7ded4f0587d85d95202a42459a35e20909eab01b
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-13  SKumarMetro  <s.kumar@metrological.com>
2
3         JSC: fix compilation errors for MIPS
4         https://bugs.webkit.org/show_bug.cgi?id=168402
5
6         Reviewed by Mark Lam.
7
8         * assembler/MIPSAssembler.h:
9         (JSC::MIPSAssembler::fillNops):
10         Added.
11         * assembler/MacroAssemblerMIPS.h:
12         Added MacroAssemblerMIPS::numGPRs and MacroAssemblerMIPS::numFPRs .
13         * bytecode/InlineAccess.h:
14         (JSC::InlineAccess::sizeForPropertyAccess):
15         (JSC::InlineAccess::sizeForPropertyReplace):
16         (JSC::InlineAccess::sizeForLengthAccess):
17         Added MIPS cases.
18
19 2017-03-13  Filip Pizlo  <fpizlo@apple.com>
20
21         FTL should not flush strict arguments unless it really needs to
22         https://bugs.webkit.org/show_bug.cgi?id=169519
23
24         Reviewed by Mark Lam.
25         
26         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
27         in DFG SSA IR. It can sometimes unlock other optimizations.
28         
29         Relanding after I fixed the special cases for CreateArguments-style nodes. 
30
31         * dfg/DFGPreciseLocalClobberize.h:
32         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
33
34 2017-03-13  Devin Rousso  <webkit@devinrousso.com>
35
36         Web Inspector: Event Listeners section is missing 'once', 'passive' event listener flags
37         https://bugs.webkit.org/show_bug.cgi?id=167080
38
39         Reviewed by Joseph Pecoraro.
40
41         * inspector/protocol/DOM.json:
42         Add "passive" and "once" items to the EventListener type.
43
44 2017-03-13  Mark Lam  <mark.lam@apple.com>
45
46         Remove obsolete experimental ObjC SPI.
47         https://bugs.webkit.org/show_bug.cgi?id=169569
48
49         Reviewed by Saam Barati.
50
51         * API/JSVirtualMachine.mm:
52         (-[JSVirtualMachine enableSigillCrashAnalyzer]): Deleted.
53         * API/JSVirtualMachinePrivate.h: Removed.
54         * JavaScriptCore.xcodeproj/project.pbxproj:
55
56 2017-03-13  Commit Queue  <commit-queue@webkit.org>
57
58         Unreviewed, rolling out r213856.
59         https://bugs.webkit.org/show_bug.cgi?id=169562
60
61         Breaks JSC stress test stress/super-property-access.js.ftl-
62         eager failing (Requested by mlam|g on #webkit).
63
64         Reverted changeset:
65
66         "FTL should not flush strict arguments unless it really needs
67         to"
68         https://bugs.webkit.org/show_bug.cgi?id=169519
69         http://trac.webkit.org/changeset/213856
70
71 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
72
73         [JSC][Linux] Allow profilers to demangle C++ names
74         https://bugs.webkit.org/show_bug.cgi?id=169559
75
76         Reviewed by Michael Catanzaro.
77
78         Linux also offers dladdr & demangling feature.
79         Thus, we can use it to show the names in profilers.
80         For example, SamplingProfiler tells us the C function names.
81
82         * runtime/SamplingProfiler.cpp:
83         (JSC::SamplingProfiler::StackFrame::displayName):
84         * tools/CodeProfile.cpp:
85         (JSC::symbolName):
86
87 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
88
89         [WTF] Clean up RunLoop and WorkQueue with Seconds and Function
90         https://bugs.webkit.org/show_bug.cgi?id=169537
91
92         Reviewed by Sam Weinig.
93
94         * runtime/Watchdog.cpp:
95         (JSC::Watchdog::startTimer):
96
97 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
98
99         FTL should not flush strict arguments unless it really needs to
100         https://bugs.webkit.org/show_bug.cgi?id=169519
101
102         Reviewed by Mark Lam.
103         
104         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
105         in DFG SSA IR. It can sometimes unlock other optimizations.
106
107         * dfg/DFGPreciseLocalClobberize.h:
108         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
109
110 2017-03-13  Caio Lima  <ticaiolima@gmail.com>
111
112         [JSC] It should be possible create a label named let when parsing Statement in non strict mode
113         https://bugs.webkit.org/show_bug.cgi?id=168684
114
115         Reviewed by Saam Barati.
116
117         This patch is fixing a Parser bug to allow define a label named
118         ```let``` in sloppy mode when parsing a Statement.
119
120         * parser/Parser.cpp:
121         (JSC::Parser<LexerType>::parseStatement):
122
123 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
124
125         Structure::willStoreValueSlow needs to keep the property table alive until the end
126         https://bugs.webkit.org/show_bug.cgi?id=169520
127
128         Reviewed by Michael Saboff.
129
130         We use pointers logically interior to `propertyTable` after doing a GC. We need to prevent the
131         compiler from optimizing away pointers to `propertyTable`.
132         
133         * heap/HeapCell.cpp:
134         (JSC::HeapCell::use):
135         * heap/HeapCell.h:
136         (JSC::HeapCell::use): Introduce API for keeping a pointer alive until some point in execution.
137         * runtime/Structure.cpp:
138         (JSC::Structure::willStoreValueSlow): Use HeapCell::use() to keep the pointer alive.
139
140 2017-03-11  Yusuke Suzuki  <utatane.tea@gmail.com>
141
142         Unreviewed, suprress warnings in JSC B3
143
144         * b3/B3Opcode.cpp:
145
146 2017-03-11  Michael Saboff  <msaboff@apple.com>
147
148         Allow regular expressions to be used when selecting a process name in JSC config file
149         https://bugs.webkit.org/show_bug.cgi?id=169495
150
151         Reviewed by Saam Barati.
152
153         Only added regular expression selectors for unix like platforms.
154
155         * runtime/ConfigFile.cpp:
156         (JSC::ConfigFileScanner::tryConsumeRegExPattern):
157         (JSC::ConfigFile::parse):
158
159 2017-03-11  Jon Lee  <jonlee@apple.com>
160
161         WebGPU prototype - Front-End
162         https://bugs.webkit.org/show_bug.cgi?id=167952
163
164         Reviewed by Dean Jackson.
165
166         * runtime/CommonIdentifiers.h: Add WebGPU objects.
167
168 2017-03-10  Filip Pizlo  <fpizlo@apple.com>
169
170         The JITs should be able to emit fast TLS loads
171         https://bugs.webkit.org/show_bug.cgi?id=169483
172
173         Reviewed by Keith Miller.
174         
175         Added loadFromTLS32/64/Ptr to the MacroAssembler and added a B3 test for this.
176
177         * assembler/ARM64Assembler.h:
178         (JSC::ARM64Assembler::mrs_TPIDRRO_EL0):
179         * assembler/MacroAssembler.h:
180         (JSC::MacroAssembler::loadFromTLSPtr):
181         * assembler/MacroAssemblerARM64.h:
182         (JSC::MacroAssemblerARM64::loadFromTLS32):
183         (JSC::MacroAssemblerARM64::loadFromTLS64):
184         * assembler/MacroAssemblerX86Common.h:
185         (JSC::MacroAssemblerX86Common::loadFromTLS32):
186         * assembler/MacroAssemblerX86_64.h:
187         (JSC::MacroAssemblerX86_64::loadFromTLS64):
188         * assembler/X86Assembler.h:
189         (JSC::X86Assembler::adcl_im):
190         (JSC::X86Assembler::addl_mr):
191         (JSC::X86Assembler::addl_im):
192         (JSC::X86Assembler::andl_im):
193         (JSC::X86Assembler::orl_im):
194         (JSC::X86Assembler::orl_rm):
195         (JSC::X86Assembler::subl_im):
196         (JSC::X86Assembler::cmpb_im):
197         (JSC::X86Assembler::cmpl_rm):
198         (JSC::X86Assembler::cmpl_im):
199         (JSC::X86Assembler::testb_im):
200         (JSC::X86Assembler::movb_i8m):
201         (JSC::X86Assembler::movb_rm):
202         (JSC::X86Assembler::movl_mr):
203         (JSC::X86Assembler::movq_mr):
204         (JSC::X86Assembler::movsxd_rr):
205         (JSC::X86Assembler::gs):
206         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
207         * b3/testb3.cpp:
208         (JSC::B3::testFastTLS):
209         (JSC::B3::run):
210
211 2017-03-10  Alex Christensen  <achristensen@webkit.org>
212
213         Fix watch and tv builds after r213294
214         https://bugs.webkit.org/show_bug.cgi?id=169508
215
216         Reviewed by Dan Bernstein.
217
218         * Configurations/FeatureDefines.xcconfig:
219
220 2017-03-10  Saam Barati  <sbarati@apple.com>
221
222         WebAssembly: Make more demos run
223         https://bugs.webkit.org/show_bug.cgi?id=165510
224         <rdar://problem/29760310>
225
226         Reviewed by Keith Miller.
227
228         This patch makes another Wasm demo run:
229         https://kripken.github.io/BananaBread/cube2/bb.html
230         
231         This patch fixes two bugs:
232         1. When WebAssemblyFunctionType was added, we did not properly
233         update the last JS type value.
234         2. Our code for our JS -> Wasm entrypoint was wrong. It lead to bad
235         code generation where we would emit B3 that would write over r12
236         and rbx (on x86) which is invalid since those are our pinned registers.
237         This patch just rewrites the entrypoint to use hand written assembler
238         code. I was planning on doing this anyways because it's a compile
239         time speed boost.
240         
241         Also, this patch adds support for some new API features:
242         We can now export an import, either via a direct export, or via a Table and the
243         Element section. I've added a new class called WebAssemblyWrapperFunction that
244         just wraps over a JSObject that is a function. Wrapper functions have types
245         associated with them, so if they're re-imported, or called via call_indirect,
246         they can be type checked.
247
248         * CMakeLists.txt:
249         * JavaScriptCore.xcodeproj/project.pbxproj:
250         * runtime/JSGlobalObject.cpp:
251         (JSC::JSGlobalObject::init):
252         (JSC::JSGlobalObject::visitChildren):
253         * runtime/JSGlobalObject.h:
254         (JSC::JSGlobalObject::webAssemblyWrapperFunctionStructure):
255         * runtime/JSType.h:
256         * wasm/JSWebAssemblyCodeBlock.h:
257         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
258         * wasm/WasmB3IRGenerator.cpp:
259         (JSC::Wasm::createJSToWasmWrapper):
260         * wasm/WasmCallingConvention.h:
261         (JSC::Wasm::CallingConvention::headerSizeInBytes):
262         * wasm/js/JSWebAssemblyHelpers.h:
263         (JSC::isWebAssemblyHostFunction):
264         * wasm/js/JSWebAssemblyInstance.cpp:
265         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
266         * wasm/js/JSWebAssemblyInstance.h:
267         (JSC::JSWebAssemblyInstance::importFunction):
268         (JSC::JSWebAssemblyInstance::importFunctions):
269         (JSC::JSWebAssemblyInstance::setImportFunction):
270         * wasm/js/JSWebAssemblyTable.cpp:
271         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
272         (JSC::JSWebAssemblyTable::grow):
273         (JSC::JSWebAssemblyTable::clearFunction):
274         (JSC::JSWebAssemblyTable::setFunction):
275         * wasm/js/JSWebAssemblyTable.h:
276         (JSC::JSWebAssemblyTable::getFunction):
277         * wasm/js/WebAssemblyFunction.cpp:
278         (JSC::callWebAssemblyFunction):
279         * wasm/js/WebAssemblyInstanceConstructor.cpp:
280         (JSC::WebAssemblyInstanceConstructor::createInstance):
281         * wasm/js/WebAssemblyModuleRecord.cpp:
282         (JSC::WebAssemblyModuleRecord::link):
283         (JSC::WebAssemblyModuleRecord::evaluate):
284         * wasm/js/WebAssemblyModuleRecord.h:
285         * wasm/js/WebAssemblyTablePrototype.cpp:
286         (JSC::webAssemblyTableProtoFuncGet):
287         (JSC::webAssemblyTableProtoFuncSet):
288         * wasm/js/WebAssemblyWrapperFunction.cpp: Added.
289         (JSC::callWebAssemblyWrapperFunction):
290         (JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
291         (JSC::WebAssemblyWrapperFunction::create):
292         (JSC::WebAssemblyWrapperFunction::finishCreation):
293         (JSC::WebAssemblyWrapperFunction::createStructure):
294         (JSC::WebAssemblyWrapperFunction::visitChildren):
295         * wasm/js/WebAssemblyWrapperFunction.h: Added.
296         (JSC::WebAssemblyWrapperFunction::signatureIndex):
297         (JSC::WebAssemblyWrapperFunction::wasmEntrypoint):
298         (JSC::WebAssemblyWrapperFunction::function):
299
300 2017-03-10  Mark Lam  <mark.lam@apple.com>
301
302         JSC: BindingNode::bindValue doesn't increase the scope's reference count.
303         https://bugs.webkit.org/show_bug.cgi?id=168546
304         <rdar://problem/30589551>
305
306         Reviewed by Saam Barati.
307
308         We should protect the scope RegisterID with a RefPtr while it is still needed.
309
310         * bytecompiler/NodesCodegen.cpp:
311         (JSC::ForInNode::emitLoopHeader):
312         (JSC::ForOfNode::emitBytecode):
313         (JSC::BindingNode::bindValue):
314
315 2017-03-10  Alex Christensen  <achristensen@webkit.org>
316
317         Fix CMake build.
318
319         * CMakeLists.txt:
320         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
321
322 2017-03-10  Mark Lam  <mark.lam@apple.com>
323
324         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
325         https://bugs.webkit.org/show_bug.cgi?id=169454
326
327         Reviewed by Michael Saboff.
328
329         The underlying implementation is hoisted right out of Assertions.cpp from the
330         implementations of WTFPrintBacktrace().
331
332         The reason we need this StackTrace object is because during heap debugging, we
333         sometimes want to capture the stack trace that allocated the objects of interest.
334         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
335         perturb the execution profile sufficiently that an issue may not reproduce,
336         while alternatively, just capturing the stack trace and deferring printing it
337         till we actually need it later perturbs the execution profile less.
338
339         In addition, just capturing the stack traces (instead of printing them
340         immediately at each capture site) allows us to avoid polluting stdout with tons
341         of stack traces that may be irrelevant.
342
343         For now, we only capture the native stack trace.  We'll leave capturing and
344         integrating the JS stack trace as an exercise for the future if we need it then.
345
346         Here's an example of how to use this StackTrace utility:
347
348             // Capture a stack trace of the top 10 frames.
349             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
350             // Print the trace.
351             dataLog(*trace);
352
353         * CMakeLists.txt:
354         * JavaScriptCore.xcodeproj/project.pbxproj:
355         * tools/StackTrace.cpp: Added.
356         (JSC::StackTrace::instanceSize):
357         (JSC::StackTrace::captureStackTrace):
358         (JSC::StackTrace::dump):
359         * tools/StackTrace.h: Added.
360         (JSC::StackTrace::size):
361         (JSC::StackTrace::StackTrace):
362
363 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
364
365         B3 should have comprehensive support for atomic operations
366         https://bugs.webkit.org/show_bug.cgi?id=162349
367
368         Reviewed by Keith Miller.
369         
370         This adds the following capabilities to B3:
371         
372         - Atomic weak/strong unfenced/fenced compare-and-swap
373         - Atomic add/sub/or/and/xor/xchg
374         - Acquire/release fencing on loads/stores
375         - Fenceless load-load dependencies
376         
377         This adds lowering to the following instructions on x86:
378         
379         - lock cmpxchg
380         - lock xadd
381         - lock add/sub/or/and/xor/xchg
382         
383         This adds lowering to the following instructions on ARM64:
384         
385         - ldar and friends
386         - stlr and friends
387         - ldxr and friends (unfenced LL)
388         - stxr and friends (unfended SC)
389         - ldaxr and friends (fenced LL)
390         - stlxr and friends (fenced SC)
391         - eor as a fenceless load-load dependency
392         
393         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
394         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
395         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
396         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
397         generate the best possible branch sequence on x86 and ARM64.
398         
399         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
400         respect to each other and with respect to rel stores, creating sequential consistency that
401         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
402         fence effects may only target some abstract heaps but not others, so that load elimination and
403         store sinking can still operate across fences if you just tell B3 that the fence does not alias
404         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
405         Even better, it lets you express fine-grained dependencies where the atomics that affect one
406         property in shared memory do not clobber non-atomics that ffect some other property in shared
407         memory.
408         
409         One of my favorite features is Depend, which allows you to express load-load dependencies. On
410         x86 it lowers to nothing, while on ARM64 it lowers to eor.
411         
412         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
413         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
414         
415         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
416         implementations of the Atomics object, for now.
417         
418         * CMakeLists.txt:
419         * JavaScriptCore.xcodeproj/project.pbxproj:
420         * assembler/ARM64Assembler.h:
421         (JSC::ARM64Assembler::ldar):
422         (JSC::ARM64Assembler::ldxr):
423         (JSC::ARM64Assembler::ldaxr):
424         (JSC::ARM64Assembler::stxr):
425         (JSC::ARM64Assembler::stlr):
426         (JSC::ARM64Assembler::stlxr):
427         (JSC::ARM64Assembler::excepnGenerationImmMask):
428         (JSC::ARM64Assembler::exoticLoad):
429         (JSC::ARM64Assembler::storeRelease):
430         (JSC::ARM64Assembler::exoticStore):
431         * assembler/AbstractMacroAssembler.cpp: Added.
432         (WTF::printInternal):
433         * assembler/AbstractMacroAssembler.h:
434         (JSC::AbstractMacroAssemblerBase::invert):
435         * assembler/MacroAssembler.h:
436         * assembler/MacroAssemblerARM64.h:
437         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
438         (JSC::MacroAssemblerARM64::loadAcq8):
439         (JSC::MacroAssemblerARM64::storeRel8):
440         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
441         (JSC::MacroAssemblerARM64::loadAcq16):
442         (JSC::MacroAssemblerARM64::storeRel16):
443         (JSC::MacroAssemblerARM64::loadAcq32):
444         (JSC::MacroAssemblerARM64::loadAcq64):
445         (JSC::MacroAssemblerARM64::storeRel32):
446         (JSC::MacroAssemblerARM64::storeRel64):
447         (JSC::MacroAssemblerARM64::loadLink8):
448         (JSC::MacroAssemblerARM64::loadLinkAcq8):
449         (JSC::MacroAssemblerARM64::storeCond8):
450         (JSC::MacroAssemblerARM64::storeCondRel8):
451         (JSC::MacroAssemblerARM64::loadLink16):
452         (JSC::MacroAssemblerARM64::loadLinkAcq16):
453         (JSC::MacroAssemblerARM64::storeCond16):
454         (JSC::MacroAssemblerARM64::storeCondRel16):
455         (JSC::MacroAssemblerARM64::loadLink32):
456         (JSC::MacroAssemblerARM64::loadLinkAcq32):
457         (JSC::MacroAssemblerARM64::storeCond32):
458         (JSC::MacroAssemblerARM64::storeCondRel32):
459         (JSC::MacroAssemblerARM64::loadLink64):
460         (JSC::MacroAssemblerARM64::loadLinkAcq64):
461         (JSC::MacroAssemblerARM64::storeCond64):
462         (JSC::MacroAssemblerARM64::storeCondRel64):
463         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
464         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
465         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
466         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
467         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
468         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
469         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
470         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
471         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
472         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
473         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
474         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
475         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
476         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
477         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
478         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
479         (JSC::MacroAssemblerARM64::depend32):
480         (JSC::MacroAssemblerARM64::depend64):
481         (JSC::MacroAssemblerARM64::loadLink):
482         (JSC::MacroAssemblerARM64::loadLinkAcq):
483         (JSC::MacroAssemblerARM64::storeCond):
484         (JSC::MacroAssemblerARM64::storeCondRel):
485         (JSC::MacroAssemblerARM64::signExtend):
486         (JSC::MacroAssemblerARM64::branch):
487         (JSC::MacroAssemblerARM64::atomicStrongCAS):
488         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
489         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
490         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
491         (JSC::MacroAssemblerARM64::extractSimpleAddress):
492         (JSC::MacroAssemblerARM64::signExtend<8>):
493         (JSC::MacroAssemblerARM64::signExtend<16>):
494         (JSC::MacroAssemblerARM64::branch<64>):
495         * assembler/MacroAssemblerX86Common.h:
496         (JSC::MacroAssemblerX86Common::add32):
497         (JSC::MacroAssemblerX86Common::and32):
498         (JSC::MacroAssemblerX86Common::and16):
499         (JSC::MacroAssemblerX86Common::and8):
500         (JSC::MacroAssemblerX86Common::neg32):
501         (JSC::MacroAssemblerX86Common::neg16):
502         (JSC::MacroAssemblerX86Common::neg8):
503         (JSC::MacroAssemblerX86Common::or32):
504         (JSC::MacroAssemblerX86Common::or16):
505         (JSC::MacroAssemblerX86Common::or8):
506         (JSC::MacroAssemblerX86Common::sub16):
507         (JSC::MacroAssemblerX86Common::sub8):
508         (JSC::MacroAssemblerX86Common::sub32):
509         (JSC::MacroAssemblerX86Common::xor32):
510         (JSC::MacroAssemblerX86Common::xor16):
511         (JSC::MacroAssemblerX86Common::xor8):
512         (JSC::MacroAssemblerX86Common::not32):
513         (JSC::MacroAssemblerX86Common::not16):
514         (JSC::MacroAssemblerX86Common::not8):
515         (JSC::MacroAssemblerX86Common::store16):
516         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
517         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
518         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
519         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
520         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
521         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
522         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
523         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
524         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
525         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
526         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
527         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
528         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
529         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
530         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
531         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
532         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
533         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
534         (JSC::MacroAssemblerX86Common::atomicAdd8):
535         (JSC::MacroAssemblerX86Common::atomicAdd16):
536         (JSC::MacroAssemblerX86Common::atomicAdd32):
537         (JSC::MacroAssemblerX86Common::atomicSub8):
538         (JSC::MacroAssemblerX86Common::atomicSub16):
539         (JSC::MacroAssemblerX86Common::atomicSub32):
540         (JSC::MacroAssemblerX86Common::atomicAnd8):
541         (JSC::MacroAssemblerX86Common::atomicAnd16):
542         (JSC::MacroAssemblerX86Common::atomicAnd32):
543         (JSC::MacroAssemblerX86Common::atomicOr8):
544         (JSC::MacroAssemblerX86Common::atomicOr16):
545         (JSC::MacroAssemblerX86Common::atomicOr32):
546         (JSC::MacroAssemblerX86Common::atomicXor8):
547         (JSC::MacroAssemblerX86Common::atomicXor16):
548         (JSC::MacroAssemblerX86Common::atomicXor32):
549         (JSC::MacroAssemblerX86Common::atomicNeg8):
550         (JSC::MacroAssemblerX86Common::atomicNeg16):
551         (JSC::MacroAssemblerX86Common::atomicNeg32):
552         (JSC::MacroAssemblerX86Common::atomicNot8):
553         (JSC::MacroAssemblerX86Common::atomicNot16):
554         (JSC::MacroAssemblerX86Common::atomicNot32):
555         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
556         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
557         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
558         (JSC::MacroAssemblerX86Common::atomicXchg8):
559         (JSC::MacroAssemblerX86Common::atomicXchg16):
560         (JSC::MacroAssemblerX86Common::atomicXchg32):
561         (JSC::MacroAssemblerX86Common::loadAcq8):
562         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
563         (JSC::MacroAssemblerX86Common::loadAcq16):
564         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
565         (JSC::MacroAssemblerX86Common::loadAcq32):
566         (JSC::MacroAssemblerX86Common::storeRel8):
567         (JSC::MacroAssemblerX86Common::storeRel16):
568         (JSC::MacroAssemblerX86Common::storeRel32):
569         (JSC::MacroAssemblerX86Common::storeFence):
570         (JSC::MacroAssemblerX86Common::loadFence):
571         (JSC::MacroAssemblerX86Common::replaceWithJump):
572         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
573         (JSC::MacroAssemblerX86Common::patchableJumpSize):
574         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
575         (JSC::MacroAssemblerX86Common::supportsAVX):
576         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
577         (JSC::MacroAssemblerX86Common::x86Condition):
578         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
579         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
580         * assembler/MacroAssemblerX86_64.h:
581         (JSC::MacroAssemblerX86_64::add64):
582         (JSC::MacroAssemblerX86_64::and64):
583         (JSC::MacroAssemblerX86_64::neg64):
584         (JSC::MacroAssemblerX86_64::or64):
585         (JSC::MacroAssemblerX86_64::sub64):
586         (JSC::MacroAssemblerX86_64::xor64):
587         (JSC::MacroAssemblerX86_64::not64):
588         (JSC::MacroAssemblerX86_64::store64):
589         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
590         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
591         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
592         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
593         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
594         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
595         (JSC::MacroAssemblerX86_64::atomicAdd64):
596         (JSC::MacroAssemblerX86_64::atomicSub64):
597         (JSC::MacroAssemblerX86_64::atomicAnd64):
598         (JSC::MacroAssemblerX86_64::atomicOr64):
599         (JSC::MacroAssemblerX86_64::atomicXor64):
600         (JSC::MacroAssemblerX86_64::atomicNeg64):
601         (JSC::MacroAssemblerX86_64::atomicNot64):
602         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
603         (JSC::MacroAssemblerX86_64::atomicXchg64):
604         (JSC::MacroAssemblerX86_64::loadAcq64):
605         (JSC::MacroAssemblerX86_64::storeRel64):
606         * assembler/X86Assembler.h:
607         (JSC::X86Assembler::addl_mr):
608         (JSC::X86Assembler::addq_mr):
609         (JSC::X86Assembler::addq_rm):
610         (JSC::X86Assembler::addq_im):
611         (JSC::X86Assembler::andl_mr):
612         (JSC::X86Assembler::andl_rm):
613         (JSC::X86Assembler::andw_rm):
614         (JSC::X86Assembler::andb_rm):
615         (JSC::X86Assembler::andl_im):
616         (JSC::X86Assembler::andw_im):
617         (JSC::X86Assembler::andb_im):
618         (JSC::X86Assembler::andq_mr):
619         (JSC::X86Assembler::andq_rm):
620         (JSC::X86Assembler::andq_im):
621         (JSC::X86Assembler::incq_m):
622         (JSC::X86Assembler::negq_m):
623         (JSC::X86Assembler::negl_m):
624         (JSC::X86Assembler::negw_m):
625         (JSC::X86Assembler::negb_m):
626         (JSC::X86Assembler::notl_m):
627         (JSC::X86Assembler::notw_m):
628         (JSC::X86Assembler::notb_m):
629         (JSC::X86Assembler::notq_m):
630         (JSC::X86Assembler::orl_mr):
631         (JSC::X86Assembler::orl_rm):
632         (JSC::X86Assembler::orw_rm):
633         (JSC::X86Assembler::orb_rm):
634         (JSC::X86Assembler::orl_im):
635         (JSC::X86Assembler::orw_im):
636         (JSC::X86Assembler::orb_im):
637         (JSC::X86Assembler::orq_mr):
638         (JSC::X86Assembler::orq_rm):
639         (JSC::X86Assembler::orq_im):
640         (JSC::X86Assembler::subl_mr):
641         (JSC::X86Assembler::subl_rm):
642         (JSC::X86Assembler::subw_rm):
643         (JSC::X86Assembler::subb_rm):
644         (JSC::X86Assembler::subl_im):
645         (JSC::X86Assembler::subw_im):
646         (JSC::X86Assembler::subb_im):
647         (JSC::X86Assembler::subq_mr):
648         (JSC::X86Assembler::subq_rm):
649         (JSC::X86Assembler::subq_im):
650         (JSC::X86Assembler::xorl_mr):
651         (JSC::X86Assembler::xorl_rm):
652         (JSC::X86Assembler::xorl_im):
653         (JSC::X86Assembler::xorw_rm):
654         (JSC::X86Assembler::xorw_im):
655         (JSC::X86Assembler::xorb_rm):
656         (JSC::X86Assembler::xorb_im):
657         (JSC::X86Assembler::xorq_im):
658         (JSC::X86Assembler::xorq_rm):
659         (JSC::X86Assembler::xorq_mr):
660         (JSC::X86Assembler::xchgb_rm):
661         (JSC::X86Assembler::xchgw_rm):
662         (JSC::X86Assembler::xchgl_rm):
663         (JSC::X86Assembler::xchgq_rm):
664         (JSC::X86Assembler::movw_im):
665         (JSC::X86Assembler::movq_i32m):
666         (JSC::X86Assembler::cmpxchgb_rm):
667         (JSC::X86Assembler::cmpxchgw_rm):
668         (JSC::X86Assembler::cmpxchgl_rm):
669         (JSC::X86Assembler::cmpxchgq_rm):
670         (JSC::X86Assembler::xaddb_rm):
671         (JSC::X86Assembler::xaddw_rm):
672         (JSC::X86Assembler::xaddl_rm):
673         (JSC::X86Assembler::xaddq_rm):
674         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
675         * b3/B3AtomicValue.cpp: Added.
676         (JSC::B3::AtomicValue::~AtomicValue):
677         (JSC::B3::AtomicValue::dumpMeta):
678         (JSC::B3::AtomicValue::cloneImpl):
679         (JSC::B3::AtomicValue::AtomicValue):
680         * b3/B3AtomicValue.h: Added.
681         * b3/B3BasicBlock.h:
682         * b3/B3BlockInsertionSet.cpp:
683         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
684         (JSC::B3::BlockInsertionSet::insert): Deleted.
685         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
686         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
687         (JSC::B3::BlockInsertionSet::execute): Deleted.
688         * b3/B3BlockInsertionSet.h:
689         * b3/B3Effects.cpp:
690         (JSC::B3::Effects::interferes):
691         (JSC::B3::Effects::operator==):
692         (JSC::B3::Effects::dump):
693         * b3/B3Effects.h:
694         (JSC::B3::Effects::forCall):
695         (JSC::B3::Effects::mustExecute):
696         * b3/B3EliminateCommonSubexpressions.cpp:
697         * b3/B3Generate.cpp:
698         (JSC::B3::generateToAir):
699         * b3/B3GenericBlockInsertionSet.h: Added.
700         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
701         (JSC::B3::GenericBlockInsertionSet::insert):
702         (JSC::B3::GenericBlockInsertionSet::insertBefore):
703         (JSC::B3::GenericBlockInsertionSet::insertAfter):
704         (JSC::B3::GenericBlockInsertionSet::execute):
705         * b3/B3HeapRange.h:
706         (JSC::B3::HeapRange::operator|):
707         * b3/B3InsertionSet.cpp:
708         (JSC::B3::InsertionSet::insertClone):
709         * b3/B3InsertionSet.h:
710         * b3/B3LegalizeMemoryOffsets.cpp:
711         * b3/B3LowerMacros.cpp:
712         (JSC::B3::lowerMacros):
713         * b3/B3LowerMacrosAfterOptimizations.cpp:
714         * b3/B3LowerToAir.cpp:
715         (JSC::B3::Air::LowerToAir::LowerToAir):
716         (JSC::B3::Air::LowerToAir::run):
717         (JSC::B3::Air::LowerToAir::effectiveAddr):
718         (JSC::B3::Air::LowerToAir::addr):
719         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
720         (JSC::B3::Air::LowerToAir::appendShift):
721         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
722         (JSC::B3::Air::LowerToAir::storeOpcode):
723         (JSC::B3::Air::LowerToAir::createStore):
724         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
725         (JSC::B3::Air::LowerToAir::newBlock):
726         (JSC::B3::Air::LowerToAir::splitBlock):
727         (JSC::B3::Air::LowerToAir::fillStackmap):
728         (JSC::B3::Air::LowerToAir::appendX86Div):
729         (JSC::B3::Air::LowerToAir::appendX86UDiv):
730         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
731         (JSC::B3::Air::LowerToAir::storeCondOpcode):
732         (JSC::B3::Air::LowerToAir::appendCAS):
733         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
734         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
735         (JSC::B3::Air::LowerToAir::lower):
736         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
737         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
738         * b3/B3LowerToAir.h:
739         * b3/B3MemoryValue.cpp:
740         (JSC::B3::MemoryValue::isLegalOffset):
741         (JSC::B3::MemoryValue::accessType):
742         (JSC::B3::MemoryValue::accessBank):
743         (JSC::B3::MemoryValue::accessByteSize):
744         (JSC::B3::MemoryValue::dumpMeta):
745         (JSC::B3::MemoryValue::MemoryValue):
746         (JSC::B3::MemoryValue::accessWidth): Deleted.
747         * b3/B3MemoryValue.h:
748         * b3/B3MemoryValueInlines.h: Added.
749         (JSC::B3::MemoryValue::isLegalOffset):
750         (JSC::B3::MemoryValue::requiresSimpleAddr):
751         (JSC::B3::MemoryValue::accessWidth):
752         * b3/B3MoveConstants.cpp:
753         * b3/B3NativeTraits.h: Added.
754         * b3/B3Opcode.cpp:
755         (JSC::B3::storeOpcode):
756         (WTF::printInternal):
757         * b3/B3Opcode.h:
758         (JSC::B3::isLoad):
759         (JSC::B3::isStore):
760         (JSC::B3::isLoadStore):
761         (JSC::B3::isAtomic):
762         (JSC::B3::isAtomicCAS):
763         (JSC::B3::isAtomicXchg):
764         (JSC::B3::isMemoryAccess):
765         (JSC::B3::signExtendOpcode):
766         * b3/B3Procedure.cpp:
767         (JSC::B3::Procedure::dump):
768         * b3/B3Procedure.h:
769         (JSC::B3::Procedure::hasQuirks):
770         (JSC::B3::Procedure::setHasQuirks):
771         * b3/B3PureCSE.cpp:
772         (JSC::B3::pureCSE):
773         * b3/B3PureCSE.h:
774         * b3/B3ReduceStrength.cpp:
775         * b3/B3Validate.cpp:
776         * b3/B3Value.cpp:
777         (JSC::B3::Value::returnsBool):
778         (JSC::B3::Value::effects):
779         (JSC::B3::Value::key):
780         (JSC::B3::Value::performSubstitution):
781         (JSC::B3::Value::typeFor):
782         * b3/B3Value.h:
783         * b3/B3Width.cpp:
784         (JSC::B3::bestType):
785         * b3/B3Width.h:
786         (JSC::B3::canonicalWidth):
787         (JSC::B3::isCanonicalWidth):
788         (JSC::B3::mask):
789         * b3/air/AirArg.cpp:
790         (JSC::B3::Air::Arg::jsHash):
791         (JSC::B3::Air::Arg::dump):
792         (WTF::printInternal):
793         * b3/air/AirArg.h:
794         (JSC::B3::Air::Arg::isAnyUse):
795         (JSC::B3::Air::Arg::isColdUse):
796         (JSC::B3::Air::Arg::cooled):
797         (JSC::B3::Air::Arg::isEarlyUse):
798         (JSC::B3::Air::Arg::isLateUse):
799         (JSC::B3::Air::Arg::isAnyDef):
800         (JSC::B3::Air::Arg::isEarlyDef):
801         (JSC::B3::Air::Arg::isLateDef):
802         (JSC::B3::Air::Arg::isZDef):
803         (JSC::B3::Air::Arg::simpleAddr):
804         (JSC::B3::Air::Arg::statusCond):
805         (JSC::B3::Air::Arg::isSimpleAddr):
806         (JSC::B3::Air::Arg::isMemory):
807         (JSC::B3::Air::Arg::isStatusCond):
808         (JSC::B3::Air::Arg::isCondition):
809         (JSC::B3::Air::Arg::ptr):
810         (JSC::B3::Air::Arg::base):
811         (JSC::B3::Air::Arg::isGP):
812         (JSC::B3::Air::Arg::isFP):
813         (JSC::B3::Air::Arg::isValidForm):
814         (JSC::B3::Air::Arg::forEachTmpFast):
815         (JSC::B3::Air::Arg::forEachTmp):
816         (JSC::B3::Air::Arg::asAddress):
817         (JSC::B3::Air::Arg::asStatusCondition):
818         (JSC::B3::Air::Arg::isInvertible):
819         (JSC::B3::Air::Arg::inverted):
820         * b3/air/AirBasicBlock.cpp:
821         (JSC::B3::Air::BasicBlock::setSuccessors):
822         * b3/air/AirBasicBlock.h:
823         * b3/air/AirBlockInsertionSet.cpp: Added.
824         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
825         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
826         * b3/air/AirBlockInsertionSet.h: Added.
827         * b3/air/AirDumpAsJS.cpp: Removed.
828         * b3/air/AirDumpAsJS.h: Removed.
829         * b3/air/AirEliminateDeadCode.cpp:
830         (JSC::B3::Air::eliminateDeadCode):
831         * b3/air/AirGenerate.cpp:
832         (JSC::B3::Air::prepareForGeneration):
833         * b3/air/AirInstInlines.h:
834         (JSC::B3::Air::isAtomicStrongCASValid):
835         (JSC::B3::Air::isBranchAtomicStrongCASValid):
836         (JSC::B3::Air::isAtomicStrongCAS8Valid):
837         (JSC::B3::Air::isAtomicStrongCAS16Valid):
838         (JSC::B3::Air::isAtomicStrongCAS32Valid):
839         (JSC::B3::Air::isAtomicStrongCAS64Valid):
840         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
841         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
842         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
843         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
844         * b3/air/AirOpcode.opcodes:
845         * b3/air/AirOptimizeBlockOrder.cpp:
846         (JSC::B3::Air::optimizeBlockOrder):
847         * b3/air/AirPadInterference.cpp:
848         (JSC::B3::Air::padInterference):
849         * b3/air/AirSpillEverything.cpp:
850         (JSC::B3::Air::spillEverything):
851         * b3/air/opcode_generator.rb:
852         * b3/testb3.cpp:
853         (JSC::B3::testLoadAcq42):
854         (JSC::B3::testStoreRelAddLoadAcq32):
855         (JSC::B3::testStoreRelAddLoadAcq8):
856         (JSC::B3::testStoreRelAddFenceLoadAcq8):
857         (JSC::B3::testStoreRelAddLoadAcq16):
858         (JSC::B3::testStoreRelAddLoadAcq64):
859         (JSC::B3::testTrappingStoreElimination):
860         (JSC::B3::testX86LeaAddAdd):
861         (JSC::B3::testX86LeaAddShlLeftScale1):
862         (JSC::B3::testAtomicWeakCAS):
863         (JSC::B3::testAtomicStrongCAS):
864         (JSC::B3::testAtomicXchg):
865         (JSC::B3::testDepend32):
866         (JSC::B3::testDepend64):
867         (JSC::B3::run):
868         * runtime/Options.h:
869
870 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
871
872         Unreviewed typo fixes after r213652.
873         https://bugs.webkit.org/show_bug.cgi?id=168920
874
875         * assembler/MacroAssemblerARM.h:
876         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
877         * assembler/MacroAssemblerMIPS.h:
878         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
879
880 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
881
882         Unreviewed ARM buildfix after r213652.
883         https://bugs.webkit.org/show_bug.cgi?id=168920
884
885         r213652 used replaceWithBrk and replaceWithBkpt names for the same
886         function, which was inconsistent and caused build error in ARMAssembler.
887
888         * assembler/ARM64Assembler.h:
889         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
890         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
891         * assembler/ARMAssembler.h:
892         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
893         (JSC::ARMAssembler::replaceWithBrk): Deleted.
894         * assembler/MacroAssemblerARM64.h:
895         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
896
897 2017-03-10  Alex Christensen  <achristensen@webkit.org>
898
899         Win64 build fix.
900
901         * b3/B3FenceValue.h:
902         * b3/B3Value.h:
903         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
904         doesn't accomplish anything except making Visual Studio mad.
905         * b3/air/opcode_generator.rb:
906         winnt.h has naming collisions with enum values from AirOpcode.h.
907         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
908         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
909         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
910         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
911
912 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
913
914         Unreviewed, rolling out r213695.
915
916         This change broke the Windows build.
917
918         Reverted changeset:
919
920         "Implement a StackTrace utility object that can capture stack
921         traces for debugging."
922         https://bugs.webkit.org/show_bug.cgi?id=169454
923         http://trac.webkit.org/changeset/213695
924
925 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
926
927         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
928         https://bugs.webkit.org/show_bug.cgi?id=167962
929
930         Reviewed by Keith Miller.
931
932         Object Rest/Spread Destructing proposal is in stage 3[1] and this
933         Patch is a prototype implementation of it. A simple change over the
934         parser was necessary to support the new '...' token on Object Pattern
935         destruction rule. In the bytecode generator side, We changed the
936         bytecode generated on ObjectPatternNode::bindValue to store in an
937         array identifiers of already destructed properties, following spec draft
938         section[2], and then pass it as excludedNames to CopyDataProperties.
939         The rest destruction the calls copyDataProperties to perform the
940         copy of rest properties in rhs.
941
942         We also implemented CopyDataProperties as private JS global operation
943         on builtins/GlobalOperations.js following it's specification on [3].
944         It is implemented using Set object to verify if a property is on
945         excludedNames to keep this algorithm with O(n + m) complexity, where n
946         = number of source's own properties and m = excludedNames.length. 
947
948         As a requirement to use JSSets as constants, a change in
949         CodeBlock::create API was necessary, because JSSet creation can throws OOM
950         exception. Now, CodeBlock::finishCreation returns ```false``` if an
951         execption is throwed by
952         CodeBlock::setConstantIdentifierSetRegisters and then we return
953         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
954         check if CodeBlock was constructed properly and then, throw OOM
955         exception to the correct scope.
956
957         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
958         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
959         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
960
961         * builtins/BuiltinNames.h:
962         * builtins/GlobalOperations.js:
963         (globalPrivate.copyDataProperties):
964         * bytecode/CodeBlock.cpp:
965         (JSC::CodeBlock::finishCreation):
966         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
967         * bytecode/CodeBlock.h:
968         * bytecode/EvalCodeBlock.h:
969         (JSC::EvalCodeBlock::create):
970         * bytecode/FunctionCodeBlock.h:
971         (JSC::FunctionCodeBlock::create):
972         * bytecode/ModuleProgramCodeBlock.h:
973         (JSC::ModuleProgramCodeBlock::create):
974         * bytecode/ProgramCodeBlock.h:
975         (JSC::ProgramCodeBlock::create):
976         * bytecode/UnlinkedCodeBlock.h:
977         (JSC::UnlinkedCodeBlock::addSetConstant):
978         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
979         * bytecompiler/BytecodeGenerator.cpp:
980         (JSC::BytecodeGenerator::emitLoad):
981         * bytecompiler/BytecodeGenerator.h:
982         * bytecompiler/NodesCodegen.cpp:
983         (JSC::ObjectPatternNode::bindValue):
984         * parser/ASTBuilder.h:
985         (JSC::ASTBuilder::appendObjectPatternEntry):
986         (JSC::ASTBuilder::appendObjectPatternRestEntry):
987         (JSC::ASTBuilder::setContainsObjectRestElement):
988         * parser/Nodes.h:
989         (JSC::ObjectPatternNode::appendEntry):
990         (JSC::ObjectPatternNode::setContainsRestElement):
991         * parser/Parser.cpp:
992         (JSC::Parser<LexerType>::parseDestructuringPattern):
993         (JSC::Parser<LexerType>::parseProperty):
994         * parser/SyntaxChecker.h:
995         (JSC::SyntaxChecker::operatorStackPop):
996         * runtime/JSGlobalObject.cpp:
997         (JSC::JSGlobalObject::init):
998         * runtime/JSGlobalObjectFunctions.cpp:
999         (JSC::privateToObject):
1000         * runtime/JSGlobalObjectFunctions.h:
1001         * runtime/ScriptExecutable.cpp:
1002         (JSC::ScriptExecutable::newCodeBlockFor):
1003
1004 2017-03-09  Mark Lam  <mark.lam@apple.com>
1005
1006         Implement a StackTrace utility object that can capture stack traces for debugging.
1007         https://bugs.webkit.org/show_bug.cgi?id=169454
1008
1009         Reviewed by Michael Saboff.
1010
1011         The underlying implementation is hoisted right out of Assertions.cpp from the
1012         implementations of WTFPrintBacktrace().
1013
1014         The reason we need this StackTrace object is because during heap debugging, we
1015         sometimes want to capture the stack trace that allocated the objects of interest.
1016         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
1017         perturb the execution profile sufficiently that an issue may not reproduce,
1018         while alternatively, just capturing the stack trace and deferring printing it
1019         till we actually need it later perturbs the execution profile less.
1020
1021         In addition, just capturing the stack traces (instead of printing them
1022         immediately at each capture site) allows us to avoid polluting stdout with tons
1023         of stack traces that may be irrelevant.
1024
1025         For now, we only capture the native stack trace.  We'll leave capturing and
1026         integrating the JS stack trace as an exercise for the future if we need it then.
1027
1028         Here's an example of how to use this StackTrace utility:
1029
1030             // Capture a stack trace of the top 10 frames.
1031             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
1032             // Print the trace.
1033             dataLog(*trace);
1034
1035         * CMakeLists.txt:
1036         * JavaScriptCore.xcodeproj/project.pbxproj:
1037         * tools/StackTrace.cpp: Added.
1038         (JSC::StackTrace::instanceSize):
1039         (JSC::StackTrace::captureStackTrace):
1040         (JSC::StackTrace::dump):
1041         * tools/StackTrace.h: Added.
1042         (JSC::StackTrace::StackTrace):
1043         (JSC::StackTrace::size):
1044
1045 2017-03-09  Keith Miller  <keith_miller@apple.com>
1046
1047         WebAssembly: Enable fast memory for WK2
1048         https://bugs.webkit.org/show_bug.cgi?id=169437
1049
1050         Reviewed by Tim Horton.
1051
1052         * JavaScriptCore.xcodeproj/project.pbxproj:
1053
1054 2017-03-09  Matt Baker  <mattbaker@apple.com>
1055
1056         Web Inspector: Add XHR breakpoints UI
1057         https://bugs.webkit.org/show_bug.cgi?id=168763
1058         <rdar://problem/30952439>
1059
1060         Reviewed by Joseph Pecoraro.
1061
1062         * inspector/protocol/DOMDebugger.json:
1063         Added clarifying comments to command descriptions.
1064
1065 2017-03-09  Michael Saboff  <msaboff@apple.com>
1066
1067         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
1068         https://bugs.webkit.org/show_bug.cgi?id=169387
1069
1070         Reviewed by Filip Pizlo.
1071
1072         Added a helper function, processConfigFile(), to process configuration file.
1073         Changed jsc.cpp to use that function in lieu of processing the config file
1074         manually.
1075
1076         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
1077         * jsc.cpp:
1078         (jscmain):
1079         * runtime/ConfigFile.cpp:
1080         (JSC::processConfigFile):
1081         * runtime/ConfigFile.h:
1082
1083 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
1084
1085         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
1086         https://bugs.webkit.org/show_bug.cgi?id=29687
1087         <rdar://problem/19281586>
1088
1089         Reviewed by Matt Baker and Brian Burg.
1090
1091         * inspector/protocol/Network.json:
1092         Add metrics object with optional properties to loadingFinished event.
1093
1094 2017-03-09  Youenn Fablet  <youenn@apple.com>
1095
1096         Minimal build is broken
1097         https://bugs.webkit.org/show_bug.cgi?id=169416
1098
1099         Reviewed by Chris Dumez.
1100
1101         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
1102         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
1103
1104         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
1105         (generate_members):
1106         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
1107         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
1108         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
1109
1110 2017-03-09  Daniel Bates  <dabates@apple.com>
1111
1112         Guard Credential Management implementation behind a runtime enabled feature flag
1113         https://bugs.webkit.org/show_bug.cgi?id=169364
1114         <rdar://problem/30957425>
1115
1116         Reviewed by Brent Fulgham.
1117
1118         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
1119         needed to guard these interfaces behind a runtime enabled feature flag.
1120
1121         * runtime/CommonIdentifiers.h:
1122
1123 2017-03-09  Mark Lam  <mark.lam@apple.com>
1124
1125         Refactoring some HeapVerifier code.
1126         https://bugs.webkit.org/show_bug.cgi?id=169443
1127
1128         Reviewed by Filip Pizlo.
1129
1130         Renamed LiveObjectData to CellProfile.
1131         Renamed LiveObjectList to CellList.
1132         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
1133         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
1134
1135         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
1136
1137         * CMakeLists.txt:
1138         * JavaScriptCore.xcodeproj/project.pbxproj:
1139         * heap/Heap.cpp:
1140         (JSC::Heap::runBeginPhase):
1141         (JSC::Heap::runEndPhase):
1142         * heap/HeapVerifier.cpp: Removed.
1143         * heap/HeapVerifier.h: Removed.
1144         * heap/LiveObjectData.h: Removed.
1145         * heap/LiveObjectList.cpp: Removed.
1146         * heap/LiveObjectList.h: Removed.
1147         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
1148         (JSC::CellList::findCell):
1149         (JSC::LiveObjectList::findObject): Deleted.
1150         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
1151         (JSC::CellList::CellList):
1152         (JSC::CellList::reset):
1153         (JSC::LiveObjectList::LiveObjectList): Deleted.
1154         (JSC::LiveObjectList::reset): Deleted.
1155         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
1156         (JSC::CellProfile::CellProfile):
1157         (JSC::LiveObjectData::LiveObjectData): Deleted.
1158         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
1159         (JSC::GatherCellFunctor::GatherCellFunctor):
1160         (JSC::GatherCellFunctor::visit):
1161         (JSC::GatherCellFunctor::operator()):
1162         (JSC::HeapVerifier::gatherLiveCells):
1163         (JSC::HeapVerifier::cellListForGathering):
1164         (JSC::trimDeadCellsFromList):
1165         (JSC::HeapVerifier::trimDeadCells):
1166         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
1167         (JSC::HeapVerifier::reportCell):
1168         (JSC::HeapVerifier::checkIfRecorded):
1169         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
1170         (JSC::GatherLiveObjFunctor::visit): Deleted.
1171         (JSC::GatherLiveObjFunctor::operator()): Deleted.
1172         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
1173         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
1174         (JSC::trimDeadObjectsFromList): Deleted.
1175         (JSC::HeapVerifier::trimDeadObjects): Deleted.
1176         (JSC::HeapVerifier::reportObject): Deleted.
1177         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
1178
1179 2017-03-09  Anders Carlsson  <andersca@apple.com>
1180
1181         Add delegate support to WebCore
1182         https://bugs.webkit.org/show_bug.cgi?id=169427
1183         Part of rdar://problem/28880714.
1184
1185         Reviewed by Geoffrey Garen.
1186
1187         * Configurations/FeatureDefines.xcconfig:
1188         Add feature define.
1189
1190 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
1191
1192         Web Inspector: Show individual messages in the content pane for a WebSocket
1193         https://bugs.webkit.org/show_bug.cgi?id=169011
1194
1195         Reviewed by Joseph Pecoraro.
1196
1197         Add walltime parameter and correct the description of Timestamp type.
1198
1199         * inspector/protocol/Network.json:
1200
1201 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1202
1203         Unreviewed, fix weak external symbol error.
1204
1205         * heap/SlotVisitor.h:
1206
1207 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1208
1209         std::isnan/isinf should work with WTF time classes
1210         https://bugs.webkit.org/show_bug.cgi?id=164991
1211
1212         Reviewed by Darin Adler.
1213         
1214         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
1215
1216         * runtime/AtomicsObject.cpp:
1217         (JSC::atomicsFuncWait):
1218
1219 2017-03-09  Mark Lam  <mark.lam@apple.com>
1220
1221         Use const AbstractLocker& (instead of const LockHolder&) in more places.
1222         https://bugs.webkit.org/show_bug.cgi?id=169424
1223
1224         Reviewed by Filip Pizlo.
1225
1226         * heap/CodeBlockSet.cpp:
1227         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
1228         * heap/CodeBlockSet.h:
1229         * heap/CodeBlockSetInlines.h:
1230         (JSC::CodeBlockSet::mark):
1231         * heap/ConservativeRoots.cpp:
1232         (JSC::CompositeMarkHook::CompositeMarkHook):
1233         * heap/MachineStackMarker.cpp:
1234         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1235         * heap/MachineStackMarker.h:
1236         * profiler/ProfilerDatabase.cpp:
1237         (JSC::Profiler::Database::ensureBytecodesFor):
1238         * profiler/ProfilerDatabase.h:
1239         * runtime/SamplingProfiler.cpp:
1240         (JSC::FrameWalker::FrameWalker):
1241         (JSC::CFrameWalker::CFrameWalker):
1242         (JSC::SamplingProfiler::createThreadIfNecessary):
1243         (JSC::SamplingProfiler::takeSample):
1244         (JSC::SamplingProfiler::start):
1245         (JSC::SamplingProfiler::pause):
1246         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
1247         (JSC::SamplingProfiler::clearData):
1248         (JSC::SamplingProfiler::releaseStackTraces):
1249         * runtime/SamplingProfiler.h:
1250         (JSC::SamplingProfiler::setStopWatch):
1251         * wasm/WasmMemory.cpp:
1252         (JSC::Wasm::availableFastMemories):
1253         (JSC::Wasm::activeFastMemories):
1254         (JSC::Wasm::viewActiveFastMemories):
1255         * wasm/WasmMemory.h:
1256
1257 2017-03-09  Saam Barati  <sbarati@apple.com>
1258
1259         WebAssembly: Make the Unity AngryBots demo run
1260         https://bugs.webkit.org/show_bug.cgi?id=169268
1261
1262         Reviewed by Keith Miller.
1263
1264         This patch fixes three bugs:
1265         1. The WasmBinding code for making a JS call was off
1266         by 1 in its stack layout code.
1267         2. The WasmBinding code had a "<" comparison instead
1268         of a ">=" comparison. This would cause us to calculate
1269         the wrong frame pointer offset.
1270         3. The code to reload wasm state inside B3IRGenerator didn't
1271         properly represent its effects.
1272
1273         * wasm/WasmB3IRGenerator.cpp:
1274         (JSC::Wasm::restoreWebAssemblyGlobalState):
1275         (JSC::Wasm::parseAndCompile):
1276         * wasm/WasmBinding.cpp:
1277         (JSC::Wasm::wasmToJs):
1278         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1279         (JSC::WebAssemblyInstanceConstructor::createInstance):
1280
1281 2017-03-09  Mark Lam  <mark.lam@apple.com>
1282
1283         Make the VM Traps mechanism non-polling for the DFG and FTL.
1284         https://bugs.webkit.org/show_bug.cgi?id=168920
1285         <rdar://problem/30738588>
1286
1287         Reviewed by Filip Pizlo.
1288
1289         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
1290            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
1291         2. Added assembler functions for overwriting an instruction with a breakpoint.
1292         3. Added a new JettisonDueToVMTraps jettison reason.
1293         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
1294            invalidation points with breakpoint instructions.
1295         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
1296         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
1297            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
1298            Options::usePollingTraps() to always be true.  This makes the VMTraps
1299            implementation fall back to using polling based traps only.
1300
1301         7. Make VMTraps support signal based traps.
1302
1303         Some design and implementation details of signal based VM traps:
1304
1305         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
1306
1307         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
1308           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
1309           we want to trap, and check for the occurence of one of the following events:
1310
1311           a. VMTraps::handleTraps() has been called for the requested trap, or
1312
1313           b. the VM is inactive and is no longer executing any JS code.  We determine
1314              this to be the case if the thread no longer owns the JSLock and the VM's
1315              entryScope is null.
1316
1317              Note: the thread can relinquish the JSLock while the VM's entryScope is not
1318              null.  This happens when the thread calls JSLock::dropAllLocks() before
1319              calling a host function that may block on IO (or whatever).  For our purpose,
1320              this counts as the VM still running JS code, and VM::fireTrap() will still
1321              be waiting.
1322
1323           If the SignalSender does not see either of these events, it will sleep for a
1324           while and then re-send SIGUSR1 and check for the events again.  When it sees
1325           one of these events, it will consider the mutator to have received the trap
1326           request.
1327
1328         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1329           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1330           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1331           safe to jettison the codeBlock.
1332
1333           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1334           insert the breakpoint instructions itself.  This is because we need the
1335           register state of the the mutator thread (that we want to trap in) in order to
1336           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1337           we don't have a generic way for the requester thread to get the register state
1338           of another thread.
1339
1340         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1341           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1342           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1343           baseline JIT code will eventually reach an op_check_traps and call
1344           VMTraps::handleTraps().
1345
1346           If the handler is not trapping at an invalidation point, then it must be
1347           observing an assertion failure (which also uses the breakpoint instruction).
1348           In this case, the handler will defer to the default SIGTRAP handler and crash.
1349
1350         - The reason we need the SignalSender is because SignalSender::send() is called
1351           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1352           send() needs to make use of the VM pointer, and it is not guaranteed that the
1353           VM will outlive the thread.  SignalSender provides the mechanism by which we
1354           can nullify the VM pointer when the VM dies so that the thread does not
1355           continue to use it.
1356
1357         * assembler/ARM64Assembler.h:
1358         (JSC::ARM64Assembler::replaceWithBrk):
1359         * assembler/ARMAssembler.h:
1360         (JSC::ARMAssembler::replaceWithBrk):
1361         * assembler/ARMv7Assembler.h:
1362         (JSC::ARMv7Assembler::replaceWithBkpt):
1363         * assembler/MIPSAssembler.h:
1364         (JSC::MIPSAssembler::replaceWithBkpt):
1365         * assembler/MacroAssemblerARM.h:
1366         (JSC::MacroAssemblerARM::replaceWithJump):
1367         * assembler/MacroAssemblerARM64.h:
1368         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1369         * assembler/MacroAssemblerARMv7.h:
1370         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1371         * assembler/MacroAssemblerMIPS.h:
1372         (JSC::MacroAssemblerMIPS::replaceWithJump):
1373         * assembler/MacroAssemblerX86Common.h:
1374         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1375         * assembler/X86Assembler.h:
1376         (JSC::X86Assembler::replaceWithInt3):
1377         * bytecode/CodeBlock.cpp:
1378         (JSC::CodeBlock::jettison):
1379         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1380         (JSC::CodeBlock::installVMTrapBreakpoints):
1381         * bytecode/CodeBlock.h:
1382         * bytecompiler/BytecodeGenerator.cpp:
1383         (JSC::BytecodeGenerator::emitCheckTraps):
1384         * dfg/DFGCommonData.cpp:
1385         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1386         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1387         * dfg/DFGCommonData.h:
1388         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1389         * dfg/DFGJumpReplacement.cpp:
1390         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1391         * dfg/DFGJumpReplacement.h:
1392         (JSC::DFG::JumpReplacement::dataLocation):
1393         * dfg/DFGNodeType.h:
1394         * heap/CodeBlockSet.cpp:
1395         (JSC::CodeBlockSet::contains):
1396         * heap/CodeBlockSet.h:
1397         * heap/CodeBlockSetInlines.h:
1398         (JSC::CodeBlockSet::iterate):
1399         * heap/Heap.cpp:
1400         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1401         * heap/Heap.h:
1402         * heap/HeapInlines.h:
1403         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1404         * heap/MachineStackMarker.h:
1405         (JSC::MachineThreads::threadsListHead):
1406         * jit/ExecutableAllocator.cpp:
1407         (JSC::ExecutableAllocator::isValidExecutableMemory):
1408         * jit/ExecutableAllocator.h:
1409         * profiler/ProfilerJettisonReason.cpp:
1410         (WTF::printInternal):
1411         * profiler/ProfilerJettisonReason.h:
1412         * runtime/JSLock.cpp:
1413         (JSC::JSLock::didAcquireLock):
1414         * runtime/Options.cpp:
1415         (JSC::overrideDefaults):
1416         * runtime/Options.h:
1417         * runtime/PlatformThread.h:
1418         (JSC::platformThreadSignal):
1419         * runtime/VM.cpp:
1420         (JSC::VM::~VM):
1421         (JSC::VM::ensureWatchdog):
1422         (JSC::VM::handleTraps): Deleted.
1423         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1424         * runtime/VM.h:
1425         (JSC::VM::ownerThread):
1426         (JSC::VM::traps):
1427         (JSC::VM::handleTraps):
1428         (JSC::VM::needTrapHandling):
1429         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1430         * runtime/VMTraps.cpp:
1431         (JSC::VMTraps::vm):
1432         (JSC::SignalContext::SignalContext):
1433         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1434         (JSC::vmIsInactive):
1435         (JSC::findActiveVMAndStackBounds):
1436         (JSC::handleSigusr1):
1437         (JSC::handleSigtrap):
1438         (JSC::installSignalHandlers):
1439         (JSC::sanitizedTopCallFrame):
1440         (JSC::isSaneFrame):
1441         (JSC::VMTraps::tryInstallTrapBreakpoints):
1442         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1443         (JSC::VMTraps::VMTraps):
1444         (JSC::VMTraps::willDestroyVM):
1445         (JSC::VMTraps::addSignalSender):
1446         (JSC::VMTraps::removeSignalSender):
1447         (JSC::VMTraps::SignalSender::willDestroyVM):
1448         (JSC::VMTraps::SignalSender::send):
1449         (JSC::VMTraps::fireTrap):
1450         (JSC::VMTraps::handleTraps):
1451         * runtime/VMTraps.h:
1452         (JSC::VMTraps::~VMTraps):
1453         (JSC::VMTraps::needTrapHandling):
1454         (JSC::VMTraps::notifyGrabAllLocks):
1455         (JSC::VMTraps::SignalSender::SignalSender):
1456         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1457         * tools/VMInspector.cpp:
1458         * tools/VMInspector.h:
1459         (JSC::VMInspector::getLock):
1460         (JSC::VMInspector::iterate):
1461
1462 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1463
1464         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1465         https://bugs.webkit.org/show_bug.cgi?id=169215
1466
1467         Reviewed by Mark Lam.
1468         
1469         This doesn't have a test because it would be a very complicated test.
1470
1471         * runtime/JSObject.h:
1472         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1473
1474 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1475
1476         WTF should make it super easy to do ARM concurrency tricks
1477         https://bugs.webkit.org/show_bug.cgi?id=169300
1478
1479         Reviewed by Mark Lam.
1480         
1481         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1482         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1483         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1484         machine code, I found other opportunities for improvement, like inlining the "am I
1485         marked" part of the marking functions.
1486
1487         * heap/Heap.cpp:
1488         (JSC::Heap::setGCDidJIT):
1489         * heap/HeapInlines.h:
1490         (JSC::Heap::testAndSetMarked):
1491         * heap/LargeAllocation.h:
1492         (JSC::LargeAllocation::isMarked):
1493         (JSC::LargeAllocation::isMarkedConcurrently):
1494         (JSC::LargeAllocation::aboutToMark):
1495         (JSC::LargeAllocation::testAndSetMarked):
1496         * heap/MarkedBlock.h:
1497         (JSC::MarkedBlock::areMarksStaleWithDependency):
1498         (JSC::MarkedBlock::aboutToMark):
1499         (JSC::MarkedBlock::isMarkedConcurrently):
1500         (JSC::MarkedBlock::isMarked):
1501         (JSC::MarkedBlock::testAndSetMarked):
1502         * heap/SlotVisitor.cpp:
1503         (JSC::SlotVisitor::appendSlow):
1504         (JSC::SlotVisitor::appendHiddenSlow):
1505         (JSC::SlotVisitor::appendHiddenSlowImpl):
1506         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1507         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1508         (JSC::SlotVisitor::appendHidden): Deleted.
1509         * heap/SlotVisitor.h:
1510         * heap/SlotVisitorInlines.h:
1511         (JSC::SlotVisitor::appendUnbarriered):
1512         (JSC::SlotVisitor::appendHidden):
1513         (JSC::SlotVisitor::append):
1514         (JSC::SlotVisitor::appendValues):
1515         (JSC::SlotVisitor::appendValuesHidden):
1516         * runtime/CustomGetterSetter.cpp:
1517         * runtime/JSObject.cpp:
1518         (JSC::JSObject::visitButterflyImpl):
1519         * runtime/JSObject.h:
1520
1521 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1522
1523         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1524         https://bugs.webkit.org/show_bug.cgi?id=160124
1525
1526         Reviewed by Mark Lam.
1527
1528         When performing CallVarargs, we will copy values to the stack.
1529         Before actually copying values, we need to adjust the stackPointerRegister
1530         to ensure copied values are in the allocated stack area.
1531         If we do not that, OS can break the values that is stored beyond the stack
1532         pointer. For example, signal stack can be constructed on these area, and
1533         breaks values.
1534
1535         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1536         in Linux port. Since Linux ports use signal to suspend and resume threads,
1537         signal handler is frequently called when enabling sampling profiler. Thus this
1538         crash occurs.
1539
1540         * dfg/DFGSpeculativeJIT32_64.cpp:
1541         (JSC::DFG::SpeculativeJIT::emitCall):
1542         * dfg/DFGSpeculativeJIT64.cpp:
1543         (JSC::DFG::SpeculativeJIT::emitCall):
1544         * ftl/FTLLowerDFGToB3.cpp:
1545         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1546         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1547         * jit/SetupVarargsFrame.cpp:
1548         (JSC::emitSetupVarargsFrameFastCase):
1549         * jit/SetupVarargsFrame.h:
1550
1551 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
1552
1553         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
1554         https://bugs.webkit.org/show_bug.cgi?id=164892
1555         <rdar://problem/29320562>
1556
1557         Reviewed by Brian Burg.
1558
1559         * inspector/protocol/Network.json:
1560         Replace "fromDiskCache" property with "source" property which includes
1561         more complete information about the source of this response (network,
1562         memory cache, disk cache, or unknown).
1563
1564         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1565         (_generate_class_for_object_declaration):
1566         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1567         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1568         * inspector/scripts/codegen/generator.py:
1569         (Generator):
1570         (Generator.open_fields):
1571         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
1572         enum and open accessor string symbol that would have the same name, only generate
1573         a specific list of open accessor strings. This reduces the list of exported
1574         symbols from all properties to just the ones that are needed. This can be
1575         cleaned up later if needed.
1576
1577         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
1578         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
1579         Test for open accessors generation.
1580
1581 2017-03-08  Keith Miller  <keith_miller@apple.com>
1582
1583         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
1584         https://bugs.webkit.org/show_bug.cgi?id=169290
1585
1586         Reviewed by Saam Barati.
1587
1588         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
1589         of some wasm fast memory.
1590
1591         * wasm/WasmFaultSignalHandler.cpp:
1592         (JSC::Wasm::trapHandler):
1593         (JSC::Wasm::enableFastMemory):
1594         * wasm/WasmMemory.cpp:
1595         (JSC::Wasm::activeFastMemories):
1596         (JSC::Wasm::viewActiveFastMemories):
1597         (JSC::Wasm::tryGetFastMemory):
1598         (JSC::Wasm::releaseFastMemory):
1599         * wasm/WasmMemory.h:
1600
1601 2017-03-07  Dean Jackson  <dino@apple.com>
1602
1603         Some platforms won't be able to create a GPUDevice
1604         https://bugs.webkit.org/show_bug.cgi?id=169314
1605         <rdar://problems/30907521>
1606
1607         Reviewed by Jon Lee.
1608
1609         Disable WEB_GPU on the iOS Simulator.
1610
1611         * Configurations/FeatureDefines.xcconfig:
1612
1613 2017-03-06  Saam Barati  <sbarati@apple.com>
1614
1615         WebAssembly: Implement the WebAssembly.instantiate API
1616         https://bugs.webkit.org/show_bug.cgi?id=165982
1617         <rdar://problem/29760110>
1618
1619         Reviewed by Keith Miller.
1620
1621         This patch is a straight forward implementation of the WebAssembly.instantiate
1622         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
1623         
1624         I implemented the API in a synchronous manner. We should make it
1625         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
1626
1627         * wasm/JSWebAssembly.cpp:
1628         (JSC::webAssemblyCompileFunc):
1629         (JSC::webAssemblyInstantiateFunc):
1630         (JSC::JSWebAssembly::finishCreation):
1631         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1632         (JSC::constructJSWebAssemblyInstance):
1633         (JSC::WebAssemblyInstanceConstructor::createInstance):
1634         * wasm/js/WebAssemblyInstanceConstructor.h:
1635         * wasm/js/WebAssemblyModuleConstructor.cpp:
1636         (JSC::constructJSWebAssemblyModule):
1637         (JSC::WebAssemblyModuleConstructor::createModule):
1638         * wasm/js/WebAssemblyModuleConstructor.h:
1639
1640 2017-03-06  Michael Saboff  <msaboff@apple.com>
1641
1642         Take advantage of fast permissions switching of JIT memory for devices that support it
1643         https://bugs.webkit.org/show_bug.cgi?id=169155
1644
1645         Reviewed by Saam Barati.
1646
1647         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
1648         control access to JIT memory.
1649
1650         Had to update the Xcode config files to handle various build variations of
1651         public and internal SDKs.
1652
1653         * Configurations/Base.xcconfig:
1654         * Configurations/FeatureDefines.xcconfig:
1655         * jit/ExecutableAllocator.cpp:
1656         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1657         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1658         * jit/ExecutableAllocator.h:
1659         (JSC::performJITMemcpy):
1660
1661 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
1662
1663         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
1664         https://bugs.webkit.org/show_bug.cgi?id=168502
1665
1666         Reviewed by Filip Pizlo.
1667
1668         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
1669
1670 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
1671
1672         op_get_by_id_with_this should use inline caching
1673         https://bugs.webkit.org/show_bug.cgi?id=162124
1674
1675         Reviewed by Saam Barati.
1676
1677         This patch is enabling inline cache for op_get_by_id_with_this in all
1678         tiers. It means that operations using ```super.member``` are going to
1679         be able to be optimized by PIC. To enable it, we introduced a new
1680         member of StructureStubInfo.patch named thisGPR, created a new class
1681         to manage the IC named JITGetByIdWithThisGenerator and changed
1682         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
1683         to decide the correct this value on inline caches.
1684         With inline cached enabled, ```super.member``` are ~4.5x faster,
1685         according microbenchmarks.
1686
1687         * bytecode/AccessCase.cpp:
1688         (JSC::AccessCase::generateImpl):
1689         * bytecode/PolymorphicAccess.cpp:
1690         (JSC::PolymorphicAccess::regenerate):
1691         * bytecode/PolymorphicAccess.h:
1692         * bytecode/StructureStubInfo.cpp:
1693         (JSC::StructureStubInfo::reset):
1694         * bytecode/StructureStubInfo.h:
1695         * dfg/DFGFixupPhase.cpp:
1696         (JSC::DFG::FixupPhase::fixupNode):
1697         * dfg/DFGJITCompiler.cpp:
1698         (JSC::DFG::JITCompiler::link):
1699         * dfg/DFGJITCompiler.h:
1700         (JSC::DFG::JITCompiler::addGetByIdWithThis):
1701         * dfg/DFGSpeculativeJIT.cpp:
1702         (JSC::DFG::SpeculativeJIT::compileIn):
1703         * dfg/DFGSpeculativeJIT.h:
1704         (JSC::DFG::SpeculativeJIT::callOperation):
1705         * dfg/DFGSpeculativeJIT32_64.cpp:
1706         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1707         (JSC::DFG::SpeculativeJIT::compile):
1708         * dfg/DFGSpeculativeJIT64.cpp:
1709         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1710         (JSC::DFG::SpeculativeJIT::compile):
1711         * ftl/FTLLowerDFGToB3.cpp:
1712         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
1713         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
1714         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
1715         * jit/CCallHelpers.h:
1716         (JSC::CCallHelpers::setupArgumentsWithExecState):
1717         * jit/ICStats.h:
1718         * jit/JIT.cpp:
1719         (JSC::JIT::JIT):
1720         (JSC::JIT::privateCompileSlowCases):
1721         (JSC::JIT::link):
1722         * jit/JIT.h:
1723         * jit/JITInlineCacheGenerator.cpp:
1724         (JSC::JITByIdGenerator::JITByIdGenerator):
1725         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1726         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
1727         * jit/JITInlineCacheGenerator.h:
1728         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1729         * jit/JITInlines.h:
1730         (JSC::JIT::callOperation):
1731         * jit/JITOperations.cpp:
1732         * jit/JITOperations.h:
1733         * jit/JITPropertyAccess.cpp:
1734         (JSC::JIT::emit_op_get_by_id_with_this):
1735         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1736         * jit/JITPropertyAccess32_64.cpp:
1737         (JSC::JIT::emit_op_get_by_id_with_this):
1738         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1739         * jit/Repatch.cpp:
1740         (JSC::appropriateOptimizingGetByIdFunction):
1741         (JSC::appropriateGenericGetByIdFunction):
1742         (JSC::tryCacheGetByID):
1743         * jit/Repatch.h:
1744         * jsc.cpp:
1745         (WTF::CustomGetter::getOwnPropertySlot):
1746         (WTF::CustomGetter::customGetterAcessor):
1747
1748 2017-03-06  Saam Barati  <sbarati@apple.com>
1749
1750         WebAssembly: implement init_expr for Element
1751         https://bugs.webkit.org/show_bug.cgi?id=165888
1752         <rdar://problem/29760199>
1753
1754         Reviewed by Keith Miller.
1755
1756         This patch fixes a few bugs. The main change is allowing init_expr
1757         for the Element's offset. To do this, I had to fix a couple of
1758         other bugs:
1759         
1760         - I removed our invalid early module-parse-time invalidation
1761         of out of bound Element sections. This is not in the spec because
1762         it can't be validated in the general case when the offset is a
1763         get_global.
1764         
1765         - Our get_global validation inside our init_expr parsing code was simply wrong.
1766         It thought that the index operand to get_global went into the pool of imports,
1767         but it does not. It indexes into the pool of globals. I changed the code to
1768         refer to the global pool instead.
1769
1770         * wasm/WasmFormat.h:
1771         (JSC::Wasm::Element::Element):
1772         * wasm/WasmModuleParser.cpp:
1773         * wasm/js/WebAssemblyModuleRecord.cpp:
1774         (JSC::WebAssemblyModuleRecord::evaluate):
1775
1776 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1777
1778         [JSC] Allow indexed module namespace object fields
1779         https://bugs.webkit.org/show_bug.cgi?id=168870
1780
1781         Reviewed by Saam Barati.
1782
1783         While JS modules cannot expose any indexed bindings,
1784         Wasm modules can expose them. However, module namespace
1785         object currently does not support indexed properties.
1786         This patch allows module namespace objects to offer
1787         indexed binding accesses.
1788
1789         * runtime/JSModuleNamespaceObject.cpp:
1790         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
1791         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1792         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
1793         * runtime/JSModuleNamespaceObject.h:
1794
1795 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1796
1797         Null pointer crash when loading module with unresolved import also as a script file
1798         https://bugs.webkit.org/show_bug.cgi?id=168971
1799
1800         Reviewed by Saam Barati.
1801
1802         If linking throws an error, this error should be re-thrown
1803         when requesting the same module.
1804
1805         * builtins/ModuleLoaderPrototype.js:
1806         (globalPrivate.newRegistryEntry):
1807         * runtime/JSModuleRecord.cpp:
1808         (JSC::JSModuleRecord::link):
1809
1810 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1811
1812         [GTK][JSCOnly] Enable WebAssembly on Linux environment
1813         https://bugs.webkit.org/show_bug.cgi?id=164032
1814
1815         Reviewed by Michael Catanzaro.
1816
1817         This patch enables WebAssembly on JSCOnly and GTK ports.
1818         Basically, almost all the WASM code is portable to Linux.
1819         One platform-dependent part is faster memory load using SIGBUS
1820         signal handler. This patch ports this part to Linux.
1821
1822         * CMakeLists.txt:
1823         * llint/LLIntSlowPaths.cpp:
1824         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1825         * wasm/WasmFaultSignalHandler.cpp:
1826         (JSC::Wasm::trapHandler):
1827         (JSC::Wasm::enableFastMemory):
1828
1829 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
1830
1831         Currency digits calculation in Intl.NumberFormat should call out to ICU
1832         https://bugs.webkit.org/show_bug.cgi?id=169182
1833
1834         Reviewed by Yusuke Suzuki.
1835
1836         * runtime/IntlNumberFormat.cpp:
1837         (JSC::computeCurrencyDigits):
1838         (JSC::computeCurrencySortKey): Deleted.
1839         (JSC::extractCurrencySortKey): Deleted.
1840
1841 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
1842
1843         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
1844         https://bugs.webkit.org/show_bug.cgi?id=168869
1845
1846         Reviewed by Keith Miller.
1847
1848         * b3/B3Width.h:
1849         * wasm/WasmSections.h:
1850
1851 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
1852
1853         [ARM] Unreviewed buildfix after r213376.
1854
1855         * assembler/ARMAssembler.h:
1856         (JSC::ARMAssembler::isBkpt): Typo fixed.
1857
1858 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1859
1860         [JSC] build fix after r213399
1861         https://bugs.webkit.org/show_bug.cgi?id=169154
1862
1863         Unreviewed.
1864
1865         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
1866
1867 2017-03-03  Dean Jackson  <dino@apple.com>
1868
1869         Add WebGPU compile flag and experimental feature flag
1870         https://bugs.webkit.org/show_bug.cgi?id=169161
1871         <rdar://problem/30846689>
1872
1873         Reviewed by Tim Horton.
1874
1875         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
1876         and an InternalSetting.
1877
1878         * Configurations/FeatureDefines.xcconfig:
1879
1880 2017-03-03  Michael Saboff  <msaboff@apple.com>
1881
1882         Add support for relative pathnames to JSC config files
1883         https://bugs.webkit.org/show_bug.cgi?id=169154
1884
1885         Reviewed by Saam Barati.
1886
1887         If the config file is a relative path, prepend the current working directory.
1888         After canonicalizing the config file path, we extract its directory path and
1889         use that for the directory for a relative log pathname.
1890
1891         * runtime/ConfigFile.cpp:
1892         (JSC::ConfigFile::ConfigFile):
1893         (JSC::ConfigFile::parse):
1894         (JSC::ConfigFile::canonicalizePaths):
1895         * runtime/ConfigFile.h:
1896
1897 2017-03-03  Michael Saboff  <msaboff@apple.com>
1898
1899         Add load / store exclusive instruction group to ARM64 disassembler
1900         https://bugs.webkit.org/show_bug.cgi?id=169152
1901
1902         Reviewed by Filip Pizlo.
1903
1904         * disassembler/ARM64/A64DOpcode.cpp:
1905         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
1906         * disassembler/ARM64/A64DOpcode.h:
1907         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
1908         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
1909         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
1910         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
1911         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
1912         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
1913         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
1914         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
1915         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
1916
1917 2017-03-03  Keith Miller  <keith_miller@apple.com>
1918
1919         WASM should support faster loads.
1920         https://bugs.webkit.org/show_bug.cgi?id=162693
1921
1922         Reviewed by Saam Barati.
1923
1924         This patch adds support for WebAssembly using a 32-bit address
1925         space for memory (along with some extra space for offset
1926         overflow). With a 32-bit address space (we call them
1927         Signaling/fast memories), we reserve the virtual address space for
1928         2^32 + offset bytes of memory and only mark the usable section as
1929         read/write. If wasm code would read/write out of bounds we use a
1930         custom signal handler to catch the SIGBUS. The signal handler then
1931         checks if the faulting instruction is wasm code and tells the
1932         thread to resume executing from the wasm exception
1933         handler. Otherwise, the signal handler crashes the process, as
1934         usual.
1935
1936         All of the allocations of these memories are managed by the
1937         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
1938         old Signaling memories that are no longer in use. Since getting
1939         the wrong memory can cause recompiles, we try to reserve a memory
1940         for modules that do not import a memory. If a module does import a
1941         memory, we try to guess the type of memory we are going to get
1942         based on the last one allocated.
1943
1944         This patch also changes how the wasm JS-api manages objects. Since
1945         we can compile different versions of code, this patch adds a new
1946         JSWebAssemblyCodeBlock class that holds all the information
1947         specific to running a module in a particular bounds checking
1948         mode. Additionally, the Wasm::Memory object is now a reference
1949         counted class that is shared between the JSWebAssemblyMemory
1950         object and the ArrayBuffer that also views it.
1951
1952         * JavaScriptCore.xcodeproj/project.pbxproj:
1953         * jit/JITThunks.cpp:
1954         (JSC::JITThunks::existingCTIStub):
1955         * jit/JITThunks.h:
1956         * jsc.cpp:
1957         (jscmain):
1958         * runtime/Options.h:
1959         * runtime/VM.cpp:
1960         (JSC::VM::VM):
1961         * runtime/VM.h:
1962         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
1963         (JSC::JSWebAssemblyCodeBlock::create):
1964         (JSC::JSWebAssemblyCodeBlock::createStructure):
1965         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
1966         (JSC::JSWebAssemblyCodeBlock::mode):
1967         (JSC::JSWebAssemblyCodeBlock::module):
1968         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
1969         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
1970         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
1971         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
1972         (JSC::JSWebAssemblyCodeBlock::callees):
1973         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
1974         (JSC::JSWebAssemblyCodeBlock::allocationSize):
1975         * wasm/WasmB3IRGenerator.cpp:
1976         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1977         (JSC::Wasm::getMemoryBaseAndSize):
1978         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1979         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1980         (JSC::Wasm::B3IRGenerator::emitStoreOp):
1981         * wasm/WasmCallingConvention.h:
1982         * wasm/WasmFaultSignalHandler.cpp: Added.
1983         (JSC::Wasm::trapHandler):
1984         (JSC::Wasm::registerCode):
1985         (JSC::Wasm::unregisterCode):
1986         (JSC::Wasm::fastMemoryEnabled):
1987         (JSC::Wasm::enableFastMemory):
1988         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
1989         * wasm/WasmFormat.h:
1990         (JSC::Wasm::ModuleInformation::importFunctionCount):
1991         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
1992         * wasm/WasmMemory.cpp:
1993         (JSC::Wasm::mmapBytes):
1994         (JSC::Wasm::Memory::lastAllocatedMode):
1995         (JSC::Wasm::availableFastMemories):
1996         (JSC::Wasm::tryGetFastMemory):
1997         (JSC::Wasm::releaseFastMemory):
1998         (JSC::Wasm::Memory::Memory):
1999         (JSC::Wasm::Memory::createImpl):
2000         (JSC::Wasm::Memory::create):
2001         (JSC::Wasm::Memory::~Memory):
2002         (JSC::Wasm::Memory::grow):
2003         (JSC::Wasm::Memory::dump):
2004         (JSC::Wasm::Memory::makeString):
2005         * wasm/WasmMemory.h:
2006         (JSC::Wasm::Memory::operator bool):
2007         (JSC::Wasm::Memory::size):
2008         (JSC::Wasm::Memory::check):
2009         (JSC::Wasm::Memory::Memory): Deleted.
2010         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
2011         (JSC::Wasm::Memory::offsetOfSize): Deleted.
2012         * wasm/WasmMemoryInformation.cpp:
2013         (JSC::Wasm::MemoryInformation::MemoryInformation):
2014         * wasm/WasmMemoryInformation.h:
2015         (JSC::Wasm::MemoryInformation::hasReservedMemory):
2016         (JSC::Wasm::MemoryInformation::takeReservedMemory):
2017         (JSC::Wasm::MemoryInformation::mode):
2018         * wasm/WasmModuleParser.cpp:
2019         * wasm/WasmModuleParser.h:
2020         (JSC::Wasm::ModuleParser::ModuleParser):
2021         * wasm/WasmPlan.cpp:
2022         (JSC::Wasm::Plan::parseAndValidateModule):
2023         (JSC::Wasm::Plan::run):
2024         * wasm/WasmPlan.h:
2025         (JSC::Wasm::Plan::mode):
2026         * wasm/js/JSWebAssemblyCallee.cpp:
2027         (JSC::JSWebAssemblyCallee::finishCreation):
2028         (JSC::JSWebAssemblyCallee::destroy):
2029         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
2030         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
2031         (JSC::JSWebAssemblyCodeBlock::destroy):
2032         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
2033         (JSC::JSWebAssemblyCodeBlock::visitChildren):
2034         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
2035         * wasm/js/JSWebAssemblyInstance.cpp:
2036         (JSC::JSWebAssemblyInstance::setMemory):
2037         (JSC::JSWebAssemblyInstance::finishCreation):
2038         (JSC::JSWebAssemblyInstance::visitChildren):
2039         * wasm/js/JSWebAssemblyInstance.h:
2040         (JSC::JSWebAssemblyInstance::module):
2041         (JSC::JSWebAssemblyInstance::codeBlock):
2042         (JSC::JSWebAssemblyInstance::memoryMode):
2043         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
2044         * wasm/js/JSWebAssemblyMemory.cpp:
2045         (JSC::JSWebAssemblyMemory::create):
2046         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
2047         (JSC::JSWebAssemblyMemory::buffer):
2048         (JSC::JSWebAssemblyMemory::grow):
2049         (JSC::JSWebAssemblyMemory::destroy):
2050         * wasm/js/JSWebAssemblyMemory.h:
2051         (JSC::JSWebAssemblyMemory::memory):
2052         (JSC::JSWebAssemblyMemory::offsetOfMemory):
2053         (JSC::JSWebAssemblyMemory::offsetOfSize):
2054         * wasm/js/JSWebAssemblyModule.cpp:
2055         (JSC::JSWebAssemblyModule::buildCodeBlock):
2056         (JSC::JSWebAssemblyModule::create):
2057         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2058         (JSC::JSWebAssemblyModule::codeBlock):
2059         (JSC::JSWebAssemblyModule::finishCreation):
2060         (JSC::JSWebAssemblyModule::visitChildren):
2061         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
2062         * wasm/js/JSWebAssemblyModule.h:
2063         (JSC::JSWebAssemblyModule::takeReservedMemory):
2064         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
2065         (JSC::JSWebAssemblyModule::codeBlock):
2066         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
2067         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
2068         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
2069         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
2070         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
2071         (JSC::JSWebAssemblyModule::callees): Deleted.
2072         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
2073         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
2074         * wasm/js/WebAssemblyFunction.cpp:
2075         (JSC::callWebAssemblyFunction):
2076         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2077         (JSC::constructJSWebAssemblyInstance):
2078         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2079         (JSC::constructJSWebAssemblyMemory):
2080         * wasm/js/WebAssemblyModuleConstructor.cpp:
2081         (JSC::WebAssemblyModuleConstructor::createModule):
2082         * wasm/js/WebAssemblyModuleRecord.cpp:
2083         (JSC::WebAssemblyModuleRecord::link):
2084         (JSC::WebAssemblyModuleRecord::evaluate):
2085
2086 2017-03-03  Mark Lam  <mark.lam@apple.com>
2087
2088         Gardening: fix broken ARM64 build.
2089         https://bugs.webkit.org/show_bug.cgi?id=169139
2090
2091         Not reviewed.
2092
2093         * assembler/ARM64Assembler.h:
2094         (JSC::ARM64Assembler::excepnGenerationImmMask):
2095
2096 2017-03-03  Mark Lam  <mark.lam@apple.com>
2097
2098         Add MacroAssembler::isBreakpoint() query function.
2099         https://bugs.webkit.org/show_bug.cgi?id=169139
2100
2101         Reviewed by Michael Saboff.
2102
2103         This will be needed soon when we use breakpoint instructions to implement
2104         non-polling VM traps, and need to discern between a VM trap signal and a genuine
2105         assertion breakpoint.
2106
2107         * assembler/ARM64Assembler.h:
2108         (JSC::ARM64Assembler::isBrk):
2109         (JSC::ARM64Assembler::excepnGenerationImmMask):
2110         * assembler/ARMAssembler.h:
2111         (JSC::ARMAssembler::isBkpt):
2112         * assembler/ARMv7Assembler.h:
2113         (JSC::ARMv7Assembler::isBkpt):
2114         * assembler/MIPSAssembler.h:
2115         (JSC::MIPSAssembler::isBkpt):
2116         * assembler/MacroAssemblerARM.h:
2117         (JSC::MacroAssemblerARM::isBreakpoint):
2118         * assembler/MacroAssemblerARM64.h:
2119         (JSC::MacroAssemblerARM64::isBreakpoint):
2120         * assembler/MacroAssemblerARMv7.h:
2121         (JSC::MacroAssemblerARMv7::isBreakpoint):
2122         * assembler/MacroAssemblerMIPS.h:
2123         (JSC::MacroAssemblerMIPS::isBreakpoint):
2124         * assembler/MacroAssemblerX86Common.h:
2125         (JSC::MacroAssemblerX86Common::isBreakpoint):
2126         * assembler/X86Assembler.h:
2127         (JSC::X86Assembler::isInt3):
2128
2129 2017-03-03  Mark Lam  <mark.lam@apple.com>
2130
2131         We should only check for traps that we're able to handle.
2132         https://bugs.webkit.org/show_bug.cgi?id=169136
2133
2134         Reviewed by Michael Saboff.
2135
2136         The execute methods in interpreter were checking for the existence of any traps
2137         (without masking) and only handling a subset of those via a mask.  This can
2138         result in a failed assertion on debug builds.
2139
2140         This patch fixes this by applying the same mask for both the needTrapHandling()
2141         check and the handleTraps() call.  Also added a few assertions.
2142
2143         * interpreter/Interpreter.cpp:
2144         (JSC::Interpreter::executeProgram):
2145         (JSC::Interpreter::executeCall):
2146         (JSC::Interpreter::executeConstruct):
2147         (JSC::Interpreter::execute):
2148         * jit/JITOperations.cpp:
2149         * llint/LLIntSlowPaths.cpp:
2150         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2151
2152 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
2153
2154         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
2155         https://bugs.webkit.org/show_bug.cgi?id=169074
2156
2157         Reviewed by Joseph Pecoraro.
2158
2159         They are not actually cocoa specific.
2160
2161         * inspector/remote/RemoteInspector.cpp:
2162         (Inspector::RemoteInspector::updateTargetListing):
2163         * inspector/remote/RemoteInspector.h:
2164         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2165
2166 2017-03-02  Mark Lam  <mark.lam@apple.com>
2167
2168         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
2169         https://bugs.webkit.org/show_bug.cgi?id=169089
2170
2171         Reviewed by Tim Horton and Joseph Pecoraro.
2172
2173         * runtime/VM.cpp:
2174         (JSC::VM::handleTraps):
2175         * runtime/VM.h:
2176         (JSC::VM::notifyNeedDebuggerBreak):
2177
2178 2017-03-02  Michael Saboff  <msaboff@apple.com>
2179
2180         Add JSC identity when code signing to allow debugging on iOS
2181         https://bugs.webkit.org/show_bug.cgi?id=169099
2182
2183         Reviewed by Filip Pizlo.
2184
2185         * Configurations/JSC.xcconfig:
2186         * Configurations/ToolExecutable.xcconfig:
2187
2188 2017-03-02  Keith Miller  <keith_miller@apple.com>
2189
2190         WebAssemblyFunction should have Function.prototype as its prototype
2191         https://bugs.webkit.org/show_bug.cgi?id=169101
2192
2193         Reviewed by Filip Pizlo.
2194
2195         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
2196         objects should have Function.prototype as their prototype.
2197
2198         * runtime/JSGlobalObject.cpp:
2199         (JSC::JSGlobalObject::init):
2200
2201 2017-03-02  Mark Lam  <mark.lam@apple.com>
2202
2203         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
2204         https://bugs.webkit.org/show_bug.cgi?id=169088
2205
2206         Reviewed by Keith Miller.
2207
2208         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
2209         generated.  This is useful for testing purposes until we have signal based
2210         traps, at which point, we will always emit the op_check_traps bytecode and remove
2211         this option.
2212
2213         Options::usePollingTraps() enables the use of polling VM traps all the time.
2214         This will be useful for benchmark comparisons, (between polling and non-polling
2215         traps), as well as for forcing polling traps later for ports that don't support
2216         signal based traps.
2217
2218         Note: signal based traps are not fully implemented yet.  As a result, if the VM
2219         watchdog is in use, we will force Options::usePollingTraps() to be true.
2220
2221         * bytecompiler/BytecodeGenerator.cpp:
2222         (JSC::BytecodeGenerator::emitCheckTraps):
2223         * dfg/DFGClobberize.h:
2224         (JSC::DFG::clobberize):
2225         * dfg/DFGSpeculativeJIT.cpp:
2226         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2227         * dfg/DFGSpeculativeJIT32_64.cpp:
2228         (JSC::DFG::SpeculativeJIT::compile):
2229         * dfg/DFGSpeculativeJIT64.cpp:
2230         (JSC::DFG::SpeculativeJIT::compile):
2231         * ftl/FTLLowerDFGToB3.cpp:
2232         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2233         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2234         * runtime/Options.cpp:
2235         (JSC::recomputeDependentOptions):
2236         * runtime/Options.h:
2237
2238 2017-03-02  Keith Miller  <keith_miller@apple.com>
2239
2240         Fix addressing mode for B3WasmAddress
2241         https://bugs.webkit.org/show_bug.cgi?id=169092
2242
2243         Reviewed by Filip Pizlo.
2244
2245         Fix the potential addressing modes for B3WasmAddress. ARM does not
2246         support a base + index*1 + offset addressing mode. I think when I
2247         read it the first time I assumed it would always work on both ARM
2248         and X86. While true for X86 it's not true for ARM.
2249
2250         * b3/B3LowerToAir.cpp:
2251         (JSC::B3::Air::LowerToAir::effectiveAddr):
2252
2253 2017-03-02  Mark Lam  <mark.lam@apple.com>
2254
2255         Add support for selective handling of VM traps.
2256         https://bugs.webkit.org/show_bug.cgi?id=169087
2257
2258         Reviewed by Keith Miller.
2259
2260         This is needed because there are some places in the VM where it's appropriate to
2261         handle some types of VM traps but not others.
2262
2263         We implement this selection by using a VMTraps::Mask that allows the user to
2264         specify which traps should be serviced.
2265
2266         * interpreter/Interpreter.cpp:
2267         (JSC::Interpreter::executeProgram):
2268         (JSC::Interpreter::executeCall):
2269         (JSC::Interpreter::executeConstruct):
2270         (JSC::Interpreter::execute):
2271         * runtime/VM.cpp:
2272         (JSC::VM::handleTraps):
2273         * runtime/VM.h:
2274         * runtime/VMTraps.cpp:
2275         (JSC::VMTraps::takeTrap): Deleted.
2276         * runtime/VMTraps.h:
2277         (JSC::VMTraps::Mask::Mask):
2278         (JSC::VMTraps::Mask::allEventTypes):
2279         (JSC::VMTraps::Mask::bits):
2280         (JSC::VMTraps::Mask::init):
2281         (JSC::VMTraps::needTrapHandling):
2282         (JSC::VMTraps::hasTrapForEvent):
2283
2284 2017-03-02  Alex Christensen  <achristensen@webkit.org>
2285
2286         Continue enabling WebRTC
2287         https://bugs.webkit.org/show_bug.cgi?id=169056
2288
2289         Reviewed by Jon Lee.
2290
2291         * Configurations/FeatureDefines.xcconfig:
2292
2293 2017-03-02  Tomas Popela  <tpopela@redhat.com>
2294
2295         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
2296         https://bugs.webkit.org/show_bug.cgi?id=169034
2297
2298         Reviewed by Mark Lam.
2299
2300         It should not assign to offset, but compare to offset.
2301
2302         * runtime/JSGlobalObject.cpp:
2303         (JSC::JSGlobalObject::addStaticGlobals):
2304
2305 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2306
2307         Unreviewed, rolling out r213259.
2308
2309         Broke an internal build
2310
2311         Reverted changeset:
2312
2313         "Continue enabling WebRTC"
2314         https://bugs.webkit.org/show_bug.cgi?id=169056
2315         http://trac.webkit.org/changeset/213259
2316
2317 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2318
2319         Continue enabling WebRTC
2320         https://bugs.webkit.org/show_bug.cgi?id=169056
2321
2322         Reviewed by Jon Lee.
2323
2324         * Configurations/FeatureDefines.xcconfig:
2325
2326 2017-03-01  Michael Saboff  <msaboff@apple.com>
2327
2328         Source/JavaScriptCore/ChangeLog
2329         https://bugs.webkit.org/show_bug.cgi?id=169055
2330
2331         Reviewed by Mark Lam.
2332
2333         Made local copies of options strings for OptionRange and string typed options.
2334
2335         * runtime/Options.cpp:
2336         (JSC::parse):
2337         (JSC::OptionRange::init):
2338
2339 2017-03-01  Mark Lam  <mark.lam@apple.com>
2340
2341         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2342         https://bugs.webkit.org/show_bug.cgi?id=168996
2343
2344         Reviewed by Filip Pizlo and Saam Barati.
2345
2346         PlatformThread is more useful because it allows us to:
2347         1. find the MachineThreads::Thread which is associated with it.
2348         2. suspend / resume threads.
2349         3. send a signal to a thread.
2350
2351         We can't do those with std::thread::id.  We will need one or more of these
2352         capabilities to implement non-polling VM traps later.
2353
2354         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2355         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2356         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2357         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2358
2359         * JavaScriptCore.xcodeproj/project.pbxproj:
2360         * heap/MachineStackMarker.cpp:
2361         (JSC::MachineThreads::Thread::createForCurrentThread):
2362         (JSC::MachineThreads::machineThreadForCurrentThread):
2363         (JSC::MachineThreads::removeThread):
2364         (JSC::MachineThreads::Thread::suspend):
2365         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2366         (JSC::getCurrentPlatformThread): Deleted.
2367         * heap/MachineStackMarker.h:
2368         * runtime/JSCellInlines.h:
2369         (JSC::JSCell::classInfo):
2370         * runtime/JSLock.cpp:
2371         (JSC::JSLock::JSLock):
2372         (JSC::JSLock::lock):
2373         (JSC::JSLock::unlock):
2374         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2375         * runtime/JSLock.h:
2376         (JSC::JSLock::ownerThread):
2377         (JSC::JSLock::currentThreadIsHoldingLock):
2378         * runtime/PlatformThread.h: Added.
2379         (JSC::currentPlatformThread):
2380         * runtime/VM.cpp:
2381         (JSC::VM::~VM):
2382         * runtime/VM.h:
2383         (JSC::VM::ownerThread):
2384         * runtime/Watchdog.cpp:
2385         (JSC::Watchdog::setTimeLimit):
2386         (JSC::Watchdog::shouldTerminate):
2387         (JSC::Watchdog::startTimer):
2388         (JSC::Watchdog::stopTimer):
2389         * tools/JSDollarVMPrototype.cpp:
2390         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2391         * tools/VMInspector.cpp:
2392
2393 2017-03-01  Saam Barati  <sbarati@apple.com>
2394
2395         Implement a mega-disassembler that'll be used in the FTL
2396         https://bugs.webkit.org/show_bug.cgi?id=168685
2397
2398         Reviewed by Mark Lam.
2399
2400         This patch extends the previous Air disassembler to print the
2401         DFG and B3 nodes belonging to particular Air instructions.
2402         The algorithm I'm using to do this is not perfect. For example,
2403         it won't try to print the entire DFG/B3 graph. It'll just print
2404         the related nodes for particular Air instructions. We can make the
2405         algorithm more sophisticated as we get more experience looking at
2406         these IR dumps and get a better feel for what we want out of them.
2407
2408         This is an example of the output:
2409
2410         ...
2411         ...
2412         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2413            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2414                Patch &Patchpoint2, %r20, %r20, %r0, @54
2415          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2416            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2417                Move 32(%r20), %r5, @57
2418                       0x389cc9ac0:    ldur   x5, [x20, #32]
2419         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2420            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2421                Move32 (%r5), %r1, @58
2422                       0x389cc9ac4:    ldur   w1, [x5]
2423            Int32 @59 = Const32(DFG:@115, 92)
2424            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2425            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2426                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2427                       0x389cc9ac8:    cmp    w1, #92
2428                       0x389cc9acc:    b.ne   0x389cc9dac
2429         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2430            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2431                Move 8(%r5), %r4, @64
2432                       0x389cc9ad0:    ldur   x4, [x5, #8]
2433          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2434            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2435                Move32 -8(%r4), %r2, @67
2436                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2437       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2438            Int32 @68 = Const32(DFG:@192, -1)
2439                Move $0xffffffffffffffff, %r1, $-1(@68)
2440                       0x389cc9ad8:    mov    x1, #-1
2441          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2442            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2443                Add32 %r2, %r1, %r1, @69
2444                       0x389cc9adc:    add    w1, w2, w1
2445          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2446            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2447            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2448                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2449                       0x389cc9ae0:    cmp    x0, x22
2450                       0x389cc9ae4:    b.lo   0x389cc9dc0
2451            Int32 @72 = Trunc(@53, DFG:@86)
2452            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2453                And32 %r1, %r0, %r1, @73
2454                       0x389cc9ae8:    and    w1, w1, w0
2455            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2456            Int32 @72 = Trunc(@53, DFG:@86)
2457            Int64 @11 = SlotBase(stack0)
2458            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2459                Move32 %r0, -64(%fp), @76
2460                       0x389cc9aec:    stur   w0, [fp, #-64]
2461            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2462            Int64 @77 = ZExt32(@73, DFG:@12)
2463            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2464                Add64 %r1, %r22, %r3, @78
2465                       0x389cc9af0:    add    x3, x1, x22
2466            Int64 @11 = SlotBase(stack0)
2467            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2468                Move %r3, -72(%fp), @81
2469                       0x389cc9af4:    stur   x3, [fp, #-72]
2470            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2471            Int32 @82 = Trunc(@24, DFG:@10)
2472            Int64 @11 = SlotBase(stack0)
2473            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2474                Move32 %r21, -80(%fp), @85
2475                       0x389cc9af8:    stur   w21, [fp, #-80]
2476           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2477            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2478            Void @90 = Branch(@89, DFG:@129, Terminal)
2479                Branch32 AboveOrEqual, %r1, %r2, @90
2480                       0x389cc9afc:    cmp    w1, w2
2481                       0x389cc9b00:    b.hs   0x389cc9bec
2482         ...
2483         ...
2484
2485         * b3/air/AirDisassembler.cpp:
2486         (JSC::B3::Air::Disassembler::dump):
2487         * b3/air/AirDisassembler.h:
2488         * ftl/FTLCompile.cpp:
2489         (JSC::FTL::compile):
2490         * ftl/FTLLowerDFGToB3.cpp:
2491         (JSC::FTL::DFG::LowerDFGToB3::lower):
2492         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2493         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2494         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2495         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2496
2497 2017-03-01  Mark Lam  <mark.lam@apple.com>
2498
2499         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2500         https://bugs.webkit.org/show_bug.cgi?id=169042
2501
2502         Not reviewed.
2503
2504         Rolling out r213229 and r213202.
2505
2506         * JavaScriptCore.xcodeproj/project.pbxproj:
2507         * heap/MachineStackMarker.cpp:
2508         (JSC::getCurrentPlatformThread):
2509         (JSC::MachineThreads::Thread::createForCurrentThread):
2510         (JSC::MachineThreads::machineThreadForCurrentThread):
2511         (JSC::MachineThreads::removeThread):
2512         (JSC::MachineThreads::Thread::suspend):
2513         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2514         * heap/MachineStackMarker.h:
2515         * runtime/JSCellInlines.h:
2516         (JSC::JSCell::classInfo):
2517         * runtime/JSLock.cpp:
2518         (JSC::JSLock::JSLock):
2519         (JSC::JSLock::lock):
2520         (JSC::JSLock::unlock):
2521         (JSC::JSLock::currentThreadIsHoldingLock):
2522         * runtime/JSLock.h:
2523         (JSC::JSLock::ownerThread):
2524         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2525         * runtime/PlatformThread.h: Removed.
2526         * runtime/VM.cpp:
2527         (JSC::VM::~VM):
2528         * runtime/VM.h:
2529         (JSC::VM::ownerThread):
2530         * runtime/Watchdog.cpp:
2531         (JSC::Watchdog::setTimeLimit):
2532         (JSC::Watchdog::shouldTerminate):
2533         (JSC::Watchdog::startTimer):
2534         (JSC::Watchdog::stopTimer):
2535         * tools/JSDollarVMPrototype.cpp:
2536         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2537         * tools/VMInspector.cpp:
2538
2539 2017-03-01  Mark Lam  <mark.lam@apple.com>
2540
2541         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2542         https://bugs.webkit.org/show_bug.cgi?id=169042
2543
2544         Reviewed by Filip Pizlo.
2545
2546         * runtime/JSLock.h:
2547         (JSC::JSLock::currentThreadIsHoldingLock):
2548
2549 2017-02-28  Brian Burg  <bburg@apple.com>
2550
2551         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
2552         https://bugs.webkit.org/show_bug.cgi?id=168695
2553         <rdar://problem/30643899>
2554
2555         Reviewed by Joseph Pecoraro.
2556
2557         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
2558         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
2559         to gather listing information for RemoteAutomationTargets.
2560
2561         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
2562         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
2563         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
2564
2565         * inspector/remote/RemoteInspector.h:
2566         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
2567
2568         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2569         (Inspector::RemoteConnectionToTarget::setup):
2570         (Inspector::RemoteConnectionToTarget::close):
2571         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
2572         and use it inside the block later after it may have been destructed already. If that happens,
2573         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
2574
2575         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2576         (Inspector::RemoteInspector::updateTargetListing):
2577         We need to make sure to request a listing push after the target is updated, so implicitly call
2578         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
2579
2580         (Inspector::RemoteInspector::receivedSetupMessage):
2581         (Inspector::RemoteInspector::receivedDidCloseMessage):
2582         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
2583         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
2584         and asynchronously on the target's queue when the connection to target is opened or closed.
2585
2586 2017-03-01  Tomas Popela  <tpopela@redhat.com>
2587
2588         Leak under Options::setOptions
2589         https://bugs.webkit.org/show_bug.cgi?id=169029
2590
2591         Reviewed by Michael Saboff.
2592
2593         Don't leak the optionsStrCopy variable.
2594
2595         * runtime/Options.cpp:
2596         (JSC::Options::setOptions):
2597
2598 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2599
2600         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
2601         https://bugs.webkit.org/show_bug.cgi?id=168968
2602
2603         Reviewed by Saam Barati.
2604
2605         This patch decouples dumping bytecode sequence from CodeBlock.
2606         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
2607         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
2608         called Generatorification.
2609
2610         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
2611         this class to dump bytecode sequence.
2612
2613         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
2614         which dumps unlinked bytecode sequence before generatorification if it is enabled.
2615
2616         * CMakeLists.txt:
2617         * JavaScriptCore.xcodeproj/project.pbxproj:
2618         * bytecode/BytecodeDumper.cpp: Added.
2619         (JSC::getStructureID):
2620         (JSC::getSpecialPointer):
2621         (JSC::getPutByIdFlags):
2622         (JSC::getToThisStatus):
2623         (JSC::getPointer):
2624         (JSC::getStructureChain):
2625         (JSC::getStructure):
2626         (JSC::getCallLinkInfo):
2627         (JSC::getBasicBlockLocation):
2628         (JSC::BytecodeDumper<Block>::actualPointerFor):
2629         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
2630         (JSC::beginDumpProfiling):
2631         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
2632         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
2633         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
2634         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
2635         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
2636         (JSC::dumpRareCaseProfile):
2637         (JSC::dumpArithProfile):
2638         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
2639         (JSC::BytecodeDumper<Block>::vm):
2640         (JSC::BytecodeDumper<Block>::identifier):
2641         (JSC::regexpToSourceString):
2642         (JSC::regexpName):
2643         (JSC::printLocationAndOp):
2644         (JSC::isConstantRegisterIndex):
2645         (JSC::debugHookName):
2646         (JSC::BytecodeDumper<Block>::registerName):
2647         (JSC::idName):
2648         (JSC::BytecodeDumper<Block>::constantName):
2649         (JSC::BytecodeDumper<Block>::printUnaryOp):
2650         (JSC::BytecodeDumper<Block>::printBinaryOp):
2651         (JSC::BytecodeDumper<Block>::printConditionalJump):
2652         (JSC::BytecodeDumper<Block>::printGetByIdOp):
2653         (JSC::dumpStructure):
2654         (JSC::dumpChain):
2655         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
2656         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
2657         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
2658         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
2659         (JSC::BytecodeDumper<Block>::printCallOp):
2660         (JSC::BytecodeDumper<Block>::printPutByIdOp):
2661         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
2662         (JSC::BytecodeDumper<Block>::dumpBytecode):
2663         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2664         (JSC::BytecodeDumper<Block>::dumpConstants):
2665         (JSC::BytecodeDumper<Block>::dumpRegExps):
2666         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2667         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2668         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2669         (JSC::BytecodeDumper<Block>::dumpBlock):
2670         * bytecode/BytecodeDumper.h: Added.
2671         (JSC::BytecodeDumper::BytecodeDumper):
2672         (JSC::BytecodeDumper::block):
2673         (JSC::BytecodeDumper::instructionsBegin):
2674         * bytecode/BytecodeGeneratorification.cpp:
2675         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2676         (JSC::performGeneratorification):
2677         * bytecode/BytecodeLivenessAnalysis.cpp:
2678         (JSC::BytecodeLivenessAnalysis::dumpResults):
2679         * bytecode/CodeBlock.cpp:
2680         (JSC::CodeBlock::dumpBytecode):
2681         (JSC::CodeBlock::finishCreation):
2682         (JSC::CodeBlock::propagateTransitions):
2683         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2684         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2685         (JSC::CodeBlock::usesOpcode):
2686         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2687         (JSC::CodeBlock::arithProfileForPC):
2688         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2689         (JSC::idName): Deleted.
2690         (JSC::CodeBlock::registerName): Deleted.
2691         (JSC::CodeBlock::constantName): Deleted.
2692         (JSC::regexpToSourceString): Deleted.
2693         (JSC::regexpName): Deleted.
2694         (JSC::debugHookName): Deleted.
2695         (JSC::CodeBlock::printUnaryOp): Deleted.
2696         (JSC::CodeBlock::printBinaryOp): Deleted.
2697         (JSC::CodeBlock::printConditionalJump): Deleted.
2698         (JSC::CodeBlock::printGetByIdOp): Deleted.
2699         (JSC::dumpStructure): Deleted.
2700         (JSC::dumpChain): Deleted.
2701         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
2702         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
2703         (JSC::CodeBlock::printCallOp): Deleted.
2704         (JSC::CodeBlock::printPutByIdOp): Deleted.
2705         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
2706         (JSC::CodeBlock::beginDumpProfiling): Deleted.
2707         (JSC::CodeBlock::dumpValueProfiling): Deleted.
2708         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
2709         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
2710         (JSC::CodeBlock::dumpArithProfile): Deleted.
2711         (JSC::CodeBlock::printLocationAndOp): Deleted.
2712         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
2713         * bytecode/CodeBlock.h:
2714         (JSC::CodeBlock::constantRegisters):
2715         (JSC::CodeBlock::numberOfRegExps):
2716         (JSC::CodeBlock::bitVectors):
2717         (JSC::CodeBlock::bitVector):
2718         * bytecode/HandlerInfo.h:
2719         (JSC::HandlerInfoBase::typeName):
2720         * bytecode/UnlinkedCodeBlock.cpp:
2721         (JSC::UnlinkedCodeBlock::dump):
2722         * bytecode/UnlinkedCodeBlock.h:
2723         (JSC::UnlinkedCodeBlock::getConstant):
2724         * bytecode/UnlinkedInstructionStream.cpp:
2725         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
2726         * bytecode/UnlinkedInstructionStream.h:
2727         (JSC::UnlinkedInstructionStream::Reader::next):
2728         * runtime/Options.h:
2729
2730 2017-02-28  Mark Lam  <mark.lam@apple.com>
2731
2732         Change JSLock to stash PlatformThread instead of std::thread::id.
2733         https://bugs.webkit.org/show_bug.cgi?id=168996
2734
2735         Reviewed by Filip Pizlo.
2736
2737         PlatformThread is more useful because it allows us to:
2738         1. find the MachineThreads::Thread which is associated with it.
2739         2. suspend / resume threads.
2740         3. send a signal to a thread.
2741
2742         We can't do those with std::thread::id.  We will need one or more of these
2743         capabilities to implement non-polling VM traps later.
2744
2745         * JavaScriptCore.xcodeproj/project.pbxproj:
2746         * heap/MachineStackMarker.cpp:
2747         (JSC::MachineThreads::Thread::createForCurrentThread):
2748         (JSC::MachineThreads::machineThreadForCurrentThread):
2749         (JSC::MachineThreads::removeThread):
2750         (JSC::MachineThreads::Thread::suspend):
2751         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2752         (JSC::getCurrentPlatformThread): Deleted.
2753         * heap/MachineStackMarker.h:
2754         * runtime/JSCellInlines.h:
2755         (JSC::JSCell::classInfo):
2756         * runtime/JSLock.cpp:
2757         (JSC::JSLock::lock):
2758         (JSC::JSLock::unlock):
2759         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2760         * runtime/JSLock.h:
2761         (JSC::JSLock::ownerThread):
2762         (JSC::JSLock::currentThreadIsHoldingLock):
2763         * runtime/PlatformThread.h: Added.
2764         (JSC::currentPlatformThread):
2765         * runtime/VM.cpp:
2766         (JSC::VM::~VM):
2767         * runtime/VM.h:
2768         (JSC::VM::ownerThread):
2769         * runtime/Watchdog.cpp:
2770         (JSC::Watchdog::setTimeLimit):
2771         (JSC::Watchdog::shouldTerminate):
2772         (JSC::Watchdog::startTimer):
2773         (JSC::Watchdog::stopTimer):
2774         * tools/JSDollarVMPrototype.cpp:
2775         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2776         * tools/VMInspector.cpp:
2777
2778 2017-02-28  Mark Lam  <mark.lam@apple.com>
2779
2780         Enable the SigillCrashAnalyzer by default for iOS.
2781         https://bugs.webkit.org/show_bug.cgi?id=168989
2782
2783         Reviewed by Keith Miller.
2784
2785         * runtime/Options.cpp:
2786         (JSC::overrideDefaults):
2787
2788 2017-02-28  Mark Lam  <mark.lam@apple.com>
2789
2790         Remove setExclusiveThread() and peers from the JSLock.
2791         https://bugs.webkit.org/show_bug.cgi?id=168977
2792
2793         Reviewed by Filip Pizlo.
2794
2795         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
2796         Speedometer, we see that removal of exclusive thread status has no measurable
2797         impact on performance.  So, let's remove the code for handling exclusive thread
2798         status, and simplify the JSLock code.
2799
2800         For the records, exclusive thread status does improve JSLock locking/unlocking
2801         time by up to 20%.  However, this difference is not measurable in the way WebCore
2802         uses the JSLock as confirmed by Speedometer.
2803
2804         Also applied a minor optimization in JSLock::lock() to assume the initial lock
2805         entry case (as opposed to the re-entry case).  This appears to shows a small
2806         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
2807         time in a micro-benchmark.
2808
2809         * heap/Heap.cpp:
2810         (JSC::Heap::Heap):
2811         * heap/MachineStackMarker.cpp:
2812         (JSC::MachineThreads::MachineThreads):
2813         (JSC::MachineThreads::addCurrentThread):
2814         * heap/MachineStackMarker.h:
2815         * runtime/JSLock.cpp:
2816         (JSC::JSLock::JSLock):
2817         (JSC::JSLock::lock):
2818         (JSC::JSLock::unlock):
2819         (JSC::JSLock::currentThreadIsHoldingLock):
2820         (JSC::JSLock::dropAllLocks):
2821         (JSC::JSLock::grabAllLocks):
2822         (JSC::JSLock::setExclusiveThread): Deleted.
2823         * runtime/JSLock.h:
2824         (JSC::JSLock::ownerThread):
2825         (JSC::JSLock::hasExclusiveThread): Deleted.
2826         (JSC::JSLock::exclusiveThread): Deleted.
2827         * runtime/VM.h:
2828         (JSC::VM::hasExclusiveThread): Deleted.
2829         (JSC::VM::exclusiveThread): Deleted.
2830         (JSC::VM::setExclusiveThread): Deleted.
2831
2832 2017-02-28  Saam Barati  <sbarati@apple.com>
2833
2834         Arm64 disassembler prints "ars" instead of "asr"
2835         https://bugs.webkit.org/show_bug.cgi?id=168923
2836
2837         Rubber stamped by Michael Saboff.
2838
2839         * disassembler/ARM64/A64DOpcode.cpp:
2840         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2841
2842 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
2843
2844         Use of arguments in arrow function is slow
2845         https://bugs.webkit.org/show_bug.cgi?id=168829
2846
2847         Reviewed by Saam Barati.
2848
2849         Current patch improves performance access to arguments within arrow functuion
2850         by preventing create arguments variable within arrow function, also allow to cache 
2851         arguments variable. Before arguments variable always have Dynamic resolve type, after 
2852         patch it can be ClosureVar, that increase performance of access to arguments variable
2853         in 9 times inside of the arrow function. 
2854
2855         * bytecompiler/BytecodeGenerator.cpp:
2856         (JSC::BytecodeGenerator::BytecodeGenerator):
2857         * runtime/JSScope.cpp:
2858         (JSC::abstractAccess):
2859
2860 2017-02-28  Michael Saboff  <msaboff@apple.com>
2861
2862         Add ability to configure JSC options from a file
2863         https://bugs.webkit.org/show_bug.cgi?id=168914
2864
2865         Reviewed by Filip Pizlo.
2866
2867         Added the ability to set options and DataLog file location via a configuration file.
2868         The configuration file is specified with the --configFile option to JSC or the
2869         JSC_configFile environment variable.
2870
2871         The file format allows for options conditionally dependent on various attributes.
2872         Currently those attributes are the process name, parent process name and build
2873         type (Release or Debug).  In this patch, the parent process type is not set.
2874         That will be set up in WebKit code with a follow up patch.
2875
2876         Here is an example config file:
2877
2878             logFile = "/tmp/jscLog.%pid.txt"
2879
2880             jscOptions {
2881                 dumpOptions = 2
2882             }
2883
2884             build == "Debug" {
2885                 jscOptions {
2886                     useConcurrentJIT = false
2887                     dumpDisassembly = true
2888                 }
2889             }
2890
2891             build == "Release" && processName == "jsc" {
2892                 jscOptions {
2893                     asyncDisassembly = true
2894                 }
2895             }
2896
2897         Eliminated the prior options file code.
2898
2899         * CMakeLists.txt:
2900         * JavaScriptCore.xcodeproj/project.pbxproj:
2901         * jsc.cpp:
2902         (jscmain):
2903         * runtime/ConfigFile.cpp: Added.
2904         (JSC::ConfigFileScanner::ConfigFileScanner):
2905         (JSC::ConfigFileScanner::start):
2906         (JSC::ConfigFileScanner::lineNumber):
2907         (JSC::ConfigFileScanner::currentBuffer):
2908         (JSC::ConfigFileScanner::atFileEnd):
2909         (JSC::ConfigFileScanner::tryConsume):
2910         (JSC::ConfigFileScanner::tryConsumeString):
2911         (JSC::ConfigFileScanner::tryConsumeUpto):
2912         (JSC::ConfigFileScanner::fillBufferIfNeeded):
2913         (JSC::ConfigFileScanner::fillBuffer):
2914         (JSC::ConfigFile::ConfigFile):
2915         (JSC::ConfigFile::setProcessName):
2916         (JSC::ConfigFile::setParentProcessName):
2917         (JSC::ConfigFile::parse):
2918         * runtime/ConfigFile.h: Added.
2919         * runtime/Options.cpp:
2920         (JSC::Options::initialize):
2921         (JSC::Options::setOptions):
2922         * runtime/Options.h:
2923
2924 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2925
2926         Begin enabling WebRTC on 64-bit
2927         https://bugs.webkit.org/show_bug.cgi?id=168915
2928
2929         Reviewed by Eric Carlson.
2930
2931         * Configurations/FeatureDefines.xcconfig:
2932
2933 2017-02-27  Mark Lam  <mark.lam@apple.com>
2934
2935         Introduce a VM Traps mechanism and refactor Watchdog to use it.
2936         https://bugs.webkit.org/show_bug.cgi?id=168842
2937
2938         Reviewed by Filip Pizlo.
2939
2940         Currently, the traps mechanism is only used for the JSC watchdog, and for
2941         asynchronous termination requests (which is currently only used for worker
2942         threads termination).
2943
2944         This first cut of the traps mechanism still relies on polling from DFG and FTL
2945         code.  This is done to keep the patch as small as possible.  The work to do
2946         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
2947         another patch.
2948
2949         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
2950         flag to enable the traps polling in the DFG and FTL code.  When we have the
2951         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
2952         the VM::m_needAsynchronousTerminationSupport flag.
2953
2954         Note: this patch also separates asynchronous termination support from the JSC
2955         watchdog.  This separation allows us to significantly simplify the locking
2956         requirements in the watchdog code, and make it easier to reason about its
2957         correctness.
2958
2959         * CMakeLists.txt:
2960         * JavaScriptCore.xcodeproj/project.pbxproj:
2961         * bytecode/BytecodeList.json:
2962         * bytecode/BytecodeUseDef.h:
2963         (JSC::computeUsesForBytecodeOffset):
2964         (JSC::computeDefsForBytecodeOffset):
2965         * bytecode/CodeBlock.cpp:
2966         (JSC::CodeBlock::dumpBytecode):
2967         * bytecompiler/BytecodeGenerator.cpp:
2968         (JSC::BytecodeGenerator::BytecodeGenerator):
2969         (JSC::BytecodeGenerator::emitLoopHint):
2970         (JSC::BytecodeGenerator::emitCheckTraps):
2971         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
2972         * bytecompiler/BytecodeGenerator.h:
2973         * dfg/DFGAbstractInterpreterInlines.h:
2974         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2975         * dfg/DFGByteCodeParser.cpp:
2976         (JSC::DFG::ByteCodeParser::parseBlock):
2977         * dfg/DFGCapabilities.cpp:
2978         (JSC::DFG::capabilityLevel):
2979         * dfg/DFGClobberize.h:
2980         (JSC::DFG::clobberize):
2981         * dfg/DFGDoesGC.cpp:
2982         (JSC::DFG::doesGC):
2983         * dfg/DFGFixupPhase.cpp:
2984         (JSC::DFG::FixupPhase::fixupNode):
2985         * dfg/DFGNodeType.h:
2986         * dfg/DFGPredictionPropagationPhase.cpp:
2987         * dfg/DFGSafeToExecute.h:
2988         (JSC::DFG::safeToExecute):
2989         * dfg/DFGSpeculativeJIT.cpp:
2990         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2991         * dfg/DFGSpeculativeJIT.h:
2992         * dfg/DFGSpeculativeJIT32_64.cpp:
2993         (JSC::DFG::SpeculativeJIT::compile):
2994         * dfg/DFGSpeculativeJIT64.cpp:
2995         (JSC::DFG::SpeculativeJIT::compile):
2996         * ftl/FTLCapabilities.cpp:
2997         (JSC::FTL::canCompile):
2998         * ftl/FTLLowerDFGToB3.cpp:
2999         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3000         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
3001         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
3002         * interpreter/Interpreter.cpp:
3003         (JSC::Interpreter::executeProgram):
3004         (JSC::Interpreter::executeCall):
3005         (JSC::Interpreter::executeConstruct):
3006         (JSC::Interpreter::execute):
3007         * jit/JIT.cpp:
3008         (JSC::JIT::privateCompileMainPass):
3009         (JSC::JIT::privateCompileSlowCases):
3010         * jit/JIT.h:
3011         * jit/JITOpcodes.cpp:
3012         (JSC::JIT::emit_op_check_traps):
3013         (JSC::JIT::emitSlow_op_check_traps):
3014         (JSC::JIT::emit_op_watchdog): Deleted.
3015         (JSC::JIT::emitSlow_op_watchdog): Deleted.
3016         * jit/JITOperations.cpp:
3017         * jit/JITOperations.h:
3018         * llint/LLIntSlowPaths.cpp:
3019         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3020         * llint/LLIntSlowPaths.h:
3021         * llint/LowLevelInterpreter.asm:
3022         * llint/LowLevelInterpreter32_64.asm:
3023         * llint/LowLevelInterpreter64.asm:
3024         * runtime/VM.cpp:
3025         (JSC::VM::~VM):
3026         (JSC::VM::ensureWatchdog):
3027         (JSC::VM::handleTraps):
3028         * runtime/VM.h:
3029         (JSC::VM::ownerThread):
3030         (JSC::VM::needTrapHandling):
3031         (JSC::VM::needTrapHandlingAddress):
3032         (JSC::VM::notifyNeedTermination):
3033         (JSC::VM::notifyNeedWatchdogCheck):
3034         (JSC::VM::needAsynchronousTerminationSupport):
3035         (JSC::VM::setNeedAsynchronousTerminationSupport):
3036         * runtime/VMInlines.h:
3037         (JSC::VM::shouldTriggerTermination): Deleted.
3038         * runtime/VMTraps.cpp: Added.
3039         (JSC::VMTraps::fireTrap):
3040         (JSC::VMTraps::takeTrap):
3041         * runtime/VMTraps.h: Added.
3042         (JSC::VMTraps::needTrapHandling):
3043         (JSC::VMTraps::needTrapHandlingAddress):
3044         (JSC::VMTraps::hasTrapForEvent):
3045         (JSC::VMTraps::setTrapForEvent):
3046         (JSC::VMTraps::clearTrapForEvent):
3047         * runtime/Watchdog.cpp:
3048         (JSC::Watchdog::Watchdog):
3049         (JSC::Watchdog::setTimeLimit):
3050         (JSC::Watchdog::shouldTerminate):
3051         (JSC::Watchdog::enteredVM):
3052         (JSC::Watchdog::exitedVM):
3053         (JSC::Watchdog::startTimer):
3054         (JSC::Watchdog::stopTimer):
3055         (JSC::Watchdog::willDestroyVM):
3056         (JSC::Watchdog::terminateSoon): Deleted.
3057         (JSC::Watchdog::shouldTerminateSlow): Deleted.
3058         * runtime/Watchdog.h:
3059         (JSC::Watchdog::shouldTerminate): Deleted.
3060         (JSC::Watchdog::timerDidFireAddress): Deleted.
3061
3062 2017-02-27  Commit Queue  <commit-queue@webkit.org>
3063
3064         Unreviewed, rolling out r213019.
3065         https://bugs.webkit.org/show_bug.cgi?id=168925
3066
3067         "It broke 32-bit jsc tests in debug builds" (Requested by
3068         saamyjoon on #webkit).
3069
3070         Reverted changeset:
3071
3072         "op_get_by_id_with_this should use inline caching"
3073         https://bugs.webkit.org/show_bug.cgi?id=162124
3074         http://trac.webkit.org/changeset/213019
3075
3076 2017-02-27  JF Bastien  <jfbastien@apple.com>
3077
3078         WebAssembly: miscellaneous spec fixes part deux
3079         https://bugs.webkit.org/show_bug.cgi?id=168861
3080
3081         Reviewed by Keith Miller.
3082
3083         * wasm/WasmFunctionParser.h: add some FIXME
3084
3085 2017-02-27  Alex Christensen  <achristensen@webkit.org>
3086
3087         [libwebrtc] Enable WebRTC in some Production Builds
3088         https://bugs.webkit.org/show_bug.cgi?id=168858
3089
3090         * Configurations/FeatureDefines.xcconfig:
3091
3092 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
3093
3094         op_get_by_id_with_this should use inline caching
3095         https://bugs.webkit.org/show_bug.cgi?id=162124
3096
3097         Reviewed by Saam Barati.
3098
3099         This patch is enabling inline cache for op_get_by_id_with_this in all
3100         tiers. It means that operations using ```super.member``` are going to
3101         be able to be optimized by PIC. To enable it, we introduced a new
3102         member of StructureStubInfo.patch named thisGPR, created a new class
3103         to manage the IC named JITGetByIdWithThisGenerator and changed
3104         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
3105         to decide the correct this value on inline caches.
3106         With inline cached enabled, ```super.member``` are ~4.5x faster,
3107         according microbenchmarks.
3108
3109         * bytecode/AccessCase.cpp:
3110         (JSC::AccessCase::generateImpl):
3111         * bytecode/PolymorphicAccess.cpp:
3112         (JSC::PolymorphicAccess::regenerate):
3113         * bytecode/PolymorphicAccess.h:
3114         * bytecode/StructureStubInfo.cpp:
3115         (JSC::StructureStubInfo::reset):
3116         * bytecode/StructureStubInfo.h:
3117         * dfg/DFGFixupPhase.cpp:
3118         (JSC::DFG::FixupPhase::fixupNode):
3119         * dfg/DFGJITCompiler.cpp:
3120         (JSC::DFG::JITCompiler::link):
3121         * dfg/DFGJITCompiler.h:
3122         (JSC::DFG::JITCompiler::addGetByIdWithThis):
3123         * dfg/DFGSpeculativeJIT.cpp:
3124         (JSC::DFG::SpeculativeJIT::compileIn):
3125         * dfg/DFGSpeculativeJIT.h:
3126         (JSC::DFG::SpeculativeJIT::callOperation):
3127         * dfg/DFGSpeculativeJIT32_64.cpp:
3128         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3129         (JSC::DFG::SpeculativeJIT::compile):
3130         * dfg/DFGSpeculativeJIT64.cpp:
3131         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3132         (JSC::DFG::SpeculativeJIT::compile):
3133         * ftl/FTLLowerDFGToB3.cpp:
3134         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
3135         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
3136         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
3137         * jit/CCallHelpers.h:
3138         (JSC::CCallHelpers::setupArgumentsWithExecState):
3139         * jit/ICStats.h:
3140         * jit/JIT.cpp:
3141         (JSC::JIT::JIT):
3142         (JSC::JIT::privateCompileSlowCases):
3143         (JSC::JIT::link):
3144         * jit/JIT.h:
3145         * jit/JITInlineCacheGenerator.cpp:
3146         (JSC::JITByIdGenerator::JITByIdGenerator):
3147         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
3148         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
3149         * jit/JITInlineCacheGenerator.h:
3150         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
3151         * jit/JITInlines.h:
3152         (JSC::JIT::callOperation):
3153         * jit/JITOperations.cpp:
3154         * jit/JITOperations.h:
3155         * jit/JITPropertyAccess.cpp:
3156         (JSC::JIT::emit_op_get_by_id_with_this):
3157         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3158         * jit/JITPropertyAccess32_64.cpp:
3159         (JSC::JIT::emit_op_get_by_id_with_this):
3160         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3161         * jit/Repatch.cpp:
3162         (JSC::appropriateOptimizingGetByIdFunction):
3163         (JSC::appropriateGenericGetByIdFunction):
3164         (JSC::tryCacheGetByID):
3165         * jit/Repatch.h:
3166         * jsc.cpp:
3167         (WTF::CustomGetter::getOwnPropertySlot):
3168         (WTF::CustomGetter::customGetterAcessor):
3169
3170 2017-02-24  JF Bastien  <jfbastien@apple.com>
3171
3172         WebAssembly: miscellaneous spec fixes
3173         https://bugs.webkit.org/show_bug.cgi?id=168822
3174
3175         Reviewed by Saam Barati.
3176
3177         * wasm/WasmModuleParser.cpp: "unknown" sections are now called "custom" sections
3178         * wasm/WasmSections.h:
3179         (JSC::Wasm::validateOrder):
3180         (JSC::Wasm::makeString): fix ASSERT_UNREACHABLE bug in printing
3181         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3182         (JSC::constructJSWebAssemblyInstance): disallow i64 import
3183         * wasm/js/WebAssemblyModuleRecord.cpp:
3184         (JSC::WebAssemblyModuleRecord::link): disallow i64 export
3185         (JSC::WebAssemblyModuleRecord::evaluate):
3186
3187 2017-02-24  Filip Pizlo  <fpizlo@apple.com>
3188
3189         Move Arg::Type and Arg::Width out into the B3 namespace, since they are general concepts
3190         https://bugs.webkit.org/show_bug.cgi?id=168833
3191
3192         Reviewed by Saam Barati.
3193         
3194         I want to use the Air::Arg::Type and Air::Arg::Width concepts in B3. We are already
3195         doing this a bit, and it's akward because of the namespacing. Throughout B3 we take the
3196         approach that if something is not specific to Air, then it should be in the B3
3197         namespace.
3198         
3199         This moves Air::Arg::Type to B3::Bank. This moves Air::Arg::Width to B3::Width.
3200         
3201         I renamed Arg::Type to Bank because there is already a B3::Type and because Arg::Type
3202         was never really a type. Its purpose was always to identify register banks, and we use
3203         this enum when the thing we care about is whether the value is most appropriate for
3204         GPRs or FPRs.
3205         
3206         I kept both as non-enum classes because I think that we've learned that terse compiler
3207         code is a good thing. I don't want to say Bank::GP when I can say GP. With Width, the
3208         argument is even stronger, since you cannot say Width::8 but you can say Width8.
3209
3210         * CMakeLists.txt:
3211         * JavaScriptCore.xcodeproj/project.pbxproj:
3212         * b3/B3Bank.cpp: Added.
3213         (WTF::printInternal):
3214         * b3/B3Bank.h: Added.
3215         (JSC::B3::forEachBank):
3216         (JSC::B3::bankForType):
3217         * b3/B3CheckSpecial.cpp:
3218         (JSC::B3::CheckSpecial::forEachArg):
3219         * b3/B3LegalizeMemoryOffsets.cpp:
3220         * b3/B3LowerToAir.cpp:
3221         (JSC::B3::Air::LowerToAir::run):
3222         (JSC::B3::Air::LowerToAir::tmp):
3223         (JSC::B3::Air::LowerToAir::scaleForShl):
3224         (JSC::B3::Air::LowerToAir::effectiveAddr):
3225         (JSC::B3::Air::LowerToAir::addr):
3226         (JSC::B3::Air::LowerToAir::createGenericCompare):
3227         (JSC::B3::Air::LowerToAir::createBranch):
3228         (JSC::B3::Air::LowerToAir::createCompare):
3229         (JSC::B3::Air::LowerToAir::createSelect):
3230         (JSC::B3::Air::LowerToAir::lower):
3231         * b3/B3MemoryValue.cpp:
3232         (JSC::B3::MemoryValue::accessWidth):
3233         * b3/B3MemoryValue.h:
3234         * b3/B3MoveConstants.cpp:
3235         * b3/B3PatchpointSpecial.cpp:
3236         (JSC::B3::PatchpointSpecial::forEachArg):
3237         * b3/B3StackmapSpecial.cpp:
3238         (JSC::B3::StackmapSpecial::forEachArgImpl):
3239         * b3/B3Value.h:
3240         * b3/B3Variable.h:
3241         (JSC::B3::Variable::width):
3242         (JSC::B3::Variable::bank):
3243         * b3/B3WasmAddressValue.h:
3244         * b3/B3Width.cpp: Added.
3245         (WTF::printInternal):
3246         * b3/B3Width.h: Added.
3247         (JSC::B3::pointerWidth):
3248         (JSC::B3::widthForType):
3249         (JSC::B3::conservativeWidth):
3250         (JSC::B3::minimumWidth):
3251         (JSC::B3::bytes):
3252         (JSC::B3::widthForBytes):
3253         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3254         * b3/air/AirAllocateStack.cpp:
3255         (JSC::B3::Air::allocateStack):
3256         * b3/air/AirArg.cpp:
3257         (JSC::B3::Air::Arg::canRepresent):
3258         (JSC::B3::Air::Arg::isCompatibleBank):
3259         (JSC::B3::Air::Arg::isCompatibleType): Deleted.
3260         * b3/air/AirArg.h:
3261         (JSC::B3::Air::Arg::hasBank):
3262         (JSC::B3::Air::Arg::bank):
3263         (JSC::B3::Air::Arg::isBank):
3264         (JSC::B3::Air::Arg::forEachTmp):
3265         (JSC::B3::Air::Arg::forEachType): Deleted.
3266         (JSC::B3::Air::Arg::pointerWidth): Deleted.
3267         (JSC::B3::Air::Arg::typeForB3Type): Deleted.
3268         (JSC::B3::Air::Arg::widthForB3Type): Deleted.
3269         (JSC::B3::Air::Arg::conservativeWidth): Deleted.
3270         (JSC::B3::Air::Arg::minimumWidth): Deleted.
3271         (JSC::B3::Air::Arg::bytes): Deleted.
3272         (JSC::B3::Air::Arg::widthForBytes): Deleted.
3273         (JSC::B3::Air::Arg::hasType): Deleted.
3274         (JSC::B3::Air::Arg::type): Deleted.
3275         (JSC::B3::Air::Arg::isType): Deleted.
3276         * b3/air/AirArgInlines.h:
3277         (JSC::B3::Air::ArgThingHelper<Tmp>::forEach):
3278         (JSC::B3::Air::ArgThingHelper<Arg>::forEach):
3279         (JSC::B3::Air::ArgThingHelper<Reg>::forEach):
3280         (JSC::B3::Air::Arg::forEach):
3281         * b3/air/AirCCallSpecial.cpp:
3282         (JSC::B3::Air::CCallSpecial::forEachArg):
3283         * b3/air/AirCCallingConvention.cpp:
3284         * b3/air/AirCode.cpp:
3285         (JSC::B3::Air::Code::Code):
3286         (JSC::B3::Air::Code::setRegsInPriorityOrder):
3287         (JSC::B3::Air::Code::pinRegister):
3288         * b3/air/AirCode.h:
3289         (JSC::B3::Air::Code::regsInPriorityOrder):
3290         (JSC::B3::Air::Code::newTmp):
3291         (JSC::B3::Air::Code::numTmps):
3292         (JSC::B3::Air::Code::regsInPriorityOrderImpl):
3293         * b3/air/AirCustom.cpp:
3294         (JSC::B3::Air::PatchCustom::isValidForm):
3295         (JSC::B3::Air::ShuffleCustom::isValidForm):
3296         * b3/air/AirCustom.h:
3297         (JSC::B3::Air::PatchCustom::forEachArg):
3298         (JSC::B3::Air::CCallCustom::forEachArg):
3299         (JSC::B3::Air::ColdCCallCustom::forEachArg):
3300         (JSC::B3::Air::ShuffleCustom::forEachArg):
3301         (JSC::B3::Air::WasmBoundsCheckCustom::forEachArg):
3302         * b3/air/AirDumpAsJS.cpp:
3303         (JSC::B3::Air::dumpAsJS):
3304         * b3/air/AirEliminateDeadCode.cpp:
3305         (JSC::B3::Air::eliminateDeadCode):
3306         * b3/air/AirEmitShuffle.cpp:
3307         (JSC::B3::Air::emitShuffle):
3308         * b3/air/AirEmitShuffle.h:
3309         (JSC::B3::Air::ShufflePair::ShufflePair):
3310         (JSC::B3::Air::ShufflePair::width):
3311         * b3/air/AirFixObviousSpills.cpp:
3312         * b3/air/AirFixPartialRegisterStalls.cpp:
3313         (JSC::B3::Air::fixPartialRegisterStalls):
3314         * b3/air/AirInst.cpp:
3315         (JSC::B3::Air::Inst::hasArgEffects):
3316         * b3/air/AirInst.h:
3317         (JSC::B3::Air::Inst::forEachTmp):
3318         * b3/air/AirInstInlines.h:
3319         (JSC::B3::Air::Inst::forEach):
3320         (JSC::B3::Air::Inst::forEachDef):
3321         (JSC::B3::Air::Inst::forEachDefWithExtraClobberedRegs):
3322         * b3/air/AirLiveness.h:
3323         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
3324         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
3325         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
3326         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
3327         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
3328         (JSC::B3::Air::RegLivenessAdapter::acceptsBank):
3329         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
3330         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute):
3331         (JSC::B3::Air::TmpLivenessAdapter::acceptsType): Deleted.
3332         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsType): Deleted.
3333         (JSC::B3::Air::RegLivenessAdapter::acceptsType): Deleted.
3334         * b3/air/AirLogRegisterPressure.cpp:
3335         (JSC::B3::Air::logRegisterPressure):
3336         * b3/air/AirLowerAfterRegAlloc.cpp:
3337         (JSC::B3::Air::lowerAfterRegAlloc):
3338         * b3/air/AirLowerMacros.cpp:
3339         (JSC::B3::Air::lowerMacros):
3340         * b3/air/AirPadInterference.cpp:
3341         (JSC::B3::Air::padInterference):
3342         * b3/air/AirReportUsedRegisters.cpp:
3343         (JSC::B3::Air::reportUsedRegisters):
3344         * b3/air/AirSpillEverything.cpp:
3345         (JSC::B3::Air::spillEverything):
3346         * b3/air/AirTmpInlines.h:
3347         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex): Deleted.
3348         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::lastMachineRegisterIndex): Deleted.
3349         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
3350         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex): Deleted.
3351         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::lastMachineRegisterIndex): Deleted.
3352         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
3353         * b3/air/AirTmpWidth.cpp:
3354         (JSC::B3::Air::TmpWidth::recompute):
3355         * b3/air/AirTmpWidth.h:
3356         (JSC::B3::Air::TmpWidth::width):
3357         (JSC::B3::Air::TmpWidth::requiredWidth):
3358         (JSC::B3::Air::TmpWidth::defWidth):
3359         (JSC::B3::Air::TmpWidth::useWidth):
3360         (JSC::B3::Air::TmpWidth::Widths::Widths):
3361         * b3/air/AirUseCounts.h:
3362         (JSC::B3::Air::UseCounts::UseCounts):
3363         * b3/air/AirValidate.cpp:
3364         * b3/air/opcode_generator.rb:
3365         * b3/air/testair.cpp:
3366         (JSC::B3::Air::compile): Deleted.
3367         (JSC::B3::Air::invoke): Deleted.
3368         (JSC::B3::Air::compileAndRun): Deleted.
3369         (JSC::B3::Air::testSimple): Deleted.
3370         (JSC::B3::Air::loadConstantImpl): Deleted.
3371         (JSC::B3::Air::loadConstant): Deleted.
3372         (JSC::B3::Air::loadDoubleConstant): Deleted.
3373         (JSC::B3::Air::testShuffleSimpleSwap): Deleted.
3374         (JSC::B3::Air::testShuffleSimpleShift): Deleted.
3375         (JSC::B3::Air::testShuffleLongShift): Deleted.
3376         (JSC::B3::Air::testShuffleLongShiftBackwards): Deleted.
3377         (JSC::B3::Air::testShuffleSimpleRotate): Deleted.
3378         (JSC::B3::Air::testShuffleSimpleBroadcast): Deleted.
3379         (JSC::B3::Air::testShuffleBroadcastAllRegs): Deleted.
3380         (JSC::B3::Air::testShuffleTreeShift): Deleted.
3381         (JSC::B3::Air::testShuffleTreeShiftBackward): Deleted.
3382         (JSC::B3::Air::testShuffleTreeShiftOtherBackward): Deleted.
3383         (JSC::B3::Air::testShuffleMultipleShifts): Deleted.
3384         (JSC::B3::Air::testShuffleRotateWithFringe): Deleted.
3385         (JSC::B3::Air::testShuffleRotateWithFringeInWeirdOrder): Deleted.
3386         (JSC::B3::Air::testShuffleRotateWithLongFringe): Deleted.
3387         (JSC::B3::Air::testShuffleMultipleRotates): Deleted.
3388         (JSC::B3::Air::testShuffleShiftAndRotate): Deleted.
3389         (JSC::B3::Air::testShuffleShiftAllRegs): Deleted.
3390         (JSC::B3::Air::testShuffleRotateAllRegs): Deleted.
3391         (JSC::B3::Air::testShuffleSimpleSwap64): Deleted.
3392         (JSC::B3::Air::testShuffleSimpleShift64): Deleted.
3393         (JSC::B3::Air::testShuffleSwapMixedWidth): Deleted.
3394         (JSC::B3::Air::testShuffleShiftMixedWidth): Deleted.
3395         (JSC::B3::Air::testShuffleShiftMemory): Deleted.
3396         (JSC::B3::Air::testShuffleShiftMemoryLong): Deleted.
3397         (JSC::B3::Air::testShuffleShiftMemoryAllRegs): Deleted.
3398         (JSC::B3::Air::testShuffleShiftMemoryAllRegs64): Deleted.
3399         (JSC::B3::Air::combineHiLo): Deleted.
3400         (JSC::B3::Air::testShuffleShiftMemoryAllRegsMixedWidth): Deleted.
3401         (JSC::B3::Air::testShuffleRotateMemory): Deleted.
3402         (JSC::B3::Air::testShuffleRotateMemory64): Deleted.
3403         (JSC::B3::Air::testShuffleRotateMemoryMixedWidth): Deleted.
3404         (JSC::B3::Air::testShuffleRotateMemoryAllRegs64): Deleted.
3405         (JSC::B3::Air::testShuffleRotateMemoryAllRegsMixedWidth): Deleted.
3406         (JSC::B3::Air::testShuffleSwapDouble): Deleted.
3407         (JSC::B3::Air::testShuffleShiftDouble): Deleted.
3408         (JSC::B3::Air::testX86VMULSD): Deleted.
3409         (JSC::B3::Air::testX86VMULSDDestRex): Deleted.
3410         (JSC::B3::Air::testX86VMULSDOp1DestRex): Deleted.
3411         (JSC::B3::Air::testX86VMULSDOp2DestRex): Deleted.
3412         (JSC::B3::Air::testX86VMULSDOpsDestRex): Deleted.
3413         (JSC::B3::Air::testX86VMULSDAddr): Deleted.
3414         (JSC::B3::Air::testX86VMULSDAddrOpRexAddr): Deleted.
3415         (JSC::B3::Air::testX86VMULSDDestRexAddr): Deleted.
3416         (JSC::B3::Air::testX86VMULSDRegOpDestRexAddr): Deleted.
3417         (JSC::B3::Air::testX86VMULSDAddrOpDestRexAddr): Deleted.
3418         (JSC::B3::Air::testX86VMULSDBaseNeedsRex): Deleted.
3419         (JSC::B3::Air::testX86VMULSDIndexNeedsRex): Deleted.
3420         (JSC::B3::Air::testX86VMULSDBaseIndexNeedRex): Deleted.
3421         (JSC::B3::Air::run): Deleted.
3422
3423 2017-02-24  Keith Miller  <keith_miller@apple.com>
3424
3425         We should be able to use std::tuples as keys in HashMap
3426         https://bugs.webkit.org/show_bug.cgi?id=168805
3427
3428         Reviewed by Filip Pizlo.
3429
3430         Convert the mess of std::pairs we used as the keys in PrototypeMap
3431         to a std::tuple. I also plan on using this for a HashMap in wasm.
3432
3433         * JavaScriptCore.xcodeproj/project.pbxproj:
3434         * runtime/PrototypeMap.cpp:
3435         (JSC::PrototypeMap::createEmptyStructure):
3436         (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
3437         * runtime/PrototypeMap.h:
3438
3439 2017-02-24  Saam Barati  <sbarati@apple.com>
3440
3441         Unreviewed. Remove inaccurate copy-paste comment from r212939.
3442
3443         * dfg/DFGOperations.cpp:
3444
3445 2017-02-23  Saam Barati  <sbarati@apple.com>
3446
3447         Intrinsicify parseInt
3448         https://bugs.webkit.org/show_bug.cgi?id=168627
3449
3450         Reviewed by Filip Pizlo.
3451
3452         This patch makes parseInt an intrinsic in the DFG and FTL.
3453         We do our best to eliminate this node. If we speculate that
3454         the first operand to the operation is an int32, and that there
3455         isn't a second operand, we convert to the identity of the first
3456         operand. That's because parseInt(someInt) === someInt.
3457         
3458         If the first operand is proven to be an integer, and the second
3459         operand is the integer 0 or the integer 10, we can eliminate the
3460         node by making it an identity over its first operand. That's
3461         because parseInt(someInt, 0) === someInt and parseInt(someInt, 10) === someInt.
3462         
3463         If we are not able to constant fold the node away, we try to remove
3464         checks. The most common use case of parseInt is that its first operand
3465         is a proven string. The DFG might be able to remove type checks in this
3466         case. We also set up CSE rules for parseInt(someString, someIntRadix)
3467         because it's a "pure" operation (modulo resolving a rope).
3468
3469         This looks to be a 4% Octane/Box2D progression.
3470
3471         * dfg/DFGAbstractInterpreterInlines.h:
3472         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3473         * dfg/DFGByteCodeParser.cpp:
3474         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3475         * dfg/DFGClobberize.h:
3476         (JSC::DFG::clobberize):
3477         * dfg/DFGConstantFoldingPhase.cpp:
3478         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3479         * dfg/DFGDoesGC.cpp:
3480         (JSC::DFG::doesGC):
3481         * dfg/DFGFixupPhase.cpp:
3482         (JSC::DFG::FixupPhase::fixupNode):
3483         * dfg/DFGNode.h:
3484         (JSC::DFG::Node::hasHeapPrediction):
3485         * dfg/DFGNodeType.h:
3486         * dfg/DFGOperations.cpp:
3487         (JSC::DFG::parseIntResult):
3488         * dfg/DFGOperations.h:
3489         * dfg/DFGPredictionPropagationPhase.cpp:
3490         * dfg/DFGSafeToExecute.h:
3491         (JSC::DFG::safeToExecute):
3492         * dfg/DFGSpeculativeJIT.cpp:
3493         (JSC::DFG::SpeculativeJIT::compileParseInt):
3494         * dfg/DFGSpeculativeJIT.h:
3495         (JSC::DFG::SpeculativeJIT::callOperation):
3496         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
3497         * dfg/DFGSpeculativeJIT32_64.cpp:
3498         (JSC::DFG::SpeculativeJIT::compile):
3499         * dfg/DFGSpeculativeJIT64.cpp:
3500         (JSC::DFG::SpeculativeJIT::compile):
3501         * ftl/FTLCapabilities.cpp:
3502         (JSC::FTL::canCompile):
3503         * ftl/FTLLowerDFGToB3.cpp:
3504         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3505         (JSC::FTL::DFG::LowerDFGToB3::compileParseInt):
3506         * jit/JITOperations.h:
3507         * parser/Lexer.cpp:
3508         * runtime/ErrorInstance.cpp:
3509         * runtime/Intrinsic.h:
3510         * runtime/JSGlobalObject.cpp:
3511         (JSC::JSGlobalObject::init):
3512         * runtime/JSGlobalObjectFunctions.cpp:
3513         (JSC::toStringView): Deleted.
3514         (JSC::isStrWhiteSpace): Deleted.
3515         (JSC::parseDigit): Deleted.
3516         (JSC::parseIntOverflow): Deleted.
3517         (JSC::parseInt): Deleted.
3518         * runtime/JSGlobalObjectFunctions.h:
3519         * runtime/ParseInt.h: Added.
3520         (JSC::parseDigit):
3521         (JSC::parseIntOverflow):
3522         (JSC::isStrWhiteSpace):
3523         (JSC::parseInt):
3524         (JSC::toStringView):
3525         * runtime/StringPrototype.cpp:
3526
3527 2017-02-23  JF Bastien  <jfbastien@apple.com>
3528
3529         WebAssembly: support 0x1 version
3530         https://bugs.webkit.org/show_bug.cgi?id=168672
3531
3532         Reviewed by Keith Miller.
3533
3534         * wasm/wasm.json: update the version number, everything is based
3535         on its value
3536
3537 2017-02-23  Saam Barati  <sbarati@apple.com>
3538
3539         Make Briggs fixpoint validation run only with validateGraphAtEachPhase
3540         https://bugs.webkit.org/show_bug.cgi?id=168795
3541
3542         Rubber stamped by Keith Miller.
3543
3544         The Briggs allocator was running intensive validation
3545         on each step of the fixpoint. Instead, it now will just
3546         do it when shouldValidateIRAtEachPhase() is true because
3547         doing this for all !ASSERT_DISABLED builds takes too long.
3548
3549         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3550
3551 2017-02-23  Filip Pizlo  <fpizlo@apple.com>
3552
3553         SpeculativeJIT::compilePutByValForIntTypedArray should only do the constant-folding optimization when the constant passes the type check
3554         https://bugs.webkit.org/show_bug.cgi?id=168787
3555
3556         Reviewed by Michael Saboff and Mark Lam.
3557
3558         * dfg/DFGSpeculativeJIT.cpp:
3559         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3560
3561 2017-02-23  Mark Lam  <mark.lam@apple.com>
3562
3563         Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
3564         https://bugs.webkit.org/show_bug.cgi?id=168786
3565
3566         Reviewed by Filip Pizlo.
3567
3568         In practice, we will always have multiple instructions after invalidation points,
3569         and have enough room in the JIT buffer for the invalidation point to work with.
3570         However, as a precaution, we can guarantee that there's enough room by always
3571         emitting a label just before we link the buffer.  The label will emit nop padding
3572         if needed.
3573
3574         * assembler/LinkBuffer.cpp:
3575         (JSC::LinkBuffer::linkCode):
3576
3577 2017-02-23  Keith Miller  <keith_miller@apple.com>
3578
3579         Unreviewed, fix the cloop build. Needed a #if.
3580
3581         * jit/ExecutableAllocator.cpp:
3582
3583 2017-02-22  Carlos Garcia Campos  <cgarcia@igalia.com>
3584
3585         Better handle Thread and RunLoop initialization
3586         https://bugs.webkit.org/show_bug.cgi?id=167828
3587
3588         Reviewed by Yusuke Suzuki.
3589
3590         * runtime/InitializeThreading.cpp:
3591         (JSC::initializeThreading): Do not initialize double_conversion, that is already initialized by WTF, and GC
3592         threads that will be initialized by WTF main thread when needed.
3593
3594 2017-02-22  JF Bastien  <jfbastien@apple.com>
3595
3596         WebAssembly: clear out insignificant i32 bits when calling JavaScript
3597         https://bugs.webkit.org/show_bug.cgi?id=166677
3598
3599         Reviewed by Keith Miller.
3600
3601         When WebAssembly calls JavaScript it needs to clear out the
3602         insignificant bits of int32 values:
3603
3604           +------------------- tag
3605           |  +---------------- insignificant
3606           |  |   +------------ 32-bit integer value
3607           |  |   |
3608           |--|---|-------|
3609         0xffff0000ffffffff
3610
3611         At least some JavaScript code assumes that these bits are all
3612         zero. In the wasm-to-wasm.js example we store a 64-bit value in an
3613         object with lo / hi fields, each containing 32-bit integers. We
3614         then load these back, and the baseline compiler fails its
3615         comparison because it first checks the value are the same type
3616         (yes, because the int32 tag is set in both), and then whether they
3617         have the same value (no, because comparing the two registers
3618         fails). We could argue that the baseline compiler is wrong for
3619         performing a 64-bit comparison, but it doesn't really matter
3620         because there's not much of a point in breaking that invariant for
3621         WebAssembly's sake.
3622
3623         * wasm/WasmBinding.cpp:
3624         (JSC::Wasm::wasmToJs):
3625
3626 2017-02-22  Keith Miller  <keith_miller@apple.com>
3627
3628         Remove the demand executable allocator
3629         https://bugs.webkit.org/show_bug.cgi?id=168754
3630
3631         Reviewed by Saam Barati.
3632
3633         We currently only use the demand executable allocator for non-iOS 32-bit platforms.
3634         Benchmark results on a MBP indicate there is no appreciable performance difference
3635         between a the fixed and demand allocators. In a future patch I will go back through
3636         this code and remove more of the abstractions.
3637
3638         * JavaScriptCore.xcodeproj/project.pbxproj:
3639         * jit/ExecutableAllocator.cpp:
3640         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
3641         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
3642         (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
3643         (JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
3644         (JSC::ExecutableAllocator::initializeAllocator):
3645         (JSC::ExecutableAllocator::ExecutableAllocator):
3646         (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
3647         (JSC::ExecutableAllocator::isValid):
3648         (JSC::ExecutableAllocator::underMemoryPressure):
3649         (JSC::ExecutableAllocator::memoryPressureMultiplier):
3650         (JSC::ExecutableAllocator::allocate):
3651         (JSC::ExecutableAllocator::isValidExecutableMemory):
3652         (JSC::ExecutableAllocator::getLock):
3653         (JSC::ExecutableAllocator::committedByteCount):
3654         (JSC::ExecutableAllocator::dumpProfile):
3655         (JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
3656         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
3657         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
3658         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
3659         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
3660         (JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
3661         (JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
3662         (JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
3663         (JSC::DemandExecutableAllocator::allocators): Deleted.
3664         (JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
3665         * jit/ExecutableAllocator.h:
3666         * jit/ExecutableAllocatorFixedVMPool.cpp: Removed.
3667         * jit/JITStubRoutine.h:
3668         (JSC::JITStubRoutine::canPerformRangeFilter):
3669         (JSC::JITStubRoutine::filteringStartAddress):
3670         (JSC::JITStubRoutine::filteringExtentSize):
3671
3672 2017-02-22  Saam Barati  <sbarati@apple.com>
3673
3674         Add biased coloring to Briggs and IRC
3675         https://bugs.webkit.org/show_bug.cgi?id=168611
3676
3677         Reviewed by Filip Pizlo.
3678
3679         This patch implements biased coloring as proposed by Briggs. See section
3680         5.3.3 of his thesis for more information: http://www.cs.utexas.edu/users/mckinley/380C/lecs/briggs-thesis-1992.pdf
3681
3682         The main idea of biased coloring is this:
3683         We try to coalesce a move between u and v, but the conservative heuristic
3684         fails. We don't want coalesce the move because we don't want to risk
3685         creating an uncolorable graph. However, if the conservative heuristic fails,
3686         it's not proof that the graph is uncolorable if the move were indeed coalesced.
3687         So, when we go to color the tmps, we'll remember that we really want the
3688         same register for u and v, and if legal during coloring, we will
3689         assign them to the same register.
3690
3691         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3692
3693 2017-02-22  Yusuke Suzuki  <utatane.tea@gmail.com>
3694
3695         JSModuleNamespace object should have IC
3696         https://bugs.webkit.org/show_bug.cgi?id=160590
3697
3698         Reviewed by Saam Barati.
3699
3700         This patch optimizes accesses to module namespace objects.
3701
3702         1. Cache the resolutions for module namespace objects.
3703
3704             When constructing the module namespace object, we already resolves all the exports.
3705             The module namespace object caches this result and leverage it in the later access in
3706             getOwnPropertySlot. This avoids resolving bindings through resolveExport.
3707
3708         2. Introduce ModuleNamespaceLoad IC.
3709
3710             This patch adds new IC for module namespace objects. The mechanism is simple, getOwnPropertySlot
3711             tells us about module namespace object resolution. The IC first checks whether the given object
3712             is an expected module namespace object. If this check succeeds, we load the value from the module
3713             environment.
3714
3715         3. Introduce DFG/FTL optimization.
3716
3717             After exploiting module namespace object accesses in (2), DFG can recognize this in ByteCodeParser.
3718             DFG will convert it to CheckCell with the namespace object and GetClosureVar from the cached environment.
3719             At that time, we have a chance to fold it to the constant.
3720
3721         This optimization improves the performance of accessing to module namespace objects.
3722
3723         Before
3724             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-namespace.js
3725             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.43s user 0.03s system 101% cpu 0.451 total
3726             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-binding.js
3727             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.08s user 0.02s system 103% cpu 0.104 total
3728
3729         After
3730             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-namespace.js
3731             ../../WebKitBuild/module-ic/Release/bin/jsc -m   0.11s user 0.01s system 106% cpu 0.109 total
3732             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.js
3733             ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.j  0.08s user 0.02s system 102% cpu 0.105 total
3734
3735         * CMakeLists.txt:
3736         * JavaScriptCore.xcodeproj/project.pbxproj:
3737         * bytecode/AccessCase.cpp:
3738         (JSC::AccessCase::create):
3739         (JSC::AccessCase::guardedByStructureCheck):
3740         (JSC::AccessCase::canReplace):
3741         (JSC::AccessCase::visitWeak):
3742         (JSC::AccessCase::generateWithGuard):
3743         (JSC::AccessCase::generateImpl):
3744         * bytecode/AccessCase.h:
3745         * bytecode/GetByIdStatus.cpp:
3746         (JSC::GetByIdStatus::GetByIdStatus):
3747         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
3748         (JSC::GetByIdStatus::makesCalls):
3749         (JSC::GetByIdStatus::dump):
3750         * bytecode/GetByIdStatus.h:
3751         (JSC::GetByIdStatus::isModuleNamespace):
3752         (JSC::GetByIdStatus::takesSlowPath):
3753         (JSC::GetByIdStatus::moduleNamespaceObject):
3754         (JSC::GetByIdStatus::moduleEnvironment):
3755         (JSC::GetByIdStatus::scopeOffset):
3756         * bytecode/ModuleNamespaceAccessCase.cpp: Added.
3757         (JSC::ModuleNamespaceAccessCase::ModuleNamespaceAccessCase):
3758         (JSC::ModuleNamespaceAccessCase::create):
3759         (JSC::ModuleNamespaceAccessCase::~ModuleNamespaceAccessCase):
3760         (JSC::ModuleNamespaceAccessCase::clone):
3761         (JSC::ModuleNamespaceAccessCase::emit):
3762         * bytecode/ModuleNamespaceAccessCase.h: Added.
3763         (JSC::ModuleNamespaceAccessCase::moduleNamespaceObject):
3764         (JSC::ModuleNamespaceAccessCase::moduleEnvironment):
3765         (JSC::ModuleNamespaceAccessCase::scopeOffset):
3766         * bytecode/PolymorphicAccess.cpp:
3767         (WTF::printInternal):
3768         * dfg/DFGByteCodeParser.cpp:
3769         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
3770         (JSC::DFG::ByteCodeParser::handleGetById):
3771         * jit/AssemblyHelpers.h:
3772         (JSC::AssemblyHelpers::loadValue):
3773         * jit/Repatch.cpp:
3774         (JSC::tryCacheGetByID):
3775         * runtime/AbstractModuleRecord.cpp:
3776         (JSC::AbstractModuleRecord::getModuleNamespace):
3777         * runtime/JSModuleNamespaceObject.cpp:
3778         (JSC::JSModuleNamespaceObject::finishCreation):
3779         (JSC::JSModuleNamespaceObject::visitChildren):
3780         (JSC::getValue):
3781         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
3782         (JSC::JSModuleNamespaceObject::getOwnPropertyNames):
3783         * runtime/JSModuleNamespaceObject.h:
3784         (JSC::isJSModuleNamespaceObject):
3785         (JSC::JSModuleNamespaceObject::create): Deleted.
3786         (JSC::JSModuleNamespaceObject::createStructure): Deleted.
3787         (JSC::JSModuleNamespaceObject::moduleRecord): Deleted.
3788         * runtime/JSModuleRecord.h:
3789         (JSC::JSModuleRecord::moduleEnvironment): Deleted.
3790         * runtime/PropertySlot.h:
3791         (JSC::PropertySlot::PropertySlot):
3792         (JSC::PropertySlot::domJIT):
3793         (JSC::PropertySlot::moduleNamespaceSlot):
3794         (JSC::PropertySlot::setValueModuleNamespace):
3795         (JSC::PropertySlot::setCacheableCustom):
3796
3797 2017-02-22  Saam Barati  <sbarati@apple.com>
3798
3799         Unreviewed. Rename AirGraphColoring.* files to AirAllocateRegistersByGraphColoring.* to be more consistent with the rest of the Air file names.
3800
3801         * CMakeLists.txt:
3802         * JavaScriptCore.xcodeproj/project.pbxproj:
3803         * b3/air/AirAllocateRegistersByGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirGraphColoring.cpp.
3804         * b3/air/AirAllocateRegistersByGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirGraphColoring.h.
3805         * b3/air/AirGenerate.cpp:
3806         * b3/air/AirGraphColoring.cpp: Removed.
3807         * b3/air/AirGraphColoring.h: Removed.
3808
3809 2017-02-21  Youenn Fablet  <youenn@apple.com>
3810
3811         [WebRTC][Mac] Activate libwebrtc
3812         https://bugs.webkit.org/show_bug.cgi?id=167293
3813         <rdar://problem/30401864>
3814
3815         Reviewed by Alex Christensen.
3816
3817         * Configurations/FeatureDefines.xcconfig:
3818
3819 2017-02-21  Saam Barati  <sbarati@apple.com>
3820
3821         Add the Briggs optimistic allocator to run on ARM64
3822         https://bugs.webkit.org/show_bug.cgi?id=168454
3823
3824         Reviewed by Filip Pizlo.
3825
3826         This patch adds the Briggs allocator to Air:
3827         http://www.cs.utexas.edu/users/mckinley/380C/lecs/briggs-thesis-1992.pdf
3828         It uses it by default on ARM64. I was measuring an 8-10% speedup
3829         in the phase because of this. I also wasn't able to detect a slowdown 
3830         for generated code on ARM64. There are still a few things we can do
3831         to speed things up even further. Moving the interference graph into
3832         a BitVector was another 10-20% speedup. We should consider doing this
3833         in a follow up patch. This is especially important now, since making
3834         register allocation faster has a direct impact on startup time for
3835         Wasm modules.
3836         
3837         I abstracted away the common bits between Briggs and IRC, and moved
3838         them into a common super class. In a follow up to this patch, I plan
3839         on implementing biased coloring for both Briggs and IRC (this is
3840         described in Briggs's thesis). I was able to detect a 1% slowdown
3841         with Briggs on Octane for x86-64. This is because the register file
3842         for x86-64 is smaller than ARM64. When I implemented biased coloring,
3843         I was no longer able to detect this slowdown. I still think it's a
3844         sensible plan to run Briggs on ARM64 and IRC on x86-64.
3845
3846         * CMakeLists.txt:
3847         * JavaScriptCore.xcodeproj/project.pbxproj:
3848         * b3/air/AirGenerate.cpp:
3849         (JSC::B3::Air::prepareForGeneration):
3850         * b3/air/AirGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp.
3851         (JSC::B3::Air::allocateRegistersByGraphColoring):
3852         (JSC::B3::Air::iteratedRegisterCoalescing): Deleted.
3853         * b3/air/AirGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.h.
3854         * b3/air/AirIteratedRegisterCoalescing.cpp: Removed.
3855         * b3/air/AirIteratedRegisterCoalescing.h: Removed.
3856         * runtime/Options.h:
3857
3858 2017-02-21  Mark Lam  <mark.lam@apple.com>
3859
3860         Add more missing exception checks detected by running marathon.js.
3861         https://bugs.webkit.org/show_bug.cgi?id=168697
3862
3863         Reviewed by Saam Barati.
3864
3865         * runtime/StringPrototype.cpp:
3866         (JSC::replaceUsingRegExpSearch):
3867         (JSC::replaceUsingStringSearch):
3868
3869 2017-02-21  JF Bastien  <jfbastien@apple.com>
3870
3871         FullCodeOrigin for CodeBlock+CodeOrigin printing
3872         https://bugs.webkit.org/show_bug.cgi?id=168673
3873
3874         Reviewed by Filip Pizlo.
3875
3876         WebAssembly doesn't have a CodeBlock, so printing it isn't
3877         valid. This patch adds FullCodeOrigin to handle the
3878         CodeBlock+CodeOrigin printing pattern, and uses it through all the
3879         places I could find, including Repatch.cpp where it's relevant for
3880         WebAssembly.
3881
3882         * CMakeLists.txt:
3883         * JavaScriptCore.xcodeproj/project.pbxproj:
3884         * bytecode/CodeBlock.cpp:
3885         (JSC::CodeBlock::noticeIncomingCall):
3886         * bytecode/FullCodeOrigin.cpp: Added.
3887         (JSC::FullCodeOrigin::dump):
3888         (JSC::FullCodeOrigin::dumpInContext):
3889         * bytecode/FullCodeOrigin.h: Added.
3890         (JSC::FullCodeOrigin::FullCodeOrigin):
3891         * bytecode/PolymorphicAccess.cpp:
3892         (JSC::PolymorphicAccess::regenerate):
3893         * jit/PolymorphicCallStubRoutine.cpp:
3894         (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
3895         * jit/Repatch.cpp:
3896         (JSC::linkFor):
3897         (JSC::linkDirectFor):
3898         (JSC::linkVirtualFor):
3899
3900 2017-02-21  Filip Pizlo  <fpizlo@apple.com>
3901
3902         Unreviewed, fix cloop. I managed to have my local patch for relanding be the one without the cloop
3903         fix. I keep forgetting about cloop!
3904
3905         * heap/Heap.cpp:
3906         (JSC::Heap::stopThePeriphery):
3907         * runtime/JSLock.cpp:
3908
3909 2017-02-21  Mark Lam  <mark.lam@apple.com>
3910
3911         Add missing exception checks detected by running marathon.js.
3912         https://bugs.webkit.org/show_bug.cgi?id=168687
3913
3914         Reviewed by Saam Barati.
3915
3916         When running the marathon.js test from https://bugs.webkit.org/show_bug.cgi?id=168580,
3917         we get some crashes due to missing exception checks.  This patch adds those
3918         missing exception checks.
3919