrNeedsMacroScratchRegister):
2168         (JSC::MacroAssemblerX86Common::storeToTLS32):
2169         (JSC::MacroAssemblerX86Common::storeToTLSPtrNeedsMacroScratchRegister):
2170         * assembler/MacroAssemblerX86_64.h:
2171         (JSC::MacroAssemblerX86_64::loadFromTLS64): was loading 32-bit instead of 64-bit
2172         (JSC::MacroAssemblerX86_64::storeToTLS64):
2173         * assembler/X86Assembler.h:
2174         (JSC::X86Assembler::movl_rm):
2175         (JSC::X86Assembler::movq_rm):
2176         * b3/testb3.cpp:
2177         (JSC::B3::testFastTLSLoad):
2178         (JSC::B3::testFastTLSStore):
2179         (JSC::B3::run):
2180         * jit/AssemblyHelpers.h:
2181         (JSC::AssemblyHelpers::loadWasmContext):
2182         (JSC::AssemblyHelpers::storeWasmContext):
2183         (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
2184         (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
2185         * jit/Repatch.cpp:
2186         (JSC::webAssemblyOwner):
2187         * jit/ThunkGenerators.cpp:
2188         (JSC::throwExceptionFromWasmThunkGenerator):
2189         * runtime/Options.h:
2190         * runtime/VM.cpp:
2191         (JSC::VM::VM):
2192         * runtime/VM.h:
2193         * wasm/WasmB3IRGenerator.cpp:
2194         (JSC::Wasm::loadWasmContext):
2195         (JSC::Wasm::storeWasmContext):
2196         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2197         (JSC::Wasm::getMemoryBaseAndSize):
2198         (JSC::Wasm::restoreWebAssemblyGlobalState):
2199         (JSC::Wasm::createJSToWasmWrapper):
2200         (JSC::Wasm::parseAndCompile):
2201         * wasm/WasmBinding.cpp:
2202         (JSC::Wasm::materializeImportJSCell):
2203         (JSC::Wasm::wasmToJs):
2204         (JSC::Wasm::wasmToWasm):
2205         * wasm/WasmContext.cpp: Added.
2206         (JSC::loadWasmContext):
2207         (JSC::storeWasmContext):
2208         * wasm/WasmContext.h: Added. Replaces "top" JSWebAssemblyInstance.
2209         * wasm/js/WebAssemblyFunction.cpp:
2210         (JSC::callWebAssemblyFunction):
2211         * wasm/js/WebAssemblyInstanceConstructor.h:
2212
2213 2017-03-24  JF Bastien  <jfbastien@apple.com>
2214
2215         WebAssembly: spec-tests/memory.wast.js fails in debug
2216         https://bugs.webkit.org/show_bug.cgi?id=169794
2217
2218         Reviewed by Keith Miller.
2219
2220         The failure was due to empty memories (with maximum size 0). Those
2221         only occur in tests and in code that's trying to trip us. This
2222         patch adds memory mode "none" which represents no memory. It can
2223         work with either bounds checked or signaling code because it never
2224         contains loads and stores.
2225
2226         The spec tests which were failing did the following:
2227             > (module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
2228             > (assert_return (invoke "memsize") (i32.const 0))
2229             > (module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
2230             > (assert_return (invoke "memsize") (i32.const 0))
2231             > (module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
2232             > (assert_return (invoke "memsize") (i32.const 1))
2233
2234         * wasm/WasmB3IRGenerator.cpp:
2235         (JSC::Wasm::B3IRGenerator::memoryKind):
2236         * wasm/WasmMemory.cpp:
2237         (JSC::Wasm::tryGetFastMemory):
2238         (JSC::Wasm::releaseFastMemory):
2239         (JSC::Wasm::Memory::Memory):
2240         (JSC::Wasm::Memory::createImpl):
2241         (JSC::Wasm::Memory::create):
2242         (JSC::Wasm::Memory::grow):
2243         (JSC::Wasm::Memory::makeString):
2244         * wasm/WasmMemory.h:
2245         * wasm/WasmMemoryInformation.cpp:
2246         (JSC::Wasm::MemoryInformation::MemoryInformation):
2247         * wasm/js/JSWebAssemblyCodeBlock.cpp:
2248         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
2249         * wasm/js/JSWebAssemblyModule.cpp:
2250         (JSC::JSWebAssemblyModule::codeBlock):
2251         (JSC::JSWebAssemblyModule::finishCreation):
2252         * wasm/js/JSWebAssemblyModule.h:
2253         (JSC::JSWebAssemblyModule::codeBlock):
2254         (JSC::JSWebAssemblyModule::codeBlockFor):
2255
2256 2017-03-24  Mark Lam  <mark.lam@apple.com>
2257
2258         Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
2259         https://bugs.webkit.org/show_bug.cgi?id=170064
2260         <rdar://problem/31246098>
2261
2262         Reviewed by Geoffrey Garen.
2263
2264         * runtime/ArrayPrototype.cpp:
2265         (JSC::arrayProtoPrivateFuncConcatMemcpy):
2266         * runtime/JSArray.cpp:
2267         (JSC::JSArray::fastSlice):
2268
2269 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
2270
2271         [JSC] Use jsNontrivialString agressively for ToString(Int52)
2272         https://bugs.webkit.org/show_bug.cgi?id=170002
2273
2274         Reviewed by Sam Weinig.
2275
2276         We use the same logic used for Int32 to use jsNontvirialString.
2277         After single character check, produced string is always longer than 1.
2278         Thus, we can use jsNontrivialString.
2279
2280         * runtime/NumberPrototype.cpp:
2281         (JSC::int52ToString):
2282
2283 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
2284
2285         [JSC] Use WeakRandom for SamplingProfiler interval fluctuation
2286         https://bugs.webkit.org/show_bug.cgi?id=170045
2287
2288         Reviewed by Mark Lam.
2289
2290         It is unnecessary to use cryptographicallyRandomNumber for SamplingProfiler
2291         interval fluctuation. Use WeakRandom instead.
2292
2293         * runtime/SamplingProfiler.cpp:
2294         (JSC::SamplingProfiler::SamplingProfiler):
2295         (JSC::SamplingProfiler::timerLoop):
2296         * runtime/SamplingProfiler.h:
2297
2298 2017-03-23  Mark Lam  <mark.lam@apple.com>
2299
2300         Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
2301         https://bugs.webkit.org/show_bug.cgi?id=170025
2302         <rdar://problem/31228679>
2303
2304         Reviewed by Saam Barati.
2305
2306         * runtime/ArrayPrototype.cpp:
2307         (JSC::copySplicedArrayElements):
2308         (JSC::arrayProtoFuncSplice):
2309
2310 2017-03-23  Yusuke Suzuki  <utatane.tea@gmail.com>
2311
2312         [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
2313         https://bugs.webkit.org/show_bug.cgi?id=169998
2314
2315         Reviewed by Saam Barati.
2316
2317         Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
2318         We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
2319         We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.
2320
2321         This patch tighten the conditions of addShouldSpeculateAnyInt.
2322
2323         1. Honor DoubleConstant.
2324
2325         When executing imaging-darkroom, we have a thing like that,
2326
2327             132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
2328             1320:< 1:loc38>        Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
2329             1321:< 1:loc39>        Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
2330             133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)
2331
2332         The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
2333         of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
2334         While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
2335         severe performance regression.
2336
2337         Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.
2338
2339         One thing can be found that we have DoubleConstant in the RHS. It means that we have `1.0` instead of `1` in the code.
2340         We can see the code like `lhs - 1.0` instead of `lhs - 1` in imaging-darkroom. It offers good information that lhs and
2341         the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
2342         it in Int52.
2343
2344         So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
2345         Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.
2346
2347         2. Two Int52Rep(Double) conversions are not desirable.
2348
2349         We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
2350         decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
2351         rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
2352         cheap since only one Double to Int52 conversion could be required.
2353         This recovers some regression in assorted tests while keeping kraken crypto improvements.
2354
2355         3. Avoid frequent Int52 to JSValue conversions.
2356
2357         Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
2358         Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
2359         converting Int52, performing ArithAdd, and soon converting back to JSValue.
2360
2361         The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
2362         And still it keeps kraken crypto improvements.
2363
2364                                                    baseline                  patched
2365
2366         imaging-darkroom                       201.112+-3.192      ^     189.532+-2.883         ^ definitely 1.0611x faster
2367         stanford-crypto-pbkdf2                 103.953+-2.325            100.926+-2.396           might be 1.0300x faster
2368         stanford-crypto-sha256-iterative        35.103+-1.071      ?      36.049+-1.143         ? might be 1.0270x slower
2369
2370         * dfg/DFGGraph.h:
2371         (JSC::DFG::Graph::addShouldSpeculateAnyInt):
2372
2373 == Rolled over to ChangeLog-2017-03-23 ==