d5adeb91d2a30a8b7db5aa461d9cc550c114b0d3
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2017-03-13  Commit Queue  <commit-queue@webkit.org>
2
3         Unreviewed, rolling out r213856.
4         https://bugs.webkit.org/show_bug.cgi?id=169562
5
6         Breaks JSC stress test stress/super-property-access.js.ftl-
7         eager failing (Requested by mlam|g on #webkit).
8
9         Reverted changeset:
10
11         "FTL should not flush strict arguments unless it really needs
12         to"
13         https://bugs.webkit.org/show_bug.cgi?id=169519
14         http://trac.webkit.org/changeset/213856
15
16 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
17
18         [JSC][Linux] Allow profilers to demangle C++ names
19         https://bugs.webkit.org/show_bug.cgi?id=169559
20
21         Reviewed by Michael Catanzaro.
22
23         Linux also offers dladdr & demangling feature.
24         Thus, we can use it to show the names in profilers.
25         For example, SamplingProfiler tells us the C function names.
26
27         * runtime/SamplingProfiler.cpp:
28         (JSC::SamplingProfiler::StackFrame::displayName):
29         * tools/CodeProfile.cpp:
30         (JSC::symbolName):
31
32 2017-03-13  Yusuke Suzuki  <utatane.tea@gmail.com>
33
34         [WTF] Clean up RunLoop and WorkQueue with Seconds and Function
35         https://bugs.webkit.org/show_bug.cgi?id=169537
36
37         Reviewed by Sam Weinig.
38
39         * runtime/Watchdog.cpp:
40         (JSC::Watchdog::startTimer):
41
42 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
43
44         FTL should not flush strict arguments unless it really needs to
45         https://bugs.webkit.org/show_bug.cgi?id=169519
46
47         Reviewed by Mark Lam.
48         
49         This is a refinement that we should have done ages ago. This kills some pointless PutStacks
50         in DFG SSA IR. It can sometimes unlock other optimizations.
51
52         * dfg/DFGPreciseLocalClobberize.h:
53         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
54
55 2017-03-13  Caio Lima  <ticaiolima@gmail.com>
56
57         [JSC] It should be possible create a label named let when parsing Statement in non strict mode
58         https://bugs.webkit.org/show_bug.cgi?id=168684
59
60         Reviewed by Saam Barati.
61
62         This patch is fixing a Parser bug to allow define a label named
63         ```let``` in sloppy mode when parsing a Statement.
64
65         * parser/Parser.cpp:
66         (JSC::Parser<LexerType>::parseStatement):
67
68 2017-03-11  Filip Pizlo  <fpizlo@apple.com>
69
70         Structure::willStoreValueSlow needs to keep the property table alive until the end
71         https://bugs.webkit.org/show_bug.cgi?id=169520
72
73         Reviewed by Michael Saboff.
74
75         We use pointers logically interior to `propertyTable` after doing a GC. We need to prevent the
76         compiler from optimizing away pointers to `propertyTable`.
77         
78         * heap/HeapCell.cpp:
79         (JSC::HeapCell::use):
80         * heap/HeapCell.h:
81         (JSC::HeapCell::use): Introduce API for keeping a pointer alive until some point in execution.
82         * runtime/Structure.cpp:
83         (JSC::Structure::willStoreValueSlow): Use HeapCell::use() to keep the pointer alive.
84
85 2017-03-11  Yusuke Suzuki  <utatane.tea@gmail.com>
86
87         Unreviewed, suprress warnings in JSC B3
88
89         * b3/B3Opcode.cpp:
90
91 2017-03-11  Michael Saboff  <msaboff@apple.com>
92
93         Allow regular expressions to be used when selecting a process name in JSC config file
94         https://bugs.webkit.org/show_bug.cgi?id=169495
95
96         Reviewed by Saam Barati.
97
98         Only added regular expression selectors for unix like platforms.
99
100         * runtime/ConfigFile.cpp:
101         (JSC::ConfigFileScanner::tryConsumeRegExPattern):
102         (JSC::ConfigFile::parse):
103
104 2017-03-11  Jon Lee  <jonlee@apple.com>
105
106         WebGPU prototype - Front-End
107         https://bugs.webkit.org/show_bug.cgi?id=167952
108
109         Reviewed by Dean Jackson.
110
111         * runtime/CommonIdentifiers.h: Add WebGPU objects.
112
113 2017-03-10  Filip Pizlo  <fpizlo@apple.com>
114
115         The JITs should be able to emit fast TLS loads
116         https://bugs.webkit.org/show_bug.cgi?id=169483
117
118         Reviewed by Keith Miller.
119         
120         Added loadFromTLS32/64/Ptr to the MacroAssembler and added a B3 test for this.
121
122         * assembler/ARM64Assembler.h:
123         (JSC::ARM64Assembler::mrs_TPIDRRO_EL0):
124         * assembler/MacroAssembler.h:
125         (JSC::MacroAssembler::loadFromTLSPtr):
126         * assembler/MacroAssemblerARM64.h:
127         (JSC::MacroAssemblerARM64::loadFromTLS32):
128         (JSC::MacroAssemblerARM64::loadFromTLS64):
129         * assembler/MacroAssemblerX86Common.h:
130         (JSC::MacroAssemblerX86Common::loadFromTLS32):
131         * assembler/MacroAssemblerX86_64.h:
132         (JSC::MacroAssemblerX86_64::loadFromTLS64):
133         * assembler/X86Assembler.h:
134         (JSC::X86Assembler::adcl_im):
135         (JSC::X86Assembler::addl_mr):
136         (JSC::X86Assembler::addl_im):
137         (JSC::X86Assembler::andl_im):
138         (JSC::X86Assembler::orl_im):
139         (JSC::X86Assembler::orl_rm):
140         (JSC::X86Assembler::subl_im):
141         (JSC::X86Assembler::cmpb_im):
142         (JSC::X86Assembler::cmpl_rm):
143         (JSC::X86Assembler::cmpl_im):
144         (JSC::X86Assembler::testb_im):
145         (JSC::X86Assembler::movb_i8m):
146         (JSC::X86Assembler::movb_rm):
147         (JSC::X86Assembler::movl_mr):
148         (JSC::X86Assembler::movq_mr):
149         (JSC::X86Assembler::movsxd_rr):
150         (JSC::X86Assembler::gs):
151         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
152         * b3/testb3.cpp:
153         (JSC::B3::testFastTLS):
154         (JSC::B3::run):
155
156 2017-03-10  Alex Christensen  <achristensen@webkit.org>
157
158         Fix watch and tv builds after r213294
159         https://bugs.webkit.org/show_bug.cgi?id=169508
160
161         Reviewed by Dan Bernstein.
162
163         * Configurations/FeatureDefines.xcconfig:
164
165 2017-03-10  Saam Barati  <sbarati@apple.com>
166
167         WebAssembly: Make more demos run
168         https://bugs.webkit.org/show_bug.cgi?id=165510
169         <rdar://problem/29760310>
170
171         Reviewed by Keith Miller.
172
173         This patch makes another Wasm demo run:
174         https://kripken.github.io/BananaBread/cube2/bb.html
175         
176         This patch fixes two bugs:
177         1. When WebAssemblyFunctionType was added, we did not properly
178         update the last JS type value.
179         2. Our code for our JS -> Wasm entrypoint was wrong. It lead to bad
180         code generation where we would emit B3 that would write over r12
181         and rbx (on x86) which is invalid since those are our pinned registers.
182         This patch just rewrites the entrypoint to use hand written assembler
183         code. I was planning on doing this anyways because it's a compile
184         time speed boost.
185         
186         Also, this patch adds support for some new API features:
187         We can now export an import, either via a direct export, or via a Table and the
188         Element section. I've added a new class called WebAssemblyWrapperFunction that
189         just wraps over a JSObject that is a function. Wrapper functions have types
190         associated with them, so if they're re-imported, or called via call_indirect,
191         they can be type checked.
192
193         * CMakeLists.txt:
194         * JavaScriptCore.xcodeproj/project.pbxproj:
195         * runtime/JSGlobalObject.cpp:
196         (JSC::JSGlobalObject::init):
197         (JSC::JSGlobalObject::visitChildren):
198         * runtime/JSGlobalObject.h:
199         (JSC::JSGlobalObject::webAssemblyWrapperFunctionStructure):
200         * runtime/JSType.h:
201         * wasm/JSWebAssemblyCodeBlock.h:
202         (JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
203         * wasm/WasmB3IRGenerator.cpp:
204         (JSC::Wasm::createJSToWasmWrapper):
205         * wasm/WasmCallingConvention.h:
206         (JSC::Wasm::CallingConvention::headerSizeInBytes):
207         * wasm/js/JSWebAssemblyHelpers.h:
208         (JSC::isWebAssemblyHostFunction):
209         * wasm/js/JSWebAssemblyInstance.cpp:
210         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
211         * wasm/js/JSWebAssemblyInstance.h:
212         (JSC::JSWebAssemblyInstance::importFunction):
213         (JSC::JSWebAssemblyInstance::importFunctions):
214         (JSC::JSWebAssemblyInstance::setImportFunction):
215         * wasm/js/JSWebAssemblyTable.cpp:
216         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
217         (JSC::JSWebAssemblyTable::grow):
218         (JSC::JSWebAssemblyTable::clearFunction):
219         (JSC::JSWebAssemblyTable::setFunction):
220         * wasm/js/JSWebAssemblyTable.h:
221         (JSC::JSWebAssemblyTable::getFunction):
222         * wasm/js/WebAssemblyFunction.cpp:
223         (JSC::callWebAssemblyFunction):
224         * wasm/js/WebAssemblyInstanceConstructor.cpp:
225         (JSC::WebAssemblyInstanceConstructor::createInstance):
226         * wasm/js/WebAssemblyModuleRecord.cpp:
227         (JSC::WebAssemblyModuleRecord::link):
228         (JSC::WebAssemblyModuleRecord::evaluate):
229         * wasm/js/WebAssemblyModuleRecord.h:
230         * wasm/js/WebAssemblyTablePrototype.cpp:
231         (JSC::webAssemblyTableProtoFuncGet):
232         (JSC::webAssemblyTableProtoFuncSet):
233         * wasm/js/WebAssemblyWrapperFunction.cpp: Added.
234         (JSC::callWebAssemblyWrapperFunction):
235         (JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
236         (JSC::WebAssemblyWrapperFunction::create):
237         (JSC::WebAssemblyWrapperFunction::finishCreation):
238         (JSC::WebAssemblyWrapperFunction::createStructure):
239         (JSC::WebAssemblyWrapperFunction::visitChildren):
240         * wasm/js/WebAssemblyWrapperFunction.h: Added.
241         (JSC::WebAssemblyWrapperFunction::signatureIndex):
242         (JSC::WebAssemblyWrapperFunction::wasmEntrypoint):
243         (JSC::WebAssemblyWrapperFunction::function):
244
245 2017-03-10  Mark Lam  <mark.lam@apple.com>
246
247         JSC: BindingNode::bindValue doesn't increase the scope's reference count.
248         https://bugs.webkit.org/show_bug.cgi?id=168546
249         <rdar://problem/30589551>
250
251         Reviewed by Saam Barati.
252
253         We should protect the scope RegisterID with a RefPtr while it is still needed.
254
255         * bytecompiler/NodesCodegen.cpp:
256         (JSC::ForInNode::emitLoopHeader):
257         (JSC::ForOfNode::emitBytecode):
258         (JSC::BindingNode::bindValue):
259
260 2017-03-10  Alex Christensen  <achristensen@webkit.org>
261
262         Fix CMake build.
263
264         * CMakeLists.txt:
265         Make more forwarding headers so we can find WasmFaultSignalHandler.h from WebProcess.cpp.
266
267 2017-03-10  Mark Lam  <mark.lam@apple.com>
268
269         [Re-landing] Implement a StackTrace utility object that can capture stack traces for debugging.
270         https://bugs.webkit.org/show_bug.cgi?id=169454
271
272         Reviewed by Michael Saboff.
273
274         The underlying implementation is hoisted right out of Assertions.cpp from the
275         implementations of WTFPrintBacktrace().
276
277         The reason we need this StackTrace object is because during heap debugging, we
278         sometimes want to capture the stack trace that allocated the objects of interest.
279         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
280         perturb the execution profile sufficiently that an issue may not reproduce,
281         while alternatively, just capturing the stack trace and deferring printing it
282         till we actually need it later perturbs the execution profile less.
283
284         In addition, just capturing the stack traces (instead of printing them
285         immediately at each capture site) allows us to avoid polluting stdout with tons
286         of stack traces that may be irrelevant.
287
288         For now, we only capture the native stack trace.  We'll leave capturing and
289         integrating the JS stack trace as an exercise for the future if we need it then.
290
291         Here's an example of how to use this StackTrace utility:
292
293             // Capture a stack trace of the top 10 frames.
294             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
295             // Print the trace.
296             dataLog(*trace);
297
298         * CMakeLists.txt:
299         * JavaScriptCore.xcodeproj/project.pbxproj:
300         * tools/StackTrace.cpp: Added.
301         (JSC::StackTrace::instanceSize):
302         (JSC::StackTrace::captureStackTrace):
303         (JSC::StackTrace::dump):
304         * tools/StackTrace.h: Added.
305         (JSC::StackTrace::size):
306         (JSC::StackTrace::StackTrace):
307
308 2017-03-04  Filip Pizlo  <fpizlo@apple.com>
309
310         B3 should have comprehensive support for atomic operations
311         https://bugs.webkit.org/show_bug.cgi?id=162349
312
313         Reviewed by Keith Miller.
314         
315         This adds the following capabilities to B3:
316         
317         - Atomic weak/strong unfenced/fenced compare-and-swap
318         - Atomic add/sub/or/and/xor/xchg
319         - Acquire/release fencing on loads/stores
320         - Fenceless load-load dependencies
321         
322         This adds lowering to the following instructions on x86:
323         
324         - lock cmpxchg
325         - lock xadd
326         - lock add/sub/or/and/xor/xchg
327         
328         This adds lowering to the following instructions on ARM64:
329         
330         - ldar and friends
331         - stlr and friends
332         - ldxr and friends (unfenced LL)
333         - stxr and friends (unfended SC)
334         - ldaxr and friends (fenced LL)
335         - stlxr and friends (fenced SC)
336         - eor as a fenceless load-load dependency
337         
338         This does instruction selection pattern matching to ensure that weak/strong CAS and all of the
339         variants of fences and atomic math ops get lowered to the best possible instruction sequence.
340         For example, we support the Equal(AtomicStrongCAS(expected, ...), expected) pattern and a bunch
341         of its friends. You can say Branch(Equal(AtomicStrongCAS(expected, ...), expected)) and it will
342         generate the best possible branch sequence on x86 and ARM64.
343         
344         B3 now knows how to model all of the kinds of fencing. It knows that acq loads are ordered with
345         respect to each other and with respect to rel stores, creating sequential consistency that
346         transcends just the acq/rel fences themselves (see Effects::fence). It knows that the phantom
347         fence effects may only target some abstract heaps but not others, so that load elimination and
348         store sinking can still operate across fences if you just tell B3 that the fence does not alias
349         those accesses. This makes it super easy to teach B3 that some of your heap is thread-local.
350         Even better, it lets you express fine-grained dependencies where the atomics that affect one
351         property in shared memory do not clobber non-atomics that ffect some other property in shared
352         memory.
353         
354         One of my favorite features is Depend, which allows you to express load-load dependencies. On
355         x86 it lowers to nothing, while on ARM64 it lowers to eor.
356         
357         This also exposes a common atomicWeakCAS API to the x86_64/ARM64 MacroAssemblers. Same for
358         acq/rel. JSC's 64-bit JITs are now a happy concurrency playground.
359         
360         This doesn't yet expose the functionality to JS or wasm. SAB still uses the non-intrinsic
361         implementations of the Atomics object, for now.
362         
363         * CMakeLists.txt:
364         * JavaScriptCore.xcodeproj/project.pbxproj:
365         * assembler/ARM64Assembler.h:
366         (JSC::ARM64Assembler::ldar):
367         (JSC::ARM64Assembler::ldxr):
368         (JSC::ARM64Assembler::ldaxr):
369         (JSC::ARM64Assembler::stxr):
370         (JSC::ARM64Assembler::stlr):
371         (JSC::ARM64Assembler::stlxr):
372         (JSC::ARM64Assembler::excepnGenerationImmMask):
373         (JSC::ARM64Assembler::exoticLoad):
374         (JSC::ARM64Assembler::storeRelease):
375         (JSC::ARM64Assembler::exoticStore):
376         * assembler/AbstractMacroAssembler.cpp: Added.
377         (WTF::printInternal):
378         * assembler/AbstractMacroAssembler.h:
379         (JSC::AbstractMacroAssemblerBase::invert):
380         * assembler/MacroAssembler.h:
381         * assembler/MacroAssemblerARM64.h:
382         (JSC::MacroAssemblerARM64::loadAcq8SignedExtendTo32):
383         (JSC::MacroAssemblerARM64::loadAcq8):
384         (JSC::MacroAssemblerARM64::storeRel8):
385         (JSC::MacroAssemblerARM64::loadAcq16SignedExtendTo32):
386         (JSC::MacroAssemblerARM64::loadAcq16):
387         (JSC::MacroAssemblerARM64::storeRel16):
388         (JSC::MacroAssemblerARM64::loadAcq32):
389         (JSC::MacroAssemblerARM64::loadAcq64):
390         (JSC::MacroAssemblerARM64::storeRel32):
391         (JSC::MacroAssemblerARM64::storeRel64):
392         (JSC::MacroAssemblerARM64::loadLink8):
393         (JSC::MacroAssemblerARM64::loadLinkAcq8):
394         (JSC::MacroAssemblerARM64::storeCond8):
395         (JSC::MacroAssemblerARM64::storeCondRel8):
396         (JSC::MacroAssemblerARM64::loadLink16):
397         (JSC::MacroAssemblerARM64::loadLinkAcq16):
398         (JSC::MacroAssemblerARM64::storeCond16):
399         (JSC::MacroAssemblerARM64::storeCondRel16):
400         (JSC::MacroAssemblerARM64::loadLink32):
401         (JSC::MacroAssemblerARM64::loadLinkAcq32):
402         (JSC::MacroAssemblerARM64::storeCond32):
403         (JSC::MacroAssemblerARM64::storeCondRel32):
404         (JSC::MacroAssemblerARM64::loadLink64):
405         (JSC::MacroAssemblerARM64::loadLinkAcq64):
406         (JSC::MacroAssemblerARM64::storeCond64):
407         (JSC::MacroAssemblerARM64::storeCondRel64):
408         (JSC::MacroAssemblerARM64::atomicStrongCAS8):
409         (JSC::MacroAssemblerARM64::atomicStrongCAS16):
410         (JSC::MacroAssemblerARM64::atomicStrongCAS32):
411         (JSC::MacroAssemblerARM64::atomicStrongCAS64):
412         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS8):
413         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS16):
414         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS32):
415         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS64):
416         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS8):
417         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS16):
418         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS32):
419         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS64):
420         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS8):
421         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS16):
422         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS32):
423         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS64):
424         (JSC::MacroAssemblerARM64::depend32):
425         (JSC::MacroAssemblerARM64::depend64):
426         (JSC::MacroAssemblerARM64::loadLink):
427         (JSC::MacroAssemblerARM64::loadLinkAcq):
428         (JSC::MacroAssemblerARM64::storeCond):
429         (JSC::MacroAssemblerARM64::storeCondRel):
430         (JSC::MacroAssemblerARM64::signExtend):
431         (JSC::MacroAssemblerARM64::branch):
432         (JSC::MacroAssemblerARM64::atomicStrongCAS):
433         (JSC::MacroAssemblerARM64::atomicRelaxedStrongCAS):
434         (JSC::MacroAssemblerARM64::branchAtomicWeakCAS):
435         (JSC::MacroAssemblerARM64::branchAtomicRelaxedWeakCAS):
436         (JSC::MacroAssemblerARM64::extractSimpleAddress):
437         (JSC::MacroAssemblerARM64::signExtend<8>):
438         (JSC::MacroAssemblerARM64::signExtend<16>):
439         (JSC::MacroAssemblerARM64::branch<64>):
440         * assembler/MacroAssemblerX86Common.h:
441         (JSC::MacroAssemblerX86Common::add32):
442         (JSC::MacroAssemblerX86Common::and32):
443         (JSC::MacroAssemblerX86Common::and16):
444         (JSC::MacroAssemblerX86Common::and8):
445         (JSC::MacroAssemblerX86Common::neg32):
446         (JSC::MacroAssemblerX86Common::neg16):
447         (JSC::MacroAssemblerX86Common::neg8):
448         (JSC::MacroAssemblerX86Common::or32):
449         (JSC::MacroAssemblerX86Common::or16):
450         (JSC::MacroAssemblerX86Common::or8):
451         (JSC::MacroAssemblerX86Common::sub16):
452         (JSC::MacroAssemblerX86Common::sub8):
453         (JSC::MacroAssemblerX86Common::sub32):
454         (JSC::MacroAssemblerX86Common::xor32):
455         (JSC::MacroAssemblerX86Common::xor16):
456         (JSC::MacroAssemblerX86Common::xor8):
457         (JSC::MacroAssemblerX86Common::not32):
458         (JSC::MacroAssemblerX86Common::not16):
459         (JSC::MacroAssemblerX86Common::not8):
460         (JSC::MacroAssemblerX86Common::store16):
461         (JSC::MacroAssemblerX86Common::atomicStrongCAS8):
462         (JSC::MacroAssemblerX86Common::atomicStrongCAS16):
463         (JSC::MacroAssemblerX86Common::atomicStrongCAS32):
464         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS8):
465         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS16):
466         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS32):
467         (JSC::MacroAssemblerX86Common::atomicWeakCAS8):
468         (JSC::MacroAssemblerX86Common::atomicWeakCAS16):
469         (JSC::MacroAssemblerX86Common::atomicWeakCAS32):
470         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS8):
471         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS16):
472         (JSC::MacroAssemblerX86Common::branchAtomicWeakCAS32):
473         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS8):
474         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS16):
475         (JSC::MacroAssemblerX86Common::atomicRelaxedWeakCAS32):
476         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS8):
477         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS16):
478         (JSC::MacroAssemblerX86Common::branchAtomicRelaxedWeakCAS32):
479         (JSC::MacroAssemblerX86Common::atomicAdd8):
480         (JSC::MacroAssemblerX86Common::atomicAdd16):
481         (JSC::MacroAssemblerX86Common::atomicAdd32):
482         (JSC::MacroAssemblerX86Common::atomicSub8):
483         (JSC::MacroAssemblerX86Common::atomicSub16):
484         (JSC::MacroAssemblerX86Common::atomicSub32):
485         (JSC::MacroAssemblerX86Common::atomicAnd8):
486         (JSC::MacroAssemblerX86Common::atomicAnd16):
487         (JSC::MacroAssemblerX86Common::atomicAnd32):
488         (JSC::MacroAssemblerX86Common::atomicOr8):
489         (JSC::MacroAssemblerX86Common::atomicOr16):
490         (JSC::MacroAssemblerX86Common::atomicOr32):
491         (JSC::MacroAssemblerX86Common::atomicXor8):
492         (JSC::MacroAssemblerX86Common::atomicXor16):
493         (JSC::MacroAssemblerX86Common::atomicXor32):
494         (JSC::MacroAssemblerX86Common::atomicNeg8):
495         (JSC::MacroAssemblerX86Common::atomicNeg16):
496         (JSC::MacroAssemblerX86Common::atomicNeg32):
497         (JSC::MacroAssemblerX86Common::atomicNot8):
498         (JSC::MacroAssemblerX86Common::atomicNot16):
499         (JSC::MacroAssemblerX86Common::atomicNot32):
500         (JSC::MacroAssemblerX86Common::atomicXchgAdd8):
501         (JSC::MacroAssemblerX86Common::atomicXchgAdd16):
502         (JSC::MacroAssemblerX86Common::atomicXchgAdd32):
503         (JSC::MacroAssemblerX86Common::atomicXchg8):
504         (JSC::MacroAssemblerX86Common::atomicXchg16):
505         (JSC::MacroAssemblerX86Common::atomicXchg32):
506         (JSC::MacroAssemblerX86Common::loadAcq8):
507         (JSC::MacroAssemblerX86Common::loadAcq8SignedExtendTo32):
508         (JSC::MacroAssemblerX86Common::loadAcq16):
509         (JSC::MacroAssemblerX86Common::loadAcq16SignedExtendTo32):
510         (JSC::MacroAssemblerX86Common::loadAcq32):
511         (JSC::MacroAssemblerX86Common::storeRel8):
512         (JSC::MacroAssemblerX86Common::storeRel16):
513         (JSC::MacroAssemblerX86Common::storeRel32):
514         (JSC::MacroAssemblerX86Common::storeFence):
515         (JSC::MacroAssemblerX86Common::loadFence):
516         (JSC::MacroAssemblerX86Common::replaceWithJump):
517         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
518         (JSC::MacroAssemblerX86Common::patchableJumpSize):
519         (JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
520         (JSC::MacroAssemblerX86Common::supportsAVX):
521         (JSC::MacroAssemblerX86Common::updateEax1EcxFlags):
522         (JSC::MacroAssemblerX86Common::x86Condition):
523         (JSC::MacroAssemblerX86Common::atomicStrongCAS):
524         (JSC::MacroAssemblerX86Common::branchAtomicStrongCAS):
525         * assembler/MacroAssemblerX86_64.h:
526         (JSC::MacroAssemblerX86_64::add64):
527         (JSC::MacroAssemblerX86_64::and64):
528         (JSC::MacroAssemblerX86_64::neg64):
529         (JSC::MacroAssemblerX86_64::or64):
530         (JSC::MacroAssemblerX86_64::sub64):
531         (JSC::MacroAssemblerX86_64::xor64):
532         (JSC::MacroAssemblerX86_64::not64):
533         (JSC::MacroAssemblerX86_64::store64):
534         (JSC::MacroAssemblerX86_64::atomicStrongCAS64):
535         (JSC::MacroAssemblerX86_64::branchAtomicStrongCAS64):
536         (JSC::MacroAssemblerX86_64::atomicWeakCAS64):
537         (JSC::MacroAssemblerX86_64::branchAtomicWeakCAS64):
538         (JSC::MacroAssemblerX86_64::atomicRelaxedWeakCAS64):
539         (JSC::MacroAssemblerX86_64::branchAtomicRelaxedWeakCAS64):
540         (JSC::MacroAssemblerX86_64::atomicAdd64):
541         (JSC::MacroAssemblerX86_64::atomicSub64):
542         (JSC::MacroAssemblerX86_64::atomicAnd64):
543         (JSC::MacroAssemblerX86_64::atomicOr64):
544         (JSC::MacroAssemblerX86_64::atomicXor64):
545         (JSC::MacroAssemblerX86_64::atomicNeg64):
546         (JSC::MacroAssemblerX86_64::atomicNot64):
547         (JSC::MacroAssemblerX86_64::atomicXchgAdd64):
548         (JSC::MacroAssemblerX86_64::atomicXchg64):
549         (JSC::MacroAssemblerX86_64::loadAcq64):
550         (JSC::MacroAssemblerX86_64::storeRel64):
551         * assembler/X86Assembler.h:
552         (JSC::X86Assembler::addl_mr):
553         (JSC::X86Assembler::addq_mr):
554         (JSC::X86Assembler::addq_rm):
555         (JSC::X86Assembler::addq_im):
556         (JSC::X86Assembler::andl_mr):
557         (JSC::X86Assembler::andl_rm):
558         (JSC::X86Assembler::andw_rm):
559         (JSC::X86Assembler::andb_rm):
560         (JSC::X86Assembler::andl_im):
561         (JSC::X86Assembler::andw_im):
562         (JSC::X86Assembler::andb_im):
563         (JSC::X86Assembler::andq_mr):
564         (JSC::X86Assembler::andq_rm):
565         (JSC::X86Assembler::andq_im):
566         (JSC::X86Assembler::incq_m):
567         (JSC::X86Assembler::negq_m):
568         (JSC::X86Assembler::negl_m):
569         (JSC::X86Assembler::negw_m):
570         (JSC::X86Assembler::negb_m):
571         (JSC::X86Assembler::notl_m):
572         (JSC::X86Assembler::notw_m):
573         (JSC::X86Assembler::notb_m):
574         (JSC::X86Assembler::notq_m):
575         (JSC::X86Assembler::orl_mr):
576         (JSC::X86Assembler::orl_rm):
577         (JSC::X86Assembler::orw_rm):
578         (JSC::X86Assembler::orb_rm):
579         (JSC::X86Assembler::orl_im):
580         (JSC::X86Assembler::orw_im):
581         (JSC::X86Assembler::orb_im):
582         (JSC::X86Assembler::orq_mr):
583         (JSC::X86Assembler::orq_rm):
584         (JSC::X86Assembler::orq_im):
585         (JSC::X86Assembler::subl_mr):
586         (JSC::X86Assembler::subl_rm):
587         (JSC::X86Assembler::subw_rm):
588         (JSC::X86Assembler::subb_rm):
589         (JSC::X86Assembler::subl_im):
590         (JSC::X86Assembler::subw_im):
591         (JSC::X86Assembler::subb_im):
592         (JSC::X86Assembler::subq_mr):
593         (JSC::X86Assembler::subq_rm):
594         (JSC::X86Assembler::subq_im):
595         (JSC::X86Assembler::xorl_mr):
596         (JSC::X86Assembler::xorl_rm):
597         (JSC::X86Assembler::xorl_im):
598         (JSC::X86Assembler::xorw_rm):
599         (JSC::X86Assembler::xorw_im):
600         (JSC::X86Assembler::xorb_rm):
601         (JSC::X86Assembler::xorb_im):
602         (JSC::X86Assembler::xorq_im):
603         (JSC::X86Assembler::xorq_rm):
604         (JSC::X86Assembler::xorq_mr):
605         (JSC::X86Assembler::xchgb_rm):
606         (JSC::X86Assembler::xchgw_rm):
607         (JSC::X86Assembler::xchgl_rm):
608         (JSC::X86Assembler::xchgq_rm):
609         (JSC::X86Assembler::movw_im):
610         (JSC::X86Assembler::movq_i32m):
611         (JSC::X86Assembler::cmpxchgb_rm):
612         (JSC::X86Assembler::cmpxchgw_rm):
613         (JSC::X86Assembler::cmpxchgl_rm):
614         (JSC::X86Assembler::cmpxchgq_rm):
615         (JSC::X86Assembler::xaddb_rm):
616         (JSC::X86Assembler::xaddw_rm):
617         (JSC::X86Assembler::xaddl_rm):
618         (JSC::X86Assembler::xaddq_rm):
619         (JSC::X86Assembler::X86InstructionFormatter::SingleInstructionBufferWriter::memoryModRM):
620         * b3/B3AtomicValue.cpp: Added.
621         (JSC::B3::AtomicValue::~AtomicValue):
622         (JSC::B3::AtomicValue::dumpMeta):
623         (JSC::B3::AtomicValue::cloneImpl):
624         (JSC::B3::AtomicValue::AtomicValue):
625         * b3/B3AtomicValue.h: Added.
626         * b3/B3BasicBlock.h:
627         * b3/B3BlockInsertionSet.cpp:
628         (JSC::B3::BlockInsertionSet::BlockInsertionSet):
629         (JSC::B3::BlockInsertionSet::insert): Deleted.
630         (JSC::B3::BlockInsertionSet::insertBefore): Deleted.
631         (JSC::B3::BlockInsertionSet::insertAfter): Deleted.
632         (JSC::B3::BlockInsertionSet::execute): Deleted.
633         * b3/B3BlockInsertionSet.h:
634         * b3/B3Effects.cpp:
635         (JSC::B3::Effects::interferes):
636         (JSC::B3::Effects::operator==):
637         (JSC::B3::Effects::dump):
638         * b3/B3Effects.h:
639         (JSC::B3::Effects::forCall):
640         (JSC::B3::Effects::mustExecute):
641         * b3/B3EliminateCommonSubexpressions.cpp:
642         * b3/B3Generate.cpp:
643         (JSC::B3::generateToAir):
644         * b3/B3GenericBlockInsertionSet.h: Added.
645         (JSC::B3::GenericBlockInsertionSet::GenericBlockInsertionSet):
646         (JSC::B3::GenericBlockInsertionSet::insert):
647         (JSC::B3::GenericBlockInsertionSet::insertBefore):
648         (JSC::B3::GenericBlockInsertionSet::insertAfter):
649         (JSC::B3::GenericBlockInsertionSet::execute):
650         * b3/B3HeapRange.h:
651         (JSC::B3::HeapRange::operator|):
652         * b3/B3InsertionSet.cpp:
653         (JSC::B3::InsertionSet::insertClone):
654         * b3/B3InsertionSet.h:
655         * b3/B3LegalizeMemoryOffsets.cpp:
656         * b3/B3LowerMacros.cpp:
657         (JSC::B3::lowerMacros):
658         * b3/B3LowerMacrosAfterOptimizations.cpp:
659         * b3/B3LowerToAir.cpp:
660         (JSC::B3::Air::LowerToAir::LowerToAir):
661         (JSC::B3::Air::LowerToAir::run):
662         (JSC::B3::Air::LowerToAir::effectiveAddr):
663         (JSC::B3::Air::LowerToAir::addr):
664         (JSC::B3::Air::LowerToAir::loadPromiseAnyOpcode):
665         (JSC::B3::Air::LowerToAir::appendShift):
666         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
667         (JSC::B3::Air::LowerToAir::storeOpcode):
668         (JSC::B3::Air::LowerToAir::createStore):
669         (JSC::B3::Air::LowerToAir::finishAppendingInstructions):
670         (JSC::B3::Air::LowerToAir::newBlock):
671         (JSC::B3::Air::LowerToAir::splitBlock):
672         (JSC::B3::Air::LowerToAir::fillStackmap):
673         (JSC::B3::Air::LowerToAir::appendX86Div):
674         (JSC::B3::Air::LowerToAir::appendX86UDiv):
675         (JSC::B3::Air::LowerToAir::loadLinkOpcode):
676         (JSC::B3::Air::LowerToAir::storeCondOpcode):
677         (JSC::B3::Air::LowerToAir::appendCAS):
678         (JSC::B3::Air::LowerToAir::appendVoidAtomic):
679         (JSC::B3::Air::LowerToAir::appendGeneralAtomic):
680         (JSC::B3::Air::LowerToAir::lower):
681         (JSC::B3::Air::LowerToAir::lowerX86Div): Deleted.
682         (JSC::B3::Air::LowerToAir::lowerX86UDiv): Deleted.
683         * b3/B3LowerToAir.h:
684         * b3/B3MemoryValue.cpp:
685         (JSC::B3::MemoryValue::isLegalOffset):
686         (JSC::B3::MemoryValue::accessType):
687         (JSC::B3::MemoryValue::accessBank):
688         (JSC::B3::MemoryValue::accessByteSize):
689         (JSC::B3::MemoryValue::dumpMeta):
690         (JSC::B3::MemoryValue::MemoryValue):
691         (JSC::B3::MemoryValue::accessWidth): Deleted.
692         * b3/B3MemoryValue.h:
693         * b3/B3MemoryValueInlines.h: Added.
694         (JSC::B3::MemoryValue::isLegalOffset):
695         (JSC::B3::MemoryValue::requiresSimpleAddr):
696         (JSC::B3::MemoryValue::accessWidth):
697         * b3/B3MoveConstants.cpp:
698         * b3/B3NativeTraits.h: Added.
699         * b3/B3Opcode.cpp:
700         (JSC::B3::storeOpcode):
701         (WTF::printInternal):
702         * b3/B3Opcode.h:
703         (JSC::B3::isLoad):
704         (JSC::B3::isStore):
705         (JSC::B3::isLoadStore):
706         (JSC::B3::isAtomic):
707         (JSC::B3::isAtomicCAS):
708         (JSC::B3::isAtomicXchg):
709         (JSC::B3::isMemoryAccess):
710         (JSC::B3::signExtendOpcode):
711         * b3/B3Procedure.cpp:
712         (JSC::B3::Procedure::dump):
713         * b3/B3Procedure.h:
714         (JSC::B3::Procedure::hasQuirks):
715         (JSC::B3::Procedure::setHasQuirks):
716         * b3/B3PureCSE.cpp:
717         (JSC::B3::pureCSE):
718         * b3/B3PureCSE.h:
719         * b3/B3ReduceStrength.cpp:
720         * b3/B3Validate.cpp:
721         * b3/B3Value.cpp:
722         (JSC::B3::Value::returnsBool):
723         (JSC::B3::Value::effects):
724         (JSC::B3::Value::key):
725         (JSC::B3::Value::performSubstitution):
726         (JSC::B3::Value::typeFor):
727         * b3/B3Value.h:
728         * b3/B3Width.cpp:
729         (JSC::B3::bestType):
730         * b3/B3Width.h:
731         (JSC::B3::canonicalWidth):
732         (JSC::B3::isCanonicalWidth):
733         (JSC::B3::mask):
734         * b3/air/AirArg.cpp:
735         (JSC::B3::Air::Arg::jsHash):
736         (JSC::B3::Air::Arg::dump):
737         (WTF::printInternal):
738         * b3/air/AirArg.h:
739         (JSC::B3::Air::Arg::isAnyUse):
740         (JSC::B3::Air::Arg::isColdUse):
741         (JSC::B3::Air::Arg::cooled):
742         (JSC::B3::Air::Arg::isEarlyUse):
743         (JSC::B3::Air::Arg::isLateUse):
744         (JSC::B3::Air::Arg::isAnyDef):
745         (JSC::B3::Air::Arg::isEarlyDef):
746         (JSC::B3::Air::Arg::isLateDef):
747         (JSC::B3::Air::Arg::isZDef):
748         (JSC::B3::Air::Arg::simpleAddr):
749         (JSC::B3::Air::Arg::statusCond):
750         (JSC::B3::Air::Arg::isSimpleAddr):
751         (JSC::B3::Air::Arg::isMemory):
752         (JSC::B3::Air::Arg::isStatusCond):
753         (JSC::B3::Air::Arg::isCondition):
754         (JSC::B3::Air::Arg::ptr):
755         (JSC::B3::Air::Arg::base):
756         (JSC::B3::Air::Arg::isGP):
757         (JSC::B3::Air::Arg::isFP):
758         (JSC::B3::Air::Arg::isValidForm):
759         (JSC::B3::Air::Arg::forEachTmpFast):
760         (JSC::B3::Air::Arg::forEachTmp):
761         (JSC::B3::Air::Arg::asAddress):
762         (JSC::B3::Air::Arg::asStatusCondition):
763         (JSC::B3::Air::Arg::isInvertible):
764         (JSC::B3::Air::Arg::inverted):
765         * b3/air/AirBasicBlock.cpp:
766         (JSC::B3::Air::BasicBlock::setSuccessors):
767         * b3/air/AirBasicBlock.h:
768         * b3/air/AirBlockInsertionSet.cpp: Added.
769         (JSC::B3::Air::BlockInsertionSet::BlockInsertionSet):
770         (JSC::B3::Air::BlockInsertionSet::~BlockInsertionSet):
771         * b3/air/AirBlockInsertionSet.h: Added.
772         * b3/air/AirDumpAsJS.cpp: Removed.
773         * b3/air/AirDumpAsJS.h: Removed.
774         * b3/air/AirEliminateDeadCode.cpp:
775         (JSC::B3::Air::eliminateDeadCode):
776         * b3/air/AirGenerate.cpp:
777         (JSC::B3::Air::prepareForGeneration):
778         * b3/air/AirInstInlines.h:
779         (JSC::B3::Air::isAtomicStrongCASValid):
780         (JSC::B3::Air::isBranchAtomicStrongCASValid):
781         (JSC::B3::Air::isAtomicStrongCAS8Valid):
782         (JSC::B3::Air::isAtomicStrongCAS16Valid):
783         (JSC::B3::Air::isAtomicStrongCAS32Valid):
784         (JSC::B3::Air::isAtomicStrongCAS64Valid):
785         (JSC::B3::Air::isBranchAtomicStrongCAS8Valid):
786         (JSC::B3::Air::isBranchAtomicStrongCAS16Valid):
787         (JSC::B3::Air::isBranchAtomicStrongCAS32Valid):
788         (JSC::B3::Air::isBranchAtomicStrongCAS64Valid):
789         * b3/air/AirOpcode.opcodes:
790         * b3/air/AirOptimizeBlockOrder.cpp:
791         (JSC::B3::Air::optimizeBlockOrder):
792         * b3/air/AirPadInterference.cpp:
793         (JSC::B3::Air::padInterference):
794         * b3/air/AirSpillEverything.cpp:
795         (JSC::B3::Air::spillEverything):
796         * b3/air/opcode_generator.rb:
797         * b3/testb3.cpp:
798         (JSC::B3::testLoadAcq42):
799         (JSC::B3::testStoreRelAddLoadAcq32):
800         (JSC::B3::testStoreRelAddLoadAcq8):
801         (JSC::B3::testStoreRelAddFenceLoadAcq8):
802         (JSC::B3::testStoreRelAddLoadAcq16):
803         (JSC::B3::testStoreRelAddLoadAcq64):
804         (JSC::B3::testTrappingStoreElimination):
805         (JSC::B3::testX86LeaAddAdd):
806         (JSC::B3::testX86LeaAddShlLeftScale1):
807         (JSC::B3::testAtomicWeakCAS):
808         (JSC::B3::testAtomicStrongCAS):
809         (JSC::B3::testAtomicXchg):
810         (JSC::B3::testDepend32):
811         (JSC::B3::testDepend64):
812         (JSC::B3::run):
813         * runtime/Options.h:
814
815 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
816
817         Unreviewed typo fixes after r213652.
818         https://bugs.webkit.org/show_bug.cgi?id=168920
819
820         * assembler/MacroAssemblerARM.h:
821         (JSC::MacroAssemblerARM::replaceWithBreakpoint):
822         * assembler/MacroAssemblerMIPS.h:
823         (JSC::MacroAssemblerMIPS::replaceWithBreakpoint):
824
825 2017-03-10  Csaba Osztrogonác  <ossy@webkit.org>
826
827         Unreviewed ARM buildfix after r213652.
828         https://bugs.webkit.org/show_bug.cgi?id=168920
829
830         r213652 used replaceWithBrk and replaceWithBkpt names for the same
831         function, which was inconsistent and caused build error in ARMAssembler.
832
833         * assembler/ARM64Assembler.h:
834         (JSC::ARM64Assembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
835         (JSC::ARM64Assembler::replaceWithBrk): Deleted.
836         * assembler/ARMAssembler.h:
837         (JSC::ARMAssembler::replaceWithBkpt): Renamed replaceWithBrk to replaceWithBkpt.
838         (JSC::ARMAssembler::replaceWithBrk): Deleted.
839         * assembler/MacroAssemblerARM64.h:
840         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
841
842 2017-03-10  Alex Christensen  <achristensen@webkit.org>
843
844         Win64 build fix.
845
846         * b3/B3FenceValue.h:
847         * b3/B3Value.h:
848         Putting JS_EXPORT_PRIVATE on member functions in classes that are declared with JS_EXPORT_PRIVATE
849         doesn't accomplish anything except making Visual Studio mad.
850         * b3/air/opcode_generator.rb:
851         winnt.h has naming collisions with enum values from AirOpcode.h.
852         For example, MemoryFence is #defined to be _mm_mfence, which is declared to be a function in emmintrin.h.
853         RotateLeft32 is #defined to be _rotl, which is declared to be a function in <stdlib.h>
854         A clean solution is just to put Opcode:: before the references to the opcode names to tell Visual Studio
855         that it is referring to the enum value in AirOpcode.h and not the function declaration elsewhere.
856
857 2017-03-09  Ryan Haddad  <ryanhaddad@apple.com>
858
859         Unreviewed, rolling out r213695.
860
861         This change broke the Windows build.
862
863         Reverted changeset:
864
865         "Implement a StackTrace utility object that can capture stack
866         traces for debugging."
867         https://bugs.webkit.org/show_bug.cgi?id=169454
868         http://trac.webkit.org/changeset/213695
869
870 2017-03-09  Caio Lima  <ticaiolima@gmail.com>
871
872         [ESnext] Implement Object Rest - Implementing Object Rest Destructuring
873         https://bugs.webkit.org/show_bug.cgi?id=167962
874
875         Reviewed by Keith Miller.
876
877         Object Rest/Spread Destructing proposal is in stage 3[1] and this
878         Patch is a prototype implementation of it. A simple change over the
879         parser was necessary to support the new '...' token on Object Pattern
880         destruction rule. In the bytecode generator side, We changed the
881         bytecode generated on ObjectPatternNode::bindValue to store in an
882         array identifiers of already destructed properties, following spec draft
883         section[2], and then pass it as excludedNames to CopyDataProperties.
884         The rest destruction the calls copyDataProperties to perform the
885         copy of rest properties in rhs.
886
887         We also implemented CopyDataProperties as private JS global operation
888         on builtins/GlobalOperations.js following it's specification on [3].
889         It is implemented using Set object to verify if a property is on
890         excludedNames to keep this algorithm with O(n + m) complexity, where n
891         = number of source's own properties and m = excludedNames.length. 
892
893         As a requirement to use JSSets as constants, a change in
894         CodeBlock::create API was necessary, because JSSet creation can throws OOM
895         exception. Now, CodeBlock::finishCreation returns ```false``` if an
896         execption is throwed by
897         CodeBlock::setConstantIdentifierSetRegisters and then we return
898         nullptr to ScriptExecutable::newCodeBlockFor. It is responsible to
899         check if CodeBlock was constructed properly and then, throw OOM
900         exception to the correct scope.
901
902         [1] - https://github.com/sebmarkbage/ecmascript-rest-spread
903         [2] - http://sebmarkbage.github.io/ecmascript-rest-spread/#Rest-RuntimeSemantics-PropertyDestructuringAssignmentEvaluation
904         [3] - http://sebmarkbage.github.io/ecmascript-rest-spread/#AbstractOperations-CopyDataProperties
905
906         * builtins/BuiltinNames.h:
907         * builtins/GlobalOperations.js:
908         (globalPrivate.copyDataProperties):
909         * bytecode/CodeBlock.cpp:
910         (JSC::CodeBlock::finishCreation):
911         (JSC::CodeBlock::setConstantIdentifierSetRegisters):
912         * bytecode/CodeBlock.h:
913         * bytecode/EvalCodeBlock.h:
914         (JSC::EvalCodeBlock::create):
915         * bytecode/FunctionCodeBlock.h:
916         (JSC::FunctionCodeBlock::create):
917         * bytecode/ModuleProgramCodeBlock.h:
918         (JSC::ModuleProgramCodeBlock::create):
919         * bytecode/ProgramCodeBlock.h:
920         (JSC::ProgramCodeBlock::create):
921         * bytecode/UnlinkedCodeBlock.h:
922         (JSC::UnlinkedCodeBlock::addSetConstant):
923         (JSC::UnlinkedCodeBlock::constantIdentifierSets):
924         * bytecompiler/BytecodeGenerator.cpp:
925         (JSC::BytecodeGenerator::emitLoad):
926         * bytecompiler/BytecodeGenerator.h:
927         * bytecompiler/NodesCodegen.cpp:
928         (JSC::ObjectPatternNode::bindValue):
929         * parser/ASTBuilder.h:
930         (JSC::ASTBuilder::appendObjectPatternEntry):
931         (JSC::ASTBuilder::appendObjectPatternRestEntry):
932         (JSC::ASTBuilder::setContainsObjectRestElement):
933         * parser/Nodes.h:
934         (JSC::ObjectPatternNode::appendEntry):
935         (JSC::ObjectPatternNode::setContainsRestElement):
936         * parser/Parser.cpp:
937         (JSC::Parser<LexerType>::parseDestructuringPattern):
938         (JSC::Parser<LexerType>::parseProperty):
939         * parser/SyntaxChecker.h:
940         (JSC::SyntaxChecker::operatorStackPop):
941         * runtime/JSGlobalObject.cpp:
942         (JSC::JSGlobalObject::init):
943         * runtime/JSGlobalObjectFunctions.cpp:
944         (JSC::privateToObject):
945         * runtime/JSGlobalObjectFunctions.h:
946         * runtime/ScriptExecutable.cpp:
947         (JSC::ScriptExecutable::newCodeBlockFor):
948
949 2017-03-09  Mark Lam  <mark.lam@apple.com>
950
951         Implement a StackTrace utility object that can capture stack traces for debugging.
952         https://bugs.webkit.org/show_bug.cgi?id=169454
953
954         Reviewed by Michael Saboff.
955
956         The underlying implementation is hoisted right out of Assertions.cpp from the
957         implementations of WTFPrintBacktrace().
958
959         The reason we need this StackTrace object is because during heap debugging, we
960         sometimes want to capture the stack trace that allocated the objects of interest.
961         Dumping the stack trace directly to stdout (using WTFReportBacktrace()) may
962         perturb the execution profile sufficiently that an issue may not reproduce,
963         while alternatively, just capturing the stack trace and deferring printing it
964         till we actually need it later perturbs the execution profile less.
965
966         In addition, just capturing the stack traces (instead of printing them
967         immediately at each capture site) allows us to avoid polluting stdout with tons
968         of stack traces that may be irrelevant.
969
970         For now, we only capture the native stack trace.  We'll leave capturing and
971         integrating the JS stack trace as an exercise for the future if we need it then.
972
973         Here's an example of how to use this StackTrace utility:
974
975             // Capture a stack trace of the top 10 frames.
976             std::unique_ptr<StackTrace> trace(StackTrace::captureStackTrace(10));
977             // Print the trace.
978             dataLog(*trace);
979
980         * CMakeLists.txt:
981         * JavaScriptCore.xcodeproj/project.pbxproj:
982         * tools/StackTrace.cpp: Added.
983         (JSC::StackTrace::instanceSize):
984         (JSC::StackTrace::captureStackTrace):
985         (JSC::StackTrace::dump):
986         * tools/StackTrace.h: Added.
987         (JSC::StackTrace::StackTrace):
988         (JSC::StackTrace::size):
989
990 2017-03-09  Keith Miller  <keith_miller@apple.com>
991
992         WebAssembly: Enable fast memory for WK2
993         https://bugs.webkit.org/show_bug.cgi?id=169437
994
995         Reviewed by Tim Horton.
996
997         * JavaScriptCore.xcodeproj/project.pbxproj:
998
999 2017-03-09  Matt Baker  <mattbaker@apple.com>
1000
1001         Web Inspector: Add XHR breakpoints UI
1002         https://bugs.webkit.org/show_bug.cgi?id=168763
1003         <rdar://problem/30952439>
1004
1005         Reviewed by Joseph Pecoraro.
1006
1007         * inspector/protocol/DOMDebugger.json:
1008         Added clarifying comments to command descriptions.
1009
1010 2017-03-09  Michael Saboff  <msaboff@apple.com>
1011
1012         Add plumbing to WebProcess to enable JavaScriptCore configuration and logging
1013         https://bugs.webkit.org/show_bug.cgi?id=169387
1014
1015         Reviewed by Filip Pizlo.
1016
1017         Added a helper function, processConfigFile(), to process configuration file.
1018         Changed jsc.cpp to use that function in lieu of processing the config file
1019         manually.
1020
1021         * JavaScriptCore.xcodeproj/project.pbxproj: Made ConfigFile.h a private header file.
1022         * jsc.cpp:
1023         (jscmain):
1024         * runtime/ConfigFile.cpp:
1025         (JSC::processConfigFile):
1026         * runtime/ConfigFile.h:
1027
1028 2017-03-09  Joseph Pecoraro  <pecoraro@apple.com>
1029
1030         Web Inspector: Show HTTP protocol version and other Network Load Metrics (IP Address, Priority, Connection ID)
1031         https://bugs.webkit.org/show_bug.cgi?id=29687
1032         <rdar://problem/19281586>
1033
1034         Reviewed by Matt Baker and Brian Burg.
1035
1036         * inspector/protocol/Network.json:
1037         Add metrics object with optional properties to loadingFinished event.
1038
1039 2017-03-09  Youenn Fablet  <youenn@apple.com>
1040
1041         Minimal build is broken
1042         https://bugs.webkit.org/show_bug.cgi?id=169416
1043
1044         Reviewed by Chris Dumez.
1045
1046         Since we now have some JS built-ins that are not tied to a compilation flag, we can remove compilation guards around m_vm.
1047         We could probably remove m_vm by ensuring m_jsDOMBindingInternals appear first but this might break very easily.
1048
1049         * Scripts/builtins/builtins_generate_internals_wrapper_header.py:
1050         (generate_members):
1051         * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
1052         (BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
1053         * Scripts/tests/builtins/expected/WebCoreJSBuiltins.h-result:
1054
1055 2017-03-09  Daniel Bates  <dabates@apple.com>
1056
1057         Guard Credential Management implementation behind a runtime enabled feature flag
1058         https://bugs.webkit.org/show_bug.cgi?id=169364
1059         <rdar://problem/30957425>
1060
1061         Reviewed by Brent Fulgham.
1062
1063         Add common identifiers for Credential, PasswordCredential, and SiteBoundCredential that are
1064         needed to guard these interfaces behind a runtime enabled feature flag.
1065
1066         * runtime/CommonIdentifiers.h:
1067
1068 2017-03-09  Mark Lam  <mark.lam@apple.com>
1069
1070         Refactoring some HeapVerifier code.
1071         https://bugs.webkit.org/show_bug.cgi?id=169443
1072
1073         Reviewed by Filip Pizlo.
1074
1075         Renamed LiveObjectData to CellProfile.
1076         Renamed LiveObjectList to CellList.
1077         Moved CellProfile.*, CellList.*, and HeapVerifier.* from the heap folder to the tools folder.
1078         Updated the HeapVerifier to handle JSCells instead of just JSObjects.
1079
1080         This is in preparation for subsequent patches to fix up the HeapVerifier for service again.
1081
1082         * CMakeLists.txt:
1083         * JavaScriptCore.xcodeproj/project.pbxproj:
1084         * heap/Heap.cpp:
1085         (JSC::Heap::runBeginPhase):
1086         (JSC::Heap::runEndPhase):
1087         * heap/HeapVerifier.cpp: Removed.
1088         * heap/HeapVerifier.h: Removed.
1089         * heap/LiveObjectData.h: Removed.
1090         * heap/LiveObjectList.cpp: Removed.
1091         * heap/LiveObjectList.h: Removed.
1092         * tools/CellList.cpp: Copied from Source/JavaScriptCore/heap/LiveObjectList.cpp.
1093         (JSC::CellList::findCell):
1094         (JSC::LiveObjectList::findObject): Deleted.
1095         * tools/CellList.h: Copied from Source/JavaScriptCore/heap/LiveObjectList.h.
1096         (JSC::CellList::CellList):
1097         (JSC::CellList::reset):
1098         (JSC::LiveObjectList::LiveObjectList): Deleted.
1099         (JSC::LiveObjectList::reset): Deleted.
1100         * tools/CellProfile.h: Copied from Source/JavaScriptCore/heap/LiveObjectData.h.
1101         (JSC::CellProfile::CellProfile):
1102         (JSC::LiveObjectData::LiveObjectData): Deleted.
1103         * tools/HeapVerifier.cpp: Copied from Source/JavaScriptCore/heap/HeapVerifier.cpp.
1104         (JSC::GatherCellFunctor::GatherCellFunctor):
1105         (JSC::GatherCellFunctor::visit):
1106         (JSC::GatherCellFunctor::operator()):
1107         (JSC::HeapVerifier::gatherLiveCells):
1108         (JSC::HeapVerifier::cellListForGathering):
1109         (JSC::trimDeadCellsFromList):
1110         (JSC::HeapVerifier::trimDeadCells):
1111         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
1112         (JSC::HeapVerifier::reportCell):
1113         (JSC::HeapVerifier::checkIfRecorded):
1114         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor): Deleted.
1115         (JSC::GatherLiveObjFunctor::visit): Deleted.
1116         (JSC::GatherLiveObjFunctor::operator()): Deleted.
1117         (JSC::HeapVerifier::gatherLiveObjects): Deleted.
1118         (JSC::HeapVerifier::liveObjectListForGathering): Deleted.
1119         (JSC::trimDeadObjectsFromList): Deleted.
1120         (JSC::HeapVerifier::trimDeadObjects): Deleted.
1121         (JSC::HeapVerifier::reportObject): Deleted.
1122         * tools/HeapVerifier.h: Copied from Source/JavaScriptCore/heap/HeapVerifier.h.
1123
1124 2017-03-09  Anders Carlsson  <andersca@apple.com>
1125
1126         Add delegate support to WebCore
1127         https://bugs.webkit.org/show_bug.cgi?id=169427
1128         Part of rdar://problem/28880714.
1129
1130         Reviewed by Geoffrey Garen.
1131
1132         * Configurations/FeatureDefines.xcconfig:
1133         Add feature define.
1134
1135 2017-03-09  Nikita Vasilyev  <nvasilyev@apple.com>
1136
1137         Web Inspector: Show individual messages in the content pane for a WebSocket
1138         https://bugs.webkit.org/show_bug.cgi?id=169011
1139
1140         Reviewed by Joseph Pecoraro.
1141
1142         Add walltime parameter and correct the description of Timestamp type.
1143
1144         * inspector/protocol/Network.json:
1145
1146 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1147
1148         Unreviewed, fix weak external symbol error.
1149
1150         * heap/SlotVisitor.h:
1151
1152 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1153
1154         std::isnan/isinf should work with WTF time classes
1155         https://bugs.webkit.org/show_bug.cgi?id=164991
1156
1157         Reviewed by Darin Adler.
1158         
1159         Changes AtomicsObject to use std::isnan() instead of operator== to detect NaN.
1160
1161         * runtime/AtomicsObject.cpp:
1162         (JSC::atomicsFuncWait):
1163
1164 2017-03-09  Mark Lam  <mark.lam@apple.com>
1165
1166         Use const AbstractLocker& (instead of const LockHolder&) in more places.
1167         https://bugs.webkit.org/show_bug.cgi?id=169424
1168
1169         Reviewed by Filip Pizlo.
1170
1171         * heap/CodeBlockSet.cpp:
1172         (JSC::CodeBlockSet::promoteYoungCodeBlocks):
1173         * heap/CodeBlockSet.h:
1174         * heap/CodeBlockSetInlines.h:
1175         (JSC::CodeBlockSet::mark):
1176         * heap/ConservativeRoots.cpp:
1177         (JSC::CompositeMarkHook::CompositeMarkHook):
1178         * heap/MachineStackMarker.cpp:
1179         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1180         * heap/MachineStackMarker.h:
1181         * profiler/ProfilerDatabase.cpp:
1182         (JSC::Profiler::Database::ensureBytecodesFor):
1183         * profiler/ProfilerDatabase.h:
1184         * runtime/SamplingProfiler.cpp:
1185         (JSC::FrameWalker::FrameWalker):
1186         (JSC::CFrameWalker::CFrameWalker):
1187         (JSC::SamplingProfiler::createThreadIfNecessary):
1188         (JSC::SamplingProfiler::takeSample):
1189         (JSC::SamplingProfiler::start):
1190         (JSC::SamplingProfiler::pause):
1191         (JSC::SamplingProfiler::noticeCurrentThreadAsJSCExecutionThread):
1192         (JSC::SamplingProfiler::clearData):
1193         (JSC::SamplingProfiler::releaseStackTraces):
1194         * runtime/SamplingProfiler.h:
1195         (JSC::SamplingProfiler::setStopWatch):
1196         * wasm/WasmMemory.cpp:
1197         (JSC::Wasm::availableFastMemories):
1198         (JSC::Wasm::activeFastMemories):
1199         (JSC::Wasm::viewActiveFastMemories):
1200         * wasm/WasmMemory.h:
1201
1202 2017-03-09  Saam Barati  <sbarati@apple.com>
1203
1204         WebAssembly: Make the Unity AngryBots demo run
1205         https://bugs.webkit.org/show_bug.cgi?id=169268
1206
1207         Reviewed by Keith Miller.
1208
1209         This patch fixes three bugs:
1210         1. The WasmBinding code for making a JS call was off
1211         by 1 in its stack layout code.
1212         2. The WasmBinding code had a "<" comparison instead
1213         of a ">=" comparison. This would cause us to calculate
1214         the wrong frame pointer offset.
1215         3. The code to reload wasm state inside B3IRGenerator didn't
1216         properly represent its effects.
1217
1218         * wasm/WasmB3IRGenerator.cpp:
1219         (JSC::Wasm::restoreWebAssemblyGlobalState):
1220         (JSC::Wasm::parseAndCompile):
1221         * wasm/WasmBinding.cpp:
1222         (JSC::Wasm::wasmToJs):
1223         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1224         (JSC::WebAssemblyInstanceConstructor::createInstance):
1225
1226 2017-03-09  Mark Lam  <mark.lam@apple.com>
1227
1228         Make the VM Traps mechanism non-polling for the DFG and FTL.
1229         https://bugs.webkit.org/show_bug.cgi?id=168920
1230         <rdar://problem/30738588>
1231
1232         Reviewed by Filip Pizlo.
1233
1234         1. Added a ENABLE(SIGNAL_BASED_VM_TRAPS) configuration in Platform.h.
1235            This is currently only enabled for OS(DARWIN) and ENABLE(JIT). 
1236         2. Added assembler functions for overwriting an instruction with a breakpoint.
1237         3. Added a new JettisonDueToVMTraps jettison reason.
1238         4. Added CodeBlock and DFG::CommonData utility functions for over-writing
1239            invalidation points with breakpoint instructions.
1240         5. The BytecodeGenerator now emits the op_check_traps bytecode unconditionally.
1241         6. Remove the JSC_alwaysCheckTraps option because of (4) above.
1242            For ports that don't ENABLE(SIGNAL_BASED_VM_TRAPS), we'll force
1243            Options::usePollingTraps() to always be true.  This makes the VMTraps
1244            implementation fall back to using polling based traps only.
1245
1246         7. Make VMTraps support signal based traps.
1247
1248         Some design and implementation details of signal based VM traps:
1249
1250         - The implementation makes use of 2 signal handlers for SIGUSR1 and SIGTRAP.
1251
1252         - VMTraps::fireTrap() will set the flag for the requested trap and instantiate
1253           a SignalSender.  The SignalSender will send SIGUSR1 to the mutator thread that
1254           we want to trap, and check for the occurence of one of the following events:
1255
1256           a. VMTraps::handleTraps() has been called for the requested trap, or
1257
1258           b. the VM is inactive and is no longer executing any JS code.  We determine
1259              this to be the case if the thread no longer owns the JSLock and the VM's
1260              entryScope is null.
1261
1262              Note: the thread can relinquish the JSLock while the VM's entryScope is not
1263              null.  This happens when the thread calls JSLock::dropAllLocks() before
1264              calling a host function that may block on IO (or whatever).  For our purpose,
1265              this counts as the VM still running JS code, and VM::fireTrap() will still
1266              be waiting.
1267
1268           If the SignalSender does not see either of these events, it will sleep for a
1269           while and then re-send SIGUSR1 and check for the events again.  When it sees
1270           one of these events, it will consider the mutator to have received the trap
1271           request.
1272
1273         - The SIGUSR1 handler will try to insert breakpoints at the invalidation points
1274           in the DFG/FTL codeBlock at the top of the stack.  This allows the mutator
1275           thread to break (with a SIGTRAP) exactly at an invalidation point, where it's
1276           safe to jettison the codeBlock.
1277
1278           Note: we cannot have the requester thread (that called VMTraps::fireTrap())
1279           insert the breakpoint instructions itself.  This is because we need the
1280           register state of the the mutator thread (that we want to trap in) in order to
1281           find the codeBlocks that we wish to insert the breakpoints in.  Currently,
1282           we don't have a generic way for the requester thread to get the register state
1283           of another thread.
1284
1285         - The SIGTRAP handler will check to see if it is trapping on a breakpoint at an
1286           invalidation point.  If so, it will jettison the codeBlock and adjust the PC
1287           to re-execute the invalidation OSR exit off-ramp.  After the OSR exit, the
1288           baseline JIT code will eventually reach an op_check_traps and call
1289           VMTraps::handleTraps().
1290
1291           If the handler is not trapping at an invalidation point, then it must be
1292           observing an assertion failure (which also uses the breakpoint instruction).
1293           In this case, the handler will defer to the default SIGTRAP handler and crash.
1294
1295         - The reason we need the SignalSender is because SignalSender::send() is called
1296           from another thread in a loop, so that VMTraps::fireTrap() can return sooner.
1297           send() needs to make use of the VM pointer, and it is not guaranteed that the
1298           VM will outlive the thread.  SignalSender provides the mechanism by which we
1299           can nullify the VM pointer when the VM dies so that the thread does not
1300           continue to use it.
1301
1302         * assembler/ARM64Assembler.h:
1303         (JSC::ARM64Assembler::replaceWithBrk):
1304         * assembler/ARMAssembler.h:
1305         (JSC::ARMAssembler::replaceWithBrk):
1306         * assembler/ARMv7Assembler.h:
1307         (JSC::ARMv7Assembler::replaceWithBkpt):
1308         * assembler/MIPSAssembler.h:
1309         (JSC::MIPSAssembler::replaceWithBkpt):
1310         * assembler/MacroAssemblerARM.h:
1311         (JSC::MacroAssemblerARM::replaceWithJump):
1312         * assembler/MacroAssemblerARM64.h:
1313         (JSC::MacroAssemblerARM64::replaceWithBreakpoint):
1314         * assembler/MacroAssemblerARMv7.h:
1315         (JSC::MacroAssemblerARMv7::replaceWithBreakpoint):
1316         * assembler/MacroAssemblerMIPS.h:
1317         (JSC::MacroAssemblerMIPS::replaceWithJump):
1318         * assembler/MacroAssemblerX86Common.h:
1319         (JSC::MacroAssemblerX86Common::replaceWithBreakpoint):
1320         * assembler/X86Assembler.h:
1321         (JSC::X86Assembler::replaceWithInt3):
1322         * bytecode/CodeBlock.cpp:
1323         (JSC::CodeBlock::jettison):
1324         (JSC::CodeBlock::hasInstalledVMTrapBreakpoints):
1325         (JSC::CodeBlock::installVMTrapBreakpoints):
1326         * bytecode/CodeBlock.h:
1327         * bytecompiler/BytecodeGenerator.cpp:
1328         (JSC::BytecodeGenerator::emitCheckTraps):
1329         * dfg/DFGCommonData.cpp:
1330         (JSC::DFG::CommonData::installVMTrapBreakpoints):
1331         (JSC::DFG::CommonData::isVMTrapBreakpoint):
1332         * dfg/DFGCommonData.h:
1333         (JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints):
1334         * dfg/DFGJumpReplacement.cpp:
1335         (JSC::DFG::JumpReplacement::installVMTrapBreakpoint):
1336         * dfg/DFGJumpReplacement.h:
1337         (JSC::DFG::JumpReplacement::dataLocation):
1338         * dfg/DFGNodeType.h:
1339         * heap/CodeBlockSet.cpp:
1340         (JSC::CodeBlockSet::contains):
1341         * heap/CodeBlockSet.h:
1342         * heap/CodeBlockSetInlines.h:
1343         (JSC::CodeBlockSet::iterate):
1344         * heap/Heap.cpp:
1345         (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
1346         * heap/Heap.h:
1347         * heap/HeapInlines.h:
1348         (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
1349         * heap/MachineStackMarker.h:
1350         (JSC::MachineThreads::threadsListHead):
1351         * jit/ExecutableAllocator.cpp:
1352         (JSC::ExecutableAllocator::isValidExecutableMemory):
1353         * jit/ExecutableAllocator.h:
1354         * profiler/ProfilerJettisonReason.cpp:
1355         (WTF::printInternal):
1356         * profiler/ProfilerJettisonReason.h:
1357         * runtime/JSLock.cpp:
1358         (JSC::JSLock::didAcquireLock):
1359         * runtime/Options.cpp:
1360         (JSC::overrideDefaults):
1361         * runtime/Options.h:
1362         * runtime/PlatformThread.h:
1363         (JSC::platformThreadSignal):
1364         * runtime/VM.cpp:
1365         (JSC::VM::~VM):
1366         (JSC::VM::ensureWatchdog):
1367         (JSC::VM::handleTraps): Deleted.
1368         (JSC::VM::setNeedAsynchronousTerminationSupport): Deleted.
1369         * runtime/VM.h:
1370         (JSC::VM::ownerThread):
1371         (JSC::VM::traps):
1372         (JSC::VM::handleTraps):
1373         (JSC::VM::needTrapHandling):
1374         (JSC::VM::needAsynchronousTerminationSupport): Deleted.
1375         * runtime/VMTraps.cpp:
1376         (JSC::VMTraps::vm):
1377         (JSC::SignalContext::SignalContext):
1378         (JSC::SignalContext::adjustPCToPointToTrappingInstruction):
1379         (JSC::vmIsInactive):
1380         (JSC::findActiveVMAndStackBounds):
1381         (JSC::handleSigusr1):
1382         (JSC::handleSigtrap):
1383         (JSC::installSignalHandlers):
1384         (JSC::sanitizedTopCallFrame):
1385         (JSC::isSaneFrame):
1386         (JSC::VMTraps::tryInstallTrapBreakpoints):
1387         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1388         (JSC::VMTraps::VMTraps):
1389         (JSC::VMTraps::willDestroyVM):
1390         (JSC::VMTraps::addSignalSender):
1391         (JSC::VMTraps::removeSignalSender):
1392         (JSC::VMTraps::SignalSender::willDestroyVM):
1393         (JSC::VMTraps::SignalSender::send):
1394         (JSC::VMTraps::fireTrap):
1395         (JSC::VMTraps::handleTraps):
1396         * runtime/VMTraps.h:
1397         (JSC::VMTraps::~VMTraps):
1398         (JSC::VMTraps::needTrapHandling):
1399         (JSC::VMTraps::notifyGrabAllLocks):
1400         (JSC::VMTraps::SignalSender::SignalSender):
1401         (JSC::VMTraps::invalidateCodeBlocksOnStack):
1402         * tools/VMInspector.cpp:
1403         * tools/VMInspector.h:
1404         (JSC::VMInspector::getLock):
1405         (JSC::VMInspector::iterate):
1406
1407 2017-03-09  Filip Pizlo  <fpizlo@apple.com>
1408
1409         WebKit: JSC: JSObject::ensureLength doesn't check if ensureLengthSlow failed
1410         https://bugs.webkit.org/show_bug.cgi?id=169215
1411
1412         Reviewed by Mark Lam.
1413         
1414         This doesn't have a test because it would be a very complicated test.
1415
1416         * runtime/JSObject.h:
1417         (JSC::JSObject::ensureLength): If ensureLengthSlow returns false, we need to return false.
1418
1419 2017-03-07  Filip Pizlo  <fpizlo@apple.com>
1420
1421         WTF should make it super easy to do ARM concurrency tricks
1422         https://bugs.webkit.org/show_bug.cgi?id=169300
1423
1424         Reviewed by Mark Lam.
1425         
1426         This changes a bunch of GC hot paths to use new concurrency APIs that lead to optimal
1427         code on both x86 (fully leverage TSO, transactions become CAS loops) and ARM (use
1428         dependency chains for fencing, transactions become LL/SC loops). While inspecting the
1429         machine code, I found other opportunities for improvement, like inlining the "am I
1430         marked" part of the marking functions.
1431
1432         * heap/Heap.cpp:
1433         (JSC::Heap::setGCDidJIT):
1434         * heap/HeapInlines.h:
1435         (JSC::Heap::testAndSetMarked):
1436         * heap/LargeAllocation.h:
1437         (JSC::LargeAllocation::isMarked):
1438         (JSC::LargeAllocation::isMarkedConcurrently):
1439         (JSC::LargeAllocation::aboutToMark):
1440         (JSC::LargeAllocation::testAndSetMarked):
1441         * heap/MarkedBlock.h:
1442         (JSC::MarkedBlock::areMarksStaleWithDependency):
1443         (JSC::MarkedBlock::aboutToMark):
1444         (JSC::MarkedBlock::isMarkedConcurrently):
1445         (JSC::MarkedBlock::isMarked):
1446         (JSC::MarkedBlock::testAndSetMarked):
1447         * heap/SlotVisitor.cpp:
1448         (JSC::SlotVisitor::appendSlow):
1449         (JSC::SlotVisitor::appendHiddenSlow):
1450         (JSC::SlotVisitor::appendHiddenSlowImpl):
1451         (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
1452         (JSC::SlotVisitor::appendUnbarriered): Deleted.
1453         (JSC::SlotVisitor::appendHidden): Deleted.
1454         * heap/SlotVisitor.h:
1455         * heap/SlotVisitorInlines.h:
1456         (JSC::SlotVisitor::appendUnbarriered):
1457         (JSC::SlotVisitor::appendHidden):
1458         (JSC::SlotVisitor::append):
1459         (JSC::SlotVisitor::appendValues):
1460         (JSC::SlotVisitor::appendValuesHidden):
1461         * runtime/CustomGetterSetter.cpp:
1462         * runtime/JSObject.cpp:
1463         (JSC::JSObject::visitButterflyImpl):
1464         * runtime/JSObject.h:
1465
1466 2017-03-08  Yusuke Suzuki  <utatane.tea@gmail.com>
1467
1468         [GTK] JSC test stress/arity-check-ftl-throw.js.ftl-no-cjit-validate-sampling-profiler crashing on GTK bot
1469         https://bugs.webkit.org/show_bug.cgi?id=160124
1470
1471         Reviewed by Mark Lam.
1472
1473         When performing CallVarargs, we will copy values to the stack.
1474         Before actually copying values, we need to adjust the stackPointerRegister
1475         to ensure copied values are in the allocated stack area.
1476         If we do not that, OS can break the values that is stored beyond the stack
1477         pointer. For example, signal stack can be constructed on these area, and
1478         breaks values.
1479
1480         This patch fixes the crash in stress/spread-forward-call-varargs-stack-overflow.js
1481         in Linux port. Since Linux ports use signal to suspend and resume threads,
1482         signal handler is frequently called when enabling sampling profiler. Thus this
1483         crash occurs.
1484
1485         * dfg/DFGSpeculativeJIT32_64.cpp:
1486         (JSC::DFG::SpeculativeJIT::emitCall):
1487         * dfg/DFGSpeculativeJIT64.cpp:
1488         (JSC::DFG::SpeculativeJIT::emitCall):
1489         * ftl/FTLLowerDFGToB3.cpp:
1490         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1491         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1492         * jit/SetupVarargsFrame.cpp:
1493         (JSC::emitSetupVarargsFrameFastCase):
1494         * jit/SetupVarargsFrame.h:
1495
1496 2017-03-08  Joseph Pecoraro  <pecoraro@apple.com>
1497
1498         Web Inspector: Should be able to see where Resources came from (Memory Cache, Disk Cache)
1499         https://bugs.webkit.org/show_bug.cgi?id=164892
1500         <rdar://problem/29320562>
1501
1502         Reviewed by Brian Burg.
1503
1504         * inspector/protocol/Network.json:
1505         Replace "fromDiskCache" property with "source" property which includes
1506         more complete information about the source of this response (network,
1507         memory cache, disk cache, or unknown).
1508
1509         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1510         (_generate_class_for_object_declaration):
1511         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
1512         (CppProtocolTypesImplementationGenerator._generate_open_field_names):
1513         * inspector/scripts/codegen/generator.py:
1514         (Generator):
1515         (Generator.open_fields):
1516         To avoid conflicts between the Inspector::Protocol::Network::Response::Source
1517         enum and open accessor string symbol that would have the same name, only generate
1518         a specific list of open accessor strings. This reduces the list of exported
1519         symbols from all properties to just the ones that are needed. This can be
1520         cleaned up later if needed.
1521
1522         * inspector/scripts/tests/generic/expected/type-with-open-parameters.json-result: Added.
1523         * inspector/scripts/tests/generic/type-with-open-parameters.json: Added.
1524         Test for open accessors generation.
1525
1526 2017-03-08  Keith Miller  <keith_miller@apple.com>
1527
1528         WebAssembly: Make OOB for fast memory do an extra safety check by ensuring the faulting address is in the range we allocated for fast memory
1529         https://bugs.webkit.org/show_bug.cgi?id=169290
1530
1531         Reviewed by Saam Barati.
1532
1533         This patch adds an extra sanity check by ensuring that the the memory address we faulting trying to load is in range
1534         of some wasm fast memory.
1535
1536         * wasm/WasmFaultSignalHandler.cpp:
1537         (JSC::Wasm::trapHandler):
1538         (JSC::Wasm::enableFastMemory):
1539         * wasm/WasmMemory.cpp:
1540         (JSC::Wasm::activeFastMemories):
1541         (JSC::Wasm::viewActiveFastMemories):
1542         (JSC::Wasm::tryGetFastMemory):
1543         (JSC::Wasm::releaseFastMemory):
1544         * wasm/WasmMemory.h:
1545
1546 2017-03-07  Dean Jackson  <dino@apple.com>
1547
1548         Some platforms won't be able to create a GPUDevice
1549         https://bugs.webkit.org/show_bug.cgi?id=169314
1550         <rdar://problems/30907521>
1551
1552         Reviewed by Jon Lee.
1553
1554         Disable WEB_GPU on the iOS Simulator.
1555
1556         * Configurations/FeatureDefines.xcconfig:
1557
1558 2017-03-06  Saam Barati  <sbarati@apple.com>
1559
1560         WebAssembly: Implement the WebAssembly.instantiate API
1561         https://bugs.webkit.org/show_bug.cgi?id=165982
1562         <rdar://problem/29760110>
1563
1564         Reviewed by Keith Miller.
1565
1566         This patch is a straight forward implementation of the WebAssembly.instantiate
1567         API: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstantiate
1568         
1569         I implemented the API in a synchronous manner. We should make it
1570         asynchronous: https://bugs.webkit.org/show_bug.cgi?id=169187
1571
1572         * wasm/JSWebAssembly.cpp:
1573         (JSC::webAssemblyCompileFunc):
1574         (JSC::webAssemblyInstantiateFunc):
1575         (JSC::JSWebAssembly::finishCreation):
1576         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1577         (JSC::constructJSWebAssemblyInstance):
1578         (JSC::WebAssemblyInstanceConstructor::createInstance):
1579         * wasm/js/WebAssemblyInstanceConstructor.h:
1580         * wasm/js/WebAssemblyModuleConstructor.cpp:
1581         (JSC::constructJSWebAssemblyModule):
1582         (JSC::WebAssemblyModuleConstructor::createModule):
1583         * wasm/js/WebAssemblyModuleConstructor.h:
1584
1585 2017-03-06  Michael Saboff  <msaboff@apple.com>
1586
1587         Take advantage of fast permissions switching of JIT memory for devices that support it
1588         https://bugs.webkit.org/show_bug.cgi?id=169155
1589
1590         Reviewed by Saam Barati.
1591
1592         Start using the os_thread_self_restrict_rwx_to_XX() SPIs when available to
1593         control access to JIT memory.
1594
1595         Had to update the Xcode config files to handle various build variations of
1596         public and internal SDKs.
1597
1598         * Configurations/Base.xcconfig:
1599         * Configurations/FeatureDefines.xcconfig:
1600         * jit/ExecutableAllocator.cpp:
1601         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1602         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
1603         * jit/ExecutableAllocator.h:
1604         (JSC::performJITMemcpy):
1605
1606 2017-03-06  Csaba Osztrogonác  <ossy@webkit.org>
1607
1608         REGRESSION(r212778): It made 400 tests crash on AArch64 Linux
1609         https://bugs.webkit.org/show_bug.cgi?id=168502
1610
1611         Reviewed by Filip Pizlo.
1612
1613         * heap/RegisterState.h: Use setjmp code path on AArch64 Linux too to fix crashes.
1614
1615 2017-03-06  Caio Lima  <ticaiolima@gmail.com>
1616
1617         op_get_by_id_with_this should use inline caching
1618         https://bugs.webkit.org/show_bug.cgi?id=162124
1619
1620         Reviewed by Saam Barati.
1621
1622         This patch is enabling inline cache for op_get_by_id_with_this in all
1623         tiers. It means that operations using ```super.member``` are going to
1624         be able to be optimized by PIC. To enable it, we introduced a new
1625         member of StructureStubInfo.patch named thisGPR, created a new class
1626         to manage the IC named JITGetByIdWithThisGenerator and changed
1627         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
1628         to decide the correct this value on inline caches.
1629         With inline cached enabled, ```super.member``` are ~4.5x faster,
1630         according microbenchmarks.
1631
1632         * bytecode/AccessCase.cpp:
1633         (JSC::AccessCase::generateImpl):
1634         * bytecode/PolymorphicAccess.cpp:
1635         (JSC::PolymorphicAccess::regenerate):
1636         * bytecode/PolymorphicAccess.h:
1637         * bytecode/StructureStubInfo.cpp:
1638         (JSC::StructureStubInfo::reset):
1639         * bytecode/StructureStubInfo.h:
1640         * dfg/DFGFixupPhase.cpp:
1641         (JSC::DFG::FixupPhase::fixupNode):
1642         * dfg/DFGJITCompiler.cpp:
1643         (JSC::DFG::JITCompiler::link):
1644         * dfg/DFGJITCompiler.h:
1645         (JSC::DFG::JITCompiler::addGetByIdWithThis):
1646         * dfg/DFGSpeculativeJIT.cpp:
1647         (JSC::DFG::SpeculativeJIT::compileIn):
1648         * dfg/DFGSpeculativeJIT.h:
1649         (JSC::DFG::SpeculativeJIT::callOperation):
1650         * dfg/DFGSpeculativeJIT32_64.cpp:
1651         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1652         (JSC::DFG::SpeculativeJIT::compile):
1653         * dfg/DFGSpeculativeJIT64.cpp:
1654         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
1655         (JSC::DFG::SpeculativeJIT::compile):
1656         * ftl/FTLLowerDFGToB3.cpp:
1657         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
1658         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
1659         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
1660         * jit/CCallHelpers.h:
1661         (JSC::CCallHelpers::setupArgumentsWithExecState):
1662         * jit/ICStats.h:
1663         * jit/JIT.cpp:
1664         (JSC::JIT::JIT):
1665         (JSC::JIT::privateCompileSlowCases):
1666         (JSC::JIT::link):
1667         * jit/JIT.h:
1668         * jit/JITInlineCacheGenerator.cpp:
1669         (JSC::JITByIdGenerator::JITByIdGenerator):
1670         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1671         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
1672         * jit/JITInlineCacheGenerator.h:
1673         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
1674         * jit/JITInlines.h:
1675         (JSC::JIT::callOperation):
1676         * jit/JITOperations.cpp:
1677         * jit/JITOperations.h:
1678         * jit/JITPropertyAccess.cpp:
1679         (JSC::JIT::emit_op_get_by_id_with_this):
1680         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1681         * jit/JITPropertyAccess32_64.cpp:
1682         (JSC::JIT::emit_op_get_by_id_with_this):
1683         (JSC::JIT::emitSlow_op_get_by_id_with_this):
1684         * jit/Repatch.cpp:
1685         (JSC::appropriateOptimizingGetByIdFunction):
1686         (JSC::appropriateGenericGetByIdFunction):
1687         (JSC::tryCacheGetByID):
1688         * jit/Repatch.h:
1689         * jsc.cpp:
1690         (WTF::CustomGetter::getOwnPropertySlot):
1691         (WTF::CustomGetter::customGetterAcessor):
1692
1693 2017-03-06  Saam Barati  <sbarati@apple.com>
1694
1695         WebAssembly: implement init_expr for Element
1696         https://bugs.webkit.org/show_bug.cgi?id=165888
1697         <rdar://problem/29760199>
1698
1699         Reviewed by Keith Miller.
1700
1701         This patch fixes a few bugs. The main change is allowing init_expr
1702         for the Element's offset. To do this, I had to fix a couple of
1703         other bugs:
1704         
1705         - I removed our invalid early module-parse-time invalidation
1706         of out of bound Element sections. This is not in the spec because
1707         it can't be validated in the general case when the offset is a
1708         get_global.
1709         
1710         - Our get_global validation inside our init_expr parsing code was simply wrong.
1711         It thought that the index operand to get_global went into the pool of imports,
1712         but it does not. It indexes into the pool of globals. I changed the code to
1713         refer to the global pool instead.
1714
1715         * wasm/WasmFormat.h:
1716         (JSC::Wasm::Element::Element):
1717         * wasm/WasmModuleParser.cpp:
1718         * wasm/js/WebAssemblyModuleRecord.cpp:
1719         (JSC::WebAssemblyModuleRecord::evaluate):
1720
1721 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1722
1723         [JSC] Allow indexed module namespace object fields
1724         https://bugs.webkit.org/show_bug.cgi?id=168870
1725
1726         Reviewed by Saam Barati.
1727
1728         While JS modules cannot expose any indexed bindings,
1729         Wasm modules can expose them. However, module namespace
1730         object currently does not support indexed properties.
1731         This patch allows module namespace objects to offer
1732         indexed binding accesses.
1733
1734         * runtime/JSModuleNamespaceObject.cpp:
1735         (JSC::JSModuleNamespaceObject::getOwnPropertySlotCommon):
1736         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
1737         (JSC::JSModuleNamespaceObject::getOwnPropertySlotByIndex):
1738         * runtime/JSModuleNamespaceObject.h:
1739
1740 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1741
1742         Null pointer crash when loading module with unresolved import also as a script file
1743         https://bugs.webkit.org/show_bug.cgi?id=168971
1744
1745         Reviewed by Saam Barati.
1746
1747         If linking throws an error, this error should be re-thrown
1748         when requesting the same module.
1749
1750         * builtins/ModuleLoaderPrototype.js:
1751         (globalPrivate.newRegistryEntry):
1752         * runtime/JSModuleRecord.cpp:
1753         (JSC::JSModuleRecord::link):
1754
1755 2017-03-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1756
1757         [GTK][JSCOnly] Enable WebAssembly on Linux environment
1758         https://bugs.webkit.org/show_bug.cgi?id=164032
1759
1760         Reviewed by Michael Catanzaro.
1761
1762         This patch enables WebAssembly on JSCOnly and GTK ports.
1763         Basically, almost all the WASM code is portable to Linux.
1764         One platform-dependent part is faster memory load using SIGBUS
1765         signal handler. This patch ports this part to Linux.
1766
1767         * CMakeLists.txt:
1768         * llint/LLIntSlowPaths.cpp:
1769         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1770         * wasm/WasmFaultSignalHandler.cpp:
1771         (JSC::Wasm::trapHandler):
1772         (JSC::Wasm::enableFastMemory):
1773
1774 2017-03-06  Daniel Ehrenberg  <littledan@igalia.com>
1775
1776         Currency digits calculation in Intl.NumberFormat should call out to ICU
1777         https://bugs.webkit.org/show_bug.cgi?id=169182
1778
1779         Reviewed by Yusuke Suzuki.
1780
1781         * runtime/IntlNumberFormat.cpp:
1782         (JSC::computeCurrencyDigits):
1783         (JSC::computeCurrencySortKey): Deleted.
1784         (JSC::extractCurrencySortKey): Deleted.
1785
1786 2017-03-05  Yusuke Suzuki  <utatane.tea@gmail.com>
1787
1788         [JSCOnly][GTK] Suppress warnings on return type in B3 and WASM
1789         https://bugs.webkit.org/show_bug.cgi?id=168869
1790
1791         Reviewed by Keith Miller.
1792
1793         * b3/B3Width.h:
1794         * wasm/WasmSections.h:
1795
1796 2017-03-04  Csaba Osztrogonác  <ossy@webkit.org>
1797
1798         [ARM] Unreviewed buildfix after r213376.
1799
1800         * assembler/ARMAssembler.h:
1801         (JSC::ARMAssembler::isBkpt): Typo fixed.
1802
1803 2017-03-03  Carlos Alberto Lopez Perez  <clopez@igalia.com>
1804
1805         [JSC] build fix after r213399
1806         https://bugs.webkit.org/show_bug.cgi?id=169154
1807
1808         Unreviewed.
1809
1810         * runtime/ConfigFile.cpp: Include unistd.h since its where getcwd() is defined.
1811
1812 2017-03-03  Dean Jackson  <dino@apple.com>
1813
1814         Add WebGPU compile flag and experimental feature flag
1815         https://bugs.webkit.org/show_bug.cgi?id=169161
1816         <rdar://problem/30846689>
1817
1818         Reviewed by Tim Horton.
1819
1820         Add ENABLE_WEBGPU, an experimental feature flag, a RuntimeEnabledFeature,
1821         and an InternalSetting.
1822
1823         * Configurations/FeatureDefines.xcconfig:
1824
1825 2017-03-03  Michael Saboff  <msaboff@apple.com>
1826
1827         Add support for relative pathnames to JSC config files
1828         https://bugs.webkit.org/show_bug.cgi?id=169154
1829
1830         Reviewed by Saam Barati.
1831
1832         If the config file is a relative path, prepend the current working directory.
1833         After canonicalizing the config file path, we extract its directory path and
1834         use that for the directory for a relative log pathname.
1835
1836         * runtime/ConfigFile.cpp:
1837         (JSC::ConfigFile::ConfigFile):
1838         (JSC::ConfigFile::parse):
1839         (JSC::ConfigFile::canonicalizePaths):
1840         * runtime/ConfigFile.h:
1841
1842 2017-03-03  Michael Saboff  <msaboff@apple.com>
1843
1844         Add load / store exclusive instruction group to ARM64 disassembler
1845         https://bugs.webkit.org/show_bug.cgi?id=169152
1846
1847         Reviewed by Filip Pizlo.
1848
1849         * disassembler/ARM64/A64DOpcode.cpp:
1850         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::format):
1851         * disassembler/ARM64/A64DOpcode.h:
1852         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opName):
1853         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rs):
1854         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::rt2):
1855         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o0):
1856         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o1):
1857         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::o2):
1858         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::loadBit):
1859         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::opNumber):
1860         (JSC::ARM64Disassembler::A64DOpcodeLoadStoreExclusive::isPairOp):
1861
1862 2017-03-03  Keith Miller  <keith_miller@apple.com>
1863
1864         WASM should support faster loads.
1865         https://bugs.webkit.org/show_bug.cgi?id=162693
1866
1867         Reviewed by Saam Barati.
1868
1869         This patch adds support for WebAssembly using a 32-bit address
1870         space for memory (along with some extra space for offset
1871         overflow). With a 32-bit address space (we call them
1872         Signaling/fast memories), we reserve the virtual address space for
1873         2^32 + offset bytes of memory and only mark the usable section as
1874         read/write. If wasm code would read/write out of bounds we use a
1875         custom signal handler to catch the SIGBUS. The signal handler then
1876         checks if the faulting instruction is wasm code and tells the
1877         thread to resume executing from the wasm exception
1878         handler. Otherwise, the signal handler crashes the process, as
1879         usual.
1880
1881         All of the allocations of these memories are managed by the
1882         Wasm::Memory class. In order to avoid TLB churn in the OS we cache
1883         old Signaling memories that are no longer in use. Since getting
1884         the wrong memory can cause recompiles, we try to reserve a memory
1885         for modules that do not import a memory. If a module does import a
1886         memory, we try to guess the type of memory we are going to get
1887         based on the last one allocated.
1888
1889         This patch also changes how the wasm JS-api manages objects. Since
1890         we can compile different versions of code, this patch adds a new
1891         JSWebAssemblyCodeBlock class that holds all the information
1892         specific to running a module in a particular bounds checking
1893         mode. Additionally, the Wasm::Memory object is now a reference
1894         counted class that is shared between the JSWebAssemblyMemory
1895         object and the ArrayBuffer that also views it.
1896
1897         * JavaScriptCore.xcodeproj/project.pbxproj:
1898         * jit/JITThunks.cpp:
1899         (JSC::JITThunks::existingCTIStub):
1900         * jit/JITThunks.h:
1901         * jsc.cpp:
1902         (jscmain):
1903         * runtime/Options.h:
1904         * runtime/VM.cpp:
1905         (JSC::VM::VM):
1906         * runtime/VM.h:
1907         * wasm/JSWebAssemblyCodeBlock.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
1908         (JSC::JSWebAssemblyCodeBlock::create):
1909         (JSC::JSWebAssemblyCodeBlock::createStructure):
1910         (JSC::JSWebAssemblyCodeBlock::functionImportCount):
1911         (JSC::JSWebAssemblyCodeBlock::mode):
1912         (JSC::JSWebAssemblyCodeBlock::module):
1913         (JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
1914         (JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
1915         (JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
1916         (JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
1917         (JSC::JSWebAssemblyCodeBlock::callees):
1918         (JSC::JSWebAssemblyCodeBlock::offsetOfCallees):
1919         (JSC::JSWebAssemblyCodeBlock::allocationSize):
1920         * wasm/WasmB3IRGenerator.cpp:
1921         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1922         (JSC::Wasm::getMemoryBaseAndSize):
1923         (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
1924         (JSC::Wasm::B3IRGenerator::emitLoadOp):
1925         (JSC::Wasm::B3IRGenerator::emitStoreOp):
1926         * wasm/WasmCallingConvention.h:
1927         * wasm/WasmFaultSignalHandler.cpp: Added.
1928         (JSC::Wasm::trapHandler):
1929         (JSC::Wasm::registerCode):
1930         (JSC::Wasm::unregisterCode):
1931         (JSC::Wasm::fastMemoryEnabled):
1932         (JSC::Wasm::enableFastMemory):
1933         * wasm/WasmFaultSignalHandler.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
1934         * wasm/WasmFormat.h:
1935         (JSC::Wasm::ModuleInformation::importFunctionCount):
1936         (JSC::Wasm::ModuleInformation::hasMemory): Deleted.
1937         * wasm/WasmMemory.cpp:
1938         (JSC::Wasm::mmapBytes):
1939         (JSC::Wasm::Memory::lastAllocatedMode):
1940         (JSC::Wasm::availableFastMemories):
1941         (JSC::Wasm::tryGetFastMemory):
1942         (JSC::Wasm::releaseFastMemory):
1943         (JSC::Wasm::Memory::Memory):
1944         (JSC::Wasm::Memory::createImpl):
1945         (JSC::Wasm::Memory::create):
1946         (JSC::Wasm::Memory::~Memory):
1947         (JSC::Wasm::Memory::grow):
1948         (JSC::Wasm::Memory::dump):
1949         (JSC::Wasm::Memory::makeString):
1950         * wasm/WasmMemory.h:
1951         (JSC::Wasm::Memory::operator bool):
1952         (JSC::Wasm::Memory::size):
1953         (JSC::Wasm::Memory::check):
1954         (JSC::Wasm::Memory::Memory): Deleted.
1955         (JSC::Wasm::Memory::offsetOfMemory): Deleted.
1956         (JSC::Wasm::Memory::offsetOfSize): Deleted.
1957         * wasm/WasmMemoryInformation.cpp:
1958         (JSC::Wasm::MemoryInformation::MemoryInformation):
1959         * wasm/WasmMemoryInformation.h:
1960         (JSC::Wasm::MemoryInformation::hasReservedMemory):
1961         (JSC::Wasm::MemoryInformation::takeReservedMemory):
1962         (JSC::Wasm::MemoryInformation::mode):
1963         * wasm/WasmModuleParser.cpp:
1964         * wasm/WasmModuleParser.h:
1965         (JSC::Wasm::ModuleParser::ModuleParser):
1966         * wasm/WasmPlan.cpp:
1967         (JSC::Wasm::Plan::parseAndValidateModule):
1968         (JSC::Wasm::Plan::run):
1969         * wasm/WasmPlan.h:
1970         (JSC::Wasm::Plan::mode):
1971         * wasm/js/JSWebAssemblyCallee.cpp:
1972         (JSC::JSWebAssemblyCallee::finishCreation):
1973         (JSC::JSWebAssemblyCallee::destroy):
1974         * wasm/js/JSWebAssemblyCodeBlock.cpp: Added.
1975         (JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
1976         (JSC::JSWebAssemblyCodeBlock::destroy):
1977         (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
1978         (JSC::JSWebAssemblyCodeBlock::visitChildren):
1979         (JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
1980         * wasm/js/JSWebAssemblyInstance.cpp:
1981         (JSC::JSWebAssemblyInstance::setMemory):
1982         (JSC::JSWebAssemblyInstance::finishCreation):
1983         (JSC::JSWebAssemblyInstance::visitChildren):
1984         * wasm/js/JSWebAssemblyInstance.h:
1985         (JSC::JSWebAssemblyInstance::module):
1986         (JSC::JSWebAssemblyInstance::codeBlock):
1987         (JSC::JSWebAssemblyInstance::memoryMode):
1988         (JSC::JSWebAssemblyInstance::setMemory): Deleted.
1989         * wasm/js/JSWebAssemblyMemory.cpp:
1990         (JSC::JSWebAssemblyMemory::create):
1991         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
1992         (JSC::JSWebAssemblyMemory::buffer):
1993         (JSC::JSWebAssemblyMemory::grow):
1994         (JSC::JSWebAssemblyMemory::destroy):
1995         * wasm/js/JSWebAssemblyMemory.h:
1996         (JSC::JSWebAssemblyMemory::memory):
1997         (JSC::JSWebAssemblyMemory::offsetOfMemory):
1998         (JSC::JSWebAssemblyMemory::offsetOfSize):
1999         * wasm/js/JSWebAssemblyModule.cpp:
2000         (JSC::JSWebAssemblyModule::buildCodeBlock):
2001         (JSC::JSWebAssemblyModule::create):
2002         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2003         (JSC::JSWebAssemblyModule::codeBlock):
2004         (JSC::JSWebAssemblyModule::finishCreation):
2005         (JSC::JSWebAssemblyModule::visitChildren):
2006         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally): Deleted.
2007         * wasm/js/JSWebAssemblyModule.h:
2008         (JSC::JSWebAssemblyModule::takeReservedMemory):
2009         (JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace):
2010         (JSC::JSWebAssemblyModule::codeBlock):
2011         (JSC::JSWebAssemblyModule::functionImportCount): Deleted.
2012         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace): Deleted.
2013         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace): Deleted.
2014         (JSC::JSWebAssemblyModule::setJSEntrypointCallee): Deleted.
2015         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee): Deleted.
2016         (JSC::JSWebAssemblyModule::callees): Deleted.
2017         (JSC::JSWebAssemblyModule::offsetOfCallees): Deleted.
2018         (JSC::JSWebAssemblyModule::allocationSize): Deleted.
2019         * wasm/js/WebAssemblyFunction.cpp:
2020         (JSC::callWebAssemblyFunction):
2021         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2022         (JSC::constructJSWebAssemblyInstance):
2023         * wasm/js/WebAssemblyMemoryConstructor.cpp:
2024         (JSC::constructJSWebAssemblyMemory):
2025         * wasm/js/WebAssemblyModuleConstructor.cpp:
2026         (JSC::WebAssemblyModuleConstructor::createModule):
2027         * wasm/js/WebAssemblyModuleRecord.cpp:
2028         (JSC::WebAssemblyModuleRecord::link):
2029         (JSC::WebAssemblyModuleRecord::evaluate):
2030
2031 2017-03-03  Mark Lam  <mark.lam@apple.com>
2032
2033         Gardening: fix broken ARM64 build.
2034         https://bugs.webkit.org/show_bug.cgi?id=169139
2035
2036         Not reviewed.
2037
2038         * assembler/ARM64Assembler.h:
2039         (JSC::ARM64Assembler::excepnGenerationImmMask):
2040
2041 2017-03-03  Mark Lam  <mark.lam@apple.com>
2042
2043         Add MacroAssembler::isBreakpoint() query function.
2044         https://bugs.webkit.org/show_bug.cgi?id=169139
2045
2046         Reviewed by Michael Saboff.
2047
2048         This will be needed soon when we use breakpoint instructions to implement
2049         non-polling VM traps, and need to discern between a VM trap signal and a genuine
2050         assertion breakpoint.
2051
2052         * assembler/ARM64Assembler.h:
2053         (JSC::ARM64Assembler::isBrk):
2054         (JSC::ARM64Assembler::excepnGenerationImmMask):
2055         * assembler/ARMAssembler.h:
2056         (JSC::ARMAssembler::isBkpt):
2057         * assembler/ARMv7Assembler.h:
2058         (JSC::ARMv7Assembler::isBkpt):
2059         * assembler/MIPSAssembler.h:
2060         (JSC::MIPSAssembler::isBkpt):
2061         * assembler/MacroAssemblerARM.h:
2062         (JSC::MacroAssemblerARM::isBreakpoint):
2063         * assembler/MacroAssemblerARM64.h:
2064         (JSC::MacroAssemblerARM64::isBreakpoint):
2065         * assembler/MacroAssemblerARMv7.h:
2066         (JSC::MacroAssemblerARMv7::isBreakpoint):
2067         * assembler/MacroAssemblerMIPS.h:
2068         (JSC::MacroAssemblerMIPS::isBreakpoint):
2069         * assembler/MacroAssemblerX86Common.h:
2070         (JSC::MacroAssemblerX86Common::isBreakpoint):
2071         * assembler/X86Assembler.h:
2072         (JSC::X86Assembler::isInt3):
2073
2074 2017-03-03  Mark Lam  <mark.lam@apple.com>
2075
2076         We should only check for traps that we're able to handle.
2077         https://bugs.webkit.org/show_bug.cgi?id=169136
2078
2079         Reviewed by Michael Saboff.
2080
2081         The execute methods in interpreter were checking for the existence of any traps
2082         (without masking) and only handling a subset of those via a mask.  This can
2083         result in a failed assertion on debug builds.
2084
2085         This patch fixes this by applying the same mask for both the needTrapHandling()
2086         check and the handleTraps() call.  Also added a few assertions.
2087
2088         * interpreter/Interpreter.cpp:
2089         (JSC::Interpreter::executeProgram):
2090         (JSC::Interpreter::executeCall):
2091         (JSC::Interpreter::executeConstruct):
2092         (JSC::Interpreter::execute):
2093         * jit/JITOperations.cpp:
2094         * llint/LLIntSlowPaths.cpp:
2095         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2096
2097 2017-03-02  Carlos Garcia Campos  <cgarcia@igalia.com>
2098
2099         Remote Inspector: Move updateTargetListing() methods to RemoteInspector.cpp
2100         https://bugs.webkit.org/show_bug.cgi?id=169074
2101
2102         Reviewed by Joseph Pecoraro.
2103
2104         They are not actually cocoa specific.
2105
2106         * inspector/remote/RemoteInspector.cpp:
2107         (Inspector::RemoteInspector::updateTargetListing):
2108         * inspector/remote/RemoteInspector.h:
2109         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2110
2111 2017-03-02  Mark Lam  <mark.lam@apple.com>
2112
2113         Add WebKit2 hooks to notify the VM that the user has requested a debugger break.
2114         https://bugs.webkit.org/show_bug.cgi?id=169089
2115
2116         Reviewed by Tim Horton and Joseph Pecoraro.
2117
2118         * runtime/VM.cpp:
2119         (JSC::VM::handleTraps):
2120         * runtime/VM.h:
2121         (JSC::VM::notifyNeedDebuggerBreak):
2122
2123 2017-03-02  Michael Saboff  <msaboff@apple.com>
2124
2125         Add JSC identity when code signing to allow debugging on iOS
2126         https://bugs.webkit.org/show_bug.cgi?id=169099
2127
2128         Reviewed by Filip Pizlo.
2129
2130         * Configurations/JSC.xcconfig:
2131         * Configurations/ToolExecutable.xcconfig:
2132
2133 2017-03-02  Keith Miller  <keith_miller@apple.com>
2134
2135         WebAssemblyFunction should have Function.prototype as its prototype
2136         https://bugs.webkit.org/show_bug.cgi?id=169101
2137
2138         Reviewed by Filip Pizlo.
2139
2140         Per https://github.com/WebAssembly/design/blob/master/JS.md#exported-function-exotic-objects our JSWebAssemblyFunction
2141         objects should have Function.prototype as their prototype.
2142
2143         * runtime/JSGlobalObject.cpp:
2144         (JSC::JSGlobalObject::init):
2145
2146 2017-03-02  Mark Lam  <mark.lam@apple.com>
2147
2148         Add Options::alwaysCheckTraps() and Options::usePollingTraps() options.
2149         https://bugs.webkit.org/show_bug.cgi?id=169088
2150
2151         Reviewed by Keith Miller.
2152
2153         Options::alwaysCheckTraps() forces the op_check_traps bytecode to always be
2154         generated.  This is useful for testing purposes until we have signal based
2155         traps, at which point, we will always emit the op_check_traps bytecode and remove
2156         this option.
2157
2158         Options::usePollingTraps() enables the use of polling VM traps all the time.
2159         This will be useful for benchmark comparisons, (between polling and non-polling
2160         traps), as well as for forcing polling traps later for ports that don't support
2161         signal based traps.
2162
2163         Note: signal based traps are not fully implemented yet.  As a result, if the VM
2164         watchdog is in use, we will force Options::usePollingTraps() to be true.
2165
2166         * bytecompiler/BytecodeGenerator.cpp:
2167         (JSC::BytecodeGenerator::emitCheckTraps):
2168         * dfg/DFGClobberize.h:
2169         (JSC::DFG::clobberize):
2170         * dfg/DFGSpeculativeJIT.cpp:
2171         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2172         * dfg/DFGSpeculativeJIT32_64.cpp:
2173         (JSC::DFG::SpeculativeJIT::compile):
2174         * dfg/DFGSpeculativeJIT64.cpp:
2175         (JSC::DFG::SpeculativeJIT::compile):
2176         * ftl/FTLLowerDFGToB3.cpp:
2177         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2178         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2179         * runtime/Options.cpp:
2180         (JSC::recomputeDependentOptions):
2181         * runtime/Options.h:
2182
2183 2017-03-02  Keith Miller  <keith_miller@apple.com>
2184
2185         Fix addressing mode for B3WasmAddress
2186         https://bugs.webkit.org/show_bug.cgi?id=169092
2187
2188         Reviewed by Filip Pizlo.
2189
2190         Fix the potential addressing modes for B3WasmAddress. ARM does not
2191         support a base + index*1 + offset addressing mode. I think when I
2192         read it the first time I assumed it would always work on both ARM
2193         and X86. While true for X86 it's not true for ARM.
2194
2195         * b3/B3LowerToAir.cpp:
2196         (JSC::B3::Air::LowerToAir::effectiveAddr):
2197
2198 2017-03-02  Mark Lam  <mark.lam@apple.com>
2199
2200         Add support for selective handling of VM traps.
2201         https://bugs.webkit.org/show_bug.cgi?id=169087
2202
2203         Reviewed by Keith Miller.
2204
2205         This is needed because there are some places in the VM where it's appropriate to
2206         handle some types of VM traps but not others.
2207
2208         We implement this selection by using a VMTraps::Mask that allows the user to
2209         specify which traps should be serviced.
2210
2211         * interpreter/Interpreter.cpp:
2212         (JSC::Interpreter::executeProgram):
2213         (JSC::Interpreter::executeCall):
2214         (JSC::Interpreter::executeConstruct):
2215         (JSC::Interpreter::execute):
2216         * runtime/VM.cpp:
2217         (JSC::VM::handleTraps):
2218         * runtime/VM.h:
2219         * runtime/VMTraps.cpp:
2220         (JSC::VMTraps::takeTrap): Deleted.
2221         * runtime/VMTraps.h:
2222         (JSC::VMTraps::Mask::Mask):
2223         (JSC::VMTraps::Mask::allEventTypes):
2224         (JSC::VMTraps::Mask::bits):
2225         (JSC::VMTraps::Mask::init):
2226         (JSC::VMTraps::needTrapHandling):
2227         (JSC::VMTraps::hasTrapForEvent):
2228
2229 2017-03-02  Alex Christensen  <achristensen@webkit.org>
2230
2231         Continue enabling WebRTC
2232         https://bugs.webkit.org/show_bug.cgi?id=169056
2233
2234         Reviewed by Jon Lee.
2235
2236         * Configurations/FeatureDefines.xcconfig:
2237
2238 2017-03-02  Tomas Popela  <tpopela@redhat.com>
2239
2240         Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
2241         https://bugs.webkit.org/show_bug.cgi?id=169034
2242
2243         Reviewed by Mark Lam.
2244
2245         It should not assign to offset, but compare to offset.
2246
2247         * runtime/JSGlobalObject.cpp:
2248         (JSC::JSGlobalObject::addStaticGlobals):
2249
2250 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2251
2252         Unreviewed, rolling out r213259.
2253
2254         Broke an internal build
2255
2256         Reverted changeset:
2257
2258         "Continue enabling WebRTC"
2259         https://bugs.webkit.org/show_bug.cgi?id=169056
2260         http://trac.webkit.org/changeset/213259
2261
2262 2017-03-01  Alex Christensen  <achristensen@webkit.org>
2263
2264         Continue enabling WebRTC
2265         https://bugs.webkit.org/show_bug.cgi?id=169056
2266
2267         Reviewed by Jon Lee.
2268
2269         * Configurations/FeatureDefines.xcconfig:
2270
2271 2017-03-01  Michael Saboff  <msaboff@apple.com>
2272
2273         Source/JavaScriptCore/ChangeLog
2274         https://bugs.webkit.org/show_bug.cgi?id=169055
2275
2276         Reviewed by Mark Lam.
2277
2278         Made local copies of options strings for OptionRange and string typed options.
2279
2280         * runtime/Options.cpp:
2281         (JSC::parse):
2282         (JSC::OptionRange::init):
2283
2284 2017-03-01  Mark Lam  <mark.lam@apple.com>
2285
2286         [Re-landing] Change JSLock to stash PlatformThread instead of std::thread::id.
2287         https://bugs.webkit.org/show_bug.cgi?id=168996
2288
2289         Reviewed by Filip Pizlo and Saam Barati.
2290
2291         PlatformThread is more useful because it allows us to:
2292         1. find the MachineThreads::Thread which is associated with it.
2293         2. suspend / resume threads.
2294         3. send a signal to a thread.
2295
2296         We can't do those with std::thread::id.  We will need one or more of these
2297         capabilities to implement non-polling VM traps later.
2298
2299         Update: Since we don't have a canonical "uninitialized" value for PlatformThread,
2300         we now have a JSLock::m_hasOwnerThread flag that is set to true if and only the
2301         m_ownerThread value is valid.  JSLock::currentThreadIsHoldingLock() now checks
2302         JSLock::m_hasOwnerThread before doing the thread identity comparison.
2303
2304         * JavaScriptCore.xcodeproj/project.pbxproj:
2305         * heap/MachineStackMarker.cpp:
2306         (JSC::MachineThreads::Thread::createForCurrentThread):
2307         (JSC::MachineThreads::machineThreadForCurrentThread):
2308         (JSC::MachineThreads::removeThread):
2309         (JSC::MachineThreads::Thread::suspend):
2310         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2311         (JSC::getCurrentPlatformThread): Deleted.
2312         * heap/MachineStackMarker.h:
2313         * runtime/JSCellInlines.h:
2314         (JSC::JSCell::classInfo):
2315         * runtime/JSLock.cpp:
2316         (JSC::JSLock::JSLock):
2317         (JSC::JSLock::lock):
2318         (JSC::JSLock::unlock):
2319         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2320         * runtime/JSLock.h:
2321         (JSC::JSLock::ownerThread):
2322         (JSC::JSLock::currentThreadIsHoldingLock):
2323         * runtime/PlatformThread.h: Added.
2324         (JSC::currentPlatformThread):
2325         * runtime/VM.cpp:
2326         (JSC::VM::~VM):
2327         * runtime/VM.h:
2328         (JSC::VM::ownerThread):
2329         * runtime/Watchdog.cpp:
2330         (JSC::Watchdog::setTimeLimit):
2331         (JSC::Watchdog::shouldTerminate):
2332         (JSC::Watchdog::startTimer):
2333         (JSC::Watchdog::stopTimer):
2334         * tools/JSDollarVMPrototype.cpp:
2335         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2336         * tools/VMInspector.cpp:
2337
2338 2017-03-01  Saam Barati  <sbarati@apple.com>
2339
2340         Implement a mega-disassembler that'll be used in the FTL
2341         https://bugs.webkit.org/show_bug.cgi?id=168685
2342
2343         Reviewed by Mark Lam.
2344
2345         This patch extends the previous Air disassembler to print the
2346         DFG and B3 nodes belonging to particular Air instructions.
2347         The algorithm I'm using to do this is not perfect. For example,
2348         it won't try to print the entire DFG/B3 graph. It'll just print
2349         the related nodes for particular Air instructions. We can make the
2350         algorithm more sophisticated as we get more experience looking at
2351         these IR dumps and get a better feel for what we want out of them.
2352
2353         This is an example of the output:
2354
2355         ...
2356         ...
2357         200:<!0:->  InvalidationPoint(MustGen, W:SideState, Exits, bc#28, exit: bc#25 --> _getEntry#DlGw2r:<0x10276f980> bc#37)
2358            Void @54 = Patchpoint(@29:ColdAny, @29:ColdAny, @53:ColdAny, DFG:@200, generator = 0x1015d6c18, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r19, %r20, %r21, %r22, %fp], resultConstraint = WarmAny, ExitsSideways|WritesPinned|ReadsPinned|Reads:Top)
2359                Patch &Patchpoint2, %r20, %r20, %r0, @54
2360          76:< 6:->  GetByOffset(KnownCell:@44, KnownCell:@44, JS|UseAsOther, Array, id3{_elementData}, 2, inferredType = Object, R:NamedProperties(3), Exits, bc#37)  predicting Array
2361            Int64 @57 = Load(@29, DFG:@76, offset = 32, ControlDependent|Reads:100...101)
2362                Move 32(%r20), %r5, @57
2363                       0x389cc9ac0:    ldur   x5, [x20, #32]
2364         115:<!0:->  CheckStructure(Cell:@76, MustGen, [0x1027eae20:[Array, {}, ArrayWithContiguous, Proto:0x1027e0140]], R:JSCell_structureID, Exits, bc#46)
2365            Int32 @58 = Load(@57, DFG:@115, ControlDependent|Reads:16...17)
2366                Move32 (%r5), %r1, @58
2367                       0x389cc9ac4:    ldur   w1, [x5]
2368            Int32 @59 = Const32(DFG:@115, 92)
2369            Int32 @60 = NotEqual(@58, $92(@59), DFG:@115)
2370            Void @61 = Check(@60:WarmAny, @57:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @57:ColdAny, DFG:@115, generator = 0x1057991e0, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2371                Patch &Branch32(3,SameAsRep)1, NotEqual, %r1, $92, %r5, %r20, %r20, %r0, %r5, @61
2372                       0x389cc9ac8:    cmp    w1, #92
2373                       0x389cc9acc:    b.ne   0x389cc9dac
2374         117:< 2:->  GetButterfly(Cell:@76, Storage|PureInt, R:JSObject_butterfly, Exits, bc#46)
2375            Int64 @64 = Load(@57, DFG:@117, offset = 8, ControlDependent|Reads:24...25)
2376                Move 8(%r5), %r4, @64
2377                       0x389cc9ad0:    ldur   x4, [x5, #8]
2378          79:< 2:->  GetArrayLength(KnownCell:@76, Untyped:@117, JS|PureInt|UseAsInt, Nonboolint32, Contiguous+OriginalArray+InBounds+AsIs, R:Butterfly_publicLength, Exits, bc#46)
2379            Int32 @67 = Load(@64, DFG:@79, offset = -8, ControlDependent|Reads:3...4)
2380                Move32 -8(%r4), %r2, @67
2381                       0x389cc9ad4:    ldur   w2, [x4, #-8]
2382       192:< 1:->  JSConstant(JS|PureInt, Nonboolint32, Int32: -1, bc#0)
2383            Int32 @68 = Const32(DFG:@192, -1)
2384                Move $0xffffffffffffffff, %r1, $-1(@68)
2385                       0x389cc9ad8:    mov    x1, #-1
2386          83:<!2:->  ArithAdd(Int32:Kill:@79, Int32:Kill:@192, Number|MustGen|PureInt|UseAsInt, Int32, Unchecked, Exits, bc#55)
2387            Int32 @69 = Add(@67, $-1(@68), DFG:@83)
2388                Add32 %r2, %r1, %r1, @69
2389                       0x389cc9adc:    add    w1, w2, w1
2390          86:< 3:->  BitAnd(Check:Int32:@71, Int32:Kill:@83, Int32|UseAsOther|UseAsInt|ReallyWantsInt, Int32, Exits, bc#60)
2391            Int32 @70 = Below(@53, $-281474976710656(@15), DFG:@86)
2392            Void @71 = Check(@70:WarmAny, @53:ColdAny, @29:ColdAny, @29:ColdAny, @53:ColdAny, @69:ColdAny, DFG:@86, generator = 0x105799370, earlyClobbered = [], lateClobbered = [], usedRegisters = [%r0, %r1, %r2, %r4, %r5, %r19, %r20, %r21, %r22, %fp], ExitsSideways|Reads:Top)
2393                Patch &Branch64(3,SameAsRep)0, Below, %r0, %r22, %r0, %r20, %r20, %r0, %r1, @71
2394                       0x389cc9ae0:    cmp    x0, x22
2395                       0x389cc9ae4:    b.lo   0x389cc9dc0
2396            Int32 @72 = Trunc(@53, DFG:@86)
2397            Int32 @73 = BitAnd(@69, @72, DFG:@86)
2398                And32 %r1, %r0, %r1, @73
2399                       0x389cc9ae8:    and    w1, w1, w0
2400            16:<!0:->  PutStack(KnownInt32:@71, MustGen, loc27, machine:loc3, FlushedInt32, W:Stack(-28), bc#19)
2401            Int32 @72 = Trunc(@53, DFG:@86)
2402            Int64 @11 = SlotBase(stack0)
2403            Void @76 = Store(@72, @11, DFG:@16, offset = 32, ControlDependent|Writes:94...95)
2404                Move32 %r0, -64(%fp), @76
2405                       0x389cc9aec:    stur   w0, [fp, #-64]
2406            12:<!0:->  PutStack(Untyped:@86, MustGen, loc28, machine:loc4, FlushedJSValue, W:Stack(-29), bc#19)
2407            Int64 @77 = ZExt32(@73, DFG:@12)
2408            Int64 @78 = Add(@77, $-281474976710656(@15), DFG:@12)
2409                Add64 %r1, %r22, %r3, @78
2410                       0x389cc9af0:    add    x3, x1, x22
2411            Int64 @11 = SlotBase(stack0)
2412            Void @81 = Store(@78, @11, DFG:@12, offset = 24, ControlDependent|Writes:95...96)
2413                Move %r3, -72(%fp), @81
2414                       0x389cc9af4:    stur   x3, [fp, #-72]
2415            10:<!0:->  PutStack(KnownInt32:@46, MustGen, loc29, machine:loc5, FlushedInt32, W:Stack(-30), bc#19)
2416            Int32 @82 = Trunc(@24, DFG:@10)
2417            Int64 @11 = SlotBase(stack0)
2418            Void @85 = Store(@82, @11, DFG:@10, offset = 16, ControlDependent|Writes:96...97)
2419                Move32 %r21, -80(%fp), @85
2420                       0x389cc9af8:    stur   w21, [fp, #-80]
2421           129:<!10:->  GetByVal(KnownCell:Kill:@76, Int32:Kill:@86, Untyped:Kill:@117, JS|MustGen|UseAsOther, FinalOther, Contiguous+OriginalArray+OutOfBounds+AsIs, R:World, W:Heap, Exits, ClobbersExit, bc#19)  predicting FinalOther
2422            Int32 @89 = AboveEqual(@73, @67, DFG:@129)
2423            Void @90 = Branch(@89, DFG:@129, Terminal)
2424                Branch32 AboveOrEqual, %r1, %r2, @90
2425                       0x389cc9afc:    cmp    w1, w2
2426                       0x389cc9b00:    b.hs   0x389cc9bec
2427         ...
2428         ...
2429
2430         * b3/air/AirDisassembler.cpp:
2431         (JSC::B3::Air::Disassembler::dump):
2432         * b3/air/AirDisassembler.h:
2433         * ftl/FTLCompile.cpp:
2434         (JSC::FTL::compile):
2435         * ftl/FTLLowerDFGToB3.cpp:
2436         (JSC::FTL::DFG::LowerDFGToB3::lower):
2437         (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
2438         (JSC::FTL::DFG::LowerDFGToB3::lowCell):
2439         (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
2440         (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
2441
2442 2017-03-01  Mark Lam  <mark.lam@apple.com>
2443
2444         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator().
2445         https://bugs.webkit.org/show_bug.cgi?id=169042
2446
2447         Not reviewed.
2448
2449         Rolling out r213229 and r213202.
2450
2451         * JavaScriptCore.xcodeproj/project.pbxproj:
2452         * heap/MachineStackMarker.cpp:
2453         (JSC::getCurrentPlatformThread):
2454         (JSC::MachineThreads::Thread::createForCurrentThread):
2455         (JSC::MachineThreads::machineThreadForCurrentThread):
2456         (JSC::MachineThreads::removeThread):
2457         (JSC::MachineThreads::Thread::suspend):
2458         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2459         * heap/MachineStackMarker.h:
2460         * runtime/JSCellInlines.h:
2461         (JSC::JSCell::classInfo):
2462         * runtime/JSLock.cpp:
2463         (JSC::JSLock::JSLock):
2464         (JSC::JSLock::lock):
2465         (JSC::JSLock::unlock):
2466         (JSC::JSLock::currentThreadIsHoldingLock):
2467         * runtime/JSLock.h:
2468         (JSC::JSLock::ownerThread):
2469         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2470         * runtime/PlatformThread.h: Removed.
2471         * runtime/VM.cpp:
2472         (JSC::VM::~VM):
2473         * runtime/VM.h:
2474         (JSC::VM::ownerThread):
2475         * runtime/Watchdog.cpp:
2476         (JSC::Watchdog::setTimeLimit):
2477         (JSC::Watchdog::shouldTerminate):
2478         (JSC::Watchdog::startTimer):
2479         (JSC::Watchdog::stopTimer):
2480         * tools/JSDollarVMPrototype.cpp:
2481         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2482         * tools/VMInspector.cpp:
2483
2484 2017-03-01  Mark Lam  <mark.lam@apple.com>
2485
2486         REGRESSION (r213202?): Assertion failed: (!"initialized()"), function operator()
2487         https://bugs.webkit.org/show_bug.cgi?id=169042
2488
2489         Reviewed by Filip Pizlo.
2490
2491         * runtime/JSLock.h:
2492         (JSC::JSLock::currentThreadIsHoldingLock):
2493
2494 2017-02-28  Brian Burg  <bburg@apple.com>
2495
2496         REGRESSION(r211344): Remote Inspector: listingForAutomationTarget() is called off-main-thread, causing assertions
2497         https://bugs.webkit.org/show_bug.cgi?id=168695
2498         <rdar://problem/30643899>
2499
2500         Reviewed by Joseph Pecoraro.
2501
2502         The aforementioned commit added some new calls to update target listings. This causes RemoteInspector
2503         to update some listings underneath an incoming setup message on the XPC queue, which is not a safe place
2504         to gather listing information for RemoteAutomationTargets.
2505
2506         Update the listing asynchronously since we don't need it immediately. Since this really only happens when
2507         the connection to the target is set up and shut down, we can trigger listings to be refreshed from
2508         the async block that's called on the target's queue inside RemoteConnectionToTarget::{setup,close}.
2509
2510         * inspector/remote/RemoteInspector.h:
2511         Make updateListingForTarget(unsigned) usable from RemoteConnectionToTarget.
2512
2513         * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
2514         (Inspector::RemoteConnectionToTarget::setup):
2515         (Inspector::RemoteConnectionToTarget::close):
2516         Grab the target identifier while the RemoteControllableTarget pointer is still valid,
2517         and use it inside the block later after it may have been destructed already. If that happens,
2518         then updateTargetListing will bail out because the targetIdentifier cannot be found in the mapping.
2519
2520         * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
2521         (Inspector::RemoteInspector::updateTargetListing):
2522         We need to make sure to request a listing push after the target is updated, so implicitly call
2523         pushListingsSoon() from here. That method doesn't require any particular queue or holding a lock.
2524
2525         (Inspector::RemoteInspector::receivedSetupMessage):
2526         (Inspector::RemoteInspector::receivedDidCloseMessage):
2527         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
2528         Remove calls to updateTargetListing() and pushListingsSoon(), as these happen implicitly
2529         and asynchronously on the target's queue when the connection to target is opened or closed.
2530
2531 2017-03-01  Tomas Popela  <tpopela@redhat.com>
2532
2533         Leak under Options::setOptions
2534         https://bugs.webkit.org/show_bug.cgi?id=169029
2535
2536         Reviewed by Michael Saboff.
2537
2538         Don't leak the optionsStrCopy variable.
2539
2540         * runtime/Options.cpp:
2541         (JSC::Options::setOptions):
2542
2543 2017-03-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2544
2545         [JSC] Allow UnlinkedCodeBlock to dump its bytecode sequence
2546         https://bugs.webkit.org/show_bug.cgi?id=168968
2547
2548         Reviewed by Saam Barati.
2549
2550         This patch decouples dumping bytecode sequence from CodeBlock.
2551         This change allows UnlinkedCodeBlock to dump its bytecode sequence.
2552         It is useful because we now have complex phase between UnlinkedCodeBlock and CodeBlock,
2553         called Generatorification.
2554
2555         We introduce BytecodeDumper<Block>. Both CodeBlock and UnlinkedCodeBlock can use
2556         this class to dump bytecode sequence.
2557
2558         And this patch also adds Option::dumpBytecodesBeforeGeneratorification,
2559         which dumps unlinked bytecode sequence before generatorification if it is enabled.
2560
2561         * CMakeLists.txt:
2562         * JavaScriptCore.xcodeproj/project.pbxproj:
2563         * bytecode/BytecodeDumper.cpp: Added.
2564         (JSC::getStructureID):
2565         (JSC::getSpecialPointer):
2566         (JSC::getPutByIdFlags):
2567         (JSC::getToThisStatus):
2568         (JSC::getPointer):
2569         (JSC::getStructureChain):
2570         (JSC::getStructure):
2571         (JSC::getCallLinkInfo):
2572         (JSC::getBasicBlockLocation):
2573         (JSC::BytecodeDumper<Block>::actualPointerFor):
2574         (JSC::BytecodeDumper<CodeBlock>::actualPointerFor):
2575         (JSC::beginDumpProfiling):
2576         (JSC::BytecodeDumper<Block>::dumpValueProfiling):
2577         (JSC::BytecodeDumper<CodeBlock>::dumpValueProfiling):
2578         (JSC::BytecodeDumper<Block>::dumpArrayProfiling):
2579         (JSC::BytecodeDumper<CodeBlock>::dumpArrayProfiling):
2580         (JSC::BytecodeDumper<Block>::dumpProfilesForBytecodeOffset):
2581         (JSC::dumpRareCaseProfile):
2582         (JSC::dumpArithProfile):
2583         (JSC::BytecodeDumper<CodeBlock>::dumpProfilesForBytecodeOffset):
2584         (JSC::BytecodeDumper<Block>::vm):
2585         (JSC::BytecodeDumper<Block>::identifier):
2586         (JSC::regexpToSourceString):
2587         (JSC::regexpName):
2588         (JSC::printLocationAndOp):
2589         (JSC::isConstantRegisterIndex):
2590         (JSC::debugHookName):
2591         (JSC::BytecodeDumper<Block>::registerName):
2592         (JSC::idName):
2593         (JSC::BytecodeDumper<Block>::constantName):
2594         (JSC::BytecodeDumper<Block>::printUnaryOp):
2595         (JSC::BytecodeDumper<Block>::printBinaryOp):
2596         (JSC::BytecodeDumper<Block>::printConditionalJump):
2597         (JSC::BytecodeDumper<Block>::printGetByIdOp):
2598         (JSC::dumpStructure):
2599         (JSC::dumpChain):
2600         (JSC::BytecodeDumper<Block>::printGetByIdCacheStatus):
2601         (JSC::BytecodeDumper<Block>::printPutByIdCacheStatus):
2602         (JSC::BytecodeDumper<Block>::dumpCallLinkStatus):
2603         (JSC::BytecodeDumper<CodeBlock>::dumpCallLinkStatus):
2604         (JSC::BytecodeDumper<Block>::printCallOp):
2605         (JSC::BytecodeDumper<Block>::printPutByIdOp):
2606         (JSC::BytecodeDumper<Block>::printLocationOpAndRegisterOperand):
2607         (JSC::BytecodeDumper<Block>::dumpBytecode):
2608         (JSC::BytecodeDumper<Block>::dumpIdentifiers):
2609         (JSC::BytecodeDumper<Block>::dumpConstants):
2610         (JSC::BytecodeDumper<Block>::dumpRegExps):
2611         (JSC::BytecodeDumper<Block>::dumpExceptionHandlers):
2612         (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables):
2613         (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables):
2614         (JSC::BytecodeDumper<Block>::dumpBlock):
2615         * bytecode/BytecodeDumper.h: Added.
2616         (JSC::BytecodeDumper::BytecodeDumper):
2617         (JSC::BytecodeDumper::block):
2618         (JSC::BytecodeDumper::instructionsBegin):
2619         * bytecode/BytecodeGeneratorification.cpp:
2620         (JSC::BytecodeGeneratorification::BytecodeGeneratorification):
2621         (JSC::performGeneratorification):
2622         * bytecode/BytecodeLivenessAnalysis.cpp:
2623         (JSC::BytecodeLivenessAnalysis::dumpResults):
2624         * bytecode/CodeBlock.cpp:
2625         (JSC::CodeBlock::dumpBytecode):
2626         (JSC::CodeBlock::finishCreation):
2627         (JSC::CodeBlock::propagateTransitions):
2628         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2629         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2630         (JSC::CodeBlock::usesOpcode):
2631         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2632         (JSC::CodeBlock::arithProfileForPC):
2633         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2634         (JSC::idName): Deleted.
2635         (JSC::CodeBlock::registerName): Deleted.
2636         (JSC::CodeBlock::constantName): Deleted.
2637         (JSC::regexpToSourceString): Deleted.
2638         (JSC::regexpName): Deleted.
2639         (JSC::debugHookName): Deleted.
2640         (JSC::CodeBlock::printUnaryOp): Deleted.
2641         (JSC::CodeBlock::printBinaryOp): Deleted.
2642         (JSC::CodeBlock::printConditionalJump): Deleted.
2643         (JSC::CodeBlock::printGetByIdOp): Deleted.
2644         (JSC::dumpStructure): Deleted.
2645         (JSC::dumpChain): Deleted.
2646         (JSC::CodeBlock::printGetByIdCacheStatus): Deleted.
2647         (JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
2648         (JSC::CodeBlock::printCallOp): Deleted.
2649         (JSC::CodeBlock::printPutByIdOp): Deleted.
2650         (JSC::CodeBlock::dumpExceptionHandlers): Deleted.
2651         (JSC::CodeBlock::beginDumpProfiling): Deleted.
2652         (JSC::CodeBlock::dumpValueProfiling): Deleted.
2653         (JSC::CodeBlock::dumpArrayProfiling): Deleted.
2654         (JSC::CodeBlock::dumpRareCaseProfile): Deleted.
2655         (JSC::CodeBlock::dumpArithProfile): Deleted.
2656         (JSC::CodeBlock::printLocationAndOp): Deleted.
2657         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Deleted.
2658         * bytecode/CodeBlock.h:
2659         (JSC::CodeBlock::constantRegisters):
2660         (JSC::CodeBlock::numberOfRegExps):
2661         (JSC::CodeBlock::bitVectors):
2662         (JSC::CodeBlock::bitVector):
2663         * bytecode/HandlerInfo.h:
2664         (JSC::HandlerInfoBase::typeName):
2665         * bytecode/UnlinkedCodeBlock.cpp:
2666         (JSC::UnlinkedCodeBlock::dump):
2667         * bytecode/UnlinkedCodeBlock.h:
2668         (JSC::UnlinkedCodeBlock::getConstant):
2669         * bytecode/UnlinkedInstructionStream.cpp:
2670         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
2671         * bytecode/UnlinkedInstructionStream.h:
2672         (JSC::UnlinkedInstructionStream::Reader::next):
2673         * runtime/Options.h:
2674
2675 2017-02-28  Mark Lam  <mark.lam@apple.com>
2676
2677         Change JSLock to stash PlatformThread instead of std::thread::id.
2678         https://bugs.webkit.org/show_bug.cgi?id=168996
2679
2680         Reviewed by Filip Pizlo.
2681
2682         PlatformThread is more useful because it allows us to:
2683         1. find the MachineThreads::Thread which is associated with it.
2684         2. suspend / resume threads.
2685         3. send a signal to a thread.
2686
2687         We can't do those with std::thread::id.  We will need one or more of these
2688         capabilities to implement non-polling VM traps later.
2689
2690         * JavaScriptCore.xcodeproj/project.pbxproj:
2691         * heap/MachineStackMarker.cpp:
2692         (JSC::MachineThreads::Thread::createForCurrentThread):
2693         (JSC::MachineThreads::machineThreadForCurrentThread):
2694         (JSC::MachineThreads::removeThread):
2695         (JSC::MachineThreads::Thread::suspend):
2696         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2697         (JSC::getCurrentPlatformThread): Deleted.
2698         * heap/MachineStackMarker.h:
2699         * runtime/JSCellInlines.h:
2700         (JSC::JSCell::classInfo):
2701         * runtime/JSLock.cpp:
2702         (JSC::JSLock::lock):
2703         (JSC::JSLock::unlock):
2704         (JSC::JSLock::currentThreadIsHoldingLock): Deleted.
2705         * runtime/JSLock.h:
2706         (JSC::JSLock::ownerThread):
2707         (JSC::JSLock::currentThreadIsHoldingLock):
2708         * runtime/PlatformThread.h: Added.
2709         (JSC::currentPlatformThread):
2710         * runtime/VM.cpp:
2711         (JSC::VM::~VM):
2712         * runtime/VM.h:
2713         (JSC::VM::ownerThread):
2714         * runtime/Watchdog.cpp:
2715         (JSC::Watchdog::setTimeLimit):
2716         (JSC::Watchdog::shouldTerminate):
2717         (JSC::Watchdog::startTimer):
2718         (JSC::Watchdog::stopTimer):
2719         * tools/JSDollarVMPrototype.cpp:
2720         (JSC::JSDollarVMPrototype::currentThreadOwnsJSLock):
2721         * tools/VMInspector.cpp:
2722
2723 2017-02-28  Mark Lam  <mark.lam@apple.com>
2724
2725         Enable the SigillCrashAnalyzer by default for iOS.
2726         https://bugs.webkit.org/show_bug.cgi?id=168989
2727
2728         Reviewed by Keith Miller.
2729
2730         * runtime/Options.cpp:
2731         (JSC::overrideDefaults):
2732
2733 2017-02-28  Mark Lam  <mark.lam@apple.com>
2734
2735         Remove setExclusiveThread() and peers from the JSLock.
2736         https://bugs.webkit.org/show_bug.cgi?id=168977
2737
2738         Reviewed by Filip Pizlo.
2739
2740         JSLock::setExclusiveThread() was only used by WebCore.  Benchmarking with
2741         Speedometer, we see that removal of exclusive thread status has no measurable
2742         impact on performance.  So, let's remove the code for handling exclusive thread
2743         status, and simplify the JSLock code.
2744
2745         For the records, exclusive thread status does improve JSLock locking/unlocking
2746         time by up to 20%.  However, this difference is not measurable in the way WebCore
2747         uses the JSLock as confirmed by Speedometer.
2748
2749         Also applied a minor optimization in JSLock::lock() to assume the initial lock
2750         entry case (as opposed to the re-entry case).  This appears to shows a small
2751         fractional improvement (about 5%) in JSLock cumulative locking and unlocking
2752         time in a micro-benchmark.
2753
2754         * heap/Heap.cpp:
2755         (JSC::Heap::Heap):
2756         * heap/MachineStackMarker.cpp:
2757         (JSC::MachineThreads::MachineThreads):
2758         (JSC::MachineThreads::addCurrentThread):
2759         * heap/MachineStackMarker.h:
2760         * runtime/JSLock.cpp:
2761         (JSC::JSLock::JSLock):
2762         (JSC::JSLock::lock):
2763         (JSC::JSLock::unlock):
2764         (JSC::JSLock::currentThreadIsHoldingLock):
2765         (JSC::JSLock::dropAllLocks):
2766         (JSC::JSLock::grabAllLocks):
2767         (JSC::JSLock::setExclusiveThread): Deleted.
2768         * runtime/JSLock.h:
2769         (JSC::JSLock::ownerThread):
2770         (JSC::JSLock::hasExclusiveThread): Deleted.
2771         (JSC::JSLock::exclusiveThread): Deleted.
2772         * runtime/VM.h:
2773         (JSC::VM::hasExclusiveThread): Deleted.
2774         (JSC::VM::exclusiveThread): Deleted.
2775         (JSC::VM::setExclusiveThread): Deleted.
2776
2777 2017-02-28  Saam Barati  <sbarati@apple.com>
2778
2779         Arm64 disassembler prints "ars" instead of "asr"
2780         https://bugs.webkit.org/show_bug.cgi?id=168923
2781
2782         Rubber stamped by Michael Saboff.
2783
2784         * disassembler/ARM64/A64DOpcode.cpp:
2785         (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2786
2787 2017-02-28  Oleksandr Skachkov  <gskachkov@gmail.com>
2788
2789         Use of arguments in arrow function is slow
2790         https://bugs.webkit.org/show_bug.cgi?id=168829
2791
2792         Reviewed by Saam Barati.
2793
2794         Current patch improves performance access to arguments within arrow functuion
2795         by preventing create arguments variable within arrow function, also allow to cache 
2796         arguments variable. Before arguments variable always have Dynamic resolve type, after 
2797         patch it can be ClosureVar, that increase performance of access to arguments variable
2798         in 9 times inside of the arrow function. 
2799
2800         * bytecompiler/BytecodeGenerator.cpp:
2801         (JSC::BytecodeGenerator::BytecodeGenerator):
2802         * runtime/JSScope.cpp:
2803         (JSC::abstractAccess):
2804
2805 2017-02-28  Michael Saboff  <msaboff@apple.com>
2806
2807         Add ability to configure JSC options from a file
2808         https://bugs.webkit.org/show_bug.cgi?id=168914
2809
2810         Reviewed by Filip Pizlo.
2811
2812         Added the ability to set options and DataLog file location via a configuration file.
2813         The configuration file is specified with the --configFile option to JSC or the
2814         JSC_configFile environment variable.
2815
2816         The file format allows for options conditionally dependent on various attributes.
2817         Currently those attributes are the process name, parent process name and build
2818         type (Release or Debug).  In this patch, the parent process type is not set.
2819         That will be set up in WebKit code with a follow up patch.
2820
2821         Here is an example config file:
2822
2823             logFile = "/tmp/jscLog.%pid.txt"
2824
2825             jscOptions {
2826                 dumpOptions = 2
2827             }
2828
2829             build == "Debug" {
2830                 jscOptions {
2831                     useConcurrentJIT = false
2832                     dumpDisassembly = true
2833                 }
2834             }
2835
2836             build == "Release" && processName == "jsc" {
2837                 jscOptions {
2838                     asyncDisassembly = true
2839                 }
2840             }
2841
2842         Eliminated the prior options file code.
2843
2844         * CMakeLists.txt:
2845         * JavaScriptCore.xcodeproj/project.pbxproj:
2846         * jsc.cpp:
2847         (jscmain):
2848         * runtime/ConfigFile.cpp: Added.
2849         (JSC::ConfigFileScanner::ConfigFileScanner):
2850         (JSC::ConfigFileScanner::start):
2851         (JSC::ConfigFileScanner::lineNumber):
2852         (JSC::ConfigFileScanner::currentBuffer):
2853         (JSC::ConfigFileScanner::atFileEnd):
2854         (JSC::ConfigFileScanner::tryConsume):
2855         (JSC::ConfigFileScanner::tryConsumeString):
2856         (JSC::ConfigFileScanner::tryConsumeUpto):
2857         (JSC::ConfigFileScanner::fillBufferIfNeeded):
2858         (JSC::ConfigFileScanner::fillBuffer):
2859         (JSC::ConfigFile::ConfigFile):
2860         (JSC::ConfigFile::setProcessName):
2861         (JSC::ConfigFile::setParentProcessName):
2862         (JSC::ConfigFile::parse):
2863         * runtime/ConfigFile.h: Added.
2864         * runtime/Options.cpp:
2865         (JSC::Options::initialize):
2866         (JSC::Options::setOptions):
2867         * runtime/Options.h:
2868
2869 2017-02-27  Alex Christensen  <achristensen@webkit.org>
2870
2871         Begin enabling WebRTC on 64-bit
2872         https://bugs.webkit.org/show_bug.cgi?id=168915
2873
2874         Reviewed by Eric Carlson.
2875
2876         * Configurations/FeatureDefines.xcconfig:
2877
2878 2017-02-27  Mark Lam  <mark.lam@apple.com>
2879
2880         Introduce a VM Traps mechanism and refactor Watchdog to use it.
2881         https://bugs.webkit.org/show_bug.cgi?id=168842
2882
2883         Reviewed by Filip Pizlo.
2884
2885         Currently, the traps mechanism is only used for the JSC watchdog, and for
2886         asynchronous termination requests (which is currently only used for worker
2887         threads termination).
2888
2889         This first cut of the traps mechanism still relies on polling from DFG and FTL
2890         code.  This is done to keep the patch as small as possible.  The work to do
2891         a non-polling version of the traps mechanism for DFG and FTL code is deferred to
2892         another patch.
2893
2894         In this patch, worker threads still need to set the VM::m_needAsynchronousTerminationSupport
2895         flag to enable the traps polling in the DFG and FTL code.  When we have the
2896         non-polling version of the DFG and FTL traps mechanism, we can remove the use of
2897         the VM::m_needAsynchronousTerminationSupport flag.
2898
2899         Note: this patch also separates asynchronous termination support from the JSC
2900         watchdog.  This separation allows us to significantly simplify the locking
2901         requirements in the watchdog code, and make it easier to reason about its
2902         correctness.
2903
2904         * CMakeLists.txt:
2905         * JavaScriptCore.xcodeproj/project.pbxproj:
2906         * bytecode/BytecodeList.json:
2907         * bytecode/BytecodeUseDef.h:
2908         (JSC::computeUsesForBytecodeOffset):
2909         (JSC::computeDefsForBytecodeOffset):
2910         * bytecode/CodeBlock.cpp:
2911         (JSC::CodeBlock::dumpBytecode):
2912         * bytecompiler/BytecodeGenerator.cpp:
2913         (JSC::BytecodeGenerator::BytecodeGenerator):
2914         (JSC::BytecodeGenerator::emitLoopHint):
2915         (JSC::BytecodeGenerator::emitCheckTraps):
2916         (JSC::BytecodeGenerator::emitWatchdog): Deleted.
2917         * bytecompiler/BytecodeGenerator.h:
2918         * dfg/DFGAbstractInterpreterInlines.h:
2919         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2920         * dfg/DFGByteCodeParser.cpp:
2921         (JSC::DFG::ByteCodeParser::parseBlock):
2922         * dfg/DFGCapabilities.cpp:
2923         (JSC::DFG::capabilityLevel):
2924         * dfg/DFGClobberize.h:
2925         (JSC::DFG::clobberize):
2926         * dfg/DFGDoesGC.cpp:
2927         (JSC::DFG::doesGC):
2928         * dfg/DFGFixupPhase.cpp:
2929         (JSC::DFG::FixupPhase::fixupNode):
2930         * dfg/DFGNodeType.h:
2931         * dfg/DFGPredictionPropagationPhase.cpp:
2932         * dfg/DFGSafeToExecute.h:
2933         (JSC::DFG::safeToExecute):
2934         * dfg/DFGSpeculativeJIT.cpp:
2935         (JSC::DFG::SpeculativeJIT::compileCheckTraps):
2936         * dfg/DFGSpeculativeJIT.h:
2937         * dfg/DFGSpeculativeJIT32_64.cpp:
2938         (JSC::DFG::SpeculativeJIT::compile):
2939         * dfg/DFGSpeculativeJIT64.cpp:
2940         (JSC::DFG::SpeculativeJIT::compile):
2941         * ftl/FTLCapabilities.cpp:
2942         (JSC::FTL::canCompile):
2943         * ftl/FTLLowerDFGToB3.cpp:
2944         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2945         (JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):
2946         (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer): Deleted.
2947         * interpreter/Interpreter.cpp:
2948         (JSC::Interpreter::executeProgram):
2949         (JSC::Interpreter::executeCall):
2950         (JSC::Interpreter::executeConstruct):
2951         (JSC::Interpreter::execute):
2952         * jit/JIT.cpp:
2953         (JSC::JIT::privateCompileMainPass):
2954         (JSC::JIT::privateCompileSlowCases):
2955         * jit/JIT.h:
2956         * jit/JITOpcodes.cpp:
2957         (JSC::JIT::emit_op_check_traps):
2958         (JSC::JIT::emitSlow_op_check_traps):
2959         (JSC::JIT::emit_op_watchdog): Deleted.
2960         (JSC::JIT::emitSlow_op_watchdog): Deleted.
2961         * jit/JITOperations.cpp:
2962         * jit/JITOperations.h:
2963         * llint/LLIntSlowPaths.cpp:
2964         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2965         * llint/LLIntSlowPaths.h:
2966         * llint/LowLevelInterpreter.asm:
2967         * llint/LowLevelInterpreter32_64.asm:
2968         * llint/LowLevelInterpreter64.asm:
2969         * runtime/VM.cpp:
2970         (JSC::VM::~VM):
2971         (JSC::VM::ensureWatchdog):
2972         (JSC::VM::handleTraps):
2973         * runtime/VM.h:
2974         (JSC::VM::ownerThread):
2975         (JSC::VM::needTrapHandling):
2976         (JSC::VM::needTrapHandlingAddress):
2977         (JSC::VM::notifyNeedTermination):
2978         (JSC::VM::notifyNeedWatchdogCheck):
2979         (JSC::VM::needAsynchronousTerminationSupport):
2980         (JSC::VM::setNeedAsynchronousTerminationSupport):
2981         * runtime/VMInlines.h:
2982         (JSC::VM::shouldTriggerTermination): Deleted.
2983         * runtime/VMTraps.cpp: Added.
2984         (JSC::VMTraps::fireTrap):
2985         (JSC::VMTraps::takeTrap):
2986         * runtime/VMTraps.h: Added.
2987         (JSC::VMTraps::needTrapHandling):
2988         (JSC::VMTraps::needTrapHandlingAddress):
2989         (JSC::VMTraps::hasTrapForEvent):
2990         (JSC::VMTraps::setTrapForEvent):
2991         (JSC::VMTraps::clearTrapForEvent):
2992         * runtime/Watchdog.cpp:
2993         (JSC::Watchdog::Watchdog):
2994         (JSC::Watchdog::setTimeLimit):
2995         (JSC::Watchdog::shouldTerminate):
2996         (JSC::Watchdog::enteredVM):
2997         (JSC::Watchdog::exitedVM):
2998         (JSC::Watchdog::startTimer):
2999         (JSC::Watchdog::stopTimer):
3000         (JSC::Watchdog::willDestroyVM):
3001         (JSC::Watchdog::terminateSoon): Deleted.
3002         (JSC::Watchdog::shouldTerminateSlow): Deleted.
3003         * runtime/Watchdog.h:
3004         (JSC::Watchdog::shouldTerminate): Deleted.
3005         (JSC::Watchdog::timerDidFireAddress): Deleted.
3006
3007 2017-02-27  Commit Queue  <commit-queue@webkit.org>
3008
3009         Unreviewed, rolling out r213019.
3010         https://bugs.webkit.org/show_bug.cgi?id=168925
3011
3012         "It broke 32-bit jsc tests in debug builds" (Requested by
3013         saamyjoon on #webkit).
3014
3015         Reverted changeset:
3016
3017         "op_get_by_id_with_this should use inline caching"
3018         https://bugs.webkit.org/show_bug.cgi?id=162124
3019         http://trac.webkit.org/changeset/213019
3020
3021 2017-02-27  JF Bastien  <jfbastien@apple.com>
3022
3023         WebAssembly: miscellaneous spec fixes part deux
3024         https://bugs.webkit.org/show_bug.cgi?id=168861
3025
3026         Reviewed by Keith Miller.
3027
3028         * wasm/WasmFunctionParser.h: add some FIXME
3029
3030 2017-02-27  Alex Christensen  <achristensen@webkit.org>
3031
3032         [libwebrtc] Enable WebRTC in some Production Builds
3033         https://bugs.webkit.org/show_bug.cgi?id=168858
3034
3035         * Configurations/FeatureDefines.xcconfig:
3036
3037 2017-02-26  Caio Lima  <ticaiolima@gmail.com>
3038
3039         op_get_by_id_with_this should use inline caching
3040         https://bugs.webkit.org/show_bug.cgi?id=162124
3041
3042         Reviewed by Saam Barati.
3043
3044         This patch is enabling inline cache for op_get_by_id_with_this in all
3045         tiers. It means that operations using ```super.member``` are going to
3046         be able to be optimized by PIC. To enable it, we introduced a new
3047         member of StructureStubInfo.patch named thisGPR, created a new class
3048         to manage the IC named JITGetByIdWithThisGenerator and changed
3049         PolymorphicAccess.regenerate that uses StructureStubInfo.patch.thisGPR
3050         to decide the correct this value on inline caches.
3051         With inline cached enabled, ```super.member``` are ~4.5x faster,
3052         according microbenchmarks.
3053
3054         * bytecode/AccessCase.cpp:
3055         (JSC::AccessCase::generateImpl):
3056         * bytecode/PolymorphicAccess.cpp:
3057         (JSC::PolymorphicAccess::regenerate):
3058         * bytecode/PolymorphicAccess.h:
3059         * bytecode/StructureStubInfo.cpp:
3060         (JSC::StructureStubInfo::reset):
3061         * bytecode/StructureStubInfo.h:
3062         * dfg/DFGFixupPhase.cpp:
3063         (JSC::DFG::FixupPhase::fixupNode):
3064         * dfg/DFGJITCompiler.cpp:
3065         (JSC::DFG::JITCompiler::link):
3066         * dfg/DFGJITCompiler.h:
3067         (JSC::DFG::JITCompiler::addGetByIdWithThis):
3068         * dfg/DFGSpeculativeJIT.cpp:
3069         (JSC::DFG::SpeculativeJIT::compileIn):
3070         * dfg/DFGSpeculativeJIT.h:
3071         (JSC::DFG::SpeculativeJIT::callOperation):
3072         * dfg/DFGSpeculativeJIT32_64.cpp:
3073         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3074         (JSC::DFG::SpeculativeJIT::compile):
3075         * dfg/DFGSpeculativeJIT64.cpp:
3076         (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3077         (JSC::DFG::SpeculativeJIT::compile):
3078         * ftl/FTLLowerDFGToB3.cpp:
3079         (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThis):
3080         (JSC::FTL::DFG::LowerDFGToB3::compileIn):
3081         (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis):
3082         * jit/CCallHelpers.h:
3083         (JSC::CCallHelpers::setupArgumentsWithExecState):
3084         * jit/ICStats.h:
3085         * jit/JIT.cpp:
3086         (JSC::JIT::JIT):
3087         (JSC::JIT::privateCompileSlowCases):
3088         (JSC::JIT::link):
3089         * jit/JIT.h:
3090         * jit/JITInlineCacheGenerator.cpp:
3091         (JSC::JITByIdGenerator::JITByIdGenerator):
3092         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
3093         (JSC::JITGetByIdWithThisGenerator::generateFastPath):
3094         * jit/JITInlineCacheGenerator.h:
3095         (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
3096         * jit/JITInlines.h:
3097         (JSC::JIT::callOperation):
3098         * jit/JITOperations.cpp:
3099         * jit/JITOperations.h:
3100         * jit/JITPropertyAccess.cpp:
3101         (JSC::JIT::emit_op_get_by_id_with_this):
3102         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3103         * jit/JITPropertyAccess32_64.cpp:
3104         (JSC::JIT::emit_op_get_by_id_with_this):
3105         (JSC::JIT::emitSlow_op_get_by_id_with_this):
3106         * jit/Repatch.cpp:
3107         (JSC::appropriateOptimizingGetByIdFunction):
3108         (JSC::appropriateGenericGetByIdFunction):
3109         (JSC::tryCacheGetByID):
3110         * jit/Repatch.h:
3111         * jsc.cpp:
3112         (WTF::CustomGetter::getOwnPropertySlot):
3113         (WTF::CustomGetter::customGetterAcessor):
3114
3115 2017-02-24  JF Bastien  <jfbastien@apple.com>
3116
3117         WebAssembly: miscellaneous spec fixes
3118         https://bugs.webkit.org/show_bug.cgi?id=168822
3119
3120         Reviewed by Saam Barati.
3121
3122         * wasm/WasmModuleParser.cpp: "unknown" sections are now called "custom" sections
3123         * wasm/WasmSections.h:
3124         (JSC::Wasm::validateOrder):
3125         (JSC::Wasm::makeString): fix ASSERT_UNREACHABLE bug in printing
3126         * wasm/js/WebAssemblyInstanceConstructor.cpp:
3127         (JSC::constructJSWebAssemblyInstance): disallow i64 import
3128         * wasm/js/WebAssemblyModuleRecord.cpp:
3129         (JSC::WebAssemblyModuleRecord::link): disallow i64 export
3130         (JSC::WebAssemblyModuleRecord::evaluate):
3131
3132 2017-02-24  Filip Pizlo  <fpizlo@apple.com>
3133
3134         Move Arg::Type and Arg::Width out into the B3 namespace, since they are general concepts
3135         https://bugs.webkit.org/show_bug.cgi?id=168833
3136
3137         Reviewed by Saam Barati.
3138         
3139         I want to use the Air::Arg::Type and Air::Arg::Width concepts in B3. We are already
3140         doing this a bit, and it's akward because of the namespacing. Throughout B3 we take the
3141         approach that if something is not specific to Air, then it should be in the B3
3142         namespace.
3143         
3144         This moves Air::Arg::Type to B3::Bank. This moves Air::Arg::Width to B3::Width.
3145         
3146         I renamed Arg::Type to Bank because there is already a B3::Type and because Arg::Type
3147         was never really a type. Its purpose was always to identify register banks, and we use
3148         this enum when the thing we care about is whether the value is most appropriate for
3149         GPRs or FPRs.
3150         
3151         I kept both as non-enum classes because I think that we've learned that terse compiler
3152         code is a good thing. I don't want to say Bank::GP when I can say GP. With Width, the
3153         argument is even stronger, since you cannot say Width::8 but you can say Width8.
3154
3155         * CMakeLists.txt:
3156         * JavaScriptCore.xcodeproj/project.pbxproj:
3157         * b3/B3Bank.cpp: Added.
3158         (WTF::printInternal):
3159         * b3/B3Bank.h: Added.
3160         (JSC::B3::forEachBank):
3161         (JSC::B3::bankForType):
3162         * b3/B3CheckSpecial.cpp:
3163         (JSC::B3::CheckSpecial::forEachArg):
3164         * b3/B3LegalizeMemoryOffsets.cpp:
3165         * b3/B3LowerToAir.cpp:
3166         (JSC::B3::Air::LowerToAir::run):
3167         (JSC::B3::Air::LowerToAir::tmp):
3168         (JSC::B3::Air::LowerToAir::scaleForShl):
3169         (JSC::B3::Air::LowerToAir::effectiveAddr):
3170         (JSC::B3::Air::LowerToAir::addr):
3171         (JSC::B3::Air::LowerToAir::createGenericCompare):
3172         (JSC::B3::Air::LowerToAir::createBranch):
3173         (JSC::B3::Air::LowerToAir::createCompare):
3174         (JSC::B3::Air::LowerToAir::createSelect):
3175         (JSC::B3::Air::LowerToAir::lower):
3176         * b3/B3MemoryValue.cpp:
3177         (JSC::B3::MemoryValue::accessWidth):
3178         * b3/B3MemoryValue.h:
3179         * b3/B3MoveConstants.cpp:
3180         * b3/B3PatchpointSpecial.cpp:
3181         (JSC::B3::PatchpointSpecial::forEachArg):
3182         * b3/B3StackmapSpecial.cpp:
3183         (JSC::B3::StackmapSpecial::forEachArgImpl):
3184         * b3/B3Value.h:
3185         * b3/B3Variable.h:
3186         (JSC::B3::Variable::width):
3187         (JSC::B3::Variable::bank):
3188         * b3/B3WasmAddressValue.h:
3189         * b3/B3Width.cpp: Added.
3190         (WTF::printInternal):
3191         * b3/B3Width.h: Added.
3192         (JSC::B3::pointerWidth):
3193         (JSC::B3::widthForType):
3194         (JSC::B3::conservativeWidth):
3195         (JSC::B3::minimumWidth):
3196         (JSC::B3::bytes):
3197         (JSC::B3::widthForBytes):
3198         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3199         * b3/air/AirAllocateStack.cpp:
3200         (JSC::B3::Air::allocateStack):
3201         * b3/air/AirArg.cpp:
3202         (JSC::B3::Air::Arg::canRepresent):
3203         (JSC::B3::Air::Arg::isCompatibleBank):
3204         (JSC::B3::Air::Arg::isCompatibleType): Deleted.
3205         * b3/air/AirArg.h:
3206         (JSC::B3::Air::Arg::hasBank):
3207         (JSC::B3::Air::Arg::bank):
3208         (JSC::B3::Air::Arg::isBank):
3209         (JSC::B3::Air::Arg::forEachTmp):
3210         (JSC::B3::Air::Arg::forEachType): Deleted.
3211         (JSC::B3::Air::Arg::pointerWidth): Deleted.
3212         (JSC::B3::Air::Arg::typeForB3Type): Deleted.
3213         (JSC::B3::Air::Arg::widthForB3Type): Deleted.
3214         (JSC::B3::Air::Arg::conservativeWidth): Deleted.
3215         (JSC::B3::Air::Arg::minimumWidth): Deleted.
3216         (JSC::B3::Air::Arg::bytes): Deleted.
3217         (JSC::B3::Air::Arg::widthForBytes): Deleted.
3218         (JSC::B3::Air::Arg::hasType): Deleted.
3219         (JSC::B3::Air::Arg::type): Deleted.
3220         (JSC::B3::Air::Arg::isType): Deleted.
3221         * b3/air/AirArgInlines.h:
3222         (JSC::B3::Air::ArgThingHelper<Tmp>::forEach):
3223         (JSC::B3::Air::ArgThingHelper<Arg>::forEach):
3224         (JSC::B3::Air::ArgThingHelper<Reg>::forEach):
3225         (JSC::B3::Air::Arg::forEach):
3226         * b3/air/AirCCallSpecial.cpp:
3227         (JSC::B3::Air::CCallSpecial::forEachArg):
3228         * b3/air/AirCCallingConvention.cpp:
3229         * b3/air/AirCode.cpp:
3230         (JSC::B3::Air::Code::Code):
3231         (JSC::B3::Air::Code::setRegsInPriorityOrder):
3232         (JSC::B3::Air::Code::pinRegister):
3233         * b3/air/AirCode.h:
3234         (JSC::B3::Air::Code::regsInPriorityOrder):
3235         (JSC::B3::Air::Code::newTmp):
3236         (JSC::B3::Air::Code::numTmps):
3237         (JSC::B3::Air::Code::regsInPriorityOrderImpl):
3238         * b3/air/AirCustom.cpp:
3239         (JSC::B3::Air::PatchCustom::isValidForm):
3240         (JSC::B3::Air::ShuffleCustom::isValidForm):
3241         * b3/air/AirCustom.h:
3242         (JSC::B3::Air::PatchCustom::forEachArg):
3243         (JSC::B3::Air::CCallCustom::forEachArg):
3244         (JSC::B3::Air::ColdCCallCustom::forEachArg):
3245         (JSC::B3::Air::ShuffleCustom::forEachArg):
3246         (JSC::B3::Air::WasmBoundsCheckCustom::forEachArg):
3247         * b3/air/AirDumpAsJS.cpp:
3248         (JSC::B3::Air::dumpAsJS):
3249         * b3/air/AirEliminateDeadCode.cpp:
3250         (JSC::B3::Air::eliminateDeadCode):
3251         * b3/air/AirEmitShuffle.cpp:
3252         (JSC::B3::Air::emitShuffle):
3253         * b3/air/AirEmitShuffle.h:
3254         (JSC::B3::Air::ShufflePair::ShufflePair):
3255         (JSC::B3::Air::ShufflePair::width):
3256         * b3/air/AirFixObviousSpills.cpp:
3257         * b3/air/AirFixPartialRegisterStalls.cpp:
3258         (JSC::B3::Air::fixPartialRegisterStalls):
3259         * b3/air/AirInst.cpp:
3260         (JSC::B3::Air::Inst::hasArgEffects):
3261         * b3/air/AirInst.h:
3262         (JSC::B3::Air::Inst::forEachTmp):
3263         * b3/air/AirInstInlines.h:
3264         (JSC::B3::Air::Inst::forEach):
3265         (JSC::B3::Air::Inst::forEachDef):
3266         (JSC::B3::Air::Inst::forEachDefWithExtraClobberedRegs):
3267         * b3/air/AirLiveness.h:
3268         (JSC::B3::Air::TmpLivenessAdapter::numIndices):
3269         (JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
3270         (JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
3271         (JSC::B3::Air::TmpLivenessAdapter::indexToValue):
3272         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
3273         (JSC::B3::Air::RegLivenessAdapter::acceptsBank):
3274         (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
3275         (JSC::B3::Air::AbstractLiveness::LocalCalc::execute):
3276         (JSC::B3::Air::TmpLivenessAdapter::acceptsType): Deleted.
3277         (JSC::B3::Air::StackSlotLivenessAdapter::acceptsType): Deleted.
3278         (JSC::B3::Air::RegLivenessAdapter::acceptsType): Deleted.
3279         * b3/air/AirLogRegisterPressure.cpp:
3280         (JSC::B3::Air::logRegisterPressure):
3281         * b3/air/AirLowerAfterRegAlloc.cpp:
3282         (JSC::B3::Air::lowerAfterRegAlloc):
3283         * b3/air/AirLowerMacros.cpp:
3284         (JSC::B3::Air::lowerMacros):
3285         * b3/air/AirPadInterference.cpp:
3286         (JSC::B3::Air::padInterference):
3287         * b3/air/AirReportUsedRegisters.cpp:
3288         (JSC::B3::Air::reportUsedRegisters):
3289         * b3/air/AirSpillEverything.cpp:
3290         (JSC::B3::Air::spillEverything):
3291         * b3/air/AirTmpInlines.h:
3292         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex): Deleted.
3293         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::lastMachineRegisterIndex): Deleted.
3294         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
3295         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex): Deleted.
3296         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::lastMachineRegisterIndex): Deleted.
3297         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
3298         * b3/air/AirTmpWidth.cpp:
3299         (JSC::B3::Air::TmpWidth::recompute):
3300         * b3/air/AirTmpWidth.h:
3301         (JSC::B3::Air::TmpWidth::width):
3302         (JSC::B3::Air::TmpWidth::requiredWidth):
3303         (JSC::B3::Air::TmpWidth::defWidth):
3304         (JSC::B3::Air::TmpWidth::useWidth):
3305         (JSC::B3::Air::TmpWidth::Widths::Widths):
3306         * b3/air/AirUseCounts.h:
3307         (JSC::B3::Air::UseCounts::UseCounts):
3308         * b3/air/AirValidate.cpp:
3309         * b3/air/opcode_generator.rb:
3310         * b3/air/testair.cpp:
3311         (JSC::B3::Air::compile): Deleted.
3312         (JSC::B3::Air::invoke): Deleted.
3313         (JSC::B3::Air::compileAndRun): Deleted.
3314         (JSC::B3::Air::testSimple): Deleted.
3315         (JSC::B3::Air::loadConstantImpl): Deleted.
3316         (JSC::B3::Air::loadConstant): Deleted.
3317         (JSC::B3::Air::loadDoubleConstant): Deleted.
3318         (JSC::B3::Air::testShuffleSimpleSwap): Deleted.
3319         (JSC::B3::Air::testShuffleSimpleShift): Deleted.
3320         (JSC::B3::Air::testShuffleLongShift): Deleted.
3321         (JSC::B3::Air::testShuffleLongShiftBackwards): Deleted.
3322         (JSC::B3::Air::testShuffleSimpleRotate): Deleted.
3323         (JSC::B3::Air::testShuffleSimpleBroadcast): Deleted.
3324         (JSC::B3::Air::testShuffleBroadcastAllRegs): Deleted.
3325         (JSC::B3::Air::testShuffleTreeShift): Deleted.
3326         (JSC::B3::Air::testShuffleTreeShiftBackward): Deleted.
3327         (JSC::B3::Air::testShuffleTreeShiftOtherBackward): Deleted.
3328         (JSC::B3::Air::testShuffleMultipleShifts): Deleted.
3329         (JSC::B3::Air::testShuffleRotateWithFringe): Deleted.
3330         (JSC::B3::Air::testShuffleRotateWithFringeInWeirdOrder): Deleted.
3331         (JSC::B3::Air::testShuffleRotateWithLongFringe): Deleted.
3332         (JSC::B3::Air::testShuffleMultipleRotates): Deleted.
3333         (JSC::B3::Air::testShuffleShiftAndRotate): Deleted.
3334         (JSC::B3::Air::testShuffleShiftAllRegs): Deleted.
3335         (JSC::B3::Air::testShuffleRotateAllRegs): Deleted.
3336         (JSC::B3::Air::testShuffleSimpleSwap64): Deleted.
3337         (JSC::B3::Air::testShuffleSimpleShift64): Deleted.
3338         (JSC::B3::Air::testShuffleSwapMixedWidth): Deleted.
3339         (JSC::B3::Air::testShuffleShiftMixedWidth): Deleted.
3340         (JSC::B3::Air::testShuffleShiftMemory): Deleted.
3341         (JSC::B3::Air::testShuffleShiftMemoryLong): Deleted.
3342         (JSC::B3::Air::testShuffleShiftMemoryAllRegs): Deleted.
3343         (JSC::B3::Air::testShuffleShiftMemoryAllRegs64): Deleted.
3344         (JSC::B3::Air::combineHiLo): Deleted.
3345         (JSC::B3::Air::testShuffleShiftMemoryAllRegsMixedWidth): Deleted.
3346         (JSC::B3::Air::testShuffleRotateMemory): Deleted.
3347         (JSC::B3::Air::testShuffleRotateMemory64): Deleted.
3348         (JSC::B3::Air::testShuffleRotateMemoryMixedWidth): Deleted.
3349         (JSC::B3::Air::testShuffleRotateMemoryAllRegs64): Deleted.
3350         (JSC::B3::Air::testShuffleRotateMemoryAllRegsMixedWidth): Deleted.
3351         (JSC::B3::Air::testShuffleSwapDouble): Deleted.
3352         (JSC::B3::Air::testShuffleShiftDouble): Deleted.
3353         (JSC::B3::Air::testX86VMULSD): Deleted.
3354         (JSC::B3::Air::testX86VMULSDDestRex): Deleted.
3355         (JSC::B3::Air::testX86VMULSDOp1DestRex): Deleted.
3356         (JSC::B3::Air::testX86VMULSDOp2DestRex): Deleted.
3357         (JSC::B3::Air::testX86VMULSDOpsDestRex): Deleted.
3358         (JSC::B3::Air::testX86VMULSDAddr): Deleted.
3359         (JSC::B3::Air::testX86VMULSDAddrOpRexAddr): Deleted.
3360         (JSC::B3::Air::testX86VMULSDDestRexAddr): Deleted.
3361         (JSC::B3::Air::testX86VMULSDRegOpDestRexAddr): Deleted.
3362         (JSC::B3::Air::testX86VMULSDAddrOpDestRexAddr): Deleted.
3363         (JSC::B3::Air::testX86VMULSDBaseNeedsRex): Deleted.
3364         (JSC::B3::Air::testX86VMULSDIndexNeedsRex): Deleted.
3365         (JSC::B3::Air::testX86VMULSDBaseIndexNeedRex): Deleted.
3366         (JSC::B3::Air::run): Deleted.
3367
3368 2017-02-24  Keith Miller  <keith_miller@apple.com>
3369
3370         We should be able to use std::tuples as keys in HashMap
3371         https://bugs.webkit.org/show_bug.cgi?id=168805
3372
3373         Reviewed by Filip Pizlo.
3374
3375         Convert the mess of std::pairs we used as the keys in PrototypeMap
3376         to a std::tuple. I also plan on using this for a HashMap in wasm.
3377
3378         * JavaScriptCore.xcodeproj/project.pbxproj:
3379         * runtime/PrototypeMap.cpp:
3380         (JSC::PrototypeMap::createEmptyStructure):
3381         (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
3382         * runtime/PrototypeMap.h:
3383
3384 2017-02-24  Saam Barati  <sbarati@apple.com>
3385
3386         Unreviewed. Remove inaccurate copy-paste comment from r212939.
3387
3388         * dfg/DFGOperations.cpp:
3389
3390 2017-02-23  Saam Barati  <sbarati@apple.com>
3391
3392         Intrinsicify parseInt
3393         https://bugs.webkit.org/show_bug.cgi?id=168627
3394
3395         Reviewed by Filip Pizlo.
3396
3397         This patch makes parseInt an intrinsic in the DFG and FTL.
3398         We do our best to eliminate this node. If we speculate that
3399         the first operand to the operation is an int32, and that there
3400         isn't a second operand, we convert to the identity of the first
3401         operand. That's because parseInt(someInt) === someInt.
3402         
3403         If the first operand is proven to be an integer, and the second
3404         operand is the integer 0 or the integer 10, we can eliminate the
3405         node by making it an identity over its first operand. That's
3406         because parseInt(someInt, 0) === someInt and parseInt(someInt, 10) === someInt.
3407         
3408         If we are not able to constant fold the node away, we try to remove
3409         checks. The most common use case of parseInt is that its first operand
3410         is a proven string. The DFG might be able to remove type checks in this
3411         case. We also set up CSE rules for parseInt(someString, someIntRadix)
3412         because it's a "pure" operation (modulo resolving a rope).
3413
3414         This looks to be a 4% Octane/Box2D progression.
3415
3416         * dfg/DFGAbstractInterpreterInlines.h:
3417         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3418         * dfg/DFGByteCodeParser.cpp:
3419         (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
3420         * dfg/DFGClobberize.h:
3421         (JSC::DFG::clobberize):
3422         * dfg/DFGConstantFoldingPhase.cpp:
3423         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3424         * dfg/DFGDoesGC.cpp:
3425         (JSC::DFG::doesGC):
3426         * dfg/DFGFixupPhase.cpp:
3427         (JSC::DFG::FixupPhase::fixupNode):
3428         * dfg/DFGNode.h:
3429         (JSC::DFG::Node::hasHeapPrediction):
3430         * dfg/DFGNodeType.h:
3431         * dfg/DFGOperations.cpp:
3432         (JSC::DFG::parseIntResult):
3433         * dfg/DFGOperations.h:
3434         * dfg/DFGPredictionPropagationPhase.cpp:
3435         * dfg/DFGSafeToExecute.h:
3436         (JSC::DFG::safeToExecute):
3437         * dfg/DFGSpeculativeJIT.cpp:
3438         (JSC::DFG::SpeculativeJIT::compileParseInt):
3439         * dfg/DFGSpeculativeJIT.h:
3440         (JSC::DFG::SpeculativeJIT::callOperation):
3441         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
3442         * dfg/DFGSpeculativeJIT32_64.cpp:
3443         (JSC::DFG::SpeculativeJIT::compile):
3444         * dfg/DFGSpeculativeJIT64.cpp:
3445         (JSC::DFG::SpeculativeJIT::compile):
3446         * ftl/FTLCapabilities.cpp:
3447         (JSC::FTL::canCompile):
3448         * ftl/FTLLowerDFGToB3.cpp:
3449         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
3450         (JSC::FTL::DFG::LowerDFGToB3::compileParseInt):
3451         * jit/JITOperations.h:
3452         * parser/Lexer.cpp:
3453         * runtime/ErrorInstance.cpp:
3454         * runtime/Intrinsic.h:
3455         * runtime/JSGlobalObject.cpp:
3456         (JSC::JSGlobalObject::init):
3457         * runtime/JSGlobalObjectFunctions.cpp:
3458         (JSC::toStringView): Deleted.
3459         (JSC::isStrWhiteSpace): Deleted.
3460         (JSC::parseDigit): Deleted.
3461         (JSC::parseIntOverflow): Deleted.
3462         (JSC::parseInt): Deleted.
3463         * runtime/JSGlobalObjectFunctions.h:
3464         * runtime/ParseInt.h: Added.
3465         (JSC::parseDigit):
3466         (JSC::parseIntOverflow):
3467         (JSC::isStrWhiteSpace):
3468         (JSC::parseInt):
3469         (JSC::toStringView):
3470         * runtime/StringPrototype.cpp:
3471
3472 2017-02-23  JF Bastien  <jfbastien@apple.com>
3473
3474         WebAssembly: support 0x1 version
3475         https://bugs.webkit.org/show_bug.cgi?id=168672
3476
3477         Reviewed by Keith Miller.
3478
3479         * wasm/wasm.json: update the version number, everything is based
3480         on its value
3481
3482 2017-02-23  Saam Barati  <sbarati@apple.com>
3483
3484         Make Briggs fixpoint validation run only with validateGraphAtEachPhase
3485         https://bugs.webkit.org/show_bug.cgi?id=168795
3486
3487         Rubber stamped by Keith Miller.
3488
3489         The Briggs allocator was running intensive validation
3490         on each step of the fixpoint. Instead, it now will just
3491         do it when shouldValidateIRAtEachPhase() is true because
3492         doing this for all !ASSERT_DISABLED builds takes too long.
3493
3494         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3495
3496 2017-02-23  Filip Pizlo  <fpizlo@apple.com>
3497
3498         SpeculativeJIT::compilePutByValForIntTypedArray should only do the constant-folding optimization when the constant passes the type check
3499         https://bugs.webkit.org/show_bug.cgi?id=168787
3500
3501         Reviewed by Michael Saboff and Mark Lam.
3502
3503         * dfg/DFGSpeculativeJIT.cpp:
3504         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3505
3506 2017-02-23  Mark Lam  <mark.lam@apple.com>
3507
3508         Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
3509         https://bugs.webkit.org/show_bug.cgi?id=168786
3510
3511         Reviewed by Filip Pizlo.
3512
3513         In practice, we will always have multiple instructions after invalidation points,
3514         and have enough room in the JIT buffer for the invalidation point to work with.
3515         However, as a precaution, we can guarantee that there's enough room by always
3516         emitting a label just before we link the buffer.  The label will emit nop padding
3517         if needed.
3518
3519         * assembler/LinkBuffer.cpp:
3520         (JSC::LinkBuffer::linkCode):
3521
3522 2017-02-23  Keith Miller  <keith_miller@apple.com>
3523
3524         Unreviewed, fix the cloop build. Needed a #if.
3525
3526         * jit/ExecutableAllocator.cpp:
3527
3528 2017-02-22  Carlos Garcia Campos  <cgarcia@igalia.com>
3529
3530         Better handle Thread and RunLoop initialization
3531         https://bugs.webkit.org/show_bug.cgi?id=167828
3532
3533         Reviewed by Yusuke Suzuki.
3534
3535         * runtime/InitializeThreading.cpp:
3536         (JSC::initializeThreading): Do not initialize double_conversion, that is already initialized by WTF, and GC
3537         threads that will be initialized by WTF main thread when needed.
3538
3539 2017-02-22  JF Bastien  <jfbastien@apple.com>
3540
3541         WebAssembly: clear out insignificant i32 bits when calling JavaScript
3542         https://bugs.webkit.org/show_bug.cgi?id=166677
3543
3544         Reviewed by Keith Miller.
3545
3546         When WebAssembly calls JavaScript it needs to clear out the
3547         insignificant bits of int32 values:
3548
3549           +------------------- tag
3550           |  +---------------- insignificant
3551           |  |   +------------ 32-bit integer value
3552           |  |   |
3553           |--|---|-------|
3554         0xffff0000ffffffff
3555
3556         At least some JavaScript code assumes that these bits are all
3557         zero. In the wasm-to-wasm.js example we store a 64-bit value in an
3558         object with lo / hi fields, each containing 32-bit integers. We
3559         then load these back, and the baseline compiler fails its
3560         comparison because it first checks the value are the same type
3561         (yes, because the int32 tag is set in both), and then whether they
3562         have the same value (no, because comparing the two registers
3563         fails). We could argue that the baseline compiler is wrong for
3564         performing a 64-bit comparison, but it doesn't really matter
3565         because there's not much of a point in breaking that invariant for
3566         WebAssembly's sake.
3567
3568         * wasm/WasmBinding.cpp:
3569         (JSC::Wasm::wasmToJs):
3570
3571 2017-02-22  Keith Miller  <keith_miller@apple.com>
3572
3573         Remove the demand executable allocator
3574         https://bugs.webkit.org/show_bug.cgi?id=168754
3575
3576         Reviewed by Saam Barati.
3577
3578         We currently only use the demand executable allocator for non-iOS 32-bit platforms.
3579         Benchmark results on a MBP indicate there is no appreciable performance difference
3580         between a the fixed and demand allocators. In a future patch I will go back through
3581         this code and remove more of the abstractions.
3582
3583         * JavaScriptCore.xcodeproj/project.pbxproj:
3584         * jit/ExecutableAllocator.cpp:
3585         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
3586         (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
3587         (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
3588         (JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
3589         (JSC::ExecutableAllocator::initializeAllocator):
3590         (JSC::ExecutableAllocator::ExecutableAllocator):
3591         (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
3592         (JSC::ExecutableAllocator::isValid):
3593         (JSC::ExecutableAllocator::underMemoryPressure):
3594         (JSC::ExecutableAllocator::memoryPressureMultiplier):
3595         (JSC::ExecutableAllocator::allocate):
3596         (JSC::ExecutableAllocator::isValidExecutableMemory):
3597         (JSC::ExecutableAllocator::getLock):
3598         (JSC::ExecutableAllocator::committedByteCount):
3599         (JSC::ExecutableAllocator::dumpProfile):
3600         (JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
3601         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
3602         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
3603         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
3604         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
3605         (JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
3606         (JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
3607         (JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
3608         (JSC::DemandExecutableAllocator::allocators): Deleted.
3609         (JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
3610         * jit/ExecutableAllocator.h:
3611         * jit/ExecutableAllocatorFixedVMPool.cpp: Removed.
3612         * jit/JITStubRoutine.h:
3613         (JSC::JITStubRoutine::canPerformRangeFilter):
3614         (JSC::JITStubRoutine::filteringStartAddress):
3615         (JSC::JITStubRoutine::filteringExtentSize):
3616
3617 2017-02-22  Saam Barati  <sbarati@apple.com>
3618
3619         Add biased coloring to Briggs and IRC
3620         https://bugs.webkit.org/show_bug.cgi?id=168611
3621
3622         Reviewed by Filip Pizlo.
3623
3624         This patch implements biased coloring as proposed by Briggs. See section
3625         5.3.3 of his thesis for more information: http://www.cs.utexas.edu/users/mckinley/380C/lecs/briggs-thesis-1992.pdf
3626
3627         The main idea of biased coloring is this:
3628         We try to coalesce a move between u and v, but the conservative heuristic
3629         fails. We don't want coalesce the move because we don't want to risk
3630         creating an uncolorable graph. However, if the conservative heuristic fails,
3631         it's not proof that the graph is uncolorable if the move were indeed coalesced.
3632         So, when we go to color the tmps, we'll remember that we really want the
3633         same register for u and v, and if legal during coloring, we will
3634         assign them to the same register.
3635
3636         * b3/air/AirAllocateRegistersByGraphColoring.cpp:
3637
3638 2017-02-22  Yusuke Suzuki  <utatane.tea@gmail.com>
3639
3640         JSModuleNamespace object should have IC
3641         https://bugs.webkit.org/show_bug.cgi?id=160590
3642
3643         Reviewed by Saam Barati.
3644
3645         This patch optimizes accesses to module namespace objects.
3646
3647         1. Cache the resolutions for module namespace objects.
3648
3649             When constructing the module namespace object, we already resolves all the exports.
3650             The module namespace object caches this result and leverage it in the later access in
3651             getOwnPropertySlot. This avoids resolving bindings through resolveExport.
3652
3653         2. Introduce ModuleNamespaceLoad IC.
3654
3655             This patch adds new IC for module namespace objects. The mechanism is simple, getOwnPropertySlot
3656             tells us about module namespace object resolution. The IC first checks whether the given object
3657             is an expected module namespace object. If this check succeeds, we load the value from the module
3658             environment.
3659
3660         3. Introduce DFG/FTL optimization.
3661
3662             After exploiting module namespace object accesses in (2), DFG can recognize this in ByteCodeParser.
3663             DFG will convert it to CheckCell with the namespace object and GetClosureVar from the cached environment.
3664             At that time, we have a chance to fold it to the constant.
3665
3666         This optimization improves the performance of accessing to module namespace objects.
3667
3668         Before
3669             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-namespace.js
3670             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.43s user 0.03s system 101% cpu 0.451 total
3671             $ time ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m module-assert-access-binding.js
3672             ../../WebKitBuild/module-ic-tot/Release/bin/jsc -m   0.08s user 0.02s system 103% cpu 0.104 total
3673
3674         After
3675             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-namespace.js
3676             ../../WebKitBuild/module-ic/Release/bin/jsc -m   0.11s user 0.01s system 106% cpu 0.109 total
3677             $ time ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.js
3678             ../../WebKitBuild/module-ic/Release/bin/jsc -m module-assert-access-binding.j  0.08s user 0.02s system 102% cpu 0.105 total
3679
3680         * CMakeLists.txt:
3681         * JavaScriptCore.xcodeproj/project.pbxproj:
3682         * bytecode/AccessCase.cpp:
3683         (JSC::AccessCase::create):
3684         (JSC::AccessCase::guardedByStructureCheck):
3685         (JSC::AccessCase::canReplace):
3686         (JSC::AccessCase::visitWeak):
3687         (JSC::AccessCase::generateWithGuard):
3688         (JSC::AccessCase::generateImpl):
3689         * bytecode/AccessCase.h:
3690         * bytecode/GetByIdStatus.cpp:
3691         (JSC::GetByIdStatus::GetByIdStatus):
3692         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
3693         (JSC::GetByIdStatus::makesCalls):
3694         (JSC::GetByIdStatus::dump):
3695         * bytecode/GetByIdStatus.h:
3696         (JSC::GetByIdStatus::isModuleNamespace):
3697         (JSC::GetByIdStatus::takesSlowPath):
3698         (JSC::GetByIdStatus::moduleNamespaceObject):
3699         (JSC::GetByIdStatus::moduleEnvironment):
3700         (JSC::GetByIdStatus::scopeOffset):
3701         * bytecode/ModuleNamespaceAccessCase.cpp: Added.
3702         (JSC::ModuleNamespaceAccessCase::ModuleNamespaceAccessCase):
3703         (JSC::ModuleNamespaceAccessCase::create):
3704         (JSC::ModuleNamespaceAccessCase::~ModuleNamespaceAccessCase):
3705         (JSC::ModuleNamespaceAccessCase::clone):
3706         (JSC::ModuleNamespaceAccessCase::emit):
3707         * bytecode/ModuleNamespaceAccessCase.h: Added.
3708         (JSC::ModuleNamespaceAccessCase::moduleNamespaceObject):
3709         (JSC::ModuleNamespaceAccessCase::moduleEnvironment):
3710         (JSC::ModuleNamespaceAccessCase::scopeOffset):
3711         * bytecode/PolymorphicAccess.cpp:
3712         (WTF::printInternal):
3713         * dfg/DFGByteCodeParser.cpp:
3714         (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad):
3715         (JSC::DFG::ByteCodeParser::handleGetById):
3716         * jit/AssemblyHelpers.h:
3717         (JSC::AssemblyHelpers::loadValue):
3718         * jit/Repatch.cpp:
3719         (JSC::tryCacheGetByID):
3720         * runtime/AbstractModuleRecord.cpp:
3721         (JSC::AbstractModuleRecord::getModuleNamespace):
3722         * runtime/JSModuleNamespaceObject.cpp:
3723         (JSC::JSModuleNamespaceObject::finishCreation):
3724         (JSC::JSModuleNamespaceObject::visitChildren):
3725         (JSC::getValue):
3726         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
3727         (JSC::JSModuleNamespaceObject::getOwnPropertyNames):
3728         * runtime/JSModuleNamespaceObject.h:
3729         (JSC::isJSModuleNamespaceObject):
3730         (JSC::JSModuleNamespaceObject::create): Deleted.
3731         (JSC::JSModuleNamespaceObject::createStructure): Deleted.
3732         (JSC::JSModuleNamespaceObject::moduleRecord): Deleted.
3733         * runtime/JSModuleRecord.h:
3734         (JSC::JSModuleRecord::moduleEnvironment): Deleted.
3735         * runtime/PropertySlot.h:
3736         (JSC::PropertySlot::PropertySlot):
3737         (JSC::PropertySlot::domJIT):
3738         (JSC::PropertySlot::moduleNamespaceSlot):
3739         (JSC::PropertySlot::setValueModuleNamespace):
3740         (JSC::PropertySlot::setCacheableCustom):
3741
3742 2017-02-22  Saam Barati  <sbarati@apple.com>
3743
3744         Unreviewed. Rename AirGraphColoring.* files to AirAllocateRegistersByGraphColoring.* to be more consistent with the rest of the Air file names.
3745
3746         * CMakeLists.txt:
3747         * JavaScriptCore.xcodeproj/project.pbxproj:
3748         * b3/air/AirAllocateRegistersByGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirGraphColoring.cpp.
3749         * b3/air/AirAllocateRegistersByGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirGraphColoring.h.
3750         * b3/air/AirGenerate.cpp:
3751         * b3/air/AirGraphColoring.cpp: Removed.
3752         * b3/air/AirGraphColoring.h: Removed.
3753
3754 2017-02-21  Youenn Fablet  <youenn@apple.com>
3755
3756         [WebRTC][Mac] Activate libwebrtc
3757         https://bugs.webkit.org/show_bug.cgi?id=167293
3758         <rdar://problem/30401864>
3759
3760         Reviewed by Alex Christensen.
3761
3762         * Configurations/FeatureDefines.xcconfig:
3763
3764 2017-02-21  Saam Barati  <sbarati@apple.com>
3765
3766         Add the Briggs optimistic allocator to run on ARM64
3767         https://bugs.webkit.org/show_bug.cgi?id=168454
3768
3769         Reviewed by Filip Pizlo.
3770
3771         This patch adds the Briggs allocator to Air:
3772         http://www.cs.utexas.edu/users/mckinley/380C/lecs/briggs-thesis-1992.pdf
3773         It uses it by default on ARM64. I was measuring an 8-10% speedup
3774         in the phase because of this. I also wasn't able to detect a slowdown 
3775         for generated code on ARM64. There are still a few things we can do
3776         to speed things up even further. Moving the interference graph into
3777         a BitVector was another 10-20% speedup. We should consider doing this
3778         in a follow up patch. This is especially important now, since making
3779         register allocation faster has a direct impact on startup time for
3780         Wasm modules.
3781         
3782         I abstracted away the common bits between Briggs and IRC, and moved
3783         them into a common super class. In a follow up to this patch, I plan
3784         on implementing biased coloring for both Briggs and IRC (this is
3785         described in Briggs's thesis). I was able to detect a 1% slowdown
3786         with Briggs on Octane for x86-64. This is because the register file
3787         for x86-64 is smaller than ARM64. When I implemented biased coloring,
3788         I was no longer able to detect this slowdown. I still think it's a
3789         sensible plan to run Briggs on ARM64 and IRC on x86-64.
3790
3791         * CMakeLists.txt:
3792         * JavaScriptCore.xcodeproj/project.pbxproj:
3793         * b3/air/AirGenerate.cpp:
3794         (JSC::B3::Air::prepareForGeneration):
3795         * b3/air/AirGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp.
3796         (JSC::B3::Air::allocateRegistersByGraphColoring):
3797         (JSC::B3::Air::iteratedRegisterCoalescing): Deleted.
3798         * b3/air/AirGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.h.
3799         * b3/air/AirIteratedRegisterCoalescing.cpp: Removed.
3800         * b3/air/AirIteratedRegisterCoalescing.h: Removed.
3801         * runtime/Options.h:
3802
3803 2017-02-21  Mark Lam  <mark.lam@apple.com>
3804
3805         Add more missing exception checks detected by running marathon.js.
3806         https://bugs.webkit.org/show_bug.cgi?id=168697
3807
3808         Reviewed by Saam Barati.
3809
3810         * runtime/StringPrototype.cpp:
3811         (JSC::replaceUsingRegExpSearch):
3812         (JSC::replaceUsingStringSearch):
3813
3814 2017-02-21  JF Bastien  <jfbastien@apple.com>
3815
3816         FullCodeOrigin for CodeBlock+CodeOrigin printing
3817         https://bugs.webkit.org/show_bug.cgi?id=168673
3818
3819         Reviewed by Filip Pizlo.
3820
3821         WebAssembly doesn't have a CodeBlock, so printing it isn't
3822         valid. This patch adds FullCodeOrigin to handle the
3823         CodeBlock+CodeOrigin printing pattern, and uses it through all the
3824         places I could find, including Repatch.cpp where it's relevant for
3825         WebAssembly.
3826
3827         * CMakeLists.txt:
3828         * JavaScriptCore.xcodeproj/project.pbxproj:
3829         * bytecode/CodeBlock.cpp:
3830         (JSC::CodeBlock::noticeIncomingCall):
3831         * bytecode/FullCodeOrigin.cpp: Added.
3832         (JSC::FullCodeOrigin::dump):
3833         (JSC::FullCodeOrigin::dumpInContext):
3834         * bytecode/FullCodeOrigin.h: Added.
3835         (JSC::FullCodeOrigin::FullCodeOrigin):
3836         * bytecode/PolymorphicAccess.cpp:
3837         (JSC::PolymorphicAccess::regenerate):
3838         * jit/PolymorphicCallStubRoutine.cpp:
3839         (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
3840         * jit/Repatch.cpp:
3841         (JSC::linkFor):
3842         (JSC::linkDirectFor):
3843         (JSC::linkVirtualFor):
3844
3845 2017-02-21  Filip Pizlo  <fpizlo@apple.com>
3846
3847         Unreviewed, fix cloop. I managed to have my local patch for relanding be the one without the cloop
3848         fix. I keep forgetting about cloop!
3849
3850         * heap/Heap.cpp:
3851         (JSC::Heap::stopThePeriphery):
3852         * runtime/JSLock.cpp:
3853
3854 2017-02-21  Mark Lam  <mark.lam@apple.com>
3855
3856         Add missing exception checks detected by running marathon.js.
3857         https://bugs.webkit.org/show_bug.cgi?id=168687
3858
3859         Reviewed by Saam Barati.
3860
3861         When running the marathon.js test from https://bugs.webkit.org/show_bug.cgi?id=168580,
3862         we get some crashes due to missing exception checks.  This patch adds those
3863         missing exception checks.
3864
3865         * runtime/JSCJSValueInlines.h:
3866         (JSC::JSValue::toPropertyKey):
3867         * runtime/JSObject.cpp:
3868         (JSC::JSObject::getPrimitiveNumber):
3869
3870 2017-02-20  Filip Pizlo  <fpizlo@apple.com>
3871
3872         The collector thread should only start when the mutator doesn't have heap access
3873         https://bugs.webkit.org/show_bug.cgi?id=167737
3874
3875         Reviewed by Keith Miller.
3876         
3877         This turns the collector thread's workflow into a state machine, so that the mutator thread can
3878         run it directly. This reduces the amount of synchronization we do with the collector thread, and
3879         means that most apps will never start the collector thread. The collector thread will still start
3880         when we need to finish collecting and we don't have heap access.
3881         
3882         In this new world, "stopping the world" means relinquishing control of collection to the mutator.
3883         This means tracking who is conducting collection. I use the GCConductor enum to say who is
3884         conducting. It's either GCConductor::Mutator or GCConductor::Collector. I use the term "conn" to
3885         refer to the concept of conducting (having the conn, relinquishing the conn, taking the conn).
3886         So, stopping the world means giving the mutator the conn. Releasing heap access means giving the
3887         collector the conn.
3888         
3889         This meant bringing back the conservative scan of the calling thread. It turns out that this
3890         scan was too slow to be called on each GC increment because apparently setjmp() now does system
3891         calls. So, I wrote our own callee save register saving for the GC. Then I had doubts about
3892         whether or not it was correct, so I also made it so that the GC only rarely asks for the register
3893         state. I think we still want to use my register saving code instead of setjmp because setjmp
3894         seems to save things we don't need, and that could make us overly conservative.
3895         
3896         It turns out that this new scheduling discipline makes the old space-time scheduler perform
3897         better than the new stochastic space-time scheduler on systems with fewer than 4 cores. This is
3898         because the mutator having the conn enables us to time the mutator<->collector context switches
3899         by polling. The OS is never involved. So, we can use super precise timing. This allows the old
3900         space-time schduler to shine like it hadn't before.
3901         
3902         The splay results imply that this is all a good thing. On 2-core systems, this reduces pause
3903         times by 40% and it increases throughput about 5%. On 1-core systems, this reduces pause times by
3904         half and reduces throughput by 8%. On 4-or-more-core systems, this doesn't seem to have much
3905         effect.
3906
3907         * CMakeLists.txt:
3908  &nbs