[JSC] Optimize Array#lastIndexOf
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
2
3         [JSC] Optimize Array#lastIndexOf
4         https://bugs.webkit.org/show_bug.cgi?id=189780
5
6         Reviewed by Saam Barati.
7
8         Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path
9         for JSArray with contiguous storage.
10
11         * runtime/ArrayPrototype.cpp:
12         (JSC::arrayProtoFuncLastIndexOf):
13
14 2018-09-25  Saam Barati  <sbarati@apple.com>
15
16         Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock
17         https://bugs.webkit.org/show_bug.cgi?id=189940
18         <rdar://problem/43640987>
19
20         Reviewed by Mark Lam.
21
22         We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL
23         CodeBlock. There is nothing semantically wrong with doing that (except for
24         poor naming), however, the poor naming here led us to make a real semantic
25         mistake. We wanted the baseline CodeBlock's constant pool, but we were
26         accessing the FTL CodeBlock's constant pool accidentally. We need to
27         access the baseline CodeBlock's constant pool when we update the NewArrayBuffer
28         constant value.
29
30         * bytecode/InlineCallFrame.h:
31         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
32         * ftl/FTLOperations.cpp:
33         (JSC::FTL::operationMaterializeObjectInOSR):
34
35 2018-09-25  Joseph Pecoraro  <pecoraro@apple.com>
36
37         Web Inspector: Stricter block syntax in generated ObjC protocol interfaces
38         https://bugs.webkit.org/show_bug.cgi?id=189962
39         <rdar://problem/44648287>
40
41         Reviewed by Brian Burg.
42
43         * inspector/scripts/codegen/generate_objc_header.py:
44         (ObjCHeaderGenerator._callback_block_for_command):
45         If there are no return parameters include "void" in the block signature.
46
47         * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
48         * inspector/scripts/tests/generic/expected/domain-availability.json-result:
49         * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
50         * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
51         * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result:
52         * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
53         Rebaseline test results.
54
55 2018-09-24  Joseph Pecoraro  <pecoraro@apple.com>
56
57         Remove AUTHORS and THANKS files which are stale
58         https://bugs.webkit.org/show_bug.cgi?id=189941
59
60         Reviewed by Darin Adler.
61
62         Included mentions below so their names are still in ChangeLogs.
63
64         * AUTHORS: Removed.
65         Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com).
66         These authors remain mentioned in copyrights in source files.
67
68         * THANKS: Removed.
69         Richard Moore <rich@kde.org> - for filling the Math object with some life
70         Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object.
71         Marco Pinelli <pinmc@libero.it> - for his patches
72         Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object
73         
74 2018-09-24  Fujii Hironori  <Hironori.Fujii@sony.com>
75
76         Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE
77         https://bugs.webkit.org/show_bug.cgi?id=189733
78
79         Reviewed by Michael Catanzaro.
80
81         * assembler/ARM64Assembler.h:
82         * assembler/ARMAssembler.h:
83         (JSC::ARMAssembler::cacheFlush):
84         * assembler/MacroAssemblerARM.cpp:
85         (JSC::isVFPPresent):
86         * assembler/MacroAssemblerARM64.cpp:
87         * assembler/MacroAssemblerARMv7.cpp:
88         * assembler/MacroAssemblerMIPS.cpp:
89         * assembler/MacroAssemblerX86Common.cpp:
90         * heap/HeapCell.cpp:
91         * heap/HeapCell.h:
92         * jit/HostCallReturnValue.h:
93         * jit/JIT.h:
94         * jit/JITOperations.cpp:
95         * jit/ThunkGenerators.cpp:
96         * runtime/ArrayConventions.cpp:
97         (JSC::clearArrayMemset):
98         * runtime/JSBigInt.cpp:
99         (JSC::JSBigInt::digitDiv):
100
101 2018-09-24  Saam Barati  <sbarati@apple.com>
102
103         Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects
104         https://bugs.webkit.org/show_bug.cgi?id=189922
105         <rdar://problem/44651275>
106
107         Reviewed by Mark Lam.
108
109         The implementation was first getting the length to iterate up to,
110         then getting the starting index. However, getting the starting
111         index may perform effects. e.g, it could change the length of the
112         array. This changes it so we verify the length is still valid.
113
114         * runtime/ArrayPrototype.cpp:
115         (JSC::arrayProtoFuncIndexOf):
116
117 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
118
119         offlineasm: fix macro scoping
120         https://bugs.webkit.org/show_bug.cgi?id=189902
121
122         Reviewed by Mark Lam.
123
124         In the code below, the reference to `f` in `g`, which should refer to
125         the outer macro definition will instead refer to the f argument of the
126         anonymous macro passed to `g`. That leads to this code failing to
127         compile (f expected 0 args but got 1).
128         
129         ```
130         macro f(x)
131             move x, t0
132         end
133         
134         macro g(fn)
135             fn(macro () f(42) end)
136         end
137         
138         g(macro(f) f() end)
139         ```
140
141         * offlineasm/ast.rb:
142         * offlineasm/transform.rb:
143
144 2018-09-24  Tadeu Zagallo  <tzagallo@apple.com>
145
146         Add forEach method for iterating CodeBlock's ValueProfiles
147         https://bugs.webkit.org/show_bug.cgi?id=189897
148
149         Reviewed by Mark Lam.
150
151         Add method to abstract how we find ValueProfiles in a CodeBlock in
152         preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when
153         ValueProfiles will be stored in the MetadataTable.
154
155         * bytecode/CodeBlock.cpp:
156         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
157         (JSC::CodeBlock::updateAllValueProfilePredictions):
158         (JSC::CodeBlock::shouldOptimizeNow):
159         (JSC::CodeBlock::dumpValueProfiles):
160         * bytecode/CodeBlock.h:
161         (JSC::CodeBlock::forEachValueProfile):
162         (JSC::CodeBlock::numberOfArgumentValueProfiles):
163         (JSC::CodeBlock::valueProfileForArgument):
164         (JSC::CodeBlock::numberOfValueProfiles):
165         (JSC::CodeBlock::valueProfile):
166         (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted.
167         (JSC::CodeBlock::getFromAllValueProfiles): Deleted.
168         * tools/HeapVerifier.cpp:
169         (JSC::HeapVerifier::validateJSCell):
170
171 2018-09-24  Saam barati  <sbarati@apple.com>
172
173         ArgumentsEliminationPhase should snip basic blocks after proven OSR exits
174         https://bugs.webkit.org/show_bug.cgi?id=189682
175         <rdar://problem/43557315>
176
177         Reviewed by Mark Lam.
178
179         Otherwise, if we have code like this:
180         ```
181         a: Arguments
182         b: GetButterfly(@a)
183         c: ForceExit
184         d: GetArrayLength(@a, @b)
185         ```
186         it will get transformed into this invalid DFG IR:
187         ```
188         a: PhantomArguments
189         b: Check(@a)
190         c: ForceExit
191         d: GetArrayLength(@a, @b)
192         ```
193         
194         And we will fail DFG validation since @b does not have a result.
195         
196         The fix is to just remove all nodes after the ForceExit and plant an
197         Unreachable after it. So the above code program will now turn into this:
198         ```
199         a: PhantomArguments
200         b: Check(@a)
201         c: ForceExit
202         e: Unreachable
203         ```
204
205         * dfg/DFGArgumentsEliminationPhase.cpp:
206
207 2018-09-22  Saam barati  <sbarati@apple.com>
208
209         The sampling should not use Strong<CodeBlock> in its machineLocation field
210         https://bugs.webkit.org/show_bug.cgi?id=189319
211
212         Reviewed by Filip Pizlo.
213
214         The sampling profiler has a CLI mode where we gather information about inline
215         call frames. That data structure was using a Strong<CodeBlock>. We were
216         constructing this Strong<CodeBlock> during GC concurrently to processing all
217         the Strong handles. This is a bug since we end up corrupting that data
218         structure. This patch fixes this by just making this data structure use the
219         sampling profiler's mechanism for holding onto and properly visiting heap pointers.
220
221         * inspector/agents/InspectorScriptProfilerAgent.cpp:
222         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
223         * runtime/SamplingProfiler.cpp:
224         (JSC::SamplingProfiler::processUnverifiedStackTraces):
225
226         (JSC::SamplingProfiler::reportTopFunctions):
227         (JSC::SamplingProfiler::reportTopBytecodes):
228         These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
229         cause a GC to happen while already holding the sampling profiler's
230         lock.
231
232 2018-09-21  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
233
234         [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration
235         https://bugs.webkit.org/show_bug.cgi?id=189778
236
237         Reviewed by Keith Miller.
238
239         LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on
240         Linux and macOS respectively. We would like to enable it for non JIT
241         configurations in X86_64 and ARM64.
242
243         This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures.
244         Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT)
245         configuration. But it is wrong in the new scenario since we have a build
246         configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce
247         ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace
248         ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just
249         related to LLInt ASM interpreter and not related to JIT.
250
251         We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER).
252         ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler
253         has machine register information that is used in LLInt ASM interpreter.
254
255         * API/tests/PingPongStackOverflowTest.cpp:
256         (testPingPongStackOverflow):
257         * CMakeLists.txt:
258         * JavaScriptCore.xcodeproj/project.pbxproj:
259         * assembler/MaxFrameExtentForSlowPathCall.h:
260         * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used.
261         * bytecode/CodeBlock.cpp:
262         (JSC::CodeBlock::finishCreation):
263         * bytecode/CodeBlock.h:
264         (JSC::CodeBlock::calleeSaveRegisters const):
265         (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
266         (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
267         (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
268         * bytecode/Opcode.h:
269         (JSC::padOpcodeName):
270         * heap/Heap.cpp:
271         (JSC::Heap::gatherJSStackRoots):
272         (JSC::Heap::stopThePeriphery):
273         * interpreter/CLoopStack.cpp:
274         * interpreter/CLoopStack.h:
275         * interpreter/CLoopStackInlines.h:
276         * interpreter/EntryFrame.h:
277         * interpreter/Interpreter.cpp:
278         (JSC::Interpreter::Interpreter):
279         (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const):
280         * interpreter/Interpreter.h:
281         * interpreter/StackVisitor.cpp:
282         (JSC::StackVisitor::Frame::calleeSaveRegisters):
283         * interpreter/VMEntryRecord.h:
284         * jit/ExecutableAllocator.h:
285         * jit/FPRInfo.h:
286         (WTF::printInternal):
287         * jit/GPRInfo.cpp:
288         * jit/GPRInfo.h:
289         (WTF::printInternal):
290         * jit/HostCallReturnValue.cpp:
291         (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too.
292         * jit/HostCallReturnValue.h:
293         * jit/JITOperations.cpp:
294         (JSC::getHostCallReturnValueWithExecState): Deleted.
295         * jit/JITOperationsMSVC64.cpp:
296         * jit/Reg.cpp:
297         * jit/Reg.h:
298         * jit/RegisterAtOffset.cpp:
299         * jit/RegisterAtOffset.h:
300         * jit/RegisterAtOffsetList.cpp:
301         * jit/RegisterAtOffsetList.h:
302         * jit/RegisterMap.h:
303         * jit/RegisterSet.cpp:
304         * jit/RegisterSet.h:
305         * jit/TempRegisterSet.cpp:
306         * jit/TempRegisterSet.h:
307         * llint/LLIntCLoop.cpp:
308         * llint/LLIntCLoop.h:
309         * llint/LLIntData.cpp:
310         (JSC::LLInt::initialize):
311         (JSC::LLInt::Data::performAssertions):
312         * llint/LLIntData.h:
313         * llint/LLIntOfflineAsmConfig.h:
314         * llint/LLIntOpcode.h:
315         * llint/LLIntPCRanges.h:
316         * llint/LLIntSlowPaths.cpp:
317         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
318         * llint/LLIntSlowPaths.h:
319         * llint/LLIntThunks.cpp:
320         * llint/LowLevelInterpreter.cpp:
321         * llint/LowLevelInterpreter.h:
322         * runtime/JSCJSValue.h:
323         * runtime/MachineContext.h:
324         * runtime/SamplingProfiler.cpp:
325         (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler
326         for LLInt ASM interpreter with non JIT configuration.
327         * runtime/TestRunnerUtils.cpp:
328         (JSC::optimizeNextInvocation):
329         * runtime/VM.cpp:
330         (JSC::VM::VM):
331         (JSC::VM::getHostFunction):
332         (JSC::VM::updateSoftReservedZoneSize):
333         (JSC::sanitizeStackForVM):
334         (JSC::VM::committedStackByteCount):
335         * runtime/VM.h:
336         * runtime/VMInlines.h:
337         (JSC::VM::ensureStackCapacityFor):
338         (JSC::VM::isSafeToRecurseSoft const):
339
340 2018-09-21  Keith Miller  <keith_miller@apple.com>
341
342         Add Promise SPI
343         https://bugs.webkit.org/show_bug.cgi?id=189809
344
345         Reviewed by Saam Barati.
346
347         The Patch adds new SPI to create promises. It's mostly SPI because
348         I want to see how internal users react to it before we make it
349         public.
350
351         This patch adds a couple of new Obj-C SPI methods. The first
352         creates a new promise using the same API that JS does where the
353         user provides an executor callback. If an exception is raised
354         in/to that callback the promise is automagically rejected. The
355         other methods create a pre-resolved or rejected promise as this
356         appears to be a common way to initialize a promise.
357
358         I was also considering adding a second version of executor API
359         where it would catch specific Obj-C exceptions. This would work by
360         taking a Class paramter and checking isKindOfClass: on the
361         exception. I decided against this as nothing else in our API
362         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
363         corrupt state if an Obj-C exception unwinds through JS frames.
364
365         This patch adds a new C function that will create a "deferred"
366         promise. A deferred promise is a style of creating promise/futures
367         where the resolve and reject functions are passed as outputs of a
368         function. I went with this style for the C SPI because we don't have
369         any concept of forwarding exceptions in the C API.
370
371         In order to make the C API work I refactored a bit of the promise code
372         so that we can call a static method on JSDeferredPromise and just get
373         the components without allocating an extra cell wrapper.
374
375         * API/JSContext.mm:
376         (+[JSContext currentCallee]):
377         * API/JSObjectRef.cpp:
378         (JSObjectMakeDeferredPromise):
379         * API/JSObjectRefPrivate.h:
380         * API/JSValue.mm:
381         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
382         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
383         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
384         * API/JSValuePrivate.h: Added.
385         * API/JSVirtualMachine.mm:
386         * API/JSVirtualMachinePrivate.h:
387         * API/tests/testapi.c:
388         (main):
389         * API/tests/testapi.cpp:
390         (APIContext::operator JSC::ExecState*):
391         (TestAPI::failed const):
392         (TestAPI::check):
393         (TestAPI::basicSymbol):
394         (TestAPI::symbolsTypeof):
395         (TestAPI::symbolsGetPropertyForKey):
396         (TestAPI::symbolsSetPropertyForKey):
397         (TestAPI::symbolsHasPropertyForKey):
398         (TestAPI::symbolsDeletePropertyForKey):
399         (TestAPI::promiseResolveTrue):
400         (TestAPI::promiseRejectTrue):
401         (testCAPIViaCpp):
402         (TestAPI::run): Deleted.
403         * API/tests/testapi.mm:
404         (testObjectiveCAPIMain):
405         (promiseWithExecutor):
406         (promiseRejectOnJSException):
407         (promiseCreateResolved):
408         (promiseCreateRejected):
409         (parallelPromiseResolveTest):
410         (testObjectiveCAPI):
411         * JavaScriptCore.xcodeproj/project.pbxproj:
412         * runtime/JSInternalPromiseDeferred.cpp:
413         (JSC::JSInternalPromiseDeferred::create):
414         * runtime/JSPromise.h:
415         * runtime/JSPromiseConstructor.cpp:
416         (JSC::constructPromise):
417         * runtime/JSPromiseDeferred.cpp:
418         (JSC::JSPromiseDeferred::createDeferredData):
419         (JSC::JSPromiseDeferred::create):
420         (JSC::JSPromiseDeferred::finishCreation):
421         (JSC::newPromiseCapability): Deleted.
422         * runtime/JSPromiseDeferred.h:
423         (JSC::JSPromiseDeferred::promise const):
424         (JSC::JSPromiseDeferred::resolve const):
425         (JSC::JSPromiseDeferred::reject const):
426
427 2018-09-21  Ryan Haddad  <ryanhaddad@apple.com>
428
429         Unreviewed, rolling out r236359.
430
431         Broke the Windows build.
432
433         Reverted changeset:
434
435         "Add Promise SPI"
436         https://bugs.webkit.org/show_bug.cgi?id=189809
437         https://trac.webkit.org/changeset/236359
438
439 2018-09-21  Mark Lam  <mark.lam@apple.com>
440
441         JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState.
442         https://bugs.webkit.org/show_bug.cgi?id=189855
443         <rdar://problem/44680181>
444
445         Reviewed by Filip Pizlo.
446
447         tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the
448         ExecState* argument.  This is intentional so that resolveRope() does not throw
449         in the event of an OutOfMemory error.  Hence, JSRopeString::resolveRope() should
450         get the VM from the cell instead of via the ExecState.
451
452         Also removed an obsolete and unused field in JSString.
453
454         * runtime/JSString.cpp:
455         (JSC::JSRopeString::resolveRope const):
456         (JSC::JSRopeString::outOfMemory const):
457         * runtime/JSString.h:
458         (JSC::JSString::tryGetValue const):
459
460 2018-09-21  Michael Saboff  <msaboff@apple.com>
461
462         Add functions to measure memory footprint to JSC
463         https://bugs.webkit.org/show_bug.cgi?id=189768
464
465         Reviewed by Saam Barati.
466
467         Rolling this back in again.
468
469         Provide system memory metrics for the current process to aid in memory reduction measurement and
470         tuning using native JS tests.
471
472         * jsc.cpp:
473         (MemoryFootprint::now):
474         (MemoryFootprint::resetPeak):
475         (GlobalObject::finishCreation):
476         (JSCMemoryFootprint::JSCMemoryFootprint):
477         (JSCMemoryFootprint::createStructure):
478         (JSCMemoryFootprint::create):
479         (JSCMemoryFootprint::finishCreation):
480         (JSCMemoryFootprint::addProperty):
481         (functionResetMemoryPeak):
482
483 2018-09-21  Keith Miller  <keith_miller@apple.com>
484
485         Add Promise SPI
486         https://bugs.webkit.org/show_bug.cgi?id=189809
487
488         Reviewed by Saam Barati.
489
490         The Patch adds new SPI to create promises. It's mostly SPI because
491         I want to see how internal users react to it before we make it
492         public.
493
494         This patch adds a couple of new Obj-C SPI methods. The first
495         creates a new promise using the same API that JS does where the
496         user provides an executor callback. If an exception is raised
497         in/to that callback the promise is automagically rejected. The
498         other methods create a pre-resolved or rejected promise as this
499         appears to be a common way to initialize a promise.
500
501         I was also considering adding a second version of executor API
502         where it would catch specific Obj-C exceptions. This would work by
503         taking a Class paramter and checking isKindOfClass: on the
504         exception. I decided against this as nothing else in our API
505         handles Obj-C exceptions. I'm pretty sure the VM will end up in a
506         corrupt state if an Obj-C exception unwinds through JS frames.
507
508         This patch adds a new C function that will create a "deferred"
509         promise. A deferred promise is a style of creating promise/futures
510         where the resolve and reject functions are passed as outputs of a
511         function. I went with this style for the C SPI because we don't have
512         any concept of forwarding exceptions in the C API.
513
514         In order to make the C API work I refactored a bit of the promise code
515         so that we can call a static method on JSDeferredPromise and just get
516         the components without allocating an extra cell wrapper.
517
518         * API/JSContext.mm:
519         (+[JSContext currentCallee]):
520         * API/JSObjectRef.cpp:
521         (JSObjectMakeDeferredPromise):
522         * API/JSObjectRefPrivate.h:
523         * API/JSValue.mm:
524         (+[JSValue valueWithNewPromiseInContext:fromExecutor:]):
525         (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]):
526         (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]):
527         * API/JSValuePrivate.h: Added.
528         * API/JSVirtualMachine.mm:
529         * API/JSVirtualMachinePrivate.h:
530         * API/tests/testapi.c:
531         (main):
532         * API/tests/testapi.cpp:
533         (APIContext::operator JSC::ExecState*):
534         (TestAPI::failed const):
535         (TestAPI::check):
536         (TestAPI::basicSymbol):
537         (TestAPI::symbolsTypeof):
538         (TestAPI::symbolsGetPropertyForKey):
539         (TestAPI::symbolsSetPropertyForKey):
540         (TestAPI::symbolsHasPropertyForKey):
541         (TestAPI::symbolsDeletePropertyForKey):
542         (TestAPI::promiseResolveTrue):
543         (TestAPI::promiseRejectTrue):
544         (testCAPIViaCpp):
545         (TestAPI::run): Deleted.
546         * API/tests/testapi.mm:
547         (testObjectiveCAPIMain):
548         (promiseWithExecutor):
549         (promiseRejectOnJSException):
550         (promiseCreateResolved):
551         (promiseCreateRejected):
552         (parallelPromiseResolveTest):
553         (testObjectiveCAPI):
554         * JavaScriptCore.xcodeproj/project.pbxproj:
555         * runtime/JSInternalPromiseDeferred.cpp:
556         (JSC::JSInternalPromiseDeferred::create):
557         * runtime/JSPromise.h:
558         * runtime/JSPromiseConstructor.cpp:
559         (JSC::constructPromise):
560         * runtime/JSPromiseDeferred.cpp:
561         (JSC::JSPromiseDeferred::createDeferredData):
562         (JSC::JSPromiseDeferred::create):
563         (JSC::JSPromiseDeferred::finishCreation):
564         (JSC::newPromiseCapability): Deleted.
565         * runtime/JSPromiseDeferred.h:
566         (JSC::JSPromiseDeferred::promise const):
567         (JSC::JSPromiseDeferred::resolve const):
568         (JSC::JSPromiseDeferred::reject const):
569
570 2018-09-21  Truitt Savell  <tsavell@apple.com>
571
572         Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit
573         https://bugs.webkit.org/show_bug.cgi?id=156674
574
575         Unreviewed Test Gardening
576
577         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
578         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
579
580 2018-09-21  Mike Gorse  <mgorse@suse.com>
581
582         Build tools should work when the /usr/bin/python is python3
583         https://bugs.webkit.org/show_bug.cgi?id=156674
584
585         Reviewed by Michael Catanzaro.
586
587         * Scripts/cssmin.py:
588         * Scripts/generate-js-builtins.py:
589         (do_open):
590         (generate_bindings_for_builtins_files):
591         * Scripts/generateIntlCanonicalizeLanguage.py:
592         * Scripts/jsmin.py:
593         (JavascriptMinify.minify.write):
594         (JavascriptMinify):
595         (JavascriptMinify.minify):
596         * Scripts/make-js-file-arrays.py:
597         (chunk):
598         (main):
599         * Scripts/wkbuiltins/__init__.py:
600         * Scripts/wkbuiltins/builtins_generate_combined_header.py:
601         (generate_section_for_global_private_code_name_macro):
602         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py:
603         (BuiltinsInternalsWrapperHeaderGenerator.__init__):
604         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py:
605         (BuiltinsInternalsWrapperImplementationGenerator.__init__):
606         * Scripts/wkbuiltins/builtins_model.py:
607         (BuiltinFunction.__lt__):
608         (BuiltinsCollection.copyrights):
609         (BuiltinsCollection._parse_functions):
610         * disassembler/udis86/ud_opcode.py:
611         (UdOpcodeTables.pprint.printWalk):
612         * generate-bytecode-files:
613         * inspector/scripts/codegen/__init__.py:
614         * inspector/scripts/codegen/cpp_generator.py:
615         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py:
616         (CppAlternateBackendDispatcherHeaderGenerator.generate_output):
617         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
618         (CppBackendDispatcherHeaderGenerator.domains_to_generate):
619         (CppBackendDispatcherHeaderGenerator.generate_output):
620         (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
621         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
622         (CppBackendDispatcherImplementationGenerator.domains_to_generate):
623         (CppBackendDispatcherImplementationGenerator.generate_output):
624         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
625         (CppFrontendDispatcherHeaderGenerator.domains_to_generate):
626         (CppFrontendDispatcherHeaderGenerator.generate_output):
627         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
628         (CppFrontendDispatcherImplementationGenerator.domains_to_generate):
629         (CppFrontendDispatcherImplementationGenerator.generate_output):
630         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
631         (CppProtocolTypesHeaderGenerator.generate_output):
632         (CppProtocolTypesHeaderGenerator._generate_forward_declarations):
633         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
634         (CppProtocolTypesImplementationGenerator.generate_output):
635         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain):
636         (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods):
637         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
638         (CppProtocolTypesImplementationGenerator._generate_builders_for_domain):
639         (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration):
640         * inspector/scripts/codegen/generate_js_backend_commands.py:
641         (JSBackendCommandsGenerator.should_generate_domain):
642         (JSBackendCommandsGenerator.domains_to_generate):
643         (JSBackendCommandsGenerator.generate_output):
644         (JSBackendCommandsGenerator.generate_domain):
645         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
646         (ObjCBackendDispatcherHeaderGenerator.domains_to_generate):
647         (ObjCBackendDispatcherHeaderGenerator.generate_output):
648         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
649         (ObjCBackendDispatcherImplementationGenerator.domains_to_generate):
650         (ObjCBackendDispatcherImplementationGenerator.generate_output):
651         (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command):
652         * inspector/scripts/codegen/generate_objc_configuration_header.py:
653         * inspector/scripts/codegen/generate_objc_configuration_implementation.py:
654         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
655         (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate):
656         (ObjCFrontendDispatcherImplementationGenerator.generate_output):
657         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
658         * inspector/scripts/codegen/generate_objc_header.py:
659         (ObjCHeaderGenerator.generate_output):
660         (ObjCHeaderGenerator._generate_type_interface):
661         * inspector/scripts/codegen/generate_objc_internal_header.py:
662         (ObjCInternalHeaderGenerator.generate_output):
663         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
664         (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate):
665         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
666         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py:
667         (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate):
668         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
669         (ObjCProtocolTypesImplementationGenerator.domains_to_generate):
670         (ObjCProtocolTypesImplementationGenerator.generate_output):
671         (ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
672         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
673         * inspector/scripts/codegen/generator.py:
674         (Generator.non_supplemental_domains):
675         (Generator.open_fields):
676         (Generator.calculate_types_requiring_shape_assertions):
677         (Generator._traverse_and_assign_enum_values):
678         (Generator.stylized_name_for_enum_value):
679         * inspector/scripts/codegen/models.py:
680         (find_duplicates):
681         * inspector/scripts/codegen/objc_generator.py:
682         * wasm/generateWasm.py:
683         (opcodeIterator):
684         * yarr/generateYarrCanonicalizeUnicode:
685         * yarr/generateYarrUnicodePropertyTables.py:
686         * yarr/hasher.py:
687         (stringHash):
688
689 2018-09-21  Tomas Popela  <tpopela@redhat.com>
690
691         [ARM] Build broken on armv7hl after r235517
692         https://bugs.webkit.org/show_bug.cgi?id=189831
693
694         Reviewed by Yusuke Suzuki.
695
696         Add missing implementation of patchebleBranch8() for traditional ARM.
697
698         * assembler/MacroAssemblerARM.h:
699         (JSC::MacroAssemblerARM::patchableBranch8):
700
701 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
702
703         Unreviewed, rolling out r236293.
704
705         Internal build still broken.
706
707         Reverted changeset:
708
709         "Add functions to measure memory footprint to JSC"
710         https://bugs.webkit.org/show_bug.cgi?id=189768
711         https://trac.webkit.org/changeset/236293
712
713 2018-09-20  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
714
715         [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString
716         https://bugs.webkit.org/show_bug.cgi?id=189558
717
718         Reviewed by Mark Lam.
719
720         When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`.
721
722             10.95%  AutomaticThread  libJavaScriptCore.so.1.0.0  [.] JSC::Heap::reportExtraMemoryVisited
723
724         This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren.
725         And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended.
726
727         This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter.
728         And we propagate this value to the global atomic counter when rebalance happens.
729
730         We also reduce HeapCell::heap() access by using `vm.heap`.
731
732         * heap/SlotVisitor.cpp:
733         (JSC::SlotVisitor::didStartMarking):
734         (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary):
735         (JSC::SlotVisitor::drain):
736         (JSC::SlotVisitor::performIncrementOfDraining):
737         * heap/SlotVisitor.h:
738         * heap/SlotVisitorInlines.h:
739         (JSC::SlotVisitor::reportExtraMemoryVisited):
740         * runtime/JSString.cpp:
741         (JSC::JSRopeString::resolveRopeToAtomicString const):
742         (JSC::JSRopeString::resolveRope const):
743         * runtime/JSString.h:
744         (JSC::JSString::finishCreation):
745         * wasm/js/JSWebAssemblyInstance.cpp:
746         (JSC::JSWebAssemblyInstance::finishCreation):
747         * wasm/js/JSWebAssemblyMemory.cpp:
748         (JSC::JSWebAssemblyMemory::finishCreation):
749
750 2018-09-20  Michael Saboff  <msaboff@apple.com>
751
752         Add functions to measure memory footprint to JSC
753         https://bugs.webkit.org/show_bug.cgi?id=189768
754
755         Reviewed by Saam Barati.
756
757         Rolling this back in.
758
759         Provide system memory metrics for the current process to aid in memory reduction measurement and
760         tuning using native JS tests.
761
762         * jsc.cpp:
763         (MemoryFootprint::now):
764         (MemoryFootprint::resetPeak):
765         (GlobalObject::finishCreation):
766         (JSCMemoryFootprint::JSCMemoryFootprint):
767         (JSCMemoryFootprint::createStructure):
768         (JSCMemoryFootprint::create):
769         (JSCMemoryFootprint::finishCreation):
770         (JSCMemoryFootprint::addProperty):
771         (functionResetMemoryPeak):
772
773 2018-09-20  Ryan Haddad  <ryanhaddad@apple.com>
774
775         Unreviewed, rolling out r236235.
776
777         Breaks internal builds.
778
779         Reverted changeset:
780
781         "Add functions to measure memory footprint to JSC"
782         https://bugs.webkit.org/show_bug.cgi?id=189768
783         https://trac.webkit.org/changeset/236235
784
785 2018-09-20  Fujii Hironori  <Hironori.Fujii@sony.com>
786
787         [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged'
788         https://bugs.webkit.org/show_bug.cgi?id=189730
789
790         Reviewed by Saam Barati.
791
792         Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine.
793
794         * jit/JITMathIC.h:
795         (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)".
796
797 2018-09-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
798
799         [JSC] Optimize Array#indexOf in C++ runtime
800         https://bugs.webkit.org/show_bug.cgi?id=189507
801
802         Reviewed by Saam Barati.
803
804         C++ Array#indexOf runtime function takes so much time in babylon benchmark in
805         web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
806         and actually it is working well, C++ Array#indexOf is called significant amount
807         of time before tiering up, and it takes 6.74% of jsc main thread samples according
808         to perf command in Linux. This is because C++ Array#indexOf is too generic and
809         misses the chance to optimize JSArray cases.
810
811         This patch adds JSArray fast path for Array#indexOf. If we know that indexed
812         access to the given JSArray is non-observable and indexing type is good for the fast
813         path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
814         babylon web-tooling-benchmark.
815
816         * runtime/ArrayPrototype.cpp:
817         (JSC::arrayProtoFuncIndexOf):
818         * runtime/JSArray.h:
819         * runtime/JSArrayInlines.h:
820         (JSC::JSArray::canDoFastIndexedAccess):
821         (JSC::toLength):
822         * runtime/JSCJSValueInlines.h:
823         (JSC::JSValue::JSValue):
824         * runtime/JSGlobalObject.h:
825         * runtime/JSGlobalObjectInlines.h:
826         (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
827         (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
828         * runtime/MathCommon.h:
829         (JSC::canBeStrictInt32):
830         (JSC::canBeInt32):
831
832 2018-09-19  Michael Saboff  <msaboff@apple.com>
833
834         Add functions to measure memory footprint to JSC
835         https://bugs.webkit.org/show_bug.cgi?id=189768
836
837         Reviewed by Saam Barati.
838
839         Provide system memory metrics for the current process to aid in memory reduction measurement and
840         tuning using native JS tests.
841
842         * jsc.cpp:
843         (MemoryFootprint::now):
844         (MemoryFootprint::resetPeak):
845         (GlobalObject::finishCreation):
846         (JSCMemoryFootprint::JSCMemoryFootprint):
847         (JSCMemoryFootprint::createStructure):
848         (JSCMemoryFootprint::create):
849         (JSCMemoryFootprint::finishCreation):
850         (JSCMemoryFootprint::addProperty):
851         (functionResetMemoryPeak):
852
853 2018-09-19  Saam barati  <sbarati@apple.com>
854
855         CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code
856         https://bugs.webkit.org/show_bug.cgi?id=189703
857
858         Reviewed by Mark Lam.
859
860         This fixes a crash that a TypeProfiler change revealed.
861
862         * dfg/DFGSpeculativeJIT64.cpp:
863         (JSC::DFG::SpeculativeJIT::compile):
864
865 2018-09-19  Saam barati  <sbarati@apple.com>
866
867         AI rule for MultiPutByOffset executes its effects in the wrong order
868         https://bugs.webkit.org/show_bug.cgi?id=189757
869         <rdar://problem/43535257>
870
871         Reviewed by Michael Saboff.
872
873         The AI rule for MultiPutByOffset was executing effects in the wrong order.
874         It first executed the transition effects and the effects on the base, and
875         then executed the filtering effects on the value being stored. However, you
876         can end up with the wrong type when the base and the value being stored
877         are the same. E.g, in a program like `o.f = o`. These effects need to happen
878         in the opposite order, modeling what happens in the runtime executing of
879         MultiPutByOffset.
880
881         * dfg/DFGAbstractInterpreterInlines.h:
882         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
883
884 2018-09-18  Mark Lam  <mark.lam@apple.com>
885
886         Ensure that ForInContexts are invalidated if their loop local is over-written.
887         https://bugs.webkit.org/show_bug.cgi?id=189571
888         <rdar://problem/44402277>
889
890         Reviewed by Saam Barati.
891
892         Instead of hunting down every place in the BytecodeGenerator that potentially
893         needs to invalidate an enclosing ForInContext (if one exists), we simply iterate
894         the bytecode range of the loop body when the ForInContext is popped, and
895         invalidate the context if we ever find the loop temp variable over-written.
896
897         This has 2 benefits:
898         1. It ensures that every type of opcode that can write to the loop temp will be
899            handled appropriately, not just the op_mov that we've hunted down.
900         2. It avoids us having to check the BytecodeGenerator's m_forInContextStack
901            every time we emit an op_mov (or other opcodes that can write to a local)
902            even when we're not inside a for-in loop.
903
904         JSC benchmarks show that that this change is performance neutral.
905
906         * bytecompiler/BytecodeGenerator.cpp:
907         (JSC::BytecodeGenerator::pushIndexedForInScope):
908         (JSC::BytecodeGenerator::popIndexedForInScope):
909         (JSC::BytecodeGenerator::pushStructureForInScope):
910         (JSC::BytecodeGenerator::popStructureForInScope):
911         (JSC::ForInContext::finalize):
912         (JSC::StructureForInContext::finalize):
913         (JSC::IndexedForInContext::finalize):
914         (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted.
915         * bytecompiler/BytecodeGenerator.h:
916         (JSC::ForInContext::ForInContext):
917         (JSC::ForInContext::bodyBytecodeStartOffset const):
918         (JSC::StructureForInContext::StructureForInContext):
919         (JSC::IndexedForInContext::IndexedForInContext):
920         * bytecompiler/NodesCodegen.cpp:
921         (JSC::PostfixNode::emitResolve):
922         (JSC::PrefixNode::emitResolve):
923         (JSC::ReadModifyResolveNode::emitBytecode):
924         (JSC::AssignResolveNode::emitBytecode):
925         (JSC::EmptyLetExpression::emitBytecode):
926         (JSC::ForInNode::emitLoopHeader):
927         (JSC::ForOfNode::emitBytecode):
928         (JSC::BindingNode::bindValue const):
929         (JSC::AssignmentElementNode::bindValue const):
930         * runtime/CommonSlowPaths.cpp:
931         (JSC::SLOW_PATH_DECL):
932
933 2018-09-17  Devin Rousso  <drousso@apple.com>
934
935         Web Inspector: generate CSSKeywordCompletions from backend values
936         https://bugs.webkit.org/show_bug.cgi?id=189041
937
938         Reviewed by Joseph Pecoraro.
939
940         * inspector/protocol/CSS.json:
941         Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`.
942
943 2018-09-17  Saam barati  <sbarati@apple.com>
944
945         We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure
946         https://bugs.webkit.org/show_bug.cgi?id=189676
947         <rdar://problem/39682897>
948
949         Reviewed by Michael Saboff.
950
951         Because the incoming value may be TDZ, CheckStructure may end up crashing.
952         Since the Type Profile does not currently record TDZ values in any of its
953         data structures, this is not a semantic change in how it will show you data.
954         It just fixes crashes when we emit a CheckStructure and the incoming value
955         is TDZ.
956
957         * dfg/DFGFixupPhase.cpp:
958         (JSC::DFG::FixupPhase::fixupNode):
959         * dfg/DFGNode.h:
960         (JSC::DFG::Node::convertToCheckStructureOrEmpty):
961
962 2018-09-17  Darin Adler  <darin@apple.com>
963
964         Use OpaqueJSString rather than JSRetainPtr inside WebKit
965         https://bugs.webkit.org/show_bug.cgi?id=189652
966
967         Reviewed by Saam Barati.
968
969         * API/JSCallbackObjectFunctions.h: Removed an uneeded include of
970         JSStringRef.h.
971
972         * API/JSContext.mm:
973         (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather
974         than JSStringCreateWithCFString, simplifying the code and also obviating the
975         need for explicit JSStringRelease.
976         (-[JSContext setName:]): Ditto.
977
978         * API/JSStringRef.cpp:
979         (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease.
980         It seems that additional optimization is possible, obviating the need to allocate
981         an OpaqueJSString, but that's true almost everywhere else in this patch, too.
982
983         * API/JSValue.mm:
984         (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use
985         OpaqueJSString::create and adoptRef as appropriate.
986         (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto.
987         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto.
988         (performPropertyOperation): Ditto.
989         (-[JSValue invokeMethod:withArguments:]): Ditto.
990         (valueToObjectWithoutCopy): Ditto.
991         (containerValueToObject): Ditto.
992         (valueToString): Ditto.
993         (objectToValueWithoutCopy): Ditto.
994         (objectToValue): Ditto.
995
996 2018-09-08  Darin Adler  <darin@apple.com>
997
998         Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext
999         https://bugs.webkit.org/show_bug.cgi?id=189455
1000
1001         Reviewed by Keith Miller.
1002
1003         * API/JSObjectRef.cpp:
1004         (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of
1005         JSRetainPtr<JSStringRef>.
1006         (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and
1007         adopt constructor.
1008         (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since
1009         the array elements are now Ref.
1010
1011         * API/JSRetainPtr.h: While JSRetainPtr is written as a template,
1012         it only works for two specific unrelated types, JSStringRef and
1013         JSGlobalContextRef. Simplified the default constructor using data
1014         member initialization. Prepared to make the adopt constructor private
1015         (got everything compiling that way, then made it public again so that
1016         Apple internal software will still build). Got rid of unneeded
1017         templated constructor and assignment operator, since it's not relevant
1018         since there is no inheritance between JSRetainPtr template types.
1019         Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr.
1020         Added move constructor and move assignment operator for slightly better
1021         performance. Simplified implementations of various member functions
1022         so they are more obviously correct, by using leakPtr in more of them
1023         and using std::exchange to make the flow of values more obvious.
1024
1025         * API/JSValue.mm:
1026         (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a
1027         missing JSStringRelease to fix a leak.
1028
1029         * API/tests/CustomGlobalObjectClassTest.c:
1030         (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak.
1031         (globalObjectSetPrototypeTest): Ditto.
1032         (globalObjectPrivatePropertyTest): Ditto.
1033
1034         * API/tests/ExecutionTimeLimitTest.cpp:
1035         (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak.
1036         (testExecutionTimeLimit): Ditto, lots more.
1037
1038         * API/tests/FunctionOverridesTest.cpp:
1039         (testFunctionOverrides): Added a call to JSStringRelease to fix a leak.
1040
1041         * API/tests/JSObjectGetProxyTargetTest.cpp:
1042         (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix
1043         a leak.
1044
1045         * API/tests/PingPongStackOverflowTest.cpp:
1046         (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and
1047         JSStringRelease to fix leaks.
1048
1049         * API/tests/testapi.c:
1050         (throwException): Added. Helper function for repeated idiom where we want
1051         to throw an exception, but with additional JSStringRelease calls so we don't
1052         have to leak just to keep the code simpler to read.
1053         (MyObject_getProperty): Use throwException.
1054         (MyObject_setProperty): Ditto.
1055         (MyObject_deleteProperty): Ditto.
1056         (isValueEqualToString): Added. Helper function for an idiom where we check
1057         if something is a string and then if it's equal to a particular string
1058         constant, but a version that has an additional JSStringRelease call so we
1059         don't have to leak just to keep the code simpler to read.
1060         (MyObject_callAsFunction): Use isValueEqualToString and throwException.
1061         (MyObject_callAsConstructor): Ditto.
1062         (MyObject_hasInstance): Ditto.
1063         (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak.
1064         (testMarkingConstraintsAndHeapFinalizers): Ditto.
1065
1066 2018-09-14  Saam barati  <sbarati@apple.com>
1067
1068         Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
1069         https://bugs.webkit.org/show_bug.cgi?id=189628
1070         <rdar://problem/39481690>
1071
1072         Reviewed by Mark Lam.
1073
1074         An Availability may point to a Node. And that Node may be removed from
1075         the graph, e.g, it's freed and its memory is no longer owned by Graph.
1076         This patch makes it so we no longer dump this metadata by default. If
1077         this metadata is interesting to you, you'll need to go in and change
1078         Graph::dump to dump the needed metadata.
1079
1080         * dfg/DFGGraph.cpp:
1081         (JSC::DFG::Graph::dump):
1082
1083 2018-09-14  Mark Lam  <mark.lam@apple.com>
1084
1085         Refactor some ForInContext code for better encapsulation.
1086         https://bugs.webkit.org/show_bug.cgi?id=189626
1087         <rdar://problem/44466415>
1088
1089         Reviewed by Keith Miller.
1090
1091         1. Add a ForInContext::m_type field to store the context type.  This does not
1092            increase the class size, but eliminates the need for a virtual call to get the
1093            type.
1094
1095            Note: we still need a virtual destructor because we'll be mingling
1096            IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack.
1097
1098         2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext()
1099            convenience methods.
1100
1101         3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext()
1102            to do the casting to the subclass types.  This ensures that we'll properly
1103            assert that the casting is legal.
1104
1105         * bytecompiler/BytecodeGenerator.cpp:
1106         (JSC::BytecodeGenerator::emitGetByVal):
1107         (JSC::BytecodeGenerator::popIndexedForInScope):
1108         (JSC::BytecodeGenerator::popStructureForInScope):
1109         * bytecompiler/BytecodeGenerator.h:
1110         (JSC::ForInContext::type const):
1111         (JSC::ForInContext::isIndexedForInContext const):
1112         (JSC::ForInContext::isStructureForInContext const):
1113         (JSC::ForInContext::asIndexedForInContext):
1114         (JSC::ForInContext::asStructureForInContext):
1115         (JSC::ForInContext::ForInContext):
1116         (JSC::StructureForInContext::StructureForInContext):
1117         (JSC::IndexedForInContext::IndexedForInContext):
1118         (JSC::ForInContext::~ForInContext): Deleted.
1119
1120 2018-09-14  Devin Rousso  <webkit@devinrousso.com>
1121
1122         Web Inspector: Record actions performed on ImageBitmapRenderingContext
1123         https://bugs.webkit.org/show_bug.cgi?id=181341
1124
1125         Reviewed by Joseph Pecoraro.
1126
1127         * inspector/protocol/Recording.json:
1128         * inspector/scripts/codegen/generator.py:
1129
1130 2018-09-14  Mike Gorse  <mgorse@suse.com>
1131
1132         builtins directory causes name conflict on Python 3
1133         https://bugs.webkit.org/show_bug.cgi?id=189552
1134
1135         Reviewed by Michael Catanzaro.
1136
1137         * CMakeLists.txt: builtins -> wkbuiltins.
1138         * DerivedSources.make: builtins -> wkbuiltins.
1139         * Scripts/generate-js-builtins.py: import wkbuiltins, rather than
1140           builtins.
1141         * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py.
1142         * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py.
1143         * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py.
1144         * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py.
1145         * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py.
1146         * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py.
1147         * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py.
1148         * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py.
1149         * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py.
1150         * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py.
1151         * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py.
1152         * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming.
1153
1154 2018-09-13  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
1155
1156         [WebAssembly] Inline WasmContext accessor functions
1157         https://bugs.webkit.org/show_bug.cgi?id=189416
1158
1159         Reviewed by Saam Barati.
1160
1161         WasmContext accessor functions are very small while it resides in the critical path of
1162         JS to Wasm function call. This patch makes them inline to improve performance.
1163         This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms.
1164
1165         * JavaScriptCore.xcodeproj/project.pbxproj:
1166         * Sources.txt:
1167         * interpreter/CallFrame.cpp:
1168         * jit/AssemblyHelpers.cpp:
1169         * wasm/WasmB3IRGenerator.cpp:
1170         * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp.
1171         (JSC::Wasm::Context::useFastTLS):
1172         (JSC::Wasm::Context::load const):
1173         (JSC::Wasm::Context::store):
1174         * wasm/WasmMemoryInformation.cpp:
1175         * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations.
1176         * wasm/js/JSToWasm.cpp:
1177         * wasm/js/WebAssemblyFunction.cpp:
1178
1179 2018-09-12  David Kilzer  <ddkilzer@apple.com>
1180
1181         Move JavaScriptCore files to match Xcode project hierarchy
1182         <https://webkit.org/b/189574>
1183
1184         Reviewed by Filip Pizlo.
1185
1186         * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp.
1187         * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h.
1188         * CMakeLists.txt: Update for new path to
1189         generateYarrUnicodePropertyTables.py, hasher.py and
1190         JSAPIValueWrapper.h.
1191         * DerivedSources.make: Ditto. Add missing dependency on
1192         hasher.py captured by CMakeLists.txt.
1193         * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file
1194         reference paths. Add hasher.py library to project.
1195         * Sources.txt: Update for new path to
1196         JSAPIValueWrapper.cpp.
1197         * runtime/JSImmutableButterfly.h: Add missing includes
1198         after changes to Sources.txt and regenerating unified
1199         sources.
1200         * runtime/RuntimeType.h: Ditto.
1201         * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py.
1202         * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py.
1203
1204 2018-09-12  David Kilzer  <ddkilzer@apple.com>
1205
1206         Let Xcode have its way with the JavaScriptCore project
1207
1208         * JavaScriptCore.xcodeproj/project.pbxproj:
1209
1210 2018-09-12  Guillaume Emont  <guijemont@igalia.com>
1211
1212         Add IGNORE_WARNING_.* macros
1213         https://bugs.webkit.org/show_bug.cgi?id=188996
1214
1215         Reviewed by Michael Catanzaro.
1216
1217         * API/JSCallbackObject.h:
1218         * API/tests/testapi.c:
1219         * assembler/LinkBuffer.h:
1220         (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1221         * b3/B3LowerToAir.cpp:
1222         * b3/B3Opcode.cpp:
1223         * b3/B3Type.h:
1224         * b3/B3TypeMap.h:
1225         * b3/B3Width.h:
1226         * b3/air/AirArg.cpp:
1227         * b3/air/AirArg.h:
1228         * b3/air/AirCode.h:
1229         * bytecode/Opcode.h:
1230         (JSC::padOpcodeName):
1231         * dfg/DFGSpeculativeJIT.cpp:
1232         (JSC::DFG::SpeculativeJIT::speculateNumber):
1233         (JSC::DFG::SpeculativeJIT::speculateMisc):
1234         * dfg/DFGSpeculativeJIT64.cpp:
1235         * ftl/FTLOutput.h:
1236         * jit/CCallHelpers.h:
1237         (JSC::CCallHelpers::calculatePokeOffset):
1238         * llint/LLIntData.cpp:
1239         * llint/LLIntSlowPaths.cpp:
1240         (JSC::LLInt::slowPathLogF):
1241         * runtime/ConfigFile.cpp:
1242         (JSC::ConfigFile::canonicalizePaths):
1243         * runtime/JSDataViewPrototype.cpp:
1244         * runtime/JSGenericTypedArrayViewConstructor.h:
1245         * runtime/JSGenericTypedArrayViewPrototype.h:
1246         * runtime/Options.cpp:
1247         (JSC::Options::setAliasedOption):
1248         * tools/CodeProfiling.cpp:
1249         * wasm/WasmSections.h:
1250         * wasm/generateWasmValidateInlinesHeader.py:
1251
1252 == Rolled over to ChangeLog-2018-09-11 ==