Unreviewed, rolling out r209766.
[WebKit.git] / Source / JavaScriptCore / ChangeLog
1 2016-12-14  Chris Dumez  <cdumez@apple.com>
2
3         Unreviewed, rolling out r209766.
4
5         Regressed Dromaeo JSLib by ~50%
6
7         Reverted changeset:
8
9         "Make opaque root scanning truly constraint-based"
10         https://bugs.webkit.org/show_bug.cgi?id=165760
11         http://trac.webkit.org/changeset/209766
12
13 2016-12-14  Commit Queue  <commit-queue@webkit.org>
14
15         Unreviewed, rolling out r209795.
16         https://bugs.webkit.org/show_bug.cgi?id=165853
17
18         rolled out the wrong revision (Requested by pizlo on #webkit).
19
20         Reverted changeset:
21
22         "MarkedBlock::marksConveyLivenessDuringMarking should take
23         into account collection scope"
24         https://bugs.webkit.org/show_bug.cgi?id=165741
25         http://trac.webkit.org/changeset/209795
26
27 2016-12-14  Filip Pizlo  <fpizlo@apple.com>
28
29         Unreviewed, disable concurrent GC on ARM while we investigate a memory use regression.
30
31         * runtime/Options.cpp:
32         (JSC::recomputeDependentOptions):
33
34 2016-12-13  Yusuke Suzuki  <utatane.tea@gmail.com>
35
36         Use JSValue::toWTFString instead of calling toString(exec) and value(exec)
37         https://bugs.webkit.org/show_bug.cgi?id=165795
38
39         Reviewed by Saam Barati.
40
41         In old days, we frequently use the idiom like, `value.toString(exec)->value(exec)` to
42         get WTFString from the given JSValue. But now, we have better function, `toWTFString`.
43         `toWTFString` does not create intermediate JSString objects, then reduce unnecessary
44         allocations.
45
46         This patch mechanically replaces `value.toString(exec)->value(exec)` with `toWTFString(exec)`.
47
48         * API/JSValueRef.cpp:
49         (JSValueToStringCopy):
50         * bindings/ScriptValue.cpp:
51         (Deprecated::ScriptValue::toString):
52         * inspector/JSGlobalObjectInspectorController.cpp:
53         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
54         * inspector/JSInjectedScriptHost.cpp:
55         (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
56         * inspector/JSJavaScriptCallFrame.cpp:
57         (Inspector::JSJavaScriptCallFrame::evaluateWithScopeExtension):
58         * inspector/ScriptCallStackFactory.cpp:
59         (Inspector::extractSourceInformationFromException):
60         * runtime/ConsoleObject.cpp:
61         (JSC::valueToStringWithUndefinedOrNullCheck):
62         (JSC::valueOrDefaultLabelString):
63         * runtime/DateConstructor.cpp:
64         (JSC::dateParse):
65         * runtime/DatePrototype.cpp:
66         (JSC::formatLocaleDate):
67         * runtime/ErrorInstance.cpp:
68         (JSC::ErrorInstance::sanitizedToString):
69         * runtime/ErrorPrototype.cpp:
70         (JSC::errorProtoFuncToString):
71         * runtime/InspectorInstrumentationObject.cpp:
72         (JSC::inspectorInstrumentationObjectLog):
73         * runtime/JSGlobalObjectFunctions.cpp:
74         (JSC::globalFuncEval):
75         * runtime/JSModuleLoader.cpp:
76         (JSC::JSModuleLoader::fetch):
77         * runtime/ModuleLoaderPrototype.cpp:
78         (JSC::moduleLoaderPrototypeParseModule):
79         * runtime/RegExpConstructor.cpp:
80         (JSC::regExpCreate):
81         * runtime/RegExpPrototype.cpp:
82         (JSC::regExpProtoFuncCompile):
83         (JSC::regExpProtoFuncToString):
84         * runtime/StringPrototype.cpp:
85         (JSC::replaceUsingRegExpSearch):
86         (JSC::replaceUsingStringSearch):
87         (JSC::stringProtoFuncSlice):
88         (JSC::stringProtoFuncSplitFast):
89         (JSC::stringProtoFuncSubstr):
90         (JSC::stringProtoFuncLocaleCompare):
91         (JSC::stringProtoFuncBig):
92         (JSC::stringProtoFuncSmall):
93         (JSC::stringProtoFuncBlink):
94         (JSC::stringProtoFuncBold):
95         (JSC::stringProtoFuncFixed):
96         (JSC::stringProtoFuncItalics):
97         (JSC::stringProtoFuncStrike):
98         (JSC::stringProtoFuncSub):
99         (JSC::stringProtoFuncSup):
100         (JSC::stringProtoFuncFontcolor):
101         (JSC::stringProtoFuncFontsize):
102         (JSC::stringProtoFuncAnchor):
103         (JSC::stringProtoFuncLink):
104         (JSC::trimString):
105         (JSC::stringProtoFuncStartsWith):
106         (JSC::stringProtoFuncEndsWith):
107         (JSC::stringProtoFuncIncludes):
108         (JSC::builtinStringIncludesInternal):
109         (JSC::stringProtoFuncNormalize):
110         * tools/JSDollarVMPrototype.cpp:
111         (JSC::functionPrint):
112         * wasm/js/JSWebAssemblyCompileError.h:
113         (JSC::JSWebAssemblyCompileError::create):
114         * wasm/js/JSWebAssemblyRuntimeError.h:
115         (JSC::JSWebAssemblyRuntimeError::create):
116
117 2016-12-14  Gavin Barraclough  <barraclough@apple.com>
118
119         MarkedBlock::marksConveyLivenessDuringMarking should take into account collection scope
120         https://bugs.webkit.org/show_bug.cgi?id=165741
121
122         Unreviewed rollout due to performance regression.
123
124         * CMakeLists.txt:
125         * JavaScriptCore.xcodeproj/project.pbxproj:
126         * heap/CellContainer.cpp: Removed.
127         * heap/CellContainer.h:
128         * heap/MarkedAllocator.cpp:
129         (JSC::MarkedAllocator::addBlock):
130         (JSC::MarkedAllocator::removeBlock):
131         (JSC::MarkedAllocator::dumpBits):
132         * heap/MarkedAllocator.h:
133         (JSC::MarkedAllocator::forEachBitVector):
134         (JSC::MarkedAllocator::forEachBitVectorWithName):
135         * heap/MarkedBlock.cpp:
136         (JSC::MarkedBlock::tryCreate):
137         (JSC::MarkedBlock::Handle::~Handle):
138         (JSC::MarkedBlock::MarkedBlock):
139         (JSC::MarkedBlock::Handle::specializedSweep):
140         (JSC::MarkedBlock::Handle::sweepHelperSelectMarksMode):
141         (JSC::MarkedBlock::Handle::stopAllocating):
142         (JSC::MarkedBlock::Handle::resumeAllocating):
143         (JSC::MarkedBlock::aboutToMarkSlow):
144         (JSC::MarkedBlock::Handle::didConsumeFreeList):
145         (JSC::MarkedBlock::Handle::dumpState): Deleted.
146         * heap/MarkedBlock.h:
147         (JSC::MarkedBlock::isMarked):
148         (JSC::MarkedBlock::markingVersion): Deleted.
149         (JSC::MarkedBlock::isMarkedRaw): Deleted.
150         * heap/MarkedBlockInlines.h:
151         (JSC::MarkedBlock::marksConveyLivenessDuringMarking):
152         * heap/SlotVisitor.cpp:
153         (JSC::SlotVisitor::appendJSCellOrAuxiliary):
154         * runtime/Options.h:
155         * runtime/StructureIDTable.h:
156         (JSC::StructureIDTable::get):
157         (JSC::StructureIDTable::size): Deleted.
158
159 2016-12-13  Commit Queue  <commit-queue@webkit.org>
160
161         Unreviewed, rolling out r209792.
162         https://bugs.webkit.org/show_bug.cgi?id=165841
163
164         Cause build failures (Requested by yusukesuzuki on #webkit).
165
166         Reverted changeset:
167
168         "Use JSValue::toWTFString instead of calling toString(exec)
169         and value(exec)"
170         https://bugs.webkit.org/show_bug.cgi?id=165795
171         http://trac.webkit.org/changeset/209792
172
173 2016-12-13  Yusuke Suzuki  <utatane.tea@gmail.com>
174
175         Use JSValue::toWTFString instead of calling toString(exec) and value(exec)
176         https://bugs.webkit.org/show_bug.cgi?id=165795
177
178         Reviewed by Saam Barati.
179
180         In old days, we frequently use the idiom like, `value.toString(exec)->value(exec)` to
181         get WTFString from the given JSValue. But now, we have better function, `toWTFString`.
182         `toWTFString` does not create intermediate JSString objects, then reduce unnecessary
183         allocations.
184
185         This patch mechanically replaces `value.toString(exec)->value(exec)` with `toWTFString(exec)`.
186
187         * API/JSValueRef.cpp:
188         (JSValueToStringCopy):
189         * bindings/ScriptValue.cpp:
190         (Deprecated::ScriptValue::toString):
191         * inspector/JSGlobalObjectInspectorController.cpp:
192         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
193         * inspector/JSInjectedScriptHost.cpp:
194         (Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
195         * inspector/JSJavaScriptCallFrame.cpp:
196         (Inspector::JSJavaScriptCallFrame::evaluateWithScopeExtension):
197         * inspector/ScriptCallStackFactory.cpp:
198         (Inspector::extractSourceInformationFromException):
199         * runtime/ConsoleObject.cpp:
200         (JSC::valueToStringWithUndefinedOrNullCheck):
201         (JSC::valueOrDefaultLabelString):
202         * runtime/DateConstructor.cpp:
203         (JSC::dateParse):
204         * runtime/DatePrototype.cpp:
205         (JSC::formatLocaleDate):
206         * runtime/ErrorInstance.cpp:
207         (JSC::ErrorInstance::sanitizedToString):
208         * runtime/ErrorPrototype.cpp:
209         (JSC::errorProtoFuncToString):
210         * runtime/InspectorInstrumentationObject.cpp:
211         (JSC::inspectorInstrumentationObjectLog):
212         * runtime/JSCJSValue.cpp:
213         (JSC::JSValue::toWTFStringSlowCase):
214         * runtime/JSGlobalObjectFunctions.cpp:
215         (JSC::globalFuncEval):
216         * runtime/JSModuleLoader.cpp:
217         (JSC::JSModuleLoader::fetch):
218         * runtime/ModuleLoaderPrototype.cpp:
219         (JSC::moduleLoaderPrototypeParseModule):
220         * runtime/RegExpConstructor.cpp:
221         (JSC::regExpCreate):
222         * runtime/RegExpPrototype.cpp:
223         (JSC::regExpProtoFuncCompile):
224         (JSC::regExpProtoFuncToString):
225         * runtime/StringPrototype.cpp:
226         (JSC::replaceUsingRegExpSearch):
227         (JSC::replaceUsingStringSearch):
228         (JSC::stringProtoFuncSlice):
229         (JSC::stringProtoFuncSplitFast):
230         (JSC::stringProtoFuncSubstr):
231         (JSC::stringProtoFuncLocaleCompare):
232         (JSC::stringProtoFuncBig):
233         (JSC::stringProtoFuncSmall):
234         (JSC::stringProtoFuncBlink):
235         (JSC::stringProtoFuncBold):
236         (JSC::stringProtoFuncFixed):
237         (JSC::stringProtoFuncItalics):
238         (JSC::stringProtoFuncStrike):
239         (JSC::stringProtoFuncSub):
240         (JSC::stringProtoFuncSup):
241         (JSC::stringProtoFuncFontcolor):
242         (JSC::stringProtoFuncFontsize):
243         (JSC::stringProtoFuncAnchor):
244         (JSC::stringProtoFuncLink):
245         (JSC::trimString):
246         (JSC::stringProtoFuncStartsWith):
247         (JSC::stringProtoFuncEndsWith):
248         (JSC::stringProtoFuncIncludes):
249         (JSC::builtinStringIncludesInternal):
250         (JSC::stringProtoFuncNormalize):
251         * tools/JSDollarVMPrototype.cpp:
252         (JSC::functionPrint):
253         * wasm/js/JSWebAssemblyCompileError.h:
254         (JSC::JSWebAssemblyCompileError::create):
255         * wasm/js/JSWebAssemblyRuntimeError.h:
256         (JSC::JSWebAssemblyRuntimeError::create):
257
258 2016-12-13  Saam Barati  <sbarati@apple.com>
259
260         WebAssembly: implement the elements section
261         https://bugs.webkit.org/show_bug.cgi?id=165715
262
263         Reviewed by Keith Miller.
264
265         This is a straight forward implementation of the Element
266         section in the Wasm spec:
267         https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#element-section
268         
269         There are a few ambiguities I encountered when implementing this, so I've
270         filed bugs against the Wasm design repo, and corresponding bugzilla bugs
271         for us to address after they've been discussed by the various Wasm folks:
272         - https://bugs.webkit.org/show_bug.cgi?id=165827
273         - https://bugs.webkit.org/show_bug.cgi?id=165826
274         - https://bugs.webkit.org/show_bug.cgi?id=165825
275
276         * wasm/WasmFormat.h:
277         * wasm/WasmModuleParser.cpp:
278         (JSC::Wasm::ModuleParser::parseElement):
279         (JSC::Wasm::ModuleParser::parseInitExpr):
280         (JSC::Wasm::ModuleParser::parseData):
281         * wasm/WasmModuleParser.h:
282         * wasm/js/WebAssemblyModuleRecord.cpp:
283         (JSC::WebAssemblyModuleRecord::evaluate):
284
285 2016-12-13  Chris Dumez  <cdumez@apple.com>
286
287         Unreviewed, rolling out r209544.
288
289         Looks like r209489 did not cause the performance regression
290         after all
291
292         Reverted changeset:
293
294         "Unreviewed, rolling out r209489."
295         https://bugs.webkit.org/show_bug.cgi?id=165550
296         http://trac.webkit.org/changeset/209544
297
298 2016-12-13  Saam Barati  <sbarati@apple.com>
299
300         WebAssembly: implement the table section and table import
301         https://bugs.webkit.org/show_bug.cgi?id=165716
302
303         Reviewed by Keith Miller.
304
305         This patch implements the Table space for wasm:
306         https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#table-section
307
308         It only implements defining and importing a table. The bulk
309         of this patch is implementing the various wasm Table prototype
310         methods and the underlying Table object:
311         https://github.com/WebAssembly/design/blob/master/JS.md#webassemblytable-constructor
312
313         This patch also fixes a bug in our implementation with call_indirect.
314         We initially implemented call_indirect as a way to call functions that
315         are imported or defined in the module. This was the wrong
316         interpretation of the spec. Instead, call_indirect can only index into
317         the table index space.
318
319         * JavaScriptCore.xcodeproj/project.pbxproj:
320         * wasm/WasmB3IRGenerator.cpp:
321         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
322         (JSC::Wasm::B3IRGenerator::addCallIndirect):
323         (JSC::Wasm::parseAndCompile):
324         * wasm/WasmFormat.h:
325         (JSC::Wasm::TableInformation::TableInformation):
326         (JSC::Wasm::TableInformation::operator bool):
327         (JSC::Wasm::TableInformation::isImport):
328         (JSC::Wasm::TableInformation::initial):
329         (JSC::Wasm::TableInformation::maximum):
330         (JSC::Wasm::CallableFunction::CallableFunction):
331         * wasm/WasmFunctionParser.h:
332         (JSC::Wasm::FunctionParser<Context>::parseExpression):
333         * wasm/WasmModuleParser.cpp:
334         (JSC::Wasm::ModuleParser::parseImport):
335         (JSC::Wasm::ModuleParser::parseResizableLimits):
336         (JSC::Wasm::ModuleParser::parseTableHelper):
337         (JSC::Wasm::ModuleParser::parseTable):
338         (JSC::Wasm::ModuleParser::parseMemoryHelper):
339         (JSC::Wasm::ModuleParser::parseExport):
340         * wasm/WasmModuleParser.h:
341         * wasm/js/JSWebAssemblyHelpers.h: Added.
342         (JSC::toNonWrappingUint32):
343         * wasm/js/JSWebAssemblyInstance.cpp:
344         (JSC::JSWebAssemblyInstance::visitChildren):
345         * wasm/js/JSWebAssemblyInstance.h:
346         (JSC::JSWebAssemblyInstance::table):
347         (JSC::JSWebAssemblyInstance::setTable):
348         (JSC::JSWebAssemblyInstance::offsetOfTable):
349         * wasm/js/JSWebAssemblyTable.cpp:
350         (JSC::JSWebAssemblyTable::create):
351         (JSC::JSWebAssemblyTable::JSWebAssemblyTable):
352         (JSC::JSWebAssemblyTable::visitChildren):
353         (JSC::JSWebAssemblyTable::grow):
354         (JSC::JSWebAssemblyTable::clearFunction):
355         (JSC::JSWebAssemblyTable::setFunction):
356         * wasm/js/JSWebAssemblyTable.h:
357         (JSC::JSWebAssemblyTable::maximum):
358         (JSC::JSWebAssemblyTable::size):
359         (JSC::JSWebAssemblyTable::getFunction):
360         (JSC::JSWebAssemblyTable::offsetOfSize):
361         (JSC::JSWebAssemblyTable::offsetOfFunctions):
362         (JSC::JSWebAssemblyTable::isValidSize):
363         * wasm/js/WebAssemblyFunction.cpp:
364         (JSC::WebAssemblyFunction::call):
365         (JSC::WebAssemblyFunction::create):
366         (JSC::WebAssemblyFunction::visitChildren):
367         (JSC::WebAssemblyFunction::finishCreation):
368         * wasm/js/WebAssemblyFunction.h:
369         (JSC::WebAssemblyFunction::signature):
370         (JSC::WebAssemblyFunction::wasmEntrypoint):
371         (JSC::WebAssemblyFunction::webAssemblyCallee): Deleted.
372         * wasm/js/WebAssemblyInstanceConstructor.cpp:
373         (JSC::constructJSWebAssemblyInstance):
374         * wasm/js/WebAssemblyMemoryConstructor.cpp:
375         (JSC::constructJSWebAssemblyMemory):
376         * wasm/js/WebAssemblyModuleRecord.cpp:
377         (JSC::WebAssemblyModuleRecord::finishCreation):
378         (JSC::WebAssemblyModuleRecord::link):
379         * wasm/js/WebAssemblyTableConstructor.cpp:
380         (JSC::constructJSWebAssemblyTable):
381         * wasm/js/WebAssemblyTablePrototype.cpp:
382         (JSC::getTable):
383         (JSC::webAssemblyTableProtoFuncLength):
384         (JSC::webAssemblyTableProtoFuncGrow):
385         (JSC::webAssemblyTableProtoFuncGet):
386         (JSC::webAssemblyTableProtoFuncSet):
387         (JSC::WebAssemblyTablePrototype::create):
388         (JSC::WebAssemblyTablePrototype::finishCreation):
389         * wasm/js/WebAssemblyTablePrototype.h:
390
391 2016-12-13  Filip Pizlo  <fpizlo@apple.com>
392
393         Add null checks to opaque root APIs.
394
395         Rubber stamped by Saam Barati. 
396
397         If we got a crash report about null in the opaque root HashSet, we would probably not
398         celebrate how great it is that we found out about a new race - instead we would probably
399         be annoyed that null wasn't just silently ignored.
400
401         * heap/SlotVisitor.cpp:
402         (JSC::SlotVisitor::addOpaqueRoot):
403         (JSC::SlotVisitor::containsOpaqueRoot):
404         (JSC::SlotVisitor::containsOpaqueRootTriState):
405
406 2016-12-13  Filip Pizlo  <fpizlo@apple.com>
407
408         Make opaque root scanning truly constraint-based
409         https://bugs.webkit.org/show_bug.cgi?id=165760
410
411         Reviewed by Saam Barati.
412         
413         We have bugs when visitChildren() changes its mind about what opaque root to add, since
414         we don't have barriers on opaque roots. This supposedly once worked for generational GC,
415         and I started adding more barriers to support concurrent GC. But I think that the real
416         bug here is that we want the JSObject->OpaqueRoot to be evaluated as a constraint that
417         participates in the fixpoint. A constraint is different from the normal visiting in that
418         the GC will not wait for a barrier to rescan the object.
419         
420         So, it's now possible for any visitChildren() method to become a constraint by calling
421         slotVisitor.rescanAsConstraint(). Because opaque roots are constraints, addOpaqueRoot()
422         does rescanAsConstraint() for you.
423         
424         The constraint set is simply a HashSet<JSCell*> that accumulates with every
425         rescanAsConstraint() call and is only cleared at the start of full GC. This trivially
426         resolves most classes of GC bugs that would have arisen from opaque roots being changed
427         in a way that the GC did not anticipate.
428         
429         Looks like this is perf-neutral.
430         
431         * heap/Heap.cpp:
432         (JSC::Heap::markToFixpoint):
433         (JSC::Heap::setMutatorShouldBeFenced):
434         (JSC::Heap::writeBarrierOpaqueRootSlow): Deleted.
435         (JSC::Heap::addMutatorShouldBeFencedCache): Deleted.
436         * heap/Heap.h:
437         * heap/HeapInlines.h:
438         (JSC::Heap::writeBarrierOpaqueRoot): Deleted.
439         * heap/MarkedSpace.cpp:
440         (JSC::MarkedSpace::visitWeakSets):
441         * heap/MarkedSpace.h:
442         * heap/SlotVisitor.cpp:
443         (JSC::SlotVisitor::visitChildren):
444         (JSC::SlotVisitor::visitSubsequently):
445         (JSC::SlotVisitor::drain):
446         (JSC::SlotVisitor::addOpaqueRoot):
447         (JSC::SlotVisitor::rescanAsConstraint):
448         (JSC::SlotVisitor::mergeIfNecessary):
449         (JSC::SlotVisitor::mergeOpaqueRootsAndConstraints):
450         (JSC::SlotVisitor::mergeOpaqueRootsIfNecessary): Deleted.
451         * heap/SlotVisitor.h:
452         * heap/SlotVisitorInlines.h:
453         (JSC::SlotVisitor::reportExtraMemoryVisited):
454         (JSC::SlotVisitor::reportExternalMemoryVisited):
455         (JSC::SlotVisitor::didNotRace):
456         * heap/WeakBlock.cpp:
457         (JSC::WeakBlock::specializedVisit):
458         (JSC::WeakBlock::visit):
459         * heap/WeakBlock.h:
460         * heap/WeakSet.h:
461         (JSC::WeakSet::visit):
462
463 2016-12-13  Commit Queue  <commit-queue@webkit.org>
464
465         Unreviewed, rolling out r209725.
466         https://bugs.webkit.org/show_bug.cgi?id=165811
467
468         "Broke ARMv7 builds" (Requested by msaboff on #webkit).
469
470         Reverted changeset:
471
472         "REGRESSION(r209653): speedometer crashes making virtual slow
473         path tailcalls"
474         https://bugs.webkit.org/show_bug.cgi?id=165748
475         http://trac.webkit.org/changeset/209725
476
477 2016-12-13  Filip Pizlo  <fpizlo@apple.com>
478
479         Unreviewed, revert the collectorPermittedIdleRatio back to 0 because of 100MB
480         regression on membuster. Also, it didn't seem to help perf.
481
482         * runtime/Options.h:
483
484 2016-12-13  JF Bastien  <jfbastien@apple.com>
485
486         [WTF] Turn tryMakeString(), makeString() into variadic templates
487         https://bugs.webkit.org/show_bug.cgi?id=147142
488
489         Reviewed by Mark Lam.
490
491         * runtime/JSStringBuilder.h:
492         (JSC::jsMakeNontrivialString): remove WTF:: prefix, it isn't needed anymore
493         * runtime/Lookup.cpp:
494         (JSC::reifyStaticAccessor): remove WTF:: prefix, it isn't needed anymore
495         * runtime/ObjectPrototype.cpp:
496         (JSC::objectProtoFuncToString): remove WTF:: prefix, it isn't needed anymore
497
498 2016-12-12  Mark Lam  <mark.lam@apple.com>
499
500         Rename BytecodeGenerator's ControlFlowContext to ControlFlowScope.
501         https://bugs.webkit.org/show_bug.cgi?id=165777
502
503         Reviewed by Keith Miller.
504
505         The existing code sometimes refer to ControlFlowContext (and associated references)
506         as context, and sometimes as scope.  Let's be consistent and always call it a scope.
507
508         Also renamed push/popScopedControlFlowContext() to push/popLocalControlFlowScope()
509         because these are only used when we inc/dec the m_localScopeDepth.
510
511         * bytecompiler/BytecodeGenerator.cpp:
512         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
513         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
514         (JSC::BytecodeGenerator::popLexicalScopeInternal):
515         (JSC::BytecodeGenerator::emitPushWithScope):
516         (JSC::BytecodeGenerator::emitPopWithScope):
517         (JSC::BytecodeGenerator::pushFinallyControlFlowScope):
518         (JSC::BytecodeGenerator::pushIteratorCloseControlFlowScope):
519         (JSC::BytecodeGenerator::popFinallyControlFlowScope):
520         (JSC::BytecodeGenerator::popIteratorCloseControlFlowScope):
521         (JSC::BytecodeGenerator::emitComplexPopScopes):
522         (JSC::BytecodeGenerator::emitPopScopes):
523         (JSC::BytecodeGenerator::pushLocalControlFlowScope):
524         (JSC::BytecodeGenerator::popLocalControlFlowScope):
525         (JSC::BytecodeGenerator::emitEnumeration):
526         (JSC::BytecodeGenerator::pushFinallyContext): Deleted.
527         (JSC::BytecodeGenerator::pushIteratorCloseContext): Deleted.
528         (JSC::BytecodeGenerator::popFinallyContext): Deleted.
529         (JSC::BytecodeGenerator::popIteratorCloseContext): Deleted.
530         (JSC::BytecodeGenerator::pushScopedControlFlowContext): Deleted.
531         (JSC::BytecodeGenerator::popScopedControlFlowContext): Deleted.
532         * bytecompiler/BytecodeGenerator.h:
533         * bytecompiler/NodesCodegen.cpp:
534         (JSC::TryNode::emitBytecode):
535
536 2016-12-12  Filip Pizlo  <fpizlo@apple.com>
537
538         GC scheduler should avoid consecutive pauses
539         https://bugs.webkit.org/show_bug.cgi?id=165758
540
541         Reviewed by Michael Saboff.
542         
543         This factors out the scheduler from lambdas in Heap::markToFixpoint to an actual class.
544         It's called the SpaceTimeScheduler because it is a linear controller that ties the
545         amount of time you spend on things to the amount of space you are using.
546         
547         This patch uses this refactoring to fix a bug where the GC would pause even though we
548         still had time during a mutator timeslice. This is a 15% improvement on
549         JetStream/splay-latency. Seems neutral on everything else. However, it's not at all
550         clear if this is the right policy or not since retreating wavefront can sometimes be so
551         sensitive to scheduling decisions. For this reason, there is a tunable option that lets
552         you decide how long the GC will sit idle before the start of its timeslice.
553         
554         So, we can revert this policy change in this patch without reverting the patch.
555
556         * CMakeLists.txt:
557         * JavaScriptCore.xcodeproj/project.pbxproj:
558         * heap/Heap.cpp:
559         (JSC::Heap::markToFixpoint):
560         * heap/Heap.h:
561         * heap/SpaceTimeScheduler.cpp: Added.
562         (JSC::SpaceTimeScheduler::Decision::targetMutatorUtilization):
563         (JSC::SpaceTimeScheduler::Decision::targetCollectorUtilization):
564         (JSC::SpaceTimeScheduler::Decision::elapsedInPeriod):
565         (JSC::SpaceTimeScheduler::Decision::phase):
566         (JSC::SpaceTimeScheduler::Decision::shouldBeResumed):
567         (JSC::SpaceTimeScheduler::Decision::timeToResume):
568         (JSC::SpaceTimeScheduler::Decision::timeToStop):
569         (JSC::SpaceTimeScheduler::SpaceTimeScheduler):
570         (JSC::SpaceTimeScheduler::snapPhase):
571         (JSC::SpaceTimeScheduler::currentDecision):
572         * heap/SpaceTimeScheduler.h: Added.
573         (JSC::SpaceTimeScheduler::Decision::Decision):
574         (JSC::SpaceTimeScheduler::Decision::operator bool):
575         * runtime/Options.h:
576
577 2016-12-12  Michael Saboff  <msaboff@apple.com>
578
579         REGRESSION(r209653): speedometer crashes making virtual slow path tailcalls
580         https://bugs.webkit.org/show_bug.cgi?id=165748
581
582         Reviewed by Filip Pizlo.
583
584         The virtual slow path for tailcalls always passes arguments on the stack.
585         The fix here is to link to the stack argument entrypoint instead of a register
586         argument entrypoint.
587
588         While fixing this bug, I found that we weren't clearing the code origin when
589         shuffling the call frame for a register argument tailcall.
590
591         Also rolling back in r209653, r209654, r209663, and r209673.
592
593         * jit/CallFrameShuffler.cpp:
594         (JSC::CallFrameShuffler::prepareAny):
595         * jit/ThunkGenerators.cpp:
596         (JSC::virtualThunkFor):
597
598 2016-12-12  Mark Lam  <mark.lam@apple.com>
599
600         Rename BytecodeGenerator's m_symbolTableStack to m_lexicalScopeStack.
601         https://bugs.webkit.org/show_bug.cgi?id=165768
602
603         Reviewed by Saam Barati.
604
605         The lexical scope in "m_lexicalScopeStack" here refers to a pair of { } in the
606         source code that bounds the scope of variables.
607
608         There are 4 places in the code where we call m_symbolTableStack.append() to
609         append a new stack entry.  In only 3 of the 4 cases, a symbol table is provided
610         in the new stack entry.  In all 4 cases, a scope register is provided in the new
611         stack entry.
612
613         Also, 3 of the 4 functions that appends an entry to this stack are named:
614         1. initializeVarLexicalEnvironment()
615         2. pushLexicalScopeInternal()
616         3. emitPushWithScope()
617
618         The 4th function is the BytecodeGenerator constructor where it pushes the scope
619         for a module environment.
620
621         Based on these details, m_lexicalScopeStack is a better name for this stack than
622         m_symbolTableStack.
623
624         * bytecompiler/BytecodeGenerator.cpp:
625         (JSC::BytecodeGenerator::BytecodeGenerator):
626         (JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
627         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
628         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
629         (JSC::BytecodeGenerator::initializeBlockScopedFunctions):
630         (JSC::BytecodeGenerator::hoistSloppyModeFunctionIfNecessary):
631         (JSC::BytecodeGenerator::popLexicalScopeInternal):
632         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
633         (JSC::BytecodeGenerator::variable):
634         (JSC::BytecodeGenerator::resolveType):
635         (JSC::BytecodeGenerator::emitResolveScope):
636         (JSC::BytecodeGenerator::emitPushWithScope):
637         (JSC::BytecodeGenerator::emitPopWithScope):
638         (JSC::BytecodeGenerator::pushFinallyContext):
639         (JSC::BytecodeGenerator::pushIteratorCloseContext):
640         (JSC::BytecodeGenerator::emitComplexPopScopes):
641         (JSC::BytecodeGenerator::popTryAndEmitCatch):
642         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
643         * bytecompiler/BytecodeGenerator.h:
644
645 2016-12-12  Saam Barati  <sbarati@apple.com>
646
647         Unreviewed. Try to fix the cloop build.
648
649         * interpreter/StackVisitor.cpp:
650         (JSC::StackVisitor::Frame::calleeSaveRegisters):
651         * interpreter/StackVisitor.h:
652
653 2016-12-12  Michael Saboff  <msaboff@apple.com>
654
655         FTL: Dumping disassembly requires that code origin is set when making polymorphic tail calls.
656         https://bugs.webkit.org/show_bug.cgi?id=165747
657
658         Reviewed by Filip Pizlo.
659
660         Setting the code origin needs to be done for both the fast and slow path as we might need
661         it when linking a polymorphic or virtual call stub.
662
663         * ftl/FTLLowerDFGToB3.cpp:
664         (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
665
666 2016-12-11  Saam Barati  <sbarati@apple.com>
667
668         Unreviewed. Try to fix the linux build.
669
670         * runtime/StackFrame.h:
671
672 2016-12-11  Saam Barati  <sbarati@apple.com>
673
674         We should be able to throw exceptions from Wasm code and when Wasm frames are on the stack
675         https://bugs.webkit.org/show_bug.cgi?id=165429
676
677         Reviewed by Keith Miller.
678
679         This patch teaches the stack walking runtime about wasm.
680         To do this, I taught StackVisitor that a callee is not
681         always an object.
682
683         To be able to unwind callee save registers properly, I've given
684         JSWebAssemblyCallee a list of RegisterAtOffsetList for the callee
685         saves that B3 saved in the prologue. Also, because we have two
686         B3Compilations per wasm function, one for wasm entrypoint, and
687         one for the JS entrypoint, I needed to create a callee for each
688         because they each might spill callee save registers.
689
690         I also fixed a bug inside the Wasm::Memory constructor where we
691         were trying to mmap the same number of bytes even after the first
692         mmap failed. We should start by trying to mmap the maximum bytes,
693         and if that fails, fall back to the specified initial bytes. However,
694         the code was just mmapping the maximum twice. I've fixed that and
695         also added a RELEASE_ASSERT_NOT_REACHED() for when the second mmap
696         fails along with a FIXME to throw an OOM error.
697
698         There was a second bug I fixed where JSModuleRecord was calling
699         visitWeak on its CallLinkInfos inside ::visitChldren(). It needs
700         to do this after marking. I changed JSModuleRecord to do what
701         CodeBlock does and call visitWeak on its CallLinkInfos inside
702         an UnconditionalFinalizer.
703
704         * API/JSContextRef.cpp:
705         (BacktraceFunctor::operator()):
706         * inspector/ScriptCallStackFactory.cpp:
707         (Inspector::createScriptCallStackFromException):
708         * interpreter/CallFrame.cpp:
709         (JSC::CallFrame::vmEntryGlobalObject):
710         * interpreter/CallFrame.h:
711         (JSC::ExecState::callee):
712         * interpreter/Interpreter.cpp:
713         (JSC::GetStackTraceFunctor::operator()):
714         (JSC::UnwindFunctor::operator()):
715         (JSC::UnwindFunctor::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
716         * interpreter/Interpreter.h:
717         * interpreter/ShadowChicken.cpp:
718         (JSC::ShadowChicken::update):
719         * interpreter/StackVisitor.cpp:
720         (JSC::StackVisitor::StackVisitor):
721         (JSC::StackVisitor::readFrame):
722         (JSC::StackVisitor::readNonInlinedFrame):
723         (JSC::StackVisitor::readInlinedFrame):
724         (JSC::StackVisitor::Frame::isWasmFrame):
725         (JSC::StackVisitor::Frame::codeType):
726         (JSC::StackVisitor::Frame::calleeSaveRegisters):
727         (JSC::StackVisitor::Frame::functionName):
728         (JSC::StackVisitor::Frame::sourceURL):
729         (JSC::StackVisitor::Frame::toString):
730         (JSC::StackVisitor::Frame::hasLineAndColumnInfo):
731         (JSC::StackVisitor::Frame::setToEnd):
732         * interpreter/StackVisitor.h:
733         (JSC::StackVisitor::Frame::callee):
734         (JSC::StackVisitor::Frame::isNativeFrame):
735         (JSC::StackVisitor::Frame::isJSFrame): Deleted.
736         * jsc.cpp:
737         (callWasmFunction):
738         (functionTestWasmModuleFunctions):
739         * runtime/Error.cpp:
740         (JSC::addErrorInfoAndGetBytecodeOffset):
741         * runtime/JSCell.cpp:
742         (JSC::JSCell::isAnyWasmCallee):
743         * runtime/JSCell.h:
744         * runtime/JSFunction.cpp:
745         (JSC::RetrieveArgumentsFunctor::operator()):
746         (JSC::RetrieveCallerFunctionFunctor::operator()):
747         * runtime/StackFrame.cpp:
748         (JSC::StackFrame::sourceID):
749         (JSC::StackFrame::sourceURL):
750         (JSC::StackFrame::functionName):
751         (JSC::StackFrame::computeLineAndColumn):
752         (JSC::StackFrame::toString):
753         * runtime/StackFrame.h:
754         (JSC::StackFrame::StackFrame):
755         (JSC::StackFrame::hasLineAndColumnInfo):
756         (JSC::StackFrame::hasBytecodeOffset):
757         (JSC::StackFrame::bytecodeOffset):
758         (JSC::StackFrame::isNative): Deleted.
759         * runtime/VM.h:
760         * wasm/WasmB3IRGenerator.cpp:
761         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
762         (JSC::Wasm::createJSToWasmWrapper):
763         (JSC::Wasm::parseAndCompile):
764         * wasm/WasmCallingConvention.h:
765         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
766         * wasm/WasmFormat.h:
767         * wasm/WasmMemory.cpp:
768         (JSC::Wasm::Memory::Memory):
769         * wasm/WasmMemory.h:
770         (JSC::Wasm::Memory::isValid):
771         * wasm/WasmPlan.cpp:
772         (JSC::Wasm::Plan::run):
773         (JSC::Wasm::Plan::initializeCallees):
774         * wasm/WasmPlan.h:
775         (JSC::Wasm::Plan::jsToWasmEntryPointForFunction): Deleted.
776         * wasm/js/JSWebAssemblyCallee.cpp:
777         (JSC::JSWebAssemblyCallee::finishCreation):
778         * wasm/js/JSWebAssemblyCallee.h:
779         (JSC::JSWebAssemblyCallee::create):
780         (JSC::JSWebAssemblyCallee::entrypoint):
781         (JSC::JSWebAssemblyCallee::calleeSaveRegisters):
782         (JSC::JSWebAssemblyCallee::jsToWasmEntryPoint): Deleted.
783         * wasm/js/JSWebAssemblyModule.cpp:
784         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
785         (JSC::JSWebAssemblyModule::visitChildren):
786         (JSC::JSWebAssemblyModule::UnconditionalFinalizer::finalizeUnconditionally):
787         * wasm/js/JSWebAssemblyModule.h:
788         (JSC::JSWebAssemblyModule::jsEntrypointCalleeFromFunctionIndexSpace):
789         (JSC::JSWebAssemblyModule::wasmEntrypointCalleeFromFunctionIndexSpace):
790         (JSC::JSWebAssemblyModule::setJSEntrypointCallee):
791         (JSC::JSWebAssemblyModule::setWasmEntrypointCallee):
792         (JSC::JSWebAssemblyModule::allocationSize):
793         (JSC::JSWebAssemblyModule::calleeFromFunctionIndexSpace): Deleted.
794         * wasm/js/JSWebAssemblyRuntimeError.h:
795         * wasm/js/WebAssemblyFunction.cpp:
796         (JSC::WebAssemblyFunction::call):
797         * wasm/js/WebAssemblyInstanceConstructor.cpp:
798         (JSC::constructJSWebAssemblyInstance):
799         * wasm/js/WebAssemblyMemoryConstructor.cpp:
800         (JSC::constructJSWebAssemblyMemory):
801         * wasm/js/WebAssemblyModuleConstructor.cpp:
802         (JSC::constructJSWebAssemblyModule):
803         * wasm/js/WebAssemblyModuleRecord.cpp:
804         (JSC::WebAssemblyModuleRecord::link):
805
806 2016-12-11  Filip Pizlo  <fpizlo@apple.com>
807
808         Re-enable concurrent GC.
809
810         Rubber stampted by Saam Barati.
811         
812         This change actually landed in r209692 by accident.
813
814         * runtime/Options.h:
815
816 2016-12-10  Filip Pizlo  <fpizlo@apple.com>
817
818         MarkedBlock::marksConveyLivenessDuringMarking should take into account collection scope
819         https://bugs.webkit.org/show_bug.cgi?id=165741
820
821         Reviewed by Saam Barati.
822         
823         MarkedBlock::marksConveyLivenessDuringMarking thought that the off-by-one marking
824         version indicated liveness during any collection when it's just during full collection.
825         One of its users - MarkedBlock::sweep - knew this and had a special case, but the other
826         one - MarkedBlock::isLive - didn't. So, I moved the special case into
827         marksConveyLivenessDuringMarking.
828         
829         Also, this cleans up some remaining bitvector races.
830         
831         To find this bug, I significantly strengthened our assertions.
832
833         * CMakeLists.txt:
834         * JavaScriptCore.xcodeproj/project.pbxproj:
835         * heap/CellContainer.cpp: Added.
836         (JSC::CellContainer::isNewlyAllocated):
837         * heap/CellContainer.h:
838         * heap/MarkedAllocator.cpp:
839         (JSC::MarkedAllocator::addBlock):
840         (JSC::MarkedAllocator::removeBlock):
841         (JSC::MarkedAllocator::dumpBits):
842         * heap/MarkedAllocator.h:
843         (JSC::MarkedAllocator::forEachBitVector):
844         (JSC::MarkedAllocator::forEachBitVectorWithName):
845         * heap/MarkedBlock.cpp:
846         (JSC::MarkedBlock::tryCreate):
847         (JSC::MarkedBlock::Handle::~Handle):
848         (JSC::MarkedBlock::MarkedBlock):
849         (JSC::MarkedBlock::Handle::specializedSweep):
850         (JSC::MarkedBlock::Handle::sweepHelperSelectMarksMode):
851         (JSC::MarkedBlock::Handle::stopAllocating):
852         (JSC::MarkedBlock::Handle::resumeAllocating):
853         (JSC::MarkedBlock::aboutToMarkSlow):
854         (JSC::MarkedBlock::Handle::didConsumeFreeList):
855         (JSC::MarkedBlock::Handle::dumpState):
856         * heap/MarkedBlock.h:
857         (JSC::MarkedBlock::markingVersion):
858         (JSC::MarkedBlock::isMarkedRaw):
859         (JSC::MarkedBlock::isMarked):
860         * heap/MarkedBlockInlines.h:
861         (JSC::MarkedBlock::marksConveyLivenessDuringMarking):
862         * heap/SlotVisitor.cpp:
863         (JSC::SlotVisitor::appendJSCellOrAuxiliary):
864         * runtime/Options.cpp:
865         (JSC::recomputeDependentOptions):
866         * runtime/StructureIDTable.h:
867         (JSC::StructureIDTable::size):
868         (JSC::StructureIDTable::get):
869
870 2016-12-10  Filip Pizlo  <fpizlo@apple.com>
871
872         The DOM should have an advancing wavefront opaque root barrier
873         https://bugs.webkit.org/show_bug.cgi?id=165712
874
875         Reviewed by Yusuke Suzuki.
876         
877         This exposes the ability to fire an advancing wavefront barrier on opaque roots. It also
878         gives clients the ability to maintain their own cache of whether that barrier needs to
879         be enabled.
880         
881         The DOM uses this to enable a very cheap barrier on the DOM. This is neutral on
882         Speedometer and fixes another concurrent GC crash.
883
884         * heap/Heap.cpp:
885         (JSC::Heap::beginMarking):
886         (JSC::Heap::endMarking):
887         (JSC::Heap::writeBarrierOpaqueRootSlow):
888         (JSC::Heap::addMutatorShouldBeFencedCache):
889         (JSC::Heap::setMutatorShouldBeFenced):
890         * heap/Heap.h:
891         * heap/HeapInlines.h:
892         (JSC::writeBarrierOpaqueRoot):
893
894 2016-12-10  Commit Queue  <commit-queue@webkit.org>
895
896         Unreviewed, rolling out r209653, r209654, r209663, and
897         r209673.
898         https://bugs.webkit.org/show_bug.cgi?id=165739
899
900         speedometer crashes (Requested by pizlo on #webkit).
901
902         Reverted changesets:
903
904         "JSVALUE64: Pass arguments in platform argument registers when
905         making JavaScript calls"
906         https://bugs.webkit.org/show_bug.cgi?id=160355
907         http://trac.webkit.org/changeset/209653
908
909         "Unreviewed build fix for 32 bit builds."
910         http://trac.webkit.org/changeset/209654
911
912         "Unreviewed build fix for the CLOOP after r209653"
913         http://trac.webkit.org/changeset/209663
914
915         "REGRESSION(r209653) Crash in CallFrameShuffler::snapshot()"
916         https://bugs.webkit.org/show_bug.cgi?id=165728
917         http://trac.webkit.org/changeset/209673
918
919 2016-12-10  Michael Saboff  <msaboff@apple.com>
920
921         REGRESSION(r209653) Crash in CallFrameShuffler::snapshot()
922         https://bugs.webkit.org/show_bug.cgi?id=165728
923
924         Reviewed by Filip Pizlo.
925
926         It can be the case that a JSValueReg's CachedRecovery is the source for mutliple
927         GPRs. We only store the CachedRecovery in one slot of m_newRegisters to simplify
928         the recovery process. This is also done for the case where the recovery source
929         and destination are the same GPR.
930
931         In light of this change, snapshot needs to be taught that one CacheRecovery is
932         the source for multiple registers.  This is done by using a two step process.
933         First find all the argument CachedRecovery's and create a vector mapping all of
934         the target GPRs and the source recovery.  Then use that vector to get the
935         recovery for each register.
936
937         * jit/CallFrameShuffler.h:
938         (JSC::CallFrameShuffler::snapshot):
939
940 2016-12-10  Keith Miller  <keith_miller@apple.com>
941
942         Fix indirect_call if the result type is used.
943         https://bugs.webkit.org/show_bug.cgi?id=165727
944
945         Reviewed by Michael Saboff.
946
947         The patchpoint for indirect_call assumed that the callee would be
948         in params[0]. This is not the case, however, if the callee returns
949         a value.
950
951         * wasm/WasmB3IRGenerator.cpp:
952         (JSC::Wasm::B3IRGenerator::addCallIndirect):
953
954 2016-12-10  Konstantin Tokarev  <annulen@yandex.ru>
955
956         [cmake] Include WTF, JSC, and WebCore headers automatically to targers using them
957         https://bugs.webkit.org/show_bug.cgi?id=165686
958
959         Reviewed by Michael Catanzaro.
960
961         This change reduces duplication of include path lists between modules,
962         and reduces future need for fixes like r209605 (broken build because of
963         WebCore header suddenly becoming used in WebKit2).
964
965         * CMakeLists.txt:
966         * PlatformEfl.cmake:
967         * PlatformGTK.cmake:
968         * PlatformJSCOnly.cmake:
969         * PlatformMac.cmake:
970
971 2016-12-10  Michael Saboff  <msaboff@apple.com>
972
973         Unreviewed build fix for the CLOOP after r209653
974
975         * jit/GPRInfo.h:
976         Provided a definition for NUMBER_OF_JS_FUNCTION_ARGUMENT_REGISTERS when the JIT is disabled.
977         * jit/JITEntryPoints.h:
978         Removed #if ENABLE(JIT) protection around contents.
979
980 2016-12-10  Yusuke Suzuki  <utatane.tea@gmail.com>
981
982         [JSC] Module namespace object behaves like immutable prototype exotic object
983         https://bugs.webkit.org/show_bug.cgi?id=165598
984
985         Reviewed by Mark Lam.
986
987         In the latest ECMA262 draft, the module namespace object behaves like immutable prototype exotic object.
988         https://tc39.github.io/ecma262/#sec-module-namespace-exotic-objects-setprototypeof-v
989
990         * runtime/JSModuleNamespaceObject.h:
991
992 2016-12-10  Yusuke Suzuki  <utatane.tea@gmail.com>
993
994         REGRESSION(r208791): Assertion in testb3
995         https://bugs.webkit.org/show_bug.cgi?id=165651
996
997         Reviewed by Saam Barati.
998
999         Accidentally we always use edx/rdx for the result of UDiv/UMod.
1000         But it is incorrect. We should use eax/rax for the result of UDiv.
1001
1002         * b3/B3LowerToAir.cpp:
1003         (JSC::B3::Air::LowerToAir::lowerX86UDiv):
1004
1005 2016-12-09  Michael Saboff  <msaboff@apple.com>
1006
1007         Unreviewed build fix for 32 bit builds.
1008
1009         * dfg/DFGMinifiedNode.h:
1010         (JSC::DFG::MinifiedNode::argumentIndex): Added a static_cast<unsigned>().
1011
1012 2016-12-09  Michael Saboff  <msaboff@apple.com>
1013
1014         JSVALUE64: Pass arguments in platform argument registers when making JavaScript calls
1015         https://bugs.webkit.org/show_bug.cgi?id=160355
1016
1017         Reviewed by Filip Pizlo.
1018
1019         This patch implements passing JavaScript function arguments in registers for 64 bit platforms.
1020
1021         The implemented convention follows the ABI conventions for the associated platform.
1022         The first two arguments are the callee and argument count, the rest of the argument registers
1023         contain "this" and following argument until all platform argument registers are exhausted.
1024         Arguments beyond what fit in registers are placed on the stack in the same location as
1025         before this patch.
1026
1027         For X86-64 non-Windows platforms, there are 6 argument registers specified in the related ABI.
1028         ARM64 has had argument registers.  This allows for 4 or 6 parameter values to be placed in
1029         registers on these respective platforms.  This patch doesn't implement passing arguments in
1030         registers for 32 bit platform, since most platforms have at most 4 argument registers
1031         specified and 32 bit platforms use two 32 bit registers/memory locations to store one JSValue.
1032
1033         The call frame on the stack in unchanged in format and the arguments that are passed in
1034         registers use the corresponding call frame location as a spill location. Arguments can
1035         also be passed on the stack. The LLInt, baseline JIT'ed code as well as the initial entry
1036         from C++ code base arguments on the stack. DFG s and FTL generated code pass arguments
1037         via registers. All callees can accept arguments either in registers or on the stack.
1038         The callee is responsible for moving argument to its preferred location.
1039
1040         The multiple entry points to JavaSCript code is now handled via the JITEntryPoints class and
1041         related code.  That class now has entries for StackArgsArityCheckNotRequired,
1042         StackArgsMustCheckArity and for platforms that support registers arguments,
1043         RegisterArgsArityCheckNotRequired, RegisterArgsMustCheckArity as well as and additional
1044         RegisterArgsPossibleExtraArgs entry point when extra registers argument are passed.
1045         This last case is needed to spill those extra arguments to the corresponding call frame
1046         slots.
1047
1048         * JavaScriptCore.xcodeproj/project.pbxproj:
1049         * b3/B3ArgumentRegValue.h:
1050         * b3/B3Validate.cpp:
1051         * bytecode/CallLinkInfo.cpp:
1052         (JSC::CallLinkInfo::CallLinkInfo):
1053         * bytecode/CallLinkInfo.h:
1054         (JSC::CallLinkInfo::setUpCall):
1055         (JSC::CallLinkInfo::argumentsLocation):
1056         (JSC::CallLinkInfo::argumentsInRegisters):
1057         * bytecode/PolymorphicAccess.cpp:
1058         (JSC::AccessCase::generateImpl):
1059         * dfg/DFGAbstractInterpreterInlines.h:
1060         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1061         * dfg/DFGByteCodeParser.cpp:
1062         (JSC::DFG::ByteCodeParser::parseBlock):
1063         * dfg/DFGCPSRethreadingPhase.cpp:
1064         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
1065         (JSC::DFG::CPSRethreadingPhase::specialCaseArguments):
1066         (JSC::DFG::CPSRethreadingPhase::computeIsFlushed):
1067         * dfg/DFGClobberize.h:
1068         (JSC::DFG::clobberize):
1069         * dfg/DFGCommon.h:
1070         * dfg/DFGDCEPhase.cpp:
1071         (JSC::DFG::DCEPhase::run):
1072         * dfg/DFGDoesGC.cpp:
1073         (JSC::DFG::doesGC):
1074         * dfg/DFGDriver.cpp:
1075         (JSC::DFG::compileImpl):
1076         * dfg/DFGFixupPhase.cpp:
1077         (JSC::DFG::FixupPhase::fixupNode):
1078         * dfg/DFGGenerationInfo.h:
1079         (JSC::DFG::GenerationInfo::initArgumentRegisterValue):
1080         * dfg/DFGGraph.cpp:
1081         (JSC::DFG::Graph::dump):
1082         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1083         * dfg/DFGGraph.h:
1084         (JSC::DFG::Graph::needsFlushedThis):
1085         (JSC::DFG::Graph::addImmediateShouldSpeculateInt32):
1086         * dfg/DFGInPlaceAbstractState.cpp:
1087         (JSC::DFG::InPlaceAbstractState::initialize):
1088         * dfg/DFGJITCompiler.cpp:
1089         (JSC::DFG::JITCompiler::link):
1090         (JSC::DFG::JITCompiler::compile):
1091         (JSC::DFG::JITCompiler::compileFunction):
1092         (JSC::DFG::JITCompiler::compileEntry): Deleted.
1093         * dfg/DFGJITCompiler.h:
1094         (JSC::DFG::JITCompiler::addJSDirectCall):
1095         (JSC::DFG::JITCompiler::JSDirectCallRecord::JSDirectCallRecord):
1096         (JSC::DFG::JITCompiler::JSDirectCallRecord::hasSlowCall):
1097         * dfg/DFGJITFinalizer.cpp:
1098         (JSC::DFG::JITFinalizer::JITFinalizer):
1099         (JSC::DFG::JITFinalizer::finalize):
1100         (JSC::DFG::JITFinalizer::finalizeFunction):
1101         * dfg/DFGJITFinalizer.h:
1102         * dfg/DFGLiveCatchVariablePreservationPhase.cpp:
1103         (JSC::DFG::LiveCatchVariablePreservationPhase::handleBlock):
1104         * dfg/DFGMaximalFlushInsertionPhase.cpp:
1105         (JSC::DFG::MaximalFlushInsertionPhase::treatRegularBlock):
1106         (JSC::DFG::MaximalFlushInsertionPhase::treatRootBlock):
1107         * dfg/DFGMayExit.cpp:
1108         * dfg/DFGMinifiedNode.cpp:
1109         (JSC::DFG::MinifiedNode::fromNode):
1110         * dfg/DFGMinifiedNode.h:
1111         (JSC::DFG::belongsInMinifiedGraph):
1112         * dfg/DFGNode.cpp:
1113         (JSC::DFG::Node::hasVariableAccessData):
1114         * dfg/DFGNode.h:
1115         (JSC::DFG::Node::accessesStack):
1116         (JSC::DFG::Node::setVariableAccessData):
1117         (JSC::DFG::Node::hasArgumentRegisterIndex):
1118         (JSC::DFG::Node::argumentRegisterIndex):
1119         * dfg/DFGNodeType.h:
1120         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
1121         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
1122         * dfg/DFGOSREntrypointCreationPhase.cpp:
1123         (JSC::DFG::OSREntrypointCreationPhase::run):
1124         * dfg/DFGPlan.cpp:
1125         (JSC::DFG::Plan::compileInThreadImpl):
1126         * dfg/DFGPreciseLocalClobberize.h:
1127         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
1128         * dfg/DFGPredictionInjectionPhase.cpp:
1129         (JSC::DFG::PredictionInjectionPhase::run):
1130         * dfg/DFGPredictionPropagationPhase.cpp:
1131         * dfg/DFGPutStackSinkingPhase.cpp:
1132         * dfg/DFGRegisterBank.h:
1133         (JSC::DFG::RegisterBank::iterator::unlock):
1134         (JSC::DFG::RegisterBank::unlockAtIndex):
1135         * dfg/DFGSSAConversionPhase.cpp:
1136         (JSC::DFG::SSAConversionPhase::run):
1137         * dfg/DFGSafeToExecute.h:
1138         (JSC::DFG::safeToExecute):
1139         * dfg/DFGSpeculativeJIT.cpp:
1140         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
1141         (JSC::DFG::SpeculativeJIT::clearGenerationInfo):
1142         (JSC::DFG::dumpRegisterInfo):
1143         (JSC::DFG::SpeculativeJIT::dump):
1144         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
1145         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1146         (JSC::DFG::SpeculativeJIT::setupArgumentRegistersForEntry):
1147         (JSC::DFG::SpeculativeJIT::compile):
1148         * dfg/DFGSpeculativeJIT.h:
1149         (JSC::DFG::SpeculativeJIT::allocate):
1150         (JSC::DFG::SpeculativeJIT::spill):
1151         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
1152         (JSC::DFG::JSValueOperand::JSValueOperand):
1153         (JSC::DFG::JSValueOperand::gprUseSpecific):
1154         * dfg/DFGSpeculativeJIT32_64.cpp:
1155         (JSC::DFG::SpeculativeJIT::emitCall):
1156         (JSC::DFG::SpeculativeJIT::compile):
1157         * dfg/DFGSpeculativeJIT64.cpp:
1158         (JSC::DFG::SpeculativeJIT::fillJSValue):
1159         (JSC::DFG::SpeculativeJIT::emitCall):
1160         (JSC::DFG::SpeculativeJIT::compile):
1161         * dfg/DFGStrengthReductionPhase.cpp:
1162         (JSC::DFG::StrengthReductionPhase::handleNode):
1163         * dfg/DFGThunks.cpp:
1164         (JSC::DFG::osrEntryThunkGenerator):
1165         * dfg/DFGVariableEventStream.cpp:
1166         (JSC::DFG::VariableEventStream::reconstruct):
1167         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1168         (JSC::DFG::VirtualRegisterAllocationPhase::allocateRegister):
1169         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1170         * ftl/FTLCapabilities.cpp:
1171         (JSC::FTL::canCompile):
1172         * ftl/FTLJITCode.cpp:
1173         (JSC::FTL::JITCode::~JITCode):
1174         (JSC::FTL::JITCode::initializeEntrypointThunk):
1175         (JSC::FTL::JITCode::setEntryFor):
1176         (JSC::FTL::JITCode::addressForCall):
1177         (JSC::FTL::JITCode::executableAddressAtOffset):
1178         (JSC::FTL::JITCode::initializeAddressForCall): Deleted.
1179         (JSC::FTL::JITCode::initializeArityCheckEntrypoint): Deleted.
1180         * ftl/FTLJITCode.h:
1181         * ftl/FTLJITFinalizer.cpp:
1182         (JSC::FTL::JITFinalizer::finalizeFunction):
1183         * ftl/FTLLink.cpp:
1184         (JSC::FTL::link):
1185         * ftl/FTLLowerDFGToB3.cpp:
1186         (JSC::FTL::DFG::LowerDFGToB3::lower):
1187         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1188         (JSC::FTL::DFG::LowerDFGToB3::compileGetArgumentRegister):
1189         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
1190         (JSC::FTL::DFG::LowerDFGToB3::compileDirectCallOrConstruct):
1191         (JSC::FTL::DFG::LowerDFGToB3::compileTailCall):
1192         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
1193         (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
1194         (JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
1195         * ftl/FTLOSREntry.cpp:
1196         (JSC::FTL::prepareOSREntry):
1197         * ftl/FTLOutput.cpp:
1198         (JSC::FTL::Output::argumentRegister):
1199         (JSC::FTL::Output::argumentRegisterInt32):
1200         * ftl/FTLOutput.h:
1201         * interpreter/ShadowChicken.cpp:
1202         (JSC::ShadowChicken::update):
1203         * jit/AssemblyHelpers.cpp:
1204         (JSC::AssemblyHelpers::emitDumbVirtualCall):
1205         * jit/AssemblyHelpers.h:
1206         (JSC::AssemblyHelpers::spillArgumentRegistersToFrameBeforePrologue):
1207         (JSC::AssemblyHelpers::spillArgumentRegistersToFrame):
1208         (JSC::AssemblyHelpers::fillArgumentRegistersFromFrameBeforePrologue):
1209         (JSC::AssemblyHelpers::emitPutArgumentToCallFrameBeforePrologue):
1210         (JSC::AssemblyHelpers::emitPutArgumentToCallFrame):
1211         (JSC::AssemblyHelpers::emitGetFromCallFrameHeaderBeforePrologue):
1212         (JSC::AssemblyHelpers::emitGetFromCallFrameArgumentBeforePrologue):
1213         (JSC::AssemblyHelpers::emitGetPayloadFromCallFrameHeaderBeforePrologue):
1214         (JSC::AssemblyHelpers::incrementCounter):
1215         * jit/CachedRecovery.cpp:
1216         (JSC::CachedRecovery::addTargetJSValueRegs):
1217         * jit/CachedRecovery.h:
1218         (JSC::CachedRecovery::gprTargets):
1219         (JSC::CachedRecovery::setWantedFPR):
1220         (JSC::CachedRecovery::wantedJSValueRegs):
1221         (JSC::CachedRecovery::setWantedJSValueRegs): Deleted.
1222         * jit/CallFrameShuffleData.h:
1223         * jit/CallFrameShuffler.cpp:
1224         (JSC::CallFrameShuffler::CallFrameShuffler):
1225         (JSC::CallFrameShuffler::dump):
1226         (JSC::CallFrameShuffler::tryWrites):
1227         (JSC::CallFrameShuffler::prepareAny):
1228         * jit/CallFrameShuffler.h:
1229         (JSC::CallFrameShuffler::snapshot):
1230         (JSC::CallFrameShuffler::addNew):
1231         (JSC::CallFrameShuffler::initDangerFrontier):
1232         (JSC::CallFrameShuffler::updateDangerFrontier):
1233         (JSC::CallFrameShuffler::findDangerFrontierFrom):
1234         * jit/CallFrameShuffler64.cpp:
1235         (JSC::CallFrameShuffler::emitDisplace):
1236         * jit/GPRInfo.h:
1237         (JSC::JSValueRegs::operator==):
1238         (JSC::JSValueRegs::operator!=):
1239         (JSC::GPRInfo::toArgumentIndex):
1240         (JSC::argumentRegisterFor):
1241         (JSC::argumentRegisterForCallee):
1242         (JSC::argumentRegisterForArgumentCount):
1243         (JSC::argumentRegisterIndexForJSFunctionArgument):
1244         (JSC::jsFunctionArgumentForArgumentRegister):
1245         (JSC::argumentRegisterForFunctionArgument):
1246         (JSC::numberOfRegisterArgumentsFor):
1247         * jit/JIT.cpp:
1248         (JSC::JIT::compileWithoutLinking):
1249         (JSC::JIT::link):
1250         (JSC::JIT::compileCTINativeCall): Deleted.
1251         * jit/JIT.h:
1252         (JSC::JIT::compileNativeCallEntryPoints):
1253         * jit/JITCall.cpp:
1254         (JSC::JIT::compileSetupVarargsFrame):
1255         (JSC::JIT::compileCallEval):
1256         (JSC::JIT::compileCallEvalSlowCase):
1257         (JSC::JIT::compileOpCall):
1258         (JSC::JIT::compileOpCallSlowCase):
1259         * jit/JITCall32_64.cpp:
1260         (JSC::JIT::compileCallEvalSlowCase):
1261         (JSC::JIT::compileOpCall):
1262         (JSC::JIT::compileOpCallSlowCase):
1263         * jit/JITCode.cpp:
1264         (JSC::JITCode::execute):
1265         (JSC::DirectJITCode::DirectJITCode):
1266         (JSC::DirectJITCode::initializeEntryPoints):
1267         (JSC::DirectJITCode::addressForCall):
1268         (JSC::NativeJITCode::addressForCall):
1269         (JSC::DirectJITCode::initializeCodeRef): Deleted.
1270         * jit/JITCode.h:
1271         (JSC::JITCode::executableAddress): Deleted.
1272         * jit/JITEntryPoints.h: Added.
1273         (JSC::JITEntryPoints::JITEntryPoints):
1274         (JSC::JITEntryPoints::entryFor):
1275         (JSC::JITEntryPoints::setEntryFor):
1276         (JSC::JITEntryPoints::offsetOfEntryFor):
1277         (JSC::JITEntryPoints::registerEntryTypeForArgumentCount):
1278         (JSC::JITEntryPoints::registerEntryTypeForArgumentType):
1279         (JSC::JITEntryPoints::clearEntries):
1280         (JSC::JITEntryPoints::operator=):
1281         (JSC::JITEntryPointsWithRef::JITEntryPointsWithRef):
1282         (JSC::JITEntryPointsWithRef::codeRef):
1283         (JSC::argumentsLocationFor):
1284         (JSC::registerEntryPointTypeFor):
1285         (JSC::entryPointTypeFor):
1286         (JSC::thunkEntryPointTypeFor):
1287         (JSC::JITJSCallThunkEntryPointsWithRef::JITJSCallThunkEntryPointsWithRef):
1288         (JSC::JITJSCallThunkEntryPointsWithRef::entryFor):
1289         (JSC::JITJSCallThunkEntryPointsWithRef::setEntryFor):
1290         (JSC::JITJSCallThunkEntryPointsWithRef::offsetOfEntryFor):
1291         (JSC::JITJSCallThunkEntryPointsWithRef::clearEntries):
1292         (JSC::JITJSCallThunkEntryPointsWithRef::codeRef):
1293         (JSC::JITJSCallThunkEntryPointsWithRef::operator=):
1294         * jit/JITOpcodes.cpp:
1295         (JSC::JIT::privateCompileJITEntryNativeCall):
1296         (JSC::JIT::privateCompileCTINativeCall): Deleted.
1297         * jit/JITOpcodes32_64.cpp:
1298         (JSC::JIT::privateCompileJITEntryNativeCall):
1299         (JSC::JIT::privateCompileCTINativeCall): Deleted.
1300         * jit/JITOperations.cpp:
1301         * jit/JITThunks.cpp:
1302         (JSC::JITThunks::jitEntryNativeCall):
1303         (JSC::JITThunks::jitEntryNativeConstruct):
1304         (JSC::JITThunks::jitEntryStub):
1305         (JSC::JITThunks::jitCallThunkEntryStub):
1306         (JSC::JITThunks::hostFunctionStub):
1307         (JSC::JITThunks::ctiNativeCall): Deleted.
1308         (JSC::JITThunks::ctiNativeConstruct): Deleted.
1309         * jit/JITThunks.h:
1310         * jit/JSInterfaceJIT.h:
1311         (JSC::JSInterfaceJIT::emitJumpIfNotInt32):
1312         (JSC::JSInterfaceJIT::emitLoadInt32):
1313         * jit/RegisterSet.cpp:
1314         (JSC::RegisterSet::argumentRegisters):
1315         * jit/RegisterSet.h:
1316         * jit/Repatch.cpp:
1317         (JSC::linkSlowFor):
1318         (JSC::revertCall):
1319         (JSC::unlinkFor):
1320         (JSC::linkVirtualFor):
1321         (JSC::linkPolymorphicCall):
1322         * jit/SpecializedThunkJIT.h:
1323         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
1324         (JSC::SpecializedThunkJIT::checkJSStringArgument):
1325         (JSC::SpecializedThunkJIT::linkFailureHere):
1326         (JSC::SpecializedThunkJIT::finalize):
1327         * jit/ThunkGenerator.h:
1328         * jit/ThunkGenerators.cpp:
1329         (JSC::createRegisterArgumentsSpillEntry):
1330         (JSC::slowPathFor):
1331         (JSC::linkCallThunkGenerator):
1332         (JSC::linkDirectCallThunkGenerator):
1333         (JSC::linkPolymorphicCallThunkGenerator):
1334         (JSC::virtualThunkFor):
1335         (JSC::nativeForGenerator):
1336         (JSC::nativeCallGenerator):
1337         (JSC::nativeTailCallGenerator):
1338         (JSC::nativeTailCallWithoutSavedTagsGenerator):
1339         (JSC::nativeConstructGenerator):
1340         (JSC::stringCharLoadRegCall):
1341         (JSC::charCodeAtThunkGenerator):
1342         (JSC::charAtThunkGenerator):
1343         (JSC::fromCharCodeThunkGenerator):
1344         (JSC::clz32ThunkGenerator):
1345         (JSC::sqrtThunkGenerator):
1346         (JSC::floorThunkGenerator):
1347         (JSC::ceilThunkGenerator):
1348         (JSC::truncThunkGenerator):
1349         (JSC::roundThunkGenerator):
1350         (JSC::expThunkGenerator):
1351         (JSC::logThunkGenerator):
1352         (JSC::absThunkGenerator):
1353         (JSC::imulThunkGenerator):
1354         (JSC::randomThunkGenerator):
1355         (JSC::boundThisNoArgsFunctionCallGenerator):
1356         * jit/ThunkGenerators.h:
1357         * jsc.cpp:
1358         (jscmain):
1359         * llint/LLIntEntrypoint.cpp:
1360         (JSC::LLInt::setFunctionEntrypoint):
1361         (JSC::LLInt::setEvalEntrypoint):
1362         (JSC::LLInt::setProgramEntrypoint):
1363         (JSC::LLInt::setModuleProgramEntrypoint):
1364         * llint/LLIntSlowPaths.cpp:
1365         (JSC::LLInt::entryOSR):
1366         (JSC::LLInt::setUpCall):
1367         * llint/LLIntThunks.cpp:
1368         (JSC::LLInt::generateThunkWithJumpTo):
1369         (JSC::LLInt::functionForRegisterCallEntryThunkGenerator):
1370         (JSC::LLInt::functionForStackCallEntryThunkGenerator):
1371         (JSC::LLInt::functionForRegisterConstructEntryThunkGenerator):
1372         (JSC::LLInt::functionForStackConstructEntryThunkGenerator):
1373         (JSC::LLInt::functionForRegisterCallArityCheckThunkGenerator):
1374         (JSC::LLInt::functionForStackCallArityCheckThunkGenerator):
1375         (JSC::LLInt::functionForRegisterConstructArityCheckThunkGenerator):
1376         (JSC::LLInt::functionForStackConstructArityCheckThunkGenerator):
1377         (JSC::LLInt::functionForCallEntryThunkGenerator): Deleted.
1378         (JSC::LLInt::functionForConstructEntryThunkGenerator): Deleted.
1379         (JSC::LLInt::functionForCallArityCheckThunkGenerator): Deleted.
1380         (JSC::LLInt::functionForConstructArityCheckThunkGenerator): Deleted.
1381         * llint/LLIntThunks.h:
1382         * runtime/ArityCheckMode.h:
1383         * runtime/ExecutableBase.cpp:
1384         (JSC::ExecutableBase::clearCode):
1385         * runtime/ExecutableBase.h:
1386         (JSC::ExecutableBase::entrypointFor):
1387         (JSC::ExecutableBase::offsetOfEntryFor):
1388         (JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor): Deleted.
1389         * runtime/JSBoundFunction.cpp:
1390         (JSC::boundThisNoArgsFunctionCall):
1391         * runtime/NativeExecutable.cpp:
1392         (JSC::NativeExecutable::finishCreation):
1393         * runtime/ScriptExecutable.cpp:
1394         (JSC::ScriptExecutable::installCode):
1395         * runtime/VM.cpp:
1396         (JSC::VM::VM):
1397         (JSC::thunkGeneratorForIntrinsic):
1398         (JSC::VM::clearCounters):
1399         (JSC::VM::dumpCounters):
1400         * runtime/VM.h:
1401         (JSC::VM::getJITEntryStub):
1402         (JSC::VM::getJITCallThunkEntryStub):
1403         (JSC::VM::addressOfCounter):
1404         (JSC::VM::counterFor):
1405         * wasm/WasmBinding.cpp:
1406         (JSC::Wasm::importStubGenerator):
1407
1408 2016-12-09  Keith Miller  <keith_miller@apple.com>
1409
1410         Wasm should support call_indirect
1411         https://bugs.webkit.org/show_bug.cgi?id=165718
1412
1413         Reviewed by Filip Pizlo.
1414
1415         This patch adds support for call_indirect. The basic framework for
1416         an indirect call is that the module holds a buffer containing a
1417         stub for each function in the index space. Whenever a function
1418         needs to do an indirect call it gets a index into that table. In
1419         order to ensure call_indirect is calling a valid function the
1420         functionIndexSpace also needs a pointer to a canonicalized
1421         signature. When making an indirect call, we first check the index
1422         is in range, then check the signature matches the value we were given.
1423
1424         This patch also differentiates between FunctionIndexSpaces and
1425         ImmutableFunctionIndexSpaces. Since we don't know the size of the
1426         FunctionIndexSpace when we start parsing we need to be able to
1427         resize the IndexSpace. However, once we have finished parsing all
1428         the sections we want to prevent an relocation of the function
1429         index space pointer.
1430
1431         * wasm/WasmB3IRGenerator.cpp:
1432         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1433         (JSC::Wasm::B3IRGenerator::addCall):
1434         (JSC::Wasm::B3IRGenerator::addCallIndirect):
1435         (JSC::Wasm::createJSToWasmWrapper):
1436         (JSC::Wasm::parseAndCompile):
1437         * wasm/WasmB3IRGenerator.h:
1438         * wasm/WasmCallingConvention.h:
1439         (JSC::Wasm::CallingConvention::setupCall):
1440         * wasm/WasmFormat.h:
1441         * wasm/WasmFunctionParser.h:
1442         (JSC::Wasm::FunctionParser::setErrorMessage):
1443         (JSC::Wasm::FunctionParser<Context>::FunctionParser):
1444         (JSC::Wasm::FunctionParser<Context>::parseExpression):
1445         * wasm/WasmPlan.cpp:
1446         (JSC::Wasm::Plan::run):
1447         * wasm/WasmPlan.h:
1448         (JSC::Wasm::Plan::takeFunctionIndexSpace):
1449         * wasm/WasmValidate.cpp:
1450         (JSC::Wasm::Validate::addCallIndirect):
1451         (JSC::Wasm::validateFunction):
1452         * wasm/WasmValidate.h:
1453         * wasm/js/JSWebAssemblyModule.cpp:
1454         (JSC::JSWebAssemblyModule::create):
1455         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
1456         * wasm/js/JSWebAssemblyModule.h:
1457         (JSC::JSWebAssemblyModule::signatureForFunctionIndexSpace):
1458         (JSC::JSWebAssemblyModule::offsetOfFunctionIndexSpace):
1459
1460 2016-12-09  JF Bastien  <jfbastien@apple.com>
1461
1462         WebAssembly: implement data section
1463         https://bugs.webkit.org/show_bug.cgi?id=165696
1464
1465         Reviewed by Keith Miller.
1466
1467         As specified in https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#data-section
1468         Note that some of the interesting corner cases are ill-defined by the spec: https://github.com/WebAssembly/design/issues/897
1469
1470         * wasm/WasmFormat.h: segments are what represent sections of memory to initialize (similar to ELF's non-zero intializer data / rodata)
1471         (JSC::Wasm::Segment::make):
1472         (JSC::Wasm::Segment::destroy):
1473         (JSC::Wasm::Segment::byte):
1474         (JSC::Wasm::Segment::makePtr):
1475         * wasm/WasmModuleParser.cpp: parse the data section, and prevent a few overflows if a user passes in UINT_MAX (the loops would overflow)
1476         (JSC::Wasm::ModuleParser::parseType):
1477         (JSC::Wasm::ModuleParser::parseImport):
1478         (JSC::Wasm::ModuleParser::parseFunction):
1479         (JSC::Wasm::ModuleParser::parseExport):
1480         (JSC::Wasm::ModuleParser::parseCode):
1481         (JSC::Wasm::ModuleParser::parseData):
1482         * wasm/js/WebAssemblyModuleRecord.cpp:
1483         (JSC::WebAssemblyModuleRecord::evaluate): the only sensible time to initialize the data section is after linking, but before calling start, I test for this but the spec isn't clear it's correct yet
1484
1485 2016-12-09  Karim H  <karim@karhm.com>
1486
1487         It is okay to turn undefined into null because we are producing values for a
1488         JSON representation (InspectorValue) and JSON has a `null` value and no
1489         `undefined` value.
1490         https://bugs.webkit.org/show_bug.cgi?id=165506
1491
1492         Reviewed by Darin Adler.
1493
1494         * bindings/ScriptValue.cpp:
1495         (Inspector::jsToInspectorValue):
1496
1497 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
1498
1499         REGRESSION (r209554-209571): stress/poly-setter-combo crashing
1500         https://bugs.webkit.org/show_bug.cgi?id=165669
1501
1502         Reviewed by Geoffrey Garen.
1503         
1504         We now rely on objects being zero-filled in a bunch of places, not just concurrent GC.
1505         So, we need 32-bit to do it too.
1506
1507         * dfg/DFGSpeculativeJIT32_64.cpp:
1508         (JSC::DFG::SpeculativeJIT::compile):
1509         * jit/JITOpcodes32_64.cpp:
1510         (JSC::JIT::emit_op_new_object):
1511
1512 2016-12-09  Eric Carlson  <eric.carlson@apple.com>
1513
1514         Annotate MediaStream and WebRTC idl with EnabledAtRuntime flag
1515         https://bugs.webkit.org/show_bug.cgi?id=165251
1516
1517         Reviewed by Dean Jackson.
1518
1519         Based on a patch by Dr Alex Gouaillard <agouaillard@gmail.com>
1520
1521         * runtime/CommonIdentifiers.h: Add WebRTC and MediaStream identifiers.
1522
1523 2016-12-09  JF Bastien  <jfbastien@apple.com>
1524
1525         WebAssembly JS API: implement start function
1526         https://bugs.webkit.org/show_bug.cgi?id=165150
1527
1528         Reviewed by Saam Barati.
1529
1530         * wasm/WasmFormat.h: pass the start function around
1531         * wasm/WasmModuleParser.cpp:
1532         (JSC::Wasm::ModuleParser::parseTable): mark unreachable code
1533         (JSC::Wasm::ModuleParser::parseGlobal): mark unreachable code
1534         (JSC::Wasm::ModuleParser::parseStart): mark unreachable code
1535         (JSC::Wasm::ModuleParser::parseElement): mark unreachable code
1536         (JSC::Wasm::ModuleParser::parseData): mark unreachable code
1537         * wasm/js/WebAssemblyFunction.cpp:
1538         (JSC::callWebAssemblyFunction): NFC: call the new function below
1539         (JSC::WebAssemblyFunction::call): separate this out so that the start function can use it
1540         * wasm/js/WebAssemblyFunction.h:
1541         * wasm/js/WebAssemblyModuleRecord.cpp:
1542         (JSC::WebAssemblyModuleRecord::visitChildren): visit the start function
1543         (JSC::WebAssemblyModuleRecord::link): handle start function
1544         (JSC::WebAssemblyModuleRecord::evaluate): call the start function, if present
1545         * wasm/js/WebAssemblyModuleRecord.h:
1546
1547 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
1548
1549         GC might be forced to look at a nuked object due to ordering of AllocatePropertyStorage, MaterializeNewObject, and PutStructure
1550         https://bugs.webkit.org/show_bug.cgi?id=165672
1551
1552         Reviewed by Geoffrey Garen.
1553         
1554         We need to make sure that the shady stuff in a property put happens after the
1555         PutByOffset, since the PutByOffset is the place where we materialize. More generally, we
1556         should strive to not have any fenceposts between Nodes where a GC would be illegal.
1557         
1558         This gets us most of the way there by separating NukeStructureAndSetButterfly from
1559         [Re]AllocatePropertyStorage. A transitioning put will now look something like:
1560         
1561             GetButterfly
1562             ReallocatePropertyStorage
1563             PutByOffset
1564             NukeStructureAndSetButterfly
1565             PutStructure
1566         
1567         Previously the structure would get nuked by ReallocatePropertyStorage, so if we placed
1568         an object materialization just after it (before the PutByOffset) then any GC that
1569         completed at that safepoint would encounter an unresolved visit race due to seeing a
1570         nuked structure. We cannot have nuked structures at safepoints, and this change makes
1571         sure that we don't - at least until someone tries to sink to the PutStructure. We will
1572         eventually have to create a combined SetStructureAndButterfly node, but we don't need it
1573         yet.
1574         
1575         This also fixes a goof where the DFG's AllocatePropertyStorage was nulling the structure
1576         instead of nuking it. This could easily have caused many crashes in GC.
1577         
1578         * dfg/DFGAbstractInterpreterInlines.h:
1579         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1580         * dfg/DFGByteCodeParser.cpp:
1581         (JSC::DFG::ByteCodeParser::handlePutById):
1582         * dfg/DFGClobberize.h:
1583         (JSC::DFG::clobberize):
1584         * dfg/DFGClobbersExitState.cpp:
1585         (JSC::DFG::clobbersExitState):
1586         * dfg/DFGConstantFoldingPhase.cpp:
1587         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
1588         * dfg/DFGDoesGC.cpp:
1589         (JSC::DFG::doesGC):
1590         * dfg/DFGFixupPhase.cpp:
1591         (JSC::DFG::FixupPhase::fixupNode):
1592         * dfg/DFGMayExit.cpp:
1593         * dfg/DFGNodeType.h:
1594         * dfg/DFGOperations.cpp:
1595         * dfg/DFGOperations.h:
1596         * dfg/DFGPredictionPropagationPhase.cpp:
1597         * dfg/DFGSafeToExecute.h:
1598         (JSC::DFG::safeToExecute):
1599         * dfg/DFGSpeculativeJIT.cpp:
1600         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
1601         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
1602         (JSC::DFG::SpeculativeJIT::compileNukeStructureAndSetButterfly):
1603         * dfg/DFGSpeculativeJIT.h:
1604         * dfg/DFGSpeculativeJIT32_64.cpp:
1605         (JSC::DFG::SpeculativeJIT::compile):
1606         * dfg/DFGSpeculativeJIT64.cpp:
1607         (JSC::DFG::SpeculativeJIT::compile):
1608         * dfg/DFGStoreBarrierInsertionPhase.cpp:
1609         * dfg/DFGTypeCheckHoistingPhase.cpp:
1610         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
1611         * ftl/FTLCapabilities.cpp:
1612         (JSC::FTL::canCompile):
1613         * ftl/FTLLowerDFGToB3.cpp:
1614         (JSC::FTL::DFG::LowerDFGToB3::compileNode):
1615         (JSC::FTL::DFG::LowerDFGToB3::compileNukeStructureAndSetButterfly):
1616         (JSC::FTL::DFG::LowerDFGToB3::storageForTransition):
1617         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
1618         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
1619         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
1620         * runtime/Options.cpp:
1621         (JSC::recomputeDependentOptions):
1622         * runtime/Options.h: Fix a bug - make it possible to turn on concurrent GC optionally again.
1623
1624 2016-12-09  Chris Dumez  <cdumez@apple.com>
1625
1626         Inline JSCell::toObject()
1627         https://bugs.webkit.org/show_bug.cgi?id=165679
1628
1629         Reviewed by Geoffrey Garen.
1630
1631         Inline JSCell::toObject() as it shows on Speedometer profiles.
1632
1633         * runtime/JSCell.cpp:
1634         (JSC::JSCell::toObjectSlow):
1635         (JSC::JSCell::toObject): Deleted.
1636         * runtime/JSCell.h:
1637         * runtime/JSCellInlines.h:
1638         (JSC::JSCell::toObject):
1639
1640 2016-12-09  Geoffrey Garen  <ggaren@apple.com>
1641
1642         Deploy OrdinalNumber in JSC::SourceCode
1643         https://bugs.webkit.org/show_bug.cgi?id=165687
1644
1645         Reviewed by Michael Saboff.
1646
1647         We have a lot of confusion between 1-based and 0-based counting in line
1648         and column numbers. Let's use OrdinalNumber to clear up the confusion.
1649
1650         * bytecode/UnlinkedFunctionExecutable.cpp:
1651         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1652         (JSC::UnlinkedFunctionExecutable::link):
1653         * bytecompiler/BytecodeGenerator.h:
1654         (JSC::BytecodeGenerator::emitExpressionInfo):
1655         * inspector/JSInjectedScriptHost.cpp:
1656         (Inspector::JSInjectedScriptHost::functionDetails):
1657         * parser/Lexer.cpp:
1658         (JSC::Lexer<T>::setCode):
1659         * parser/Parser.cpp:
1660         (JSC::Parser<LexerType>::Parser):
1661         * parser/Parser.h:
1662         (JSC::Parser<LexerType>::parse):
1663         * parser/SourceCode.h:
1664         (JSC::SourceCode::SourceCode):
1665         (JSC::SourceCode::firstLine):
1666         (JSC::SourceCode::startColumn):
1667         * runtime/CodeCache.cpp:
1668         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
1669         * runtime/ScriptExecutable.h:
1670         (JSC::ScriptExecutable::firstLine):
1671         (JSC::ScriptExecutable::startColumn):
1672         * tools/CodeProfile.h:
1673         (JSC::CodeProfile::CodeProfile):
1674
1675 2016-12-09  Saam Barati  <sbarati@apple.com>
1676
1677         WebAssembly JS API: implement importing and defining Memory
1678         https://bugs.webkit.org/show_bug.cgi?id=164134
1679
1680         Reviewed by Keith Miller.
1681
1682         This patch implements the WebAssembly.Memory object. It refactors
1683         the code to now associate a Memory with the instance instead of
1684         the Module.
1685
1686         * CMakeLists.txt:
1687         * JavaScriptCore.xcodeproj/project.pbxproj:
1688         * jsc.cpp:
1689         (functionTestWasmModuleFunctions):
1690         * runtime/VM.h:
1691         * shell/CMakeLists.txt:
1692         * testWasm.cpp: Removed.
1693         This has bitrotted. I'm removing it.
1694
1695         * wasm/WasmB3IRGenerator.cpp:
1696         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
1697         (JSC::Wasm::sizeOfLoadOp):
1698         (JSC::Wasm::createJSToWasmWrapper):
1699         (JSC::Wasm::parseAndCompile):
1700         * wasm/WasmB3IRGenerator.h:
1701         * wasm/WasmFormat.cpp:
1702         (JSC::Wasm::ModuleInformation::~ModuleInformation): Deleted.
1703         * wasm/WasmFormat.h:
1704         * wasm/WasmMemory.cpp:
1705         (JSC::Wasm::Memory::Memory):
1706         * wasm/WasmMemory.h:
1707         (JSC::Wasm::Memory::size):
1708         (JSC::Wasm::Memory::initial):
1709         (JSC::Wasm::Memory::maximum):
1710         (JSC::Wasm::Memory::pinnedRegisters): Deleted.
1711         * wasm/WasmMemoryInformation.cpp: Added.
1712         (JSC::Wasm::MemoryInformation::MemoryInformation):
1713         * wasm/WasmMemoryInformation.h: Added.
1714         (JSC::Wasm::MemoryInformation::MemoryInformation):
1715         (JSC::Wasm::MemoryInformation::pinnedRegisters):
1716         (JSC::Wasm::MemoryInformation::initial):
1717         (JSC::Wasm::MemoryInformation::maximum):
1718         (JSC::Wasm::MemoryInformation::isImport):
1719         (JSC::Wasm::MemoryInformation::operator bool):
1720         * wasm/WasmModuleParser.cpp:
1721         (JSC::Wasm::ModuleParser::parseImport):
1722         (JSC::Wasm::ModuleParser::parseMemoryHelper):
1723         (JSC::Wasm::ModuleParser::parseMemory):
1724         (JSC::Wasm::ModuleParser::parseExport):
1725         * wasm/WasmModuleParser.h:
1726         * wasm/WasmPageCount.h: Added. Implement a new way of describing Wasm
1727         pages and then asking for how many bytes a quantity of pages is. This
1728         class also makes it clear when we're talking about bytes or pages.
1729
1730         (JSC::Wasm::PageCount::PageCount):
1731         (JSC::Wasm::PageCount::bytes):
1732         (JSC::Wasm::PageCount::isValid):
1733         (JSC::Wasm::PageCount::max):
1734         (JSC::Wasm::PageCount::operator bool):
1735         (JSC::Wasm::PageCount::operator<):
1736         (JSC::Wasm::PageCount::operator>):
1737         (JSC::Wasm::PageCount::operator>=):
1738         * wasm/WasmPlan.cpp:
1739         (JSC::Wasm::Plan::run):
1740         * wasm/WasmPlan.h:
1741         (JSC::Wasm::Plan::memory): Deleted.
1742         * wasm/WasmValidate.cpp:
1743         (JSC::Wasm::Validate::hasMemory):
1744         (JSC::Wasm::Validate::Validate):
1745         (JSC::Wasm::validateFunction):
1746         * wasm/WasmValidate.h:
1747         * wasm/generateWasmValidateInlinesHeader.py:
1748         * wasm/js/JSWebAssemblyInstance.cpp:
1749         (JSC::JSWebAssemblyInstance::visitChildren):
1750         * wasm/js/JSWebAssemblyInstance.h:
1751         (JSC::JSWebAssemblyInstance::memory):
1752         (JSC::JSWebAssemblyInstance::setMemory):
1753         (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
1754         (JSC::JSWebAssemblyInstance::allocationSize):
1755         * wasm/js/JSWebAssemblyMemory.cpp:
1756         (JSC::JSWebAssemblyMemory::create):
1757         (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory):
1758         (JSC::JSWebAssemblyMemory::buffer):
1759         (JSC::JSWebAssemblyMemory::visitChildren):
1760         * wasm/js/JSWebAssemblyMemory.h:
1761         (JSC::JSWebAssemblyMemory::memory):
1762         * wasm/js/WebAssemblyFunction.cpp:
1763         (JSC::callWebAssemblyFunction):
1764         * wasm/js/WebAssemblyInstanceConstructor.cpp:
1765         Handle importing and creating of memory according
1766         to the spec. This also does the needed validation
1767         of making sure the memory defined in the module
1768         is compatible with the imported memory.
1769
1770         (JSC::constructJSWebAssemblyInstance):
1771         * wasm/js/WebAssemblyMemoryConstructor.cpp:
1772         (JSC::constructJSWebAssemblyMemory):
1773         (JSC::callJSWebAssemblyMemory):
1774         * wasm/js/WebAssemblyMemoryPrototype.cpp:
1775         (JSC::webAssemblyMemoryProtoFuncBuffer):
1776         (JSC::WebAssemblyMemoryPrototype::create):
1777         (JSC::WebAssemblyMemoryPrototype::finishCreation):
1778         * wasm/js/WebAssemblyMemoryPrototype.h:
1779         * wasm/js/WebAssemblyModuleRecord.cpp:
1780         (JSC::WebAssemblyModuleRecord::finishCreation):
1781         (JSC::WebAssemblyModuleRecord::link):
1782
1783 2016-12-09  Joseph Pecoraro  <pecoraro@apple.com>
1784
1785         Web Inspector: Some resources fetched via Fetch API do not have data
1786         https://bugs.webkit.org/show_bug.cgi?id=165230
1787         <rdar://problem/29449220>
1788
1789         Reviewed by Alex Christensen.
1790
1791         * inspector/protocol/Page.json:
1792         Add new Fetch Page.ResourceType.
1793
1794 2016-12-09  Geoffrey Garen  <ggaren@apple.com>
1795
1796         TextPosition and OrdinalNumber should be more like idiomatic numbers
1797         https://bugs.webkit.org/show_bug.cgi?id=165678
1798
1799         Reviewed by Filip Pizlo.
1800
1801         Adopt default constructor.
1802
1803         * API/JSBase.cpp:
1804         (JSEvaluateScript):
1805         (JSCheckScriptSyntax):
1806         * API/JSObjectRef.cpp:
1807         (JSObjectMakeFunction):
1808         * API/JSScriptRef.cpp:
1809         (OpaqueJSScript::OpaqueJSScript):
1810         * jsc.cpp:
1811         (functionCheckModuleSyntax):
1812         * parser/SourceCode.h:
1813         (JSC::makeSource):
1814         * parser/SourceProvider.h:
1815         (JSC::StringSourceProvider::create):
1816         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
1817         * runtime/FunctionConstructor.cpp:
1818         (JSC::constructFunction):
1819         * runtime/ModuleLoaderPrototype.cpp:
1820         (JSC::moduleLoaderPrototypeParseModule):
1821
1822 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
1823
1824         Unreviewed, disable concurrent GC for real.
1825
1826         * runtime/Options.cpp:
1827         (JSC::recomputeDependentOptions):
1828
1829 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
1830
1831         Unreviewed, disable concurrent GC while crashes get investigated.
1832
1833         * runtime/Options.cpp:
1834         (JSC::recomputeDependentOptions):
1835
1836 2016-12-09  Filip Pizlo  <fpizlo@apple.com>
1837
1838         JSSegmentedVariableObject should keep its state private
1839
1840         Rubber stamped by Michael Saboff.
1841         
1842         Its state fields were protected for no reason. They really should be private because
1843         you have to know to obey a particular concurrency protocol when accessing them.
1844
1845         * runtime/JSSegmentedVariableObject.h:
1846
1847 2016-12-09  Csaba Osztrogonác  <ossy@webkit.org>
1848
1849         Unreviewed ARM buildfix after 209570.
1850
1851         * assembler/MacroAssemblerARM.h:
1852         (JSC::MacroAssemblerARM::or32): Added.
1853
1854 2016-12-08  JF Bastien  <jfbastien@apple.com>
1855
1856         WebAssembly: JSC::link* shouldn't need a CodeBlock
1857         https://bugs.webkit.org/show_bug.cgi?id=165591
1858
1859         Reviewed by Keith Miller.
1860
1861         Allow linking without a CodeBlock, which WebAssembly's wasm -> JS stubs does. This needs to work for polymorphic and virtual calls. This patch adds corresponding tests for this.
1862
1863         * assembler/LinkBuffer.cpp:
1864         (JSC::shouldDumpDisassemblyFor): don't look at the tier option if there isn't a CodeBlock, only look at the global one. This is a WebAssembly function, so the tier information is irrelevant.
1865         * jit/Repatch.cpp:
1866         (JSC::isWebAssemblyToJSCallee): this is used in the link* functions below
1867         (JSC::linkFor):
1868         (JSC::linkVirtualFor):
1869         (JSC::linkPolymorphicCall):
1870         * runtime/Options.h: add an option to change the maximum number of polymorphic calls in stubs from wasm to JS, which will come in handy when we try to tune performance or try merging some of the WebAssembly stubs
1871         * wasm/WasmBinding.cpp:
1872         (JSC::Wasm::importStubGenerator): remove the breakpoint since the code now works
1873         * wasm/js/WebAssemblyToJSCallee.h:
1874
1875 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
1876
1877         MultiPutByOffset should get a barrier if it transitions
1878         https://bugs.webkit.org/show_bug.cgi?id=165646
1879
1880         Reviewed by Keith Miller.
1881         
1882         Previously, if we knew that we were storing a non-cell but we needed to transition, we
1883         would fail to add the barrier but the FTL's lowering expected the barrier to be there.
1884         
1885         Strictly, we need to "consider" the barrier on MultiPutByOffset if the value is
1886         possibly a cell or if the MultiPutByOffset may transition. Then "considering" the
1887         barrier implies checking if the base is possibly old.
1888         
1889         But because the barrier is so cheap anyway, this patch implements something safer: we
1890         just consider the barrier on MultiPutByOffset unconditionally, which opts it out of any
1891         barrier optimizations other than those based on the predicted state of the base. Those
1892         optimizations are already sound - for example they use doesGC() to detect safepoints
1893         and that function correctly predicts when MultiPutByOffset could GC.
1894         
1895         Because the barrier optimizations are only a very small speed-up, I think it's great to
1896         fix bugs by weakening the optimizer without cleverness.
1897
1898         * dfg/DFGFixupPhase.cpp:
1899         * dfg/DFGStoreBarrierInsertionPhase.cpp:
1900         * heap/MarkedBlock.cpp:
1901         (JSC::MarkedBlock::assertValidCell):
1902
1903 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
1904
1905         Enable concurrent GC on ARM64
1906         https://bugs.webkit.org/show_bug.cgi?id=165643
1907
1908         Reviewed by Saam Barati.
1909
1910         It looks stable enough to enable.
1911
1912         * assembler/CPU.h:
1913         (JSC::useGCFences): Deleted.
1914         * bytecode/PolymorphicAccess.cpp:
1915         (JSC::AccessCase::generateImpl):
1916         * dfg/DFGSpeculativeJIT.cpp:
1917         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
1918         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
1919         * ftl/FTLLowerDFGToB3.cpp:
1920         (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
1921         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
1922         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
1923         (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
1924         * jit/AssemblyHelpers.h:
1925         (JSC::AssemblyHelpers::mutatorFence):
1926         (JSC::AssemblyHelpers::storeButterfly):
1927         (JSC::AssemblyHelpers::nukeStructureAndStoreButterfly):
1928         (JSC::AssemblyHelpers::emitInitializeInlineStorage):
1929         (JSC::AssemblyHelpers::emitInitializeOutOfLineStorage):
1930         * runtime/Options.cpp:
1931         (JSC::recomputeDependentOptions):
1932
1933 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
1934
1935         Disable collectContinuously if not useConcurrentGC
1936
1937         Rubber stamped by Geoffrey Garen.
1938
1939         * runtime/Options.cpp:
1940         (JSC::recomputeDependentOptions):
1941
1942 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
1943
1944         Unreviewed, fix cloop build.
1945
1946         * runtime/JSObject.h:
1947
1948 2016-12-06  Filip Pizlo  <fpizlo@apple.com>
1949
1950         Concurrent GC should be stable enough to land enabled on X86_64
1951         https://bugs.webkit.org/show_bug.cgi?id=164990
1952
1953         Reviewed by Geoffrey Garen.
1954         
1955         This fixes a ton of performance and correctness bugs revealed by getting the concurrent GC to
1956         be stable enough to land enabled.
1957         
1958         I had to redo the JSObject::visitChildren concurrency protocol again. This time I think it's
1959         even more correct than ever!
1960         
1961         This is an enormous win on JetStream/splay-latency and Octane/SplayLatency. It looks to be
1962         mostly neutral on everything else, though Speedometer is showing statistically weak signs of a
1963         slight regression.
1964
1965         * API/JSAPIWrapperObject.mm: Added locking.
1966         (JSC::JSAPIWrapperObject::visitChildren):
1967         * API/JSCallbackObject.h: Added locking.
1968         (JSC::JSCallbackObjectData::visitChildren):
1969         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
1970         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::deletePrivateProperty):
1971         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
1972         * CMakeLists.txt:
1973         * JavaScriptCore.xcodeproj/project.pbxproj:
1974         * bytecode/CodeBlock.cpp:
1975         (JSC::CodeBlock::UnconditionalFinalizer::finalizeUnconditionally): This had a TOCTOU race on shouldJettisonDueToOldAge.
1976         (JSC::EvalCodeCache::visitAggregate): Moved to EvalCodeCache.cpp.
1977         * bytecode/DirectEvalCodeCache.cpp: Added. Outlined some functions and made them use locks.
1978         (JSC::DirectEvalCodeCache::setSlow):
1979         (JSC::DirectEvalCodeCache::clear):
1980         (JSC::DirectEvalCodeCache::visitAggregate):
1981         * bytecode/DirectEvalCodeCache.h:
1982         (JSC::DirectEvalCodeCache::set):
1983         (JSC::DirectEvalCodeCache::clear): Deleted.
1984         * bytecode/UnlinkedCodeBlock.cpp: Added locking.
1985         (JSC::UnlinkedCodeBlock::visitChildren):
1986         (JSC::UnlinkedCodeBlock::setInstructions):
1987         (JSC::UnlinkedCodeBlock::shrinkToFit):
1988         * bytecode/UnlinkedCodeBlock.h: Added locking.
1989         (JSC::UnlinkedCodeBlock::addRegExp):
1990         (JSC::UnlinkedCodeBlock::addConstant):
1991         (JSC::UnlinkedCodeBlock::addFunctionDecl):
1992         (JSC::UnlinkedCodeBlock::addFunctionExpr):
1993         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary):
1994         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1995         * debugger/Debugger.cpp: Use the right delete API.
1996         (JSC::Debugger::recompileAllJSFunctions):
1997         * dfg/DFGAbstractInterpreterInlines.h:
1998         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Fix a pre-existing bug in ToFunction constant folding.
1999         * dfg/DFGClobberize.h: Add support for nuking.
2000         (JSC::DFG::clobberize):
2001         * dfg/DFGClobbersExitState.cpp: Add support for nuking.
2002         (JSC::DFG::clobbersExitState):
2003         * dfg/DFGFixupPhase.cpp: Add support for nuking.
2004         (JSC::DFG::FixupPhase::fixupNode):
2005         (JSC::DFG::FixupPhase::indexForChecks):
2006         (JSC::DFG::FixupPhase::originForCheck):
2007         (JSC::DFG::FixupPhase::speculateForBarrier):
2008         (JSC::DFG::FixupPhase::insertCheck):
2009         (JSC::DFG::FixupPhase::fixupChecksInBlock):
2010         * dfg/DFGSpeculativeJIT.cpp: Add support for nuking.
2011         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
2012         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
2013         * ftl/FTLLowerDFGToB3.cpp: Add support for nuking.
2014         (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorage):
2015         (JSC::FTL::DFG::LowerDFGToB3::reallocatePropertyStorage):
2016         (JSC::FTL::DFG::LowerDFGToB3::mutatorFence):
2017         (JSC::FTL::DFG::LowerDFGToB3::nukeStructureAndSetButterfly):
2018         (JSC::FTL::DFG::LowerDFGToB3::setButterfly): Deleted.
2019         * heap/CodeBlockSet.cpp: We need to be more careful about the CodeBlockSet workflow during GC, since we will allocate CodeBlocks in eden while collecting.
2020         (JSC::CodeBlockSet::clearMarksForFullCollection):
2021         (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
2022         * heap/Heap.cpp: Added code to measure max pauses. Added a better collectContinuously mode.
2023         (JSC::Heap::lastChanceToFinalize): Stop the collectContinuously thread.
2024         (JSC::Heap::harvestWeakReferences): Inline SlotVisitor::harvestWeakReferences.
2025         (JSC::Heap::finalizeUnconditionalFinalizers): Inline SlotVisitor::finalizeUnconditionalReferences.
2026         (JSC::Heap::markToFixpoint): We need to do some MarkedSpace stuff before every conservative scan, rather than just at the start of marking, so we now call prepareForConservativeScan() before each conservative scan. Also call a less-parallel version of drainInParallel when the mutator is running.
2027         (JSC::Heap::collectInThread): Inline Heap::prepareForAllocation().
2028         (JSC::Heap::stopIfNecessarySlow): We need to be more careful about ensuring that we run finalization before and after stopping. Also, we should sanitize stack when stopping the world.
2029         (JSC::Heap::acquireAccessSlow): Add some optional debug prints.
2030         (JSC::Heap::handleNeedFinalize): Assert that we are running this when the world is not stopped.
2031         (JSC::Heap::finalize): Remove the old collectContinuously code.
2032         (JSC::Heap::requestCollection): We don't need to sanitize stack here anymore.
2033         (JSC::Heap::notifyIsSafeToCollect): Start the collectContinuously thread. It will request collection 1 KHz.
2034         (JSC::Heap::prepareForAllocation): Deleted.
2035         (JSC::Heap::preventCollection): Prevent any new concurrent GCs from being initiated.
2036         (JSC::Heap::allowCollection):
2037         (JSC::Heap::forEachSlotVisitor): Allows us to safely iterate slot visitors.
2038         * heap/Heap.h:
2039         * heap/HeapInlines.h:
2040         (JSC::Heap::writeBarrier): If the 'to' cell is not NewWhite then it could be AnthraciteOrBlack. During a full collection, objects may be AnthraciteOrBlack from a previous GC. Turns out, we don't benefit from this optimization so we can just kill it.
2041         * heap/HeapSnapshotBuilder.cpp:
2042         (JSC::HeapSnapshotBuilder::buildSnapshot): This needs to use PreventCollectionScope to ensure snapshot soundness.
2043         * heap/ListableHandler.h:
2044         (JSC::ListableHandler::isOnList): Useful helper.
2045         * heap/LockDuringMarking.h:
2046         (JSC::lockDuringMarking): It's a locker that only locks while we're marking.
2047         * heap/MarkedAllocator.cpp:
2048         (JSC::MarkedAllocator::addBlock): Hold the bitvector lock while resizing.
2049         * heap/MarkedBlock.cpp: Hold the bitvector lock while accessing the bitvectors while the mutator is running.
2050         * heap/MarkedSpace.cpp:
2051         (JSC::MarkedSpace::prepareForConservativeScan): We used to do this in prepareForMarking, but we need to do it before each conservative scan not just before marking.
2052         (JSC::MarkedSpace::prepareForMarking): Remove the logic moved to prepareForConservativeScan.
2053         * heap/MarkedSpace.h:
2054         * heap/PreventCollectionScope.h: Added.
2055         * heap/SlotVisitor.cpp: Refactored drainFromShared so that we can write a similar function called drainInParallelPassively.
2056         (JSC::SlotVisitor::updateMutatorIsStopped): Update whether we can use "fast" scanning.
2057         (JSC::SlotVisitor::mutatorIsStoppedIsUpToDate):
2058         (JSC::SlotVisitor::didReachTermination):
2059         (JSC::SlotVisitor::hasWork):
2060         (JSC::SlotVisitor::drain): This now uses the rightToRun lock to allow the main GC thread to safepoint the workers.
2061         (JSC::SlotVisitor::drainFromShared):
2062         (JSC::SlotVisitor::drainInParallelPassively): This runs marking with one fewer threads than normal. It's useful for when we have resumed the mutator, since then the mutator has a better chance of getting on a core.
2063         (JSC::SlotVisitor::addWeakReferenceHarvester):
2064         (JSC::SlotVisitor::addUnconditionalFinalizer):
2065         (JSC::SlotVisitor::harvestWeakReferences): Deleted.
2066         (JSC::SlotVisitor::finalizeUnconditionalFinalizers): Deleted.
2067         * heap/SlotVisitor.h:
2068         * heap/SlotVisitorInlines.h: Outline stuff.
2069         (JSC::SlotVisitor::addWeakReferenceHarvester): Deleted.
2070         (JSC::SlotVisitor::addUnconditionalFinalizer): Deleted.
2071         * runtime/InferredType.cpp: This needed thread safety.
2072         (JSC::InferredType::visitChildren): This needs to keep its structure finalizer alive until it runs.
2073         (JSC::InferredType::set):
2074         (JSC::InferredType::InferredStructureFinalizer::finalizeUnconditionally):
2075         * runtime/InferredType.h:
2076         * runtime/InferredValue.cpp: This needed thread safety.
2077         (JSC::InferredValue::visitChildren):
2078         (JSC::InferredValue::ValueCleanup::finalizeUnconditionally):
2079         * runtime/JSArray.cpp:
2080         (JSC::JSArray::unshiftCountSlowCase): Update to use new butterfly API.
2081         (JSC::JSArray::unshiftCountWithArrayStorage): Update to use new butterfly API.
2082         * runtime/JSArrayBufferView.cpp:
2083         (JSC::JSArrayBufferView::visitChildren): Thread safety.
2084         * runtime/JSCell.h:
2085         (JSC::JSCell::setStructureIDDirectly): This is used for nuking the structure.
2086         (JSC::JSCell::InternalLocker::InternalLocker): Deleted. The cell is now the lock.
2087         (JSC::JSCell::InternalLocker::~InternalLocker): Deleted. The cell is now the lock.
2088         * runtime/JSCellInlines.h:
2089         (JSC::JSCell::structure): Clean this up.
2090         (JSC::JSCell::lock): The cell is now the lock.
2091         (JSC::JSCell::tryLock):
2092         (JSC::JSCell::unlock):
2093         (JSC::JSCell::isLocked):
2094         (JSC::JSCell::lockInternalLock): Deleted.
2095         (JSC::JSCell::unlockInternalLock): Deleted.
2096         * runtime/JSFunction.cpp:
2097         (JSC::JSFunction::visitChildren): Thread safety.
2098         * runtime/JSGenericTypedArrayViewInlines.h:
2099         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren): Thread safety.
2100         (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory): Thread safety.
2101         * runtime/JSObject.cpp:
2102         (JSC::JSObject::markAuxiliaryAndVisitOutOfLineProperties): Factor out this "easy" step of butterfly visiting.
2103         (JSC::JSObject::visitButterfly): Make this achieve 100% precision about structure-butterfly relationships. This relies on the mutator "nuking" the structure prior to "locked" structure-butterfly transitions.
2104         (JSC::JSObject::visitChildren): Use the new, nicer API.
2105         (JSC::JSFinalObject::visitChildren): Use the new, nicer API.
2106         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists): Use the new butterfly API.
2107         (JSC::JSObject::createInitialUndecided): Use the new butterfly API.
2108         (JSC::JSObject::createInitialInt32): Use the new butterfly API.
2109         (JSC::JSObject::createInitialDouble): Use the new butterfly API.
2110         (JSC::JSObject::createInitialContiguous): Use the new butterfly API.
2111         (JSC::JSObject::createArrayStorage): Use the new butterfly API.
2112         (JSC::JSObject::convertUndecidedToContiguous): Use the new butterfly API.
2113         (JSC::JSObject::convertUndecidedToArrayStorage): Use the new butterfly API.
2114         (JSC::JSObject::convertInt32ToArrayStorage): Use the new butterfly API.
2115         (JSC::JSObject::convertDoubleToContiguous): Use the new butterfly API.
2116         (JSC::JSObject::convertDoubleToArrayStorage): Use the new butterfly API.
2117         (JSC::JSObject::convertContiguousToArrayStorage): Use the new butterfly API.
2118         (JSC::JSObject::increaseVectorLength): Use the new butterfly API.
2119         (JSC::JSObject::shiftButterflyAfterFlattening): Use the new butterfly API.
2120         * runtime/JSObject.h:
2121         (JSC::JSObject::setButterfly): This now does all of the fences. Only use this when you are not also transitioning the structure or the structure's lastOffset.
2122         (JSC::JSObject::nukeStructureAndSetButterfly): Use this when doing locked structure-butterfly transitions.
2123         * runtime/JSObjectInlines.h:
2124         (JSC::JSObject::putDirectWithoutTransition): Use the newly factored out API.
2125         (JSC::JSObject::prepareToPutDirectWithoutTransition): Factor this out!
2126         (JSC::JSObject::putDirectInternal): Use the newly factored out API.
2127         * runtime/JSPropertyNameEnumerator.cpp:
2128         (JSC::JSPropertyNameEnumerator::finishCreation): Locks!
2129         (JSC::JSPropertyNameEnumerator::visitChildren): Locks!
2130         * runtime/JSSegmentedVariableObject.cpp:
2131         (JSC::JSSegmentedVariableObject::visitChildren): Locks!
2132         * runtime/JSString.cpp:
2133         (JSC::JSString::visitChildren): Thread safety.
2134         * runtime/ModuleProgramExecutable.cpp:
2135         (JSC::ModuleProgramExecutable::visitChildren): Thread safety.
2136         * runtime/Options.cpp: For now we disable concurrent GC on not-X86_64.
2137         (JSC::recomputeDependentOptions):
2138         * runtime/Options.h: Change the default max GC parallelism to 8. I don't know why it was still 7.
2139         * runtime/SamplingProfiler.cpp:
2140         (JSC::SamplingProfiler::stackTracesAsJSON): This needs to defer GC before grabbing its lock.
2141         * runtime/SparseArrayValueMap.cpp: This needed thread safety.
2142         (JSC::SparseArrayValueMap::add):
2143         (JSC::SparseArrayValueMap::remove):
2144         (JSC::SparseArrayValueMap::visitChildren):
2145         * runtime/SparseArrayValueMap.h:
2146         * runtime/Structure.cpp: This had a race between addNewPropertyTransition and visitChildren.
2147         (JSC::Structure::Structure):
2148         (JSC::Structure::materializePropertyTable):
2149         (JSC::Structure::addNewPropertyTransition):
2150         (JSC::Structure::flattenDictionaryStructure):
2151         (JSC::Structure::add): Help out with nuking support - the m_offset needs to play along.
2152         (JSC::Structure::visitChildren):
2153         * runtime/Structure.h: Make some useful things public - like the notion of a lastOffset.
2154         * runtime/StructureChain.cpp:
2155         (JSC::StructureChain::visitChildren): Thread safety!
2156         * runtime/StructureChain.h: Thread safety!
2157         * runtime/StructureIDTable.cpp:
2158         (JSC::StructureIDTable::allocateID): Ensure that we don't get nuked IDs.
2159         * runtime/StructureIDTable.h: Add the notion of a nuked ID! It's a bit that the runtime never sees except during specific shady actions like locked structure-butterfly transitions. "Nuking" tells the GC to steer clear and rescan once we fire the barrier.
2160         (JSC::nukedStructureIDBit):
2161         (JSC::nuke):
2162         (JSC::isNuked):
2163         (JSC::decontaminate):
2164         * runtime/StructureInlines.h:
2165         (JSC::Structure::hasIndexingHeader): Better API.
2166         (JSC::Structure::add):
2167         * runtime/VM.cpp: Better GC interaction.
2168         (JSC::VM::ensureWatchdog):
2169         (JSC::VM::deleteAllLinkedCode):
2170         (JSC::VM::deleteAllCode):
2171         * runtime/VM.h:
2172         (JSC::VM::getStructure): Why wasn't this always an API!
2173         * runtime/WebAssemblyExecutable.cpp:
2174         (JSC::WebAssemblyExecutable::visitChildren): Thread safety.
2175
2176 2016-12-08  Filip Pizlo  <fpizlo@apple.com>
2177
2178         Enable SharedArrayBuffer, remove the flag
2179         https://bugs.webkit.org/show_bug.cgi?id=165614
2180
2181         Rubber stamped by Geoffrey Garen.
2182
2183         * runtime/JSGlobalObject.cpp:
2184         (JSC::JSGlobalObject::init):
2185         * runtime/RuntimeFlags.h:
2186
2187 2016-12-08  JF Bastien  <jfbastien@apple.com>
2188
2189         WebAssembly JS API: wire up Instance imports
2190         https://bugs.webkit.org/show_bug.cgi?id=165118
2191
2192         Reviewed by Saam Barati.
2193
2194         Change a bunch of the WebAssembly object model, and pipe the
2195         necessary changes to be able to call JS imports from
2196         WebAssembly. This will make it easier to call_indirect, and
2197         unblock many other missing features.
2198
2199         As a follow-up I need to teach JSC::linkFor to live without a
2200         CodeBlock: wasm doesn't have one and the IC patching is sad. We'll
2201         switch on the callee (or its type?) and then use that as the owner
2202         (because the callee is alive if the instance is alive, ditto
2203         module, and module owns the CallLinkInfo).
2204
2205         * CMakeLists.txt:
2206         * JavaScriptCore.xcodeproj/project.pbxproj:
2207         * interpreter/CallFrame.h:
2208         (JSC::ExecState::callee): give access to the callee as a JSCell
2209         * jit/RegisterSet.cpp: dead code from previous WebAssembly implementation
2210         * jsc.cpp:
2211         (callWasmFunction):
2212         (functionTestWasmModuleFunctions):
2213         * runtime/JSCellInlines.h:
2214         (JSC::ExecState::vm): check callee instead of jsCallee: wasm only has a JSCell and not a JSObject
2215         * runtime/VM.cpp:
2216         (JSC::VM::VM): store the "top" WebAssembly.Instance on entry to WebAssembly (and restore the previous one on exit)
2217         * runtime/VM.h:
2218         * testWasm.cpp:
2219         (runWasmTests):
2220         * wasm/JSWebAssembly.h:
2221         * wasm/WasmB3IRGenerator.cpp:
2222         (JSC::Wasm::B3IRGenerator::B3IRGenerator): pass unlinked calls around to shorten their lifetime: they're ony needed until the Plan is done
2223         (JSC::Wasm::B3IRGenerator::addCall):
2224         (JSC::Wasm::createJSToWasmWrapper):
2225         (JSC::Wasm::parseAndCompile): also pass in the function index space, so that imports can be signature-checked along with internal functions
2226         * wasm/WasmB3IRGenerator.h:
2227         * wasm/WasmBinding.cpp: Added.
2228         (JSC::Wasm::importStubGenerator): stubs from wasm to JS
2229         * wasm/WasmBinding.h: Copied from Source/JavaScriptCore/wasm/WasmValidate.h.
2230         * wasm/WasmCallingConvention.h:
2231         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
2232         * wasm/WasmFormat.h: fix the object model
2233         (JSC::Wasm::CallableFunction::CallableFunction):
2234         * wasm/WasmFunctionParser.h: simplify some of the failure condition checks
2235         (JSC::Wasm::FunctionParser<Context>::FunctionParser): need function index space, not just internal functions
2236         (JSC::Wasm::FunctionParser<Context>::parseExpression):
2237         * wasm/WasmModuleParser.cpp: early-create some of the structures which will be needed later
2238         (JSC::Wasm::ModuleParser::parseImport):
2239         (JSC::Wasm::ModuleParser::parseFunction):
2240         (JSC::Wasm::ModuleParser::parseMemory):
2241         (JSC::Wasm::ModuleParser::parseExport):
2242         (JSC::Wasm::ModuleParser::parseCode):
2243         * wasm/WasmModuleParser.h:
2244         (JSC::Wasm::ModuleParser::functionIndexSpace):
2245         (JSC::Wasm::ModuleParser::functionLocations):
2246         * wasm/WasmParser.h:
2247         (JSC::Wasm::Parser::consumeUTF8String):
2248         * wasm/WasmPlan.cpp: pass around the wasm objects at the right time, reducing their lifetime and making it easier to pass them around when needed
2249         (JSC::Wasm::Plan::run):
2250         (JSC::Wasm::Plan::initializeCallees):
2251         * wasm/WasmPlan.h:
2252         (JSC::Wasm::Plan::exports):
2253         (JSC::Wasm::Plan::internalFunctionCount):
2254         (JSC::Wasm::Plan::jsToWasmEntryPointForFunction):
2255         (JSC::Wasm::Plan::takeModuleInformation):
2256         (JSC::Wasm::Plan::takeCallLinkInfos):
2257         (JSC::Wasm::Plan::takeWasmToJSStubs):
2258         (JSC::Wasm::Plan::takeFunctionIndexSpace):
2259         * wasm/WasmValidate.cpp: check function index space instead of only internal functions
2260         (JSC::Wasm::Validate::addCall):
2261         (JSC::Wasm::validateFunction):
2262         * wasm/WasmValidate.h:
2263         * wasm/js/JSWebAssemblyCallee.cpp:
2264         (JSC::JSWebAssemblyCallee::finishCreation):
2265         * wasm/js/JSWebAssemblyCallee.h:
2266         (JSC::JSWebAssemblyCallee::create):
2267         (JSC::JSWebAssemblyCallee::jsToWasmEntryPoint):
2268         * wasm/js/JSWebAssemblyInstance.cpp:
2269         (JSC::JSWebAssemblyInstance::create):
2270         (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance):
2271         (JSC::JSWebAssemblyInstance::visitChildren):
2272         * wasm/js/JSWebAssemblyInstance.h: hold the import functions off the end of the Instance
2273         (JSC::JSWebAssemblyInstance::importFunction):
2274         (JSC::JSWebAssemblyInstance::importFunctions):
2275         (JSC::JSWebAssemblyInstance::setImportFunction):
2276         (JSC::JSWebAssemblyInstance::offsetOfImportFunctions):
2277         (JSC::JSWebAssemblyInstance::offsetOfImportFunction):
2278         (JSC::JSWebAssemblyInstance::allocationSize):
2279         * wasm/js/JSWebAssemblyModule.cpp:
2280         (JSC::JSWebAssemblyModule::create):
2281         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2282         (JSC::JSWebAssemblyModule::visitChildren):
2283         * wasm/js/JSWebAssemblyModule.h: hold the link call info, the import function stubs, and the function index space
2284         (JSC::JSWebAssemblyModule::signatureForFunctionIndexSpace):
2285         (JSC::JSWebAssemblyModule::importCount):
2286         (JSC::JSWebAssemblyModule::calleeFromFunctionIndexSpace):
2287         * wasm/js/WebAssemblyFunction.cpp:
2288         (JSC::callWebAssemblyFunction): set top Instance on VM
2289         * wasm/js/WebAssemblyFunction.h:
2290         (JSC::WebAssemblyFunction::instance):
2291         * wasm/js/WebAssemblyInstanceConstructor.cpp:
2292         (JSC::constructJSWebAssemblyInstance): handle function imports
2293         * wasm/js/WebAssemblyModuleConstructor.cpp:
2294         (JSC::constructJSWebAssemblyModule): generate the stubs for import functions
2295         * wasm/js/WebAssemblyModuleRecord.cpp:
2296         (JSC::WebAssemblyModuleRecord::link):
2297         * wasm/js/WebAssemblyToJSCallee.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.
2298         (JSC::WebAssemblyToJSCallee::create): dummy JSCell singleton which lives on the VM, and is put as the callee in the import stub's frame to identified it when unwinding
2299         (JSC::WebAssemblyToJSCallee::createStructure):
2300         (JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
2301         (JSC::WebAssemblyToJSCallee::finishCreation):
2302         (JSC::WebAssemblyToJSCallee::destroy):
2303         * wasm/js/WebAssemblyToJSCallee.h: Copied from Source/JavaScriptCore/wasm/WasmB3IRGenerator.h.
2304
2305 2016-12-08  Mark Lam  <mark.lam@apple.com>
2306
2307         Enable JSC restricted options by default in the jsc shell.
2308         https://bugs.webkit.org/show_bug.cgi?id=165615
2309
2310         Reviewed by Keith Miller.
2311
2312         The jsc shell is only used for debugging and development testing.  We should
2313         allow it to use restricted options like JSC_useDollarVM even for release builds.
2314
2315         * jsc.cpp:
2316         (jscmain):
2317         * runtime/Options.cpp:
2318         (JSC::Options::enableRestrictedOptions):
2319         (JSC::Options::isAvailable):
2320         (JSC::allowRestrictedOptions): Deleted.
2321         * runtime/Options.h:
2322
2323 2016-12-08  Chris Dumez  <cdumez@apple.com>
2324
2325         Unreviewed, rolling out r209489.
2326
2327         Likely caused large regressions on JetStream, Sunspider and
2328         Speedometer
2329
2330         Reverted changeset:
2331
2332         "Add system trace points for JavaScript VM entry/exit"
2333         https://bugs.webkit.org/show_bug.cgi?id=165550
2334         http://trac.webkit.org/changeset/209489
2335
2336 2016-12-08  Keith Miller  <keith_miller@apple.com>
2337
2338         Move LEB tests to API tests
2339         https://bugs.webkit.org/show_bug.cgi?id=165586
2340
2341         Reviewed by Saam Barati.
2342
2343         Delete old stuff.
2344
2345         * testWasm.cpp:
2346         (printUsageStatement):
2347         (CommandLine::parseArguments):
2348         (main):
2349         (runLEBTests): Deleted.
2350
2351 2016-12-07  JF Bastien  <jfbastien@apple.com>
2352
2353         Cleanup WebAssembly's RETURN_IF_EXCEPTION
2354         https://bugs.webkit.org/show_bug.cgi?id=165595
2355
2356         Reviewed by Filip Pizlo.
2357
2358         * wasm/js/WebAssemblyCompileErrorConstructor.cpp:
2359         (JSC::constructJSWebAssemblyCompileError):
2360         * wasm/js/WebAssemblyFunction.cpp:
2361         (JSC::callWebAssemblyFunction):
2362         * wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
2363         (JSC::constructJSWebAssemblyRuntimeError):
2364
2365 2016-12-07  Geoffrey Garen  <ggaren@apple.com>
2366
2367         Renamed SourceCode members to match their accessor names
2368         https://bugs.webkit.org/show_bug.cgi?id=165573
2369
2370         Reviewed by Keith Miller.
2371
2372         startChar => startOffset
2373         endChar => endOffset
2374
2375         * parser/UnlinkedSourceCode.h:
2376         (JSC::UnlinkedSourceCode::UnlinkedSourceCode):
2377         (JSC::UnlinkedSourceCode::view):
2378         (JSC::UnlinkedSourceCode::startOffset):
2379         (JSC::UnlinkedSourceCode::endOffset):
2380         (JSC::UnlinkedSourceCode::length):
2381
2382 2016-12-07  Keith Miller  <keith_miller@apple.com>
2383
2384         Add more missing trivial wasm ops.
2385         https://bugs.webkit.org/show_bug.cgi?id=165564
2386
2387         Reviewed by Geoffrey Garen.
2388
2389         This patch adds the nop, drop, and tee_local opcodes.
2390         It also fixes an issue where we were not generating
2391         the proper enums for the grow_memory and current_memory
2392         opcodes.
2393
2394         * wasm/WasmFunctionParser.h:
2395         (JSC::Wasm::FunctionParser<Context>::parseExpression):
2396         * wasm/generateWasmOpsHeader.py:
2397
2398 2016-12-07  Geoffrey Garen  <ggaren@apple.com>
2399
2400         Renamed source => parentSource
2401         https://bugs.webkit.org/show_bug.cgi?id=165570
2402
2403         Reviewed by Keith Miller.
2404
2405         For less confuse.
2406
2407         * bytecode/UnlinkedFunctionExecutable.cpp:
2408         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2409
2410 2016-12-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2411
2412         [JSC] Drop translate phase in module loader
2413         https://bugs.webkit.org/show_bug.cgi?id=164861
2414
2415         Reviewed by Saam Barati.
2416
2417         Originally, this "translate" phase was introduced to the module loader.
2418         However, recent rework discussion[1] starts dropping this phase.
2419         And this "translate" phase is meaningless in the browser side module loader
2420         since this phase originally mimics the node.js's translation hook (like,
2421         transpiling CoffeeScript source to JavaScript).
2422
2423         This "translate" phase is not necessary for the exposed HTML5
2424         <script type="module"> tag right now. Once the module loader pipeline is
2425         redefined and specified, we need to update the current loader anyway.
2426         So dropping "translate" phase right now is OK.
2427
2428         This a bit simplifies the current module loader pipeline.
2429
2430         [1]: https://github.com/whatwg/loader/issues/147
2431
2432         * builtins/ModuleLoaderPrototype.js:
2433         (newRegistryEntry):
2434         (fulfillFetch):
2435         (requestFetch):
2436         (requestInstantiate):
2437         (provide):
2438         (fulfillTranslate): Deleted.
2439         (requestTranslate): Deleted.
2440         * bytecode/BytecodeIntrinsicRegistry.cpp:
2441         (JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
2442         * jsc.cpp:
2443         * runtime/JSGlobalObject.cpp:
2444         * runtime/JSGlobalObject.h:
2445         * runtime/JSModuleLoader.cpp:
2446         (JSC::JSModuleLoader::translate): Deleted.
2447         * runtime/JSModuleLoader.h:
2448         * runtime/ModuleLoaderPrototype.cpp:
2449         (JSC::moduleLoaderPrototypeInstantiate):
2450         (JSC::moduleLoaderPrototypeTranslate): Deleted.
2451
2452 2016-12-07  Joseph Pecoraro  <pecoraro@apple.com>
2453
2454         Web Inspector: Add ability to distinguish if a Script was parsed as a module
2455         https://bugs.webkit.org/show_bug.cgi?id=164900
2456         <rdar://problem/29323817>
2457
2458         Reviewed by Timothy Hatcher.
2459
2460         * inspector/agents/InspectorDebuggerAgent.cpp:
2461         (Inspector::InspectorDebuggerAgent::didParseSource):
2462         * inspector/protocol/Debugger.json:
2463         Add an optional event parameter to distinguish if a script was a module or not.
2464
2465 2016-12-07  Simon Fraser  <simon.fraser@apple.com>
2466
2467         Add system trace points for JavaScript VM entry/exit
2468         https://bugs.webkit.org/show_bug.cgi?id=165550
2469
2470         Reviewed by Tim Horton.
2471
2472         Add trace points for entry/exit into/out of the JS VM.
2473
2474         * runtime/VMEntryScope.cpp:
2475         (JSC::VMEntryScope::VMEntryScope):
2476         (JSC::VMEntryScope::~VMEntryScope):
2477
2478 2016-12-06  Keith Miller  <keith_miller@apple.com>
2479
2480         Add support for truncation operators
2481         https://bugs.webkit.org/show_bug.cgi?id=165519
2482
2483         Reviewed by Geoffrey Garen.
2484
2485         This patch adds initial support for truncation operators. The current patch
2486         does range based out of bounds checking, in the future we should use system
2487         register flags on ARM and other tricks on X86 improve the performance of
2488         these opcodes.
2489
2490         * assembler/MacroAssemblerARM64.h:
2491         (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
2492         (JSC::MacroAssemblerARM64::truncateDoubleToInt64):
2493         (JSC::MacroAssemblerARM64::truncateDoubleToUint64):
2494         (JSC::MacroAssemblerARM64::truncateFloatToInt32):
2495         (JSC::MacroAssemblerARM64::truncateFloatToUint32):
2496         (JSC::MacroAssemblerARM64::truncateFloatToInt64):
2497         (JSC::MacroAssemblerARM64::truncateFloatToUint64):
2498         * assembler/MacroAssemblerX86Common.h:
2499         (JSC::MacroAssemblerX86Common::truncateFloatToInt32):
2500         (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): Deleted.
2501         * assembler/MacroAssemblerX86_64.h:
2502         (JSC::MacroAssemblerX86_64::truncateDoubleToUint32):
2503         (JSC::MacroAssemblerX86_64::truncateDoubleToInt64):
2504         (JSC::MacroAssemblerX86_64::truncateDoubleToUint64):
2505         (JSC::MacroAssemblerX86_64::truncateFloatToUint32):
2506         (JSC::MacroAssemblerX86_64::truncateFloatToInt64):
2507         (JSC::MacroAssemblerX86_64::truncateFloatToUint64):
2508         * assembler/X86Assembler.h:
2509         (JSC::X86Assembler::cvttss2si_rr):
2510         (JSC::X86Assembler::cvttss2siq_rr):
2511         * wasm/WasmB3IRGenerator.cpp:
2512         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncSF64>):
2513         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncSF32>):
2514         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncUF64>):
2515         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32TruncUF32>):
2516         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncSF64>):
2517         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncUF64>):
2518         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncSF32>):
2519         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64TruncUF32>):
2520         * wasm/WasmFunctionParser.h:
2521         (JSC::Wasm::FunctionParser<Context>::parseExpression):
2522
2523 2016-12-07  Joseph Pecoraro  <pecoraro@apple.com>
2524
2525         Web Inspector: Remove unused and mostly untested Page domain commands and events
2526         https://bugs.webkit.org/show_bug.cgi?id=165507
2527
2528         Reviewed by Brian Burg.
2529
2530         Remove unused and unsupported commands and events.
2531
2532           - Page.setDocumentContent
2533           - Page.getScriptExecutionStatus
2534           - Page.setScriptExecutionDisabled
2535           - Page.handleJavaScriptDialog
2536           - Page.javascriptDialogOpening
2537           - Page.javascriptDialogClosed
2538           - Page.scriptsEnabled
2539
2540         * inspector/protocol/Page.json:
2541
2542 2016-12-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2543
2544         [JSC] Merge PromiseReactions
2545         https://bugs.webkit.org/show_bug.cgi?id=165526
2546
2547         Reviewed by Sam Weinig.
2548
2549         Our promise implementation has two arrays per Promise; promiseFulfillReactions and promiseRejectReactions.
2550         And everytime we call `promise.then`, we create two promise reactions for fullfill and reject.
2551         However, these two reactions and the arrays for reactions can be merged into one array and one reaction.
2552         It reduces the unnecessary object allocations.
2553
2554         No behavior change.
2555
2556         * builtins/BuiltinNames.h:
2557         * builtins/PromiseOperations.js:
2558         (globalPrivate.newPromiseReaction):
2559         (globalPrivate.triggerPromiseReactions):
2560         (globalPrivate.rejectPromise):
2561         (globalPrivate.fulfillPromise):
2562         (globalPrivate.promiseReactionJob):
2563         (globalPrivate.initializePromise):
2564         * builtins/PromisePrototype.js:
2565         (then):
2566         * runtime/JSPromise.cpp:
2567         (JSC::JSPromise::finishCreation):
2568
2569 2016-12-06  Mark Lam  <mark.lam@apple.com>
2570
2571         GetByID IC is wrongly unwrapping the global proxy this value for getter/setters.
2572         https://bugs.webkit.org/show_bug.cgi?id=165401
2573
2574         Reviewed by Saam Barati.
2575
2576         When the this value for a property access is the JS global and that property
2577         access is via a GetterSetter, the underlying getter / setter functions would
2578         expect the this value they receive to be the JSProxy instance instead of the
2579         JSGlobalObject.  This is consistent with how the LLINT and runtime code behaves.
2580         The IC code should behave the same way.
2581
2582         Also added some ASSERTs to document invariants in the code, and help detect
2583         bugs sooner if the code gets changed in a way that breaks those invariants in
2584         the future.
2585
2586         * bytecode/PolymorphicAccess.cpp:
2587         (JSC::AccessCase::generateImpl):
2588
2589 2016-12-06  Joseph Pecoraro  <pecoraro@apple.com>
2590
2591         DumpRenderTree ASSERT in JSC::ExecutableBase::isHostFunction seen on bots
2592         https://bugs.webkit.org/show_bug.cgi?id=165497
2593         <rdar://problem/29538973>
2594
2595         Reviewed by Saam Barati.
2596
2597         * inspector/agents/InspectorScriptProfilerAgent.cpp:
2598         (Inspector::InspectorScriptProfilerAgent::trackingComplete):
2599         Defer collection when extracting and processing the samples to avoid
2600         any objects held by the samples from getting collected while processing.
2601         This is because while processing we call into functions that can
2602         allocate and we must prevent those functions from syncing with the
2603         GC thread which may collect other sample data yet to be processed.
2604
2605 2016-12-06  Alexey Proskuryakov  <ap@apple.com>
2606
2607         Correct SDKROOT values in xcconfig files
2608         https://bugs.webkit.org/show_bug.cgi?id=165487
2609         rdar://problem/29539209
2610
2611         Reviewed by Dan Bernstein.
2612
2613         Fix suggested by Dan Bernstein.
2614
2615         * Configurations/DebugRelease.xcconfig:
2616
2617 2016-12-06  Saam Barati  <sbarati@apple.com>
2618
2619         Remove old Wasm object model
2620         https://bugs.webkit.org/show_bug.cgi?id=165481
2621
2622         Reviewed by Keith Miller and Mark Lam.
2623
2624         It's confusing to see code that consults both the old
2625         Wasm object model alongside the new one. The old object
2626         model is not a thing, and it's not being used. Let's
2627         remove it now to prevent further confusion.
2628
2629         * CMakeLists.txt:
2630         * JavaScriptCore.xcodeproj/project.pbxproj:
2631         * bytecode/CodeBlock.cpp:
2632         (JSC::CodeBlock::finalizeLLIntInlineCaches):
2633         (JSC::CodeBlock::replacement):
2634         (JSC::CodeBlock::computeCapabilityLevel):
2635         (JSC::CodeBlock::updateAllPredictions):
2636         * bytecode/CodeBlock.h:
2637         * bytecode/WebAssemblyCodeBlock.cpp: Removed.
2638         * bytecode/WebAssemblyCodeBlock.h: Removed.
2639         * dfg/DFGCapabilities.cpp:
2640         (JSC::DFG::isSupportedForInlining):
2641         * interpreter/Interpreter.cpp:
2642         (JSC::GetStackTraceFunctor::operator()):
2643         (JSC::UnwindFunctor::operator()):
2644         (JSC::isWebAssemblyExecutable): Deleted.
2645         * jit/JITOperations.cpp:
2646         * jit/Repatch.cpp:
2647         (JSC::linkPolymorphicCall):
2648         * llint/LLIntSlowPaths.cpp:
2649         (JSC::LLInt::setUpCall):
2650         * runtime/ExecutableBase.cpp:
2651         (JSC::ExecutableBase::clearCode):
2652         * runtime/ExecutableBase.h:
2653         (JSC::ExecutableBase::isWebAssemblyExecutable): Deleted.
2654         * runtime/JSFunction.cpp:
2655         * runtime/JSFunction.h:
2656         * runtime/JSFunctionInlines.h:
2657         (JSC::JSFunction::isBuiltinFunction):
2658         * runtime/VM.cpp:
2659         (JSC::VM::VM):
2660         * runtime/VM.h:
2661         * runtime/WebAssemblyExecutable.cpp: Removed.
2662         * runtime/WebAssemblyExecutable.h: Removed.
2663
2664 2016-12-06  JF Bastien  <jfbastien@apple.com>
2665
2666         PureNaN: fix typo
2667         https://bugs.webkit.org/show_bug.cgi?id=165493
2668
2669         Reviewed by Mark Lam.
2670
2671         * runtime/PureNaN.h:
2672
2673 2016-12-06  Mark Lam  <mark.lam@apple.com>
2674
2675         Introduce the concept of Immutable Prototype Exotic Objects to comply with the spec.
2676         https://bugs.webkit.org/show_bug.cgi?id=165227
2677         <rdar://problem/29442665>
2678
2679         Reviewed by Saam Barati.
2680
2681         * runtime/JSObject.cpp:
2682         (JSC::JSObject::setPrototypeWithCycleCheck):
2683         - This is where we check for immutable prototype exotic objects and refuse to set
2684           the prototype if needed.
2685           See https://tc39.github.io/ecma262/#sec-immutable-prototype-exotic-objects.
2686
2687         * runtime/JSTypeInfo.h:
2688         (JSC::TypeInfo::isImmutablePrototypeExoticObject):
2689         * runtime/Structure.h:
2690         - Add flag for declaring immutable prototype exotic objects.
2691
2692         * runtime/ObjectPrototype.h:
2693         - Declare that Object.prototype is an immutable prototype exotic object.
2694           See https://tc39.github.io/ecma262/#sec-properties-of-the-object-prototype-object.
2695
2696         * runtime/ObjectConstructor.cpp:
2697         (JSC::objectConstructorSetPrototypeOf):
2698         - Use better error messages.
2699
2700 2016-12-04  Darin Adler  <darin@apple.com>
2701
2702         Use ASCIICType more, and improve it a little bit
2703         https://bugs.webkit.org/show_bug.cgi?id=165360
2704
2705         Reviewed by Sam Weinig.
2706
2707         * inspector/InspectorValues.cpp:
2708         (Inspector::readHexDigits): Use isASCIIHexDigit.
2709         (Inspector::hextoInt): Deleted.
2710         (decodeString): Use toASCIIHexValue.
2711
2712         * runtime/JSGlobalObjectFunctions.cpp:
2713         (JSC::parseDigit): Use isASCIIDigit, isASCIIUpper, and isASCIILower.
2714
2715         * runtime/StringPrototype.cpp:
2716         (JSC::substituteBackreferencesSlow): Use isASCIIDigit.
2717
2718 2016-12-06  Csaba Osztrogonác  <ossy@webkit.org>
2719
2720         Add storeFence support for ARMv7
2721         https://bugs.webkit.org/show_bug.cgi?id=164733
2722
2723         Reviewed by Saam Barati.
2724
2725         * assembler/ARMAssembler.h:
2726         (JSC::ARMAssembler::dmbISHST): Added.
2727         * assembler/ARMv7Assembler.h: Typo fixed, DMB has only T1 encoding.
2728         (JSC::ARMv7Assembler::dmbSY):
2729         (JSC::ARMv7Assembler::dmbISHST): Added.
2730         * assembler/MacroAssemblerARM.h:
2731         (JSC::MacroAssemblerARM::storeFence):
2732         * assembler/MacroAssemblerARMv7.h:
2733         (JSC::MacroAssemblerARMv7::storeFence):
2734
2735 2016-12-05  Matt Baker  <mattbaker@apple.com>
2736
2737         Web Inspector: remove ASSERT from InspectorDebuggerAgent::derefAsyncCallData
2738         https://bugs.webkit.org/show_bug.cgi?id=165413
2739         <rdar://problem/29517587>
2740
2741         Reviewed by Brian Burg.
2742
2743         DOMTimer::removeById can call into InspectorInstrumentation with an
2744         invalid identifier, so don't assert that async call data exists.
2745
2746         * inspector/agents/InspectorDebuggerAgent.cpp:
2747         (Inspector::InspectorDebuggerAgent::derefAsyncCallData):
2748
2749 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
2750
2751         Fixed a bug in my last patch.
2752
2753         Unreviewed.
2754
2755         * bytecode/UnlinkedFunctionExecutable.h: Restore the conversion to
2756         one-based counting.
2757
2758 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
2759
2760         Moved start and end column linking into helper functions
2761         https://bugs.webkit.org/show_bug.cgi?id=165422
2762
2763         Reviewed by Sam Weinig.
2764
2765         * bytecode/UnlinkedFunctionExecutable.cpp:
2766         (JSC::UnlinkedFunctionExecutable::link):
2767         * bytecode/UnlinkedFunctionExecutable.h:
2768
2769 2016-12-05  Mark Lam  <mark.lam@apple.com>
2770
2771         Fix JSC files so that we can build a release build with NDEBUG #undef'ed.
2772         https://bugs.webkit.org/show_bug.cgi?id=165409
2773
2774         Reviewed by Keith Miller.
2775
2776         This allows us to run a release build with DEBUG ASSERTs enabled.
2777
2778         * bytecode/BytecodeLivenessAnalysis.cpp:
2779         * bytecode/UnlinkedEvalCodeBlock.cpp:
2780         * bytecode/UnlinkedFunctionCodeBlock.cpp:
2781         * bytecode/UnlinkedModuleProgramCodeBlock.cpp:
2782         * bytecode/UnlinkedProgramCodeBlock.cpp:
2783         * runtime/EvalExecutable.cpp:
2784
2785 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
2786
2787         Renamed source => parentSource
2788         https://bugs.webkit.org/show_bug.cgi?id=165419
2789
2790         Reviewed by Saam Barati.
2791
2792         This should help clarify that a FunctionExecutable holds the source
2793         code to its *parent* scope, and not its own SourceCode.
2794
2795         * builtins/BuiltinExecutables.cpp:
2796         (JSC::BuiltinExecutables::createExecutable):
2797         * bytecode/UnlinkedFunctionExecutable.cpp:
2798         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2799         (JSC::UnlinkedFunctionExecutable::link):
2800         * bytecode/UnlinkedFunctionExecutable.h:
2801
2802 2016-12-05  Geoffrey Garen  <ggaren@apple.com>
2803
2804         ScriptExecutable should not contain a copy of firstLine and startColumn
2805         https://bugs.webkit.org/show_bug.cgi?id=165415
2806
2807         Reviewed by Keith Miller.
2808
2809         We already have this data in SourceCode.
2810
2811         It's super confusing to have two copies of this data, where one is
2812         allowed to mutate. In reality, your line and column number never change.
2813
2814         * bytecode/UnlinkedFunctionExecutable.cpp:
2815         (JSC::UnlinkedFunctionExecutable::link):
2816         * runtime/CodeCache.cpp:
2817         (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
2818         * runtime/CodeCache.h:
2819         (JSC::generateUnlinkedCodeBlock):
2820         * runtime/FunctionExecutable.cpp:
2821         (JSC::FunctionExecutable::FunctionExecutable):
2822         * runtime/FunctionExecutable.h:
2823         * runtime/ScriptExecutable.cpp:
2824         (JSC::ScriptExecutable::ScriptExecutable):
2825         (JSC::ScriptExecutable::newCodeBlockFor):
2826         * runtime/ScriptExecutable.h:
2827         (JSC::ScriptExecutable::firstLine):
2828         (JSC::ScriptExecutable::startColumn):
2829         (JSC::ScriptExecutable::recordParse):
2830
2831 2016-12-05  Caitlin Potter  <caitp@igalia.com>
2832
2833         [JSC] report unexpected token when "async" is followed by identifier 
2834         https://bugs.webkit.org/show_bug.cgi?id=165091
2835
2836         Reviewed by Mark Lam.
2837
2838         Report a SyntaxError, in order to report correct error in contexts
2839         an async ArrowFunction cannot occur. Also corrects errors in comment
2840         describing JSTokenType bitfield, which was added in r209293.
2841
2842         * parser/Parser.cpp:
2843         (JSC::Parser<LexerType>::parseMemberExpression):
2844         * parser/ParserTokens.h:
2845
2846 2016-12-05  Keith Miller  <keith_miller@apple.com>
2847
2848         Add Wasm i64 to i32 conversion.
2849         https://bugs.webkit.org/show_bug.cgi?id=165378
2850
2851         Reviewed by Filip Pizlo.
2852
2853         It turns out the wrap operation is just B3's Trunc.
2854
2855         * wasm/wasm.json:
2856
2857 2016-12-05  Joseph Pecoraro  <pecoraro@apple.com>
2858
2859         REGRESSION(r208985): SafariForWebKitDevelopment Symbol Not Found looking for method with WTF::Optional
2860         https://bugs.webkit.org/show_bug.cgi?id=165351
2861
2862         Reviewed by Yusuke Suzuki.
2863
2864         Some versions of Safari expect:
2865
2866             Inspector::BackendDispatcher::reportProtocolError(WTF::Optional<long>, Inspector::BackendDispatcher::CommonErrorCode, WTF::String const&)
2867         
2868         Which we had updated to use std::optional. Expose a version with the original
2869         Symbol for these Safaris. This stub will just call through to the new version.
2870
2871         * inspector/InspectorBackendDispatcher.cpp:
2872         (Inspector::BackendDispatcher::reportProtocolError):
2873         * inspector/InspectorBackendDispatcher.h:
2874
2875 2016-12-05  Konstantin Tokarev  <annulen@yandex.ru>
2876
2877         Add __STDC_FORMAT_MACROS before inttypes.h is included
2878         https://bugs.webkit.org/show_bug.cgi?id=165374
2879
2880         We need formatting macros like PRIu64 to be available in all places where
2881         inttypes.h header is used. All these usages get inttypes.h definitions
2882         via wtf/Assertions.h header, except SQLiteFileSystem.cpp where formatting
2883         macros are not used anymore since r185129.
2884
2885         This patch fixes multiple build errors with MinGW and reduces number of
2886         independent __STDC_FORMAT_MACROS uses in the code base.
2887
2888         Reviewed by Darin Adler.
2889
2890         * disassembler/ARM64/A64DOpcode.cpp: Removed __STDC_FORMAT_MACROS
2891         because it is obtained via Assertions.h now
2892         * disassembler/ARM64Disassembler.cpp: Ditto.
2893
2894 2016-12-04  Keith Miller  <keith_miller@apple.com>
2895
2896         Add support for Wasm ctz and popcnt
2897         https://bugs.webkit.org/show_bug.cgi?id=165369
2898
2899         Reviewed by Saam Barati.
2900
2901         * assembler/MacroAssemblerARM64.h:
2902         (JSC::MacroAssemblerARM64::countTrailingZeros32):
2903         (JSC::MacroAssemblerARM64::countTrailingZeros64):
2904         * assembler/MacroAssemblerX86Common.cpp:
2905         * assembler/MacroAssemblerX86Common.h:
2906         (JSC::MacroAssemblerX86Common::countTrailingZeros32):
2907         (JSC::MacroAssemblerX86Common::supportsBMI1):
2908         (JSC::MacroAssemblerX86Common::ctzAfterBsf):
2909         * assembler/MacroAssemblerX86_64.h:
2910         (JSC::MacroAssemblerX86_64::countTrailingZeros64):
2911         * assembler/X86Assembler.h:
2912         (JSC::X86Assembler::tzcnt_rr):
2913         (JSC::X86Assembler::tzcntq_rr):
2914         (JSC::X86Assembler::bsf_rr):
2915         (JSC::X86Assembler::bsfq_rr):
2916         * wasm/WasmB3IRGenerator.cpp:
2917         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Ctz>):
2918         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Ctz>):
2919         (JSC::Wasm::B3IRGenerator::addOp<OpType::I32Popcnt>):
2920         (JSC::Wasm::B3IRGenerator::addOp<OpType::I64Popcnt>):
2921         * wasm/WasmFunctionParser.h:
2922         (JSC::Wasm::FunctionParser<Context>::parseExpression):
2923
2924 2016-12-04  Saam Barati  <sbarati@apple.com>
2925
2926         We should have a Wasm callee
2927         https://bugs.webkit.org/show_bug.cgi?id=165163
2928
2929         Reviewed by Keith Miller.
2930
2931         This patch adds JSWebAssemblyCallee and stores it into the
2932         callee slot in the call frame as part of the prologue of a
2933         wasm function. This is the first step in implementing
2934         unwinding from/through wasm frames. We will use the callee
2935         to identify that a machine frame belongs to wasm code.
2936
2937         * CMakeLists.txt:
2938         * JavaScriptCore.xcodeproj/project.pbxproj:
2939         * jsc.cpp:
2940         (callWasmFunction):
2941         (functionTestWasmModuleFunctions):
2942         * llint/LowLevelInterpreter64.asm:
2943         * runtime/JSGlobalObject.cpp:
2944         * runtime/VM.cpp:
2945         (JSC::VM::VM):
2946         * runtime/VM.h:
2947         * wasm/JSWebAssembly.h:
2948         * wasm/WasmB3IRGenerator.cpp:
2949         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
2950         (JSC::Wasm::parseAndCompile):
2951         * wasm/WasmCallingConvention.h:
2952         (JSC::Wasm::CallingConvention::setupFrameInPrologue):
2953         * wasm/WasmFormat.h:
2954         * wasm/WasmPlan.cpp:
2955         (JSC::Wasm::Plan::initializeCallees):
2956         * wasm/WasmPlan.h:
2957         (JSC::Wasm::Plan::compiledFunction):
2958         (JSC::Wasm::Plan::getCompiledFunctions): Deleted.
2959         * wasm/js/JSWebAssemblyCallee.cpp: Added.
2960         (JSC::JSWebAssemblyCallee::JSWebAssemblyCallee):
2961         (JSC::JSWebAssemblyCallee::finishCreation):
2962         (JSC::JSWebAssemblyCallee::destroy):
2963         * wasm/js/JSWebAssemblyCallee.h: Added.
2964         (JSC::JSWebAssemblyCallee::create):
2965         (JSC::JSWebAssemblyCallee::createStructure):
2966         (JSC::JSWebAssemblyCallee::jsEntryPoint):
2967         * wasm/js/JSWebAssemblyModule.cpp:
2968         (JSC::JSWebAssemblyModule::create):
2969         (JSC::JSWebAssemblyModule::JSWebAssemblyModule):
2970         (JSC::JSWebAssemblyModule::visitChildren):
2971         * wasm/js/JSWebAssemblyModule.h:
2972         (JSC::JSWebAssemblyModule::moduleInformation):
2973         (JSC::JSWebAssemblyModule::callee):
2974         (JSC::JSWebAssemblyModule::callees):
2975         (JSC::JSWebAssemblyModule::offsetOfCallees):
2976         (JSC::JSWebAssemblyModule::allocationSize):
2977         (JSC::JSWebAssemblyModule::compiledFunctions): Deleted.
2978         * wasm/js/WebAssemblyFunction.cpp:
2979         (JSC::callWebAssemblyFunction):
2980         (JSC::WebAssemblyFunction::create):
2981         (JSC::WebAssemblyFunction::visitChildren):
2982         (JSC::WebAssemblyFunction::finishCreation):
2983         * wasm/js/WebAssemblyFunction.h:
2984         (JSC::WebAssemblyFunction::webAssemblyCallee):
2985         (JSC::WebAssemblyFunction::instance):
2986         (JSC::WebAssemblyFunction::signature):
2987         (JSC::CallableWebAssemblyFunction::CallableWebAssemblyFunction): Deleted.
2988         (JSC::WebAssemblyFunction::webAssemblyFunctionCell): Deleted.
2989         * wasm/js/WebAssemblyFunctionCell.cpp:
2990         (JSC::WebAssemblyFunctionCell::create): Deleted.
2991         (JSC::WebAssemblyFunctionCell::WebAssemblyFunctionCell): Deleted.
2992         (JSC::WebAssemblyFunctionCell::destroy): Deleted.
2993         (JSC::WebAssemblyFunctionCell::createStructure): Deleted.
2994         * wasm/js/WebAssemblyFunctionCell.h:
2995         (JSC::WebAssemblyFunctionCell::function): Deleted.
2996         * wasm/js/WebAssemblyModuleConstructor.cpp:
2997         (JSC::constructJSWebAssemblyModule):
2998         * wasm/js/WebAssemblyModuleRecord.cpp:
2999         (JSC::WebAssemblyModuleRecord::link):
3000
3001 2016-12-04  Matt Baker  <mattbaker@apple.com>
3002
3003         Web Inspector: Assertion Failures breakpoint should respect global Breakpoints enabled setting
3004         https://bugs.webkit.org/show_bug.cgi?id=165277
3005         <rdar://problem/29467098>
3006
3007         Reviewed by Mark Lam.
3008
3009         * inspector/agents/InspectorDebuggerAgent.cpp:
3010         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
3011         Check that breakpoints are active before pausing.
3012
3013 2016-12-03  Yusuke Suzuki  <utatane.tea@gmail.com>
3014
3015         Refactor SymbolImpl layout
3016         https://bugs.webkit.org/show_bug.cgi?id=165247
3017
3018         Reviewed by Darin Adler.
3019
3020         Use SymbolImpl::{create, createNullSymbol} instead.
3021
3022         * runtime/PrivateName.h:
3023         (JSC::PrivateName::PrivateName):
3024
3025 2016-12-03  JF Bastien  <jfbastien@apple.com>
3026
3027         WebAssembly: update binary format to 0xD version
3028         https://bugs.webkit.org/show_bug.cgi?id=165345
3029
3030         Reviewed by Keith Miller.
3031
3032         As described in the following PR: https://github.com/WebAssembly/design/pull/836
3033         Originally committed in r209175, reverted in r209242, and fixed in r209284.
3034
3035         * wasm/WasmB3IRGenerator.cpp:
3036         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
3037         (JSC::Wasm::B3IRGenerator::zeroForType):
3038         (JSC::Wasm::B3IRGenerator::addConstant):
3039         (JSC::Wasm::createJSWrapper):
3040         * wasm/WasmCallingConvention.h:
3041         (JSC::Wasm::CallingConvention::marshallArgument):
3042         * wasm/WasmFormat.cpp:
3043         (JSC::Wasm::toString): Deleted.
3044         * wasm/WasmFormat.h:
3045         (JSC::Wasm::isValueType):
3046         (JSC::Wasm::toB3Type): Deleted.
3047         * wasm/WasmFunctionParser.h:
3048         (JSC::Wasm::FunctionParser<Context>::parseExpression):
3049         * wasm/WasmModuleParser.cpp:
3050         (JSC::Wasm::ModuleParser::parse):
3051         (JSC::Wasm::ModuleParser::parseType):
3052         * wasm/WasmModuleParser.h:
3053         * wasm/WasmParser.h:
3054         (JSC::Wasm::Parser::parseResultType):
3055         * wasm/generateWasm.py:
3056         (Wasm.__init__):
3057         * wasm/generateWasmOpsHeader.py:
3058         (cppMacro):
3059         (typeMacroizer):
3060         (opcodeMacroizer):
3061         * wasm/js/WebAssemblyFunction.cpp:
3062         (JSC::callWebAssemblyFunction):
3063         * wasm/wasm.json:
3064
3065 2016-12-02  Keith Miller  <keith_miller@apple.com>
3066
3067         Add Wasm copysign
3068         https://bugs.webkit.org/show_bug.cgi?id=165355
3069
3070         Reviewed by Filip Pizlo.
3071
3072         This patch also makes two other important changes:
3073
3074         1) allows for i64 constants in the B3 generator language.
3075         2) Fixes a bug with F64ConvertUI64 where the operation returned a Float instead
3076            of a Double in B3.
3077
3078         * wasm/WasmB3IRGenerator.cpp:
3079         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
3080         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
3081         (CodeGenerator.generateOpcode):
3082         (generateConstCode):
3083         (generateI32ConstCode): Deleted.
3084         * wasm/wasm.json:
3085
3086 2016-12-03  Commit Queue  <commit-queue@webkit.org>
3087
3088         Unreviewed, rolling out r209298.
3089         https://bugs.webkit.org/show_bug.cgi?id=165359
3090
3091         broke the build (Requested by smfr on #webkit).
3092
3093         Reverted changeset:
3094
3095         "Add Wasm copysign"
3096         https://bugs.webkit.org/show_bug.cgi?id=165355
3097         http://trac.webkit.org/changeset/209298
3098
3099 2016-12-02  Keith Miller  <keith_miller@apple.com>
3100
3101         Add Wasm copysign
3102         https://bugs.webkit.org/show_bug.cgi?id=165355
3103
3104         Reviewed by Filip Pizlo.
3105
3106         This patch also makes two other important changes:
3107
3108         1) allows for i64 constants in the B3 generator language.
3109         2) Fixes a bug with F64ConvertUI64 where the operation returned a Float instead
3110            of a Double in B3.
3111
3112         * wasm/WasmB3IRGenerator.cpp:
3113         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
3114         * wasm/generateWasmB3IRGeneratorInlinesHeader.py:
3115         (CodeGenerator.generateOpcode):
3116         (generateConstCode):
3117         (generateI32ConstCode): Deleted.
3118         * wasm/wasm.json:
3119
3120 2016-12-02  Keith Miller  <keith_miller@apple.com>
3121
3122         Unreviewed, fix git having a breakdown over trying to reland a rollout.
3123
3124 2016-12-02  Keith Miller  <keith_miller@apple.com>
3125
3126         Add Wasm floating point nearest and trunc
3127         https://bugs.webkit.org/show_bug.cgi?id=165339
3128
3129         Reviewed by Saam Barati.
3130
3131         This patch also allows any wasm primitive type to be passed as a
3132         string.
3133
3134         * assembler/MacroAssemblerARM64.h:
3135         (JSC::MacroAssemblerARM64::nearestIntDouble):
3136         (JSC::MacroAssemblerARM64::nearestIntFloat):
3137         (JSC::MacroAssemblerARM64::truncDouble):
3138         (JSC::MacroAssemblerARM64::truncFloat):
3139         * assembler/MacroAssemblerX86Common.h:
3140         (JSC::MacroAssemblerX86Common::nearestIntDouble):
3141         (JSC::MacroAssemblerX86Common::nearestIntFloat):
3142         * jsc.cpp:
3143         (box):
3144         * wasm/WasmB3IRGenerator.cpp:
3145         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
3146         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
3147         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Nearest>):
3148         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Nearest>):
3149         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Trunc>):
3150         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Trunc>):
3151         * wasm/WasmFunctionParser.h:
3152         (JSC::Wasm::FunctionParser<Context>::parseExpression):
3153
3154 2016-12-02  Caitlin Potter  <caitp@igalia.com>
3155
3156 [JSC] add additional bit to JSTokenType bitfield
3157         https://bugs.webkit.org/show_bug.cgi?id=165091
3158
3159         Reviewed by Geoffrey Garen.
3160
3161         Avoid overflow which causes keyword tokens to be treated as unary
3162         tokens now that "async" is tokenized as a keyword, by granting an
3163         additional 64 bits to be occupied by token IDs.
3164
3165         * parser/ParserTokens.h:
3166
3167 2016-12-02  Andy Estes  <aestes@apple.com>
3168
3169         [Cocoa] Adopt the PRODUCT_BUNDLE_IDENTIFIER build setting
3170         https://bugs.webkit.org/show_bug.cgi?id=164492
3171
3172         Reviewed by Dan Bernstein.
3173
3174         * Configurations/JavaScriptCore.xcconfig: Set PRODUCT_BUNDLE_IDENTIFIER to
3175         com.apple.$(PRODUCT_NAME:rfc1034identifier).
3176         * Info.plist: Changed CFBundleIdentifier's value from com.apple.${PRODUCT_NAME} to
3177         ${PRODUCT_BUNDLE_IDENTIFIER}.
3178
3179 2016-12-02  JF Bastien  <jfbastien@apple.com>
3180
3181         WebAssembly: mark WasmOps.h as private
3182         https://bugs.webkit.org/show_bug.cgi?id=165335
3183
3184         Reviewed by Mark Lam.
3185
3186         * JavaScriptCore.xcodeproj/project.pbxproj: WasmOps.h will be used by non-JSC and should therefore be private
3187
3188 2016-12-02  Commit Queue  <commit-queue@webkit.org>
3189
3190         Unreviewed, rolling out r209275 and r209276.
3191         https://bugs.webkit.org/show_bug.cgi?id=165348
3192
3193         "broke the arm build" (Requested by keith_miller on #webkit).
3194
3195         Reverted changesets:
3196
3197         "Add Wasm floating point nearest and trunc"
3198         https://bugs.webkit.org/show_bug.cgi?id=165339
3199         http://trac.webkit.org/changeset/209275
3200
3201         "Unreviewed, forgot to change instruction after renaming."
3202         http://trac.webkit.org/changeset/209276
3203
3204 2016-12-02  Keith Miller  <keith_miller@apple.com>
3205
3206         Unreviewed, forgot to change instruction after renaming.
3207
3208         * assembler/MacroAssemblerARM64.h:
3209         (JSC::MacroAssemblerARM64::nearestIntDouble):
3210         (JSC::MacroAssemblerARM64::nearestIntFloat):
3211
3212 2016-12-02  Keith Miller  <keith_miller@apple.com>
3213
3214         Add Wasm floating point nearest and trunc
3215         https://bugs.webkit.org/show_bug.cgi?id=165339
3216
3217         Reviewed by Filip Pizlo.
3218
3219         This patch also allows any wasm primitive type to be passed as a
3220         string.
3221
3222         * assembler/MacroAssemblerARM64.h:
3223         (JSC::MacroAssemblerARM64::nearestIntDouble):
3224         (JSC::MacroAssemblerARM64::nearestIntFloat):
3225         (JSC::MacroAssemblerARM64::truncDouble):
3226         (JSC::MacroAssemblerARM64::truncFloat):
3227         * assembler/MacroAssemblerX86Common.h:
3228         (JSC::MacroAssemblerX86Common::nearestIntDouble):
3229         (JSC::MacroAssemblerX86Common::nearestIntFloat):
3230         * jsc.cpp:
3231         (box):
3232         * wasm/WasmB3IRGenerator.cpp:
3233         (JSC::Wasm::B3IRGenerator::addOp<F64ConvertUI64>):
3234         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32ConvertUI64>):
3235         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Nearest>):
3236         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Nearest>):
3237         (JSC::Wasm::B3IRGenerator::addOp<OpType::F64Trunc>):
3238         (JSC::Wasm::B3IRGenerator::addOp<OpType::F32Trunc>):
3239         * wasm/WasmFunctionParser.h:
3240         (JSC::Wasm::FunctionParser<Context>::parseExpression):
3241
3242 2016-12-02  JF Bastien  <jfbastien@apple.com>
3243
3244         WebAssembly: revert patch causing odd breakage
3245         https://bugs.webkit.org/show_bug.cgi?id=165308
3246
3247         Unreviewed.
3248
3249         Bug #164724 seems to cause build issues which I haven't tracked down yet. WasmOps.h can't be found:
3250         ./Source/JavaScriptCore/wasm/WasmFormat.h:34:10: fatal error: 'WasmOps.h' file not found
3251
3252         It's weird since the file is auto-generated and has been for a while. #164724 merely includes it in WasmFormat.h.
3253
3254         * wasm/WasmB3IRGenerator.cpp:
3255         (JSC::Wasm::B3IRGenerator::B3IRGenerator):
3256         (JSC::Wasm::B3IRGenerator::zeroForType):
3257         (JSC::Wasm::B3IRGenerator::addConstant):
3258         (JSC::Wasm::createJSWrapper):
3259         * wasm/WasmCallingConvention.h:
3260         (JSC::Wasm::CallingConvention::marshallArgument):
3261         * wasm/WasmFormat.cpp:
3262         (JSC::Wasm::toString):
3263         * wasm/WasmFormat.h:
3264         (JSC::Wasm::toB3Type):
3265         * wasm/WasmFunctionParser.h:
3266         (JSC::Wasm::FunctionParser<Context>::parseExpression):
3267         * wasm/WasmModuleParser.cpp:
3268         (JSC::Wasm::ModuleParser::parse):
3269         (JSC::Wasm::ModuleParser::parseType):
3270         * wasm/WasmModuleParser.h:
3271         * wasm/WasmParser.h:
3272         (JSC::Wasm::Parser::parseResultType):
3273         * wasm/generateWasm.py:
3274         (Wasm.__init__):
3275         * wasm/generateWasmOpsHeader.py:
3276         (cppMacro):
3277         (opcodeMacroizer):
3278         (typeMacroizer): Deleted.
3279         * wasm/js/WebAssemblyFunction.cpp:
3280         (JSC::callWebAssemblyFunction):
3281         * wasm/wasm.json:
3282
3283 2016-12-01  Brian Burg  <bburg@apple.com>
3284
3285         Remote Inspector: fix weird typo in generated ObjC protocol type initializer implementations
3286         https://bugs.webkit.org/show_bug.cgi?id=165295
3287         <rdar://problem/29427778>
3288
3289         Reviewed by Joseph Pecoraro.
3290
3291         Remove a stray semicolon appended after custom initializer signatures.
3292         This is a syntax error when building with less lenient compiler warnings.
3293
3294         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
3295         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
3296         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3297         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3298         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3299         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3300         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3301         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3302         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3303
3304 2016-12-01  Saam Barati  <sbarati@apple.com>
3305
3306         Rename CallFrame::callee() to CallFrame::jsCallee()
3307         https://bugs.webkit.org/show_bug.cgi?id=165293
3308
3309         Reviewed by Keith Miller.
3310
3311         Wasm will soon have its own Callee that doesn't derive
3312         from JSObject, but derives from JSCell. I want to introduce
3313         a new function like:
3314         ```
3315         CalleeBase* CallFrame::callee()
3316         ```
3317         
3318         once we have a Wasm callee. It only makes sense to name that
3319         function callee() and rename the current one turn to:
3320         ```
3321         JSObject* CallFrame::jsCallee()
3322         ```
3323
3324         * API/APICallbackFunction.h:
3325         (JSC::APICallbackFunction::call):
3326         (JSC::APICallbackFunction::construct):
3327         * API/JSCallbackObjectFunctions.h:
3328         (JSC::JSCallbackObject<Parent>::construct):
3329         (JSC::JSCallbackObject<Parent>::call):
3330         * debugger/DebuggerCallFrame.cpp:
3331         (JSC::DebuggerCallFrame::scope):
3332         (JSC::DebuggerCallFrame::type):
3333         * interpreter/CallFrame.cpp:
3334         (JSC::CallFrame::friendlyFunctionName):
3335         * interpreter/CallFrame.h:
3336         (JSC::ExecState::jsCallee):
3337         (JSC::ExecState::callee): Deleted.
3338         * interpreter/Interpreter.cpp:
3339         (JSC::Interpreter::dumpRegisters):
3340         (JSC::notifyDebuggerOfUnwinding):
3341         * interpreter/ShadowChicken.cpp:
3342         (JSC::ShadowChicken::update):
3343         * interpreter/StackVisitor.cpp:
3344         (JSC::StackVisitor::readNonInlinedFrame):
3345         * llint/LLIntSlowPaths.cpp:
3346         (JSC::LLInt::traceFunctionPrologue):
3347         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3348         * runtime/ArrayConstructor.cpp:
3349         (JSC::constructArrayWithSizeQuirk):
3350         * runtime/AsyncFunctionConstructor.cpp:
3351         (JSC::callAsyncFunctionConstructor):
3352         (JSC::constructAsyncFunctionConstructor):
3353         * runtime/BooleanConstructor.cpp:
3354         (JSC::constructWithBooleanConstructor):
3355         * runtime/ClonedArguments.cpp:
3356         (JSC::ClonedArguments::createWithInlineFrame):
3357         * runtime/CommonSlowPaths.h:
3358         (JSC::CommonSlowPaths::arityCheckFor):
3359         * runtime/DateConstructor.cpp:
3360         (JSC::constructWithDateConstructor):
3361         * runtime/DirectArguments.cpp:
3362         (JSC::DirectArguments::createByCopying):
3363         * runtime/Error.h:
3364         (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
3365         (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
3366         * runtime/ErrorConstructor.cpp:
3367         (JSC::Interpreter::constructWithErrorConstructor):
3368         (JSC::Interpreter::callErrorConstructor):
3369         * runtime/FunctionConstructor.cpp:
3370         (JSC::constructWithFunctionConstructor):
3371         (JSC::callFunctionConstructor):
3372         * runtime/GeneratorFunctionConstructor.cpp:
3373         (JSC::callGeneratorFunctionConstructor):
3374         (JSC::constructGeneratorFunctionConstructor):
3375         * runtime/InternalFunction.cpp:
3376         (JSC::InternalFunction::createSubclassStructure):
3377         * runtime/IntlCollator.cpp:
3378         (JSC::IntlCollator::initializeCollator):
3379         * runtime/IntlCollatorConstructor.cpp:
3380         (JSC::constructIntlCollator):
3381         (JSC::callIntlCollator):
3382         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
3383         * runtime/IntlDateTimeFormat.cpp:
3384         (JSC::IntlDateTimeFormat::initializeDateTimeFormat):
3385         * runtime/IntlDateTimeFormatConstructor.cpp:
3386         (JSC::constructIntlDateTimeFormat):
3387         (JSC::callIntlDateTimeFormat):
3388         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
3389         * runtime/IntlNumberFormat.cpp:
3390         (JSC::IntlNumberFormat::initializeNumberFormat):
3391         * runtime/IntlNumberFormatConstructor.cpp:
3392         (JSC::constructIntlNumberFormat):
3393         (JSC::callIntlNumberFormat):
3394         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
3395         * runtime/IntlObject.cpp:
3396         (JSC::canonicalizeLocaleList):
3397         (JSC::defaultLocale):
3398         (JSC::lookupSupportedLocales):
3399         (JSC::intlObjectFuncGetCanonicalLocales):
3400         * runtime/JSArrayBufferConstructor.cpp:
3401         (JSC::constructArrayBuffer):
3402         * runtime/JSArrayBufferPrototype.cpp:
3403         (JSC::arrayBufferProtoFuncSlice):
3404         * runtime/JSBoundFunction.cpp:
3405         (JSC::boundThisNoArgsFunctionCall):
3406         (JSC::boundFunctionCall):
3407         (JSC::boundThisNoArgsFunctionConstruct):
3408         (JSC::boundFunctionConstruct):
3409         * runtime/JSCellInlines.h:
3410         (JSC::ExecState::vm):
3411         * runtime/JSCustomGetterSetterFunction.cpp:
3412         (JSC::JSCustomGetterSetterFunction::customGetterSetterFunctionCall):
3413         * runtime/JSFunction.cpp:
3414         (JSC::callHostFunctionAsConstructor):
3415         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
3416         (JSC::constructGenericTypedArrayView):
3417         * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
3418         (JSC::genericTypedArrayViewProtoFuncSlice):
3419         (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
3420         * runtime/JSGlobalObjectFunctions.cpp:
3421         (JSC::globalFuncEval):
3422         * runtime/JSInternalPromiseConstructor.cpp:
3423         (JSC::constructPromise):
3424         * runtime/JSMapIterator.cpp:
3425         (JSC::JSMapIterator::createPair):
3426         (JSC::JSMapIterator::clone):
3427         * runtime/JSNativeStdFunction.cpp:
3428         (JSC::runStdFunction):
3429         * runtime/JSPromiseConstructor.cpp:
3430         (JSC::constructPromise):
3431         * runtime/JSPropertyNameIterator.cpp:
3432         (JSC::JSPropertyNameIterator::clone):
3433         * runtime/JSScope.h:
3434         (JSC::ExecState::lexicalGlobalObject):
3435         * runtime/JSSetIterator.cpp:
3436         (JSC::JSSetIterator::createPair):
3437         (JSC::JSSetIterator::clone):
3438         * runtime/JSStringIterator.cpp:
3439         (JSC::JSStringIterator::clone):
3440         * runtime/MapConstructor.cpp:
3441         (JSC::constructMap):
3442         * runtime/MapPrototype.cpp:
3443         (JSC::mapProtoFuncValues):
3444         (JSC::mapProtoFuncEntries):
3445         (JSC::mapProtoFuncKeys):