Rename InlineCallFrame:: getCallerSkippingDeadFrames to something more descriptive
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-03  Michael Saboff  <msaboff@apple.com>
2
3         Rename InlineCallFrame:: getCallerSkippingDeadFrames to something more descriptive
4         https://bugs.webkit.org/show_bug.cgi?id=150832
5
6         Reviewed by Geoffrey Garen.
7
8         Renamed InlineCallFrame::getCallerSkippingDeadFrames() to getCallerSkippingTailCalls().
9         Did similar renaming to helper InlineCallFrame::computeCallerSkippingTailCalls() and
10         InlineCallFrame::getCallerInlineFrameSkippingTailCalls().
11
12         * bytecode/InlineCallFrame.h:
13         (JSC::InlineCallFrame::computeCallerSkippingTailCalls):
14         (JSC::InlineCallFrame::getCallerSkippingTailCalls):
15         (JSC::InlineCallFrame::getCallerInlineFrameSkippingTailCalls):
16         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames): Deleted.
17         (JSC::InlineCallFrame::getCallerSkippingDeadFrames): Deleted.
18         (JSC::InlineCallFrame::getCallerInlineFrameSkippingDeadFrames): Deleted.
19         * dfg/DFGByteCodeParser.cpp:
20         (JSC::DFG::ByteCodeParser::allInlineFramesAreTailCalls):
21         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
22         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
23         * dfg/DFGGraph.cpp:
24         (JSC::DFG::Graph::isLiveInBytecode):
25         * dfg/DFGGraph.h:
26         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
27         * dfg/DFGOSRExitCompilerCommon.cpp:
28         (JSC::DFG::reifyInlinedCallFrames):
29         * dfg/DFGPreciseLocalClobberize.h:
30         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
31         * dfg/DFGSpeculativeJIT32_64.cpp:
32         (JSC::DFG::SpeculativeJIT::emitCall):
33         * dfg/DFGSpeculativeJIT64.cpp:
34         (JSC::DFG::SpeculativeJIT::emitCall):
35         * ftl/FTLLowerDFGToLLVM.cpp:
36         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
37         * interpreter/StackVisitor.cpp:
38         (JSC::StackVisitor::gotoNextFrame):
39
40 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
41
42         B3/Air should use bubble sort for their insertion sets, because it's faster than std::stable_sort
43         https://bugs.webkit.org/show_bug.cgi?id=150828
44
45         Reviewed by Geoffrey Garen.
46
47         Undo the 2% compile time regression caused by http://trac.webkit.org/changeset/191913.
48
49         * b3/B3InsertionSet.cpp:
50         (JSC::B3::InsertionSet::execute): Switch to bubble sort.
51         * b3/air/AirInsertionSet.cpp:
52         (JSC::B3::Air::InsertionSet::execute): Switch to bubble sort.
53         * dfg/DFGBlockInsertionSet.cpp:
54         (JSC::DFG::BlockInsertionSet::execute): Switch back to quicksort.
55
56 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
57
58         Unreviewed, partially revert r191952.
59
60         Removed GCC compiler workarounds (unreachable returns).
61
62         * b3/B3Type.h:
63         (JSC::B3::sizeofType):
64         * b3/air/AirArg.h:
65         (JSC::B3::Air::Arg::isUse):
66         (JSC::B3::Air::Arg::isDef):
67         (JSC::B3::Air::Arg::isGP):
68         (JSC::B3::Air::Arg::isFP):
69         (JSC::B3::Air::Arg::isType):
70         * b3/air/AirCode.h:
71         (JSC::B3::Air::Code::newTmp):
72         (JSC::B3::Air::Code::numTmps):
73
74 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
75
76         Fix the ENABLE(B3_JIT) build on Linux
77         https://bugs.webkit.org/show_bug.cgi?id=150794
78
79         Reviewed by Darin Adler.
80
81         * CMakeLists.txt:
82         * b3/B3HeapRange.h:
83         * b3/B3IndexSet.h:
84         (JSC::B3::IndexSet::Iterable::iterator::operator++):
85         * b3/B3Type.h:
86         (JSC::B3::sizeofType):
87         * b3/air/AirArg.cpp:
88         (JSC::B3::Air::Arg::dump):
89         * b3/air/AirArg.h:
90         (JSC::B3::Air::Arg::isUse):
91         (JSC::B3::Air::Arg::isDef):
92         (JSC::B3::Air::Arg::isGP):
93         (JSC::B3::Air::Arg::isFP):
94         (JSC::B3::Air::Arg::isType):
95         * b3/air/AirCode.h:
96         (JSC::B3::Air::Code::newTmp):
97         (JSC::B3::Air::Code::numTmps):
98         * b3/air/AirSpecial.cpp:
99
100 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
101
102         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
103         https://bugs.webkit.org/show_bug.cgi?id=150793
104
105         Reviewed by Darin Adler.
106
107         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
108         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
109         the ifdef in parseAssignmentExpression.
110         This prevents functionality of parsing arrow function syntax.
111
112         * parser/Lexer.cpp:
113         (JSC::Lexer<T>::lex):
114         * parser/Parser.cpp:
115         (JSC::Parser<LexerType>::parseInner): Deleted.
116         * parser/Parser.h:
117         (JSC::Parser::isArrowFunctionParamters): Deleted.
118         * parser/ParserTokens.h:
119
120 2015-11-02  Michael Saboff  <msaboff@apple.com>
121
122         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
123         https://bugs.webkit.org/show_bug.cgi?id=150745
124
125         Reviewed by Geoffrey Garen.
126
127         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
128         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
129         type of the true caller, that is the function we'll be returning to.
130
131         This can be found by remembering the last call type we find while walking up the inlined
132         frames in InlineCallFrame::getCallerSkippingDeadFrames().
133
134         We can also return directly back to a getter or setter callsite without using a thunk.
135
136         * bytecode/InlineCallFrame.h:
137         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
138         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
139         * dfg/DFGOSRExitCompilerCommon.cpp:
140         (JSC::DFG::reifyInlinedCallFrames):
141         * jit/JITPropertyAccess.cpp:
142         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
143         for reified inlined frames created during OSR exit. 
144         * jit/ThunkGenerators.cpp:
145         (JSC::baselineGetterReturnThunkGenerator): Deleted.
146         (JSC::baselineSetterReturnThunkGenerator): Deleted.
147         * jit/ThunkGenerators.h:
148
149 2015-11-02  Saam barati  <sbarati@apple.com>
150
151         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
152         https://bugs.webkit.org/show_bug.cgi?id=150760
153
154         Reviewed by Geoffrey Garen.
155
156         This is related to using PhantomLocal instead of Flush as 
157         the liveness preservation mechanism for live catch variables. 
158         I'm temporarily switching things back to Flush. This will be a
159         performance hit for try/catch in the DFG. Landing this patch,
160         though, will allow me to land try/catch in the FTL. It also
161         makes try/catch in the DFG sound. I have opened another
162         bug to further investigate using PhantomLocal as the
163         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
164
165         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
166         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
167         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
168         (assert):
169         (let.oThrow.get f):
170         (let.o2.get f):
171         (foo):
172         (f):
173
174 2015-11-02  Andy Estes  <aestes@apple.com>
175
176         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
177         https://bugs.webkit.org/show_bug.cgi?id=150819
178
179         Reviewed by Dan Bernstein.
180
181         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
182
183         * Configurations/Base.xcconfig:
184
185 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
186
187         [Win] MiniBrowser unable to use WebInspector
188         https://bugs.webkit.org/show_bug.cgi?id=150810
189         <rdar://problem/23358514>
190
191         Reviewed by Timothy Hatcher.
192
193         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
194         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
195         parsing error in the JS file.
196         
197         The solution was to switch from using "COMMAND echo" to use the more cross-platform
198         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
199         escaping properly on all platforms.
200
201         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
202
203 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
204
205         B3 should be able to compile a Patchpoint
206         https://bugs.webkit.org/show_bug.cgi?id=150750
207
208         Reviewed by Geoffrey Garen.
209
210         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
211         with a B3::PatchpointSpecial.
212
213         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
214         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
215         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
216         otherwise I would have had to write a lot of boilerplate.
217
218         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
219
220         There were a ton of indexing bugs in B3StackmapSpecial.
221
222         The spiller was broken in case the Def was not the last Arg, since it was adding things
223         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
224         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
225         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
226         order insertions as a rare case. I think that we don't really need to be so paranoid.
227         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
228         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
229         used sort, which is slightly wrong.
230
231         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
232
233         * b3/B3InsertionSet.cpp:
234         (JSC::B3::InsertionSet::execute):
235         * b3/B3LowerToAir.cpp:
236         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
237         (JSC::B3::Air::LowerToAir::appendStore):
238         (JSC::B3::Air::LowerToAir::moveForType):
239         (JSC::B3::Air::LowerToAir::append):
240         (JSC::B3::Air::LowerToAir::ensureSpecial):
241         (JSC::B3::Air::LowerToAir::tryStore):
242         (JSC::B3::Air::LowerToAir::tryStackSlot):
243         (JSC::B3::Air::LowerToAir::tryPatchpoint):
244         (JSC::B3::Air::LowerToAir::tryUpsilon):
245         * b3/B3LoweringMatcher.patterns:
246         * b3/B3PatchpointValue.h:
247         (JSC::B3::PatchpointValue::accepts): Deleted.
248         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
249         * b3/B3Stackmap.h:
250         (JSC::B3::Stackmap::constrain):
251         (JSC::B3::Stackmap::appendConstraint):
252         (JSC::B3::Stackmap::reps):
253         (JSC::B3::Stackmap::clobber):
254         * b3/B3StackmapSpecial.cpp:
255         (JSC::B3::StackmapSpecial::forEachArgImpl):
256         (JSC::B3::StackmapSpecial::isValidImpl):
257         * b3/B3Value.h:
258         * b3/B3ValueRep.h:
259         (JSC::B3::ValueRep::ValueRep):
260         (JSC::B3::ValueRep::reg):
261         (JSC::B3::ValueRep::operator bool):
262         (JSC::B3::ValueRep::isAny):
263         (JSC::B3::ValueRep::isSomeRegister):
264         (JSC::B3::ValueRep::isReg):
265         (JSC::B3::ValueRep::isGPR):
266         (JSC::B3::ValueRep::isFPR):
267         (JSC::B3::ValueRep::gpr):
268         (JSC::B3::ValueRep::fpr):
269         (JSC::B3::ValueRep::isStack):
270         (JSC::B3::ValueRep::offsetFromFP):
271         (JSC::B3::ValueRep::isStackArgument):
272         (JSC::B3::ValueRep::offsetFromSP):
273         (JSC::B3::ValueRep::isConstant):
274         (JSC::B3::ValueRep::value):
275         * b3/air/AirCode.cpp:
276         (JSC::B3::Air::Code::dump):
277         * b3/air/AirInsertionSet.cpp:
278         (JSC::B3::Air::InsertionSet::execute):
279         * b3/testb3.cpp:
280         (JSC::B3::testComplex):
281         (JSC::B3::testSimplePatchpoint):
282         (JSC::B3::run):
283         * dfg/DFGBlockInsertionSet.cpp:
284         (JSC::DFG::BlockInsertionSet::execute):
285
286 2015-11-02  Mark Lam  <mark.lam@apple.com>
287
288         Snippefy op_add for the baseline JIT.
289         https://bugs.webkit.org/show_bug.cgi?id=150129
290
291         Reviewed by Geoffrey Garen and Saam Barati.
292
293         Performance is neutral for both 32-bit and 64-bit on X86_64.
294
295         * CMakeLists.txt:
296         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
297         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
298         * JavaScriptCore.xcodeproj/project.pbxproj:
299         * jit/JIT.h:
300         (JSC::JIT::getOperandConstantInt):
301         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
302           because the snippet needs it.
303
304         * jit/JITAddGenerator.cpp: Added.
305         (JSC::JITAddGenerator::generateFastPath):
306         * jit/JITAddGenerator.h: Added.
307         (JSC::JITAddGenerator::JITAddGenerator):
308         (JSC::JITAddGenerator::endJumpList):
309         (JSC::JITAddGenerator::slowPathJumpList):
310         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
311           is a constant int32_t.  It does not implement an optimization for the case where
312           both operands are constant int32_t.  This is because:
313           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
314           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
315
316           Hence, such an optimization path (for 2 constant int32_t operands) would never
317           be taken, and is why we won't implement it.
318
319         * jit/JITArithmetic.cpp:
320         (JSC::JIT::compileBinaryArithOp):
321         (JSC::JIT::compileBinaryArithOpSlowCase):
322         - Removed op_add cases.  These are no longer used by the op_add emitters.
323
324         (JSC::JIT::emit_op_add):
325         (JSC::JIT::emitSlow_op_add):
326         - Moved out from the JSVALUE64 section to the common section, and reimplemented
327           using the snippet.
328
329         * jit/JITArithmetic32_64.cpp:
330         (JSC::JIT::emitBinaryDoubleOp):
331         (JSC::JIT::emit_op_add): Deleted.
332         (JSC::JIT::emitAdd32Constant): Deleted.
333         (JSC::JIT::emitSlow_op_add): Deleted.
334         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
335           and 64-bit implementations.
336
337         * jit/JITInlines.h:
338         (JSC::JIT::getOperandConstantInt):
339         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
340           because the snippet needs it.
341
342 2015-11-02  Brian Burg  <bburg@apple.com>
343
344         Run sort-Xcode-project-file for the JavaScriptCore project.
345
346         Unreviewed. Many things were out of order following recent B3 commits.
347
348         * JavaScriptCore.xcodeproj/project.pbxproj:
349
350 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
351
352         Rename op_put_getter_setter to op_put_getter_setter_by_id
353         https://bugs.webkit.org/show_bug.cgi?id=150773
354
355         Reviewed by Mark Lam.
356
357         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
358         the other ops' names like op_put_getter_by_id etc.
359
360         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
361
362         * JavaScriptCore.xcodeproj/project.pbxproj:
363         * bytecode/BytecodeList.json:
364         * bytecode/BytecodeUseDef.h:
365         (JSC::computeUsesForBytecodeOffset):
366         (JSC::computeDefsForBytecodeOffset):
367         * bytecode/CodeBlock.cpp:
368         (JSC::CodeBlock::dumpBytecode):
369         * bytecompiler/BytecodeGenerator.cpp:
370         (JSC::BytecodeGenerator::emitPutGetterSetter):
371         * dfg/DFGByteCodeParser.cpp:
372         (JSC::DFG::ByteCodeParser::parseBlock):
373         * dfg/DFGCapabilities.cpp:
374         (JSC::DFG::capabilityLevel):
375         * jit/JIT.cpp:
376         (JSC::JIT::privateCompileMainPass):
377         * jit/JIT.h:
378         * jit/JITPropertyAccess.cpp:
379         (JSC::JIT::emit_op_put_getter_setter_by_id):
380         (JSC::JIT::emit_op_put_getter_setter): Deleted.
381         * jit/JITPropertyAccess32_64.cpp:
382         (JSC::JIT::emit_op_put_getter_setter_by_id):
383         (JSC::JIT::emit_op_put_getter_setter): Deleted.
384         * llint/LLIntSlowPaths.cpp:
385         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
386         * llint/LLIntSlowPaths.h:
387         * llint/LowLevelInterpreter.asm:
388
389 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
390
391         Fix the FTL JIT build with system LLVM on Linux
392         https://bugs.webkit.org/show_bug.cgi?id=150795
393
394         Reviewed by Filip Pizlo.
395
396         * CMakeLists.txt:
397
398 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
399
400         [ES6] Support Generator Syntax
401         https://bugs.webkit.org/show_bug.cgi?id=150769
402
403         Reviewed by Geoffrey Garen.
404
405         This patch implements syntax part of ES6 Generators.
406
407         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
408         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
409         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
410         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
411
412         * Configurations/FeatureDefines.xcconfig:
413         * bytecompiler/NodesCodegen.cpp:
414         (JSC::YieldExprNode::emitBytecode):
415         * parser/ASTBuilder.h:
416         (JSC::ASTBuilder::createYield):
417         * parser/Keywords.table:
418         * parser/NodeConstructors.h:
419         (JSC::YieldExprNode::YieldExprNode):
420         * parser/Nodes.h:
421         * parser/Parser.cpp:
422         (JSC::Parser<LexerType>::Parser):
423         (JSC::Parser<LexerType>::parseInner):
424         (JSC::Parser<LexerType>::parseStatementListItem):
425         (JSC::Parser<LexerType>::parseVariableDeclarationList):
426         (JSC::Parser<LexerType>::parseDestructuringPattern):
427         (JSC::Parser<LexerType>::parseBreakStatement):
428         (JSC::Parser<LexerType>::parseContinueStatement):
429         (JSC::Parser<LexerType>::parseTryStatement):
430         (JSC::Parser<LexerType>::parseStatement):
431         (JSC::stringForFunctionMode):
432         (JSC::Parser<LexerType>::parseFunctionParameters):
433         (JSC::Parser<LexerType>::parseFunctionInfo):
434         (JSC::Parser<LexerType>::parseFunctionDeclaration):
435         (JSC::Parser<LexerType>::parseClass):
436         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
437         (JSC::Parser<LexerType>::parseExportDeclaration):
438         (JSC::Parser<LexerType>::parseAssignmentExpression):
439         (JSC::Parser<LexerType>::parseYieldExpression):
440         (JSC::Parser<LexerType>::parseProperty):
441         (JSC::Parser<LexerType>::parsePropertyMethod):
442         (JSC::Parser<LexerType>::parseGetterSetter):
443         (JSC::Parser<LexerType>::parseFunctionExpression):
444         (JSC::Parser<LexerType>::parsePrimaryExpression):
445         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
446         * parser/Parser.h:
447         (JSC::Scope::Scope):
448         (JSC::Scope::setSourceParseMode):
449         (JSC::Scope::isGenerator):
450         (JSC::Scope::setIsFunction):
451         (JSC::Scope::setIsGenerator):
452         (JSC::Scope::setIsModule):
453         (JSC::Parser::pushScope):
454         (JSC::Parser::isYIELDMaskedAsIDENT):
455         (JSC::Parser::matchSpecIdentifier):
456         (JSC::Parser::saveState):
457         (JSC::Parser::restoreState):
458         * parser/ParserModes.h:
459         (JSC::isFunctionParseMode):
460         (JSC::isModuleParseMode):
461         (JSC::isProgramParseMode):
462         * parser/ParserTokens.h:
463         * parser/SyntaxChecker.h:
464         (JSC::SyntaxChecker::createYield):
465         * tests/stress/generator-methods.js: Added.
466         (Hello.prototype.gen):
467         (Hello.gen):
468         (Hello):
469         (Hello.prototype.set get string_appeared_here):
470         (Hello.string_appeared_here):
471         (Hello.prototype.20):
472         (Hello.20):
473         (Hello.prototype.42):
474         (Hello.42):
475         (let.object.gen):
476         (let.object.set get string_appeared_here):
477         (let.object.20):
478         (let.object.42):
479         * tests/stress/generator-syntax.js: Added.
480         (testSyntax):
481         (testSyntaxError):
482         (testSyntaxError.Hello.prototype.get gen):
483         (testSyntaxError.Hello):
484         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
485         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
486         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
487         (testSyntaxError.value):
488         (testSyntaxError.gen.ng):
489         (testSyntaxError.gen):
490         (testSyntax.gen):
491         * tests/stress/yield-and-line-terminator.js: Added.
492         (testSyntax):
493         (testSyntaxError):
494         (testSyntax.gen):
495         (testSyntaxError.gen):
496         * tests/stress/yield-label-generator.js: Added.
497         (testSyntax):
498         (testSyntaxError):
499         (testSyntaxError.test):
500         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
501         * tests/stress/yield-label.js: Added.
502         (yield):
503         (testSyntaxError):
504         (testSyntaxError.test):
505         * tests/stress/yield-named-accessors-generator.js: Added.
506         (t1.let.object.get yield):
507         (t1.let.object.set yield):
508         (t1):
509         (t2.let.object.get yield):
510         (t2.let.object.set yield):
511         (t2):
512         * tests/stress/yield-named-accessors.js: Added.
513         (t1.let.object.get yield):
514         (t1.let.object.set yield):
515         (t1):
516         (t2.let.object.get yield):
517         (t2.let.object.set yield):
518         (t2):
519         * tests/stress/yield-named-variable-generator.js: Added.
520         (testSyntax):
521         (testSyntaxError):
522         (testSyntaxError.t1):
523         (testSyntaxError.t1.yield):
524         (testSyntax.t1.yield):
525         (testSyntax.t1):
526         * tests/stress/yield-named-variable.js: Added.
527         (testSyntax):
528         (testSyntaxError):
529         (testSyntax.t1):
530         (testSyntaxError.t1):
531         (testSyntax.t1.yield):
532         (testSyntaxError.t1.yield):
533         * tests/stress/yield-out-of-generator.js: Added.
534         (testSyntax):
535         (testSyntaxError):
536         (testSyntaxError.hello):
537         (testSyntaxError.gen.hello):
538         (testSyntaxError.gen):
539         (testSyntax.gen):
540         (testSyntax.gen.ok):
541         (testSyntaxError.gen.ok):
542
543 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
544
545         Dominators should be factored out of the DFG
546         https://bugs.webkit.org/show_bug.cgi?id=150764
547
548         Reviewed by Geoffrey Garen.
549
550         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
551         DFG:
552
553         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
554            future if we wanted to support inverted dominators, we could do it by just creating a
555            DFG::BackwardCFG.
556
557         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
558            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
559            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
560            the DFG.
561
562         * CMakeLists.txt:
563         * JavaScriptCore.xcodeproj/project.pbxproj:
564         * dfg/DFGAnalysis.h: Removed.
565         * dfg/DFGCFG.h: Added.
566         (JSC::DFG::CFG::CFG):
567         (JSC::DFG::CFG::root):
568         (JSC::DFG::CFG::newMap<T>):
569         (JSC::DFG::CFG::successors):
570         (JSC::DFG::CFG::predecessors):
571         (JSC::DFG::CFG::index):
572         (JSC::DFG::CFG::node):
573         (JSC::DFG::CFG::numNodes):
574         (JSC::DFG::CFG::dump):
575         * dfg/DFGCSEPhase.cpp:
576         * dfg/DFGDisassembler.cpp:
577         (JSC::DFG::Disassembler::createDumpList):
578         * dfg/DFGDominators.cpp: Removed.
579         * dfg/DFGDominators.h:
580         (JSC::DFG::Dominators::Dominators):
581         (JSC::DFG::Dominators::strictlyDominates): Deleted.
582         (JSC::DFG::Dominators::dominates): Deleted.
583         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
584         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
585         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
586         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
587         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
588         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
589         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
590         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
591         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
592         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
593         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
594         * dfg/DFGEdgeDominates.h:
595         (JSC::DFG::EdgeDominates::operator()):
596         * dfg/DFGGraph.cpp:
597         (JSC::DFG::Graph::Graph):
598         (JSC::DFG::Graph::dumpBlockHeader):
599         (JSC::DFG::Graph::invalidateCFG):
600         (JSC::DFG::Graph::substituteGetLocal):
601         (JSC::DFG::Graph::handleAssertionFailure):
602         (JSC::DFG::Graph::ensureDominators):
603         (JSC::DFG::Graph::ensurePrePostNumbering):
604         (JSC::DFG::Graph::ensureNaturalLoops):
605         (JSC::DFG::Graph::valueProfileFor):
606         * dfg/DFGGraph.h:
607         (JSC::DFG::Graph::hasDebuggerEnabled):
608         * dfg/DFGLICMPhase.cpp:
609         (JSC::DFG::LICMPhase::run):
610         (JSC::DFG::LICMPhase::attemptHoist):
611         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
612         (JSC::DFG::createPreHeader):
613         (JSC::DFG::LoopPreHeaderCreationPhase::run):
614         * dfg/DFGNaturalLoops.cpp:
615         (JSC::DFG::NaturalLoop::dump):
616         (JSC::DFG::NaturalLoops::NaturalLoops):
617         (JSC::DFG::NaturalLoops::~NaturalLoops):
618         (JSC::DFG::NaturalLoops::loopsOf):
619         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
620         (JSC::DFG::NaturalLoops::compute): Deleted.
621         * dfg/DFGNaturalLoops.h:
622         (JSC::DFG::NaturalLoops::numLoops):
623         * dfg/DFGNode.h:
624         (JSC::DFG::Node::SuccessorsIterable::end):
625         (JSC::DFG::Node::SuccessorsIterable::size):
626         (JSC::DFG::Node::SuccessorsIterable::at):
627         (JSC::DFG::Node::SuccessorsIterable::operator[]):
628         * dfg/DFGOSREntrypointCreationPhase.cpp:
629         (JSC::DFG::OSREntrypointCreationPhase::run):
630         * dfg/DFGObjectAllocationSinkingPhase.cpp:
631         * dfg/DFGPlan.cpp:
632         (JSC::DFG::Plan::compileInThreadImpl):
633         * dfg/DFGPrePostNumbering.cpp:
634         (JSC::DFG::PrePostNumbering::PrePostNumbering):
635         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
636         (JSC::DFG::PrePostNumbering::compute): Deleted.
637         * dfg/DFGPrePostNumbering.h:
638         (JSC::DFG::PrePostNumbering::preNumber):
639         (JSC::DFG::PrePostNumbering::postNumber):
640         * dfg/DFGPutStackSinkingPhase.cpp:
641         * dfg/DFGSSACalculator.cpp:
642         (JSC::DFG::SSACalculator::nonLocalReachingDef):
643         (JSC::DFG::SSACalculator::reachingDefAtTail):
644         * dfg/DFGSSACalculator.h:
645         (JSC::DFG::SSACalculator::computePhis):
646         * dfg/DFGSSAConversionPhase.cpp:
647         (JSC::DFG::SSAConversionPhase::run):
648         * ftl/FTLLink.cpp:
649         (JSC::FTL::link):
650         * ftl/FTLLowerDFGToLLVM.cpp:
651         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
652         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
653         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
654
655 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
656
657         B3::reduceStrength's DCE should be more agro and less wrong
658         https://bugs.webkit.org/show_bug.cgi?id=150748
659
660         Reviewed by Geoffrey Garen.
661
662         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
663         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
664         cycles. It was also probably slower than it needed to be, since it would eliminate all
665         never-referenced things on each fixpoint.
666
667         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
668         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
669         Upsilons, it's a fixpoint. It works fine in the end.
670
671         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
672         writing as a compile time benchmark. So, I include that test in this change. I also include
673         the small lowering extensions that it needed - shifting and zero extending.
674
675         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
676         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
677         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
678         close once we give B3 a register allocator, but still, that's pretty good news for our B3
679         strategy.
680
681         * JavaScriptCore.xcodeproj/project.pbxproj:
682         * assembler/MacroAssemblerX86_64.h:
683         (JSC::MacroAssemblerX86_64::lshift64):
684         (JSC::MacroAssemblerX86_64::rshift64):
685         * assembler/X86Assembler.h:
686         (JSC::X86Assembler::shlq_i8r):
687         (JSC::X86Assembler::shlq_CLr):
688         (JSC::X86Assembler::imull_rr):
689         * b3/B3BasicBlock.cpp:
690         (JSC::B3::BasicBlock::replacePredecessor):
691         (JSC::B3::BasicBlock::dump):
692         (JSC::B3::BasicBlock::removeNops): Deleted.
693         * b3/B3BasicBlock.h:
694         (JSC::B3::BasicBlock::frequency):
695         * b3/B3Common.cpp:
696         (JSC::B3::shouldSaveIRBeforePhase):
697         (JSC::B3::shouldMeasurePhaseTiming):
698         * b3/B3Common.h:
699         (JSC::B3::isRepresentableAsImpl):
700         * b3/B3Generate.cpp:
701         (JSC::B3::generate):
702         (JSC::B3::generateToAir):
703         * b3/B3LowerToAir.cpp:
704         (JSC::B3::Air::LowerToAir::tryAnd):
705         (JSC::B3::Air::LowerToAir::tryShl):
706         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
707         (JSC::B3::Air::LowerToAir::tryTrunc):
708         (JSC::B3::Air::LowerToAir::tryZExt32):
709         (JSC::B3::Air::LowerToAir::tryArgumentReg):
710         * b3/B3LoweringMatcher.patterns:
711         * b3/B3PhaseScope.cpp:
712         (JSC::B3::PhaseScope::PhaseScope):
713         * b3/B3PhaseScope.h:
714         * b3/B3ReduceStrength.cpp:
715         * b3/B3TimingScope.cpp: Added.
716         (JSC::B3::TimingScope::TimingScope):
717         (JSC::B3::TimingScope::~TimingScope):
718         * b3/B3TimingScope.h: Added.
719         * b3/B3Validate.cpp:
720         * b3/air/AirAllocateStack.cpp:
721         (JSC::B3::Air::allocateStack):
722         * b3/air/AirGenerate.cpp:
723         (JSC::B3::Air::generate):
724         * b3/air/AirInstInlines.h:
725         (JSC::B3::Air::ForEach<Arg>::forEach):
726         (JSC::B3::Air::Inst::forEach):
727         (JSC::B3::Air::isLshift32Valid):
728         (JSC::B3::Air::isLshift64Valid):
729         * b3/air/AirLiveness.h:
730         (JSC::B3::Air::Liveness::isAlive):
731         (JSC::B3::Air::Liveness::Liveness):
732         (JSC::B3::Air::Liveness::LocalCalc::execute):
733         * b3/air/AirOpcode.opcodes:
734         * b3/air/AirPhaseScope.cpp:
735         (JSC::B3::Air::PhaseScope::PhaseScope):
736         * b3/air/AirPhaseScope.h:
737         * b3/testb3.cpp:
738         (JSC::B3::testBranchEqualFoldPtr):
739         (JSC::B3::testComplex):
740         (JSC::B3::run):
741         * runtime/Options.h:
742
743 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
744
745         [ES6] Add support for toStringTag
746         https://bugs.webkit.org/show_bug.cgi?id=150696
747
748         Re-landing, as this wasn't the culprit.
749
750         * runtime/ArrayIteratorPrototype.cpp:
751         (JSC::ArrayIteratorPrototype::finishCreation):
752         * runtime/CommonIdentifiers.h:
753         * runtime/JSArrayBufferPrototype.cpp:
754         (JSC::JSArrayBufferPrototype::finishCreation):
755         (JSC::JSArrayBufferPrototype::create):
756         * runtime/JSDataViewPrototype.cpp:
757         (JSC::JSDataViewPrototype::create):
758         (JSC::JSDataViewPrototype::finishCreation):
759         (JSC::JSDataViewPrototype::createStructure):
760         * runtime/JSDataViewPrototype.h:
761         * runtime/JSModuleNamespaceObject.cpp:
762         (JSC::JSModuleNamespaceObject::finishCreation):
763         * runtime/JSONObject.cpp:
764         (JSC::JSONObject::finishCreation):
765         * runtime/JSPromisePrototype.cpp:
766         (JSC::JSPromisePrototype::finishCreation):
767         (JSC::JSPromisePrototype::getOwnPropertySlot):
768         * runtime/JSTypedArrayViewPrototype.cpp:
769         (JSC::typedArrayViewProtoFuncValues):
770         (JSC::typedArrayViewProtoGetterFuncToStringTag):
771         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
772         (JSC::JSTypedArrayViewPrototype::finishCreation):
773         * runtime/MapIteratorPrototype.cpp:
774         (JSC::MapIteratorPrototype::finishCreation):
775         (JSC::MapIteratorPrototypeFuncNext):
776         * runtime/MapPrototype.cpp:
777         (JSC::MapPrototype::finishCreation):
778         * runtime/MathObject.cpp:
779         (JSC::MathObject::finishCreation):
780         * runtime/ObjectPrototype.cpp:
781         (JSC::objectProtoFuncToString):
782         * runtime/SetIteratorPrototype.cpp:
783         (JSC::SetIteratorPrototype::finishCreation):
784         (JSC::SetIteratorPrototypeFuncNext):
785         * runtime/SetPrototype.cpp:
786         (JSC::SetPrototype::finishCreation):
787         * runtime/SmallStrings.cpp:
788         (JSC::SmallStrings::SmallStrings):
789         (JSC::SmallStrings::initializeCommonStrings):
790         (JSC::SmallStrings::visitStrongReferences):
791         * runtime/SmallStrings.h:
792         (JSC::SmallStrings::typeString):
793         (JSC::SmallStrings::objectStringStart):
794         (JSC::SmallStrings::nullObjectString):
795         (JSC::SmallStrings::undefinedObjectString):
796         * runtime/StringIteratorPrototype.cpp:
797         (JSC::StringIteratorPrototype::finishCreation):
798         * runtime/SymbolPrototype.cpp:
799         (JSC::SymbolPrototype::finishCreation):
800         * runtime/WeakMapPrototype.cpp:
801         (JSC::WeakMapPrototype::finishCreation):
802         (JSC::getWeakMapData):
803         * runtime/WeakSetPrototype.cpp:
804         (JSC::WeakSetPrototype::finishCreation):
805         (JSC::getWeakMapData):
806         * tests/es6.yaml:
807         * tests/modules/namespace.js:
808         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
809
810 2015-11-01  Commit Queue  <commit-queue@webkit.org>
811
812         Unreviewed, rolling out r191815 and r191821.
813         https://bugs.webkit.org/show_bug.cgi?id=150781
814
815         Seems to have broken JSC API tests on some platforms
816         (Requested by ap on #webkit).
817
818         Reverted changesets:
819
820         "[ES6] Add support for toStringTag"
821         https://bugs.webkit.org/show_bug.cgi?id=150696
822         http://trac.webkit.org/changeset/191815
823
824         "Unreviewed, forgot to mark tests as passing for new feature."
825         http://trac.webkit.org/changeset/191821
826
827 2015-11-01  Commit Queue  <commit-queue@webkit.org>
828
829         Unreviewed, rolling out r191858.
830         https://bugs.webkit.org/show_bug.cgi?id=150780
831
832         Broke the build (Requested by ap on #webkit).
833
834         Reverted changeset:
835
836         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
837         https://bugs.webkit.org/show_bug.cgi?id=150773
838         http://trac.webkit.org/changeset/191858
839
840 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
841
842         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
843
844         * b3/B3LowerToAir.cpp:
845         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
846
847 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
848
849         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
850
851         * b3/B3LowerToAir.cpp:
852         (JSC::B3::Air::LowerToAir::tryTrunc):
853
854 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
855
856         Rename op_put_getter_setter to op_put_getter_setter_by_id
857         https://bugs.webkit.org/show_bug.cgi?id=150773
858
859         Reviewed by Mark Lam.
860
861         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
862         the other ops' names like op_put_getter_by_id etc.
863
864         * bytecode/BytecodeList.json:
865         * bytecode/BytecodeUseDef.h:
866         (JSC::computeUsesForBytecodeOffset):
867         (JSC::computeDefsForBytecodeOffset):
868         * bytecode/CodeBlock.cpp:
869         (JSC::CodeBlock::dumpBytecode):
870         * bytecompiler/BytecodeGenerator.cpp:
871         (JSC::BytecodeGenerator::emitPutGetterSetter):
872         * dfg/DFGByteCodeParser.cpp:
873         (JSC::DFG::ByteCodeParser::parseBlock):
874         * dfg/DFGCapabilities.cpp:
875         (JSC::DFG::capabilityLevel):
876         * jit/JIT.cpp:
877         (JSC::JIT::privateCompileMainPass):
878         * jit/JIT.h:
879         * jit/JITPropertyAccess.cpp:
880         (JSC::JIT::emit_op_put_getter_setter_by_id):
881         (JSC::JIT::emit_op_put_getter_setter): Deleted.
882         * jit/JITPropertyAccess32_64.cpp:
883         (JSC::JIT::emit_op_put_getter_setter_by_id):
884         (JSC::JIT::emit_op_put_getter_setter): Deleted.
885         * llint/LLIntSlowPaths.cpp:
886         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
887         * llint/LLIntSlowPaths.h:
888         * llint/LowLevelInterpreter.asm:
889
890 2015-10-31  Andreas Kling  <akling@apple.com>
891
892         Add a debug overlay with information about web process resource usage.
893         <https://webkit.org/b/150599>
894
895         Reviewed by Darin Adler.
896
897         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
898         WeakBlock objects, keeping them in a single location that can be sampled by the
899         resource usage overlay thread.
900
901         The bulk of these changes is threading a Heap& through from sites where blocks are
902         allocated or freed.
903
904         * heap/CopiedBlock.cpp:
905         (JSC::CopiedBlock::createNoZeroFill):
906         (JSC::CopiedBlock::destroy):
907         (JSC::CopiedBlock::create):
908         * heap/CopiedBlock.h:
909         * heap/CopiedSpace.cpp:
910         (JSC::CopiedSpace::~CopiedSpace):
911         (JSC::CopiedSpace::tryAllocateOversize):
912         (JSC::CopiedSpace::tryReallocateOversize):
913         * heap/CopiedSpaceInlines.h:
914         (JSC::CopiedSpace::recycleEvacuatedBlock):
915         (JSC::CopiedSpace::recycleBorrowedBlock):
916         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
917         (JSC::CopiedSpace::allocateBlock):
918         (JSC::CopiedSpace::startedCopying):
919         * heap/Heap.cpp:
920         (JSC::Heap::~Heap):
921         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
922         * heap/Heap.h:
923         (JSC::Heap::blockBytesAllocated):
924         * heap/HeapInlines.h:
925         (JSC::Heap::didAllocateBlock):
926         (JSC::Heap::didFreeBlock):
927         * heap/MarkedAllocator.cpp:
928         (JSC::MarkedAllocator::allocateBlock):
929         * heap/MarkedBlock.cpp:
930         (JSC::MarkedBlock::create):
931         (JSC::MarkedBlock::destroy):
932         * heap/MarkedBlock.h:
933         * heap/MarkedSpace.cpp:
934         (JSC::MarkedSpace::freeBlock):
935         * heap/WeakBlock.cpp:
936         (JSC::WeakBlock::create):
937         (JSC::WeakBlock::destroy):
938         * heap/WeakBlock.h:
939         * heap/WeakSet.cpp:
940         (JSC::WeakSet::~WeakSet):
941         (JSC::WeakSet::addAllocator):
942         (JSC::WeakSet::removeAllocator):
943
944 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
945
946         Air should eliminate dead code
947         https://bugs.webkit.org/show_bug.cgi?id=150746
948
949         Reviewed by Geoffrey Garen.
950
951         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
952         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
953         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
954         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
955         runs these rules to fixpoint, and then removes the dead instructions.
956
957         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
958         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
959         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
960         checks are all Specials, and the Special base class by default always claims that the
961         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
962         exotic math constructs; then the Special associated with that thing would claim that there
963         are no effects.
964
965         * JavaScriptCore.xcodeproj/project.pbxproj:
966         * b3/air/AirBasicBlock.h:
967         (JSC::B3::Air::BasicBlock::begin):
968         (JSC::B3::Air::BasicBlock::end):
969         (JSC::B3::Air::BasicBlock::at):
970         (JSC::B3::Air::BasicBlock::last):
971         (JSC::B3::Air::BasicBlock::resize):
972         (JSC::B3::Air::BasicBlock::appendInst):
973         * b3/air/AirEliminateDeadCode.cpp: Added.
974         (JSC::B3::Air::eliminateDeadCode):
975         * b3/air/AirEliminateDeadCode.h: Added.
976         * b3/air/AirGenerate.cpp:
977         (JSC::B3::Air::generate):
978         * b3/air/AirInst.h:
979         * b3/air/AirOpcode.opcodes:
980         * b3/air/AirSpecial.cpp:
981         (JSC::B3::Air::Special::name):
982         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
983         (JSC::B3::Air::Special::dump):
984         * b3/air/AirSpecial.h:
985         * b3/air/opcode_generator.rb:
986
987 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
988
989         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
990         https://bugs.webkit.org/show_bug.cgi?id=150511
991
992         Reviewed by Saam Barati.
993
994         This change adds such a phase. In the process of writing it, I was reminded about the
995         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
996
997         * JavaScriptCore.xcodeproj/project.pbxproj:
998         * b3/air/AirAllocateStack.cpp:
999         (JSC::B3::Air::allocateStack):
1000         * b3/air/AirGenerate.cpp:
1001         (JSC::B3::Air::generate):
1002         * b3/air/AirReportUsedRegisters.cpp: Added.
1003         (JSC::B3::Air::reportUsedRegisters):
1004         * b3/air/AirReportUsedRegisters.h: Added.
1005
1006 2015-10-31  Brian Burg  <bburg@apple.com>
1007
1008         Builtins generator should put WebCore-only wrappers in the per-builtin header
1009         https://bugs.webkit.org/show_bug.cgi?id=150539
1010
1011         Reviewed by Youenn Fablet.
1012
1013         If generating for WebCore, put the XXXWrapper and related boilerplate
1014         in the per-builtin header instead of making a separate XXXWrapper.h.
1015
1016         Rebaseline the tests.
1017
1018         * CMakeLists.txt:
1019         * DerivedSources.make:
1020         * Scripts/builtins/builtins.py:
1021         * Scripts/builtins/builtins_generate_separate_header.py:
1022         (BuiltinsSeparateHeaderGenerator.generate_output):
1023         (generate_header_includes):
1024         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
1025         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
1026         * Scripts/generate-js-builtins.py:
1027         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
1028         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
1029         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
1030         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
1031
1032 2015-10-31  Saam barati  <sbarati@apple.com>
1033
1034         JSC should have a forceGCSlowPaths option
1035         https://bugs.webkit.org/show_bug.cgi?id=150744
1036
1037         Reviewed by Filip Pizlo.
1038
1039         This patch implements the forceGCSlowPaths option.
1040         It defaults to false, but when it is set to true,
1041         the JITs will always allocate objects along the slow
1042         path. This will be helpful for writing a certain class
1043         of tests. This may also come in handy for debugging
1044         later.
1045
1046         This patch also adds the "forceGCSlowPaths" function
1047         in jsc.cpp which sets the option to true. If you
1048         use this function in a jsc stress test, it's best
1049         to call it as the first thing in the program before
1050         we JIT anything.
1051
1052         * dfg/DFGSpeculativeJIT.h:
1053         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
1054         * ftl/FTLLowerDFGToLLVM.cpp:
1055         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
1056         * jit/JITInlines.h:
1057         (JSC::JIT::emitAllocateJSObject):
1058         * jsc.cpp:
1059         (GlobalObject::finishCreation):
1060         (functionEdenGC):
1061         (functionForceGCSlowPaths):
1062         (functionHeapSize):
1063         * runtime/Options.h:
1064
1065 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
1066
1067         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
1068         https://bugs.webkit.org/show_bug.cgi?id=150753
1069
1070         Reviewed by Timothy Hatcher.
1071
1072         * parser/Parser.h:
1073         (JSC::Parser<LexerType>::parse):
1074         Only set the directives on the SourceProvider if we were parsing the
1075         entire file (Program or Module), not if we are in function parsing mode.
1076         This was inadvertently clearing the directives stored on the
1077         SourceProvider when the function parse didn't see directives and reset
1078         the values on the source provider.
1079
1080 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1081
1082         [JSC] Add lowering for B3's Sub operation with integers
1083         https://bugs.webkit.org/show_bug.cgi?id=150749
1084
1085         Reviewed by Filip Pizlo.
1086
1087         * b3/B3LowerToAir.cpp:
1088         (JSC::B3::Air::LowerToAir::trySub):
1089         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
1090         * b3/B3LoweringMatcher.patterns:
1091         Identical to Add but obviously NotCommutative.
1092
1093         * b3/B3ReduceStrength.cpp:
1094         Turn Add/Sub with zero into an identity. I only added for
1095         Add since Sub with a constant is always turned into an Add.
1096
1097         Also switched the Sub optimizations to put the strongest first.
1098
1099         * b3/air/AirOpcode.opcodes:
1100         * b3/testb3.cpp:
1101         (JSC::B3::testAddArgImm):
1102         (JSC::B3::testAddImmArg):
1103         (JSC::B3::testSubArgs):
1104         (JSC::B3::testSubArgImm):
1105         (JSC::B3::testSubImmArg):
1106         (JSC::B3::testSubArgs32):
1107         (JSC::B3::testSubArgImm32):
1108         (JSC::B3::testSubImmArg32):
1109         (JSC::B3::testStoreSubLoad):
1110         (JSC::B3::run):
1111
1112 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1113
1114         [JSC] Add the Air Opcode definitions to the Xcode project file
1115         https://bugs.webkit.org/show_bug.cgi?id=150701
1116
1117         Reviewed by Geoffrey Garen.
1118
1119         * JavaScriptCore.xcodeproj/project.pbxproj:
1120         Easier for those who use Xcode :)
1121
1122 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1123
1124         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
1125
1126         * b3/B3ValueRep.h:
1127
1128 2015-10-30  Michael Saboff  <msaboff@apple.com>
1129
1130         Windows X86-64 change for Crash making a tail call from a getter to a host function
1131         https://bugs.webkit.org/show_bug.cgi?id=150737
1132
1133         Reviewed by Geoffrey Garen.
1134
1135         Need to make the same change for Windows X86-64 as was made in change set
1136         http://trac.webkit.org/changeset/191765.
1137
1138         * jit/JITStubsMSVC64.asm:
1139
1140 2015-10-30  Keith Miller  <keith_miller@apple.com>
1141
1142         Unreviewed, forgot to mark tests as passing for new feature.
1143
1144         * tests/es6.yaml:
1145
1146 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1147
1148         B3 should be able to compile a control flow diamond
1149         https://bugs.webkit.org/show_bug.cgi?id=150720
1150
1151         Reviewed by Benjamin Poulain.
1152
1153         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
1154         comparisons and boolean-like operations.
1155
1156         * assembler/MacroAssembler.cpp:
1157         (WTF::printInternal):
1158         * assembler/MacroAssembler.h:
1159         * b3/B3BasicBlockUtils.h:
1160         (JSC::B3::replacePredecessor):
1161         (JSC::B3::resetReachability):
1162         * b3/B3CheckValue.h:
1163         * b3/B3Common.h:
1164         (JSC::B3::isRepresentableAsImpl):
1165         (JSC::B3::isRepresentableAs):
1166         * b3/B3Const32Value.cpp:
1167         (JSC::B3::Const32Value::subConstant):
1168         (JSC::B3::Const32Value::equalConstant):
1169         (JSC::B3::Const32Value::notEqualConstant):
1170         (JSC::B3::Const32Value::dumpMeta):
1171         * b3/B3Const32Value.h:
1172         * b3/B3Const64Value.cpp:
1173         (JSC::B3::Const64Value::subConstant):
1174         (JSC::B3::Const64Value::equalConstant):
1175         (JSC::B3::Const64Value::notEqualConstant):
1176         (JSC::B3::Const64Value::dumpMeta):
1177         * b3/B3Const64Value.h:
1178         * b3/B3ConstDoubleValue.cpp:
1179         (JSC::B3::ConstDoubleValue::subConstant):
1180         (JSC::B3::ConstDoubleValue::equalConstant):
1181         (JSC::B3::ConstDoubleValue::notEqualConstant):
1182         (JSC::B3::ConstDoubleValue::dumpMeta):
1183         * b3/B3ConstDoubleValue.h:
1184         * b3/B3ControlValue.cpp:
1185         (JSC::B3::ControlValue::~ControlValue):
1186         (JSC::B3::ControlValue::convertToJump):
1187         (JSC::B3::ControlValue::dumpMeta):
1188         * b3/B3ControlValue.h:
1189         * b3/B3LowerToAir.cpp:
1190         (JSC::B3::Air::LowerToAir::imm):
1191         (JSC::B3::Air::LowerToAir::tryStackSlot):
1192         (JSC::B3::Air::LowerToAir::tryUpsilon):
1193         (JSC::B3::Air::LowerToAir::tryPhi):
1194         (JSC::B3::Air::LowerToAir::tryBranch):
1195         (JSC::B3::Air::LowerToAir::tryJump):
1196         (JSC::B3::Air::LowerToAir::tryIdentity):
1197         * b3/B3LoweringMatcher.patterns:
1198         * b3/B3Opcode.h:
1199         * b3/B3Procedure.cpp:
1200         (JSC::B3::Procedure::resetReachability):
1201         (JSC::B3::Procedure::dump):
1202         * b3/B3ReduceStrength.cpp:
1203         * b3/B3UpsilonValue.cpp:
1204         (JSC::B3::UpsilonValue::dumpMeta):
1205         * b3/B3UpsilonValue.h:
1206         (JSC::B3::UpsilonValue::accepts): Deleted.
1207         (JSC::B3::UpsilonValue::phi): Deleted.
1208         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
1209         * b3/B3Validate.cpp:
1210         * b3/B3Value.cpp:
1211         (JSC::B3::Value::subConstant):
1212         (JSC::B3::Value::equalConstant):
1213         (JSC::B3::Value::notEqualConstant):
1214         (JSC::B3::Value::returnsBool):
1215         (JSC::B3::Value::asTriState):
1216         (JSC::B3::Value::effects):
1217         * b3/B3Value.h:
1218         * b3/B3ValueInlines.h:
1219         (JSC::B3::Value::asInt32):
1220         (JSC::B3::Value::isInt32):
1221         (JSC::B3::Value::hasInt64):
1222         (JSC::B3::Value::asInt64):
1223         (JSC::B3::Value::isInt64):
1224         (JSC::B3::Value::hasInt):
1225         (JSC::B3::Value::asIntPtr):
1226         (JSC::B3::Value::isIntPtr):
1227         (JSC::B3::Value::hasDouble):
1228         (JSC::B3::Value::asDouble):
1229         (JSC::B3::Value::isEqualToDouble):
1230         (JSC::B3::Value::hasNumber):
1231         (JSC::B3::Value::representableAs):
1232         (JSC::B3::Value::asNumber):
1233         (JSC::B3::Value::stackmap):
1234         * b3/air/AirArg.cpp:
1235         (JSC::B3::Air::Arg::dump):
1236         * b3/air/AirArg.h:
1237         (JSC::B3::Air::Arg::resCond):
1238         (JSC::B3::Air::Arg::doubleCond):
1239         (JSC::B3::Air::Arg::special):
1240         (JSC::B3::Air::Arg::isResCond):
1241         (JSC::B3::Air::Arg::isDoubleCond):
1242         (JSC::B3::Air::Arg::isSpecial):
1243         (JSC::B3::Air::Arg::isGP):
1244         (JSC::B3::Air::Arg::isFP):
1245         (JSC::B3::Air::Arg::asResultCondition):
1246         (JSC::B3::Air::Arg::asDoubleCondition):
1247         (JSC::B3::Air::Arg::Arg):
1248         * b3/air/AirCode.cpp:
1249         (JSC::B3::Air::Code::resetReachability):
1250         (JSC::B3::Air::Code::dump):
1251         * b3/air/AirOpcode.opcodes:
1252         * b3/air/opcode_generator.rb:
1253         * b3/testb3.cpp:
1254         (hiddenTruthBecauseNoReturnIsStupid):
1255         (usage):
1256         (JSC::B3::compile):
1257         (JSC::B3::invoke):
1258         (JSC::B3::compileAndRun):
1259         (JSC::B3::test42):
1260         (JSC::B3::testStoreLoadStackSlot):
1261         (JSC::B3::testBranch):
1262         (JSC::B3::testDiamond):
1263         (JSC::B3::testBranchNotEqual):
1264         (JSC::B3::testBranchFold):
1265         (JSC::B3::testDiamondFold):
1266         (JSC::B3::run):
1267         (run):
1268         (main):
1269
1270 2015-10-30  Keith Miller  <keith_miller@apple.com>
1271
1272         [ES6] Add support for toStringTag
1273         https://bugs.webkit.org/show_bug.cgi?id=150696
1274
1275         Reviewed by Geoffrey Garen.
1276
1277         This patch adds support for Symbol.toStringTag. This is a simple
1278         feature, if an object passed to Object.prototype.toString() has a
1279         toStringTag we use the tag in the string rather than the class info.
1280         Added a test that checks this works for all the default supported classes
1281         along with the corresponding prototype and custom cases.
1282
1283         * runtime/ArrayIteratorPrototype.cpp:
1284         (JSC::ArrayIteratorPrototype::finishCreation):
1285         * runtime/CommonIdentifiers.h:
1286         * runtime/JSArrayBufferPrototype.cpp:
1287         (JSC::JSArrayBufferPrototype::finishCreation):
1288         * runtime/JSDataViewPrototype.cpp:
1289         (JSC::JSDataViewPrototype::finishCreation):
1290         * runtime/JSDataViewPrototype.h:
1291         * runtime/JSModuleNamespaceObject.cpp:
1292         (JSC::JSModuleNamespaceObject::finishCreation):
1293         * runtime/JSONObject.cpp:
1294         (JSC::JSONObject::finishCreation):
1295         * runtime/JSPromisePrototype.cpp:
1296         (JSC::JSPromisePrototype::finishCreation):
1297         * runtime/JSTypedArrayViewPrototype.cpp:
1298         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1299         (JSC::JSTypedArrayViewPrototype::finishCreation):
1300         * runtime/MapIteratorPrototype.cpp:
1301         (JSC::MapIteratorPrototype::finishCreation):
1302         * runtime/MapPrototype.cpp:
1303         (JSC::MapPrototype::finishCreation):
1304         * runtime/MathObject.cpp:
1305         (JSC::MathObject::finishCreation):
1306         * runtime/ObjectPrototype.cpp:
1307         (JSC::objectProtoFuncToString):
1308         * runtime/SetIteratorPrototype.cpp:
1309         (JSC::SetIteratorPrototype::finishCreation):
1310         * runtime/SetPrototype.cpp:
1311         (JSC::SetPrototype::finishCreation):
1312         * runtime/SmallStrings.cpp:
1313         (JSC::SmallStrings::SmallStrings):
1314         (JSC::SmallStrings::initializeCommonStrings):
1315         (JSC::SmallStrings::visitStrongReferences):
1316         * runtime/SmallStrings.h:
1317         (JSC::SmallStrings::objectStringStart):
1318         * runtime/StringIteratorPrototype.cpp:
1319         (JSC::StringIteratorPrototype::finishCreation):
1320         * runtime/SymbolPrototype.cpp:
1321         (JSC::SymbolPrototype::finishCreation):
1322         * runtime/WeakMapPrototype.cpp:
1323         (JSC::WeakMapPrototype::finishCreation):
1324         * runtime/WeakSetPrototype.cpp:
1325         (JSC::WeakSetPrototype::finishCreation):
1326         * tests/modules/namespace.js:
1327         * tests/stress/symbol-tostringtag.js: Added.
1328         (toStr):
1329         (strName):
1330         (classes.string_appeared_here):
1331
1332 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1333
1334         Web Inspector: Do not show JavaScriptCore builtins in inspector
1335         https://bugs.webkit.org/show_bug.cgi?id=146049
1336
1337         Reviewed by Geoffrey Garen.
1338
1339         * debugger/Debugger.cpp:
1340         When gathering scripts to notify the inspector / debuggers about
1341         skip over sources containing host / built-in functions as those
1342         for those won't contain source code developers expect to see.
1343
1344 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1345
1346         Fix typo in "use strict" in TypedArray builtins
1347         https://bugs.webkit.org/show_bug.cgi?id=150709
1348
1349         Reviewed by Geoffrey Garen.
1350
1351         * builtins/TypedArray.prototype.js:
1352         (toLocaleString):
1353
1354 2015-10-29  Philippe Normand  <pnormand@igalia.com>
1355
1356         [GTK][Mac] disable OBJC JSC API
1357         https://bugs.webkit.org/show_bug.cgi?id=150500
1358
1359         Reviewed by Alex Christensen.
1360
1361         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
1362
1363 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1364
1365         Air::handleCalleeSaves shouldn't save/restore the frame pointer
1366         https://bugs.webkit.org/show_bug.cgi?id=150688
1367
1368         Reviewed by Michael Saboff.
1369
1370         We save/restore the FP inside Air::generate().
1371
1372         * b3/air/AirHandleCalleeSaves.cpp:
1373         (JSC::B3::Air::handleCalleeSaves):
1374
1375 2015-10-29  Michael Saboff  <msaboff@apple.com>
1376
1377         Crash making a tail call from a getter to a host function
1378         https://bugs.webkit.org/show_bug.cgi?id=150663
1379
1380         Reviewed by Geoffrey Garen.
1381
1382         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
1383         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
1384
1385         * jit/JITOperations.cpp:
1386
1387 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1388
1389         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
1390         https://bugs.webkit.org/show_bug.cgi?id=150685
1391
1392         Reviewed by Geoffrey Garen.
1393
1394         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
1395         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
1396         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
1397         requires fewer bits.
1398
1399         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
1400         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
1401         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
1402         helper should happily accept either Const32Value or Const64Value.
1403
1404         We already sort of had this with immAnyType(), but it just turns out that anyone using
1405         immAnyType() should really be using imm().
1406
1407         * b3/B3LowerToAir.cpp:
1408         (JSC::B3::Air::LowerToAir::imm):
1409         (JSC::B3::Air::LowerToAir::tryStore):
1410         (JSC::B3::Air::LowerToAir::tryConst64):
1411         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
1412         * b3/testb3.cpp:
1413         (JSC::B3::testAdd1):
1414         (JSC::B3::testAdd1Ptr):
1415         (JSC::B3::testStoreAddLoad):
1416         (JSC::B3::run):
1417
1418 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1419
1420         StoreOpLoad pattern matching should check effects between the Store and Load
1421         https://bugs.webkit.org/show_bug.cgi?id=150534
1422
1423         Reviewed by Geoffrey Garen.
1424
1425         If we turn:
1426
1427             a = Load(addr)
1428             b = Add(a, 42)
1429             Store(b, addr)
1430
1431         Into:
1432
1433             Add $42, (addr)
1434
1435         Then we must make sure that we didn't really have this to begin with:
1436
1437             a = Load(addr)
1438             Store(666, addr)
1439             b = Add(a, 42)
1440             Store(b, addr)
1441
1442         That's because pattern matching doesn't care about control flow, and it finds the Load
1443         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
1444         enough to broadly ask questions about whether such a code motion of the Load is legal.
1445
1446         * b3/B3Effects.cpp:
1447         (JSC::B3::Effects::interferes):
1448         (JSC::B3::Effects::dump):
1449         * b3/B3Effects.h:
1450         (JSC::B3::Effects::mustExecute):
1451         * b3/B3LowerToAir.cpp:
1452         (JSC::B3::Air::LowerToAir::run):
1453         (JSC::B3::Air::LowerToAir::commitInternal):
1454         (JSC::B3::Air::LowerToAir::crossesInterference):
1455         (JSC::B3::Air::LowerToAir::effectiveAddr):
1456         (JSC::B3::Air::LowerToAir::loadAddr):
1457         * b3/B3Procedure.cpp:
1458         (JSC::B3::Procedure::addBlock):
1459         (JSC::B3::Procedure::resetValueOwners):
1460         (JSC::B3::Procedure::resetReachability):
1461         * b3/B3Procedure.h:
1462         * b3/B3Value.cpp:
1463         (JSC::B3::Value::effects):
1464         * b3/B3Value.h:
1465         * b3/testb3.cpp:
1466         (JSC::B3::testStoreAddLoad):
1467         (JSC::B3::testStoreAddLoadInterference):
1468         (JSC::B3::testStoreAddAndLoad):
1469         (JSC::B3::testLoadOffsetUsingAdd):
1470         (JSC::B3::testLoadOffsetUsingAddInterference):
1471         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1472         (JSC::B3::run):
1473
1474 2015-10-29  Brady Eidson  <beidson@apple.com>
1475
1476         Modern IDB: deleteObjectStore support.
1477         https://bugs.webkit.org/show_bug.cgi?id=150673
1478
1479         Reviewed by Alex Christensen.
1480
1481         * runtime/VM.h:
1482
1483 2015-10-29  Mark Lam  <mark.lam@apple.com>
1484
1485         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
1486         https://bugs.webkit.org/show_bug.cgi?id=150687
1487
1488         Unreviewed.
1489
1490         Disabling the feature while it is being debugged.  I'm doing this by effectively
1491         rolling out only the changes in FTLCapabilities.cpp.
1492
1493         * ftl/FTLCapabilities.cpp:
1494         (JSC::FTL::canCompile):
1495
1496 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1497
1498         Unreviewed, fix iOS build.
1499
1500         * assembler/MacroAssemblerARM64.h:
1501         (JSC::MacroAssemblerARM64::store64):
1502
1503 2015-10-29  Alex Christensen  <achristensen@webkit.org>
1504
1505         Fix Mac CMake build
1506         https://bugs.webkit.org/show_bug.cgi?id=150686
1507
1508         Reviewed by Filip Pizlo.
1509
1510         * API/ObjCCallbackFunction.mm:
1511         * CMakeLists.txt:
1512         * PlatformMac.cmake:
1513
1514 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1515
1516         Air needs syntax for escaping StackSlots
1517         https://bugs.webkit.org/show_bug.cgi?id=150430
1518
1519         Reviewed by Geoffrey Garen.
1520
1521         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
1522         instruction for getting the value of an address. This is necessary to support arbitrary
1523         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
1524         this new instruction.
1525
1526         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
1527         would do: it evaluates an address, but does not load from it or store to it.
1528
1529         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
1530         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
1531         that StackSlots may escape, and factors this into its analysis.
1532
1533         * assembler/MacroAssembler.h:
1534         (JSC::MacroAssembler::lea):
1535         * b3/B3AddressMatcher.patterns:
1536         * b3/B3LowerToAir.cpp:
1537         (JSC::B3::Air::LowerToAir::run):
1538         (JSC::B3::Air::LowerToAir::addr):
1539         (JSC::B3::Air::LowerToAir::loadAddr):
1540         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1541         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
1542         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
1543         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1544         (JSC::B3::Air::LowerToAir::tryConst64):
1545         (JSC::B3::Air::LowerToAir::tryFramePointer):
1546         (JSC::B3::Air::LowerToAir::tryStackSlot):
1547         (JSC::B3::Air::LowerToAir::tryIdentity):
1548         * b3/B3LoweringMatcher.patterns:
1549         * b3/B3MemoryValue.cpp:
1550         (JSC::B3::MemoryValue::~MemoryValue):
1551         (JSC::B3::MemoryValue::accessByteSize):
1552         (JSC::B3::MemoryValue::dumpMeta):
1553         * b3/B3MemoryValue.h:
1554         * b3/B3ReduceStrength.cpp:
1555         * b3/B3StackSlotValue.h:
1556         (JSC::B3::StackSlotValue::accepts): Deleted.
1557         * b3/B3Type.h:
1558         (JSC::B3::pointerType):
1559         (JSC::B3::sizeofType):
1560         * b3/B3Validate.cpp:
1561         * b3/B3Value.h:
1562         * b3/air/AirAllocateStack.cpp:
1563         (JSC::B3::Air::allocateStack):
1564         * b3/air/AirArg.h:
1565         (JSC::B3::Air::Arg::isUse):
1566         (JSC::B3::Air::Arg::isDef):
1567         (JSC::B3::Air::Arg::forEachTmp):
1568         * b3/air/AirCode.cpp:
1569         (JSC::B3::Air::Code::addStackSlot):
1570         (JSC::B3::Air::Code::addSpecial):
1571         * b3/air/AirCode.h:
1572         * b3/air/AirOpcode.opcodes:
1573         * b3/air/AirSpillEverything.cpp:
1574         (JSC::B3::Air::spillEverything):
1575         * b3/air/AirStackSlot.h:
1576         (JSC::B3::Air::StackSlot::byteSize):
1577         (JSC::B3::Air::StackSlot::kind):
1578         (JSC::B3::Air::StackSlot::isLocked):
1579         (JSC::B3::Air::StackSlot::index):
1580         (JSC::B3::Air::StackSlot::alignment):
1581         * b3/air/opcode_generator.rb:
1582         * b3/testb3.cpp:
1583         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1584         (JSC::B3::testFramePointer):
1585         (JSC::B3::testStackSlot):
1586         (JSC::B3::testLoadFromFramePointer):
1587         (JSC::B3::testStoreLoadStackSlot):
1588         (JSC::B3::run):
1589
1590 2015-10-29  Saam barati  <sbarati@apple.com>
1591
1592         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
1593         https://bugs.webkit.org/show_bug.cgi?id=150655
1594
1595         Reviewed by Filip Pizlo.
1596
1597         We're recomputing this value for an *OSRExitDescriptor* for every one
1598         of its corresponding *OSRExits*. This is having a multiplicative
1599         effect on offsets because each computation is relative to the previous
1600         value. We must do this computation just once per OSRExitDescriptor.
1601
1602         * ftl/FTLCompile.cpp:
1603         (JSC::FTL::mmAllocateDataSection):
1604
1605 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1606
1607         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
1608         https://bugs.webkit.org/show_bug.cgi?id=150657
1609
1610         Reviewed by Geoffrey Garen.
1611
1612         Also added the ability to store an immediate to memory.
1613
1614         * assembler/MacroAssembler.h:
1615         (JSC::MacroAssembler::storePtr):
1616         * assembler/MacroAssemblerARM64.h:
1617         (JSC::MacroAssemblerARM64::store64):
1618         * assembler/MacroAssemblerX86_64.h:
1619         (JSC::MacroAssemblerX86_64::store64):
1620         * b3/B3LowerToAir.cpp:
1621         (JSC::B3::Air::LowerToAir::imm):
1622         (JSC::B3::Air::LowerToAir::immAnyInt):
1623         (JSC::B3::Air::LowerToAir::immOrTmp):
1624         (JSC::B3::Air::LowerToAir::tryStore):
1625         * b3/air/AirOpcode.opcodes:
1626         * b3/air/AirSpillEverything.cpp:
1627         (JSC::B3::Air::spillEverything):
1628         * b3/testb3.cpp:
1629         (JSC::B3::testStore):
1630         (JSC::B3::testStoreConstant):
1631         (JSC::B3::testStoreConstantPtr):
1632         (JSC::B3::testTrunc):
1633         (JSC::B3::run):
1634
1635 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
1636
1637         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
1638         https://bugs.webkit.org/show_bug.cgi?id=150654
1639
1640         Reviewed by Geoffrey Garen.
1641
1642         * inspector/scripts/codegen/generator.py:
1643
1644 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1645
1646         B3::reduceStrength() should do DCE
1647         https://bugs.webkit.org/show_bug.cgi?id=150656
1648
1649         Reviewed by Saam Barati.
1650
1651         * b3/B3BasicBlock.cpp:
1652         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
1653         * b3/B3BasicBlock.h:
1654         * b3/B3Procedure.cpp:
1655         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
1656         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
1657         * b3/B3Procedure.h:
1658         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
1659         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
1660         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
1661         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
1662         (JSC::B3::Procedure::values):
1663         * b3/B3ProcedureInlines.h:
1664         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
1665         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
1666
1667 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
1668
1669         Web Inspector: Remove unused / duplicate WebSocket timeline records
1670         https://bugs.webkit.org/show_bug.cgi?id=150647
1671
1672         Reviewed by Timothy Hatcher.
1673
1674         * inspector/protocol/Timeline.json:
1675
1676 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1677
1678         B3::LowerToAir should not duplicate Loads
1679         https://bugs.webkit.org/show_bug.cgi?id=150651
1680
1681         Reviewed by Benjamin Poulain.
1682
1683         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
1684         if we haven't already emitted code that uses the Value and the Value has only one direct
1685         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
1686         Value: we won't emit any more code for it in the future.
1687
1688         The optimization to fuse Loads was forgetting to do all of these things, and so generated
1689         code would have a lot of duplicated Loads. That's bad and this change fixes that.
1690
1691         Ordinarily, this is far less tricky because the pattern matcher does this for us via
1692         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
1693         won't need to do this manually very often.
1694
1695         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
1696         debug.
1697
1698         * b3/B3IndexMap.h:
1699         (JSC::B3::IndexMap::IndexMap):
1700         (JSC::B3::IndexMap::resize):
1701         (JSC::B3::IndexMap::operator[]):
1702         * b3/B3LowerToAir.cpp:
1703         (JSC::B3::Air::LowerToAir::tmp):
1704         (JSC::B3::Air::LowerToAir::canBeInternal):
1705         (JSC::B3::Air::LowerToAir::commitInternal):
1706         (JSC::B3::Air::LowerToAir::effectiveAddr):
1707         (JSC::B3::Air::LowerToAir::loadAddr):
1708         (JSC::B3::Air::LowerToAir::appendBinOp):
1709         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1710         (JSC::B3::Air::LowerToAir::acceptInternals):
1711         * b3/B3UseCounts.cpp:
1712         (JSC::B3::UseCounts::UseCounts):
1713
1714 2015-10-28  Mark Lam  <mark.lam@apple.com>
1715
1716         JITSubGenerator::generateFastPath() does not need to be inlined.
1717         https://bugs.webkit.org/show_bug.cgi?id=150645
1718
1719         Reviewed by Geoffrey Garen.
1720
1721         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
1722         perf neutral.
1723
1724         * CMakeLists.txt:
1725         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1726         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1727         * JavaScriptCore.xcodeproj/project.pbxproj:
1728         * ftl/FTLCompile.cpp:
1729         * jit/JITSubGenerator.cpp: Added.
1730         (JSC::JITSubGenerator::generateFastPath):
1731         * jit/JITSubGenerator.h:
1732         (JSC::JITSubGenerator::JITSubGenerator):
1733         (JSC::JITSubGenerator::endJumpList):
1734         (JSC::JITSubGenerator::slowPathJumpList):
1735         (JSC::JITSubGenerator::generateFastPath): Deleted.
1736
1737 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1738
1739         [B3] handleCommutativity should canonicalize commutative operations over non-constants
1740         https://bugs.webkit.org/show_bug.cgi?id=150649
1741
1742         Reviewed by Saam Barati.
1743
1744         Turn this: Add(value1, value2)
1745         Into this: Add(value2, value1)
1746
1747         But ony if value2 should come before value1 according to our total ordering. This will allow
1748         CSE to observe the equality between commuted versions of the same operation, since we will
1749         first canonicalize them into the same order.
1750
1751         * b3/B3ReduceStrength.cpp:
1752
1753 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1754
1755         Unreviewed, fix the build for case sensitive file systems.
1756
1757         * b3/air/AirBasicBlock.h:
1758         * b3/air/AirStackSlot.h:
1759
1760 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1761
1762         Create a super rough prototype of B3
1763         https://bugs.webkit.org/show_bug.cgi?id=150280
1764
1765         Reviewed by Benjamin Poulain.
1766
1767         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
1768         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
1769         for aggressive C-level optimizations and an awesome portable backend. The backend, called
1770         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
1771         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
1772         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
1773         instruction selection, reflectively selects Air opcodes by querying which instruction forms
1774         are possible. Air allows for optimal register allocation and stack layout. Currently the
1775         register allocator isn't written, but the stack layout is.
1776
1777         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
1778         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
1779         stuff added to the instruction selector. But it's a neat start.
1780
1781         * CMakeLists.txt:
1782         * DerivedSources.make:
1783         * JavaScriptCore.xcodeproj/project.pbxproj:
1784         * assembler/MacroAssembler.cpp:
1785         (WTF::printInternal):
1786         * assembler/MacroAssembler.h:
1787         * b3: Added.
1788         * b3/B3AddressMatcher.patterns: Added.
1789         * b3/B3ArgumentRegValue.cpp: Added.
1790         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
1791         (JSC::B3::ArgumentRegValue::dumpMeta):
1792         * b3/B3ArgumentRegValue.h: Added.
1793         * b3/B3BasicBlock.cpp: Added.
1794         (JSC::B3::BasicBlock::BasicBlock):
1795         (JSC::B3::BasicBlock::~BasicBlock):
1796         (JSC::B3::BasicBlock::append):
1797         (JSC::B3::BasicBlock::addPredecessor):
1798         (JSC::B3::BasicBlock::removePredecessor):
1799         (JSC::B3::BasicBlock::replacePredecessor):
1800         (JSC::B3::BasicBlock::removeNops):
1801         (JSC::B3::BasicBlock::dump):
1802         (JSC::B3::BasicBlock::deepDump):
1803         * b3/B3BasicBlock.h: Added.
1804         (JSC::B3::BasicBlock::index):
1805         (JSC::B3::BasicBlock::begin):
1806         (JSC::B3::BasicBlock::end):
1807         (JSC::B3::BasicBlock::size):
1808         (JSC::B3::BasicBlock::at):
1809         (JSC::B3::BasicBlock::last):
1810         (JSC::B3::BasicBlock::values):
1811         (JSC::B3::BasicBlock::numPredecessors):
1812         (JSC::B3::BasicBlock::predecessor):
1813         (JSC::B3::BasicBlock::predecessors):
1814         (JSC::B3::BasicBlock::frequency):
1815         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
1816         (JSC::B3::DeepBasicBlockDump::dump):
1817         (JSC::B3::deepDump):
1818         * b3/B3BasicBlockInlines.h: Added.
1819         (JSC::B3::BasicBlock::appendNew):
1820         (JSC::B3::BasicBlock::numSuccessors):
1821         (JSC::B3::BasicBlock::successor):
1822         (JSC::B3::BasicBlock::successors):
1823         (JSC::B3::BasicBlock::successorBlock):
1824         (JSC::B3::BasicBlock::successorBlocks):
1825         * b3/B3BasicBlockUtils.h: Added.
1826         (JSC::B3::addPredecessor):
1827         (JSC::B3::removePredecessor):
1828         (JSC::B3::replacePredecessor):
1829         (JSC::B3::resetReachability):
1830         (JSC::B3::blocksInPreOrder):
1831         (JSC::B3::blocksInPostOrder):
1832         * b3/B3BlockWorklist.h: Added.
1833         * b3/B3CheckSpecial.cpp: Added.
1834         (JSC::B3::Air::numB3Args):
1835         (JSC::B3::CheckSpecial::CheckSpecial):
1836         (JSC::B3::CheckSpecial::~CheckSpecial):
1837         (JSC::B3::CheckSpecial::hiddenBranch):
1838         (JSC::B3::CheckSpecial::forEachArg):
1839         (JSC::B3::CheckSpecial::isValid):
1840         (JSC::B3::CheckSpecial::admitsStack):
1841         (JSC::B3::CheckSpecial::generate):
1842         (JSC::B3::CheckSpecial::dumpImpl):
1843         (JSC::B3::CheckSpecial::deepDumpImpl):
1844         * b3/B3CheckSpecial.h: Added.
1845         * b3/B3CheckValue.cpp: Added.
1846         (JSC::B3::CheckValue::~CheckValue):
1847         (JSC::B3::CheckValue::dumpMeta):
1848         * b3/B3CheckValue.h: Added.
1849         * b3/B3Common.cpp: Added.
1850         (JSC::B3::shouldDumpIR):
1851         (JSC::B3::shouldDumpIRAtEachPhase):
1852         (JSC::B3::shouldValidateIR):
1853         (JSC::B3::shouldValidateIRAtEachPhase):
1854         (JSC::B3::shouldSaveIRBeforePhase):
1855         * b3/B3Common.h: Added.
1856         (JSC::B3::is64Bit):
1857         (JSC::B3::is32Bit):
1858         * b3/B3Commutativity.cpp: Added.
1859         (WTF::printInternal):
1860         * b3/B3Commutativity.h: Added.
1861         * b3/B3Const32Value.cpp: Added.
1862         (JSC::B3::Const32Value::~Const32Value):
1863         (JSC::B3::Const32Value::negConstant):
1864         (JSC::B3::Const32Value::addConstant):
1865         (JSC::B3::Const32Value::subConstant):
1866         (JSC::B3::Const32Value::dumpMeta):
1867         * b3/B3Const32Value.h: Added.
1868         * b3/B3Const64Value.cpp: Added.
1869         (JSC::B3::Const64Value::~Const64Value):
1870         (JSC::B3::Const64Value::negConstant):
1871         (JSC::B3::Const64Value::addConstant):
1872         (JSC::B3::Const64Value::subConstant):
1873         (JSC::B3::Const64Value::dumpMeta):
1874         * b3/B3Const64Value.h: Added.
1875         * b3/B3ConstDoubleValue.cpp: Added.
1876         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
1877         (JSC::B3::ConstDoubleValue::negConstant):
1878         (JSC::B3::ConstDoubleValue::addConstant):
1879         (JSC::B3::ConstDoubleValue::subConstant):
1880         (JSC::B3::ConstDoubleValue::dumpMeta):
1881         * b3/B3ConstDoubleValue.h: Added.
1882         (JSC::B3::ConstDoubleValue::accepts):
1883         (JSC::B3::ConstDoubleValue::value):
1884         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
1885         * b3/B3ConstPtrValue.h: Added.
1886         (JSC::B3::ConstPtrValue::value):
1887         (JSC::B3::ConstPtrValue::ConstPtrValue):
1888         * b3/B3ControlValue.cpp: Added.
1889         (JSC::B3::ControlValue::~ControlValue):
1890         (JSC::B3::ControlValue::dumpMeta):
1891         * b3/B3ControlValue.h: Added.
1892         * b3/B3Effects.cpp: Added.
1893         (JSC::B3::Effects::dump):
1894         * b3/B3Effects.h: Added.
1895         (JSC::B3::Effects::mustExecute):
1896         * b3/B3FrequencyClass.cpp: Added.
1897         (WTF::printInternal):
1898         * b3/B3FrequencyClass.h: Added.
1899         * b3/B3FrequentedBlock.h: Added.
1900         * b3/B3Generate.cpp: Added.
1901         (JSC::B3::generate):
1902         (JSC::B3::generateToAir):
1903         * b3/B3Generate.h: Added.
1904         * b3/B3GenericFrequentedBlock.h: Added.
1905         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
1906         (JSC::B3::GenericFrequentedBlock::operator==):
1907         (JSC::B3::GenericFrequentedBlock::operator!=):
1908         (JSC::B3::GenericFrequentedBlock::operator bool):
1909         (JSC::B3::GenericFrequentedBlock::block):
1910         (JSC::B3::GenericFrequentedBlock::frequency):
1911         (JSC::B3::GenericFrequentedBlock::dump):
1912         * b3/B3HeapRange.cpp: Added.
1913         (JSC::B3::HeapRange::dump):
1914         * b3/B3HeapRange.h: Added.
1915         (JSC::B3::HeapRange::HeapRange):
1916         (JSC::B3::HeapRange::top):
1917         (JSC::B3::HeapRange::operator==):
1918         (JSC::B3::HeapRange::operator!=):
1919         (JSC::B3::HeapRange::operator bool):
1920         (JSC::B3::HeapRange::begin):
1921         (JSC::B3::HeapRange::end):
1922         (JSC::B3::HeapRange::overlaps):
1923         * b3/B3IndexMap.h: Added.
1924         (JSC::B3::IndexMap::IndexMap):
1925         (JSC::B3::IndexMap::resize):
1926         (JSC::B3::IndexMap::operator[]):
1927         * b3/B3IndexSet.h: Added.
1928         (JSC::B3::IndexSet::IndexSet):
1929         (JSC::B3::IndexSet::add):
1930         (JSC::B3::IndexSet::contains):
1931         (JSC::B3::IndexSet::Iterable::Iterable):
1932         (JSC::B3::IndexSet::Iterable::iterator::iterator):
1933         (JSC::B3::IndexSet::Iterable::iterator::operator*):
1934         (JSC::B3::IndexSet::Iterable::iterator::operator++):
1935         (JSC::B3::IndexSet::Iterable::iterator::operator==):
1936         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
1937         (JSC::B3::IndexSet::Iterable::begin):
1938         (JSC::B3::IndexSet::Iterable::end):
1939         (JSC::B3::IndexSet::values):
1940         (JSC::B3::IndexSet::indices):
1941         (JSC::B3::IndexSet::dump):
1942         * b3/B3InsertionSet.cpp: Added.
1943         (JSC::B3::InsertionSet::execute):
1944         * b3/B3InsertionSet.h: Added.
1945         (JSC::B3::InsertionSet::InsertionSet):
1946         (JSC::B3::InsertionSet::code):
1947         (JSC::B3::InsertionSet::appendInsertion):
1948         (JSC::B3::InsertionSet::insertValue):
1949         * b3/B3InsertionSetInlines.h: Added.
1950         (JSC::B3::InsertionSet::insert):
1951         * b3/B3LowerToAir.cpp: Added.
1952         (JSC::B3::Air::LowerToAir::LowerToAir):
1953         (JSC::B3::Air::LowerToAir::run):
1954         (JSC::B3::Air::LowerToAir::tmp):
1955         (JSC::B3::Air::LowerToAir::effectiveAddr):
1956         (JSC::B3::Air::LowerToAir::addr):
1957         (JSC::B3::Air::LowerToAir::loadAddr):
1958         (JSC::B3::Air::LowerToAir::imm):
1959         (JSC::B3::Air::LowerToAir::immOrTmp):
1960         (JSC::B3::Air::LowerToAir::appendBinOp):
1961         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1962         (JSC::B3::Air::LowerToAir::moveForType):
1963         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
1964         (JSC::B3::Air::LowerToAir::append):
1965         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
1966         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1967         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
1968         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
1969         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
1970         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
1971         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
1972         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
1973         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
1974         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1975         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1976         (JSC::B3::Air::LowerToAir::acceptRoot):
1977         (JSC::B3::Air::LowerToAir::acceptRootLate):
1978         (JSC::B3::Air::LowerToAir::acceptInternals):
1979         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
1980         (JSC::B3::Air::LowerToAir::acceptOperands):
1981         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
1982         (JSC::B3::Air::LowerToAir::tryLoad):
1983         (JSC::B3::Air::LowerToAir::tryAdd):
1984         (JSC::B3::Air::LowerToAir::tryAnd):
1985         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1986         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
1987         (JSC::B3::Air::LowerToAir::tryStore):
1988         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
1989         (JSC::B3::Air::LowerToAir::tryTrunc):
1990         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1991         (JSC::B3::Air::LowerToAir::tryConst32):
1992         (JSC::B3::Air::LowerToAir::tryConst64):
1993         (JSC::B3::Air::LowerToAir::tryIdentity):
1994         (JSC::B3::Air::LowerToAir::tryReturn):
1995         (JSC::B3::lowerToAir):
1996         * b3/B3LowerToAir.h: Added.
1997         * b3/B3LoweringMatcher.patterns: Added.
1998         * b3/B3MemoryValue.cpp: Added.
1999         (JSC::B3::MemoryValue::~MemoryValue):
2000         (JSC::B3::MemoryValue::dumpMeta):
2001         * b3/B3MemoryValue.h: Added.
2002         * b3/B3Opcode.cpp: Added.
2003         (WTF::printInternal):
2004         * b3/B3Opcode.h: Added.
2005         (JSC::B3::isCheckMath):
2006         * b3/B3Origin.cpp: Added.
2007         (JSC::B3::Origin::dump):
2008         * b3/B3Origin.h: Added.
2009         (JSC::B3::Origin::Origin):
2010         (JSC::B3::Origin::operator bool):
2011         (JSC::B3::Origin::data):
2012         * b3/B3PatchpointSpecial.cpp: Added.
2013         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
2014         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
2015         (JSC::B3::PatchpointSpecial::forEachArg):
2016         (JSC::B3::PatchpointSpecial::isValid):
2017         (JSC::B3::PatchpointSpecial::admitsStack):
2018         (JSC::B3::PatchpointSpecial::generate):
2019         (JSC::B3::PatchpointSpecial::dumpImpl):
2020         (JSC::B3::PatchpointSpecial::deepDumpImpl):
2021         * b3/B3PatchpointSpecial.h: Added.
2022         * b3/B3PatchpointValue.cpp: Added.
2023         (JSC::B3::PatchpointValue::~PatchpointValue):
2024         (JSC::B3::PatchpointValue::dumpMeta):
2025         * b3/B3PatchpointValue.h: Added.
2026         (JSC::B3::PatchpointValue::accepts):
2027         (JSC::B3::PatchpointValue::PatchpointValue):
2028         * b3/B3PhaseScope.cpp: Added.
2029         (JSC::B3::PhaseScope::PhaseScope):
2030         (JSC::B3::PhaseScope::~PhaseScope):
2031         * b3/B3PhaseScope.h: Added.
2032         * b3/B3Procedure.cpp: Added.
2033         (JSC::B3::Procedure::Procedure):
2034         (JSC::B3::Procedure::~Procedure):
2035         (JSC::B3::Procedure::addBlock):
2036         (JSC::B3::Procedure::resetReachability):
2037         (JSC::B3::Procedure::dump):
2038         (JSC::B3::Procedure::blocksInPreOrder):
2039         (JSC::B3::Procedure::blocksInPostOrder):
2040         * b3/B3Procedure.h: Added.
2041         (JSC::B3::Procedure::size):
2042         (JSC::B3::Procedure::at):
2043         (JSC::B3::Procedure::operator[]):
2044         (JSC::B3::Procedure::iterator::iterator):
2045         (JSC::B3::Procedure::iterator::operator*):
2046         (JSC::B3::Procedure::iterator::operator++):
2047         (JSC::B3::Procedure::iterator::operator==):
2048         (JSC::B3::Procedure::iterator::operator!=):
2049         (JSC::B3::Procedure::iterator::findNext):
2050         (JSC::B3::Procedure::begin):
2051         (JSC::B3::Procedure::end):
2052         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
2053         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
2054         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
2055         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2056         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
2057         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2058         (JSC::B3::Procedure::ValuesCollection::begin):
2059         (JSC::B3::Procedure::ValuesCollection::end):
2060         (JSC::B3::Procedure::ValuesCollection::size):
2061         (JSC::B3::Procedure::ValuesCollection::at):
2062         (JSC::B3::Procedure::ValuesCollection::operator[]):
2063         (JSC::B3::Procedure::values):
2064         (JSC::B3::Procedure::setLastPhaseName):
2065         (JSC::B3::Procedure::lastPhaseName):
2066         * b3/B3ProcedureInlines.h: Added.
2067         (JSC::B3::Procedure::add):
2068         * b3/B3ReduceStrength.cpp: Added.
2069         (JSC::B3::reduceStrength):
2070         * b3/B3ReduceStrength.h: Added.
2071         * b3/B3StackSlotKind.cpp: Added.
2072         (WTF::printInternal):
2073         * b3/B3StackSlotKind.h: Added.
2074         * b3/B3StackSlotValue.cpp: Added.
2075         (JSC::B3::StackSlotValue::~StackSlotValue):
2076         (JSC::B3::StackSlotValue::dumpMeta):
2077         * b3/B3StackSlotValue.h: Added.
2078         (JSC::B3::StackSlotValue::accepts):
2079         (JSC::B3::StackSlotValue::byteSize):
2080         (JSC::B3::StackSlotValue::kind):
2081         (JSC::B3::StackSlotValue::offsetFromFP):
2082         (JSC::B3::StackSlotValue::setOffsetFromFP):
2083         (JSC::B3::StackSlotValue::StackSlotValue):
2084         * b3/B3Stackmap.cpp: Added.
2085         (JSC::B3::Stackmap::Stackmap):
2086         (JSC::B3::Stackmap::~Stackmap):
2087         (JSC::B3::Stackmap::dump):
2088         * b3/B3Stackmap.h: Added.
2089         (JSC::B3::Stackmap::constrain):
2090         (JSC::B3::Stackmap::reps):
2091         (JSC::B3::Stackmap::clobber):
2092         (JSC::B3::Stackmap::clobbered):
2093         (JSC::B3::Stackmap::setGenerator):
2094         * b3/B3StackmapSpecial.cpp: Added.
2095         (JSC::B3::StackmapSpecial::StackmapSpecial):
2096         (JSC::B3::StackmapSpecial::~StackmapSpecial):
2097         (JSC::B3::StackmapSpecial::reportUsedRegisters):
2098         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2099         (JSC::B3::StackmapSpecial::forEachArgImpl):
2100         (JSC::B3::StackmapSpecial::isValidImpl):
2101         (JSC::B3::StackmapSpecial::admitsStackImpl):
2102         (JSC::B3::StackmapSpecial::appendRepsImpl):
2103         (JSC::B3::StackmapSpecial::repForArg):
2104         * b3/B3StackmapSpecial.h: Added.
2105         * b3/B3SuccessorCollection.h: Added.
2106         (JSC::B3::SuccessorCollection::SuccessorCollection):
2107         (JSC::B3::SuccessorCollection::size):
2108         (JSC::B3::SuccessorCollection::at):
2109         (JSC::B3::SuccessorCollection::operator[]):
2110         (JSC::B3::SuccessorCollection::iterator::iterator):
2111         (JSC::B3::SuccessorCollection::iterator::operator*):
2112         (JSC::B3::SuccessorCollection::iterator::operator++):
2113         (JSC::B3::SuccessorCollection::iterator::operator==):
2114         (JSC::B3::SuccessorCollection::iterator::operator!=):
2115         (JSC::B3::SuccessorCollection::begin):
2116         (JSC::B3::SuccessorCollection::end):
2117         * b3/B3SwitchCase.cpp: Added.
2118         (JSC::B3::SwitchCase::dump):
2119         * b3/B3SwitchCase.h: Added.
2120         (JSC::B3::SwitchCase::SwitchCase):
2121         (JSC::B3::SwitchCase::operator bool):
2122         (JSC::B3::SwitchCase::caseValue):
2123         (JSC::B3::SwitchCase::target):
2124         (JSC::B3::SwitchCase::targetBlock):
2125         * b3/B3SwitchValue.cpp: Added.
2126         (JSC::B3::SwitchValue::~SwitchValue):
2127         (JSC::B3::SwitchValue::removeCase):
2128         (JSC::B3::SwitchValue::appendCase):
2129         (JSC::B3::SwitchValue::dumpMeta):
2130         (JSC::B3::SwitchValue::SwitchValue):
2131         * b3/B3SwitchValue.h: Added.
2132         (JSC::B3::SwitchValue::accepts):
2133         (JSC::B3::SwitchValue::numCaseValues):
2134         (JSC::B3::SwitchValue::caseValue):
2135         (JSC::B3::SwitchValue::caseValues):
2136         (JSC::B3::SwitchValue::fallThrough):
2137         (JSC::B3::SwitchValue::size):
2138         (JSC::B3::SwitchValue::at):
2139         (JSC::B3::SwitchValue::operator[]):
2140         (JSC::B3::SwitchValue::iterator::iterator):
2141         (JSC::B3::SwitchValue::iterator::operator*):
2142         (JSC::B3::SwitchValue::iterator::operator++):
2143         (JSC::B3::SwitchValue::iterator::operator==):
2144         (JSC::B3::SwitchValue::iterator::operator!=):
2145         (JSC::B3::SwitchValue::begin):
2146         (JSC::B3::SwitchValue::end):
2147         * b3/B3Type.cpp: Added.
2148         (WTF::printInternal):
2149         * b3/B3Type.h: Added.
2150         (JSC::B3::isInt):
2151         (JSC::B3::isFloat):
2152         (JSC::B3::pointerType):
2153         * b3/B3UpsilonValue.cpp: Added.
2154         (JSC::B3::UpsilonValue::~UpsilonValue):
2155         (JSC::B3::UpsilonValue::dumpMeta):
2156         * b3/B3UpsilonValue.h: Added.
2157         (JSC::B3::UpsilonValue::accepts):
2158         (JSC::B3::UpsilonValue::phi):
2159         (JSC::B3::UpsilonValue::UpsilonValue):
2160         * b3/B3UseCounts.cpp: Added.
2161         (JSC::B3::UseCounts::UseCounts):
2162         (JSC::B3::UseCounts::~UseCounts):
2163         * b3/B3UseCounts.h: Added.
2164         (JSC::B3::UseCounts::operator[]):
2165         * b3/B3Validate.cpp: Added.
2166         (JSC::B3::validate):
2167         * b3/B3Validate.h: Added.
2168         * b3/B3Value.cpp: Added.
2169         (JSC::B3::Value::~Value):
2170         (JSC::B3::Value::replaceWithIdentity):
2171         (JSC::B3::Value::replaceWithNop):
2172         (JSC::B3::Value::dump):
2173         (JSC::B3::Value::deepDump):
2174         (JSC::B3::Value::negConstant):
2175         (JSC::B3::Value::addConstant):
2176         (JSC::B3::Value::subConstant):
2177         (JSC::B3::Value::effects):
2178         (JSC::B3::Value::performSubstitution):
2179         (JSC::B3::Value::dumpMeta):
2180         (JSC::B3::Value::typeFor):
2181         * b3/B3Value.h: Added.
2182         (JSC::B3::DeepValueDump::DeepValueDump):
2183         (JSC::B3::DeepValueDump::dump):
2184         (JSC::B3::deepDump):
2185         * b3/B3ValueInlines.h: Added.
2186         (JSC::B3::Value::as):
2187         (JSC::B3::Value::isConstant):
2188         (JSC::B3::Value::hasInt32):
2189         (JSC::B3::Value::asInt32):
2190         (JSC::B3::Value::hasInt64):
2191         (JSC::B3::Value::asInt64):
2192         (JSC::B3::Value::hasInt):
2193         (JSC::B3::Value::asInt):
2194         (JSC::B3::Value::isInt):
2195         (JSC::B3::Value::hasIntPtr):
2196         (JSC::B3::Value::asIntPtr):
2197         (JSC::B3::Value::hasDouble):
2198         (JSC::B3::Value::asDouble):
2199         (JSC::B3::Value::stackmap):
2200         * b3/B3ValueRep.cpp: Added.
2201         (JSC::B3::ValueRep::dump):
2202         (WTF::printInternal):
2203         * b3/B3ValueRep.h: Added.
2204         (JSC::B3::ValueRep::ValueRep):
2205         (JSC::B3::ValueRep::reg):
2206         (JSC::B3::ValueRep::stack):
2207         (JSC::B3::ValueRep::stackArgument):
2208         (JSC::B3::ValueRep::constant):
2209         (JSC::B3::ValueRep::constantDouble):
2210         (JSC::B3::ValueRep::kind):
2211         (JSC::B3::ValueRep::operator bool):
2212         (JSC::B3::ValueRep::offsetFromFP):
2213         (JSC::B3::ValueRep::offsetFromSP):
2214         (JSC::B3::ValueRep::value):
2215         (JSC::B3::ValueRep::doubleValue):
2216         * b3/air: Added.
2217         * b3/air/AirAllocateStack.cpp: Added.
2218         (JSC::B3::Air::allocateStack):
2219         * b3/air/AirAllocateStack.h: Added.
2220         * b3/air/AirArg.cpp: Added.
2221         (JSC::B3::Air::Arg::dump):
2222         * b3/air/AirArg.h: Added.
2223         (JSC::B3::Air::Arg::isUse):
2224         (JSC::B3::Air::Arg::isDef):
2225         (JSC::B3::Air::Arg::typeForB3Type):
2226         (JSC::B3::Air::Arg::Arg):
2227         (JSC::B3::Air::Arg::imm):
2228         (JSC::B3::Air::Arg::imm64):
2229         (JSC::B3::Air::Arg::addr):
2230         (JSC::B3::Air::Arg::stack):
2231         (JSC::B3::Air::Arg::callArg):
2232         (JSC::B3::Air::Arg::isValidScale):
2233         (JSC::B3::Air::Arg::logScale):
2234         (JSC::B3::Air::Arg::index):
2235         (JSC::B3::Air::Arg::relCond):
2236         (JSC::B3::Air::Arg::resCond):
2237         (JSC::B3::Air::Arg::special):
2238         (JSC::B3::Air::Arg::operator==):
2239         (JSC::B3::Air::Arg::operator!=):
2240         (JSC::B3::Air::Arg::operator bool):
2241         (JSC::B3::Air::Arg::kind):
2242         (JSC::B3::Air::Arg::isTmp):
2243         (JSC::B3::Air::Arg::isImm):
2244         (JSC::B3::Air::Arg::isImm64):
2245         (JSC::B3::Air::Arg::isAddr):
2246         (JSC::B3::Air::Arg::isStack):
2247         (JSC::B3::Air::Arg::isCallArg):
2248         (JSC::B3::Air::Arg::isIndex):
2249         (JSC::B3::Air::Arg::isRelCond):
2250         (JSC::B3::Air::Arg::isResCond):
2251         (JSC::B3::Air::Arg::isSpecial):
2252         (JSC::B3::Air::Arg::isAlive):
2253         (JSC::B3::Air::Arg::tmp):
2254         (JSC::B3::Air::Arg::value):
2255         (JSC::B3::Air::Arg::pointerValue):
2256         (JSC::B3::Air::Arg::base):
2257         (JSC::B3::Air::Arg::hasOffset):
2258         (JSC::B3::Air::Arg::offset):
2259         (JSC::B3::Air::Arg::stackSlot):
2260         (JSC::B3::Air::Arg::scale):
2261         (JSC::B3::Air::Arg::isGPTmp):
2262         (JSC::B3::Air::Arg::isFPTmp):
2263         (JSC::B3::Air::Arg::isGP):
2264         (JSC::B3::Air::Arg::isFP):
2265         (JSC::B3::Air::Arg::hasType):
2266         (JSC::B3::Air::Arg::type):
2267         (JSC::B3::Air::Arg::isType):
2268         (JSC::B3::Air::Arg::isGPR):
2269         (JSC::B3::Air::Arg::gpr):
2270         (JSC::B3::Air::Arg::isFPR):
2271         (JSC::B3::Air::Arg::fpr):
2272         (JSC::B3::Air::Arg::isReg):
2273         (JSC::B3::Air::Arg::reg):
2274         (JSC::B3::Air::Arg::gpTmpIndex):
2275         (JSC::B3::Air::Arg::fpTmpIndex):
2276         (JSC::B3::Air::Arg::tmpIndex):
2277         (JSC::B3::Air::Arg::withOffset):
2278         (JSC::B3::Air::Arg::forEachTmpFast):
2279         (JSC::B3::Air::Arg::forEachTmp):
2280         (JSC::B3::Air::Arg::asTrustedImm32):
2281         (JSC::B3::Air::Arg::asTrustedImm64):
2282         (JSC::B3::Air::Arg::asTrustedImmPtr):
2283         (JSC::B3::Air::Arg::asAddress):
2284         (JSC::B3::Air::Arg::asBaseIndex):
2285         (JSC::B3::Air::Arg::asRelationalCondition):
2286         (JSC::B3::Air::Arg::asResultCondition):
2287         (JSC::B3::Air::Arg::isHashTableDeletedValue):
2288         (JSC::B3::Air::Arg::hash):
2289         (JSC::B3::Air::ArgHash::hash):
2290         (JSC::B3::Air::ArgHash::equal):
2291         * b3/air/AirBasicBlock.cpp: Added.
2292         (JSC::B3::Air::BasicBlock::addPredecessor):
2293         (JSC::B3::Air::BasicBlock::removePredecessor):
2294         (JSC::B3::Air::BasicBlock::replacePredecessor):
2295         (JSC::B3::Air::BasicBlock::dump):
2296         (JSC::B3::Air::BasicBlock::deepDump):
2297         (JSC::B3::Air::BasicBlock::BasicBlock):
2298         * b3/air/AirBasicBlock.h: Added.
2299         (JSC::B3::Air::BasicBlock::index):
2300         (JSC::B3::Air::BasicBlock::size):
2301         (JSC::B3::Air::BasicBlock::begin):
2302         (JSC::B3::Air::BasicBlock::end):
2303         (JSC::B3::Air::BasicBlock::at):
2304         (JSC::B3::Air::BasicBlock::last):
2305         (JSC::B3::Air::BasicBlock::appendInst):
2306         (JSC::B3::Air::BasicBlock::append):
2307         (JSC::B3::Air::BasicBlock::numSuccessors):
2308         (JSC::B3::Air::BasicBlock::successor):
2309         (JSC::B3::Air::BasicBlock::successors):
2310         (JSC::B3::Air::BasicBlock::successorBlock):
2311         (JSC::B3::Air::BasicBlock::successorBlocks):
2312         (JSC::B3::Air::BasicBlock::numPredecessors):
2313         (JSC::B3::Air::BasicBlock::predecessor):
2314         (JSC::B3::Air::BasicBlock::predecessors):
2315         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
2316         (JSC::B3::Air::DeepBasicBlockDump::dump):
2317         (JSC::B3::Air::deepDump):
2318         * b3/air/AirCCallSpecial.cpp: Added.
2319         (JSC::B3::Air::CCallSpecial::CCallSpecial):
2320         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
2321         (JSC::B3::Air::CCallSpecial::forEachArg):
2322         (JSC::B3::Air::CCallSpecial::isValid):
2323         (JSC::B3::Air::CCallSpecial::admitsStack):
2324         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
2325         (JSC::B3::Air::CCallSpecial::generate):
2326         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2327         (JSC::B3::Air::CCallSpecial::dumpImpl):
2328         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
2329         * b3/air/AirCCallSpecial.h: Added.
2330         * b3/air/AirCode.cpp: Added.
2331         (JSC::B3::Air::Code::Code):
2332         (JSC::B3::Air::Code::~Code):
2333         (JSC::B3::Air::Code::addBlock):
2334         (JSC::B3::Air::Code::addStackSlot):
2335         (JSC::B3::Air::Code::addSpecial):
2336         (JSC::B3::Air::Code::cCallSpecial):
2337         (JSC::B3::Air::Code::resetReachability):
2338         (JSC::B3::Air::Code::dump):
2339         (JSC::B3::Air::Code::findFirstBlockIndex):
2340         (JSC::B3::Air::Code::findNextBlockIndex):
2341         (JSC::B3::Air::Code::findNextBlock):
2342         * b3/air/AirCode.h: Added.
2343         (JSC::B3::Air::Code::newTmp):
2344         (JSC::B3::Air::Code::numTmps):
2345         (JSC::B3::Air::Code::callArgAreaSize):
2346         (JSC::B3::Air::Code::requestCallArgAreaSize):
2347         (JSC::B3::Air::Code::frameSize):
2348         (JSC::B3::Air::Code::setFrameSize):
2349         (JSC::B3::Air::Code::calleeSaveRegisters):
2350         (JSC::B3::Air::Code::size):
2351         (JSC::B3::Air::Code::at):
2352         (JSC::B3::Air::Code::operator[]):
2353         (JSC::B3::Air::Code::iterator::iterator):
2354         (JSC::B3::Air::Code::iterator::operator*):
2355         (JSC::B3::Air::Code::iterator::operator++):
2356         (JSC::B3::Air::Code::iterator::operator==):
2357         (JSC::B3::Air::Code::iterator::operator!=):
2358         (JSC::B3::Air::Code::begin):
2359         (JSC::B3::Air::Code::end):
2360         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
2361         (JSC::B3::Air::Code::StackSlotsCollection::size):
2362         (JSC::B3::Air::Code::StackSlotsCollection::at):
2363         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
2364         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
2365         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
2366         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
2367         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
2368         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
2369         (JSC::B3::Air::Code::StackSlotsCollection::begin):
2370         (JSC::B3::Air::Code::StackSlotsCollection::end):
2371         (JSC::B3::Air::Code::stackSlots):
2372         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
2373         (JSC::B3::Air::Code::SpecialsCollection::size):
2374         (JSC::B3::Air::Code::SpecialsCollection::at):
2375         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
2376         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
2377         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
2378         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
2379         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
2380         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
2381         (JSC::B3::Air::Code::SpecialsCollection::begin):
2382         (JSC::B3::Air::Code::SpecialsCollection::end):
2383         (JSC::B3::Air::Code::specials):
2384         (JSC::B3::Air::Code::setLastPhaseName):
2385         (JSC::B3::Air::Code::lastPhaseName):
2386         * b3/air/AirFrequentedBlock.h: Added.
2387         * b3/air/AirGenerate.cpp: Added.
2388         (JSC::B3::Air::generate):
2389         * b3/air/AirGenerate.h: Added.
2390         * b3/air/AirGenerated.cpp: Added.
2391         * b3/air/AirGenerationContext.h: Added.
2392         * b3/air/AirHandleCalleeSaves.cpp: Added.
2393         (JSC::B3::Air::handleCalleeSaves):
2394         * b3/air/AirHandleCalleeSaves.h: Added.
2395         * b3/air/AirInsertionSet.cpp: Added.
2396         (JSC::B3::Air::InsertionSet::execute):
2397         * b3/air/AirInsertionSet.h: Added.
2398         (JSC::B3::Air::InsertionSet::InsertionSet):
2399         (JSC::B3::Air::InsertionSet::code):
2400         (JSC::B3::Air::InsertionSet::appendInsertion):
2401         (JSC::B3::Air::InsertionSet::insertInst):
2402         (JSC::B3::Air::InsertionSet::insert):
2403         * b3/air/AirInst.cpp: Added.
2404         (JSC::B3::Air::Inst::dump):
2405         * b3/air/AirInst.h: Added.
2406         (JSC::B3::Air::Inst::Inst):
2407         (JSC::B3::Air::Inst::opcode):
2408         (JSC::B3::Air::Inst::forEachTmpFast):
2409         (JSC::B3::Air::Inst::forEachTmp):
2410         * b3/air/AirInstInlines.h: Added.
2411         (JSC::B3::Air::ForEach<Tmp>::forEach):
2412         (JSC::B3::Air::ForEach<Arg>::forEach):
2413         (JSC::B3::Air::Inst::forEach):
2414         (JSC::B3::Air::Inst::hasSpecial):
2415         (JSC::B3::Air::Inst::extraClobberedRegs):
2416         (JSC::B3::Air::Inst::reportUsedRegisters):
2417         (JSC::B3::Air::isShiftValid):
2418         (JSC::B3::Air::isLshift32Valid):
2419         * b3/air/AirLiveness.h: Added.
2420         (JSC::B3::Air::Liveness::Liveness):
2421         (JSC::B3::Air::Liveness::liveAtHead):
2422         (JSC::B3::Air::Liveness::liveAtTail):
2423         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2424         (JSC::B3::Air::Liveness::LocalCalc::live):
2425         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
2426         (JSC::B3::Air::Liveness::LocalCalc::execute):
2427         * b3/air/AirOpcode.opcodes: Added.
2428         * b3/air/AirPhaseScope.cpp: Added.
2429         (JSC::B3::Air::PhaseScope::PhaseScope):
2430         (JSC::B3::Air::PhaseScope::~PhaseScope):
2431         * b3/air/AirPhaseScope.h: Added.
2432         * b3/air/AirRegisterPriority.cpp: Added.
2433         (JSC::B3::Air::gprsInPriorityOrder):
2434         (JSC::B3::Air::fprsInPriorityOrder):
2435         (JSC::B3::Air::regsInPriorityOrder):
2436         * b3/air/AirRegisterPriority.h: Added.
2437         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
2438         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
2439         (JSC::B3::Air::regsInPriorityOrder):
2440         * b3/air/AirSpecial.cpp: Added.
2441         (JSC::B3::Air::Special::Special):
2442         (JSC::B3::Air::Special::~Special):
2443         (JSC::B3::Air::Special::name):
2444         (JSC::B3::Air::Special::dump):
2445         (JSC::B3::Air::Special::deepDump):
2446         * b3/air/AirSpecial.h: Added.
2447         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
2448         (JSC::B3::Air::DeepSpecialDump::dump):
2449         (JSC::B3::Air::deepDump):
2450         * b3/air/AirSpillEverything.cpp: Added.
2451         (JSC::B3::Air::spillEverything):
2452         * b3/air/AirSpillEverything.h: Added.
2453         * b3/air/AirStackSlot.cpp: Added.
2454         (JSC::B3::Air::StackSlot::setOffsetFromFP):
2455         (JSC::B3::Air::StackSlot::dump):
2456         (JSC::B3::Air::StackSlot::deepDump):
2457         (JSC::B3::Air::StackSlot::StackSlot):
2458         * b3/air/AirStackSlot.h: Added.
2459         (JSC::B3::Air::StackSlot::byteSize):
2460         (JSC::B3::Air::StackSlot::kind):
2461         (JSC::B3::Air::StackSlot::index):
2462         (JSC::B3::Air::StackSlot::alignment):
2463         (JSC::B3::Air::StackSlot::value):
2464         (JSC::B3::Air::StackSlot::offsetFromFP):
2465         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
2466         (JSC::B3::Air::DeepStackSlotDump::dump):
2467         (JSC::B3::Air::deepDump):
2468         * b3/air/AirTmp.cpp: Added.
2469         (JSC::B3::Air::Tmp::dump):
2470         * b3/air/AirTmp.h: Added.
2471         (JSC::B3::Air::Tmp::Tmp):
2472         (JSC::B3::Air::Tmp::gpTmpForIndex):
2473         (JSC::B3::Air::Tmp::fpTmpForIndex):
2474         (JSC::B3::Air::Tmp::operator bool):
2475         (JSC::B3::Air::Tmp::isGP):
2476         (JSC::B3::Air::Tmp::isFP):
2477         (JSC::B3::Air::Tmp::isGPR):
2478         (JSC::B3::Air::Tmp::isFPR):
2479         (JSC::B3::Air::Tmp::isReg):
2480         (JSC::B3::Air::Tmp::gpr):
2481         (JSC::B3::Air::Tmp::fpr):
2482         (JSC::B3::Air::Tmp::reg):
2483         (JSC::B3::Air::Tmp::hasTmpIndex):
2484         (JSC::B3::Air::Tmp::gpTmpIndex):
2485         (JSC::B3::Air::Tmp::fpTmpIndex):
2486         (JSC::B3::Air::Tmp::tmpIndex):
2487         (JSC::B3::Air::Tmp::isAlive):
2488         (JSC::B3::Air::Tmp::operator==):
2489         (JSC::B3::Air::Tmp::operator!=):
2490         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
2491         (JSC::B3::Air::Tmp::hash):
2492         (JSC::B3::Air::Tmp::encodeGP):
2493         (JSC::B3::Air::Tmp::encodeFP):
2494         (JSC::B3::Air::Tmp::encodeGPR):
2495         (JSC::B3::Air::Tmp::encodeFPR):
2496         (JSC::B3::Air::Tmp::encodeGPTmp):
2497         (JSC::B3::Air::Tmp::encodeFPTmp):
2498         (JSC::B3::Air::Tmp::isEncodedGP):
2499         (JSC::B3::Air::Tmp::isEncodedFP):
2500         (JSC::B3::Air::Tmp::isEncodedGPR):
2501         (JSC::B3::Air::Tmp::isEncodedFPR):
2502         (JSC::B3::Air::Tmp::isEncodedGPTmp):
2503         (JSC::B3::Air::Tmp::isEncodedFPTmp):
2504         (JSC::B3::Air::Tmp::decodeGPR):
2505         (JSC::B3::Air::Tmp::decodeFPR):
2506         (JSC::B3::Air::Tmp::decodeGPTmp):
2507         (JSC::B3::Air::Tmp::decodeFPTmp):
2508         (JSC::B3::Air::TmpHash::hash):
2509         (JSC::B3::Air::TmpHash::equal):
2510         * b3/air/AirTmpInlines.h: Added.
2511         (JSC::B3::Air::Tmp::Tmp):
2512         * b3/air/AirValidate.cpp: Added.
2513         (JSC::B3::Air::validate):
2514         * b3/air/AirValidate.h: Added.
2515         * b3/air/opcode_generator.rb: Added.
2516         * b3/generate_pattern_matcher.rb: Added.
2517         * b3/testb3.cpp: Added.
2518         (JSC::B3::compileAndRun):
2519         (JSC::B3::test42):
2520         (JSC::B3::testLoad42):
2521         (JSC::B3::testArg):
2522         (JSC::B3::testAddArgs):
2523         (JSC::B3::testAddArgs32):
2524         (JSC::B3::testStore):
2525         (JSC::B3::testTrunc):
2526         (JSC::B3::testAdd1):
2527         (JSC::B3::testStoreAddLoad):
2528         (JSC::B3::testStoreAddAndLoad):
2529         (JSC::B3::testAdd1Uncommuted):
2530         (JSC::B3::testLoadOffset):
2531         (JSC::B3::testLoadOffsetNotConstant):
2532         (JSC::B3::testLoadOffsetUsingAdd):
2533         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2534         (JSC::B3::run):
2535         (run):
2536         (main):
2537         * bytecode/CodeBlock.h:
2538         (JSC::CodeBlock::specializationKind):
2539         * jit/Reg.h:
2540         (JSC::Reg::index):
2541         (JSC::Reg::isSet):
2542         (JSC::Reg::operator bool):
2543         (JSC::Reg::isHashTableDeletedValue):
2544         (JSC::Reg::AllRegsIterable::iterator::iterator):
2545         (JSC::Reg::AllRegsIterable::iterator::operator*):
2546         (JSC::Reg::AllRegsIterable::iterator::operator++):
2547         (JSC::Reg::AllRegsIterable::iterator::operator==):
2548         (JSC::Reg::AllRegsIterable::iterator::operator!=):
2549         (JSC::Reg::AllRegsIterable::begin):
2550         (JSC::Reg::AllRegsIterable::end):
2551         (JSC::Reg::all):
2552         (JSC::Reg::invalid):
2553         (JSC::Reg::operator!): Deleted.
2554         * jit/RegisterAtOffsetList.cpp:
2555         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
2556         * jit/RegisterAtOffsetList.h:
2557         (JSC::RegisterAtOffsetList::clear):
2558         (JSC::RegisterAtOffsetList::size):
2559         (JSC::RegisterAtOffsetList::begin):
2560         (JSC::RegisterAtOffsetList::end):
2561         * jit/RegisterSet.h:
2562         (JSC::RegisterSet::operator==):
2563         (JSC::RegisterSet::hash):
2564         (JSC::RegisterSet::forEach):
2565         (JSC::RegisterSet::setAny):
2566
2567 2015-10-28  Mark Lam  <mark.lam@apple.com>
2568
2569         Rename MacroAssembler::callProbe() to probe().
2570         https://bugs.webkit.org/show_bug.cgi?id=150641
2571
2572         Reviewed by Saam Barati.
2573
2574         To do this, I needed to disambiguate between the low-level probe() from the
2575         high-level version that takes a std::function.  I did this by changing the low-
2576         level version to not take default args anymore.
2577
2578         * assembler/AbstractMacroAssembler.h:
2579         * assembler/MacroAssembler.cpp:
2580         (JSC::stdFunctionCallback):
2581         (JSC::MacroAssembler::probe):
2582         (JSC::MacroAssembler::callProbe): Deleted.
2583         * assembler/MacroAssembler.h:
2584         (JSC::MacroAssembler::urshift32):
2585         * assembler/MacroAssemblerARM.h:
2586         (JSC::MacroAssemblerARM::repatchCall):
2587         * assembler/MacroAssemblerARM64.h:
2588         (JSC::MacroAssemblerARM64::repatchCall):
2589         * assembler/MacroAssemblerARMv7.h:
2590         (JSC::MacroAssemblerARMv7::repatchCall):
2591         * assembler/MacroAssemblerPrinter.h:
2592         (JSC::MacroAssemblerPrinter::print):
2593         * assembler/MacroAssemblerX86Common.h:
2594         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
2595
2596 2015-10-28  Timothy Hatcher  <timothy@apple.com>
2597
2598         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
2599         https://bugs.webkit.org/show_bug.cgi?id=148728
2600
2601         Reviewed by Joseph Pecoraro.
2602
2603         * Scripts/jsmin.py:
2604         (JavascriptMinify.minify): Make backtick a quoting character.
2605
2606 2015-10-28  Brian Burg  <bburg@apple.com>
2607
2608         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
2609         https://bugs.webkit.org/show_bug.cgi?id=150536
2610
2611         Reviewed by Yusuke Suzuki.
2612
2613         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
2614         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
2615
2616         Generate primary header includes separately from secondary header includes so we can
2617         put the guard between the two header groups, as is customary in WebKit C++ code.
2618
2619         New tests:
2620
2621         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
2622         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
2623         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
2624
2625         * Scripts/builtins/builtins_generate_combined_implementation.py:
2626         (BuiltinsCombinedImplementationGenerator.generate_output):
2627         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
2628         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
2629         * Scripts/builtins/builtins_generate_separate_header.py:
2630         (BuiltinsSeparateHeaderGenerator.generate_output):
2631         (generate_secondary_header_includes):
2632         (generate_header_includes): Deleted.
2633         * Scripts/builtins/builtins_generate_separate_implementation.py:
2634         (BuiltinsSeparateImplementationGenerator.generate_output):
2635         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
2636         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
2637         * Scripts/builtins/builtins_generate_separate_wrapper.py:
2638         (BuiltinsSeparateWrapperGenerator.generate_output):
2639         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
2640         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
2641         * Scripts/builtins/builtins_generator.py:
2642         (BuiltinsGenerator.generate_includes_from_entries):
2643         (BuiltinsGenerator):
2644         (BuiltinsGenerator.generate_primary_header_includes):
2645         * Scripts/builtins/builtins_model.py:
2646         (BuiltinObject.__init__):
2647         (BuiltinsCollection.parse_builtins_file):
2648         (BuiltinsCollection._parse_annotations):
2649         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
2650         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
2651         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
2652         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
2653         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
2654         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
2655         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
2656         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
2657         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
2658         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2659         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2660         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2661         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2662
2663 2015-10-28  Mark Lam  <mark.lam@apple.com>
2664
2665         Update FTL to support UntypedUse operands for op_sub.
2666         https://bugs.webkit.org/show_bug.cgi?id=150562
2667
2668         Reviewed by Geoffrey Garen.
2669
2670         * assembler/MacroAssemblerARM64.h:
2671         - make the dataTempRegister and memoryTempRegister public so that we can
2672           move input registers out of them if needed.
2673
2674         * ftl/FTLCapabilities.cpp:
2675         (JSC::FTL::canCompile):
2676         - We can now compile ArithSub.
2677
2678         * ftl/FTLCompile.cpp:
2679         - Added BinaryArithGenerationContext to shuffle registers into a state that is
2680           expected by the baseline snippet generator.  This includes:
2681           1. Making sure that the input and output registers are not in the tag or
2682              scratch registers.
2683           2. Loading the tag registers with expected values.
2684           3. Restoring the registers to their original value on return.
2685         - Added code to implement the ArithSub inline cache.
2686
2687         * ftl/FTLInlineCacheDescriptor.h:
2688         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
2689         (JSC::FTL::ArithSubDescriptor::leftType):
2690         (JSC::FTL::ArithSubDescriptor::rightType):
2691
2692         * ftl/FTLInlineCacheSize.cpp:
2693         (JSC::FTL::sizeOfArithSub):
2694         * ftl/FTLInlineCacheSize.h:
2695
2696         * ftl/FTLLowerDFGToLLVM.cpp:
2697         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
2698         - Added handling for UnusedType for the ArithSub case.
2699
2700         * ftl/FTLState.h:
2701         * jit/GPRInfo.h:
2702         (JSC::GPRInfo::reservedRegisters):
2703
2704         * jit/JITSubGenerator.h:
2705         (JSC::JITSubGenerator::generateFastPath):
2706         - When the result is in the same as one of the input registers, we'll end up
2707           corrupting the input in fast path even if we determine that we need to go to
2708           the slow path.  We now move the input into the scratch register and operate
2709           on that instead and only move the result into the result register only after
2710           the fast path has succeeded.
2711
2712         * tests/stress/op_sub.js:
2713         (o1.valueOf):
2714         (runTest):
2715         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
2716
2717 2015-10-28  Mark Lam  <mark.lam@apple.com>
2718
2719         Fix a typo in ProbeContext::fpr().
2720         https://bugs.webkit.org/show_bug.cgi?id=150629
2721
2722         Reviewed by Yusuke Suzuki.
2723
2724         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
2725
2726         * assembler/AbstractMacroAssembler.h:
2727         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
2728
2729 2015-10-28  Mark Lam  <mark.lam@apple.com>
2730
2731         Add ability to print the PC register from JIT'ed code.
2732         https://bugs.webkit.org/show_bug.cgi?id=150561
2733
2734         Reviewed by Geoffrey Garen.
2735
2736         * assembler/MacroAssemblerPrinter.cpp:
2737         (JSC::printPC):
2738         (JSC::MacroAssemblerPrinter::printCallback):
2739         * assembler/MacroAssemblerPrinter.h:
2740         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
2741
2742 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2743
2744         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
2745         https://bugs.webkit.org/show_bug.cgi?id=150615
2746
2747         Reviewed by Timothy Hatcher.
2748
2749         * inspector/protocol/Timeline.json:
2750
2751 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2752
2753         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
2754         https://bugs.webkit.org/show_bug.cgi?id=150605
2755
2756         Reviewed by Timothy Hatcher.
2757
2758         * inspector/protocol/Timeline.json:
2759
2760 2015-10-27  Michael Saboff  <msaboff@apple.com>
2761
2762         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
2763         https://bugs.webkit.org/show_bug.cgi?id=150580
2764
2765         Reviewed by Mark Lam.
2766
2767         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
2768         them in the shuffler.
2769
2770         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
2771         as we could be making space to spill a register so that we have a spare that we can use for the new
2772         frame's base pointer.
2773
2774         * ftl/FTLJSTailCall.cpp:
2775         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
2776         arguments stored in the stack.
2777         * ftl/FTLLowerDFGToLLVM.cpp:
2778         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
2779         * jit/CallFrameShuffler.cpp:
2780         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
2781
2782 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2783
2784         [ES6] Add DFG/FTL support for accessor put operations
2785         https://bugs.webkit.org/show_bug.cgi?id=148860
2786
2787         Reviewed by Geoffrey Garen.
2788
2789         This patch introduces accessor defining ops into DFG and FTL.
2790         The following DFG nodes are introduced.
2791
2792             op_put_getter_by_id  => PutGetterById
2793             op_put_setter_by_id  => PutSetterById
2794             op_put_getter_setter => PutGetterSetterById
2795             op_put_getter_by_val => PutGetterByVal
2796             op_put_setter_by_val => PutSetterByVal
2797
2798         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
2799
2800         To use operations defined for baseline JIT, we clean up existing operations.
2801         And reuse these operations in DFG and FTL.
2802
2803         * dfg/DFGAbstractInterpreterInlines.h:
2804         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2805         * dfg/DFGByteCodeParser.cpp:
2806         (JSC::DFG::ByteCodeParser::parseBlock):
2807         * dfg/DFGCapabilities.cpp:
2808         (JSC::DFG::capabilityLevel):
2809         * dfg/DFGClobberize.h:
2810         (JSC::DFG::clobberize):
2811         * dfg/DFGDoesGC.cpp:
2812         (JSC::DFG::doesGC):
2813         * dfg/DFGFixupPhase.cpp:
2814         (JSC::DFG::FixupPhase::fixupNode):
2815         * dfg/DFGNode.h:
2816         (JSC::DFG::Node::hasIdentifier):
2817         (JSC::DFG::Node::hasAccessorAttributes):
2818         (JSC::DFG::Node::accessorAttributes):
2819         * dfg/DFGNodeType.h:
2820         * dfg/DFGPredictionPropagationPhase.cpp:
2821         (JSC::DFG::PredictionPropagationPhase::propagate):
2822         * dfg/DFGSafeToExecute.h:
2823         (JSC::DFG::safeToExecute):
2824         * dfg/DFGSpeculativeJIT.cpp:
2825         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
2826         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
2827         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
2828         We should fill all GPRs before calling flushRegisters().
2829         * dfg/DFGSpeculativeJIT.h:
2830         (JSC::DFG::SpeculativeJIT::callOperation):
2831         * dfg/DFGSpeculativeJIT32_64.cpp:
2832         (JSC::DFG::SpeculativeJIT::compile):
2833         * dfg/DFGSpeculativeJIT64.cpp:
2834         (JSC::DFG::SpeculativeJIT::compile):
2835         * ftl/FTLCapabilities.cpp:
2836         (JSC::FTL::canCompile):
2837         * ftl/FTLIntrinsicRepository.h:
2838         * ftl/FTLLowerDFGToLLVM.cpp:
2839         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2840         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
2841         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
2842         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
2843         * jit/JIT.h:
2844         * jit/JITInlines.h:
2845         (JSC::JIT::callOperation):
2846         * jit/JITOperations.cpp:
2847         * jit/JITOperations.h:
2848         * jit/JITPropertyAccess.cpp:
2849         (JSC::JIT::emit_op_put_getter_by_id):
2850         (JSC::JIT::emit_op_put_setter_by_id):
2851         (JSC::JIT::emit_op_put_getter_setter):
2852         * jit/JITPropertyAccess32_64.cpp:
2853         (JSC::JIT::emit_op_put_getter_by_id):
2854         (JSC::JIT::emit_op_put_setter_by_id):
2855         (JSC::JIT::emit_op_put_getter_setter):
2856         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
2857         (shouldBe):
2858         (testAttribute):
2859         (getter.Cocoa.prototype.get hello):
2860         (getter.Cocoa):
2861         (getter):
2862         (setter.Cocoa):
2863         (setter.Cocoa.prototype.set hello):
2864         (setter):
2865         (accessors.Cocoa):
2866         (accessors.Cocoa.prototype.get hello):
2867         (accessors.Cocoa.prototype.set hello):
2868         (accessors):
2869         * tests/stress/dfg-put-accessors-by-id.js: Added.
2870         (shouldBe):
2871         (testAttribute):
2872         (getter.object.get hello):
2873         (getter):
2874         (setter.object.set hello):
2875         (setter):
2876         (accessors.object.get hello):
2877         (accessors.object.set hello):
2878         (accessors):
2879         * tests/stress/dfg-put-getter-by-id-class.js: Added.
2880         (shouldBe):
2881         (testAttribute):
2882         (getter.Cocoa):
2883         (getter.Cocoa.prototype.get hello):
2884         (getter.Cocoa.prototype.get name):
2885         (getter):
2886         * tests/stress/dfg-put-getter-by-id.js: Added.
2887         (shouldBe):
2888         (testAttribute):
2889         (getter.object.get hello):
2890         (getter):
2891         * tests/stress/dfg-put-getter-by-val-class.js: Added.
2892         (shouldBe):
2893         (testAttribute):
2894         (getter.Cocoa):
2895         (getter.Cocoa.prototype.get name):
2896         (getter):
2897         * tests/stress/dfg-put-getter-by-val.js: Added.
2898         (shouldBe):
2899         (testAttribute):
2900         (getter.object.get name):
2901         (getter):
2902         * tests/stress/dfg-put-setter-by-id-class.js: Added.
2903         (shouldBe):
2904         (testAttribute):
2905         (getter.Cocoa):
2906         (getter.Cocoa.prototype.set hello):
2907         (getter.Cocoa.prototype.get name):
2908         (getter):
2909         * tests/stress/dfg-put-setter-by-id.js: Added.
2910         (shouldBe):
2911         (testAttribute):
2912         (setter.object.set hello):
2913         (setter):
2914         * tests/stress/dfg-put-setter-by-val-class.js: Added.
2915         (shouldBe):
2916         (testAttribute):
2917         (setter.Cocoa):
2918         (setter.Cocoa.prototype.set name):
2919         (setter):
2920         * tests/stress/dfg-put-setter-by-val.js: Added.
2921         (shouldBe):
2922         (testAttribute):
2923         (setter.object.set name):
2924         (setter):
2925
2926 2015-10-26  Mark Lam  <mark.lam@apple.com>
2927
2928         Add logging to warn about under-estimated FTL inline cache sizes.
2929         https://bugs.webkit.org/show_bug.cgi?id=150570
2930
2931         Reviewed by Geoffrey Garen.
2932
2933         Added 2 options:
2934         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
2935            estimates that are less than the actual needed code size.
2936
2937            This option is useful for when we add a new IC and want to compute an
2938            estimated size for the IC.  To do this:
2939            1. Build jsc for the target port with a very small IC size (enough to
2940               store the jump instruction needed for the out of line fallback
2941               implementation).
2942            2. Implement a test suite with scenarios that exercise all the code paths in
2943               the IC generator.
2944            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.
2945            4. The max value reported by the dumps will be the worst case size needed to
2946               store the IC.  We should use this value for our estimate.
2947            5. Update the IC's estimated size and rebuild jsc.
2948            6. Re-run (3) and confirm that there are no more error messages about the
2949               IC sizing.
2950
2951         2. JSC_assertICSizing - same as JSC_dumpFailedICSizing except that it also
2952            crashes the VM each time it encounters an inadequate IC size estimate.
2953
2954            This option is useful for regression testing to ensure that our estimates
2955            do not regress.
2956
2957         * ftl/FTLCompile.cpp:
2958         (JSC::FTL::generateInlineIfPossibleOutOfLineIfNot):
2959         * runtime/Options.h:
2960
2961 2015-10-26  Saam barati  <sbarati@apple.com>
2962
2963         r190735 Caused us to maybe trample the base's tag-GPR on 32-bit inline cache when the cache allocates a scratch register and then jumps to the slow path
2964         https://bugs.webkit.org/show_bug.cgi?id=150532
2965
2966         Reviewed by Geoffrey Garen.
2967
2968         The base's tag register used to show up in the used register set
2969         before r190735 because of how the DFG kept track of used register. I changed this 
2970         in my work on inline caching because we don't want to spill these registers
2971         when we have a GetByIdFlush/PutByIdFlush and we use the used register set
2972         as the metric of what to spill. That said, these registers should be locked
2973         and not used as scratch registers by the scratch register allocator. The
2974         reason is that our inline cache may fail and jump to the slow path. The slow
2975         path then uses the base's tag register. If the inline cache used the base's tag
2976         register as a scratch and the inline cache fails and jumps to the slow path, we
2977         have a problem because the tag may now be trampled.
2978
2979         Note that this doesn't mean that we can't trample the base's tag register when making
2980         a call. We can totally trample the register as long as the inline cache succeeds in a GetByIdFlush/PutByIdFlush.
2981         The problem is only when we trample it and then jump to the slow path.
2982
2983         This patch fixes this bug by making StructureStubInfo keep track of the base's
2984         tag GPR. PolymorphicAccess then locks this register when using the ScratchRegisterAllocator.
2985
2986         * bytecode/PolymorphicAccess.cpp:
2987         (JSC::AccessCase::generate):
2988         (JSC::PolymorphicAccess::regenerate):
2989         * bytecode/StructureStubInfo.h:
2990         * dfg/DFGSpeculativeJIT.cpp:
2991         (JSC::DFG::SpeculativeJIT::compileIn):
2992         * jit/JITInlineCacheGenerator.cpp:
2993         (JSC::JITByIdGenerator::JITByIdGenerator):
2994         * tests/stress/regress-150532.js: Added.
2995         (assert):
2996         (randomFunction):
2997         (foo):
2998         (i.switch):
2999
3000 2015-10-24  Brian Burg  <bburg@apple.com>
3001
3002         Teach create_hash_table to omit builtins macros when generating tables for native-only objects
3003         https://bugs.webkit.org/show_bug.cgi?id=150491
3004
3005         Reviewed by Yusuke Suzuki.
3006
3007         In order to support separate compilation for generated builtins files, we need to be able to
3008         include specific builtins headers from generated .lut.h files. However, the create_hash_table
3009         script isn't smart enough to figure out when a generated file might actually contain a builtin.
3010         Without further help, we'd have to include an all-in-one header, mostly defeating the point of
3011         generating separate .h and .cpp files for every builtin.
3012
3013         This patch segregates the pure native and partially builtin sources in the build system, and
3014         gives hints to create_hash_table so that it doesn't even generate checks for builtins if the
3015         input file has no builtin method implementations. Also do some modernization and code cleanup.
3016
3017         * CMakeLists.txt:
3018
3019         Generate each group with different flags to create_hash_table. Change the macro to take
3020         flags through the variable LUT_GENERATOR_FLAGS. Set this as necessary before calling macro.
3021         Add an additional hint to CMake that the .cpp source file depends on the generated file.
3022
3023         * DerivedSources.make:
3024
3025         Generate each group with different flags to create_hash_table. Clean up the 'all' target
3026         so that static dependencies are listed first. Use static patterns to decide which .lut.h
3027         files require which flags. Reduce fragile usages of implicit variables.
3028
3029         * JavaScriptCore.xcodeproj/project.pbxproj:
3030
3031         Add some missing .lut.h files to the Derived Sources group. Sort the project.
3032
3033         * create_hash_table:
3034
3035         Parse options in a sane way using GetOpt::Long. Remove ability to specify a custom namespace
3036         since this isn't actually used anywhere. Normalize placement of newlines in quoted strings.
3037         Only generate builtins macros and includes if the source file is known to have some builtins.
3038
3039 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
3040
3041         Web Inspector: Remove unused ScrollLayer Timeline EventType
3042         https://bugs.webkit.org/show_bug.cgi?id=150518
3043
3044         Reviewed by Timothy Hatcher.
3045
3046         * inspector/protocol/Timeline.json:
3047
3048 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
3049
3050         Web Inspector: Clean up InspectorInstrumentation includes
3051         https://bugs.webkit.org/show_bug.cgi?id=150523
3052
3053         Reviewed by Timothy Hatcher.
3054
3055         * inspector/agents/InspectorConsoleAgent.cpp:
3056         (Inspector::InspectorConsoleAgent::consoleMessageArgumentCounts): Deleted.
3057         * inspector/agents/InspectorConsoleAgent.h:
3058
3059 2015-10-23  Michael Saboff  <msaboff@apple.com>
3060
3061         REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584
3062         https://bugs.webkit.org/show_bug.cgi?id=150513
3063
3064         Reviewed by Saam Barati.
3065
3066         Add check in linkPolymorphicCall() to make sure we have a CodeBlock for the newly added variant.
3067         If not, we turn the call into a virtual call.
3068
3069         The bug was caused by a stack overflow when preparing the function for execution.  This properly
3070         threw an exception, however linkPolymorphicCall() didn't check for this error case.
3071
3072         Added a new test function "failNextNewCodeBlock()" to test tools to simplify the testing.
3073
3074         * API/JSCTestRunnerUtils.cpp:
3075         (JSC::failNextNewCodeBlock):
3076         (JSC::numberOfDFGCompiles):
3077         * API/JSCTestRunnerUtils.h:
3078         * jit/Repatch.cpp:
3079         (JSC::linkPolymorphicCall):
3080         * jsc.cpp:
3081         (GlobalObject::finishCreation):
3082         (functionTransferArrayBuffer):
3083         (functionFailNextNewCodeBlock):
3084         (functionQuit):
3085         * runtime/Executable.cpp:
3086         (JSC::ScriptExecutable::prepareForExecutionImpl):
3087         * runtime/TestRunnerUtils.cpp:
3088         (JSC::optimizeNextInvocation):
3089         (JSC::failNextNewCodeBlock):
3090         (JSC::numberOfDFGCompiles):
3091         * runtime/TestRunnerUtils.h:
3092         * runtime/VM.h:
3093         (JSC::VM::setFailNextNewCodeBlock):
3094         (JSC::VM::getAndClearFailNextNewCodeBlock):
3095         (JSC::VM::stackPointerAtVMEntry):
3096
3097 2015-10-23  Commit Queue  <commit-queue@webkit.org>
3098
3099         Unreviewed, rolling out r191500.
3100         https://bugs.webkit.org/show_bug.cgi?id=150526
3101
3102         Broke two JSC regression tests (Requested by msaboff on
3103         #webkit).
3104
3105         Reverted changeset:
3106
3107         "[ES6] Add DFG/FTL support for accessor put operations"
3108         https://bugs.webkit.org/show_bug.cgi?id=148860
3109         http://trac.webkit.org/changeset/191500
3110
3111 2015-10-23  Yusuke Suzuki  <utatane.tea@gmail.com>
3112
3113         [ES6] Add DFG/FTL support for accessor put operations
3114         https://bugs.webkit.org/show_bug.cgi?id=148860
3115
3116         Reviewed by Geoffrey Garen.
3117
3118         This patch introduces accessor defining ops into DFG and FTL.
3119         The following DFG nodes are introduced.
3120
3121             op_put_getter_by_id  => PutGetterById
3122             op_put_setter_by_id  => PutSetterById
3123             op_put_getter_setter => PutGetterSetterById
3124             op_put_getter_by_val => PutGetterByVal
3125             op_put_setter_by_val => PutSetterByVal
3126
3127         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3128
3129         To use operations defined for baseline JIT, we clean up existing operations.
3130         And reuse these operations in DFG and FTL.
3131
3132         * dfg/DFGAbstractInterpreterInlines.h:
3133         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3134         * dfg/DFGByteCodeParser.cpp:
3135         (JSC::DFG::ByteCodeParser::parseBlock):
3136         * dfg/DFGCapabilities.cpp:
3137         (JSC::DFG::capabilityLevel):
3138         * dfg/DFGClobberize.h:
3139         (JSC::DFG::clobberize):
3140         * dfg/DFGDoesGC.cpp:
3141         (JSC::DFG::doesGC):
3142         * dfg/DFGFixupPhase.cpp:
3143         (JSC::DFG::FixupPhase::fixupNode):
3144         * dfg/DFGNode.h:
3145         (JSC::DFG::Node::hasIdentifier):
3146         (JSC::DFG::Node::hasAccessorAttributes):
3147         (JSC::DFG::Node::accessorAttributes):
3148         * dfg/DFGNodeType.h:
3149         * dfg/DFGPredictionPropagationPhase.cpp:
3150         (JSC::DFG::PredictionPropagationPhase::propagate):
3151         * dfg/DFGSafeToExecute.h:
3152         (JSC::DFG::safeToExecute):
3153         * dfg/DFGSpeculativeJIT.cpp:
3154         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3155         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3156         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3157         * dfg/DFGSpeculativeJIT.h:
3158         (JSC::DFG::SpeculativeJIT::callOperation):
3159         * dfg/DFGSpeculativeJIT32_64.cpp:
3160         (JSC::DFG::SpeculativeJIT::compile):
3161         * dfg/DFGSpeculativeJIT64.cpp:
3162         (JSC::DFG::SpeculativeJIT::compile):
3163         * ftl/FTLCapabilities.cpp:
3164         (JSC::FTL::canCompile):
3165         * ftl/FTLIntrinsicRepository.h:
3166         * ftl/FTLLowerDFGToLLVM.cpp:
3167         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3168         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3169         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3170         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3171         * jit/JIT.h:
3172         * jit/JITInlines.h:
3173         (JSC::JIT::callOperation):
3174         * jit/JITOperations.cpp:
3175         * jit/JITOperations.h:
3176         * jit/JITPropertyAccess.cpp:
3177         (JSC::JIT::emit_op_put_getter_by_id):
3178         (JSC::JIT::emit_op_put_setter_by_id):
3179         (JSC::JIT::emit_op_put_getter_setter):
3180         * jit/JITPropertyAccess32_64.cpp:
3181         (JSC::JIT::emit_op_put_getter_by_id):
3182         (JSC::JIT::emit_op_put_setter_by_id):
3183         (JSC::JIT::emit_op_put_getter_setter):
3184         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3185         (shouldBe):
3186         (testAttribute):
3187         (getter.Cocoa.prototype.get hello):
3188         (getter.Cocoa):
3189         (getter):
3190         (setter.Cocoa):
3191         (setter.Cocoa.prototype.set hello):
3192         (setter):
3193         (accessors.Cocoa):
3194         (accessors.Cocoa.prototype.get hello):
3195         (accessors.Cocoa.prototype.set hello):
3196         (accessors):
3197         * tests/stress/dfg-put-accessors-by-id.js: Added.
3198         (shouldBe):
3199         (testAttribute):
3200         (getter.object.get hello):
3201         (getter):
3202         (setter.object.set hello):
3203         (setter):
3204         (accessors.object.get hello):
3205         (accessors.object.set hello):
3206         (accessors):
3207         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3208         (shouldBe):
3209         (testAttribute):
3210         (getter.Cocoa):
3211         (getter.Cocoa.prototype.get hello):
3212         (getter.Cocoa.prototype.get name):
3213         (getter):
3214         * tests/stress/dfg-put-getter-by-id.js: Added.
3215         (shouldBe):
3216         (testAttribute):
3217         (getter.object.get hello):
3218         (getter):
3219         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3220         (shouldBe):
3221         (testAttribute):
3222         (getter.Cocoa):
3223         (getter.Cocoa.prototype.get name):
3224         (getter):
3225         * tests/stress/dfg-put-getter-by-val.js: Added.
3226         (shouldBe):
3227         (testAttribute):
3228         (getter.object.get name):
3229         (getter):
3230         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3231         (shouldBe):
3232         (testAttribute):
3233         (getter.Cocoa):
3234         (getter.Cocoa.prototype.set hello):
3235         (getter.Cocoa.prototype.get name):
3236         (getter):
3237         * tests/stress/dfg-put-setter-by-id.js: Added.
3238         (shouldBe):
3239         (testAttribute):
3240         (setter.object.set hello):
3241         (setter):
3242         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3243         (shouldBe):
3244         (testAttribute):
3245         (setter.Cocoa):
3246         (setter.Cocoa.prototype.set name):
3247         (setter):
3248         * tests/stress/dfg-put-setter-by-val.js: Added.
3249         (shouldBe):
3250         (testAttribute):
3251         (setter.object.set name):
3252         (setter):
3253
3254 2015-10-22  Joseph Pecoraro  <pecoraro@apple.com>
3255
3256         Web Inspector: Remove unused Timeline GCEvent Record type
3257         https://bugs.webkit.org/show_bug.cgi?id=150477
3258
3259         Reviewed by Timothy Hatcher.
3260
3261         Garbage Collection events go through the Heap domain, not the
3262         Timeline domain (long time ago for Chromium).
3263
3264         * inspector/protocol/Timeline.json:
3265
3266 2015-10-22  Michael Saboff  <msaboff@apple.com>
3267
3268         REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at JavaScriptCore:JSC::ExecState::bytecodeOffset + 174
3269         https://bugs.webkit.org/show_bug.cgi?id=150434
3270
3271         Reviewed by Mark Lam.
3272
3273         Pass the current frame instead of the caller frame to operationVMHandleException when processing an
3274         exception in one of the native thunks.
3275
3276         * jit/JITExceptions.cpp:
3277         (JSC::genericUnwind): Made debug printing of CodeBlock safe for call frames without one.
3278         * jit/JITOpcodes32_64.cpp:
3279         (JSC::JIT::privateCompileCTINativeCall):
3280         * jit/ThunkGenerators.cpp:
3281         (JSC::nativeForGenerator):
3282
3283 2015-10-21  Brian Burg  <bburg@apple.com>
3284
3285         Restructure generate-js-bindings script to be modular and testable
3286         https://bugs.webkit.org/show_bug.cgi?id=149929
3287
3288         Reviewed by Alex Christensen.
3289
3290         This is a new code generator, based on the replay inputs code generator and
3291         the inspector protocol code generator, which produces various files for JS
3292         builtins.
3293
3294         Relative to the generator it replaces, this one consolidates two scripts in
3295         JavaScriptCore and WebCore into a single script with multiple files. Parsed
3296         information about the builtins file is stored in backend-independent model
3297         objects. Each output file has its own code generator that uses the model to
3298         produce resulting code. Generators are additionally parameterized by the target
3299         framework (to choose correct macros and includes) and output mode (one
3300         header/implementation file per builtin or per framework).
3301
3302         It includes a few simple tests of the generator's functionality. These result-
3303         based tests will become increasingly more important as we start to add support
3304         for builtins annotation such as @optional, @internal, etc. to the code generator.
3305
3306         Some of these complexities, such as having two output modes, will be removed in
3307         subsequent patches. This patch is intended to exactly replace the existing
3308         functionality with a unified script that makes additional cleanups straightforward.
3309
3310         Additional cleanup and consolidation between inspector code generator scripts
3311         and this script will be pursued in followup patches.
3312
3313         New tests:
3314
3315         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js
3316         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js
3317         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js
3318         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js
3319         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js
3320         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js
3321         Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js
3322         Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js
3323         Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js
3324         Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js
3325
3326
3327         * CMakeLists.txt:
3328
3329             Copy the scripts that are used by other targets to a staging directory inside
3330             ${DERIVED_SOURCES_DIR}/ForwardingHeaders/JavaScriptCore/Scripts.
3331             Define JavaScriptCore_SCRIPTS_DIR to point here so that the add_custom_command
3332             and shared file lists are identical between JavaScriptCore and WebCore. The staged
3333             scripts are a dependency of the main JavaScriptCore target so that they are
3334             always staged, even if JavaScriptCore itself does not use a particular script.
3335
3336             The output files additionally depend on all builtin generator script files
3337             and input files that are combined into the single header/implementation file.
3338
3339         * DerivedSources.make:
3340
3341             Define JavaScriptCore_SCRIPTS_DIR explicitly so the rule for code generation and
3342             shared file lists are identical between JavaScriptCore and WebCore.
3343
3344             The output files additionally depend on all builtin generator script files
3345             and input files that are combined into the single header/implementation file.
3346
3347         * JavaScriptCore.xcodeproj/project.pbxproj:
3348
3349             Mark the new builtins generator files as private headers so we can use them from
3350             WebCore.
3351
3352         * Scripts/UpdateContents.py: Renamed from Source/JavaScriptCore/UpdateContents.py.
3353         * Scripts/builtins/__init__.py: Added.
3354         * Scripts/builtins/builtins.py: Added.
3355         * Scripts/builtins/builtins_generator.py: Added. This file contains the base generator.
3356         (WK_lcfirst):
3357         (WK_ucfirst):
3358         (BuiltinsGenerator):
3359         (BuiltinsGenerator.__init__):
3360         (BuiltinsGenerator.model):
3361         (BuiltinsGenerator.generate_license):
3362         (BuiltinsGenerator.generate_includes_from_entries):
3363         (BuiltinsGenerator.generate_output):
3364         (BuiltinsGenerator.output_filename):
3365         (BuiltinsGenerator.mangledNameForFunction):
3366         (BuiltinsGenerator.mangledNameForFunction.toCamel):
3367         (BuiltinsGenerator.generate_embedded_code_string_section_for_function):
3368         * Scripts/builtins/builtins_model.py: Added. This file contains builtins model objects.
3369         (ParseException):
3370         (Framework):
3371         (Framework.__init__):
3372         (Framework.setting):
3373         (Framework.fromString):
3374         (Frameworks):
3375         (BuiltinObject):
3376         (BuiltinObject.__init__):
3377         (BuiltinFunction):
3378         (BuiltinFunction.__init__):
3379         (BuiltinFunction.fromString):
3380         (BuiltinFunction.__str__):
3381         (BuiltinsCollection):
3382         (BuiltinsCollection.__init__):
3383         (BuiltinsCollection.parse_builtins_file):
3384         (BuiltinsCollection.copyrights):
3385         (BuiltinsCollection.all_functions):
3386         (BuiltinsCollection._parse_copyright_lines):
3387         (BuiltinsCollection._parse_functions):
3388         * Scripts/builtins/builtins_templates.py: Added.
3389         (BuiltinsGeneratorTemplates):
3390         * Scripts/builtins/builtins_generate_combined_header.py: Added.
3391         (BuiltinsCombinedHeaderGenerator):
3392         (BuiltinsCombinedHeaderGenerator.__init__):
3393         (BuiltinsCombinedHeaderGenerator.output_filename):
3394         (BuiltinsCombinedHeaderGenerator.generate_output):