Remove obsolete experimental ObjC SPI.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-13  Mark Lam  <mark.lam@apple.com>
2
3         Remove obsolete experimental ObjC SPI.
4         https://bugs.webkit.org/show_bug.cgi?id=169569
5
6         Reviewed by Saam Barati.
7
8         * API/JSVirtualMachine.mm:
9         (-[JSVirtualMachine enableSigillCrashAnalyzer]): Deleted.
10         * API/JSVirtualMachinePrivate.h: Removed.
11         * JavaScriptCore.xcodeproj/project.pbxproj:
12
13 2017-03-13  Commit Queue  <commit-queue@webkit.org>
14
15         Unreviewed, rolling out r213856.
16         https://bugs.webkit.org/show_bug.cgi?id=169562
17
18         Breaks JSC stress test stress/super-property-access.js.ftl-
19         eager failing (Requested by mlam|g on #webkit).
20
21         Reverted changeset:
22
23         "FTL should not flush strict arguments unless it really needs
24         to"
25         https://bugs.webkit.org/show_bug.cgi?id=169519
26         http://trac.webkit.org/changeset/213856
27
28 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
29
30         [JSC][Linux] Allow profilers to demangle C++ names
31         https://bugs.webkit.org/show_bug.cgi?id=169559
32
33         Reviewed by Michael Catanzaro.
34
35         Linux also offers dladdr & demangling feature.
36         Thus, we can use it to show the names in profilers.
37         For example, SamplingProfiler tells us the C function names.
38
39         * runtime/SamplingProfiler.cpp:
40         (JSC::SamplingProfiler::StackFrame::displayName):
41         * tools/CodeProfile.cpp:
42         (JSC::symbolName):
43
44 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
45
46         [WTF] Clean up RunLoop and WorkQueue with Seconds and Function
47         https://bugs.webkit.org/show_bug.cgi?id=169537
48
49         Reviewed by Sam Weinig.
50
51         * runtime/Watchdog.cpp:
52         (JSC::Watchdog::startTimer):
53
54 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
55
56         FTL should not flush strict arguments unless it really needs to
57         https://bugs.webkit.org/show_bug.cgi?id=169519
58
59         Reviewed by Mark Lam.
60         
61         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
62         in DFG SSA IR. It can sometimes unlock other optimizations.
63
64         * dfg/DFGPreciseLocalClobberize.h:
65         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
66
67 2017-03-13  Caio Lima  <ticaiolima@gmail.com>
68
69         [JSC] It should be possible create a label named let when parsing Statement in non strict mode
70         https://bugs.webkit.org/show_bug.cgi?id=168684
71
72         Reviewed by Saam Barati.
73
74         This patch is fixing a Parser bug to allow define a label named
75         ```let``` in sloppy mode when parsing a Statement.
76
77         * parser/Parser.cpp:
78         (JSC::Parser<LexerType>::parseStatement):
79
80 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
81
82         Structure::willStoreValueSlow needs to keep the property table alive until the end
83         https://bugs.webkit.org/show_bug.cgi?id=169520
84
85         Reviewed by Michael Saboff.
86
87         We use pointers logically interior to `propertyTable` after doing a GC. We need to prevent the
88         compiler from optimizing away pointers to `propertyTable`.
89         
90         * heap/HeapCell.cpp:
91         (JSC::HeapCell::use):
92         * heap/HeapCell.h:
93         (JSC::HeapCell::use): Introduce API for keeping a pointer alive until some point in execution.
94         * runtime/Structure.cpp:
95         (JSC::Structure::willStoreValueSlow): Use HeapCell::use() to keep the pointer alive.
96
97 2017-03-11  Yusuke Suzuki  <utatane.tea@gmail.com>
98
99         Unreviewed, suprress warnings in JSC B3
100
101         * b3/B3Opcode.cpp:
102
103 2017-03-11  Michael Saboff  <msaboff@apple.com>
104
105         Allow regular expressions to be used when selecting a process name in JSC config file
106         https://bugs.webkit.org/show_bug.cgi?id=169495
107
108         Reviewed by Saam Barati.
109
110         Only added regular expression selectors for unix like platforms.
111
112         * runtime/ConfigFile.cpp:
113         (JSC::ConfigFileScanner::tryConsumeRegExPattern):
114         (JSC::ConfigFile::parse):
115
116 2017-03-11  Jon Lee  <jonlee@apple.com>
117
118         WebGPU prototype - Front-End
119         https://bugs.webkit.org/show_bug.cgi?id=167952
120
121         Reviewed by Dean Jackson.
122
123         * runtime/CommonIdentifiers.h: Add WebGPU objects.
124
125 2017-03-10  Filip Pizlo  <fpizlo@apple.com>
126
127         The JITs should be able to emit fast TLS loads
128         https://bugs.webkit.org/show_bug.cgi?id=169483
129
130         Reviewed by Keith Miller.
131         
132         Added loadFromTLS32/64/Ptr to the MacroAssembler and added a B3 test for this.
133
134         * assembler/ARM64Assembler.h:
135         (JSC::ARM64Assembler::mrs_TPIDRRO_EL0):
136         * assembler/MacroAssembler.h:
137         (JSC::MacroAssembler::loadFromTLSPtr):
138         * assembler/MacroAssemblerARM64.h:
139         (JSC::MacroAssemblerARM64::loadFromTLS32):
140         (JSC::MacroAssemblerARM64::loadFromTLS64):
141         * assembler/MacroAssemblerX86Common.h:
142         (JSC::MacroAssemblerX86Common::loadFromTLS32):
143         * assembler/MacroAssemblerX86_64.h:
144         (JSC::MacroAssemblerX86_64::loadFromTLS64):
145         * assembler/X86Assembler.h:
146         (JSC::X86Assembler::adcl_im):
147         (JSC::X86Assembler::addl_mr):
148         (JSC::X86Assembler::addl_im):
149         (JSC::X86Assembler::andl_im):
150         (JSC::X86Assembler::orl_im):
151         (JSC::X86Assembler::orl_rm):
152         (JSC::X86Assembler::subl_im):
153         (JSC::X86Assembler::cmpb_im):
154         (JSC::X86Assembler::cmpl_rm):
155         (JSC::X86Assembler::cmpl_im):
156         (JSC::X86Assembler::testb_im):
157         (JSC::X86Assembler::movb_i8m):
158         (JSC::X86Assembler::movb_rm):
159         (JSC::X86Assembler::movl_mr):
160         (JSC::X86Assembler::movq_mr):
161         (JSC::X86Assembler::movsxd_rr):
162         (JSC::X86Assembler::gs):
163         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
164         * b3/testb3.cpp:
165         (JSC::B3::testFastTLS):
166         (JSC::B3::run):
167
168 2017-03-10  Alex Christensen  <achristensen@webkit.org>
169
170         Fix watch and tv builds after r213294
171         https://bugs.webkit.org/show_bug.cgi?id=169508
172
173         Reviewed by Dan Bernstein.
174
175         * Configurations/FeatureDefines.xcconfig:
176
177 2017-03-10  Saam Barati  <sbarati@apple.com>
178
179         WebAssembly: Make more demos run
180         https://bugs.webkit.org/show_bug.cgi?id=165510
181         <rdar://problem/29760310>
182
183         Reviewed by Keith Miller.
184
185         This patch makes another Wasm demo run:
186         https://kripken.github.io/BananaBread/cube2/bb.html
187         
188         This patch fixes two bugs:
189         1. When WebAssemblyFunctionType was added, we did not properly
190         update the last JS type value.
191         2. Our code for our JS -> Wasm entrypoint was wrong. It lead to bad
192         code generation where we would emit B3 that would write over r12
193         and rbx (on x86) which is invalid since those are our pinned registers.
194         This patch just rewrites the entrypoint to use hand written assembler
195         code. I was planning on doing this anyways because it's a compile
196         time speed boost.
197         
198         Also, this patch adds support for some new API features:
199         We can now export an import, either via a direct export, or via a Table and the
200         Element section. I've added a new class called WebAssemblyWrapperFunction that
201         just wraps over a JSObject that is a function. Wrapper functions have types
202         associated with them, so if they're re-imported, or called via call_indirect,
203         they can be type checked.
204
205         * CMakeLists.txt:
206         * JavaScriptCore.xcodeproj/project.pbxproj:
207         * runtime/JSGlobalObject.cpp:
208         (JSC::JSGlobalObject::init):
209         (JSC::JSGlobalObject::visitChildren):
210         * runtime/JSGlobalObject.h:
211         (JSC::JSGlobalObject::webAssemblyWrapperFunctionStructure):
212         * runtime/JSType.h:
213         * wasm/JSWebAssemblyCodeBlock.h:
214         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
215         * wasm/WasmB3IRGenerator.cpp:
216         (JSC::Wasm::createJSToWasmWrapper):
217         * wasm/WasmCallingConvention.h:
218         (JSC::Wasm::CallingConvention::headerSizeInBytes):
219         * wasm/js/JSWebAssemblyHelpers.h:
220         (JSC::isWebAssemblyHostFunction):
221         * wasm/js/JSWebAssemblyInstance.cpp:
222         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
223         * wasm/js/JSWebAssemblyInstance.h:
224         (JSC::JSWebAssemblyInstance::importFunction):
225         (JSC::JSWebAssemblyInstance::importFunctions):
226         (JSC::JSWebAssemblyInstance::setImportFunction):
227         * wasm/js/JSWebAssemblyTable.cpp:
228         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
229         (JSC::JSWebAssemblyTable::grow):
230         (JSC::JSWebAssemblyTable::clearFunction):
231         (JSC::JSWebAssemblyTable::setFunction):
232         * wasm/js/JSWebAssemblyTable.h:
233         (JSC::JSWebAssemblyTable::getFunction):
234         * wasm/js/WebAssemblyFunction.cpp:
235         (JSC::callWebAssemblyFunction):
236         * wasm/js/WebAssemblyInstanceConstructor.cpp:
237         (JSC::WebAssemblyInstanceConstructor::createInstance):
238         * wasm/js/WebAssemblyModuleRecord.cpp:
239         (JSC::WebAssemblyModuleRecord::link):
240         (JSC::WebAssemblyModuleRecord::evaluate):
241         * wasm/js/WebAssemblyModuleRecord.h:
242         * wasm/js/WebAssemblyTablePrototype.cpp:
243         (JSC::webAssemblyTableProtoFuncGet):
244         (JSC::webAssemblyTableProtoFuncSet):
245         * wasm/js/WebAssemblyWrapperFunction.cpp: Added.
246         (JSC::callWebAssemblyWrapperFunction):
247         (JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
248         (JSC::WebAssemblyWrapperFunction::create):
249         (JSC::WebAssemblyWrapperFunction::finishCreation):
250         (JSC::WebAssemblyWrapperFunction::createStructure):
251         (JSC::WebAssemblyWrapperFunction::visitChildren):
252         * wasm/js/WebAssemblyWrapperFunction.h: Added.
253         (JSC::WebAssemblyWrapperFunction::signatureIndex):
254         (JSC::WebAssemblyWrapperFunction::wasmEntrypoint):
255         (JSC::WebAssemblyWrapperFunction::function):
256
257 2017-03-10  Mark Lam  <mark.lam@apple.com>
258
259         JSC: BindingNode::bindValue doesn't increase the scope's reference count.
260         https://bugs.webkit.org/show_bug.cgi?id=168546
261         <rdar://problem/30589551>
262
263         Reviewed by Saam Barati.
264
265         We should protect the scope RegisterID with a RefPtr while it is still needed.
266
267         * bytecompiler/NodesCodegen.cpp:
268         (JSC::ForInNode::emitLoopHeader):
269         (JSC::ForOfNode::emitBytecode):
270         (JSC::BindingNode::bindValue):
271
272 2017-03-10  Alex Christensen  <achristensen@webkit.org>
273
274         Fix CMake build.
275
276         * CMakeLists.txt:
277         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
278
279 2017-03-10  Mark Lam  <mark.lam@apple.com>
280
281         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
282         https://bugs.webkit.org/show_bug.cgi?id=169454
283
284         Reviewed by Michael Saboff.
285
286         The underlying implementation is hoisted right out of Assertions.cpp from the
287         implementations of WTFPrintBacktrace().
288
289         The reason we need this StackTrace object is because during heap debugging, we
290         sometimes want to capture the stack trace that allocated the objects of interest.
291         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
292         perturb the execution profile sufficiently that an issue may not reproduce,
293         while alternatively, just capturing the stack trace and deferring printing it
294         till we actually need it later perturbs the execution profile less.
295
296         In addition, just capturing the stack traces (instead of printing them
297         immediately at each capture site) allows us to avoid polluting stdout with tons
298         of stack traces that may be irrelevant.
299
300         For now, we only capture the native stack trace.  We'll leave capturing and
301         integrating the JS stack trace as an exercise for the future if we need it then.
302
303         Here's an example of how to use this StackTrace utility:
304
305             // Capture a stack trace of the top 10 frames.
306             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
307             // Print the trace.
308             dataLog(*trace);
309
310         * CMakeLists.txt:
311         * JavaScriptCore.xcodeproj/project.pbxproj:
312         * tools/StackTrace.cpp: Added.
313         (JSC::StackTrace::instanceSize):
314         (JSC::StackTrace::captureStackTrace):
315         (JSC::StackTrace::dump):
316         * tools/StackTrace.h: Added.
317         (JSC::StackTrace::size):
318         (JSC::StackTrace::StackTrace):
319
320 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
321
322         B3 should have comprehensive support for atomic operations
323         https://bugs.webkit.org/show_bug.cgi?id=162349
324
325         Reviewed by Keith Miller.
326         
327         This adds the following capabilities to B3:
328         
329         - Atomic weak/strong unfenced/fenced compare-and-swap
330         - Atomic add/sub/or/and/xor/xchg
331         - Acquire/release fencing on loads/stores
332         - Fenceless load-load dependencies
333         
334         This adds lowering to the following instructions on x86:
335         
336         - lock cmpxchg
337         - lock xadd
338         - lock add/sub/or/and/xor/xchg
339         
340         This adds lowering to the following instructions on ARM64:
341         
342         - ldar and friends
343         - stlr and friends
344         - ldxr and friends (unfenced LL)
345         - stxr and friends (unfended SC)
346         - ldaxr and friends (fenced LL)
347         - stlxr and friends (fenced SC)
348         - eor as a fenceless load-load dependency
349         
350         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
351         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
352         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
353         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
354         generate the best possible branch sequence on x86 and ARM64.
355         
356         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
357         respect to each other and with respect to rel stores, creating sequential consistency that
358         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
359         fence effects may only target some abstract heaps but not others, so that load elimination and
360         store sinking can still operate across fences if you just tell B3 that the fence does not alias
361         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
362         Even better, it lets you express fine-grained dependencies where the atomics that affect one
363         property in shared memory do not clobber non-atomics that ffect some other property in shared
364         memory.
365         
366         One of my favorite features is Depend, which allows you to express load-load dependencies. On
367         x86 it lowers to nothing, while on ARM64 it lowers to eor.
368         
369         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
370         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
371         
372         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
373         implementations of the Atomics object, for now.
374         
375         * CMakeLists.txt:
376         * JavaScriptCore.xcodeproj/project.pbxproj:
377         * assembler/ARM64Assembler.h:
378         (JSC::ARM64Assembler::ldar):
379         (JSC::ARM64Assembler::ldxr):
380         (JSC::ARM64Assembler::ldaxr):
381         (JSC::ARM64Assembler::stxr):
382         (JSC::ARM64Assembler::stlr):
383         (JSC::ARM64Assembler::stlxr):
384         (JSC::ARM64Assembler::excepnGenerationImmMask):
385         (JSC::ARM64Assembler::exoticLoad):
386         (JSC::ARM64Assembler::storeRelease):
387         (JSC::ARM64Assembler::exoticStore):
388         * assembler/AbstractMacroAssembler.cpp: Added.
389         (WTF::printInternal):
390         * assembler/AbstractMacroAssembler.h:
391         (JSC::AbstractMacroAssemblerBase::invert):
392         * assembler/MacroAssembler.h:
393         * assembler/MacroAssemblerARM64.h:
394         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
395         (JSC::MacroAssemblerARM64::loadAcq8):
396         (JSC::MacroAssemblerARM64::storeRel8):
397         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
398         (JSC::MacroAssemblerARM64::loadAcq16):
399         (JSC::MacroAssemblerARM64::storeRel16):
400         (JSC::MacroAssemblerARM64::loadAcq32):
401         (JSC::MacroAssemblerARM64::loadAcq64):
402         (JSC::MacroAssemblerARM64::storeRel32):
403         (JSC::MacroAssemblerARM64::storeRel64):
404         (JSC::MacroAssemblerARM64::loadLink8):
405         (JSC::MacroAssemblerARM64::loadLinkAcq8):
406         (JSC::MacroAssemblerARM64::storeCond8):
407         (JSC::MacroAssemblerARM64::storeCondRel8):
408         (JSC::MacroAssemblerARM64::loadLink16):
409         (JSC::MacroAssemblerARM64::loadLinkAcq16):
410         (JSC::MacroAssemblerARM64::storeCond16):
411         (JSC::MacroAssemblerARM64::storeCondRel16):
412         (JSC::MacroAssemblerARM64::loadLink32):
413         (JSC::MacroAssemblerARM64::loadLinkAcq32):
414         (JSC::MacroAssemblerARM64::storeCond32):
415         (JSC::MacroAssemblerARM64::storeCondRel32):
416         (JSC::MacroAssemblerARM64::loadLink64):
417         (JSC::MacroAssemblerARM64::loadLinkAcq64):
418         (JSC::MacroAssemblerARM64::storeCond64):
419         (JSC::MacroAssemblerARM64::storeCondRel64):
420         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
421         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
422         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
423         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
424         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
425         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
426         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
427         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
428         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
429         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
430         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
431         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
432         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
433         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
434         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
435         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
436         (JSC::MacroAssemblerARM64::depend32):
437         (JSC::MacroAssemblerARM64::depend64):
438         (JSC::MacroAssemblerARM64::loadLink):
439         (JSC::MacroAssemblerARM64::loadLinkAcq):
440         (JSC::MacroAssemblerARM64::storeCond):
441         (JSC::MacroAssemblerARM64::storeCondRel):
442         (JSC::MacroAssemblerARM64::signExtend):
443         (JSC::MacroAssemblerARM64::branch):
444         (JSC::MacroAssemblerARM64::atomicStrongCAS):
445         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
446         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
447         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
448         (JSC::MacroAssemblerARM64::extractSimpleAddress):
449         (JSC::MacroAssemblerARM64::signExtend<8>):
450         (JSC::MacroAssemblerARM64::signExtend<16>):
451         (JSC::MacroAssemblerARM64::branch<64>):
452         * assembler/MacroAssemblerX86Common.h:
453         (JSC::MacroAssemblerX86Common::add32):
454         (JSC::MacroAssemblerX86Common::and32):
455         (JSC::MacroAssemblerX86Common::and16):
456         (JSC::MacroAssemblerX86Common::and8):
457         (JSC::MacroAssemblerX86Common::neg32):
458         (JSC::MacroAssemblerX86Common::neg16):
459         (JSC::MacroAssemblerX86Common::neg8):
460         (JSC::MacroAssemblerX86Common::or32):
461         (JSC::MacroAssemblerX86Common::or16):
462         (JSC::MacroAssemblerX86Common::or8):
463         (JSC::MacroAssemblerX86Common::sub16):
464         (JSC::MacroAssemblerX86Common::sub8):
465         (JSC::MacroAssemblerX86Common::sub32):
466         (JSC::MacroAssemblerX86Common::xor32):
467         (JSC::MacroAssemblerX86Common::xor16):
468         (JSC::MacroAssemblerX86Common::xor8):
469         (JSC::MacroAssemblerX86Common::not32):
470         (JSC::MacroAssemblerX86Common::not16):
471         (JSC::MacroAssemblerX86Common::not8):
472         (JSC::MacroAssemblerX86Common::store16):
473         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
474         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
475         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
476         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
477         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
478         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
479         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
480         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
481         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
482         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
483         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
484         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
485         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
486         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
487         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
488         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
489         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
490         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
491         (JSC::MacroAssemblerX86Common::atomicAdd8):
492         (JSC::MacroAssemblerX86Common::atomicAdd16):
493         (JSC::MacroAssemblerX86Common::atomicAdd32):
494         (JSC::MacroAssemblerX86Common::atomicSub8):
495         (JSC::MacroAssemblerX86Common::atomicSub16):
496         (JSC::MacroAssemblerX86Common::atomicSub32):
497         (JSC::MacroAssemblerX86Common::atomicAnd8):
498         (JSC::MacroAssemblerX86Common::atomicAnd16):
499         (JSC::MacroAssemblerX86Common::atomicAnd32):
500         (JSC::MacroAssemblerX86Common::atomicOr8):
501         (JSC::MacroAssemblerX86Common::atomicOr16):
502         (JSC::MacroAssemblerX86Common::atomicOr32):
503         (JSC::MacroAssemblerX86Common::atomicXor8):
504         (JSC::MacroAssemblerX86Common::atomicXor16):
505         (JSC::MacroAssemblerX86Common::atomicXor32):
506         (JSC::MacroAssemblerX86Common::atomicNeg8):
507         (JSC::MacroAssemblerX86Common::atomicNeg16):
508         (JSC::MacroAssemblerX86Common::atomicNeg32):
509         (JSC::MacroAssemblerX86Common::atomicNot8):
510         (JSC::MacroAssemblerX86Common::atomicNot16):
511         (JSC::MacroAssemblerX86Common::atomicNot32):
512         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
513         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
514         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
515         (JSC::MacroAssemblerX86Common::atomicXchg8):
516         (JSC::MacroAssemblerX86Common::atomicXchg16):
517         (JSC::MacroAssemblerX86Common::atomicXchg32):
518         (JSC::MacroAssemblerX86Common::loadAcq8):
519         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
520         (JSC::MacroAssemblerX86Common::loadAcq16):
521         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
522         (JSC::MacroAssemblerX86Common::loadAcq32):
523         (JSC::MacroAssemblerX86Common::storeRel8):
524         (JSC::MacroAssemblerX86Common::storeRel16):
525         (JSC::MacroAssemblerX86Common::storeRel32):
526         (JSC::MacroAssemblerX86Common::storeFence):
527         (JSC::MacroAssemblerX86Common::loadFence):
528         (JSC::MacroAssemblerX86Common::replaceWithJump):
529         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
530         (JSC::MacroAssemblerX86Common::patchableJumpSize):
531         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
532         (JSC::MacroAssemblerX86Common::supportsAVX):
533         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
534         (JSC::MacroAssemblerX86Common::x86Condition):
535         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
536         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
537         * assembler/MacroAssemblerX86_64.h:
538         (JSC::MacroAssemblerX86_64::add64):
539         (JSC::MacroAssemblerX86_64::and64):
540         (JSC::MacroAssemblerX86_64::neg64):
541         (JSC::MacroAssemblerX86_64::or64):
542         (JSC::MacroAssemblerX86_64::sub64):
543         (JSC::MacroAssemblerX86_64::xor64):
544         (JSC::MacroAssemblerX86_64::not64):
545         (JSC::MacroAssemblerX86_64::store64):
546         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
547         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
548         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
549         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
550         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
551         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
552         (JSC::MacroAssemblerX86_64::atomicAdd64):
553         (JSC::MacroAssemblerX86_64::atomicSub64):
554         (JSC::MacroAssemblerX86_64::atomicAnd64):
555         (JSC::MacroAssemblerX86_64::atomicOr64):
556         (JSC::MacroAssemblerX86_64::atomicXor64):
557         (JSC::MacroAssemblerX86_64::atomicNeg64):
558         (JSC::MacroAssemblerX86_64::atomicNot64):
559         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
560         (JSC::MacroAssemblerX86_64::atomicXchg64):
561         (JSC::MacroAssemblerX86_64::loadAcq64):
562         (JSC::MacroAssemblerX86_64::storeRel64):
563         * assembler/X86Assembler.h:
564         (JSC::X86Assembler::addl_mr):
565         (JSC::X86Assembler::addq_mr):
566         (JSC::X86Assembler::addq_rm):
567         (JSC::X86Assembler::addq_im):
568         (JSC::X86Assembler::andl_mr):
569         (JSC::X86Assembler::andl_rm):
570         (JSC::X86Assembler::andw_rm):
571         (JSC::X86Assembler::andb_rm):
572         (JSC::X86Assembler::andl_im):
573         (JSC::X86Assembler::andw_im):
574         (JSC::X86Assembler::andb_im):
575         (JSC::X86Assembler::andq_mr):
576         (JSC::X86Assembler::andq_rm):
577         (JSC::X86Assembler::andq_im):
578         (JSC::X86Assembler::incq_m):
579         (JSC::X86Assembler::negq_m):
580         (JSC::X86Assembler::negl_m):
581         (JSC::X86Assembler::negw_m):
582         (JSC::X86Assembler::negb_m):
583         (JSC::X86Assembler::notl_m):
584         (JSC::X86Assembler::notw_m):
585         (JSC::X86Assembler::notb_m):
586         (JSC::X86Assembler::notq_m):
587         (JSC::X86Assembler::orl_mr):
588         (JSC::X86Assembler::orl_rm):
589         (JSC::X86Assembler::orw_rm):
590         (JSC::X86Assembler::orb_rm):
591         (JSC::X86Assembler::orl_im):
592         (JSC::X86Assembler::orw_im):
593         (JSC::X86Assembler::orb_im):
594         (JSC::X86Assembler::orq_mr):
595         (JSC::X86Assembler::orq_rm):
596         (JSC::X86Assembler::orq_im):
597         (JSC::X86Assembler::subl_mr):
598         (JSC::X86Assembler::subl_rm):
599         (JSC::X86Assembler::subw_rm):
600         (JSC::X86Assembler::subb_rm):
601         (JSC::X86Assembler::subl_im):
602         (JSC::X86Assembler::subw_im):
603         (JSC::X86Assembler::subb_im):
604         (JSC::X86Assembler::subq_mr):
605         (JSC::X86Assembler::subq_rm):
606         (JSC::X86Assembler::subq_im):
607         (JSC::X86Assembler::xorl_mr):
608         (JSC::X86Assembler::xorl_rm):
609         (JSC::X86Assembler::xorl_im):
610         (JSC::X86Assembler::xorw_rm):
611         (JSC::X86Assembler::xorw_im):
612         (JSC::X86Assembler::xorb_rm):
613         (JSC::X86Assembler::xorb_im):
614         (JSC::X86Assembler::xorq_im):
615         (JSC::X86Assembler::xorq_rm):
616         (JSC::X86Assembler::xorq_mr):
617         (JSC::X86Assembler::xchgb_rm):
618         (JSC::X86Assembler::xchgw_rm):
619         (JSC::X86Assembler::xchgl_rm):
620         (JSC::X86Assembler::xchgq_rm):
621         (JSC::X86Assembler::movw_im):
622         (JSC::X86Assembler::movq_i32m):
623         (JSC::X86Assembler::cmpxchgb_rm):
624         (JSC::X86Assembler::cmpxchgw_rm):
625         (JSC::X86Assembler::cmpxchgl_rm):
626         (JSC::X86Assembler::cmpxchgq_rm):
627         (JSC::X86Assembler::xaddb_rm):
628         (JSC::X86Assembler::xaddw_rm):
629         (JSC::X86Assembler::xaddl_rm):
630         (JSC::X86Assembler::xaddq_rm):
631         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
632         * b3/B3AtomicValue.cpp: Added.
633         (JSC::B3::AtomicValue::~AtomicValue):
634         (JSC::B3::AtomicValue::dumpMeta):
635         (JSC::B3::AtomicValue::cloneImpl):
636         (JSC::B3::AtomicValue::AtomicValue):
637         * b3/B3AtomicValue.h: Added.
638         * b3/B3BasicBlock.h:
639         * b3/B3BlockInsertionSet.cpp:
640         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
641         (JSC::B3::BlockInsertionSet::insert): Deleted.
642         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
643         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
644         (JSC::B3::BlockInsertionSet::execute): Deleted.
645         * b3/B3BlockInsertionSet.h:
646         * b3/B3Effects.cpp:
647         (JSC::B3::Effects::interferes):
648         (JSC::B3::Effects::operator==):
649         (JSC::B3::Effects::dump):
650         * b3/B3Effects.h:
651         (JSC::B3::Effects::forCall):
652         (JSC::B3::Effects::mustExecute):
653         * b3/B3EliminateCommonSubexpressions.cpp:
654         * b3/B3Generate.cpp:
655         (JSC::B3::generateToAir):
656         * b3/B3GenericBlockInsertionSet.h: Added.
657         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
658         (JSC::B3::GenericBlockInsertionSet::insert):
659         (JSC::B3::GenericBlockInsertionSet::insertBefore):
660         (JSC::B3::GenericBlockInsertionSet::insertAfter):
661         (JSC::B3::GenericBlockInsertionSet::execute):
662         * b3/B3HeapRange.h:
663         (JSC::B3::HeapRange::operator|):
664         * b3/B3InsertionSet.cpp:
665         (JSC::B3::InsertionSet::insertClone):
666         * b3/B3InsertionSet.h:
667         * b3/B3LegalizeMemoryOffsets.cpp:
668         * b3/B3LowerMacros.cpp:
669         (JSC::B3::lowerMacros):
670         * b3/B3LowerMacrosAfterOptimizations.cpp:
671         * b3/B3LowerToAir.cpp:
672         (JSC::B3::Air::LowerToAir::LowerToAir):
673         (JSC::B3::Air::LowerToAir::run):
674         (JSC::B3::Air::LowerToAir::effectiveAddr):
675         (JSC::B3::Air::LowerToAir::addr):
676         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
677         (JSC::B3::Air::LowerToAir::appendShift):
678         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
679         (JSC::B3::Air::LowerToAir::storeOpcode):
680         (JSC::B3::Air::LowerToAir::createStore):
681         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
682         (JSC::B3::Air::LowerToAir::newBlock):
683         (JSC::B3::Air::LowerToAir::splitBlock):
684         (JSC::B3::Air::LowerToAir::fillStackmap):
685         (JSC::B3::Air::LowerToAir::appendX86Div):
686         (JSC::B3::Air::LowerToAir::appendX86UDiv):
687         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
688         (JSC::B3::Air::LowerToAir::storeCondOpcode):
689         (JSC::B3::Air::LowerToAir::appendCAS):
690         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
691         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
692         (JSC::B3::Air::LowerToAir::lower):
693         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
694         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
695         * b3/B3LowerToAir.h:
696         * b3/B3MemoryValue.cpp:
697         (JSC::B3::MemoryValue::isLegalOffset):
698         (JSC::B3::MemoryValue::accessType):
699         (JSC::B3::MemoryValue::accessBank):
700         (JSC::B3::MemoryValue::accessByteSize):
701         (JSC::B3::MemoryValue::dumpMeta):
702         (JSC::B3::MemoryValue::MemoryValue):
703         (JSC::B3::MemoryValue::accessWidth): Deleted.
704         * b3/B3MemoryValue.h:
705         * b3/B3MemoryValueInlines.h: Added.
706         (JSC::B3::MemoryValue::isLegalOffset):
707         (JSC::B3::MemoryValue::requiresSimpleAddr):
708         (JSC::B3::MemoryValue::accessWidth):
709         * b3/B3MoveConstants.cpp:
710         * b3/B3NativeTraits.h: Added.
711         * b3/B3Opcode.cpp:
712         (JSC::B3::storeOpcode):
713         (WTF::printInternal):
714         * b3/B3Opcode.h:
715         (JSC::B3::isLoad):
716         (JSC::B3::isStore):
717         (JSC::B3::isLoadStore):
718         (JSC::B3::isAtomic):
719         (JSC::B3::isAtomicCAS):
720         (JSC::B3::isAtomicXchg):
721         (JSC::B3::isMemoryAccess):
722         (JSC::B3::signExtendOpcode):
723         * b3/B3Procedure.cpp:
724         (JSC::B3::Procedure::dump):
725         * b3/B3Procedure.h:
726         (JSC::B3::Procedure::hasQuirks):
727         (JSC::B3::Procedure::setHasQuirks):
728         * b3/B3PureCSE.cpp:
729         (JSC::B3::pureCSE):
730         * b3/B3PureCSE.h:
731         * b3/B3ReduceStrength.cpp:
732         * b3/B3Validate.cpp:
733         * b3/B3Value.cpp:
734         (JSC::B3::Value::returnsBool):
735         (JSC::B3::Value::effects):
736         (JSC::B3::Value::key):
737         (JSC::B3::Value::performSubstitution):
738         (JSC::B3::Value::typeFor):
739         * b3/B3Value.h:
740         * b3/B3Width.cpp:
741         (JSC::B3::bestType):
742         * b3/B3Width.h:
743         (JSC::B3::canonicalWidth):
744         (JSC::B3::isCanonicalWidth):
745         (JSC::B3::mask):
746         * b3/air/AirArg.cpp:
747         (JSC::B3::Air::Arg::jsHash):
748         (JSC::B3::Air::Arg::dump):
749         (WTF::printInternal):
750         * b3/air/AirArg.h:
751         (JSC::B3::Air::Arg::isAnyUse):
752         (JSC::B3::Air::Arg::isColdUse):
753         (JSC::B3::Air::Arg::cooled):
754         (JSC::B3::Air::Arg::isEarlyUse):
755         (JSC::B3::Air::Arg::isLateUse):
756         (JSC::B3::Air::Arg::isAnyDef):
757         (JSC::B3::Air::Arg::isEarlyDef):
758         (JSC::B3::Air::Arg::isLateDef):
759         (JSC::B3::Air::Arg::isZDef):
760         (JSC::B3::Air::Arg::simpleAddr):
761         (JSC::B3::Air::Arg::statusCond):
762         (JSC::B3::Air::Arg::isSimpleAddr):
763         (JSC::B3::Air::Arg::isMemory):
764         (JSC::B3::Air::Arg::isStatusCond):
765         (JSC::B3::Air::Arg::isCondition):
766         (JSC::B3::Air::Arg::ptr):
767         (JSC::B3::Air::Arg::base):
768         (JSC::B3::Air::Arg::isGP):
769         (JSC::B3::Air::Arg::isFP):
770         (JSC::B3::Air::Arg::isValidForm):
771         (JSC::B3::Air::Arg::forEachTmpFast):
772         (JSC::B3::Air::Arg::forEachTmp):
773         (JSC::B3::Air::Arg::asAddress):
774         (JSC::B3::Air::Arg::asStatusCondition):
775         (JSC::B3::Air::Arg::isInvertible):
776         (JSC::B3::Air::Arg::inverted):
777         * b3/air/AirBasicBlock.cpp:
778         (JSC::B3::Air::BasicBlock::setSuccessors):
779         * b3/air/AirBasicBlock.h:
780         * b3/air/AirBlockInsertionSet.cpp: Added.
781         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
782         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
783         * b3/air/AirBlockInsertionSet.h: Added.
784         * b3/air/AirDumpAsJS.cpp: Removed.
785         * b3/air/AirDumpAsJS.h: Removed.
786         * b3/air/AirEliminateDeadCode.cpp:
787         (JSC::B3::Air::eliminateDeadCode):
788         * b3/air/AirGenerate.cpp:
789         (JSC::B3::Air::prepareForGeneration):
790         * b3/air/AirInstInlines.h:
791         (JSC::B3::Air::isAtomicStrongCASValid):
792         (JSC::B3::Air::isBranchAtomicStrongCASValid):
793         (JSC::B3::Air::isAtomicStrongCAS8Valid):
794         (JSC::B3::Air::isAtomicStrongCAS16Valid):
795         (JSC::B3::Air::isAtomicStrongCAS32Valid):
796         (JSC::B3::Air::isAtomicStrongCAS64Valid):
797         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
798         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
799         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
800         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
801         * b3/air/AirOpcode.opcodes:
802         * b3/air/AirOptimizeBlockOrder.cpp:
803         (JSC::B3::Air::optimizeBlockOrder):
804         * b3/air/AirPadInterference.cpp:
805         (JSC::B3::Air::padInterference):
806         * b3/air/AirSpillEverything.cpp:
807         (JSC::B3::Air::spillEverything):
808         * b3/air/opcode_generator.rb:
809         * b3/testb3.cpp:
810         (JSC::B3::testLoadAcq42):
811         (JSC::B3::testStoreRelAddLoadAcq32):
812         (JSC::B3::testStoreRelAddLoadAcq8):
813         (JSC::B3::testStoreRelAddFenceLoadAcq8):
814         (JSC::B3::testStoreRelAddLoadAcq16):
815         (JSC::B3::testStoreRelAddLoadAcq64):
816         (JSC::B3::testTrappingStoreElimination):
817         (JSC::B3::testX86LeaAddAdd):
818         (JSC::B3::testX86LeaAddShlLeftScale1):
819         (JSC::B3::testAtomicWeakCAS):
820         (JSC::B3::testAtomicStrongCAS):
821         (JSC::B3::testAtomicXchg):
822         (JSC::B3::testDepend32):
823         (JSC::B3::testDepend64):
824         (JSC::B3::run):
825         * runtime/Options.h:
826
827 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
828
829         Unreviewed typo fixes after r213652.
830         https://bugs.webkit.org/show_bug.cgi?id=168920
831
832         * assembler/MacroAssemblerARM.h:
833         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
834         * assembler/MacroAssemblerMIPS.h:
835         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
836
837 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
838
839         Unreviewed ARM buildfix after r213652.
840         https://bugs.webkit.org/show_bug.cgi?id=168920
841
842         r213652 used replaceWithBrk and replaceWithBkpt names for the same
843         function, which was inconsistent and caused build error in ARMAssembler.
844
845         * assembler/ARM64Assembler.h:
846         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
847         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
848         * assembler/ARMAssembler.h:
849         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
850         (JSC::ARMAssembler::replaceWithBrk): Deleted.
851         * assembler/MacroAssemblerARM64.h:
852         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
853
854 2017-03-10  Alex Christensen  <achristensen@webkit.org>
855
856         Win64 build fix.
857
858         * b3/B3FenceValue.h:
859         * b3/B3Value.h:
860         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
861         doesn't accomplish anything except making Visual Studio mad.
862         * b3/air/opcode_generator.rb:
863         winnt.h has naming collisions with enum values from AirOpcode.h.
864         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
865         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
866         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
867         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
868
869 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
870
871         Unreviewed, rolling out r213695.
872
873         This change broke the Windows build.
874
875         Reverted changeset:
876
877         "Implement a StackTrace utility object that can capture stack
878         traces for debugging."
879         https://bugs.webkit.org/show_bug.cgi?id=169454
880         http://trac.webkit.org/changeset/213695
881
882 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
883
884         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
885         https://bugs.webkit.org/show_bug.cgi?id=167962
886
887         Reviewed by Keith Miller.
888
889         Object Rest/Spread Destructing proposal is in stage 3[1] and this
890         Patch is a prototype implementation of it. A simple change over the
891         parser was necessary to support the new '...' token on Object Pattern
892         destruction rule. In the bytecode generator side, We changed the
893         bytecode generated on ObjectPatternNode::bindValue to store in an
894         array identifiers of already destructed properties, following spec draft
895         section[2], and then pass it as excludedNames to CopyDataProperties.
896         The rest destruction the calls copyDataProperties to perform the
897         copy of rest properties in rhs.
898
899         We also implemented CopyDataProperties as private JS global operation
900         on builtins/GlobalOperations.js following it's specification on [3].
901         It is implemented using Set object to verify if a property is on
902         excludedNames to keep this algorithm with O(n + m) complexity, where n
903         = number of source's own properties and m = excludedNames.length. 
904
905         As a requirement to use JSSets as constants, a change in
906         CodeBlock::create API was necessary, because JSSet creation can throws OOM
907         exception. Now, CodeBlock::finishCreation returns ```false``` if an
908         execption is throwed by
909         CodeBlock::setConstantIdentifierSetRegisters and then we return
910         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
911         check if CodeBlock was constructed properly and then, throw OOM
912         exception to the correct scope.
913
914         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
915         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
916         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
917
918         * builtins/BuiltinNames.h:
919         * builtins/GlobalOperations.js:
920         (globalPrivate.copyDataProperties):
921         * bytecode/CodeBlock.cpp:
922         (JSC::CodeBlock::finishCreation):
923         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
924         * bytecode/CodeBlock.h:
925         * bytecode/EvalCodeBlock.h:
926         (JSC::EvalCodeBlock::create):
927         * bytecode/FunctionCodeBlock.h:
928         (JSC::FunctionCodeBlock::create):
929         * bytecode/ModuleProgramCodeBlock.h:
930         (JSC::ModuleProgramCodeBlock::create):
931         * bytecode/ProgramCodeBlock.h:
932         (JSC::ProgramCodeBlock::create):
933         * bytecode/UnlinkedCodeBlock.h:
934         (JSC::UnlinkedCodeBlock::addSetConstant):
935         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
936         * bytecompiler/BytecodeGenerator.cpp:
937         (JSC::BytecodeGenerator::emitLoad):
938         * bytecompiler/BytecodeGenerator.h:
939         * bytecompiler/NodesCodegen.cpp:
940         (JSC::ObjectPatternNode::bindValue):
941         * parser/ASTBuilder.h:
942         (JSC::ASTBuilder::appendObjectPatternEntry):
943         (JSC::ASTBuilder::appendObjectPatternRestEntry):
944         (JSC::ASTBuilder::setContainsObjectRestElement):
945         * parser/Nodes.h:
946         (JSC::ObjectPatternNode::appendEntry):
947         (JSC::ObjectPatternNode::setContainsRestElement):
948         * parser/Parser.cpp:
949         (JSC::Parser<LexerType>::parseDestructuringPattern):
950         (JSC::Parser<LexerType>::parseProperty):
951         * parser/SyntaxChecker.h:
952         (JSC::SyntaxChecker::operatorStackPop):
953         * runtime/JSGlobalObject.cpp:
954         (JSC::JSGlobalObject::init):
955         * runtime/JSGlobalObjectFunctions.cpp:
956         (JSC::privateToObject):
957         * runtime/JSGlobalObjectFunctions.h:
958         * runtime/ScriptExecutable.cpp:
959         (JSC::ScriptExecutable::newCodeBlockFor):
960
961 2017-03-09  Mark Lam  <mark.lam@apple.com>
962
963         Implement a StackTrace utility object that can capture stack traces for debugging.
964         https://bugs.webkit.org/show_bug.cgi?id=169454
965
966         Reviewed by Michael Saboff.
967
968         The underlying implementation is hoisted right out of Assertions.cpp from the
969         implementations of WTFPrintBacktrace().
970
971         The reason we need this StackTrace object is because during heap debugging, we
972         sometimes want to capture the stack trace that allocated the objects of interest.
973         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
974         perturb the execution profile sufficiently that an issue may not reproduce,
975         while alternatively, just capturing the stack trace and deferring printing it
976         till we actually need it later perturbs the execution profile less.
977
978         In addition, just capturing the stack traces (instead of printing them
979         immediately at each capture site) allows us to avoid polluting stdout with tons
980         of stack traces that may be irrelevant.
981
982         For now, we only capture the native stack trace.  We'll leave capturing and
983         integrating the JS stack trace as an exercise for the future if we need it then.
984
985         Here's an example of how to use this StackTrace utility:
986
987             // Capture a stack trace of the top 10 frames.
988             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
989             // Print the trace.
990             dataLog(*trace);
991
992         * CMakeLists.txt:
993         * JavaScriptCore.xcodeproj/project.pbxproj:
994         * tools/StackTrace.cpp: Added.
995         (JSC::StackTrace::instanceSize):
996         (JSC::StackTrace::captureStackTrace):
997         (JSC::StackTrace::dump):
998         * tools/StackTrace.h: Added.
999         (JSC::StackTrace::StackTrace):
1000         (JSC::StackTrace::size):
1001
1002 2017-03-09  Keith Miller  <keith_miller@apple.com>
1003
1004         WebAssembly: Enable fast memory for WK2
1005         https://bugs.webkit.org/show_bug.cgi?id=169437
1006
1007         Reviewed by Tim Horton.
1008
1009         * JavaScriptCore.xcodeproj/project.pbxproj:
1010
1011 2017-03-09  Matt Baker  <mattbaker@apple.com>
1012
1013         Web Inspector: Add XHR breakpoints UI
1014         https://bugs.webkit.org/show_bug.cgi?id=168763
1015         <rdar://problem/30952439>
1016
1017         Reviewed by Joseph Pecoraro.
1018
1019         * inspector/protocol/DOMDebugger.json:
1020         Added clarifying comments to command descriptions.
1021
1022 2017-03-09  Michael Saboff  <msaboff@apple.com>
1023
1024         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
1025         https://bugs.webkit.org/show_bug.cgi?id=169387
1026
1027         Reviewed by Filip Pizlo.
1028
1029         Added a helper function, processConfigFile(), to process configuration file.
1030         Changed jsc.cpp to use that function in lieu of processing the config file
1031         manually.
1032
1033         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
1034         * jsc.cpp:
1035         (jscmain):
1036         * runtime/ConfigFile.cpp:
1037         (JSC::processConfigFile):
1038         * runtime/ConfigFile.h:
1039
1040 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
1041
1042         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
1043         https://bugs.webkit.org/show_bug.cgi?id=29687
1044         <rdar://problem/19281586>
1045
1046         Reviewed by Matt Baker and Brian Burg.
1047
1048         * inspector/protocol/Network.json:
1049         Add metrics object with optional properties to loadingFinished event.
1050
1051 2017-03-09  Youenn Fablet  <youenn@apple.com>
1052
1053         Minimal build is broken
1054         https://bugs.webkit.org/show_bug.cgi?id=169416
1055
1056         Reviewed by Chris Dumez.
1057
1058         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
1059         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
1060
1061         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
1062         (generate_members):
1063         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
1064         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
1065         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
1066
1067 2017-03-09  Daniel Bates  <dabates@apple.com>
1068
1069         Guard Credential Management implementation behind a runtime enabled feature flag
1070         https://bugs.webkit.org/show_bug.cgi?id=169364
1071         <rdar://problem/30957425>
1072
1073         Reviewed by Brent Fulgham.
1074
1075         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
1076         needed to guard these interfaces behind a runtime enabled feature flag.
1077
1078         * runtime/CommonIdentifiers.h:
1079
1080 2017-03-09  Mark Lam  <mark.lam@apple.com>
1081
1082         Refactoring some HeapVerifier code.
1083         https://bugs.webkit.org/show_bug.cgi?id=169443
1084
1085         Reviewed by Filip Pizlo.
1086
1087         Renamed LiveObjectData to CellProfile.
1088         Renamed LiveObjectList to CellList.
1089         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
1090         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
1091
1092         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
1093
1094         * CMakeLists.txt:
1095         * JavaScriptCore.xcodeproj/project.pbxproj:
1096         * heap/Heap.cpp:
1097         (JSC::Heap::runBeginPhase):
1098         (JSC::Heap::runEndPhase):
1099         * heap/HeapVerifier.cpp: Removed.
1100         * heap/HeapVerifier.h: Removed.
1101         * heap/LiveObjectData.h: Removed.
1102         * heap/LiveObjectList.cpp: Removed.
1103         * heap/LiveObjectList.h: Removed.
1104         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
1105         (JSC::CellList::findCell):
1106         (JSC::LiveObjectList::findObject): Deleted.
1107         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
1108         (JSC::CellList::CellList):
1109         (JSC::CellList::reset):
1110         (JSC::LiveObjectList::LiveObjectList): Deleted.
1111         (JSC::LiveObjectList::reset): Deleted.
1112         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
1113         (JSC::CellProfile::CellProfile):
1114         (JSC::LiveObjectData::LiveObjectData): Deleted.
1115         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
1116         (JSC::GatherCellFunctor::GatherCellFunctor):
1117         (JSC::GatherCellFunctor::visit):
1118         (JSC::GatherCellFunctor::operator()):
1119         (JSC::HeapVerifier::gatherLiveCells):
1120         (JSC::HeapVerifier::cellListForGathering):
1121         (JSC::trimDeadCellsFromList):
1122         (JSC::HeapVerifier::trimDeadCells):
1123         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
1124         (JSC::HeapVerifier::reportCell):
1125         (JSC::HeapVerifier::checkIfRecorded):
1126         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
1127         (JSC::GatherLiveObjFunctor::visit): Deleted.
1128         (JSC::GatherLiveObjFunctor::operator()): Deleted.
1129         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
1130         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
1131         (JSC::trimDeadObjectsFromList): Deleted.
1132         (JSC::HeapVerifier::trimDeadObjects): Deleted.
1133         (JSC::HeapVerifier::reportObject): Deleted.
1134         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
1135
1136 2017-03-09  Anders Carlsson  <andersca@apple.com>
1137
1138         Add delegate support to WebCore
1139         https://bugs.webkit.org/show_bug.cgi?id=169427
1140         Part of rdar://problem/28880714.
1141
1142         Reviewed by Geoffrey Garen.
1143
1144         * Configurations/FeatureDefines.xcconfig:
1145         Add feature define.
1146
1147 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
1148
1149         Web Inspector: Show individual messages in the content pane for a WebSocket
1150         https://bugs.webkit.org/show_bug.cgi?id=169011
1151
1152         Reviewed by Joseph Pecoraro.
1153
1154         Add walltime parameter and correct the description of Timestamp type.
1155
1156         * inspector/protocol/Network.json:
1157
1158 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1159
1160         Unreviewed, fix weak external symbol error.
1161
1162         * heap/SlotVisitor.h:
1163
1164 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1165
1166         std::isnan/isinf should work with WTF time classes
1167         https://bugs.webkit.org/show_bug.cgi?id=164991
1168
1169         Reviewed by Darin Adler.
1170         
1171         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
1172
1173         * runtime/AtomicsObject.cpp:
1174         (JSC::atomicsFuncWait):
1175
1176 2017-03-09  Mark Lam  <mark.lam@apple.com>
1177
1178         Use const AbstractLocker& (instead of const LockHolder&) in more places.
1179         https://bugs.webkit.org/show_bug.cgi?id=169424
1180
1181         Reviewed by Filip Pizlo.
1182
1183         * heap/CodeBlockSet.cpp:
1184         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
1185         * heap/CodeBlockSet.h:
1186         * heap/CodeBlockSetInlines.h:
1187         (JSC::CodeBlockSet::mark):
1188         * heap/ConservativeRoots.cpp:
1189         (JSC::CompositeMarkHook::CompositeMarkHook):
1190         * heap/MachineStackMarker.cpp:
1191         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1192         * heap/MachineStackMarker.h:
1193         * profiler/ProfilerDatabase.cpp:
1194         (JSC::Profiler::Database::ensureBytecodesFor):
1195         * profiler/ProfilerDatabase.h:
1196         * runtime/SamplingProfiler.cpp:
1197         (JSC::FrameWalker::FrameWalker):
1198         (JSC::CFrameWalker::CFrameWalker):
1199         (JSC::SamplingProfiler::createThreadIfNecessary):
1200         (JSC::SamplingProfiler::takeSample):
1201         (JSC::SamplingProfiler::start):
1202         (JSC::SamplingProfiler::pause):
1203         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
1204         (JSC::SamplingProfiler::clearData):
1205         (JSC::SamplingProfiler::releaseStackTraces):
1206         * runtime/SamplingProfiler.h:
1207         (JSC::SamplingProfiler::setStopWatch):
1208         * wasm/WasmMemory.cpp:
1209         (JSC::Wasm::availableFastMemories):
1210         (JSC::Wasm::activeFastMemories):
1211         (JSC::Wasm::viewActiveFastMemories):
1212         * wasm/WasmMemory.h:
1213
1214 2017-03-09  Saam Barati  <sbarati@apple.com>
1215
1216         WebAssembly: Make the Unity AngryBots demo run
1217         https://bugs.webkit.org/show_bug.cgi?id=169268
1218
1219         Reviewed by Keith Miller.
1220
1221         This patch fixes three bugs:
1222         1. The WasmBinding code for making a JS call was off
1223         by 1 in its stack layout code.
1224         2. The WasmBinding code had a "<" comparison instead
1225         of a ">=" comparison. This would cause us to calculate
1226         the wrong frame pointer offset.
1227         3. The code to reload wasm state inside B3IRGenerator didn't
1228         properly represent its effects.
1229
1230         * wasm/WasmB3IRGenerator.cpp:
1231         (JSC::Wasm::restoreWebAssemblyGlobalState):
1232         (JSC::Wasm::parseAndCompile):
1233         * wasm/WasmBinding.cpp:
1234         (JSC::Wasm::wasmToJs):
1235         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1236         (JSC::WebAssemblyInstanceConstructor::createInstance):
1237
1238 2017-03-09  Mark Lam  <mark.lam@apple.com>
1239
1240         Make the VM Traps mechanism non-polling for the DFG and FTL.
1241         https://bugs.webkit.org/show_bug.cgi?id=168920
1242         <rdar://problem/30738588>
1243
1244         Reviewed by Filip Pizlo.
1245
1246         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
1247            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
1248         2. Added assembler functions for overwriting an instruction with a breakpoint.
1249         3. Added a new JettisonDueToVMTraps jettison reason.
1250         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
1251            invalidation points with breakpoint instructions.
1252         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
1253         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
1254            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
1255            Options::usePollingTraps() to always be true.  This makes the VMTraps
1256            implementation fall back to using polling based traps only.
1257
1258         7. Make VMTraps support signal based traps.
1259
1260         Some design and implementation details of signal based VM traps:
1261
1262         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
1263
1264         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
1265           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
1266           we want to trap, and check for the occurence of one of the following events:
1267
1268           a. VMTraps::handleTraps() has been called for the requested trap, or
1269
1270           b. the VM is inactive and is no longer executing any JS code.  We determine
1271              this to be the case if the thread no longer owns the JSLock and the VM's
1272              entryScope is null.
1273
1274              Note: the thread can relinquish the JSLock while the VM's entryScope is not
1275              null.  This happens when the thread calls JSLock::dropAllLocks() before
1276              calling a host function that may block on IO (or whatever).  For our purpose,
1277              this counts as the VM still running JS code, and VM::fireTrap() will still
1278              be waiting.
1279
1280           If the SignalSender does not see either of these events, it will sleep for a
1281           while and then re-send SIGUSR1 and check for the events again.  When it sees
1282           one of these events, it will consider the mutator to have received the trap
1283           request.
1284
1285         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1286           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1287           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1288           safe to jettison the codeBlock.
1289
1290           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1291           insert the breakpoint instructions itself.  This is because we need the
1292           register state of the the mutator thread (that we want to trap in) in order to
1293           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1294           we don't have a generic way for the requester thread to get the register state
1295           of another thread.
1296
1297         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1298           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1299           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1300           baseline JIT code will eventually reach an op_check_traps and call
1301           VMTraps::handleTraps().
1302
1303           If the handler is not trapping at an invalidation point, then it must be
1304           observing an assertion failure (which also uses the breakpoint instruction).
1305           In this case, the handler will defer to the default SIGTRAP handler and crash.
1306
1307         - The reason we need the SignalSender is because SignalSender::send() is called
1308           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1309           send() needs to make use of the VM pointer, and it is not guaranteed that the
1310           VM will outlive the thread.  SignalSender provides the mechanism by which we
1311           can nullify the VM pointer when the VM dies so that the thread does not
1312           continue to use it.
1313
1314         * assembler/ARM64Assembler.h:
1315         (JSC::ARM64Assembler::replaceWithBrk):
1316         * assembler/ARMAssembler.h:
1317         (JSC::ARMAssembler::replaceWithBrk):
1318         * assembler/ARMv7Assembler.h:
1319         (JSC::ARMv7Assembler::replaceWithBkpt):
1320         * assembler/MIPSAssembler.h:
1321         (JSC::MIPSAssembler::replaceWithBkpt):
1322         * assembler/MacroAssemblerARM.h:
1323         (JSC::MacroAssemblerARM::replaceWithJump):
1324         * assembler/MacroAssemblerARM64.h:
1325         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1326         * assembler/MacroAssemblerARMv7.h:
1327         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1328         * assembler/MacroAssemblerMIPS.h:
1329         (JSC::MacroAssemblerMIPS::replaceWithJump):
1330         * assembler/MacroAssemblerX86Common.h:
1331         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1332         * assembler/X86Assembler.h:
1333         (JSC::X86Assembler::replaceWithInt3):
1334         * bytecode/CodeBlock.cpp:
1335         (JSC::CodeBlock::jettison):
1336         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1337         (JSC::CodeBlock::installVMTrapBreakpoints):
1338         * bytecode/CodeBlock.h:
1339         * bytecompiler/BytecodeGenerator.cpp:
1340         (JSC::BytecodeGenerator::emitCheckTraps):
1341         * dfg/DFGCommonData.cpp:
1342         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1343         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1344         * dfg/DFGCommonData.h:
1345         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1346         * dfg/DFGJumpReplacement.cpp:
1347         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1348         * dfg/DFGJumpReplacement.h:
1349         (JSC::DFG::JumpReplacement::dataLocation):
1350         * dfg/DFGNodeType.h:
1351         * heap/CodeBlockSet.cpp:
1352         (JSC::CodeBlockSet::contains):
1353         * heap/CodeBlockSet.h:
1354         * heap/CodeBlockSetInlines.h:
1355         (JSC::CodeBlockSet::iterate):
1356         * heap/Heap.cpp:
1357         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1358         * heap/Heap.h:
1359         * heap/HeapInlines.h:
1360         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1361         * heap/MachineStackMarker.h:
1362         (JSC::MachineThreads::threadsListHead):
1363         * jit/ExecutableAllocator.cpp:
1364         (JSC::ExecutableAllocator::isValidExecutableMemory):
1365         * jit/ExecutableAllocator.h:
1366         * profiler/ProfilerJettisonReason.cpp:
1367         (WTF::printInternal):
1368         * profiler/ProfilerJettisonReason.h:
1369         * runtime/JSLock.cpp:
1370         (JSC::JSLock::didAcquireLock):
1371         * runtime/Options.cpp:
1372         (JSC::overrideDefaults):
1373         * runtime/Options.h:
1374         * runtime/PlatformThread.h:
1375         (JSC::platformThreadSignal):
1376         * runtime/VM.cpp:
1377         (JSC::VM::~VM):
1378         (JSC::VM::ensureWatchdog):
1379         (JSC::VM::handleTraps): Deleted.
1380         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1381         * runtime/VM.h:
1382         (JSC::VM::ownerThread):
1383         (JSC::VM::traps):
1384         (JSC::VM::handleTraps):
1385         (JSC::VM::needTrapHandling):
1386         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1387         * runtime/VMTraps.cpp:
1388         (JSC::VMTraps::vm):
1389         (JSC::SignalContext::SignalContext):
1390         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1391         (JSC::vmIsInactive):
1392         (JSC::findActiveVMAndStackBounds):
1393         (JSC::handleSigusr1):
1394         (JSC::handleSigtrap):
1395         (JSC::installSignalHandlers):
1396         (JSC::sanitizedTopCallFrame):
1397         (JSC::isSaneFrame):
1398         (JSC::VMTraps::tryInstallTrapBreakpoints):
1399         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1400         (JSC::VMTraps::VMTraps):
1401         (JSC::VMTraps::willDestroyVM):
1402         (JSC::VMTraps::addSignalSender):
1403         (JSC::VMTraps::removeSignalSender):
1404         (JSC::VMTraps::SignalSender::willDestroyVM):
1405         (JSC::VMTraps::SignalSender::send):
1406         (JSC::VMTraps::fireTrap):
1407         (JSC::VMTraps::handleTraps):
1408         * runtime/VMTraps.h:
1409         (JSC::VMTraps::~VMTraps):
1410         (JSC::VMTraps::needTrapHandling):
1411         (JSC::VMTraps::notifyGrabAllLocks):
1412         (JSC::VMTraps::SignalSender::SignalSender):
1413         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1414         * tools/VMInspector.cpp:
1415         * tools/VMInspector.h:
1416         (JSC::VMInspector::getLock):
1417         (JSC::VMInspector::iterate):
1418
1419 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1420
1421         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1422         https://bugs.webkit.org/show_bug.cgi?id=169215
1423
1424         Reviewed by Mark Lam.
1425         
1426         This doesn't have a test because it would be a very complicated test.
1427
1428         * runtime/JSObject.h:
1429         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1430
1431 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1432
1433         WTF should make it super easy to do ARM concurrency tricks
1434         https://bugs.webkit.org/show_bug.cgi?id=169300
1435
1436         Reviewed by Mark Lam.
1437         
1438         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1439         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1440         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1441         machine code, I found other opportunities for improvement, like inlining the "am I
1442         marked" part of the marking functions.
1443
1444         * heap/Heap.cpp:
1445         (JSC::Heap::setGCDidJIT):
1446         * heap/HeapInlines.h:
1447         (JSC::Heap::testAndSetMarked):
1448         * heap/LargeAllocation.h:
1449         (JSC::LargeAllocation::isMarked):
1450         (JSC::LargeAllocation::isMarkedConcurrently):
1451         (JSC::LargeAllocation::aboutToMark):
1452         (JSC::LargeAllocation::testAndSetMarked):
1453         * heap/MarkedBlock.h:
1454         (JSC::MarkedBlock::areMarksStaleWithDependency):
1455         (JSC::MarkedBlock::aboutToMark):
1456         (JSC::MarkedBlock::isMarkedConcurrently):
1457         (JSC::MarkedBlock::isMarked):
1458         (JSC::MarkedBlock::testAndSetMarked):
1459         * heap/SlotVisitor.cpp:
1460         (JSC::SlotVisitor::appendSlow):
1461         (JSC::SlotVisitor::appendHiddenSlow):
1462         (JSC::SlotVisitor::appendHiddenSlowImpl):
1463         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1464         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1465         (JSC::SlotVisitor::appendHidden): Deleted.
1466         * heap/SlotVisitor.h:
1467         * heap/SlotVisitorInlines.h:
1468         (JSC::SlotVisitor::appendUnbarriered):
1469         (JSC::SlotVisitor::appendHidden):
1470         (JSC::SlotVisitor::append):
1471         (JSC::SlotVisitor::appendValues):
1472         (JSC::SlotVisitor::appendValuesHidden):
1473         * runtime/CustomGetterSetter.cpp:
1474         * runtime/JSObject.cpp:
1475         (JSC::JSObject::visitButterflyImpl):
1476         * runtime/JSObject.h:
1477
1478 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1479
1480         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1481         https://bugs.webkit.org/show_bug.cgi?id=160124
1482
1483         Reviewed by Mark Lam.
1484
1485         When performing CallVarargs, we will copy values to the stack.
1486         Before actually copying values, we need to adjust the stackPointerRegister
1487         to ensure copied values are in the allocated stack area.
1488         If we do not that, OS can break the values that is stored beyond the stack
1489         pointer. For example, signal stack can be constructed on these area, and
1490         breaks values.
1491
1492         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1493         in Linux port. Since Linux ports use signal to suspend and resume threads,
1494         signal handler is frequently called when enabling sampling profiler. Thus this
1495         crash occurs.
1496
1497         * dfg/DFGSpeculativeJIT32_64.cpp:
1498         (JSC::DFG::SpeculativeJIT::emitCall):
1499         * dfg/DFGSpeculativeJIT64.cpp:
1500         (JSC::DFG::SpeculativeJIT::emitCall):
1501         * ftl/FTLLowerDFGToB3.cpp:
1502         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1503         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1504         * jit/SetupVarargsFrame.cpp:
1505         (JSC::emitSetupVarargsFrameFastCase):
1506         * jit/SetupVarargsFrame.h:
1507
1508 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
1509
1510         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
1511         https://bugs.webkit.org/show_bug.cgi?id=164892
1512         <rdar://problem/29320562>
1513
1514         Reviewed by Brian Burg.
1515
1516         * inspector/protocol/Network.json:
1517         Replace "fromDiskCache" property with "source" property which includes
1518         more complete information about the source of this response (network,
1519         memory cache, disk cache, or unknown).
1520
1521         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1522         (_generate_class_for_object_declaration):
1523         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1524         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1525         * inspector/scripts/codegen/generator.py:
1526         (Generator):
1527         (Generator.open_fields):
1528         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
1529         enum and open accessor string symbol that would have the same name, only generate
1530         a specific list of open accessor strings. This reduces the list of exported
1531         symbols from all properties to just the ones that are needed. This can be
1532         cleaned up later if needed.
1533
1534         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
1535         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
1536         Test for open accessors generation.
1537
1538 2017-03-08  Keith Miller  <keith_miller@apple.com>
1539
1540         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
1541         https://bugs.webkit.org/show_bug.cgi?id=169290
1542
1543         Reviewed by Saam Barati.
1544
1545         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
1546         of some wasm fast memory.
1547
1548         * wasm/WasmFaultSignalHandler.cpp:
1549         (JSC::Wasm::trapHandler):
1550         (JSC::Wasm::enableFastMemory):
1551         * wasm/WasmMemory.cpp:
1552         (JSC::Wasm::activeFastMemories):
1553         (JSC::Wasm::viewActiveFastMemories):
1554         (JSC::Wasm::tryGetFastMemory):
1555         (JSC::Wasm::releaseFastMemory):
1556         * wasm/WasmMemory.h:
1557
1558 2017-03-07  Dean Jackson  <dino@apple.com>
1559
1560         Some platforms won't be able to create a GPUDevice
1561         https://bugs.webkit.org/show_bug.cgi?id=169314
1562         <rdar://problems/30907521>
1563
1564         Reviewed by Jon Lee.
1565
1566         Disable WEB_GPU on the iOS Simulator.
1567
1568         * Configurations/FeatureDefines.xcconfig:
1569
1570 2017-03-06  Saam Barati  <sbarati@apple.com>
1571
1572         WebAssembly: Implement the WebAssembly.instantiate API
1573         https://bugs.webkit.org/show_bug.cgi?id=165982
1574         <rdar://problem/29760110>
1575
1576         Reviewed by Keith Miller.
1577
1578         This patch is a straight forward implementation of the WebAssembly.instantiate
1579         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
1580         
1581         I implemented the API in a synchronous manner. We should make it
1582         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
1583
1584         * wasm/JSWebAssembly.cpp:
1585         (JSC::webAssemblyCompileFunc):
1586         (JSC::webAssemblyInstantiateFunc):
1587         (JSC::JSWebAssembly::finishCreation):
1588         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1589         (JSC::constructJSWebAssemblyInstance):
1590         (JSC::WebAssemblyInstanceConstructor::createInstance):
1591         * wasm/js/WebAssemblyInstanceConstructor.h:
1592         * wasm/js/WebAssemblyModuleConstructor.cpp:
1593         (JSC::constructJSWebAssemblyModule):
1594         (JSC::WebAssemblyModuleConstructor::createModule):
1595         * wasm/js/WebAssemblyModuleConstructor.h:
1596
1597 2017-03-06  Michael Saboff  <msaboff@apple.com>
1598
1599         Take advantage of fast permissions switching of JIT memory for devices that support it
1600         https://bugs.webkit.org/show_bug.cgi?id=169155
1601
1602         Reviewed by Saam Barati.
1603
1604         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
1605         control access to JIT memory.
1606
1607         Had to update the Xcode config files to handle various build variations of
1608         public and internal SDKs.
1609
1610         * Configurations/Base.xcconfig:
1611         * Configurations/FeatureDefines.xcconfig:
1612         * jit/ExecutableAllocator.cpp:
1613         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1614         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1615         * jit/ExecutableAllocator.h:
1616         (JSC::performJITMemcpy):
1617
1618 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
1619
1620         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
1621         https://bugs.webkit.org/show_bug.cgi?id=168502
1622
1623         Reviewed by Filip Pizlo.
1624
1625         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
1626
1627 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
1628
1629         op_get_by_id_with_this should use inline caching
1630         https://bugs.webkit.org/show_bug.cgi?id=162124
1631
1632         Reviewed by Saam Barati.
1633
1634         This patch is enabling inline cache for op_get_by_id_with_this in all
1635         tiers. It means that operations using ```super.member``` are going to
1636         be able to be optimized by PIC. To enable it, we introduced a new
1637         member of StructureStubInfo.patch named thisGPR, created a new class
1638         to manage the IC named JITGetByIdWithThisGenerator and changed
1639         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
1640         to decide the correct this value on inline caches.
1641         With inline cached enabled, ```super.member``` are ~4.5x faster,
1642         according microbenchmarks.
1643
1644         * bytecode/AccessCase.cpp:
1645         (JSC::AccessCase::generateImpl):
1646         * bytecode/PolymorphicAccess.cpp:
1647         (JSC::PolymorphicAccess::regenerate):
1648         * bytecode/PolymorphicAccess.h:
1649         * bytecode/StructureStubInfo.cpp:
1650         (JSC::StructureStubInfo::reset):
1651         * bytecode/StructureStubInfo.h:
1652         * dfg/DFGFixupPhase.cpp:
1653         (JSC::DFG::FixupPhase::fixupNode):
1654         * dfg/DFGJITCompiler.cpp:
1655         (JSC::DFG::JITCompiler::link):
1656         * dfg/DFGJITCompiler.h:
1657         (JSC::DFG::JITCompiler::addGetByIdWithThis):
1658         * dfg/DFGSpeculativeJIT.cpp:
1659         (JSC::DFG::SpeculativeJIT::compileIn):
1660         * dfg/DFGSpeculativeJIT.h:
1661         (JSC::DFG::SpeculativeJIT::callOperation):
1662         * dfg/DFGSpeculativeJIT32_64.cpp:
1663         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1664         (JSC::DFG::SpeculativeJIT::compile):
1665         * dfg/DFGSpeculativeJIT64.cpp:
1666         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1667         (JSC::DFG::SpeculativeJIT::compile):
1668         * ftl/FTLLowerDFGToB3.cpp:
1669         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
1670         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
1671         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
1672         * jit/CCallHelpers.h:
1673         (JSC::CCallHelpers::setupArgumentsWithExecState):
1674         * jit/ICStats.h:
1675         * jit/JIT.cpp:
1676         (JSC::JIT::JIT):
1677         (JSC::JIT::privateCompileSlowCases):
1678         (JSC::JIT::link):
1679         * jit/JIT.h:
1680         * jit/JITInlineCacheGenerator.cpp:
1681         (JSC::JITByIdGenerator::JITByIdGenerator):
1682         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1683         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
1684         * jit/JITInlineCacheGenerator.h:
1685         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1686         * jit/JITInlines.h:
1687         (JSC::JIT::callOperation):
1688         * jit/JITOperations.cpp:
1689         * jit/JITOperations.h:
1690         * jit/JITPropertyAccess.cpp:
1691         (JSC::JIT::emit_op_get_by_id_with_this):
1692         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1693         * jit/JITPropertyAccess32_64.cpp:
1694         (JSC::JIT::emit_op_get_by_id_with_this):
1695         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1696         * jit/Repatch.cpp:
1697         (JSC::appropriateOptimizingGetByIdFunction):
1698         (JSC::appropriateGenericGetByIdFunction):
1699         (JSC::tryCacheGetByID):
1700         * jit/Repatch.h:
1701         * jsc.cpp:
1702         (WTF::CustomGetter::getOwnPropertySlot):
1703         (WTF::CustomGetter::customGetterAcessor):
1704
1705 2017-03-06  Saam Barati  <sbarati@apple.com>
1706
1707         WebAssembly: implement init_expr for Element
1708         https://bugs.webkit.org/show_bug.cgi?id=165888
1709         <rdar://problem/29760199>
1710
1711         Reviewed by Keith Miller.
1712
1713         This patch fixes a few bugs. The main change is allowing init_expr
1714         for the Element's offset. To do this, I had to fix a couple of
1715         other bugs:
1716         
1717         - I removed our invalid early module-parse-time invalidation
1718         of out of bound Element sections. This is not in the spec because
1719         it can't be validated in the general case when the offset is a
1720         get_global.
1721         
1722         - Our get_global validation inside our init_expr parsing code was simply wrong.
1723         It thought that the index operand to get_global went into the pool of imports,
1724         but it does not. It indexes into the pool of globals. I changed the code to
1725         refer to the global pool instead.
1726
1727         * wasm/WasmFormat.h:
1728         (JSC::Wasm::Element::Element):
1729         * wasm/WasmModuleParser.cpp:
1730         * wasm/js/WebAssemblyModuleRecord.cpp:
1731         (JSC::WebAssemblyModuleRecord::evaluate):
1732
1733 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1734
1735         [JSC] Allow indexed module namespace object fields
1736         https://bugs.webkit.org/show_bug.cgi?id=168870
1737
1738         Reviewed by Saam Barati.
1739
1740         While JS modules cannot expose any indexed bindings,
1741         Wasm modules can expose them. However, module namespace
1742         object currently does not support indexed properties.
1743         This patch allows module namespace objects to offer
1744         indexed binding accesses.
1745
1746         * runtime/JSModuleNamespaceObject.cpp:
1747         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
1748         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1749         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
1750         * runtime/JSModuleNamespaceObject.h:
1751
1752 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1753
1754         Null pointer crash when loading module with unresolved import also as a script file
1755         https://bugs.webkit.org/show_bug.cgi?id=168971
1756
1757         Reviewed by Saam Barati.
1758
1759         If linking throws an error, this error should be re-thrown
1760         when requesting the same module.
1761
1762         * builtins/ModuleLoaderPrototype.js:
1763         (globalPrivate.newRegistryEntry):
1764         * runtime/JSModuleRecord.cpp:
1765         (JSC::JSModuleRecord::link):
1766
1767 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1768
1769         [GTK][JSCOnly] Enable WebAssembly on Linux environment
1770         https://bugs.webkit.org/show_bug.cgi?id=164032
1771
1772         Reviewed by Michael Catanzaro.
1773
1774         This patch enables WebAssembly on JSCOnly and GTK ports.
1775         Basically, almost all the WASM code is portable to Linux.
1776         One platform-dependent part is faster memory load using SIGBUS
1777         signal handler. This patch ports this part to Linux.
1778
1779         * CMakeLists.txt:
1780         * llint/LLIntSlowPaths.cpp:
1781         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1782         * wasm/WasmFaultSignalHandler.cpp:
1783         (JSC::Wasm::trapHandler):
1784         (JSC::Wasm::enableFastMemory):
1785
1786 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
1787
1788         Currency digits calculation in Intl.NumberFormat should call out to ICU
1789         https://bugs.webkit.org/show_bug.cgi?id=169182
1790
1791         Reviewed by Yusuke Suzuki.
1792
1793         * runtime/IntlNumberFormat.cpp:
1794         (JSC::computeCurrencyDigits):
1795         (JSC::computeCurrencySortKey): Deleted.
1796         (JSC::extractCurrencySortKey): Deleted.
1797
1798 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
1799
1800         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
1801         https://bugs.webkit.org/show_bug.cgi?id=168869
1802
1803         Reviewed by Keith Miller.
1804
1805         * b3/B3Width.h:
1806         * wasm/WasmSections.h:
1807
1808 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
1809
1810         [ARM] Unreviewed buildfix after r213376.
1811
1812         * assembler/ARMAssembler.h:
1813         (JSC::ARMAssembler::isBkpt): Typo fixed.
1814
1815 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1816
1817         [JSC] build fix after r213399
1818         https://bugs.webkit.org/show_bug.cgi?id=169154
1819
1820         Unreviewed.
1821
1822         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
1823
1824 2017-03-03  Dean Jackson  <dino@apple.com>
1825
1826         Add WebGPU compile flag and experimental feature flag
1827         https://bugs.webkit.org/show_bug.cgi?id=169161
1828         <rdar://problem/30846689>
1829
1830         Reviewed by Tim Horton.
1831
1832         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
1833         and an InternalSetting.
1834
1835         * Configurations/FeatureDefines.xcconfig:
1836
1837 2017-03-03  Michael Saboff  <msaboff@apple.com>
1838
1839         Add support for relative pathnames to JSC config files
1840         https://bugs.webkit.org/show_bug.cgi?id=169154
1841
1842         Reviewed by Saam Barati.
1843
1844         If the config file is a relative path, prepend the current working directory.
1845         After canonicalizing the config file path, we extract its directory path and
1846         use that for the directory for a relative log pathname.
1847
1848         * runtime/ConfigFile.cpp:
1849         (JSC::ConfigFile::ConfigFile):
1850         (JSC::ConfigFile::parse):
1851         (JSC::ConfigFile::canonicalizePaths):
1852         * runtime/ConfigFile.h:
1853
1854 2017-03-03  Michael Saboff  <msaboff@apple.com>
1855
1856         Add load / store exclusive instruction group to ARM64 disassembler
1857         https://bugs.webkit.org/show_bug.cgi?id=169152
1858
1859         Reviewed by Filip Pizlo.
1860
1861         * disassembler/ARM64/A64DOpcode.cpp:
1862         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
1863         * disassembler/ARM64/A64DOpcode.h:
1864         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
1865         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
1866         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
1867         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
1868         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
1869         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
1870         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
1871         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
1872         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
1873
1874 2017-03-03  Keith Miller  <keith_miller@apple.com>
1875
1876         WASM should support faster loads.
1877         https://bugs.webkit.org/show_bug.cgi?id=162693
1878
1879         Reviewed by Saam Barati.
1880
1881         This patch adds support for WebAssembly using a 32-bit address
1882         space for memory (along with some extra space for offset
1883         overflow). With a 32-bit address space (we call them
1884         Signaling/fast memories), we reserve the virtual address space for
1885         2^32 + offset bytes of memory and only mark the usable section as
1886         read/write. If wasm code would read/write out of bounds we use a
1887         custom signal handler to catch the SIGBUS. The signal handler then
1888         checks if the faulting instruction is wasm code and tells the
1889         thread to resume executing from the wasm exception
1890         handler. Otherwise, the signal handler crashes the process, as
1891         usual.
1892
1893         All of the allocations of these memories are managed by the
1894         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
1895         old Signaling memories that are no longer in use. Since getting
1896         the wrong memory can cause recompiles, we try to reserve a memory
1897         for modules that do not import a memory. If a module does import a
1898         memory, we try to guess the type of memory we are going to get
1899         based on the last one allocated.
1900
1901         This patch also changes how the wasm JS-api manages objects. Since
1902         we can compile different versions of code, this patch adds a new
1903         JSWebAssemblyCodeBlock class that holds all the information
1904         specific to running a module in a particular bounds checking
1905         mode. Additionally, the Wasm::Memory object is now a reference
1906         counted class that is shared between the JSWebAssemblyMemory
1907         object and the ArrayBuffer that also views it.
1908
1909         * JavaScriptCore.xcodeproj/project.pbxproj:
1910         * jit/JITThunks.cpp:
1911         (JSC::JITThunks::existingCTIStub):
1912         * jit/JITThunks.h:
1913         * jsc.cpp:
1914         (jscmain):
1915         * runtime/Options.h:
1916         * runtime/VM.cpp:
1917         (JSC::VM::VM):
1918         * runtime/VM.h:
1919         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
1920         (JSC::JSWebAssemblyCodeBlock::create):
1921         (JSC::JSWebAssemblyCodeBlock::createStructure):
1922         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
1923         (JSC::JSWebAssemblyCodeBlock::mode):
1924         (JSC::JSWebAssemblyCodeBlock::module):
1925         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
1926         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
1927         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
1928         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
1929         (JSC::JSWebAssemblyCodeBlock::callees):
1930         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
1931         (JSC::JSWebAssemblyCodeBlock::allocationSize):
1932         * wasm/WasmB3IRGenerator.cpp:
1933         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1934         (JSC::Wasm::getMemoryBaseAndSize):
1935         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1936         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1937         (JSC::Wasm::B3IRGenerator::emitStoreOp):
1938         * wasm/WasmCallingConvention.h:
1939         * wasm/WasmFaultSignalHandler.cpp: Added.
1940         (JSC::Wasm::trapHandler):
1941         (JSC::Wasm::registerCode):
1942         (JSC::Wasm::unregisterCode):
1943         (JSC::Wasm::fastMemoryEnabled):
1944         (JSC::Wasm::enableFastMemory):
1945         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
1946         * wasm/WasmFormat.h:
1947         (JSC::Wasm::ModuleInformation::importFunctionCount):
1948         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
1949         * wasm/WasmMemory.cpp:
1950         (JSC::Wasm::mmapBytes):
1951         (JSC::Wasm::Memory::lastAllocatedMode):
1952         (JSC::Wasm::availableFastMemories):
1953         (JSC::Wasm::tryGetFastMemory):
1954         (JSC::Wasm::releaseFastMemory):
1955         (JSC::Wasm::Memory::Memory):
1956         (JSC::Wasm::Memory::createImpl):
1957         (JSC::Wasm::Memory::create):
1958         (JSC::Wasm::Memory::~Memory):
1959         (JSC::Wasm::Memory::grow):
1960         (JSC::Wasm::Memory::dump):
1961         (JSC::Wasm::Memory::makeString):
1962         * wasm/WasmMemory.h:
1963         (JSC::Wasm::Memory::operator bool):
1964         (JSC::Wasm::Memory::size):
1965         (JSC::Wasm::Memory::check):
1966         (JSC::Wasm::Memory::Memory): Deleted.
1967         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
1968         (JSC::Wasm::Memory::offsetOfSize): Deleted.
1969         * wasm/WasmMemoryInformation.cpp:
1970         (JSC::Wasm::MemoryInformation::MemoryInformation):
1971         * wasm/WasmMemoryInformation.h:
1972         (JSC::Wasm::MemoryInformation::hasReservedMemory):
1973         (JSC::Wasm::MemoryInformation::takeReservedMemory):
1974         (JSC::Wasm::MemoryInformation::mode):
1975         * wasm/WasmModuleParser.cpp:
1976         * wasm/WasmModuleParser.h:
1977         (JSC::Wasm::ModuleParser::ModuleParser):
1978         * wasm/WasmPlan.cpp:
1979         (JSC::Wasm::Plan::parseAndValidateModule):
1980         (JSC::Wasm::Plan::run):
1981         * wasm/WasmPlan.h:
1982         (JSC::Wasm::Plan::mode):
1983         * wasm/js/JSWebAssemblyCallee.cpp:
1984         (JSC::JSWebAssemblyCallee::finishCreation):
1985         (JSC::JSWebAssemblyCallee::destroy):
1986         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
1987         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
1988         (JSC::JSWebAssemblyCodeBlock::destroy):
1989         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1990         (JSC::JSWebAssemblyCodeBlock::visitChildren):
1991         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
1992         * wasm/js/JSWebAssemblyInstance.cpp:
1993         (JSC::JSWebAssemblyInstance::setMemory):
1994         (JSC::JSWebAssemblyInstance::finishCreation):
1995         (JSC::JSWebAssemblyInstance::visitChildren):
1996         * wasm/js/JSWebAssemblyInstance.h:
1997         (JSC::JSWebAssemblyInstance::module):
1998         (JSC::JSWebAssemblyInstance::codeBlock):
1999         (JSC::JSWebAssemblyInstance::memoryMode):
2000         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
2001         * wasm/js/JSWebAssemblyMemory.cpp:
2002         (JSC::JSWebAssemblyMemory::create):
2003         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
2004         (JSC::JSWebAssemblyMemory::buffer):
2005         (JSC::JSWebAssemblyMemory::grow):
2006         (JSC::JSWebAssemblyMemory::destroy):
2007         * wasm/js/JSWebAssemblyMemory.h:
2008         (JSC::JSWebAssemblyMemory::memory):
2009         (JSC::JSWebAssemblyMemory::offsetOfMemory):
2010         (JSC::JSWebAssemblyMemory::offsetOfSize):
2011         * wasm/js/JSWebAssemblyModule.cpp:
2012         (JSC::JSWebAssemblyModule::buildCodeBlock):
2013         (JSC::JSWebAssemblyModule::create):
2014         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2015         (JSC::JSWebAssemblyModule::codeBlock):
2016         (JSC::JSWebAssemblyModule::finishCreation):
2017         (JSC::JSWebAssemblyModule::visitChildren):
2018         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
2019         * wasm/js/JSWebAssemblyModule.h:
2020         (JSC::JSWebAssemblyModule::takeReservedMemory):
2021         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
2022         (JSC::JSWebAssemblyModule::codeBlock):
2023         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
2024         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
2025         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
2026         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
2027         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
2028         (JSC::JSWebAssemblyModule::callees): Deleted.
2029         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
2030         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
2031         * wasm/js/WebAssemblyFunction.cpp:
2032         (JSC::callWebAssemblyFunction):
2033         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2034         (JSC::constructJSWebAssemblyInstance):
2035         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2036         (JSC::constructJSWebAssemblyMemory):
2037         * wasm/js/WebAssemblyModuleConstructor.cpp:
2038         (JSC::WebAssemblyModuleConstructor::createModule):
2039         * wasm/js/WebAssemblyModuleRecord.cpp:
2040         (JSC::WebAssemblyModuleRecord::link):
2041         (JSC::WebAssemblyModuleRecord::evaluate):
2042
2043 2017-03-03  Mark Lam  <mark.lam@apple.com>
2044
2045         Gardening: fix broken ARM64 build.
2046         https://bugs.webkit.org/show_bug.cgi?id=169139
2047
2048         Not reviewed.
2049
2050         * assembler/ARM64Assembler.h:
2051         (JSC::ARM64Assembler::excepnGenerationImmMask):
2052
2053 2017-03-03  Mark Lam  <mark.lam@apple.com>
2054
2055         Add MacroAssembler::isBreakpoint() query function.
2056         https://bugs.webkit.org/show_bug.cgi?id=169139
2057
2058         Reviewed by Michael Saboff.
2059
2060         This will be needed soon when we use breakpoint instructions to implement
2061         non-polling VM traps, and need to discern between a VM trap signal and a genuine
2062         assertion breakpoint.
2063
2064         * assembler/ARM64Assembler.h:
2065         (JSC::ARM64Assembler::isBrk):
2066         (JSC::ARM64Assembler::excepnGenerationImmMask):
2067         * assembler/ARMAssembler.h:
2068         (JSC::ARMAssembler::isBkpt):
2069         * assembler/ARMv7Assembler.h:
2070         (JSC::ARMv7Assembler::isBkpt):
2071         * assembler/MIPSAssembler.h:
2072         (JSC::MIPSAssembler::isBkpt):
2073         * assembler/MacroAssemblerARM.h:
2074         (JSC::MacroAssemblerARM::isBreakpoint):
2075         * assembler/MacroAssemblerARM64.h:
2076         (JSC::MacroAssemblerARM64::isBreakpoint):
2077         * assembler/MacroAssemblerARMv7.h:
2078         (JSC::MacroAssemblerARMv7::isBreakpoint):
2079         * assembler/MacroAssemblerMIPS.h:
2080         (JSC::MacroAssemblerMIPS::isBreakpoint):
2081         * assembler/MacroAssemblerX86Common.h:
2082         (JSC::MacroAssemblerX86Common::isBreakpoint):
2083         * assembler/X86Assembler.h:
2084         (JSC::X86Assembler::isInt3):
2085
2086 2017-03-03  Mark Lam  <mark.lam@apple.com>
2087
2088         We should only check for traps that we're able to handle.
2089         https://bugs.webkit.org/show_bug.cgi?id=169136
2090
2091         Reviewed by Michael Saboff.
2092
2093         The execute methods in interpreter were checking for the existence of any traps
2094         (without masking) and only handling a subset of those via a mask.  This can
2095         result in a failed assertion on debug builds.
2096
2097         This patch fixes this by applying the same mask for both the needTrapHandling()
2098         check and the handleTraps() call.  Also added a few assertions.
2099
2100         * interpreter/Interpreter.cpp:
2101         (JSC::Interpreter::executeProgram):
2102         (JSC::Interpreter::executeCall):
2103         (JSC::Interpreter::executeConstruct):
2104         (JSC::Interpreter::execute):
2105         * jit/JITOperations.cpp:
2106         * llint/LLIntSlowPaths.cpp:
2107         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2108
2109 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
2110
2111         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
2112         https://bugs.webkit.org/show_bug.cgi?id=169074
2113
2114         Reviewed by Joseph Pecoraro.
2115
2116         They are not actually cocoa specific.
2117
2118         * inspector/remote/RemoteInspector.cpp:
2119         (Inspector::RemoteInspector::updateTargetListing):
2120         * inspector/remote/RemoteInspector.h:
2121         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2122
2123 2017-03-02  Mark Lam  <mark.lam@apple.com>
2124
2125         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
2126         https://bugs.webkit.org/show_bug.cgi?id=169089
2127
2128         Reviewed by Tim Horton and Joseph Pecoraro.
2129
2130         * runtime/VM.cpp:
2131         (JSC::VM::handleTraps):
2132         * runtime/VM.h:
2133         (JSC::VM::notifyNeedDebuggerBreak):
2134
2135 2017-03-02  Michael Saboff  <msaboff@apple.com>
2136
2137         Add JSC identity when code signing to allow debugging on iOS
2138         https://bugs.webkit.org/show_bug.cgi?id=169099
2139
2140         Reviewed by Filip Pizlo.
2141
2142         * Configurations/JSC.xcconfig:
2143         * Configurations/ToolExecutable.xcconfig:
2144
2145 2017-03-02  Keith Miller  <keith_miller@apple.com>
2146
2147         WebAssemblyFunction should have Function.prototype as its prototype
2148         https://bugs.webkit.org/show_bug.cgi?id=169101
2149
2150         Reviewed by Filip Pizlo.
2151
2152         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
2153         objects should have Function.prototype as their prototype.
2154
2155         * runtime/JSGlobalObject.cpp:
2156         (JSC::JSGlobalObject::init):
2157
2158 2017-03-02  Mark Lam  <mark.lam@apple.com>
2159
2160         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
2161         https://bugs.webkit.org/show_bug.cgi?id=169088
2162
2163         Reviewed by Keith Miller.
2164
2165         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
2166         generated.  This is useful for testing purposes until we have signal based
2167         traps, at which point, we will always emit the op_check_traps bytecode and remove
2168         this option.
2169
2170         Options::usePollingTraps() enables the use of polling VM traps all the time.
2171         This will be useful for benchmark comparisons, (between polling and non-polling
2172         traps), as well as for forcing polling traps later for ports that don't support
2173         signal based traps.
2174
2175         Note: signal based traps are not fully implemented yet.  As a result, if the VM
2176         watchdog is in use, we will force Options::usePollingTraps() to be true.
2177
2178         * bytecompiler/BytecodeGenerator.cpp:
2179         (JSC::BytecodeGenerator::emitCheckTraps):
2180         * dfg/DFGClobberize.h:
2181         (JSC::DFG::clobberize):
2182         * dfg/DFGSpeculativeJIT.cpp:
2183         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2184         * dfg/DFGSpeculativeJIT32_64.cpp:
2185         (JSC::DFG::SpeculativeJIT::compile):
2186         * dfg/DFGSpeculativeJIT64.cpp:
2187         (JSC::DFG::SpeculativeJIT::compile):
2188         * ftl/FTLLowerDFGToB3.cpp:
2189         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2190         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2191         * runtime/Options.cpp:
2192         (JSC::recomputeDependentOptions):
2193         * runtime/Options.h:
2194
2195 2017-03-02  Keith Miller  <keith_miller@apple.com>
2196
2197         Fix addressing mode for B3WasmAddress
2198         https://bugs.webkit.org/show_bug.cgi?id=169092
2199
2200         Reviewed by Filip Pizlo.
2201
2202         Fix the potential addressing modes for B3WasmAddress. ARM does not
2203         support a base + index*1 + offset addressing mode. I think when I
2204         read it the first time I assumed it would always work on both ARM
2205         and X86. While true for X86 it's not true for ARM.
2206
2207         * b3/B3LowerToAir.cpp:
2208         (JSC::B3::Air::LowerToAir::effectiveAddr):
2209
2210 2017-03-02  Mark Lam  <mark.lam@apple.com>
2211
2212         Add support for selective handling of VM traps.
2213         https://bugs.webkit.org/show_bug.cgi?id=169087
2214
2215         Reviewed by Keith Miller.
2216
2217         This is needed because there are some places in the VM where it's appropriate to
2218         handle some types of VM traps but not others.
2219
2220         We implement this selection by using a VMTraps::Mask that allows the user to
2221         specify which traps should be serviced.
2222
2223         * interpreter/Interpreter.cpp:
2224         (JSC::Interpreter::executeProgram):
2225         (JSC::Interpreter::executeCall):
2226         (JSC::Interpreter::executeConstruct):
2227         (JSC::Interpreter::execute):
2228         * runtime/VM.cpp:
2229         (JSC::VM::handleTraps):
2230         * runtime/VM.h:
2231         * runtime/VMTraps.cpp:
2232         (JSC::VMTraps::takeTrap): Deleted.
2233         * runtime/VMTraps.h:
2234         (JSC::VMTraps::Mask::Mask):
2235         (JSC::VMTraps::Mask::allEventTypes):
2236         (JSC::VMTraps::Mask::bits):
2237         (JSC::VMTraps::Mask::init):
2238         (JSC::VMTraps::needTrapHandling):
2239         (JSC::VMTraps::hasTrapForEvent):
2240
2241 2017-03-02  Alex Christensen  <achristensen@webkit.org>
2242
2243         Continue enabling WebRTC
2244         https://bugs.webkit.org/show_bug.cgi?id=169056
2245
2246         Reviewed by Jon Lee.
2247
2248         * Configurations/FeatureDefines.xcconfig:
2249
2250 2017-03-02  Tomas Popela  <tpopela@redhat.com>
2251
2252         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
2253         https://bugs.webkit.org/show_bug.cgi?id=169034
2254
2255         Reviewed by Mark Lam.
2256
2257         It should not assign to offset, but compare to offset.
2258
2259         * runtime/JSGlobalObject.cpp:
2260         (JSC::JSGlobalObject::addStaticGlobals):
2261
2262 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2263
2264         Unreviewed, rolling out r213259.
2265
2266         Broke an internal build
2267
2268         Reverted changeset:
2269
2270         "Continue enabling WebRTC"
2271         https://bugs.webkit.org/show_bug.cgi?id=169056
2272         http://trac.webkit.org/changeset/213259
2273
2274 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2275
2276         Continue enabling WebRTC
2277         https://bugs.webkit.org/show_bug.cgi?id=169056
2278
2279         Reviewed by Jon Lee.
2280
2281         * Configurations/FeatureDefines.xcconfig:
2282
2283 2017-03-01  Michael Saboff  <msaboff@apple.com>
2284
2285         Source/JavaScriptCore/ChangeLog
2286         https://bugs.webkit.org/show_bug.cgi?id=169055
2287
2288         Reviewed by Mark Lam.
2289
2290         Made local copies of options strings for OptionRange and string typed options.
2291
2292         * runtime/Options.cpp:
2293         (JSC::parse):
2294         (JSC::OptionRange::init):
2295
2296 2017-03-01  Mark Lam  <mark.lam@apple.com>
2297
2298         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2299         https://bugs.webkit.org/show_bug.cgi?id=168996
2300
2301         Reviewed by Filip Pizlo and Saam Barati.
2302
2303         PlatformThread is more useful because it allows us to:
2304         1. find the MachineThreads::Thread which is associated with it.
2305         2. suspend / resume threads.
2306         3. send a signal to a thread.
2307
2308         We can't do those with std::thread::id.  We will need one or more of these
2309         capabilities to implement non-polling VM traps later.
2310
2311         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2312         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2313         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2314         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2315
2316         * JavaScriptCore.xcodeproj/project.pbxproj:
2317         * heap/MachineStackMarker.cpp:
2318         (JSC::MachineThreads::Thread::createForCurrentThread):
2319         (JSC::MachineThreads::machineThreadForCurrentThread):
2320         (JSC::MachineThreads::removeThread):
2321         (JSC::MachineThreads::Thread::suspend):
2322         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2323         (JSC::getCurrentPlatformThread): Deleted.
2324         * heap/MachineStackMarker.h:
2325         * runtime/JSCellInlines.h:
2326         (JSC::JSCell::classInfo):
2327         * runtime/JSLock.cpp:
2328         (JSC::JSLock::JSLock):
2329         (JSC::JSLock::lock):
2330         (JSC::JSLock::unlock):
2331         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2332         * runtime/JSLock.h:
2333         (JSC::JSLock::ownerThread):
2334         (JSC::JSLock::currentThreadIsHoldingLock):
2335         * runtime/PlatformThread.h: Added.
2336         (JSC::currentPlatformThread):
2337         * runtime/VM.cpp:
2338         (JSC::VM::~VM):
2339         * runtime/VM.h:
2340         (JSC::VM::ownerThread):
2341         * runtime/Watchdog.cpp:
2342         (JSC::Watchdog::setTimeLimit):
2343         (JSC::Watchdog::shouldTerminate):
2344         (JSC::Watchdog::startTimer):
2345         (JSC::Watchdog::stopTimer):
2346         * tools/JSDollarVMPrototype.cpp:
2347         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2348         * tools/VMInspector.cpp:
2349
2350 2017-03-01  Saam Barati  <sbarati@apple.com>
2351
2352         Implement a mega-disassembler that'll be used in the FTL
2353         https://bugs.webkit.org/show_bug.cgi?id=168685
2354
2355         Reviewed by Mark Lam.
2356
2357         This patch extends the previous Air disassembler to print the
2358         DFG and B3 nodes belonging to particular Air instructions.
2359         The algorithm I'm using to do this is not perfect. For example,
2360         it won't try to print the entire DFG/B3 graph. It'll just print
2361         the related nodes for particular Air instructions. We can make the
2362         algorithm more sophisticated as we get more experience looking at
2363         these IR dumps and get a better feel for what we want out of them.
2364
2365         This is an example of the output:
2366
2367         ...
2368         ...
2369         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2370            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2371                Patch &Patchpoint2, %r20, %r20, %r0, @54
2372          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2373            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2374                Move 32(%r20), %r5, @57
2375                       0x389cc9ac0:    ldur   x5, [x20, #32]
2376         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2377            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2378                Move32 (%r5), %r1, @58
2379                       0x389cc9ac4:    ldur   w1, [x5]
2380            Int32 @59 = Const32(DFG:@115, 92)
2381            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2382            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2383                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2384                       0x389cc9ac8:    cmp    w1, #92
2385                       0x389cc9acc:    b.ne   0x389cc9dac
2386         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2387            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2388                Move 8(%r5), %r4, @64
2389                       0x389cc9ad0:    ldur   x4, [x5, #8]
2390          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2391            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2392                Move32 -8(%r4), %r2, @67
2393                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2394       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2395            Int32 @68 = Const32(DFG:@192, -1)
2396                Move $0xffffffffffffffff, %r1, $-1(@68)
2397                       0x389cc9ad8:    mov    x1, #-1
2398          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2399            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2400                Add32 %r2, %r1, %r1, @69
2401                       0x389cc9adc:    add    w1, w2, w1
2402          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2403            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2404            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2405                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2406                       0x389cc9ae0:    cmp    x0, x22
2407                       0x389cc9ae4:    b.lo   0x389cc9dc0
2408            Int32 @72 = Trunc(@53, DFG:@86)
2409            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2410                And32 %r1, %r0, %r1, @73
2411                       0x389cc9ae8:    and    w1, w1, w0
2412            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2413            Int32 @72 = Trunc(@53, DFG:@86)
2414            Int64 @11 = SlotBase(stack0)
2415            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2416                Move32 %r0, -64(%fp), @76
2417                       0x389cc9aec:    stur   w0, [fp, #-64]
2418            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2419            Int64 @77 = ZExt32(@73, DFG:@12)
2420            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2421                Add64 %r1, %r22, %r3, @78
2422                       0x389cc9af0:    add    x3, x1, x22
2423            Int64 @11 = SlotBase(stack0)
2424            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2425                Move %r3, -72(%fp), @81
2426                       0x389cc9af4:    stur   x3, [fp, #-72]
2427            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2428            Int32 @82 = Trunc(@24, DFG:@10)
2429            Int64 @11 = SlotBase(stack0)
2430            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2431                Move32 %r21, -80(%fp), @85
2432                       0x389cc9af8:    stur   w21, [fp, #-80]
2433           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2434            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2435            Void @90 = Branch(@89, DFG:@129, Terminal)
2436                Branch32 AboveOrEqual, %r1, %r2, @90
2437                       0x389cc9afc:    cmp    w1, w2
2438                       0x389cc9b00:    b.hs   0x389cc9bec
2439         ...
2440         ...
2441
2442         * b3/air/AirDisassembler.cpp:
2443         (JSC::B3::Air::Disassembler::dump):
2444         * b3/air/AirDisassembler.h:
2445         * ftl/FTLCompile.cpp:
2446         (JSC::FTL::compile):
2447         * ftl/FTLLowerDFGToB3.cpp:
2448         (JSC::FTL::DFG::LowerDFGToB3::lower):
2449         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2450         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2451         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2452         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2453
2454 2017-03-01  Mark Lam  <mark.lam@apple.com>
2455
2456         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2457         https://bugs.webkit.org/show_bug.cgi?id=169042
2458
2459         Not reviewed.
2460
2461         Rolling out r213229 and r213202.
2462
2463         * JavaScriptCore.xcodeproj/project.pbxproj:
2464         * heap/MachineStackMarker.cpp:
2465         (JSC::getCurrentPlatformThread):
2466         (JSC::MachineThreads::Thread::createForCurrentThread):
2467         (JSC::MachineThreads::machineThreadForCurrentThread):
2468         (JSC::MachineThreads::removeThread):
2469         (JSC::MachineThreads::Thread::suspend):
2470         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2471         * heap/MachineStackMarker.h:
2472         * runtime/JSCellInlines.h:
2473         (JSC::JSCell::classInfo):
2474         * runtime/JSLock.cpp:
2475         (JSC::JSLock::JSLock):
2476         (JSC::JSLock::lock):
2477         (JSC::JSLock::unlock):
2478         (JSC::JSLock::currentThreadIsHoldingLock):
2479         * runtime/JSLock.h:
2480         (JSC::JSLock::ownerThread):
2481         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2482         * runtime/PlatformThread.h: Removed.
2483         * runtime/VM.cpp:
2484         (JSC::VM::~VM):
2485         * runtime/VM.h:
2486         (JSC::VM::ownerThread):
2487         * runtime/Watchdog.cpp:
2488         (JSC::Watchdog::setTimeLimit):
2489         (JSC::Watchdog::shouldTerminate):
2490         (JSC::Watchdog::startTimer):
2491         (JSC::Watchdog::stopTimer):
2492         * tools/JSDollarVMPrototype.cpp:
2493         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2494         * tools/VMInspector.cpp:
2495
2496 2017-03-01  Mark Lam  <mark.lam@apple.com>
2497
2498         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2499         https://bugs.webkit.org/show_bug.cgi?id=169042
2500
2501         Reviewed by Filip Pizlo.
2502
2503         * runtime/JSLock.h:
2504         (JSC::JSLock::currentThreadIsHoldingLock):
2505
2506 2017-02-28  Brian Burg  <bburg@apple.com>
2507
2508         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
2509         https://bugs.webkit.org/show_bug.cgi?id=168695
2510         <rdar://problem/30643899>
2511
2512         Reviewed by Joseph Pecoraro.
2513
2514         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
2515         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
2516         to gather listing information for RemoteAutomationTargets.
2517
2518         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
2519         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
2520         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
2521
2522         * inspector/remote/RemoteInspector.h:
2523         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
2524
2525         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2526         (Inspector::RemoteConnectionToTarget::setup):
2527         (Inspector::RemoteConnectionToTarget::close):
2528         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
2529         and use it inside the block later after it may have been destructed already. If that happens,
2530         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
2531
2532         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2533         (Inspector::RemoteInspector::updateTargetListing):
2534         We need to make sure to request a listing push after the target is updated, so implicitly call
2535         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
2536
2537         (Inspector::RemoteInspector::receivedSetupMessage):
2538         (Inspector::RemoteInspector::receivedDidCloseMessage):
2539         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
2540         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
2541         and asynchronously on the target's queue when the connection to target is opened or closed.
2542
2543 2017-03-01  Tomas Popela  <tpopela@redhat.com>
2544
2545         Leak under Options::setOptions
2546         https://bugs.webkit.org/show_bug.cgi?id=169029
2547
2548         Reviewed by Michael Saboff.
2549
2550         Don't leak the optionsStrCopy variable.
2551
2552         * runtime/Options.cpp:
2553         (JSC::Options::setOptions):
2554
2555 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2556
2557         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
2558         https://bugs.webkit.org/show_bug.cgi?id=168968
2559
2560         Reviewed by Saam Barati.
2561
2562         This patch decouples dumping bytecode sequence from CodeBlock.
2563         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
2564         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
2565         called Generatorification.
2566
2567         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
2568         this class to dump bytecode sequence.
2569
2570         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
2571         which dumps unlinked bytecode sequence before generatorification if it is enabled.
2572
2573         * CMakeLists.txt:
2574         * JavaScriptCore.xcodeproj/project.pbxproj:
2575         * bytecode/BytecodeDumper.cpp: Added.
2576         (JSC::getStructureID):
2577         (JSC::getSpecialPointer):
2578         (JSC::getPutByIdFlags):
2579         (JSC::getToThisStatus):
2580         (JSC::getPointer):
2581         (JSC::getStructureChain):
2582         (JSC::getStructure):
2583         (JSC::getCallLinkInfo):
2584         (JSC::getBasicBlockLocation):
2585         (JSC::BytecodeDumper<Block>::actualPointerFor):
2586         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
2587         (JSC::beginDumpProfiling):
2588         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
2589         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
2590         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
2591         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
2592         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
2593         (JSC::dumpRareCaseProfile):
2594         (JSC::dumpArithProfile):
2595         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
2596         (JSC::BytecodeDumper<Block>::vm):
2597         (JSC::BytecodeDumper<Block>::identifier):
2598         (JSC::regexpToSourceString):
2599         (JSC::regexpName):
2600         (JSC::printLocationAndOp):
2601         (JSC::isConstantRegisterIndex):
2602         (JSC::debugHookName):
2603         (JSC::BytecodeDumper<Block>::registerName):
2604         (JSC::idName):
2605         (JSC::BytecodeDumper<Block>::constantName):
2606         (JSC::BytecodeDumper<Block>::printUnaryOp):
2607         (JSC::BytecodeDumper<Block>::printBinaryOp):
2608         (JSC::BytecodeDumper<Block>::printConditionalJump):
2609         (JSC::BytecodeDumper<Block>::printGetByIdOp):
2610         (JSC::dumpStructure):
2611         (JSC::dumpChain):
2612         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
2613         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
2614         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
2615         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
2616         (JSC::BytecodeDumper<Block>::printCallOp):
2617         (JSC::BytecodeDumper<Block>::printPutByIdOp):
2618         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
2619         (JSC::BytecodeDumper<Block>::dumpBytecode):
2620         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2621         (JSC::BytecodeDumper<Block>::dumpConstants):
2622         (JSC::BytecodeDumper<Block>::dumpRegExps):
2623         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2624         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2625         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2626         (JSC::BytecodeDumper<Block>::dumpBlock):
2627         * bytecode/BytecodeDumper.h: Added.
2628         (JSC::BytecodeDumper::BytecodeDumper):
2629         (JSC::BytecodeDumper::block):
2630         (JSC::BytecodeDumper::instructionsBegin):
2631         * bytecode/BytecodeGeneratorification.cpp:
2632         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2633         (JSC::performGeneratorification):
2634         * bytecode/BytecodeLivenessAnalysis.cpp:
2635         (JSC::BytecodeLivenessAnalysis::dumpResults):
2636         * bytecode/CodeBlock.cpp:
2637         (JSC::CodeBlock::dumpBytecode):
2638         (JSC::CodeBlock::finishCreation):
2639         (JSC::CodeBlock::propagateTransitions):
2640         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2641         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2642         (JSC::CodeBlock::usesOpcode):
2643         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2644         (JSC::CodeBlock::arithProfileForPC):
2645         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2646         (JSC::idName): Deleted.
2647         (JSC::CodeBlock::registerName): Deleted.
2648         (JSC::CodeBlock::constantName): Deleted.
2649         (JSC::regexpToSourceString): Deleted.
2650         (JSC::regexpName): Deleted.
2651         (JSC::debugHookName): Deleted.
2652         (JSC::CodeBlock::printUnaryOp): Deleted.
2653         (JSC::CodeBlock::printBinaryOp): Deleted.
2654         (JSC::CodeBlock::printConditionalJump): Deleted.
2655         (JSC::CodeBlock::printGetByIdOp): Deleted.
2656         (JSC::dumpStructure): Deleted.
2657         (JSC::dumpChain): Deleted.
2658         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
2659         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
2660         (JSC::CodeBlock::printCallOp): Deleted.
2661         (JSC::CodeBlock::printPutByIdOp): Deleted.
2662         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
2663         (JSC::CodeBlock::beginDumpProfiling): Deleted.
2664         (JSC::CodeBlock::dumpValueProfiling): Deleted.
2665         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
2666         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
2667         (JSC::CodeBlock::dumpArithProfile): Deleted.
2668         (JSC::CodeBlock::printLocationAndOp): Deleted.
2669         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
2670         * bytecode/CodeBlock.h:
2671         (JSC::CodeBlock::constantRegisters):
2672         (JSC::CodeBlock::numberOfRegExps):
2673         (JSC::CodeBlock::bitVectors):
2674         (JSC::CodeBlock::bitVector):
2675         * bytecode/HandlerInfo.h:
2676         (JSC::HandlerInfoBase::typeName):
2677         * bytecode/UnlinkedCodeBlock.cpp:
2678         (JSC::UnlinkedCodeBlock::dump):
2679         * bytecode/UnlinkedCodeBlock.h:
2680         (JSC::UnlinkedCodeBlock::getConstant):
2681         * bytecode/UnlinkedInstructionStream.cpp:
2682         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
2683         * bytecode/UnlinkedInstructionStream.h:
2684         (JSC::UnlinkedInstructionStream::Reader::next):
2685         * runtime/Options.h:
2686
2687 2017-02-28  Mark Lam  <mark.lam@apple.com>
2688
2689         Change JSLock to stash PlatformThread instead of std::thread::id.
2690         https://bugs.webkit.org/show_bug.cgi?id=168996
2691
2692         Reviewed by Filip Pizlo.
2693
2694         PlatformThread is more useful because it allows us to:
2695         1. find the MachineThreads::Thread which is associated with it.
2696         2. suspend / resume threads.
2697         3. send a signal to a thread.
2698
2699         We can't do those with std::thread::id.  We will need one or more of these
2700         capabilities to implement non-polling VM traps later.
2701
2702         * JavaScriptCore.xcodeproj/project.pbxproj:
2703         * heap/MachineStackMarker.cpp:
2704         (JSC::MachineThreads::Thread::createForCurrentThread):
2705         (JSC::MachineThreads::machineThreadForCurrentThread):
2706         (JSC::MachineThreads::removeThread):
2707         (JSC::MachineThreads::Thread::suspend):
2708         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2709         (JSC::getCurrentPlatformThread): Deleted.
2710         * heap/MachineStackMarker.h:
2711         * runtime/JSCellInlines.h:
2712         (JSC::JSCell::classInfo):
2713         * runtime/JSLock.cpp:
2714         (JSC::JSLock::lock):
2715         (JSC::JSLock::unlock):
2716         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2717         * runtime/JSLock.h:
2718         (JSC::JSLock::ownerThread):
2719         (JSC::JSLock::currentThreadIsHoldingLock):
2720         * runtime/PlatformThread.h: Added.
2721         (JSC::currentPlatformThread):
2722         * runtime/VM.cpp:
2723         (JSC::VM::~VM):
2724         * runtime/VM.h:
2725         (JSC::VM::ownerThread):
2726         * runtime/Watchdog.cpp:
2727         (JSC::Watchdog::setTimeLimit):
2728         (JSC::Watchdog::shouldTerminate):
2729         (JSC::Watchdog::startTimer):
2730         (JSC::Watchdog::stopTimer):
2731         * tools/JSDollarVMPrototype.cpp:
2732         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2733         * tools/VMInspector.cpp:
2734
2735 2017-02-28  Mark Lam  <mark.lam@apple.com>
2736
2737         Enable the SigillCrashAnalyzer by default for iOS.
2738         https://bugs.webkit.org/show_bug.cgi?id=168989
2739
2740         Reviewed by Keith Miller.
2741
2742         * runtime/Options.cpp:
2743         (JSC::overrideDefaults):
2744
2745 2017-02-28  Mark Lam  <mark.lam@apple.com>
2746
2747         Remove setExclusiveThread() and peers from the JSLock.
2748         https://bugs.webkit.org/show_bug.cgi?id=168977
2749
2750         Reviewed by Filip Pizlo.
2751
2752         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
2753         Speedometer, we see that removal of exclusive thread status has no measurable
2754         impact on performance.  So, let's remove the code for handling exclusive thread
2755         status, and simplify the JSLock code.
2756
2757         For the records, exclusive thread status does improve JSLock locking/unlocking
2758         time by up to 20%.  However, this difference is not measurable in the way WebCore
2759         uses the JSLock as confirmed by Speedometer.
2760
2761         Also applied a minor optimization in JSLock::lock() to assume the initial lock
2762         entry case (as opposed to the re-entry case).  This appears to shows a small
2763         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
2764         time in a micro-benchmark.
2765
2766         * heap/Heap.cpp:
2767         (JSC::Heap::Heap):
2768         * heap/MachineStackMarker.cpp:
2769         (JSC::MachineThreads::MachineThreads):
2770         (JSC::MachineThreads::addCurrentThread):
2771         * heap/MachineStackMarker.h:
2772         * runtime/JSLock.cpp:
2773         (JSC::JSLock::JSLock):
2774         (JSC::JSLock::lock):
2775         (JSC::JSLock::unlock):
2776         (JSC::JSLock::currentThreadIsHoldingLock):
2777         (JSC::JSLock::dropAllLocks):
2778         (JSC::JSLock::grabAllLocks):
2779         (JSC::JSLock::setExclusiveThread): Deleted.
2780         * runtime/JSLock.h:
2781         (JSC::JSLock::ownerThread):
2782         (JSC::JSLock::hasExclusiveThread): Deleted.
2783         (JSC::JSLock::exclusiveThread): Deleted.
2784         * runtime/VM.h:
2785         (JSC::VM::hasExclusiveThread): Deleted.
2786         (JSC::VM::exclusiveThread): Deleted.
2787         (JSC::VM::setExclusiveThread): Deleted.
2788
2789 2017-02-28  Saam Barati  <sbarati@apple.com>
2790
2791         Arm64 disassembler prints "ars" instead of "asr"
2792         https://bugs.webkit.org/show_bug.cgi?id=168923
2793
2794         Rubber stamped by Michael Saboff.
2795
2796         * disassembler/ARM64/A64DOpcode.cpp:
2797         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2798
2799 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
2800
2801         Use of arguments in arrow function is slow
2802         https://bugs.webkit.org/show_bug.cgi?id=168829
2803
2804         Reviewed by Saam Barati.
2805
2806         Current patch improves performance access to arguments within arrow functuion
2807         by preventing create arguments variable within arrow function, also allow to cache 
2808         arguments variable. Before arguments variable always have Dynamic resolve type, after 
2809         patch it can be ClosureVar, that increase performance of access to arguments variable
2810         in 9 times inside of the arrow function. 
2811
2812         * bytecompiler/BytecodeGenerator.cpp:
2813         (JSC::BytecodeGenerator::BytecodeGenerator):
2814         * runtime/JSScope.cpp:
2815         (JSC::abstractAccess):
2816
2817 2017-02-28  Michael Saboff  <msaboff@apple.com>
2818
2819         Add ability to configure JSC options from a file
2820         https://bugs.webkit.org/show_bug.cgi?id=168914
2821
2822         Reviewed by Filip Pizlo.
2823
2824         Added the ability to set options and DataLog file location via a configuration file.
2825         The configuration file is specified with the --configFile option to JSC or the
2826         JSC_configFile environment variable.
2827
2828         The file format allows for options conditionally dependent on various attributes.
2829         Currently those attributes are the process name, parent process name and build
2830         type (Release or Debug).  In this patch, the parent process type is not set.
2831         That will be set up in WebKit code with a follow up patch.
2832
2833         Here is an example config file:
2834
2835             logFile = "/tmp/jscLog.%pid.txt"
2836
2837             jscOptions {
2838                 dumpOptions = 2
2839             }
2840
2841             build == "Debug" {
2842                 jscOptions {
2843                     useConcurrentJIT = false
2844                     dumpDisassembly = true
2845                 }
2846             }
2847
2848             build == "Release" && processName == "jsc" {
2849                 jscOptions {
2850                     asyncDisassembly = true
2851                 }
2852             }
2853
2854         Eliminated the prior options file code.
2855
2856         * CMakeLists.txt:
2857         * JavaScriptCore.xcodeproj/project.pbxproj:
2858         * jsc.cpp:
2859         (jscmain):
2860         * runtime/ConfigFile.cpp: Added.
2861         (JSC::ConfigFileScanner::ConfigFileScanner):
2862         (JSC::ConfigFileScanner::start):
2863         (JSC::ConfigFileScanner::lineNumber):
2864         (JSC::ConfigFileScanner::currentBuffer):
2865         (JSC::ConfigFileScanner::atFileEnd):
2866         (JSC::ConfigFileScanner::tryConsume):
2867         (JSC::ConfigFileScanner::tryConsumeString):
2868         (JSC::ConfigFileScanner::tryConsumeUpto):
2869         (JSC::ConfigFileScanner::fillBufferIfNeeded):
2870         (JSC::ConfigFileScanner::fillBuffer):
2871         (JSC::ConfigFile::ConfigFile):
2872         (JSC::ConfigFile::setProcessName):
2873         (JSC::ConfigFile::setParentProcessName):
2874         (JSC::ConfigFile::parse):
2875         * runtime/ConfigFile.h: Added.
2876         * runtime/Options.cpp:
2877         (JSC::Options::initialize):
2878         (JSC::Options::setOptions):
2879         * runtime/Options.h:
2880
2881 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2882
2883         Begin enabling WebRTC on 64-bit
2884         https://bugs.webkit.org/show_bug.cgi?id=168915
2885
2886         Reviewed by Eric Carlson.
2887
2888         * Configurations/FeatureDefines.xcconfig:
2889
2890 2017-02-27  Mark Lam  <mark.lam@apple.com>
2891
2892         Introduce a VM Traps mechanism and refactor Watchdog to use it.
2893         https://bugs.webkit.org/show_bug.cgi?id=168842
2894
2895         Reviewed by Filip Pizlo.
2896
2897         Currently, the traps mechanism is only used for the JSC watchdog, and for
2898         asynchronous termination requests (which is currently only used for worker
2899         threads termination).
2900
2901         This first cut of the traps mechanism still relies on polling from DFG and FTL
2902         code.  This is done to keep the patch as small as possible.  The work to do
2903         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
2904         another patch.
2905
2906         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
2907         flag to enable the traps polling in the DFG and FTL code.  When we have the
2908         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
2909         the VM::m_needAsynchronousTerminationSupport flag.
2910
2911         Note: this patch also separates asynchronous termination support from the JSC
2912         watchdog.  This separation allows us to significantly simplify the locking
2913         requirements in the watchdog code, and make it easier to reason about its
2914         correctness.
2915
2916         * CMakeLists.txt:
2917         * JavaScriptCore.xcodeproj/project.pbxproj:
2918         * bytecode/BytecodeList.json:
2919         * bytecode/BytecodeUseDef.h:
2920         (JSC::computeUsesForBytecodeOffset):
2921         (JSC::computeDefsForBytecodeOffset):
2922         * bytecode/CodeBlock.cpp:
2923         (JSC::CodeBlock::dumpBytecode):
2924         * bytecompiler/BytecodeGenerator.cpp:
2925         (JSC::BytecodeGenerator::BytecodeGenerator):
2926         (JSC::BytecodeGenerator::emitLoopHint):
2927         (JSC::BytecodeGenerator::emitCheckTraps):
2928         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
2929         * bytecompiler/BytecodeGenerator.h:
2930         * dfg/DFGAbstractInterpreterInlines.h:
2931         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2932         * dfg/DFGByteCodeParser.cpp:
2933         (JSC::DFG::ByteCodeParser::parseBlock):
2934         * dfg/DFGCapabilities.cpp:
2935         (JSC::DFG::capabilityLevel):
2936         * dfg/DFGClobberize.h:
2937         (JSC::DFG::clobberize):
2938         * dfg/DFGDoesGC.cpp:
2939         (JSC::DFG::doesGC):
2940         * dfg/DFGFixupPhase.cpp:
2941         (JSC::DFG::FixupPhase::fixupNode):
2942         * dfg/DFGNodeType.h:
2943         * dfg/DFGPredictionPropagationPhase.cpp:
2944         * dfg/DFGSafeToExecute.h:
2945         (JSC::DFG::safeToExecute):
2946         * dfg/DFGSpeculativeJIT.cpp:
2947         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2948         * dfg/DFGSpeculativeJIT.h:
2949         * dfg/DFGSpeculativeJIT32_64.cpp:
2950         (JSC::DFG::SpeculativeJIT::compile):
2951         * dfg/DFGSpeculativeJIT64.cpp:
2952         (JSC::DFG::SpeculativeJIT::compile):
2953         * ftl/FTLCapabilities.cpp:
2954         (JSC::FTL::canCompile):
2955         * ftl/FTLLowerDFGToB3.cpp:
2956         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2957         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2958         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
2959         * interpreter/Interpreter.cpp:
2960         (JSC::Interpreter::executeProgram):
2961         (JSC::Interpreter::executeCall):
2962         (JSC::Interpreter::executeConstruct):
2963         (JSC::Interpreter::execute):
2964         * jit/JIT.cpp:
2965         (JSC::JIT::privateCompileMainPass):
2966         (JSC::JIT::privateCompileSlowCases):
2967         * jit/JIT.h:
2968         * jit/JITOpcodes.cpp:
2969         (JSC::JIT::emit_op_check_traps):
2970         (JSC::JIT::emitSlow_op_check_traps):
2971         (JSC::JIT::emit_op_watchdog): Deleted.
2972         (JSC::JIT::emitSlow_op_watchdog): Deleted.
2973         * jit/JITOperations.cpp:
2974         * jit/JITOperations.h:
2975         * llint/LLIntSlowPaths.cpp:
2976         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2977         * llint/LLIntSlowPaths.h:
2978         * llint/LowLevelInterpreter.asm:
2979         * llint/LowLevelInterpreter32_64.asm:
2980         * llint/LowLevelInterpreter64.asm:
2981         * runtime/VM.cpp:
2982         (JSC::VM::~VM):
2983         (JSC::VM::ensureWatchdog):
2984         (JSC::VM::handleTraps):
2985         * runtime/VM.h:
2986         (JSC::VM::ownerThread):
2987         (JSC::VM::needTrapHandling):
2988         (JSC::VM::needTrapHandlingAddress):
2989         (JSC::VM::notifyNeedTermination):
2990         (JSC::VM::notifyNeedWatchdogCheck):
2991         (JSC::VM::needAsynchronousTerminationSupport):
2992         (JSC::VM::setNeedAsynchronousTerminationSupport):
2993         * runtime/VMInlines.h:
2994         (JSC::VM::shouldTriggerTermination): Deleted.
2995         * runtime/VMTraps.cpp: Added.
2996         (JSC::VMTraps::fireTrap):
2997         (JSC::VMTraps::takeTrap):
2998         * runtime/VMTraps.h: Added.
2999         (JSC::VMTraps::needTrapHandling):
3000         (JSC::VMTraps::needTrapHandlingAddress):
3001         (JSC::VMTraps::hasTrapForEvent):
3002         (JSC::VMTraps::setTrapForEvent):
3003         (JSC::VMTraps::clearTrapForEvent):
3004         * runtime/Watchdog.cpp:
3005         (JSC::Watchdog::Watchdog):
3006         (JSC::Watchdog::setTimeLimit):
3007         (JSC::Watchdog::shouldTerminate):
3008         (JSC::Watchdog::enteredVM):
3009         (JSC::Watchdog::exitedVM):
3010         (JSC::Watchdog::startTimer):
3011         (JSC::Watchdog::stopTimer):
3012         (JSC::Watchdog::willDestroyVM):
3013         (JSC::Watchdog::terminateSoon): Deleted.
3014         (JSC::Watchdog::shouldTerminateSlow): Deleted.
3015         * runtime/Watchdog.h:
3016         (JSC::Watchdog::shouldTerminate): Deleted.
3017         (JSC::Watchdog::timerDidFireAddress): Deleted.
3018
3019 2017-02-27  Commit Queue  <commit-queue@webkit.org>
3020
3021         Unreviewed, rolling out r213019.
3022         https://bugs.webkit.org/show_bug.cgi?id=168925
3023
3024         "It broke 32-bit jsc tests in debug builds" (Requested by
3025         saamyjoon on #webkit).
3026
3027         Reverted changeset:
3028
3029         "op_get_by_id_with_this should use inline caching"
3030         https://bugs.webkit.org/show_bug.cgi?id=162124
3031         http://trac.webkit.org/changeset/213019
3032
3033 2017-02-27  JF Bastien  <jfbastien@apple.com>
3034
3035         WebAssembly: miscellaneous spec fixes part deux
3036         https://bugs.webkit.org/show_bug.cgi?id=168861
3037
3038         Reviewed by Keith Miller.
3039
3040         * wasm/WasmFunctionParser.h: add some FIXME
3041
3042 2017-02-27  Alex Christensen  <achristensen@webkit.org>
3043
3044         [libwebrtc] Enable WebRTC in some Production Builds
3045         https://bugs.webkit.org/show_bug.cgi?id=168858
3046
3047         * Configurations/FeatureDefines.xcconfig:
3048
3049 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
3050
3051         op_get_by_id_with_this should use inline caching
3052         https://bugs.webkit.org/show_bug.cgi?id=162124
3053
3054         Reviewed by Saam Barati.
3055
3056         This patch is enabling inline cache for op_get_by_id_with_this in all
3057         tiers. It means that operations using ```super.member``` are going to
3058         be able to be optimized by PIC. To enable it, we introduced a new
3059         member of StructureStubInfo.patch named thisGPR, created a new class
3060         to manage the IC named JITGetByIdWithThisGenerator and changed
3061         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
3062         to decide the correct this value on inline caches.
3063         With inline cached enabled, ```super.member``` are ~4.5x faster,
3064         according microbenchmarks.
3065
3066         * bytecode/AccessCase.cpp:
3067         (JSC::AccessCase::generateImpl):
3068         * bytecode/PolymorphicAccess.cpp:
3069         (JSC::PolymorphicAccess::regenerate):
3070         * bytecode/PolymorphicAccess.h:
3071         * bytecode/StructureStubInfo.cpp:
3072         (JSC::StructureStubInfo::reset):
3073         * bytecode/StructureStubInfo.h:
3074         * dfg/DFGFixupPhase.cpp:
3075         (JSC::DFG::FixupPhase::fixupNode):
3076         * dfg/DFGJITCompiler.cpp:
3077         (JSC::DFG::JITCompiler::link):
3078         * dfg/DFGJITCompiler.h:
3079         (JSC::DFG::JITCompiler::addGetByIdWithThis):
3080         * dfg/DFGSpeculativeJIT.cpp:
3081         (JSC::DFG::SpeculativeJIT::compileIn):
3082         * dfg/DFGSpeculativeJIT.h:
3083         (JSC::DFG::SpeculativeJIT::callOperation):
3084         * dfg/DFGSpeculativeJIT32_64.cpp:
3085         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3086         (JSC::DFG::SpeculativeJIT::compile):
3087         * dfg/DFGSpeculativeJIT64.cpp:
3088         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3089         (JSC::DFG::SpeculativeJIT::compile):
3090         * ftl/FTLLowerDFGToB3.cpp:
3091         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
3092         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
3093         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
3094         * jit/CCallHelpers.h:
3095         (JSC::CCallHelpers::setupArgumentsWithExecState):
3096         * jit/ICStats.h:
3097         * jit/JIT.cpp:
3098         (JSC::JIT::JIT):
3099         (JSC::JIT::privateCompileSlowCases):
3100         (JSC::JIT::link):
3101         * jit/JIT.h:
3102         * jit/JITInlineCacheGenerator.cpp:
3103         (JSC::JITByIdGenerator::JITByIdGenerator):
3104         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
3105         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
3106         * jit/JITInlineCacheGenerator.h:
3107         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
3108         * jit/JITInlines.h:
3109         (JSC::JIT::callOperation):
3110         * jit/JITOperations.cpp:
3111         * jit/JITOperations.h:
3112         * jit/JITPropertyAccess.cpp:
3113         (JSC::JIT::emit_op_get_by_id_with_this):
3114         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3115         * jit/JITPropertyAccess32_64.cpp:
3116         (JSC::JIT::emit_op_get_by_id_with_this):
3117         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3118         * jit/Repatch.cpp:
3119         (JSC::appropriateOptimizingGetByIdFunction):
3120         (JSC::appropriateGenericGetByIdFunction):
3121         (JSC::tryCacheGetByID):
3122         * jit/Repatch.h:
3123         * jsc.cpp:
3124         (WTF::CustomGetter::getOwnPropertySlot):
3125         (WTF::CustomGetter::customGetterAcessor):
3126
3127 2017-02-24  JF Bastien  <jfbastien@apple.com>
3128
3129         WebAssembly: miscellaneous spec fixes
3130         https://bugs.webkit.org/show_bug.cgi?id=168822
3131
3132         Reviewed by Saam Barati.
3133
3134         * wasm/WasmModuleParser.cpp: "unknown" sections are now called "custom" sections
3135         * wasm/WasmSections.h:
3136         (JSC::Wasm::validateOrder):
3137         (JSC::Wasm::makeString): fix ASSERT_UNREACHABLE bug in printing
3138         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3139         (JSC::constructJSWebAssemblyInstance): disallow i64 import
3140         * wasm/js/WebAssemblyModuleRecord.cpp:
3141         (JSC::WebAssemblyModuleRecord::link): disallow i64 export
3142         (JSC::WebAssemblyModuleRecord::evaluate):
3143
3144 2017-02-24  Filip Pizlo  <fpizlo@apple.com>
3145
3146         Move Arg::Type and Arg::Width out into the B3 namespace, since they are general concepts
3147         https://bugs.webkit.org/show_bug.cgi?id=168833
3148
3149         Reviewed by Saam Barati.
3150         
3151         I want to use the Air::Arg::Type and Air::Arg::Width concepts in B3. We are already
3152         doing this a bit, and it's akward because of the namespacing. Throughout B3 we take the
3153         approach that if something is not specific to Air, then it should be in the B3
3154         namespace.
3155         
3156         This moves Air::Arg::Type to B3::Bank. This moves Air::Arg::Width to B3::Width.
3157         
3158         I renamed Arg::Type to Bank because there is already a B3::Type and because Arg::Type
3159         was never really a type. Its purpose was always to identify register banks, and we use
3160         this enum when the thing we care about is whether the value is most appropriate for
3161         GPRs or FPRs.
3162         
3163         I kept both as non-enum classes because I think that we've learned that terse compiler
3164         code is a good thing. I don't want to say Bank::GP when I can say GP. With Width, the
3165         argument is even stronger, since you cannot say Width::8 but you can say Width8.
3166
3167         * CMakeLists.txt:
3168         * JavaScriptCore.xcodeproj/project.pbxproj:
3169         * b3/B3Bank.cpp: Added.
3170         (WTF::printInternal):
3171         * b3/B3Bank.h: Added.
3172         (JSC::B3::forEachBank):
3173         (JSC::B3::bankForType):
3174         * b3/B3CheckSpecial.cpp:
3175         (JSC::B3::CheckSpecial::forEachArg):
3176         * b3/B3LegalizeMemoryOffsets.cpp:
3177         * b3/B3LowerToAir.cpp:
3178         (JSC::B3::Air::LowerToAir::run):
3179         (JSC::B3::Air::LowerToAir::tmp):
3180         (JSC::B3::Air::LowerToAir::scaleForShl):
3181         (JSC::B3::Air::LowerToAir::effectiveAddr):
3182         (JSC::B3::Air::LowerToAir::addr):
3183         (JSC::B3::Air::LowerToAir::createGenericCompare):
3184         (JSC::B3::Air::LowerToAir::createBranch):
3185         (JSC::B3::Air::LowerToAir::createCompare):
3186         (JSC::B3::Air::LowerToAir::createSelect):
3187         (JSC::B3::Air::LowerToAir::lower):
3188         * b3/B3MemoryValue.cpp:
3189         (JSC::B3::MemoryValue::accessWidth):
3190         * b3/B3MemoryValue.h:
3191         * b3/B3MoveConstants.cpp:
3192         * b3/B3PatchpointSpecial.cpp:
3193         (JSC::B3::PatchpointSpecial::forEachArg):
3194         * b3/B3StackmapSpecial.cpp:
3195         (JSC::B3::StackmapSpecial::forEachArgImpl):
3196         * b3/B3Value.h:
3197         * b3/B3Variable.h:
3198         (JSC::B3::Variable::width):
3199         (JSC::B3::Variable::bank):
3200         * b3/B3WasmAddressValue.h:
3201         * b3/B3Width.cpp: Added.
3202         (WTF::printInternal):
3203         * b3/B3Width.h: Added.
3204         (JSC::B3::pointerWidth):
3205         (JSC::B3::widthForType):
3206         (JSC::B3::conservativeWidth):
3207         (JSC::B3::minimumWidth):
3208         (JSC::B3::bytes):
3209         (JSC::B3::widthForBytes):
3210         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3211         * b3/air/AirAllocateStack.cpp:
3212         (JSC::B3::Air::allocateStack):
3213         * b3/air/AirArg.cpp:
3214         (JSC::B3::Air::Arg::canRepresent):
3215         (JSC::B3::Air::Arg::isCompatibleBank):
3216         (JSC::B3::Air::Arg::isCompatibleType): Deleted.
3217         * b3/air/AirArg.h:
3218         (JSC::B3::Air::Arg::hasBank):
3219         (JSC::B3::Air::Arg::bank):
3220         (JSC::B3::Air::Arg::isBank):
3221         (JSC::B3::Air::Arg::forEachTmp):
3222         (JSC::B3::Air::Arg::forEachType): Deleted.
3223         (JSC::B3::Air::Arg::pointerWidth): Deleted.
3224         (JSC::B3::Air::Arg::typeForB3Type): Deleted.
3225         (JSC::B3::Air::Arg::widthForB3Type): Deleted.
3226         (JSC::B3::Air::Arg::conservativeWidth): Deleted.
3227         (JSC::B3::Air::Arg::minimumWidth): Deleted.
3228         (JSC::B3::Air::Arg::bytes): Deleted.
3229         (JSC::B3::Air::Arg::widthForBytes): Deleted.
3230         (JSC::B3::Air::Arg::hasType): Deleted.
3231         (JSC::B3::Air::Arg::type): Deleted.
3232         (JSC::B3::Air::Arg::isType): Deleted.
3233         * b3/air/AirArgInlines.h:
3234         (JSC::B3::Air::ArgThingHelper<Tmp>::forEach):
3235         (JSC::B3::Air::ArgThingHelper<Arg>::forEach):
3236         (JSC::B3::Air::ArgThingHelper<Reg>::forEach):
3237         (JSC::B3::Air::Arg::forEach):
3238         * b3/air/AirCCallSpecial.cpp:
3239         (JSC::B3::Air::CCallSpecial::forEachArg):
3240         * b3/air/AirCCallingConvention.cpp:
3241         * b3/air/AirCode.cpp:
3242         (JSC::B3::Air::Code::Code):
3243         (JSC::B3::Air::Code::setRegsInPriorityOrder):
3244         (JSC::B3::Air::Code::pinRegister):
3245         * b3/air/AirCode.h:
3246         (JSC::B3::Air::Code::regsInPriorityOrder):
3247         (JSC::B3::Air::Code::newTmp):
3248         (JSC::B3::Air::Code::numTmps):
3249         (JSC::B3::Air::Code::regsInPriorityOrderImpl):
3250         * b3/air/AirCustom.cpp:
3251         (JSC::B3::Air::PatchCustom::isValidForm):
3252         (JSC::B3::Air::ShuffleCustom::isValidForm):
3253         * b3/air/AirCustom.h:
3254         (JSC::B3::Air::PatchCustom::forEachArg):
3255         (JSC::B3::Air::CCallCustom::forEachArg):
3256         (JSC::B3::Air::ColdCCallCustom::forEachArg):
3257         (JSC::B3::Air::ShuffleCustom::forEachArg):
3258         (JSC::B3::Air::WasmBoundsCheckCustom::forEachArg):
3259         * b3/air/AirDumpAsJS.cpp:
3260         (JSC::B3::Air::dumpAsJS):
3261         * b3/air/AirEliminateDeadCode.cpp:
3262         (JSC::B3::Air::eliminateDeadCode):
3263         * b3/air/AirEmitShuffle.cpp:
3264         (JSC::B3::Air::emitShuffle):
3265         * b3/air/AirEmitShuffle.h:
3266         (JSC::B3::Air::ShufflePair::ShufflePair):
3267         (JSC::B3::Air::ShufflePair::width):
3268         * b3/air/AirFixObviousSpills.cpp:
3269         * b3/air/AirFixPartialRegisterStalls.cpp:
3270         (JSC::B3::Air::fixPartialRegisterStalls):
3271         * b3/air/AirInst.cpp:
3272         (JSC::B3::Air::Inst::hasArgEffects):
3273         * b3/air/AirInst.h:
3274         (JSC::B3::Air::Inst::forEachTmp):
3275         * b3/air/AirInstInlines.h:
3276         (JSC::B3::Air::Inst::forEach):
3277         (JSC::B3::Air::Inst::forEachDef):
3278         (JSC::B3::Air::Inst::forEachDefWithExtraClobberedRegs):
3279         * b3/air/AirLiveness.h:
3280         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
3281         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
3282         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
3283         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
3284         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
3285         (JSC::B3::Air::RegLivenessAdapter::acceptsBank):
3286         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
3287         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute):
3288         (JSC::B3::Air::TmpLivenessAdapter::acceptsType): Deleted.
3289         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsType): Deleted.
3290         (JSC::B3::Air::RegLivenessAdapter::acceptsType): Deleted.
3291         * b3/air/AirLogRegisterPressure.cpp:
3292         (JSC::B3::Air::logRegisterPressure):
3293         * b3/air/AirLowerAfterRegAlloc.cpp:
3294         (JSC::B3::Air::lowerAfterRegAlloc):
3295         * b3/air/AirLowerMacros.cpp:
3296         (JSC::B3::Air::lowerMacros):
3297         * b3/air/AirPadInterference.cpp:
3298         (JSC::B3::Air::padInterference):
3299         * b3/air/AirReportUsedRegisters.cpp:
3300         (JSC::B3::Air::reportUsedRegisters):
3301         * b3/air/AirSpillEverything.cpp:
3302         (JSC::B3::Air::spillEverything):
3303         * b3/air/AirTmpInlines.h:
3304         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex): Deleted.
3305         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::lastMachineRegisterIndex): Deleted.
3306         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
3307         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex): Deleted.
3308         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::lastMachineRegisterIndex): Deleted.
3309         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
3310         * b3/air/AirTmpWidth.cpp:
3311         (JSC::B3::Air::TmpWidth::recompute):
3312         * b3/air/AirTmpWidth.h:
3313         (JSC::B3::Air::TmpWidth::width):
3314         (JSC::B3::Air::TmpWidth::requiredWidth):
3315         (JSC::B3::Air::TmpWidth::defWidth):
3316         (JSC::B3::Air::TmpWidth::useWidth):
3317         (JSC::B3::Air::TmpWidth::Widths::Widths):
3318         * b3/air/AirUseCounts.h:
3319         (JSC::B3::Air::UseCounts::UseCounts):
3320         * b3/air/AirValidate.cpp:
3321         * b3/air/opcode_generator.rb:
3322         * b3/air/testair.cpp:
3323         (JSC::B3::Air::compile): Deleted.
3324         (JSC::B3::Air::invoke): Deleted.
3325         (JSC::B3::Air::compileAndRun): Deleted.
3326         (JSC::B3::Air::testSimple): Deleted.
3327         (JSC::B3::Air::loadConstantImpl): Deleted.
3328         (JSC::B3::Air::loadConstant): Deleted.
3329         (JSC::B3::Air::loadDoubleConstant): Deleted.
3330         (JSC::B3::Air::testShuffleSimpleSwap): Deleted.
3331         (JSC::B3::Air::testShuffleSimpleShift): Deleted.
3332         (JSC::B3::Air::testShuffleLongShift): Deleted.
3333         (JSC::B3::Air::testShuffleLongShiftBackwards): Deleted.
3334         (JSC::B3::Air::testShuffleSimpleRotate): Deleted.
3335         (JSC::B3::Air::testShuffleSimpleBroadcast): Deleted.
3336         (JSC::B3::Air::testShuffleBroadcastAllRegs): Deleted.
3337         (JSC::B3::Air::testShuffleTreeShift): Deleted.
3338         (JSC::B3::Air::testShuffleTreeShiftBackward): Deleted.
3339         (JSC::B3::Air::testShuffleTreeShiftOtherBackward): Deleted.
3340         (JSC::B3::Air::testShuffleMultipleShifts): Deleted.
3341         (JSC::B3::Air::testShuffleRotateWithFringe): Deleted.
3342         (JSC::B3::Air::testShuffleRotateWithFringeInWeirdOrder): Deleted.
3343         (JSC::B3::Air::testShuffleRotateWithLongFringe): Deleted.
3344         (JSC::B3::Air::testShuffleMultipleRotates): Deleted.
3345         (JSC::B3::Air::testShuffleShiftAndRotate): Deleted.
3346         (JSC::B3::Air::testShuffleShiftAllRegs): Deleted.
3347         (JSC::B3::Air::testShuffleRotateAllRegs): Deleted.
3348         (JSC::B3::Air::testShuffleSimpleSwap64): Deleted.
3349         (JSC::B3::Air::testShuffleSimpleShift64): Deleted.
3350         (JSC::B3::Air::testShuffleSwapMixedWidth): Deleted.
3351         (JSC::B3::Air::testShuffleShiftMixedWidth): Deleted.
3352         (JSC::B3::Air::testShuffleShiftMemory): Deleted.
3353         (JSC::B3::Air::testShuffleShiftMemoryLong): Deleted.
3354         (JSC::B3::Air::testShuffleShiftMemoryAllRegs): Deleted.
3355         (JSC::B3::Air::testShuffleShiftMemoryAllRegs64): Deleted.
3356         (JSC::B3::Air::combineHiLo): Deleted.
3357         (JSC::B3::Air::testShuffleShiftMemoryAllRegsMixedWidth): Deleted.
3358         (JSC::B3::Air::testShuffleRotateMemory): Deleted.
3359         (JSC::B3::Air::testShuffleRotateMemory64): Deleted.
3360         (JSC::B3::Air::testShuffleRotateMemoryMixedWidth): Deleted.
3361         (JSC::B3::Air::testShuffleRotateMemoryAllRegs64): Deleted.
3362         (JSC::B3::Air::testShuffleRotateMemoryAllRegsMixedWidth): Deleted.
3363         (JSC::B3::Air::testShuffleSwapDouble): Deleted.
3364     &nbs