[JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass
authorutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 18 May 2017 04:59:38 +0000 (04:59 +0000)
committerutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 18 May 2017 04:59:38 +0000 (04:59 +0000)
commitcbd903d95b522c939687b435c242e56224b9bf32
treef6df89761b06b554c5dcaf16e696b229f6441331
parent48b85e9f2caaa9760c02414f7846f1e0aa346dd6
[JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass
https://bugs.webkit.org/show_bug.cgi?id=172098

Reviewed by Saam Barati.

JSTests:

* stress/check-sub-class.js: Added.
(shouldBe):
(shouldThrow):
(calling):
(array.forEach):
(i.array.forEach):

Source/JavaScriptCore:

In this patch, we generalize CheckDOM to CheckSubClass.
It can accept any ClassInfo and perform ClassInfo check
in DFG / FTL. Now, we add a new function pointer to ClassInfo,
checkSubClassPatchpoint. It can create DOMJIT patchpoint
for that ClassInfo. It it natural that ClassInfo holds the
way to emit DOMJIT::Patchpoint to perform CheckSubClass
rather than having it in each DOMJIT getter / function
signature annotation.

One problem is that it enlarges the size of ClassInfo.
But this is the best place to put this function pointer.
By doing so, we can add a patchpoint for CheckSubClass
in an non-intrusive manner: WebCore can inject patchpoints
without interactive JSC.

We still have a way to reduce the size of ClassInfo if
we move ArrayBuffer related methods out to the other places.

This patch touches many files because we add a new function
pointer to ClassInfo. But they are basically mechanical change.

* API/JSAPIWrapperObject.mm:
* API/JSCallbackConstructor.cpp:
* API/JSCallbackFunction.cpp:
* API/JSCallbackObject.cpp:
* API/ObjCCallbackFunction.mm:
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
* bytecode/DOMJITAccessCasePatchpointParams.h:
(JSC::DOMJITAccessCasePatchpointParams::DOMJITAccessCasePatchpointParams):
* bytecode/EvalCodeBlock.cpp:
* bytecode/FunctionCodeBlock.cpp:
* bytecode/GetterSetterAccessCase.cpp:
(JSC::GetterSetterAccessCase::emitDOMJITGetter):
* bytecode/ModuleProgramCodeBlock.cpp:
* bytecode/ProgramCodeBlock.cpp:
* bytecode/UnlinkedCodeBlock.cpp:
* bytecode/UnlinkedEvalCodeBlock.cpp:
* bytecode/UnlinkedFunctionCodeBlock.cpp:
* bytecode/UnlinkedFunctionExecutable.cpp:
* bytecode/UnlinkedModuleProgramCodeBlock.cpp:
* bytecode/UnlinkedProgramCodeBlock.cpp:
* debugger/DebuggerScope.cpp:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDOMJITPatchpointParams.h:
(JSC::DFG::DOMJITPatchpointParams::DOMJITPatchpointParams):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeCallDOM):
(JSC::DFG::FixupPhase::fixupCheckSubClass):
(JSC::DFG::FixupPhase::fixupCheckDOM): Deleted.
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasClassInfo):
(JSC::DFG::Node::classInfo):
(JSC::DFG::Node::hasCheckDOMPatchpoint): Deleted.
(JSC::DFG::Node::checkDOMPatchpoint): Deleted.
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCheckSubClass):
(JSC::DFG::SpeculativeJIT::compileCheckDOM): Deleted.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::vm):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
In DFG, we rename CheckDOM to CheckSubClass. It just holds ClassInfo.
And ClassInfo knows how to perform CheckSubClass efficiently.
If ClassInfo does not have a way to perform CheckSubClass efficiently,
we just perform jsDynamicCast thing in ASM.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* domjit/DOMJITGetterSetter.h:
* domjit/DOMJITPatchpointParams.h:
(JSC::DOMJIT::PatchpointParams::PatchpointParams):
(JSC::DOMJIT::PatchpointParams::vm):
* domjit/DOMJITSignature.h:
(JSC::DOMJIT::Signature::Signature):
(JSC::DOMJIT::Signature::checkDOM): Deleted.
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLDOMJITPatchpointParams.h:
(JSC::FTL::DOMJITPatchpointParams::DOMJITPatchpointParams):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckDOM): Deleted.
* inspector/JSInjectedScriptHost.cpp:
* inspector/JSInjectedScriptHostPrototype.cpp:
* inspector/JSJavaScriptCallFrame.cpp:
* inspector/JSJavaScriptCallFramePrototype.cpp:
* jsc.cpp:
(WTF::DOMJITNode::checkSubClassPatchpoint):
(WTF::DOMJITFunctionObject::checkSubClassPatchpoint):
(WTF::DOMJITFunctionObject::finishCreation):
(WTF::DOMJITCheckSubClassObject::DOMJITCheckSubClassObject):
(WTF::DOMJITCheckSubClassObject::createStructure):
(WTF::DOMJITCheckSubClassObject::create):
(WTF::DOMJITCheckSubClassObject::safeFunction):
(WTF::DOMJITCheckSubClassObject::unsafeFunction):
(WTF::DOMJITCheckSubClassObject::finishCreation):
(GlobalObject::finishCreation):
(functionCreateDOMJITCheckSubClassObject):
(WTF::DOMJITNode::checkDOMJITNode): Deleted.
(WTF::DOMJITFunctionObject::checkDOMJITNode): Deleted.
* runtime/AbstractModuleRecord.cpp:
* runtime/ArrayBufferNeuteringWatchpoint.cpp:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayIteratorPrototype.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/AsyncFunctionConstructor.cpp:
* runtime/AsyncFunctionPrototype.cpp:
* runtime/AtomicsObject.cpp:
* runtime/BooleanConstructor.cpp:
* runtime/BooleanObject.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/ClassInfo.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
(JSC::ClassInfo::dump):
* runtime/ClassInfo.h:
(JSC::ClassInfo::offsetOfParentClass):
* runtime/ClonedArguments.cpp:
* runtime/ConsoleObject.cpp:
* runtime/CustomGetterSetter.cpp:
* runtime/DateConstructor.cpp:
* runtime/DateInstance.cpp:
* runtime/DatePrototype.cpp:
* runtime/DirectArguments.cpp:
* runtime/Error.cpp:
* runtime/ErrorConstructor.cpp:
* runtime/ErrorInstance.cpp:
* runtime/ErrorPrototype.cpp:
* runtime/EvalExecutable.cpp:
* runtime/Exception.cpp:
* runtime/ExceptionHelpers.cpp:
* runtime/ExecutableBase.cpp:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionExecutable.cpp:
* runtime/FunctionPrototype.cpp:
* runtime/FunctionRareData.cpp:
* runtime/GeneratorFunctionConstructor.cpp:
* runtime/GeneratorFunctionPrototype.cpp:
* runtime/GeneratorPrototype.cpp:
* runtime/GetterSetter.cpp:
* runtime/HashMapImpl.cpp:
* runtime/HashMapImpl.h:
* runtime/InferredType.cpp:
(JSC::InferredType::create):
* runtime/InferredTypeTable.cpp:
* runtime/InferredValue.cpp:
* runtime/InspectorInstrumentationObject.cpp:
* runtime/InternalFunction.cpp:
* runtime/IntlCollator.cpp:
* runtime/IntlCollatorConstructor.cpp:
* runtime/IntlCollatorPrototype.cpp:
* runtime/IntlDateTimeFormat.cpp:
* runtime/IntlDateTimeFormatConstructor.cpp:
* runtime/IntlDateTimeFormatPrototype.cpp:
* runtime/IntlNumberFormat.cpp:
* runtime/IntlNumberFormatConstructor.cpp:
* runtime/IntlNumberFormatPrototype.cpp:
* runtime/IntlObject.cpp:
* runtime/IteratorPrototype.cpp:
* runtime/JSAPIValueWrapper.cpp:
* runtime/JSArray.cpp:
* runtime/JSArrayBuffer.cpp:
* runtime/JSArrayBufferConstructor.cpp:
* runtime/JSArrayBufferPrototype.cpp:
* runtime/JSArrayBufferView.cpp:
* runtime/JSAsyncFunction.cpp:
* runtime/JSBoundFunction.cpp:
* runtime/JSCallee.cpp:
* runtime/JSCustomGetterSetterFunction.cpp:
* runtime/JSDataView.cpp:
* runtime/JSDataViewPrototype.cpp:
* runtime/JSEnvironmentRecord.cpp:
* runtime/JSFixedArray.cpp:
* runtime/JSFunction.cpp:
* runtime/JSGeneratorFunction.cpp:
* runtime/JSGlobalLexicalEnvironment.cpp:
* runtime/JSGlobalObject.cpp:
* runtime/JSInternalPromise.cpp:
* runtime/JSInternalPromiseConstructor.cpp:
* runtime/JSInternalPromiseDeferred.cpp:
* runtime/JSInternalPromisePrototype.cpp:
* runtime/JSLexicalEnvironment.cpp:
* runtime/JSMap.cpp:
* runtime/JSMapIterator.cpp:
* runtime/JSModuleEnvironment.cpp:
* runtime/JSModuleLoader.cpp:
* runtime/JSModuleNamespaceObject.cpp:
* runtime/JSModuleRecord.cpp:
* runtime/JSNativeStdFunction.cpp:
* runtime/JSONObject.cpp:
* runtime/JSObject.cpp:
* runtime/JSPromise.cpp:
* runtime/JSPromiseConstructor.cpp:
* runtime/JSPromiseDeferred.cpp:
* runtime/JSPromisePrototype.cpp:
* runtime/JSPropertyNameEnumerator.cpp:
* runtime/JSPropertyNameIterator.cpp:
* runtime/JSProxy.cpp:
* runtime/JSScriptFetcher.cpp:
* runtime/JSSet.cpp:
* runtime/JSSetIterator.cpp:
* runtime/JSSourceCode.cpp:
* runtime/JSString.cpp:
* runtime/JSStringIterator.cpp:
* runtime/JSSymbolTableObject.cpp:
* runtime/JSTemplateRegistryKey.cpp:
* runtime/JSTypedArrayConstructors.cpp:
* runtime/JSTypedArrayPrototypes.cpp:
* runtime/JSTypedArrayViewConstructor.cpp:
* runtime/JSTypedArrays.cpp:
* runtime/JSWeakMap.cpp:
* runtime/JSWeakSet.cpp:
* runtime/JSWithScope.cpp:
* runtime/MapConstructor.cpp:
* runtime/MapIteratorPrototype.cpp:
* runtime/MapPrototype.cpp:
* runtime/MathObject.cpp:
* runtime/ModuleLoaderPrototype.cpp:
* runtime/ModuleProgramExecutable.cpp:
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeExecutable.cpp:
* runtime/NativeStdFunctionCell.cpp:
* runtime/NullGetterFunction.cpp:
* runtime/NullSetterFunction.cpp:
* runtime/NumberConstructor.cpp:
* runtime/NumberObject.cpp:
* runtime/NumberPrototype.cpp:
* runtime/ObjectConstructor.cpp:
* runtime/ObjectPrototype.cpp:
* runtime/ProgramExecutable.cpp:
* runtime/PropertyTable.cpp:
* runtime/ProxyConstructor.cpp:
* runtime/ProxyObject.cpp:
* runtime/ProxyRevoke.cpp:
* runtime/ReflectObject.cpp:
* runtime/RegExp.cpp:
* runtime/RegExpConstructor.cpp:
* runtime/RegExpObject.cpp:
* runtime/RegExpPrototype.cpp:
* runtime/ScopedArguments.cpp:
* runtime/ScopedArgumentsTable.cpp:
* runtime/ScriptExecutable.cpp:
* runtime/SetConstructor.cpp:
* runtime/SetIteratorPrototype.cpp:
* runtime/SetPrototype.cpp:
* runtime/SparseArrayValueMap.cpp:
* runtime/StrictEvalActivation.cpp:
* runtime/StringConstructor.cpp:
* runtime/StringIteratorPrototype.cpp:
* runtime/StringObject.cpp:
* runtime/StringPrototype.cpp:
* runtime/Structure.cpp:
* runtime/StructureChain.cpp:
* runtime/StructureRareData.cpp:
* runtime/Symbol.cpp:
* runtime/SymbolConstructor.cpp:
* runtime/SymbolObject.cpp:
* runtime/SymbolPrototype.cpp:
* runtime/SymbolTable.cpp:
* runtime/WeakMapConstructor.cpp:
* runtime/WeakMapData.cpp:
* runtime/WeakMapPrototype.cpp:
* runtime/WeakSetConstructor.cpp:
* runtime/WeakSetPrototype.cpp:
* testRegExp.cpp:
* tools/JSDollarVM.cpp:
* tools/JSDollarVMPrototype.cpp:
* wasm/JSWebAssembly.cpp:
* wasm/js/JSWebAssemblyCodeBlock.cpp:
* wasm/js/JSWebAssemblyCompileError.cpp:
* wasm/js/JSWebAssemblyInstance.cpp:
* wasm/js/JSWebAssemblyLinkError.cpp:
* wasm/js/JSWebAssemblyMemory.cpp:
* wasm/js/JSWebAssemblyModule.cpp:
* wasm/js/JSWebAssemblyRuntimeError.cpp:
* wasm/js/JSWebAssemblyTable.cpp:
* wasm/js/WebAssemblyCompileErrorConstructor.cpp:
* wasm/js/WebAssemblyCompileErrorPrototype.cpp:
* wasm/js/WebAssemblyFunction.cpp:
* wasm/js/WebAssemblyInstanceConstructor.cpp:
* wasm/js/WebAssemblyInstancePrototype.cpp:
* wasm/js/WebAssemblyLinkErrorConstructor.cpp:
* wasm/js/WebAssemblyLinkErrorPrototype.cpp:
* wasm/js/WebAssemblyMemoryConstructor.cpp:
* wasm/js/WebAssemblyMemoryPrototype.cpp:
* wasm/js/WebAssemblyModuleConstructor.cpp:
* wasm/js/WebAssemblyModulePrototype.cpp:
* wasm/js/WebAssemblyModuleRecord.cpp:
* wasm/js/WebAssemblyPrototype.cpp:
* wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
* wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:
* wasm/js/WebAssemblyTableConstructor.cpp:
* wasm/js/WebAssemblyTablePrototype.cpp:
* wasm/js/WebAssemblyToJSCallee.cpp:
* wasm/js/WebAssemblyWrapperFunction.cpp:

Source/WebCore:

Add DOMJIT interface IDL attribute. Which allows us to define checkSubClassPatchpoint function
for that ClassInfo. And we move CheckSubClass patchpoint implementation to ClassInfo's member.

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMGlobalObject.cpp:
* bindings/js/JSDOMWindowBase.cpp:
* bindings/js/JSDOMWindowProperties.cpp:
* bindings/js/JSDOMWindowShell.cpp:
* bindings/js/JSReadableStreamPrivateConstructors.cpp:
* bindings/js/JSWorkerGlobalScopeBase.cpp:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
(GenerateImplementationIterableFunctions):
(GenerateConstructorHelperMethods):
* bindings/scripts/IDLAttributes.json:
* bindings/scripts/test/JS/JSInterfaceName.cpp:
* bindings/scripts/test/JS/JSMapLike.cpp:
* bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestCEReactions.cpp:
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
* bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
* bindings/scripts/test/JS/JSTestDOMJIT.h:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
* bindings/scripts/test/JS/JSTestIterable.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
* bindings/scripts/test/JS/JSTestSerialization.cpp:
* bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
* bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bridge/c/CRuntimeObject.cpp:
* bridge/c/c_instance.cpp:
* bridge/objc/ObjCRuntimeObject.mm:
* bridge/objc/objc_instance.mm:
* bridge/objc/objc_runtime.mm:
* bridge/runtime_array.cpp:
* bridge/runtime_method.cpp:
* bridge/runtime_object.cpp:
* dom/Document.idl:
* dom/DocumentFragment.idl:
* dom/Element.idl:
* dom/Event.idl:
* dom/Node.idl:
* domjit/JSDocumentDOMJIT.cpp:
(WebCore::JSDocument::checkSubClassPatchpoint):
(WebCore::DocumentDocumentElementDOMJIT::checkDOM): Deleted.
(WebCore::DocumentBodyDOMJIT::checkDOM): Deleted.
* domjit/JSDocumentFragmentDOMJIT.cpp: Copied from Source/JavaScriptCore/runtime/JSMap.cpp.
(WebCore::JSDocumentFragment::checkSubClassPatchpoint):
* domjit/JSElementDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
(WebCore::JSElement::checkSubClassPatchpoint):
* domjit/JSEventDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
(WebCore::JSEvent::checkSubClassPatchpoint):
* domjit/JSNodeDOMJIT.cpp:
(WebCore::JSNode::checkSubClassPatchpoint):
(WebCore::NodeFirstChildDOMJIT::checkDOM): Deleted.
(WebCore::NodeLastChildDOMJIT::checkDOM): Deleted.
(WebCore::NodeNextSiblingDOMJIT::checkDOM): Deleted.
(WebCore::NodePreviousSiblingDOMJIT::checkDOM): Deleted.
(WebCore::NodeParentNodeDOMJIT::checkDOM): Deleted.
(WebCore::NodeNodeTypeDOMJIT::checkDOM): Deleted.
(WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.

Source/WebKit/mac:

* Plugins/Hosted/ProxyInstance.mm:
* Plugins/Hosted/ProxyRuntimeObject.mm:

Source/WebKit2:

* WebProcess/Plugins/Netscape/JSNPMethod.cpp:
* WebProcess/Plugins/Netscape/JSNPObject.cpp:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@217031 268f45cc-cd09-0410-ab3c-d52691b4dbfc
311 files changed:
JSTests/ChangeLog
JSTests/stress/check-sub-class.js [new file with mode: 0644]
Source/JavaScriptCore/API/JSAPIWrapperObject.mm
Source/JavaScriptCore/API/JSCallbackConstructor.cpp
Source/JavaScriptCore/API/JSCallbackFunction.cpp
Source/JavaScriptCore/API/JSCallbackObject.cpp
Source/JavaScriptCore/API/ObjCCallbackFunction.mm
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/DOMJITAccessCasePatchpointParams.h
Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp
Source/JavaScriptCore/bytecode/FunctionCodeBlock.cpp
Source/JavaScriptCore/bytecode/GetterSetterAccessCase.cpp
Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.cpp
Source/JavaScriptCore/bytecode/ProgramCodeBlock.cpp
Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp
Source/JavaScriptCore/bytecode/UnlinkedEvalCodeBlock.cpp
Source/JavaScriptCore/bytecode/UnlinkedFunctionCodeBlock.cpp
Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp
Source/JavaScriptCore/bytecode/UnlinkedModuleProgramCodeBlock.cpp
Source/JavaScriptCore/bytecode/UnlinkedProgramCodeBlock.cpp
Source/JavaScriptCore/debugger/DebuggerScope.cpp
Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGClobberize.h
Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
Source/JavaScriptCore/dfg/DFGDOMJITPatchpointParams.h
Source/JavaScriptCore/dfg/DFGDoesGC.cpp
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Source/JavaScriptCore/dfg/DFGGraph.cpp
Source/JavaScriptCore/dfg/DFGNode.h
Source/JavaScriptCore/dfg/DFGNodeType.h
Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
Source/JavaScriptCore/dfg/DFGSafeToExecute.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/domjit/DOMJITGetterSetter.h
Source/JavaScriptCore/domjit/DOMJITPatchpointParams.h
Source/JavaScriptCore/domjit/DOMJITSignature.h
Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
Source/JavaScriptCore/ftl/FTLCapabilities.cpp
Source/JavaScriptCore/ftl/FTLDOMJITPatchpointParams.h
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp
Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.cpp
Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp
Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.cpp
Source/JavaScriptCore/jsc.cpp
Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp
Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpoint.cpp
Source/JavaScriptCore/runtime/ArrayConstructor.cpp
Source/JavaScriptCore/runtime/ArrayIteratorPrototype.cpp
Source/JavaScriptCore/runtime/ArrayPrototype.cpp
Source/JavaScriptCore/runtime/AsyncFunctionConstructor.cpp
Source/JavaScriptCore/runtime/AsyncFunctionPrototype.cpp
Source/JavaScriptCore/runtime/AtomicsObject.cpp
Source/JavaScriptCore/runtime/BooleanConstructor.cpp
Source/JavaScriptCore/runtime/BooleanObject.cpp
Source/JavaScriptCore/runtime/BooleanPrototype.cpp
Source/JavaScriptCore/runtime/ClassInfo.cpp [new file with mode: 0644]
Source/JavaScriptCore/runtime/ClassInfo.h
Source/JavaScriptCore/runtime/ClonedArguments.cpp
Source/JavaScriptCore/runtime/ConsoleObject.cpp
Source/JavaScriptCore/runtime/CustomGetterSetter.cpp
Source/JavaScriptCore/runtime/DateConstructor.cpp
Source/JavaScriptCore/runtime/DateInstance.cpp
Source/JavaScriptCore/runtime/DatePrototype.cpp
Source/JavaScriptCore/runtime/DirectArguments.cpp
Source/JavaScriptCore/runtime/Error.cpp
Source/JavaScriptCore/runtime/ErrorConstructor.cpp
Source/JavaScriptCore/runtime/ErrorInstance.cpp
Source/JavaScriptCore/runtime/ErrorPrototype.cpp
Source/JavaScriptCore/runtime/EvalExecutable.cpp
Source/JavaScriptCore/runtime/Exception.cpp
Source/JavaScriptCore/runtime/ExceptionHelpers.cpp
Source/JavaScriptCore/runtime/ExecutableBase.cpp
Source/JavaScriptCore/runtime/FunctionConstructor.cpp
Source/JavaScriptCore/runtime/FunctionExecutable.cpp
Source/JavaScriptCore/runtime/FunctionPrototype.cpp
Source/JavaScriptCore/runtime/FunctionRareData.cpp
Source/JavaScriptCore/runtime/GeneratorFunctionConstructor.cpp
Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.cpp
Source/JavaScriptCore/runtime/GeneratorPrototype.cpp
Source/JavaScriptCore/runtime/GetterSetter.cpp
Source/JavaScriptCore/runtime/HashMapImpl.cpp
Source/JavaScriptCore/runtime/HashMapImpl.h
Source/JavaScriptCore/runtime/InferredType.cpp
Source/JavaScriptCore/runtime/InferredTypeTable.cpp
Source/JavaScriptCore/runtime/InferredValue.cpp
Source/JavaScriptCore/runtime/InspectorInstrumentationObject.cpp
Source/JavaScriptCore/runtime/InternalFunction.cpp
Source/JavaScriptCore/runtime/IntlCollator.cpp
Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp
Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp
Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp
Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp
Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp
Source/JavaScriptCore/runtime/IntlNumberFormat.cpp
Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp
Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp
Source/JavaScriptCore/runtime/IntlObject.cpp
Source/JavaScriptCore/runtime/IteratorPrototype.cpp
Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp
Source/JavaScriptCore/runtime/JSArray.cpp
Source/JavaScriptCore/runtime/JSArrayBuffer.cpp
Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp
Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp
Source/JavaScriptCore/runtime/JSArrayBufferView.cpp
Source/JavaScriptCore/runtime/JSAsyncFunction.cpp
Source/JavaScriptCore/runtime/JSBoundFunction.cpp
Source/JavaScriptCore/runtime/JSCallee.cpp
Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.cpp
Source/JavaScriptCore/runtime/JSDataView.cpp
Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp
Source/JavaScriptCore/runtime/JSEnvironmentRecord.cpp
Source/JavaScriptCore/runtime/JSFixedArray.cpp
Source/JavaScriptCore/runtime/JSFunction.cpp
Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp
Source/JavaScriptCore/runtime/JSGlobalLexicalEnvironment.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSInternalPromise.cpp
Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp
Source/JavaScriptCore/runtime/JSInternalPromiseDeferred.cpp
Source/JavaScriptCore/runtime/JSInternalPromisePrototype.cpp
Source/JavaScriptCore/runtime/JSLexicalEnvironment.cpp
Source/JavaScriptCore/runtime/JSMap.cpp
Source/JavaScriptCore/runtime/JSMapIterator.cpp
Source/JavaScriptCore/runtime/JSModuleEnvironment.cpp
Source/JavaScriptCore/runtime/JSModuleLoader.cpp
Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp
Source/JavaScriptCore/runtime/JSModuleRecord.cpp
Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp
Source/JavaScriptCore/runtime/JSONObject.cpp
Source/JavaScriptCore/runtime/JSObject.cpp
Source/JavaScriptCore/runtime/JSPromise.cpp
Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp
Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp
Source/JavaScriptCore/runtime/JSPromisePrototype.cpp
Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp
Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp
Source/JavaScriptCore/runtime/JSProxy.cpp
Source/JavaScriptCore/runtime/JSScriptFetcher.cpp
Source/JavaScriptCore/runtime/JSSet.cpp
Source/JavaScriptCore/runtime/JSSetIterator.cpp
Source/JavaScriptCore/runtime/JSSourceCode.cpp
Source/JavaScriptCore/runtime/JSString.cpp
Source/JavaScriptCore/runtime/JSStringIterator.cpp
Source/JavaScriptCore/runtime/JSSymbolTableObject.cpp
Source/JavaScriptCore/runtime/JSTemplateRegistryKey.cpp
Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp
Source/JavaScriptCore/runtime/JSTypedArrayPrototypes.cpp
Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp
Source/JavaScriptCore/runtime/JSTypedArrays.cpp
Source/JavaScriptCore/runtime/JSWeakMap.cpp
Source/JavaScriptCore/runtime/JSWeakSet.cpp
Source/JavaScriptCore/runtime/JSWithScope.cpp
Source/JavaScriptCore/runtime/MapConstructor.cpp
Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp
Source/JavaScriptCore/runtime/MapPrototype.cpp
Source/JavaScriptCore/runtime/MathObject.cpp
Source/JavaScriptCore/runtime/ModuleLoaderPrototype.cpp
Source/JavaScriptCore/runtime/ModuleProgramExecutable.cpp
Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp
Source/JavaScriptCore/runtime/NativeExecutable.cpp
Source/JavaScriptCore/runtime/NativeStdFunctionCell.cpp
Source/JavaScriptCore/runtime/NullGetterFunction.cpp
Source/JavaScriptCore/runtime/NullSetterFunction.cpp
Source/JavaScriptCore/runtime/NumberConstructor.cpp
Source/JavaScriptCore/runtime/NumberObject.cpp
Source/JavaScriptCore/runtime/NumberPrototype.cpp
Source/JavaScriptCore/runtime/ObjectConstructor.cpp
Source/JavaScriptCore/runtime/ObjectPrototype.cpp
Source/JavaScriptCore/runtime/ProgramExecutable.cpp
Source/JavaScriptCore/runtime/PropertyTable.cpp
Source/JavaScriptCore/runtime/ProxyConstructor.cpp
Source/JavaScriptCore/runtime/ProxyObject.cpp
Source/JavaScriptCore/runtime/ProxyRevoke.cpp
Source/JavaScriptCore/runtime/ReflectObject.cpp
Source/JavaScriptCore/runtime/RegExp.cpp
Source/JavaScriptCore/runtime/RegExpConstructor.cpp
Source/JavaScriptCore/runtime/RegExpObject.cpp
Source/JavaScriptCore/runtime/RegExpPrototype.cpp
Source/JavaScriptCore/runtime/ScopedArguments.cpp
Source/JavaScriptCore/runtime/ScopedArgumentsTable.cpp
Source/JavaScriptCore/runtime/ScriptExecutable.cpp
Source/JavaScriptCore/runtime/SetConstructor.cpp
Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp
Source/JavaScriptCore/runtime/SetPrototype.cpp
Source/JavaScriptCore/runtime/SparseArrayValueMap.cpp
Source/JavaScriptCore/runtime/StrictEvalActivation.cpp
Source/JavaScriptCore/runtime/StringConstructor.cpp
Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp
Source/JavaScriptCore/runtime/StringObject.cpp
Source/JavaScriptCore/runtime/StringPrototype.cpp
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/StructureChain.cpp
Source/JavaScriptCore/runtime/StructureRareData.cpp
Source/JavaScriptCore/runtime/Symbol.cpp
Source/JavaScriptCore/runtime/SymbolConstructor.cpp
Source/JavaScriptCore/runtime/SymbolObject.cpp
Source/JavaScriptCore/runtime/SymbolPrototype.cpp
Source/JavaScriptCore/runtime/SymbolTable.cpp
Source/JavaScriptCore/runtime/WeakMapConstructor.cpp
Source/JavaScriptCore/runtime/WeakMapData.cpp
Source/JavaScriptCore/runtime/WeakMapPrototype.cpp
Source/JavaScriptCore/runtime/WeakSetConstructor.cpp
Source/JavaScriptCore/runtime/WeakSetPrototype.cpp
Source/JavaScriptCore/testRegExp.cpp
Source/JavaScriptCore/tools/JSDollarVM.cpp
Source/JavaScriptCore/tools/JSDollarVMPrototype.cpp
Source/JavaScriptCore/wasm/JSWebAssembly.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyCompileError.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyLinkError.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyRuntimeError.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyInstancePrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyModuleConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyTableConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp
Source/WebCore/CMakeLists.txt
Source/WebCore/ChangeLog
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
Source/WebCore/bindings/js/JSDOMWindowBase.cpp
Source/WebCore/bindings/js/JSDOMWindowProperties.cpp
Source/WebCore/bindings/js/JSDOMWindowShell.cpp
Source/WebCore/bindings/js/JSReadableStreamPrivateConstructors.cpp
Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/IDLAttributes.json
Source/WebCore/bindings/scripts/test/JS/JSInterfaceName.cpp
Source/WebCore/bindings/scripts/test/JS/JSMapLike.cpp
Source/WebCore/bindings/scripts/test/JS/JSReadOnlyMapLike.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCallbackInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.h
Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestIterable.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerialization.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInherit.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp
Source/WebCore/bridge/c/CRuntimeObject.cpp
Source/WebCore/bridge/c/c_instance.cpp
Source/WebCore/bridge/objc/ObjCRuntimeObject.mm
Source/WebCore/bridge/objc/objc_instance.mm
Source/WebCore/bridge/objc/objc_runtime.mm
Source/WebCore/bridge/runtime_array.cpp
Source/WebCore/bridge/runtime_method.cpp
Source/WebCore/bridge/runtime_object.cpp
Source/WebCore/dom/Document.idl
Source/WebCore/dom/DocumentFragment.idl
Source/WebCore/dom/Element.idl
Source/WebCore/dom/Event.idl
Source/WebCore/dom/Node.idl
Source/WebCore/domjit/JSDocumentDOMJIT.cpp
Source/WebCore/domjit/JSDocumentFragmentDOMJIT.cpp [new file with mode: 0644]
Source/WebCore/domjit/JSElementDOMJIT.cpp [new file with mode: 0644]
Source/WebCore/domjit/JSEventDOMJIT.cpp [new file with mode: 0644]
Source/WebCore/domjit/JSNodeDOMJIT.cpp
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm
Source/WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.mm
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/Plugins/Netscape/JSNPMethod.cpp
Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp