Add op_add tests to compare behavior of JIT generated code to the LLINT's.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-03  Mark Lam  <mark.lam@apple.com>
2
3         Add op_add tests to compare behavior of JIT generated code to the LLINT's.
4         https://bugs.webkit.org/show_bug.cgi?id=150864
5
6         Reviewed by Saam Barati.
7
8         * tests/stress/op_add.js: Added.
9         (o1.valueOf):
10         (generateScenarios):
11         (printScenarios):
12         (testCases.func):
13         (func):
14         (initializeTestCases):
15         (runTest):
16
17 2015-11-03  Mark Lam  <mark.lam@apple.com>
18
19         Rename DFG's compileAdd to compileArithAdd.
20         https://bugs.webkit.org/show_bug.cgi?id=150866
21
22         Reviewed by Benjamin Poulain.
23
24         The function is only supposed to generate code to do arithmetic addition on
25         numeric types.  Naming it compileArithAdd() is more accurate, and is consistent
26         with the name of the node it emits code for (i.e. ArithAdd) as well as other
27         compiler functions for analogous operations e.g. compileArithSub.
28
29         * dfg/DFGSpeculativeJIT.cpp:
30         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
31         (JSC::DFG::SpeculativeJIT::compileArithAdd):
32         (JSC::DFG::SpeculativeJIT::compileAdd): Deleted.
33         * dfg/DFGSpeculativeJIT.h:
34         * dfg/DFGSpeculativeJIT32_64.cpp:
35         (JSC::DFG::SpeculativeJIT::compile):
36         * dfg/DFGSpeculativeJIT64.cpp:
37         (JSC::DFG::SpeculativeJIT::compile):
38
39 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
40
41         Web Inspector: Remove duplication among ScriptDebugServer subclasses
42         https://bugs.webkit.org/show_bug.cgi?id=150860
43
44         Reviewed by Timothy Hatcher.
45
46         ScriptDebugServer expects a list of listeners to dispatch events to.
47         However each of its subclasses had their own implementation of the
48         list because of different handling when the first was added or when
49         the last was removed. Extract common code into ScriptDebugServer
50         which simplifies things.
51
52         Subclasses now only implement a virtual methods "attachDebugger"
53         and "detachDebugger" which is the unique work done when the first
54         listener is added or last is removed.
55
56         * inspector/JSGlobalObjectScriptDebugServer.cpp:
57         (Inspector::JSGlobalObjectScriptDebugServer::attachDebugger):
58         (Inspector::JSGlobalObjectScriptDebugServer::detachDebugger):
59         (Inspector::JSGlobalObjectScriptDebugServer::addListener): Deleted.
60         (Inspector::JSGlobalObjectScriptDebugServer::removeListener): Deleted.
61         * inspector/JSGlobalObjectScriptDebugServer.h:
62         * inspector/ScriptDebugServer.cpp:
63         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
64         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
65         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
66         (Inspector::ScriptDebugServer::sourceParsed):
67         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
68         (Inspector::ScriptDebugServer::addListener):
69         (Inspector::ScriptDebugServer::removeListener):
70         * inspector/ScriptDebugServer.h:
71         * inspector/agents/InspectorDebuggerAgent.cpp:
72         (Inspector::InspectorDebuggerAgent::enable):
73         (Inspector::InspectorDebuggerAgent::disable):
74         * inspector/agents/InspectorDebuggerAgent.h:
75         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
76         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer): Deleted.
77         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer): Deleted.
78         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
79
80         * inspector/ScriptDebugListener.h:
81         (Inspector::ScriptDebugListener::Script::Script):
82         Drive-by convert Script to a struct, it has public fields and is used as such.
83
84 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
85
86         B3::LowerToAir should recognize Neg (i.e. Sub($0, value))
87         https://bugs.webkit.org/show_bug.cgi?id=150759
88
89         Reviewed by Benjamin Poulain.
90
91         Adds various forms of Sub(0, value) and compiles them as Neg. Also fixes a bug in
92         StoreSubLoad. This bug was correctness-benign, so I couldn't add a test for it.
93
94         * b3/B3LowerToAir.cpp:
95         (JSC::B3::Air::LowerToAir::immOrTmp):
96         (JSC::B3::Air::LowerToAir::appendUnOp):
97         (JSC::B3::Air::LowerToAir::appendBinOp):
98         (JSC::B3::Air::LowerToAir::tryAppendStoreUnOp):
99         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
100         (JSC::B3::Air::LowerToAir::trySub):
101         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
102         * b3/B3LoweringMatcher.patterns:
103         * b3/air/AirOpcode.opcodes:
104         * b3/testb3.cpp:
105         (JSC::B3::testAdd1Ptr):
106         (JSC::B3::testNeg32):
107         (JSC::B3::testNegPtr):
108         (JSC::B3::testStoreAddLoad):
109         (JSC::B3::testStoreAddAndLoad):
110         (JSC::B3::testStoreNegLoad32):
111         (JSC::B3::testStoreNegLoadPtr):
112         (JSC::B3::testAdd1Uncommuted):
113         (JSC::B3::run):
114
115 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
116
117         B3::Values that have effects should allow specification of custom HeapRanges
118         https://bugs.webkit.org/show_bug.cgi?id=150535
119
120         Reviewed by Benjamin Poulain.
121
122         Add a Effects field to calls and patchpoints. Add a HeapRange to MemoryValues.
123
124         In the process, I created a class for the CCall opcode, so that it has somewhere to put
125         the Effects field.
126
127         While doing this, I realized that we didn't have a good way of ensuring that an opcode
128         that requires a specific subclass was actually created with that subclass. So, I added
129         assertions for this.
130
131         * CMakeLists.txt:
132         * JavaScriptCore.xcodeproj/project.pbxproj:
133         * b3/B3ArgumentRegValue.h:
134         * b3/B3CCallValue.cpp: Added.
135         * b3/B3CCallValue.h: Added.
136         * b3/B3CheckValue.h:
137         * b3/B3Const32Value.h:
138         * b3/B3Const64Value.h:
139         * b3/B3ConstDoubleValue.h:
140         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
141         * b3/B3ControlValue.h:
142         * b3/B3Effects.h:
143         (JSC::B3::Effects::forCall):
144         (JSC::B3::Effects::mustExecute):
145         * b3/B3MemoryValue.h:
146         * b3/B3PatchpointValue.h:
147         * b3/B3StackSlotValue.h:
148         * b3/B3UpsilonValue.h:
149         * b3/B3Value.cpp:
150         (JSC::B3::Value::effects):
151         (JSC::B3::Value::dumpMeta):
152         (JSC::B3::Value::checkOpcode):
153         (JSC::B3::Value::typeFor):
154         * b3/B3Value.h:
155
156 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
157
158         B3::Stackmap should be a superclass of B3::PatchpointValue and B3::CheckValue rather than being one of their members
159         https://bugs.webkit.org/show_bug.cgi?id=150831
160
161         Rubber stamped by Benjamin Poulain.
162
163         Previously, Stackmap was a value that PatchpointValue and CheckValue would hold as a field.
164         We'd have convenient ways of getting this field, like via Value::stackmap(). But this was a
165         bit ridiculous, since Stackmap is logically just a common supertype for Patchpointvalue and
166         CheckValue. This patch makes this reality by replacing Stackmap with StackmapValue. This makes
167         the code a lot more reasonable.
168
169         I also needed to make dumping a bit more customizable, so I changed dumpMeta() to take a
170         CommaPrinter&. This gives subclasses better control over whether or not to emit a comma. Also
171         it's now possible for subclasses of Value to customize how children are printed. StackmapValue
172         uses this to print the children and their reps together like:
173
174             Int32 @2 = Patchpoint(@0:SomeRegister, @1:SomeRegister, generator = 0x1107ec010, clobbered = [], usedRegisters = [], ExitsSideways|ControlDependent|Writes:Top|Reads:Top)
175
176         This has no behavior change, it's just a big refactoring. You can see how much simpler this
177         makes things by looking at the testSimplePatchpoint() test.
178
179         * CMakeLists.txt:
180         * JavaScriptCore.xcodeproj/project.pbxproj:
181         * b3/B3ArgumentRegValue.cpp:
182         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
183         (JSC::B3::ArgumentRegValue::dumpMeta):
184         * b3/B3ArgumentRegValue.h:
185         * b3/B3CheckSpecial.cpp:
186         (JSC::B3::CheckSpecial::generate):
187         * b3/B3CheckValue.cpp:
188         (JSC::B3::CheckValue::~CheckValue):
189         (JSC::B3::CheckValue::CheckValue):
190         (JSC::B3::CheckValue::dumpMeta): Deleted.
191         * b3/B3CheckValue.h:
192         (JSC::B3::CheckValue::accepts):
193         * b3/B3Const32Value.cpp:
194         (JSC::B3::Const32Value::notEqualConstant):
195         (JSC::B3::Const32Value::dumpMeta):
196         * b3/B3Const32Value.h:
197         * b3/B3Const64Value.cpp:
198         (JSC::B3::Const64Value::notEqualConstant):
199         (JSC::B3::Const64Value::dumpMeta):
200         * b3/B3Const64Value.h:
201         * b3/B3ConstDoubleValue.cpp:
202         (JSC::B3::ConstDoubleValue::notEqualConstant):
203         (JSC::B3::ConstDoubleValue::dumpMeta):
204         * b3/B3ConstDoubleValue.h:
205         * b3/B3ConstrainedValue.cpp: Added.
206         (JSC::B3::ConstrainedValue::dump):
207         * b3/B3ConstrainedValue.h: Added.
208         (JSC::B3::ConstrainedValue::ConstrainedValue):
209         (JSC::B3::ConstrainedValue::operator bool):
210         (JSC::B3::ConstrainedValue::value):
211         (JSC::B3::ConstrainedValue::rep):
212         * b3/B3ControlValue.cpp:
213         (JSC::B3::ControlValue::convertToJump):
214         (JSC::B3::ControlValue::dumpMeta):
215         * b3/B3ControlValue.h:
216         * b3/B3LowerToAir.cpp:
217         (JSC::B3::Air::LowerToAir::tryPatchpoint):
218         * b3/B3MemoryValue.cpp:
219         (JSC::B3::MemoryValue::accessByteSize):
220         (JSC::B3::MemoryValue::dumpMeta):
221         * b3/B3MemoryValue.h:
222         * b3/B3PatchpointSpecial.cpp:
223         (JSC::B3::PatchpointSpecial::generate):
224         * b3/B3PatchpointValue.cpp:
225         (JSC::B3::PatchpointValue::~PatchpointValue):
226         (JSC::B3::PatchpointValue::PatchpointValue):
227         (JSC::B3::PatchpointValue::dumpMeta): Deleted.
228         * b3/B3PatchpointValue.h:
229         (JSC::B3::PatchpointValue::accepts):
230         * b3/B3StackSlotValue.cpp:
231         (JSC::B3::StackSlotValue::~StackSlotValue):
232         (JSC::B3::StackSlotValue::dumpMeta):
233         * b3/B3StackSlotValue.h:
234         * b3/B3Stackmap.cpp: Removed.
235         * b3/B3Stackmap.h: Removed.
236         * b3/B3StackmapSpecial.cpp:
237         (JSC::B3::StackmapSpecial::reportUsedRegisters):
238         (JSC::B3::StackmapSpecial::extraClobberedRegs):
239         (JSC::B3::StackmapSpecial::forEachArgImpl):
240         (JSC::B3::StackmapSpecial::isValidImpl):
241         (JSC::B3::StackmapSpecial::admitsStackImpl):
242         * b3/B3StackmapSpecial.h:
243         * b3/B3StackmapValue.cpp: Added.
244         (JSC::B3::StackmapValue::~StackmapValue):
245         (JSC::B3::StackmapValue::append):
246         (JSC::B3::StackmapValue::setConstrainedChild):
247         (JSC::B3::StackmapValue::setConstraint):
248         (JSC::B3::StackmapValue::dumpChildren):
249         (JSC::B3::StackmapValue::dumpMeta):
250         (JSC::B3::StackmapValue::StackmapValue):
251         * b3/B3StackmapValue.h: Added.
252         * b3/B3SwitchValue.cpp:
253         (JSC::B3::SwitchValue::appendCase):
254         (JSC::B3::SwitchValue::dumpMeta):
255         (JSC::B3::SwitchValue::SwitchValue):
256         * b3/B3SwitchValue.h:
257         * b3/B3UpsilonValue.cpp:
258         (JSC::B3::UpsilonValue::~UpsilonValue):
259         (JSC::B3::UpsilonValue::dumpMeta):
260         * b3/B3UpsilonValue.h:
261         * b3/B3Validate.cpp:
262         * b3/B3Value.cpp:
263         (JSC::B3::Value::dump):
264         (JSC::B3::Value::dumpChildren):
265         (JSC::B3::Value::deepDump):
266         (JSC::B3::Value::performSubstitution):
267         (JSC::B3::Value::dumpMeta):
268         * b3/B3Value.h:
269         * b3/B3ValueInlines.h:
270         (JSC::B3::Value::asNumber):
271         (JSC::B3::Value::stackmap): Deleted.
272         * b3/B3ValueRep.h:
273         (JSC::B3::ValueRep::kind):
274         (JSC::B3::ValueRep::operator==):
275         (JSC::B3::ValueRep::operator!=):
276         (JSC::B3::ValueRep::operator bool):
277         (JSC::B3::ValueRep::isAny):
278         * b3/air/AirInstInlines.h:
279         * b3/testb3.cpp:
280         (JSC::B3::testSimplePatchpoint):
281
282 2015-11-03  Benjamin Poulain  <bpoulain@apple.com>
283
284         [JSC] Add Air lowering for BitOr and impove BitAnd
285         https://bugs.webkit.org/show_bug.cgi?id=150827
286
287         Reviewed by Filip Pizlo.
288
289         In this patch:
290         -B3 to Air lowering for BirOr.
291         -Codegen for BitOr.
292         -Strength reduction for BitOr and BitAnd.
293         -Tests for BitAnd and BitOr.
294         -Bug fix: Move64 with a negative value was destroying the top bits.
295
296         * b3/B3Const32Value.cpp:
297         (JSC::B3::Const32Value::bitAndConstant):
298         (JSC::B3::Const32Value::bitOrConstant):
299         * b3/B3Const32Value.h:
300         * b3/B3Const64Value.cpp:
301         (JSC::B3::Const64Value::bitAndConstant):
302         (JSC::B3::Const64Value::bitOrConstant):
303         * b3/B3Const64Value.h:
304         * b3/B3LowerToAir.cpp:
305         (JSC::B3::Air::LowerToAir::immForMove):
306         (JSC::B3::Air::LowerToAir::immOrTmpForMove):
307         (JSC::B3::Air::LowerToAir::tryOr):
308         (JSC::B3::Air::LowerToAir::tryConst64):
309         (JSC::B3::Air::LowerToAir::tryUpsilon):
310         (JSC::B3::Air::LowerToAir::tryIdentity):
311         (JSC::B3::Air::LowerToAir::tryReturn):
312         (JSC::B3::Air::LowerToAir::immOrTmp): Deleted.
313         * b3/B3LoweringMatcher.patterns:
314         * b3/B3ReduceStrength.cpp:
315         * b3/B3Value.cpp:
316         (JSC::B3::Value::bitAndConstant):
317         (JSC::B3::Value::bitOrConstant):
318         * b3/B3Value.h:
319         * b3/air/AirOpcode.opcodes:
320         * b3/testb3.cpp:
321         (JSC::B3::testReturnConst64):
322         (JSC::B3::testBitAndArgs):
323         (JSC::B3::testBitAndSameArg):
324         (JSC::B3::testBitAndImms):
325         (JSC::B3::testBitAndArgImm):
326         (JSC::B3::testBitAndImmArg):
327         (JSC::B3::testBitAndBitAndArgImmImm):
328         (JSC::B3::testBitAndImmBitAndArgImm):
329         (JSC::B3::testBitAndArgs32):
330         (JSC::B3::testBitAndSameArg32):
331         (JSC::B3::testBitAndImms32):
332         (JSC::B3::testBitAndArgImm32):
333         (JSC::B3::testBitAndImmArg32):
334         (JSC::B3::testBitAndBitAndArgImmImm32):
335         (JSC::B3::testBitAndImmBitAndArgImm32):
336         (JSC::B3::testBitOrArgs):
337         (JSC::B3::testBitOrSameArg):
338         (JSC::B3::testBitOrImms):
339         (JSC::B3::testBitOrArgImm):
340         (JSC::B3::testBitOrImmArg):
341         (JSC::B3::testBitOrBitOrArgImmImm):
342         (JSC::B3::testBitOrImmBitOrArgImm):
343         (JSC::B3::testBitOrArgs32):
344         (JSC::B3::testBitOrSameArg32):
345         (JSC::B3::testBitOrImms32):
346         (JSC::B3::testBitOrArgImm32):
347         (JSC::B3::testBitOrImmArg32):
348         (JSC::B3::testBitOrBitOrArgImmImm32):
349         (JSC::B3::testBitOrImmBitOrArgImm32):
350         (JSC::B3::run):
351
352 2015-11-03  Saam barati  <sbarati@apple.com>
353
354         Rewrite "const" as "var" for iTunes/iBooks on the Mac
355         https://bugs.webkit.org/show_bug.cgi?id=150852
356
357         Reviewed by Geoffrey Garen.
358
359         VM now has a setting indicating if we should treat
360         "const" variables as "var" to more closely match
361         JSC's previous implementation of "const" before ES6.
362
363         * parser/Parser.h:
364         (JSC::Parser::next):
365         (JSC::Parser::nextExpectIdentifier):
366         * runtime/VM.h:
367         (JSC::VM::setShouldRewriteConstAsVar):
368         (JSC::VM::shouldRewriteConstAsVar):
369
370 2015-11-03  Mark Lam  <mark.lam@apple.com>
371
372         Fix some inefficiencies in the baseline usage of JITAddGenerator.
373         https://bugs.webkit.org/show_bug.cgi?id=150850
374
375         Reviewed by Michael Saboff.
376
377         1. emit_op_add() was loading the operands twice.  Removed the redundant load.
378         2. The snippet may decide that it wants to go the slow path route all the time.
379            In that case, emit_op_add will end up emitting a branch to an out of line
380            slow path followed by some dead code to store the result of the fast path
381            on to the stack.
382            We now check if the snippet determined that there's no fast path, and just
383            emit the slow path inline, and skip the dead store of the fast path result.
384
385         * jit/JITArithmetic.cpp:
386         (JSC::JIT::emit_op_add):
387
388 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
389
390         B3::LowerToAir should do copy propagation
391         https://bugs.webkit.org/show_bug.cgi?id=150775
392
393         Reviewed by Geoffrey Garen.
394
395         What we are trying to do is remove the unnecessary Move's and Move32's from Trunc and ZExt32.
396         You could think of this as an Air optimization, and indeed, Air is powerful enough that we
397         could write a phase that does copy propagation through Move's and Move32's. For Move32's it
398         would only copy-propagate if it proved that the value was already zero-extended. We could
399         know this by just adding a Def32 role to Air.
400
401         But this patch takes a different approach: we ensure that we don't generate such redundant
402         Move's and Move32's to begin with. The reason is that it's much cheaper to do analysis over
403         B3 than over Air. So, whenever possible, and optimization should be implemented in B3. In
404         this case the optimization can't quite be implemented in B3 because you cannot remove a Trunc
405         or ZExt32 without violating the B3 type system. So, the best place to do this optimization is
406         during lowering: we can use B3 for our analysis and we can use Air to express the
407         transformation.
408
409         Copy propagating during B3->Air lowering is natural because we are creating "SSA-like" Tmps
410         from the B3 Values. They are SSA-like in the sense that except the tmp for a Phi, we know
411         that the Tmp will be assigned once and that the assignment will dominate all uses. So, if we
412         see an operation like Trunc that is semantically just a Move, we can skip the Move and just
413         claim that the Trunc has the same Tmp as its child. We do something similar for ZExt32,
414         except with that one we have to analyze IR to ensure that the value will actually be zero
415         extended. Note that this kind of reasoning about how Tmps work in Air is only possible in the
416         B3->Air lowering, since at that point we know for sure which Tmps behave this way. If we
417         wanted to do anything like this as a later Air phase, we'd have to do more analysis to first
418         prove that Tmps behave in this way.
419
420         * b3/B3LowerToAir.cpp:
421         (JSC::B3::Air::LowerToAir::run):
422         (JSC::B3::Air::LowerToAir::highBitsAreZero):
423         (JSC::B3::Air::LowerToAir::shouldCopyPropagate):
424         (JSC::B3::Air::LowerToAir::tmp):
425         (JSC::B3::Air::LowerToAir::tryStore):
426         (JSC::B3::Air::LowerToAir::tryTrunc):
427         (JSC::B3::Air::LowerToAir::tryZExt32):
428         (JSC::B3::Air::LowerToAir::tryIdentity):
429         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg): Deleted.
430         * b3/B3LoweringMatcher.patterns:
431
432 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
433
434         Web Inspector: Move ScriptDebugServer::Task to WorkerScriptDebugServer where it is actually used
435         https://bugs.webkit.org/show_bug.cgi?id=150847
436
437         Reviewed by Timothy Hatcher.
438
439         * inspector/ScriptDebugServer.h:
440         Remove Task from here, it isn't needed in the general case.
441
442         * parser/SourceProvider.h:
443         Remove unimplemented method.
444
445 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
446
447         Web Inspector: Handle or Remove ParseHTML Timeline Event Records
448         https://bugs.webkit.org/show_bug.cgi?id=150689
449
450         Reviewed by Timothy Hatcher.
451
452         * inspector/protocol/Timeline.json:
453
454 2015-11-03  Michael Saboff  <msaboff@apple.com>
455
456         Rename InlineCallFrame:: getCallerSkippingDeadFrames to something more descriptive
457         https://bugs.webkit.org/show_bug.cgi?id=150832
458
459         Reviewed by Geoffrey Garen.
460
461         Renamed InlineCallFrame::getCallerSkippingDeadFrames() to getCallerSkippingTailCalls().
462         Did similar renaming to helper InlineCallFrame::computeCallerSkippingTailCalls() and
463         InlineCallFrame::getCallerInlineFrameSkippingTailCalls().
464
465         * bytecode/InlineCallFrame.h:
466         (JSC::InlineCallFrame::computeCallerSkippingTailCalls):
467         (JSC::InlineCallFrame::getCallerSkippingTailCalls):
468         (JSC::InlineCallFrame::getCallerInlineFrameSkippingTailCalls):
469         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames): Deleted.
470         (JSC::InlineCallFrame::getCallerSkippingDeadFrames): Deleted.
471         (JSC::InlineCallFrame::getCallerInlineFrameSkippingDeadFrames): Deleted.
472         * dfg/DFGByteCodeParser.cpp:
473         (JSC::DFG::ByteCodeParser::allInlineFramesAreTailCalls):
474         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
475         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
476         * dfg/DFGGraph.cpp:
477         (JSC::DFG::Graph::isLiveInBytecode):
478         * dfg/DFGGraph.h:
479         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
480         * dfg/DFGOSRExitCompilerCommon.cpp:
481         (JSC::DFG::reifyInlinedCallFrames):
482         * dfg/DFGPreciseLocalClobberize.h:
483         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
484         * dfg/DFGSpeculativeJIT32_64.cpp:
485         (JSC::DFG::SpeculativeJIT::emitCall):
486         * dfg/DFGSpeculativeJIT64.cpp:
487         (JSC::DFG::SpeculativeJIT::emitCall):
488         * ftl/FTLLowerDFGToLLVM.cpp:
489         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
490         * interpreter/StackVisitor.cpp:
491         (JSC::StackVisitor::gotoNextFrame):
492
493 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
494
495         B3/Air should use bubble sort for their insertion sets, because it's faster than std::stable_sort
496         https://bugs.webkit.org/show_bug.cgi?id=150828
497
498         Reviewed by Geoffrey Garen.
499
500         Undo the 2% compile time regression caused by http://trac.webkit.org/changeset/191913.
501
502         * b3/B3InsertionSet.cpp:
503         (JSC::B3::InsertionSet::execute): Switch to bubble sort.
504         * b3/air/AirInsertionSet.cpp:
505         (JSC::B3::Air::InsertionSet::execute): Switch to bubble sort.
506         * dfg/DFGBlockInsertionSet.cpp:
507         (JSC::DFG::BlockInsertionSet::execute): Switch back to quicksort.
508
509 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
510
511         Unreviewed, partially revert r191952.
512
513         Removed GCC compiler workarounds (unreachable returns).
514
515         * b3/B3Type.h:
516         (JSC::B3::sizeofType):
517         * b3/air/AirArg.h:
518         (JSC::B3::Air::Arg::isUse):
519         (JSC::B3::Air::Arg::isDef):
520         (JSC::B3::Air::Arg::isGP):
521         (JSC::B3::Air::Arg::isFP):
522         (JSC::B3::Air::Arg::isType):
523         * b3/air/AirCode.h:
524         (JSC::B3::Air::Code::newTmp):
525         (JSC::B3::Air::Code::numTmps):
526
527 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
528
529         Fix the ENABLE(B3_JIT) build on Linux
530         https://bugs.webkit.org/show_bug.cgi?id=150794
531
532         Reviewed by Darin Adler.
533
534         * CMakeLists.txt:
535         * b3/B3HeapRange.h:
536         * b3/B3IndexSet.h:
537         (JSC::B3::IndexSet::Iterable::iterator::operator++):
538         * b3/B3Type.h:
539         (JSC::B3::sizeofType):
540         * b3/air/AirArg.cpp:
541         (JSC::B3::Air::Arg::dump):
542         * b3/air/AirArg.h:
543         (JSC::B3::Air::Arg::isUse):
544         (JSC::B3::Air::Arg::isDef):
545         (JSC::B3::Air::Arg::isGP):
546         (JSC::B3::Air::Arg::isFP):
547         (JSC::B3::Air::Arg::isType):
548         * b3/air/AirCode.h:
549         (JSC::B3::Air::Code::newTmp):
550         (JSC::B3::Air::Code::numTmps):
551         * b3/air/AirSpecial.cpp:
552
553 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
554
555         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
556         https://bugs.webkit.org/show_bug.cgi?id=150793
557
558         Reviewed by Darin Adler.
559
560         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
561         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
562         the ifdef in parseAssignmentExpression.
563         This prevents functionality of parsing arrow function syntax.
564
565         * parser/Lexer.cpp:
566         (JSC::Lexer<T>::lex):
567         * parser/Parser.cpp:
568         (JSC::Parser<LexerType>::parseInner): Deleted.
569         * parser/Parser.h:
570         (JSC::Parser::isArrowFunctionParamters): Deleted.
571         * parser/ParserTokens.h:
572
573 2015-11-02  Michael Saboff  <msaboff@apple.com>
574
575         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
576         https://bugs.webkit.org/show_bug.cgi?id=150745
577
578         Reviewed by Geoffrey Garen.
579
580         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
581         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
582         type of the true caller, that is the function we'll be returning to.
583
584         This can be found by remembering the last call type we find while walking up the inlined
585         frames in InlineCallFrame::getCallerSkippingDeadFrames().
586
587         We can also return directly back to a getter or setter callsite without using a thunk.
588
589         * bytecode/InlineCallFrame.h:
590         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
591         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
592         * dfg/DFGOSRExitCompilerCommon.cpp:
593         (JSC::DFG::reifyInlinedCallFrames):
594         * jit/JITPropertyAccess.cpp:
595         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
596         for reified inlined frames created during OSR exit. 
597         * jit/ThunkGenerators.cpp:
598         (JSC::baselineGetterReturnThunkGenerator): Deleted.
599         (JSC::baselineSetterReturnThunkGenerator): Deleted.
600         * jit/ThunkGenerators.h:
601
602 2015-11-02  Saam barati  <sbarati@apple.com>
603
604         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
605         https://bugs.webkit.org/show_bug.cgi?id=150760
606
607         Reviewed by Geoffrey Garen.
608
609         This is related to using PhantomLocal instead of Flush as 
610         the liveness preservation mechanism for live catch variables. 
611         I'm temporarily switching things back to Flush. This will be a
612         performance hit for try/catch in the DFG. Landing this patch,
613         though, will allow me to land try/catch in the FTL. It also
614         makes try/catch in the DFG sound. I have opened another
615         bug to further investigate using PhantomLocal as the
616         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
617
618         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
619         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
620         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
621         (assert):
622         (let.oThrow.get f):
623         (let.o2.get f):
624         (foo):
625         (f):
626
627 2015-11-02  Andy Estes  <aestes@apple.com>
628
629         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
630         https://bugs.webkit.org/show_bug.cgi?id=150819
631
632         Reviewed by Dan Bernstein.
633
634         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
635
636         * Configurations/Base.xcconfig:
637
638 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
639
640         [Win] MiniBrowser unable to use WebInspector
641         https://bugs.webkit.org/show_bug.cgi?id=150810
642         <rdar://problem/23358514>
643
644         Reviewed by Timothy Hatcher.
645
646         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
647         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
648         parsing error in the JS file.
649         
650         The solution was to switch from using "COMMAND echo" to use the more cross-platform
651         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
652         escaping properly on all platforms.
653
654         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
655
656 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
657
658         B3 should be able to compile a Patchpoint
659         https://bugs.webkit.org/show_bug.cgi?id=150750
660
661         Reviewed by Geoffrey Garen.
662
663         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
664         with a B3::PatchpointSpecial.
665
666         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
667         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
668         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
669         otherwise I would have had to write a lot of boilerplate.
670
671         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
672
673         There were a ton of indexing bugs in B3StackmapSpecial.
674
675         The spiller was broken in case the Def was not the last Arg, since it was adding things
676         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
677         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
678         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
679         order insertions as a rare case. I think that we don't really need to be so paranoid.
680         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
681         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
682         used sort, which is slightly wrong.
683
684         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
685
686         * b3/B3InsertionSet.cpp:
687         (JSC::B3::InsertionSet::execute):
688         * b3/B3LowerToAir.cpp:
689         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
690         (JSC::B3::Air::LowerToAir::appendStore):
691         (JSC::B3::Air::LowerToAir::moveForType):
692         (JSC::B3::Air::LowerToAir::append):
693         (JSC::B3::Air::LowerToAir::ensureSpecial):
694         (JSC::B3::Air::LowerToAir::tryStore):
695         (JSC::B3::Air::LowerToAir::tryStackSlot):
696         (JSC::B3::Air::LowerToAir::tryPatchpoint):
697         (JSC::B3::Air::LowerToAir::tryUpsilon):
698         * b3/B3LoweringMatcher.patterns:
699         * b3/B3PatchpointValue.h:
700         (JSC::B3::PatchpointValue::accepts): Deleted.
701         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
702         * b3/B3Stackmap.h:
703         (JSC::B3::Stackmap::constrain):
704         (JSC::B3::Stackmap::appendConstraint):
705         (JSC::B3::Stackmap::reps):
706         (JSC::B3::Stackmap::clobber):
707         * b3/B3StackmapSpecial.cpp:
708         (JSC::B3::StackmapSpecial::forEachArgImpl):
709         (JSC::B3::StackmapSpecial::isValidImpl):
710         * b3/B3Value.h:
711         * b3/B3ValueRep.h:
712         (JSC::B3::ValueRep::ValueRep):
713         (JSC::B3::ValueRep::reg):
714         (JSC::B3::ValueRep::operator bool):
715         (JSC::B3::ValueRep::isAny):
716         (JSC::B3::ValueRep::isSomeRegister):
717         (JSC::B3::ValueRep::isReg):
718         (JSC::B3::ValueRep::isGPR):
719         (JSC::B3::ValueRep::isFPR):
720         (JSC::B3::ValueRep::gpr):
721         (JSC::B3::ValueRep::fpr):
722         (JSC::B3::ValueRep::isStack):
723         (JSC::B3::ValueRep::offsetFromFP):
724         (JSC::B3::ValueRep::isStackArgument):
725         (JSC::B3::ValueRep::offsetFromSP):
726         (JSC::B3::ValueRep::isConstant):
727         (JSC::B3::ValueRep::value):
728         * b3/air/AirCode.cpp:
729         (JSC::B3::Air::Code::dump):
730         * b3/air/AirInsertionSet.cpp:
731         (JSC::B3::Air::InsertionSet::execute):
732         * b3/testb3.cpp:
733         (JSC::B3::testComplex):
734         (JSC::B3::testSimplePatchpoint):
735         (JSC::B3::run):
736         * dfg/DFGBlockInsertionSet.cpp:
737         (JSC::DFG::BlockInsertionSet::execute):
738
739 2015-11-02  Mark Lam  <mark.lam@apple.com>
740
741         Snippefy op_add for the baseline JIT.
742         https://bugs.webkit.org/show_bug.cgi?id=150129
743
744         Reviewed by Geoffrey Garen and Saam Barati.
745
746         Performance is neutral for both 32-bit and 64-bit on X86_64.
747
748         * CMakeLists.txt:
749         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
750         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
751         * JavaScriptCore.xcodeproj/project.pbxproj:
752         * jit/JIT.h:
753         (JSC::JIT::getOperandConstantInt):
754         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
755           because the snippet needs it.
756
757         * jit/JITAddGenerator.cpp: Added.
758         (JSC::JITAddGenerator::generateFastPath):
759         * jit/JITAddGenerator.h: Added.
760         (JSC::JITAddGenerator::JITAddGenerator):
761         (JSC::JITAddGenerator::endJumpList):
762         (JSC::JITAddGenerator::slowPathJumpList):
763         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
764           is a constant int32_t.  It does not implement an optimization for the case where
765           both operands are constant int32_t.  This is because:
766           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
767           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
768
769           Hence, such an optimization path (for 2 constant int32_t operands) would never
770           be taken, and is why we won't implement it.
771
772         * jit/JITArithmetic.cpp:
773         (JSC::JIT::compileBinaryArithOp):
774         (JSC::JIT::compileBinaryArithOpSlowCase):
775         - Removed op_add cases.  These are no longer used by the op_add emitters.
776
777         (JSC::JIT::emit_op_add):
778         (JSC::JIT::emitSlow_op_add):
779         - Moved out from the JSVALUE64 section to the common section, and reimplemented
780           using the snippet.
781
782         * jit/JITArithmetic32_64.cpp:
783         (JSC::JIT::emitBinaryDoubleOp):
784         (JSC::JIT::emit_op_add): Deleted.
785         (JSC::JIT::emitAdd32Constant): Deleted.
786         (JSC::JIT::emitSlow_op_add): Deleted.
787         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
788           and 64-bit implementations.
789
790         * jit/JITInlines.h:
791         (JSC::JIT::getOperandConstantInt):
792         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
793           because the snippet needs it.
794
795 2015-11-02  Brian Burg  <bburg@apple.com>
796
797         Run sort-Xcode-project-file for the JavaScriptCore project.
798
799         Unreviewed. Many things were out of order following recent B3 commits.
800
801         * JavaScriptCore.xcodeproj/project.pbxproj:
802
803 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
804
805         Rename op_put_getter_setter to op_put_getter_setter_by_id
806         https://bugs.webkit.org/show_bug.cgi?id=150773
807
808         Reviewed by Mark Lam.
809
810         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
811         the other ops' names like op_put_getter_by_id etc.
812
813         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
814
815         * JavaScriptCore.xcodeproj/project.pbxproj:
816         * bytecode/BytecodeList.json:
817         * bytecode/BytecodeUseDef.h:
818         (JSC::computeUsesForBytecodeOffset):
819         (JSC::computeDefsForBytecodeOffset):
820         * bytecode/CodeBlock.cpp:
821         (JSC::CodeBlock::dumpBytecode):
822         * bytecompiler/BytecodeGenerator.cpp:
823         (JSC::BytecodeGenerator::emitPutGetterSetter):
824         * dfg/DFGByteCodeParser.cpp:
825         (JSC::DFG::ByteCodeParser::parseBlock):
826         * dfg/DFGCapabilities.cpp:
827         (JSC::DFG::capabilityLevel):
828         * jit/JIT.cpp:
829         (JSC::JIT::privateCompileMainPass):
830         * jit/JIT.h:
831         * jit/JITPropertyAccess.cpp:
832         (JSC::JIT::emit_op_put_getter_setter_by_id):
833         (JSC::JIT::emit_op_put_getter_setter): Deleted.
834         * jit/JITPropertyAccess32_64.cpp:
835         (JSC::JIT::emit_op_put_getter_setter_by_id):
836         (JSC::JIT::emit_op_put_getter_setter): Deleted.
837         * llint/LLIntSlowPaths.cpp:
838         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
839         * llint/LLIntSlowPaths.h:
840         * llint/LowLevelInterpreter.asm:
841
842 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
843
844         Fix the FTL JIT build with system LLVM on Linux
845         https://bugs.webkit.org/show_bug.cgi?id=150795
846
847         Reviewed by Filip Pizlo.
848
849         * CMakeLists.txt:
850
851 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
852
853         [ES6] Support Generator Syntax
854         https://bugs.webkit.org/show_bug.cgi?id=150769
855
856         Reviewed by Geoffrey Garen.
857
858         This patch implements syntax part of ES6 Generators.
859
860         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
861         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
862         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
863         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
864
865         * Configurations/FeatureDefines.xcconfig:
866         * bytecompiler/NodesCodegen.cpp:
867         (JSC::YieldExprNode::emitBytecode):
868         * parser/ASTBuilder.h:
869         (JSC::ASTBuilder::createYield):
870         * parser/Keywords.table:
871         * parser/NodeConstructors.h:
872         (JSC::YieldExprNode::YieldExprNode):
873         * parser/Nodes.h:
874         * parser/Parser.cpp:
875         (JSC::Parser<LexerType>::Parser):
876         (JSC::Parser<LexerType>::parseInner):
877         (JSC::Parser<LexerType>::parseStatementListItem):
878         (JSC::Parser<LexerType>::parseVariableDeclarationList):
879         (JSC::Parser<LexerType>::parseDestructuringPattern):
880         (JSC::Parser<LexerType>::parseBreakStatement):
881         (JSC::Parser<LexerType>::parseContinueStatement):
882         (JSC::Parser<LexerType>::parseTryStatement):
883         (JSC::Parser<LexerType>::parseStatement):
884         (JSC::stringForFunctionMode):
885         (JSC::Parser<LexerType>::parseFunctionParameters):
886         (JSC::Parser<LexerType>::parseFunctionInfo):
887         (JSC::Parser<LexerType>::parseFunctionDeclaration):
888         (JSC::Parser<LexerType>::parseClass):
889         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
890         (JSC::Parser<LexerType>::parseExportDeclaration):
891         (JSC::Parser<LexerType>::parseAssignmentExpression):
892         (JSC::Parser<LexerType>::parseYieldExpression):
893         (JSC::Parser<LexerType>::parseProperty):
894         (JSC::Parser<LexerType>::parsePropertyMethod):
895         (JSC::Parser<LexerType>::parseGetterSetter):
896         (JSC::Parser<LexerType>::parseFunctionExpression):
897         (JSC::Parser<LexerType>::parsePrimaryExpression):
898         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
899         * parser/Parser.h:
900         (JSC::Scope::Scope):
901         (JSC::Scope::setSourceParseMode):
902         (JSC::Scope::isGenerator):
903         (JSC::Scope::setIsFunction):
904         (JSC::Scope::setIsGenerator):
905         (JSC::Scope::setIsModule):
906         (JSC::Parser::pushScope):
907         (JSC::Parser::isYIELDMaskedAsIDENT):
908         (JSC::Parser::matchSpecIdentifier):
909         (JSC::Parser::saveState):
910         (JSC::Parser::restoreState):
911         * parser/ParserModes.h:
912         (JSC::isFunctionParseMode):
913         (JSC::isModuleParseMode):
914         (JSC::isProgramParseMode):
915         * parser/ParserTokens.h:
916         * parser/SyntaxChecker.h:
917         (JSC::SyntaxChecker::createYield):
918         * tests/stress/generator-methods.js: Added.
919         (Hello.prototype.gen):
920         (Hello.gen):
921         (Hello):
922         (Hello.prototype.set get string_appeared_here):
923         (Hello.string_appeared_here):
924         (Hello.prototype.20):
925         (Hello.20):
926         (Hello.prototype.42):
927         (Hello.42):
928         (let.object.gen):
929         (let.object.set get string_appeared_here):
930         (let.object.20):
931         (let.object.42):
932         * tests/stress/generator-syntax.js: Added.
933         (testSyntax):
934         (testSyntaxError):
935         (testSyntaxError.Hello.prototype.get gen):
936         (testSyntaxError.Hello):
937         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
938         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
939         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
940         (testSyntaxError.value):
941         (testSyntaxError.gen.ng):
942         (testSyntaxError.gen):
943         (testSyntax.gen):
944         * tests/stress/yield-and-line-terminator.js: Added.
945         (testSyntax):
946         (testSyntaxError):
947         (testSyntax.gen):
948         (testSyntaxError.gen):
949         * tests/stress/yield-label-generator.js: Added.
950         (testSyntax):
951         (testSyntaxError):
952         (testSyntaxError.test):
953         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
954         * tests/stress/yield-label.js: Added.
955         (yield):
956         (testSyntaxError):
957         (testSyntaxError.test):
958         * tests/stress/yield-named-accessors-generator.js: Added.
959         (t1.let.object.get yield):
960         (t1.let.object.set yield):
961         (t1):
962         (t2.let.object.get yield):
963         (t2.let.object.set yield):
964         (t2):
965         * tests/stress/yield-named-accessors.js: Added.
966         (t1.let.object.get yield):
967         (t1.let.object.set yield):
968         (t1):
969         (t2.let.object.get yield):
970         (t2.let.object.set yield):
971         (t2):
972         * tests/stress/yield-named-variable-generator.js: Added.
973         (testSyntax):
974         (testSyntaxError):
975         (testSyntaxError.t1):
976         (testSyntaxError.t1.yield):
977         (testSyntax.t1.yield):
978         (testSyntax.t1):
979         * tests/stress/yield-named-variable.js: Added.
980         (testSyntax):
981         (testSyntaxError):
982         (testSyntax.t1):
983         (testSyntaxError.t1):
984         (testSyntax.t1.yield):
985         (testSyntaxError.t1.yield):
986         * tests/stress/yield-out-of-generator.js: Added.
987         (testSyntax):
988         (testSyntaxError):
989         (testSyntaxError.hello):
990         (testSyntaxError.gen.hello):
991         (testSyntaxError.gen):
992         (testSyntax.gen):
993         (testSyntax.gen.ok):
994         (testSyntaxError.gen.ok):
995
996 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
997
998         Dominators should be factored out of the DFG
999         https://bugs.webkit.org/show_bug.cgi?id=150764
1000
1001         Reviewed by Geoffrey Garen.
1002
1003         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
1004         DFG:
1005
1006         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
1007            future if we wanted to support inverted dominators, we could do it by just creating a
1008            DFG::BackwardCFG.
1009
1010         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
1011            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
1012            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
1013            the DFG.
1014
1015         * CMakeLists.txt:
1016         * JavaScriptCore.xcodeproj/project.pbxproj:
1017         * dfg/DFGAnalysis.h: Removed.
1018         * dfg/DFGCFG.h: Added.
1019         (JSC::DFG::CFG::CFG):
1020         (JSC::DFG::CFG::root):
1021         (JSC::DFG::CFG::newMap<T>):
1022         (JSC::DFG::CFG::successors):
1023         (JSC::DFG::CFG::predecessors):
1024         (JSC::DFG::CFG::index):
1025         (JSC::DFG::CFG::node):
1026         (JSC::DFG::CFG::numNodes):
1027         (JSC::DFG::CFG::dump):
1028         * dfg/DFGCSEPhase.cpp:
1029         * dfg/DFGDisassembler.cpp:
1030         (JSC::DFG::Disassembler::createDumpList):
1031         * dfg/DFGDominators.cpp: Removed.
1032         * dfg/DFGDominators.h:
1033         (JSC::DFG::Dominators::Dominators):
1034         (JSC::DFG::Dominators::strictlyDominates): Deleted.
1035         (JSC::DFG::Dominators::dominates): Deleted.
1036         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
1037         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
1038         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
1039         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
1040         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
1041         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
1042         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
1043         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
1044         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
1045         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
1046         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
1047         * dfg/DFGEdgeDominates.h:
1048         (JSC::DFG::EdgeDominates::operator()):
1049         * dfg/DFGGraph.cpp:
1050         (JSC::DFG::Graph::Graph):
1051         (JSC::DFG::Graph::dumpBlockHeader):
1052         (JSC::DFG::Graph::invalidateCFG):
1053         (JSC::DFG::Graph::substituteGetLocal):
1054         (JSC::DFG::Graph::handleAssertionFailure):
1055         (JSC::DFG::Graph::ensureDominators):
1056         (JSC::DFG::Graph::ensurePrePostNumbering):
1057         (JSC::DFG::Graph::ensureNaturalLoops):
1058         (JSC::DFG::Graph::valueProfileFor):
1059         * dfg/DFGGraph.h:
1060         (JSC::DFG::Graph::hasDebuggerEnabled):
1061         * dfg/DFGLICMPhase.cpp:
1062         (JSC::DFG::LICMPhase::run):
1063         (JSC::DFG::LICMPhase::attemptHoist):
1064         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1065         (JSC::DFG::createPreHeader):
1066         (JSC::DFG::LoopPreHeaderCreationPhase::run):
1067         * dfg/DFGNaturalLoops.cpp:
1068         (JSC::DFG::NaturalLoop::dump):
1069         (JSC::DFG::NaturalLoops::NaturalLoops):
1070         (JSC::DFG::NaturalLoops::~NaturalLoops):
1071         (JSC::DFG::NaturalLoops::loopsOf):
1072         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
1073         (JSC::DFG::NaturalLoops::compute): Deleted.
1074         * dfg/DFGNaturalLoops.h:
1075         (JSC::DFG::NaturalLoops::numLoops):
1076         * dfg/DFGNode.h:
1077         (JSC::DFG::Node::SuccessorsIterable::end):
1078         (JSC::DFG::Node::SuccessorsIterable::size):
1079         (JSC::DFG::Node::SuccessorsIterable::at):
1080         (JSC::DFG::Node::SuccessorsIterable::operator[]):
1081         * dfg/DFGOSREntrypointCreationPhase.cpp:
1082         (JSC::DFG::OSREntrypointCreationPhase::run):
1083         * dfg/DFGObjectAllocationSinkingPhase.cpp:
1084         * dfg/DFGPlan.cpp:
1085         (JSC::DFG::Plan::compileInThreadImpl):
1086         * dfg/DFGPrePostNumbering.cpp:
1087         (JSC::DFG::PrePostNumbering::PrePostNumbering):
1088         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
1089         (JSC::DFG::PrePostNumbering::compute): Deleted.
1090         * dfg/DFGPrePostNumbering.h:
1091         (JSC::DFG::PrePostNumbering::preNumber):
1092         (JSC::DFG::PrePostNumbering::postNumber):
1093         * dfg/DFGPutStackSinkingPhase.cpp:
1094         * dfg/DFGSSACalculator.cpp:
1095         (JSC::DFG::SSACalculator::nonLocalReachingDef):
1096         (JSC::DFG::SSACalculator::reachingDefAtTail):
1097         * dfg/DFGSSACalculator.h:
1098         (JSC::DFG::SSACalculator::computePhis):
1099         * dfg/DFGSSAConversionPhase.cpp:
1100         (JSC::DFG::SSAConversionPhase::run):
1101         * ftl/FTLLink.cpp:
1102         (JSC::FTL::link):
1103         * ftl/FTLLowerDFGToLLVM.cpp:
1104         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
1105         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
1106         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
1107
1108 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1109
1110         B3::reduceStrength's DCE should be more agro and less wrong
1111         https://bugs.webkit.org/show_bug.cgi?id=150748
1112
1113         Reviewed by Geoffrey Garen.
1114
1115         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
1116         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
1117         cycles. It was also probably slower than it needed to be, since it would eliminate all
1118         never-referenced things on each fixpoint.
1119
1120         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
1121         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
1122         Upsilons, it's a fixpoint. It works fine in the end.
1123
1124         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
1125         writing as a compile time benchmark. So, I include that test in this change. I also include
1126         the small lowering extensions that it needed - shifting and zero extending.
1127
1128         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
1129         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
1130         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
1131         close once we give B3 a register allocator, but still, that's pretty good news for our B3
1132         strategy.
1133
1134         * JavaScriptCore.xcodeproj/project.pbxproj:
1135         * assembler/MacroAssemblerX86_64.h:
1136         (JSC::MacroAssemblerX86_64::lshift64):
1137         (JSC::MacroAssemblerX86_64::rshift64):
1138         * assembler/X86Assembler.h:
1139         (JSC::X86Assembler::shlq_i8r):
1140         (JSC::X86Assembler::shlq_CLr):
1141         (JSC::X86Assembler::imull_rr):
1142         * b3/B3BasicBlock.cpp:
1143         (JSC::B3::BasicBlock::replacePredecessor):
1144         (JSC::B3::BasicBlock::dump):
1145         (JSC::B3::BasicBlock::removeNops): Deleted.
1146         * b3/B3BasicBlock.h:
1147         (JSC::B3::BasicBlock::frequency):
1148         * b3/B3Common.cpp:
1149         (JSC::B3::shouldSaveIRBeforePhase):
1150         (JSC::B3::shouldMeasurePhaseTiming):
1151         * b3/B3Common.h:
1152         (JSC::B3::isRepresentableAsImpl):
1153         * b3/B3Generate.cpp:
1154         (JSC::B3::generate):
1155         (JSC::B3::generateToAir):
1156         * b3/B3LowerToAir.cpp:
1157         (JSC::B3::Air::LowerToAir::tryAnd):
1158         (JSC::B3::Air::LowerToAir::tryShl):
1159         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1160         (JSC::B3::Air::LowerToAir::tryTrunc):
1161         (JSC::B3::Air::LowerToAir::tryZExt32):
1162         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1163         * b3/B3LoweringMatcher.patterns:
1164         * b3/B3PhaseScope.cpp:
1165         (JSC::B3::PhaseScope::PhaseScope):
1166         * b3/B3PhaseScope.h:
1167         * b3/B3ReduceStrength.cpp:
1168         * b3/B3TimingScope.cpp: Added.
1169         (JSC::B3::TimingScope::TimingScope):
1170         (JSC::B3::TimingScope::~TimingScope):
1171         * b3/B3TimingScope.h: Added.
1172         * b3/B3Validate.cpp:
1173         * b3/air/AirAllocateStack.cpp:
1174         (JSC::B3::Air::allocateStack):
1175         * b3/air/AirGenerate.cpp:
1176         (JSC::B3::Air::generate):
1177         * b3/air/AirInstInlines.h:
1178         (JSC::B3::Air::ForEach<Arg>::forEach):
1179         (JSC::B3::Air::Inst::forEach):
1180         (JSC::B3::Air::isLshift32Valid):
1181         (JSC::B3::Air::isLshift64Valid):
1182         * b3/air/AirLiveness.h:
1183         (JSC::B3::Air::Liveness::isAlive):
1184         (JSC::B3::Air::Liveness::Liveness):
1185         (JSC::B3::Air::Liveness::LocalCalc::execute):
1186         * b3/air/AirOpcode.opcodes:
1187         * b3/air/AirPhaseScope.cpp:
1188         (JSC::B3::Air::PhaseScope::PhaseScope):
1189         * b3/air/AirPhaseScope.h:
1190         * b3/testb3.cpp:
1191         (JSC::B3::testBranchEqualFoldPtr):
1192         (JSC::B3::testComplex):
1193         (JSC::B3::run):
1194         * runtime/Options.h:
1195
1196 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
1197
1198         [ES6] Add support for toStringTag
1199         https://bugs.webkit.org/show_bug.cgi?id=150696
1200
1201         Re-landing, as this wasn't the culprit.
1202
1203         * runtime/ArrayIteratorPrototype.cpp:
1204         (JSC::ArrayIteratorPrototype::finishCreation):
1205         * runtime/CommonIdentifiers.h:
1206         * runtime/JSArrayBufferPrototype.cpp:
1207         (JSC::JSArrayBufferPrototype::finishCreation):
1208         (JSC::JSArrayBufferPrototype::create):
1209         * runtime/JSDataViewPrototype.cpp:
1210         (JSC::JSDataViewPrototype::create):
1211         (JSC::JSDataViewPrototype::finishCreation):
1212         (JSC::JSDataViewPrototype::createStructure):
1213         * runtime/JSDataViewPrototype.h:
1214         * runtime/JSModuleNamespaceObject.cpp:
1215         (JSC::JSModuleNamespaceObject::finishCreation):
1216         * runtime/JSONObject.cpp:
1217         (JSC::JSONObject::finishCreation):
1218         * runtime/JSPromisePrototype.cpp:
1219         (JSC::JSPromisePrototype::finishCreation):
1220         (JSC::JSPromisePrototype::getOwnPropertySlot):
1221         * runtime/JSTypedArrayViewPrototype.cpp:
1222         (JSC::typedArrayViewProtoFuncValues):
1223         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1224         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
1225         (JSC::JSTypedArrayViewPrototype::finishCreation):
1226         * runtime/MapIteratorPrototype.cpp:
1227         (JSC::MapIteratorPrototype::finishCreation):
1228         (JSC::MapIteratorPrototypeFuncNext):
1229         * runtime/MapPrototype.cpp:
1230         (JSC::MapPrototype::finishCreation):
1231         * runtime/MathObject.cpp:
1232         (JSC::MathObject::finishCreation):
1233         * runtime/ObjectPrototype.cpp:
1234         (JSC::objectProtoFuncToString):
1235         * runtime/SetIteratorPrototype.cpp:
1236         (JSC::SetIteratorPrototype::finishCreation):
1237         (JSC::SetIteratorPrototypeFuncNext):
1238         * runtime/SetPrototype.cpp:
1239         (JSC::SetPrototype::finishCreation):
1240         * runtime/SmallStrings.cpp:
1241         (JSC::SmallStrings::SmallStrings):
1242         (JSC::SmallStrings::initializeCommonStrings):
1243         (JSC::SmallStrings::visitStrongReferences):
1244         * runtime/SmallStrings.h:
1245         (JSC::SmallStrings::typeString):
1246         (JSC::SmallStrings::objectStringStart):
1247         (JSC::SmallStrings::nullObjectString):
1248         (JSC::SmallStrings::undefinedObjectString):
1249         * runtime/StringIteratorPrototype.cpp:
1250         (JSC::StringIteratorPrototype::finishCreation):
1251         * runtime/SymbolPrototype.cpp:
1252         (JSC::SymbolPrototype::finishCreation):
1253         * runtime/WeakMapPrototype.cpp:
1254         (JSC::WeakMapPrototype::finishCreation):
1255         (JSC::getWeakMapData):
1256         * runtime/WeakSetPrototype.cpp:
1257         (JSC::WeakSetPrototype::finishCreation):
1258         (JSC::getWeakMapData):
1259         * tests/es6.yaml:
1260         * tests/modules/namespace.js:
1261         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
1262
1263 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1264
1265         Unreviewed, rolling out r191815 and r191821.
1266         https://bugs.webkit.org/show_bug.cgi?id=150781
1267
1268         Seems to have broken JSC API tests on some platforms
1269         (Requested by ap on #webkit).
1270
1271         Reverted changesets:
1272
1273         "[ES6] Add support for toStringTag"
1274         https://bugs.webkit.org/show_bug.cgi?id=150696
1275         http://trac.webkit.org/changeset/191815
1276
1277         "Unreviewed, forgot to mark tests as passing for new feature."
1278         http://trac.webkit.org/changeset/191821
1279
1280 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1281
1282         Unreviewed, rolling out r191858.
1283         https://bugs.webkit.org/show_bug.cgi?id=150780
1284
1285         Broke the build (Requested by ap on #webkit).
1286
1287         Reverted changeset:
1288
1289         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
1290         https://bugs.webkit.org/show_bug.cgi?id=150773
1291         http://trac.webkit.org/changeset/191858
1292
1293 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1294
1295         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
1296
1297         * b3/B3LowerToAir.cpp:
1298         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1299
1300 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1301
1302         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
1303
1304         * b3/B3LowerToAir.cpp:
1305         (JSC::B3::Air::LowerToAir::tryTrunc):
1306
1307 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1308
1309         Rename op_put_getter_setter to op_put_getter_setter_by_id
1310         https://bugs.webkit.org/show_bug.cgi?id=150773
1311
1312         Reviewed by Mark Lam.
1313
1314         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
1315         the other ops' names like op_put_getter_by_id etc.
1316
1317         * bytecode/BytecodeList.json:
1318         * bytecode/BytecodeUseDef.h:
1319         (JSC::computeUsesForBytecodeOffset):
1320         (JSC::computeDefsForBytecodeOffset):
1321         * bytecode/CodeBlock.cpp:
1322         (JSC::CodeBlock::dumpBytecode):
1323         * bytecompiler/BytecodeGenerator.cpp:
1324         (JSC::BytecodeGenerator::emitPutGetterSetter):
1325         * dfg/DFGByteCodeParser.cpp:
1326         (JSC::DFG::ByteCodeParser::parseBlock):
1327         * dfg/DFGCapabilities.cpp:
1328         (JSC::DFG::capabilityLevel):
1329         * jit/JIT.cpp:
1330         (JSC::JIT::privateCompileMainPass):
1331         * jit/JIT.h:
1332         * jit/JITPropertyAccess.cpp:
1333         (JSC::JIT::emit_op_put_getter_setter_by_id):
1334         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1335         * jit/JITPropertyAccess32_64.cpp:
1336         (JSC::JIT::emit_op_put_getter_setter_by_id):
1337         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1338         * llint/LLIntSlowPaths.cpp:
1339         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1340         * llint/LLIntSlowPaths.h:
1341         * llint/LowLevelInterpreter.asm:
1342
1343 2015-10-31  Andreas Kling  <akling@apple.com>
1344
1345         Add a debug overlay with information about web process resource usage.
1346         <https://webkit.org/b/150599>
1347
1348         Reviewed by Darin Adler.
1349
1350         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
1351         WeakBlock objects, keeping them in a single location that can be sampled by the
1352         resource usage overlay thread.
1353
1354         The bulk of these changes is threading a Heap& through from sites where blocks are
1355         allocated or freed.
1356
1357         * heap/CopiedBlock.cpp:
1358         (JSC::CopiedBlock::createNoZeroFill):
1359         (JSC::CopiedBlock::destroy):
1360         (JSC::CopiedBlock::create):
1361         * heap/CopiedBlock.h:
1362         * heap/CopiedSpace.cpp:
1363         (JSC::CopiedSpace::~CopiedSpace):
1364         (JSC::CopiedSpace::tryAllocateOversize):
1365         (JSC::CopiedSpace::tryReallocateOversize):
1366         * heap/CopiedSpaceInlines.h:
1367         (JSC::CopiedSpace::recycleEvacuatedBlock):
1368         (JSC::CopiedSpace::recycleBorrowedBlock):
1369         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1370         (JSC::CopiedSpace::allocateBlock):
1371         (JSC::CopiedSpace::startedCopying):
1372         * heap/Heap.cpp:
1373         (JSC::Heap::~Heap):
1374         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
1375         * heap/Heap.h:
1376         (JSC::Heap::blockBytesAllocated):
1377         * heap/HeapInlines.h:
1378         (JSC::Heap::didAllocateBlock):
1379         (JSC::Heap::didFreeBlock):
1380         * heap/MarkedAllocator.cpp:
1381         (JSC::MarkedAllocator::allocateBlock):
1382         * heap/MarkedBlock.cpp:
1383         (JSC::MarkedBlock::create):
1384         (JSC::MarkedBlock::destroy):
1385         * heap/MarkedBlock.h:
1386         * heap/MarkedSpace.cpp:
1387         (JSC::MarkedSpace::freeBlock):
1388         * heap/WeakBlock.cpp:
1389         (JSC::WeakBlock::create):
1390         (JSC::WeakBlock::destroy):
1391         * heap/WeakBlock.h:
1392         * heap/WeakSet.cpp:
1393         (JSC::WeakSet::~WeakSet):
1394         (JSC::WeakSet::addAllocator):
1395         (JSC::WeakSet::removeAllocator):
1396
1397 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1398
1399         Air should eliminate dead code
1400         https://bugs.webkit.org/show_bug.cgi?id=150746
1401
1402         Reviewed by Geoffrey Garen.
1403
1404         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
1405         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
1406         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
1407         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
1408         runs these rules to fixpoint, and then removes the dead instructions.
1409
1410         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
1411         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
1412         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
1413         checks are all Specials, and the Special base class by default always claims that the
1414         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
1415         exotic math constructs; then the Special associated with that thing would claim that there
1416         are no effects.
1417
1418         * JavaScriptCore.xcodeproj/project.pbxproj:
1419         * b3/air/AirBasicBlock.h:
1420         (JSC::B3::Air::BasicBlock::begin):
1421         (JSC::B3::Air::BasicBlock::end):
1422         (JSC::B3::Air::BasicBlock::at):
1423         (JSC::B3::Air::BasicBlock::last):
1424         (JSC::B3::Air::BasicBlock::resize):
1425         (JSC::B3::Air::BasicBlock::appendInst):
1426         * b3/air/AirEliminateDeadCode.cpp: Added.
1427         (JSC::B3::Air::eliminateDeadCode):
1428         * b3/air/AirEliminateDeadCode.h: Added.
1429         * b3/air/AirGenerate.cpp:
1430         (JSC::B3::Air::generate):
1431         * b3/air/AirInst.h:
1432         * b3/air/AirOpcode.opcodes:
1433         * b3/air/AirSpecial.cpp:
1434         (JSC::B3::Air::Special::name):
1435         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
1436         (JSC::B3::Air::Special::dump):
1437         * b3/air/AirSpecial.h:
1438         * b3/air/opcode_generator.rb:
1439
1440 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1441
1442         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
1443         https://bugs.webkit.org/show_bug.cgi?id=150511
1444
1445         Reviewed by Saam Barati.
1446
1447         This change adds such a phase. In the process of writing it, I was reminded about the
1448         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
1449
1450         * JavaScriptCore.xcodeproj/project.pbxproj:
1451         * b3/air/AirAllocateStack.cpp:
1452         (JSC::B3::Air::allocateStack):
1453         * b3/air/AirGenerate.cpp:
1454         (JSC::B3::Air::generate):
1455         * b3/air/AirReportUsedRegisters.cpp: Added.
1456         (JSC::B3::Air::reportUsedRegisters):
1457         * b3/air/AirReportUsedRegisters.h: Added.
1458
1459 2015-10-31  Brian Burg  <bburg@apple.com>
1460
1461         Builtins generator should put WebCore-only wrappers in the per-builtin header
1462         https://bugs.webkit.org/show_bug.cgi?id=150539
1463
1464         Reviewed by Youenn Fablet.
1465
1466         If generating for WebCore, put the XXXWrapper and related boilerplate
1467         in the per-builtin header instead of making a separate XXXWrapper.h.
1468
1469         Rebaseline the tests.
1470
1471         * CMakeLists.txt:
1472         * DerivedSources.make:
1473         * Scripts/builtins/builtins.py:
1474         * Scripts/builtins/builtins_generate_separate_header.py:
1475         (BuiltinsSeparateHeaderGenerator.generate_output):
1476         (generate_header_includes):
1477         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
1478         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
1479         * Scripts/generate-js-builtins.py:
1480         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
1481         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
1482         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
1483         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
1484
1485 2015-10-31  Saam barati  <sbarati@apple.com>
1486
1487         JSC should have a forceGCSlowPaths option
1488         https://bugs.webkit.org/show_bug.cgi?id=150744
1489
1490         Reviewed by Filip Pizlo.
1491
1492         This patch implements the forceGCSlowPaths option.
1493         It defaults to false, but when it is set to true,
1494         the JITs will always allocate objects along the slow
1495         path. This will be helpful for writing a certain class
1496         of tests. This may also come in handy for debugging
1497         later.
1498
1499         This patch also adds the "forceGCSlowPaths" function
1500         in jsc.cpp which sets the option to true. If you
1501         use this function in a jsc stress test, it's best
1502         to call it as the first thing in the program before
1503         we JIT anything.
1504
1505         * dfg/DFGSpeculativeJIT.h:
1506         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
1507         * ftl/FTLLowerDFGToLLVM.cpp:
1508         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
1509         * jit/JITInlines.h:
1510         (JSC::JIT::emitAllocateJSObject):
1511         * jsc.cpp:
1512         (GlobalObject::finishCreation):
1513         (functionEdenGC):
1514         (functionForceGCSlowPaths):
1515         (functionHeapSize):
1516         * runtime/Options.h:
1517
1518 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
1519
1520         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
1521         https://bugs.webkit.org/show_bug.cgi?id=150753
1522
1523         Reviewed by Timothy Hatcher.
1524
1525         * parser/Parser.h:
1526         (JSC::Parser<LexerType>::parse):
1527         Only set the directives on the SourceProvider if we were parsing the
1528         entire file (Program or Module), not if we are in function parsing mode.
1529         This was inadvertently clearing the directives stored on the
1530         SourceProvider when the function parse didn't see directives and reset
1531         the values on the source provider.
1532
1533 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1534
1535         [JSC] Add lowering for B3's Sub operation with integers
1536         https://bugs.webkit.org/show_bug.cgi?id=150749
1537
1538         Reviewed by Filip Pizlo.
1539
1540         * b3/B3LowerToAir.cpp:
1541         (JSC::B3::Air::LowerToAir::trySub):
1542         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
1543         * b3/B3LoweringMatcher.patterns:
1544         Identical to Add but obviously NotCommutative.
1545
1546         * b3/B3ReduceStrength.cpp:
1547         Turn Add/Sub with zero into an identity. I only added for
1548         Add since Sub with a constant is always turned into an Add.
1549
1550         Also switched the Sub optimizations to put the strongest first.
1551
1552         * b3/air/AirOpcode.opcodes:
1553         * b3/testb3.cpp:
1554         (JSC::B3::testAddArgImm):
1555         (JSC::B3::testAddImmArg):
1556         (JSC::B3::testSubArgs):
1557         (JSC::B3::testSubArgImm):
1558         (JSC::B3::testSubImmArg):
1559         (JSC::B3::testSubArgs32):
1560         (JSC::B3::testSubArgImm32):
1561         (JSC::B3::testSubImmArg32):
1562         (JSC::B3::testStoreSubLoad):
1563         (JSC::B3::run):
1564
1565 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1566
1567         [JSC] Add the Air Opcode definitions to the Xcode project file
1568         https://bugs.webkit.org/show_bug.cgi?id=150701
1569
1570         Reviewed by Geoffrey Garen.
1571
1572         * JavaScriptCore.xcodeproj/project.pbxproj:
1573         Easier for those who use Xcode :)
1574
1575 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1576
1577         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
1578
1579         * b3/B3ValueRep.h:
1580
1581 2015-10-30  Michael Saboff  <msaboff@apple.com>
1582
1583         Windows X86-64 change for Crash making a tail call from a getter to a host function
1584         https://bugs.webkit.org/show_bug.cgi?id=150737
1585
1586         Reviewed by Geoffrey Garen.
1587
1588         Need to make the same change for Windows X86-64 as was made in change set
1589         http://trac.webkit.org/changeset/191765.
1590
1591         * jit/JITStubsMSVC64.asm:
1592
1593 2015-10-30  Keith Miller  <keith_miller@apple.com>
1594
1595         Unreviewed, forgot to mark tests as passing for new feature.
1596
1597         * tests/es6.yaml:
1598
1599 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1600
1601         B3 should be able to compile a control flow diamond
1602         https://bugs.webkit.org/show_bug.cgi?id=150720
1603
1604         Reviewed by Benjamin Poulain.
1605
1606         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
1607         comparisons and boolean-like operations.
1608
1609         * assembler/MacroAssembler.cpp:
1610         (WTF::printInternal):
1611         * assembler/MacroAssembler.h:
1612         * b3/B3BasicBlockUtils.h:
1613         (JSC::B3::replacePredecessor):
1614         (JSC::B3::resetReachability):
1615         * b3/B3CheckValue.h:
1616         * b3/B3Common.h:
1617         (JSC::B3::isRepresentableAsImpl):
1618         (JSC::B3::isRepresentableAs):
1619         * b3/B3Const32Value.cpp:
1620         (JSC::B3::Const32Value::subConstant):
1621         (JSC::B3::Const32Value::equalConstant):
1622         (JSC::B3::Const32Value::notEqualConstant):
1623         (JSC::B3::Const32Value::dumpMeta):
1624         * b3/B3Const32Value.h:
1625         * b3/B3Const64Value.cpp:
1626         (JSC::B3::Const64Value::subConstant):
1627         (JSC::B3::Const64Value::equalConstant):
1628         (JSC::B3::Const64Value::notEqualConstant):
1629         (JSC::B3::Const64Value::dumpMeta):
1630         * b3/B3Const64Value.h:
1631         * b3/B3ConstDoubleValue.cpp:
1632         (JSC::B3::ConstDoubleValue::subConstant):
1633         (JSC::B3::ConstDoubleValue::equalConstant):
1634         (JSC::B3::ConstDoubleValue::notEqualConstant):
1635         (JSC::B3::ConstDoubleValue::dumpMeta):
1636         * b3/B3ConstDoubleValue.h:
1637         * b3/B3ControlValue.cpp:
1638         (JSC::B3::ControlValue::~ControlValue):
1639         (JSC::B3::ControlValue::convertToJump):
1640         (JSC::B3::ControlValue::dumpMeta):
1641         * b3/B3ControlValue.h:
1642         * b3/B3LowerToAir.cpp:
1643         (JSC::B3::Air::LowerToAir::imm):
1644         (JSC::B3::Air::LowerToAir::tryStackSlot):
1645         (JSC::B3::Air::LowerToAir::tryUpsilon):
1646         (JSC::B3::Air::LowerToAir::tryPhi):
1647         (JSC::B3::Air::LowerToAir::tryBranch):
1648         (JSC::B3::Air::LowerToAir::tryJump):
1649         (JSC::B3::Air::LowerToAir::tryIdentity):
1650         * b3/B3LoweringMatcher.patterns:
1651         * b3/B3Opcode.h:
1652         * b3/B3Procedure.cpp:
1653         (JSC::B3::Procedure::resetReachability):
1654         (JSC::B3::Procedure::dump):
1655         * b3/B3ReduceStrength.cpp:
1656         * b3/B3UpsilonValue.cpp:
1657         (JSC::B3::UpsilonValue::dumpMeta):
1658         * b3/B3UpsilonValue.h:
1659         (JSC::B3::UpsilonValue::accepts): Deleted.
1660         (JSC::B3::UpsilonValue::phi): Deleted.
1661         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
1662         * b3/B3Validate.cpp:
1663         * b3/B3Value.cpp:
1664         (JSC::B3::Value::subConstant):
1665         (JSC::B3::Value::equalConstant):
1666         (JSC::B3::Value::notEqualConstant):
1667         (JSC::B3::Value::returnsBool):
1668         (JSC::B3::Value::asTriState):
1669         (JSC::B3::Value::effects):
1670         * b3/B3Value.h:
1671         * b3/B3ValueInlines.h:
1672         (JSC::B3::Value::asInt32):
1673         (JSC::B3::Value::isInt32):
1674         (JSC::B3::Value::hasInt64):
1675         (JSC::B3::Value::asInt64):
1676         (JSC::B3::Value::isInt64):
1677         (JSC::B3::Value::hasInt):
1678         (JSC::B3::Value::asIntPtr):
1679         (JSC::B3::Value::isIntPtr):
1680         (JSC::B3::Value::hasDouble):
1681         (JSC::B3::Value::asDouble):
1682         (JSC::B3::Value::isEqualToDouble):
1683         (JSC::B3::Value::hasNumber):
1684         (JSC::B3::Value::representableAs):
1685         (JSC::B3::Value::asNumber):
1686         (JSC::B3::Value::stackmap):
1687         * b3/air/AirArg.cpp:
1688         (JSC::B3::Air::Arg::dump):
1689         * b3/air/AirArg.h:
1690         (JSC::B3::Air::Arg::resCond):
1691         (JSC::B3::Air::Arg::doubleCond):
1692         (JSC::B3::Air::Arg::special):
1693         (JSC::B3::Air::Arg::isResCond):
1694         (JSC::B3::Air::Arg::isDoubleCond):
1695         (JSC::B3::Air::Arg::isSpecial):
1696         (JSC::B3::Air::Arg::isGP):
1697         (JSC::B3::Air::Arg::isFP):
1698         (JSC::B3::Air::Arg::asResultCondition):
1699         (JSC::B3::Air::Arg::asDoubleCondition):
1700         (JSC::B3::Air::Arg::Arg):
1701         * b3/air/AirCode.cpp:
1702         (JSC::B3::Air::Code::resetReachability):
1703         (JSC::B3::Air::Code::dump):
1704         * b3/air/AirOpcode.opcodes:
1705         * b3/air/opcode_generator.rb:
1706         * b3/testb3.cpp:
1707         (hiddenTruthBecauseNoReturnIsStupid):
1708         (usage):
1709         (JSC::B3::compile):
1710         (JSC::B3::invoke):
1711         (JSC::B3::compileAndRun):
1712         (JSC::B3::test42):
1713         (JSC::B3::testStoreLoadStackSlot):
1714         (JSC::B3::testBranch):
1715         (JSC::B3::testDiamond):
1716         (JSC::B3::testBranchNotEqual):
1717         (JSC::B3::testBranchFold):
1718         (JSC::B3::testDiamondFold):
1719         (JSC::B3::run):
1720         (run):
1721         (main):
1722
1723 2015-10-30  Keith Miller  <keith_miller@apple.com>
1724
1725         [ES6] Add support for toStringTag
1726         https://bugs.webkit.org/show_bug.cgi?id=150696
1727
1728         Reviewed by Geoffrey Garen.
1729
1730         This patch adds support for Symbol.toStringTag. This is a simple
1731         feature, if an object passed to Object.prototype.toString() has a
1732         toStringTag we use the tag in the string rather than the class info.
1733         Added a test that checks this works for all the default supported classes
1734         along with the corresponding prototype and custom cases.
1735
1736         * runtime/ArrayIteratorPrototype.cpp:
1737         (JSC::ArrayIteratorPrototype::finishCreation):
1738         * runtime/CommonIdentifiers.h:
1739         * runtime/JSArrayBufferPrototype.cpp:
1740         (JSC::JSArrayBufferPrototype::finishCreation):
1741         * runtime/JSDataViewPrototype.cpp:
1742         (JSC::JSDataViewPrototype::finishCreation):
1743         * runtime/JSDataViewPrototype.h:
1744         * runtime/JSModuleNamespaceObject.cpp:
1745         (JSC::JSModuleNamespaceObject::finishCreation):
1746         * runtime/JSONObject.cpp:
1747         (JSC::JSONObject::finishCreation):
1748         * runtime/JSPromisePrototype.cpp:
1749         (JSC::JSPromisePrototype::finishCreation):
1750         * runtime/JSTypedArrayViewPrototype.cpp:
1751         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1752         (JSC::JSTypedArrayViewPrototype::finishCreation):
1753         * runtime/MapIteratorPrototype.cpp:
1754         (JSC::MapIteratorPrototype::finishCreation):
1755         * runtime/MapPrototype.cpp:
1756         (JSC::MapPrototype::finishCreation):
1757         * runtime/MathObject.cpp:
1758         (JSC::MathObject::finishCreation):
1759         * runtime/ObjectPrototype.cpp:
1760         (JSC::objectProtoFuncToString):
1761         * runtime/SetIteratorPrototype.cpp:
1762         (JSC::SetIteratorPrototype::finishCreation):
1763         * runtime/SetPrototype.cpp:
1764         (JSC::SetPrototype::finishCreation):
1765         * runtime/SmallStrings.cpp:
1766         (JSC::SmallStrings::SmallStrings):
1767         (JSC::SmallStrings::initializeCommonStrings):
1768         (JSC::SmallStrings::visitStrongReferences):
1769         * runtime/SmallStrings.h:
1770         (JSC::SmallStrings::objectStringStart):
1771         * runtime/StringIteratorPrototype.cpp:
1772         (JSC::StringIteratorPrototype::finishCreation):
1773         * runtime/SymbolPrototype.cpp:
1774         (JSC::SymbolPrototype::finishCreation):
1775         * runtime/WeakMapPrototype.cpp:
1776         (JSC::WeakMapPrototype::finishCreation):
1777         * runtime/WeakSetPrototype.cpp:
1778         (JSC::WeakSetPrototype::finishCreation):
1779         * tests/modules/namespace.js:
1780         * tests/stress/symbol-tostringtag.js: Added.
1781         (toStr):
1782         (strName):
1783         (classes.string_appeared_here):
1784
1785 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1786
1787         Web Inspector: Do not show JavaScriptCore builtins in inspector
1788         https://bugs.webkit.org/show_bug.cgi?id=146049
1789
1790         Reviewed by Geoffrey Garen.
1791
1792         * debugger/Debugger.cpp:
1793         When gathering scripts to notify the inspector / debuggers about
1794         skip over sources containing host / built-in functions as those
1795         for those won't contain source code developers expect to see.
1796
1797 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1798
1799         Fix typo in "use strict" in TypedArray builtins
1800         https://bugs.webkit.org/show_bug.cgi?id=150709
1801
1802         Reviewed by Geoffrey Garen.
1803
1804         * builtins/TypedArray.prototype.js:
1805         (toLocaleString):
1806
1807 2015-10-29  Philippe Normand  <pnormand@igalia.com>
1808
1809         [GTK][Mac] disable OBJC JSC API
1810         https://bugs.webkit.org/show_bug.cgi?id=150500
1811
1812         Reviewed by Alex Christensen.
1813
1814         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
1815
1816 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1817
1818         Air::handleCalleeSaves shouldn't save/restore the frame pointer
1819         https://bugs.webkit.org/show_bug.cgi?id=150688
1820
1821         Reviewed by Michael Saboff.
1822
1823         We save/restore the FP inside Air::generate().
1824
1825         * b3/air/AirHandleCalleeSaves.cpp:
1826         (JSC::B3::Air::handleCalleeSaves):
1827
1828 2015-10-29  Michael Saboff  <msaboff@apple.com>
1829
1830         Crash making a tail call from a getter to a host function
1831         https://bugs.webkit.org/show_bug.cgi?id=150663
1832
1833         Reviewed by Geoffrey Garen.
1834
1835         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
1836         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
1837
1838         * jit/JITOperations.cpp:
1839
1840 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1841
1842         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
1843         https://bugs.webkit.org/show_bug.cgi?id=150685
1844
1845         Reviewed by Geoffrey Garen.
1846
1847         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
1848         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
1849         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
1850         requires fewer bits.
1851
1852         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
1853         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
1854         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
1855         helper should happily accept either Const32Value or Const64Value.
1856
1857         We already sort of had this with immAnyType(), but it just turns out that anyone using
1858         immAnyType() should really be using imm().
1859
1860         * b3/B3LowerToAir.cpp:
1861         (JSC::B3::Air::LowerToAir::imm):
1862         (JSC::B3::Air::LowerToAir::tryStore):
1863         (JSC::B3::Air::LowerToAir::tryConst64):
1864         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
1865         * b3/testb3.cpp:
1866         (JSC::B3::testAdd1):
1867         (JSC::B3::testAdd1Ptr):
1868         (JSC::B3::testStoreAddLoad):
1869         (JSC::B3::run):
1870
1871 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1872
1873         StoreOpLoad pattern matching should check effects between the Store and Load
1874         https://bugs.webkit.org/show_bug.cgi?id=150534
1875
1876         Reviewed by Geoffrey Garen.
1877
1878         If we turn:
1879
1880             a = Load(addr)
1881             b = Add(a, 42)
1882             Store(b, addr)
1883
1884         Into:
1885
1886             Add $42, (addr)
1887
1888         Then we must make sure that we didn't really have this to begin with:
1889
1890             a = Load(addr)
1891             Store(666, addr)
1892             b = Add(a, 42)
1893             Store(b, addr)
1894
1895         That's because pattern matching doesn't care about control flow, and it finds the Load
1896         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
1897         enough to broadly ask questions about whether such a code motion of the Load is legal.
1898
1899         * b3/B3Effects.cpp:
1900         (JSC::B3::Effects::interferes):
1901         (JSC::B3::Effects::dump):
1902         * b3/B3Effects.h:
1903         (JSC::B3::Effects::mustExecute):
1904         * b3/B3LowerToAir.cpp:
1905         (JSC::B3::Air::LowerToAir::run):
1906         (JSC::B3::Air::LowerToAir::commitInternal):
1907         (JSC::B3::Air::LowerToAir::crossesInterference):
1908         (JSC::B3::Air::LowerToAir::effectiveAddr):
1909         (JSC::B3::Air::LowerToAir::loadAddr):
1910         * b3/B3Procedure.cpp:
1911         (JSC::B3::Procedure::addBlock):
1912         (JSC::B3::Procedure::resetValueOwners):
1913         (JSC::B3::Procedure::resetReachability):
1914         * b3/B3Procedure.h:
1915         * b3/B3Value.cpp:
1916         (JSC::B3::Value::effects):
1917         * b3/B3Value.h:
1918         * b3/testb3.cpp:
1919         (JSC::B3::testStoreAddLoad):
1920         (JSC::B3::testStoreAddLoadInterference):
1921         (JSC::B3::testStoreAddAndLoad):
1922         (JSC::B3::testLoadOffsetUsingAdd):
1923         (JSC::B3::testLoadOffsetUsingAddInterference):
1924         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1925         (JSC::B3::run):
1926
1927 2015-10-29  Brady Eidson  <beidson@apple.com>
1928
1929         Modern IDB: deleteObjectStore support.
1930         https://bugs.webkit.org/show_bug.cgi?id=150673
1931
1932         Reviewed by Alex Christensen.
1933
1934         * runtime/VM.h:
1935
1936 2015-10-29  Mark Lam  <mark.lam@apple.com>
1937
1938         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
1939         https://bugs.webkit.org/show_bug.cgi?id=150687
1940
1941         Unreviewed.
1942
1943         Disabling the feature while it is being debugged.  I'm doing this by effectively
1944         rolling out only the changes in FTLCapabilities.cpp.
1945
1946         * ftl/FTLCapabilities.cpp:
1947         (JSC::FTL::canCompile):
1948
1949 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1950
1951         Unreviewed, fix iOS build.
1952
1953         * assembler/MacroAssemblerARM64.h:
1954         (JSC::MacroAssemblerARM64::store64):
1955
1956 2015-10-29  Alex Christensen  <achristensen@webkit.org>
1957
1958         Fix Mac CMake build
1959         https://bugs.webkit.org/show_bug.cgi?id=150686
1960
1961         Reviewed by Filip Pizlo.
1962
1963         * API/ObjCCallbackFunction.mm:
1964         * CMakeLists.txt:
1965         * PlatformMac.cmake:
1966
1967 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1968
1969         Air needs syntax for escaping StackSlots
1970         https://bugs.webkit.org/show_bug.cgi?id=150430
1971
1972         Reviewed by Geoffrey Garen.
1973
1974         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
1975         instruction for getting the value of an address. This is necessary to support arbitrary
1976         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
1977         this new instruction.
1978
1979         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
1980         would do: it evaluates an address, but does not load from it or store to it.
1981
1982         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
1983         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
1984         that StackSlots may escape, and factors this into its analysis.
1985
1986         * assembler/MacroAssembler.h:
1987         (JSC::MacroAssembler::lea):
1988         * b3/B3AddressMatcher.patterns:
1989         * b3/B3LowerToAir.cpp:
1990         (JSC::B3::Air::LowerToAir::run):
1991         (JSC::B3::Air::LowerToAir::addr):
1992         (JSC::B3::Air::LowerToAir::loadAddr):
1993         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1994         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
1995         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
1996         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1997         (JSC::B3::Air::LowerToAir::tryConst64):
1998         (JSC::B3::Air::LowerToAir::tryFramePointer):
1999         (JSC::B3::Air::LowerToAir::tryStackSlot):
2000         (JSC::B3::Air::LowerToAir::tryIdentity):
2001         * b3/B3LoweringMatcher.patterns:
2002         * b3/B3MemoryValue.cpp:
2003         (JSC::B3::MemoryValue::~MemoryValue):
2004         (JSC::B3::MemoryValue::accessByteSize):
2005         (JSC::B3::MemoryValue::dumpMeta):
2006         * b3/B3MemoryValue.h:
2007         * b3/B3ReduceStrength.cpp:
2008         * b3/B3StackSlotValue.h:
2009         (JSC::B3::StackSlotValue::accepts): Deleted.
2010         * b3/B3Type.h:
2011         (JSC::B3::pointerType):
2012         (JSC::B3::sizeofType):
2013         * b3/B3Validate.cpp:
2014         * b3/B3Value.h:
2015         * b3/air/AirAllocateStack.cpp:
2016         (JSC::B3::Air::allocateStack):
2017         * b3/air/AirArg.h:
2018         (JSC::B3::Air::Arg::isUse):
2019         (JSC::B3::Air::Arg::isDef):
2020         (JSC::B3::Air::Arg::forEachTmp):
2021         * b3/air/AirCode.cpp:
2022         (JSC::B3::Air::Code::addStackSlot):
2023         (JSC::B3::Air::Code::addSpecial):
2024         * b3/air/AirCode.h:
2025         * b3/air/AirOpcode.opcodes:
2026         * b3/air/AirSpillEverything.cpp:
2027         (JSC::B3::Air::spillEverything):
2028         * b3/air/AirStackSlot.h:
2029         (JSC::B3::Air::StackSlot::byteSize):
2030         (JSC::B3::Air::StackSlot::kind):
2031         (JSC::B3::Air::StackSlot::isLocked):
2032         (JSC::B3::Air::StackSlot::index):
2033         (JSC::B3::Air::StackSlot::alignment):
2034         * b3/air/opcode_generator.rb:
2035         * b3/testb3.cpp:
2036         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2037         (JSC::B3::testFramePointer):
2038         (JSC::B3::testStackSlot):
2039         (JSC::B3::testLoadFromFramePointer):
2040         (JSC::B3::testStoreLoadStackSlot):
2041         (JSC::B3::run):
2042
2043 2015-10-29  Saam barati  <sbarati@apple.com>
2044
2045         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
2046         https://bugs.webkit.org/show_bug.cgi?id=150655
2047
2048         Reviewed by Filip Pizlo.
2049
2050         We're recomputing this value for an *OSRExitDescriptor* for every one
2051         of its corresponding *OSRExits*. This is having a multiplicative
2052         effect on offsets because each computation is relative to the previous
2053         value. We must do this computation just once per OSRExitDescriptor.
2054
2055         * ftl/FTLCompile.cpp:
2056         (JSC::FTL::mmAllocateDataSection):
2057
2058 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2059
2060         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
2061         https://bugs.webkit.org/show_bug.cgi?id=150657
2062
2063         Reviewed by Geoffrey Garen.
2064
2065         Also added the ability to store an immediate to memory.
2066
2067         * assembler/MacroAssembler.h:
2068         (JSC::MacroAssembler::storePtr):
2069         * assembler/MacroAssemblerARM64.h:
2070         (JSC::MacroAssemblerARM64::store64):
2071         * assembler/MacroAssemblerX86_64.h:
2072         (JSC::MacroAssemblerX86_64::store64):
2073         * b3/B3LowerToAir.cpp:
2074         (JSC::B3::Air::LowerToAir::imm):
2075         (JSC::B3::Air::LowerToAir::immAnyInt):
2076         (JSC::B3::Air::LowerToAir::immOrTmp):
2077         (JSC::B3::Air::LowerToAir::tryStore):
2078         * b3/air/AirOpcode.opcodes:
2079         * b3/air/AirSpillEverything.cpp:
2080         (JSC::B3::Air::spillEverything):
2081         * b3/testb3.cpp:
2082         (JSC::B3::testStore):
2083         (JSC::B3::testStoreConstant):
2084         (JSC::B3::testStoreConstantPtr):
2085         (JSC::B3::testTrunc):
2086         (JSC::B3::run):
2087
2088 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2089
2090         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
2091         https://bugs.webkit.org/show_bug.cgi?id=150654
2092
2093         Reviewed by Geoffrey Garen.
2094
2095         * inspector/scripts/codegen/generator.py:
2096
2097 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2098
2099         B3::reduceStrength() should do DCE
2100         https://bugs.webkit.org/show_bug.cgi?id=150656
2101
2102         Reviewed by Saam Barati.
2103
2104         * b3/B3BasicBlock.cpp:
2105         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
2106         * b3/B3BasicBlock.h:
2107         * b3/B3Procedure.cpp:
2108         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
2109         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
2110         * b3/B3Procedure.h:
2111         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
2112         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2113         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2114         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
2115         (JSC::B3::Procedure::values):
2116         * b3/B3ProcedureInlines.h:
2117         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
2118         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
2119
2120 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2121
2122         Web Inspector: Remove unused / duplicate WebSocket timeline records
2123         https://bugs.webkit.org/show_bug.cgi?id=150647
2124
2125         Reviewed by Timothy Hatcher.
2126
2127         * inspector/protocol/Timeline.json:
2128
2129 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2130
2131         B3::LowerToAir should not duplicate Loads
2132         https://bugs.webkit.org/show_bug.cgi?id=150651
2133
2134         Reviewed by Benjamin Poulain.
2135
2136         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
2137         if we haven't already emitted code that uses the Value and the Value has only one direct
2138         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
2139         Value: we won't emit any more code for it in the future.
2140
2141         The optimization to fuse Loads was forgetting to do all of these things, and so generated
2142         code would have a lot of duplicated Loads. That's bad and this change fixes that.
2143
2144         Ordinarily, this is far less tricky because the pattern matcher does this for us via
2145         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
2146         won't need to do this manually very often.
2147
2148         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
2149         debug.
2150
2151         * b3/B3IndexMap.h:
2152         (JSC::B3::IndexMap::IndexMap):
2153         (JSC::B3::IndexMap::resize):
2154         (JSC::B3::IndexMap::operator[]):
2155         * b3/B3LowerToAir.cpp:
2156         (JSC::B3::Air::LowerToAir::tmp):
2157         (JSC::B3::Air::LowerToAir::canBeInternal):
2158         (JSC::B3::Air::LowerToAir::commitInternal):
2159         (JSC::B3::Air::LowerToAir::effectiveAddr):
2160         (JSC::B3::Air::LowerToAir::loadAddr):
2161         (JSC::B3::Air::LowerToAir::appendBinOp):
2162         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2163         (JSC::B3::Air::LowerToAir::acceptInternals):
2164         * b3/B3UseCounts.cpp:
2165         (JSC::B3::UseCounts::UseCounts):
2166
2167 2015-10-28  Mark Lam  <mark.lam@apple.com>
2168
2169         JITSubGenerator::generateFastPath() does not need to be inlined.
2170         https://bugs.webkit.org/show_bug.cgi?id=150645
2171
2172         Reviewed by Geoffrey Garen.
2173
2174         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
2175         perf neutral.
2176
2177         * CMakeLists.txt:
2178         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2179         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2180         * JavaScriptCore.xcodeproj/project.pbxproj:
2181         * ftl/FTLCompile.cpp:
2182         * jit/JITSubGenerator.cpp: Added.
2183         (JSC::JITSubGenerator::generateFastPath):
2184         * jit/JITSubGenerator.h:
2185         (JSC::JITSubGenerator::JITSubGenerator):
2186         (JSC::JITSubGenerator::endJumpList):
2187         (JSC::JITSubGenerator::slowPathJumpList):
2188         (JSC::JITSubGenerator::generateFastPath): Deleted.
2189
2190 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2191
2192         [B3] handleCommutativity should canonicalize commutative operations over non-constants
2193         https://bugs.webkit.org/show_bug.cgi?id=150649
2194
2195         Reviewed by Saam Barati.
2196
2197         Turn this: Add(value1, value2)
2198         Into this: Add(value2, value1)
2199
2200         But ony if value2 should come before value1 according to our total ordering. This will allow
2201         CSE to observe the equality between commuted versions of the same operation, since we will
2202         first canonicalize them into the same order.
2203
2204         * b3/B3ReduceStrength.cpp:
2205
2206 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2207
2208         Unreviewed, fix the build for case sensitive file systems.
2209
2210         * b3/air/AirBasicBlock.h:
2211         * b3/air/AirStackSlot.h:
2212
2213 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2214
2215         Create a super rough prototype of B3
2216         https://bugs.webkit.org/show_bug.cgi?id=150280
2217
2218         Reviewed by Benjamin Poulain.
2219
2220         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
2221         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
2222         for aggressive C-level optimizations and an awesome portable backend. The backend, called
2223         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
2224         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
2225         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
2226         instruction selection, reflectively selects Air opcodes by querying which instruction forms
2227         are possible. Air allows for optimal register allocation and stack layout. Currently the
2228         register allocator isn't written, but the stack layout is.
2229
2230         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
2231         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
2232         stuff added to the instruction selector. But it's a neat start.
2233
2234         * CMakeLists.txt:
2235         * DerivedSources.make:
2236         * JavaScriptCore.xcodeproj/project.pbxproj:
2237         * assembler/MacroAssembler.cpp:
2238         (WTF::printInternal):
2239         * assembler/MacroAssembler.h:
2240         * b3: Added.
2241         * b3/B3AddressMatcher.patterns: Added.
2242         * b3/B3ArgumentRegValue.cpp: Added.
2243         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
2244         (JSC::B3::ArgumentRegValue::dumpMeta):
2245         * b3/B3ArgumentRegValue.h: Added.
2246         * b3/B3BasicBlock.cpp: Added.
2247         (JSC::B3::BasicBlock::BasicBlock):
2248         (JSC::B3::BasicBlock::~BasicBlock):
2249         (JSC::B3::BasicBlock::append):
2250         (JSC::B3::BasicBlock::addPredecessor):
2251         (JSC::B3::BasicBlock::removePredecessor):
2252         (JSC::B3::BasicBlock::replacePredecessor):
2253         (JSC::B3::BasicBlock::removeNops):
2254         (JSC::B3::BasicBlock::dump):
2255         (JSC::B3::BasicBlock::deepDump):
2256         * b3/B3BasicBlock.h: Added.
2257         (JSC::B3::BasicBlock::index):
2258         (JSC::B3::BasicBlock::begin):
2259         (JSC::B3::BasicBlock::end):
2260         (JSC::B3::BasicBlock::size):
2261         (JSC::B3::BasicBlock::at):
2262         (JSC::B3::BasicBlock::last):
2263         (JSC::B3::BasicBlock::values):
2264         (JSC::B3::BasicBlock::numPredecessors):
2265         (JSC::B3::BasicBlock::predecessor):
2266         (JSC::B3::BasicBlock::predecessors):
2267         (JSC::B3::BasicBlock::frequency):
2268         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
2269         (JSC::B3::DeepBasicBlockDump::dump):
2270         (JSC::B3::deepDump):
2271         * b3/B3BasicBlockInlines.h: Added.
2272         (JSC::B3::BasicBlock::appendNew):
2273         (JSC::B3::BasicBlock::numSuccessors):
2274         (JSC::B3::BasicBlock::successor):
2275         (JSC::B3::BasicBlock::successors):
2276         (JSC::B3::BasicBlock::successorBlock):
2277         (JSC::B3::BasicBlock::successorBlocks):
2278         * b3/B3BasicBlockUtils.h: Added.
2279         (JSC::B3::addPredecessor):
2280         (JSC::B3::removePredecessor):
2281         (JSC::B3::replacePredecessor):
2282         (JSC::B3::resetReachability):
2283         (JSC::B3::blocksInPreOrder):
2284         (JSC::B3::blocksInPostOrder):
2285         * b3/B3BlockWorklist.h: Added.
2286         * b3/B3CheckSpecial.cpp: Added.
2287         (JSC::B3::Air::numB3Args):
2288         (JSC::B3::CheckSpecial::CheckSpecial):
2289         (JSC::B3::CheckSpecial::~CheckSpecial):
2290         (JSC::B3::CheckSpecial::hiddenBranch):
2291         (JSC::B3::CheckSpecial::forEachArg):
2292         (JSC::B3::CheckSpecial::isValid):
2293         (JSC::B3::CheckSpecial::admitsStack):
2294         (JSC::B3::CheckSpecial::generate):
2295         (JSC::B3::CheckSpecial::dumpImpl):
2296         (JSC::B3::CheckSpecial::deepDumpImpl):
2297         * b3/B3CheckSpecial.h: Added.
2298         * b3/B3CheckValue.cpp: Added.
2299         (JSC::B3::CheckValue::~CheckValue):
2300         (JSC::B3::CheckValue::dumpMeta):
2301         * b3/B3CheckValue.h: Added.
2302         * b3/B3Common.cpp: Added.
2303         (JSC::B3::shouldDumpIR):
2304         (JSC::B3::shouldDumpIRAtEachPhase):
2305         (JSC::B3::shouldValidateIR):
2306         (JSC::B3::shouldValidateIRAtEachPhase):
2307         (JSC::B3::shouldSaveIRBeforePhase):
2308         * b3/B3Common.h: Added.
2309         (JSC::B3::is64Bit):
2310         (JSC::B3::is32Bit):
2311         * b3/B3Commutativity.cpp: Added.
2312         (WTF::printInternal):
2313         * b3/B3Commutativity.h: Added.
2314         * b3/B3Const32Value.cpp: Added.
2315         (JSC::B3::Const32Value::~Const32Value):
2316         (JSC::B3::Const32Value::negConstant):
2317         (JSC::B3::Const32Value::addConstant):
2318         (JSC::B3::Const32Value::subConstant):
2319         (JSC::B3::Const32Value::dumpMeta):
2320         * b3/B3Const32Value.h: Added.
2321         * b3/B3Const64Value.cpp: Added.
2322         (JSC::B3::Const64Value::~Const64Value):
2323         (JSC::B3::Const64Value::negConstant):
2324         (JSC::B3::Const64Value::addConstant):
2325         (JSC::B3::Const64Value::subConstant):
2326         (JSC::B3::Const64Value::dumpMeta):
2327         * b3/B3Const64Value.h: Added.
2328         * b3/B3ConstDoubleValue.cpp: Added.
2329         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
2330         (JSC::B3::ConstDoubleValue::negConstant):
2331         (JSC::B3::ConstDoubleValue::addConstant):
2332         (JSC::B3::ConstDoubleValue::subConstant):
2333         (JSC::B3::ConstDoubleValue::dumpMeta):
2334         * b3/B3ConstDoubleValue.h: Added.
2335         (JSC::B3::ConstDoubleValue::accepts):
2336         (JSC::B3::ConstDoubleValue::value):
2337         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
2338         * b3/B3ConstPtrValue.h: Added.
2339         (JSC::B3::ConstPtrValue::value):
2340         (JSC::B3::ConstPtrValue::ConstPtrValue):
2341         * b3/B3ControlValue.cpp: Added.
2342         (JSC::B3::ControlValue::~ControlValue):
2343         (JSC::B3::ControlValue::dumpMeta):
2344         * b3/B3ControlValue.h: Added.
2345         * b3/B3Effects.cpp: Added.
2346         (JSC::B3::Effects::dump):
2347         * b3/B3Effects.h: Added.
2348         (JSC::B3::Effects::mustExecute):
2349         * b3/B3FrequencyClass.cpp: Added.
2350         (WTF::printInternal):
2351         * b3/B3FrequencyClass.h: Added.
2352         * b3/B3FrequentedBlock.h: Added.
2353         * b3/B3Generate.cpp: Added.
2354         (JSC::B3::generate):
2355         (JSC::B3::generateToAir):
2356         * b3/B3Generate.h: Added.
2357         * b3/B3GenericFrequentedBlock.h: Added.
2358         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
2359         (JSC::B3::GenericFrequentedBlock::operator==):
2360         (JSC::B3::GenericFrequentedBlock::operator!=):
2361         (JSC::B3::GenericFrequentedBlock::operator bool):
2362         (JSC::B3::GenericFrequentedBlock::block):
2363         (JSC::B3::GenericFrequentedBlock::frequency):
2364         (JSC::B3::GenericFrequentedBlock::dump):
2365         * b3/B3HeapRange.cpp: Added.
2366         (JSC::B3::HeapRange::dump):
2367         * b3/B3HeapRange.h: Added.
2368         (JSC::B3::HeapRange::HeapRange):
2369         (JSC::B3::HeapRange::top):
2370         (JSC::B3::HeapRange::operator==):
2371         (JSC::B3::HeapRange::operator!=):
2372         (JSC::B3::HeapRange::operator bool):
2373         (JSC::B3::HeapRange::begin):
2374         (JSC::B3::HeapRange::end):
2375         (JSC::B3::HeapRange::overlaps):
2376         * b3/B3IndexMap.h: Added.
2377         (JSC::B3::IndexMap::IndexMap):
2378         (JSC::B3::IndexMap::resize):
2379         (JSC::B3::IndexMap::operator[]):
2380         * b3/B3IndexSet.h: Added.
2381         (JSC::B3::IndexSet::IndexSet):
2382         (JSC::B3::IndexSet::add):
2383         (JSC::B3::IndexSet::contains):
2384         (JSC::B3::IndexSet::Iterable::Iterable):
2385         (JSC::B3::IndexSet::Iterable::iterator::iterator):
2386         (JSC::B3::IndexSet::Iterable::iterator::operator*):
2387         (JSC::B3::IndexSet::Iterable::iterator::operator++):
2388         (JSC::B3::IndexSet::Iterable::iterator::operator==):
2389         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
2390         (JSC::B3::IndexSet::Iterable::begin):
2391         (JSC::B3::IndexSet::Iterable::end):
2392         (JSC::B3::IndexSet::values):
2393         (JSC::B3::IndexSet::indices):
2394         (JSC::B3::IndexSet::dump):
2395         * b3/B3InsertionSet.cpp: Added.
2396         (JSC::B3::InsertionSet::execute):
2397         * b3/B3InsertionSet.h: Added.
2398         (JSC::B3::InsertionSet::InsertionSet):
2399         (JSC::B3::InsertionSet::code):
2400         (JSC::B3::InsertionSet::appendInsertion):
2401         (JSC::B3::InsertionSet::insertValue):
2402         * b3/B3InsertionSetInlines.h: Added.
2403         (JSC::B3::InsertionSet::insert):
2404         * b3/B3LowerToAir.cpp: Added.
2405         (JSC::B3::Air::LowerToAir::LowerToAir):
2406         (JSC::B3::Air::LowerToAir::run):
2407         (JSC::B3::Air::LowerToAir::tmp):
2408         (JSC::B3::Air::LowerToAir::effectiveAddr):
2409         (JSC::B3::Air::LowerToAir::addr):
2410         (JSC::B3::Air::LowerToAir::loadAddr):
2411         (JSC::B3::Air::LowerToAir::imm):
2412         (JSC::B3::Air::LowerToAir::immOrTmp):
2413         (JSC::B3::Air::LowerToAir::appendBinOp):
2414         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2415         (JSC::B3::Air::LowerToAir::moveForType):
2416         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
2417         (JSC::B3::Air::LowerToAir::append):
2418         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
2419         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
2420         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
2421         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
2422         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
2423         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
2424         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
2425         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
2426         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
2427         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
2428         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
2429         (JSC::B3::Air::LowerToAir::acceptRoot):
2430         (JSC::B3::Air::LowerToAir::acceptRootLate):
2431         (JSC::B3::Air::LowerToAir::acceptInternals):
2432         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
2433         (JSC::B3::Air::LowerToAir::acceptOperands):
2434         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
2435         (JSC::B3::Air::LowerToAir::tryLoad):
2436         (JSC::B3::Air::LowerToAir::tryAdd):
2437         (JSC::B3::Air::LowerToAir::tryAnd):
2438         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
2439         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
2440         (JSC::B3::Air::LowerToAir::tryStore):
2441         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
2442         (JSC::B3::Air::LowerToAir::tryTrunc):
2443         (JSC::B3::Air::LowerToAir::tryArgumentReg):
2444         (JSC::B3::Air::LowerToAir::tryConst32):
2445         (JSC::B3::Air::LowerToAir::tryConst64):
2446         (JSC::B3::Air::LowerToAir::tryIdentity):
2447         (JSC::B3::Air::LowerToAir::tryReturn):
2448         (JSC::B3::lowerToAir):
2449         * b3/B3LowerToAir.h: Added.
2450         * b3/B3LoweringMatcher.patterns: Added.
2451         * b3/B3MemoryValue.cpp: Added.
2452         (JSC::B3::MemoryValue::~MemoryValue):
2453         (JSC::B3::MemoryValue::dumpMeta):
2454         * b3/B3MemoryValue.h: Added.
2455         * b3/B3Opcode.cpp: Added.
2456         (WTF::printInternal):
2457         * b3/B3Opcode.h: Added.
2458         (JSC::B3::isCheckMath):
2459         * b3/B3Origin.cpp: Added.
2460         (JSC::B3::Origin::dump):
2461         * b3/B3Origin.h: Added.
2462         (JSC::B3::Origin::Origin):
2463         (JSC::B3::Origin::operator bool):
2464         (JSC::B3::Origin::data):
2465         * b3/B3PatchpointSpecial.cpp: Added.
2466         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
2467         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
2468         (JSC::B3::PatchpointSpecial::forEachArg):
2469         (JSC::B3::PatchpointSpecial::isValid):
2470         (JSC::B3::PatchpointSpecial::admitsStack):
2471         (JSC::B3::PatchpointSpecial::generate):
2472         (JSC::B3::PatchpointSpecial::dumpImpl):
2473         (JSC::B3::PatchpointSpecial::deepDumpImpl):
2474         * b3/B3PatchpointSpecial.h: Added.
2475         * b3/B3PatchpointValue.cpp: Added.
2476         (JSC::B3::PatchpointValue::~PatchpointValue):
2477         (JSC::B3::PatchpointValue::dumpMeta):
2478         * b3/B3PatchpointValue.h: Added.
2479         (JSC::B3::PatchpointValue::accepts):
2480         (JSC::B3::PatchpointValue::PatchpointValue):
2481         * b3/B3PhaseScope.cpp: Added.
2482         (JSC::B3::PhaseScope::PhaseScope):
2483         (JSC::B3::PhaseScope::~PhaseScope):
2484         * b3/B3PhaseScope.h: Added.
2485         * b3/B3Procedure.cpp: Added.
2486         (JSC::B3::Procedure::Procedure):
2487         (JSC::B3::Procedure::~Procedure):
2488         (JSC::B3::Procedure::addBlock):
2489         (JSC::B3::Procedure::resetReachability):
2490         (JSC::B3::Procedure::dump):
2491         (JSC::B3::Procedure::blocksInPreOrder):
2492         (JSC::B3::Procedure::blocksInPostOrder):
2493         * b3/B3Procedure.h: Added.
2494         (JSC::B3::Procedure::size):
2495         (JSC::B3::Procedure::at):
2496         (JSC::B3::Procedure::operator[]):
2497         (JSC::B3::Procedure::iterator::iterator):
2498         (JSC::B3::Procedure::iterator::operator*):
2499         (JSC::B3::Procedure::iterator::operator++):
2500         (JSC::B3::Procedure::iterator::operator==):
2501         (JSC::B3::Procedure::iterator::operator!=):
2502         (JSC::B3::Procedure::iterator::findNext):
2503         (JSC::B3::Procedure::begin):
2504         (JSC::B3::Procedure::end):
2505         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
2506         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
2507         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
2508         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2509         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
2510         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2511         (JSC::B3::Procedure::ValuesCollection::begin):
2512         (JSC::B3::Procedure::ValuesCollection::end):
2513         (JSC::B3::Procedure::ValuesCollection::size):
2514         (JSC::B3::Procedure::ValuesCollection::at):
2515         (JSC::B3::Procedure::ValuesCollection::operator[]):
2516         (JSC::B3::Procedure::values):
2517         (JSC::B3::Procedure::setLastPhaseName):
2518         (JSC::B3::Procedure::lastPhaseName):
2519         * b3/B3ProcedureInlines.h: Added.
2520         (JSC::B3::Procedure::add):
2521         * b3/B3ReduceStrength.cpp: Added.
2522         (JSC::B3::reduceStrength):
2523         * b3/B3ReduceStrength.h: Added.
2524         * b3/B3StackSlotKind.cpp: Added.
2525         (WTF::printInternal):
2526         * b3/B3StackSlotKind.h: Added.
2527         * b3/B3StackSlotValue.cpp: Added.
2528         (JSC::B3::StackSlotValue::~StackSlotValue):
2529         (JSC::B3::StackSlotValue::dumpMeta):
2530         * b3/B3StackSlotValue.h: Added.
2531         (JSC::B3::StackSlotValue::accepts):
2532         (JSC::B3::StackSlotValue::byteSize):
2533         (JSC::B3::StackSlotValue::kind):
2534         (JSC::B3::StackSlotValue::offsetFromFP):
2535         (JSC::B3::StackSlotValue::setOffsetFromFP):
2536         (JSC::B3::StackSlotValue::StackSlotValue):
2537         * b3/B3Stackmap.cpp: Added.
2538         (JSC::B3::Stackmap::Stackmap):
2539         (JSC::B3::Stackmap::~Stackmap):
2540         (JSC::B3::Stackmap::dump):
2541         * b3/B3Stackmap.h: Added.
2542         (JSC::B3::Stackmap::constrain):
2543         (JSC::B3::Stackmap::reps):
2544         (JSC::B3::Stackmap::clobber):
2545         (JSC::B3::Stackmap::clobbered):
2546         (JSC::B3::Stackmap::setGenerator):
2547         * b3/B3StackmapSpecial.cpp: Added.
2548         (JSC::B3::StackmapSpecial::StackmapSpecial):
2549         (JSC::B3::StackmapSpecial::~StackmapSpecial):
2550         (JSC::B3::StackmapSpecial::reportUsedRegisters):
2551         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2552         (JSC::B3::StackmapSpecial::forEachArgImpl):
2553         (JSC::B3::StackmapSpecial::isValidImpl):
2554         (JSC::B3::StackmapSpecial::admitsStackImpl):
2555         (JSC::B3::StackmapSpecial::appendRepsImpl):
2556         (JSC::B3::StackmapSpecial::repForArg):
2557         * b3/B3StackmapSpecial.h: Added.
2558         * b3/B3SuccessorCollection.h: Added.
2559         (JSC::B3::SuccessorCollection::SuccessorCollection):
2560         (JSC::B3::SuccessorCollection::size):
2561         (JSC::B3::SuccessorCollection::at):
2562         (JSC::B3::SuccessorCollection::operator[]):
2563         (JSC::B3::SuccessorCollection::iterator::iterator):
2564         (JSC::B3::SuccessorCollection::iterator::operator*):
2565         (JSC::B3::SuccessorCollection::iterator::operator++):
2566         (JSC::B3::SuccessorCollection::iterator::operator==):
2567         (JSC::B3::SuccessorCollection::iterator::operator!=):
2568         (JSC::B3::SuccessorCollection::begin):
2569         (JSC::B3::SuccessorCollection::end):
2570         * b3/B3SwitchCase.cpp: Added.
2571         (JSC::B3::SwitchCase::dump):
2572         * b3/B3SwitchCase.h: Added.
2573         (JSC::B3::SwitchCase::SwitchCase):
2574         (JSC::B3::SwitchCase::operator bool):
2575         (JSC::B3::SwitchCase::caseValue):
2576         (JSC::B3::SwitchCase::target):
2577         (JSC::B3::SwitchCase::targetBlock):
2578         * b3/B3SwitchValue.cpp: Added.
2579         (JSC::B3::SwitchValue::~SwitchValue):
2580         (JSC::B3::SwitchValue::removeCase):
2581         (JSC::B3::SwitchValue::appendCase):
2582         (JSC::B3::SwitchValue::dumpMeta):
2583         (JSC::B3::SwitchValue::SwitchValue):
2584         * b3/B3SwitchValue.h: Added.
2585         (JSC::B3::SwitchValue::accepts):
2586         (JSC::B3::SwitchValue::numCaseValues):
2587         (JSC::B3::SwitchValue::caseValue):
2588         (JSC::B3::SwitchValue::caseValues):
2589         (JSC::B3::SwitchValue::fallThrough):
2590         (JSC::B3::SwitchValue::size):
2591         (JSC::B3::SwitchValue::at):
2592         (JSC::B3::SwitchValue::operator[]):
2593         (JSC::B3::SwitchValue::iterator::iterator):
2594         (JSC::B3::SwitchValue::iterator::operator*):
2595         (JSC::B3::SwitchValue::iterator::operator++):
2596         (JSC::B3::SwitchValue::iterator::operator==):
2597         (JSC::B3::SwitchValue::iterator::operator!=):
2598         (JSC::B3::SwitchValue::begin):
2599         (JSC::B3::SwitchValue::end):
2600         * b3/B3Type.cpp: Added.
2601         (WTF::printInternal):
2602         * b3/B3Type.h: Added.
2603         (JSC::B3::isInt):
2604         (JSC::B3::isFloat):
2605         (JSC::B3::pointerType):
2606         * b3/B3UpsilonValue.cpp: Added.
2607         (JSC::B3::UpsilonValue::~UpsilonValue):
2608         (JSC::B3::UpsilonValue::dumpMeta):
2609         * b3/B3UpsilonValue.h: Added.
2610         (JSC::B3::UpsilonValue::accepts):
2611         (JSC::B3::UpsilonValue::phi):
2612         (JSC::B3::UpsilonValue::UpsilonValue):
2613         * b3/B3UseCounts.cpp: Added.
2614         (JSC::B3::UseCounts::UseCounts):
2615         (JSC::B3::UseCounts::~UseCounts):
2616         * b3/B3UseCounts.h: Added.
2617         (JSC::B3::UseCounts::operator[]):
2618         * b3/B3Validate.cpp: Added.
2619         (JSC::B3::validate):
2620         * b3/B3Validate.h: Added.
2621         * b3/B3Value.cpp: Added.
2622         (JSC::B3::Value::~Value):
2623         (JSC::B3::Value::replaceWithIdentity):
2624         (JSC::B3::Value::replaceWithNop):
2625         (JSC::B3::Value::dump):
2626         (JSC::B3::Value::deepDump):
2627         (JSC::B3::Value::negConstant):
2628         (JSC::B3::Value::addConstant):
2629         (JSC::B3::Value::subConstant):
2630         (JSC::B3::Value::effects):
2631         (JSC::B3::Value::performSubstitution):
2632         (JSC::B3::Value::dumpMeta):
2633         (JSC::B3::Value::typeFor):
2634         * b3/B3Value.h: Added.
2635         (JSC::B3::DeepValueDump::DeepValueDump):
2636         (JSC::B3::DeepValueDump::dump):
2637         (JSC::B3::deepDump):
2638         * b3/B3ValueInlines.h: Added.
2639         (JSC::B3::Value::as):
2640         (JSC::B3::Value::isConstant):
2641         (JSC::B3::Value::hasInt32):
2642         (JSC::B3::Value::asInt32):
2643         (JSC::B3::Value::hasInt64):
2644         (JSC::B3::Value::asInt64):
2645         (JSC::B3::Value::hasInt):
2646         (JSC::B3::Value::asInt):
2647         (JSC::B3::Value::isInt):
2648         (JSC::B3::Value::hasIntPtr):
2649         (JSC::B3::Value::asIntPtr):
2650         (JSC::B3::Value::hasDouble):
2651         (JSC::B3::Value::asDouble):
2652         (JSC::B3::Value::stackmap):
2653         * b3/B3ValueRep.cpp: Added.
2654         (JSC::B3::ValueRep::dump):
2655         (WTF::printInternal):
2656         * b3/B3ValueRep.h: Added.
2657         (JSC::B3::ValueRep::ValueRep):
2658         (JSC::B3::ValueRep::reg):
2659         (JSC::B3::ValueRep::stack):
2660         (JSC::B3::ValueRep::stackArgument):
2661         (JSC::B3::ValueRep::constant):
2662         (JSC::B3::ValueRep::constantDouble):
2663         (JSC::B3::ValueRep::kind):
2664         (JSC::B3::ValueRep::operator bool):
2665         (JSC::B3::ValueRep::offsetFromFP):
2666         (JSC::B3::ValueRep::offsetFromSP):
2667         (JSC::B3::ValueRep::value):
2668         (JSC::B3::ValueRep::doubleValue):
2669         * b3/air: Added.
2670         * b3/air/AirAllocateStack.cpp: Added.
2671         (JSC::B3::Air::allocateStack):
2672         * b3/air/AirAllocateStack.h: Added.
2673         * b3/air/AirArg.cpp: Added.
2674         (JSC::B3::Air::Arg::dump):
2675         * b3/air/AirArg.h: Added.
2676         (JSC::B3::Air::Arg::isUse):
2677         (JSC::B3::Air::Arg::isDef):
2678         (JSC::B3::Air::Arg::typeForB3Type):
2679         (JSC::B3::Air::Arg::Arg):
2680         (JSC::B3::Air::Arg::imm):
2681         (JSC::B3::Air::Arg::imm64):
2682         (JSC::B3::Air::Arg::addr):
2683         (JSC::B3::Air::Arg::stack):
2684         (JSC::B3::Air::Arg::callArg):
2685         (JSC::B3::Air::Arg::isValidScale):
2686         (JSC::B3::Air::Arg::logScale):
2687         (JSC::B3::Air::Arg::index):
2688         (JSC::B3::Air::Arg::relCond):
2689         (JSC::B3::Air::Arg::resCond):
2690         (JSC::B3::Air::Arg::special):
2691         (JSC::B3::Air::Arg::operator==):
2692         (JSC::B3::Air::Arg::operator!=):
2693         (JSC::B3::Air::Arg::operator bool):
2694         (JSC::B3::Air::Arg::kind):
2695         (JSC::B3::Air::Arg::isTmp):
2696         (JSC::B3::Air::Arg::isImm):
2697         (JSC::B3::Air::Arg::isImm64):
2698         (JSC::B3::Air::Arg::isAddr):
2699         (JSC::B3::Air::Arg::isStack):
2700         (JSC::B3::Air::Arg::isCallArg):
2701         (JSC::B3::Air::Arg::isIndex):
2702         (JSC::B3::Air::Arg::isRelCond):
2703         (JSC::B3::Air::Arg::isResCond):
2704         (JSC::B3::Air::Arg::isSpecial):
2705         (JSC::B3::Air::Arg::isAlive):
2706         (JSC::B3::Air::Arg::tmp):
2707         (JSC::B3::Air::Arg::value):
2708         (JSC::B3::Air::Arg::pointerValue):
2709         (JSC::B3::Air::Arg::base):
2710         (JSC::B3::Air::Arg::hasOffset):
2711         (JSC::B3::Air::Arg::offset):
2712         (JSC::B3::Air::Arg::stackSlot):
2713         (JSC::B3::Air::Arg::scale):
2714         (JSC::B3::Air::Arg::isGPTmp):
2715         (JSC::B3::Air::Arg::isFPTmp):
2716         (JSC::B3::Air::Arg::isGP):
2717         (JSC::B3::Air::Arg::isFP):
2718         (JSC::B3::Air::Arg::hasType):
2719         (JSC::B3::Air::Arg::type):
2720         (JSC::B3::Air::Arg::isType):
2721         (JSC::B3::Air::Arg::isGPR):
2722         (JSC::B3::Air::Arg::gpr):
2723         (JSC::B3::Air::Arg::isFPR):
2724         (JSC::B3::Air::Arg::fpr):
2725         (JSC::B3::Air::Arg::isReg):
2726         (JSC::B3::Air::Arg::reg):
2727         (JSC::B3::Air::Arg::gpTmpIndex):
2728         (JSC::B3::Air::Arg::fpTmpIndex):
2729         (JSC::B3::Air::Arg::tmpIndex):
2730         (JSC::B3::Air::Arg::withOffset):
2731         (JSC::B3::Air::Arg::forEachTmpFast):
2732         (JSC::B3::Air::Arg::forEachTmp):
2733         (JSC::B3::Air::Arg::asTrustedImm32):
2734         (JSC::B3::Air::Arg::asTrustedImm64):
2735         (JSC::B3::Air::Arg::asTrustedImmPtr):
2736         (JSC::B3::Air::Arg::asAddress):
2737         (JSC::B3::Air::Arg::asBaseIndex):
2738         (JSC::B3::Air::Arg::asRelationalCondition):
2739         (JSC::B3::Air::Arg::asResultCondition):
2740         (JSC::B3::Air::Arg::isHashTableDeletedValue):
2741         (JSC::B3::Air::Arg::hash):
2742         (JSC::B3::Air::ArgHash::hash):
2743         (JSC::B3::Air::ArgHash::equal):
2744         * b3/air/AirBasicBlock.cpp: Added.
2745         (JSC::B3::Air::BasicBlock::addPredecessor):
2746         (JSC::B3::Air::BasicBlock::removePredecessor):
2747         (JSC::B3::Air::BasicBlock::replacePredecessor):
2748         (JSC::B3::Air::BasicBlock::dump):
2749         (JSC::B3::Air::BasicBlock::deepDump):
2750         (JSC::B3::Air::BasicBlock::BasicBlock):
2751         * b3/air/AirBasicBlock.h: Added.
2752         (JSC::B3::Air::BasicBlock::index):
2753         (JSC::B3::Air::BasicBlock::size):
2754         (JSC::B3::Air::BasicBlock::begin):
2755         (JSC::B3::Air::BasicBlock::end):
2756         (JSC::B3::Air::BasicBlock::at):
2757         (JSC::B3::Air::BasicBlock::last):
2758         (JSC::B3::Air::BasicBlock::appendInst):
2759         (JSC::B3::Air::BasicBlock::append):
2760         (JSC::B3::Air::BasicBlock::numSuccessors):
2761         (JSC::B3::Air::BasicBlock::successor):
2762         (JSC::B3::Air::BasicBlock::successors):
2763         (JSC::B3::Air::BasicBlock::successorBlock):
2764         (JSC::B3::Air::BasicBlock::successorBlocks):
2765         (JSC::B3::Air::BasicBlock::numPredecessors):
2766         (JSC::B3::Air::BasicBlock::predecessor):
2767         (JSC::B3::Air::BasicBlock::predecessors):
2768         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
2769         (JSC::B3::Air::DeepBasicBlockDump::dump):
2770         (JSC::B3::Air::deepDump):
2771         * b3/air/AirCCallSpecial.cpp: Added.
2772         (JSC::B3::Air::CCallSpecial::CCallSpecial):
2773         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
2774         (JSC::B3::Air::CCallSpecial::forEachArg):
2775         (JSC::B3::Air::CCallSpecial::isValid):
2776         (JSC::B3::Air::CCallSpecial::admitsStack):
2777         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
2778         (JSC::B3::Air::CCallSpecial::generate):
2779         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2780         (JSC::B3::Air::CCallSpecial::dumpImpl):
2781         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
2782         * b3/air/AirCCallSpecial.h: Added.
2783         * b3/air/AirCode.cpp: Added.
2784         (JSC::B3::Air::Code::Code):
2785         (JSC::B3::Air::Code::~Code):
2786         (JSC::B3::Air::Code::addBlock):
2787         (JSC::B3::Air::Code::addStackSlot):
2788         (JSC::B3::Air::Code::addSpecial):
2789         (JSC::B3::Air::Code::cCallSpecial):
2790         (JSC::B3::Air::Code::resetReachability):
2791         (JSC::B3::Air::Code::dump):
2792         (JSC::B3::Air::Code::findFirstBlockIndex):
2793         (JSC::B3::Air::Code::findNextBlockIndex):
2794         (JSC::B3::Air::Code::findNextBlock):
2795         * b3/air/AirCode.h: Added.
2796         (JSC::B3::Air::Code::newTmp):
2797         (JSC::B3::Air::Code::numTmps):
2798         (JSC::B3::Air::Code::callArgAreaSize):
2799         (JSC::B3::Air::Code::requestCallArgAreaSize):
2800         (JSC::B3::Air::Code::frameSize):
2801         (JSC::B3::Air::Code::setFrameSize):
2802         (JSC::B3::Air::Code::calleeSaveRegisters):
2803         (JSC::B3::Air::Code::size):
2804         (JSC::B3::Air::Code::at):
2805         (JSC::B3::Air::Code::operator[]):
2806         (JSC::B3::Air::Code::iterator::iterator):
2807         (JSC::B3::Air::Code::iterator::operator*):
2808         (JSC::B3::Air::Code::iterator::operator++):
2809         (JSC::B3::Air::Code::iterator::operator==):
2810         (JSC::B3::Air::Code::iterator::operator!=):
2811         (JSC::B3::Air::Code::begin):
2812         (JSC::B3::Air::Code::end):
2813         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
2814         (JSC::B3::Air::Code::StackSlotsCollection::size):
2815         (JSC::B3::Air::Code::StackSlotsCollection::at):
2816         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
2817         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
2818         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
2819         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
2820         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
2821         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
2822         (JSC::B3::Air::Code::StackSlotsCollection::begin):
2823         (JSC::B3::Air::Code::StackSlotsCollection::end):
2824         (JSC::B3::Air::Code::stackSlots):
2825         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
2826         (JSC::B3::Air::Code::SpecialsCollection::size):
2827         (JSC::B3::Air::Code::SpecialsCollection::at):
2828         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
2829         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
2830         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
2831         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
2832         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
2833         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
2834         (JSC::B3::Air::Code::SpecialsCollection::begin):
2835         (JSC::B3::Air::Code::SpecialsCollection::end):
2836         (JSC::B3::Air::Code::specials):
2837         (JSC::B3::Air::Code::setLastPhaseName):
2838         (JSC::B3::Air::Code::lastPhaseName):
2839         * b3/air/AirFrequentedBlock.h: Added.
2840         * b3/air/AirGenerate.cpp: Added.
2841         (JSC::B3::Air::generate):
2842         * b3/air/AirGenerate.h: Added.
2843         * b3/air/AirGenerated.cpp: Added.
2844         * b3/air/AirGenerationContext.h: Added.
2845         * b3/air/AirHandleCalleeSaves.cpp: Added.
2846         (JSC::B3::Air::handleCalleeSaves):
2847         * b3/air/AirHandleCalleeSaves.h: Added.
2848         * b3/air/AirInsertionSet.cpp: Added.
2849         (JSC::B3::Air::InsertionSet::execute):
2850         * b3/air/AirInsertionSet.h: Added.
2851         (JSC::B3::Air::InsertionSet::InsertionSet):
2852         (JSC::B3::Air::InsertionSet::code):
2853         (JSC::B3::Air::InsertionSet::appendInsertion):
2854         (JSC::B3::Air::InsertionSet::insertInst):
2855         (JSC::B3::Air::InsertionSet::insert):
2856         * b3/air/AirInst.cpp: Added.
2857         (JSC::B3::Air::Inst::dump):
2858         * b3/air/AirInst.h: Added.
2859         (JSC::B3::Air::Inst::Inst):
2860         (JSC::B3::Air::Inst::opcode):
2861         (JSC::B3::Air::Inst::forEachTmpFast):
2862         (JSC::B3::Air::Inst::forEachTmp):
2863         * b3/air/AirInstInlines.h: Added.
2864         (JSC::B3::Air::ForEach<Tmp>::forEach):
2865         (JSC::B3::Air::ForEach<Arg>::forEach):
2866         (JSC::B3::Air::Inst::forEach):
2867         (JSC::B3::Air::Inst::hasSpecial):
2868         (JSC::B3::Air::Inst::extraClobberedRegs):
2869         (JSC::B3::Air::Inst::reportUsedRegisters):
2870         (JSC::B3::Air::isShiftValid):
2871         (JSC::B3::Air::isLshift32Valid):
2872         * b3/air/AirLiveness.h: Added.
2873         (JSC::B3::Air::Liveness::Liveness):
2874         (JSC::B3::Air::Liveness::liveAtHead):
2875         (JSC::B3::Air::Liveness::liveAtTail):
2876         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2877         (JSC::B3::Air::Liveness::LocalCalc::live):
2878         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
2879         (JSC::B3::Air::Liveness::LocalCalc::execute):
2880         * b3/air/AirOpcode.opcodes: Added.
2881         * b3/air/AirPhaseScope.cpp: Added.
2882         (JSC::B3::Air::PhaseScope::PhaseScope):
2883         (JSC::B3::Air::PhaseScope::~PhaseScope):
2884         * b3/air/AirPhaseScope.h: Added.
2885         * b3/air/AirRegisterPriority.cpp: Added.
2886         (JSC::B3::Air::gprsInPriorityOrder):
2887         (JSC::B3::Air::fprsInPriorityOrder):
2888         (JSC::B3::Air::regsInPriorityOrder):
2889         * b3/air/AirRegisterPriority.h: Added.
2890         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
2891         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
2892         (JSC::B3::Air::regsInPriorityOrder):
2893         * b3/air/AirSpecial.cpp: Added.
2894         (JSC::B3::Air::Special::Special):
2895         (JSC::B3::Air::Special::~Special):
2896         (JSC::B3::Air::Special::name):
2897         (JSC::B3::Air::Special::dump):
2898         (JSC::B3::Air::Special::deepDump):
2899         * b3/air/AirSpecial.h: Added.
2900         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
2901         (JSC::B3::Air::DeepSpecialDump::dump):
2902         (JSC::B3::Air::deepDump):
2903         * b3/air/AirSpillEverything.cpp: Added.
2904         (JSC::B3::Air::spillEverything):
2905         * b3/air/AirSpillEverything.h: Added.
2906         * b3/air/AirStackSlot.cpp: Added.
2907         (JSC::B3::Air::StackSlot::setOffsetFromFP):
2908         (JSC::B3::Air::StackSlot::dump):
2909         (JSC::B3::Air::StackSlot::deepDump):
2910         (JSC::B3::Air::StackSlot::StackSlot):
2911         * b3/air/AirStackSlot.h: Added.
2912         (JSC::B3::Air::StackSlot::byteSize):
2913         (JSC::B3::Air::StackSlot::kind):
2914         (JSC::B3::Air::StackSlot::index):
2915         (JSC::B3::Air::StackSlot::alignment):
2916         (JSC::B3::Air::StackSlot::value):
2917         (JSC::B3::Air::StackSlot::offsetFromFP):
2918         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
2919         (JSC::B3::Air::DeepStackSlotDump::dump):
2920         (JSC::B3::Air::deepDump):
2921         * b3/air/AirTmp.cpp: Added.
2922         (JSC::B3::Air::Tmp::dump):
2923         * b3/air/AirTmp.h: Added.
2924         (JSC::B3::Air::Tmp::Tmp):
2925         (JSC::B3::Air::Tmp::gpTmpForIndex):
2926         (JSC::B3::Air::Tmp::fpTmpForIndex):
2927         (JSC::B3::Air::Tmp::operator bool):
2928         (JSC::B3::Air::Tmp::isGP):
2929         (JSC::B3::Air::Tmp::isFP):
2930         (JSC::B3::Air::Tmp::isGPR):
2931         (JSC::B3::Air::Tmp::isFPR):
2932         (JSC::B3::Air::Tmp::isReg):
2933         (JSC::B3::Air::Tmp::gpr):
2934         (JSC::B3::Air::Tmp::fpr):
2935         (JSC::B3::Air::Tmp::reg):
2936         (JSC::B3::Air::Tmp::hasTmpIndex):
2937         (JSC::B3::Air::Tmp::gpTmpIndex):
2938         (JSC::B3::Air::Tmp::fpTmpIndex):
2939         (JSC::B3::Air::Tmp::tmpIndex):
2940         (JSC::B3::Air::Tmp::isAlive):
2941         (JSC::B3::Air::Tmp::operator==):
2942         (JSC::B3::Air::Tmp::operator!=):
2943         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
2944         (JSC::B3::Air::Tmp::hash):
2945         (JSC::B3::Air::Tmp::encodeGP):
2946         (JSC::B3::Air::Tmp::encodeFP):
2947         (JSC::B3::Air::Tmp::encodeGPR):
2948         (JSC::B3::Air::Tmp::encodeFPR):
2949         (JSC::B3::Air::Tmp::encodeGPTmp):
2950         (JSC::B3::Air::Tmp::encodeFPTmp):
2951         (JSC::B3::Air::Tmp::isEncodedGP):
2952         (JSC::B3::Air::Tmp::isEncodedFP):
2953         (JSC::B3::Air::Tmp::isEncodedGPR):
2954         (JSC::B3::Air::Tmp::isEncodedFPR):
2955         (JSC::B3::Air::Tmp::isEncodedGPTmp):
2956         (JSC::B3::Air::Tmp::isEncodedFPTmp):
2957         (JSC::B3::Air::Tmp::decodeGPR):
2958         (JSC::B3::Air::Tmp::decodeFPR):
2959         (JSC::B3::Air::Tmp::decodeGPTmp):
2960         (JSC::B3::Air::Tmp::decodeFPTmp):
2961         (JSC::B3::Air::TmpHash::hash):
2962         (JSC::B3::Air::TmpHash::equal):
2963         * b3/air/AirTmpInlines.h: Added.
2964         (JSC::B3::Air::Tmp::Tmp):
2965         * b3/air/AirValidate.cpp: Added.
2966         (JSC::B3::Air::validate):
2967         * b3/air/AirValidate.h: Added.
2968         * b3/air/opcode_generator.rb: Added.
2969         * b3/generate_pattern_matcher.rb: Added.
2970         * b3/testb3.cpp: Added.
2971         (JSC::B3::compileAndRun):
2972         (JSC::B3::test42):
2973         (JSC::B3::testLoad42):
2974         (JSC::B3::testArg):
2975         (JSC::B3::testAddArgs):
2976         (JSC::B3::testAddArgs32):
2977         (JSC::B3::testStore):
2978         (JSC::B3::testTrunc):
2979         (JSC::B3::testAdd1):
2980         (JSC::B3::testStoreAddLoad):
2981         (JSC::B3::testStoreAddAndLoad):
2982         (JSC::B3::testAdd1Uncommuted):
2983         (JSC::B3::testLoadOffset):
2984         (JSC::B3::testLoadOffsetNotConstant):
2985         (JSC::B3::testLoadOffsetUsingAdd):
2986         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2987         (JSC::B3::run):
2988         (run):
2989         (main):
2990         * bytecode/CodeBlock.h:
2991         (JSC::CodeBlock::specializationKind):
2992         * jit/Reg.h:
2993         (JSC::Reg::index):
2994         (JSC::Reg::isSet):
2995         (JSC::Reg::operator bool):
2996         (JSC::Reg::isHashTableDeletedValue):
2997         (JSC::Reg::AllRegsIterable::iterator::iterator):
2998         (JSC::Reg::AllRegsIterable::iterator::operator*):
2999         (JSC::Reg::AllRegsIterable::iterator::operator++):
3000         (JSC::Reg::AllRegsIterable::iterator::operator==):
3001         (JSC::Reg::AllRegsIterable::iterator::operator!=):
3002         (JSC::Reg::AllRegsIterable::begin):
3003         (JSC::Reg::AllRegsIterable::end):
3004         (JSC::Reg::all):
3005         (JSC::Reg::invalid):
3006         (JSC::Reg::operator!): Deleted.
3007         * jit/RegisterAtOffsetList.cpp:
3008         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
3009         * jit/RegisterAtOffsetList.h:
3010         (JSC::RegisterAtOffsetList::clear):
3011         (JSC::RegisterAtOffsetList::size):
3012         (JSC::RegisterAtOffsetList::begin):
3013         (JSC::RegisterAtOffsetList::end):
3014         * jit/RegisterSet.h:
3015         (JSC::RegisterSet::operator==):
3016         (JSC::RegisterSet::hash):
3017         (JSC::RegisterSet::forEach):
3018         (JSC::RegisterSet::setAny):
3019
3020 2015-10-28  Mark Lam  <mark.lam@apple.com>
3021
3022         Rename MacroAssembler::callProbe() to probe().
3023         https://bugs.webkit.org/show_bug.cgi?id=150641
3024
3025         Reviewed by Saam Barati.
3026
3027         To do this, I needed to disambiguate between the low-level probe() from the
3028         high-level version that takes a std::function.  I did this by changing the low-
3029         level version to not take default args anymore.
3030
3031         * assembler/AbstractMacroAssembler.h:
3032         * assembler/MacroAssembler.cpp:
3033         (JSC::stdFunctionCallback):
3034         (JSC::MacroAssembler::probe):
3035         (JSC::MacroAssembler::callProbe): Deleted.
3036         * assembler/MacroAssembler.h:
3037         (JSC::MacroAssembler::urshift32):
3038         * assembler/MacroAssemblerARM.h:
3039         (JSC::MacroAssemblerARM::repatchCall):
3040         * assembler/MacroAssemblerARM64.h:
3041         (JSC::MacroAssemblerARM64::repatchCall):
3042         * assembler/MacroAssemblerARMv7.h:
3043         (JSC::MacroAssemblerARMv7::repatchCall):
3044         * assembler/MacroAssemblerPrinter.h:
3045         (JSC::MacroAssemblerPrinter::print):
3046         * assembler/MacroAssemblerX86Common.h:
3047         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
3048
3049 2015-10-28  Timothy Hatcher  <timothy@apple.com>
3050
3051         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
3052         https://bugs.webkit.org/show_bug.cgi?id=148728
3053
3054         Reviewed by Joseph Pecoraro.
3055
3056         * Scripts/jsmin.py:
3057         (JavascriptMinify.minify): Make backtick a quoting character.
3058
3059 2015-10-28  Brian Burg  <bburg@apple.com>
3060
3061         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
3062         https://bugs.webkit.org/show_bug.cgi?id=150536
3063
3064         Reviewed by Yusuke Suzuki.
3065
3066         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
3067         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
3068
3069         Generate primary header includes separately from secondary header includes so we can
3070         put the guard between the two header groups, as is customary in WebKit C++ code.
3071
3072         New tests:
3073
3074         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
3075         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
3076         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
3077
3078         * Scripts/builtins/builtins_generate_combined_implementation.py:
3079         (BuiltinsCombinedImplementationGenerator.generate_output):
3080         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
3081         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
3082         * Scripts/builtins/builtins_generate_separate_header.py:
3083         (BuiltinsSeparateHeaderGenerator.generate_output):
3084         (generate_secondary_header_includes):
3085         (generate_header_includes): Deleted.
3086         * Scripts/builtins/builtins_generate_separate_implementation.py:
3087         (BuiltinsSeparateImplementationGenerator.generate_output):
3088         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
3089         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
3090         * Scripts/builtins/builtins_generate_separate_wrapper.py:
3091         (BuiltinsSeparateWrapperGenerator.generate_output):
3092         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
3093         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
3094         * Scripts/builtins/builtins_generator.py:
3095         (BuiltinsGenerator.generate_includes_from_entries):
3096         (BuiltinsGenerator):
3097         (BuiltinsGenerator.generate_primary_header_includes):
3098         * Scripts/builtins/builtins_model.py:
3099         (BuiltinObject.__init__):
3100         (BuiltinsCollection.parse_builtins_file):
3101         (BuiltinsCollection._parse_annotations):
3102         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
3103         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
3104         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
3105         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
3106         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
3107         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
3108         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
3109         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
3110         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
3111         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
3112         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
3113         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
3114         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
3115
3116 2015-10-28  Mark Lam  <mark.lam@apple.com>
3117
3118         Update FTL to support UntypedUse operands for op_sub.
3119         https://bugs.webkit.org/show_bug.cgi?id=150562
3120
3121         Reviewed by Geoffrey Garen.
3122
3123         * assembler/MacroAssemblerARM64.h:
3124         - make the dataTempRegister and memoryTempRegister public so that we can
3125           move input registers out of them if needed.
3126
3127         * ftl/FTLCapabilities.cpp:
3128         (JSC::FTL::canCompile):
3129         - We can now compile ArithSub.
3130
3131         * ftl/FTLCompile.cpp:
3132         - Added BinaryArithGenerationContext to shuffle registers into a state that is
3133           expected by the baseline snippet generator.  This includes:
3134           1. Making sure that the input and output registers are not in the tag or
3135              scratch registers.
3136           2. Loading the tag registers with expected values.
3137           3. Restoring the registers to their original value on return.
3138         - Added code to implement the ArithSub inline cache.
3139
3140         * ftl/FTLInlineCacheDescriptor.h:
3141         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
3142         (JSC::FTL::ArithSubDescriptor::leftType):
3143         (JSC::FTL::ArithSubDescriptor::rightType):
3144
3145         * ftl/FTLInlineCacheSize.cpp:
3146         (JSC::FTL::sizeOfArithSub):
3147         * ftl/FTLInlineCacheSize.h:
3148
3149         * ftl/FTLLowerDFGToLLVM.cpp:
3150         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
3151         - Added handling for UnusedType for the ArithSub case.
3152
3153         * ftl/FTLState.h:
3154         * jit/GPRInfo.h:
3155         (JSC::GPRInfo::reservedRegisters):
3156
3157         * jit/JITSubGenerator.h:
3158         (JSC::JITSubGenerator::generateFastPath):
3159         - When the result is in the same as one of the input registers, we'll end up
3160           corrupting the input in fast path even if we determine that we need to go to
3161           the slow path.  We now move the input into the scratch register and operate
3162           on that instead and only move the result into the result register only after
3163           the fast path has succeeded.
3164
3165         * tests/stress/op_sub.js:
3166         (o1.valueOf):
3167         (runTest):
3168         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
3169
3170 2015-10-28  Mark Lam  <mark.lam@apple.com>
3171
3172         Fix a typo in ProbeContext::fpr().
3173         https://bugs.webkit.org/show_bug.cgi?id=150629
3174
3175         Reviewed by Yusuke Suzuki.
3176
3177         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
3178
3179         * assembler/AbstractMacroAssembler.h:
3180         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
3181
3182 2015-10-28  Mark Lam  <mark.lam@apple.com>
3183
3184         Add ability to print the PC register from JIT'ed code.
3185         https://bugs.webkit.org/show_bug.cgi?id=150561
3186
3187         Reviewed by Geoffrey Garen.
3188
3189         * assembler/MacroAssemblerPrinter.cpp:
3190         (JSC::printPC):
3191         (JSC::MacroAssemblerPrinter::printCallback):
3192         * assembler/MacroAssemblerPrinter.h:
3193         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
3194
3195 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
3196
3197         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
3198         https://bugs.webkit.org/show_bug.cgi?id=150615
3199
3200         Reviewed by Timothy Hatcher.
3201
3202         * inspector/protocol/Timeline.json:
3203
3204 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
3205
3206         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
3207         https://bugs.webkit.org/show_bug.cgi?id=150605
3208
3209         Reviewed by Timothy Hatcher.
3210
3211         * inspector/protocol/Timeline.json:
3212
3213 2015-10-27  Michael Saboff  <msaboff@apple.com>
3214
3215         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
3216         https://bugs.webkit.org/show_bug.cgi?id=150580
3217
3218         Reviewed by Mark Lam.
3219
3220         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
3221         them in the shuffler.
3222
3223         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
3224         as we could be making space to spill a register so that we have a spare that we can use for the new
3225         frame's base pointer.
3226
3227         * ftl/FTLJSTailCall.cpp:
3228         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
3229         arguments stored in the stack.
3230         * ftl/FTLLowerDFGToLLVM.cpp:
3231         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
3232         * jit/CallFrameShuffler.cpp:
3233         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
3234
3235 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3236
3237         [ES6] Add DFG/FTL support for accessor put operations
3238         https://bugs.webkit.org/show_bug.cgi?id=148860
3239
3240         Reviewed by Geoffrey Garen.
3241
3242         This patch introduces accessor defining ops into DFG and FTL.
3243         The following DFG nodes are introduced.
3244
3245             op_put_getter_by_id  => PutGetterById
3246             op_put_setter_by_id  => PutSetterById
3247             op_put_getter_setter => PutGetterSetterById
3248             op_put_getter_by_val => PutGetterByVal
3249             op_put_setter_by_val => PutSetterByVal
3250
3251         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3252
3253         To use operations defined for baseline JIT, we clean up existing operations.
3254         And reuse these operations in DFG and FTL.
3255
3256         * dfg/DFGAbstractInterpreterInlines.h:
3257         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3258         * dfg/DFGByteCodeParser.cpp:
3259         (JSC::DFG::ByteCodeParser::parseBlock):
3260         * dfg/DFGCapabilities.cpp:
3261         (JSC::DFG::capabilityLevel):
3262         * dfg/DFGClobberize.h:
3263         (JSC::DFG::clobberize):
3264         * dfg/DFGDoesGC.cpp:
3265         (JSC::DFG::doesGC):
3266         * dfg/DFGFixupPhase.cpp:
3267         (JSC::DFG::FixupPhase::fixupNode):
3268         * dfg/DFGNode.h:
3269         (JSC::DFG::Node::hasIdentifier):
3270         (JSC::DFG::Node::hasAccessorAttributes):
3271         (JSC::DFG::Node::accessorAttributes):
3272         * dfg/DFGNodeType.h:
3273         * dfg/DFGPredictionPropagationPhase.cpp:
3274         (JSC::DFG::PredictionPropagationPhase::propagate):
3275         * dfg/DFGSafeToExecute.h:
3276         (JSC::DFG::safeToExecute):
3277         * dfg/DFGSpeculativeJIT.cpp:
3278         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3279         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3280         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3281         We should fill all GPRs before calling flushRegisters().
3282         * dfg/DFGSpeculativeJIT.h:
3283         (JSC::DFG::SpeculativeJIT::callOperation):
3284         * dfg/DFGSpeculativeJIT32_64.cpp:
3285         (JSC::DFG::SpeculativeJIT::compile):
3286         * dfg/DFGSpeculativeJIT64.cpp:
3287         (JSC::DFG::SpeculativeJIT::compile):
3288         * ftl/FTLCapabilities.cpp:
3289         (JSC::FTL::canCompile):
3290         * ftl/FTLIntrinsicRepository.h:
3291         * ftl/FTLLowerDFGToLLVM.cpp:
3292         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3293         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3294         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3295         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3296         * jit/JIT.h:
3297         * jit/JITInlines.h:
3298         (JSC::JIT::callOperation):
3299         * jit/JITOperations.cpp:
3300         * jit/JITOperations.h:
3301         * jit/JITPropertyAccess.cpp:
3302         (JSC::JIT::emit_op_put_getter_by_id):
3303         (JSC::JIT::emit_op_put_setter_by_id):
3304         (JSC::JIT::emit_op_put_getter_setter):
3305         * jit/JITPropertyAccess32_64.cpp:
3306         (JSC::JIT::emit_op_put_getter_by_id):
3307         (JSC::JIT::emit_op_put_setter_by_id):
3308         (JSC::JIT::emit_op_put_getter_setter):
3309         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3310         (shouldBe):
3311         (testAttribute):
3312         (getter.Cocoa.prototype.get hello):
3313         (getter.Cocoa):
3314         (getter):
3315         (setter.Cocoa):
3316         (setter.Cocoa.prototype.set hello):
3317         (setter):
3318         (accessors.Cocoa):
3319         (accessors.Cocoa.prototype.get hello):
3320         (accessors.Cocoa.prototype.set hello):
3321         (accessors):
3322         * tests/stress/dfg-put-accessors-by-id.js: Added.
3323         (shouldBe):
3324         (testAttribute):
3325         (getter.object.get hello):
3326         (getter):
3327         (setter.object.set hello):
3328         (setter):
3329         (accessors.object.get hello):
3330         (accessors.object.set hello):
3331         (accessors):
3332         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3333         (shouldBe):
3334         (testAttribute):
3335         (getter.Cocoa):
3336         (getter.Cocoa.prototype.get hello):
3337         (getter.Cocoa.prototype.get name):
3338         (getter):
3339         * tests/stress/dfg-put-getter-by-id.js: Added.
3340         (shouldBe):
3341         (testAttribute):
3342         (getter.object.get hello):
3343         (getter):
3344         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3345         (shouldBe):
3346         (testAttribute):
3347         (getter.Cocoa):
3348         (getter.Cocoa.prototype.get name):
3349         (getter):
3350         * tests/stress/dfg-put-getter-by-val.js: Added.
3351         (shouldBe):
3352         (testAttribute):
3353         (getter.object.get name):
3354         (getter):
3355         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3356         (shouldBe):
3357         (testAttribute):
3358         (getter.Cocoa):
3359         (getter.Cocoa.prototype.set hello):
3360         (getter.Cocoa.prototype.get name):
3361         (getter):
3362         * tests/stress/dfg-put-setter-by-id.js: Added.
3363         (shouldBe):
3364         (testAttribute):
3365         (setter.object.set hello):
3366         (setter):
3367         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3368         (shouldBe):
3369         (testAttribute):
3370         (setter.Cocoa):
3371         (setter.Cocoa.prototype.set name):
3372         (setter):
3373         * tests/stress/dfg-put-setter-by-val.js: Added.
3374         (shouldBe):
3375         (testAttribute):
3376         (setter.object.set name):
3377         (setter):
3378
3379 2015-10-26  Mark Lam  <mark.lam@apple.com>
3380
3381         Add logging to warn about under-estimated FTL inline cache sizes.
3382         https://bugs.webkit.org/show_bug.cgi?id=150570
3383
3384         Reviewed by Geoffrey Garen.
3385
3386         Added 2 options:
3387         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
3388            estimates that are less than the actual needed code size.
3389
3390            This option is useful for when we add a new IC and want to compute an
3391            estimated size for the IC.  To do this:
3392            1. Build jsc for the target port with a very small IC size (enough to
3393               store the jump instruction needed for the out of line fallback
3394               implementation).
3395            2. Implement a test suite with scenarios that exercise all the code paths in
3396               the IC generator.
3397            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.