WebAssembly: JSC::link* shouldn't need a CodeBlock
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2016-12-08  JF Bastien  <jfbastien@apple.com>
2
3         WebAssembly: JSC::link* shouldn't need a CodeBlock
4         https://bugs.webkit.org/show_bug.cgi?id=165591
5
6         Reviewed by Keith Miller.
7
8         Allow linking without a CodeBlock, which WebAssembly's wasm -> JS stubs does. This needs to work for polymorphic and virtual calls. This patch adds corresponding tests for this.
9
10         * assembler/LinkBuffer.cpp:
11         (JSC::shouldDumpDisassemblyFor): don't look at the tier option if there isn't a CodeBlock, only look at the global one. This is a WebAssembly function, so the tier information is irrelevant.
12         * jit/Repatch.cpp:
13         (JSC::isWebAssemblyToJSCallee): this is used in the link* functions below
14         (JSC::linkFor):
15         (JSC::linkVirtualFor):
16         (JSC::linkPolymorphicCall):
17         * runtime/Options.h: add an option to change the maximum number of polymorphic calls in stubs from wasm to JS, which will come in handy when we try to tune performance or try merging some of the WebAssembly stubs
18         * wasm/WasmBinding.cpp:
19         (JSC::Wasm::importStubGenerator): remove the breakpoint since the code now works
20         * wasm/js/WebAssemblyToJSCallee.h:
21
22 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
23
24         MultiPutByOffset should get a barrier if it transitions
25         https://bugs.webkit.org/show_bug.cgi?id=165646
26
27         Reviewed by Keith Miller.
28         
29         Previously, if we knew that we were storing a non-cell but we needed to transition, we
30         would fail to add the barrier but the FTL's lowering expected the barrier to be there.
31         
32         Strictly, we need to "consider" the barrier on MultiPutByOffset if the value is
33         possibly a cell or if the MultiPutByOffset may transition. Then "considering" the
34         barrier implies checking if the base is possibly old.
35         
36         But because the barrier is so cheap anyway, this patch implements something safer: we
37         just consider the barrier on MultiPutByOffset unconditionally, which opts it out of any
38         barrier optimizations other than those based on the predicted state of the base. Those
39         optimizations are already sound - for example they use doesGC() to detect safepoints
40         and that function correctly predicts when MultiPutByOffset could GC.
41         
42         Because the barrier optimizations are only a very small speed-up, I think it's great to
43         fix bugs by weakening the optimizer without cleverness.
44
45         * dfg/DFGFixupPhase.cpp:
46         * dfg/DFGStoreBarrierInsertionPhase.cpp:
47         * heap/MarkedBlock.cpp:
48         (JSC::MarkedBlock::assertValidCell):
49
50 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
51
52         Enable concurrent GC on ARM64
53         https://bugs.webkit.org/show_bug.cgi?id=165643
54
55         Reviewed by Saam Barati.
56
57         It looks stable enough to enable.
58
59         * assembler/CPU.h:
60         (JSC::useGCFences): Deleted.
61         * bytecode/PolymorphicAccess.cpp:
62         (JSC::AccessCase::generateImpl):
63         * dfg/DFGSpeculativeJIT.cpp:
64         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
65         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
66         * ftl/FTLLowerDFGToB3.cpp:
67         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
68         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
69         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
70         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
71         * jit/AssemblyHelpers.h:
72         (JSC::AssemblyHelpers::mutatorFence):
73         (JSC::AssemblyHelpers::storeButterfly):
74         (JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):
75         (JSC::AssemblyHelpers::emitInitializeInlineStorage):
76         (JSC::AssemblyHelpers::emitInitializeOutOfLineStorage):
77         * runtime/Options.cpp:
78         (JSC::recomputeDependentOptions):
79
80 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
81
82         Disable collectContinuously if not useConcurrentGC
83
84         Rubber stamped by Geoffrey Garen.
85
86         * runtime/Options.cpp:
87         (JSC::recomputeDependentOptions):
88
89 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
90
91         Unreviewed, fix cloop build.
92
93         * runtime/JSObject.h:
94
95 2016-12-06  Filip Pizlo  <fpizlo@apple.com>
96
97         Concurrent GC should be stable enough to land enabled on X86_64
98         https://bugs.webkit.org/show_bug.cgi?id=164990
99
100         Reviewed by Geoffrey Garen.
101         
102         This fixes a ton of performance and correctness bugs revealed by getting the concurrent GC to
103         be stable enough to land enabled.
104         
105         I had to redo the JSObject::visitChildren concurrency protocol again. This time I think it's
106         even more correct than ever!
107         
108         This is an enormous win on JetStream/splay-latency and Octane/SplayLatency. It looks to be
109         mostly neutral on everything else, though Speedometer is showing statistically weak signs of a
110         slight regression.
111
112         * API/JSAPIWrapperObject.mm: Added locking.
113         (JSC::JSAPIWrapperObject::visitChildren):
114         * API/JSCallbackObject.h: Added locking.
115         (JSC::JSCallbackObjectData::visitChildren):
116         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
117         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::deletePrivateProperty):
118         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
119         * CMakeLists.txt:
120         * JavaScriptCore.xcodeproj/project.pbxproj:
121         * bytecode/CodeBlock.cpp:
122         (JSC::CodeBlock::UnconditionalFinalizer::finalizeUnconditionally): This had a TOCTOU race on shouldJettisonDueToOldAge.
123         (JSC::EvalCodeCache::visitAggregate): Moved to EvalCodeCache.cpp.
124         * bytecode/DirectEvalCodeCache.cpp: Added. Outlined some functions and made them use locks.
125         (JSC::DirectEvalCodeCache::setSlow):
126         (JSC::DirectEvalCodeCache::clear):
127         (JSC::DirectEvalCodeCache::visitAggregate):
128         * bytecode/DirectEvalCodeCache.h:
129         (JSC::DirectEvalCodeCache::set):
130         (JSC::DirectEvalCodeCache::clear): Deleted.
131         * bytecode/UnlinkedCodeBlock.cpp: Added locking.
132         (JSC::UnlinkedCodeBlock::visitChildren):
133         (JSC::UnlinkedCodeBlock::setInstructions):
134         (JSC::UnlinkedCodeBlock::shrinkToFit):
135         * bytecode/UnlinkedCodeBlock.h: Added locking.
136         (JSC::UnlinkedCodeBlock::addRegExp):
137         (JSC::UnlinkedCodeBlock::addConstant):
138         (JSC::UnlinkedCodeBlock::addFunctionDecl):
139         (JSC::UnlinkedCodeBlock::addFunctionExpr):
140         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary):
141         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
142         * debugger/Debugger.cpp: Use the right delete API.
143         (JSC::Debugger::recompileAllJSFunctions):
144         * dfg/DFGAbstractInterpreterInlines.h:
145         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Fix a pre-existing bug in ToFunction constant folding.
146         * dfg/DFGClobberize.h: Add support for nuking.
147         (JSC::DFG::clobberize):
148         * dfg/DFGClobbersExitState.cpp: Add support for nuking.
149         (JSC::DFG::clobbersExitState):
150         * dfg/DFGFixupPhase.cpp: Add support for nuking.
151         (JSC::DFG::FixupPhase::fixupNode):
152         (JSC::DFG::FixupPhase::indexForChecks):
153         (JSC::DFG::FixupPhase::originForCheck):
154         (JSC::DFG::FixupPhase::speculateForBarrier):
155         (JSC::DFG::FixupPhase::insertCheck):
156         (JSC::DFG::FixupPhase::fixupChecksInBlock):
157         * dfg/DFGSpeculativeJIT.cpp: Add support for nuking.
158         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
159         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
160         * ftl/FTLLowerDFGToB3.cpp: Add support for nuking.
161         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
162         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
163         (JSC::FTL::DFG::LowerDFGToB3::mutatorFence):
164         (JSC::FTL::DFG::LowerDFGToB3::nukeStructureAndSetButterfly):
165         (JSC::FTL::DFG::LowerDFGToB3::setButterfly): Deleted.
166         * heap/CodeBlockSet.cpp: We need to be more careful about the CodeBlockSet workflow during GC, since we will allocate CodeBlocks in eden while collecting.
167         (JSC::CodeBlockSet::clearMarksForFullCollection):
168         (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
169         * heap/Heap.cpp: Added code to measure max pauses. Added a better collectContinuously mode.
170         (JSC::Heap::lastChanceToFinalize): Stop the collectContinuously thread.
171         (JSC::Heap::harvestWeakReferences): Inline SlotVisitor::harvestWeakReferences.
172         (JSC::Heap::finalizeUnconditionalFinalizers): Inline SlotVisitor::finalizeUnconditionalReferences.
173         (JSC::Heap::markToFixpoint): We need to do some MarkedSpace stuff before every conservative scan, rather than just at the start of marking, so we now call prepareForConservativeScan() before each conservative scan. Also call a less-parallel version of drainInParallel when the mutator is running.
174         (JSC::Heap::collectInThread): Inline Heap::prepareForAllocation().
175         (JSC::Heap::stopIfNecessarySlow): We need to be more careful about ensuring that we run finalization before and after stopping. Also, we should sanitize stack when stopping the world.
176         (JSC::Heap::acquireAccessSlow): Add some optional debug prints.
177         (JSC::Heap::handleNeedFinalize): Assert that we are running this when the world is not stopped.
178         (JSC::Heap::finalize): Remove the old collectContinuously code.
179         (JSC::Heap::requestCollection): We don't need to sanitize stack here anymore.
180         (JSC::Heap::notifyIsSafeToCollect): Start the collectContinuously thread. It will request collection 1 KHz.
181         (JSC::Heap::prepareForAllocation): Deleted.
182         (JSC::Heap::preventCollection): Prevent any new concurrent GCs from being initiated.
183         (JSC::Heap::allowCollection):
184         (JSC::Heap::forEachSlotVisitor): Allows us to safely iterate slot visitors.
185         * heap/Heap.h:
186         * heap/HeapInlines.h:
187         (JSC::Heap::writeBarrier): If the 'to' cell is not NewWhite then it could be AnthraciteOrBlack. During a full collection, objects may be AnthraciteOrBlack from a previous GC. Turns out, we don't benefit from this optimization so we can just kill it.
188         * heap/HeapSnapshotBuilder.cpp:
189         (JSC::HeapSnapshotBuilder::buildSnapshot): This needs to use PreventCollectionScope to ensure snapshot soundness.
190         * heap/ListableHandler.h:
191         (JSC::ListableHandler::isOnList): Useful helper.
192         * heap/LockDuringMarking.h:
193         (JSC::lockDuringMarking): It's a locker that only locks while we're marking.
194         * heap/MarkedAllocator.cpp:
195         (JSC::MarkedAllocator::addBlock): Hold the bitvector lock while resizing.
196         * heap/MarkedBlock.cpp: Hold the bitvector lock while accessing the bitvectors while the mutator is running.
197         * heap/MarkedSpace.cpp:
198         (JSC::MarkedSpace::prepareForConservativeScan): We used to do this in prepareForMarking, but we need to do it before each conservative scan not just before marking.
199         (JSC::MarkedSpace::prepareForMarking): Remove the logic moved to prepareForConservativeScan.
200         * heap/MarkedSpace.h:
201         * heap/PreventCollectionScope.h: Added.
202         * heap/SlotVisitor.cpp: Refactored drainFromShared so that we can write a similar function called drainInParallelPassively.
203         (JSC::SlotVisitor::updateMutatorIsStopped): Update whether we can use "fast" scanning.
204         (JSC::SlotVisitor::mutatorIsStoppedIsUpToDate):
205         (JSC::SlotVisitor::didReachTermination):
206         (JSC::SlotVisitor::hasWork):
207         (JSC::SlotVisitor::drain): This now uses the rightToRun lock to allow the main GC thread to safepoint the workers.
208         (JSC::SlotVisitor::drainFromShared):
209         (JSC::SlotVisitor::drainInParallelPassively): This runs marking with one fewer threads than normal. It's useful for when we have resumed the mutator, since then the mutator has a better chance of getting on a core.
210         (JSC::SlotVisitor::addWeakReferenceHarvester):
211         (JSC::SlotVisitor::addUnconditionalFinalizer):
212         (JSC::SlotVisitor::harvestWeakReferences): Deleted.
213         (JSC::SlotVisitor::finalizeUnconditionalFinalizers): Deleted.
214         * heap/SlotVisitor.h:
215         * heap/SlotVisitorInlines.h: Outline stuff.
216         (JSC::SlotVisitor::addWeakReferenceHarvester): Deleted.
217         (JSC::SlotVisitor::addUnconditionalFinalizer): Deleted.
218         * runtime/InferredType.cpp: This needed thread safety.
219         (JSC::InferredType::visitChildren): This needs to keep its structure finalizer alive until it runs.
220         (JSC::InferredType::set):
221         (JSC::InferredType::InferredStructureFinalizer::finalizeUnconditionally):
222         * runtime/InferredType.h:
223         * runtime/InferredValue.cpp: This needed thread safety.
224         (JSC::InferredValue::visitChildren):
225         (JSC::InferredValue::ValueCleanup::finalizeUnconditionally):
226         * runtime/JSArray.cpp:
227         (JSC::JSArray::unshiftCountSlowCase): Update to use new butterfly API.
228         (JSC::JSArray::unshiftCountWithArrayStorage): Update to use new butterfly API.
229         * runtime/JSArrayBufferView.cpp:
230         (JSC::JSArrayBufferView::visitChildren): Thread safety.
231         * runtime/JSCell.h:
232         (JSC::JSCell::setStructureIDDirectly): This is used for nuking the structure.
233         (JSC::JSCell::InternalLocker::InternalLocker): Deleted. The cell is now the lock.
234         (JSC::JSCell::InternalLocker::~InternalLocker): Deleted. The cell is now the lock.
235         * runtime/JSCellInlines.h:
236         (JSC::JSCell::structure): Clean this up.
237         (JSC::JSCell::lock): The cell is now the lock.
238         (JSC::JSCell::tryLock):
239         (JSC::JSCell::unlock):
240         (JSC::JSCell::isLocked):
241         (JSC::JSCell::lockInternalLock): Deleted.
242         (JSC::JSCell::unlockInternalLock): Deleted.
243         * runtime/JSFunction.cpp:
244         (JSC::JSFunction::visitChildren): Thread safety.
245         * runtime/JSGenericTypedArrayViewInlines.h:
246         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren): Thread safety.
247         (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory): Thread safety.
248         * runtime/JSObject.cpp:
249         (JSC::JSObject::markAuxiliaryAndVisitOutOfLineProperties): Factor out this "easy" step of butterfly visiting.
250         (JSC::JSObject::visitButterfly): Make this achieve 100% precision about structure-butterfly relationships. This relies on the mutator "nuking" the structure prior to "locked" structure-butterfly transitions.
251         (JSC::JSObject::visitChildren): Use the new, nicer API.
252         (JSC::JSFinalObject::visitChildren): Use the new, nicer API.
253         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists): Use the new butterfly API.
254         (JSC::JSObject::createInitialUndecided): Use the new butterfly API.
255         (JSC::JSObject::createInitialInt32): Use the new butterfly API.
256         (JSC::JSObject::createInitialDouble): Use the new butterfly API.
257         (JSC::JSObject::createInitialContiguous): Use the new butterfly API.
258         (JSC::JSObject::createArrayStorage): Use the new butterfly API.
259         (JSC::JSObject::convertUndecidedToContiguous): Use the new butterfly API.
260         (JSC::JSObject::convertUndecidedToArrayStorage): Use the new butterfly API.
261         (JSC::JSObject::convertInt32ToArrayStorage): Use the new butterfly API.
262         (JSC::JSObject::convertDoubleToContiguous): Use the new butterfly API.
263         (JSC::JSObject::convertDoubleToArrayStorage): Use the new butterfly API.
264         (JSC::JSObject::convertContiguousToArrayStorage): Use the new butterfly API.
265         (JSC::JSObject::increaseVectorLength): Use the new butterfly API.
266         (JSC::JSObject::shiftButterflyAfterFlattening): Use the new butterfly API.
267         * runtime/JSObject.h:
268         (JSC::JSObject::setButterfly): This now does all of the fences. Only use this when you are not also transitioning the structure or the structure's lastOffset.
269         (JSC::JSObject::nukeStructureAndSetButterfly): Use this when doing locked structure-butterfly transitions.
270         * runtime/JSObjectInlines.h:
271         (JSC::JSObject::putDirectWithoutTransition): Use the newly factored out API.
272         (JSC::JSObject::prepareToPutDirectWithoutTransition): Factor this out!
273         (JSC::JSObject::putDirectInternal): Use the newly factored out API.
274         * runtime/JSPropertyNameEnumerator.cpp:
275         (JSC::JSPropertyNameEnumerator::finishCreation): Locks!
276         (JSC::JSPropertyNameEnumerator::visitChildren): Locks!
277         * runtime/JSSegmentedVariableObject.cpp:
278         (JSC::JSSegmentedVariableObject::visitChildren): Locks!
279         * runtime/JSString.cpp:
280         (JSC::JSString::visitChildren): Thread safety.
281         * runtime/ModuleProgramExecutable.cpp:
282         (JSC::ModuleProgramExecutable::visitChildren): Thread safety.
283         * runtime/Options.cpp: For now we disable concurrent GC on not-X86_64.
284         (JSC::recomputeDependentOptions):
285         * runtime/Options.h: Change the default max GC parallelism to 8. I don't know why it was still 7.
286         * runtime/SamplingProfiler.cpp:
287         (JSC::SamplingProfiler::stackTracesAsJSON): This needs to defer GC before grabbing its lock.
288         * runtime/SparseArrayValueMap.cpp: This needed thread safety.
289         (JSC::SparseArrayValueMap::add):
290         (JSC::SparseArrayValueMap::remove):
291         (JSC::SparseArrayValueMap::visitChildren):
292         * runtime/SparseArrayValueMap.h:
293         * runtime/Structure.cpp: This had a race between addNewPropertyTransition and visitChildren.
294         (JSC::Structure::Structure):
295         (JSC::Structure::materializePropertyTable):
296         (JSC::Structure::addNewPropertyTransition):
297         (JSC::Structure::flattenDictionaryStructure):
298         (JSC::Structure::add): Help out with nuking support - the m_offset needs to play along.
299         (JSC::Structure::visitChildren):
300         * runtime/Structure.h: Make some useful things public - like the notion of a lastOffset.
301         * runtime/StructureChain.cpp:
302         (JSC::StructureChain::visitChildren): Thread safety!
303         * runtime/StructureChain.h: Thread safety!
304         * runtime/StructureIDTable.cpp:
305         (JSC::StructureIDTable::allocateID): Ensure that we don't get nuked IDs.
306         * runtime/StructureIDTable.h: Add the notion of a nuked ID! It's a bit that the runtime never sees except during specific shady actions like locked structure-butterfly transitions. "Nuking" tells the GC to steer clear and rescan once we fire the barrier.
307         (JSC::nukedStructureIDBit):
308         (JSC::nuke):
309         (JSC::isNuked):
310         (JSC::decontaminate):
311         * runtime/StructureInlines.h:
312         (JSC::Structure::hasIndexingHeader): Better API.
313         (JSC::Structure::add):
314         * runtime/VM.cpp: Better GC interaction.
315         (JSC::VM::ensureWatchdog):
316         (JSC::VM::deleteAllLinkedCode):
317         (JSC::VM::deleteAllCode):
318         * runtime/VM.h:
319         (JSC::VM::getStructure): Why wasn't this always an API!
320         * runtime/WebAssemblyExecutable.cpp:
321         (JSC::WebAssemblyExecutable::visitChildren): Thread safety.
322
323 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
324
325         Enable SharedArrayBuffer, remove the flag
326         https://bugs.webkit.org/show_bug.cgi?id=165614
327
328         Rubber stamped by Geoffrey Garen.
329
330         * runtime/JSGlobalObject.cpp:
331         (JSC::JSGlobalObject::init):
332         * runtime/RuntimeFlags.h:
333
334 2016-12-08  JF Bastien  <jfbastien@apple.com>
335
336         WebAssembly JS API: wire up Instance imports
337         https://bugs.webkit.org/show_bug.cgi?id=165118
338
339         Reviewed by Saam Barati.
340
341         Change a bunch of the WebAssembly object model, and pipe the
342         necessary changes to be able to call JS imports from
343         WebAssembly. This will make it easier to call_indirect, and
344         unblock many other missing features.
345
346         As a follow-up I need to teach JSC::linkFor to live without a
347         CodeBlock: wasm doesn't have one and the IC patching is sad. We'll
348         switch on the callee (or its type?) and then use that as the owner
349         (because the callee is alive if the instance is alive, ditto
350         module, and module owns the CallLinkInfo).
351
352         * CMakeLists.txt:
353         * JavaScriptCore.xcodeproj/project.pbxproj:
354         * interpreter/CallFrame.h:
355         (JSC::ExecState::callee): give access to the callee as a JSCell
356         * jit/RegisterSet.cpp: dead code from previous WebAssembly implementation
357         * jsc.cpp:
358         (callWasmFunction):
359         (functionTestWasmModuleFunctions):
360         * runtime/JSCellInlines.h:
361         (JSC::ExecState::vm): check callee instead of jsCallee: wasm only has a JSCell and not a JSObject
362         * runtime/VM.cpp:
363         (JSC::VM::VM): store the "top" WebAssembly.Instance on entry to WebAssembly (and restore the previous one on exit)
364         * runtime/VM.h:
365         * testWasm.cpp:
366         (runWasmTests):
367         * wasm/JSWebAssembly.h:
368         * wasm/WasmB3IRGenerator.cpp:
369         (JSC::Wasm::B3IRGenerator::B3IRGenerator): pass unlinked calls around to shorten their lifetime: they're ony needed until the Plan is done
370         (JSC::Wasm::B3IRGenerator::addCall):
371         (JSC::Wasm::createJSToWasmWrapper):
372         (JSC::Wasm::parseAndCompile): also pass in the function index space, so that imports can be signature-checked along with internal functions
373         * wasm/WasmB3IRGenerator.h:
374         * wasm/WasmBinding.cpp: Added.
375         (JSC::Wasm::importStubGenerator): stubs from wasm to JS
376         * wasm/WasmBinding.h: Copied from Source/JavaScriptCore/wasm/WasmValidate.h.
377         * wasm/WasmCallingConvention.h:
378         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
379         * wasm/WasmFormat.h: fix the object model
380         (JSC::Wasm::CallableFunction::CallableFunction):
381         * wasm/WasmFunctionParser.h: simplify some of the failure condition checks
382         (JSC::Wasm::FunctionParser<Context>::FunctionParser): need function index space, not just internal functions
383         (JSC::Wasm::FunctionParser<Context>::parseExpression):
384         * wasm/WasmModuleParser.cpp: early-create some of the structures which will be needed later
385         (JSC::Wasm::ModuleParser::parseImport):
386         (JSC::Wasm::ModuleParser::parseFunction):
387         (JSC::Wasm::ModuleParser::parseMemory):
388         (JSC::Wasm::ModuleParser::parseExport):
389         (JSC::Wasm::ModuleParser::parseCode):
390         * wasm/WasmModuleParser.h:
391         (JSC::Wasm::ModuleParser::functionIndexSpace):
392         (JSC::Wasm::ModuleParser::functionLocations):
393         * wasm/WasmParser.h:
394         (JSC::Wasm::Parser::consumeUTF8String):
395         * wasm/WasmPlan.cpp: pass around the wasm objects at the right time, reducing their lifetime and making it easier to pass them around when needed
396         (JSC::Wasm::Plan::run):
397         (JSC::Wasm::Plan::initializeCallees):
398         * wasm/WasmPlan.h:
399         (JSC::Wasm::Plan::exports):
400         (JSC::Wasm::Plan::internalFunctionCount):
401         (JSC::Wasm::Plan::jsToWasmEntryPointForFunction):
402         (JSC::Wasm::Plan::takeModuleInformation):
403         (JSC::Wasm::Plan::takeCallLinkInfos):
404         (JSC::Wasm::Plan::takeWasmToJSStubs):
405         (JSC::Wasm::Plan::takeFunctionIndexSpace):
406         * wasm/WasmValidate.cpp: check function index space instead of only internal functions
407         (JSC::Wasm::Validate::addCall):
408         (JSC::Wasm::validateFunction):
409         * wasm/WasmValidate.h:
410         * wasm/js/JSWebAssemblyCallee.cpp:
411         (JSC::JSWebAssemblyCallee::finishCreation):
412         * wasm/js/JSWebAssemblyCallee.h:
413         (JSC::JSWebAssemblyCallee::create):
414         (JSC::JSWebAssemblyCallee::jsToWasmEntryPoint):
415         * wasm/js/JSWebAssemblyInstance.cpp:
416         (JSC::JSWebAssemblyInstance::create):
417         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
418         (JSC::JSWebAssemblyInstance::visitChildren):
419         * wasm/js/JSWebAssemblyInstance.h: hold the import functions off the end of the Instance
420         (JSC::JSWebAssemblyInstance::importFunction):
421         (JSC::JSWebAssemblyInstance::importFunctions):
422         (JSC::JSWebAssemblyInstance::setImportFunction):
423         (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
424         (JSC::JSWebAssemblyInstance::offsetOfImportFunction):
425         (JSC::JSWebAssemblyInstance::allocationSize):
426         * wasm/js/JSWebAssemblyModule.cpp:
427         (JSC::JSWebAssemblyModule::create):
428         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
429         (JSC::JSWebAssemblyModule::visitChildren):
430         * wasm/js/JSWebAssemblyModule.h: hold the link call info, the import function stubs, and the function index space
431         (JSC::JSWebAssemblyModule::signatureForFunctionIndexSpace):
432         (JSC::JSWebAssemblyModule::importCount):
433         (JSC::JSWebAssemblyModule::calleeFromFunctionIndexSpace):
434         * wasm/js/WebAssemblyFunction.cpp:
435         (JSC::callWebAssemblyFunction): set top Instance on VM
436         * wasm/js/WebAssemblyFunction.h:
437         (JSC::WebAssemblyFunction::instance):
438         * wasm/js/WebAssemblyInstanceConstructor.cpp:
439         (JSC::constructJSWebAssemblyInstance): handle function imports
440         * wasm/js/WebAssemblyModuleConstructor.cpp:
441         (JSC::constructJSWebAssemblyModule): generate the stubs for import functions
442         * wasm/js/WebAssemblyModuleRecord.cpp:
443         (JSC::WebAssemblyModuleRecord::link):
444         * wasm/js/WebAssemblyToJSCallee.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
445         (JSC::WebAssemblyToJSCallee::create): dummy JSCell singleton which lives on the VM, and is put as the callee in the import stub's frame to identified it when unwinding
446         (JSC::WebAssemblyToJSCallee::createStructure):
447         (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
448         (JSC::WebAssemblyToJSCallee::finishCreation):
449         (JSC::WebAssemblyToJSCallee::destroy):
450         * wasm/js/WebAssemblyToJSCallee.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
451
452 2016-12-08  Mark Lam  <mark.lam@apple.com>
453
454         Enable JSC restricted options by default in the jsc shell.
455         https://bugs.webkit.org/show_bug.cgi?id=165615
456
457         Reviewed by Keith Miller.
458
459         The jsc shell is only used for debugging and development testing.  We should
460         allow it to use restricted options like JSC_useDollarVM even for release builds.
461
462         * jsc.cpp:
463         (jscmain):
464         * runtime/Options.cpp:
465         (JSC::Options::enableRestrictedOptions):
466         (JSC::Options::isAvailable):
467         (JSC::allowRestrictedOptions): Deleted.
468         * runtime/Options.h:
469
470 2016-12-08  Chris Dumez  <cdumez@apple.com>
471
472         Unreviewed, rolling out r209489.
473
474         Likely caused large regressions on JetStream, Sunspider and
475         Speedometer
476
477         Reverted changeset:
478
479         "Add system trace points for JavaScript VM entry/exit"
480         https://bugs.webkit.org/show_bug.cgi?id=165550
481         http://trac.webkit.org/changeset/209489
482
483 2016-12-08  Keith Miller  <keith_miller@apple.com>
484
485         Move LEB tests to API tests
486         https://bugs.webkit.org/show_bug.cgi?id=165586
487
488         Reviewed by Saam Barati.
489
490         Delete old stuff.
491
492         * testWasm.cpp:
493         (printUsageStatement):
494         (CommandLine::parseArguments):
495         (main):
496         (runLEBTests): Deleted.
497
498 2016-12-07  JF Bastien  <jfbastien@apple.com>
499
500         Cleanup WebAssembly's RETURN_IF_EXCEPTION
501         https://bugs.webkit.org/show_bug.cgi?id=165595
502
503         Reviewed by Filip Pizlo.
504
505         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
506         (JSC::constructJSWebAssemblyCompileError):
507         * wasm/js/WebAssemblyFunction.cpp:
508         (JSC::callWebAssemblyFunction):
509         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
510         (JSC::constructJSWebAssemblyRuntimeError):
511
512 2016-12-07  Geoffrey Garen  <ggaren@apple.com>
513
514         Renamed SourceCode members to match their accessor names
515         https://bugs.webkit.org/show_bug.cgi?id=165573
516
517         Reviewed by Keith Miller.
518
519         startChar => startOffset
520         endChar => endOffset
521
522         * parser/UnlinkedSourceCode.h:
523         (JSC::UnlinkedSourceCode::UnlinkedSourceCode):
524         (JSC::UnlinkedSourceCode::view):
525         (JSC::UnlinkedSourceCode::startOffset):
526         (JSC::UnlinkedSourceCode::endOffset):
527         (JSC::UnlinkedSourceCode::length):
528
529 2016-12-07  Keith Miller  <keith_miller@apple.com>
530
531         Add more missing trivial wasm ops.
532         https://bugs.webkit.org/show_bug.cgi?id=165564
533
534         Reviewed by Geoffrey Garen.
535
536         This patch adds the nop, drop, and tee_local opcodes.
537         It also fixes an issue where we were not generating
538         the proper enums for the grow_memory and current_memory
539         opcodes.
540
541         * wasm/WasmFunctionParser.h:
542         (JSC::Wasm::FunctionParser<Context>::parseExpression):
543         * wasm/generateWasmOpsHeader.py:
544
545 2016-12-07  Geoffrey Garen  <ggaren@apple.com>
546
547         Renamed source => parentSource
548         https://bugs.webkit.org/show_bug.cgi?id=165570
549
550         Reviewed by Keith Miller.
551
552         For less confuse.
553
554         * bytecode/UnlinkedFunctionExecutable.cpp:
555         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
556
557 2016-12-07  Yusuke Suzuki  <utatane.tea@gmail.com>
558
559         [JSC] Drop translate phase in module loader
560         https://bugs.webkit.org/show_bug.cgi?id=164861
561
562         Reviewed by Saam Barati.
563
564         Originally, this "translate" phase was introduced to the module loader.
565         However, recent rework discussion[1] starts dropping this phase.
566         And this "translate" phase is meaningless in the browser side module loader
567         since this phase originally mimics the node.js's translation hook (like,
568         transpiling CoffeeScript source to JavaScript).
569
570         This "translate" phase is not necessary for the exposed HTML5
571         <script type="module"> tag right now. Once the module loader pipeline is
572         redefined and specified, we need to update the current loader anyway.
573         So dropping "translate" phase right now is OK.
574
575         This a bit simplifies the current module loader pipeline.
576
577         [1]: https://github.com/whatwg/loader/issues/147
578
579         * builtins/ModuleLoaderPrototype.js:
580         (newRegistryEntry):
581         (fulfillFetch):
582         (requestFetch):
583         (requestInstantiate):
584         (provide):
585         (fulfillTranslate): Deleted.
586         (requestTranslate): Deleted.
587         * bytecode/BytecodeIntrinsicRegistry.cpp:
588         (JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
589         * jsc.cpp:
590         * runtime/JSGlobalObject.cpp:
591         * runtime/JSGlobalObject.h:
592         * runtime/JSModuleLoader.cpp:
593         (JSC::JSModuleLoader::translate): Deleted.
594         * runtime/JSModuleLoader.h:
595         * runtime/ModuleLoaderPrototype.cpp:
596         (JSC::moduleLoaderPrototypeInstantiate):
597         (JSC::moduleLoaderPrototypeTranslate): Deleted.
598
599 2016-12-07  Joseph Pecoraro  <pecoraro@apple.com>
600
601         Web Inspector: Add ability to distinguish if a Script was parsed as a module
602         https://bugs.webkit.org/show_bug.cgi?id=164900
603         <rdar://problem/29323817>
604
605         Reviewed by Timothy Hatcher.
606
607         * inspector/agents/InspectorDebuggerAgent.cpp:
608         (Inspector::InspectorDebuggerAgent::didParseSource):
609         * inspector/protocol/Debugger.json:
610         Add an optional event parameter to distinguish if a script was a module or not.
611
612 2016-12-07  Simon Fraser  <simon.fraser@apple.com>
613
614         Add system trace points for JavaScript VM entry/exit
615         https://bugs.webkit.org/show_bug.cgi?id=165550
616
617         Reviewed by Tim Horton.
618
619         Add trace points for entry/exit into/out of the JS VM.
620
621         * runtime/VMEntryScope.cpp:
622         (JSC::VMEntryScope::VMEntryScope):
623         (JSC::VMEntryScope::~VMEntryScope):
624
625 2016-12-06  Keith Miller  <keith_miller@apple.com>
626
627         Add support for truncation operators
628         https://bugs.webkit.org/show_bug.cgi?id=165519
629
630         Reviewed by Geoffrey Garen.
631
632         This patch adds initial support for truncation operators. The current patch
633         does range based out of bounds checking, in the future we should use system
634         register flags on ARM and other tricks on X86 improve the performance of
635         these opcodes.
636
637         * assembler/MacroAssemblerARM64.h:
638         (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
639         (JSC::MacroAssemblerARM64::truncateDoubleToInt64):
640         (JSC::MacroAssemblerARM64::truncateDoubleToUint64):
641         (JSC::MacroAssemblerARM64::truncateFloatToInt32):
642         (JSC::MacroAssemblerARM64::truncateFloatToUint32):
643         (JSC::MacroAssemblerARM64::truncateFloatToInt64):
644         (JSC::MacroAssemblerARM64::truncateFloatToUint64):
645         * assembler/MacroAssemblerX86Common.h:
646         (JSC::MacroAssemblerX86Common::truncateFloatToInt32):
647         (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): Deleted.
648         * assembler/MacroAssemblerX86_64.h:
649         (JSC::MacroAssemblerX86_64::truncateDoubleToUint32):
650         (JSC::MacroAssemblerX86_64::truncateDoubleToInt64):
651         (JSC::MacroAssemblerX86_64::truncateDoubleToUint64):
652         (JSC::MacroAssemblerX86_64::truncateFloatToUint32):
653         (JSC::MacroAssemblerX86_64::truncateFloatToInt64):
654         (JSC::MacroAssemblerX86_64::truncateFloatToUint64):
655         * assembler/X86Assembler.h:
656         (JSC::X86Assembler::cvttss2si_rr):
657         (JSC::X86Assembler::cvttss2siq_rr):
658         * wasm/WasmB3IRGenerator.cpp:
659         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncSF64>):
660         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncSF32>):
661         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncUF64>):
662         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncUF32>):
663         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncSF64>):
664         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncUF64>):
665         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncSF32>):
666         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncUF32>):
667         * wasm/WasmFunctionParser.h:
668         (JSC::Wasm::FunctionParser<Context>::parseExpression):
669
670 2016-12-07  Joseph Pecoraro  <pecoraro@apple.com>
671
672         Web Inspector: Remove unused and mostly untested Page domain commands and events
673         https://bugs.webkit.org/show_bug.cgi?id=165507
674
675         Reviewed by Brian Burg.
676
677         Remove unused and unsupported commands and events.
678
679           - Page.setDocumentContent
680           - Page.getScriptExecutionStatus
681           - Page.setScriptExecutionDisabled
682           - Page.handleJavaScriptDialog
683           - Page.javascriptDialogOpening
684           - Page.javascriptDialogClosed
685           - Page.scriptsEnabled
686
687         * inspector/protocol/Page.json:
688
689 2016-12-07  Yusuke Suzuki  <utatane.tea@gmail.com>
690
691         [JSC] Merge PromiseReactions
692         https://bugs.webkit.org/show_bug.cgi?id=165526
693
694         Reviewed by Sam Weinig.
695
696         Our promise implementation has two arrays per Promise; promiseFulfillReactions and promiseRejectReactions.
697         And everytime we call `promise.then`, we create two promise reactions for fullfill and reject.
698         However, these two reactions and the arrays for reactions can be merged into one array and one reaction.
699         It reduces the unnecessary object allocations.
700
701         No behavior change.
702
703         * builtins/BuiltinNames.h:
704         * builtins/PromiseOperations.js:
705         (globalPrivate.newPromiseReaction):
706         (globalPrivate.triggerPromiseReactions):
707         (globalPrivate.rejectPromise):
708         (globalPrivate.fulfillPromise):
709         (globalPrivate.promiseReactionJob):
710         (globalPrivate.initializePromise):
711         * builtins/PromisePrototype.js:
712         (then):
713         * runtime/JSPromise.cpp:
714         (JSC::JSPromise::finishCreation):
715
716 2016-12-06  Mark Lam  <mark.lam@apple.com>
717
718         GetByID IC is wrongly unwrapping the global proxy this value for getter/setters.
719         https://bugs.webkit.org/show_bug.cgi?id=165401
720
721         Reviewed by Saam Barati.
722
723         When the this value for a property access is the JS global and that property
724         access is via a GetterSetter, the underlying getter / setter functions would
725         expect the this value they receive to be the JSProxy instance instead of the
726         JSGlobalObject.  This is consistent with how the LLINT and runtime code behaves.
727         The IC code should behave the same way.
728
729         Also added some ASSERTs to document invariants in the code, and help detect
730         bugs sooner if the code gets changed in a way that breaks those invariants in
731         the future.
732
733         * bytecode/PolymorphicAccess.cpp:
734         (JSC::AccessCase::generateImpl):
735
736 2016-12-06  Joseph Pecoraro  <pecoraro@apple.com>
737
738         DumpRenderTree ASSERT in JSC::ExecutableBase::isHostFunction seen on bots
739         https://bugs.webkit.org/show_bug.cgi?id=165497
740         <rdar://problem/29538973>
741
742         Reviewed by Saam Barati.
743
744         * inspector/agents/InspectorScriptProfilerAgent.cpp:
745         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
746         Defer collection when extracting and processing the samples to avoid
747         any objects held by the samples from getting collected while processing.
748         This is because while processing we call into functions that can
749         allocate and we must prevent those functions from syncing with the
750         GC thread which may collect other sample data yet to be processed.
751
752 2016-12-06  Alexey Proskuryakov  <ap@apple.com>
753
754         Correct SDKROOT values in xcconfig files
755         https://bugs.webkit.org/show_bug.cgi?id=165487
756         rdar://problem/29539209
757
758         Reviewed by Dan Bernstein.
759
760         Fix suggested by Dan Bernstein.
761
762         * Configurations/DebugRelease.xcconfig:
763
764 2016-12-06  Saam Barati  <sbarati@apple.com>
765
766         Remove old Wasm object model
767         https://bugs.webkit.org/show_bug.cgi?id=165481
768
769         Reviewed by Keith Miller and Mark Lam.
770
771         It's confusing to see code that consults both the old
772         Wasm object model alongside the new one. The old object
773         model is not a thing, and it's not being used. Let's
774         remove it now to prevent further confusion.
775
776         * CMakeLists.txt:
777         * JavaScriptCore.xcodeproj/project.pbxproj:
778         * bytecode/CodeBlock.cpp:
779         (JSC::CodeBlock::finalizeLLIntInlineCaches):
780         (JSC::CodeBlock::replacement):
781         (JSC::CodeBlock::computeCapabilityLevel):
782         (JSC::CodeBlock::updateAllPredictions):
783         * bytecode/CodeBlock.h:
784         * bytecode/WebAssemblyCodeBlock.cpp: Removed.
785         * bytecode/WebAssemblyCodeBlock.h: Removed.
786         * dfg/DFGCapabilities.cpp:
787         (JSC::DFG::isSupportedForInlining):
788         * interpreter/Interpreter.cpp:
789         (JSC::GetStackTraceFunctor::operator()):
790         (JSC::UnwindFunctor::operator()):
791         (JSC::isWebAssemblyExecutable): Deleted.
792         * jit/JITOperations.cpp:
793         * jit/Repatch.cpp:
794         (JSC::linkPolymorphicCall):
795         * llint/LLIntSlowPaths.cpp:
796         (JSC::LLInt::setUpCall):
797         * runtime/ExecutableBase.cpp:
798         (JSC::ExecutableBase::clearCode):
799         * runtime/ExecutableBase.h:
800         (JSC::ExecutableBase::isWebAssemblyExecutable): Deleted.
801         * runtime/JSFunction.cpp:
802         * runtime/JSFunction.h:
803         * runtime/JSFunctionInlines.h:
804         (JSC::JSFunction::isBuiltinFunction):
805         * runtime/VM.cpp:
806         (JSC::VM::VM):
807         * runtime/VM.h:
808         * runtime/WebAssemblyExecutable.cpp: Removed.
809         * runtime/WebAssemblyExecutable.h: Removed.
810
811 2016-12-06  JF Bastien  <jfbastien@apple.com>
812
813         PureNaN: fix typo
814         https://bugs.webkit.org/show_bug.cgi?id=165493
815
816         Reviewed by Mark Lam.
817
818         * runtime/PureNaN.h:
819
820 2016-12-06  Mark Lam  <mark.lam@apple.com>
821
822         Introduce the concept of Immutable Prototype Exotic Objects to comply with the spec.
823         https://bugs.webkit.org/show_bug.cgi?id=165227
824         <rdar://problem/29442665>
825
826         Reviewed by Saam Barati.
827
828         * runtime/JSObject.cpp:
829         (JSC::JSObject::setPrototypeWithCycleCheck):
830         - This is where we check for immutable prototype exotic objects and refuse to set
831           the prototype if needed.
832           See https://tc39.github.io/ecma262/#sec-immutable-prototype-exotic-objects.
833
834         * runtime/JSTypeInfo.h:
835         (JSC::TypeInfo::isImmutablePrototypeExoticObject):
836         * runtime/Structure.h:
837         - Add flag for declaring immutable prototype exotic objects.
838
839         * runtime/ObjectPrototype.h:
840         - Declare that Object.prototype is an immutable prototype exotic object.
841           See https://tc39.github.io/ecma262/#sec-properties-of-the-object-prototype-object.
842
843         * runtime/ObjectConstructor.cpp:
844         (JSC::objectConstructorSetPrototypeOf):
845         - Use better error messages.
846
847 2016-12-04  Darin Adler  <darin@apple.com>
848
849         Use ASCIICType more, and improve it a little bit
850         https://bugs.webkit.org/show_bug.cgi?id=165360
851
852         Reviewed by Sam Weinig.
853
854         * inspector/InspectorValues.cpp:
855         (Inspector::readHexDigits): Use isASCIIHexDigit.
856         (Inspector::hextoInt): Deleted.
857         (decodeString): Use toASCIIHexValue.
858
859         * runtime/JSGlobalObjectFunctions.cpp:
860         (JSC::parseDigit): Use isASCIIDigit, isASCIIUpper, and isASCIILower.
861
862         * runtime/StringPrototype.cpp:
863         (JSC::substituteBackreferencesSlow): Use isASCIIDigit.
864
865 2016-12-06  Csaba Osztrogon√°c  <ossy@webkit.org>
866
867         Add storeFence support for ARMv7
868         https://bugs.webkit.org/show_bug.cgi?id=164733
869
870         Reviewed by Saam Barati.
871
872         * assembler/ARMAssembler.h:
873         (JSC::ARMAssembler::dmbISHST): Added.
874         * assembler/ARMv7Assembler.h: Typo fixed, DMB has only T1 encoding.
875         (JSC::ARMv7Assembler::dmbSY):
876         (JSC::ARMv7Assembler::dmbISHST): Added.
877         * assembler/MacroAssemblerARM.h:
878         (JSC::MacroAssemblerARM::storeFence):
879         * assembler/MacroAssemblerARMv7.h:
880         (JSC::MacroAssemblerARMv7::storeFence):
881
882 2016-12-05  Matt Baker  <mattbaker@apple.com>
883
884         Web Inspector: remove ASSERT from InspectorDebuggerAgent::derefAsyncCallData
885         https://bugs.webkit.org/show_bug.cgi?id=165413
886         <rdar://problem/29517587>
887
888         Reviewed by Brian Burg.
889
890         DOMTimer::removeById can call into InspectorInstrumentation with an
891         invalid identifier, so don't assert that async call data exists.
892
893         * inspector/agents/InspectorDebuggerAgent.cpp:
894         (Inspector::InspectorDebuggerAgent::derefAsyncCallData):
895
896 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
897
898         Fixed a bug in my last patch.
899
900         Unreviewed.
901
902         * bytecode/UnlinkedFunctionExecutable.h: Restore the conversion to
903         one-based counting.
904
905 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
906
907         Moved start and end column linking into helper functions
908         https://bugs.webkit.org/show_bug.cgi?id=165422
909
910         Reviewed by Sam Weinig.
911
912         * bytecode/UnlinkedFunctionExecutable.cpp:
913         (JSC::UnlinkedFunctionExecutable::link):
914         * bytecode/UnlinkedFunctionExecutable.h:
915
916 2016-12-05  Mark Lam  <mark.lam@apple.com>
917
918         Fix JSC files so that we can build a release build with NDEBUG #undef'ed.
919         https://bugs.webkit.org/show_bug.cgi?id=165409
920
921         Reviewed by Keith Miller.
922
923         This allows us to run a release build with DEBUG ASSERTs enabled.
924
925         * bytecode/BytecodeLivenessAnalysis.cpp:
926         * bytecode/UnlinkedEvalCodeBlock.cpp:
927         * bytecode/UnlinkedFunctionCodeBlock.cpp:
928         * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
929         * bytecode/UnlinkedProgramCodeBlock.cpp:
930         * runtime/EvalExecutable.cpp:
931
932 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
933
934         Renamed source => parentSource
935         https://bugs.webkit.org/show_bug.cgi?id=165419
936
937         Reviewed by Saam Barati.
938
939         This should help clarify that a FunctionExecutable holds the source
940         code to its *parent* scope, and not its own SourceCode.
941
942         * builtins/BuiltinExecutables.cpp:
943         (JSC::BuiltinExecutables::createExecutable):
944         * bytecode/UnlinkedFunctionExecutable.cpp:
945         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
946         (JSC::UnlinkedFunctionExecutable::link):
947         * bytecode/UnlinkedFunctionExecutable.h:
948
949 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
950
951         ScriptExecutable should not contain a copy of firstLine and startColumn
952         https://bugs.webkit.org/show_bug.cgi?id=165415
953
954         Reviewed by Keith Miller.
955
956         We already have this data in SourceCode.
957
958         It's super confusing to have two copies of this data, where one is
959         allowed to mutate. In reality, your line and column number never change.
960
961         * bytecode/UnlinkedFunctionExecutable.cpp:
962         (JSC::UnlinkedFunctionExecutable::link):
963         * runtime/CodeCache.cpp:
964         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
965         * runtime/CodeCache.h:
966         (JSC::generateUnlinkedCodeBlock):
967         * runtime/FunctionExecutable.cpp:
968         (JSC::FunctionExecutable::FunctionExecutable):
969         * runtime/FunctionExecutable.h:
970         * runtime/ScriptExecutable.cpp:
971         (JSC::ScriptExecutable::ScriptExecutable):
972         (JSC::ScriptExecutable::newCodeBlockFor):
973         * runtime/ScriptExecutable.h:
974         (JSC::ScriptExecutable::firstLine):
975         (JSC::ScriptExecutable::startColumn):
976         (JSC::ScriptExecutable::recordParse):
977
978 2016-12-05  Caitlin Potter  <caitp@igalia.com>
979
980         [JSC] report unexpected token when "async" is followed by identifier 
981         https://bugs.webkit.org/show_bug.cgi?id=165091
982
983         Reviewed by Mark Lam.
984
985         Report a SyntaxError, in order to report correct error in contexts
986         an async ArrowFunction cannot occur. Also corrects errors in comment
987         describing JSTokenType bitfield, which was added in r209293.
988
989         * parser/Parser.cpp:
990         (JSC::Parser<LexerType>::parseMemberExpression):
991         * parser/ParserTokens.h:
992
993 2016-12-05  Keith Miller  <keith_miller@apple.com>
994
995         Add Wasm i64 to i32 conversion.
996         https://bugs.webkit.org/show_bug.cgi?id=165378
997
998         Reviewed by Filip Pizlo.
999
1000         It turns out the wrap operation is just B3's Trunc.
1001
1002         * wasm/wasm.json:
1003
1004 2016-12-05  Joseph Pecoraro  <pecoraro@apple.com>
1005
1006         REGRESSION(r208985): SafariForWebKitDevelopment Symbol Not Found looking for method with WTF::Optional
1007         https://bugs.webkit.org/show_bug.cgi?id=165351
1008
1009         Reviewed by Yusuke Suzuki.
1010
1011         Some versions of Safari expect:
1012
1013             Inspector::BackendDispatcher::reportProtocolError(WTF::Optional<long>, Inspector::BackendDispatcher::CommonErrorCode, WTF::String const&)
1014         
1015         Which we had updated to use std::optional. Expose a version with the original
1016         Symbol for these Safaris. This stub will just call through to the new version.
1017
1018         * inspector/InspectorBackendDispatcher.cpp:
1019         (Inspector::BackendDispatcher::reportProtocolError):
1020         * inspector/InspectorBackendDispatcher.h:
1021
1022 2016-12-05  Konstantin Tokarev  <annulen@yandex.ru>
1023
1024         Add __STDC_FORMAT_MACROS before inttypes.h is included
1025         https://bugs.webkit.org/show_bug.cgi?id=165374
1026
1027         We need formatting macros like PRIu64 to be available in all places where
1028         inttypes.h header is used. All these usages get inttypes.h definitions
1029         via wtf/Assertions.h header, except SQLiteFileSystem.cpp where formatting
1030         macros are not used anymore since r185129.
1031
1032         This patch fixes multiple build errors with MinGW and reduces number of
1033         independent __STDC_FORMAT_MACROS uses in the code base.
1034
1035         Reviewed by Darin Adler.
1036
1037         * disassembler/ARM64/A64DOpcode.cpp: Removed __STDC_FORMAT_MACROS
1038         because it is obtained via Assertions.h now
1039         * disassembler/ARM64Disassembler.cpp: Ditto.
1040
1041 2016-12-04  Keith Miller  <keith_miller@apple.com>
1042
1043         Add support for Wasm ctz and popcnt
1044         https://bugs.webkit.org/show_bug.cgi?id=165369
1045
1046         Reviewed by Saam Barati.
1047
1048         * assembler/MacroAssemblerARM64.h:
1049         (JSC::MacroAssemblerARM64::countTrailingZeros32):
1050         (JSC::MacroAssemblerARM64::countTrailingZeros64):
1051         * assembler/MacroAssemblerX86Common.cpp:
1052         * assembler/MacroAssemblerX86Common.h:
1053         (JSC::MacroAssemblerX86Common::countTrailingZeros32):
1054         (JSC::MacroAssemblerX86Common::supportsBMI1):
1055         (JSC::MacroAssemblerX86Common::ctzAfterBsf):
1056         * assembler/MacroAssemblerX86_64.h:
1057         (JSC::MacroAssemblerX86_64::countTrailingZeros64):
1058         * assembler/X86Assembler.h:
1059         (JSC::X86Assembler::tzcnt_rr):
1060         (JSC::X86Assembler::tzcntq_rr):
1061         (JSC::X86Assembler::bsf_rr):
1062         (JSC::X86Assembler::bsfq_rr):
1063         * wasm/WasmB3IRGenerator.cpp:
1064         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Ctz>):
1065         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Ctz>):
1066         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Popcnt>):
1067         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Popcnt>):
1068         * wasm/WasmFunctionParser.h:
1069         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1070
1071 2016-12-04  Saam Barati  <sbarati@apple.com>
1072
1073         We should have a Wasm callee
1074         https://bugs.webkit.org/show_bug.cgi?id=165163
1075
1076         Reviewed by Keith Miller.
1077
1078         This patch adds JSWebAssemblyCallee and stores it into the
1079         callee slot in the call frame as part of the prologue of a
1080         wasm function. This is the first step in implementing
1081         unwinding from/through wasm frames. We will use the callee
1082         to identify that a machine frame belongs to wasm code.
1083
1084         * CMakeLists.txt:
1085         * JavaScriptCore.xcodeproj/project.pbxproj:
1086         * jsc.cpp:
1087         (callWasmFunction):
1088         (functionTestWasmModuleFunctions):
1089         * llint/LowLevelInterpreter64.asm:
1090         * runtime/JSGlobalObject.cpp:
1091         * runtime/VM.cpp:
1092         (JSC::VM::VM):
1093         * runtime/VM.h:
1094         * wasm/JSWebAssembly.h:
1095         * wasm/WasmB3IRGenerator.cpp:
1096         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1097         (JSC::Wasm::parseAndCompile):
1098         * wasm/WasmCallingConvention.h:
1099         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
1100         * wasm/WasmFormat.h:
1101         * wasm/WasmPlan.cpp:
1102         (JSC::Wasm::Plan::initializeCallees):
1103         * wasm/WasmPlan.h:
1104         (JSC::Wasm::Plan::compiledFunction):
1105         (JSC::Wasm::Plan::getCompiledFunctions): Deleted.
1106         * wasm/js/JSWebAssemblyCallee.cpp: Added.
1107         (JSC::JSWebAssemblyCallee::JSWebAssemblyCallee):
1108         (JSC::JSWebAssemblyCallee::finishCreation):
1109         (JSC::JSWebAssemblyCallee::destroy):
1110         * wasm/js/JSWebAssemblyCallee.h: Added.
1111         (JSC::JSWebAssemblyCallee::create):
1112         (JSC::JSWebAssemblyCallee::createStructure):
1113         (JSC::JSWebAssemblyCallee::jsEntryPoint):
1114         * wasm/js/JSWebAssemblyModule.cpp:
1115         (JSC::JSWebAssemblyModule::create):
1116         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1117         (JSC::JSWebAssemblyModule::visitChildren):
1118         * wasm/js/JSWebAssemblyModule.h:
1119         (JSC::JSWebAssemblyModule::moduleInformation):
1120         (JSC::JSWebAssemblyModule::callee):
1121         (JSC::JSWebAssemblyModule::callees):
1122         (JSC::JSWebAssemblyModule::offsetOfCallees):
1123         (JSC::JSWebAssemblyModule::allocationSize):
1124         (JSC::JSWebAssemblyModule::compiledFunctions): Deleted.
1125         * wasm/js/WebAssemblyFunction.cpp:
1126         (JSC::callWebAssemblyFunction):
1127         (JSC::WebAssemblyFunction::create):
1128         (JSC::WebAssemblyFunction::visitChildren):
1129         (JSC::WebAssemblyFunction::finishCreation):
1130         * wasm/js/WebAssemblyFunction.h:
1131         (JSC::WebAssemblyFunction::webAssemblyCallee):
1132         (JSC::WebAssemblyFunction::instance):
1133         (JSC::WebAssemblyFunction::signature):
1134         (JSC::CallableWebAssemblyFunction::CallableWebAssemblyFunction): Deleted.
1135         (JSC::WebAssemblyFunction::webAssemblyFunctionCell): Deleted.
1136         * wasm/js/WebAssemblyFunctionCell.cpp:
1137         (JSC::WebAssemblyFunctionCell::create): Deleted.
1138         (JSC::WebAssemblyFunctionCell::WebAssemblyFunctionCell): Deleted.
1139         (JSC::WebAssemblyFunctionCell::destroy): Deleted.
1140         (JSC::WebAssemblyFunctionCell::createStructure): Deleted.
1141         * wasm/js/WebAssemblyFunctionCell.h:
1142         (JSC::WebAssemblyFunctionCell::function): Deleted.
1143         * wasm/js/WebAssemblyModuleConstructor.cpp:
1144         (JSC::constructJSWebAssemblyModule):
1145         * wasm/js/WebAssemblyModuleRecord.cpp:
1146         (JSC::WebAssemblyModuleRecord::link):
1147
1148 2016-12-04  Matt Baker  <mattbaker@apple.com>
1149
1150         Web Inspector: Assertion Failures breakpoint should respect global Breakpoints enabled setting
1151         https://bugs.webkit.org/show_bug.cgi?id=165277
1152         <rdar://problem/29467098>
1153
1154         Reviewed by Mark Lam.
1155
1156         * inspector/agents/InspectorDebuggerAgent.cpp:
1157         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1158         Check that breakpoints are active before pausing.
1159
1160 2016-12-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1161
1162         Refactor SymbolImpl layout
1163         https://bugs.webkit.org/show_bug.cgi?id=165247
1164
1165         Reviewed by Darin Adler.
1166
1167         Use SymbolImpl::{create, createNullSymbol} instead.
1168
1169         * runtime/PrivateName.h:
1170         (JSC::PrivateName::PrivateName):
1171
1172 2016-12-03  JF Bastien  <jfbastien@apple.com>
1173
1174         WebAssembly: update binary format to 0xD version
1175         https://bugs.webkit.org/show_bug.cgi?id=165345
1176
1177         Reviewed by Keith Miller.
1178
1179         As described in the following PR: https://github.com/WebAssembly/design/pull/836
1180         Originally committed in r209175, reverted in r209242, and fixed in r209284.
1181
1182         * wasm/WasmB3IRGenerator.cpp:
1183         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1184         (JSC::Wasm::B3IRGenerator::zeroForType):
1185         (JSC::Wasm::B3IRGenerator::addConstant):
1186         (JSC::Wasm::createJSWrapper):
1187         * wasm/WasmCallingConvention.h:
1188         (JSC::Wasm::CallingConvention::marshallArgument):
1189         * wasm/WasmFormat.cpp:
1190         (JSC::Wasm::toString): Deleted.
1191         * wasm/WasmFormat.h:
1192         (JSC::Wasm::isValueType):
1193         (JSC::Wasm::toB3Type): Deleted.
1194         * wasm/WasmFunctionParser.h:
1195         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1196         * wasm/WasmModuleParser.cpp:
1197         (JSC::Wasm::ModuleParser::parse):
1198         (JSC::Wasm::ModuleParser::parseType):
1199         * wasm/WasmModuleParser.h:
1200         * wasm/WasmParser.h:
1201         (JSC::Wasm::Parser::parseResultType):
1202         * wasm/generateWasm.py:
1203         (Wasm.__init__):
1204         * wasm/generateWasmOpsHeader.py:
1205         (cppMacro):
1206         (typeMacroizer):
1207         (opcodeMacroizer):
1208         * wasm/js/WebAssemblyFunction.cpp:
1209         (JSC::callWebAssemblyFunction):
1210         * wasm/wasm.json:
1211
1212 2016-12-02  Keith Miller  <keith_miller@apple.com>
1213
1214         Add Wasm copysign
1215         https://bugs.webkit.org/show_bug.cgi?id=165355
1216
1217         Reviewed by Filip Pizlo.
1218
1219         This patch also makes two other important changes:
1220
1221         1) allows for i64 constants in the B3 generator language.
1222         2) Fixes a bug with F64ConvertUI64 where the operation returned a Float instead
1223            of a Double in B3.
1224
1225         * wasm/WasmB3IRGenerator.cpp:
1226         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1227         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
1228         (CodeGenerator.generateOpcode):
1229         (generateConstCode):
1230         (generateI32ConstCode): Deleted.
1231         * wasm/wasm.json:
1232
1233 2016-12-03  Commit Queue  <commit-queue@webkit.org>
1234
1235         Unreviewed, rolling out r209298.
1236         https://bugs.webkit.org/show_bug.cgi?id=165359
1237
1238         broke the build (Requested by smfr on #webkit).
1239
1240         Reverted changeset:
1241
1242         "Add Wasm copysign"
1243         https://bugs.webkit.org/show_bug.cgi?id=165355
1244         http://trac.webkit.org/changeset/209298
1245
1246 2016-12-02  Keith Miller  <keith_miller@apple.com>
1247
1248         Add Wasm copysign
1249         https://bugs.webkit.org/show_bug.cgi?id=165355
1250
1251         Reviewed by Filip Pizlo.
1252
1253         This patch also makes two other important changes:
1254
1255         1) allows for i64 constants in the B3 generator language.
1256         2) Fixes a bug with F64ConvertUI64 where the operation returned a Float instead
1257            of a Double in B3.
1258
1259         * wasm/WasmB3IRGenerator.cpp:
1260         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1261         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
1262         (CodeGenerator.generateOpcode):
1263         (generateConstCode):
1264         (generateI32ConstCode): Deleted.
1265         * wasm/wasm.json:
1266
1267 2016-12-02  Keith Miller  <keith_miller@apple.com>
1268
1269         Unreviewed, fix git having a breakdown over trying to reland a rollout.
1270
1271 2016-12-02  Keith Miller  <keith_miller@apple.com>
1272
1273         Add Wasm floating point nearest and trunc
1274         https://bugs.webkit.org/show_bug.cgi?id=165339
1275
1276         Reviewed by Saam Barati.
1277
1278         This patch also allows any wasm primitive type to be passed as a
1279         string.
1280
1281         * assembler/MacroAssemblerARM64.h:
1282         (JSC::MacroAssemblerARM64::nearestIntDouble):
1283         (JSC::MacroAssemblerARM64::nearestIntFloat):
1284         (JSC::MacroAssemblerARM64::truncDouble):
1285         (JSC::MacroAssemblerARM64::truncFloat):
1286         * assembler/MacroAssemblerX86Common.h:
1287         (JSC::MacroAssemblerX86Common::nearestIntDouble):
1288         (JSC::MacroAssemblerX86Common::nearestIntFloat):
1289         * jsc.cpp:
1290         (box):
1291         * wasm/WasmB3IRGenerator.cpp:
1292         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1293         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
1294         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Nearest>):
1295         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Nearest>):
1296         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Trunc>):
1297         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Trunc>):
1298         * wasm/WasmFunctionParser.h:
1299         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1300
1301 2016-12-02  Caitlin Potter  <caitp@igalia.com>
1302
1303 [JSC] add additional bit to JSTokenType bitfield
1304         https://bugs.webkit.org/show_bug.cgi?id=165091
1305
1306         Reviewed by Geoffrey Garen.
1307
1308         Avoid overflow which causes keyword tokens to be treated as unary
1309         tokens now that "async" is tokenized as a keyword, by granting an
1310         additional 64 bits to be occupied by token IDs.
1311
1312         * parser/ParserTokens.h:
1313
1314 2016-12-02  Andy Estes  <aestes@apple.com>
1315
1316         [Cocoa] Adopt the PRODUCT_BUNDLE_IDENTIFIER build setting
1317         https://bugs.webkit.org/show_bug.cgi?id=164492
1318
1319         Reviewed by Dan Bernstein.
1320
1321         * Configurations/JavaScriptCore.xcconfig: Set PRODUCT_BUNDLE_IDENTIFIER to
1322         com.apple.$(PRODUCT_NAME:rfc1034identifier).
1323         * Info.plist: Changed CFBundleIdentifier's value from com.apple.${PRODUCT_NAME} to
1324         ${PRODUCT_BUNDLE_IDENTIFIER}.
1325
1326 2016-12-02  JF Bastien  <jfbastien@apple.com>
1327
1328         WebAssembly: mark WasmOps.h as private
1329         https://bugs.webkit.org/show_bug.cgi?id=165335
1330
1331         Reviewed by Mark Lam.
1332
1333         * JavaScriptCore.xcodeproj/project.pbxproj: WasmOps.h will be used by non-JSC and should therefore be private
1334
1335 2016-12-02  Commit Queue  <commit-queue@webkit.org>
1336
1337         Unreviewed, rolling out r209275 and r209276.
1338         https://bugs.webkit.org/show_bug.cgi?id=165348
1339
1340         "broke the arm build" (Requested by keith_miller on #webkit).
1341
1342         Reverted changesets:
1343
1344         "Add Wasm floating point nearest and trunc"
1345         https://bugs.webkit.org/show_bug.cgi?id=165339
1346         http://trac.webkit.org/changeset/209275
1347
1348         "Unreviewed, forgot to change instruction after renaming."
1349         http://trac.webkit.org/changeset/209276
1350
1351 2016-12-02  Keith Miller  <keith_miller@apple.com>
1352
1353         Unreviewed, forgot to change instruction after renaming.
1354
1355         * assembler/MacroAssemblerARM64.h:
1356         (JSC::MacroAssemblerARM64::nearestIntDouble):
1357         (JSC::MacroAssemblerARM64::nearestIntFloat):
1358
1359 2016-12-02  Keith Miller  <keith_miller@apple.com>
1360
1361         Add Wasm floating point nearest and trunc
1362         https://bugs.webkit.org/show_bug.cgi?id=165339
1363
1364         Reviewed by Filip Pizlo.
1365
1366         This patch also allows any wasm primitive type to be passed as a
1367         string.
1368
1369         * assembler/MacroAssemblerARM64.h:
1370         (JSC::MacroAssemblerARM64::nearestIntDouble):
1371         (JSC::MacroAssemblerARM64::nearestIntFloat):
1372         (JSC::MacroAssemblerARM64::truncDouble):
1373         (JSC::MacroAssemblerARM64::truncFloat):
1374         * assembler/MacroAssemblerX86Common.h:
1375         (JSC::MacroAssemblerX86Common::nearestIntDouble):
1376         (JSC::MacroAssemblerX86Common::nearestIntFloat):
1377         * jsc.cpp:
1378         (box):
1379         * wasm/WasmB3IRGenerator.cpp:
1380         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1381         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
1382         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Nearest>):
1383         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Nearest>):
1384         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Trunc>):
1385         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Trunc>):
1386         * wasm/WasmFunctionParser.h:
1387         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1388
1389 2016-12-02  JF Bastien  <jfbastien@apple.com>
1390
1391         WebAssembly: revert patch causing odd breakage
1392         https://bugs.webkit.org/show_bug.cgi?id=165308
1393
1394         Unreviewed.
1395
1396         Bug #164724 seems to cause build issues which I haven't tracked down yet. WasmOps.h can't be found:
1397         ./Source/JavaScriptCore/wasm/WasmFormat.h:34:10: fatal error: 'WasmOps.h' file not found
1398
1399         It's weird since the file is auto-generated and has been for a while. #164724 merely includes it in WasmFormat.h.
1400
1401         * wasm/WasmB3IRGenerator.cpp:
1402         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1403         (JSC::Wasm::B3IRGenerator::zeroForType):
1404         (JSC::Wasm::B3IRGenerator::addConstant):
1405         (JSC::Wasm::createJSWrapper):
1406         * wasm/WasmCallingConvention.h:
1407         (JSC::Wasm::CallingConvention::marshallArgument):
1408         * wasm/WasmFormat.cpp:
1409         (JSC::Wasm::toString):
1410         * wasm/WasmFormat.h:
1411         (JSC::Wasm::toB3Type):
1412         * wasm/WasmFunctionParser.h:
1413         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1414         * wasm/WasmModuleParser.cpp:
1415         (JSC::Wasm::ModuleParser::parse):
1416         (JSC::Wasm::ModuleParser::parseType):
1417         * wasm/WasmModuleParser.h:
1418         * wasm/WasmParser.h:
1419         (JSC::Wasm::Parser::parseResultType):
1420         * wasm/generateWasm.py:
1421         (Wasm.__init__):
1422         * wasm/generateWasmOpsHeader.py:
1423         (cppMacro):
1424         (opcodeMacroizer):
1425         (typeMacroizer): Deleted.
1426         * wasm/js/WebAssemblyFunction.cpp:
1427         (JSC::callWebAssemblyFunction):
1428         * wasm/wasm.json:
1429
1430 2016-12-01  Brian Burg  <bburg@apple.com>
1431
1432         Remote Inspector: fix weird typo in generated ObjC protocol type initializer implementations
1433         https://bugs.webkit.org/show_bug.cgi?id=165295
1434         <rdar://problem/29427778>
1435
1436         Reviewed by Joseph Pecoraro.
1437
1438         Remove a stray semicolon appended after custom initializer signatures.
1439         This is a syntax error when building with less lenient compiler warnings.
1440
1441         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1442         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1443         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1444         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1445         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1446         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1447         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1448         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1449         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1450
1451 2016-12-01  Saam Barati  <sbarati@apple.com>
1452
1453         Rename CallFrame::callee() to CallFrame::jsCallee()
1454         https://bugs.webkit.org/show_bug.cgi?id=165293
1455
1456         Reviewed by Keith Miller.
1457
1458         Wasm will soon have its own Callee that doesn't derive
1459         from JSObject, but derives from JSCell. I want to introduce
1460         a new function like:
1461         ```
1462         CalleeBase* CallFrame::callee()
1463         ```
1464         
1465         once we have a Wasm callee. It only makes sense to name that
1466         function callee() and rename the current one turn to:
1467         ```
1468         JSObject* CallFrame::jsCallee()
1469         ```
1470
1471         * API/APICallbackFunction.h:
1472         (JSC::APICallbackFunction::call):
1473         (JSC::APICallbackFunction::construct):
1474         * API/JSCallbackObjectFunctions.h:
1475         (JSC::JSCallbackObject<Parent>::construct):
1476         (JSC::JSCallbackObject<Parent>::call):
1477         * debugger/DebuggerCallFrame.cpp:
1478         (JSC::DebuggerCallFrame::scope):
1479         (JSC::DebuggerCallFrame::type):
1480         * interpreter/CallFrame.cpp:
1481         (JSC::CallFrame::friendlyFunctionName):
1482         * interpreter/CallFrame.h:
1483         (JSC::ExecState::jsCallee):
1484         (JSC::ExecState::callee): Deleted.
1485         * interpreter/Interpreter.cpp:
1486         (JSC::Interpreter::dumpRegisters):
1487         (JSC::notifyDebuggerOfUnwinding):
1488         * interpreter/ShadowChicken.cpp:
1489         (JSC::ShadowChicken::update):
1490         * interpreter/StackVisitor.cpp:
1491         (JSC::StackVisitor::readNonInlinedFrame):
1492         * llint/LLIntSlowPaths.cpp:
1493         (JSC::LLInt::traceFunctionPrologue):
1494         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1495         * runtime/ArrayConstructor.cpp:
1496         (JSC::constructArrayWithSizeQuirk):
1497         * runtime/AsyncFunctionConstructor.cpp:
1498         (JSC::callAsyncFunctionConstructor):
1499         (JSC::constructAsyncFunctionConstructor):
1500         * runtime/BooleanConstructor.cpp:
1501         (JSC::constructWithBooleanConstructor):
1502         * runtime/ClonedArguments.cpp:
1503         (JSC::ClonedArguments::createWithInlineFrame):
1504         * runtime/CommonSlowPaths.h:
1505         (JSC::CommonSlowPaths::arityCheckFor):
1506         * runtime/DateConstructor.cpp:
1507         (JSC::constructWithDateConstructor):
1508         * runtime/DirectArguments.cpp:
1509         (JSC::DirectArguments::createByCopying):
1510         * runtime/Error.h:
1511         (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
1512         (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
1513         * runtime/ErrorConstructor.cpp:
1514         (JSC::Interpreter::constructWithErrorConstructor):
1515         (JSC::Interpreter::callErrorConstructor):
1516         * runtime/FunctionConstructor.cpp:
1517         (JSC::constructWithFunctionConstructor):
1518         (JSC::callFunctionConstructor):
1519         * runtime/GeneratorFunctionConstructor.cpp:
1520         (JSC::callGeneratorFunctionConstructor):
1521         (JSC::constructGeneratorFunctionConstructor):
1522         * runtime/InternalFunction.cpp:
1523         (JSC::InternalFunction::createSubclassStructure):
1524         * runtime/IntlCollator.cpp:
1525         (JSC::IntlCollator::initializeCollator):
1526         * runtime/IntlCollatorConstructor.cpp:
1527         (JSC::constructIntlCollator):
1528         (JSC::callIntlCollator):
1529         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
1530         * runtime/IntlDateTimeFormat.cpp:
1531         (JSC::IntlDateTimeFormat::initializeDateTimeFormat):
1532         * runtime/IntlDateTimeFormatConstructor.cpp:
1533         (JSC::constructIntlDateTimeFormat):
1534         (JSC::callIntlDateTimeFormat):
1535         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
1536         * runtime/IntlNumberFormat.cpp:
1537         (JSC::IntlNumberFormat::initializeNumberFormat):
1538         * runtime/IntlNumberFormatConstructor.cpp:
1539         (JSC::constructIntlNumberFormat):
1540         (JSC::callIntlNumberFormat):
1541         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
1542         * runtime/IntlObject.cpp:
1543         (JSC::canonicalizeLocaleList):
1544         (JSC::defaultLocale):
1545         (JSC::lookupSupportedLocales):
1546         (JSC::intlObjectFuncGetCanonicalLocales):
1547         * runtime/JSArrayBufferConstructor.cpp:
1548         (JSC::constructArrayBuffer):
1549         * runtime/JSArrayBufferPrototype.cpp:
1550         (JSC::arrayBufferProtoFuncSlice):
1551         * runtime/JSBoundFunction.cpp:
1552         (JSC::boundThisNoArgsFunctionCall):
1553         (JSC::boundFunctionCall):
1554         (JSC::boundThisNoArgsFunctionConstruct):
1555         (JSC::boundFunctionConstruct):
1556         * runtime/JSCellInlines.h:
1557         (JSC::ExecState::vm):
1558         * runtime/JSCustomGetterSetterFunction.cpp:
1559         (JSC::JSCustomGetterSetterFunction::customGetterSetterFunctionCall):
1560         * runtime/JSFunction.cpp:
1561         (JSC::callHostFunctionAsConstructor):
1562         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1563         (JSC::constructGenericTypedArrayView):
1564         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
1565         (JSC::genericTypedArrayViewProtoFuncSlice):
1566         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
1567         * runtime/JSGlobalObjectFunctions.cpp:
1568         (JSC::globalFuncEval):
1569         * runtime/JSInternalPromiseConstructor.cpp:
1570         (JSC::constructPromise):
1571         * runtime/JSMapIterator.cpp:
1572         (JSC::JSMapIterator::createPair):
1573         (JSC::JSMapIterator::clone):
1574         * runtime/JSNativeStdFunction.cpp:
1575         (JSC::runStdFunction):
1576         * runtime/JSPromiseConstructor.cpp:
1577         (JSC::constructPromise):
1578         * runtime/JSPropertyNameIterator.cpp:
1579         (JSC::JSPropertyNameIterator::clone):
1580         * runtime/JSScope.h:
1581         (JSC::ExecState::lexicalGlobalObject):
1582         * runtime/JSSetIterator.cpp:
1583         (JSC::JSSetIterator::createPair):
1584         (JSC::JSSetIterator::clone):
1585         * runtime/JSStringIterator.cpp:
1586         (JSC::JSStringIterator::clone):
1587         * runtime/MapConstructor.cpp:
1588         (JSC::constructMap):
1589         * runtime/MapPrototype.cpp:
1590         (JSC::mapProtoFuncValues):
1591         (JSC::mapProtoFuncEntries):
1592         (JSC::mapProtoFuncKeys):
1593         (JSC::privateFuncMapIterator):
1594         * runtime/NativeErrorConstructor.cpp:
1595         (JSC::Interpreter::constructWithNativeErrorConstructor):
1596         (JSC::Interpreter::callNativeErrorConstructor):
1597         * runtime/ObjectConstructor.cpp:
1598         (JSC::constructObject):
1599         * runtime/ProxyObject.cpp:
1600         (JSC::performProxyCall):
1601         (JSC::performProxyConstruct):
1602         * runtime/ProxyRevoke.cpp:
1603         (JSC::performProxyRevoke):
1604         * runtime/RegExpConstructor.cpp:
1605         (JSC::constructWithRegExpConstructor):
1606         (JSC::callRegExpConstructor):
1607         * runtime/ScopedArguments.cpp:
1608         (JSC::ScopedArguments::createByCopying):
1609         * runtime/SetConstructor.cpp:
1610         (JSC::constructSet):
1611         * runtime/SetPrototype.cpp:
1612         (JSC::setProtoFuncValues):
1613         (JSC::setProtoFuncEntries):
1614         (JSC::privateFuncSetIterator):
1615         * runtime/StringConstructor.cpp:
1616         (JSC::constructWithStringConstructor):
1617         * runtime/StringPrototype.cpp:
1618         (JSC::stringProtoFuncIterator):
1619         * runtime/WeakMapConstructor.cpp:
1620         (JSC::constructWeakMap):
1621         * runtime/WeakSetConstructor.cpp:
1622         (JSC::constructWeakSet):
1623         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
1624         (JSC::constructJSWebAssemblyCompileError):
1625         * wasm/js/WebAssemblyFunction.cpp:
1626         (JSC::callWebAssemblyFunction):
1627         * wasm/js/WebAssemblyModuleConstructor.cpp:
1628         (JSC::constructJSWebAssemblyModule):
1629         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
1630         (JSC::constructJSWebAssemblyRuntimeError):
1631
1632 2016-12-01  Brian Burg  <bburg@apple.com>
1633
1634         Web Inspector: generated code should use a framework-style import for *ProtocolArrayConversions.h
1635         https://bugs.webkit.org/show_bug.cgi?id=165281
1636         <rdar://problem/29427778>
1637
1638         Reviewed by Joseph Pecoraro.
1639
1640         * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:
1641         (ObjCProtocolTypeConversionsHeaderGenerator.generate_output):
1642         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1643         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1644         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1645         * inspector/scripts/tests/expected/enum-values.json-result:
1646         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1647         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1648         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1649         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1650         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1651         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1652         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1653         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1654         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1655
1656 2016-12-01  Geoffrey Garen  <ggaren@apple.com>
1657
1658         SourceCodeKey should use unlinked source code
1659         https://bugs.webkit.org/show_bug.cgi?id=165286
1660
1661         Reviewed by Saam Barati.
1662
1663         This patch splits out UnlinkedSourceCode from SourceCode, and deploys
1664         UnlinkedSourceCode in SourceCodeKey.
1665
1666         It's misleading to store SourceCode in SourceCodeKey because SourceCode
1667         has an absolute location whereas unlinked cached code has no location.
1668
1669         I plan to deploy UnlinkedSourceCode in more places, to indicate code
1670         that has no absolute location.
1671
1672         * JavaScriptCore.xcodeproj/project.pbxproj:
1673         * parser/SourceCode.cpp:
1674         (JSC::UnlinkedSourceCode::toUTF8):
1675         (JSC::SourceCode::toUTF8): Deleted.
1676         * parser/SourceCode.h:
1677         (JSC::SourceCode::SourceCode):
1678         (JSC::SourceCode::startColumn):
1679         (JSC::SourceCode::isHashTableDeletedValue): Deleted.
1680         (JSC::SourceCode::hash): Deleted.
1681         (JSC::SourceCode::view): Deleted.
1682         (JSC::SourceCode::providerID): Deleted.
1683         (JSC::SourceCode::isNull): Deleted.
1684         (JSC::SourceCode::provider): Deleted.
1685         (JSC::SourceCode::startOffset): Deleted.
1686         (JSC::SourceCode::endOffset): Deleted.
1687         (JSC::SourceCode::length): Deleted. Move a bunch of stuff in to a new
1688         base class, UnlinkedSourceCode.
1689
1690         * parser/SourceCodeKey.h:
1691         (JSC::SourceCodeKey::SourceCodeKey): Use UnlinkedSourceCode since code
1692         in the cache has no location.
1693
1694         * parser/UnlinkedSourceCode.h: Copied from Source/JavaScriptCore/parser/SourceCode.h.
1695         (JSC::UnlinkedSourceCode::UnlinkedSourceCode):
1696         (JSC::UnlinkedSourceCode::provider):
1697         (JSC::SourceCode::SourceCode): Deleted.
1698         (JSC::SourceCode::isHashTableDeletedValue): Deleted.
1699         (JSC::SourceCode::hash): Deleted.
1700         (JSC::SourceCode::view): Deleted.
1701         (JSC::SourceCode::providerID): Deleted.
1702         (JSC::SourceCode::isNull): Deleted.
1703         (JSC::SourceCode::provider): Deleted.
1704         (JSC::SourceCode::firstLine): Deleted.
1705         (JSC::SourceCode::startColumn): Deleted.
1706         (JSC::SourceCode::startOffset): Deleted.
1707         (JSC::SourceCode::endOffset): Deleted.
1708         (JSC::SourceCode::length): Deleted.
1709         (JSC::makeSource): Deleted.
1710         (JSC::SourceCode::subExpression): Deleted.
1711
1712         * runtime/CodeCache.h: Use UnlinkedSourceCode in the cache.
1713
1714 2016-12-01  Keith Miller  <keith_miller@apple.com>
1715
1716         Add wasm int to floating point opcodes
1717         https://bugs.webkit.org/show_bug.cgi?id=165252
1718
1719         Reviewed by Geoffrey Garen.
1720
1721         This patch adds support for the Wasm integral type => floating point
1722         type conversion opcodes. Most of these were already supported by B3
1723         however there was no support for uint64 to float/double. Unfortunately,
1724         AFAIK x86_64 does not have a single instruction that performs this
1725         conversion. Since there is a signed conversion instruction on x86 we
1726         use that for all uint64s that don't have the top bit set. If they do have
1727         the top bit set we need to divide by 2 (rounding up) then convert the number
1728         with the signed conversion then double the result.
1729
1730         * assembler/MacroAssemblerX86_64.h:
1731         (JSC::MacroAssemblerX86_64::convertUInt64ToDouble):
1732         (JSC::MacroAssemblerX86_64::convertUInt64ToFloat):
1733         * jsc.cpp:
1734         (valueWithTypeOfWasmValue):
1735         (box):
1736         (functionTestWasmModuleFunctions):
1737         * wasm/WasmB3IRGenerator.cpp:
1738         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
1739         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
1740         * wasm/WasmFunctionParser.h:
1741         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1742         * wasm/wasm.json:
1743
1744 2016-12-01  Geoffrey Garen  <ggaren@apple.com>
1745
1746         Renamed EvalCodeCache => DirectEvalCodeCache
1747         https://bugs.webkit.org/show_bug.cgi?id=165271
1748
1749         Reviewed by Saam Barati.
1750
1751         We only use this cache for DirectEval, not IndirectEval.
1752
1753         * JavaScriptCore.xcodeproj/project.pbxproj:
1754         * bytecode/CodeBlock.cpp:
1755         (JSC::DirectEvalCodeCache::visitAggregate):
1756         (JSC::CodeBlock::stronglyVisitStrongReferences):
1757         (JSC::EvalCodeCache::visitAggregate): Deleted.
1758         * bytecode/CodeBlock.h:
1759         (JSC::CodeBlock::directEvalCodeCache):
1760         (JSC::CodeBlock::evalCodeCache): Deleted.
1761         * bytecode/DirectEvalCodeCache.h: Copied from Source/JavaScriptCore/bytecode/EvalCodeCache.h.
1762         (JSC::EvalCodeCache::CacheKey::CacheKey): Deleted.
1763         (JSC::EvalCodeCache::CacheKey::hash): Deleted.
1764         (JSC::EvalCodeCache::CacheKey::isEmptyValue): Deleted.
1765         (JSC::EvalCodeCache::CacheKey::operator==): Deleted.
1766         (JSC::EvalCodeCache::CacheKey::isHashTableDeletedValue): Deleted.
1767         (JSC::EvalCodeCache::CacheKey::Hash::hash): Deleted.
1768         (JSC::EvalCodeCache::CacheKey::Hash::equal): Deleted.
1769         (JSC::EvalCodeCache::tryGet): Deleted.
1770         (JSC::EvalCodeCache::set): Deleted.
1771         (JSC::EvalCodeCache::isEmpty): Deleted.
1772         (JSC::EvalCodeCache::clear): Deleted.
1773         * bytecode/EvalCodeCache.h: Removed.
1774         * interpreter/Interpreter.cpp:
1775         (JSC::eval):
1776         * runtime/DirectEvalExecutable.cpp:
1777         (JSC::DirectEvalExecutable::create):
1778
1779 2016-12-01  Geoffrey Garen  <ggaren@apple.com>
1780
1781         Removed some unnecessary indirection in code generation
1782         https://bugs.webkit.org/show_bug.cgi?id=165264
1783
1784         Reviewed by Keith Miller.
1785
1786         There's no need to route through JSGlobalObject when producing code --
1787         it just made the code harder to read.
1788
1789         This patch moves functions from JSGlobalObject to their singleton
1790         call sites.
1791
1792         * runtime/CodeCache.cpp:
1793         (JSC::CodeCache::getUnlinkedEvalCodeBlock):
1794         (JSC::CodeCache::getUnlinkedGlobalEvalCodeBlock): Deleted.
1795         * runtime/CodeCache.h:
1796         * runtime/DirectEvalExecutable.cpp:
1797         (JSC::DirectEvalExecutable::create):
1798         * runtime/IndirectEvalExecutable.cpp:
1799         (JSC::IndirectEvalExecutable::create):
1800         * runtime/JSGlobalObject.cpp:
1801         (JSC::JSGlobalObject::createProgramCodeBlock): Deleted.
1802         (JSC::JSGlobalObject::createLocalEvalCodeBlock): Deleted.
1803         (JSC::JSGlobalObject::createGlobalEvalCodeBlock): Deleted.
1804         (JSC::JSGlobalObject::createModuleProgramCodeBlock): Deleted.
1805         * runtime/JSGlobalObject.h:
1806         * runtime/ModuleProgramExecutable.cpp:
1807         (JSC::ModuleProgramExecutable::create):
1808         * runtime/ProgramExecutable.cpp:
1809         (JSC::ProgramExecutable::initializeGlobalProperties):
1810         * runtime/ProgramExecutable.h:
1811
1812 2016-11-30  Darin Adler  <darin@apple.com>
1813
1814         Roll out StringBuilder changes from the previous patch.
1815         They were a slowdown on a Kraken JSON test.
1816
1817         * runtime/JSONObject.cpp:
1818         Roll out changes from below.
1819
1820 2016-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
1821
1822         [JSC] Specifying same module entry point multiple times cause TypeError
1823         https://bugs.webkit.org/show_bug.cgi?id=164858
1824
1825         Reviewed by Saam Barati.
1826
1827         Allow importing the same module multiple times. Previously, when specifying the same
1828         module in the <script type="module" src="here">, it throws TypeError.
1829
1830         * builtins/ModuleLoaderPrototype.js:
1831         (requestFetch):
1832         (requestTranslate):
1833         (requestInstantiate):
1834         (requestSatisfy):
1835
1836 2016-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
1837
1838         WebAssembly JS API: export a module namespace object instead of a module environment
1839         https://bugs.webkit.org/show_bug.cgi?id=165121
1840
1841         Reviewed by Saam Barati.
1842
1843         This patch setup AbstractModuleRecord further for WebAssemblyModuleRecord.
1844         For exported entries in a wasm instance, we set up exported entries for
1845         AbstractModuleRecord. This allows us to export WASM exported functions in
1846         the module handling code.
1847
1848         Since the exported entries in the abstract module record are correctly
1849         instantiated, the module namespace object for WASM module also starts
1850         working correctly. So we start exposing the module namespace object
1851         as `instance.exports` instead of the module environment object.
1852
1853         And we move SourceCode, lexicalVariables, and declaredVariables fields to
1854         JSModuleRecord since they are related to JS source code (in the spec words,
1855         they are related to the source text module record).
1856
1857         * runtime/AbstractModuleRecord.cpp:
1858         (JSC::AbstractModuleRecord::AbstractModuleRecord):
1859         * runtime/AbstractModuleRecord.h:
1860         (JSC::AbstractModuleRecord::sourceCode): Deleted.
1861         (JSC::AbstractModuleRecord::declaredVariables): Deleted.
1862         (JSC::AbstractModuleRecord::lexicalVariables): Deleted.
1863         * runtime/JSModuleRecord.cpp:
1864         (JSC::JSModuleRecord::JSModuleRecord):
1865         * runtime/JSModuleRecord.h:
1866         (JSC::JSModuleRecord::sourceCode):
1867         (JSC::JSModuleRecord::declaredVariables):
1868         (JSC::JSModuleRecord::lexicalVariables):
1869         * wasm/WasmFormat.cpp:
1870         * wasm/js/JSWebAssemblyInstance.cpp:
1871         (JSC::JSWebAssemblyInstance::finishCreation):
1872         * wasm/js/WebAssemblyFunction.cpp:
1873         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1874         (JSC::constructJSWebAssemblyInstance):
1875         * wasm/js/WebAssemblyModuleRecord.cpp:
1876         (JSC::WebAssemblyModuleRecord::create):
1877         (JSC::WebAssemblyModuleRecord::WebAssemblyModuleRecord):
1878         (JSC::WebAssemblyModuleRecord::finishCreation):
1879         WebAssemblyModuleRecord::link should perform linking things.
1880         So allocating exported entries should be done here.
1881         (JSC::WebAssemblyModuleRecord::link):
1882         * wasm/js/WebAssemblyModuleRecord.h:
1883
1884 2016-11-30  Mark Lam  <mark.lam@apple.com>
1885
1886         TypeInfo::OutOfLineTypeFlags should be 16 bits in size.
1887         https://bugs.webkit.org/show_bug.cgi?id=165224
1888
1889         Reviewed by Saam Barati.
1890
1891         There's no reason for OutOfLineTypeFlags to be constraint to 8 bits since the
1892         space is available to us.  Making OutOfLineTypeFlags 16 bits brings TypeInfo up
1893         to 32 bits in size from the current 24 bits.
1894
1895         * runtime/JSTypeInfo.h:
1896         (JSC::TypeInfo::TypeInfo):
1897
1898 2016-11-30  Joseph Pecoraro  <pecoraro@apple.com>
1899
1900         REGRESSION: inspector/sampling-profiler/* LayoutTests are flaky timeouts
1901         https://bugs.webkit.org/show_bug.cgi?id=164388
1902         <rdar://problem/29101555>
1903
1904         Reviewed by Saam Barati.
1905
1906         There was a possibility of a deadlock between the main thread and the GC thread
1907         with the SamplingProfiler lock when Inspector is processing samples to send to
1908         the frontend. The Inspector (main thread) was holding the SamplingProfiler lock
1909         while processing samples, which runs JavaScript that could trigger a GC, and
1910         GC then tries to acquire the SamplingProfiler lock to process unprocessed samples.
1911
1912         A simple solution here is to tighten the bounds of when Inspector holds the
1913         SamplingProfiler lock. It only needs the lock when extracting samples from
1914         the SamplingProfiler. It doesn't need to hold the lock for processing those
1915         samples, which is what can run script and cause a GC.
1916
1917         * inspector/agents/InspectorScriptProfilerAgent.cpp:
1918         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
1919         Tighten bounds of this lock to only where it is needed.
1920
1921 2016-11-30  Mark Lam  <mark.lam@apple.com>
1922
1923         Proxy is not allowed in the global prototype chain.
1924         https://bugs.webkit.org/show_bug.cgi?id=165205
1925
1926         Reviewed by Geoffrey Garen.
1927
1928         * runtime/ProgramExecutable.cpp:
1929         (JSC::ProgramExecutable::initializeGlobalProperties):
1930         - We'll now throw a TypeError if we detect a Proxy in the global prototype chain.
1931
1932 2016-11-30  Commit Queue  <commit-queue@webkit.org>
1933
1934         Unreviewed, rolling out r209112.
1935         https://bugs.webkit.org/show_bug.cgi?id=165208
1936
1937         "It regressed Octane/Raytrace and JetStream" (Requested by
1938         saamyjoon on #webkit).
1939
1940         Reverted changeset:
1941
1942         "We should support CreateThis in the FTL"
1943         https://bugs.webkit.org/show_bug.cgi?id=164904
1944         http://trac.webkit.org/changeset/209112
1945
1946 2016-11-30  Darin Adler  <darin@apple.com>
1947
1948         Streamline and speed up tokenizer and segmented string classes
1949         https://bugs.webkit.org/show_bug.cgi?id=165003
1950
1951         Reviewed by Sam Weinig.
1952
1953         * runtime/JSONObject.cpp:
1954         (JSC::Stringifier::appendStringifiedValue): Use viewWithUnderlyingString when calling
1955         StringBuilder::appendQuotedJSONString, since it now takes a StringView and there is
1956         no benefit in creating a String for that function if one doesn't already exist.
1957
1958 2016-11-29  JF Bastien  <jfbastien@apple.com>
1959
1960         WebAssembly JS API: improve Instance
1961         https://bugs.webkit.org/show_bug.cgi?id=164757
1962
1963         Reviewed by Keith Miller.
1964
1965         An Instance's `exports` property wasn't populated with exports.
1966
1967         According to the spec [0], `exports` should present itself as a WebAssembly
1968         Module Record. In order to do this we need to split JSModuleRecord into
1969         AbstractModuleRecord (without the `link` and `evaluate` functions), and
1970         JSModuleRecord (which implements link and evaluate). We can then have a separate
1971         WebAssemblyModuleRecord which shares most of the implementation.
1972
1973         `exports` then maps function names to WebAssemblyFunction and
1974         WebAssemblyFunctionCell, which call into the B3-generated WebAssembly code.
1975
1976         A follow-up patch will do imports.
1977
1978         A few things of note:
1979
1980          - Use Identifier instead of String. They get uniqued, we need them for the JSModuleNamespaceObject. This is safe because JSWebAssemblyModule creation is on the main thread.
1981          - JSWebAssemblyInstance needs to refer to the JSWebAssemblyModule used to create it, because the module owns the code, identifiers, etc. The world would be very sad if it got GC'd.
1982          - Instance.exports shouldn't use putWithoutTransition because it affects all Structures, whereas here each instance needs its own exports.
1983          - Expose the compiled functions, and pipe them to the InstanceConstructor. Start moving things around to split JSModuleRecord out into JS and WebAssembly parts.
1984
1985           [0]: https://github.com/WebAssembly/design/blob/master/JS.md#webassemblyinstance-constructor
1986
1987         * CMakeLists.txt:
1988         * JavaScriptCore.xcodeproj/project.pbxproj:
1989         * runtime/AbstractModuleRecord.cpp: Copied from Source/JavaScriptCore/runtime/JSModuleRecord.cpp, which I split in two
1990         (JSC::AbstractModuleRecord::AbstractModuleRecord):
1991         (JSC::AbstractModuleRecord::destroy):
1992         (JSC::AbstractModuleRecord::finishCreation):
1993         (JSC::AbstractModuleRecord::visitChildren):
1994         (JSC::AbstractModuleRecord::appendRequestedModule):
1995         (JSC::AbstractModuleRecord::addStarExportEntry):
1996         (JSC::AbstractModuleRecord::addImportEntry):
1997         (JSC::AbstractModuleRecord::addExportEntry):
1998         (JSC::identifierToJSValue):
1999         (JSC::AbstractModuleRecord::hostResolveImportedModule):
2000         (JSC::AbstractModuleRecord::ResolveQuery::ResolveQuery):
2001         (JSC::AbstractModuleRecord::ResolveQuery::isEmptyValue):
2002         (JSC::AbstractModuleRecord::ResolveQuery::isDeletedValue):
2003         (JSC::AbstractModuleRecord::ResolveQuery::Hash::hash):
2004         (JSC::AbstractModuleRecord::ResolveQuery::Hash::equal):
2005         (JSC::AbstractModuleRecord::cacheResolution):
2006         (JSC::getExportedNames):
2007         (JSC::AbstractModuleRecord::getModuleNamespace):
2008         (JSC::printableName):
2009         (JSC::AbstractModuleRecord::dump):
2010         * runtime/AbstractModuleRecord.h: Copied from Source/JavaScriptCore/runtime/JSModuleRecord.h.
2011         (JSC::AbstractModuleRecord::ImportEntry::isNamespace):
2012         (JSC::AbstractModuleRecord::sourceCode):
2013         (JSC::AbstractModuleRecord::moduleKey):
2014         (JSC::AbstractModuleRecord::requestedModules):
2015         (JSC::AbstractModuleRecord::exportEntries):
2016         (JSC::AbstractModuleRecord::importEntries):
2017         (JSC::AbstractModuleRecord::starExportEntries):
2018         (JSC::AbstractModuleRecord::declaredVariables):
2019         (JSC::AbstractModuleRecord::lexicalVariables):
2020         (JSC::AbstractModuleRecord::moduleEnvironment):
2021         * runtime/JSGlobalObject.cpp:
2022         (JSC::JSGlobalObject::init):
2023         (JSC::JSGlobalObject::visitChildren):
2024         * runtime/JSGlobalObject.h:
2025         (JSC::JSGlobalObject::webAssemblyModuleRecordStructure):
2026         (JSC::JSGlobalObject::webAssemblyFunctionStructure):
2027         * runtime/JSModuleEnvironment.cpp:
2028         (JSC::JSModuleEnvironment::create):
2029         (JSC::JSModuleEnvironment::finishCreation):
2030         (JSC::JSModuleEnvironment::getOwnPropertySlot):
2031         (JSC::JSModuleEnvironment::getOwnNonIndexPropertyNames):
2032         (JSC::JSModuleEnvironment::put):
2033         (JSC::JSModuleEnvironment::deleteProperty):
2034         * runtime/JSModuleEnvironment.h:
2035         (JSC::JSModuleEnvironment::create):
2036         (JSC::JSModuleEnvironment::offsetOfModuleRecord):
2037         (JSC::JSModuleEnvironment::allocationSize):
2038         (JSC::JSModuleEnvironment::moduleRecord):
2039         (JSC::JSModuleEnvironment::moduleRecordSlot):
2040         * runtime/JSModuleNamespaceObject.cpp:
2041         (JSC::JSModuleNamespaceObject::finishCreation):
2042         (JSC::JSModuleNamespaceObject::getOwnPropertySlot):
2043         * runtime/JSModuleNamespaceObject.h:
2044         (JSC::JSModuleNamespaceObject::create):
2045         (JSC::JSModuleNamespaceObject::moduleRecord):
2046         * runtime/JSModuleRecord.cpp:
2047         (JSC::JSModuleRecord::createStructure):
2048         (JSC::JSModuleRecord::create):
2049         (JSC::JSModuleRecord::JSModuleRecord):
2050         (JSC::JSModuleRecord::destroy):
2051         (JSC::JSModuleRecord::finishCreation):
2052         (JSC::JSModuleRecord::visitChildren):
2053         (JSC::JSModuleRecord::instantiateDeclarations):
2054         * runtime/JSModuleRecord.h:
2055         * runtime/JSScope.cpp:
2056         (JSC::abstractAccess):
2057         (JSC::JSScope::collectClosureVariablesUnderTDZ):
2058         * runtime/VM.cpp:
2059         (JSC::VM::VM):
2060         * runtime/VM.h:
2061         * wasm/JSWebAssembly.h:
2062         * wasm/WasmFormat.h: use Identifier instead of String
2063         * wasm/WasmModuleParser.cpp:
2064         (JSC::Wasm::ModuleParser::parse):
2065         (JSC::Wasm::ModuleParser::parseType):
2066         (JSC::Wasm::ModuleParser::parseImport): fix off-by-one
2067         (JSC::Wasm::ModuleParser::parseFunction):
2068         (JSC::Wasm::ModuleParser::parseExport):
2069         * wasm/WasmModuleParser.h:
2070         (JSC::Wasm::ModuleParser::ModuleParser):
2071         * wasm/WasmPlan.cpp:
2072         (JSC::Wasm::Plan::run):
2073         * wasm/js/JSWebAssemblyInstance.cpp:
2074         (JSC::JSWebAssemblyInstance::create):
2075         (JSC::JSWebAssemblyInstance::finishCreation):
2076         (JSC::JSWebAssemblyInstance::visitChildren):
2077         * wasm/js/JSWebAssemblyInstance.h:
2078         (JSC::JSWebAssemblyInstance::module):
2079         * wasm/js/JSWebAssemblyModule.cpp:
2080         (JSC::JSWebAssemblyModule::create):
2081         (JSC::JSWebAssemblyModule::finishCreation):
2082         (JSC::JSWebAssemblyModule::visitChildren):
2083         * wasm/js/JSWebAssemblyModule.h:
2084         (JSC::JSWebAssemblyModule::moduleInformation):
2085         (JSC::JSWebAssemblyModule::compiledFunctions):
2086         (JSC::JSWebAssemblyModule::exportSymbolTable):
2087         * wasm/js/WebAssemblyFunction.cpp: Added.
2088         (JSC::callWebAssemblyFunction):
2089         (JSC::WebAssemblyFunction::create):
2090         (JSC::WebAssemblyFunction::createStructure):
2091         (JSC::WebAssemblyFunction::WebAssemblyFunction):
2092         (JSC::WebAssemblyFunction::visitChildren):
2093         (JSC::WebAssemblyFunction::finishCreation):
2094         * wasm/js/WebAssemblyFunction.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
2095         (JSC::CallableWebAssemblyFunction::CallableWebAssemblyFunction):
2096         (JSC::WebAssemblyFunction::webAssemblyFunctionCell):
2097         * wasm/js/WebAssemblyFunctionCell.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h.
2098         (JSC::WebAssemblyFunctionCell::create):
2099         (JSC::WebAssemblyFunctionCell::WebAssemblyFunctionCell):
2100         (JSC::WebAssemblyFunctionCell::destroy):
2101         (JSC::WebAssemblyFunctionCell::createStructure):
2102         * wasm/js/WebAssemblyFunctionCell.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h.
2103         (JSC::WebAssemblyFunctionCell::function):
2104         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2105         (JSC::constructJSWebAssemblyInstance):
2106         * wasm/js/WebAssemblyModuleConstructor.cpp:
2107         (JSC::constructJSWebAssemblyModule):
2108         * wasm/js/WebAssemblyModuleRecord.cpp: Added.
2109         (JSC::WebAssemblyModuleRecord::createStructure):
2110         (JSC::WebAssemblyModuleRecord::create):
2111         (JSC::WebAssemblyModuleRecord::WebAssemblyModuleRecord):
2112         (JSC::WebAssemblyModuleRecord::destroy):
2113         (JSC::WebAssemblyModuleRecord::finishCreation):
2114         (JSC::WebAssemblyModuleRecord::visitChildren):
2115         (JSC::WebAssemblyModuleRecord::link):
2116         (JSC::WebAssemblyModuleRecord::evaluate):
2117         * wasm/js/WebAssemblyModuleRecord.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h.
2118
2119 2016-11-29  Saam Barati  <sbarati@apple.com>
2120
2121         We should be able optimize the pattern where we spread a function's rest parameter to another call
2122         https://bugs.webkit.org/show_bug.cgi?id=163865
2123
2124         Reviewed by Filip Pizlo.
2125
2126         This patch optimizes the following patterns to prevent both the allocation
2127         of the rest parameter, and the execution of the iterator protocol:
2128         
2129         ```
2130         function foo(...args) {
2131             let arr = [...args];
2132         }
2133         
2134         and
2135         
2136         function foo(...args) {
2137             bar(...args);
2138         }
2139         ```
2140         
2141         To do this, I've extended the arguments elimination phase to reason
2142         about Spread and NewArrayWithSpread. I've added two new nodes, PhantomSpread
2143         and PhantomNewArrayWithSpread. PhantomSpread is only allowed over rest
2144         parameters that don't escape. If the rest parameter *does* escape, we can't
2145         convert the spread into a phantom because it would not be sound w.r.t JS
2146         semantics because we would be reading from the call frame even though
2147         the rest array may have changed.
2148         
2149         Note that NewArrayWithSpread also understands what to do when one of its
2150         arguments is PhantomSpread(@PhantomCreateRest) even if it itself is escaped.
2151         
2152         PhantomNewArrayWithSpread is only allowed over a series of
2153         PhantomSpread(@PhantomCreateRest) nodes. Like with PhantomSpread, PhantomNewArrayWithSpread
2154         is only allowed if none of its arguments that are being spread are escaped
2155         and if it itself is not escaped.
2156         
2157         Because there is a dependency between a node being a candidate and
2158         the escaped state of the node's children, I've extended the notion
2159         of escaping a node inside the arguments elimination phase. Now, when
2160         any node is escaped, we must consider all other candidates that are may
2161         now no longer be valid.
2162         
2163         For example:
2164         
2165         ```
2166         function foo(...args) {
2167             escape(args);
2168             bar(...args);
2169         }
2170         ```
2171         
2172         In the above program, we don't know if the function call to escape()
2173         modifies args, therefore, the spread can not become phantom because
2174         the execution of the spread may not be as simple as reading the
2175         arguments from the call frame.
2176         
2177         Unfortunately, the arguments elimination phase does not consider control
2178         flow when doing its escape analysis. It would be good to integrate this
2179         phase with the object allocation sinking phase. To see why, consider
2180         an example where we don't eliminate the spread and allocation of the rest
2181         parameter even though we could:
2182         
2183         ```
2184         function foo(rareCondition, ...args) {
2185             bar(...args);
2186             if (rareCondition)
2187                 baz(args);
2188         }
2189         ```
2190         
2191         There are only a few users of the PhantomSpread and PhantomNewArrayWithSpread
2192         nodes. PhantomSpread is only used by PhantomNewArrayWithSpread and NewArrayWithSpread.
2193         PhantomNewArrayWithSpread is only used by ForwardVarargs and the various
2194         *Call*ForwardVarargs nodes. The users of these phantoms know how to produce
2195         what the phantom node would have produced. For example, NewArrayWithSpread
2196         knows how to produce the values that would have been produced by PhantomSpread(@PhantomCreateRest)
2197         by directly reading from the call frame.
2198         
2199         This patch is a 6% speedup on my MBP on ES6SampleBench.
2200
2201         * b3/B3LowerToAir.cpp:
2202         (JSC::B3::Air::LowerToAir::tryAppendLea):
2203         * b3/B3ValueRep.h:
2204         * builtins/BuiltinExecutables.cpp:
2205         (JSC::BuiltinExecutables::createDefaultConstructor):
2206         * dfg/DFGAbstractInterpreterInlines.h:
2207         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2208         * dfg/DFGArgumentsEliminationPhase.cpp:
2209         * dfg/DFGClobberize.h:
2210         (JSC::DFG::clobberize):
2211         * dfg/DFGDoesGC.cpp:
2212         (JSC::DFG::doesGC):
2213         * dfg/DFGFixupPhase.cpp:
2214         (JSC::DFG::FixupPhase::fixupNode):
2215         * dfg/DFGForAllKills.h:
2216         (JSC::DFG::forAllKillsInBlock):
2217         * dfg/DFGNode.h:
2218         (JSC::DFG::Node::hasConstant):
2219         (JSC::DFG::Node::constant):
2220         (JSC::DFG::Node::bitVector):
2221         (JSC::DFG::Node::isPhantomAllocation):
2222         * dfg/DFGNodeType.h:
2223         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2224         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
2225         (JSC::DFG::LocalOSRAvailabilityCalculator::LocalOSRAvailabilityCalculator):
2226         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
2227         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
2228         * dfg/DFGObjectAllocationSinkingPhase.cpp:
2229         * dfg/DFGPreciseLocalClobberize.h:
2230         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
2231         * dfg/DFGPredictionPropagationPhase.cpp:
2232         * dfg/DFGPromotedHeapLocation.cpp:
2233         (WTF::printInternal):
2234         * dfg/DFGPromotedHeapLocation.h:
2235         * dfg/DFGSafeToExecute.h:
2236         (JSC::DFG::safeToExecute):
2237         * dfg/DFGSpeculativeJIT32_64.cpp:
2238         (JSC::DFG::SpeculativeJIT::compile):
2239         * dfg/DFGSpeculativeJIT64.cpp:
2240         (JSC::DFG::SpeculativeJIT::compile):
2241         * dfg/DFGValidate.cpp:
2242         * ftl/FTLCapabilities.cpp:
2243         (JSC::FTL::canCompile):
2244         * ftl/FTLLowerDFGToB3.cpp:
2245         (JSC::FTL::DFG::LowerDFGToB3::LowerDFGToB3):
2246         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2247         (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
2248         (JSC::FTL::DFG::LowerDFGToB3::compileSpread):
2249         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
2250         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
2251         (JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargs):
2252         (JSC::FTL::DFG::LowerDFGToB3::getSpreadLengthFromInlineCallFrame):
2253         (JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargsWithSpread):
2254         * ftl/FTLOperations.cpp:
2255         (JSC::FTL::operationPopulateObjectInOSR):
2256         (JSC::FTL::operationMaterializeObjectInOSR):
2257         * jit/SetupVarargsFrame.cpp:
2258         (JSC::emitSetupVarargsFrameFastCase):
2259         * jsc.cpp:
2260         (GlobalObject::finishCreation):
2261         (functionMaxArguments):
2262         * runtime/JSFixedArray.h:
2263         (JSC::JSFixedArray::createFromArray):
2264
2265 2016-11-29  Commit Queue  <commit-queue@webkit.org>
2266
2267         Unreviewed, rolling out r209058 and r209074.
2268         https://bugs.webkit.org/show_bug.cgi?id=165188
2269
2270         These changes caused API test StringBuilderTest.Equal to crash
2271         and/or fail. (Requested by ryanhaddad on #webkit).
2272
2273         Reverted changesets:
2274
2275         "Streamline and speed up tokenizer and segmented string
2276         classes"
2277         https://bugs.webkit.org/show_bug.cgi?id=165003
2278         http://trac.webkit.org/changeset/209058
2279
2280         "REGRESSION (r209058): API test StringBuilderTest.Equal
2281         crashing"
2282         https://bugs.webkit.org/show_bug.cgi?id=165142
2283         http://trac.webkit.org/changeset/209074
2284
2285 2016-11-29  Caitlin Potter  <caitp@igalia.com>
2286
2287         [JSC] always wrap AwaitExpression operand in a new Promise
2288         https://bugs.webkit.org/show_bug.cgi?id=165181
2289
2290         Reviewed by Yusuke Suzuki.
2291
2292         Ensure operand of AwaitExpression is wrapped in a new Promise by
2293         explicitly creating a new Promise Capability and invoking its
2294         resolve callback. This avoids the specified short-circuit for
2295         Promise.resolve().
2296
2297         * builtins/AsyncFunctionPrototype.js:
2298         (globalPrivate.asyncFunctionResume):
2299
2300 2016-11-29  Saam Barati  <sbarati@apple.com>
2301
2302         We should support CreateThis in the FTL
2303         https://bugs.webkit.org/show_bug.cgi?id=164904
2304
2305         Reviewed by Geoffrey Garen.
2306
2307         * ftl/FTLAbstractHeapRepository.h:
2308         * ftl/FTLCapabilities.cpp:
2309         (JSC::FTL::canCompile):
2310         * ftl/FTLLowerDFGToB3.cpp:
2311         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
2312         (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
2313         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
2314         (JSC::FTL::DFG::LowerDFGToB3::compileCreateThis):
2315         (JSC::FTL::DFG::LowerDFGToB3::storeStructure):
2316         (JSC::FTL::DFG::LowerDFGToB3::allocateCell):
2317         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
2318         (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
2319         (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell):
2320         * runtime/Structure.h:
2321
2322 2016-11-29  Mark Lam  <mark.lam@apple.com>
2323
2324         Fix exception scope verification failures in runtime/RegExp* files.
2325         https://bugs.webkit.org/show_bug.cgi?id=165054
2326
2327         Reviewed by Saam Barati.
2328
2329         Also replaced returning JSValue() with returning { }.
2330
2331         * runtime/RegExpConstructor.cpp:
2332         (JSC::toFlags):
2333         (JSC::regExpCreate):
2334         (JSC::constructRegExp):
2335         * runtime/RegExpObject.cpp:
2336         (JSC::RegExpObject::defineOwnProperty):
2337         (JSC::collectMatches):
2338         (JSC::RegExpObject::matchGlobal):
2339         * runtime/RegExpObjectInlines.h:
2340         (JSC::getRegExpObjectLastIndexAsUnsigned):
2341         (JSC::RegExpObject::execInline):
2342         (JSC::RegExpObject::matchInline):
2343         * runtime/RegExpPrototype.cpp:
2344         (JSC::regExpProtoFuncCompile):
2345         (JSC::flagsString):
2346         (JSC::regExpProtoFuncToString):
2347         (JSC::regExpProtoFuncSplitFast):
2348
2349 2016-11-29  Andy Estes  <aestes@apple.com>
2350
2351         [Cocoa] Enable two clang warnings recommended by Xcode
2352         https://bugs.webkit.org/show_bug.cgi?id=164498
2353
2354         Reviewed by Mark Lam.
2355
2356         * Configurations/Base.xcconfig: Enabled CLANG_WARN_INFINITE_RECURSION and CLANG_WARN_SUSPICIOUS_MOVE.
2357
2358 2016-11-29  Keith Miller  <keith_miller@apple.com>
2359
2360         Add simple way to implement Wasm ops that require more than one B3 opcode
2361         https://bugs.webkit.org/show_bug.cgi?id=165129
2362
2363         Reviewed by Geoffrey Garen.
2364
2365         This patch adds a simple way to show the B3IRGenerator opcode script how
2366         to generate code for Wasm opcodes that do not have a one to one mapping.
2367         The syntax is pretty simple right now. There are only three things one
2368         can use as of this patch (although more things might be added in the future)
2369         1) Wasm opcode arguments: These are referred to as @<argument_number>. For example,
2370            I32.sub would map to Sub(@0, @1).
2371         2) 32-bit int constants: These are reffered to as i32(<value>). For example, i32.inc
2372            would map to Add(@0, i32(1))
2373         3) B3 opcodes: These are referred to as the B3 opcode name followed by the B3Value's constructor
2374            arguments. A value may take the result of another value as an argument. For example, you can do
2375            Div(Mul(@0, Add(@0, i32(1))), i32(2)) if there was a b3 opcode that computed the sum from 1 to n.
2376
2377         These scripts are used to implement Wasm's eqz and floating point max/min opcodes. This patch
2378         also adds missing support for the Wasm Neg opcodes.
2379
2380         * jsc.cpp:
2381         (box):
2382         (functionTestWasmModuleFunctions):
2383         * wasm/WasmB3IRGenerator.cpp:
2384         (JSC::Wasm::toB3Op): Deleted.
2385         * wasm/WasmFunctionParser.h:
2386         (JSC::Wasm::FunctionParser<Context>::parseBody):
2387         * wasm/WasmModuleParser.cpp:
2388         (JSC::Wasm::ModuleParser::parseType):
2389         * wasm/WasmParser.h:
2390         (JSC::Wasm::Parser::parseUInt8):
2391         (JSC::Wasm::Parser::parseValueType):
2392         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
2393         (Source):
2394         (Source.__init__):
2395         (read):
2396         (lex):
2397         (CodeGenerator):
2398         (CodeGenerator.__init__):
2399         (CodeGenerator.advance):
2400         (CodeGenerator.token):
2401         (CodeGenerator.parseError):
2402         (CodeGenerator.consume):
2403         (CodeGenerator.generateParameters):
2404         (CodeGenerator.generateOpcode):
2405         (CodeGenerator.generate):
2406         (temp):
2407         (generateB3OpCode):
2408         (generateI32ConstCode):
2409         (generateB3Code):
2410         (generateSimpleCode):
2411         * wasm/wasm.json:
2412
2413 2016-11-29  Mark Lam  <mark.lam@apple.com>
2414
2415         Fix exception scope verification failures in ProxyConstructor.cpp and ProxyObject.cpp.
2416         https://bugs.webkit.org/show_bug.cgi?id=165053
2417
2418         Reviewed by Saam Barati.
2419
2420         Also replaced returning JSValue() with returning { }.
2421
2422         * runtime/ProxyConstructor.cpp:
2423         (JSC::constructProxyObject):
2424         * runtime/ProxyObject.cpp:
2425         (JSC::ProxyObject::structureForTarget):
2426         (JSC::performProxyGet):
2427         (JSC::ProxyObject::performInternalMethodGetOwnProperty):
2428         (JSC::ProxyObject::performHasProperty):
2429         (JSC::ProxyObject::getOwnPropertySlotCommon):
2430         (JSC::ProxyObject::performPut):
2431         (JSC::ProxyObject::putByIndexCommon):
2432         (JSC::performProxyCall):
2433         (JSC::performProxyConstruct):
2434         (JSC::ProxyObject::performDelete):
2435         (JSC::ProxyObject::performPreventExtensions):
2436         (JSC::ProxyObject::performIsExtensible):
2437         (JSC::ProxyObject::performDefineOwnProperty):
2438         (JSC::ProxyObject::performGetOwnPropertyNames):
2439         (JSC::ProxyObject::performSetPrototype):
2440         (JSC::ProxyObject::performGetPrototype):
2441
2442 2016-11-28  Matt Baker  <mattbaker@apple.com>
2443
2444         Web Inspector: Debugger should have an option for showing asynchronous call stacks
2445         https://bugs.webkit.org/show_bug.cgi?id=163230
2446         <rdar://problem/28698683>
2447
2448         Reviewed by Joseph Pecoraro.
2449
2450         * inspector/ScriptCallFrame.cpp:
2451         (Inspector::ScriptCallFrame::isNative):
2452         Encapsulate check for native code source URL.
2453
2454         * inspector/ScriptCallFrame.h:
2455         * inspector/ScriptCallStack.cpp:
2456         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
2457         (Inspector::ScriptCallStack::buildInspectorArray):
2458         * inspector/ScriptCallStack.h:
2459         Replace use of Console::StackTrace with Array<Console::CallFrame>.
2460
2461         * inspector/agents/InspectorDebuggerAgent.cpp:
2462         (Inspector::InspectorDebuggerAgent::disable):
2463         (Inspector::InspectorDebuggerAgent::setAsyncStackTraceDepth):
2464         Set number of async frames to store (including boundary frames).
2465         A value of zero disables recording of async call stacks.
2466
2467         (Inspector::InspectorDebuggerAgent::buildAsyncStackTrace):
2468         Helper function for building a linked list StackTraces.
2469         (Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):
2470         Store a call stack for the script that scheduled the async call.
2471         If the call repeats (e.g. setInterval), the starting reference count is
2472         set to 1. This ensures that dereffing after dispatch won't clear the stack.
2473         If another async call is currently being dispatched, increment the
2474         AsyncCallData reference count for that call.
2475
2476         (Inspector::InspectorDebuggerAgent::didCancelAsyncCall):
2477         Decrement the reference count for the canceled call.
2478
2479         (Inspector::InspectorDebuggerAgent::willDispatchAsyncCall):
2480         Set the identifier for the async callback currently being dispatched,
2481         so that if the debugger pauses during dispatch a stack trace can be
2482         associated with the pause location. If an async call is already being
2483         dispatched, which could be the case when a script schedules an async
2484         call in a nested runloop, do nothing.
2485
2486         (Inspector::InspectorDebuggerAgent::didDispatchAsyncCall):
2487         Decrement the reference count for the canceled call.
2488         (Inspector::InspectorDebuggerAgent::didPause):
2489         If a stored stack trace exists for this location, convert to a protocol
2490         object and send to the frontend.
2491
2492         (Inspector::InspectorDebuggerAgent::didClearGlobalObject):
2493         (Inspector::InspectorDebuggerAgent::clearAsyncStackTraceData):
2494         (Inspector::InspectorDebuggerAgent::refAsyncCallData):
2495         Increment AsyncCallData reference count.
2496         (Inspector::InspectorDebuggerAgent::derefAsyncCallData):
2497         Decrement AsyncCallData reference count. If zero, deref its parent
2498         (if it exists) and remove the AsyncCallData entry.
2499
2500         * inspector/agents/InspectorDebuggerAgent.h:
2501
2502         * inspector/protocol/Console.json:
2503         * inspector/protocol/Network.json:
2504         Replace use of Console.StackTrace with array of Console.CallFrame.
2505
2506         * inspector/protocol/Debugger.json:
2507         New protocol command and event data.
2508
2509 2016-11-28  Darin Adler  <darin@apple.com>
2510
2511         Streamline and speed up tokenizer and segmented string classes
2512         https://bugs.webkit.org/show_bug.cgi?id=165003
2513
2514         Reviewed by Sam Weinig.
2515
2516         * runtime/JSONObject.cpp:
2517         (JSC::Stringifier::appendStringifiedValue): Use viewWithUnderlyingString when calling
2518         StringBuilder::appendQuotedJSONString, since it now takes a StringView and there is
2519         no benefit in creating a String for that function if one doesn't already exist.
2520
2521 2016-11-21  Mark Lam  <mark.lam@apple.com>
2522
2523         Fix exception scope verification failures in runtime/Intl* files.
2524         https://bugs.webkit.org/show_bug.cgi?id=165014
2525
2526         Reviewed by Saam Barati.
2527
2528         * runtime/IntlCollatorConstructor.cpp:
2529         (JSC::constructIntlCollator):
2530         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
2531         * runtime/IntlCollatorPrototype.cpp:
2532         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
2533         * runtime/IntlDateTimeFormatConstructor.cpp:
2534         (JSC::constructIntlDateTimeFormat):
2535         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
2536         * runtime/IntlDateTimeFormatPrototype.cpp:
2537         (JSC::IntlDateTimeFormatFuncFormatDateTime):
2538         (JSC::IntlDateTimeFormatPrototypeGetterFormat):
2539         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
2540         * runtime/IntlNumberFormatConstructor.cpp:
2541         (JSC::constructIntlNumberFormat):
2542         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
2543         * runtime/IntlNumberFormatPrototype.cpp:
2544         (JSC::IntlNumberFormatFuncFormatNumber):
2545         (JSC::IntlNumberFormatPrototypeGetterFormat):
2546         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
2547         * runtime/IntlObject.cpp:
2548         (JSC::lookupSupportedLocales):
2549         * runtime/IntlObjectInlines.h:
2550         (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
2551
2552 2016-11-28  Mark Lam  <mark.lam@apple.com>
2553
2554         Fix exception scope verification failures in IteratorOperations.h.
2555         https://bugs.webkit.org/show_bug.cgi?id=165015
2556
2557         Reviewed by Saam Barati.
2558
2559         * runtime/IteratorOperations.h:
2560         (JSC::forEachInIterable):
2561
2562 2016-11-28  Mark Lam  <mark.lam@apple.com>
2563
2564         Fix exception scope verification failures in JSArray* files.
2565         https://bugs.webkit.org/show_bug.cgi?id=165016
2566
2567         Reviewed by Saam Barati.
2568
2569         * runtime/JSArray.cpp:
2570         (JSC::JSArray::defineOwnProperty):
2571         (JSC::JSArray::put):
2572         (JSC::JSArray::setLength):
2573         (JSC::JSArray::pop):
2574         (JSC::JSArray::push):
2575         (JSC::JSArray::unshiftCountWithAnyIndexingType):
2576         * runtime/JSArrayBuffer.cpp:
2577         (JSC::JSArrayBuffer::put):
2578         (JSC::JSArrayBuffer::defineOwnProperty):
2579         * runtime/JSArrayInlines.h:
2580         (JSC::getLength):
2581         (JSC::toLength):
2582
2583 2016-11-28  Mark Lam  <mark.lam@apple.com>
2584
2585         Fix exception scope verification failures in JSDataView.cpp.
2586         https://bugs.webkit.org/show_bug.cgi?id=165020
2587
2588         Reviewed by Saam Barati.
2589
2590         * runtime/JSDataView.cpp:
2591         (JSC::JSDataView::put):
2592
2593 2016-11-28  Mark Lam  <mark.lam@apple.com>
2594
2595         Fix exception scope verification failures in JSFunction.cpp.
2596         https://bugs.webkit.org/show_bug.cgi?id=165021
2597
2598         Reviewed by Saam Barati.
2599
2600         * runtime/JSFunction.cpp:
2601         (JSC::JSFunction::put):
2602         (JSC::JSFunction::defineOwnProperty):
2603
2604 2016-11-28  Mark Lam  <mark.lam@apple.com>
2605
2606         Fix exception scope verification failures in runtime/JSGenericTypedArrayView* files.
2607         https://bugs.webkit.org/show_bug.cgi?id=165022
2608
2609         Reviewed by Saam Barati.
2610
2611         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
2612         (JSC::constructGenericTypedArrayViewFromIterator):
2613         (JSC::constructGenericTypedArrayViewWithArguments):
2614         (JSC::constructGenericTypedArrayView):
2615         * runtime/JSGenericTypedArrayViewInlines.h:
2616         (JSC::JSGenericTypedArrayView<Adaptor>::set):
2617         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
2618         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
2619         (JSC::speciesConstruct):
2620         (JSC::genericTypedArrayViewProtoFuncSet):
2621         (JSC::genericTypedArrayViewProtoFuncJoin):
2622         (JSC::genericTypedArrayViewProtoFuncSlice):
2623         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
2624
2625 2016-11-28  Mark Lam  <mark.lam@apple.com>
2626
2627         Fix exception scope verification failures in runtime/Operations.cpp/h.
2628         https://bugs.webkit.org/show_bug.cgi?id=165046
2629
2630         Reviewed by Saam Barati.
2631
2632         Also switched to using returning { } instead of JSValue().
2633
2634         * runtime/Operations.cpp:
2635         (JSC::jsAddSlowCase):
2636         (JSC::jsIsObjectTypeOrNull):
2637         * runtime/Operations.h:
2638         (JSC::jsStringFromRegisterArray):
2639         (JSC::jsStringFromArguments):
2640         (JSC::jsLess):
2641         (JSC::jsLessEq):
2642
2643 2016-11-28  Mark Lam  <mark.lam@apple.com>
2644
2645         Fix exception scope verification failures in JSScope.cpp.
2646         https://bugs.webkit.org/show_bug.cgi?id=165047
2647
2648         Reviewed by Saam Barati.
2649
2650         * runtime/JSScope.cpp:
2651         (JSC::JSScope::resolve):
2652
2653 2016-11-28  Mark Lam  <mark.lam@apple.com>
2654
2655         Fix exception scope verification failures in JSTypedArrayViewPrototype.cpp.
2656         https://bugs.webkit.org/show_bug.cgi?id=165049
2657
2658         Reviewed by Saam Barati.
2659
2660         * runtime/JSTypedArrayViewPrototype.cpp:
2661         (JSC::typedArrayViewPrivateFuncSort):
2662         (JSC::typedArrayViewProtoFuncSet):
2663         (JSC::typedArrayViewProtoFuncCopyWithin):
2664         (JSC::typedArrayViewProtoFuncIncludes):
2665         (JSC::typedArrayViewProtoFuncLastIndexOf):
2666         (JSC::typedArrayViewProtoFuncIndexOf):
2667         (JSC::typedArrayViewProtoFuncJoin):
2668         (JSC::typedArrayViewProtoGetterFuncBuffer):
2669         (JSC::typedArrayViewProtoGetterFuncLength):
2670         (JSC::typedArrayViewProtoGetterFuncByteLength):
2671         (JSC::typedArrayViewProtoGetterFuncByteOffset):
2672         (JSC::typedArrayViewProtoFuncReverse):
2673         (JSC::typedArrayViewPrivateFuncSubarrayCreate):
2674         (JSC::typedArrayViewProtoFuncSlice):
2675
2676 2016-11-28  Mark Lam  <mark.lam@apple.com>
2677
2678         Fix exception scope verification failures in runtime/Map* files.
2679         https://bugs.webkit.org/show_bug.cgi?id=165050
2680
2681         Reviewed by Saam Barati.
2682
2683         * runtime/MapConstructor.cpp:
2684         (JSC::constructMap):
2685         * runtime/MapIteratorPrototype.cpp:
2686         (JSC::MapIteratorPrototypeFuncNext):
2687         * runtime/MapPrototype.cpp:
2688         (JSC::privateFuncMapIteratorNext):
2689
2690 2016-11-28  Mark Lam  <mark.lam@apple.com>
2691
2692         Fix exception scope verification failures in more miscellaneous files.
2693         https://bugs.webkit.org/show_bug.cgi?id=165102
2694
2695         Reviewed by Saam Barati.
2696
2697         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2698         (JSC::constructJSWebAssemblyInstance):
2699
2700 2016-11-28  Mark Lam  <mark.lam@apple.com>
2701
2702         Fix exception scope verification failures in runtime/Weak* files.
2703         https://bugs.webkit.org/show_bug.cgi?id=165096
2704
2705         Reviewed by Geoffrey Garen.
2706
2707         * runtime/WeakMapConstructor.cpp:
2708         (JSC::constructWeakMap):
2709         * runtime/WeakMapPrototype.cpp:
2710         (JSC::protoFuncWeakMapSet):
2711         * runtime/WeakSetConstructor.cpp:
2712         (JSC::constructWeakSet):
2713         * runtime/WeakSetPrototype.cpp:
2714         (JSC::protoFuncWeakSetAdd):
2715
2716 2016-11-28  Mark Lam  <mark.lam@apple.com>
2717
2718         Fix exception scope verification failures in runtime/String* files.
2719         https://bugs.webkit.org/show_bug.cgi?id=165067
2720
2721         Reviewed by Saam Barati.
2722
2723         * runtime/StringConstructor.cpp:
2724         (JSC::stringFromCodePoint):
2725         (JSC::constructWithStringConstructor):
2726         * runtime/StringObject.cpp:
2727         (JSC::StringObject::put):
2728         (JSC::StringObject::putByIndex):
2729         (JSC::StringObject::defineOwnProperty):
2730         * runtime/StringPrototype.cpp:
2731         (JSC::jsSpliceSubstrings):
2732         (JSC::jsSpliceSubstringsWithSeparators):
2733         (JSC::replaceUsingRegExpSearch):
2734         (JSC::replaceUsingStringSearch):
2735         (JSC::repeatCharacter):
2736         (JSC::replace):
2737         (JSC::stringProtoFuncReplaceUsingStringSearch):
2738         (JSC::stringProtoFuncCharAt):
2739         (JSC::stringProtoFuncCodePointAt):
2740         (JSC::stringProtoFuncConcat):
2741         (JSC::stringProtoFuncIndexOf):
2742         (JSC::stringProtoFuncLastIndexOf):
2743         (JSC::splitStringByOneCharacterImpl):
2744         (JSC::stringProtoFuncSplitFast):
2745         (JSC::stringProtoFuncSubstring):
2746         (JSC::stringProtoFuncToLowerCase):
2747         (JSC::stringProtoFuncToUpperCase):
2748         (JSC::toLocaleCase):
2749         (JSC::trimString):
2750         (JSC::stringProtoFuncIncludes):
2751         (JSC::builtinStringIncludesInternal):
2752         (JSC::stringProtoFuncIterator):
2753         (JSC::normalize):
2754         (JSC::stringProtoFuncNormalize):
2755
2756 2016-11-28  Mark Lam  <mark.lam@apple.com>
2757
2758         Fix exception scope verification failures in ObjectConstructor.cpp and ObjectPrototype.cpp.
2759         https://bugs.webkit.org/show_bug.cgi?id=165051
2760
2761         Reviewed by Saam Barati.
2762
2763         Also,
2764         1. Replaced returning JSValue() with returning { }.
2765         2. Replaced uses of exec->propertyNames() with vm.propertyNames.
2766
2767         * runtime/ObjectConstructor.cpp:
2768         (JSC::constructObject):
2769         (JSC::objectConstructorGetPrototypeOf):
2770         (JSC::objectConstructorGetOwnPropertyDescriptor):
2771         (JSC::objectConstructorGetOwnPropertyDescriptors):
2772         (JSC::objectConstructorGetOwnPropertyNames):
2773         (JSC::objectConstructorGetOwnPropertySymbols):
2774         (JSC::objectConstructorKeys):
2775         (JSC::ownEnumerablePropertyKeys):
2776         (JSC::toPropertyDescriptor):
2777         (JSC::defineProperties):
2778         (JSC::objectConstructorDefineProperties):
2779         (JSC::objectConstructorCreate):
2780         (JSC::setIntegrityLevel):
2781         (JSC::objectConstructorSeal):
2782         (JSC::objectConstructorPreventExtensions):
2783         (JSC::objectConstructorIsSealed):
2784         (JSC::objectConstructorIsFrozen):
2785         (JSC::ownPropertyKeys):
2786         * runtime/ObjectPrototype.cpp:
2787         (JSC::objectProtoFuncValueOf):
2788         (JSC::objectProtoFuncHasOwnProperty):
2789         (JSC::objectProtoFuncIsPrototypeOf):
2790         (JSC::objectProtoFuncDefineGetter):
2791         (JSC::objectProtoFuncDefineSetter):
2792         (JSC::objectProtoFuncLookupGetter):
2793         (JSC::objectProtoFuncLookupSetter):
2794         (JSC::objectProtoFuncToLocaleString):
2795         (JSC::objectProtoFuncToString):
2796
2797 2016-11-26  Mark Lam  <mark.lam@apple.com>
2798
2799         Fix exception scope verification failures in miscellaneous files.
2800         https://bugs.webkit.org/show_bug.cgi?id=165055
2801
2802         Reviewed by Saam Barati.
2803
2804         * runtime/MathObject.cpp:
2805         (JSC::mathProtoFuncIMul):
2806         * runtime/ModuleLoaderPrototype.cpp:
2807         (JSC::moduleLoaderPrototypeParseModule):
2808         (JSC::moduleLoaderPrototypeRequestedModules):
2809         * runtime/NativeErrorConstructor.cpp:
2810         (JSC::Interpreter::constructWithNativeErrorConstructor):
2811         * runtime/NumberConstructor.cpp:
2812         (JSC::constructWithNumberConstructor):
2813         * runtime/SetConstructor.cpp:
2814         (JSC::constructSet):
2815         * runtime/SetIteratorPrototype.cpp:
2816         (JSC::SetIteratorPrototypeFuncNext):
2817         * runtime/SparseArrayValueMap.cpp:
2818         (JSC::SparseArrayValueMap::putEntry):
2819         (JSC::SparseArrayEntry::put):
2820         * runtime/TemplateRegistry.cpp:
2821         (JSC::TemplateRegistry::getTemplateObject):
2822
2823 2016-11-28  Mark Lam  <mark.lam@apple.com>
2824
2825         Fix exception scope verification failures in ReflectObject.cpp.
2826         https://bugs.webkit.org/show_bug.cgi?id=165066
2827
2828         Reviewed by Saam Barati.
2829
2830         * runtime/ReflectObject.cpp:
2831         (JSC::reflectObjectConstruct):
2832         (JSC::reflectObjectDefineProperty):
2833         (JSC::reflectObjectEnumerate):
2834         (JSC::reflectObjectGet):
2835         (JSC::reflectObjectGetOwnPropertyDescriptor):
2836         (JSC::reflectObjectGetPrototypeOf):
2837         (JSC::reflectObjectOwnKeys):
2838         (JSC::reflectObjectSet):
2839
2840 2016-11-24  Mark Lam  <mark.lam@apple.com>
2841
2842         Fix exception scope verification failures in ArrayConstructor.cpp and ArrayPrototype.cpp.
2843         https://bugs.webkit.org/show_bug.cgi?id=164972
2844
2845         Reviewed by Geoffrey Garen.
2846
2847         * runtime/ArrayConstructor.cpp:
2848         (JSC::constructArrayWithSizeQuirk):
2849         * runtime/ArrayPrototype.cpp:
2850         (JSC::getProperty):
2851         (JSC::putLength):
2852         (JSC::speciesWatchpointsValid):
2853         (JSC::speciesConstructArray):
2854         (JSC::shift):
2855         (JSC::unshift):
2856         (JSC::arrayProtoFuncToString):
2857         (JSC::arrayProtoFuncToLocaleString):
2858         (JSC::slowJoin):
2859         (JSC::fastJoin):
2860         (JSC::arrayProtoFuncJoin):
2861         (JSC::arrayProtoFuncPop):
2862         (JSC::arrayProtoFuncPush):
2863         (JSC::arrayProtoFuncReverse):
2864         (JSC::arrayProtoFuncShift):
2865         (JSC::arrayProtoFuncSlice):
2866         (JSC::arrayProtoFuncSplice):
2867         (JSC::arrayProtoFuncUnShift):
2868         (JSC::arrayProtoFuncIndexOf):
2869         (JSC::arrayProtoFuncLastIndexOf):
2870         (JSC::concatAppendOne):
2871         (JSC::arrayProtoPrivateFuncConcatMemcpy):
2872         (JSC::ArrayPrototype::attemptToInitializeSpeciesWatchpoint):
2873
2874 2016-11-28  Mark Lam  <mark.lam@apple.com>
2875
2876         Fix exception scope verification failures in LLIntSlowPaths.cpp.
2877         https://bugs.webkit.org/show_bug.cgi?id=164969
2878
2879         Reviewed by Geoffrey Garen.
2880
2881         * llint/LLIntSlowPaths.cpp:
2882         (JSC::LLInt::getByVal):
2883         (JSC::LLInt::setUpCall):
2884         (JSC::LLInt::varargsSetup):
2885         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2886
2887 2016-11-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2888
2889         [WTF] Import std::optional reference implementation as WTF::Optional
2890         https://bugs.webkit.org/show_bug.cgi?id=164199
2891
2892         Reviewed by Saam Barati and Sam Weinig.
2893
2894         Previous WTF::Optional::operator= is not compatible to std::optional::operator=.
2895         std::optional::emplace has the same semantics to the previous one.
2896         So we change the code to use it.
2897
2898         * Scripts/builtins/builtins_templates.py:
2899         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
2900         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result:
2901         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result:
2902         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result:
2903         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
2904         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result:
2905         * Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result:
2906         * Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
2907         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
2908         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2909         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2910         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2911         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2912         * assembler/MacroAssemblerARM64.h:
2913         (JSC::MacroAssemblerARM64::commuteCompareToZeroIntoTest):
2914         * assembler/MacroAssemblerX86Common.h:
2915         (JSC::MacroAssemblerX86Common::commuteCompareToZeroIntoTest):
2916         * b3/B3CheckSpecial.cpp:
2917         (JSC::B3::CheckSpecial::forEachArg):
2918         (JSC::B3::CheckSpecial::shouldTryAliasingDef):
2919         * b3/B3CheckSpecial.h:
2920         * b3/B3LowerToAir.cpp:
2921         (JSC::B3::Air::LowerToAir::scaleForShl):
2922         (JSC::B3::Air::LowerToAir::effectiveAddr):
2923         (JSC::B3::Air::LowerToAir::tryAppendLea):
2924         * b3/B3Opcode.cpp:
2925         (JSC::B3::invertedCompare):
2926         * b3/B3Opcode.h:
2927         * b3/B3PatchpointSpecial.cpp:
2928         (JSC::B3::PatchpointSpecial::forEachArg):
2929         * b3/B3StackmapSpecial.cpp:
2930         (JSC::B3::StackmapSpecial::forEachArgImpl):
2931         * b3/B3StackmapSpecial.h:
2932         * b3/B3Value.cpp:
2933         (JSC::B3::Value::invertedCompare):
2934         * b3/air/AirArg.h:
2935         (JSC::B3::Air::Arg::isValidScale):
2936         (JSC::B3::Air::Arg::isValidAddrForm):
2937         (JSC::B3::Air::Arg::isValidIndexForm):
2938         (JSC::B3::Air::Arg::isValidForm):
2939         * b3/air/AirCustom.h:
2940         (JSC::B3::Air::PatchCustom::shouldTryAliasingDef):
2941         * b3/air/AirFixObviousSpills.cpp:
2942         * b3/air/AirInst.h:
2943         * b3/air/AirInstInlines.h:
2944         (JSC::B3::Air::Inst::shouldTryAliasingDef):
2945         * b3/air/AirIteratedRegisterCoalescing.cpp:
2946         * b3/air/AirSpecial.cpp:
2947         (JSC::B3::Air::Special::shouldTryAliasingDef):
2948         * b3/air/AirSpecial.h:
2949         * bytecode/BytecodeGeneratorification.cpp:
2950         (JSC::BytecodeGeneratorification::storageForGeneratorLocal):
2951         * bytecode/CodeBlock.cpp:
2952         (JSC::CodeBlock::findPC):
2953         (JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex):
2954         * bytecode/CodeBlock.h:
2955         * bytecode/UnlinkedFunctionExecutable.cpp:
2956         (JSC::UnlinkedFunctionExecutable::link):
2957         * bytecode/UnlinkedFunctionExecutable.h:
2958         * bytecompiler/BytecodeGenerator.h:
2959         * bytecompiler/NodesCodegen.cpp:
2960         (JSC::PropertyListNode::emitPutConstantProperty):
2961         (JSC::ObjectPatternNode::bindValue):
2962         * debugger/Debugger.cpp:
2963         (JSC::Debugger::resolveBreakpoint):
2964         * debugger/DebuggerCallFrame.cpp:
2965         (JSC::DebuggerCallFrame::currentPosition):
2966         * debugger/DebuggerParseData.cpp:
2967         (JSC::DebuggerPausePositions::breakpointLocationForLineColumn):
2968         * debugger/DebuggerParseData.h:
2969         * debugger/ScriptProfilingScope.h:
2970         * dfg/DFGAbstractInterpreterInlines.h:
2971         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2972         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeDoubleUnaryOpEffects):
2973         * dfg/DFGJITCode.cpp:
2974         (JSC::DFG::JITCode::findPC):
2975         * dfg/DFGJITCode.h:
2976         * dfg/DFGOperations.cpp:
2977         (JSC::DFG::operationPutByValInternal):
2978         * dfg/DFGSlowPathGenerator.h:
2979         (JSC::DFG::SlowPathGenerator::generate):
2980         * dfg/DFGSpeculativeJIT.cpp:
2981         (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
2982         (JSC::DFG::SpeculativeJIT::emitUntypedBitOp):
2983         (JSC::DFG::SpeculativeJIT::emitUntypedRightShiftBitOp):
2984         (JSC::DFG::SpeculativeJIT::compileMathIC):
2985         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2986         (JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
2987         * dfg/DFGSpeculativeJIT.h:
2988         * dfg/DFGSpeculativeJIT32_64.cpp:
2989         (JSC::DFG::SpeculativeJIT::compile):
2990         * dfg/DFGSpeculativeJIT64.cpp:
2991         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2992         (JSC::DFG::SpeculativeJIT::emitBranch):
2993         (JSC::DFG::SpeculativeJIT::compile):
2994         * dfg/DFGStrengthReductionPhase.cpp:
2995         (JSC::DFG::StrengthReductionPhase::handleNode):
2996         * ftl/FTLJITCode.cpp:
2997         (JSC::FTL::JITCode::findPC):
2998         * ftl/FTLJITCode.h:
2999         * heap/Heap.cpp:
3000         (JSC::Heap::collectAsync):
3001         (JSC::Heap::collectSync):
3002         (JSC::Heap::collectInThread):
3003         (JSC::Heap::requestCollection):
3004         (JSC::Heap::willStartCollection):
3005         (JSC::Heap::didFinishCollection):
3006         (JSC::Heap::shouldDoFullCollection):
3007         * heap/Heap.h:
3008         (JSC::Heap::collectionScope):
3009         * heap/HeapSnapshot.cpp:
3010         (JSC::HeapSnapshot::nodeForCell):
3011         (JSC::HeapSnapshot::nodeForObjectIdentifier):
3012         * heap/HeapSnapshot.h:
3013         * inspector/InspectorBackendDispatcher.cpp:
3014         (Inspector::BackendDispatcher::dispatch):
3015         (Inspector::BackendDispatcher::sendPendingErrors):
3016         (Inspector::BackendDispatcher::reportProtocolError):
3017         * inspector/InspectorBackendDispatcher.h:
3018         * inspector/agents/InspectorHeapAgent.cpp:
3019         (Inspector::InspectorHeapAgent::nodeForHeapObjectIdentifier):
3020         (Inspector::InspectorHeapAgent::getPreview):
3021         (Inspector::InspectorHeapAgent::getRemoteObject):
3022         * inspector/agents/InspectorHeapAgent.h:
3023         * inspector/remote/RemoteConnectionToTarget.h:
3024         * inspector/remote/RemoteConnectionToTarget.mm:
3025         (Inspector::RemoteConnectionToTarget::targetIdentifier):
3026         (Inspector::RemoteConnectionToTarget::setup):
3027         * inspector/remote/RemoteInspector.h:
3028         * inspector/remote/RemoteInspector.mm:
3029         (Inspector::RemoteInspector::updateClientCapabilities):
3030         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
3031         (_generate_declarations_for_enum_conversion_methods):
3032         (_generate_declarations_for_enum_conversion_methods.return_type_with_export_macro):
3033         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py:
3034         (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain.generate_conversion_method_body):
3035         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3036         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3037         * inspector/scripts/tests/expected/enum-values.json-result:
3038         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3039         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3040         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3041         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3042         * jit/JITCode.h:
3043         (JSC::JITCode::findPC):
3044         * jit/JITDivGenerator.cpp:
3045         (JSC::JITDivGenerator::generateFastPath):
3046         * jit/JITOperations.cpp:
3047         * jit/PCToCodeOriginMap.cpp:
3048         (JSC::PCToCodeOriginMap::findPC):
3049         * jit/PCToCodeOriginMap.h:
3050         * jsc.cpp:
3051         (WTF::RuntimeArray::getOwnPropertySlot):
3052         * llint/LLIntSlowPaths.cpp:
3053         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3054         * parser/ModuleAnalyzer.cpp:
3055         (JSC::ModuleAnalyzer::exportVariable):
3056         * runtime/ConcurrentJSLock.h:
3057         (JSC::ConcurrentJSLocker::ConcurrentJSLocker):
3058         * runtime/DefinePropertyAttributes.h:
3059         (JSC::DefinePropertyAttributes::writable):
3060         (JSC::DefinePropertyAttributes::configurable):
3061         (JSC::DefinePropertyAttributes::enumerable):
3062         * runtime/GenericArgumentsInlines.h:
3063         (JSC::GenericArguments<Type>::getOwnPropertySlot):
3064         (JSC::GenericArguments<Type>::put):
3065         (JSC::GenericArguments<Type>::deleteProperty):
3066         (JSC::GenericArguments<Type>::defineOwnProperty):
3067         * runtime/HasOwnPropertyCache.h:
3068         (JSC::HasOwnPropertyCache::get):
3069         * runtime/HashMapImpl.h:
3070         (JSC::concurrentJSMapHash):
3071         * runtime/Identifier.h:
3072         (JSC::parseIndex):
3073         * runtime/JSArray.cpp:
3074         (JSC::JSArray::defineOwnProperty):
3075         * runtime/JSCJSValue.cpp:
3076         (JSC::JSValue::toNumberFromPrimitive):
3077         (JSC::JSValue::putToPrimitive):
3078         * runtime/JSCJSValue.h:
3079         * runtime/JSGenericTypedArrayView.h:
3080         (JSC::JSGenericTypedArrayView::toAdaptorNativeFromValueWithoutCoercion):
3081         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
3082         (JSC::constructGenericTypedArrayViewWithArguments):
3083         (JSC::constructGenericTypedArrayView):
3084         * runtime/JSGenericTypedArrayViewInlines.h:
3085         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
3086         (JSC::JSGenericTypedArrayView<Adaptor>::put):
3087         * runtime/JSModuleRecord.cpp:
3088         * runtime/JSModuleRecord.h:
3089         * runtime/JSObject.cpp:
3090         (JSC::JSObject::putDirectAccessor):
3091         (JSC::JSObject::deleteProperty):
3092         (JSC::JSObject::putDirectMayBeIndex):
3093         (JSC::JSObject::defineOwnProperty):
3094         * runtime/JSObject.h:
3095         (JSC::JSObject::getOwnPropertySlot):
3096         (JSC::JSObject::getPropertySlot):
3097         (JSC::JSObject::putOwnDataPropertyMayBeIndex):
3098         * runtime/JSObjectInlines.h:
3099         (JSC::JSObject::putInline):
3100         * runtime/JSString.cpp:
3101         (JSC::JSString::getStringPropertyDescriptor):
3102         * runtime/JSString.h:
3103         (JSC::JSString::getStringPropertySlot):
3104         * runtime/LiteralParser.cpp:
3105         (JSC::LiteralParser<CharType>::parse):
3106         * runtime/MathCommon.h:
3107         (JSC::safeReciprocalForDivByConst):
3108         * runtime/ObjectPrototype.cpp:
3109         (JSC::objectProtoFuncHasOwnProperty):
3110         * runtime/PropertyDescriptor.h:
3111         (JSC::toPropertyDescriptor):
3112         * runtime/PropertyName.h:
3113         (JSC::parseIndex):
3114         * runtime/SamplingProfiler.cpp:
3115         (JSC::SamplingProfiler::processUnverifiedStackTraces):
3116         * runtime/StringObject.cpp:
3117         (JSC::StringObject::put):
3118         (JSC::isStringOwnProperty):
3119         (JSC::StringObject::deleteProperty):
3120         * runtime/ToNativeFromValue.h:
3121         (JSC::toNativeFromValueWithoutCoercion):
3122         * runtime/TypedArrayAdaptors.h:
3123         (JSC::IntegralTypedArrayAdaptor::toNativeFromInt32WithoutCoercion):
3124         (JSC::IntegralTypedArrayAdaptor::toNativeFromUint32WithoutCoercion):
3125         (JSC::IntegralTypedArrayAdaptor::toNativeFromDoubleWithoutCoercion):
3126         (JSC::FloatTypedArrayAdaptor::toNativeFromInt32WithoutCoercion):
3127         (JSC::FloatTypedArrayAdaptor::toNativeFromDoubleWithoutCoercion):
3128         (JSC::Uint8ClampedAdaptor::toNativeFromInt32WithoutCoercion):
3129         (JSC::Uint8ClampedAdaptor::toNativeFromDoubleWithoutCoercion):
3130
3131 2016-11-26  Sam Weinig  <sam@webkit.org>
3132
3133         Convert IntersectionObserver over to using RuntimeEnabledFeatures so it can be properly excluded from script
3134         https://bugs.webkit.org/show_bug.cgi?id=164965
3135
3136         Reviewed by Simon Fraser.
3137
3138         * runtime/CommonIdentifiers.h:
3139         Add identifiers needed for RuntimeEnabledFeatures.
3140
3141 2016-11-23  Zan Dobersek  <zdobersek@igalia.com>
3142
3143         Remove ENABLE_ASSEMBLER_WX_EXCLUSIVE code
3144         https://bugs.webkit.org/show_bug.cgi?id=165027
3145
3146         Reviewed by Darin Adler.
3147
3148         Remove the code guarded with ENABLE(ASSEMBLER_WX_EXCLUSIVE).
3149         No port enables this and the guarded code doesn't build at all,
3150         so it's safe to say it's abandoned.
3151
3152         * jit/ExecutableAllocator.cpp:
3153         (JSC::ExecutableAllocator::initializeAllocator):
3154         (JSC::ExecutableAllocator::ExecutableAllocator):
3155         (JSC::ExecutableAllocator::reprotectRegion): Deleted.
3156
3157 2016-11-18  Mark Lam  <mark.lam@apple.com>
3158
3159         Fix exception scope verification failures in JSC profiler files.
3160         https://bugs.webkit.org/show_bug.cgi?id=164971
3161
3162         Reviewed by Saam Barati.
3163
3164         * profiler/ProfilerBytecodeSequence.cpp:
3165         (JSC::Profiler::BytecodeSequence::addSequenceProperties):
3166         * profiler/ProfilerCompilation.cpp:
3167         (JSC::Profiler::Compilation::toJS):
3168         * profiler/ProfilerDatabase.cpp:
3169         (JSC::Profiler::Database::toJS):
3170         (JSC::Profiler::Database::toJSON):
3171         * profiler/ProfilerOSRExitSite.cpp:
3172         (JSC::Profiler::OSRExitSite::toJS):
3173         * profiler/ProfilerOriginStack.cpp:
3174         (JSC::Profiler::OriginStack::toJS):
3175
3176 2016-11-22  Mark Lam  <mark.lam@apple.com>
3177
3178         Fix exception scope verification failures in JSONObject.cpp.
3179         https://bugs.webkit.org/show_bug.cgi?id=165025
3180
3181         Reviewed by Saam Barati.
3182
3183         * runtime/JSONObject.cpp:
3184         (JSC::gap):
3185         (JSC::Stringifier::Stringifier):
3186         (JSC::Stringifier::stringify):
3187         (JSC::Stringifier::toJSON):
3188         (JSC::Stringifier::appendStringifiedValue):
3189         (JSC::Stringifier::Holder::appendNextProperty):
3190         (JSC::Walker::walk):
3191         (JSC::JSONProtoFuncParse):
3192         (JSC::JSONProtoFuncStringify):
3193         (JSC::JSONStringify):
3194
3195 2016-11-21  Mark Lam  <mark.lam@apple.com>
3196
3197         Removed an extra space character at the end of line.
3198
3199         Not reviewed.
3200
3201         * runtime/JSCell.cpp:
3202         (JSC::JSCell::toNumber):
3203
3204 2016-11-21  Mark Lam  <mark.lam@apple.com>
3205
3206         Fix exception scope verification failures in FunctionConstructor.cpp.
3207         https://bugs.webkit.org/show_bug.cgi?id=165011
3208
3209         Reviewed by Saam Barati.
3210
3211         * runtime/FunctionConstructor.cpp:
3212         (JSC::constructFunction):
3213         (JSC::constructFunctionSkippingEvalEnabledCheck):
3214
3215 2016-11-21  Mark Lam  <mark.lam@apple.com>
3216
3217         Fix exception scope verification failures in GetterSetter.cpp.
3218         https://bugs.webkit.org/show_bug.cgi?id=165013
3219
3220         Reviewed by Saam Barati.
3221
3222         * runtime/GetterSetter.cpp:
3223         (JSC::callGetter):
3224         (JSC::callSetter):
3225
3226 2016-11-21  Yusuke Suzuki  <utatane.tea@gmail.com>
3227
3228         Crash in com.apple.JavaScriptCore: WTF::ThreadSpecific<WTF::WTFThreadData, + 142
3229         https://bugs.webkit.org/show_bug.cgi?id=164898
3230
3231         Reviewed by Darin Adler.
3232
3233         The callsite object (JSArray) of tagged template literal is managed by WeakGCMap since
3234         same tagged template literal need to return an identical object.
3235         The problem is that we used TemplateRegistryKey as the key of the WeakGCMap. WeakGCMap
3236         can prune its entries in the collector thread. At that time, this TemplateRegistryKey
3237         is deallocated. Since it includes String (and then, StringImpl), we accidentally call
3238         ref(), deref() and StringImpl::destroy() in the different thread from the main thread
3239         while this TemplateRegistryKey is allocated in the main thread.
3240
3241         Instead, we use TemplateRegistryKey* as the key of WeakGCMap. Then, to keep its liveness
3242         while the entry of the WeakGCMap is alive, the callsite object has the reference to
3243         the JSTemplateRegistryKey. And it holds Ref<TemplateRegistryKey>.
3244
3245         And now we need to lookup WeakGCMap with TemplateRegistryKey*. To do so, we create
3246         interning system for TemplateRegistryKey. It is similar to AtomicStringTable and
3247         SymbolRegistry. TemplateRegistryKey is allocated from this table. This table atomize the
3248         TemplateRegistryKey. So we can use the pointer comparison between TemplateRegistryKey.
3249         It allows us to lookup the entry from WeakGCMap by TemplateRegistryKey*.
3250
3251         * CMakeLists.txt:
3252         * JavaScriptCore.xcodeproj/project.pbxproj:
3253         * builtins/BuiltinNames.h:
3254         * bytecompiler/BytecodeGenerator.cpp:
3255         (JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
3256         (JSC::BytecodeGenerator::emitGetTemplateObject):
3257         * bytecompiler/BytecodeGenerator.h:
3258         * runtime/JSGlobalObject.cpp:
3259         (JSC::getTemplateObject):
3260         * runtime/JSTemplateRegistryKey.cpp:
3261         (JSC::JSTemplateRegistryKey::JSTemplateRegistryKey):
3262         (JSC::JSTemplateRegistryKey::create):
3263         * runtime/JSTemplateRegistryKey.h:
3264         * runtime/TemplateRegistry.cpp:
3265         (JSC::TemplateRegistry::getTemplateObject):
3266         * runtime/TemplateRegistry.h:
3267         * runtime/TemplateRegistryKey.cpp: Copied from Source/JavaScriptCore/runtime/TemplateRegistry.h.
3268         (JSC::TemplateRegistryKey::~TemplateRegistryKey):
3269         * runtime/TemplateRegistryKey.h:
3270         (JSC::TemplateRegistryKey::calculateHash):
3271         (JSC::TemplateRegistryKey::create):
3272         (JSC::TemplateRegistryKey::TemplateRegistryKey):
3273         * runtime/TemplateRegistryKeyTable.cpp: Added.
3274         (JSC::TemplateRegistryKeyTranslator::hash):
3275         (JSC::TemplateRegistryKeyTranslator::equal):
3276         (JSC::TemplateRegistryKeyTranslator::translate):
3277         (JSC::TemplateRegistryKeyTable::~TemplateRegistryKeyTable):
3278         (JSC::TemplateRegistryKeyTable::createKey):
3279         (JSC::TemplateRegistryKeyTable::unregister):
3280         * runtime/TemplateRegistryKeyTable.h: Copied from Source/JavaScriptCore/runtime/JSTemplateRegistryKey.h.
3281         (JSC::TemplateRegistryKeyTable::KeyHash::hash):
3282         (JSC::TemplateRegistryKeyTable::KeyHash::equal):
3283         * runtime/VM.h:
3284         (JSC::VM::templateRegistryKeyTable):
3285
3286 2016-11-21  Mark Lam  <mark.lam@apple.com>
3287
3288         Fix exception scope verification failures in runtime/Error* files.
3289         https://bugs.webkit.org/show_bug.cgi?id=164998
3290
3291         Reviewed by Darin Adler.
3292
3293         * runtime/ErrorConstructor.cpp:
3294         (JSC::Interpreter::constructWithErrorConstructor):
3295         * runtime/ErrorInstance.cpp:
3296         (JSC::ErrorInstance::create):
3297         * runtime/ErrorInstance.h:
3298         * runtime/ErrorPrototype.cpp:
3299         (JSC::errorProtoFuncToString):
3300
3301 2016-11-21  Mark Lam  <mark.lam@apple.com>
3302
3303         Fix exception scope verification failures in *Executable.cpp files.
3304         https://bugs.webkit.org/show_bug.cgi?id=164996
3305
3306         Reviewed by Darin Adler.
3307
3308         * runtime/DirectEvalExecutable.cpp:
3309         (JSC::DirectEvalExecutable::create):
3310         * runtime/IndirectEvalExecutable.cpp:
3311         (JSC::IndirectEvalExecutable::create):
3312         * runtime/ProgramExecutable.cpp:
3313         (JSC::ProgramExecutable::initializeGlobalProperties):
3314         * runtime/ScriptExecutable.cpp:
3315         (JSC::ScriptExecutable::prepareForExecutionImpl):
3316
3317 2016-11-20  Zan Dobersek  <zdobersek@igalia.com>
3318
3319         [EncryptedMedia] Make EME API runtime-enabled
3320         https://bugs.webkit.org/show_bug.cgi?id=164927
3321
3322         Reviewed by Jer Noble.
3323
3324         * runtime/CommonIdentifiers.h: Add the necessary identifiers.
3325
3326 2016-11-20  Mark Lam  <mark.lam@apple.com>
3327
3328         Fix exception scope verification failures in ConstructData.cpp.
3329         https://bugs.webkit.org/show_bug.cgi?id=164976
3330
3331         Reviewed by Darin Adler.
3332
3333         * runtime/ConstructData.cpp:
3334         (JSC::construct):
3335
3336 2016-11-20  Mark Lam  <mark.lam@apple.com>
3337
3338         Fix exception scope verification failures in CommonSlowPaths.cpp/h.
3339         https://bugs.webkit.org/show_bug.cgi?id=164975
3340
3341         Reviewed by Darin Adler.
3342
3343         * runtime/CommonSlowPaths.cpp:
3344         (JSC::SLOW_PATH_DECL):
3345         * runtime/CommonSlowPaths.h:
3346         (JSC::CommonSlowPaths::opIn):
3347
3348 2016-11-20  Mark Lam  <mark.lam@apple.com>
3349
3350         Fix exception scope verification failures in DateConstructor.cpp and DatePrototype.cpp.
3351         https://bugs.webkit.org/show_bug.cgi?id=164995
3352
3353         Reviewed by Darin Adler.
3354
3355         * runtime/DateConstructor.cpp:
3356         (JSC::millisecondsFromComponents):
3357         (JSC::constructDate):
3358         * runtime/DatePrototype.cpp:
3359         (JSC::dateProtoFuncToPrimitiveSymbol):
3360
3361 2016-11-20  Caitlin Potter  <caitp@igalia.com>
3362
3363         [JSC] speed up parsing of async functions
3364         https://bugs.webkit.org/show_bug.cgi?id=164808
3365
3366         Reviewed by Yusuke Suzuki.
3367
3368         Minor adjustments to Parser in order to mitigate slowdown with async
3369         function parsing enabled:
3370
3371           - Tokenize "async" as a keyword
3372           - Perform less branching in various areas of the Parser
3373
3374         * parser/Keywords.table:
3375         * parser/Parser.cpp:
3376         (JSC::Parser<LexerType>::parseStatementListItem):
3377         (JSC::Parser<LexerType>::parseStatement):
3378         (JSC::Parser<LexerType>::maybeParseAsyncFunctionDeclarationStatement):
3379         (JSC::Parser<LexerType>::parseClass):
3380         (JSC::Parser<LexerType>::parseExportDeclaration):
3381         (JSC::Parser<LexerType>::parseAssignmentExpression):
3382         (JSC::Parser<LexerType>::parseProperty):
3383         (JSC::Parser<LexerType>::createResolveAndUseVariable):
3384         (JSC::Parser<LexerType>::parsePrimaryExpression):
3385         (JSC::Parser<LexerType>::parseMemberExpression):
3386         (JSC::Parser<LexerType>::printUnexpectedTokenText):
3387         * parser/Parser.h:
3388         (JSC::isAnyContextualKeyword):
3389        &nb