febf60332c019928f81bd38fe8bbafb74cdb3fed
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
2
3         B3/Air should use bubble sort for their insertion sets, because it's faster than std::stable_sort
4         https://bugs.webkit.org/show_bug.cgi?id=150828
5
6         Reviewed by Geoffrey Garen.
7
8         Undo the 2% compile time regression caused by http://trac.webkit.org/changeset/191913.
9
10         * b3/B3InsertionSet.cpp:
11         (JSC::B3::InsertionSet::execute): Switch to bubble sort.
12         * b3/air/AirInsertionSet.cpp:
13         (JSC::B3::Air::InsertionSet::execute): Switch to bubble sort.
14         * dfg/DFGBlockInsertionSet.cpp:
15         (JSC::DFG::BlockInsertionSet::execute): Switch back to quicksort.
16
17 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
18
19         Unreviewed, partially revert r191952.
20
21         Removed GCC compiler workarounds (unreachable returns).
22
23         * b3/B3Type.h:
24         (JSC::B3::sizeofType):
25         * b3/air/AirArg.h:
26         (JSC::B3::Air::Arg::isUse):
27         (JSC::B3::Air::Arg::isDef):
28         (JSC::B3::Air::Arg::isGP):
29         (JSC::B3::Air::Arg::isFP):
30         (JSC::B3::Air::Arg::isType):
31         * b3/air/AirCode.h:
32         (JSC::B3::Air::Code::newTmp):
33         (JSC::B3::Air::Code::numTmps):
34
35 2015-11-03  Csaba Osztrogonác  <ossy@webkit.org>
36
37         Fix the ENABLE(B3_JIT) build on Linux
38         https://bugs.webkit.org/show_bug.cgi?id=150794
39
40         Reviewed by Darin Adler.
41
42         * CMakeLists.txt:
43         * b3/B3HeapRange.h:
44         * b3/B3IndexSet.h:
45         (JSC::B3::IndexSet::Iterable::iterator::operator++):
46         * b3/B3Type.h:
47         (JSC::B3::sizeofType):
48         * b3/air/AirArg.cpp:
49         (JSC::B3::Air::Arg::dump):
50         * b3/air/AirArg.h:
51         (JSC::B3::Air::Arg::isUse):
52         (JSC::B3::Air::Arg::isDef):
53         (JSC::B3::Air::Arg::isGP):
54         (JSC::B3::Air::Arg::isFP):
55         (JSC::B3::Air::Arg::isType):
56         * b3/air/AirCode.h:
57         (JSC::B3::Air::Code::newTmp):
58         (JSC::B3::Air::Code::numTmps):
59         * b3/air/AirSpecial.cpp:
60
61 2015-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>
62
63         Clean up ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep minimal set of them
64         https://bugs.webkit.org/show_bug.cgi?id=150793
65
66         Reviewed by Darin Adler.
67
68         Fix the !ENABLE(ES6_ARROWFUNCTION_SYNTAX) build after r191875.
69         This patch drops many ENABLE(ES6_ARROWFUNCTION_SYNTAX) ifdefs and keep only one of them;
70         the ifdef in parseAssignmentExpression.
71         This prevents functionality of parsing arrow function syntax.
72
73         * parser/Lexer.cpp:
74         (JSC::Lexer<T>::lex):
75         * parser/Parser.cpp:
76         (JSC::Parser<LexerType>::parseInner): Deleted.
77         * parser/Parser.h:
78         (JSC::Parser::isArrowFunctionParamters): Deleted.
79         * parser/ParserTokens.h:
80
81 2015-11-02  Michael Saboff  <msaboff@apple.com>
82
83         WebInspector crashed while viewing Timeline when refreshing cnn.com while it was already loading
84         https://bugs.webkit.org/show_bug.cgi?id=150745
85
86         Reviewed by Geoffrey Garen.
87
88         During OSR exit, reifyInlinedCallFrames() was using the call kind from a tail call to
89         find the CallLinkInfo / StubInfo to find the return PC.  Instead we need to get the call
90         type of the true caller, that is the function we'll be returning to.
91
92         This can be found by remembering the last call type we find while walking up the inlined
93         frames in InlineCallFrame::getCallerSkippingDeadFrames().
94
95         We can also return directly back to a getter or setter callsite without using a thunk.
96
97         * bytecode/InlineCallFrame.h:
98         (JSC::InlineCallFrame::computeCallerSkippingDeadFrames):
99         (JSC::InlineCallFrame::getCallerSkippingDeadFrames):
100         * dfg/DFGOSRExitCompilerCommon.cpp:
101         (JSC::DFG::reifyInlinedCallFrames):
102         * jit/JITPropertyAccess.cpp:
103         (JSC::JIT::emit_op_get_by_id): Need to eliminate the stack pointer check, as it is wrong
104         for reified inlined frames created during OSR exit. 
105         * jit/ThunkGenerators.cpp:
106         (JSC::baselineGetterReturnThunkGenerator): Deleted.
107         (JSC::baselineSetterReturnThunkGenerator): Deleted.
108         * jit/ThunkGenerators.h:
109
110 2015-11-02  Saam barati  <sbarati@apple.com>
111
112         Wrong value recovery for DFG try/catch with a getter that throws during an IC miss
113         https://bugs.webkit.org/show_bug.cgi?id=150760
114
115         Reviewed by Geoffrey Garen.
116
117         This is related to using PhantomLocal instead of Flush as 
118         the liveness preservation mechanism for live catch variables. 
119         I'm temporarily switching things back to Flush. This will be a
120         performance hit for try/catch in the DFG. Landing this patch,
121         though, will allow me to land try/catch in the FTL. It also
122         makes try/catch in the DFG sound. I have opened another
123         bug to further investigate using PhantomLocal as the
124         liveness preservation mechanism: https://bugs.webkit.org/show_bug.cgi?id=150824
125
126         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
127         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
128         * tests/stress/dfg-try-catch-wrong-value-recovery-on-ic-miss.js: Added.
129         (assert):
130         (let.oThrow.get f):
131         (let.o2.get f):
132         (foo):
133         (f):
134
135 2015-11-02  Andy Estes  <aestes@apple.com>
136
137         [Cocoa] Add tvOS and watchOS to SUPPORTED_PLATFORMS
138         https://bugs.webkit.org/show_bug.cgi?id=150819
139
140         Reviewed by Dan Bernstein.
141
142         This tells Xcode to include these platforms in its Devices dropdown, making it possible to build in the IDE.
143
144         * Configurations/Base.xcconfig:
145
146 2015-11-02  Brent Fulgham  <bfulgham@apple.com>
147
148         [Win] MiniBrowser unable to use WebInspector
149         https://bugs.webkit.org/show_bug.cgi?id=150810
150         <rdar://problem/23358514>
151
152         Reviewed by Timothy Hatcher.
153
154         The CMakeList rule for creating the InjectedScriptSource.min.js was improperly including
155         the quote characters in the text prepended to InjectedScriptSource.min.js. This caused a
156         parsing error in the JS file.
157         
158         The solution was to switch from using "COMMAND echo" to use the more cross-platform
159         compatible command "COMMAND ${CMAKE_COMMAND} -E echo ...", which handles the string
160         escaping properly on all platforms.
161
162         * CMakeLists.txt: Switch the 'echo' command syntax to be more cross-platform.
163
164 2015-11-02  Filip Pizlo  <fpizlo@apple.com>
165
166         B3 should be able to compile a Patchpoint
167         https://bugs.webkit.org/show_bug.cgi?id=150750
168
169         Reviewed by Geoffrey Garen.
170
171         This adds the glue in B3::LowerToAir that turns a B3::PatchpointValue into an Air::Patch
172         with a B3::PatchpointSpecial.
173
174         Along the way, I found some bugs. For starters, it became clear that I wanted to be able
175         to append constraints to a Stackmap, and I wanted to have more flexibility in how I
176         created a PatchpointValue. I also wanted more helper methods in ValueRep, since
177         otherwise I would have had to write a lot of boilerplate.
178
179         I discovered, and fixed, a minor goof in Air::Code dumping when there are specials.
180
181         There were a ton of indexing bugs in B3StackmapSpecial.
182
183         The spiller was broken in case the Def was not the last Arg, since it was adding things
184         to the insertion set both at instIndex and instIndex + 1, and the two types of additions
185         could occur in the wrong (i.e. the +1 case first) order with an early Def. We often have
186         bugs like this. In the DFG, we were paranoid about performance so we only admit out-of-
187         order insertions as a rare case. I think that we don't really need to be so paranoid.
188         So, I made the new insertion sets use a stable_sort to ensure that everything happens in
189         the right order. I changed DFG::BlockInsertionSet to also use stable_sort; it previously
190         used sort, which is slightly wrong.
191
192         This adds a new test that uses Patchpoint to implement a 32-bit add. It works!
193
194         * b3/B3InsertionSet.cpp:
195         (JSC::B3::InsertionSet::execute):
196         * b3/B3LowerToAir.cpp:
197         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
198         (JSC::B3::Air::LowerToAir::appendStore):
199         (JSC::B3::Air::LowerToAir::moveForType):
200         (JSC::B3::Air::LowerToAir::append):
201         (JSC::B3::Air::LowerToAir::ensureSpecial):
202         (JSC::B3::Air::LowerToAir::tryStore):
203         (JSC::B3::Air::LowerToAir::tryStackSlot):
204         (JSC::B3::Air::LowerToAir::tryPatchpoint):
205         (JSC::B3::Air::LowerToAir::tryUpsilon):
206         * b3/B3LoweringMatcher.patterns:
207         * b3/B3PatchpointValue.h:
208         (JSC::B3::PatchpointValue::accepts): Deleted.
209         (JSC::B3::PatchpointValue::PatchpointValue): Deleted.
210         * b3/B3Stackmap.h:
211         (JSC::B3::Stackmap::constrain):
212         (JSC::B3::Stackmap::appendConstraint):
213         (JSC::B3::Stackmap::reps):
214         (JSC::B3::Stackmap::clobber):
215         * b3/B3StackmapSpecial.cpp:
216         (JSC::B3::StackmapSpecial::forEachArgImpl):
217         (JSC::B3::StackmapSpecial::isValidImpl):
218         * b3/B3Value.h:
219         * b3/B3ValueRep.h:
220         (JSC::B3::ValueRep::ValueRep):
221         (JSC::B3::ValueRep::reg):
222         (JSC::B3::ValueRep::operator bool):
223         (JSC::B3::ValueRep::isAny):
224         (JSC::B3::ValueRep::isSomeRegister):
225         (JSC::B3::ValueRep::isReg):
226         (JSC::B3::ValueRep::isGPR):
227         (JSC::B3::ValueRep::isFPR):
228         (JSC::B3::ValueRep::gpr):
229         (JSC::B3::ValueRep::fpr):
230         (JSC::B3::ValueRep::isStack):
231         (JSC::B3::ValueRep::offsetFromFP):
232         (JSC::B3::ValueRep::isStackArgument):
233         (JSC::B3::ValueRep::offsetFromSP):
234         (JSC::B3::ValueRep::isConstant):
235         (JSC::B3::ValueRep::value):
236         * b3/air/AirCode.cpp:
237         (JSC::B3::Air::Code::dump):
238         * b3/air/AirInsertionSet.cpp:
239         (JSC::B3::Air::InsertionSet::execute):
240         * b3/testb3.cpp:
241         (JSC::B3::testComplex):
242         (JSC::B3::testSimplePatchpoint):
243         (JSC::B3::run):
244         * dfg/DFGBlockInsertionSet.cpp:
245         (JSC::DFG::BlockInsertionSet::execute):
246
247 2015-11-02  Mark Lam  <mark.lam@apple.com>
248
249         Snippefy op_add for the baseline JIT.
250         https://bugs.webkit.org/show_bug.cgi?id=150129
251
252         Reviewed by Geoffrey Garen and Saam Barati.
253
254         Performance is neutral for both 32-bit and 64-bit on X86_64.
255
256         * CMakeLists.txt:
257         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
258         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
259         * JavaScriptCore.xcodeproj/project.pbxproj:
260         * jit/JIT.h:
261         (JSC::JIT::getOperandConstantInt):
262         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
263           because the snippet needs it.
264
265         * jit/JITAddGenerator.cpp: Added.
266         (JSC::JITAddGenerator::generateFastPath):
267         * jit/JITAddGenerator.h: Added.
268         (JSC::JITAddGenerator::JITAddGenerator):
269         (JSC::JITAddGenerator::endJumpList):
270         (JSC::JITAddGenerator::slowPathJumpList):
271         - JITAddGenerator implements an optimization for the case where 1 of the 2 operands
272           is a constant int32_t.  It does not implement an optimization for the case where
273           both operands are constant int32_t.  This is because:
274           1. For the baseline JIT, the ASTBuilder will fold the 2 constants together.
275           2. For the DFG, the AbstractInterpreter will also fold the 2 constants.
276
277           Hence, such an optimization path (for 2 constant int32_t operands) would never
278           be taken, and is why we won't implement it.
279
280         * jit/JITArithmetic.cpp:
281         (JSC::JIT::compileBinaryArithOp):
282         (JSC::JIT::compileBinaryArithOpSlowCase):
283         - Removed op_add cases.  These are no longer used by the op_add emitters.
284
285         (JSC::JIT::emit_op_add):
286         (JSC::JIT::emitSlow_op_add):
287         - Moved out from the JSVALUE64 section to the common section, and reimplemented
288           using the snippet.
289
290         * jit/JITArithmetic32_64.cpp:
291         (JSC::JIT::emitBinaryDoubleOp):
292         (JSC::JIT::emit_op_add): Deleted.
293         (JSC::JIT::emitAdd32Constant): Deleted.
294         (JSC::JIT::emitSlow_op_add): Deleted.
295         - Remove 32-bit specific version of op_add.  The snippet serves both 32-bit
296           and 64-bit implementations.
297
298         * jit/JITInlines.h:
299         (JSC::JIT::getOperandConstantInt):
300         - Move getOperandConstantInt() from the JSVALUE64 section to the common section
301           because the snippet needs it.
302
303 2015-11-02  Brian Burg  <bburg@apple.com>
304
305         Run sort-Xcode-project-file for the JavaScriptCore project.
306
307         Unreviewed. Many things were out of order following recent B3 commits.
308
309         * JavaScriptCore.xcodeproj/project.pbxproj:
310
311 2015-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>
312
313         Rename op_put_getter_setter to op_put_getter_setter_by_id
314         https://bugs.webkit.org/show_bug.cgi?id=150773
315
316         Reviewed by Mark Lam.
317
318         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
319         the other ops' names like op_put_getter_by_id etc.
320
321         And to fix build dependencies in Xcode, we added LLIntAssembly.h into Xcode project file.
322
323         * JavaScriptCore.xcodeproj/project.pbxproj:
324         * bytecode/BytecodeList.json:
325         * bytecode/BytecodeUseDef.h:
326         (JSC::computeUsesForBytecodeOffset):
327         (JSC::computeDefsForBytecodeOffset):
328         * bytecode/CodeBlock.cpp:
329         (JSC::CodeBlock::dumpBytecode):
330         * bytecompiler/BytecodeGenerator.cpp:
331         (JSC::BytecodeGenerator::emitPutGetterSetter):
332         * dfg/DFGByteCodeParser.cpp:
333         (JSC::DFG::ByteCodeParser::parseBlock):
334         * dfg/DFGCapabilities.cpp:
335         (JSC::DFG::capabilityLevel):
336         * jit/JIT.cpp:
337         (JSC::JIT::privateCompileMainPass):
338         * jit/JIT.h:
339         * jit/JITPropertyAccess.cpp:
340         (JSC::JIT::emit_op_put_getter_setter_by_id):
341         (JSC::JIT::emit_op_put_getter_setter): Deleted.
342         * jit/JITPropertyAccess32_64.cpp:
343         (JSC::JIT::emit_op_put_getter_setter_by_id):
344         (JSC::JIT::emit_op_put_getter_setter): Deleted.
345         * llint/LLIntSlowPaths.cpp:
346         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
347         * llint/LLIntSlowPaths.h:
348         * llint/LowLevelInterpreter.asm:
349
350 2015-11-02  Csaba Osztrogonác  <ossy@webkit.org>
351
352         Fix the FTL JIT build with system LLVM on Linux
353         https://bugs.webkit.org/show_bug.cgi?id=150795
354
355         Reviewed by Filip Pizlo.
356
357         * CMakeLists.txt:
358
359 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
360
361         [ES6] Support Generator Syntax
362         https://bugs.webkit.org/show_bug.cgi?id=150769
363
364         Reviewed by Geoffrey Garen.
365
366         This patch implements syntax part of ES6 Generators.
367
368         1. Add ENABLE_ES6_GENERATORS compile time flag. It is disabled by default, and will be enabled once ES6 generator functionality is implemented.
369         2. Add lexer support for YIELD. It changes "yield" from reserved-if-strict word to keyword. And it is correct under the ES6 spec.
370         3. Implement parsing functionality and YieldExprNode stub. YieldExprNode does not emit meaningful bytecodes yet. This should be implemented in the future patch.
371         4. Accept "yield" Identifier as an label etc. under sloppy mode && non-generator code. http://ecma-international.org/ecma-262/6.0/#sec-generator-function-definitions-static-semantics-early-errors
372
373         * Configurations/FeatureDefines.xcconfig:
374         * bytecompiler/NodesCodegen.cpp:
375         (JSC::YieldExprNode::emitBytecode):
376         * parser/ASTBuilder.h:
377         (JSC::ASTBuilder::createYield):
378         * parser/Keywords.table:
379         * parser/NodeConstructors.h:
380         (JSC::YieldExprNode::YieldExprNode):
381         * parser/Nodes.h:
382         * parser/Parser.cpp:
383         (JSC::Parser<LexerType>::Parser):
384         (JSC::Parser<LexerType>::parseInner):
385         (JSC::Parser<LexerType>::parseStatementListItem):
386         (JSC::Parser<LexerType>::parseVariableDeclarationList):
387         (JSC::Parser<LexerType>::parseDestructuringPattern):
388         (JSC::Parser<LexerType>::parseBreakStatement):
389         (JSC::Parser<LexerType>::parseContinueStatement):
390         (JSC::Parser<LexerType>::parseTryStatement):
391         (JSC::Parser<LexerType>::parseStatement):
392         (JSC::stringForFunctionMode):
393         (JSC::Parser<LexerType>::parseFunctionParameters):
394         (JSC::Parser<LexerType>::parseFunctionInfo):
395         (JSC::Parser<LexerType>::parseFunctionDeclaration):
396         (JSC::Parser<LexerType>::parseClass):
397         (JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
398         (JSC::Parser<LexerType>::parseExportDeclaration):
399         (JSC::Parser<LexerType>::parseAssignmentExpression):
400         (JSC::Parser<LexerType>::parseYieldExpression):
401         (JSC::Parser<LexerType>::parseProperty):
402         (JSC::Parser<LexerType>::parsePropertyMethod):
403         (JSC::Parser<LexerType>::parseGetterSetter):
404         (JSC::Parser<LexerType>::parseFunctionExpression):
405         (JSC::Parser<LexerType>::parsePrimaryExpression):
406         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
407         * parser/Parser.h:
408         (JSC::Scope::Scope):
409         (JSC::Scope::setSourceParseMode):
410         (JSC::Scope::isGenerator):
411         (JSC::Scope::setIsFunction):
412         (JSC::Scope::setIsGenerator):
413         (JSC::Scope::setIsModule):
414         (JSC::Parser::pushScope):
415         (JSC::Parser::isYIELDMaskedAsIDENT):
416         (JSC::Parser::matchSpecIdentifier):
417         (JSC::Parser::saveState):
418         (JSC::Parser::restoreState):
419         * parser/ParserModes.h:
420         (JSC::isFunctionParseMode):
421         (JSC::isModuleParseMode):
422         (JSC::isProgramParseMode):
423         * parser/ParserTokens.h:
424         * parser/SyntaxChecker.h:
425         (JSC::SyntaxChecker::createYield):
426         * tests/stress/generator-methods.js: Added.
427         (Hello.prototype.gen):
428         (Hello.gen):
429         (Hello):
430         (Hello.prototype.set get string_appeared_here):
431         (Hello.string_appeared_here):
432         (Hello.prototype.20):
433         (Hello.20):
434         (Hello.prototype.42):
435         (Hello.42):
436         (let.object.gen):
437         (let.object.set get string_appeared_here):
438         (let.object.20):
439         (let.object.42):
440         * tests/stress/generator-syntax.js: Added.
441         (testSyntax):
442         (testSyntaxError):
443         (testSyntaxError.Hello.prototype.get gen):
444         (testSyntaxError.Hello):
445         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello.prototype.set gen):
446         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.Hello):
447         (SyntaxError.Unexpected.token.string_appeared_here.Expected.an.opening.string_appeared_here.before.a.method.testSyntaxError.gen):
448         (testSyntaxError.value):
449         (testSyntaxError.gen.ng):
450         (testSyntaxError.gen):
451         (testSyntax.gen):
452         * tests/stress/yield-and-line-terminator.js: Added.
453         (testSyntax):
454         (testSyntaxError):
455         (testSyntax.gen):
456         (testSyntaxError.gen):
457         * tests/stress/yield-label-generator.js: Added.
458         (testSyntax):
459         (testSyntaxError):
460         (testSyntaxError.test):
461         (SyntaxError.Unexpected.keyword.string_appeared_here.Expected.an.identifier.as.the.target.a.continue.statement.testSyntax.test):
462         * tests/stress/yield-label.js: Added.
463         (yield):
464         (testSyntaxError):
465         (testSyntaxError.test):
466         * tests/stress/yield-named-accessors-generator.js: Added.
467         (t1.let.object.get yield):
468         (t1.let.object.set yield):
469         (t1):
470         (t2.let.object.get yield):
471         (t2.let.object.set yield):
472         (t2):
473         * tests/stress/yield-named-accessors.js: Added.
474         (t1.let.object.get yield):
475         (t1.let.object.set yield):
476         (t1):
477         (t2.let.object.get yield):
478         (t2.let.object.set yield):
479         (t2):
480         * tests/stress/yield-named-variable-generator.js: Added.
481         (testSyntax):
482         (testSyntaxError):
483         (testSyntaxError.t1):
484         (testSyntaxError.t1.yield):
485         (testSyntax.t1.yield):
486         (testSyntax.t1):
487         * tests/stress/yield-named-variable.js: Added.
488         (testSyntax):
489         (testSyntaxError):
490         (testSyntax.t1):
491         (testSyntaxError.t1):
492         (testSyntax.t1.yield):
493         (testSyntaxError.t1.yield):
494         * tests/stress/yield-out-of-generator.js: Added.
495         (testSyntax):
496         (testSyntaxError):
497         (testSyntaxError.hello):
498         (testSyntaxError.gen.hello):
499         (testSyntaxError.gen):
500         (testSyntax.gen):
501         (testSyntax.gen.ok):
502         (testSyntaxError.gen.ok):
503
504 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
505
506         Dominators should be factored out of the DFG
507         https://bugs.webkit.org/show_bug.cgi?id=150764
508
509         Reviewed by Geoffrey Garen.
510
511         Factored DFGDominators.h/DFGDominators.cpp into WTF. To do this, I made two changes to the
512         DFG:
513
514         1) DFG now has a CFG abstraction called DFG::CFG. The cool thing about this is that in the
515            future if we wanted to support inverted dominators, we could do it by just creating a
516            DFG::BackwardCFG.
517
518         2) Got rid of DFG::Analysis. From now on, an Analysis being invalidated is expressed by the
519            DFG::Graph having a null pointer for that analysis. When we "run" the analysis, we
520            just instantiate it. This makes it much more natural to integrate WTF::Dominators into
521            the DFG.
522
523         * CMakeLists.txt:
524         * JavaScriptCore.xcodeproj/project.pbxproj:
525         * dfg/DFGAnalysis.h: Removed.
526         * dfg/DFGCFG.h: Added.
527         (JSC::DFG::CFG::CFG):
528         (JSC::DFG::CFG::root):
529         (JSC::DFG::CFG::newMap<T>):
530         (JSC::DFG::CFG::successors):
531         (JSC::DFG::CFG::predecessors):
532         (JSC::DFG::CFG::index):
533         (JSC::DFG::CFG::node):
534         (JSC::DFG::CFG::numNodes):
535         (JSC::DFG::CFG::dump):
536         * dfg/DFGCSEPhase.cpp:
537         * dfg/DFGDisassembler.cpp:
538         (JSC::DFG::Disassembler::createDumpList):
539         * dfg/DFGDominators.cpp: Removed.
540         * dfg/DFGDominators.h:
541         (JSC::DFG::Dominators::Dominators):
542         (JSC::DFG::Dominators::strictlyDominates): Deleted.
543         (JSC::DFG::Dominators::dominates): Deleted.
544         (JSC::DFG::Dominators::immediateDominatorOf): Deleted.
545         (JSC::DFG::Dominators::forAllStrictDominatorsOf): Deleted.
546         (JSC::DFG::Dominators::forAllDominatorsOf): Deleted.
547         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy): Deleted.
548         (JSC::DFG::Dominators::forAllBlocksDominatedBy): Deleted.
549         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf): Deleted.
550         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf): Deleted.
551         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf): Deleted.
552         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl): Deleted.
553         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl): Deleted.
554         (JSC::DFG::Dominators::BlockData::BlockData): Deleted.
555         * dfg/DFGEdgeDominates.h:
556         (JSC::DFG::EdgeDominates::operator()):
557         * dfg/DFGGraph.cpp:
558         (JSC::DFG::Graph::Graph):
559         (JSC::DFG::Graph::dumpBlockHeader):
560         (JSC::DFG::Graph::invalidateCFG):
561         (JSC::DFG::Graph::substituteGetLocal):
562         (JSC::DFG::Graph::handleAssertionFailure):
563         (JSC::DFG::Graph::ensureDominators):
564         (JSC::DFG::Graph::ensurePrePostNumbering):
565         (JSC::DFG::Graph::ensureNaturalLoops):
566         (JSC::DFG::Graph::valueProfileFor):
567         * dfg/DFGGraph.h:
568         (JSC::DFG::Graph::hasDebuggerEnabled):
569         * dfg/DFGLICMPhase.cpp:
570         (JSC::DFG::LICMPhase::run):
571         (JSC::DFG::LICMPhase::attemptHoist):
572         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
573         (JSC::DFG::createPreHeader):
574         (JSC::DFG::LoopPreHeaderCreationPhase::run):
575         * dfg/DFGNaturalLoops.cpp:
576         (JSC::DFG::NaturalLoop::dump):
577         (JSC::DFG::NaturalLoops::NaturalLoops):
578         (JSC::DFG::NaturalLoops::~NaturalLoops):
579         (JSC::DFG::NaturalLoops::loopsOf):
580         (JSC::DFG::NaturalLoops::computeDependencies): Deleted.
581         (JSC::DFG::NaturalLoops::compute): Deleted.
582         * dfg/DFGNaturalLoops.h:
583         (JSC::DFG::NaturalLoops::numLoops):
584         * dfg/DFGNode.h:
585         (JSC::DFG::Node::SuccessorsIterable::end):
586         (JSC::DFG::Node::SuccessorsIterable::size):
587         (JSC::DFG::Node::SuccessorsIterable::at):
588         (JSC::DFG::Node::SuccessorsIterable::operator[]):
589         * dfg/DFGOSREntrypointCreationPhase.cpp:
590         (JSC::DFG::OSREntrypointCreationPhase::run):
591         * dfg/DFGObjectAllocationSinkingPhase.cpp:
592         * dfg/DFGPlan.cpp:
593         (JSC::DFG::Plan::compileInThreadImpl):
594         * dfg/DFGPrePostNumbering.cpp:
595         (JSC::DFG::PrePostNumbering::PrePostNumbering):
596         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
597         (JSC::DFG::PrePostNumbering::compute): Deleted.
598         * dfg/DFGPrePostNumbering.h:
599         (JSC::DFG::PrePostNumbering::preNumber):
600         (JSC::DFG::PrePostNumbering::postNumber):
601         * dfg/DFGPutStackSinkingPhase.cpp:
602         * dfg/DFGSSACalculator.cpp:
603         (JSC::DFG::SSACalculator::nonLocalReachingDef):
604         (JSC::DFG::SSACalculator::reachingDefAtTail):
605         * dfg/DFGSSACalculator.h:
606         (JSC::DFG::SSACalculator::computePhis):
607         * dfg/DFGSSAConversionPhase.cpp:
608         (JSC::DFG::SSAConversionPhase::run):
609         * ftl/FTLLink.cpp:
610         (JSC::FTL::link):
611         * ftl/FTLLowerDFGToLLVM.cpp:
612         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
613         (JSC::FTL::DFG::LowerDFGToLLVM::safelyInvalidateAfterTermination):
614         (JSC::FTL::DFG::LowerDFGToLLVM::isValid):
615
616 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
617
618         B3::reduceStrength's DCE should be more agro and less wrong
619         https://bugs.webkit.org/show_bug.cgi?id=150748
620
621         Reviewed by Geoffrey Garen.
622
623         First of all, our DCE had a bug where it would keep Upsilons after it deleted the Phis that
624         they referenced. But our B3 DCE was also not aggressive enough. It would not eliminate
625         cycles. It was also probably slower than it needed to be, since it would eliminate all
626         never-referenced things on each fixpoint.
627
628         This adds a presume-everyone-is-dead-and-find-live-things style DCE. This is very natural to
629         write, except for Upsilons. For everything but Upsilons, it's just a worklist algorithm. For
630         Upsilons, it's a fixpoint. It works fine in the end.
631
632         I kept finding bugs in this algorithm when I tested it against my "Complex" test that I was
633         writing as a compile time benchmark. So, I include that test in this change. I also include
634         the small lowering extensions that it needed - shifting and zero extending.
635
636         This change also adds an LLVM version of the Complex test. Though the LLVM version feels
637         more natural to write because LLVM has traditional Phi's rather than our quirky Phi's, in
638         the end LLVM ends up performing very badly - 10x to 20x worse than B3. Some of that gap will
639         close once we give B3 a register allocator, but still, that's pretty good news for our B3
640         strategy.
641
642         * JavaScriptCore.xcodeproj/project.pbxproj:
643         * assembler/MacroAssemblerX86_64.h:
644         (JSC::MacroAssemblerX86_64::lshift64):
645         (JSC::MacroAssemblerX86_64::rshift64):
646         * assembler/X86Assembler.h:
647         (JSC::X86Assembler::shlq_i8r):
648         (JSC::X86Assembler::shlq_CLr):
649         (JSC::X86Assembler::imull_rr):
650         * b3/B3BasicBlock.cpp:
651         (JSC::B3::BasicBlock::replacePredecessor):
652         (JSC::B3::BasicBlock::dump):
653         (JSC::B3::BasicBlock::removeNops): Deleted.
654         * b3/B3BasicBlock.h:
655         (JSC::B3::BasicBlock::frequency):
656         * b3/B3Common.cpp:
657         (JSC::B3::shouldSaveIRBeforePhase):
658         (JSC::B3::shouldMeasurePhaseTiming):
659         * b3/B3Common.h:
660         (JSC::B3::isRepresentableAsImpl):
661         * b3/B3Generate.cpp:
662         (JSC::B3::generate):
663         (JSC::B3::generateToAir):
664         * b3/B3LowerToAir.cpp:
665         (JSC::B3::Air::LowerToAir::tryAnd):
666         (JSC::B3::Air::LowerToAir::tryShl):
667         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
668         (JSC::B3::Air::LowerToAir::tryTrunc):
669         (JSC::B3::Air::LowerToAir::tryZExt32):
670         (JSC::B3::Air::LowerToAir::tryArgumentReg):
671         * b3/B3LoweringMatcher.patterns:
672         * b3/B3PhaseScope.cpp:
673         (JSC::B3::PhaseScope::PhaseScope):
674         * b3/B3PhaseScope.h:
675         * b3/B3ReduceStrength.cpp:
676         * b3/B3TimingScope.cpp: Added.
677         (JSC::B3::TimingScope::TimingScope):
678         (JSC::B3::TimingScope::~TimingScope):
679         * b3/B3TimingScope.h: Added.
680         * b3/B3Validate.cpp:
681         * b3/air/AirAllocateStack.cpp:
682         (JSC::B3::Air::allocateStack):
683         * b3/air/AirGenerate.cpp:
684         (JSC::B3::Air::generate):
685         * b3/air/AirInstInlines.h:
686         (JSC::B3::Air::ForEach<Arg>::forEach):
687         (JSC::B3::Air::Inst::forEach):
688         (JSC::B3::Air::isLshift32Valid):
689         (JSC::B3::Air::isLshift64Valid):
690         * b3/air/AirLiveness.h:
691         (JSC::B3::Air::Liveness::isAlive):
692         (JSC::B3::Air::Liveness::Liveness):
693         (JSC::B3::Air::Liveness::LocalCalc::execute):
694         * b3/air/AirOpcode.opcodes:
695         * b3/air/AirPhaseScope.cpp:
696         (JSC::B3::Air::PhaseScope::PhaseScope):
697         * b3/air/AirPhaseScope.h:
698         * b3/testb3.cpp:
699         (JSC::B3::testBranchEqualFoldPtr):
700         (JSC::B3::testComplex):
701         (JSC::B3::run):
702         * runtime/Options.h:
703
704 2015-11-01  Alexey Proskuryakov  <ap@apple.com>
705
706         [ES6] Add support for toStringTag
707         https://bugs.webkit.org/show_bug.cgi?id=150696
708
709         Re-landing, as this wasn't the culprit.
710
711         * runtime/ArrayIteratorPrototype.cpp:
712         (JSC::ArrayIteratorPrototype::finishCreation):
713         * runtime/CommonIdentifiers.h:
714         * runtime/JSArrayBufferPrototype.cpp:
715         (JSC::JSArrayBufferPrototype::finishCreation):
716         (JSC::JSArrayBufferPrototype::create):
717         * runtime/JSDataViewPrototype.cpp:
718         (JSC::JSDataViewPrototype::create):
719         (JSC::JSDataViewPrototype::finishCreation):
720         (JSC::JSDataViewPrototype::createStructure):
721         * runtime/JSDataViewPrototype.h:
722         * runtime/JSModuleNamespaceObject.cpp:
723         (JSC::JSModuleNamespaceObject::finishCreation):
724         * runtime/JSONObject.cpp:
725         (JSC::JSONObject::finishCreation):
726         * runtime/JSPromisePrototype.cpp:
727         (JSC::JSPromisePrototype::finishCreation):
728         (JSC::JSPromisePrototype::getOwnPropertySlot):
729         * runtime/JSTypedArrayViewPrototype.cpp:
730         (JSC::typedArrayViewProtoFuncValues):
731         (JSC::typedArrayViewProtoGetterFuncToStringTag):
732         (JSC::JSTypedArrayViewPrototype::JSTypedArrayViewPrototype):
733         (JSC::JSTypedArrayViewPrototype::finishCreation):
734         * runtime/MapIteratorPrototype.cpp:
735         (JSC::MapIteratorPrototype::finishCreation):
736         (JSC::MapIteratorPrototypeFuncNext):
737         * runtime/MapPrototype.cpp:
738         (JSC::MapPrototype::finishCreation):
739         * runtime/MathObject.cpp:
740         (JSC::MathObject::finishCreation):
741         * runtime/ObjectPrototype.cpp:
742         (JSC::objectProtoFuncToString):
743         * runtime/SetIteratorPrototype.cpp:
744         (JSC::SetIteratorPrototype::finishCreation):
745         (JSC::SetIteratorPrototypeFuncNext):
746         * runtime/SetPrototype.cpp:
747         (JSC::SetPrototype::finishCreation):
748         * runtime/SmallStrings.cpp:
749         (JSC::SmallStrings::SmallStrings):
750         (JSC::SmallStrings::initializeCommonStrings):
751         (JSC::SmallStrings::visitStrongReferences):
752         * runtime/SmallStrings.h:
753         (JSC::SmallStrings::typeString):
754         (JSC::SmallStrings::objectStringStart):
755         (JSC::SmallStrings::nullObjectString):
756         (JSC::SmallStrings::undefinedObjectString):
757         * runtime/StringIteratorPrototype.cpp:
758         (JSC::StringIteratorPrototype::finishCreation):
759         * runtime/SymbolPrototype.cpp:
760         (JSC::SymbolPrototype::finishCreation):
761         * runtime/WeakMapPrototype.cpp:
762         (JSC::WeakMapPrototype::finishCreation):
763         (JSC::getWeakMapData):
764         * runtime/WeakSetPrototype.cpp:
765         (JSC::WeakSetPrototype::finishCreation):
766         (JSC::getWeakMapData):
767         * tests/es6.yaml:
768         * tests/modules/namespace.js:
769         * tests/stress/symbol-tostringtag.js: Copied from Source/JavaScriptCore/tests/stress/symbol-tostringtag.js.
770
771 2015-11-01  Commit Queue  <commit-queue@webkit.org>
772
773         Unreviewed, rolling out r191815 and r191821.
774         https://bugs.webkit.org/show_bug.cgi?id=150781
775
776         Seems to have broken JSC API tests on some platforms
777         (Requested by ap on #webkit).
778
779         Reverted changesets:
780
781         "[ES6] Add support for toStringTag"
782         https://bugs.webkit.org/show_bug.cgi?id=150696
783         http://trac.webkit.org/changeset/191815
784
785         "Unreviewed, forgot to mark tests as passing for new feature."
786         http://trac.webkit.org/changeset/191821
787
788 2015-11-01  Commit Queue  <commit-queue@webkit.org>
789
790         Unreviewed, rolling out r191858.
791         https://bugs.webkit.org/show_bug.cgi?id=150780
792
793         Broke the build (Requested by ap on #webkit).
794
795         Reverted changeset:
796
797         "Rename op_put_getter_setter to op_put_getter_setter_by_id"
798         https://bugs.webkit.org/show_bug.cgi?id=150773
799         http://trac.webkit.org/changeset/191858
800
801 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
802
803         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150777.
804
805         * b3/B3LowerToAir.cpp:
806         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
807
808 2015-11-01  Filip Pizlo  <fpizlo@apple.com>
809
810         Unreviewed, add a FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150775.
811
812         * b3/B3LowerToAir.cpp:
813         (JSC::B3::Air::LowerToAir::tryTrunc):
814
815 2015-11-01  Yusuke Suzuki  <utatane.tea@gmail.com>
816
817         Rename op_put_getter_setter to op_put_getter_setter_by_id
818         https://bugs.webkit.org/show_bug.cgi?id=150773
819
820         Reviewed by Mark Lam.
821
822         Renaming op_put_getter_setter to op_put_getter_setter_by_id makes this op name consistent with
823         the other ops' names like op_put_getter_by_id etc.
824
825         * bytecode/BytecodeList.json:
826         * bytecode/BytecodeUseDef.h:
827         (JSC::computeUsesForBytecodeOffset):
828         (JSC::computeDefsForBytecodeOffset):
829         * bytecode/CodeBlock.cpp:
830         (JSC::CodeBlock::dumpBytecode):
831         * bytecompiler/BytecodeGenerator.cpp:
832         (JSC::BytecodeGenerator::emitPutGetterSetter):
833         * dfg/DFGByteCodeParser.cpp:
834         (JSC::DFG::ByteCodeParser::parseBlock):
835         * dfg/DFGCapabilities.cpp:
836         (JSC::DFG::capabilityLevel):
837         * jit/JIT.cpp:
838         (JSC::JIT::privateCompileMainPass):
839         * jit/JIT.h:
840         * jit/JITPropertyAccess.cpp:
841         (JSC::JIT::emit_op_put_getter_setter_by_id):
842         (JSC::JIT::emit_op_put_getter_setter): Deleted.
843         * jit/JITPropertyAccess32_64.cpp:
844         (JSC::JIT::emit_op_put_getter_setter_by_id):
845         (JSC::JIT::emit_op_put_getter_setter): Deleted.
846         * llint/LLIntSlowPaths.cpp:
847         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
848         * llint/LLIntSlowPaths.h:
849         * llint/LowLevelInterpreter.asm:
850
851 2015-10-31  Andreas Kling  <akling@apple.com>
852
853         Add a debug overlay with information about web process resource usage.
854         <https://webkit.org/b/150599>
855
856         Reviewed by Darin Adler.
857
858         Have Heap track the exact number of bytes allocated in CopiedBlock, MarkedBlock and
859         WeakBlock objects, keeping them in a single location that can be sampled by the
860         resource usage overlay thread.
861
862         The bulk of these changes is threading a Heap& through from sites where blocks are
863         allocated or freed.
864
865         * heap/CopiedBlock.cpp:
866         (JSC::CopiedBlock::createNoZeroFill):
867         (JSC::CopiedBlock::destroy):
868         (JSC::CopiedBlock::create):
869         * heap/CopiedBlock.h:
870         * heap/CopiedSpace.cpp:
871         (JSC::CopiedSpace::~CopiedSpace):
872         (JSC::CopiedSpace::tryAllocateOversize):
873         (JSC::CopiedSpace::tryReallocateOversize):
874         * heap/CopiedSpaceInlines.h:
875         (JSC::CopiedSpace::recycleEvacuatedBlock):
876         (JSC::CopiedSpace::recycleBorrowedBlock):
877         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
878         (JSC::CopiedSpace::allocateBlock):
879         (JSC::CopiedSpace::startedCopying):
880         * heap/Heap.cpp:
881         (JSC::Heap::~Heap):
882         (JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
883         * heap/Heap.h:
884         (JSC::Heap::blockBytesAllocated):
885         * heap/HeapInlines.h:
886         (JSC::Heap::didAllocateBlock):
887         (JSC::Heap::didFreeBlock):
888         * heap/MarkedAllocator.cpp:
889         (JSC::MarkedAllocator::allocateBlock):
890         * heap/MarkedBlock.cpp:
891         (JSC::MarkedBlock::create):
892         (JSC::MarkedBlock::destroy):
893         * heap/MarkedBlock.h:
894         * heap/MarkedSpace.cpp:
895         (JSC::MarkedSpace::freeBlock):
896         * heap/WeakBlock.cpp:
897         (JSC::WeakBlock::create):
898         (JSC::WeakBlock::destroy):
899         * heap/WeakBlock.h:
900         * heap/WeakSet.cpp:
901         (JSC::WeakSet::~WeakSet):
902         (JSC::WeakSet::addAllocator):
903         (JSC::WeakSet::removeAllocator):
904
905 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
906
907         Air should eliminate dead code
908         https://bugs.webkit.org/show_bug.cgi?id=150746
909
910         Reviewed by Geoffrey Garen.
911
912         This adds a very simple dead code elimination to Air. It simply looks at whether a Tmp or
913         StackSlot has ever been used by a live instruction. An instruction is live if it has non-arg
914         effects (branching, returning, calling, etc) or if it stores to a live Arg. An Arg is live if
915         it references a live Tmp or StackSlot, or if it is neither a Tmp nor a StackSlot. The phase
916         runs these rules to fixpoint, and then removes the dead instructions.
917
918         This also changes the AirOpcodes parser to handle multiple attributes per opcode, so that we
919         could conceivably say things like "FooBar /branch /effects". It also adds the /effects
920         attribute, which we currently use for Breakpoint and nothing else. C calls, patchpoints, and
921         checks are all Specials, and the Special base class by default always claims that the
922         instruction has effects. In the future, we could have B3 use a Patch in Air to implement
923         exotic math constructs; then the Special associated with that thing would claim that there
924         are no effects.
925
926         * JavaScriptCore.xcodeproj/project.pbxproj:
927         * b3/air/AirBasicBlock.h:
928         (JSC::B3::Air::BasicBlock::begin):
929         (JSC::B3::Air::BasicBlock::end):
930         (JSC::B3::Air::BasicBlock::at):
931         (JSC::B3::Air::BasicBlock::last):
932         (JSC::B3::Air::BasicBlock::resize):
933         (JSC::B3::Air::BasicBlock::appendInst):
934         * b3/air/AirEliminateDeadCode.cpp: Added.
935         (JSC::B3::Air::eliminateDeadCode):
936         * b3/air/AirEliminateDeadCode.h: Added.
937         * b3/air/AirGenerate.cpp:
938         (JSC::B3::Air::generate):
939         * b3/air/AirInst.h:
940         * b3/air/AirOpcode.opcodes:
941         * b3/air/AirSpecial.cpp:
942         (JSC::B3::Air::Special::name):
943         (JSC::B3::Air::Special::hasNonArgNonControlEffects):
944         (JSC::B3::Air::Special::dump):
945         * b3/air/AirSpecial.h:
946         * b3/air/opcode_generator.rb:
947
948 2015-10-31  Filip Pizlo  <fpizlo@apple.com>
949
950         Air needs a late register liveness phase that calls Special::reportUsedRegisters()
951         https://bugs.webkit.org/show_bug.cgi?id=150511
952
953         Reviewed by Saam Barati.
954
955         This change adds such a phase. In the process of writing it, I was reminded about the
956         glaring efficiency bugs in Air::Liveness and so I filed a bug and added FIXMEs.
957
958         * JavaScriptCore.xcodeproj/project.pbxproj:
959         * b3/air/AirAllocateStack.cpp:
960         (JSC::B3::Air::allocateStack):
961         * b3/air/AirGenerate.cpp:
962         (JSC::B3::Air::generate):
963         * b3/air/AirReportUsedRegisters.cpp: Added.
964         (JSC::B3::Air::reportUsedRegisters):
965         * b3/air/AirReportUsedRegisters.h: Added.
966
967 2015-10-31  Brian Burg  <bburg@apple.com>
968
969         Builtins generator should put WebCore-only wrappers in the per-builtin header
970         https://bugs.webkit.org/show_bug.cgi?id=150539
971
972         Reviewed by Youenn Fablet.
973
974         If generating for WebCore, put the XXXWrapper and related boilerplate
975         in the per-builtin header instead of making a separate XXXWrapper.h.
976
977         Rebaseline the tests.
978
979         * CMakeLists.txt:
980         * DerivedSources.make:
981         * Scripts/builtins/builtins.py:
982         * Scripts/builtins/builtins_generate_separate_header.py:
983         (BuiltinsSeparateHeaderGenerator.generate_output):
984         (generate_header_includes):
985         * Scripts/builtins/builtins_generate_separate_wrapper.py: Deleted.
986         * Scripts/builtins/builtins_templates.py: Be consistent with variables.
987         * Scripts/generate-js-builtins.py:
988         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
989         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
990         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
991         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
992
993 2015-10-31  Saam barati  <sbarati@apple.com>
994
995         JSC should have a forceGCSlowPaths option
996         https://bugs.webkit.org/show_bug.cgi?id=150744
997
998         Reviewed by Filip Pizlo.
999
1000         This patch implements the forceGCSlowPaths option.
1001         It defaults to false, but when it is set to true,
1002         the JITs will always allocate objects along the slow
1003         path. This will be helpful for writing a certain class
1004         of tests. This may also come in handy for debugging
1005         later.
1006
1007         This patch also adds the "forceGCSlowPaths" function
1008         in jsc.cpp which sets the option to true. If you
1009         use this function in a jsc stress test, it's best
1010         to call it as the first thing in the program before
1011         we JIT anything.
1012
1013         * dfg/DFGSpeculativeJIT.h:
1014         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
1015         * ftl/FTLLowerDFGToLLVM.cpp:
1016         (JSC::FTL::DFG::LowerDFGToLLVM::allocateCell):
1017         * jit/JITInlines.h:
1018         (JSC::JIT::emitAllocateJSObject):
1019         * jsc.cpp:
1020         (GlobalObject::finishCreation):
1021         (functionEdenGC):
1022         (functionForceGCSlowPaths):
1023         (functionHeapSize):
1024         * runtime/Options.h:
1025
1026 2015-10-30  Joseph Pecoraro  <pecoraro@apple.com>
1027
1028         Web Inspector: Test Debugger.scriptParsed events received after opening inspector frontend
1029         https://bugs.webkit.org/show_bug.cgi?id=150753
1030
1031         Reviewed by Timothy Hatcher.
1032
1033         * parser/Parser.h:
1034         (JSC::Parser<LexerType>::parse):
1035         Only set the directives on the SourceProvider if we were parsing the
1036         entire file (Program or Module), not if we are in function parsing mode.
1037         This was inadvertently clearing the directives stored on the
1038         SourceProvider when the function parse didn't see directives and reset
1039         the values on the source provider.
1040
1041 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1042
1043         [JSC] Add lowering for B3's Sub operation with integers
1044         https://bugs.webkit.org/show_bug.cgi?id=150749
1045
1046         Reviewed by Filip Pizlo.
1047
1048         * b3/B3LowerToAir.cpp:
1049         (JSC::B3::Air::LowerToAir::trySub):
1050         (JSC::B3::Air::LowerToAir::tryStoreSubLoad):
1051         * b3/B3LoweringMatcher.patterns:
1052         Identical to Add but obviously NotCommutative.
1053
1054         * b3/B3ReduceStrength.cpp:
1055         Turn Add/Sub with zero into an identity. I only added for
1056         Add since Sub with a constant is always turned into an Add.
1057
1058         Also switched the Sub optimizations to put the strongest first.
1059
1060         * b3/air/AirOpcode.opcodes:
1061         * b3/testb3.cpp:
1062         (JSC::B3::testAddArgImm):
1063         (JSC::B3::testAddImmArg):
1064         (JSC::B3::testSubArgs):
1065         (JSC::B3::testSubArgImm):
1066         (JSC::B3::testSubImmArg):
1067         (JSC::B3::testSubArgs32):
1068         (JSC::B3::testSubArgImm32):
1069         (JSC::B3::testSubImmArg32):
1070         (JSC::B3::testStoreSubLoad):
1071         (JSC::B3::run):
1072
1073 2015-10-30  Benjamin Poulain  <bpoulain@apple.com>
1074
1075         [JSC] Add the Air Opcode definitions to the Xcode project file
1076         https://bugs.webkit.org/show_bug.cgi?id=150701
1077
1078         Reviewed by Geoffrey Garen.
1079
1080         * JavaScriptCore.xcodeproj/project.pbxproj:
1081         Easier for those who use Xcode :)
1082
1083 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1084
1085         Unreviewed, removing FIXME referencing https://bugs.webkit.org/show_bug.cgi?id=150540.
1086
1087         * b3/B3ValueRep.h:
1088
1089 2015-10-30  Michael Saboff  <msaboff@apple.com>
1090
1091         Windows X86-64 change for Crash making a tail call from a getter to a host function
1092         https://bugs.webkit.org/show_bug.cgi?id=150737
1093
1094         Reviewed by Geoffrey Garen.
1095
1096         Need to make the same change for Windows X86-64 as was made in change set
1097         http://trac.webkit.org/changeset/191765.
1098
1099         * jit/JITStubsMSVC64.asm:
1100
1101 2015-10-30  Keith Miller  <keith_miller@apple.com>
1102
1103         Unreviewed, forgot to mark tests as passing for new feature.
1104
1105         * tests/es6.yaml:
1106
1107 2015-10-30  Filip Pizlo  <fpizlo@apple.com>
1108
1109         B3 should be able to compile a control flow diamond
1110         https://bugs.webkit.org/show_bug.cgi?id=150720
1111
1112         Reviewed by Benjamin Poulain.
1113
1114         Adds support for Branch, Jump, Upsilon, and Phi. Adds some basic strength reduction for
1115         comparisons and boolean-like operations.
1116
1117         * assembler/MacroAssembler.cpp:
1118         (WTF::printInternal):
1119         * assembler/MacroAssembler.h:
1120         * b3/B3BasicBlockUtils.h:
1121         (JSC::B3::replacePredecessor):
1122         (JSC::B3::resetReachability):
1123         * b3/B3CheckValue.h:
1124         * b3/B3Common.h:
1125         (JSC::B3::isRepresentableAsImpl):
1126         (JSC::B3::isRepresentableAs):
1127         * b3/B3Const32Value.cpp:
1128         (JSC::B3::Const32Value::subConstant):
1129         (JSC::B3::Const32Value::equalConstant):
1130         (JSC::B3::Const32Value::notEqualConstant):
1131         (JSC::B3::Const32Value::dumpMeta):
1132         * b3/B3Const32Value.h:
1133         * b3/B3Const64Value.cpp:
1134         (JSC::B3::Const64Value::subConstant):
1135         (JSC::B3::Const64Value::equalConstant):
1136         (JSC::B3::Const64Value::notEqualConstant):
1137         (JSC::B3::Const64Value::dumpMeta):
1138         * b3/B3Const64Value.h:
1139         * b3/B3ConstDoubleValue.cpp:
1140         (JSC::B3::ConstDoubleValue::subConstant):
1141         (JSC::B3::ConstDoubleValue::equalConstant):
1142         (JSC::B3::ConstDoubleValue::notEqualConstant):
1143         (JSC::B3::ConstDoubleValue::dumpMeta):
1144         * b3/B3ConstDoubleValue.h:
1145         * b3/B3ControlValue.cpp:
1146         (JSC::B3::ControlValue::~ControlValue):
1147         (JSC::B3::ControlValue::convertToJump):
1148         (JSC::B3::ControlValue::dumpMeta):
1149         * b3/B3ControlValue.h:
1150         * b3/B3LowerToAir.cpp:
1151         (JSC::B3::Air::LowerToAir::imm):
1152         (JSC::B3::Air::LowerToAir::tryStackSlot):
1153         (JSC::B3::Air::LowerToAir::tryUpsilon):
1154         (JSC::B3::Air::LowerToAir::tryPhi):
1155         (JSC::B3::Air::LowerToAir::tryBranch):
1156         (JSC::B3::Air::LowerToAir::tryJump):
1157         (JSC::B3::Air::LowerToAir::tryIdentity):
1158         * b3/B3LoweringMatcher.patterns:
1159         * b3/B3Opcode.h:
1160         * b3/B3Procedure.cpp:
1161         (JSC::B3::Procedure::resetReachability):
1162         (JSC::B3::Procedure::dump):
1163         * b3/B3ReduceStrength.cpp:
1164         * b3/B3UpsilonValue.cpp:
1165         (JSC::B3::UpsilonValue::dumpMeta):
1166         * b3/B3UpsilonValue.h:
1167         (JSC::B3::UpsilonValue::accepts): Deleted.
1168         (JSC::B3::UpsilonValue::phi): Deleted.
1169         (JSC::B3::UpsilonValue::UpsilonValue): Deleted.
1170         * b3/B3Validate.cpp:
1171         * b3/B3Value.cpp:
1172         (JSC::B3::Value::subConstant):
1173         (JSC::B3::Value::equalConstant):
1174         (JSC::B3::Value::notEqualConstant):
1175         (JSC::B3::Value::returnsBool):
1176         (JSC::B3::Value::asTriState):
1177         (JSC::B3::Value::effects):
1178         * b3/B3Value.h:
1179         * b3/B3ValueInlines.h:
1180         (JSC::B3::Value::asInt32):
1181         (JSC::B3::Value::isInt32):
1182         (JSC::B3::Value::hasInt64):
1183         (JSC::B3::Value::asInt64):
1184         (JSC::B3::Value::isInt64):
1185         (JSC::B3::Value::hasInt):
1186         (JSC::B3::Value::asIntPtr):
1187         (JSC::B3::Value::isIntPtr):
1188         (JSC::B3::Value::hasDouble):
1189         (JSC::B3::Value::asDouble):
1190         (JSC::B3::Value::isEqualToDouble):
1191         (JSC::B3::Value::hasNumber):
1192         (JSC::B3::Value::representableAs):
1193         (JSC::B3::Value::asNumber):
1194         (JSC::B3::Value::stackmap):
1195         * b3/air/AirArg.cpp:
1196         (JSC::B3::Air::Arg::dump):
1197         * b3/air/AirArg.h:
1198         (JSC::B3::Air::Arg::resCond):
1199         (JSC::B3::Air::Arg::doubleCond):
1200         (JSC::B3::Air::Arg::special):
1201         (JSC::B3::Air::Arg::isResCond):
1202         (JSC::B3::Air::Arg::isDoubleCond):
1203         (JSC::B3::Air::Arg::isSpecial):
1204         (JSC::B3::Air::Arg::isGP):
1205         (JSC::B3::Air::Arg::isFP):
1206         (JSC::B3::Air::Arg::asResultCondition):
1207         (JSC::B3::Air::Arg::asDoubleCondition):
1208         (JSC::B3::Air::Arg::Arg):
1209         * b3/air/AirCode.cpp:
1210         (JSC::B3::Air::Code::resetReachability):
1211         (JSC::B3::Air::Code::dump):
1212         * b3/air/AirOpcode.opcodes:
1213         * b3/air/opcode_generator.rb:
1214         * b3/testb3.cpp:
1215         (hiddenTruthBecauseNoReturnIsStupid):
1216         (usage):
1217         (JSC::B3::compile):
1218         (JSC::B3::invoke):
1219         (JSC::B3::compileAndRun):
1220         (JSC::B3::test42):
1221         (JSC::B3::testStoreLoadStackSlot):
1222         (JSC::B3::testBranch):
1223         (JSC::B3::testDiamond):
1224         (JSC::B3::testBranchNotEqual):
1225         (JSC::B3::testBranchFold):
1226         (JSC::B3::testDiamondFold):
1227         (JSC::B3::run):
1228         (run):
1229         (main):
1230
1231 2015-10-30  Keith Miller  <keith_miller@apple.com>
1232
1233         [ES6] Add support for toStringTag
1234         https://bugs.webkit.org/show_bug.cgi?id=150696
1235
1236         Reviewed by Geoffrey Garen.
1237
1238         This patch adds support for Symbol.toStringTag. This is a simple
1239         feature, if an object passed to Object.prototype.toString() has a
1240         toStringTag we use the tag in the string rather than the class info.
1241         Added a test that checks this works for all the default supported classes
1242         along with the corresponding prototype and custom cases.
1243
1244         * runtime/ArrayIteratorPrototype.cpp:
1245         (JSC::ArrayIteratorPrototype::finishCreation):
1246         * runtime/CommonIdentifiers.h:
1247         * runtime/JSArrayBufferPrototype.cpp:
1248         (JSC::JSArrayBufferPrototype::finishCreation):
1249         * runtime/JSDataViewPrototype.cpp:
1250         (JSC::JSDataViewPrototype::finishCreation):
1251         * runtime/JSDataViewPrototype.h:
1252         * runtime/JSModuleNamespaceObject.cpp:
1253         (JSC::JSModuleNamespaceObject::finishCreation):
1254         * runtime/JSONObject.cpp:
1255         (JSC::JSONObject::finishCreation):
1256         * runtime/JSPromisePrototype.cpp:
1257         (JSC::JSPromisePrototype::finishCreation):
1258         * runtime/JSTypedArrayViewPrototype.cpp:
1259         (JSC::typedArrayViewProtoGetterFuncToStringTag):
1260         (JSC::JSTypedArrayViewPrototype::finishCreation):
1261         * runtime/MapIteratorPrototype.cpp:
1262         (JSC::MapIteratorPrototype::finishCreation):
1263         * runtime/MapPrototype.cpp:
1264         (JSC::MapPrototype::finishCreation):
1265         * runtime/MathObject.cpp:
1266         (JSC::MathObject::finishCreation):
1267         * runtime/ObjectPrototype.cpp:
1268         (JSC::objectProtoFuncToString):
1269         * runtime/SetIteratorPrototype.cpp:
1270         (JSC::SetIteratorPrototype::finishCreation):
1271         * runtime/SetPrototype.cpp:
1272         (JSC::SetPrototype::finishCreation):
1273         * runtime/SmallStrings.cpp:
1274         (JSC::SmallStrings::SmallStrings):
1275         (JSC::SmallStrings::initializeCommonStrings):
1276         (JSC::SmallStrings::visitStrongReferences):
1277         * runtime/SmallStrings.h:
1278         (JSC::SmallStrings::objectStringStart):
1279         * runtime/StringIteratorPrototype.cpp:
1280         (JSC::StringIteratorPrototype::finishCreation):
1281         * runtime/SymbolPrototype.cpp:
1282         (JSC::SymbolPrototype::finishCreation):
1283         * runtime/WeakMapPrototype.cpp:
1284         (JSC::WeakMapPrototype::finishCreation):
1285         * runtime/WeakSetPrototype.cpp:
1286         (JSC::WeakSetPrototype::finishCreation):
1287         * tests/modules/namespace.js:
1288         * tests/stress/symbol-tostringtag.js: Added.
1289         (toStr):
1290         (strName):
1291         (classes.string_appeared_here):
1292
1293 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1294
1295         Web Inspector: Do not show JavaScriptCore builtins in inspector
1296         https://bugs.webkit.org/show_bug.cgi?id=146049
1297
1298         Reviewed by Geoffrey Garen.
1299
1300         * debugger/Debugger.cpp:
1301         When gathering scripts to notify the inspector / debuggers about
1302         skip over sources containing host / built-in functions as those
1303         for those won't contain source code developers expect to see.
1304
1305 2015-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1306
1307         Fix typo in "use strict" in TypedArray builtins
1308         https://bugs.webkit.org/show_bug.cgi?id=150709
1309
1310         Reviewed by Geoffrey Garen.
1311
1312         * builtins/TypedArray.prototype.js:
1313         (toLocaleString):
1314
1315 2015-10-29  Philippe Normand  <pnormand@igalia.com>
1316
1317         [GTK][Mac] disable OBJC JSC API
1318         https://bugs.webkit.org/show_bug.cgi?id=150500
1319
1320         Reviewed by Alex Christensen.
1321
1322         * API/JSBase.h: Disable the Objective-C API on Mac for the GTK port.
1323
1324 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1325
1326         Air::handleCalleeSaves shouldn't save/restore the frame pointer
1327         https://bugs.webkit.org/show_bug.cgi?id=150688
1328
1329         Reviewed by Michael Saboff.
1330
1331         We save/restore the FP inside Air::generate().
1332
1333         * b3/air/AirHandleCalleeSaves.cpp:
1334         (JSC::B3::Air::handleCalleeSaves):
1335
1336 2015-10-29  Michael Saboff  <msaboff@apple.com>
1337
1338         Crash making a tail call from a getter to a host function
1339         https://bugs.webkit.org/show_bug.cgi?id=150663
1340
1341         Reviewed by Geoffrey Garen.
1342
1343         Change the inline assembly versions of getHostCallReturnValue() to pass the location of the callee
1344         call frame to getHostCallReturnValueWithExecState().  We were passing the caller's frame address.
1345
1346         * jit/JITOperations.cpp:
1347
1348 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1349
1350         B3::LowerToAir::imm() should work for both 32-bit and 64-bit immediates
1351         https://bugs.webkit.org/show_bug.cgi?id=150685
1352
1353         Reviewed by Geoffrey Garen.
1354
1355         In B3, a constant must match the type of its use. In Air, immediates don't have type, they
1356         only have representation. A 32-bit immediate (i.e. Arg::imm) can be used either for 32-bit
1357         operations or for 64-bit operations. The only difference from a Arg::imm64 is that it
1358         requires fewer bits.
1359
1360         In the B3->Air lowering, we have a lot of code that is effectively polymorphic over integer
1361         type. That code should still be able to use Arg::imm, and it should work even for 64-bit
1362         immediates - so long as they are representable as 32-bit immediates. Therefore, the imm()
1363         helper should happily accept either Const32Value or Const64Value.
1364
1365         We already sort of had this with immAnyType(), but it just turns out that anyone using
1366         immAnyType() should really be using imm().
1367
1368         * b3/B3LowerToAir.cpp:
1369         (JSC::B3::Air::LowerToAir::imm):
1370         (JSC::B3::Air::LowerToAir::tryStore):
1371         (JSC::B3::Air::LowerToAir::tryConst64):
1372         (JSC::B3::Air::LowerToAir::immAnyInt): Deleted.
1373         * b3/testb3.cpp:
1374         (JSC::B3::testAdd1):
1375         (JSC::B3::testAdd1Ptr):
1376         (JSC::B3::testStoreAddLoad):
1377         (JSC::B3::run):
1378
1379 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1380
1381         StoreOpLoad pattern matching should check effects between the Store and Load
1382         https://bugs.webkit.org/show_bug.cgi?id=150534
1383
1384         Reviewed by Geoffrey Garen.
1385
1386         If we turn:
1387
1388             a = Load(addr)
1389             b = Add(a, 42)
1390             Store(b, addr)
1391
1392         Into:
1393
1394             Add $42, (addr)
1395
1396         Then we must make sure that we didn't really have this to begin with:
1397
1398             a = Load(addr)
1399             Store(666, addr)
1400             b = Add(a, 42)
1401             Store(b, addr)
1402
1403         That's because pattern matching doesn't care about control flow, and it finds the Load
1404         just using data flow. This patch fleshes out B3's aliasing analysis, and makes it powerful
1405         enough to broadly ask questions about whether such a code motion of the Load is legal.
1406
1407         * b3/B3Effects.cpp:
1408         (JSC::B3::Effects::interferes):
1409         (JSC::B3::Effects::dump):
1410         * b3/B3Effects.h:
1411         (JSC::B3::Effects::mustExecute):
1412         * b3/B3LowerToAir.cpp:
1413         (JSC::B3::Air::LowerToAir::run):
1414         (JSC::B3::Air::LowerToAir::commitInternal):
1415         (JSC::B3::Air::LowerToAir::crossesInterference):
1416         (JSC::B3::Air::LowerToAir::effectiveAddr):
1417         (JSC::B3::Air::LowerToAir::loadAddr):
1418         * b3/B3Procedure.cpp:
1419         (JSC::B3::Procedure::addBlock):
1420         (JSC::B3::Procedure::resetValueOwners):
1421         (JSC::B3::Procedure::resetReachability):
1422         * b3/B3Procedure.h:
1423         * b3/B3Value.cpp:
1424         (JSC::B3::Value::effects):
1425         * b3/B3Value.h:
1426         * b3/testb3.cpp:
1427         (JSC::B3::testStoreAddLoad):
1428         (JSC::B3::testStoreAddLoadInterference):
1429         (JSC::B3::testStoreAddAndLoad):
1430         (JSC::B3::testLoadOffsetUsingAdd):
1431         (JSC::B3::testLoadOffsetUsingAddInterference):
1432         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1433         (JSC::B3::run):
1434
1435 2015-10-29  Brady Eidson  <beidson@apple.com>
1436
1437         Modern IDB: deleteObjectStore support.
1438         https://bugs.webkit.org/show_bug.cgi?id=150673
1439
1440         Reviewed by Alex Christensen.
1441
1442         * runtime/VM.h:
1443
1444 2015-10-29  Mark Lam  <mark.lam@apple.com>
1445
1446         cdjs-tests.yaml/main.js.ftl fails due to FTL ArithSub code for supporting UntypedUse operands.
1447         https://bugs.webkit.org/show_bug.cgi?id=150687
1448
1449         Unreviewed.
1450
1451         Disabling the feature while it is being debugged.  I'm doing this by effectively
1452         rolling out only the changes in FTLCapabilities.cpp.
1453
1454         * ftl/FTLCapabilities.cpp:
1455         (JSC::FTL::canCompile):
1456
1457 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1458
1459         Unreviewed, fix iOS build.
1460
1461         * assembler/MacroAssemblerARM64.h:
1462         (JSC::MacroAssemblerARM64::store64):
1463
1464 2015-10-29  Alex Christensen  <achristensen@webkit.org>
1465
1466         Fix Mac CMake build
1467         https://bugs.webkit.org/show_bug.cgi?id=150686
1468
1469         Reviewed by Filip Pizlo.
1470
1471         * API/ObjCCallbackFunction.mm:
1472         * CMakeLists.txt:
1473         * PlatformMac.cmake:
1474
1475 2015-10-29  Filip Pizlo  <fpizlo@apple.com>
1476
1477         Air needs syntax for escaping StackSlots
1478         https://bugs.webkit.org/show_bug.cgi?id=150430
1479
1480         Reviewed by Geoffrey Garen.
1481
1482         This adds lowering for FramePointer and StackSlot, and to enable this, it adds the Lea
1483         instruction for getting the value of an address. This is necessary to support arbitrary
1484         lowerings of StackSlot, since the only way to get the "value" of a StackSlot in Air is with
1485         this new instruction.
1486
1487         Lea uses a new Role, called UseAddr. This describes exactly what the Intel-style LEA opcode
1488         would do: it evaluates an address, but does not load from it or store to it.
1489
1490         Lea is also the only way to escape a StackSlot. Well, more accurately, UseAddr is the only
1491         way to escape and UseAddr is only used by Lea. The stack allocation phase now understands
1492         that StackSlots may escape, and factors this into its analysis.
1493
1494         * assembler/MacroAssembler.h:
1495         (JSC::MacroAssembler::lea):
1496         * b3/B3AddressMatcher.patterns:
1497         * b3/B3LowerToAir.cpp:
1498         (JSC::B3::Air::LowerToAir::run):
1499         (JSC::B3::Air::LowerToAir::addr):
1500         (JSC::B3::Air::LowerToAir::loadAddr):
1501         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1502         (JSC::B3::Air::LowerToAir::AddressSelector::tryFramePointer):
1503         (JSC::B3::Air::LowerToAir::AddressSelector::tryStackSlot):
1504         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1505         (JSC::B3::Air::LowerToAir::tryConst64):
1506         (JSC::B3::Air::LowerToAir::tryFramePointer):
1507         (JSC::B3::Air::LowerToAir::tryStackSlot):
1508         (JSC::B3::Air::LowerToAir::tryIdentity):
1509         * b3/B3LoweringMatcher.patterns:
1510         * b3/B3MemoryValue.cpp:
1511         (JSC::B3::MemoryValue::~MemoryValue):
1512         (JSC::B3::MemoryValue::accessByteSize):
1513         (JSC::B3::MemoryValue::dumpMeta):
1514         * b3/B3MemoryValue.h:
1515         * b3/B3ReduceStrength.cpp:
1516         * b3/B3StackSlotValue.h:
1517         (JSC::B3::StackSlotValue::accepts): Deleted.
1518         * b3/B3Type.h:
1519         (JSC::B3::pointerType):
1520         (JSC::B3::sizeofType):
1521         * b3/B3Validate.cpp:
1522         * b3/B3Value.h:
1523         * b3/air/AirAllocateStack.cpp:
1524         (JSC::B3::Air::allocateStack):
1525         * b3/air/AirArg.h:
1526         (JSC::B3::Air::Arg::isUse):
1527         (JSC::B3::Air::Arg::isDef):
1528         (JSC::B3::Air::Arg::forEachTmp):
1529         * b3/air/AirCode.cpp:
1530         (JSC::B3::Air::Code::addStackSlot):
1531         (JSC::B3::Air::Code::addSpecial):
1532         * b3/air/AirCode.h:
1533         * b3/air/AirOpcode.opcodes:
1534         * b3/air/AirSpillEverything.cpp:
1535         (JSC::B3::Air::spillEverything):
1536         * b3/air/AirStackSlot.h:
1537         (JSC::B3::Air::StackSlot::byteSize):
1538         (JSC::B3::Air::StackSlot::kind):
1539         (JSC::B3::Air::StackSlot::isLocked):
1540         (JSC::B3::Air::StackSlot::index):
1541         (JSC::B3::Air::StackSlot::alignment):
1542         * b3/air/opcode_generator.rb:
1543         * b3/testb3.cpp:
1544         (JSC::B3::testLoadOffsetUsingAddNotConstant):
1545         (JSC::B3::testFramePointer):
1546         (JSC::B3::testStackSlot):
1547         (JSC::B3::testLoadFromFramePointer):
1548         (JSC::B3::testStoreLoadStackSlot):
1549         (JSC::B3::run):
1550
1551 2015-10-29  Saam barati  <sbarati@apple.com>
1552
1553         we're incorrectly adjusting a stack location with respect to the localsOffset in FTLCompile
1554         https://bugs.webkit.org/show_bug.cgi?id=150655
1555
1556         Reviewed by Filip Pizlo.
1557
1558         We're recomputing this value for an *OSRExitDescriptor* for every one
1559         of its corresponding *OSRExits*. This is having a multiplicative
1560         effect on offsets because each computation is relative to the previous
1561         value. We must do this computation just once per OSRExitDescriptor.
1562
1563         * ftl/FTLCompile.cpp:
1564         (JSC::FTL::mmAllocateDataSection):
1565
1566 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1567
1568         Air::spillEverything() should try to replace tmps with spill slots without using registers whenever possible
1569         https://bugs.webkit.org/show_bug.cgi?id=150657
1570
1571         Reviewed by Geoffrey Garen.
1572
1573         Also added the ability to store an immediate to memory.
1574
1575         * assembler/MacroAssembler.h:
1576         (JSC::MacroAssembler::storePtr):
1577         * assembler/MacroAssemblerARM64.h:
1578         (JSC::MacroAssemblerARM64::store64):
1579         * assembler/MacroAssemblerX86_64.h:
1580         (JSC::MacroAssemblerX86_64::store64):
1581         * b3/B3LowerToAir.cpp:
1582         (JSC::B3::Air::LowerToAir::imm):
1583         (JSC::B3::Air::LowerToAir::immAnyInt):
1584         (JSC::B3::Air::LowerToAir::immOrTmp):
1585         (JSC::B3::Air::LowerToAir::tryStore):
1586         * b3/air/AirOpcode.opcodes:
1587         * b3/air/AirSpillEverything.cpp:
1588         (JSC::B3::Air::spillEverything):
1589         * b3/testb3.cpp:
1590         (JSC::B3::testStore):
1591         (JSC::B3::testStoreConstant):
1592         (JSC::B3::testStoreConstantPtr):
1593         (JSC::B3::testTrunc):
1594         (JSC::B3::run):
1595
1596 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
1597
1598         Web Inspector: Rename InspectorResourceAgent to InspectorNetworkAgent
1599         https://bugs.webkit.org/show_bug.cgi?id=150654
1600
1601         Reviewed by Geoffrey Garen.
1602
1603         * inspector/scripts/codegen/generator.py:
1604
1605 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1606
1607         B3::reduceStrength() should do DCE
1608         https://bugs.webkit.org/show_bug.cgi?id=150656
1609
1610         Reviewed by Saam Barati.
1611
1612         * b3/B3BasicBlock.cpp:
1613         (JSC::B3::BasicBlock::removeNops): This now deletes the values from the procedure, to preserve the invariant that valuesInProc == valuesInBlocks.
1614         * b3/B3BasicBlock.h:
1615         * b3/B3Procedure.cpp:
1616         (JSC::B3::Procedure::deleteValue): Add a utility used by removeNops().
1617         (JSC::B3::Procedure::addValueIndex): Make sure that we reuse Value indices so that m_values doesn't get too sparse.
1618         * b3/B3Procedure.h:
1619         (JSC::B3::Procedure::ValuesCollection::iterator::iterator): Teach this that m_values can be slightly sparse.
1620         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
1621         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
1622         (JSC::B3::Procedure::ValuesCollection::iterator::findNext):
1623         (JSC::B3::Procedure::values):
1624         * b3/B3ProcedureInlines.h:
1625         (JSC::B3::Procedure::add): Use addValueIndex() instead of always creating a new index.
1626         * b3/B3ReduceStrength.cpp: Implement the optimization using UseCounts and Effects.
1627
1628 2015-10-28  Joseph Pecoraro  <pecoraro@apple.com>
1629
1630         Web Inspector: Remove unused / duplicate WebSocket timeline records
1631         https://bugs.webkit.org/show_bug.cgi?id=150647
1632
1633         Reviewed by Timothy Hatcher.
1634
1635         * inspector/protocol/Timeline.json:
1636
1637 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1638
1639         B3::LowerToAir should not duplicate Loads
1640         https://bugs.webkit.org/show_bug.cgi?id=150651
1641
1642         Reviewed by Benjamin Poulain.
1643
1644         The instruction selector may decide to fuse two Values into one. This ordinarily only happens
1645         if we haven't already emitted code that uses the Value and the Value has only one direct
1646         user. Once we have emitted such code, we ensure that everyone knows that we have "locked" the
1647         Value: we won't emit any more code for it in the future.
1648
1649         The optimization to fuse Loads was forgetting to do all of these things, and so generated
1650         code would have a lot of duplicated Loads. That's bad and this change fixes that.
1651
1652         Ordinarily, this is far less tricky because the pattern matcher does this for us via
1653         acceptInternals() and acceptInternalsLate(). I added a comment to this effect. I hope that we
1654         won't need to do this manually very often.
1655
1656         Also found an uninitialized value bug in UseCounts. That was making all of this super hard to
1657         debug.
1658
1659         * b3/B3IndexMap.h:
1660         (JSC::B3::IndexMap::IndexMap):
1661         (JSC::B3::IndexMap::resize):
1662         (JSC::B3::IndexMap::operator[]):
1663         * b3/B3LowerToAir.cpp:
1664         (JSC::B3::Air::LowerToAir::tmp):
1665         (JSC::B3::Air::LowerToAir::canBeInternal):
1666         (JSC::B3::Air::LowerToAir::commitInternal):
1667         (JSC::B3::Air::LowerToAir::effectiveAddr):
1668         (JSC::B3::Air::LowerToAir::loadAddr):
1669         (JSC::B3::Air::LowerToAir::appendBinOp):
1670         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1671         (JSC::B3::Air::LowerToAir::acceptInternals):
1672         * b3/B3UseCounts.cpp:
1673         (JSC::B3::UseCounts::UseCounts):
1674
1675 2015-10-28  Mark Lam  <mark.lam@apple.com>
1676
1677         JITSubGenerator::generateFastPath() does not need to be inlined.
1678         https://bugs.webkit.org/show_bug.cgi?id=150645
1679
1680         Reviewed by Geoffrey Garen.
1681
1682         Moving it to a .cpp file to reduce code size.  Benchmarks shows this to be
1683         perf neutral.
1684
1685         * CMakeLists.txt:
1686         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1687         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1688         * JavaScriptCore.xcodeproj/project.pbxproj:
1689         * ftl/FTLCompile.cpp:
1690         * jit/JITSubGenerator.cpp: Added.
1691         (JSC::JITSubGenerator::generateFastPath):
1692         * jit/JITSubGenerator.h:
1693         (JSC::JITSubGenerator::JITSubGenerator):
1694         (JSC::JITSubGenerator::endJumpList):
1695         (JSC::JITSubGenerator::slowPathJumpList):
1696         (JSC::JITSubGenerator::generateFastPath): Deleted.
1697
1698 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1699
1700         [B3] handleCommutativity should canonicalize commutative operations over non-constants
1701         https://bugs.webkit.org/show_bug.cgi?id=150649
1702
1703         Reviewed by Saam Barati.
1704
1705         Turn this: Add(value1, value2)
1706         Into this: Add(value2, value1)
1707
1708         But ony if value2 should come before value1 according to our total ordering. This will allow
1709         CSE to observe the equality between commuted versions of the same operation, since we will
1710         first canonicalize them into the same order.
1711
1712         * b3/B3ReduceStrength.cpp:
1713
1714 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1715
1716         Unreviewed, fix the build for case sensitive file systems.
1717
1718         * b3/air/AirBasicBlock.h:
1719         * b3/air/AirStackSlot.h:
1720
1721 2015-10-28  Filip Pizlo  <fpizlo@apple.com>
1722
1723         Create a super rough prototype of B3
1724         https://bugs.webkit.org/show_bug.cgi?id=150280
1725
1726         Reviewed by Benjamin Poulain.
1727
1728         This changeset adds the basic scaffolding of the B3 compiler. B3 stands for Bare Bones
1729         Backend. It's a low-level SSA-based language-agnostic compiler. The basic structure allows
1730         for aggressive C-level optimizations and an awesome portable backend. The backend, called
1731         Air (Assembly IR), is a reflective abstraction over our MacroAssembler. The abstraction is
1732         defined using a spec file (AirOpcode.opcodes) which describes the various kinds of
1733         instructions that we wish to support. Then, the B3::LowerToAir phase, which does our
1734         instruction selection, reflectively selects Air opcodes by querying which instruction forms
1735         are possible. Air allows for optimal register allocation and stack layout. Currently the
1736         register allocator isn't written, but the stack layout is.
1737
1738         Of course this isn't done yet. It can only compile simple programs, seen in the "test suite"
1739         called "testb3.cpp". There's a lot of optimizations that have to be written and a lot of
1740         stuff added to the instruction selector. But it's a neat start.
1741
1742         * CMakeLists.txt:
1743         * DerivedSources.make:
1744         * JavaScriptCore.xcodeproj/project.pbxproj:
1745         * assembler/MacroAssembler.cpp:
1746         (WTF::printInternal):
1747         * assembler/MacroAssembler.h:
1748         * b3: Added.
1749         * b3/B3AddressMatcher.patterns: Added.
1750         * b3/B3ArgumentRegValue.cpp: Added.
1751         (JSC::B3::ArgumentRegValue::~ArgumentRegValue):
1752         (JSC::B3::ArgumentRegValue::dumpMeta):
1753         * b3/B3ArgumentRegValue.h: Added.
1754         * b3/B3BasicBlock.cpp: Added.
1755         (JSC::B3::BasicBlock::BasicBlock):
1756         (JSC::B3::BasicBlock::~BasicBlock):
1757         (JSC::B3::BasicBlock::append):
1758         (JSC::B3::BasicBlock::addPredecessor):
1759         (JSC::B3::BasicBlock::removePredecessor):
1760         (JSC::B3::BasicBlock::replacePredecessor):
1761         (JSC::B3::BasicBlock::removeNops):
1762         (JSC::B3::BasicBlock::dump):
1763         (JSC::B3::BasicBlock::deepDump):
1764         * b3/B3BasicBlock.h: Added.
1765         (JSC::B3::BasicBlock::index):
1766         (JSC::B3::BasicBlock::begin):
1767         (JSC::B3::BasicBlock::end):
1768         (JSC::B3::BasicBlock::size):
1769         (JSC::B3::BasicBlock::at):
1770         (JSC::B3::BasicBlock::last):
1771         (JSC::B3::BasicBlock::values):
1772         (JSC::B3::BasicBlock::numPredecessors):
1773         (JSC::B3::BasicBlock::predecessor):
1774         (JSC::B3::BasicBlock::predecessors):
1775         (JSC::B3::BasicBlock::frequency):
1776         (JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
1777         (JSC::B3::DeepBasicBlockDump::dump):
1778         (JSC::B3::deepDump):
1779         * b3/B3BasicBlockInlines.h: Added.
1780         (JSC::B3::BasicBlock::appendNew):
1781         (JSC::B3::BasicBlock::numSuccessors):
1782         (JSC::B3::BasicBlock::successor):
1783         (JSC::B3::BasicBlock::successors):
1784         (JSC::B3::BasicBlock::successorBlock):
1785         (JSC::B3::BasicBlock::successorBlocks):
1786         * b3/B3BasicBlockUtils.h: Added.
1787         (JSC::B3::addPredecessor):
1788         (JSC::B3::removePredecessor):
1789         (JSC::B3::replacePredecessor):
1790         (JSC::B3::resetReachability):
1791         (JSC::B3::blocksInPreOrder):
1792         (JSC::B3::blocksInPostOrder):
1793         * b3/B3BlockWorklist.h: Added.
1794         * b3/B3CheckSpecial.cpp: Added.
1795         (JSC::B3::Air::numB3Args):
1796         (JSC::B3::CheckSpecial::CheckSpecial):
1797         (JSC::B3::CheckSpecial::~CheckSpecial):
1798         (JSC::B3::CheckSpecial::hiddenBranch):
1799         (JSC::B3::CheckSpecial::forEachArg):
1800         (JSC::B3::CheckSpecial::isValid):
1801         (JSC::B3::CheckSpecial::admitsStack):
1802         (JSC::B3::CheckSpecial::generate):
1803         (JSC::B3::CheckSpecial::dumpImpl):
1804         (JSC::B3::CheckSpecial::deepDumpImpl):
1805         * b3/B3CheckSpecial.h: Added.
1806         * b3/B3CheckValue.cpp: Added.
1807         (JSC::B3::CheckValue::~CheckValue):
1808         (JSC::B3::CheckValue::dumpMeta):
1809         * b3/B3CheckValue.h: Added.
1810         * b3/B3Common.cpp: Added.
1811         (JSC::B3::shouldDumpIR):
1812         (JSC::B3::shouldDumpIRAtEachPhase):
1813         (JSC::B3::shouldValidateIR):
1814         (JSC::B3::shouldValidateIRAtEachPhase):
1815         (JSC::B3::shouldSaveIRBeforePhase):
1816         * b3/B3Common.h: Added.
1817         (JSC::B3::is64Bit):
1818         (JSC::B3::is32Bit):
1819         * b3/B3Commutativity.cpp: Added.
1820         (WTF::printInternal):
1821         * b3/B3Commutativity.h: Added.
1822         * b3/B3Const32Value.cpp: Added.
1823         (JSC::B3::Const32Value::~Const32Value):
1824         (JSC::B3::Const32Value::negConstant):
1825         (JSC::B3::Const32Value::addConstant):
1826         (JSC::B3::Const32Value::subConstant):
1827         (JSC::B3::Const32Value::dumpMeta):
1828         * b3/B3Const32Value.h: Added.
1829         * b3/B3Const64Value.cpp: Added.
1830         (JSC::B3::Const64Value::~Const64Value):
1831         (JSC::B3::Const64Value::negConstant):
1832         (JSC::B3::Const64Value::addConstant):
1833         (JSC::B3::Const64Value::subConstant):
1834         (JSC::B3::Const64Value::dumpMeta):
1835         * b3/B3Const64Value.h: Added.
1836         * b3/B3ConstDoubleValue.cpp: Added.
1837         (JSC::B3::ConstDoubleValue::~ConstDoubleValue):
1838         (JSC::B3::ConstDoubleValue::negConstant):
1839         (JSC::B3::ConstDoubleValue::addConstant):
1840         (JSC::B3::ConstDoubleValue::subConstant):
1841         (JSC::B3::ConstDoubleValue::dumpMeta):
1842         * b3/B3ConstDoubleValue.h: Added.
1843         (JSC::B3::ConstDoubleValue::accepts):
1844         (JSC::B3::ConstDoubleValue::value):
1845         (JSC::B3::ConstDoubleValue::ConstDoubleValue):
1846         * b3/B3ConstPtrValue.h: Added.
1847         (JSC::B3::ConstPtrValue::value):
1848         (JSC::B3::ConstPtrValue::ConstPtrValue):
1849         * b3/B3ControlValue.cpp: Added.
1850         (JSC::B3::ControlValue::~ControlValue):
1851         (JSC::B3::ControlValue::dumpMeta):
1852         * b3/B3ControlValue.h: Added.
1853         * b3/B3Effects.cpp: Added.
1854         (JSC::B3::Effects::dump):
1855         * b3/B3Effects.h: Added.
1856         (JSC::B3::Effects::mustExecute):
1857         * b3/B3FrequencyClass.cpp: Added.
1858         (WTF::printInternal):
1859         * b3/B3FrequencyClass.h: Added.
1860         * b3/B3FrequentedBlock.h: Added.
1861         * b3/B3Generate.cpp: Added.
1862         (JSC::B3::generate):
1863         (JSC::B3::generateToAir):
1864         * b3/B3Generate.h: Added.
1865         * b3/B3GenericFrequentedBlock.h: Added.
1866         (JSC::B3::GenericFrequentedBlock::GenericFrequentedBlock):
1867         (JSC::B3::GenericFrequentedBlock::operator==):
1868         (JSC::B3::GenericFrequentedBlock::operator!=):
1869         (JSC::B3::GenericFrequentedBlock::operator bool):
1870         (JSC::B3::GenericFrequentedBlock::block):
1871         (JSC::B3::GenericFrequentedBlock::frequency):
1872         (JSC::B3::GenericFrequentedBlock::dump):
1873         * b3/B3HeapRange.cpp: Added.
1874         (JSC::B3::HeapRange::dump):
1875         * b3/B3HeapRange.h: Added.
1876         (JSC::B3::HeapRange::HeapRange):
1877         (JSC::B3::HeapRange::top):
1878         (JSC::B3::HeapRange::operator==):
1879         (JSC::B3::HeapRange::operator!=):
1880         (JSC::B3::HeapRange::operator bool):
1881         (JSC::B3::HeapRange::begin):
1882         (JSC::B3::HeapRange::end):
1883         (JSC::B3::HeapRange::overlaps):
1884         * b3/B3IndexMap.h: Added.
1885         (JSC::B3::IndexMap::IndexMap):
1886         (JSC::B3::IndexMap::resize):
1887         (JSC::B3::IndexMap::operator[]):
1888         * b3/B3IndexSet.h: Added.
1889         (JSC::B3::IndexSet::IndexSet):
1890         (JSC::B3::IndexSet::add):
1891         (JSC::B3::IndexSet::contains):
1892         (JSC::B3::IndexSet::Iterable::Iterable):
1893         (JSC::B3::IndexSet::Iterable::iterator::iterator):
1894         (JSC::B3::IndexSet::Iterable::iterator::operator*):
1895         (JSC::B3::IndexSet::Iterable::iterator::operator++):
1896         (JSC::B3::IndexSet::Iterable::iterator::operator==):
1897         (JSC::B3::IndexSet::Iterable::iterator::operator!=):
1898         (JSC::B3::IndexSet::Iterable::begin):
1899         (JSC::B3::IndexSet::Iterable::end):
1900         (JSC::B3::IndexSet::values):
1901         (JSC::B3::IndexSet::indices):
1902         (JSC::B3::IndexSet::dump):
1903         * b3/B3InsertionSet.cpp: Added.
1904         (JSC::B3::InsertionSet::execute):
1905         * b3/B3InsertionSet.h: Added.
1906         (JSC::B3::InsertionSet::InsertionSet):
1907         (JSC::B3::InsertionSet::code):
1908         (JSC::B3::InsertionSet::appendInsertion):
1909         (JSC::B3::InsertionSet::insertValue):
1910         * b3/B3InsertionSetInlines.h: Added.
1911         (JSC::B3::InsertionSet::insert):
1912         * b3/B3LowerToAir.cpp: Added.
1913         (JSC::B3::Air::LowerToAir::LowerToAir):
1914         (JSC::B3::Air::LowerToAir::run):
1915         (JSC::B3::Air::LowerToAir::tmp):
1916         (JSC::B3::Air::LowerToAir::effectiveAddr):
1917         (JSC::B3::Air::LowerToAir::addr):
1918         (JSC::B3::Air::LowerToAir::loadAddr):
1919         (JSC::B3::Air::LowerToAir::imm):
1920         (JSC::B3::Air::LowerToAir::immOrTmp):
1921         (JSC::B3::Air::LowerToAir::appendBinOp):
1922         (JSC::B3::Air::LowerToAir::tryAppendStoreBinOp):
1923         (JSC::B3::Air::LowerToAir::moveForType):
1924         (JSC::B3::Air::LowerToAir::relaxedMoveForType):
1925         (JSC::B3::Air::LowerToAir::append):
1926         (JSC::B3::Air::LowerToAir::AddressSelector::AddressSelector):
1927         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRoot):
1928         (JSC::B3::Air::LowerToAir::AddressSelector::acceptRootLate):
1929         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternals):
1930         (JSC::B3::Air::LowerToAir::AddressSelector::acceptInternalsLate):
1931         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperands):
1932         (JSC::B3::Air::LowerToAir::AddressSelector::acceptOperandsLate):
1933         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift1):
1934         (JSC::B3::Air::LowerToAir::AddressSelector::tryAddShift2):
1935         (JSC::B3::Air::LowerToAir::AddressSelector::tryAdd):
1936         (JSC::B3::Air::LowerToAir::AddressSelector::tryDirect):
1937         (JSC::B3::Air::LowerToAir::acceptRoot):
1938         (JSC::B3::Air::LowerToAir::acceptRootLate):
1939         (JSC::B3::Air::LowerToAir::acceptInternals):
1940         (JSC::B3::Air::LowerToAir::acceptInternalsLate):
1941         (JSC::B3::Air::LowerToAir::acceptOperands):
1942         (JSC::B3::Air::LowerToAir::acceptOperandsLate):
1943         (JSC::B3::Air::LowerToAir::tryLoad):
1944         (JSC::B3::Air::LowerToAir::tryAdd):
1945         (JSC::B3::Air::LowerToAir::tryAnd):
1946         (JSC::B3::Air::LowerToAir::tryStoreAddLoad):
1947         (JSC::B3::Air::LowerToAir::tryStoreAndLoad):
1948         (JSC::B3::Air::LowerToAir::tryStore):
1949         (JSC::B3::Air::LowerToAir::tryTruncArgumentReg):
1950         (JSC::B3::Air::LowerToAir::tryTrunc):
1951         (JSC::B3::Air::LowerToAir::tryArgumentReg):
1952         (JSC::B3::Air::LowerToAir::tryConst32):
1953         (JSC::B3::Air::LowerToAir::tryConst64):
1954         (JSC::B3::Air::LowerToAir::tryIdentity):
1955         (JSC::B3::Air::LowerToAir::tryReturn):
1956         (JSC::B3::lowerToAir):
1957         * b3/B3LowerToAir.h: Added.
1958         * b3/B3LoweringMatcher.patterns: Added.
1959         * b3/B3MemoryValue.cpp: Added.
1960         (JSC::B3::MemoryValue::~MemoryValue):
1961         (JSC::B3::MemoryValue::dumpMeta):
1962         * b3/B3MemoryValue.h: Added.
1963         * b3/B3Opcode.cpp: Added.
1964         (WTF::printInternal):
1965         * b3/B3Opcode.h: Added.
1966         (JSC::B3::isCheckMath):
1967         * b3/B3Origin.cpp: Added.
1968         (JSC::B3::Origin::dump):
1969         * b3/B3Origin.h: Added.
1970         (JSC::B3::Origin::Origin):
1971         (JSC::B3::Origin::operator bool):
1972         (JSC::B3::Origin::data):
1973         * b3/B3PatchpointSpecial.cpp: Added.
1974         (JSC::B3::PatchpointSpecial::PatchpointSpecial):
1975         (JSC::B3::PatchpointSpecial::~PatchpointSpecial):
1976         (JSC::B3::PatchpointSpecial::forEachArg):
1977         (JSC::B3::PatchpointSpecial::isValid):
1978         (JSC::B3::PatchpointSpecial::admitsStack):
1979         (JSC::B3::PatchpointSpecial::generate):
1980         (JSC::B3::PatchpointSpecial::dumpImpl):
1981         (JSC::B3::PatchpointSpecial::deepDumpImpl):
1982         * b3/B3PatchpointSpecial.h: Added.
1983         * b3/B3PatchpointValue.cpp: Added.
1984         (JSC::B3::PatchpointValue::~PatchpointValue):
1985         (JSC::B3::PatchpointValue::dumpMeta):
1986         * b3/B3PatchpointValue.h: Added.
1987         (JSC::B3::PatchpointValue::accepts):
1988         (JSC::B3::PatchpointValue::PatchpointValue):
1989         * b3/B3PhaseScope.cpp: Added.
1990         (JSC::B3::PhaseScope::PhaseScope):
1991         (JSC::B3::PhaseScope::~PhaseScope):
1992         * b3/B3PhaseScope.h: Added.
1993         * b3/B3Procedure.cpp: Added.
1994         (JSC::B3::Procedure::Procedure):
1995         (JSC::B3::Procedure::~Procedure):
1996         (JSC::B3::Procedure::addBlock):
1997         (JSC::B3::Procedure::resetReachability):
1998         (JSC::B3::Procedure::dump):
1999         (JSC::B3::Procedure::blocksInPreOrder):
2000         (JSC::B3::Procedure::blocksInPostOrder):
2001         * b3/B3Procedure.h: Added.
2002         (JSC::B3::Procedure::size):
2003         (JSC::B3::Procedure::at):
2004         (JSC::B3::Procedure::operator[]):
2005         (JSC::B3::Procedure::iterator::iterator):
2006         (JSC::B3::Procedure::iterator::operator*):
2007         (JSC::B3::Procedure::iterator::operator++):
2008         (JSC::B3::Procedure::iterator::operator==):
2009         (JSC::B3::Procedure::iterator::operator!=):
2010         (JSC::B3::Procedure::iterator::findNext):
2011         (JSC::B3::Procedure::begin):
2012         (JSC::B3::Procedure::end):
2013         (JSC::B3::Procedure::ValuesCollection::ValuesCollection):
2014         (JSC::B3::Procedure::ValuesCollection::iterator::iterator):
2015         (JSC::B3::Procedure::ValuesCollection::iterator::operator*):
2016         (JSC::B3::Procedure::ValuesCollection::iterator::operator++):
2017         (JSC::B3::Procedure::ValuesCollection::iterator::operator==):
2018         (JSC::B3::Procedure::ValuesCollection::iterator::operator!=):
2019         (JSC::B3::Procedure::ValuesCollection::begin):
2020         (JSC::B3::Procedure::ValuesCollection::end):
2021         (JSC::B3::Procedure::ValuesCollection::size):
2022         (JSC::B3::Procedure::ValuesCollection::at):
2023         (JSC::B3::Procedure::ValuesCollection::operator[]):
2024         (JSC::B3::Procedure::values):
2025         (JSC::B3::Procedure::setLastPhaseName):
2026         (JSC::B3::Procedure::lastPhaseName):
2027         * b3/B3ProcedureInlines.h: Added.
2028         (JSC::B3::Procedure::add):
2029         * b3/B3ReduceStrength.cpp: Added.
2030         (JSC::B3::reduceStrength):
2031         * b3/B3ReduceStrength.h: Added.
2032         * b3/B3StackSlotKind.cpp: Added.
2033         (WTF::printInternal):
2034         * b3/B3StackSlotKind.h: Added.
2035         * b3/B3StackSlotValue.cpp: Added.
2036         (JSC::B3::StackSlotValue::~StackSlotValue):
2037         (JSC::B3::StackSlotValue::dumpMeta):
2038         * b3/B3StackSlotValue.h: Added.
2039         (JSC::B3::StackSlotValue::accepts):
2040         (JSC::B3::StackSlotValue::byteSize):
2041         (JSC::B3::StackSlotValue::kind):
2042         (JSC::B3::StackSlotValue::offsetFromFP):
2043         (JSC::B3::StackSlotValue::setOffsetFromFP):
2044         (JSC::B3::StackSlotValue::StackSlotValue):
2045         * b3/B3Stackmap.cpp: Added.
2046         (JSC::B3::Stackmap::Stackmap):
2047         (JSC::B3::Stackmap::~Stackmap):
2048         (JSC::B3::Stackmap::dump):
2049         * b3/B3Stackmap.h: Added.
2050         (JSC::B3::Stackmap::constrain):
2051         (JSC::B3::Stackmap::reps):
2052         (JSC::B3::Stackmap::clobber):
2053         (JSC::B3::Stackmap::clobbered):
2054         (JSC::B3::Stackmap::setGenerator):
2055         * b3/B3StackmapSpecial.cpp: Added.
2056         (JSC::B3::StackmapSpecial::StackmapSpecial):
2057         (JSC::B3::StackmapSpecial::~StackmapSpecial):
2058         (JSC::B3::StackmapSpecial::reportUsedRegisters):
2059         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2060         (JSC::B3::StackmapSpecial::forEachArgImpl):
2061         (JSC::B3::StackmapSpecial::isValidImpl):
2062         (JSC::B3::StackmapSpecial::admitsStackImpl):
2063         (JSC::B3::StackmapSpecial::appendRepsImpl):
2064         (JSC::B3::StackmapSpecial::repForArg):
2065         * b3/B3StackmapSpecial.h: Added.
2066         * b3/B3SuccessorCollection.h: Added.
2067         (JSC::B3::SuccessorCollection::SuccessorCollection):
2068         (JSC::B3::SuccessorCollection::size):
2069         (JSC::B3::SuccessorCollection::at):
2070         (JSC::B3::SuccessorCollection::operator[]):
2071         (JSC::B3::SuccessorCollection::iterator::iterator):
2072         (JSC::B3::SuccessorCollection::iterator::operator*):
2073         (JSC::B3::SuccessorCollection::iterator::operator++):
2074         (JSC::B3::SuccessorCollection::iterator::operator==):
2075         (JSC::B3::SuccessorCollection::iterator::operator!=):
2076         (JSC::B3::SuccessorCollection::begin):
2077         (JSC::B3::SuccessorCollection::end):
2078         * b3/B3SwitchCase.cpp: Added.
2079         (JSC::B3::SwitchCase::dump):
2080         * b3/B3SwitchCase.h: Added.
2081         (JSC::B3::SwitchCase::SwitchCase):
2082         (JSC::B3::SwitchCase::operator bool):
2083         (JSC::B3::SwitchCase::caseValue):
2084         (JSC::B3::SwitchCase::target):
2085         (JSC::B3::SwitchCase::targetBlock):
2086         * b3/B3SwitchValue.cpp: Added.
2087         (JSC::B3::SwitchValue::~SwitchValue):
2088         (JSC::B3::SwitchValue::removeCase):
2089         (JSC::B3::SwitchValue::appendCase):
2090         (JSC::B3::SwitchValue::dumpMeta):
2091         (JSC::B3::SwitchValue::SwitchValue):
2092         * b3/B3SwitchValue.h: Added.
2093         (JSC::B3::SwitchValue::accepts):
2094         (JSC::B3::SwitchValue::numCaseValues):
2095         (JSC::B3::SwitchValue::caseValue):
2096         (JSC::B3::SwitchValue::caseValues):
2097         (JSC::B3::SwitchValue::fallThrough):
2098         (JSC::B3::SwitchValue::size):
2099         (JSC::B3::SwitchValue::at):
2100         (JSC::B3::SwitchValue::operator[]):
2101         (JSC::B3::SwitchValue::iterator::iterator):
2102         (JSC::B3::SwitchValue::iterator::operator*):
2103         (JSC::B3::SwitchValue::iterator::operator++):
2104         (JSC::B3::SwitchValue::iterator::operator==):
2105         (JSC::B3::SwitchValue::iterator::operator!=):
2106         (JSC::B3::SwitchValue::begin):
2107         (JSC::B3::SwitchValue::end):
2108         * b3/B3Type.cpp: Added.
2109         (WTF::printInternal):
2110         * b3/B3Type.h: Added.
2111         (JSC::B3::isInt):
2112         (JSC::B3::isFloat):
2113         (JSC::B3::pointerType):
2114         * b3/B3UpsilonValue.cpp: Added.
2115         (JSC::B3::UpsilonValue::~UpsilonValue):
2116         (JSC::B3::UpsilonValue::dumpMeta):
2117         * b3/B3UpsilonValue.h: Added.
2118         (JSC::B3::UpsilonValue::accepts):
2119         (JSC::B3::UpsilonValue::phi):
2120         (JSC::B3::UpsilonValue::UpsilonValue):
2121         * b3/B3UseCounts.cpp: Added.
2122         (JSC::B3::UseCounts::UseCounts):
2123         (JSC::B3::UseCounts::~UseCounts):
2124         * b3/B3UseCounts.h: Added.
2125         (JSC::B3::UseCounts::operator[]):
2126         * b3/B3Validate.cpp: Added.
2127         (JSC::B3::validate):
2128         * b3/B3Validate.h: Added.
2129         * b3/B3Value.cpp: Added.
2130         (JSC::B3::Value::~Value):
2131         (JSC::B3::Value::replaceWithIdentity):
2132         (JSC::B3::Value::replaceWithNop):
2133         (JSC::B3::Value::dump):
2134         (JSC::B3::Value::deepDump):
2135         (JSC::B3::Value::negConstant):
2136         (JSC::B3::Value::addConstant):
2137         (JSC::B3::Value::subConstant):
2138         (JSC::B3::Value::effects):
2139         (JSC::B3::Value::performSubstitution):
2140         (JSC::B3::Value::dumpMeta):
2141         (JSC::B3::Value::typeFor):
2142         * b3/B3Value.h: Added.
2143         (JSC::B3::DeepValueDump::DeepValueDump):
2144         (JSC::B3::DeepValueDump::dump):
2145         (JSC::B3::deepDump):
2146         * b3/B3ValueInlines.h: Added.
2147         (JSC::B3::Value::as):
2148         (JSC::B3::Value::isConstant):
2149         (JSC::B3::Value::hasInt32):
2150         (JSC::B3::Value::asInt32):
2151         (JSC::B3::Value::hasInt64):
2152         (JSC::B3::Value::asInt64):
2153         (JSC::B3::Value::hasInt):
2154         (JSC::B3::Value::asInt):
2155         (JSC::B3::Value::isInt):
2156         (JSC::B3::Value::hasIntPtr):
2157         (JSC::B3::Value::asIntPtr):
2158         (JSC::B3::Value::hasDouble):
2159         (JSC::B3::Value::asDouble):
2160         (JSC::B3::Value::stackmap):
2161         * b3/B3ValueRep.cpp: Added.
2162         (JSC::B3::ValueRep::dump):
2163         (WTF::printInternal):
2164         * b3/B3ValueRep.h: Added.
2165         (JSC::B3::ValueRep::ValueRep):
2166         (JSC::B3::ValueRep::reg):
2167         (JSC::B3::ValueRep::stack):
2168         (JSC::B3::ValueRep::stackArgument):
2169         (JSC::B3::ValueRep::constant):
2170         (JSC::B3::ValueRep::constantDouble):
2171         (JSC::B3::ValueRep::kind):
2172         (JSC::B3::ValueRep::operator bool):
2173         (JSC::B3::ValueRep::offsetFromFP):
2174         (JSC::B3::ValueRep::offsetFromSP):
2175         (JSC::B3::ValueRep::value):
2176         (JSC::B3::ValueRep::doubleValue):
2177         * b3/air: Added.
2178         * b3/air/AirAllocateStack.cpp: Added.
2179         (JSC::B3::Air::allocateStack):
2180         * b3/air/AirAllocateStack.h: Added.
2181         * b3/air/AirArg.cpp: Added.
2182         (JSC::B3::Air::Arg::dump):
2183         * b3/air/AirArg.h: Added.
2184         (JSC::B3::Air::Arg::isUse):
2185         (JSC::B3::Air::Arg::isDef):
2186         (JSC::B3::Air::Arg::typeForB3Type):
2187         (JSC::B3::Air::Arg::Arg):
2188         (JSC::B3::Air::Arg::imm):
2189         (JSC::B3::Air::Arg::imm64):
2190         (JSC::B3::Air::Arg::addr):
2191         (JSC::B3::Air::Arg::stack):
2192         (JSC::B3::Air::Arg::callArg):
2193         (JSC::B3::Air::Arg::isValidScale):
2194         (JSC::B3::Air::Arg::logScale):
2195         (JSC::B3::Air::Arg::index):
2196         (JSC::B3::Air::Arg::relCond):
2197         (JSC::B3::Air::Arg::resCond):
2198         (JSC::B3::Air::Arg::special):
2199         (JSC::B3::Air::Arg::operator==):
2200         (JSC::B3::Air::Arg::operator!=):
2201         (JSC::B3::Air::Arg::operator bool):
2202         (JSC::B3::Air::Arg::kind):
2203         (JSC::B3::Air::Arg::isTmp):
2204         (JSC::B3::Air::Arg::isImm):
2205         (JSC::B3::Air::Arg::isImm64):
2206         (JSC::B3::Air::Arg::isAddr):
2207         (JSC::B3::Air::Arg::isStack):
2208         (JSC::B3::Air::Arg::isCallArg):
2209         (JSC::B3::Air::Arg::isIndex):
2210         (JSC::B3::Air::Arg::isRelCond):
2211         (JSC::B3::Air::Arg::isResCond):
2212         (JSC::B3::Air::Arg::isSpecial):
2213         (JSC::B3::Air::Arg::isAlive):
2214         (JSC::B3::Air::Arg::tmp):
2215         (JSC::B3::Air::Arg::value):
2216         (JSC::B3::Air::Arg::pointerValue):
2217         (JSC::B3::Air::Arg::base):
2218         (JSC::B3::Air::Arg::hasOffset):
2219         (JSC::B3::Air::Arg::offset):
2220         (JSC::B3::Air::Arg::stackSlot):
2221         (JSC::B3::Air::Arg::scale):
2222         (JSC::B3::Air::Arg::isGPTmp):
2223         (JSC::B3::Air::Arg::isFPTmp):
2224         (JSC::B3::Air::Arg::isGP):
2225         (JSC::B3::Air::Arg::isFP):
2226         (JSC::B3::Air::Arg::hasType):
2227         (JSC::B3::Air::Arg::type):
2228         (JSC::B3::Air::Arg::isType):
2229         (JSC::B3::Air::Arg::isGPR):
2230         (JSC::B3::Air::Arg::gpr):
2231         (JSC::B3::Air::Arg::isFPR):
2232         (JSC::B3::Air::Arg::fpr):
2233         (JSC::B3::Air::Arg::isReg):
2234         (JSC::B3::Air::Arg::reg):
2235         (JSC::B3::Air::Arg::gpTmpIndex):
2236         (JSC::B3::Air::Arg::fpTmpIndex):
2237         (JSC::B3::Air::Arg::tmpIndex):
2238         (JSC::B3::Air::Arg::withOffset):
2239         (JSC::B3::Air::Arg::forEachTmpFast):
2240         (JSC::B3::Air::Arg::forEachTmp):
2241         (JSC::B3::Air::Arg::asTrustedImm32):
2242         (JSC::B3::Air::Arg::asTrustedImm64):
2243         (JSC::B3::Air::Arg::asTrustedImmPtr):
2244         (JSC::B3::Air::Arg::asAddress):
2245         (JSC::B3::Air::Arg::asBaseIndex):
2246         (JSC::B3::Air::Arg::asRelationalCondition):
2247         (JSC::B3::Air::Arg::asResultCondition):
2248         (JSC::B3::Air::Arg::isHashTableDeletedValue):
2249         (JSC::B3::Air::Arg::hash):
2250         (JSC::B3::Air::ArgHash::hash):
2251         (JSC::B3::Air::ArgHash::equal):
2252         * b3/air/AirBasicBlock.cpp: Added.
2253         (JSC::B3::Air::BasicBlock::addPredecessor):
2254         (JSC::B3::Air::BasicBlock::removePredecessor):
2255         (JSC::B3::Air::BasicBlock::replacePredecessor):
2256         (JSC::B3::Air::BasicBlock::dump):
2257         (JSC::B3::Air::BasicBlock::deepDump):
2258         (JSC::B3::Air::BasicBlock::BasicBlock):
2259         * b3/air/AirBasicBlock.h: Added.
2260         (JSC::B3::Air::BasicBlock::index):
2261         (JSC::B3::Air::BasicBlock::size):
2262         (JSC::B3::Air::BasicBlock::begin):
2263         (JSC::B3::Air::BasicBlock::end):
2264         (JSC::B3::Air::BasicBlock::at):
2265         (JSC::B3::Air::BasicBlock::last):
2266         (JSC::B3::Air::BasicBlock::appendInst):
2267         (JSC::B3::Air::BasicBlock::append):
2268         (JSC::B3::Air::BasicBlock::numSuccessors):
2269         (JSC::B3::Air::BasicBlock::successor):
2270         (JSC::B3::Air::BasicBlock::successors):
2271         (JSC::B3::Air::BasicBlock::successorBlock):
2272         (JSC::B3::Air::BasicBlock::successorBlocks):
2273         (JSC::B3::Air::BasicBlock::numPredecessors):
2274         (JSC::B3::Air::BasicBlock::predecessor):
2275         (JSC::B3::Air::BasicBlock::predecessors):
2276         (JSC::B3::Air::DeepBasicBlockDump::DeepBasicBlockDump):
2277         (JSC::B3::Air::DeepBasicBlockDump::dump):
2278         (JSC::B3::Air::deepDump):
2279         * b3/air/AirCCallSpecial.cpp: Added.
2280         (JSC::B3::Air::CCallSpecial::CCallSpecial):
2281         (JSC::B3::Air::CCallSpecial::~CCallSpecial):
2282         (JSC::B3::Air::CCallSpecial::forEachArg):
2283         (JSC::B3::Air::CCallSpecial::isValid):
2284         (JSC::B3::Air::CCallSpecial::admitsStack):
2285         (JSC::B3::Air::CCallSpecial::reportUsedRegisters):
2286         (JSC::B3::Air::CCallSpecial::generate):
2287         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2288         (JSC::B3::Air::CCallSpecial::dumpImpl):
2289         (JSC::B3::Air::CCallSpecial::deepDumpImpl):
2290         * b3/air/AirCCallSpecial.h: Added.
2291         * b3/air/AirCode.cpp: Added.
2292         (JSC::B3::Air::Code::Code):
2293         (JSC::B3::Air::Code::~Code):
2294         (JSC::B3::Air::Code::addBlock):
2295         (JSC::B3::Air::Code::addStackSlot):
2296         (JSC::B3::Air::Code::addSpecial):
2297         (JSC::B3::Air::Code::cCallSpecial):
2298         (JSC::B3::Air::Code::resetReachability):
2299         (JSC::B3::Air::Code::dump):
2300         (JSC::B3::Air::Code::findFirstBlockIndex):
2301         (JSC::B3::Air::Code::findNextBlockIndex):
2302         (JSC::B3::Air::Code::findNextBlock):
2303         * b3/air/AirCode.h: Added.
2304         (JSC::B3::Air::Code::newTmp):
2305         (JSC::B3::Air::Code::numTmps):
2306         (JSC::B3::Air::Code::callArgAreaSize):
2307         (JSC::B3::Air::Code::requestCallArgAreaSize):
2308         (JSC::B3::Air::Code::frameSize):
2309         (JSC::B3::Air::Code::setFrameSize):
2310         (JSC::B3::Air::Code::calleeSaveRegisters):
2311         (JSC::B3::Air::Code::size):
2312         (JSC::B3::Air::Code::at):
2313         (JSC::B3::Air::Code::operator[]):
2314         (JSC::B3::Air::Code::iterator::iterator):
2315         (JSC::B3::Air::Code::iterator::operator*):
2316         (JSC::B3::Air::Code::iterator::operator++):
2317         (JSC::B3::Air::Code::iterator::operator==):
2318         (JSC::B3::Air::Code::iterator::operator!=):
2319         (JSC::B3::Air::Code::begin):
2320         (JSC::B3::Air::Code::end):
2321         (JSC::B3::Air::Code::StackSlotsCollection::StackSlotsCollection):
2322         (JSC::B3::Air::Code::StackSlotsCollection::size):
2323         (JSC::B3::Air::Code::StackSlotsCollection::at):
2324         (JSC::B3::Air::Code::StackSlotsCollection::operator[]):
2325         (JSC::B3::Air::Code::StackSlotsCollection::iterator::iterator):
2326         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator*):
2327         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator++):
2328         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator==):
2329         (JSC::B3::Air::Code::StackSlotsCollection::iterator::operator!=):
2330         (JSC::B3::Air::Code::StackSlotsCollection::begin):
2331         (JSC::B3::Air::Code::StackSlotsCollection::end):
2332         (JSC::B3::Air::Code::stackSlots):
2333         (JSC::B3::Air::Code::SpecialsCollection::SpecialsCollection):
2334         (JSC::B3::Air::Code::SpecialsCollection::size):
2335         (JSC::B3::Air::Code::SpecialsCollection::at):
2336         (JSC::B3::Air::Code::SpecialsCollection::operator[]):
2337         (JSC::B3::Air::Code::SpecialsCollection::iterator::iterator):
2338         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator*):
2339         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator++):
2340         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator==):
2341         (JSC::B3::Air::Code::SpecialsCollection::iterator::operator!=):
2342         (JSC::B3::Air::Code::SpecialsCollection::begin):
2343         (JSC::B3::Air::Code::SpecialsCollection::end):
2344         (JSC::B3::Air::Code::specials):
2345         (JSC::B3::Air::Code::setLastPhaseName):
2346         (JSC::B3::Air::Code::lastPhaseName):
2347         * b3/air/AirFrequentedBlock.h: Added.
2348         * b3/air/AirGenerate.cpp: Added.
2349         (JSC::B3::Air::generate):
2350         * b3/air/AirGenerate.h: Added.
2351         * b3/air/AirGenerated.cpp: Added.
2352         * b3/air/AirGenerationContext.h: Added.
2353         * b3/air/AirHandleCalleeSaves.cpp: Added.
2354         (JSC::B3::Air::handleCalleeSaves):
2355         * b3/air/AirHandleCalleeSaves.h: Added.
2356         * b3/air/AirInsertionSet.cpp: Added.
2357         (JSC::B3::Air::InsertionSet::execute):
2358         * b3/air/AirInsertionSet.h: Added.
2359         (JSC::B3::Air::InsertionSet::InsertionSet):
2360         (JSC::B3::Air::InsertionSet::code):
2361         (JSC::B3::Air::InsertionSet::appendInsertion):
2362         (JSC::B3::Air::InsertionSet::insertInst):
2363         (JSC::B3::Air::InsertionSet::insert):
2364         * b3/air/AirInst.cpp: Added.
2365         (JSC::B3::Air::Inst::dump):
2366         * b3/air/AirInst.h: Added.
2367         (JSC::B3::Air::Inst::Inst):
2368         (JSC::B3::Air::Inst::opcode):
2369         (JSC::B3::Air::Inst::forEachTmpFast):
2370         (JSC::B3::Air::Inst::forEachTmp):
2371         * b3/air/AirInstInlines.h: Added.
2372         (JSC::B3::Air::ForEach<Tmp>::forEach):
2373         (JSC::B3::Air::ForEach<Arg>::forEach):
2374         (JSC::B3::Air::Inst::forEach):
2375         (JSC::B3::Air::Inst::hasSpecial):
2376         (JSC::B3::Air::Inst::extraClobberedRegs):
2377         (JSC::B3::Air::Inst::reportUsedRegisters):
2378         (JSC::B3::Air::isShiftValid):
2379         (JSC::B3::Air::isLshift32Valid):
2380         * b3/air/AirLiveness.h: Added.
2381         (JSC::B3::Air::Liveness::Liveness):
2382         (JSC::B3::Air::Liveness::liveAtHead):
2383         (JSC::B3::Air::Liveness::liveAtTail):
2384         (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
2385         (JSC::B3::Air::Liveness::LocalCalc::live):
2386         (JSC::B3::Air::Liveness::LocalCalc::takeLive):
2387         (JSC::B3::Air::Liveness::LocalCalc::execute):
2388         * b3/air/AirOpcode.opcodes: Added.
2389         * b3/air/AirPhaseScope.cpp: Added.
2390         (JSC::B3::Air::PhaseScope::PhaseScope):
2391         (JSC::B3::Air::PhaseScope::~PhaseScope):
2392         * b3/air/AirPhaseScope.h: Added.
2393         * b3/air/AirRegisterPriority.cpp: Added.
2394         (JSC::B3::Air::gprsInPriorityOrder):
2395         (JSC::B3::Air::fprsInPriorityOrder):
2396         (JSC::B3::Air::regsInPriorityOrder):
2397         * b3/air/AirRegisterPriority.h: Added.
2398         (JSC::B3::Air::RegistersInPriorityOrder<GPRInfo>::inPriorityOrder):
2399         (JSC::B3::Air::RegistersInPriorityOrder<FPRInfo>::inPriorityOrder):
2400         (JSC::B3::Air::regsInPriorityOrder):
2401         * b3/air/AirSpecial.cpp: Added.
2402         (JSC::B3::Air::Special::Special):
2403         (JSC::B3::Air::Special::~Special):
2404         (JSC::B3::Air::Special::name):
2405         (JSC::B3::Air::Special::dump):
2406         (JSC::B3::Air::Special::deepDump):
2407         * b3/air/AirSpecial.h: Added.
2408         (JSC::B3::Air::DeepSpecialDump::DeepSpecialDump):
2409         (JSC::B3::Air::DeepSpecialDump::dump):
2410         (JSC::B3::Air::deepDump):
2411         * b3/air/AirSpillEverything.cpp: Added.
2412         (JSC::B3::Air::spillEverything):
2413         * b3/air/AirSpillEverything.h: Added.
2414         * b3/air/AirStackSlot.cpp: Added.
2415         (JSC::B3::Air::StackSlot::setOffsetFromFP):
2416         (JSC::B3::Air::StackSlot::dump):
2417         (JSC::B3::Air::StackSlot::deepDump):
2418         (JSC::B3::Air::StackSlot::StackSlot):
2419         * b3/air/AirStackSlot.h: Added.
2420         (JSC::B3::Air::StackSlot::byteSize):
2421         (JSC::B3::Air::StackSlot::kind):
2422         (JSC::B3::Air::StackSlot::index):
2423         (JSC::B3::Air::StackSlot::alignment):
2424         (JSC::B3::Air::StackSlot::value):
2425         (JSC::B3::Air::StackSlot::offsetFromFP):
2426         (JSC::B3::Air::DeepStackSlotDump::DeepStackSlotDump):
2427         (JSC::B3::Air::DeepStackSlotDump::dump):
2428         (JSC::B3::Air::deepDump):
2429         * b3/air/AirTmp.cpp: Added.
2430         (JSC::B3::Air::Tmp::dump):
2431         * b3/air/AirTmp.h: Added.
2432         (JSC::B3::Air::Tmp::Tmp):
2433         (JSC::B3::Air::Tmp::gpTmpForIndex):
2434         (JSC::B3::Air::Tmp::fpTmpForIndex):
2435         (JSC::B3::Air::Tmp::operator bool):
2436         (JSC::B3::Air::Tmp::isGP):
2437         (JSC::B3::Air::Tmp::isFP):
2438         (JSC::B3::Air::Tmp::isGPR):
2439         (JSC::B3::Air::Tmp::isFPR):
2440         (JSC::B3::Air::Tmp::isReg):
2441         (JSC::B3::Air::Tmp::gpr):
2442         (JSC::B3::Air::Tmp::fpr):
2443         (JSC::B3::Air::Tmp::reg):
2444         (JSC::B3::Air::Tmp::hasTmpIndex):
2445         (JSC::B3::Air::Tmp::gpTmpIndex):
2446         (JSC::B3::Air::Tmp::fpTmpIndex):
2447         (JSC::B3::Air::Tmp::tmpIndex):
2448         (JSC::B3::Air::Tmp::isAlive):
2449         (JSC::B3::Air::Tmp::operator==):
2450         (JSC::B3::Air::Tmp::operator!=):
2451         (JSC::B3::Air::Tmp::isHashTableDeletedValue):
2452         (JSC::B3::Air::Tmp::hash):
2453         (JSC::B3::Air::Tmp::encodeGP):
2454         (JSC::B3::Air::Tmp::encodeFP):
2455         (JSC::B3::Air::Tmp::encodeGPR):
2456         (JSC::B3::Air::Tmp::encodeFPR):
2457         (JSC::B3::Air::Tmp::encodeGPTmp):
2458         (JSC::B3::Air::Tmp::encodeFPTmp):
2459         (JSC::B3::Air::Tmp::isEncodedGP):
2460         (JSC::B3::Air::Tmp::isEncodedFP):
2461         (JSC::B3::Air::Tmp::isEncodedGPR):
2462         (JSC::B3::Air::Tmp::isEncodedFPR):
2463         (JSC::B3::Air::Tmp::isEncodedGPTmp):
2464         (JSC::B3::Air::Tmp::isEncodedFPTmp):
2465         (JSC::B3::Air::Tmp::decodeGPR):
2466         (JSC::B3::Air::Tmp::decodeFPR):
2467         (JSC::B3::Air::Tmp::decodeGPTmp):
2468         (JSC::B3::Air::Tmp::decodeFPTmp):
2469         (JSC::B3::Air::TmpHash::hash):
2470         (JSC::B3::Air::TmpHash::equal):
2471         * b3/air/AirTmpInlines.h: Added.
2472         (JSC::B3::Air::Tmp::Tmp):
2473         * b3/air/AirValidate.cpp: Added.
2474         (JSC::B3::Air::validate):
2475         * b3/air/AirValidate.h: Added.
2476         * b3/air/opcode_generator.rb: Added.
2477         * b3/generate_pattern_matcher.rb: Added.
2478         * b3/testb3.cpp: Added.
2479         (JSC::B3::compileAndRun):
2480         (JSC::B3::test42):
2481         (JSC::B3::testLoad42):
2482         (JSC::B3::testArg):
2483         (JSC::B3::testAddArgs):
2484         (JSC::B3::testAddArgs32):
2485         (JSC::B3::testStore):
2486         (JSC::B3::testTrunc):
2487         (JSC::B3::testAdd1):
2488         (JSC::B3::testStoreAddLoad):
2489         (JSC::B3::testStoreAddAndLoad):
2490         (JSC::B3::testAdd1Uncommuted):
2491         (JSC::B3::testLoadOffset):
2492         (JSC::B3::testLoadOffsetNotConstant):
2493         (JSC::B3::testLoadOffsetUsingAdd):
2494         (JSC::B3::testLoadOffsetUsingAddNotConstant):
2495         (JSC::B3::run):
2496         (run):
2497         (main):
2498         * bytecode/CodeBlock.h:
2499         (JSC::CodeBlock::specializationKind):
2500         * jit/Reg.h:
2501         (JSC::Reg::index):
2502         (JSC::Reg::isSet):
2503         (JSC::Reg::operator bool):
2504         (JSC::Reg::isHashTableDeletedValue):
2505         (JSC::Reg::AllRegsIterable::iterator::iterator):
2506         (JSC::Reg::AllRegsIterable::iterator::operator*):
2507         (JSC::Reg::AllRegsIterable::iterator::operator++):
2508         (JSC::Reg::AllRegsIterable::iterator::operator==):
2509         (JSC::Reg::AllRegsIterable::iterator::operator!=):
2510         (JSC::Reg::AllRegsIterable::begin):
2511         (JSC::Reg::AllRegsIterable::end):
2512         (JSC::Reg::all):
2513         (JSC::Reg::invalid):
2514         (JSC::Reg::operator!): Deleted.
2515         * jit/RegisterAtOffsetList.cpp:
2516         (JSC::RegisterAtOffsetList::RegisterAtOffsetList):
2517         * jit/RegisterAtOffsetList.h:
2518         (JSC::RegisterAtOffsetList::clear):
2519         (JSC::RegisterAtOffsetList::size):
2520         (JSC::RegisterAtOffsetList::begin):
2521         (JSC::RegisterAtOffsetList::end):
2522         * jit/RegisterSet.h:
2523         (JSC::RegisterSet::operator==):
2524         (JSC::RegisterSet::hash):
2525         (JSC::RegisterSet::forEach):
2526         (JSC::RegisterSet::setAny):
2527
2528 2015-10-28  Mark Lam  <mark.lam@apple.com>
2529
2530         Rename MacroAssembler::callProbe() to probe().
2531         https://bugs.webkit.org/show_bug.cgi?id=150641
2532
2533         Reviewed by Saam Barati.
2534
2535         To do this, I needed to disambiguate between the low-level probe() from the
2536         high-level version that takes a std::function.  I did this by changing the low-
2537         level version to not take default args anymore.
2538
2539         * assembler/AbstractMacroAssembler.h:
2540         * assembler/MacroAssembler.cpp:
2541         (JSC::stdFunctionCallback):
2542         (JSC::MacroAssembler::probe):
2543         (JSC::MacroAssembler::callProbe): Deleted.
2544         * assembler/MacroAssembler.h:
2545         (JSC::MacroAssembler::urshift32):
2546         * assembler/MacroAssemblerARM.h:
2547         (JSC::MacroAssemblerARM::repatchCall):
2548         * assembler/MacroAssemblerARM64.h:
2549         (JSC::MacroAssemblerARM64::repatchCall):
2550         * assembler/MacroAssemblerARMv7.h:
2551         (JSC::MacroAssemblerARMv7::repatchCall):
2552         * assembler/MacroAssemblerPrinter.h:
2553         (JSC::MacroAssemblerPrinter::print):
2554         * assembler/MacroAssemblerX86Common.h:
2555         (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
2556
2557 2015-10-28  Timothy Hatcher  <timothy@apple.com>
2558
2559         Web Inspector: jsmin.py mistakenly removes whitespace from template literal strings
2560         https://bugs.webkit.org/show_bug.cgi?id=148728
2561
2562         Reviewed by Joseph Pecoraro.
2563
2564         * Scripts/jsmin.py:
2565         (JavascriptMinify.minify): Make backtick a quoting character.
2566
2567 2015-10-28  Brian Burg  <bburg@apple.com>
2568
2569         Builtins generator should emit ENABLE(FEATURE) guards based on @conditional annotation
2570         https://bugs.webkit.org/show_bug.cgi?id=150536
2571
2572         Reviewed by Yusuke Suzuki.
2573
2574         Scan JS builtin files for @key=value and @flag annotations in single-line comments.
2575         For @conditional=CONDITIONAL, emit CONDITIONAL guards around the relevant object's code.
2576
2577         Generate primary header includes separately from secondary header includes so we can
2578         put the guard between the two header groups, as is customary in WebKit C++ code.
2579
2580         New tests:
2581
2582         Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js
2583         Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js
2584         Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js
2585
2586         * Scripts/builtins/builtins_generate_combined_implementation.py:
2587         (BuiltinsCombinedImplementationGenerator.generate_output):
2588         (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
2589         (BuiltinsCombinedImplementationGenerator.generate_header_includes): Deleted.
2590         * Scripts/builtins/builtins_generate_separate_header.py:
2591         (BuiltinsSeparateHeaderGenerator.generate_output):
2592         (generate_secondary_header_includes):
2593         (generate_header_includes): Deleted.
2594         * Scripts/builtins/builtins_generate_separate_implementation.py:
2595         (BuiltinsSeparateImplementationGenerator.generate_output):
2596         (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
2597         (BuiltinsSeparateImplementationGenerator.generate_header_includes): Deleted.
2598         * Scripts/builtins/builtins_generate_separate_wrapper.py:
2599         (BuiltinsSeparateWrapperGenerator.generate_output):
2600         (BuiltinsSeparateWrapperGenerator.generate_secondary_header_includes):
2601         (BuiltinsSeparateWrapperGenerator.generate_header_includes): Deleted.
2602         * Scripts/builtins/builtins_generator.py:
2603         (BuiltinsGenerator.generate_includes_from_entries):
2604         (BuiltinsGenerator):
2605         (BuiltinsGenerator.generate_primary_header_includes):
2606         * Scripts/builtins/builtins_model.py:
2607         (BuiltinObject.__init__):
2608         (BuiltinsCollection.parse_builtins_file):
2609         (BuiltinsCollection._parse_annotations):
2610         * Scripts/tests/builtins/WebCore-ArbitraryConditionalGuard-Separate.js: Added.
2611         * Scripts/tests/builtins/WebCore-DuplicateFlagAnnotation-Separate.js: Added.
2612         * Scripts/tests/builtins/WebCore-DuplicateKeyValueAnnotation-Separate.js: Added.
2613         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Simplify.
2614         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Simplify.
2615         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Simplify.
2616         * Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result: Added.
2617         * Scripts/tests/builtins/expected/WebCore-DuplicateFlagAnnotation-Separate.js-error: Added.
2618         * Scripts/tests/builtins/expected/WebCore-DuplicateKeyValueAnnotation-Separate.js-error: Added.
2619         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
2620         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
2621         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
2622         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2623
2624 2015-10-28  Mark Lam  <mark.lam@apple.com>
2625
2626         Update FTL to support UntypedUse operands for op_sub.
2627         https://bugs.webkit.org/show_bug.cgi?id=150562
2628
2629         Reviewed by Geoffrey Garen.
2630
2631         * assembler/MacroAssemblerARM64.h:
2632         - make the dataTempRegister and memoryTempRegister public so that we can
2633           move input registers out of them if needed.
2634
2635         * ftl/FTLCapabilities.cpp:
2636         (JSC::FTL::canCompile):
2637         - We can now compile ArithSub.
2638
2639         * ftl/FTLCompile.cpp:
2640         - Added BinaryArithGenerationContext to shuffle registers into a state that is
2641           expected by the baseline snippet generator.  This includes:
2642           1. Making sure that the input and output registers are not in the tag or
2643              scratch registers.
2644           2. Loading the tag registers with expected values.
2645           3. Restoring the registers to their original value on return.
2646         - Added code to implement the ArithSub inline cache.
2647
2648         * ftl/FTLInlineCacheDescriptor.h:
2649         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
2650         (JSC::FTL::ArithSubDescriptor::leftType):
2651         (JSC::FTL::ArithSubDescriptor::rightType):
2652
2653         * ftl/FTLInlineCacheSize.cpp:
2654         (JSC::FTL::sizeOfArithSub):
2655         * ftl/FTLInlineCacheSize.h:
2656
2657         * ftl/FTLLowerDFGToLLVM.cpp:
2658         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
2659         - Added handling for UnusedType for the ArithSub case.
2660
2661         * ftl/FTLState.h:
2662         * jit/GPRInfo.h:
2663         (JSC::GPRInfo::reservedRegisters):
2664
2665         * jit/JITSubGenerator.h:
2666         (JSC::JITSubGenerator::generateFastPath):
2667         - When the result is in the same as one of the input registers, we'll end up
2668           corrupting the input in fast path even if we determine that we need to go to
2669           the slow path.  We now move the input into the scratch register and operate
2670           on that instead and only move the result into the result register only after
2671           the fast path has succeeded.
2672
2673         * tests/stress/op_sub.js:
2674         (o1.valueOf):
2675         (runTest):
2676         - Added some debugging tools: flags for verbose logging, and eager abort on fail.
2677
2678 2015-10-28  Mark Lam  <mark.lam@apple.com>
2679
2680         Fix a typo in ProbeContext::fpr().
2681         https://bugs.webkit.org/show_bug.cgi?id=150629
2682
2683         Reviewed by Yusuke Suzuki.
2684
2685         ProbeContext::fpr() should be calling CPUState::fpr(), not CPUState::gpr().
2686
2687         * assembler/AbstractMacroAssembler.h:
2688         (JSC::AbstractMacroAssembler::ProbeContext::fpr):
2689
2690 2015-10-28  Mark Lam  <mark.lam@apple.com>
2691
2692         Add ability to print the PC register from JIT'ed code.
2693         https://bugs.webkit.org/show_bug.cgi?id=150561
2694
2695         Reviewed by Geoffrey Garen.
2696
2697         * assembler/MacroAssemblerPrinter.cpp:
2698         (JSC::printPC):
2699         (JSC::MacroAssemblerPrinter::printCallback):
2700         * assembler/MacroAssemblerPrinter.h:
2701         (JSC::MacroAssemblerPrinter::PrintArg::PrintArg):
2702
2703 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2704
2705         Web Inspector: Remove Timeline MarkDOMContent and MarkLoad, data is already available
2706         https://bugs.webkit.org/show_bug.cgi?id=150615
2707
2708         Reviewed by Timothy Hatcher.
2709
2710         * inspector/protocol/Timeline.json:
2711
2712 2015-10-27  Joseph Pecoraro  <pecoraro@apple.com>
2713
2714         Web Inspector: Remove unused / duplicated XHR timeline instrumentation
2715         https://bugs.webkit.org/show_bug.cgi?id=150605
2716
2717         Reviewed by Timothy Hatcher.
2718
2719         * inspector/protocol/Timeline.json:
2720
2721 2015-10-27  Michael Saboff  <msaboff@apple.com>
2722
2723         REGRESSION (r191360): Crash: com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::FTL:: + 386
2724         https://bugs.webkit.org/show_bug.cgi?id=150580
2725
2726         Reviewed by Mark Lam.
2727
2728         Changed code to box 32 bit integers and booleans arguments when generating the call instead of boxing
2729         them in the shuffler.
2730
2731         The ASSERT in CallFrameShuffler::extendFrameIfNeeded is wrong when called from CallFrameShuffler::spill(),
2732         as we could be making space to spill a register so that we have a spare that we can use for the new
2733         frame's base pointer.
2734
2735         * ftl/FTLJSTailCall.cpp:
2736         (JSC::FTL::DFG::recoveryFor): Added RELEASE_ASSERT to check that we never see unboxed 32 bit
2737         arguments stored in the stack.
2738         * ftl/FTLLowerDFGToLLVM.cpp:
2739         (JSC::FTL::DFG::LowerDFGToLLVM::exitValueForTailCall):
2740         * jit/CallFrameShuffler.cpp:
2741         (JSC::CallFrameShuffler::extendFrameIfNeeded): Removed unneeded ASSERT.
2742
2743 2015-10-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2744
2745         [ES6] Add DFG/FTL support for accessor put operations
2746         https://bugs.webkit.org/show_bug.cgi?id=148860
2747
2748         Reviewed by Geoffrey Garen.
2749
2750         This patch introduces accessor defining ops into DFG and FTL.
2751         The following DFG nodes are introduced.
2752
2753             op_put_getter_by_id  => PutGetterById
2754             op_put_setter_by_id  => PutSetterById
2755             op_put_getter_setter => PutGetterSetterById
2756             op_put_getter_by_val => PutGetterByVal
2757             op_put_setter_by_val => PutSetterByVal
2758
2759         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
2760
2761         To use operations defined for baseline JIT, we clean up existing operations.
2762         And reuse these operations in DFG and FTL.
2763
2764         * dfg/DFGAbstractInterpreterInlines.h:
2765         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2766         * dfg/DFGByteCodeParser.cpp:
2767         (JSC::DFG::ByteCodeParser::parseBlock):
2768         * dfg/DFGCapabilities.cpp:
2769         (JSC::DFG::capabilityLevel):
2770         * dfg/DFGClobberize.h:
2771         (JSC::DFG::clobberize):
2772         * dfg/DFGDoesGC.cpp:
2773         (JSC::DFG::doesGC):
2774         * dfg/DFGFixupPhase.cpp:
2775         (JSC::DFG::FixupPhase::fixupNode):
2776         * dfg/DFGNode.h:
2777         (JSC::DFG::Node::hasIdentifier):
2778         (JSC::DFG::Node::hasAccessorAttributes):
2779         (JSC::DFG::Node::accessorAttributes):
2780         * dfg/DFGNodeType.h:
2781         * dfg/DFGPredictionPropagationPhase.cpp:
2782         (JSC::DFG::PredictionPropagationPhase::propagate):
2783         * dfg/DFGSafeToExecute.h:
2784         (JSC::DFG::safeToExecute):
2785         * dfg/DFGSpeculativeJIT.cpp:
2786         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
2787         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
2788         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
2789         We should fill all GPRs before calling flushRegisters().
2790         * dfg/DFGSpeculativeJIT.h:
2791         (JSC::DFG::SpeculativeJIT::callOperation):
2792         * dfg/DFGSpeculativeJIT32_64.cpp:
2793         (JSC::DFG::SpeculativeJIT::compile):
2794         * dfg/DFGSpeculativeJIT64.cpp:
2795         (JSC::DFG::SpeculativeJIT::compile):
2796         * ftl/FTLCapabilities.cpp:
2797         (JSC::FTL::canCompile):
2798         * ftl/FTLIntrinsicRepository.h:
2799         * ftl/FTLLowerDFGToLLVM.cpp:
2800         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2801         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
2802         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
2803         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
2804         * jit/JIT.h:
2805         * jit/JITInlines.h:
2806         (JSC::JIT::callOperation):
2807         * jit/JITOperations.cpp:
2808         * jit/JITOperations.h:
2809         * jit/JITPropertyAccess.cpp:
2810         (JSC::JIT::emit_op_put_getter_by_id):
2811         (JSC::JIT::emit_op_put_setter_by_id):
2812         (JSC::JIT::emit_op_put_getter_setter):
2813         * jit/JITPropertyAccess32_64.cpp:
2814         (JSC::JIT::emit_op_put_getter_by_id):
2815         (JSC::JIT::emit_op_put_setter_by_id):
2816         (JSC::JIT::emit_op_put_getter_setter):
2817         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
2818         (shouldBe):
2819         (testAttribute):
2820         (getter.Cocoa.prototype.get hello):
2821         (getter.Cocoa):
2822         (getter):
2823         (setter.Cocoa):
2824         (setter.Cocoa.prototype.set hello):
2825         (setter):
2826         (accessors.Cocoa):
2827         (accessors.Cocoa.prototype.get hello):
2828         (accessors.Cocoa.prototype.set hello):
2829         (accessors):
2830         * tests/stress/dfg-put-accessors-by-id.js: Added.
2831         (shouldBe):
2832         (testAttribute):
2833         (getter.object.get hello):
2834         (getter):
2835         (setter.object.set hello):
2836         (setter):
2837         (accessors.object.get hello):
2838         (accessors.object.set hello):
2839         (accessors):
2840         * tests/stress/dfg-put-getter-by-id-class.js: Added.
2841         (shouldBe):
2842         (testAttribute):
2843         (getter.Cocoa):
2844         (getter.Cocoa.prototype.get hello):
2845         (getter.Cocoa.prototype.get name):
2846         (getter):
2847         * tests/stress/dfg-put-getter-by-id.js: Added.
2848         (shouldBe):
2849         (testAttribute):
2850         (getter.object.get hello):
2851         (getter):
2852         * tests/stress/dfg-put-getter-by-val-class.js: Added.
2853         (shouldBe):
2854         (testAttribute):
2855         (getter.Cocoa):
2856         (getter.Cocoa.prototype.get name):
2857         (getter):
2858         * tests/stress/dfg-put-getter-by-val.js: Added.
2859         (shouldBe):
2860         (testAttribute):
2861         (getter.object.get name):
2862         (getter):
2863         * tests/stress/dfg-put-setter-by-id-class.js: Added.
2864         (shouldBe):
2865         (testAttribute):
2866         (getter.Cocoa):
2867         (getter.Cocoa.prototype.set hello):
2868         (getter.Cocoa.prototype.get name):
2869         (getter):
2870         * tests/stress/dfg-put-setter-by-id.js: Added.
2871         (shouldBe):
2872         (testAttribute):
2873         (setter.object.set hello):
2874         (setter):
2875         * tests/stress/dfg-put-setter-by-val-class.js: Added.
2876         (shouldBe):
2877         (testAttribute):
2878         (setter.Cocoa):
2879         (setter.Cocoa.prototype.set name):
2880         (setter):
2881         * tests/stress/dfg-put-setter-by-val.js: Added.
2882         (shouldBe):
2883         (testAttribute):
2884         (setter.object.set name):
2885         (setter):
2886
2887 2015-10-26  Mark Lam  <mark.lam@apple.com>
2888
2889         Add logging to warn about under-estimated FTL inline cache sizes.
2890         https://bugs.webkit.org/show_bug.cgi?id=150570
2891
2892         Reviewed by Geoffrey Garen.
2893
2894         Added 2 options:
2895         1. JSC_dumpFailedICSizing - dumps an error message if the FTL encounters IC size
2896            estimates that are less than the actual needed code size.
2897
2898            This option is useful for when we add a new IC and want to compute an
2899            estimated size for the IC.  To do this:
2900            1. Build jsc for the target port with a very small IC size (enough to
2901               store the jump instruction needed for the out of line fallback
2902               implementation).
2903            2. Implement a test suite with scenarios that exercise all the code paths in
2904               the IC generator.
2905            3. Run jsc with JSC_dumpFailedICSizing=true on the test suite.
2906            4. The max value reported by the dumps will be the worst case size needed to
2907               store the IC.  We should use this value for our estimate.
2908            5. Update the IC's estimated size and rebuild jsc.
2909            6. Re-run (3) and confirm that there are no more error messages about the
2910               IC sizing.
2911
2912         2. JSC_assertICSizing - same as JSC_dumpFailedICSizing except that it also
2913            crashes the VM each time it encounters an inadequate IC size estimate.
2914
2915            This option is useful for regression testing to ensure that our estimates
2916            do not regress.
2917
2918         * ftl/FTLCompile.cpp:
2919         (JSC::FTL::generateInlineIfPossibleOutOfLineIfNot):
2920         * runtime/Options.h:
2921
2922 2015-10-26  Saam barati  <sbarati@apple.com>
2923
2924         r190735 Caused us to maybe trample the base's tag-GPR on 32-bit inline cache when the cache allocates a scratch register and then jumps to the slow path
2925         https://bugs.webkit.org/show_bug.cgi?id=150532
2926
2927         Reviewed by Geoffrey Garen.
2928
2929         The base's tag register used to show up in the used register set
2930         before r190735 because of how the DFG kept track of used register. I changed this 
2931         in my work on inline caching because we don't want to spill these registers
2932         when we have a GetByIdFlush/PutByIdFlush and we use the used register set
2933         as the metric of what to spill. That said, these registers should be locked
2934         and not used as scratch registers by the scratch register allocator. The
2935         reason is that our inline cache may fail and jump to the slow path. The slow
2936         path then uses the base's tag register. If the inline cache used the base's tag
2937         register as a scratch and the inline cache fails and jumps to the slow path, we
2938         have a problem because the tag may now be trampled.
2939
2940         Note that this doesn't mean that we can't trample the base's tag register when making
2941         a call. We can totally trample the register as long as the inline cache succeeds in a GetByIdFlush/PutByIdFlush.
2942         The problem is only when we trample it and then jump to the slow path.
2943
2944         This patch fixes this bug by making StructureStubInfo keep track of the base's
2945         tag GPR. PolymorphicAccess then locks this register when using the ScratchRegisterAllocator.
2946
2947         * bytecode/PolymorphicAccess.cpp:
2948         (JSC::AccessCase::generate):
2949         (JSC::PolymorphicAccess::regenerate):
2950         * bytecode/StructureStubInfo.h:
2951         * dfg/DFGSpeculativeJIT.cpp:
2952         (JSC::DFG::SpeculativeJIT::compileIn):
2953         * jit/JITInlineCacheGenerator.cpp:
2954         (JSC::JITByIdGenerator::JITByIdGenerator):
2955         * tests/stress/regress-150532.js: Added.
2956         (assert):
2957         (randomFunction):
2958         (foo):
2959         (i.switch):
2960
2961 2015-10-24  Brian Burg  <bburg@apple.com>
2962
2963         Teach create_hash_table to omit builtins macros when generating tables for native-only objects
2964         https://bugs.webkit.org/show_bug.cgi?id=150491
2965
2966         Reviewed by Yusuke Suzuki.
2967
2968         In order to support separate compilation for generated builtins files, we need to be able to
2969         include specific builtins headers from generated .lut.h files. However, the create_hash_table
2970         script isn't smart enough to figure out when a generated file might actually contain a builtin.
2971         Without further help, we'd have to include an all-in-one header, mostly defeating the point of
2972         generating separate .h and .cpp files for every builtin.
2973
2974         This patch segregates the pure native and partially builtin sources in the build system, and
2975         gives hints to create_hash_table so that it doesn't even generate checks for builtins if the
2976         input file has no builtin method implementations. Also do some modernization and code cleanup.
2977
2978         * CMakeLists.txt:
2979
2980         Generate each group with different flags to create_hash_table. Change the macro to take
2981         flags through the variable LUT_GENERATOR_FLAGS. Set this as necessary before calling macro.
2982         Add an additional hint to CMake that the .cpp source file depends on the generated file.
2983
2984         * DerivedSources.make:
2985
2986         Generate each group with different flags to create_hash_table. Clean up the 'all' target
2987         so that static dependencies are listed first. Use static patterns to decide which .lut.h
2988         files require which flags. Reduce fragile usages of implicit variables.
2989
2990         * JavaScriptCore.xcodeproj/project.pbxproj:
2991
2992         Add some missing .lut.h files to the Derived Sources group. Sort the project.
2993
2994         * create_hash_table:
2995
2996         Parse options in a sane way using GetOpt::Long. Remove ability to specify a custom namespace
2997         since this isn't actually used anywhere. Normalize placement of newlines in quoted strings.
2998         Only generate builtins macros and includes if the source file is known to have some builtins.
2999
3000 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
3001
3002         Web Inspector: Remove unused ScrollLayer Timeline EventType
3003         https://bugs.webkit.org/show_bug.cgi?id=150518
3004
3005         Reviewed by Timothy Hatcher.
3006
3007         * inspector/protocol/Timeline.json:
3008
3009 2015-10-23  Joseph Pecoraro  <pecoraro@apple.com>
3010
3011         Web Inspector: Clean up InspectorInstrumentation includes
3012         https://bugs.webkit.org/show_bug.cgi?id=150523
3013
3014         Reviewed by Timothy Hatcher.
3015
3016         * inspector/agents/InspectorConsoleAgent.cpp:
3017         (Inspector::InspectorConsoleAgent::consoleMessageArgumentCounts): Deleted.
3018         * inspector/agents/InspectorConsoleAgent.h:
3019
3020 2015-10-23  Michael Saboff  <msaboff@apple.com>
3021
3022         REGRESSION (r179357-r179359): WebContent Crash using AOL Mail @ com.apple.JavascriptCore JSC::linkPolymorphicCall(JSC::ExecState*, JSC::CallLinkInfo&, JSC::CallVariant, JSC::RegisterPreservationMode) + 1584
3023         https://bugs.webkit.org/show_bug.cgi?id=150513
3024
3025         Reviewed by Saam Barati.
3026
3027         Add check in linkPolymorphicCall() to make sure we have a CodeBlock for the newly added variant.
3028         If not, we turn the call into a virtual call.
3029
3030         The bug was caused by a stack overflow when preparing the function for execution.  This properly
3031         threw an exception, however linkPolymorphicCall() didn't check for this error case.
3032
3033         Added a new test function "failNextNewCodeBlock()" to test tools to simplify the testing.
3034
3035         * API/JSCTestRunnerUtils.cpp:
3036         (JSC::failNextNewCodeBlock):
3037         (JSC::numberOfDFGCompiles):
3038         * API/JSCTestRunnerUtils.h:
3039         * jit/Repatch.cpp:
3040         (JSC::linkPolymorphicCall):
3041         * jsc.cpp:
3042         (GlobalObject::finishCreation):
3043         (functionTransferArrayBuffer):
3044         (functionFailNextNewCodeBlock):
3045         (functionQuit):
3046         * runtime/Executable.cpp:
3047         (JSC::ScriptExecutable::prepareForExecutionImpl):
3048         * runtime/TestRunnerUtils.cpp:
3049         (JSC::optimizeNextInvocation):
3050         (JSC::failNextNewCodeBlock):
3051         (JSC::numberOfDFGCompiles):
3052         * runtime/TestRunnerUtils.h:
3053         * runtime/VM.h:
3054         (JSC::VM::setFailNextNewCodeBlock):
3055         (JSC::VM::getAndClearFailNextNewCodeBlock):
3056         (JSC::VM::stackPointerAtVMEntry):
3057
3058 2015-10-23  Commit Queue  <commit-queue@webkit.org>
3059
3060         Unreviewed, rolling out r191500.
3061         https://bugs.webkit.org/show_bug.cgi?id=150526
3062
3063         Broke two JSC regression tests (Requested by msaboff on
3064         #webkit).
3065
3066         Reverted changeset:
3067
3068         "[ES6] Add DFG/FTL support for accessor put operations"
3069         https://bugs.webkit.org/show_bug.cgi?id=148860
3070         http://trac.webkit.org/changeset/191500
3071
3072 2015-10-23  Yusuke Suzuki  <utatane.tea@gmail.com>
3073
3074         [ES6] Add DFG/FTL support for accessor put operations
3075         https://bugs.webkit.org/show_bug.cgi?id=148860
3076
3077         Reviewed by Geoffrey Garen.
3078
3079         This patch introduces accessor defining ops into DFG and FTL.
3080         The following DFG nodes are introduced.
3081
3082             op_put_getter_by_id  => PutGetterById
3083             op_put_setter_by_id  => PutSetterById
3084             op_put_getter_setter => PutGetterSetterById
3085             op_put_getter_by_val => PutGetterByVal
3086             op_put_setter_by_val => PutSetterByVal
3087
3088         These DFG nodes just call operations. But it does not prevent compiling in DFG/FTL.
3089
3090         To use operations defined for baseline JIT, we clean up existing operations.
3091         And reuse these operations in DFG and FTL.
3092
3093         * dfg/DFGAbstractInterpreterInlines.h:
3094         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3095         * dfg/DFGByteCodeParser.cpp:
3096         (JSC::DFG::ByteCodeParser::parseBlock):
3097         * dfg/DFGCapabilities.cpp:
3098         (JSC::DFG::capabilityLevel):
3099         * dfg/DFGClobberize.h:
3100         (JSC::DFG::clobberize):
3101         * dfg/DFGDoesGC.cpp:
3102         (JSC::DFG::doesGC):
3103         * dfg/DFGFixupPhase.cpp:
3104         (JSC::DFG::FixupPhase::fixupNode):
3105         * dfg/DFGNode.h:
3106         (JSC::DFG::Node::hasIdentifier):
3107         (JSC::DFG::Node::hasAccessorAttributes):
3108         (JSC::DFG::Node::accessorAttributes):
3109         * dfg/DFGNodeType.h:
3110         * dfg/DFGPredictionPropagationPhase.cpp:
3111         (JSC::DFG::PredictionPropagationPhase::propagate):
3112         * dfg/DFGSafeToExecute.h:
3113         (JSC::DFG::safeToExecute):
3114         * dfg/DFGSpeculativeJIT.cpp:
3115         (JSC::DFG::SpeculativeJIT::compilePutAccessorById):
3116         (JSC::DFG::SpeculativeJIT::compilePutGetterSetterById):
3117         (JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
3118         * dfg/DFGSpeculativeJIT.h:
3119         (JSC::DFG::SpeculativeJIT::callOperation):
3120         * dfg/DFGSpeculativeJIT32_64.cpp:
3121         (JSC::DFG::SpeculativeJIT::compile):
3122         * dfg/DFGSpeculativeJIT64.cpp:
3123         (JSC::DFG::SpeculativeJIT::compile):
3124         * ftl/FTLCapabilities.cpp:
3125         (JSC::FTL::canCompile):
3126         * ftl/FTLIntrinsicRepository.h:
3127         * ftl/FTLLowerDFGToLLVM.cpp:
3128         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3129         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorById):
3130         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutGetterSetterById):
3131         (JSC::FTL::DFG::LowerDFGToLLVM::compilePutAccessorByVal):
3132         * jit/JIT.h:
3133         * jit/JITInlines.h:
3134         (JSC::JIT::callOperation):
3135         * jit/JITOperations.cpp:
3136         * jit/JITOperations.h:
3137         * jit/JITPropertyAccess.cpp:
3138         (JSC::JIT::emit_op_put_getter_by_id):
3139         (JSC::JIT::emit_op_put_setter_by_id):
3140         (JSC::JIT::emit_op_put_getter_setter):
3141         * jit/JITPropertyAccess32_64.cpp:
3142         (JSC::JIT::emit_op_put_getter_by_id):
3143         (JSC::JIT::emit_op_put_setter_by_id):
3144         (JSC::JIT::emit_op_put_getter_setter):
3145         * tests/stress/dfg-put-accessors-by-id-class.js: Added.
3146         (shouldBe):
3147         (testAttribute):
3148         (getter.Cocoa.prototype.get hello):
3149         (getter.Cocoa):
3150         (getter):
3151         (setter.Cocoa):
3152         (setter.Cocoa.prototype.set hello):
3153         (setter):
3154         (accessors.Cocoa):
3155         (accessors.Cocoa.prototype.get hello):
3156         (accessors.Cocoa.prototype.set hello):
3157         (accessors):
3158         * tests/stress/dfg-put-accessors-by-id.js: Added.
3159         (shouldBe):
3160         (testAttribute):
3161         (getter.object.get hello):
3162         (getter):
3163         (setter.object.set hello):
3164         (setter):
3165         (accessors.object.get hello):
3166         (accessors.object.set hello):
3167         (accessors):
3168         * tests/stress/dfg-put-getter-by-id-class.js: Added.
3169         (shouldBe):
3170         (testAttribute):
3171         (getter.Cocoa):
3172         (getter.Cocoa.prototype.get hello):
3173         (getter.Cocoa.prototype.get name):
3174         (getter):
3175         * tests/stress/dfg-put-getter-by-id.js: Added.
3176         (shouldBe):
3177         (testAttribute):
3178         (getter.object.get hello):
3179         (getter):
3180         * tests/stress/dfg-put-getter-by-val-class.js: Added.
3181         (shouldBe):
3182         (testAttribute):
3183         (getter.Cocoa):
3184         (getter.Cocoa.prototype.get name):
3185         (getter):
3186         * tests/stress/dfg-put-getter-by-val.js: Added.
3187         (shouldBe):
3188         (testAttribute):
3189         (getter.object.get name):
3190         (getter):
3191         * tests/stress/dfg-put-setter-by-id-class.js: Added.
3192         (shouldBe):
3193         (testAttribute):
3194         (getter.Cocoa):
3195         (getter.Cocoa.prototype.set hello):
3196         (getter.Cocoa.prototype.get name):
3197         (getter):
3198         * tests/stress/dfg-put-setter-by-id.js: Added.
3199         (shouldBe):
3200         (testAttribute):
3201         (setter.object.set hello):
3202         (setter):
3203         * tests/stress/dfg-put-setter-by-val-class.js: Added.
3204         (shouldBe):
3205         (testAttribute):
3206         (setter.Cocoa):
3207         (setter.Cocoa.prototype.set name):
3208         (setter):
3209         * tests/stress/dfg-put-setter-by-val.js: Added.
3210         (shouldBe):
3211         (testAttribute):
3212         (setter.object.set name):
3213         (setter):
3214
3215 2015-10-22  Joseph Pecoraro  <pecoraro@apple.com>
3216
3217         Web Inspector: Remove unused Timeline GCEvent Record type
3218         https://bugs.webkit.org/show_bug.cgi?id=150477
3219
3220         Reviewed by Timothy Hatcher.
3221
3222         Garbage Collection events go through the Heap domain, not the
3223         Timeline domain (long time ago for Chromium).
3224
3225         * inspector/protocol/Timeline.json:
3226
3227 2015-10-22  Michael Saboff  <msaboff@apple.com>
3228
3229         REGRESSION(r191360): Repro Crash: com.apple.WebKit.WebContent at JavaScriptCore:JSC::ExecState::bytecodeOffset + 174
3230         https://bugs.webkit.org/show_bug.cgi?id=150434
3231
3232         Reviewed by Mark Lam.
3233
3234         Pass the current frame instead of the caller frame to operationVMHandleException when processing an
3235         exception in one of the native thunks.
3236
3237         * jit/JITExceptions.cpp:
3238         (JSC::genericUnwind): Made debug printing of CodeBlock safe for call frames without one.
3239         * jit/JITOpcodes32_64.cpp:
3240         (JSC::JIT::privateCompileCTINativeCall):
3241         * jit/ThunkGenerators.cpp:
3242         (JSC::nativeForGenerator):
3243
3244 2015-10-21  Brian Burg  <bburg@apple.com>
3245
3246         Restructure generate-js-bindings script to be modular and testable
3247         https://bugs.webkit.org/show_bug.cgi?id=149929
3248
3249         Reviewed by Alex Christensen.
3250
3251         This is a new code generator, based on the replay inputs code generator and
3252         the inspector protocol code generator, which produces various files for JS
3253         builtins.
3254
3255         Relative to the generator it replaces, this one consolidates two scripts in
3256         JavaScriptCore and WebCore into a single script with multiple files. Parsed
3257         information about the builtins file is stored in backend-independent model
3258         objects. Each output file has its own code generator that uses the model to
3259         produce resulting code. Generators are additionally parameterized by the target
3260         framework (to choose correct macros and includes) and output mode (one
3261         header/implementation file per builtin or per framework).
3262
3263         It includes a few simple tests of the generator's functionality. These result-
3264         based tests will become increasingly more important as we start to add support
3265         for builtins annotation such as @optional, @internal, etc. to the code generator.
3266
3267         Some of these complexities, such as having two output modes, will be removed in
3268         subsequent patches. This patch is intended to exactly replace the existing
3269         functionality with a unified script that makes additional cleanups straightforward.
3270
3271         Additional cleanup and consolidation between inspector code generator scripts
3272         and this script will be pursued in followup patches.
3273
3274         New tests:
3275
3276         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js
3277         Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js
3278         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js
3279         Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js
3280         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js
3281         Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js
3282         Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js
3283         Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js
3284         Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js
3285         Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js
3286
3287
3288         * CMakeLists.txt:
3289
3290             Copy the scripts that are used by other targets to a staging directory inside
3291             ${DERIVED_SOURCES_DIR}/ForwardingHeaders/JavaScriptCore/Scripts.
3292             Define JavaScriptCore_SCRIPTS_DIR to point here so that the add_custom_command
3293             and shared file lists are identical between JavaScriptCore and WebCore. The staged
3294             scripts are a dependency of the main JavaScriptCore target so that they are
3295             always staged, even if JavaScriptCore itself does not use a particular script.
3296
3297             The output files additionally depend on all builtin generator script files
3298             and input files that are combined into the single header/implementation file.
3299
3300         * DerivedSources.make:
3301
3302             Define JavaScriptCore_SCRIPTS_DIR explicitly so the rule for code generation and
3303             shared file lists are identical between JavaScriptCore and WebCore.
3304
3305             The output files additionally depend on all builtin generator script files
3306             and input files that are combined into the single header/implementation file.
3307
3308         * JavaScriptCore.xcodeproj/project.pbxproj:
3309
3310             Mark the new builtins generator files as private headers so we can use them from
3311             WebCore.
3312
3313         * Scripts/UpdateContents.py: Renamed from Source/JavaScriptCore/UpdateContents.py.
3314         * Scripts/builtins/__init__.py: Added.
3315         * Scripts/builtins/builtins.py: Added.
3316         * Scripts/builtins/builtins_generator.py: Added. This file contains the base generator.
3317         (WK_lcfirst):
3318         (WK_ucfirst):
3319         (BuiltinsGenerator):
3320         (BuiltinsGenerator.__init__):
3321         (BuiltinsGenerator.model):
3322         (BuiltinsGenerator.generate_license):
3323         (BuiltinsGenerator.generate_includes_from_entries):
3324         (BuiltinsGenerator.generate_output):
3325         (BuiltinsGenerator.output_filename):
3326         (BuiltinsGenerator.mangledNameForFunction):
3327         (BuiltinsGenerator.mangledNameForFunction.toCamel):
3328         (BuiltinsGenerator.generate_embedded_code_string_section_for_function):
3329         * Scripts/builtins/builtins_model.py: Added. This file contains builtins model objects.
3330         (ParseException):
3331         (Framework):
3332         (Framework.__init__):
3333         (Framework.setting):
3334         (Framework.fromString):
3335         (Frameworks):
3336         (BuiltinObject):
3337         (BuiltinObject.__init__):
3338         (BuiltinFunction):
3339         (BuiltinFunction.__init__):
3340         (BuiltinFunction.fromString):
3341         (BuiltinFunction.__str__):
3342         (BuiltinsCollection):
3343         (BuiltinsCollection.__init__):
3344         (BuiltinsCollection.parse_builtins_file):
3345         (BuiltinsCollection.copyrights):
3346         (BuiltinsCollection.all_functions):
3347         (BuiltinsCollection._parse_copyright_lines):
3348         (BuiltinsCollection._parse_functions):
3349         * Scripts/builtins/builtins_templates.py: Added.
3350         (BuiltinsGeneratorTemplates):
3351         * Scripts/builtins/builtins_generate_combined_header.py: Added.
3352         (BuiltinsCombinedHeaderGenerator):
3353         (BuiltinsCombinedHeaderGenerator.__init__):
3354         (BuiltinsCombinedHeaderGenerator.output_filename):
3355         (BuiltinsCombinedHeaderGenerator.generate_output):
3356         (BuiltinsCombinedHeaderGenerator.generate_forward_declarations):
3357         (FunctionExecutable):
3358         (VM):
3359         (ConstructAbility):
3360         (generate_section_for_object):
3361         (generate_externs_for_object):
3362         (generate_macros_for_object):
3363         (generate_defines_for_object):
3364         (generate_section_for_code_table_macro):
3365         (generate_section_for_code_name_macro):
3366         * Scripts/builtins/builtins_generate_combined_implementation.py: Added.
3367         (BuiltinsCombinedImplementationGenerator):
3368         (BuiltinsCombinedImplementationGenerator.__init__):
3369         (BuiltinsCombinedImplementationGenerator.output_filename):
3370         (BuiltinsCombinedImplementationGenerator.generate_output):
3371         (BuiltinsCombinedImplementationGenerator.generate_header_includes):
3372         * Scripts/builtins/builtins_generate_separate_header.py: Added.
3373         (BuiltinsSeparateHeaderGenerator):
3374         (BuiltinsSeparateHeaderGenerator.__init__):
3375         (BuiltinsSeparateHeaderGenerator.output_filename):
3376         (BuiltinsSeparateHeaderGenerator.macro_prefix):
3377         (BuiltinsSeparateHeaderGenerator.generate_output):
3378         (BuiltinsSeparateHeaderGenerator.generate_forward_declarations):
3379         (FunctionExecutable):
3380         (generate_header_includes):
3381         (generate_section_for_object):
3382         (generate_externs_for_object):
3383         (generate_macros_for_object):
3384         (generate_defines_for_object):
3385         (generate_section_for_code_table_macro):
3386         (generate_section_for_code_name_macro):
3387         * Scripts/builtins/builtins_generate_separate_implementation.py: Added.
3388         (BuiltinsSeparateImplementationGenerator):
3389         (BuiltinsSeparateImplementationGenerator.__init__):
3390         (BuiltinsSeparateImplementationGenerator.output_filename):
3391         (BuiltinsSeparateImplementationGenerator.macro_prefix):
3392         (BuiltinsSeparateImplementationGenerator.generate_output):
3393         (BuiltinsSeparateImplementationGenerator.generate_header_includes):
3394         * Scripts/builtins/builtins_generate_separate_wrapper.py: Added.
3395         (BuiltinsSeparateWrapperGenerator):
3396         (BuiltinsSeparateWrapperGenerator.__init__):
3397         (BuiltinsSeparateWrapperGenerator.output_filename):
3398         (BuiltinsSeparateWrapperGenerator.macro_prefix):
3399         (BuiltinsSeparateWrapperGenerator.generate_output):
3400         (BuiltinsSeparateWrapperGenerator.generate_header_includes):
3401         * Scripts/generate-js-builtins.py: Added.
3402
3403             Parse command line options, decide which generators and output modes to use.
3404
3405         (generate_bindings_for_builtins_files):
3406         * Scripts/lazywriter.py: Copied from the inspector protocol generator.
3407         (LazyFileWriter):
3408         (LazyFileWriter.__init__):
3409         (LazyFileWriter.write):
3410         (LazyFileWriter.close):
3411         * Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Combined.js: Added.
3412         * Scripts/tests/builtins/JavaScriptCore-Builtin.Promise-Separate.js: Added.
3413         * Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Combined.js: Added.
3414         * Scripts/tests/builtins/JavaScriptCore-Builtin.prototype-Separate.js: Added.
3415         * Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Combined.js: Added.
3416         * Scripts/tests/builtins/JavaScriptCore-BuiltinConstructor-Separate.js: Added.
3417         * Scripts/tests/builtins/WebCore-GuardedBuiltin-Separate.js: Added.
3418         * Scripts/tests/builtins/WebCore-GuardedInternalBuiltin-Separate.js: Added.
3419         * Scripts/tests/builtins/WebCore-UnguardedBuiltin-Separate.js: Added.
3420         * Scripts/tests/builtins/WebCore-xmlCasingTest-Separate.js: Added.
3421         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result: Added.
3422         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result: Added.
3423         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result: Added.
3424         * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result: Added.
3425         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result: Added.
3426         * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result: Added.
3427         * Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result: Added.
3428         * Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result: Added.
3429         * Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result: Added.
3430         * Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result: Added.
3431         * builtins/BuiltinExecutables.cpp:
3432         (JSC::BuiltinExecutables::BuiltinExecutables):
3433         * builtins/BuiltinExecutables.h:
3434         * create_hash_table:
3435
3436             Update the generated builtin macro names.
3437
3438         * generate-js-builtins: Removed.
3439
3440 2015-10-21  Benjamin Poulain  <bpoulain@apple.com>
3441
3442         [JSC] Remove FTL Native Inlining, it is dead code
3443         https://bugs.webkit.org/show_bug.cgi?id=150429
3444
3445         Reviewed by Filip Pizlo.
3446
3447         The code is not used and it is in the way of other changes.
3448
3449         * ftl/FTLAbbreviations.h:
3450         (JSC::FTL::getFirstInstruction): Deleted.
3451         (JSC::FTL::getNextInstruction): Deleted.
3452         (JSC::FTL::getFirstBasicBlock): Deleted.
3453         (JSC::FTL::getNextBasicBlock): Deleted.
3454         * ftl/FTLLowerDFGToLLVM.cpp:
3455         (JSC::FTL::DFG::LowerDFGToLLVM::isInlinableSize): Deleted.
3456         * runtime/Options.h:
3457
3458 2015-10-21  Benjamin Poulain  <bpoulain@apple.com>
3459
3460         [JSC] Remove two useless temporaries from the PutByOffset codegen
3461         https://bugs.webkit.org/show_bug.cgi?id=150421
3462
3463         Reviewed by Geoffrey Garen.
3464
3465         * dfg/DFGSpeculativeJIT64.cpp:
3466         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3467         Looks like they were added by accident in r160796.
3468
3469 2015-10-21  Filip Pizlo  <fpizlo@apple.com>
3470
3471         Factor out the graph node worklists from DFG into WTF
3472         https://bugs.webkit.org/show_bug.cgi?id=150411
3473
3474         Reviewed by Geoffrey Garen.
3475
3476         Rewrite the DFGBlockWorklist.h file as a bunch of typedefs and aliases for things in
3477         wtf/GraphNodeWorklist.h. Most users won't notice, except that some small things got
3478         renamed. For example PreOrder becomes VisitOrder::Pre and item.block becomes item.node.
3479
3480         * CMakeLists.txt:
3481         * JavaScriptCore.xcodeproj/project.pbxproj:
3482         * dfg/DFGBlockWorklist.cpp: Removed.
3483         * dfg/DFGBlockWorklist.h:
3484         (JSC::DFG::BlockWorklist::notEmpty): Deleted.
3485         (JSC::DFG::BlockWith::BlockWith): Deleted.
3486         (JSC::DFG::BlockWith::operator bool): Deleted.
3487         (JSC::DFG::ExtendedBlockWorklist::ExtendedBlockWorklist): Deleted.
3488         (JSC::DFG::ExtendedBlockWorklist::forcePush): Deleted.
3489         (JSC::DFG::ExtendedBlockWorklist::push): Deleted.
3490         (JSC::DFG::ExtendedBlockWorklist::notEmpty): Deleted.
3491         (JSC::DFG::ExtendedBlockWorklist::pop): Deleted.
3492         (JSC::DFG::BlockWithOrder::BlockWithOrder): Deleted.
3493         (JSC::DFG::BlockWithOrder::operator bool): Deleted.
3494         (JSC::DFG::PostOrderBlockWorklist::push): Deleted.
3495         (JSC::DFG::PostOrderBlockWorklist::notEmpty): Deleted.
3496         * dfg/DFGDominators.cpp:
3497         (JSC::DFG::Dominators::compute):
3498         * dfg/DFGGraph.cpp:
3499         (JSC::DFG::Graph::blocksInPostOrder):
3500         * dfg/DFGPrePostNumbering.cpp:
3501         (JSC::DFG::PrePostNumbering::compute):
3502
3503 2015-10-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3504
3505         [INTL] Implement Intl.Collator.prototype.resolvedOptions ()
3506         https://bugs.webkit.org/show_bug.cgi?id=147601
3507
3508         Reviewed by Benjamin Poulain.
3509
3510         This patch implements Intl.Collator.prototype.resolvedOptions() according
3511         to the ECMAScript 2015 Internationalization API spec (ECMA-402 2nd edition.)
3512         It also implements the abstract operations InitializeCollator, ResolveLocale,
3513         LookupMatcher, and BestFitMatcher.
3514
3515         * runtime/CommonIdentifiers.h:
3516         * runtime/IntlCollator.h:
3517         (JSC::IntlCollator::usage):
3518         (JSC::IntlCollator::setUsage):
3519         (JSC::IntlCollator::locale):
3520         (JSC::IntlCollator::setLocale):
3521         (JSC::IntlCollator::collation):
3522         (JSC::IntlCollator::setCollation):
3523         (JSC::IntlCollator::numeric):
3524         (JSC::IntlCollator::setNumeric):
3525         (JSC::IntlCollator::sensitivity):
3526         (JSC::IntlCollator::setSensitivity):
3527         (JSC::IntlCollator::ignorePunctuation):
3528         (JSC::IntlCollator::setIgnorePunctuation):
3529         * runtime/IntlCollatorConstructor.cpp:
3530         (JSC::sortLocaleData):
3531         (JSC::searchLocaleData):
3532         (JSC::initializeCollator):
3533         (JSC::constructIntlCollator):
3534         (JSC::callIntlCollator):
3535         * runtime/IntlCollatorPrototype.cpp:
3536         (JSC::IntlCollatorPrototypeFuncResolvedOptions):
3537         * runtime/IntlObject.cpp:
3538         (JSC::defaultLocale):
3539         (JSC::getIntlBooleanOption):
3540         (JSC::getIntlStringOption):
3541         (JSC::removeUnicodeLocaleExtension):
3542         (JSC::lookupMatcher):
3543         (JSC::bestFitMatcher):
3544         (JSC::resolveLocale):
3545         (JSC::lookupSupportedLocales):
3546         * runtime/IntlObject.h:
3547
3548 2015-10-21  Saam barati  <sbarati@apple.com>
3549
3550         C calls in PolymorphicAccess shouldn't assume that the top of the stack looks like a JSC JIT frame and enable *ByIdFlush in FTL
3551         https://bugs.webkit.org/show_bug.cgi?id=125711
3552
3553         Reviewed by Filip Pizlo.
3554
3555         This patch ensures that anytime we need to make a C call inside
3556         PolymorphicAccess, we ensure there is enough space on the stack to do so.
3557
3558         This patch also enables GetByIdFlush/PutByIdFlush inside the FTL.
3559         Because PolymorphicAccess now spills the necessary registers
3560         before making a JS/C call, any registers that LLVM report as
3561         being in use for the patchpoint will be spilled before making
3562         a call by PolymorphicAccess.
3563
3564         * bytecode/PolymorphicAccess.cpp:
3565         (JSC::AccessGenerationState::restoreScratch):
3566         (JSC::AccessGenerationState::succeed):
3567         (JSC::AccessGenerationState::calculateLiveRegistersForCallAndExceptionHandling):
3568         (JSC::AccessCase::generate):
3569         (JSC::PolymorphicAccess::regenerate):
3570         * ftl/FTLCapabilities.cpp:
3571         (JSC::FTL::canCompile):
3572         * ftl/FTLLowerDFGToLLVM.cpp:
3573         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3574         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetById):
3575         (JSC::FTL::DFG::LowerDFGToLLVM::emitStoreBarrier):
3576         * jit/AssemblyHelpers.h:
3577         (JSC::AssemblyHelpers::emitTypeOf):
3578         (JSC::AssemblyHelpers::makeSpaceOnStackForCCall):
3579         (JSC::AssemblyHelpers::reclaimSpaceOnStackForCCall):
3580         * jit/RegisterSet.cpp:
3581         (JSC::RegisterSet::webAssemblyCalleeSaveRegisters):
3582         (JSC::RegisterSet::registersToNotSaveForJSCall):
3583         (JSC::RegisterSet::registersToNotSaveForCCall):
3584         (JSC::RegisterSet::allGPRs):
3585         (JSC::RegisterSet::registersToNotSaveForCall): Deleted.
3586         * jit/RegisterSet.h:
3587         (JSC::RegisterSet::set):
3588         * jit/ScratchRegisterAllocator.cpp:
3589         (JSC::ScratchRegisterAllocator::allocateScratchGPR):
3590         (JSC::ScratchRegisterAllocator::allocateScratchFPR):
3591         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
3592         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
3593         These methods now take an extra parameter indicating if they
3594         should create space for a C call at the top of the stack if
3595         there are any reused registers to spill.
3596
3597         (JSC::ScratchRegisterAllocator::usedRegistersForCall):
3598         * jit/ScratchRegisterAllocator.h:
3599         (JSC::ScratchRegisterAllocator::usedRegisters):
3600
3601 2015-10-21  Joseph Pecoraro  <pecoraro@apple.com>
3602
3603         Web Inspector: Array previews with Symbol objects have too few preview values
3604         https://bugs.webkit.org/show_bug.cgi?id=150404
3605
3606         Reviewed by Timothy Hatcher.
3607
3608         * inspector/InjectedScriptSource.js:
3609         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
3610         We should be continuing inside this loop not returning.
3611
3612 2015-10-21  Filip Pizlo  <fpizlo@apple.com>
3613
3614         Failures in PutStackSinkingPhase should be less severe
3615         https://bugs.webkit.org/show_bug.cgi?id=150400
3616
3617         Reviewed by Geoffrey Garen.
3618
3619         Make the PutStackSinkingPhase abort instead of asserting. To test that it's OK to not have
3620         PutStackSinkingPhase run, this adds a test mode where we run without PutStackSinkingPhase.
3621
3622         * dfg/DFGPlan.cpp: Make it possible to not run PutStackSinkingPhase for tests.
3623         (JSC::DFG::Plan::compileInThreadImpl):
3624         * dfg/DFGPutStackSinkingPhase.cpp: PutStackSinkingPhase should abort instead of asserting, except when validation is enabled.
3625         * runtime/Options.h: Add an option for disabling PutStackSinkingPhase.
3626
3627 2015-10-21  Saam barati  <sbarati@apple.com>
3628
3629         The FTL should place the CallSiteIndex on the call frame for JS calls when it fills in the patchpoint
3630         https://bugs.webkit.org/show_bug.cgi?id=150104
3631
3632         Reviewed by Filip Pizlo.
3633
3634         We lower JS Calls to patchpoints in LLVM. LLVM may decide to duplicate
3635         these patchpoints (or remove them). We eagerly store the CallSiteIndex on the 
3636         call frame when lowering DFG to LLVM. But, because the patchpoint we lower to may
3637         be duplicated, we really don't know the unique CallSiteIndex until we've
3638         actually seen the resulting patchpoints after LLVM has completed its transformations.
3639         To solve this, we now store the unique CallSiteIndex on the call frame header 
3640         when generating code to fill into the patchpoint.
3641
3642         * ftl/FTLCompile.cpp:
3643         (JSC::FTL::mmAllocateDataSection):
3644         * ftl/FTLJSCall.cpp:
3645         (JSC::FTL::JSCall::JSCall):
3646         (JSC::FTL::JSCall::emit):
3647         * ftl/FTLJSCall.h:
3648         (JSC::FTL::JSCall::stackmapID):
3649         * ftl/FTLJSCallBase.cpp:
3650         (JSC::FTL::JSCallBase::JSCallBase):
3651         (JSC::FTL::JSCallBase::emit):
3652         (JSC::FTL::JSCallBase::link):
3653         * ftl/FTLJSCallBase.h:
3654         * ftl/FTLJSCallVarargs.cpp:
3655         (JSC::FTL::JSCallVarargs::JSCallVarargs):
3656         (JSC::FTL::JSCallVarargs::numSpillSlotsNeeded):
3657         (JSC::FTL::JSCallVarargs::emit):
3658         * ftl/FTLJSCallVarargs.h:
3659         (JSC::FTL::JSCallVarargs::node):
3660         (JSC::FTL::JSCallVarargs::stackmapID):
3661         * ftl/FTLJSTailCall.cpp:
3662         (JSC::FTL::JSTailCall::JSTailCall):
3663         (JSC::FTL::m_instructionOffset):
3664         (JSC::FTL::JSTailCall::emit):
3665         * ftl/FTLLowerDFGToLLVM.cpp:
3666         (JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):
3667         (JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstructVarargs):
3668         (JSC::FTL::DFG::LowerDFGToLLVM::callPreflight):
3669         (JSC::FTL::DFG::LowerDFGToLLVM::codeOriginDescriptionOfCallSite):
3670         (JSC::FTL::DFG::LowerDFGToLLVM::callCheck):
3671
3672 2015-10-21  Geoffrey Garen  <ggaren@apple.com>
3673
3674         Date creation should share a little code
3675         https://bugs.webkit.org/show_bug.cgi?id=150399
3676
3677         Reviewed by Filip Pizlo.
3678
3679         I want to fix a bug in this code, but I don't want to fix it in two
3680         different places. (See https://bugs.webkit.org/show_bug.cgi?id=150386.)
3681
3682         * runtime/DateConstructor.cpp:
3683         (JSC::DateConstructor::getOwnPropertySlot):
3684         (JSC::milliseconds): Factored out a shared helper function. If you look
3685         closely, you'll see that one copy of this code previously checked isfinite
3686         while the other checked isnan. isnan returning nan was obviously a no-op,
3687         so I removed it. isfinite, it turns out, is also a no-op -- but less
3688         obviously so, so I kept it for now.
3689
3690         (JSC::constructDate):
3691         (JSC::dateUTC): Use the helper function.
3692
3693 2015-10-21  Guillaume Emont  <guijemont@igalia.com>
3694
3695         llint: align stack pointer on mips too
3696
3697         [MIPS] LLInt: align stack pointer on MIPS too
3698         https://bugs.webkit.org/show_bug.cgi?id=150380
3699
3700         Reviewed by Michael Saboff.
3701
3702         * llint/LowLevelInterpreter32_64.asm:
3703
3704 2015-10-20  Mark Lam  <mark.lam@apple.com>
3705
3706         YarrPatternConstructor::containsCapturingTerms() should not assume that its terms.size() is greater than 0.
3707         https://bugs.webkit.org/show_bug.cgi?id=150372
3708
3709         Reviewed by Geoffrey Garen.
3710
3711         * yarr/YarrPattern.cpp:
3712         (JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
3713         (JSC::Yarr::YarrPatternConstructor::optimizeBOL):
3714         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
3715         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
3716
3717 2015-10-20  Michael Saboff  <msaboff@apple.com>
3718
3719         REGRESSION (r191175): OSR Exit from an inlined tail callee trashes callee save registers
3720         https://bugs.webkit.org/show_bug.cgi?id=150336
3721
3722         Reviewed by Mark Lam.
3723
3724         During OSR exit, we need to restore and transform the active stack into what the baseline
3725         JIT expects.  Inlined call frames become true call frames.  When we reify an inlined call
3726         frame and it is a tail call which we will be continuing from, we need to restore the tag
3727         constant callee save registers with what was saved by the outermost caller.
3728
3729         Re-enabled tail calls and restored tests for tail calls.
3730
3731         * dfg/DFGOSRExitCompilerCommon.cpp:
3732         (JSC::DFG::reifyInlinedCallFrames): Select whether or not we use the callee save tag register
3733         contents or what was saved by the inlining caller when populating an inlined callee's
3734         callee save registers.
3735         * jit/AssemblyHelpers.h:
3736         (JSC::AssemblyHelpers::emitSaveCalleeSavesFor): This function no longer needs a stack offset.
3737         (JSC::AssemblyHelpers::emitSaveOrCopyCalleeSavesFor): New helper.
3738         * runtime/Options.h: Turned tail calls back on.
3739         * tests/es6.yaml:
3740         * tests/stress/dfg-tail-calls.js:
3741         (nonInlinedTailCall.callee):
3742         * tests/stress/mutual-tail-call-no-stack-overflow.js:
3743         (shouldThrow):
3744         * tests/stress/tail-call-in-inline-cache.js:
3745         (tail):
3746         * tests/stress/tail-call-no-stack-overflow.js:
3747         (shouldThrow):
3748         * tests/stress/tail-call-recognize.js:
3749         (callerMustBeRun):
3750         * tests/stress/tail-call-varargs-no-stack-overflow.js:
3751         (shouldThrow):
3752
3753 2015-10-20  Joseph Pecoraro  <pecoraro@apple.com>
3754
3755         Web Inspector: JavaScriptCore should parse sourceURL and sourceMappingURL directives
3756         https://bugs.webkit.org/show_bug.cgi?id=150096
3757
3758         Reviewed by Geoffrey Garen.
3759
3760         * inspector/ContentSearchUtilities.cpp:
3761         (Inspector::ContentSearchUtilities::scriptCommentPattern): Deleted.
3762         (Inspector::ContentSearchUtilities::findScriptSourceURL): Deleted.
3763         (Inspector::ContentSearchUtilities::findScriptSourceMapURL): Deleted.
3764         * inspector/ContentSearchUtilities.h:
3765         No longer need to search script content.
3766
3767         * inspector/ScriptDebugServer.cpp:
3768         (Inspector::ScriptDebugServer::dispatchDidParseSource):
3769         Carry over the sourceURL and sourceMappingURL from the SourceProvider.
3770
3771         * inspector/agents/InspectorDebuggerAgent.cpp:
3772         (Inspector::InspectorDebuggerAgent::sourceMapURLForScript):
3773         (Inspector::InspectorDebuggerAgent::didParseSource):
3774         No longer do content searching.
3775
3776         * parser/Lexer.cpp:
3777         (JSC::Lexer<T>::setCode):
3778         (JSC::Lexer<T>::skipWhitespace):
3779         (JSC::Lexer<T>::parseCommentDirective):
3780         (JSC::Lexer<T>::parseCommentDirectiveValue):
3781         (JSC::Lexer<T>::consume):
3782         (JSC::Lexer<T>::lex):
3783         * parser/Lexer.h:
3784         (JSC::Lexer::sourceURL):
3785         (JSC::Lexer::sourceMappingURL):
3786         (JSC::Lexer::sourceProvider): Deleted.
3787         Give lexer the ability to detect script comment directives.
3788         This just consumes characters in single line comments and
3789         ultimately sets the sourceURL or sourceMappingURL found.
3790
3791         * parser/Parser.h:
3792         (JSC::Parser<LexerType>::parse):
3793         * parser/SourceProvider.h:
3794         (JSC::SourceProvider::url):
3795         (JSC::SourceProvider::sourceURL):
3796         (JSC::SourceProvider::sourceMappingURL):
3797         (JSC::SourceProvider::setSourceURL):
3798         (JSC::SourceProvider::setSourceMappingURL):
3799         After parsing a script, update the Source Provider with the
3800         value of directives that may have been found in the script.
3801
3802 2015-10-20  Saam barati  <sbarati@apple.com>
3803
3804         GCAwareJITStubRoutineWithExceptionHandler has a stale CodeBlock pointer in its destructor
3805         https://bugs.webkit.org/show_bug.cgi?id=150351
3806
3807         Reviewed by Mark Lam.
3808
3809         We may regenerate many GCAwareJITStubRoutineWithExceptionHandler stubs per one PolymorphicAccess.
3810         Only the last GCAwareJITStubRoutineWithExceptionHandler stub that was generated will get the CodeBlock's aboutToDie()
3811         notification. All other GCAwareJITStubRoutineWithExceptionHandler stubs will still be holding a stale CodeBlock pointer
3812         that they will use in their destructor. The solution is to have GCAwareJITStubRoutineWithExceptionHandler remove its
3813         exception handler in observeZeroRefCount() instead of its destructor. observeZeroRefCount() will run when a PolymorphicAccess
3814         replaces its m_stubRoutine.
3815
3816         * jit/GCAwareJITStubRoutine.cpp:
3817         (JSC::GCAwareJITStubRoutineWithExceptionHandler::aboutToDie):
3818         (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
3819         (JSC::createJITStubRoutine):
3820         (JSC::GCAwareJITStubRoutineWithExceptionHandler::~GCAwareJITStubRoutineWithExceptionHandler): Deleted.
3821         * jit/GCAwareJITStubRoutine.h:
3822
3823 2015-10-20  Tim Horton  <timothy_horton@apple.com>
3824
3825         Try to fix the build by disabling MAC_GESTURE_EVENTS on 10.9 and 10.10
3826
3827         * Configurations/FeatureDefines.xcconfig:
3828
3829 2015-10-20  Xabier Rodriguez Calvar  <calvaris@igalia.com>
3830
3831         [Streams API] Rework some readable stream internals that can be common to writable streams
3832         https://bugs.webkit.org/show_bug.cgi?id=150133
3833
3834         Reviewed by Darin Adler.
3835
3836         * runtime/CommonIdentifiers.h:
3837         * runtime/JSGlobalObject.cpp:
3838         (JSC::JSGlobalObject::init): Added RangeError also as native functions.
3839
3840 2015-10-20  Yoav Weiss  <yoav@yoav.ws>
3841
3842         Rename the PICTURE_SIZES flag to CURRENTSRC
3843         https://bugs.webkit.org/show_bug.cgi?id=150275
3844
3845         Reviewed by Dean Jackson.
3846
3847         * Configurations/FeatureDefines.xcconfig:
3848
3849 2015-10-19  Saam barati  <sbarati@apple.com>
3850
3851         FTL should generate a unique OSR exit for each duplicated OSR exit stackmap intrinsic.
3852         https://bugs.webkit.org/show_bug.cgi?id=149970
3853
3854         Reviewed by Filip Pizlo.
3855
3856         When we lower DFG to LLVM, we generate a stackmap intrnsic for OSR 
3857         exits. We also recorded the OSR exit inside FTL::JITCode during lowering.
3858         This stackmap intrinsic may be duplicated or even removed by LLVM.
3859         When the stackmap intrinsic is duplicated, we used to generate just
3860         a single OSR exit data structure. Then, when we compiled an OSR exit, we 
3861         would look for the first record in the record list that had the same stackmap ID
3862         as what the OSR exit data structure had. We did this even when the OSR exit
3863         stackmap intrinsic was duplicated. This would lead us to grab the wrong FTL::StackMaps::Record.
3864
3865         Now, each OSR exit knows exactly which FTL::StackMaps::Record it corresponds to.
3866         We accomplish this by having an OSRExitDescriptor that is recorded during
3867         lowering. Each descriptor may be referenced my zero, one, or more OSRExits.
3868         Now, no more than one stackmap intrinsic corresponds to the same index inside 
3869         JITCode's OSRExit Vector. Also, each OSRExit jump now jumps to a code location.
3870
3871         * ftl/FTLCompile.cpp:
3872         (JSC::FTL::mmAllocateDataSection):
3873         * ftl/FTLJITCode.cpp:
3874         (JSC::FTL::JITCode::validateReferences):
3875         (JSC::FTL::JITCode::liveRegistersToPreserveAtExceptionHandlingCallSite):
3876         * ftl/FTLJITCode.h:
3877         * ftl/FTLJITFinalizer.cpp:
3878         (JSC::FTL::JITFinalizer::finalizeFunction):
3879         * ftl/FTLLowerDFGToLLVM.cpp:
3880         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
3881         (JSC::FTL::DFG::LowerDFGToLLVM::compileIsUndefined):
3882         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
3883         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
3884         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
3885         (JSC::FTL::DFG::LowerDFGToLLVM::callStackmap):
3886         * ftl/FTLOSRExit.cpp:
3887         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
3888         (JSC::FTL::OSRExitDescriptor::validateReferences):
3889         (JSC::FTL::OSRExit::OSRExit):
3890         (JSC::FTL::OSRExit::codeLocationForRepatch):
3891         (JSC::FTL::OSRExit::validateReferences): Deleted.
3892         * ftl/FTLOSRExit.h:
3893         (JSC::FTL::OSRExit::considerAddingAsFrequentExitSite):
3894         * ftl/FTLOSRExitCompilationInfo.h:
3895         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
3896         * ftl/FTLOSRExitCompiler.cpp:
3897         (JSC::FTL::compileStub):
3898         (JSC::FTL::compileFTLOSRExit):
3899         * ftl/FTLStackMaps.cpp:
3900         (JSC::FTL::StackMaps::computeRecordMap):
3901         * ftl/FTLStackMaps.h:
3902
3903 2015-10-16  Brian Burg  <bburg@apple.com>
3904
3905         Unify handling of JavaScriptCore scripts that are used in WebCore
3906         https://bugs.webkit.org/show_bug.cgi?id=150245
3907
3908         Reviewed by Alex Christensen.
3909
3910         Move all standalone JavaScriptCore scripts that are used by WebCore into the
3911         JavaScriptCore/Scripts directory. Use JavaScriptCore_SCRIPTS_DIR to refer
3912         to the path for these scripts.
3913
3914         * DerivedSources.make:
3915
3916             Define and use JavaScriptCore_SCRIPTS_DIR.
3917
3918         * JavaScriptCore.xcodeproj/project.pbxproj:
3919
3920             Make a new group in the Xcode project and clean up references.
3921
3922         * PlatformWin.cmake:
3923
3924             For Windows, copy these scripts over to ForwardingHeaders/Scripts since they
3925             cannot be used directly from JAVASCRIPTCORE_DIR in AppleWin builds. Do the same
3926             thing for both Windows variants to be consistent about it.
3927
3928         * Scripts/cssmin.py: Renamed from Source/JavaScriptCore/inspector/scripts/cssmin.py.
3929         * Scripts/generate-combined-inspector-json.py: Renamed from Source/JavaScriptCore/inspector/scripts/generate-combined-inspector-json.py.
3930         * Scripts/generate-js-builtins: Renamed from Source/JavaScriptCore/generate-js-builtins.
3931         * Scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/JavaScriptCore/inspector/scripts/inline-and-minify-stylesheets-and-scripts.py.
3932         * Scripts/jsmin.py: Renamed from Source/JavaScriptCore/inspector/scripts/jsmin.py.
3933         * Scripts/xxd.pl: Renamed from Source/JavaScriptCore/inspector/scripts/xxd.pl.
3934
3935 2015-10-19  Tim Horton  <timothy_horton@apple.com>
3936
3937         Try to fix the iOS build
3938
3939         * Configurations/FeatureDefines.xcconfig:
3940
3941 2015-10-17  Keith Miller  <keith_miller@apple.com>
3942
3943         Add regression tests for TypedArray.prototype functions' error messages.
3944         https://bugs.webkit.org/show_bug.cgi?id=150288
3945
3946         Reviewed by Darin Adler.
3947
3948         Fix a typo in the text passed by TypedArrray.prototype.filter type error message.
3949         Add tests that check the actual error message text for all the TypeArray.prototype
3950         functions that throw.
3951
3952         * builtins/TypedArray.prototype.js:
3953         (filter):
3954         * tests/stress/typedarray-every.js: