Google Git
Sign in
webkit / WebKit / 2385e39784935db621b8a1e62da7a4caa5d03b47 / . / Source / JavaScriptCore / ChangeLog
blob: 8412025b2bcec95bc8c0207a6520dc3ada3bdadf [file] [log] [blame]
2014-02-26 Mark Hahnenberg <mhahnenberg@apple.com>
Unconditional logging in compileFTLOSRExit
https://bugs.webkit.org/show_bug.cgi?id=129407
Reviewed by Michael Saboff.
This was causing tests to fail with the FTL enabled.
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileFTLOSRExit):
2014-02-26 Oliver Hunt <oliver@apple.com>
Remove unused access types
https://bugs.webkit.org/show_bug.cgi?id=129385
Reviewed by Filip Pizlo.
Remove unused cruft.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdCacheStatus):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
* bytecode/StructureStubInfo.h:
(JSC::isGetByIdAccess):
(JSC::isPutByIdAccess):
2014-02-26 Oliver Hunt <oliver@apple.com>
Function.prototype.apply has a bad time with the spread operator
https://bugs.webkit.org/show_bug.cgi?id=129381
Reviewed by Mark Hahnenberg.
Make sure our apply logic handle the spread operator correctly.
To do this we simply emit the enumeration logic that we'd normally
use for other enumerations, but only store the first two results
to registers. Then perform a varargs call.
* bytecompiler/NodesCodegen.cpp:
(JSC::ApplyFunctionCallDotNode::emitBytecode):
2014-02-26 Mark Lam <mark.lam@apple.com>
Compilation policy management belongs in operationOptimize(), not the DFG Driver.
<https://webkit.org/b/129355>
Reviewed by Filip Pizlo.
By compilation policy, I mean the rules for determining whether to
compile, when to compile, when to attempt compilation again, etc. The
few of these policy decisions that were previously being made in the
DFG driver are now moved to operationOptimize() where we keep the rest
of the policy logic. Decisions that are based on the capabilities
supported by the DFG are moved to DFG capabiliityLevel().
I've run the following benchmarks:
1. the collection of jsc benchmarks on the jsc executable vs. its
baseline.
2. Octane 2.0 in browser without the WebInspector.
3. Octane 2.0 in browser with the WebInspector open and a breakpoint
set somewhere where it won't break.
In all of these, the results came out to be a wash as expected.
* dfg/DFGCapabilities.cpp:
(JSC::DFG::isSupported):
(JSC::DFG::mightCompileEval):
(JSC::DFG::mightCompileProgram):
(JSC::DFG::mightCompileFunctionForCall):
(JSC::DFG::mightCompileFunctionForConstruct):
(JSC::DFG::mightInlineFunctionForCall):
(JSC::DFG::mightInlineFunctionForClosureCall):
(JSC::DFG::mightInlineFunctionForConstruct):
* dfg/DFGCapabilities.h:
* dfg/DFGDriver.cpp:
(JSC::DFG::compileImpl):
* jit/JITOperations.cpp:
2014-02-26 Mark Lam <mark.lam@apple.com>
ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() in inspector-protocol/*.
<https://webkit.org/b/129364>
Reviewed by Alexey Proskuryakov.
InjectedScriptModule::ensureInjected() needs an APIEntryShim.
* inspector/InjectedScriptModule.cpp:
(Inspector::InjectedScriptModule::ensureInjected):
- Added the needed but missing APIEntryShim.
2014-02-25 Mark Lam <mark.lam@apple.com>
Web Inspector: CRASH when evaluating in console of JSContext RWI with disabled breakpoints.
<https://webkit.org/b/128766>
Reviewed by Geoffrey Garen.
Make the JSLock::grabAllLocks() work the same way as for the C loop LLINT.
The reasoning is that we don't know of any clients that need unordered
re-entry into the VM from different threads. So, we're enforcing ordered
re-entry i.e. we must re-grab locks in the reverse order of dropping locks.
The crash in this bug happened because we were allowing unordered re-entry,
and the following type of scenario occurred:
1. Thread T1 locks the VM, and enters the VM to execute some JS code.
2. On entry, T1 detects that VM::m_entryScope is null i.e. this is the
first time it entered the VM.
T1 sets VM::m_entryScope to T1's entryScope.
3. T1 drops all locks.
4. Thread T2 locks the VM, and enters the VM to execute some JS code.
On entry, T2 sees that VM::m_entryScope is NOT null, and therefore
does not set the entryScope.
5. T2 drops all locks.
6. T1 re-grabs locks.
7. T1 returns all the way out of JS code. On exit from the outer most
JS function, T1 clears VM::m_entryScope (because T1 was the one who
set it).
8. T1 unlocks the VM.
9. T2 re-grabs locks.
10. T2 proceeds to execute some code and expects VM::m_entryScope to be
NOT null, but it turns out to be null. Assertion failures and
crashes ensue.
With ordered re-entry, at step 6, T1 will loop and yield until T2 exits
the VM. Hence, the issue will no longer manifest.
* runtime/JSLock.cpp:
(JSC::JSLock::dropAllLocks):
(JSC::JSLock::grabAllLocks):
* runtime/JSLock.h:
(JSC::JSLock::DropAllLocks::dropDepth):
2014-02-25 Mark Lam <mark.lam@apple.com>
Need to initialize VM stack data even when the VM is on an exclusive thread.
<https://webkit.org/b/129265>
Not reviewed.
Relanding r164627 now that <https://webkit.org/b/129341> is fixed.
* API/APIShims.h:
(JSC::APIEntryShim::APIEntryShim):
(JSC::APICallbackShim::shouldDropAllLocks):
* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::addCurrentThread):
* runtime/JSLock.cpp:
(JSC::JSLockHolder::JSLockHolder):
(JSC::JSLockHolder::init):
(JSC::JSLockHolder::~JSLockHolder):
(JSC::JSLock::JSLock):
(JSC::JSLock::setExclusiveThread):
(JSC::JSLock::lock):
(JSC::JSLock::unlock):
(JSC::JSLock::currentThreadIsHoldingLock):
(JSC::JSLock::dropAllLocks):
(JSC::JSLock::grabAllLocks):
* runtime/JSLock.h:
(JSC::JSLock::hasExclusiveThread):
(JSC::JSLock::exclusiveThread):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::hasExclusiveThread):
(JSC::VM::exclusiveThread):
(JSC::VM::setExclusiveThread):
(JSC::VM::currentThreadIsHoldingAPILock):
2014-02-25 Filip Pizlo <fpizlo@apple.com>
Inline caching in the FTL on ARM64 should "work"
https://bugs.webkit.org/show_bug.cgi?id=129334
Reviewed by Mark Hahnenberg.
Gets us to the point where simple tests that use inline caching are passing.
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::shrink):
* ftl/FTLInlineCacheSize.cpp:
(JSC::FTL::sizeOfGetById):
(JSC::FTL::sizeOfPutById):
(JSC::FTL::sizeOfCall):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileFTLOSRExit):
* ftl/FTLThunks.cpp:
(JSC::FTL::osrExitGenerationThunkGenerator):
* jit/GPRInfo.h:
* offlineasm/arm64.rb:
2014-02-25 Commit Queue <commit-queue@webkit.org>
Unreviewed, rolling out r164627.
http://trac.webkit.org/changeset/164627
https://bugs.webkit.org/show_bug.cgi?id=129325
Broke SubtleCrypto tests (Requested by ap on #webkit).
* API/APIShims.h:
(JSC::APIEntryShim::APIEntryShim):
(JSC::APICallbackShim::shouldDropAllLocks):
* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::addCurrentThread):
* runtime/JSLock.cpp:
(JSC::JSLockHolder::JSLockHolder):
(JSC::JSLockHolder::init):
(JSC::JSLockHolder::~JSLockHolder):
(JSC::JSLock::JSLock):
(JSC::JSLock::lock):
(JSC::JSLock::unlock):
(JSC::JSLock::currentThreadIsHoldingLock):
(JSC::JSLock::dropAllLocks):
(JSC::JSLock::grabAllLocks):
* runtime/JSLock.h:
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::currentThreadIsHoldingAPILock):
2014-02-25 Filip Pizlo <fpizlo@apple.com>
ARM64 rshift64 should be an arithmetic shift
https://bugs.webkit.org/show_bug.cgi?id=129323
Reviewed by Mark Hahnenberg.
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::rshift64):
2014-02-25 Sergio Villar Senin <svillar@igalia.com>
[CSS Grid Layout] Add ENABLE flag
https://bugs.webkit.org/show_bug.cgi?id=129153
Reviewed by Simon Fraser.
* Configurations/FeatureDefines.xcconfig: added ENABLE_CSS_GRID_LAYOUT feature flag.
2014-02-25 Michael Saboff <msaboff@apple.com>
JIT Engines use the wrong stack limit for stack checks
https://bugs.webkit.org/show_bug.cgi?id=129314
Reviewed by Filip Pizlo.
Change the Baseline and DFG code to use VM::m_stackLimit for stack limit checks.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITCall.cpp:
(JSC::JIT::compileLoadVarargs):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileLoadVarargs):
* runtime/VM.h:
(JSC::VM::addressOfStackLimit):
2014-02-25 Filip Pizlo <fpizlo@apple.com>
Unreviewed, roll out http://trac.webkit.org/changeset/164493.
It causes crashes, apparently because it's removing too many barriers. I will investigate
later.
* bytecode/SpeculatedType.cpp:
(JSC::speculationToAbbreviatedString):
* bytecode/SpeculatedType.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::insertStoreBarrier):
* dfg/DFGNode.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
(JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
(JSC::FTL::LowerDFGToLLVM::isNotNully):
(JSC::FTL::LowerDFGToLLVM::isNully):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
(JSC::FTL::LowerDFGToLLVM::speculateNotCell):
2014-02-24 Oliver Hunt <oliver@apple.com>
Fix build.
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState):
2014-02-24 Oliver Hunt <oliver@apple.com>
Spread operator has a bad time when applied to call function
https://bugs.webkit.org/show_bug.cgi?id=128853
Reviewed by Geoffrey Garen.
Follow on from the previous patch the added an extra slot to
op_call_varargs (and _call, _call_eval, _construct). We now
use the slot as an offset to in effect act as a 'slice' on
the spread subject. This allows us to automatically retain
all our existing argument and array optimisatons. Most of
this patch is simply threading the offset around.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargs):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::getArgumentByVal):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
* interpreter/Interpreter.cpp:
(JSC::sizeFrameForVarargs):
(JSC::loadVarargs):
* interpreter/Interpreter.h:
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileLoadVarargs):
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/Arguments.cpp:
(JSC::Arguments::copyToArguments):
* runtime/Arguments.h:
* runtime/JSArray.cpp:
(JSC::JSArray::copyToArguments):
* runtime/JSArray.h:
2014-02-24 Mark Lam <mark.lam@apple.com>
Need to initialize VM stack data even when the VM is on an exclusive thread.
<https://webkit.org/b/129265>
Reviewed by Geoffrey Garen.
We check VM::exclusiveThread as an optimization to forego the need to do
JSLock locking. However, we recently started piggy backing on JSLock's
lock() and unlock() to initialize VM stack data (stackPointerAtVMEntry
and lastStackTop) to appropriate values for the current thread. This is
needed because we may be acquiring the lock to enter the VM on a different
thread.
As a result, we ended up not initializing the VM stack data when
VM::exclusiveThread causes us to bypass the locking activity. Even though
the VM::exclusiveThread will not have to deal with the VM being entered
on a different thread, it still needs to initialize the VM stack data.
The VM relies on that data being initialized properly once it has been
entered.
With this fix, we push the check for exclusiveThread down into the JSLock,
and handle the bypassing of unneeded locking activity there while still
executing the necessary the VM stack data initialization.
* API/APIShims.h:
(JSC::APIEntryShim::APIEntryShim):
(JSC::APICallbackShim::shouldDropAllLocks):
* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::addCurrentThread):
* runtime/JSLock.cpp:
(JSC::JSLockHolder::JSLockHolder):
(JSC::JSLockHolder::init):
(JSC::JSLockHolder::~JSLockHolder):
(JSC::JSLock::JSLock):
(JSC::JSLock::setExclusiveThread):
(JSC::JSLock::lock):
(JSLock::unlock):
(JSLock::currentThreadIsHoldingLock):
(JSLock::dropAllLocks):
(JSLock::grabAllLocks):
* runtime/JSLock.h:
(JSC::JSLock::exclusiveThread):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::exclusiveThread):
(JSC::VM::setExclusiveThread):
(JSC::VM::currentThreadIsHoldingAPILock):
2014-02-24 Filip Pizlo <fpizlo@apple.com>
FTL should do polymorphic PutById inlining
https://bugs.webkit.org/show_bug.cgi?id=129210
Reviewed by Mark Hahnenberg and Oliver Hunt.
This makes PutByIdStatus inform us about polymorphic cases by returning an array of
PutByIdVariants. The DFG now has a node called MultiPutByOffset that indicates a
selection of multiple inlined PutByIdVariants.
MultiPutByOffset is almost identical to MultiGetByOffset, which we added in
http://trac.webkit.org/changeset/164207.
This also does some FTL refactoring to make MultiPutByOffset share code with some nodes
that generate similar code.
1% speed-up on V8v7 due to splay improving by 6.8%. Splay does the thing where it
sometimes swaps field insertion order, creating fake polymorphism.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFromLLInt):
(JSC::PutByIdStatus::computeFor):
(JSC::PutByIdStatus::computeForStubInfo):
(JSC::PutByIdStatus::dump):
* bytecode/PutByIdStatus.h:
(JSC::PutByIdStatus::PutByIdStatus):
(JSC::PutByIdStatus::isSimple):
(JSC::PutByIdStatus::numVariants):
(JSC::PutByIdStatus::variants):
(JSC::PutByIdStatus::at):
(JSC::PutByIdStatus::operator[]):
* bytecode/PutByIdVariant.cpp: Added.
(JSC::PutByIdVariant::dump):
(JSC::PutByIdVariant::dumpInContext):
* bytecode/PutByIdVariant.h: Added.
(JSC::PutByIdVariant::PutByIdVariant):
(JSC::PutByIdVariant::replace):
(JSC::PutByIdVariant::transition):
(JSC::PutByIdVariant::kind):
(JSC::PutByIdVariant::isSet):
(JSC::PutByIdVariant::operator!):
(JSC::PutByIdVariant::structure):
(JSC::PutByIdVariant::oldStructure):
(JSC::PutByIdVariant::newStructure):
(JSC::PutByIdVariant::structureChain):
(JSC::PutByIdVariant::offset):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::emitPrototypeChecks):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::emitPutById):
(JSC::DFG::ByteCodeParser::handlePutById):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::checkStructureElimination):
(JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
(JSC::DFG::CSEPhase::putStructureStoreElimination):
(JSC::DFG::CSEPhase::getByOffsetLoadElimination):
(JSC::DFG::CSEPhase::putByOffsetStoreElimination):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
* dfg/DFGNode.cpp:
(JSC::DFG::MultiPutByOffsetData::writesStructures):
(JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToPutByOffset):
(JSC::DFG::Node::hasMultiPutByOffsetData):
(JSC::DFG::Node::multiPutByOffsetData):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compilePutStructure):
(JSC::FTL::LowerDFGToLLVM::compileAllocatePropertyStorage):
(JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
(JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
(JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
(JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
(JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
(JSC::FTL::LowerDFGToLLVM::loadProperty):
(JSC::FTL::LowerDFGToLLVM::storeProperty):
(JSC::FTL::LowerDFGToLLVM::addressOfProperty):
(JSC::FTL::LowerDFGToLLVM::storageForTransition):
(JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
(JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
(JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
* tests/stress/fold-multi-put-by-offset-to-put-by-offset.js: Added.
* tests/stress/multi-put-by-offset-reallocation-butterfly-cse.js: Added.
* tests/stress/multi-put-by-offset-reallocation-cases.js: Added.
2014-02-24 peavo@outlook.com <peavo@outlook.com>
JSC regressions after r164494
https://bugs.webkit.org/show_bug.cgi?id=129272
Reviewed by Mark Lam.
* offlineasm/x86.rb: Only avoid reverse opcode (fdivr) for Windows.
2014-02-24 Tamas Gergely <tgergely.u-szeged@partner.samsung.com>
Code cleanup: remove leftover ENABLE(WORKERS) macros and support.
https://bugs.webkit.org/show_bug.cgi?id=129255
Reviewed by Csaba Osztrogonác.
ENABLE_WORKERS macro was removed in r159679.
Support is now also removed from xcconfig files.
* Configurations/FeatureDefines.xcconfig:
2014-02-24 David Kilzer <ddkilzer@apple.com>
Remove redundant setting in FeatureDefines.xcconfig
* Configurations/FeatureDefines.xcconfig:
2014-02-23 Sam Weinig <sam@webkit.org>
Update FeatureDefines.xcconfig
Rubber-stamped by Anders Carlsson.
* Configurations/FeatureDefines.xcconfig:
2014-02-23 Dean Jackson <dino@apple.com>
Sort the project file with sort-Xcode-project-file.
Rubber-stamped by Sam Weinig.
* JavaScriptCore.xcodeproj/project.pbxproj:
2014-02-23 Sam Weinig <sam@webkit.org>
Move telephone number detection behind its own ENABLE macro
https://bugs.webkit.org/show_bug.cgi?id=129236
Reviewed by Dean Jackson.
* Configurations/FeatureDefines.xcconfig:
Add ENABLE_TELEPHONE_NUMBER_DETECTION.
2014-02-22 Filip Pizlo <fpizlo@apple.com>
Refine DFG+FTL inlining and compilation limits
https://bugs.webkit.org/show_bug.cgi?id=129212
Reviewed by Mark Hahnenberg.
Allow larger functions to be DFG-compiled. Institute a limit on FTL compilation,
and set that limit quite high. Institute a limit on inlining-into. The idea here is
that large functions tend to be autogenerated, and code generators like emscripten
appear to leave few inlining opportunities anyway. Also, we don't want the code
size explosion that we would risk if we allowed compilation of a large function and
then inlined a ton of stuff into it.
This is a 0.5% speed-up on Octane v2 and almost eliminates the typescript
regression. This is a 9% speed-up on AsmBench.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::noticeIncomingCall):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):
* dfg/DFGCapabilities.h:
(JSC::DFG::isSmallEnoughToInlineCodeInto):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLState.h:
(JSC::FTL::shouldShowDisassembly):
* runtime/Options.h:
2014-02-22 Dan Bernstein <mitz@apple.com>
REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
https://bugs.webkit.org/show_bug.cgi?id=129227
Reviewed by Eric Carlson.
Reverted r164507.
* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
* API/JSObjectRef.cpp:
(JSObjectMakeFunction):
(JSObjectMakeArray):
(JSObjectMakeDate):
(JSObjectMakeError):
(JSObjectMakeRegExp):
(JSObjectGetProperty):
(JSObjectSetProperty):
(JSObjectGetPropertyAtIndex):
(JSObjectSetPropertyAtIndex):
(JSObjectDeleteProperty):
(JSObjectCallAsFunction):
(JSObjectCallAsConstructor):
* API/JSValue.mm:
(valueToArray):
(valueToDictionary):
* API/JSValueRef.cpp:
(JSValueIsEqual):
(JSValueIsInstanceOfConstructor):
(JSValueCreateJSONString):
(JSValueToNumber):
(JSValueToStringCopy):
(JSValueToObject):
* inspector/ConsoleMessage.cpp:
(Inspector::ConsoleMessage::ConsoleMessage):
(Inspector::ConsoleMessage::autogenerateMetadata):
* inspector/ConsoleMessage.h:
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
* inspector/JSGlobalObjectInspectorController.h:
* inspector/ScriptCallStack.cpp:
* inspector/ScriptCallStack.h:
* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStack):
(Inspector::createScriptCallStackForConsole):
(Inspector::createScriptCallStackFromException):
* inspector/ScriptCallStackFactory.h:
* inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::enable):
(Inspector::InspectorConsoleAgent::addMessageToConsole):
(Inspector::InspectorConsoleAgent::count):
* inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
(Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
2014-02-22 Joseph Pecoraro <pecoraro@apple.com>
Remove some unreachable code (-Wunreachable-code)
https://bugs.webkit.org/show_bug.cgi?id=129220
Reviewed by Eric Carlson.
* API/tests/testapi.c:
(EvilExceptionObject_convertToType):
* disassembler/udis86/udis86_decode.c:
(decode_operand):
2014-02-22 Filip Pizlo <fpizlo@apple.com>
Unreviewed, ARMv7 build fix.
* assembler/ARMv7Assembler.h:
2014-02-21 Filip Pizlo <fpizlo@apple.com>
It should be possible for a LinkBuffer to outlive the MacroAssembler and still be useful
https://bugs.webkit.org/show_bug.cgi?id=124733
Reviewed by Oliver Hunt.
This also takes the opportunity to de-duplicate some branch compaction code.
* assembler/ARM64Assembler.h:
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::buffer):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerData::AssemblerData):
(JSC::AssemblerBuffer::AssemblerBuffer):
(JSC::AssemblerBuffer::storage):
(JSC::AssemblerBuffer::grow):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
(JSC::LinkBuffer::executableOffsetFor):
(JSC::LinkBuffer::applyOffset):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::link):
* assembler/MacroAssemblerARMv7.h:
2014-02-21 Brent Fulgham <bfulgham@apple.com>
Extend media support for WebVTT sources
https://bugs.webkit.org/show_bug.cgi?id=129156
Reviewed by Eric Carlson.
* Configurations/FeatureDefines.xcconfig: Add new feature define for AVF_CAPTIONS
2014-02-21 Joseph Pecoraro <pecoraro@apple.com>
Web Inspector: JSContext inspection should report exceptions in the console
https://bugs.webkit.org/show_bug.cgi?id=128776
Reviewed by Timothy Hatcher.
When JavaScript API functions have an exception, let the inspector
know so it can log the JavaScript and Native backtrace that caused
the exception.
Include some clean up of ConsoleMessage and ScriptCallStack construction.
* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
* API/JSObjectRef.cpp:
(JSObjectMakeFunction):
(JSObjectMakeArray):
(JSObjectMakeDate):
(JSObjectMakeError):
(JSObjectMakeRegExp):
(JSObjectGetProperty):
(JSObjectSetProperty):
(JSObjectGetPropertyAtIndex):
(JSObjectSetPropertyAtIndex):
(JSObjectDeleteProperty):
(JSObjectCallAsFunction):
(JSObjectCallAsConstructor):
* API/JSValue.mm:
(reportExceptionToInspector):
(valueToArray):
(valueToDictionary):
* API/JSValueRef.cpp:
(JSValueIsEqual):
(JSValueIsInstanceOfConstructor):
(JSValueCreateJSONString):
(JSValueToNumber):
(JSValueToStringCopy):
(JSValueToObject):
When seeing an exception, let the inspector know there was an exception.
* inspector/JSGlobalObjectInspectorController.h:
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
(Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
(Inspector::JSGlobalObjectInspectorController::reportAPIException):
Log API exceptions by also grabbing the native backtrace.
* inspector/ScriptCallStack.h:
* inspector/ScriptCallStack.cpp:
(Inspector::ScriptCallStack::firstNonNativeCallFrame):
(Inspector::ScriptCallStack::append):
Minor extensions to ScriptCallStack to make it easier to work with.
* inspector/ConsoleMessage.cpp:
(Inspector::ConsoleMessage::ConsoleMessage):
(Inspector::ConsoleMessage::autogenerateMetadata):
Provide better default information if the first call frame was native.
* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStack):
(Inspector::extractSourceInformationFromException):
(Inspector::createScriptCallStackFromException):
Perform the handling here of inserting a fake call frame for exceptions
if there was no call stack (e.g. a SyntaxError) or if the first call
frame had no information.
* inspector/ConsoleMessage.cpp:
(Inspector::ConsoleMessage::ConsoleMessage):
(Inspector::ConsoleMessage::autogenerateMetadata):
* inspector/ConsoleMessage.h:
* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStack):
(Inspector::createScriptCallStackForConsole):
* inspector/ScriptCallStackFactory.h:
* inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::enable):
(Inspector::InspectorConsoleAgent::addMessageToConsole):
(Inspector::InspectorConsoleAgent::count):
* inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
(Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
ConsoleMessage cleanup.
2014-02-21 Oliver Hunt <oliver@apple.com>
Add extra space to op_call and related opcodes
https://bugs.webkit.org/show_bug.cgi?id=129170
Reviewed by Mark Lam.
No change in behaviour, just some refactoring to add an extra
slot to the op_call instructions, and refactoring to make similar
changes easier in future.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printCallOp):
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargs):
(JSC::BytecodeGenerator::emitConstruct):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* jit/JITCall.cpp:
(JSC::JIT::compileOpCall):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCall):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
2014-02-21 Mark Lam <mark.lam@apple.com>
gatherFromOtherThread() needs to align the sp before gathering roots.
<https://webkit.org/b/129169>
Reviewed by Geoffrey Garen.
The GC scans the stacks of other threads using MachineThreads::gatherFromOtherThread().
gatherFromOtherThread() defines the range of the other thread's stack as
being bounded by the other thread's stack pointer and stack base. While
the stack base will always be aligned to sizeof(void*), the stack pointer
may not be. This is because the other thread may have just pushed a 32-bit
value on its stack before we suspended it for scanning.
The fix is to round the stack pointer up to the next aligned address of
sizeof(void*) and start scanning from there. On 64-bit systems, we will
effectively ignore the 32-bit word at the bottom of the stack (top of the
stack for stacks growing up) because it cannot be a 64-bit pointer anyway.
64-bit pointers should always be stored on 64-bit aligned boundaries (our
conservative scan algorithm already depends on this assumption).
On 32-bit systems, the rounding is effectively a no-op.
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::genericAddSpan):
- Hardened somne assertions so that we can catch misalignment issues on
release builds as well.
* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::gatherFromOtherThread):
2014-02-21 Matthew Mirman <mmirman@apple.com>
Added a GetMyArgumentsLengthSafe and added a speculation check.
https://bugs.webkit.org/show_bug.cgi?id=129051
Reviewed by Filip Pizlo.
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
2014-02-21 peavo@outlook.com <peavo@outlook.com>
[Win][LLINT] Many JSC stress test failures.
https://bugs.webkit.org/show_bug.cgi?id=129155
Reviewed by Michael Saboff.
Intel syntax has reversed operand order compared to AT&T syntax, so we need to swap the operand order, in this case on floating point operations.
Also avoid using the reverse opcode (e.g. fdivr), as this puts the result at the wrong position in the floating point stack.
E.g. "divd ft0, ft1" would translate to fdivr st, st(1) (Intel syntax) on Windows, but this puts the result in st, when it should be in st(1).
* offlineasm/x86.rb: Swap operand order on Windows.
2014-02-21 Filip Pizlo <fpizlo@apple.com>
DFG write barriers should do more speculations
https://bugs.webkit.org/show_bug.cgi?id=129160
Reviewed by Mark Hahnenberg.
Replace ConditionalStoreBarrier with the cheapest speculation that you could do
instead.
Miniscule speed-up on some things. It's a decent difference in code size, though.
* bytecode/SpeculatedType.cpp:
(JSC::speculationToAbbreviatedString):
* bytecode/SpeculatedType.h:
(JSC::isNotCellSpeculation):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::insertStoreBarrier):
(JSC::DFG::FixupPhase::insertPhantomCheck):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateOther):
(JSC::DFG::Node::shouldSpeculateNotCell):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
(JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
(JSC::FTL::LowerDFGToLLVM::isNotOther):
(JSC::FTL::LowerDFGToLLVM::isOther):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
(JSC::FTL::LowerDFGToLLVM::speculateOther):
(JSC::FTL::LowerDFGToLLVM::speculateNotCell):
2014-02-21 Joseph Pecoraro <pecoraro@apple.com>
Revert r164486, causing a number of test failures.
Unreviewed rollout.
2014-02-21 Filip Pizlo <fpizlo@apple.com>
Revive SABI (aka shouldAlwaysBeInlined)
https://bugs.webkit.org/show_bug.cgi?id=129159
Reviewed by Mark Hahnenberg.
This is a small Octane speed-up.
* jit/Repatch.cpp:
(JSC::linkFor): This code was assuming that if it's invoked then the caller is a DFG code block. That's wrong, since it's now used by all of the JITs.
2014-02-21 Joseph Pecoraro <pecoraro@apple.com>
Web Inspector: JSContext inspection should report exceptions in the console
https://bugs.webkit.org/show_bug.cgi?id=128776
Reviewed by Timothy Hatcher.
When JavaScript API functions have an exception, let the inspector
know so it can log the JavaScript and Native backtrace that caused
the exception.
Include some clean up of ConsoleMessage and ScriptCallStack construction.
* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
* API/JSObjectRef.cpp:
(JSObjectMakeFunction):
(JSObjectMakeArray):
(JSObjectMakeDate):
(JSObjectMakeError):
(JSObjectMakeRegExp):
(JSObjectGetProperty):
(JSObjectSetProperty):
(JSObjectGetPropertyAtIndex):
(JSObjectSetPropertyAtIndex):
(JSObjectDeleteProperty):
(JSObjectCallAsFunction):
(JSObjectCallAsConstructor):
* API/JSValue.mm:
(reportExceptionToInspector):
(valueToArray):
(valueToDictionary):
* API/JSValueRef.cpp:
(JSValueIsEqual):
(JSValueIsInstanceOfConstructor):
(JSValueCreateJSONString):
(JSValueToNumber):
(JSValueToStringCopy):
(JSValueToObject):
When seeing an exception, let the inspector know there was an exception.
* inspector/JSGlobalObjectInspectorController.h:
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
(Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
(Inspector::JSGlobalObjectInspectorController::reportAPIException):
Log API exceptions by also grabbing the native backtrace.
* inspector/ScriptCallStack.h:
* inspector/ScriptCallStack.cpp:
(Inspector::ScriptCallStack::firstNonNativeCallFrame):
(Inspector::ScriptCallStack::append):
Minor extensions to ScriptCallStack to make it easier to work with.
* inspector/ConsoleMessage.cpp:
(Inspector::ConsoleMessage::ConsoleMessage):
(Inspector::ConsoleMessage::autogenerateMetadata):
Provide better default information if the first call frame was native.
* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStack):
(Inspector::extractSourceInformationFromException):
(Inspector::createScriptCallStackFromException):
Perform the handling here of inserting a fake call frame for exceptions
if there was no call stack (e.g. a SyntaxError) or if the first call
frame had no information.
* inspector/ConsoleMessage.cpp:
(Inspector::ConsoleMessage::ConsoleMessage):
(Inspector::ConsoleMessage::autogenerateMetadata):
* inspector/ConsoleMessage.h:
* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStack):
(Inspector::createScriptCallStackForConsole):
* inspector/ScriptCallStackFactory.h:
* inspector/agents/InspectorConsoleAgent.cpp:
(Inspector::InspectorConsoleAgent::enable):
(Inspector::InspectorConsoleAgent::addMessageToConsole):
(Inspector::InspectorConsoleAgent::count):
* inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
(Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
ConsoleMessage cleanup.
2014-02-20 Anders Carlsson <andersca@apple.com>
Modernize JSGlobalLock and JSLockHolder
https://bugs.webkit.org/show_bug.cgi?id=129105
Reviewed by Michael Saboff.
Use std::mutex and std::thread::id where possible.
* runtime/JSLock.cpp:
(JSC::GlobalJSLock::GlobalJSLock):
(JSC::GlobalJSLock::~GlobalJSLock):
(JSC::GlobalJSLock::initialize):
(JSC::JSLock::JSLock):
(JSC::JSLock::lock):
(JSC::JSLock::unlock):
(JSC::JSLock::currentThreadIsHoldingLock):
* runtime/JSLock.h:
2014-02-20 Mark Lam <mark.lam@apple.com>
virtualForWithFunction() should not throw an exception with a partially initialized frame.
<https://webkit.org/b/129134>
Reviewed by Michael Saboff.
Currently, when JITOperations.cpp's virtualForWithFunction() fails to
prepare the callee function for execution, it proceeds to throw the
exception using the callee frame which is only partially initialized
thus far. Instead, it should be throwing the exception using the caller
frame because:
1. the error happened "in" the caller while preparing the callee for
execution i.e. the caller frame is the top fully initialized frame
on the stack.
2. the callee frame is not fully initialized yet, and the unwind
mechanism cannot depend on the data in it.
* jit/JITOperations.cpp:
2014-02-20 Mark Lam <mark.lam@apple.com>
DefaultGCActivityCallback::doWork() should reschedule if GC is deferred.
<https://webkit.org/b/129131>
Reviewed by Mark Hahnenberg.
Currently, DefaultGCActivityCallback::doWork() does not check if the GC
needs to be deferred before commencing. As a result, the GC may crash
and/or corrupt data because the VM is not in the consistent state needed
for the GC to run. With this fix, doWork() now checks if the GC is
supposed to be deferred and re-schedules if needed. It only commences
with GC'ing when it's safe to do so.
* runtime/GCActivityCallback.cpp:
(JSC::DefaultGCActivityCallback::doWork):
2014-02-20 Geoffrey Garen <ggaren@apple.com>
Math.imul gives wrong results
https://bugs.webkit.org/show_bug.cgi?id=126345
Reviewed by Mark Hahnenberg.
Don't truncate non-int doubles to 0 -- that's just not how ToInt32 works.
Instead, take a slow path that will do the right thing.
* jit/ThunkGenerators.cpp:
(JSC::imulThunkGenerator):
2014-02-20 Filip Pizlo <fpizlo@apple.com>
DFG should do its own static estimates of execution frequency before it starts creating OSR entrypoints
https://bugs.webkit.org/show_bug.cgi?id=129129
Reviewed by Geoffrey Garen.
We estimate execution counts based on loop depth, and then use those to estimate branch
weights. These weights then get carried all the way down to LLVM prof branch_weights
meta-data.
This is better than letting LLVM do its own static estimates, since by the time we
generate LLVM IR, we may have messed up the CFG due to OSR entrypoint creation. Of
course, it would be even better if we just slurped in some kind of execution counts
from profiling, but we don't do that, yet.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGBasicBlock.cpp:
(JSC::DFG::BasicBlock::BasicBlock):
* dfg/DFGBasicBlock.h:
* dfg/DFGBlockInsertionSet.cpp:
(JSC::DFG::BlockInsertionSet::insert):
(JSC::DFG::BlockInsertionSet::insertBefore):
* dfg/DFGBlockInsertionSet.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGCriticalEdgeBreakingPhase.cpp:
(JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
* dfg/DFGLoopPreHeaderCreationPhase.cpp:
(JSC::DFG::createPreHeader):
* dfg/DFGNaturalLoops.h:
(JSC::DFG::NaturalLoops::loopDepth):
* dfg/DFGOSREntrypointCreationPhase.cpp:
(JSC::DFG::OSREntrypointCreationPhase::run):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGStaticExecutionCountEstimationPhase.cpp: Added.
(JSC::DFG::StaticExecutionCountEstimationPhase::StaticExecutionCountEstimationPhase):
(JSC::DFG::StaticExecutionCountEstimationPhase::run):
(JSC::DFG::StaticExecutionCountEstimationPhase::applyCounts):
(JSC::DFG::performStaticExecutionCountEstimation):
* dfg/DFGStaticExecutionCountEstimationPhase.h: Added.
2014-02-20 Filip Pizlo <fpizlo@apple.com>
FTL may not see a compact_unwind section if there weren't any stackmaps
https://bugs.webkit.org/show_bug.cgi?id=129125
Reviewed by Geoffrey Garen.
It's OK to not have an unwind section, so long as the function also doesn't have any
OSR exits.
* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):
(JSC::FTL::compile):
* ftl/FTLUnwindInfo.cpp:
(JSC::FTL::UnwindInfo::parse):
* ftl/FTLUnwindInfo.h:
== Rolled over to ChangeLog-2014-02-20 ==