2015-11-03 Geoffrey Garen <ggaren@apple.com>
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
2
3         Web Inspector: Remove duplication among ScriptDebugServer subclasses
4         https://bugs.webkit.org/show_bug.cgi?id=150860
5
6         Reviewed by Timothy Hatcher.
7
8         ScriptDebugServer expects a list of listeners to dispatch events to.
9         However each of its subclasses had their own implementation of the
10         list because of different handling when the first was added or when
11         the last was removed. Extract common code into ScriptDebugServer
12         which simplifies things.
13
14         Subclasses now only implement a virtual methods "attachDebugger"
15         and "detachDebugger" which is the unique work done when the first
16         listener is added or last is removed.
17
18         * inspector/JSGlobalObjectScriptDebugServer.cpp:
19         (Inspector::JSGlobalObjectScriptDebugServer::attachDebugger):
20         (Inspector::JSGlobalObjectScriptDebugServer::detachDebugger):
21         (Inspector::JSGlobalObjectScriptDebugServer::addListener): Deleted.
22         (Inspector::JSGlobalObjectScriptDebugServer::removeListener): Deleted.
23         * inspector/JSGlobalObjectScriptDebugServer.h:
24         * inspector/ScriptDebugServer.cpp:
25         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
26         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
27         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
28         (Inspector::ScriptDebugServer::sourceParsed):
29         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
30         (Inspector::ScriptDebugServer::addListener):
31         (Inspector::ScriptDebugServer::removeListener):
32         * inspector/ScriptDebugServer.h:
33         * inspector/agents/InspectorDebuggerAgent.cpp:
34         (Inspector::InspectorDebuggerAgent::enable):
35         (Inspector::InspectorDebuggerAgent::disable):
36         * inspector/agents/InspectorDebuggerAgent.h:
37         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
38         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer): Deleted.
39         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer): Deleted.
40         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
41
42         * inspector/ScriptDebugListener.h:
43         (Inspector::ScriptDebugListener::Script::Script):
44         Drive-by convert Script to a struct, it has public fields and is used as such.
45
46 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
47
48         B3::LowerToAir should recognize Neg (i.e. Sub($0, value))
49         https://bugs.webkit.org/show_bug.cgi?id=150759
50
51         Reviewed by Benjamin Poulain.
52
53         Adds various forms of Sub(0, value) and compiles them as Neg. Also fixes a bug in
54         StoreSubLoad. This bug was correctness-benign, so I couldn't add a test for it.
55
56         * b3/B3LowerToAir.cpp:
57         (JSC::B3::Air::LowerToAir::immOrTmp):
58         (JSC::B3::Air::LowerToAir::appendUnOp):
59         (JSC::B3::Air::LowerToAir::appendBinOp):
60         (JSC::B3::Air::LowerToAir::tryAppendStoreUnOp):
61         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
62         (JSC::B3::Air::LowerToAir::trySub):
63         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
64         * b3/B3LoweringMatcher.patterns:
65         * b3/air/AirOpcode.opcodes:
66         * b3/testb3.cpp:
67         (JSC::B3::testAdd1Ptr):
68         (JSC::B3::testNeg32):
69         (JSC::B3::testNegPtr):
70         (JSC::B3::testStoreAddLoad):
71         (JSC::B3::testStoreAddAndLoad):
72         (JSC::B3::testStoreNegLoad32):
73         (JSC::B3::testStoreNegLoadPtr):
74         (JSC::B3::testAdd1Uncommuted):
75         (JSC::B3::run):
76
77 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
78
79         B3::Values that have effects should allow specification of custom HeapRanges
80         https://bugs.webkit.org/show_bug.cgi?id=150535
81
82         Reviewed by Benjamin Poulain.
83
84         Add a Effects field to calls and patchpoints. Add a HeapRange to MemoryValues.
85
86         In the process, I created a class for the CCall opcode, so that it has somewhere to put
87         the Effects field.
88
89         While doing this, I realized that we didn't have a good way of ensuring that an opcode
90         that requires a specific subclass was actually created with that subclass. So, I added
91         assertions for this.
92
93         * CMakeLists.txt:
94         * JavaScriptCore.xcodeproj/project.pbxproj:
95         * b3/B3ArgumentRegValue.h:
96         * b3/B3CCallValue.cpp: Added.
97         * b3/B3CCallValue.h: Added.
98         * b3/B3CheckValue.h:
99         * b3/B3Const32Value.h:
100         * b3/B3Const64Value.h:
101         * b3/B3ConstDoubleValue.h:
102         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
103         * b3/B3ControlValue.h:
104         * b3/B3Effects.h:
105         (JSC::B3::Effects::forCall):
106         (JSC::B3::Effects::mustExecute):
107         * b3/B3MemoryValue.h:
108         * b3/B3PatchpointValue.h:
109         * b3/B3StackSlotValue.h:
110         * b3/B3UpsilonValue.h:
111         * b3/B3Value.cpp:
112         (JSC::B3::Value::effects):
113         (JSC::B3::Value::dumpMeta):
114         (JSC::B3::Value::checkOpcode):
115         (JSC::B3::Value::typeFor):
116         * b3/B3Value.h:
117
118 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
119
120         B3::Stackmap should be a superclass of B3::PatchpointValue and B3::CheckValue rather than being one of their members
121         https://bugs.webkit.org/show_bug.cgi?id=150831
122
123         Rubber stamped by Benjamin Poulain.
124
125         Previously, Stackmap was a value that PatchpointValue and CheckValue would hold as a field.
126         We'd have convenient ways of getting this field, like via Value::stackmap(). But this was a
127         bit ridiculous, since Stackmap is logically just a common supertype for Patchpointvalue and
128         CheckValue. This patch makes this reality by replacing Stackmap with StackmapValue. This makes
129         the code a lot more reasonable.
130
131         I also needed to make dumping a bit more customizable, so I changed dumpMeta() to take a
132         CommaPrinter&. This gives subclasses better control over whether or not to emit a comma. Also
133         it's now possible for subclasses of Value to customize how children are printed. StackmapValue
134         uses this to print the children and their reps together like:
135
136             Int32 @2 = Patchpoint(@0:SomeRegister, @1:SomeRegister, generator = 0x1107ec010, clobbered = [], usedRegisters = [], ExitsSideways|ControlDependent|Writes:Top|Reads:Top)
137
138         This has no behavior change, it's just a big refactoring. You can see how much simpler this
139         makes things by looking at the testSimplePatchpoint() test.
140
141         * CMakeLists.txt:
142         * JavaScriptCore.xcodeproj/project.pbxproj:
143         * b3/B3ArgumentRegValue.cpp:
144         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
145         (JSC::B3::ArgumentRegValue::dumpMeta):
146         * b3/B3ArgumentRegValue.h:
147         * b3/B3CheckSpecial.cpp:
148         (JSC::B3::CheckSpecial::generate):
149         * b3/B3CheckValue.cpp:
150         (JSC::B3::CheckValue::~CheckValue):
151         (JSC::B3::CheckValue::CheckValue):
152         (JSC::B3::CheckValue::dumpMeta): Deleted.
153         * b3/B3CheckValue.h:
154         (JSC::B3::CheckValue::accepts):
155         * b3/B3Const32Value.cpp:
156         (JSC::B3::Const32Value::notEqualConstant):
157         (JSC::B3::Const32Value::dumpMeta):
158         * b3/B3Const32Value.h:
159         * b3/B3Const64Value.cpp:
160         (JSC::B3::Const64Value::notEqualConstant):
161         (JSC::B3::Const64Value::dumpMeta):
162         * b3/B3Const64Value.h:
163         * b3/B3ConstDoubleValue.cpp:
164         (JSC::B3::ConstDoubleValue::notEqualConstant):
165         (JSC::B3::ConstDoubleValue::dumpMeta):
166         * b3/B3ConstDoubleValue.h:
167         * b3/B3ConstrainedValue.cpp: Added.
168         (JSC::B3::ConstrainedValue::dump):
169         * b3/B3ConstrainedValue.h: Added.
170         (JSC::B3::ConstrainedValue::ConstrainedValue):
171         (JSC::B3::ConstrainedValue::operator bool):
172         (JSC::B3::ConstrainedValue::value):
173         (JSC::B3::ConstrainedValue::rep):
174         * b3/B3ControlValue.cpp:
175         (JSC::B3::ControlValue::convertToJump):
176         (JSC::B3::ControlValue::dumpMeta):
177         * b3/B3ControlValue.h:
178         * b3/B3LowerToAir.cpp:
179         (JSC::B3::Air::LowerToAir::tryPatchpoint):
180         * b3/B3MemoryValue.cpp:
181         (JSC::B3::MemoryValue::accessByteSize):
182         (JSC::B3::MemoryValue::dumpMeta):
183         * b3/B3MemoryValue.h:
184         * b3/B3PatchpointSpecial.cpp:
185         (JSC::B3::PatchpointSpecial::generate):
186         * b3/B3PatchpointValue.cpp:
187         (JSC::B3::PatchpointValue::~PatchpointValue):
188         (JSC::B3::PatchpointValue::PatchpointValue):
189         (JSC::B3::PatchpointValue::dumpMeta): Deleted.
190         * b3/B3PatchpointValue.h:
191         (JSC::B3::PatchpointValue::accepts):
192         * b3/B3StackSlotValue.cpp:
193         (JSC::B3::StackSlotValue::~StackSlotValue):
194         (JSC::B3::StackSlotValue::dumpMeta):
195         * b3/B3StackSlotValue.h:
196         * b3/B3Stackmap.cpp: Removed.
197         * b3/B3Stackmap.h: Removed.
198         * b3/B3StackmapSpecial.cpp:
199         (JSC::B3::StackmapSpecial::reportUsedRegisters):
200         (JSC::B3::StackmapSpecial::extraClobberedRegs):
201         (JSC::B3::StackmapSpecial::forEachArgImpl):
202         (JSC::B3::StackmapSpecial::isValidImpl):
203         (JSC::B3::StackmapSpecial::admitsStackImpl):
204         * b3/B3StackmapSpecial.h:
205         * b3/B3StackmapValue.cpp: Added.
206         (JSC::B3::StackmapValue::~StackmapValue):
207         (JSC::B3::StackmapValue::append):
208         (JSC::B3::StackmapValue::setConstrainedChild):
209         (JSC::B3::StackmapValue::setConstraint):
210         (JSC::B3::StackmapValue::dumpChildren):
211         (JSC::B3::StackmapValue::dumpMeta):
212         (JSC::B3::StackmapValue::StackmapValue):
213         * b3/B3StackmapValue.h: Added.
214         * b3/B3SwitchValue.cpp:
215         (JSC::B3::SwitchValue::appendCase):
216         (JSC::B3::SwitchValue::dumpMeta):
217         (JSC::B3::SwitchValue::SwitchValue):
218         * b3/B3SwitchValue.h:
219         * b3/B3UpsilonValue.cpp:
220         (JSC::B3::UpsilonValue::~UpsilonValue):
221         (JSC::B3::UpsilonValue::dumpMeta):
222         * b3/B3UpsilonValue.h:
223         * b3/B3Validate.cpp:
224         * b3/B3Value.cpp:
225         (JSC::B3::Value::dump):
226         (JSC::B3::Value::dumpChildren):
227         (JSC::B3::Value::deepDump):
228         (JSC::B3::Value::performSubstitution):
229         (JSC::B3::Value::dumpMeta):
230         * b3/B3Value.h:
231         * b3/B3ValueInlines.h:
232         (JSC::B3::Value::asNumber):
233         (JSC::B3::Value::stackmap): Deleted.
234         * b3/B3ValueRep.h:
235         (JSC::B3::ValueRep::kind):
236         (JSC::B3::ValueRep::operator==):
237         (JSC::B3::ValueRep::operator!=):
238         (JSC::B3::ValueRep::operator bool):
239         (JSC::B3::ValueRep::isAny):
240         * b3/air/AirInstInlines.h:
241         * b3/testb3.cpp:
242         (JSC::B3::testSimplePatchpoint):
243
244 2015-11-03  Benjamin Poulain  <bpoulain@apple.com>
245
246         [JSC] Add Air lowering for BitOr and impove BitAnd
247         https://bugs.webkit.org/show_bug.cgi?id=150827
248
249         Reviewed by Filip Pizlo.
250
251         In this patch:
252         -B3 to Air lowering for BirOr.
253         -Codegen for BitOr.
254         -Strength reduction for BitOr and BitAnd.
255         -Tests for BitAnd and BitOr.
256         -Bug fix: Move64 with a negative value was destroying the top bits.
257
258         * b3/B3Const32Value.cpp:
259         (JSC::B3::Const32Value::bitAndConstant):
260         (JSC::B3::Const32Value::bitOrConstant):
261         * b3/B3Const32Value.h:
262         * b3/B3Const64Value.cpp:
263         (JSC::B3::Const64Value::bitAndConstant):
264         (JSC::B3::Const64Value::bitOrConstant):
265         * b3/B3Const64Value.h:
266         * b3/B3LowerToAir.cpp:
267         (JSC::B3::Air::LowerToAir::immForMove):
268         (JSC::B3::Air::LowerToAir::immOrTmpForMove):
269         (JSC::B3::Air::LowerToAir::tryOr):
270         (JSC::B3::Air::LowerToAir::tryConst64):
271         (JSC::B3::Air::LowerToAir::tryUpsilon):
272         (JSC::B3::Air::LowerToAir::tryIdentity):
273         (JSC::B3::Air::LowerToAir::tryReturn):
274         (JSC::B3::Air::LowerToAir::immOrTmp): Deleted.
275         * b3/B3LoweringMatcher.patterns:
276         * b3/B3ReduceStrength.cpp:
277         * b3/B3Value.cpp:
278         (JSC::B3::Value::bitAndConstant):
279         (JSC::B3::Value::bitOrConstant):
280         * b3/B3Value.h:
281         * b3/air/AirOpcode.opcodes:
282         * b3/testb3.cpp:
283         (JSC::B3::testReturnConst64):
284         (JSC::B3::testBitAndArgs):
285         (JSC::B3::testBitAndSameArg):
286         (JSC::B3::testBitAndImms):
287         (JSC::B3::testBitAndArgImm):
288         (JSC::B3::testBitAndImmArg):
289         (JSC::B3::testBitAndBitAndArgImmImm):
290         (JSC::B3::testBitAndImmBitAndArgImm):
291         (JSC::B3::testBitAndArgs32):
292         (JSC::B3::testBitAndSameArg32):
293         (JSC::B3::testBitAndImms32):
294         (JSC::B3::testBitAndArgImm32):
295         (JSC::B3::testBitAndImmArg32):
296         (JSC::B3::testBitAndBitAndArgImmImm32):
297         (JSC::B3::testBitAndImmBitAndArgImm32):
298         (JSC::B3::testBitOrArgs):
299         (JSC::B3::testBitOrSameArg):
300         (JSC::B3::testBitOrImms):
301         (JSC::B3::testBitOrArgImm):
302         (JSC::B3::testBitOrImmArg):
303         (JSC::B3::testBitOrBitOrArgImmImm):
304         (JSC::B3::testBitOrImmBitOrArgImm):
305         (JSC::B3::testBitOrArgs32):
306         (JSC::B3::testBitOrSameArg32):
307         (JSC::B3::testBitOrImms32):
308         (JSC::B3::testBitOrArgImm32):
309         (JSC::B3::testBitOrImmArg32):
310         (JSC::B3::testBitOrBitOrArgImmImm32):
311         (JSC::B3::testBitOrImmBitOrArgImm32):
312         (JSC::B3::run):
313
314 2015-11-03  Saam barati  <sbarati@apple.com>
315
316         Rewrite "const" as "var" for iTunes/iBooks on the Mac
317         https://bugs.webkit.org/show_bug.cgi?id=150852
318
319         Reviewed by Geoffrey Garen.
320
321         VM now has a setting indicating if we should treat
322         "const" variables as "var" to more closely match
323         JSC's previous implementation of "const" before ES6.
324
325         * parser/Parser.h:
326         (JSC::Parser::next):
327         (JSC::Parser::nextExpectIdentifier):
328         * runtime/VM.h:
329         (JSC::VM::setShouldRewriteConstAsVar):
330         (JSC::VM::shouldRewriteConstAsVar):
331
332 2015-11-03  Mark Lam  <mark.lam@apple.com>
333
334         Fix some inefficiencies in the baseline usage of JITAddGenerator.
335         https://bugs.webkit.org/show_bug.cgi?id=150850
336
337         Reviewed by Michael Saboff.
338
339         1. emit_op_add() was loading the operands twice.  Removed the redundant load.
340         2. The snippet may decide that it wants to go the slow path route all the time.
341            In that case, emit_op_add will end up emitting a branch to an out of line
342            slow path followed by some dead code to store the result of the fast path
343            on to the stack.
344            We now check if the snippet determined that there's no fast path, and just
345            emit the slow path inline, and skip the dead store of the fast path result.
346
347         * jit/JITArithmetic.cpp:
348         (JSC::JIT::emit_op_add):
349
350 2015-11-03  Filip Pizlo  <fpizlo@apple.com>
351
352         B3::LowerToAir should do copy propagation
353         https://bugs.webkit.org/show_bug.cgi?id=150775
354
355         Reviewed by Geoffrey Garen.
356
357         What we are trying to do is remove the unnecessary Move's and Move32's from Trunc and ZExt32.
358         You could think of this as an Air optimization, and indeed, Air is powerful enough that we
359         could write a phase that does copy propagation through Move's and Move32's. For Move32's it
360         would only copy-propagate if it proved that the value was already zero-extended. We could
361         know this by just adding a Def32 role to Air.
362
363         But this patch takes a different approach: we ensure that we don't generate such redundant
364         Move's and Move32's to begin with. The reason is that it's much cheaper to do analysis over
365         B3 than over Air. So, whenever possible, and optimization should be implemented in B3. In
366         this case the optimization can't quite be implemented in B3 because you cannot remove a Trunc
367         or ZExt32 without violating the B3 type system. So, the best place to do this optimization is
368         during lowering: we can use B3 for our analysis and we can use Air to express the
369         transformation.
370
371         Copy propagating during B3->Air lowering is natural because we are creating "SSA-like" Tmps
372         from the B3 Values. They are SSA-like in the sense that except the tmp for a Phi, we know
373         that the Tmp will be assigned once and that the assignment will dominate all uses. So, if we
374         see an operation like Trunc that is semantically just a Move, we can skip the Move and just
375         claim that the Trunc has the same Tmp as its child. We do something similar for ZExt32,
376         except with that one we have to analyze IR to ensure that the value will actually be zero
377         extended. Note that this kind of reasoning about how Tmps work in Air is only possible in the
378         B3->Air lowering, since at that point we know for sure which Tmps behave this way. If we
379         wanted to do anything like this as a later Air phase, we'd have to do more analysis to first
380         prove that Tmps behave in this way.
381
382         * b3/B3LowerToAir.cpp:
383         (JSC::B3::Air::LowerToAir::run):
384         (JSC::B3::Air::LowerToAir::highBitsAreZero):
385         (JSC::B3::Air::LowerToAir::shouldCopyPropagate):
386         (JSC::B3::Air::LowerToAir::tmp):
387         (JSC::B3::Air::LowerToAir::tryStore):
388         (JSC::B3::Air::LowerToAir::tryTrunc):
389         (JSC::B3::Air::LowerToAir::tryZExt32):
390         (JSC::B3::Air::LowerToAir::tryIdentity):
391         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg): Deleted.
392         * b3/B3LoweringMatcher.patterns:
393
394 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
395
396         Web Inspector: Move ScriptDebugServer::Task to WorkerScriptDebugServer where it is actually used
397         https://bugs.webkit.org/show_bug.cgi?id=150847
398
399         Reviewed by Timothy Hatcher.
400
401         * inspector/ScriptDebugServer.h:
402         Remove Task from here, it isn't needed in the general case.
403
404         * parser/SourceProvider.h:
405         Remove unimplemented method.
406
407 2015-11-03  Joseph Pecoraro  <pecoraro@apple.com>
408
409         Web Inspector: Handle or Remove ParseHTML Timeline Event Records
410         https://bugs.webkit.org/show_bug.cgi?id=150689
411
412         Reviewed by Timothy Hatcher.
413
414         * inspector/protocol/Timeline.json:
415
416 2015-11-03  Michael Saboff  <msaboff@apple.com>
417
418         Rename InlineCallFrame:: getCallerSkippingDeadFrames to something more descriptive
419         https://bugs.webkit.org/show_bug.cgi?id=150832
420
421         Reviewed by Geoffrey Garen.
422
423         Renamed InlineCallFrame::getCallerSkippingDeadFrames() to getCallerSkippingTailCalls().
424         Did similar renaming to helper InlineCallFrame::computeCallerSkippingTailCalls() and
425         InlineCallFrame::getCallerInlineFrameSkippingTailCalls().
426
427         * bytecode/InlineCallFrame.h:
428         (JSC::InlineCallFrame::computeCallerSkippingTailCalls):
429         (JSC::InlineCallFrame::getCallerSkippingTailCalls):
430         (JSC::InlineCallFrame::getCallerInlineFrameSkippingTailCalls):
431         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames): Deleted.
432         (JSC::InlineCallFrame::getCallerSkippingDeadFrames): Deleted.
433         (JSC::InlineCallFrame::getCallerInlineFrameSkippingDeadFrames): Deleted.
434         * dfg/DFGByteCodeParser.cpp:
435         (JSC::DFG::ByteCodeParser::allInlineFramesAreTailCalls):
436         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
437         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
438         * dfg/DFGGraph.cpp:
439         (JSC::DFG::Graph::isLiveInBytecode):
440         * dfg/DFGGraph.h:
441         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
442         * dfg/DFGOSRExitCompilerCommon.cpp:
443         (JSC::DFG::reifyInlinedCallFrames):
444         * dfg/DFGPreciseLocalClobberize.h:
445         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
446         * dfg/DFGSpeculativeJIT32_64.cpp:
447         (JSC::DFG::SpeculativeJIT::emitCall):
448         * dfg/DFGSpeculativeJIT64.cpp:
449         (JSC::DFG::SpeculativeJIT::emitCall):
450         * ftl/FTLLowerDFGToLLVM.cpp:
451         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
452         * interpreter/StackVisitor.cpp:
453         (JSC::StackVisitor::gotoNextFrame):
454
455 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
456
457         B3/Air should use bubble sort for their insertion sets, because it's faster than std::stable_sort
458         https://bugs.webkit.org/show_bug.cgi?id=150828
459
460         Reviewed by Geoffrey Garen.
461
462         Undo the 2% compile time regression caused by http://trac.webkit.org/changeset/191913.
463
464         * b3/B3InsertionSet.cpp:
465         (JSC::B3::InsertionSet::execute): Switch to bubble sort.
466         * b3/air/AirInsertionSet.cpp:
467         (JSC::B3::Air::InsertionSet::execute): Switch to bubble sort.
468         * dfg/DFGBlockInsertionSet.cpp:
469         (JSC::DFG::BlockInsertionSet::execute): Switch back to quicksort.
470
471 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
472
473         Unreviewed, partially revert r191952.
474
475         Removed GCC compiler workarounds (unreachable returns).
476
477         * b3/B3Type.h:
478         (JSC::B3::sizeofType):
479         * b3/air/AirArg.h:
480         (JSC::B3::Air::Arg::isUse):
481         (JSC::B3::Air::Arg::isDef):
482         (JSC::B3::Air::Arg::isGP):
483         (JSC::B3::Air::Arg::isFP):
484         (JSC::B3::Air::Arg::isType):
485         * b3/air/AirCode.h:
486         (JSC::B3::Air::Code::newTmp):
487         (JSC::B3::Air::Code::numTmps):
488
489 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
490
491         Fix the ENABLE(B3_JIT) build on Linux
492         https://bugs.webkit.org/show_bug.cgi?id=150794
493
494         Reviewed by Darin Adler.
495
496         * CMakeLists.txt:
497         * b3/B3HeapRange.h:
498         * b3/B3IndexSet.h:
499         (JSC::B3::IndexSet::Iterable::iterator::operator++):
500         * b3/B3Type.h:
501         (JSC::B3::sizeofType):
502         * b3/air/AirArg.cpp:
503         (JSC::B3::Air::Arg::dump):
504         * b3/air/AirArg.h:
505         (JSC::B3::Air::Arg::isUse):
506         (JSC::B3::Air::Arg::isDef):
507         (JSC::B3::Air::Arg::isGP):
508         (JSC::B3::Air::Arg::isFP):
509         (JSC::B3::Air::Arg::isType):
510         * b3/air/AirCode.h:
511         (JSC::B3::Air::Code::newTmp):
512         (JSC::B3::Air::Code::numTmps):
513         * b3/air/AirSpecial.cpp:
514
515 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
516
517         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
518         https://bugs.webkit.org/show_bug.cgi?id=150793
519
520         Reviewed by Darin Adler.
521
522         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
523         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
524         the ifdef in parseAssignmentExpression.
525         This prevents functionality of parsing arrow function syntax.
526
527         * parser/Lexer.cpp:
528         (JSC::Lexer<T>::lex):
529         * parser/Parser.cpp:
530         (JSC::Parser<LexerType>::parseInner): Deleted.
531         * parser/Parser.h:
532         (JSC::Parser::isArrowFunctionParamters): Deleted.
533         * parser/ParserTokens.h:
534
535 2015-11-02  Michael Saboff  <msaboff@apple.com>
536
537         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
538         https://bugs.webkit.org/show_bug.cgi?id=150745
539
540         Reviewed by Geoffrey Garen.
541
542         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
543         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
544         type of the true caller, that is the function we'll be returning to.
545
546         This can be found by remembering the last call type we find while walking up the inlined
547         frames in InlineCallFrame::getCallerSkippingDeadFrames().
548
549         We can also return directly back to a getter or setter callsite without using a thunk.
550
551         * bytecode/InlineCallFrame.h:
552         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
553         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
554         * dfg/DFGOSRExitCompilerCommon.cpp:
555         (JSC::DFG::reifyInlinedCallFrames):
556         * jit/JITPropertyAccess.cpp:
557         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
558         for reified inlined frames created during OSR exit. 
559         * jit/ThunkGenerators.cpp:
560         (JSC::baselineGetterReturnThunkGenerator): Deleted.
561         (JSC::baselineSetterReturnThunkGenerator): Deleted.
562         * jit/ThunkGenerators.h:
563
564 2015-11-02  Saam barati  <sbarati@apple.com>
565
566         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
567         https://bugs.webkit.org/show_bug.cgi?id=150760
568
569         Reviewed by Geoffrey Garen.
570
571         This is related to using PhantomLocal instead of Flush as 
572         the liveness preservation mechanism for live catch variables. 
573         I'm temporarily switching things back to Flush. This will be a
574         performance hit for try/catch in the DFG. Landing this patch,
575         though, will allow me to land try/catch in the FTL. It also
576         makes try/catch in the DFG sound. I have opened another
577         bug to further investigate using PhantomLocal as the
578         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
579
580         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
581         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
582         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
583         (assert):
584         (let.oThrow.get f):
585         (let.o2.get f):
586         (foo):
587         (f):
588
589 2015-11-02  Andy Estes  <aestes@apple.com>
590
591         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
592         https://bugs.webkit.org/show_bug.cgi?id=150819
593
594         Reviewed by Dan Bernstein.
595
596         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
597
598         * Configurations/Base.xcconfig:
599
600 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
601
602         [Win] MiniBrowser unable to use WebInspector
603         https://bugs.webkit.org/show_bug.cgi?id=150810
604         <rdar://problem/23358514>
605
606         Reviewed by Timothy Hatcher.
607
608         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
609         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
610         parsing error in the JS file.
611         
612         The solution was to switch from using "COMMAND echo" to use the more cross-platform
613         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
614         escaping properly on all platforms.
615
616         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
617
618 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
619
620         B3 should be able to compile a Patchpoint
621         https://bugs.webkit.org/show_bug.cgi?id=150750
622
623         Reviewed by Geoffrey Garen.
624
625         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
626         with a B3::PatchpointSpecial.
627
628         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
629         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
630         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
631         otherwise I would have had to write a lot of boilerplate.
632
633         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
634
635         There were a ton of indexing bugs in B3StackmapSpecial.
636
637         The spiller was broken in case the Def was not the last Arg, since it was adding things
638         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
639         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
640         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
641         order insertions as a rare case. I think that we don't really need to be so paranoid.
642         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
643         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
644         used sort, which is slightly wrong.
645
646         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
647
648         * b3/B3InsertionSet.cpp:
649         (JSC::B3::InsertionSet::execute):
650         * b3/B3LowerToAir.cpp:
651         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
652         (JSC::B3::Air::LowerToAir::appendStore):
653         (JSC::B3::Air::LowerToAir::moveForType):
654         (JSC::B3::Air::LowerToAir::append):
655         (JSC::B3::Air::LowerToAir::ensureSpecial):
656         (JSC::B3::Air::LowerToAir::tryStore):
657         (JSC::B3::Air::LowerToAir::tryStackSlot):
658         (JSC::B3::Air::LowerToAir::tryPatchpoint):
659         (JSC::B3::Air::LowerToAir::tryUpsilon):
660         * b3/B3LoweringMatcher.patterns:
661         * b3/B3PatchpointValue.h:
662         (JSC::B3::PatchpointValue::accepts): Deleted.
663         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
664         * b3/B3Stackmap.h:
665         (JSC::B3::Stackmap::constrain):
666         (JSC::B3::Stackmap::appendConstraint):
667         (JSC::B3::Stackmap::reps):
668         (JSC::B3::Stackmap::clobber):
669         * b3/B3StackmapSpecial.cpp:
670         (JSC::B3::StackmapSpecial::forEachArgImpl):
671         (JSC::B3::StackmapSpecial::isValidImpl):
672         * b3/B3Value.h:
673         * b3/B3ValueRep.h:
674         (JSC::B3::ValueRep::ValueRep):
675         (JSC::B3::ValueRep::reg):
676         (JSC::B3::ValueRep::operator bool):
677         (JSC::B3::ValueRep::isAny):
678         (JSC::B3::ValueRep::isSomeRegister):
679         (JSC::B3::ValueRep::isReg):
680         (JSC::B3::ValueRep::isGPR):
681         (JSC::B3::ValueRep::isFPR):
682         (JSC::B3::ValueRep::gpr):
683         (JSC::B3::ValueRep::fpr):
684         (JSC::B3::ValueRep::isStack):
685         (JSC::B3::ValueRep::offsetFromFP):
686         (JSC::B3::ValueRep::isStackArgument):
687         (JSC::B3::ValueRep::offsetFromSP):
688         (JSC::B3::ValueRep::isConstant):
689         (JSC::B3::ValueRep::value):
690         * b3/air/AirCode.cpp:
691         (JSC::B3::Air::Code::dump):
692         * b3/air/AirInsertionSet.cpp:
693         (JSC::B3::Air::InsertionSet::execute):
694         * b3/testb3.cpp:
695         (JSC::B3::testComplex):
696         (JSC::B3::testSimplePatchpoint):
697         (JSC::B3::run):
698         * dfg/DFGBlockInsertionSet.cpp:
699         (JSC::DFG::BlockInsertionSet::execute):
700
701 2015-11-02  Mark Lam  <mark.lam@apple.com>
702
703         Snippefy op_add for the baseline JIT.
704         https://bugs.webkit.org/show_bug.cgi?id=150129
705
706         Reviewed by Geoffrey Garen and Saam Barati.
707
708         Performance is neutral for both 32-bit and 64-bit on X86_64.
709
710         * CMakeLists.txt:
711         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
712         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
713         * JavaScriptCore.xcodeproj/project.pbxproj:
714         * jit/JIT.h:
715         (JSC::JIT::getOperandConstantInt):
716         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
717           because the snippet needs it.
718
719         * jit/JITAddGenerator.cpp: Added.
720         (JSC::JITAddGenerator::generateFastPath):
721         * jit/JITAddGenerator.h: Added.
722         (JSC::JITAddGenerator::JITAddGenerator):
723         (JSC::JITAddGenerator::endJumpList):
724         (JSC::JITAddGenerator::slowPathJumpList):
725         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
726           is a constant int32_t.  It does not implement an optimization for the case where
727           both operands are constant int32_t.  This is because:
728           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
729           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
730
731           Hence, such an optimization path (for 2 constant int32_t operands) would never
732           be taken, and is why we won't implement it.
733
734         * jit/JITArithmetic.cpp:
735         (JSC::JIT::compileBinaryArithOp):
736         (JSC::JIT::compileBinaryArithOpSlowCase):
737         - Removed op_add cases.  These are no longer used by the op_add emitters.
738
739         (JSC::JIT::emit_op_add):
740         (JSC::JIT::emitSlow_op_add):
741         - Moved out from the JSVALUE64 section to the common section, and reimplemented
742           using the snippet.
743
744         * jit/JITArithmetic32_64.cpp:
745         (JSC::JIT::emitBinaryDoubleOp):
746         (JSC::JIT::emit_op_add): Deleted.
747         (JSC::JIT::emitAdd32Constant): Deleted.
748         (JSC::JIT::emitSlow_op_add): Deleted.
749         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
750           and 64-bit implementations.
751
752         * jit/JITInlines.h:
753         (JSC::JIT::getOperandConstantInt):
754         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
755           because the snippet needs it.
756
757 2015-11-02  Brian Burg  <bburg@apple.com>
758
759         Run sort-Xcode-project-file for the JavaScriptCore project.
760
761         Unreviewed. Many things were out of order following recent B3 commits.
762
763         * JavaScriptCore.xcodeproj/project.pbxproj:
764
765 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
766
767         Rename op_put_getter_setter to op_put_getter_setter_by_id
768         https://bugs.webkit.org/show_bug.cgi?id=150773
769
770         Reviewed by Mark Lam.
771
772         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
773         the other ops' names like op_put_getter_by_id etc.
774
775         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
776
777         * JavaScriptCore.xcodeproj/project.pbxproj:
778         * bytecode/BytecodeList.json:
779         * bytecode/BytecodeUseDef.h:
780         (JSC::computeUsesForBytecodeOffset):
781         (JSC::computeDefsForBytecodeOffset):
782         * bytecode/CodeBlock.cpp:
783         (JSC::CodeBlock::dumpBytecode):
784         * bytecompiler/BytecodeGenerator.cpp:
785         (JSC::BytecodeGenerator::emitPutGetterSetter):
786         * dfg/DFGByteCodeParser.cpp:
787         (JSC::DFG::ByteCodeParser::parseBlock):
788         * dfg/DFGCapabilities.cpp:
789         (JSC::DFG::capabilityLevel):
790         * jit/JIT.cpp:
791         (JSC::JIT::privateCompileMainPass):
792         * jit/JIT.h:
793         * jit/JITPropertyAccess.cpp:
794         (JSC::JIT::emit_op_put_getter_setter_by_id):
795         (JSC::JIT::emit_op_put_getter_setter): Deleted.
796         * jit/JITPropertyAccess32_64.cpp:
797         (JSC::JIT::emit_op_put_getter_setter_by_id):
798         (JSC::JIT::emit_op_put_getter_setter): Deleted.
799         * llint/LLIntSlowPaths.cpp:
800         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
801         * llint/LLIntSlowPaths.h:
802         * llint/LowLevelInterpreter.asm:
803
804 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
805
806         Fix the FTL JIT build with system LLVM on Linux
807         https://bugs.webkit.org/show_bug.cgi?id=150795
808
809         Reviewed by Filip Pizlo.
810
811         * CMakeLists.txt:
812
813 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
814
815         [ES6] Support Generator Syntax
816         https://bugs.webkit.org/show_bug.cgi?id=150769
817
818         Reviewed by Geoffrey Garen.
819
820         This patch implements syntax part of ES6 Generators.
821
822         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
823         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
824         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
825         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
826
827         * Configurations/FeatureDefines.xcconfig:
828         * bytecompiler/NodesCodegen.cpp:
829         (JSC::YieldExprNode::emitBytecode):
830         * parser/ASTBuilder.h:
831         (JSC::ASTBuilder::createYield):
832         * parser/Keywords.table:
833         * parser/NodeConstructors.h:
834         (JSC::YieldExprNode::YieldExprNode):
835         * parser/Nodes.h:
836         * parser/Parser.cpp:
837         (JSC::Parser<LexerType>::Parser):
838         (JSC::Parser<LexerType>::parseInner):
839         (JSC::Parser<LexerType>::parseStatementListItem):
840         (JSC::Parser<LexerType>::parseVariableDeclarationList):
841         (JSC::Parser<LexerType>::parseDestructuringPattern):
842         (JSC::Parser<LexerType>::parseBreakStatement):
843         (JSC::Parser<LexerType>::parseContinueStatement):
844         (JSC::Parser<LexerType>::parseTryStatement):
845         (JSC::Parser<LexerType>::parseStatement):
846         (JSC::stringForFunctionMode):
847         (JSC::Parser<LexerType>::parseFunctionParameters):
848         (JSC::Parser<LexerType>::parseFunctionInfo):
849         (JSC::Parser<LexerType>::parseFunctionDeclaration):
850         (JSC::Parser<LexerType>::parseClass):
851         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
852         (JSC::Parser<LexerType>::parseExportDeclaration):
853         (JSC::Parser<LexerType>::parseAssignmentExpression):
854         (JSC::Parser<LexerType>::parseYieldExpression):
855         (JSC::Parser<LexerType>::parseProperty):
856         (JSC::Parser<LexerType>::parsePropertyMethod):
857         (JSC::Parser<LexerType>::parseGetterSetter):
858         (JSC::Parser<LexerType>::parseFunctionExpression):
859         (JSC::Parser<LexerType>::parsePrimaryExpression):
860         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
861         * parser/Parser.h:
862         (JSC::Scope::Scope):
863         (JSC::Scope::setSourceParseMode):
864         (JSC::Scope::isGenerator):
865         (JSC::Scope::setIsFunction):
866         (JSC::Scope::setIsGenerator):
867         (JSC::Scope::setIsModule):
868         (JSC::Parser::pushScope):
869         (JSC::Parser::isYIELDMaskedAsIDENT):
870         (JSC::Parser::matchSpecIdentifier):
871         (JSC::Parser::saveState):
872         (JSC::Parser::restoreState):
873         * parser/ParserModes.h:
874         (JSC::isFunctionParseMode):
875         (JSC::isModuleParseMode):
876         (JSC::isProgramParseMode):
877         * parser/ParserTokens.h:
878         * parser/SyntaxChecker.h:
879         (JSC::SyntaxChecker::createYield):
880         * tests/stress/generator-methods.js: Added.
881         (Hello.prototype.gen):
882         (Hello.gen):
883         (Hello):
884         (Hello.prototype.set get string_appeared_here):
885         (Hello.string_appeared_here):
886         (Hello.prototype.20):
887         (Hello.20):
888         (Hello.prototype.42):
889         (Hello.42):
890         (let.object.gen):
891         (let.object.set get string_appeared_here):
892         (let.object.20):
893         (let.object.42):
894         * tests/stress/generator-syntax.js: Added.
895         (testSyntax):
896         (testSyntaxError):
897         (testSyntaxError.Hello.prototype.get gen):
898         (testSyntaxError.Hello):
899         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
900         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
901         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
902         (testSyntaxError.value):
903         (testSyntaxError.gen.ng):
904         (testSyntaxError.gen):
905         (testSyntax.gen):
906         * tests/stress/yield-and-line-terminator.js: Added.
907         (testSyntax):
908         (testSyntaxError):
909         (testSyntax.gen):
910         (testSyntaxError.gen):
911         * tests/stress/yield-label-generator.js: Added.
912         (testSyntax):
913         (testSyntaxError):
914         (testSyntaxError.test):
915         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
916         * tests/stress/yield-label.js: Added.
917         (yield):
918         (testSyntaxError):
919         (testSyntaxError.test):
920         * tests/stress/yield-named-accessors-generator.js: Added.
921         (t1.let.object.get yield):
922         (t1.let.object.set yield):
923         (t1):
924         (t2.let.object.get yield):
925         (t2.let.object.set yield):
926         (t2):
927         * tests/stress/yield-named-accessors.js: Added.
928         (t1.let.object.get yield):
929         (t1.let.object.set yield):
930         (t1):
931         (t2.let.object.get yield):
932         (t2.let.object.set yield):
933         (t2):
934         * tests/stress/yield-named-variable-generator.js: Added.
935         (testSyntax):
936         (testSyntaxError):
937         (testSyntaxError.t1):
938         (testSyntaxError.t1.yield):
939         (testSyntax.t1.yield):
940         (testSyntax.t1):
941         * tests/stress/yield-named-variable.js: Added.
942         (testSyntax):
943         (testSyntaxError):
944         (testSyntax.t1):
945         (testSyntaxError.t1):
946         (testSyntax.t1.yield):
947         (testSyntaxError.t1.yield):
948         * tests/stress/yield-out-of-generator.js: Added.
949         (testSyntax):
950         (testSyntaxError):
951         (testSyntaxError.hello):
952         (testSyntaxError.gen.hello):
953         (testSyntaxError.gen):
954         (testSyntax.gen):
955         (testSyntax.gen.ok):
956         (testSyntaxError.gen.ok):
957
958 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
959
960         Dominators should be factored out of the DFG
961         https://bugs.webkit.org/show_bug.cgi?id=150764
962
963         Reviewed by Geoffrey Garen.
964
965         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
966         DFG:
967
968         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
969            future if we wanted to support inverted dominators, we could do it by just creating a
970            DFG::BackwardCFG.
971
972         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
973            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
974            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
975            the DFG.
976
977         * CMakeLists.txt:
978         * JavaScriptCore.xcodeproj/project.pbxproj:
979         * dfg/DFGAnalysis.h: Removed.
980         * dfg/DFGCFG.h: Added.
981         (JSC::DFG::CFG::CFG):
982         (JSC::DFG::CFG::root):
983         (JSC::DFG::CFG::newMap<T>):
984         (JSC::DFG::CFG::successors):
985         (JSC::DFG::CFG::predecessors):
986         (JSC::DFG::CFG::index):
987         (JSC::DFG::CFG::node):
988         (JSC::DFG::CFG::numNodes):
989         (JSC::DFG::CFG::dump):
990         * dfg/DFGCSEPhase.cpp:
991         * dfg/DFGDisassembler.cpp:
992         (JSC::DFG::Disassembler::createDumpList):
993         * dfg/DFGDominators.cpp: Removed.
994         * dfg/DFGDominators.h:
995         (JSC::DFG::Dominators::Dominators):
996         (JSC::DFG::Dominators::strictlyDominates): Deleted.
997         (JSC::DFG::Dominators::dominates): Deleted.
998         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
999         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
1000         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
1001         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
1002         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
1003         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
1004         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
1005         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
1006         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
1007         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
1008         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
1009         * dfg/DFGEdgeDominates.h:
1010         (JSC::DFG::EdgeDominates::operator()):
1011         * dfg/DFGGraph.cpp:
1012         (JSC::DFG::Graph::Graph):
1013         (JSC::DFG::Graph::dumpBlockHeader):
1014         (JSC::DFG::Graph::invalidateCFG):
1015         (JSC::DFG::Graph::substituteGetLocal):
1016         (JSC::DFG::Graph::handleAssertionFailure):
1017         (JSC::DFG::Graph::ensureDominators):
1018         (JSC::DFG::Graph::ensurePrePostNumbering):
1019         (JSC::DFG::Graph::ensureNaturalLoops):
1020         (JSC::DFG::Graph::valueProfileFor):
1021         * dfg/DFGGraph.h:
1022         (JSC::DFG::Graph::hasDebuggerEnabled):
1023         * dfg/DFGLICMPhase.cpp:
1024         (JSC::DFG::LICMPhase::run):
1025         (JSC::DFG::LICMPhase::attemptHoist):
1026         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1027         (JSC::DFG::createPreHeader):
1028         (JSC::DFG::LoopPreHeaderCreationPhase::run):
1029         * dfg/DFGNaturalLoops.cpp:
1030         (JSC::DFG::NaturalLoop::dump):
1031         (JSC::DFG::NaturalLoops::NaturalLoops):
1032         (JSC::DFG::NaturalLoops::~NaturalLoops):
1033         (JSC::DFG::NaturalLoops::loopsOf):
1034         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
1035         (JSC::DFG::NaturalLoops::compute): Deleted.
1036         * dfg/DFGNaturalLoops.h:
1037         (JSC::DFG::NaturalLoops::numLoops):
1038         * dfg/DFGNode.h:
1039         (JSC::DFG::Node::SuccessorsIterable::end):
1040         (JSC::DFG::Node::SuccessorsIterable::size):
1041         (JSC::DFG::Node::SuccessorsIterable::at):
1042         (JSC::DFG::Node::SuccessorsIterable::operator[]):
1043         * dfg/DFGOSREntrypointCreationPhase.cpp:
1044         (JSC::DFG::OSREntrypointCreationPhase::run):
1045         * dfg/DFGObjectAllocationSinkingPhase.cpp:
1046         * dfg/DFGPlan.cpp:
1047         (JSC::DFG::Plan::compileInThreadImpl):
1048         * dfg/DFGPrePostNumbering.cpp:
1049         (JSC::DFG::PrePostNumbering::PrePostNumbering):
1050         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
1051         (JSC::DFG::PrePostNumbering::compute): Deleted.
1052         * dfg/DFGPrePostNumbering.h:
1053         (JSC::DFG::PrePostNumbering::preNumber):
1054         (JSC::DFG::PrePostNumbering::postNumber):
1055         * dfg/DFGPutStackSinkingPhase.cpp:
1056         * dfg/DFGSSACalculator.cpp:
1057         (JSC::DFG::SSACalculator::nonLocalReachingDef):
1058         (JSC::DFG::SSACalculator::reachingDefAtTail):
1059         * dfg/DFGSSACalculator.h:
1060         (JSC::DFG::SSACalculator::computePhis):
1061         * dfg/DFGSSAConversionPhase.cpp:
1062         (JSC::DFG::SSAConversionPhase::run):
1063         * ftl/FTLLink.cpp:
1064         (JSC::FTL::link):
1065         * ftl/FTLLowerDFGToLLVM.cpp:
1066         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
1067         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
1068         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
1069
1070 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1071
1072         B3::reduceStrength's DCE should be more agro and less wrong
1073         https://bugs.webkit.org/show_bug.cgi?id=150748
1074
1075         Reviewed by Geoffrey Garen.
1076
1077         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
1078         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
1079         cycles. It was also probably slower than it needed to be, since it would eliminate all
1080         never-referenced things on each fixpoint.
1081
1082         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
1083         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
1084         Upsilons, it's a fixpoint. It works fine in the end.
1085
1086         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
1087         writing as a compile time benchmark. So, I include that test in this change. I also include
1088         the small lowering extensions that it needed - shifting and zero extending.
1089
1090         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
1091         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
1092         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
1093         close once we give B3 a register allocator, but still, that's pretty good news for our B3
1094         strategy.
1095
1096         * JavaScriptCore.xcodeproj/project.pbxproj:
1097         * assembler/MacroAssemblerX86_64.h:
1098         (JSC::MacroAssemblerX86_64::lshift64):
1099         (JSC::MacroAssemblerX86_64::rshift64):
1100         * assembler/X86Assembler.h:
1101         (JSC::X86Assembler::shlq_i8r):
1102         (JSC::X86Assembler::shlq_CLr):
1103         (JSC::X86Assembler::imull_rr):
1104         * b3/B3BasicBlock.cpp:
1105         (JSC::B3::BasicBlock::replacePredecessor):
1106         (JSC::B3::BasicBlock::dump):
1107         (JSC::B3::BasicBlock::removeNops): Deleted.
1108         * b3/B3BasicBlock.h:
1109         (JSC::B3::BasicBlock::frequency):
1110         * b3/B3Common.cpp:
1111         (JSC::B3::shouldSaveIRBeforePhase):
1112         (JSC::B3::shouldMeasurePhaseTiming):
1113         * b3/B3Common.h:
1114         (JSC::B3::isRepresentableAsImpl):
1115         * b3/B3Generate.cpp:
1116         (JSC::B3::generate):
1117         (JSC::B3::generateToAir):
1118         * b3/B3LowerToAir.cpp:
1119         (JSC::B3::Air::LowerToAir::tryAnd):
1120         (JSC::B3::Air::LowerToAir::tryShl):
1121         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1122         (JSC::B3::Air::LowerToAir::tryTrunc):
1123         (JSC::B3::Air::LowerToAir::tryZExt32):
1124         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1125         * b3/B3LoweringMatcher.patterns:
1126         * b3/B3PhaseScope.cpp:
1127         (JSC::B3::PhaseScope::PhaseScope):
1128         * b3/B3PhaseScope.h:
1129         * b3/B3ReduceStrength.cpp:
1130         * b3/B3TimingScope.cpp: Added.
1131         (JSC::B3::TimingScope::TimingScope):
1132         (JSC::B3::TimingScope::~TimingScope):
1133         * b3/B3TimingScope.h: Added.
1134         * b3/B3Validate.cpp:
1135         * b3/air/AirAllocateStack.cpp:
1136         (JSC::B3::Air::allocateStack):
1137         * b3/air/AirGenerate.cpp:
1138         (JSC::B3::Air::generate):
1139         * b3/air/AirInstInlines.h:
1140         (JSC::B3::Air::ForEach<Arg>::forEach):
1141         (JSC::B3::Air::Inst::forEach):
1142         (JSC::B3::Air::isLshift32Valid):
1143         (JSC::B3::Air::isLshift64Valid):
1144         * b3/air/AirLiveness.h:
1145         (JSC::B3::Air::Liveness::isAlive):
1146         (JSC::B3::Air::Liveness::Liveness):
1147         (JSC::B3::Air::Liveness::LocalCalc::execute):
1148         * b3/air/AirOpcode.opcodes:
1149         * b3/air/AirPhaseScope.cpp:
1150         (JSC::B3::Air::PhaseScope::PhaseScope):
1151         * b3/air/AirPhaseScope.h:
1152         * b3/testb3.cpp:
1153         (JSC::B3::testBranchEqualFoldPtr):
1154         (JSC::B3::testComplex):
1155         (JSC::B3::run):
1156         * runtime/Options.h:
1157
1158 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
1159
1160         [ES6] Add support for toStringTag
1161         https://bugs.webkit.org/show_bug.cgi?id=150696
1162
1163         Re-landing, as this wasn't the culprit.
1164
1165         * runtime/ArrayIteratorPrototype.cpp:
1166         (JSC::ArrayIteratorPrototype::finishCreation):
1167         * runtime/CommonIdentifiers.h:
1168         * runtime/JSArrayBufferPrototype.cpp:
1169         (JSC::JSArrayBufferPrototype::finishCreation):
1170         (JSC::JSArrayBufferPrototype::create):
1171         * runtime/JSDataViewPrototype.cpp:
1172         (JSC::JSDataViewPrototype::create):
1173         (JSC::JSDataViewPrototype::finishCreation):
1174         (JSC::JSDataViewPrototype::createStructure):
1175         * runtime/JSDataViewPrototype.h:
1176         * runtime/JSModuleNamespaceObject.cpp:
1177         (JSC::JSModuleNamespaceObject::finishCreation):
1178         * runtime/JSONObject.cpp:
1179         (JSC::JSONObject::finishCreation):
1180         * runtime/JSPromisePrototype.cpp:
1181         (JSC::JSPromisePrototype::finishCreation):
1182         (JSC::JSPromisePrototype::getOwnPropertySlot):
1183         * runtime/JSTypedArrayViewPrototype.cpp:
1184         (JSC::typedArrayViewProtoFuncValues):
1185         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1186         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
1187         (JSC::JSTypedArrayViewPrototype::finishCreation):
1188         * runtime/MapIteratorPrototype.cpp:
1189         (JSC::MapIteratorPrototype::finishCreation):
1190         (JSC::MapIteratorPrototypeFuncNext):
1191         * runtime/MapPrototype.cpp:
1192         (JSC::MapPrototype::finishCreation):
1193         * runtime/MathObject.cpp:
1194         (JSC::MathObject::finishCreation):
1195         * runtime/ObjectPrototype.cpp:
1196         (JSC::objectProtoFuncToString):
1197         * runtime/SetIteratorPrototype.cpp:
1198         (JSC::SetIteratorPrototype::finishCreation):
1199         (JSC::SetIteratorPrototypeFuncNext):
1200         * runtime/SetPrototype.cpp:
1201         (JSC::SetPrototype::finishCreation):
1202         * runtime/SmallStrings.cpp:
1203         (JSC::SmallStrings::SmallStrings):
1204         (JSC::SmallStrings::initializeCommonStrings):
1205         (JSC::SmallStrings::visitStrongReferences):
1206         * runtime/SmallStrings.h:
1207         (JSC::SmallStrings::typeString):
1208         (JSC::SmallStrings::objectStringStart):
1209         (JSC::SmallStrings::nullObjectString):
1210         (JSC::SmallStrings::undefinedObjectString):
1211         * runtime/StringIteratorPrototype.cpp:
1212         (JSC::StringIteratorPrototype::finishCreation):
1213         * runtime/SymbolPrototype.cpp:
1214         (JSC::SymbolPrototype::finishCreation):
1215         * runtime/WeakMapPrototype.cpp:
1216         (JSC::WeakMapPrototype::finishCreation):
1217         (JSC::getWeakMapData):
1218         * runtime/WeakSetPrototype.cpp:
1219         (JSC::WeakSetPrototype::finishCreation):
1220         (JSC::getWeakMapData):
1221         * tests/es6.yaml:
1222         * tests/modules/namespace.js:
1223         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
1224
1225 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1226
1227         Unreviewed, rolling out r191815 and r191821.
1228         https://bugs.webkit.org/show_bug.cgi?id=150781
1229
1230         Seems to have broken JSC API tests on some platforms
1231         (Requested by ap on #webkit).
1232
1233         Reverted changesets:
1234
1235         "[ES6] Add support for toStringTag"
1236         https://bugs.webkit.org/show_bug.cgi?id=150696
1237         http://trac.webkit.org/changeset/191815
1238
1239         "Unreviewed, forgot to mark tests as passing for new feature."
1240         http://trac.webkit.org/changeset/191821
1241
1242 2015-11-01  Commit Queue  <commit-queue@webkit.org>
1243
1244         Unreviewed, rolling out r191858.
1245         https://bugs.webkit.org/show_bug.cgi?id=150780
1246
1247         Broke the build (Requested by ap on #webkit).
1248
1249         Reverted changeset:
1250
1251         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
1252         https://bugs.webkit.org/show_bug.cgi?id=150773
1253         http://trac.webkit.org/changeset/191858
1254
1255 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1256
1257         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
1258
1259         * b3/B3LowerToAir.cpp:
1260         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1261
1262 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
1263
1264         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
1265
1266         * b3/B3LowerToAir.cpp:
1267         (JSC::B3::Air::LowerToAir::tryTrunc):
1268
1269 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1270
1271         Rename op_put_getter_setter to op_put_getter_setter_by_id
1272         https://bugs.webkit.org/show_bug.cgi?id=150773
1273
1274         Reviewed by Mark Lam.
1275
1276         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
1277         the other ops' names like op_put_getter_by_id etc.
1278
1279         * bytecode/BytecodeList.json:
1280         * bytecode/BytecodeUseDef.h:
1281         (JSC::computeUsesForBytecodeOffset):
1282         (JSC::computeDefsForBytecodeOffset):
1283         * bytecode/CodeBlock.cpp:
1284         (JSC::CodeBlock::dumpBytecode):
1285         * bytecompiler/BytecodeGenerator.cpp:
1286         (JSC::BytecodeGenerator::emitPutGetterSetter):
1287         * dfg/DFGByteCodeParser.cpp:
1288         (JSC::DFG::ByteCodeParser::parseBlock):
1289         * dfg/DFGCapabilities.cpp:
1290         (JSC::DFG::capabilityLevel):
1291         * jit/JIT.cpp:
1292         (JSC::JIT::privateCompileMainPass):
1293         * jit/JIT.h:
1294         * jit/JITPropertyAccess.cpp:
1295         (JSC::JIT::emit_op_put_getter_setter_by_id):
1296         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1297         * jit/JITPropertyAccess32_64.cpp:
1298         (JSC::JIT::emit_op_put_getter_setter_by_id):
1299         (JSC::JIT::emit_op_put_getter_setter): Deleted.
1300         * llint/LLIntSlowPaths.cpp:
1301         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1302         * llint/LLIntSlowPaths.h:
1303         * llint/LowLevelInterpreter.asm:
1304
1305 2015-10-31  Andreas Kling  <akling@apple.com>
1306
1307         Add a debug overlay with information about web process resource usage.
1308         <https://webkit.org/b/150599>
1309
1310         Reviewed by Darin Adler.
1311
1312         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
1313         WeakBlock objects, keeping them in a single location that can be sampled by the
1314         resource usage overlay thread.
1315
1316         The bulk of these changes is threading a Heap& through from sites where blocks are
1317         allocated or freed.
1318
1319         * heap/CopiedBlock.cpp:
1320         (JSC::CopiedBlock::createNoZeroFill):
1321         (JSC::CopiedBlock::destroy):
1322         (JSC::CopiedBlock::create):
1323         * heap/CopiedBlock.h:
1324         * heap/CopiedSpace.cpp:
1325         (JSC::CopiedSpace::~CopiedSpace):
1326         (JSC::CopiedSpace::tryAllocateOversize):
1327         (JSC::CopiedSpace::tryReallocateOversize):
1328         * heap/CopiedSpaceInlines.h:
1329         (JSC::CopiedSpace::recycleEvacuatedBlock):
1330         (JSC::CopiedSpace::recycleBorrowedBlock):
1331         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1332         (JSC::CopiedSpace::allocateBlock):
1333         (JSC::CopiedSpace::startedCopying):
1334         * heap/Heap.cpp:
1335         (JSC::Heap::~Heap):
1336         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
1337         * heap/Heap.h:
1338         (JSC::Heap::blockBytesAllocated):
1339         * heap/HeapInlines.h:
1340         (JSC::Heap::didAllocateBlock):
1341         (JSC::Heap::didFreeBlock):
1342         * heap/MarkedAllocator.cpp:
1343         (JSC::MarkedAllocator::allocateBlock):
1344         * heap/MarkedBlock.cpp:
1345         (JSC::MarkedBlock::create):
1346         (JSC::MarkedBlock::destroy):
1347         * heap/MarkedBlock.h:
1348         * heap/MarkedSpace.cpp:
1349         (JSC::MarkedSpace::freeBlock):
1350         * heap/WeakBlock.cpp:
1351         (JSC::WeakBlock::create):
1352         (JSC::WeakBlock::destroy):
1353         * heap/WeakBlock.h:
1354         * heap/WeakSet.cpp:
1355         (JSC::WeakSet::~WeakSet):
1356         (JSC::WeakSet::addAllocator):
1357         (JSC::WeakSet::removeAllocator):
1358
1359 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1360
1361         Air should eliminate dead code
1362         https://bugs.webkit.org/show_bug.cgi?id=150746
1363
1364         Reviewed by Geoffrey Garen.
1365
1366         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
1367         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
1368         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
1369         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
1370         runs these rules to fixpoint, and then removes the dead instructions.
1371
1372         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
1373         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
1374         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
1375         checks are all Specials, and the Special base class by default always claims that the
1376         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
1377         exotic math constructs; then the Special associated with that thing would claim that there
1378         are no effects.
1379
1380         * JavaScriptCore.xcodeproj/project.pbxproj:
1381         * b3/air/AirBasicBlock.h:
1382         (JSC::B3::Air::BasicBlock::begin):
1383         (JSC::B3::Air::BasicBlock::end):
1384         (JSC::B3::Air::BasicBlock::at):
1385         (JSC::B3::Air::BasicBlock::last):
1386         (JSC::B3::Air::BasicBlock::resize):
1387         (JSC::B3::Air::BasicBlock::appendInst):
1388         * b3/air/AirEliminateDeadCode.cpp: Added.
1389         (JSC::B3::Air::eliminateDeadCode):
1390         * b3/air/AirEliminateDeadCode.h: Added.
1391         * b3/air/AirGenerate.cpp:
1392         (JSC::B3::Air::generate):
1393         * b3/air/AirInst.h:
1394         * b3/air/AirOpcode.opcodes:
1395         * b3/air/AirSpecial.cpp:
1396         (JSC::B3::Air::Special::name):
1397         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
1398         (JSC::B3::Air::Special::dump):
1399         * b3/air/AirSpecial.h:
1400         * b3/air/opcode_generator.rb:
1401
1402 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
1403
1404         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
1405         https://bugs.webkit.org/show_bug.cgi?id=150511
1406
1407         Reviewed by Saam Barati.
1408
1409         This change adds such a phase. In the process of writing it, I was reminded about the
1410         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
1411
1412         * JavaScriptCore.xcodeproj/project.pbxproj:
1413         * b3/air/AirAllocateStack.cpp:
1414         (JSC::B3::Air::allocateStack):
1415         * b3/air/AirGenerate.cpp:
1416         (JSC::B3::Air::generate):
1417         * b3/air/AirReportUsedRegisters.cpp: Added.
1418         (JSC::B3::Air::reportUsedRegisters):
1419         * b3/air/AirReportUsedRegisters.h: Added.
1420
1421 2015-10-31  Brian Burg  <bburg@apple.com>
1422
1423         Builtins generator should put WebCore-only wrappers in the per-builtin header
1424         https://bugs.webkit.org/show_bug.cgi?id=150539
1425
1426         Reviewed by Youenn Fablet.
1427
1428         If generating for WebCore, put the XXXWrapper and related boilerplate
1429         in the per-builtin header instead of making a separate XXXWrapper.h.
1430
1431         Rebaseline the tests.
1432
1433         * CMakeLists.txt:
1434         * DerivedSources.make:
1435         * Scripts/builtins/builtins.py:
1436         * Scripts/builtins/builtins_generate_separate_header.py:
1437         (BuiltinsSeparateHeaderGenerator.generate_output):
1438         (generate_header_includes):
1439         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
1440         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
1441         * Scripts/generate-js-builtins.py:
1442         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
1443         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
1444         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
1445         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
1446
1447 2015-10-31  Saam barati  <sbarati@apple.com>
1448
1449         JSC should have a forceGCSlowPaths option
1450         https://bugs.webkit.org/show_bug.cgi?id=150744
1451
1452         Reviewed by Filip Pizlo.
1453
1454         This patch implements the forceGCSlowPaths option.
1455         It defaults to false, but when it is set to true,
1456         the JITs will always allocate objects along the slow
1457         path. This will be helpful for writing a certain class
1458         of tests. This may also come in handy for debugging
1459         later.
1460
1461         This patch also adds the "forceGCSlowPaths" function
1462         in jsc.cpp which sets the option to true. If you
1463         use this function in a jsc stress test, it's best
1464         to call it as the first thing in the program before
1465         we JIT anything.
1466
1467         * dfg/DFGSpeculativeJIT.h:
1468         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
1469         * ftl/FTLLowerDFGToLLVM.cpp:
1470         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
1471         * jit/JITInlines.h:
1472         (JSC::JIT::emitAllocateJSObject):
1473         * jsc.cpp:
1474         (GlobalObject::finishCreation):
1475         (functionEdenGC):
1476         (functionForceGCSlowPaths):
1477         (functionHeapSize):
1478         * runtime/Options.h:
1479
1480 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
1481
1482         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
1483         https://bugs.webkit.org/show_bug.cgi?id=150753
1484
1485         Reviewed by Timothy Hatcher.
1486
1487         * parser/Parser.h:
1488         (JSC::Parser<LexerType>::parse):
1489         Only set the directives on the SourceProvider if we were parsing the
1490         entire file (Program or Module), not if we are in function parsing mode.
1491         This was inadvertently clearing the directives stored on the
1492         SourceProvider when the function parse didn't see directives and reset
1493         the values on the source provider.
1494
1495 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1496
1497         [JSC] Add lowering for B3's Sub operation with integers
1498         https://bugs.webkit.org/show_bug.cgi?id=150749
1499
1500         Reviewed by Filip Pizlo.
1501
1502         * b3/B3LowerToAir.cpp:
1503         (JSC::B3::Air::LowerToAir::trySub):
1504         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
1505         * b3/B3LoweringMatcher.patterns:
1506         Identical to Add but obviously NotCommutative.
1507
1508         * b3/B3ReduceStrength.cpp:
1509         Turn Add/Sub with zero into an identity. I only added for
1510         Add since Sub with a constant is always turned into an Add.
1511
1512         Also switched the Sub optimizations to put the strongest first.
1513
1514         * b3/air/AirOpcode.opcodes:
1515         * b3/testb3.cpp:
1516         (JSC::B3::testAddArgImm):
1517         (JSC::B3::testAddImmArg):
1518         (JSC::B3::testSubArgs):
1519         (JSC::B3::testSubArgImm):
1520         (JSC::B3::testSubImmArg):
1521         (JSC::B3::testSubArgs32):
1522         (JSC::B3::testSubArgImm32):
1523         (JSC::B3::testSubImmArg32):
1524         (JSC::B3::testStoreSubLoad):
1525         (JSC::B3::run):
1526
1527 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1528
1529         [JSC] Add the Air Opcode definitions to the Xcode project file
1530         https://bugs.webkit.org/show_bug.cgi?id=150701
1531
1532         Reviewed by Geoffrey Garen.
1533
1534         * JavaScriptCore.xcodeproj/project.pbxproj:
1535         Easier for those who use Xcode :)
1536
1537 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1538
1539         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
1540
1541         * b3/B3ValueRep.h:
1542
1543 2015-10-30  Michael Saboff  <msaboff@apple.com>
1544
1545         Windows X86-64 change for Crash making a tail call from a getter to a host function
1546         https://bugs.webkit.org/show_bug.cgi?id=150737
1547
1548         Reviewed by Geoffrey Garen.
1549
1550         Need to make the same change for Windows X86-64 as was made in change set
1551         http://trac.webkit.org/changeset/191765.
1552
1553         * jit/JITStubsMSVC64.asm:
1554
1555 2015-10-30  Keith Miller  <keith_miller@apple.com>
1556
1557         Unreviewed, forgot to mark tests as passing for new feature.
1558
1559         * tests/es6.yaml:
1560
1561 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1562
1563         B3 should be able to compile a control flow diamond
1564         https://bugs.webkit.org/show_bug.cgi?id=150720
1565
1566         Reviewed by Benjamin Poulain.
1567
1568         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
1569         comparisons and boolean-like operations.
1570
1571         * assembler/MacroAssembler.cpp:
1572         (WTF::printInternal):
1573         * assembler/MacroAssembler.h:
1574         * b3/B3BasicBlockUtils.h:
1575         (JSC::B3::replacePredecessor):
1576         (JSC::B3::resetReachability):
1577         * b3/B3CheckValue.h:
1578         * b3/B3Common.h:
1579         (JSC::B3::isRepresentableAsImpl):
1580         (JSC::B3::isRepresentableAs):
1581         * b3/B3Const32Value.cpp:
1582         (JSC::B3::Const32Value::subConstant):
1583         (JSC::B3::Const32Value::equalConstant):
1584         (JSC::B3::Const32Value::notEqualConstant):
1585         (JSC::B3::Const32Value::dumpMeta):
1586         * b3/B3Const32Value.h:
1587         * b3/B3Const64Value.cpp:
1588         (JSC::B3::Const64Value::subConstant):
1589         (JSC::B3::Const64Value::equalConstant):
1590         (JSC::B3::Const64Value::notEqualConstant):
1591         (JSC::B3::Const64Value::dumpMeta):
1592         * b3/B3Const64Value.h:
1593         * b3/B3ConstDoubleValue.cpp:
1594         (JSC::B3::ConstDoubleValue::subConstant):
1595         (JSC::B3::ConstDoubleValue::equalConstant):
1596         (JSC::B3::ConstDoubleValue::notEqualConstant):
1597         (JSC::B3::ConstDoubleValue::dumpMeta):
1598         * b3/B3ConstDoubleValue.h:
1599         * b3/B3ControlValue.cpp:
1600         (JSC::B3::ControlValue::~ControlValue):
1601         (JSC::B3::ControlValue::convertToJump):
1602         (JSC::B3::ControlValue::dumpMeta):
1603         * b3/B3ControlValue.h:
1604         * b3/B3LowerToAir.cpp:
1605         (JSC::B3::Air::LowerToAir::imm):
1606         (JSC::B3::Air::LowerToAir::tryStackSlot):
1607         (JSC::B3::Air::LowerToAir::tryUpsilon):
1608         (JSC::B3::Air::LowerToAir::tryPhi):
1609         (JSC::B3::Air::LowerToAir::tryBranch):
1610         (JSC::B3::Air::LowerToAir::tryJump):
1611         (JSC::B3::Air::LowerToAir::tryIdentity):
1612         * b3/B3LoweringMatcher.patterns:
1613         * b3/B3Opcode.h:
1614         * b3/B3Procedure.cpp:
1615         (JSC::B3::Procedure::resetReachability):
1616         (JSC::B3::Procedure::dump):
1617         * b3/B3ReduceStrength.cpp:
1618         * b3/B3UpsilonValue.cpp:
1619         (JSC::B3::UpsilonValue::dumpMeta):
1620         * b3/B3UpsilonValue.h:
1621         (JSC::B3::UpsilonValue::accepts): Deleted.
1622         (JSC::B3::UpsilonValue::phi): Deleted.
1623         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
1624         * b3/B3Validate.cpp:
1625         * b3/B3Value.cpp:
1626         (JSC::B3::Value::subConstant):
1627         (JSC::B3::Value::equalConstant):
1628         (JSC::B3::Value::notEqualConstant):
1629         (JSC::B3::Value::returnsBool):
1630         (JSC::B3::Value::asTriState):
1631         (JSC::B3::Value::effects):
1632         * b3/B3Value.h:
1633         * b3/B3ValueInlines.h:
1634         (JSC::B3::Value::asInt32):
1635         (JSC::B3::Value::isInt32):
1636         (JSC::B3::Value::hasInt64):
1637         (JSC::B3::Value::asInt64):
1638         (JSC::B3::Value::isInt64):
1639         (JSC::B3::Value::hasInt):
1640         (JSC::B3::Value::asIntPtr):
1641         (JSC::B3::Value::isIntPtr):
1642         (JSC::B3::Value::hasDouble):
1643         (JSC::B3::Value::asDouble):
1644         (JSC::B3::Value::isEqualToDouble):
1645         (JSC::B3::Value::hasNumber):
1646         (JSC::B3::Value::representableAs):
1647         (JSC::B3::Value::asNumber):
1648         (JSC::B3::Value::stackmap):
1649         * b3/air/AirArg.cpp:
1650         (JSC::B3::Air::Arg::dump):
1651         * b3/air/AirArg.h:
1652         (JSC::B3::Air::Arg::resCond):
1653         (JSC::B3::Air::Arg::doubleCond):
1654         (JSC::B3::Air::Arg::special):
1655         (JSC::B3::Air::Arg::isResCond):
1656         (JSC::B3::Air::Arg::isDoubleCond):
1657         (JSC::B3::Air::Arg::isSpecial):
1658         (JSC::B3::Air::Arg::isGP):
1659         (JSC::B3::Air::Arg::isFP):
1660         (JSC::B3::Air::Arg::asResultCondition):
1661         (JSC::B3::Air::Arg::asDoubleCondition):
1662         (JSC::B3::Air::Arg::Arg):
1663         * b3/air/AirCode.cpp:
1664         (JSC::B3::Air::Code::resetReachability):
1665         (JSC::B3::Air::Code::dump):
1666         * b3/air/AirOpcode.opcodes:
1667         * b3/air/opcode_generator.rb:
1668         * b3/testb3.cpp:
1669         (hiddenTruthBecauseNoReturnIsStupid):
1670         (usage):
1671         (JSC::B3::compile):
1672         (JSC::B3::invoke):
1673         (JSC::B3::compileAndRun):
1674         (JSC::B3::test42):
1675         (JSC::B3::testStoreLoadStackSlot):
1676         (JSC::B3::testBranch):
1677         (JSC::B3::testDiamond):
1678         (JSC::B3::testBranchNotEqual):
1679         (JSC::B3::testBranchFold):
1680         (JSC::B3::testDiamondFold):
1681         (JSC::B3::run):
1682         (run):
1683         (main):
1684
1685 2015-10-30  Keith Miller  <keith_miller@apple.com>
1686
1687         [ES6] Add support for toStringTag
1688         https://bugs.webkit.org/show_bug.cgi?id=150696
1689
1690         Reviewed by Geoffrey Garen.
1691
1692         This patch adds support for Symbol.toStringTag. This is a simple
1693         feature, if an object passed to Object.prototype.toString() has a
1694         toStringTag we use the tag in the string rather than the class info.
1695         Added a test that checks this works for all the default supported classes
1696         along with the corresponding prototype and custom cases.
1697
1698         * runtime/ArrayIteratorPrototype.cpp:
1699         (JSC::ArrayIteratorPrototype::finishCreation):
1700         * runtime/CommonIdentifiers.h:
1701         * runtime/JSArrayBufferPrototype.cpp:
1702         (JSC::JSArrayBufferPrototype::finishCreation):
1703         * runtime/JSDataViewPrototype.cpp:
1704         (JSC::JSDataViewPrototype::finishCreation):
1705         * runtime/JSDataViewPrototype.h:
1706         * runtime/JSModuleNamespaceObject.cpp:
1707         (JSC::JSModuleNamespaceObject::finishCreation):
1708         * runtime/JSONObject.cpp:
1709         (JSC::JSONObject::finishCreation):
1710         * runtime/JSPromisePrototype.cpp:
1711         (JSC::JSPromisePrototype::finishCreation):
1712         * runtime/JSTypedArrayViewPrototype.cpp:
1713         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1714         (JSC::JSTypedArrayViewPrototype::finishCreation):
1715         * runtime/MapIteratorPrototype.cpp:
1716         (JSC::MapIteratorPrototype::finishCreation):
1717         * runtime/MapPrototype.cpp:
1718         (JSC::MapPrototype::finishCreation):
1719         * runtime/MathObject.cpp:
1720         (JSC::MathObject::finishCreation):
1721         * runtime/ObjectPrototype.cpp:
1722         (JSC::objectProtoFuncToString):
1723         * runtime/SetIteratorPrototype.cpp:
1724         (JSC::SetIteratorPrototype::finishCreation):
1725         * runtime/SetPrototype.cpp:
1726         (JSC::SetPrototype::finishCreation):
1727         * runtime/SmallStrings.cpp:
1728         (JSC::SmallStrings::SmallStrings):
1729         (JSC::SmallStrings::initializeCommonStrings):
1730         (JSC::SmallStrings::visitStrongReferences):
1731         * runtime/SmallStrings.h:
1732         (JSC::SmallStrings::objectStringStart):
1733         * runtime/StringIteratorPrototype.cpp:
1734         (JSC::StringIteratorPrototype::finishCreation):
1735         * runtime/SymbolPrototype.cpp:
1736         (JSC::SymbolPrototype::finishCreation):
1737         * runtime/WeakMapPrototype.cpp:
1738         (JSC::WeakMapPrototype::finishCreation):
1739         * runtime/WeakSetPrototype.cpp:
1740         (JSC::WeakSetPrototype::finishCreation):
1741         * tests/modules/namespace.js:
1742         * tests/stress/symbol-tostringtag.js: Added.
1743         (toStr):
1744         (strName):
1745         (classes.string_appeared_here):
1746
1747 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1748
1749         Web Inspector: Do not show JavaScriptCore builtins in inspector
1750         https://bugs.webkit.org/show_bug.cgi?id=146049
1751
1752         Reviewed by Geoffrey Garen.
1753
1754         * debugger/Debugger.cpp:
1755         When gathering scripts to notify the inspector / debuggers about
1756         skip over sources containing host / built-in functions as those
1757         for those won't contain source code developers expect to see.
1758
1759 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1760
1761         Fix typo in "use strict" in TypedArray builtins
1762         https://bugs.webkit.org/show_bug.cgi?id=150709
1763
1764         Reviewed by Geoffrey Garen.
1765
1766         * builtins/TypedArray.prototype.js:
1767         (toLocaleString):
1768
1769 2015-10-29  Philippe Normand  <pnormand@igalia.com>
1770
1771         [GTK][Mac] disable OBJC JSC API
1772         https://bugs.webkit.org/show_bug.cgi?id=150500
1773
1774         Reviewed by Alex Christensen.
1775
1776         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
1777
1778 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1779
1780         Air::handleCalleeSaves shouldn't save/restore the frame pointer
1781         https://bugs.webkit.org/show_bug.cgi?id=150688
1782
1783         Reviewed by Michael Saboff.
1784
1785         We save/restore the FP inside Air::generate().
1786
1787         * b3/air/AirHandleCalleeSaves.cpp:
1788         (JSC::B3::Air::handleCalleeSaves):
1789
1790 2015-10-29  Michael Saboff  <msaboff@apple.com>
1791
1792         Crash making a tail call from a getter to a host function
1793         https://bugs.webkit.org/show_bug.cgi?id=150663
1794
1795         Reviewed by Geoffrey Garen.
1796
1797         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
1798         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
1799
1800         * jit/JITOperations.cpp:
1801
1802 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1803
1804         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
1805         https://bugs.webkit.org/show_bug.cgi?id=150685
1806
1807         Reviewed by Geoffrey Garen.
1808
1809         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
1810         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
1811         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
1812         requires fewer bits.
1813
1814         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
1815         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
1816         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
1817         helper should happily accept either Const32Value or Const64Value.
1818
1819         We already sort of had this with immAnyType(), but it just turns out that anyone using
1820         immAnyType() should really be using imm().
1821
1822         * b3/B3LowerToAir.cpp:
1823         (JSC::B3::Air::LowerToAir::imm):
1824         (JSC::B3::Air::LowerToAir::tryStore):
1825         (JSC::B3::Air::LowerToAir::tryConst64):
1826         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
1827         * b3/testb3.cpp:
1828         (JSC::B3::testAdd1):
1829         (JSC::B3::testAdd1Ptr):
1830         (JSC::B3::testStoreAddLoad):
1831         (JSC::B3::run):
1832
1833 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1834
1835         StoreOpLoad pattern matching should check effects between the Store and Load
1836         https://bugs.webkit.org/show_bug.cgi?id=150534
1837
1838         Reviewed by Geoffrey Garen.
1839
1840         If we turn:
1841
1842             a = Load(addr)
1843             b = Add(a, 42)
1844             Store(b, addr)
1845
1846         Into:
1847
1848             Add $42, (addr)
1849
1850         Then we must make sure that we didn't really have this to begin with:
1851
1852             a = Load(addr)
1853             Store(666, addr)
1854             b = Add(a, 42)
1855             Store(b, addr)
1856
1857         That's because pattern matching doesn't care about control flow, and it finds the Load
1858         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
1859         enough to broadly ask questions about whether such a code motion of the Load is legal.
1860
1861         * b3/B3Effects.cpp:
1862         (JSC::B3::Effects::interferes):
1863         (JSC::B3::Effects::dump):
1864         * b3/B3Effects.h:
1865         (JSC::B3::Effects::mustExecute):
1866         * b3/B3LowerToAir.cpp:
1867         (JSC::B3::Air::LowerToAir::run):
1868         (JSC::B3::Air::LowerToAir::commitInternal):
1869         (JSC::B3::Air::LowerToAir::crossesInterference):
1870         (JSC::B3::Air::LowerToAir::effectiveAddr):
1871         (JSC::B3::Air::LowerToAir::loadAddr):
1872         * b3/B3Procedure.cpp:
1873         (JSC::B3::Procedure::addBlock):
1874         (JSC::B3::Procedure::resetValueOwners):
1875         (JSC::B3::Procedure::resetReachability):
1876         * b3/B3Procedure.h:
1877         * b3/B3Value.cpp:
1878         (JSC::B3::Value::effects):
1879         * b3/B3Value.h:
1880         * b3/testb3.cpp:
1881         (JSC::B3::testStoreAddLoad):
1882         (JSC::B3::testStoreAddLoadInterference):
1883         (JSC::B3::testStoreAddAndLoad):
1884         (JSC::B3::testLoadOffsetUsingAdd):
1885         (JSC::B3::testLoadOffsetUsingAddInterference):
1886         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1887         (JSC::B3::run):
1888
1889 2015-10-29  Brady Eidson  <beidson@apple.com>
1890
1891         Modern IDB: deleteObjectStore support.
1892         https://bugs.webkit.org/show_bug.cgi?id=150673
1893
1894         Reviewed by Alex Christensen.
1895
1896         * runtime/VM.h:
1897
1898 2015-10-29  Mark Lam  <mark.lam@apple.com>
1899
1900         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
1901         https://bugs.webkit.org/show_bug.cgi?id=150687
1902
1903         Unreviewed.
1904
1905         Disabling the feature while it is being debugged.  I'm doing this by effectively
1906         rolling out only the changes in FTLCapabilities.cpp.
1907
1908         * ftl/FTLCapabilities.cpp:
1909         (JSC::FTL::canCompile):
1910
1911 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1912
1913         Unreviewed, fix iOS build.
1914
1915         * assembler/MacroAssemblerARM64.h:
1916         (JSC::MacroAssemblerARM64::store64):
1917
1918 2015-10-29  Alex Christensen  <achristensen@webkit.org>
1919
1920         Fix Mac CMake build
1921         https://bugs.webkit.org/show_bug.cgi?id=150686
1922
1923         Reviewed by Filip Pizlo.
1924
1925         * API/ObjCCallbackFunction.mm:
1926         * CMakeLists.txt:
1927         * PlatformMac.cmake:
1928
1929 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1930
1931         Air needs syntax for escaping StackSlots
1932         https://bugs.webkit.org/show_bug.cgi?id=150430
1933
1934         Reviewed by Geoffrey Garen.
1935
1936         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
1937         instruction for getting the value of an address. This is necessary to support arbitrary
1938         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
1939         this new instruction.
1940
1941         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
1942         would do: it evaluates an address, but does not load from it or store to it.
1943
1944         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
1945         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
1946         that StackSlots may escape, and factors this into its analysis.
1947
1948         * assembler/MacroAssembler.h:
1949         (JSC::MacroAssembler::lea):
1950         * b3/B3AddressMatcher.patterns:
1951         * b3/B3LowerToAir.cpp:
1952         (JSC::B3::Air::LowerToAir::run):
1953         (JSC::B3::Air::LowerToAir::addr):
1954         (JSC::B3::Air::LowerToAir::loadAddr):
1955         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1956         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
1957         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
1958         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1959         (JSC::B3::Air::LowerToAir::tryConst64):
1960         (JSC::B3::Air::LowerToAir::tryFramePointer):
1961         (JSC::B3::Air::LowerToAir::tryStackSlot):
1962         (JSC::B3::Air::LowerToAir::tryIdentity):
1963         * b3/B3LoweringMatcher.patterns:
1964         * b3/B3MemoryValue.cpp:
1965         (JSC::B3::MemoryValue::~MemoryValue):
1966         (JSC::B3::MemoryValue::accessByteSize):
1967         (JSC::B3::MemoryValue::dumpMeta):
1968         * b3/B3MemoryValue.h:
1969         * b3/B3ReduceStrength.cpp:
1970         * b3/B3StackSlotValue.h:
1971         (JSC::B3::StackSlotValue::accepts): Deleted.
1972         * b3/B3Type.h:
1973         (JSC::B3::pointerType):
1974         (JSC::B3::sizeofType):
1975         * b3/B3Validate.cpp:
1976         * b3/B3Value.h:
1977         * b3/air/AirAllocateStack.cpp:
1978         (JSC::B3::Air::allocateStack):
1979         * b3/air/AirArg.h:
1980         (JSC::B3::Air::Arg::isUse):
1981         (JSC::B3::Air::Arg::isDef):
1982         (JSC::B3::Air::Arg::forEachTmp):
1983         * b3/air/AirCode.cpp:
1984         (JSC::B3::Air::Code::addStackSlot):
1985         (JSC::B3::Air::Code::addSpecial):
1986         * b3/air/AirCode.h:
1987         * b3/air/AirOpcode.opcodes:
1988         * b3/air/AirSpillEverything.cpp:
1989         (JSC::B3::Air::spillEverything):
1990         * b3/air/AirStackSlot.h:
1991         (JSC::B3::Air::StackSlot::byteSize):
1992         (JSC::B3::Air::StackSlot::kind):
1993         (JSC::B3::Air::StackSlot::isLocked):
1994         (JSC::B3::Air::StackSlot::index):
1995         (JSC::B3::Air::StackSlot::alignment):
1996         * b3/air/opcode_generator.rb:
1997         * b3/testb3.cpp:
1998         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1999         (JSC::B3::testFramePointer):
2000         (JSC::B3::testStackSlot):
2001         (JSC::B3::testLoadFromFramePointer):
2002         (JSC::B3::testStoreLoadStackSlot):
2003         (JSC::B3::run):
2004
2005 2015-10-29  Saam barati  <sbarati@apple.com>
2006
2007         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
2008         https://bugs.webkit.org/show_bug.cgi?id=150655
2009
2010         Reviewed by Filip Pizlo.
2011
2012         We're recomputing this value for an *OSRExitDescriptor* for every one
2013         of its corresponding *OSRExits*. This is having a multiplicative
2014         effect on offsets because each computation is relative to the previous
2015         value. We must do this computation just once per OSRExitDescriptor.
2016
2017         * ftl/FTLCompile.cpp:
2018         (JSC::FTL::mmAllocateDataSection):
2019
2020 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2021
2022         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
2023         https://bugs.webkit.org/show_bug.cgi?id=150657
2024
2025         Reviewed by Geoffrey Garen.
2026
2027         Also added the ability to store an immediate to memory.
2028
2029         * assembler/MacroAssembler.h:
2030         (JSC::MacroAssembler::storePtr):
2031         * assembler/MacroAssemblerARM64.h:
2032         (JSC::MacroAssemblerARM64::store64):
2033         * assembler/MacroAssemblerX86_64.h:
2034         (JSC::MacroAssemblerX86_64::store64):
2035         * b3/B3LowerToAir.cpp:
2036         (JSC::B3::Air::LowerToAir::imm):
2037         (JSC::B3::Air::LowerToAir::immAnyInt):
2038         (JSC::B3::Air::LowerToAir::immOrTmp):
2039         (JSC::B3::Air::LowerToAir::tryStore):
2040         * b3/air/AirOpcode.opcodes:
2041         * b3/air/AirSpillEverything.cpp:
2042         (JSC::B3::Air::spillEverything):
2043         * b3/testb3.cpp:
2044         (JSC::B3::testStore):
2045         (JSC::B3::testStoreConstant):
2046         (JSC::B3::testStoreConstantPtr):
2047         (JSC::B3::testTrunc):
2048         (JSC::B3::run):
2049
2050 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2051
2052         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
2053         https://bugs.webkit.org/show_bug.cgi?id=150654
2054
2055         Reviewed by Geoffrey Garen.
2056
2057         * inspector/scripts/codegen/generator.py:
2058
2059 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2060
2061         B3::reduceStrength() should do DCE
2062         https://bugs.webkit.org/show_bug.cgi?id=150656
2063
2064         Reviewed by Saam Barati.
2065
2066         * b3/B3BasicBlock.cpp:
2067         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
2068         * b3/B3BasicBlock.h:
2069         * b3/B3Procedure.cpp:
2070         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
2071         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
2072         * b3/B3Procedure.h:
2073         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
2074         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2075         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2076         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
2077         (JSC::B3::Procedure::values):
2078         * b3/B3ProcedureInlines.h:
2079         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
2080         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
2081
2082 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
2083
2084         Web Inspector: Remove unused / duplicate WebSocket timeline records
2085         https://bugs.webkit.org/show_bug.cgi?id=150647
2086
2087         Reviewed by Timothy Hatcher.
2088
2089         * inspector/protocol/Timeline.json:
2090
2091 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2092
2093         B3::LowerToAir should not duplicate Loads
2094         https://bugs.webkit.org/show_bug.cgi?id=150651
2095
2096         Reviewed by Benjamin Poulain.
2097
2098         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
2099         if we haven't already emitted code that uses the Value and the Value has only one direct
2100         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
2101         Value: we won't emit any more code for it in the future.
2102
2103         The optimization to fuse Loads was forgetting to do all of these things, and so generated
2104         code would have a lot of duplicated Loads. That's bad and this change fixes that.
2105
2106         Ordinarily, this is far less tricky because the pattern matcher does this for us via
2107         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
2108         won't need to do this manually very often.
2109
2110         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
2111         debug.
2112
2113         * b3/B3IndexMap.h:
2114         (JSC::B3::IndexMap::IndexMap):
2115         (JSC::B3::IndexMap::resize):
2116         (JSC::B3::IndexMap::operator[]):
2117         * b3/B3LowerToAir.cpp:
2118         (JSC::B3::Air::LowerToAir::tmp):
2119         (JSC::B3::Air::LowerToAir::canBeInternal):
2120         (JSC::B3::Air::LowerToAir::commitInternal):
2121         (JSC::B3::Air::LowerToAir::effectiveAddr):
2122         (JSC::B3::Air::LowerToAir::loadAddr):
2123         (JSC::B3::Air::LowerToAir::appendBinOp):
2124         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2125         (JSC::B3::Air::LowerToAir::acceptInternals):
2126         * b3/B3UseCounts.cpp:
2127         (JSC::B3::UseCounts::UseCounts):
2128
2129 2015-10-28  Mark Lam  <mark.lam@apple.com>
2130
2131         JITSubGenerator::generateFastPath() does not need to be inlined.
2132         https://bugs.webkit.org/show_bug.cgi?id=150645
2133
2134         Reviewed by Geoffrey Garen.
2135
2136         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
2137         perf neutral.
2138
2139         * CMakeLists.txt:
2140         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2141         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2142         * JavaScriptCore.xcodeproj/project.pbxproj:
2143         * ftl/FTLCompile.cpp:
2144         * jit/JITSubGenerator.cpp: Added.
2145         (JSC::JITSubGenerator::generateFastPath):
2146         * jit/JITSubGenerator.h:
2147         (JSC::JITSubGenerator::JITSubGenerator):
2148         (JSC::JITSubGenerator::endJumpList):
2149         (JSC::JITSubGenerator::slowPathJumpList):
2150         (JSC::JITSubGenerator::generateFastPath): Deleted.
2151
2152 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2153
2154         [B3] handleCommutativity should canonicalize commutative operations over non-constants
2155         https://bugs.webkit.org/show_bug.cgi?id=150649
2156
2157         Reviewed by Saam Barati.
2158
2159         Turn this: Add(value1, value2)
2160         Into this: Add(value2, value1)
2161
2162         But ony if value2 should come before value1 according to our total ordering. This will allow
2163         CSE to observe the equality between commuted versions of the same operation, since we will
2164         first canonicalize them into the same order.
2165
2166         * b3/B3ReduceStrength.cpp:
2167
2168 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2169
2170         Unreviewed, fix the build for case sensitive file systems.
2171
2172         * b3/air/AirBasicBlock.h:
2173         * b3/air/AirStackSlot.h:
2174
2175 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
2176
2177         Create a super rough prototype of B3
2178         https://bugs.webkit.org/show_bug.cgi?id=150280
2179
2180         Reviewed by Benjamin Poulain.
2181
2182         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
2183         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
2184         for aggressive C-level optimizations and an awesome portable backend. The backend, called
2185         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
2186         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
2187         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
2188         instruction selection, reflectively selects Air opcodes by querying which instruction forms
2189         are possible. Air allows for optimal register allocation and stack layout. Currently the
2190         register allocator isn't written, but the stack layout is.
2191
2192         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
2193         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
2194         stuff added to the instruction selector. But it's a neat start.
2195
2196         * CMakeLists.txt:
2197         * DerivedSources.make:
2198         * JavaScriptCore.xcodeproj/project.pbxproj:
2199         * assembler/MacroAssembler.cpp:
2200         (WTF::printInternal):
2201         * assembler/MacroAssembler.h:
2202         * b3: Added.
2203         * b3/B3AddressMatcher.patterns: Added.
2204         * b3/B3ArgumentRegValue.cpp: Added.
2205         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
2206         (JSC::B3::ArgumentRegValue::dumpMeta):
2207         * b3/B3ArgumentRegValue.h: Added.
2208         * b3/B3BasicBlock.cpp: Added.
2209         (JSC::B3::BasicBlock::BasicBlock):
2210         (JSC::B3::BasicBlock::~BasicBlock):
2211         (JSC::B3::BasicBlock::append):
2212         (JSC::B3::BasicBlock::addPredecessor):
2213         (JSC::B3::BasicBlock::removePredecessor):
2214         (JSC::B3::BasicBlock::replacePredecessor):
2215         (JSC::B3::BasicBlock::removeNops):
2216         (JSC::B3::BasicBlock::dump):
2217         (JSC::B3::BasicBlock::deepDump):
2218         * b3/B3BasicBlock.h: Added.
2219         (JSC::B3::BasicBlock::index):
2220         (JSC::B3::BasicBlock::begin):
2221         (JSC::B3::BasicBlock::end):
2222         (JSC::B3::BasicBlock::size):
2223         (JSC::B3::BasicBlock::at):
2224         (JSC::B3::BasicBlock::last):
2225         (JSC::B3::BasicBlock::values):
2226         (JSC::B3::BasicBlock::numPredecessors):
2227         (JSC::B3::BasicBlock::predecessor):
2228         (JSC::B3::BasicBlock::predecessors):
2229         (JSC::B3::BasicBlock::frequency):
2230         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
2231         (JSC::B3::DeepBasicBlockDump::dump):
2232         (JSC::B3::deepDump):
2233         * b3/B3BasicBlockInlines.h: Added.
2234         (JSC::B3::BasicBlock::appendNew):
2235         (JSC::B3::BasicBlock::numSuccessors):
2236         (JSC::B3::BasicBlock::successor):
2237         (JSC::B3::BasicBlock::successors):
2238         (JSC::B3::BasicBlock::successorBlock):
2239         (JSC::B3::BasicBlock::successorBlocks):
2240         * b3/B3BasicBlockUtils.h: Added.
2241         (JSC::B3::addPredecessor):
2242         (JSC::B3::removePredecessor):
2243         (JSC::B3::replacePredecessor):
2244         (JSC::B3::resetReachability):
2245         (JSC::B3::blocksInPreOrder):
2246         (JSC::B3::blocksInPostOrder):
2247         * b3/B3BlockWorklist.h: Added.
2248         * b3/B3CheckSpecial.cpp: Added.
2249         (JSC::B3::Air::numB3Args):
2250         (JSC::B3::CheckSpecial::CheckSpecial):
2251         (JSC::B3::CheckSpecial::~CheckSpecial):
2252         (JSC::B3::CheckSpecial::hiddenBranch):
2253         (JSC::B3::CheckSpecial::forEachArg):
2254         (JSC::B3::CheckSpecial::isValid):
2255         (JSC::B3::CheckSpecial::admitsStack):
2256         (JSC::B3::CheckSpecial::generate):
2257         (JSC::B3::CheckSpecial::dumpImpl):
2258         (JSC::B3::CheckSpecial::deepDumpImpl):
2259         * b3/B3CheckSpecial.h: Added.
2260         * b3/B3CheckValue.cpp: Added.
2261         (JSC::B3::CheckValue::~CheckValue):
2262         (JSC::B3::CheckValue::dumpMeta):
2263         * b3/B3CheckValue.h: Added.
2264         * b3/B3Common.cpp: Added.
2265         (JSC::B3::shouldDumpIR):
2266         (JSC::B3::shouldDumpIRAtEachPhase):
2267         (JSC::B3::shouldValidateIR):
2268         (JSC::B3::shouldValidateIRAtEachPhase):
2269         (JSC::B3::shouldSaveIRBeforePhase):
2270         * b3/B3Common.h: Added.
2271         (JSC::B3::is64Bit):
2272         (JSC::B3::is32Bit):
2273         * b3/B3Commutativity.cpp: Added.
2274         (WTF::printInternal):
2275         * b3/B3Commutativity.h: Added.
2276         * b3/B3Const32Value.cpp: Added.
2277         (JSC::B3::Const32Value::~Const32Value):
2278         (JSC::B3::Const32Value::negConstant):
2279         (JSC::B3::Const32Value::addConstant):
2280         (JSC::B3::Const32Value::subConstant):
2281         (JSC::B3::Const32Value::dumpMeta):
2282         * b3/B3Const32Value.h: Added.
2283         * b3/B3Const64Value.cpp: Added.
2284         (JSC::B3::Const64Value::~Const64Value):
2285         (JSC::B3::Const64Value::negConstant):
2286         (JSC::B3::Const64Value::addConstant):
2287         (JSC::B3::Const64Value::subConstant):
2288         (JSC::B3::Const64Value::dumpMeta):
2289         * b3/B3Const64Value.h: Added.
2290         * b3/B3ConstDoubleValue.cpp: Added.
2291         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
2292         (JSC::B3::ConstDoubleValue::negConstant):
2293         (JSC::B3::ConstDoubleValue::addConstant):
2294         (JSC::B3::ConstDoubleValue::subConstant):
2295         (JSC::B3::ConstDoubleValue::dumpMeta):
2296         * b3/B3ConstDoubleValue.h: Added.
2297         (JSC::B3::ConstDoubleValue::accepts):
2298         (JSC::B3::ConstDoubleValue::value):
2299         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
2300         * b3/B3ConstPtrValue.h: Added.
2301         (JSC::B3::ConstPtrValue::value):
2302         (JSC::B3::ConstPtrValue::ConstPtrValue):
2303         * b3/B3ControlValue.cpp: Added.
2304         (JSC::B3::ControlValue::~ControlValue):
2305         (JSC::B3::ControlValue::dumpMeta):
2306         * b3/B3ControlValue.h: Added.
2307         * b3/B3Effects.cpp: Added.
2308         (JSC::B3::Effects::dump):
2309         * b3/B3Effects.h: Added.
2310         (JSC::B3::Effects::mustExecute):
2311         * b3/B3FrequencyClass.cpp: Added.
2312         (WTF::printInternal):
2313         * b3/B3FrequencyClass.h: Added.
2314         * b3/B3FrequentedBlock.h: Added.
2315         * b3/B3Generate.cpp: Added.
2316         (JSC::B3::generate):
2317         (JSC::B3::generateToAir):
2318         * b3/B3Generate.h: Added.
2319         * b3/B3GenericFrequentedBlock.h: Added.
2320         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
2321         (JSC::B3::GenericFrequentedBlock::operator==):
2322         (JSC::B3::GenericFrequentedBlock::operator!=):
2323         (JSC::B3::GenericFrequentedBlock::operator bool):
2324         (JSC::B3::GenericFrequentedBlock::block):
2325         (JSC::B3::GenericFrequentedBlock::frequency):
2326         (JSC::B3::GenericFrequentedBlock::dump):
2327         * b3/B3HeapRange.cpp: Added.
2328         (JSC::B3::HeapRange::dump):
2329         * b3/B3HeapRange.h: Added.
2330         (JSC::B3::HeapRange::HeapRange):
2331         (JSC::B3::HeapRange::top):
2332         (JSC::B3::HeapRange::operator==):
2333         (JSC::B3::HeapRange::operator!=):
2334         (JSC::B3::HeapRange::operator bool):
2335         (JSC::B3::HeapRange::begin):
2336         (JSC::B3::HeapRange::end):
2337         (JSC::B3::HeapRange::overlaps):
2338         * b3/B3IndexMap.h: Added.
2339         (JSC::B3::IndexMap::IndexMap):
2340         (JSC::B3::IndexMap::resize):
2341         (JSC::B3::IndexMap::operator[]):
2342         * b3/B3IndexSet.h: Added.
2343         (JSC::B3::IndexSet::IndexSet):
2344         (JSC::B3::IndexSet::add):
2345         (JSC::B3::IndexSet::contains):
2346         (JSC::B3::IndexSet::Iterable::Iterable):
2347         (JSC::B3::IndexSet::Iterable::iterator::iterator):
2348         (JSC::B3::IndexSet::Iterable::iterator::operator*):
2349         (JSC::B3::IndexSet::Iterable::iterator::operator++):
2350         (JSC::B3::IndexSet::Iterable::iterator::operator==):
2351         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
2352         (JSC::B3::IndexSet::Iterable::begin):
2353         (JSC::B3::IndexSet::Iterable::end):
2354         (JSC::B3::IndexSet::values):
2355         (JSC::B3::IndexSet::indices):
2356         (JSC::B3::IndexSet::dump):
2357         * b3/B3InsertionSet.cpp: Added.
2358         (JSC::B3::InsertionSet::execute):
2359         * b3/B3InsertionSet.h: Added.
2360         (JSC::B3::InsertionSet::InsertionSet):
2361         (JSC::B3::InsertionSet::code):
2362         (JSC::B3::InsertionSet::appendInsertion):
2363         (JSC::B3::InsertionSet::insertValue):
2364         * b3/B3InsertionSetInlines.h: Added.
2365         (JSC::B3::InsertionSet::insert):
2366         * b3/B3LowerToAir.cpp: Added.
2367         (JSC::B3::Air::LowerToAir::LowerToAir):
2368         (JSC::B3::Air::LowerToAir::run):
2369         (JSC::B3::Air::LowerToAir::tmp):
2370         (JSC::B3::Air::LowerToAir::effectiveAddr):
2371         (JSC::B3::Air::LowerToAir::addr):
2372         (JSC::B3::Air::LowerToAir::loadAddr):
2373         (JSC::B3::Air::LowerToAir::imm):
2374         (JSC::B3::Air::LowerToAir::immOrTmp):
2375         (JSC::B3::Air::LowerToAir::appendBinOp):
2376         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
2377         (JSC::B3::Air::LowerToAir::moveForType):
2378         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
2379         (JSC::B3::Air::LowerToAir::append):
2380         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
2381         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
2382         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
2383         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
2384         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
2385         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
2386         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
2387         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
2388         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
2389         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
2390         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
2391         (JSC::B3::Air::LowerToAir::acceptRoot):
2392         (JSC::B3::Air::LowerToAir::acceptRootLate):
2393         (JSC::B3::Air::LowerToAir::acceptInternals):
2394         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
2395         (JSC::B3::Air::LowerToAir::acceptOperands):
2396         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
2397         (JSC::B3::Air::LowerToAir::tryLoad):
2398         (JSC::B3::Air::LowerToAir::tryAdd):
2399         (JSC::B3::Air::LowerToAir::tryAnd):
2400         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
2401         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
2402         (JSC::B3::Air::LowerToAir::tryStore):
2403         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
2404         (JSC::B3::Air::LowerToAir::tryTrunc):
2405         (JSC::B3::Air::LowerToAir::tryArgumentReg):
2406         (JSC::B3::Air::LowerToAir::tryConst32):
2407         (JSC::B3::Air::LowerToAir::tryConst64):
2408         (JSC::B3::Air::LowerToAir::tryIdentity):
2409         (JSC::B3::Air::LowerToAir::tryReturn):
2410         (JSC::B3::lowerToAir):
2411         * b3/B3LowerToAir.h: Added.
2412         * b3/B3LoweringMatcher.patterns: Added.
2413         * b3/B3MemoryValue.cpp: Added.
2414         (JSC::B3::MemoryValue::~MemoryValue):
2415         (JSC::B3::MemoryValue::dumpMeta):
2416         * b3/B3MemoryValue.h: Added.
2417         * b3/B3Opcode.cpp: Added.
2418         (WTF::printInternal):
2419         * b3/B3Opcode.h: Added.
2420         (JSC::B3::isCheckMath):
2421         * b3/B3Origin.cpp: Added.
2422         (JSC::B3::Origin::dump):
2423         * b3/B3Origin.h: Added.
2424         (JSC::B3::Origin::Origin):
2425         (JSC::B3::Origin::operator bool):
2426         (JSC::B3::Origin::data):
2427         * b3/B3PatchpointSpecial.cpp: Added.
2428         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
2429         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
2430         (JSC::B3::PatchpointSpecial::forEachArg):
2431         (JSC::B3::PatchpointSpecial::isValid):
2432         (JSC::B3::PatchpointSpecial::admitsStack):
2433         (JSC::B3::PatchpointSpecial::generate):
2434         (JSC::B3::PatchpointSpecial::dumpImpl):
2435         (JSC::B3::PatchpointSpecial::deepDumpImpl):
2436         * b3/B3PatchpointSpecial.h: Added.
2437         * b3/B3PatchpointValue.cpp: Added.
2438         (JSC::B3::PatchpointValue::~PatchpointValue):
2439         (JSC::B3::PatchpointValue::dumpMeta):
2440         * b3/B3PatchpointValue.h: Added.
2441         (JSC::B3::PatchpointValue::accepts):
2442         (JSC::B3::PatchpointValue::PatchpointValue):
2443         * b3/B3PhaseScope.cpp: Added.
2444         (JSC::B3::PhaseScope::PhaseScope):
2445         (JSC::B3::PhaseScope::~PhaseScope):
2446         * b3/B3PhaseScope.h: Added.
2447         * b3/B3Procedure.cpp: Added.
2448         (JSC::B3::Procedure::Procedure):
2449         (JSC::B3::Procedure::~Procedure):
2450         (JSC::B3::Procedure::addBlock):
2451         (JSC::B3::Procedure::resetReachability):
2452         (JSC::B3::Procedure::dump):
2453         (JSC::B3::Procedure::blocksInPreOrder):
2454         (JSC::B3::Procedure::blocksInPostOrder):
2455         * b3/B3Procedure.h: Added.
2456         (JSC::B3::Procedure::size):
2457         (JSC::B3::Procedure::at):
2458         (JSC::B3::Procedure::operator[]):
2459         (JSC::B3::Procedure::iterator::iterator):
2460         (JSC::B3::Procedure::iterator::operator*):
2461         (JSC::B3::Procedure::iterator::operator++):
2462         (JSC::B3::Procedure::iterator::operator==):
2463         (JSC::B3::Procedure::iterator::operator!=):
2464         (JSC::B3::Procedure::iterator::findNext):
2465         (JSC::B3::Procedure::begin):
2466         (JSC::B3::Procedure::end):
2467         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
2468         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
2469         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
2470         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2471         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
2472         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2473         (JSC::B3::Procedure::ValuesCollection::begin):
2474         (JSC::B3::Procedure::ValuesCollection::end):
2475         (JSC::B3::Procedure::ValuesCollection::size):
2476         (JSC::B3::Procedure::ValuesCollection::at):
2477         (JSC::B3::Procedure::ValuesCollection::operator[]):
2478         (JSC::B3::Procedure::values):
2479         (JSC::B3::Procedure::setLastPhaseName):
2480         (JSC::B3::Procedure::lastPhaseName):
2481         * b3/B3ProcedureInlines.h: Added.
2482         (JSC::B3::Procedure::add):
2483         * b3/B3ReduceStrength.cpp: Added.
2484         (JSC::B3::reduceStrength):
2485         * b3/B3ReduceStrength.h: Added.
2486         * b3/B3StackSlotKind.cpp: Added.
2487         (WTF::printInternal):
2488         * b3/B3StackSlotKind.h: Added.
2489         * b3/B3StackSlotValue.cpp: Added.
2490         (JSC::B3::StackSlotValue::~StackSlotValue):
2491         (JSC::B3::StackSlotValue::dumpMeta):
2492         * b3/B3StackSlotValue.h: Added.
2493         (JSC::B3::StackSlotValue::accepts):
2494         (JSC::B3::StackSlotValue::byteSize):
2495         (JSC::B3::StackSlotValue::kind):
2496         (JSC::B3::StackSlotValue::offsetFromFP):
2497         (JSC::B3::StackSlotValue::setOffsetFromFP):
2498         (JSC::B3::StackSlotValue::StackSlotValue):
2499         * b3/B3Stackmap.cpp: Added.
2500         (JSC::B3::Stackmap::Stackmap):
2501         (JSC::B3::Stackmap::~Stackmap):
2502         (JSC::B3::Stackmap::dump):
2503         * b3/B3Stackmap.h: Added.
2504         (JSC::B3::Stackmap::constrain):
2505         (JSC::B3::Stackmap::reps):
2506         (JSC::B3::Stackmap::clobber):
2507         (JSC::B3::Stackmap::clobbered):
2508         (JSC::B3::Stackmap::setGenerator):
2509         * b3/B3StackmapSpecial.cpp: Added.
2510         (JSC::B3::StackmapSpecial::StackmapSpecial):
2511         (JSC::B3::StackmapSpecial::~StackmapSpecial):
2512         (JSC::B3::StackmapSpecial::reportUsedRegisters):
2513         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2514         (JSC::B3::StackmapSpecial::forEachArgImpl):
2515         (JSC::B3::StackmapSpecial::isValidImpl):
2516         (JSC::B3::StackmapSpecial::admitsStackImpl):
2517         (JSC::B3::StackmapSpecial::appendRepsImpl):
2518         (JSC::B3::StackmapSpecial::repForArg):
2519         * b3/B3StackmapSpecial.h: Added.
2520         * b3/B3SuccessorCollection.h: Added.
2521         (JSC::B3::SuccessorCollection::SuccessorCollection):
2522         (JSC::B3::SuccessorCollection::size):
2523         (JSC::B3::SuccessorCollection::at):
2524         (JSC::B3::SuccessorCollection::operator[]):
2525         (JSC::B3::SuccessorCollection::iterator::iterator):
2526         (JSC::B3::SuccessorCollection::iterator::operator*):
2527         (JSC::B3::SuccessorCollection::iterator::operator++):
2528         (JSC::B3::SuccessorCollection::iterator::operator==):
2529         (JSC::B3::SuccessorCollection::iterator::operator!=):
2530         (JSC::B3::SuccessorCollection::begin):
2531         (JSC::B3::SuccessorCollection::end):
2532         * b3/B3SwitchCase.cpp: Added.
2533         (JSC::B3::SwitchCase::dump):
2534         * b3/B3SwitchCase.h: Added.
2535         (JSC::B3::SwitchCase::SwitchCase):
2536         (JSC::B3::SwitchCase::operator bool):
2537         (JSC::B3::SwitchCase::caseValue):
2538         (JSC::B3::SwitchCase::target):
2539         (JSC::B3::SwitchCase::targetBlock):
2540         * b3/B3SwitchValue.cpp: Added.
2541         (JSC::B3::SwitchValue::~SwitchValue):
2542         (JSC::B3::SwitchValue::removeCase):
2543         (JSC::B3::SwitchValue::appendCase):
2544         (JSC::B3::SwitchValue::dumpMeta):
2545         (JSC::B3::SwitchValue::SwitchValue):
2546         * b3/B3SwitchValue.h: Added.
2547         (JSC::B3::SwitchValue::accepts):
2548         (JSC::B3::SwitchValue::numCaseValues):
2549         (JSC::B3::SwitchValue::caseValue):
2550         (JSC::B3::SwitchValue::caseValues):
2551         (JSC::B3::SwitchValue::fallThrough):
2552         (JSC::B3::SwitchValue::size):
2553         (JSC::B3::SwitchValue::at):
2554         (JSC::B3::SwitchValue::operator[]):
2555         (JSC::B3::SwitchValue::iterator::iterator):
2556         (JSC::B3::SwitchValue::iterator::operator*):
2557         (JSC::B3::SwitchValue::iterator::operator++):
2558         (JSC::B3::SwitchValue::iterator::operator==):
2559         (JSC::B3::SwitchValue::iterator::operator!=):
2560         (JSC::B3::SwitchValue::begin):
2561         (JSC::B3::SwitchValue::end):
2562         * b3/B3Type.cpp: Added.
2563         (WTF::printInternal):
2564         * b3/B3Type.h: Added.
2565         (JSC::B3::isInt):
2566         (JSC::B3::isFloat):
2567         (JSC::B3::pointerType):
2568         * b3/B3UpsilonValue.cpp: Added.
2569         (JSC::B3::UpsilonValue::~UpsilonValue):
2570         (JSC::B3::UpsilonValue::dumpMeta):
2571         * b3/B3UpsilonValue.h: Added.
2572         (JSC::B3::UpsilonValue::accepts):
2573         (JSC::B3::UpsilonValue::phi):
2574         (JSC::B3::UpsilonValue::UpsilonValue):
2575         * b3/B3UseCounts.cpp: Added.
2576         (JSC::B3::UseCounts::UseCounts):
2577         (JSC::B3::UseCounts::~UseCounts):
2578         * b3/B3UseCounts.h: Added.
2579         (JSC::B3::UseCounts::operator[]):
2580         * b3/B3Validate.cpp: Added.
2581         (JSC::B3::validate):
2582         * b3/B3Validate.h: Added.
2583         * b3/B3Value.cpp: Added.
2584         (JSC::B3::Value::~Value):
2585         (JSC::B3::Value::replaceWithIdentity):
2586         (JSC::B3::Value::replaceWithNop):
2587         (JSC::B3::Value::dump):
2588         (JSC::B3::Value::deepDump):
2589         (JSC::B3::Value::negConstant):
2590         (JSC::B3::Value::addConstant):
2591         (JSC::B3::Value::subConstant):
2592         (JSC::B3::Value::effects):
2593         (JSC::B3::Value::performSubstitution):
2594         (JSC::B3::Value::dumpMeta):
2595         (JSC::B3::Value::typeFor):
2596         * b3/B3Value.h: Added.
2597         (JSC::B3::DeepValueDump::DeepValueDump):
2598         (JSC::B3::DeepValueDump::dump):
2599         (JSC::B3::deepDump):
2600         * b3/B3ValueInlines.h: Added.
2601         (JSC::B3::Value::as):
2602         (JSC::B3::Value::isConstant):
2603         (JSC::B3::Value::hasInt32):
2604         (JSC::B3::Value::asInt32):
2605         (JSC::B3::Value::hasInt64):
2606         (JSC::B3::Value::asInt64):
2607         (JSC::B3::Value::hasInt):
2608         (JSC::B3::Value::asInt):
2609         (JSC::B3::Value::isInt):
2610         (JSC::B3::Value::hasIntPtr):
2611         (JSC::B3::Value::asIntPtr):
2612         (JSC::B3::Value::hasDouble):
2613         (JSC::B3::Value::asDouble):
2614         (JSC::B3::Value::stackmap):
2615         * b3/B3ValueRep.cpp: Added.
2616         (JSC::B3::ValueRep::dump):
2617         (WTF::printInternal):
2618         * b3/B3ValueRep.h: Added.
2619         (JSC::B3::ValueRep::ValueRep):
2620         (JSC::B3::ValueRep::reg):
2621         (JSC::B3::ValueRep::stack):
2622         (JSC::B3::ValueRep::stackArgument):
2623         (JSC::B3::ValueRep::constant):
2624         (JSC::B3::ValueRep::constantDouble):
2625         (JSC::B3::ValueRep::kind):
2626         (JSC::B3::ValueRep::operator bool):
2627         (JSC::B3::ValueRep::offsetFromFP):
2628         (JSC::B3::ValueRep::offsetFromSP):
2629         (JSC::B3::ValueRep::value):
2630         (JSC::B3::ValueRep::doubleValue):
2631         * b3/air: Added.
2632         * b3/air/AirAllocateStack.cpp: Added.
2633         (JSC::B3::Air::allocateStack):
2634         * b3/air/AirAllocateStack.h: Added.
2635         * b3/air/AirArg.cpp: Added.
2636         (JSC::B3::Air::Arg::dump):
2637         * b3/air/AirArg.h: Added.
2638         (JSC::B3::Air::Arg::isUse):
2639         (JSC::B3::Air::Arg::isDef):
2640         (JSC::B3::Air::Arg::typeForB3Type):
2641         (JSC::B3::Air::Arg::Arg):
2642         (JSC::B3::Air::Arg::imm):
2643         (JSC::B3::Air::Arg::imm64):
2644         (JSC::B3::Air::Arg::addr):
2645         (JSC::B3::Air::Arg::stack):
2646         (JSC::B3::Air::Arg::callArg):
2647         (JSC::B3::Air::Arg::isValidScale):
2648         (JSC::B3::Air::Arg::logScale):
2649         (JSC::B3::Air::Arg::index):
2650         (JSC::B3::Air::Arg::relCond):
2651         (JSC::B3::Air::Arg::resCond):
2652         (JSC::B3::Air::Arg::special):
2653         (JSC::B3::Air::Arg::operator==):
2654         (JSC::B3::Air::Arg::operator!=):
2655         (JSC::B3::Air::Arg::operator bool):
2656         (JSC::B3::Air::Arg::kind):
2657         (JSC::B3::Air::Arg::isTmp):
2658         (JSC::B3::Air::Arg::isImm):
2659         (JSC::B3::Air::Arg::isImm64):
2660         (JSC::B3::Air::Arg::isAddr):
2661         (JSC::B3::Air::Arg::isStack):
2662         (JSC::B3::Air::Arg::isCallArg):
2663         (JSC::B3::Air::Arg::isIndex):
2664         (JSC::B3::Air::Arg::isRelCond):
2665         (JSC::B3::Air::Arg::isResCond):
2666         (JSC::B3::Air::Arg::isSpecial):
2667         (JSC::B3::Air::Arg::isAlive):
2668         (JSC::B3::Air::Arg::tmp):
2669         (JSC::B3::Air::Arg::value):
2670         (JSC::B3::Air::Arg::pointerValue):
2671         (JSC::B3::Air::Arg::base):
2672         (JSC::B3::Air::Arg::hasOffset):
2673         (JSC::B3::Air::Arg::offset):
2674         (JSC::B3::Air::Arg::stackSlot):
2675         (JSC::B3::Air::Arg::scale):
2676         (JSC::B3::Air::Arg::isGPTmp):
2677         (JSC::B3::Air::Arg::isFPTmp):
2678         (JSC::B3::Air::Arg::isGP):
2679         (JSC::B3::Air::Arg::isFP):
2680         (JSC::B3::Air::Arg::hasType):
2681         (JSC::B3::Air::Arg::type):
2682         (JSC::B3::Air::Arg::isType):
2683         (JSC::B3::Air::Arg::isGPR):
2684         (JSC::B3::Air::Arg::gpr):
2685         (JSC::B3::Air::Arg::isFPR):
2686         (JSC::B3::Air::Arg::fpr):
2687         (JSC::B3::Air::Arg::isReg):
2688         (JSC::B3::Air::Arg::reg):
2689         (JSC::B3::Air::Arg::gpTmpIndex):
2690         (JSC::B3::Air::Arg::fpTmpIndex):
2691         (JSC::B3::Air::Arg::tmpIndex):
2692         (JSC::B3::Air::Arg::withOffset):
2693         (JSC::B3::Air::Arg::forEachTmpFast):
2694         (JSC::B3::Air::Arg::forEachTmp):
2695         (JSC::B3::Air::Arg::asTrustedImm32):
2696         (JSC::B3::Air::Arg::asTrustedImm64):
2697         (JSC::B3::Air::Arg::asTrustedImmPtr):
2698         (JSC::B3::Air::Arg::asAddress):
2699         (JSC::B3::Air::Arg::asBaseIndex):
2700         (JSC::B3::Air::Arg::asRelationalCondition):
2701         (JSC::B3::Air::Arg::asResultCondition):
2702         (JSC::B3::Air::Arg::isHashTableDeletedValue):
2703         (JSC::B3::Air::Arg::hash):
2704         (JSC::B3::Air::ArgHash::hash):
2705         (JSC::B3::Air::ArgHash::equal):
2706         * b3/air/AirBasicBlock.cpp: Added.
2707         (JSC::B3::Air::BasicBlock::addPredecessor):
2708         (JSC::B3::Air::BasicBlock::removePredecessor):
2709         (JSC::B3::Air::BasicBlock::replacePredecessor):
2710         (JSC::B3::Air::BasicBlock::dump):
2711         (JSC::B3::Air::BasicBlock::deepDump):
2712         (JSC::B3::Air::BasicBlock::BasicBlock):
2713         * b3/air/AirBasicBlock.h: Added.
2714         (JSC::B3::Air::BasicBlock::index):
2715         (JSC::B3::Air::BasicBlock::size):
2716         (JSC::B3::Air::BasicBlock::begin):
2717         (JSC::B3::Air::BasicBlock::end):
2718         (JSC::B3::Air::BasicBlock::at):
2719         (JSC::B3::Air::BasicBlock::last):
2720         (JSC::B3::Air::BasicBlock::appendInst):
2721         (JSC::B3::Air::BasicBlock::append):
2722         (JSC::B3::Air::BasicBlock::numSuccessors):
2723         (JSC::B3::Air::BasicBlock::successor):
2724         (JSC::B3::Air::BasicBlock::successors):
2725         (JSC::B3::Air::BasicBlock::successorBlock):
2726         (JSC::B3::Air::BasicBlock::successorBlocks):
2727         (JSC::B3::Air::BasicBlock::numPredecessors):
2728         (JSC::B3::Air::BasicBlock::predecessor):
2729         (JSC::B3::Air::BasicBlock::predecessors):
2730         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
2731         (JSC::B3::Air::DeepBasicBlockDump::dump):
2732         (JSC::B3::Air::deepDump):
2733         * b3/air/AirCCallSpecial.cpp: Added.
2734         (JSC::B3::Air::CCallSpecial::CCallSpecial):
2735         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
2736         (JSC::B3::Air::CCallSpecial::forEachArg):
2737         (JSC::B3::Air::CCallSpecial::isValid):
2738         (JSC::B3::Air::CCallSpecial::admitsStack):
2739         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
2740         (JSC::B3::Air::CCallSpecial::generate):
2741         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2742         (JSC::B3::Air::CCallSpecial::dumpImpl):
2743         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
2744         * b3/air/AirCCallSpecial.h: Added.
2745         * b3/air/AirCode.cpp: Added.
2746         (JSC::B3::Air::Code::Code):
2747         (JSC::B3::Air::Code::~Code):
2748         (JSC::B3::Air::Code::addBlock):
2749         (JSC::B3::Air::Code::addStackSlot):
2750         (JSC::B3::Air::Code::addSpecial):
2751         (JSC::B3::Air::Code::cCallSpecial):
2752         (JSC::B3::Air::Code::resetReachability):
2753         (JSC::B3::Air::Code::dump):
2754         (JSC::B3::Air::Code::findFirstBlockIndex):
2755         (JSC::B3::Air::Code::findNextBlockIndex):
2756         (JSC::B3::Air::Code::findNextBlock):
2757         * b3/air/AirCode.h: Added.
2758         (JSC::B3::Air::Code::newTmp):
2759         (JSC::B3::Air::Code::numTmps):
2760         (JSC::B3::Air::Code::callArgAreaSize):
2761         (JSC::B3::Air::Code::requestCallArgAreaSize):
2762         (JSC::B3::Air::Code::frameSize):
2763         (JSC::B3::Air::Code::setFrameSize):
2764         (JSC::B3::Air::Code::calleeSaveRegisters):
2765         (JSC::B3::Air::Code::size):
2766         (JSC::B3::Air::Code::at):
2767         (JSC::B3::Air::Code::operator[]):
2768         (JSC::B3::Air::Code::iterator::iterator):
2769         (JSC::B3::Air::Code::iterator::operator*):
2770         (JSC::B3::Air::Code::iterator::operator++):
2771         (JSC::B3::Air::Code::iterator::operator==):
2772         (JSC::B3::Air::Code::iterator::operator!=):
2773         (JSC::B3::Air::Code::begin):
2774         (JSC::B3::Air::Code::end):
2775         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
2776         (JSC::B3::Air::Code::StackSlotsCollection::size):
2777         (JSC::B3::Air::Code::StackSlotsCollection::at):
2778         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
2779         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
2780         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
2781         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
2782         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
2783         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
2784         (JSC::B3::Air::Code::StackSlotsCollection::begin):
2785         (JSC::B3::Air::Code::StackSlotsCollection::end):
2786         (JSC::B3::Air::Code::stackSlots):
2787         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
2788         (JSC::B3::Air::Code::SpecialsCollection::size):
2789         (JSC::B3::Air::Code::SpecialsCollection::at):
2790         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
2791         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
2792         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
2793         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
2794         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
2795         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
2796         (JSC::B3::Air::Code::SpecialsCollection::begin):
2797         (JSC::B3::Air::Code::SpecialsCollection::end):
2798         (JSC::B3::Air::Code::specials):
2799         (JSC::B3::Air::Code::setLastPhaseName):
2800         (JSC::B3::Air::Code::lastPhaseName):
2801         * b3/air/AirFrequentedBlock.h: Added.
2802         * b3/air/AirGenerate.cpp: Added.
2803         (JSC::B3::Air::generate):
2804         * b3/air/AirGenerate.h: Added.
2805         * b3/air/AirGenerated.cpp: Added.
2806         * b3/air/AirGenerationContext.h: Added.
2807         * b3/air/AirHandleCalleeSaves.cpp: Added.
2808         (JSC::B3::Air::handleCalleeSaves):
2809         * b3/air/AirHandleCalleeSaves.h: Added.
2810         * b3/air/AirInsertionSet.cpp: Added.
2811         (JSC::B3::Air::InsertionSet::execute):
2812         * b3/air/AirInsertionSet.h: Added.
2813         (JSC::B3::Air::InsertionSet::InsertionSet):
2814         (JSC::B3::Air::InsertionSet::code):
2815         (JSC::B3::Air::InsertionSet::appendInsertion):
2816         (JSC::B3::Air::InsertionSet::insertInst):
2817         (JSC::B3::Air::InsertionSet::insert):
2818         * b3/air/AirInst.cpp: Added.
2819         (JSC::B3::Air::Inst::dump):
2820         * b3/air/AirInst.h: Added.
2821         (JSC::B3::Air::Inst::Inst):
2822         (JSC::B3::Air::Inst::opcode):
2823         (JSC::B3::Air::Inst::forEachTmpFast):
2824         (JSC::B3::Air::Inst::forEachTmp):
2825         * b3/air/AirInstInlines.h: Added.
2826         (JSC::B3::Air::ForEach<Tmp>::forEach):
2827         (JSC::B3::Air::ForEach<Arg>::forEach):
2828         (JSC::B3::Air::Inst::forEach):
2829         (JSC::B3::Air::Inst::hasSpecial):
2830         (JSC::B3::Air::Inst::extraClobberedRegs):
2831         (JSC::B3::Air::Inst::reportUsedRegisters):
2832         (JSC::B3::Air::isShiftValid):
2833         (JSC::B3::Air::isLshift32Valid):
2834         * b3/air/AirLiveness.h: Added.
2835         (JSC::B3::Air::Liveness::Liveness):
2836         (JSC::B3::Air::Liveness::liveAtHead):
2837         (JSC::B3::Air::Liveness::liveAtTail):
2838         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2839         (JSC::B3::Air::Liveness::LocalCalc::live):
2840         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
2841         (JSC::B3::Air::Liveness::LocalCalc::execute):
2842         * b3/air/AirOpcode.opcodes: Added.
2843         * b3/air/AirPhaseScope.cpp: Added.
2844         (JSC::B3::Air::PhaseScope::PhaseScope):
2845         (JSC::B3::Air::PhaseScope::~PhaseScope):
2846         * b3/air/AirPhaseScope.h: Added.
2847         * b3/air/AirRegisterPriority.cpp: Added.
2848         (JSC::B3::Air::gprsInPriorityOrder):
2849         (JSC::B3::Air::fprsInPriorityOrder):
2850         (JSC::B3::Air::regsInPriorityOrder):
2851         * b3/air/AirRegisterPriority.h: Added.
2852         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
2853         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
2854         (JSC::B3::Air::regsInPriorityOrder):
2855         * b3/air/AirSpecial.cpp: Added.
2856         (JSC::B3::Air::Special::Special):
2857         (JSC::B3::Air::Special::~Special):
2858         (JSC::B3::Air::Special::name):
2859         (JSC::B3::Air::Special::dump):
2860         (JSC::B3::Air::Special::deepDump):
2861         * b3/air/AirSpecial.h: Added.
2862         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
2863         (JSC::B3::Air::DeepSpecialDump::dump):
2864         (JSC::B3::Air::deepDump):
2865         * b3/air/AirSpillEverything.cpp: Added.
2866         (JSC::B3::Air::spillEverything):
2867         * b3/air/AirSpillEverything.h: Added.
2868         * b3/air/AirStackSlot.cpp: Added.
2869         (JSC::B3::Air::StackSlot::setOffsetFromFP):
2870         (JSC::B3::Air::StackSlot::dump):
2871         (JSC::B3::Air::StackSlot::deepDump):
2872         (JSC::B3::Air::StackSlot::StackSlot):
2873         * b3/air/AirStackSlot.h: Added.
2874         (JSC::B3::Air::StackSlot::byteSize):
2875         (JSC::B3::Air::StackSlot::kind):
2876         (JSC::B3::Air::StackSlot::index):
2877         (JSC::B3::Air::StackSlot::alignment):
2878         (JSC::B3::Air::StackSlot::value):
2879         (JSC::B3::Air::StackSlot::offsetFromFP):
2880         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
2881         (JSC::B3::Air::DeepStackSlotDump::dump):
2882         (JSC::B3::Air::deepDump):
2883         * b3/air/AirTmp.cpp: Added.
2884         (JSC::B3::Air::Tmp::dump):
2885         * b3/air/AirTmp.h: Added.
2886         (JSC::B3::Air::Tmp::Tmp):
2887         (JSC::B3::Air::Tmp::gpTmpForIndex):
2888         (JSC::B3::Air::Tmp::fpTmpForIndex):
2889         (JSC::B3::Air::Tmp::operator bool):
2890         (JSC::B3::Air::Tmp::isGP):
2891         (JSC::B3::Air::Tmp::isFP):
2892         (JSC::B3::Air::Tmp::isGPR):
2893         (JSC::B3::Air::Tmp::isFPR):
2894         (JSC::B3::Air::Tmp::isReg):
2895         (JSC::B3::Air::Tmp::gpr):
2896         (JSC::B3::Air::Tmp::fpr):
2897         (JSC::B3::Air::Tmp::reg):
2898         (JSC::B3::Air::Tmp::hasTmpIndex):
2899         (JSC::B3::Air::Tmp::gpTmpIndex):
2900         (JSC::B3::Air::Tmp::fpTmpIndex):
2901         (JSC::B3::Air::Tmp::tmpIndex):
2902         (JSC::B3::Air::Tmp::isAlive):
2903         (JSC::B3::Air::Tmp::operator==):
2904         (JSC::B3::Air::Tmp::operator!=):
2905         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
2906         (JSC::B3::Air::Tmp::hash):
2907         (JSC::B3::Air::Tmp::encodeGP):
2908         (JSC::B3::Air::Tmp::encodeFP):
2909         (JSC::B3::Air::Tmp::encodeGPR):
2910         (JSC::B3::Air::Tmp::encodeFPR):
2911         (JSC::B3::Air::Tmp::encodeGPTmp):
2912         (JSC::B3::Air::Tmp::encodeFPTmp):
2913         (JSC::B3::Air::Tmp::isEncodedGP):
2914         (JSC::B3::Air::Tmp::isEncodedFP):
2915         (JSC::B3::Air::Tmp::isEncodedGPR):
2916         (JSC::B3::Air::Tmp::isEncodedFPR):
2917         (JSC::B3::Air::Tmp::isEncodedGPTmp):
2918         (JSC::B3::Air::Tmp::isEncodedFPTmp):
2919         (JSC::B3::Air::Tmp::decodeGPR):
2920         (JSC::B3::Air::Tmp::decodeFPR):
2921         (JSC::B3::Air::Tmp::decodeGPTmp):
2922         (JSC::B3::Air::Tmp::decodeFPTmp):
2923         (JSC::B3::Air::TmpHash::hash):
2924         (JSC::B3::Air::TmpHash::equal):
2925         * b3/air/AirTmpInlines.h: Added.
2926         (JSC::B3::Air::Tmp::Tmp):
2927         * b3/air/AirValidate.cpp: Added.
2928         (JSC::B3::Air::validate):
2929         * b3/air/AirValidate.h: Added.
2930         * b3/air/opcode_generator.rb: Added.
2931         * b3/generate_pattern_matcher.rb: Added.
2932         * b3/testb3.cpp: Added.
2933         (JSC::B3::compileAndRun):
2934         (JSC::B3::test42):
2935         (JSC::B3::testLoad42):
2936         (JSC::B3::testArg):
2937         (JSC::B3::testAddArgs):
2938         (JSC::B3::testAddArgs32):
2939         (JSC::B3::testStore):
2940         (JSC::B3::testTrunc):
2941         (JSC::B3::testAdd1):
2942         (JSC::B3::testStoreAddLoad):
2943         (JSC::B3::testStoreAddAndLoad):
2944         (JSC::B3::testAdd1Uncommuted):
2945         (JSC::B3::testLoadOffset):
2946         (JSC::B3::testLoadOffsetNotConstant):
2947         (JSC::B3::testLoadOffsetUsingAdd):
2948         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2949         (JSC::B3::run):
2950         (run):
2951         (main):
2952         * bytecode/CodeBlock.h:
2953         (JSC::CodeBlock::specializationKind):
2954         * jit/Reg.h:
2955         (JSC::Reg::index):
2956         (JSC::Reg::isSet):
2957         (JSC::Reg::operator bool):
2958         (JSC::Reg::isHashTableDeletedValue):
2959         (JSC::Reg::AllRegsIterable::iterator::iterator):
2960         (JSC::Reg::AllRegsIterable::iterator::operator*):
2961         (JSC::Reg::AllRegsIterable::iterator::operator++):
2962         (JSC::Reg::AllRegsIterable::iterator::operator==):
2963         (JSC::Reg::AllRegsIterable::iterator::operator!=):
2964         (JSC::Reg::AllRegsIterable::begin):
2965         (JSC::Reg::AllRegsIterable::end):
2966         (JSC::Reg::all):
2967         (JSC::Reg::invalid):
2968         (JSC::Reg::operator!): Deleted.
2969         * jit/RegisterAtOffsetList.cpp:
2970         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
2971         * jit/RegisterAtOffsetList.h:
2972         (JSC::RegisterAtOffsetList::clear):
2973         (JSC::RegisterAtOffsetList::size):
2974         (JSC::RegisterAtOffsetList::begin):
2975         (JSC::RegisterAtOffsetList::end):
2976         * jit/RegisterSet.h:
2977         (JSC::RegisterSet::operator==):
2978         (JSC::RegisterSet::hash):
2979         (JSC::RegisterSet::forEach):
2980         (JSC::RegisterSet::setAny):
2981
2982 2015-10-28  Mark Lam  <mark.lam@apple.com>
2983
2984         Rename MacroAssembler::callProbe() to probe().
2985         https://bugs.webkit.org/show_bug.cgi?id=150641
2986
2987         Reviewed by Saam Barati.
2988
2989         To do this, I needed to disambiguate between the low-level probe() from the
2990         high-level version that takes a std::function.  I did this by changing the low-
2991         level version to not take default args anymore.
2992
2993         * assembler/AbstractMacroAssembler.h:
2994         * assembler/MacroAssembler.cpp:
2995         (JSC::stdFunctionCallback):
2996         (JSC::MacroAssembler::probe):
2997         (JSC::MacroAssembler::callProbe): Deleted.
2998         * assembler/MacroAssembler.h:
2999         (JSC::MacroAssembler::urshift32):
3000         * assembler/MacroAssemblerARM.h:
3001         (JSC::MacroAssemblerARM::repatchCall):
3002         * assembler/MacroAssemblerARM64.h:
3003         (JSC::MacroAssemblerARM64::repatchCall):
3004         * assembler/MacroAssemblerARMv7.h:
3005         (JSC::MacroAssemblerARMv7::repatchCall):
3006         * assembler/MacroAssemblerPrinter.h:
3007         (JSC::MacroAssemblerPrinter::print):
3008         * assembler/MacroAssemblerX86Common.h:
3009         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
3010
3011 2015-10-28  Timothy Hatcher  <timothy@apple.com>
3012
3013         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
3014         https://bugs.webkit.org/show_bug.cgi?id=148728
3015
3016         Reviewed by Joseph Pecoraro.
3017
3018         * Scripts/jsmin.py:
3019         (JavascriptMinify.minify): Make backtick a quoting character.
3020
3021 2015-10-28  Brian Burg  <bburg@apple.com>
3022
3023         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
3024         https://bugs.webkit.org/show_bug.cgi?id=150536
3025
3026         Reviewed by Yusuke Suzuki.
3027
3028         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
3029         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
3030
3031         Generate primary header includes separately from secondary header includes so we can
3032         put the guard between the two header groups, as is customary in WebKit C++ code.
3033
3034         New tests:
3035
3036         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
3037         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
3038         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
3039
3040         * Scripts/builtins/builtins_generate_combined_implementation.py:
3041         (BuiltinsCombinedImplementationGenerator.generate_output):
3042         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
3043         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
3044         * Scripts/builtins/builtins_generate_separate_header.py:
3045         (BuiltinsSeparateHeaderGenerator.generate_output):
3046         (generate_secondary_header_includes):
3047         (generate_header_includes): Deleted.
3048         * Scripts/builtins/builtins_generate_separate_implementation.py:
3049         (BuiltinsSeparateImplementationGenerator.generate_output):
3050         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
3051         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
3052         * Scripts/builtins/builtins_generate_separate_wrapper.py:
3053         (BuiltinsSeparateWrapperGenerator.generate_output):
3054         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
3055         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
3056         * Scripts/builtins/builtins_generator.py:
3057         (BuiltinsGenerator.generate_includes_from_entries):
3058         (BuiltinsGenerator):
3059         (BuiltinsGenerator.generate_primary_header_includes):
3060         * Scripts/builtins/builtins_model.py:
3061         (BuiltinObject.__init__):
3062         (BuiltinsCollection.parse_builtins_file):
3063         (BuiltinsCollection._parse_annotations):
3064         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
3065         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
3066         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
3067         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
3068         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
3069         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
3070         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
3071         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
3072         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
3073         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
3074         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
3075         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
3076         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
3077
3078 2015-10-28  Mark Lam  <mark.lam@apple.com>
3079
3080         Update FTL to support UntypedUse operands for op_sub.
3081         https://bugs.webkit.org/show_bug.cgi?id=150562
3082
3083         Reviewed by Geoffrey Garen.
3084
3085         * assembler/MacroAssemblerARM64.h:
3086         - make the dataTempRegister and memoryTempRegister public so that we can
3087           move input registers out of them if needed.
3088
3089         * ftl/FTLCapabilities.cpp:
3090         (JSC::FTL::canCompile):
3091         - We can now compile ArithSub.
3092
3093         * ftl/FTLCompile.cpp:
3094         - Added BinaryArithGenerationContext to shuffle registers into a state that is
3095           expected by the baseline snippet generator.  This includes:
3096           1. Making sure that the input and output registers are not in the tag or
3097              scratch registers.
3098           2. Loading the tag registers with expected values.
3099           3. Restoring the registers to their original value on return.
3100         - Added code to implement the ArithSub inline cache.
3101
3102         * ftl/FTLInlineCacheDescriptor.h:
3103         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
3104         (JSC::FTL::ArithSubDescriptor::leftType):
3105         (JSC::FTL::ArithSubDescriptor::rightType):
3106
3107         * ftl/FTLInlineCacheSize.cpp:
3108         (JSC::FTL::sizeOfArithSub):
3109         * ftl/FTLInlineCacheSize.h:
3110
3111         * ftl/FTLLowerDFGToLLVM.cpp:
3112         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
3113         - Added handling for UnusedType for the ArithSub case.
3114
3115         * ftl/FTLState.h:
3116         * jit/GPRInfo.h:
3117         (JSC::GPRInfo::reservedRegisters):
3118
3119         * jit/JITSubGenerator.h:
3120         (JSC::JITSubGenerator::generateFastPath):
3121         - When the result is in the same as one of the input registers, we'll end up
3122           corrupting the input in fast path even if we determine that we need to go to
3123           the slow path.  We now move the input into the scratch register and operate
3124           on that instead and only move the result into the result register only after
3125           the fast path has succeeded.
3126
3127         * tests/stress/op_sub.js:
3128         (o1.valueOf):
3129         (runTest):
3130         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
3131
3132 2015-10-28  Mark Lam  <mark.lam@apple.com>
3133
3134         Fix a typo in ProbeContext::fpr().
3135         https://bugs.webkit.org/show_bug.cgi?id=150629
3136
3137         Reviewed by Yusuke Suzuki.
3138
3139         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
3140
3141         * assembler/AbstractMacroAssembler.h:
3142         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
3143
3144 2015-10-28  Mark Lam  <mark.lam@apple.com>
3145
3146         Add ability to print the PC register from JIT'ed code.
3147         https://bugs.webkit.org/show_bug.cgi?id=150561
3148
3149         Reviewed by Geoffrey Garen.
3150
3151         * assembler/MacroAssemblerPrinter.cpp:
3152         (JSC::printPC):
3153         (JSC::MacroAssemblerPrinter::printCallback):
3154         * assembler/MacroAssemblerPrinter.h:
3155         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
3156
3157 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
3158
3159         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
3160         https://bugs.webkit.org/show_bug.cgi?id=150615
3161
3162         Reviewed by Timothy Hatcher.
3163
3164         * inspector/protocol/Timeline.json:
3165
3166 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
3167
3168         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
3169         https://bugs.webkit.org/show_bug.cgi?id=150605
3170
3171         Reviewed by Timothy Hatcher.
3172
3173         * inspector/protocol/Timeline.json:
3174
3175 2015-10-27  Michael Saboff  <msaboff@apple.com>
3176
3177         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
3178         https://bugs.webkit.org/show_bug.cgi?id=150580
3179
3180         Reviewed by Mark Lam.
3181
3182         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
3183         them in the shuffler.
3184
3185         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
3186         as we could be making space to spill a register so that we have a spare that we can use for the new
3187         frame's base pointer.
3188
3189         * ftl/FTLJSTailCall.cpp:
3190         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
3191         arguments stored in the stack.
3192         * ftl/FTLLowerDFGToLLVM.cpp:
3193         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
3194         * jit/CallFrameShuffler.cpp:
3195         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
3196
3197 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3198
3199         [ES6] Add DFG/FTL support for accessor put operations
3200         https://bugs.webkit.org/show_bug.cgi?id=148860
3201
3202         Reviewed by Geoffrey Garen.
3203
3204         This patch introduces accessor defining ops into DFG and FTL.
3205         The following DFG nodes are introduced.
3206
3207             op_put_getter_by_id  => PutGetterById
3208             op_put_setter_by_id  => PutSetterById
3209             op_put_getter_setter => PutGetterSetterById
3210             op_put_getter_by_val => PutGetterByVal
3211             op_put_setter_by_val => PutSetterByVal
3212
3213         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3214
3215         To use operations defined for baseline JIT, we clean up existing operations.
3216         And reuse these operations in DFG and FTL.
3217
3218         * dfg/DFGAbstractInterpreterInlines.h:
3219         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3220         * dfg/DFGByteCodeParser.cpp:
3221         (JSC::DFG::ByteCodeParser::parseBlock):
3222         * dfg/DFGCapabilities.cpp:
3223         (JSC::DFG::capabilityLevel):
3224         * dfg/DFGClobberize.h:
3225         (JSC::DFG::clobberize):
3226         * dfg/DFGDoesGC.cpp:
3227         (JSC::DFG::doesGC):
3228         * dfg/DFGFixupPhase.cpp:
3229         (JSC::DFG::FixupPhase::fixupNode):
3230         * dfg/DFGNode.h:
3231         (JSC::DFG::Node::hasIdentifier):
3232         (JSC::DFG::Node::hasAccessorAttributes):
3233         (JSC::DFG::Node::accessorAttributes):
3234         * dfg/DFGNodeType.h:
3235         * dfg/DFGPredictionPropagationPhase.cpp:
3236         (JSC::DFG::PredictionPropagationPhase::propagate):
3237         * dfg/DFGSafeToExecute.h:
3238         (JSC::DFG::safeToExecute):
3239         * dfg/DFGSpeculativeJIT.cpp:
3240         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3241         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3242         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3243         We should fill all GPRs before calling flushRegisters().
3244         * dfg/DFGSpeculativeJIT.h:
3245         (JSC::DFG::SpeculativeJIT::callOperation):
3246         * dfg/DFGSpeculativeJIT32_64.cpp:
3247         (JSC::DFG::SpeculativeJIT::compile):
3248         * dfg/DFGSpeculativeJIT64.cpp:
3249         (JSC::DFG::SpeculativeJIT::compile):
3250         * ftl/FTLCapabilities.cpp:
3251         (JSC::FTL::canCompile):
3252         * ftl/FTLIntrinsicRepository.h:
3253         * ftl/FTLLowerDFGToLLVM.cpp:
3254         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3255         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3256         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3257         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3258         * jit/JIT.h:
3259         * jit/JITInlines.h:
3260         (JSC::JIT::callOperation):
3261         * jit/JITOperations.cpp:
3262         * jit/JITOperations.h:
3263         * jit/JITPropertyAccess.cpp:
3264         (JSC::JIT::emit_op_put_getter_by_id):
3265         (JSC::JIT::emit_op_put_setter_by_id):
3266         (JSC::JIT::emit_op_put_getter_setter):
3267         * jit/JITPropertyAccess32_64.cpp:
3268         (JSC::JIT::emit_op_put_getter_by_id):
3269         (JSC::JIT::emit_op_put_setter_by_id):
3270         (JSC::JIT::emit_op_put_getter_setter):
3271         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3272         (shouldBe):
3273         (testAttribute):
3274         (getter.Cocoa.prototype.get hello):
3275         (getter.Cocoa):
3276         (getter):
3277         (setter.Cocoa):
3278         (setter.Cocoa.prototype.set hello):
3279         (setter):
3280         (accessors.Cocoa):
3281         (accessors.Cocoa.prototype.get hello):
3282         (accessors.Cocoa.prototype.set hello):
3283         (accessors):
3284         * tests/stress/dfg-put-accessors-by-id.js: Added.
3285         (shouldBe):
3286         (testAttribute):
3287         (getter.object.get hello):
3288         (getter):
3289         (setter.object.set hello):
3290         (setter):
3291         (accessors.object.get hello):
3292         (accessors.object.set hello):
3293         (accessors):
3294         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3295         (shouldBe):
3296         (testAttribute):
3297         (getter.Cocoa):
3298         (getter.Cocoa.prototype.get hello):
3299         (getter.Cocoa.prototype.get name):
3300         (getter):
3301         * tests/stress/dfg-put-getter-by-id.js: Added.
3302         (shouldBe):
3303         (testAttribute):
3304         (getter.object.get hello):
3305         (getter):
3306         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3307         (shouldBe):
3308         (testAttribute):
3309         (getter.Cocoa):
3310         (getter.Cocoa.prototype.get name):
3311         (getter):
3312         * tests/stress/dfg-put-getter-by-val.js: Added.
3313         (shouldBe):
3314         (testAttribute):
3315         (getter.object.get name):
3316         (getter):
3317         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3318         (shouldBe):
3319         (testAttribute):
3320         (getter.Cocoa):
3321         (getter.Cocoa.prototype.set hello):
3322         (getter.Cocoa.prototype.get name):
3323         (getter):
3324         * tests/stress/dfg-put-setter-by-id.js: Added.
3325         (shouldBe):
3326         (testAttribute):
3327         (setter.object.set hello):
3328         (setter):
3329         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3330         (shouldBe):
3331         (testAttribute):
3332         (setter.Cocoa):
3333         (setter.Cocoa.prototype.set name):
3334         (setter):
3335         * tests/stress/dfg-put-setter-by-val.js: Added.
3336         (shouldBe):
3337         (testAttribute):
3338         (setter.object.set name):
3339         (setter):
3340
3341 2015-10-26  Mark Lam  <mark.lam@apple.com>
3342
3343         Add logging to warn about under-estimated FTL inline cache sizes.
3344         https://bugs.webkit.org/show_bug.cgi?id=150570
3345
3346         Reviewed by Geoffrey Garen.
3347
3348         Added 2 options:
3349         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
3350            estimates that are less than the actual needed code size.
3351
3352            This option is useful for when we add a new IC and want to compute an
3353            estimated size for the IC.  To do this:
3354            1. Build jsc for the target port with a very small IC size (enough to
3355               store the jump instruction needed for the out of line fallback
3356               implementation).
3357            2. Implement a test suite with scenarios that exercise all the code paths in
3358               the IC generator.
3359            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.
3360            4. The max value reported by the dumps will be the worst case size needed to
3361               store the IC.  We should use this value for our estimate.
3362            5. Update the IC's estimated size and rebuild jsc.
3363            6. Re-run (3) and confirm that there are no more error messages about the
3364               IC sizing.
3365
3366         2. JSC_assertICSizing - same as JSC_dumpFailedICSizing except that it also
3367            crashes the VM each time it encounters an inadequate IC size estimate.
3368
3369            This option is useful for regression testing to ensure that our estimates
3370            do not regress.
3371
3372         * ftl/FTLCompile.cpp:
3373         (JSC::FTL::generateInlineIfPossibleOutOfLineIfNot):
3374         * runtime/Options.h:
3375
3376 2015-10-26  Saam barati  <sbarati@apple.com>
3377
3378         r190735 Caused us to maybe trample the base's tag-GPR on 32-bit inline cache when the cache allocates a scratch register and then jumps to the slow path
3379         https://bugs.webkit.org/show_bug.cgi?id=150532
3380
3381         Reviewed by Geoffrey Garen.
3382
3383         The base's tag register used to show up in the used register set
3384         before r190735 because of how the DFG kept track of used register. I changed this 
3385         in my work on inline caching because we don't want to spill these registers
3386         when we have a GetByIdFlush/PutByIdFlush and we use the used register set
3387         as the metric of what to spill. That said, these registers should be locked
3388         and not used as scratch registers by the scratch register allocator. The
3389         reason is that our inline cache may fail and jump to the slow path. The slow
3390         path then uses the base's tag register. If the inline cache used the base's tag
3391         register as a scratch and the inline cache fails and jumps to the slow path, we
3392