Antialias underlines if they're not axis-aligned
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-23  Michael Saboff  <msaboff@apple.com>
2
3         LLInt arity check exception processing should start unwinding from caller
4         https://bugs.webkit.org/show_bug.cgi?id=123209
5
6         Reviewed by Oliver Hunt.
7
8         Use the caller frame returned from slow_path_call_arityCheck to process exceptions.
9
10         * llint/LowLevelInterpreter32_64.asm:
11         * llint/LowLevelInterpreter64.asm:
12
13 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
14
15         FTL should be able to do some simple inline caches using LLVM patchpoints
16         https://bugs.webkit.org/show_bug.cgi?id=123164
17
18         Reviewed by Mark Hahnenberg.
19         
20         This implements GetById inline caches in the FTL using llvm.webkit.patchpoint.
21         
22         The idea is that we ask LLVM for a nop slide the size of a GetById inline
23         cache and then fill in the code after LLVM compilation is complete. For now, we
24         just use the system calling convention for the arguments and return. We also
25         still make some assumptions about registers that aren't correct. But, most of
26         the scaffolding is there and this will successfully patch an inline cache.
27
28         * JavaScriptCore.xcodeproj/project.pbxproj:
29         * assembler/AbstractMacroAssembler.h:
30         * assembler/LinkBuffer.cpp:
31         (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
32         (JSC::LinkBuffer::linkCode):
33         (JSC::LinkBuffer::allocate):
34         * assembler/LinkBuffer.h:
35         (JSC::LinkBuffer::LinkBuffer):
36         (JSC::LinkBuffer::link):
37         * ftl/FTLAbbreviations.h:
38         (JSC::FTL::constNull):
39         (JSC::FTL::buildCall):
40         * ftl/FTLCapabilities.cpp:
41         (JSC::FTL::canCompile):
42         * ftl/FTLCompile.cpp:
43         (JSC::FTL::fixFunctionBasedOnStackMaps):
44         * ftl/FTLInlineCacheDescriptor.h: Added.
45         (JSC::FTL::InlineCacheDescriptor::InlineCacheDescriptor):
46         (JSC::FTL::GetByIdDescriptor::GetByIdDescriptor):
47         (JSC::FTL::GetByIdDescriptor::stackmapID):
48         (JSC::FTL::GetByIdDescriptor::codeOrigin):
49         (JSC::FTL::GetByIdDescriptor::uid):
50         * ftl/FTLInlineCacheSize.cpp: Added.
51         (JSC::FTL::sizeOfGetById):
52         (JSC::FTL::sizeOfPutById):
53         * ftl/FTLInlineCacheSize.h: Added.
54         * ftl/FTLIntrinsicRepository.h:
55         * ftl/FTLJITFinalizer.cpp:
56         (JSC::FTL::JITFinalizer::finalizeFunction):
57         * ftl/FTLJITFinalizer.h:
58         * ftl/FTLLocation.cpp:
59         (JSC::FTL::Location::directGPR):
60         * ftl/FTLLocation.h:
61         * ftl/FTLLowerDFGToLLVM.cpp:
62         (JSC::FTL::LowerDFGToLLVM::compileGetById):
63         * ftl/FTLOutput.h:
64         (JSC::FTL::Output::call):
65         * ftl/FTLSlowPathCall.cpp: Added.
66         (JSC::FTL::callOperation):
67         * ftl/FTLSlowPathCall.h: Added.
68         (JSC::FTL::SlowPathCall::SlowPathCall):
69         (JSC::FTL::SlowPathCall::call):
70         (JSC::FTL::SlowPathCall::key):
71         * ftl/FTLSlowPathCallKey.cpp: Added.
72         (JSC::FTL::SlowPathCallKey::dump):
73         * ftl/FTLSlowPathCallKey.h: Added.
74         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
75         (JSC::FTL::SlowPathCallKey::usedRegisters):
76         (JSC::FTL::SlowPathCallKey::callTarget):
77         (JSC::FTL::SlowPathCallKey::offset):
78         (JSC::FTL::SlowPathCallKey::isEmptyValue):
79         (JSC::FTL::SlowPathCallKey::isDeletedValue):
80         (JSC::FTL::SlowPathCallKey::operator==):
81         (JSC::FTL::SlowPathCallKey::hash):
82         (JSC::FTL::SlowPathCallKeyHash::hash):
83         (JSC::FTL::SlowPathCallKeyHash::equal):
84         * ftl/FTLStackMaps.cpp:
85         (JSC::FTL::StackMaps::Location::directGPR):
86         * ftl/FTLStackMaps.h:
87         * ftl/FTLState.h:
88         * ftl/FTLThunks.cpp:
89         (JSC::FTL::slowPathCallThunkGenerator):
90         * ftl/FTLThunks.h:
91         (JSC::FTL::Thunks::getSlowPathCallThunk):
92         * jit/CCallHelpers.h:
93         (JSC::CCallHelpers::setupArguments):
94         * jit/GPRInfo.h:
95         * jit/JITInlineCacheGenerator.cpp:
96         (JSC::garbageStubInfo):
97         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
98         (JSC::JITByIdGenerator::finalize):
99         * jit/JITInlineCacheGenerator.h:
100         (JSC::JITByIdGenerator::slowPathBegin):
101         * jit/RegisterSet.cpp:
102         (JSC::RegisterSet::stackRegisters):
103         (JSC::RegisterSet::specialRegisters):
104         (JSC::RegisterSet::calleeSaveRegisters):
105         (JSC::RegisterSet::allGPRs):
106         (JSC::RegisterSet::allFPRs):
107         (JSC::RegisterSet::allRegisters):
108         (JSC::RegisterSet::dump):
109         * jit/RegisterSet.h:
110         (JSC::RegisterSet::exclude):
111         (JSC::RegisterSet::numberOfSetRegisters):
112         (JSC::RegisterSet::RegisterSet):
113         (JSC::RegisterSet::isEmptyValue):
114         (JSC::RegisterSet::isDeletedValue):
115         (JSC::RegisterSet::operator==):
116         (JSC::RegisterSet::hash):
117         (JSC::RegisterSetHash::hash):
118         (JSC::RegisterSetHash::equal):
119         * runtime/Options.h:
120
121 2013-10-22  Filip Pizlo  <fpizlo@apple.com>
122
123         jitCompileAndSetHeuristics should DeferGCForAWhile
124         https://bugs.webkit.org/show_bug.cgi?id=123196
125
126         Reviewed by Mark Hahnenberg.
127         
128         This fixes random crashes in V8v7/raytrace. I only see those crashes on exactly one of
129         my machines. I don't think this is testable; we just need to steadily converge towards
130         getting our uses of DeferGC to be right and then be careful not to regress. We're not
131         there yet, obviously.
132         
133         * llint/LLIntSlowPaths.cpp:
134         (JSC::LLInt::jitCompileAndSetHeuristics):
135
136 2013-10-23  Daniel Bates  <dabates@apple.com>
137
138         [iOS] Upstream more JavaScriptCore build configuration changes
139         https://bugs.webkit.org/show_bug.cgi?id=123169
140
141         Reviewed by David Kilzer.
142
143         * Configurations/Base.xcconfig:
144         * Configurations/Version.xcconfig:
145         * Configurations/iOS.xcconfig: Added.
146         * JavaScriptCore.xcodeproj/project.pbxproj:
147
148 2013-10-23  Daniel Bates  <dabates@apple.com>
149
150         [iOS] Export DefaultGCActivityCallback member functions
151         https://bugs.webkit.org/show_bug.cgi?id=123175
152
153         Reviewed by David Kilzer.
154
155         * runtime/GCActivityCallback.h:
156
157 2013-10-23  Daniel Bates  <dabates@apple.com>
158
159         [iOS] Upstream more ARMv7s bits
160         https://bugs.webkit.org/show_bug.cgi?id=123052
161
162         Reviewed by Joseph Pecoraro.
163
164         * Configurations/JavaScriptCore.xcconfig:
165
166 2013-10-22  Andreas Kling  <akling@apple.com>
167
168         Minor VM* -> VM& cleanups in HashTable and Keywords.
169         <https://webkit.org/b/123183>
170
171         Turn some VM* variables that will never be null into VM&.
172
173         Reviewed by Geoffrey Garen.
174
175 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
176
177         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
178         https://bugs.webkit.org/show_bug.cgi?id=123179
179
180         Reviewed by Mark Hahnenberg.
181
182         * parser/NodeConstructors.h:
183         (JSC::LogicalOpNode::LogicalOpNode):
184         * parser/ResultType.h:
185         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
186         This is JavaScript (aka Sparta).
187
188 2013-10-22  Commit Queue  <commit-queue@webkit.org>
189
190         Unreviewed, rolling out r157819.
191         http://trac.webkit.org/changeset/157819
192         https://bugs.webkit.org/show_bug.cgi?id=123180
193
194         Broke 32-bit builds (Requested by smfr on #webkit).
195
196         * Configurations/JavaScriptCore.xcconfig:
197         * Configurations/ToolExecutable.xcconfig:
198
199 2013-10-22  Daniel Bates  <dabates@apple.com>
200
201         [iOS] Upstream more ARMv7s bits
202         https://bugs.webkit.org/show_bug.cgi?id=123052
203
204         Reviewed by Joseph Pecoraro.
205
206         * Configurations/JavaScriptCore.xcconfig:
207         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
208         modifying a file in JavaScriptCore/Configurations.
209
210 2013-10-22  Daniel Bates  <dabates@apple.com>
211
212         [iOS] Upstream JSLock changes
213         https://bugs.webkit.org/show_bug.cgi?id=123107
214
215         Reviewed by Geoffrey Garen.
216
217         * runtime/JSLock.cpp:
218         (JSC::JSLock::unlock):
219         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
220         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
221         use pre-increment instead of post-increment when we're not using the return value of the instruction.
222         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
223         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
224         since we don't use the return value of such instructions.
225         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
226         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
227         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
228         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
229         the argument is sufficiently descriptive of its purpose.
230
231 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
232
233         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
234         https://bugs.webkit.org/show_bug.cgi?id=123166
235
236         Reviewed by Michael Saboff.
237
238         * jit/CCallHelpers.h:
239         (JSC::CCallHelpers::setupArgumentsWithExecState):
240
241 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
242
243         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
244         https://bugs.webkit.org/show_bug.cgi?id=123165
245
246         Reviewed by Michael Saboff.
247
248         * jit/JITInlines.h:
249         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
250         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
251         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
252         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
253
254 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
255
256         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
257         https://bugs.webkit.org/show_bug.cgi?id=123092
258
259         Reviewed by Michael Saboff.
260
261         Impacted architectures are SH4 and ARM_TRADITIONAL.
262
263         * assembler/ARMAssembler.h:
264         (JSC::ARMAssembler::buffer):
265         * assembler/AssemblerBufferWithConstantPool.h:
266         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
267         * assembler/LinkBuffer.cpp:
268         (JSC::LinkBuffer::linkCode):
269         * assembler/SH4Assembler.h:
270         (JSC::SH4Assembler::buffer):
271
272 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
273
274         Remove unused stuff in JIT stubs.
275         https://bugs.webkit.org/show_bug.cgi?id=123155
276
277         Reviewed by Michael Saboff.
278
279         * jit/JITStubs.h:
280         * jit/JITStubsARM.h:
281         (JSC::ctiTrampoline):
282         * jit/JITStubsARM64.h:
283         * jit/JITStubsARMv7.h:
284         * jit/JITStubsMIPS.h:
285         * jit/JITStubsSH4.h:
286         * jit/JITStubsX86.h:
287         * jit/JITStubsX86_64.h:
288
289 2013-10-22  Daniel Bates  <dabates@apple.com>
290
291         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
292         https://bugs.webkit.org/show_bug.cgi?id=123115
293         <rdar://problem/13696872>
294
295         Reviewed by Andy Estes.
296
297         Based on a patch by Mark Hahnenberg.
298
299         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
300
301         * API/JSBase.cpp:
302
303 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
304
305         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
306         https://bugs.webkit.org/show_bug.cgi?id=123157
307
308         Reviewed by Andreas Kling.
309
310         * assembler/SH4Assembler.h:
311         (JSC::SH4Assembler::lastRegister):
312         (JSC::SH4Assembler::firstFPRegister):
313         (JSC::SH4Assembler::lastFPRegister):
314
315 2013-10-22  Brian Holt  <brian.holt@samsung.com>
316
317         Build break on ARMv7 after r157209
318         https://bugs.webkit.org/show_bug.cgi?id=122890
319
320         Reviewed by Csaba Osztrogon√°c.
321
322         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
323
324         * assembler/ARMAssembler.h:
325         * assembler/MacroAssemblerARM.h:
326         (JSC::MacroAssemblerARM::firstRegister):
327         (JSC::MacroAssemblerARM::lastRegister):
328         (JSC::MacroAssemblerARM::firstFPRegister):
329         (JSC::MacroAssemblerARM::lastFPRegister):
330
331 2013-10-21  Daniel Bates  <dabates@apple.com>
332
333         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
334         https://bugs.webkit.org/show_bug.cgi?id=123045
335
336         Reviewed by Joseph Pecoraro.
337
338         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
339         to global method table.
340         * runtime/JSGlobalObject.cpp: Ditto.
341         * runtime/JSGlobalObject.h:
342         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
343
344 2013-10-21  Daniel Bates  <dabates@apple.com>
345
346         [iOS] Upstream JSC Objective-C API compiler warning fixes
347         https://bugs.webkit.org/show_bug.cgi?id=123125
348
349         Reviewed by Mark Hahnenberg.
350
351         Based on a patch by Mark Hahnenberg.
352
353         * API/JSValue.mm:
354         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
355         (-[JSValue toSize]): Ditto.
356         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
357
358 2013-10-21  Daniel Bates  <dabates@apple.com>
359
360         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
361         available since iOS 7.0
362         https://bugs.webkit.org/show_bug.cgi?id=123122
363
364         Reviewed by Dan Bernstein.
365
366         * API/JSContext.h:
367         * API/JSManagedValue.h:
368         * API/JSValue.h:
369         * API/JSVirtualMachine.h:
370
371 2013-10-20  Mark Lam  <mark.lam@apple.com>
372
373         Avoid JSC debugger overhead unless needed.
374         https://bugs.webkit.org/show_bug.cgi?id=123084.
375
376         Reviewed by Geoffrey Garen.
377
378         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
379         - If no break on exception is set, we also avoid exception event debug callbacks.
380         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
381           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
382           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
383           returning, the ScriptDebugServer will clear its m_currentCallFrame if
384           needsOpDebugCallbacks() is false.
385
386         * debugger/Debugger.cpp:
387         (JSC::Debugger::Debugger):
388         (JSC::Debugger::setNeedsExceptionCallbacks):
389         (JSC::Debugger::setShouldPause):
390         (JSC::Debugger::updateNumberOfBreakpoints):
391         (JSC::Debugger::updateNeedForOpDebugCallbacks):
392         * debugger/Debugger.h:
393         * interpreter/Interpreter.cpp:
394         (JSC::Interpreter::unwind):
395         (JSC::Interpreter::debug):
396         * jit/JITOpcodes.cpp:
397         (JSC::JIT::emit_op_debug):
398         * jit/JITOpcodes32_64.cpp:
399         (JSC::JIT::emit_op_debug):
400         * llint/LLIntOffsetsExtractor.cpp:
401         * llint/LowLevelInterpreter.asm:
402
403 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
404
405         [WIN] Unreviewed build correction.
406
407         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
408           sources, not header files.
409         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
410
411 2013-10-21  Oliver Hunt  <oliver@apple.com>
412
413         Support computed property names in object literals
414         https://bugs.webkit.org/show_bug.cgi?id=123112
415
416         Reviewed by Michael Saboff.
417
418         Add support for computed property names to the parser.
419
420         * bytecompiler/NodesCodegen.cpp:
421         (JSC::PropertyListNode::emitBytecode):
422         * parser/ASTBuilder.h:
423         (JSC::ASTBuilder::createProperty):
424         (JSC::ASTBuilder::getName):
425         * parser/NodeConstructors.h:
426         (JSC::PropertyNode::PropertyNode):
427         * parser/Nodes.h:
428         (JSC::PropertyNode::expressionName):
429         (JSC::PropertyNode::name):
430         * parser/Parser.cpp:
431         (JSC::::parseProperty):
432         (JSC::::parseStrictObjectLiteral):
433         * parser/SyntaxChecker.h:
434         (JSC::SyntaxChecker::Property::Property):
435         (JSC::SyntaxChecker::createProperty):
436         (JSC::SyntaxChecker::operatorStackPop):
437
438 2013-10-21  Michael Saboff  <msaboff@apple.com>
439
440         Add option so that JSC will crash if it can't allocate executable memory for the JITs
441         https://bugs.webkit.org/show_bug.cgi?id=123048
442         <rdar://problem/12856193>
443
444         Reviewed by Geoffrey Garen.
445
446         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
447         when checking the validity of the executable allocator. The default value for this option is
448         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
449         the app can obtain executable memory.
450
451         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
452         (main):
453         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
454         * runtime/VM.cpp:
455         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
456         is enabled.
457
458 2013-10-21  Nadav Rotem  <nrotem@apple.com>
459
460         Remove AllInOneFile.cpp
461         https://bugs.webkit.org/show_bug.cgi?id=123055
462
463         Reviewed by Csaba Osztrogon√°c.
464
465         * AllInOneFile.cpp: Removed.
466
467 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
468
469         Unreviewed, cleanup a FIXME comment.
470
471         * jit/Repatch.cpp:
472
473 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
474
475         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
476         https://bugs.webkit.org/show_bug.cgi?id=123076
477
478         Reviewed by Sam Weinig.
479         
480         Start preparing for a world in which we are patching code generated by LLVM, which may have
481         very different register usage conventions than our JITs. This requires us being more explicit
482         about the registers we are using. For example, the repatching code shouldn't take for granted
483         that tagMaskRegister holds the TagMask or that the register is even in use.
484
485         * CMakeLists.txt:
486         * GNUmakefile.list.am:
487         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
488         * JavaScriptCore.xcodeproj/project.pbxproj:
489         * assembler/MacroAssembler.h:
490         (JSC::MacroAssembler::numberOfRegisters):
491         (JSC::MacroAssembler::registerIndex):
492         (JSC::MacroAssembler::numberOfFPRegisters):
493         (JSC::MacroAssembler::fpRegisterIndex):
494         (JSC::MacroAssembler::totalNumberOfRegisters):
495         * bytecode/StructureStubInfo.h:
496         * dfg/DFGSpeculativeJIT.cpp:
497         (JSC::DFG::SpeculativeJIT::usedRegisters):
498         * dfg/DFGSpeculativeJIT.h:
499         * ftl/FTLSaveRestore.cpp:
500         (JSC::FTL::bytesForGPRs):
501         (JSC::FTL::bytesForFPRs):
502         (JSC::FTL::offsetOfGPR):
503         (JSC::FTL::offsetOfFPR):
504         * jit/JITInlineCacheGenerator.cpp:
505         (JSC::JITByIdGenerator::JITByIdGenerator):
506         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
507         * jit/JITInlineCacheGenerator.h:
508         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
509         * jit/JITPropertyAccess.cpp:
510         (JSC::JIT::emit_op_get_by_id):
511         (JSC::JIT::emit_op_put_by_id):
512         * jit/JITPropertyAccess32_64.cpp:
513         (JSC::JIT::emit_op_get_by_id):
514         (JSC::JIT::emit_op_put_by_id):
515         * jit/RegisterSet.cpp: Added.
516         (JSC::RegisterSet::specialRegisters):
517         * jit/RegisterSet.h: Added.
518         (JSC::RegisterSet::RegisterSet):
519         (JSC::RegisterSet::set):
520         (JSC::RegisterSet::clear):
521         (JSC::RegisterSet::get):
522         (JSC::RegisterSet::merge):
523         * jit/Repatch.cpp:
524         (JSC::generateProtoChainAccessStub):
525         (JSC::tryCacheGetByID):
526         (JSC::tryBuildGetByIDList):
527         (JSC::emitPutReplaceStub):
528         (JSC::tryRepatchIn):
529         (JSC::linkClosureCall):
530         * jit/TempRegisterSet.cpp: Added.
531         (JSC::TempRegisterSet::TempRegisterSet):
532         * jit/TempRegisterSet.h:
533
534 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
535
536         [sh4] Fix build (broken since r157690).
537         https://bugs.webkit.org/show_bug.cgi?id=123081
538
539         Reviewed by Andreas Kling.
540
541         * assembler/AssemblerBufferWithConstantPool.h:
542         * assembler/SH4Assembler.h:
543         (JSC::SH4Assembler::buffer):
544         (JSC::SH4Assembler::readCallTarget):
545
546 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
547
548         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
549         https://bugs.webkit.org/show_bug.cgi?id=123079
550
551         Reviewed by Geoffrey Garen.
552
553         * jit/TempRegisterSet.h:
554
555 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
556
557         Rename RegisterSet to TempRegisterSet
558         https://bugs.webkit.org/show_bug.cgi?id=123077
559
560         Reviewed by Dan Bernstein.
561
562         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
563         * JavaScriptCore.xcodeproj/project.pbxproj:
564         * bytecode/StructureStubInfo.h:
565         * dfg/DFGJITCompiler.h:
566         * dfg/DFGSpeculativeJIT.h:
567         (JSC::DFG::SpeculativeJIT::usedRegisters):
568         * jit/JITInlineCacheGenerator.cpp:
569         (JSC::JITByIdGenerator::JITByIdGenerator):
570         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
571         * jit/JITInlineCacheGenerator.h:
572         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
573         * jit/JITPropertyAccess.cpp:
574         (JSC::JIT::emit_op_get_by_id):
575         (JSC::JIT::emit_op_put_by_id):
576         * jit/JITPropertyAccess32_64.cpp:
577         (JSC::JIT::emit_op_get_by_id):
578         (JSC::JIT::emit_op_put_by_id):
579         * jit/RegisterSet.h: Removed.
580         * jit/ScratchRegisterAllocator.h:
581         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
582         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
583         (JSC::TempRegisterSet::TempRegisterSet):
584         (JSC::TempRegisterSet::asPOD):
585         (JSC::TempRegisterSet::copyInfo):
586
587 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
588
589         Restructure LinkBuffer to allow for alternate allocation strategies
590         https://bugs.webkit.org/show_bug.cgi?id=123071
591
592         Reviewed by Oliver Hunt.
593         
594         The idea is to eventually allow a LinkBuffer to place the code into an already
595         allocated region of memory.  That region of memory could be the nop-slide left behind
596         by a llvm.webkit.patchpoint.
597
598         * assembler/ARM64Assembler.h:
599         (JSC::ARM64Assembler::buffer):
600         * assembler/AssemblerBuffer.h:
601         * assembler/LinkBuffer.cpp:
602         (JSC::LinkBuffer::copyCompactAndLinkCode):
603         (JSC::LinkBuffer::linkCode):
604         (JSC::LinkBuffer::allocate):
605         (JSC::LinkBuffer::shrink):
606         * assembler/LinkBuffer.h:
607         (JSC::LinkBuffer::LinkBuffer):
608         (JSC::LinkBuffer::didFailToAllocate):
609         * assembler/X86Assembler.h:
610         (JSC::X86Assembler::buffer):
611         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
612
613 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
614
615         Some includes in JSC seem to use an incorrect style
616         https://bugs.webkit.org/show_bug.cgi?id=123057
617
618         Reviewed by Geoffrey Garen.
619
620         Changed pseudo-system includes to user ones.
621
622         * API/JSContextRef.cpp:
623         * API/JSStringRefCF.cpp:
624         * API/JSValueRef.cpp:
625         * API/OpaqueJSString.cpp:
626         * jit/JIT.h:
627         * parser/SyntaxChecker.h:
628         * runtime/WeakGCMap.h:
629
630 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
631
632         Baseline JIT and DFG IC code generation should be unified and rationalized
633         https://bugs.webkit.org/show_bug.cgi?id=122939
634
635         Reviewed by Geoffrey Garen.
636         
637         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
638         some register info and creates JIT inline caches for you. Used this to even furhter
639         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
640         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
641         that it needs to do the equivalent of get_by_id, so with this generator it will be able
642         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
643
644         * CMakeLists.txt:
645         * GNUmakefile.list.am:
646         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
647         * JavaScriptCore.xcodeproj/project.pbxproj:
648         * assembler/AbstractMacroAssembler.h:
649         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
650         * bytecode/CodeBlock.h:
651         (JSC::CodeBlock::ecmaMode):
652         * dfg/DFGInlineCacheWrapper.h: Added.
653         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
654         * dfg/DFGInlineCacheWrapperInlines.h: Added.
655         (JSC::DFG::::finalize):
656         * dfg/DFGJITCompiler.cpp:
657         (JSC::DFG::JITCompiler::link):
658         * dfg/DFGJITCompiler.h:
659         (JSC::DFG::JITCompiler::addGetById):
660         (JSC::DFG::JITCompiler::addPutById):
661         * dfg/DFGSpeculativeJIT32_64.cpp:
662         (JSC::DFG::SpeculativeJIT::cachedGetById):
663         (JSC::DFG::SpeculativeJIT::cachedPutById):
664         * dfg/DFGSpeculativeJIT64.cpp:
665         (JSC::DFG::SpeculativeJIT::cachedGetById):
666         (JSC::DFG::SpeculativeJIT::cachedPutById):
667         (JSC::DFG::SpeculativeJIT::compile):
668         * jit/AssemblyHelpers.h:
669         (JSC::AssemblyHelpers::isStrictModeFor):
670         (JSC::AssemblyHelpers::strictModeFor):
671         * jit/GPRInfo.h:
672         (JSC::JSValueRegs::tagGPR):
673         * jit/JIT.cpp:
674         (JSC::JIT::JIT):
675         (JSC::JIT::privateCompileSlowCases):
676         (JSC::JIT::privateCompile):
677         * jit/JIT.h:
678         * jit/JITInlineCacheGenerator.cpp: Added.
679         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
680         (JSC::JITByIdGenerator::JITByIdGenerator):
681         (JSC::JITByIdGenerator::finalize):
682         (JSC::JITByIdGenerator::generateFastPathChecks):
683         (JSC::JITGetByIdGenerator::generateFastPath):
684         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
685         (JSC::JITPutByIdGenerator::generateFastPath):
686         (JSC::JITPutByIdGenerator::slowPathFunction):
687         * jit/JITInlineCacheGenerator.h: Added.
688         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
689         (JSC::JITInlineCacheGenerator::stubInfo):
690         (JSC::JITByIdGenerator::JITByIdGenerator):
691         (JSC::JITByIdGenerator::reportSlowPathCall):
692         (JSC::JITByIdGenerator::slowPathJump):
693         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
694         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
695         * jit/JITPropertyAccess.cpp:
696         (JSC::JIT::emit_op_get_by_id):
697         (JSC::JIT::emitSlow_op_get_by_id):
698         (JSC::JIT::emit_op_put_by_id):
699         (JSC::JIT::emitSlow_op_put_by_id):
700         * jit/JITPropertyAccess32_64.cpp:
701         (JSC::JIT::emit_op_get_by_id):
702         (JSC::JIT::emitSlow_op_get_by_id):
703         (JSC::JIT::emit_op_put_by_id):
704         (JSC::JIT::emitSlow_op_put_by_id):
705         * jit/RegisterSet.h:
706         (JSC::RegisterSet::set):
707
708 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
709
710         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
711         https://bugs.webkit.org/show_bug.cgi?id=123067
712
713         Reviewed by Geoffrey Garen.
714
715         * API/APICast.h: Include it.
716
717 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
718
719         FTL::Location should treat the offset as an addend in the case of a Register location
720         https://bugs.webkit.org/show_bug.cgi?id=123062
721
722         Reviewed by Sam Weinig.
723
724         * ftl/FTLLocation.cpp:
725         (JSC::FTL::Location::forStackmaps):
726         (JSC::FTL::Location::dump):
727         (JSC::FTL::Location::restoreInto):
728         * ftl/FTLLocation.h:
729         (JSC::FTL::Location::forRegister):
730         (JSC::FTL::Location::hasAddend):
731         (JSC::FTL::Location::addend):
732
733 2013-10-19  Nadav Rotem  <nrotem@apple.com>
734
735         DFG dominators: document and rename stuff.
736         https://bugs.webkit.org/show_bug.cgi?id=123056
737
738         Reviewed by Filip Pizlo.
739
740         Documented the code and renamed some variables.
741
742         * dfg/DFGDominators.cpp:
743         (JSC::DFG::Dominators::compute):
744         (JSC::DFG::Dominators::pruneDominators):
745         * dfg/DFGDominators.h:
746
747 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
748
749         Fix build failure for architectures with 4 argument registers.
750         https://bugs.webkit.org/show_bug.cgi?id=123060
751
752         Reviewed by Michael Saboff.
753
754         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
755         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
756
757         * dfg/DFGSpeculativeJIT.h:
758         (JSC::DFG::SpeculativeJIT::callOperation):
759         * jit/CCallHelpers.h:
760         (JSC::CCallHelpers::setupArgumentsWithExecState):
761         * jit/JITInlines.h:
762         (JSC::JIT::callOperation):
763
764 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
765
766         Unreviewed, fix FTL build.
767
768         * ftl/FTLIntrinsicRepository.h:
769         * ftl/FTLLowerDFGToLLVM.cpp:
770         (JSC::FTL::LowerDFGToLLVM::compileGetById):
771
772 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
773
774         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
775         https://bugs.webkit.org/show_bug.cgi?id=122940
776
777         Reviewed by Oliver Hunt.
778         
779         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
780         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
781         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
782         StructureStubInfo's. It removes some of the need for the compile-time property access
783         records; for example the DFG no longer has to save information about registers in a
784         property access record only to later save it to the stub info.
785         
786         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
787         at any stage of compilation.
788
789         * bytecode/CodeBlock.cpp:
790         (JSC::CodeBlock::printGetByIdCacheStatus):
791         (JSC::CodeBlock::dumpBytecode):
792         (JSC::CodeBlock::~CodeBlock):
793         (JSC::CodeBlock::propagateTransitions):
794         (JSC::CodeBlock::finalizeUnconditionally):
795         (JSC::CodeBlock::addStubInfo):
796         (JSC::CodeBlock::getStubInfoMap):
797         (JSC::CodeBlock::shrinkToFit):
798         * bytecode/CodeBlock.h:
799         (JSC::CodeBlock::begin):
800         (JSC::CodeBlock::end):
801         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
802         * bytecode/CodeOrigin.h:
803         (JSC::CodeOrigin::CodeOrigin):
804         (JSC::CodeOrigin::isHashTableDeletedValue):
805         (JSC::CodeOrigin::hash):
806         (JSC::CodeOriginHash::hash):
807         (JSC::CodeOriginHash::equal):
808         * bytecode/GetByIdStatus.cpp:
809         (JSC::GetByIdStatus::computeFor):
810         * bytecode/GetByIdStatus.h:
811         * bytecode/PutByIdStatus.cpp:
812         (JSC::PutByIdStatus::computeFor):
813         * bytecode/PutByIdStatus.h:
814         * bytecode/StructureStubInfo.h:
815         (JSC::getStructureStubInfoCodeOrigin):
816         * dfg/DFGByteCodeParser.cpp:
817         (JSC::DFG::ByteCodeParser::parseBlock):
818         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
819         * dfg/DFGJITCompiler.cpp:
820         (JSC::DFG::JITCompiler::link):
821         * dfg/DFGJITCompiler.h:
822         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
823         (JSC::DFG::InRecord::InRecord):
824         * dfg/DFGSpeculativeJIT.cpp:
825         (JSC::DFG::SpeculativeJIT::compileIn):
826         * dfg/DFGSpeculativeJIT.h:
827         (JSC::DFG::SpeculativeJIT::callOperation):
828         * dfg/DFGSpeculativeJIT32_64.cpp:
829         (JSC::DFG::SpeculativeJIT::cachedGetById):
830         (JSC::DFG::SpeculativeJIT::cachedPutById):
831         * dfg/DFGSpeculativeJIT64.cpp:
832         (JSC::DFG::SpeculativeJIT::cachedGetById):
833         (JSC::DFG::SpeculativeJIT::cachedPutById):
834         * jit/CCallHelpers.h:
835         (JSC::CCallHelpers::setupArgumentsWithExecState):
836         * jit/JIT.cpp:
837         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
838         (JSC::JIT::privateCompile):
839         * jit/JIT.h:
840         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
841         * jit/JITInlines.h:
842         (JSC::JIT::callOperation):
843         * jit/JITOperations.cpp:
844         * jit/JITOperations.h:
845         * jit/JITPropertyAccess.cpp:
846         (JSC::JIT::emitSlow_op_get_by_id):
847         (JSC::JIT::emitSlow_op_put_by_id):
848         * jit/JITPropertyAccess32_64.cpp:
849         (JSC::JIT::emitSlow_op_get_by_id):
850         (JSC::JIT::emitSlow_op_put_by_id):
851         * jit/Repatch.cpp:
852         (JSC::appropriateGenericPutByIdFunction):
853         (JSC::appropriateListBuildingPutByIdFunction):
854         (JSC::resetPutByID):
855
856 2013-10-18  Oliver Hunt  <oliver@apple.com>
857
858         Spread operator should be performing direct "puts" and not triggering setters
859         https://bugs.webkit.org/show_bug.cgi?id=123047
860
861         Reviewed by Geoffrey Garen.
862
863         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
864         to array construct.  This required a new PutByValDirect node to be introduced to
865         the DFG.  The current implementation simply changes the slow path function that
866         is called, but in future this could be made faster as it does not need to check
867         the prototype chain.
868
869         * bytecode/CodeBlock.cpp:
870         (JSC::CodeBlock::dumpBytecode):
871         (JSC::CodeBlock::CodeBlock):
872         * bytecode/Opcode.h:
873         (JSC::padOpcodeName):
874         * bytecompiler/BytecodeGenerator.cpp:
875         (JSC::BytecodeGenerator::emitDirectPutByVal):
876         * bytecompiler/BytecodeGenerator.h:
877         * bytecompiler/NodesCodegen.cpp:
878         (JSC::ArrayNode::emitBytecode):
879         * dfg/DFGAbstractInterpreterInlines.h:
880         (JSC::DFG::::executeEffects):
881         * dfg/DFGBackwardsPropagationPhase.cpp:
882         (JSC::DFG::BackwardsPropagationPhase::propagate):
883         * dfg/DFGByteCodeParser.cpp:
884         (JSC::DFG::ByteCodeParser::parseBlock):
885         * dfg/DFGCSEPhase.cpp:
886         (JSC::DFG::CSEPhase::getArrayLengthElimination):
887         (JSC::DFG::CSEPhase::getByValLoadElimination):
888         (JSC::DFG::CSEPhase::checkStructureElimination):
889         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
890         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
891         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
892         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
893         (JSC::DFG::CSEPhase::performNodeCSE):
894         * dfg/DFGCapabilities.cpp:
895         (JSC::DFG::capabilityLevel):
896         * dfg/DFGClobberize.h:
897         (JSC::DFG::clobberize):
898         * dfg/DFGFixupPhase.cpp:
899         (JSC::DFG::FixupPhase::fixupNode):
900         * dfg/DFGGraph.h:
901         (JSC::DFG::Graph::clobbersWorld):
902         * dfg/DFGNode.h:
903         (JSC::DFG::Node::hasArrayMode):
904         * dfg/DFGNodeType.h:
905         * dfg/DFGOperations.cpp:
906         (JSC::DFG::putByVal):
907         (JSC::DFG::operationPutByValInternal):
908         * dfg/DFGOperations.h:
909         * dfg/DFGPredictionPropagationPhase.cpp:
910         (JSC::DFG::PredictionPropagationPhase::propagate):
911         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
912         * dfg/DFGSafeToExecute.h:
913         (JSC::DFG::safeToExecute):
914         * dfg/DFGSpeculativeJIT32_64.cpp:
915         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
916         (JSC::DFG::SpeculativeJIT::compile):
917         * dfg/DFGSpeculativeJIT64.cpp:
918         (JSC::DFG::SpeculativeJIT::compile):
919         * dfg/DFGTypeCheckHoistingPhase.cpp:
920         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
921         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
922         * jit/JIT.cpp:
923         (JSC::JIT::privateCompileMainPass):
924         (JSC::JIT::privateCompileSlowCases):
925         * jit/JIT.h:
926         (JSC::JIT::compileDirectPutByVal):
927         * jit/JITOperations.cpp:
928         * jit/JITOperations.h:
929         * jit/JITPropertyAccess.cpp:
930         (JSC::JIT::emitSlow_op_put_by_val):
931         (JSC::JIT::privateCompilePutByVal):
932         * jit/JITPropertyAccess32_64.cpp:
933         (JSC::JIT::emitSlow_op_put_by_val):
934         * llint/LLIntSlowPaths.cpp:
935         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
936         * llint/LLIntSlowPaths.h:
937         * llint/LowLevelInterpreter32_64.asm:
938         * llint/LowLevelInterpreter64.asm:
939
940 2013-10-18  Daniel Bates  <dabates@apple.com>
941
942         [iOS] Export symbol for VM::sharedInstanceExists()
943         https://bugs.webkit.org/show_bug.cgi?id=123046
944
945         Reviewed by Mark Hahnenberg.
946
947         * runtime/VM.h:
948
949 2013-10-18  Daniel Bates  <dabates@apple.com>
950
951         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
952         https://bugs.webkit.org/show_bug.cgi?id=123049
953
954         Reviewed by Mark Hahnenberg.
955
956         * heap/Heap.cpp:
957         (JSC::Heap::setIncrementalSweeper):
958         * heap/Heap.h:
959         * heap/HeapTimer.h:
960         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
961         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
962         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
963         (duplicates the include in the .cpp).
964         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
965         making use of this now, but we'll make use of it in a subsequent patch.
966
967 2013-10-18  Anders Carlsson  <andersca@apple.com>
968
969         Remove spaces between template angle brackets
970         https://bugs.webkit.org/show_bug.cgi?id=123040
971
972         Reviewed by Andreas Kling.
973
974         * API/JSCallbackObject.cpp:
975         (JSC::::create):
976         * API/JSObjectRef.cpp:
977         * bytecode/CodeBlock.h:
978         (JSC::CodeBlock::constants):
979         (JSC::CodeBlock::setConstantRegisters):
980         * bytecode/DFGExitProfile.h:
981         * bytecode/EvalCodeCache.h:
982         * bytecode/Operands.h:
983         * bytecode/UnlinkedCodeBlock.h:
984         (JSC::UnlinkedCodeBlock::constantRegisters):
985         * bytecode/Watchpoint.h:
986         * bytecompiler/BytecodeGenerator.h:
987         * bytecompiler/StaticPropertyAnalysis.h:
988         * bytecompiler/StaticPropertyAnalyzer.h:
989         * dfg/DFGArgumentsSimplificationPhase.cpp:
990         * dfg/DFGBlockInsertionSet.h:
991         * dfg/DFGCSEPhase.cpp:
992         (JSC::DFG::performCSE):
993         (JSC::DFG::performStoreElimination):
994         * dfg/DFGCommonData.h:
995         * dfg/DFGDesiredStructureChains.h:
996         * dfg/DFGDesiredWatchpoints.h:
997         * dfg/DFGJITCompiler.h:
998         * dfg/DFGOSRExitCompiler32_64.cpp:
999         (JSC::DFG::OSRExitCompiler::compileExit):
1000         * dfg/DFGOSRExitCompiler64.cpp:
1001         (JSC::DFG::OSRExitCompiler::compileExit):
1002         * dfg/DFGWorklist.h:
1003         * heap/BlockAllocator.h:
1004         (JSC::CopiedBlock):
1005         (JSC::MarkedBlock):
1006         (JSC::WeakBlock):
1007         (JSC::MarkStackSegment):
1008         (JSC::CopyWorkListSegment):
1009         (JSC::HandleBlock):
1010         * heap/Heap.h:
1011         * heap/Local.h:
1012         * heap/MarkedBlock.h:
1013         * heap/Strong.h:
1014         * jit/AssemblyHelpers.cpp:
1015         (JSC::AssemblyHelpers::decodedCodeMapFor):
1016         * jit/AssemblyHelpers.h:
1017         * jit/SpecializedThunkJIT.h:
1018         * parser/Nodes.h:
1019         * parser/Parser.cpp:
1020         (JSC::::parseIfStatement):
1021         * parser/Parser.h:
1022         (JSC::Scope::copyCapturedVariablesToVector):
1023         (JSC::parse):
1024         * parser/ParserArena.h:
1025         * parser/SourceProviderCacheItem.h:
1026         * profiler/LegacyProfiler.cpp:
1027         (JSC::dispatchFunctionToProfiles):
1028         * profiler/LegacyProfiler.h:
1029         (JSC::LegacyProfiler::currentProfiles):
1030         * profiler/ProfileNode.h:
1031         (JSC::ProfileNode::children):
1032         * profiler/ProfilerDatabase.h:
1033         * runtime/Butterfly.h:
1034         (JSC::Butterfly::contiguousInt32):
1035         (JSC::Butterfly::contiguous):
1036         * runtime/GenericTypedArrayViewInlines.h:
1037         (JSC::::create):
1038         * runtime/Identifier.h:
1039         (JSC::Identifier::add):
1040         * runtime/JSPromise.h:
1041         * runtime/PropertyMapHashTable.h:
1042         * runtime/PropertyNameArray.h:
1043         * runtime/RegExpCache.h:
1044         * runtime/SparseArrayValueMap.h:
1045         * runtime/SymbolTable.h:
1046         * runtime/VM.h:
1047         * tools/CodeProfile.cpp:
1048         (JSC::truncateTrace):
1049         * tools/CodeProfile.h:
1050         * yarr/YarrInterpreter.cpp:
1051         * yarr/YarrInterpreter.h:
1052         (JSC::Yarr::BytecodePattern::BytecodePattern):
1053         * yarr/YarrJIT.cpp:
1054         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
1055         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
1056         (JSC::Yarr::YarrGenerator::opCompileBody):
1057         * yarr/YarrPattern.cpp:
1058         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
1059         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1060         * yarr/YarrPattern.h:
1061
1062 2013-10-18  Mark Lam  <mark.lam@apple.com>
1063
1064         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
1065         https://bugs.webkit.org/show_bug.cgi?id=123037.
1066
1067         Reviewed by Geoffrey Garen.
1068
1069         * jit/JITStubsMSVC64.asm:
1070         * jit/JITStubsX86.h:
1071         * jit/JITStubsX86_64.h:
1072
1073 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
1074
1075         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
1076         https://bugs.webkit.org/show_bug.cgi?id=121661
1077
1078         Reviewed by Mark Hahnenberg.
1079         
1080         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
1081         so I added a return-early check using isCompilationThread().
1082         
1083         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
1084         it is describing: m_offset and the property table. Most structures only have m_offset and report
1085         null for the property table. If the property table is there, it will tell you additional
1086         information and that information subsumes m_offset - but the m_offset is still there. So, when
1087         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
1088         machinery to do this.
1089         
1090         Changing the property table only happens on the main thread.
1091         
1092         Because the machinery to change the property table is so complex, especially with respect to
1093         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
1094         called at key points before and after changes to the property table or the offset.
1095
1096         Most clients of Structure who care about object layout, including the concurrent thread, will
1097         want to know m_offset and not the property table. If they want the property table, they will
1098         already be super careful. The concurrent thread has special methods for this, like
1099         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
1100         view of the property table.
1101         
1102         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
1103         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
1104         
1105         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
1106         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
1107         because we have found that it helps quickly identify situations where the property table and
1108         m_offset get out of sync - mainly because code that changes either of those things will usually
1109         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
1110         need the property table; it uses the m_offset. The concurrent JIT is correct to call
1111         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
1112         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
1113         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
1114         locks, and that same structure is having its property table modified by the main thread, we end
1115         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
1116         property table modified - instead what happens is that some downstream structure steals the
1117         property table and then starts adding things to it. The concurrent thread loads the property
1118         table before it's stolen, and hence the badness.
1119         
1120         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
1121         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
1122         and then you have a possible crash.
1123         
1124         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
1125         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
1126         it's in the concurrent JIT.
1127         
1128         * runtime/StructureInlines.h:
1129         (JSC::Structure::checkOffsetConsistency):
1130
1131 2013-10-18  Daniel Bates  <dabates@apple.com>
1132
1133         Add SPI to disable the garbage collector timer
1134         https://bugs.webkit.org/show_bug.cgi?id=122921
1135
1136         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
1137         omitted.
1138
1139         * heap/Heap.cpp:
1140         (JSC::Heap::setGarbageCollectionTimerEnabled):
1141
1142 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1143
1144         Group 64-bit specific and 32-bit specific callOperation implementations.
1145         https://bugs.webkit.org/show_bug.cgi?id=123024
1146
1147         Reviewed by Michael Saboff.
1148
1149         This is not a big deal, but could be less confusing when reading the code.
1150
1151         * jit/JITInlines.h:
1152         (JSC::JIT::callOperation):
1153         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
1154         (JSC::JIT::callOperationNoExceptionCheck):
1155
1156 2013-10-18  Nadav Rotem  <nrotem@apple.com>
1157
1158         Fix a FlushLiveness problem.
1159         https://bugs.webkit.org/show_bug.cgi?id=122984
1160
1161         Reviewed by Filip Pizlo.
1162
1163         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1164         (JSC::DFG::FlushLivenessAnalysisPhase::process):
1165
1166 2013-10-18  Michael Saboff  <msaboff@apple.com>
1167
1168         Change native function call stubs to use JIT operations instead of ctiVMHandleException
1169         https://bugs.webkit.org/show_bug.cgi?id=122982
1170
1171         Reviewed by Geoffrey Garen.
1172
1173         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1174         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1175         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1176         in the process.
1177
1178         * dfg/DFGJITCompiler.cpp:
1179         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1180         * jit/CCallHelpers.h:
1181         (JSC::CCallHelpers::jumpToExceptionHandler):
1182         * jit/JIT.cpp:
1183         (JSC::JIT::privateCompileExceptionHandlers):
1184         * jit/JIT.h:
1185         * jit/JITExceptions.cpp:
1186         (JSC::genericUnwind):
1187         * jit/JITExceptions.h:
1188         * jit/JITInlines.h:
1189         (JSC::JIT::callOperationNoExceptionCheck):
1190         * jit/JITOpcodes.cpp:
1191         (JSC::JIT::emit_op_throw):
1192         * jit/JITOpcodes32_64.cpp:
1193         (JSC::JIT::privateCompileCTINativeCall):
1194         (JSC::JIT::emit_op_throw):
1195         * jit/JITOperations.cpp:
1196         * jit/JITOperations.h:
1197         * jit/JITStubs.cpp:
1198         * jit/JITStubs.h:
1199         * jit/JITStubsARM.h:
1200         * jit/JITStubsARM64.h:
1201         * jit/JITStubsARMv7.h:
1202         * jit/JITStubsMIPS.h:
1203         * jit/JITStubsMSVC64.asm:
1204         * jit/JITStubsSH4.h:
1205         * jit/JITStubsX86.h:
1206         * jit/JITStubsX86_64.h:
1207         * jit/Repatch.cpp:
1208         (JSC::tryBuildGetByIDList):
1209         * jit/SlowPathCall.h:
1210         (JSC::JITSlowPathCall::call):
1211         * jit/ThunkGenerators.cpp:
1212         (JSC::throwExceptionFromCallSlowPathGenerator):
1213         (JSC::nativeForGenerator):
1214         * runtime/VM.h:
1215         (JSC::VM::callFrameForThrowOffset):
1216         (JSC::VM::targetMachinePCForThrowOffset):
1217
1218 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1219
1220         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1221         https://bugs.webkit.org/show_bug.cgi?id=123023
1222
1223         Reviewed by Michael Saboff.
1224
1225         * jit/JITInlines.h:
1226         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1227         using EABI_32BIT_DUMMY_ARG here.
1228
1229 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1230
1231         Unreviewed, another ARM64 build fix.
1232         
1233         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1234         on ARM64 and none of its uses are legit - they should all be using
1235         andPtr(TrustedImm32, blah) anyway.
1236
1237         * assembler/MacroAssembler.h:
1238         * assembler/MacroAssemblerARM64.h:
1239         * dfg/DFGJITCompiler.cpp:
1240         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1241         * jit/JIT.cpp:
1242         (JSC::JIT::privateCompileExceptionHandlers):
1243
1244 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1245
1246         Unreviewed, speculative ARM64 build fix.
1247         
1248         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1249         implemented. So, you have to use TrustedImmPtr in the superclasses.
1250
1251         * assembler/MacroAssemblerARM64.h:
1252         (JSC::MacroAssemblerARM64::store8):
1253         (JSC::MacroAssemblerARM64::branchTest8):
1254
1255 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1256
1257         Unreviewed, speculative ARM build fix.
1258         https://bugs.webkit.org/show_bug.cgi?id=122890
1259         <rdar://problem/15258624>
1260
1261         * assembler/ARM64Assembler.h:
1262         (JSC::ARM64Assembler::firstRegister):
1263         (JSC::ARM64Assembler::lastRegister):
1264         (JSC::ARM64Assembler::firstFPRegister):
1265         (JSC::ARM64Assembler::lastFPRegister):
1266         * assembler/MacroAssemblerARM64.h:
1267         * assembler/MacroAssemblerARMv7.h:
1268
1269 2013-10-17  Andreas Kling  <akling@apple.com>
1270
1271         Pass VM instead of JSGlobalObject to JSONObject constructor.
1272         <https://webkit.org/b/122999>
1273
1274         JSONObject was only use the JSGlobalObject to grab at the VM.
1275         Dodge a few loads by passing the VM directly instead.
1276
1277         Reviewed by Geoffrey Garen.
1278
1279         * runtime/JSONObject.cpp:
1280         (JSC::JSONObject::JSONObject):
1281         (JSC::JSONObject::finishCreation):
1282         * runtime/JSONObject.h:
1283         (JSC::JSONObject::create):
1284
1285 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1286
1287         Removed the JITStackFrame struct
1288         https://bugs.webkit.org/show_bug.cgi?id=123001
1289
1290         Reviewed by Anders Carlsson.
1291
1292         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1293         our helper functions obey the C function call ABI.
1294
1295 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1296
1297         Removed an unused #define
1298         https://bugs.webkit.org/show_bug.cgi?id=123000
1299
1300         Reviewed by Anders Carlsson.
1301
1302         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1303         since it is unused now. This is a step toward using the C stack.
1304
1305 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1306
1307         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1308         https://bugs.webkit.org/show_bug.cgi?id=122973
1309
1310         Reviewed by Michael Saboff.
1311
1312         * jit/ThunkGenerators.cpp:
1313         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1314         so I removed it.
1315
1316         The code acted as if it needed to pass an argument to
1317         lookupExceptionHandler, and as if it passed that argument to itself
1318         through JITStackFrame. However, lookupExceptionHandler does not take
1319         an argument (other than the default ExecState argument), and the code
1320         did not initialize the thing that it thought it passed to itself!
1321
1322 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1323
1324         Run JavaScriptCore tests again on Windows.
1325         https://bugs.webkit.org/show_bug.cgi?id=122787
1326
1327         Reviewed by Tim Horton.
1328
1329         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1330         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1331
1332 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1333
1334         Removed restoreArgumentReference (another use of JITStackFrame)
1335         https://bugs.webkit.org/show_bug.cgi?id=122997
1336
1337         Reviewed by Oliver Hunt.
1338
1339         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1340         toward using the C stack.
1341
1342 2013-10-17  Oliver Hunt  <oliver@apple.com>
1343
1344         Remove JITStubCall.h
1345         https://bugs.webkit.org/show_bug.cgi?id=122991
1346
1347         Reviewed by Geoff Garen.
1348
1349         Happily this is no longer used
1350
1351         * GNUmakefile.list.am:
1352         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1353         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1354         * JavaScriptCore.xcodeproj/project.pbxproj:
1355         * jit/JIT.cpp:
1356         * jit/JITArithmetic.cpp:
1357         * jit/JITArithmetic32_64.cpp:
1358         * jit/JITCall.cpp:
1359         * jit/JITCall32_64.cpp:
1360         * jit/JITOpcodes.cpp:
1361         * jit/JITOpcodes32_64.cpp:
1362         * jit/JITPropertyAccess.cpp:
1363         * jit/JITPropertyAccess32_64.cpp:
1364         * jit/JITStubCall.h: Removed.
1365
1366 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1367
1368         Removed a use of JITSTACKFRAME_ARGS_INDEX
1369         https://bugs.webkit.org/show_bug.cgi?id=122989
1370
1371         Reviewed by Oliver Hunt.
1372
1373         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1374         to using the C stack.
1375
1376 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1377
1378         Change emit_op_catch to use another method to materialize VM
1379         https://bugs.webkit.org/show_bug.cgi?id=122977
1380
1381         Reviewed by Oliver Hunt.
1382
1383         * jit/JITOpcodes.cpp:
1384         (JSC::JIT::emit_op_catch):
1385         * jit/JITOpcodes32_64.cpp:
1386         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1387         on JITStackFrame. It is also faster and simpler.
1388
1389 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1390
1391         Eliminate emitGetJITStubArg() - dead code
1392         https://bugs.webkit.org/show_bug.cgi?id=122975
1393
1394         Reviewed by Anders Carlsson.
1395
1396         * jit/JIT.h:
1397         * jit/JITInlines.h: Removed unused, deprecated function.
1398
1399 2013-10-17  Mark Lam  <mark.lam@apple.com>
1400
1401         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1402         https://bugs.webkit.org/show_bug.cgi?id=122979.
1403
1404         Reviewed by Michael Saboff.
1405
1406         * jit/JITStubs.cpp:
1407         * jit/JITStubs.h:
1408         * jit/JITStubsARM.h:
1409         * jit/JITStubsARM64.h:
1410         * jit/JITStubsARMv7.h:
1411         * jit/JITStubsMIPS.h:
1412         * jit/JITStubsSH4.h:
1413         * jit/JITStubsX86.h:
1414         * jit/JITStubsX86_64.h:
1415         * runtime/VM.cpp:
1416         (JSC::VM::VM):
1417
1418 2013-10-17  Michael Saboff  <msaboff@apple.com>
1419
1420         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1421         https://bugs.webkit.org/show_bug.cgi?id=122974
1422
1423         Reviewed by Geoffrey Garen.
1424
1425         Eliminated unneeded storing to JITStackFrame.
1426
1427         * dfg/DFGJITCompiler.cpp:
1428         (JSC::DFG::JITCompiler::compileFunction):
1429
1430 2013-10-17  Michael Saboff  <msaboff@apple.com>
1431
1432         Transition cti_op_throw and cti_vm_throw to a JIT operation
1433         https://bugs.webkit.org/show_bug.cgi?id=122931
1434
1435         Reviewed by Filip Pizlo.
1436
1437         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1438         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1439         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1440         callOperation to handle the need to provide space for structure return value.
1441
1442         * jit/JIT.h:
1443         * jit/JITInlines.h:
1444         (JSC::JIT::callOperation):
1445         * jit/JITOpcodes.cpp:
1446         (JSC::JIT::emit_op_throw):
1447         * jit/JITOpcodes32_64.cpp:
1448         (JSC::JIT::emit_op_throw):
1449         (JSC::JIT::emit_op_catch):
1450         * jit/JITOperations.cpp:
1451         * jit/JITOperations.h:
1452         * jit/JITStubs.cpp:
1453         * jit/JITStubs.h:
1454         * jit/JITStubsARM.h:
1455         * jit/JITStubsARM64.h:
1456         * jit/JITStubsARMv7.h:
1457         * jit/JITStubsMIPS.h:
1458         * jit/JITStubsMSVC64.asm:
1459         * jit/JITStubsSH4.h:
1460         * jit/JITStubsX86.h:
1461         * jit/JITStubsX86_64.h:
1462         * jit/JSInterfaceJIT.h:
1463
1464 2013-10-17  Mark Lam  <mark.lam@apple.com>
1465
1466         Remove JITStackFrame references in the C Loop LLINT.
1467         https://bugs.webkit.org/show_bug.cgi?id=122950.
1468
1469         Reviewed by Michael Saboff.
1470
1471         * jit/JITStubs.h:
1472         * llint/LowLevelInterpreter.cpp:
1473         (JSC::CLoop::execute):
1474         * offlineasm/cloop.rb:
1475
1476 2013-10-17  Mark Lam  <mark.lam@apple.com>
1477
1478         Remove JITStackFrame references in JIT probes.
1479         https://bugs.webkit.org/show_bug.cgi?id=122947.
1480
1481         Reviewed by Michael Saboff.
1482
1483         * assembler/MacroAssemblerARM.cpp:
1484         (JSC::MacroAssemblerARM::ProbeContext::dump):
1485         * assembler/MacroAssemblerARM.h:
1486         * assembler/MacroAssemblerARMv7.cpp:
1487         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1488         * assembler/MacroAssemblerARMv7.h:
1489         * assembler/MacroAssemblerX86Common.cpp:
1490         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1491         * assembler/MacroAssemblerX86Common.h:
1492         * jit/JITStubsARM.h:
1493         * jit/JITStubsARMv7.h:
1494         * jit/JITStubsX86.h:
1495         * jit/JITStubsX86Common.h:
1496         * jit/JITStubsX86_64.h:
1497
1498 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1499
1500         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1501         https://bugs.webkit.org/show_bug.cgi?id=122949
1502
1503         Reviewed by Andreas Kling.
1504
1505         * jit/CCallHelpers.h:
1506         (JSC::CCallHelpers::setupArgumentsWithExecState):
1507
1508 2013-10-16  Mark Lam  <mark.lam@apple.com>
1509
1510         Transition remaining op_get* JITStubs to JIT operations.
1511         https://bugs.webkit.org/show_bug.cgi?id=122925.
1512
1513         Reviewed by Geoffrey Garen.
1514
1515         Transitioning:
1516             cti_op_get_by_id_generic
1517             cti_op_get_by_val
1518             cti_op_get_by_val_generic
1519             cti_op_get_by_val_string
1520
1521         * dfg/DFGOperations.cpp:
1522         * dfg/DFGOperations.h:
1523         * jit/JIT.h:
1524         * jit/JITInlines.h:
1525         (JSC::JIT::callOperation):
1526         * jit/JITOpcodes.cpp:
1527         (JSC::JIT::emitSlow_op_get_arguments_length):
1528         (JSC::JIT::emitSlow_op_get_argument_by_val):
1529         * jit/JITOpcodes32_64.cpp:
1530         (JSC::JIT::emitSlow_op_get_arguments_length):
1531         (JSC::JIT::emitSlow_op_get_argument_by_val):
1532         * jit/JITOperations.cpp:
1533         * jit/JITOperations.h:
1534         * jit/JITPropertyAccess.cpp:
1535         (JSC::JIT::emitSlow_op_get_by_val):
1536         (JSC::JIT::emitSlow_op_get_by_pname):
1537         (JSC::JIT::privateCompileGetByVal):
1538         * jit/JITPropertyAccess32_64.cpp:
1539         (JSC::JIT::emitSlow_op_get_by_val):
1540         (JSC::JIT::emitSlow_op_get_by_pname):
1541         * jit/JITStubs.cpp:
1542         * jit/JITStubs.h:
1543         * runtime/Executable.cpp:
1544         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1545         * runtime/Options.cpp:
1546         (JSC::Options::initialize):
1547
1548 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1549
1550         Introduce WTF::Bag and start using it for InlineCallFrameSet
1551         https://bugs.webkit.org/show_bug.cgi?id=122941
1552
1553         Reviewed by Geoffrey Garen.
1554         
1555         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1556         SegmentedVectors into Bags as well.
1557
1558         * bytecode/InlineCallFrameSet.cpp:
1559         (JSC::InlineCallFrameSet::add):
1560         * bytecode/InlineCallFrameSet.h:
1561         (JSC::InlineCallFrameSet::begin):
1562         (JSC::InlineCallFrameSet::end):
1563         * dfg/DFGArgumentsSimplificationPhase.cpp:
1564         (JSC::DFG::ArgumentsSimplificationPhase::run):
1565         * dfg/DFGJITCompiler.cpp:
1566         (JSC::DFG::JITCompiler::link):
1567         * dfg/DFGStackLayoutPhase.cpp:
1568         (JSC::DFG::StackLayoutPhase::run):
1569         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1570         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1571
1572 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1573
1574         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1575         https://bugs.webkit.org/show_bug.cgi?id=122905
1576         <rdar://problem/15237856>
1577
1578         Reviewed by Michael Saboff.
1579         
1580         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1581         then always call it to install something that calls CRASH().
1582
1583         * llvm/InitializeLLVM.cpp:
1584         (JSC::llvmCrash):
1585         (JSC::initializeLLVMOnce):
1586         (JSC::initializeLLVM):
1587         * llvm/LLVMAPIFunctions.h:
1588
1589 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1590
1591         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1592         https://bugs.webkit.org/show_bug.cgi?id=122938
1593
1594         Reviewed by Sam Weinig.
1595         
1596         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1597
1598         * jit/Repatch.cpp:
1599         (JSC::tryBuildGetByIDList):
1600
1601 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1602
1603         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1604         https://bugs.webkit.org/show_bug.cgi?id=122937
1605
1606         Reviewed by Geoffrey Garen.
1607         
1608         JITStubCall used to do it.
1609         
1610         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1611
1612         * jit/JIT.h:
1613         (JSC::JIT::appendCall):
1614
1615 2013-10-16  Michael Saboff  <msaboff@apple.com>
1616
1617         transition void cti_op_put_by_val* stubs to JIT operations
1618         https://bugs.webkit.org/show_bug.cgi?id=122903
1619
1620         Reviewed by Geoffrey Garen.
1621
1622         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1623         operationPutByValGeneric.
1624
1625         * jit/CCallHelpers.h:
1626         (JSC::CCallHelpers::setupArgumentsWithExecState):
1627         * jit/JIT.h:
1628         * jit/JITInlines.h:
1629         (JSC::JIT::callOperation):
1630         * jit/JITOperations.cpp:
1631         * jit/JITOperations.h:
1632         * jit/JITPropertyAccess.cpp:
1633         (JSC::JIT::emitSlow_op_put_by_val):
1634         (JSC::JIT::privateCompilePutByVal):
1635         * jit/JITPropertyAccess32_64.cpp:
1636         (JSC::JIT::emitSlow_op_put_by_val):
1637         * jit/JITStubs.cpp:
1638         * jit/JITStubs.h:
1639         * jit/JSInterfaceJIT.h:
1640
1641 2013-10-16  Oliver Hunt  <oliver@apple.com>
1642
1643         Implement ES6 spread operator
1644         https://bugs.webkit.org/show_bug.cgi?id=122911
1645
1646         Reviewed by Michael Saboff.
1647
1648         Implement the ES6 spread operator
1649
1650         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1651         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1652         driven.
1653
1654         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1655         and actually handling the spread.
1656
1657         * bytecompiler/BytecodeGenerator.cpp:
1658         (JSC::BytecodeGenerator::emitNewArray):
1659         (JSC::BytecodeGenerator::emitCall):
1660         (JSC::BytecodeGenerator::emitEnumeration):
1661         * bytecompiler/BytecodeGenerator.h:
1662         * bytecompiler/NodesCodegen.cpp:
1663         (JSC::ArrayNode::emitBytecode):
1664         (JSC::ForOfNode::emitBytecode):
1665         (JSC::SpreadExpressionNode::emitBytecode):
1666         * parser/ASTBuilder.h:
1667         (JSC::ASTBuilder::createSpreadExpression):
1668         * parser/Lexer.cpp:
1669         (JSC::::lex):
1670         * parser/NodeConstructors.h:
1671         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1672         * parser/Nodes.h:
1673         (JSC::ExpressionNode::isSpreadExpression):
1674         (JSC::SpreadExpressionNode::expression):
1675         * parser/Parser.cpp:
1676         (JSC::::parseArrayLiteral):
1677         (JSC::::parseArguments):
1678         (JSC::::parseMemberExpression):
1679         * parser/Parser.h:
1680         (JSC::Parser::getTokenName):
1681         (JSC::Parser::updateErrorMessageSpecialCase):
1682         * parser/ParserTokens.h:
1683         * parser/SyntaxChecker.h:
1684         (JSC::SyntaxChecker::createSpreadExpression):
1685
1686 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1687
1688         Add a useLLInt option to jsc
1689         https://bugs.webkit.org/show_bug.cgi?id=122930
1690
1691         Reviewed by Geoffrey Garen.
1692
1693         * runtime/Executable.cpp:
1694         (JSC::setupLLInt):
1695         (JSC::setupJIT):
1696         (JSC::ScriptExecutable::prepareForExecutionImpl):
1697         * runtime/Options.h:
1698
1699 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1700
1701         Build fix.
1702
1703         Forgot to svn add DeferGC.cpp
1704
1705         * heap/DeferGC.cpp: Added.
1706
1707 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1708
1709         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1710         https://bugs.webkit.org/show_bug.cgi?id=122902
1711
1712         Reviewed by Mark Hahnenberg.
1713         
1714         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1715         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1716         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1717         didn't. Turns out that there's even a helpful method,
1718         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1719
1720         * jit/Repatch.cpp:
1721         (JSC::tryCachePutByID):
1722
1723 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1724
1725         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1726         https://bugs.webkit.org/show_bug.cgi?id=122667
1727
1728         Reviewed by Geoffrey Garen.
1729
1730         The issue this patch is attempting to fix is that there are places in our codebase
1731         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1732         operations that can initiate a garbage collection. Garbage collection then calls 
1733         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1734         always necessarily run during garbage collection). This causes a deadlock.
1735  
1736         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1737         into a thread-local field that indicates that it is unsafe to perform any operation 
1738         that could trigger garbage collection on the current thread. In debug builds, 
1739         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1740         detect deadlocks.
1741  
1742         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1743         which uses the DeferGC mechanism to prevent collections from occurring while the 
1744         lock is held.
1745
1746         * CMakeLists.txt:
1747         * GNUmakefile.list.am:
1748         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1749         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1750         * JavaScriptCore.xcodeproj/project.pbxproj:
1751         * heap/DeferGC.h:
1752         (JSC::DisallowGC::DisallowGC):
1753         (JSC::DisallowGC::~DisallowGC):
1754         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1755         (JSC::DisallowGC::initialize):
1756         * jit/Repatch.cpp:
1757         (JSC::repatchPutByID):
1758         (JSC::buildPutByIdList):
1759         * llint/LLIntSlowPaths.cpp:
1760         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1761         * runtime/ConcurrentJITLock.h:
1762         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1763         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1764         (JSC::ConcurrentJITLockerBase::unlockEarly):
1765         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1766         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1767         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1768         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1769         * runtime/InitializeThreading.cpp:
1770         (JSC::initializeThreadingOnce):
1771         * runtime/JSCellInlines.h:
1772         (JSC::allocateCell):
1773         * runtime/JSSymbolTableObject.h:
1774         (JSC::symbolTablePut):
1775         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1776         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1777         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1778         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1779         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1780         the Structure.
1781         (JSC::Structure::materializePropertyMap):
1782         (JSC::Structure::despecifyDictionaryFunction):
1783         (JSC::Structure::changePrototypeTransition):
1784         (JSC::Structure::despecifyFunctionTransition):
1785         (JSC::Structure::attributeChangeTransition):
1786         (JSC::Structure::toDictionaryTransition):
1787         (JSC::Structure::preventExtensionsTransition):
1788         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1789         (JSC::Structure::isSealed):
1790         (JSC::Structure::isFrozen):
1791         (JSC::Structure::addPropertyWithoutTransition):
1792         (JSC::Structure::removePropertyWithoutTransition):
1793         (JSC::Structure::get):
1794         (JSC::Structure::despecifyFunction):
1795         (JSC::Structure::despecifyAllFunctions):
1796         (JSC::Structure::putSpecificValue):
1797         (JSC::Structure::createPropertyMap):
1798         (JSC::Structure::getPropertyNamesFromStructure):
1799         * runtime/Structure.h:
1800         (JSC::Structure::materializePropertyMapIfNecessary):
1801         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1802         * runtime/StructureInlines.h:
1803         (JSC::Structure::get):
1804         * runtime/SymbolTable.h:
1805         (JSC::SymbolTable::find):
1806         (JSC::SymbolTable::end):
1807
1808 2013-10-16  Daniel Bates  <dabates@apple.com>
1809
1810         Add SPI to disable the garbage collector timer
1811         https://bugs.webkit.org/show_bug.cgi?id=122921
1812
1813         Reviewed by Geoffrey Garen.
1814
1815         Based on a patch by Mark Hahnenberg.
1816
1817         * API/JSBase.cpp:
1818         (JSDisableGCTimer): Added; SPI function.
1819         * API/JSBasePrivate.h:
1820         * heap/BlockAllocator.cpp:
1821         (JSC::createBlockFreeingThread): Added.
1822         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1823         to conditionally create the "block freeing" thread depending on the value of
1824         GCActivityCallback::s_shouldCreateGCTimer.
1825         (JSC::BlockAllocator::~BlockAllocator):
1826         * heap/BlockAllocator.h:
1827         (JSC::BlockAllocator::deallocate):
1828         * heap/Heap.cpp:
1829         (JSC::Heap::didAbandon):
1830         (JSC::Heap::collect):
1831         (JSC::Heap::didAllocate):
1832         * heap/HeapTimer.cpp:
1833         (JSC::HeapTimer::timerDidFire):
1834         * runtime/GCActivityCallback.cpp:
1835         * runtime/GCActivityCallback.h:
1836         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1837         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1838         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1839
1840 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1841
1842         Unreviewed, rolling out r157529.
1843         http://trac.webkit.org/changeset/157529
1844         https://bugs.webkit.org/show_bug.cgi?id=122919
1845
1846         Caused score test failures and some build failures. (Requested
1847         by rfong on #webkit).
1848
1849         * bytecompiler/BytecodeGenerator.cpp:
1850         (JSC::BytecodeGenerator::emitNewArray):
1851         (JSC::BytecodeGenerator::emitCall):
1852         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1853         * bytecompiler/BytecodeGenerator.h:
1854         * bytecompiler/NodesCodegen.cpp:
1855         (JSC::ArrayNode::emitBytecode):
1856         (JSC::CallArguments::CallArguments):
1857         (JSC::ForOfNode::emitBytecode):
1858         (JSC::BindingNode::collectBoundIdentifiers):
1859         * parser/ASTBuilder.h:
1860         * parser/Lexer.cpp:
1861         (JSC::::lex):
1862         * parser/NodeConstructors.h:
1863         (JSC::DotAccessorNode::DotAccessorNode):
1864         * parser/Nodes.h:
1865         * parser/Parser.cpp:
1866         (JSC::::parseArrayLiteral):
1867         (JSC::::parseArguments):
1868         (JSC::::parseMemberExpression):
1869         * parser/Parser.h:
1870         (JSC::Parser::getTokenName):
1871         (JSC::Parser::updateErrorMessageSpecialCase):
1872         * parser/ParserTokens.h:
1873         * parser/SyntaxChecker.h:
1874
1875 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1876
1877         Remove useless architecture specific implementation in DFG.
1878         https://bugs.webkit.org/show_bug.cgi?id=122917.
1879
1880         Reviewed by Michael Saboff.
1881
1882         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1883         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1884
1885         * dfg/DFGSpeculativeJIT.h:
1886
1887 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1888
1889         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1890         https://bugs.webkit.org/show_bug.cgi?id=122916.
1891
1892         Reviewed by Michael Saboff.
1893
1894         This architecture specific function is not used anymore, so get rid of it.
1895
1896         * jit/JIT.h:
1897         * jit/JITInlines.h:
1898
1899 2013-10-16  Oliver Hunt  <oliver@apple.com>
1900
1901         Implement ES6 spread operator
1902         https://bugs.webkit.org/show_bug.cgi?id=122911
1903
1904         Reviewed by Michael Saboff.
1905
1906         Implement the ES6 spread operator
1907
1908         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1909         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1910         driven.
1911
1912         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1913         and actually handling the spread.
1914
1915         * bytecompiler/BytecodeGenerator.cpp:
1916         (JSC::BytecodeGenerator::emitNewArray):
1917         (JSC::BytecodeGenerator::emitCall):
1918         (JSC::BytecodeGenerator::emitEnumeration):
1919         * bytecompiler/BytecodeGenerator.h:
1920         * bytecompiler/NodesCodegen.cpp:
1921         (JSC::ArrayNode::emitBytecode):
1922         (JSC::ForOfNode::emitBytecode):
1923         (JSC::SpreadExpressionNode::emitBytecode):
1924         * parser/ASTBuilder.h:
1925         (JSC::ASTBuilder::createSpreadExpression):
1926         * parser/Lexer.cpp:
1927         (JSC::::lex):
1928         * parser/NodeConstructors.h:
1929         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1930         * parser/Nodes.h:
1931         (JSC::ExpressionNode::isSpreadExpression):
1932         (JSC::SpreadExpressionNode::expression):
1933         * parser/Parser.cpp:
1934         (JSC::::parseArrayLiteral):
1935         (JSC::::parseArguments):
1936         (JSC::::parseMemberExpression):
1937         * parser/Parser.h:
1938         (JSC::Parser::getTokenName):
1939         (JSC::Parser::updateErrorMessageSpecialCase):
1940         * parser/ParserTokens.h:
1941         * parser/SyntaxChecker.h:
1942         (JSC::SyntaxChecker::createSpreadExpression):
1943
1944 2013-10-16  Mark Lam  <mark.lam@apple.com>
1945
1946         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1947         https://bugs.webkit.org/show_bug.cgi?id=122899.
1948
1949         Reviewed by Michael Saboff.
1950
1951         * jit/JITOpcodes32_64.cpp:
1952         (JSC::JIT::emit_op_tear_off_activation):
1953         (JSC::JIT::emit_op_tear_off_arguments):
1954         * jit/JITStubs.cpp:
1955         * jit/JITStubs.h:
1956
1957 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1958
1959         Remove more of the UNINTERRUPTED_SEQUENCE thing
1960         https://bugs.webkit.org/show_bug.cgi?id=122885
1961
1962         Reviewed by Andreas Kling.
1963
1964         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1965
1966         * jit/JIT.h:
1967         * jit/JITInlines.h:
1968
1969 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1970
1971         Get rid of the StructureStubInfo::patch union
1972         https://bugs.webkit.org/show_bug.cgi?id=122877
1973
1974         Reviewed by Sam Weinig.
1975         
1976         Just simplifying code by getting rid of data structures that ain't used no more.
1977         
1978         Note that I replace the patch union with a patch struct. This means we say things like
1979         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1980         encapsulation makes the code more readable: the patch struct contains just those things
1981         that you need to know to perform patching.
1982
1983         * bytecode/StructureStubInfo.h:
1984         * dfg/DFGJITCompiler.cpp:
1985         (JSC::DFG::JITCompiler::link):
1986         * jit/JIT.cpp:
1987         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1988         * jit/Repatch.cpp:
1989         (JSC::repatchByIdSelfAccess):
1990         (JSC::replaceWithJump):
1991         (JSC::linkRestoreScratch):
1992         (JSC::generateProtoChainAccessStub):
1993         (JSC::tryCacheGetByID):
1994         (JSC::getPolymorphicStructureList):
1995         (JSC::patchJumpToGetByIdStub):
1996         (JSC::tryBuildGetByIDList):
1997         (JSC::emitPutReplaceStub):
1998         (JSC::emitPutTransitionStub):
1999         (JSC::tryCachePutByID):
2000         (JSC::tryBuildPutByIdList):
2001         (JSC::tryRepatchIn):
2002         (JSC::resetGetByID):
2003         (JSC::resetPutByID):
2004         (JSC::resetIn):
2005
2006 2013-10-15  Nadav Rotem  <nrotem@apple.com>
2007
2008         FTL: add support for Int52ToValue and fix putByVal of int52s.
2009         https://bugs.webkit.org/show_bug.cgi?id=122873
2010
2011         Reviewed by Filip Pizlo.
2012
2013         * ftl/FTLCapabilities.cpp:
2014         (JSC::FTL::canCompile):
2015         * ftl/FTLLowerDFGToLLVM.cpp:
2016         (JSC::FTL::LowerDFGToLLVM::compileNode):
2017         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
2018         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2019
2020 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2021
2022         Get rid of the UNINTERRUPTED_SEQUENCE thing
2023         https://bugs.webkit.org/show_bug.cgi?id=122876
2024
2025         Reviewed by Mark Hahnenberg.
2026         
2027         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
2028         
2029         Moreover, we should resist the temptation to bring anything like this back. We don't
2030         want to have inline caches that only work if the assembler lays out code in a specific
2031         predetermined way.
2032
2033         * jit/JIT.h:
2034         * jit/JITCall.cpp:
2035         (JSC::JIT::compileOpCall):
2036         * jit/JITCall32_64.cpp:
2037         (JSC::JIT::compileOpCall):
2038
2039 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
2040
2041         Baseline JIT should use the DFG GetById IC
2042         https://bugs.webkit.org/show_bug.cgi?id=122861
2043
2044         Reviewed by Oliver Hunt.
2045         
2046         This mostly just kills a ton of code.
2047         
2048         Note that this doesn't yet do all of the simplifications that can be done, but it does
2049         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
2050
2051         * bytecode/CodeBlock.cpp:
2052         (JSC::CodeBlock::resetStubInternal):
2053         * jit/JIT.cpp:
2054         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2055         * jit/JIT.h:
2056         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2057         * jit/JITInlines.h:
2058         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2059         (JSC::JIT::callOperation):
2060         * jit/JITPropertyAccess.cpp:
2061         (JSC::JIT::compileGetByIdHotPath):
2062         (JSC::JIT::emitSlow_op_get_by_id):
2063         (JSC::JIT::emitSlow_op_get_from_scope):
2064         * jit/JITPropertyAccess32_64.cpp:
2065         (JSC::JIT::compileGetByIdHotPath):
2066         (JSC::JIT::emitSlow_op_get_by_id):
2067         (JSC::JIT::emitSlow_op_get_from_scope):
2068         * jit/JITStubs.cpp:
2069         * jit/JITStubs.h:
2070         * jit/Repatch.cpp:
2071         (JSC::repatchGetByID):
2072         (JSC::buildGetByIDList):
2073         * jit/ThunkGenerators.cpp:
2074         * jit/ThunkGenerators.h:
2075
2076 2013-10-15  Dean Jackson  <dino@apple.com>
2077
2078         Add ENABLE_WEB_ANIMATIONS flag
2079         https://bugs.webkit.org/show_bug.cgi?id=122871
2080
2081         Reviewed by Tim Horton.
2082
2083         Eventually might be http://dev.w3.org/fxtf/web-animations/
2084         but this is just engine-internal work at the moment.
2085
2086         * Configurations/FeatureDefines.xcconfig:
2087
2088 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2089
2090         [sh4] Some calls don't match sh4 ABI.
2091         https://bugs.webkit.org/show_bug.cgi?id=122863
2092
2093         Reviewed by Michael Saboff.
2094
2095         * dfg/DFGSpeculativeJIT.h:
2096         (JSC::DFG::SpeculativeJIT::callOperation):
2097         * jit/CCallHelpers.h:
2098         (JSC::CCallHelpers::setupArgumentsWithExecState):
2099         * jit/JITInlines.h:
2100         (JSC::JIT::callOperation):
2101
2102 2013-10-15  Daniel Bates  <dabates@apple.com>
2103
2104         [iOS] Upstream JavaScriptCore support for ARM64
2105         https://bugs.webkit.org/show_bug.cgi?id=122762
2106
2107         Reviewed by Oliver Hunt and Filip Pizlo.
2108
2109         * Configurations/Base.xcconfig:
2110         * Configurations/DebugRelease.xcconfig:
2111         * Configurations/JavaScriptCore.xcconfig:
2112         * Configurations/ToolExecutable.xcconfig:
2113         * JavaScriptCore.xcodeproj/project.pbxproj:
2114         * assembler/ARM64Assembler.h: Added.
2115         * assembler/AbstractMacroAssembler.h:
2116         (JSC::isARM64):
2117         (JSC::AbstractMacroAssembler::Label::Label):
2118         (JSC::AbstractMacroAssembler::Jump::Jump):
2119         (JSC::AbstractMacroAssembler::Jump::link):
2120         (JSC::AbstractMacroAssembler::Jump::linkTo):
2121         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
2122         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
2123         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
2124         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
2125         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
2126         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
2127         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
2128         (JSC::AbstractMacroAssembler::isTempRegisterValid):
2129         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
2130         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2131         * assembler/LinkBuffer.cpp:
2132         (JSC::LinkBuffer::copyCompactAndLinkCode):
2133         (JSC::LinkBuffer::linkCode):
2134         * assembler/LinkBuffer.h:
2135         * assembler/MacroAssembler.h:
2136         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
2137         (JSC::MacroAssembler::pushToSave):
2138         (JSC::MacroAssembler::popToRestore):
2139         (JSC::MacroAssembler::patchableBranchTest32):
2140         * assembler/MacroAssemblerARM64.h: Added.
2141         * assembler/MacroAssemblerARMv7.h:
2142         * dfg/DFGFixupPhase.cpp:
2143         (JSC::DFG::FixupPhase::fixupNode):
2144         * dfg/DFGOSRExitCompiler32_64.cpp:
2145         (JSC::DFG::OSRExitCompiler::compileExit):
2146         * dfg/DFGOSRExitCompiler64.cpp:
2147         (JSC::DFG::OSRExitCompiler::compileExit):
2148         * dfg/DFGSpeculativeJIT.cpp:
2149         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2150         (JSC::DFG::SpeculativeJIT::compileArithMod):
2151         * disassembler/ARM64/A64DOpcode.cpp: Added.
2152         * disassembler/ARM64/A64DOpcode.h: Added.
2153         * disassembler/ARM64Disassembler.cpp: Added.
2154         * heap/MachineStackMarker.cpp:
2155         (JSC::getPlatformThreadRegisters):
2156         (JSC::otherThreadStackPointer):
2157         * heap/Region.h:
2158         * jit/AssemblyHelpers.h:
2159         (JSC::AssemblyHelpers::debugCall):
2160         * jit/CCallHelpers.h:
2161         * jit/ExecutableAllocator.h:
2162         * jit/FPRInfo.h:
2163         (JSC::FPRInfo::toRegister):
2164         (JSC::FPRInfo::toIndex):
2165         (JSC::FPRInfo::debugName):
2166         * jit/GPRInfo.h:
2167         (JSC::GPRInfo::toRegister):
2168         (JSC::GPRInfo::toIndex):
2169         (JSC::GPRInfo::debugName):
2170         * jit/JITInlines.h:
2171         (JSC::JIT::restoreArgumentReferenceForTrampoline):
2172         * jit/JITOperationWrappers.h:
2173         * jit/JITOperations.cpp:
2174         * jit/JITStubs.cpp:
2175         (JSC::performPlatformSpecificJITAssertions):
2176         (JSC::tryCachePutByID):
2177         * jit/JITStubs.h:
2178         (JSC::JITStackFrame::returnAddressSlot):
2179         * jit/JITStubsARM64.h: Added.
2180         * jit/JSInterfaceJIT.h:
2181         * jit/Repatch.cpp:
2182         (JSC::emitRestoreScratch):
2183         (JSC::generateProtoChainAccessStub):
2184         (JSC::tryCacheGetByID):
2185         (JSC::emitPutReplaceStub):
2186         (JSC::tryCachePutByID):
2187         (JSC::tryRepatchIn):
2188         * jit/ScratchRegisterAllocator.h:
2189         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2190         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2191         * jit/ThunkGenerators.cpp:
2192         (JSC::nativeForGenerator):
2193         (JSC::floorThunkGenerator):
2194         (JSC::ceilThunkGenerator):
2195         * jsc.cpp:
2196         (main):
2197         * llint/LLIntOfflineAsmConfig.h:
2198         * llint/LLIntSlowPaths.cpp:
2199         (JSC::LLInt::handleHostCall):
2200         * llint/LowLevelInterpreter.asm:
2201         * llint/LowLevelInterpreter64.asm:
2202         * offlineasm/arm.rb:
2203         * offlineasm/arm64.rb: Added.
2204         * offlineasm/backends.rb:
2205         * offlineasm/instructions.rb:
2206         * offlineasm/risc.rb:
2207         * offlineasm/transform.rb:
2208         * yarr/YarrJIT.cpp:
2209         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2210         (JSC::Yarr::YarrGenerator::initCallFrame):
2211         (JSC::Yarr::YarrGenerator::removeCallFrame):
2212         (JSC::Yarr::YarrGenerator::generateEnter):
2213         * yarr/YarrJIT.h:
2214
2215 2013-10-15  Mark Lam  <mark.lam@apple.com>
2216
2217         Fix 3 operand sub operation in C loop LLINT.
2218         https://bugs.webkit.org/show_bug.cgi?id=122866.
2219
2220         Reviewed by Geoffrey Garen.
2221
2222         * offlineasm/cloop.rb:
2223
2224 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2225
2226         ObjCCallbackFunctionImpl shouldn't store a JSContext
2227         https://bugs.webkit.org/show_bug.cgi?id=122531
2228
2229         Reviewed by Geoffrey Garen.
2230
2231         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2232         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2233         by looking using the globalObject of the callee when the function callback is invoked.
2234  
2235         Also added a new test that would cause us to crash previously. The test required making 
2236         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2237         in C API callbacks.
2238
2239         * API/JSContextRef.h:
2240         * API/JSContextRefPrivate.h:
2241         * API/ObjCCallbackFunction.mm:
2242         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2243         (JSC::objCCallbackFunctionCallAsFunction):
2244         (objCCallbackFunctionForInvocation):
2245         * API/WebKitAvailability.h:
2246         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2247         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2248         (CallAsConstructor):
2249         (ConstructorFinalize):
2250         (ConstructorClass):
2251         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2252         (-[JSContext valueWithConstructorDescriptor:]):
2253         (currentThisInsideBlockGetterTest):
2254         * API/tests/testapi.mm:
2255         * JavaScriptCore.xcodeproj/project.pbxproj:
2256         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2257
2258 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2259
2260         Fix build after r157457 for architecture with 4 argument registers.
2261         https://bugs.webkit.org/show_bug.cgi?id=122860
2262
2263         Reviewed by Michael Saboff.
2264
2265         * jit/CCallHelpers.h:
2266         (JSC::CCallHelpers::setupStubArguments134):
2267
2268 2013-10-14  Michael Saboff  <msaboff@apple.com>
2269
2270         transition void cti_op_* methods to JIT operations.
2271         https://bugs.webkit.org/show_bug.cgi?id=122617
2272
2273         Reviewed by Geoffrey Garen.
2274
2275         Converted the follow stubs to JIT operations:
2276             cti_handle_watchdog_timer
2277             cti_op_debug
2278             cti_op_pop_scope
2279             cti_op_profile_did_call
2280             cti_op_profile_will_call
2281             cti_op_put_by_index
2282             cti_op_put_getter_setter
2283             cti_op_tear_off_activation
2284             cti_op_tear_off_arguments
2285             cti_op_throw_static_error
2286             cti_optimize
2287
2288         * dfg/DFGOperations.cpp:
2289         * dfg/DFGOperations.h:
2290         * jit/CCallHelpers.h:
2291         (JSC::CCallHelpers::setupArgumentsWithExecState):
2292         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2293         (JSC::CCallHelpers::setupStubArguments):
2294         (JSC::CCallHelpers::setupStubArguments134):
2295         * jit/JIT.cpp:
2296         (JSC::JIT::emitEnterOptimizationCheck):
2297         * jit/JIT.h:
2298         * jit/JITInlines.h:
2299         (JSC::JIT::callOperation):
2300         * jit/JITOpcodes.cpp:
2301         (JSC::JIT::emit_op_tear_off_activation):
2302         (JSC::JIT::emit_op_tear_off_arguments):
2303         (JSC::JIT::emit_op_push_with_scope):
2304         (JSC::JIT::emit_op_pop_scope):
2305         (JSC::JIT::emit_op_push_name_scope):
2306         (JSC::JIT::emit_op_throw_static_error):
2307         (JSC::JIT::emit_op_debug):
2308         (JSC::JIT::emit_op_profile_will_call):
2309         (JSC::JIT::emit_op_profile_did_call):
2310         (JSC::JIT::emitSlow_op_loop_hint):
2311         * jit/JITOpcodes32_64.cpp:
2312         (JSC::JIT::emit_op_push_with_scope):
2313         (JSC::JIT::emit_op_pop_scope):
2314         (JSC::JIT::emit_op_push_name_scope):
2315         (JSC::JIT::emit_op_throw_static_error):
2316         (JSC::JIT::emit_op_debug):
2317         (JSC::JIT::emit_op_profile_will_call):
2318         (JSC::JIT::emit_op_profile_did_call):
2319         * jit/JITOperations.cpp:
2320         * jit/JITOperations.h:
2321         * jit/JITPropertyAccess.cpp:
2322         (JSC::JIT::emit_op_put_by_index):
2323         (JSC::JIT::emit_op_put_getter_setter):
2324         * jit/JITPropertyAccess32_64.cpp:
2325         (JSC::JIT::emit_op_put_by_index):
2326         (JSC::JIT::emit_op_put_getter_setter):
2327         * jit/JITStubs.cpp:
2328         * jit/JITStubs.h:
2329
2330 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2331
2332         [sh4] Introduce const pools in LLINT.
2333         https://bugs.webkit.org/show_bug.cgi?id=122746
2334
2335         Reviewed by Michael Saboff.
2336
2337         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2338         loaded this way:
2339
2340             mov.l .label, rx
2341             bra out
2342             nop
2343             .balign 4
2344             .label: .long immvalue
2345             out:
2346
2347         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2348         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2349
2350         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2351         * offlineasm/sh4.rb:
2352
2353 2013-10-15  Mark Lam  <mark.lam@apple.com>
2354
2355         Fix broken C Loop LLINT build.
2356         https://bugs.webkit.org/show_bug.cgi?id=122839.
2357
2358         Reviewed by Michael Saboff.
2359
2360         * dfg/DFGFlushedAt.cpp:
2361         * jit/JITOperations.h:
2362
2363 2013-10-14  Mark Lam  <mark.lam@apple.com>
2364
2365         Transition *switch* and *scope* JITStubs to JIT operations.
2366         https://bugs.webkit.org/show_bug.cgi?id=122757.
2367
2368         Reviewed by Geoffrey Garen.
2369
2370         Transitioning:
2371             cti_op_switch_char
2372             cti_op_switch_imm
2373             cti_op_switch_string
2374             cti_op_resolve_scope
2375             cti_op_get_from_scope
2376             cti_op_put_to_scope
2377
2378         * jit/JIT.h:
2379         * jit/JITInlines.h:
2380         (JSC::JIT::callOperation):
2381         * jit/JITOpcodes.cpp:
2382         (JSC::JIT::emit_op_switch_imm):
2383         (JSC::JIT::emit_op_switch_char):
2384         (JSC::JIT::emit_op_switch_string):
2385         * jit/JITOpcodes32_64.cpp:
2386         (JSC::JIT::emit_op_switch_imm):
2387         (JSC::JIT::emit_op_switch_char):
2388         (JSC::JIT::emit_op_switch_string):
2389         * jit/JITOperations.cpp:
2390         * jit/JITOperations.h:
2391         * jit/JITPropertyAccess.cpp:
2392         (JSC::JIT::emitSlow_op_resolve_scope):
2393         (JSC::JIT::emitSlow_op_get_from_scope):
2394         (JSC::JIT::emitSlow_op_put_to_scope):
2395         * jit/JITPropertyAccess32_64.cpp:
2396         (JSC::JIT::emitSlow_op_resolve_scope):
2397         (JSC::JIT::emitSlow_op_get_from_scope):
2398         (JSC::JIT::emitSlow_op_put_to_scope):
2399         * jit/JITStubs.cpp:
2400         * jit/JITStubs.h:
2401
2402 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2403
2404         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2405         https://bugs.webkit.org/show_bug.cgi?id=122786
2406
2407         Reviewed by Mark Hahnenberg.
2408
2409         * bytecode/CodeBlock.cpp:
2410         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2411         * jit/Repatch.cpp:
2412         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2413         (JSC::buildPutByIdList): Ditto.
2414
2415 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2416
2417         Add FTL support for LogicalNot(string)
2418         https://bugs.webkit.org/show_bug.cgi?id=122765
2419
2420         Reviewed by Filip Pizlo.
2421
2422         This patch is tested by:
2423         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2424
2425         * ftl/FTLCapabilities.cpp:
2426         (JSC::FTL::canCompile):
2427         * ftl/FTLLowerDFGToLLVM.cpp:
2428         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2429
2430 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2431
2432         [sh4] Fixes after r157404 and r157411.
2433         https://bugs.webkit.org/show_bug.cgi?id=122782
2434
2435         Reviewed by Michael Saboff.
2436
2437         * dfg/DFGSpeculativeJIT.h:
2438         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2439         * jit/CCallHelpers.h:
2440         (JSC::CCallHelpers::setupArgumentsWithExecState):
2441         * jit/JITInlines.h:
2442         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2443         * jit/JITPropertyAccess32_64.cpp:
2444         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2445
2446 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2447
2448         Unreviewed, rolling out r157413.
2449         http://trac.webkit.org/changeset/157413
2450         https://bugs.webkit.org/show_bug.cgi?id=122779
2451
2452         Appears to have caused frequent crashes (Requested by ap on
2453         #webkit).
2454
2455         * CMakeLists.txt:
2456         * GNUmakefile.list.am:
2457         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2458         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2459         * JavaScriptCore.xcodeproj/project.pbxproj:
2460         * heap/DeferGC.cpp: Removed.
2461         * heap/DeferGC.h:
2462         * jit/JITStubs.cpp:
2463         (JSC::tryCacheGetByID):
2464         (JSC::DEFINE_STUB_FUNCTION):
2465         * llint/LLIntSlowPaths.cpp:
2466         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2467         * runtime/ConcurrentJITLock.h:
2468         * runtime/InitializeThreading.cpp:
2469         (JSC::initializeThreadingOnce):
2470         * runtime/JSCellInlines.h:
2471         (JSC::allocateCell):
2472         * runtime/Structure.cpp:
2473         (JSC::Structure::materializePropertyMap):
2474         (JSC::Structure::putSpecificValue):
2475         (JSC::Structure::createPropertyMap):
2476         * runtime/Structure.h:
2477
2478 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2479
2480         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2481         https://bugs.webkit.org/show_bug.cgi?id=122652
2482
2483         Reviewed by Filip Pizlo.
2484
2485         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2486         so we would end up ASSERTing during garbage collection.
2487
2488         * heap/MarkedAllocator.cpp:
2489         (JSC::MarkedAllocator::allocateSlowCase):
2490
2491 2013-10-11  Oliver Hunt  <oliver@apple.com>
2492
2493         Separate out array iteration intrinsics
2494         https://bugs.webkit.org/show_bug.cgi?id=122656
2495
2496         Reviewed by Michael Saboff.
2497
2498         Separate out the intrinsics for key and values iteration
2499         of arrays.
2500
2501         This requires moving moving array iteration into the iterator
2502         instance, rather than the prototype, but this is essentially
2503         unobservable so we'll live with it for now.
2504
2505         * jit/ThunkGenerators.cpp:
2506         (JSC::arrayIteratorNextThunkGenerator):
2507         (JSC::arrayIteratorNextKeyThunkGenerator):
2508         (JSC::arrayIteratorNextValueThunkGenerator):
2509         * jit/ThunkGenerators.h:
2510         * runtime/ArrayIteratorPrototype.cpp:
2511         (JSC::ArrayIteratorPrototype::finishCreation):
2512         * runtime/Intrinsic.h:
2513         * runtime/JSArrayIterator.cpp:
2514         (JSC::JSArrayIterator::finishCreation):
2515         (JSC::createIteratorResult):
2516         (JSC::arrayIteratorNext):
2517         (JSC::arrayIteratorNextKey):
2518         (JSC::arrayIteratorNextValue):
2519         (JSC::arrayIteratorNextGeneric):
2520         * runtime/VM.cpp:
2521         (JSC::thunkGeneratorForIntrinsic):
2522
2523 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2524
2525         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2526         https://bugs.webkit.org/show_bug.cgi?id=122667
2527
2528         Reviewed by Filip Pizlo.
2529
2530         The issue this patch is attempting to fix is that there are places in our codebase
2531         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2532         operations that can initiate a garbage collection. Garbage collection then calls 
2533         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2534         always necessarily run during garbage collection). This causes a deadlock.
2535
2536         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2537         into a thread-local field that indicates that it is unsafe to perform any operation 
2538         that could trigger garbage collection on the current thread. In debug builds, 
2539         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2540         detect deadlocks.
2541
2542         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2543         which uses the DeferGC mechanism to prevent collections from occurring while the 
2544         lock is held.
2545
2546         * CMakeLists.txt:
2547         * GNUmakefile.list.am:
2548         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2549         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2550         * JavaScriptCore.xcodeproj/project.pbxproj:
2551         * heap/DeferGC.cpp: Added.
2552         * heap/DeferGC.h:
2553         (JSC::DisallowGC::DisallowGC):
2554         (JSC::DisallowGC::~DisallowGC):
2555         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2556         (JSC::DisallowGC::initialize):
2557         * jit/JITStubs.cpp:
2558         (JSC::tryCachePutByID):
2559         (JSC::tryCacheGetByID):
2560         (JSC::DEFINE_STUB_FUNCTION):
2561         * llint/LLIntSlowPaths.cpp:
2562         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2563         * runtime/ConcurrentJITLock.h:
2564         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2565         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2566         (JSC::ConcurrentJITLockerBase::unlockEarly):
2567         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2568         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2569         * runtime/InitializeThreading.cpp:
2570         (JSC::initializeThreadingOnce):
2571         * runtime/JSCellInlines.h:
2572         (JSC::allocateCell):
2573         * runtime/Structure.cpp:
2574         (JSC::Structure::materializePropertyMap):
2575         (JSC::Structure::putSpecificValue):
2576         (JSC::Structure::createPropertyMap):
2577         * runtime/Structure.h:
2578
2579 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2580
2581         Baseline JIT should use the DFG's PutById IC
2582         https://bugs.webkit.org/show_bug.cgi?id=122704
2583
2584         Reviewed by Mark Hahnenberg.
2585         
2586         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2587         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2588         
2589         The only complicated part was that the PutById operations assumed that we first did a
2590         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2591         slow paths to deal with EncodedJSValue's.
2592
2593         * bytecode/CodeBlock.cpp:
2594         (JSC::CodeBlock::resetStubInternal):
2595         * bytecode/PutByIdStatus.cpp:
2596         (JSC::PutByIdStatus::computeFor):
2597         * dfg/DFGSpeculativeJIT.h:
2598         (JSC::DFG::SpeculativeJIT::callOperation):
2599         * dfg/DFGSpeculativeJIT32_64.cpp:
2600         (JSC::DFG::SpeculativeJIT::cachedPutById):
2601         * dfg/DFGSpeculativeJIT64.cpp:
2602         (JSC::DFG::SpeculativeJIT::cachedPutById):
2603         * jit/CCallHelpers.h:
2604         (JSC::CCallHelpers::setupArgumentsWithExecState):
2605         * jit/JIT.cpp:
2606         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2607         * jit/JIT.h:
2608         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2609         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2610         * jit/JITInlines.h:
2611         (JSC::JIT::callOperation):
2612         * jit/JITOperationWrappers.h:
2613         * jit/JITOperations.cpp:
2614         * jit/JITOperations.h:
2615         * jit/JITPropertyAccess.cpp:
2616         (JSC::JIT::compileGetByIdHotPath):
2617         (JSC::JIT::compileGetByIdSlowCase):
2618         (JSC::JIT::emit_op_put_by_id):
2619         (JSC::JIT::emitSlow_op_put_by_id):
2620         * jit/JITPropertyAccess32_64.cpp:
2621         (JSC::JIT::compileGetByIdSlowCase):
2622         (JSC::JIT::emit_op_put_by_id):
2623         (JSC::JIT::emitSlow_op_put_by_id):
2624         * jit/JITStubs.cpp:
2625         * jit/JITStubs.h:
2626         * jit/Repatch.cpp:
2627         (JSC::appropriateGenericPutByIdFunction):
2628         (JSC::appropriateListBuildingPutByIdFunction):
2629         (JSC::resetPutByID):
2630
2631 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2632
2633         FTL should have an inefficient but correct implementation of GetById
2634         https://bugs.webkit.org/show_bug.cgi?id=122740
2635
2636         Reviewed by Mark Hahnenberg.
2637         
2638         It took some effort to realize that the node->prediction() check in the DFG backends
2639         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2640         if !prediction.
2641         
2642         But other than that this was an easy patch.
2643
2644         * dfg/DFGByteCodeParser.cpp:
2645         (JSC::DFG::ByteCodeParser::handleGetById):
2646         * dfg/DFGSpeculativeJIT32_64.cpp:
2647         (JSC::DFG::SpeculativeJIT::compile):
2648         * dfg/DFGSpeculativeJIT64.cpp:
2649         (JSC::DFG::SpeculativeJIT::compile):
2650         * ftl/FTLCapabilities.cpp:
2651         (JSC::FTL::canCompile):
2652         * ftl/FTLIntrinsicRepository.h:
2653         * ftl/FTLLowerDFGToLLVM.cpp:
2654         (JSC::FTL::LowerDFGToLLVM::compileNode):
2655         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2656
2657 2013-10-13  Mark Lam  <mark.lam@apple.com>
2658
2659         Transition misc cti_op_* JITStubs to JIT operations.
2660         https://bugs.webkit.org/show_bug.cgi?id=122645.
2661
2662         Reviewed by Michael Saboff.
2663
2664         Stubs converted:
2665             cti_op_check_has_instance
2666             cti_op_create_arguments
2667             cti_op_del_by_id
2668             cti_op_instanceof
2669             cti_to_object
2670             cti_op_push_activation
2671             cti_op_get_pnames
2672             cti_op_load_varargs
2673
2674         * dfg/DFGOperations.cpp:
2675         * dfg/DFGOperations.h:
2676         * jit/CCallHelpers.h:
2677         (JSC::CCallHelpers::setupArgumentsWithExecState):
2678         * jit/JIT.h:
2679         (JSC::JIT::emitStoreCell):
2680         * jit/JITCall.cpp:
2681         (JSC::JIT::compileLoadVarargs):
2682         * jit/JITCall32_64.cpp:
2683         (JSC::JIT::compileLoadVarargs):
2684         * jit/JITInlines.h:
2685         (JSC::JIT::callOperation):
2686         * jit/JITOpcodes.cpp:
2687         (JSC::JIT::emit_op_get_pnames):
2688         (JSC::JIT::emit_op_create_activation):
2689         (JSC::JIT::emit_op_create_arguments):
2690         (JSC::JIT::emitSlow_op_check_has_instance):
2691         (JSC::JIT::emitSlow_op_instanceof):
2692         (JSC::JIT::emitSlow_op_get_argument_by_val):
2693         * jit/JITOpcodes32_64.cpp:
2694         (JSC::JIT::emitSlow_op_check_has_instance):
2695         (JSC::JIT::emitSlow_op_instanceof):
2696         (JSC::JIT::emit_op_get_pnames):
2697         (JSC::JIT::emit_op_create_activation):
2698         (JSC::JIT::emit_op_create_arguments):
2699         (JSC::JIT::emitSlow_op_get_argument_by_val):
2700         * jit/JITOperations.cpp:
2701         * jit/JITOperations.h:
2702         * jit/JITPropertyAccess.cpp:
2703         (JSC::JIT::emit_op_del_by_id):
2704         * jit/JITPropertyAccess32_64.cpp:
2705         (JSC::JIT::emit_op_del_by_id):
2706         * jit/JITStubs.cpp:
2707         * jit/JITStubs.h:
2708
2709 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2710
2711         FTL OSR exit should perform zero extension on values smaller than 64-bit
2712         https://bugs.webkit.org/show_bug.cgi?id=122688
2713
2714         Reviewed by Gavin Barraclough.
2715         
2716         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2717         register will have zeros on the high bits.  In the few cases where the high bits are
2718         non-zero, the DFG sort of tells us this explicitly.
2719
2720         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2721         emit LLVM IR like:
2722
2723             %2 = trunc i64 %1 to i32
2724             stuff %2
2725             call @llvm.webkit.stackmap(...., %2)
2726
2727         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2728         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2729         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2730         from before truncation, and that register may have garbage in the high bits.
2731
2732         This means that on our end, if we want a 32-bit value and we want that value to be
2733         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2734         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2735         end.
2736         
2737         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2738
2739         * ftl/FTLOSRExitCompiler.cpp:
2740         (JSC::FTL::compileStubWithOSRExitStackmap):
2741         * ftl/FTLValueFormat.cpp:
2742         (JSC::FTL::reboxAccordingToFormat):
2743
2744 == Rolled over to ChangeLog-2013-10-13 ==