8023dd3a01661c70d450e5709c4df3c1d4bf37a1
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-03  Mark Lam  <mark.lam@apple.com>
2
3         Rename DFG's compileAdd to compileArithAdd.
4         https://bugs.webkit.org/show_bug.cgi?id=150866
5
6         Reviewed by Benjamin Poulain.
7
8         The function is only supposed to generate code to do arithmetic addition on
9         numeric types.  Naming it compileArithAdd() is more accurate, and is consistent
10         with the name of the node it emits code for (i.e. ArithAdd) as well as other
11         compiler functions for analogous operations e.g. compileArithSub.
12
13         * dfg/DFGSpeculativeJIT.cpp:
14         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
15         (JSC::DFG::SpeculativeJIT::compileArithAdd):
16         (JSC::DFG::SpeculativeJIT::compileAdd): Deleted.
17         * dfg/DFGSpeculativeJIT.h:
18         * dfg/DFGSpeculativeJIT32_64.cpp:
19         (JSC::DFG::SpeculativeJIT::compile):
20         * dfg/DFGSpeculativeJIT64.cpp:
21         (JSC::DFG::SpeculativeJIT::compile):
22
23 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
24
25         Web Inspector: Remove duplication among ScriptDebugServer subclasses
26         https://bugs.webkit.org/show_bug.cgi?id=150860
27
28         Reviewed by Timothy Hatcher.
29
30         ScriptDebugServer expects a list of listeners to dispatch events to.
31         However each of its subclasses had their own implementation of the
32         list because of different handling when the first was added or when
33         the last was removed. Extract common code into ScriptDebugServer
34         which simplifies things.
35
36         Subclasses now only implement a virtual methods "attachDebugger"
37         and "detachDebugger" which is the unique work done when the first
38         listener is added or last is removed.
39
40         * inspector/JSGlobalObjectScriptDebugServer.cpp:
41         (Inspector::JSGlobalObjectScriptDebugServer::attachDebugger):
42         (Inspector::JSGlobalObjectScriptDebugServer::detachDebugger):
43         (Inspector::JSGlobalObjectScriptDebugServer::addListener): Deleted.
44         (Inspector::JSGlobalObjectScriptDebugServer::removeListener): Deleted.
45         * inspector/JSGlobalObjectScriptDebugServer.h:
46         * inspector/ScriptDebugServer.cpp:
47         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
48         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
49         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
50         (Inspector::ScriptDebugServer::sourceParsed):
51         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
52         (Inspector::ScriptDebugServer::addListener):
53         (Inspector::ScriptDebugServer::removeListener):
54         * inspector/ScriptDebugServer.h:
55         * inspector/agents/InspectorDebuggerAgent.cpp:
56         (Inspector::InspectorDebuggerAgent::enable):
57         (Inspector::InspectorDebuggerAgent::disable):
58         * inspector/agents/InspectorDebuggerAgent.h:
59         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
60         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer): Deleted.
61         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer): Deleted.
62         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
63
64         * inspector/ScriptDebugListener.h:
65         (Inspector::ScriptDebugListener::Script::Script):
66         Drive-by convert Script to a struct, it has public fields and is used as such.
67
68 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
69
70         B3::LowerToAir should recognize Neg (i.e. Sub($0, value))
71         https://bugs.webkit.org/show_bug.cgi?id=150759
72
73         Reviewed by Benjamin Poulain.
74
75         Adds various forms of Sub(0, value) and compiles them as Neg. Also fixes a bug in
76         StoreSubLoad. This bug was correctness-benign, so I couldn't add a test for it.
77
78         * b3/B3LowerToAir.cpp:
79         (JSC::B3::Air::LowerToAir::immOrTmp):
80         (JSC::B3::Air::LowerToAir::appendUnOp):
81         (JSC::B3::Air::LowerToAir::appendBinOp):
82         (JSC::B3::Air::LowerToAir::tryAppendStoreUnOp):
83         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
84         (JSC::B3::Air::LowerToAir::trySub):
85         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
86         * b3/B3LoweringMatcher.patterns:
87         * b3/air/AirOpcode.opcodes:
88         * b3/testb3.cpp:
89         (JSC::B3::testAdd1Ptr):
90         (JSC::B3::testNeg32):
91         (JSC::B3::testNegPtr):
92         (JSC::B3::testStoreAddLoad):
93         (JSC::B3::testStoreAddAndLoad):
94         (JSC::B3::testStoreNegLoad32):
95         (JSC::B3::testStoreNegLoadPtr):
96         (JSC::B3::testAdd1Uncommuted):
97         (JSC::B3::run):
98
99 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
100
101         B3::Values that have effects should allow specification of custom HeapRanges
102         https://bugs.webkit.org/show_bug.cgi?id=150535
103
104         Reviewed by Benjamin Poulain.
105
106         Add a Effects field to calls and patchpoints. Add a HeapRange to MemoryValues.
107
108         In the process, I created a class for the CCall opcode, so that it has somewhere to put
109         the Effects field.
110
111         While doing this, I realized that we didn't have a good way of ensuring that an opcode
112         that requires a specific subclass was actually created with that subclass. So, I added
113         assertions for this.
114
115         * CMakeLists.txt:
116         * JavaScriptCore.xcodeproj/project.pbxproj:
117         * b3/B3ArgumentRegValue.h:
118         * b3/B3CCallValue.cpp: Added.
119         * b3/B3CCallValue.h: Added.
120         * b3/B3CheckValue.h:
121         * b3/B3Const32Value.h:
122         * b3/B3Const64Value.h:
123         * b3/B3ConstDoubleValue.h:
124         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
125         * b3/B3ControlValue.h:
126         * b3/B3Effects.h:
127         (JSC::B3::Effects::forCall):
128         (JSC::B3::Effects::mustExecute):
129         * b3/B3MemoryValue.h:
130         * b3/B3PatchpointValue.h:
131         * b3/B3StackSlotValue.h:
132         * b3/B3UpsilonValue.h:
133         * b3/B3Value.cpp:
134         (JSC::B3::Value::effects):
135         (JSC::B3::Value::dumpMeta):
136         (JSC::B3::Value::checkOpcode):
137         (JSC::B3::Value::typeFor):
138         * b3/B3Value.h:
139
140 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
141
142         B3::Stackmap should be a superclass of B3::PatchpointValue and B3::CheckValue rather than being one of their members
143         https://bugs.webkit.org/show_bug.cgi?id=150831
144
145         Rubber stamped by Benjamin Poulain.
146
147         Previously, Stackmap was a value that PatchpointValue and CheckValue would hold as a field.
148         We'd have convenient ways of getting this field, like via Value::stackmap(). But this was a
149         bit ridiculous, since Stackmap is logically just a common supertype for Patchpointvalue and
150         CheckValue. This patch makes this reality by replacing Stackmap with StackmapValue. This makes
151         the code a lot more reasonable.
152
153         I also needed to make dumping a bit more customizable, so I changed dumpMeta() to take a
154         CommaPrinter&. This gives subclasses better control over whether or not to emit a comma. Also
155         it's now possible for subclasses of Value to customize how children are printed. StackmapValue
156         uses this to print the children and their reps together like:
157
158             Int32 @2 = Patchpoint(@0:SomeRegister, @1:SomeRegister, generator = 0x1107ec010, clobbered = [], usedRegisters = [], ExitsSideways|ControlDependent|Writes:Top|Reads:Top)
159
160         This has no behavior change, it's just a big refactoring. You can see how much simpler this
161         makes things by looking at the testSimplePatchpoint() test.
162
163         * CMakeLists.txt:
164         * JavaScriptCore.xcodeproj/project.pbxproj:
165         * b3/B3ArgumentRegValue.cpp:
166         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
167         (JSC::B3::ArgumentRegValue::dumpMeta):
168         * b3/B3ArgumentRegValue.h:
169         * b3/B3CheckSpecial.cpp:
170         (JSC::B3::CheckSpecial::generate):
171         * b3/B3CheckValue.cpp:
172         (JSC::B3::CheckValue::~CheckValue):
173         (JSC::B3::CheckValue::CheckValue):
174         (JSC::B3::CheckValue::dumpMeta): Deleted.
175         * b3/B3CheckValue.h:
176         (JSC::B3::CheckValue::accepts):
177         * b3/B3Const32Value.cpp:
178         (JSC::B3::Const32Value::notEqualConstant):
179         (JSC::B3::Const32Value::dumpMeta):
180         * b3/B3Const32Value.h:
181         * b3/B3Const64Value.cpp:
182         (JSC::B3::Const64Value::notEqualConstant):
183         (JSC::B3::Const64Value::dumpMeta):
184         * b3/B3Const64Value.h:
185         * b3/B3ConstDoubleValue.cpp:
186         (JSC::B3::ConstDoubleValue::notEqualConstant):
187         (JSC::B3::ConstDoubleValue::dumpMeta):
188         * b3/B3ConstDoubleValue.h:
189         * b3/B3ConstrainedValue.cpp: Added.
190         (JSC::B3::ConstrainedValue::dump):
191         * b3/B3ConstrainedValue.h: Added.
192         (JSC::B3::ConstrainedValue::ConstrainedValue):
193         (JSC::B3::ConstrainedValue::operator bool):
194         (JSC::B3::ConstrainedValue::value):
195         (JSC::B3::ConstrainedValue::rep):
196         * b3/B3ControlValue.cpp:
197         (JSC::B3::ControlValue::convertToJump):
198         (JSC::B3::ControlValue::dumpMeta):
199         * b3/B3ControlValue.h:
200         * b3/B3LowerToAir.cpp:
201         (JSC::B3::Air::LowerToAir::tryPatchpoint):
202         * b3/B3MemoryValue.cpp:
203         (JSC::B3::MemoryValue::accessByteSize):
204         (JSC::B3::MemoryValue::dumpMeta):
205         * b3/B3MemoryValue.h:
206         * b3/B3PatchpointSpecial.cpp:
207         (JSC::B3::PatchpointSpecial::generate):
208         * b3/B3PatchpointValue.cpp:
209         (JSC::B3::PatchpointValue::~PatchpointValue):
210         (JSC::B3::PatchpointValue::PatchpointValue):
211         (JSC::B3::PatchpointValue::dumpMeta): Deleted.
212         * b3/B3PatchpointValue.h:
213         (JSC::B3::PatchpointValue::accepts):
214         * b3/B3StackSlotValue.cpp:
215         (JSC::B3::StackSlotValue::~StackSlotValue):
216         (JSC::B3::StackSlotValue::dumpMeta):
217         * b3/B3StackSlotValue.h:
218         * b3/B3Stackmap.cpp: Removed.
219         * b3/B3Stackmap.h: Removed.
220         * b3/B3StackmapSpecial.cpp:
221         (JSC::B3::StackmapSpecial::reportUsedRegisters):
222         (JSC::B3::StackmapSpecial::extraClobberedRegs):
223         (JSC::B3::StackmapSpecial::forEachArgImpl):
224         (JSC::B3::StackmapSpecial::isValidImpl):
225         (JSC::B3::StackmapSpecial::admitsStackImpl):
226         * b3/B3StackmapSpecial.h:
227         * b3/B3StackmapValue.cpp: Added.
228         (JSC::B3::StackmapValue::~StackmapValue):
229         (JSC::B3::StackmapValue::append):
230         (JSC::B3::StackmapValue::setConstrainedChild):
231         (JSC::B3::StackmapValue::setConstraint):
232         (JSC::B3::StackmapValue::dumpChildren):
233         (JSC::B3::StackmapValue::dumpMeta):
234         (JSC::B3::StackmapValue::StackmapValue):
235         * b3/B3StackmapValue.h: Added.
236         * b3/B3SwitchValue.cpp:
237         (JSC::B3::SwitchValue::appendCase):
238         (JSC::B3::SwitchValue::dumpMeta):
239         (JSC::B3::SwitchValue::SwitchValue):
240         * b3/B3SwitchValue.h:
241         * b3/B3UpsilonValue.cpp:
242         (JSC::B3::UpsilonValue::~UpsilonValue):
243         (JSC::B3::UpsilonValue::dumpMeta):
244         * b3/B3UpsilonValue.h:
245         * b3/B3Validate.cpp:
246         * b3/B3Value.cpp:
247         (JSC::B3::Value::dump):
248         (JSC::B3::Value::dumpChildren):
249         (JSC::B3::Value::deepDump):
250         (JSC::B3::Value::performSubstitution):
251         (JSC::B3::Value::dumpMeta):
252         * b3/B3Value.h:
253         * b3/B3ValueInlines.h:
254         (JSC::B3::Value::asNumber):
255         (JSC::B3::Value::stackmap): Deleted.
256         * b3/B3ValueRep.h:
257         (JSC::B3::ValueRep::kind):
258         (JSC::B3::ValueRep::operator==):
259         (JSC::B3::ValueRep::operator!=):
260         (JSC::B3::ValueRep::operator bool):
261         (JSC::B3::ValueRep::isAny):
262         * b3/air/AirInstInlines.h:
263         * b3/testb3.cpp:
264         (JSC::B3::testSimplePatchpoint):
265
266 2015-11-03  Benjamin Poulain  <bpoulain@apple.com>
267
268         [JSC] Add Air lowering for BitOr and impove BitAnd
269         https://bugs.webkit.org/show_bug.cgi?id=150827
270
271         Reviewed by Filip Pizlo.
272
273         In this patch:
274         -B3 to Air lowering for BirOr.
275         -Codegen for BitOr.
276         -Strength reduction for BitOr and BitAnd.
277         -Tests for BitAnd and BitOr.
278         -Bug fix: Move64 with a negative value was destroying the top bits.
279
280         * b3/B3Const32Value.cpp:
281         (JSC::B3::Const32Value::bitAndConstant):
282         (JSC::B3::Const32Value::bitOrConstant):
283         * b3/B3Const32Value.h:
284         * b3/B3Const64Value.cpp:
285         (JSC::B3::Const64Value::bitAndConstant):
286         (JSC::B3::Const64Value::bitOrConstant):
287         * b3/B3Const64Value.h:
288         * b3/B3LowerToAir.cpp:
289         (JSC::B3::Air::LowerToAir::immForMove):
290         (JSC::B3::Air::LowerToAir::immOrTmpForMove):
291         (JSC::B3::Air::LowerToAir::tryOr):
292         (JSC::B3::Air::LowerToAir::tryConst64):
293         (JSC::B3::Air::LowerToAir::tryUpsilon):
294         (JSC::B3::Air::LowerToAir::tryIdentity):
295         (JSC::B3::Air::LowerToAir::tryReturn):
296         (JSC::B3::Air::LowerToAir::immOrTmp): Deleted.
297         * b3/B3LoweringMatcher.patterns:
298         * b3/B3ReduceStrength.cpp:
299         * b3/B3Value.cpp:
300         (JSC::B3::Value::bitAndConstant):
301         (JSC::B3::Value::bitOrConstant):
302         * b3/B3Value.h:
303         * b3/air/AirOpcode.opcodes:
304         * b3/testb3.cpp:
305         (JSC::B3::testReturnConst64):
306         (JSC::B3::testBitAndArgs):
307         (JSC::B3::testBitAndSameArg):
308         (JSC::B3::testBitAndImms):
309         (JSC::B3::testBitAndArgImm):
310         (JSC::B3::testBitAndImmArg):
311         (JSC::B3::testBitAndBitAndArgImmImm):
312         (JSC::B3::testBitAndImmBitAndArgImm):
313         (JSC::B3::testBitAndArgs32):
314         (JSC::B3::testBitAndSameArg32):
315         (JSC::B3::testBitAndImms32):
316         (JSC::B3::testBitAndArgImm32):
317         (JSC::B3::testBitAndImmArg32):
318         (JSC::B3::testBitAndBitAndArgImmImm32):
319         (JSC::B3::testBitAndImmBitAndArgImm32):
320         (JSC::B3::testBitOrArgs):
321         (JSC::B3::testBitOrSameArg):
322         (JSC::B3::testBitOrImms):
323         (JSC::B3::testBitOrArgImm):
324         (JSC::B3::testBitOrImmArg):
325         (JSC::B3::testBitOrBitOrArgImmImm):
326         (JSC::B3::testBitOrImmBitOrArgImm):
327         (JSC::B3::testBitOrArgs32):
328         (JSC::B3::testBitOrSameArg32):
329         (JSC::B3::testBitOrImms32):
330         (JSC::B3::testBitOrArgImm32):
331         (JSC::B3::testBitOrImmArg32):
332         (JSC::B3::testBitOrBitOrArgImmImm32):
333         (JSC::B3::testBitOrImmBitOrArgImm32):
334         (JSC::B3::run):
335
336 2015-11-03  Saam barati  <sbarati@apple.com>
337
338         Rewrite "const" as "var" for iTunes/iBooks on the Mac
339         https://bugs.webkit.org/show_bug.cgi?id=150852
340
341         Reviewed by Geoffrey Garen.
342
343         VM now has a setting indicating if we should treat
344         "const" variables as "var" to more closely match
345         JSC's previous implementation of "const" before ES6.
346
347         * parser/Parser.h:
348         (JSC::Parser::next):
349         (JSC::Parser::nextExpectIdentifier):
350         * runtime/VM.h:
351         (JSC::VM::setShouldRewriteConstAsVar):
352         (JSC::VM::shouldRewriteConstAsVar):
353
354 2015-11-03  Mark Lam  <mark.lam@apple.com>
355
356         Fix some inefficiencies in the baseline usage of JITAddGenerator.
357         https://bugs.webkit.org/show_bug.cgi?id=150850
358
359         Reviewed by Michael Saboff.
360
361         1. emit_op_add() was loading the operands twice.  Removed the redundant load.
362         2. The snippet may decide that it wants to go the slow path route all the time.
363            In that case, emit_op_add will end up emitting a branch to an out of line
364            slow path followed by some dead code to store the result of the fast path
365            on to the stack.
366            We now check if the snippet determined that there's no fast path, and just
367            emit the slow path inline, and skip the dead store of the fast path result.
368
369         * jit/JITArithmetic.cpp:
370         (JSC::JIT::emit_op_add):
371
372 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
373
374         B3::LowerToAir should do copy propagation
375         https://bugs.webkit.org/show_bug.cgi?id=150775
376
377         Reviewed by Geoffrey Garen.
378
379         What we are trying to do is remove the unnecessary Move's and Move32's from Trunc and ZExt32.
380         You could think of this as an Air optimization, and indeed, Air is powerful enough that we
381         could write a phase that does copy propagation through Move's and Move32's. For Move32's it
382         would only copy-propagate if it proved that the value was already zero-extended. We could
383         know this by just adding a Def32 role to Air.
384
385         But this patch takes a different approach: we ensure that we don't generate such redundant
386         Move's and Move32's to begin with. The reason is that it's much cheaper to do analysis over
387         B3 than over Air. So, whenever possible, and optimization should be implemented in B3. In
388         this case the optimization can't quite be implemented in B3 because you cannot remove a Trunc
389         or ZExt32 without violating the B3 type system. So, the best place to do this optimization is
390         during lowering: we can use B3 for our analysis and we can use Air to express the
391         transformation.
392
393         Copy propagating during B3->Air lowering is natural because we are creating "SSA-like" Tmps
394         from the B3 Values. They are SSA-like in the sense that except the tmp for a Phi, we know
395         that the Tmp will be assigned once and that the assignment will dominate all uses. So, if we
396         see an operation like Trunc that is semantically just a Move, we can skip the Move and just
397         claim that the Trunc has the same Tmp as its child. We do something similar for ZExt32,
398         except with that one we have to analyze IR to ensure that the value will actually be zero
399         extended. Note that this kind of reasoning about how Tmps work in Air is only possible in the
400         B3->Air lowering, since at that point we know for sure which Tmps behave this way. If we
401         wanted to do anything like this as a later Air phase, we'd have to do more analysis to first
402         prove that Tmps behave in this way.
403
404         * b3/B3LowerToAir.cpp:
405         (JSC::B3::Air::LowerToAir::run):
406         (JSC::B3::Air::LowerToAir::highBitsAreZero):
407         (JSC::B3::Air::LowerToAir::shouldCopyPropagate):
408         (JSC::B3::Air::LowerToAir::tmp):
409         (JSC::B3::Air::LowerToAir::tryStore):
410         (JSC::B3::Air::LowerToAir::tryTrunc):
411         (JSC::B3::Air::LowerToAir::tryZExt32):
412         (JSC::B3::Air::LowerToAir::tryIdentity):
413         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg): Deleted.
414         * b3/B3LoweringMatcher.patterns:
415
416 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
417
418         Web Inspector: Move ScriptDebugServer::Task to WorkerScriptDebugServer where it is actually used
419         https://bugs.webkit.org/show_bug.cgi?id=150847
420
421         Reviewed by Timothy Hatcher.
422
423         * inspector/ScriptDebugServer.h:
424         Remove Task from here, it isn't needed in the general case.
425
426         * parser/SourceProvider.h:
427         Remove unimplemented method.
428
429 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
430
431         Web Inspector: Handle or Remove ParseHTML Timeline Event Records
432         https://bugs.webkit.org/show_bug.cgi?id=150689
433
434         Reviewed by Timothy Hatcher.
435
436         * inspector/protocol/Timeline.json:
437
438 2015-11-03  Michael Saboff  <msaboff@apple.com>
439
440         Rename InlineCallFrame:: getCallerSkippingDeadFrames to something more descriptive
441         https://bugs.webkit.org/show_bug.cgi?id=150832
442
443         Reviewed by Geoffrey Garen.
444
445         Renamed InlineCallFrame::getCallerSkippingDeadFrames() to getCallerSkippingTailCalls().
446         Did similar renaming to helper InlineCallFrame::computeCallerSkippingTailCalls() and
447         InlineCallFrame::getCallerInlineFrameSkippingTailCalls().
448
449         * bytecode/InlineCallFrame.h:
450         (JSC::InlineCallFrame::computeCallerSkippingTailCalls):
451         (JSC::InlineCallFrame::getCallerSkippingTailCalls):
452         (JSC::InlineCallFrame::getCallerInlineFrameSkippingTailCalls):
453         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames): Deleted.
454         (JSC::InlineCallFrame::getCallerSkippingDeadFrames): Deleted.
455         (JSC::InlineCallFrame::getCallerInlineFrameSkippingDeadFrames): Deleted.
456         * dfg/DFGByteCodeParser.cpp:
457         (JSC::DFG::ByteCodeParser::allInlineFramesAreTailCalls):
458         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
459         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
460         * dfg/DFGGraph.cpp:
461         (JSC::DFG::Graph::isLiveInBytecode):
462         * dfg/DFGGraph.h:
463         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
464         * dfg/DFGOSRExitCompilerCommon.cpp:
465         (JSC::DFG::reifyInlinedCallFrames):
466         * dfg/DFGPreciseLocalClobberize.h:
467         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
468         * dfg/DFGSpeculativeJIT32_64.cpp:
469         (JSC::DFG::SpeculativeJIT::emitCall):
470         * dfg/DFGSpeculativeJIT64.cpp:
471         (JSC::DFG::SpeculativeJIT::emitCall):
472         * ftl/FTLLowerDFGToLLVM.cpp:
473         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
474         * interpreter/StackVisitor.cpp:
475         (JSC::StackVisitor::gotoNextFrame):
476
477 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
478
479         B3/Air should use bubble sort for their insertion sets, because it's faster than std::stable_sort
480         https://bugs.webkit.org/show_bug.cgi?id=150828
481
482         Reviewed by Geoffrey Garen.
483
484         Undo the 2% compile time regression caused by http://trac.webkit.org/changeset/191913.
485
486         * b3/B3InsertionSet.cpp:
487         (JSC::B3::InsertionSet::execute): Switch to bubble sort.
488         * b3/air/AirInsertionSet.cpp:
489         (JSC::B3::Air::InsertionSet::execute): Switch to bubble sort.
490         * dfg/DFGBlockInsertionSet.cpp:
491         (JSC::DFG::BlockInsertionSet::execute): Switch back to quicksort.
492
493 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
494
495         Unreviewed, partially revert r191952.
496
497         Removed GCC compiler workarounds (unreachable returns).
498
499         * b3/B3Type.h:
500         (JSC::B3::sizeofType):
501         * b3/air/AirArg.h:
502         (JSC::B3::Air::Arg::isUse):
503         (JSC::B3::Air::Arg::isDef):
504         (JSC::B3::Air::Arg::isGP):
505         (JSC::B3::Air::Arg::isFP):
506         (JSC::B3::Air::Arg::isType):
507         * b3/air/AirCode.h:
508         (JSC::B3::Air::Code::newTmp):
509         (JSC::B3::Air::Code::numTmps):
510
511 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
512
513         Fix the ENABLE(B3_JIT) build on Linux
514         https://bugs.webkit.org/show_bug.cgi?id=150794
515
516         Reviewed by Darin Adler.
517
518         * CMakeLists.txt:
519         * b3/B3HeapRange.h:
520         * b3/B3IndexSet.h:
521         (JSC::B3::IndexSet::Iterable::iterator::operator++):
522         * b3/B3Type.h:
523         (JSC::B3::sizeofType):
524         * b3/air/AirArg.cpp:
525         (JSC::B3::Air::Arg::dump):
526         * b3/air/AirArg.h:
527         (JSC::B3::Air::Arg::isUse):
528         (JSC::B3::Air::Arg::isDef):
529         (JSC::B3::Air::Arg::isGP):
530         (JSC::B3::Air::Arg::isFP):
531         (JSC::B3::Air::Arg::isType):
532         * b3/air/AirCode.h:
533         (JSC::B3::Air::Code::newTmp):
534         (JSC::B3::Air::Code::numTmps):
535         * b3/air/AirSpecial.cpp:
536
537 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
538
539         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
540         https://bugs.webkit.org/show_bug.cgi?id=150793
541
542         Reviewed by Darin Adler.
543
544         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
545         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
546         the ifdef in parseAssignmentExpression.
547         This prevents functionality of parsing arrow function syntax.
548
549         * parser/Lexer.cpp:
550         (JSC::Lexer<T>::lex):
551         * parser/Parser.cpp:
552         (JSC::Parser<LexerType>::parseInner): Deleted.
553         * parser/Parser.h:
554         (JSC::Parser::isArrowFunctionParamters): Deleted.
555         * parser/ParserTokens.h:
556
557 2015-11-02  Michael Saboff  <msaboff@apple.com>
558
559         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
560         https://bugs.webkit.org/show_bug.cgi?id=150745
561
562         Reviewed by Geoffrey Garen.
563
564         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
565         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
566         type of the true caller, that is the function we'll be returning to.
567
568         This can be found by remembering the last call type we find while walking up the inlined
569         frames in InlineCallFrame::getCallerSkippingDeadFrames().
570
571         We can also return directly back to a getter or setter callsite without using a thunk.
572
573         * bytecode/InlineCallFrame.h:
574         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
575         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
576         * dfg/DFGOSRExitCompilerCommon.cpp:
577         (JSC::DFG::reifyInlinedCallFrames):
578         * jit/JITPropertyAccess.cpp:
579         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
580         for reified inlined frames created during OSR exit. 
581         * jit/ThunkGenerators.cpp:
582         (JSC::baselineGetterReturnThunkGenerator): Deleted.
583         (JSC::baselineSetterReturnThunkGenerator): Deleted.
584         * jit/ThunkGenerators.h:
585
586 2015-11-02  Saam barati  <sbarati@apple.com>
587
588         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
589         https://bugs.webkit.org/show_bug.cgi?id=150760
590
591         Reviewed by Geoffrey Garen.
592
593         This is related to using PhantomLocal instead of Flush as 
594         the liveness preservation mechanism for live catch variables. 
595         I'm temporarily switching things back to Flush. This will be a
596         performance hit for try/catch in the DFG. Landing this patch,
597         though, will allow me to land try/catch in the FTL. It also
598         makes try/catch in the DFG sound. I have opened another
599         bug to further investigate using PhantomLocal as the
600         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
601
602         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
603         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
604         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
605         (assert):
606         (let.oThrow.get f):
607         (let.o2.get f):
608         (foo):
609         (f):
610
611 2015-11-02  Andy Estes  <aestes@apple.com>
612
613         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
614         https://bugs.webkit.org/show_bug.cgi?id=150819
615
616         Reviewed by Dan Bernstein.
617
618         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
619
620         * Configurations/Base.xcconfig:
621
622 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
623
624         [Win] MiniBrowser unable to use WebInspector
625         https://bugs.webkit.org/show_bug.cgi?id=150810
626         <rdar://problem/23358514>
627
628         Reviewed by Timothy Hatcher.
629
630         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
631         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
632         parsing error in the JS file.
633         
634         The solution was to switch from using "COMMAND echo" to use the more cross-platform
635         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
636         escaping properly on all platforms.
637
638         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
639
640 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
641
642         B3 should be able to compile a Patchpoint
643         https://bugs.webkit.org/show_bug.cgi?id=150750
644
645         Reviewed by Geoffrey Garen.
646
647         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
648         with a B3::PatchpointSpecial.
649
650         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
651         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
652         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
653         otherwise I would have had to write a lot of boilerplate.
654
655         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
656
657         There were a ton of indexing bugs in B3StackmapSpecial.
658
659         The spiller was broken in case the Def was not the last Arg, since it was adding things
660         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
661         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
662         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
663         order insertions as a rare case. I think that we don't really need to be so paranoid.
664         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
665         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
666         used sort, which is slightly wrong.
667
668         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
669
670         * b3/B3InsertionSet.cpp:
671         (JSC::B3::InsertionSet::execute):
672         * b3/B3LowerToAir.cpp:
673         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
674         (JSC::B3::Air::LowerToAir::appendStore):
675         (JSC::B3::Air::LowerToAir::moveForType):
676         (JSC::B3::Air::LowerToAir::append):
677         (JSC::B3::Air::LowerToAir::ensureSpecial):
678         (JSC::B3::Air::LowerToAir::tryStore):
679         (JSC::B3::Air::LowerToAir::tryStackSlot):
680         (JSC::B3::Air::LowerToAir::tryPatchpoint):
681         (JSC::B3::Air::LowerToAir::tryUpsilon):
682         * b3/B3LoweringMatcher.patterns:
683         * b3/B3PatchpointValue.h:
684         (JSC::B3::PatchpointValue::accepts): Deleted.
685         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
686         * b3/B3Stackmap.h:
687         (JSC::B3::Stackmap::constrain):
688         (JSC::B3::Stackmap::appendConstraint):
689         (JSC::B3::Stackmap::reps):
690         (JSC::B3::Stackmap::clobber):
691         * b3/B3StackmapSpecial.cpp:
692         (JSC::B3::StackmapSpecial::forEachArgImpl):
693         (JSC::B3::StackmapSpecial::isValidImpl):
694         * b3/B3Value.h:
695         * b3/B3ValueRep.h:
696         (JSC::B3::ValueRep::ValueRep):
697         (JSC::B3::ValueRep::reg):
698         (JSC::B3::ValueRep::operator bool):
699         (JSC::B3::ValueRep::isAny):
700         (JSC::B3::ValueRep::isSomeRegister):
701         (JSC::B3::ValueRep::isReg):
702         (JSC::B3::ValueRep::isGPR):
703         (JSC::B3::ValueRep::isFPR):
704         (JSC::B3::ValueRep::gpr):
705         (JSC::B3::ValueRep::fpr):
706         (JSC::B3::ValueRep::isStack):
707         (JSC::B3::ValueRep::offsetFromFP):
708         (JSC::B3::ValueRep::isStackArgument):
709         (JSC::B3::ValueRep::offsetFromSP):
710         (JSC::B3::ValueRep::isConstant):
711         (JSC::B3::ValueRep::value):
712         * b3/air/AirCode.cpp:
713         (JSC::B3::Air::Code::dump):
714         * b3/air/AirInsertionSet.cpp:
715         (JSC::B3::Air::InsertionSet::execute):
716         * b3/testb3.cpp:
717         (JSC::B3::testComplex):
718         (JSC::B3::testSimplePatchpoint):
719         (JSC::B3::run):
720         * dfg/DFGBlockInsertionSet.cpp:
721         (JSC::DFG::BlockInsertionSet::execute):
722
723 2015-11-02  Mark Lam  <mark.lam@apple.com>
724
725         Snippefy op_add for the baseline JIT.
726         https://bugs.webkit.org/show_bug.cgi?id=150129
727
728         Reviewed by Geoffrey Garen and Saam Barati.
729
730         Performance is neutral for both 32-bit and 64-bit on X86_64.
731
732         * CMakeLists.txt:
733         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
734         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
735         * JavaScriptCore.xcodeproj/project.pbxproj:
736         * jit/JIT.h:
737         (JSC::JIT::getOperandConstantInt):
738         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
739           because the snippet needs it.
740
741         * jit/JITAddGenerator.cpp: Added.
742         (JSC::JITAddGenerator::generateFastPath):
743         * jit/JITAddGenerator.h: Added.
744         (JSC::JITAddGenerator::JITAddGenerator):
745         (JSC::JITAddGenerator::endJumpList):
746         (JSC::JITAddGenerator::slowPathJumpList):
747         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
748           is a constant int32_t.  It does not implement an optimization for the case where
749           both operands are constant int32_t.  This is because:
750           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
751           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
752
753           Hence, such an optimization path (for 2 constant int32_t operands) would never
754           be taken, and is why we won't implement it.
755
756         * jit/JITArithmetic.cpp:
757         (JSC::JIT::compileBinaryArithOp):
758         (JSC::JIT::compileBinaryArithOpSlowCase):
759         - Removed op_add cases.  These are no longer used by the op_add emitters.
760
761         (JSC::JIT::emit_op_add):
762         (JSC::JIT::emitSlow_op_add):
763         - Moved out from the JSVALUE64 section to the common section, and reimplemented
764           using the snippet.
765
766         * jit/JITArithmetic32_64.cpp:
767         (JSC::JIT::emitBinaryDoubleOp):
768         (JSC::JIT::emit_op_add): Deleted.
769         (JSC::JIT::emitAdd32Constant): Deleted.
770         (JSC::JIT::emitSlow_op_add): Deleted.
771         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
772           and 64-bit implementations.
773
774         * jit/JITInlines.h:
775         (JSC::JIT::getOperandConstantInt):
776         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
777           because the snippet needs it.
778
779 2015-11-02  Brian Burg  <bburg@apple.com>
780
781         Run sort-Xcode-project-file for the JavaScriptCore project.
782
783         Unreviewed. Many things were out of order following recent B3 commits.
784
785         * JavaScriptCore.xcodeproj/project.pbxproj:
786
787 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
788
789         Rename op_put_getter_setter to op_put_getter_setter_by_id
790         https://bugs.webkit.org/show_bug.cgi?id=150773
791
792         Reviewed by Mark Lam.
793
794         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
795         the other ops' names like op_put_getter_by_id etc.
796
797         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
798
799         * JavaScriptCore.xcodeproj/project.pbxproj:
800         * bytecode/BytecodeList.json:
801         * bytecode/BytecodeUseDef.h:
802         (JSC::computeUsesForBytecodeOffset):
803         (JSC::computeDefsForBytecodeOffset):
804         * bytecode/CodeBlock.cpp:
805         (JSC::CodeBlock::dumpBytecode):
806         * bytecompiler/BytecodeGenerator.cpp:
807         (JSC::BytecodeGenerator::emitPutGetterSetter):
808         * dfg/DFGByteCodeParser.cpp:
809         (JSC::DFG::ByteCodeParser::parseBlock):
810         * dfg/DFGCapabilities.cpp:
811         (JSC::DFG::capabilityLevel):
812         * jit/JIT.cpp:
813         (JSC::JIT::privateCompileMainPass):
814         * jit/JIT.h:
815         * jit/JITPropertyAccess.cpp:
816         (JSC::JIT::emit_op_put_getter_setter_by_id):
817         (JSC::JIT::emit_op_put_getter_setter): Deleted.
818         * jit/JITPropertyAccess32_64.cpp:
819         (JSC::JIT::emit_op_put_getter_setter_by_id):
820         (JSC::JIT::emit_op_put_getter_setter): Deleted.
821         * llint/LLIntSlowPaths.cpp:
822         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
823         * llint/LLIntSlowPaths.h:
824         * llint/LowLevelInterpreter.asm:
825
826 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
827
828         Fix the FTL JIT build with system LLVM on Linux
829         https://bugs.webkit.org/show_bug.cgi?id=150795
830
831         Reviewed by Filip Pizlo.
832
833         * CMakeLists.txt:
834
835 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
836
837         [ES6] Support Generator Syntax
838         https://bugs.webkit.org/show_bug.cgi?id=150769
839
840         Reviewed by Geoffrey Garen.
841
842         This patch implements syntax part of ES6 Generators.
843
844         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
845         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
846         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
847         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
848
849         * Configurations/FeatureDefines.xcconfig:
850         * bytecompiler/NodesCodegen.cpp:
851         (JSC::YieldExprNode::emitBytecode):
852         * parser/ASTBuilder.h:
853         (JSC::ASTBuilder::createYield):
854         * parser/Keywords.table:
855         * parser/NodeConstructors.h:
856         (JSC::YieldExprNode::YieldExprNode):
857         * parser/Nodes.h:
858         * parser/Parser.cpp:
859         (JSC::Parser<LexerType>::Parser):
860         (JSC::Parser<LexerType>::parseInner):
861         (JSC::Parser<LexerType>::parseStatementListItem):
862         (JSC::Parser<LexerType>::parseVariableDeclarationList):
863         (JSC::Parser<LexerType>::parseDestructuringPattern):
864         (JSC::Parser<LexerType>::parseBreakStatement):
865         (JSC::Parser<LexerType>::parseContinueStatement):
866         (JSC::Parser<LexerType>::parseTryStatement):
867         (JSC::Parser<LexerType>::parseStatement):
868         (JSC::stringForFunctionMode):
869         (JSC::Parser<LexerType>::parseFunctionParameters):
870         (JSC::Parser<LexerType>::parseFunctionInfo):
871         (JSC::Parser<LexerType>::parseFunctionDeclaration):
872         (JSC::Parser<LexerType>::parseClass):
873         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
874         (JSC::Parser<LexerType>::parseExportDeclaration):
875         (JSC::Parser<LexerType>::parseAssignmentExpression):
876         (JSC::Parser<LexerType>::parseYieldExpression):
877         (JSC::Parser<LexerType>::parseProperty):
878         (JSC::Parser<LexerType>::parsePropertyMethod):
879         (JSC::Parser<LexerType>::parseGetterSetter):
880         (JSC::Parser<LexerType>::parseFunctionExpression):
881         (JSC::Parser<LexerType>::parsePrimaryExpression):
882         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
883         * parser/Parser.h:
884         (JSC::Scope::Scope):
885         (JSC::Scope::setSourceParseMode):
886         (JSC::Scope::isGenerator):
887         (JSC::Scope::setIsFunction):
888         (JSC::Scope::setIsGenerator):
889         (JSC::Scope::setIsModule):
890         (JSC::Parser::pushScope):
891         (JSC::Parser::isYIELDMaskedAsIDENT):
892         (JSC::Parser::matchSpecIdentifier):
893         (JSC::Parser::saveState):
894         (JSC::Parser::restoreState):
895         * parser/ParserModes.h:
896         (JSC::isFunctionParseMode):
897         (JSC::isModuleParseMode):
898         (JSC::isProgramParseMode):
899         * parser/ParserTokens.h:
900         * parser/SyntaxChecker.h:
901         (JSC::SyntaxChecker::createYield):
902         * tests/stress/generator-methods.js: Added.
903         (Hello.prototype.gen):
904         (Hello.gen):
905         (Hello):
906         (Hello.prototype.set get string_appeared_here):
907         (Hello.string_appeared_here):
908         (Hello.prototype.20):
909         (Hello.20):
910         (Hello.prototype.42):
911         (Hello.42):
912         (let.object.gen):
913         (let.object.set get string_appeared_here):
914         (let.object.20):
915         (let.object.42):
916         * tests/stress/generator-syntax.js: Added.
917         (testSyntax):
918         (testSyntaxError):
919         (testSyntaxError.Hello.prototype.get gen):
920         (testSyntaxError.Hello):
921         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
922         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
923         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
924         (testSyntaxError.value):
925         (testSyntaxError.gen.ng):
926         (testSyntaxError.gen):
927         (testSyntax.gen):
928         * tests/stress/yield-and-line-terminator.js: Added.
929         (testSyntax):
930         (testSyntaxError):
931         (testSyntax.gen):
932         (testSyntaxError.gen):
933         * tests/stress/yield-label-generator.js: Added.
934         (testSyntax):
935         (testSyntaxError):
936         (testSyntaxError.test):
937         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
938         * tests/stress/yield-label.js: Added.
939         (yield):
940         (testSyntaxError):
941         (testSyntaxError.test):
942         * tests/stress/yield-named-accessors-generator.js: Added.
943         (t1.let.object.get yield):
944         (t1.let.object.set yield):
945         (t1):
946         (t2.let.object.get yield):
947         (t2.let.object.set yield):
948         (t2):
949         * tests/stress/yield-named-accessors.js: Added.
950         (t1.let.object.get yield):
951         (t1.let.object.set yield):
952         (t1):
953         (t2.let.object.get yield):
954         (t2.let.object.set yield):
955         (t2):
956         * tests/stress/yield-named-variable-generator.js: Added.
957         (testSyntax):
958         (testSyntaxError):
959         (testSyntaxError.t1):
960         (testSyntaxError.t1.yield):
961         (testSyntax.t1.yield):
962         (testSyntax.t1):
963         * tests/stress/yield-named-variable.js: Added.
964         (testSyntax):
965         (testSyntaxError):
966         (testSyntax.t1):
967         (testSyntaxError.t1):
968         (testSyntax.t1.yield):
969         (testSyntaxError.t1.yield):
970         * tests/stress/yield-out-of-generator.js: Added.
971         (testSyntax):
972         (testSyntaxError):
973         (testSyntaxError.hello):
974         (testSyntaxError.gen.hello):
975         (testSyntaxError.gen):
976         (testSyntax.gen):
977         (testSyntax.gen.ok):
978         (testSyntaxError.gen.ok):
979
980 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
981
982         Dominators should be factored out of the DFG
983         https://bugs.webkit.org/show_bug.cgi?id=150764
984
985         Reviewed by Geoffrey Garen.
986
987         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
988         DFG:
989
990         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
991            future if we wanted to support inverted dominators, we could do it by just creating a
992            DFG::BackwardCFG.
993
994         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
995            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
996            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
997            the DFG.
998
999         * CMakeLists.txt:
1000         * JavaScriptCore.xcodeproj/project.pbxproj:
1001         * dfg/DFGAnalysis.h: Removed.
1002         * dfg/DFGCFG.h: Added.
1003         (JSC::DFG::CFG::CFG):
1004         (JSC::DFG::CFG::root):
1005         (JSC::DFG::CFG::newMap<T>):
1006         (JSC::DFG::CFG::successors):
1007         (JSC::DFG::CFG::predecessors):
1008         (JSC::DFG::CFG::index):
1009         (JSC::DFG::CFG::node):
1010         (JSC::DFG::CFG::numNodes):
1011         (JSC::DFG::CFG::dump):
1012         * dfg/DFGCSEPhase.cpp:
1013         * dfg/DFGDisassembler.cpp:
1014         (JSC::DFG::Disassembler::createDumpList):
1015         * dfg/DFGDominators.cpp: Removed.
1016         * dfg/DFGDominators.h:
1017         (JSC::DFG::Dominators::Dominators):
1018         (JSC::DFG::Dominators::strictlyDominates): Deleted.
1019         (JSC::DFG::Dominators::dominates): Deleted.
1020         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
1021         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
1022         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
1023         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
1024         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
1025         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
1026         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
1027         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
1028         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
1029         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
1030         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
1031         * dfg/DFGEdgeDominates.h:
1032         (JSC::DFG::EdgeDominates::operator()):
1033         * dfg/DFGGraph.cpp:
1034         (JSC::DFG::Graph::Graph):
1035         (JSC::DFG::Graph::dumpBlockHeader):
1036         (JSC::DFG::Graph::invalidateCFG):
1037         (JSC::DFG::Graph::substituteGetLocal):
1038         (JSC::DFG::Graph::handleAssertionFailure):
1039         (JSC::DFG::Graph::ensureDominators):
1040         (JSC::DFG::Graph::ensurePrePostNumbering):
1041         (JSC::DFG::Graph::ensureNaturalLoops):
1042         (JSC::DFG::Graph::valueProfileFor):
1043         * dfg/DFGGraph.h:
1044         (JSC::DFG::Graph::hasDebuggerEnabled):
1045         * dfg/DFGLICMPhase.cpp:
1046         (JSC::DFG::LICMPhase::run):
1047         (JSC::DFG::LICMPhase::attemptHoist):
1048         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1049         (JSC::DFG::createPreHeader):
1050         (JSC::DFG::LoopPreHeaderCreationPhase::run):
1051         * dfg/DFGNaturalLoops.cpp:
1052         (JSC::DFG::NaturalLoop::dump):
1053         (JSC::DFG::NaturalLoops::NaturalLoops):
1054         (JSC::DFG::NaturalLoops::~NaturalLoops):
1055         (JSC::DFG::NaturalLoops::loopsOf):
1056         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
1057         (JSC::DFG::NaturalLoops::compute): Deleted.
1058         * dfg/DFGNaturalLoops.h:
1059         (JSC::DFG::NaturalLoops::numLoops):
1060         * dfg/DFGNode.h:
1061         (JSC::DFG::Node::SuccessorsIterable::end):
1062         (JSC::DFG::Node::SuccessorsIterable::size):
1063         (JSC::DFG::Node::SuccessorsIterable::at):
1064         (JSC::DFG::Node::SuccessorsIterable::operator[]):
1065         * dfg/DFGOSREntrypointCreationPhase.cpp:
1066         (JSC::DFG::OSREntrypointCreationPhase::run):
1067         * dfg/DFGObjectAllocationSinkingPhase.cpp:
1068         * dfg/DFGPlan.cpp:
1069         (JSC::DFG::Plan::compileInThreadImpl):
1070         * dfg/DFGPrePostNumbering.cpp:
1071         (JSC::DFG::PrePostNumbering::PrePostNumbering):
1072         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
1073         (JSC::DFG::PrePostNumbering::compute): Deleted.
1074         * dfg/DFGPrePostNumbering.h:
1075         (JSC::DFG::PrePostNumbering::preNumber):
1076         (JSC::DFG::PrePostNumbering::postNumber):
1077         * dfg/DFGPutStackSinkingPhase.cpp:
1078         * dfg/DFGSSACalculator.cpp:
1079         (JSC::DFG::SSACalculator::nonLocalReachingDef):
1080         (JSC::DFG::SSACalculator::reachingDefAtTail):
1081         * dfg/DFGSSACalculator.h:
1082         (JSC::DFG::SSACalculator::computePhis):
1083         * dfg/DFGSSAConversionPhase.cpp:
1084         (JSC::DFG::SSAConversionPhase::run):
1085         * ftl/FTLLink.cpp:
1086         (JSC::FTL::link):
1087         * ftl/FTLLowerDFGToLLVM.cpp:
1088         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
1089         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
1090         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
1091
1092 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1093
1094         B3::reduceStrength's DCE should be more agro and less wrong
1095         https://bugs.webkit.org/show_bug.cgi?id=150748
1096
1097         Reviewed by Geoffrey Garen.
1098
1099         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
1100         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
1101         cycles. It was also probably slower than it needed to be, since it would eliminate all
1102         never-referenced things on each fixpoint.
1103
1104         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
1105         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
1106         Upsilons, it's a fixpoint. It works fine in the end.
1107
1108         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
1109         writing as a compile time benchmark. So, I include that test in this change. I also include
1110         the small lowering extensions that it needed - shifting and zero extending.
1111
1112         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
1113         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
1114         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
1115         close once we give B3 a register allocator, but still, that's pretty good news for our B3
1116         strategy.
1117
1118         * JavaScriptCore.xcodeproj/project.pbxproj:
1119         * assembler/MacroAssemblerX86_64.h:
1120         (JSC::MacroAssemblerX86_64::lshift64):
1121         (JSC::MacroAssemblerX86_64::rshift64):
1122         * assembler/X86Assembler.h:
1123         (JSC::X86Assembler::shlq_i8r):
1124         (JSC::X86Assembler::shlq_CLr):
1125         (JSC::X86Assembler::imull_rr):
1126         * b3/B3BasicBlock.cpp:
1127         (JSC::B3::BasicBlock::replacePredecessor):
1128         (JSC::B3::BasicBlock::dump):
1129         (JSC::B3::BasicBlock::removeNops): Deleted.
1130         * b3/B3BasicBlock.h:
1131         (JSC::B3::BasicBlock::frequency):
1132         * b3/B3Common.cpp:
1133         (JSC::B3::shouldSaveIRBeforePhase):
1134         (JSC::B3::shouldMeasurePhaseTiming):
1135         * b3/B3Common.h:
1136         (JSC::B3::isRepresentableAsImpl):
1137         * b3/B3Generate.cpp:
1138         (JSC::B3::generate):
1139         (JSC::B3::generateToAir):
1140         * b3/B3LowerToAir.cpp:
1141         (JSC::B3::Air::LowerToAir::tryAnd):
1142         (JSC::B3::Air::LowerToAir::tryShl):
1143         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1144         (JSC::B3::Air::LowerToAir::tryTrunc):
1145         (JSC::B3::Air::LowerToAir::tryZExt32):
1146         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1147         * b3/B3LoweringMatcher.patterns:
1148         * b3/B3PhaseScope.cpp:
1149         (JSC::B3::PhaseScope::PhaseScope):
1150         * b3/B3PhaseScope.h:
1151         * b3/B3ReduceStrength.cpp:
1152         * b3/B3TimingScope.cpp: Added.
1153         (JSC::B3::TimingScope::TimingScope):
1154         (JSC::B3::TimingScope::~TimingScope):
1155         * b3/B3TimingScope.h: Added.
1156         * b3/B3Validate.cpp:
1157         * b3/air/AirAllocateStack.cpp:
1158         (JSC::B3::Air::allocateStack):
1159         * b3/air/AirGenerate.cpp:
1160         (JSC::B3::Air::generate):
1161         * b3/air/AirInstInlines.h:
1162         (JSC::B3::Air::ForEach<Arg>::forEach):
1163         (JSC::B3::Air::Inst::forEach):
1164         (JSC::B3::Air::isLshift32Valid):
1165         (JSC::B3::Air::isLshift64Valid):
1166         * b3/air/AirLiveness.h:
1167         (JSC::B3::Air::Liveness::isAlive):
1168         (JSC::B3::Air::Liveness::Liveness):
1169         (JSC::B3::Air::Liveness::LocalCalc::execute):
1170         * b3/air/AirOpcode.opcodes:
1171         * b3/air/AirPhaseScope.cpp:
1172         (JSC::B3::Air::PhaseScope::PhaseScope):
1173         * b3/air/AirPhaseScope.h:
1174         * b3/testb3.cpp:
1175         (JSC::B3::testBranchEqualFoldPtr):
1176         (JSC::B3::testComplex):
1177         (JSC::B3::run):
1178         * runtime/Options.h:
1179
1180 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
1181
1182         [ES6] Add support for toStringTag
1183         https://bugs.webkit.org/show_bug.cgi?id=150696
1184
1185         Re-landing, as this wasn't the culprit.
1186
1187         * runtime/ArrayIteratorPrototype.cpp:
1188         (JSC::ArrayIteratorPrototype::finishCreation):
1189         * runtime/CommonIdentifiers.h:
1190         * runtime/JSArrayBufferPrototype.cpp:
1191         (JSC::JSArrayBufferPrototype::finishCreation):
1192         (JSC::JSArrayBufferPrototype::create):
1193         * runtime/JSDataViewPrototype.cpp:
1194         (JSC::JSDataViewPrototype::create):
1195         (JSC::JSDataViewPrototype::finishCreation):
1196         (JSC::JSDataViewPrototype::createStructure):
1197         * runtime/JSDataViewPrototype.h:
1198         * runtime/JSModuleNamespaceObject.cpp:
1199         (JSC::JSModuleNamespaceObject::finishCreation):
1200         * runtime/JSONObject.cpp:
1201         (JSC::JSONObject::finishCreation):
1202         * runtime/JSPromisePrototype.cpp:
1203         (JSC::JSPromisePrototype::finishCreation):
1204         (JSC::JSPromisePrototype::getOwnPropertySlot):
1205         * runtime/JSTypedArrayViewPrototype.cpp:
1206         (JSC::typedArrayViewProtoFuncValues):
1207         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1208         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
1209         (JSC::JSTypedArrayViewPrototype::finishCreation):
1210         * runtime/MapIteratorPrototype.cpp:
1211         (JSC::MapIteratorPrototype::finishCreation):
1212         (JSC::MapIteratorPrototypeFuncNext):
1213         * runtime/MapPrototype.cpp:
1214         (JSC::MapPrototype::finishCreation):
1215         * runtime/MathObject.cpp:
1216         (JSC::MathObject::finishCreation):
1217         * runtime/ObjectPrototype.cpp:
1218         (JSC::objectProtoFuncToString):
1219         * runtime/SetIteratorPrototype.cpp:
1220         (JSC::SetIteratorPrototype::finishCreation):
1221         (JSC::SetIteratorPrototypeFuncNext):
1222         * runtime/SetPrototype.cpp:
1223         (JSC::SetPrototype::finishCreation):
1224         * runtime/SmallStrings.cpp:
1225         (JSC::SmallStrings::SmallStrings):
1226         (JSC::SmallStrings::initializeCommonStrings):
1227         (JSC::SmallStrings::visitStrongReferences):
1228         * runtime/SmallStrings.h:
1229         (JSC::SmallStrings::typeString):
1230         (JSC::SmallStrings::objectStringStart):
1231         (JSC::SmallStrings::nullObjectString):
1232         (JSC::SmallStrings::undefinedObjectString):
1233         * runtime/StringIteratorPrototype.cpp:
1234         (JSC::StringIteratorPrototype::finishCreation):
1235         * runtime/SymbolPrototype.cpp:
1236         (JSC::SymbolPrototype::finishCreation):
1237         * runtime/WeakMapPrototype.cpp:
1238         (JSC::WeakMapPrototype::finishCreation):
1239         (JSC::getWeakMapData):
1240         * runtime/WeakSetPrototype.cpp:
1241         (JSC::WeakSetPrototype::finishCreation):
1242         (JSC::getWeakMapData):
1243         * tests/es6.yaml:
1244         * tests/modules/namespace.js:
1245         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
1246
1247 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1248
1249         Unreviewed, rolling out r191815 and r191821.
1250         https://bugs.webkit.org/show_bug.cgi?id=150781
1251
1252         Seems to have broken JSC API tests on some platforms
1253         (Requested by ap on #webkit).
1254
1255         Reverted changesets:
1256
1257         "[ES6] Add support for toStringTag"
1258         https://bugs.webkit.org/show_bug.cgi?id=150696
1259         http://trac.webkit.org/changeset/191815
1260
1261         "Unreviewed, forgot to mark tests as passing for new feature."
1262         http://trac.webkit.org/changeset/191821
1263
1264 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1265
1266         Unreviewed, rolling out r191858.
1267         https://bugs.webkit.org/show_bug.cgi?id=150780
1268
1269         Broke the build (Requested by ap on #webkit).
1270
1271         Reverted changeset:
1272
1273         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
1274         https://bugs.webkit.org/show_bug.cgi?id=150773
1275         http://trac.webkit.org/changeset/191858
1276
1277 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1278
1279         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
1280
1281         * b3/B3LowerToAir.cpp:
1282         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1283
1284 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1285
1286         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
1287
1288         * b3/B3LowerToAir.cpp:
1289         (JSC::B3::Air::LowerToAir::tryTrunc):
1290
1291 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1292
1293         Rename op_put_getter_setter to op_put_getter_setter_by_id
1294         https://bugs.webkit.org/show_bug.cgi?id=150773
1295
1296         Reviewed by Mark Lam.
1297
1298         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
1299         the other ops' names like op_put_getter_by_id etc.
1300
1301         * bytecode/BytecodeList.json:
1302         * bytecode/BytecodeUseDef.h:
1303         (JSC::computeUsesForBytecodeOffset):
1304         (JSC::computeDefsForBytecodeOffset):
1305         * bytecode/CodeBlock.cpp:
1306         (JSC::CodeBlock::dumpBytecode):
1307         * bytecompiler/BytecodeGenerator.cpp:
1308         (JSC::BytecodeGenerator::emitPutGetterSetter):
1309         * dfg/DFGByteCodeParser.cpp:
1310         (JSC::DFG::ByteCodeParser::parseBlock):
1311         * dfg/DFGCapabilities.cpp:
1312         (JSC::DFG::capabilityLevel):
1313         * jit/JIT.cpp:
1314         (JSC::JIT::privateCompileMainPass):
1315         * jit/JIT.h:
1316         * jit/JITPropertyAccess.cpp:
1317         (JSC::JIT::emit_op_put_getter_setter_by_id):
1318         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1319         * jit/JITPropertyAccess32_64.cpp:
1320         (JSC::JIT::emit_op_put_getter_setter_by_id):
1321         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1322         * llint/LLIntSlowPaths.cpp:
1323         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1324         * llint/LLIntSlowPaths.h:
1325         * llint/LowLevelInterpreter.asm:
1326
1327 2015-10-31  Andreas Kling  <akling@apple.com>
1328
1329         Add a debug overlay with information about web process resource usage.
1330         <https://webkit.org/b/150599>
1331
1332         Reviewed by Darin Adler.
1333
1334         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
1335         WeakBlock objects, keeping them in a single location that can be sampled by the
1336         resource usage overlay thread.
1337
1338         The bulk of these changes is threading a Heap& through from sites where blocks are
1339         allocated or freed.
1340
1341         * heap/CopiedBlock.cpp:
1342         (JSC::CopiedBlock::createNoZeroFill):
1343         (JSC::CopiedBlock::destroy):
1344         (JSC::CopiedBlock::create):
1345         * heap/CopiedBlock.h:
1346         * heap/CopiedSpace.cpp:
1347         (JSC::CopiedSpace::~CopiedSpace):
1348         (JSC::CopiedSpace::tryAllocateOversize):
1349         (JSC::CopiedSpace::tryReallocateOversize):
1350         * heap/CopiedSpaceInlines.h:
1351         (JSC::CopiedSpace::recycleEvacuatedBlock):
1352         (JSC::CopiedSpace::recycleBorrowedBlock):
1353         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1354         (JSC::CopiedSpace::allocateBlock):
1355         (JSC::CopiedSpace::startedCopying):
1356         * heap/Heap.cpp:
1357         (JSC::Heap::~Heap):
1358         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
1359         * heap/Heap.h:
1360         (JSC::Heap::blockBytesAllocated):
1361         * heap/HeapInlines.h:
1362         (JSC::Heap::didAllocateBlock):
1363         (JSC::Heap::didFreeBlock):
1364         * heap/MarkedAllocator.cpp:
1365         (JSC::MarkedAllocator::allocateBlock):
1366         * heap/MarkedBlock.cpp:
1367         (JSC::MarkedBlock::create):
1368         (JSC::MarkedBlock::destroy):
1369         * heap/MarkedBlock.h:
1370         * heap/MarkedSpace.cpp:
1371         (JSC::MarkedSpace::freeBlock):
1372         * heap/WeakBlock.cpp:
1373         (JSC::WeakBlock::create):
1374         (JSC::WeakBlock::destroy):
1375         * heap/WeakBlock.h:
1376         * heap/WeakSet.cpp:
1377         (JSC::WeakSet::~WeakSet):
1378         (JSC::WeakSet::addAllocator):
1379         (JSC::WeakSet::removeAllocator):
1380
1381 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1382
1383         Air should eliminate dead code
1384         https://bugs.webkit.org/show_bug.cgi?id=150746
1385
1386         Reviewed by Geoffrey Garen.
1387
1388         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
1389         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
1390         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
1391         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
1392         runs these rules to fixpoint, and then removes the dead instructions.
1393
1394         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
1395         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
1396         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
1397         checks are all Specials, and the Special base class by default always claims that the
1398         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
1399         exotic math constructs; then the Special associated with that thing would claim that there
1400         are no effects.
1401
1402         * JavaScriptCore.xcodeproj/project.pbxproj:
1403         * b3/air/AirBasicBlock.h:
1404         (JSC::B3::Air::BasicBlock::begin):
1405         (JSC::B3::Air::BasicBlock::end):
1406         (JSC::B3::Air::BasicBlock::at):
1407         (JSC::B3::Air::BasicBlock::last):
1408         (JSC::B3::Air::BasicBlock::resize):
1409         (JSC::B3::Air::BasicBlock::appendInst):
1410         * b3/air/AirEliminateDeadCode.cpp: Added.
1411         (JSC::B3::Air::eliminateDeadCode):
1412         * b3/air/AirEliminateDeadCode.h: Added.
1413         * b3/air/AirGenerate.cpp:
1414         (JSC::B3::Air::generate):
1415         * b3/air/AirInst.h:
1416         * b3/air/AirOpcode.opcodes:
1417         * b3/air/AirSpecial.cpp:
1418         (JSC::B3::Air::Special::name):
1419         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
1420         (JSC::B3::Air::Special::dump):
1421         * b3/air/AirSpecial.h:
1422         * b3/air/opcode_generator.rb:
1423
1424 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1425
1426         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
1427         https://bugs.webkit.org/show_bug.cgi?id=150511
1428
1429         Reviewed by Saam Barati.
1430
1431         This change adds such a phase. In the process of writing it, I was reminded about the
1432         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
1433
1434         * JavaScriptCore.xcodeproj/project.pbxproj:
1435         * b3/air/AirAllocateStack.cpp:
1436         (JSC::B3::Air::allocateStack):
1437         * b3/air/AirGenerate.cpp:
1438         (JSC::B3::Air::generate):
1439         * b3/air/AirReportUsedRegisters.cpp: Added.
1440         (JSC::B3::Air::reportUsedRegisters):
1441         * b3/air/AirReportUsedRegisters.h: Added.
1442
1443 2015-10-31  Brian Burg  <bburg@apple.com>
1444
1445         Builtins generator should put WebCore-only wrappers in the per-builtin header
1446         https://bugs.webkit.org/show_bug.cgi?id=150539
1447
1448         Reviewed by Youenn Fablet.
1449
1450         If generating for WebCore, put the XXXWrapper and related boilerplate
1451         in the per-builtin header instead of making a separate XXXWrapper.h.
1452
1453         Rebaseline the tests.
1454
1455         * CMakeLists.txt:
1456         * DerivedSources.make:
1457         * Scripts/builtins/builtins.py:
1458         * Scripts/builtins/builtins_generate_separate_header.py:
1459         (BuiltinsSeparateHeaderGenerator.generate_output):
1460         (generate_header_includes):
1461         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
1462         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
1463         * Scripts/generate-js-builtins.py:
1464         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
1465         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
1466         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
1467         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
1468
1469 2015-10-31  Saam barati  <sbarati@apple.com>
1470
1471         JSC should have a forceGCSlowPaths option
1472         https://bugs.webkit.org/show_bug.cgi?id=150744
1473
1474         Reviewed by Filip Pizlo.
1475
1476         This patch implements the forceGCSlowPaths option.
1477         It defaults to false, but when it is set to true,
1478         the JITs will always allocate objects along the slow
1479         path. This will be helpful for writing a certain class
1480         of tests. This may also come in handy for debugging
1481         later.
1482
1483         This patch also adds the "forceGCSlowPaths" function
1484         in jsc.cpp which sets the option to true. If you
1485         use this function in a jsc stress test, it's best
1486         to call it as the first thing in the program before
1487         we JIT anything.
1488
1489         * dfg/DFGSpeculativeJIT.h:
1490         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
1491         * ftl/FTLLowerDFGToLLVM.cpp:
1492         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
1493         * jit/JITInlines.h:
1494         (JSC::JIT::emitAllocateJSObject):
1495         * jsc.cpp:
1496         (GlobalObject::finishCreation):
1497         (functionEdenGC):
1498         (functionForceGCSlowPaths):
1499         (functionHeapSize):
1500         * runtime/Options.h:
1501
1502 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
1503
1504         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
1505         https://bugs.webkit.org/show_bug.cgi?id=150753
1506
1507         Reviewed by Timothy Hatcher.
1508
1509         * parser/Parser.h:
1510         (JSC::Parser<LexerType>::parse):
1511         Only set the directives on the SourceProvider if we were parsing the
1512         entire file (Program or Module), not if we are in function parsing mode.
1513         This was inadvertently clearing the directives stored on the
1514         SourceProvider when the function parse didn't see directives and reset
1515         the values on the source provider.
1516
1517 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1518
1519         [JSC] Add lowering for B3's Sub operation with integers
1520         https://bugs.webkit.org/show_bug.cgi?id=150749
1521
1522         Reviewed by Filip Pizlo.
1523
1524         * b3/B3LowerToAir.cpp:
1525         (JSC::B3::Air::LowerToAir::trySub):
1526         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
1527         * b3/B3LoweringMatcher.patterns:
1528         Identical to Add but obviously NotCommutative.
1529
1530         * b3/B3ReduceStrength.cpp:
1531         Turn Add/Sub with zero into an identity. I only added for
1532         Add since Sub with a constant is always turned into an Add.
1533
1534         Also switched the Sub optimizations to put the strongest first.
1535
1536         * b3/air/AirOpcode.opcodes:
1537         * b3/testb3.cpp:
1538         (JSC::B3::testAddArgImm):
1539         (JSC::B3::testAddImmArg):
1540         (JSC::B3::testSubArgs):
1541         (JSC::B3::testSubArgImm):
1542         (JSC::B3::testSubImmArg):
1543         (JSC::B3::testSubArgs32):
1544         (JSC::B3::testSubArgImm32):
1545         (JSC::B3::testSubImmArg32):
1546         (JSC::B3::testStoreSubLoad):
1547         (JSC::B3::run):
1548
1549 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1550
1551         [JSC] Add the Air Opcode definitions to the Xcode project file
1552         https://bugs.webkit.org/show_bug.cgi?id=150701
1553
1554         Reviewed by Geoffrey Garen.
1555
1556         * JavaScriptCore.xcodeproj/project.pbxproj:
1557         Easier for those who use Xcode :)
1558
1559 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1560
1561         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
1562
1563         * b3/B3ValueRep.h:
1564
1565 2015-10-30  Michael Saboff  <msaboff@apple.com>
1566
1567         Windows X86-64 change for Crash making a tail call from a getter to a host function
1568         https://bugs.webkit.org/show_bug.cgi?id=150737
1569
1570         Reviewed by Geoffrey Garen.
1571
1572         Need to make the same change for Windows X86-64 as was made in change set
1573         http://trac.webkit.org/changeset/191765.
1574
1575         * jit/JITStubsMSVC64.asm:
1576
1577 2015-10-30  Keith Miller  <keith_miller@apple.com>
1578
1579         Unreviewed, forgot to mark tests as passing for new feature.
1580
1581         * tests/es6.yaml:
1582
1583 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1584
1585         B3 should be able to compile a control flow diamond
1586         https://bugs.webkit.org/show_bug.cgi?id=150720
1587
1588         Reviewed by Benjamin Poulain.
1589
1590         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
1591         comparisons and boolean-like operations.
1592
1593         * assembler/MacroAssembler.cpp:
1594         (WTF::printInternal):
1595         * assembler/MacroAssembler.h:
1596         * b3/B3BasicBlockUtils.h:
1597         (JSC::B3::replacePredecessor):
1598         (JSC::B3::resetReachability):
1599         * b3/B3CheckValue.h:
1600         * b3/B3Common.h:
1601         (JSC::B3::isRepresentableAsImpl):
1602         (JSC::B3::isRepresentableAs):
1603         * b3/B3Const32Value.cpp:
1604         (JSC::B3::Const32Value::subConstant):
1605         (JSC::B3::Const32Value::equalConstant):
1606         (JSC::B3::Const32Value::notEqualConstant):
1607         (JSC::B3::Const32Value::dumpMeta):
1608         * b3/B3Const32Value.h:
1609         * b3/B3Const64Value.cpp:
1610         (JSC::B3::Const64Value::subConstant):
1611         (JSC::B3::Const64Value::equalConstant):
1612         (JSC::B3::Const64Value::notEqualConstant):
1613         (JSC::B3::Const64Value::dumpMeta):
1614         * b3/B3Const64Value.h:
1615         * b3/B3ConstDoubleValue.cpp:
1616         (JSC::B3::ConstDoubleValue::subConstant):
1617         (JSC::B3::ConstDoubleValue::equalConstant):
1618         (JSC::B3::ConstDoubleValue::notEqualConstant):
1619         (JSC::B3::ConstDoubleValue::dumpMeta):
1620         * b3/B3ConstDoubleValue.h:
1621         * b3/B3ControlValue.cpp:
1622         (JSC::B3::ControlValue::~ControlValue):
1623         (JSC::B3::ControlValue::convertToJump):
1624         (JSC::B3::ControlValue::dumpMeta):
1625         * b3/B3ControlValue.h:
1626         * b3/B3LowerToAir.cpp:
1627         (JSC::B3::Air::LowerToAir::imm):
1628         (JSC::B3::Air::LowerToAir::tryStackSlot):
1629         (JSC::B3::Air::LowerToAir::tryUpsilon):
1630         (JSC::B3::Air::LowerToAir::tryPhi):
1631         (JSC::B3::Air::LowerToAir::tryBranch):
1632         (JSC::B3::Air::LowerToAir::tryJump):
1633         (JSC::B3::Air::LowerToAir::tryIdentity):
1634         * b3/B3LoweringMatcher.patterns:
1635         * b3/B3Opcode.h:
1636         * b3/B3Procedure.cpp:
1637         (JSC::B3::Procedure::resetReachability):
1638         (JSC::B3::Procedure::dump):
1639         * b3/B3ReduceStrength.cpp:
1640         * b3/B3UpsilonValue.cpp:
1641         (JSC::B3::UpsilonValue::dumpMeta):
1642         * b3/B3UpsilonValue.h:
1643         (JSC::B3::UpsilonValue::accepts): Deleted.
1644         (JSC::B3::UpsilonValue::phi): Deleted.
1645         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
1646         * b3/B3Validate.cpp:
1647         * b3/B3Value.cpp:
1648         (JSC::B3::Value::subConstant):
1649         (JSC::B3::Value::equalConstant):
1650         (JSC::B3::Value::notEqualConstant):
1651         (JSC::B3::Value::returnsBool):
1652         (JSC::B3::Value::asTriState):
1653         (JSC::B3::Value::effects):
1654         * b3/B3Value.h:
1655         * b3/B3ValueInlines.h:
1656         (JSC::B3::Value::asInt32):
1657         (JSC::B3::Value::isInt32):
1658         (JSC::B3::Value::hasInt64):
1659         (JSC::B3::Value::asInt64):
1660         (JSC::B3::Value::isInt64):
1661         (JSC::B3::Value::hasInt):
1662         (JSC::B3::Value::asIntPtr):
1663         (JSC::B3::Value::isIntPtr):
1664         (JSC::B3::Value::hasDouble):
1665         (JSC::B3::Value::asDouble):
1666         (JSC::B3::Value::isEqualToDouble):
1667         (JSC::B3::Value::hasNumber):
1668         (JSC::B3::Value::representableAs):
1669         (JSC::B3::Value::asNumber):
1670         (JSC::B3::Value::stackmap):
1671         * b3/air/AirArg.cpp:
1672         (JSC::B3::Air::Arg::dump):
1673         * b3/air/AirArg.h:
1674         (JSC::B3::Air::Arg::resCond):
1675         (JSC::B3::Air::Arg::doubleCond):
1676         (JSC::B3::Air::Arg::special):
1677         (JSC::B3::Air::Arg::isResCond):
1678         (JSC::B3::Air::Arg::isDoubleCond):
1679         (JSC::B3::Air::Arg::isSpecial):
1680         (JSC::B3::Air::Arg::isGP):
1681         (JSC::B3::Air::Arg::isFP):
1682         (JSC::B3::Air::Arg::asResultCondition):
1683         (JSC::B3::Air::Arg::asDoubleCondition):
1684         (JSC::B3::Air::Arg::Arg):
1685         * b3/air/AirCode.cpp:
1686         (JSC::B3::Air::Code::resetReachability):
1687         (JSC::B3::Air::Code::dump):
1688         * b3/air/AirOpcode.opcodes:
1689         * b3/air/opcode_generator.rb:
1690         * b3/testb3.cpp:
1691         (hiddenTruthBecauseNoReturnIsStupid):
1692         (usage):
1693         (JSC::B3::compile):
1694         (JSC::B3::invoke):
1695         (JSC::B3::compileAndRun):
1696         (JSC::B3::test42):
1697         (JSC::B3::testStoreLoadStackSlot):
1698         (JSC::B3::testBranch):
1699         (JSC::B3::testDiamond):
1700         (JSC::B3::testBranchNotEqual):
1701         (JSC::B3::testBranchFold):
1702         (JSC::B3::testDiamondFold):
1703         (JSC::B3::run):
1704         (run):
1705         (main):
1706
1707 2015-10-30  Keith Miller  <keith_miller@apple.com>
1708
1709         [ES6] Add support for toStringTag
1710         https://bugs.webkit.org/show_bug.cgi?id=150696
1711
1712         Reviewed by Geoffrey Garen.
1713
1714         This patch adds support for Symbol.toStringTag. This is a simple
1715         feature, if an object passed to Object.prototype.toString() has a
1716         toStringTag we use the tag in the string rather than the class info.
1717         Added a test that checks this works for all the default supported classes
1718         along with the corresponding prototype and custom cases.
1719
1720         * runtime/ArrayIteratorPrototype.cpp:
1721         (JSC::ArrayIteratorPrototype::finishCreation):
1722         * runtime/CommonIdentifiers.h:
1723         * runtime/JSArrayBufferPrototype.cpp:
1724         (JSC::JSArrayBufferPrototype::finishCreation):
1725         * runtime/JSDataViewPrototype.cpp:
1726         (JSC::JSDataViewPrototype::finishCreation):
1727         * runtime/JSDataViewPrototype.h:
1728         * runtime/JSModuleNamespaceObject.cpp:
1729         (JSC::JSModuleNamespaceObject::finishCreation):
1730         * runtime/JSONObject.cpp:
1731         (JSC::JSONObject::finishCreation):
1732         * runtime/JSPromisePrototype.cpp:
1733         (JSC::JSPromisePrototype::finishCreation):
1734         * runtime/JSTypedArrayViewPrototype.cpp:
1735         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1736         (JSC::JSTypedArrayViewPrototype::finishCreation):
1737         * runtime/MapIteratorPrototype.cpp:
1738         (JSC::MapIteratorPrototype::finishCreation):
1739         * runtime/MapPrototype.cpp:
1740         (JSC::MapPrototype::finishCreation):
1741         * runtime/MathObject.cpp:
1742         (JSC::MathObject::finishCreation):
1743         * runtime/ObjectPrototype.cpp:
1744         (JSC::objectProtoFuncToString):
1745         * runtime/SetIteratorPrototype.cpp:
1746         (JSC::SetIteratorPrototype::finishCreation):
1747         * runtime/SetPrototype.cpp:
1748         (JSC::SetPrototype::finishCreation):
1749         * runtime/SmallStrings.cpp:
1750         (JSC::SmallStrings::SmallStrings):
1751         (JSC::SmallStrings::initializeCommonStrings):
1752         (JSC::SmallStrings::visitStrongReferences):
1753         * runtime/SmallStrings.h:
1754         (JSC::SmallStrings::objectStringStart):
1755         * runtime/StringIteratorPrototype.cpp:
1756         (JSC::StringIteratorPrototype::finishCreation):
1757         * runtime/SymbolPrototype.cpp:
1758         (JSC::SymbolPrototype::finishCreation):
1759         * runtime/WeakMapPrototype.cpp:
1760         (JSC::WeakMapPrototype::finishCreation):
1761         * runtime/WeakSetPrototype.cpp:
1762         (JSC::WeakSetPrototype::finishCreation):
1763         * tests/modules/namespace.js:
1764         * tests/stress/symbol-tostringtag.js: Added.
1765         (toStr):
1766         (strName):
1767         (classes.string_appeared_here):
1768
1769 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1770
1771         Web Inspector: Do not show JavaScriptCore builtins in inspector
1772         https://bugs.webkit.org/show_bug.cgi?id=146049
1773
1774         Reviewed by Geoffrey Garen.
1775
1776         * debugger/Debugger.cpp:
1777         When gathering scripts to notify the inspector / debuggers about
1778         skip over sources containing host / built-in functions as those
1779         for those won't contain source code developers expect to see.
1780
1781 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1782
1783         Fix typo in "use strict" in TypedArray builtins
1784         https://bugs.webkit.org/show_bug.cgi?id=150709
1785
1786         Reviewed by Geoffrey Garen.
1787
1788         * builtins/TypedArray.prototype.js:
1789         (toLocaleString):
1790
1791 2015-10-29  Philippe Normand  <pnormand@igalia.com>
1792
1793         [GTK][Mac] disable OBJC JSC API
1794         https://bugs.webkit.org/show_bug.cgi?id=150500
1795
1796         Reviewed by Alex Christensen.
1797
1798         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
1799
1800 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1801
1802         Air::handleCalleeSaves shouldn't save/restore the frame pointer
1803         https://bugs.webkit.org/show_bug.cgi?id=150688
1804
1805         Reviewed by Michael Saboff.
1806
1807         We save/restore the FP inside Air::generate().
1808
1809         * b3/air/AirHandleCalleeSaves.cpp:
1810         (JSC::B3::Air::handleCalleeSaves):
1811
1812 2015-10-29  Michael Saboff  <msaboff@apple.com>
1813
1814         Crash making a tail call from a getter to a host function
1815         https://bugs.webkit.org/show_bug.cgi?id=150663
1816
1817         Reviewed by Geoffrey Garen.
1818
1819         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
1820         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
1821
1822         * jit/JITOperations.cpp:
1823
1824 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1825
1826         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
1827         https://bugs.webkit.org/show_bug.cgi?id=150685
1828
1829         Reviewed by Geoffrey Garen.
1830
1831         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
1832         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
1833         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
1834         requires fewer bits.
1835
1836         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
1837         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
1838         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
1839         helper should happily accept either Const32Value or Const64Value.
1840
1841         We already sort of had this with immAnyType(), but it just turns out that anyone using
1842         immAnyType() should really be using imm().
1843
1844         * b3/B3LowerToAir.cpp:
1845         (JSC::B3::Air::LowerToAir::imm):
1846         (JSC::B3::Air::LowerToAir::tryStore):
1847         (JSC::B3::Air::LowerToAir::tryConst64):
1848         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
1849         * b3/testb3.cpp:
1850         (JSC::B3::testAdd1):
1851         (JSC::B3::testAdd1Ptr):
1852         (JSC::B3::testStoreAddLoad):
1853         (JSC::B3::run):
1854
1855 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1856
1857         StoreOpLoad pattern matching should check effects between the Store and Load
1858         https://bugs.webkit.org/show_bug.cgi?id=150534
1859
1860         Reviewed by Geoffrey Garen.
1861
1862         If we turn:
1863
1864             a = Load(addr)
1865             b = Add(a, 42)
1866             Store(b, addr)
1867
1868         Into:
1869
1870             Add $42, (addr)
1871
1872         Then we must make sure that we didn't really have this to begin with:
1873
1874             a = Load(addr)
1875             Store(666, addr)
1876             b = Add(a, 42)
1877             Store(b, addr)
1878
1879         That's because pattern matching doesn't care about control flow, and it finds the Load
1880         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
1881         enough to broadly ask questions about whether such a code motion of the Load is legal.
1882
1883         * b3/B3Effects.cpp:
1884         (JSC::B3::Effects::interferes):
1885         (JSC::B3::Effects::dump):
1886         * b3/B3Effects.h:
1887         (JSC::B3::Effects::mustExecute):
1888         * b3/B3LowerToAir.cpp:
1889         (JSC::B3::Air::LowerToAir::run):
1890         (JSC::B3::Air::LowerToAir::commitInternal):
1891         (JSC::B3::Air::LowerToAir::crossesInterference):
1892         (JSC::B3::Air::LowerToAir::effectiveAddr):
1893         (JSC::B3::Air::LowerToAir::loadAddr):
1894         * b3/B3Procedure.cpp:
1895         (JSC::B3::Procedure::addBlock):
1896         (JSC::B3::Procedure::resetValueOwners):
1897         (JSC::B3::Procedure::resetReachability):
1898         * b3/B3Procedure.h:
1899         * b3/B3Value.cpp:
1900         (JSC::B3::Value::effects):
1901         * b3/B3Value.h:
1902         * b3/testb3.cpp:
1903         (JSC::B3::testStoreAddLoad):
1904         (JSC::B3::testStoreAddLoadInterference):
1905         (JSC::B3::testStoreAddAndLoad):
1906         (JSC::B3::testLoadOffsetUsingAdd):
1907         (JSC::B3::testLoadOffsetUsingAddInterference):
1908         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1909         (JSC::B3::run):
1910
1911 2015-10-29  Brady Eidson  <beidson@apple.com>
1912
1913         Modern IDB: deleteObjectStore support.
1914         https://bugs.webkit.org/show_bug.cgi?id=150673
1915
1916         Reviewed by Alex Christensen.
1917
1918         * runtime/VM.h:
1919
1920 2015-10-29  Mark Lam  <mark.lam@apple.com>
1921
1922         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
1923         https://bugs.webkit.org/show_bug.cgi?id=150687
1924
1925         Unreviewed.
1926
1927         Disabling the feature while it is being debugged.  I'm doing this by effectively
1928         rolling out only the changes in FTLCapabilities.cpp.
1929
1930         * ftl/FTLCapabilities.cpp:
1931         (JSC::FTL::canCompile):
1932
1933 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1934
1935         Unreviewed, fix iOS build.
1936
1937         * assembler/MacroAssemblerARM64.h:
1938         (JSC::MacroAssemblerARM64::store64):
1939
1940 2015-10-29  Alex Christensen  <achristensen@webkit.org>
1941
1942         Fix Mac CMake build
1943         https://bugs.webkit.org/show_bug.cgi?id=150686
1944
1945         Reviewed by Filip Pizlo.
1946
1947         * API/ObjCCallbackFunction.mm:
1948         * CMakeLists.txt:
1949         * PlatformMac.cmake:
1950
1951 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1952
1953         Air needs syntax for escaping StackSlots
1954         https://bugs.webkit.org/show_bug.cgi?id=150430
1955
1956         Reviewed by Geoffrey Garen.
1957
1958         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
1959         instruction for getting the value of an address. This is necessary to support arbitrary
1960         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
1961         this new instruction.
1962
1963         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
1964         would do: it evaluates an address, but does not load from it or store to it.
1965
1966         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
1967         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
1968         that StackSlots may escape, and factors this into its analysis.
1969
1970         * assembler/MacroAssembler.h:
1971         (JSC::MacroAssembler::lea):
1972         * b3/B3AddressMatcher.patterns:
1973         * b3/B3LowerToAir.cpp:
1974         (JSC::B3::Air::LowerToAir::run):
1975         (JSC::B3::Air::LowerToAir::addr):
1976         (JSC::B3::Air::LowerToAir::loadAddr):
1977         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1978         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
1979         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
1980         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1981         (JSC::B3::Air::LowerToAir::tryConst64):
1982         (JSC::B3::Air::LowerToAir::tryFramePointer):
1983         (JSC::B3::Air::LowerToAir::tryStackSlot):
1984         (JSC::B3::Air::LowerToAir::tryIdentity):
1985         * b3/B3LoweringMatcher.patterns:
1986         * b3/B3MemoryValue.cpp:
1987         (JSC::B3::MemoryValue::~MemoryValue):
1988         (JSC::B3::MemoryValue::accessByteSize):
1989         (JSC::B3::MemoryValue::dumpMeta):
1990         * b3/B3MemoryValue.h:
1991         * b3/B3ReduceStrength.cpp:
1992         * b3/B3StackSlotValue.h:
1993         (JSC::B3::StackSlotValue::accepts): Deleted.
1994         * b3/B3Type.h:
1995         (JSC::B3::pointerType):
1996         (JSC::B3::sizeofType):
1997         * b3/B3Validate.cpp:
1998         * b3/B3Value.h:
1999         * b3/air/AirAllocateStack.cpp:
2000         (JSC::B3::Air::allocateStack):
2001         * b3/air/AirArg.h:
2002         (JSC::B3::Air::Arg::isUse):
2003         (JSC::B3::Air::Arg::isDef):
2004         (JSC::B3::Air::Arg::forEachTmp):
2005         * b3/air/AirCode.cpp:
2006         (JSC::B3::Air::Code::addStackSlot):
2007         (JSC::B3::Air::Code::addSpecial):
2008         * b3/air/AirCode.h:
2009         * b3/air/AirOpcode.opcodes:
2010         * b3/air/AirSpillEverything.cpp:
2011         (JSC::B3::Air::spillEverything):
2012         * b3/air/AirStackSlot.h:
2013         (JSC::B3::Air::StackSlot::byteSize):
2014         (JSC::B3::Air::StackSlot::kind):
2015         (JSC::B3::Air::StackSlot::isLocked):
2016         (JSC::B3::Air::StackSlot::index):
2017         (JSC::B3::Air::StackSlot::alignment):
2018         * b3/air/opcode_generator.rb:
2019         * b3/testb3.cpp:
2020         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2021         (JSC::B3::testFramePointer):
2022         (JSC::B3::testStackSlot):
2023         (JSC::B3::testLoadFromFramePointer):
2024         (JSC::B3::testStoreLoadStackSlot):
2025         (JSC::B3::run):
2026
2027 2015-10-29  Saam barati  <sbarati@apple.com>
2028
2029         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
2030         https://bugs.webkit.org/show_bug.cgi?id=150655
2031
2032         Reviewed by Filip Pizlo.
2033
2034         We're recomputing this value for an *OSRExitDescriptor* for every one
2035         of its corresponding *OSRExits*. This is having a multiplicative
2036         effect on offsets because each computation is relative to the previous
2037         value. We must do this computation just once per OSRExitDescriptor.
2038
2039         * ftl/FTLCompile.cpp:
2040         (JSC::FTL::mmAllocateDataSection):
2041
2042 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2043
2044         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
2045         https://bugs.webkit.org/show_bug.cgi?id=150657
2046
2047         Reviewed by Geoffrey Garen.
2048
2049         Also added the ability to store an immediate to memory.
2050
2051         * assembler/MacroAssembler.h:
2052         (JSC::MacroAssembler::storePtr):
2053         * assembler/MacroAssemblerARM64.h:
2054         (JSC::MacroAssemblerARM64::store64):
2055         * assembler/MacroAssemblerX86_64.h:
2056         (JSC::MacroAssemblerX86_64::store64):
2057         * b3/B3LowerToAir.cpp:
2058         (JSC::B3::Air::LowerToAir::imm):
2059         (JSC::B3::Air::LowerToAir::immAnyInt):
2060         (JSC::B3::Air::LowerToAir::immOrTmp):
2061         (JSC::B3::Air::LowerToAir::tryStore):
2062         * b3/air/AirOpcode.opcodes:
2063         * b3/air/AirSpillEverything.cpp:
2064         (JSC::B3::Air::spillEverything):
2065         * b3/testb3.cpp:
2066         (JSC::B3::testStore):
2067         (JSC::B3::testStoreConstant):
2068         (JSC::B3::testStoreConstantPtr):
2069         (JSC::B3::testTrunc):
2070         (JSC::B3::run):
2071
2072 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2073
2074         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
2075         https://bugs.webkit.org/show_bug.cgi?id=150654
2076
2077         Reviewed by Geoffrey Garen.
2078
2079         * inspector/scripts/codegen/generator.py:
2080
2081 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2082
2083         B3::reduceStrength() should do DCE
2084         https://bugs.webkit.org/show_bug.cgi?id=150656
2085
2086         Reviewed by Saam Barati.
2087
2088         * b3/B3BasicBlock.cpp:
2089         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
2090         * b3/B3BasicBlock.h:
2091         * b3/B3Procedure.cpp:
2092         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
2093         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
2094         * b3/B3Procedure.h:
2095         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
2096         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2097         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2098         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
2099         (JSC::B3::Procedure::values):
2100         * b3/B3ProcedureInlines.h:
2101         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
2102         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
2103
2104 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2105
2106         Web Inspector: Remove unused / duplicate WebSocket timeline records
2107         https://bugs.webkit.org/show_bug.cgi?id=150647
2108
2109         Reviewed by Timothy Hatcher.
2110
2111         * inspector/protocol/Timeline.json:
2112
2113 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2114
2115         B3::LowerToAir should not duplicate Loads
2116         https://bugs.webkit.org/show_bug.cgi?id=150651
2117
2118         Reviewed by Benjamin Poulain.
2119
2120         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
2121         if we haven't already emitted code that uses the Value and the Value has only one direct
2122         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
2123         Value: we won't emit any more code for it in the future.
2124
2125         The optimization to fuse Loads was forgetting to do all of these things, and so generated
2126         code would have a lot of duplicated Loads. That's bad and this change fixes that.
2127
2128         Ordinarily, this is far less tricky because the pattern matcher does this for us via
2129         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
2130         won't need to do this manually very often.
2131
2132         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
2133         debug.
2134
2135         * b3/B3IndexMap.h:
2136         (JSC::B3::IndexMap::IndexMap):
2137         (JSC::B3::IndexMap::resize):
2138         (JSC::B3::IndexMap::operator[]):
2139         * b3/B3LowerToAir.cpp:
2140         (JSC::B3::Air::LowerToAir::tmp):
2141         (JSC::B3::Air::LowerToAir::canBeInternal):
2142         (JSC::B3::Air::LowerToAir::commitInternal):
2143         (JSC::B3::Air::LowerToAir::effectiveAddr):
2144         (JSC::B3::Air::LowerToAir::loadAddr):
2145         (JSC::B3::Air::LowerToAir::appendBinOp):
2146         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2147         (JSC::B3::Air::LowerToAir::acceptInternals):
2148         * b3/B3UseCounts.cpp:
2149         (JSC::B3::UseCounts::UseCounts):
2150
2151 2015-10-28  Mark Lam  <mark.lam@apple.com>
2152
2153         JITSubGenerator::generateFastPath() does not need to be inlined.
2154         https://bugs.webkit.org/show_bug.cgi?id=150645
2155
2156         Reviewed by Geoffrey Garen.
2157
2158         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
2159         perf neutral.
2160
2161         * CMakeLists.txt:
2162         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2163         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2164         * JavaScriptCore.xcodeproj/project.pbxproj:
2165         * ftl/FTLCompile.cpp:
2166         * jit/JITSubGenerator.cpp: Added.
2167         (JSC::JITSubGenerator::generateFastPath):
2168         * jit/JITSubGenerator.h:
2169         (JSC::JITSubGenerator::JITSubGenerator):
2170         (JSC::JITSubGenerator::endJumpList):
2171         (JSC::JITSubGenerator::slowPathJumpList):
2172         (JSC::JITSubGenerator::generateFastPath): Deleted.
2173
2174 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2175
2176         [B3] handleCommutativity should canonicalize commutative operations over non-constants
2177         https://bugs.webkit.org/show_bug.cgi?id=150649
2178
2179         Reviewed by Saam Barati.
2180
2181         Turn this: Add(value1, value2)
2182         Into this: Add(value2, value1)
2183
2184         But ony if value2 should come before value1 according to our total ordering. This will allow
2185         CSE to observe the equality between commuted versions of the same operation, since we will
2186         first canonicalize them into the same order.
2187
2188         * b3/B3ReduceStrength.cpp:
2189
2190 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2191
2192         Unreviewed, fix the build for case sensitive file systems.
2193
2194         * b3/air/AirBasicBlock.h:
2195         * b3/air/AirStackSlot.h:
2196
2197 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2198
2199         Create a super rough prototype of B3
2200         https://bugs.webkit.org/show_bug.cgi?id=150280
2201
2202         Reviewed by Benjamin Poulain.
2203
2204         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
2205         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
2206         for aggressive C-level optimizations and an awesome portable backend. The backend, called
2207         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
2208         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
2209         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
2210         instruction selection, reflectively selects Air opcodes by querying which instruction forms
2211         are possible. Air allows for optimal register allocation and stack layout. Currently the
2212         register allocator isn't written, but the stack layout is.
2213
2214         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
2215         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
2216         stuff added to the instruction selector. But it's a neat start.
2217
2218         * CMakeLists.txt:
2219         * DerivedSources.make:
2220         * JavaScriptCore.xcodeproj/project.pbxproj:
2221         * assembler/MacroAssembler.cpp:
2222         (WTF::printInternal):
2223         * assembler/MacroAssembler.h:
2224         * b3: Added.
2225         * b3/B3AddressMatcher.patterns: Added.
2226         * b3/B3ArgumentRegValue.cpp: Added.
2227         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
2228         (JSC::B3::ArgumentRegValue::dumpMeta):
2229         * b3/B3ArgumentRegValue.h: Added.
2230         * b3/B3BasicBlock.cpp: Added.
2231         (JSC::B3::BasicBlock::BasicBlock):
2232         (JSC::B3::BasicBlock::~BasicBlock):
2233         (JSC::B3::BasicBlock::append):
2234         (JSC::B3::BasicBlock::addPredecessor):
2235         (JSC::B3::BasicBlock::removePredecessor):
2236         (JSC::B3::BasicBlock::replacePredecessor):
2237         (JSC::B3::BasicBlock::removeNops):
2238         (JSC::B3::BasicBlock::dump):
2239         (JSC::B3::BasicBlock::deepDump):
2240         * b3/B3BasicBlock.h: Added.
2241         (JSC::B3::BasicBlock::index):
2242         (JSC::B3::BasicBlock::begin):
2243         (JSC::B3::BasicBlock::end):
2244         (JSC::B3::BasicBlock::size):
2245         (JSC::B3::BasicBlock::at):
2246         (JSC::B3::BasicBlock::last):
2247         (JSC::B3::BasicBlock::values):
2248         (JSC::B3::BasicBlock::numPredecessors):
2249         (JSC::B3::BasicBlock::predecessor):
2250         (JSC::B3::BasicBlock::predecessors):
2251         (JSC::B3::BasicBlock::frequency):
2252         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
2253         (JSC::B3::DeepBasicBlockDump::dump):
2254         (JSC::B3::deepDump):
2255         * b3/B3BasicBlockInlines.h: Added.
2256         (JSC::B3::BasicBlock::appendNew):
2257         (JSC::B3::BasicBlock::numSuccessors):
2258         (JSC::B3::BasicBlock::successor):
2259         (JSC::B3::BasicBlock::successors):
2260         (JSC::B3::BasicBlock::successorBlock):
2261         (JSC::B3::BasicBlock::successorBlocks):
2262         * b3/B3BasicBlockUtils.h: Added.
2263         (JSC::B3::addPredecessor):
2264         (JSC::B3::removePredecessor):
2265         (JSC::B3::replacePredecessor):
2266         (JSC::B3::resetReachability):
2267         (JSC::B3::blocksInPreOrder):
2268         (JSC::B3::blocksInPostOrder):
2269         * b3/B3BlockWorklist.h: Added.
2270         * b3/B3CheckSpecial.cpp: Added.
2271         (JSC::B3::Air::numB3Args):
2272         (JSC::B3::CheckSpecial::CheckSpecial):
2273         (JSC::B3::CheckSpecial::~CheckSpecial):
2274         (JSC::B3::CheckSpecial::hiddenBranch):
2275         (JSC::B3::CheckSpecial::forEachArg):
2276         (JSC::B3::CheckSpecial::isValid):
2277         (JSC::B3::CheckSpecial::admitsStack):
2278         (JSC::B3::CheckSpecial::generate):
2279         (JSC::B3::CheckSpecial::dumpImpl):
2280         (JSC::B3::CheckSpecial::deepDumpImpl):
2281         * b3/B3CheckSpecial.h: Added.
2282         * b3/B3CheckValue.cpp: Added.
2283         (JSC::B3::CheckValue::~CheckValue):
2284         (JSC::B3::CheckValue::dumpMeta):
2285         * b3/B3CheckValue.h: Added.
2286         * b3/B3Common.cpp: Added.
2287         (JSC::B3::shouldDumpIR):
2288         (JSC::B3::shouldDumpIRAtEachPhase):
2289         (JSC::B3::shouldValidateIR):
2290         (JSC::B3::shouldValidateIRAtEachPhase):
2291         (JSC::B3::shouldSaveIRBeforePhase):
2292         * b3/B3Common.h: Added.
2293         (JSC::B3::is64Bit):
2294         (JSC::B3::is32Bit):
2295         * b3/B3Commutativity.cpp: Added.
2296         (WTF::printInternal):
2297         * b3/B3Commutativity.h: Added.
2298         * b3/B3Const32Value.cpp: Added.
2299         (JSC::B3::Const32Value::~Const32Value):
2300         (JSC::B3::Const32Value::negConstant):
2301         (JSC::B3::Const32Value::addConstant):
2302         (JSC::B3::Const32Value::subConstant):
2303         (JSC::B3::Const32Value::dumpMeta):
2304         * b3/B3Const32Value.h: Added.
2305         * b3/B3Const64Value.cpp: Added.
2306         (JSC::B3::Const64Value::~Const64Value):
2307         (JSC::B3::Const64Value::negConstant):
2308         (JSC::B3::Const64Value::addConstant):
2309         (JSC::B3::Const64Value::subConstant):
2310         (JSC::B3::Const64Value::dumpMeta):
2311         * b3/B3Const64Value.h: Added.
2312         * b3/B3ConstDoubleValue.cpp: Added.
2313         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
2314         (JSC::B3::ConstDoubleValue::negConstant):
2315         (JSC::B3::ConstDoubleValue::addConstant):
2316         (JSC::B3::ConstDoubleValue::subConstant):
2317         (JSC::B3::ConstDoubleValue::dumpMeta):
2318         * b3/B3ConstDoubleValue.h: Added.
2319         (JSC::B3::ConstDoubleValue::accepts):
2320         (JSC::B3::ConstDoubleValue::value):
2321         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
2322         * b3/B3ConstPtrValue.h: Added.
2323         (JSC::B3::ConstPtrValue::value):
2324         (JSC::B3::ConstPtrValue::ConstPtrValue):
2325         * b3/B3ControlValue.cpp: Added.
2326         (JSC::B3::ControlValue::~ControlValue):
2327         (JSC::B3::ControlValue::dumpMeta):
2328         * b3/B3ControlValue.h: Added.
2329         * b3/B3Effects.cpp: Added.
2330         (JSC::B3::Effects::dump):
2331         * b3/B3Effects.h: Added.
2332         (JSC::B3::Effects::mustExecute):
2333         * b3/B3FrequencyClass.cpp: Added.
2334         (WTF::printInternal):
2335         * b3/B3FrequencyClass.h: Added.
2336         * b3/B3FrequentedBlock.h: Added.
2337         * b3/B3Generate.cpp: Added.
2338         (JSC::B3::generate):
2339         (JSC::B3::generateToAir):
2340         * b3/B3Generate.h: Added.
2341         * b3/B3GenericFrequentedBlock.h: Added.
2342         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
2343         (JSC::B3::GenericFrequentedBlock::operator==):
2344         (JSC::B3::GenericFrequentedBlock::operator!=):
2345         (JSC::B3::GenericFrequentedBlock::operator bool):
2346         (JSC::B3::GenericFrequentedBlock::block):
2347         (JSC::B3::GenericFrequentedBlock::frequency):
2348         (JSC::B3::GenericFrequentedBlock::dump):
2349         * b3/B3HeapRange.cpp: Added.
2350         (JSC::B3::HeapRange::dump):
2351         * b3/B3HeapRange.h: Added.
2352         (JSC::B3::HeapRange::HeapRange):
2353         (JSC::B3::HeapRange::top):
2354         (JSC::B3::HeapRange::operator==):
2355         (JSC::B3::HeapRange::operator!=):
2356         (JSC::B3::HeapRange::operator bool):
2357         (JSC::B3::HeapRange::begin):
2358         (JSC::B3::HeapRange::end):
2359         (JSC::B3::HeapRange::overlaps):
2360         * b3/B3IndexMap.h: Added.
2361         (JSC::B3::IndexMap::IndexMap):
2362         (JSC::B3::IndexMap::resize):
2363         (JSC::B3::IndexMap::operator[]):
2364         * b3/B3IndexSet.h: Added.
2365         (JSC::B3::IndexSet::IndexSet):
2366         (JSC::B3::IndexSet::add):
2367         (JSC::B3::IndexSet::contains):
2368         (JSC::B3::IndexSet::Iterable::Iterable):
2369         (JSC::B3::IndexSet::Iterable::iterator::iterator):
2370         (JSC::B3::IndexSet::Iterable::iterator::operator*):
2371         (JSC::B3::IndexSet::Iterable::iterator::operator++):
2372         (JSC::B3::IndexSet::Iterable::iterator::operator==):
2373         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
2374         (JSC::B3::IndexSet::Iterable::begin):
2375         (JSC::B3::IndexSet::Iterable::end):
2376         (JSC::B3::IndexSet::values):
2377         (JSC::B3::IndexSet::indices):
2378         (JSC::B3::IndexSet::dump):
2379         * b3/B3InsertionSet.cpp: Added.
2380         (JSC::B3::InsertionSet::execute):
2381         * b3/B3InsertionSet.h: Added.
2382         (JSC::B3::InsertionSet::InsertionSet):
2383         (JSC::B3::InsertionSet::code):
2384         (JSC::B3::InsertionSet::appendInsertion):
2385         (JSC::B3::InsertionSet::insertValue):
2386         * b3/B3InsertionSetInlines.h: Added.
2387         (JSC::B3::InsertionSet::insert):
2388         * b3/B3LowerToAir.cpp: Added.
2389         (JSC::B3::Air::LowerToAir::LowerToAir):
2390         (JSC::B3::Air::LowerToAir::run):
2391         (JSC::B3::Air::LowerToAir::tmp):
2392         (JSC::B3::Air::LowerToAir::effectiveAddr):
2393         (JSC::B3::Air::LowerToAir::addr):
2394         (JSC::B3::Air::LowerToAir::loadAddr):
2395         (JSC::B3::Air::LowerToAir::imm):
2396         (JSC::B3::Air::LowerToAir::immOrTmp):
2397         (JSC::B3::Air::LowerToAir::appendBinOp):
2398         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2399         (JSC::B3::Air::LowerToAir::moveForType):
2400         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
2401         (JSC::B3::Air::LowerToAir::append):
2402         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
2403         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
2404         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
2405         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
2406         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
2407         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
2408         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
2409         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
2410         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
2411         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
2412         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
2413         (JSC::B3::Air::LowerToAir::acceptRoot):
2414         (JSC::B3::Air::LowerToAir::acceptRootLate):
2415         (JSC::B3::Air::LowerToAir::acceptInternals):
2416         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
2417         (JSC::B3::Air::LowerToAir::acceptOperands):
2418         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
2419         (JSC::B3::Air::LowerToAir::tryLoad):
2420         (JSC::B3::Air::LowerToAir::tryAdd):
2421         (JSC::B3::Air::LowerToAir::tryAnd):
2422         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
2423         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
2424         (JSC::B3::Air::LowerToAir::tryStore):
2425         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
2426         (JSC::B3::Air::LowerToAir::tryTrunc):
2427         (JSC::B3::Air::LowerToAir::tryArgumentReg):
2428         (JSC::B3::Air::LowerToAir::tryConst32):
2429         (JSC::B3::Air::LowerToAir::tryConst64):
2430         (JSC::B3::Air::LowerToAir::tryIdentity):
2431         (JSC::B3::Air::LowerToAir::tryReturn):
2432         (JSC::B3::lowerToAir):
2433         * b3/B3LowerToAir.h: Added.
2434         * b3/B3LoweringMatcher.patterns: Added.
2435         * b3/B3MemoryValue.cpp: Added.
2436         (JSC::B3::MemoryValue::~MemoryValue):
2437         (JSC::B3::MemoryValue::dumpMeta):
2438         * b3/B3MemoryValue.h: Added.
2439         * b3/B3Opcode.cpp: Added.
2440         (WTF::printInternal):
2441         * b3/B3Opcode.h: Added.
2442         (JSC::B3::isCheckMath):
2443         * b3/B3Origin.cpp: Added.
2444         (JSC::B3::Origin::dump):
2445         * b3/B3Origin.h: Added.
2446         (JSC::B3::Origin::Origin):
2447         (JSC::B3::Origin::operator bool):
2448         (JSC::B3::Origin::data):
2449         * b3/B3PatchpointSpecial.cpp: Added.
2450         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
2451         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
2452         (JSC::B3::PatchpointSpecial::forEachArg):
2453         (JSC::B3::PatchpointSpecial::isValid):
2454         (JSC::B3::PatchpointSpecial::admitsStack):
2455         (JSC::B3::PatchpointSpecial::generate):
2456         (JSC::B3::PatchpointSpecial::dumpImpl):
2457         (JSC::B3::PatchpointSpecial::deepDumpImpl):
2458         * b3/B3PatchpointSpecial.h: Added.
2459         * b3/B3PatchpointValue.cpp: Added.
2460         (JSC::B3::PatchpointValue::~PatchpointValue):
2461         (JSC::B3::PatchpointValue::dumpMeta):
2462         * b3/B3PatchpointValue.h: Added.
2463         (JSC::B3::PatchpointValue::accepts):
2464         (JSC::B3::PatchpointValue::PatchpointValue):
2465         * b3/B3PhaseScope.cpp: Added.
2466         (JSC::B3::PhaseScope::PhaseScope):
2467         (JSC::B3::PhaseScope::~PhaseScope):
2468         * b3/B3PhaseScope.h: Added.
2469         * b3/B3Procedure.cpp: Added.
2470         (JSC::B3::Procedure::Procedure):
2471         (JSC::B3::Procedure::~Procedure):
2472         (JSC::B3::Procedure::addBlock):
2473         (JSC::B3::Procedure::resetReachability):
2474         (JSC::B3::Procedure::dump):
2475         (JSC::B3::Procedure::blocksInPreOrder):
2476         (JSC::B3::Procedure::blocksInPostOrder):
2477         * b3/B3Procedure.h: Added.
2478         (JSC::B3::Procedure::size):
2479         (JSC::B3::Procedure::at):
2480         (JSC::B3::Procedure::operator[]):
2481         (JSC::B3::Procedure::iterator::iterator):
2482         (JSC::B3::Procedure::iterator::operator*):
2483         (JSC::B3::Procedure::iterator::operator++):
2484         (JSC::B3::Procedure::iterator::operator==):
2485         (JSC::B3::Procedure::iterator::operator!=):
2486         (JSC::B3::Procedure::iterator::findNext):
2487         (JSC::B3::Procedure::begin):
2488         (JSC::B3::Procedure::end):
2489         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
2490         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
2491         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
2492         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2493         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
2494         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2495         (JSC::B3::Procedure::ValuesCollection::begin):
2496         (JSC::B3::Procedure::ValuesCollection::end):
2497         (JSC::B3::Procedure::ValuesCollection::size):
2498         (JSC::B3::Procedure::ValuesCollection::at):
2499         (JSC::B3::Procedure::ValuesCollection::operator[]):
2500         (JSC::B3::Procedure::values):
2501         (JSC::B3::Procedure::setLastPhaseName):
2502         (JSC::B3::Procedure::lastPhaseName):
2503         * b3/B3ProcedureInlines.h: Added.
2504         (JSC::B3::Procedure::add):
2505         * b3/B3ReduceStrength.cpp: Added.
2506         (JSC::B3::reduceStrength):
2507         * b3/B3ReduceStrength.h: Added.
2508         * b3/B3StackSlotKind.cpp: Added.
2509         (WTF::printInternal):
2510         * b3/B3StackSlotKind.h: Added.
2511         * b3/B3StackSlotValue.cpp: Added.
2512         (JSC::B3::StackSlotValue::~StackSlotValue):
2513         (JSC::B3::StackSlotValue::dumpMeta):
2514         * b3/B3StackSlotValue.h: Added.
2515         (JSC::B3::StackSlotValue::accepts):
2516         (JSC::B3::StackSlotValue::byteSize):
2517         (JSC::B3::StackSlotValue::kind):
2518         (JSC::B3::StackSlotValue::offsetFromFP):
2519         (JSC::B3::StackSlotValue::setOffsetFromFP):
2520         (JSC::B3::StackSlotValue::StackSlotValue):
2521         * b3/B3Stackmap.cpp: Added.
2522         (JSC::B3::Stackmap::Stackmap):
2523         (JSC::B3::Stackmap::~Stackmap):
2524         (JSC::B3::Stackmap::dump):
2525         * b3/B3Stackmap.h: Added.
2526         (JSC::B3::Stackmap::constrain):
2527         (JSC::B3::Stackmap::reps):
2528         (JSC::B3::Stackmap::clobber):
2529         (JSC::B3::Stackmap::clobbered):
2530         (JSC::B3::Stackmap::setGenerator):
2531         * b3/B3StackmapSpecial.cpp: Added.
2532         (JSC::B3::StackmapSpecial::StackmapSpecial):
2533         (JSC::B3::StackmapSpecial::~StackmapSpecial):
2534         (JSC::B3::StackmapSpecial::reportUsedRegisters):
2535         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2536         (JSC::B3::StackmapSpecial::forEachArgImpl):
2537         (JSC::B3::StackmapSpecial::isValidImpl):
2538         (JSC::B3::StackmapSpecial::admitsStackImpl):
2539         (JSC::B3::StackmapSpecial::appendRepsImpl):
2540         (JSC::B3::StackmapSpecial::repForArg):
2541         * b3/B3StackmapSpecial.h: Added.
2542         * b3/B3SuccessorCollection.h: Added.
2543         (JSC::B3::SuccessorCollection::SuccessorCollection):
2544         (JSC::B3::SuccessorCollection::size):
2545         (JSC::B3::SuccessorCollection::at):
2546         (JSC::B3::SuccessorCollection::operator[]):
2547         (JSC::B3::SuccessorCollection::iterator::iterator):
2548         (JSC::B3::SuccessorCollection::iterator::operator*):
2549         (JSC::B3::SuccessorCollection::iterator::operator++):
2550         (JSC::B3::SuccessorCollection::iterator::operator==):
2551         (JSC::B3::SuccessorCollection::iterator::operator!=):
2552         (JSC::B3::SuccessorCollection::begin):
2553         (JSC::B3::SuccessorCollection::end):
2554         * b3/B3SwitchCase.cpp: Added.
2555         (JSC::B3::SwitchCase::dump):
2556         * b3/B3SwitchCase.h: Added.
2557         (JSC::B3::SwitchCase::SwitchCase):
2558         (JSC::B3::SwitchCase::operator bool):
2559         (JSC::B3::SwitchCase::caseValue):
2560         (JSC::B3::SwitchCase::target):
2561         (JSC::B3::SwitchCase::targetBlock):
2562         * b3/B3SwitchValue.cpp: Added.
2563         (JSC::B3::SwitchValue::~SwitchValue):
2564         (JSC::B3::SwitchValue::removeCase):
2565         (JSC::B3::SwitchValue::appendCase):
2566         (JSC::B3::SwitchValue::dumpMeta):
2567         (JSC::B3::SwitchValue::SwitchValue):
2568         * b3/B3SwitchValue.h: Added.
2569         (JSC::B3::SwitchValue::accepts):
2570         (JSC::B3::SwitchValue::numCaseValues):
2571         (JSC::B3::SwitchValue::caseValue):
2572         (JSC::B3::SwitchValue::caseValues):
2573         (JSC::B3::SwitchValue::fallThrough):
2574         (JSC::B3::SwitchValue::size):
2575         (JSC::B3::SwitchValue::at):
2576         (JSC::B3::SwitchValue::operator[]):
2577         (JSC::B3::SwitchValue::iterator::iterator):
2578         (JSC::B3::SwitchValue::iterator::operator*):
2579         (JSC::B3::SwitchValue::iterator::operator++):
2580         (JSC::B3::SwitchValue::iterator::operator==):
2581         (JSC::B3::SwitchValue::iterator::operator!=):
2582         (JSC::B3::SwitchValue::begin):
2583         (JSC::B3::SwitchValue::end):
2584         * b3/B3Type.cpp: Added.
2585         (WTF::printInternal):
2586         * b3/B3Type.h: Added.
2587         (JSC::B3::isInt):
2588         (JSC::B3::isFloat):
2589         (JSC::B3::pointerType):
2590         * b3/B3UpsilonValue.cpp: Added.
2591         (JSC::B3::UpsilonValue::~UpsilonValue):
2592         (JSC::B3::UpsilonValue::dumpMeta):
2593         * b3/B3UpsilonValue.h: Added.
2594         (JSC::B3::UpsilonValue::accepts):
2595         (JSC::B3::UpsilonValue::phi):
2596         (JSC::B3::UpsilonValue::UpsilonValue):
2597         * b3/B3UseCounts.cpp: Added.
2598         (JSC::B3::UseCounts::UseCounts):
2599         (JSC::B3::UseCounts::~UseCounts):
2600         * b3/B3UseCounts.h: Added.
2601         (JSC::B3::UseCounts::operator[]):
2602         * b3/B3Validate.cpp: Added.
2603         (JSC::B3::validate):
2604         * b3/B3Validate.h: Added.
2605         * b3/B3Value.cpp: Added.
2606         (JSC::B3::Value::~Value):
2607         (JSC::B3::Value::replaceWithIdentity):
2608         (JSC::B3::Value::replaceWithNop):
2609         (JSC::B3::Value::dump):
2610         (JSC::B3::Value::deepDump):
2611         (JSC::B3::Value::negConstant):
2612         (JSC::B3::Value::addConstant):
2613         (JSC::B3::Value::subConstant):
2614         (JSC::B3::Value::effects):
2615         (JSC::B3::Value::performSubstitution):
2616         (JSC::B3::Value::dumpMeta):
2617         (JSC::B3::Value::typeFor):
2618         * b3/B3Value.h: Added.
2619         (JSC::B3::DeepValueDump::DeepValueDump):
2620         (JSC::B3::DeepValueDump::dump):
2621         (JSC::B3::deepDump):
2622         * b3/B3ValueInlines.h: Added.
2623         (JSC::B3::Value::as):
2624         (JSC::B3::Value::isConstant):
2625         (JSC::B3::Value::hasInt32):
2626         (JSC::B3::Value::asInt32):
2627         (JSC::B3::Value::hasInt64):
2628         (JSC::B3::Value::asInt64):
2629         (JSC::B3::Value::hasInt):
2630         (JSC::B3::Value::asInt):
2631         (JSC::B3::Value::isInt):
2632         (JSC::B3::Value::hasIntPtr):
2633         (JSC::B3::Value::asIntPtr):
2634         (JSC::B3::Value::hasDouble):
2635         (JSC::B3::Value::asDouble):
2636         (JSC::B3::Value::stackmap):
2637         * b3/B3ValueRep.cpp: Added.
2638         (JSC::B3::ValueRep::dump):
2639         (WTF::printInternal):
2640         * b3/B3ValueRep.h: Added.
2641         (JSC::B3::ValueRep::ValueRep):
2642         (JSC::B3::ValueRep::reg):
2643         (JSC::B3::ValueRep::stack):
2644         (JSC::B3::ValueRep::stackArgument):
2645         (JSC::B3::ValueRep::constant):
2646         (JSC::B3::ValueRep::constantDouble):
2647         (JSC::B3::ValueRep::kind):
2648         (JSC::B3::ValueRep::operator bool):
2649         (JSC::B3::ValueRep::offsetFromFP):
2650         (JSC::B3::ValueRep::offsetFromSP):
2651         (JSC::B3::ValueRep::value):
2652         (JSC::B3::ValueRep::doubleValue):
2653         * b3/air: Added.
2654         * b3/air/AirAllocateStack.cpp: Added.
2655         (JSC::B3::Air::allocateStack):
2656         * b3/air/AirAllocateStack.h: Added.
2657         * b3/air/AirArg.cpp: Added.
2658         (JSC::B3::Air::Arg::dump):
2659         * b3/air/AirArg.h: Added.
2660         (JSC::B3::Air::Arg::isUse):
2661         (JSC::B3::Air::Arg::isDef):
2662         (JSC::B3::Air::Arg::typeForB3Type):
2663         (JSC::B3::Air::Arg::Arg):
2664         (JSC::B3::Air::Arg::imm):
2665         (JSC::B3::Air::Arg::imm64):
2666         (JSC::B3::Air::Arg::addr):
2667         (JSC::B3::Air::Arg::stack):
2668         (JSC::B3::Air::Arg::callArg):
2669         (JSC::B3::Air::Arg::isValidScale):
2670         (JSC::B3::Air::Arg::logScale):
2671         (JSC::B3::Air::Arg::index):
2672         (JSC::B3::Air::Arg::relCond):
2673         (JSC::B3::Air::Arg::resCond):
2674         (JSC::B3::Air::Arg::special):
2675         (JSC::B3::Air::Arg::operator==):
2676         (JSC::B3::Air::Arg::operator!=):
2677         (JSC::B3::Air::Arg::operator bool):
2678         (JSC::B3::Air::Arg::kind):
2679         (JSC::B3::Air::Arg::isTmp):
2680         (JSC::B3::Air::Arg::isImm):
2681         (JSC::B3::Air::Arg::isImm64):
2682         (JSC::B3::Air::Arg::isAddr):
2683         (JSC::B3::Air::Arg::isStack):
2684         (JSC::B3::Air::Arg::isCallArg):
2685         (JSC::B3::Air::Arg::isIndex):
2686         (JSC::B3::Air::Arg::isRelCond):
2687         (JSC::B3::Air::Arg::isResCond):
2688         (JSC::B3::Air::Arg::isSpecial):
2689         (JSC::B3::Air::Arg::isAlive):
2690         (JSC::B3::Air::Arg::tmp):
2691         (JSC::B3::Air::Arg::value):
2692         (JSC::B3::Air::Arg::pointerValue):
2693         (JSC::B3::Air::Arg::base):
2694         (JSC::B3::Air::Arg::hasOffset):
2695         (JSC::B3::Air::Arg::offset):
2696         (JSC::B3::Air::Arg::stackSlot):
2697         (JSC::B3::Air::Arg::scale):
2698         (JSC::B3::Air::Arg::isGPTmp):
2699         (JSC::B3::Air::Arg::isFPTmp):
2700         (JSC::B3::Air::Arg::isGP):
2701         (JSC::B3::Air::Arg::isFP):
2702         (JSC::B3::Air::Arg::hasType):
2703         (JSC::B3::Air::Arg::type):
2704         (JSC::B3::Air::Arg::isType):
2705         (JSC::B3::Air::Arg::isGPR):
2706         (JSC::B3::Air::Arg::gpr):
2707         (JSC::B3::Air::Arg::isFPR):
2708         (JSC::B3::Air::Arg::fpr):
2709         (JSC::B3::Air::Arg::isReg):
2710         (JSC::B3::Air::Arg::reg):
2711         (JSC::B3::Air::Arg::gpTmpIndex):
2712         (JSC::B3::Air::Arg::fpTmpIndex):
2713         (JSC::B3::Air::Arg::tmpIndex):
2714         (JSC::B3::Air::Arg::withOffset):
2715         (JSC::B3::Air::Arg::forEachTmpFast):
2716         (JSC::B3::Air::Arg::forEachTmp):
2717         (JSC::B3::Air::Arg::asTrustedImm32):
2718         (JSC::B3::Air::Arg::asTrustedImm64):
2719         (JSC::B3::Air::Arg::asTrustedImmPtr):
2720         (JSC::B3::Air::Arg::asAddress):
2721         (JSC::B3::Air::Arg::asBaseIndex):
2722         (JSC::B3::Air::Arg::asRelationalCondition):
2723         (JSC::B3::Air::Arg::asResultCondition):
2724         (JSC::B3::Air::Arg::isHashTableDeletedValue):
2725         (JSC::B3::Air::Arg::hash):
2726         (JSC::B3::Air::ArgHash::hash):
2727         (JSC::B3::Air::ArgHash::equal):
2728         * b3/air/AirBasicBlock.cpp: Added.
2729         (JSC::B3::Air::BasicBlock::addPredecessor):
2730         (JSC::B3::Air::BasicBlock::removePredecessor):
2731         (JSC::B3::Air::BasicBlock::replacePredecessor):
2732         (JSC::B3::Air::BasicBlock::dump):
2733         (JSC::B3::Air::BasicBlock::deepDump):
2734         (JSC::B3::Air::BasicBlock::BasicBlock):
2735         * b3/air/AirBasicBlock.h: Added.
2736         (JSC::B3::Air::BasicBlock::index):
2737         (JSC::B3::Air::BasicBlock::size):
2738         (JSC::B3::Air::BasicBlock::begin):
2739         (JSC::B3::Air::BasicBlock::end):
2740         (JSC::B3::Air::BasicBlock::at):
2741         (JSC::B3::Air::BasicBlock::last):
2742         (JSC::B3::Air::BasicBlock::appendInst):
2743         (JSC::B3::Air::BasicBlock::append):
2744         (JSC::B3::Air::BasicBlock::numSuccessors):
2745         (JSC::B3::Air::BasicBlock::successor):
2746         (JSC::B3::Air::BasicBlock::successors):
2747         (JSC::B3::Air::BasicBlock::successorBlock):
2748         (JSC::B3::Air::BasicBlock::successorBlocks):
2749         (JSC::B3::Air::BasicBlock::numPredecessors):
2750         (JSC::B3::Air::BasicBlock::predecessor):
2751         (JSC::B3::Air::BasicBlock::predecessors):
2752         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
2753         (JSC::B3::Air::DeepBasicBlockDump::dump):
2754         (JSC::B3::Air::deepDump):
2755         * b3/air/AirCCallSpecial.cpp: Added.
2756         (JSC::B3::Air::CCallSpecial::CCallSpecial):
2757         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
2758         (JSC::B3::Air::CCallSpecial::forEachArg):
2759         (JSC::B3::Air::CCallSpecial::isValid):
2760         (JSC::B3::Air::CCallSpecial::admitsStack):
2761         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
2762         (JSC::B3::Air::CCallSpecial::generate):
2763         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2764         (JSC::B3::Air::CCallSpecial::dumpImpl):
2765         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
2766         * b3/air/AirCCallSpecial.h: Added.
2767         * b3/air/AirCode.cpp: Added.
2768         (JSC::B3::Air::Code::Code):
2769         (JSC::B3::Air::Code::~Code):
2770         (JSC::B3::Air::Code::addBlock):
2771         (JSC::B3::Air::Code::addStackSlot):
2772         (JSC::B3::Air::Code::addSpecial):
2773         (JSC::B3::Air::Code::cCallSpecial):
2774         (JSC::B3::Air::Code::resetReachability):
2775         (JSC::B3::Air::Code::dump):
2776         (JSC::B3::Air::Code::findFirstBlockIndex):
2777         (JSC::B3::Air::Code::findNextBlockIndex):
2778         (JSC::B3::Air::Code::findNextBlock):
2779         * b3/air/AirCode.h: Added.
2780         (JSC::B3::Air::Code::newTmp):
2781         (JSC::B3::Air::Code::numTmps):
2782         (JSC::B3::Air::Code::callArgAreaSize):
2783         (JSC::B3::Air::Code::requestCallArgAreaSize):
2784         (JSC::B3::Air::Code::frameSize):
2785         (JSC::B3::Air::Code::setFrameSize):
2786         (JSC::B3::Air::Code::calleeSaveRegisters):
2787         (JSC::B3::Air::Code::size):
2788         (JSC::B3::Air::Code::at):
2789         (JSC::B3::Air::Code::operator[]):
2790         (JSC::B3::Air::Code::iterator::iterator):
2791         (JSC::B3::Air::Code::iterator::operator*):
2792         (JSC::B3::Air::Code::iterator::operator++):
2793         (JSC::B3::Air::Code::iterator::operator==):
2794         (JSC::B3::Air::Code::iterator::operator!=):
2795         (JSC::B3::Air::Code::begin):
2796         (JSC::B3::Air::Code::end):
2797         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
2798         (JSC::B3::Air::Code::StackSlotsCollection::size):
2799         (JSC::B3::Air::Code::StackSlotsCollection::at):
2800         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
2801         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
2802         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
2803         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
2804         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
2805         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
2806         (JSC::B3::Air::Code::StackSlotsCollection::begin):
2807         (JSC::B3::Air::Code::StackSlotsCollection::end):
2808         (JSC::B3::Air::Code::stackSlots):
2809         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
2810         (JSC::B3::Air::Code::SpecialsCollection::size):
2811         (JSC::B3::Air::Code::SpecialsCollection::at):
2812         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
2813         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
2814         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
2815         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
2816         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
2817         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
2818         (JSC::B3::Air::Code::SpecialsCollection::begin):
2819         (JSC::B3::Air::Code::SpecialsCollection::end):
2820         (JSC::B3::Air::Code::specials):
2821         (JSC::B3::Air::Code::setLastPhaseName):
2822         (JSC::B3::Air::Code::lastPhaseName):
2823         * b3/air/AirFrequentedBlock.h: Added.
2824         * b3/air/AirGenerate.cpp: Added.
2825         (JSC::B3::Air::generate):
2826         * b3/air/AirGenerate.h: Added.
2827         * b3/air/AirGenerated.cpp: Added.
2828         * b3/air/AirGenerationContext.h: Added.
2829         * b3/air/AirHandleCalleeSaves.cpp: Added.
2830         (JSC::B3::Air::handleCalleeSaves):
2831         * b3/air/AirHandleCalleeSaves.h: Added.
2832         * b3/air/AirInsertionSet.cpp: Added.
2833         (JSC::B3::Air::InsertionSet::execute):
2834         * b3/air/AirInsertionSet.h: Added.
2835         (JSC::B3::Air::InsertionSet::InsertionSet):
2836         (JSC::B3::Air::InsertionSet::code):
2837         (JSC::B3::Air::InsertionSet::appendInsertion):
2838         (JSC::B3::Air::InsertionSet::insertInst):
2839         (JSC::B3::Air::InsertionSet::insert):
2840         * b3/air/AirInst.cpp: Added.
2841         (JSC::B3::Air::Inst::dump):
2842         * b3/air/AirInst.h: Added.
2843         (JSC::B3::Air::Inst::Inst):
2844         (JSC::B3::Air::Inst::opcode):
2845         (JSC::B3::Air::Inst::forEachTmpFast):
2846         (JSC::B3::Air::Inst::forEachTmp):
2847         * b3/air/AirInstInlines.h: Added.
2848         (JSC::B3::Air::ForEach<Tmp>::forEach):
2849         (JSC::B3::Air::ForEach<Arg>::forEach):
2850         (JSC::B3::Air::Inst::forEach):
2851         (JSC::B3::Air::Inst::hasSpecial):
2852         (JSC::B3::Air::Inst::extraClobberedRegs):
2853         (JSC::B3::Air::Inst::reportUsedRegisters):
2854         (JSC::B3::Air::isShiftValid):
2855         (JSC::B3::Air::isLshift32Valid):
2856         * b3/air/AirLiveness.h: Added.
2857         (JSC::B3::Air::Liveness::Liveness):
2858         (JSC::B3::Air::Liveness::liveAtHead):
2859         (JSC::B3::Air::Liveness::liveAtTail):
2860         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2861         (JSC::B3::Air::Liveness::LocalCalc::live):
2862         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
2863         (JSC::B3::Air::Liveness::LocalCalc::execute):
2864         * b3/air/AirOpcode.opcodes: Added.
2865         * b3/air/AirPhaseScope.cpp: Added.
2866         (JSC::B3::Air::PhaseScope::PhaseScope):
2867         (JSC::B3::Air::PhaseScope::~PhaseScope):
2868         * b3/air/AirPhaseScope.h: Added.
2869         * b3/air/AirRegisterPriority.cpp: Added.
2870         (JSC::B3::Air::gprsInPriorityOrder):
2871         (JSC::B3::Air::fprsInPriorityOrder):
2872         (JSC::B3::Air::regsInPriorityOrder):
2873         * b3/air/AirRegisterPriority.h: Added.
2874         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
2875         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
2876         (JSC::B3::Air::regsInPriorityOrder):
2877         * b3/air/AirSpecial.cpp: Added.
2878         (JSC::B3::Air::Special::Special):
2879         (JSC::B3::Air::Special::~Special):
2880         (JSC::B3::Air::Special::name):
2881         (JSC::B3::Air::Special::dump):
2882         (JSC::B3::Air::Special::deepDump):
2883         * b3/air/AirSpecial.h: Added.
2884         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
2885         (JSC::B3::Air::DeepSpecialDump::dump):
2886         (JSC::B3::Air::deepDump):
2887         * b3/air/AirSpillEverything.cpp: Added.
2888         (JSC::B3::Air::spillEverything):
2889         * b3/air/AirSpillEverything.h: Added.
2890         * b3/air/AirStackSlot.cpp: Added.
2891         (JSC::B3::Air::StackSlot::setOffsetFromFP):
2892         (JSC::B3::Air::StackSlot::dump):
2893         (JSC::B3::Air::StackSlot::deepDump):
2894         (JSC::B3::Air::StackSlot::StackSlot):
2895         * b3/air/AirStackSlot.h: Added.
2896         (JSC::B3::Air::StackSlot::byteSize):
2897         (JSC::B3::Air::StackSlot::kind):
2898         (JSC::B3::Air::StackSlot::index):
2899         (JSC::B3::Air::StackSlot::alignment):
2900         (JSC::B3::Air::StackSlot::value):
2901         (JSC::B3::Air::StackSlot::offsetFromFP):
2902         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
2903         (JSC::B3::Air::DeepStackSlotDump::dump):
2904         (JSC::B3::Air::deepDump):
2905         * b3/air/AirTmp.cpp: Added.
2906         (JSC::B3::Air::Tmp::dump):
2907         * b3/air/AirTmp.h: Added.
2908         (JSC::B3::Air::Tmp::Tmp):
2909         (JSC::B3::Air::Tmp::gpTmpForIndex):
2910         (JSC::B3::Air::Tmp::fpTmpForIndex):
2911         (JSC::B3::Air::Tmp::operator bool):
2912         (JSC::B3::Air::Tmp::isGP):
2913         (JSC::B3::Air::Tmp::isFP):
2914         (JSC::B3::Air::Tmp::isGPR):
2915         (JSC::B3::Air::Tmp::isFPR):
2916         (JSC::B3::Air::Tmp::isReg):
2917         (JSC::B3::Air::Tmp::gpr):
2918         (JSC::B3::Air::Tmp::fpr):
2919         (JSC::B3::Air::Tmp::reg):
2920         (JSC::B3::Air::Tmp::hasTmpIndex):
2921         (JSC::B3::Air::Tmp::gpTmpIndex):
2922         (JSC::B3::Air::Tmp::fpTmpIndex):
2923         (JSC::B3::Air::Tmp::tmpIndex):
2924         (JSC::B3::Air::Tmp::isAlive):
2925         (JSC::B3::Air::Tmp::operator==):
2926         (JSC::B3::Air::Tmp::operator!=):
2927         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
2928         (JSC::B3::Air::Tmp::hash):
2929         (JSC::B3::Air::Tmp::encodeGP):
2930         (JSC::B3::Air::Tmp::encodeFP):
2931         (JSC::B3::Air::Tmp::encodeGPR):
2932         (JSC::B3::Air::Tmp::encodeFPR):
2933         (JSC::B3::Air::Tmp::encodeGPTmp):
2934         (JSC::B3::Air::Tmp::encodeFPTmp):
2935         (JSC::B3::Air::Tmp::isEncodedGP):
2936         (JSC::B3::Air::Tmp::isEncodedFP):
2937         (JSC::B3::Air::Tmp::isEncodedGPR):
2938         (JSC::B3::Air::Tmp::isEncodedFPR):
2939         (JSC::B3::Air::Tmp::isEncodedGPTmp):
2940         (JSC::B3::Air::Tmp::isEncodedFPTmp):
2941         (JSC::B3::Air::Tmp::decodeGPR):
2942         (JSC::B3::Air::Tmp::decodeFPR):
2943         (JSC::B3::Air::Tmp::decodeGPTmp):
2944         (JSC::B3::Air::Tmp::decodeFPTmp):
2945         (JSC::B3::Air::TmpHash::hash):
2946         (JSC::B3::Air::TmpHash::equal):
2947         * b3/air/AirTmpInlines.h: Added.
2948         (JSC::B3::Air::Tmp::Tmp):
2949         * b3/air/AirValidate.cpp: Added.
2950         (JSC::B3::Air::validate):
2951         * b3/air/AirValidate.h: Added.
2952         * b3/air/opcode_generator.rb: Added.
2953         * b3/generate_pattern_matcher.rb: Added.
2954         * b3/testb3.cpp: Added.
2955         (JSC::B3::compileAndRun):
2956         (JSC::B3::test42):
2957         (JSC::B3::testLoad42):
2958         (JSC::B3::testArg):
2959         (JSC::B3::testAddArgs):
2960         (JSC::B3::testAddArgs32):
2961         (JSC::B3::testStore):
2962         (JSC::B3::testTrunc):
2963         (JSC::B3::testAdd1):
2964         (JSC::B3::testStoreAddLoad):
2965         (JSC::B3::testStoreAddAndLoad):
2966         (JSC::B3::testAdd1Uncommuted):
2967         (JSC::B3::testLoadOffset):
2968         (JSC::B3::testLoadOffsetNotConstant):
2969         (JSC::B3::testLoadOffsetUsingAdd):
2970         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2971         (JSC::B3::run):
2972         (run):
2973         (main):
2974         * bytecode/CodeBlock.h:
2975         (JSC::CodeBlock::specializationKind):
2976         * jit/Reg.h:
2977         (JSC::Reg::index):
2978         (JSC::Reg::isSet):
2979         (JSC::Reg::operator bool):
2980         (JSC::Reg::isHashTableDeletedValue):
2981         (JSC::Reg::AllRegsIterable::iterator::iterator):
2982         (JSC::Reg::AllRegsIterable::iterator::operator*):
2983         (JSC::Reg::AllRegsIterable::iterator::operator++):
2984         (JSC::Reg::AllRegsIterable::iterator::operator==):
2985         (JSC::Reg::AllRegsIterable::iterator::operator!=):
2986         (JSC::Reg::AllRegsIterable::begin):
2987         (JSC::Reg::AllRegsIterable::end):
2988         (JSC::Reg::all):
2989         (JSC::Reg::invalid):
2990         (JSC::Reg::operator!): Deleted.
2991         * jit/RegisterAtOffsetList.cpp:
2992         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
2993         * jit/RegisterAtOffsetList.h:
2994         (JSC::RegisterAtOffsetList::clear):
2995         (JSC::RegisterAtOffsetList::size):
2996         (JSC::RegisterAtOffsetList::begin):
2997         (JSC::RegisterAtOffsetList::end):
2998         * jit/RegisterSet.h:
2999         (JSC::RegisterSet::operator==):
3000         (JSC::RegisterSet::hash):
3001         (JSC::RegisterSet::forEach):
3002         (JSC::RegisterSet::setAny):
3003
3004 2015-10-28  Mark Lam  <mark.lam@apple.com>
3005
3006         Rename MacroAssembler::callProbe() to probe().
3007         https://bugs.webkit.org/show_bug.cgi?id=150641
3008
3009         Reviewed by Saam Barati.
3010
3011         To do this, I needed to disambiguate between the low-level probe() from the
3012         high-level version that takes a std::function.  I did this by changing the low-
3013         level version to not take default args anymore.
3014
3015         * assembler/AbstractMacroAssembler.h:
3016         * assembler/MacroAssembler.cpp:
3017         (JSC::stdFunctionCallback):
3018         (JSC::MacroAssembler::probe):
3019         (JSC::MacroAssembler::callProbe): Deleted.
3020         * assembler/MacroAssembler.h:
3021         (JSC::MacroAssembler::urshift32):
3022         * assembler/MacroAssemblerARM.h:
3023         (JSC::MacroAssemblerARM::repatchCall):
3024         * assembler/MacroAssemblerARM64.h:
3025         (JSC::MacroAssemblerARM64::repatchCall):
3026         * assembler/MacroAssemblerARMv7.h:
3027         (JSC::MacroAssemblerARMv7::repatchCall):
3028         * assembler/MacroAssemblerPrinter.h:
3029         (JSC::MacroAssemblerPrinter::print):
3030         * assembler/MacroAssemblerX86Common.h:
3031         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
3032
3033 2015-10-28  Timothy Hatcher  <timothy@apple.com>
3034
3035         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
3036         https://bugs.webkit.org/show_bug.cgi?id=148728
3037
3038         Reviewed by Joseph Pecoraro.
3039
3040         * Scripts/jsmin.py:
3041         (JavascriptMinify.minify): Make backtick a quoting character.
3042
3043 2015-10-28  Brian Burg  <bburg@apple.com>
3044
3045         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
3046         https://bugs.webkit.org/show_bug.cgi?id=150536
3047
3048         Reviewed by Yusuke Suzuki.
3049
3050         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
3051         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
3052
3053         Generate primary header includes separately from secondary header includes so we can
3054         put the guard between the two header groups, as is customary in WebKit C++ code.
3055
3056         New tests:
3057
3058         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
3059         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
3060         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
3061
3062         * Scripts/builtins/builtins_generate_combined_implementation.py:
3063         (BuiltinsCombinedImplementationGenerator.generate_output):
3064         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
3065         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
3066         * Scripts/builtins/builtins_generate_separate_header.py:
3067         (BuiltinsSeparateHeaderGenerator.generate_output):
3068         (generate_secondary_header_includes):
3069         (generate_header_includes): Deleted.
3070         * Scripts/builtins/builtins_generate_separate_implementation.py:
3071         (BuiltinsSeparateImplementationGenerator.generate_output):
3072         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
3073         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
3074         * Scripts/builtins/builtins_generate_separate_wrapper.py:
3075         (BuiltinsSeparateWrapperGenerator.generate_output):
3076         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
3077         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
3078         * Scripts/builtins/builtins_generator.py:
3079         (BuiltinsGenerator.generate_includes_from_entries):
3080         (BuiltinsGenerator):
3081         (BuiltinsGenerator.generate_primary_header_includes):
3082         * Scripts/builtins/builtins_model.py:
3083         (BuiltinObject.__init__):
3084         (BuiltinsCollection.parse_builtins_file):
3085         (BuiltinsCollection._parse_annotations):
3086         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
3087         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
3088         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
3089         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
3090         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
3091         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
3092         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
3093         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
3094         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
3095         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
3096         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
3097         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
3098         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
3099
3100 2015-10-28  Mark Lam  <mark.lam@apple.com>
3101
3102         Update FTL to support UntypedUse operands for op_sub.
3103         https://bugs.webkit.org/show_bug.cgi?id=150562
3104
3105         Reviewed by Geoffrey Garen.
3106
3107         * assembler/MacroAssemblerARM64.h:
3108         - make the dataTempRegister and memoryTempRegister public so that we can
3109           move input registers out of them if needed.
3110
3111         * ftl/FTLCapabilities.cpp:
3112         (JSC::FTL::canCompile):
3113         - We can now compile ArithSub.
3114
3115         * ftl/FTLCompile.cpp:
3116         - Added BinaryArithGenerationContext to shuffle registers into a state that is
3117           expected by the baseline snippet generator.  This includes:
3118           1. Making sure that the input and output registers are not in the tag or
3119              scratch registers.
3120           2. Loading the tag registers with expected values.
3121           3. Restoring the registers to their original value on return.
3122         - Added code to implement the ArithSub inline cache.
3123
3124         * ftl/FTLInlineCacheDescriptor.h:
3125         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
3126         (JSC::FTL::ArithSubDescriptor::leftType):
3127         (JSC::FTL::ArithSubDescriptor::rightType):
3128
3129         * ftl/FTLInlineCacheSize.cpp:
3130         (JSC::FTL::sizeOfArithSub):
3131         * ftl/FTLInlineCacheSize.h:
3132
3133         * ftl/FTLLowerDFGToLLVM.cpp:
3134         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
3135         - Added handling for UnusedType for the ArithSub case.
3136
3137         * ftl/FTLState.h:
3138         * jit/GPRInfo.h:
3139         (JSC::GPRInfo::reservedRegisters):
3140
3141         * jit/JITSubGenerator.h:
3142         (JSC::JITSubGenerator::generateFastPath):
3143         - When the result is in the same as one of the input registers, we'll end up
3144           corrupting the input in fast path even if we determine that we need to go to
3145           the slow path.  We now move the input into the scratch register and operate
3146           on that instead and only move the result into the result register only after
3147           the fast path has succeeded.
3148
3149         * tests/stress/op_sub.js:
3150         (o1.valueOf):
3151         (runTest):
3152         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
3153
3154 2015-10-28  Mark Lam  <mark.lam@apple.com>
3155
3156         Fix a typo in ProbeContext::fpr().
3157         https://bugs.webkit.org/show_bug.cgi?id=150629
3158
3159         Reviewed by Yusuke Suzuki.
3160
3161         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
3162
3163         * assembler/AbstractMacroAssembler.h:
3164         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
3165
3166 2015-10-28  Mark Lam  <mark.lam@apple.com>
3167
3168         Add ability to print the PC register from JIT'ed code.
3169         https://bugs.webkit.org/show_bug.cgi?id=150561
3170
3171         Reviewed by Geoffrey Garen.
3172
3173         * assembler/MacroAssemblerPrinter.cpp:
3174         (JSC::printPC):
3175         (JSC::MacroAssemblerPrinter::printCallback):
3176         * assembler/MacroAssemblerPrinter.h:
3177         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
3178
3179 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
3180
3181         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
3182         https://bugs.webkit.org/show_bug.cgi?id=150615
3183
3184         Reviewed by Timothy Hatcher.
3185
3186         * inspector/protocol/Timeline.json:
3187
3188 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
3189
3190         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
3191         https://bugs.webkit.org/show_bug.cgi?id=150605
3192
3193         Reviewed by Timothy Hatcher.
3194
3195         * inspector/protocol/Timeline.json:
3196
3197 2015-10-27  Michael Saboff  <msaboff@apple.com>
3198
3199         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
3200         https://bugs.webkit.org/show_bug.cgi?id=150580
3201
3202         Reviewed by Mark Lam.
3203
3204         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
3205         them in the shuffler.
3206
3207         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
3208         as we could be making space to spill a register so that we have a spare that we can use for the new
3209         frame's base pointer.
3210
3211         * ftl/FTLJSTailCall.cpp:
3212         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
3213         arguments stored in the stack.
3214         * ftl/FTLLowerDFGToLLVM.cpp:
3215         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
3216         * jit/CallFrameShuffler.cpp:
3217         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
3218
3219 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3220
3221         [ES6] Add DFG/FTL support for accessor put operations
3222         https://bugs.webkit.org/show_bug.cgi?id=148860
3223
3224         Reviewed by Geoffrey Garen.
3225
3226         This patch introduces accessor defining ops into DFG and FTL.
3227         The following DFG nodes are introduced.
3228
3229             op_put_getter_by_id  => PutGetterById
3230             op_put_setter_by_id  => PutSetterById
3231             op_put_getter_setter => PutGetterSetterById
3232             op_put_getter_by_val => PutGetterByVal
3233             op_put_setter_by_val => PutSetterByVal
3234
3235         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3236
3237         To use operations defined for baseline JIT, we clean up existing operations.
3238         And reuse these operations in DFG and FTL.
3239
3240         * dfg/DFGAbstractInterpreterInlines.h:
3241         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3242         * dfg/DFGByteCodeParser.cpp:
3243         (JSC::DFG::ByteCodeParser::parseBlock):
3244         * dfg/DFGCapabilities.cpp:
3245         (JSC::DFG::capabilityLevel):
3246         * dfg/DFGClobberize.h:
3247         (JSC::DFG::clobberize):
3248         * dfg/DFGDoesGC.cpp:
3249         (JSC::DFG::doesGC):
3250         * dfg/DFGFixupPhase.cpp:
3251         (JSC::DFG::FixupPhase::fixupNode):
3252         * dfg/DFGNode.h:
3253         (JSC::DFG::Node::hasIdentifier):
3254         (JSC::DFG::Node::hasAccessorAttributes):
3255         (JSC::DFG::Node::accessorAttributes):
3256         * dfg/DFGNodeType.h:
3257         * dfg/DFGPredictionPropagationPhase.cpp:
3258         (JSC::DFG::PredictionPropagationPhase::propagate):
3259         * dfg/DFGSafeToExecute.h:
3260         (JSC::DFG::safeToExecute):
3261         * dfg/DFGSpeculativeJIT.cpp:
3262         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3263         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3264         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3265         We should fill all GPRs before calling flushRegisters().
3266         * dfg/DFGSpeculativeJIT.h:
3267         (JSC::DFG::SpeculativeJIT::callOperation):
3268         * dfg/DFGSpeculativeJIT32_64.cpp:
3269         (JSC::DFG::SpeculativeJIT::compile):
3270         * dfg/DFGSpeculativeJIT64.cpp:
3271         (JSC::DFG::SpeculativeJIT::compile):
3272         * ftl/FTLCapabilities.cpp:
3273         (JSC::FTL::canCompile):
3274         * ftl/FTLIntrinsicRepository.h:
3275         * ftl/FTLLowerDFGToLLVM.cpp:
3276         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3277         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3278         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3279         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3280         * jit/JIT.h:
3281         * jit/JITInlines.h:
3282         (JSC::JIT::callOperation):
3283         * jit/JITOperations.cpp:
3284         * jit/JITOperations.h:
3285         * jit/JITPropertyAccess.cpp:
3286         (JSC::JIT::emit_op_put_getter_by_id):
3287         (JSC::JIT::emit_op_put_setter_by_id):
3288         (JSC::JIT::emit_op_put_getter_setter):
3289         * jit/JITPropertyAccess32_64.cpp:
3290         (JSC::JIT::emit_op_put_getter_by_id):
3291         (JSC::JIT::emit_op_put_setter_by_id):
3292         (JSC::JIT::emit_op_put_getter_setter):
3293         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3294         (shouldBe):
3295         (testAttribute):
3296         (getter.Cocoa.prototype.get hello):
3297         (getter.Cocoa):
3298         (getter):
3299         (setter.Cocoa):
3300         (setter.Cocoa.prototype.set hello):
3301         (setter):
3302         (accessors.Cocoa):
3303         (accessors.Cocoa.prototype.get hello):
3304         (accessors.Cocoa.prototype.set hello):
3305         (accessors):
3306         * tests/stress/dfg-put-accessors-by-id.js: Added.
3307         (shouldBe):
3308         (testAttribute):
3309         (getter.object.get hello):
3310         (getter):
3311         (setter.object.set hello):
3312         (setter):
3313         (accessors.object.get hello):
3314         (accessors.object.set hello):
3315         (accessors):
3316         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3317         (shouldBe):
3318         (testAttribute):
3319         (getter.Cocoa):
3320         (getter.Cocoa.prototype.get hello):
3321         (getter.Cocoa.prototype.get name):
3322         (getter):
3323         * tests/stress/dfg-put-getter-by-id.js: Added.
3324         (shouldBe):
3325         (testAttribute):
3326         (getter.object.get hello):
3327         (getter):
3328         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3329         (shouldBe):
3330         (testAttribute):
3331         (getter.Cocoa):
3332         (getter.Cocoa.prototype.get name):
3333         (getter):
3334         * tests/stress/dfg-put-getter-by-val.js: Added.
3335         (shouldBe):
3336         (testAttribute):
3337         (getter.object.get name):
3338         (getter):
3339         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3340         (shouldBe):
3341         (testAttribute):
3342         (getter.Cocoa):
3343         (getter.Cocoa.prototype.set hello):
3344         (getter.Cocoa.prototype.get name):
3345         (getter):
3346         * tests/stress/dfg-put-setter-by-id.js: Added.
3347         (shouldBe):
3348         (testAttribute):
3349         (setter.object.set hello):
3350         (setter):
3351         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3352         (shouldBe):
3353         (testAttribute):
3354         (setter.Cocoa):
3355         (setter.Cocoa.prototype.set name):
3356         (setter):
3357         * tests/stress/dfg-put-setter-by-val.js: Added.
3358         (shouldBe):
3359         (testAttribute):
3360         (setter.object.set name):
3361         (setter):
3362
3363 2015-10-26  Mark Lam  <mark.lam@apple.com>
3364
3365         Add logging to warn about under-estimated FTL inline cache sizes.
3366         https://bugs.webkit.org/show_bug.cgi?id=150570
3367
3368         Reviewed by Geoffrey Garen.
3369
3370         Added 2 options:
3371         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
3372            estimates that are less than the actual needed code size.
3373
3374            This option is useful for when we add a new IC and want to compute an
3375            estimated size for the IC.  To do this:
3376            1. Build jsc for the target port with a very small IC size (enough to
3377               store the jump instruction needed for the out of line fallback
3378               implementation).
3379            2. Implement a test suite with scenarios that exercise all the code paths in
3380               the IC generator.
3381            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.
3382            4. The max value reported by the dumps will be the worst case size needed to
3383               store the IC.  We should use this value for our estimate.
3384            5. Update the IC's estimated size and rebuild jsc.
3385            6. Re-run (3) and confirm that there are no more error messages about the
3386               IC sizing.
3387
3388         2. JSC_assertICSizing - same as JSC_dumpFailedICSizing except that it also
3389            crashes the VM each time it encounters an inadequate IC size estimate.
3390
3391            This option is useful for regression testing to ensure that our estimates
3392            do not regress.
3393
3394         * ftl/FTLCompile.cpp:
3395         (JSC::FTL::generateInlineIfPossibleOutOfLineIfNot):
3396         * runtime/Options.h:
3397
3398 2015-10-26  Saam barati  <sbarati@apple.com>