916cb38630bac0a0427f89efebdabef32bdc81a0
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
2
3         Fix the ENABLE(B3_JIT) build on Linux
4         https://bugs.webkit.org/show_bug.cgi?id=150794
5
6         Reviewed by Darin Adler.
7
8         * CMakeLists.txt:
9         * b3/B3HeapRange.h:
10         * b3/B3IndexSet.h:
11         (JSC::B3::IndexSet::Iterable::iterator::operator++):
12         * b3/B3Type.h:
13         (JSC::B3::sizeofType):
14         * b3/air/AirArg.cpp:
15         (JSC::B3::Air::Arg::dump):
16         * b3/air/AirArg.h:
17         (JSC::B3::Air::Arg::isUse):
18         (JSC::B3::Air::Arg::isDef):
19         (JSC::B3::Air::Arg::isGP):
20         (JSC::B3::Air::Arg::isFP):
21         (JSC::B3::Air::Arg::isType):
22         * b3/air/AirCode.h:
23         (JSC::B3::Air::Code::newTmp):
24         (JSC::B3::Air::Code::numTmps):
25         * b3/air/AirSpecial.cpp:
26
27 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
28
29         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
30         https://bugs.webkit.org/show_bug.cgi?id=150793
31
32         Reviewed by Darin Adler.
33
34         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
35         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
36         the ifdef in parseAssignmentExpression.
37         This prevents functionality of parsing arrow function syntax.
38
39         * parser/Lexer.cpp:
40         (JSC::Lexer<T>::lex):
41         * parser/Parser.cpp:
42         (JSC::Parser<LexerType>::parseInner): Deleted.
43         * parser/Parser.h:
44         (JSC::Parser::isArrowFunctionParamters): Deleted.
45         * parser/ParserTokens.h:
46
47 2015-11-02  Michael Saboff  <msaboff@apple.com>
48
49         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
50         https://bugs.webkit.org/show_bug.cgi?id=150745
51
52         Reviewed by Geoffrey Garen.
53
54         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
55         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
56         type of the true caller, that is the function we'll be returning to.
57
58         This can be found by remembering the last call type we find while walking up the inlined
59         frames in InlineCallFrame::getCallerSkippingDeadFrames().
60
61         We can also return directly back to a getter or setter callsite without using a thunk.
62
63         * bytecode/InlineCallFrame.h:
64         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
65         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
66         * dfg/DFGOSRExitCompilerCommon.cpp:
67         (JSC::DFG::reifyInlinedCallFrames):
68         * jit/JITPropertyAccess.cpp:
69         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
70         for reified inlined frames created during OSR exit. 
71         * jit/ThunkGenerators.cpp:
72         (JSC::baselineGetterReturnThunkGenerator): Deleted.
73         (JSC::baselineSetterReturnThunkGenerator): Deleted.
74         * jit/ThunkGenerators.h:
75
76 2015-11-02  Saam barati  <sbarati@apple.com>
77
78         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
79         https://bugs.webkit.org/show_bug.cgi?id=150760
80
81         Reviewed by Geoffrey Garen.
82
83         This is related to using PhantomLocal instead of Flush as 
84         the liveness preservation mechanism for live catch variables. 
85         I'm temporarily switching things back to Flush. This will be a
86         performance hit for try/catch in the DFG. Landing this patch,
87         though, will allow me to land try/catch in the FTL. It also
88         makes try/catch in the DFG sound. I have opened another
89         bug to further investigate using PhantomLocal as the
90         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
91
92         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
93         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
94         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
95         (assert):
96         (let.oThrow.get f):
97         (let.o2.get f):
98         (foo):
99         (f):
100
101 2015-11-02  Andy Estes  <aestes@apple.com>
102
103         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
104         https://bugs.webkit.org/show_bug.cgi?id=150819
105
106         Reviewed by Dan Bernstein.
107
108         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
109
110         * Configurations/Base.xcconfig:
111
112 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
113
114         [Win] MiniBrowser unable to use WebInspector
115         https://bugs.webkit.org/show_bug.cgi?id=150810
116         <rdar://problem/23358514>
117
118         Reviewed by Timothy Hatcher.
119
120         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
121         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
122         parsing error in the JS file.
123         
124         The solution was to switch from using "COMMAND echo" to use the more cross-platform
125         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
126         escaping properly on all platforms.
127
128         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
129
130 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
131
132         B3 should be able to compile a Patchpoint
133         https://bugs.webkit.org/show_bug.cgi?id=150750
134
135         Reviewed by Geoffrey Garen.
136
137         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
138         with a B3::PatchpointSpecial.
139
140         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
141         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
142         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
143         otherwise I would have had to write a lot of boilerplate.
144
145         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
146
147         There were a ton of indexing bugs in B3StackmapSpecial.
148
149         The spiller was broken in case the Def was not the last Arg, since it was adding things
150         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
151         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
152         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
153         order insertions as a rare case. I think that we don't really need to be so paranoid.
154         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
155         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
156         used sort, which is slightly wrong.
157
158         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
159
160         * b3/B3InsertionSet.cpp:
161         (JSC::B3::InsertionSet::execute):
162         * b3/B3LowerToAir.cpp:
163         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
164         (JSC::B3::Air::LowerToAir::appendStore):
165         (JSC::B3::Air::LowerToAir::moveForType):
166         (JSC::B3::Air::LowerToAir::append):
167         (JSC::B3::Air::LowerToAir::ensureSpecial):
168         (JSC::B3::Air::LowerToAir::tryStore):
169         (JSC::B3::Air::LowerToAir::tryStackSlot):
170         (JSC::B3::Air::LowerToAir::tryPatchpoint):
171         (JSC::B3::Air::LowerToAir::tryUpsilon):
172         * b3/B3LoweringMatcher.patterns:
173         * b3/B3PatchpointValue.h:
174         (JSC::B3::PatchpointValue::accepts): Deleted.
175         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
176         * b3/B3Stackmap.h:
177         (JSC::B3::Stackmap::constrain):
178         (JSC::B3::Stackmap::appendConstraint):
179         (JSC::B3::Stackmap::reps):
180         (JSC::B3::Stackmap::clobber):
181         * b3/B3StackmapSpecial.cpp:
182         (JSC::B3::StackmapSpecial::forEachArgImpl):
183         (JSC::B3::StackmapSpecial::isValidImpl):
184         * b3/B3Value.h:
185         * b3/B3ValueRep.h:
186         (JSC::B3::ValueRep::ValueRep):
187         (JSC::B3::ValueRep::reg):
188         (JSC::B3::ValueRep::operator bool):
189         (JSC::B3::ValueRep::isAny):
190         (JSC::B3::ValueRep::isSomeRegister):
191         (JSC::B3::ValueRep::isReg):
192         (JSC::B3::ValueRep::isGPR):
193         (JSC::B3::ValueRep::isFPR):
194         (JSC::B3::ValueRep::gpr):
195         (JSC::B3::ValueRep::fpr):
196         (JSC::B3::ValueRep::isStack):
197         (JSC::B3::ValueRep::offsetFromFP):
198         (JSC::B3::ValueRep::isStackArgument):
199         (JSC::B3::ValueRep::offsetFromSP):
200         (JSC::B3::ValueRep::isConstant):
201         (JSC::B3::ValueRep::value):
202         * b3/air/AirCode.cpp:
203         (JSC::B3::Air::Code::dump):
204         * b3/air/AirInsertionSet.cpp:
205         (JSC::B3::Air::InsertionSet::execute):
206         * b3/testb3.cpp:
207         (JSC::B3::testComplex):
208         (JSC::B3::testSimplePatchpoint):
209         (JSC::B3::run):
210         * dfg/DFGBlockInsertionSet.cpp:
211         (JSC::DFG::BlockInsertionSet::execute):
212
213 2015-11-02  Mark Lam  <mark.lam@apple.com>
214
215         Snippefy op_add for the baseline JIT.
216         https://bugs.webkit.org/show_bug.cgi?id=150129
217
218         Reviewed by Geoffrey Garen and Saam Barati.
219
220         Performance is neutral for both 32-bit and 64-bit on X86_64.
221
222         * CMakeLists.txt:
223         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
224         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
225         * JavaScriptCore.xcodeproj/project.pbxproj:
226         * jit/JIT.h:
227         (JSC::JIT::getOperandConstantInt):
228         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
229           because the snippet needs it.
230
231         * jit/JITAddGenerator.cpp: Added.
232         (JSC::JITAddGenerator::generateFastPath):
233         * jit/JITAddGenerator.h: Added.
234         (JSC::JITAddGenerator::JITAddGenerator):
235         (JSC::JITAddGenerator::endJumpList):
236         (JSC::JITAddGenerator::slowPathJumpList):
237         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
238           is a constant int32_t.  It does not implement an optimization for the case where
239           both operands are constant int32_t.  This is because:
240           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
241           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
242
243           Hence, such an optimization path (for 2 constant int32_t operands) would never
244           be taken, and is why we won't implement it.
245
246         * jit/JITArithmetic.cpp:
247         (JSC::JIT::compileBinaryArithOp):
248         (JSC::JIT::compileBinaryArithOpSlowCase):
249         - Removed op_add cases.  These are no longer used by the op_add emitters.
250
251         (JSC::JIT::emit_op_add):
252         (JSC::JIT::emitSlow_op_add):
253         - Moved out from the JSVALUE64 section to the common section, and reimplemented
254           using the snippet.
255
256         * jit/JITArithmetic32_64.cpp:
257         (JSC::JIT::emitBinaryDoubleOp):
258         (JSC::JIT::emit_op_add): Deleted.
259         (JSC::JIT::emitAdd32Constant): Deleted.
260         (JSC::JIT::emitSlow_op_add): Deleted.
261         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
262           and 64-bit implementations.
263
264         * jit/JITInlines.h:
265         (JSC::JIT::getOperandConstantInt):
266         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
267           because the snippet needs it.
268
269 2015-11-02  Brian Burg  <bburg@apple.com>
270
271         Run sort-Xcode-project-file for the JavaScriptCore project.
272
273         Unreviewed. Many things were out of order following recent B3 commits.
274
275         * JavaScriptCore.xcodeproj/project.pbxproj:
276
277 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
278
279         Rename op_put_getter_setter to op_put_getter_setter_by_id
280         https://bugs.webkit.org/show_bug.cgi?id=150773
281
282         Reviewed by Mark Lam.
283
284         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
285         the other ops' names like op_put_getter_by_id etc.
286
287         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
288
289         * JavaScriptCore.xcodeproj/project.pbxproj:
290         * bytecode/BytecodeList.json:
291         * bytecode/BytecodeUseDef.h:
292         (JSC::computeUsesForBytecodeOffset):
293         (JSC::computeDefsForBytecodeOffset):
294         * bytecode/CodeBlock.cpp:
295         (JSC::CodeBlock::dumpBytecode):
296         * bytecompiler/BytecodeGenerator.cpp:
297         (JSC::BytecodeGenerator::emitPutGetterSetter):
298         * dfg/DFGByteCodeParser.cpp:
299         (JSC::DFG::ByteCodeParser::parseBlock):
300         * dfg/DFGCapabilities.cpp:
301         (JSC::DFG::capabilityLevel):
302         * jit/JIT.cpp:
303         (JSC::JIT::privateCompileMainPass):
304         * jit/JIT.h:
305         * jit/JITPropertyAccess.cpp:
306         (JSC::JIT::emit_op_put_getter_setter_by_id):
307         (JSC::JIT::emit_op_put_getter_setter): Deleted.
308         * jit/JITPropertyAccess32_64.cpp:
309         (JSC::JIT::emit_op_put_getter_setter_by_id):
310         (JSC::JIT::emit_op_put_getter_setter): Deleted.
311         * llint/LLIntSlowPaths.cpp:
312         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
313         * llint/LLIntSlowPaths.h:
314         * llint/LowLevelInterpreter.asm:
315
316 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
317
318         Fix the FTL JIT build with system LLVM on Linux
319         https://bugs.webkit.org/show_bug.cgi?id=150795
320
321         Reviewed by Filip Pizlo.
322
323         * CMakeLists.txt:
324
325 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
326
327         [ES6] Support Generator Syntax
328         https://bugs.webkit.org/show_bug.cgi?id=150769
329
330         Reviewed by Geoffrey Garen.
331
332         This patch implements syntax part of ES6 Generators.
333
334         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
335         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
336         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
337         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
338
339         * Configurations/FeatureDefines.xcconfig:
340         * bytecompiler/NodesCodegen.cpp:
341         (JSC::YieldExprNode::emitBytecode):
342         * parser/ASTBuilder.h:
343         (JSC::ASTBuilder::createYield):
344         * parser/Keywords.table:
345         * parser/NodeConstructors.h:
346         (JSC::YieldExprNode::YieldExprNode):
347         * parser/Nodes.h:
348         * parser/Parser.cpp:
349         (JSC::Parser<LexerType>::Parser):
350         (JSC::Parser<LexerType>::parseInner):
351         (JSC::Parser<LexerType>::parseStatementListItem):
352         (JSC::Parser<LexerType>::parseVariableDeclarationList):
353         (JSC::Parser<LexerType>::parseDestructuringPattern):
354         (JSC::Parser<LexerType>::parseBreakStatement):
355         (JSC::Parser<LexerType>::parseContinueStatement):
356         (JSC::Parser<LexerType>::parseTryStatement):
357         (JSC::Parser<LexerType>::parseStatement):
358         (JSC::stringForFunctionMode):
359         (JSC::Parser<LexerType>::parseFunctionParameters):
360         (JSC::Parser<LexerType>::parseFunctionInfo):
361         (JSC::Parser<LexerType>::parseFunctionDeclaration):
362         (JSC::Parser<LexerType>::parseClass):
363         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
364         (JSC::Parser<LexerType>::parseExportDeclaration):
365         (JSC::Parser<LexerType>::parseAssignmentExpression):
366         (JSC::Parser<LexerType>::parseYieldExpression):
367         (JSC::Parser<LexerType>::parseProperty):
368         (JSC::Parser<LexerType>::parsePropertyMethod):
369         (JSC::Parser<LexerType>::parseGetterSetter):
370         (JSC::Parser<LexerType>::parseFunctionExpression):
371         (JSC::Parser<LexerType>::parsePrimaryExpression):
372         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
373         * parser/Parser.h:
374         (JSC::Scope::Scope):
375         (JSC::Scope::setSourceParseMode):
376         (JSC::Scope::isGenerator):
377         (JSC::Scope::setIsFunction):
378         (JSC::Scope::setIsGenerator):
379         (JSC::Scope::setIsModule):
380         (JSC::Parser::pushScope):
381         (JSC::Parser::isYIELDMaskedAsIDENT):
382         (JSC::Parser::matchSpecIdentifier):
383         (JSC::Parser::saveState):
384         (JSC::Parser::restoreState):
385         * parser/ParserModes.h:
386         (JSC::isFunctionParseMode):
387         (JSC::isModuleParseMode):
388         (JSC::isProgramParseMode):
389         * parser/ParserTokens.h:
390         * parser/SyntaxChecker.h:
391         (JSC::SyntaxChecker::createYield):
392         * tests/stress/generator-methods.js: Added.
393         (Hello.prototype.gen):
394         (Hello.gen):
395         (Hello):
396         (Hello.prototype.set get string_appeared_here):
397         (Hello.string_appeared_here):
398         (Hello.prototype.20):
399         (Hello.20):
400         (Hello.prototype.42):
401         (Hello.42):
402         (let.object.gen):
403         (let.object.set get string_appeared_here):
404         (let.object.20):
405         (let.object.42):
406         * tests/stress/generator-syntax.js: Added.
407         (testSyntax):
408         (testSyntaxError):
409         (testSyntaxError.Hello.prototype.get gen):
410         (testSyntaxError.Hello):
411         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
412         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
413         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
414         (testSyntaxError.value):
415         (testSyntaxError.gen.ng):
416         (testSyntaxError.gen):
417         (testSyntax.gen):
418         * tests/stress/yield-and-line-terminator.js: Added.
419         (testSyntax):
420         (testSyntaxError):
421         (testSyntax.gen):
422         (testSyntaxError.gen):
423         * tests/stress/yield-label-generator.js: Added.
424         (testSyntax):
425         (testSyntaxError):
426         (testSyntaxError.test):
427         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
428         * tests/stress/yield-label.js: Added.
429         (yield):
430         (testSyntaxError):
431         (testSyntaxError.test):
432         * tests/stress/yield-named-accessors-generator.js: Added.
433         (t1.let.object.get yield):
434         (t1.let.object.set yield):
435         (t1):
436         (t2.let.object.get yield):
437         (t2.let.object.set yield):
438         (t2):
439         * tests/stress/yield-named-accessors.js: Added.
440         (t1.let.object.get yield):
441         (t1.let.object.set yield):
442         (t1):
443         (t2.let.object.get yield):
444         (t2.let.object.set yield):
445         (t2):
446         * tests/stress/yield-named-variable-generator.js: Added.
447         (testSyntax):
448         (testSyntaxError):
449         (testSyntaxError.t1):
450         (testSyntaxError.t1.yield):
451         (testSyntax.t1.yield):
452         (testSyntax.t1):
453         * tests/stress/yield-named-variable.js: Added.
454         (testSyntax):
455         (testSyntaxError):
456         (testSyntax.t1):
457         (testSyntaxError.t1):
458         (testSyntax.t1.yield):
459         (testSyntaxError.t1.yield):
460         * tests/stress/yield-out-of-generator.js: Added.
461         (testSyntax):
462         (testSyntaxError):
463         (testSyntaxError.hello):
464         (testSyntaxError.gen.hello):
465         (testSyntaxError.gen):
466         (testSyntax.gen):
467         (testSyntax.gen.ok):
468         (testSyntaxError.gen.ok):
469
470 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
471
472         Dominators should be factored out of the DFG
473         https://bugs.webkit.org/show_bug.cgi?id=150764
474
475         Reviewed by Geoffrey Garen.
476
477         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
478         DFG:
479
480         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
481            future if we wanted to support inverted dominators, we could do it by just creating a
482            DFG::BackwardCFG.
483
484         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
485            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
486            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
487            the DFG.
488
489         * CMakeLists.txt:
490         * JavaScriptCore.xcodeproj/project.pbxproj:
491         * dfg/DFGAnalysis.h: Removed.
492         * dfg/DFGCFG.h: Added.
493         (JSC::DFG::CFG::CFG):
494         (JSC::DFG::CFG::root):
495         (JSC::DFG::CFG::newMap<T>):
496         (JSC::DFG::CFG::successors):
497         (JSC::DFG::CFG::predecessors):
498         (JSC::DFG::CFG::index):
499         (JSC::DFG::CFG::node):
500         (JSC::DFG::CFG::numNodes):
501         (JSC::DFG::CFG::dump):
502         * dfg/DFGCSEPhase.cpp:
503         * dfg/DFGDisassembler.cpp:
504         (JSC::DFG::Disassembler::createDumpList):
505         * dfg/DFGDominators.cpp: Removed.
506         * dfg/DFGDominators.h:
507         (JSC::DFG::Dominators::Dominators):
508         (JSC::DFG::Dominators::strictlyDominates): Deleted.
509         (JSC::DFG::Dominators::dominates): Deleted.
510         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
511         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
512         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
513         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
514         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
515         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
516         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
517         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
518         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
519         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
520         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
521         * dfg/DFGEdgeDominates.h:
522         (JSC::DFG::EdgeDominates::operator()):
523         * dfg/DFGGraph.cpp:
524         (JSC::DFG::Graph::Graph):
525         (JSC::DFG::Graph::dumpBlockHeader):
526         (JSC::DFG::Graph::invalidateCFG):
527         (JSC::DFG::Graph::substituteGetLocal):
528         (JSC::DFG::Graph::handleAssertionFailure):
529         (JSC::DFG::Graph::ensureDominators):
530         (JSC::DFG::Graph::ensurePrePostNumbering):
531         (JSC::DFG::Graph::ensureNaturalLoops):
532         (JSC::DFG::Graph::valueProfileFor):
533         * dfg/DFGGraph.h:
534         (JSC::DFG::Graph::hasDebuggerEnabled):
535         * dfg/DFGLICMPhase.cpp:
536         (JSC::DFG::LICMPhase::run):
537         (JSC::DFG::LICMPhase::attemptHoist):
538         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
539         (JSC::DFG::createPreHeader):
540         (JSC::DFG::LoopPreHeaderCreationPhase::run):
541         * dfg/DFGNaturalLoops.cpp:
542         (JSC::DFG::NaturalLoop::dump):
543         (JSC::DFG::NaturalLoops::NaturalLoops):
544         (JSC::DFG::NaturalLoops::~NaturalLoops):
545         (JSC::DFG::NaturalLoops::loopsOf):
546         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
547         (JSC::DFG::NaturalLoops::compute): Deleted.
548         * dfg/DFGNaturalLoops.h:
549         (JSC::DFG::NaturalLoops::numLoops):
550         * dfg/DFGNode.h:
551         (JSC::DFG::Node::SuccessorsIterable::end):
552         (JSC::DFG::Node::SuccessorsIterable::size):
553         (JSC::DFG::Node::SuccessorsIterable::at):
554         (JSC::DFG::Node::SuccessorsIterable::operator[]):
555         * dfg/DFGOSREntrypointCreationPhase.cpp:
556         (JSC::DFG::OSREntrypointCreationPhase::run):
557         * dfg/DFGObjectAllocationSinkingPhase.cpp:
558         * dfg/DFGPlan.cpp:
559         (JSC::DFG::Plan::compileInThreadImpl):
560         * dfg/DFGPrePostNumbering.cpp:
561         (JSC::DFG::PrePostNumbering::PrePostNumbering):
562         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
563         (JSC::DFG::PrePostNumbering::compute): Deleted.
564         * dfg/DFGPrePostNumbering.h:
565         (JSC::DFG::PrePostNumbering::preNumber):
566         (JSC::DFG::PrePostNumbering::postNumber):
567         * dfg/DFGPutStackSinkingPhase.cpp:
568         * dfg/DFGSSACalculator.cpp:
569         (JSC::DFG::SSACalculator::nonLocalReachingDef):
570         (JSC::DFG::SSACalculator::reachingDefAtTail):
571         * dfg/DFGSSACalculator.h:
572         (JSC::DFG::SSACalculator::computePhis):
573         * dfg/DFGSSAConversionPhase.cpp:
574         (JSC::DFG::SSAConversionPhase::run):
575         * ftl/FTLLink.cpp:
576         (JSC::FTL::link):
577         * ftl/FTLLowerDFGToLLVM.cpp:
578         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
579         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
580         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
581
582 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
583
584         B3::reduceStrength's DCE should be more agro and less wrong
585         https://bugs.webkit.org/show_bug.cgi?id=150748
586
587         Reviewed by Geoffrey Garen.
588
589         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
590         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
591         cycles. It was also probably slower than it needed to be, since it would eliminate all
592         never-referenced things on each fixpoint.
593
594         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
595         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
596         Upsilons, it's a fixpoint. It works fine in the end.
597
598         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
599         writing as a compile time benchmark. So, I include that test in this change. I also include
600         the small lowering extensions that it needed - shifting and zero extending.
601
602         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
603         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
604         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
605         close once we give B3 a register allocator, but still, that's pretty good news for our B3
606         strategy.
607
608         * JavaScriptCore.xcodeproj/project.pbxproj:
609         * assembler/MacroAssemblerX86_64.h:
610         (JSC::MacroAssemblerX86_64::lshift64):
611         (JSC::MacroAssemblerX86_64::rshift64):
612         * assembler/X86Assembler.h:
613         (JSC::X86Assembler::shlq_i8r):
614         (JSC::X86Assembler::shlq_CLr):
615         (JSC::X86Assembler::imull_rr):
616         * b3/B3BasicBlock.cpp:
617         (JSC::B3::BasicBlock::replacePredecessor):
618         (JSC::B3::BasicBlock::dump):
619         (JSC::B3::BasicBlock::removeNops): Deleted.
620         * b3/B3BasicBlock.h:
621         (JSC::B3::BasicBlock::frequency):
622         * b3/B3Common.cpp:
623         (JSC::B3::shouldSaveIRBeforePhase):
624         (JSC::B3::shouldMeasurePhaseTiming):
625         * b3/B3Common.h:
626         (JSC::B3::isRepresentableAsImpl):
627         * b3/B3Generate.cpp:
628         (JSC::B3::generate):
629         (JSC::B3::generateToAir):
630         * b3/B3LowerToAir.cpp:
631         (JSC::B3::Air::LowerToAir::tryAnd):
632         (JSC::B3::Air::LowerToAir::tryShl):
633         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
634         (JSC::B3::Air::LowerToAir::tryTrunc):
635         (JSC::B3::Air::LowerToAir::tryZExt32):
636         (JSC::B3::Air::LowerToAir::tryArgumentReg):
637         * b3/B3LoweringMatcher.patterns:
638         * b3/B3PhaseScope.cpp:
639         (JSC::B3::PhaseScope::PhaseScope):
640         * b3/B3PhaseScope.h:
641         * b3/B3ReduceStrength.cpp:
642         * b3/B3TimingScope.cpp: Added.
643         (JSC::B3::TimingScope::TimingScope):
644         (JSC::B3::TimingScope::~TimingScope):
645         * b3/B3TimingScope.h: Added.
646         * b3/B3Validate.cpp:
647         * b3/air/AirAllocateStack.cpp:
648         (JSC::B3::Air::allocateStack):
649         * b3/air/AirGenerate.cpp:
650         (JSC::B3::Air::generate):
651         * b3/air/AirInstInlines.h:
652         (JSC::B3::Air::ForEach<Arg>::forEach):
653         (JSC::B3::Air::Inst::forEach):
654         (JSC::B3::Air::isLshift32Valid):
655         (JSC::B3::Air::isLshift64Valid):
656         * b3/air/AirLiveness.h:
657         (JSC::B3::Air::Liveness::isAlive):
658         (JSC::B3::Air::Liveness::Liveness):
659         (JSC::B3::Air::Liveness::LocalCalc::execute):
660         * b3/air/AirOpcode.opcodes:
661         * b3/air/AirPhaseScope.cpp:
662         (JSC::B3::Air::PhaseScope::PhaseScope):
663         * b3/air/AirPhaseScope.h:
664         * b3/testb3.cpp:
665         (JSC::B3::testBranchEqualFoldPtr):
666         (JSC::B3::testComplex):
667         (JSC::B3::run):
668         * runtime/Options.h:
669
670 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
671
672         [ES6] Add support for toStringTag
673         https://bugs.webkit.org/show_bug.cgi?id=150696
674
675         Re-landing, as this wasn't the culprit.
676
677         * runtime/ArrayIteratorPrototype.cpp:
678         (JSC::ArrayIteratorPrototype::finishCreation):
679         * runtime/CommonIdentifiers.h:
680         * runtime/JSArrayBufferPrototype.cpp:
681         (JSC::JSArrayBufferPrototype::finishCreation):
682         (JSC::JSArrayBufferPrototype::create):
683         * runtime/JSDataViewPrototype.cpp:
684         (JSC::JSDataViewPrototype::create):
685         (JSC::JSDataViewPrototype::finishCreation):
686         (JSC::JSDataViewPrototype::createStructure):
687         * runtime/JSDataViewPrototype.h:
688         * runtime/JSModuleNamespaceObject.cpp:
689         (JSC::JSModuleNamespaceObject::finishCreation):
690         * runtime/JSONObject.cpp:
691         (JSC::JSONObject::finishCreation):
692         * runtime/JSPromisePrototype.cpp:
693         (JSC::JSPromisePrototype::finishCreation):
694         (JSC::JSPromisePrototype::getOwnPropertySlot):
695         * runtime/JSTypedArrayViewPrototype.cpp:
696         (JSC::typedArrayViewProtoFuncValues):
697         (JSC::typedArrayViewProtoGetterFuncToStringTag):
698         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
699         (JSC::JSTypedArrayViewPrototype::finishCreation):
700         * runtime/MapIteratorPrototype.cpp:
701         (JSC::MapIteratorPrototype::finishCreation):
702         (JSC::MapIteratorPrototypeFuncNext):
703         * runtime/MapPrototype.cpp:
704         (JSC::MapPrototype::finishCreation):
705         * runtime/MathObject.cpp:
706         (JSC::MathObject::finishCreation):
707         * runtime/ObjectPrototype.cpp:
708         (JSC::objectProtoFuncToString):
709         * runtime/SetIteratorPrototype.cpp:
710         (JSC::SetIteratorPrototype::finishCreation):
711         (JSC::SetIteratorPrototypeFuncNext):
712         * runtime/SetPrototype.cpp:
713         (JSC::SetPrototype::finishCreation):
714         * runtime/SmallStrings.cpp:
715         (JSC::SmallStrings::SmallStrings):
716         (JSC::SmallStrings::initializeCommonStrings):
717         (JSC::SmallStrings::visitStrongReferences):
718         * runtime/SmallStrings.h:
719         (JSC::SmallStrings::typeString):
720         (JSC::SmallStrings::objectStringStart):
721         (JSC::SmallStrings::nullObjectString):
722         (JSC::SmallStrings::undefinedObjectString):
723         * runtime/StringIteratorPrototype.cpp:
724         (JSC::StringIteratorPrototype::finishCreation):
725         * runtime/SymbolPrototype.cpp:
726         (JSC::SymbolPrototype::finishCreation):
727         * runtime/WeakMapPrototype.cpp:
728         (JSC::WeakMapPrototype::finishCreation):
729         (JSC::getWeakMapData):
730         * runtime/WeakSetPrototype.cpp:
731         (JSC::WeakSetPrototype::finishCreation):
732         (JSC::getWeakMapData):
733         * tests/es6.yaml:
734         * tests/modules/namespace.js:
735         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
736
737 2015-11-01  Commit Queue  <commit-queue@webkit.org>
738
739         Unreviewed, rolling out r191815 and r191821.
740         https://bugs.webkit.org/show_bug.cgi?id=150781
741
742         Seems to have broken JSC API tests on some platforms
743         (Requested by ap on #webkit).
744
745         Reverted changesets:
746
747         "[ES6] Add support for toStringTag"
748         https://bugs.webkit.org/show_bug.cgi?id=150696
749         http://trac.webkit.org/changeset/191815
750
751         "Unreviewed, forgot to mark tests as passing for new feature."
752         http://trac.webkit.org/changeset/191821
753
754 2015-11-01  Commit Queue  <commit-queue@webkit.org>
755
756         Unreviewed, rolling out r191858.
757         https://bugs.webkit.org/show_bug.cgi?id=150780
758
759         Broke the build (Requested by ap on #webkit).
760
761         Reverted changeset:
762
763         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
764         https://bugs.webkit.org/show_bug.cgi?id=150773
765         http://trac.webkit.org/changeset/191858
766
767 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
768
769         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
770
771         * b3/B3LowerToAir.cpp:
772         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
773
774 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
775
776         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
777
778         * b3/B3LowerToAir.cpp:
779         (JSC::B3::Air::LowerToAir::tryTrunc):
780
781 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
782
783         Rename op_put_getter_setter to op_put_getter_setter_by_id
784         https://bugs.webkit.org/show_bug.cgi?id=150773
785
786         Reviewed by Mark Lam.
787
788         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
789         the other ops' names like op_put_getter_by_id etc.
790
791         * bytecode/BytecodeList.json:
792         * bytecode/BytecodeUseDef.h:
793         (JSC::computeUsesForBytecodeOffset):
794         (JSC::computeDefsForBytecodeOffset):
795         * bytecode/CodeBlock.cpp:
796         (JSC::CodeBlock::dumpBytecode):
797         * bytecompiler/BytecodeGenerator.cpp:
798         (JSC::BytecodeGenerator::emitPutGetterSetter):
799         * dfg/DFGByteCodeParser.cpp:
800         (JSC::DFG::ByteCodeParser::parseBlock):
801         * dfg/DFGCapabilities.cpp:
802         (JSC::DFG::capabilityLevel):
803         * jit/JIT.cpp:
804         (JSC::JIT::privateCompileMainPass):
805         * jit/JIT.h:
806         * jit/JITPropertyAccess.cpp:
807         (JSC::JIT::emit_op_put_getter_setter_by_id):
808         (JSC::JIT::emit_op_put_getter_setter): Deleted.
809         * jit/JITPropertyAccess32_64.cpp:
810         (JSC::JIT::emit_op_put_getter_setter_by_id):
811         (JSC::JIT::emit_op_put_getter_setter): Deleted.
812         * llint/LLIntSlowPaths.cpp:
813         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
814         * llint/LLIntSlowPaths.h:
815         * llint/LowLevelInterpreter.asm:
816
817 2015-10-31  Andreas Kling  <akling@apple.com>
818
819         Add a debug overlay with information about web process resource usage.
820         <https://webkit.org/b/150599>
821
822         Reviewed by Darin Adler.
823
824         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
825         WeakBlock objects, keeping them in a single location that can be sampled by the
826         resource usage overlay thread.
827
828         The bulk of these changes is threading a Heap& through from sites where blocks are
829         allocated or freed.
830
831         * heap/CopiedBlock.cpp:
832         (JSC::CopiedBlock::createNoZeroFill):
833         (JSC::CopiedBlock::destroy):
834         (JSC::CopiedBlock::create):
835         * heap/CopiedBlock.h:
836         * heap/CopiedSpace.cpp:
837         (JSC::CopiedSpace::~CopiedSpace):
838         (JSC::CopiedSpace::tryAllocateOversize):
839         (JSC::CopiedSpace::tryReallocateOversize):
840         * heap/CopiedSpaceInlines.h:
841         (JSC::CopiedSpace::recycleEvacuatedBlock):
842         (JSC::CopiedSpace::recycleBorrowedBlock):
843         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
844         (JSC::CopiedSpace::allocateBlock):
845         (JSC::CopiedSpace::startedCopying):
846         * heap/Heap.cpp:
847         (JSC::Heap::~Heap):
848         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
849         * heap/Heap.h:
850         (JSC::Heap::blockBytesAllocated):
851         * heap/HeapInlines.h:
852         (JSC::Heap::didAllocateBlock):
853         (JSC::Heap::didFreeBlock):
854         * heap/MarkedAllocator.cpp:
855         (JSC::MarkedAllocator::allocateBlock):
856         * heap/MarkedBlock.cpp:
857         (JSC::MarkedBlock::create):
858         (JSC::MarkedBlock::destroy):
859         * heap/MarkedBlock.h:
860         * heap/MarkedSpace.cpp:
861         (JSC::MarkedSpace::freeBlock):
862         * heap/WeakBlock.cpp:
863         (JSC::WeakBlock::create):
864         (JSC::WeakBlock::destroy):
865         * heap/WeakBlock.h:
866         * heap/WeakSet.cpp:
867         (JSC::WeakSet::~WeakSet):
868         (JSC::WeakSet::addAllocator):
869         (JSC::WeakSet::removeAllocator):
870
871 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
872
873         Air should eliminate dead code
874         https://bugs.webkit.org/show_bug.cgi?id=150746
875
876         Reviewed by Geoffrey Garen.
877
878         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
879         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
880         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
881         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
882         runs these rules to fixpoint, and then removes the dead instructions.
883
884         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
885         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
886         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
887         checks are all Specials, and the Special base class by default always claims that the
888         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
889         exotic math constructs; then the Special associated with that thing would claim that there
890         are no effects.
891
892         * JavaScriptCore.xcodeproj/project.pbxproj:
893         * b3/air/AirBasicBlock.h:
894         (JSC::B3::Air::BasicBlock::begin):
895         (JSC::B3::Air::BasicBlock::end):
896         (JSC::B3::Air::BasicBlock::at):
897         (JSC::B3::Air::BasicBlock::last):
898         (JSC::B3::Air::BasicBlock::resize):
899         (JSC::B3::Air::BasicBlock::appendInst):
900         * b3/air/AirEliminateDeadCode.cpp: Added.
901         (JSC::B3::Air::eliminateDeadCode):
902         * b3/air/AirEliminateDeadCode.h: Added.
903         * b3/air/AirGenerate.cpp:
904         (JSC::B3::Air::generate):
905         * b3/air/AirInst.h:
906         * b3/air/AirOpcode.opcodes:
907         * b3/air/AirSpecial.cpp:
908         (JSC::B3::Air::Special::name):
909         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
910         (JSC::B3::Air::Special::dump):
911         * b3/air/AirSpecial.h:
912         * b3/air/opcode_generator.rb:
913
914 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
915
916         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
917         https://bugs.webkit.org/show_bug.cgi?id=150511
918
919         Reviewed by Saam Barati.
920
921         This change adds such a phase. In the process of writing it, I was reminded about the
922         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
923
924         * JavaScriptCore.xcodeproj/project.pbxproj:
925         * b3/air/AirAllocateStack.cpp:
926         (JSC::B3::Air::allocateStack):
927         * b3/air/AirGenerate.cpp:
928         (JSC::B3::Air::generate):
929         * b3/air/AirReportUsedRegisters.cpp: Added.
930         (JSC::B3::Air::reportUsedRegisters):
931         * b3/air/AirReportUsedRegisters.h: Added.
932
933 2015-10-31  Brian Burg  <bburg@apple.com>
934
935         Builtins generator should put WebCore-only wrappers in the per-builtin header
936         https://bugs.webkit.org/show_bug.cgi?id=150539
937
938         Reviewed by Youenn Fablet.
939
940         If generating for WebCore, put the XXXWrapper and related boilerplate
941         in the per-builtin header instead of making a separate XXXWrapper.h.
942
943         Rebaseline the tests.
944
945         * CMakeLists.txt:
946         * DerivedSources.make:
947         * Scripts/builtins/builtins.py:
948         * Scripts/builtins/builtins_generate_separate_header.py:
949         (BuiltinsSeparateHeaderGenerator.generate_output):
950         (generate_header_includes):
951         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
952         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
953         * Scripts/generate-js-builtins.py:
954         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
955         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
956         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
957         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
958
959 2015-10-31  Saam barati  <sbarati@apple.com>
960
961         JSC should have a forceGCSlowPaths option
962         https://bugs.webkit.org/show_bug.cgi?id=150744
963
964         Reviewed by Filip Pizlo.
965
966         This patch implements the forceGCSlowPaths option.
967         It defaults to false, but when it is set to true,
968         the JITs will always allocate objects along the slow
969         path. This will be helpful for writing a certain class
970         of tests. This may also come in handy for debugging
971         later.
972
973         This patch also adds the "forceGCSlowPaths" function
974         in jsc.cpp which sets the option to true. If you
975         use this function in a jsc stress test, it's best
976         to call it as the first thing in the program before
977         we JIT anything.
978
979         * dfg/DFGSpeculativeJIT.h:
980         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
981         * ftl/FTLLowerDFGToLLVM.cpp:
982         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
983         * jit/JITInlines.h:
984         (JSC::JIT::emitAllocateJSObject):
985         * jsc.cpp:
986         (GlobalObject::finishCreation):
987         (functionEdenGC):
988         (functionForceGCSlowPaths):
989         (functionHeapSize):
990         * runtime/Options.h:
991
992 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
993
994         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
995         https://bugs.webkit.org/show_bug.cgi?id=150753
996
997         Reviewed by Timothy Hatcher.
998
999         * parser/Parser.h:
1000         (JSC::Parser<LexerType>::parse):
1001         Only set the directives on the SourceProvider if we were parsing the
1002         entire file (Program or Module), not if we are in function parsing mode.
1003         This was inadvertently clearing the directives stored on the
1004         SourceProvider when the function parse didn't see directives and reset
1005         the values on the source provider.
1006
1007 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1008
1009         [JSC] Add lowering for B3's Sub operation with integers
1010         https://bugs.webkit.org/show_bug.cgi?id=150749
1011
1012         Reviewed by Filip Pizlo.
1013
1014         * b3/B3LowerToAir.cpp:
1015         (JSC::B3::Air::LowerToAir::trySub):
1016         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
1017         * b3/B3LoweringMatcher.patterns:
1018         Identical to Add but obviously NotCommutative.
1019
1020         * b3/B3ReduceStrength.cpp:
1021         Turn Add/Sub with zero into an identity. I only added for
1022         Add since Sub with a constant is always turned into an Add.
1023
1024         Also switched the Sub optimizations to put the strongest first.
1025
1026         * b3/air/AirOpcode.opcodes:
1027         * b3/testb3.cpp:
1028         (JSC::B3::testAddArgImm):
1029         (JSC::B3::testAddImmArg):
1030         (JSC::B3::testSubArgs):
1031         (JSC::B3::testSubArgImm):
1032         (JSC::B3::testSubImmArg):
1033         (JSC::B3::testSubArgs32):
1034         (JSC::B3::testSubArgImm32):
1035         (JSC::B3::testSubImmArg32):
1036         (JSC::B3::testStoreSubLoad):
1037         (JSC::B3::run):
1038
1039 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1040
1041         [JSC] Add the Air Opcode definitions to the Xcode project file
1042         https://bugs.webkit.org/show_bug.cgi?id=150701
1043
1044         Reviewed by Geoffrey Garen.
1045
1046         * JavaScriptCore.xcodeproj/project.pbxproj:
1047         Easier for those who use Xcode :)
1048
1049 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1050
1051         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
1052
1053         * b3/B3ValueRep.h:
1054
1055 2015-10-30  Michael Saboff  <msaboff@apple.com>
1056
1057         Windows X86-64 change for Crash making a tail call from a getter to a host function
1058         https://bugs.webkit.org/show_bug.cgi?id=150737
1059
1060         Reviewed by Geoffrey Garen.
1061
1062         Need to make the same change for Windows X86-64 as was made in change set
1063         http://trac.webkit.org/changeset/191765.
1064
1065         * jit/JITStubsMSVC64.asm:
1066
1067 2015-10-30  Keith Miller  <keith_miller@apple.com>
1068
1069         Unreviewed, forgot to mark tests as passing for new feature.
1070
1071         * tests/es6.yaml:
1072
1073 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1074
1075         B3 should be able to compile a control flow diamond
1076         https://bugs.webkit.org/show_bug.cgi?id=150720
1077
1078         Reviewed by Benjamin Poulain.
1079
1080         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
1081         comparisons and boolean-like operations.
1082
1083         * assembler/MacroAssembler.cpp:
1084         (WTF::printInternal):
1085         * assembler/MacroAssembler.h:
1086         * b3/B3BasicBlockUtils.h:
1087         (JSC::B3::replacePredecessor):
1088         (JSC::B3::resetReachability):
1089         * b3/B3CheckValue.h:
1090         * b3/B3Common.h:
1091         (JSC::B3::isRepresentableAsImpl):
1092         (JSC::B3::isRepresentableAs):
1093         * b3/B3Const32Value.cpp:
1094         (JSC::B3::Const32Value::subConstant):
1095         (JSC::B3::Const32Value::equalConstant):
1096         (JSC::B3::Const32Value::notEqualConstant):
1097         (JSC::B3::Const32Value::dumpMeta):
1098         * b3/B3Const32Value.h:
1099         * b3/B3Const64Value.cpp:
1100         (JSC::B3::Const64Value::subConstant):
1101         (JSC::B3::Const64Value::equalConstant):
1102         (JSC::B3::Const64Value::notEqualConstant):
1103         (JSC::B3::Const64Value::dumpMeta):
1104         * b3/B3Const64Value.h:
1105         * b3/B3ConstDoubleValue.cpp:
1106         (JSC::B3::ConstDoubleValue::subConstant):
1107         (JSC::B3::ConstDoubleValue::equalConstant):
1108         (JSC::B3::ConstDoubleValue::notEqualConstant):
1109         (JSC::B3::ConstDoubleValue::dumpMeta):
1110         * b3/B3ConstDoubleValue.h:
1111         * b3/B3ControlValue.cpp:
1112         (JSC::B3::ControlValue::~ControlValue):
1113         (JSC::B3::ControlValue::convertToJump):
1114         (JSC::B3::ControlValue::dumpMeta):
1115         * b3/B3ControlValue.h:
1116         * b3/B3LowerToAir.cpp:
1117         (JSC::B3::Air::LowerToAir::imm):
1118         (JSC::B3::Air::LowerToAir::tryStackSlot):
1119         (JSC::B3::Air::LowerToAir::tryUpsilon):
1120         (JSC::B3::Air::LowerToAir::tryPhi):
1121         (JSC::B3::Air::LowerToAir::tryBranch):
1122         (JSC::B3::Air::LowerToAir::tryJump):
1123         (JSC::B3::Air::LowerToAir::tryIdentity):
1124         * b3/B3LoweringMatcher.patterns:
1125         * b3/B3Opcode.h:
1126         * b3/B3Procedure.cpp:
1127         (JSC::B3::Procedure::resetReachability):
1128         (JSC::B3::Procedure::dump):
1129         * b3/B3ReduceStrength.cpp:
1130         * b3/B3UpsilonValue.cpp:
1131         (JSC::B3::UpsilonValue::dumpMeta):
1132         * b3/B3UpsilonValue.h:
1133         (JSC::B3::UpsilonValue::accepts): Deleted.
1134         (JSC::B3::UpsilonValue::phi): Deleted.
1135         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
1136         * b3/B3Validate.cpp:
1137         * b3/B3Value.cpp:
1138         (JSC::B3::Value::subConstant):
1139         (JSC::B3::Value::equalConstant):
1140         (JSC::B3::Value::notEqualConstant):
1141         (JSC::B3::Value::returnsBool):
1142         (JSC::B3::Value::asTriState):
1143         (JSC::B3::Value::effects):
1144         * b3/B3Value.h:
1145         * b3/B3ValueInlines.h:
1146         (JSC::B3::Value::asInt32):
1147         (JSC::B3::Value::isInt32):
1148         (JSC::B3::Value::hasInt64):
1149         (JSC::B3::Value::asInt64):
1150         (JSC::B3::Value::isInt64):
1151         (JSC::B3::Value::hasInt):
1152         (JSC::B3::Value::asIntPtr):
1153         (JSC::B3::Value::isIntPtr):
1154         (JSC::B3::Value::hasDouble):
1155         (JSC::B3::Value::asDouble):
1156         (JSC::B3::Value::isEqualToDouble):
1157         (JSC::B3::Value::hasNumber):
1158         (JSC::B3::Value::representableAs):
1159         (JSC::B3::Value::asNumber):
1160         (JSC::B3::Value::stackmap):
1161         * b3/air/AirArg.cpp:
1162         (JSC::B3::Air::Arg::dump):
1163         * b3/air/AirArg.h:
1164         (JSC::B3::Air::Arg::resCond):
1165         (JSC::B3::Air::Arg::doubleCond):
1166         (JSC::B3::Air::Arg::special):
1167         (JSC::B3::Air::Arg::isResCond):
1168         (JSC::B3::Air::Arg::isDoubleCond):
1169         (JSC::B3::Air::Arg::isSpecial):
1170         (JSC::B3::Air::Arg::isGP):
1171         (JSC::B3::Air::Arg::isFP):
1172         (JSC::B3::Air::Arg::asResultCondition):
1173         (JSC::B3::Air::Arg::asDoubleCondition):
1174         (JSC::B3::Air::Arg::Arg):
1175         * b3/air/AirCode.cpp:
1176         (JSC::B3::Air::Code::resetReachability):
1177         (JSC::B3::Air::Code::dump):
1178         * b3/air/AirOpcode.opcodes:
1179         * b3/air/opcode_generator.rb:
1180         * b3/testb3.cpp:
1181         (hiddenTruthBecauseNoReturnIsStupid):
1182         (usage):
1183         (JSC::B3::compile):
1184         (JSC::B3::invoke):
1185         (JSC::B3::compileAndRun):
1186         (JSC::B3::test42):
1187         (JSC::B3::testStoreLoadStackSlot):
1188         (JSC::B3::testBranch):
1189         (JSC::B3::testDiamond):
1190         (JSC::B3::testBranchNotEqual):
1191         (JSC::B3::testBranchFold):
1192         (JSC::B3::testDiamondFold):
1193         (JSC::B3::run):
1194         (run):
1195         (main):
1196
1197 2015-10-30  Keith Miller  <keith_miller@apple.com>
1198
1199         [ES6] Add support for toStringTag
1200         https://bugs.webkit.org/show_bug.cgi?id=150696
1201
1202         Reviewed by Geoffrey Garen.
1203
1204         This patch adds support for Symbol.toStringTag. This is a simple
1205         feature, if an object passed to Object.prototype.toString() has a
1206         toStringTag we use the tag in the string rather than the class info.
1207         Added a test that checks this works for all the default supported classes
1208         along with the corresponding prototype and custom cases.
1209
1210         * runtime/ArrayIteratorPrototype.cpp:
1211         (JSC::ArrayIteratorPrototype::finishCreation):
1212         * runtime/CommonIdentifiers.h:
1213         * runtime/JSArrayBufferPrototype.cpp:
1214         (JSC::JSArrayBufferPrototype::finishCreation):
1215         * runtime/JSDataViewPrototype.cpp:
1216         (JSC::JSDataViewPrototype::finishCreation):
1217         * runtime/JSDataViewPrototype.h:
1218         * runtime/JSModuleNamespaceObject.cpp:
1219         (JSC::JSModuleNamespaceObject::finishCreation):
1220         * runtime/JSONObject.cpp:
1221         (JSC::JSONObject::finishCreation):
1222         * runtime/JSPromisePrototype.cpp:
1223         (JSC::JSPromisePrototype::finishCreation):
1224         * runtime/JSTypedArrayViewPrototype.cpp:
1225         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1226         (JSC::JSTypedArrayViewPrototype::finishCreation):
1227         * runtime/MapIteratorPrototype.cpp:
1228         (JSC::MapIteratorPrototype::finishCreation):
1229         * runtime/MapPrototype.cpp:
1230         (JSC::MapPrototype::finishCreation):
1231         * runtime/MathObject.cpp:
1232         (JSC::MathObject::finishCreation):
1233         * runtime/ObjectPrototype.cpp:
1234         (JSC::objectProtoFuncToString):
1235         * runtime/SetIteratorPrototype.cpp:
1236         (JSC::SetIteratorPrototype::finishCreation):
1237         * runtime/SetPrototype.cpp:
1238         (JSC::SetPrototype::finishCreation):
1239         * runtime/SmallStrings.cpp:
1240         (JSC::SmallStrings::SmallStrings):
1241         (JSC::SmallStrings::initializeCommonStrings):
1242         (JSC::SmallStrings::visitStrongReferences):
1243         * runtime/SmallStrings.h:
1244         (JSC::SmallStrings::objectStringStart):
1245         * runtime/StringIteratorPrototype.cpp:
1246         (JSC::StringIteratorPrototype::finishCreation):
1247         * runtime/SymbolPrototype.cpp:
1248         (JSC::SymbolPrototype::finishCreation):
1249         * runtime/WeakMapPrototype.cpp:
1250         (JSC::WeakMapPrototype::finishCreation):
1251         * runtime/WeakSetPrototype.cpp:
1252         (JSC::WeakSetPrototype::finishCreation):
1253         * tests/modules/namespace.js:
1254         * tests/stress/symbol-tostringtag.js: Added.
1255         (toStr):
1256         (strName):
1257         (classes.string_appeared_here):
1258
1259 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1260
1261         Web Inspector: Do not show JavaScriptCore builtins in inspector
1262         https://bugs.webkit.org/show_bug.cgi?id=146049
1263
1264         Reviewed by Geoffrey Garen.
1265
1266         * debugger/Debugger.cpp:
1267         When gathering scripts to notify the inspector / debuggers about
1268         skip over sources containing host / built-in functions as those
1269         for those won't contain source code developers expect to see.
1270
1271 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1272
1273         Fix typo in "use strict" in TypedArray builtins
1274         https://bugs.webkit.org/show_bug.cgi?id=150709
1275
1276         Reviewed by Geoffrey Garen.
1277
1278         * builtins/TypedArray.prototype.js:
1279         (toLocaleString):
1280
1281 2015-10-29  Philippe Normand  <pnormand@igalia.com>
1282
1283         [GTK][Mac] disable OBJC JSC API
1284         https://bugs.webkit.org/show_bug.cgi?id=150500
1285
1286         Reviewed by Alex Christensen.
1287
1288         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
1289
1290 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1291
1292         Air::handleCalleeSaves shouldn't save/restore the frame pointer
1293         https://bugs.webkit.org/show_bug.cgi?id=150688
1294
1295         Reviewed by Michael Saboff.
1296
1297         We save/restore the FP inside Air::generate().
1298
1299         * b3/air/AirHandleCalleeSaves.cpp:
1300         (JSC::B3::Air::handleCalleeSaves):
1301
1302 2015-10-29  Michael Saboff  <msaboff@apple.com>
1303
1304         Crash making a tail call from a getter to a host function
1305         https://bugs.webkit.org/show_bug.cgi?id=150663
1306
1307         Reviewed by Geoffrey Garen.
1308
1309         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
1310         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
1311
1312         * jit/JITOperations.cpp:
1313
1314 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1315
1316         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
1317         https://bugs.webkit.org/show_bug.cgi?id=150685
1318
1319         Reviewed by Geoffrey Garen.
1320
1321         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
1322         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
1323         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
1324         requires fewer bits.
1325
1326         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
1327         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
1328         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
1329         helper should happily accept either Const32Value or Const64Value.
1330
1331         We already sort of had this with immAnyType(), but it just turns out that anyone using
1332         immAnyType() should really be using imm().
1333
1334         * b3/B3LowerToAir.cpp:
1335         (JSC::B3::Air::LowerToAir::imm):
1336         (JSC::B3::Air::LowerToAir::tryStore):
1337         (JSC::B3::Air::LowerToAir::tryConst64):
1338         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
1339         * b3/testb3.cpp:
1340         (JSC::B3::testAdd1):
1341         (JSC::B3::testAdd1Ptr):
1342         (JSC::B3::testStoreAddLoad):
1343         (JSC::B3::run):
1344
1345 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1346
1347         StoreOpLoad pattern matching should check effects between the Store and Load
1348         https://bugs.webkit.org/show_bug.cgi?id=150534
1349
1350         Reviewed by Geoffrey Garen.
1351
1352         If we turn:
1353
1354             a = Load(addr)
1355             b = Add(a, 42)
1356             Store(b, addr)
1357
1358         Into:
1359
1360             Add $42, (addr)
1361
1362         Then we must make sure that we didn't really have this to begin with:
1363
1364             a = Load(addr)
1365             Store(666, addr)
1366             b = Add(a, 42)
1367             Store(b, addr)
1368
1369         That's because pattern matching doesn't care about control flow, and it finds the Load
1370         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
1371         enough to broadly ask questions about whether such a code motion of the Load is legal.
1372
1373         * b3/B3Effects.cpp:
1374         (JSC::B3::Effects::interferes):
1375         (JSC::B3::Effects::dump):
1376         * b3/B3Effects.h:
1377         (JSC::B3::Effects::mustExecute):
1378         * b3/B3LowerToAir.cpp:
1379         (JSC::B3::Air::LowerToAir::run):
1380         (JSC::B3::Air::LowerToAir::commitInternal):
1381         (JSC::B3::Air::LowerToAir::crossesInterference):
1382         (JSC::B3::Air::LowerToAir::effectiveAddr):
1383         (JSC::B3::Air::LowerToAir::loadAddr):
1384         * b3/B3Procedure.cpp:
1385         (JSC::B3::Procedure::addBlock):
1386         (JSC::B3::Procedure::resetValueOwners):
1387         (JSC::B3::Procedure::resetReachability):
1388         * b3/B3Procedure.h:
1389         * b3/B3Value.cpp:
1390         (JSC::B3::Value::effects):
1391         * b3/B3Value.h:
1392         * b3/testb3.cpp:
1393         (JSC::B3::testStoreAddLoad):
1394         (JSC::B3::testStoreAddLoadInterference):
1395         (JSC::B3::testStoreAddAndLoad):
1396         (JSC::B3::testLoadOffsetUsingAdd):
1397         (JSC::B3::testLoadOffsetUsingAddInterference):
1398         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1399         (JSC::B3::run):
1400
1401 2015-10-29  Brady Eidson  <beidson@apple.com>
1402
1403         Modern IDB: deleteObjectStore support.
1404         https://bugs.webkit.org/show_bug.cgi?id=150673
1405
1406         Reviewed by Alex Christensen.
1407
1408         * runtime/VM.h:
1409
1410 2015-10-29  Mark Lam  <mark.lam@apple.com>
1411
1412         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
1413         https://bugs.webkit.org/show_bug.cgi?id=150687
1414
1415         Unreviewed.
1416
1417         Disabling the feature while it is being debugged.  I'm doing this by effectively
1418         rolling out only the changes in FTLCapabilities.cpp.
1419
1420         * ftl/FTLCapabilities.cpp:
1421         (JSC::FTL::canCompile):
1422
1423 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1424
1425         Unreviewed, fix iOS build.
1426
1427         * assembler/MacroAssemblerARM64.h:
1428         (JSC::MacroAssemblerARM64::store64):
1429
1430 2015-10-29  Alex Christensen  <achristensen@webkit.org>
1431
1432         Fix Mac CMake build
1433         https://bugs.webkit.org/show_bug.cgi?id=150686
1434
1435         Reviewed by Filip Pizlo.
1436
1437         * API/ObjCCallbackFunction.mm:
1438         * CMakeLists.txt:
1439         * PlatformMac.cmake:
1440
1441 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1442
1443         Air needs syntax for escaping StackSlots
1444         https://bugs.webkit.org/show_bug.cgi?id=150430
1445
1446         Reviewed by Geoffrey Garen.
1447
1448         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
1449         instruction for getting the value of an address. This is necessary to support arbitrary
1450         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
1451         this new instruction.
1452
1453         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
1454         would do: it evaluates an address, but does not load from it or store to it.
1455
1456         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
1457         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
1458         that StackSlots may escape, and factors this into its analysis.
1459
1460         * assembler/MacroAssembler.h:
1461         (JSC::MacroAssembler::lea):
1462         * b3/B3AddressMatcher.patterns:
1463         * b3/B3LowerToAir.cpp:
1464         (JSC::B3::Air::LowerToAir::run):
1465         (JSC::B3::Air::LowerToAir::addr):
1466         (JSC::B3::Air::LowerToAir::loadAddr):
1467         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1468         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
1469         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
1470         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1471         (JSC::B3::Air::LowerToAir::tryConst64):
1472         (JSC::B3::Air::LowerToAir::tryFramePointer):
1473         (JSC::B3::Air::LowerToAir::tryStackSlot):
1474         (JSC::B3::Air::LowerToAir::tryIdentity):
1475         * b3/B3LoweringMatcher.patterns:
1476         * b3/B3MemoryValue.cpp:
1477         (JSC::B3::MemoryValue::~MemoryValue):
1478         (JSC::B3::MemoryValue::accessByteSize):
1479         (JSC::B3::MemoryValue::dumpMeta):
1480         * b3/B3MemoryValue.h:
1481         * b3/B3ReduceStrength.cpp:
1482         * b3/B3StackSlotValue.h:
1483         (JSC::B3::StackSlotValue::accepts): Deleted.
1484         * b3/B3Type.h:
1485         (JSC::B3::pointerType):
1486         (JSC::B3::sizeofType):
1487         * b3/B3Validate.cpp:
1488         * b3/B3Value.h:
1489         * b3/air/AirAllocateStack.cpp:
1490         (JSC::B3::Air::allocateStack):
1491         * b3/air/AirArg.h:
1492         (JSC::B3::Air::Arg::isUse):
1493         (JSC::B3::Air::Arg::isDef):
1494         (JSC::B3::Air::Arg::forEachTmp):
1495         * b3/air/AirCode.cpp:
1496         (JSC::B3::Air::Code::addStackSlot):
1497         (JSC::B3::Air::Code::addSpecial):
1498         * b3/air/AirCode.h:
1499         * b3/air/AirOpcode.opcodes:
1500         * b3/air/AirSpillEverything.cpp:
1501         (JSC::B3::Air::spillEverything):
1502         * b3/air/AirStackSlot.h:
1503         (JSC::B3::Air::StackSlot::byteSize):
1504         (JSC::B3::Air::StackSlot::kind):
1505         (JSC::B3::Air::StackSlot::isLocked):
1506         (JSC::B3::Air::StackSlot::index):
1507         (JSC::B3::Air::StackSlot::alignment):
1508         * b3/air/opcode_generator.rb:
1509         * b3/testb3.cpp:
1510         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1511         (JSC::B3::testFramePointer):
1512         (JSC::B3::testStackSlot):
1513         (JSC::B3::testLoadFromFramePointer):
1514         (JSC::B3::testStoreLoadStackSlot):
1515         (JSC::B3::run):
1516
1517 2015-10-29  Saam barati  <sbarati@apple.com>
1518
1519         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
1520         https://bugs.webkit.org/show_bug.cgi?id=150655
1521
1522         Reviewed by Filip Pizlo.
1523
1524         We're recomputing this value for an *OSRExitDescriptor* for every one
1525         of its corresponding *OSRExits*. This is having a multiplicative
1526         effect on offsets because each computation is relative to the previous
1527         value. We must do this computation just once per OSRExitDescriptor.
1528
1529         * ftl/FTLCompile.cpp:
1530         (JSC::FTL::mmAllocateDataSection):
1531
1532 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1533
1534         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
1535         https://bugs.webkit.org/show_bug.cgi?id=150657
1536
1537         Reviewed by Geoffrey Garen.
1538
1539         Also added the ability to store an immediate to memory.
1540
1541         * assembler/MacroAssembler.h:
1542         (JSC::MacroAssembler::storePtr):
1543         * assembler/MacroAssemblerARM64.h:
1544         (JSC::MacroAssemblerARM64::store64):
1545         * assembler/MacroAssemblerX86_64.h:
1546         (JSC::MacroAssemblerX86_64::store64):
1547         * b3/B3LowerToAir.cpp:
1548         (JSC::B3::Air::LowerToAir::imm):
1549         (JSC::B3::Air::LowerToAir::immAnyInt):
1550         (JSC::B3::Air::LowerToAir::immOrTmp):
1551         (JSC::B3::Air::LowerToAir::tryStore):
1552         * b3/air/AirOpcode.opcodes:
1553         * b3/air/AirSpillEverything.cpp:
1554         (JSC::B3::Air::spillEverything):
1555         * b3/testb3.cpp:
1556         (JSC::B3::testStore):
1557         (JSC::B3::testStoreConstant):
1558         (JSC::B3::testStoreConstantPtr):
1559         (JSC::B3::testTrunc):
1560         (JSC::B3::run):
1561
1562 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
1563
1564         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
1565         https://bugs.webkit.org/show_bug.cgi?id=150654
1566
1567         Reviewed by Geoffrey Garen.
1568
1569         * inspector/scripts/codegen/generator.py:
1570
1571 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1572
1573         B3::reduceStrength() should do DCE
1574         https://bugs.webkit.org/show_bug.cgi?id=150656
1575
1576         Reviewed by Saam Barati.
1577
1578         * b3/B3BasicBlock.cpp:
1579         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
1580         * b3/B3BasicBlock.h:
1581         * b3/B3Procedure.cpp:
1582         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
1583         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
1584         * b3/B3Procedure.h:
1585         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
1586         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
1587         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
1588         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
1589         (JSC::B3::Procedure::values):
1590         * b3/B3ProcedureInlines.h:
1591         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
1592         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
1593
1594 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
1595
1596         Web Inspector: Remove unused / duplicate WebSocket timeline records
1597         https://bugs.webkit.org/show_bug.cgi?id=150647
1598
1599         Reviewed by Timothy Hatcher.
1600
1601         * inspector/protocol/Timeline.json:
1602
1603 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1604
1605         B3::LowerToAir should not duplicate Loads
1606         https://bugs.webkit.org/show_bug.cgi?id=150651
1607
1608         Reviewed by Benjamin Poulain.
1609
1610         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
1611         if we haven't already emitted code that uses the Value and the Value has only one direct
1612         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
1613         Value: we won't emit any more code for it in the future.
1614
1615         The optimization to fuse Loads was forgetting to do all of these things, and so generated
1616         code would have a lot of duplicated Loads. That's bad and this change fixes that.
1617
1618         Ordinarily, this is far less tricky because the pattern matcher does this for us via
1619         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
1620         won't need to do this manually very often.
1621
1622         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
1623         debug.
1624
1625         * b3/B3IndexMap.h:
1626         (JSC::B3::IndexMap::IndexMap):
1627         (JSC::B3::IndexMap::resize):
1628         (JSC::B3::IndexMap::operator[]):
1629         * b3/B3LowerToAir.cpp:
1630         (JSC::B3::Air::LowerToAir::tmp):
1631         (JSC::B3::Air::LowerToAir::canBeInternal):
1632         (JSC::B3::Air::LowerToAir::commitInternal):
1633         (JSC::B3::Air::LowerToAir::effectiveAddr):
1634         (JSC::B3::Air::LowerToAir::loadAddr):
1635         (JSC::B3::Air::LowerToAir::appendBinOp):
1636         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1637         (JSC::B3::Air::LowerToAir::acceptInternals):
1638         * b3/B3UseCounts.cpp:
1639         (JSC::B3::UseCounts::UseCounts):
1640
1641 2015-10-28  Mark Lam  <mark.lam@apple.com>
1642
1643         JITSubGenerator::generateFastPath() does not need to be inlined.
1644         https://bugs.webkit.org/show_bug.cgi?id=150645
1645
1646         Reviewed by Geoffrey Garen.
1647
1648         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
1649         perf neutral.
1650
1651         * CMakeLists.txt:
1652         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1653         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1654         * JavaScriptCore.xcodeproj/project.pbxproj:
1655         * ftl/FTLCompile.cpp:
1656         * jit/JITSubGenerator.cpp: Added.
1657         (JSC::JITSubGenerator::generateFastPath):
1658         * jit/JITSubGenerator.h:
1659         (JSC::JITSubGenerator::JITSubGenerator):
1660         (JSC::JITSubGenerator::endJumpList):
1661         (JSC::JITSubGenerator::slowPathJumpList):
1662         (JSC::JITSubGenerator::generateFastPath): Deleted.
1663
1664 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1665
1666         [B3] handleCommutativity should canonicalize commutative operations over non-constants
1667         https://bugs.webkit.org/show_bug.cgi?id=150649
1668
1669         Reviewed by Saam Barati.
1670
1671         Turn this: Add(value1, value2)
1672         Into this: Add(value2, value1)
1673
1674         But ony if value2 should come before value1 according to our total ordering. This will allow
1675         CSE to observe the equality between commuted versions of the same operation, since we will
1676         first canonicalize them into the same order.
1677
1678         * b3/B3ReduceStrength.cpp:
1679
1680 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1681
1682         Unreviewed, fix the build for case sensitive file systems.
1683
1684         * b3/air/AirBasicBlock.h:
1685         * b3/air/AirStackSlot.h:
1686
1687 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1688
1689         Create a super rough prototype of B3
1690         https://bugs.webkit.org/show_bug.cgi?id=150280
1691
1692         Reviewed by Benjamin Poulain.
1693
1694         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
1695         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
1696         for aggressive C-level optimizations and an awesome portable backend. The backend, called
1697         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
1698         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
1699         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
1700         instruction selection, reflectively selects Air opcodes by querying which instruction forms
1701         are possible. Air allows for optimal register allocation and stack layout. Currently the
1702         register allocator isn't written, but the stack layout is.
1703
1704         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
1705         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
1706         stuff added to the instruction selector. But it's a neat start.
1707
1708         * CMakeLists.txt:
1709         * DerivedSources.make:
1710         * JavaScriptCore.xcodeproj/project.pbxproj:
1711         * assembler/MacroAssembler.cpp:
1712         (WTF::printInternal):
1713         * assembler/MacroAssembler.h:
1714         * b3: Added.
1715         * b3/B3AddressMatcher.patterns: Added.
1716         * b3/B3ArgumentRegValue.cpp: Added.
1717         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
1718         (JSC::B3::ArgumentRegValue::dumpMeta):
1719         * b3/B3ArgumentRegValue.h: Added.
1720         * b3/B3BasicBlock.cpp: Added.
1721         (JSC::B3::BasicBlock::BasicBlock):
1722         (JSC::B3::BasicBlock::~BasicBlock):
1723         (JSC::B3::BasicBlock::append):
1724         (JSC::B3::BasicBlock::addPredecessor):
1725         (JSC::B3::BasicBlock::removePredecessor):
1726         (JSC::B3::BasicBlock::replacePredecessor):
1727         (JSC::B3::BasicBlock::removeNops):
1728         (JSC::B3::BasicBlock::dump):
1729         (JSC::B3::BasicBlock::deepDump):
1730         * b3/B3BasicBlock.h: Added.
1731         (JSC::B3::BasicBlock::index):
1732         (JSC::B3::BasicBlock::begin):
1733         (JSC::B3::BasicBlock::end):
1734         (JSC::B3::BasicBlock::size):
1735         (JSC::B3::BasicBlock::at):
1736         (JSC::B3::BasicBlock::last):
1737         (JSC::B3::BasicBlock::values):
1738         (JSC::B3::BasicBlock::numPredecessors):
1739         (JSC::B3::BasicBlock::predecessor):
1740         (JSC::B3::BasicBlock::predecessors):
1741         (JSC::B3::BasicBlock::frequency):
1742         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
1743         (JSC::B3::DeepBasicBlockDump::dump):
1744         (JSC::B3::deepDump):
1745         * b3/B3BasicBlockInlines.h: Added.
1746         (JSC::B3::BasicBlock::appendNew):
1747         (JSC::B3::BasicBlock::numSuccessors):
1748         (JSC::B3::BasicBlock::successor):
1749         (JSC::B3::BasicBlock::successors):
1750         (JSC::B3::BasicBlock::successorBlock):
1751         (JSC::B3::BasicBlock::successorBlocks):
1752         * b3/B3BasicBlockUtils.h: Added.
1753         (JSC::B3::addPredecessor):
1754         (JSC::B3::removePredecessor):
1755         (JSC::B3::replacePredecessor):
1756         (JSC::B3::resetReachability):
1757         (JSC::B3::blocksInPreOrder):
1758         (JSC::B3::blocksInPostOrder):
1759         * b3/B3BlockWorklist.h: Added.
1760         * b3/B3CheckSpecial.cpp: Added.
1761         (JSC::B3::Air::numB3Args):
1762         (JSC::B3::CheckSpecial::CheckSpecial):
1763         (JSC::B3::CheckSpecial::~CheckSpecial):
1764         (JSC::B3::CheckSpecial::hiddenBranch):
1765         (JSC::B3::CheckSpecial::forEachArg):
1766         (JSC::B3::CheckSpecial::isValid):
1767         (JSC::B3::CheckSpecial::admitsStack):
1768         (JSC::B3::CheckSpecial::generate):
1769         (JSC::B3::CheckSpecial::dumpImpl):
1770         (JSC::B3::CheckSpecial::deepDumpImpl):
1771         * b3/B3CheckSpecial.h: Added.
1772         * b3/B3CheckValue.cpp: Added.
1773         (JSC::B3::CheckValue::~CheckValue):
1774         (JSC::B3::CheckValue::dumpMeta):
1775         * b3/B3CheckValue.h: Added.
1776         * b3/B3Common.cpp: Added.
1777         (JSC::B3::shouldDumpIR):
1778         (JSC::B3::shouldDumpIRAtEachPhase):
1779         (JSC::B3::shouldValidateIR):
1780         (JSC::B3::shouldValidateIRAtEachPhase):
1781         (JSC::B3::shouldSaveIRBeforePhase):
1782         * b3/B3Common.h: Added.
1783         (JSC::B3::is64Bit):
1784         (JSC::B3::is32Bit):
1785         * b3/B3Commutativity.cpp: Added.
1786         (WTF::printInternal):
1787         * b3/B3Commutativity.h: Added.
1788         * b3/B3Const32Value.cpp: Added.
1789         (JSC::B3::Const32Value::~Const32Value):
1790         (JSC::B3::Const32Value::negConstant):
1791         (JSC::B3::Const32Value::addConstant):
1792         (JSC::B3::Const32Value::subConstant):
1793         (JSC::B3::Const32Value::dumpMeta):
1794         * b3/B3Const32Value.h: Added.
1795         * b3/B3Const64Value.cpp: Added.
1796         (JSC::B3::Const64Value::~Const64Value):
1797         (JSC::B3::Const64Value::negConstant):
1798         (JSC::B3::Const64Value::addConstant):
1799         (JSC::B3::Const64Value::subConstant):
1800         (JSC::B3::Const64Value::dumpMeta):
1801         * b3/B3Const64Value.h: Added.
1802         * b3/B3ConstDoubleValue.cpp: Added.
1803         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
1804         (JSC::B3::ConstDoubleValue::negConstant):
1805         (JSC::B3::ConstDoubleValue::addConstant):
1806         (JSC::B3::ConstDoubleValue::subConstant):
1807         (JSC::B3::ConstDoubleValue::dumpMeta):
1808         * b3/B3ConstDoubleValue.h: Added.
1809         (JSC::B3::ConstDoubleValue::accepts):
1810         (JSC::B3::ConstDoubleValue::value):
1811         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
1812         * b3/B3ConstPtrValue.h: Added.
1813         (JSC::B3::ConstPtrValue::value):
1814         (JSC::B3::ConstPtrValue::ConstPtrValue):
1815         * b3/B3ControlValue.cpp: Added.
1816         (JSC::B3::ControlValue::~ControlValue):
1817         (JSC::B3::ControlValue::dumpMeta):
1818         * b3/B3ControlValue.h: Added.
1819         * b3/B3Effects.cpp: Added.
1820         (JSC::B3::Effects::dump):
1821         * b3/B3Effects.h: Added.
1822         (JSC::B3::Effects::mustExecute):
1823         * b3/B3FrequencyClass.cpp: Added.
1824         (WTF::printInternal):
1825         * b3/B3FrequencyClass.h: Added.
1826         * b3/B3FrequentedBlock.h: Added.
1827         * b3/B3Generate.cpp: Added.
1828         (JSC::B3::generate):
1829         (JSC::B3::generateToAir):
1830         * b3/B3Generate.h: Added.
1831         * b3/B3GenericFrequentedBlock.h: Added.
1832         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
1833         (JSC::B3::GenericFrequentedBlock::operator==):
1834         (JSC::B3::GenericFrequentedBlock::operator!=):
1835         (JSC::B3::GenericFrequentedBlock::operator bool):
1836         (JSC::B3::GenericFrequentedBlock::block):
1837         (JSC::B3::GenericFrequentedBlock::frequency):
1838         (JSC::B3::GenericFrequentedBlock::dump):
1839         * b3/B3HeapRange.cpp: Added.
1840         (JSC::B3::HeapRange::dump):
1841         * b3/B3HeapRange.h: Added.
1842         (JSC::B3::HeapRange::HeapRange):
1843         (JSC::B3::HeapRange::top):
1844         (JSC::B3::HeapRange::operator==):
1845         (JSC::B3::HeapRange::operator!=):
1846         (JSC::B3::HeapRange::operator bool):
1847         (JSC::B3::HeapRange::begin):
1848         (JSC::B3::HeapRange::end):
1849         (JSC::B3::HeapRange::overlaps):
1850         * b3/B3IndexMap.h: Added.
1851         (JSC::B3::IndexMap::IndexMap):
1852         (JSC::B3::IndexMap::resize):
1853         (JSC::B3::IndexMap::operator[]):
1854         * b3/B3IndexSet.h: Added.
1855         (JSC::B3::IndexSet::IndexSet):
1856         (JSC::B3::IndexSet::add):
1857         (JSC::B3::IndexSet::contains):
1858         (JSC::B3::IndexSet::Iterable::Iterable):
1859         (JSC::B3::IndexSet::Iterable::iterator::iterator):
1860         (JSC::B3::IndexSet::Iterable::iterator::operator*):
1861         (JSC::B3::IndexSet::Iterable::iterator::operator++):
1862         (JSC::B3::IndexSet::Iterable::iterator::operator==):
1863         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
1864         (JSC::B3::IndexSet::Iterable::begin):
1865         (JSC::B3::IndexSet::Iterable::end):
1866         (JSC::B3::IndexSet::values):
1867         (JSC::B3::IndexSet::indices):
1868         (JSC::B3::IndexSet::dump):
1869         * b3/B3InsertionSet.cpp: Added.
1870         (JSC::B3::InsertionSet::execute):
1871         * b3/B3InsertionSet.h: Added.
1872         (JSC::B3::InsertionSet::InsertionSet):
1873         (JSC::B3::InsertionSet::code):
1874         (JSC::B3::InsertionSet::appendInsertion):
1875         (JSC::B3::InsertionSet::insertValue):
1876         * b3/B3InsertionSetInlines.h: Added.
1877         (JSC::B3::InsertionSet::insert):
1878         * b3/B3LowerToAir.cpp: Added.
1879         (JSC::B3::Air::LowerToAir::LowerToAir):
1880         (JSC::B3::Air::LowerToAir::run):
1881         (JSC::B3::Air::LowerToAir::tmp):
1882         (JSC::B3::Air::LowerToAir::effectiveAddr):
1883         (JSC::B3::Air::LowerToAir::addr):
1884         (JSC::B3::Air::LowerToAir::loadAddr):
1885         (JSC::B3::Air::LowerToAir::imm):
1886         (JSC::B3::Air::LowerToAir::immOrTmp):
1887         (JSC::B3::Air::LowerToAir::appendBinOp):
1888         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1889         (JSC::B3::Air::LowerToAir::moveForType):
1890         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
1891         (JSC::B3::Air::LowerToAir::append):
1892         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
1893         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1894         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
1895         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
1896         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
1897         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
1898         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
1899         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
1900         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
1901         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1902         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1903         (JSC::B3::Air::LowerToAir::acceptRoot):
1904         (JSC::B3::Air::LowerToAir::acceptRootLate):
1905         (JSC::B3::Air::LowerToAir::acceptInternals):
1906         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
1907         (JSC::B3::Air::LowerToAir::acceptOperands):
1908         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
1909         (JSC::B3::Air::LowerToAir::tryLoad):
1910         (JSC::B3::Air::LowerToAir::tryAdd):
1911         (JSC::B3::Air::LowerToAir::tryAnd):
1912         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1913         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
1914         (JSC::B3::Air::LowerToAir::tryStore):
1915         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
1916         (JSC::B3::Air::LowerToAir::tryTrunc):
1917         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1918         (JSC::B3::Air::LowerToAir::tryConst32):
1919         (JSC::B3::Air::LowerToAir::tryConst64):
1920         (JSC::B3::Air::LowerToAir::tryIdentity):
1921         (JSC::B3::Air::LowerToAir::tryReturn):
1922         (JSC::B3::lowerToAir):
1923         * b3/B3LowerToAir.h: Added.
1924         * b3/B3LoweringMatcher.patterns: Added.
1925         * b3/B3MemoryValue.cpp: Added.
1926         (JSC::B3::MemoryValue::~MemoryValue):
1927         (JSC::B3::MemoryValue::dumpMeta):
1928         * b3/B3MemoryValue.h: Added.
1929         * b3/B3Opcode.cpp: Added.
1930         (WTF::printInternal):
1931         * b3/B3Opcode.h: Added.
1932         (JSC::B3::isCheckMath):
1933         * b3/B3Origin.cpp: Added.
1934         (JSC::B3::Origin::dump):
1935         * b3/B3Origin.h: Added.
1936         (JSC::B3::Origin::Origin):
1937         (JSC::B3::Origin::operator bool):
1938         (JSC::B3::Origin::data):
1939         * b3/B3PatchpointSpecial.cpp: Added.
1940         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
1941         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
1942         (JSC::B3::PatchpointSpecial::forEachArg):
1943         (JSC::B3::PatchpointSpecial::isValid):
1944         (JSC::B3::PatchpointSpecial::admitsStack):
1945         (JSC::B3::PatchpointSpecial::generate):
1946         (JSC::B3::PatchpointSpecial::dumpImpl):
1947         (JSC::B3::PatchpointSpecial::deepDumpImpl):
1948         * b3/B3PatchpointSpecial.h: Added.
1949         * b3/B3PatchpointValue.cpp: Added.
1950         (JSC::B3::PatchpointValue::~PatchpointValue):
1951         (JSC::B3::PatchpointValue::dumpMeta):
1952         * b3/B3PatchpointValue.h: Added.
1953         (JSC::B3::PatchpointValue::accepts):
1954         (JSC::B3::PatchpointValue::PatchpointValue):
1955         * b3/B3PhaseScope.cpp: Added.
1956         (JSC::B3::PhaseScope::PhaseScope):
1957         (JSC::B3::PhaseScope::~PhaseScope):
1958         * b3/B3PhaseScope.h: Added.
1959         * b3/B3Procedure.cpp: Added.
1960         (JSC::B3::Procedure::Procedure):
1961         (JSC::B3::Procedure::~Procedure):
1962         (JSC::B3::Procedure::addBlock):
1963         (JSC::B3::Procedure::resetReachability):
1964         (JSC::B3::Procedure::dump):
1965         (JSC::B3::Procedure::blocksInPreOrder):
1966         (JSC::B3::Procedure::blocksInPostOrder):
1967         * b3/B3Procedure.h: Added.
1968         (JSC::B3::Procedure::size):
1969         (JSC::B3::Procedure::at):
1970         (JSC::B3::Procedure::operator[]):
1971         (JSC::B3::Procedure::iterator::iterator):
1972         (JSC::B3::Procedure::iterator::operator*):
1973         (JSC::B3::Procedure::iterator::operator++):
1974         (JSC::B3::Procedure::iterator::operator==):
1975         (JSC::B3::Procedure::iterator::operator!=):
1976         (JSC::B3::Procedure::iterator::findNext):
1977         (JSC::B3::Procedure::begin):
1978         (JSC::B3::Procedure::end):
1979         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
1980         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
1981         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
1982         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
1983         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
1984         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
1985         (JSC::B3::Procedure::ValuesCollection::begin):
1986         (JSC::B3::Procedure::ValuesCollection::end):
1987         (JSC::B3::Procedure::ValuesCollection::size):
1988         (JSC::B3::Procedure::ValuesCollection::at):
1989         (JSC::B3::Procedure::ValuesCollection::operator[]):
1990         (JSC::B3::Procedure::values):
1991         (JSC::B3::Procedure::setLastPhaseName):
1992         (JSC::B3::Procedure::lastPhaseName):
1993         * b3/B3ProcedureInlines.h: Added.
1994         (JSC::B3::Procedure::add):
1995         * b3/B3ReduceStrength.cpp: Added.
1996         (JSC::B3::reduceStrength):
1997         * b3/B3ReduceStrength.h: Added.
1998         * b3/B3StackSlotKind.cpp: Added.
1999         (WTF::printInternal):
2000         * b3/B3StackSlotKind.h: Added.
2001         * b3/B3StackSlotValue.cpp: Added.
2002         (JSC::B3::StackSlotValue::~StackSlotValue):
2003         (JSC::B3::StackSlotValue::dumpMeta):
2004         * b3/B3StackSlotValue.h: Added.
2005         (JSC::B3::StackSlotValue::accepts):
2006         (JSC::B3::StackSlotValue::byteSize):
2007         (JSC::B3::StackSlotValue::kind):
2008         (JSC::B3::StackSlotValue::offsetFromFP):
2009         (JSC::B3::StackSlotValue::setOffsetFromFP):
2010         (JSC::B3::StackSlotValue::StackSlotValue):
2011         * b3/B3Stackmap.cpp: Added.
2012         (JSC::B3::Stackmap::Stackmap):
2013         (JSC::B3::Stackmap::~Stackmap):
2014         (JSC::B3::Stackmap::dump):
2015         * b3/B3Stackmap.h: Added.
2016         (JSC::B3::Stackmap::constrain):
2017         (JSC::B3::Stackmap::reps):
2018         (JSC::B3::Stackmap::clobber):
2019         (JSC::B3::Stackmap::clobbered):
2020         (JSC::B3::Stackmap::setGenerator):
2021         * b3/B3StackmapSpecial.cpp: Added.
2022         (JSC::B3::StackmapSpecial::StackmapSpecial):
2023         (JSC::B3::StackmapSpecial::~StackmapSpecial):
2024         (JSC::B3::StackmapSpecial::reportUsedRegisters):
2025         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2026         (JSC::B3::StackmapSpecial::forEachArgImpl):
2027         (JSC::B3::StackmapSpecial::isValidImpl):
2028         (JSC::B3::StackmapSpecial::admitsStackImpl):
2029         (JSC::B3::StackmapSpecial::appendRepsImpl):
2030         (JSC::B3::StackmapSpecial::repForArg):
2031         * b3/B3StackmapSpecial.h: Added.
2032         * b3/B3SuccessorCollection.h: Added.
2033         (JSC::B3::SuccessorCollection::SuccessorCollection):
2034         (JSC::B3::SuccessorCollection::size):
2035         (JSC::B3::SuccessorCollection::at):
2036         (JSC::B3::SuccessorCollection::operator[]):
2037         (JSC::B3::SuccessorCollection::iterator::iterator):
2038         (JSC::B3::SuccessorCollection::iterator::operator*):
2039         (JSC::B3::SuccessorCollection::iterator::operator++):
2040         (JSC::B3::SuccessorCollection::iterator::operator==):
2041         (JSC::B3::SuccessorCollection::iterator::operator!=):
2042         (JSC::B3::SuccessorCollection::begin):
2043         (JSC::B3::SuccessorCollection::end):
2044         * b3/B3SwitchCase.cpp: Added.
2045         (JSC::B3::SwitchCase::dump):
2046         * b3/B3SwitchCase.h: Added.
2047         (JSC::B3::SwitchCase::SwitchCase):
2048         (JSC::B3::SwitchCase::operator bool):
2049         (JSC::B3::SwitchCase::caseValue):
2050         (JSC::B3::SwitchCase::target):
2051         (JSC::B3::SwitchCase::targetBlock):
2052         * b3/B3SwitchValue.cpp: Added.
2053         (JSC::B3::SwitchValue::~SwitchValue):
2054         (JSC::B3::SwitchValue::removeCase):
2055         (JSC::B3::SwitchValue::appendCase):
2056         (JSC::B3::SwitchValue::dumpMeta):
2057         (JSC::B3::SwitchValue::SwitchValue):
2058         * b3/B3SwitchValue.h: Added.
2059         (JSC::B3::SwitchValue::accepts):
2060         (JSC::B3::SwitchValue::numCaseValues):
2061         (JSC::B3::SwitchValue::caseValue):
2062         (JSC::B3::SwitchValue::caseValues):
2063         (JSC::B3::SwitchValue::fallThrough):
2064         (JSC::B3::SwitchValue::size):
2065         (JSC::B3::SwitchValue::at):
2066         (JSC::B3::SwitchValue::operator[]):
2067         (JSC::B3::SwitchValue::iterator::iterator):
2068         (JSC::B3::SwitchValue::iterator::operator*):
2069         (JSC::B3::SwitchValue::iterator::operator++):
2070         (JSC::B3::SwitchValue::iterator::operator==):
2071         (JSC::B3::SwitchValue::iterator::operator!=):
2072         (JSC::B3::SwitchValue::begin):
2073         (JSC::B3::SwitchValue::end):
2074         * b3/B3Type.cpp: Added.
2075         (WTF::printInternal):
2076         * b3/B3Type.h: Added.
2077         (JSC::B3::isInt):
2078         (JSC::B3::isFloat):
2079         (JSC::B3::pointerType):
2080         * b3/B3UpsilonValue.cpp: Added.
2081         (JSC::B3::UpsilonValue::~UpsilonValue):
2082         (JSC::B3::UpsilonValue::dumpMeta):
2083         * b3/B3UpsilonValue.h: Added.
2084         (JSC::B3::UpsilonValue::accepts):
2085         (JSC::B3::UpsilonValue::phi):
2086         (JSC::B3::UpsilonValue::UpsilonValue):
2087         * b3/B3UseCounts.cpp: Added.
2088         (JSC::B3::UseCounts::UseCounts):
2089         (JSC::B3::UseCounts::~UseCounts):
2090         * b3/B3UseCounts.h: Added.
2091         (JSC::B3::UseCounts::operator[]):
2092         * b3/B3Validate.cpp: Added.
2093         (JSC::B3::validate):
2094         * b3/B3Validate.h: Added.
2095         * b3/B3Value.cpp: Added.
2096         (JSC::B3::Value::~Value):
2097         (JSC::B3::Value::replaceWithIdentity):
2098         (JSC::B3::Value::replaceWithNop):
2099         (JSC::B3::Value::dump):
2100         (JSC::B3::Value::deepDump):
2101         (JSC::B3::Value::negConstant):
2102         (JSC::B3::Value::addConstant):
2103         (JSC::B3::Value::subConstant):
2104         (JSC::B3::Value::effects):
2105         (JSC::B3::Value::performSubstitution):
2106         (JSC::B3::Value::dumpMeta):
2107         (JSC::B3::Value::typeFor):
2108         * b3/B3Value.h: Added.
2109         (JSC::B3::DeepValueDump::DeepValueDump):
2110         (JSC::B3::DeepValueDump::dump):
2111         (JSC::B3::deepDump):
2112         * b3/B3ValueInlines.h: Added.
2113         (JSC::B3::Value::as):
2114         (JSC::B3::Value::isConstant):
2115         (JSC::B3::Value::hasInt32):
2116         (JSC::B3::Value::asInt32):
2117         (JSC::B3::Value::hasInt64):
2118         (JSC::B3::Value::asInt64):
2119         (JSC::B3::Value::hasInt):
2120         (JSC::B3::Value::asInt):
2121         (JSC::B3::Value::isInt):
2122         (JSC::B3::Value::hasIntPtr):
2123         (JSC::B3::Value::asIntPtr):
2124         (JSC::B3::Value::hasDouble):
2125         (JSC::B3::Value::asDouble):
2126         (JSC::B3::Value::stackmap):
2127         * b3/B3ValueRep.cpp: Added.
2128         (JSC::B3::ValueRep::dump):
2129         (WTF::printInternal):
2130         * b3/B3ValueRep.h: Added.
2131         (JSC::B3::ValueRep::ValueRep):
2132         (JSC::B3::ValueRep::reg):
2133         (JSC::B3::ValueRep::stack):
2134         (JSC::B3::ValueRep::stackArgument):
2135         (JSC::B3::ValueRep::constant):
2136         (JSC::B3::ValueRep::constantDouble):
2137         (JSC::B3::ValueRep::kind):
2138         (JSC::B3::ValueRep::operator bool):
2139         (JSC::B3::ValueRep::offsetFromFP):
2140         (JSC::B3::ValueRep::offsetFromSP):
2141         (JSC::B3::ValueRep::value):
2142         (JSC::B3::ValueRep::doubleValue):
2143         * b3/air: Added.
2144         * b3/air/AirAllocateStack.cpp: Added.
2145         (JSC::B3::Air::allocateStack):
2146         * b3/air/AirAllocateStack.h: Added.
2147         * b3/air/AirArg.cpp: Added.
2148         (JSC::B3::Air::Arg::dump):
2149         * b3/air/AirArg.h: Added.
2150         (JSC::B3::Air::Arg::isUse):
2151         (JSC::B3::Air::Arg::isDef):
2152         (JSC::B3::Air::Arg::typeForB3Type):
2153         (JSC::B3::Air::Arg::Arg):
2154         (JSC::B3::Air::Arg::imm):
2155         (JSC::B3::Air::Arg::imm64):
2156         (JSC::B3::Air::Arg::addr):
2157         (JSC::B3::Air::Arg::stack):
2158         (JSC::B3::Air::Arg::callArg):
2159         (JSC::B3::Air::Arg::isValidScale):
2160         (JSC::B3::Air::Arg::logScale):
2161         (JSC::B3::Air::Arg::index):
2162         (JSC::B3::Air::Arg::relCond):
2163         (JSC::B3::Air::Arg::resCond):
2164         (JSC::B3::Air::Arg::special):
2165         (JSC::B3::Air::Arg::operator==):
2166         (JSC::B3::Air::Arg::operator!=):
2167         (JSC::B3::Air::Arg::operator bool):
2168         (JSC::B3::Air::Arg::kind):
2169         (JSC::B3::Air::Arg::isTmp):
2170         (JSC::B3::Air::Arg::isImm):
2171         (JSC::B3::Air::Arg::isImm64):
2172         (JSC::B3::Air::Arg::isAddr):
2173         (JSC::B3::Air::Arg::isStack):
2174         (JSC::B3::Air::Arg::isCallArg):
2175         (JSC::B3::Air::Arg::isIndex):
2176         (JSC::B3::Air::Arg::isRelCond):
2177         (JSC::B3::Air::Arg::isResCond):
2178         (JSC::B3::Air::Arg::isSpecial):
2179         (JSC::B3::Air::Arg::isAlive):
2180         (JSC::B3::Air::Arg::tmp):
2181         (JSC::B3::Air::Arg::value):
2182         (JSC::B3::Air::Arg::pointerValue):
2183         (JSC::B3::Air::Arg::base):
2184         (JSC::B3::Air::Arg::hasOffset):
2185         (JSC::B3::Air::Arg::offset):
2186         (JSC::B3::Air::Arg::stackSlot):
2187         (JSC::B3::Air::Arg::scale):
2188         (JSC::B3::Air::Arg::isGPTmp):
2189         (JSC::B3::Air::Arg::isFPTmp):
2190         (JSC::B3::Air::Arg::isGP):
2191         (JSC::B3::Air::Arg::isFP):
2192         (JSC::B3::Air::Arg::hasType):
2193         (JSC::B3::Air::Arg::type):
2194         (JSC::B3::Air::Arg::isType):
2195         (JSC::B3::Air::Arg::isGPR):
2196         (JSC::B3::Air::Arg::gpr):
2197         (JSC::B3::Air::Arg::isFPR):
2198         (JSC::B3::Air::Arg::fpr):
2199         (JSC::B3::Air::Arg::isReg):
2200         (JSC::B3::Air::Arg::reg):
2201         (JSC::B3::Air::Arg::gpTmpIndex):
2202         (JSC::B3::Air::Arg::fpTmpIndex):
2203         (JSC::B3::Air::Arg::tmpIndex):
2204         (JSC::B3::Air::Arg::withOffset):
2205         (JSC::B3::Air::Arg::forEachTmpFast):
2206         (JSC::B3::Air::Arg::forEachTmp):
2207         (JSC::B3::Air::Arg::asTrustedImm32):
2208         (JSC::B3::Air::Arg::asTrustedImm64):
2209         (JSC::B3::Air::Arg::asTrustedImmPtr):
2210         (JSC::B3::Air::Arg::asAddress):
2211         (JSC::B3::Air::Arg::asBaseIndex):
2212         (JSC::B3::Air::Arg::asRelationalCondition):
2213         (JSC::B3::Air::Arg::asResultCondition):
2214         (JSC::B3::Air::Arg::isHashTableDeletedValue):
2215         (JSC::B3::Air::Arg::hash):
2216         (JSC::B3::Air::ArgHash::hash):
2217         (JSC::B3::Air::ArgHash::equal):
2218         * b3/air/AirBasicBlock.cpp: Added.
2219         (JSC::B3::Air::BasicBlock::addPredecessor):
2220         (JSC::B3::Air::BasicBlock::removePredecessor):
2221         (JSC::B3::Air::BasicBlock::replacePredecessor):
2222         (JSC::B3::Air::BasicBlock::dump):
2223         (JSC::B3::Air::BasicBlock::deepDump):
2224         (JSC::B3::Air::BasicBlock::BasicBlock):
2225         * b3/air/AirBasicBlock.h: Added.
2226         (JSC::B3::Air::BasicBlock::index):
2227         (JSC::B3::Air::BasicBlock::size):
2228         (JSC::B3::Air::BasicBlock::begin):
2229         (JSC::B3::Air::BasicBlock::end):
2230         (JSC::B3::Air::BasicBlock::at):
2231         (JSC::B3::Air::BasicBlock::last):
2232         (JSC::B3::Air::BasicBlock::appendInst):
2233         (JSC::B3::Air::BasicBlock::append):
2234         (JSC::B3::Air::BasicBlock::numSuccessors):
2235         (JSC::B3::Air::BasicBlock::successor):
2236         (JSC::B3::Air::BasicBlock::successors):
2237         (JSC::B3::Air::BasicBlock::successorBlock):
2238         (JSC::B3::Air::BasicBlock::successorBlocks):
2239         (JSC::B3::Air::BasicBlock::numPredecessors):
2240         (JSC::B3::Air::BasicBlock::predecessor):
2241         (JSC::B3::Air::BasicBlock::predecessors):
2242         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
2243         (JSC::B3::Air::DeepBasicBlockDump::dump):
2244         (JSC::B3::Air::deepDump):
2245         * b3/air/AirCCallSpecial.cpp: Added.
2246         (JSC::B3::Air::CCallSpecial::CCallSpecial):
2247         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
2248         (JSC::B3::Air::CCallSpecial::forEachArg):
2249         (JSC::B3::Air::CCallSpecial::isValid):
2250         (JSC::B3::Air::CCallSpecial::admitsStack):
2251         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
2252         (JSC::B3::Air::CCallSpecial::generate):
2253         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2254         (JSC::B3::Air::CCallSpecial::dumpImpl):
2255         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
2256         * b3/air/AirCCallSpecial.h: Added.
2257         * b3/air/AirCode.cpp: Added.
2258         (JSC::B3::Air::Code::Code):
2259         (JSC::B3::Air::Code::~Code):
2260         (JSC::B3::Air::Code::addBlock):
2261         (JSC::B3::Air::Code::addStackSlot):
2262         (JSC::B3::Air::Code::addSpecial):
2263         (JSC::B3::Air::Code::cCallSpecial):
2264         (JSC::B3::Air::Code::resetReachability):
2265         (JSC::B3::Air::Code::dump):
2266         (JSC::B3::Air::Code::findFirstBlockIndex):
2267         (JSC::B3::Air::Code::findNextBlockIndex):
2268         (JSC::B3::Air::Code::findNextBlock):
2269         * b3/air/AirCode.h: Added.
2270         (JSC::B3::Air::Code::newTmp):
2271         (JSC::B3::Air::Code::numTmps):
2272         (JSC::B3::Air::Code::callArgAreaSize):
2273         (JSC::B3::Air::Code::requestCallArgAreaSize):
2274         (JSC::B3::Air::Code::frameSize):
2275         (JSC::B3::Air::Code::setFrameSize):
2276         (JSC::B3::Air::Code::calleeSaveRegisters):
2277         (JSC::B3::Air::Code::size):
2278         (JSC::B3::Air::Code::at):
2279         (JSC::B3::Air::Code::operator[]):
2280         (JSC::B3::Air::Code::iterator::iterator):
2281         (JSC::B3::Air::Code::iterator::operator*):
2282         (JSC::B3::Air::Code::iterator::operator++):
2283         (JSC::B3::Air::Code::iterator::operator==):
2284         (JSC::B3::Air::Code::iterator::operator!=):
2285         (JSC::B3::Air::Code::begin):
2286         (JSC::B3::Air::Code::end):
2287         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
2288         (JSC::B3::Air::Code::StackSlotsCollection::size):
2289         (JSC::B3::Air::Code::StackSlotsCollection::at):
2290         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
2291         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
2292         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
2293         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
2294         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
2295         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
2296         (JSC::B3::Air::Code::StackSlotsCollection::begin):
2297         (JSC::B3::Air::Code::StackSlotsCollection::end):
2298         (JSC::B3::Air::Code::stackSlots):
2299         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
2300         (JSC::B3::Air::Code::SpecialsCollection::size):
2301         (JSC::B3::Air::Code::SpecialsCollection::at):
2302         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
2303         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
2304         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
2305         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
2306         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
2307         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
2308         (JSC::B3::Air::Code::SpecialsCollection::begin):
2309         (JSC::B3::Air::Code::SpecialsCollection::end):
2310         (JSC::B3::Air::Code::specials):
2311         (JSC::B3::Air::Code::setLastPhaseName):
2312         (JSC::B3::Air::Code::lastPhaseName):
2313         * b3/air/AirFrequentedBlock.h: Added.
2314         * b3/air/AirGenerate.cpp: Added.
2315         (JSC::B3::Air::generate):
2316         * b3/air/AirGenerate.h: Added.
2317         * b3/air/AirGenerated.cpp: Added.
2318         * b3/air/AirGenerationContext.h: Added.
2319         * b3/air/AirHandleCalleeSaves.cpp: Added.
2320         (JSC::B3::Air::handleCalleeSaves):
2321         * b3/air/AirHandleCalleeSaves.h: Added.
2322         * b3/air/AirInsertionSet.cpp: Added.
2323         (JSC::B3::Air::InsertionSet::execute):
2324         * b3/air/AirInsertionSet.h: Added.
2325         (JSC::B3::Air::InsertionSet::InsertionSet):
2326         (JSC::B3::Air::InsertionSet::code):
2327         (JSC::B3::Air::InsertionSet::appendInsertion):
2328         (JSC::B3::Air::InsertionSet::insertInst):
2329         (JSC::B3::Air::InsertionSet::insert):
2330         * b3/air/AirInst.cpp: Added.
2331         (JSC::B3::Air::Inst::dump):
2332         * b3/air/AirInst.h: Added.
2333         (JSC::B3::Air::Inst::Inst):
2334         (JSC::B3::Air::Inst::opcode):
2335         (JSC::B3::Air::Inst::forEachTmpFast):
2336         (JSC::B3::Air::Inst::forEachTmp):
2337         * b3/air/AirInstInlines.h: Added.
2338         (JSC::B3::Air::ForEach<Tmp>::forEach):
2339         (JSC::B3::Air::ForEach<Arg>::forEach):
2340         (JSC::B3::Air::Inst::forEach):
2341         (JSC::B3::Air::Inst::hasSpecial):
2342         (JSC::B3::Air::Inst::extraClobberedRegs):
2343         (JSC::B3::Air::Inst::reportUsedRegisters):
2344         (JSC::B3::Air::isShiftValid):
2345         (JSC::B3::Air::isLshift32Valid):
2346         * b3/air/AirLiveness.h: Added.
2347         (JSC::B3::Air::Liveness::Liveness):
2348         (JSC::B3::Air::Liveness::liveAtHead):
2349         (JSC::B3::Air::Liveness::liveAtTail):
2350         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2351         (JSC::B3::Air::Liveness::LocalCalc::live):
2352         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
2353         (JSC::B3::Air::Liveness::LocalCalc::execute):
2354         * b3/air/AirOpcode.opcodes: Added.
2355         * b3/air/AirPhaseScope.cpp: Added.
2356         (JSC::B3::Air::PhaseScope::PhaseScope):
2357         (JSC::B3::Air::PhaseScope::~PhaseScope):
2358         * b3/air/AirPhaseScope.h: Added.
2359         * b3/air/AirRegisterPriority.cpp: Added.
2360         (JSC::B3::Air::gprsInPriorityOrder):
2361         (JSC::B3::Air::fprsInPriorityOrder):
2362         (JSC::B3::Air::regsInPriorityOrder):
2363         * b3/air/AirRegisterPriority.h: Added.
2364         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
2365         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
2366         (JSC::B3::Air::regsInPriorityOrder):
2367         * b3/air/AirSpecial.cpp: Added.
2368         (JSC::B3::Air::Special::Special):
2369         (JSC::B3::Air::Special::~Special):
2370         (JSC::B3::Air::Special::name):
2371         (JSC::B3::Air::Special::dump):
2372         (JSC::B3::Air::Special::deepDump):
2373         * b3/air/AirSpecial.h: Added.
2374         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
2375         (JSC::B3::Air::DeepSpecialDump::dump):
2376         (JSC::B3::Air::deepDump):
2377         * b3/air/AirSpillEverything.cpp: Added.
2378         (JSC::B3::Air::spillEverything):
2379         * b3/air/AirSpillEverything.h: Added.
2380         * b3/air/AirStackSlot.cpp: Added.
2381         (JSC::B3::Air::StackSlot::setOffsetFromFP):
2382         (JSC::B3::Air::StackSlot::dump):
2383         (JSC::B3::Air::StackSlot::deepDump):
2384         (JSC::B3::Air::StackSlot::StackSlot):
2385         * b3/air/AirStackSlot.h: Added.
2386         (JSC::B3::Air::StackSlot::byteSize):
2387         (JSC::B3::Air::StackSlot::kind):
2388         (JSC::B3::Air::StackSlot::index):
2389         (JSC::B3::Air::StackSlot::alignment):
2390         (JSC::B3::Air::StackSlot::value):
2391         (JSC::B3::Air::StackSlot::offsetFromFP):
2392         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
2393         (JSC::B3::Air::DeepStackSlotDump::dump):
2394         (JSC::B3::Air::deepDump):
2395         * b3/air/AirTmp.cpp: Added.
2396         (JSC::B3::Air::Tmp::dump):
2397         * b3/air/AirTmp.h: Added.
2398         (JSC::B3::Air::Tmp::Tmp):
2399         (JSC::B3::Air::Tmp::gpTmpForIndex):
2400         (JSC::B3::Air::Tmp::fpTmpForIndex):
2401         (JSC::B3::Air::Tmp::operator bool):
2402         (JSC::B3::Air::Tmp::isGP):
2403         (JSC::B3::Air::Tmp::isFP):
2404         (JSC::B3::Air::Tmp::isGPR):
2405         (JSC::B3::Air::Tmp::isFPR):
2406         (JSC::B3::Air::Tmp::isReg):
2407         (JSC::B3::Air::Tmp::gpr):
2408         (JSC::B3::Air::Tmp::fpr):
2409         (JSC::B3::Air::Tmp::reg):
2410         (JSC::B3::Air::Tmp::hasTmpIndex):
2411         (JSC::B3::Air::Tmp::gpTmpIndex):
2412         (JSC::B3::Air::Tmp::fpTmpIndex):
2413         (JSC::B3::Air::Tmp::tmpIndex):
2414         (JSC::B3::Air::Tmp::isAlive):
2415         (JSC::B3::Air::Tmp::operator==):
2416         (JSC::B3::Air::Tmp::operator!=):
2417         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
2418         (JSC::B3::Air::Tmp::hash):
2419         (JSC::B3::Air::Tmp::encodeGP):
2420         (JSC::B3::Air::Tmp::encodeFP):
2421         (JSC::B3::Air::Tmp::encodeGPR):
2422         (JSC::B3::Air::Tmp::encodeFPR):
2423         (JSC::B3::Air::Tmp::encodeGPTmp):
2424         (JSC::B3::Air::Tmp::encodeFPTmp):
2425         (JSC::B3::Air::Tmp::isEncodedGP):
2426         (JSC::B3::Air::Tmp::isEncodedFP):
2427         (JSC::B3::Air::Tmp::isEncodedGPR):
2428         (JSC::B3::Air::Tmp::isEncodedFPR):
2429         (JSC::B3::Air::Tmp::isEncodedGPTmp):
2430         (JSC::B3::Air::Tmp::isEncodedFPTmp):
2431         (JSC::B3::Air::Tmp::decodeGPR):
2432         (JSC::B3::Air::Tmp::decodeFPR):
2433         (JSC::B3::Air::Tmp::decodeGPTmp):
2434         (JSC::B3::Air::Tmp::decodeFPTmp):
2435         (JSC::B3::Air::TmpHash::hash):
2436         (JSC::B3::Air::TmpHash::equal):
2437         * b3/air/AirTmpInlines.h: Added.
2438         (JSC::B3::Air::Tmp::Tmp):
2439         * b3/air/AirValidate.cpp: Added.
2440         (JSC::B3::Air::validate):
2441         * b3/air/AirValidate.h: Added.
2442         * b3/air/opcode_generator.rb: Added.
2443         * b3/generate_pattern_matcher.rb: Added.
2444         * b3/testb3.cpp: Added.
2445         (JSC::B3::compileAndRun):
2446         (JSC::B3::test42):
2447         (JSC::B3::testLoad42):
2448         (JSC::B3::testArg):
2449         (JSC::B3::testAddArgs):
2450         (JSC::B3::testAddArgs32):
2451         (JSC::B3::testStore):
2452         (JSC::B3::testTrunc):
2453         (JSC::B3::testAdd1):
2454         (JSC::B3::testStoreAddLoad):
2455         (JSC::B3::testStoreAddAndLoad):
2456         (JSC::B3::testAdd1Uncommuted):
2457         (JSC::B3::testLoadOffset):
2458         (JSC::B3::testLoadOffsetNotConstant):
2459         (JSC::B3::testLoadOffsetUsingAdd):
2460         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2461         (JSC::B3::run):
2462         (run):
2463         (main):
2464         * bytecode/CodeBlock.h:
2465         (JSC::CodeBlock::specializationKind):
2466         * jit/Reg.h:
2467         (JSC::Reg::index):
2468         (JSC::Reg::isSet):
2469         (JSC::Reg::operator bool):
2470         (JSC::Reg::isHashTableDeletedValue):
2471         (JSC::Reg::AllRegsIterable::iterator::iterator):
2472         (JSC::Reg::AllRegsIterable::iterator::operator*):
2473         (JSC::Reg::AllRegsIterable::iterator::operator++):
2474         (JSC::Reg::AllRegsIterable::iterator::operator==):
2475         (JSC::Reg::AllRegsIterable::iterator::operator!=):
2476         (JSC::Reg::AllRegsIterable::begin):
2477         (JSC::Reg::AllRegsIterable::end):
2478         (JSC::Reg::all):
2479         (JSC::Reg::invalid):
2480         (JSC::Reg::operator!): Deleted.
2481         * jit/RegisterAtOffsetList.cpp:
2482         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
2483         * jit/RegisterAtOffsetList.h:
2484         (JSC::RegisterAtOffsetList::clear):
2485         (JSC::RegisterAtOffsetList::size):
2486         (JSC::RegisterAtOffsetList::begin):
2487         (JSC::RegisterAtOffsetList::end):
2488         * jit/RegisterSet.h:
2489         (JSC::RegisterSet::operator==):
2490         (JSC::RegisterSet::hash):
2491         (JSC::RegisterSet::forEach):
2492         (JSC::RegisterSet::setAny):
2493
2494 2015-10-28  Mark Lam  <mark.lam@apple.com>
2495
2496         Rename MacroAssembler::callProbe() to probe().
2497         https://bugs.webkit.org/show_bug.cgi?id=150641
2498
2499         Reviewed by Saam Barati.
2500
2501         To do this, I needed to disambiguate between the low-level probe() from the
2502         high-level version that takes a std::function.  I did this by changing the low-
2503         level version to not take default args anymore.
2504
2505         * assembler/AbstractMacroAssembler.h:
2506         * assembler/MacroAssembler.cpp:
2507         (JSC::stdFunctionCallback):
2508         (JSC::MacroAssembler::probe):
2509         (JSC::MacroAssembler::callProbe): Deleted.
2510         * assembler/MacroAssembler.h:
2511         (JSC::MacroAssembler::urshift32):
2512         * assembler/MacroAssemblerARM.h:
2513         (JSC::MacroAssemblerARM::repatchCall):
2514         * assembler/MacroAssemblerARM64.h:
2515         (JSC::MacroAssemblerARM64::repatchCall):
2516         * assembler/MacroAssemblerARMv7.h:
2517         (JSC::MacroAssemblerARMv7::repatchCall):
2518         * assembler/MacroAssemblerPrinter.h:
2519         (JSC::MacroAssemblerPrinter::print):
2520         * assembler/MacroAssemblerX86Common.h:
2521         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
2522
2523 2015-10-28  Timothy Hatcher  <timothy@apple.com>
2524
2525         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
2526         https://bugs.webkit.org/show_bug.cgi?id=148728
2527
2528         Reviewed by Joseph Pecoraro.
2529
2530         * Scripts/jsmin.py:
2531         (JavascriptMinify.minify): Make backtick a quoting character.
2532
2533 2015-10-28  Brian Burg  <bburg@apple.com>
2534
2535         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
2536         https://bugs.webkit.org/show_bug.cgi?id=150536
2537
2538         Reviewed by Yusuke Suzuki.
2539
2540         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
2541         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
2542
2543         Generate primary header includes separately from secondary header includes so we can
2544         put the guard between the two header groups, as is customary in WebKit C++ code.
2545
2546         New tests:
2547
2548         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
2549         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
2550         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
2551
2552         * Scripts/builtins/builtins_generate_combined_implementation.py:
2553         (BuiltinsCombinedImplementationGenerator.generate_output):
2554         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
2555         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
2556         * Scripts/builtins/builtins_generate_separate_header.py:
2557         (BuiltinsSeparateHeaderGenerator.generate_output):
2558         (generate_secondary_header_includes):
2559         (generate_header_includes): Deleted.
2560         * Scripts/builtins/builtins_generate_separate_implementation.py:
2561         (BuiltinsSeparateImplementationGenerator.generate_output):
2562         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
2563         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
2564         * Scripts/builtins/builtins_generate_separate_wrapper.py:
2565         (BuiltinsSeparateWrapperGenerator.generate_output):
2566         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
2567         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
2568         * Scripts/builtins/builtins_generator.py:
2569         (BuiltinsGenerator.generate_includes_from_entries):
2570         (BuiltinsGenerator):
2571         (BuiltinsGenerator.generate_primary_header_includes):
2572         * Scripts/builtins/builtins_model.py:
2573         (BuiltinObject.__init__):
2574         (BuiltinsCollection.parse_builtins_file):
2575         (BuiltinsCollection._parse_annotations):
2576         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
2577         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
2578         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
2579         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
2580         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
2581         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
2582         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
2583         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
2584         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
2585         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2586         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2587         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2588         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2589
2590 2015-10-28  Mark Lam  <mark.lam@apple.com>
2591
2592         Update FTL to support UntypedUse operands for op_sub.
2593         https://bugs.webkit.org/show_bug.cgi?id=150562
2594
2595         Reviewed by Geoffrey Garen.
2596
2597         * assembler/MacroAssemblerARM64.h:
2598         - make the dataTempRegister and memoryTempRegister public so that we can
2599           move input registers out of them if needed.
2600
2601         * ftl/FTLCapabilities.cpp:
2602         (JSC::FTL::canCompile):
2603         - We can now compile ArithSub.
2604
2605         * ftl/FTLCompile.cpp:
2606         - Added BinaryArithGenerationContext to shuffle registers into a state that is
2607           expected by the baseline snippet generator.  This includes:
2608           1. Making sure that the input and output registers are not in the tag or
2609              scratch registers.
2610           2. Loading the tag registers with expected values.
2611           3. Restoring the registers to their original value on return.
2612         - Added code to implement the ArithSub inline cache.
2613
2614         * ftl/FTLInlineCacheDescriptor.h:
2615         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
2616         (JSC::FTL::ArithSubDescriptor::leftType):
2617         (JSC::FTL::ArithSubDescriptor::rightType):
2618
2619         * ftl/FTLInlineCacheSize.cpp:
2620         (JSC::FTL::sizeOfArithSub):
2621         * ftl/FTLInlineCacheSize.h:
2622
2623         * ftl/FTLLowerDFGToLLVM.cpp:
2624         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
2625         - Added handling for UnusedType for the ArithSub case.
2626
2627         * ftl/FTLState.h:
2628         * jit/GPRInfo.h:
2629         (JSC::GPRInfo::reservedRegisters):
2630
2631         * jit/JITSubGenerator.h:
2632         (JSC::JITSubGenerator::generateFastPath):
2633         - When the result is in the same as one of the input registers, we'll end up
2634           corrupting the input in fast path even if we determine that we need to go to
2635           the slow path.  We now move the input into the scratch register and operate
2636           on that instead and only move the result into the result register only after
2637           the fast path has succeeded.
2638
2639         * tests/stress/op_sub.js:
2640         (o1.valueOf):
2641         (runTest):
2642         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
2643
2644 2015-10-28  Mark Lam  <mark.lam@apple.com>
2645
2646         Fix a typo in ProbeContext::fpr().
2647         https://bugs.webkit.org/show_bug.cgi?id=150629
2648
2649         Reviewed by Yusuke Suzuki.
2650
2651         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
2652
2653         * assembler/AbstractMacroAssembler.h:
2654         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
2655
2656 2015-10-28  Mark Lam  <mark.lam@apple.com>
2657
2658         Add ability to print the PC register from JIT'ed code.
2659         https://bugs.webkit.org/show_bug.cgi?id=150561
2660
2661         Reviewed by Geoffrey Garen.
2662
2663         * assembler/MacroAssemblerPrinter.cpp:
2664         (JSC::printPC):
2665         (JSC::MacroAssemblerPrinter::printCallback):
2666         * assembler/MacroAssemblerPrinter.h:
2667         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
2668
2669 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2670
2671         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
2672         https://bugs.webkit.org/show_bug.cgi?id=150615
2673
2674         Reviewed by Timothy Hatcher.
2675
2676         * inspector/protocol/Timeline.json:
2677
2678 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2679
2680         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
2681         https://bugs.webkit.org/show_bug.cgi?id=150605
2682
2683         Reviewed by Timothy Hatcher.
2684
2685         * inspector/protocol/Timeline.json:
2686
2687 2015-10-27  Michael Saboff  <msaboff@apple.com>
2688
2689         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
2690         https://bugs.webkit.org/show_bug.cgi?id=150580
2691
2692         Reviewed by Mark Lam.
2693
2694         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
2695         them in the shuffler.
2696
2697         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
2698         as we could be making space to spill a register so that we have a spare that we can use for the new
2699         frame's base pointer.
2700
2701         * ftl/FTLJSTailCall.cpp:
2702         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
2703         arguments stored in the stack.
2704         * ftl/FTLLowerDFGToLLVM.cpp:
2705         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
2706         * jit/CallFrameShuffler.cpp:
2707         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
2708
2709 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2710
2711         [ES6] Add DFG/FTL support for accessor put operations
2712         https://bugs.webkit.org/show_bug.cgi?id=148860
2713
2714         Reviewed by Geoffrey Garen.
2715
2716         This patch introduces accessor defining ops into DFG and FTL.
2717         The following DFG nodes are introduced.
2718
2719             op_put_getter_by_id  => PutGetterById
2720             op_put_setter_by_id  => PutSetterById
2721             op_put_getter_setter => PutGetterSetterById
2722             op_put_getter_by_val => PutGetterByVal
2723             op_put_setter_by_val => PutSetterByVal
2724
2725         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
2726
2727         To use operations defined for baseline JIT, we clean up existing operations.
2728         And reuse these operations in DFG and FTL.
2729
2730         * dfg/DFGAbstractInterpreterInlines.h:
2731         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2732         * dfg/DFGByteCodeParser.cpp:
2733         (JSC::DFG::ByteCodeParser::parseBlock):
2734         * dfg/DFGCapabilities.cpp:
2735         (JSC::DFG::capabilityLevel):
2736         * dfg/DFGClobberize.h:
2737         (JSC::DFG::clobberize):
2738         * dfg/DFGDoesGC.cpp:
2739         (JSC::DFG::doesGC):
2740         * dfg/DFGFixupPhase.cpp:
2741         (JSC::DFG::FixupPhase::fixupNode):
2742         * dfg/DFGNode.h:
2743         (JSC::DFG::Node::hasIdentifier):
2744         (JSC::DFG::Node::hasAccessorAttributes):
2745         (JSC::DFG::Node::accessorAttributes):
2746         * dfg/DFGNodeType.h:
2747         * dfg/DFGPredictionPropagationPhase.cpp:
2748         (JSC::DFG::PredictionPropagationPhase::propagate):
2749         * dfg/DFGSafeToExecute.h:
2750         (JSC::DFG::safeToExecute):
2751         * dfg/DFGSpeculativeJIT.cpp:
2752         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
2753         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
2754         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
2755         We should fill all GPRs before calling flushRegisters().
2756         * dfg/DFGSpeculativeJIT.h:
2757         (JSC::DFG::SpeculativeJIT::callOperation):
2758         * dfg/DFGSpeculativeJIT32_64.cpp:
2759         (JSC::DFG::SpeculativeJIT::compile):
2760         * dfg/DFGSpeculativeJIT64.cpp:
2761         (JSC::DFG::SpeculativeJIT::compile):
2762         * ftl/FTLCapabilities.cpp:
2763         (JSC::FTL::canCompile):
2764         * ftl/FTLIntrinsicRepository.h:
2765         * ftl/FTLLowerDFGToLLVM.cpp:
2766         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2767         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
2768         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
2769         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
2770         * jit/JIT.h:
2771         * jit/JITInlines.h:
2772         (JSC::JIT::callOperation):
2773         * jit/JITOperations.cpp:
2774         * jit/JITOperations.h:
2775         * jit/JITPropertyAccess.cpp:
2776         (JSC::JIT::emit_op_put_getter_by_id):
2777         (JSC::JIT::emit_op_put_setter_by_id):
2778         (JSC::JIT::emit_op_put_getter_setter):
2779         * jit/JITPropertyAccess32_64.cpp:
2780         (JSC::JIT::emit_op_put_getter_by_id):
2781         (JSC::JIT::emit_op_put_setter_by_id):
2782         (JSC::JIT::emit_op_put_getter_setter):
2783         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
2784         (shouldBe):
2785         (testAttribute):
2786         (getter.Cocoa.prototype.get hello):
2787         (getter.Cocoa):
2788         (getter):
2789         (setter.Cocoa):
2790         (setter.Cocoa.prototype.set hello):
2791         (setter):
2792         (accessors.Cocoa):
2793         (accessors.Cocoa.prototype.get hello):
2794         (accessors.Cocoa.prototype.set hello):
2795         (accessors):
2796         * tests/stress/dfg-put-accessors-by-id.js: Added.
2797         (shouldBe):
2798         (testAttribute):
2799         (getter.object.get hello):
2800         (getter):
2801         (setter.object.set hello):
2802         (setter):
2803         (accessors.object.get hello):
2804         (accessors.object.set hello):
2805         (accessors):
2806         * tests/stress/dfg-put-getter-by-id-class.js: Added.
2807         (shouldBe):
2808         (testAttribute):
2809         (getter.Cocoa):
2810         (getter.Cocoa.prototype.get hello):
2811         (getter.Cocoa.prototype.get name):
2812         (getter):
2813         * tests/stress/dfg-put-getter-by-id.js: Added.
2814         (shouldBe):
2815         (testAttribute):
2816         (getter.object.get hello):
2817         (getter):
2818         * tests/stress/dfg-put-getter-by-val-class.js: Added.
2819         (shouldBe):
2820         (testAttribute):
2821         (getter.Cocoa):
2822         (getter.Cocoa.prototype.get name):
2823         (getter):
2824         * tests/stress/dfg-put-getter-by-val.js: Added.
2825         (shouldBe):
2826         (testAttribute):
2827         (getter.object.get name):
2828         (getter):
2829         * tests/stress/dfg-put-setter-by-id-class.js: Added.
2830         (shouldBe):
2831         (testAttribute):
2832         (getter.Cocoa):
2833         (getter.Cocoa.prototype.set hello):
2834         (getter.Cocoa.prototype.get name):
2835         (getter):
2836         * tests/stress/dfg-put-setter-by-id.js: Added.
2837         (shouldBe):
2838         (testAttribute):
2839         (setter.object.set hello):
2840         (setter):
2841         * tests/stress/dfg-put-setter-by-val-class.js: Added.
2842         (shouldBe):
2843         (testAttribute):
2844         (setter.Cocoa):
2845         (setter.Cocoa.prototype.set name):
2846         (setter):
2847         * tests/stress/dfg-put-setter-by-val.js: Added.
2848         (shouldBe):
2849         (testAttribute):
2850         (setter.object.set name):
2851         (setter):
2852
2853 2015-10-26  Mark Lam  <mark.lam@apple.com>
2854
2855         Add logging to warn about under-estimated FTL inline cache sizes.
2856         https://bugs.webkit.org/show_bug.cgi?id=150570
2857
2858         Reviewed by Geoffrey Garen.
2859
2860         Added 2 options:
2861         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
2862            estimates that are less than the actual needed code size.
2863
2864            This option is useful for when we add a new IC and want to compute an
2865            estimated size for the IC.  To do this:
2866            1. Build jsc for the target port with a very small IC size (enough to
2867               store the jump instruction needed for the out of line fallback
2868               implementation).
2869            2. Implement a test suite with scenarios that exercise all the code paths in
2870               the IC generator.
2871            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.
2872            4. The max value reported by the dumps will be the worst case size needed to
2873               store the IC.  We should use this value for our estimate.
2874            5. Update the IC's estimated size and rebuild jsc.
2875            6. Re-run (3) and confirm that there are no more error messages about the
2876               IC sizing.
2877
2878         2. JSC_assertICSizing - same as JSC_dumpFailedICSizing except that it also
2879            crashes the VM each time it encounters an inadequate IC size estimate.
2880
2881            This option is useful for regression testing to ensure that our estimates
2882            do not regress.
2883
2884         * ftl/FTLCompile.cpp:
2885         (JSC::FTL::generateInlineIfPossibleOutOfLineIfNot):
2886         * runtime/Options.h:
2887
2888 2015-10-26  Saam barati  <sbarati@apple.com>
2889
2890         r190735 Caused us to maybe trample the base's tag-GPR on 32-bit inline cache when the cache allocates a scratch register and then jumps to the slow path
2891         https://bugs.webkit.org/show_bug.cgi?id=150532
2892
2893         Reviewed by Geoffrey Garen.
2894
2895         The base's tag register used to show up in the used register set
2896         before r190735 because of how the DFG kept track of used register. I changed this 
2897         in my work on inline caching because we don't want to spill these registers
2898         when we have a GetByIdFlush/PutByIdFlush and we use the used register set
2899         as the metric of what to spill. That said, these registers should be locked
2900         and not used as scratch registers by the scratch register allocator. The
2901         reason is that our inline cache may fail and jump to the slow path. The slow
2902         path then uses the base's tag register. If the inline cache used the base's tag
2903         register as a scratch and the inline cache fails and jumps to the slow path, we
2904         have a problem because the tag may now be trampled.
2905
2906         Note that this doesn't mean that we can't trample the base's tag register when making
2907         a call. We can totally trample the register as long as the inline cache succeeds in a GetByIdFlush/PutByIdFlush.
2908         The problem is only when we trample it and then jump to the slow path.
2909
2910         This patch fixes this bug by making StructureStubInfo keep track of the base's
2911         tag GPR. PolymorphicAccess then locks this register when using the ScratchRegisterAllocator.
2912
2913         * bytecode/PolymorphicAccess.cpp:
2914         (JSC::AccessCase::generate):
2915         (JSC::PolymorphicAccess::regenerate):
2916         * bytecode/StructureStubInfo.h:
2917         * dfg/DFGSpeculativeJIT.cpp:
2918         (JSC::DFG::SpeculativeJIT::compileIn):
2919         * jit/JITInlineCacheGenerator.cpp:
2920         (JSC::JITByIdGenerator::JITByIdGenerator):
2921         * tests/stress/regress-150532.js: Added.
2922         (assert):
2923         (randomFunction):
2924         (foo):
2925         (i.switch):
2926
2927 2015-10-24  Brian Burg  <bburg@apple.com>
2928
2929         Teach create_hash_table to omit builtins macros when generating tables for native-only objects
2930         https://bugs.webkit.org/show_bug.cgi?id=150491
2931
2932         Reviewed by Yusuke Suzuki.
2933
2934         In order to support separate compilation for generated builtins files, we need to be able to
2935         include specific builtins headers from generated .lut.h files. However, the create_hash_table
2936         script isn't smart enough to figure out when a generated file might actually contain a builtin.
2937         Without further help, we'd have to include an all-in-one header, mostly defeating the point of
2938         generating separate .h and .cpp files for every builtin.
2939
2940         This patch segregates the pure native and partially builtin sources in the build system, and
2941         gives hints to create_hash_table so that it doesn't even generate checks for builtins if the
2942         input file has no builtin method implementations. Also do some modernization and code cleanup.
2943
2944         * CMakeLists.txt:
2945
2946         Generate each group with different flags to create_hash_table. Change the macro to take
2947         flags through the variable LUT_GENERATOR_FLAGS. Set this as necessary before calling macro.
2948         Add an additional hint to CMake that the .cpp source file depends on the generated file.
2949
2950         * DerivedSources.make:
2951
2952         Generate each group with different flags to create_hash_table. Clean up the 'all' target
2953         so that static dependencies are listed first. Use static patterns to decide which .lut.h
2954         files require which flags. Reduce fragile usages of implicit variables.
2955
2956         * JavaScriptCore.xcodeproj/project.pbxproj:
2957
2958         Add some missing .lut.h files to the Derived Sources group. Sort the project.
2959
2960         * create_hash_table:
2961
2962         Parse options in a sane way using GetOpt::Long. Remove ability to specify a custom namespace
2963         since this isn't actually used anywhere. Normalize placement of newlines in quoted strings.
2964         Only generate builtins macros and includes if the source file is known to have some builtins.
2965
2966 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
2967
2968         Web Inspector: Remove unused ScrollLayer Timeline EventType
2969         https://bugs.webkit.org/show_bug.cgi?id=150518
2970
2971         Reviewed by Timothy Hatcher.
2972
2973         * inspector/protocol/Timeline.json:
2974
2975 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
2976
2977         Web Inspector: Clean up InspectorInstrumentation includes
2978         https://bugs.webkit.org/show_bug.cgi?id=150523
2979
2980         Reviewed by Timothy Hatcher.
2981
2982         * inspector/agents/InspectorConsoleAgent.cpp:
2983         (Inspector::InspectorConsoleAgent::consoleMessageArgumentCounts): Deleted.
2984         * inspector/agents/InspectorConsoleAgent.h:
2985
2986 2015-10-23  Michael Saboff  <msaboff@apple.com>
2987
2988         REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584
2989         https://bugs.webkit.org/show_bug.cgi?id=150513
2990
2991         Reviewed by Saam Barati.
2992
2993         Add check in linkPolymorphicCall() to make sure we have a CodeBlock for the newly added variant.
2994         If not, we turn the call into a virtual call.
2995
2996         The bug was caused by a stack overflow when preparing the function for execution.  This properly
2997         threw an exception, however linkPolymorphicCall() didn't check for this error case.
2998
2999         Added a new test function "failNextNewCodeBlock()" to test tools to simplify the testing.
3000
3001         * API/JSCTestRunnerUtils.cpp:
3002         (JSC::failNextNewCodeBlock):
3003         (JSC::numberOfDFGCompiles):
3004         * API/JSCTestRunnerUtils.h:
3005         * jit/Repatch.cpp:
3006         (JSC::linkPolymorphicCall):
3007         * jsc.cpp:
3008         (GlobalObject::finishCreation):
3009         (functionTransferArrayBuffer):
3010         (functionFailNextNewCodeBlock):
3011         (functionQuit):
3012         * runtime/Executable.cpp:
3013         (JSC::ScriptExecutable::prepareForExecutionImpl):
3014         * runtime/TestRunnerUtils.cpp:
3015         (JSC::optimizeNextInvocation):
3016         (JSC::failNextNewCodeBlock):
3017         (JSC::numberOfDFGCompiles):
3018         * runtime/TestRunnerUtils.h:
3019         * runtime/VM.h:
3020         (JSC::VM::setFailNextNewCodeBlock):
3021         (JSC::VM::getAndClearFailNextNewCodeBlock):
3022         (JSC::VM::stackPointerAtVMEntry):
3023
3024 2015-10-23  Commit Queue  <commit-queue@webkit.org>
3025
3026         Unreviewed, rolling out r191500.
3027         https://bugs.webkit.org/show_bug.cgi?id=150526
3028
3029         Broke two JSC regression tests (Requested by msaboff on
3030         #webkit).
3031
3032         Reverted changeset:
3033
3034         "[ES6] Add DFG/FTL support for accessor put operations"
3035         https://bugs.webkit.org/show_bug.cgi?id=148860
3036         http://trac.webkit.org/changeset/191500
3037
3038 2015-10-23  Yusuke Suzuki  <utatane.tea@gmail.com>
3039
3040         [ES6] Add DFG/FTL support for accessor put operations
3041         https://bugs.webkit.org/show_bug.cgi?id=148860
3042
3043         Reviewed by Geoffrey Garen.
3044
3045         This patch introduces accessor defining ops into DFG and FTL.
3046         The following DFG nodes are introduced.
3047
3048             op_put_getter_by_id  => PutGetterById
3049             op_put_setter_by_id  => PutSetterById
3050             op_put_getter_setter => PutGetterSetterById
3051             op_put_getter_by_val => PutGetterByVal
3052             op_put_setter_by_val => PutSetterByVal
3053
3054         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3055
3056         To use operations defined for baseline JIT, we clean up existing operations.
3057         And reuse these operations in DFG and FTL.
3058
3059         * dfg/DFGAbstractInterpreterInlines.h:
3060         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3061         * dfg/DFGByteCodeParser.cpp:
3062         (JSC::DFG::ByteCodeParser::parseBlock):
3063         * dfg/DFGCapabilities.cpp:
3064         (JSC::DFG::capabilityLevel):
3065         * dfg/DFGClobberize.h:
3066         (JSC::DFG::clobberize):
3067         * dfg/DFGDoesGC.cpp:
3068         (JSC::DFG::doesGC):
3069         * dfg/DFGFixupPhase.cpp:
3070         (JSC::DFG::FixupPhase::fixupNode):
3071         * dfg/DFGNode.h:
3072         (JSC::DFG::Node::hasIdentifier):
3073         (JSC::DFG::Node::hasAccessorAttributes):
3074         (JSC::DFG::Node::accessorAttributes):
3075         * dfg/DFGNodeType.h:
3076         * dfg/DFGPredictionPropagationPhase.cpp:
3077         (JSC::DFG::PredictionPropagationPhase::propagate):
3078         * dfg/DFGSafeToExecute.h:
3079         (JSC::DFG::safeToExecute):
3080         * dfg/DFGSpeculativeJIT.cpp:
3081         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3082         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3083         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3084         * dfg/DFGSpeculativeJIT.h:
3085         (JSC::DFG::SpeculativeJIT::callOperation):
3086         * dfg/DFGSpeculativeJIT32_64.cpp:
3087         (JSC::DFG::SpeculativeJIT::compile):
3088         * dfg/DFGSpeculativeJIT64.cpp:
3089         (JSC::DFG::SpeculativeJIT::compile):
3090         * ftl/FTLCapabilities.cpp:
3091         (JSC::FTL::canCompile):
3092         * ftl/FTLIntrinsicRepository.h:
3093         * ftl/FTLLowerDFGToLLVM.cpp:
3094         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3095         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3096         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3097         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3098         * jit/JIT.h:
3099         * jit/JITInlines.h:
3100         (JSC::JIT::callOperation):
3101         * jit/JITOperations.cpp:
3102         * jit/JITOperations.h:
3103         * jit/JITPropertyAccess.cpp:
3104         (JSC::JIT::emit_op_put_getter_by_id):
3105         (JSC::JIT::emit_op_put_setter_by_id):
3106         (JSC::JIT::emit_op_put_getter_setter):
3107         * jit/JITPropertyAccess32_64.cpp:
3108         (JSC::JIT::emit_op_put_getter_by_id):
3109         (JSC::JIT::emit_op_put_setter_by_id):
3110         (JSC::JIT::emit_op_put_getter_setter):
3111         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3112         (shouldBe):
3113         (testAttribute):
3114         (getter.Cocoa.prototype.get hello):
3115         (getter.Cocoa):
3116         (getter):
3117         (setter.Cocoa):
3118         (setter.Cocoa.prototype.set hello):
3119         (setter):
3120         (accessors.Cocoa):
3121         (accessors.Cocoa.prototype.get hello):
3122         (accessors.Cocoa.prototype.set hello):
3123         (accessors):
3124         * tests/stress/dfg-put-accessors-by-id.js: Added.
3125         (shouldBe):
3126         (testAttribute):
3127         (getter.object.get hello):
3128         (getter):
3129         (setter.object.set hello):
3130         (setter):
3131         (accessors.object.get hello):
3132         (accessors.object.set hello):
3133         (accessors):
3134         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3135         (shouldBe):
3136         (testAttribute):
3137         (getter.Cocoa):
3138         (getter.Cocoa.prototype.get hello):
3139         (getter.Cocoa.prototype.get name):
3140         (getter):
3141         * tests/stress/dfg-put-getter-by-id.js: Added.
3142         (shouldBe):
3143         (testAttribute):
3144         (getter.object.get hello):
3145         (getter):
3146         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3147         (shouldBe):
3148         (testAttribute):
3149         (getter.Cocoa):
3150         (getter.Cocoa.prototype.get name):
3151         (getter):
3152         * tests/stress/dfg-put-getter-by-val.js: Added.
3153         (shouldBe):
3154         (testAttribute):
3155         (getter.object.get name):
3156         (getter):
3157         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3158         (shouldBe):
3159         (testAttribute):
3160         (getter.Cocoa):
3161         (getter.Cocoa.prototype.set hello):
3162         (getter.Cocoa.prototype.get name):
3163         (getter):
3164         * tests/stress/dfg-put-setter-by-id.js: Added.
3165         (shouldBe):
3166         (testAttribute):
3167         (setter.object.set hello):
3168         (setter):
3169         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3170         (shouldBe):
3171         (testAttribute):
3172         (setter.Cocoa):
3173         (setter.Cocoa.prototype.set name):
3174         (setter):
3175         * tests/stress/dfg-put-setter-by-val.js: Added.
3176         (shouldBe):
3177         (testAttribute):
3178         (setter.object.set name):
3179         (setter):
3180
3181 2015-10-22  Joseph Pecoraro  <pecoraro@apple.com>
3182
3183         Web Inspector: Remove unused Timeline GCEvent Record type
3184         https://bugs.webkit.org/show_bug.cgi?id=150477
3185
3186         Reviewed by Timothy Hatcher.
3187
3188         Garbage Collection events go through the Heap domain, not the
3189         Timeline domain (long time ago for Chromium).
3190
3191         * inspector/protocol/Timeline.json:
3192
3193 2015-10-22  Michael Saboff  <msaboff@apple.com>
3194
3195         REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at JavaScriptCore:JSC::ExecState::bytecodeOffset + 174
3196         https://bugs.webkit.org/show_bug.cgi?id=150434
3197
3198         Reviewed by Mark Lam.
3199
3200         Pass the current frame instead of the caller frame to operationVMHandleException when processing an
3201         exception in one of the native thunks.
3202
3203         * jit/JITExceptions.cpp:
3204         (JSC::genericUnwind): Made debug printing of CodeBlock safe for call frames without one.
3205         * jit/JITOpcodes32_64.cpp:
3206         (JSC::JIT::privateCompileCTINativeCall):
3207         * jit/ThunkGenerators.cpp:
3208         (JSC::nativeForGenerator):
3209
3210 2015-10-21  Brian Burg  <bburg@apple.com>
3211
3212         Restructure generate-js-bindings script to be modular and testable
3213         https://bugs.webkit.org/show_bug.cgi?id=149929
3214
3215         Reviewed by Alex Christensen.
3216
3217         This is a new code generator, based on the replay inputs code generator and
3218         the inspector protocol code generator, which produces various files for JS
3219         builtins.
3220
3221         Relative to the generator it replaces, this one consolidates two scripts in
3222         JavaScriptCore and WebCore into a single script with multiple files. Parsed
3223         information about the builtins file is stored in backend-independent model
3224         objects. Each output file has its own code generator that uses the model to
3225         produce resulting code. Generators are additionally parameterized by the target
3226         framework (to choose correct macros and includes) and output mode (one
3227         header/implementation file per builtin or per framework).
3228
3229         It includes a few simple tests of the generator's functionality. These result-
3230         based tests will become increasingly more important as we start to add support
3231         for builtins annotation such as @optional, @internal, etc. to the code generator.
3232
3233         Some of these complexities, such as having two output modes, will be removed in
3234         subsequent patches. This patch is intended to exactly replace the existing
3235         functionality with a unified script that makes additional cleanups straightforward.
3236
3237         Additional cleanup and consolidation between inspector code generator scripts
3238         and this script will be pursued in followup patches.
3239
3240         New tests:
3241
3242         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js
3243         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js
3244         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js
3245         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js
3246         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js
3247         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js
3248         Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js
3249         Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js
3250         Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js
3251         Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js
3252
3253
3254         * CMakeLists.txt:
3255
3256             Copy the scripts that are used by other targets to a staging directory inside
3257             ${DERIVED_SOURCES_DIR}/ForwardingHeaders/JavaScriptCore/Scripts.
3258             Define JavaScriptCore_SCRIPTS_DIR to point here so that the add_custom_command
3259             and shared file lists are identical between JavaScriptCore and WebCore. The staged
3260             scripts are a dependency of the main JavaScriptCore target so that they are
3261             always staged, even if JavaScriptCore itself does not use a particular script.
3262
3263             The output files additionally depend on all builtin generator script files
3264             and input files that are combined into the single header/implementation file.
3265
3266         * DerivedSources.make:
3267
3268             Define JavaScriptCore_SCRIPTS_DIR explicitly so the rule for code generation and
3269             shared file lists are identical between JavaScriptCore and WebCore.
3270
3271             The output files additionally depend on all builtin generator script files
3272             and input files that are combined into the single header/implementation file.
3273
3274         * JavaScriptCore.xcodeproj/project.pbxproj:
3275
3276             Mark the new builtins generator files as private headers so we can use them from
3277             WebCore.
3278
3279         * Scripts/UpdateContents.py: Renamed from Source/JavaScriptCore/UpdateContents.py.
3280         * Scripts/builtins/__init__.py: Added.
3281         * Scripts/builtins/builtins.py: Added.
3282         * Scripts/builtins/builtins_generator.py: Added. This file contains the base generator.
3283         (WK_lcfirst):
3284         (WK_ucfirst):
3285         (BuiltinsGenerator):
3286         (BuiltinsGenerator.__init__):
3287         (BuiltinsGenerator.model):
3288         (BuiltinsGenerator.generate_license):
3289         (BuiltinsGenerator.generate_includes_from_entries):
3290         (BuiltinsGenerator.generate_output):
3291         (BuiltinsGenerator.output_filename):
3292         (BuiltinsGenerator.mangledNameForFunction):
3293         (BuiltinsGenerator.mangledNameForFunction.toCamel):
3294         (BuiltinsGenerator.generate_embedded_code_string_section_for_function):
3295         * Scripts/builtins/builtins_model.py: Added. This file contains builtins model objects.
3296         (ParseException):
3297         (Framework):
3298         (Framework.__init__):
3299         (Framework.setting):
3300         (Framework.fromString):
3301         (Frameworks):
3302         (BuiltinObject):
3303         (BuiltinObject.__init__):
3304         (BuiltinFunction):
3305         (BuiltinFunction.__init__):
3306         (BuiltinFunction.fromString):
3307         (BuiltinFunction.__str__):
3308         (BuiltinsCollection):
3309         (BuiltinsCollection.__init__):
3310         (BuiltinsCollection.parse_builtins_file):
3311         (BuiltinsCollection.copyrights):
3312         (BuiltinsCollection.all_functions):
3313         (BuiltinsCollection._parse_copyright_lines):
3314         (BuiltinsCollection._parse_functions):
3315         * Scripts/builtins/builtins_templates.py: Added.
3316         (BuiltinsGeneratorTemplates):
3317         * Scripts/builtins/builtins_generate_combined_header.py: Added.
3318         (BuiltinsCombinedHeaderGenerator):
3319         (BuiltinsCombinedHeaderGenerator.__init__):
3320         (BuiltinsCombinedHeaderGenerator.output_filename):
3321         (BuiltinsCombinedHeaderGenerator.generate_output):
3322         (BuiltinsCombinedHeaderGenerator.generate_forward_declarations):
3323         (FunctionExecutable):
3324         (VM):
3325         (ConstructAbility):
3326         (generate_section_for_object):
3327         (generate_externs_for_object):
3328         (generate_macros_for_object):
3329         (generate_defines_for_object):
3330         (generate_section_for_code_table_macro):
3331         (generate_section_for_code_name_macro):
3332         * Scripts/builtins/builtins_generate_combined_implementation.py: Added.
3333         (BuiltinsCombinedImplementationGenerator):
3334         (BuiltinsCombinedImplementationGenerator.__init__):
3335         (BuiltinsCombinedImplementationGenerator.output_filename):
3336         (BuiltinsCombinedImplementationGenerator.generate_output):
3337         (BuiltinsCombinedImplementationGenerator.generate_header_includes):
3338         * Scripts/builtins/builtins_generate_separate_header.py: Added.
3339         (BuiltinsSeparateHeaderGenerator):
3340         (BuiltinsSeparateHeaderGenerator.__init__):
3341         (BuiltinsSeparateHeaderGenerator.output_filename):
3342         (BuiltinsSeparateHeaderGenerator.macro_prefix):
3343         (BuiltinsSeparateHeaderGenerator.generate_output):
3344         (BuiltinsSeparateHeaderGenerator.generate_forward_declarations):
3345         (FunctionExecutable):
3346         (generate_header_includes):
3347         (generate_section_for_object):
3348         (generate_externs_for_object):
3349         (generate_macros_for_object):
3350         (generate_defines_for_object):
3351         (generate_section_for_code_table_macro):
3352         (generate_section_for_code_name_macro):
3353         * Scripts/builtins/builtins_generate_separate_implementation.py: Added.
3354         (BuiltinsSeparateImplementationGenerator):
3355         (BuiltinsSeparateImplementationGenerator.__init__):
3356         (BuiltinsSeparateImplementationGenerator.output_filename):
3357         (BuiltinsSeparateImplementationGenerator.macro_prefix):
3358         (BuiltinsSeparateImplementationGenerator.generate_output):
3359         (BuiltinsSeparateImplementationGenerator.generate_header_includes):
3360         * Scripts/builtins/builtins_generate_separate_wrapper.py: Added.
3361         (BuiltinsSeparateWrapperGenerator):
3362         (BuiltinsSeparateWrapperGenerator.__init__):
3363         (BuiltinsSeparateWrapperGenerator.output_filename):
3364         (BuiltinsSeparateWrapperGenerator.macro_prefix):
3365         (BuiltinsSeparateWrapperGenerator.generate_output):
3366         (BuiltinsSeparateWrapperGenerator.generate_header_includes):
3367         * Scripts/generate-js-builtins.py: Added.
3368
3369             Parse command line options, decide which generators and output modes to use.
3370
3371         (generate_bindings_for_builtins_files):
3372         * Scripts/lazywriter.py: Copied from the inspector protocol generator.
3373         (LazyFileWriter):
3374         (LazyFileWriter.__init__):
3375         (LazyFileWriter.write):
3376         (LazyFileWriter.close):
3377         * Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js: Added.
3378         * Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js: Added.
3379         * Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js: Added.
3380         * Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js: Added.
3381         * Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js: Added.
3382         * Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js: Added.
3383         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Added.
3384         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Added.
3385         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Added.
3386         * Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js: Added.
3387         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result: Added.
3388         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result: Added.
3389         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result: Added.
3390         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result: Added.
3391         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result: Added.
3392         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result: Added.
3393         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result: Added.
3394         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result: Added.
3395         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result: Added.
3396         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result: Added.
3397         * builtins/BuiltinExecutables.cpp:
3398         (JSC::BuiltinExecutables::BuiltinExecutables):
3399         * builtins/BuiltinExecutables.h:
3400         * create_hash_table:
3401
3402             Update the generated builtin macro names.
3403
3404         * generate-js-builtins: Removed.
3405
3406 2015-10-21  Benjamin Poulain  <bpoulain@apple.com>
3407
3408         [JSC] Remove FTL Native Inlining, it is dead code
3409         https://bugs.webkit.org/show_bug.cgi?id=150429
3410
3411         Reviewed by Filip Pizlo.
3412
3413         The code is not used and it is in the way of other changes.
3414
3415         * ftl/FTLAbbreviations.h:
3416         (JSC::FTL::getFirstInstruction): Deleted.
3417         (JSC::FTL::getNextInstruction): Deleted.
3418         (JSC::FTL::getFirstBasicBlock): Deleted.
3419         (JSC::FTL::getNextBasicBlock): Deleted.
3420         * ftl/FTLLowerDFGToLLVM.cpp:
3421         (JSC::FTL::DFG::LowerDFGToLLVM::isInlinableSize): Deleted.
3422         * runtime/Options.h:
3423
3424 2015-10-21  Benjamin Poulain  <bpoulain@apple.com>
3425
3426         [JSC] Remove two useless temporaries from the PutByOffset codegen
3427         https://bugs.webkit.org/show_bug.cgi?id=150421
3428
3429         Reviewed by Geoffrey Garen.
3430
3431         * dfg/DFGSpeculativeJIT64.cpp:
3432         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3433         Looks like they were added by accident in r160796.
3434
3435 2015-10-21  Filip Pizlo  <fpizlo@apple.com>
3436
3437         Factor out the graph node worklists from DFG into WTF
3438         https://bugs.webkit.org/show_bug.cgi?id=150411
3439
3440         Reviewed by Geoffrey Garen.
3441
3442         Rewrite the DFGBlockWorklist.h file as a bunch of typedefs and aliases for things in
3443         wtf/GraphNodeWorklist.h. Most users won't notice, except that some small things got
3444         renamed. For example PreOrder becomes VisitOrder::Pre and item.block becomes item.node.
3445
3446         * CMakeLists.txt:
3447         * JavaScriptCore.xcodeproj/project.pbxproj:
3448         * dfg/DFGBlockWorklist.cpp: Removed.
3449         * dfg/DFGBlockWorklist.h:
3450         (JSC::DFG::BlockWorklist::notEmpty): Deleted.
3451         (JSC::DFG::BlockWith::BlockWith): Deleted.
3452         (JSC::DFG::BlockWith::operator bool): Deleted.
3453         (JSC::DFG::ExtendedBlockWorklist::ExtendedBlockWorklist): Deleted.
3454         (JSC::DFG::ExtendedBlockWorklist::forcePush): Deleted.
3455         (JSC::DFG::ExtendedBlockWorklist::push): Deleted.
3456         (JSC::DFG::ExtendedBlockWorklist::notEmpty): Deleted.
3457         (JSC::DFG::ExtendedBlockWorklist::pop): Deleted.
3458         (JSC::DFG::BlockWithOrder::BlockWithOrder): Deleted.
3459         (JSC::DFG::BlockWithOrder::operator bool): Deleted.
3460         (JSC::DFG::PostOrderBlockWorklist::push): Deleted.
3461         (JSC::DFG::PostOrderBlockWorklist::notEmpty): Deleted.
3462         * dfg/DFGDominators.cpp:
3463         (JSC::DFG::Dominators::compute):
3464         * dfg/DFGGraph.cpp:
3465         (JSC::DFG::Graph::blocksInPostOrder):
3466         * dfg/DFGPrePostNumbering.cpp:
3467         (JSC::DFG::PrePostNumbering::compute):
3468
3469 2015-10-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3470
3471         [INTL] Implement Intl.Collator.prototype.resolvedOptions ()
3472         https://bugs.webkit.org/show_bug.cgi?id=147601
3473
3474         Reviewed by Benjamin Poulain.
3475
3476         This patch implements Intl.Collator.prototype.resolvedOptions() according
3477         to the ECMAScript 2015 Internationalization API spec (ECMA-402 2nd edition.)
3478         It also implements the abstract operations InitializeCollator, ResolveLocale,
3479         LookupMatcher, and BestFitMatcher.
3480
3481         * runtime/CommonIdentifiers.h:
3482         * runtime/IntlCollator.h:
3483         (JSC::IntlCollator::usage):
3484         (JSC::IntlCollator::setUsage):
3485         (JSC::IntlCollator::locale):
3486         (JSC::IntlCollator::setLocale):
3487         (JSC::IntlCollator::collation):
3488         (JSC::IntlCollator::setCollation):
3489         (JSC::IntlCollator::numeric):
3490         (JSC::IntlCollator::setNumeric):
3491         (JSC::IntlCollator::sensitivity):
3492         (JSC::IntlCollator::setSensitivity):
3493         (JSC::IntlCollator::ignorePunctuation):
3494         (JSC::IntlCollator::setIgnorePunctuation):
3495         * runtime/IntlCollatorConstructor.cpp:
3496         (JSC::sortLocaleData):
3497         (JSC::searchLocaleData):
3498         (JSC::initializeCollator):
3499         (JSC::constructIntlCollator):
3500         (JSC::callIntlCollator):
3501         * runtime/IntlCollatorPrototype.cpp:
3502         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
3503         * runtime/IntlObject.cpp:
3504         (JSC::defaultLocale):
3505         (JSC::getIntlBooleanOption):
3506         (JSC::getIntlStringOption):
3507         (JSC::removeUnicodeLocaleExtension):
3508         (JSC::lookupMatcher):
3509         (JSC::bestFitMatcher):
3510         (JSC::resolveLocale):
3511         (JSC::lookupSupportedLocales):
3512         * runtime/IntlObject.h:
3513
3514 2015-10-21  Saam barati  <sbarati@apple.com>
3515
3516         C calls in PolymorphicAccess shouldn't assume that the top of the stack looks like a JSC JIT frame and enable *ByIdFlush in FTL
3517         https://bugs.webkit.org/show_bug.cgi?id=125711
3518
3519         Reviewed by Filip Pizlo.
3520
3521         This patch ensures that anytime we need to make a C call inside
3522         PolymorphicAccess, we ensure there is enough space on the stack to do so.
3523
3524         This patch also enables GetByIdFlush/PutByIdFlush inside the FTL.
3525         Because PolymorphicAccess now spills the necessary registers
3526         before making a JS/C call, any registers that LLVM report as
3527         being in use for the patchpoint will be spilled before making
3528         a call by PolymorphicAccess.
3529
3530         * bytecode/PolymorphicAccess.cpp:
3531         (JSC::AccessGenerationState::restoreScratch):
3532         (JSC::AccessGenerationState::succeed):
3533         (JSC::AccessGenerationState::calculateLiveRegistersForCallAndExceptionHandling):
3534         (JSC::AccessCase::generate):
3535         (JSC::PolymorphicAccess::regenerate):
3536         * ftl/FTLCapabilities.cpp:
3537         (JSC::FTL::canCompile):
3538         * ftl/FTLLowerDFGToLLVM.cpp:
3539         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3540         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetById):
3541         (JSC::FTL::DFG::LowerDFGToLLVM::emitStoreBarrier):
3542         * jit/AssemblyHelpers.h:
3543         (JSC::AssemblyHelpers::emitTypeOf):
3544         (JSC::AssemblyHelpers::makeSpaceOnStackForCCall):
3545         (JSC::AssemblyHelpers::reclaimSpaceOnStackForCCall):
3546         * jit/RegisterSet.cpp:
3547         (JSC::RegisterSet::webAssemblyCalleeSaveRegisters):
3548         (JSC::RegisterSet::registersToNotSaveForJSCall):
3549         (JSC::RegisterSet::registersToNotSaveForCCall):
3550         (JSC::RegisterSet::allGPRs):
3551         (JSC::RegisterSet::registersToNotSaveForCall): Deleted.
3552         * jit/RegisterSet.h:
3553         (JSC::RegisterSet::set):
3554         * jit/ScratchRegisterAllocator.cpp:
3555         (JSC::ScratchRegisterAllocator::allocateScratchGPR):
3556         (JSC::ScratchRegisterAllocator::allocateScratchFPR):
3557         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
3558         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
3559         These methods now take an extra parameter indicating if they
3560         should create space for a C call at the top of the stack if
3561         there are any reused registers to spill.
3562
3563         (JSC::ScratchRegisterAllocator::usedRegistersForCall):
3564         * jit/ScratchRegisterAllocator.h:
3565         (JSC::ScratchRegisterAllocator::usedRegisters):
3566
3567 2015-10-21  Joseph Pecoraro  <pecoraro@apple.com>
3568
3569         Web Inspector: Array previews with Symbol objects have too few preview values
3570         https://bugs.webkit.org/show_bug.cgi?id=150404
3571
3572         Reviewed by Timothy Hatcher.
3573
3574         * inspector/InjectedScriptSource.js:
3575         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
3576         We should be continuing inside this loop not returning.
3577
3578 2015-10-21  Filip Pizlo  <fpizlo@apple.com>
3579
3580         Failures in PutStackSinkingPhase should be less severe
3581         https://bugs.webkit.org/show_bug.cgi?id=150400
3582
3583         Reviewed by Geoffrey Garen.
3584
3585         Make the PutStackSinkingPhase abort instead of asserting. To test that it's OK to not have
3586         PutStackSinkingPhase run, this adds a test mode where we run without PutStackSinkingPhase.
3587
3588         * dfg/DFGPlan.cpp: Make it possible to not run PutStackSinkingPhase for tests.
3589         (JSC::DFG::Plan::compileInThreadImpl):
3590         * dfg/DFGPutStackSinkingPhase.cpp: PutStackSinkingPhase should abort instead of asserting, except when validation is enabled.
3591         * runtime/Options.h: Add an option for disabling PutStackSinkingPhase.
3592
3593 2015-10-21  Saam barati  <sbarati@apple.com>
3594
3595         The FTL should place the CallSiteIndex on the call frame for JS calls when it fills in the patchpoint
3596         https://bugs.webkit.org/show_bug.cgi?id=150104
3597
3598         Reviewed by Filip Pizlo.
3599
3600         We lower JS Calls to patchpoints in LLVM. LLVM may decide to duplicate
3601         these patchpoints (or remove them). We eagerly store the CallSiteIndex on the 
3602         call frame when lowering DFG to LLVM. But, because the patchpoint we lower to may
3603         be duplicated, we really don't know the unique CallSiteIndex until we've
3604         actually seen the resulting patchpoints after LLVM has completed its transformations.
3605         To solve this, we now store the unique CallSiteIndex on the call frame header 
3606         when generating code to fill into the patchpoint.
3607
3608         * ftl/FTLCompile.cpp:
3609         (JSC::FTL::mmAllocateDataSection):
3610         * ftl/FTLJSCall.cpp:
3611         (JSC::FTL::JSCall::JSCall):
3612         (JSC::FTL::JSCall::emit):
3613         * ftl/FTLJSCall.h:
3614         (JSC::FTL::JSCall::stackmapID):
3615         * ftl/FTLJSCallBase.cpp:
3616         (JSC::FTL::JSCallBase::JSCallBase):
3617         (JSC::FTL::JSCallBase::emit):
3618         (JSC::FTL::JSCallBase::link):
3619         * ftl/FTLJSCallBase.h:
3620         * ftl/FTLJSCallVarargs.cpp:
3621         (JSC::FTL::JSCallVarargs::JSCallVarargs):
3622         (JSC::FTL::JSCallVarargs::numSpillSlotsNeeded):
3623         (JSC::FTL::JSCallVarargs::emit):
3624         * ftl/FTLJSCallVarargs.h:
3625         (JSC::FTL::JSCallVarargs::node):
3626         (JSC::FTL::JSCallVarargs::stackmapID):
3627         * ftl/FTLJSTailCall.cpp:
3628         (JSC::FTL::JSTailCall::JSTailCall):
3629         (JSC::FTL::m_instructionOffset):
3630         (JSC::FTL::JSTailCall::emit):
3631         * ftl/FTLLowerDFGToLLVM.cpp:
3632         (JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):
3633         (JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstructVarargs):
3634         (JSC::FTL::DFG::LowerDFGToLLVM::callPreflight):
3635         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
3636         (JSC::FTL::DFG::LowerDFGToLLVM::callCheck):
3637
3638 2015-10-21  Geoffrey Garen  <ggaren@apple.com>
3639
3640         Date creation should share a little code
3641         https://bugs.webkit.org/show_bug.cgi?id=150399
3642
3643         Reviewed by Filip Pizlo.
3644
3645         I want to fix a bug in this code, but I don't want to fix it in two
3646         different places. (See https://bugs.webkit.org/show_bug.cgi?id=150386.)
3647
3648         * runtime/DateConstructor.cpp:
3649         (JSC::DateConstructor::getOwnPropertySlot):
3650         (JSC::milliseconds): Factored out a shared helper function. If you look
3651         closely, you'll see that one copy of this code previously checked isfinite
3652         while the other checked isnan. isnan returning nan was obviously a no-op,
3653         so I removed it. isfinite, it turns out, is also a no-op -- but less
3654         obviously so, so I kept it for now.
3655
3656         (JSC::constructDate):
3657         (JSC::dateUTC): Use the helper function.
3658
3659 2015-10-21  Guillaume Emont  <guijemont@igalia.com>
3660
3661         llint: align stack pointer on mips too
3662
3663         [MIPS] LLInt: align stack pointer on MIPS too
3664         https://bugs.webkit.org/show_bug.cgi?id=150380
3665
3666         Reviewed by Michael Saboff.
3667
3668         * llint/LowLevelInterpreter32_64.asm:
3669
3670 2015-10-20  Mark Lam  <mark.lam@apple.com>
3671
3672         YarrPatternConstructor::containsCapturingTerms() should not assume that its terms.size() is greater than 0.
3673         https://bugs.webkit.org/show_bug.cgi?id=150372
3674
3675         Reviewed by Geoffrey Garen.
3676
3677         * yarr/YarrPattern.cpp:
3678         (JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
3679         (JSC::Yarr::YarrPatternConstructor::optimizeBOL):
3680         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
3681         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
3682
3683 2015-10-20  Michael Saboff  <msaboff@apple.com>
3684
3685         REGRESSION (r191175): OSR Exit from an inlined tail callee trashes callee save registers
3686         https://bugs.webkit.org/show_bug.cgi?id=150336
3687
3688         Reviewed by Mark Lam.
3689
3690         During OSR exit, we need to restore and transform the active stack into what the baseline
3691         JIT expects.  Inlined call frames become true call frames.  When we reify an inlined call
3692         frame and it is a tail call which we will be continuing from, we need to restore the tag
3693         constant callee save registers with what was saved by the outermost caller.
3694
3695         Re-enabled tail calls and restored tests for tail calls.
3696
3697         * dfg/DFGOSRExitCompilerCommon.cpp:
3698         (JSC::DFG::reifyInlinedCallFrames): Select whether or not we use the callee save tag register
3699         contents or what was saved by the inlining caller when populating an inlined callee's
3700         callee save registers.
3701         * jit/AssemblyHelpers.h:
3702         (JSC::AssemblyHelpers::emitSaveCalleeSavesFor): This function no longer needs a stack offset.
3703         (JSC::AssemblyHelpers::emitSaveOrCopyCalleeSavesFor): New helper.
3704         * runtime/Options.h: Turned tail calls back on.
3705         * tests/es6.yaml:
3706         * tests/stress/dfg-tail-calls.js:
3707         (nonInlinedTailCall.callee):
3708         * tests/stress/mutual-tail-call-no-stack-overflow.js:
3709         (shouldThrow):
3710         * tests/stress/tail-call-in-inline-cache.js:
3711         (tail):
3712         * tests/stress/tail-call-no-stack-overflow.js:
3713         (shouldThrow):
3714         * tests/stress/tail-call-recognize.js:
3715         (callerMustBeRun):
3716         * tests/stress/tail-call-varargs-no-stack-overflow.js:
3717         (shouldThrow):
3718
3719 2015-10-20  Joseph Pecoraro  <pecoraro@apple.com>
3720
3721         Web Inspector: JavaScriptCore should parse sourceURL and sourceMappingURL directives
3722         https://bugs.webkit.org/show_bug.cgi?id=150096
3723
3724         Reviewed by Geoffrey Garen.
3725
3726         * inspector/ContentSearchUtilities.cpp:
3727         (Inspector::ContentSearchUtilities::scriptCommentPattern): Deleted.
3728         (Inspector::ContentSearchUtilities::findScriptSourceURL): Deleted.
3729         (Inspector::ContentSearchUtilities::findScriptSourceMapURL): Deleted.
3730         * inspector/ContentSearchUtilities.h:
3731         No longer need to search script content.
3732
3733         * inspector/ScriptDebugServer.cpp:
3734         (Inspector::ScriptDebugServer::dispatchDidParseSource):
3735         Carry over the sourceURL and sourceMappingURL from the SourceProvider.
3736
3737         * inspector/agents/InspectorDebuggerAgent.cpp:
3738         (Inspector::InspectorDebuggerAgent::sourceMapURLForScript):
3739         (Inspector::InspectorDebuggerAgent::didParseSource):
3740         No longer do content searching.
3741
3742         * parser/Lexer.cpp:
3743         (JSC::Lexer<T>::setCode):
3744         (JSC::Lexer<T>::skipWhitespace):
3745         (JSC::Lexer<T>::parseCommentDirective):
3746         (JSC::Lexer<T>::parseCommentDirectiveValue):
3747         (JSC::Lexer<T>::consume):
3748         (JSC::Lexer<T>::lex):
3749         * parser/Lexer.h:
3750         (JSC::Lexer::sourceURL):
3751         (JSC::Lexer::sourceMappingURL):
3752         (JSC::Lexer::sourceProvider): Deleted.
3753         Give lexer the ability to detect script comment directives.
3754         This just consumes characters in single line comments and
3755         ultimately sets the sourceURL or sourceMappingURL found.
3756
3757         * parser/Parser.h:
3758         (JSC::Parser<LexerType>::parse):
3759         * parser/SourceProvider.h:
3760         (JSC::SourceProvider::url):
3761         (JSC::SourceProvider::sourceURL):
3762         (JSC::SourceProvider::sourceMappingURL):
3763         (JSC::SourceProvider::setSourceURL):
3764         (JSC::SourceProvider::setSourceMappingURL):
3765         After parsing a script, update the Source Provider with the
3766         value of directives that may have been found in the script.
3767
3768 2015-10-20  Saam barati  <sbarati@apple.com>
3769
3770         GCAwareJITStubRoutineWithExceptionHandler has a stale CodeBlock pointer in its destructor
3771         https://bugs.webkit.org/show_bug.cgi?id=150351
3772
3773         Reviewed by Mark Lam.
3774
3775         We may regenerate many GCAwareJITStubRoutineWithExceptionHandler stubs per one PolymorphicAccess.
3776         Only the last GCAwareJITStubRoutineWithExceptionHandler stub that was generated will get the CodeBlock's aboutToDie()
3777         notification. All other GCAwareJITStubRoutineWithExceptionHandler stubs will still be holding a stale CodeBlock pointer
3778         that they will use in their destructor. The solution is to have GCAwareJITStubRoutineWithExceptionHandler remove its
3779         exception handler in observeZeroRefCount() instead of its destructor. observeZeroRefCount() will run when a PolymorphicAccess
3780         replaces its m_stubRoutine.
3781
3782         * jit/GCAwareJITStubRoutine.cpp:
3783         (JSC::GCAwareJITStubRoutineWithExceptionHandler::aboutToDie):
3784         (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
3785         (JSC::createJITStubRoutine):
3786         (JSC::GCAwareJITStubRoutineWithExceptionHandler::~GCAwareJITStubRoutineWithExceptionHandler): Deleted.
3787         * jit/GCAwareJITStubRoutine.h:
3788
3789 2015-10-20  Tim Horton  <timothy_horton@apple.com>
3790
3791         Try to fix the build by disabling MAC_GESTURE_EVENTS on 10.9 and 10.10
3792
3793         * Configurations/FeatureDefines.xcconfig:
3794
3795 2015-10-20  Xabier Rodriguez Calvar  <calvaris@igalia.com>
3796
3797         [Streams API] Rework some readable stream internals that can be common to writable streams
3798         https://bugs.webkit.org/show_bug.cgi?id=150133
3799
3800         Reviewed by Darin Adler.
3801
3802         * runtime/CommonIdentifiers.h:
3803         * runtime/JSGlobalObject.cpp:
3804         (JSC::JSGlobalObject::init): Added RangeError also as native functions.
3805
3806 2015-10-20  Yoav Weiss  <yoav@yoav.ws>
3807
3808         Rename the PICTURE_SIZES flag to CURRENTSRC
3809         https://bugs.webkit.org/show_bug.cgi?id=150275
3810
3811         Reviewed by Dean Jackson.
3812
3813         * Configurations/FeatureDefines.xcconfig:
3814
3815 2015-10-19  Saam barati  <sbarati@apple.com>
3816
3817         FTL should generate a unique OSR exit for each duplicated OSR exit stackmap intrinsic.
3818         https://bugs.webkit.org/show_bug.cgi?id=149970
3819
3820         Reviewed by Filip Pizlo.
3821
3822         When we lower DFG to LLVM, we generate a stackmap intrnsic for OSR 
3823         exits. We also recorded the OSR exit inside FTL::JITCode during lowering.
3824         This stackmap intrinsic may be duplicated or even removed by LLVM.
3825         When the stackmap intrinsic is duplicated, we used to generate just
3826         a single OSR exit data structure. Then, when we compiled an OSR exit, we 
3827         would look for the first record in the record list that had the same stackmap ID
3828         as what the OSR exit data structure had. We did this even when the OSR exit
3829         stackmap intrinsic was duplicated. This would lead us to grab the wrong FTL::StackMaps::Record.
3830
3831         Now, each OSR exit knows exactly which FTL::StackMaps::Record it corresponds to.
3832         We accomplish this by having an OSRExitDescriptor that is recorded during
3833         lowering. Each descriptor may be referenced my zero, one, or more OSRExits.
3834         Now, no more than one stackmap intrinsic corresponds to the same index inside 
3835         JITCode's OSRExit Vector. Also, each OSRExit jump now jumps to a code location.
3836
3837         * ftl/FTLCompile.cpp:
3838         (JSC::FTL::mmAllocateDataSection):
3839         * ftl/FTLJITCode.cpp:
3840         (JSC::FTL::JITCode::validateReferences):
3841         (JSC::FTL::JITCode::liveRegistersToPreserveAtExceptionHandlingCallSite):
3842         * ftl/FTLJITCode.h:
3843         * ftl/FTLJITFinalizer.cpp:
3844         (JSC::FTL::JITFinalizer::finalizeFunction):
3845         * ftl/FTLLowerDFGToLLVM.cpp:
3846         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
3847         (JSC::FTL::DFG::LowerDFGToLLVM::compileIsUndefined):
3848         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
3849         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
3850         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
3851         (JSC::FTL::DFG::LowerDFGToLLVM::callStackmap):
3852         * ftl/FTLOSRExit.cpp:
3853         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
3854         (JSC::FTL::OSRExitDescriptor::validateReferences):
3855         (JSC::FTL::OSRExit::OSRExit):
3856         (JSC::FTL::OSRExit::codeLocationForRepatch):
3857         (JSC::FTL::OSRExit::validateReferences): Deleted.
3858         * ftl/FTLOSRExit.h:
3859         (JSC::FTL::OSRExit::considerAddingAsFrequentExitSite):
3860         * ftl/FTLOSRExitCompilationInfo.h:
3861         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
3862         * ftl/FTLOSRExitCompiler.cpp:
3863         (JSC::FTL::compileStub):
3864         (JSC::FTL::compileFTLOSRExit):
3865         * ftl/FTLStackMaps.cpp:
3866         (JSC::FTL::StackMaps::computeRecordMap):
3867         * ftl/FTLStackMaps.h:
3868
3869 2015-10-16  Brian Burg  <bburg@apple.com>
3870
3871         Unify handling of JavaScriptCore scripts that are used in WebCore
3872         https://bugs.webkit.org/show_bug.cgi?id=150245
3873
3874         Reviewed by Alex Christensen.
3875
3876         Move all standalone JavaScriptCore scripts that are used by WebCore into the
3877         JavaScriptCore/Scripts directory. Use JavaScriptCore_SCRIPTS_DIR to refer
3878         to the path for these scripts.
3879
3880         * DerivedSources.make:
3881
3882             Define and use JavaScriptCore_SCRIPTS_DIR.
3883
3884         * JavaScriptCore.xcodeproj/project.pbxproj:
3885
3886             Make a new group in the Xcode project and clean up references.
3887
3888         * PlatformWin.cmake:
3889
3890             For Windows, copy these scripts over to ForwardingHeaders/Scripts since they
3891             cannot be used directly from JAVASCRIPTCORE_DIR in AppleWin builds. Do the same
3892             thing for both Windows variants to be consistent about it.
3893
3894         * Scripts/cssmin.py: Renamed from Source/JavaScriptCore/inspector/scripts/cssmin.py.
3895         * Scripts/generate-combined-inspector-json.py: Renamed from Source/JavaScriptCore/inspector/scripts/generate-combined-inspector-json.py.
3896         * Scripts/generate-js-builtins: Renamed from Source/JavaScriptCore/generate-js-builtins.
3897         * Scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/JavaScriptCore/inspector/scripts/inline-and-minify-stylesheets-and-scripts.py.
3898         * Scripts/jsmin.py: Renamed from Source/JavaScriptCore/inspector/scripts/jsmin.py.
3899         * Scripts/xxd.pl: Renamed from Source/JavaScriptCore/inspector/scripts/xxd.pl.
3900
3901 2015-10-19  Tim Horton  <timothy_horton@apple.com>
3902
3903         Try to fix the iOS build
3904
3905         * Configurations/FeatureDefines.xcconfig:
3906
3907 2015-10-17  Keith Miller  <keith_miller@apple.com>
3908
3909         Add regression tests for TypedArray.prototype functions' error messages.
3910         https://bugs.webkit.org/show_bug.cgi?id=150288
3911
3912         Reviewed by Darin Adler.
3913
3914         Fix a typo in the text passed by TypedArrray.prototype.filter type error message.
3915         Add tests that check the actual error message text for all the TypeArray.prototype
3916         functions that throw.
3917
3918         * builtins/TypedArray.prototype.js:
3919         (filter):
3920         * tests/stress/typedarray-every.js:
3921         * tests/stress/typedarray-filter.js:
3922         * tests/stress/typedarray-find.js:
3923         * tests/stress/typedarray-findIndex.js:
3924         * tests/stress/typedarray-forEach.js:
3925         * tests/stress/typedarray-map.js:
3926         * tests/stress/typedarray-reduce.js:
3927         * tests/stress/typedarray-reduceRight.js:
3928         * tests/stress/typedarray-some.js:
3929
3930 2015-10-19  Tim Horton  <timothy_horton@apple.com>
3931
3932         Add magnify and rotate gesture event support for Mac
3933         https://bugs.webkit.org/show_bug.cgi?id=150179
3934         <rdar://problem/8036240>
3935
3936         Reviewed by Darin Adler.
3937
3938         * Configurations/FeatureDefines.xcconfig:
3939         New feature flag.
3940
3941 2015-10-19  Csaba Osztrogonác  <ossy@webkit.org>
3942
3943         Fix the ENABLE(WEBASSEMBLY) build after r190827
3944         https://bugs.webkit.org/show_bug.cgi?id=150330
3945
3946         Reviewed by Geoffrey Garen.
3947
3948         * bytecode/CodeBlock.cpp:
3949         (JSC::CodeBlock::CodeBlock): Removed the duplicated VM argument.
3950         * bytecode/CodeBlock.h:
3951         (JSC::WebAssemblyCodeBlock::create): Added new parameters to finishCreation() calls.
3952         (JSC::WebAssemblyCodeBlock::WebAssemblyCodeBlock): Change VM parameter to pointer to match *CodeBlock classes.
3953         * runtime/Executable.cpp:
3954        &nb