83b62b1d489659840aa5b1b6beca561e54055278
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-21  Csaba Osztrogonác  <ossy@webkit.org>
2
3         [ARM] Add missing MacroAssembler functions after r214187
4         https://bugs.webkit.org/show_bug.cgi?id=169912
5
6         Reviewed by Yusuke Suzuki.
7
8         * assembler/MacroAssemblerARM.h:
9         (JSC::MacroAssemblerARM::loadFloat):
10         (JSC::MacroAssemblerARM::storeFloat):
11
12 2017-03-21  Yusuke Suzuki  <utatane.tea@gmail.com>
13
14         [JSC] Optimize Number.prototype.toString on Int32 / Int52 / Double
15         https://bugs.webkit.org/show_bug.cgi?id=167454
16
17         Reviewed by Saam Barati.
18
19         This patch improves Number.toString(radix) performance
20         by introducing NumberToStringWithRadix DFG node. It directly
21         calls the operation and it always returns String.
22
23                                                        baseline                  patched
24
25             stanford-crypto-sha256-iterative        45.130+-0.928             44.032+-1.184           might be 1.0250x faster
26
27 2017-03-21  Yusuke Suzuki  <utatane.tea@gmail.com>
28
29         [JSC] Add JSPromiseDeferred::reject(ExecState*, Exception*) interface
30         https://bugs.webkit.org/show_bug.cgi?id=169908
31
32         Reviewed by Sam Weinig.
33
34         To avoid calling reject(ExecState*, JSValue) with Exception* accidentally,
35         we add a new interface reject(ExecState*, Exception*).
36         Such an interface is already added in DOMPromise in WebCore.
37
38         * runtime/JSInternalPromiseDeferred.cpp:
39         (JSC::JSInternalPromiseDeferred::reject):
40         * runtime/JSInternalPromiseDeferred.h:
41         * runtime/JSPromiseDeferred.cpp:
42         (JSC::JSPromiseDeferred::reject):
43         * runtime/JSPromiseDeferred.h:
44
45 2017-03-21  Zan Dobersek  <zdobersek@igalia.com>
46
47         [jsc] MacroAssemblerMIPS: implement the branchPtr(RelationalCondition, BaseIndex, RegisterID) overload.
48         https://bugs.webkit.org/show_bug.cgi?id=169717
49
50         Reviewed by Yusuke Suzuki.
51
52         * assembler/MacroAssembler.h: Expose branchPtr() on MIPS as well.
53         * assembler/MacroAssemblerMIPS.h:
54         (JSC::MacroAssemblerMIPS::branchPtr): Added.
55
56         * dfg/DFGAbstractInterpreterInlines.h:
57         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
58         * dfg/DFGByteCodeParser.cpp:
59         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
60         * dfg/DFGClobberize.h:
61         (JSC::DFG::clobberize):
62         * dfg/DFGDoesGC.cpp:
63         (JSC::DFG::doesGC):
64         * dfg/DFGFixupPhase.cpp:
65         (JSC::DFG::FixupPhase::fixupNode):
66         (JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):
67         * dfg/DFGNodeType.h:
68         * dfg/DFGOperations.cpp:
69         * dfg/DFGOperations.h:
70         * dfg/DFGPredictionPropagationPhase.cpp:
71         * dfg/DFGSafeToExecute.h:
72         (JSC::DFG::safeToExecute):
73         * dfg/DFGSpeculativeJIT.cpp:
74         (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructor):
75         (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnNumber):
76         (JSC::DFG::SpeculativeJIT::compileNumberToStringWithRadix):
77         (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnCell): Deleted.
78         * dfg/DFGSpeculativeJIT.h:
79         (JSC::DFG::SpeculativeJIT::callOperation):
80         * dfg/DFGSpeculativeJIT32_64.cpp:
81         (JSC::DFG::SpeculativeJIT::compile):
82         * dfg/DFGSpeculativeJIT64.cpp:
83         (JSC::DFG::SpeculativeJIT::compile):
84         * dfg/DFGStrengthReductionPhase.cpp:
85         (JSC::DFG::StrengthReductionPhase::handleNode):
86         * ftl/FTLCapabilities.cpp:
87         (JSC::FTL::canCompile):
88         * ftl/FTLLowerDFGToB3.cpp:
89         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
90         (JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructor):
91         (JSC::FTL::DFG::LowerDFGToB3::compileNumberToStringWithRadix):
92         * jit/CCallHelpers.h:
93         (JSC::CCallHelpers::setupArgumentsWithExecState):
94         * jit/JITOperations.h:
95         * runtime/Intrinsic.h:
96         * runtime/NumberPrototype.cpp:
97         (JSC::int52ToStringWithRadix):
98         (JSC::int32ToStringInternal):
99         (JSC::numberToStringInternal):
100         (JSC::int32ToString):
101         (JSC::int52ToString):
102         (JSC::numberToString):
103         (JSC::numberProtoFuncToString):
104         (JSC::integerValueToString): Deleted.
105         * runtime/NumberPrototype.h:
106         * runtime/StringPrototype.cpp:
107         (JSC::StringPrototype::finishCreation):
108
109 2017-03-20  Filip Pizlo  <fpizlo@apple.com>
110
111         Graph coloring should use coalescable moves when spilling
112         https://bugs.webkit.org/show_bug.cgi?id=169820
113
114         Reviewed by Michael Saboff.
115         
116         This makes our graph coloring register allocator use a new family of move instructions when
117         spilling both operands of the move. It's a three-operand move:
118         
119             Move (src), (dst), %scratch
120         
121         Previously, if both operands got spilled, we would emit a new instruction to load or store that
122         spill slot. But this made it hard for allocateStack to see that the two spill locations are
123         coalescable. This new kind of instruction makes it obvious that it's a coalescable move.
124         
125         This change implements the coalescing of spill slots inside allocateStack.
126         
127         This is an outrageous speed-up on the tsf_ir_speed benchmark from http://filpizlo.com/tsf/. This
128         is an interesting benchmark because it has a super ugly interpreter loop with ~20 live variables
129         carried around the loop back edge. This change makes that interpreter run 5x faster.
130         
131         This isn't a speed-up on any other benchmarks. It also doesn't regress anything. Compile time is
132         neither progressed or regressed, since the coalescing is super cheap, and this does not add any
133         significant new machinery to the register allocator (it's just a small change to spill codegen).
134         Overall on our wasm benchmarks, this is a 16% throughput progression.
135         
136         * assembler/MacroAssembler.h:
137         (JSC::MacroAssembler::move):
138         (JSC::MacroAssembler::move32):
139         (JSC::MacroAssembler::moveFloat):
140         (JSC::MacroAssembler::moveDouble):
141         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
142         (JSC::B3::Air::allocateRegistersByGraphColoring):
143         * b3/air/AirAllocateStack.cpp:
144         (JSC::B3::Air::allocateStack):
145         * b3/air/AirInst.cpp:
146         (JSC::B3::Air::Inst::hasEarlyDef):
147         (JSC::B3::Air::Inst::hasLateUseOrDef):
148         (JSC::B3::Air::Inst::needsPadding):
149         * b3/air/AirInst.h:
150         * b3/air/AirOpcode.opcodes:
151         * b3/air/AirPadInterference.cpp:
152         (JSC::B3::Air::padInterference):
153         * runtime/Options.h:
154
155 2017-03-19  Chris Dumez  <cdumez@apple.com>
156
157         `const location = "foo"` throws in a worker
158         https://bugs.webkit.org/show_bug.cgi?id=169839
159
160         Reviewed by Mark Lam.
161
162         Our HasRestrictedGlobalProperty check in JSC was slightly wrong, causing us
163         to sometimes throw a Syntax exception when we shouldn't when declaring a
164         const/let variable and sometimes not throw an exception when we should have.
165
166         This aligns our behavior with ES6, Firefox and Chrome.
167
168         * runtime/ProgramExecutable.cpp:
169         (JSC::hasRestrictedGlobalProperty):
170         (JSC::ProgramExecutable::initializeGlobalProperties):
171         Rewrite hasRestrictedGlobalProperty logic as per the EcmaScript spec:
172         - http://www.ecma-international.org/ecma-262/6.0/index.html#sec-hasproperty
173         In particular, they were 2 issues:
174         - We should throw a SyntaxError if hasProperty() returned true but getOwnProperty()
175           would fail to return a descriptor. This would happen for properties that are
176           not OWN properties, but defined somewhere in the prototype chain. The spec does
177           not say to use hasProperty(), only getOwnProperty() and says we should return
178           false if getOwnProperty() does not return a descriptor. This is what we do now.
179         - We would fail to throw when declaring a let/const variable that shadows an own
180           property whose value is undefined. This is because the previous code was
181           explicitly checking for this case. I believe this was a misinterpretation of
182           ES6 which says:
183           """
184           Let desc be O.[[GetOwnProperty]](P).
185           If desc is undefined, return false.
186           """
187           We should check that desc is undefined, not desc.value. This is now fixed.
188
189 2017-03-19  Yusuke Suzuki  <utatane.tea@gmail.com>
190
191         import(arg) crashes when ToString(arg) throws
192         https://bugs.webkit.org/show_bug.cgi?id=169778
193
194         Reviewed by Saam Barati.
195
196         JSPromiseDeferred should not be rejected with Exception*.
197
198         * runtime/JSGlobalObjectFunctions.cpp:
199         (JSC::globalFuncImportModule):
200
201 2017-03-18  Oleksandr Skachkov  <gskachkov@gmail.com>
202
203         [JSC] Remove unnecessary condition from needsDerivedConstructorInArrowFunctionLexicalEnvironment in BytecodeGenerator.cpp 
204         https://bugs.webkit.org/show_bug.cgi?id=169832
205
206         Reviewed by Mark Lam.
207
208         Remove already covered condition in needsDerivedConstructorInArrowFunctionLexicalEnvironment 
209         function. Condition isConstructor() && constructorKind() == ConstructorKind::Extends is already
210         isClassContext.
211
212          * bytecompiler/BytecodeGenerator.cpp:
213         (JSC::BytecodeGenerator::needsDerivedConstructorInArrowFunctionLexicalEnvironment):
214
215 2017-03-18  Chris Dumez  <cdumez@apple.com>
216
217         Allow setting the prototype of cross-origin objects, as long as they don't change
218         https://bugs.webkit.org/show_bug.cgi?id=169787
219
220         Reviewed by Mark Lam.
221
222         * runtime/JSGlobalObject.h:
223         Mark JS global object as an immutable prototype exotic object to match Window.
224
225         * runtime/JSObject.cpp:
226         (JSC::JSObject::setPrototypeWithCycleCheck):
227         Update setPrototypeWithCycleCheck() for immutable prototype exotic objects in order
228         to align with:
229         - https://tc39.github.io/ecma262/#sec-set-immutable-prototype
230
231         In particular, we need to call [[GetPrototypeOf]] and return true if it returns the same
232         value as the new prototype. We really need to call [[GetPrototypeOf]] and not merely
233         getting the prototype slot via getPrototypeDirect() since Location and Window override
234         [[GetPrototypeOf]] to return null in the cross-origin case.
235
236         * runtime/JSProxy.cpp:
237         (JSC::JSProxy::setPrototype):
238         Update JSProxy::setPrototype() to forward such calls to its target. This is needed so
239         we end up calling JSObject::setPrototypeWithCycleCheck() for the Window object.
240         Handling immutable prototype exotic objects in that method does the right thing for
241         Window.
242
243 2017-03-17  Michael Saboff  <msaboff@apple.com>
244
245         Use USE_INTERNAL_SDK to compute ENABLE_FAST_JIT_PERMISSIONS instead of HAVE_INTERNAL_SDK
246         https://bugs.webkit.org/show_bug.cgi?id=169817
247
248         Reviewed by Filip Pizlo.
249
250         * Configurations/FeatureDefines.xcconfig:
251
252 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
253
254         Air should be powerful enough to support Tmp-splitting
255         https://bugs.webkit.org/show_bug.cgi?id=169515
256
257         Reviewed by Saam Barati.
258         
259         In the process of implementing the Tmp-splitting optimization, I made some small
260         clean-ups. They don't affect anything - it's basically moving code around and adding
261         utility functions.
262
263         * CMakeLists.txt:
264         * JavaScriptCore.xcodeproj/project.pbxproj:
265         * assembler/LinkBuffer.cpp:
266         (JSC::LinkBuffer::allocate): testb3 was sometimes failing its checkDoesNotUseInstruction check because of uninitialized memory. This initializes the internal fragmentation slop of every JIT allocation.
267         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
268         * b3/air/AirAllocateRegistersByGraphColoring.h:
269         (JSC::B3::Air::useIRC): It's useful to be able to query which register allocator we're using.
270         * b3/air/AirArg.cpp:
271         (WTF::printInternal):
272         * b3/air/AirArg.h:
273         (JSC::B3::Air::Arg::temperature): The temperature of a role is a useful concept to have factored out.
274         * b3/air/AirBreakCriticalEdges.cpp: Added.
275         (JSC::B3::Air::breakCriticalEdges): I was surprised that we didn't have this already. It's a pretty fundamental CFG utility.
276         * b3/air/AirBreakCriticalEdges.h: Added.
277         * b3/air/AirGenerate.cpp:
278         * b3/air/AirInsertionSet.h: You can't use & if you want copy-constructibility, which seems to be a prerequisite to IndexMap<BasicBlock, InsertionSet>.
279         (JSC::B3::Air::InsertionSet::InsertionSet):
280         (JSC::B3::Air::InsertionSet::code):
281         * b3/air/AirLiveness.h: Teach Liveness to track only warm liveness.
282         (JSC::B3::Air::TmpLivenessAdapter::acceptsRole):
283         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole):
284         (JSC::B3::Air::RegLivenessAdapter::acceptsRole):
285         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
286         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute):
287
288 2017-03-16  Mark Lam  <mark.lam@apple.com>
289
290         Fix exception scope verification failures in GenericArgumentsInlines.h.
291         https://bugs.webkit.org/show_bug.cgi?id=165012
292
293         Reviewed by Saam Barati.
294
295         * runtime/GenericArgumentsInlines.h:
296         (JSC::GenericArguments<Type>::defineOwnProperty):
297
298 2017-03-16  Simon Fraser  <simon.fraser@apple.com>
299
300         Improve the system tracing points
301         https://bugs.webkit.org/show_bug.cgi?id=169790
302
303         Reviewed by Zalan Bujtas.
304
305         Use a more cohesive set of system trace points that give a good overview of what
306         WebKit is doing. Added points for resource loading, render tree building, sync messages
307         to the web process, async image decode, WASM and fetching cookies.
308
309         * wasm/WasmPlan.cpp:
310         (JSC::Wasm::Plan::run):
311         * wasm/js/WebAssemblyFunction.cpp:
312         (JSC::callWebAssemblyFunction):
313
314 2017-03-16  Mark Lam  <mark.lam@apple.com>
315
316         Array concat operation should check for length overflows.
317         https://bugs.webkit.org/show_bug.cgi?id=169796
318         <rdar://problem/31095276>
319
320         Reviewed by Keith Miller.
321
322         * runtime/ArrayPrototype.cpp:
323         (JSC::concatAppendOne):
324         (JSC::arrayProtoPrivateFuncConcatMemcpy):
325
326 2017-03-16  Mark Lam  <mark.lam@apple.com>
327
328         The new array with spread operation needs to check for length overflows.
329         https://bugs.webkit.org/show_bug.cgi?id=169780
330         <rdar://problem/31072182>
331
332         Reviewed by Filip Pizlo.
333
334         * dfg/DFGOperations.cpp:
335         * dfg/DFGSpeculativeJIT.cpp:
336         (JSC::DFG::SpeculativeJIT::compileNewArrayWithSpread):
337         * ftl/FTLLowerDFGToB3.cpp:
338         (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
339         * ftl/FTLOperations.cpp:
340         (JSC::FTL::operationMaterializeObjectInOSR):
341         * llint/LLIntSlowPaths.cpp:
342         * runtime/CommonSlowPaths.cpp:
343         (JSC::SLOW_PATH_DECL):
344         * runtime/JSGlobalObject.cpp:
345
346 2017-03-16  Filip Pizlo  <fpizlo@apple.com>
347
348         FTL should support global and eval code
349         https://bugs.webkit.org/show_bug.cgi?id=169656
350
351         Reviewed by Geoffrey Garen and Saam Barati.
352         
353         Turned off the restriction against global and eval code running in the FTL, and then fixed all of
354         the things that didn't work.
355         
356         This is a big speed-up on microbenchmarks that I wrote for this patch. One of the reasons why we
357         hadn't done this earlier is that we've never seen a benchmark that needed it. Global and eval
358         code rarely gets FTL-hot. Still, this seems like possibly a small JetStream speed-up.
359
360         * dfg/DFGJITCode.cpp:
361         (JSC::DFG::JITCode::setOSREntryBlock): I outlined this for better debugging.
362         * dfg/DFGJITCode.h:
363         (JSC::DFG::JITCode::setOSREntryBlock): Deleted.
364         * dfg/DFGNode.h:
365         (JSC::DFG::Node::isSemanticallySkippable): It turns out that global code often has InvalidationPoints before LoopHints. They are also skippable from the standpoint of OSR entrypoint analysis.
366         * dfg/DFGOperations.cpp: Don't do any normal compiles of global code - just do OSR compiles.
367         * ftl/FTLCapabilities.cpp: Enable FTL for global and eval code.
368         (JSC::FTL::canCompile):
369         * ftl/FTLCompile.cpp: Just debugging clean-ups.
370         (JSC::FTL::compile):
371         * ftl/FTLJITFinalizer.cpp: Implement finalize() and ensure that we only do things with the entrypoint buffer if we have one. We won't have one for eval code that we aren't OSR entering into.
372         (JSC::FTL::JITFinalizer::finalize):
373         (JSC::FTL::JITFinalizer::finalizeFunction):
374         (JSC::FTL::JITFinalizer::finalizeCommon):
375         * ftl/FTLJITFinalizer.h:
376         * ftl/FTLLink.cpp: When entering a function normally, we need the "entrypoint" to put the arity check code. Global and eval code don't need this.
377         (JSC::FTL::link):
378         * ftl/FTLOSREntry.cpp: Fix a dataLog statement.
379         (JSC::FTL::prepareOSREntry):
380         * ftl/FTLOSRExitCompiler.cpp: Remove dead code that happened to assert that we're exiting from a function.
381         (JSC::FTL::compileStub):
382
383 2017-03-16  Michael Saboff  <msaboff@apple.com>
384
385         WebAssembly: function-tests/load-offset.js fails on ARM64
386         https://bugs.webkit.org/show_bug.cgi?id=169724
387
388         Reviewed by Keith Miller.
389
390         We need to use the two source version of Add64 to create a Wasm address with the
391         other source the first child.
392
393         * b3/B3LowerToAir.cpp:
394         (JSC::B3::Air::LowerToAir::lower):
395
396 2017-03-16  Jon Lee  <jonlee@apple.com>
397
398         Add FIXMEs to update WebRTC
399         https://bugs.webkit.org/show_bug.cgi?id=169735
400
401         Reviewed by Youenn Fablet.
402
403         * runtime/CommonIdentifiers.h: Add RTCIceTransport.
404
405 2017-03-16  Yusuke Suzuki  <utatane.tea@gmail.com>
406
407         Unreviewed, copy m_numberOfArgumentsToSkip
408         https://bugs.webkit.org/show_bug.cgi?id=164582
409
410         * bytecode/CodeBlock.cpp:
411         (JSC::CodeBlock::CodeBlock):
412
413 2017-03-16  Yusuke Suzuki  <utatane.tea@gmail.com>
414
415         Unreviewed, fix numParameter() - 1 OSRExit materialization
416         https://bugs.webkit.org/show_bug.cgi?id=164582
417
418         When materializing rest parameters, we rely on that numParameter() - 1 equals to
419         the numberOfArgumentsToSkip. But this assumption is broken in r214029.
420
421         * bytecode/CodeBlock.cpp:
422         (JSC::CodeBlock::finishCreation):
423         * bytecode/CodeBlock.h:
424         (JSC::CodeBlock::numberOfArgumentsToSkip):
425         * ftl/FTLOperations.cpp:
426         (JSC::FTL::operationMaterializeObjectInOSR):
427
428 2017-03-16  Caio Lima  <ticaiolima@gmail.com>
429
430         [ESnext] Implement Object Spread
431         https://bugs.webkit.org/show_bug.cgi?id=167963
432
433         Reviewed by Yusuke Suzuki.
434
435         This patch implements ECMA262 stage 3 Object Spread proposal [1].
436         It's implemented using CopyDataProperties to copy all enumerable keys
437         from object being spreaded.
438
439         It's also fixing CopyDataProperties that was using
440         Object.getOwnPropertyNames to list all keys to be copied, and now is
441         using Relect.ownKeys.
442
443         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
444
445         * builtins/GlobalOperations.js:
446         (globalPrivate.copyDataProperties):
447         * bytecode/CodeBlock.cpp:
448         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
449         * bytecode/UnlinkedCodeBlock.h:
450         (JSC::UnlinkedCodeBlock::addSetConstant):
451         * bytecompiler/BytecodeGenerator.cpp:
452         (JSC::BytecodeGenerator::emitLoad):
453         * bytecompiler/BytecodeGenerator.h:
454         * bytecompiler/NodesCodegen.cpp:
455         (JSC::PropertyListNode::emitBytecode):
456         (JSC::ObjectPatternNode::bindValue):
457         (JSC::ObjectSpreadExpressionNode::emitBytecode):
458         * parser/ASTBuilder.h:
459         (JSC::ASTBuilder::createObjectSpreadExpression):
460         (JSC::ASTBuilder::createProperty):
461         * parser/NodeConstructors.h:
462         (JSC::PropertyNode::PropertyNode):
463         (JSC::ObjectSpreadExpressionNode::ObjectSpreadExpressionNode):
464         * parser/Nodes.h:
465         (JSC::ObjectSpreadExpressionNode::expression):
466         * parser/Parser.cpp:
467         (JSC::Parser<LexerType>::parseProperty):
468         * parser/SyntaxChecker.h:
469         (JSC::SyntaxChecker::createObjectSpreadExpression):
470         (JSC::SyntaxChecker::createProperty):
471         * runtime/JSGlobalObject.cpp:
472         (JSC::JSGlobalObject::init):
473         * runtime/JSGlobalObjectFunctions.cpp:
474         (JSC::privateToObject): Deleted.
475         * runtime/JSGlobalObjectFunctions.h:
476
477 2017-03-15  Yusuke Suzuki  <utatane.tea@gmail.com>
478
479         [JSC] Default parameter part should be retrieved by op_get_argument opcode instead of changing arity
480         https://bugs.webkit.org/show_bug.cgi?id=164582
481
482         Reviewed by Saam Barati.
483
484         Previously we implement the default parameters as follows.
485
486             1. We count the default parameters as the usual parameters.
487             2. We just get the argument register.
488             3. Check it with op_is_undefined.
489             4. And fill the binding with either the argument register or default value.
490
491         The above is simple. However, it has the side effect that it always increase the arity of the function.
492         While `function.length` does not increase, internally, the number of parameters of CodeBlock increases.
493         This effectively prevent our DFG / FTL to perform inlining: currently we only allows DFG to inline
494         the function with the arity less than or equal the number of passing arguments. It is OK. But when using
495         default parameters, we frequently do not pass the argument for the parameter with the default value.
496         Thus, in our current implementation, we frequently need to fixup the arity. And we frequently fail
497         to inline the function.
498
499         This patch fixes the above problem by not increasing the arity of the function. When we encounter the
500         parameter with the default value, we use `op_argument` to get the argument instead of using the argument
501         registers.
502
503         This improves six-speed defaults.es6 performance by 4.45x.
504
505             defaults.es6        968.4126+-101.2350   ^    217.6602+-14.8831       ^ definitely 4.4492x faster
506
507         * bytecode/UnlinkedFunctionExecutable.cpp:
508         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
509         * bytecode/UnlinkedFunctionExecutable.h:
510         * bytecompiler/BytecodeGenerator.cpp:
511         (JSC::BytecodeGenerator::BytecodeGenerator):
512         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
513         (JSC::BytecodeGenerator::initializeNextParameter):
514         (JSC::BytecodeGenerator::initializeParameters):
515         * bytecompiler/BytecodeGenerator.h:
516         * bytecompiler/NodesCodegen.cpp:
517         (JSC::FunctionNode::emitBytecode):
518         * dfg/DFGByteCodeParser.cpp:
519         (JSC::DFG::ByteCodeParser::inliningCost):
520         * parser/ASTBuilder.h:
521         (JSC::ASTBuilder::createFunctionMetadata):
522         * parser/Nodes.cpp:
523         (JSC::FunctionMetadataNode::FunctionMetadataNode):
524         * parser/Nodes.h:
525         (JSC::FunctionParameters::size):
526         (JSC::FunctionParameters::at):
527         (JSC::FunctionParameters::append):
528         (JSC::FunctionParameters::isSimpleParameterList):
529         * parser/Parser.cpp:
530         (JSC::Parser<LexerType>::isArrowFunctionParameters):
531         (JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
532         (JSC::Parser<LexerType>::parseAsyncFunctionSourceElements):
533         (JSC::Parser<LexerType>::parseFormalParameters):
534         (JSC::Parser<LexerType>::parseFunctionBody):
535         (JSC::Parser<LexerType>::parseFunctionParameters):
536         (JSC::Parser<LexerType>::parseFunctionInfo):
537         * parser/Parser.h:
538         * parser/SyntaxChecker.h:
539         (JSC::SyntaxChecker::createFunctionMetadata):
540         * runtime/FunctionExecutable.h:
541         * runtime/JSFunction.cpp:
542         (JSC::JSFunction::createBuiltinFunction):
543         (JSC::JSFunction::reifyLength):
544
545 2017-03-15  Yusuke Suzuki  <utatane.tea@gmail.com>
546
547         [DFG] ToString operation should have fixup for primitives to say this node does not have side effects
548         https://bugs.webkit.org/show_bug.cgi?id=169544
549
550         Reviewed by Saam Barati.
551
552         Our DFG ToString only considers well about String operands. While ToString(non cell operand) does not have
553         any side effect, it is not modeled well in DFG.
554
555         This patch introduces a fixup for ToString with NonCellUse edge. If this edge is set, ToString does not
556         clobber things (like ToLowerCase, producing String). And ToString(NonCellUse) allows us to perform CSE!
557
558         Our microbenchmark shows 32.9% improvement due to dropped GetButterfly and CSE for ToString().
559
560                                             baseline                  patched
561
562             template-string-array       12.6284+-0.2766     ^      9.4998+-0.2295        ^ definitely 1.3293x faster
563
564         And SixSpeed template_string.es6 shows 16.68x performance improvement due to LICM onto this non-side-effectful ToString().
565
566                                           baseline                  patched
567
568             template_string.es6     3229.7343+-40.5705    ^    193.6077+-36.3349       ^ definitely 16.6818x faster
569
570         * dfg/DFGAbstractInterpreterInlines.h:
571         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
572         * dfg/DFGClobberize.h:
573         (JSC::DFG::clobberize):
574         * dfg/DFGFixupPhase.cpp:
575         (JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):
576         * dfg/DFGSpeculativeJIT.cpp:
577         (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnCell):
578         (JSC::DFG::SpeculativeJIT::speculateNotCell):
579         * dfg/DFGSpeculativeJIT.h:
580         * dfg/DFGSpeculativeJIT32_64.cpp:
581         (JSC::DFG::SpeculativeJIT::compile):
582         * dfg/DFGSpeculativeJIT64.cpp:
583         (JSC::DFG::SpeculativeJIT::compile):
584         * ftl/FTLLowerDFGToB3.cpp:
585         (JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructor):
586         (JSC::FTL::DFG::LowerDFGToB3::lowNotCell):
587         (JSC::FTL::DFG::LowerDFGToB3::speculateNotCell):
588
589 2017-03-15  Ryan Haddad  <ryanhaddad@apple.com>
590
591         Revert part of r213978 to see if it resolves LayoutTest crashes.
592         https://bugs.webkit.org/show_bug.cgi?id=169729
593
594         Reviewed by Alexey Proskuryakov.
595
596         * JavaScriptCore.xcodeproj/project.pbxproj:
597
598 2017-03-15  Guillaume Emont  <guijemont@igalia.com>
599
600         [jsc][mips] Fix compilation error introduced in r213652
601         https://bugs.webkit.org/show_bug.cgi?id=169723
602
603         Reviewed by Mark Lam.
604
605         The new replaceWithBkpt() contains a lapsus in it
606         (s/code/instructionStart) and won't compile.
607
608         * assembler/MIPSAssembler.h:
609         (JSC::MIPSAssembler::replaceWithBkpt):
610
611 2017-03-15  Daniel Ehrenberg  <littledan@chromium.org>
612
613         Switch back to ISO 4217 for Intl CurrencyDigits data
614         https://bugs.webkit.org/show_bug.cgi?id=169182
615     
616         Previously, a patch switched Intl.NumberFormat to use CLDR data through
617         ICU to get the default number of decimal digits for a currency.
618         However, that change actually violated the ECMA 402 specification,
619         which references ISO 4217 as the data source. This patch reverts to
620         an in-line implementation of that data.
621
622         Reviewed by Saam Barati.
623
624         * runtime/IntlNumberFormat.cpp:
625         (JSC::computeCurrencySortKey):
626         (JSC::extractCurrencySortKey):
627         (JSC::computeCurrencyDigits):
628
629 2017-03-15  Saam Barati  <sbarati@apple.com>
630
631         WebAssembly: When we GC to try to get a fast memory, we should call collectAllGarbage(), not collectSync()
632         https://bugs.webkit.org/show_bug.cgi?id=169704
633
634         Reviewed by Mark Lam.
635
636         We weren't always sweeping the memory needed to free
637         the WasmMemory we wanted to use. collectAllGarbage()
638         will do this if the JS objects wrapping WasmMemory
639         are dead.
640
641         This patch also moves the increment of the allocatedFastMemories
642         integer to be thread safe.
643
644         * wasm/WasmMemory.cpp:
645         (JSC::Wasm::tryGetFastMemory):
646
647 2017-03-15  Mark Lam  <mark.lam@apple.com>
648
649         Fix exception scope verification failures in jsc.cpp.
650         https://bugs.webkit.org/show_bug.cgi?id=164968
651
652         Reviewed by Saam Barati.
653
654         * jsc.cpp:
655         (WTF::CustomGetter::customGetter):
656
657         (GlobalObject::moduleLoaderResolve):
658         (GlobalObject::moduleLoaderFetch):
659         - The only way modules would throw an exception is if we encounter an OutOfMemory
660           error.  This should be extremely rare.  At this point, I don't think it's worth
661           doing the dance to propagate the exception when this happens.  Instead, we'll
662           simply do a RELEASE_ASSERT that we don't see any exceptions here.
663
664         (functionRun):
665         (functionRunString):
666         (functionLoadModule):
667         (functionCheckModuleSyntax):
668         (box):
669         (dumpException):
670         (runWithScripts):
671
672 2017-03-15  Mark Lam  <mark.lam@apple.com>
673
674         Fix missing exception checks in Interpreter.cpp.
675         https://bugs.webkit.org/show_bug.cgi?id=164964
676
677         Reviewed by Saam Barati.
678
679         * interpreter/Interpreter.cpp:
680         (JSC::eval):
681         (JSC::sizeOfVarargs):
682         (JSC::sizeFrameForVarargs):
683         (JSC::Interpreter::executeProgram):
684         (JSC::Interpreter::executeCall):
685         (JSC::Interpreter::executeConstruct):
686         (JSC::Interpreter::prepareForRepeatCall):
687         (JSC::Interpreter::execute):
688
689 2017-03-15  Dean Jackson  <dino@apple.com>
690
691         Sort Xcode project files
692         https://bugs.webkit.org/show_bug.cgi?id=169669
693
694         Reviewed by Antoine Quint.
695
696         * JavaScriptCore.xcodeproj/project.pbxproj:
697
698 2017-03-14  Tomas Popela  <tpopela@redhat.com>
699
700         Wrong condition in offlineasm/risc.rb
701         https://bugs.webkit.org/show_bug.cgi?id=169597
702
703         Reviewed by Mark Lam.
704
705         It's missing the 'and' operator between the conditions.
706
707         * offlineasm/risc.rb:
708
709 2017-03-14  Mark Lam  <mark.lam@apple.com>
710
711         BytecodeGenerator should use the same function to determine if it needs to store the DerivedConstructor in an ArrowFunction lexical environment.
712         https://bugs.webkit.org/show_bug.cgi?id=169647
713         <rdar://problem/31051832>
714
715         Reviewed by Michael Saboff.
716
717         * bytecompiler/BytecodeGenerator.cpp:
718         (JSC::BytecodeGenerator::usesDerivedConstructorInArrowFunctionLexicalEnvironment):
719         (JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
720         (JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
721         * bytecompiler/BytecodeGenerator.h:
722
723 2017-03-14  Brian Burg  <bburg@apple.com>
724
725         [Cocoa] Web Inspector: generated code for parsing an array of primitive-type enums from payload does not work
726         https://bugs.webkit.org/show_bug.cgi?id=169629
727
728         Reviewed by Joseph Pecoraro.
729
730         This was encountered while trying to compile new protocol definitions that support the Actions API.
731
732         * inspector/scripts/codegen/models.py:
733         (EnumType.__repr__): Improve debug logging so fields match the class member names.
734
735         * inspector/scripts/codegen/objc_generator.py:
736         (ObjCGenerator.payload_to_objc_expression_for_member):
737         If the array elements are actually a primitive type, then there's no need to do any
738         conversion from a payload. This happens for free since the payload is a tree of
739         NSDictionary, NSString, NSNumber, etc. 
740
741         * inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
742         * inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
743         Rebaseline.
744
745         * inspector/scripts/tests/generic/type-declaration-object-type.json:
746         Add new cases for properties that contain an array with enum type references and an array of anonymous enums.
747
748 2017-03-14  Filip Pizlo  <fpizlo@apple.com>
749
750         Record the HashSet/HashMap operations in DFG/FTL/B3 and replay them in a benchmark
751         https://bugs.webkit.org/show_bug.cgi?id=169590
752
753         Reviewed by Saam Barati.
754         
755         Adds code to support logging some hashtable stuff in the DFG.
756
757         * dfg/DFGAvailabilityMap.cpp:
758         (JSC::DFG::AvailabilityMap::pruneHeap):
759         * dfg/DFGCombinedLiveness.cpp:
760         (JSC::DFG::liveNodesAtHead):
761         (JSC::DFG::CombinedLiveness::CombinedLiveness):
762         * dfg/DFGCombinedLiveness.h:
763         * dfg/DFGLivenessAnalysisPhase.cpp:
764         (JSC::DFG::LivenessAnalysisPhase::run):
765         (JSC::DFG::LivenessAnalysisPhase::processBlock):
766         * dfg/DFGNode.cpp:
767         * dfg/DFGNode.h:
768         * dfg/DFGObjectAllocationSinkingPhase.cpp:
769
770 2017-03-14  Joseph Pecoraro  <pecoraro@apple.com>
771
772         Web Inspector: Remove unused Network protocol event
773         https://bugs.webkit.org/show_bug.cgi?id=169619
774
775         Reviewed by Mark Lam.
776
777         * inspector/protocol/Network.json:
778         This became unused in r213621 and should have been removed
779         from the protocol file then.
780
781 2017-03-14  Mark Lam  <mark.lam@apple.com>
782
783         Add a null check in VMTraps::willDestroyVM() to handle a race condition.
784         https://bugs.webkit.org/show_bug.cgi?id=169620
785
786         Reviewed by Filip Pizlo.
787
788         There exists a race between VMTraps::willDestroyVM() (which removed SignalSenders
789         from its m_signalSenders list) and SignalSender::send() (which removes itself
790         from the list).  In the event that SignalSender::send() removes itself between
791         the time that VMTraps::willDestroyVM() checks if m_signalSenders is empty and the
792         time it takes a sender from m_signalSenders, VMTraps::willDestroyVM() may end up
793         with a NULL sender pointer.  The fix is to add the missing null check before using
794         the sender pointer.
795
796         * runtime/VMTraps.cpp:
797         (JSC::VMTraps::willDestroyVM):
798         (JSC::VMTraps::fireTrap):
799         * runtime/VMTraps.h:
800
801 2017-03-14  Mark Lam  <mark.lam@apple.com>
802
803         Gardening: Speculative build fix for CLoop after r213886.
804         https://bugs.webkit.org/show_bug.cgi?id=169436
805
806         Not reviewed.
807
808         * runtime/MachineContext.h:
809
810 2017-03-14  Yusuke Suzuki  <utatane.tea@gmail.com>
811
812         [JSC] Drop unnecessary pthread_attr_t for JIT enabled Linux / FreeBSD environment
813         https://bugs.webkit.org/show_bug.cgi?id=169592
814
815         Reviewed by Carlos Garcia Campos.
816
817         Since suspended mcontext_t has all the necessary information, we can drop
818         pthread_attr_t allocation and destroy for JIT enabled Linux / FreeBSD environment.
819
820         * heap/MachineStackMarker.cpp:
821         (JSC::MachineThreads::Thread::getRegisters):
822         (JSC::MachineThreads::Thread::Registers::stackPointer):
823         (JSC::MachineThreads::Thread::Registers::framePointer):
824         (JSC::MachineThreads::Thread::Registers::instructionPointer):
825         (JSC::MachineThreads::Thread::Registers::llintPC):
826         (JSC::MachineThreads::Thread::freeRegisters):
827         * heap/MachineStackMarker.h:
828
829 2017-03-14  Zan Dobersek  <zdobersek@igalia.com>
830
831         [GLib] Use USE(GLIB) guards in JavaScriptCore/inspector/EventLoop.cpp
832         https://bugs.webkit.org/show_bug.cgi?id=169594
833
834         Reviewed by Carlos Garcia Campos.
835
836         Instead of PLATFORM(GTK) guards, utilize the USE(GLIB) build guards
837         to guard the GLib-specific includes and invocations in the JSC
838         inspector's EventLoop class implementation.
839
840         * inspector/EventLoop.cpp:
841         (Inspector::EventLoop::cycle):
842
843 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
844
845         [JSC][Linux] Implement VMTrap in Linux ports
846         https://bugs.webkit.org/show_bug.cgi?id=169436
847
848         Reviewed by Mark Lam.
849
850         This patch port VMTrap to Linux ports.
851         We extract MachineContext accessors from various places (wasm/, heap/ and tools/)
852         and use them in all the JSC code.
853
854         * JavaScriptCore.xcodeproj/project.pbxproj:
855         * heap/MachineStackMarker.cpp:
856         (JSC::MachineThreads::Thread::Registers::stackPointer):
857         (JSC::MachineThreads::Thread::Registers::framePointer):
858         (JSC::MachineThreads::Thread::Registers::instructionPointer):
859         (JSC::MachineThreads::Thread::Registers::llintPC):
860         * heap/MachineStackMarker.h:
861         * runtime/MachineContext.h: Added.
862         (JSC::MachineContext::stackPointer):
863         (JSC::MachineContext::framePointer):
864         (JSC::MachineContext::instructionPointer):
865         (JSC::MachineContext::argumentPointer<1>):
866         (JSC::MachineContext::argumentPointer):
867         (JSC::MachineContext::llintInstructionPointer):
868         * runtime/PlatformThread.h:
869         (JSC::platformThreadSignal):
870         * runtime/VMTraps.cpp:
871         (JSC::SignalContext::SignalContext):
872         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
873         * tools/CodeProfiling.cpp:
874         (JSC::profilingTimer):
875         * tools/SigillCrashAnalyzer.cpp:
876         (JSC::SignalContext::SignalContext):
877         (JSC::SignalContext::dump):
878         * tools/VMInspector.cpp:
879         * wasm/WasmFaultSignalHandler.cpp:
880         (JSC::Wasm::trapHandler):
881
882 2017-03-13  Mark Lam  <mark.lam@apple.com>
883
884         Make the HeapVerifier useful again.
885         https://bugs.webkit.org/show_bug.cgi?id=161752
886
887         Reviewed by Filip Pizlo.
888
889         Resurrect the HeapVerifier.  Here's what the verifier now offers:
890
891         1. It captures the list of cells before and after GCs up to N GC cycles.
892            N is set by JSC_numberOfGCCyclesToRecordForVerification.
893            Currently, N defaults to 3.
894
895            This is useful if we're debugging in lldb and want to check if a candidate
896            cell pointer was observed by the GC during the last N GC cycles.  We can do
897            this check buy calling HeapVerifier::checkIfRecorded() with the cell address.
898
899            HeapVerifier::checkIfRecorded() is robust and can be used on bogus addresses.
900            If the candidate cell was previously recorded by the HeapVerifier during a
901            GC cycle, checkIfRecorded() will dump any useful info it has on that cell.
902
903         2. The HeapVerifier will verify that cells in its captured list after a GC are
904            sane.  Some examples of cell insanity are:
905            - the cell claims to belong to a different VM.
906            - the cell has a NULL structureID.
907            - the cell has a NULL structure.
908            - the cell's structure has a NULL structureID.
909            - the cell's structure has a NULL structure.
910            - the cell's structure's structure has a NULL structureID.
911            - the cell's structure's structure has a NULL structure.
912
913            These are all signs of corruption or a GC bug.  The verifier will report any
914            insanity it finds, and then crash with a RELEASE_ASSERT.
915
916         3. Since the HeapVerifier captures list of cells in the heap before and after GCs
917            for the last N GCs, it will also automatically "trim" dead cells those list
918            after the most recent GC.
919
920            "trim" here means that the CellProfile in the HeapVerifier's lists will be
921            updated to reflect that the cell is now dead.  It still keeps a record of the
922            dead cell pointer and the meta data collected about it back when it was alive.
923            As a result, checkIfRecorded() will also report if the candidate cell passed
924            to it is a dead object from a previous GC cycle. 
925
926         4. Each CellProfile captured by the HeapVerifier now track the following info:
927            - the cell's HeapCell::Kind.
928            - the cell's liveness.
929            - if is JSCell, the cell's classInfo()->className.
930            - an associated timestamp.
931            - an associated stack trace.
932
933            Currently, the timestamp is only used for the time when the cell was recorded
934            by the HeapVerifier during GC.  The stack trace is currently unused.
935
936            However, these fields are kept there so that we can instrument the VM (during
937            a debugging session, which requires rebuilding the VM) and record interesting
938            stack traces like that of the time of allocation of the cell.  Since
939            capturing the stack traces for each cell is a very heavy weight operation,
940            the HeapVerifier code does not do this by default.  Instead, we just leave
941            the building blocks for doing so in place to ease future debugging efforts.
942
943         * heap/Heap.cpp:
944         (JSC::Heap::runBeginPhase):
945         (JSC::Heap::runEndPhase):
946         (JSC::Heap::didFinishCollection):
947         * heap/Heap.h:
948         (JSC::Heap::verifier):
949         * heap/MarkedAllocator.h:
950         (JSC::MarkedAllocator::takeLastActiveBlock): Deleted.
951         * heap/MarkedSpace.h:
952         * heap/MarkedSpaceInlines.h:
953         (JSC::MarkedSpace::forEachLiveCell):
954         * tools/CellList.cpp:
955         (JSC::CellList::find):
956         (JSC::CellList::reset):
957         (JSC::CellList::findCell): Deleted.
958         * tools/CellList.h:
959         (JSC::CellList::CellList):
960         (JSC::CellList::name):
961         (JSC::CellList::size):
962         (JSC::CellList::cells):
963         (JSC::CellList::add):
964         (JSC::CellList::reset): Deleted.
965         * tools/CellProfile.h:
966         (JSC::CellProfile::CellProfile):
967         (JSC::CellProfile::cell):
968         (JSC::CellProfile::jsCell):
969         (JSC::CellProfile::isJSCell):
970         (JSC::CellProfile::kind):
971         (JSC::CellProfile::isLive):
972         (JSC::CellProfile::isDead):
973         (JSC::CellProfile::setIsLive):
974         (JSC::CellProfile::setIsDead):
975         (JSC::CellProfile::timestamp):
976         (JSC::CellProfile::className):
977         (JSC::CellProfile::stackTrace):
978         (JSC::CellProfile::setStackTrace):
979         * tools/HeapVerifier.cpp:
980         (JSC::HeapVerifier::startGC):
981         (JSC::HeapVerifier::endGC):
982         (JSC::HeapVerifier::gatherLiveCells):
983         (JSC::trimDeadCellsFromList):
984         (JSC::HeapVerifier::trimDeadCells):
985         (JSC::HeapVerifier::printVerificationHeader):
986         (JSC::HeapVerifier::verifyCellList):
987         (JSC::HeapVerifier::validateCell):
988         (JSC::HeapVerifier::validateJSCell):
989         (JSC::HeapVerifier::verify):
990         (JSC::HeapVerifier::reportCell):
991         (JSC::HeapVerifier::checkIfRecorded):
992         (JSC::HeapVerifier::initializeGCCycle): Deleted.
993         (JSC::GatherCellFunctor::GatherCellFunctor): Deleted.
994         (JSC::GatherCellFunctor::visit): Deleted.
995         (JSC::GatherCellFunctor::operator()): Deleted.
996         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace): Deleted.
997         * tools/HeapVerifier.h:
998         (JSC::HeapVerifier::GCCycle::reset):
999
1000 2017-03-13  SKumarMetro  <s.kumar@metrological.com>
1001
1002         JSC: fix compilation errors for MIPS
1003         https://bugs.webkit.org/show_bug.cgi?id=168402
1004
1005         Reviewed by Mark Lam.
1006
1007         * assembler/MIPSAssembler.h:
1008         (JSC::MIPSAssembler::fillNops):
1009         Added.
1010         * assembler/MacroAssemblerMIPS.h:
1011         Added MacroAssemblerMIPS::numGPRs and MacroAssemblerMIPS::numFPRs .
1012         * bytecode/InlineAccess.h:
1013         (JSC::InlineAccess::sizeForPropertyAccess):
1014         (JSC::InlineAccess::sizeForPropertyReplace):
1015         (JSC::InlineAccess::sizeForLengthAccess):
1016         Added MIPS cases.
1017
1018 2017-03-13  Filip Pizlo  <fpizlo@apple.com>
1019
1020         FTL should not flush strict arguments unless it really needs to
1021         https://bugs.webkit.org/show_bug.cgi?id=169519
1022
1023         Reviewed by Mark Lam.
1024         
1025         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
1026         in DFG SSA IR. It can sometimes unlock other optimizations.
1027         
1028         Relanding after I fixed the special cases for CreateArguments-style nodes. 
1029
1030         * dfg/DFGPreciseLocalClobberize.h:
1031         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
1032
1033 2017-03-13  Devin Rousso  <webkit@devinrousso.com>
1034
1035         Web Inspector: Event Listeners section is missing 'once', 'passive' event listener flags
1036         https://bugs.webkit.org/show_bug.cgi?id=167080
1037
1038         Reviewed by Joseph Pecoraro.
1039
1040         * inspector/protocol/DOM.json:
1041         Add "passive" and "once" items to the EventListener type.
1042
1043 2017-03-13  Mark Lam  <mark.lam@apple.com>
1044
1045         Remove obsolete experimental ObjC SPI.
1046         https://bugs.webkit.org/show_bug.cgi?id=169569
1047
1048         Reviewed by Saam Barati.
1049
1050         * API/JSVirtualMachine.mm:
1051         (-[JSVirtualMachine enableSigillCrashAnalyzer]): Deleted.
1052         * API/JSVirtualMachinePrivate.h: Removed.
1053         * JavaScriptCore.xcodeproj/project.pbxproj:
1054
1055 2017-03-13  Commit Queue  <commit-queue@webkit.org>
1056
1057         Unreviewed, rolling out r213856.
1058         https://bugs.webkit.org/show_bug.cgi?id=169562
1059
1060         Breaks JSC stress test stress/super-property-access.js.ftl-
1061         eager failing (Requested by mlam|g on #webkit).
1062
1063         Reverted changeset:
1064
1065         "FTL should not flush strict arguments unless it really needs
1066         to"
1067         https://bugs.webkit.org/show_bug.cgi?id=169519
1068         http://trac.webkit.org/changeset/213856
1069
1070 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1071
1072         [JSC][Linux] Allow profilers to demangle C++ names
1073         https://bugs.webkit.org/show_bug.cgi?id=169559
1074
1075         Reviewed by Michael Catanzaro.
1076
1077         Linux also offers dladdr & demangling feature.
1078         Thus, we can use it to show the names in profilers.
1079         For example, SamplingProfiler tells us the C function names.
1080
1081         * runtime/SamplingProfiler.cpp:
1082         (JSC::SamplingProfiler::StackFrame::displayName):
1083         * tools/CodeProfile.cpp:
1084         (JSC::symbolName):
1085
1086 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1087
1088         [WTF] Clean up RunLoop and WorkQueue with Seconds and Function
1089         https://bugs.webkit.org/show_bug.cgi?id=169537
1090
1091         Reviewed by Sam Weinig.
1092
1093         * runtime/Watchdog.cpp:
1094         (JSC::Watchdog::startTimer):
1095
1096 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
1097
1098         FTL should not flush strict arguments unless it really needs to
1099         https://bugs.webkit.org/show_bug.cgi?id=169519
1100
1101         Reviewed by Mark Lam.
1102         
1103         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
1104         in DFG SSA IR. It can sometimes unlock other optimizations.
1105
1106         * dfg/DFGPreciseLocalClobberize.h:
1107         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
1108
1109 2017-03-13  Caio Lima  <ticaiolima@gmail.com>
1110
1111         [JSC] It should be possible create a label named let when parsing Statement in non strict mode
1112         https://bugs.webkit.org/show_bug.cgi?id=168684
1113
1114         Reviewed by Saam Barati.
1115
1116         This patch is fixing a Parser bug to allow define a label named
1117         ```let``` in sloppy mode when parsing a Statement.
1118
1119         * parser/Parser.cpp:
1120         (JSC::Parser<LexerType>::parseStatement):
1121
1122 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
1123
1124         Structure::willStoreValueSlow needs to keep the property table alive until the end
1125         https://bugs.webkit.org/show_bug.cgi?id=169520
1126
1127         Reviewed by Michael Saboff.
1128
1129         We use pointers logically interior to `propertyTable` after doing a GC. We need to prevent the
1130         compiler from optimizing away pointers to `propertyTable`.
1131         
1132         * heap/HeapCell.cpp:
1133         (JSC::HeapCell::use):
1134         * heap/HeapCell.h:
1135         (JSC::HeapCell::use): Introduce API for keeping a pointer alive until some point in execution.
1136         * runtime/Structure.cpp:
1137         (JSC::Structure::willStoreValueSlow): Use HeapCell::use() to keep the pointer alive.
1138
1139 2017-03-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1140
1141         Unreviewed, suprress warnings in JSC B3
1142
1143         * b3/B3Opcode.cpp:
1144
1145 2017-03-11  Michael Saboff  <msaboff@apple.com>
1146
1147         Allow regular expressions to be used when selecting a process name in JSC config file
1148         https://bugs.webkit.org/show_bug.cgi?id=169495
1149
1150         Reviewed by Saam Barati.
1151
1152         Only added regular expression selectors for unix like platforms.
1153
1154         * runtime/ConfigFile.cpp:
1155         (JSC::ConfigFileScanner::tryConsumeRegExPattern):
1156         (JSC::ConfigFile::parse):
1157
1158 2017-03-11  Jon Lee  <jonlee@apple.com>
1159
1160         WebGPU prototype - Front-End
1161         https://bugs.webkit.org/show_bug.cgi?id=167952
1162
1163         Reviewed by Dean Jackson.
1164
1165         * runtime/CommonIdentifiers.h: Add WebGPU objects.
1166
1167 2017-03-10  Filip Pizlo  <fpizlo@apple.com>
1168
1169         The JITs should be able to emit fast TLS loads
1170         https://bugs.webkit.org/show_bug.cgi?id=169483
1171
1172         Reviewed by Keith Miller.
1173         
1174         Added loadFromTLS32/64/Ptr to the MacroAssembler and added a B3 test for this.
1175
1176         * assembler/ARM64Assembler.h:
1177         (JSC::ARM64Assembler::mrs_TPIDRRO_EL0):
1178         * assembler/MacroAssembler.h:
1179         (JSC::MacroAssembler::loadFromTLSPtr):
1180         * assembler/MacroAssemblerARM64.h:
1181         (JSC::MacroAssemblerARM64::loadFromTLS32):
1182         (JSC::MacroAssemblerARM64::loadFromTLS64):
1183         * assembler/MacroAssemblerX86Common.h:
1184         (JSC::MacroAssemblerX86Common::loadFromTLS32):
1185         * assembler/MacroAssemblerX86_64.h:
1186         (JSC::MacroAssemblerX86_64::loadFromTLS64):
1187         * assembler/X86Assembler.h:
1188         (JSC::X86Assembler::adcl_im):
1189         (JSC::X86Assembler::addl_mr):
1190         (JSC::X86Assembler::addl_im):
1191         (JSC::X86Assembler::andl_im):
1192         (JSC::X86Assembler::orl_im):
1193         (JSC::X86Assembler::orl_rm):
1194         (JSC::X86Assembler::subl_im):
1195         (JSC::X86Assembler::cmpb_im):
1196         (JSC::X86Assembler::cmpl_rm):
1197         (JSC::X86Assembler::cmpl_im):
1198         (JSC::X86Assembler::testb_im):
1199         (JSC::X86Assembler::movb_i8m):
1200         (JSC::X86Assembler::movb_rm):
1201         (JSC::X86Assembler::movl_mr):
1202         (JSC::X86Assembler::movq_mr):
1203         (JSC::X86Assembler::movsxd_rr):
1204         (JSC::X86Assembler::gs):
1205         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
1206         * b3/testb3.cpp:
1207         (JSC::B3::testFastTLS):
1208         (JSC::B3::run):
1209
1210 2017-03-10  Alex Christensen  <achristensen@webkit.org>
1211
1212         Fix watch and tv builds after r213294
1213         https://bugs.webkit.org/show_bug.cgi?id=169508
1214
1215         Reviewed by Dan Bernstein.
1216
1217         * Configurations/FeatureDefines.xcconfig:
1218
1219 2017-03-10  Saam Barati  <sbarati@apple.com>
1220
1221         WebAssembly: Make more demos run
1222         https://bugs.webkit.org/show_bug.cgi?id=165510
1223         <rdar://problem/29760310>
1224
1225         Reviewed by Keith Miller.
1226
1227         This patch makes another Wasm demo run:
1228         https://kripken.github.io/BananaBread/cube2/bb.html
1229         
1230         This patch fixes two bugs:
1231         1. When WebAssemblyFunctionType was added, we did not properly
1232         update the last JS type value.
1233         2. Our code for our JS -> Wasm entrypoint was wrong. It lead to bad
1234         code generation where we would emit B3 that would write over r12
1235         and rbx (on x86) which is invalid since those are our pinned registers.
1236         This patch just rewrites the entrypoint to use hand written assembler
1237         code. I was planning on doing this anyways because it's a compile
1238         time speed boost.
1239         
1240         Also, this patch adds support for some new API features:
1241         We can now export an import, either via a direct export, or via a Table and the
1242         Element section. I've added a new class called WebAssemblyWrapperFunction that
1243         just wraps over a JSObject that is a function. Wrapper functions have types
1244         associated with them, so if they're re-imported, or called via call_indirect,
1245         they can be type checked.
1246
1247         * CMakeLists.txt:
1248         * JavaScriptCore.xcodeproj/project.pbxproj:
1249         * runtime/JSGlobalObject.cpp:
1250         (JSC::JSGlobalObject::init):
1251         (JSC::JSGlobalObject::visitChildren):
1252         * runtime/JSGlobalObject.h:
1253         (JSC::JSGlobalObject::webAssemblyWrapperFunctionStructure):
1254         * runtime/JSType.h:
1255         * wasm/JSWebAssemblyCodeBlock.h:
1256         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
1257         * wasm/WasmB3IRGenerator.cpp:
1258         (JSC::Wasm::createJSToWasmWrapper):
1259         * wasm/WasmCallingConvention.h:
1260         (JSC::Wasm::CallingConvention::headerSizeInBytes):
1261         * wasm/js/JSWebAssemblyHelpers.h:
1262         (JSC::isWebAssemblyHostFunction):
1263         * wasm/js/JSWebAssemblyInstance.cpp:
1264         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
1265         * wasm/js/JSWebAssemblyInstance.h:
1266         (JSC::JSWebAssemblyInstance::importFunction):
1267         (JSC::JSWebAssemblyInstance::importFunctions):
1268         (JSC::JSWebAssemblyInstance::setImportFunction):
1269         * wasm/js/JSWebAssemblyTable.cpp:
1270         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
1271         (JSC::JSWebAssemblyTable::grow):
1272         (JSC::JSWebAssemblyTable::clearFunction):
1273         (JSC::JSWebAssemblyTable::setFunction):
1274         * wasm/js/JSWebAssemblyTable.h:
1275         (JSC::JSWebAssemblyTable::getFunction):
1276         * wasm/js/WebAssemblyFunction.cpp:
1277         (JSC::callWebAssemblyFunction):
1278         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1279         (JSC::WebAssemblyInstanceConstructor::createInstance):
1280         * wasm/js/WebAssemblyModuleRecord.cpp:
1281         (JSC::WebAssemblyModuleRecord::link):
1282         (JSC::WebAssemblyModuleRecord::evaluate):
1283         * wasm/js/WebAssemblyModuleRecord.h:
1284         * wasm/js/WebAssemblyTablePrototype.cpp:
1285         (JSC::webAssemblyTableProtoFuncGet):
1286         (JSC::webAssemblyTableProtoFuncSet):
1287         * wasm/js/WebAssemblyWrapperFunction.cpp: Added.
1288         (JSC::callWebAssemblyWrapperFunction):
1289         (JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
1290         (JSC::WebAssemblyWrapperFunction::create):
1291         (JSC::WebAssemblyWrapperFunction::finishCreation):
1292         (JSC::WebAssemblyWrapperFunction::createStructure):
1293         (JSC::WebAssemblyWrapperFunction::visitChildren):
1294         * wasm/js/WebAssemblyWrapperFunction.h: Added.
1295         (JSC::WebAssemblyWrapperFunction::signatureIndex):
1296         (JSC::WebAssemblyWrapperFunction::wasmEntrypoint):
1297         (JSC::WebAssemblyWrapperFunction::function):
1298
1299 2017-03-10  Mark Lam  <mark.lam@apple.com>
1300
1301         JSC: BindingNode::bindValue doesn't increase the scope's reference count.
1302         https://bugs.webkit.org/show_bug.cgi?id=168546
1303         <rdar://problem/30589551>
1304
1305         Reviewed by Saam Barati.
1306
1307         We should protect the scope RegisterID with a RefPtr while it is still needed.
1308
1309         * bytecompiler/NodesCodegen.cpp:
1310         (JSC::ForInNode::emitLoopHeader):
1311         (JSC::ForOfNode::emitBytecode):
1312         (JSC::BindingNode::bindValue):
1313
1314 2017-03-10  Alex Christensen  <achristensen@webkit.org>
1315
1316         Fix CMake build.
1317
1318         * CMakeLists.txt:
1319         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
1320
1321 2017-03-10  Mark Lam  <mark.lam@apple.com>
1322
1323         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
1324         https://bugs.webkit.org/show_bug.cgi?id=169454
1325
1326         Reviewed by Michael Saboff.
1327
1328         The underlying implementation is hoisted right out of Assertions.cpp from the
1329         implementations of WTFPrintBacktrace().
1330
1331         The reason we need this StackTrace object is because during heap debugging, we
1332         sometimes want to capture the stack trace that allocated the objects of interest.
1333         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
1334         perturb the execution profile sufficiently that an issue may not reproduce,
1335         while alternatively, just capturing the stack trace and deferring printing it
1336         till we actually need it later perturbs the execution profile less.
1337
1338         In addition, just capturing the stack traces (instead of printing them
1339         immediately at each capture site) allows us to avoid polluting stdout with tons
1340         of stack traces that may be irrelevant.
1341
1342         For now, we only capture the native stack trace.  We'll leave capturing and
1343         integrating the JS stack trace as an exercise for the future if we need it then.
1344
1345         Here's an example of how to use this StackTrace utility:
1346
1347             // Capture a stack trace of the top 10 frames.
1348             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
1349             // Print the trace.
1350             dataLog(*trace);
1351
1352         * CMakeLists.txt:
1353         * JavaScriptCore.xcodeproj/project.pbxproj:
1354         * tools/StackTrace.cpp: Added.
1355         (JSC::StackTrace::instanceSize):
1356         (JSC::StackTrace::captureStackTrace):
1357         (JSC::StackTrace::dump):
1358         * tools/StackTrace.h: Added.
1359         (JSC::StackTrace::size):
1360         (JSC::StackTrace::StackTrace):
1361
1362 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
1363
1364         B3 should have comprehensive support for atomic operations
1365         https://bugs.webkit.org/show_bug.cgi?id=162349
1366
1367         Reviewed by Keith Miller.
1368         
1369         This adds the following capabilities to B3:
1370         
1371         - Atomic weak/strong unfenced/fenced compare-and-swap
1372         - Atomic add/sub/or/and/xor/xchg
1373         - Acquire/release fencing on loads/stores
1374         - Fenceless load-load dependencies
1375         
1376         This adds lowering to the following instructions on x86:
1377         
1378         - lock cmpxchg
1379         - lock xadd
1380         - lock add/sub/or/and/xor/xchg
1381         
1382         This adds lowering to the following instructions on ARM64:
1383         
1384         - ldar and friends
1385         - stlr and friends
1386         - ldxr and friends (unfenced LL)
1387         - stxr and friends (unfended SC)
1388         - ldaxr and friends (fenced LL)
1389         - stlxr and friends (fenced SC)
1390         - eor as a fenceless load-load dependency
1391         
1392         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
1393         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
1394         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
1395         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
1396         generate the best possible branch sequence on x86 and ARM64.
1397         
1398         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
1399         respect to each other and with respect to rel stores, creating sequential consistency that
1400         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
1401         fence effects may only target some abstract heaps but not others, so that load elimination and
1402         store sinking can still operate across fences if you just tell B3 that the fence does not alias
1403         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
1404         Even better, it lets you express fine-grained dependencies where the atomics that affect one
1405         property in shared memory do not clobber non-atomics that ffect some other property in shared
1406         memory.
1407         
1408         One of my favorite features is Depend, which allows you to express load-load dependencies. On
1409         x86 it lowers to nothing, while on ARM64 it lowers to eor.
1410         
1411         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
1412         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
1413         
1414         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
1415         implementations of the Atomics object, for now.
1416         
1417         * CMakeLists.txt:
1418         * JavaScriptCore.xcodeproj/project.pbxproj:
1419         * assembler/ARM64Assembler.h:
1420         (JSC::ARM64Assembler::ldar):
1421         (JSC::ARM64Assembler::ldxr):
1422         (JSC::ARM64Assembler::ldaxr):
1423         (JSC::ARM64Assembler::stxr):
1424         (JSC::ARM64Assembler::stlr):
1425         (JSC::ARM64Assembler::stlxr):
1426         (JSC::ARM64Assembler::excepnGenerationImmMask):
1427         (JSC::ARM64Assembler::exoticLoad):
1428         (JSC::ARM64Assembler::storeRelease):
1429         (JSC::ARM64Assembler::exoticStore):
1430         * assembler/AbstractMacroAssembler.cpp: Added.
1431         (WTF::printInternal):
1432         * assembler/AbstractMacroAssembler.h:
1433         (JSC::AbstractMacroAssemblerBase::invert):
1434         * assembler/MacroAssembler.h:
1435         * assembler/MacroAssemblerARM64.h:
1436         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
1437         (JSC::MacroAssemblerARM64::loadAcq8):
1438         (JSC::MacroAssemblerARM64::storeRel8):
1439         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
1440         (JSC::MacroAssemblerARM64::loadAcq16):
1441         (JSC::MacroAssemblerARM64::storeRel16):
1442         (JSC::MacroAssemblerARM64::loadAcq32):
1443         (JSC::MacroAssemblerARM64::loadAcq64):
1444         (JSC::MacroAssemblerARM64::storeRel32):
1445         (JSC::MacroAssemblerARM64::storeRel64):
1446         (JSC::MacroAssemblerARM64::loadLink8):
1447         (JSC::MacroAssemblerARM64::loadLinkAcq8):
1448         (JSC::MacroAssemblerARM64::storeCond8):
1449         (JSC::MacroAssemblerARM64::storeCondRel8):
1450         (JSC::MacroAssemblerARM64::loadLink16):
1451         (JSC::MacroAssemblerARM64::loadLinkAcq16):
1452         (JSC::MacroAssemblerARM64::storeCond16):
1453         (JSC::MacroAssemblerARM64::storeCondRel16):
1454         (JSC::MacroAssemblerARM64::loadLink32):
1455         (JSC::MacroAssemblerARM64::loadLinkAcq32):
1456         (JSC::MacroAssemblerARM64::storeCond32):
1457         (JSC::MacroAssemblerARM64::storeCondRel32):
1458         (JSC::MacroAssemblerARM64::loadLink64):
1459         (JSC::MacroAssemblerARM64::loadLinkAcq64):
1460         (JSC::MacroAssemblerARM64::storeCond64):
1461         (JSC::MacroAssemblerARM64::storeCondRel64):
1462         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
1463         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
1464         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
1465         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
1466         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
1467         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
1468         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
1469         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
1470         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
1471         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
1472         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
1473         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
1474         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
1475         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
1476         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
1477         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
1478         (JSC::MacroAssemblerARM64::depend32):
1479         (JSC::MacroAssemblerARM64::depend64):
1480         (JSC::MacroAssemblerARM64::loadLink):
1481         (JSC::MacroAssemblerARM64::loadLinkAcq):
1482         (JSC::MacroAssemblerARM64::storeCond):
1483         (JSC::MacroAssemblerARM64::storeCondRel):
1484         (JSC::MacroAssemblerARM64::signExtend):
1485         (JSC::MacroAssemblerARM64::branch):
1486         (JSC::MacroAssemblerARM64::atomicStrongCAS):
1487         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
1488         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
1489         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
1490         (JSC::MacroAssemblerARM64::extractSimpleAddress):
1491         (JSC::MacroAssemblerARM64::signExtend<8>):
1492         (JSC::MacroAssemblerARM64::signExtend<16>):
1493         (JSC::MacroAssemblerARM64::branch<64>):
1494         * assembler/MacroAssemblerX86Common.h:
1495         (JSC::MacroAssemblerX86Common::add32):
1496         (JSC::MacroAssemblerX86Common::and32):
1497         (JSC::MacroAssemblerX86Common::and16):
1498         (JSC::MacroAssemblerX86Common::and8):
1499         (JSC::MacroAssemblerX86Common::neg32):
1500         (JSC::MacroAssemblerX86Common::neg16):
1501         (JSC::MacroAssemblerX86Common::neg8):
1502         (JSC::MacroAssemblerX86Common::or32):
1503         (JSC::MacroAssemblerX86Common::or16):
1504         (JSC::MacroAssemblerX86Common::or8):
1505         (JSC::MacroAssemblerX86Common::sub16):
1506         (JSC::MacroAssemblerX86Common::sub8):
1507         (JSC::MacroAssemblerX86Common::sub32):
1508         (JSC::MacroAssemblerX86Common::xor32):
1509         (JSC::MacroAssemblerX86Common::xor16):
1510         (JSC::MacroAssemblerX86Common::xor8):
1511         (JSC::MacroAssemblerX86Common::not32):
1512         (JSC::MacroAssemblerX86Common::not16):
1513         (JSC::MacroAssemblerX86Common::not8):
1514         (JSC::MacroAssemblerX86Common::store16):
1515         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
1516         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
1517         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
1518         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
1519         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
1520         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
1521         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
1522         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
1523         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
1524         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
1525         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
1526         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
1527         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
1528         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
1529         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
1530         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
1531         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
1532         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
1533         (JSC::MacroAssemblerX86Common::atomicAdd8):
1534         (JSC::MacroAssemblerX86Common::atomicAdd16):
1535         (JSC::MacroAssemblerX86Common::atomicAdd32):
1536         (JSC::MacroAssemblerX86Common::atomicSub8):
1537         (JSC::MacroAssemblerX86Common::atomicSub16):
1538         (JSC::MacroAssemblerX86Common::atomicSub32):
1539         (JSC::MacroAssemblerX86Common::atomicAnd8):
1540         (JSC::MacroAssemblerX86Common::atomicAnd16):
1541         (JSC::MacroAssemblerX86Common::atomicAnd32):
1542         (JSC::MacroAssemblerX86Common::atomicOr8):
1543         (JSC::MacroAssemblerX86Common::atomicOr16):
1544         (JSC::MacroAssemblerX86Common::atomicOr32):
1545         (JSC::MacroAssemblerX86Common::atomicXor8):
1546         (JSC::MacroAssemblerX86Common::atomicXor16):
1547         (JSC::MacroAssemblerX86Common::atomicXor32):
1548         (JSC::MacroAssemblerX86Common::atomicNeg8):
1549         (JSC::MacroAssemblerX86Common::atomicNeg16):
1550         (JSC::MacroAssemblerX86Common::atomicNeg32):
1551         (JSC::MacroAssemblerX86Common::atomicNot8):
1552         (JSC::MacroAssemblerX86Common::atomicNot16):
1553         (JSC::MacroAssemblerX86Common::atomicNot32):
1554         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
1555         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
1556         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
1557         (JSC::MacroAssemblerX86Common::atomicXchg8):
1558         (JSC::MacroAssemblerX86Common::atomicXchg16):
1559         (JSC::MacroAssemblerX86Common::atomicXchg32):
1560         (JSC::MacroAssemblerX86Common::loadAcq8):
1561         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
1562         (JSC::MacroAssemblerX86Common::loadAcq16):
1563         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
1564         (JSC::MacroAssemblerX86Common::loadAcq32):
1565         (JSC::MacroAssemblerX86Common::storeRel8):
1566         (JSC::MacroAssemblerX86Common::storeRel16):
1567         (JSC::MacroAssemblerX86Common::storeRel32):
1568         (JSC::MacroAssemblerX86Common::storeFence):
1569         (JSC::MacroAssemblerX86Common::loadFence):
1570         (JSC::MacroAssemblerX86Common::replaceWithJump):
1571         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
1572         (JSC::MacroAssemblerX86Common::patchableJumpSize):
1573         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
1574         (JSC::MacroAssemblerX86Common::supportsAVX):
1575         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
1576         (JSC::MacroAssemblerX86Common::x86Condition):
1577         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
1578         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
1579         * assembler/MacroAssemblerX86_64.h:
1580         (JSC::MacroAssemblerX86_64::add64):
1581         (JSC::MacroAssemblerX86_64::and64):
1582         (JSC::MacroAssemblerX86_64::neg64):
1583         (JSC::MacroAssemblerX86_64::or64):
1584         (JSC::MacroAssemblerX86_64::sub64):
1585         (JSC::MacroAssemblerX86_64::xor64):
1586         (JSC::MacroAssemblerX86_64::not64):
1587         (JSC::MacroAssemblerX86_64::store64):
1588         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
1589         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
1590         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
1591         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
1592         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
1593         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
1594         (JSC::MacroAssemblerX86_64::atomicAdd64):
1595         (JSC::MacroAssemblerX86_64::atomicSub64):
1596         (JSC::MacroAssemblerX86_64::atomicAnd64):
1597         (JSC::MacroAssemblerX86_64::atomicOr64):
1598         (JSC::MacroAssemblerX86_64::atomicXor64):
1599         (JSC::MacroAssemblerX86_64::atomicNeg64):
1600         (JSC::MacroAssemblerX86_64::atomicNot64):
1601         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
1602         (JSC::MacroAssemblerX86_64::atomicXchg64):
1603         (JSC::MacroAssemblerX86_64::loadAcq64):
1604         (JSC::MacroAssemblerX86_64::storeRel64):
1605         * assembler/X86Assembler.h:
1606         (JSC::X86Assembler::addl_mr):
1607         (JSC::X86Assembler::addq_mr):
1608         (JSC::X86Assembler::addq_rm):
1609         (JSC::X86Assembler::addq_im):
1610         (JSC::X86Assembler::andl_mr):
1611         (JSC::X86Assembler::andl_rm):
1612         (JSC::X86Assembler::andw_rm):
1613         (JSC::X86Assembler::andb_rm):
1614         (JSC::X86Assembler::andl_im):
1615         (JSC::X86Assembler::andw_im):
1616         (JSC::X86Assembler::andb_im):
1617         (JSC::X86Assembler::andq_mr):
1618         (JSC::X86Assembler::andq_rm):
1619         (JSC::X86Assembler::andq_im):
1620         (JSC::X86Assembler::incq_m):
1621         (JSC::X86Assembler::negq_m):
1622         (JSC::X86Assembler::negl_m):
1623         (JSC::X86Assembler::negw_m):
1624         (JSC::X86Assembler::negb_m):
1625         (JSC::X86Assembler::notl_m):
1626         (JSC::X86Assembler::notw_m):
1627         (JSC::X86Assembler::notb_m):
1628         (JSC::X86Assembler::notq_m):
1629         (JSC::X86Assembler::orl_mr):
1630         (JSC::X86Assembler::orl_rm):
1631         (JSC::X86Assembler::orw_rm):
1632         (JSC::X86Assembler::orb_rm):
1633         (JSC::X86Assembler::orl_im):
1634         (JSC::X86Assembler::orw_im):
1635         (JSC::X86Assembler::orb_im):
1636         (JSC::X86Assembler::orq_mr):
1637         (JSC::X86Assembler::orq_rm):
1638         (JSC::X86Assembler::orq_im):
1639         (JSC::X86Assembler::subl_mr):
1640         (JSC::X86Assembler::subl_rm):
1641         (JSC::X86Assembler::subw_rm):
1642         (JSC::X86Assembler::subb_rm):
1643         (JSC::X86Assembler::subl_im):
1644         (JSC::X86Assembler::subw_im):
1645         (JSC::X86Assembler::subb_im):
1646         (JSC::X86Assembler::subq_mr):
1647         (JSC::X86Assembler::subq_rm):
1648         (JSC::X86Assembler::subq_im):
1649         (JSC::X86Assembler::xorl_mr):
1650         (JSC::X86Assembler::xorl_rm):
1651         (JSC::X86Assembler::xorl_im):
1652         (JSC::X86Assembler::xorw_rm):
1653         (JSC::X86Assembler::xorw_im):
1654         (JSC::X86Assembler::xorb_rm):
1655         (JSC::X86Assembler::xorb_im):
1656         (JSC::X86Assembler::xorq_im):
1657         (JSC::X86Assembler::xorq_rm):
1658         (JSC::X86Assembler::xorq_mr):
1659         (JSC::X86Assembler::xchgb_rm):
1660         (JSC::X86Assembler::xchgw_rm):
1661         (JSC::X86Assembler::xchgl_rm):
1662         (JSC::X86Assembler::xchgq_rm):
1663         (JSC::X86Assembler::movw_im):
1664         (JSC::X86Assembler::movq_i32m):
1665         (JSC::X86Assembler::cmpxchgb_rm):
1666         (JSC::X86Assembler::cmpxchgw_rm):
1667         (JSC::X86Assembler::cmpxchgl_rm):
1668         (JSC::X86Assembler::cmpxchgq_rm):
1669         (JSC::X86Assembler::xaddb_rm):
1670         (JSC::X86Assembler::xaddw_rm):
1671         (JSC::X86Assembler::xaddl_rm):
1672         (JSC::X86Assembler::xaddq_rm):
1673         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
1674         * b3/B3AtomicValue.cpp: Added.
1675         (JSC::B3::AtomicValue::~AtomicValue):
1676         (JSC::B3::AtomicValue::dumpMeta):
1677         (JSC::B3::AtomicValue::cloneImpl):
1678         (JSC::B3::AtomicValue::AtomicValue):
1679         * b3/B3AtomicValue.h: Added.
1680         * b3/B3BasicBlock.h:
1681         * b3/B3BlockInsertionSet.cpp:
1682         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
1683         (JSC::B3::BlockInsertionSet::insert): Deleted.
1684         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
1685         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
1686         (JSC::B3::BlockInsertionSet::execute): Deleted.
1687         * b3/B3BlockInsertionSet.h:
1688         * b3/B3Effects.cpp:
1689         (JSC::B3::Effects::interferes):
1690         (JSC::B3::Effects::operator==):
1691         (JSC::B3::Effects::dump):
1692         * b3/B3Effects.h:
1693         (JSC::B3::Effects::forCall):
1694         (JSC::B3::Effects::mustExecute):
1695         * b3/B3EliminateCommonSubexpressions.cpp:
1696         * b3/B3Generate.cpp:
1697         (JSC::B3::generateToAir):
1698         * b3/B3GenericBlockInsertionSet.h: Added.
1699         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
1700         (JSC::B3::GenericBlockInsertionSet::insert):
1701         (JSC::B3::GenericBlockInsertionSet::insertBefore):
1702         (JSC::B3::GenericBlockInsertionSet::insertAfter):
1703         (JSC::B3::GenericBlockInsertionSet::execute):
1704         * b3/B3HeapRange.h:
1705         (JSC::B3::HeapRange::operator|):
1706         * b3/B3InsertionSet.cpp:
1707         (JSC::B3::InsertionSet::insertClone):
1708         * b3/B3InsertionSet.h:
1709         * b3/B3LegalizeMemoryOffsets.cpp:
1710         * b3/B3LowerMacros.cpp:
1711         (JSC::B3::lowerMacros):
1712         * b3/B3LowerMacrosAfterOptimizations.cpp:
1713         * b3/B3LowerToAir.cpp:
1714         (JSC::B3::Air::LowerToAir::LowerToAir):
1715         (JSC::B3::Air::LowerToAir::run):
1716         (JSC::B3::Air::LowerToAir::effectiveAddr):
1717         (JSC::B3::Air::LowerToAir::addr):
1718         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
1719         (JSC::B3::Air::LowerToAir::appendShift):
1720         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1721         (JSC::B3::Air::LowerToAir::storeOpcode):
1722         (JSC::B3::Air::LowerToAir::createStore):
1723         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
1724         (JSC::B3::Air::LowerToAir::newBlock):
1725         (JSC::B3::Air::LowerToAir::splitBlock):
1726         (JSC::B3::Air::LowerToAir::fillStackmap):
1727         (JSC::B3::Air::LowerToAir::appendX86Div):
1728         (JSC::B3::Air::LowerToAir::appendX86UDiv):
1729         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
1730         (JSC::B3::Air::LowerToAir::storeCondOpcode):
1731         (JSC::B3::Air::LowerToAir::appendCAS):
1732         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
1733         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
1734         (JSC::B3::Air::LowerToAir::lower):
1735         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
1736         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
1737         * b3/B3LowerToAir.h:
1738         * b3/B3MemoryValue.cpp:
1739         (JSC::B3::MemoryValue::isLegalOffset):
1740         (JSC::B3::MemoryValue::accessType):
1741         (JSC::B3::MemoryValue::accessBank):
1742         (JSC::B3::MemoryValue::accessByteSize):
1743         (JSC::B3::MemoryValue::dumpMeta):
1744         (JSC::B3::MemoryValue::MemoryValue):
1745         (JSC::B3::MemoryValue::accessWidth): Deleted.
1746         * b3/B3MemoryValue.h:
1747         * b3/B3MemoryValueInlines.h: Added.
1748         (JSC::B3::MemoryValue::isLegalOffset):
1749         (JSC::B3::MemoryValue::requiresSimpleAddr):
1750         (JSC::B3::MemoryValue::accessWidth):
1751         * b3/B3MoveConstants.cpp:
1752         * b3/B3NativeTraits.h: Added.
1753         * b3/B3Opcode.cpp:
1754         (JSC::B3::storeOpcode):
1755         (WTF::printInternal):
1756         * b3/B3Opcode.h:
1757         (JSC::B3::isLoad):
1758         (JSC::B3::isStore):
1759         (JSC::B3::isLoadStore):
1760         (JSC::B3::isAtomic):
1761         (JSC::B3::isAtomicCAS):
1762         (JSC::B3::isAtomicXchg):
1763         (JSC::B3::isMemoryAccess):
1764         (JSC::B3::signExtendOpcode):
1765         * b3/B3Procedure.cpp:
1766         (JSC::B3::Procedure::dump):
1767         * b3/B3Procedure.h:
1768         (JSC::B3::Procedure::hasQuirks):
1769         (JSC::B3::Procedure::setHasQuirks):
1770         * b3/B3PureCSE.cpp:
1771         (JSC::B3::pureCSE):
1772         * b3/B3PureCSE.h:
1773         * b3/B3ReduceStrength.cpp:
1774         * b3/B3Validate.cpp:
1775         * b3/B3Value.cpp:
1776         (JSC::B3::Value::returnsBool):
1777         (JSC::B3::Value::effects):
1778         (JSC::B3::Value::key):
1779         (JSC::B3::Value::performSubstitution):
1780         (JSC::B3::Value::typeFor):
1781         * b3/B3Value.h:
1782         * b3/B3Width.cpp:
1783         (JSC::B3::bestType):
1784         * b3/B3Width.h:
1785         (JSC::B3::canonicalWidth):
1786         (JSC::B3::isCanonicalWidth):
1787         (JSC::B3::mask):
1788         * b3/air/AirArg.cpp:
1789         (JSC::B3::Air::Arg::jsHash):
1790         (JSC::B3::Air::Arg::dump):
1791         (WTF::printInternal):
1792         * b3/air/AirArg.h:
1793         (JSC::B3::Air::Arg::isAnyUse):
1794         (JSC::B3::Air::Arg::isColdUse):
1795         (JSC::B3::Air::Arg::cooled):
1796         (JSC::B3::Air::Arg::isEarlyUse):
1797         (JSC::B3::Air::Arg::isLateUse):
1798         (JSC::B3::Air::Arg::isAnyDef):
1799         (JSC::B3::Air::Arg::isEarlyDef):
1800         (JSC::B3::Air::Arg::isLateDef):
1801         (JSC::B3::Air::Arg::isZDef):
1802         (JSC::B3::Air::Arg::simpleAddr):
1803         (JSC::B3::Air::Arg::statusCond):
1804         (JSC::B3::Air::Arg::isSimpleAddr):
1805         (JSC::B3::Air::Arg::isMemory):
1806         (JSC::B3::Air::Arg::isStatusCond):
1807         (JSC::B3::Air::Arg::isCondition):
1808         (JSC::B3::Air::Arg::ptr):
1809         (JSC::B3::Air::Arg::base):
1810         (JSC::B3::Air::Arg::isGP):
1811         (JSC::B3::Air::Arg::isFP):
1812         (JSC::B3::Air::Arg::isValidForm):
1813         (JSC::B3::Air::Arg::forEachTmpFast):
1814         (JSC::B3::Air::Arg::forEachTmp):
1815         (JSC::B3::Air::Arg::asAddress):
1816         (JSC::B3::Air::Arg::asStatusCondition):
1817         (JSC::B3::Air::Arg::isInvertible):
1818         (JSC::B3::Air::Arg::inverted):
1819         * b3/air/AirBasicBlock.cpp:
1820         (JSC::B3::Air::BasicBlock::setSuccessors):
1821         * b3/air/AirBasicBlock.h:
1822         * b3/air/AirBlockInsertionSet.cpp: Added.
1823         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
1824         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
1825         * b3/air/AirBlockInsertionSet.h: Added.
1826         * b3/air/AirDumpAsJS.cpp: Removed.
1827         * b3/air/AirDumpAsJS.h: Removed.
1828         * b3/air/AirEliminateDeadCode.cpp:
1829         (JSC::B3::Air::eliminateDeadCode):
1830         * b3/air/AirGenerate.cpp:
1831         (JSC::B3::Air::prepareForGeneration):
1832         * b3/air/AirInstInlines.h:
1833         (JSC::B3::Air::isAtomicStrongCASValid):
1834         (JSC::B3::Air::isBranchAtomicStrongCASValid):
1835         (JSC::B3::Air::isAtomicStrongCAS8Valid):
1836         (JSC::B3::Air::isAtomicStrongCAS16Valid):
1837         (JSC::B3::Air::isAtomicStrongCAS32Valid):
1838         (JSC::B3::Air::isAtomicStrongCAS64Valid):
1839         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
1840         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
1841         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
1842         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
1843         * b3/air/AirOpcode.opcodes:
1844         * b3/air/AirOptimizeBlockOrder.cpp:
1845         (JSC::B3::Air::optimizeBlockOrder):
1846         * b3/air/AirPadInterference.cpp:
1847         (JSC::B3::Air::padInterference):
1848         * b3/air/AirSpillEverything.cpp:
1849         (JSC::B3::Air::spillEverything):
1850         * b3/air/opcode_generator.rb:
1851         * b3/testb3.cpp:
1852         (JSC::B3::testLoadAcq42):
1853         (JSC::B3::testStoreRelAddLoadAcq32):
1854         (JSC::B3::testStoreRelAddLoadAcq8):
1855         (JSC::B3::testStoreRelAddFenceLoadAcq8):
1856         (JSC::B3::testStoreRelAddLoadAcq16):
1857         (JSC::B3::testStoreRelAddLoadAcq64):
1858         (JSC::B3::testTrappingStoreElimination):
1859         (JSC::B3::testX86LeaAddAdd):
1860         (JSC::B3::testX86LeaAddShlLeftScale1):
1861         (JSC::B3::testAtomicWeakCAS):
1862         (JSC::B3::testAtomicStrongCAS):
1863         (JSC::B3::testAtomicXchg):
1864         (JSC::B3::testDepend32):
1865         (JSC::B3::testDepend64):
1866         (JSC::B3::run):
1867         * runtime/Options.h:
1868
1869 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
1870
1871         Unreviewed typo fixes after r213652.
1872         https://bugs.webkit.org/show_bug.cgi?id=168920
1873
1874         * assembler/MacroAssemblerARM.h:
1875         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
1876         * assembler/MacroAssemblerMIPS.h:
1877         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
1878
1879 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
1880
1881         Unreviewed ARM buildfix after r213652.
1882         https://bugs.webkit.org/show_bug.cgi?id=168920
1883
1884         r213652 used replaceWithBrk and replaceWithBkpt names for the same
1885         function, which was inconsistent and caused build error in ARMAssembler.
1886
1887         * assembler/ARM64Assembler.h:
1888         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
1889         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
1890         * assembler/ARMAssembler.h:
1891         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
1892         (JSC::ARMAssembler::replaceWithBrk): Deleted.
1893         * assembler/MacroAssemblerARM64.h:
1894         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1895
1896 2017-03-10  Alex Christensen  <achristensen@webkit.org>
1897
1898         Win64 build fix.
1899
1900         * b3/B3FenceValue.h:
1901         * b3/B3Value.h:
1902         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
1903         doesn't accomplish anything except making Visual Studio mad.
1904         * b3/air/opcode_generator.rb:
1905         winnt.h has naming collisions with enum values from AirOpcode.h.
1906         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
1907         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
1908         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
1909         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
1910
1911 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
1912
1913         Unreviewed, rolling out r213695.
1914
1915         This change broke the Windows build.
1916
1917         Reverted changeset:
1918
1919         "Implement a StackTrace utility object that can capture stack
1920         traces for debugging."
1921         https://bugs.webkit.org/show_bug.cgi?id=169454
1922         http://trac.webkit.org/changeset/213695
1923
1924 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
1925
1926         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
1927         https://bugs.webkit.org/show_bug.cgi?id=167962
1928
1929         Reviewed by Keith Miller.
1930
1931         Object Rest/Spread Destructing proposal is in stage 3[1] and this
1932         Patch is a prototype implementation of it. A simple change over the
1933         parser was necessary to support the new '...' token on Object Pattern
1934         destruction rule. In the bytecode generator side, We changed the
1935         bytecode generated on ObjectPatternNode::bindValue to store in an
1936         array identifiers of already destructed properties, following spec draft
1937         section[2], and then pass it as excludedNames to CopyDataProperties.
1938         The rest destruction the calls copyDataProperties to perform the
1939         copy of rest properties in rhs.
1940
1941         We also implemented CopyDataProperties as private JS global operation
1942         on builtins/GlobalOperations.js following it's specification on [3].
1943         It is implemented using Set object to verify if a property is on
1944         excludedNames to keep this algorithm with O(n + m) complexity, where n
1945         = number of source's own properties and m = excludedNames.length. 
1946
1947         As a requirement to use JSSets as constants, a change in
1948         CodeBlock::create API was necessary, because JSSet creation can throws OOM
1949         exception. Now, CodeBlock::finishCreation returns ```false``` if an
1950         execption is throwed by
1951         CodeBlock::setConstantIdentifierSetRegisters and then we return
1952         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
1953         check if CodeBlock was constructed properly and then, throw OOM
1954         exception to the correct scope.
1955
1956         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
1957         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
1958         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
1959
1960         * builtins/BuiltinNames.h:
1961         * builtins/GlobalOperations.js:
1962         (globalPrivate.copyDataProperties):
1963         * bytecode/CodeBlock.cpp:
1964         (JSC::CodeBlock::finishCreation):
1965         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
1966         * bytecode/CodeBlock.h:
1967         * bytecode/EvalCodeBlock.h:
1968         (JSC::EvalCodeBlock::create):
1969         * bytecode/FunctionCodeBlock.h:
1970         (JSC::FunctionCodeBlock::create):
1971         * bytecode/ModuleProgramCodeBlock.h:
1972         (JSC::ModuleProgramCodeBlock::create):
1973         * bytecode/ProgramCodeBlock.h:
1974         (JSC::ProgramCodeBlock::create):
1975         * bytecode/UnlinkedCodeBlock.h:
1976         (JSC::UnlinkedCodeBlock::addSetConstant):
1977         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
1978         * bytecompiler/BytecodeGenerator.cpp:
1979         (JSC::BytecodeGenerator::emitLoad):
1980         * bytecompiler/BytecodeGenerator.h:
1981         * bytecompiler/NodesCodegen.cpp:
1982         (JSC::ObjectPatternNode::bindValue):
1983         * parser/ASTBuilder.h:
1984         (JSC::ASTBuilder::appendObjectPatternEntry):
1985         (JSC::ASTBuilder::appendObjectPatternRestEntry):
1986         (JSC::ASTBuilder::setContainsObjectRestElement):
1987         * parser/Nodes.h:
1988         (JSC::ObjectPatternNode::appendEntry):
1989         (JSC::ObjectPatternNode::setContainsRestElement):
1990         * parser/Parser.cpp:
1991         (JSC::Parser<LexerType>::parseDestructuringPattern):
1992         (JSC::Parser<LexerType>::parseProperty):
1993         * parser/SyntaxChecker.h:
1994         (JSC::SyntaxChecker::operatorStackPop):
1995         * runtime/JSGlobalObject.cpp:
1996         (JSC::JSGlobalObject::init):
1997         * runtime/JSGlobalObjectFunctions.cpp:
1998         (JSC::privateToObject):
1999         * runtime/JSGlobalObjectFunctions.h:
2000         * runtime/ScriptExecutable.cpp:
2001         (JSC::ScriptExecutable::newCodeBlockFor):
2002
2003 2017-03-09  Mark Lam  <mark.lam@apple.com>
2004
2005         Implement a StackTrace utility object that can capture stack traces for debugging.
2006         https://bugs.webkit.org/show_bug.cgi?id=169454
2007
2008         Reviewed by Michael Saboff.
2009
2010         The underlying implementation is hoisted right out of Assertions.cpp from the
2011         implementations of WTFPrintBacktrace().
2012
2013         The reason we need this StackTrace object is because during heap debugging, we
2014         sometimes want to capture the stack trace that allocated the objects of interest.
2015         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
2016         perturb the execution profile sufficiently that an issue may not reproduce,
2017         while alternatively, just capturing the stack trace and deferring printing it
2018         till we actually need it later perturbs the execution profile less.
2019
2020         In addition, just capturing the stack traces (instead of printing them
2021         immediately at each capture site) allows us to avoid polluting stdout with tons
2022         of stack traces that may be irrelevant.
2023
2024         For now, we only capture the native stack trace.  We'll leave capturing and
2025         integrating the JS stack trace as an exercise for the future if we need it then.
2026
2027         Here's an example of how to use this StackTrace utility:
2028
2029             // Capture a stack trace of the top 10 frames.
2030             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
2031             // Print the trace.
2032             dataLog(*trace);
2033
2034         * CMakeLists.txt:
2035         * JavaScriptCore.xcodeproj/project.pbxproj:
2036         * tools/StackTrace.cpp: Added.
2037         (JSC::StackTrace::instanceSize):
2038         (JSC::StackTrace::captureStackTrace):
2039         (JSC::StackTrace::dump):
2040         * tools/StackTrace.h: Added.
2041         (JSC::StackTrace::StackTrace):
2042         (JSC::StackTrace::size):
2043
2044 2017-03-09  Keith Miller  <keith_miller@apple.com>
2045
2046         WebAssembly: Enable fast memory for WK2
2047         https://bugs.webkit.org/show_bug.cgi?id=169437
2048
2049         Reviewed by Tim Horton.
2050
2051         * JavaScriptCore.xcodeproj/project.pbxproj:
2052
2053 2017-03-09  Matt Baker  <mattbaker@apple.com>
2054
2055         Web Inspector: Add XHR breakpoints UI
2056         https://bugs.webkit.org/show_bug.cgi?id=168763
2057         <rdar://problem/30952439>
2058
2059         Reviewed by Joseph Pecoraro.
2060
2061         * inspector/protocol/DOMDebugger.json:
2062         Added clarifying comments to command descriptions.
2063
2064 2017-03-09  Michael Saboff  <msaboff@apple.com>
2065
2066         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
2067         https://bugs.webkit.org/show_bug.cgi?id=169387
2068
2069         Reviewed by Filip Pizlo.
2070
2071         Added a helper function, processConfigFile(), to process configuration file.
2072         Changed jsc.cpp to use that function in lieu of processing the config file
2073         manually.
2074
2075         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
2076         * jsc.cpp:
2077         (jscmain):
2078         * runtime/ConfigFile.cpp:
2079         (JSC::processConfigFile):
2080         * runtime/ConfigFile.h:
2081
2082 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
2083
2084         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
2085         https://bugs.webkit.org/show_bug.cgi?id=29687
2086         <rdar://problem/19281586>
2087
2088         Reviewed by Matt Baker and Brian Burg.
2089
2090         * inspector/protocol/Network.json:
2091         Add metrics object with optional properties to loadingFinished event.
2092
2093 2017-03-09  Youenn Fablet  <youenn@apple.com>
2094
2095         Minimal build is broken
2096         https://bugs.webkit.org/show_bug.cgi?id=169416
2097
2098         Reviewed by Chris Dumez.
2099
2100         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
2101         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
2102
2103         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
2104         (generate_members):
2105         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
2106         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
2107         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
2108
2109 2017-03-09  Daniel Bates  <dabates@apple.com>
2110
2111         Guard Credential Management implementation behind a runtime enabled feature flag
2112         https://bugs.webkit.org/show_bug.cgi?id=169364
2113         <rdar://problem/30957425>
2114
2115         Reviewed by Brent Fulgham.
2116
2117         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
2118         needed to guard these interfaces behind a runtime enabled feature flag.
2119
2120         * runtime/CommonIdentifiers.h:
2121
2122 2017-03-09  Mark Lam  <mark.lam@apple.com>
2123
2124         Refactoring some HeapVerifier code.
2125         https://bugs.webkit.org/show_bug.cgi?id=169443
2126
2127         Reviewed by Filip Pizlo.
2128
2129         Renamed LiveObjectData to CellProfile.
2130         Renamed LiveObjectList to CellList.
2131         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
2132         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
2133
2134         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
2135
2136         * CMakeLists.txt:
2137         * JavaScriptCore.xcodeproj/project.pbxproj:
2138         * heap/Heap.cpp:
2139         (JSC::Heap::runBeginPhase):
2140         (JSC::Heap::runEndPhase):
2141         * heap/HeapVerifier.cpp: Removed.
2142         * heap/HeapVerifier.h: Removed.
2143         * heap/LiveObjectData.h: Removed.
2144         * heap/LiveObjectList.cpp: Removed.
2145         * heap/LiveObjectList.h: Removed.
2146         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
2147         (JSC::CellList::findCell):
2148         (JSC::LiveObjectList::findObject): Deleted.
2149         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
2150         (JSC::CellList::CellList):
2151         (JSC::CellList::reset):
2152         (JSC::LiveObjectList::LiveObjectList): Deleted.
2153         (JSC::LiveObjectList::reset): Deleted.
2154         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
2155         (JSC::CellProfile::CellProfile):
2156         (JSC::LiveObjectData::LiveObjectData): Deleted.
2157         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
2158         (JSC::GatherCellFunctor::GatherCellFunctor):
2159         (JSC::GatherCellFunctor::visit):
2160         (JSC::GatherCellFunctor::operator()):
2161         (JSC::HeapVerifier::gatherLiveCells):
2162         (JSC::HeapVerifier::cellListForGathering):
2163         (JSC::trimDeadCellsFromList):
2164         (JSC::HeapVerifier::trimDeadCells):
2165         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
2166         (JSC::HeapVerifier::reportCell):
2167         (JSC::HeapVerifier::checkIfRecorded):
2168         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
2169         (JSC::GatherLiveObjFunctor::visit): Deleted.
2170         (JSC::GatherLiveObjFunctor::operator()): Deleted.
2171         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
2172         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
2173         (JSC::trimDeadObjectsFromList): Deleted.
2174         (JSC::HeapVerifier::trimDeadObjects): Deleted.
2175         (JSC::HeapVerifier::reportObject): Deleted.
2176         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
2177
2178 2017-03-09  Anders Carlsson  <andersca@apple.com>
2179
2180         Add delegate support to WebCore
2181         https://bugs.webkit.org/show_bug.cgi?id=169427
2182         Part of rdar://problem/28880714.
2183
2184         Reviewed by Geoffrey Garen.
2185
2186         * Configurations/FeatureDefines.xcconfig:
2187         Add feature define.
2188
2189 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
2190
2191         Web Inspector: Show individual messages in the content pane for a WebSocket
2192         https://bugs.webkit.org/show_bug.cgi?id=169011
2193
2194         Reviewed by Joseph Pecoraro.
2195
2196         Add walltime parameter and correct the description of Timestamp type.
2197
2198         * inspector/protocol/Network.json:
2199
2200 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
2201
2202         Unreviewed, fix weak external symbol error.
2203
2204         * heap/SlotVisitor.h:
2205
2206 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
2207
2208         std::isnan/isinf should work with WTF time classes
2209         https://bugs.webkit.org/show_bug.cgi?id=164991
2210
2211         Reviewed by Darin Adler.
2212         
2213         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
2214
2215         * runtime/AtomicsObject.cpp:
2216         (JSC::atomicsFuncWait):
2217
2218 2017-03-09  Mark Lam  <mark.lam@apple.com>
2219
2220         Use const AbstractLocker& (instead of const LockHolder&) in more places.
2221         https://bugs.webkit.org/show_bug.cgi?id=169424
2222
2223         Reviewed by Filip Pizlo.
2224
2225         * heap/CodeBlockSet.cpp:
2226         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
2227         * heap/CodeBlockSet.h:
2228         * heap/CodeBlockSetInlines.h:
2229         (JSC::CodeBlockSet::mark):
2230         * heap/ConservativeRoots.cpp:
2231         (JSC::CompositeMarkHook::CompositeMarkHook):
2232         * heap/MachineStackMarker.cpp:
2233         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2234         * heap/MachineStackMarker.h:
2235         * profiler/ProfilerDatabase.cpp:
2236         (JSC::Profiler::Database::ensureBytecodesFor):
2237         * profiler/ProfilerDatabase.h:
2238         * runtime/SamplingProfiler.cpp:
2239         (JSC::FrameWalker::FrameWalker):
2240         (JSC::CFrameWalker::CFrameWalker):
2241         (JSC::SamplingProfiler::createThreadIfNecessary):
2242         (JSC::SamplingProfiler::takeSample):
2243         (JSC::SamplingProfiler::start):
2244         (JSC::SamplingProfiler::pause):
2245         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
2246         (JSC::SamplingProfiler::clearData):
2247         (JSC::SamplingProfiler::releaseStackTraces):
2248         * runtime/SamplingProfiler.h:
2249         (JSC::SamplingProfiler::setStopWatch):
2250         * wasm/WasmMemory.cpp:
2251         (JSC::Wasm::availableFastMemories):
2252         (JSC::Wasm::activeFastMemories):
2253         (JSC::Wasm::viewActiveFastMemories):
2254         * wasm/WasmMemory.h:
2255
2256 2017-03-09  Saam Barati  <sbarati@apple.com>
2257
2258         WebAssembly: Make the Unity AngryBots demo run
2259         https://bugs.webkit.org/show_bug.cgi?id=169268
2260
2261         Reviewed by Keith Miller.
2262
2263         This patch fixes three bugs:
2264         1. The WasmBinding code for making a JS call was off
2265         by 1 in its stack layout code.
2266         2. The WasmBinding code had a "<" comparison instead
2267         of a ">=" comparison. This would cause us to calculate
2268         the wrong frame pointer offset.
2269         3. The code to reload wasm state inside B3IRGenerator didn't
2270         properly represent its effects.
2271
2272         * wasm/WasmB3IRGenerator.cpp:
2273         (JSC::Wasm::restoreWebAssemblyGlobalState):
2274         (JSC::Wasm::parseAndCompile):
2275         * wasm/WasmBinding.cpp:
2276         (JSC::Wasm::wasmToJs):
2277         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2278         (JSC::WebAssemblyInstanceConstructor::createInstance):
2279
2280 2017-03-09  Mark Lam  <mark.lam@apple.com>
2281
2282         Make the VM Traps mechanism non-polling for the DFG and FTL.
2283         https://bugs.webkit.org/show_bug.cgi?id=168920
2284         <rdar://problem/30738588>
2285
2286         Reviewed by Filip Pizlo.
2287
2288         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
2289            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
2290         2. Added assembler functions for overwriting an instruction with a breakpoint.
2291         3. Added a new JettisonDueToVMTraps jettison reason.
2292         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
2293            invalidation points with breakpoint instructions.
2294         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
2295         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
2296            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
2297            Options::usePollingTraps() to always be true.  This makes the VMTraps
2298            implementation fall back to using polling based traps only.
2299
2300         7. Make VMTraps support signal based traps.
2301
2302         Some design and implementation details of signal based VM traps:
2303
2304         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
2305
2306         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
2307           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
2308           we want to trap, and check for the occurence of one of the following events:
2309
2310           a. VMTraps::handleTraps() has been called for the requested trap, or
2311
2312           b. the VM is inactive and is no longer executing any JS code.  We determine
2313              this to be the case if the thread no longer owns the JSLock and the VM's
2314              entryScope is null.
2315
2316              Note: the thread can relinquish the JSLock while the VM's entryScope is not
2317              null.  This happens when the thread calls JSLock::dropAllLocks() before
2318              calling a host function that may block on IO (or whatever).  For our purpose,
2319              this counts as the VM still running JS code, and VM::fireTrap() will still
2320              be waiting.
2321
2322           If the SignalSender does not see either of these events, it will sleep for a
2323           while and then re-send SIGUSR1 and check for the events again.  When it sees
2324           one of these events, it will consider the mutator to have received the trap
2325           request.
2326
2327         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
2328           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
2329           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
2330           safe to jettison the codeBlock.
2331
2332           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
2333           insert the breakpoint instructions itself.  This is because we need the
2334           register state of the the mutator thread (that we want to trap in) in order to
2335           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
2336           we don't have a generic way for the requester thread to get the register state
2337           of another thread.
2338
2339         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
2340           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
2341           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
2342           baseline JIT code will eventually reach an op_check_traps and call
2343           VMTraps::handleTraps().
2344
2345           If the handler is not trapping at an invalidation point, then it must be
2346           observing an assertion failure (which also uses the breakpoint instruction).
2347           In this case, the handler will defer to the default SIGTRAP handler and crash.
2348
2349         - The reason we need the SignalSender is because SignalSender::send() is called
2350           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
2351           send() needs to make use of the VM pointer, and it is not guaranteed that the
2352           VM will outlive the thread.  SignalSender provides the mechanism by which we
2353           can nullify the VM pointer when the VM dies so that the thread does not
2354           continue to use it.
2355
2356         * assembler/ARM64Assembler.h:
2357         (JSC::ARM64Assembler::replaceWithBrk):
2358         * assembler/ARMAssembler.h:
2359         (JSC::ARMAssembler::replaceWithBrk):
2360         * assembler/ARMv7Assembler.h:
2361         (JSC::ARMv7Assembler::replaceWithBkpt):
2362         * assembler/MIPSAssembler.h:
2363         (JSC::MIPSAssembler::replaceWithBkpt):
2364         * assembler/MacroAssemblerARM.h:
2365         (JSC::MacroAssemblerARM::replaceWithJump):
2366         * assembler/MacroAssemblerARM64.h:
2367         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
2368         * assembler/MacroAssemblerARMv7.h:
2369         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
2370         * assembler/MacroAssemblerMIPS.h:
2371         (JSC::MacroAssemblerMIPS::replaceWithJump):
2372         * assembler/MacroAssemblerX86Common.h:
2373         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
2374         * assembler/X86Assembler.h:
2375         (JSC::X86Assembler::replaceWithInt3):
2376         * bytecode/CodeBlock.cpp:
2377         (JSC::CodeBlock::jettison):
2378         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
2379         (JSC::CodeBlock::installVMTrapBreakpoints):
2380         * bytecode/CodeBlock.h:
2381         * bytecompiler/BytecodeGenerator.cpp:
2382         (JSC::BytecodeGenerator::emitCheckTraps):
2383         * dfg/DFGCommonData.cpp:
2384         (JSC::DFG::CommonData::installVMTrapBreakpoints):
2385         (JSC::DFG::CommonData::isVMTrapBreakpoint):
2386         * dfg/DFGCommonData.h:
2387         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
2388         * dfg/DFGJumpReplacement.cpp:
2389         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
2390         * dfg/DFGJumpReplacement.h:
2391         (JSC::DFG::JumpReplacement::dataLocation):
2392         * dfg/DFGNodeType.h:
2393         * heap/CodeBlockSet.cpp:
2394         (JSC::CodeBlockSet::contains):
2395         * heap/CodeBlockSet.h:
2396         * heap/CodeBlockSetInlines.h:
2397         (JSC::CodeBlockSet::iterate):
2398         * heap/Heap.cpp:
2399         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
2400         * heap/Heap.h:
2401         * heap/HeapInlines.h:
2402         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
2403         * heap/MachineStackMarker.h:
2404         (JSC::MachineThreads::threadsListHead):
2405         * jit/ExecutableAllocator.cpp:
2406         (JSC::ExecutableAllocator::isValidExecutableMemory):
2407         * jit/ExecutableAllocator.h:
2408         * profiler/ProfilerJettisonReason.cpp:
2409         (WTF::printInternal):
2410         * profiler/ProfilerJettisonReason.h:
2411         * runtime/JSLock.cpp:
2412         (JSC::JSLock::didAcquireLock):
2413         * runtime/Options.cpp:
2414         (JSC::overrideDefaults):
2415         * runtime/Options.h:
2416         * runtime/PlatformThread.h:
2417         (JSC::platformThreadSignal):
2418         * runtime/VM.cpp:
2419         (JSC::VM::~VM):
2420         (JSC::VM::ensureWatchdog):
2421         (JSC::VM::handleTraps): Deleted.
2422         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
2423         * runtime/VM.h:
2424         (JSC::VM::ownerThread):
2425         (JSC::VM::traps):
2426         (JSC::VM::handleTraps):
2427         (JSC::VM::needTrapHandling):
2428         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
2429         * runtime/VMTraps.cpp:
2430         (JSC::VMTraps::vm):
2431         (JSC::SignalContext::SignalContext):
2432         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
2433         (JSC::vmIsInactive):
2434         (JSC::findActiveVMAndStackBounds):
2435         (JSC::handleSigusr1):
2436         (JSC::handleSigtrap):
2437         (JSC::installSignalHandlers):
2438         (JSC::sanitizedTopCallFrame):
2439         (JSC::isSaneFrame):
2440         (JSC::VMTraps::tryInstallTrapBreakpoints):
2441         (JSC::VMTraps::invalidateCodeBlocksOnStack):
2442         (JSC::VMTraps::VMTraps):
2443         (JSC::VMTraps::willDestroyVM):
2444         (JSC::VMTraps::addSignalSender):
2445         (JSC::VMTraps::removeSignalSender):
2446         (JSC::VMTraps::SignalSender::willDestroyVM):
2447         (JSC::VMTraps::SignalSender::send):
2448         (JSC::VMTraps::fireTrap):
2449         (JSC::VMTraps::handleTraps):
2450         * runtime/VMTraps.h:
2451         (JSC::VMTraps::~VMTraps):
2452         (JSC::VMTraps::needTrapHandling):
2453         (JSC::VMTraps::notifyGrabAllLocks):
2454         (JSC::VMTraps::SignalSender::SignalSender):
2455         (JSC::VMTraps::invalidateCodeBlocksOnStack):
2456         * tools/VMInspector.cpp:
2457         * tools/VMInspector.h:
2458         (JSC::VMInspector::getLock):
2459         (JSC::VMInspector::iterate):
2460
2461 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
2462
2463         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
2464         https://bugs.webkit.org/show_bug.cgi?id=169215
2465
2466         Reviewed by Mark Lam.
2467         
2468         This doesn't have a test because it would be a very complicated test.
2469
2470         * runtime/JSObject.h:
2471         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
2472
2473 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
2474
2475         WTF should make it super easy to do ARM concurrency tricks
2476         https://bugs.webkit.org/show_bug.cgi?id=169300
2477
2478         Reviewed by Mark Lam.
2479         
2480         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
2481         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
2482         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
2483         machine code, I found other opportunities for improvement, like inlining the "am I
2484         marked" part of the marking functions.
2485
2486         * heap/Heap.cpp:
2487         (JSC::Heap::setGCDidJIT):
2488         * heap/HeapInlines.h:
2489         (JSC::Heap::testAndSetMarked):
2490         * heap/LargeAllocation.h:
2491         (JSC::LargeAllocation::isMarked):
2492         (JSC::LargeAllocation::isMarkedConcurrently):
2493         (JSC::LargeAllocation::aboutToMark):
2494         (JSC::LargeAllocation::testAndSetMarked):
2495         * heap/MarkedBlock.h:
2496         (JSC::MarkedBlock::areMarksStaleWithDependency):
2497         (JSC::MarkedBlock::aboutToMark):
2498         (JSC::MarkedBlock::isMarkedConcurrently):
2499         (JSC::MarkedBlock::isMarked):
2500         (JSC::MarkedBlock::testAndSetMarked):
2501         * heap/SlotVisitor.cpp:
2502         (JSC::SlotVisitor::appendSlow):
2503         (JSC::SlotVisitor::appendHiddenSlow):
2504         (JSC::SlotVisitor::appendHiddenSlowImpl):
2505         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
2506         (JSC::SlotVisitor::appendUnbarriered): Deleted.
2507         (JSC::SlotVisitor::appendHidden): Deleted.
2508         * heap/SlotVisitor.h:
2509         * heap/SlotVisitorInlines.h:
2510         (JSC::SlotVisitor::appendUnbarriered):
2511         (JSC::SlotVisitor::appendHidden):
2512         (JSC::SlotVisitor::append):
2513         (JSC::SlotVisitor::appendValues):
2514         (JSC::SlotVisitor::appendValuesHidden):
2515         * runtime/CustomGetterSetter.cpp:
2516         * runtime/JSObject.cpp:
2517         (JSC::JSObject::visitButterflyImpl):
2518         * runtime/JSObject.h:
2519
2520 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
2521
2522         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
2523         https://bugs.webkit.org/show_bug.cgi?id=160124
2524
2525         Reviewed by Mark Lam.
2526
2527         When performing CallVarargs, we will copy values to the stack.
2528         Before actually copying values, we need to adjust the stackPointerRegister
2529         to ensure copied values are in the allocated stack area.
2530         If we do not that, OS can break the values that is stored beyond the stack
2531         pointer. For example, signal stack can be constructed on these area, and
2532         breaks values.
2533
2534         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
2535         in Linux port. Since Linux ports use signal to suspend and resume threads,
2536         signal handler is frequently called when enabling sampling profiler. Thus this
2537         crash occurs.
2538
2539         * dfg/DFGSpeculativeJIT32_64.cpp:
2540         (JSC::DFG::SpeculativeJIT::emitCall):
2541         * dfg/DFGSpeculativeJIT64.cpp:
2542         (JSC::DFG::SpeculativeJIT::emitCall):
2543         * ftl/FTLLowerDFGToB3.cpp:
2544         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
2545         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
2546         * jit/SetupVarargsFrame.cpp:
2547         (JSC::emitSetupVarargsFrameFastCase):
2548         * jit/SetupVarargsFrame.h:
2549
2550 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
2551
2552         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
2553         https://bugs.webkit.org/show_bug.cgi?id=164892
2554         <rdar://problem/29320562>
2555
2556         Reviewed by Brian Burg.
2557
2558         * inspector/protocol/Network.json:
2559         Replace "fromDiskCache" property with "source" property which includes
2560         more complete information about the source of this response (network,
2561         memory cache, disk cache, or unknown).
2562
2563         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2564         (_generate_class_for_object_declaration):
2565         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
2566         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
2567         * inspector/scripts/codegen/generator.py:
2568         (Generator):
2569         (Generator.open_fields):
2570         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
2571         enum and open accessor string symbol that would have the same name, only generate
2572         a specific list of open accessor strings. This reduces the list of exported
2573         symbols from all properties to just the ones that are needed. This can be
2574         cleaned up later if needed.
2575
2576         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
2577         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
2578         Test for open accessors generation.
2579
2580 2017-03-08  Keith Miller  <keith_miller@apple.com>
2581
2582         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
2583         https://bugs.webkit.org/show_bug.cgi?id=169290
2584
2585         Reviewed by Saam Barati.
2586
2587         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
2588         of some wasm fast memory.
2589
2590         * wasm/WasmFaultSignalHandler.cpp:
2591         (JSC::Wasm::trapHandler):
2592         (JSC::Wasm::enableFastMemory):
2593         * wasm/WasmMemory.cpp:
2594         (JSC::Wasm::activeFastMemories):
2595         (JSC::Wasm::viewActiveFastMemories):
2596         (JSC::Wasm::tryGetFastMemory):
2597         (JSC::Wasm::releaseFastMemory):
2598         * wasm/WasmMemory.h:
2599
2600 2017-03-07  Dean Jackson  <dino@apple.com>
2601
2602         Some platforms won't be able to create a GPUDevice
2603         https://bugs.webkit.org/show_bug.cgi?id=169314
2604         <rdar://problems/30907521>
2605
2606         Reviewed by Jon Lee.
2607
2608         Disable WEB_GPU on the iOS Simulator.
2609
2610         * Configurations/FeatureDefines.xcconfig:
2611
2612 2017-03-06  Saam Barati  <sbarati@apple.com>
2613
2614         WebAssembly: Implement the WebAssembly.instantiate API
2615         https://bugs.webkit.org/show_bug.cgi?id=165982
2616         <rdar://problem/29760110>
2617
2618         Reviewed by Keith Miller.
2619
2620         This patch is a straight forward implementation of the WebAssembly.instantiate
2621         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
2622         
2623         I implemented the API in a synchronous manner. We should make it
2624         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
2625
2626         * wasm/JSWebAssembly.cpp:
2627         (JSC::webAssemblyCompileFunc):
2628         (JSC::webAssemblyInstantiateFunc):
2629         (JSC::JSWebAssembly::finishCreation):
2630         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2631         (JSC::constructJSWebAssemblyInstance):
2632         (JSC::WebAssemblyInstanceConstructor::createInstance):
2633         * wasm/js/WebAssemblyInstanceConstructor.h:
2634         * wasm/js/WebAssemblyModuleConstructor.cpp:
2635         (JSC::constructJSWebAssemblyModule):
2636         (JSC::WebAssemblyModuleConstructor::createModule):
2637         * wasm/js/WebAssemblyModuleConstructor.h:
2638
2639 2017-03-06  Michael Saboff  <msaboff@apple.com>
2640
2641         Take advantage of fast permissions switching of JIT memory for devices that support it
2642         https://bugs.webkit.org/show_bug.cgi?id=169155
2643
2644         Reviewed by Saam Barati.
2645
2646         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
2647         control access to JIT memory.
2648
2649         Had to update the Xcode config files to handle various build variations of
2650         public and internal SDKs.
2651
2652         * Configurations/Base.xcconfig:
2653         * Configurations/FeatureDefines.xcconfig:
2654         * jit/ExecutableAllocator.cpp:
2655         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
2656         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
2657         * jit/ExecutableAllocator.h:
2658         (JSC::performJITMemcpy):
2659
2660 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
2661
2662         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
2663         https://bugs.webkit.org/show_bug.cgi?id=168502
2664
2665         Reviewed by Filip Pizlo.
2666
2667         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
2668
2669 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
2670
2671         op_get_by_id_with_this should use inline caching
2672         https://bugs.webkit.org/show_bug.cgi?id=162124
2673
2674         Reviewed by Saam Barati.
2675
2676         This patch is enabling inline cache for op_get_by_id_with_this in all
2677         tiers. It means that operations using ```super.member``` are going to
2678         be able to be optimized by PIC. To enable it, we introduced a new
2679         member of StructureStubInfo.patch named thisGPR, created a new class
2680         to manage the IC named JITGetByIdWithThisGenerator and changed
2681         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
2682         to decide the correct this value on inline caches.
2683         With inline cached enabled, ```super.member``` are ~4.5x faster,
2684         according microbenchmarks.
2685
2686         * bytecode/AccessCase.cpp:
2687         (JSC::AccessCase::generateImpl):
2688         * bytecode/PolymorphicAccess.cpp:
2689         (JSC::PolymorphicAccess::regenerate):
2690         * bytecode/PolymorphicAccess.h:
2691         * bytecode/StructureStubInfo.cpp:
2692         (JSC::StructureStubInfo::reset):
2693         * bytecode/StructureStubInfo.h:
2694         * dfg/DFGFixupPhase.cpp:
2695         (JSC::DFG::FixupPhase::fixupNode):
2696         * dfg/DFGJITCompiler.cpp:
2697         (JSC::DFG::JITCompiler::link):
2698         * dfg/DFGJITCompiler.h:
2699         (JSC::DFG::JITCompiler::addGetByIdWithThis):
2700         * dfg/DFGSpeculativeJIT.cpp:
2701         (JSC::DFG::SpeculativeJIT::compileIn):
2702         * dfg/DFGSpeculativeJIT.h:
2703         (JSC::DFG::SpeculativeJIT::callOperation):
2704         * dfg/DFGSpeculativeJIT32_64.cpp:
2705         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2706         (JSC::DFG::SpeculativeJIT::compile):
2707         * dfg/DFGSpeculativeJIT64.cpp:
2708         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
2709         (JSC::DFG::SpeculativeJIT::compile):
2710         * ftl/FTLLowerDFGToB3.cpp:
2711         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
2712         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
2713         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
2714         * jit/CCallHelpers.h:
2715         (JSC::CCallHelpers::setupArgumentsWithExecState):
2716         * jit/ICStats.h:
2717         * jit/JIT.cpp:
2718         (JSC::JIT::JIT):
2719         (JSC::JIT::privateCompileSlowCases):
2720         (JSC::JIT::link):
2721         * jit/JIT.h:
2722         * jit/JITInlineCacheGenerator.cpp:
2723         (JSC::JITByIdGenerator::JITByIdGenerator):
2724         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2725         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
2726         * jit/JITInlineCacheGenerator.h:
2727         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
2728         * jit/JITInlines.h:
2729         (JSC::JIT::callOperation):
2730         * jit/JITOperations.cpp:
2731         * jit/JITOperations.h:
2732         * jit/JITPropertyAccess.cpp:
2733         (JSC::JIT::emit_op_get_by_id_with_this):
2734         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2735         * jit/JITPropertyAccess32_64.cpp:
2736         (JSC::JIT::emit_op_get_by_id_with_this):
2737         (JSC::JIT::emitSlow_op_get_by_id_with_this):
2738         * jit/Repatch.cpp:
2739         (JSC::appropriateOptimizingGetByIdFunction):
2740         (JSC::appropriateGenericGetByIdFunction):
2741         (JSC::tryCacheGetByID):
2742         * jit/Repatch.h:
2743         * jsc.cpp:
2744         (WTF::CustomGetter::getOwnPropertySlot):
2745         (WTF::CustomGetter::customGetterAcessor):
2746
2747 2017-03-06  Saam Barati  <sbarati@apple.com>
2748
2749         WebAssembly: implement init_expr for Element
2750         https://bugs.webkit.org/show_bug.cgi?id=165888
2751         <rdar://problem/29760199>
2752
2753         Reviewed by Keith Miller.
2754
2755         This patch fixes a few bugs. The main change is allowing init_expr
2756         for the Element's offset. To do this, I had to fix a couple of
2757         other bugs:
2758         
2759         - I removed our invalid early module-parse-time invalidation
2760         of out of bound Element sections. This is not in the spec because
2761         it can't be validated in the general case when the offset is a
2762         get_global.
2763         
2764         - Our get_global validation inside our init_expr parsing code was simply wrong.
2765         It thought that the index operand to get_global went into the pool of imports,
2766         but it does not. It indexes into the pool of globals. I changed the code to
2767         refer to the global pool instead.
2768
2769         * wasm/WasmFormat.h:
2770         (JSC::Wasm::Element::Element):
2771         * wasm/WasmModuleParser.cpp:
2772         * wasm/js/WebAssemblyModuleRecord.cpp:
2773         (JSC::WebAssemblyModuleRecord::evaluate):
2774
2775 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2776
2777         [JSC] Allow indexed module namespace object fields
2778         https://bugs.webkit.org/show_bug.cgi?id=168870
2779
2780         Reviewed by Saam Barati.
2781
2782         While JS modules cannot expose any indexed bindings,
2783         Wasm modules can expose them. However, module namespace
2784         object currently does not support indexed properties.
2785         This patch allows module namespace objects to offer
2786         indexed binding accesses.
2787
2788         * runtime/JSModuleNamespaceObject.cpp:
2789         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
2790         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
2791         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
2792         * runtime/JSModuleNamespaceObject.h:
2793
2794 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2795
2796         Null pointer crash when loading module with unresolved import also as a script file
2797         https://bugs.webkit.org/show_bug.cgi?id=168971
2798
2799         Reviewed by Saam Barati.
2800
2801         If linking throws an error, this error should be re-thrown
2802         when requesting the same module.
2803
2804         * builtins/ModuleLoaderPrototype.js:
2805         (globalPrivate.newRegistryEntry):
2806         * runtime/JSModuleRecord.cpp:
2807         (JSC::JSModuleRecord::link):
2808
2809 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2810
2811         [GTK][JSCOnly] Enable WebAssembly on Linux environment
2812         https://bugs.webkit.org/show_bug.cgi?id=164032
2813
2814         Reviewed by Michael Catanzaro.
2815
2816         This patch enables WebAssembly on JSCOnly and GTK ports.
2817         Basically, almost all the WASM code is portable to Linux.
2818         One platform-dependent part is faster memory load using SIGBUS
2819         signal handler. This patch ports this part to Linux.
2820
2821         * CMakeLists.txt:
2822         * llint/LLIntSlowPaths.cpp:
2823         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2824         * wasm/WasmFaultSignalHandler.cpp:
2825         (JSC::Wasm::trapHandler):
2826         (JSC::Wasm::enableFastMemory):
2827
2828 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
2829
2830         Currency digits calculation in Intl.NumberFormat should call out to ICU
2831         https://bugs.webkit.org/show_bug.cgi?id=169182
2832
2833         Reviewed by Yusuke Suzuki.
2834
2835         * runtime/IntlNumberFormat.cpp:
2836         (JSC::computeCurrencyDigits):
2837         (JSC::computeCurrencySortKey): Deleted.
2838         (JSC::extractCurrencySortKey): Deleted.
2839
2840 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
2841
2842         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
2843         https://bugs.webkit.org/show_bug.cgi?id=168869
2844
2845         Reviewed by Keith Miller.
2846
2847         * b3/B3Width.h:
2848         * wasm/WasmSections.h:
2849
2850 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
2851
2852         [ARM] Unreviewed buildfix after r213376.
2853
2854         * assembler/ARMAssembler.h:
2855         (JSC::ARMAssembler::isBkpt): Typo fixed.
2856
2857 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
2858
2859         [JSC] build fix after r213399
2860         https://bugs.webkit.org/show_bug.cgi?id=169154
2861
2862         Unreviewed.
2863
2864         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
2865
2866 2017-03-03  Dean Jackson  <dino@apple.com>
2867
2868         Add WebGPU compile flag and experimental feature flag
2869         https://bugs.webkit.org/show_bug.cgi?id=169161
2870         <rdar://problem/30846689>
2871
2872         Reviewed by Tim Horton.
2873
2874         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
2875         and an InternalSetting.
2876
2877         * Configurations/FeatureDefines.xcconfig:
2878
2879 2017-03-03  Michael Saboff  <msaboff@apple.com>
2880
2881         Add support for relative pathnames to JSC config files
2882         https://bugs.webkit.org/show_bug.cgi?id=169154
2883
2884         Reviewed by Saam Barati.
2885
2886         If the config file is a relative path, prepend the current working directory.
2887         After canonicalizing the config file path, we extract its directory path and
2888         use that for the directory for a relative log pathname.
2889
2890         * runtime/ConfigFile.cpp:
2891         (JSC::ConfigFile::ConfigFile):
2892         (JSC::ConfigFile::parse):
2893         (JSC::ConfigFile::canonicalizePaths):
2894         * runtime/ConfigFile.h:
2895
2896 2017-03-03  Michael Saboff  <msaboff@apple.com>
2897
2898         Add load / store exclusive instruction group to ARM64 disassembler
2899         https://bugs.webkit.org/show_bug.cgi?id=169152
2900
2901         Reviewed by Filip Pizlo.
2902
2903         * disassembler/ARM64/A64DOpcode.cpp:
2904         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
2905         * disassembler/ARM64/A64DOpcode.h:
2906         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
2907         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
2908         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
2909         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
2910         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
2911         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
2912         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
2913         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
2914         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
2915
2916 2017-03-03  Keith Miller  <keith_miller@apple.com>
2917
2918         WASM should support faster loads.
2919         https://bugs.webkit.org/show_bug.cgi?id=162693
2920
2921         Reviewed by Saam Barati.
2922
2923         This patch adds support for WebAssembly using a 32-bit address
2924         space for memory (along with some extra space for offset
2925         overflow). With a 32-bit address space (we call them
2926         Signaling/fast memories), we reserve the virtual address space for
2927         2^32 + offset bytes of memory and only mark the usable section as
2928         read/write. If wasm code would read/write out of bounds we use a
2929         custom signal handler to catch the SIGBUS. The signal handler then
2930         checks if the faulting instruction is wasm code and tells the
2931         thread to resume executing from the wasm exception
2932         handler. Otherwise, the signal handler crashes the process, as
2933         usual.
2934
2935         All of the allocations of these memories are managed by the
2936         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
2937         old Signaling memories that are no longer in use. Since getting
2938         the wrong memory can cause recompiles, we try to reserve a memory
2939         for modules that do not import a memory. If a module does import a
2940         memory, we try to guess the type of memory we are going to get
2941         based on the last one allocated.
2942
2943         This patch also changes how the wasm JS-api manages objects. Since
2944         we can compile different versions of code, this patch adds a new
2945         JSWebAssemblyCodeBlock class that holds all the information
2946         specific to running a module in a particular bounds checking
2947         mode. Additionally, the Wasm::Memory object is now a reference
2948         counted class that is shared between the JSWebAssemblyMemory
2949         object and the ArrayBuffer that also views it.
2950
2951         * JavaScriptCore.xcodeproj/project.pbxproj:
2952         * jit/JITThunks.cpp:
2953         (JSC::JITThunks::existingCTIStub):
2954         * jit/JITThunks.h:
2955         * jsc.cpp:
2956         (jscmain):
2957         * runtime/Options.h:
2958         * runtime/VM.cpp:
2959         (JSC::VM::VM):
2960         * runtime/VM.h:
2961         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
2962         (JSC::JSWebAssemblyCodeBlock::create):
2963         (JSC::JSWebAssemblyCodeBlock::createStructure):
2964         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
2965         (JSC::JSWebAssemblyCodeBlock::mode):
2966         (JSC::JSWebAssemblyCodeBlock::module):
2967         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
2968         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
2969         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
2970         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
2971         (JSC::JSWebAssemblyCodeBlock::callees):
2972         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
2973         (JSC::JSWebAssemblyCodeBlock::allocationSize):
2974         * wasm/WasmB3IRGenerator.cpp:
2975         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2976         (JSC::Wasm::getMemoryBaseAndSize):
2977         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
2978         (JSC::Wasm::B3IRGenerator::emitLoadOp):
2979         (JSC::Wasm::B3IRGenerator::emitStoreOp):
2980         * wasm/WasmCallingConvention.h:
2981         * wasm/WasmFaultSignalHandler.cpp: Added.
2982         (JSC::Wasm::trapHandler):
2983         (JSC::Wasm::registerCode):
2984         (JSC::Wasm::unregisterCode):
2985         (JSC::Wasm::fastMemoryEnabled):
2986         (JSC::Wasm::enableFastMemory):
2987         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
2988         * wasm/WasmFormat.h:
2989         (JSC::Wasm::ModuleInformation::importFunctionCount):
2990         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
2991         * wasm/WasmMemory.cpp:
2992         (JSC::Wasm::mmapBytes):
2993         (JSC::Wasm::Memory::lastAllocatedMode):
2994         (JSC::Wasm::availableFastMemories):
2995         (JSC::Wasm::tryGetFastMemory):
2996         (JSC::Wasm::releaseFastMemory):
2997         (JSC::Wasm::Memory::Memory):
2998         (JSC::Wasm::Memory::createImpl):
2999         (JSC::Wasm::Memory::create):
3000         (JSC::Wasm::Memory::~Memory):
3001         (JSC::Wasm::Memory::grow):
3002         (JSC::Wasm::Memory::dump):
3003         (JSC::Wasm::Memory::makeString):
3004         * wasm/WasmMemory.h:
3005         (JSC::Wasm::Memory::operator bool):
3006         (JSC::Wasm::Memory::size):
3007         (JSC::Wasm::Memory::check):
3008         (JSC::Wasm::Memory::Memory): Deleted.
3009         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
3010         (JSC::Wasm::Memory::offsetOfSize): Deleted.
3011         * wasm/WasmMemoryInformation.cpp:
3012         (JSC::Wasm::MemoryInformation::MemoryInformation):
3013         * wasm/WasmMemoryInformation.h:
3014         (JSC::Wasm::MemoryInformation::hasReservedMemory):
3015         (JSC::Wasm::MemoryInformation::takeReservedMemory):
3016         (JSC::Wasm::MemoryInformation::mode):
3017         * wasm/WasmModuleParser.cpp:
3018         * wasm/WasmModuleParser.h:
3019         (JSC::Wasm::ModuleParser::ModuleParser):
3020         * wasm/WasmPlan.cpp:
3021         (JSC::Wasm::Plan::parseAndValidateModule):
3022         (JSC::Wasm::Plan::run):
3023         * wasm/WasmPlan.h:
3024         (JSC::Wasm::Plan::mode):
3025         * wasm/js/JSWebAssemblyCallee.cpp:
3026         (JSC::JSWebAssemblyCallee::finishCreation):
3027         (JSC::JSWebAssemblyCallee::destroy):
3028         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
3029         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
3030         (JSC::JSWebAssemblyCodeBlock::destroy):
3031         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
3032         (JSC::JSWebAssemblyCodeBlock::visitChildren):
3033         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
3034         * wasm/js/JSWebAssemblyInstance.cpp:
3035         (JSC::JSWebAssemblyInstance::setMemory):
3036         (JSC::JSWebAssemblyInstance::finishCreation):
3037         (JSC::JSWebAssemblyInstance::visitChildren):
3038         * wasm/js/JSWebAssemblyInstance.h:
3039         (JSC::JSWebAssemblyInstance::module):
3040         (JSC::JSWebAssemblyInstance::codeBlock):
3041         (JSC::JSWebAssemblyInstance::memoryMode):
3042         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
3043         * wasm/js/JSWebAssemblyMemory.cpp:
3044         (JSC::JSWebAssemblyMemory::create):
3045         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
3046         (JSC::JSWebAssemblyMemory::buffer):
3047         (JSC::JSWebAssemblyMemory::grow):
3048         (JSC::JSWebAssemblyMemory::destroy):
3049         * wasm/js/JSWebAssemblyMemory.h:
3050         (JSC::JSWebAssemblyMemory::memory):
3051         (JSC::JSWebAssemblyMemory::offsetOfMemory):
3052         (JSC::JSWebAssemblyMemory::offsetOfSize):
3053         * wasm/js/JSWebAssemblyModule.cpp:
3054         (JSC::JSWebAssemblyModule::buildCodeBlock):
3055         (JSC::JSWebAssemblyModule::create):
3056         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
3057         (JSC::JSWebAssemblyModule::codeBlock):
3058         (JSC::JSWebAssemblyModule::finishCreation):
3059         (JSC::JSWebAssemblyModule::visitChildren):
3060         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
3061         * wasm/js/JSWebAssemblyModule.h:
3062         (JSC::JSWebAssemblyModule::takeReservedMemory):
3063         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
3064         (JSC::JSWebAssemblyModule::codeBlock):
3065         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
3066         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
3067         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
3068         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
3069         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
3070         (JSC::JSWebAssemblyModule::callees): Deleted.
3071         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
3072         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
3073         * wasm/js/WebAssemblyFunction.cpp:
3074         (JSC::callWebAssemblyFunction):
3075         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3076         (JSC::constructJSWebAssemblyInstance):
3077         * wasm/js/WebAssemblyMemoryConstructor.cpp:
3078         (JSC::constructJSWebAssemblyMemory):
3079         * wasm/js/WebAssemblyModuleConstructor.cpp:
3080         (JSC::WebAssemblyModuleConstructor::createModule):
3081         * wasm/js/WebAssemblyModuleRecord.cpp:
3082         (JSC::WebAssemblyModuleRecord::link):
3083         (JSC::WebAssemblyModuleRecord::evaluate):
3084
3085 2017-03-03  Mark Lam  <mark.lam@apple.com>
3086
3087         Gardening: fix broken ARM64 build.
3088         https://bugs.webkit.org/show_bug.cgi?id=169139
3089
3090         Not reviewed.
3091
3092         * assembler/ARM64Assembler.h:
3093         (JSC::ARM64Assembler::excepnGenerationImmMask):
3094
3095 2017-03-03  Mark Lam  <mark.lam@apple.com>
3096
3097         Add MacroAssembler::isBreakpoint() query function.
3098         https://bugs.webkit.org/show_bug.cgi?id=169139
3099
3100         Reviewed by Michael Saboff.
3101
3102         This will be needed soon when we use breakpoint instructions to implement
3103         non-polling VM traps, and need to discern between a VM trap signal and a genuine
3104         assertion breakpoint.
3105
3106         * assembler/ARM64Assembler.h:
3107         (JSC::ARM64Assembler::isBrk):
3108         (JSC::ARM64Assembler::excepnGenerationImmMask):
3109         * assembler/ARMAssembler.h:
3110         (JSC::ARMAssembler::isBkpt):
3111         * assembler/ARMv7Assembler.h:
3112         (JSC::ARMv7Assembler::isBkpt):
3113         * assembler/MIPSAssembler.h:
3114         (JSC::MIPSAssembler::isBkpt):
3115         * assembler/MacroAssemblerARM.h:
3116         (JSC::MacroAssemblerARM::isBreakpoint):
3117         * assembler/MacroAssemblerARM64.h:
3118         (JSC::MacroAssemblerARM64::isBreakpoint):
3119         * assembler/MacroAssemblerARMv7.h:
3120         (JSC::MacroAssemblerARMv7::isBreakpoint):
3121         * assembler/MacroAssemblerMIPS.h:
3122         (JSC::MacroAssemblerMIPS::isBreakpoint):
3123         * assembler/MacroAssemblerX86Common.h:
3124         (JSC::MacroAssemblerX86Common::isBreakpoint):
3125         * assembler/X86Assembler.h:
3126         (JSC::X86Assembler::isInt3):
3127
3128 2017-03-03  Mark Lam  <mark.lam@apple.com>
3129
3130         We should only check for traps that we're able to handle.
3131         https://bugs.webkit.org/show_bug.cgi?id=169136
3132
3133         Reviewed by Michael Saboff.
3134
3135         The execute methods in interpreter were checking for the existence of any traps
3136         (without masking) and only handling a subset of those via a mask.  This can
3137         result in a failed assertion on debug builds.
3138
3139         This patch fixes this by applying the same mask for both the needTrapHandling()
3140         check and the handleTraps() call.  Also added a few assertions.
3141
3142         * interpreter/Interpreter.cpp:
3143         (JSC::Interpreter::executeProgram):
3144         (JSC::Interpreter::executeCall):
3145         (JSC::Interpreter::executeConstruct):
3146         (JSC::Interpreter::execute):
3147         * jit/JITOperations.cpp:
3148         * llint/LLIntSlowPaths.cpp:
3149         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3150
3151 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
3152
3153         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
3154         https://bugs.webkit.org/show_bug.cgi?id=169074
3155
3156         Reviewed by Joseph Pecoraro.
3157
3158         They are not actually cocoa specific.
3159
3160         * inspector/remote/RemoteInspector.cpp:
3161         (Inspector::RemoteInspector::updateTargetListing):
3162         * inspector/remote/RemoteInspector.h:
3163         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
3164
3165 2017-03-02  Mark Lam  <mark.lam@apple.com>
3166
3167         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
3168         https://bugs.webkit.org/show_bug.cgi?id=169089
3169
3170         Reviewed by Tim Horton and Joseph Pecoraro.
3171
3172         * runtime/VM.cpp:
3173         (JSC::VM::handleTraps):
3174         * runtime/VM.h:
3175         (JSC::VM::notifyNeedDebuggerBreak):
3176
3177 2017-03-02  Michael Saboff  <msaboff@apple.com>
3178
3179         Add JSC identity when code signing to allow debugging on iOS
3180         https://bugs.webkit.org/show_bug.cgi?id=169099
3181
3182         Reviewed by Filip Pizlo.
3183
3184         * Configurations/JSC.xcconfig:
3185         * Configurations/ToolExecutable.xcconfig:
3186
3187 2017-03-02  Keith Miller  <keith_miller@apple.com>
3188
3189         WebAssemblyFunction should have Function.prototype as its prototype
3190         https://bugs.webkit.org/show_bug.cgi?id=169101
3191
3192         Reviewed by Filip Pizlo.
3193
3194         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
3195         objects should have Function.prototype as their prototype.
3196
3197         * runtime/JSGlobalObject.cpp:
3198         (JSC::JSGlobalObject::init):
3199
3200 2017-03-02  Mark Lam  <mark.lam@apple.com>
3201
3202         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
3203         https://bugs.webkit.org/show_bug.cgi?id=169088
3204
3205         Reviewed by Keith Miller.
3206
3207         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
3208         generated.  This is useful for testing purposes until we have signal based
3209         traps, at which point, we will always emit the op_check_traps bytecode and remove
3210         this option.
3211
3212         Options::usePollingTraps() enables the use of polling VM traps all the time.
3213         This will be useful for benchmark comparisons, (between polling and non-polling
3214         traps), as well as for forcing polling traps later for ports that don't support
3215         signal based traps.
3216
3217         Note: signal based traps are not fully implemented yet.  As a result, if the VM
3218         watchdog is in use, we will force Options::usePollingTraps() to be true.
3219
3220         * bytecompiler/BytecodeGenerator.cpp:
3221         (JSC::BytecodeGenerator::emitCheckTraps):
3222         * dfg/DFGClobberize.h:
3223         (JSC::DFG::clobberize):
3224         * dfg/DFGSpeculativeJIT.cpp:
3225         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
3226         * dfg/DFGSpeculativeJIT32_64.cpp:
3227         (JSC::DFG::SpeculativeJIT::compile):
3228         * dfg/DFGSpeculativeJIT64.cpp:
3229         (JSC::DFG::SpeculativeJIT::compile):
3230         * ftl/FTLLowerDFGToB3.cpp:
3231         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3232         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
3233         * runtime/Options.cpp:
3234         (JSC::recomputeDependentOptions):
3235         * runtime/Options.h:
3236
3237 2017-03-02  Keith Miller  <keith_miller@apple.com>
3238
3239         Fix addressing mode for B3WasmAddress
3240         https://bugs.webkit.org/show_bug.cgi?id=169092
3241
3242         Reviewed by Filip Pizlo.
3243
3244         Fix the potential addressing modes for B3WasmAddress. ARM does not
3245         support a base + index*1 + offset addressing mode. I think when I
3246         read it the first time I assumed it would always work on both ARM
3247         and X86. While true for X86 it's not true for ARM.
3248
3249         * b3/B3LowerToAir.cpp:
3250         (JSC::B3::Air::LowerToAir::effectiveAddr):
3251
3252 2017-03-02  Mark Lam  <mark.lam@apple.com>
3253
3254         Add support for selective handling of VM traps.
3255         https://bugs.webkit.org/show_bug.cgi?id=169087
3256
3257         Reviewed by Keith Miller.
3258
3259         This is needed because there are some places in the VM where it's appropriate to
3260         handle some types of VM traps but not others.
3261
3262         We implement this selection by using a VMTraps::Mask that allows the user to
3263         specify which traps should be serviced.
3264
3265         * interpreter/Interpreter.cpp:
3266         (JSC::Interpreter::executeProgram):
3267         (JSC::Interpreter::executeCall):
3268         (JSC::Interpreter::executeConstruct):
3269         (JSC::Interpreter::execute):
3270         * runtime/VM.cpp:
3271         (JSC::VM::handleTraps):
3272         * runtime/VM.h:
3273         * runtime/VMTraps.cpp:
3274         (JSC::VMTraps::takeTrap): Deleted.
3275         * runtime/VMTraps.h:
3276         (JSC::VMTraps::Mask::Mask):
3277         (JSC::VMTraps::Mask::allEventTypes):
3278         (JSC::VMTraps::Mask::bits):
3279         (JSC::VMTraps::Mask::init):
3280         (JSC::VMTraps::needTrapHandling):
3281         (JSC::VMTraps::hasTrapForEvent):
3282
3283 2017-03-02  Alex Christensen  <achristensen@webkit.org>
3284
3285         Continue enabling WebRTC
3286         https://bugs.webkit.org/show_bug.cgi?id=169056
3287
3288         Reviewed by Jon Lee.
3289
3290         * Configurations/FeatureDefines.xcconfig:
3291
3292 2017-03-02  Tomas Popela  <tpopela@redhat.com>
3293
3294         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
3295         https://bugs.webkit.org/show_bug.cgi?id=169034
3296
3297         Reviewed by Mark Lam.
3298
3299         It should not assign to offset, but compare to offset.
3300
3301         * runtime/JSGlobalObject.cpp:
3302         (JSC::JSGlobalObject::addStaticGlobals):
3303
3304 2017-03-01  Alex Christensen  <achristensen@webkit.org>
3305
3306         Unreviewed, rolling out r213259.
3307
3308         Broke an internal build
3309
3310         Reverted changeset:
3311
3312         "Continue enabling WebRTC"
3313         https://bugs.webkit.org/show_bug.cgi?id=169056
3314         http://trac.webkit.org/changeset/213259
3315
3316 2017-03-01  Alex Christensen  <achristensen@webkit.org>
3317
3318         Continue enabling WebRTC
3319         https://bugs.webkit.org/show_bug.cgi?id=169056
3320
3321         Reviewed by Jon Lee.
3322
3323         * Configurations/FeatureDefines.xcconfig:
3324
3325 2017-03-01  Michael Saboff  <msaboff@apple.com>
3326
3327         Source/JavaScriptCore/ChangeLog
3328         https://bugs.webkit.org/show_bug.cgi?id=169055
3329
3330         Reviewed by Mark Lam.
3331
3332         Made local copies of options strings for OptionRange and string typed options.
3333
3334         * runtime/Options.cpp:
3335         (JSC::parse):
3336         (JSC::OptionRange::init):
3337
3338 2017-03-01  Mark Lam  <mark.lam@apple.com>
3339
3340         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
3341         https://bugs.webkit.org/show_bug.cgi?id=168996
3342
3343         Reviewed by Filip Pizlo and Saam Barati.
3344
3345         PlatformThread is more useful because it allows us to:
3346         1. find the MachineThreads::Thread which is associated with it.
3347         2. suspend / resume threads.
3348         3. send a signal to a thread.
3349
3350         We can't do those with std::thread::id.  We will need one or more of these
3351         capabilities to implement non-polling VM traps later.
3352
3353         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
3354         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
3355         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
3356         JSLock::m_hasOwnerThread before doing the thread identity comparison.
3357
3358         * JavaScriptCore.xcodeproj/project.pbxproj:
3359         * heap/MachineStackMarker.cpp:
3360         (JSC::MachineThreads::Thread::createForCurrentThread):
3361         (JSC::MachineThreads::machineThreadForCurrentThread):
3362         (JSC::MachineThreads::removeThread):
3363         (JSC::MachineThreads::Thread::suspend):
3364         (JSC::MachineThreads::tryCopyOtherThreadStacks):
3365         (JSC::getCurrentPlatformThread): Deleted.
3366         * heap/MachineStackMarker.h:
3367         * runtime/JSCellInlines.h:
3368         (JSC::JSCell::classInfo):
3369         * runtime/JSLock.cpp:
3370         (JSC::JSLock::JSLock):
3371         (JSC::JSLock::lock):
3372         (JSC::JSLock::unlock):
3373         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
3374         * runtime/JSLock.h:
3375         (JSC::JSLock::ownerThread):
3376         (JSC::JSLock::currentThreadIsHoldingLock):
3377         * runtime/PlatformThread.h: Added.
3378         (JSC::currentPlatformThread):
3379         * runtime/VM.cpp:
3380         (JSC::VM::~VM):
3381         * runtime/VM.h:
3382         (JSC::VM::ownerThread):
3383         * runtime/Watchdog.cpp:
3384         (JSC::Watchdog::setTimeLimit):
3385         (JSC::Watchdog::shouldTerminate):
3386         (JSC::Watchdog::startTimer):
3387         (JSC::Watchdog::stopTimer):
3388         * tools/JSDollarVMPrototype.cpp:
3389         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
3390         * tools/VMInspector.cpp:
3391
3392 2017-03-01  Saam Barati  <sbarati@apple.com>
3393
3394         Implement a mega-disassembler that'll be used in the FTL
3395         https://bugs.webkit.org/show_bug.cgi?id=168685
3396
3397         Reviewed by Mark Lam.
3398
3399         This patch extends the previous Air disassembler to print the
3400         DFG and B3 nodes belonging to particular Air instructions.
3401         The algorithm I'm using to do this is not perfect. For example,
3402         it won't try to print the entire DFG/B3 graph. It'll just print
3403         the related nodes for particular Air instructions. We can make the
3404         algorithm more sophisticated as we get more experience looking at
3405         these IR dumps and get a better feel for what we want out of them.
3406
3407         This is an example of the output:
3408
3409         ...
3410         ...
3411         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
3412            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
3413                Patch &Patchpoint2, %r20, %r20, %r0, @54
3414          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
3415            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
3416                Move 32(%r20), %r5, @57
3417                       0x389cc9ac0:    ldur   x5, [x20, #32]
3418         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
3419            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
3420                Move32 (%r5), %r1, @58
3421                       0x389cc9ac4:    ldur   w1, [x5]
3422            Int32 @59 = Const32(DFG:@115, 92)
3423            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
3424            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
3425                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
3426                       0x389cc9ac8:    cmp    w1, #92
3427                       0x389cc9acc:    b.ne   0x389cc9dac
3428         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
3429            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
3430                Move 8(%r5), %r4, @64
3431                       0x389cc9ad0:    ldur   x4, [x5, #8]
3432          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
3433            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
3434                Move32 -8(%r4), %r2, @67
3435                       0x389cc9ad4:    ldur   w2, [x4, #-8]
3436       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
3437            Int32 @68 = Const32(DFG:@192, -1)
3438                Move $0xffffffffffffffff, %r1, $-1(@68)
3439                       0x389cc9ad8:    mov    x1, #-1
3440          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
3441            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
3442                Add32 %r2, %r1, %r1, @69
3443                       0x389cc9adc:    add    w1, w2, w1
3444          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
3445            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
3446            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
3447                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
3448                       0x389cc9ae0:    cmp    x0, x22
3449                       0x389cc9ae4:    b.lo   0x389cc9dc0
3450            Int32 @72 = Trunc(@53, DFG:@86)
3451            Int32 @73 = BitAnd(@69, @72, DFG:@86)
3452                And32 %r1, %r0, %r1, @73
3453                       0x389cc9ae8:    and    w1, w1, w0
3454            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
3455            Int32 @72 = Trunc(@53, DFG:@86)
3456            Int64 @11 = SlotBase(stack0)
3457            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
3458                Move32 %r0, -64(%fp), @76
3459                       0x389cc9aec:    stur   w0, [fp, #-64]
3460            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
3461            Int64 @77 = ZExt32(@73, DFG:@12)
3462            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
3463                Add64 %r1, %r22, %r3, @78
3464                       0x389cc9af0:    add    x3, x1, x22
3465            Int64 @11 = SlotBase(stack0)
3466            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
3467                Move %r3, -72(%fp), @81
3468                       0x389cc9af4:    stur   x3, [fp, #-72]
3469            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
3470            Int32 @82 = Trunc(@24, DFG:@10)
3471            Int64 @11 = SlotBase(stack0)
3472            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
3473                Move32 %r21, -80(%fp), @85
3474                       0x389cc9af8:    stur   w21, [fp, #-80]
3475           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
3476            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
3477            Void @90 = Branch(@89, DFG:@129, Terminal)
3478                Branch32 AboveOrEqual, %r1, %r2, @90
3479                       0x389cc9afc:    cmp    w1, w2
3480                       0x389cc9b00:    b.hs   0x389cc9bec
3481         ...
3482         ...
3483
3484         * b3/air/AirDisassembler.cpp:
3485         (JSC::B3::Air::Disassembler::dump):
3486         * b3/air/AirDisassembler.h:
3487         * ftl/FTLCompile.cpp:
3488         (JSC::FTL::compile):
3489         * ftl/FTLLowerDFGToB3.cpp:
3490         (JSC::FTL::DFG::LowerDFGToB3::lower):
3491         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
3492         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
3493         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
3494         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
3495
3496 2017-03-01  Mark Lam  <mark.lam@apple.com>
3497
3498         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
3499         https://bugs.webkit.org/show_bug.cgi?id=169042
3500
3501         Not reviewed.
3502
3503         Rolling out r213229 and r213202.
3504
3505         * JavaScriptCore.xcodeproj/project.pbxproj:
3506         * heap/MachineStackMarker.cpp:
3507         (JSC::getCurrentPlatformThread):
3508         (JSC::MachineThreads::Thread::createForCurrentThread):
3509         (JSC::MachineThreads::machineThreadForCurrentThread):
3510         (JSC::MachineThreads::removeThread):
3511         (JSC::MachineThreads::Thread::suspend):
3512         (JSC::MachineThreads::tryCopyOtherThreadStacks):
3513         * heap/MachineStackMarker.h:
3514         * runtime/JSCellInlines.h:
3515         (JSC::JSCell::classInfo):
3516         * runtime/JSLock.cpp:
3517         (JSC::JSLock::JSLock):
3518         (JSC::JSLock::lock):
3519         (JSC::JSLock::unlock):
3520         (JSC::JSLock::currentThreadIsHoldingLock):
3521         * runtime/JSLock.h:
3522         (JSC::JSLock::ownerThread):
3523         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
3524         * runtime/PlatformThread.h: Removed.
3525         * runtime/VM.cpp:
3526         (JSC::VM::~VM):
3527         * runtime/VM.h:
3528         (JSC::VM::ownerThread):
3529         * runtime/Watchdog.cpp:
3530         (JSC::Watchdog::setTimeLimit):
3531         (JSC::Watchdog::shouldTerminate):
3532         (JSC::Watchdog::startTimer):
3533         (JSC::Watchdog::stopTimer):
3534         * tools/JSDollarVMPrototype.cpp:
3535         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
3536         * tools/VMInspector.cpp:
3537
3538 2017-03-01  Mark Lam  <mark.lam@apple.com>
3539
3540         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
3541         https://bugs.webkit.org/show_bug.cgi?id=169042
3542
3543         Reviewed by Filip Pizlo.
3544
3545         * runtime/JSLock.h:
3546         (JSC::JSLock::currentThreadIsHoldingLock):
3547
3548 2017-02-28  Brian Burg  <bburg@apple.com>
3549
3550         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
3551         https://bugs.webkit.org/show_bug.cgi?id=168695
3552         <rdar://problem/30643899>
3553
3554         Reviewed by Joseph Pecoraro.
3555
3556         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
3557         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
3558         to gather listing information for RemoteAutomationTargets.
3559
3560         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
3561         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
3562         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
3563
3564         * inspector/remote/RemoteInspector.h:
3565         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
3566
3567         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
3568         (Inspector::RemoteConnectionToTarget::setup):
3569         (Inspector::RemoteConnectionToTarget::close):
3570         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
3571         and use it inside the block later after it may have been destructed already. If that happens,
3572         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
3573
3574         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
3575         (Inspector::RemoteInspector::updateTargetListing):
3576         We need to make sure to request a listing push after the target is updated, so implicitly call
3577         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
3578
3579         (Inspector::RemoteInspector::receivedSetupMessage):
3580         (Inspector::RemoteInspector::receivedDidCloseMessage):
3581         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
3582         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
3583         and asynchronously on the target's queue when the connection to target is opened or closed.
3584
3585 2017-03-01  Tomas Popela  <tpopela@redhat.com>
3586
3587         Leak under Options::setOptions
3588         https://bugs.webkit.org/show_bug.cgi?id=169029
3589
3590         Reviewed by Michael Saboff.
3591
3592         Don't leak the optionsStrCopy variable.
3593
3594         * runtime/Options.cpp:
3595         (JSC::Options::setOptions):
3596
3597 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
3598
3599         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
3600         https://bugs.webkit.org/show_bug.cgi?id=168968
3601
3602         Reviewed by Saam Barati.
3603
3604         This patch decouples dumping bytecode sequence from CodeBlock.
3605         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
3606         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
3607         called Generatorification.
3608
3609         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
3610         this class to dump bytecode sequence.
3611
3612         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
3613         which dumps unlinked bytecode sequence before generatorification if it is enabled.
3614
3615         * CMakeLists.txt:
3616         * JavaScriptCore.xcodeproj/project.pbxproj:
3617         * bytecode/BytecodeDumper.cpp: Added.
3618         (JSC::getStructureID):
3619         (JSC::getSpecialPointer):
3620         (JSC::getPutByIdFlags):
3621         (JSC::getToThisStatus):
3622         (JSC::getPointer):
3623         (JSC::getStructureChain):
3624         (JSC::getStructure):
3625         (JSC::getCallLinkInfo):
3626         (JSC::getBasicBlockLocation):
3627         (JSC::BytecodeDumper<Block>::actualPointerFor):
3628         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
3629         (JSC::beginDumpProfiling):
3630         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
3631         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
3632         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
3633         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
3634         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
3635         (JSC::dumpRareCaseProfile):
3636         (JSC::dumpArithProfile):
3637         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
3638         (JSC::BytecodeDumper<Block>::vm):
3639         (JSC::BytecodeDumper<Block>::identifier):
3640         (JSC::regexpToSourceString):
3641         (JSC::regexpName):
3642         (JSC::printLocationAndOp):
3643         (JSC::isConstantRegisterIndex):
3644         (JSC::debugHookName):
3645         (JSC::BytecodeDumper<Block>::registerName):
3646         (JSC::idName):
3647         (JSC::BytecodeDumper<Block>::constantName):
3648         (JSC::BytecodeDumper<Block>::printUnaryOp):
3649         (JSC::BytecodeDumper<Block>::printBinaryOp):
3650         (JSC::BytecodeDumper<Block>::printConditionalJump):
3651         (JSC::BytecodeDumper<Block>::printGetByIdOp):
3652         (JSC::dumpStructure):
3653         (JSC::dumpChain):
3654         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
3655         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
3656         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
3657         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
3658         (JSC::BytecodeDumper<Block>::printCallOp):
3659         (JSC::BytecodeDumper<Block>::printPutByIdOp):
3660         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
3661         (JSC::BytecodeDumper<Block>::dumpBytecode):
3662         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
3663         (JSC::BytecodeDumper<Block>::dumpConstants):
3664         (JSC::BytecodeDumper<Block>::dumpRegExps):
3665         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
3666         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
3667         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
3668         (JSC::BytecodeDumper<Block>::dumpBlock):
3669         * bytecode/BytecodeDumper.h: Added.
3670         (JSC::BytecodeDumper::BytecodeDumper):
3671         (JSC::BytecodeDumper::block):
3672         (JSC::BytecodeDumper::instructionsBegin):
3673         * bytecode/BytecodeGeneratorification.cpp:
3674         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
3675         (JSC::performGeneratorification):
3676         * bytecode/BytecodeLivenessAnalysis.cpp:
3677         (JSC::BytecodeLivenessAnalysis::dumpResults):
3678         * bytecode/CodeBlock.cpp:
3679         (JSC::CodeBlock::dumpBytecode):
3680         (JSC::CodeBlock::finishCreation):
3681         (JSC::CodeBlock::propagateTransitions):
3682         (JSC::CodeBlock::finalizeLLIntInlineCaches):
3683         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
3684         (JSC::CodeBlock::usesOpcode):
3685         (JSC::CodeBlock::valueProfileForBytecodeOffset):
3686         (JSC::CodeBlock::arithProfileForPC):
3687         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
3688         (JSC::idName): Deleted.
3689         (JSC::CodeBlock::registerName): Deleted.
3690         (JSC::CodeBlock::constantName): Deleted.
3691         (JSC::regexpToSourceString): Deleted.
3692         (JSC::regexpName): Deleted.
3693         (JSC::debugHookName): Deleted.
3694         (JSC::CodeBlock::printUnaryOp): Deleted.
3695         (JSC::CodeBlock::printBinaryOp): Deleted.
3696         (JSC::CodeBlock::printConditionalJump): Deleted.
3697         (JSC::CodeBlock::printGetByIdOp): Deleted.
3698         (JSC::dumpStructure): Deleted.
3699         (JSC::dumpChain): Deleted.
3700         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
3701         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
3702         (JSC::CodeBlock::printCallOp): Deleted.
3703         (JSC::CodeBlock::printPutByIdOp): Deleted.
3704         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
3705         (JSC::CodeBlock::beginDumpProfiling): Deleted.
3706         (JSC::CodeBlock::dumpValueProfiling): Deleted.
3707         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
3708         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
3709         (JSC::CodeBlock::dumpArithProfile): Deleted.
3710         (JSC::CodeBlock::printLocationAndOp): Deleted.
3711         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
3712         * bytecode/CodeBlock.h:
3713         (JSC::CodeBlock::constantRegisters):
3714         (JSC::CodeBlock::numberOfRegExps):
3715         (JSC::CodeBlock::bitVectors):
3716         (JSC::CodeBlock::bitVector):
3717         * bytecode/HandlerInfo.h:
3718         (JSC::HandlerInfoBase::typeName):
3719         * bytecode/UnlinkedCodeBlock.cpp:
3720         (JSC::UnlinkedCodeBlock::dump):
3721         * bytecode/UnlinkedCodeBlock.h:
3722         (JSC::UnlinkedCodeBlock::getConstant):
3723         * bytecode/UnlinkedInstructionStream.cpp:
3724         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
3725         * bytecode/UnlinkedInstructionStream.h:
3726         (JSC::UnlinkedInstructionStream::Reader::next):
3727         * runtime/Options.h:
3728
3729 2017-02-28  Mark Lam  <mark.lam@apple.com>
3730
3731         Change JSLock to stash PlatformThread instead of std::thread::id.
3732         https://bugs.webkit.org/show_bug.cgi?id=168996
3733
3734         Reviewed by Filip Pizlo.
3735
3736         PlatformThread is more useful because it allows us to:
3737         1. find the MachineThreads::Thread which is associated with it.
3738         2. suspend / resume threads.
3739         3. send a signal to a thread.
3740
3741         We can't do those with std::thread::id.  We will need one or more of these
3742         capabilities to implement non-polling VM traps later.
3743
3744         * JavaScriptCore.xcodeproj/project.pbxproj:
3745         * heap/MachineStackMarker.cpp:
3746         (JSC::MachineThreads::Thread::createForCurrentThread):
3747         (JSC::MachineThreads::machineThreadForCurrentThread):
3748         (JSC::MachineThreads::removeThread):
3749         (JSC::MachineThreads::Thread::suspend):
3750         (JSC::MachineThreads::tryCopyOtherThreadStacks):
3751         (JSC::getCurrentPlatformThread): Deleted.
3752         * heap/MachineStackMarker.h:
3753         * runtime/JSCellInlines.h:
3754         (JSC::JSCell::classInfo):
3755         * runtime/JSLock.cpp:
3756         (JSC::JSLock::lock):
3757         (JSC::JSLock::unlock):
3758         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
3759         * runtime/JSLock.h:
3760         (JSC::JSLock::ownerThread):
3761         (JSC::JSLock::currentThreadIsHoldingLock):
3762         * runtime/PlatformThread.h: Added.
3763         (JSC::currentPlatformThread):
3764         * runtime/VM.cpp:
3765         (JSC::VM::~VM):
3766         * runtime/VM.h:
3767         (JSC::VM::ownerThread):
3768         * runtime/Watchdog.cpp:
3769         (JSC::Watchdog::setTimeLimit):
3770         (JSC::Watchdog::shouldTerminate):
3771         (JSC::Watchdog::startTimer):
3772         (JSC::Watchdog::stopTimer):
3773         * tools/JSDollarVMPrototype.cpp:
3774         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
3775         * tools/VMInspector.cpp:
3776
3777 2017-02-28  Mark Lam  <mark.lam@apple.com>
3778
3779         Enable the SigillCrashAnalyzer by default for iOS.
3780         https://bugs.webkit.org/show_bug.cgi?id=168989
3781
3782         Reviewed by Keith Miller.
3783
3784         * runtime/Options.cpp:
3785         (JSC::overrideDefaults):
3786
3787 2017-02-28  Mark Lam  <mark.lam@apple.com>
3788
3789         Remove setExclusiveThread() and peers from the JSLock.
3790         https://bugs.webkit.org/show_bug.cgi?id=168977
3791
3792         Reviewed by Filip Pizlo.
3793
3794         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
3795         Speedometer, we see that removal of exclusive thread status has no measurable
3796         impact on performance.  So, let's remove the code for handling exclusive thread
3797         status, and simplify the JSLock code.
3798
3799         For the records, exclusive thread status does improve JSLock locking/unlocking
3800         time by up to 20%.  However, this difference is not measurable in the way WebCore
3801         uses the JSLock as confirmed by Speedometer.
3802
3803         Also applied a minor optimization in JSLock::lock() to assume the initial lock
3804         entry case (as opposed to the re-entry case).  This appears to shows a small
3805         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
3806         time in a micro-benchmark.
3807
3808         * heap/Heap.cpp:
3809         (JSC::Heap::Heap):
3810         * heap/MachineStackMarker.cpp:
3811         (JSC::MachineThreads::MachineThreads):
3812         (JSC::MachineThreads::addCurrentThread):
3813         * heap/MachineStackMarker.h:
3814         * runtime/JSLock.cpp:
3815         (JSC::JSLock::JSLock):
3816         (JSC::JSLock::lock):
3817         (JSC::JSLock::unlock):
3818         (JSC::JSLock::currentThreadIsHoldingLock):
3819         (JSC::JSLock::dropAllLocks):
3820         (JSC::JSLock::grabAllLocks):
3821         (JSC::JSLock::setExclusiveThread): Deleted.
3822         * runtime/JSLock.h:
3823         (JSC::JSLock::ownerThread):
3824         (JSC::JSLock::hasExclusiveThread): Deleted.
3825         (JSC::JSLock::exclusiveThread): Deleted.
3826         * runtime/VM.h:
3827         (JSC::VM::hasExclusiveThread): Deleted.
3828         (JSC::VM::exclusiveThread): Deleted.
3829         (JSC::VM::setExclusiveThread): Deleted.
3830
3831 2017-02-28  Saam Barati  <sbarati@apple.com>
3832
3833         Arm64 disassembler prints "ars" instead of "asr"
3834         https://bugs.webkit.org/show_bug.cgi?id=168923
3835
3836         Rubber stamped by Michael Saboff.
3837
3838         * disassembler/ARM64/A64DOpcode.cpp:
3839         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
3840
3841 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
3842
3843         Use of arguments in arrow function is slow
3844         https://bugs.webkit.org/show_bug.cgi?id=168829
3845
3846         Reviewed by Saam Barati.
3847
3848         Current patch improves performance access to arguments within arrow functuion
3849         by preventing create arguments variable within arrow function, also allow to cache 
3850         arguments variable. Before arguments variable always have Dynamic resolve type, after 
3851         patch it can be ClosureVar, that increase performance of access to arguments variable
3852         in 9 times inside of the arrow function. 
3853
3854         * bytecompiler/BytecodeGenerator.cpp:
3855         (JSC::BytecodeGenerator::BytecodeGenerator):
3856         * runtime/JSScope.cpp:
3857         (JSC::abstractAccess):
3858
3859 2017-02-28  Michael Saboff  <msaboff@apple.com>
3860
3861         Add ability to configure JSC options from a file
3862         https://bugs.webkit.org/show_bug.cgi?id=168914
3863
3864         Reviewed by Filip Pizlo.
3865
3866         Added the ability to set options and DataLog file location via a configuration file.
3867         The configuration file is specified with the --configFile option to JSC or the
3868         JSC_configFile environment variable.
3869
3870         The file format allows for options conditionally dependent on various attributes.
3871         Currently those attributes are the process name, parent process name and build
3872         type (Release or Debug).  In this patch, the parent process type is not set.
3873         That will be set up in WebKit code with a follow up patch.
3874
3875         Here is an example config file:
3876
3877             logFile = "/tmp/jscLog.%pid.txt"
3878
3879             jscOptions {
3880                 dumpOptions = 2
3881             }
3882
3883             build == "Debug" {
3884                 jscOptions {
3885                     useConcurrentJIT = false
3886                     dumpDisassembly = true
3887                 }
3888             }
3889
3890             build == "Release" && processName == "jsc" {
3891                 jscOptions {
3892                     asyncDisassembly = true
3893                 }
3894             }
3895
3896         Eliminated the prior options file code.
3897
3898         * CMakeLists.txt:
3899         * JavaScriptCore.xcodeproj/project.pbxproj:
3900         * jsc.cpp:
3901         (jscmain):
3902         * runtime/ConfigFile.cpp: Added.
3903         (JSC::ConfigFileScanner::ConfigFileScanner):
3904         (JSC::ConfigFileScanner::start):
3905         (JSC::ConfigFileScanner::lineNumber):
3906         (JSC::ConfigFileScanner::currentBuffer):
3907         (JSC::ConfigFileScanner::atFileEnd):
3908         (JSC::ConfigFileScanner::tryConsume):
3909         (JSC::ConfigFileScanner::tryConsumeString):
3910         (JSC::ConfigFileScanner::tryConsumeUpto):
3911         (JSC::ConfigFileScanner::fillBufferIfNeeded):
3912         (JSC::ConfigFileScanner::fillBuffer):
3913         (JSC::ConfigFile::ConfigFile):
3914         (JSC::ConfigFile::setProcessName):
3915         (JSC::ConfigFile::setParentProcessName):
3916         (JSC::ConfigFile::parse):
3917         * runtime/ConfigFile.h: Added.
3918         * runtime/Options.cpp: