1 2018-03-26 Filip Pizlo <fpizlo@apple.com>
3 DFG should know that CreateThis can be effectful
4 https://bugs.webkit.org/show_bug.cgi?id=184013
6 Reviewed by Saam Barati.
8 As shown in the tests added in JSTests, CreateThis can be effectful if the constructor this
11 * dfg/DFGAbstractInterpreterInlines.h:
12 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
13 * dfg/DFGClobberize.h:
14 (JSC::DFG::clobberize):
16 2018-03-25 Saam Barati <sbarati@apple.com>
18 Fix typo in JSC option name
19 https://bugs.webkit.org/show_bug.cgi?id=184001
23 enableJITDebugAssetions => enableJITDebugAssertions.
25 * assembler/MacroAssembler.cpp:
26 (JSC::MacroAssembler::jitAssert):
29 2018-03-25 Saam Barati <sbarati@apple.com>
31 r228149 accidentally removed code that resets m_emptyCursor at the end of a GC
32 https://bugs.webkit.org/show_bug.cgi?id=183995
34 Reviewed by Filip Pizlo.
36 The removal of this line of code was unintended and happened during some
37 refactoring Fil was doing. The consequence of removing this line of code
38 is that the m_emptyCursor became a monotonically increasing integer, leading
39 the cursor to usually being out of bounds of the block range (depending on
40 what the program is doing). This made the functionality of finding an empty
41 block to steal almost always fail.
43 * heap/BlockDirectory.cpp:
44 (JSC::BlockDirectory::prepareForAllocation):
46 2018-03-22 Yusuke Suzuki <utatane.tea@gmail.com>
48 [DFG] Introduces fused compare and jump
49 https://bugs.webkit.org/show_bug.cgi?id=177100
53 This patch introduces op_jeq, op_jneq, op_jstricteq, and op_jnstricteq.
56 1. They are introduced due to the similar purpose to op_jless etc. It aligns
57 op_eq families to op_jless families.
59 2. It reduces the size of bytecode to represent the typical code sequence.
61 3. It offers the way to fuse check and jump in DFG code generation. Since
62 we have MovHint between Branch and CompareEq/CompareStrictEq previously,
63 we cannot do this optimization. It reduces the machine code size in DFG too.
65 It slightly improves Octane/boyer.
67 boyer 6.18038+-0.05002 ^ 6.06990+-0.04176 ^ definitely 1.0182x faster
69 * bytecode/BytecodeDumper.cpp:
70 (JSC::BytecodeDumper<Block>::dumpBytecode):
71 * bytecode/BytecodeList.json:
72 * bytecode/BytecodeUseDef.h:
73 (JSC::computeUsesForBytecodeOffset):
74 (JSC::computeDefsForBytecodeOffset):
77 * bytecode/PreciseJumpTargetsInlines.h:
78 (JSC::extractStoredJumpTargetsForBytecodeOffset):
79 * bytecompiler/BytecodeGenerator.cpp:
80 (JSC::BytecodeGenerator::emitJumpIfTrue):
81 (JSC::BytecodeGenerator::emitJumpIfFalse):
82 * dfg/DFGByteCodeParser.cpp:
83 (JSC::DFG::ByteCodeParser::parseBlock):
84 * dfg/DFGCapabilities.cpp:
85 (JSC::DFG::capabilityLevel):
86 * dfg/DFGOperations.cpp:
87 * dfg/DFGOperations.h:
88 * dfg/DFGSpeculativeJIT.cpp:
89 (JSC::DFG::SpeculativeJIT::compileStrictEq):
91 (JSC::JIT::privateCompileMainPass):
92 (JSC::JIT::privateCompileSlowCases):
95 (JSC::JIT::emit_op_jeq):
96 (JSC::JIT::emit_op_neq):
97 (JSC::JIT::emit_op_jneq):
98 (JSC::JIT::compileOpStrictEq):
99 (JSC::JIT::emit_op_stricteq):
100 (JSC::JIT::emit_op_nstricteq):
101 (JSC::JIT::compileOpStrictEqJump):
102 (JSC::JIT::emit_op_jstricteq):
103 (JSC::JIT::emit_op_jnstricteq):
104 (JSC::JIT::emitSlow_op_jstricteq):
105 (JSC::JIT::emitSlow_op_jnstricteq):
106 (JSC::JIT::emitSlow_op_jeq):
107 (JSC::JIT::emitSlow_op_jneq):
108 * jit/JITOpcodes32_64.cpp:
109 (JSC::JIT::emitSlow_op_eq):
110 (JSC::JIT::emit_op_jeq):
111 (JSC::JIT::compileOpEqJumpSlow):
112 (JSC::JIT::emitSlow_op_jeq):
113 (JSC::JIT::emit_op_jneq):
114 (JSC::JIT::emitSlow_op_jneq):
115 (JSC::JIT::compileOpStrictEq):
116 (JSC::JIT::emit_op_stricteq):
117 (JSC::JIT::emit_op_nstricteq):
118 (JSC::JIT::compileOpStrictEqJump):
119 (JSC::JIT::emit_op_jstricteq):
120 (JSC::JIT::emit_op_jnstricteq):
121 (JSC::JIT::emitSlow_op_jstricteq):
122 (JSC::JIT::emitSlow_op_jnstricteq):
123 * jit/JITOperations.cpp:
124 * jit/JITOperations.h:
125 * llint/LLIntSlowPaths.cpp:
126 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
127 * llint/LLIntSlowPaths.h:
128 * llint/LowLevelInterpreter.asm:
129 * llint/LowLevelInterpreter32_64.asm:
130 * llint/LowLevelInterpreter64.asm:
132 2018-03-24 Yusuke Suzuki <utatane.tea@gmail.com>
134 [JSC] Improve constants and add comments for CodeBlockHash
135 https://bugs.webkit.org/show_bug.cgi?id=183982
137 Rubber-stamped by Mark Lam.
139 * bytecode/CodeBlockHash.cpp:
140 (JSC::CodeBlockHash::CodeBlockHash):
141 * bytecode/ParseHash.cpp:
142 (JSC::ParseHash::ParseHash):
144 2018-03-24 Yusuke Suzuki <utatane.tea@gmail.com>
146 [JSC] Add options to report parsing and bytecode compiling times
147 https://bugs.webkit.org/show_bug.cgi?id=183982
149 Reviewed by Mark Lam.
151 This patch adds reportParseTimes and reportBytecodeCompileTimes options.
152 When they are enabled, JSC reports times consumed for parsing and bytecode
155 * JavaScriptCore.xcodeproj/project.pbxproj:
157 * bytecode/ParseHash.cpp: Added.
158 (JSC::ParseHash::ParseHash):
159 * bytecode/ParseHash.h: Added.
160 (JSC::ParseHash::hashForCall const):
161 (JSC::ParseHash::hashForConstruct const):
162 * bytecode/UnlinkedFunctionExecutable.cpp:
163 (JSC::generateUnlinkedFunctionCodeBlock):
164 * bytecompiler/BytecodeGenerator.h:
165 (JSC::BytecodeGenerator::generate):
168 * runtime/CodeCache.h:
169 (JSC::generateUnlinkedCodeBlock):
172 2018-03-24 Yusuke Suzuki <utatane.tea@gmail.com>
174 [JIT] Drop ENABLE_JIT_VERBOSE flag
175 https://bugs.webkit.org/show_bug.cgi?id=183983
177 Reviewed by Mark Lam.
179 Just use JITInternal::verbose value.
182 (JSC::JIT::privateCompileMainPass):
183 (JSC::JIT::privateCompileSlowCases):
186 2018-03-23 Tim Horton <timothy_horton@apple.com>
188 Fix the build with no pasteboard
189 https://bugs.webkit.org/show_bug.cgi?id=183973
191 Reviewed by Dan Bernstein.
193 * Configurations/FeatureDefines.xcconfig:
195 2018-03-23 Mark Lam <mark.lam@apple.com>
197 LLInt TypeArray pointer poisoning should not pick its poison dynamically.
198 https://bugs.webkit.org/show_bug.cgi?id=183942
199 <rdar://problem/38798018>
201 Reviewed by JF Bastien.
203 1. Move the LLInt TypedArray unpoisoning to just before the array access after
205 2. Renamed FirstArrayType to FirstTypedArrayType to match the symbol in C++ code.
206 3. Remove a useless instruction in the implementation of emitX86Lea for a global
209 * llint/LowLevelInterpreter.asm:
210 * llint/LowLevelInterpreter64.asm:
213 2018-03-23 Mark Lam <mark.lam@apple.com>
215 Add more support for pointer profiling.
216 https://bugs.webkit.org/show_bug.cgi?id=183943
217 <rdar://problem/38799068>
219 Reviewed by JF Bastien.
221 * assembler/ARM64Assembler.h:
222 (JSC::ARM64Assembler::linkJumpOrCall):
223 * assembler/AbstractMacroAssembler.h:
224 (JSC::AbstractMacroAssembler::repatchNearCall):
225 (JSC::AbstractMacroAssembler::tagReturnAddress):
226 (JSC::AbstractMacroAssembler::untagReturnAddress):
228 2018-03-23 Yusuke Suzuki <utatane.tea@gmail.com>
230 [WTF] Add standard containers with FastAllocator specialization
231 https://bugs.webkit.org/show_bug.cgi?id=183789
233 Reviewed by Darin Adler.
235 * b3/air/testair.cpp:
237 (JSC::B3::testDoubleLiteralComparison):
238 (JSC::B3::testFloatEqualOrUnorderedFoldingNaN):
240 * dfg/DFGIntegerCheckCombiningPhase.cpp:
241 * dfg/DFGObjectAllocationSinkingPhase.cpp:
242 * ftl/FTLLowerDFGToB3.cpp:
243 (JSC::FTL::DFG::LowerDFGToB3::switchStringSlow):
244 * runtime/FunctionHasExecutedCache.h:
245 * runtime/TypeLocationCache.h:
247 2018-03-23 Yusuke Suzuki <utatane.tea@gmail.com>
249 [FTL] Fix ArrayPush(ArrayStorage)'s abstract heap
250 https://bugs.webkit.org/show_bug.cgi?id=182960
252 Reviewed by Saam Barati.
254 This patch fixes ArrayPush(ArrayStorage)'s abstract heap.
255 It should always touch ArrayStorage_vector. To unify
256 vector setting code for the real ArrayStorage_vector and
257 ScratchBuffer, we use ArrayStorage_vector.atAnyIndex() to
260 * ftl/FTLLowerDFGToB3.cpp:
261 (JSC::FTL::DFG::LowerDFGToB3::compileArrayPush):
263 2018-03-23 Zan Dobersek <zdobersek@igalia.com>
265 Unreviewed build fix for GCC 4.9 builds.
267 * assembler/MacroAssemblerCodeRef.h: std::is_trivially_copyable<> isn't
268 supported in 4.9 libstdc++, so wrap the static assert using it in a
269 COMPILER_SUPPORTS() macro, and use __is_trivially_copyable() builtin,
270 as is done in bitwise_cast() in StdLibExtras.h.
272 2018-03-22 Tim Horton <timothy_horton@apple.com>
274 Adopt WK_ALTERNATE_FRAMEWORKS_DIR in WebCore
275 https://bugs.webkit.org/show_bug.cgi?id=183930
276 <rdar://problem/38782249>
278 Reviewed by Dan Bernstein.
280 * JavaScriptCore.xcodeproj/project.pbxproj:
282 2018-03-22 Mark Lam <mark.lam@apple.com>
284 Add placeholder call and jump MacroAssembler emitters that take PtrTag in a register.
285 https://bugs.webkit.org/show_bug.cgi?id=183914
286 <rdar://problem/38763536>
288 Reviewed by Saam Barati and JF Bastien.
290 This is in preparation for supporting pointer profiling work.
292 * assembler/MacroAssemblerARM.h:
293 (JSC::MacroAssemblerARM::jump):
294 (JSC::MacroAssemblerARM::call):
295 * assembler/MacroAssemblerARM64.h:
296 (JSC::MacroAssemblerARM64::call):
297 (JSC::MacroAssemblerARM64::jump):
298 * assembler/MacroAssemblerARMv7.h:
299 (JSC::MacroAssemblerARMv7::jump):
300 (JSC::MacroAssemblerARMv7::call):
301 * assembler/MacroAssemblerMIPS.h:
302 (JSC::MacroAssemblerMIPS::jump):
303 (JSC::MacroAssemblerMIPS::call):
304 * assembler/MacroAssemblerX86.h:
305 (JSC::MacroAssemblerX86::call):
306 (JSC::MacroAssemblerX86::jump):
307 * assembler/MacroAssemblerX86Common.h:
308 (JSC::MacroAssemblerX86Common::jump):
309 (JSC::MacroAssemblerX86Common::call):
310 * assembler/MacroAssemblerX86_64.h:
311 (JSC::MacroAssemblerX86_64::call):
312 (JSC::MacroAssemblerX86_64::jump):
314 2018-03-22 Tim Horton <timothy_horton@apple.com>
316 Improve readability of WebCore's OTHER_LDFLAGS
317 https://bugs.webkit.org/show_bug.cgi?id=183909
318 <rdar://problem/38760992>
320 Reviewed by Dan Bernstein.
322 * Configurations/Base.xcconfig:
323 * Configurations/FeatureDefines.xcconfig:
325 2018-03-22 Dominik Infuehr <dinfuehr@igalia.com>
327 [ARM] Thumb: Do not decorate bottom bit twice
328 https://bugs.webkit.org/show_bug.cgi?id=183906
330 Reviewed by Mark Lam.
332 Use MacroAssemblerCodePtr::createFromExecutableAddress instead of
333 MacroAssemblerCodePtr(void*) to avoid decorating the pointer twice as
337 (JSC::linkPolymorphicCall):
339 2018-03-22 Yusuke Suzuki <utatane.tea@gmail.com>
341 [JSC] Clear MustGenerate for ToString(Number) converted from NumberToStringWithRadix
342 https://bugs.webkit.org/show_bug.cgi?id=183559
344 Reviewed by Mark Lam.
346 When converting NumberToStringWithRadix to ToString(Int52/Int32/Double), we forget
347 to clear NodeMustGenerate for this ToString. It should be since it does not have
348 any user-observable side effect. This patch clears NodeMustGenerate.
350 * dfg/DFGConstantFoldingPhase.cpp:
351 (JSC::DFG::ConstantFoldingPhase::foldConstants):
353 2018-03-22 Yusuke Suzuki <utatane.tea@gmail.com>
355 [JSC] List up all candidates in DFGCapabilities and FTLCapabilities
356 https://bugs.webkit.org/show_bug.cgi?id=183897
358 Reviewed by Mark Lam.
360 We should not use `default:` clause here since it accidentally catches
361 the opcode and DFG nodes which should be optimized. For example,
362 op_super_sampler_begin and op_super_sampler_end are not listed while
363 they have DFG and FTL backend.
365 This patch lists up all candiates in DFGCapabilities and FTLCapabilities.
366 And we also clean up unnecessary checks in FTLCapabilities. Since we
367 already handles all the possible array types for these nodes (which can
368 be checked in DFG's code), we do not need to check array types.
370 We also fix FTLLowerDFGToB3' PutByVal code to use modeForPut.
372 * dfg/DFGCapabilities.cpp:
373 (JSC::DFG::capabilityLevel):
374 * ftl/FTLCapabilities.cpp:
375 (JSC::FTL::canCompile):
376 * ftl/FTLLowerDFGToB3.cpp:
377 (JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
379 2018-03-22 Yusuke Suzuki <utatane.tea@gmail.com>
381 [JSC] Drop op_put_by_index
382 https://bugs.webkit.org/show_bug.cgi?id=183899
384 Reviewed by Mark Lam.
386 This patch drops op_put_by_index.
388 1. This functionality can be just covered by direct put_by_val.
389 2. put_by_index is not well optimized. It is just calling a C
390 function. And it does not have DFG handling.
392 * bytecode/BytecodeDumper.cpp:
393 (JSC::BytecodeDumper<Block>::dumpBytecode):
394 * bytecode/BytecodeList.json:
395 * bytecode/BytecodeUseDef.h:
396 (JSC::computeUsesForBytecodeOffset):
397 (JSC::computeDefsForBytecodeOffset):
398 * bytecompiler/BytecodeGenerator.cpp:
399 (JSC::BytecodeGenerator::emitPutByIndex): Deleted.
400 * bytecompiler/BytecodeGenerator.h:
401 * bytecompiler/NodesCodegen.cpp:
402 (JSC::ArrayNode::emitBytecode):
403 (JSC::ArrayPatternNode::emitDirectBinding):
405 (JSC::JIT::privateCompileMainPass):
407 * jit/JITPropertyAccess.cpp:
408 (JSC::JIT::emit_op_put_by_index): Deleted.
409 * jit/JITPropertyAccess32_64.cpp:
410 (JSC::JIT::emit_op_put_by_index): Deleted.
411 * llint/LLIntSlowPaths.cpp:
412 * llint/LLIntSlowPaths.h:
413 * llint/LowLevelInterpreter.asm:
415 2018-03-22 Michael Saboff <msaboff@apple.com>
417 Race Condition in arrayProtoFuncReverse() causes wrong results or crash
418 https://bugs.webkit.org/show_bug.cgi?id=183901
420 Reviewed by Keith Miller.
422 Added write barriers to ensure the reversed contents are properly marked.
424 * runtime/ArrayPrototype.cpp:
425 (JSC::arrayProtoFuncReverse):
427 2018-03-21 Filip Pizlo <fpizlo@apple.com>
429 ScopedArguments should do poisoning and index masking
430 https://bugs.webkit.org/show_bug.cgi?id=183863
432 Reviewed by Mark Lam.
434 This outlines the ScopedArguments overflow storage and adds poisoning.
436 * bytecode/AccessCase.cpp:
437 (JSC::AccessCase::generateWithGuard):
438 * dfg/DFGSpeculativeJIT.cpp:
439 (JSC::DFG::SpeculativeJIT::compileGetByValOnScopedArguments):
440 (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
441 * ftl/FTLAbstractHeapRepository.h:
442 * ftl/FTLLowerDFGToB3.cpp:
443 (JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength):
444 (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
445 * jit/JITPropertyAccess.cpp:
446 (JSC::JIT::emitScopedArgumentsGetByVal):
447 * runtime/JSCPoison.h:
448 * runtime/ScopedArguments.cpp:
449 (JSC::ScopedArguments::ScopedArguments):
450 (JSC::ScopedArguments::createUninitialized):
451 (JSC::ScopedArguments::visitChildren):
452 * runtime/ScopedArguments.h:
454 2018-03-21 Mark Lam <mark.lam@apple.com>
456 Refactor the PtrTag list as a macro so that we can auto-generate code that enumerates each PtrTag.
457 https://bugs.webkit.org/show_bug.cgi?id=183861
458 <rdar://problem/38716822>
460 Reviewed by Filip Pizlo.
462 Also added ptrTagName() to aid debugging. ptrTagName() is implemented using this
463 new PtrTag macro list.
466 * JavaScriptCore.xcodeproj/project.pbxproj:
468 * runtime/PtrTag.cpp: Added.
472 2018-03-21 Mark Lam <mark.lam@apple.com>
474 Use CodeBlock::instructions()[] and CodeBlock::bytecodeOffset() instead of doing own pointer math.
475 https://bugs.webkit.org/show_bug.cgi?id=183857
476 <rdar://problem/38712184>
478 Reviewed by JF Bastien.
480 We should avoid doing pointer math with CodeBlock::instructions().begin().
481 Instead, we should use the operator[] that comes with CodeBlock::instructions()
482 for computing an Instruction*, and use CodeBlock::bytecodeOffset() for computing
483 the bytecode offset of a given Instruction*. These methods will do assertions
484 which helps catch bugs sooner, plus they are more descriptive of the operation
487 * bytecode/BytecodeKills.h:
488 (JSC::BytecodeKills::operandIsKilled const):
489 (JSC::BytecodeKills::forEachOperandKilledAt const):
490 * bytecode/CallLinkStatus.cpp:
491 (JSC::CallLinkStatus::computeFromLLInt):
492 * bytecode/CodeBlock.cpp:
493 (JSC::CodeBlock::dumpBytecode):
494 (JSC::CodeBlock::arithProfileForBytecodeOffset):
495 (JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex):
496 * bytecode/GetByIdStatus.cpp:
497 (JSC::GetByIdStatus::computeFromLLInt):
498 * bytecode/PutByIdStatus.cpp:
499 (JSC::PutByIdStatus::computeFromLLInt):
500 * dfg/DFGByteCodeParser.cpp:
501 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
502 * dfg/DFGOSRExit.cpp:
503 (JSC::DFG::reifyInlinedCallFrames):
504 * dfg/DFGOSRExitCompilerCommon.cpp:
505 (JSC::DFG::reifyInlinedCallFrames):
506 * interpreter/CallFrame.cpp:
507 (JSC::CallFrame::callSiteBitsAsBytecodeOffset const):
508 (JSC::CallFrame::currentVPC const):
509 (JSC::CallFrame::setCurrentVPC):
511 (JSC::JIT::compileOpCall):
513 (JSC::JIT::updateTopCallFrame):
514 (JSC::JIT::copiedInstruction):
515 * jit/JITOpcodes.cpp:
516 (JSC::JIT::privateCompileHasIndexedProperty):
517 * jit/JITOpcodes32_64.cpp:
518 (JSC::JIT::privateCompileHasIndexedProperty):
519 * jit/JITPropertyAccess.cpp:
520 (JSC::JIT::privateCompileGetByVal):
521 (JSC::JIT::privateCompileGetByValWithCachedId):
522 (JSC::JIT::privateCompilePutByVal):
523 (JSC::JIT::privateCompilePutByValWithCachedId):
524 * jit/SlowPathCall.h:
525 (JSC::JITSlowPathCall::call):
526 * llint/LLIntSlowPaths.cpp:
527 (JSC::LLInt::llint_trace_operand):
528 (JSC::LLInt::llint_trace_value):
529 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
530 (JSC::LLInt::setupGetByIdPrototypeCache): Deleted.
531 (JSC::LLInt::getByVal): Deleted.
532 (JSC::LLInt::handleHostCall): Deleted.
533 (JSC::LLInt::setUpCall): Deleted.
534 (JSC::LLInt::genericCall): Deleted.
535 (JSC::LLInt::varargsSetup): Deleted.
536 (JSC::LLInt::llint_throw_stack_overflow_error): Deleted.
537 (JSC::LLInt::llint_stack_check_at_vm_entry): Deleted.
538 (JSC::LLInt::llint_write_barrier_slow): Deleted.
539 (JSC::LLInt::llint_crash): Deleted.
540 * runtime/SamplingProfiler.cpp:
541 (JSC::tryGetBytecodeIndex):
543 2018-03-21 Keith Miller <keith_miller@apple.com>
545 btjs should print the bytecode offset in the stack trace for JS frames
546 https://bugs.webkit.org/show_bug.cgi?id=183856
548 Reviewed by Filip Pizlo.
550 * interpreter/CallFrame.cpp:
551 (JSC::CallFrame::bytecodeOffset):
552 (JSC::CallFrame::dump):
554 2018-03-21 Carlos Garcia Campos <cgarcia@igalia.com>
556 Unreviewed. Fix GTK and WPE debug build after r229798.
558 Fix a typo in an ASSERT. Also convert several RELEASE_ASSERT to ASSERT that I forgot to do before landing.
560 * API/glib/JSCCallbackFunction.cpp:
561 (JSC::JSCCallbackFunction::JSCCallbackFunction):
562 * API/glib/JSCContext.cpp:
563 (jscContextSetVirtualMachine):
564 (jscContextGetJSContext):
566 (jscContextHandleExceptionIfNeeded):
567 * API/glib/JSCValue.cpp:
568 (jscValueCallFunction):
569 * API/glib/JSCVirtualMachine.cpp:
572 (jscVirtualMachineSetContextGroup):
573 (jscVirtualMachineAddContext):
574 (jscVirtualMachineRemoveContext):
575 * API/glib/JSCWrapperMap.cpp:
576 (JSC::WrapperMap::gobjectWrapper):
577 (JSC::WrapperMap::unwrap):
578 (JSC::WrapperMap::registerClass):
579 (JSC::WrapperMap::createJSWrappper):
580 (JSC::WrapperMap::wrappedObject const):
582 2018-03-21 Carlos Garcia Campos <cgarcia@igalia.com>
584 [GTK][WPE] JSC bindings not introspectable
585 https://bugs.webkit.org/show_bug.cgi?id=136989
587 Reviewed by Michael Catanzaro.
589 Make it possible to include individual headers when building WebKit layer.
591 * API/glib/JSCAutocleanups.h:
592 * API/glib/JSCClass.h:
593 * API/glib/JSCContext.h:
594 * API/glib/JSCException.h:
595 * API/glib/JSCValue.h:
596 * API/glib/JSCVersion.h.in:
597 * API/glib/JSCVirtualMachine.h:
599 2018-03-21 Carlos Garcia Campos <cgarcia@igalia.com>
601 [GTK][WPE] Initial implementation of JavaScriptCore glib bindings
602 https://bugs.webkit.org/show_bug.cgi?id=164061
604 Reviewed by Michael Catanzaro.
606 Add initial GLib API for JavaScriptCore.
608 * API/JSAPIWrapperObject.h:
609 * API/glib/JSAPIWrapperObjectGLib.cpp: Added.
610 (jsAPIWrapperObjectHandleOwner):
611 (JSAPIWrapperObjectHandleOwner::finalize):
612 (JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots):
613 (JSC::JSCallbackObject<JSAPIWrapperObject>::createStructure):
614 (JSC::JSAPIWrapperObject::JSAPIWrapperObject):
615 (JSC::JSAPIWrapperObject::finishCreation):
616 (JSC::JSAPIWrapperObject::setWrappedObject):
617 (JSC::JSAPIWrapperObject::visitChildren):
618 * API/glib/JSCAutocleanups.h: Added.
619 * API/glib/JSCCallbackFunction.cpp: Added.
620 (JSC::callAsFunction):
621 (JSC::callAsConstructor):
622 (JSC::JSCCallbackFunction::create):
623 (JSC::JSCCallbackFunction::JSCCallbackFunction):
624 (JSC::JSCCallbackFunction::call):
625 (JSC::JSCCallbackFunction::construct):
626 (JSC::JSCCallbackFunction::destroy):
627 * API/glib/JSCCallbackFunction.h: Added.
628 (JSC::JSCCallbackFunction::createStructure):
629 (JSC::JSCCallbackFunction::functionCallback):
630 (JSC::JSCCallbackFunction::constructCallback):
631 * API/glib/JSCClass.cpp: Added.
632 (jscClassGetProperty):
633 (jscClassSetProperty):
635 (jscClassConstructed):
636 (jsc_class_class_init):
638 (jscClassGetJSClass):
639 (jscClassGetOrCreateJSWrapper):
640 (jscClassInvalidate):
641 (jsc_class_get_name):
642 (jsc_class_get_parent):
643 (jsc_class_add_constructor):
644 (jsc_class_add_method):
645 (jsc_class_add_property):
646 * API/glib/JSCClass.h: Added.
647 * API/glib/JSCClassPrivate.h: Added.
648 * API/glib/JSCContext.cpp: Added.
649 (ExceptionHandler::ExceptionHandler):
650 (ExceptionHandler::~ExceptionHandler):
651 (jscContextSetVirtualMachine):
652 (jscContextGetProperty):
653 (jscContextSetProperty):
654 (jscContextConstructed):
656 (jsc_context_class_init):
657 (jscContextGetOrCreate):
658 (jscContextGetJSContext):
660 (jscContextGetOrCreateValue):
661 (jscContextValueDestroyed):
662 (jscContextGetJSWrapper):
663 (jscContextGetOrCreateJSWrapper):
664 (jscContextWrappedObject):
665 (jscContextPushCallback):
666 (jscContextPopCallback):
667 (jscContextGArrayToJSArray):
668 (jscContextJSArrayToGArray):
669 (jscContextGValueToJSValue):
670 (jscContextJSValueToGValue):
672 (jsc_context_new_with_virtual_machine):
673 (jsc_context_get_virtual_machine):
674 (jsc_context_get_exception):
676 (jsc_context_throw_exception):
677 (jsc_context_push_exception_handler):
678 (jsc_context_pop_exception_handler):
679 (jscContextHandleExceptionIfNeeded):
680 (jsc_context_get_current):
681 (jsc_context_evaluate):
682 (jsc_context_evaluate_with_source_uri):
683 (jsc_context_set_value):
684 (jsc_context_get_value):
685 (jsc_context_register_class):
686 * API/glib/JSCContext.h: Added.
687 * API/glib/JSCContextPrivate.h: Added.
688 * API/glib/JSCDefines.h: Copied from Source/JavaScriptCore/API/JSAPIWrapperObject.h.
689 * API/glib/JSCException.cpp: Added.
690 (jscExceptionDispose):
691 (jsc_exception_class_init):
692 (jscExceptionCreate):
693 (jscExceptionGetJSValue):
694 (jscExceptionEnsureProperties):
696 (jsc_exception_get_message):
697 (jsc_exception_get_line_number):
698 (jsc_exception_get_source_uri):
699 * API/glib/JSCException.h: Added.
700 * API/glib/JSCExceptionPrivate.h: Added.
701 * API/glib/JSCGLibWrapperObject.h: Added.
702 (JSC::JSCGLibWrapperObject::JSCGLibWrapperObject):
703 (JSC::JSCGLibWrapperObject::~JSCGLibWrapperObject):
704 (JSC::JSCGLibWrapperObject::object const):
705 * API/glib/JSCValue.cpp: Added.
706 (jscValueGetProperty):
707 (jscValueSetProperty):
709 (jsc_value_class_init):
710 (jscValueGetJSValue):
712 (jsc_value_get_context):
713 (jsc_value_new_undefined):
714 (jsc_value_is_undefined):
715 (jsc_value_new_null):
717 (jsc_value_new_number):
718 (jsc_value_is_number):
719 (jsc_value_to_double):
720 (jsc_value_to_int32):
721 (jsc_value_new_boolean):
722 (jsc_value_is_boolean):
723 (jsc_value_to_boolean):
724 (jsc_value_new_string):
725 (jsc_value_is_string):
726 (jsc_value_to_string):
727 (jsc_value_new_array):
728 (jsc_value_new_array_from_garray):
729 (jsc_value_is_array):
730 (jsc_value_new_object):
731 (jsc_value_is_object):
732 (jsc_value_object_is_instance_of):
733 (jsc_value_object_set_property):
734 (jsc_value_object_get_property):
735 (jsc_value_object_set_property_at_index):
736 (jsc_value_object_get_property_at_index):
737 (jscValueCallFunction):
738 (jsc_value_object_invoke_method):
739 (jsc_value_object_define_property_data):
740 (jsc_value_object_define_property_accessor):
741 (jsc_value_new_function):
742 (jsc_value_is_function):
743 (jsc_value_function_call):
744 (jsc_value_is_constructor):
745 (jsc_value_constructor_call):
746 * API/glib/JSCValue.h: Added.
747 * API/glib/JSCValuePrivate.h: Added.
748 * API/glib/JSCVersion.cpp: Added.
749 (jsc_get_major_version):
750 (jsc_get_minor_version):
751 (jsc_get_micro_version):
752 * API/glib/JSCVersion.h.in: Added.
753 * API/glib/JSCVirtualMachine.cpp: Added.
756 (jscVirtualMachineSetContextGroup):
757 (jscVirtualMachineEnsureContextGroup):
758 (jscVirtualMachineDispose):
759 (jsc_virtual_machine_class_init):
760 (jscVirtualMachineGetOrCreate):
761 (jscVirtualMachineGetContextGroup):
762 (jscVirtualMachineAddContext):
763 (jscVirtualMachineRemoveContext):
764 (jscVirtualMachineGetContext):
765 (jsc_virtual_machine_new):
766 * API/glib/JSCVirtualMachine.h: Added.
767 * API/glib/JSCVirtualMachinePrivate.h: Added.
768 * API/glib/JSCWrapperMap.cpp: Added.
769 (JSC::WrapperMap::WrapperMap):
770 (JSC::WrapperMap::~WrapperMap):
771 (JSC::WrapperMap::gobjectWrapper):
772 (JSC::WrapperMap::unwrap):
773 (JSC::WrapperMap::registerClass):
774 (JSC::WrapperMap::createJSWrappper):
775 (JSC::WrapperMap::jsWrapper const):
776 (JSC::WrapperMap::wrappedObject const):
777 * API/glib/JSCWrapperMap.h: Added.
778 * API/glib/docs/jsc-glib-4.0-sections.txt: Added.
779 * API/glib/docs/jsc-glib-4.0.types: Added.
780 * API/glib/docs/jsc-glib-docs.sgml: Added.
781 * API/glib/jsc.h: Added.
784 * JavaScriptCore.gir.in: Removed.
788 (JSC::Heap::releaseDelayedReleasedObjects):
790 * heap/HeapInlines.h:
791 (JSC::Heap::releaseSoon):
792 * javascriptcoregtk.pc.in:
793 * runtime/JSGlobalObject.cpp:
794 (JSC::JSGlobalObject::init):
795 (JSC::JSGlobalObject::visitChildren):
796 (JSC::JSGlobalObject::setWrapperMap):
797 * runtime/JSGlobalObject.h:
798 (JSC::JSGlobalObject::glibCallbackFunctionStructure const):
799 (JSC::JSGlobalObject::glibWrapperObjectStructure const):
800 (JSC::JSGlobalObject::wrapperMap const):
802 2018-03-21 Christopher Reid <chris.reid@sony.com>
804 Windows 64-bit build fix after r229767
805 https://bugs.webkit.org/show_bug.cgi?id=183810
807 Reviewed by Mark Lam.
809 Removing an extra parameter in the call to m_assember::call.
811 * assembler/MacroAssemblerX86_64.h:
813 2018-03-20 Dan Bernstein <mitz@apple.com>
815 [Xcode] JSVALUE_MODEL is unused
816 https://bugs.webkit.org/show_bug.cgi?id=183809
818 Reviewed by Tim Horton.
820 * Configurations/JavaScriptCore.xcconfig: Removed the unused definition.
822 2018-03-20 Tim Horton <timothy_horton@apple.com>
824 Update the install name for JavaScriptCore when built with WK_ALTERNATE_FRAMEWORKS_DIR
825 https://bugs.webkit.org/show_bug.cgi?id=183808
826 <rdar://problem/38692079>
828 Reviewed by Dan Bernstein.
830 * Configurations/JavaScriptCore.xcconfig:
832 2018-03-20 Tim Horton <timothy_horton@apple.com>
834 Enable the minimal simulator feature flag when appropriate
835 https://bugs.webkit.org/show_bug.cgi?id=183807
837 Reviewed by Dan Bernstein.
839 * Configurations/FeatureDefines.xcconfig:
841 2018-03-20 Saam Barati <sbarati@apple.com>
843 We need to do proper bookkeeping of exitOK when inserting constants when sinking NewArrayBuffer
844 https://bugs.webkit.org/show_bug.cgi?id=183795
845 <rdar://problem/38298694>
847 Reviewed by JF Bastien.
849 We were just assuming that the constants we were inserting were
850 always exitOK=true. However, this breaks validation. The exitOK
851 we emit for the constants in the NewArrayBuffer should respect
852 the current exit state of the IR we've emitted. This is just IR
853 bookkeeping since JSConstant is a non-exiting node.
855 * dfg/DFGArgumentsEliminationPhase.cpp:
857 2018-03-20 Guillaume Emont <guijemont@igalia.com>
859 MIPS+Armv7 builds are broken since r229391
860 https://bugs.webkit.org/show_bug.cgi?id=183474
862 Reviewed by Yusuke Suzuki.
864 Add missing armv7 and mips operations and fix arguments to a call to
865 operationGetByValCell. This should fix compilation on MIPS and Armv7
866 (though it does not implement the missing setupArguments stuff in
869 * assembler/MacroAssembler.h:
870 * assembler/MacroAssemblerARMv7.h:
871 (JSC::MacroAssemblerARMv7::swap):
872 * assembler/MacroAssemblerMIPS.h:
873 (JSC::MacroAssemblerMIPS::swap):
874 * dfg/DFGSpeculativeJIT32_64.cpp:
875 (JSC::DFG::SpeculativeJIT::compile):
878 2018-03-20 Tim Horton <timothy_horton@apple.com>
880 Add and adopt WK_PLATFORM_NAME and adjust default feature defines
881 https://bugs.webkit.org/show_bug.cgi?id=183758
882 <rdar://problem/38017644>
884 Reviewed by Dan Bernstein.
886 * Configurations/FeatureDefines.xcconfig:
888 2018-03-20 Mark Lam <mark.lam@apple.com>
890 Improve FunctionPtr and use it in the JIT CallRecord.
891 https://bugs.webkit.org/show_bug.cgi?id=183756
892 <rdar://problem/38641335>
894 Reviewed by JF Bastien.
896 1. FunctionPtr hold a C/C++ function pointer by default. Change its default
897 PtrTag to reflect that.
899 2. Delete the FunctionPtr::value() method. It is effectively a duplicate of
902 3. Fix the FunctionPtr constructor that takes arbitrary pointers to be able to
903 take "any" pointer. "any" in this case means that the pointer may not be typed
904 as a C/C++ function to the C++ compiler (due to upstream casting or usage of
905 void* as a storage type), but it is still expected to be pointing to a C/C++
908 4. Added a FunctionPtr constructor that takes another FunctionPtr. This is a
909 convenience constructor that lets us retag the underlying pointer. The other
910 FunctionPtr is still expected to point to a C/C++ function.
912 5. Added PtrTag assertion placeholder functions to be implemented later.
914 6. Change the JIT CallRecord to embed a FunctionPtr callee instead of a void* to
915 pointer. This improves type safety, and assists in getting pointer tagging
918 7. Added versions of JIT callOperations methods that will take a PtrTag.
919 This is preparation for more more pointer tagging work later.
921 * assembler/MacroAssemblerARM.h:
922 (JSC::MacroAssemblerARM::linkCall):
923 * assembler/MacroAssemblerARMv7.h:
924 (JSC::MacroAssemblerARMv7::linkCall):
925 * assembler/MacroAssemblerCodeRef.h:
926 (JSC::FunctionPtr::FunctionPtr):
927 (JSC::FunctionPtr::operator bool const):
928 (JSC::FunctionPtr::operator! const):
929 (JSC::ReturnAddressPtr::ReturnAddressPtr):
930 (JSC::MacroAssemblerCodePtr::retagged const):
931 (JSC::MacroAssemblerCodeRef::retaggedCode const):
932 (JSC::FunctionPtr::value const): Deleted.
933 * assembler/MacroAssemblerMIPS.h:
934 (JSC::MacroAssemblerMIPS::linkCall):
935 * assembler/MacroAssemblerX86.h:
936 (JSC::MacroAssemblerX86::linkCall):
937 * assembler/MacroAssemblerX86_64.h:
938 (JSC::MacroAssemblerX86_64::callWithSlowPathReturnType):
939 (JSC::MacroAssemblerX86_64::linkCall):
940 * bytecode/AccessCase.cpp:
941 (JSC::AccessCase::generateImpl):
942 * ftl/FTLSlowPathCall.cpp:
943 (JSC::FTL::SlowPathCallContext::makeCall):
944 * ftl/FTLSlowPathCall.h:
945 (JSC::FTL::callOperation):
947 (JSC::FTL::osrExitGenerationThunkGenerator):
948 (JSC::FTL::lazySlowPathGenerationThunkGenerator):
949 (JSC::FTL::slowPathCallThunkGenerator):
952 (JSC::JIT::privateCompileExceptionHandlers):
954 (JSC::CallRecord::CallRecord):
955 (JSC::JIT::appendCall):
956 (JSC::JIT::appendCallWithSlowPathReturnType):
957 (JSC::JIT::callOperation):
958 (JSC::JIT::callOperationWithProfile):
959 (JSC::JIT::callOperationWithResult):
960 (JSC::JIT::callOperationNoExceptionCheck):
961 (JSC::JIT::callOperationWithCallFrameRollbackOnException):
962 * jit/JITArithmetic.cpp:
963 (JSC::JIT::emitMathICFast):
964 (JSC::JIT::emitMathICSlow):
966 (JSC::JIT::emitNakedCall):
967 (JSC::JIT::emitNakedTailCall):
968 (JSC::JIT::appendCallWithExceptionCheck):
969 (JSC::JIT::appendCallWithExceptionCheckAndSlowPathReturnType):
970 (JSC::JIT::appendCallWithCallFrameRollbackOnException):
971 (JSC::JIT::appendCallWithExceptionCheckSetJSValueResult):
972 (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
973 * jit/JITPropertyAccess.cpp:
974 (JSC::JIT::emitSlow_op_get_by_val):
975 (JSC::JIT::emitSlow_op_put_by_val):
976 (JSC::JIT::privateCompileGetByValWithCachedId):
977 (JSC::JIT::privateCompilePutByVal):
978 (JSC::JIT::privateCompilePutByValWithCachedId):
979 * jit/JITPropertyAccess32_64.cpp:
980 (JSC::JIT::emitSlow_op_put_by_val):
982 (JSC::linkPolymorphicCall):
983 * jit/SlowPathCall.h:
984 (JSC::JITSlowPathCall::JITSlowPathCall):
985 (JSC::JITSlowPathCall::call):
986 * jit/ThunkGenerators.cpp:
987 (JSC::nativeForGenerator):
990 (JSC::assertIsCFunctionPtr):
991 (JSC::assertIsNullOrCFunctionPtr):
992 (JSC::assertIsNotTagged):
993 (JSC::assertIsTagged):
994 (JSC::assertIsNullOrTagged):
995 (JSC::assertIsTaggedWith):
996 (JSC::assertIsNullOrTaggedWith):
997 (JSC::uniquePtrTagID): Deleted.
999 2018-03-20 Stanislav Ocovaj <stanislav.ocovaj@rt-rk.com>
1001 [MIPS] Optimize generated JIT code for loads/stores
1002 https://bugs.webkit.org/show_bug.cgi?id=183243
1004 Reviewed by Yusuke Suzuki.
1006 JIT generates three MIPS instructions for a load/store from/to an absolute address:
1008 lui adrTmpReg, address >> 16
1009 ori adrTmpReg, address & 0xffff
1010 lw dataReg, 0(adrTmpReg)
1012 Since load/store instructions on MIPS have a 16-bit offset, lower 16 bits of the address can
1013 be encoded into the load/store and ori instruction can be removed:
1015 lui adrTmpReg, (address + 0x8000) >> 16
1016 lw dataReg, (address & 0xffff)(adrTmpReg)
1018 Also, in loads/stores with BaseIndex address, the left shift can be omitted if address.scale is 0.
1020 * assembler/MacroAssemblerMIPS.h:
1021 (JSC::MacroAssemblerMIPS::add32):
1022 (JSC::MacroAssemblerMIPS::add64):
1023 (JSC::MacroAssemblerMIPS::or32):
1024 (JSC::MacroAssemblerMIPS::sub32):
1025 (JSC::MacroAssemblerMIPS::convertibleLoadPtr):
1026 (JSC::MacroAssemblerMIPS::load8):
1027 (JSC::MacroAssemblerMIPS::load8SignedExtendTo32):
1028 (JSC::MacroAssemblerMIPS::load32):
1029 (JSC::MacroAssemblerMIPS::store8):
1030 (JSC::MacroAssemblerMIPS::store32):
1031 (JSC::MacroAssemblerMIPS::branchTest8):
1032 (JSC::MacroAssemblerMIPS::branchAdd32):
1033 (JSC::MacroAssemblerMIPS::loadDouble):
1034 (JSC::MacroAssemblerMIPS::storeDouble):
1036 2018-03-16 Yusuke Suzuki <utatane.tea@gmail.com>
1038 [DFG][FTL] Add vectorLengthHint for NewArray
1039 https://bugs.webkit.org/show_bug.cgi?id=183694
1041 Reviewed by Saam Barati.
1043 While the following code is a common, it is not so efficient.
1051 The array is always allocated with 0 vector length. And it is eventually grown.
1053 We have ArrayAllocationProfile, and it tells us that the vector length hint for
1054 the allocated arrays. This hint is already used for NewArrayBuffer. This patch
1055 extends this support for NewArray DFG node.
1057 This patch improves Kraken/stanford-crypto-aes 4%.
1061 stanford-crypto-aes 64.069+-1.352 61.589+-1.274 might be 1.0403x faster
1063 NewArray can be optimized.
1067 vector-length-hint-new-array 21.8157+-0.0882 ^ 13.1764+-0.0942 ^ definitely 1.6557x faster
1068 vector-length-hint-array-constructor 21.9076+-0.0987 ? 22.1168+-0.4814 ?
1070 * dfg/DFGByteCodeParser.cpp:
1071 (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1072 (JSC::DFG::ByteCodeParser::parseBlock):
1074 (JSC::DFG::Node::hasVectorLengthHint):
1075 (JSC::DFG::Node::vectorLengthHint):
1076 * dfg/DFGSpeculativeJIT64.cpp:
1077 (JSC::DFG::SpeculativeJIT::compile):
1078 * ftl/FTLLowerDFGToB3.cpp:
1079 (JSC::FTL::DFG::LowerDFGToB3::compileNewArray):
1081 2018-03-13 Yusuke Suzuki <utatane.tea@gmail.com>
1083 [DFG][FTL] Make ArraySlice(0) code tight
1084 https://bugs.webkit.org/show_bug.cgi?id=183590
1086 Reviewed by Saam Barati.
1088 This patch tightens ArraySlice code, in particular, startIndex = 0 case.
1090 1. We support array.slice() call. This is a well-used way to clone array.
1091 For example, underscore.js uses this technique.
1093 2. We remove several checks if the given index value is a proven constant.
1095 * dfg/DFGBackwardsPropagationPhase.cpp:
1096 (JSC::DFG::BackwardsPropagationPhase::propagate):
1097 * dfg/DFGByteCodeParser.cpp:
1098 (JSC::DFG::ByteCodeParser::handleIntrinsicCall):
1099 * dfg/DFGFixupPhase.cpp:
1100 (JSC::DFG::FixupPhase::fixupNode):
1101 * dfg/DFGSpeculativeJIT.cpp:
1102 (JSC::DFG::SpeculativeJIT::emitPopulateSliceIndex):
1103 (JSC::DFG::SpeculativeJIT::compileArraySlice):
1104 We can skip some of checks if the given value is a proven constant.
1106 * ftl/FTLLowerDFGToB3.cpp:
1107 (JSC::FTL::DFG::LowerDFGToB3::compileArraySlice):
1108 Change below to belowOrEqual. It does not change meaning in the code. But it allows us
1109 to fold BelowEqual(0, x) to true.
1111 2018-03-19 Yusuke Suzuki <utatane.tea@gmail.com>
1113 Drop s_exceptionInstructions static initializer
1114 https://bugs.webkit.org/show_bug.cgi?id=183732
1116 Reviewed by Darin Adler.
1118 Make Instruction constructor constexpr to drop the static constructor
1119 of LLInt::Data::s_exceptionInstructions.
1121 * bytecode/Instruction.h:
1122 (JSC::Instruction::Instruction):
1124 2018-03-19 Dan Bernstein <mitz@apple.com>
1126 Investigate why __cpu_indicator_init is used
1127 https://bugs.webkit.org/show_bug.cgi?id=183736
1129 Reviewed by Tim Horton.
1131 __cpu_indicator_init, which is a global initializer, was included in JavaScriptCore because
1132 we were passing the -all_load option to the linker, causing it to bring in all members of
1133 every static library being linked in, including the compiler runtime library. We only need
1134 to load all members of WTF. The linker option for doing that is -force_load, and it requires
1135 a path to the library. To support building against libWTF.a built locally as well as against
1136 the copy that is in the SDK, we add a script build phase that palces a symbolic link to the
1137 appropriate libWTF.a under the DerivedSources directory, and pass the path to that symlink
1138 to the linker. Also, while cleaning up linker flags, make OTHER_LDFLAGS_HIDE_SYMBOLS less
1139 verbose by eliminating every other -Wl, remove redundant -lobjc (libobjc is already listed
1140 in the Link Binary With Libraries build phase), remove long-unsupported -Y,3, and stop
1141 reexporting libobjc.
1143 * Configurations/JavaScriptCore.xcconfig:
1144 * JavaScriptCore.xcodeproj/project.pbxproj:
1146 2018-03-19 Jiewen Tan <jiewen_tan@apple.com>
1148 Unreviewed, another quick fix for r229699
1150 Restricts ENABLE_WEB_AUTHN to only macOS and iOS.
1152 * Configurations/FeatureDefines.xcconfig:
1154 2018-03-19 Mark Lam <mark.lam@apple.com>
1156 FunctionPtr should be passed by value.
1157 https://bugs.webkit.org/show_bug.cgi?id=183746
1158 <rdar://problem/38625311>
1160 Reviewed by JF Bastien.
1162 It's meant to be an encapsulation of a C/C++ function pointer. There are cases
1163 where we use it to pass JIT compiled code (e.g. the VM thunks/stubs), but they are
1164 treated as if they are C/C++ functions.
1166 Regardless, there's no need to pass it by reference.
1168 * assembler/MacroAssemblerCodeRef.h:
1169 * dfg/DFGJITCompiler.h:
1170 (JSC::DFG::JITCompiler::appendCall):
1171 * dfg/DFGSpeculativeJIT.h:
1172 (JSC::DFG::SpeculativeJIT::appendCall):
1173 (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnException):
1174 (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnExceptionSetResult):
1175 (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1177 (JSC::JIT::appendCall):
1178 (JSC::JIT::appendCallWithSlowPathReturnType):
1180 (JSC::JIT::appendCallWithExceptionCheck):
1181 (JSC::JIT::appendCallWithExceptionCheckAndSlowPathReturnType):
1182 (JSC::JIT::appendCallWithCallFrameRollbackOnException):
1183 (JSC::JIT::appendCallWithExceptionCheckSetJSValueResult):
1184 (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1186 2018-03-15 Ross Kirsling <ross.kirsling@sony.com>
1188 Fix MSVC run-time check after r229391.
1189 https://bugs.webkit.org/show_bug.cgi?id=183673
1191 Reviewed by Keith Miller.
1193 Replaces attempted fix from r229424/r229432.
1194 Apparently MSVC doesn't like it when a zero-length std::array is defined without explicit braces.
1196 * jit/CCallHelpers.h:
1197 (JSC::CCallHelpers::clampArrayToSize):
1199 2018-03-15 Tim Horton <timothy_horton@apple.com>
1201 Add and adopt WK_ALTERNATE_FRAMEWORKS_DIR in ANGLE
1202 https://bugs.webkit.org/show_bug.cgi?id=183675
1203 <rdar://problem/38515281>
1205 Reviewed by Dan Bernstein.
1207 * JavaScriptCore.xcodeproj/project.pbxproj:
1208 Don't install the JSC alias if we're installing to an alternate location.
1209 This should have been a part of r229637.
1211 2018-03-15 Tim Horton <timothy_horton@apple.com>
1213 Add and adopt WK_ALTERNATE_FRAMEWORKS_DIR in JavaScriptCore
1214 https://bugs.webkit.org/show_bug.cgi?id=183649
1215 <rdar://problem/38480526>
1217 Reviewed by Dan Bernstein.
1219 * Configurations/Base.xcconfig:
1220 * JavaScriptCore.xcodeproj/project.pbxproj:
1222 2018-03-14 Mark Lam <mark.lam@apple.com>
1224 Enhance the MacroAssembler and LinkBuffer to support pointer profiling.
1225 https://bugs.webkit.org/show_bug.cgi?id=183623
1226 <rdar://problem/38443314>
1228 Reviewed by Michael Saboff.
1230 1. Added a PtrTag argument to indirect call() and indirect jump() MacroAssembler
1231 emitters to support pointer profiling.
1233 2. Also added tagPtr(), untagPtr(), and removePtrTag() placeholder methods.
1235 3. Added a PtrTag to LinkBuffer finalizeCodeWithoutDisassembly() and clients.
1237 4. Updated clients to pass a PtrTag. For the most part, I just apply NoPtrTag as
1238 a placeholder until we have time to analyze what pointer profile each client
1241 5. Apply PtrTags to the YarrJIT.
1243 * assembler/ARM64Assembler.h:
1244 (JSC::ARM64Assembler::linkJumpOrCall):
1245 * assembler/AbstractMacroAssembler.h:
1246 (JSC::AbstractMacroAssembler::getLinkerAddress):
1247 (JSC::AbstractMacroAssembler::tagPtr):
1248 (JSC::AbstractMacroAssembler::untagPtr):
1249 (JSC::AbstractMacroAssembler::removePtrTag):
1250 * assembler/LinkBuffer.cpp:
1251 (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
1252 (JSC::LinkBuffer::finalizeCodeWithDisassembly):
1253 * assembler/LinkBuffer.h:
1254 (JSC::LinkBuffer::link):
1255 (JSC::LinkBuffer::locationOfNearCall):
1256 (JSC::LinkBuffer::locationOf):
1257 * assembler/MacroAssemblerARM.h:
1258 (JSC::MacroAssemblerARM::jump):
1259 (JSC::MacroAssemblerARM::call):
1260 (JSC::MacroAssemblerARM::readCallTarget):
1261 * assembler/MacroAssemblerARM64.h:
1262 (JSC::MacroAssemblerARM64::call):
1263 (JSC::MacroAssemblerARM64::jump):
1264 (JSC::MacroAssemblerARM64::readCallTarget):
1265 (JSC::MacroAssemblerARM64::linkCall):
1266 * assembler/MacroAssemblerARMv7.h:
1267 (JSC::MacroAssemblerARMv7::jump):
1268 (JSC::MacroAssemblerARMv7::relativeTableJump):
1269 (JSC::MacroAssemblerARMv7::call):
1270 (JSC::MacroAssemblerARMv7::readCallTarget):
1271 * assembler/MacroAssemblerCodeRef.cpp:
1272 (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
1273 (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
1274 * assembler/MacroAssemblerCodeRef.h:
1275 (JSC::FunctionPtr::FunctionPtr):
1276 (JSC::FunctionPtr::value const):
1277 (JSC::MacroAssemblerCodePtr:: const):
1278 (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
1279 (JSC::MacroAssemblerCodeRef::retaggedCode const):
1280 * assembler/MacroAssemblerMIPS.h:
1281 (JSC::MacroAssemblerMIPS::jump):
1282 (JSC::MacroAssemblerMIPS::call):
1283 (JSC::MacroAssemblerMIPS::readCallTarget):
1284 * assembler/MacroAssemblerX86.h:
1285 (JSC::MacroAssemblerX86::call):
1286 (JSC::MacroAssemblerX86::jump):
1287 (JSC::MacroAssemblerX86::readCallTarget):
1288 * assembler/MacroAssemblerX86Common.cpp:
1289 (JSC::MacroAssembler::probe):
1290 * assembler/MacroAssemblerX86Common.h:
1291 (JSC::MacroAssemblerX86Common::jump):
1292 (JSC::MacroAssemblerX86Common::call):
1293 * assembler/MacroAssemblerX86_64.h:
1294 (JSC::MacroAssemblerX86_64::call):
1295 (JSC::MacroAssemblerX86_64::jump):
1296 (JSC::MacroAssemblerX86_64::readCallTarget):
1297 * assembler/testmasm.cpp:
1302 * b3/B3LowerMacros.cpp:
1303 * b3/air/AirCCallSpecial.cpp:
1304 (JSC::B3::Air::CCallSpecial::generate):
1305 * b3/air/testair.cpp:
1308 (JSC::B3::testInterpreter):
1309 (JSC::B3::testEntrySwitchSimple):
1310 (JSC::B3::testEntrySwitchNoEntrySwitch):
1311 (JSC::B3::testEntrySwitchWithCommonPaths):
1312 (JSC::B3::testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
1313 (JSC::B3::testEntrySwitchLoop):
1314 * bytecode/AccessCase.cpp:
1315 (JSC::AccessCase::generateImpl):
1316 * bytecode/AccessCaseSnippetParams.cpp:
1317 (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
1318 * bytecode/InlineAccess.cpp:
1319 (JSC::linkCodeInline):
1320 (JSC::InlineAccess::rewireStubAsJump):
1321 * bytecode/PolymorphicAccess.cpp:
1322 (JSC::AccessGenerationState::emitExplicitExceptionHandler):
1323 (JSC::PolymorphicAccess::regenerate):
1324 * dfg/DFGJITCompiler.cpp:
1325 (JSC::DFG::JITCompiler::compileExceptionHandlers):
1326 (JSC::DFG::JITCompiler::link):
1327 (JSC::DFG::JITCompiler::compileFunction):
1328 (JSC::DFG::JITCompiler::noticeCatchEntrypoint):
1329 * dfg/DFGJITCompiler.h:
1330 (JSC::DFG::JITCompiler::appendCall):
1331 * dfg/DFGJITFinalizer.cpp:
1332 (JSC::DFG::JITFinalizer::finalize):
1333 (JSC::DFG::JITFinalizer::finalizeFunction):
1334 * dfg/DFGOSRExit.cpp:
1335 (JSC::DFG::OSRExit::emitRestoreArguments):
1336 (JSC::DFG::OSRExit::compileOSRExit):
1337 * dfg/DFGOSRExitCompilerCommon.cpp:
1338 (JSC::DFG::handleExitCounts):
1339 (JSC::DFG::osrWriteBarrier):
1340 (JSC::DFG::adjustAndJumpToTarget):
1341 * dfg/DFGSpeculativeJIT.cpp:
1342 (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
1343 (JSC::DFG::SpeculativeJIT::emitSwitchImm):
1344 (JSC::DFG::SpeculativeJIT::emitSwitchStringOnString):
1345 * dfg/DFGSpeculativeJIT64.cpp:
1346 (JSC::DFG::SpeculativeJIT::compile):
1347 * dfg/DFGThunks.cpp:
1348 (JSC::DFG::osrExitThunkGenerator):
1349 (JSC::DFG::osrExitGenerationThunkGenerator):
1350 (JSC::DFG::osrEntryThunkGenerator):
1351 * ftl/FTLCompile.cpp:
1352 (JSC::FTL::compile):
1353 * ftl/FTLJITFinalizer.cpp:
1354 (JSC::FTL::JITFinalizer::finalizeCommon):
1355 * ftl/FTLLazySlowPath.cpp:
1356 (JSC::FTL::LazySlowPath::generate):
1359 * ftl/FTLLowerDFGToB3.cpp:
1360 (JSC::FTL::DFG::LowerDFGToB3::lower):
1361 (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1362 (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1363 (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
1364 * ftl/FTLOSRExitCompiler.cpp:
1365 (JSC::FTL::compileStub):
1366 (JSC::FTL::compileFTLOSRExit):
1367 * ftl/FTLSlowPathCall.cpp:
1368 (JSC::FTL::SlowPathCallContext::makeCall):
1369 * ftl/FTLThunks.cpp:
1370 (JSC::FTL::genericGenerationThunkGenerator):
1371 (JSC::FTL::osrExitGenerationThunkGenerator):
1372 (JSC::FTL::lazySlowPathGenerationThunkGenerator):
1373 (JSC::FTL::slowPathCallThunkGenerator):
1374 * jit/AssemblyHelpers.cpp:
1375 (JSC::AssemblyHelpers::callExceptionFuzz):
1376 (JSC::AssemblyHelpers::debugCall):
1377 * jit/CCallHelpers.cpp:
1378 (JSC::CCallHelpers::ensureShadowChickenPacket):
1379 * jit/CCallHelpers.h:
1380 (JSC::CCallHelpers::jumpToExceptionHandler):
1381 * jit/ExecutableAllocator.cpp:
1382 (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
1384 (JSC::JIT::emitEnterOptimizationCheck):
1386 (JSC::JIT::privateCompileExceptionHandlers):
1388 (JSC::JIT::appendCall):
1390 (JSC::isProfileEmpty):
1391 * jit/JITOpcodes.cpp:
1392 (JSC::JIT::emit_op_catch):
1393 (JSC::JIT::emit_op_switch_imm):
1394 (JSC::JIT::emit_op_switch_char):
1395 (JSC::JIT::emit_op_switch_string):
1396 (JSC::JIT::emitSlow_op_loop_hint):
1397 (JSC::JIT::privateCompileHasIndexedProperty):
1398 * jit/JITOpcodes32_64.cpp:
1399 (JSC::JIT::emit_op_catch):
1400 (JSC::JIT::emit_op_switch_imm):
1401 (JSC::JIT::emit_op_switch_char):
1402 (JSC::JIT::emit_op_switch_string):
1403 (JSC::JIT::privateCompileHasIndexedProperty):
1404 * jit/JITPropertyAccess.cpp:
1405 (JSC::JIT::stringGetByValStubGenerator):
1406 (JSC::JIT::privateCompileGetByVal):
1407 (JSC::JIT::privateCompileGetByValWithCachedId):
1408 (JSC::JIT::privateCompilePutByVal):
1409 (JSC::JIT::privateCompilePutByValWithCachedId):
1410 * jit/JITPropertyAccess32_64.cpp:
1411 (JSC::JIT::stringGetByValStubGenerator):
1412 * jit/JITStubRoutine.h:
1414 (JSC::readCallTarget):
1415 (JSC::appropriateOptimizingPutByIdFunction):
1416 (JSC::linkPolymorphicCall):
1417 (JSC::resetPutByID):
1418 * jit/SlowPathCall.h:
1419 (JSC::JITSlowPathCall::call):
1420 * jit/SpecializedThunkJIT.h:
1421 (JSC::SpecializedThunkJIT::finalize):
1422 (JSC::SpecializedThunkJIT::callDoubleToDouble):
1423 * jit/ThunkGenerators.cpp:
1424 (JSC::throwExceptionFromCallSlowPathGenerator):
1426 (JSC::linkCallThunkGenerator):
1427 (JSC::linkPolymorphicCallThunkGenerator):
1428 (JSC::virtualThunkFor):
1429 (JSC::nativeForGenerator):
1430 (JSC::arityFixupGenerator):
1431 (JSC::unreachableGenerator):
1432 (JSC::boundThisNoArgsFunctionCallGenerator):
1433 * llint/LLIntThunks.cpp:
1434 (JSC::LLInt::generateThunkWithJumpTo):
1435 (JSC::LLInt::functionForCallEntryThunkGenerator):
1436 (JSC::LLInt::functionForConstructEntryThunkGenerator):
1437 (JSC::LLInt::functionForCallArityCheckThunkGenerator):
1438 (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
1439 (JSC::LLInt::evalEntryThunkGenerator):
1440 (JSC::LLInt::programEntryThunkGenerator):
1441 (JSC::LLInt::moduleProgramEntryThunkGenerator):
1443 * wasm/WasmB3IRGenerator.cpp:
1444 (JSC::Wasm::B3IRGenerator::addCall):
1445 (JSC::Wasm::B3IRGenerator::addCallIndirect):
1446 * wasm/WasmBBQPlan.cpp:
1447 (JSC::Wasm::BBQPlan::complete):
1448 * wasm/WasmBinding.cpp:
1449 (JSC::Wasm::wasmToWasm):
1450 * wasm/WasmOMGPlan.cpp:
1451 (JSC::Wasm::OMGPlan::work):
1452 * wasm/WasmThunks.cpp:
1453 (JSC::Wasm::throwExceptionFromWasmThunkGenerator):
1454 (JSC::Wasm::throwStackOverflowFromWasmThunkGenerator):
1455 (JSC::Wasm::triggerOMGTierUpThunkGenerator):
1456 * wasm/js/WasmToJS.cpp:
1457 (JSC::Wasm::handleBadI64Use):
1458 (JSC::Wasm::wasmToJS):
1460 (JSC::Yarr::YarrGenerator::loadFromFrameAndJump):
1461 (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
1462 (JSC::Yarr::YarrGenerator::generateTryReadUnicodeCharacterHelper):
1463 (JSC::Yarr::YarrGenerator::generateEnter):
1464 (JSC::Yarr::YarrGenerator::YarrGenerator):
1465 (JSC::Yarr::YarrGenerator::compile):
1466 (JSC::Yarr::jitCompile):
1468 (JSC::Yarr::YarrCodeBlock::execute):
1470 2018-03-14 Caitlin Potter <caitp@igalia.com>
1472 [JSC] fix order of evaluation for ClassDefinitionEvaluation
1473 https://bugs.webkit.org/show_bug.cgi?id=183523
1475 Reviewed by Keith Miller.
1477 Computed property names need to be evaluated in source order during class
1478 definition evaluation, as it's observable (and specified to work this way).
1480 This change improves compatibility with Chromium.
1482 * bytecompiler/BytecodeGenerator.h:
1483 (JSC::BytecodeGenerator::emitDefineClassElements):
1484 * bytecompiler/NodesCodegen.cpp:
1485 (JSC::PropertyListNode::emitBytecode):
1486 (JSC::ClassExprNode::emitBytecode):
1487 * parser/ASTBuilder.h:
1488 (JSC::ASTBuilder::createClassExpr):
1489 (JSC::ASTBuilder::createGetterOrSetterProperty):
1490 (JSC::ASTBuilder::createProperty):
1491 * parser/NodeConstructors.h:
1492 (JSC::PropertyNode::PropertyNode):
1493 (JSC::ClassExprNode::ClassExprNode):
1495 (JSC::PropertyListNode::hasStaticallyNamedProperty):
1497 (JSC::PropertyNode::isClassProperty const):
1498 (JSC::PropertyNode::isStaticClassProperty const):
1499 (JSC::PropertyNode::isInstanceClassProperty const):
1500 * parser/Parser.cpp:
1501 (JSC::Parser<LexerType>::parseClass):
1502 (JSC::Parser<LexerType>::parseProperty):
1503 (JSC::Parser<LexerType>::parseGetterSetter):
1505 * parser/SyntaxChecker.h:
1506 (JSC::SyntaxChecker::createClassExpr):
1507 (JSC::SyntaxChecker::createProperty):
1508 (JSC::SyntaxChecker::createGetterOrSetterProperty):
1510 2018-03-14 Keith Miller <keith_miller@apple.com>
1512 Move jsc CLI breakpoint function to $vm
1513 https://bugs.webkit.org/show_bug.cgi?id=183512
1515 Reviewed by Yusuke Suzuki.
1518 (GlobalObject::finishCreation):
1519 (functionBreakpoint): Deleted.
1520 * tools/JSDollarVM.cpp:
1521 (JSC::functionBreakpoint):
1522 (JSC::JSDollarVM::finishCreation):
1524 2018-03-14 Tim Horton <timothy_horton@apple.com>
1526 Fix the build after r229567
1528 * Configurations/FeatureDefines.xcconfig:
1530 2018-03-12 Mark Lam <mark.lam@apple.com>
1532 Gardening: speculative build fix for WinCairo.
1533 https://bugs.webkit.org/show_bug.cgi?id=183573
1537 * runtime/NativeFunction.h:
1538 (JSC::TaggedNativeFunction::TaggedNativeFunction):
1540 2018-03-12 Yusuke Suzuki <utatane.tea@gmail.com>
1542 Unreviewed, fix obsolete ASSERT
1543 https://bugs.webkit.org/show_bug.cgi?id=183310
1545 Now NewObject can be conereted from CallObjectConstructor and CreateThis.
1548 (JSC::DFG::Node::convertToNewObject):
1550 2018-03-12 Tim Horton <timothy_horton@apple.com>
1552 Stop using SDK conditionals to control feature definitions
1553 https://bugs.webkit.org/show_bug.cgi?id=183430
1554 <rdar://problem/38251619>
1556 Reviewed by Dan Bernstein.
1558 * Configurations/FeatureDefines.xcconfig:
1559 * Configurations/WebKitTargetConditionals.xcconfig: Renamed.
1561 2018-03-12 Yoav Weiss <yoav@yoav.ws>
1563 Runtime flag for link prefetch and remove link subresource.
1564 https://bugs.webkit.org/show_bug.cgi?id=183540
1566 Reviewed by Chris Dumez.
1568 Remove the LINK_PREFETCH build time flag.
1570 * Configurations/FeatureDefines.xcconfig:
1572 2018-03-12 Mark Lam <mark.lam@apple.com>
1574 Gardening: speculative build fix for Windows.
1575 https://bugs.webkit.org/show_bug.cgi?id=183573
1579 * runtime/NativeFunction.h:
1580 (JSC::TaggedNativeFunction::TaggedNativeFunction):
1582 2018-03-12 Mark Lam <mark.lam@apple.com>
1585 https://bugs.webkit.org/show_bug.cgi?id=183580
1586 <rdar://problem/38390584>
1588 Reviewed by Keith Miller.
1592 2018-03-12 Mark Lam <mark.lam@apple.com>
1594 Make a NativeFunction into a class to support pointer profiling.
1595 https://bugs.webkit.org/show_bug.cgi?id=183573
1596 <rdar://problem/38384697>
1598 Reviewed by Filip Pizlo.
1600 1. NativeFunction is now a class, and introducing RawNativeFunction and
1601 TaggedNativeFunction.
1603 RawNativeFunction is the raw pointer type (equivalent
1604 to the old definition of NativeFunction). This is mainly used for underlying
1605 storage inside the NativeFunction class, and also for global data tables that
1606 cannot embed non-trivially constructed objects.
1608 NativeFunction's role is mainly to encapsulate a pointer to a C function that
1609 we pass into the VM.
1611 TaggedNativeFunction encapsulates the tagged version of a pointer to a C
1612 function that we track in the VM.
1614 2. Added a convenience constructor for TrustedImmPtr so that we don't have to
1615 cast function pointers to void* anymore when constructing a TrustedImmPtr.
1617 3. Removed the unused CALL_RETURN macro in CommonSlowPaths.cpp.
1619 4. Added more PtrTag utility functions.
1622 * JavaScriptCore.xcodeproj/project.pbxproj:
1623 * assembler/AbstractMacroAssembler.h:
1624 (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
1625 * create_hash_table:
1626 * interpreter/Interpreter.cpp:
1627 (JSC::Interpreter::executeCall):
1628 (JSC::Interpreter::executeConstruct):
1629 * interpreter/InterpreterInlines.h:
1630 (JSC::Interpreter::getOpcodeID):
1631 * jit/JITThunks.cpp:
1632 (JSC::JITThunks::hostFunctionStub):
1634 * llint/LLIntData.cpp:
1635 (JSC::LLInt::initialize):
1636 * llint/LLIntSlowPaths.cpp:
1637 (JSC::LLInt::setUpCall):
1638 * llint/LowLevelInterpreter.asm:
1639 * llint/LowLevelInterpreter.cpp:
1640 (JSC::CLoop::execute):
1641 * llint/LowLevelInterpreter64.asm:
1642 * offlineasm/ast.rb:
1643 * runtime/CallData.h:
1644 * runtime/CommonSlowPaths.cpp:
1645 * runtime/ConstructData.h:
1646 * runtime/InternalFunction.h:
1647 (JSC::InternalFunction::nativeFunctionFor):
1648 * runtime/JSCell.cpp:
1649 (JSC::JSCell::getCallData):
1650 (JSC::JSCell::getConstructData):
1651 * runtime/JSFunction.h:
1652 * runtime/JSFunctionInlines.h:
1653 (JSC::JSFunction::nativeFunction):
1654 (JSC::JSFunction::nativeConstructor):
1655 (JSC::isHostFunction):
1657 (JSC::HashTableValue::function const):
1658 (JSC::HashTableValue::accessorGetter const):
1659 (JSC::HashTableValue::accessorSetter const):
1660 (JSC::nonCachingStaticFunctionGetter):
1661 * runtime/NativeExecutable.cpp:
1662 (JSC::NativeExecutable::create):
1663 (JSC::NativeExecutable::NativeExecutable):
1664 * runtime/NativeExecutable.h:
1665 * runtime/NativeFunction.h: Added.
1666 (JSC::NativeFunction::NativeFunction):
1667 (JSC::NativeFunction::operator intptr_t const):
1668 (JSC::NativeFunction::operator bool const):
1669 (JSC::NativeFunction::operator! const):
1670 (JSC::NativeFunction::operator== const):
1671 (JSC::NativeFunction::operator!= const):
1672 (JSC::NativeFunction::operator()):
1673 (JSC::NativeFunction::rawPointer const):
1674 (JSC::NativeFunctionHash::hash):
1675 (JSC::NativeFunctionHash::equal):
1676 (JSC::TaggedNativeFunction::TaggedNativeFunction):
1677 (JSC::TaggedNativeFunction::operator bool const):
1678 (JSC::TaggedNativeFunction::operator! const):
1679 (JSC::TaggedNativeFunction::operator== const):
1680 (JSC::TaggedNativeFunction::operator!= const):
1681 (JSC::TaggedNativeFunction::operator()):
1682 (JSC::TaggedNativeFunction::operator NativeFunction):
1683 (JSC::TaggedNativeFunction::rawPointer const):
1684 (JSC::TaggedNativeFunctionHash::hash):
1685 (JSC::TaggedNativeFunctionHash::equal):
1687 (JSC::tagCFunctionPtr):
1688 (JSC::untagCFunctionPtr):
1690 (JSC::VM::targetMachinePCForThrowOffset): Deleted.
1692 2018-03-12 Filip Pizlo <fpizlo@apple.com>
1694 Unreviewed, fix simple goof that was causing 32-bit DFG crashes.
1696 * dfg/DFGSpeculativeJIT.cpp:
1697 (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
1699 2018-03-11 Yusuke Suzuki <utatane.tea@gmail.com>
1701 [DFG] AI should convert CreateThis to NewObject if the prototype object is proved
1702 https://bugs.webkit.org/show_bug.cgi?id=183310
1704 Reviewed by Filip Pizlo.
1706 This patch implements CreateThis -> NewObject conversion in AI if the given function is constant.
1707 This contributes to 6% win in Octane/raytrace.
1711 raytrace x2 1.19915+-0.01862 ^ 1.13156+-0.01589 ^ definitely 1.0597x faster
1713 * dfg/DFGAbstractInterpreterInlines.h:
1714 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1715 * dfg/DFGConstantFoldingPhase.cpp:
1716 (JSC::DFG::ConstantFoldingPhase::foldConstants):
1718 2018-03-11 Wenson Hsieh <wenson_hsieh@apple.com>
1720 Disable Sigill crash analyzer on watchOS
1721 https://bugs.webkit.org/show_bug.cgi?id=183548
1722 <rdar://problem/38338032>
1724 Reviewed by Mark Lam.
1726 Sigill is not supported on watchOS.
1728 * runtime/Options.cpp:
1729 (JSC::overrideDefaults):
1731 2018-03-09 Filip Pizlo <fpizlo@apple.com>
1733 Split DirectArguments into JSValueOOB and JSValueStrict parts
1734 https://bugs.webkit.org/show_bug.cgi?id=183458
1736 Reviewed by Yusuke Suzuki.
1738 Our Spectre plan for JSValue objects is to allow inline JSValue stores and loads guarded by
1739 unmitigated structure checks. This works because objects reachable from JSValues (i.e. JSValue
1740 objects, like String, Symbol, and any descendant of JSObject) will only contain fields that it's OK
1741 to read and write within a Spectre mitigation window. Writes are important, because within the
1742 window, a write could appear to be made speculatively and rolled out later. This means that:
1744 - JSValue objects cannot have lengths, masks, or anything else inline.
1746 - JSValue objects cannot have an inline type that is used as part of a Spectre mitigation for a type
1747 check, unless that type is in the form of a poison key.
1749 This means that the dynamic poisoning that I previously landed for DirectArguments is wrong. It also
1750 means that it's wrong for DirectArguments to have an inline length.
1752 This changes DirectArguments to use poisoning according to the universal formula:
1754 - The random accessed portions are out-of-line, pointed to by a poisoned pointer.
1758 Surprisingly, this is perf-neutral. It's probably perf-neutral because our compiler optimizations
1759 amortize whatever cost there was.
1761 * bytecode/AccessCase.cpp:
1762 (JSC::AccessCase::generateWithGuard):
1763 * dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
1764 (JSC::DFG::CallCreateDirectArgumentsSlowPathGenerator::CallCreateDirectArgumentsSlowPathGenerator):
1765 * dfg/DFGCallCreateDirectArgumentsWithKnownLengthSlowPathGenerator.h: Added.
1766 (JSC::DFG::CallCreateDirectArgumentsWithKnownLengthSlowPathGenerator::CallCreateDirectArgumentsWithKnownLengthSlowPathGenerator):
1767 * dfg/DFGSpeculativeJIT.cpp:
1768 (JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
1769 (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
1770 (JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
1771 (JSC::DFG::SpeculativeJIT::compileGetFromArguments):
1772 (JSC::DFG::SpeculativeJIT::compilePutToArguments):
1773 * ftl/FTLAbstractHeapRepository.h:
1774 * ftl/FTLLowerDFGToB3.cpp:
1775 (JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength):
1776 (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
1777 (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
1778 (JSC::FTL::DFG::LowerDFGToB3::compileGetFromArguments):
1779 (JSC::FTL::DFG::LowerDFGToB3::compilePutToArguments):
1780 (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
1781 (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedHeapCell):
1782 (JSC::FTL::DFG::LowerDFGToB3::dynamicPoison): Deleted.
1783 (JSC::FTL::DFG::LowerDFGToB3::dynamicPoisonOnLoadedType): Deleted.
1784 (JSC::FTL::DFG::LowerDFGToB3::dynamicPoisonOnType): Deleted.
1785 * heap/SecurityKind.h:
1786 * jit/JITPropertyAccess.cpp:
1787 (JSC::JIT::emit_op_get_from_arguments):
1788 (JSC::JIT::emit_op_put_to_arguments):
1789 (JSC::JIT::emitDirectArgumentsGetByVal):
1790 * jit/JITPropertyAccess32_64.cpp:
1791 (JSC::JIT::emit_op_get_from_arguments):
1792 (JSC::JIT::emit_op_put_to_arguments):
1793 * llint/LowLevelInterpreter.asm:
1794 * llint/LowLevelInterpreter32_64.asm:
1795 * llint/LowLevelInterpreter64.asm:
1796 * runtime/DirectArguments.cpp:
1797 (JSC::DirectArguments::DirectArguments):
1798 (JSC::DirectArguments::createUninitialized):
1799 (JSC::DirectArguments::create):
1800 (JSC::DirectArguments::createByCopying):
1801 (JSC::DirectArguments::estimatedSize):
1802 (JSC::DirectArguments::visitChildren):
1803 (JSC::DirectArguments::overrideThings):
1804 (JSC::DirectArguments::copyToArguments):
1805 (JSC::DirectArguments::mappedArgumentsSize):
1806 * runtime/DirectArguments.h:
1807 * runtime/JSCPoison.h:
1808 * runtime/JSLexicalEnvironment.h:
1809 * runtime/JSSymbolTableObject.h:
1814 2018-03-11 Yusuke Suzuki <utatane.tea@gmail.com>
1816 [B3] Above/Below should be strength-reduced for comparison with 0
1817 https://bugs.webkit.org/show_bug.cgi?id=183543
1819 Reviewed by Filip Pizlo.
1821 Above(0, x) and BelowEqual(0, x) can be converted to constants false and true respectively.
1822 This can be seen in ArraySlice(0) case: `Select(Above(0, length), length, 0)` this should
1823 be converted to `0`. This patch adds such a folding to comparisons.
1825 We also fix B3ReduceStrength issue creating an orphan value. If a flipped value is folded to
1826 a constant, we do not insert flipped value and make it an orphan. This issue causes JSC test
1827 failure with this B3Const32/64Value change. With this patch, we create a flipped value only
1828 when we fail to fold it to a constant.
1830 * b3/B3Const32Value.cpp:
1831 (JSC::B3::Const32Value::lessThanConstant const):
1832 (JSC::B3::Const32Value::greaterThanConstant const):
1833 (JSC::B3::Const32Value::lessEqualConstant const):
1834 (JSC::B3::Const32Value::greaterEqualConstant const):
1835 (JSC::B3::Const32Value::aboveConstant const):
1836 (JSC::B3::Const32Value::belowConstant const):
1837 (JSC::B3::Const32Value::aboveEqualConstant const):
1838 (JSC::B3::Const32Value::belowEqualConstant const):
1839 * b3/B3Const64Value.cpp:
1840 (JSC::B3::Const64Value::lessThanConstant const):
1841 (JSC::B3::Const64Value::greaterThanConstant const):
1842 (JSC::B3::Const64Value::lessEqualConstant const):
1843 (JSC::B3::Const64Value::greaterEqualConstant const):
1844 (JSC::B3::Const64Value::aboveConstant const):
1845 (JSC::B3::Const64Value::belowConstant const):
1846 (JSC::B3::Const64Value::aboveEqualConstant const):
1847 (JSC::B3::Const64Value::belowEqualConstant const):
1848 * b3/B3ReduceStrength.cpp:
1850 (JSC::B3::int64Operands):
1851 (JSC::B3::int32Operands):
1853 2018-03-10 Yusuke Suzuki <utatane.tea@gmail.com>
1855 [FTL] Drop NewRegexp for String.prototype.match with RegExp + global flag
1856 https://bugs.webkit.org/show_bug.cgi?id=181848
1858 Reviewed by Sam Weinig.
1860 In r181535, we support `string.match(/nonglobal/)` code. However, `string.match(/global/g)` is not
1861 optimized since it sets `lastIndex` value before performing RegExp operation.
1863 This patch optimizes the above "with a global flag" case by emitting `SetRegExpObjectLastIndex` properly.
1864 RegExpMatchFast is converted to SetRegExpObjectLastIndex and RegExpMatchFastGlobal. The latter node
1865 just holds RegExp (not RegExpObject) cell so that it can offer a chance to make NewRegexp PhantomNewRegexp
1866 in object allocation sinking phase.
1868 Added microbenchmarks shows that this patch makes NewRegexp PhantomNewRegexp even if the given RegExp
1869 has a global flag. And it improves the performance.
1873 regexp-u-global-es5 44.1298+-4.6128 ^ 33.7920+-2.0110 ^ definitely 1.3059x faster
1874 regexp-u-global-es6 182.3272+-2.2861 ^ 154.3414+-7.6769 ^ definitely 1.1813x faster
1876 * dfg/DFGAbstractInterpreterInlines.h:
1877 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1878 * dfg/DFGClobberize.h:
1879 (JSC::DFG::clobberize):
1880 * dfg/DFGDoesGC.cpp:
1882 * dfg/DFGFixupPhase.cpp:
1883 (JSC::DFG::FixupPhase::fixupNode):
1884 * dfg/DFGMayExit.cpp:
1886 (JSC::DFG::Node::convertToRegExpMatchFastGlobal):
1888 (JSC::DFG::Node::hasHeapPrediction):
1889 (JSC::DFG::Node::hasCellOperand):
1890 * dfg/DFGNodeType.h:
1891 * dfg/DFGOperations.cpp:
1892 * dfg/DFGOperations.h:
1893 * dfg/DFGPredictionPropagationPhase.cpp:
1894 * dfg/DFGSafeToExecute.h:
1895 (JSC::DFG::safeToExecute):
1896 * dfg/DFGSpeculativeJIT.cpp:
1897 (JSC::DFG::SpeculativeJIT::compileRegExpMatchFastGlobal):
1898 * dfg/DFGSpeculativeJIT.h:
1899 * dfg/DFGSpeculativeJIT32_64.cpp:
1900 (JSC::DFG::SpeculativeJIT::compile):
1901 * dfg/DFGSpeculativeJIT64.cpp:
1902 (JSC::DFG::SpeculativeJIT::compile):
1903 * dfg/DFGStrengthReductionPhase.cpp:
1904 (JSC::DFG::StrengthReductionPhase::handleNode):
1905 * ftl/FTLCapabilities.cpp:
1906 (JSC::FTL::canCompile):
1907 * ftl/FTLLowerDFGToB3.cpp:
1908 (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1909 (JSC::FTL::DFG::LowerDFGToB3::compileRegExpMatchFastGlobal):
1910 * runtime/RegExpObject.cpp:
1911 (JSC::collectMatches): Deleted.
1912 * runtime/RegExpObject.h:
1913 * runtime/RegExpObjectInlines.h:
1914 (JSC::RegExpObject::execInline):
1915 (JSC::RegExpObject::matchInline):
1916 (JSC::advanceStringUnicode):
1917 (JSC::collectMatches):
1918 (JSC::RegExpObject::advanceStringUnicode): Deleted.
1919 * runtime/RegExpPrototype.cpp:
1920 (JSC::advanceStringIndex):
1922 2018-03-10 Yusuke Suzuki <utatane.tea@gmail.com>
1924 B3::reduceStrength should canonicalize integer comparisons
1925 https://bugs.webkit.org/show_bug.cgi?id=150958
1927 Reviewed by Filip Pizlo.
1929 This patch sorts operands of comparisons by flipping opcode. For example, `Above(0, @2)` is
1930 converted to `Below(@2, 0)`. This sorting is the same to handleCommutativity rule. Since we
1931 canonicalize comparisons to have constant value at least on the right hand side, we can
1932 remove pattern matchings checking leftImm in B3LowerToAir.
1934 Since this flipping changes the opcode of the value, to achieve safely, we just create a
1935 new value which has flipped opcode and swapped operands. If we can fold it to a constant,
1936 we replace m_value with this constant. If we fail to fold it to constant, we replace
1937 m_value with the flipped one.
1939 These comparisons are already handled in testb3.
1941 * b3/B3LowerToAir.cpp:
1942 * b3/B3ReduceStrength.cpp:
1944 2018-03-09 Mark Lam <mark.lam@apple.com>
1946 offlineasm should reset the Assembler's working state before doing another pass for a new target.
1947 https://bugs.webkit.org/show_bug.cgi?id=183538
1948 <rdar://problem/38325955>
1950 Reviewed by Michael Saboff.
1952 * llint/LowLevelInterpreter.cpp:
1953 * offlineasm/asm.rb:
1954 * offlineasm/cloop.rb:
1956 2018-03-09 Brian Burg <bburg@apple.com>
1958 Web Inspector: there should only be one way for async backend commands to send failure
1959 https://bugs.webkit.org/show_bug.cgi?id=183524
1961 Reviewed by Timothy Hatcher.
1963 If this is an async command, errors should be reported with BackendDispatcher::CallbackBase::sendFailure.
1964 To avoid mixups, don't include the ErrorString out-parameter in generated async command signatures.
1965 This change only affects interfaces generated for C++ backend dispatchers.
1967 * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1968 (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1969 * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1970 (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1971 * inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
1973 2018-03-09 Mark Lam <mark.lam@apple.com>
1975 Build fix after r229476.
1976 https://bugs.webkit.org/show_bug.cgi?id=183488
1980 * runtime/StackAlignment.h:
1982 2018-03-09 Mark Lam <mark.lam@apple.com>
1984 [Re-landing] Add support for ARM64E.
1985 https://bugs.webkit.org/show_bug.cgi?id=183398
1986 <rdar://problem/38212621>
1988 Reviewed by Michael Saboff.
1990 * assembler/MacroAssembler.h:
1991 * llint/LLIntOfflineAsmConfig.h:
1992 * llint/LowLevelInterpreter.asm:
1993 * llint/LowLevelInterpreter64.asm:
1994 * offlineasm/backends.rb:
1996 2018-03-09 Mark Lam <mark.lam@apple.com>
1998 [Re-landing] Prepare LLInt code to support pointer profiling.
1999 https://bugs.webkit.org/show_bug.cgi?id=183387
2000 <rdar://problem/38199678>
2002 Reviewed by JF Bastien.
2004 1. Introduced PtrTag enums for supporting pointer profiling later.
2006 2. Also introduced tagging, untagging, retagging, and tag removal placeholder
2007 template functions for the same purpose.
2009 3. Prepare the offlineasm for supporting pointer profiling later.
2011 4. Tagged some pointers in LLInt asm code. Currently, these should have no
2014 5. Removed returnToThrowForThrownException() because it is not used anywhere.
2016 6. Added the offlineasm folder to JavaScriptCore Xcode project so that it's
2017 easier to view and edit these files in Xcode.
2020 * JavaScriptCore.xcodeproj/project.pbxproj:
2021 * bytecode/LLIntCallLinkInfo.h:
2022 (JSC::LLIntCallLinkInfo::unlink):
2023 * llint/LLIntData.cpp:
2024 (JSC::LLInt::initialize):
2025 * llint/LLIntData.h:
2026 * llint/LLIntExceptions.cpp:
2027 (JSC::LLInt::returnToThrowForThrownException): Deleted.
2028 * llint/LLIntExceptions.h:
2029 * llint/LLIntOfflineAsmConfig.h:
2030 * llint/LLIntOffsetsExtractor.cpp:
2031 * llint/LLIntPCRanges.h:
2032 (JSC::LLInt::isLLIntPC):
2033 * llint/LLIntSlowPaths.cpp:
2034 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2035 (JSC::LLInt::handleHostCall):
2036 (JSC::LLInt::setUpCall):
2037 * llint/LowLevelInterpreter.asm:
2038 * llint/LowLevelInterpreter32_64.asm:
2039 * llint/LowLevelInterpreter64.asm:
2040 * offlineasm/ast.rb:
2041 * offlineasm/instructions.rb:
2042 * offlineasm/risc.rb:
2043 * runtime/PtrTag.h: Added.
2044 (JSC::uniquePtrTagID):
2047 (JSC::untagCodePtr):
2048 (JSC::retagCodePtr):
2049 (JSC::removeCodePtrTag):
2051 2018-03-09 Mark Lam <mark.lam@apple.com>
2053 Remove unused LLINT_STATS feature.
2054 https://bugs.webkit.org/show_bug.cgi?id=183522
2055 <rdar://problem/38313139>
2057 Rubber-stamped by Keith Miller.
2059 We haven't used this in a while, and it is one more option that makes offlineasm
2060 build slower. We can always re-introduce this later if we need it.
2063 * llint/LLIntCommon.h:
2064 * llint/LLIntData.cpp:
2065 (JSC::LLInt::initialize):
2066 (JSC::LLInt::Data::finalizeStats): Deleted.
2067 (JSC::LLInt::compareStats): Deleted.
2068 (JSC::LLInt::Data::dumpStats): Deleted.
2069 (JSC::LLInt::Data::ensureStats): Deleted.
2070 (JSC::LLInt::Data::loadStats): Deleted.
2071 (JSC::LLInt::Data::resetStats): Deleted.
2072 (JSC::LLInt::Data::saveStats): Deleted.
2073 * llint/LLIntData.h:
2075 (JSC::LLInt::Data::opcodeStats): Deleted.
2076 * llint/LLIntOfflineAsmConfig.h:
2077 * llint/LLIntSlowPaths.cpp:
2078 * llint/LLIntSlowPaths.h:
2079 * llint/LowLevelInterpreter.asm:
2080 * llint/LowLevelInterpreter32_64.asm:
2081 * llint/LowLevelInterpreter64.asm:
2082 * runtime/Options.cpp:
2083 (JSC::Options::isAvailable):
2084 (JSC::recomputeDependentOptions):
2085 * runtime/Options.h:
2086 * runtime/TestRunnerUtils.cpp:
2087 (JSC::finalizeStatsAtEndOfTesting):
2089 2018-03-09 Michael Saboff <msaboff@apple.com>
2091 Relanding "testmasm crashes in testBranchTruncateDoubleToInt32() on ARM64"
2092 https://bugs.webkit.org/show_bug.cgi?id=183488
2094 It applied and built just fine locally.
2096 * assembler/testmasm.cpp:
2097 (JSC::testBranchTruncateDoubleToInt32):
2099 2018-03-09 Yusuke Suzuki <utatane.tea@gmail.com>
2101 Unreviewed, remove WebAssemblyFunctionType
2102 https://bugs.webkit.org/show_bug.cgi?id=183429
2104 Drop WebAssemblyFunctionType since it is no longer used. This breaks
2105 JSCast assumption that all the derived classes of JSFunction use
2106 JSFunctionType. We also add ASSERT for JSFunction::finishCreation.
2108 * runtime/JSFunction.cpp:
2109 (JSC::JSFunction::finishCreation):
2111 * wasm/js/WebAssemblyFunction.cpp:
2112 (JSC::WebAssemblyFunction::createStructure):
2113 * wasm/js/WebAssemblyFunction.h:
2115 2018-03-09 Ryan Haddad <ryanhaddad@apple.com>
2117 Unreviewed, rolling out r229446.
2119 This change relies on changes that have been rolled out.
2123 "testmasm crashes in testBranchTruncateDoubleToInt32() on
2125 https://bugs.webkit.org/show_bug.cgi?id=183488
2126 https://trac.webkit.org/changeset/229446
2128 2018-03-08 Chris Dumez <cdumez@apple.com>
2130 Safari not handling undefined global variables with same name as element Id correctly.
2131 https://bugs.webkit.org/show_bug.cgi?id=183087
2132 <rdar://problem/37927596>
2134 Reviewed by Ryosuke Niwa.
2136 global variables (var foo;) should not be hidden by:
2138 - Properties on the prototype chain
2140 Therefore, we now have JSGlobalObject::addVar() call JSGlobalObject::addGlobalVar()
2141 if !hasOwnProperty() instead of !hasProperty.
2143 This aligns our behavior with Chrome and Firefox.
2145 * runtime/JSGlobalObject.h:
2146 (JSC::JSGlobalObject::addVar):
2148 2018-03-08 Commit Queue <commit-queue@webkit.org>
2150 Unreviewed, rolling out r229354 and r229364.
2151 https://bugs.webkit.org/show_bug.cgi?id=183492
2153 Breaks internal builds (Requested by ryanhaddad on #webkit).
2155 Reverted changesets:
2157 "Prepare LLInt code to support pointer profiling."
2158 https://bugs.webkit.org/show_bug.cgi?id=183387
2159 https://trac.webkit.org/changeset/229354
2161 "Add support for ARM64E."
2162 https://bugs.webkit.org/show_bug.cgi?id=183398
2163 https://trac.webkit.org/changeset/229364
2165 2018-03-08 Michael Saboff <msaboff@apple.com>
2167 testmasm crashes in testBranchTruncateDoubleToInt32() on ARM64
2168 https://bugs.webkit.org/show_bug.cgi?id=183488
2170 Reviewed by Mark Lam.
2172 Using stackAlignmentBytes() will keep the stack properly aligned.
2174 * assembler/testmasm.cpp:
2175 (JSC::testBranchTruncateDoubleToInt32):
2177 2018-03-08 Michael Saboff <msaboff@apple.com>
2179 Emit code to zero the stack frame on function entry
2180 Nhttps://bugs.webkit.org/show_bug.cgi?id=183391
2182 Reviewed by Mark Lam.
2184 Added code to zero incoming stack frame behind a new JSC option, zeroStackFrame.
2185 The default setting of the option is off.
2187 Did some minor refactoring of the YarrJIT stack alignment code.
2189 * b3/air/AirCode.cpp:
2190 (JSC::B3::Air::defaultPrologueGenerator):
2191 * dfg/DFGJITCompiler.cpp:
2192 (JSC::DFG::JITCompiler::compile):
2193 (JSC::DFG::JITCompiler::compileFunction):
2194 * dfg/DFGSpeculativeJIT.cpp:
2195 (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2196 * dfg/DFGThunks.cpp:
2197 (JSC::DFG::osrEntryThunkGenerator):
2198 * ftl/FTLLowerDFGToB3.cpp:
2199 (JSC::FTL::DFG::LowerDFGToB3::lower):
2200 * jit/AssemblyHelpers.h:
2201 (JSC::AssemblyHelpers::clearStackFrame):
2203 (JSC::JIT::compileWithoutLinking):
2204 * llint/LowLevelInterpreter.asm:
2205 * runtime/Options.h:
2207 (JSC::Yarr::YarrGenerator::ialignCallFrameSizeInBytesnitCallFrame):
2208 (JSC::Yarr::YarrGenerator::initCallFrame):
2209 (JSC::Yarr::YarrGenerator::removeCallFrame):
2211 2018-03-08 Keith Miller <keith_miller@apple.com>
2213 Unreviewed, another attempt at fixing the Windows build.
2214 I guess the pragma must be outside the function...
2216 * jit/CCallHelpers.h:
2217 (JSC::CCallHelpers::clampArrayToSize):
2219 2018-03-08 Keith Miller <keith_miller@apple.com>
2221 Unreviewed, one last try at fixing the windows build before rollout.
2223 * jit/CCallHelpers.h:
2224 (JSC::CCallHelpers::clampArrayToSize):
2226 2018-03-08 Yusuke Suzuki <utatane.tea@gmail.com>
2228 [JSC] Optimize inherits<T> if T is final type
2229 https://bugs.webkit.org/show_bug.cgi?id=183435
2231 Reviewed by Mark Lam.
2233 If the type T is a final type (`std::is_final<T>::value == true`), there is no
2234 classes which is derived from T. It means that `jsDynamicCast<T>` only needs
2235 to check the given cell's `classInfo(vm)` is `T::info()`.
2237 This patch adds a new specialization for jsDynamicCast<T> / inherits<T> for a
2238 final type. And we also add `final` annotations to JS cell types in JSC. This
2241 1. Readability. If the given class is annotated with `final`, we do not need to
2242 consider about the derived classes of T.
2244 2. Static Checking. If your class is not intended to be used as a base class, attaching
2245 `final` can ensure this invariant.
2247 3. Performance. jsDynamicCast<T> and inherits<T> can be optimized and the code size should
2250 * API/JSCallbackConstructor.h:
2251 (JSC::JSCallbackConstructor::create): Deleted.
2252 (JSC::JSCallbackConstructor::classRef const): Deleted.
2253 (JSC::JSCallbackConstructor::callback const): Deleted.
2254 (JSC::JSCallbackConstructor::createStructure): Deleted.
2255 (JSC::JSCallbackConstructor::constructCallback): Deleted.
2256 * API/JSCallbackFunction.h:
2257 (JSC::JSCallbackFunction::createStructure): Deleted.
2258 (JSC::JSCallbackFunction::functionCallback): Deleted.
2259 * API/JSCallbackObject.h:
2260 (JSC::JSCallbackObject::create): Deleted.
2261 (JSC::JSCallbackObject::destroy): Deleted.
2262 (JSC::JSCallbackObject::classRef const): Deleted.
2263 (JSC::JSCallbackObject::getPrivateProperty const): Deleted.
2264 (JSC::JSCallbackObject::setPrivateProperty): Deleted.
2265 (JSC::JSCallbackObject::deletePrivateProperty): Deleted.
2266 (JSC::JSCallbackObject::visitChildren): Deleted.
2267 * bytecode/CodeBlock.cpp:
2268 (JSC::CodeBlock::setConstantRegisters):
2269 * bytecode/ExecutableToCodeBlockEdge.h:
2270 (JSC::ExecutableToCodeBlockEdge::subspaceFor): Deleted.
2271 (JSC::ExecutableToCodeBlockEdge::codeBlock const): Deleted.
2272 (JSC::ExecutableToCodeBlockEdge::unwrap): Deleted.
2273 * bytecode/FunctionCodeBlock.h:
2274 (JSC::FunctionCodeBlock::subspaceFor): Deleted.
2275 (JSC::FunctionCodeBlock::create): Deleted.
2276 (JSC::FunctionCodeBlock::createStructure): Deleted.
2277 (JSC::FunctionCodeBlock::FunctionCodeBlock): Deleted.
2278 * debugger/DebuggerScope.h:
2279 (JSC::DebuggerScope::createStructure): Deleted.
2280 (JSC::DebuggerScope::iterator::iterator): Deleted.
2281 (JSC::DebuggerScope::iterator::get): Deleted.
2282 (JSC::DebuggerScope::iterator::operator++): Deleted.
2283 (JSC::DebuggerScope::iterator::operator== const): Deleted.
2284 (JSC::DebuggerScope::iterator::operator!= const): Deleted.
2285 (JSC::DebuggerScope::isValid const): Deleted.
2286 (JSC::DebuggerScope::jsScope const): Deleted.
2287 * inspector/JSInjectedScriptHost.h:
2288 (Inspector::JSInjectedScriptHost::createStructure): Deleted.
2289 (Inspector::JSInjectedScriptHost::create): Deleted.
2290 (Inspector::JSInjectedScriptHost::impl const): Deleted.
2291 * inspector/JSInjectedScriptHostPrototype.h:
2292 (Inspector::JSInjectedScriptHostPrototype::create): Deleted.
2293 (Inspector::JSInjectedScriptHostPrototype::createStructure): Deleted.
2294 (Inspector::JSInjectedScriptHostPrototype::JSInjectedScriptHostPrototype): Deleted.
2295 * inspector/JSJavaScriptCallFrame.h:
2296 (Inspector::JSJavaScriptCallFrame::createStructure): Deleted.
2297 (Inspector::JSJavaScriptCallFrame::create): Deleted.
2298 (Inspector::JSJavaScriptCallFrame::impl const): Deleted.
2299 * inspector/JSJavaScriptCallFramePrototype.h:
2300 (Inspector::JSJavaScriptCallFramePrototype::create): Deleted.
2301 (Inspector::JSJavaScriptCallFramePrototype::createStructure): Deleted.
2302 (Inspector::JSJavaScriptCallFramePrototype::JSJavaScriptCallFramePrototype): Deleted.
2304 (JSC::tryCacheGetByID):
2305 * runtime/ArrayConstructor.h:
2306 (JSC::ArrayConstructor::create): Deleted.
2307 (JSC::ArrayConstructor::createStructure): Deleted.
2308 * runtime/ArrayIteratorPrototype.h:
2309 (JSC::ArrayIteratorPrototype::create): Deleted.
2310 (JSC::ArrayIteratorPrototype::createStructure): Deleted.
2311 (JSC::ArrayIteratorPrototype::ArrayIteratorPrototype): Deleted.
2312 * runtime/ArrayPrototype.h:
2313 (JSC::ArrayPrototype::createStructure): Deleted.
2314 * runtime/AsyncFromSyncIteratorPrototype.h:
2315 (JSC::AsyncFromSyncIteratorPrototype::createStructure): Deleted.
2316 * runtime/AsyncFunctionConstructor.h:
2317 (JSC::AsyncFunctionConstructor::create): Deleted.
2318 (JSC::AsyncFunctionConstructor::createStructure): Deleted.
2319 * runtime/AsyncFunctionPrototype.h:
2320 (JSC::AsyncFunctionPrototype::create): Deleted.
2321 (JSC::AsyncFunctionPrototype::createStructure): Deleted.
2322 * runtime/AsyncGeneratorFunctionConstructor.h:
2323 (JSC::AsyncGeneratorFunctionConstructor::create): Deleted.
2324 (JSC::AsyncGeneratorFunctionConstructor::createStructure): Deleted.
2325 * runtime/AsyncGeneratorFunctionPrototype.h:
2326 (JSC::AsyncGeneratorFunctionPrototype::create): Deleted.
2327 (JSC::AsyncGeneratorFunctionPrototype::createStructure): Deleted.
2328 * runtime/AsyncGeneratorPrototype.h:
2329 (JSC::AsyncGeneratorPrototype::create): Deleted.
2330 (JSC::AsyncGeneratorPrototype::createStructure): Deleted.
2331 (JSC::AsyncGeneratorPrototype::AsyncGeneratorPrototype): Deleted.
2332 * runtime/AsyncIteratorPrototype.h:
2333 (JSC::AsyncIteratorPrototype::create): Deleted.
2334 (JSC::AsyncIteratorPrototype::createStructure): Deleted.
2335 (JSC::AsyncIteratorPrototype::AsyncIteratorPrototype): Deleted.
2336 * runtime/AtomicsObject.h:
2337 * runtime/BigIntConstructor.h:
2338 (JSC::BigIntConstructor::create): Deleted.
2339 (JSC::BigIntConstructor::createStructure): Deleted.
2340 * runtime/BigIntObject.h:
2341 (JSC::BigIntObject::create): Deleted.
2342 (JSC::BigIntObject::internalValue const): Deleted.
2343 (JSC::BigIntObject::createStructure): Deleted.
2344 * runtime/BigIntPrototype.h:
2345 (JSC::BigIntPrototype::create): Deleted.
2346 (JSC::BigIntPrototype::createStructure): Deleted.
2347 * runtime/BooleanConstructor.h:
2348 (JSC::BooleanConstructor::create): Deleted.
2349 (JSC::BooleanConstructor::createStructure): Deleted.
2350 * runtime/BooleanPrototype.h:
2351 (JSC::BooleanPrototype::create): Deleted.
2352 (JSC::BooleanPrototype::createStructure): Deleted.
2353 * runtime/ConsoleObject.h:
2354 (JSC::ConsoleObject::create): Deleted.
2355 (JSC::ConsoleObject::createStructure): Deleted.
2356 * runtime/DOMAttributeGetterSetter.h:
2357 (JSC::isDOMAttributeGetterSetter): Deleted.
2358 * runtime/DateConstructor.h:
2359 (JSC::DateConstructor::create): Deleted.
2360 (JSC::DateConstructor::createStructure): Deleted.
2361 * runtime/DateInstance.h:
2362 (JSC::DateInstance::create): Deleted.
2363 (JSC::DateInstance::internalNumber const): Deleted.
2364 (JSC::DateInstance::gregorianDateTime const): Deleted.
2365 (JSC::DateInstance::gregorianDateTimeUTC const): Deleted.
2366 (JSC::DateInstance::createStructure): Deleted.
2367 * runtime/DatePrototype.h:
2368 (JSC::DatePrototype::create): Deleted.
2369 (JSC::DatePrototype::createStructure): Deleted.
2371 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction): Deleted.
2372 (JSC::StrictModeTypeErrorFunction::create): Deleted.
2373 (JSC::StrictModeTypeErrorFunction::constructThrowTypeError): Deleted.
2374 (JSC::StrictModeTypeErrorFunction::callThrowTypeError): Deleted.
2375 (JSC::StrictModeTypeErrorFunction::createStructure): Deleted.
2376 * runtime/ErrorConstructor.h:
2377 (JSC::ErrorConstructor::create): Deleted.
2378 (JSC::ErrorConstructor::createStructure): Deleted.
2379 (JSC::ErrorConstructor::stackTraceLimit const): Deleted.
2380 * runtime/Exception.h:
2381 (JSC::Exception::valueOffset): Deleted.
2382 (JSC::Exception::value const): Deleted.
2383 (JSC::Exception::stack const): Deleted.
2384 (JSC::Exception::didNotifyInspectorOfThrow const): Deleted.
2385 (JSC::Exception::setDidNotifyInspectorOfThrow): Deleted.
2386 * runtime/FunctionConstructor.h:
2387 (JSC::FunctionConstructor::create): Deleted.
2388 (JSC::FunctionConstructor::createStructure): Deleted.
2389 * runtime/FunctionPrototype.h:
2390 (JSC::FunctionPrototype::create): Deleted.
2391 (JSC::FunctionPrototype::createStructure): Deleted.
2392 * runtime/FunctionRareData.h:
2393 (JSC::FunctionRareData::offsetOfObjectAllocationProfile): Deleted.
2394 (JSC::FunctionRareData::objectAllocationProfile): Deleted.
2395 (JSC::FunctionRareData::objectAllocationStructure): Deleted.
2396 (JSC::FunctionRareData::allocationProfileWatchpointSet): Deleted.
2397 (JSC::FunctionRareData::isObjectAllocationProfileInitialized): Deleted.
2398 (JSC::FunctionRareData::internalFunctionAllocationStructure): Deleted.
2399 (JSC::FunctionRareData::createInternalFunctionAllocationStructureFromBase): Deleted.
2400 (JSC::FunctionRareData::clearInternalFunctionAllocationProfile): Deleted.
2401 (JSC::FunctionRareData::getBoundFunctionStructure): Deleted.
2402 (JSC::FunctionRareData::setBoundFunctionStructure): Deleted.
2403 (JSC::FunctionRareData::hasReifiedLength const): Deleted.
2404 (JSC::FunctionRareData::setHasReifiedLength): Deleted.
2405 (JSC::FunctionRareData::hasReifiedName const): Deleted.
2406 (JSC::FunctionRareData::setHasReifiedName): Deleted.
2407 (JSC::FunctionRareData::hasAllocationProfileClearingWatchpoint const): Deleted.
2408 (JSC::FunctionRareData::createAllocationProfileClearingWatchpoint): Deleted.
2409 (JSC::FunctionRareData::AllocationProfileClearingWatchpoint::AllocationProfileClearingWatchpoint): Deleted.
2410 * runtime/GeneratorFunctionConstructor.h:
2411 (JSC::GeneratorFunctionConstructor::create): Deleted.
2412 (JSC::GeneratorFunctionConstructor::createStructure): Deleted.
2413 * runtime/GeneratorFunctionPrototype.h:
2414 (JSC::GeneratorFunctionPrototype::create): Deleted.
2415 (JSC::GeneratorFunctionPrototype::createStructure): Deleted.
2416 * runtime/GeneratorPrototype.h:
2417 (JSC::GeneratorPrototype::create): Deleted.
2418 (JSC::GeneratorPrototype::createStructure): Deleted.
2419 (JSC::GeneratorPrototype::GeneratorPrototype): Deleted.
2420 * runtime/InferredValue.h:
2421 (JSC::InferredValue::subspaceFor): Deleted.
2422 (JSC::InferredValue::inferredValue): Deleted.
2423 (JSC::InferredValue::state const): Deleted.
2424 (JSC::InferredValue::isStillValid const): Deleted.
2425 (JSC::InferredValue::hasBeenInvalidated const): Deleted.
2426 (JSC::InferredValue::add): Deleted.
2427 (JSC::InferredValue::notifyWrite): Deleted.
2428 (JSC::InferredValue::invalidate): Deleted.
2429 * runtime/InspectorInstrumentationObject.h:
2430 (JSC::InspectorInstrumentationObject::create): Deleted.
2431 (JSC::InspectorInstrumentationObject::createStructure): Deleted.
2432 * runtime/IntlCollator.h:
2433 (JSC::IntlCollator::boundCompare const): Deleted.
2434 * runtime/IntlCollatorConstructor.h:
2435 (JSC::IntlCollatorConstructor::collatorStructure const): Deleted.
2436 * runtime/IntlCollatorPrototype.h:
2437 * runtime/IntlDateTimeFormat.h:
2438 (JSC::IntlDateTimeFormat::boundFormat const): Deleted.
2439 * runtime/IntlDateTimeFormatConstructor.h:
2440 (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure const): Deleted.
2441 * runtime/IntlDateTimeFormatPrototype.h:
2442 * runtime/IntlNumberFormat.h:
2443 (JSC::IntlNumberFormat::boundFormat const): Deleted.
2444 * runtime/IntlNumberFormatConstructor.h:
2445 (JSC::IntlNumberFormatConstructor::numberFormatStructure const): Deleted.
2446 * runtime/IntlNumberFormatPrototype.h:
2447 * runtime/IntlObject.h:
2448 * runtime/IteratorPrototype.h:
2449 (JSC::IteratorPrototype::create): Deleted.
2450 (JSC::IteratorPrototype::createStructure): Deleted.
2451 (JSC::IteratorPrototype::IteratorPrototype): Deleted.
2452 * runtime/JSAPIValueWrapper.h:
2453 (JSC::JSAPIValueWrapper::value const): Deleted.
2454 (JSC::JSAPIValueWrapper::createStructure): Deleted.
2455 (JSC::JSAPIValueWrapper::create): Deleted.
2456 (JSC::JSAPIValueWrapper::finishCreation): Deleted.
2457 (JSC::JSAPIValueWrapper::JSAPIValueWrapper): Deleted.
2458 * runtime/JSArrayBufferConstructor.h:
2459 (JSC::JSArrayBufferConstructor::sharingMode const): Deleted.
2460 * runtime/JSArrayBufferPrototype.h:
2461 * runtime/JSAsyncFunction.h:
2462 (JSC::JSAsyncFunction::subspaceFor): Deleted.
2463 (JSC::JSAsyncFunction::allocationSize): Deleted.
2464 (JSC::JSAsyncFunction::createStructure): Deleted.
2465 * runtime/JSAsyncGeneratorFunction.h:
2466 (JSC::JSAsyncGeneratorFunction::subspaceFor): Deleted.
2467 (JSC::JSAsyncGeneratorFunction::allocationSize): Deleted.
2468 (JSC::JSAsyncGeneratorFunction::createStructure): Deleted.
2469 * runtime/JSBigInt.h:
2470 (JSC::JSBigInt::setSign): Deleted.
2471 (JSC::JSBigInt::sign const): Deleted.
2472 (JSC::JSBigInt::setLength): Deleted.
2473 (JSC::JSBigInt::length const): Deleted.
2474 * runtime/JSBoundFunction.h:
2475 (JSC::JSBoundFunction::subspaceFor): Deleted.
2476 (JSC::JSBoundFunction::targetFunction): Deleted.
2477 (JSC::JSBoundFunction::boundThis): Deleted.
2478 (JSC::JSBoundFunction::boundArgs): Deleted.
2479 (JSC::JSBoundFunction::createStructure): Deleted.
2480 (JSC::JSBoundFunction::offsetOfTargetFunction): Deleted.
2481 (JSC::JSBoundFunction::offsetOfBoundThis): Deleted.
2483 (JSC::JSCastingHelpers::FinalTypeDispatcher::inheritsGeneric):
2484 (JSC::JSCastingHelpers::inheritsJSTypeImpl):
2485 (JSC::JSCastingHelpers::InheritsTraits::inherits):
2486 (JSC::JSCastingHelpers::inheritsGenericImpl): Deleted.
2487 * runtime/JSCustomGetterSetterFunction.cpp:
2488 (JSC::JSCustomGetterSetterFunction::customGetterSetterFunctionCall):
2489 * runtime/JSCustomGetterSetterFunction.h:
2490 (JSC::JSCustomGetterSetterFunction::subspaceFor): Deleted.
2491 (JSC::JSCustomGetterSetterFunction::createStructure): Deleted.
2492 (JSC::JSCustomGetterSetterFunction::customGetterSetter const): Deleted.
2493 (JSC::JSCustomGetterSetterFunction::isSetter const): Deleted.
2494 (JSC::JSCustomGetterSetterFunction::propertyName const): Deleted.
2495 * runtime/JSDataView.h:
2496 (JSC::JSDataView::possiblySharedBuffer const): Deleted.
2497 (JSC::JSDataView::unsharedBuffer const): Deleted.
2498 * runtime/JSDataViewPrototype.h:
2499 * runtime/JSFixedArray.h:
2500 (JSC::JSFixedArray::createStructure): Deleted.
2501 (JSC::JSFixedArray::tryCreate): Deleted.
2502 (JSC::JSFixedArray::create): Deleted.
2503 (JSC::JSFixedArray::createFromArray): Deleted.
2504 (JSC::JSFixedArray::get const): Deleted.
2505 (JSC::JSFixedArray::set): Deleted.
2506 (JSC::JSFixedArray::buffer): Deleted.
2507 (JSC::JSFixedArray::buffer const): Deleted.
2508 (JSC::JSFixedArray::values const): Deleted.
2509 (JSC::JSFixedArray::size const): Deleted.
2510 (JSC::JSFixedArray::length const): Deleted.
2511 (JSC::JSFixedArray::offsetOfSize): Deleted.
2512 (JSC::JSFixedArray::offsetOfData): Deleted.
2513 (JSC::JSFixedArray::JSFixedArray): Deleted.
2514 (JSC::JSFixedArray::allocationSize): Deleted.
2515 * runtime/JSGeneratorFunction.h:
2516 (JSC::JSGeneratorFunction::subspaceFor): Deleted.
2517 (JSC::JSGeneratorFunction::allocationSize): Deleted.
2518 (JSC::JSGeneratorFunction::createStructure): Deleted.
2519 * runtime/JSGenericTypedArrayView.h:
2520 (JSC::JSGenericTypedArrayView::byteLength const): Deleted.
2521 (JSC::JSGenericTypedArrayView::byteSize const): Deleted.
2522 (JSC::JSGenericTypedArrayView::typedVector const): Deleted.
2523 (JSC::JSGenericTypedArrayView::typedVector): Deleted.
2524 (JSC::JSGenericTypedArrayView::canGetIndexQuickly): Deleted.
2525 (JSC::JSGenericTypedArrayView::canSetIndexQuickly): Deleted.
2526 (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): Deleted.
2527 (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): Deleted.
2528 (JSC::JSGenericTypedArrayView::getIndexQuickly): Deleted.
2529 (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): Deleted.
2530 (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): Deleted.
2531 (JSC::JSGenericTypedArrayView::setIndexQuickly): Deleted.
2532 (JSC::JSGenericTypedArrayView::setIndex): Deleted.
2533 (JSC::JSGenericTypedArrayView::toAdaptorNativeFromValue): Deleted.
2534 (JSC::JSGenericTypedArrayView::toAdaptorNativeFromValueWithoutCoercion): Deleted.
2535 (JSC::JSGenericTypedArrayView::sort): Deleted.
2536 (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): Deleted.
2537 (JSC::JSGenericTypedArrayView::createStructure): Deleted.
2538 (JSC::JSGenericTypedArrayView::info): Deleted.
2539 (JSC::JSGenericTypedArrayView::purifyArray): Deleted.
2540 (JSC::JSGenericTypedArrayView::sortComparison): Deleted.
2541 (JSC::JSGenericTypedArrayView::sortFloat): Deleted.
2542 * runtime/JSGenericTypedArrayViewConstructor.h:
2543 * runtime/JSGenericTypedArrayViewPrototype.h:
2544 * runtime/JSInternalPromise.h:
2545 * runtime/JSInternalPromiseConstructor.h:
2546 * runtime/JSInternalPromisePrototype.h:
2547 * runtime/JSMapIterator.h:
2548 (JSC::JSMapIterator::createStructure): Deleted.
2549 (JSC::JSMapIterator::create): Deleted.
2550 (JSC::JSMapIterator::advanceIter): Deleted.
2551 (JSC::JSMapIterator::next): Deleted.
2552 (JSC::JSMapIterator::nextKeyValue): Deleted.
2553 (JSC::JSMapIterator::kind const): Deleted.
2554 (JSC::JSMapIterator::iteratedValue const): Deleted.
2555 (JSC::JSMapIterator::JSMapIterator): Deleted.
2556 (JSC::JSMapIterator::setIterator): Deleted.
2557 * runtime/JSModuleLoader.h:
2558 (JSC::JSModuleLoader::create): Deleted.
2559 (JSC::JSModuleLoader::createStructure): Deleted.
2560 * runtime/JSModuleNamespaceObject.h:
2561 (JSC::isJSModuleNamespaceObject): Deleted.
2562 * runtime/JSModuleRecord.h:
2563 (JSC::JSModuleRecord::sourceCode const): Deleted.
2564 (JSC::JSModuleRecord::declaredVariables const): Deleted.
2565 (JSC::JSModuleRecord::lexicalVariables const): Deleted.
2566 * runtime/JSNativeStdFunction.h:
2567 (JSC::JSNativeStdFunction::subspaceFor): Deleted.
2568 (JSC::JSNativeStdFunction::createStructure): Deleted.
2569 (JSC::JSNativeStdFunction::nativeStdFunctionCell): Deleted.
2570 * runtime/JSONObject.h:
2571 (JSC::JSONObject::create): Deleted.
2572 (JSC::JSONObject::createStructure): Deleted.
2573 * runtime/JSObject.h:
2574 (JSC::JSObject::fillCustomGetterPropertySlot):
2575 * runtime/JSScriptFetchParameters.h:
2576 (JSC::JSScriptFetchParameters::createStructure): Deleted.
2577 (JSC::JSScriptFetchParameters::create): Deleted.
2578 (JSC::JSScriptFetchParameters::parameters const): Deleted.
2579 (JSC::JSScriptFetchParameters::JSScriptFetchParameters): Deleted.
2580 * runtime/JSScriptFetcher.h:
2581 (JSC::JSScriptFetcher::createStructure): Deleted.
2582 (JSC::JSScriptFetcher::create): Deleted.
2583 (JSC::JSScriptFetcher::fetcher const): Deleted.
2584 (JSC::JSScriptFetcher::JSScriptFetcher): Deleted.
2585 * runtime/JSSetIterator.h:
2586 (JSC::JSSetIterator::createStructure): Deleted.
2587 (JSC::JSSetIterator::create): Deleted.
2588 (JSC::JSSetIterator::advanceIter): Deleted.
2589 (JSC::JSSetIterator::next): Deleted.
2590 (JSC::JSSetIterator::kind const): Deleted.
2591 (JSC::JSSetIterator::iteratedValue const): Deleted.
2592 (JSC::JSSetIterator::JSSetIterator): Deleted.
2593 (JSC::JSSetIterator::setIterator): Deleted.
2594 * runtime/JSSourceCode.h:
2595 (JSC::JSSourceCode::createStructure): Deleted.
2596 (JSC::JSSourceCode::create): Deleted.
2597 (JSC::JSSourceCode::sourceCode const): Deleted.
2598 (JSC::JSSourceCode::JSSourceCode): Deleted.
2599 * runtime/JSStringIterator.h:
2600 (JSC::JSStringIterator::createStructure): Deleted.
2601 (JSC::JSStringIterator::create): Deleted.
2602 (JSC::JSStringIterator::JSStringIterator): Deleted.
2603 * runtime/JSTemplateObjectDescriptor.h:
2604 (JSC::isTemplateObjectDescriptor): Deleted.
2605 * runtime/JSTypedArrayViewConstructor.h:
2606 (JSC::JSTypedArrayViewConstructor::create): Deleted.
2607 * runtime/JSTypedArrayViewPrototype.h:
2608 * runtime/MapConstructor.h:
2609 (JSC::MapConstructor::create): Deleted.
2610 (JSC::MapConstructor::createStructure): Deleted.
2611 * runtime/MapIteratorPrototype.h:
2612 (JSC::MapIteratorPrototype::create): Deleted.
2613 (JSC::MapIteratorPrototype::createStructure): Deleted.
2614 (JSC::MapIteratorPrototype::MapIteratorPrototype): Deleted.
2615 * runtime/MapPrototype.h:
2616 (JSC::MapPrototype::create): Deleted.
2617 (JSC::MapPrototype::createStructure): Deleted.
2618 (JSC::MapPrototype::MapPrototype): Deleted.
2619 * runtime/MathObject.h:
2620 (JSC::MathObject::create): Deleted.
2621 (JSC::MathObject::createStructure): Deleted.
2622 * runtime/ModuleLoaderPrototype.h:
2623 (JSC::ModuleLoaderPrototype::create): Deleted.
2624 (JSC::ModuleLoaderPrototype::createStructure): Deleted.
2625 * runtime/NativeErrorConstructor.h:
2626 (JSC::NativeErrorConstructor::create): Deleted.
2627 (JSC::NativeErrorConstructor::createStructure): Deleted.
2628 (JSC::NativeErrorConstructor::errorStructure): Deleted.
2629 * runtime/NativeErrorPrototype.h:
2630 (JSC::NativeErrorPrototype::create): Deleted.
2631 * runtime/NativeStdFunctionCell.h:
2632 (JSC::NativeStdFunctionCell::createStructure): Deleted.
2633 (JSC::NativeStdFunctionCell::function const): Deleted.
2634 * runtime/NullGetterFunction.h:
2635 (JSC::NullGetterFunction::create): Deleted.
2636 (JSC::NullGetterFunction::createStructure): Deleted.
2637 * runtime/NullSetterFunction.h:
2638 (JSC::NullSetterFunction::create): Deleted.
2639 (JSC::NullSetterFunction::createStructure): Deleted.
2640 * runtime/NumberConstructor.h:
2641 (JSC::NumberConstructor::create): Deleted.
2642 (JSC::NumberConstructor::createStructure): Deleted.
2643 (JSC::NumberConstructor::isIntegerImpl): Deleted.
2644 * runtime/NumberPrototype.h:
2645 (JSC::NumberPrototype::create): Deleted.
2646 (JSC::NumberPrototype::createStructure): Deleted.
2647 * runtime/ObjectConstructor.h:
2648 (JSC::ObjectConstructor::create): Deleted.
2649 (JSC::ObjectConstructor::createStructure): Deleted.
2650 * runtime/ObjectPrototype.h:
2651 (JSC::ObjectPrototype::createStructure): Deleted.
2652 * runtime/ProxyConstructor.h:
2653 (JSC::ProxyConstructor::createStructure): Deleted.
2654 * runtime/ProxyRevoke.h:
2655 (JSC::ProxyRevoke::createStructure): Deleted.
2656 (JSC::ProxyRevoke::proxy): Deleted.
2657 (JSC::ProxyRevoke::setProxyToNull): Deleted.
2658 * runtime/ReflectObject.h:
2659 (JSC::ReflectObject::create): Deleted.
2660 (JSC::ReflectObject::createStructure): Deleted.
2661 * runtime/RegExpConstructor.cpp:
2662 (JSC::regExpConstructorDollar):
2663 (JSC::regExpConstructorInput):
2664 (JSC::regExpConstructorMultiline):
2665 (JSC::regExpConstructorLastMatch):
2666 (JSC::regExpConstructorLastParen):
2667 (JSC::regExpConstructorLeftContext):
2668 (JSC::regExpConstructorRightContext):
2669 * runtime/RegExpConstructor.h:
2670 (JSC::RegExpConstructor::create): Deleted.
2671 (JSC::RegExpConstructor::createStructure): Deleted.
2672 (JSC::RegExpConstructor::setMultiline): Deleted.
2673 (JSC::RegExpConstructor::multiline const): Deleted.
2674 (JSC::RegExpConstructor::setInput): Deleted.
2675 (JSC::RegExpConstructor::input): Deleted.
2676 (JSC::RegExpConstructor::offsetOfCachedResult): Deleted.
2677 (JSC::asRegExpConstructor): Deleted.
2678 * runtime/RegExpPrototype.h:
2679 (JSC::RegExpPrototype::create): Deleted.
2680 (JSC::RegExpPrototype::createStructure): Deleted.
2681 (JSC::RegExpPrototype::emptyRegExp const): Deleted.
2682 * runtime/SetConstructor.h:
2683 (JSC::SetConstructor::create): Deleted.
2684 (JSC::SetConstructor::createStructure): Deleted.
2685 * runtime/SetIteratorPrototype.h:
2686 (JSC::SetIteratorPrototype::create): Deleted.
2687 (JSC::SetIteratorPrototype::createStructure): Deleted.
2688 (JSC::SetIteratorPrototype::SetIteratorPrototype): Deleted.
2689 * runtime/SetPrototype.h:
2690 (JSC::SetPrototype::create): Deleted.
2691 (JSC::SetPrototype::createStructure): Deleted.
2692 (JSC::SetPrototype::SetPrototype): Deleted.
2693 * runtime/StringConstructor.h:
2694 (JSC::StringConstructor::create): Deleted.
2695 (JSC::StringConstructor::createStructure): Deleted.
2696 * runtime/StringIteratorPrototype.h:
2697 (JSC::StringIteratorPrototype::create): Deleted.
2698 (JSC::StringIteratorPrototype::createStructure): Deleted.
2699 (JSC::StringIteratorPrototype::StringIteratorPrototype): Deleted.
2700 * runtime/StringPrototype.h:
2701 (JSC::StringPrototype::createStructure): Deleted.
2702 * runtime/SymbolConstructor.h:
2703 (JSC::SymbolConstructor::create): Deleted.
2704 (JSC::SymbolConstructor::createStructure): Deleted.
2705 * runtime/SymbolObject.h:
2706 (JSC::SymbolObject::create): Deleted.
2707 (JSC::SymbolObject::internalValue const): Deleted.
2708 (JSC::SymbolObject::createStructure): Deleted.
2709 * runtime/SymbolPrototype.h:
2710 (JSC::SymbolPrototype::create): Deleted.
2711 (JSC::SymbolPrototype::createStructure): Deleted.
2712 * runtime/WeakMapConstructor.h:
2713 (JSC::WeakMapConstructor::create): Deleted.
2714 (JSC::WeakMapConstructor::createStructure): Deleted.
2715 * runtime/WeakMapPrototype.h:
2716 (JSC::WeakMapPrototype::create): Deleted.
2717 (JSC::WeakMapPrototype::createStructure): Deleted.
2718 (JSC::WeakMapPrototype::WeakMapPrototype): Deleted.
2719 * runtime/WeakSetConstructor.h:
2720 (JSC::WeakSetConstructor::create): Deleted.
2721 (JSC::WeakSetConstructor::createStructure): Deleted.
2722 * runtime/WeakSetPrototype.h:
2723 (JSC::WeakSetPrototype::create): Deleted.
2724 (JSC::WeakSetPrototype::createStructure): Deleted.
2725 (JSC::WeakSetPrototype::WeakSetPrototype): Deleted.
2726 * tools/JSDollarVM.h:
2727 (JSC::JSDollarVM::createStructure): Deleted.
2728 (JSC::JSDollarVM::create): Deleted.
2729 (JSC::JSDollarVM::JSDollarVM): Deleted.
2730 * wasm/js/JSWebAssembly.h:
2731 * wasm/js/JSWebAssemblyCompileError.h:
2732 (JSC::JSWebAssemblyCompileError::create): Deleted.
2733 * wasm/js/JSWebAssemblyInstance.h:
2734 (JSC::JSWebAssemblyInstance::instance): Deleted.
2735 (JSC::JSWebAssemblyInstance::moduleNamespaceObject): Deleted.
2736 (JSC::JSWebAssemblyInstance::webAssemblyToJSCallee): Deleted.
2737 (JSC::JSWebAssemblyInstance::memory): Deleted.
2738 (JSC::JSWebAssemblyInstance::setMemory): Deleted.
2739 (JSC::JSWebAssemblyInstance::memoryMode): Deleted.
2740 (JSC::JSWebAssemblyInstance::table): Deleted.
2741 (JSC::JSWebAssemblyInstance::setTable): Deleted.
2742 (JSC::JSWebAssemblyInstance::offsetOfPoisonedInstance): Deleted.
2743 (JSC::JSWebAssemblyInstance::offsetOfPoisonedCallee): Deleted.
2744 (JSC::JSWebAssemblyInstance::module const): Deleted.
2745 * wasm/js/JSWebAssemblyLinkError.h:
2746 (JSC::JSWebAssemblyLinkError::create): Deleted.
2747 * wasm/js/JSWebAssemblyMemory.h:
2748 (JSC::JSWebAssemblyMemory::subspaceFor): Deleted.
2749 (JSC::JSWebAssemblyMemory::memory): Deleted.
2750 * wasm/js/JSWebAssemblyModule.h:
2751 * wasm/js/JSWebAssemblyRuntimeError.h:
2752 (JSC::JSWebAssemblyRuntimeError::create): Deleted.
2753 * wasm/js/JSWebAssemblyTable.h:
2754 (JSC::JSWebAssemblyTable::isValidLength): Deleted.
2755 (JSC::JSWebAssemblyTable::maximum const): Deleted.
2756 (JSC::JSWebAssemblyTable::length const): Deleted.
2757 (JSC::JSWebAssemblyTable::allocatedLength const): Deleted.
2758 (JSC::JSWebAssemblyTable::table): Deleted.
2759 * wasm/js/WebAssemblyCompileErrorConstructor.h:
2760 * wasm/js/WebAssemblyCompileErrorPrototype.h:
2761 * wasm/js/WebAssemblyInstanceConstructor.h:
2762 * wasm/js/WebAssemblyInstancePrototype.h:
2763 * wasm/js/WebAssemblyLinkErrorConstructor.h:
2764 * wasm/js/WebAssemblyLinkErrorPrototype.h:
2765 * wasm/js/WebAssemblyMemoryConstructor.h:
2766 * wasm/js/WebAssemblyMemoryPrototype.h:
2767 * wasm/js/WebAssemblyModuleConstructor.h:
2768 * wasm/js/WebAssemblyModulePrototype.h:
2769 * wasm/js/WebAssemblyModuleRecord.h:
2770 * wasm/js/WebAssemblyPrototype.h:
2771 * wasm/js/WebAssemblyRuntimeErrorConstructor.h:
2772 * wasm/js/WebAssemblyRuntimeErrorPrototype.h:
2773 * wasm/js/WebAssemblyTableConstructor.h:
2774 * wasm/js/WebAssemblyTablePrototype.h:
2776 2018-03-07 Filip Pizlo <fpizlo@apple.com>
2778 Make it possible to randomize register allocation
2779 https://bugs.webkit.org/show_bug.cgi?id=183416
2781 Reviewed by Keith Miller.
2783 This is disabled by default for now, because it reveals a regalloc bug in wasm.
2785 * b3/air/AirCode.cpp:
2786 (JSC::B3::Air::Code::Code):
2788 (JSC::B3::Air::Code::weakRandom):
2789 * runtime/Options.h:
2791 2018-03-08 Yusuke Suzuki <utatane.tea@gmail.com>
2793 [JSC] Add inherits<T>(VM&) leveraging JSCast fast path
2794 https://bugs.webkit.org/show_bug.cgi?id=183429
2796 Reviewed by Mark Lam.
2798 Add new member function, JSCell::inherits<T>(VM&) and JSValue::inherits<T>(VM&).
2799 They depends on jsDynamicCast<T> implementation and leverage JSType-based fast
2800 paths defined in JSCast.h. We extract checking part as `JSCastingHelpers::inherit`
2801 and construct jsDynamicCast and JSCell::inherits based on this.
2803 And we remove several unnecessary casting functions (asRegExpObject, asDateInstance etc.).
2804 In addition, we add jsDynamicCast fast path for RegExpObject by using existing RegExpObjectType.
2806 We also fix the implementation of jsDynamicCast for JSObject since it uses LastJSCObjectType.
2807 The embedder can add their extended object types after that.
2809 * API/JSObjectRef.cpp:
2810 (JSObjectGetPrivateProperty):
2811 (JSObjectSetPrivateProperty):
2812 (JSObjectDeletePrivateProperty):
2816 * API/JSValueRef.cpp:
2819 (JSValueIsObjectOfClass):
2820 * API/JSWeakObjectMapRefPrivate.cpp:
2821 * API/JSWrapperMap.mm:
2822 (tryUnwrapObjcObject):
2823 * API/ObjCCallbackFunction.mm:
2824 (tryUnwrapConstructor):
2825 * dfg/DFGByteCodeParser.cpp:
2826 (JSC::DFG::ByteCodeParser::parseBlock):
2827 * dfg/DFGOperations.cpp:
2828 * ftl/FTLLowerDFGToB3.cpp:
2829 (JSC::FTL::DFG::LowerDFGToB3::compileOverridesHasInstance):
2830 (JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
2831 * ftl/FTLOperations.cpp:
2832 (JSC::FTL::operationMaterializeObjectInOSR):
2833 * inspector/JSInjectedScriptHost.cpp:
2834 (Inspector::JSInjectedScriptHost::subtype):
2835 (Inspector::JSInjectedScriptHost::functionDetails):
2836 * inspector/agents/InspectorHeapAgent.cpp:
2837 (Inspector::InspectorHeapAgent::getPreview):
2838 * interpreter/Interpreter.cpp:
2839 (JSC::notifyDebuggerOfUnwinding):
2840 * interpreter/ShadowChicken.cpp:
2841 (JSC::ShadowChicken::update):
2843 (JSC::JIT::privateCompileMainPass):
2844 * jit/JITOperations.cpp:
2845 (JSC::operationNewFunctionCommon):
2848 * runtime/BooleanObject.h:
2849 (JSC::asBooleanObject): Deleted.
2850 * runtime/BooleanPrototype.cpp:
2851 (JSC::booleanProtoFuncToString):
2852 (JSC::booleanProtoFuncValueOf):
2853 * runtime/DateConstructor.cpp:
2854 (JSC::constructDate):
2855 * runtime/DateInstance.h:
2856 (JSC::asDateInstance): Deleted.
2857 * runtime/DatePrototype.cpp:
2858 (JSC::formateDateInstance):
2859 (JSC::dateProtoFuncToISOString):
2860 (JSC::dateProtoFuncToLocaleString):
2861 (JSC::dateProtoFuncToLocaleDateString):
2862 (JSC::dateProtoFuncToLocaleTimeString):
2863 (JSC::dateProtoFuncGetTime):
2864 (JSC::dateProtoFuncGetFullYear):
2865 (JSC::dateProtoFuncGetUTCFullYear):
2866 (JSC::dateProtoFuncGetMonth):
2867 (JSC::dateProtoFuncGetUTCMonth):
2868 (JSC::dateProtoFuncGetDate):
2869 (JSC::dateProtoFuncGetUTCDate):
2870 (JSC::dateProtoFuncGetDay):
2871 (JSC::dateProtoFuncGetUTCDay):
2872 (JSC::dateProtoFuncGetHours):
2873 (JSC::dateProtoFuncGetUTCHours):
2874 (JSC::dateProtoFuncGetMinutes):
2875 (JSC::dateProtoFuncGetUTCMinutes):
2876 (JSC::dateProtoFuncGetSeconds):
2877 (JSC::dateProtoFuncGetUTCSeconds):
2878 (JSC::dateProtoFuncGetMilliSeconds):
2879 (JSC::dateProtoFuncGetUTCMilliseconds):
2880 (JSC::dateProtoFuncGetTimezoneOffset):
2881 (JSC::dateProtoFuncSetTime):
2882 (JSC::setNewValueFromTimeArgs):
2883 (JSC::setNewValueFromDateArgs):
2884 (JSC::dateProtoFuncSetYear):
2885 (JSC::dateProtoFuncGetYear):
2886 * runtime/ExceptionHelpers.cpp:
2887 (JSC::isTerminatedExecutionException):
2888 * runtime/FunctionPrototype.cpp:
2889 (JSC::functionProtoFuncToString):
2890 * runtime/InternalFunction.h:
2891 (JSC::asInternalFunction):
2892 * runtime/JSArray.h:
2894 * runtime/JSCJSValue.cpp:
2895 (JSC::JSValue::dumpForBacktrace const):
2896 * runtime/JSCJSValue.h:
2897 * runtime/JSCJSValueInlines.h:
2898 (JSC::JSValue::inherits const):
2900 (JSC::JSCastingHelpers::inheritsGenericImpl):
2901 (JSC::JSCastingHelpers::inheritsJSTypeImpl):
2902 (JSC::JSCastingHelpers::InheritsTraits::inherits):
2903 (JSC::JSCastingHelpers::inherits):
2904 (JSC::jsDynamicCast):
2905 (JSC::JSCastingHelpers::jsDynamicCastGenericImpl): Deleted.
2906 (JSC::JSCastingHelpers::jsDynamicCastJSTypeImpl): Deleted.
2907 (JSC::JSCastingHelpers::JSDynamicCastTraits::cast): Deleted.
2909 * runtime/JSCellInlines.h:
2910 (JSC::JSCell::inherits const):
2911 * runtime/JSFunction.cpp:
2912 (JSC::RetrieveCallerFunctionFunctor::operator() const):
2913 (JSC::JSFunction::callerGetter):
2914 (JSC::JSFunction::getOwnNonIndexPropertyNames):
2915 (JSC::JSFunction::reifyLazyBoundNameIfNeeded):
2916 * runtime/JSGlobalObject.cpp:
2918 * runtime/JSGlobalObject.h:
2919 (JSC::asGlobalObject): Deleted.
2920 * runtime/JSInternalPromiseDeferred.cpp:
2921 (JSC::JSInternalPromiseDeferred::create):
2922 * runtime/JSLexicalEnvironment.h:
2923 (JSC::asActivation):
2924 * runtime/JSONObject.cpp:
2925 (JSC::unwrapBoxedPrimitive):
2926 (JSC::Stringifier::Stringifier):
2927 (JSC::Walker::walk):
2928 * runtime/JSPromise.cpp:
2929 (JSC::JSPromise::resolve):
2930 * runtime/JSPromiseDeferred.cpp:
2931 (JSC::JSPromiseDeferred::create):
2933 * runtime/ProxyObject.h:
2934 (JSC::ProxyObject::create): Deleted.
2935 (JSC::ProxyObject::createStructure): Deleted.
2936 (JSC::ProxyObject::target const): Deleted.
2937 (JSC::ProxyObject::handler const): Deleted.
2938 * runtime/RegExpConstructor.cpp:
2939 (JSC::constructRegExp):
2940 * runtime/RegExpConstructor.h:
2941 (JSC::asRegExpConstructor):
2943 * runtime/RegExpObject.cpp:
2944 (JSC::RegExpObject::finishCreation):
2945 (JSC::RegExpObject::getOwnPropertySlot):
2946 (JSC::RegExpObject::defineOwnProperty):
2947 (JSC::regExpObjectSetLastIndexStrict):
2948 (JSC::regExpObjectSetLastIndexNonStrict):
2949 (JSC::RegExpObject::put):
2950 * runtime/RegExpObject.h:
2951 (JSC::RegExpObject::create): Deleted.
2952 (JSC::RegExpObject::setRegExp): Deleted.
2953 (JSC::RegExpObject::regExp const): Deleted.
2954 (JSC::RegExpObject::setLastIndex): Deleted.
2955 (JSC::RegExpObject::getLastIndex const): Deleted.
2956 (JSC::RegExpObject::test): Deleted.
2957 (JSC::RegExpObject::testInline): Deleted.
2958 (JSC::RegExpObject::createStructure): Deleted.
2959 (JSC::RegExpObject::offsetOfRegExp): Deleted.
2960 (JSC::RegExpObject::offsetOfLastIndex): Deleted.
2961 (JSC::RegExpObject::offsetOfLastIndexIsWritable): Deleted.
2962 (JSC::RegExpObject::allocationSize): Deleted.
2963 (JSC::asRegExpObject): Deleted.
2964 * runtime/RegExpPrototype.cpp:
2965 (JSC::regExpProtoFuncTestFast):
2966 (JSC::regExpProtoFuncExec):
2967 (JSC::regExpProtoFuncMatchFast):
2968 (JSC::regExpProtoFuncCompile):
2969 (JSC::regExpProtoGetterGlobal):
2970 (JSC::regExpProtoGetterIgnoreCase):
2971 (JSC::regExpProtoGetterMultiline):
2972 (JSC::regExpProtoGetterDotAll):
2973 (JSC::regExpProtoGetterSticky):
2974 (JSC::regExpProtoGetterUnicode):
2975 (JSC::regExpProtoGetterSource):
2976 (JSC::regExpProtoFuncSearchFast):
2977 (JSC::regExpProtoFuncSplitFast):
2978 * runtime/StringObject.h:
2979 (JSC::asStringObject): Deleted.
2980 * runtime/StringPrototype.cpp:
2981 (JSC::replaceUsingRegExpSearch):
2983 (JSC::stringProtoFuncReplaceUsingRegExp):
2984 (JSC::stringProtoFuncToString):
2985 * runtime/SymbolPrototype.cpp:
2986 (JSC::symbolProtoFuncToString):
2987 (JSC::symbolProtoFuncValueOf):
2988 * tools/JSDollarVM.cpp:
2989 (WTF::customGetValue):
2990 (WTF::customSetValue):
2991 * wasm/js/JSWebAssemblyHelpers.h:
2992 (JSC::isWebAssemblyHostFunction):
2993 * wasm/js/WebAssemblyWrapperFunction.cpp:
2994 (JSC::WebAssemblyWrapperFunction::create):
2996 2018-03-07 Tim Horton <timothy_horton@apple.com>
2998 Sort and separate FeatureDefines.xcconfig
2999 https://bugs.webkit.org/show_bug.cgi?id=183427
3001 Reviewed by Dan Bernstein.
3003 * Configurations/FeatureDefines.xcconfig:
3004 Sort and split FeatureDefines into paragraphs
3005 (to make it easier to sort later).
3007 2018-03-07 Keith Miller <keith_miller@apple.com>
3009 Unreviewed, fix 32-bit build.
3011 * dfg/DFGSpeculativeJIT.cpp:
3012 (JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
3014 2018-03-07 Keith Miller <keith_miller@apple.com>
3016 Meta-program setupArguments and callOperation
3017 https://bugs.webkit.org/show_bug.cgi?id=183263
3019 Rubber-stamped by Filip Pizlo.
3021 This patch removes all the custom overrides of callOperation and setupArguments
3022 throughout the JITs. In their place there is a new setupArguments that marshalls
3023 the arguments into place based on the type of the operation's function pointer.
3024 There were a couple of design choices in the implementation of setupArguments:
3026 1) We assume that no TrustedImm floating point values are passed.
3027 2) If ExecState* is the first argument the callFrameRegister should be marshalled implicitly.
3028 3) Types should not be implicitly converted (with the exception of DFG::RegisteredStructure -> Structure*)
3030 The new callOperation/setupArguments do their best to make sure
3031 it's hard to call a function with the wrong parameters. They will
3032 only try to pattern match if the types match up with the next
3033 passed argument. Additionally, the base case should static_assert
3034 of the number of inferred arguments does not match the arity of
3035 the operation's function pointer.
3037 * assembler/AbstractMacroAssembler.h:
3038 (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
3039 (JSC::AbstractMacroAssembler::TrustedImmPtr::asPtr):
3040 * assembler/MacroAssembler.h:
3041 (JSC::MacroAssembler::poke):
3042 (JSC::MacroAssembler::move):
3043 * assembler/MacroAssemblerARM64.h:
3044 (JSC::MacroAssemblerARM64::swap):
3045 * assembler/MacroAssemblerX86.h:
3046 (JSC::MacroAssemblerX86::storeDouble):
3047 * assembler/MacroAssemblerX86Common.h:
3048 (JSC::MacroAssemblerX86Common::loadDouble):
3049 (JSC::MacroAssemblerX86Common::swap):
3050 (JSC::MacroAssemblerX86Common::move):
3051 * bytecode/AccessCase.cpp:
3052 (JSC::AccessCase::generateImpl):
3053 * bytecode/AccessCaseSnippetParams.cpp:
3054 (JSC::SlowPathCallGeneratorWithArguments::generateImpl):
3055 * bytecode/PolymorphicAccess.cpp:
3056 (JSC::AccessGenerationState::emitExplicitExceptionHandler):
3057 * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
3059 * dfg/DFGOSRExit.cpp:
3060 (JSC::DFG::OSRExit::emitRestoreArguments):
3061 * dfg/DFGOSRExitCompilerCommon.cpp:
3062 (JSC::DFG::osrWriteBarrier):
3063 * dfg/DFGOperations.cpp:
3064 * dfg/DFGOperations.h:
3065 * dfg/DFGSlowPathGenerator.h:
3066 * dfg/DFGSpeculativeJIT.cpp:
3067 (JSC::DFG::SpeculativeJIT::compileArithDoubleUnaryOp):
3068 (JSC::DFG::SpeculativeJIT::compileArithMod):
3069 (JSC::DFG::SpeculativeJIT::compileArithRounding):
3070 (JSC::DFG::SpeculativeJIT::compileArithSqrt):
3071 (JSC::DFG::SpeculativeJIT::compileCreateActivation):
3072 (JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
3073 (JSC::DFG::SpeculativeJIT::emitSwitchStringOnString):
3074 * dfg/DFGSpeculativeJIT.h:
3075 (JSC::DFG::SpeculativeJIT::TrustedImmPtr::TrustedImmPtr):
3076 (JSC::DFG::SpeculativeJIT::TrustedImmPtr::operator MacroAssembler::TrustedImm const):
3077 (JSC::DFG::SpeculativeJIT::initConstantInfo):
3078 (JSC::DFG::SpeculativeJIT::callOperation):
3079 (JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
3080 (JSC::DFG::SpeculativeJIT::callCustomGetter): Deleted.
3081 * dfg/DFGSpeculativeJIT32_64.cpp:
3082 (JSC::DFG::SpeculativeJIT::cachedGetById):
3083 (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
3084 (JSC::DFG::SpeculativeJIT::cachedPutById):
3085 (JSC::DFG::SpeculativeJIT::emitCall):
3086 (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
3087 (JSC::DFG::SpeculativeJIT::compile):
3088 * dfg/DFGSpeculativeJIT64.cpp:
3089 (JSC::DFG::SpeculativeJIT::emitCall):
3090 (JSC::DFG::SpeculativeJIT::compile):
3091 * ftl/FTLLowerDFGToB3.cpp:
3092 (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
3093 (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
3094 (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
3095 * ftl/FTLOSRExitCompiler.cpp:
3096 (JSC::FTL::compileStub):
3097 * ftl/FTLSlowPathCall.h:
3098 (JSC::FTL::callOperation):
3099 * jit/AssemblyHelpers.cpp:
3100 (JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
3101 * jit/CCallHelpers.cpp:
3102 (JSC::CCallHelpers::ensureShadowChickenPacket):
3103 * jit/CCallHelpers.h:
3104 (JSC::CCallHelpers::setupArgument):
3105 (JSC::CCallHelpers::setupStubArgs):
3106 (JSC::CCallHelpers::ArgCollection::ArgCollection):
3107 (JSC::CCallHelpers::ArgCollection::pushRegArg):
3108 (JSC::CCallHelpers::ArgCollection::addGPRArg):
3109 (JSC::CCallHelpers::ArgCollection::addStackArg):
3110 (JSC::CCallHelpers::ArgCollection::addPoke):
3111 (JSC::CCallHelpers::ArgCollection::argCount):
3112 (JSC::CCallHelpers::clampArrayToSize):
3113 (JSC::CCallHelpers::pokeForArgument):
3114 (JSC::CCallHelpers::marshallArgumentRegister):
3115 (JSC::CCallHelpers::setupArgumentsImpl):
3116 (JSC::CCallHelpers::std::is_integral<CURRENT_ARGUMENT_TYPE>::value):
3117 (JSC::CCallHelpers::std::is_pointer<CURRENT_ARGUMENT_TYPE>::value):
3118 (JSC::CCallHelpers::setupArguments):
3119 (JSC::CCallHelpers::prepareForTailCallSlow):
3120 (JSC::CCallHelpers::setupArgumentsWithExecState): Deleted.
3121 (JSC::CCallHelpers::resetCallArguments): Deleted.
3122 (JSC::CCallHelpers::addCallArgument): Deleted.
3123 (JSC::CCallHelpers::setupArgumentsExecState): Deleted.
3124 (JSC::CCallHelpers::setupTwoStubArgsGPR): Deleted.
3125 (JSC::CCallHelpers::setupThreeStubArgsGPR): Deleted.
3126 (JSC::CCallHelpers::setupFourStubArgsGPR): Deleted.
3127 (JSC::CCallHelpers::setupFiveStubArgsGPR): Deleted.
3128 (JSC::CCallHelpers::setupTwoStubArgsFPR): Deleted.
3129 (JSC::CCallHelpers::setupStubArguments): Deleted.
3130 (JSC::CCallHelpers::setupArgumentsWithExecStateForCallWithSlowPathReturnType): Deleted.
3131 (JSC::CCallHelpers::setupStubArguments134): Deleted.
3132 (JSC::CCallHelpers::setupStubArgsGPR): Deleted.
3134 (JSC::toInfoFromReg):
3136 (JSC::JSValueRegs::JSValueRegs):
3137 (JSC::toInfoFromReg):
3139 (JSC::JIT::callOperation):
3140 (JSC::JIT::callOperationWithProfile):
3141 (JSC::JIT::callOperationWithResult):
3142 (JSC::JIT::callOperationNoExceptionCheck):
3143 (JSC::JIT::callOperationWithCallFrameRollbackOnException):
3144 * jit/JITArithmetic.cpp:
3145 (JSC::JIT::emitMathICFast):
3146 (JSC::JIT::emitMathICSlow):
3147 * jit/JITArithmetic32_64.cpp:
3148 (JSC::JIT::emit_compareAndJumpSlow):
3149 * jit/JITCall32_64.cpp:
3150 (JSC::JIT::compileSetupVarargsFrame):
3152 (JSC::JIT::callOperation): Deleted.
3153 (JSC::JIT::callOperationNoExceptionCheck): Deleted.
3154 (JSC::JIT::callOperationWithCallFrameRollbackOnException): Deleted.
3155 * jit/JITOpcodes.cpp:
3156 (JSC::JIT::emit_op_new_array_with_size):
3157 * jit/JITOpcodes32_64.cpp:
3158 (JSC::JIT::emitSlow_op_instanceof):
3159 (JSC::JIT::emitSlow_op_instanceof_custom):
3160 (JSC::JIT::emit_op_set_function_name):
3161 (JSC::JIT::emitSlow_op_eq):
3162 (JSC::JIT::emitSlow_op_neq):
3163 (JSC::JIT::emit_op_throw):
3164 (JSC::JIT::emit_op_switch_imm):
3165 (JSC::JIT::emit_op_switch_char):
3166 (JSC::JIT::emit_op_switch_string):
3167 (JSC::JIT::emitSlow_op_has_indexed_property):
3168 * jit/JITOperations.cpp:
3169 * jit/JITOperations.h:
3170 * jit/JITPropertyAccess.cpp:
3171 (JSC::JIT::emitGetByValWithCachedId):
3172 (JSC::JIT::emitSlow_op_get_by_id):
3173 (JSC::JIT::emitSlow_op_get_by_id_with_this):
3174 (JSC::JIT::emitSlow_op_get_from_scope):
3175 * jit/JITPropertyAccess32_64.cpp:
3176 (JSC::JIT::emit_op_put_by_index):
3177 (JSC::JIT::emit_op_put_setter_by_id):
3178 (JSC::JIT::emit_op_put_getter_setter_by_id):
3179 (JSC::JIT::emit_op_put_getter_by_val):
3180 (JSC::JIT::emit_op_put_setter_by_val):
3181 (JSC::JIT::emit_op_del_by_id):
3182 (JSC::JIT::emit_op_del_by_val):
3183 (JSC::JIT::emitGetByValWithCachedId):
3184 (JSC::JIT::emitSlow_op_get_by_val):
3185 (JSC::JIT::emitPutByValWithCachedId):
3186 (JSC::JIT::emitSlow_op_put_by_val):
3187 (JSC::JIT::emitSlow_op_try_get_by_id):
3188 (JSC::JIT::emitSlow_op_get_by_id):
3189 (JSC::JIT::emitSlow_op_get_by_id_with_this):
3190 (JSC::JIT::emitSlow_op_put_by_id):
3191 (JSC::JIT::emitSlow_op_get_from_scope):
3192 * jit/RegisterSet.h:
3193 (JSC::RegisterSet::RegisterSet):
3194 * jit/ThunkGenerators.cpp:
3195 (JSC::throwExceptionFromCallSlowPathGenerator):
3198 (GlobalObject::finishCreation):
3199 (functionBreakpoint):
3200 * runtime/JSCJSValue.h:
3201 * wasm/js/WasmToJS.cpp:
3202 (JSC::Wasm::wasmToJS):
3204 2018-03-07 Mark Lam <mark.lam@apple.com>
3206 Rename ProtoCallFrame::arityMissMatch to hasArityMismatch.
3207 https://bugs.webkit.org/show_bug.cgi?id=183414
3208 <rdar://problem/38231678>
3210 Reviewed by Michael Saboff.
3212 * interpreter/ProtoCallFrame.cpp:
3213 (JSC::ProtoCallFrame::init):
3214 * interpreter/ProtoCallFrame.h:
3216 2018-03-07 Mark Lam <mark.lam@apple.com>
3218 Simplify the variants of FunctionPtr constructors.
3219 https://bugs.webkit.org/show_bug.cgi?id=183399
3220 <rdar://problem/38212980>
3222 Reviewed by Yusuke Suzuki.
3224 * assembler/MacroAssemblerCodeRef.h:
3225 (JSC::FunctionPtr::FunctionPtr):
3227 2018-03-06 Filip Pizlo <fpizlo@apple.com>
3229 MarkedArgumentsBuffer should allocate from the JSValue Gigacage
3230 https://bugs.webkit.org/show_bug.cgi?id=183377
3232 Reviewed by Michael Saboff.
3234 That prevents it from being used to pivot UAF on malloc memory into corruption in the JS heap.
3236 * runtime/ArgList.cpp:
3237 (JSC::MarkedArgumentBuffer::expandCapacity):
3239 2018-03-07 Mark Lam <mark.lam@apple.com>
3241 Add support for ARM64E.
3242 https://bugs.webkit.org/show_bug.cgi?id=183398
3243 <rdar://problem/38212621>
3245 Reviewed by Michael Saboff.
3247 * assembler/MacroAssembler.h:
3248 * llint/LLIntOfflineAsmConfig.h:
3249 * llint/LowLevelInterpreter.asm:
3250 * llint/LowLevelInterpreter64.asm:
3251 * offlineasm/backends.rb:
3253 2018-03-07 Yusuke Suzuki <utatane.tea@gmail.com>
3255 HTML `pattern` attribute should set `u` flag for regular expressions
3256 https://bugs.webkit.org/show_bug.cgi?id=151598
3258 Reviewed by Chris Dumez.
3260 Add UnicodeMode for JSC::Yarr::RegularExpression.
3262 * yarr/RegularExpression.cpp:
3263 (JSC::Yarr::RegularExpression::Private::create):
3264 (JSC::Yarr::RegularExpression::Private::Private):
3265 (JSC::Yarr::RegularExpression::Private::compile):
3266 (JSC::Yarr::RegularExpression::RegularExpression):
3267 * yarr/RegularExpression.h:
3269 2018-03-07 Yusuke Suzuki <utatane.tea@gmail.com>
3271 [JSC] Add more JSType based fast path for jsDynamicCast
3272 https://bugs.webkit.org/show_bug.cgi?id=183403
3274 Reviewed by Mark Lam.
3276 We add more JSType based fast path for jsDynamicCast. Basically, we add miscellaneous JSTypes which
3277 are used for jsDynamicCast in JSC, arguments types, and scope types.
3279 We also add ClassInfo to JSScope and JSSegmentedVariableObject since they are used with jsDynamicCast.
3281 * jit/JITOperations.cpp:
3282 * llint/LLIntSlowPaths.cpp:
3283 (JSC::LLInt::setUpCall):
3284 * runtime/ClonedArguments.h:
3285 (JSC::ClonedArguments::specialsMaterialized const): Deleted.
3286 * runtime/DirectArguments.h:
3287 (JSC::DirectArguments::subspaceFor): Deleted.
3288 (JSC::DirectArguments::internalLength const): Deleted.
3289 (JSC::DirectArguments::length const): Deleted.
3290 (JSC::DirectArguments::isMappedArgument const): Deleted.
3291 (JSC::DirectArguments::isMappedArgumentInDFG const): Deleted.
3292 (JSC::DirectArguments::getIndexQuickly const): Deleted.
3293 (JSC::DirectArguments::setIndexQuickly): Deleted.
3294 (JSC::DirectArguments::callee): Deleted.
3295 (JSC::DirectArguments::argument): Deleted.
3296 (JSC::DirectArguments::overrodeThings const): Deleted.
3297 (JSC::DirectArguments::initModifiedArgumentsDescriptorIfNecessary): Deleted.
3298 (JSC::DirectArguments::setModifiedArgumentDescriptor): Deleted.
3299 (JSC::DirectArguments::isModifiedArgumentDescriptor): Deleted.
3300 (JSC::DirectArguments::offsetOfCallee): Deleted.
3301 (JSC::DirectArguments::offsetOfLength): Deleted.
3302 (JSC::DirectArguments::offsetOfMinCapacity): Deleted.
3303 (JSC::DirectArguments::offsetOfMappedArguments): Deleted.
3304 (JSC::DirectArguments::offsetOfModifiedArgumentsDescriptor): Deleted.
3305 (JSC::DirectArguments::storageOffset): Deleted.
3306 (JSC::DirectArguments::offsetOfSlot): Deleted.
3307 (JSC::DirectArguments::allocationSize): Deleted.
3308 (JSC::DirectArguments::storage): Deleted.
3310 * runtime/JSGlobalLexicalEnvironment.h:
3311 (JSC::JSGlobalLexicalEnvironment::create): Deleted.
3312 (JSC::JSGlobalLexicalEnvironment::isEmpty const): Deleted.
3313 (JSC::JSGlobalLexicalEnvironment::createStructure): Deleted.
3314 (JSC::JSGlobalLexicalEnvironment::JSGlobalLexicalEnvironment): Deleted.
3315 * runtime/JSGlobalObject.cpp:
3316 (JSC::JSGlobalObject::finishCreation):
3318 (JSC::isJSMap): Deleted.
3319 * runtime/JSModuleEnvironment.h:
3320 (JSC::JSModuleEnvironment::create): Deleted.
3321 (JSC::JSModuleEnvironment::createStructure): Deleted.
3322 (JSC::JSModuleEnvironment::offsetOfModuleRecord): Deleted.
3323 (JSC::JSModuleEnvironment::allocationSize): Deleted.
3324 (JSC::JSModuleEnvironment::moduleRecord): Deleted.
3325 (JSC::JSModuleEnvironment::moduleRecordSlot): Deleted.
3326 * runtime/JSObject.cpp:
3327 (JSC::canDoFastPutDirectIndex):
3328 (JSC::JSObject::defineOwnIndexedProperty):
3329 (JSC::JSObject::putDirectIndexSlowOrBeyondVectorLength):
3330 * runtime/JSObject.h:
3331 (JSC::JSFinalObject::allocationSize): Deleted.
3332 (JSC::JSFinalObject::typeInfo): Deleted.
3333 (JSC::JSFinalObject::defaultInlineCapacity): Deleted.
3334 (JSC::JSFinalObject::maxInlineCapacity): Deleted.
3335 (JSC::JSFinalObject::createStructure): Deleted.
3336 (JSC::JSFinalObject::finishCreation): Deleted.
3337 (JSC::JSFinalObject::JSFinalObject): Deleted.
3338 (JSC::isJSFinalObject): Deleted.
3339 * runtime/JSScope.cpp:
3340 * runtime/JSScope.h:
3341 * runtime/JSSegmentedVariableObject.cpp:
3342 * runtime/JSSegmentedVariableObject.h:
3344 (JSC::isJSSet): Deleted.
3346 * runtime/JSWeakMap.h:
3347 (JSC::isJSWeakMap): Deleted.
3348 * runtime/JSWeakSet.h:
3349 (JSC::isJSWeakSet): Deleted.
3350 * runtime/JSWithScope.h:
3351 (JSC::JSWithScope::object): Deleted.
3352 * runtime/MapConstructor.cpp:
3353 (JSC::constructMap):
3354 (JSC::mapPrivateFuncMapBucketHead):
3355 * runtime/MapPrototype.cpp:
3357 * runtime/NumberObject.cpp:
3358 (JSC::NumberObject::finishCreation):
3359 * runtime/NumberPrototype.cpp:
3360 (JSC::toThisNumber):
3361 (JSC::numberProtoFuncToExponential):
3362 (JSC::numberProtoFuncToFixed):
3363 (JSC::numberProtoFuncToPrecision):
3364 (JSC::numberProtoFuncToString):
3365 (JSC::numberProtoFuncToLocaleString):
3366 (JSC::numberProtoFuncValueOf):
3367 * runtime/ObjectConstructor.cpp:
3368 (JSC::objectConstructorSeal):
3369 (JSC::objectConstructorFreeze):
3370 (JSC::objectConstructorIsSealed):
3371 (JSC::objectConstructorIsFrozen):
3372 * runtime/ProxyObject.cpp:
3373 (JSC::ProxyObject::finishCreation):
3374 * runtime/ScopedArguments.h:
3375 (JSC::ScopedArguments::subspaceFor): Deleted.
3376 (JSC::ScopedArguments::internalLength const): Deleted.
3377 (JSC::ScopedArguments::length const): Deleted.
3378 (JSC::ScopedArguments::isMappedArgument const): Deleted.
3379 (JSC::ScopedArguments::isMappedArgumentInDFG const): Deleted.
3380 (JSC::ScopedArguments::getIndexQuickly const): Deleted.
3381 (JSC::ScopedArguments::setIndexQuickly): Deleted.
3382 (JSC::ScopedArguments::callee): Deleted.
3383 (JSC::ScopedArguments::overrodeThings const): Deleted.
3384 (JSC::ScopedArguments::initModifiedArgumentsDescriptorIfNecessary): Deleted.
3385 (JSC::ScopedArguments::setModifiedArgumentDescriptor): Deleted.
3386 (JSC::ScopedArguments::isModifiedArgumentDescriptor): Deleted.
3387 (JSC::ScopedArguments::offsetOfOverrodeThings): Deleted.
3388 (JSC::ScopedArguments::offsetOfTotalLength): Deleted.
3389 (JSC::ScopedArguments::offsetOfTable): Deleted.
3390 (JSC::ScopedArguments::offsetOfScope): Deleted.
3391 (JSC::ScopedArguments::overflowStorageOffset): Deleted.
3392 (JSC::ScopedArguments::allocationSize): Deleted.
3393 (JSC::ScopedArguments::overflowStorage const): Deleted.
3394 * runtime/SetConstructor.cpp:
3395 (JSC::constructSet):
3396 (JSC::setPrivateFuncSetBucketHead):
3397 * runtime/SetPrototype.cpp:
3399 * runtime/StrictEvalActivation.h:
3400 (JSC::StrictEvalActivation::create): Deleted.
3401 (JSC::StrictEvalActivation::createStructure): Deleted.
3402 * runtime/WeakMapPrototype.cpp:
3404 * runtime/WeakSetPrototype.cpp:
3407 2018-03-07 Dominik Infuehr <dinfuehr@igalia.com>
3409 [ARM] offlineasm: fix indentation in armOpcodeReversedOperands
3410 https://bugs.webkit.org/show_bug.cgi?id=183400
3412 Reviewed by Mark Lam.
3414 * offlineasm/arm.rb:
3416 2018-03-06 Mark Lam <mark.lam@apple.com>
3418 Prepare LLInt code to support pointer profiling.
3419 https://bugs.webkit.org/show_bug.cgi?id=183387
3420 <rdar://problem/38199678>
3422 Reviewed by JF Bastien.
3424 1. Introduced PtrTag enums for supporting pointer profiling later.
3426 2. Also introduced tagging, untagging, retagging, and tag removal placeholder
3427 template functions for the same purpose.
3429 3. Prepare the offlineasm for supporting pointer profiling later.
3431 4. Tagged some pointers in LLInt asm code. Currently, these should have no
3434 5. Removed returnToThrowForThrownException() because it is not used anywhere.
3436 6. Added the offlineasm folder to JavaScriptCore Xcode project so that it's
3437 easier to view and edit these files in Xcode.
3440 * JavaScriptCore.xcodeproj/project.pbxproj:
3441 * bytecode/LLIntCallLinkInfo.h:
3442 (JSC::LLIntCallLinkInfo::unlink):
3443 * llint/LLIntData.cpp:
3444 (JSC::LLInt::initialize):
3445 * llint/LLIntData.h:
3446 * llint/LLIntExceptions.cpp:
3447 (JSC::LLInt::returnToThrowForThrownException): Deleted.
3448 * llint/LLIntExceptions.h:
3449 * llint/LLIntOfflineAsmConfig.h:
3450 * llint/LLIntOffsetsExtractor.cpp:
3451 * llint/LLIntPCRanges.h:
3452 (JSC::LLInt::isLLIntPC):
3453 * llint/LLIntSlowPaths.cpp:
3454 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3455 (JSC::LLInt::handleHostCall):
3456 (JSC::LLInt::setUpCall):
3457 * llint/LowLevelInterpreter.asm:
3458 * llint/LowLevelInterpreter32_64.asm:
3459 * llint/LowLevelInterpreter64.asm:
3460 * offlineasm/ast.rb:
3461 * offlineasm/instructions.rb:
3462 * offlineasm/risc.rb:
3463 * runtime/PtrTag.h: Added.
3464 (JSC::uniquePtrTagID):
3467 (JSC::untagCodePtr):
3468 (JSC::retagCodePtr):
3469 (JSC::removeCodePtrTag):
3471 2018-03-06 Dominik Infuehr <dinfuehr@igalia.com>
3473 [ARM] Assembler warnings: "use of r13 is deprecated"
git://git.webkit.org / WebKit.git / blob