Fix JavaScriptCore build targets following <http://trac.webkit.org/changeset/157864>
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-23  Daniel Bates  <dabates@apple.com>
2
3         Fix JavaScriptCore build targets following <http://trac.webkit.org/changeset/157864>
4         (https://bugs.webkit.org/show_bug.cgi?id=123169)
5
6         Tell Xcode that the supported platforms for all JavaScriptCore targets are iOS and OS X.
7
8         * Configurations/Base.xcconfig:
9
10 2013-10-23  Michael Saboff  <msaboff@apple.com>
11
12         LLInt arity check exception processing should start unwinding from caller
13         https://bugs.webkit.org/show_bug.cgi?id=123209
14
15         Reviewed by Oliver Hunt.
16
17         Use the caller frame returned from slow_path_call_arityCheck to process exceptions.
18
19         * llint/LowLevelInterpreter32_64.asm:
20         * llint/LowLevelInterpreter64.asm:
21
22 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
23
24         FTL should be able to do some simple inline caches using LLVM patchpoints
25         https://bugs.webkit.org/show_bug.cgi?id=123164
26
27         Reviewed by Mark Hahnenberg.
28         
29         This implements GetById inline caches in the FTL using llvm.webkit.patchpoint.
30         
31         The idea is that we ask LLVM for a nop slide the size of a GetById inline
32         cache and then fill in the code after LLVM compilation is complete. For now, we
33         just use the system calling convention for the arguments and return. We also
34         still make some assumptions about registers that aren't correct. But, most of
35         the scaffolding is there and this will successfully patch an inline cache.
36
37         * JavaScriptCore.xcodeproj/project.pbxproj:
38         * assembler/AbstractMacroAssembler.h:
39         * assembler/LinkBuffer.cpp:
40         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
41         (JSC::LinkBuffer::linkCode):
42         (JSC::LinkBuffer::allocate):
43         * assembler/LinkBuffer.h:
44         (JSC::LinkBuffer::LinkBuffer):
45         (JSC::LinkBuffer::link):
46         * ftl/FTLAbbreviations.h:
47         (JSC::FTL::constNull):
48         (JSC::FTL::buildCall):
49         * ftl/FTLCapabilities.cpp:
50         (JSC::FTL::canCompile):
51         * ftl/FTLCompile.cpp:
52         (JSC::FTL::fixFunctionBasedOnStackMaps):
53         * ftl/FTLInlineCacheDescriptor.h: Added.
54         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
55         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
56         (JSC::FTL::GetByIdDescriptor::stackmapID):
57         (JSC::FTL::GetByIdDescriptor::codeOrigin):
58         (JSC::FTL::GetByIdDescriptor::uid):
59         * ftl/FTLInlineCacheSize.cpp: Added.
60         (JSC::FTL::sizeOfGetById):
61         (JSC::FTL::sizeOfPutById):
62         * ftl/FTLInlineCacheSize.h: Added.
63         * ftl/FTLIntrinsicRepository.h:
64         * ftl/FTLJITFinalizer.cpp:
65         (JSC::FTL::JITFinalizer::finalizeFunction):
66         * ftl/FTLJITFinalizer.h:
67         * ftl/FTLLocation.cpp:
68         (JSC::FTL::Location::directGPR):
69         * ftl/FTLLocation.h:
70         * ftl/FTLLowerDFGToLLVM.cpp:
71         (JSC::FTL::LowerDFGToLLVM::compileGetById):
72         * ftl/FTLOutput.h:
73         (JSC::FTL::Output::call):
74         * ftl/FTLSlowPathCall.cpp: Added.
75         (JSC::FTL::callOperation):
76         * ftl/FTLSlowPathCall.h: Added.
77         (JSC::FTL::SlowPathCall::SlowPathCall):
78         (JSC::FTL::SlowPathCall::call):
79         (JSC::FTL::SlowPathCall::key):
80         * ftl/FTLSlowPathCallKey.cpp: Added.
81         (JSC::FTL::SlowPathCallKey::dump):
82         * ftl/FTLSlowPathCallKey.h: Added.
83         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
84         (JSC::FTL::SlowPathCallKey::usedRegisters):
85         (JSC::FTL::SlowPathCallKey::callTarget):
86         (JSC::FTL::SlowPathCallKey::offset):
87         (JSC::FTL::SlowPathCallKey::isEmptyValue):
88         (JSC::FTL::SlowPathCallKey::isDeletedValue):
89         (JSC::FTL::SlowPathCallKey::operator==):
90         (JSC::FTL::SlowPathCallKey::hash):
91         (JSC::FTL::SlowPathCallKeyHash::hash):
92         (JSC::FTL::SlowPathCallKeyHash::equal):
93         * ftl/FTLStackMaps.cpp:
94         (JSC::FTL::StackMaps::Location::directGPR):
95         * ftl/FTLStackMaps.h:
96         * ftl/FTLState.h:
97         * ftl/FTLThunks.cpp:
98         (JSC::FTL::slowPathCallThunkGenerator):
99         * ftl/FTLThunks.h:
100         (JSC::FTL::Thunks::getSlowPathCallThunk):
101         * jit/CCallHelpers.h:
102         (JSC::CCallHelpers::setupArguments):
103         * jit/GPRInfo.h:
104         * jit/JITInlineCacheGenerator.cpp:
105         (JSC::garbageStubInfo):
106         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
107         (JSC::JITByIdGenerator::finalize):
108         * jit/JITInlineCacheGenerator.h:
109         (JSC::JITByIdGenerator::slowPathBegin):
110         * jit/RegisterSet.cpp:
111         (JSC::RegisterSet::stackRegisters):
112         (JSC::RegisterSet::specialRegisters):
113         (JSC::RegisterSet::calleeSaveRegisters):
114         (JSC::RegisterSet::allGPRs):
115         (JSC::RegisterSet::allFPRs):
116         (JSC::RegisterSet::allRegisters):
117         (JSC::RegisterSet::dump):
118         * jit/RegisterSet.h:
119         (JSC::RegisterSet::exclude):
120         (JSC::RegisterSet::numberOfSetRegisters):
121         (JSC::RegisterSet::RegisterSet):
122         (JSC::RegisterSet::isEmptyValue):
123         (JSC::RegisterSet::isDeletedValue):
124         (JSC::RegisterSet::operator==):
125         (JSC::RegisterSet::hash):
126         (JSC::RegisterSetHash::hash):
127         (JSC::RegisterSetHash::equal):
128         * runtime/Options.h:
129
130 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
131
132         jitCompileAndSetHeuristics should DeferGCForAWhile
133         https://bugs.webkit.org/show_bug.cgi?id=123196
134
135         Reviewed by Mark Hahnenberg.
136         
137         This fixes random crashes in V8v7/raytrace. I only see those crashes on exactly one of
138         my machines. I don't think this is testable; we just need to steadily converge towards
139         getting our uses of DeferGC to be right and then be careful not to regress. We're not
140         there yet, obviously.
141         
142         * llint/LLIntSlowPaths.cpp:
143         (JSC::LLInt::jitCompileAndSetHeuristics):
144
145 2013-10-23  Daniel Bates  <dabates@apple.com>
146
147         [iOS] Upstream more JavaScriptCore build configuration changes
148         https://bugs.webkit.org/show_bug.cgi?id=123169
149
150         Reviewed by David Kilzer.
151
152         * Configurations/Base.xcconfig:
153         * Configurations/Version.xcconfig:
154         * Configurations/iOS.xcconfig: Added.
155         * JavaScriptCore.xcodeproj/project.pbxproj:
156
157 2013-10-23  Daniel Bates  <dabates@apple.com>
158
159         [iOS] Export DefaultGCActivityCallback member functions
160         https://bugs.webkit.org/show_bug.cgi?id=123175
161
162         Reviewed by David Kilzer.
163
164         * runtime/GCActivityCallback.h:
165
166 2013-10-23  Daniel Bates  <dabates@apple.com>
167
168         [iOS] Upstream more ARMv7s bits
169         https://bugs.webkit.org/show_bug.cgi?id=123052
170
171         Reviewed by Joseph Pecoraro.
172
173         * Configurations/JavaScriptCore.xcconfig:
174
175 2013-10-22  Andreas Kling  <akling@apple.com>
176
177         Minor VM* -> VM& cleanups in HashTable and Keywords.
178         <https://webkit.org/b/123183>
179
180         Turn some VM* variables that will never be null into VM&.
181
182         Reviewed by Geoffrey Garen.
183
184 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
185
186         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
187         https://bugs.webkit.org/show_bug.cgi?id=123179
188
189         Reviewed by Mark Hahnenberg.
190
191         * parser/NodeConstructors.h:
192         (JSC::LogicalOpNode::LogicalOpNode):
193         * parser/ResultType.h:
194         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
195         This is JavaScript (aka Sparta).
196
197 2013-10-22  Commit Queue  <commit-queue@webkit.org>
198
199         Unreviewed, rolling out r157819.
200         http://trac.webkit.org/changeset/157819
201         https://bugs.webkit.org/show_bug.cgi?id=123180
202
203         Broke 32-bit builds (Requested by smfr on #webkit).
204
205         * Configurations/JavaScriptCore.xcconfig:
206         * Configurations/ToolExecutable.xcconfig:
207
208 2013-10-22  Daniel Bates  <dabates@apple.com>
209
210         [iOS] Upstream more ARMv7s bits
211         https://bugs.webkit.org/show_bug.cgi?id=123052
212
213         Reviewed by Joseph Pecoraro.
214
215         * Configurations/JavaScriptCore.xcconfig:
216         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
217         modifying a file in JavaScriptCore/Configurations.
218
219 2013-10-22  Daniel Bates  <dabates@apple.com>
220
221         [iOS] Upstream JSLock changes
222         https://bugs.webkit.org/show_bug.cgi?id=123107
223
224         Reviewed by Geoffrey Garen.
225
226         * runtime/JSLock.cpp:
227         (JSC::JSLock::unlock):
228         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
229         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
230         use pre-increment instead of post-increment when we're not using the return value of the instruction.
231         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
232         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
233         since we don't use the return value of such instructions.
234         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
235         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
236         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
237         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
238         the argument is sufficiently descriptive of its purpose.
239
240 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
241
242         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
243         https://bugs.webkit.org/show_bug.cgi?id=123166
244
245         Reviewed by Michael Saboff.
246
247         * jit/CCallHelpers.h:
248         (JSC::CCallHelpers::setupArgumentsWithExecState):
249
250 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
251
252         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
253         https://bugs.webkit.org/show_bug.cgi?id=123165
254
255         Reviewed by Michael Saboff.
256
257         * jit/JITInlines.h:
258         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
259         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
260         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
261         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
262
263 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
264
265         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
266         https://bugs.webkit.org/show_bug.cgi?id=123092
267
268         Reviewed by Michael Saboff.
269
270         Impacted architectures are SH4 and ARM_TRADITIONAL.
271
272         * assembler/ARMAssembler.h:
273         (JSC::ARMAssembler::buffer):
274         * assembler/AssemblerBufferWithConstantPool.h:
275         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
276         * assembler/LinkBuffer.cpp:
277         (JSC::LinkBuffer::linkCode):
278         * assembler/SH4Assembler.h:
279         (JSC::SH4Assembler::buffer):
280
281 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
282
283         Remove unused stuff in JIT stubs.
284         https://bugs.webkit.org/show_bug.cgi?id=123155
285
286         Reviewed by Michael Saboff.
287
288         * jit/JITStubs.h:
289         * jit/JITStubsARM.h:
290         (JSC::ctiTrampoline):
291         * jit/JITStubsARM64.h:
292         * jit/JITStubsARMv7.h:
293         * jit/JITStubsMIPS.h:
294         * jit/JITStubsSH4.h:
295         * jit/JITStubsX86.h:
296         * jit/JITStubsX86_64.h:
297
298 2013-10-22  Daniel Bates  <dabates@apple.com>
299
300         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
301         https://bugs.webkit.org/show_bug.cgi?id=123115
302         <rdar://problem/13696872>
303
304         Reviewed by Andy Estes.
305
306         Based on a patch by Mark Hahnenberg.
307
308         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
309
310         * API/JSBase.cpp:
311
312 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
313
314         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
315         https://bugs.webkit.org/show_bug.cgi?id=123157
316
317         Reviewed by Andreas Kling.
318
319         * assembler/SH4Assembler.h:
320         (JSC::SH4Assembler::lastRegister):
321         (JSC::SH4Assembler::firstFPRegister):
322         (JSC::SH4Assembler::lastFPRegister):
323
324 2013-10-22  Brian Holt  <brian.holt@samsung.com>
325
326         Build break on ARMv7 after r157209
327         https://bugs.webkit.org/show_bug.cgi?id=122890
328
329         Reviewed by Csaba Osztrogon√°c.
330
331         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
332
333         * assembler/ARMAssembler.h:
334         * assembler/MacroAssemblerARM.h:
335         (JSC::MacroAssemblerARM::firstRegister):
336         (JSC::MacroAssemblerARM::lastRegister):
337         (JSC::MacroAssemblerARM::firstFPRegister):
338         (JSC::MacroAssemblerARM::lastFPRegister):
339
340 2013-10-21  Daniel Bates  <dabates@apple.com>
341
342         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
343         https://bugs.webkit.org/show_bug.cgi?id=123045
344
345         Reviewed by Joseph Pecoraro.
346
347         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
348         to global method table.
349         * runtime/JSGlobalObject.cpp: Ditto.
350         * runtime/JSGlobalObject.h:
351         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
352
353 2013-10-21  Daniel Bates  <dabates@apple.com>
354
355         [iOS] Upstream JSC Objective-C API compiler warning fixes
356         https://bugs.webkit.org/show_bug.cgi?id=123125
357
358         Reviewed by Mark Hahnenberg.
359
360         Based on a patch by Mark Hahnenberg.
361
362         * API/JSValue.mm:
363         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
364         (-[JSValue toSize]): Ditto.
365         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
366
367 2013-10-21  Daniel Bates  <dabates@apple.com>
368
369         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
370         available since iOS 7.0
371         https://bugs.webkit.org/show_bug.cgi?id=123122
372
373         Reviewed by Dan Bernstein.
374
375         * API/JSContext.h:
376         * API/JSManagedValue.h:
377         * API/JSValue.h:
378         * API/JSVirtualMachine.h:
379
380 2013-10-20  Mark Lam  <mark.lam@apple.com>
381
382         Avoid JSC debugger overhead unless needed.
383         https://bugs.webkit.org/show_bug.cgi?id=123084.
384
385         Reviewed by Geoffrey Garen.
386
387         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
388         - If no break on exception is set, we also avoid exception event debug callbacks.
389         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
390           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
391           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
392           returning, the ScriptDebugServer will clear its m_currentCallFrame if
393           needsOpDebugCallbacks() is false.
394
395         * debugger/Debugger.cpp:
396         (JSC::Debugger::Debugger):
397         (JSC::Debugger::setNeedsExceptionCallbacks):
398         (JSC::Debugger::setShouldPause):
399         (JSC::Debugger::updateNumberOfBreakpoints):
400         (JSC::Debugger::updateNeedForOpDebugCallbacks):
401         * debugger/Debugger.h:
402         * interpreter/Interpreter.cpp:
403         (JSC::Interpreter::unwind):
404         (JSC::Interpreter::debug):
405         * jit/JITOpcodes.cpp:
406         (JSC::JIT::emit_op_debug):
407         * jit/JITOpcodes32_64.cpp:
408         (JSC::JIT::emit_op_debug):
409         * llint/LLIntOffsetsExtractor.cpp:
410         * llint/LowLevelInterpreter.asm:
411
412 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
413
414         [WIN] Unreviewed build correction.
415
416         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
417           sources, not header files.
418         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
419
420 2013-10-21  Oliver Hunt  <oliver@apple.com>
421
422         Support computed property names in object literals
423         https://bugs.webkit.org/show_bug.cgi?id=123112
424
425         Reviewed by Michael Saboff.
426
427         Add support for computed property names to the parser.
428
429         * bytecompiler/NodesCodegen.cpp:
430         (JSC::PropertyListNode::emitBytecode):
431         * parser/ASTBuilder.h:
432         (JSC::ASTBuilder::createProperty):
433         (JSC::ASTBuilder::getName):
434         * parser/NodeConstructors.h:
435         (JSC::PropertyNode::PropertyNode):
436         * parser/Nodes.h:
437         (JSC::PropertyNode::expressionName):
438         (JSC::PropertyNode::name):
439         * parser/Parser.cpp:
440         (JSC::::parseProperty):
441         (JSC::::parseStrictObjectLiteral):
442         * parser/SyntaxChecker.h:
443         (JSC::SyntaxChecker::Property::Property):
444         (JSC::SyntaxChecker::createProperty):
445         (JSC::SyntaxChecker::operatorStackPop):
446
447 2013-10-21  Michael Saboff  <msaboff@apple.com>
448
449         Add option so that JSC will crash if it can't allocate executable memory for the JITs
450         https://bugs.webkit.org/show_bug.cgi?id=123048
451         <rdar://problem/12856193>
452
453         Reviewed by Geoffrey Garen.
454
455         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
456         when checking the validity of the executable allocator. The default value for this option is
457         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
458         the app can obtain executable memory.
459
460         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
461         (main):
462         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
463         * runtime/VM.cpp:
464         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
465         is enabled.
466
467 2013-10-21  Nadav Rotem  <nrotem@apple.com>
468
469         Remove AllInOneFile.cpp
470         https://bugs.webkit.org/show_bug.cgi?id=123055
471
472         Reviewed by Csaba Osztrogon√°c.
473
474         * AllInOneFile.cpp: Removed.
475
476 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
477
478         Unreviewed, cleanup a FIXME comment.
479
480         * jit/Repatch.cpp:
481
482 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
483
484         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
485         https://bugs.webkit.org/show_bug.cgi?id=123076
486
487         Reviewed by Sam Weinig.
488         
489         Start preparing for a world in which we are patching code generated by LLVM, which may have
490         very different register usage conventions than our JITs. This requires us being more explicit
491         about the registers we are using. For example, the repatching code shouldn't take for granted
492         that tagMaskRegister holds the TagMask or that the register is even in use.
493
494         * CMakeLists.txt:
495         * GNUmakefile.list.am:
496         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
497         * JavaScriptCore.xcodeproj/project.pbxproj:
498         * assembler/MacroAssembler.h:
499         (JSC::MacroAssembler::numberOfRegisters):
500         (JSC::MacroAssembler::registerIndex):
501         (JSC::MacroAssembler::numberOfFPRegisters):
502         (JSC::MacroAssembler::fpRegisterIndex):
503         (JSC::MacroAssembler::totalNumberOfRegisters):
504         * bytecode/StructureStubInfo.h:
505         * dfg/DFGSpeculativeJIT.cpp:
506         (JSC::DFG::SpeculativeJIT::usedRegisters):
507         * dfg/DFGSpeculativeJIT.h:
508         * ftl/FTLSaveRestore.cpp:
509         (JSC::FTL::bytesForGPRs):
510         (JSC::FTL::bytesForFPRs):
511         (JSC::FTL::offsetOfGPR):
512         (JSC::FTL::offsetOfFPR):
513         * jit/JITInlineCacheGenerator.cpp:
514         (JSC::JITByIdGenerator::JITByIdGenerator):
515         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
516         * jit/JITInlineCacheGenerator.h:
517         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
518         * jit/JITPropertyAccess.cpp:
519         (JSC::JIT::emit_op_get_by_id):
520         (JSC::JIT::emit_op_put_by_id):
521         * jit/JITPropertyAccess32_64.cpp:
522         (JSC::JIT::emit_op_get_by_id):
523         (JSC::JIT::emit_op_put_by_id):
524         * jit/RegisterSet.cpp: Added.
525         (JSC::RegisterSet::specialRegisters):
526         * jit/RegisterSet.h: Added.
527         (JSC::RegisterSet::RegisterSet):
528         (JSC::RegisterSet::set):
529         (JSC::RegisterSet::clear):
530         (JSC::RegisterSet::get):
531         (JSC::RegisterSet::merge):
532         * jit/Repatch.cpp:
533         (JSC::generateProtoChainAccessStub):
534         (JSC::tryCacheGetByID):
535         (JSC::tryBuildGetByIDList):
536         (JSC::emitPutReplaceStub):
537         (JSC::tryRepatchIn):
538         (JSC::linkClosureCall):
539         * jit/TempRegisterSet.cpp: Added.
540         (JSC::TempRegisterSet::TempRegisterSet):
541         * jit/TempRegisterSet.h:
542
543 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
544
545         [sh4] Fix build (broken since r157690).
546         https://bugs.webkit.org/show_bug.cgi?id=123081
547
548         Reviewed by Andreas Kling.
549
550         * assembler/AssemblerBufferWithConstantPool.h:
551         * assembler/SH4Assembler.h:
552         (JSC::SH4Assembler::buffer):
553         (JSC::SH4Assembler::readCallTarget):
554
555 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
556
557         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
558         https://bugs.webkit.org/show_bug.cgi?id=123079
559
560         Reviewed by Geoffrey Garen.
561
562         * jit/TempRegisterSet.h:
563
564 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
565
566         Rename RegisterSet to TempRegisterSet
567         https://bugs.webkit.org/show_bug.cgi?id=123077
568
569         Reviewed by Dan Bernstein.
570
571         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
572         * JavaScriptCore.xcodeproj/project.pbxproj:
573         * bytecode/StructureStubInfo.h:
574         * dfg/DFGJITCompiler.h:
575         * dfg/DFGSpeculativeJIT.h:
576         (JSC::DFG::SpeculativeJIT::usedRegisters):
577         * jit/JITInlineCacheGenerator.cpp:
578         (JSC::JITByIdGenerator::JITByIdGenerator):
579         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
580         * jit/JITInlineCacheGenerator.h:
581         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
582         * jit/JITPropertyAccess.cpp:
583         (JSC::JIT::emit_op_get_by_id):
584         (JSC::JIT::emit_op_put_by_id):
585         * jit/JITPropertyAccess32_64.cpp:
586         (JSC::JIT::emit_op_get_by_id):
587         (JSC::JIT::emit_op_put_by_id):
588         * jit/RegisterSet.h: Removed.
589         * jit/ScratchRegisterAllocator.h:
590         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
591         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
592         (JSC::TempRegisterSet::TempRegisterSet):
593         (JSC::TempRegisterSet::asPOD):
594         (JSC::TempRegisterSet::copyInfo):
595
596 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
597
598         Restructure LinkBuffer to allow for alternate allocation strategies
599         https://bugs.webkit.org/show_bug.cgi?id=123071
600
601         Reviewed by Oliver Hunt.
602         
603         The idea is to eventually allow a LinkBuffer to place the code into an already
604         allocated region of memory.  That region of memory could be the nop-slide left behind
605         by a llvm.webkit.patchpoint.
606
607         * assembler/ARM64Assembler.h:
608         (JSC::ARM64Assembler::buffer):
609         * assembler/AssemblerBuffer.h:
610         * assembler/LinkBuffer.cpp:
611         (JSC::LinkBuffer::copyCompactAndLinkCode):
612         (JSC::LinkBuffer::linkCode):
613         (JSC::LinkBuffer::allocate):
614         (JSC::LinkBuffer::shrink):
615         * assembler/LinkBuffer.h:
616         (JSC::LinkBuffer::LinkBuffer):
617         (JSC::LinkBuffer::didFailToAllocate):
618         * assembler/X86Assembler.h:
619         (JSC::X86Assembler::buffer):
620         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
621
622 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
623
624         Some includes in JSC seem to use an incorrect style
625         https://bugs.webkit.org/show_bug.cgi?id=123057
626
627         Reviewed by Geoffrey Garen.
628
629         Changed pseudo-system includes to user ones.
630
631         * API/JSContextRef.cpp:
632         * API/JSStringRefCF.cpp:
633         * API/JSValueRef.cpp:
634         * API/OpaqueJSString.cpp:
635         * jit/JIT.h:
636         * parser/SyntaxChecker.h:
637         * runtime/WeakGCMap.h:
638
639 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
640
641         Baseline JIT and DFG IC code generation should be unified and rationalized
642         https://bugs.webkit.org/show_bug.cgi?id=122939
643
644         Reviewed by Geoffrey Garen.
645         
646         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
647         some register info and creates JIT inline caches for you. Used this to even furhter
648         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
649         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
650         that it needs to do the equivalent of get_by_id, so with this generator it will be able
651         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
652
653         * CMakeLists.txt:
654         * GNUmakefile.list.am:
655         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
656         * JavaScriptCore.xcodeproj/project.pbxproj:
657         * assembler/AbstractMacroAssembler.h:
658         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
659         * bytecode/CodeBlock.h:
660         (JSC::CodeBlock::ecmaMode):
661         * dfg/DFGInlineCacheWrapper.h: Added.
662         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
663         * dfg/DFGInlineCacheWrapperInlines.h: Added.
664         (JSC::DFG::::finalize):
665         * dfg/DFGJITCompiler.cpp:
666         (JSC::DFG::JITCompiler::link):
667         * dfg/DFGJITCompiler.h:
668         (JSC::DFG::JITCompiler::addGetById):
669         (JSC::DFG::JITCompiler::addPutById):
670         * dfg/DFGSpeculativeJIT32_64.cpp:
671         (JSC::DFG::SpeculativeJIT::cachedGetById):
672         (JSC::DFG::SpeculativeJIT::cachedPutById):
673         * dfg/DFGSpeculativeJIT64.cpp:
674         (JSC::DFG::SpeculativeJIT::cachedGetById):
675         (JSC::DFG::SpeculativeJIT::cachedPutById):
676         (JSC::DFG::SpeculativeJIT::compile):
677         * jit/AssemblyHelpers.h:
678         (JSC::AssemblyHelpers::isStrictModeFor):
679         (JSC::AssemblyHelpers::strictModeFor):
680         * jit/GPRInfo.h:
681         (JSC::JSValueRegs::tagGPR):
682         * jit/JIT.cpp:
683         (JSC::JIT::JIT):
684         (JSC::JIT::privateCompileSlowCases):
685         (JSC::JIT::privateCompile):
686         * jit/JIT.h:
687         * jit/JITInlineCacheGenerator.cpp: Added.
688         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
689         (JSC::JITByIdGenerator::JITByIdGenerator):
690         (JSC::JITByIdGenerator::finalize):
691         (JSC::JITByIdGenerator::generateFastPathChecks):
692         (JSC::JITGetByIdGenerator::generateFastPath):
693         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
694         (JSC::JITPutByIdGenerator::generateFastPath):
695         (JSC::JITPutByIdGenerator::slowPathFunction):
696         * jit/JITInlineCacheGenerator.h: Added.
697         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
698         (JSC::JITInlineCacheGenerator::stubInfo):
699         (JSC::JITByIdGenerator::JITByIdGenerator):
700         (JSC::JITByIdGenerator::reportSlowPathCall):
701         (JSC::JITByIdGenerator::slowPathJump):
702         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
703         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
704         * jit/JITPropertyAccess.cpp:
705         (JSC::JIT::emit_op_get_by_id):
706         (JSC::JIT::emitSlow_op_get_by_id):
707         (JSC::JIT::emit_op_put_by_id):
708         (JSC::JIT::emitSlow_op_put_by_id):
709         * jit/JITPropertyAccess32_64.cpp:
710         (JSC::JIT::emit_op_get_by_id):
711         (JSC::JIT::emitSlow_op_get_by_id):
712         (JSC::JIT::emit_op_put_by_id):
713         (JSC::JIT::emitSlow_op_put_by_id):
714         * jit/RegisterSet.h:
715         (JSC::RegisterSet::set):
716
717 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
718
719         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
720         https://bugs.webkit.org/show_bug.cgi?id=123067
721
722         Reviewed by Geoffrey Garen.
723
724         * API/APICast.h: Include it.
725
726 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
727
728         FTL::Location should treat the offset as an addend in the case of a Register location
729         https://bugs.webkit.org/show_bug.cgi?id=123062
730
731         Reviewed by Sam Weinig.
732
733         * ftl/FTLLocation.cpp:
734         (JSC::FTL::Location::forStackmaps):
735         (JSC::FTL::Location::dump):
736         (JSC::FTL::Location::restoreInto):
737         * ftl/FTLLocation.h:
738         (JSC::FTL::Location::forRegister):
739         (JSC::FTL::Location::hasAddend):
740         (JSC::FTL::Location::addend):
741
742 2013-10-19  Nadav Rotem  <nrotem@apple.com>
743
744         DFG dominators: document and rename stuff.
745         https://bugs.webkit.org/show_bug.cgi?id=123056
746
747         Reviewed by Filip Pizlo.
748
749         Documented the code and renamed some variables.
750
751         * dfg/DFGDominators.cpp:
752         (JSC::DFG::Dominators::compute):
753         (JSC::DFG::Dominators::pruneDominators):
754         * dfg/DFGDominators.h:
755
756 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
757
758         Fix build failure for architectures with 4 argument registers.
759         https://bugs.webkit.org/show_bug.cgi?id=123060
760
761         Reviewed by Michael Saboff.
762
763         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
764         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
765
766         * dfg/DFGSpeculativeJIT.h:
767         (JSC::DFG::SpeculativeJIT::callOperation):
768         * jit/CCallHelpers.h:
769         (JSC::CCallHelpers::setupArgumentsWithExecState):
770         * jit/JITInlines.h:
771         (JSC::JIT::callOperation):
772
773 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
774
775         Unreviewed, fix FTL build.
776
777         * ftl/FTLIntrinsicRepository.h:
778         * ftl/FTLLowerDFGToLLVM.cpp:
779         (JSC::FTL::LowerDFGToLLVM::compileGetById):
780
781 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
782
783         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
784         https://bugs.webkit.org/show_bug.cgi?id=122940
785
786         Reviewed by Oliver Hunt.
787         
788         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
789         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
790         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
791         StructureStubInfo's. It removes some of the need for the compile-time property access
792         records; for example the DFG no longer has to save information about registers in a
793         property access record only to later save it to the stub info.
794         
795         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
796         at any stage of compilation.
797
798         * bytecode/CodeBlock.cpp:
799         (JSC::CodeBlock::printGetByIdCacheStatus):
800         (JSC::CodeBlock::dumpBytecode):
801         (JSC::CodeBlock::~CodeBlock):
802         (JSC::CodeBlock::propagateTransitions):
803         (JSC::CodeBlock::finalizeUnconditionally):
804         (JSC::CodeBlock::addStubInfo):
805         (JSC::CodeBlock::getStubInfoMap):
806         (JSC::CodeBlock::shrinkToFit):
807         * bytecode/CodeBlock.h:
808         (JSC::CodeBlock::begin):
809         (JSC::CodeBlock::end):
810         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
811         * bytecode/CodeOrigin.h:
812         (JSC::CodeOrigin::CodeOrigin):
813         (JSC::CodeOrigin::isHashTableDeletedValue):
814         (JSC::CodeOrigin::hash):
815         (JSC::CodeOriginHash::hash):
816         (JSC::CodeOriginHash::equal):
817         * bytecode/GetByIdStatus.cpp:
818         (JSC::GetByIdStatus::computeFor):
819         * bytecode/GetByIdStatus.h:
820         * bytecode/PutByIdStatus.cpp:
821         (JSC::PutByIdStatus::computeFor):
822         * bytecode/PutByIdStatus.h:
823         * bytecode/StructureStubInfo.h:
824         (JSC::getStructureStubInfoCodeOrigin):
825         * dfg/DFGByteCodeParser.cpp:
826         (JSC::DFG::ByteCodeParser::parseBlock):
827         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
828         * dfg/DFGJITCompiler.cpp:
829         (JSC::DFG::JITCompiler::link):
830         * dfg/DFGJITCompiler.h:
831         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
832         (JSC::DFG::InRecord::InRecord):
833         * dfg/DFGSpeculativeJIT.cpp:
834         (JSC::DFG::SpeculativeJIT::compileIn):
835         * dfg/DFGSpeculativeJIT.h:
836         (JSC::DFG::SpeculativeJIT::callOperation):
837         * dfg/DFGSpeculativeJIT32_64.cpp:
838         (JSC::DFG::SpeculativeJIT::cachedGetById):
839         (JSC::DFG::SpeculativeJIT::cachedPutById):
840         * dfg/DFGSpeculativeJIT64.cpp:
841         (JSC::DFG::SpeculativeJIT::cachedGetById):
842         (JSC::DFG::SpeculativeJIT::cachedPutById):
843         * jit/CCallHelpers.h:
844         (JSC::CCallHelpers::setupArgumentsWithExecState):
845         * jit/JIT.cpp:
846         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
847         (JSC::JIT::privateCompile):
848         * jit/JIT.h:
849         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
850         * jit/JITInlines.h:
851         (JSC::JIT::callOperation):
852         * jit/JITOperations.cpp:
853         * jit/JITOperations.h:
854         * jit/JITPropertyAccess.cpp:
855         (JSC::JIT::emitSlow_op_get_by_id):
856         (JSC::JIT::emitSlow_op_put_by_id):
857         * jit/JITPropertyAccess32_64.cpp:
858         (JSC::JIT::emitSlow_op_get_by_id):
859         (JSC::JIT::emitSlow_op_put_by_id):
860         * jit/Repatch.cpp:
861         (JSC::appropriateGenericPutByIdFunction):
862         (JSC::appropriateListBuildingPutByIdFunction):
863         (JSC::resetPutByID):
864
865 2013-10-18  Oliver Hunt  <oliver@apple.com>
866
867         Spread operator should be performing direct "puts" and not triggering setters
868         https://bugs.webkit.org/show_bug.cgi?id=123047
869
870         Reviewed by Geoffrey Garen.
871
872         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
873         to array construct.  This required a new PutByValDirect node to be introduced to
874         the DFG.  The current implementation simply changes the slow path function that
875         is called, but in future this could be made faster as it does not need to check
876         the prototype chain.
877
878         * bytecode/CodeBlock.cpp:
879         (JSC::CodeBlock::dumpBytecode):
880         (JSC::CodeBlock::CodeBlock):
881         * bytecode/Opcode.h:
882         (JSC::padOpcodeName):
883         * bytecompiler/BytecodeGenerator.cpp:
884         (JSC::BytecodeGenerator::emitDirectPutByVal):
885         * bytecompiler/BytecodeGenerator.h:
886         * bytecompiler/NodesCodegen.cpp:
887         (JSC::ArrayNode::emitBytecode):
888         * dfg/DFGAbstractInterpreterInlines.h:
889         (JSC::DFG::::executeEffects):
890         * dfg/DFGBackwardsPropagationPhase.cpp:
891         (JSC::DFG::BackwardsPropagationPhase::propagate):
892         * dfg/DFGByteCodeParser.cpp:
893         (JSC::DFG::ByteCodeParser::parseBlock):
894         * dfg/DFGCSEPhase.cpp:
895         (JSC::DFG::CSEPhase::getArrayLengthElimination):
896         (JSC::DFG::CSEPhase::getByValLoadElimination):
897         (JSC::DFG::CSEPhase::checkStructureElimination):
898         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
899         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
900         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
901         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
902         (JSC::DFG::CSEPhase::performNodeCSE):
903         * dfg/DFGCapabilities.cpp:
904         (JSC::DFG::capabilityLevel):
905         * dfg/DFGClobberize.h:
906         (JSC::DFG::clobberize):
907         * dfg/DFGFixupPhase.cpp:
908         (JSC::DFG::FixupPhase::fixupNode):
909         * dfg/DFGGraph.h:
910         (JSC::DFG::Graph::clobbersWorld):
911         * dfg/DFGNode.h:
912         (JSC::DFG::Node::hasArrayMode):
913         * dfg/DFGNodeType.h:
914         * dfg/DFGOperations.cpp:
915         (JSC::DFG::putByVal):
916         (JSC::DFG::operationPutByValInternal):
917         * dfg/DFGOperations.h:
918         * dfg/DFGPredictionPropagationPhase.cpp:
919         (JSC::DFG::PredictionPropagationPhase::propagate):
920         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
921         * dfg/DFGSafeToExecute.h:
922         (JSC::DFG::safeToExecute):
923         * dfg/DFGSpeculativeJIT32_64.cpp:
924         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
925         (JSC::DFG::SpeculativeJIT::compile):
926         * dfg/DFGSpeculativeJIT64.cpp:
927         (JSC::DFG::SpeculativeJIT::compile):
928         * dfg/DFGTypeCheckHoistingPhase.cpp:
929         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
930         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
931         * jit/JIT.cpp:
932         (JSC::JIT::privateCompileMainPass):
933         (JSC::JIT::privateCompileSlowCases):
934         * jit/JIT.h:
935         (JSC::JIT::compileDirectPutByVal):
936         * jit/JITOperations.cpp:
937         * jit/JITOperations.h:
938         * jit/JITPropertyAccess.cpp:
939         (JSC::JIT::emitSlow_op_put_by_val):
940         (JSC::JIT::privateCompilePutByVal):
941         * jit/JITPropertyAccess32_64.cpp:
942         (JSC::JIT::emitSlow_op_put_by_val):
943         * llint/LLIntSlowPaths.cpp:
944         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
945         * llint/LLIntSlowPaths.h:
946         * llint/LowLevelInterpreter32_64.asm:
947         * llint/LowLevelInterpreter64.asm:
948
949 2013-10-18  Daniel Bates  <dabates@apple.com>
950
951         [iOS] Export symbol for VM::sharedInstanceExists()
952         https://bugs.webkit.org/show_bug.cgi?id=123046
953
954         Reviewed by Mark Hahnenberg.
955
956         * runtime/VM.h:
957
958 2013-10-18  Daniel Bates  <dabates@apple.com>
959
960         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
961         https://bugs.webkit.org/show_bug.cgi?id=123049
962
963         Reviewed by Mark Hahnenberg.
964
965         * heap/Heap.cpp:
966         (JSC::Heap::setIncrementalSweeper):
967         * heap/Heap.h:
968         * heap/HeapTimer.h:
969         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
970         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
971         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
972         (duplicates the include in the .cpp).
973         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
974         making use of this now, but we'll make use of it in a subsequent patch.
975
976 2013-10-18  Anders Carlsson  <andersca@apple.com>
977
978         Remove spaces between template angle brackets
979         https://bugs.webkit.org/show_bug.cgi?id=123040
980
981         Reviewed by Andreas Kling.
982
983         * API/JSCallbackObject.cpp:
984         (JSC::::create):
985         * API/JSObjectRef.cpp:
986         * bytecode/CodeBlock.h:
987         (JSC::CodeBlock::constants):
988         (JSC::CodeBlock::setConstantRegisters):
989         * bytecode/DFGExitProfile.h:
990         * bytecode/EvalCodeCache.h:
991         * bytecode/Operands.h:
992         * bytecode/UnlinkedCodeBlock.h:
993         (JSC::UnlinkedCodeBlock::constantRegisters):
994         * bytecode/Watchpoint.h:
995         * bytecompiler/BytecodeGenerator.h:
996         * bytecompiler/StaticPropertyAnalysis.h:
997         * bytecompiler/StaticPropertyAnalyzer.h:
998         * dfg/DFGArgumentsSimplificationPhase.cpp:
999         * dfg/DFGBlockInsertionSet.h:
1000         * dfg/DFGCSEPhase.cpp:
1001         (JSC::DFG::performCSE):
1002         (JSC::DFG::performStoreElimination):
1003         * dfg/DFGCommonData.h:
1004         * dfg/DFGDesiredStructureChains.h:
1005         * dfg/DFGDesiredWatchpoints.h:
1006         * dfg/DFGJITCompiler.h:
1007         * dfg/DFGOSRExitCompiler32_64.cpp:
1008         (JSC::DFG::OSRExitCompiler::compileExit):
1009         * dfg/DFGOSRExitCompiler64.cpp:
1010         (JSC::DFG::OSRExitCompiler::compileExit):
1011         * dfg/DFGWorklist.h:
1012         * heap/BlockAllocator.h:
1013         (JSC::CopiedBlock):
1014         (JSC::MarkedBlock):
1015         (JSC::WeakBlock):
1016         (JSC::MarkStackSegment):
1017         (JSC::CopyWorkListSegment):
1018         (JSC::HandleBlock):
1019         * heap/Heap.h:
1020         * heap/Local.h:
1021         * heap/MarkedBlock.h:
1022         * heap/Strong.h:
1023         * jit/AssemblyHelpers.cpp:
1024         (JSC::AssemblyHelpers::decodedCodeMapFor):
1025         * jit/AssemblyHelpers.h:
1026         * jit/SpecializedThunkJIT.h:
1027         * parser/Nodes.h:
1028         * parser/Parser.cpp:
1029         (JSC::::parseIfStatement):
1030         * parser/Parser.h:
1031         (JSC::Scope::copyCapturedVariablesToVector):
1032         (JSC::parse):
1033         * parser/ParserArena.h:
1034         * parser/SourceProviderCacheItem.h:
1035         * profiler/LegacyProfiler.cpp:
1036         (JSC::dispatchFunctionToProfiles):
1037         * profiler/LegacyProfiler.h:
1038         (JSC::LegacyProfiler::currentProfiles):
1039         * profiler/ProfileNode.h:
1040         (JSC::ProfileNode::children):
1041         * profiler/ProfilerDatabase.h:
1042         * runtime/Butterfly.h:
1043         (JSC::Butterfly::contiguousInt32):
1044         (JSC::Butterfly::contiguous):
1045         * runtime/GenericTypedArrayViewInlines.h:
1046         (JSC::::create):
1047         * runtime/Identifier.h:
1048         (JSC::Identifier::add):
1049         * runtime/JSPromise.h:
1050         * runtime/PropertyMapHashTable.h:
1051         * runtime/PropertyNameArray.h:
1052         * runtime/RegExpCache.h:
1053         * runtime/SparseArrayValueMap.h:
1054         * runtime/SymbolTable.h:
1055         * runtime/VM.h:
1056         * tools/CodeProfile.cpp:
1057         (JSC::truncateTrace):
1058         * tools/CodeProfile.h:
1059         * yarr/YarrInterpreter.cpp:
1060         * yarr/YarrInterpreter.h:
1061         (JSC::Yarr::BytecodePattern::BytecodePattern):
1062         * yarr/YarrJIT.cpp:
1063         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
1064         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
1065         (JSC::Yarr::YarrGenerator::opCompileBody):
1066         * yarr/YarrPattern.cpp:
1067         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
1068         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1069         * yarr/YarrPattern.h:
1070
1071 2013-10-18  Mark Lam  <mark.lam@apple.com>
1072
1073         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
1074         https://bugs.webkit.org/show_bug.cgi?id=123037.
1075
1076         Reviewed by Geoffrey Garen.
1077
1078         * jit/JITStubsMSVC64.asm:
1079         * jit/JITStubsX86.h:
1080         * jit/JITStubsX86_64.h:
1081
1082 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1083
1084         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
1085         https://bugs.webkit.org/show_bug.cgi?id=121661
1086
1087         Reviewed by Mark Hahnenberg.
1088         
1089         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
1090         so I added a return-early check using isCompilationThread().
1091         
1092         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
1093         it is describing: m_offset and the property table. Most structures only have m_offset and report
1094         null for the property table. If the property table is there, it will tell you additional
1095         information and that information subsumes m_offset - but the m_offset is still there. So, when
1096         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
1097         machinery to do this.
1098         
1099         Changing the property table only happens on the main thread.
1100         
1101         Because the machinery to change the property table is so complex, especially with respect to
1102         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
1103         called at key points before and after changes to the property table or the offset.
1104
1105         Most clients of Structure who care about object layout, including the concurrent thread, will
1106         want to know m_offset and not the property table. If they want the property table, they will
1107         already be super careful. The concurrent thread has special methods for this, like
1108         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
1109         view of the property table.
1110         
1111         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
1112         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
1113         
1114         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
1115         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
1116         because we have found that it helps quickly identify situations where the property table and
1117         m_offset get out of sync - mainly because code that changes either of those things will usually
1118         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
1119         need the property table; it uses the m_offset. The concurrent JIT is correct to call
1120         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
1121         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
1122         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
1123         locks, and that same structure is having its property table modified by the main thread, we end
1124         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
1125         property table modified - instead what happens is that some downstream structure steals the
1126         property table and then starts adding things to it. The concurrent thread loads the property
1127         table before it's stolen, and hence the badness.
1128         
1129         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
1130         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
1131         and then you have a possible crash.
1132         
1133         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
1134         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
1135         it's in the concurrent JIT.
1136         
1137         * runtime/StructureInlines.h:
1138         (JSC::Structure::checkOffsetConsistency):
1139
1140 2013-10-18  Daniel Bates  <dabates@apple.com>
1141
1142         Add SPI to disable the garbage collector timer
1143         https://bugs.webkit.org/show_bug.cgi?id=122921
1144
1145         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
1146         omitted.
1147
1148         * heap/Heap.cpp:
1149         (JSC::Heap::setGarbageCollectionTimerEnabled):
1150
1151 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1152
1153         Group 64-bit specific and 32-bit specific callOperation implementations.
1154         https://bugs.webkit.org/show_bug.cgi?id=123024
1155
1156         Reviewed by Michael Saboff.
1157
1158         This is not a big deal, but could be less confusing when reading the code.
1159
1160         * jit/JITInlines.h:
1161         (JSC::JIT::callOperation):
1162         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1163         (JSC::JIT::callOperationNoExceptionCheck):
1164
1165 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1166
1167         Fix a FlushLiveness problem.
1168         https://bugs.webkit.org/show_bug.cgi?id=122984
1169
1170         Reviewed by Filip Pizlo.
1171
1172         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1173         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1174
1175 2013-10-18  Michael Saboff  <msaboff@apple.com>
1176
1177         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1178         https://bugs.webkit.org/show_bug.cgi?id=122982
1179
1180         Reviewed by Geoffrey Garen.
1181
1182         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1183         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1184         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1185         in the process.
1186
1187         * dfg/DFGJITCompiler.cpp:
1188         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1189         * jit/CCallHelpers.h:
1190         (JSC::CCallHelpers::jumpToExceptionHandler):
1191         * jit/JIT.cpp:
1192         (JSC::JIT::privateCompileExceptionHandlers):
1193         * jit/JIT.h:
1194         * jit/JITExceptions.cpp:
1195         (JSC::genericUnwind):
1196         * jit/JITExceptions.h:
1197         * jit/JITInlines.h:
1198         (JSC::JIT::callOperationNoExceptionCheck):
1199         * jit/JITOpcodes.cpp:
1200         (JSC::JIT::emit_op_throw):
1201         * jit/JITOpcodes32_64.cpp:
1202         (JSC::JIT::privateCompileCTINativeCall):
1203         (JSC::JIT::emit_op_throw):
1204         * jit/JITOperations.cpp:
1205         * jit/JITOperations.h:
1206         * jit/JITStubs.cpp:
1207         * jit/JITStubs.h:
1208         * jit/JITStubsARM.h:
1209         * jit/JITStubsARM64.h:
1210         * jit/JITStubsARMv7.h:
1211         * jit/JITStubsMIPS.h:
1212         * jit/JITStubsMSVC64.asm:
1213         * jit/JITStubsSH4.h:
1214         * jit/JITStubsX86.h:
1215         * jit/JITStubsX86_64.h:
1216         * jit/Repatch.cpp:
1217         (JSC::tryBuildGetByIDList):
1218         * jit/SlowPathCall.h:
1219         (JSC::JITSlowPathCall::call):
1220         * jit/ThunkGenerators.cpp:
1221         (JSC::throwExceptionFromCallSlowPathGenerator):
1222         (JSC::nativeForGenerator):
1223         * runtime/VM.h:
1224         (JSC::VM::callFrameForThrowOffset):
1225         (JSC::VM::targetMachinePCForThrowOffset):
1226
1227 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1228
1229         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1230         https://bugs.webkit.org/show_bug.cgi?id=123023
1231
1232         Reviewed by Michael Saboff.
1233
1234         * jit/JITInlines.h:
1235         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1236         using EABI_32BIT_DUMMY_ARG here.
1237
1238 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1239
1240         Unreviewed, another ARM64 build fix.
1241         
1242         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1243         on ARM64 and none of its uses are legit - they should all be using
1244         andPtr(TrustedImm32, blah) anyway.
1245
1246         * assembler/MacroAssembler.h:
1247         * assembler/MacroAssemblerARM64.h:
1248         * dfg/DFGJITCompiler.cpp:
1249         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1250         * jit/JIT.cpp:
1251         (JSC::JIT::privateCompileExceptionHandlers):
1252
1253 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1254
1255         Unreviewed, speculative ARM64 build fix.
1256         
1257         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1258         implemented. So, you have to use TrustedImmPtr in the superclasses.
1259
1260         * assembler/MacroAssemblerARM64.h:
1261         (JSC::MacroAssemblerARM64::store8):
1262         (JSC::MacroAssemblerARM64::branchTest8):
1263
1264 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1265
1266         Unreviewed, speculative ARM build fix.
1267         https://bugs.webkit.org/show_bug.cgi?id=122890
1268         <rdar://problem/15258624>
1269
1270         * assembler/ARM64Assembler.h:
1271         (JSC::ARM64Assembler::firstRegister):
1272         (JSC::ARM64Assembler::lastRegister):
1273         (JSC::ARM64Assembler::firstFPRegister):
1274         (JSC::ARM64Assembler::lastFPRegister):
1275         * assembler/MacroAssemblerARM64.h:
1276         * assembler/MacroAssemblerARMv7.h:
1277
1278 2013-10-17  Andreas Kling  <akling@apple.com>
1279
1280         Pass VM instead of JSGlobalObject to JSONObject constructor.
1281         <https://webkit.org/b/122999>
1282
1283         JSONObject was only use the JSGlobalObject to grab at the VM.
1284         Dodge a few loads by passing the VM directly instead.
1285
1286         Reviewed by Geoffrey Garen.
1287
1288         * runtime/JSONObject.cpp:
1289         (JSC::JSONObject::JSONObject):
1290         (JSC::JSONObject::finishCreation):
1291         * runtime/JSONObject.h:
1292         (JSC::JSONObject::create):
1293
1294 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1295
1296         Removed the JITStackFrame struct
1297         https://bugs.webkit.org/show_bug.cgi?id=123001
1298
1299         Reviewed by Anders Carlsson.
1300
1301         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1302         our helper functions obey the C function call ABI.
1303
1304 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1305
1306         Removed an unused #define
1307         https://bugs.webkit.org/show_bug.cgi?id=123000
1308
1309         Reviewed by Anders Carlsson.
1310
1311         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1312         since it is unused now. This is a step toward using the C stack.
1313
1314 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1315
1316         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1317         https://bugs.webkit.org/show_bug.cgi?id=122973
1318
1319         Reviewed by Michael Saboff.
1320
1321         * jit/ThunkGenerators.cpp:
1322         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1323         so I removed it.
1324
1325         The code acted as if it needed to pass an argument to
1326         lookupExceptionHandler, and as if it passed that argument to itself
1327         through JITStackFrame. However, lookupExceptionHandler does not take
1328         an argument (other than the default ExecState argument), and the code
1329         did not initialize the thing that it thought it passed to itself!
1330
1331 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1332
1333         Run JavaScriptCore tests again on Windows.
1334         https://bugs.webkit.org/show_bug.cgi?id=122787
1335
1336         Reviewed by Tim Horton.
1337
1338         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1339         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1340
1341 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1342
1343         Removed restoreArgumentReference (another use of JITStackFrame)
1344         https://bugs.webkit.org/show_bug.cgi?id=122997
1345
1346         Reviewed by Oliver Hunt.
1347
1348         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1349         toward using the C stack.
1350
1351 2013-10-17  Oliver Hunt  <oliver@apple.com>
1352
1353         Remove JITStubCall.h
1354         https://bugs.webkit.org/show_bug.cgi?id=122991
1355
1356         Reviewed by Geoff Garen.
1357
1358         Happily this is no longer used
1359
1360         * GNUmakefile.list.am:
1361         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1362         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1363         * JavaScriptCore.xcodeproj/project.pbxproj:
1364         * jit/JIT.cpp:
1365         * jit/JITArithmetic.cpp:
1366         * jit/JITArithmetic32_64.cpp:
1367         * jit/JITCall.cpp:
1368         * jit/JITCall32_64.cpp:
1369         * jit/JITOpcodes.cpp:
1370         * jit/JITOpcodes32_64.cpp:
1371         * jit/JITPropertyAccess.cpp:
1372         * jit/JITPropertyAccess32_64.cpp:
1373         * jit/JITStubCall.h: Removed.
1374
1375 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1376
1377         Removed a use of JITSTACKFRAME_ARGS_INDEX
1378         https://bugs.webkit.org/show_bug.cgi?id=122989
1379
1380         Reviewed by Oliver Hunt.
1381
1382         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1383         to using the C stack.
1384
1385 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1386
1387         Change emit_op_catch to use another method to materialize VM
1388         https://bugs.webkit.org/show_bug.cgi?id=122977
1389
1390         Reviewed by Oliver Hunt.
1391
1392         * jit/JITOpcodes.cpp:
1393         (JSC::JIT::emit_op_catch):
1394         * jit/JITOpcodes32_64.cpp:
1395         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1396         on JITStackFrame. It is also faster and simpler.
1397
1398 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1399
1400         Eliminate emitGetJITStubArg() - dead code
1401         https://bugs.webkit.org/show_bug.cgi?id=122975
1402
1403         Reviewed by Anders Carlsson.
1404
1405         * jit/JIT.h:
1406         * jit/JITInlines.h: Removed unused, deprecated function.
1407
1408 2013-10-17  Mark Lam  <mark.lam@apple.com>
1409
1410         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1411         https://bugs.webkit.org/show_bug.cgi?id=122979.
1412
1413         Reviewed by Michael Saboff.
1414
1415         * jit/JITStubs.cpp:
1416         * jit/JITStubs.h:
1417         * jit/JITStubsARM.h:
1418         * jit/JITStubsARM64.h:
1419         * jit/JITStubsARMv7.h:
1420         * jit/JITStubsMIPS.h:
1421         * jit/JITStubsSH4.h:
1422         * jit/JITStubsX86.h:
1423         * jit/JITStubsX86_64.h:
1424         * runtime/VM.cpp:
1425         (JSC::VM::VM):
1426
1427 2013-10-17  Michael Saboff  <msaboff@apple.com>
1428
1429         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1430         https://bugs.webkit.org/show_bug.cgi?id=122974
1431
1432         Reviewed by Geoffrey Garen.
1433
1434         Eliminated unneeded storing to JITStackFrame.
1435
1436         * dfg/DFGJITCompiler.cpp:
1437         (JSC::DFG::JITCompiler::compileFunction):
1438
1439 2013-10-17  Michael Saboff  <msaboff@apple.com>
1440
1441         Transition cti_op_throw and cti_vm_throw to a JIT operation
1442         https://bugs.webkit.org/show_bug.cgi?id=122931
1443
1444         Reviewed by Filip Pizlo.
1445
1446         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1447         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1448         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1449         callOperation to handle the need to provide space for structure return value.
1450
1451         * jit/JIT.h:
1452         * jit/JITInlines.h:
1453         (JSC::JIT::callOperation):
1454         * jit/JITOpcodes.cpp:
1455         (JSC::JIT::emit_op_throw):
1456         * jit/JITOpcodes32_64.cpp:
1457         (JSC::JIT::emit_op_throw):
1458         (JSC::JIT::emit_op_catch):
1459         * jit/JITOperations.cpp:
1460         * jit/JITOperations.h:
1461         * jit/JITStubs.cpp:
1462         * jit/JITStubs.h:
1463         * jit/JITStubsARM.h:
1464         * jit/JITStubsARM64.h:
1465         * jit/JITStubsARMv7.h:
1466         * jit/JITStubsMIPS.h:
1467         * jit/JITStubsMSVC64.asm:
1468         * jit/JITStubsSH4.h:
1469         * jit/JITStubsX86.h:
1470         * jit/JITStubsX86_64.h:
1471         * jit/JSInterfaceJIT.h:
1472
1473 2013-10-17  Mark Lam  <mark.lam@apple.com>
1474
1475         Remove JITStackFrame references in the C Loop LLINT.
1476         https://bugs.webkit.org/show_bug.cgi?id=122950.
1477
1478         Reviewed by Michael Saboff.
1479
1480         * jit/JITStubs.h:
1481         * llint/LowLevelInterpreter.cpp:
1482         (JSC::CLoop::execute):
1483         * offlineasm/cloop.rb:
1484
1485 2013-10-17  Mark Lam  <mark.lam@apple.com>
1486
1487         Remove JITStackFrame references in JIT probes.
1488         https://bugs.webkit.org/show_bug.cgi?id=122947.
1489
1490         Reviewed by Michael Saboff.
1491
1492         * assembler/MacroAssemblerARM.cpp:
1493         (JSC::MacroAssemblerARM::ProbeContext::dump):
1494         * assembler/MacroAssemblerARM.h:
1495         * assembler/MacroAssemblerARMv7.cpp:
1496         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1497         * assembler/MacroAssemblerARMv7.h:
1498         * assembler/MacroAssemblerX86Common.cpp:
1499         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1500         * assembler/MacroAssemblerX86Common.h:
1501         * jit/JITStubsARM.h:
1502         * jit/JITStubsARMv7.h:
1503         * jit/JITStubsX86.h:
1504         * jit/JITStubsX86Common.h:
1505         * jit/JITStubsX86_64.h:
1506
1507 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1508
1509         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1510         https://bugs.webkit.org/show_bug.cgi?id=122949
1511
1512         Reviewed by Andreas Kling.
1513
1514         * jit/CCallHelpers.h:
1515         (JSC::CCallHelpers::setupArgumentsWithExecState):
1516
1517 2013-10-16  Mark Lam  <mark.lam@apple.com>
1518
1519         Transition remaining op_get* JITStubs to JIT operations.
1520         https://bugs.webkit.org/show_bug.cgi?id=122925.
1521
1522         Reviewed by Geoffrey Garen.
1523
1524         Transitioning:
1525             cti_op_get_by_id_generic
1526             cti_op_get_by_val
1527             cti_op_get_by_val_generic
1528             cti_op_get_by_val_string
1529
1530         * dfg/DFGOperations.cpp:
1531         * dfg/DFGOperations.h:
1532         * jit/JIT.h:
1533         * jit/JITInlines.h:
1534         (JSC::JIT::callOperation):
1535         * jit/JITOpcodes.cpp:
1536         (JSC::JIT::emitSlow_op_get_arguments_length):
1537         (JSC::JIT::emitSlow_op_get_argument_by_val):
1538         * jit/JITOpcodes32_64.cpp:
1539         (JSC::JIT::emitSlow_op_get_arguments_length):
1540         (JSC::JIT::emitSlow_op_get_argument_by_val):
1541         * jit/JITOperations.cpp:
1542         * jit/JITOperations.h:
1543         * jit/JITPropertyAccess.cpp:
1544         (JSC::JIT::emitSlow_op_get_by_val):
1545         (JSC::JIT::emitSlow_op_get_by_pname):
1546         (JSC::JIT::privateCompileGetByVal):
1547         * jit/JITPropertyAccess32_64.cpp:
1548         (JSC::JIT::emitSlow_op_get_by_val):
1549         (JSC::JIT::emitSlow_op_get_by_pname):
1550         * jit/JITStubs.cpp:
1551         * jit/JITStubs.h:
1552         * runtime/Executable.cpp:
1553         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1554         * runtime/Options.cpp:
1555         (JSC::Options::initialize):
1556
1557 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1558
1559         Introduce WTF::Bag and start using it for InlineCallFrameSet
1560         https://bugs.webkit.org/show_bug.cgi?id=122941
1561
1562         Reviewed by Geoffrey Garen.
1563         
1564         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1565         SegmentedVectors into Bags as well.
1566
1567         * bytecode/InlineCallFrameSet.cpp:
1568         (JSC::InlineCallFrameSet::add):
1569         * bytecode/InlineCallFrameSet.h:
1570         (JSC::InlineCallFrameSet::begin):
1571         (JSC::InlineCallFrameSet::end):
1572         * dfg/DFGArgumentsSimplificationPhase.cpp:
1573         (JSC::DFG::ArgumentsSimplificationPhase::run):
1574         * dfg/DFGJITCompiler.cpp:
1575         (JSC::DFG::JITCompiler::link):
1576         * dfg/DFGStackLayoutPhase.cpp:
1577         (JSC::DFG::StackLayoutPhase::run):
1578         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1579         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1580
1581 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1582
1583         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1584         https://bugs.webkit.org/show_bug.cgi?id=122905
1585         <rdar://problem/15237856>
1586
1587         Reviewed by Michael Saboff.
1588         
1589         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1590         then always call it to install something that calls CRASH().
1591
1592         * llvm/InitializeLLVM.cpp:
1593         (JSC::llvmCrash):
1594         (JSC::initializeLLVMOnce):
1595         (JSC::initializeLLVM):
1596         * llvm/LLVMAPIFunctions.h:
1597
1598 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1599
1600         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1601         https://bugs.webkit.org/show_bug.cgi?id=122938
1602
1603         Reviewed by Sam Weinig.
1604         
1605         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1606
1607         * jit/Repatch.cpp:
1608         (JSC::tryBuildGetByIDList):
1609
1610 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1611
1612         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1613         https://bugs.webkit.org/show_bug.cgi?id=122937
1614
1615         Reviewed by Geoffrey Garen.
1616         
1617         JITStubCall used to do it.
1618         
1619         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1620
1621         * jit/JIT.h:
1622         (JSC::JIT::appendCall):
1623
1624 2013-10-16  Michael Saboff  <msaboff@apple.com>
1625
1626         transition void cti_op_put_by_val* stubs to JIT operations
1627         https://bugs.webkit.org/show_bug.cgi?id=122903
1628
1629         Reviewed by Geoffrey Garen.
1630
1631         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1632         operationPutByValGeneric.
1633
1634         * jit/CCallHelpers.h:
1635         (JSC::CCallHelpers::setupArgumentsWithExecState):
1636         * jit/JIT.h:
1637         * jit/JITInlines.h:
1638         (JSC::JIT::callOperation):
1639         * jit/JITOperations.cpp:
1640         * jit/JITOperations.h:
1641         * jit/JITPropertyAccess.cpp:
1642         (JSC::JIT::emitSlow_op_put_by_val):
1643         (JSC::JIT::privateCompilePutByVal):
1644         * jit/JITPropertyAccess32_64.cpp:
1645         (JSC::JIT::emitSlow_op_put_by_val):
1646         * jit/JITStubs.cpp:
1647         * jit/JITStubs.h:
1648         * jit/JSInterfaceJIT.h:
1649
1650 2013-10-16  Oliver Hunt  <oliver@apple.com>
1651
1652         Implement ES6 spread operator
1653         https://bugs.webkit.org/show_bug.cgi?id=122911
1654
1655         Reviewed by Michael Saboff.
1656
1657         Implement the ES6 spread operator
1658
1659         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1660         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1661         driven.
1662
1663         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1664         and actually handling the spread.
1665
1666         * bytecompiler/BytecodeGenerator.cpp:
1667         (JSC::BytecodeGenerator::emitNewArray):
1668         (JSC::BytecodeGenerator::emitCall):
1669         (JSC::BytecodeGenerator::emitEnumeration):
1670         * bytecompiler/BytecodeGenerator.h:
1671         * bytecompiler/NodesCodegen.cpp:
1672         (JSC::ArrayNode::emitBytecode):
1673         (JSC::ForOfNode::emitBytecode):
1674         (JSC::SpreadExpressionNode::emitBytecode):
1675         * parser/ASTBuilder.h:
1676         (JSC::ASTBuilder::createSpreadExpression):
1677         * parser/Lexer.cpp:
1678         (JSC::::lex):
1679         * parser/NodeConstructors.h:
1680         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1681         * parser/Nodes.h:
1682         (JSC::ExpressionNode::isSpreadExpression):
1683         (JSC::SpreadExpressionNode::expression):
1684         * parser/Parser.cpp:
1685         (JSC::::parseArrayLiteral):
1686         (JSC::::parseArguments):
1687         (JSC::::parseMemberExpression):
1688         * parser/Parser.h:
1689         (JSC::Parser::getTokenName):
1690         (JSC::Parser::updateErrorMessageSpecialCase):
1691         * parser/ParserTokens.h:
1692         * parser/SyntaxChecker.h:
1693         (JSC::SyntaxChecker::createSpreadExpression):
1694
1695 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1696
1697         Add a useLLInt option to jsc
1698         https://bugs.webkit.org/show_bug.cgi?id=122930
1699
1700         Reviewed by Geoffrey Garen.
1701
1702         * runtime/Executable.cpp:
1703         (JSC::setupLLInt):
1704         (JSC::setupJIT):
1705         (JSC::ScriptExecutable::prepareForExecutionImpl):
1706         * runtime/Options.h:
1707
1708 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1709
1710         Build fix.
1711
1712         Forgot to svn add DeferGC.cpp
1713
1714         * heap/DeferGC.cpp: Added.
1715
1716 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1717
1718         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1719         https://bugs.webkit.org/show_bug.cgi?id=122902
1720
1721         Reviewed by Mark Hahnenberg.
1722         
1723         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1724         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1725         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1726         didn't. Turns out that there's even a helpful method,
1727         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1728
1729         * jit/Repatch.cpp:
1730         (JSC::tryCachePutByID):
1731
1732 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1733
1734         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1735         https://bugs.webkit.org/show_bug.cgi?id=122667
1736
1737         Reviewed by Geoffrey Garen.
1738
1739         The issue this patch is attempting to fix is that there are places in our codebase
1740         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1741         operations that can initiate a garbage collection. Garbage collection then calls 
1742         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1743         always necessarily run during garbage collection). This causes a deadlock.
1744  
1745         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1746         into a thread-local field that indicates that it is unsafe to perform any operation 
1747         that could trigger garbage collection on the current thread. In debug builds, 
1748         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1749         detect deadlocks.
1750  
1751         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1752         which uses the DeferGC mechanism to prevent collections from occurring while the 
1753         lock is held.
1754
1755         * CMakeLists.txt:
1756         * GNUmakefile.list.am:
1757         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1758         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1759         * JavaScriptCore.xcodeproj/project.pbxproj:
1760         * heap/DeferGC.h:
1761         (JSC::DisallowGC::DisallowGC):
1762         (JSC::DisallowGC::~DisallowGC):
1763         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1764         (JSC::DisallowGC::initialize):
1765         * jit/Repatch.cpp:
1766         (JSC::repatchPutByID):
1767         (JSC::buildPutByIdList):
1768         * llint/LLIntSlowPaths.cpp:
1769         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1770         * runtime/ConcurrentJITLock.h:
1771         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1772         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1773         (JSC::ConcurrentJITLockerBase::unlockEarly):
1774         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1775         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1776         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1777         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1778         * runtime/InitializeThreading.cpp:
1779         (JSC::initializeThreadingOnce):
1780         * runtime/JSCellInlines.h:
1781         (JSC::allocateCell):
1782         * runtime/JSSymbolTableObject.h:
1783         (JSC::symbolTablePut):
1784         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1785         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1786         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1787         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1788         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1789         the Structure.
1790         (JSC::Structure::materializePropertyMap):
1791         (JSC::Structure::despecifyDictionaryFunction):
1792         (JSC::Structure::changePrototypeTransition):
1793         (JSC::Structure::despecifyFunctionTransition):
1794         (JSC::Structure::attributeChangeTransition):
1795         (JSC::Structure::toDictionaryTransition):
1796         (JSC::Structure::preventExtensionsTransition):
1797         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1798         (JSC::Structure::isSealed):
1799         (JSC::Structure::isFrozen):
1800         (JSC::Structure::addPropertyWithoutTransition):
1801         (JSC::Structure::removePropertyWithoutTransition):
1802         (JSC::Structure::get):
1803         (JSC::Structure::despecifyFunction):
1804         (JSC::Structure::despecifyAllFunctions):
1805         (JSC::Structure::putSpecificValue):
1806         (JSC::Structure::createPropertyMap):
1807         (JSC::Structure::getPropertyNamesFromStructure):
1808         * runtime/Structure.h:
1809         (JSC::Structure::materializePropertyMapIfNecessary):
1810         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1811         * runtime/StructureInlines.h:
1812         (JSC::Structure::get):
1813         * runtime/SymbolTable.h:
1814         (JSC::SymbolTable::find):
1815         (JSC::SymbolTable::end):
1816
1817 2013-10-16  Daniel Bates  <dabates@apple.com>
1818
1819         Add SPI to disable the garbage collector timer
1820         https://bugs.webkit.org/show_bug.cgi?id=122921
1821
1822         Reviewed by Geoffrey Garen.
1823
1824         Based on a patch by Mark Hahnenberg.
1825
1826         * API/JSBase.cpp:
1827         (JSDisableGCTimer): Added; SPI function.
1828         * API/JSBasePrivate.h:
1829         * heap/BlockAllocator.cpp:
1830         (JSC::createBlockFreeingThread): Added.
1831         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1832         to conditionally create the "block freeing" thread depending on the value of
1833         GCActivityCallback::s_shouldCreateGCTimer.
1834         (JSC::BlockAllocator::~BlockAllocator):
1835         * heap/BlockAllocator.h:
1836         (JSC::BlockAllocator::deallocate):
1837         * heap/Heap.cpp:
1838         (JSC::Heap::didAbandon):
1839         (JSC::Heap::collect):
1840         (JSC::Heap::didAllocate):
1841         * heap/HeapTimer.cpp:
1842         (JSC::HeapTimer::timerDidFire):
1843         * runtime/GCActivityCallback.cpp:
1844         * runtime/GCActivityCallback.h:
1845         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1846         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1847         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1848
1849 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1850
1851         Unreviewed, rolling out r157529.
1852         http://trac.webkit.org/changeset/157529
1853         https://bugs.webkit.org/show_bug.cgi?id=122919
1854
1855         Caused score test failures and some build failures. (Requested
1856         by rfong on #webkit).
1857
1858         * bytecompiler/BytecodeGenerator.cpp:
1859         (JSC::BytecodeGenerator::emitNewArray):
1860         (JSC::BytecodeGenerator::emitCall):
1861         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1862         * bytecompiler/BytecodeGenerator.h:
1863         * bytecompiler/NodesCodegen.cpp:
1864         (JSC::ArrayNode::emitBytecode):
1865         (JSC::CallArguments::CallArguments):
1866         (JSC::ForOfNode::emitBytecode):
1867         (JSC::BindingNode::collectBoundIdentifiers):
1868         * parser/ASTBuilder.h:
1869         * parser/Lexer.cpp:
1870         (JSC::::lex):
1871         * parser/NodeConstructors.h:
1872         (JSC::DotAccessorNode::DotAccessorNode):
1873         * parser/Nodes.h:
1874         * parser/Parser.cpp:
1875         (JSC::::parseArrayLiteral):
1876         (JSC::::parseArguments):
1877         (JSC::::parseMemberExpression):
1878         * parser/Parser.h:
1879         (JSC::Parser::getTokenName):
1880         (JSC::Parser::updateErrorMessageSpecialCase):
1881         * parser/ParserTokens.h:
1882         * parser/SyntaxChecker.h:
1883
1884 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1885
1886         Remove useless architecture specific implementation in DFG.
1887         https://bugs.webkit.org/show_bug.cgi?id=122917.
1888
1889         Reviewed by Michael Saboff.
1890
1891         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1892         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1893
1894         * dfg/DFGSpeculativeJIT.h:
1895
1896 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1897
1898         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1899         https://bugs.webkit.org/show_bug.cgi?id=122916.
1900
1901         Reviewed by Michael Saboff.
1902
1903         This architecture specific function is not used anymore, so get rid of it.
1904
1905         * jit/JIT.h:
1906         * jit/JITInlines.h:
1907
1908 2013-10-16  Oliver Hunt  <oliver@apple.com>
1909
1910         Implement ES6 spread operator
1911         https://bugs.webkit.org/show_bug.cgi?id=122911
1912
1913         Reviewed by Michael Saboff.
1914
1915         Implement the ES6 spread operator
1916
1917         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1918         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1919         driven.
1920
1921         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1922         and actually handling the spread.
1923
1924         * bytecompiler/BytecodeGenerator.cpp:
1925         (JSC::BytecodeGenerator::emitNewArray):
1926         (JSC::BytecodeGenerator::emitCall):
1927         (JSC::BytecodeGenerator::emitEnumeration):
1928         * bytecompiler/BytecodeGenerator.h:
1929         * bytecompiler/NodesCodegen.cpp:
1930         (JSC::ArrayNode::emitBytecode):
1931         (JSC::ForOfNode::emitBytecode):
1932         (JSC::SpreadExpressionNode::emitBytecode):
1933         * parser/ASTBuilder.h:
1934         (JSC::ASTBuilder::createSpreadExpression):
1935         * parser/Lexer.cpp:
1936         (JSC::::lex):
1937         * parser/NodeConstructors.h:
1938         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1939         * parser/Nodes.h:
1940         (JSC::ExpressionNode::isSpreadExpression):
1941         (JSC::SpreadExpressionNode::expression):
1942         * parser/Parser.cpp:
1943         (JSC::::parseArrayLiteral):
1944         (JSC::::parseArguments):
1945         (JSC::::parseMemberExpression):
1946         * parser/Parser.h:
1947         (JSC::Parser::getTokenName):
1948         (JSC::Parser::updateErrorMessageSpecialCase):
1949         * parser/ParserTokens.h:
1950         * parser/SyntaxChecker.h:
1951         (JSC::SyntaxChecker::createSpreadExpression):
1952
1953 2013-10-16  Mark Lam  <mark.lam@apple.com>
1954
1955         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1956         https://bugs.webkit.org/show_bug.cgi?id=122899.
1957
1958         Reviewed by Michael Saboff.
1959
1960         * jit/JITOpcodes32_64.cpp:
1961         (JSC::JIT::emit_op_tear_off_activation):
1962         (JSC::JIT::emit_op_tear_off_arguments):
1963         * jit/JITStubs.cpp:
1964         * jit/JITStubs.h:
1965
1966 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1967
1968         Remove more of the UNINTERRUPTED_SEQUENCE thing
1969         https://bugs.webkit.org/show_bug.cgi?id=122885
1970
1971         Reviewed by Andreas Kling.
1972
1973         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1974
1975         * jit/JIT.h:
1976         * jit/JITInlines.h:
1977
1978 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1979
1980         Get rid of the StructureStubInfo::patch union
1981         https://bugs.webkit.org/show_bug.cgi?id=122877
1982
1983         Reviewed by Sam Weinig.
1984         
1985         Just simplifying code by getting rid of data structures that ain't used no more.
1986         
1987         Note that I replace the patch union with a patch struct. This means we say things like
1988         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1989         encapsulation makes the code more readable: the patch struct contains just those things
1990         that you need to know to perform patching.
1991
1992         * bytecode/StructureStubInfo.h:
1993         * dfg/DFGJITCompiler.cpp:
1994         (JSC::DFG::JITCompiler::link):
1995         * jit/JIT.cpp:
1996         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1997         * jit/Repatch.cpp:
1998         (JSC::repatchByIdSelfAccess):
1999         (JSC::replaceWithJump):
2000         (JSC::linkRestoreScratch):
2001         (JSC::generateProtoChainAccessStub):
2002         (JSC::tryCacheGetByID):
2003         (JSC::getPolymorphicStructureList):
2004         (JSC::patchJumpToGetByIdStub):
2005         (JSC::tryBuildGetByIDList):
2006         (JSC::emitPutReplaceStub):
2007         (JSC::emitPutTransitionStub):
2008         (JSC::tryCachePutByID):
2009         (JSC::tryBuildPutByIdList):
2010         (JSC::tryRepatchIn):
2011         (JSC::resetGetByID):
2012         (JSC::resetPutByID):
2013         (JSC::resetIn):
2014
2015 2013-10-15  Nadav Rotem  <nrotem@apple.com>
2016
2017         FTL: add support for Int52ToValue and fix putByVal of int52s.
2018         https://bugs.webkit.org/show_bug.cgi?id=122873
2019
2020         Reviewed by Filip Pizlo.
2021
2022         * ftl/FTLCapabilities.cpp:
2023         (JSC::FTL::canCompile):
2024         * ftl/FTLLowerDFGToLLVM.cpp:
2025         (JSC::FTL::LowerDFGToLLVM::compileNode):
2026         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
2027         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2028
2029 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2030
2031         Get rid of the UNINTERRUPTED_SEQUENCE thing
2032         https://bugs.webkit.org/show_bug.cgi?id=122876
2033
2034         Reviewed by Mark Hahnenberg.
2035         
2036         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
2037         
2038         Moreover, we should resist the temptation to bring anything like this back. We don't
2039         want to have inline caches that only work if the assembler lays out code in a specific
2040         predetermined way.
2041
2042         * jit/JIT.h:
2043         * jit/JITCall.cpp:
2044         (JSC::JIT::compileOpCall):
2045         * jit/JITCall32_64.cpp:
2046         (JSC::JIT::compileOpCall):
2047
2048 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2049
2050         Baseline JIT should use the DFG GetById IC
2051         https://bugs.webkit.org/show_bug.cgi?id=122861
2052
2053         Reviewed by Oliver Hunt.
2054         
2055         This mostly just kills a ton of code.
2056         
2057         Note that this doesn't yet do all of the simplifications that can be done, but it does
2058         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
2059
2060         * bytecode/CodeBlock.cpp:
2061         (JSC::CodeBlock::resetStubInternal):
2062         * jit/JIT.cpp:
2063         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2064         * jit/JIT.h:
2065         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2066         * jit/JITInlines.h:
2067         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2068         (JSC::JIT::callOperation):
2069         * jit/JITPropertyAccess.cpp:
2070         (JSC::JIT::compileGetByIdHotPath):
2071         (JSC::JIT::emitSlow_op_get_by_id):
2072         (JSC::JIT::emitSlow_op_get_from_scope):
2073         * jit/JITPropertyAccess32_64.cpp:
2074         (JSC::JIT::compileGetByIdHotPath):
2075         (JSC::JIT::emitSlow_op_get_by_id):
2076         (JSC::JIT::emitSlow_op_get_from_scope):
2077         * jit/JITStubs.cpp:
2078         * jit/JITStubs.h:
2079         * jit/Repatch.cpp:
2080         (JSC::repatchGetByID):
2081         (JSC::buildGetByIDList):
2082         * jit/ThunkGenerators.cpp:
2083         * jit/ThunkGenerators.h:
2084
2085 2013-10-15  Dean Jackson  <dino@apple.com>
2086
2087         Add ENABLE_WEB_ANIMATIONS flag
2088         https://bugs.webkit.org/show_bug.cgi?id=122871
2089
2090         Reviewed by Tim Horton.
2091
2092         Eventually might be http://dev.w3.org/fxtf/web-animations/
2093         but this is just engine-internal work at the moment.
2094
2095         * Configurations/FeatureDefines.xcconfig:
2096
2097 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2098
2099         [sh4] Some calls don't match sh4 ABI.
2100         https://bugs.webkit.org/show_bug.cgi?id=122863
2101
2102         Reviewed by Michael Saboff.
2103
2104         * dfg/DFGSpeculativeJIT.h:
2105         (JSC::DFG::SpeculativeJIT::callOperation):
2106         * jit/CCallHelpers.h:
2107         (JSC::CCallHelpers::setupArgumentsWithExecState):
2108         * jit/JITInlines.h:
2109         (JSC::JIT::callOperation):
2110
2111 2013-10-15  Daniel Bates  <dabates@apple.com>
2112
2113         [iOS] Upstream JavaScriptCore support for ARM64
2114         https://bugs.webkit.org/show_bug.cgi?id=122762
2115
2116         Reviewed by Oliver Hunt and Filip Pizlo.
2117
2118         * Configurations/Base.xcconfig:
2119         * Configurations/DebugRelease.xcconfig:
2120         * Configurations/JavaScriptCore.xcconfig:
2121         * Configurations/ToolExecutable.xcconfig:
2122         * JavaScriptCore.xcodeproj/project.pbxproj:
2123         * assembler/ARM64Assembler.h: Added.
2124         * assembler/AbstractMacroAssembler.h:
2125         (JSC::isARM64):
2126         (JSC::AbstractMacroAssembler::Label::Label):
2127         (JSC::AbstractMacroAssembler::Jump::Jump):
2128         (JSC::AbstractMacroAssembler::Jump::link):
2129         (JSC::AbstractMacroAssembler::Jump::linkTo):
2130         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
2131         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
2132         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
2133         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
2134         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
2135         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
2136         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
2137         (JSC::AbstractMacroAssembler::isTempRegisterValid):
2138         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
2139         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2140         * assembler/LinkBuffer.cpp:
2141         (JSC::LinkBuffer::copyCompactAndLinkCode):
2142         (JSC::LinkBuffer::linkCode):
2143         * assembler/LinkBuffer.h:
2144         * assembler/MacroAssembler.h:
2145         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
2146         (JSC::MacroAssembler::pushToSave):
2147         (JSC::MacroAssembler::popToRestore):
2148         (JSC::MacroAssembler::patchableBranchTest32):
2149         * assembler/MacroAssemblerARM64.h: Added.
2150         * assembler/MacroAssemblerARMv7.h:
2151         * dfg/DFGFixupPhase.cpp:
2152         (JSC::DFG::FixupPhase::fixupNode):
2153         * dfg/DFGOSRExitCompiler32_64.cpp:
2154         (JSC::DFG::OSRExitCompiler::compileExit):
2155         * dfg/DFGOSRExitCompiler64.cpp:
2156         (JSC::DFG::OSRExitCompiler::compileExit):
2157         * dfg/DFGSpeculativeJIT.cpp:
2158         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2159         (JSC::DFG::SpeculativeJIT::compileArithMod):
2160         * disassembler/ARM64/A64DOpcode.cpp: Added.
2161         * disassembler/ARM64/A64DOpcode.h: Added.
2162         * disassembler/ARM64Disassembler.cpp: Added.
2163         * heap/MachineStackMarker.cpp:
2164         (JSC::getPlatformThreadRegisters):
2165         (JSC::otherThreadStackPointer):
2166         * heap/Region.h:
2167         * jit/AssemblyHelpers.h:
2168         (JSC::AssemblyHelpers::debugCall):
2169         * jit/CCallHelpers.h:
2170         * jit/ExecutableAllocator.h:
2171         * jit/FPRInfo.h:
2172         (JSC::FPRInfo::toRegister):
2173         (JSC::FPRInfo::toIndex):
2174         (JSC::FPRInfo::debugName):
2175         * jit/GPRInfo.h:
2176         (JSC::GPRInfo::toRegister):
2177         (JSC::GPRInfo::toIndex):
2178         (JSC::GPRInfo::debugName):
2179         * jit/JITInlines.h:
2180         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2181         * jit/JITOperationWrappers.h:
2182         * jit/JITOperations.cpp:
2183         * jit/JITStubs.cpp:
2184         (JSC::performPlatformSpecificJITAssertions):
2185         (JSC::tryCachePutByID):
2186         * jit/JITStubs.h:
2187         (JSC::JITStackFrame::returnAddressSlot):
2188         * jit/JITStubsARM64.h: Added.
2189         * jit/JSInterfaceJIT.h:
2190         * jit/Repatch.cpp:
2191         (JSC::emitRestoreScratch):
2192         (JSC::generateProtoChainAccessStub):
2193         (JSC::tryCacheGetByID):
2194         (JSC::emitPutReplaceStub):
2195         (JSC::tryCachePutByID):
2196         (JSC::tryRepatchIn):
2197         * jit/ScratchRegisterAllocator.h:
2198         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2199         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2200         * jit/ThunkGenerators.cpp:
2201         (JSC::nativeForGenerator):
2202         (JSC::floorThunkGenerator):
2203         (JSC::ceilThunkGenerator):
2204         * jsc.cpp:
2205         (main):
2206         * llint/LLIntOfflineAsmConfig.h:
2207         * llint/LLIntSlowPaths.cpp:
2208         (JSC::LLInt::handleHostCall):
2209         * llint/LowLevelInterpreter.asm:
2210         * llint/LowLevelInterpreter64.asm:
2211         * offlineasm/arm.rb:
2212         * offlineasm/arm64.rb: Added.
2213         * offlineasm/backends.rb:
2214         * offlineasm/instructions.rb:
2215         * offlineasm/risc.rb:
2216         * offlineasm/transform.rb:
2217         * yarr/YarrJIT.cpp:
2218         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2219         (JSC::Yarr::YarrGenerator::initCallFrame):
2220         (JSC::Yarr::YarrGenerator::removeCallFrame):
2221         (JSC::Yarr::YarrGenerator::generateEnter):
2222         * yarr/YarrJIT.h:
2223
2224 2013-10-15  Mark Lam  <mark.lam@apple.com>
2225
2226         Fix 3 operand sub operation in C loop LLINT.
2227         https://bugs.webkit.org/show_bug.cgi?id=122866.
2228
2229         Reviewed by Geoffrey Garen.
2230
2231         * offlineasm/cloop.rb:
2232
2233 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2234
2235         ObjCCallbackFunctionImpl shouldn't store a JSContext
2236         https://bugs.webkit.org/show_bug.cgi?id=122531
2237
2238         Reviewed by Geoffrey Garen.
2239
2240         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2241         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2242         by looking using the globalObject of the callee when the function callback is invoked.
2243  
2244         Also added a new test that would cause us to crash previously. The test required making 
2245         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2246         in C API callbacks.
2247
2248         * API/JSContextRef.h:
2249         * API/JSContextRefPrivate.h:
2250         * API/ObjCCallbackFunction.mm:
2251         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2252         (JSC::objCCallbackFunctionCallAsFunction):
2253         (objCCallbackFunctionForInvocation):
2254         * API/WebKitAvailability.h:
2255         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2256         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2257         (CallAsConstructor):
2258         (ConstructorFinalize):
2259         (ConstructorClass):
2260         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2261         (-[JSContext valueWithConstructorDescriptor:]):
2262         (currentThisInsideBlockGetterTest):
2263         * API/tests/testapi.mm:
2264         * JavaScriptCore.xcodeproj/project.pbxproj:
2265         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2266
2267 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2268
2269         Fix build after r157457 for architecture with 4 argument registers.
2270         https://bugs.webkit.org/show_bug.cgi?id=122860
2271
2272         Reviewed by Michael Saboff.
2273
2274         * jit/CCallHelpers.h:
2275         (JSC::CCallHelpers::setupStubArguments134):
2276
2277 2013-10-14  Michael Saboff  <msaboff@apple.com>
2278
2279         transition void cti_op_* methods to JIT operations.
2280         https://bugs.webkit.org/show_bug.cgi?id=122617
2281
2282         Reviewed by Geoffrey Garen.
2283
2284         Converted the follow stubs to JIT operations:
2285             cti_handle_watchdog_timer
2286             cti_op_debug
2287             cti_op_pop_scope
2288             cti_op_profile_did_call
2289             cti_op_profile_will_call
2290             cti_op_put_by_index
2291             cti_op_put_getter_setter
2292             cti_op_tear_off_activation
2293             cti_op_tear_off_arguments
2294             cti_op_throw_static_error
2295             cti_optimize
2296
2297         * dfg/DFGOperations.cpp:
2298         * dfg/DFGOperations.h:
2299         * jit/CCallHelpers.h:
2300         (JSC::CCallHelpers::setupArgumentsWithExecState):
2301         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2302         (JSC::CCallHelpers::setupStubArguments):
2303         (JSC::CCallHelpers::setupStubArguments134):
2304         * jit/JIT.cpp:
2305         (JSC::JIT::emitEnterOptimizationCheck):
2306         * jit/JIT.h:
2307         * jit/JITInlines.h:
2308         (JSC::JIT::callOperation):
2309         * jit/JITOpcodes.cpp:
2310         (JSC::JIT::emit_op_tear_off_activation):
2311         (JSC::JIT::emit_op_tear_off_arguments):
2312         (JSC::JIT::emit_op_push_with_scope):
2313         (JSC::JIT::emit_op_pop_scope):
2314         (JSC::JIT::emit_op_push_name_scope):
2315         (JSC::JIT::emit_op_throw_static_error):
2316         (JSC::JIT::emit_op_debug):
2317         (JSC::JIT::emit_op_profile_will_call):
2318         (JSC::JIT::emit_op_profile_did_call):
2319         (JSC::JIT::emitSlow_op_loop_hint):
2320         * jit/JITOpcodes32_64.cpp:
2321         (JSC::JIT::emit_op_push_with_scope):
2322         (JSC::JIT::emit_op_pop_scope):
2323         (JSC::JIT::emit_op_push_name_scope):
2324         (JSC::JIT::emit_op_throw_static_error):
2325         (JSC::JIT::emit_op_debug):
2326         (JSC::JIT::emit_op_profile_will_call):
2327         (JSC::JIT::emit_op_profile_did_call):
2328         * jit/JITOperations.cpp:
2329         * jit/JITOperations.h:
2330         * jit/JITPropertyAccess.cpp:
2331         (JSC::JIT::emit_op_put_by_index):
2332         (JSC::JIT::emit_op_put_getter_setter):
2333         * jit/JITPropertyAccess32_64.cpp:
2334         (JSC::JIT::emit_op_put_by_index):
2335         (JSC::JIT::emit_op_put_getter_setter):
2336         * jit/JITStubs.cpp:
2337         * jit/JITStubs.h:
2338
2339 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2340
2341         [sh4] Introduce const pools in LLINT.
2342         https://bugs.webkit.org/show_bug.cgi?id=122746
2343
2344         Reviewed by Michael Saboff.
2345
2346         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2347         loaded this way:
2348
2349             mov.l .label, rx
2350             bra out
2351             nop
2352             .balign 4
2353             .label: .long immvalue
2354             out:
2355
2356         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2357         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2358
2359         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2360         * offlineasm/sh4.rb:
2361
2362 2013-10-15  Mark Lam  <mark.lam@apple.com>
2363
2364         Fix broken C Loop LLINT build.
2365         https://bugs.webkit.org/show_bug.cgi?id=122839.
2366
2367         Reviewed by Michael Saboff.
2368
2369         * dfg/DFGFlushedAt.cpp:
2370         * jit/JITOperations.h:
2371
2372 2013-10-14  Mark Lam  <mark.lam@apple.com>
2373
2374         Transition *switch* and *scope* JITStubs to JIT operations.
2375         https://bugs.webkit.org/show_bug.cgi?id=122757.
2376
2377         Reviewed by Geoffrey Garen.
2378
2379         Transitioning:
2380             cti_op_switch_char
2381             cti_op_switch_imm
2382             cti_op_switch_string
2383             cti_op_resolve_scope
2384             cti_op_get_from_scope
2385             cti_op_put_to_scope
2386
2387         * jit/JIT.h:
2388         * jit/JITInlines.h:
2389         (JSC::JIT::callOperation):
2390         * jit/JITOpcodes.cpp:
2391         (JSC::JIT::emit_op_switch_imm):
2392         (JSC::JIT::emit_op_switch_char):
2393         (JSC::JIT::emit_op_switch_string):
2394         * jit/JITOpcodes32_64.cpp:
2395         (JSC::JIT::emit_op_switch_imm):
2396         (JSC::JIT::emit_op_switch_char):
2397         (JSC::JIT::emit_op_switch_string):
2398         * jit/JITOperations.cpp:
2399         * jit/JITOperations.h:
2400         * jit/JITPropertyAccess.cpp:
2401         (JSC::JIT::emitSlow_op_resolve_scope):
2402         (JSC::JIT::emitSlow_op_get_from_scope):
2403         (JSC::JIT::emitSlow_op_put_to_scope):
2404         * jit/JITPropertyAccess32_64.cpp:
2405         (JSC::JIT::emitSlow_op_resolve_scope):
2406         (JSC::JIT::emitSlow_op_get_from_scope):
2407         (JSC::JIT::emitSlow_op_put_to_scope):
2408         * jit/JITStubs.cpp:
2409         * jit/JITStubs.h:
2410
2411 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2412
2413         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2414         https://bugs.webkit.org/show_bug.cgi?id=122786
2415
2416         Reviewed by Mark Hahnenberg.
2417
2418         * bytecode/CodeBlock.cpp:
2419         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2420         * jit/Repatch.cpp:
2421         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2422         (JSC::buildPutByIdList): Ditto.
2423
2424 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2425
2426         Add FTL support for LogicalNot(string)
2427         https://bugs.webkit.org/show_bug.cgi?id=122765
2428
2429         Reviewed by Filip Pizlo.
2430
2431         This patch is tested by:
2432         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2433
2434         * ftl/FTLCapabilities.cpp:
2435         (JSC::FTL::canCompile):
2436         * ftl/FTLLowerDFGToLLVM.cpp:
2437         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2438
2439 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2440
2441         [sh4] Fixes after r157404 and r157411.
2442         https://bugs.webkit.org/show_bug.cgi?id=122782
2443
2444         Reviewed by Michael Saboff.
2445
2446         * dfg/DFGSpeculativeJIT.h:
2447         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2448         * jit/CCallHelpers.h:
2449         (JSC::CCallHelpers::setupArgumentsWithExecState):
2450         * jit/JITInlines.h:
2451         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2452         * jit/JITPropertyAccess32_64.cpp:
2453         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2454
2455 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2456
2457         Unreviewed, rolling out r157413.
2458         http://trac.webkit.org/changeset/157413
2459         https://bugs.webkit.org/show_bug.cgi?id=122779
2460
2461         Appears to have caused frequent crashes (Requested by ap on
2462         #webkit).
2463
2464         * CMakeLists.txt:
2465         * GNUmakefile.list.am:
2466         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2467         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2468         * JavaScriptCore.xcodeproj/project.pbxproj:
2469         * heap/DeferGC.cpp: Removed.
2470         * heap/DeferGC.h:
2471         * jit/JITStubs.cpp:
2472         (JSC::tryCacheGetByID):
2473         (JSC::DEFINE_STUB_FUNCTION):
2474         * llint/LLIntSlowPaths.cpp:
2475         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2476         * runtime/ConcurrentJITLock.h:
2477         * runtime/InitializeThreading.cpp:
2478         (JSC::initializeThreadingOnce):
2479         * runtime/JSCellInlines.h:
2480         (JSC::allocateCell):
2481         * runtime/Structure.cpp:
2482         (JSC::Structure::materializePropertyMap):
2483         (JSC::Structure::putSpecificValue):
2484         (JSC::Structure::createPropertyMap):
2485         * runtime/Structure.h:
2486
2487 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2488
2489         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2490         https://bugs.webkit.org/show_bug.cgi?id=122652
2491
2492         Reviewed by Filip Pizlo.
2493
2494         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2495         so we would end up ASSERTing during garbage collection.
2496
2497         * heap/MarkedAllocator.cpp:
2498         (JSC::MarkedAllocator::allocateSlowCase):
2499
2500 2013-10-11  Oliver Hunt  <oliver@apple.com>
2501
2502         Separate out array iteration intrinsics
2503         https://bugs.webkit.org/show_bug.cgi?id=122656
2504
2505         Reviewed by Michael Saboff.
2506
2507         Separate out the intrinsics for key and values iteration
2508         of arrays.
2509
2510         This requires moving moving array iteration into the iterator
2511         instance, rather than the prototype, but this is essentially
2512         unobservable so we'll live with it for now.
2513
2514         * jit/ThunkGenerators.cpp:
2515         (JSC::arrayIteratorNextThunkGenerator):
2516         (JSC::arrayIteratorNextKeyThunkGenerator):
2517         (JSC::arrayIteratorNextValueThunkGenerator):
2518         * jit/ThunkGenerators.h:
2519         * runtime/ArrayIteratorPrototype.cpp:
2520         (JSC::ArrayIteratorPrototype::finishCreation):
2521         * runtime/Intrinsic.h:
2522         * runtime/JSArrayIterator.cpp:
2523         (JSC::JSArrayIterator::finishCreation):
2524         (JSC::createIteratorResult):
2525         (JSC::arrayIteratorNext):
2526         (JSC::arrayIteratorNextKey):
2527         (JSC::arrayIteratorNextValue):
2528         (JSC::arrayIteratorNextGeneric):
2529         * runtime/VM.cpp:
2530         (JSC::thunkGeneratorForIntrinsic):
2531
2532 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2533
2534         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2535         https://bugs.webkit.org/show_bug.cgi?id=122667
2536
2537         Reviewed by Filip Pizlo.
2538
2539         The issue this patch is attempting to fix is that there are places in our codebase
2540         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2541         operations that can initiate a garbage collection. Garbage collection then calls 
2542         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2543         always necessarily run during garbage collection). This causes a deadlock.
2544
2545         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2546         into a thread-local field that indicates that it is unsafe to perform any operation 
2547         that could trigger garbage collection on the current thread. In debug builds, 
2548         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2549         detect deadlocks.
2550
2551         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2552         which uses the DeferGC mechanism to prevent collections from occurring while the 
2553         lock is held.
2554
2555         * CMakeLists.txt:
2556         * GNUmakefile.list.am:
2557         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2558         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2559         * JavaScriptCore.xcodeproj/project.pbxproj:
2560         * heap/DeferGC.cpp: Added.
2561         * heap/DeferGC.h:
2562         (JSC::DisallowGC::DisallowGC):
2563         (JSC::DisallowGC::~DisallowGC):
2564         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2565         (JSC::DisallowGC::initialize):
2566         * jit/JITStubs.cpp:
2567         (JSC::tryCachePutByID):
2568         (JSC::tryCacheGetByID):
2569         (JSC::DEFINE_STUB_FUNCTION):
2570         * llint/LLIntSlowPaths.cpp:
2571         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2572         * runtime/ConcurrentJITLock.h:
2573         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2574         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2575         (JSC::ConcurrentJITLockerBase::unlockEarly):
2576         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2577         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2578         * runtime/InitializeThreading.cpp:
2579         (JSC::initializeThreadingOnce):
2580         * runtime/JSCellInlines.h:
2581         (JSC::allocateCell):
2582         * runtime/Structure.cpp:
2583         (JSC::Structure::materializePropertyMap):
2584         (JSC::Structure::putSpecificValue):
2585         (JSC::Structure::createPropertyMap):
2586         * runtime/Structure.h:
2587
2588 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2589
2590         Baseline JIT should use the DFG's PutById IC
2591         https://bugs.webkit.org/show_bug.cgi?id=122704
2592
2593         Reviewed by Mark Hahnenberg.
2594         
2595         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2596         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2597         
2598         The only complicated part was that the PutById operations assumed that we first did a
2599         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2600         slow paths to deal with EncodedJSValue's.
2601
2602         * bytecode/CodeBlock.cpp:
2603         (JSC::CodeBlock::resetStubInternal):
2604         * bytecode/PutByIdStatus.cpp:
2605         (JSC::PutByIdStatus::computeFor):
2606         * dfg/DFGSpeculativeJIT.h:
2607         (JSC::DFG::SpeculativeJIT::callOperation):
2608         * dfg/DFGSpeculativeJIT32_64.cpp:
2609         (JSC::DFG::SpeculativeJIT::cachedPutById):
2610         * dfg/DFGSpeculativeJIT64.cpp:
2611         (JSC::DFG::SpeculativeJIT::cachedPutById):
2612         * jit/CCallHelpers.h:
2613         (JSC::CCallHelpers::setupArgumentsWithExecState):
2614         * jit/JIT.cpp:
2615         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2616         * jit/JIT.h:
2617         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2618         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2619         * jit/JITInlines.h:
2620         (JSC::JIT::callOperation):
2621         * jit/JITOperationWrappers.h:
2622         * jit/JITOperations.cpp:
2623         * jit/JITOperations.h:
2624         * jit/JITPropertyAccess.cpp:
2625         (JSC::JIT::compileGetByIdHotPath):
2626         (JSC::JIT::compileGetByIdSlowCase):
2627         (JSC::JIT::emit_op_put_by_id):
2628         (JSC::JIT::emitSlow_op_put_by_id):
2629         * jit/JITPropertyAccess32_64.cpp:
2630         (JSC::JIT::compileGetByIdSlowCase):
2631         (JSC::JIT::emit_op_put_by_id):
2632         (JSC::JIT::emitSlow_op_put_by_id):
2633         * jit/JITStubs.cpp:
2634         * jit/JITStubs.h:
2635         * jit/Repatch.cpp:
2636         (JSC::appropriateGenericPutByIdFunction):
2637         (JSC::appropriateListBuildingPutByIdFunction):
2638         (JSC::resetPutByID):
2639
2640 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2641
2642         FTL should have an inefficient but correct implementation of GetById
2643         https://bugs.webkit.org/show_bug.cgi?id=122740
2644
2645         Reviewed by Mark Hahnenberg.
2646         
2647         It took some effort to realize that the node->prediction() check in the DFG backends
2648         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2649         if !prediction.
2650         
2651         But other than that this was an easy patch.
2652
2653         * dfg/DFGByteCodeParser.cpp:
2654         (JSC::DFG::ByteCodeParser::handleGetById):
2655         * dfg/DFGSpeculativeJIT32_64.cpp:
2656         (JSC::DFG::SpeculativeJIT::compile):
2657         * dfg/DFGSpeculativeJIT64.cpp:
2658         (JSC::DFG::SpeculativeJIT::compile):
2659         * ftl/FTLCapabilities.cpp:
2660         (JSC::FTL::canCompile):
2661         * ftl/FTLIntrinsicRepository.h:
2662         * ftl/FTLLowerDFGToLLVM.cpp:
2663         (JSC::FTL::LowerDFGToLLVM::compileNode):
2664         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2665
2666 2013-10-13  Mark Lam  <mark.lam@apple.com>
2667
2668         Transition misc cti_op_* JITStubs to JIT operations.
2669         https://bugs.webkit.org/show_bug.cgi?id=122645.
2670
2671         Reviewed by Michael Saboff.
2672
2673         Stubs converted:
2674             cti_op_check_has_instance
2675             cti_op_create_arguments
2676             cti_op_del_by_id
2677             cti_op_instanceof
2678             cti_to_object
2679             cti_op_push_activation
2680             cti_op_get_pnames
2681             cti_op_load_varargs
2682
2683         * dfg/DFGOperations.cpp:
2684         * dfg/DFGOperations.h:
2685         * jit/CCallHelpers.h:
2686         (JSC::CCallHelpers::setupArgumentsWithExecState):
2687         * jit/JIT.h:
2688         (JSC::JIT::emitStoreCell):
2689         * jit/JITCall.cpp:
2690         (JSC::JIT::compileLoadVarargs):
2691         * jit/JITCall32_64.cpp:
2692         (JSC::JIT::compileLoadVarargs):
2693         * jit/JITInlines.h:
2694         (JSC::JIT::callOperation):
2695         * jit/JITOpcodes.cpp:
2696         (JSC::JIT::emit_op_get_pnames):
2697         (JSC::JIT::emit_op_create_activation):
2698         (JSC::JIT::emit_op_create_arguments):
2699         (JSC::JIT::emitSlow_op_check_has_instance):
2700         (JSC::JIT::emitSlow_op_instanceof):
2701         (JSC::JIT::emitSlow_op_get_argument_by_val):
2702         * jit/JITOpcodes32_64.cpp:
2703         (JSC::JIT::emitSlow_op_check_has_instance):
2704         (JSC::JIT::emitSlow_op_instanceof):
2705         (JSC::JIT::emit_op_get_pnames):
2706         (JSC::JIT::emit_op_create_activation):
2707         (JSC::JIT::emit_op_create_arguments):
2708         (JSC::JIT::emitSlow_op_get_argument_by_val):
2709         * jit/JITOperations.cpp:
2710         * jit/JITOperations.h:
2711         * jit/JITPropertyAccess.cpp:
2712         (JSC::JIT::emit_op_del_by_id):
2713         * jit/JITPropertyAccess32_64.cpp:
2714         (JSC::JIT::emit_op_del_by_id):
2715         * jit/JITStubs.cpp:
2716         * jit/JITStubs.h:
2717
2718 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2719
2720         FTL OSR exit should perform zero extension on values smaller than 64-bit
2721         https://bugs.webkit.org/show_bug.cgi?id=122688
2722
2723         Reviewed by Gavin Barraclough.
2724         
2725         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2726         register will have zeros on the high bits.  In the few cases where the high bits are
2727         non-zero, the DFG sort of tells us this explicitly.
2728
2729         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2730         emit LLVM IR like:
2731
2732             %2 = trunc i64 %1 to i32
2733             stuff %2
2734             call @llvm.webkit.stackmap(...., %2)
2735
2736         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2737         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2738         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2739         from before truncation, and that register may have garbage in the high bits.
2740
2741         This means that on our end, if we want a 32-bit value and we want that value to be
2742         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2743         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2744         end.
2745         
2746         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2747
2748         * ftl/FTLOSRExitCompiler.cpp:
2749         (JSC::FTL::compileStubWithOSRExitStackmap):
2750         * ftl/FTLValueFormat.cpp:
2751         (JSC::FTL::reboxAccordingToFormat):
2752
2753 == Rolled over to ChangeLog-2013-10-13 ==