71c291e1fcc48ab3d0334a3fa52e2e1fd3da75bb
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
2
3         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
4         https://bugs.webkit.org/show_bug.cgi?id=150685
5
6         Reviewed by Geoffrey Garen.
7
8         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
9         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
10         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
11         requires fewer bits.
12
13         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
14         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
15         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
16         helper should happily accept either Const32Value or Const64Value.
17
18         We already sort of had this with immAnyType(), but it just turns out that anyone using
19         immAnyType() should really be using imm().
20
21         * b3/B3LowerToAir.cpp:
22         (JSC::B3::Air::LowerToAir::imm):
23         (JSC::B3::Air::LowerToAir::tryStore):
24         (JSC::B3::Air::LowerToAir::tryConst64):
25         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
26         * b3/testb3.cpp:
27         (JSC::B3::testAdd1):
28         (JSC::B3::testAdd1Ptr):
29         (JSC::B3::testStoreAddLoad):
30         (JSC::B3::run):
31
32 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
33
34         StoreOpLoad pattern matching should check effects between the Store and Load
35         https://bugs.webkit.org/show_bug.cgi?id=150534
36
37         Reviewed by Geoffrey Garen.
38
39         If we turn:
40
41             a = Load(addr)
42             b = Add(a, 42)
43             Store(b, addr)
44
45         Into:
46
47             Add $42, (addr)
48
49         Then we must make sure that we didn't really have this to begin with:
50
51             a = Load(addr)
52             Store(666, addr)
53             b = Add(a, 42)
54             Store(b, addr)
55
56         That's because pattern matching doesn't care about control flow, and it finds the Load
57         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
58         enough to broadly ask questions about whether such a code motion of the Load is legal.
59
60         * b3/B3Effects.cpp:
61         (JSC::B3::Effects::interferes):
62         (JSC::B3::Effects::dump):
63         * b3/B3Effects.h:
64         (JSC::B3::Effects::mustExecute):
65         * b3/B3LowerToAir.cpp:
66         (JSC::B3::Air::LowerToAir::run):
67         (JSC::B3::Air::LowerToAir::commitInternal):
68         (JSC::B3::Air::LowerToAir::crossesInterference):
69         (JSC::B3::Air::LowerToAir::effectiveAddr):
70         (JSC::B3::Air::LowerToAir::loadAddr):
71         * b3/B3Procedure.cpp:
72         (JSC::B3::Procedure::addBlock):
73         (JSC::B3::Procedure::resetValueOwners):
74         (JSC::B3::Procedure::resetReachability):
75         * b3/B3Procedure.h:
76         * b3/B3Value.cpp:
77         (JSC::B3::Value::effects):
78         * b3/B3Value.h:
79         * b3/testb3.cpp:
80         (JSC::B3::testStoreAddLoad):
81         (JSC::B3::testStoreAddLoadInterference):
82         (JSC::B3::testStoreAddAndLoad):
83         (JSC::B3::testLoadOffsetUsingAdd):
84         (JSC::B3::testLoadOffsetUsingAddInterference):
85         (JSC::B3::testLoadOffsetUsingAddNotConstant):
86         (JSC::B3::run):
87
88 2015-10-29  Brady Eidson  <beidson@apple.com>
89
90         Modern IDB: deleteObjectStore support.
91         https://bugs.webkit.org/show_bug.cgi?id=150673
92
93         Reviewed by Alex Christensen.
94
95         * runtime/VM.h:
96
97 2015-10-29  Mark Lam  <mark.lam@apple.com>
98
99         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
100         https://bugs.webkit.org/show_bug.cgi?id=150687
101
102         Unreviewed.
103
104         Disabling the feature while it is being debugged.  I'm doing this by effectively
105         rolling out only the changes in FTLCapabilities.cpp.
106
107         * ftl/FTLCapabilities.cpp:
108         (JSC::FTL::canCompile):
109
110 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
111
112         Unreviewed, fix iOS build.
113
114         * assembler/MacroAssemblerARM64.h:
115         (JSC::MacroAssemblerARM64::store64):
116
117 2015-10-29  Alex Christensen  <achristensen@webkit.org>
118
119         Fix Mac CMake build
120         https://bugs.webkit.org/show_bug.cgi?id=150686
121
122         Reviewed by Filip Pizlo.
123
124         * API/ObjCCallbackFunction.mm:
125         * CMakeLists.txt:
126         * PlatformMac.cmake:
127
128 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
129
130         Air needs syntax for escaping StackSlots
131         https://bugs.webkit.org/show_bug.cgi?id=150430
132
133         Reviewed by Geoffrey Garen.
134
135         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
136         instruction for getting the value of an address. This is necessary to support arbitrary
137         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
138         this new instruction.
139
140         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
141         would do: it evaluates an address, but does not load from it or store to it.
142
143         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
144         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
145         that StackSlots may escape, and factors this into its analysis.
146
147         * assembler/MacroAssembler.h:
148         (JSC::MacroAssembler::lea):
149         * b3/B3AddressMatcher.patterns:
150         * b3/B3LowerToAir.cpp:
151         (JSC::B3::Air::LowerToAir::run):
152         (JSC::B3::Air::LowerToAir::addr):
153         (JSC::B3::Air::LowerToAir::loadAddr):
154         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
155         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
156         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
157         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
158         (JSC::B3::Air::LowerToAir::tryConst64):
159         (JSC::B3::Air::LowerToAir::tryFramePointer):
160         (JSC::B3::Air::LowerToAir::tryStackSlot):
161         (JSC::B3::Air::LowerToAir::tryIdentity):
162         * b3/B3LoweringMatcher.patterns:
163         * b3/B3MemoryValue.cpp:
164         (JSC::B3::MemoryValue::~MemoryValue):
165         (JSC::B3::MemoryValue::accessByteSize):
166         (JSC::B3::MemoryValue::dumpMeta):
167         * b3/B3MemoryValue.h:
168         * b3/B3ReduceStrength.cpp:
169         * b3/B3StackSlotValue.h:
170         (JSC::B3::StackSlotValue::accepts): Deleted.
171         * b3/B3Type.h:
172         (JSC::B3::pointerType):
173         (JSC::B3::sizeofType):
174         * b3/B3Validate.cpp:
175         * b3/B3Value.h:
176         * b3/air/AirAllocateStack.cpp:
177         (JSC::B3::Air::allocateStack):
178         * b3/air/AirArg.h:
179         (JSC::B3::Air::Arg::isUse):
180         (JSC::B3::Air::Arg::isDef):
181         (JSC::B3::Air::Arg::forEachTmp):
182         * b3/air/AirCode.cpp:
183         (JSC::B3::Air::Code::addStackSlot):
184         (JSC::B3::Air::Code::addSpecial):
185         * b3/air/AirCode.h:
186         * b3/air/AirOpcode.opcodes:
187         * b3/air/AirSpillEverything.cpp:
188         (JSC::B3::Air::spillEverything):
189         * b3/air/AirStackSlot.h:
190         (JSC::B3::Air::StackSlot::byteSize):
191         (JSC::B3::Air::StackSlot::kind):
192         (JSC::B3::Air::StackSlot::isLocked):
193         (JSC::B3::Air::StackSlot::index):
194         (JSC::B3::Air::StackSlot::alignment):
195         * b3/air/opcode_generator.rb:
196         * b3/testb3.cpp:
197         (JSC::B3::testLoadOffsetUsingAddNotConstant):
198         (JSC::B3::testFramePointer):
199         (JSC::B3::testStackSlot):
200         (JSC::B3::testLoadFromFramePointer):
201         (JSC::B3::testStoreLoadStackSlot):
202         (JSC::B3::run):
203
204 2015-10-29  Saam barati  <sbarati@apple.com>
205
206         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
207         https://bugs.webkit.org/show_bug.cgi?id=150655
208
209         Reviewed by Filip Pizlo.
210
211         We're recomputing this value for an *OSRExitDescriptor* for every one
212         of its corresponding *OSRExits*. This is having a multiplicative
213         effect on offsets because each computation is relative to the previous
214         value. We must do this computation just once per OSRExitDescriptor.
215
216         * ftl/FTLCompile.cpp:
217         (JSC::FTL::mmAllocateDataSection):
218
219 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
220
221         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
222         https://bugs.webkit.org/show_bug.cgi?id=150657
223
224         Reviewed by Geoffrey Garen.
225
226         Also added the ability to store an immediate to memory.
227
228         * assembler/MacroAssembler.h:
229         (JSC::MacroAssembler::storePtr):
230         * assembler/MacroAssemblerARM64.h:
231         (JSC::MacroAssemblerARM64::store64):
232         * assembler/MacroAssemblerX86_64.h:
233         (JSC::MacroAssemblerX86_64::store64):
234         * b3/B3LowerToAir.cpp:
235         (JSC::B3::Air::LowerToAir::imm):
236         (JSC::B3::Air::LowerToAir::immAnyInt):
237         (JSC::B3::Air::LowerToAir::immOrTmp):
238         (JSC::B3::Air::LowerToAir::tryStore):
239         * b3/air/AirOpcode.opcodes:
240         * b3/air/AirSpillEverything.cpp:
241         (JSC::B3::Air::spillEverything):
242         * b3/testb3.cpp:
243         (JSC::B3::testStore):
244         (JSC::B3::testStoreConstant):
245         (JSC::B3::testStoreConstantPtr):
246         (JSC::B3::testTrunc):
247         (JSC::B3::run):
248
249 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
250
251         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
252         https://bugs.webkit.org/show_bug.cgi?id=150654
253
254         Reviewed by Geoffrey Garen.
255
256         * inspector/scripts/codegen/generator.py:
257
258 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
259
260         B3::reduceStrength() should do DCE
261         https://bugs.webkit.org/show_bug.cgi?id=150656
262
263         Reviewed by Saam Barati.
264
265         * b3/B3BasicBlock.cpp:
266         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
267         * b3/B3BasicBlock.h:
268         * b3/B3Procedure.cpp:
269         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
270         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
271         * b3/B3Procedure.h:
272         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
273         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
274         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
275         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
276         (JSC::B3::Procedure::values):
277         * b3/B3ProcedureInlines.h:
278         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
279         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
280
281 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
282
283         Web Inspector: Remove unused / duplicate WebSocket timeline records
284         https://bugs.webkit.org/show_bug.cgi?id=150647
285
286         Reviewed by Timothy Hatcher.
287
288         * inspector/protocol/Timeline.json:
289
290 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
291
292         B3::LowerToAir should not duplicate Loads
293         https://bugs.webkit.org/show_bug.cgi?id=150651
294
295         Reviewed by Benjamin Poulain.
296
297         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
298         if we haven't already emitted code that uses the Value and the Value has only one direct
299         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
300         Value: we won't emit any more code for it in the future.
301
302         The optimization to fuse Loads was forgetting to do all of these things, and so generated
303         code would have a lot of duplicated Loads. That's bad and this change fixes that.
304
305         Ordinarily, this is far less tricky because the pattern matcher does this for us via
306         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
307         won't need to do this manually very often.
308
309         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
310         debug.
311
312         * b3/B3IndexMap.h:
313         (JSC::B3::IndexMap::IndexMap):
314         (JSC::B3::IndexMap::resize):
315         (JSC::B3::IndexMap::operator[]):
316         * b3/B3LowerToAir.cpp:
317         (JSC::B3::Air::LowerToAir::tmp):
318         (JSC::B3::Air::LowerToAir::canBeInternal):
319         (JSC::B3::Air::LowerToAir::commitInternal):
320         (JSC::B3::Air::LowerToAir::effectiveAddr):
321         (JSC::B3::Air::LowerToAir::loadAddr):
322         (JSC::B3::Air::LowerToAir::appendBinOp):
323         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
324         (JSC::B3::Air::LowerToAir::acceptInternals):
325         * b3/B3UseCounts.cpp:
326         (JSC::B3::UseCounts::UseCounts):
327
328 2015-10-28  Mark Lam  <mark.lam@apple.com>
329
330         JITSubGenerator::generateFastPath() does not need to be inlined.
331         https://bugs.webkit.org/show_bug.cgi?id=150645
332
333         Reviewed by Geoffrey Garen.
334
335         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
336         perf neutral.
337
338         * CMakeLists.txt:
339         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
340         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
341         * JavaScriptCore.xcodeproj/project.pbxproj:
342         * ftl/FTLCompile.cpp:
343         * jit/JITSubGenerator.cpp: Added.
344         (JSC::JITSubGenerator::generateFastPath):
345         * jit/JITSubGenerator.h:
346         (JSC::JITSubGenerator::JITSubGenerator):
347         (JSC::JITSubGenerator::endJumpList):
348         (JSC::JITSubGenerator::slowPathJumpList):
349         (JSC::JITSubGenerator::generateFastPath): Deleted.
350
351 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
352
353         [B3] handleCommutativity should canonicalize commutative operations over non-constants
354         https://bugs.webkit.org/show_bug.cgi?id=150649
355
356         Reviewed by Saam Barati.
357
358         Turn this: Add(value1, value2)
359         Into this: Add(value2, value1)
360
361         But ony if value2 should come before value1 according to our total ordering. This will allow
362         CSE to observe the equality between commuted versions of the same operation, since we will
363         first canonicalize them into the same order.
364
365         * b3/B3ReduceStrength.cpp:
366
367 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
368
369         Unreviewed, fix the build for case sensitive file systems.
370
371         * b3/air/AirBasicBlock.h:
372         * b3/air/AirStackSlot.h:
373
374 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
375
376         Create a super rough prototype of B3
377         https://bugs.webkit.org/show_bug.cgi?id=150280
378
379         Reviewed by Benjamin Poulain.
380
381         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
382         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
383         for aggressive C-level optimizations and an awesome portable backend. The backend, called
384         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
385         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
386         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
387         instruction selection, reflectively selects Air opcodes by querying which instruction forms
388         are possible. Air allows for optimal register allocation and stack layout. Currently the
389         register allocator isn't written, but the stack layout is.
390
391         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
392         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
393         stuff added to the instruction selector. But it's a neat start.
394
395         * CMakeLists.txt:
396         * DerivedSources.make:
397         * JavaScriptCore.xcodeproj/project.pbxproj:
398         * assembler/MacroAssembler.cpp:
399         (WTF::printInternal):
400         * assembler/MacroAssembler.h:
401         * b3: Added.
402         * b3/B3AddressMatcher.patterns: Added.
403         * b3/B3ArgumentRegValue.cpp: Added.
404         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
405         (JSC::B3::ArgumentRegValue::dumpMeta):
406         * b3/B3ArgumentRegValue.h: Added.
407         * b3/B3BasicBlock.cpp: Added.
408         (JSC::B3::BasicBlock::BasicBlock):
409         (JSC::B3::BasicBlock::~BasicBlock):
410         (JSC::B3::BasicBlock::append):
411         (JSC::B3::BasicBlock::addPredecessor):
412         (JSC::B3::BasicBlock::removePredecessor):
413         (JSC::B3::BasicBlock::replacePredecessor):
414         (JSC::B3::BasicBlock::removeNops):
415         (JSC::B3::BasicBlock::dump):
416         (JSC::B3::BasicBlock::deepDump):
417         * b3/B3BasicBlock.h: Added.
418         (JSC::B3::BasicBlock::index):
419         (JSC::B3::BasicBlock::begin):
420         (JSC::B3::BasicBlock::end):
421         (JSC::B3::BasicBlock::size):
422         (JSC::B3::BasicBlock::at):
423         (JSC::B3::BasicBlock::last):
424         (JSC::B3::BasicBlock::values):
425         (JSC::B3::BasicBlock::numPredecessors):
426         (JSC::B3::BasicBlock::predecessor):
427         (JSC::B3::BasicBlock::predecessors):
428         (JSC::B3::BasicBlock::frequency):
429         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
430         (JSC::B3::DeepBasicBlockDump::dump):
431         (JSC::B3::deepDump):
432         * b3/B3BasicBlockInlines.h: Added.
433         (JSC::B3::BasicBlock::appendNew):
434         (JSC::B3::BasicBlock::numSuccessors):
435         (JSC::B3::BasicBlock::successor):
436         (JSC::B3::BasicBlock::successors):
437         (JSC::B3::BasicBlock::successorBlock):
438         (JSC::B3::BasicBlock::successorBlocks):
439         * b3/B3BasicBlockUtils.h: Added.
440         (JSC::B3::addPredecessor):
441         (JSC::B3::removePredecessor):
442         (JSC::B3::replacePredecessor):
443         (JSC::B3::resetReachability):
444         (JSC::B3::blocksInPreOrder):
445         (JSC::B3::blocksInPostOrder):
446         * b3/B3BlockWorklist.h: Added.
447         * b3/B3CheckSpecial.cpp: Added.
448         (JSC::B3::Air::numB3Args):
449         (JSC::B3::CheckSpecial::CheckSpecial):
450         (JSC::B3::CheckSpecial::~CheckSpecial):
451         (JSC::B3::CheckSpecial::hiddenBranch):
452         (JSC::B3::CheckSpecial::forEachArg):
453         (JSC::B3::CheckSpecial::isValid):
454         (JSC::B3::CheckSpecial::admitsStack):
455         (JSC::B3::CheckSpecial::generate):
456         (JSC::B3::CheckSpecial::dumpImpl):
457         (JSC::B3::CheckSpecial::deepDumpImpl):
458         * b3/B3CheckSpecial.h: Added.
459         * b3/B3CheckValue.cpp: Added.
460         (JSC::B3::CheckValue::~CheckValue):
461         (JSC::B3::CheckValue::dumpMeta):
462         * b3/B3CheckValue.h: Added.
463         * b3/B3Common.cpp: Added.
464         (JSC::B3::shouldDumpIR):
465         (JSC::B3::shouldDumpIRAtEachPhase):
466         (JSC::B3::shouldValidateIR):
467         (JSC::B3::shouldValidateIRAtEachPhase):
468         (JSC::B3::shouldSaveIRBeforePhase):
469         * b3/B3Common.h: Added.
470         (JSC::B3::is64Bit):
471         (JSC::B3::is32Bit):
472         * b3/B3Commutativity.cpp: Added.
473         (WTF::printInternal):
474         * b3/B3Commutativity.h: Added.
475         * b3/B3Const32Value.cpp: Added.
476         (JSC::B3::Const32Value::~Const32Value):
477         (JSC::B3::Const32Value::negConstant):
478         (JSC::B3::Const32Value::addConstant):
479         (JSC::B3::Const32Value::subConstant):
480         (JSC::B3::Const32Value::dumpMeta):
481         * b3/B3Const32Value.h: Added.
482         * b3/B3Const64Value.cpp: Added.
483         (JSC::B3::Const64Value::~Const64Value):
484         (JSC::B3::Const64Value::negConstant):
485         (JSC::B3::Const64Value::addConstant):
486         (JSC::B3::Const64Value::subConstant):
487         (JSC::B3::Const64Value::dumpMeta):
488         * b3/B3Const64Value.h: Added.
489         * b3/B3ConstDoubleValue.cpp: Added.
490         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
491         (JSC::B3::ConstDoubleValue::negConstant):
492         (JSC::B3::ConstDoubleValue::addConstant):
493         (JSC::B3::ConstDoubleValue::subConstant):
494         (JSC::B3::ConstDoubleValue::dumpMeta):
495         * b3/B3ConstDoubleValue.h: Added.
496         (JSC::B3::ConstDoubleValue::accepts):
497         (JSC::B3::ConstDoubleValue::value):
498         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
499         * b3/B3ConstPtrValue.h: Added.
500         (JSC::B3::ConstPtrValue::value):
501         (JSC::B3::ConstPtrValue::ConstPtrValue):
502         * b3/B3ControlValue.cpp: Added.
503         (JSC::B3::ControlValue::~ControlValue):
504         (JSC::B3::ControlValue::dumpMeta):
505         * b3/B3ControlValue.h: Added.
506         * b3/B3Effects.cpp: Added.
507         (JSC::B3::Effects::dump):
508         * b3/B3Effects.h: Added.
509         (JSC::B3::Effects::mustExecute):
510         * b3/B3FrequencyClass.cpp: Added.
511         (WTF::printInternal):
512         * b3/B3FrequencyClass.h: Added.
513         * b3/B3FrequentedBlock.h: Added.
514         * b3/B3Generate.cpp: Added.
515         (JSC::B3::generate):
516         (JSC::B3::generateToAir):
517         * b3/B3Generate.h: Added.
518         * b3/B3GenericFrequentedBlock.h: Added.
519         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
520         (JSC::B3::GenericFrequentedBlock::operator==):
521         (JSC::B3::GenericFrequentedBlock::operator!=):
522         (JSC::B3::GenericFrequentedBlock::operator bool):
523         (JSC::B3::GenericFrequentedBlock::block):
524         (JSC::B3::GenericFrequentedBlock::frequency):
525         (JSC::B3::GenericFrequentedBlock::dump):
526         * b3/B3HeapRange.cpp: Added.
527         (JSC::B3::HeapRange::dump):
528         * b3/B3HeapRange.h: Added.
529         (JSC::B3::HeapRange::HeapRange):
530         (JSC::B3::HeapRange::top):
531         (JSC::B3::HeapRange::operator==):
532         (JSC::B3::HeapRange::operator!=):
533         (JSC::B3::HeapRange::operator bool):
534         (JSC::B3::HeapRange::begin):
535         (JSC::B3::HeapRange::end):
536         (JSC::B3::HeapRange::overlaps):
537         * b3/B3IndexMap.h: Added.
538         (JSC::B3::IndexMap::IndexMap):
539         (JSC::B3::IndexMap::resize):
540         (JSC::B3::IndexMap::operator[]):
541         * b3/B3IndexSet.h: Added.
542         (JSC::B3::IndexSet::IndexSet):
543         (JSC::B3::IndexSet::add):
544         (JSC::B3::IndexSet::contains):
545         (JSC::B3::IndexSet::Iterable::Iterable):
546         (JSC::B3::IndexSet::Iterable::iterator::iterator):
547         (JSC::B3::IndexSet::Iterable::iterator::operator*):
548         (JSC::B3::IndexSet::Iterable::iterator::operator++):
549         (JSC::B3::IndexSet::Iterable::iterator::operator==):
550         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
551         (JSC::B3::IndexSet::Iterable::begin):
552         (JSC::B3::IndexSet::Iterable::end):
553         (JSC::B3::IndexSet::values):
554         (JSC::B3::IndexSet::indices):
555         (JSC::B3::IndexSet::dump):
556         * b3/B3InsertionSet.cpp: Added.
557         (JSC::B3::InsertionSet::execute):
558         * b3/B3InsertionSet.h: Added.
559         (JSC::B3::InsertionSet::InsertionSet):
560         (JSC::B3::InsertionSet::code):
561         (JSC::B3::InsertionSet::appendInsertion):
562         (JSC::B3::InsertionSet::insertValue):
563         * b3/B3InsertionSetInlines.h: Added.
564         (JSC::B3::InsertionSet::insert):
565         * b3/B3LowerToAir.cpp: Added.
566         (JSC::B3::Air::LowerToAir::LowerToAir):
567         (JSC::B3::Air::LowerToAir::run):
568         (JSC::B3::Air::LowerToAir::tmp):
569         (JSC::B3::Air::LowerToAir::effectiveAddr):
570         (JSC::B3::Air::LowerToAir::addr):
571         (JSC::B3::Air::LowerToAir::loadAddr):
572         (JSC::B3::Air::LowerToAir::imm):
573         (JSC::B3::Air::LowerToAir::immOrTmp):
574         (JSC::B3::Air::LowerToAir::appendBinOp):
575         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
576         (JSC::B3::Air::LowerToAir::moveForType):
577         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
578         (JSC::B3::Air::LowerToAir::append):
579         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
580         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
581         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
582         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
583         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
584         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
585         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
586         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
587         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
588         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
589         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
590         (JSC::B3::Air::LowerToAir::acceptRoot):
591         (JSC::B3::Air::LowerToAir::acceptRootLate):
592         (JSC::B3::Air::LowerToAir::acceptInternals):
593         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
594         (JSC::B3::Air::LowerToAir::acceptOperands):
595         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
596         (JSC::B3::Air::LowerToAir::tryLoad):
597         (JSC::B3::Air::LowerToAir::tryAdd):
598         (JSC::B3::Air::LowerToAir::tryAnd):
599         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
600         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
601         (JSC::B3::Air::LowerToAir::tryStore):
602         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
603         (JSC::B3::Air::LowerToAir::tryTrunc):
604         (JSC::B3::Air::LowerToAir::tryArgumentReg):
605         (JSC::B3::Air::LowerToAir::tryConst32):
606         (JSC::B3::Air::LowerToAir::tryConst64):
607         (JSC::B3::Air::LowerToAir::tryIdentity):
608         (JSC::B3::Air::LowerToAir::tryReturn):
609         (JSC::B3::lowerToAir):
610         * b3/B3LowerToAir.h: Added.
611         * b3/B3LoweringMatcher.patterns: Added.
612         * b3/B3MemoryValue.cpp: Added.
613         (JSC::B3::MemoryValue::~MemoryValue):
614         (JSC::B3::MemoryValue::dumpMeta):
615         * b3/B3MemoryValue.h: Added.
616         * b3/B3Opcode.cpp: Added.
617         (WTF::printInternal):
618         * b3/B3Opcode.h: Added.
619         (JSC::B3::isCheckMath):
620         * b3/B3Origin.cpp: Added.
621         (JSC::B3::Origin::dump):
622         * b3/B3Origin.h: Added.
623         (JSC::B3::Origin::Origin):
624         (JSC::B3::Origin::operator bool):
625         (JSC::B3::Origin::data):
626         * b3/B3PatchpointSpecial.cpp: Added.
627         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
628         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
629         (JSC::B3::PatchpointSpecial::forEachArg):
630         (JSC::B3::PatchpointSpecial::isValid):
631         (JSC::B3::PatchpointSpecial::admitsStack):
632         (JSC::B3::PatchpointSpecial::generate):
633         (JSC::B3::PatchpointSpecial::dumpImpl):
634         (JSC::B3::PatchpointSpecial::deepDumpImpl):
635         * b3/B3PatchpointSpecial.h: Added.
636         * b3/B3PatchpointValue.cpp: Added.
637         (JSC::B3::PatchpointValue::~PatchpointValue):
638         (JSC::B3::PatchpointValue::dumpMeta):
639         * b3/B3PatchpointValue.h: Added.
640         (JSC::B3::PatchpointValue::accepts):
641         (JSC::B3::PatchpointValue::PatchpointValue):
642         * b3/B3PhaseScope.cpp: Added.
643         (JSC::B3::PhaseScope::PhaseScope):
644         (JSC::B3::PhaseScope::~PhaseScope):
645         * b3/B3PhaseScope.h: Added.
646         * b3/B3Procedure.cpp: Added.
647         (JSC::B3::Procedure::Procedure):
648         (JSC::B3::Procedure::~Procedure):
649         (JSC::B3::Procedure::addBlock):
650         (JSC::B3::Procedure::resetReachability):
651         (JSC::B3::Procedure::dump):
652         (JSC::B3::Procedure::blocksInPreOrder):
653         (JSC::B3::Procedure::blocksInPostOrder):
654         * b3/B3Procedure.h: Added.
655         (JSC::B3::Procedure::size):
656         (JSC::B3::Procedure::at):
657         (JSC::B3::Procedure::operator[]):
658         (JSC::B3::Procedure::iterator::iterator):
659         (JSC::B3::Procedure::iterator::operator*):
660         (JSC::B3::Procedure::iterator::operator++):
661         (JSC::B3::Procedure::iterator::operator==):
662         (JSC::B3::Procedure::iterator::operator!=):
663         (JSC::B3::Procedure::iterator::findNext):
664         (JSC::B3::Procedure::begin):
665         (JSC::B3::Procedure::end):
666         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
667         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
668         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
669         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
670         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
671         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
672         (JSC::B3::Procedure::ValuesCollection::begin):
673         (JSC::B3::Procedure::ValuesCollection::end):
674         (JSC::B3::Procedure::ValuesCollection::size):
675         (JSC::B3::Procedure::ValuesCollection::at):
676         (JSC::B3::Procedure::ValuesCollection::operator[]):
677         (JSC::B3::Procedure::values):
678         (JSC::B3::Procedure::setLastPhaseName):
679         (JSC::B3::Procedure::lastPhaseName):
680         * b3/B3ProcedureInlines.h: Added.
681         (JSC::B3::Procedure::add):
682         * b3/B3ReduceStrength.cpp: Added.
683         (JSC::B3::reduceStrength):
684         * b3/B3ReduceStrength.h: Added.
685         * b3/B3StackSlotKind.cpp: Added.
686         (WTF::printInternal):
687         * b3/B3StackSlotKind.h: Added.
688         * b3/B3StackSlotValue.cpp: Added.
689         (JSC::B3::StackSlotValue::~StackSlotValue):
690         (JSC::B3::StackSlotValue::dumpMeta):
691         * b3/B3StackSlotValue.h: Added.
692         (JSC::B3::StackSlotValue::accepts):
693         (JSC::B3::StackSlotValue::byteSize):
694         (JSC::B3::StackSlotValue::kind):
695         (JSC::B3::StackSlotValue::offsetFromFP):
696         (JSC::B3::StackSlotValue::setOffsetFromFP):
697         (JSC::B3::StackSlotValue::StackSlotValue):
698         * b3/B3Stackmap.cpp: Added.
699         (JSC::B3::Stackmap::Stackmap):
700         (JSC::B3::Stackmap::~Stackmap):
701         (JSC::B3::Stackmap::dump):
702         * b3/B3Stackmap.h: Added.
703         (JSC::B3::Stackmap::constrain):
704         (JSC::B3::Stackmap::reps):
705         (JSC::B3::Stackmap::clobber):
706         (JSC::B3::Stackmap::clobbered):
707         (JSC::B3::Stackmap::setGenerator):
708         * b3/B3StackmapSpecial.cpp: Added.
709         (JSC::B3::StackmapSpecial::StackmapSpecial):
710         (JSC::B3::StackmapSpecial::~StackmapSpecial):
711         (JSC::B3::StackmapSpecial::reportUsedRegisters):
712         (JSC::B3::StackmapSpecial::extraClobberedRegs):
713         (JSC::B3::StackmapSpecial::forEachArgImpl):
714         (JSC::B3::StackmapSpecial::isValidImpl):
715         (JSC::B3::StackmapSpecial::admitsStackImpl):
716         (JSC::B3::StackmapSpecial::appendRepsImpl):
717         (JSC::B3::StackmapSpecial::repForArg):
718         * b3/B3StackmapSpecial.h: Added.
719         * b3/B3SuccessorCollection.h: Added.
720         (JSC::B3::SuccessorCollection::SuccessorCollection):
721         (JSC::B3::SuccessorCollection::size):
722         (JSC::B3::SuccessorCollection::at):
723         (JSC::B3::SuccessorCollection::operator[]):
724         (JSC::B3::SuccessorCollection::iterator::iterator):
725         (JSC::B3::SuccessorCollection::iterator::operator*):
726         (JSC::B3::SuccessorCollection::iterator::operator++):
727         (JSC::B3::SuccessorCollection::iterator::operator==):
728         (JSC::B3::SuccessorCollection::iterator::operator!=):
729         (JSC::B3::SuccessorCollection::begin):
730         (JSC::B3::SuccessorCollection::end):
731         * b3/B3SwitchCase.cpp: Added.
732         (JSC::B3::SwitchCase::dump):
733         * b3/B3SwitchCase.h: Added.
734         (JSC::B3::SwitchCase::SwitchCase):
735         (JSC::B3::SwitchCase::operator bool):
736         (JSC::B3::SwitchCase::caseValue):
737         (JSC::B3::SwitchCase::target):
738         (JSC::B3::SwitchCase::targetBlock):
739         * b3/B3SwitchValue.cpp: Added.
740         (JSC::B3::SwitchValue::~SwitchValue):
741         (JSC::B3::SwitchValue::removeCase):
742         (JSC::B3::SwitchValue::appendCase):
743         (JSC::B3::SwitchValue::dumpMeta):
744         (JSC::B3::SwitchValue::SwitchValue):
745         * b3/B3SwitchValue.h: Added.
746         (JSC::B3::SwitchValue::accepts):
747         (JSC::B3::SwitchValue::numCaseValues):
748         (JSC::B3::SwitchValue::caseValue):
749         (JSC::B3::SwitchValue::caseValues):
750         (JSC::B3::SwitchValue::fallThrough):
751         (JSC::B3::SwitchValue::size):
752         (JSC::B3::SwitchValue::at):
753         (JSC::B3::SwitchValue::operator[]):
754         (JSC::B3::SwitchValue::iterator::iterator):
755         (JSC::B3::SwitchValue::iterator::operator*):
756         (JSC::B3::SwitchValue::iterator::operator++):
757         (JSC::B3::SwitchValue::iterator::operator==):
758         (JSC::B3::SwitchValue::iterator::operator!=):
759         (JSC::B3::SwitchValue::begin):
760         (JSC::B3::SwitchValue::end):
761         * b3/B3Type.cpp: Added.
762         (WTF::printInternal):
763         * b3/B3Type.h: Added.
764         (JSC::B3::isInt):
765         (JSC::B3::isFloat):
766         (JSC::B3::pointerType):
767         * b3/B3UpsilonValue.cpp: Added.
768         (JSC::B3::UpsilonValue::~UpsilonValue):
769         (JSC::B3::UpsilonValue::dumpMeta):
770         * b3/B3UpsilonValue.h: Added.
771         (JSC::B3::UpsilonValue::accepts):
772         (JSC::B3::UpsilonValue::phi):
773         (JSC::B3::UpsilonValue::UpsilonValue):
774         * b3/B3UseCounts.cpp: Added.
775         (JSC::B3::UseCounts::UseCounts):
776         (JSC::B3::UseCounts::~UseCounts):
777         * b3/B3UseCounts.h: Added.
778         (JSC::B3::UseCounts::operator[]):
779         * b3/B3Validate.cpp: Added.
780         (JSC::B3::validate):
781         * b3/B3Validate.h: Added.
782         * b3/B3Value.cpp: Added.
783         (JSC::B3::Value::~Value):
784         (JSC::B3::Value::replaceWithIdentity):
785         (JSC::B3::Value::replaceWithNop):
786         (JSC::B3::Value::dump):
787         (JSC::B3::Value::deepDump):
788         (JSC::B3::Value::negConstant):
789         (JSC::B3::Value::addConstant):
790         (JSC::B3::Value::subConstant):
791         (JSC::B3::Value::effects):
792         (JSC::B3::Value::performSubstitution):
793         (JSC::B3::Value::dumpMeta):
794         (JSC::B3::Value::typeFor):
795         * b3/B3Value.h: Added.
796         (JSC::B3::DeepValueDump::DeepValueDump):
797         (JSC::B3::DeepValueDump::dump):
798         (JSC::B3::deepDump):
799         * b3/B3ValueInlines.h: Added.
800         (JSC::B3::Value::as):
801         (JSC::B3::Value::isConstant):
802         (JSC::B3::Value::hasInt32):
803         (JSC::B3::Value::asInt32):
804         (JSC::B3::Value::hasInt64):
805         (JSC::B3::Value::asInt64):
806         (JSC::B3::Value::hasInt):
807         (JSC::B3::Value::asInt):
808         (JSC::B3::Value::isInt):
809         (JSC::B3::Value::hasIntPtr):
810         (JSC::B3::Value::asIntPtr):
811         (JSC::B3::Value::hasDouble):
812         (JSC::B3::Value::asDouble):
813         (JSC::B3::Value::stackmap):
814         * b3/B3ValueRep.cpp: Added.
815         (JSC::B3::ValueRep::dump):
816         (WTF::printInternal):
817         * b3/B3ValueRep.h: Added.
818         (JSC::B3::ValueRep::ValueRep):
819         (JSC::B3::ValueRep::reg):
820         (JSC::B3::ValueRep::stack):
821         (JSC::B3::ValueRep::stackArgument):
822         (JSC::B3::ValueRep::constant):
823         (JSC::B3::ValueRep::constantDouble):
824         (JSC::B3::ValueRep::kind):
825         (JSC::B3::ValueRep::operator bool):
826         (JSC::B3::ValueRep::offsetFromFP):
827         (JSC::B3::ValueRep::offsetFromSP):
828         (JSC::B3::ValueRep::value):
829         (JSC::B3::ValueRep::doubleValue):
830         * b3/air: Added.
831         * b3/air/AirAllocateStack.cpp: Added.
832         (JSC::B3::Air::allocateStack):
833         * b3/air/AirAllocateStack.h: Added.
834         * b3/air/AirArg.cpp: Added.
835         (JSC::B3::Air::Arg::dump):
836         * b3/air/AirArg.h: Added.
837         (JSC::B3::Air::Arg::isUse):
838         (JSC::B3::Air::Arg::isDef):
839         (JSC::B3::Air::Arg::typeForB3Type):
840         (JSC::B3::Air::Arg::Arg):
841         (JSC::B3::Air::Arg::imm):
842         (JSC::B3::Air::Arg::imm64):
843         (JSC::B3::Air::Arg::addr):
844         (JSC::B3::Air::Arg::stack):
845         (JSC::B3::Air::Arg::callArg):
846         (JSC::B3::Air::Arg::isValidScale):
847         (JSC::B3::Air::Arg::logScale):
848         (JSC::B3::Air::Arg::index):
849         (JSC::B3::Air::Arg::relCond):
850         (JSC::B3::Air::Arg::resCond):
851         (JSC::B3::Air::Arg::special):
852         (JSC::B3::Air::Arg::operator==):
853         (JSC::B3::Air::Arg::operator!=):
854         (JSC::B3::Air::Arg::operator bool):
855         (JSC::B3::Air::Arg::kind):
856         (JSC::B3::Air::Arg::isTmp):
857         (JSC::B3::Air::Arg::isImm):
858         (JSC::B3::Air::Arg::isImm64):
859         (JSC::B3::Air::Arg::isAddr):
860         (JSC::B3::Air::Arg::isStack):
861         (JSC::B3::Air::Arg::isCallArg):
862         (JSC::B3::Air::Arg::isIndex):
863         (JSC::B3::Air::Arg::isRelCond):
864         (JSC::B3::Air::Arg::isResCond):
865         (JSC::B3::Air::Arg::isSpecial):
866         (JSC::B3::Air::Arg::isAlive):
867         (JSC::B3::Air::Arg::tmp):
868         (JSC::B3::Air::Arg::value):
869         (JSC::B3::Air::Arg::pointerValue):
870         (JSC::B3::Air::Arg::base):
871         (JSC::B3::Air::Arg::hasOffset):
872         (JSC::B3::Air::Arg::offset):
873         (JSC::B3::Air::Arg::stackSlot):
874         (JSC::B3::Air::Arg::scale):
875         (JSC::B3::Air::Arg::isGPTmp):
876         (JSC::B3::Air::Arg::isFPTmp):
877         (JSC::B3::Air::Arg::isGP):
878         (JSC::B3::Air::Arg::isFP):
879         (JSC::B3::Air::Arg::hasType):
880         (JSC::B3::Air::Arg::type):
881         (JSC::B3::Air::Arg::isType):
882         (JSC::B3::Air::Arg::isGPR):
883         (JSC::B3::Air::Arg::gpr):
884         (JSC::B3::Air::Arg::isFPR):
885         (JSC::B3::Air::Arg::fpr):
886         (JSC::B3::Air::Arg::isReg):
887         (JSC::B3::Air::Arg::reg):
888         (JSC::B3::Air::Arg::gpTmpIndex):
889         (JSC::B3::Air::Arg::fpTmpIndex):
890         (JSC::B3::Air::Arg::tmpIndex):
891         (JSC::B3::Air::Arg::withOffset):
892         (JSC::B3::Air::Arg::forEachTmpFast):
893         (JSC::B3::Air::Arg::forEachTmp):
894         (JSC::B3::Air::Arg::asTrustedImm32):
895         (JSC::B3::Air::Arg::asTrustedImm64):
896         (JSC::B3::Air::Arg::asTrustedImmPtr):
897         (JSC::B3::Air::Arg::asAddress):
898         (JSC::B3::Air::Arg::asBaseIndex):
899         (JSC::B3::Air::Arg::asRelationalCondition):
900         (JSC::B3::Air::Arg::asResultCondition):
901         (JSC::B3::Air::Arg::isHashTableDeletedValue):
902         (JSC::B3::Air::Arg::hash):
903         (JSC::B3::Air::ArgHash::hash):
904         (JSC::B3::Air::ArgHash::equal):
905         * b3/air/AirBasicBlock.cpp: Added.
906         (JSC::B3::Air::BasicBlock::addPredecessor):
907         (JSC::B3::Air::BasicBlock::removePredecessor):
908         (JSC::B3::Air::BasicBlock::replacePredecessor):
909         (JSC::B3::Air::BasicBlock::dump):
910         (JSC::B3::Air::BasicBlock::deepDump):
911         (JSC::B3::Air::BasicBlock::BasicBlock):
912         * b3/air/AirBasicBlock.h: Added.
913         (JSC::B3::Air::BasicBlock::index):
914         (JSC::B3::Air::BasicBlock::size):
915         (JSC::B3::Air::BasicBlock::begin):
916         (JSC::B3::Air::BasicBlock::end):
917         (JSC::B3::Air::BasicBlock::at):
918         (JSC::B3::Air::BasicBlock::last):
919         (JSC::B3::Air::BasicBlock::appendInst):
920         (JSC::B3::Air::BasicBlock::append):
921         (JSC::B3::Air::BasicBlock::numSuccessors):
922         (JSC::B3::Air::BasicBlock::successor):
923         (JSC::B3::Air::BasicBlock::successors):
924         (JSC::B3::Air::BasicBlock::successorBlock):
925         (JSC::B3::Air::BasicBlock::successorBlocks):
926         (JSC::B3::Air::BasicBlock::numPredecessors):
927         (JSC::B3::Air::BasicBlock::predecessor):
928         (JSC::B3::Air::BasicBlock::predecessors):
929         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
930         (JSC::B3::Air::DeepBasicBlockDump::dump):
931         (JSC::B3::Air::deepDump):
932         * b3/air/AirCCallSpecial.cpp: Added.
933         (JSC::B3::Air::CCallSpecial::CCallSpecial):
934         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
935         (JSC::B3::Air::CCallSpecial::forEachArg):
936         (JSC::B3::Air::CCallSpecial::isValid):
937         (JSC::B3::Air::CCallSpecial::admitsStack):
938         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
939         (JSC::B3::Air::CCallSpecial::generate):
940         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
941         (JSC::B3::Air::CCallSpecial::dumpImpl):
942         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
943         * b3/air/AirCCallSpecial.h: Added.
944         * b3/air/AirCode.cpp: Added.
945         (JSC::B3::Air::Code::Code):
946         (JSC::B3::Air::Code::~Code):
947         (JSC::B3::Air::Code::addBlock):
948         (JSC::B3::Air::Code::addStackSlot):
949         (JSC::B3::Air::Code::addSpecial):
950         (JSC::B3::Air::Code::cCallSpecial):
951         (JSC::B3::Air::Code::resetReachability):
952         (JSC::B3::Air::Code::dump):
953         (JSC::B3::Air::Code::findFirstBlockIndex):
954         (JSC::B3::Air::Code::findNextBlockIndex):
955         (JSC::B3::Air::Code::findNextBlock):
956         * b3/air/AirCode.h: Added.
957         (JSC::B3::Air::Code::newTmp):
958         (JSC::B3::Air::Code::numTmps):
959         (JSC::B3::Air::Code::callArgAreaSize):
960         (JSC::B3::Air::Code::requestCallArgAreaSize):
961         (JSC::B3::Air::Code::frameSize):
962         (JSC::B3::Air::Code::setFrameSize):
963         (JSC::B3::Air::Code::calleeSaveRegisters):
964         (JSC::B3::Air::Code::size):
965         (JSC::B3::Air::Code::at):
966         (JSC::B3::Air::Code::operator[]):
967         (JSC::B3::Air::Code::iterator::iterator):
968         (JSC::B3::Air::Code::iterator::operator*):
969         (JSC::B3::Air::Code::iterator::operator++):
970         (JSC::B3::Air::Code::iterator::operator==):
971         (JSC::B3::Air::Code::iterator::operator!=):
972         (JSC::B3::Air::Code::begin):
973         (JSC::B3::Air::Code::end):
974         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
975         (JSC::B3::Air::Code::StackSlotsCollection::size):
976         (JSC::B3::Air::Code::StackSlotsCollection::at):
977         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
978         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
979         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
980         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
981         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
982         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
983         (JSC::B3::Air::Code::StackSlotsCollection::begin):
984         (JSC::B3::Air::Code::StackSlotsCollection::end):
985         (JSC::B3::Air::Code::stackSlots):
986         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
987         (JSC::B3::Air::Code::SpecialsCollection::size):
988         (JSC::B3::Air::Code::SpecialsCollection::at):
989         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
990         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
991         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
992         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
993         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
994         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
995         (JSC::B3::Air::Code::SpecialsCollection::begin):
996         (JSC::B3::Air::Code::SpecialsCollection::end):
997         (JSC::B3::Air::Code::specials):
998         (JSC::B3::Air::Code::setLastPhaseName):
999         (JSC::B3::Air::Code::lastPhaseName):
1000         * b3/air/AirFrequentedBlock.h: Added.
1001         * b3/air/AirGenerate.cpp: Added.
1002         (JSC::B3::Air::generate):
1003         * b3/air/AirGenerate.h: Added.
1004         * b3/air/AirGenerated.cpp: Added.
1005         * b3/air/AirGenerationContext.h: Added.
1006         * b3/air/AirHandleCalleeSaves.cpp: Added.
1007         (JSC::B3::Air::handleCalleeSaves):
1008         * b3/air/AirHandleCalleeSaves.h: Added.
1009         * b3/air/AirInsertionSet.cpp: Added.
1010         (JSC::B3::Air::InsertionSet::execute):
1011         * b3/air/AirInsertionSet.h: Added.
1012         (JSC::B3::Air::InsertionSet::InsertionSet):
1013         (JSC::B3::Air::InsertionSet::code):
1014         (JSC::B3::Air::InsertionSet::appendInsertion):
1015         (JSC::B3::Air::InsertionSet::insertInst):
1016         (JSC::B3::Air::InsertionSet::insert):
1017         * b3/air/AirInst.cpp: Added.
1018         (JSC::B3::Air::Inst::dump):
1019         * b3/air/AirInst.h: Added.
1020         (JSC::B3::Air::Inst::Inst):
1021         (JSC::B3::Air::Inst::opcode):
1022         (JSC::B3::Air::Inst::forEachTmpFast):
1023         (JSC::B3::Air::Inst::forEachTmp):
1024         * b3/air/AirInstInlines.h: Added.
1025         (JSC::B3::Air::ForEach<Tmp>::forEach):
1026         (JSC::B3::Air::ForEach<Arg>::forEach):
1027         (JSC::B3::Air::Inst::forEach):
1028         (JSC::B3::Air::Inst::hasSpecial):
1029         (JSC::B3::Air::Inst::extraClobberedRegs):
1030         (JSC::B3::Air::Inst::reportUsedRegisters):
1031         (JSC::B3::Air::isShiftValid):
1032         (JSC::B3::Air::isLshift32Valid):
1033         * b3/air/AirLiveness.h: Added.
1034         (JSC::B3::Air::Liveness::Liveness):
1035         (JSC::B3::Air::Liveness::liveAtHead):
1036         (JSC::B3::Air::Liveness::liveAtTail):
1037         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
1038         (JSC::B3::Air::Liveness::LocalCalc::live):
1039         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
1040         (JSC::B3::Air::Liveness::LocalCalc::execute):
1041         * b3/air/AirOpcode.opcodes: Added.
1042         * b3/air/AirPhaseScope.cpp: Added.
1043         (JSC::B3::Air::PhaseScope::PhaseScope):
1044         (JSC::B3::Air::PhaseScope::~PhaseScope):
1045         * b3/air/AirPhaseScope.h: Added.
1046         * b3/air/AirRegisterPriority.cpp: Added.
1047         (JSC::B3::Air::gprsInPriorityOrder):
1048         (JSC::B3::Air::fprsInPriorityOrder):
1049         (JSC::B3::Air::regsInPriorityOrder):
1050         * b3/air/AirRegisterPriority.h: Added.
1051         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
1052         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
1053         (JSC::B3::Air::regsInPriorityOrder):
1054         * b3/air/AirSpecial.cpp: Added.
1055         (JSC::B3::Air::Special::Special):
1056         (JSC::B3::Air::Special::~Special):
1057         (JSC::B3::Air::Special::name):
1058         (JSC::B3::Air::Special::dump):
1059         (JSC::B3::Air::Special::deepDump):
1060         * b3/air/AirSpecial.h: Added.
1061         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
1062         (JSC::B3::Air::DeepSpecialDump::dump):
1063         (JSC::B3::Air::deepDump):
1064         * b3/air/AirSpillEverything.cpp: Added.
1065         (JSC::B3::Air::spillEverything):
1066         * b3/air/AirSpillEverything.h: Added.
1067         * b3/air/AirStackSlot.cpp: Added.
1068         (JSC::B3::Air::StackSlot::setOffsetFromFP):
1069         (JSC::B3::Air::StackSlot::dump):
1070         (JSC::B3::Air::StackSlot::deepDump):
1071         (JSC::B3::Air::StackSlot::StackSlot):
1072         * b3/air/AirStackSlot.h: Added.
1073         (JSC::B3::Air::StackSlot::byteSize):
1074         (JSC::B3::Air::StackSlot::kind):
1075         (JSC::B3::Air::StackSlot::index):
1076         (JSC::B3::Air::StackSlot::alignment):
1077         (JSC::B3::Air::StackSlot::value):
1078         (JSC::B3::Air::StackSlot::offsetFromFP):
1079         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
1080         (JSC::B3::Air::DeepStackSlotDump::dump):
1081         (JSC::B3::Air::deepDump):
1082         * b3/air/AirTmp.cpp: Added.
1083         (JSC::B3::Air::Tmp::dump):
1084         * b3/air/AirTmp.h: Added.
1085         (JSC::B3::Air::Tmp::Tmp):
1086         (JSC::B3::Air::Tmp::gpTmpForIndex):
1087         (JSC::B3::Air::Tmp::fpTmpForIndex):
1088         (JSC::B3::Air::Tmp::operator bool):
1089         (JSC::B3::Air::Tmp::isGP):
1090         (JSC::B3::Air::Tmp::isFP):
1091         (JSC::B3::Air::Tmp::isGPR):
1092         (JSC::B3::Air::Tmp::isFPR):
1093         (JSC::B3::Air::Tmp::isReg):
1094         (JSC::B3::Air::Tmp::gpr):
1095         (JSC::B3::Air::Tmp::fpr):
1096         (JSC::B3::Air::Tmp::reg):
1097         (JSC::B3::Air::Tmp::hasTmpIndex):
1098         (JSC::B3::Air::Tmp::gpTmpIndex):
1099         (JSC::B3::Air::Tmp::fpTmpIndex):
1100         (JSC::B3::Air::Tmp::tmpIndex):
1101         (JSC::B3::Air::Tmp::isAlive):
1102         (JSC::B3::Air::Tmp::operator==):
1103         (JSC::B3::Air::Tmp::operator!=):
1104         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
1105         (JSC::B3::Air::Tmp::hash):
1106         (JSC::B3::Air::Tmp::encodeGP):
1107         (JSC::B3::Air::Tmp::encodeFP):
1108         (JSC::B3::Air::Tmp::encodeGPR):
1109         (JSC::B3::Air::Tmp::encodeFPR):
1110         (JSC::B3::Air::Tmp::encodeGPTmp):
1111         (JSC::B3::Air::Tmp::encodeFPTmp):
1112         (JSC::B3::Air::Tmp::isEncodedGP):
1113         (JSC::B3::Air::Tmp::isEncodedFP):
1114         (JSC::B3::Air::Tmp::isEncodedGPR):
1115         (JSC::B3::Air::Tmp::isEncodedFPR):
1116         (JSC::B3::Air::Tmp::isEncodedGPTmp):
1117         (JSC::B3::Air::Tmp::isEncodedFPTmp):
1118         (JSC::B3::Air::Tmp::decodeGPR):
1119         (JSC::B3::Air::Tmp::decodeFPR):
1120         (JSC::B3::Air::Tmp::decodeGPTmp):
1121         (JSC::B3::Air::Tmp::decodeFPTmp):
1122         (JSC::B3::Air::TmpHash::hash):
1123         (JSC::B3::Air::TmpHash::equal):
1124         * b3/air/AirTmpInlines.h: Added.
1125         (JSC::B3::Air::Tmp::Tmp):
1126         * b3/air/AirValidate.cpp: Added.
1127         (JSC::B3::Air::validate):
1128         * b3/air/AirValidate.h: Added.
1129         * b3/air/opcode_generator.rb: Added.
1130         * b3/generate_pattern_matcher.rb: Added.
1131         * b3/testb3.cpp: Added.
1132         (JSC::B3::compileAndRun):
1133         (JSC::B3::test42):
1134         (JSC::B3::testLoad42):
1135         (JSC::B3::testArg):
1136         (JSC::B3::testAddArgs):
1137         (JSC::B3::testAddArgs32):
1138         (JSC::B3::testStore):
1139         (JSC::B3::testTrunc):
1140         (JSC::B3::testAdd1):
1141         (JSC::B3::testStoreAddLoad):
1142         (JSC::B3::testStoreAddAndLoad):
1143         (JSC::B3::testAdd1Uncommuted):
1144         (JSC::B3::testLoadOffset):
1145         (JSC::B3::testLoadOffsetNotConstant):
1146         (JSC::B3::testLoadOffsetUsingAdd):
1147         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1148         (JSC::B3::run):
1149         (run):
1150         (main):
1151         * bytecode/CodeBlock.h:
1152         (JSC::CodeBlock::specializationKind):
1153         * jit/Reg.h:
1154         (JSC::Reg::index):
1155         (JSC::Reg::isSet):
1156         (JSC::Reg::operator bool):
1157         (JSC::Reg::isHashTableDeletedValue):
1158         (JSC::Reg::AllRegsIterable::iterator::iterator):
1159         (JSC::Reg::AllRegsIterable::iterator::operator*):
1160         (JSC::Reg::AllRegsIterable::iterator::operator++):
1161         (JSC::Reg::AllRegsIterable::iterator::operator==):
1162         (JSC::Reg::AllRegsIterable::iterator::operator!=):
1163         (JSC::Reg::AllRegsIterable::begin):
1164         (JSC::Reg::AllRegsIterable::end):
1165         (JSC::Reg::all):
1166         (JSC::Reg::invalid):
1167         (JSC::Reg::operator!): Deleted.
1168         * jit/RegisterAtOffsetList.cpp:
1169         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
1170         * jit/RegisterAtOffsetList.h:
1171         (JSC::RegisterAtOffsetList::clear):
1172         (JSC::RegisterAtOffsetList::size):
1173         (JSC::RegisterAtOffsetList::begin):
1174         (JSC::RegisterAtOffsetList::end):
1175         * jit/RegisterSet.h:
1176         (JSC::RegisterSet::operator==):
1177         (JSC::RegisterSet::hash):
1178         (JSC::RegisterSet::forEach):
1179         (JSC::RegisterSet::setAny):
1180
1181 2015-10-28  Mark Lam  <mark.lam@apple.com>
1182
1183         Rename MacroAssembler::callProbe() to probe().
1184         https://bugs.webkit.org/show_bug.cgi?id=150641
1185
1186         Reviewed by Saam Barati.
1187
1188         To do this, I needed to disambiguate between the low-level probe() from the
1189         high-level version that takes a std::function.  I did this by changing the low-
1190         level version to not take default args anymore.
1191
1192         * assembler/AbstractMacroAssembler.h:
1193         * assembler/MacroAssembler.cpp:
1194         (JSC::stdFunctionCallback):
1195         (JSC::MacroAssembler::probe):
1196         (JSC::MacroAssembler::callProbe): Deleted.
1197         * assembler/MacroAssembler.h:
1198         (JSC::MacroAssembler::urshift32):
1199         * assembler/MacroAssemblerARM.h:
1200         (JSC::MacroAssemblerARM::repatchCall):
1201         * assembler/MacroAssemblerARM64.h:
1202         (JSC::MacroAssemblerARM64::repatchCall):
1203         * assembler/MacroAssemblerARMv7.h:
1204         (JSC::MacroAssemblerARMv7::repatchCall):
1205         * assembler/MacroAssemblerPrinter.h:
1206         (JSC::MacroAssemblerPrinter::print):
1207         * assembler/MacroAssemblerX86Common.h:
1208         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
1209
1210 2015-10-28  Timothy Hatcher  <timothy@apple.com>
1211
1212         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
1213         https://bugs.webkit.org/show_bug.cgi?id=148728
1214
1215         Reviewed by Joseph Pecoraro.
1216
1217         * Scripts/jsmin.py:
1218         (JavascriptMinify.minify): Make backtick a quoting character.
1219
1220 2015-10-28  Brian Burg  <bburg@apple.com>
1221
1222         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
1223         https://bugs.webkit.org/show_bug.cgi?id=150536
1224
1225         Reviewed by Yusuke Suzuki.
1226
1227         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
1228         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
1229
1230         Generate primary header includes separately from secondary header includes so we can
1231         put the guard between the two header groups, as is customary in WebKit C++ code.
1232
1233         New tests:
1234
1235         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
1236         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
1237         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
1238
1239         * Scripts/builtins/builtins_generate_combined_implementation.py:
1240         (BuiltinsCombinedImplementationGenerator.generate_output):
1241         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
1242         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
1243         * Scripts/builtins/builtins_generate_separate_header.py:
1244         (BuiltinsSeparateHeaderGenerator.generate_output):
1245         (generate_secondary_header_includes):
1246         (generate_header_includes): Deleted.
1247         * Scripts/builtins/builtins_generate_separate_implementation.py:
1248         (BuiltinsSeparateImplementationGenerator.generate_output):
1249         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
1250         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
1251         * Scripts/builtins/builtins_generate_separate_wrapper.py:
1252         (BuiltinsSeparateWrapperGenerator.generate_output):
1253         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
1254         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
1255         * Scripts/builtins/builtins_generator.py:
1256         (BuiltinsGenerator.generate_includes_from_entries):
1257         (BuiltinsGenerator):
1258         (BuiltinsGenerator.generate_primary_header_includes):
1259         * Scripts/builtins/builtins_model.py:
1260         (BuiltinObject.__init__):
1261         (BuiltinsCollection.parse_builtins_file):
1262         (BuiltinsCollection._parse_annotations):
1263         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
1264         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
1265         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
1266         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
1267         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
1268         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
1269         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
1270         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
1271         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
1272         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
1273         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
1274         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
1275         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
1276
1277 2015-10-28  Mark Lam  <mark.lam@apple.com>
1278
1279         Update FTL to support UntypedUse operands for op_sub.
1280         https://bugs.webkit.org/show_bug.cgi?id=150562
1281
1282         Reviewed by Geoffrey Garen.
1283
1284         * assembler/MacroAssemblerARM64.h:
1285         - make the dataTempRegister and memoryTempRegister public so that we can
1286           move input registers out of them if needed.
1287
1288         * ftl/FTLCapabilities.cpp:
1289         (JSC::FTL::canCompile):
1290         - We can now compile ArithSub.
1291
1292         * ftl/FTLCompile.cpp:
1293         - Added BinaryArithGenerationContext to shuffle registers into a state that is
1294           expected by the baseline snippet generator.  This includes:
1295           1. Making sure that the input and output registers are not in the tag or
1296              scratch registers.
1297           2. Loading the tag registers with expected values.
1298           3. Restoring the registers to their original value on return.
1299         - Added code to implement the ArithSub inline cache.
1300
1301         * ftl/FTLInlineCacheDescriptor.h:
1302         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
1303         (JSC::FTL::ArithSubDescriptor::leftType):
1304         (JSC::FTL::ArithSubDescriptor::rightType):
1305
1306         * ftl/FTLInlineCacheSize.cpp:
1307         (JSC::FTL::sizeOfArithSub):
1308         * ftl/FTLInlineCacheSize.h:
1309
1310         * ftl/FTLLowerDFGToLLVM.cpp:
1311         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
1312         - Added handling for UnusedType for the ArithSub case.
1313
1314         * ftl/FTLState.h:
1315         * jit/GPRInfo.h:
1316         (JSC::GPRInfo::reservedRegisters):
1317
1318         * jit/JITSubGenerator.h:
1319         (JSC::JITSubGenerator::generateFastPath):
1320         - When the result is in the same as one of the input registers, we'll end up
1321           corrupting the input in fast path even if we determine that we need to go to
1322           the slow path.  We now move the input into the scratch register and operate
1323           on that instead and only move the result into the result register only after
1324           the fast path has succeeded.
1325
1326         * tests/stress/op_sub.js:
1327         (o1.valueOf):
1328         (runTest):
1329         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
1330
1331 2015-10-28  Mark Lam  <mark.lam@apple.com>
1332
1333         Fix a typo in ProbeContext::fpr().
1334         https://bugs.webkit.org/show_bug.cgi?id=150629
1335
1336         Reviewed by Yusuke Suzuki.
1337
1338         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
1339
1340         * assembler/AbstractMacroAssembler.h:
1341         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
1342
1343 2015-10-28  Mark Lam  <mark.lam@apple.com>
1344
1345         Add ability to print the PC register from JIT'ed code.
1346         https://bugs.webkit.org/show_bug.cgi?id=150561
1347
1348         Reviewed by Geoffrey Garen.
1349
1350         * assembler/MacroAssemblerPrinter.cpp:
1351         (JSC::printPC):
1352         (JSC::MacroAssemblerPrinter::printCallback):
1353         * assembler/MacroAssemblerPrinter.h:
1354         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
1355
1356 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
1357
1358         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
1359         https://bugs.webkit.org/show_bug.cgi?id=150615
1360
1361         Reviewed by Timothy Hatcher.
1362
1363         * inspector/protocol/Timeline.json:
1364
1365 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
1366
1367         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
1368         https://bugs.webkit.org/show_bug.cgi?id=150605
1369
1370         Reviewed by Timothy Hatcher.
1371
1372         * inspector/protocol/Timeline.json:
1373
1374 2015-10-27  Michael Saboff  <msaboff@apple.com>
1375
1376         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
1377         https://bugs.webkit.org/show_bug.cgi?id=150580
1378
1379         Reviewed by Mark Lam.
1380
1381         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
1382         them in the shuffler.
1383
1384         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
1385         as we could be making space to spill a register so that we have a spare that we can use for the new
1386         frame's base pointer.
1387
1388         * ftl/FTLJSTailCall.cpp:
1389         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
1390         arguments stored in the stack.
1391         * ftl/FTLLowerDFGToLLVM.cpp:
1392         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
1393         * jit/CallFrameShuffler.cpp:
1394         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
1395
1396 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
1397
1398         [ES6] Add DFG/FTL support for accessor put operations
1399         https://bugs.webkit.org/show_bug.cgi?id=148860
1400
1401         Reviewed by Geoffrey Garen.
1402
1403         This patch introduces accessor defining ops into DFG and FTL.
1404         The following DFG nodes are introduced.
1405
1406             op_put_getter_by_id  => PutGetterById
1407             op_put_setter_by_id  => PutSetterById
1408             op_put_getter_setter => PutGetterSetterById
1409             op_put_getter_by_val => PutGetterByVal
1410             op_put_setter_by_val => PutSetterByVal
1411
1412         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
1413
1414         To use operations defined for baseline JIT, we clean up existing operations.
1415         And reuse these operations in DFG and FTL.
1416
1417         * dfg/DFGAbstractInterpreterInlines.h:
1418         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1419         * dfg/DFGByteCodeParser.cpp:
1420         (JSC::DFG::ByteCodeParser::parseBlock):
1421         * dfg/DFGCapabilities.cpp:
1422         (JSC::DFG::capabilityLevel):
1423         * dfg/DFGClobberize.h:
1424         (JSC::DFG::clobberize):
1425         * dfg/DFGDoesGC.cpp:
1426         (JSC::DFG::doesGC):
1427         * dfg/DFGFixupPhase.cpp:
1428         (JSC::DFG::FixupPhase::fixupNode):
1429         * dfg/DFGNode.h:
1430         (JSC::DFG::Node::hasIdentifier):
1431         (JSC::DFG::Node::hasAccessorAttributes):
1432         (JSC::DFG::Node::accessorAttributes):
1433         * dfg/DFGNodeType.h:
1434         * dfg/DFGPredictionPropagationPhase.cpp:
1435         (JSC::DFG::PredictionPropagationPhase::propagate):
1436         * dfg/DFGSafeToExecute.h:
1437         (JSC::DFG::safeToExecute):
1438         * dfg/DFGSpeculativeJIT.cpp:
1439         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
1440         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
1441         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
1442         We should fill all GPRs before calling flushRegisters().
1443         * dfg/DFGSpeculativeJIT.h:
1444         (JSC::DFG::SpeculativeJIT::callOperation):
1445         * dfg/DFGSpeculativeJIT32_64.cpp:
1446         (JSC::DFG::SpeculativeJIT::compile):
1447         * dfg/DFGSpeculativeJIT64.cpp:
1448         (JSC::DFG::SpeculativeJIT::compile):
1449         * ftl/FTLCapabilities.cpp:
1450         (JSC::FTL::canCompile):
1451         * ftl/FTLIntrinsicRepository.h:
1452         * ftl/FTLLowerDFGToLLVM.cpp:
1453         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1454         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
1455         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
1456         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
1457         * jit/JIT.h:
1458         * jit/JITInlines.h:
1459         (JSC::JIT::callOperation):
1460         * jit/JITOperations.cpp:
1461         * jit/JITOperations.h:
1462         * jit/JITPropertyAccess.cpp:
1463         (JSC::JIT::emit_op_put_getter_by_id):
1464         (JSC::JIT::emit_op_put_setter_by_id):
1465         (JSC::JIT::emit_op_put_getter_setter):
1466         * jit/JITPropertyAccess32_64.cpp:
1467         (JSC::JIT::emit_op_put_getter_by_id):
1468         (JSC::JIT::emit_op_put_setter_by_id):
1469         (JSC::JIT::emit_op_put_getter_setter):
1470         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
1471         (shouldBe):
1472         (testAttribute):
1473         (getter.Cocoa.prototype.get hello):
1474         (getter.Cocoa):
1475         (getter):
1476         (setter.Cocoa):
1477         (setter.Cocoa.prototype.set hello):
1478         (setter):
1479         (accessors.Cocoa):
1480         (accessors.Cocoa.prototype.get hello):
1481         (accessors.Cocoa.prototype.set hello):
1482         (accessors):
1483         * tests/stress/dfg-put-accessors-by-id.js: Added.
1484         (shouldBe):
1485         (testAttribute):
1486         (getter.object.get hello):
1487         (getter):
1488         (setter.object.set hello):
1489         (setter):
1490         (accessors.object.get hello):
1491         (accessors.object.set hello):
1492         (accessors):
1493         * tests/stress/dfg-put-getter-by-id-class.js: Added.
1494         (shouldBe):
1495         (testAttribute):
1496         (getter.Cocoa):
1497         (getter.Cocoa.prototype.get hello):
1498         (getter.Cocoa.prototype.get name):
1499         (getter):
1500         * tests/stress/dfg-put-getter-by-id.js: Added.
1501         (shouldBe):
1502         (testAttribute):
1503         (getter.object.get hello):
1504         (getter):
1505         * tests/stress/dfg-put-getter-by-val-class.js: Added.
1506         (shouldBe):
1507         (testAttribute):
1508         (getter.Cocoa):
1509         (getter.Cocoa.prototype.get name):
1510         (getter):
1511         * tests/stress/dfg-put-getter-by-val.js: Added.
1512         (shouldBe):
1513         (testAttribute):
1514         (getter.object.get name):
1515         (getter):
1516         * tests/stress/dfg-put-setter-by-id-class.js: Added.
1517         (shouldBe):
1518         (testAttribute):
1519         (getter.Cocoa):
1520         (getter.Cocoa.prototype.set hello):
1521         (getter.Cocoa.prototype.get name):
1522         (getter):
1523         * tests/stress/dfg-put-setter-by-id.js: Added.
1524         (shouldBe):
1525         (testAttribute):
1526         (setter.object.set hello):
1527         (setter):
1528         * tests/stress/dfg-put-setter-by-val-class.js: Added.
1529         (shouldBe):
1530         (testAttribute):
1531         (setter.Cocoa):
1532         (setter.Cocoa.prototype.set name):
1533         (setter):
1534         * tests/stress/dfg-put-setter-by-val.js: Added.
1535         (shouldBe):
1536         (testAttribute):
1537         (setter.object.set name):
1538         (setter):
1539
1540 2015-10-26  Mark Lam  <mark.lam@apple.com>
1541
1542         Add logging to warn about under-estimated FTL inline cache sizes.
1543         https://bugs.webkit.org/show_bug.cgi?id=150570
1544
1545         Reviewed by Geoffrey Garen.
1546
1547         Added 2 options:
1548         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
1549            estimates that are less than the actual needed code size.
1550
1551            This option is useful for when we add a new IC and want to compute an
1552            estimated size for the IC.  To do this:
1553            1. Build jsc for the target port with a very small IC size (enough to
1554               store the jump instruction needed for the out of line fallback
1555               implementation).
1556            2. Implement a test suite with scenarios that exercise all the code paths in
1557               the IC generator.
1558            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.
1559            4. The max value reported by the dumps will be the worst case size needed to
1560               store the IC.  We should use this value for our estimate.
1561            5. Update the IC's estimated size and rebuild jsc.
1562            6. Re-run (3) and confirm that there are no more error messages about the
1563               IC sizing.
1564
1565         2. JSC_assertICSizing - same as JSC_dumpFailedICSizing except that it also
1566            crashes the VM each time it encounters an inadequate IC size estimate.
1567
1568            This option is useful for regression testing to ensure that our estimates
1569            do not regress.
1570
1571         * ftl/FTLCompile.cpp:
1572         (JSC::FTL::generateInlineIfPossibleOutOfLineIfNot):
1573         * runtime/Options.h:
1574
1575 2015-10-26  Saam barati  <sbarati@apple.com>
1576
1577         r190735 Caused us to maybe trample the base's tag-GPR on 32-bit inline cache when the cache allocates a scratch register and then jumps to the slow path
1578         https://bugs.webkit.org/show_bug.cgi?id=150532
1579
1580         Reviewed by Geoffrey Garen.
1581
1582         The base's tag register used to show up in the used register set
1583         before r190735 because of how the DFG kept track of used register. I changed this 
1584         in my work on inline caching because we don't want to spill these registers
1585         when we have a GetByIdFlush/PutByIdFlush and we use the used register set
1586         as the metric of what to spill. That said, these registers should be locked
1587         and not used as scratch registers by the scratch register allocator. The
1588         reason is that our inline cache may fail and jump to the slow path. The slow
1589         path then uses the base's tag register. If the inline cache used the base's tag
1590         register as a scratch and the inline cache fails and jumps to the slow path, we
1591         have a problem because the tag may now be trampled.
1592
1593         Note that this doesn't mean that we can't trample the base's tag register when making
1594         a call. We can totally trample the register as long as the inline cache succeeds in a GetByIdFlush/PutByIdFlush.
1595         The problem is only when we trample it and then jump to the slow path.
1596
1597         This patch fixes this bug by making StructureStubInfo keep track of the base's
1598         tag GPR. PolymorphicAccess then locks this register when using the ScratchRegisterAllocator.
1599
1600         * bytecode/PolymorphicAccess.cpp:
1601         (JSC::AccessCase::generate):
1602         (JSC::PolymorphicAccess::regenerate):
1603         * bytecode/StructureStubInfo.h:
1604         * dfg/DFGSpeculativeJIT.cpp:
1605         (JSC::DFG::SpeculativeJIT::compileIn):
1606         * jit/JITInlineCacheGenerator.cpp:
1607         (JSC::JITByIdGenerator::JITByIdGenerator):
1608         * tests/stress/regress-150532.js: Added.
1609         (assert):
1610         (randomFunction):
1611         (foo):
1612         (i.switch):
1613
1614 2015-10-24  Brian Burg  <bburg@apple.com>
1615
1616         Teach create_hash_table to omit builtins macros when generating tables for native-only objects
1617         https://bugs.webkit.org/show_bug.cgi?id=150491
1618
1619         Reviewed by Yusuke Suzuki.
1620
1621         In order to support separate compilation for generated builtins files, we need to be able to
1622         include specific builtins headers from generated .lut.h files. However, the create_hash_table
1623         script isn't smart enough to figure out when a generated file might actually contain a builtin.
1624         Without further help, we'd have to include an all-in-one header, mostly defeating the point of
1625         generating separate .h and .cpp files for every builtin.
1626
1627         This patch segregates the pure native and partially builtin sources in the build system, and
1628         gives hints to create_hash_table so that it doesn't even generate checks for builtins if the
1629         input file has no builtin method implementations. Also do some modernization and code cleanup.
1630
1631         * CMakeLists.txt:
1632
1633         Generate each group with different flags to create_hash_table. Change the macro to take
1634         flags through the variable LUT_GENERATOR_FLAGS. Set this as necessary before calling macro.
1635         Add an additional hint to CMake that the .cpp source file depends on the generated file.
1636
1637         * DerivedSources.make:
1638
1639         Generate each group with different flags to create_hash_table. Clean up the 'all' target
1640         so that static dependencies are listed first. Use static patterns to decide which .lut.h
1641         files require which flags. Reduce fragile usages of implicit variables.
1642
1643         * JavaScriptCore.xcodeproj/project.pbxproj:
1644
1645         Add some missing .lut.h files to the Derived Sources group. Sort the project.
1646
1647         * create_hash_table:
1648
1649         Parse options in a sane way using GetOpt::Long. Remove ability to specify a custom namespace
1650         since this isn't actually used anywhere. Normalize placement of newlines in quoted strings.
1651         Only generate builtins macros and includes if the source file is known to have some builtins.
1652
1653 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
1654
1655         Web Inspector: Remove unused ScrollLayer Timeline EventType
1656         https://bugs.webkit.org/show_bug.cgi?id=150518
1657
1658         Reviewed by Timothy Hatcher.
1659
1660         * inspector/protocol/Timeline.json:
1661
1662 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
1663
1664         Web Inspector: Clean up InspectorInstrumentation includes
1665         https://bugs.webkit.org/show_bug.cgi?id=150523
1666
1667         Reviewed by Timothy Hatcher.
1668
1669         * inspector/agents/InspectorConsoleAgent.cpp:
1670         (Inspector::InspectorConsoleAgent::consoleMessageArgumentCounts): Deleted.
1671         * inspector/agents/InspectorConsoleAgent.h:
1672
1673 2015-10-23  Michael Saboff  <msaboff@apple.com>
1674
1675         REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584
1676         https://bugs.webkit.org/show_bug.cgi?id=150513
1677
1678         Reviewed by Saam Barati.
1679
1680         Add check in linkPolymorphicCall() to make sure we have a CodeBlock for the newly added variant.
1681         If not, we turn the call into a virtual call.
1682
1683         The bug was caused by a stack overflow when preparing the function for execution.  This properly
1684         threw an exception, however linkPolymorphicCall() didn't check for this error case.
1685
1686         Added a new test function "failNextNewCodeBlock()" to test tools to simplify the testing.
1687
1688         * API/JSCTestRunnerUtils.cpp:
1689         (JSC::failNextNewCodeBlock):
1690         (JSC::numberOfDFGCompiles):
1691         * API/JSCTestRunnerUtils.h:
1692         * jit/Repatch.cpp:
1693         (JSC::linkPolymorphicCall):
1694         * jsc.cpp:
1695         (GlobalObject::finishCreation):
1696         (functionTransferArrayBuffer):
1697         (functionFailNextNewCodeBlock):
1698         (functionQuit):
1699         * runtime/Executable.cpp:
1700         (JSC::ScriptExecutable::prepareForExecutionImpl):
1701         * runtime/TestRunnerUtils.cpp:
1702         (JSC::optimizeNextInvocation):
1703         (JSC::failNextNewCodeBlock):
1704         (JSC::numberOfDFGCompiles):
1705         * runtime/TestRunnerUtils.h:
1706         * runtime/VM.h:
1707         (JSC::VM::setFailNextNewCodeBlock):
1708         (JSC::VM::getAndClearFailNextNewCodeBlock):
1709         (JSC::VM::stackPointerAtVMEntry):
1710
1711 2015-10-23  Commit Queue  <commit-queue@webkit.org>
1712
1713         Unreviewed, rolling out r191500.
1714         https://bugs.webkit.org/show_bug.cgi?id=150526
1715
1716         Broke two JSC regression tests (Requested by msaboff on
1717         #webkit).
1718
1719         Reverted changeset:
1720
1721         "[ES6] Add DFG/FTL support for accessor put operations"
1722         https://bugs.webkit.org/show_bug.cgi?id=148860
1723         http://trac.webkit.org/changeset/191500
1724
1725 2015-10-23  Yusuke Suzuki  <utatane.tea@gmail.com>
1726
1727         [ES6] Add DFG/FTL support for accessor put operations
1728         https://bugs.webkit.org/show_bug.cgi?id=148860
1729
1730         Reviewed by Geoffrey Garen.
1731
1732         This patch introduces accessor defining ops into DFG and FTL.
1733         The following DFG nodes are introduced.
1734
1735             op_put_getter_by_id  => PutGetterById
1736             op_put_setter_by_id  => PutSetterById
1737             op_put_getter_setter => PutGetterSetterById
1738             op_put_getter_by_val => PutGetterByVal
1739             op_put_setter_by_val => PutSetterByVal
1740
1741         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
1742
1743         To use operations defined for baseline JIT, we clean up existing operations.
1744         And reuse these operations in DFG and FTL.
1745
1746         * dfg/DFGAbstractInterpreterInlines.h:
1747         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1748         * dfg/DFGByteCodeParser.cpp:
1749         (JSC::DFG::ByteCodeParser::parseBlock):
1750         * dfg/DFGCapabilities.cpp:
1751         (JSC::DFG::capabilityLevel):
1752         * dfg/DFGClobberize.h:
1753         (JSC::DFG::clobberize):
1754         * dfg/DFGDoesGC.cpp:
1755         (JSC::DFG::doesGC):
1756         * dfg/DFGFixupPhase.cpp:
1757         (JSC::DFG::FixupPhase::fixupNode):
1758         * dfg/DFGNode.h:
1759         (JSC::DFG::Node::hasIdentifier):
1760         (JSC::DFG::Node::hasAccessorAttributes):
1761         (JSC::DFG::Node::accessorAttributes):
1762         * dfg/DFGNodeType.h:
1763         * dfg/DFGPredictionPropagationPhase.cpp:
1764         (JSC::DFG::PredictionPropagationPhase::propagate):
1765         * dfg/DFGSafeToExecute.h:
1766         (JSC::DFG::safeToExecute):
1767         * dfg/DFGSpeculativeJIT.cpp:
1768         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
1769         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
1770         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
1771         * dfg/DFGSpeculativeJIT.h:
1772         (JSC::DFG::SpeculativeJIT::callOperation):
1773         * dfg/DFGSpeculativeJIT32_64.cpp:
1774         (JSC::DFG::SpeculativeJIT::compile):
1775         * dfg/DFGSpeculativeJIT64.cpp:
1776         (JSC::DFG::SpeculativeJIT::compile):
1777         * ftl/FTLCapabilities.cpp:
1778         (JSC::FTL::canCompile):
1779         * ftl/FTLIntrinsicRepository.h:
1780         * ftl/FTLLowerDFGToLLVM.cpp:
1781         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1782         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
1783         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
1784         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
1785         * jit/JIT.h:
1786         * jit/JITInlines.h:
1787         (JSC::JIT::callOperation):
1788         * jit/JITOperations.cpp:
1789         * jit/JITOperations.h:
1790         * jit/JITPropertyAccess.cpp:
1791         (JSC::JIT::emit_op_put_getter_by_id):
1792         (JSC::JIT::emit_op_put_setter_by_id):
1793         (JSC::JIT::emit_op_put_getter_setter):
1794         * jit/JITPropertyAccess32_64.cpp:
1795         (JSC::JIT::emit_op_put_getter_by_id):
1796         (JSC::JIT::emit_op_put_setter_by_id):
1797         (JSC::JIT::emit_op_put_getter_setter):
1798         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
1799         (shouldBe):
1800         (testAttribute):
1801         (getter.Cocoa.prototype.get hello):
1802         (getter.Cocoa):
1803         (getter):
1804         (setter.Cocoa):
1805         (setter.Cocoa.prototype.set hello):
1806         (setter):
1807         (accessors.Cocoa):
1808         (accessors.Cocoa.prototype.get hello):
1809         (accessors.Cocoa.prototype.set hello):
1810         (accessors):
1811         * tests/stress/dfg-put-accessors-by-id.js: Added.
1812         (shouldBe):
1813         (testAttribute):
1814         (getter.object.get hello):
1815         (getter):
1816         (setter.object.set hello):
1817         (setter):
1818         (accessors.object.get hello):
1819         (accessors.object.set hello):
1820         (accessors):
1821         * tests/stress/dfg-put-getter-by-id-class.js: Added.
1822         (shouldBe):
1823         (testAttribute):
1824         (getter.Cocoa):
1825         (getter.Cocoa.prototype.get hello):
1826         (getter.Cocoa.prototype.get name):
1827         (getter):
1828         * tests/stress/dfg-put-getter-by-id.js: Added.
1829         (shouldBe):
1830         (testAttribute):
1831         (getter.object.get hello):
1832         (getter):
1833         * tests/stress/dfg-put-getter-by-val-class.js: Added.
1834         (shouldBe):
1835         (testAttribute):
1836         (getter.Cocoa):
1837         (getter.Cocoa.prototype.get name):
1838         (getter):
1839         * tests/stress/dfg-put-getter-by-val.js: Added.
1840         (shouldBe):
1841         (testAttribute):
1842         (getter.object.get name):
1843         (getter):
1844         * tests/stress/dfg-put-setter-by-id-class.js: Added.
1845         (shouldBe):
1846         (testAttribute):
1847         (getter.Cocoa):
1848         (getter.Cocoa.prototype.set hello):
1849         (getter.Cocoa.prototype.get name):
1850         (getter):
1851         * tests/stress/dfg-put-setter-by-id.js: Added.
1852         (shouldBe):
1853         (testAttribute):
1854         (setter.object.set hello):
1855         (setter):
1856         * tests/stress/dfg-put-setter-by-val-class.js: Added.
1857         (shouldBe):
1858         (testAttribute):
1859         (setter.Cocoa):
1860         (setter.Cocoa.prototype.set name):
1861         (setter):
1862         * tests/stress/dfg-put-setter-by-val.js: Added.
1863         (shouldBe):
1864         (testAttribute):
1865         (setter.object.set name):
1866         (setter):
1867
1868 2015-10-22  Joseph Pecoraro  <pecoraro@apple.com>
1869
1870         Web Inspector: Remove unused Timeline GCEvent Record type
1871         https://bugs.webkit.org/show_bug.cgi?id=150477
1872
1873         Reviewed by Timothy Hatcher.
1874
1875         Garbage Collection events go through the Heap domain, not the
1876         Timeline domain (long time ago for Chromium).
1877
1878         * inspector/protocol/Timeline.json:
1879
1880 2015-10-22  Michael Saboff  <msaboff@apple.com>
1881
1882         REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at JavaScriptCore:JSC::ExecState::bytecodeOffset + 174
1883         https://bugs.webkit.org/show_bug.cgi?id=150434
1884
1885         Reviewed by Mark Lam.
1886
1887         Pass the current frame instead of the caller frame to operationVMHandleException when processing an
1888         exception in one of the native thunks.
1889
1890         * jit/JITExceptions.cpp:
1891         (JSC::genericUnwind): Made debug printing of CodeBlock safe for call frames without one.
1892         * jit/JITOpcodes32_64.cpp:
1893         (JSC::JIT::privateCompileCTINativeCall):
1894         * jit/ThunkGenerators.cpp:
1895         (JSC::nativeForGenerator):
1896
1897 2015-10-21  Brian Burg  <bburg@apple.com>
1898
1899         Restructure generate-js-bindings script to be modular and testable
1900         https://bugs.webkit.org/show_bug.cgi?id=149929
1901
1902         Reviewed by Alex Christensen.
1903
1904         This is a new code generator, based on the replay inputs code generator and
1905         the inspector protocol code generator, which produces various files for JS
1906         builtins.
1907
1908         Relative to the generator it replaces, this one consolidates two scripts in
1909         JavaScriptCore and WebCore into a single script with multiple files. Parsed
1910         information about the builtins file is stored in backend-independent model
1911         objects. Each output file has its own code generator that uses the model to
1912         produce resulting code. Generators are additionally parameterized by the target
1913         framework (to choose correct macros and includes) and output mode (one
1914         header/implementation file per builtin or per framework).
1915
1916         It includes a few simple tests of the generator's functionality. These result-
1917         based tests will become increasingly more important as we start to add support
1918         for builtins annotation such as @optional, @internal, etc. to the code generator.
1919
1920         Some of these complexities, such as having two output modes, will be removed in
1921         subsequent patches. This patch is intended to exactly replace the existing
1922         functionality with a unified script that makes additional cleanups straightforward.
1923
1924         Additional cleanup and consolidation between inspector code generator scripts
1925         and this script will be pursued in followup patches.
1926
1927         New tests:
1928
1929         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js
1930         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js
1931         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js
1932         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js
1933         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js
1934         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js
1935         Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js
1936         Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js
1937         Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js
1938         Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js
1939
1940
1941         * CMakeLists.txt:
1942
1943             Copy the scripts that are used by other targets to a staging directory inside
1944             ${DERIVED_SOURCES_DIR}/ForwardingHeaders/JavaScriptCore/Scripts.
1945             Define JavaScriptCore_SCRIPTS_DIR to point here so that the add_custom_command
1946             and shared file lists are identical between JavaScriptCore and WebCore. The staged
1947             scripts are a dependency of the main JavaScriptCore target so that they are
1948             always staged, even if JavaScriptCore itself does not use a particular script.
1949
1950             The output files additionally depend on all builtin generator script files
1951             and input files that are combined into the single header/implementation file.
1952
1953         * DerivedSources.make:
1954
1955             Define JavaScriptCore_SCRIPTS_DIR explicitly so the rule for code generation and
1956             shared file lists are identical between JavaScriptCore and WebCore.
1957
1958             The output files additionally depend on all builtin generator script files
1959             and input files that are combined into the single header/implementation file.
1960
1961         * JavaScriptCore.xcodeproj/project.pbxproj:
1962
1963             Mark the new builtins generator files as private headers so we can use them from
1964             WebCore.
1965
1966         * Scripts/UpdateContents.py: Renamed from Source/JavaScriptCore/UpdateContents.py.
1967         * Scripts/builtins/__init__.py: Added.
1968         * Scripts/builtins/builtins.py: Added.
1969         * Scripts/builtins/builtins_generator.py: Added. This file contains the base generator.
1970         (WK_lcfirst):
1971         (WK_ucfirst):
1972         (BuiltinsGenerator):
1973         (BuiltinsGenerator.__init__):
1974         (BuiltinsGenerator.model):
1975         (BuiltinsGenerator.generate_license):
1976         (BuiltinsGenerator.generate_includes_from_entries):
1977         (BuiltinsGenerator.generate_output):
1978         (BuiltinsGenerator.output_filename):
1979         (BuiltinsGenerator.mangledNameForFunction):
1980         (BuiltinsGenerator.mangledNameForFunction.toCamel):
1981         (BuiltinsGenerator.generate_embedded_code_string_section_for_function):
1982         * Scripts/builtins/builtins_model.py: Added. This file contains builtins model objects.
1983         (ParseException):
1984         (Framework):
1985         (Framework.__init__):
1986         (Framework.setting):
1987         (Framework.fromString):
1988         (Frameworks):
1989         (BuiltinObject):
1990         (BuiltinObject.__init__):
1991         (BuiltinFunction):
1992         (BuiltinFunction.__init__):
1993         (BuiltinFunction.fromString):
1994         (BuiltinFunction.__str__):
1995         (BuiltinsCollection):
1996         (BuiltinsCollection.__init__):
1997         (BuiltinsCollection.parse_builtins_file):
1998         (BuiltinsCollection.copyrights):
1999         (BuiltinsCollection.all_functions):
2000         (BuiltinsCollection._parse_copyright_lines):
2001         (BuiltinsCollection._parse_functions):
2002         * Scripts/builtins/builtins_templates.py: Added.
2003         (BuiltinsGeneratorTemplates):
2004         * Scripts/builtins/builtins_generate_combined_header.py: Added.
2005         (BuiltinsCombinedHeaderGenerator):
2006         (BuiltinsCombinedHeaderGenerator.__init__):
2007         (BuiltinsCombinedHeaderGenerator.output_filename):
2008         (BuiltinsCombinedHeaderGenerator.generate_output):
2009         (BuiltinsCombinedHeaderGenerator.generate_forward_declarations):
2010         (FunctionExecutable):
2011         (VM):
2012         (ConstructAbility):
2013         (generate_section_for_object):
2014         (generate_externs_for_object):
2015         (generate_macros_for_object):
2016         (generate_defines_for_object):
2017         (generate_section_for_code_table_macro):
2018         (generate_section_for_code_name_macro):
2019         * Scripts/builtins/builtins_generate_combined_implementation.py: Added.
2020         (BuiltinsCombinedImplementationGenerator):
2021         (BuiltinsCombinedImplementationGenerator.__init__):
2022         (BuiltinsCombinedImplementationGenerator.output_filename):
2023         (BuiltinsCombinedImplementationGenerator.generate_output):
2024         (BuiltinsCombinedImplementationGenerator.generate_header_includes):
2025         * Scripts/builtins/builtins_generate_separate_header.py: Added.
2026         (BuiltinsSeparateHeaderGenerator):
2027         (BuiltinsSeparateHeaderGenerator.__init__):
2028         (BuiltinsSeparateHeaderGenerator.output_filename):
2029         (BuiltinsSeparateHeaderGenerator.macro_prefix):
2030         (BuiltinsSeparateHeaderGenerator.generate_output):
2031         (BuiltinsSeparateHeaderGenerator.generate_forward_declarations):
2032         (FunctionExecutable):
2033         (generate_header_includes):
2034         (generate_section_for_object):
2035         (generate_externs_for_object):
2036         (generate_macros_for_object):
2037         (generate_defines_for_object):
2038         (generate_section_for_code_table_macro):
2039         (generate_section_for_code_name_macro):
2040         * Scripts/builtins/builtins_generate_separate_implementation.py: Added.
2041         (BuiltinsSeparateImplementationGenerator):
2042         (BuiltinsSeparateImplementationGenerator.__init__):
2043         (BuiltinsSeparateImplementationGenerator.output_filename):
2044         (BuiltinsSeparateImplementationGenerator.macro_prefix):
2045         (BuiltinsSeparateImplementationGenerator.generate_output):
2046         (BuiltinsSeparateImplementationGenerator.generate_header_includes):
2047         * Scripts/builtins/builtins_generate_separate_wrapper.py: Added.
2048         (BuiltinsSeparateWrapperGenerator):
2049         (BuiltinsSeparateWrapperGenerator.__init__):
2050         (BuiltinsSeparateWrapperGenerator.output_filename):
2051         (BuiltinsSeparateWrapperGenerator.macro_prefix):
2052         (BuiltinsSeparateWrapperGenerator.generate_output):
2053         (BuiltinsSeparateWrapperGenerator.generate_header_includes):
2054         * Scripts/generate-js-builtins.py: Added.
2055
2056             Parse command line options, decide which generators and output modes to use.
2057
2058         (generate_bindings_for_builtins_files):
2059         * Scripts/lazywriter.py: Copied from the inspector protocol generator.
2060         (LazyFileWriter):
2061         (LazyFileWriter.__init__):
2062         (LazyFileWriter.write):
2063         (LazyFileWriter.close):
2064         * Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js: Added.
2065         * Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js: Added.
2066         * Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js: Added.
2067         * Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js: Added.
2068         * Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js: Added.
2069         * Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js: Added.
2070         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Added.
2071         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Added.
2072         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Added.
2073         * Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js: Added.
2074         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result: Added.
2075         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result: Added.
2076         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result: Added.
2077         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result: Added.
2078         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result: Added.
2079         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result: Added.
2080         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result: Added.
2081         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result: Added.
2082         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result: Added.
2083         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result: Added.
2084         * builtins/BuiltinExecutables.cpp:
2085         (JSC::BuiltinExecutables::BuiltinExecutables):
2086         * builtins/BuiltinExecutables.h:
2087         * create_hash_table:
2088
2089             Update the generated builtin macro names.
2090
2091         * generate-js-builtins: Removed.
2092
2093 2015-10-21  Benjamin Poulain  <bpoulain@apple.com>
2094
2095         [JSC] Remove FTL Native Inlining, it is dead code
2096         https://bugs.webkit.org/show_bug.cgi?id=150429
2097
2098         Reviewed by Filip Pizlo.
2099
2100         The code is not used and it is in the way of other changes.
2101
2102         * ftl/FTLAbbreviations.h:
2103         (JSC::FTL::getFirstInstruction): Deleted.
2104         (JSC::FTL::getNextInstruction): Deleted.
2105         (JSC::FTL::getFirstBasicBlock): Deleted.
2106         (JSC::FTL::getNextBasicBlock): Deleted.
2107         * ftl/FTLLowerDFGToLLVM.cpp:
2108         (JSC::FTL::DFG::LowerDFGToLLVM::isInlinableSize): Deleted.
2109         * runtime/Options.h:
2110
2111 2015-10-21  Benjamin Poulain  <bpoulain@apple.com>
2112
2113         [JSC] Remove two useless temporaries from the PutByOffset codegen
2114         https://bugs.webkit.org/show_bug.cgi?id=150421
2115
2116         Reviewed by Geoffrey Garen.
2117
2118         * dfg/DFGSpeculativeJIT64.cpp:
2119         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2120         Looks like they were added by accident in r160796.
2121
2122 2015-10-21  Filip Pizlo  <fpizlo@apple.com>
2123
2124         Factor out the graph node worklists from DFG into WTF
2125         https://bugs.webkit.org/show_bug.cgi?id=150411
2126
2127         Reviewed by Geoffrey Garen.
2128
2129         Rewrite the DFGBlockWorklist.h file as a bunch of typedefs and aliases for things in
2130         wtf/GraphNodeWorklist.h. Most users won't notice, except that some small things got
2131         renamed. For example PreOrder becomes VisitOrder::Pre and item.block becomes item.node.
2132
2133         * CMakeLists.txt:
2134         * JavaScriptCore.xcodeproj/project.pbxproj:
2135         * dfg/DFGBlockWorklist.cpp: Removed.
2136         * dfg/DFGBlockWorklist.h:
2137         (JSC::DFG::BlockWorklist::notEmpty): Deleted.
2138         (JSC::DFG::BlockWith::BlockWith): Deleted.
2139         (JSC::DFG::BlockWith::operator bool): Deleted.
2140         (JSC::DFG::ExtendedBlockWorklist::ExtendedBlockWorklist): Deleted.
2141         (JSC::DFG::ExtendedBlockWorklist::forcePush): Deleted.
2142         (JSC::DFG::ExtendedBlockWorklist::push): Deleted.
2143         (JSC::DFG::ExtendedBlockWorklist::notEmpty): Deleted.
2144         (JSC::DFG::ExtendedBlockWorklist::pop): Deleted.
2145         (JSC::DFG::BlockWithOrder::BlockWithOrder): Deleted.
2146         (JSC::DFG::BlockWithOrder::operator bool): Deleted.
2147         (JSC::DFG::PostOrderBlockWorklist::push): Deleted.
2148         (JSC::DFG::PostOrderBlockWorklist::notEmpty): Deleted.
2149         * dfg/DFGDominators.cpp:
2150         (JSC::DFG::Dominators::compute):
2151         * dfg/DFGGraph.cpp:
2152         (JSC::DFG::Graph::blocksInPostOrder):
2153         * dfg/DFGPrePostNumbering.cpp:
2154         (JSC::DFG::PrePostNumbering::compute):
2155
2156 2015-10-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2157
2158         [INTL] Implement Intl.Collator.prototype.resolvedOptions ()
2159         https://bugs.webkit.org/show_bug.cgi?id=147601
2160
2161         Reviewed by Benjamin Poulain.
2162
2163         This patch implements Intl.Collator.prototype.resolvedOptions() according
2164         to the ECMAScript 2015 Internationalization API spec (ECMA-402 2nd edition.)
2165         It also implements the abstract operations InitializeCollator, ResolveLocale,
2166         LookupMatcher, and BestFitMatcher.
2167
2168         * runtime/CommonIdentifiers.h:
2169         * runtime/IntlCollator.h:
2170         (JSC::IntlCollator::usage):
2171         (JSC::IntlCollator::setUsage):
2172         (JSC::IntlCollator::locale):
2173         (JSC::IntlCollator::setLocale):
2174         (JSC::IntlCollator::collation):
2175         (JSC::IntlCollator::setCollation):
2176         (JSC::IntlCollator::numeric):
2177         (JSC::IntlCollator::setNumeric):
2178         (JSC::IntlCollator::sensitivity):
2179         (JSC::IntlCollator::setSensitivity):
2180         (JSC::IntlCollator::ignorePunctuation):
2181         (JSC::IntlCollator::setIgnorePunctuation):
2182         * runtime/IntlCollatorConstructor.cpp:
2183         (JSC::sortLocaleData):
2184         (JSC::searchLocaleData):
2185         (JSC::initializeCollator):
2186         (JSC::constructIntlCollator):
2187         (JSC::callIntlCollator):
2188         * runtime/IntlCollatorPrototype.cpp:
2189         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
2190         * runtime/IntlObject.cpp:
2191         (JSC::defaultLocale):
2192         (JSC::getIntlBooleanOption):
2193         (JSC::getIntlStringOption):
2194         (JSC::removeUnicodeLocaleExtension):
2195         (JSC::lookupMatcher):
2196         (JSC::bestFitMatcher):
2197         (JSC::resolveLocale):
2198         (JSC::lookupSupportedLocales):
2199         * runtime/IntlObject.h:
2200
2201 2015-10-21  Saam barati  <sbarati@apple.com>
2202
2203         C calls in PolymorphicAccess shouldn't assume that the top of the stack looks like a JSC JIT frame and enable *ByIdFlush in FTL
2204         https://bugs.webkit.org/show_bug.cgi?id=125711
2205
2206         Reviewed by Filip Pizlo.
2207
2208         This patch ensures that anytime we need to make a C call inside
2209         PolymorphicAccess, we ensure there is enough space on the stack to do so.
2210
2211         This patch also enables GetByIdFlush/PutByIdFlush inside the FTL.
2212         Because PolymorphicAccess now spills the necessary registers
2213         before making a JS/C call, any registers that LLVM report as
2214         being in use for the patchpoint will be spilled before making
2215         a call by PolymorphicAccess.
2216
2217         * bytecode/PolymorphicAccess.cpp:
2218         (JSC::AccessGenerationState::restoreScratch):
2219         (JSC::AccessGenerationState::succeed):
2220         (JSC::AccessGenerationState::calculateLiveRegistersForCallAndExceptionHandling):
2221         (JSC::AccessCase::generate):
2222         (JSC::PolymorphicAccess::regenerate):
2223         * ftl/FTLCapabilities.cpp:
2224         (JSC::FTL::canCompile):
2225         * ftl/FTLLowerDFGToLLVM.cpp:
2226         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2227         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetById):
2228         (JSC::FTL::DFG::LowerDFGToLLVM::emitStoreBarrier):
2229         * jit/AssemblyHelpers.h:
2230         (JSC::AssemblyHelpers::emitTypeOf):
2231         (JSC::AssemblyHelpers::makeSpaceOnStackForCCall):
2232         (JSC::AssemblyHelpers::reclaimSpaceOnStackForCCall):
2233         * jit/RegisterSet.cpp:
2234         (JSC::RegisterSet::webAssemblyCalleeSaveRegisters):
2235         (JSC::RegisterSet::registersToNotSaveForJSCall):
2236         (JSC::RegisterSet::registersToNotSaveForCCall):
2237         (JSC::RegisterSet::allGPRs):
2238         (JSC::RegisterSet::registersToNotSaveForCall): Deleted.
2239         * jit/RegisterSet.h:
2240         (JSC::RegisterSet::set):
2241         * jit/ScratchRegisterAllocator.cpp:
2242         (JSC::ScratchRegisterAllocator::allocateScratchGPR):
2243         (JSC::ScratchRegisterAllocator::allocateScratchFPR):
2244         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2245         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2246         These methods now take an extra parameter indicating if they
2247         should create space for a C call at the top of the stack if
2248         there are any reused registers to spill.
2249
2250         (JSC::ScratchRegisterAllocator::usedRegistersForCall):
2251         * jit/ScratchRegisterAllocator.h:
2252         (JSC::ScratchRegisterAllocator::usedRegisters):
2253
2254 2015-10-21  Joseph Pecoraro  <pecoraro@apple.com>
2255
2256         Web Inspector: Array previews with Symbol objects have too few preview values
2257         https://bugs.webkit.org/show_bug.cgi?id=150404
2258
2259         Reviewed by Timothy Hatcher.
2260
2261         * inspector/InjectedScriptSource.js:
2262         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
2263         We should be continuing inside this loop not returning.
2264
2265 2015-10-21  Filip Pizlo  <fpizlo@apple.com>
2266
2267         Failures in PutStackSinkingPhase should be less severe
2268         https://bugs.webkit.org/show_bug.cgi?id=150400
2269
2270         Reviewed by Geoffrey Garen.
2271
2272         Make the PutStackSinkingPhase abort instead of asserting. To test that it's OK to not have
2273         PutStackSinkingPhase run, this adds a test mode where we run without PutStackSinkingPhase.
2274
2275         * dfg/DFGPlan.cpp: Make it possible to not run PutStackSinkingPhase for tests.
2276         (JSC::DFG::Plan::compileInThreadImpl):
2277         * dfg/DFGPutStackSinkingPhase.cpp: PutStackSinkingPhase should abort instead of asserting, except when validation is enabled.
2278         * runtime/Options.h: Add an option for disabling PutStackSinkingPhase.
2279
2280 2015-10-21  Saam barati  <sbarati@apple.com>
2281
2282         The FTL should place the CallSiteIndex on the call frame for JS calls when it fills in the patchpoint
2283         https://bugs.webkit.org/show_bug.cgi?id=150104
2284
2285         Reviewed by Filip Pizlo.
2286
2287         We lower JS Calls to patchpoints in LLVM. LLVM may decide to duplicate
2288         these patchpoints (or remove them). We eagerly store the CallSiteIndex on the 
2289         call frame when lowering DFG to LLVM. But, because the patchpoint we lower to may
2290         be duplicated, we really don't know the unique CallSiteIndex until we've
2291         actually seen the resulting patchpoints after LLVM has completed its transformations.
2292         To solve this, we now store the unique CallSiteIndex on the call frame header 
2293         when generating code to fill into the patchpoint.
2294
2295         * ftl/FTLCompile.cpp:
2296         (JSC::FTL::mmAllocateDataSection):
2297         * ftl/FTLJSCall.cpp:
2298         (JSC::FTL::JSCall::JSCall):
2299         (JSC::FTL::JSCall::emit):
2300         * ftl/FTLJSCall.h:
2301         (JSC::FTL::JSCall::stackmapID):
2302         * ftl/FTLJSCallBase.cpp:
2303         (JSC::FTL::JSCallBase::JSCallBase):
2304         (JSC::FTL::JSCallBase::emit):
2305         (JSC::FTL::JSCallBase::link):
2306         * ftl/FTLJSCallBase.h:
2307         * ftl/FTLJSCallVarargs.cpp:
2308         (JSC::FTL::JSCallVarargs::JSCallVarargs):
2309         (JSC::FTL::JSCallVarargs::numSpillSlotsNeeded):
2310         (JSC::FTL::JSCallVarargs::emit):
2311         * ftl/FTLJSCallVarargs.h:
2312         (JSC::FTL::JSCallVarargs::node):
2313         (JSC::FTL::JSCallVarargs::stackmapID):
2314         * ftl/FTLJSTailCall.cpp:
2315         (JSC::FTL::JSTailCall::JSTailCall):
2316         (JSC::FTL::m_instructionOffset):
2317         (JSC::FTL::JSTailCall::emit):
2318         * ftl/FTLLowerDFGToLLVM.cpp:
2319         (JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):
2320         (JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstructVarargs):
2321         (JSC::FTL::DFG::LowerDFGToLLVM::callPreflight):
2322         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
2323         (JSC::FTL::DFG::LowerDFGToLLVM::callCheck):
2324
2325 2015-10-21  Geoffrey Garen  <ggaren@apple.com>
2326
2327         Date creation should share a little code
2328         https://bugs.webkit.org/show_bug.cgi?id=150399
2329
2330         Reviewed by Filip Pizlo.
2331
2332         I want to fix a bug in this code, but I don't want to fix it in two
2333         different places. (See https://bugs.webkit.org/show_bug.cgi?id=150386.)
2334
2335         * runtime/DateConstructor.cpp:
2336         (JSC::DateConstructor::getOwnPropertySlot):
2337         (JSC::milliseconds): Factored out a shared helper function. If you look
2338         closely, you'll see that one copy of this code previously checked isfinite
2339         while the other checked isnan. isnan returning nan was obviously a no-op,
2340         so I removed it. isfinite, it turns out, is also a no-op -- but less
2341         obviously so, so I kept it for now.
2342
2343         (JSC::constructDate):
2344         (JSC::dateUTC): Use the helper function.
2345
2346 2015-10-21  Guillaume Emont  <guijemont@igalia.com>
2347
2348         llint: align stack pointer on mips too
2349
2350         [MIPS] LLInt: align stack pointer on MIPS too
2351         https://bugs.webkit.org/show_bug.cgi?id=150380
2352
2353         Reviewed by Michael Saboff.
2354
2355         * llint/LowLevelInterpreter32_64.asm:
2356
2357 2015-10-20  Mark Lam  <mark.lam@apple.com>
2358
2359         YarrPatternConstructor::containsCapturingTerms() should not assume that its terms.size() is greater than 0.
2360         https://bugs.webkit.org/show_bug.cgi?id=150372
2361
2362         Reviewed by Geoffrey Garen.
2363
2364         * yarr/YarrPattern.cpp:
2365         (JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
2366         (JSC::Yarr::YarrPatternConstructor::optimizeBOL):
2367         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
2368         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2369
2370 2015-10-20  Michael Saboff  <msaboff@apple.com>
2371
2372         REGRESSION (r191175): OSR Exit from an inlined tail callee trashes callee save registers
2373         https://bugs.webkit.org/show_bug.cgi?id=150336
2374
2375         Reviewed by Mark Lam.
2376
2377         During OSR exit, we need to restore and transform the active stack into what the baseline
2378         JIT expects.  Inlined call frames become true call frames.  When we reify an inlined call
2379         frame and it is a tail call which we will be continuing from, we need to restore the tag
2380         constant callee save registers with what was saved by the outermost caller.
2381
2382         Re-enabled tail calls and restored tests for tail calls.
2383
2384         * dfg/DFGOSRExitCompilerCommon.cpp:
2385         (JSC::DFG::reifyInlinedCallFrames): Select whether or not we use the callee save tag register
2386         contents or what was saved by the inlining caller when populating an inlined callee's
2387         callee save registers.
2388         * jit/AssemblyHelpers.h:
2389         (JSC::AssemblyHelpers::emitSaveCalleeSavesFor): This function no longer needs a stack offset.
2390         (JSC::AssemblyHelpers::emitSaveOrCopyCalleeSavesFor): New helper.
2391         * runtime/Options.h: Turned tail calls back on.
2392         * tests/es6.yaml:
2393         * tests/stress/dfg-tail-calls.js:
2394         (nonInlinedTailCall.callee):
2395         * tests/stress/mutual-tail-call-no-stack-overflow.js:
2396         (shouldThrow):
2397         * tests/stress/tail-call-in-inline-cache.js:
2398         (tail):
2399         * tests/stress/tail-call-no-stack-overflow.js:
2400         (shouldThrow):
2401         * tests/stress/tail-call-recognize.js:
2402         (callerMustBeRun):
2403         * tests/stress/tail-call-varargs-no-stack-overflow.js:
2404         (shouldThrow):
2405
2406 2015-10-20  Joseph Pecoraro  <pecoraro@apple.com>
2407
2408         Web Inspector: JavaScriptCore should parse sourceURL and sourceMappingURL directives
2409         https://bugs.webkit.org/show_bug.cgi?id=150096
2410
2411         Reviewed by Geoffrey Garen.
2412
2413         * inspector/ContentSearchUtilities.cpp:
2414         (Inspector::ContentSearchUtilities::scriptCommentPattern): Deleted.
2415         (Inspector::ContentSearchUtilities::findScriptSourceURL): Deleted.
2416         (Inspector::ContentSearchUtilities::findScriptSourceMapURL): Deleted.
2417         * inspector/ContentSearchUtilities.h:
2418         No longer need to search script content.
2419
2420         * inspector/ScriptDebugServer.cpp:
2421         (Inspector::ScriptDebugServer::dispatchDidParseSource):
2422         Carry over the sourceURL and sourceMappingURL from the SourceProvider.
2423
2424         * inspector/agents/InspectorDebuggerAgent.cpp:
2425         (Inspector::InspectorDebuggerAgent::sourceMapURLForScript):
2426         (Inspector::InspectorDebuggerAgent::didParseSource):
2427         No longer do content searching.
2428
2429         * parser/Lexer.cpp:
2430         (JSC::Lexer<T>::setCode):
2431         (JSC::Lexer<T>::skipWhitespace):
2432         (JSC::Lexer<T>::parseCommentDirective):
2433         (JSC::Lexer<T>::parseCommentDirectiveValue):
2434         (JSC::Lexer<T>::consume):
2435         (JSC::Lexer<T>::lex):
2436         * parser/Lexer.h:
2437         (JSC::Lexer::sourceURL):
2438         (JSC::Lexer::sourceMappingURL):
2439         (JSC::Lexer::sourceProvider): Deleted.
2440         Give lexer the ability to detect script comment directives.
2441         This just consumes characters in single line comments and
2442         ultimately sets the sourceURL or sourceMappingURL found.
2443
2444         * parser/Parser.h:
2445         (JSC::Parser<LexerType>::parse):
2446         * parser/SourceProvider.h:
2447         (JSC::SourceProvider::url):
2448         (JSC::SourceProvider::sourceURL):
2449         (JSC::SourceProvider::sourceMappingURL):
2450         (JSC::SourceProvider::setSourceURL):
2451         (JSC::SourceProvider::setSourceMappingURL):
2452         After parsing a script, update the Source Provider with the
2453         value of directives that may have been found in the script.
2454
2455 2015-10-20  Saam barati  <sbarati@apple.com>
2456
2457         GCAwareJITStubRoutineWithExceptionHandler has a stale CodeBlock pointer in its destructor
2458         https://bugs.webkit.org/show_bug.cgi?id=150351
2459
2460         Reviewed by Mark Lam.
2461
2462         We may regenerate many GCAwareJITStubRoutineWithExceptionHandler stubs per one PolymorphicAccess.
2463         Only the last GCAwareJITStubRoutineWithExceptionHandler stub that was generated will get the CodeBlock's aboutToDie()
2464         notification. All other GCAwareJITStubRoutineWithExceptionHandler stubs will still be holding a stale CodeBlock pointer
2465         that they will use in their destructor. The solution is to have GCAwareJITStubRoutineWithExceptionHandler remove its
2466         exception handler in observeZeroRefCount() instead of its destructor. observeZeroRefCount() will run when a PolymorphicAccess
2467         replaces its m_stubRoutine.
2468
2469         * jit/GCAwareJITStubRoutine.cpp:
2470         (JSC::GCAwareJITStubRoutineWithExceptionHandler::aboutToDie):
2471         (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
2472         (JSC::createJITStubRoutine):
2473         (JSC::GCAwareJITStubRoutineWithExceptionHandler::~GCAwareJITStubRoutineWithExceptionHandler): Deleted.
2474         * jit/GCAwareJITStubRoutine.h:
2475
2476 >>>>>>> .r191351
2477 2015-10-20  Tim Horton  <timothy_horton@apple.com>
2478
2479         Try to fix the build by disabling MAC_GESTURE_EVENTS on 10.9 and 10.10
2480
2481         * Configurations/FeatureDefines.xcconfig:
2482
2483 2015-10-20  Xabier Rodriguez Calvar  <calvaris@igalia.com>
2484
2485         [Streams API] Rework some readable stream internals that can be common to writable streams
2486         https://bugs.webkit.org/show_bug.cgi?id=150133
2487
2488         Reviewed by Darin Adler.
2489
2490         * runtime/CommonIdentifiers.h:
2491         * runtime/JSGlobalObject.cpp:
2492         (JSC::JSGlobalObject::init): Added RangeError also as native functions.
2493
2494 2015-10-20  Yoav Weiss  <yoav@yoav.ws>
2495
2496         Rename the PICTURE_SIZES flag to CURRENTSRC
2497         https://bugs.webkit.org/show_bug.cgi?id=150275
2498
2499         Reviewed by Dean Jackson.
2500
2501         * Configurations/FeatureDefines.xcconfig:
2502
2503 2015-10-19  Saam barati  <sbarati@apple.com>
2504
2505         FTL should generate a unique OSR exit for each duplicated OSR exit stackmap intrinsic.
2506         https://bugs.webkit.org/show_bug.cgi?id=149970
2507
2508         Reviewed by Filip Pizlo.
2509
2510         When we lower DFG to LLVM, we generate a stackmap intrnsic for OSR 
2511         exits. We also recorded the OSR exit inside FTL::JITCode during lowering.
2512         This stackmap intrinsic may be duplicated or even removed by LLVM.
2513         When the stackmap intrinsic is duplicated, we used to generate just
2514         a single OSR exit data structure. Then, when we compiled an OSR exit, we 
2515         would look for the first record in the record list that had the same stackmap ID
2516         as what the OSR exit data structure had. We did this even when the OSR exit
2517         stackmap intrinsic was duplicated. This would lead us to grab the wrong FTL::StackMaps::Record.
2518
2519         Now, each OSR exit knows exactly which FTL::StackMaps::Record it corresponds to.
2520         We accomplish this by having an OSRExitDescriptor that is recorded during
2521         lowering. Each descriptor may be referenced my zero, one, or more OSRExits.
2522         Now, no more than one stackmap intrinsic corresponds to the same index inside 
2523         JITCode's OSRExit Vector. Also, each OSRExit jump now jumps to a code location.
2524
2525         * ftl/FTLCompile.cpp:
2526         (JSC::FTL::mmAllocateDataSection):
2527         * ftl/FTLJITCode.cpp:
2528         (JSC::FTL::JITCode::validateReferences):
2529         (JSC::FTL::JITCode::liveRegistersToPreserveAtExceptionHandlingCallSite):
2530         * ftl/FTLJITCode.h:
2531         * ftl/FTLJITFinalizer.cpp:
2532         (JSC::FTL::JITFinalizer::finalizeFunction):
2533         * ftl/FTLLowerDFGToLLVM.cpp:
2534         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
2535         (JSC::FTL::DFG::LowerDFGToLLVM::compileIsUndefined):
2536         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
2537         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
2538         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
2539         (JSC::FTL::DFG::LowerDFGToLLVM::callStackmap):
2540         * ftl/FTLOSRExit.cpp:
2541         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
2542         (JSC::FTL::OSRExitDescriptor::validateReferences):
2543         (JSC::FTL::OSRExit::OSRExit):
2544         (JSC::FTL::OSRExit::codeLocationForRepatch):
2545         (JSC::FTL::OSRExit::validateReferences): Deleted.
2546         * ftl/FTLOSRExit.h:
2547         (JSC::FTL::OSRExit::considerAddingAsFrequentExitSite):
2548         * ftl/FTLOSRExitCompilationInfo.h:
2549         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
2550         * ftl/FTLOSRExitCompiler.cpp:
2551         (JSC::FTL::compileStub):
2552         (JSC::FTL::compileFTLOSRExit):
2553         * ftl/FTLStackMaps.cpp:
2554         (JSC::FTL::StackMaps::computeRecordMap):
2555         * ftl/FTLStackMaps.h:
2556
2557 2015-10-16  Brian Burg  <bburg@apple.com>
2558
2559         Unify handling of JavaScriptCore scripts that are used in WebCore
2560         https://bugs.webkit.org/show_bug.cgi?id=150245
2561
2562         Reviewed by Alex Christensen.
2563
2564         Move all standalone JavaScriptCore scripts that are used by WebCore into the
2565         JavaScriptCore/Scripts directory. Use JavaScriptCore_SCRIPTS_DIR to refer
2566         to the path for these scripts.
2567
2568         * DerivedSources.make:
2569
2570             Define and use JavaScriptCore_SCRIPTS_DIR.
2571
2572         * JavaScriptCore.xcodeproj/project.pbxproj:
2573
2574             Make a new group in the Xcode project and clean up references.
2575
2576         * PlatformWin.cmake:
2577
2578             For Windows, copy these scripts over to ForwardingHeaders/Scripts since they
2579             cannot be used directly from JAVASCRIPTCORE_DIR in AppleWin builds. Do the same
2580             thing for both Windows variants to be consistent about it.
2581
2582         * Scripts/cssmin.py: Renamed from Source/JavaScriptCore/inspector/scripts/cssmin.py.
2583         * Scripts/generate-combined-inspector-json.py: Renamed from Source/JavaScriptCore/inspector/scripts/generate-combined-inspector-json.py.
2584         * Scripts/generate-js-builtins: Renamed from Source/JavaScriptCore/generate-js-builtins.
2585         * Scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/JavaScriptCore/inspector/scripts/inline-and-minify-stylesheets-and-scripts.py.
2586         * Scripts/jsmin.py: Renamed from Source/JavaScriptCore/inspector/scripts/jsmin.py.
2587         * Scripts/xxd.pl: Renamed from Source/JavaScriptCore/inspector/scripts/xxd.pl.
2588
2589 2015-10-19  Tim Horton  <timothy_horton@apple.com>
2590
2591         Try to fix the iOS build
2592
2593         * Configurations/FeatureDefines.xcconfig:
2594
2595 2015-10-17  Keith Miller  <keith_miller@apple.com>
2596
2597         Add regression tests for TypedArray.prototype functions' error messages.
2598         https://bugs.webkit.org/show_bug.cgi?id=150288
2599
2600         Reviewed by Darin Adler.
2601
2602         Fix a typo in the text passed by TypedArrray.prototype.filter type error message.
2603         Add tests that check the actual error message text for all the TypeArray.prototype
2604         functions that throw.
2605
2606         * builtins/TypedArray.prototype.js:
2607         (filter):
2608         * tests/stress/typedarray-every.js:
2609         * tests/stress/typedarray-filter.js:
2610         * tests/stress/typedarray-find.js:
2611         * tests/stress/typedarray-findIndex.js:
2612         * tests/stress/typedarray-forEach.js:
2613         * tests/stress/typedarray-map.js:
2614         * tests/stress/typedarray-reduce.js:
2615         * tests/stress/typedarray-reduceRight.js:
2616         * tests/stress/typedarray-some.js:
2617
2618 2015-10-19  Tim Horton  <timothy_horton@apple.com>
2619
2620         Add magnify and rotate gesture event support for Mac
2621         https://bugs.webkit.org/show_bug.cgi?id=150179
2622         <rdar://problem/8036240>
2623
2624         Reviewed by Darin Adler.
2625
2626         * Configurations/FeatureDefines.xcconfig:
2627         New feature flag.
2628
2629 2015-10-19  Csaba Osztrogon√°c  <ossy@webkit.org>
2630
2631         Fix the ENABLE(WEBASSEMBLY) build after r190827
2632         https://bugs.webkit.org/show_bug.cgi?id=150330
2633
2634         Reviewed by Geoffrey Garen.
2635
2636         * bytecode/CodeBlock.cpp:
2637         (JSC::CodeBlock::CodeBlock): Removed the duplicated VM argument.
2638         * bytecode/CodeBlock.h:
2639         (JSC::WebAssemblyCodeBlock::create): Added new parameters to finishCreation() calls.
2640         (JSC::WebAssemblyCodeBlock::WebAssemblyCodeBlock): Change VM parameter to pointer to match *CodeBlock classes.
2641         * runtime/Executable.cpp:
2642         (JSC::WebAssemblyExecutable::prepareForExecution): Removed extra ")" and pass pointer as it is expected.
2643
2644 2015-10-19  Mark Lam  <mark.lam@apple.com>
2645
2646         DoubleRep fails to convert SpecBoolean values.
2647         https://bugs.webkit.org/show_bug.cgi?id=150313
2648
2649         Reviewed by Geoffrey Garen.
2650
2651         This was uncovered by the op_sub stress test on 32-bit builds.  On 32-bit builds,
2652         DoubleRep will erroneously convert 'true' to a 'NaN' instead of a double 1.
2653         On 64-bit, the same issue exists but is masked by another bug in DoubleRep where
2654         boolean values will always erroneously trigger a BadType OSR exit.
2655
2656         The erroneous conversion of 'true' to 'NaN' is because the 'true' case in
2657         compileDoubleRep() is missing a jump to the "done" destination.  Instead, it
2658         fall through to the "isUndefined" case where it produces a NaN.
2659
2660         The 64-bit erroneous BadType OSR exit is due to the boolean type check being
2661         implemented incorrectly.  It was checking if any bits other than bit 0 were set.
2662         However, boolean JS values always have TagBitBool (the 3rd bit) set.  Hence, the
2663         check will always fail if we have a boolean value.
2664
2665         This patch fixes both of these issues.
2666
2667         No new test is needed because these issues are already covered by scenarios in
2668         the op_sub.js stress test.  This patch also fixes the op_sub.js test to throw an
2669         exception if any failures are encountered (as expected by the stress test
2670         harness).  This patch also re-worked the test code to provide more accurate
2671         descriptions of each test scenario for error reporting.
2672
2673         * dfg/DFGSpeculativeJIT.cpp:
2674         (JSC::DFG::SpeculativeJIT::compileDoubleRep):
2675
2676         * tests/stress/op_sub.js:
2677         (generateScenarios):
2678         (func):
2679         (initializeTestCases):
2680         (runTest):
2681         (stringify): Deleted.
2682
2683 2015-10-19  Yusuke Suzuki  <utatane.tea@gmail.com>
2684
2685         Drop !newTarget check since it always becomes true
2686         https://bugs.webkit.org/show_bug.cgi?id=150308
2687
2688         Reviewed by Geoffrey Garen.
2689
2690         In a context of calling a constructor, `newTarget` should not become JSEmpty.
2691         So `!newTarget` always becomes true. This patch drops this unneccessary check.
2692         And to ensure the implementation of the constructor is only called under
2693         the context of calling it as a constructor, we change these functions to
2694         static and only use them for constructor implementations of InternalFunction.
2695
2696         * runtime/IntlCollatorConstructor.cpp:
2697         (JSC::constructIntlCollator):
2698         (JSC::callIntlCollator):
2699         * runtime/IntlCollatorConstructor.h:
2700         * runtime/IntlDateTimeFormatConstructor.cpp:
2701         (JSC::constructIntlDateTimeFormat):
2702         (JSC::callIntlDateTimeFormat):
2703         * runtime/IntlDateTimeFormatConstructor.h:
2704         * runtime/IntlNumberFormatConstructor.cpp:
2705         (JSC::constructIntlNumberFormat):
2706         (JSC::callIntlNumberFormat):
2707         * runtime/IntlNumberFormatConstructor.h:
2708         * runtime/JSPromiseConstructor.cpp:
2709         (JSC::constructPromise):
2710
2711 2015-10-18  Yusuke Suzuki  <utatane.tea@gmail.com>
2712
2713         Promise constructor should throw when not called with "new"
2714         https://bugs.webkit.org/show_bug.cgi?id=149380
2715
2716         Reviewed by Darin Adler.
2717
2718         Implement handling new.target in Promise constructor. And
2719         prohibiting Promise constructor call without "new".
2720
2721         * runtime/JSPromiseConstructor.cpp:
2722         (JSC::constructPromise):
2723         (JSC::callPromise):
2724         (JSC::JSPromiseConstructor::getCallData):
2725         * tests/es6.yaml:
2726         * tests/stress/promise-cannot-be-called.js: Added.
2727         (shouldBe):
2728         (shouldThrow):
2729         (Deferred):
2730         (super):
2731
2732 2015-10-18  Yusuke Suzuki  <utatane.tea@gmail.com>
2733
2734         [ES6] Handle asynchronous tests in tests/es6
2735         https://bugs.webkit.org/show_bug.cgi?id=150293
2736
2737         Reviewed by Darin Adler.
2738
2739         Since JSC can handle microtasks, some of ES6 Promise tests can be executed under the JSC shell.
2740         Some of them still fail because it uses setTimeout that invokes macrotasks with explicit delay.
2741
2742         * tests/es6.yaml:
2743         * tests/es6/Promise_Promise.all.js:
2744         (test.asyncTestPassed):
2745         (test):
2746         * tests/es6/Promise_Promise.all_generic_iterables.js:
2747         (test.asyncTestPassed):
2748         (test):
2749         * tests/es6/Promise_Promise.race.js:
2750         (test.asyncTestPassed):
2751         (test):
2752         * tests/es6/Promise_Promise.race_generic_iterables.js:
2753         (test.asyncTestPassed):
2754         (test):
2755         * tests/es6/Promise_basic_functionality.js:
2756         (test.asyncTestPassed):
2757         (test):
2758         * tests/es6/Promise_is_subclassable_Promise.all.js:
2759         (test.asyncTestPassed):
2760         (test):
2761         * tests/es6/Promise_is_subclassable_Promise.race.js:
2762         (test.asyncTestPassed):
2763         (test):
2764         * tests/es6/Promise_is_subclassable_basic_functionality.js:
2765         (test.asyncTestPassed):
2766         (test):
2767
2768 2015-10-18  Sungmann Cho  <sungmann.cho@navercorp.com>
2769
2770         [Win] Fix the Windows builds.
2771         https://bugs.webkit.org/show_bug.cgi?id=150300
2772
2773         Reviewed by Darin Adler.
2774
2775         Add missing files to JavaScriptCore.vcxproj.
2776
2777         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2778         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2779
2780 2015-10-17  Filip Pizlo  <fpizlo@apple.com>
2781
2782         Fix some generational heap growth pathologies
2783         https://bugs.webkit.org/show_bug.cgi?id=150270
2784
2785         Reviewed by Andreas Kling.
2786
2787         When doing generational copying, we would pretend that the size of old space was increased
2788         just by the amount of bytes we copied. In reality, it would be increased by the number of
2789         bytes used by the copied blocks we created. This is a larger number, and in some simple
2790         pathological programs, the difference can be huge.
2791
2792         Fixing this bug was relatively easy, and the only really meaningful change here is in
2793         Heap::updateAllocationLimits(). But to convince myself that the change was valid, I had to
2794         add some debugging code and I had to refactor some stuff so that it made more sense.
2795
2796         This change does obviate the need for m_totalBytesCopied, because we no longer use it in
2797         release builds to decide how much heap we are using at the end of collection. But I added a
2798         FIXME about how we could restore our use of m_totalBytesCopied. So, I kept the logic, for
2799         now. The FIXME references https://bugs.webkit.org/show_bug.cgi?id=150268.
2800
2801         Relanding with build fix.
2802
2803         * CMakeLists.txt:
2804         * JavaScriptCore.xcodeproj/project.pbxproj:
2805         * heap/CopiedBlock.cpp: Added.
2806         (JSC::CopiedBlock::createNoZeroFill):
2807         (JSC::CopiedBlock::destroy):
2808         (JSC::CopiedBlock::create):
2809         (JSC::CopiedBlock::zeroFillWilderness):
2810         (JSC::CopiedBlock::CopiedBlock):
2811         * heap/CopiedBlock.h:
2812         (JSC::CopiedBlock::didSurviveGC):
2813         (JSC::CopiedBlock::createNoZeroFill): Deleted.
2814         (JSC::CopiedBlock::destroy): Deleted.
2815         (JSC::CopiedBlock::create): Deleted.
2816         (JSC::CopiedBlock::zeroFillWilderness): Deleted.
2817         (JSC::CopiedBlock::CopiedBlock): Deleted.
2818         * heap/CopiedSpaceInlines.h:
2819         (JSC::CopiedSpace::startedCopying):
2820         * heap/Heap.cpp:
2821         (JSC::Heap::updateObjectCounts):
2822         (JSC::Heap::resetVisitors):
2823         (JSC::Heap::capacity):
2824         (JSC::Heap::protectedGlobalObjectCount):
2825         (JSC::Heap::collectImpl):
2826         (JSC::Heap::willStartCollection):
2827         (JSC::Heap::updateAllocationLimits):
2828         (JSC::Heap::didFinishCollection):
2829         (JSC::Heap::sizeAfterCollect): Deleted.
2830         * heap/Heap.h:
2831         * heap/HeapInlines.h:
2832         (JSC::Heap::shouldCollect):
2833         (JSC::Heap::isBusy):
2834         (JSC::Heap::collectIfNecessaryOrDefer):
2835         * heap/MarkedBlock.cpp:
2836         (JSC::MarkedBlock::create):
2837         (JSC::MarkedBlock::destroy):
2838
2839 2015-10-17  Commit Queue  <commit-queue@webkit.org>
2840
2841         Unreviewed, rolling out r191240.
2842         https://bugs.webkit.org/show_bug.cgi?id=150281
2843
2844         Broke 32-bit builds (Requested by smfr on #webkit).
2845
2846         Reverted changeset:
2847
2848         "Fix some generational heap growth pathologies"
2849         https://bugs.webkit.org/show_bug.cgi?id=150270
2850         http://trac.webkit.org/changeset/191240
2851
2852 2015-10-17  Sungmann Cho  <sungmann.cho@navercorp.com>
2853
2854         [Win] Fix the Windows build.
2855         https://bugs.webkit.org/show_bug.cgi?id=150278
2856
2857         Reviewed by Brent Fulgham.
2858
2859         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2860         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2861
2862 2015-10-17  Mark Lam  <mark.lam@apple.com>
2863
2864         Fixed typos from r191224.
2865
2866         Not reviewed.
2867
2868         * jit/JITSubGenerator.h:
2869         (JSC::JITSubGenerator::generateFastPath):
2870
2871 2015-10-17  Filip Pizlo  <fpizlo@apple.com>
2872
2873         Fix some generational heap growth pathologies
2874         https://bugs.webkit.org/show_bug.cgi?id=150270
2875
2876         Reviewed by Andreas Kling.
2877
2878         When doing generational copying, we would pretend that the size of old space was increased
2879         just by the amount of bytes we copied. In reality, it would be increased by the number of
2880         bytes used by the copied blocks we created. This is a larger number, and in some simple
2881         pathological programs, the difference can be huge.
2882
2883         Fixing this bug was relatively easy, and the only really meaningful change here is in
2884         Heap::updateAllocationLimits(). But to convince myself that the change was valid, I had to
2885         add some debugging code and I had to refactor some stuff so that it made more sense.
2886
2887         This change does obviate the need for m_totalBytesCopied, because we no longer use it in
2888         release builds to decide how much heap we are using at the end of collection. But I added a
2889         FIXME about how we could restore our use of m_totalBytesCopied. So, I kept the logic, for
2890         now. The FIXME references https://bugs.webkit.org/show_bug.cgi?id=150268.
2891
2892         * CMakeLists.txt:
2893         * JavaScriptCore.xcodeproj/project.pbxproj:
2894         * heap/CopiedBlock.cpp: Added.
2895         (JSC::CopiedBlock::createNoZeroFill):
2896         (JSC::CopiedBlock::destroy):
2897         (JSC::CopiedBlock::create):
2898         (JSC::CopiedBlock::zeroFillWilderness):
2899         (JSC::CopiedBlock::CopiedBlock):
2900         * heap/CopiedBlock.h:
2901         (JSC::CopiedBlock::didSurviveGC):
2902         (JSC::CopiedBlock::createNoZeroFill): Deleted.
2903         (JSC::CopiedBlock::destroy): Deleted.
2904         (JSC::CopiedBlock::create): Deleted.
2905         (JSC::CopiedBlock::zeroFillWilderness): Deleted.
2906         (JSC::CopiedBlock::CopiedBlock): Deleted.
2907         * heap/CopiedSpaceInlines.h:
2908         (JSC::CopiedSpace::startedCopying):
2909         * heap/Heap.cpp:
2910         (JSC::Heap::updateObjectCounts):
2911         (JSC::Heap::resetVisitors):
2912         (JSC::Heap::capacity):
2913         (JSC::Heap::protectedGlobalObjectCount):
2914         (JSC::Heap::collectImpl):
2915         (JSC::Heap::willStartCollection):
2916         (JSC::Heap::updateAllocationLimits):
2917         (JSC::Heap::didFinishCollection):
2918         (JSC::Heap::sizeAfterCollect): Deleted.
2919         * heap/Heap.h:
2920         * heap/HeapInlines.h:
2921         (JSC::Heap::shouldCollect):
2922         (JSC::Heap::isBusy):
2923         (JSC::Heap::collectIfNecessaryOrDefer):
2924         * heap/MarkedBlock.cpp:
2925         (JSC::MarkedBlock::create):
2926         (JSC::MarkedBlock::destroy):
2927
2928 2015-10-16  Yusuke Suzuki  <utatane.tea@gmail.com>
2929
2930         [ES6] Implement String.prototype.normalize
2931         https://bugs.webkit.org/show_bug.cgi?id=150094
2932
2933         Reviewed by Geoffrey Garen.
2934
2935         This patch implements String.prototype.normalize leveraging ICU.
2936         It can provide the feature applying {NFC, NFD, NFKC, NFKD} normalization to a given string.
2937
2938         * runtime/StringPrototype.cpp:
2939         (JSC::StringPrototype::finishCreation):
2940         (JSC::normalize):
2941         (JSC::stringProtoFuncNormalize):
2942         * tests/es6.yaml:
2943         * tests/stress/string-normalize.js: Added.
2944         (unicode):
2945         (shouldBe):
2946         (shouldThrow):
2947         (normalizeTest):
2948
2949 2015-10-16  Geoffrey Garen  <ggaren@apple.com>
2950
2951         Update JavaScriptCore API docs
2952         https://bugs.webkit.org/show_bug.cgi?id=150262
2953
2954         Reviewed by Mark Lam.
2955
2956         Apply some edits for clarity. These came out of a docs review.
2957
2958         * API/JSContext.h:
2959         * API/JSExport.h:
2960         * API/JSManagedValue.h:
2961         * API/JSValue.h:
2962
2963 2015-10-16  Keith Miller  <keith_miller@apple.com>
2964
2965         Unreviewed. Fix typo in TypeError messages in TypedArray.prototype.forEach/filter.
2966
2967         * builtins/TypedArray.prototype.js:
2968         (forEach):
2969         (filter):
2970
2971 2015-10-16  Mark Lam  <mark.lam@apple.com>
2972
2973         Use JITSubGenerator to support UntypedUse operands for op_sub in the DFG.
2974         https://bugs.webkit.org/show_bug.cgi?id=150038
2975
2976         Reviewed by Geoffrey Garen.
2977
2978         * bytecode/SpeculatedType.h:
2979         (JSC::isUntypedSpeculationForArithmetic): Added
2980         - Also fixed some comments.
2981         
2982         * dfg/DFGAbstractInterpreterInlines.h:
2983         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2984
2985         * dfg/DFGAbstractValue.cpp:
2986         (JSC::DFG::AbstractValue::resultType):
2987         * dfg/DFGAbstractValue.h:
2988         - Added function to compute the ResultType of an operand from its SpeculatedType.
2989
2990         * dfg/DFGFixupPhase.cpp:
2991         (JSC::DFG::FixupPhase::fixupNode):
2992         - Fix up ArithSub to speculate its operands to be numbers.  But if an OSR exit
2993           due to a BadType was seen at this node, we'll fix it up to expect UntypedUse
2994           operands.  This gives the generated code a change to run fast if it only
2995           receives numeric operands.
2996
2997         * dfg/DFGNode.h:
2998         (JSC::DFG::Node::shouldSpeculateUntypedForArithmetic):
2999
3000         * dfg/DFGOperations.cpp:
3001         * dfg/DFGOperations.h:
3002         - Add the C++ runtime function to implement op_sub when we really encounter the
3003           hard types in the operands.
3004
3005         * dfg/DFGSpeculativeJIT.cpp:
3006         (JSC::DFG::SpeculativeJIT::compileArithSub):
3007         - Added support for UntypedUse operands using the JITSubGenerator.
3008
3009         * dfg/DFGSpeculativeJIT.h:
3010         (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
3011         (JSC::DFG::SpeculativeJIT::pickCanTrample):
3012         (JSC::DFG::SpeculativeJIT::callOperation):
3013
3014         * ftl/FTLCapabilities.cpp:
3015         (JSC::FTL::canCompile):
3016         - Just refuse to FTL compile functions with UntypedUse op_sub operands for now.
3017
3018         * jit/AssemblyHelpers.h:
3019         (JSC::AssemblyHelpers::boxDouble):
3020         (JSC::AssemblyHelpers::unboxDoubleNonDestructive):
3021         (JSC::AssemblyHelpers::unboxDouble):
3022         (JSC::AssemblyHelpers::boxBooleanPayload):
3023         * jit/JITArithmetic.cpp:
3024         (JSC::JIT::emit_op_sub):
3025
3026         * jit/JITSubGenerator.h:
3027         (JSC::JITSubGenerator::generateFastPath):
3028         (JSC::JITSubGenerator::endJumpList):
3029         - Added some asserts to document the contract that this generator expects in
3030           terms of its incoming registers.
3031
3032           Also fixed the generated code to not be destructive with regards to incoming
3033           registers.  The DFG expects this.
3034
3035           Also added an endJumpList so that we don't have to jump twice for the fast
3036           path where both operands are ints.
3037
3038         * parser/ResultType.h:
3039         (JSC::ResultType::ResultType):
3040         - Make the internal Type bits and the constructor private.  Clients should only
3041           create ResultType values using one of the provided factory methods.
3042
3043         * tests/stress/op_sub.js: Added.
3044         (o1.valueOf):
3045         (stringify):
3046         (generateScenarios):
3047         (printScenarios):
3048         (testCases.func):
3049         (func):
3050         (initializeTestCases):
3051         (runTest):
3052         - test op_sub results by comparing one LLINT result against the output of
3053           multiple LLINT, and JIT runs.  This test assume that we'll at least get the
3054           right result some of the time (if not all the time), and confirms that the
3055           various engines produce consistent results for all the various value pairs
3056           being tested.
3057
3058 2015-10-15  Filip Pizlo  <fpizlo@apple.com>
3059
3060         CopyBarrier must be avoided for slow TypedArrays
3061         https://bugs.webkit.org/show_bug.cgi?id=150217
3062         rdar://problem/23128791
3063
3064         Reviewed by Michael Saboff.
3065
3066         Change how we access array buffer views so that we don't fire the barrier slow path, and
3067         don't mask off the spaceBits, if the view is not FastTypedArray. That's because in that case
3068         m_vector could be misaligned and so have meaningful non-space data in the spaceBits. Also in
3069         that case, m_vector does not point into copied space.
3070
3071         * dfg/DFGSpeculativeJIT.cpp:
3072         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
3073         (JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset):
3074         * ftl/FTLLowerDFGToLLVM.cpp:
3075         (JSC::FTL::DFG::LowerDFGToLLVM::loadVectorWithBarrier):
3076         (JSC::FTL::DFG::LowerDFGToLLVM::copyBarrier):
3077         (JSC::FTL::DFG::LowerDFGToLLVM::isInToSpace):
3078         (JSC::FTL::DFG::LowerDFGToLLVM::loadButterflyReadOnly):
3079         (JSC::FTL::DFG::LowerDFGToLLVM::loadVectorReadOnly):
3080         (JSC::FTL::DFG::LowerDFGToLLVM::removeSpaceBits):
3081         (JSC::FTL::DFG::LowerDFGToLLVM::isFastTypedArray):
3082         (JSC::FTL::DFG::LowerDFGToLLVM::baseIndex):
3083         * heap/CopyBarrier.h:
3084         (JSC::CopyBarrierBase::getWithoutBarrier):
3085         (JSC::CopyBarrierBase::getPredicated):
3086         (JSC::CopyBarrierBase::get):
3087         (JSC::CopyBarrierBase::copyState):
3088         (JSC::CopyBarrier::get):
3089         (JSC::CopyBarrier::getPredicated):
3090         (JSC::CopyBarrier::set):
3091         * heap/Heap.cpp:
3092         (JSC::Heap::copyBarrier):
3093         * jit/AssemblyHelpers.cpp:
3094         (JSC::AssemblyHelpers::branchIfNotType):
3095         (JSC::AssemblyHelpers::branchIfFastTypedArray):
3096         (JSC::AssemblyHelpers::branchIfNotFastTypedArray):
3097         (JSC::AssemblyHelpers::loadTypedArrayVector):
3098         (JSC::AssemblyHelpers::purifyNaN):
3099         * jit/AssemblyHelpers.h:
3100         (JSC::AssemblyHelpers::branchStructure):
3101         (JSC::AssemblyHelpers::branchIfToSpace):
3102         (JSC::AssemblyHelpers::branchIfNotToSpace):
3103         (JSC::AssemblyHelpers::removeSpaceBits):
3104         (JSC::AssemblyHelpers::addressForByteOffset):
3105         * jit/JITPropertyAccess.cpp:
3106         (JSC::JIT::emitIntTypedArrayGetByVal):
3107         (JSC::JIT::emitFloatTypedArrayGetByVal):
3108         (JSC::JIT::emitIntTypedArrayPutByVal):
3109         (JSC::JIT::emitFloatTypedArrayPutByVal):
3110         * runtime/JSArrayBufferView.h:
3111         (JSC::JSArrayBufferView::vector):
3112         (JSC::JSArrayBufferView::length):
3113         * runtime/JSArrayBufferViewInlines.h:
3114         (JSC::JSArrayBufferView::byteOffset):
3115         * runtime/JSGenericTypedArrayView.h:
3116         (JSC::JSGenericTypedArrayView::typedVector):
3117         * runtime/JSGenericTypedArrayViewInlines.h:
3118         (JSC::JSGenericTypedArrayView<Adaptor>::copyBackingStore):
3119         (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
3120         * tests/stress/misaligned-int8-view-byte-offset.js: Added.
3121         * tests/stress/misaligned-int8-view-read.js: Added.
3122         * tests/stress/misaligned-int8-view-write.js: Added.
3123
3124 2015-10-16  Keith Miller  <keith_miller@apple.com>
3125
3126         Unreviewed. Build fix for 191215.
3127
3128         * jit/IntrinsicEmitter.cpp:
3129
3130 2015-10-16  Keith Miller  <keith@Keiths-MacBook-Pro-5.local>
3131
3132         Add Intrinsic Getters and use them to fix performance on the getters of TypedArray properties.
3133         https://bugs.webkit.org/show_bug.cgi?id=149687
3134
3135         Reviewed by Geoffrey Garen.
3136
3137         Add the ability to create intrinsic getters in both the inline cache and the DFG/FTL. When the
3138         getter fetched by a GetById has an intrinsic we know about we add a new intrinsic access case.
3139         Once we get to the DFG, we observe that the access case was an intrinsic and add an appropriate
3140         GetByIdVariant. We then parse the intrinsic into an appropriate DFG node.
3141
3142         The first intrinsics are the new TypedArray prototype getters length, byteLength, and byteOffset.
3143
3144         * CMakeLists.txt:
3145         * JavaScriptCore.xcodeproj/project.pbxproj:
3146         * bytecode/GetByIdStatus.cpp:
3147         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
3148         (JSC::GetByIdStatus::computeFor):
3149         * bytecode/GetByIdVariant.cpp:
3150         (JSC::GetByIdVariant::GetByIdVariant):
3151         (JSC::GetByIdVariant::operator=):
3152         (JSC::GetByIdVariant::canMergeIntrinsicStructures):
3153         (JSC::GetByIdVariant::attemptToMerge):
3154         (JSC::GetByIdVariant::dumpInContext):
3155         * bytecode/GetByIdVariant.h:
3156         (JSC::GetByIdVariant::intrinsicFunction):
3157         (JSC::GetByIdVariant::intrinsic):
3158         (JSC::GetByIdVariant::callLinkStatus): Deleted.
3159         * bytecode/PolymorphicAccess.cpp:
3160         (JSC::AccessGenerationState::addWatchpoint):
3161         (JSC::AccessGenerationState::restoreScratch):
3162         (JSC::AccessGenerationState::succeed):
3163         (JSC::AccessGenerationState::calculateLiveRegistersForCallAndExceptionHandling):
3164         (JSC::AccessGenerationState::preserveLiveRegistersToStackForCall):
3165         (JSC::AccessGenerationState::restoreLiveRegistersFromStackForCall):
3166         (JSC::AccessGenerationState::restoreLiveRegistersFromStackForCallWithThrownException):
3167         (JSC::AccessGenerationState::callSiteIndexForExceptionHandlingOrOriginal):
3168         (JSC::AccessGenerationState::originalExceptionHandler):
3169         (JSC::AccessGenerationState::originalCallSiteIndex):
3170         (JSC::AccessCase::getIntrinsic):
3171         (JSC::AccessCase::clone):
3172         (JSC::AccessCase::visitWeak):
3173         (JSC::AccessCase::generate):
3174         (WTF::printInternal):
3175         (JSC::AccessCase::AccessCase): Deleted.
3176         (JSC::AccessCase::get): Deleted.
3177         (JSC::AccessCase::replace): Deleted.
3178         (JSC::AccessCase::transition): Deleted.
3179         * bytecode/PolymorphicAccess.h:
3180         (JSC::AccessCase::isGet):
3181         (JSC::AccessCase::isPut):
3182         (JSC::AccessCase::isIn):
3183         (JSC::AccessCase::intrinsicFunction):
3184         (JSC::AccessCase::intrinsic):
3185         (JSC::AccessGenerationState::AccessGenerationState):
3186         (JSC::AccessGenerationState::liveRegistersForCall):
3187         (JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
3188         (JSC::AccessGenerationState::numberOfStackBytesUsedForRegisterPreservation):
3189         (JSC::AccessGenerationState::needsToRestoreRegistersIfException):
3190         (JSC::AccessGenerationState::liveRegistersToPreserveAtExceptionHandlingCallSite):
3191         * bytecode/PutByIdVariant.h:
3192         (JSC::PutByIdVariant::intrinsic):
3193         * dfg/DFGAbstractInterpreterInlines.h:
3194         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3195         * dfg/DFGArrayMode.cpp:
3196         (JSC::DFG::ArrayMode::alreadyChecked):
3197         (JSC::DFG::arrayTypeToString):
3198         (JSC::DFG::toTypedArrayType):
3199         (JSC::DFG::refineTypedArrayType):
3200         (JSC::DFG::permitsBoundsCheckLowering):
3201         * dfg/DFGArrayMode.h:
3202         (JSC::DFG::ArrayMode::supportsLength):
3203         (JSC::DFG::ArrayMode::isSomeTypedArrayView):
3204         * dfg/DFGByteCodeParser.cpp:
3205         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
3206         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3207         (JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
3208         (JSC::DFG::ByteCodeParser::load):
3209         (JSC::DFG::ByteCodeParser::handleGetById):
3210         (JSC::DFG::ByteCodeParser::presenceLike): Deleted.
3211         (JSC::DFG::ByteCodeParser::store): Deleted.
3212         * dfg/DFGClobberize.h:
3213         (JSC::DFG::clobberize):
3214         * dfg/DFGFixupPhase.cpp:
3215         (JSC::DFG::FixupPhase::fixupNode):
3216         (JSC::DFG::FixupPhase::convertToGetArrayLength): Deleted.
3217         (JSC::DFG::FixupPhase::prependGetArrayLength): Deleted.
3218         (JSC::DFG::FixupPhase::fixupChecksInBlock): Deleted.
3219         * dfg/DFGGraph.cpp:
3220         (JSC::DFG::Graph::tryGetFoldableView):
3221         * dfg/DFGPredictionPropagationPhase.cpp:
3222         (JSC::DFG::PredictionPropagationPhase::propagate):
3223         * dfg/DFGSpeculativeJIT.cpp:
3224         (JSC::DFG::SpeculativeJIT::checkArray):
3225         (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
3226         * ftl/FTLCapabilities.cpp:
3227         (JSC::FTL::canCompile):
3228         * ftl/FTLLowerDFGToLLVM.cpp:
3229         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetArrayLength):
3230         * jit/IntrinsicEmitter.cpp: Added.
3231         (JSC::AccessCase::canEmitIntrinsicGetter):
3232         (JSC::AccessCase::emitIntrinsicGetter):
3233         * jit/Repatch.cpp:
3234         (JSC::tryCacheGetByID):
3235         * runtime/Intrinsic.h:
3236         * runtime/JSArrayBufferView.cpp:
3237         (JSC::JSArrayBufferView::put):
3238         (JSC::JSArrayBufferView::defineOwnProperty):
3239         (JSC::JSArrayBufferView::deleteProperty):
3240         (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):
3241         (JSC::JSArrayBufferView::getOwnPropertySlot): Deleted.
3242         (JSC::JSArrayBufferView::finalize): Deleted.
3243         * runtime/JSDataView.cpp:
3244         (JSC::JSDataView::getOwnPropertySlot):
3245         (JSC::JSDataView::put):
3246         (JSC::JSDataView::defineOwnProperty):
3247         (JSC::JSDataView::deleteProperty):
3248         (JSC::JSDataView::getOwnNonIndexPropertyNames):
3249         * runtime/JSDataView.h:
3250         * runtime/JSFunction.h:
3251         * runtime/JSFunctionInlines.h:
3252         (JSC::JSFunction::intrinsic):
3253         * runtime/JSGenericTypedArrayView.h:
3254         * runtime/JSGenericTypedArrayViewInlines.h:
3255         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
3256         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
3257         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
3258         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex): Deleted.
3259         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren): Deleted.
3260         * runtime/JSObject.cpp:
3261         (JSC::JSObject::putDirectNativeIntrinsicGetter):
3262         * runtime/JSObject.h:
3263         * runtime/JSTypedArrayViewPrototype.cpp:
3264         (JSC::JSTypedArrayViewPrototype::finishCreation):
3265         * tests/stress/typedarray-add-property-to-base-object.js: Added.
3266         (body.foo):
3267         (body):
3268         * tests/stress/typedarray-bad-getter.js: Added.
3269         (body.foo):
3270         (body.get Bar):
3271         (body):
3272         * tests/stress/typedarray-getter-on-self.js: Added.
3273         (body.foo):
3274         (body.bar):
3275         (body.baz):
3276         (body.get for):
3277         (body):
3278         * tests/stress/typedarray-intrinsic-getters-change-prototype.js: Added.
3279         (body.foo):
3280         (body.bar):
3281         (body.baz):
3282         (body):
3283
3284 2015-10-16  Keith Miller  <keith_miller@apple.com>
3285
3286         Fix some issues with TypedArrays
3287         https://bugs.webkit.org/show_bug.cgi?id=150216
3288
3289         Reviewed by Geoffrey Garen.
3290
3291         This fixes a couple of issues:
3292         1) The DFG had a separate case for creating new typedarrays in the dfg when the first argument is an object.
3293            Since the code for creating a Typedarray in the dfg is almost the same as the code in Baseline/LLInt
3294            the two cases have been merged.
3295         2) If the length property on an object was unset then the construction could crash.
3296         3) The TypedArray.prototype.set function and the TypedArray constructor should not call [[Get]] for the
3297            length of the source object when the source object is a TypedArray.
3298         4) The conditions that were used to decide if the iterator could be skipped were incorrect.
3299            Instead of checking for have a bad time we should have checked the Indexing type did not allow for
3300            indexed accessors.
3301
3302         * dfg/DFGOperations.cpp:
3303         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
3304         (JSC::constructGenericTypedArrayViewWithArguments):
3305         (JSC::constructGenericTypedArrayView):
3306         (JSC::constructGenericTypedArrayViewWithFirstArgument): Deleted.
3307
3308 2015-10-16  Anders Carlsson  <andersca@apple.com>
3309
3310         Fix Windows build.
3311
3312         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3313         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3314
3315 2015-10-16  Michael Saboff  <msaboff@apple.com>
3316
3317         REGRESSION (r191175): Still crashing when clicking back button on netflix.com
3318         https://bugs.webkit.org/show_bug.cgi?id=150251
3319
3320         Rubber stamped by Filip Pizlo.
3321
3322         Turning off Tail Calls and disabling tests until the crash is fixed.
3323
3324         * runtime/Options.h:
3325         * tests/es6.yaml:
3326         * tests/stress/dfg-tail-calls.js:
3327         (nonInlinedTailCall.callee):
3328         * tests/stress/mutual-tail-call-no-stack-overflow.js:
3329         (shouldThrow):
3330         * tests/stress/tail-call-in-inline-cache.js:
3331         (tail):
3332         * tests/stress/tail-call-no-stack-overflow.js:
3333         (shouldThrow):
3334         * tests/stress/tail-call-recognize.js:
3335         (callerMustBeRun):
3336         * tests/stress/tail-call-varargs-no-stack-overflow.js:
3337         (shouldThrow):
3338
3339 2015-10-16  Mark Lam  <mark.lam@apple.com>
3340
3341         Add MacroAssembler::callProbe() for supporting lambda JIT probes.
3342         https://bugs.webkit.org/show_bug.cgi?id=150186
3343
3344         Reviewed by Geoffrey Garen.
3345
3346         With callProbe(), we can now make probes that are lambdas.  For example, we can
3347         now conveniently add probes like so: 
3348
3349             // When you know exactly which register you want to inspect:
3350             jit.callProbe([] (MacroAssembler::ProbeContext* context) {
3351                 intptr_t value = reinterpret_cast<intptr_t>(context->cpu.eax);
3352                 dataLogF("eax %p\n", context->cpu.eax); // Inspect the register.
3353                 ASSERT(value > 10); // Add test code for debugging.
3354             });
3355
3356             // When you want to inspect whichever register the JIT allocated:
3357             auto reg = op1.gpr();
3358             jit.callProbe([reg] (MacroAssembler::ProbeContext* context) {
3359                 intptr_t value = reinterpret_cast<intptr_t>(context->gpr(reg));
3360                 dataLogF("reg %s: %ld\n", context->gprName(reg), value);
3361                 ASSERT(value > 10);
3362             });
3363
3364         callProbe() is only meant to be used for debugging sessions.  It is not
3365         appropriate to use it in permanent code (even for debug builds).
3366         This is because:
3367         1. The probe mechanism saves and restores all (and I really mean "all")
3368            registers, and is inherently slow.
3369         2. callProbe() currently works by allocating (via new) a std::function to
3370            guarantee that it is persisted for the duration that the JIT generated code is
3371            live.  We don't currently delete it ever i.e. it leaks a bit of memory each
3372            time the JIT generates code that contains such a lambda probe.
3373
3374         These limitations are acceptable for a debugging session (assuming you're not
3375         debugging a memory leak), but not for deployment code.  If there's a need, we can
3376         plug that leak in another patch.
3377