| 2018-11-05 Dominik Infuehr <dinfuehr@igalia.com> |
| |
| Enable LLInt on ARMv7/Linux |
| https://bugs.webkit.org/show_bug.cgi?id=191190 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| After enabling the new bytecode format in r237547, C_LOOP was |
| forced on all 32-bit platforms. Now enable LLInt again on |
| ARMv7-Thumb2/Linux. |
| |
| This adds a callee-saved register in ARMv7/Linux for the metadataTable and |
| stores/restores it on LLInt function calls. It also introduces the globaladdr- |
| instruction for the ARM-offlineasm to access the opcode-table. |
| |
| * jit/GPRInfo.h: |
| * jit/RegisterSet.cpp: |
| (JSC::RegisterSet::llintBaselineCalleeSaveRegisters): |
| * llint/LowLevelInterpreter.asm: |
| * llint/LowLevelInterpreter32_64.asm: |
| * offlineasm/arm.rb: |
| * offlineasm/asm.rb: |
| * offlineasm/instructions.rb: |
| |
| 2018-11-05 Fujii Hironori <Hironori.Fujii@sony.com> |
| |
| [Win][Clang][JSC] JIT::is64BitType reports "warning: explicit specialization cannot have a storage class" |
| https://bugs.webkit.org/show_bug.cgi?id=191146 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| * jit/JIT.h: Changed is64BitType from a template class method to a |
| template inner class. |
| |
| 2018-11-02 Keith Miller <keith_miller@apple.com> |
| |
| Assert JSValues can fit into a pointer when API casting |
| https://bugs.webkit.org/show_bug.cgi?id=191220 |
| |
| Reviewed by Michael Saboff. |
| |
| * API/APICast.h: |
| (toJS): |
| (toJSForGC): |
| (toRef): |
| |
| 2018-11-02 Michael Saboff <msaboff@apple.com> |
| |
| Rolling in r237753 with unreviewed build fix. |
| |
| Fixed issues with DECLARE_THROW_SCOPE placement. |
| |
| 2018-11-02 Ryan Haddad <ryanhaddad@apple.com> |
| |
| Unreviewed, rolling out r237753. |
| |
| Introduced JSC test failures |
| |
| Reverted changeset: |
| |
| "Running out of stack space not properly handled in |
| RegExp::compile() and its callers" |
| https://bugs.webkit.org/show_bug.cgi?id=191206 |
| https://trac.webkit.org/changeset/237753 |
| |
| 2018-11-02 Michael Saboff <msaboff@apple.com> |
| |
| Running out of stack space not properly handled in RegExp::compile() and its callers |
| https://bugs.webkit.org/show_bug.cgi?id=191206 |
| |
| Reviewed by Filip Pizlo. |
| |
| Eliminated two RELEASE_ASSERT_NOT_REACHED() for errors returned by Yarr parsing code. Bubbled those errors |
| up to where they are turned into the appropriate exceptions in matchInline(). If the errors are not due |
| to syntax, we reset the RegExp state in case the parsing is tried with a smaller stack. |
| |
| * runtime/RegExp.cpp: |
| (JSC::RegExp::compile): |
| (JSC::RegExp::compileMatchOnly): |
| * runtime/RegExp.h: |
| * runtime/RegExpInlines.h: |
| (JSC::RegExp::compileIfNecessary): |
| (JSC::RegExp::matchInline): |
| (JSC::RegExp::compileIfNecessaryMatchOnly): |
| * runtime/RegExpObjectInlines.h: |
| (JSC::RegExpObject::execInline): |
| * yarr/YarrErrorCode.h: |
| (JSC::Yarr::hasHardError): |
| |
| 2018-11-02 Keith Miller <keith_miller@apple.com> |
| |
| API should use wrapper object if address is 32-bit |
| https://bugs.webkit.org/show_bug.cgi?id=191203 |
| |
| Reviewed by Filip Pizlo. |
| |
| * API/APICast.h: |
| (toJS): |
| (toJSForGC): |
| (toRef): |
| |
| 2018-11-02 Tadeu Zagallo <tzagallo@apple.com> |
| |
| Metadata should not be copyable |
| https://bugs.webkit.org/show_bug.cgi?id=191193 |
| |
| Reviewed by Keith Miller. |
| |
| We should only ever hold references to the entry in the metadata table. |
| |
| * bytecode/CodeBlock.cpp: |
| (JSC::CodeBlock::finalizeLLIntInlineCaches): |
| * dfg/DFGByteCodeParser.cpp: |
| (JSC::DFG::ByteCodeParser::parseBlock): |
| * generator/Metadata.rb: |
| |
| 2018-11-02 Tadeu Zagallo <tzagallo@apple.com> |
| |
| REGRESSION(r237547): Exception handlers should be aware of wide opcodes when JIT is disabled |
| https://bugs.webkit.org/show_bug.cgi?id=191175 |
| |
| Reviewed by Keith Miller. |
| |
| https://bugs.webkit.org/show_bug.cgi?id=191108 did not handle the case where JIT is not enabled |
| |
| * jit/JITExceptions.cpp: |
| (JSC::genericUnwind): |
| * llint/LLIntData.h: |
| (JSC::LLInt::getWideCodePtr): |
| |
| 2018-11-01 Fujii Hironori <Hironori.Fujii@sony.com> |
| |
| Rename <wtf/unicode/UTF8.h> to <wtf/unicode/UTF8Conversion.h> in order to avoid conflicting with ICU's unicode/utf8.h |
| https://bugs.webkit.org/show_bug.cgi?id=189693 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| * API/JSClassRef.cpp: Replaced <wtf/unicode/UTF8.h> with <wtf/unicode/UTF8Conversion.h>. |
| * API/JSStringRef.cpp: Ditto. |
| * runtime/JSGlobalObjectFunctions.cpp: Ditto. |
| * wasm/WasmParser.h: Ditto. |
| |
| 2018-11-01 Keith Miller <keith_miller@apple.com> |
| |
| Unreviewed, JavaScriptCore should only guarantee to produce a |
| modulemap if we are building for iOSMac. |
| |
| * Configurations/JavaScriptCore.xcconfig: |
| |
| 2018-10-31 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: Canvas: create a setting for auto-recording newly created contexts |
| https://bugs.webkit.org/show_bug.cgi?id=190856 |
| |
| Reviewed by Brian Burg. |
| |
| * inspector/protocol/Canvas.json: |
| Add `setRecordingAutoCaptureFrameCount` command for setting the number of frames to record |
| immediately after a context is created. |
| |
| * inspector/protocol/Recording.json: |
| Add `creation` value for `Initiator` enum. |
| |
| 2018-10-31 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: display low-power enter/exit events in Timelines and Network node waterfalls |
| https://bugs.webkit.org/show_bug.cgi?id=190641 |
| <rdar://problem/45319049> |
| |
| Reviewed by Joseph Pecoraro. |
| |
| * inspector/protocol/DOM.json: |
| Add `videoLowPowerChanged` event that is fired when `InspectorDOMAgent` is able to determine |
| whether a video element's low power state has changed. |
| |
| 2018-10-31 Tadeu Zagallo <tzagallo@apple.com> |
| |
| Adjust inlining threshold for new bytecode format |
| https://bugs.webkit.org/show_bug.cgi?id=191115 |
| |
| Reviewed by Saam Barati. |
| |
| The new format reduced the number of operands for many opcodes, which |
| changed inlining decisions and impacted performance negatively. |
| |
| * runtime/Options.h: |
| |
| 2018-10-31 Tadeu Zagallo <tzagallo@apple.com> |
| |
| REGRESSION(r237547): Exception handlers should be aware of wide opcodes |
| https://bugs.webkit.org/show_bug.cgi?id=191108 |
| <rdar://problem/45690700> |
| |
| Reviewed by Saam Barati. |
| |
| When linking the handler, we need to check whether the target op_catch is |
| wide or narrow in order to chose the right code pointer for the handler. |
| |
| * bytecode/CodeBlock.cpp: |
| (JSC::CodeBlock::finishCreation): |
| |
| 2018-10-31 Dominik Infuehr <dinfuehr@igalia.com> |
| |
| Align entries in metadata table |
| https://bugs.webkit.org/show_bug.cgi?id=191062 |
| |
| Reviewed by Filip Pizlo. |
| |
| Entries in the metadata table need to be aligned on some 32-bit |
| architectures. |
| |
| * bytecode/MetadataTable.h: |
| (JSC::MetadataTable::forEach): |
| * bytecode/Opcode.cpp: |
| (JSC::metadataAlignment): |
| * bytecode/Opcode.h: |
| * bytecode/UnlinkedMetadataTableInlines.h: |
| (JSC::UnlinkedMetadataTable::finalize): |
| * generator/Section.rb: |
| |
| 2018-10-31 Jim Mason <jmason@ibinx.com> |
| |
| Static global 'fastHandlerInstalled' conditionally declared in WasmFaultSignalHandler.cpp |
| https://bugs.webkit.org/show_bug.cgi?id=191063 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| * wasm/WasmFaultSignalHandler.cpp: |
| |
| 2018-10-30 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC][LLInt] Compact LLInt ASM code by removing unnecessary instructions |
| https://bugs.webkit.org/show_bug.cgi?id=191092 |
| |
| Reviewed by Saam Barati. |
| |
| Looking through LLIntAssembly.h, we can find several inefficiencies. This patch fixes the |
| following things to tighten LLInt ASM code. |
| |
| 1. Remove unnecessary load instructions. Use jmp with BaseIndex directly. |
| 2. Introduce strength reduction for mul instructions in offlineasm layer. This is now critical |
| since mul instruction is executed in `metadata` operation in LLInt. If the given immediate is |
| a power of two, we convert it to lshift instruction. |
| |
| * llint/LowLevelInterpreter32_64.asm: |
| * llint/LowLevelInterpreter64.asm: |
| * offlineasm/arm64.rb: |
| * offlineasm/instructions.rb: |
| * offlineasm/x86.rb: |
| |
| 2018-10-30 Don Olmstead <don.olmstead@sony.com> |
| |
| [PlayStation] Enable JavaScriptCore |
| https://bugs.webkit.org/show_bug.cgi?id=191072 |
| |
| Reviewed by Brent Fulgham. |
| |
| Add platform files for the PlayStation port. |
| |
| * PlatformPlayStation.cmake: Added. |
| |
| 2018-10-30 Alexey Proskuryakov <ap@apple.com> |
| |
| Clean up some obsolete MAX_ALLOWED macros |
| https://bugs.webkit.org/show_bug.cgi?id=190916 |
| |
| Reviewed by Tim Horton. |
| |
| * API/JSManagedValue.mm: |
| * API/JSVirtualMachine.mm: |
| * API/JSWrapperMap.mm: |
| |
| 2018-10-30 Ross Kirsling <ross.kirsling@sony.com> |
| |
| useProbeOSRExit causes failures for Win64 DFG JIT |
| https://bugs.webkit.org/show_bug.cgi?id=190656 |
| |
| Reviewed by Keith Miller. |
| |
| * assembler/ProbeContext.cpp: |
| (JSC::Probe::executeProbe): |
| If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param, |
| then let's just call lowWatermarkFromVisitingDirtyPages instead. |
| |
| * dfg/DFGOSRExit.cpp: |
| (JSC::DFG::OSRExit::executeOSRExit): |
| The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset; |
| mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead. |
| (Also, stop redundantly setting the stack pointer twice in a row.) |
| |
| 2018-10-30 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| "Unreviewed, partial rolling in r237254" |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| |
| This only adds Parser.{cpp,h}. And it is not used in this patch. |
| It examines that the regression is related to exact Parser changes. |
| |
| * parser/Parser.cpp: |
| (JSC::Parser<LexerType>::parseInner): |
| (JSC::Parser<LexerType>::parseSingleFunction): |
| (JSC::Parser<LexerType>::parseFunctionInfo): |
| (JSC::Parser<LexerType>::parseFunctionDeclaration): |
| (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration): |
| * parser/Parser.h: |
| (JSC::Parser<LexerType>::parse): |
| (JSC::parse): |
| (JSC::parseFunctionForFunctionConstructor): |
| |
| 2018-10-29 Mark Lam <mark.lam@apple.com> |
| |
| Correctly detect string overflow when using the 'Function' constructor. |
| https://bugs.webkit.org/show_bug.cgi?id=184883 |
| <rdar://problem/36320331> |
| |
| Reviewed by Saam Barati. |
| |
| Added StringBuilder::hasOverflowed() checks, and throwing OutOfMemoryErrors if |
| we detect an overflow. |
| |
| * runtime/FunctionConstructor.cpp: |
| (JSC::constructFunctionSkippingEvalEnabledCheck): |
| * runtime/JSGlobalObjectFunctions.cpp: |
| (JSC::encode): |
| (JSC::decode): |
| * runtime/JSONObject.cpp: |
| (JSC::Stringifier::stringify): |
| (JSC::Stringifier::appendStringifiedValue): |
| |
| 2018-10-29 Tadeu Zagallo <tzagallo@apple.com> |
| |
| Unreviewed, fix JSC on arm64e after r237547 |
| https://bugs.webkit.org/show_bug.cgi?id=187373 |
| |
| Unreviewed. |
| |
| Remove unused move guarded by POINTER_PROFILING that was trashing the |
| metadata on arm64e. |
| |
| * llint/LowLevelInterpreter64.asm: |
| |
| 2018-10-29 Keith Miller <keith_miller@apple.com> |
| |
| JSC should explicitly list its modulemap file |
| https://bugs.webkit.org/show_bug.cgi?id=191032 |
| |
| Reviewed by Saam Barati. |
| |
| The automagically generated module map file for JSC will |
| include headers where they may not work out of the box. |
| This patch makes it so we now export the same modulemap |
| that used to be provided via the legacy system. |
| |
| * Configurations/JavaScriptCore.xcconfig: |
| * JavaScriptCore.modulemap: Added. |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| |
| 2018-10-29 Tim Horton <timothy_horton@apple.com> |
| |
| Modernize WebKit nibs and lprojs for localization's sake |
| https://bugs.webkit.org/show_bug.cgi?id=190911 |
| <rdar://problem/45349466> |
| |
| Reviewed by Dan Bernstein. |
| |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| English->en |
| |
| 2018-10-29 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r237492. |
| https://bugs.webkit.org/show_bug.cgi?id=191035 |
| |
| "It regresses JetStream 2 by 5% on some iOS devices" |
| (Requested by saamyjoon on #webkit). |
| |
| Reverted changeset: |
| |
| "Unreviewed, partial rolling in r237254" |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| https://trac.webkit.org/changeset/237492 |
| |
| 2018-10-29 Tadeu Zagallo <tzagallo@apple.com> |
| |
| Add support for GetStack FlushedDouble |
| https://bugs.webkit.org/show_bug.cgi?id=191012 |
| <rdar://problem/45265141> |
| |
| Reviewed by Saam Barati. |
| |
| LowerDFGToB3::compileGetStack assumed that we would not emit GetStack |
| for doubles, but it turns out it may arise from the PutStack sinking |
| phase: if we sink a PutStack into a successor block, other predecessors |
| will emit a GetStack followed by a Upsilon. |
| |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compileGetStack): |
| |
| 2018-10-29 Tadeu Zagallo <tzagallo@apple.com> |
| |
| New bytecode format for JSC |
| https://bugs.webkit.org/show_bug.cgi?id=187373 |
| <rdar://problem/44186758> |
| |
| Reviewed by Filip Pizlo. |
| |
| Replace unlinked and linked bytecode with a new immutable bytecode that does not embed |
| any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte |
| operands) and might contain an extra operand, the metadataID. The metadataID is used to |
| access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable). |
| |
| Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names |
| and types to all its operands. Additionally, reading a bytecode from the instruction stream |
| requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary |
| operands directly from the stream. |
| |
| |
| * CMakeLists.txt: |
| * DerivedSources.make: |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * Sources.txt: |
| * assembler/MacroAssemblerCodeRef.h: |
| (JSC::ReturnAddressPtr::ReturnAddressPtr): |
| (JSC::ReturnAddressPtr::value const): |
| (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): |
| (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): |
| * bytecode/ArithProfile.h: |
| (JSC::ArithProfile::ArithProfile): |
| * bytecode/ArrayAllocationProfile.h: |
| (JSC::ArrayAllocationProfile::ArrayAllocationProfile): |
| * bytecode/ArrayProfile.h: |
| * bytecode/BytecodeBasicBlock.cpp: |
| (JSC::isJumpTarget): |
| (JSC::BytecodeBasicBlock::computeImpl): |
| (JSC::BytecodeBasicBlock::compute): |
| * bytecode/BytecodeBasicBlock.h: |
| (JSC::BytecodeBasicBlock::leaderOffset const): |
| (JSC::BytecodeBasicBlock::totalLength const): |
| (JSC::BytecodeBasicBlock::offsets const): |
| (JSC::BytecodeBasicBlock::BytecodeBasicBlock): |
| (JSC::BytecodeBasicBlock::addLength): |
| * bytecode/BytecodeDumper.cpp: |
| (JSC::BytecodeDumper<Block>::printLocationAndOp): |
| (JSC::BytecodeDumper<Block>::dumpBytecode): |
| (JSC::BytecodeDumper<Block>::dumpIdentifiers): |
| (JSC::BytecodeDumper<Block>::dumpConstants): |
| (JSC::BytecodeDumper<Block>::dumpExceptionHandlers): |
| (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables): |
| (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables): |
| (JSC::BytecodeDumper<Block>::dumpBlock): |
| * bytecode/BytecodeDumper.h: |
| (JSC::BytecodeDumper::dumpOperand): |
| (JSC::BytecodeDumper::dumpValue): |
| (JSC::BytecodeDumper::BytecodeDumper): |
| (JSC::BytecodeDumper::block const): |
| * bytecode/BytecodeGeneratorification.cpp: |
| (JSC::BytecodeGeneratorification::BytecodeGeneratorification): |
| (JSC::BytecodeGeneratorification::enterPoint const): |
| (JSC::BytecodeGeneratorification::instructions const): |
| (JSC::GeneratorLivenessAnalysis::run): |
| (JSC::BytecodeGeneratorification::run): |
| (JSC::performGeneratorification): |
| * bytecode/BytecodeGeneratorification.h: |
| * bytecode/BytecodeGraph.h: |
| (JSC::BytecodeGraph::blockContainsBytecodeOffset): |
| (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset): |
| (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset): |
| (JSC::BytecodeGraph::BytecodeGraph): |
| * bytecode/BytecodeKills.h: |
| * bytecode/BytecodeList.json: Removed. |
| * bytecode/BytecodeList.rb: Added. |
| * bytecode/BytecodeLivenessAnalysis.cpp: |
| (JSC::BytecodeLivenessAnalysis::dumpResults): |
| * bytecode/BytecodeLivenessAnalysis.h: |
| * bytecode/BytecodeLivenessAnalysisInlines.h: |
| (JSC::isValidRegisterForLiveness): |
| (JSC::BytecodeLivenessPropagation::stepOverInstruction): |
| * bytecode/BytecodeRewriter.cpp: |
| (JSC::BytecodeRewriter::applyModification): |
| (JSC::BytecodeRewriter::execute): |
| (JSC::BytecodeRewriter::adjustJumpTargetsInFragment): |
| (JSC::BytecodeRewriter::insertImpl): |
| (JSC::BytecodeRewriter::adjustJumpTarget): |
| (JSC::BytecodeRewriter::adjustJumpTargets): |
| * bytecode/BytecodeRewriter.h: |
| (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint): |
| (JSC::BytecodeRewriter::Fragment::Fragment): |
| (JSC::BytecodeRewriter::Fragment::appendInstruction): |
| (JSC::BytecodeRewriter::BytecodeRewriter): |
| (JSC::BytecodeRewriter::insertFragmentBefore): |
| (JSC::BytecodeRewriter::insertFragmentAfter): |
| (JSC::BytecodeRewriter::removeBytecode): |
| (JSC::BytecodeRewriter::adjustAbsoluteOffset): |
| (JSC::BytecodeRewriter::adjustJumpTarget): |
| * bytecode/BytecodeUseDef.h: |
| (JSC::computeUsesForBytecodeOffset): |
| (JSC::computeDefsForBytecodeOffset): |
| * bytecode/CallLinkStatus.cpp: |
| (JSC::CallLinkStatus::computeFromLLInt): |
| * bytecode/CodeBlock.cpp: |
| (JSC::CodeBlock::dumpBytecode): |
| (JSC::CodeBlock::CodeBlock): |
| (JSC::CodeBlock::finishCreation): |
| (JSC::CodeBlock::estimatedSize): |
| (JSC::CodeBlock::visitChildren): |
| (JSC::CodeBlock::propagateTransitions): |
| (JSC::CodeBlock::finalizeLLIntInlineCaches): |
| (JSC::CodeBlock::addJITAddIC): |
| (JSC::CodeBlock::addJITMulIC): |
| (JSC::CodeBlock::addJITSubIC): |
| (JSC::CodeBlock::addJITNegIC): |
| (JSC::CodeBlock::stronglyVisitStrongReferences): |
| (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset): |
| (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow): |
| (JSC::CodeBlock::hasOpDebugForLineAndColumn): |
| (JSC::CodeBlock::getArrayProfile): |
| (JSC::CodeBlock::updateAllArrayPredictions): |
| (JSC::CodeBlock::predictedMachineCodeSize): |
| (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset): |
| (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): |
| (JSC::CodeBlock::valueProfileForBytecodeOffset): |
| (JSC::CodeBlock::validate): |
| (JSC::CodeBlock::outOfLineJumpOffset): |
| (JSC::CodeBlock::outOfLineJumpTarget): |
| (JSC::CodeBlock::arithProfileForBytecodeOffset): |
| (JSC::CodeBlock::arithProfileForPC): |
| (JSC::CodeBlock::couldTakeSpecialFastCase): |
| (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler): |
| * bytecode/CodeBlock.h: |
| (JSC::CodeBlock::addMathIC): |
| (JSC::CodeBlock::outOfLineJumpOffset): |
| (JSC::CodeBlock::bytecodeOffset): |
| (JSC::CodeBlock::instructions const): |
| (JSC::CodeBlock::instructionCount const): |
| (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters): |
| (JSC::CodeBlock::metadata): |
| (JSC::CodeBlock::metadataSizeInBytes): |
| (JSC::CodeBlock::numberOfNonArgumentValueProfiles): |
| (JSC::CodeBlock::totalNumberOfValueProfiles): |
| * bytecode/CodeBlockInlines.h: Added. |
| (JSC::CodeBlock::forEachValueProfile): |
| (JSC::CodeBlock::forEachArrayProfile): |
| (JSC::CodeBlock::forEachArrayAllocationProfile): |
| (JSC::CodeBlock::forEachObjectAllocationProfile): |
| (JSC::CodeBlock::forEachLLIntCallLinkInfo): |
| * bytecode/Fits.h: Added. |
| * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h. |
| * bytecode/GetByIdStatus.cpp: |
| (JSC::GetByIdStatus::computeFromLLInt): |
| * bytecode/Instruction.h: |
| (JSC::Instruction::Instruction): |
| (JSC::Instruction::Impl::opcodeID const): |
| (JSC::Instruction::opcodeID const): |
| (JSC::Instruction::name const): |
| (JSC::Instruction::isWide const): |
| (JSC::Instruction::size const): |
| (JSC::Instruction::is const): |
| (JSC::Instruction::as const): |
| (JSC::Instruction::cast): |
| (JSC::Instruction::cast const): |
| (JSC::Instruction::narrow const): |
| (JSC::Instruction::wide const): |
| * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| (JSC::InstructionStream::InstructionStream): |
| (JSC::InstructionStream::sizeInBytes const): |
| * bytecode/InstructionStream.h: Added. |
| (JSC::InstructionStream::BaseRef::BaseRef): |
| (JSC::InstructionStream::BaseRef::operator=): |
| (JSC::InstructionStream::BaseRef::operator-> const): |
| (JSC::InstructionStream::BaseRef::ptr const): |
| (JSC::InstructionStream::BaseRef::operator!= const): |
| (JSC::InstructionStream::BaseRef::next const): |
| (JSC::InstructionStream::BaseRef::offset const): |
| (JSC::InstructionStream::BaseRef::isValid const): |
| (JSC::InstructionStream::BaseRef::unwrap const): |
| (JSC::InstructionStream::MutableRef::freeze const): |
| (JSC::InstructionStream::MutableRef::operator->): |
| (JSC::InstructionStream::MutableRef::ptr): |
| (JSC::InstructionStream::MutableRef::operator Ref): |
| (JSC::InstructionStream::MutableRef::unwrap): |
| (JSC::InstructionStream::iterator::operator*): |
| (JSC::InstructionStream::iterator::operator++): |
| (JSC::InstructionStream::begin const): |
| (JSC::InstructionStream::end const): |
| (JSC::InstructionStream::at const): |
| (JSC::InstructionStream::size const): |
| (JSC::InstructionStreamWriter::InstructionStreamWriter): |
| (JSC::InstructionStreamWriter::ref): |
| (JSC::InstructionStreamWriter::seek): |
| (JSC::InstructionStreamWriter::position): |
| (JSC::InstructionStreamWriter::write): |
| (JSC::InstructionStreamWriter::rewind): |
| (JSC::InstructionStreamWriter::finalize): |
| (JSC::InstructionStreamWriter::swap): |
| (JSC::InstructionStreamWriter::iterator::operator*): |
| (JSC::InstructionStreamWriter::iterator::operator++): |
| (JSC::InstructionStreamWriter::begin): |
| (JSC::InstructionStreamWriter::end): |
| * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp: |
| (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint): |
| (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal): |
| (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache): |
| * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h: |
| * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| (JSC::MetadataTable::MetadataTable): |
| (JSC::DeallocTable::withOpcodeType): |
| (JSC::MetadataTable::~MetadataTable): |
| (JSC::MetadataTable::sizeInBytes): |
| * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h. |
| (JSC::MetadataTable::get): |
| (JSC::MetadataTable::forEach): |
| (JSC::MetadataTable::getImpl): |
| * bytecode/Opcode.cpp: |
| (JSC::metadataSize): |
| * bytecode/Opcode.h: |
| (JSC::padOpcodeName): |
| * bytecode/OpcodeInlines.h: |
| (JSC::isOpcodeShape): |
| (JSC::getOpcodeType): |
| * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| * bytecode/PreciseJumpTargets.cpp: |
| (JSC::getJumpTargetsForInstruction): |
| (JSC::computePreciseJumpTargetsInternal): |
| (JSC::computePreciseJumpTargets): |
| (JSC::recomputePreciseJumpTargets): |
| (JSC::findJumpTargetsForInstruction): |
| * bytecode/PreciseJumpTargets.h: |
| * bytecode/PreciseJumpTargetsInlines.h: |
| (JSC::jumpTargetForInstruction): |
| (JSC::extractStoredJumpTargetsForInstruction): |
| (JSC::updateStoredJumpTargetsForInstruction): |
| * bytecode/PutByIdStatus.cpp: |
| (JSC::PutByIdStatus::computeFromLLInt): |
| * bytecode/SpecialPointer.cpp: |
| (WTF::printInternal): |
| * bytecode/SpecialPointer.h: |
| * bytecode/UnlinkedCodeBlock.cpp: |
| (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): |
| (JSC::UnlinkedCodeBlock::visitChildren): |
| (JSC::UnlinkedCodeBlock::estimatedSize): |
| (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): |
| (JSC::dumpLineColumnEntry): |
| (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const): |
| (JSC::UnlinkedCodeBlock::setInstructions): |
| (JSC::UnlinkedCodeBlock::instructions const): |
| (JSC::UnlinkedCodeBlock::applyModification): |
| (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget): |
| (JSC::UnlinkedCodeBlock::outOfLineJumpOffset): |
| * bytecode/UnlinkedCodeBlock.h: |
| (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): |
| (JSC::UnlinkedCodeBlock::propertyAccessInstructions const): |
| (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): |
| (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const): |
| (JSC::UnlinkedCodeBlock::metadata): |
| (JSC::UnlinkedCodeBlock::metadataSizeInBytes): |
| (JSC::UnlinkedCodeBlock::outOfLineJumpOffset): |
| (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets): |
| * bytecode/UnlinkedInstructionStream.cpp: Removed. |
| * bytecode/UnlinkedInstructionStream.h: Removed. |
| * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h. |
| * bytecode/UnlinkedMetadataTableInlines.h: Added. |
| (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable): |
| (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable): |
| (JSC::UnlinkedMetadataTable::addEntry): |
| (JSC::UnlinkedMetadataTable::sizeInBytes): |
| (JSC::UnlinkedMetadataTable::finalize): |
| (JSC::UnlinkedMetadataTable::link): |
| (JSC::UnlinkedMetadataTable::unlink): |
| * bytecode/VirtualRegister.cpp: |
| (JSC::VirtualRegister::VirtualRegister): |
| * bytecode/VirtualRegister.h: |
| * bytecompiler/BytecodeGenerator.cpp: |
| (JSC::Label::setLocation): |
| (JSC::Label::bind): |
| (JSC::BytecodeGenerator::generate): |
| (JSC::BytecodeGenerator::BytecodeGenerator): |
| (JSC::BytecodeGenerator::initializeVarLexicalEnvironment): |
| (JSC::BytecodeGenerator::emitEnter): |
| (JSC::BytecodeGenerator::emitLoopHint): |
| (JSC::BytecodeGenerator::emitJump): |
| (JSC::BytecodeGenerator::emitCheckTraps): |
| (JSC::BytecodeGenerator::rewind): |
| (JSC::BytecodeGenerator::fuseCompareAndJump): |
| (JSC::BytecodeGenerator::fuseTestAndJmp): |
| (JSC::BytecodeGenerator::emitJumpIfTrue): |
| (JSC::BytecodeGenerator::emitJumpIfFalse): |
| (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): |
| (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): |
| (JSC::BytecodeGenerator::moveLinkTimeConstant): |
| (JSC::BytecodeGenerator::moveEmptyValue): |
| (JSC::BytecodeGenerator::emitMove): |
| (JSC::BytecodeGenerator::emitUnaryOp): |
| (JSC::BytecodeGenerator::emitBinaryOp): |
| (JSC::BytecodeGenerator::emitToObject): |
| (JSC::BytecodeGenerator::emitToNumber): |
| (JSC::BytecodeGenerator::emitToString): |
| (JSC::BytecodeGenerator::emitTypeOf): |
| (JSC::BytecodeGenerator::emitInc): |
| (JSC::BytecodeGenerator::emitDec): |
| (JSC::BytecodeGenerator::emitEqualityOp): |
| (JSC::BytecodeGenerator::emitProfileType): |
| (JSC::BytecodeGenerator::emitProfileControlFlow): |
| (JSC::BytecodeGenerator::pushLexicalScopeInternal): |
| (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval): |
| (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration): |
| (JSC::BytecodeGenerator::emitOverridesHasInstance): |
| (JSC::BytecodeGenerator::emitResolveScope): |
| (JSC::BytecodeGenerator::emitGetFromScope): |
| (JSC::BytecodeGenerator::emitPutToScope): |
| (JSC::BytecodeGenerator::emitInstanceOf): |
| (JSC::BytecodeGenerator::emitInstanceOfCustom): |
| (JSC::BytecodeGenerator::emitInByVal): |
| (JSC::BytecodeGenerator::emitInById): |
| (JSC::BytecodeGenerator::emitTryGetById): |
| (JSC::BytecodeGenerator::emitGetById): |
| (JSC::BytecodeGenerator::emitDirectGetById): |
| (JSC::BytecodeGenerator::emitPutById): |
| (JSC::BytecodeGenerator::emitDirectPutById): |
| (JSC::BytecodeGenerator::emitPutGetterById): |
| (JSC::BytecodeGenerator::emitPutSetterById): |
| (JSC::BytecodeGenerator::emitPutGetterSetter): |
| (JSC::BytecodeGenerator::emitPutGetterByVal): |
| (JSC::BytecodeGenerator::emitPutSetterByVal): |
| (JSC::BytecodeGenerator::emitDeleteById): |
| (JSC::BytecodeGenerator::emitGetByVal): |
| (JSC::BytecodeGenerator::emitPutByVal): |
| (JSC::BytecodeGenerator::emitDirectPutByVal): |
| (JSC::BytecodeGenerator::emitDeleteByVal): |
| (JSC::BytecodeGenerator::emitSuperSamplerBegin): |
| (JSC::BytecodeGenerator::emitSuperSamplerEnd): |
| (JSC::BytecodeGenerator::emitIdWithProfile): |
| (JSC::BytecodeGenerator::emitUnreachable): |
| (JSC::BytecodeGenerator::emitGetArgument): |
| (JSC::BytecodeGenerator::emitCreateThis): |
| (JSC::BytecodeGenerator::emitTDZCheck): |
| (JSC::BytecodeGenerator::emitNewObject): |
| (JSC::BytecodeGenerator::emitNewArrayBuffer): |
| (JSC::BytecodeGenerator::emitNewArray): |
| (JSC::BytecodeGenerator::emitNewArrayWithSpread): |
| (JSC::BytecodeGenerator::emitNewArrayWithSize): |
| (JSC::BytecodeGenerator::emitNewRegExp): |
| (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon): |
| (JSC::BytecodeGenerator::emitNewDefaultConstructor): |
| (JSC::BytecodeGenerator::emitNewFunction): |
| (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded): |
| (JSC::BytecodeGenerator::emitCall): |
| (JSC::BytecodeGenerator::emitCallInTailPosition): |
| (JSC::BytecodeGenerator::emitCallEval): |
| (JSC::BytecodeGenerator::emitExpectedFunctionSnippet): |
| (JSC::BytecodeGenerator::emitCallVarargs): |
| (JSC::BytecodeGenerator::emitCallVarargsInTailPosition): |
| (JSC::BytecodeGenerator::emitConstructVarargs): |
| (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition): |
| (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary): |
| (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary): |
| (JSC::BytecodeGenerator::emitCallDefineProperty): |
| (JSC::BytecodeGenerator::emitReturn): |
| (JSC::BytecodeGenerator::emitEnd): |
| (JSC::BytecodeGenerator::emitConstruct): |
| (JSC::BytecodeGenerator::emitStrcat): |
| (JSC::BytecodeGenerator::emitToPrimitive): |
| (JSC::BytecodeGenerator::emitGetScope): |
| (JSC::BytecodeGenerator::emitPushWithScope): |
| (JSC::BytecodeGenerator::emitGetParentScope): |
| (JSC::BytecodeGenerator::emitDebugHook): |
| (JSC::BytecodeGenerator::emitCatch): |
| (JSC::BytecodeGenerator::emitThrow): |
| (JSC::BytecodeGenerator::emitArgumentCount): |
| (JSC::BytecodeGenerator::emitThrowStaticError): |
| (JSC::BytecodeGenerator::beginSwitch): |
| (JSC::prepareJumpTableForSwitch): |
| (JSC::prepareJumpTableForStringSwitch): |
| (JSC::BytecodeGenerator::endSwitch): |
| (JSC::BytecodeGenerator::emitGetEnumerableLength): |
| (JSC::BytecodeGenerator::emitHasGenericProperty): |
| (JSC::BytecodeGenerator::emitHasIndexedProperty): |
| (JSC::BytecodeGenerator::emitHasStructureProperty): |
| (JSC::BytecodeGenerator::emitGetPropertyEnumerator): |
| (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName): |
| (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName): |
| (JSC::BytecodeGenerator::emitToIndexString): |
| (JSC::BytecodeGenerator::emitIsCellWithType): |
| (JSC::BytecodeGenerator::emitIsObject): |
| (JSC::BytecodeGenerator::emitIsNumber): |
| (JSC::BytecodeGenerator::emitIsUndefined): |
| (JSC::BytecodeGenerator::emitIsEmpty): |
| (JSC::BytecodeGenerator::emitRestParameter): |
| (JSC::BytecodeGenerator::emitRequireObjectCoercible): |
| (JSC::BytecodeGenerator::emitYieldPoint): |
| (JSC::BytecodeGenerator::emitYield): |
| (JSC::BytecodeGenerator::emitGetAsyncIterator): |
| (JSC::BytecodeGenerator::emitDelegateYield): |
| (JSC::BytecodeGenerator::emitFinallyCompletion): |
| (JSC::BytecodeGenerator::emitJumpIf): |
| (JSC::ForInContext::finalize): |
| (JSC::StructureForInContext::finalize): |
| (JSC::IndexedForInContext::finalize): |
| (JSC::StaticPropertyAnalysis::record): |
| (JSC::BytecodeGenerator::emitToThis): |
| * bytecompiler/BytecodeGenerator.h: |
| (JSC::StructureForInContext::addGetInst): |
| (JSC::BytecodeGenerator::recordOpcode): |
| (JSC::BytecodeGenerator::addMetadataFor): |
| (JSC::BytecodeGenerator::emitUnaryOp): |
| (JSC::BytecodeGenerator::kill): |
| (JSC::BytecodeGenerator::instructions const): |
| (JSC::BytecodeGenerator::write): |
| (JSC::BytecodeGenerator::withWriter): |
| * bytecompiler/Label.h: |
| (JSC::Label::Label): |
| (JSC::Label::bind): |
| * bytecompiler/NodesCodegen.cpp: |
| (JSC::ArrayNode::emitBytecode): |
| (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount): |
| (JSC::ApplyFunctionCallDotNode::emitBytecode): |
| (JSC::BitwiseNotNode::emitBytecode): |
| (JSC::BinaryOpNode::emitBytecode): |
| (JSC::EqualNode::emitBytecode): |
| (JSC::StrictEqualNode::emitBytecode): |
| (JSC::emitReadModifyAssignment): |
| (JSC::ForInNode::emitBytecode): |
| (JSC::CaseBlockNode::emitBytecodeForBlock): |
| (JSC::FunctionNode::emitBytecode): |
| (JSC::ClassExprNode::emitBytecode): |
| * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp. |
| (WTF::printInternal): |
| * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| * bytecompiler/RegisterID.h: |
| * bytecompiler/StaticPropertyAnalysis.h: |
| (JSC::StaticPropertyAnalysis::create): |
| (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis): |
| * bytecompiler/StaticPropertyAnalyzer.h: |
| (JSC::StaticPropertyAnalyzer::createThis): |
| (JSC::StaticPropertyAnalyzer::newObject): |
| (JSC::StaticPropertyAnalyzer::putById): |
| (JSC::StaticPropertyAnalyzer::mov): |
| (JSC::StaticPropertyAnalyzer::kill): |
| * dfg/DFGByteCodeParser.cpp: |
| (JSC::DFG::ByteCodeParser::addCall): |
| (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): |
| (JSC::DFG::ByteCodeParser::getArrayMode): |
| (JSC::DFG::ByteCodeParser::handleCall): |
| (JSC::DFG::ByteCodeParser::handleVarargsCall): |
| (JSC::DFG::ByteCodeParser::handleRecursiveTailCall): |
| (JSC::DFG::ByteCodeParser::inlineCall): |
| (JSC::DFG::ByteCodeParser::handleCallVariant): |
| (JSC::DFG::ByteCodeParser::handleVarargsInlining): |
| (JSC::DFG::ByteCodeParser::handleInlining): |
| (JSC::DFG::ByteCodeParser::handleMinMax): |
| (JSC::DFG::ByteCodeParser::handleIntrinsicCall): |
| (JSC::DFG::ByteCodeParser::handleDOMJITCall): |
| (JSC::DFG::ByteCodeParser::handleIntrinsicGetter): |
| (JSC::DFG::ByteCodeParser::handleDOMJITGetter): |
| (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad): |
| (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor): |
| (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): |
| (JSC::DFG::ByteCodeParser::handleGetById): |
| (JSC::DFG::ByteCodeParser::handlePutById): |
| (JSC::DFG::ByteCodeParser::parseGetById): |
| (JSC::DFG::ByteCodeParser::parseBlock): |
| (JSC::DFG::ByteCodeParser::parseCodeBlock): |
| (JSC::DFG::ByteCodeParser::handlePutByVal): |
| (JSC::DFG::ByteCodeParser::handlePutAccessorById): |
| (JSC::DFG::ByteCodeParser::handlePutAccessorByVal): |
| (JSC::DFG::ByteCodeParser::handleNewFunc): |
| (JSC::DFG::ByteCodeParser::handleNewFuncExp): |
| (JSC::DFG::ByteCodeParser::parse): |
| * dfg/DFGCapabilities.cpp: |
| (JSC::DFG::capabilityLevel): |
| * dfg/DFGCapabilities.h: |
| (JSC::DFG::capabilityLevel): |
| * dfg/DFGOSREntry.cpp: |
| (JSC::DFG::prepareCatchOSREntry): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileValueAdd): |
| (JSC::DFG::SpeculativeJIT::compileValueSub): |
| (JSC::DFG::SpeculativeJIT::compileValueNegate): |
| (JSC::DFG::SpeculativeJIT::compileArithMul): |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueSub): |
| (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC): |
| (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC): |
| (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub): |
| (JSC::FTL::DFG::LowerDFGToB3::compileArithMul): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate): |
| * ftl/FTLOperations.cpp: |
| (JSC::FTL::operationMaterializeObjectInOSR): |
| * generate-bytecode-files: Removed. |
| * generator/Argument.rb: Added. |
| * generator/Assertion.rb: Added. |
| * generator/DSL.rb: Added. |
| * generator/Fits.rb: Added. |
| * generator/GeneratedFile.rb: Added. |
| * generator/Metadata.rb: Added. |
| * generator/Opcode.rb: Added. |
| * generator/OpcodeGroup.rb: Added. |
| * generator/Options.rb: Added. |
| * generator/Section.rb: Added. |
| * generator/Template.rb: Added. |
| * generator/Type.rb: Added. |
| * generator/main.rb: Added. |
| * interpreter/AbstractPC.h: |
| * interpreter/CallFrame.cpp: |
| (JSC::CallFrame::currentVPC const): |
| (JSC::CallFrame::setCurrentVPC): |
| * interpreter/CallFrame.h: |
| (JSC::CallSiteIndex::CallSiteIndex): |
| (JSC::ExecState::setReturnPC): |
| * interpreter/Interpreter.cpp: |
| (WTF::printInternal): |
| * interpreter/Interpreter.h: |
| * interpreter/InterpreterInlines.h: |
| * interpreter/StackVisitor.cpp: |
| (JSC::StackVisitor::Frame::dump const): |
| * interpreter/VMEntryRecord.h: |
| * jit/JIT.cpp: |
| (JSC::JIT::JIT): |
| (JSC::JIT::emitSlowCaseCall): |
| (JSC::JIT::privateCompileMainPass): |
| (JSC::JIT::privateCompileSlowCases): |
| (JSC::JIT::compileWithoutLinking): |
| (JSC::JIT::link): |
| * jit/JIT.h: |
| * jit/JITArithmetic.cpp: |
| (JSC::JIT::emit_op_jless): |
| (JSC::JIT::emit_op_jlesseq): |
| (JSC::JIT::emit_op_jgreater): |
| (JSC::JIT::emit_op_jgreatereq): |
| (JSC::JIT::emit_op_jnless): |
| (JSC::JIT::emit_op_jnlesseq): |
| (JSC::JIT::emit_op_jngreater): |
| (JSC::JIT::emit_op_jngreatereq): |
| (JSC::JIT::emitSlow_op_jless): |
| (JSC::JIT::emitSlow_op_jlesseq): |
| (JSC::JIT::emitSlow_op_jgreater): |
| (JSC::JIT::emitSlow_op_jgreatereq): |
| (JSC::JIT::emitSlow_op_jnless): |
| (JSC::JIT::emitSlow_op_jnlesseq): |
| (JSC::JIT::emitSlow_op_jngreater): |
| (JSC::JIT::emitSlow_op_jngreatereq): |
| (JSC::JIT::emit_op_below): |
| (JSC::JIT::emit_op_beloweq): |
| (JSC::JIT::emit_op_jbelow): |
| (JSC::JIT::emit_op_jbeloweq): |
| (JSC::JIT::emit_op_unsigned): |
| (JSC::JIT::emit_compareAndJump): |
| (JSC::JIT::emit_compareUnsignedAndJump): |
| (JSC::JIT::emit_compareUnsigned): |
| (JSC::JIT::emit_compareAndJumpSlow): |
| (JSC::JIT::emit_op_inc): |
| (JSC::JIT::emit_op_dec): |
| (JSC::JIT::emit_op_mod): |
| (JSC::JIT::emitSlow_op_mod): |
| (JSC::JIT::emit_op_negate): |
| (JSC::JIT::emitSlow_op_negate): |
| (JSC::JIT::emitBitBinaryOpFastPath): |
| (JSC::JIT::emit_op_bitand): |
| (JSC::JIT::emit_op_bitor): |
| (JSC::JIT::emit_op_bitxor): |
| (JSC::JIT::emit_op_lshift): |
| (JSC::JIT::emitRightShiftFastPath): |
| (JSC::JIT::emit_op_rshift): |
| (JSC::JIT::emit_op_urshift): |
| (JSC::getOperandTypes): |
| (JSC::JIT::emit_op_add): |
| (JSC::JIT::emitSlow_op_add): |
| (JSC::JIT::emitMathICFast): |
| (JSC::JIT::emitMathICSlow): |
| (JSC::JIT::emit_op_div): |
| (JSC::JIT::emit_op_mul): |
| (JSC::JIT::emitSlow_op_mul): |
| (JSC::JIT::emit_op_sub): |
| (JSC::JIT::emitSlow_op_sub): |
| * jit/JITCall.cpp: |
| (JSC::JIT::emitPutCallResult): |
| (JSC::JIT::compileSetupFrame): |
| (JSC::JIT::compileCallEval): |
| (JSC::JIT::compileCallEvalSlowCase): |
| (JSC::JIT::compileTailCall): |
| (JSC::JIT::compileOpCall): |
| (JSC::JIT::compileOpCallSlowCase): |
| (JSC::JIT::emit_op_call): |
| (JSC::JIT::emit_op_tail_call): |
| (JSC::JIT::emit_op_call_eval): |
| (JSC::JIT::emit_op_call_varargs): |
| (JSC::JIT::emit_op_tail_call_varargs): |
| (JSC::JIT::emit_op_tail_call_forward_arguments): |
| (JSC::JIT::emit_op_construct_varargs): |
| (JSC::JIT::emit_op_construct): |
| (JSC::JIT::emitSlow_op_call): |
| (JSC::JIT::emitSlow_op_tail_call): |
| (JSC::JIT::emitSlow_op_call_eval): |
| (JSC::JIT::emitSlow_op_call_varargs): |
| (JSC::JIT::emitSlow_op_tail_call_varargs): |
| (JSC::JIT::emitSlow_op_tail_call_forward_arguments): |
| (JSC::JIT::emitSlow_op_construct_varargs): |
| (JSC::JIT::emitSlow_op_construct): |
| * jit/JITDisassembler.cpp: |
| (JSC::JITDisassembler::JITDisassembler): |
| * jit/JITExceptions.cpp: |
| (JSC::genericUnwind): |
| * jit/JITInlines.h: |
| (JSC::JIT::emitDoubleGetByVal): |
| (JSC::JIT::emitLoadForArrayMode): |
| (JSC::JIT::emitContiguousGetByVal): |
| (JSC::JIT::emitArrayStorageGetByVal): |
| (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile): |
| (JSC::JIT::sampleInstruction): |
| (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode): |
| (JSC::JIT::emitValueProfilingSite): |
| (JSC::JIT::jumpTarget): |
| (JSC::JIT::copiedGetPutInfo): |
| (JSC::JIT::copiedArithProfile): |
| * jit/JITMathIC.h: |
| (JSC::isProfileEmpty): |
| (JSC::JITBinaryMathIC::JITBinaryMathIC): |
| (JSC::JITUnaryMathIC::JITUnaryMathIC): |
| * jit/JITOpcodes.cpp: |
| (JSC::JIT::emit_op_mov): |
| (JSC::JIT::emit_op_end): |
| (JSC::JIT::emit_op_jmp): |
| (JSC::JIT::emit_op_new_object): |
| (JSC::JIT::emitSlow_op_new_object): |
| (JSC::JIT::emit_op_overrides_has_instance): |
| (JSC::JIT::emit_op_instanceof): |
| (JSC::JIT::emitSlow_op_instanceof): |
| (JSC::JIT::emit_op_instanceof_custom): |
| (JSC::JIT::emit_op_is_empty): |
| (JSC::JIT::emit_op_is_undefined): |
| (JSC::JIT::emit_op_is_boolean): |
| (JSC::JIT::emit_op_is_number): |
| (JSC::JIT::emit_op_is_cell_with_type): |
| (JSC::JIT::emit_op_is_object): |
| (JSC::JIT::emit_op_ret): |
| (JSC::JIT::emit_op_to_primitive): |
| (JSC::JIT::emit_op_set_function_name): |
| (JSC::JIT::emit_op_not): |
| (JSC::JIT::emit_op_jfalse): |
| (JSC::JIT::emit_op_jeq_null): |
| (JSC::JIT::emit_op_jneq_null): |
| (JSC::JIT::emit_op_jneq_ptr): |
| (JSC::JIT::emit_op_eq): |
| (JSC::JIT::emit_op_jeq): |
| (JSC::JIT::emit_op_jtrue): |
| (JSC::JIT::emit_op_neq): |
| (JSC::JIT::emit_op_jneq): |
| (JSC::JIT::emit_op_throw): |
| (JSC::JIT::compileOpStrictEq): |
| (JSC::JIT::emit_op_stricteq): |
| (JSC::JIT::emit_op_nstricteq): |
| (JSC::JIT::compileOpStrictEqJump): |
| (JSC::JIT::emit_op_jstricteq): |
| (JSC::JIT::emit_op_jnstricteq): |
| (JSC::JIT::emitSlow_op_jstricteq): |
| (JSC::JIT::emitSlow_op_jnstricteq): |
| (JSC::JIT::emit_op_to_number): |
| (JSC::JIT::emit_op_to_string): |
| (JSC::JIT::emit_op_to_object): |
| (JSC::JIT::emit_op_catch): |
| (JSC::JIT::emit_op_identity_with_profile): |
| (JSC::JIT::emit_op_get_parent_scope): |
| (JSC::JIT::emit_op_switch_imm): |
| (JSC::JIT::emit_op_switch_char): |
| (JSC::JIT::emit_op_switch_string): |
| (JSC::JIT::emit_op_debug): |
| (JSC::JIT::emit_op_eq_null): |
| (JSC::JIT::emit_op_neq_null): |
| (JSC::JIT::emit_op_enter): |
| (JSC::JIT::emit_op_get_scope): |
| (JSC::JIT::emit_op_to_this): |
| (JSC::JIT::emit_op_create_this): |
| (JSC::JIT::emit_op_check_tdz): |
| (JSC::JIT::emitSlow_op_eq): |
| (JSC::JIT::emitSlow_op_neq): |
| (JSC::JIT::emitSlow_op_jeq): |
| (JSC::JIT::emitSlow_op_jneq): |
| (JSC::JIT::emitSlow_op_instanceof_custom): |
| (JSC::JIT::emit_op_loop_hint): |
| (JSC::JIT::emitSlow_op_loop_hint): |
| (JSC::JIT::emit_op_check_traps): |
| (JSC::JIT::emit_op_nop): |
| (JSC::JIT::emit_op_super_sampler_begin): |
| (JSC::JIT::emit_op_super_sampler_end): |
| (JSC::JIT::emitSlow_op_check_traps): |
| (JSC::JIT::emit_op_new_regexp): |
| (JSC::JIT::emitNewFuncCommon): |
| (JSC::JIT::emit_op_new_func): |
| (JSC::JIT::emit_op_new_generator_func): |
| (JSC::JIT::emit_op_new_async_generator_func): |
| (JSC::JIT::emit_op_new_async_func): |
| (JSC::JIT::emitNewFuncExprCommon): |
| (JSC::JIT::emit_op_new_func_exp): |
| (JSC::JIT::emit_op_new_generator_func_exp): |
| (JSC::JIT::emit_op_new_async_func_exp): |
| (JSC::JIT::emit_op_new_async_generator_func_exp): |
| (JSC::JIT::emit_op_new_array): |
| (JSC::JIT::emit_op_new_array_with_size): |
| (JSC::JIT::emit_op_has_structure_property): |
| (JSC::JIT::privateCompileHasIndexedProperty): |
| (JSC::JIT::emit_op_has_indexed_property): |
| (JSC::JIT::emitSlow_op_has_indexed_property): |
| (JSC::JIT::emit_op_get_direct_pname): |
| (JSC::JIT::emit_op_enumerator_structure_pname): |
| (JSC::JIT::emit_op_enumerator_generic_pname): |
| (JSC::JIT::emit_op_profile_type): |
| (JSC::JIT::emit_op_log_shadow_chicken_prologue): |
| (JSC::JIT::emit_op_log_shadow_chicken_tail): |
| (JSC::JIT::emit_op_profile_control_flow): |
| (JSC::JIT::emit_op_argument_count): |
| (JSC::JIT::emit_op_get_rest_length): |
| (JSC::JIT::emit_op_get_argument): |
| * jit/JITOpcodes32_64.cpp: |
| (JSC::JIT::emit_op_to_this): |
| * jit/JITOperations.cpp: |
| * jit/JITOperations.h: |
| * jit/JITPropertyAccess.cpp: |
| (JSC::JIT::emit_op_get_by_val): |
| (JSC::JIT::emitGetByValWithCachedId): |
| (JSC::JIT::emitSlow_op_get_by_val): |
| (JSC::JIT::emit_op_put_by_val_direct): |
| (JSC::JIT::emit_op_put_by_val): |
| (JSC::JIT::emitGenericContiguousPutByVal): |
| (JSC::JIT::emitArrayStoragePutByVal): |
| (JSC::JIT::emitPutByValWithCachedId): |
| (JSC::JIT::emitSlow_op_put_by_val): |
| (JSC::JIT::emit_op_put_getter_by_id): |
| (JSC::JIT::emit_op_put_setter_by_id): |
| (JSC::JIT::emit_op_put_getter_setter_by_id): |
| (JSC::JIT::emit_op_put_getter_by_val): |
| (JSC::JIT::emit_op_put_setter_by_val): |
| (JSC::JIT::emit_op_del_by_id): |
| (JSC::JIT::emit_op_del_by_val): |
| (JSC::JIT::emit_op_try_get_by_id): |
| (JSC::JIT::emitSlow_op_try_get_by_id): |
| (JSC::JIT::emit_op_get_by_id_direct): |
| (JSC::JIT::emitSlow_op_get_by_id_direct): |
| (JSC::JIT::emit_op_get_by_id): |
| (JSC::JIT::emit_op_get_by_id_with_this): |
| (JSC::JIT::emitSlow_op_get_by_id): |
| (JSC::JIT::emitSlow_op_get_by_id_with_this): |
| (JSC::JIT::emit_op_put_by_id): |
| (JSC::JIT::emitSlow_op_put_by_id): |
| (JSC::JIT::emit_op_in_by_id): |
| (JSC::JIT::emitSlow_op_in_by_id): |
| (JSC::JIT::emit_op_resolve_scope): |
| (JSC::JIT::emit_op_get_from_scope): |
| (JSC::JIT::emitSlow_op_get_from_scope): |
| (JSC::JIT::emit_op_put_to_scope): |
| (JSC::JIT::emitSlow_op_put_to_scope): |
| (JSC::JIT::emit_op_get_from_arguments): |
| (JSC::JIT::emit_op_put_to_arguments): |
| (JSC::JIT::privateCompileGetByVal): |
| (JSC::JIT::privateCompileGetByValWithCachedId): |
| (JSC::JIT::privateCompilePutByVal): |
| (JSC::JIT::privateCompilePutByValWithCachedId): |
| (JSC::JIT::emitDoubleLoad): |
| (JSC::JIT::emitContiguousLoad): |
| (JSC::JIT::emitArrayStorageLoad): |
| (JSC::JIT::emitDirectArgumentsGetByVal): |
| (JSC::JIT::emitScopedArgumentsGetByVal): |
| (JSC::JIT::emitIntTypedArrayGetByVal): |
| (JSC::JIT::emitFloatTypedArrayGetByVal): |
| (JSC::JIT::emitIntTypedArrayPutByVal): |
| (JSC::JIT::emitFloatTypedArrayPutByVal): |
| * jit/RegisterSet.cpp: |
| (JSC::RegisterSet::llintBaselineCalleeSaveRegisters): |
| * jit/SlowPathCall.h: |
| (JSC::JITSlowPathCall::JITSlowPathCall): |
| * llint/LLIntData.cpp: |
| (JSC::LLInt::initialize): |
| (JSC::LLInt::Data::performAssertions): |
| * llint/LLIntData.h: |
| (JSC::LLInt::exceptionInstructions): |
| (JSC::LLInt::opcodeMap): |
| (JSC::LLInt::opcodeMapWide): |
| (JSC::LLInt::getOpcode): |
| (JSC::LLInt::getOpcodeWide): |
| (JSC::LLInt::getWideCodePtr): |
| * llint/LLIntOffsetsExtractor.cpp: |
| * llint/LLIntSlowPaths.cpp: |
| (JSC::LLInt::llint_trace_operand): |
| (JSC::LLInt::llint_trace_value): |
| (JSC::LLInt::LLINT_SLOW_PATH_DECL): |
| (JSC::LLInt::entryOSR): |
| (JSC::LLInt::setupGetByIdPrototypeCache): |
| (JSC::LLInt::getByVal): |
| (JSC::LLInt::handleHostCall): |
| (JSC::LLInt::setUpCall): |
| (JSC::LLInt::genericCall): |
| (JSC::LLInt::varargsSetup): |
| (JSC::LLInt::commonCallEval): |
| * llint/LLIntSlowPaths.h: |
| * llint/LowLevelInterpreter.asm: |
| * llint/LowLevelInterpreter.cpp: |
| (JSC::CLoopRegister::operator const Instruction*): |
| (JSC::CLoop::execute): |
| * llint/LowLevelInterpreter32_64.asm: |
| * llint/LowLevelInterpreter64.asm: |
| * offlineasm/arm64.rb: |
| * offlineasm/asm.rb: |
| * offlineasm/ast.rb: |
| * offlineasm/cloop.rb: |
| * offlineasm/generate_offset_extractor.rb: |
| * offlineasm/instructions.rb: |
| * offlineasm/offsets.rb: |
| * offlineasm/parser.rb: |
| * offlineasm/transform.rb: |
| * offlineasm/x86.rb: |
| * parser/ResultType.h: |
| (JSC::ResultType::dump const): |
| (JSC::OperandTypes::first const): |
| (JSC::OperandTypes::second const): |
| (JSC::OperandTypes::dump const): |
| * profiler/ProfilerBytecodeSequence.cpp: |
| (JSC::Profiler::BytecodeSequence::BytecodeSequence): |
| * runtime/CommonSlowPaths.cpp: |
| (JSC::SLOW_PATH_DECL): |
| (JSC::updateArithProfileForUnaryArithOp): |
| (JSC::updateArithProfileForBinaryArithOp): |
| * runtime/CommonSlowPaths.h: |
| (JSC::CommonSlowPaths::tryCachePutToScopeGlobal): |
| (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal): |
| * runtime/ExceptionFuzz.cpp: |
| (JSC::doExceptionFuzzing): |
| * runtime/ExceptionFuzz.h: |
| (JSC::doExceptionFuzzingIfEnabled): |
| * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| (JSC::GetPutInfo::dump const): |
| (WTF::printInternal): |
| * runtime/GetPutInfo.h: |
| (JSC::GetPutInfo::operand const): |
| * runtime/JSCPoison.h: |
| * runtime/JSType.cpp: Added. |
| (WTF::printInternal): |
| * runtime/JSType.h: |
| * runtime/SamplingProfiler.cpp: |
| (JSC::SamplingProfiler::StackFrame::displayName): |
| * runtime/SamplingProfiler.h: |
| (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame): |
| * runtime/SlowPathReturnType.h: |
| (JSC::encodeResult): |
| (JSC::decodeResult): |
| * runtime/VM.h: |
| * runtime/Watchdog.h: |
| * tools/HeapVerifier.cpp: |
| |
| 2018-10-27 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| Unreviewed, partial rolling in r237254 |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| |
| We do not use the added function right now to investigate what is the reason of the regression. |
| It also does not include any Parser.{h,cpp} changes to ensure that Parser.cpp's inlining decision |
| seems culprit of the regression on iOS devices. |
| |
| * bytecode/UnlinkedFunctionExecutable.cpp: |
| (JSC::UnlinkedFunctionExecutable::fromGlobalCode): |
| * bytecode/UnlinkedFunctionExecutable.h: |
| * parser/SourceCodeKey.h: |
| (JSC::SourceCodeKey::SourceCodeKey): |
| (JSC::SourceCodeKey::operator== const): |
| * runtime/CodeCache.cpp: |
| (JSC::CodeCache::getUnlinkedGlobalCodeBlock): |
| (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable): |
| * runtime/CodeCache.h: |
| * runtime/FunctionConstructor.cpp: |
| (JSC::constructFunctionSkippingEvalEnabledCheck): |
| * runtime/FunctionExecutable.cpp: |
| (JSC::FunctionExecutable::fromGlobalCode): |
| * runtime/FunctionExecutable.h: |
| |
| 2018-10-26 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r237479 and r237484. |
| https://bugs.webkit.org/show_bug.cgi?id=190978 |
| |
| broke JSC on iOS (Requested by tadeuzagallo on #webkit). |
| |
| Reverted changesets: |
| |
| "New bytecode format for JSC" |
| https://bugs.webkit.org/show_bug.cgi?id=187373 |
| https://trac.webkit.org/changeset/237479 |
| |
| "Gardening: Build fix after r237479." |
| https://bugs.webkit.org/show_bug.cgi?id=187373 |
| https://trac.webkit.org/changeset/237484 |
| |
| 2018-10-26 Tadeu Zagallo <tzagallo@apple.com> |
| |
| Gardening: Build fix after r237479. |
| https://bugs.webkit.org/show_bug.cgi?id=187373 |
| |
| Unreviewed. |
| |
| * Configurations/JSC.xcconfig: |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * llint/LLIntData.cpp: |
| (JSC::LLInt::initialize): |
| |
| 2018-10-26 Tadeu Zagallo <tzagallo@apple.com> |
| |
| New bytecode format for JSC |
| https://bugs.webkit.org/show_bug.cgi?id=187373 |
| <rdar://problem/44186758> |
| |
| Reviewed by Filip Pizlo. |
| |
| Replace unlinked and linked bytecode with a new immutable bytecode that does not embed |
| any addresses. Instructions can be encoded as narrow (1-byte operands) or wide (4-byte |
| operands) and might contain an extra operand, the metadataID. The metadataID is used to |
| access the instruction's mutable data in a side table in the CodeBlock (the MetadataTable). |
| |
| Bytecodes now must be structs declared in the new BytecodeList.rb. All bytecodes give names |
| and types to all its operands. Additionally, reading a bytecode from the instruction stream |
| requires decoding the whole bytecode, i.e. it's no longer possible to access arbitrary |
| operands directly from the stream. |
| |
| |
| * CMakeLists.txt: |
| * DerivedSources.make: |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * Sources.txt: |
| * assembler/MacroAssemblerCodeRef.h: |
| (JSC::ReturnAddressPtr::ReturnAddressPtr): |
| (JSC::ReturnAddressPtr::value const): |
| (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): |
| (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): |
| * bytecode/ArithProfile.h: |
| (JSC::ArithProfile::ArithProfile): |
| * bytecode/ArrayAllocationProfile.h: |
| (JSC::ArrayAllocationProfile::ArrayAllocationProfile): |
| * bytecode/ArrayProfile.h: |
| * bytecode/BytecodeBasicBlock.cpp: |
| (JSC::isJumpTarget): |
| (JSC::BytecodeBasicBlock::computeImpl): |
| (JSC::BytecodeBasicBlock::compute): |
| * bytecode/BytecodeBasicBlock.h: |
| (JSC::BytecodeBasicBlock::leaderOffset const): |
| (JSC::BytecodeBasicBlock::totalLength const): |
| (JSC::BytecodeBasicBlock::offsets const): |
| (JSC::BytecodeBasicBlock::BytecodeBasicBlock): |
| (JSC::BytecodeBasicBlock::addLength): |
| * bytecode/BytecodeDumper.cpp: |
| (JSC::BytecodeDumper<Block>::printLocationAndOp): |
| (JSC::BytecodeDumper<Block>::dumpBytecode): |
| (JSC::BytecodeDumper<Block>::dumpIdentifiers): |
| (JSC::BytecodeDumper<Block>::dumpConstants): |
| (JSC::BytecodeDumper<Block>::dumpExceptionHandlers): |
| (JSC::BytecodeDumper<Block>::dumpSwitchJumpTables): |
| (JSC::BytecodeDumper<Block>::dumpStringSwitchJumpTables): |
| (JSC::BytecodeDumper<Block>::dumpBlock): |
| * bytecode/BytecodeDumper.h: |
| (JSC::BytecodeDumper::dumpOperand): |
| (JSC::BytecodeDumper::dumpValue): |
| (JSC::BytecodeDumper::BytecodeDumper): |
| (JSC::BytecodeDumper::block const): |
| * bytecode/BytecodeGeneratorification.cpp: |
| (JSC::BytecodeGeneratorification::BytecodeGeneratorification): |
| (JSC::BytecodeGeneratorification::enterPoint const): |
| (JSC::BytecodeGeneratorification::instructions const): |
| (JSC::GeneratorLivenessAnalysis::run): |
| (JSC::BytecodeGeneratorification::run): |
| (JSC::performGeneratorification): |
| * bytecode/BytecodeGeneratorification.h: |
| * bytecode/BytecodeGraph.h: |
| (JSC::BytecodeGraph::blockContainsBytecodeOffset): |
| (JSC::BytecodeGraph::findBasicBlockForBytecodeOffset): |
| (JSC::BytecodeGraph::findBasicBlockWithLeaderOffset): |
| (JSC::BytecodeGraph::BytecodeGraph): |
| * bytecode/BytecodeKills.h: |
| * bytecode/BytecodeList.json: Removed. |
| * bytecode/BytecodeList.rb: Added. |
| * bytecode/BytecodeLivenessAnalysis.cpp: |
| (JSC::BytecodeLivenessAnalysis::dumpResults): |
| * bytecode/BytecodeLivenessAnalysis.h: |
| * bytecode/BytecodeLivenessAnalysisInlines.h: |
| (JSC::isValidRegisterForLiveness): |
| (JSC::BytecodeLivenessPropagation::stepOverInstruction): |
| * bytecode/BytecodeRewriter.cpp: |
| (JSC::BytecodeRewriter::applyModification): |
| (JSC::BytecodeRewriter::execute): |
| (JSC::BytecodeRewriter::adjustJumpTargetsInFragment): |
| (JSC::BytecodeRewriter::insertImpl): |
| (JSC::BytecodeRewriter::adjustJumpTarget): |
| (JSC::BytecodeRewriter::adjustJumpTargets): |
| * bytecode/BytecodeRewriter.h: |
| (JSC::BytecodeRewriter::InsertionPoint::InsertionPoint): |
| (JSC::BytecodeRewriter::Fragment::Fragment): |
| (JSC::BytecodeRewriter::Fragment::appendInstruction): |
| (JSC::BytecodeRewriter::BytecodeRewriter): |
| (JSC::BytecodeRewriter::insertFragmentBefore): |
| (JSC::BytecodeRewriter::insertFragmentAfter): |
| (JSC::BytecodeRewriter::removeBytecode): |
| (JSC::BytecodeRewriter::adjustAbsoluteOffset): |
| (JSC::BytecodeRewriter::adjustJumpTarget): |
| * bytecode/BytecodeUseDef.h: |
| (JSC::computeUsesForBytecodeOffset): |
| (JSC::computeDefsForBytecodeOffset): |
| * bytecode/CallLinkStatus.cpp: |
| (JSC::CallLinkStatus::computeFromLLInt): |
| * bytecode/CodeBlock.cpp: |
| (JSC::CodeBlock::dumpBytecode): |
| (JSC::CodeBlock::CodeBlock): |
| (JSC::CodeBlock::finishCreation): |
| (JSC::CodeBlock::estimatedSize): |
| (JSC::CodeBlock::visitChildren): |
| (JSC::CodeBlock::propagateTransitions): |
| (JSC::CodeBlock::finalizeLLIntInlineCaches): |
| (JSC::CodeBlock::addJITAddIC): |
| (JSC::CodeBlock::addJITMulIC): |
| (JSC::CodeBlock::addJITSubIC): |
| (JSC::CodeBlock::addJITNegIC): |
| (JSC::CodeBlock::stronglyVisitStrongReferences): |
| (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffset): |
| (JSC::CodeBlock::ensureCatchLivenessIsComputedForBytecodeOffsetSlow): |
| (JSC::CodeBlock::hasOpDebugForLineAndColumn): |
| (JSC::CodeBlock::getArrayProfile): |
| (JSC::CodeBlock::updateAllArrayPredictions): |
| (JSC::CodeBlock::predictedMachineCodeSize): |
| (JSC::CodeBlock::tryGetValueProfileForBytecodeOffset): |
| (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): |
| (JSC::CodeBlock::valueProfileForBytecodeOffset): |
| (JSC::CodeBlock::validate): |
| (JSC::CodeBlock::outOfLineJumpOffset): |
| (JSC::CodeBlock::outOfLineJumpTarget): |
| (JSC::CodeBlock::arithProfileForBytecodeOffset): |
| (JSC::CodeBlock::arithProfileForPC): |
| (JSC::CodeBlock::couldTakeSpecialFastCase): |
| (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler): |
| * bytecode/CodeBlock.h: |
| (JSC::CodeBlock::addMathIC): |
| (JSC::CodeBlock::outOfLineJumpOffset): |
| (JSC::CodeBlock::bytecodeOffset): |
| (JSC::CodeBlock::instructions const): |
| (JSC::CodeBlock::instructionCount const): |
| (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters): |
| (JSC::CodeBlock::metadata): |
| (JSC::CodeBlock::metadataSizeInBytes): |
| (JSC::CodeBlock::numberOfNonArgumentValueProfiles): |
| (JSC::CodeBlock::totalNumberOfValueProfiles): |
| * bytecode/CodeBlockInlines.h: Added. |
| (JSC::CodeBlock::forEachValueProfile): |
| (JSC::CodeBlock::forEachArrayProfile): |
| (JSC::CodeBlock::forEachArrayAllocationProfile): |
| (JSC::CodeBlock::forEachObjectAllocationProfile): |
| (JSC::CodeBlock::forEachLLIntCallLinkInfo): |
| * bytecode/Fits.h: Added. |
| * bytecode/GetByIdMetadata.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h. |
| * bytecode/GetByIdStatus.cpp: |
| (JSC::GetByIdStatus::computeFromLLInt): |
| * bytecode/Instruction.h: |
| (JSC::Instruction::Instruction): |
| (JSC::Instruction::Impl::opcodeID const): |
| (JSC::Instruction::opcodeID const): |
| (JSC::Instruction::name const): |
| (JSC::Instruction::isWide const): |
| (JSC::Instruction::size const): |
| (JSC::Instruction::is const): |
| (JSC::Instruction::as const): |
| (JSC::Instruction::cast): |
| (JSC::Instruction::cast const): |
| (JSC::Instruction::narrow const): |
| (JSC::Instruction::wide const): |
| * bytecode/InstructionStream.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| (JSC::InstructionStream::InstructionStream): |
| (JSC::InstructionStream::sizeInBytes const): |
| * bytecode/InstructionStream.h: Added. |
| (JSC::InstructionStream::BaseRef::BaseRef): |
| (JSC::InstructionStream::BaseRef::operator=): |
| (JSC::InstructionStream::BaseRef::operator-> const): |
| (JSC::InstructionStream::BaseRef::ptr const): |
| (JSC::InstructionStream::BaseRef::operator!= const): |
| (JSC::InstructionStream::BaseRef::next const): |
| (JSC::InstructionStream::BaseRef::offset const): |
| (JSC::InstructionStream::BaseRef::isValid const): |
| (JSC::InstructionStream::BaseRef::unwrap const): |
| (JSC::InstructionStream::MutableRef::freeze const): |
| (JSC::InstructionStream::MutableRef::operator->): |
| (JSC::InstructionStream::MutableRef::ptr): |
| (JSC::InstructionStream::MutableRef::operator Ref): |
| (JSC::InstructionStream::MutableRef::unwrap): |
| (JSC::InstructionStream::iterator::operator*): |
| (JSC::InstructionStream::iterator::operator++): |
| (JSC::InstructionStream::begin const): |
| (JSC::InstructionStream::end const): |
| (JSC::InstructionStream::at const): |
| (JSC::InstructionStream::size const): |
| (JSC::InstructionStreamWriter::InstructionStreamWriter): |
| (JSC::InstructionStreamWriter::ref): |
| (JSC::InstructionStreamWriter::seek): |
| (JSC::InstructionStreamWriter::position): |
| (JSC::InstructionStreamWriter::write): |
| (JSC::InstructionStreamWriter::rewind): |
| (JSC::InstructionStreamWriter::finalize): |
| (JSC::InstructionStreamWriter::swap): |
| (JSC::InstructionStreamWriter::iterator::operator*): |
| (JSC::InstructionStreamWriter::iterator::operator++): |
| (JSC::InstructionStreamWriter::begin): |
| (JSC::InstructionStreamWriter::end): |
| * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp: |
| (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::LLIntPrototypeLoadAdaptiveStructureWatchpoint): |
| (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal): |
| (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache): |
| * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h: |
| * bytecode/MetadataTable.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| (JSC::MetadataTable::MetadataTable): |
| (JSC::DeallocTable::withOpcodeType): |
| (JSC::MetadataTable::~MetadataTable): |
| (JSC::MetadataTable::sizeInBytes): |
| * bytecode/MetadataTable.h: Copied from Source/JavaScriptCore/runtime/Watchdog.h. |
| (JSC::MetadataTable::get): |
| (JSC::MetadataTable::forEach): |
| (JSC::MetadataTable::getImpl): |
| * bytecode/Opcode.cpp: |
| (JSC::metadataSize): |
| * bytecode/Opcode.h: |
| (JSC::padOpcodeName): |
| * bytecode/OpcodeInlines.h: |
| (JSC::isOpcodeShape): |
| (JSC::getOpcodeType): |
| * bytecode/OpcodeSize.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| * bytecode/PreciseJumpTargets.cpp: |
| (JSC::getJumpTargetsForInstruction): |
| (JSC::computePreciseJumpTargetsInternal): |
| (JSC::computePreciseJumpTargets): |
| (JSC::recomputePreciseJumpTargets): |
| (JSC::findJumpTargetsForInstruction): |
| * bytecode/PreciseJumpTargets.h: |
| * bytecode/PreciseJumpTargetsInlines.h: |
| (JSC::jumpTargetForInstruction): |
| (JSC::extractStoredJumpTargetsForInstruction): |
| (JSC::updateStoredJumpTargetsForInstruction): |
| * bytecode/PutByIdStatus.cpp: |
| (JSC::PutByIdStatus::computeFromLLInt): |
| * bytecode/SpecialPointer.cpp: |
| (WTF::printInternal): |
| * bytecode/SpecialPointer.h: |
| * bytecode/UnlinkedCodeBlock.cpp: |
| (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): |
| (JSC::UnlinkedCodeBlock::visitChildren): |
| (JSC::UnlinkedCodeBlock::estimatedSize): |
| (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): |
| (JSC::dumpLineColumnEntry): |
| (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset const): |
| (JSC::UnlinkedCodeBlock::setInstructions): |
| (JSC::UnlinkedCodeBlock::instructions const): |
| (JSC::UnlinkedCodeBlock::applyModification): |
| (JSC::UnlinkedCodeBlock::addOutOfLineJumpTarget): |
| (JSC::UnlinkedCodeBlock::outOfLineJumpOffset): |
| * bytecode/UnlinkedCodeBlock.h: |
| (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): |
| (JSC::UnlinkedCodeBlock::propertyAccessInstructions const): |
| (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): |
| (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const): |
| (JSC::UnlinkedCodeBlock::metadata): |
| (JSC::UnlinkedCodeBlock::metadataSizeInBytes): |
| (JSC::UnlinkedCodeBlock::outOfLineJumpOffset): |
| (JSC::UnlinkedCodeBlock::replaceOutOfLineJumpTargets): |
| * bytecode/UnlinkedInstructionStream.cpp: Removed. |
| * bytecode/UnlinkedInstructionStream.h: Removed. |
| * bytecode/UnlinkedMetadataTable.h: Copied from Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.h. |
| * bytecode/UnlinkedMetadataTableInlines.h: Added. |
| (JSC::UnlinkedMetadataTable::UnlinkedMetadataTable): |
| (JSC::UnlinkedMetadataTable::~UnlinkedMetadataTable): |
| (JSC::UnlinkedMetadataTable::addEntry): |
| (JSC::UnlinkedMetadataTable::sizeInBytes): |
| (JSC::UnlinkedMetadataTable::finalize): |
| (JSC::UnlinkedMetadataTable::link): |
| (JSC::UnlinkedMetadataTable::unlink): |
| * bytecode/VirtualRegister.cpp: |
| (JSC::VirtualRegister::VirtualRegister): |
| * bytecode/VirtualRegister.h: |
| * bytecompiler/BytecodeGenerator.cpp: |
| (JSC::Label::setLocation): |
| (JSC::Label::bind): |
| (JSC::BytecodeGenerator::generate): |
| (JSC::BytecodeGenerator::BytecodeGenerator): |
| (JSC::BytecodeGenerator::initializeVarLexicalEnvironment): |
| (JSC::BytecodeGenerator::emitEnter): |
| (JSC::BytecodeGenerator::emitLoopHint): |
| (JSC::BytecodeGenerator::emitJump): |
| (JSC::BytecodeGenerator::emitCheckTraps): |
| (JSC::BytecodeGenerator::rewind): |
| (JSC::BytecodeGenerator::fuseCompareAndJump): |
| (JSC::BytecodeGenerator::fuseTestAndJmp): |
| (JSC::BytecodeGenerator::emitJumpIfTrue): |
| (JSC::BytecodeGenerator::emitJumpIfFalse): |
| (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall): |
| (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply): |
| (JSC::BytecodeGenerator::moveLinkTimeConstant): |
| (JSC::BytecodeGenerator::moveEmptyValue): |
| (JSC::BytecodeGenerator::emitMove): |
| (JSC::BytecodeGenerator::emitUnaryOp): |
| (JSC::BytecodeGenerator::emitBinaryOp): |
| (JSC::BytecodeGenerator::emitToObject): |
| (JSC::BytecodeGenerator::emitToNumber): |
| (JSC::BytecodeGenerator::emitToString): |
| (JSC::BytecodeGenerator::emitTypeOf): |
| (JSC::BytecodeGenerator::emitInc): |
| (JSC::BytecodeGenerator::emitDec): |
| (JSC::BytecodeGenerator::emitEqualityOp): |
| (JSC::BytecodeGenerator::emitProfileType): |
| (JSC::BytecodeGenerator::emitProfileControlFlow): |
| (JSC::BytecodeGenerator::pushLexicalScopeInternal): |
| (JSC::BytecodeGenerator::emitResolveScopeForHoistingFuncDeclInEval): |
| (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration): |
| (JSC::BytecodeGenerator::emitOverridesHasInstance): |
| (JSC::BytecodeGenerator::emitResolveScope): |
| (JSC::BytecodeGenerator::emitGetFromScope): |
| (JSC::BytecodeGenerator::emitPutToScope): |
| (JSC::BytecodeGenerator::emitInstanceOf): |
| (JSC::BytecodeGenerator::emitInstanceOfCustom): |
| (JSC::BytecodeGenerator::emitInByVal): |
| (JSC::BytecodeGenerator::emitInById): |
| (JSC::BytecodeGenerator::emitTryGetById): |
| (JSC::BytecodeGenerator::emitGetById): |
| (JSC::BytecodeGenerator::emitDirectGetById): |
| (JSC::BytecodeGenerator::emitPutById): |
| (JSC::BytecodeGenerator::emitDirectPutById): |
| (JSC::BytecodeGenerator::emitPutGetterById): |
| (JSC::BytecodeGenerator::emitPutSetterById): |
| (JSC::BytecodeGenerator::emitPutGetterSetter): |
| (JSC::BytecodeGenerator::emitPutGetterByVal): |
| (JSC::BytecodeGenerator::emitPutSetterByVal): |
| (JSC::BytecodeGenerator::emitDeleteById): |
| (JSC::BytecodeGenerator::emitGetByVal): |
| (JSC::BytecodeGenerator::emitPutByVal): |
| (JSC::BytecodeGenerator::emitDirectPutByVal): |
| (JSC::BytecodeGenerator::emitDeleteByVal): |
| (JSC::BytecodeGenerator::emitSuperSamplerBegin): |
| (JSC::BytecodeGenerator::emitSuperSamplerEnd): |
| (JSC::BytecodeGenerator::emitIdWithProfile): |
| (JSC::BytecodeGenerator::emitUnreachable): |
| (JSC::BytecodeGenerator::emitGetArgument): |
| (JSC::BytecodeGenerator::emitCreateThis): |
| (JSC::BytecodeGenerator::emitTDZCheck): |
| (JSC::BytecodeGenerator::emitNewObject): |
| (JSC::BytecodeGenerator::emitNewArrayBuffer): |
| (JSC::BytecodeGenerator::emitNewArray): |
| (JSC::BytecodeGenerator::emitNewArrayWithSpread): |
| (JSC::BytecodeGenerator::emitNewArrayWithSize): |
| (JSC::BytecodeGenerator::emitNewRegExp): |
| (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon): |
| (JSC::BytecodeGenerator::emitNewDefaultConstructor): |
| (JSC::BytecodeGenerator::emitNewFunction): |
| (JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded): |
| (JSC::BytecodeGenerator::emitCall): |
| (JSC::BytecodeGenerator::emitCallInTailPosition): |
| (JSC::BytecodeGenerator::emitCallEval): |
| (JSC::BytecodeGenerator::emitExpectedFunctionSnippet): |
| (JSC::BytecodeGenerator::emitCallVarargs): |
| (JSC::BytecodeGenerator::emitCallVarargsInTailPosition): |
| (JSC::BytecodeGenerator::emitConstructVarargs): |
| (JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition): |
| (JSC::BytecodeGenerator::emitLogShadowChickenPrologueIfNecessary): |
| (JSC::BytecodeGenerator::emitLogShadowChickenTailIfNecessary): |
| (JSC::BytecodeGenerator::emitCallDefineProperty): |
| (JSC::BytecodeGenerator::emitReturn): |
| (JSC::BytecodeGenerator::emitEnd): |
| (JSC::BytecodeGenerator::emitConstruct): |
| (JSC::BytecodeGenerator::emitStrcat): |
| (JSC::BytecodeGenerator::emitToPrimitive): |
| (JSC::BytecodeGenerator::emitGetScope): |
| (JSC::BytecodeGenerator::emitPushWithScope): |
| (JSC::BytecodeGenerator::emitGetParentScope): |
| (JSC::BytecodeGenerator::emitDebugHook): |
| (JSC::BytecodeGenerator::emitCatch): |
| (JSC::BytecodeGenerator::emitThrow): |
| (JSC::BytecodeGenerator::emitArgumentCount): |
| (JSC::BytecodeGenerator::emitThrowStaticError): |
| (JSC::BytecodeGenerator::beginSwitch): |
| (JSC::prepareJumpTableForSwitch): |
| (JSC::prepareJumpTableForStringSwitch): |
| (JSC::BytecodeGenerator::endSwitch): |
| (JSC::BytecodeGenerator::emitGetEnumerableLength): |
| (JSC::BytecodeGenerator::emitHasGenericProperty): |
| (JSC::BytecodeGenerator::emitHasIndexedProperty): |
| (JSC::BytecodeGenerator::emitHasStructureProperty): |
| (JSC::BytecodeGenerator::emitGetPropertyEnumerator): |
| (JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName): |
| (JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName): |
| (JSC::BytecodeGenerator::emitToIndexString): |
| (JSC::BytecodeGenerator::emitIsCellWithType): |
| (JSC::BytecodeGenerator::emitIsObject): |
| (JSC::BytecodeGenerator::emitIsNumber): |
| (JSC::BytecodeGenerator::emitIsUndefined): |
| (JSC::BytecodeGenerator::emitIsEmpty): |
| (JSC::BytecodeGenerator::emitRestParameter): |
| (JSC::BytecodeGenerator::emitRequireObjectCoercible): |
| (JSC::BytecodeGenerator::emitYieldPoint): |
| (JSC::BytecodeGenerator::emitYield): |
| (JSC::BytecodeGenerator::emitGetAsyncIterator): |
| (JSC::BytecodeGenerator::emitDelegateYield): |
| (JSC::BytecodeGenerator::emitFinallyCompletion): |
| (JSC::BytecodeGenerator::emitJumpIf): |
| (JSC::ForInContext::finalize): |
| (JSC::StructureForInContext::finalize): |
| (JSC::IndexedForInContext::finalize): |
| (JSC::StaticPropertyAnalysis::record): |
| (JSC::BytecodeGenerator::emitToThis): |
| * bytecompiler/BytecodeGenerator.h: |
| (JSC::StructureForInContext::addGetInst): |
| (JSC::BytecodeGenerator::recordOpcode): |
| (JSC::BytecodeGenerator::addMetadataFor): |
| (JSC::BytecodeGenerator::emitUnaryOp): |
| (JSC::BytecodeGenerator::kill): |
| (JSC::BytecodeGenerator::instructions const): |
| (JSC::BytecodeGenerator::write): |
| (JSC::BytecodeGenerator::withWriter): |
| * bytecompiler/Label.h: |
| (JSC::Label::Label): |
| (JSC::Label::bind): |
| * bytecompiler/NodesCodegen.cpp: |
| (JSC::ArrayNode::emitBytecode): |
| (JSC::BytecodeIntrinsicNode::emit_intrinsic_argumentCount): |
| (JSC::ApplyFunctionCallDotNode::emitBytecode): |
| (JSC::BitwiseNotNode::emitBytecode): |
| (JSC::BinaryOpNode::emitBytecode): |
| (JSC::EqualNode::emitBytecode): |
| (JSC::StrictEqualNode::emitBytecode): |
| (JSC::emitReadModifyAssignment): |
| (JSC::ForInNode::emitBytecode): |
| (JSC::CaseBlockNode::emitBytecodeForBlock): |
| (JSC::FunctionNode::emitBytecode): |
| (JSC::ClassExprNode::emitBytecode): |
| * bytecompiler/ProfileTypeBytecodeFlag.cpp: Copied from Source/JavaScriptCore/bytecode/VirtualRegister.cpp. |
| (WTF::printInternal): |
| * bytecompiler/ProfileTypeBytecodeFlag.h: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| * bytecompiler/RegisterID.h: |
| * bytecompiler/StaticPropertyAnalysis.h: |
| (JSC::StaticPropertyAnalysis::create): |
| (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis): |
| * bytecompiler/StaticPropertyAnalyzer.h: |
| (JSC::StaticPropertyAnalyzer::createThis): |
| (JSC::StaticPropertyAnalyzer::newObject): |
| (JSC::StaticPropertyAnalyzer::putById): |
| (JSC::StaticPropertyAnalyzer::mov): |
| (JSC::StaticPropertyAnalyzer::kill): |
| * dfg/DFGByteCodeParser.cpp: |
| (JSC::DFG::ByteCodeParser::addCall): |
| (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): |
| (JSC::DFG::ByteCodeParser::getArrayMode): |
| (JSC::DFG::ByteCodeParser::handleCall): |
| (JSC::DFG::ByteCodeParser::handleVarargsCall): |
| (JSC::DFG::ByteCodeParser::handleRecursiveTailCall): |
| (JSC::DFG::ByteCodeParser::inlineCall): |
| (JSC::DFG::ByteCodeParser::handleCallVariant): |
| (JSC::DFG::ByteCodeParser::handleVarargsInlining): |
| (JSC::DFG::ByteCodeParser::handleInlining): |
| (JSC::DFG::ByteCodeParser::handleMinMax): |
| (JSC::DFG::ByteCodeParser::handleIntrinsicCall): |
| (JSC::DFG::ByteCodeParser::handleDOMJITCall): |
| (JSC::DFG::ByteCodeParser::handleIntrinsicGetter): |
| (JSC::DFG::ByteCodeParser::handleDOMJITGetter): |
| (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad): |
| (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor): |
| (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): |
| (JSC::DFG::ByteCodeParser::handleGetById): |
| (JSC::DFG::ByteCodeParser::handlePutById): |
| (JSC::DFG::ByteCodeParser::parseGetById): |
| (JSC::DFG::ByteCodeParser::parseBlock): |
| (JSC::DFG::ByteCodeParser::parseCodeBlock): |
| (JSC::DFG::ByteCodeParser::handlePutByVal): |
| (JSC::DFG::ByteCodeParser::handlePutAccessorById): |
| (JSC::DFG::ByteCodeParser::handlePutAccessorByVal): |
| (JSC::DFG::ByteCodeParser::handleNewFunc): |
| (JSC::DFG::ByteCodeParser::handleNewFuncExp): |
| (JSC::DFG::ByteCodeParser::parse): |
| * dfg/DFGCapabilities.cpp: |
| (JSC::DFG::capabilityLevel): |
| * dfg/DFGCapabilities.h: |
| (JSC::DFG::capabilityLevel): |
| * dfg/DFGOSREntry.cpp: |
| (JSC::DFG::prepareCatchOSREntry): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileValueAdd): |
| (JSC::DFG::SpeculativeJIT::compileValueSub): |
| (JSC::DFG::SpeculativeJIT::compileValueNegate): |
| (JSC::DFG::SpeculativeJIT::compileArithMul): |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueSub): |
| (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC): |
| (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC): |
| (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub): |
| (JSC::FTL::DFG::LowerDFGToB3::compileArithMul): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate): |
| * ftl/FTLOperations.cpp: |
| (JSC::FTL::operationMaterializeObjectInOSR): |
| * generate-bytecode-files: Removed. |
| * generator/Argument.rb: Added. |
| * generator/Assertion.rb: Added. |
| * generator/DSL.rb: Added. |
| * generator/Fits.rb: Added. |
| * generator/GeneratedFile.rb: Added. |
| * generator/Metadata.rb: Added. |
| * generator/Opcode.rb: Added. |
| * generator/OpcodeGroup.rb: Added. |
| * generator/Options.rb: Added. |
| * generator/Section.rb: Added. |
| * generator/Template.rb: Added. |
| * generator/Type.rb: Added. |
| * generator/main.rb: Added. |
| * interpreter/AbstractPC.h: |
| * interpreter/CallFrame.cpp: |
| (JSC::CallFrame::currentVPC const): |
| (JSC::CallFrame::setCurrentVPC): |
| * interpreter/CallFrame.h: |
| (JSC::CallSiteIndex::CallSiteIndex): |
| (JSC::ExecState::setReturnPC): |
| * interpreter/Interpreter.cpp: |
| (WTF::printInternal): |
| * interpreter/Interpreter.h: |
| * interpreter/InterpreterInlines.h: |
| * interpreter/StackVisitor.cpp: |
| (JSC::StackVisitor::Frame::dump const): |
| * interpreter/VMEntryRecord.h: |
| * jit/JIT.cpp: |
| (JSC::JIT::JIT): |
| (JSC::JIT::emitSlowCaseCall): |
| (JSC::JIT::privateCompileMainPass): |
| (JSC::JIT::privateCompileSlowCases): |
| (JSC::JIT::compileWithoutLinking): |
| (JSC::JIT::link): |
| * jit/JIT.h: |
| * jit/JITArithmetic.cpp: |
| (JSC::JIT::emit_op_jless): |
| (JSC::JIT::emit_op_jlesseq): |
| (JSC::JIT::emit_op_jgreater): |
| (JSC::JIT::emit_op_jgreatereq): |
| (JSC::JIT::emit_op_jnless): |
| (JSC::JIT::emit_op_jnlesseq): |
| (JSC::JIT::emit_op_jngreater): |
| (JSC::JIT::emit_op_jngreatereq): |
| (JSC::JIT::emitSlow_op_jless): |
| (JSC::JIT::emitSlow_op_jlesseq): |
| (JSC::JIT::emitSlow_op_jgreater): |
| (JSC::JIT::emitSlow_op_jgreatereq): |
| (JSC::JIT::emitSlow_op_jnless): |
| (JSC::JIT::emitSlow_op_jnlesseq): |
| (JSC::JIT::emitSlow_op_jngreater): |
| (JSC::JIT::emitSlow_op_jngreatereq): |
| (JSC::JIT::emit_op_below): |
| (JSC::JIT::emit_op_beloweq): |
| (JSC::JIT::emit_op_jbelow): |
| (JSC::JIT::emit_op_jbeloweq): |
| (JSC::JIT::emit_op_unsigned): |
| (JSC::JIT::emit_compareAndJump): |
| (JSC::JIT::emit_compareUnsignedAndJump): |
| (JSC::JIT::emit_compareUnsigned): |
| (JSC::JIT::emit_compareAndJumpSlow): |
| (JSC::JIT::emit_op_inc): |
| (JSC::JIT::emit_op_dec): |
| (JSC::JIT::emit_op_mod): |
| (JSC::JIT::emitSlow_op_mod): |
| (JSC::JIT::emit_op_negate): |
| (JSC::JIT::emitSlow_op_negate): |
| (JSC::JIT::emitBitBinaryOpFastPath): |
| (JSC::JIT::emit_op_bitand): |
| (JSC::JIT::emit_op_bitor): |
| (JSC::JIT::emit_op_bitxor): |
| (JSC::JIT::emit_op_lshift): |
| (JSC::JIT::emitRightShiftFastPath): |
| (JSC::JIT::emit_op_rshift): |
| (JSC::JIT::emit_op_urshift): |
| (JSC::getOperandTypes): |
| (JSC::JIT::emit_op_add): |
| (JSC::JIT::emitSlow_op_add): |
| (JSC::JIT::emitMathICFast): |
| (JSC::JIT::emitMathICSlow): |
| (JSC::JIT::emit_op_div): |
| (JSC::JIT::emit_op_mul): |
| (JSC::JIT::emitSlow_op_mul): |
| (JSC::JIT::emit_op_sub): |
| (JSC::JIT::emitSlow_op_sub): |
| * jit/JITCall.cpp: |
| (JSC::JIT::emitPutCallResult): |
| (JSC::JIT::compileSetupFrame): |
| (JSC::JIT::compileCallEval): |
| (JSC::JIT::compileCallEvalSlowCase): |
| (JSC::JIT::compileTailCall): |
| (JSC::JIT::compileOpCall): |
| (JSC::JIT::compileOpCallSlowCase): |
| (JSC::JIT::emit_op_call): |
| (JSC::JIT::emit_op_tail_call): |
| (JSC::JIT::emit_op_call_eval): |
| (JSC::JIT::emit_op_call_varargs): |
| (JSC::JIT::emit_op_tail_call_varargs): |
| (JSC::JIT::emit_op_tail_call_forward_arguments): |
| (JSC::JIT::emit_op_construct_varargs): |
| (JSC::JIT::emit_op_construct): |
| (JSC::JIT::emitSlow_op_call): |
| (JSC::JIT::emitSlow_op_tail_call): |
| (JSC::JIT::emitSlow_op_call_eval): |
| (JSC::JIT::emitSlow_op_call_varargs): |
| (JSC::JIT::emitSlow_op_tail_call_varargs): |
| (JSC::JIT::emitSlow_op_tail_call_forward_arguments): |
| (JSC::JIT::emitSlow_op_construct_varargs): |
| (JSC::JIT::emitSlow_op_construct): |
| * jit/JITDisassembler.cpp: |
| (JSC::JITDisassembler::JITDisassembler): |
| * jit/JITExceptions.cpp: |
| (JSC::genericUnwind): |
| * jit/JITInlines.h: |
| (JSC::JIT::emitDoubleGetByVal): |
| (JSC::JIT::emitLoadForArrayMode): |
| (JSC::JIT::emitContiguousGetByVal): |
| (JSC::JIT::emitArrayStorageGetByVal): |
| (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile): |
| (JSC::JIT::sampleInstruction): |
| (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode): |
| (JSC::JIT::emitValueProfilingSite): |
| (JSC::JIT::jumpTarget): |
| (JSC::JIT::copiedGetPutInfo): |
| (JSC::JIT::copiedArithProfile): |
| * jit/JITMathIC.h: |
| (JSC::isProfileEmpty): |
| (JSC::JITBinaryMathIC::JITBinaryMathIC): |
| (JSC::JITUnaryMathIC::JITUnaryMathIC): |
| * jit/JITOpcodes.cpp: |
| (JSC::JIT::emit_op_mov): |
| (JSC::JIT::emit_op_end): |
| (JSC::JIT::emit_op_jmp): |
| (JSC::JIT::emit_op_new_object): |
| (JSC::JIT::emitSlow_op_new_object): |
| (JSC::JIT::emit_op_overrides_has_instance): |
| (JSC::JIT::emit_op_instanceof): |
| (JSC::JIT::emitSlow_op_instanceof): |
| (JSC::JIT::emit_op_instanceof_custom): |
| (JSC::JIT::emit_op_is_empty): |
| (JSC::JIT::emit_op_is_undefined): |
| (JSC::JIT::emit_op_is_boolean): |
| (JSC::JIT::emit_op_is_number): |
| (JSC::JIT::emit_op_is_cell_with_type): |
| (JSC::JIT::emit_op_is_object): |
| (JSC::JIT::emit_op_ret): |
| (JSC::JIT::emit_op_to_primitive): |
| (JSC::JIT::emit_op_set_function_name): |
| (JSC::JIT::emit_op_not): |
| (JSC::JIT::emit_op_jfalse): |
| (JSC::JIT::emit_op_jeq_null): |
| (JSC::JIT::emit_op_jneq_null): |
| (JSC::JIT::emit_op_jneq_ptr): |
| (JSC::JIT::emit_op_eq): |
| (JSC::JIT::emit_op_jeq): |
| (JSC::JIT::emit_op_jtrue): |
| (JSC::JIT::emit_op_neq): |
| (JSC::JIT::emit_op_jneq): |
| (JSC::JIT::emit_op_throw): |
| (JSC::JIT::compileOpStrictEq): |
| (JSC::JIT::emit_op_stricteq): |
| (JSC::JIT::emit_op_nstricteq): |
| (JSC::JIT::compileOpStrictEqJump): |
| (JSC::JIT::emit_op_jstricteq): |
| (JSC::JIT::emit_op_jnstricteq): |
| (JSC::JIT::emitSlow_op_jstricteq): |
| (JSC::JIT::emitSlow_op_jnstricteq): |
| (JSC::JIT::emit_op_to_number): |
| (JSC::JIT::emit_op_to_string): |
| (JSC::JIT::emit_op_to_object): |
| (JSC::JIT::emit_op_catch): |
| (JSC::JIT::emit_op_identity_with_profile): |
| (JSC::JIT::emit_op_get_parent_scope): |
| (JSC::JIT::emit_op_switch_imm): |
| (JSC::JIT::emit_op_switch_char): |
| (JSC::JIT::emit_op_switch_string): |
| (JSC::JIT::emit_op_debug): |
| (JSC::JIT::emit_op_eq_null): |
| (JSC::JIT::emit_op_neq_null): |
| (JSC::JIT::emit_op_enter): |
| (JSC::JIT::emit_op_get_scope): |
| (JSC::JIT::emit_op_to_this): |
| (JSC::JIT::emit_op_create_this): |
| (JSC::JIT::emit_op_check_tdz): |
| (JSC::JIT::emitSlow_op_eq): |
| (JSC::JIT::emitSlow_op_neq): |
| (JSC::JIT::emitSlow_op_jeq): |
| (JSC::JIT::emitSlow_op_jneq): |
| (JSC::JIT::emitSlow_op_instanceof_custom): |
| (JSC::JIT::emit_op_loop_hint): |
| (JSC::JIT::emitSlow_op_loop_hint): |
| (JSC::JIT::emit_op_check_traps): |
| (JSC::JIT::emit_op_nop): |
| (JSC::JIT::emit_op_super_sampler_begin): |
| (JSC::JIT::emit_op_super_sampler_end): |
| (JSC::JIT::emitSlow_op_check_traps): |
| (JSC::JIT::emit_op_new_regexp): |
| (JSC::JIT::emitNewFuncCommon): |
| (JSC::JIT::emit_op_new_func): |
| (JSC::JIT::emit_op_new_generator_func): |
| (JSC::JIT::emit_op_new_async_generator_func): |
| (JSC::JIT::emit_op_new_async_func): |
| (JSC::JIT::emitNewFuncExprCommon): |
| (JSC::JIT::emit_op_new_func_exp): |
| (JSC::JIT::emit_op_new_generator_func_exp): |
| (JSC::JIT::emit_op_new_async_func_exp): |
| (JSC::JIT::emit_op_new_async_generator_func_exp): |
| (JSC::JIT::emit_op_new_array): |
| (JSC::JIT::emit_op_new_array_with_size): |
| (JSC::JIT::emit_op_has_structure_property): |
| (JSC::JIT::privateCompileHasIndexedProperty): |
| (JSC::JIT::emit_op_has_indexed_property): |
| (JSC::JIT::emitSlow_op_has_indexed_property): |
| (JSC::JIT::emit_op_get_direct_pname): |
| (JSC::JIT::emit_op_enumerator_structure_pname): |
| (JSC::JIT::emit_op_enumerator_generic_pname): |
| (JSC::JIT::emit_op_profile_type): |
| (JSC::JIT::emit_op_log_shadow_chicken_prologue): |
| (JSC::JIT::emit_op_log_shadow_chicken_tail): |
| (JSC::JIT::emit_op_profile_control_flow): |
| (JSC::JIT::emit_op_argument_count): |
| (JSC::JIT::emit_op_get_rest_length): |
| (JSC::JIT::emit_op_get_argument): |
| * jit/JITOpcodes32_64.cpp: |
| (JSC::JIT::emit_op_to_this): |
| * jit/JITOperations.cpp: |
| * jit/JITOperations.h: |
| * jit/JITPropertyAccess.cpp: |
| (JSC::JIT::emit_op_get_by_val): |
| (JSC::JIT::emitGetByValWithCachedId): |
| (JSC::JIT::emitSlow_op_get_by_val): |
| (JSC::JIT::emit_op_put_by_val_direct): |
| (JSC::JIT::emit_op_put_by_val): |
| (JSC::JIT::emitGenericContiguousPutByVal): |
| (JSC::JIT::emitArrayStoragePutByVal): |
| (JSC::JIT::emitPutByValWithCachedId): |
| (JSC::JIT::emitSlow_op_put_by_val): |
| (JSC::JIT::emit_op_put_getter_by_id): |
| (JSC::JIT::emit_op_put_setter_by_id): |
| (JSC::JIT::emit_op_put_getter_setter_by_id): |
| (JSC::JIT::emit_op_put_getter_by_val): |
| (JSC::JIT::emit_op_put_setter_by_val): |
| (JSC::JIT::emit_op_del_by_id): |
| (JSC::JIT::emit_op_del_by_val): |
| (JSC::JIT::emit_op_try_get_by_id): |
| (JSC::JIT::emitSlow_op_try_get_by_id): |
| (JSC::JIT::emit_op_get_by_id_direct): |
| (JSC::JIT::emitSlow_op_get_by_id_direct): |
| (JSC::JIT::emit_op_get_by_id): |
| (JSC::JIT::emit_op_get_by_id_with_this): |
| (JSC::JIT::emitSlow_op_get_by_id): |
| (JSC::JIT::emitSlow_op_get_by_id_with_this): |
| (JSC::JIT::emit_op_put_by_id): |
| (JSC::JIT::emitSlow_op_put_by_id): |
| (JSC::JIT::emit_op_in_by_id): |
| (JSC::JIT::emitSlow_op_in_by_id): |
| (JSC::JIT::emit_op_resolve_scope): |
| (JSC::JIT::emit_op_get_from_scope): |
| (JSC::JIT::emitSlow_op_get_from_scope): |
| (JSC::JIT::emit_op_put_to_scope): |
| (JSC::JIT::emitSlow_op_put_to_scope): |
| (JSC::JIT::emit_op_get_from_arguments): |
| (JSC::JIT::emit_op_put_to_arguments): |
| (JSC::JIT::privateCompileGetByVal): |
| (JSC::JIT::privateCompileGetByValWithCachedId): |
| (JSC::JIT::privateCompilePutByVal): |
| (JSC::JIT::privateCompilePutByValWithCachedId): |
| (JSC::JIT::emitDoubleLoad): |
| (JSC::JIT::emitContiguousLoad): |
| (JSC::JIT::emitArrayStorageLoad): |
| (JSC::JIT::emitDirectArgumentsGetByVal): |
| (JSC::JIT::emitScopedArgumentsGetByVal): |
| (JSC::JIT::emitIntTypedArrayGetByVal): |
| (JSC::JIT::emitFloatTypedArrayGetByVal): |
| (JSC::JIT::emitIntTypedArrayPutByVal): |
| (JSC::JIT::emitFloatTypedArrayPutByVal): |
| * jit/RegisterSet.cpp: |
| (JSC::RegisterSet::llintBaselineCalleeSaveRegisters): |
| * jit/SlowPathCall.h: |
| (JSC::JITSlowPathCall::JITSlowPathCall): |
| * llint/LLIntData.cpp: |
| (JSC::LLInt::initialize): |
| (JSC::LLInt::Data::performAssertions): |
| * llint/LLIntData.h: |
| (JSC::LLInt::exceptionInstructions): |
| (JSC::LLInt::opcodeMap): |
| (JSC::LLInt::opcodeMapWide): |
| (JSC::LLInt::getOpcode): |
| (JSC::LLInt::getOpcodeWide): |
| (JSC::LLInt::getWideCodePtr): |
| * llint/LLIntOffsetsExtractor.cpp: |
| * llint/LLIntSlowPaths.cpp: |
| (JSC::LLInt::llint_trace_operand): |
| (JSC::LLInt::llint_trace_value): |
| (JSC::LLInt::LLINT_SLOW_PATH_DECL): |
| (JSC::LLInt::entryOSR): |
| (JSC::LLInt::setupGetByIdPrototypeCache): |
| (JSC::LLInt::getByVal): |
| (JSC::LLInt::handleHostCall): |
| (JSC::LLInt::setUpCall): |
| (JSC::LLInt::genericCall): |
| (JSC::LLInt::varargsSetup): |
| (JSC::LLInt::commonCallEval): |
| * llint/LLIntSlowPaths.h: |
| * llint/LowLevelInterpreter.asm: |
| * llint/LowLevelInterpreter.cpp: |
| (JSC::CLoopRegister::operator const Instruction*): |
| (JSC::CLoop::execute): |
| * llint/LowLevelInterpreter32_64.asm: |
| * llint/LowLevelInterpreter64.asm: |
| * offlineasm/arm64.rb: |
| * offlineasm/asm.rb: |
| * offlineasm/ast.rb: |
| * offlineasm/cloop.rb: |
| * offlineasm/generate_offset_extractor.rb: |
| * offlineasm/instructions.rb: |
| * offlineasm/offsets.rb: |
| * offlineasm/parser.rb: |
| * offlineasm/transform.rb: |
| * offlineasm/x86.rb: |
| * parser/ResultType.h: |
| (JSC::ResultType::dump const): |
| (JSC::OperandTypes::first const): |
| (JSC::OperandTypes::second const): |
| (JSC::OperandTypes::dump const): |
| * profiler/ProfilerBytecodeSequence.cpp: |
| (JSC::Profiler::BytecodeSequence::BytecodeSequence): |
| * runtime/CommonSlowPaths.cpp: |
| (JSC::SLOW_PATH_DECL): |
| (JSC::updateArithProfileForUnaryArithOp): |
| (JSC::updateArithProfileForBinaryArithOp): |
| * runtime/CommonSlowPaths.h: |
| (JSC::CommonSlowPaths::tryCachePutToScopeGlobal): |
| (JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal): |
| * runtime/ExceptionFuzz.cpp: |
| (JSC::doExceptionFuzzing): |
| * runtime/ExceptionFuzz.h: |
| (JSC::doExceptionFuzzingIfEnabled): |
| * runtime/GetPutInfo.cpp: Copied from Source/JavaScriptCore/bytecode/SpecialPointer.cpp. |
| (JSC::GetPutInfo::dump const): |
| (WTF::printInternal): |
| * runtime/GetPutInfo.h: |
| (JSC::GetPutInfo::operand const): |
| * runtime/JSCPoison.h: |
| * runtime/JSType.cpp: Added. |
| (WTF::printInternal): |
| * runtime/JSType.h: |
| * runtime/SamplingProfiler.cpp: |
| (JSC::SamplingProfiler::StackFrame::displayName): |
| * runtime/SamplingProfiler.h: |
| (JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame): |
| * runtime/SlowPathReturnType.h: |
| (JSC::encodeResult): |
| (JSC::decodeResult): |
| * runtime/VM.h: |
| * runtime/Watchdog.h: |
| * tools/HeapVerifier.cpp: |
| |
| 2018-10-26 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r237445. |
| https://bugs.webkit.org/show_bug.cgi?id=190972 |
| |
| Cause performance regression on iOS devices (Requested by |
| yusukesuzuki on #webkit). |
| |
| Reverted changeset: |
| |
| "Unreviewed, partial rolling in r237254" |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| https://trac.webkit.org/changeset/237445 |
| |
| 2018-10-26 Mark Lam <mark.lam@apple.com> |
| |
| Fix missing edge cases with JSGlobalObjects having a bad time. |
| https://bugs.webkit.org/show_bug.cgi?id=189028 |
| <rdar://problem/45204939> |
| |
| Reviewed by Saam Barati. |
| |
| Consider the following scenario: |
| |
| let object O1 (of global G1) have an indexing type that is not SlowPut. |
| let global G2 have a bad time. |
| let object O2 (of global G2) be set as the prototype of O1. |
| let object O3 (of global G2) have indexed accessors. |
| |
| In the existing code, if we set O3 as O2's prototype, we'll have a bug where |
| O1 will not be made aware that that there are indexed accessors in its prototype |
| chain. |
| |
| In this patch, we solve this issue by introducing a new invariant: |
| |
| A prototype chain is considered to possibly have indexed accessors if any |
| object in the chain belongs to a global object that is having a bad time. |
| |
| We apply this invariant as follows: |
| |
| 1. Enhance JSGlobalObject::haveABadTime() to also check if other global objects are |
| affected by it having a bad time. If so, it also ensures that those affected |
| global objects have a bad time. |
| |
| The original code for JSGlobalObject::haveABadTime() uses a ObjectsWithBrokenIndexingFinder |
| to find all objects affected by the global object having a bad time. We enhance |
| ObjectsWithBrokenIndexingFinder to also check for the possibility that any global |
| objects may be affected by other global objects having a bad time i.e. |
| |
| let g1 = global1 |
| let g2 = global2 |
| let o1 = an object in g1 |
| let o2 = an object in g2 |
| |
| let g1 have a bad time |
| g2 is affected if |
| o1 is in the prototype chain of o2, |
| and o2 may be a prototype. |
| |
| If the ObjectsWithBrokenIndexingFinder does find the possibility of other global |
| objects being affected, it will abort its heap scan and let haveABadTime() take |
| a slow path to do a more complete multi global object scan. |
| |
| The slow path works as follows: |
| |
| 1. Iterate the heap and record the graph of all global object dependencies. |
| |
| For each global object, record the list of other global objects that are |
| affected by it. |
| |
| 2. Compute a list of global objects that need to have a bad time using the |
| current global object dependency graph. |
| |
| 3. For each global object in the list of affected global objects, fire their |
| HaveABadTime watchpoint and convert all their array structures to the |
| SlowPut alternatives. |
| |
| 4. Re-run ObjectsWithBrokenIndexingFinder to find all objects that are affected |
| by any of the globals in the list from (2). |
| |
| 2. Enhance Structure::mayInterceptIndexedAccesses() to also return true if the |
| structure's global object is having a bad time. |
| |
| Note: there are 3 scenarios that we need to consider: |
| |
| let g1 = global1 |
| let g2 = global2 |
| let o1 = an object in g1 |
| let o2 = an object in g2 |
| |
| Scenario 1: o2 is a prototype, and |
| g1 has a bad time after o1 is inserted into the o2's prototype chain. |
| |
| Scenario 2: o2 is a prototype, and |
| o1 is inserted into the o2's prototype chain after g1 has a bad time. |
| |
| Scenario 3: o2 is NOT a prototype, and |
| o1 is inserted into the o2's prototype chain after g1 has a bad time. |
| |
| For scenario 1, when g1 has a bad time, we need to also make sure g2 has |
| a bad time. This is handled by enhancement 1 above. |
| |
| For scenario 2, when o1 is inserted into o2's prototype chain, we need to check |
| if o1's global object has a bad time. If so, then we need to make sure o2's |
| global also has a bad time (because o2 is a prototype) and convert o2's |
| storage type to SlowPut. This is handled by enhancement 2 above in conjunction |
| with JSObject::setPrototypeDirect(). |
| |
| For scenario 3, when o1 is inserted into o2's prototype chain, we need to check |
| if o1's global object has a bad time. If so, then we only need to convert o2's |
| storage type to SlowPut (because o2 is NOT a prototype). This is handled by |
| enhancement 2 above. |
| |
| 3. Also add $vm.isHavingABadTime(), $vm.createGlobalObject() to enable us to |
| write some tests for this issue. |
| |
| * runtime/JSGlobalObject.cpp: |
| (JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut): |
| (JSC::JSGlobalObject::haveABadTime): |
| * runtime/JSGlobalObject.h: |
| * runtime/JSObject.h: |
| (JSC::JSObject::mayInterceptIndexedAccesses): Deleted. |
| * runtime/JSObjectInlines.h: |
| (JSC::JSObject::mayInterceptIndexedAccesses): |
| * runtime/Structure.h: |
| * runtime/StructureInlines.h: |
| (JSC::Structure::mayInterceptIndexedAccesses const): |
| * tools/JSDollarVM.cpp: |
| (JSC::functionHaveABadTime): |
| (JSC::functionIsHavingABadTime): |
| (JSC::functionCreateGlobalObject): |
| (JSC::JSDollarVM::finishCreation): |
| |
| 2018-10-26 Keith Miller <keith_miller@apple.com> |
| |
| JSC xcconfig should set DEFINES_MODULE |
| https://bugs.webkit.org/show_bug.cgi?id=190952 |
| |
| Reviewed by Mark Lam. |
| |
| This should mean that the JavaScriptCore.framework will have a module map. |
| |
| * Configurations/JavaScriptCore.xcconfig: |
| |
| 2018-10-25 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] havingABadTimeWatchpoint is not required in Array#indexOf optimization |
| https://bugs.webkit.org/show_bug.cgi?id=190941 |
| |
| Reviewed by Saam Barati. |
| |
| While "Rest" operation fast path requires havingABadTimeWatchpoint since it allocates |
| JSArray, Array#{indexOf,lastIndexOf} do not require it when we use the fast path for them. |
| This patch removes watching on havingABadTimeWatchpoint in Array#indexOf. The test causing |
| "havingABadTime" is already included in our test suites (e.g. array-indexof-have-a-bad-time.js). |
| |
| * dfg/DFGByteCodeParser.cpp: |
| (JSC::DFG::ByteCodeParser::handleIntrinsicCall): |
| * runtime/JSArrayInlines.h: |
| (JSC::JSArray::canDoFastIndexedAccess): |
| * runtime/JSGlobalObject.h: |
| * runtime/JSGlobalObjectInlines.h: |
| (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable): |
| (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable): Deleted. |
| |
| 2018-10-25 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| Unreviewed, partial rolling in r237254 |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| |
| We do not use the added function right now to investigate what is the reason of the regression. |
| If it causes the regression, it seems that Parser.cpp's inlining decision seems culprit. |
| |
| * bytecode/UnlinkedFunctionExecutable.cpp: |
| (JSC::UnlinkedFunctionExecutable::fromGlobalCode): |
| * bytecode/UnlinkedFunctionExecutable.h: |
| * parser/Parser.cpp: |
| (JSC::Parser<LexerType>::parseInner): |
| (JSC::Parser<LexerType>::parseSingleFunction): |
| (JSC::Parser<LexerType>::parseFunctionInfo): |
| (JSC::Parser<LexerType>::parseFunctionDeclaration): |
| (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration): |
| * parser/Parser.h: |
| (JSC::Parser<LexerType>::parse): |
| (JSC::parse): |
| (JSC::parseFunctionForFunctionConstructor): |
| * parser/ParserModes.h: |
| * parser/ParserTokens.h: |
| (JSC::JSTextPosition::JSTextPosition): |
| (JSC::JSTokenLocation::JSTokenLocation): Deleted. |
| * parser/SourceCodeKey.h: |
| (JSC::SourceCodeKey::SourceCodeKey): |
| (JSC::SourceCodeKey::operator== const): |
| * runtime/CodeCache.cpp: |
| (JSC::CodeCache::getUnlinkedGlobalCodeBlock): |
| (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable): |
| * runtime/CodeCache.h: |
| * runtime/FunctionConstructor.cpp: |
| (JSC::constructFunctionSkippingEvalEnabledCheck): |
| * runtime/FunctionExecutable.cpp: |
| (JSC::FunctionExecutable::fromGlobalCode): |
| * runtime/FunctionExecutable.h: |
| |
| 2018-10-25 Brent Fulgham <bfulgham@apple.com> |
| |
| Unreviewed build fix for Visual Studio 2017 |
| |
| * API/tests/testapi.c: |
| (testMarkingConstraintsAndHeapFinalizers): |
| (main): |
| |
| 2018-10-25 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: display fullscreen enter/exit events in Timelines and Network node waterfalls |
| https://bugs.webkit.org/show_bug.cgi?id=189874 |
| <rdar://problem/44700000> |
| |
| Reviewed by Joseph Pecoraro. |
| |
| * inspector/protocol/DOM.json: |
| Allow `data` to be passed to the frontend with `didFireEvent`. |
| |
| 2018-10-25 Ross Kirsling <ross.kirsling@sony.com> |
| |
| Cleanup: inline constexpr is redundant as constexpr implies inline |
| https://bugs.webkit.org/show_bug.cgi?id=190819 |
| |
| Reviewed by Mark Lam. |
| |
| * bytecode/ArrayProfile.h: |
| (JSC::asArrayModes): |
| * runtime/IndexingType.h: |
| (JSC::isCopyOnWrite): |
| * runtime/MathCommon.h: |
| (JSC::maxSafeInteger): |
| (JSC::minSafeInteger): |
| * runtime/StackAlignment.h: |
| (JSC::stackAlignmentBytes): |
| (JSC::stackAlignmentRegisters): |
| |
| 2018-10-24 Megan Gardner <megan_gardner@apple.com> |
| |
| Turn on Conic Gradients |
| https://bugs.webkit.org/show_bug.cgi?id=190810 |
| |
| Reviewed by Tim Horton. |
| |
| * Configurations/FeatureDefines.xcconfig: |
| |
| 2018-10-24 Michael Saboff <msaboff@apple.com> |
| |
| Increase executable memory pool from 64MB to 128MB for ARM64 |
| https://bugs.webkit.org/show_bug.cgi?id=190453 |
| |
| Unreviewed, rolling back in r237024. |
| |
| The original change did impact ARES-6 performance by 4-8%. That will |
| be investigated separately. |
| |
| 2018-10-22 Keith Rollin <krollin@apple.com> |
| |
| Use Location = "Relative to Build Products" rather than "Relative to Group" |
| https://bugs.webkit.org/show_bug.cgi?id=190781 |
| |
| Reviewed by Alexey Proskuryakov. |
| |
| Almost all Derived Files are included in Xcode projects with the |
| Location attribute set to "Relative to Group". While this currently |
| works, the Derived Files can no longer be found when enabling XCBuild |
| (which has stricter requirements). Fix this by setting the Location |
| attribute to "Relative to Build Products". |
| |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| |
| 2018-10-22 Mark Lam <mark.lam@apple.com> |
| |
| DFGAbstractValue::m_arrayModes expects IndexingMode values, not IndexingType. |
| https://bugs.webkit.org/show_bug.cgi?id=190515 |
| <rdar://problem/45222379> |
| |
| Reviewed by Saam Barati. |
| |
| 1. Fixes calls to asArrayModes() to take a structure's IndexingMode instead of |
| IndexingType. |
| |
| 2. DFG's compileNewArrayBuffer()'s HaveABadTime case was previously using the |
| node's indexingType (instead of indexingMode) to choose the array structure |
| to use for creating an array buffer with. This turns out to not be an issue |
| because when the VM is in having a bad time, all the |
| arrayStructureForIndexingTypeDuringAllocation structure pointers will point to |
| the SlowPutArrayStorage structure anyway. However, to be strictly correct, |
| we'll fix it to use the structure for the node's indexingMode. |
| |
| * dfg/DFGAbstractValue.cpp: |
| (JSC::DFG::AbstractValue::set): |
| (JSC::DFG::AbstractValue::mergeOSREntryValue): |
| * dfg/DFGAbstractValue.h: |
| (JSC::DFG::AbstractValue::validate const): |
| * dfg/DFGOSRExit.cpp: |
| (JSC::DFG::OSRExit::executeOSRExit): |
| * dfg/DFGRegisteredStructureSet.cpp: |
| (JSC::DFG::RegisteredStructureSet::arrayModesFromStructures const): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileNewArrayBuffer): |
| |
| 2018-10-19 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r237254. |
| https://bugs.webkit.org/show_bug.cgi?id=190760 |
| |
| "It regresses JetStream 2 by 5% on some iOS devices" |
| (Requested by saamyjoon on #webkit). |
| |
| Reverted changeset: |
| |
| "[JSC] JSC should have "parseFunction" to optimize Function |
| constructor" |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| https://trac.webkit.org/changeset/237254 |
| |
| 2018-10-19 Saam Barati <sbarati@apple.com> |
| |
| vmCall should check if we exit before emitting an OSR exit due to exceptions |
| https://bugs.webkit.org/show_bug.cgi?id=190740 |
| <rdar://problem/45220139> |
| |
| Reviewed by Mark Lam. |
| |
| The bug we were seeing is the MovHint removal phase would |
| eliminate a superfluous MovHint. This left a certain range |
| of nodes in a state where they would not be able to reconstruct |
| values for an OSR exit. This is OK, since this phase proved those |
| nodes don't exit. However, some of these nodes may use the vmCall |
| construct in FTLLower. vmCall used to unconditionally emit an |
| exception check after each call. However, if such a call happens |
| in the range of nodes where we can't exit, we would end up generating |
| an invalid exit (and running with validateFTLOSRExitLiveness flag |
| would find this issue). |
| |
| This patch makes vmCall check to see if the node can exit before |
| emitting an exception check. A node not being able to exit implies |
| that it can't exit for exceptions, therefore, by definition, it can't |
| throw an exception. |
| |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::vmCall): |
| |
| 2018-10-19 Caio Lima <ticaiolima@gmail.com> |
| |
| [ESNext][BigInt] Implement support for "^" |
| https://bugs.webkit.org/show_bug.cgi?id=186235 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| This patch is introducing support for BigInt into bitwise xor |
| operation. We are including only support into LLInt and Baseline. |
| |
| * runtime/CommonSlowPaths.cpp: |
| (JSC::SLOW_PATH_DECL): |
| * runtime/JSBigInt.cpp: |
| (JSC::JSBigInt::bitwiseXor): |
| (JSC::JSBigInt::absoluteXor): |
| * runtime/JSBigInt.h: |
| |
| 2018-10-19 Caio Lima <ticaiolima@gmail.com> |
| |
| [BigInt] Add ValueSub into DFG |
| https://bugs.webkit.org/show_bug.cgi?id=186176 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| We are introducing in this patch a new node called ValueSub. This node |
| is necessary due to introduction of BigInt, making subtraction |
| operations result in non-Number values in some cases. In such case, ValueSub is |
| responsible to handle Untyped and BigInt operations. |
| In addition, we are also creating a speculative path when both |
| operands are BigInt. According to a simple BigInt subtraction microbenchmark, |
| this represents a speedup of ~1.2x faster. |
| |
| big-int-simple-sub 14.6427+-0.5652 ^ 11.9559+-0.6485 ^ definitely 1.2247x faster |
| |
| * dfg/DFGAbstractInterpreterInlines.h: |
| (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): |
| * dfg/DFGByteCodeParser.cpp: |
| (JSC::DFG::ByteCodeParser::parseBlock): |
| * dfg/DFGClobberize.h: |
| (JSC::DFG::clobberize): |
| * dfg/DFGDoesGC.cpp: |
| (JSC::DFG::doesGC): |
| * dfg/DFGFixupPhase.cpp: |
| (JSC::DFG::FixupPhase::fixupNode): |
| * dfg/DFGGraph.h: |
| (JSC::DFG::Graph::addSpeculationMode): |
| * dfg/DFGNodeType.h: |
| * dfg/DFGOperations.cpp: |
| * dfg/DFGOperations.h: |
| * dfg/DFGPredictionPropagationPhase.cpp: |
| * dfg/DFGSafeToExecute.h: |
| (JSC::DFG::safeToExecute): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileValueSub): |
| (JSC::DFG::SpeculativeJIT::compileArithSub): |
| * dfg/DFGSpeculativeJIT.h: |
| * dfg/DFGSpeculativeJIT32_64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGSpeculativeJIT64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGValidate.cpp: |
| * ftl/FTLCapabilities.cpp: |
| (JSC::FTL::canCompile): |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compileNode): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueSub): |
| |
| 2018-10-18 Alexey Proskuryakov <ap@apple.com> |
| |
| Switch from PLATFORM(IOS) to PLATFORM(IOS_FAMILY) |
| https://bugs.webkit.org/show_bug.cgi?id=190729 |
| |
| Reviewed by Tim Horton. |
| |
| * API/JSBase.cpp: |
| * API/JSWrapperMap.mm: |
| * assembler/ARM64Assembler.h: |
| (JSC::ARM64Assembler::cacheFlush): |
| * assembler/ARMv7Assembler.h: |
| (JSC::ARMv7Assembler::cacheFlush): |
| * assembler/AssemblerCommon.h: |
| (JSC::isIOS): |
| * heap/FullGCActivityCallback.cpp: |
| (JSC::FullGCActivityCallback::doCollection): |
| * heap/Heap.cpp: |
| (JSC::Heap::overCriticalMemoryThreshold): |
| (JSC::Heap::updateAllocationLimits): |
| (JSC::Heap::collectIfNecessaryOrDefer): |
| * heap/Heap.h: |
| * inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm: |
| (Inspector::RemoteConnectionToTarget::dispatchAsyncOnTarget): |
| * jit/ExecutableAllocator.cpp: |
| (JSC::allowJIT): |
| * jit/ExecutableAllocator.h: |
| * jit/RegisterSet.cpp: |
| (JSC::RegisterSet::reservedHardwareRegisters): |
| (JSC::RegisterSet::calleeSaveRegisters): |
| * jit/ThunkGenerators.cpp: |
| * jsc.cpp: |
| (main): |
| * runtime/MathCommon.cpp: |
| * runtime/Options.cpp: |
| (JSC::overrideDefaults): |
| (JSC::recomputeDependentOptions): |
| * runtime/Options.h: |
| |
| 2018-10-18 Ross Kirsling <ross.kirsling@sony.com> |
| |
| delete expression should not throw without a reference |
| https://bugs.webkit.org/show_bug.cgi?id=190637 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| * parser/Parser.cpp: |
| (JSC::Parser<LexerType>::parseUnaryExpression): |
| Eliminate non-spec-compliant switch case. |
| |
| 2018-10-18 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] JSC should have "parseFunction" to optimize Function constructor |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| |
| Reviewed by Mark Lam. |
| |
| The current Function constructor is suboptimal. We parse the piece of the same code three times to meet |
| the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function. |
| And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation |
| is really costly and ideally we should meet the above requirement by the one time parsing. |
| |
| To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function |
| takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser. |
| For example, if we run the code, |
| |
| Function('/*', '*/){') |
| |
| According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter |
| string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing |
| that, in our implementation, we first create the entire string. |
| |
| function anonymous(/*) { |
| */){ |
| } |
| |
| And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case, |
| the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token |
| offset of the parameters is the given end position. This check allows us to raise the error correctly to the |
| above example while we parse the entire function only once. And we do not need to create two strings too. |
| |
| This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is |
| significantly sped up (28.2%). |
| |
| Before: |
| uglify-js: 2.94 runs/s |
| After: |
| uglify-js: 3.77 runs/s |
| |
| * bytecode/UnlinkedFunctionExecutable.cpp: |
| (JSC::UnlinkedFunctionExecutable::fromGlobalCode): |
| * bytecode/UnlinkedFunctionExecutable.h: |
| * parser/Parser.cpp: |
| (JSC::Parser<LexerType>::parseInner): |
| (JSC::Parser<LexerType>::parseSingleFunction): |
| (JSC::Parser<LexerType>::parseFunctionInfo): |
| (JSC::Parser<LexerType>::parseFunctionDeclaration): |
| (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration): |
| * parser/Parser.h: |
| (JSC::Parser<LexerType>::parse): |
| (JSC::parse): |
| (JSC::parseFunctionForFunctionConstructor): |
| * parser/ParserModes.h: |
| * parser/ParserTokens.h: |
| (JSC::JSTextPosition::JSTextPosition): |
| (JSC::JSTokenLocation::JSTokenLocation): Deleted. |
| * parser/SourceCodeKey.h: |
| (JSC::SourceCodeKey::SourceCodeKey): |
| (JSC::SourceCodeKey::operator== const): |
| * runtime/CodeCache.cpp: |
| (JSC::CodeCache::getUnlinkedGlobalCodeBlock): |
| (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable): |
| * runtime/CodeCache.h: |
| * runtime/FunctionConstructor.cpp: |
| (JSC::constructFunctionSkippingEvalEnabledCheck): |
| * runtime/FunctionExecutable.cpp: |
| (JSC::FunctionExecutable::fromGlobalCode): |
| * runtime/FunctionExecutable.h: |
| |
| 2018-10-18 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r237242. |
| https://bugs.webkit.org/show_bug.cgi?id=190701 |
| |
| it breaks "stress/sampling-profiler-basic.js" (Requested by |
| caiolima on #webkit). |
| |
| Reverted changeset: |
| |
| "[BigInt] Add ValueSub into DFG" |
| https://bugs.webkit.org/show_bug.cgi?id=186176 |
| https://trac.webkit.org/changeset/237242 |
| |
| 2018-10-18 Takafumi Kubota <takafumi.kubota1012@sslab.ics.keio.ac.jp> |
| |
| Missing #pragma once in WasmOpcodeOrigin.h |
| https://bugs.webkit.org/show_bug.cgi?id=190699 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| This patch add ''#pragma once'' into WasmOpcodeOrigin.h to avoid the |
| multiple inclusion that can happen in the unified build |
| configuration. |
| |
| * wasm/WasmOpcodeOrigin.h: |
| |
| 2018-10-17 Wenson Hsieh <wenson_hsieh@apple.com> |
| |
| Enable the datalist element by default on iOS and macOS |
| https://bugs.webkit.org/show_bug.cgi?id=190594 |
| <rdar://problem/45281159> |
| |
| Reviewed by Ryosuke Niwa and Tim Horton. |
| |
| * Configurations/FeatureDefines.xcconfig: |
| |
| 2018-10-17 Caio Lima <ticaiolima@gmail.com> |
| |
| [BigInt] Add ValueSub into DFG |
| https://bugs.webkit.org/show_bug.cgi?id=186176 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| We are introducing in this patch a new node called ValueSub. This node |
| is necessary due to introduction of BigInt, making subtraction |
| operations result in non-Number values in some cases. In such case, ValueSub is |
| responsible to handle Untyped and BigInt operations. |
| In addition, we are also creating a speculative path when both |
| operands are BigInt. According to a simple BigInt subtraction microbenchmark, |
| this represents a speedup of ~1.2x faster. |
| |
| big-int-simple-sub 14.6427+-0.5652 ^ 11.9559+-0.6485 ^ definitely 1.2247x faster |
| |
| * dfg/DFGAbstractInterpreterInlines.h: |
| (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): |
| * dfg/DFGByteCodeParser.cpp: |
| (JSC::DFG::ByteCodeParser::parseBlock): |
| * dfg/DFGClobberize.h: |
| (JSC::DFG::clobberize): |
| * dfg/DFGDoesGC.cpp: |
| (JSC::DFG::doesGC): |
| * dfg/DFGFixupPhase.cpp: |
| (JSC::DFG::FixupPhase::fixupNode): |
| * dfg/DFGGraph.h: |
| (JSC::DFG::Graph::addSpeculationMode): |
| * dfg/DFGNodeType.h: |
| * dfg/DFGOperations.cpp: |
| * dfg/DFGOperations.h: |
| * dfg/DFGPredictionPropagationPhase.cpp: |
| * dfg/DFGSafeToExecute.h: |
| (JSC::DFG::safeToExecute): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileValueSub): |
| (JSC::DFG::SpeculativeJIT::compileArithSub): |
| * dfg/DFGSpeculativeJIT.h: |
| * dfg/DFGSpeculativeJIT32_64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGSpeculativeJIT64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGValidate.cpp: |
| * ftl/FTLCapabilities.cpp: |
| (JSC::FTL::canCompile): |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compileNode): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueSub): |
| |
| 2018-10-17 Mark Lam <mark.lam@apple.com> |
| |
| The parser should not emit a ApplyFunctionCallDotNode for Reflect.apply. |
| https://bugs.webkit.org/show_bug.cgi?id=190671 |
| <rdar://problem/45201145> |
| |
| Reviewed by Saam Barati. |
| |
| The bytecode generator does not currently know how to inline Reflect.apply (see |
| https://bugs.webkit.org/show_bug.cgi?id=190668). Hence, it's a waste of time to |
| emit the ApplyFunctionCallDotNode since the function check against Function.apply |
| that it will generate will always fail. |
| |
| Also fixed CallVariant::dump() to be able to handle dumping a non-executable |
| callee. Reflect.apply used to trip this up. Any object with an apply property |
| invoked as a function could also trip this up. This is now fixed. |
| |
| * bytecode/CallVariant.cpp: |
| (JSC::CallVariant::dump const): |
| * bytecompiler/NodesCodegen.cpp: |
| (JSC::ApplyFunctionCallDotNode::emitBytecode): |
| * parser/ASTBuilder.h: |
| (JSC::ASTBuilder::makeFunctionCallNode): |
| |
| 2018-10-17 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r237024. |
| https://bugs.webkit.org/show_bug.cgi?id=190673 |
| |
| "It regressed ARES6 on iOS devices by 4-8%" (Requested by |
| saamyjoon on #webkit). |
| |
| Reverted changeset: |
| |
| "Increase executable memory pool from 64MB to 128MB for ARM64" |
| https://bugs.webkit.org/show_bug.cgi?id=190453 |
| https://trac.webkit.org/changeset/237024 |
| |
| 2018-10-17 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Use WTF::Function instead of std::function |
| https://bugs.webkit.org/show_bug.cgi?id=190665 |
| |
| Reviewed by Keith Miller. |
| |
| We should use WTF::Function as much as possible. It allocates memory from bmalloc instead of standard malloc. |
| |
| * runtime/JSNativeStdFunction.h: |
| |
| 2018-10-17 Keith Miller <keith_miller@apple.com> |
| |
| Remove debug logging from generate_offsets_extractor.rb |
| https://bugs.webkit.org/show_bug.cgi?id=190667 |
| |
| Reviewed by Mark Lam. |
| |
| * offlineasm/generate_offset_extractor.rb: |
| |
| 2018-10-17 Keith Miller <keith_miller@apple.com> |
| |
| AI does not clear Phantom allocation nodes. |
| https://bugs.webkit.org/show_bug.cgi?id=190694 |
| |
| Reviewed by Saam Barati. |
| |
| Phantom nodes claim to have a result so they should make sure they clear |
| their abstract values. |
| |
| * dfg/DFGAbstractInterpreterInlines.h: |
| (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): |
| |
| 2018-10-17 Keith Miller <keith_miller@apple.com> |
| |
| Unreviewed, fix windows build. |
| |
| * offlineasm/generate_offset_extractor.rb: |
| |
| 2018-10-17 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] More aggressively use `constexpr` in LowLevelInterpreter.asm for constant values |
| https://bugs.webkit.org/show_bug.cgi?id=190659 |
| |
| Reviewed by Keith Miller. |
| |
| Asking the actual constant value to the JSC binary is always the best way to get the correct value. |
| The value is correctly updated once the original value is changed. We would like to encourage this |
| approach more in LowLevelInterpreter.asm. |
| |
| This patch expands the coverage of this approach. We make ObservedType, ResultType, and ArithProfile |
| constexpr-friendly to produce the magic value used in LowLevelInterpreter.asm at compiling time. |
| This change allows us to easily extend ArithProfile in the future to adopt BigInt efficiently. |
| |
| We additionally use `constexpr` for several constant values in LowLevelInterpreter.asm. |
| |
| * assembler/MaxFrameExtentForSlowPathCall.h: |
| Use this value in LowLevelInterpreter.asm directly. We also make them constexpr. And we add CPU(ARM64E). |
| |
| * bytecode/ArithProfile.h: |
| (JSC::ObservedType::ObservedType): |
| (JSC::ObservedType::sawInt32 const): |
| (JSC::ObservedType::isOnlyInt32 const): |
| (JSC::ObservedType::sawNumber const): |
| (JSC::ObservedType::isOnlyNumber const): |
| (JSC::ObservedType::sawNonNumber const): |
| (JSC::ObservedType::isOnlyNonNumber const): |
| (JSC::ObservedType::isEmpty const): |
| (JSC::ObservedType::bits const): |
| (JSC::ObservedType::withInt32 const): |
| (JSC::ObservedType::withNumber const): |
| (JSC::ObservedType::withNonNumber const): |
| (JSC::ObservedType::withoutNonNumber const): |
| (JSC::ObservedType::operator== const): |
| (JSC::ArithProfile::ArithProfile): |
| (JSC::ArithProfile::fromInt): |
| (JSC::ArithProfile::observedUnaryInt): |
| (JSC::ArithProfile::observedUnaryNumber): |
| (JSC::ArithProfile::observedBinaryIntInt): |
| (JSC::ArithProfile::observedBinaryNumberInt): |
| (JSC::ArithProfile::observedBinaryIntNumber): |
| (JSC::ArithProfile::observedBinaryNumberNumber): |
| (JSC::ArithProfile::lhsObservedType const): |
| (JSC::ArithProfile::rhsObservedType const): |
| (JSC::ArithProfile::bits const): |
| Make ObservedType and ArithProfile constexpr-friendly. |
| |
| * llint/LLIntData.cpp: |
| (JSC::LLInt::Data::performAssertions): |
| Make several ASSERTs to STATIC_ASSERTs. Remove some unnecessary checks. |
| * llint/LLIntOffsetsExtractor.cpp: |
| * llint/LowLevelInterpreter.asm: |
| Remove unused constant values. Use constexpr more and more aggressively. |
| |
| * parser/ResultType.h: |
| (JSC::ResultType::ResultType): |
| (JSC::ResultType::isInt32 const): |
| (JSC::ResultType::definitelyIsNumber const): |
| (JSC::ResultType::definitelyIsString const): |
| (JSC::ResultType::definitelyIsBoolean const): |
| (JSC::ResultType::definitelyIsBigInt const): |
| (JSC::ResultType::mightBeNumber const): |
| (JSC::ResultType::isNotNumber const): |
| (JSC::ResultType::mightBeBigInt const): |
| (JSC::ResultType::isNotBigInt const): |
| (JSC::ResultType::nullType): |
| (JSC::ResultType::booleanType): |
| (JSC::ResultType::numberType): |
| (JSC::ResultType::numberTypeIsInt32): |
| (JSC::ResultType::stringOrNumberType): |
| (JSC::ResultType::addResultType): |
| (JSC::ResultType::stringType): |
| (JSC::ResultType::bigIntType): |
| (JSC::ResultType::unknownType): |
| (JSC::ResultType::forAdd): |
| (JSC::ResultType::forLogicalOp): |
| (JSC::ResultType::forBitOp): |
| (JSC::ResultType::bits const): |
| Make ResultType constexpr-friendly. |
| |
| * runtime/JSCJSValue.h: |
| Use offsetof instead of OBJECT_OFFSETOF. It is OK since EncodedValueDescriptor is POD. |
| This change makes TagOffset and PayloadOffset macros constexpr-friendly while OBJECT_OFFSETOF |
| cannot be used in constexpr since it uses reinterpret_cast. |
| |
| 2018-10-17 Keith Miller <keith_miller@apple.com> |
| |
| Unreviewed revert Fujii's revert in r237214 with new WinCairo build fix. |
| |
| 2018-10-16 Mark Lam <mark.lam@apple.com> |
| |
| GetIndexedPropertyStorage can GC. |
| https://bugs.webkit.org/show_bug.cgi?id=190625 |
| <rdar://problem/45309366> |
| |
| Reviewed by Saam Barati. |
| |
| This is because if the ArrayMode type is String, the DFG and FTL will be emitting |
| a call to operationResolveRope, and operationResolveRope can GC. This patch |
| updates doesGC() to reflect this. |
| |
| * dfg/DFGDoesGC.cpp: |
| (JSC::DFG::doesGC): |
| |
| 2018-10-16 Fujii Hironori <Hironori.Fujii@sony.com> |
| |
| Unreviewed, rolling out r237188, r237189, and r237197. |
| |
| It breaks WinCairo Debug builds and Release LayoutTests |
| |
| Reverted changesets: |
| |
| https://bugs.webkit.org/show_bug.cgi?id=189708 |
| https://trac.webkit.org/changeset/237188 |
| |
| "Unreviewed, forgot to add untracked files." |
| https://trac.webkit.org/changeset/237189 |
| |
| "isASTErroneous in offlineasm should de-macroify before |
| looking for Errors" |
| https://bugs.webkit.org/show_bug.cgi?id=190634 |
| https://trac.webkit.org/changeset/237197 |
| |
| 2018-10-16 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: Canvas: capture previously saved states and add them to the recording payload |
| https://bugs.webkit.org/show_bug.cgi?id=190473 |
| |
| Reviewed by Joseph Pecoraro. |
| |
| * inspector/protocol/Recording.json: |
| Add `states` key to `InitialState` object. |
| |
| 2018-10-16 Keith Miller <keith_miller@apple.com> |
| |
| isASTErroneous in offlineasm should de-macroify before looking for Errors |
| https://bugs.webkit.org/show_bug.cgi?id=190634 |
| |
| Reviewed by Mark Lam. |
| |
| If a macro isn't usable in a configuration it might still cause us to |
| think the ast is invalid. This change runs the de-macroifier before |
| looking for errors. |
| |
| Also, it adds a missing include to Printer.h. |
| |
| * assembler/Printer.h: |
| * offlineasm/settings.rb: |
| |
| 2018-10-16 Justin Michaud <justin_michaud@apple.com> |
| |
| Implement feature flag and bindings for CSS Painting API |
| https://bugs.webkit.org/show_bug.cgi?id=190237 |
| |
| Reviewed by Ryosuke Niwa. |
| |
| * Configurations/FeatureDefines.xcconfig: |
| |
| 2018-10-16 Keith Miller <keith_miller@apple.com> |
| |
| Unreviewed, forgot to add untracked files. |
| |
| * llint/LLIntSettingsExtractor.cpp: Added. |
| (main): |
| * offlineasm/generate_settings_extractor.rb: Added. |
| |
| 2018-10-16 Keith Miller <keith_miller@apple.com> |
| |
| Unreviewed, reland https://bugs.webkit.org/show_bug.cgi?id=189708 with build fix. |
| |
| * CMakeLists.txt: |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * llint/LLIntOffsetsExtractor.cpp: |
| (JSC::LLIntOffsetsExtractor::dummy): |
| * offlineasm/generate_offset_extractor.rb: |
| * offlineasm/offsets.rb: |
| * offlineasm/settings.rb: |
| |
| 2018-10-16 Keith Miller <keith_miller@apple.com> |
| |
| Unreviewed, add missing include. |
| |
| * runtime/BasicBlockLocation.h: |
| |
| 2018-10-15 Keith Miller <keith_miller@apple.com> |
| |
| Support arm64 CPUs with a 32-bit address space |
| https://bugs.webkit.org/show_bug.cgi?id=190273 |
| |
| Reviewed by Michael Saboff. |
| |
| This patch adds support for arm64_32 in the LLInt. In order to |
| make this work we needed to add a new type that reflects the size |
| of a cpu register. This type is called CPURegister or UCPURegister |
| for the unsigned version. Most places that used void* or intptr_t |
| to refer to a register have been changed to use this new type. |
| |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * assembler/ARM64Assembler.h: |
| (JSC::isInt): |
| (JSC::is4ByteAligned): |
| (JSC::PairPostIndex::PairPostIndex): |
| (JSC::PairPreIndex::PairPreIndex): |
| (JSC::ARM64Assembler::readPointer): |
| (JSC::ARM64Assembler::readCallTarget): |
| (JSC::ARM64Assembler::computeJumpType): |
| (JSC::ARM64Assembler::linkCompareAndBranch): |
| (JSC::ARM64Assembler::linkConditionalBranch): |
| (JSC::ARM64Assembler::linkTestAndBranch): |
| (JSC::ARM64Assembler::loadRegisterLiteral): |
| (JSC::ARM64Assembler::loadStoreRegisterPairPostIndex): |
| (JSC::ARM64Assembler::loadStoreRegisterPairPreIndex): |
| (JSC::ARM64Assembler::loadStoreRegisterPairOffset): |
| (JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal): |
| (JSC::isInt7): Deleted. |
| (JSC::isInt11): Deleted. |
| * assembler/CPU.h: |
| (JSC::isAddress64Bit): |
| (JSC::isAddress32Bit): |
| * assembler/MacroAssembler.h: |
| (JSC::MacroAssembler::shouldBlind): |
| * assembler/MacroAssemblerARM64.cpp: |
| (JSC::MacroAssemblerARM64::collectCPUFeatures): |
| * assembler/MacroAssemblerARM64.h: |
| (JSC::MacroAssemblerARM64::load): |
| (JSC::MacroAssemblerARM64::store): |
| (JSC::MacroAssemblerARM64::isInIntRange): Deleted. |
| * assembler/Printer.h: |
| * assembler/ProbeContext.h: |
| (JSC::Probe::CPUState::gpr): |
| (JSC::Probe::CPUState::spr): |
| (JSC::Probe::Context::gpr): |
| (JSC::Probe::Context::spr): |
| * b3/B3ConstPtrValue.h: |
| * b3/B3StackmapSpecial.cpp: |
| (JSC::B3::StackmapSpecial::isArgValidForRep): |
| * b3/air/AirArg.h: |
| (JSC::B3::Air::Arg::stackSlot const): |
| (JSC::B3::Air::Arg::special const): |
| * b3/air/testair.cpp: |
| * b3/testb3.cpp: |
| (JSC::B3::testStoreConstantPtr): |
| (JSC::B3::testInterpreter): |
| (JSC::B3::testAddShl32): |
| (JSC::B3::testLoadBaseIndexShift32): |
| * bindings/ScriptFunctionCall.cpp: |
| (Deprecated::ScriptCallArgumentHandler::appendArgument): |
| * bindings/ScriptFunctionCall.h: |
| * bytecode/CodeBlock.cpp: |
| (JSC::roundCalleeSaveSpaceAsVirtualRegisters): |
| * dfg/DFGOSRExit.cpp: |
| (JSC::DFG::restoreCalleeSavesFor): |
| (JSC::DFG::saveCalleeSavesFor): |
| (JSC::DFG::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer): |
| (JSC::DFG::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer): |
| * dfg/DFGOSRExitCompilerCommon.cpp: |
| (JSC::DFG::reifyInlinedCallFrames): |
| * dfg/DFGSpeculativeJIT64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * disassembler/UDis86Disassembler.cpp: |
| (JSC::tryToDisassembleWithUDis86): |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compileWeakMapGet): |
| * heap/MachineStackMarker.cpp: |
| (JSC::copyMemory): |
| * interpreter/CallFrame.h: |
| (JSC::ExecState::returnPC const): |
| (JSC::ExecState::hasReturnPC const): |
| (JSC::ExecState::clearReturnPC): |
| (JSC::ExecState::returnPCOffset): |
| (JSC::ExecState::isGlobalExec const): |
| (JSC::ExecState::setReturnPC): |
| * interpreter/CalleeBits.h: |
| (JSC::CalleeBits::boxWasm): |
| (JSC::CalleeBits::isWasm const): |
| (JSC::CalleeBits::asWasmCallee const): |
| * interpreter/Interpreter.cpp: |
| (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const): |
| * interpreter/VMEntryRecord.h: |
| * jit/AssemblyHelpers.h: |
| (JSC::AssemblyHelpers::clearStackFrame): |
| * jit/RegisterAtOffset.h: |
| (JSC::RegisterAtOffset::offsetAsIndex const): |
| * jit/RegisterAtOffsetList.cpp: |
| (JSC::RegisterAtOffsetList::RegisterAtOffsetList): |
| * llint/LLIntData.cpp: |
| (JSC::LLInt::Data::performAssertions): |
| * llint/LLIntOfflineAsmConfig.h: |
| * llint/LowLevelInterpreter.asm: |
| * llint/LowLevelInterpreter64.asm: |
| * offlineasm/arm64.rb: |
| * offlineasm/asm.rb: |
| * offlineasm/ast.rb: |
| * offlineasm/backends.rb: |
| * offlineasm/parser.rb: |
| * offlineasm/x86.rb: |
| * runtime/BasicBlockLocation.cpp: |
| (JSC::BasicBlockLocation::dumpData const): |
| (JSC::BasicBlockLocation::emitExecuteCode const): |
| * runtime/BasicBlockLocation.h: |
| * runtime/HasOwnPropertyCache.h: |
| * runtime/JSBigInt.cpp: |
| (JSC::JSBigInt::inplaceMultiplyAdd): |
| (JSC::JSBigInt::digitDiv): |
| * runtime/JSBigInt.h: |
| * runtime/JSObject.h: |
| * runtime/Options.cpp: |
| (JSC::jitEnabledByDefault): |
| * runtime/Options.h: |
| * runtime/RegExp.cpp: |
| (JSC::RegExp::printTraceData): |
| * runtime/SamplingProfiler.cpp: |
| (JSC::CFrameWalker::walk): |
| * runtime/SlowPathReturnType.h: |
| (JSC::encodeResult): |
| (JSC::decodeResult): |
| * tools/SigillCrashAnalyzer.cpp: |
| (JSC::SigillCrashAnalyzer::dumpCodeBlock): |
| |
| 2018-10-15 Justin Fan <justin_fan@apple.com> |
| |
| Add WebGPU 2018 feature flag and experimental feature flag |
| https://bugs.webkit.org/show_bug.cgi?id=190509 |
| |
| Reviewed by Dean Jackson. |
| |
| Re-add ENABLE_WEBGPU, an experimental feature flag, and a RuntimeEnabledFeature |
| for the 2018 WebGPU prototype. |
| |
| * Configurations/FeatureDefines.xcconfig: |
| |
| 2018-10-15 Timothy Hatcher <timothy@apple.com> |
| |
| Add support for prefers-color-scheme media query |
| https://bugs.webkit.org/show_bug.cgi?id=190499 |
| rdar://problem/45212025 |
| |
| Reviewed by Dean Jackson. |
| |
| * Configurations/FeatureDefines.xcconfig: Added ENABLE_DARK_MODE_CSS. |
| |
| 2018-10-15 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r237084, r237088, r237098, and |
| r237114. |
| https://bugs.webkit.org/show_bug.cgi?id=190602 |
| |
| Breaks internal builds. (Requested by ryanhaddad on #webkit). |
| |
| Reverted changesets: |
| |
| "Separate configuration extraction from offset extraction" |
| https://bugs.webkit.org/show_bug.cgi?id=189708 |
| https://trac.webkit.org/changeset/237084 |
| |
| "Gardening: Build fix after r237084." |
| https://bugs.webkit.org/show_bug.cgi?id=189708 |
| https://trac.webkit.org/changeset/237088 |
| |
| "Gardening: Build fix after r237084." |
| https://bugs.webkit.org/show_bug.cgi?id=189708 |
| https://trac.webkit.org/changeset/237098 |
| |
| "REGRESSION (r237084): JavaScriptCore fails to build on Linux" |
| https://trac.webkit.org/changeset/237114 |
| |
| 2018-10-15 Keith Miller <keith_miller@apple.com> |
| |
| BytecodeDumper should print all switch labels |
| https://bugs.webkit.org/show_bug.cgi?id=190596 |
| |
| Reviewed by Saam Barati. |
| |
| Right now the bytecode dumper only prints the default target not any of the |
| non-default targets. |
| |
| * bytecode/BytecodeDumper.cpp: |
| (JSC::BytecodeDumper<Block>::dumpBytecode): |
| |
| 2018-10-15 Saam barati <sbarati@apple.com> |
| |
| Emit fjcvtzs on ARM64E on Darwin |
| https://bugs.webkit.org/show_bug.cgi?id=184023 |
| |
| Reviewed by Yusuke Suzuki and Filip Pizlo. |
| |
| ARMv8.3 introduced the fjcvtzs instruction which does double->int32 |
| conversion using the semantics defined by JavaScript: |
| http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0801g/hko1477562192868.html |
| This patch teaches JSC to use that instruction when possible. |
| |
| * assembler/ARM64Assembler.h: |
| (JSC::ARM64Assembler::fjcvtzs): |
| (JSC::ARM64Assembler::fjcvtzsInsn): |
| * assembler/MacroAssemblerARM64.cpp: |
| (JSC::MacroAssemblerARM64::collectCPUFeatures): |
| * assembler/MacroAssemblerARM64.h: |
| (JSC::MacroAssemblerARM64::supportsDoubleToInt32ConversionUsingJavaScriptSemantics): |
| (JSC::MacroAssemblerARM64::convertDoubleToInt32UsingJavaScriptSemantics): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileValueToInt32): |
| * disassembler/ARM64/A64DOpcode.cpp: |
| * disassembler/ARM64/A64DOpcode.h: |
| (JSC::ARM64Disassembler::A64DOpcode::appendInstructionName): |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32): |
| * jit/JITRightShiftGenerator.cpp: |
| (JSC::JITRightShiftGenerator::generateFastPath): |
| * runtime/MathCommon.h: |
| (JSC::toInt32): |
| |
| 2018-10-15 Saam Barati <sbarati@apple.com> |
| |
| JSArray::shiftCountWithArrayStorage is wrong when an array has holes |
| https://bugs.webkit.org/show_bug.cgi?id=190262 |
| <rdar://problem/44986241> |
| |
| Reviewed by Mark Lam. |
| |
| We would take the fast path for shiftCountWithArrayStorage when the array |
| hasHoles(). However, the code for this was wrong. It'd incorrectly update |
| ArrayStorage::m_numValuesInVector. Since the hasHoles() for ArrayStorage |
| path is never taken in JetStream 2, this patch just removes that from |
| the fast path. Instead, we just fallback to the slow path when hasHoles(). |
| If we find evidence that this matters for real use cases, we can |
| figure out a way to make the fast path work. |
| |
| * runtime/JSArray.cpp: |
| (JSC::JSArray::shiftCountWithArrayStorage): |
| |
| 2018-10-15 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r237054. |
| https://bugs.webkit.org/show_bug.cgi?id=190593 |
| |
| "this regressed JetStream 2 by 6% on iOS" (Requested by |
| saamyjoon on #webkit). |
| |
| Reverted changeset: |
| |
| "[JSC] JSC should have "parseFunction" to optimize Function |
| constructor" |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| https://trac.webkit.org/changeset/237054 |
| |
| 2018-10-14 David Kilzer <ddkilzer@apple.com> |
| |
| REGRESSION (r237084): JavaScriptCore fails to build on Linux |
| <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10949> |
| |
| * llint/LLIntSettingsExtractor.cpp: Attempt to fix build by |
| including <stdio.h>. |
| |
| 2018-10-15 Alex Christensen <achristensen@webkit.org> |
| |
| Shrink more enum classes |
| https://bugs.webkit.org/show_bug.cgi?id=190540 |
| |
| Reviewed by Chris Dumez. |
| |
| * runtime/ConsoleTypes.h: |
| |
| 2018-10-15 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Disable DOMJIT on 32bit architecture |
| https://bugs.webkit.org/show_bug.cgi?id=190387 |
| |
| Reviewed by Mark Lam. |
| |
| We disable DOMJIT on 32bit architecture due to exhaustion of registers. |
| |
| * runtime/Options.h: |
| |
| 2018-10-15 Alex Christensen <achristensen@webkit.org> |
| |
| Include EnumTraits.h less |
| https://bugs.webkit.org/show_bug.cgi?id=190535 |
| |
| Reviewed by Chris Dumez. |
| |
| * runtime/ConsoleTypes.h: |
| |
| 2018-10-14 Mark Lam <mark.lam@apple.com> |
| |
| Gardening: Build fix after r237084. |
| https://bugs.webkit.org/show_bug.cgi?id=189708 |
| |
| Unreviewd. |
| |
| * llint/LLIntOffsetsExtractor.cpp: |
| |
| 2018-10-14 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Remove Option::useAsyncIterator |
| https://bugs.webkit.org/show_bug.cgi?id=190567 |
| |
| Reviewed by Saam Barati. |
| |
| Async iterator is enabled by default at 2017-08-09. It is already shipped in several releases, |
| and we can think that it is already mature. Let's drop the option `Option::useAsyncIterator`. |
| |
| * Configurations/FeatureDefines.xcconfig: |
| * bytecompiler/BytecodeGenerator.cpp: |
| (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon): |
| (JSC::BytecodeGenerator::emitNewFunction): |
| * parser/ASTBuilder.h: |
| (JSC::ASTBuilder::createFunctionMetadata): |
| * parser/Parser.cpp: |
| (JSC::Parser<LexerType>::parseForStatement): |
| (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration): |
| (JSC::Parser<LexerType>::parseClass): |
| (JSC::Parser<LexerType>::parseProperty): |
| (JSC::Parser<LexerType>::parseAsyncFunctionExpression): |
| * runtime/Options.h: |
| |
| 2018-10-14 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Remove Options::useObjectRestSpread |
| https://bugs.webkit.org/show_bug.cgi?id=190568 |
| |
| Reviewed by Saam Barati. |
| |
| Options::useObjectRestSpread is enabled by default at 2017-06-27. It is already shipped in several releases, |
| and we can think that it is mature. Let's drop Options::useObjectRestSpread() flag. |
| |
| * parser/Parser.cpp: |
| (JSC::Parser<LexerType>::Parser): |
| (JSC::Parser<LexerType>::parseDestructuringPattern): |
| (JSC::Parser<LexerType>::parseProperty): |
| * parser/Parser.h: |
| * runtime/Options.h: |
| |
| 2018-10-13 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] JSON.stringify can accept call-with-no-arguments |
| https://bugs.webkit.org/show_bug.cgi?id=190343 |
| |
| Reviewed by Mark Lam. |
| |
| JSON.stringify can accept `JSON.stringify()` call (call-with-no-arguments) according to the spec[1]. |
| Instead of throwing an error, we should take the first argument as `undefined` if it is not given. |
| |
| [1]: https://tc39.github.io/ecma262/#sec-json.stringify |
| |
| * runtime/JSONObject.cpp: |
| (JSC::JSONProtoFuncStringify): |
| |
| 2018-10-12 Tadeu Zagallo <tzagallo@apple.com> |
| |
| Gardening: Build fix after r237084. |
| https://bugs.webkit.org/show_bug.cgi?id=189708 |
| |
| Unreviewd. |
| |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| |
| 2018-10-12 Tadeu Zagallo <tzagallo@apple.com> |
| |
| Separate configuration extraction from offset extraction |
| https://bugs.webkit.org/show_bug.cgi?id=189708 |
| |
| Reviewed by Keith Miller. |
| |
| Instead of generating a file with all offsets for every combination of |
| configurations, we first generate a file with only the configuration |
| indices and pass that to the offset extractor. The offset extractor then |
| only generates the offsets for valid configurations |
| |
| * CMakeLists.txt: |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * llint/LLIntOffsetsExtractor.cpp: |
| (JSC::LLIntOffsetsExtractor::dummy): |
| * llint/LLIntSettingsExtractor.cpp: Added. |
| (main): |
| * offlineasm/generate_offset_extractor.rb: |
| * offlineasm/generate_settings_extractor.rb: Added. |
| * offlineasm/offsets.rb: |
| * offlineasm/settings.rb: |
| |
| 2018-10-12 Ryan Haddad <ryanhaddad@apple.com> |
| |
| Unreviewed, rolling out r237063. |
| |
| Caused layout test fast/dom/Window/window-postmessage-clone- |
| deep-array.html to fail on macOS and iOS Debug bots. |
| |
| Reverted changeset: |
| |
| "[JSC] Remove gcc warnings on mips and armv7" |
| https://bugs.webkit.org/show_bug.cgi?id=188598 |
| https://trac.webkit.org/changeset/237063 |
| |
| 2018-10-11 Guillaume Emont <guijemont@igalia.com> |
| |
| [JSC] Remove gcc warnings on mips and armv7 |
| https://bugs.webkit.org/show_bug.cgi?id=188598 |
| |
| Reviewed by Mark Lam. |
| |
| Fix many gcc/clang warnings that are false positives, mostly alignment |
| issues. |
| |
| * assembler/MacroAssemblerPrinter.cpp: |
| (JSC::Printer::printMemory): |
| Use bitwise_cast instead of reinterpret_cast. |
| * assembler/testmasm.cpp: |
| (JSC::floatOperands): |
| marked as potentially unused as it is not used on all platforms. |
| (JSC::testProbeModifiesStackValues): |
| modifiedFlags is not used on mips, so don't declare it. |
| * bytecode/CodeBlock.h: |
| Make ScriptExecutable::prepareForExecution() return an |
| std::optional<Exception*> instead of a JSObject*. |
| * interpreter/Interpreter.cpp: |
| (JSC::Interpreter::executeProgram): |
| (JSC::Interpreter::executeCall): |
| (JSC::Interpreter::executeConstruct): |
| (JSC::Interpreter::prepareForRepeatCall): |
| (JSC::Interpreter::execute): |
| (JSC::Interpreter::executeModuleProgram): |
| Update calling code for the prototype change of |
| ScriptExecutable::prepareForExecution(). |
| * jit/JITOperations.cpp: Same as for Interpreter.cpp. |
| * llint/LLIntSlowPaths.cpp: |
| (JSC::LLInt::setUpCall): Same as for Interpreter.cpp. |
| * runtime/JSBigInt.cpp: |
| (JSC::JSBigInt::dataStorage): |
| Use bitwise_cast instead of reinterpret_cast. |
| * runtime/ScriptExecutable.cpp: |
| * runtime/ScriptExecutable.h: |
| Make ScriptExecutable::prepareForExecution() return an |
| std::optional<Exception*> instead of a JSObject*. |
| * tools/JSDollarVM.cpp: |
| (JSC::codeBlockFromArg): Use bitwise_cast instead of reinterpret_cast. |
| |
| 2018-10-11 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| Use currentStackPointer more |
| https://bugs.webkit.org/show_bug.cgi?id=190503 |
| |
| Reviewed by Saam Barati. |
| |
| * runtime/VM.cpp: |
| (JSC::VM::committedStackByteCount): |
| |
| 2018-10-08 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] JSC should have "parseFunction" to optimize Function constructor |
| https://bugs.webkit.org/show_bug.cgi?id=190340 |
| |
| Reviewed by Mark Lam. |
| |
| The current Function constructor is suboptimal. We parse the piece of the same code three times to meet |
| the spec requirement. (1) check parameters syntax, (2) check body syntax, and (3) parse the entire function. |
| And to parse 1-3 correctly, we create two strings, the parameters and the entire function. This operation |
| is really costly and ideally we should meet the above requirement by the one time parsing. |
| |
| To meet the above requirement, we add a special function for Parser, parseSingleFunction. This function |
| takes `std::optional<int> functionConstructorParametersEndPosition` and check this end position is correct in the parser. |
| For example, if we run the code, |
| |
| Function('/*', '*/){') |
| |
| According to the spec, this should produce '/*' parameter string and '*/){' body string. And parameter |
| string should be syntax-checked by the parser, and raise the error since it is incorrect. Instead of doing |
| that, in our implementation, we first create the entire string. |
| |
| function anonymous(/*) { |
| */){ |
| } |
| |
| And we parse it. At that time, we also pass the end position of the parameters to the parser. In the above case, |
| the position of the `function anonymous(/*)' <> is passed. And in the parser, we check that the last token |
| offset of the parameters is the given end position. This check allows us to raise the error correctly to the |
| above example while we parse the entire function only once. And we do not need to create two strings too. |
| |
| This improves the performance of the Function constructor significantly. And web-tooling-benchmark/uglify-js is |
| significantly sped up (28.2%). |
| |
| Before: |
| uglify-js: 2.94 runs/s |
| After: |
| uglify-js: 3.77 runs/s |
| |
| * bytecode/UnlinkedFunctionExecutable.cpp: |
| (JSC::UnlinkedFunctionExecutable::fromGlobalCode): |
| * bytecode/UnlinkedFunctionExecutable.h: |
| * parser/Parser.cpp: |
| (JSC::Parser<LexerType>::parseInner): |
| (JSC::Parser<LexerType>::parseSingleFunction): |
| (JSC::Parser<LexerType>::parseFunctionInfo): |
| (JSC::Parser<LexerType>::parseFunctionDeclaration): |
| (JSC::Parser<LexerType>::parseAsyncFunctionDeclaration): |
| (JSC::Parser<LexerType>::parseClass): |
| (JSC::Parser<LexerType>::parsePropertyMethod): |
| (JSC::Parser<LexerType>::parseGetterSetter): |
| (JSC::Parser<LexerType>::parseFunctionExpression): |
| (JSC::Parser<LexerType>::parseAsyncFunctionExpression): |
| (JSC::Parser<LexerType>::parseArrowFunctionExpression): |
| * parser/Parser.h: |
| (JSC::Parser<LexerType>::parse): |
| (JSC::parse): |
| (JSC::parseFunctionForFunctionConstructor): |
| * parser/ParserModes.h: |
| * parser/ParserTokens.h: |
| (JSC::JSTextPosition::JSTextPosition): |
| (JSC::JSTokenLocation::JSTokenLocation): Deleted. |
| * parser/SourceCodeKey.h: |
| (JSC::SourceCodeKey::SourceCodeKey): |
| (JSC::SourceCodeKey::operator== const): |
| * runtime/CodeCache.cpp: |
| (JSC::CodeCache::getUnlinkedGlobalCodeBlock): |
| (JSC::CodeCache::getUnlinkedGlobalFunctionExecutable): |
| * runtime/CodeCache.h: |
| * runtime/FunctionConstructor.cpp: |
| (JSC::constructFunctionSkippingEvalEnabledCheck): |
| * runtime/FunctionExecutable.cpp: |
| (JSC::FunctionExecutable::fromGlobalCode): |
| * runtime/FunctionExecutable.h: |
| |
| 2018-10-11 Ross Kirsling <ross.kirsling@sony.com> |
| |
| Fix non-existent define `CPU(JSVALUE64)` |
| https://bugs.webkit.org/show_bug.cgi?id=190479 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| * jit/CCallHelpers.h: |
| (JSC::CCallHelpers::setupArgumentsImpl): |
| Correct CPU(JSVALUE64) to USE(JSVALUE64). |
| |
| 2018-10-11 Keith Rollin <krollin@apple.com> |
| |
| CURRENT_ARCH should not be used in Run Script phase. |
| https://bugs.webkit.org/show_bug.cgi?id=190407 |
| <rdar://problem/45133556> |
| |
| Reviewed by Alexey Proskuryakov. |
| |
| CURRENT_ARCH is used in a number of Xcode Run Script phases. However, |
| CURRENT_ARCH is not well-defined during this phase (and may even have |
| the value "undefined") since this phase is run just once per build |
| rather than once per supported architecture. Migrate away from |
| CURRENT_ARCH in favor of ARCHS, either by iterating over ARCHS and |
| performing an operation for each value, or by picking the first entry |
| in ARCHS and using that as a representative value. |
| |
| * JavaScriptCore.xcodeproj/project.pbxproj: Store |
| LLIntDesiredOffsets.h into a directory with a name based on ARCHS |
| rather than CURRENT_ARCH. |
| |
| 2018-10-10 Mark Lam <mark.lam@apple.com> |
| |
| Changes towards allowing use of the ASAN detect_stack_use_after_return option. |
| https://bugs.webkit.org/show_bug.cgi?id=190405 |
| <rdar://problem/45131464> |
| |
| Reviewed by Michael Saboff. |
| |
| The ASAN detect_stack_use_after_return option checks for use of stack variables |
| after they have been freed. It does this by allocating relevant stack variables |
| in heap memory (instead of on the stack) if the code ever takes the address of |
| those stack variables. Unfortunately, this is a common idiom that we use to |
| compute the approximate stack pointer value. As a result, on such ASAN runs, the |
| computed approximate stack pointer value will point into the heap instead of the |
| stack. This breaks the VM's expectations and wreaks havoc. |
| |
| To fix this, we use the newly introduced WTF::currentStackPointer() instead of |
| taking the address of stack variables. |
| |
| We also need to enhance ExceptionScopes to be able to work with ASAN |
| detect_stack_use_after_return which will allocated the scope in the heap. We |
| work around this by passing the current stack pointer of the instantiating calling |
| frame into the scope constructor, and using that for the position check in |
| ~ThrowScope() instead. |
| |
| The above is only a start towards enabling ASAN detect_stack_use_after_return on |
| the VM. There are still other issues to be resolved before we can run with this |
| ASAN option. |
| |
| * runtime/CatchScope.h: |
| * runtime/ExceptionEventLocation.h: |
| (JSC::ExceptionEventLocation::ExceptionEventLocation): |
| * runtime/ExceptionScope.h: |
| (JSC::ExceptionScope::stackPosition const): |
| * runtime/JSLock.cpp: |
| (JSC::JSLock::didAcquireLock): |
| * runtime/ThrowScope.cpp: |
| (JSC::ThrowScope::~ThrowScope): |
| * runtime/ThrowScope.h: |
| * runtime/VM.h: |
| (JSC::VM::needExceptionCheck const): |
| (JSC::VM::isSafeToRecurse const): |
| * wasm/js/WebAssemblyFunction.cpp: |
| (JSC::callWebAssemblyFunction): |
| * yarr/YarrPattern.cpp: |
| (JSC::Yarr::YarrPatternConstructor::isSafeToRecurse const): |
| |
| 2018-10-10 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: create special Network waterfall for media events |
| https://bugs.webkit.org/show_bug.cgi?id=189773 |
| <rdar://problem/44626605> |
| |
| Reviewed by Joseph Pecoraro. |
| |
| * inspector/protocol/DOM.json: |
| Add `didFireEvent` event that is fired when specific event listeners added by |
| `InspectorInstrumentation::addEventListenersToNode` are fired. |
| |
| 2018-10-10 Michael Saboff <msaboff@apple.com> |
| |
| Increase executable memory pool from 64MB to 128MB for ARM64 |
| https://bugs.webkit.org/show_bug.cgi?id=190453 |
| |
| Reviewed by Saam Barati. |
| |
| * jit/ExecutableAllocator.cpp: |
| |
| 2018-10-10 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: notify the frontend when a canvas has started recording via console.record |
| https://bugs.webkit.org/show_bug.cgi?id=190306 |
| |
| Reviewed by Brian Burg. |
| |
| * inspector/protocol/Canvas.json: |
| Add `recordingStarted` event. |
| |
| * inspector/protocol/Recording.json: |
| Add `Initiator` enum for determining who started the recording. |
| |
| 2018-10-10 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Rename createXXX to tryCreateXXX if it can return RefPtr |
| https://bugs.webkit.org/show_bug.cgi?id=190429 |
| |
| Reviewed by Saam Barati. |
| |
| Some createXXX functions can fail. But sometimes the caller does not perform error checking. |
| To make it explicit that these functions can fail, we rename these functions from createXXX |
| to tryCreateXXX. In this patch, we focus on non-JS-managed factory functions. If the factory |
| function does not fail, it should return Ref<>. Otherwise, it should be named as tryCreateXXX |
| and it should return RefPtr<>. |
| |
| This patch mainly focuses on TypedArray factory functions. Previously, these functions are |
| `RefPtr<XXXArray> create(...)`. This patch changes them to `RefPtr<XXXArray> tryCreate(...)`. |
| And we also introduce `Ref<XXXArray> create(...)` function which internally performs |
| RELEASE_ASSERT on the result of `tryCreate(...)`. |
| |
| And we also convert OpaqueJSString::create to OpaqueJSString::tryCreate since it can fail. |
| |
| This change actually finds one place which does not perform any null checkings while it uses |
| `RefPtr<> create(...)` function. |
| |
| * API/JSCallbackObjectFunctions.h: |
| (JSC::JSCallbackObject<Parent>::getOwnPropertySlot): |
| (JSC::JSCallbackObject<Parent>::put): |
| (JSC::JSCallbackObject<Parent>::putByIndex): |
| (JSC::JSCallbackObject<Parent>::deleteProperty): |
| (JSC::JSCallbackObject<Parent>::callbackGetter): |
| * API/JSClassRef.h: |
| (StaticValueEntry::StaticValueEntry): |
| * API/JSContext.mm: |
| (-[JSContext evaluateScript:withSourceURL:]): |
| (-[JSContext setName:]): |
| * API/JSContextRef.cpp: |
| (JSGlobalContextCopyName): |
| (JSContextCreateBacktrace): |
| * API/JSObjectRef.cpp: |
| (JSObjectCopyPropertyNames): |
| * API/JSScriptRef.cpp: |
| * API/JSStringRef.cpp: |
| (JSStringCreateWithCharactersNoCopy): |
| * API/JSValue.mm: |
| (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): |
| (+[JSValue valueWithNewErrorFromMessage:inContext:]): |
| (+[JSValue valueWithNewSymbolFromDescription:inContext:]): |
| (performPropertyOperation): |
| (-[JSValue invokeMethod:withArguments:]): |
| (containerValueToObject): |
| (objectToValueWithoutCopy): |
| (objectToValue): |
| * API/JSValueRef.cpp: |
| (JSValueCreateJSONString): |
| (JSValueToStringCopy): |
| * API/OpaqueJSString.cpp: |
| (OpaqueJSString::tryCreate): |
| (OpaqueJSString::create): Deleted. |
| * API/OpaqueJSString.h: |
| * API/glib/JSCContext.cpp: |
| (evaluateScriptInContext): |
| * API/glib/JSCValue.cpp: |
| (jsc_value_new_string_from_bytes): |
| * ftl/FTLLazySlowPath.h: |
| (JSC::FTL::LazySlowPath::createGenerator): |
| * ftl/FTLLazySlowPathCall.h: |
| (JSC::FTL::createLazyCallGenerator): |
| * ftl/FTLOSRExit.cpp: |
| (JSC::FTL::OSRExitDescriptor::emitOSRExit): |
| (JSC::FTL::OSRExitDescriptor::emitOSRExitLater): |
| (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle): |
| * ftl/FTLOSRExit.h: |
| * ftl/FTLPatchpointExceptionHandle.cpp: |
| (JSC::FTL::PatchpointExceptionHandle::create): |
| (JSC::FTL::PatchpointExceptionHandle::createHandle): |
| * ftl/FTLPatchpointExceptionHandle.h: |
| * heap/EdenGCActivityCallback.h: |
| (JSC::GCActivityCallback::tryCreateEdenTimer): |
| (JSC::GCActivityCallback::createEdenTimer): Deleted. |
| * heap/FullGCActivityCallback.h: |
| (JSC::GCActivityCallback::tryCreateFullTimer): |
| (JSC::GCActivityCallback::createFullTimer): Deleted. |
| * heap/GCActivityCallback.h: |
| * heap/Heap.cpp: |
| (JSC::Heap::Heap): |
| * inspector/AsyncStackTrace.cpp: |
| (Inspector::AsyncStackTrace::create): |
| * inspector/AsyncStackTrace.h: |
| * jsc.cpp: |
| (fillBufferWithContentsOfFile): |
| * runtime/ArrayBuffer.h: |
| * runtime/GenericTypedArrayView.h: |
| * runtime/GenericTypedArrayViewInlines.h: |
| (JSC::GenericTypedArrayView<Adaptor>::create): |
| (JSC::GenericTypedArrayView<Adaptor>::tryCreate): |
| (JSC::GenericTypedArrayView<Adaptor>::createUninitialized): |
| (JSC::GenericTypedArrayView<Adaptor>::tryCreateUninitialized): |
| (JSC::GenericTypedArrayView<Adaptor>::subarray const): |
| * runtime/JSArrayBufferView.cpp: |
| (JSC::JSArrayBufferView::possiblySharedImpl): |
| * runtime/JSGenericTypedArrayViewInlines.h: |
| (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl): |
| (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl): |
| * wasm/WasmMemory.cpp: |
| (JSC::Wasm::Memory::create): |
| (JSC::Wasm::Memory::tryCreate): |
| * wasm/WasmMemory.h: |
| * wasm/WasmTable.cpp: |
| (JSC::Wasm::Table::tryCreate): |
| (JSC::Wasm::Table::create): Deleted. |
| * wasm/WasmTable.h: |
| * wasm/js/JSWebAssemblyInstance.cpp: |
| (JSC::JSWebAssemblyInstance::create): |
| * wasm/js/JSWebAssemblyMemory.cpp: |
| (JSC::JSWebAssemblyMemory::JSWebAssemblyMemory): |
| * wasm/js/WebAssemblyMemoryConstructor.cpp: |
| (JSC::constructJSWebAssemblyMemory): |
| * wasm/js/WebAssemblyModuleRecord.cpp: |
| (JSC::WebAssemblyModuleRecord::link): |
| * wasm/js/WebAssemblyTableConstructor.cpp: |
| (JSC::constructJSWebAssemblyTable): |
| |
| 2018-10-09 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: show redirect requests in Network and Timelines tabs |
| https://bugs.webkit.org/show_bug.cgi?id=150005 |
| <rdar://problem/5378164> |
| |
| Reviewed by Joseph Pecoraro. |
| |
| * inspector/protocol/Network.json: |
| Add missing fields to `ResourceTiming`. |
| |
| 2018-10-09 Claudio Saavedra <csaavedra@igalia.com> |
| |
| [WPE] Explicitly link against gmodule where used |
| https://bugs.webkit.org/show_bug.cgi?id=190398 |
| |
| Reviewed by Michael Catanzaro. |
| |
| * PlatformWPE.cmake: |
| |
| 2018-10-08 Justin Fan <justin_fan@apple.com> |
| |
| WebGPU: Rename old WebGPU prototype to WebMetal |
| https://bugs.webkit.org/show_bug.cgi?id=190325 |
| <rdar://problem/44990443> |
| |
| Reviewed by Dean Jackson. |
| |
| Rename WebGPU prototype files to WebMetal in preparation for implementing the new (Oct 2018) WebGPU interface. |
| |
| * Configurations/FeatureDefines.xcconfig: |
| * inspector/protocol/Canvas.json: |
| * inspector/scripts/codegen/generator.py: |
| |
| 2018-10-08 Aditya Keerthi <akeerthi@apple.com> |
| |
| Make <input type=color> a runtime enabled (on-by-default) feature |
| https://bugs.webkit.org/show_bug.cgi?id=189162 |
| |
| Reviewed by Wenson Hsieh and Tim Horton. |
| |
| * Configurations/FeatureDefines.xcconfig: |
| |
| 2018-10-08 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: group media network entries by the node that triggered the request |
| https://bugs.webkit.org/show_bug.cgi?id=189606 |
| <rdar://problem/44438527> |
| |
| Reviewed by Brian Burg. |
| |
| * inspector/protocol/Network.json: |
| Add an optional `nodeId` field to the `Initiator` object that is set it is possible to |
| determine which ancestor node triggered the load. It may not correspond directly to the node |
| with the href/src, as that url may only be used by an ancestor for loading. |
| |
| 2018-10-07 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC][Linux] Use non-truncated name for JIT workers in Linux |
| https://bugs.webkit.org/show_bug.cgi?id=190339 |
| |
| Reviewed by Mark Lam. |
| |
| The current thread names are meaningless in Linux environment. We do not want to |
| have truncated name in Linux: we want to have clear name in Linux. Instead, we |
| should have the name for Linux separately from the name used in the non-Linux |
| environments. This patch adds FTLWorker, DFGWorker, and JITWorker names for |
| Linux environment. |
| |
| * dfg/DFGWorklist.cpp: |
| (JSC::DFG::createWorklistName): |
| (JSC::DFG::Worklist::Worklist): |
| (JSC::DFG::Worklist::create): |
| (JSC::DFG::ensureGlobalDFGWorklist): |
| (JSC::DFG::ensureGlobalFTLWorklist): |
| * dfg/DFGWorklist.h: |
| * jit/JITWorklist.cpp: |
| |
| 2018-10-07 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| Name Heap threads |
| https://bugs.webkit.org/show_bug.cgi?id=190337 |
| |
| Reviewed by Mark Lam. |
| |
| Name heap threads as "Heap Helper Thread". In Linux, we name it "HeapHelper" since |
| Linux does not accept the name longer than 15. We do not want to use the short name |
| for non-Linux environment. And we want to have clear name in Linux: truncated name |
| is not good. So, having the two names is the only way. |
| |
| * heap/HeapHelperPool.cpp: |
| (JSC::heapHelperPool): |
| |
| 2018-10-07 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Avoid creating ProgramExecutable in checkSyntax |
| https://bugs.webkit.org/show_bug.cgi?id=190332 |
| |
| Reviewed by Mark Lam. |
| |
| uglify-js in web-tooling-benchmark executes massive number of Function constructor calls. |
| In Function constructor code, we perform checkSyntax for body and parameters. So fast checkSyntax |
| is important when the performance of Function constructor matters. Current checkSyntax code |
| unnecessarily allocates ProgramExecutable. This patch removes this allocation and improves |
| the benchmark score slightly. |
| |
| Before: |
| uglify-js: 2.87 runs/s |
| After: |
| uglify-js: 2.94 runs/s |
| |
| * runtime/Completion.cpp: |
| (JSC::checkSyntaxInternal): |
| (JSC::checkSyntax): |
| * runtime/ProgramExecutable.cpp: |
| (JSC::ProgramExecutable::checkSyntax): Deleted. |
| * runtime/ProgramExecutable.h: |
| |
| 2018-10-06 Caio Lima <ticaiolima@gmail.com> |
| |
| [ESNext][BigInt] Implement support for "|" |
| https://bugs.webkit.org/show_bug.cgi?id=186229 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| This patch is introducing support for BigInt into bitwise "or" operator. |
| In addition, we are also introducing 2 new DFG nodes, named "ArithBitOr" and |
| "ValueBitOr", to replace "BitOr" node. The idea is to follow the |
| difference that we make on Arith<op> and Value<op>, where ArithBitOr |
| handles cases when the operands are Int32 and ValueBitOr handles |
| the remaining cases. |
| |
| We are also changing op_bitor to use ValueProfile. We are using |
| ValueProfile during DFG generation to emit "ArithBitOr" when |
| outcome prediction is Int32. |
| |
| * bytecode/CodeBlock.cpp: |
| (JSC::CodeBlock::finishCreation): |
| (JSC::CodeBlock::arithProfileForPC): |
| * bytecompiler/BytecodeGenerator.cpp: |
| (JSC::BytecodeGenerator::emitBinaryOp): |
| * dfg/DFGAbstractInterpreterInlines.h: |
| (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): |
| * dfg/DFGBackwardsPropagationPhase.cpp: |
| (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo): |
| (JSC::DFG::BackwardsPropagationPhase::propagate): |
| * dfg/DFGByteCodeParser.cpp: |
| (JSC::DFG::ByteCodeParser::parseBlock): |
| * dfg/DFGClobberize.h: |
| (JSC::DFG::clobberize): |
| * dfg/DFGDoesGC.cpp: |
| (JSC::DFG::doesGC): |
| * dfg/DFGFixupPhase.cpp: |
| (JSC::DFG::FixupPhase::fixupNode): |
| * dfg/DFGNodeType.h: |
| * dfg/DFGOperations.cpp: |
| (JSC::DFG::bitwiseOp): |
| * dfg/DFGOperations.h: |
| * dfg/DFGPredictionPropagationPhase.cpp: |
| * dfg/DFGSafeToExecute.h: |
| (JSC::DFG::safeToExecute): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp): |
| (JSC::DFG::SpeculativeJIT::compileBitwiseOp): |
| * dfg/DFGSpeculativeJIT.h: |
| (JSC::DFG::SpeculativeJIT::bitOp): |
| * dfg/DFGSpeculativeJIT32_64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGSpeculativeJIT64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGStrengthReductionPhase.cpp: |
| (JSC::DFG::StrengthReductionPhase::handleNode): |
| * ftl/FTLCapabilities.cpp: |
| (JSC::FTL::canCompile): |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compileNode): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueBitOr): |
| (JSC::FTL::DFG::LowerDFGToB3::compileArithBitOr): |
| (JSC::FTL::DFG::LowerDFGToB3::compileBitOr): Deleted. |
| * jit/JITArithmetic.cpp: |
| (JSC::JIT::emit_op_bitor): |
| * llint/LowLevelInterpreter32_64.asm: |
| * llint/LowLevelInterpreter64.asm: |
| * runtime/CommonSlowPaths.cpp: |
| (JSC::SLOW_PATH_DECL): |
| * runtime/JSBigInt.cpp: |
| (JSC::JSBigInt::bitwiseAnd): |
| (JSC::JSBigInt::bitwiseOr): |
| (JSC::JSBigInt::absoluteBitwiseOp): |
| (JSC::JSBigInt::absoluteAddOne): |
| * runtime/JSBigInt.h: |
| |
| 2018-10-05 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Use new extra memory reporting in SparseArrayMap |
| https://bugs.webkit.org/show_bug.cgi?id=190278 |
| |
| Reviewed by Keith Miller. |
| |
| This patch switches the extra memory reporting mechanism from deprecatedReportExtraMemory |
| to reportExtraMemoryAllocated & reportExtraMemoryVisited in SparseArrayMap. |
| |
| * runtime/SparseArrayValueMap.cpp: |
| (JSC::SparseArrayValueMap::add): |
| (JSC::SparseArrayValueMap::visitChildren): |
| |
| 2018-10-05 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC][Linux] Support Perf JITDump logging |
| https://bugs.webkit.org/show_bug.cgi?id=189893 |
| |
| Reviewed by Mark Lam. |
| |
| This patch adds Linux `perf` command's JIT Dump support. It allows JSC to tell perf about JIT code information. |
| We add a command line option, `--logJITCodeForPerf`, which dumps `jit-%pid.dump` in the current directory. |
| By using this dump and perf.data output, we can annotate JIT code with profiling information. |
| |
| $ echo "(function f() { var s = 0; for (var i = 0; i < 1000000000; i++) { s += i; } return s; })();" > test.js |
| $ perf record -k mono ../../WebKitBuild/perf/Release/bin/jsc test.js --logJITCodeForPerf=true |
| [ perf record: Woken up 1 times to write data ] |
| [ perf record: Captured and wrote 0.182 MB perf.data (4346 samples) ] |
| $ perf inject --jit -i perf.data -o perf.jit.data |
| $ perf report -i perf.jit.data |
| |
| * Sources.txt: |
| * assembler/LinkBuffer.cpp: |
| (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl): |
| * assembler/LinkBuffer.h: |
| (JSC::LinkBuffer::finalizeCodeWithDisassembly): |
| * assembler/PerfLog.cpp: Added. |
| (JSC::PerfLog::singleton): |
| (JSC::generateTimestamp): |
| (JSC::getCurrentThreadID): |
| (JSC::PerfLog::PerfLog): |
| (JSC::PerfLog::write): |
| (JSC::PerfLog::flush): |
| (JSC::PerfLog::log): |
| * assembler/PerfLog.h: Added. |
| * jit/ExecutableAllocator.cpp: |
| (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): |
| * runtime/Options.cpp: |
| (JSC::Options::isAvailable): |
| * runtime/Options.h: |
| |
| 2018-10-05 Mark Lam <mark.lam@apple.com> |
| |
| Gardening: Build fix after r236880. |
| https://bugs.webkit.org/show_bug.cgi?id=190317 |
| |
| Unreviewed. |
| |
| * jit/ExecutableAllocator.h: |
| |
| 2018-10-05 Mark Lam <mark.lam@apple.com> |
| |
| performJITMemcpy() should handle the case when the executable allocator is not initialized yet. |
| https://bugs.webkit.org/show_bug.cgi?id=190317 |
| <rdar://problem/45039398> |
| |
| Reviewed by Saam Barati. |
| |
| When SeparatedWXHeaps is in use, jitWriteThunkGenerator() will call performJITMemcpy() |
| to copy memory before the JIT fixed memory pool is initialize. Before r236864, |
| performJITMemcpy() would just do a memcpy in that case. We need to restore the |
| equivalent behavior. |
| |
| * jit/ExecutableAllocator.cpp: |
| (JSC::isJITPC): |
| * jit/ExecutableAllocator.h: |
| (JSC::performJITMemcpy): |
| |
| 2018-10-05 Carlos Eduardo Ramalho <cadubentzen@gmail.com> |
| |
| [WPE][JSC] Use Unified Sources for Platform-specific sources |
| https://bugs.webkit.org/show_bug.cgi?id=190300 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| Currently the GTK port already used Unified Sources with the same source files. |
| As WPE has conditional code using gmodule, we need to add GLIB_GMODULE_LIBRARIES |
| to the list of libraries to link with. |
| |
| * PlatformWPE.cmake: |
| * SourcesWPE.txt: Added. |
| * shell/PlatformWPE.cmake: |
| |
| 2018-10-05 Mike Gorse <mgorse@alum.wpi.edu> |
| |
| [GTK] build fails with python 3 if LANG and LC_TYPE are unset |
| https://bugs.webkit.org/show_bug.cgi?id=190258 |
| |
| Reviewed by Konstantin Tokarev. |
| |
| * Scripts/cssmin.py: Set stdout to UTF-8 on python 3. |
| * Scripts/generateIntlCanonicalizeLanguage.py: Open files with |
| encoding=UTF-8 on Python 3. |
| * yarr/generateYarrCanonicalizeUnicode: Ditto. |
| * yarr/generateYarrUnicodePropertyTables.py: Ditto. |
| |
| 2018-10-04 Mark Lam <mark.lam@apple.com> |
| |
| Move start/EndOfFixedExecutableMemoryPool pointers into the FixedVMPoolExecutableAllocator object. |
| https://bugs.webkit.org/show_bug.cgi?id=190295 |
| <rdar://problem/19197193> |
| |
| Reviewed by Saam Barati. |
| |
| This allows us to use the tagging logic already baked into MacroAssemblerCodePtr |
| instead of needing to use our own custom version here. |
| |
| * jit/ExecutableAllocator.cpp: |
| (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): |
| (JSC::FixedVMPoolExecutableAllocator::memoryStart): |
| (JSC::FixedVMPoolExecutableAllocator::memoryEnd): |
| (JSC::FixedVMPoolExecutableAllocator::isJITPC): |
| (JSC::ExecutableAllocator::allocate): |
| (JSC::startOfFixedExecutableMemoryPoolImpl): |
| (JSC::endOfFixedExecutableMemoryPoolImpl): |
| (JSC::isJITPC): |
| * jit/ExecutableAllocator.h: |
| |
| 2018-10-04 Mark Lam <mark.lam@apple.com> |
| |
| Disable Options::useWebAssemblyFastMemory() on linux if ASAN signal handling is not disabled. |
| https://bugs.webkit.org/show_bug.cgi?id=190283 |
| <rdar://problem/45015752> |
| |
| Reviewed by Keith Miller. |
| |
| * runtime/Options.cpp: |
| (JSC::Options::initialize): |
| * wasm/WasmFaultSignalHandler.cpp: |
| (JSC::Wasm::enableFastMemory): |
| |
| 2018-10-03 Ross Kirsling <ross.kirsling@sony.com> |
| |
| [JSC] print() changes CRLF to CRCRLF on Windows |
| https://bugs.webkit.org/show_bug.cgi?id=190228 |
| |
| Reviewed by Mark Lam. |
| |
| * jsc.cpp: |
| (main): |
| Ultimately, this is just the normal behavior of printf in text mode on Windows. |
| Since we're reading in files as binary, we need to be printing out as binary too |
| (just as we do in DumpRenderTree and ImageDiff.) |
| |
| 2018-10-03 Saam barati <sbarati@apple.com> |
| |
| lowXYZ in FTLLower should always filter the type of the incoming edge |
| https://bugs.webkit.org/show_bug.cgi?id=189939 |
| <rdar://problem/44407030> |
| |
| Reviewed by Michael Saboff. |
| |
| For example, the FTL may know more about data flow than AI in certain programs, |
| and it needs to inform AI of these data flow properties to appease the assertion |
| we have in AI that a node must perform type checks on its child nodes. |
| |
| For example, consider this program: |
| |
| ``` |
| bb#1 |
| a: Phi // Let's say it has an Int32 result, so it goes into the int32 hash table in FTLLower |
| Branch(..., #2, #3) |
| |
| bb#2 |
| ArrayifyToStructure(Cell:@a) // This modifies @a to have the its previous type union the type of some structure set. |
| Jump(#3) |
| |
| bb#3 |
| c: Add(Int32:@something, Int32:@a) |
| ``` |
| |
| When the Add node does lowInt32() for @a, FTL lower used to just grab it |
| from the int32 hash table without filtering the AbstractValue. However, |
| the parent node is asking for a type check to happen, so we must inform |
| AI of this "type check" if we want to appease the assertion that all nodes |
| perform type checks for their edges that semantically perform type checks. |
| This patch makes it so we filter the AbstractValue in the lowXYZ even |
| if FTLLower proved the value must be XYZ. |
| |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compilePhi): |
| (JSC::FTL::DFG::LowerDFGToB3::simulatedTypeCheck): |
| (JSC::FTL::DFG::LowerDFGToB3::lowInt32): |
| (JSC::FTL::DFG::LowerDFGToB3::lowCell): |
| (JSC::FTL::DFG::LowerDFGToB3::lowBoolean): |
| |
| 2018-10-03 Michael Saboff <msaboff@apple.com> |
| |
| Command line jsc should report memory footprint in bytes |
| https://bugs.webkit.org/show_bug.cgi?id=190267 |
| |
| Reviewed by Mark Lam. |
| |
| Change to leave the footprint values from the system unmodified. |
| |
| * jsc.cpp: |
| (JSCMemoryFootprint::finishCreation): |
| |
| 2018-10-03 Mark Lam <mark.lam@apple.com> |
| |
| Suppress unreachable code warning for LLIntAssembly.h code. |
| https://bugs.webkit.org/show_bug.cgi?id=190263 |
| <rdar://problem/44986532> |
| |
| Reviewed by Saam Barati. |
| |
| This is needed because LLIntAssembly.h is template generated from LowLevelInterpreter |
| asm files, and may contain dead code which are harmless, but will trip up the warning. |
| We should suppress the warning so that it doesn't break builds. |
| |
| * llint/LowLevelInterpreter.cpp: |
| (JSC::CLoop::execute): |
| |
| 2018-10-03 Dan Bernstein <mitz@apple.com> |
| |
| JavaScriptCore part of [Xcode] Update some build settings as recommended by Xcode 10 |
| https://bugs.webkit.org/show_bug.cgi?id=190250 |
| |
| Reviewed by Alex Christensen. |
| |
| * API/tests/Regress141275.mm: |
| (-[JSTEvaluator _sourcePerform]): Addressed newly-enabled CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF |
| by making the self-retaining explicit. |
| |
| * API/tests/testapi.cpp: |
| (testCAPIViaCpp): Addressed newly-enabled CLANG_WARN_UNREACHABLE_CODE by breaking out of the |
| loop instead of returning from the lambda. |
| |
| * Configurations/Base.xcconfig: Enabled CLANG_WARN_COMMA, CLANG_WARN_UNREACHABLE_CODE, |
| CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS, CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF, and |
| CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED. |
| |
| * JavaScriptCore.xcodeproj/project.pbxproj: Removed a duplicate reference to |
| UnlinkedFunctionExecutable.h, and let Xcode update the project file. |
| |
| * assembler/MacroAssemblerPrinter.cpp: |
| (JSC::Printer::printAllRegisters): Addressed newly-enabled CLANG_WARN_COMMA by replacing |
| some commas with semicolons. |
| |
| 2018-10-03 Mark Lam <mark.lam@apple.com> |
| |
| Make string MaxLength for all WTF and JS strings consistently equal to INT_MAX. |
| https://bugs.webkit.org/show_bug.cgi?id=190187 |
| <rdar://problem/42512909> |
| |
| Reviewed by Michael Saboff. |
| |
| Allowing different max string lengths at each level opens up opportunities for |
| bugs to creep in. With 2 different max length values, it is more difficult to |
| keep the story straight on how we do overflow / bounds checks at each place in |
| the code. It's also difficult to tell if a seemingly valid check at the WTF level |
| will have bad ramifications at the JSC level. Also, it's also not meaningful to |
| support a max length > INT_MAX. To eliminate this class of bugs, we'll |
| standardize on a MaxLength of INT_MAX at all levels. |
| |
| We'll also standardize the way we do length overflow checks on using |
| CheckedArithmetic, and add some asserts to document the assumptions of the code. |
| |
| * runtime/FunctionConstructor.cpp: |
| (JSC::constructFunctionSkippingEvalEnabledCheck): |
| - Fix OOM error handling which crashed a test after the new MaxLength was applied. |
| * runtime/JSString.h: |
| (JSC::JSString::finishCreation): |
| (JSC::JSString::createHasOtherOwner): |
| (JSC::JSString::setLength): |
| * runtime/JSStringInlines.h: |
| (JSC::jsMakeNontrivialString): |
| * runtime/Operations.h: |
| (JSC::jsString): |
| |
| 2018-10-03 Koby Boyango <koby.b@mce-sys.com> |
| |
| [JSC] Add a C++ callable overload of objectConstructorSeal |
| https://bugs.webkit.org/show_bug.cgi?id=190137 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| * runtime/ObjectConstructor.cpp: |
| * runtime/ObjectConstructor.h: |
| |
| 2018-10-02 Dominik Infuehr <dinfuehr@igalia.com> |
| |
| Fix Disassembler-output on ARM Thumb2 |
| https://bugs.webkit.org/show_bug.cgi?id=190203 |
| |
| On ARMv7 with Thumb2 addresses have bit 0 set to 1 to force |
| execution in thumb mode for jumps and calls. The actual machine |
| instructions are still aligned to 2-bytes though. Use dataLocation() as |
| start address for disassembling since it unsets the thumb bit. |
| Until now the disassembler would start at the wrong address (off by 1), |
| resulting in the wrong disassembled machine instructions. |
| |
| Reviewed by Mark Lam. |
| |
| * disassembler/CapstoneDisassembler.cpp: |
| (JSC::tryToDisassemble): |
| |
| 2018-10-02 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Add stub of ExecutableAllocator used when JIT is disabled |
| https://bugs.webkit.org/show_bug.cgi?id=190215 |
| |
| Reviewed by Mark Lam. |
| |
| When ENABLE(JIT) is disabled, we do not use JIT. But we ExecutableAllocator is still available since |
| it is guarded by ENABLE(ASSEMBLER). ENABLE(ASSEMBLER) is necessary for LLInt ASM interpreter since |
| our MacroAssembler tells machine architecture information. Eventually, we would like to decouple |
| this machine architecture information from MacroAssembler. But for now, we use ENABLE(ASSEMBLER) |
| for LLInt ASM interpreter even if JIT is disabled by ENABLE(JIT). |
| |
| To ensure any executable memory allocation is not done, we add a stub of ExecutableAllocator for |
| non-JIT configurations. This does not have any functionality allocating executable memory, thus |
| any accidental operation cannot attempt to allocate executable memory if ENABLE(JIT) = OFF. |
| |
| * jit/ExecutableAllocator.cpp: |
| (JSC::ExecutableAllocator::initializeAllocator): |
| (JSC::ExecutableAllocator::singleton): |
| * jit/ExecutableAllocator.h: |
| (JSC::ExecutableAllocator::isValid const): |
| (JSC::ExecutableAllocator::underMemoryPressure): |
| (JSC::ExecutableAllocator::memoryPressureMultiplier): |
| (JSC::ExecutableAllocator::dumpProfile): |
| (JSC::ExecutableAllocator::allocate): |
| (JSC::ExecutableAllocator::isValidExecutableMemory): |
| (JSC::ExecutableAllocator::committedByteCount): |
| (JSC::ExecutableAllocator::getLock const): |
| (JSC::performJITMemcpy): |
| |
| 2018-10-01 Dean Jackson <dino@apple.com> |
| |
| Remove CSS Animation Triggers |
| https://bugs.webkit.org/show_bug.cgi?id=190175 |
| <rdar://problem/44925626> |
| |
| Reviewed by Simon Fraser. |
| |
| * Configurations/FeatureDefines.xcconfig: |
| |
| 2018-10-02 Caio Lima <ticaiolima@gmail.com> |
| |
| [BigInt] BigInt.proptotype.toString is broken when radix is power of 2 |
| https://bugs.webkit.org/show_bug.cgi?id=190033 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| The implementation of JSBigInt::toStringToGeneric doesn't handle power |
| of 2 radix when JSBigInt length is >= 2. To handle such cases, we |
| implemented JSBigInt::toStringBasePowerOfTwo that follows the |
| algorithm that groups bits using mask of (2 ^ n) - 1 to extract every |
| digit. |
| |
| * runtime/JSBigInt.cpp: |
| (JSC::JSBigInt::toString): |
| (JSC::JSBigInt::toStringBasePowerOfTwo): |
| * runtime/JSBigInt.h: |
| |
| 2018-10-01 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Add branchIfNaN and branchIfNotNaN |
| https://bugs.webkit.org/show_bug.cgi?id=190122 |
| |
| Reviewed by Mark Lam. |
| |
| Add AssemblyHelpers::{branchIfNaN, branchIfNotNaN} to make code more readable. |
| |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileDoublePutByVal): |
| (JSC::DFG::SpeculativeJIT::compileDoubleRep): |
| (JSC::DFG::SpeculativeJIT::getIntTypedArrayStoreOperand): |
| (JSC::DFG::SpeculativeJIT::compileSpread): |
| (JSC::DFG::SpeculativeJIT::compileNewArray): |
| (JSC::DFG::SpeculativeJIT::speculateRealNumber): |
| (JSC::DFG::SpeculativeJIT::speculateDoubleRepReal): |
| (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey): |
| (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty): |
| * dfg/DFGSpeculativeJIT32_64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGSpeculativeJIT64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * jit/AssemblyHelpers.cpp: |
| (JSC::AssemblyHelpers::purifyNaN): |
| * jit/AssemblyHelpers.h: |
| (JSC::AssemblyHelpers::branchIfNaN): |
| (JSC::AssemblyHelpers::branchIfNotNaN): |
| * jit/JITPropertyAccess.cpp: |
| (JSC::JIT::emitGenericContiguousPutByVal): |
| (JSC::JIT::emitDoubleLoad): |
| (JSC::JIT::emitFloatTypedArrayGetByVal): |
| * jit/JITPropertyAccess32_64.cpp: |
| (JSC::JIT::emitGenericContiguousPutByVal): |
| * wasm/js/JSToWasm.cpp: |
| (JSC::Wasm::createJSToWasmWrapper): |
| |
| 2018-10-01 Mark Lam <mark.lam@apple.com> |
| |
| Function.toString() should also copy the source code Functions that are class definitions. |
| https://bugs.webkit.org/show_bug.cgi?id=190186 |
| <rdar://problem/44733360> |
| |
| Reviewed by Saam Barati. |
| |
| Previously, if the Function is a class definition, functionProtoFuncToString() |
| would create a String using StringView::toStringWithoutCopying(), and use that |
| String to make a JSString. This is not a problem if the underlying SourceProvider |
| (that backs the characters in that StringView) is immortal. However, this is |
| not always the case in practice. |
| |
| This patch fixes this issue by changing functionProtoFuncToString() to create the |
| String using StringView::toString() instead, which makes a copy of the underlying |
| characters buffer. This detaches the resultant JSString from the SourceProvider |
| characters buffer that it was created from, and ensure that the underlying |
| characters buffer of the string will be alive for the entire lifetime of the |
| JSString. |
| |
| * runtime/FunctionPrototype.cpp: |
| (JSC::functionProtoFuncToString): |
| |
| 2018-10-01 Keith Miller <keith_miller@apple.com> |
| |
| Create a RELEASE_AND_RETURN macro for ExceptionScopes |
| https://bugs.webkit.org/show_bug.cgi?id=190163 |
| |
| Reviewed by Mark Lam. |
| |
| The new RELEASE_AND_RETURN does all the work for cases |
| where you want to return the result of some expression |
| without explicitly checking for an exception. This is |
| much like the existing RETURN_IF_EXCEPTION macro. |
| |
| * dfg/DFGOperations.cpp: |
| (JSC::DFG::newTypedArrayWithSize): |
| * interpreter/Interpreter.cpp: |
| (JSC::eval): |
| * jit/JITOperations.cpp: |
| (JSC::getByVal): |
| * jsc.cpp: |
| (functionDollarAgentReceiveBroadcast): |
| * llint/LLIntSlowPaths.cpp: |
| (JSC::LLInt::setUpCall): |
| (JSC::LLInt::LLINT_SLOW_PATH_DECL): |
| (JSC::LLInt::varargsSetup): |
| * profiler/ProfilerDatabase.cpp: |
| (JSC::Profiler::Database::toJSON const): |
| * runtime/AbstractModuleRecord.cpp: |
| (JSC::AbstractModuleRecord::hostResolveImportedModule): |
| * runtime/ArrayConstructor.cpp: |
| (JSC::constructArrayWithSizeQuirk): |
| * runtime/ArrayPrototype.cpp: |
| (JSC::getProperty): |
| (JSC::fastJoin): |
| (JSC::arrayProtoFuncToString): |
| (JSC::arrayProtoFuncToLocaleString): |
| (JSC::arrayProtoFuncJoin): |
| (JSC::arrayProtoFuncPop): |
| (JSC::arrayProtoPrivateFuncConcatMemcpy): |
| * runtime/BigIntConstructor.cpp: |
| (JSC::toBigInt): |
| * runtime/CommonSlowPaths.h: |
| (JSC::CommonSlowPaths::opInByVal): |
| * runtime/ConstructData.cpp: |
| (JSC::construct): |
| * runtime/DateConstructor.cpp: |
| (JSC::dateParse): |
| * runtime/DatePrototype.cpp: |
| (JSC::dateProtoFuncToPrimitiveSymbol): |
| * runtime/DirectArguments.h: |
| * runtime/ErrorConstructor.cpp: |
| (JSC::Interpreter::constructWithErrorConstructor): |
| * runtime/ErrorPrototype.cpp: |
| (JSC::errorProtoFuncToString): |
| * runtime/ExceptionScope.h: |
| * runtime/FunctionConstructor.cpp: |
| (JSC::constructFunction): |
| * runtime/FunctionPrototype.cpp: |
| (JSC::functionProtoFuncToString): |
| * runtime/GenericArgumentsInlines.h: |
| (JSC::GenericArguments<Type>::defineOwnProperty): |
| * runtime/GetterSetter.cpp: |
| (JSC::callGetter): |
| * runtime/IntlCollatorConstructor.cpp: |
| (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): |
| * runtime/IntlCollatorPrototype.cpp: |
| (JSC::IntlCollatorFuncCompare): |
| (JSC::IntlCollatorPrototypeFuncResolvedOptions): |
| * runtime/IntlDateTimeFormatConstructor.cpp: |
| (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): |
| * runtime/IntlDateTimeFormatPrototype.cpp: |
| (JSC::IntlDateTimeFormatFuncFormatDateTime): |
| (JSC::IntlDateTimeFormatPrototypeFuncFormatToParts): |
| (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): |
| * runtime/IntlNumberFormatConstructor.cpp: |
| (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): |
| * runtime/IntlNumberFormatPrototype.cpp: |
| (JSC::IntlNumberFormatFuncFormatNumber): |
| (JSC::IntlNumberFormatPrototypeFuncFormatToParts): |
| (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): |
| * runtime/IntlObject.cpp: |
| (JSC::intlNumberOption): |
| * runtime/IntlObjectInlines.h: |
| (JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor): |
| * runtime/IntlPluralRules.cpp: |
| (JSC::IntlPluralRules::resolvedOptions): |
| * runtime/IntlPluralRulesConstructor.cpp: |
| (JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf): |
| * runtime/IntlPluralRulesPrototype.cpp: |
| (JSC::IntlPluralRulesPrototypeFuncSelect): |
| (JSC::IntlPluralRulesPrototypeFuncResolvedOptions): |
| * runtime/JSArray.cpp: |
| (JSC::JSArray::defineOwnProperty): |
| (JSC::JSArray::put): |
| (JSC::JSArray::setLength): |
| (JSC::JSArray::unshiftCountWithAnyIndexingType): |
| * runtime/JSArrayBufferPrototype.cpp: |
| (JSC::arrayBufferProtoGetterFuncByteLength): |
| (JSC::sharedArrayBufferProtoGetterFuncByteLength): |
| * runtime/JSArrayInlines.h: |
| (JSC::toLength): |
| * runtime/JSBoundFunction.cpp: |
| (JSC::boundFunctionCall): |
| (JSC::boundFunctionConstruct): |
| * runtime/JSCJSValue.cpp: |
| (JSC::JSValue::putToPrimitive): |
| * runtime/JSCJSValueInlines.h: |
| (JSC::JSValue::toIndex const): |
| (JSC::JSValue::toPropertyKey const): |
| (JSC::JSValue::get const): |
| (JSC::JSValue::getPropertySlot const): |
| (JSC::JSValue::getOwnPropertySlot const): |
| (JSC::JSValue::equalSlowCaseInline): |
| * runtime/JSDataView.cpp: |
| (JSC::JSDataView::put): |
| (JSC::JSDataView::defineOwnProperty): |
| * runtime/JSFunction.cpp: |
| (JSC::JSFunction::put): |
| (JSC::JSFunction::defineOwnProperty): |
| * runtime/JSGenericTypedArrayViewConstructorInlines.h: |
| (JSC::constructGenericTypedArrayViewWithArguments): |
| (JSC::constructGenericTypedArrayView): |
| * runtime/JSGenericTypedArrayViewInlines.h: |
| (JSC::JSGenericTypedArrayView<Adaptor>::set): |
| (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty): |
| * runtime/JSGenericTypedArrayViewPrototypeFunctions.h: |
| (JSC::speciesConstruct): |
| (JSC::genericTypedArrayViewProtoFuncJoin): |
| (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate): |
| * runtime/JSGlobalObject.cpp: |
| (JSC::JSGlobalObject::put): |
| * runtime/JSGlobalObjectFunctions.cpp: |
| (JSC::decode): |
| (JSC::globalFuncEval): |
| (JSC::globalFuncProtoGetter): |
| * runtime/JSInternalPromise.cpp: |
| (JSC::JSInternalPromise::then): |
| * runtime/JSModuleEnvironment.cpp: |
| (JSC::JSModuleEnvironment::put): |
| * runtime/JSModuleLoader.cpp: |
| (JSC::JSModuleLoader::provideFetch): |
| (JSC::JSModuleLoader::loadAndEvaluateModule): |
| (JSC::JSModuleLoader::loadModule): |
| (JSC::JSModuleLoader::linkAndEvaluateModule): |
| (JSC::JSModuleLoader::requestImportModule): |
| (JSC::JSModuleLoader::getModuleNamespaceObject): |
| (JSC::moduleLoaderRequestedModules): |
| * runtime/JSONObject.cpp: |
| (JSC::Stringifier::stringify): |
| (JSC::Stringifier::toJSON): |
| (JSC::Walker::walk): |
| (JSC::JSONProtoFuncStringify): |
| * runtime/JSObject.cpp: |
| (JSC::ordinarySetSlow): |
| (JSC::JSObject::putInlineSlow): |
| (JSC::JSObject::toPrimitive const): |
| (JSC::JSObject::hasInstance): |
| (JSC::JSObject::toNumber const): |
| (JSC::JSObject::defineOwnIndexedProperty): |
| (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage): |
| (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): |
| (JSC::JSObject::defineOwnNonIndexProperty): |
| * runtime/JSObject.h: |
| (JSC::JSObject::get const): |
| * runtime/JSObjectInlines.h: |
| (JSC::JSObject::getPropertySlot const): |
| (JSC::JSObject::putInlineForJSObject): |
| * runtime/MapConstructor.cpp: |
| (JSC::constructMap): |
| * runtime/NativeErrorConstructor.cpp: |
| (JSC::Interpreter::constructWithNativeErrorConstructor): |
| * runtime/ObjectConstructor.cpp: |
| (JSC::constructObject): |
| (JSC::objectConstructorGetPrototypeOf): |
| (JSC::objectConstructorGetOwnPropertyDescriptor): |
| (JSC::objectConstructorGetOwnPropertyDescriptors): |
| (JSC::objectConstructorGetOwnPropertyNames): |
| (JSC::objectConstructorGetOwnPropertySymbols): |
| (JSC::objectConstructorKeys): |
| (JSC::objectConstructorDefineProperty): |
| (JSC::objectConstructorDefineProperties): |
| (JSC::objectConstructorCreate): |
| * runtime/ObjectPrototype.cpp: |
| (JSC::objectProtoFuncToLocaleString): |
| (JSC::objectProtoFuncToString): |
| * runtime/Operations.cpp: |
| (JSC::jsAddSlowCase): |
| * runtime/Operations.h: |
| (JSC::jsString): |
| (JSC::jsLess): |
| (JSC::jsLessEq): |
| * runtime/ParseInt.h: |
| (JSC::toStringView): |
| * runtime/ProxyConstructor.cpp: |
| (JSC::constructProxyObject): |
| * runtime/ProxyObject.cpp: |
| (JSC::ProxyObject::toStringName): |
| (JSC::performProxyGet): |
| (JSC::ProxyObject::performInternalMethodGetOwnProperty): |
| (JSC::ProxyObject::performHasProperty): |
| (JSC::ProxyObject::getOwnPropertySlotCommon): |
| (JSC::ProxyObject::performPut): |
| (JSC::ProxyObject::putByIndexCommon): |
| (JSC::performProxyCall): |
| (JSC::performProxyConstruct): |
| (JSC::ProxyObject::performDelete): |
| (JSC::ProxyObject::performPreventExtensions): |
| (JSC::ProxyObject::performIsExtensible): |
| (JSC::ProxyObject::performDefineOwnProperty): |
| (JSC::ProxyObject::performSetPrototype): |
| (JSC::ProxyObject::performGetPrototype): |
| * runtime/ReflectObject.cpp: |
| (JSC::reflectObjectConstruct): |
| (JSC::reflectObjectDefineProperty): |
| (JSC::reflectObjectGet): |
| (JSC::reflectObjectGetOwnPropertyDescriptor): |
| (JSC::reflectObjectGetPrototypeOf): |
| (JSC::reflectObjectOwnKeys): |
| (JSC::reflectObjectSet): |
| * runtime/RegExpConstructor.cpp: |
| (JSC::constructRegExp): |
| * runtime/RegExpObject.cpp: |
| (JSC::RegExpObject::defineOwnProperty): |
| (JSC::RegExpObject::matchGlobal): |
| * runtime/RegExpPrototype.cpp: |
| (JSC::regExpProtoFuncTestFast): |
| (JSC::regExpProtoFuncExec): |
| (JSC::regExpProtoFuncToString): |
| * runtime/ScriptExecutable.cpp: |
| (JSC::ScriptExecutable::newCodeBlockFor): |
| * runtime/SetConstructor.cpp: |
| (JSC::constructSet): |
| * runtime/SparseArrayValueMap.cpp: |
| (JSC::SparseArrayValueMap::putEntry): |
| (JSC::SparseArrayEntry::put): |
| * runtime/StringConstructor.cpp: |
| (JSC::stringFromCharCode): |
| (JSC::stringFromCodePoint): |
| * runtime/StringObject.cpp: |
| (JSC::StringObject::put): |
| (JSC::StringObject::putByIndex): |
| (JSC::StringObject::defineOwnProperty): |
| * runtime/StringPrototype.cpp: |
| (JSC::jsSpliceSubstrings): |
| (JSC::jsSpliceSubstringsWithSeparators): |
| (JSC::removeUsingRegExpSearch): |
| (JSC::replaceUsingRegExpSearch): |
| (JSC::operationStringProtoFuncReplaceRegExpEmptyStr): |
| (JSC::replaceUsingStringSearch): |
| (JSC::repeatCharacter): |
| (JSC::replace): |
| (JSC::stringProtoFuncReplaceUsingRegExp): |
| (JSC::stringProtoFuncReplaceUsingStringSearch): |
| (JSC::stringProtoFuncSplitFast): |
| (JSC::stringProtoFuncToLowerCase): |
| (JSC::stringProtoFuncToUpperCase): |
| (JSC::toLocaleCase): |
| (JSC::trimString): |
| (JSC::stringProtoFuncIncludes): |
| (JSC::builtinStringIncludesInternal): |
| (JSC::normalize): |
| (JSC::stringProtoFuncNormalize): |
| * runtime/SymbolPrototype.cpp: |
| (JSC::symbolProtoFuncToString): |
| (JSC::symbolProtoFuncValueOf): |
| * tools/JSDollarVM.cpp: |
| (WTF::functionWasmStreamingParserAddBytes): |
| (JSC::functionGetPrivateProperty): |
| * wasm/js/WebAssemblyCompileErrorConstructor.cpp: |
| (JSC::constructJSWebAssemblyCompileError): |
| * wasm/js/WebAssemblyModuleConstructor.cpp: |
| (JSC::constructJSWebAssemblyModule): |
| (JSC::WebAssemblyModuleConstructor::createModule): |
| * wasm/js/WebAssemblyTableConstructor.cpp: |
| (JSC::constructJSWebAssemblyTable): |
| * wasm/js/WebAssemblyWrapperFunction.cpp: |
| (JSC::callWebAssemblyWrapperFunction): |
| |
| 2018-10-01 Koby Boyango <koby.b@mce-sys.com> |
| |
| [JSC] Add a JSONStringify overload that receives a JSValue space |
| https://bugs.webkit.org/show_bug.cgi?id=190131 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| * runtime/JSONObject.cpp: |
| * runtime/JSONObject.h: |
| |
| 2018-10-01 Commit Queue <commit-queue@webkit.org> |
| |
| Unreviewed, rolling out r236647. |
| https://bugs.webkit.org/show_bug.cgi?id=190124 |
| |
| Breaking test stress/big-int-to-string.js (Requested by |
| caiolima_ on #webkit). |
| |
| Reverted changeset: |
| |
| "[BigInt] BigInt.proptotype.toString is broken when radix is |
| power of 2" |
| https://bugs.webkit.org/show_bug.cgi?id=190033 |
| https://trac.webkit.org/changeset/236647 |
| |
| 2018-10-01 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [WebAssembly] Move type conversion code of JSToWasm return type to JS wasm wrapper |
| https://bugs.webkit.org/show_bug.cgi?id=189498 |
| |
| Reviewed by Saam Barati. |
| |
| To call JS-to-Wasm code we need to convert the result value from wasm function to |
| the JS type. Previously this is done by callWebAssemblyFunction by using swtich |
| over signature.returnType(). But since we know the value of `signature.returnType()` |
| at compiling phase, we can emit a small conversion code directly to JSToWasm glue |
| and remove this switch from callWebAssemblyFunction. |
| |
| In JSToWasm glue code, we do not have tag registers. So we use DoNotHaveTagRegisters |
| in boxInt32 and boxDouble. Since boxDouble does not have DoNotHaveTagRegisters version, |
| we add an implementation for that. |
| |
| * jit/AssemblyHelpers.h: |
| (JSC::AssemblyHelpers::boxDouble): |
| * wasm/js/JSToWasm.cpp: |
| (JSC::Wasm::createJSToWasmWrapper): |
| * wasm/js/WebAssemblyFunction.cpp: |
| (JSC::callWebAssemblyFunction): |
| |
| 2018-09-30 Caio Lima <ticaiolima@gmail.com> |
| |
| [BigInt] BigInt.proptotype.toString is broken when radix is power of 2 |
| https://bugs.webkit.org/show_bug.cgi?id=190033 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| The implementation of JSBigInt::toStringToGeneric doesn't handle power |
| of 2 radix when JSBigInt length is >= 2. To handle such cases, we |
| implemented JSBigInt::toStringBasePowerOfTwo that follows the |
| algorithm that groups bits using mask of (2 ^ n) - 1 to extract every |
| digit. |
| |
| * runtime/JSBigInt.cpp: |
| (JSC::JSBigInt::toString): |
| (JSC::JSBigInt::toStringBasePowerOfTwo): |
| * runtime/JSBigInt.h: |
| |
| 2018-09-28 Caio Lima <ticaiolima@gmail.com> |
| |
| [ESNext][BigInt] Implement support for "&" |
| https://bugs.webkit.org/show_bug.cgi?id=186228 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| This patch introduces support of BigInt into bitwise "&" operation. |
| We are also introducing the ValueBitAnd DFG node, that is responsible |
| to take care of JIT for non-Int32 operands. With the introduction of this |
| new node, we renamed the BitAnd node to ArithBitAnd. The ArithBitAnd |
| follows the behavior of ArithAdd and other arithmetic nodes, where |
| the Arith<op> version always results in Number (in the case of |
| ArithBitAnd, its is always an Int32). |
| |
| * bytecode/CodeBlock.cpp: |
| (JSC::CodeBlock::finishCreation): |
| * bytecompiler/BytecodeGenerator.cpp: |
| (JSC::BytecodeGenerator::emitBinaryOp): |
| * dfg/DFGAbstractInterpreterInlines.h: |
| (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): |
| * dfg/DFGBackwardsPropagationPhase.cpp: |
| (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo): |
| (JSC::DFG::BackwardsPropagationPhase::propagate): |
| * dfg/DFGByteCodeParser.cpp: |
| (JSC::DFG::ByteCodeParser::parseBlock): |
| * dfg/DFGClobberize.h: |
| (JSC::DFG::clobberize): |
| * dfg/DFGDoesGC.cpp: |
| (JSC::DFG::doesGC): |
| * dfg/DFGFixupPhase.cpp: |
| (JSC::DFG::FixupPhase::fixupNode): |
| * dfg/DFGNodeType.h: |
| * dfg/DFGOperations.cpp: |
| * dfg/DFGOperations.h: |
| * dfg/DFGPredictionPropagationPhase.cpp: |
| * dfg/DFGSafeToExecute.h: |
| (JSC::DFG::safeToExecute): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::compileValueBitwiseOp): |
| (JSC::DFG::SpeculativeJIT::compileBitwiseOp): |
| * dfg/DFGSpeculativeJIT.h: |
| (JSC::DFG::SpeculativeJIT::bitOp): |
| * dfg/DFGSpeculativeJIT32_64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGSpeculativeJIT64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| * dfg/DFGStrengthReductionPhase.cpp: |
| (JSC::DFG::StrengthReductionPhase::handleNode): |
| * ftl/FTLCapabilities.cpp: |
| (JSC::FTL::canCompile): |
| * ftl/FTLLowerDFGToB3.cpp: |
| (JSC::FTL::DFG::LowerDFGToB3::compileNode): |
| (JSC::FTL::DFG::LowerDFGToB3::compileValueBitAnd): |
| (JSC::FTL::DFG::LowerDFGToB3::compileArithBitAnd): |
| (JSC::FTL::DFG::LowerDFGToB3::compileBitAnd): Deleted. |
| * jit/JIT.h: |
| * jit/JITArithmetic.cpp: |
| (JSC::JIT::emitBitBinaryOpFastPath): |
| (JSC::JIT::emit_op_bitand): |
| * llint/LowLevelInterpreter32_64.asm: |
| * llint/LowLevelInterpreter64.asm: |
| * runtime/CommonSlowPaths.cpp: |
| (JSC::SLOW_PATH_DECL): |
| * runtime/JSBigInt.cpp: |
| (JSC::JSBigInt::JSBigInt): |
| (JSC::JSBigInt::initialize): |
| (JSC::JSBigInt::createZero): |
| (JSC::JSBigInt::createFrom): |
| (JSC::JSBigInt::bitwiseAnd): |
| (JSC::JSBigInt::absoluteBitwiseOp): |
| (JSC::JSBigInt::absoluteAnd): |
| (JSC::JSBigInt::absoluteOr): |
| (JSC::JSBigInt::absoluteAndNot): |
| (JSC::JSBigInt::absoluteAddOne): |
| (JSC::JSBigInt::absoluteSubOne): |
| * runtime/JSBigInt.h: |
| * runtime/JSCJSValue.h: |
| * runtime/JSCJSValueInlines.h: |
| (JSC::JSValue::toBigIntOrInt32 const): |
| |
| 2018-09-28 Mark Lam <mark.lam@apple.com> |
| |
| Gardening: speculative build fix. |
| <rdar://problem/44869924> |
| |
| Not reviewed. |
| |
| * assembler/LinkBuffer.cpp: |
| (JSC::LinkBuffer::copyCompactAndLinkCode): |
| |
| 2018-09-28 Guillaume Emont <guijemont@igalia.com> |
| |
| [JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions. |
| https://bugs.webkit.org/show_bug.cgi?id=190080 |
| |
| Reviewed by Mark Lam. |
| |
| * assembler/ARMv7Assembler.h: |
| (JSC::ARMv7Assembler::link): |
| (JSC::ARMv7Assembler::linkJumpT1): |
| (JSC::ARMv7Assembler::linkJumpT2): |
| (JSC::ARMv7Assembler::linkJumpT3): |
| (JSC::ARMv7Assembler::linkJumpT4): |
| (JSC::ARMv7Assembler::linkConditionalJumpT4): |
| (JSC::ARMv7Assembler::linkBX): |
| (JSC::ARMv7Assembler::linkConditionalBX): |
| * assembler/MacroAssemblerARMv7.h: |
| (JSC::MacroAssemblerARMv7::link): |
| |
| 2018-09-27 Saam barati <sbarati@apple.com> |
| |
| Verify the contents of AssemblerBuffer on arm64e |
| https://bugs.webkit.org/show_bug.cgi?id=190057 |
| <rdar://problem/38916630> |
| |
| Reviewed by Mark Lam. |
| |
| * assembler/ARM64Assembler.h: |
| (JSC::ARM64Assembler::ARM64Assembler): |
| (JSC::ARM64Assembler::fillNops): |
| (JSC::ARM64Assembler::link): |
| (JSC::ARM64Assembler::linkJumpOrCall): |
| (JSC::ARM64Assembler::linkCompareAndBranch): |
| (JSC::ARM64Assembler::linkConditionalBranch): |
| (JSC::ARM64Assembler::linkTestAndBranch): |
| (JSC::ARM64Assembler::unlinkedCode): Deleted. |
| * assembler/ARMAssembler.h: |
| (JSC::ARMAssembler::fillNops): |
| * assembler/ARMv7Assembler.h: |
| (JSC::ARMv7Assembler::unlinkedCode): Deleted. |
| * assembler/AbstractMacroAssembler.h: |
| (JSC::AbstractMacroAssembler::emitNops): |
| (JSC::AbstractMacroAssembler::AbstractMacroAssembler): |
| * assembler/AssemblerBuffer.h: |
| (JSC::ARM64EHash::ARM64EHash): |
| (JSC::ARM64EHash::update): |
| (JSC::ARM64EHash::hash const): |
| (JSC::ARM64EHash::randomSeed const): |
| (JSC::AssemblerBuffer::AssemblerBuffer): |
| (JSC::AssemblerBuffer::putShort): |
| (JSC::AssemblerBuffer::putIntUnchecked): |
| (JSC::AssemblerBuffer::putInt): |
| (JSC::AssemblerBuffer::hash const): |
| (JSC::AssemblerBuffer::data const): |
| (JSC::AssemblerBuffer::putIntegralUnchecked): |
| (JSC::AssemblerBuffer::append): Deleted. |
| * assembler/LinkBuffer.cpp: |
| (JSC::LinkBuffer::copyCompactAndLinkCode): |
| * assembler/MIPSAssembler.h: |
| (JSC::MIPSAssembler::fillNops): |
| * assembler/MacroAssemblerARM64.h: |
| (JSC::MacroAssemblerARM64::jumpsToLink): |
| (JSC::MacroAssemblerARM64::link): |
| (JSC::MacroAssemblerARM64::unlinkedCode): Deleted. |
| * assembler/MacroAssemblerARMv7.h: |
| (JSC::MacroAssemblerARMv7::jumpsToLink): |
| (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted. |
| * assembler/X86Assembler.h: |
| (JSC::X86Assembler::fillNops): |
| |
| 2018-09-27 Mark Lam <mark.lam@apple.com> |
| |
| ByValInfo should not use integer offsets. |
| https://bugs.webkit.org/show_bug.cgi?id=190070 |
| <rdar://problem/44803430> |
| |
| Reviewed by Saam Barati. |
| |
| Also moved some fields around to allow the ByValInfo struct to be more densely packed. |
| |
| * bytecode/ByValInfo.h: |
| (JSC::ByValInfo::ByValInfo): |
| * jit/JIT.cpp: |
| (JSC::JIT::link): |
| * jit/JITOpcodes.cpp: |
| (JSC::JIT::privateCompileHasIndexedProperty): |
| * jit/JITOpcodes32_64.cpp: |
| (JSC::JIT::privateCompileHasIndexedProperty): |
| * jit/JITPropertyAccess.cpp: |
| (JSC::JIT::privateCompileGetByVal): |
| (JSC::JIT::privateCompileGetByValWithCachedId): |
| (JSC::JIT::privateCompilePutByVal): |
| (JSC::JIT::privateCompilePutByValWithCachedId): |
| |
| 2018-09-27 Saam barati <sbarati@apple.com> |
| |
| DFG::OSRExit::m_patchableCodeOffset should not be an int |
| https://bugs.webkit.org/show_bug.cgi?id=190066 |
| <rdar://problem/39498244> |
| |
| Reviewed by Mark Lam. |
| |
| * dfg/DFGJITCompiler.cpp: |
| (JSC::DFG::JITCompiler::linkOSRExits): |
| (JSC::DFG::JITCompiler::link): |
| * dfg/DFGOSRExit.cpp: |
| (JSC::DFG::OSRExit::codeLocationForRepatch const): |
| (JSC::DFG::OSRExit::compileOSRExit): |
| (JSC::DFG::OSRExit::setPatchableCodeOffset): Deleted. |
| (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump const): Deleted. |
| (JSC::DFG::OSRExit::correctJump): Deleted. |
| * dfg/DFGOSRExit.h: |
| * dfg/DFGOSRExitCompilationInfo.h: |
| |
| 2018-09-27 Saam barati <sbarati@apple.com> |
| |
| Don't use int offsets in StructureStubInfo |
| https://bugs.webkit.org/show_bug.cgi?id=190064 |
| <rdar://problem/44784719> |
| |
| Reviewed by Mark Lam. |
| |
| * bytecode/InlineAccess.cpp: |
| (JSC::linkCodeInline): |
| * bytecode/StructureStubInfo.h: |
| (JSC::StructureStubInfo::slowPathCallLocation): |
| (JSC::StructureStubInfo::doneLocation): |
| (JSC::StructureStubInfo::slowPathStartLocation): |
| * jit/JITInlineCacheGenerator.cpp: |
| (JSC::JITInlineCacheGenerator::finalize): |
| |
| 2018-09-27 Mark Lam <mark.lam@apple.com> |
| |
| DFG::OSREntry::m_machineCodeOffset should be a CodeLocation. |
| https://bugs.webkit.org/show_bug.cgi?id=190054 |
| <rdar://problem/44803543> |
| |
| Reviewed by Saam Barati. |
| |
| * dfg/DFGJITCode.h: |
| (JSC::DFG::JITCode::appendOSREntryData): |
| * dfg/DFGJITCompiler.cpp: |
| (JSC::DFG::JITCompiler::noticeOSREntry): |
| * dfg/DFGOSREntry.cpp: |
| (JSC::DFG::OSREntryData::dumpInContext const): |
| (JSC::DFG::prepareOSREntry): |
| * dfg/DFGOSREntry.h: |
| * runtime/JSCPtrTag.h: |
| |
| 2018-09-27 Mark Lam <mark.lam@apple.com> |
| |
| JITMathIC should not use integer offsets into machine code. |
| https://bugs.webkit.org/show_bug.cgi?id=190030 |
| <rdar://problem/44803307> |
| |
| Reviewed by Saam Barati. |
| |
| We'll replace them with CodeLocation smart pointers instead. |
| |
| * jit/JITMathIC.h: |
| (JSC::isProfileEmpty): |
| |
| 2018-09-26 Mark Lam <mark.lam@apple.com> |
| |
| Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E). |
| https://bugs.webkit.org/show_bug.cgi?id=190022 |
| <rdar://problem/44800928> |
| |
| Reviewed by Saam Barati. |
| |
| * jit/ExecutableAllocator.cpp: |
| (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): |
| (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps): |
| * jit/ExecutableAllocator.h: |
| (JSC::performJITMemcpy): |
| * runtime/Options.cpp: |
| (JSC::recomputeDependentOptions): |
| |
| 2018-09-26 Mark Lam <mark.lam@apple.com> |
| |
| Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64. |
| https://bugs.webkit.org/show_bug.cgi?id=190016 |
| <rdar://problem/44802875> |
| |
| Reviewed by Saam Barati. |
| |
| Also assert in performJITMemcpy() that the entire buffer to be copied will fit in |
| JIT memory. |
| |
| * assembler/ARM64Assembler.h: |
| (JSC::ARM64Assembler::fillNops): |
| (JSC::ARM64Assembler::replaceWithVMHalt): |
| (JSC::ARM64Assembler::replaceWithJump): |
| (JSC::ARM64Assembler::replaceWithLoad): |
| (JSC::ARM64Assembler::replaceWithAddressComputation): |
| (JSC::ARM64Assembler::setPointer): |
| (JSC::ARM64Assembler::repatchInt32): |
| (JSC::ARM64Assembler::repatchCompact): |
| (JSC::ARM64Assembler::linkJumpOrCall): |
| (JSC::ARM64Assembler::linkCompareAndBranch): |
| (JSC::ARM64Assembler::linkConditionalBranch): |
| (JSC::ARM64Assembler::linkTestAndBranch): |
| * assembler/LinkBuffer.cpp: |
| (JSC::LinkBuffer::copyCompactAndLinkCode): |
| (JSC::LinkBuffer::linkCode): |
| * jit/ExecutableAllocator.h: |
| (JSC::performJITMemcpy): |
| |
| 2018-09-25 Keith Miller <keith_miller@apple.com> |
| |
| Move Symbol API to SPI |
| https://bugs.webkit.org/show_bug.cgi?id=189946 |
| |
| Reviewed by Michael Saboff. |
| |
| Some of the property access methods on JSValue needed to be moved |
| to a category so that SPI overloads don't result in a compiler |
| error for internal users. |
| |
| Additionally, this patch does not move the new enum entry for |
| Symbols in the JSType enumeration. |
| |
| * API/JSObjectRef.h: |
| * API/JSObjectRefPrivate.h: |
| * API/JSValue.h: |
| * API/JSValuePrivate.h: |
| * API/JSValueRef.h: |
| |
| 2018-09-26 Keith Miller <keith_miller@apple.com> |
| |
| We should zero unused property storage when rebalancing array storage. |
| https://bugs.webkit.org/show_bug.cgi?id=188151 |
| |
| Reviewed by Michael Saboff. |
| |
| In unshiftCountSlowCase we sometimes will move property storage to the right even when net adding elements. |
| This can happen because we "balance" the pre/post-capacity in that code so we need to zero the unused |
| property storage. |
| |
| * runtime/JSArray.cpp: |
| (JSC::JSArray::unshiftCountSlowCase): |
| |
| 2018-09-26 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| Unreviewed, add scope verification handling |
| https://bugs.webkit.org/show_bug.cgi?id=189780 |
| |
| * runtime/ArrayPrototype.cpp: |
| (JSC::arrayProtoFuncIndexOf): |
| (JSC::arrayProtoFuncLastIndexOf): |
| |
| 2018-09-26 Koby Boyango <koby.b@mce.systems> |
| |
| [JSC] offlineasm parser should handle CRLF in asm files |
| https://bugs.webkit.org/show_bug.cgi?id=189949 |
| |
| Reviewed by Mark Lam. |
| |
| * offlineasm/parser.rb: |
| |
| 2018-09-20 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Optimize Array#lastIndexOf |
| https://bugs.webkit.org/show_bug.cgi?id=189780 |
| |
| Reviewed by Saam Barati. |
| |
| Optimize Array#lastIndexOf as the same to Array#indexOf. We add a fast path |
| for JSArray with contiguous storage. |
| |
| * runtime/ArrayPrototype.cpp: |
| (JSC::arrayProtoFuncLastIndexOf): |
| |
| 2018-09-25 Saam Barati <sbarati@apple.com> |
| |
| Calls to baselineCodeBlockForOriginAndBaselineCodeBlock in operationMaterializeObjectInOSR should actually pass in the baseline CodeBlock |
| https://bugs.webkit.org/show_bug.cgi?id=189940 |
| <rdar://problem/43640987> |
| |
| Reviewed by Mark Lam. |
| |
| We were calling baselineCodeBlockForOriginAndBaselineCodeBlock with the FTL |
| CodeBlock. There is nothing semantically wrong with doing that (except for |
| poor naming), however, the poor naming here led us to make a real semantic |
| mistake. We wanted the baseline CodeBlock's constant pool, but we were |
| accessing the FTL CodeBlock's constant pool accidentally. We need to |
| access the baseline CodeBlock's constant pool when we update the NewArrayBuffer |
| constant value. |
| |
| * bytecode/InlineCallFrame.h: |
| (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): |
| * ftl/FTLOperations.cpp: |
| (JSC::FTL::operationMaterializeObjectInOSR): |
| |
| 2018-09-25 Joseph Pecoraro <pecoraro@apple.com> |
| |
| Web Inspector: Stricter block syntax in generated ObjC protocol interfaces |
| https://bugs.webkit.org/show_bug.cgi?id=189962 |
| <rdar://problem/44648287> |
| |
| Reviewed by Brian Burg. |
| |
| * inspector/scripts/codegen/generate_objc_header.py: |
| (ObjCHeaderGenerator._callback_block_for_command): |
| If there are no return parameters include "void" in the block signature. |
| |
| * inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result: |
| * inspector/scripts/tests/generic/expected/domain-availability.json-result: |
| * inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result: |
| * inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result: |
| * inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: |
| * inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result: |
| Rebaseline test results. |
| |
| 2018-09-24 Joseph Pecoraro <pecoraro@apple.com> |
| |
| Remove AUTHORS and THANKS files which are stale |
| https://bugs.webkit.org/show_bug.cgi?id=189941 |
| |
| Reviewed by Darin Adler. |
| |
| Included mentions below so their names are still in ChangeLogs. |
| |
| * AUTHORS: Removed. |
| Harri Porten (porten@kde.org) and Peter Kelly (pmk@post.com). |
| These authors remain mentioned in copyrights in source files. |
| |
| * THANKS: Removed. |
| Richard Moore <rich@kde.org> - for filling the Math object with some life |
| Daegeun Lee <realking@mizi.com> - for pointing out some bugs and providing much code for the String and Date object. |
| Marco Pinelli <pinmc@libero.it> - for his patches |
| Christian Kirsch <ck@held.mind.de> - for his contribution to the Date object |
| |
| 2018-09-24 Fujii Hironori <Hironori.Fujii@sony.com> |
| |
| Rename WTF_COMPILER_GCC_OR_CLANG to WTF_COMPILER_GCC_COMPATIBLE |
| https://bugs.webkit.org/show_bug.cgi?id=189733 |
| |
| Reviewed by Michael Catanzaro. |
| |
| * assembler/ARM64Assembler.h: |
| * assembler/ARMAssembler.h: |
| (JSC::ARMAssembler::cacheFlush): |
| * assembler/MacroAssemblerARM.cpp: |
| (JSC::isVFPPresent): |
| * assembler/MacroAssemblerARM64.cpp: |
| * assembler/MacroAssemblerARMv7.cpp: |
| * assembler/MacroAssemblerMIPS.cpp: |
| * assembler/MacroAssemblerX86Common.cpp: |
| * heap/HeapCell.cpp: |
| * heap/HeapCell.h: |
| * jit/HostCallReturnValue.h: |
| * jit/JIT.h: |
| * jit/JITOperations.cpp: |
| * jit/ThunkGenerators.cpp: |
| * runtime/ArrayConventions.cpp: |
| (JSC::clearArrayMemset): |
| * runtime/JSBigInt.cpp: |
| (JSC::JSBigInt::digitDiv): |
| |
| 2018-09-24 Saam Barati <sbarati@apple.com> |
| |
| Array.prototype.indexOf fast path needs to ensure the length is still valid after performing effects |
| https://bugs.webkit.org/show_bug.cgi?id=189922 |
| <rdar://problem/44651275> |
| |
| Reviewed by Mark Lam. |
| |
| The implementation was first getting the length to iterate up to, |
| then getting the starting index. However, getting the starting |
| index may perform effects. e.g, it could change the length of the |
| array. This changes it so we verify the length is still valid. |
| |
| * runtime/ArrayPrototype.cpp: |
| (JSC::arrayProtoFuncIndexOf): |
| |
| 2018-09-24 Tadeu Zagallo <tzagallo@apple.com> |
| |
| offlineasm: fix macro scoping |
| https://bugs.webkit.org/show_bug.cgi?id=189902 |
| |
| Reviewed by Mark Lam. |
| |
| In the code below, the reference to `f` in `g`, which should refer to |
| the outer macro definition will instead refer to the f argument of the |
| anonymous macro passed to `g`. That leads to this code failing to |
| compile (f expected 0 args but got 1). |
| |
| ``` |
| macro f(x) |
| move x, t0 |
| end |
| |
| macro g(fn) |
| fn(macro () f(42) end) |
| end |
| |
| g(macro(f) f() end) |
| ``` |
| |
| * offlineasm/ast.rb: |
| * offlineasm/transform.rb: |
| |
| 2018-09-24 Tadeu Zagallo <tzagallo@apple.com> |
| |
| Add forEach method for iterating CodeBlock's ValueProfiles |
| https://bugs.webkit.org/show_bug.cgi?id=189897 |
| |
| Reviewed by Mark Lam. |
| |
| Add method to abstract how we find ValueProfiles in a CodeBlock in |
| preparation for https://bugs.webkit.org/show_bug.cgi?id=189785, when |
| ValueProfiles will be stored in the MetadataTable. |
| |
| * bytecode/CodeBlock.cpp: |
| (JSC::CodeBlock::updateAllPredictionsAndCountLiveness): |
| (JSC::CodeBlock::updateAllValueProfilePredictions): |
| (JSC::CodeBlock::shouldOptimizeNow): |
| (JSC::CodeBlock::dumpValueProfiles): |
| * bytecode/CodeBlock.h: |
| (JSC::CodeBlock::forEachValueProfile): |
| (JSC::CodeBlock::numberOfArgumentValueProfiles): |
| (JSC::CodeBlock::valueProfileForArgument): |
| (JSC::CodeBlock::numberOfValueProfiles): |
| (JSC::CodeBlock::valueProfile): |
| (JSC::CodeBlock::totalNumberOfValueProfiles): Deleted. |
| (JSC::CodeBlock::getFromAllValueProfiles): Deleted. |
| * tools/HeapVerifier.cpp: |
| (JSC::HeapVerifier::validateJSCell): |
| |
| 2018-09-24 Saam barati <sbarati@apple.com> |
| |
| ArgumentsEliminationPhase should snip basic blocks after proven OSR exits |
| https://bugs.webkit.org/show_bug.cgi?id=189682 |
| <rdar://problem/43557315> |
| |
| Reviewed by Mark Lam. |
| |
| Otherwise, if we have code like this: |
| ``` |
| a: Arguments |
| b: GetButterfly(@a) |
| c: ForceExit |
| d: GetArrayLength(@a, @b) |
| ``` |
| it will get transformed into this invalid DFG IR: |
| ``` |
| a: PhantomArguments |
| b: Check(@a) |
| c: ForceExit |
| d: GetArrayLength(@a, @b) |
| ``` |
| |
| And we will fail DFG validation since @b does not have a result. |
| |
| The fix is to just remove all nodes after the ForceExit and plant an |
| Unreachable after it. So the above code program will now turn into this: |
| ``` |
| a: PhantomArguments |
| b: Check(@a) |
| c: ForceExit |
| e: Unreachable |
| ``` |
| |
| * dfg/DFGArgumentsEliminationPhase.cpp: |
| |
| 2018-09-22 Saam barati <sbarati@apple.com> |
| |
| The sampling should not use Strong<CodeBlock> in its machineLocation field |
| https://bugs.webkit.org/show_bug.cgi?id=189319 |
| |
| Reviewed by Filip Pizlo. |
| |
| The sampling profiler has a CLI mode where we gather information about inline |
| call frames. That data structure was using a Strong<CodeBlock>. We were |
| constructing this Strong<CodeBlock> during GC concurrently to processing all |
| the Strong handles. This is a bug since we end up corrupting that data |
| structure. This patch fixes this by just making this data structure use the |
| sampling profiler's mechanism for holding onto and properly visiting heap pointers. |
| |
| * inspector/agents/InspectorScriptProfilerAgent.cpp: |
| (Inspector::InspectorScriptProfilerAgent::trackingComplete): |
| * runtime/SamplingProfiler.cpp: |
| (JSC::SamplingProfiler::processUnverifiedStackTraces): |
| |
| (JSC::SamplingProfiler::reportTopFunctions): |
| (JSC::SamplingProfiler::reportTopBytecodes): |
| These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we |
| cause a GC to happen while already holding the sampling profiler's |
| lock. |
| |
| 2018-09-21 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Enable LLInt ASM interpreter on X64 and ARM64 in non JIT configuration |
| https://bugs.webkit.org/show_bug.cgi?id=189778 |
| |
| Reviewed by Keith Miller. |
| |
| LLInt ASM interpreter is 2x and 15% faster than CLoop interpreter on |
| Linux and macOS respectively. We would like to enable it for non JIT |
| configurations in X86_64 and ARM64. |
| |
| This patch enables LLInt for non JIT builds in X86_64 and ARM64 architectures. |
| Previously, we switch LLInt ASM interpreter and CLoop by using ENABLE(JIT) |
| configuration. But it is wrong in the new scenario since we have a build |
| configuration that uses LLInt ASM interpreter and JIT is disabled. We introduce |
| ENABLE(C_LOOP) option, which represents that we use CLoop. And we replace |
| ENABLE(JIT) with ENABLE(C_LOOP) if the previous ENABLE(JIT) is essentially just |
| related to LLInt ASM interpreter and not related to JIT. |
| |
| We also replace some ENABLE(JIT) configurations with ENABLE(ASSEMBLER). |
| ENABLE(ASSEMBLER) is now enabled even if we disable JIT since MacroAssembler |
| has machine register information that is used in LLInt ASM interpreter. |
| |
| * API/tests/PingPongStackOverflowTest.cpp: |
| (testPingPongStackOverflow): |
| * CMakeLists.txt: |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * assembler/MaxFrameExtentForSlowPathCall.h: |
| * bytecode/CallReturnOffsetToBytecodeOffset.h: Removed. It is no longer used. |
| * bytecode/CodeBlock.cpp: |
| (JSC::CodeBlock::finishCreation): |
| * bytecode/CodeBlock.h: |
| (JSC::CodeBlock::calleeSaveRegisters const): |
| (JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters): |
| (JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters): |
| (JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters): |
| * bytecode/Opcode.h: |
| (JSC::padOpcodeName): |
| * heap/Heap.cpp: |
| (JSC::Heap::gatherJSStackRoots): |
| (JSC::Heap::stopThePeriphery): |
| * interpreter/CLoopStack.cpp: |
| * interpreter/CLoopStack.h: |
| * interpreter/CLoopStackInlines.h: |
| * interpreter/EntryFrame.h: |
| * interpreter/Interpreter.cpp: |
| (JSC::Interpreter::Interpreter): |
| (JSC::UnwindFunctor::copyCalleeSavesToEntryFrameCalleeSavesBuffer const): |
| * interpreter/Interpreter.h: |
| * interpreter/StackVisitor.cpp: |
| (JSC::StackVisitor::Frame::calleeSaveRegisters): |
| * interpreter/VMEntryRecord.h: |
| * jit/ExecutableAllocator.h: |
| * jit/FPRInfo.h: |
| (WTF::printInternal): |
| * jit/GPRInfo.cpp: |
| * jit/GPRInfo.h: |
| (WTF::printInternal): |
| * jit/HostCallReturnValue.cpp: |
| (JSC::getHostCallReturnValueWithExecState): Moved. They are used in LLInt ASM interpreter too. |
| * jit/HostCallReturnValue.h: |
| * jit/JITOperations.cpp: |
| (JSC::getHostCallReturnValueWithExecState): Deleted. |
| * jit/JITOperationsMSVC64.cpp: |
| * jit/Reg.cpp: |
| * jit/Reg.h: |
| * jit/RegisterAtOffset.cpp: |
| * jit/RegisterAtOffset.h: |
| * jit/RegisterAtOffsetList.cpp: |
| * jit/RegisterAtOffsetList.h: |
| * jit/RegisterMap.h: |
| * jit/RegisterSet.cpp: |
| * jit/RegisterSet.h: |
| * jit/TempRegisterSet.cpp: |
| * jit/TempRegisterSet.h: |
| * llint/LLIntCLoop.cpp: |
| * llint/LLIntCLoop.h: |
| * llint/LLIntData.cpp: |
| (JSC::LLInt::initialize): |
| (JSC::LLInt::Data::performAssertions): |
| * llint/LLIntData.h: |
| * llint/LLIntOfflineAsmConfig.h: |
| * llint/LLIntOpcode.h: |
| * llint/LLIntPCRanges.h: |
| * llint/LLIntSlowPaths.cpp: |
| (JSC::LLInt::LLINT_SLOW_PATH_DECL): |
| * llint/LLIntSlowPaths.h: |
| * llint/LLIntThunks.cpp: |
| * llint/LowLevelInterpreter.cpp: |
| * llint/LowLevelInterpreter.h: |
| * runtime/JSCJSValue.h: |
| * runtime/MachineContext.h: |
| * runtime/SamplingProfiler.cpp: |
| (JSC::SamplingProfiler::processUnverifiedStackTraces): Enable SamplingProfiler |
| for LLInt ASM interpreter with non JIT configuration. |
| * runtime/TestRunnerUtils.cpp: |
| (JSC::optimizeNextInvocation): |
| * runtime/VM.cpp: |
| (JSC::VM::VM): |
| (JSC::VM::getHostFunction): |
| (JSC::VM::updateSoftReservedZoneSize): |
| (JSC::sanitizeStackForVM): |
| (JSC::VM::committedStackByteCount): |
| * runtime/VM.h: |
| * runtime/VMInlines.h: |
| (JSC::VM::ensureStackCapacityFor): |
| (JSC::VM::isSafeToRecurseSoft const): |
| |
| 2018-09-21 Keith Miller <keith_miller@apple.com> |
| |
| Add Promise SPI |
| https://bugs.webkit.org/show_bug.cgi?id=189809 |
| |
| Reviewed by Saam Barati. |
| |
| The Patch adds new SPI to create promises. It's mostly SPI because |
| I want to see how internal users react to it before we make it |
| public. |
| |
| This patch adds a couple of new Obj-C SPI methods. The first |
| creates a new promise using the same API that JS does where the |
| user provides an executor callback. If an exception is raised |
| in/to that callback the promise is automagically rejected. The |
| other methods create a pre-resolved or rejected promise as this |
| appears to be a common way to initialize a promise. |
| |
| I was also considering adding a second version of executor API |
| where it would catch specific Obj-C exceptions. This would work by |
| taking a Class paramter and checking isKindOfClass: on the |
| exception. I decided against this as nothing else in our API |
| handles Obj-C exceptions. I'm pretty sure the VM will end up in a |
| corrupt state if an Obj-C exception unwinds through JS frames. |
| |
| This patch adds a new C function that will create a "deferred" |
| promise. A deferred promise is a style of creating promise/futures |
| where the resolve and reject functions are passed as outputs of a |
| function. I went with this style for the C SPI because we don't have |
| any concept of forwarding exceptions in the C API. |
| |
| In order to make the C API work I refactored a bit of the promise code |
| so that we can call a static method on JSDeferredPromise and just get |
| the components without allocating an extra cell wrapper. |
| |
| * API/JSContext.mm: |
| (+[JSContext currentCallee]): |
| * API/JSObjectRef.cpp: |
| (JSObjectMakeDeferredPromise): |
| * API/JSObjectRefPrivate.h: |
| * API/JSValue.mm: |
| (+[JSValue valueWithNewPromiseInContext:fromExecutor:]): |
| (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]): |
| (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]): |
| * API/JSValuePrivate.h: Added. |
| * API/JSVirtualMachine.mm: |
| * API/JSVirtualMachinePrivate.h: |
| * API/tests/testapi.c: |
| (main): |
| * API/tests/testapi.cpp: |
| (APIContext::operator JSC::ExecState*): |
| (TestAPI::failed const): |
| (TestAPI::check): |
| (TestAPI::basicSymbol): |
| (TestAPI::symbolsTypeof): |
| (TestAPI::symbolsGetPropertyForKey): |
| (TestAPI::symbolsSetPropertyForKey): |
| (TestAPI::symbolsHasPropertyForKey): |
| (TestAPI::symbolsDeletePropertyForKey): |
| (TestAPI::promiseResolveTrue): |
| (TestAPI::promiseRejectTrue): |
| (testCAPIViaCpp): |
| (TestAPI::run): Deleted. |
| * API/tests/testapi.mm: |
| (testObjectiveCAPIMain): |
| (promiseWithExecutor): |
| (promiseRejectOnJSException): |
| (promiseCreateResolved): |
| (promiseCreateRejected): |
| (parallelPromiseResolveTest): |
| (testObjectiveCAPI): |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * runtime/JSInternalPromiseDeferred.cpp: |
| (JSC::JSInternalPromiseDeferred::create): |
| * runtime/JSPromise.h: |
| * runtime/JSPromiseConstructor.cpp: |
| (JSC::constructPromise): |
| * runtime/JSPromiseDeferred.cpp: |
| (JSC::JSPromiseDeferred::createDeferredData): |
| (JSC::JSPromiseDeferred::create): |
| (JSC::JSPromiseDeferred::finishCreation): |
| (JSC::newPromiseCapability): Deleted. |
| * runtime/JSPromiseDeferred.h: |
| (JSC::JSPromiseDeferred::promise const): |
| (JSC::JSPromiseDeferred::resolve const): |
| (JSC::JSPromiseDeferred::reject const): |
| |
| 2018-09-21 Ryan Haddad <ryanhaddad@apple.com> |
| |
| Unreviewed, rolling out r236359. |
| |
| Broke the Windows build. |
| |
| Reverted changeset: |
| |
| "Add Promise SPI" |
| https://bugs.webkit.org/show_bug.cgi?id=189809 |
| https://trac.webkit.org/changeset/236359 |
| |
| 2018-09-21 Mark Lam <mark.lam@apple.com> |
| |
| JSRopeString::resolveRope() wrongly assumes that tryGetValue() passes it a valid ExecState. |
| https://bugs.webkit.org/show_bug.cgi?id=189855 |
| <rdar://problem/44680181> |
| |
| Reviewed by Filip Pizlo. |
| |
| tryGetValue() always passes a nullptr to JSRopeString::resolveRope() for the |
| ExecState* argument. This is intentional so that resolveRope() does not throw |
| in the event of an OutOfMemory error. Hence, JSRopeString::resolveRope() should |
| get the VM from the cell instead of via the ExecState. |
| |
| Also removed an obsolete and unused field in JSString. |
| |
| * runtime/JSString.cpp: |
| (JSC::JSRopeString::resolveRope const): |
| (JSC::JSRopeString::outOfMemory const): |
| * runtime/JSString.h: |
| (JSC::JSString::tryGetValue const): |
| |
| 2018-09-21 Michael Saboff <msaboff@apple.com> |
| |
| Add functions to measure memory footprint to JSC |
| https://bugs.webkit.org/show_bug.cgi?id=189768 |
| |
| Reviewed by Saam Barati. |
| |
| Rolling this back in again. |
| |
| Provide system memory metrics for the current process to aid in memory reduction measurement and |
| tuning using native JS tests. |
| |
| * jsc.cpp: |
| (MemoryFootprint::now): |
| (MemoryFootprint::resetPeak): |
| (GlobalObject::finishCreation): |
| (JSCMemoryFootprint::JSCMemoryFootprint): |
| (JSCMemoryFootprint::createStructure): |
| (JSCMemoryFootprint::create): |
| (JSCMemoryFootprint::finishCreation): |
| (JSCMemoryFootprint::addProperty): |
| (functionResetMemoryPeak): |
| |
| 2018-09-21 Keith Miller <keith_miller@apple.com> |
| |
| Add Promise SPI |
| https://bugs.webkit.org/show_bug.cgi?id=189809 |
| |
| Reviewed by Saam Barati. |
| |
| The Patch adds new SPI to create promises. It's mostly SPI because |
| I want to see how internal users react to it before we make it |
| public. |
| |
| This patch adds a couple of new Obj-C SPI methods. The first |
| creates a new promise using the same API that JS does where the |
| user provides an executor callback. If an exception is raised |
| in/to that callback the promise is automagically rejected. The |
| other methods create a pre-resolved or rejected promise as this |
| appears to be a common way to initialize a promise. |
| |
| I was also considering adding a second version of executor API |
| where it would catch specific Obj-C exceptions. This would work by |
| taking a Class paramter and checking isKindOfClass: on the |
| exception. I decided against this as nothing else in our API |
| handles Obj-C exceptions. I'm pretty sure the VM will end up in a |
| corrupt state if an Obj-C exception unwinds through JS frames. |
| |
| This patch adds a new C function that will create a "deferred" |
| promise. A deferred promise is a style of creating promise/futures |
| where the resolve and reject functions are passed as outputs of a |
| function. I went with this style for the C SPI because we don't have |
| any concept of forwarding exceptions in the C API. |
| |
| In order to make the C API work I refactored a bit of the promise code |
| so that we can call a static method on JSDeferredPromise and just get |
| the components without allocating an extra cell wrapper. |
| |
| * API/JSContext.mm: |
| (+[JSContext currentCallee]): |
| * API/JSObjectRef.cpp: |
| (JSObjectMakeDeferredPromise): |
| * API/JSObjectRefPrivate.h: |
| * API/JSValue.mm: |
| (+[JSValue valueWithNewPromiseInContext:fromExecutor:]): |
| (+[JSValue valueWithNewPromiseResolvedWithResult:inContext:]): |
| (+[JSValue valueWithNewPromiseRejectedWithReason:inContext:]): |
| * API/JSValuePrivate.h: Added. |
| * API/JSVirtualMachine.mm: |
| * API/JSVirtualMachinePrivate.h: |
| * API/tests/testapi.c: |
| (main): |
| * API/tests/testapi.cpp: |
| (APIContext::operator JSC::ExecState*): |
| (TestAPI::failed const): |
| (TestAPI::check): |
| (TestAPI::basicSymbol): |
| (TestAPI::symbolsTypeof): |
| (TestAPI::symbolsGetPropertyForKey): |
| (TestAPI::symbolsSetPropertyForKey): |
| (TestAPI::symbolsHasPropertyForKey): |
| (TestAPI::symbolsDeletePropertyForKey): |
| (TestAPI::promiseResolveTrue): |
| (TestAPI::promiseRejectTrue): |
| (testCAPIViaCpp): |
| (TestAPI::run): Deleted. |
| * API/tests/testapi.mm: |
| (testObjectiveCAPIMain): |
| (promiseWithExecutor): |
| (promiseRejectOnJSException): |
| (promiseCreateResolved): |
| (promiseCreateRejected): |
| (parallelPromiseResolveTest): |
| (testObjectiveCAPI): |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * runtime/JSInternalPromiseDeferred.cpp: |
| (JSC::JSInternalPromiseDeferred::create): |
| * runtime/JSPromise.h: |
| * runtime/JSPromiseConstructor.cpp: |
| (JSC::constructPromise): |
| * runtime/JSPromiseDeferred.cpp: |
| (JSC::JSPromiseDeferred::createDeferredData): |
| (JSC::JSPromiseDeferred::create): |
| (JSC::JSPromiseDeferred::finishCreation): |
| (JSC::newPromiseCapability): Deleted. |
| * runtime/JSPromiseDeferred.h: |
| (JSC::JSPromiseDeferred::promise const): |
| (JSC::JSPromiseDeferred::resolve const): |
| (JSC::JSPromiseDeferred::reject const): |
| |
| 2018-09-21 Truitt Savell <tsavell@apple.com> |
| |
| Rebaseline tests after changes in https://trac.webkit.org/changeset/236321/webkit |
| https://bugs.webkit.org/show_bug.cgi?id=156674 |
| |
| Unreviewed Test Gardening |
| |
| * Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result: |
| * Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result: |
| |
| 2018-09-21 Mike Gorse <mgorse@suse.com> |
| |
| Build tools should work when the /usr/bin/python is python3 |
| https://bugs.webkit.org/show_bug.cgi?id=156674 |
| |
| Reviewed by Michael Catanzaro. |
| |
| * Scripts/cssmin.py: |
| * Scripts/generate-js-builtins.py: |
| (do_open): |
| (generate_bindings_for_builtins_files): |
| * Scripts/generateIntlCanonicalizeLanguage.py: |
| * Scripts/jsmin.py: |
| (JavascriptMinify.minify.write): |
| (JavascriptMinify): |
| (JavascriptMinify.minify): |
| * Scripts/make-js-file-arrays.py: |
| (chunk): |
| (main): |
| * Scripts/wkbuiltins/__init__.py: |
| * Scripts/wkbuiltins/builtins_generate_combined_header.py: |
| (generate_section_for_global_private_code_name_macro): |
| * Scripts/wkbuiltins/builtins_generate_internals_wrapper_header.py: |
| (BuiltinsInternalsWrapperHeaderGenerator.__init__): |
| * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: |
| (BuiltinsInternalsWrapperImplementationGenerator.__init__): |
| * Scripts/wkbuiltins/builtins_model.py: |
| (BuiltinFunction.__lt__): |
| (BuiltinsCollection.copyrights): |
| (BuiltinsCollection._parse_functions): |
| * disassembler/udis86/ud_opcode.py: |
| (UdOpcodeTables.pprint.printWalk): |
| * generate-bytecode-files: |
| * inspector/scripts/codegen/__init__.py: |
| * inspector/scripts/codegen/cpp_generator.py: |
| * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py: |
| (CppAlternateBackendDispatcherHeaderGenerator.generate_output): |
| * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py: |
| (CppBackendDispatcherHeaderGenerator.domains_to_generate): |
| (CppBackendDispatcherHeaderGenerator.generate_output): |
| (CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain): |
| * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py: |
| (CppBackendDispatcherImplementationGenerator.domains_to_generate): |
| (CppBackendDispatcherImplementationGenerator.generate_output): |
| * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py: |
| (CppFrontendDispatcherHeaderGenerator.domains_to_generate): |
| (CppFrontendDispatcherHeaderGenerator.generate_output): |
| * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py: |
| (CppFrontendDispatcherImplementationGenerator.domains_to_generate): |
| (CppFrontendDispatcherImplementationGenerator.generate_output): |
| * inspector/scripts/codegen/generate_cpp_protocol_types_header.py: |
| (CppProtocolTypesHeaderGenerator.generate_output): |
| (CppProtocolTypesHeaderGenerator._generate_forward_declarations): |
| * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py: |
| (CppProtocolTypesImplementationGenerator.generate_output): |
| (CppProtocolTypesImplementationGenerator._generate_enum_conversion_methods_for_domain): |
| (CppProtocolTypesImplementationGenerator._generate_enum_mapping_and_conversion_methods): |
| (CppProtocolTypesImplementationGenerator._generate_open_field_names): |
| (CppProtocolTypesImplementationGenerator._generate_builders_for_domain): |
| (CppProtocolTypesImplementationGenerator._generate_assertion_for_object_declaration): |
| * inspector/scripts/codegen/generate_js_backend_commands.py: |
| (JSBackendCommandsGenerator.should_generate_domain): |
| (JSBackendCommandsGenerator.domains_to_generate): |
| (JSBackendCommandsGenerator.generate_output): |
| (JSBackendCommandsGenerator.generate_domain): |
| * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py: |
| (ObjCBackendDispatcherHeaderGenerator.domains_to_generate): |
| (ObjCBackendDispatcherHeaderGenerator.generate_output): |
| * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py: |
| (ObjCBackendDispatcherImplementationGenerator.domains_to_generate): |
| (ObjCBackendDispatcherImplementationGenerator.generate_output): |
| (ObjCBackendDispatcherImplementationGenerator._generate_success_block_for_command): |
| * inspector/scripts/codegen/generate_objc_configuration_header.py: |
| * inspector/scripts/codegen/generate_objc_configuration_implementation.py: |
| * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py: |
| (ObjCFrontendDispatcherImplementationGenerator.domains_to_generate): |
| (ObjCFrontendDispatcherImplementationGenerator.generate_output): |
| (ObjCFrontendDispatcherImplementationGenerator._generate_event): |
| * inspector/scripts/codegen/generate_objc_header.py: |
| (ObjCHeaderGenerator.generate_output): |
| (ObjCHeaderGenerator._generate_type_interface): |
| * inspector/scripts/codegen/generate_objc_internal_header.py: |
| (ObjCInternalHeaderGenerator.generate_output): |
| * inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py: |
| (ObjCProtocolTypeConversionsHeaderGenerator.domains_to_generate): |
| (ObjCProtocolTypeConversionsHeaderGenerator.generate_output): |
| * inspector/scripts/codegen/generate_objc_protocol_type_conversions_implementation.py: |
| (ObjCProtocolTypeConversionsImplementationGenerator.domains_to_generate): |
| * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py: |
| (ObjCProtocolTypesImplementationGenerator.domains_to_generate): |
| (ObjCProtocolTypesImplementationGenerator.generate_output): |
| (ObjCProtocolTypesImplementationGenerator.generate_type_implementation): |
| (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members): |
| * inspector/scripts/codegen/generator.py: |
| (Generator.non_supplemental_domains): |
| (Generator.open_fields): |
| (Generator.calculate_types_requiring_shape_assertions): |
| (Generator._traverse_and_assign_enum_values): |
| (Generator.stylized_name_for_enum_value): |
| * inspector/scripts/codegen/models.py: |
| (find_duplicates): |
| * inspector/scripts/codegen/objc_generator.py: |
| * wasm/generateWasm.py: |
| (opcodeIterator): |
| * yarr/generateYarrCanonicalizeUnicode: |
| * yarr/generateYarrUnicodePropertyTables.py: |
| * yarr/hasher.py: |
| (stringHash): |
| |
| 2018-09-21 Tomas Popela <tpopela@redhat.com> |
| |
| [ARM] Build broken on armv7hl after r235517 |
| https://bugs.webkit.org/show_bug.cgi?id=189831 |
| |
| Reviewed by Yusuke Suzuki. |
| |
| Add missing implementation of patchebleBranch8() for traditional ARM. |
| |
| * assembler/MacroAssemblerARM.h: |
| (JSC::MacroAssemblerARM::patchableBranch8): |
| |
| 2018-09-20 Ryan Haddad <ryanhaddad@apple.com> |
| |
| Unreviewed, rolling out r236293. |
| |
| Internal build still broken. |
| |
| Reverted changeset: |
| |
| "Add functions to measure memory footprint to JSC" |
| https://bugs.webkit.org/show_bug.cgi?id=189768 |
| https://trac.webkit.org/changeset/236293 |
| |
| 2018-09-20 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Heap::reportExtraMemoryVisited shows contention if we have many JSString |
| https://bugs.webkit.org/show_bug.cgi?id=189558 |
| |
| Reviewed by Mark Lam. |
| |
| When running web-tooling-benchmark postcss test on Linux JSCOnly port, we get the following result in `perf report`. |
| |
| 10.95% AutomaticThread libJavaScriptCore.so.1.0.0 [.] JSC::Heap::reportExtraMemoryVisited |
| |
| This is because postcss produces bunch of JSString, which require reportExtraMemoryVisited calls in JSString::visitChildren. |
| And since reportExtraMemoryVisited attempts to update atomic counter, if we have bunch of marking threads, it becomes super contended. |
| |
| This patch reduces the frequency of updating the atomic counter. Each SlotVisitor has per-SlotVisitor m_extraMemorySize counter. |
| And we propagate this value to the global atomic counter when rebalance happens. |
| |
| We also reduce HeapCell::heap() access by using `vm.heap`. |
| |
| * heap/SlotVisitor.cpp: |
| (JSC::SlotVisitor::didStartMarking): |
| (JSC::SlotVisitor::propagateExternalMemoryVisitedIfNecessary): |
| (JSC::SlotVisitor::drain): |
| (JSC::SlotVisitor::performIncrementOfDraining): |
| * heap/SlotVisitor.h: |
| * heap/SlotVisitorInlines.h: |
| (JSC::SlotVisitor::reportExtraMemoryVisited): |
| * runtime/JSString.cpp: |
| (JSC::JSRopeString::resolveRopeToAtomicString const): |
| (JSC::JSRopeString::resolveRope const): |
| * runtime/JSString.h: |
| (JSC::JSString::finishCreation): |
| * wasm/js/JSWebAssemblyInstance.cpp: |
| (JSC::JSWebAssemblyInstance::finishCreation): |
| * wasm/js/JSWebAssemblyMemory.cpp: |
| (JSC::JSWebAssemblyMemory::finishCreation): |
| |
| 2018-09-20 Michael Saboff <msaboff@apple.com> |
| |
| Add functions to measure memory footprint to JSC |
| https://bugs.webkit.org/show_bug.cgi?id=189768 |
| |
| Reviewed by Saam Barati. |
| |
| Rolling this back in. |
| |
| Provide system memory metrics for the current process to aid in memory reduction measurement and |
| tuning using native JS tests. |
| |
| * jsc.cpp: |
| (MemoryFootprint::now): |
| (MemoryFootprint::resetPeak): |
| (GlobalObject::finishCreation): |
| (JSCMemoryFootprint::JSCMemoryFootprint): |
| (JSCMemoryFootprint::createStructure): |
| (JSCMemoryFootprint::create): |
| (JSCMemoryFootprint::finishCreation): |
| (JSCMemoryFootprint::addProperty): |
| (functionResetMemoryPeak): |
| |
| 2018-09-20 Ryan Haddad <ryanhaddad@apple.com> |
| |
| Unreviewed, rolling out r236235. |
| |
| Breaks internal builds. |
| |
| Reverted changeset: |
| |
| "Add functions to measure memory footprint to JSC" |
| https://bugs.webkit.org/show_bug.cgi?id=189768 |
| https://trac.webkit.org/changeset/236235 |
| |
| 2018-09-20 Fujii Hironori <Hironori.Fujii@sony.com> |
| |
| [Win][Clang] JITMathIC.h: error: missing 'template' keyword prior to dependent template name 'retagged' |
| https://bugs.webkit.org/show_bug.cgi?id=189730 |
| |
| Reviewed by Saam Barati. |
| |
| Clang for Windows can't compile the workaround for MSVC quirk in generateOutOfLine. |
| |
| * jit/JITMathIC.h: |
| (generateOutOfLine): Append "&& !COMPILER(CLANG)" to "#if COMPILER(MSVC)". |
| |
| 2018-09-19 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [JSC] Optimize Array#indexOf in C++ runtime |
| https://bugs.webkit.org/show_bug.cgi?id=189507 |
| |
| Reviewed by Saam Barati. |
| |
| C++ Array#indexOf runtime function takes so much time in babylon benchmark in |
| web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization |
| and actually it is working well, C++ Array#indexOf is called significant amount |
| of time before tiering up, and it takes 6.74% of jsc main thread samples according |
| to perf command in Linux. This is because C++ Array#indexOf is too generic and |
| misses the chance to optimize JSArray cases. |
| |
| This patch adds JSArray fast path for Array#indexOf. If we know that indexed |
| access to the given JSArray is non-observable and indexing type is good for the fast |
| path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in |
| babylon web-tooling-benchmark. |
| |
| * runtime/ArrayPrototype.cpp: |
| (JSC::arrayProtoFuncIndexOf): |
| * runtime/JSArray.h: |
| * runtime/JSArrayInlines.h: |
| (JSC::JSArray::canDoFastIndexedAccess): |
| (JSC::toLength): |
| * runtime/JSCJSValueInlines.h: |
| (JSC::JSValue::JSValue): |
| * runtime/JSGlobalObject.h: |
| * runtime/JSGlobalObjectInlines.h: |
| (JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable): |
| (JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable): |
| * runtime/MathCommon.h: |
| (JSC::canBeStrictInt32): |
| (JSC::canBeInt32): |
| |
| 2018-09-19 Michael Saboff <msaboff@apple.com> |
| |
| Add functions to measure memory footprint to JSC |
| https://bugs.webkit.org/show_bug.cgi?id=189768 |
| |
| Reviewed by Saam Barati. |
| |
| Provide system memory metrics for the current process to aid in memory reduction measurement and |
| tuning using native JS tests. |
| |
| * jsc.cpp: |
| (MemoryFootprint::now): |
| (MemoryFootprint::resetPeak): |
| (GlobalObject::finishCreation): |
| (JSCMemoryFootprint::JSCMemoryFootprint): |
| (JSCMemoryFootprint::createStructure): |
| (JSCMemoryFootprint::create): |
| (JSCMemoryFootprint::finishCreation): |
| (JSCMemoryFootprint::addProperty): |
| (functionResetMemoryPeak): |
| |
| 2018-09-19 Saam barati <sbarati@apple.com> |
| |
| CheckStructureOrEmpty should pass in a tempGPR to emitStructureCheck since it may jump over that code |
| https://bugs.webkit.org/show_bug.cgi?id=189703 |
| |
| Reviewed by Mark Lam. |
| |
| This fixes a crash that a TypeProfiler change revealed. |
| |
| * dfg/DFGSpeculativeJIT64.cpp: |
| (JSC::DFG::SpeculativeJIT::compile): |
| |
| 2018-09-19 Saam barati <sbarati@apple.com> |
| |
| AI rule for MultiPutByOffset executes its effects in the wrong order |
| https://bugs.webkit.org/show_bug.cgi?id=189757 |
| <rdar://problem/43535257> |
| |
| Reviewed by Michael Saboff. |
| |
| The AI rule for MultiPutByOffset was executing effects in the wrong order. |
| It first executed the transition effects and the effects on the base, and |
| then executed the filtering effects on the value being stored. However, you |
| can end up with the wrong type when the base and the value being stored |
| are the same. E.g, in a program like `o.f = o`. These effects need to happen |
| in the opposite order, modeling what happens in the runtime executing of |
| MultiPutByOffset. |
| |
| * dfg/DFGAbstractInterpreterInlines.h: |
| (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): |
| |
| 2018-09-18 Mark Lam <mark.lam@apple.com> |
| |
| Ensure that ForInContexts are invalidated if their loop local is over-written. |
| https://bugs.webkit.org/show_bug.cgi?id=189571 |
| <rdar://problem/44402277> |
| |
| Reviewed by Saam Barati. |
| |
| Instead of hunting down every place in the BytecodeGenerator that potentially |
| needs to invalidate an enclosing ForInContext (if one exists), we simply iterate |
| the bytecode range of the loop body when the ForInContext is popped, and |
| invalidate the context if we ever find the loop temp variable over-written. |
| |
| This has 2 benefits: |
| 1. It ensures that every type of opcode that can write to the loop temp will be |
| handled appropriately, not just the op_mov that we've hunted down. |
| 2. It avoids us having to check the BytecodeGenerator's m_forInContextStack |
| every time we emit an op_mov (or other opcodes that can write to a local) |
| even when we're not inside a for-in loop. |
| |
| JSC benchmarks show that that this change is performance neutral. |
| |
| * bytecompiler/BytecodeGenerator.cpp: |
| (JSC::BytecodeGenerator::pushIndexedForInScope): |
| (JSC::BytecodeGenerator::popIndexedForInScope): |
| (JSC::BytecodeGenerator::pushStructureForInScope): |
| (JSC::BytecodeGenerator::popStructureForInScope): |
| (JSC::ForInContext::finalize): |
| (JSC::StructureForInContext::finalize): |
| (JSC::IndexedForInContext::finalize): |
| (JSC::BytecodeGenerator::invalidateForInContextForLocal): Deleted. |
| * bytecompiler/BytecodeGenerator.h: |
| (JSC::ForInContext::ForInContext): |
| (JSC::ForInContext::bodyBytecodeStartOffset const): |
| (JSC::StructureForInContext::StructureForInContext): |
| (JSC::IndexedForInContext::IndexedForInContext): |
| * bytecompiler/NodesCodegen.cpp: |
| (JSC::PostfixNode::emitResolve): |
| (JSC::PrefixNode::emitResolve): |
| (JSC::ReadModifyResolveNode::emitBytecode): |
| (JSC::AssignResolveNode::emitBytecode): |
| (JSC::EmptyLetExpression::emitBytecode): |
| (JSC::ForInNode::emitLoopHeader): |
| (JSC::ForOfNode::emitBytecode): |
| (JSC::BindingNode::bindValue const): |
| (JSC::AssignmentElementNode::bindValue const): |
| * runtime/CommonSlowPaths.cpp: |
| (JSC::SLOW_PATH_DECL): |
| |
| 2018-09-17 Devin Rousso <drousso@apple.com> |
| |
| Web Inspector: generate CSSKeywordCompletions from backend values |
| https://bugs.webkit.org/show_bug.cgi?id=189041 |
| |
| Reviewed by Joseph Pecoraro. |
| |
| * inspector/protocol/CSS.json: |
| Include an optional `aliases` array and `inherited` boolean for `CSSPropertyInfo`. |
| |
| 2018-09-17 Saam barati <sbarati@apple.com> |
| |
| We must convert ProfileType to CheckStructureOrEmpty instead of CheckStructure |
| https://bugs.webkit.org/show_bug.cgi?id=189676 |
| <rdar://problem/39682897> |
| |
| Reviewed by Michael Saboff. |
| |
| Because the incoming value may be TDZ, CheckStructure may end up crashing. |
| Since the Type Profile does not currently record TDZ values in any of its |
| data structures, this is not a semantic change in how it will show you data. |
| It just fixes crashes when we emit a CheckStructure and the incoming value |
| is TDZ. |
| |
| * dfg/DFGFixupPhase.cpp: |
| (JSC::DFG::FixupPhase::fixupNode): |
| * dfg/DFGNode.h: |
| (JSC::DFG::Node::convertToCheckStructureOrEmpty): |
| |
| 2018-09-17 Darin Adler <darin@apple.com> |
| |
| Use OpaqueJSString rather than JSRetainPtr inside WebKit |
| https://bugs.webkit.org/show_bug.cgi?id=189652 |
| |
| Reviewed by Saam Barati. |
| |
| * API/JSCallbackObjectFunctions.h: Removed an uneeded include of |
| JSStringRef.h. |
| |
| * API/JSContext.mm: |
| (-[JSContext evaluateScript:withSourceURL:]): Use OpaqueJSString::create rather |
| than JSStringCreateWithCFString, simplifying the code and also obviating the |
| need for explicit JSStringRelease. |
| (-[JSContext setName:]): Ditto. |
| |
| * API/JSStringRef.cpp: |
| (JSStringIsEqualToUTF8CString): Use adoptRef rather than explicit JSStringRelease. |
| It seems that additional optimization is possible, obviating the need to allocate |
| an OpaqueJSString, but that's true almost everywhere else in this patch, too. |
| |
| * API/JSValue.mm: |
| (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]): Use |
| OpaqueJSString::create and adoptRef as appropriate. |
| (+[JSValue valueWithNewErrorFromMessage:inContext:]): Ditto. |
| (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Ditto. |
| (performPropertyOperation): Ditto. |
| (-[JSValue invokeMethod:withArguments:]): Ditto. |
| (valueToObjectWithoutCopy): Ditto. |
| (containerValueToObject): Ditto. |
| (valueToString): Ditto. |
| (objectToValueWithoutCopy): Ditto. |
| (objectToValue): Ditto. |
| |
| 2018-09-08 Darin Adler <darin@apple.com> |
| |
| Streamline JSRetainPtr, fix leaks of JSString and JSGlobalContext |
| https://bugs.webkit.org/show_bug.cgi?id=189455 |
| |
| Reviewed by Keith Miller. |
| |
| * API/JSObjectRef.cpp: |
| (OpaqueJSPropertyNameArray): Use Ref<OpaqueJSString> instead of |
| JSRetainPtr<JSStringRef>. |
| (JSObjectCopyPropertyNames): Remove now-unneeded use of leakRef and |
| adopt constructor. |
| (JSPropertyNameArrayGetNameAtIndex): Use ptr() instead of get() since |
| the array elements are now Ref. |
| |
| * API/JSRetainPtr.h: While JSRetainPtr is written as a template, |
| it only works for two specific unrelated types, JSStringRef and |
| JSGlobalContextRef. Simplified the default constructor using data |
| member initialization. Prepared to make the adopt constructor private |
| (got everything compiling that way, then made it public again so that |
| Apple internal software will still build). Got rid of unneeded |
| templated constructor and assignment operator, since it's not relevant |
| since there is no inheritance between JSRetainPtr template types. |
| Added WARN_UNUSED_RETURN to leakRef as in RefPtr and RetainPtr. |
| Added move constructor and move assignment operator for slightly better |
| performance. Simplified implementations of various member functions |
| so they are more obviously correct, by using leakPtr in more of them |
| and using std::exchange to make the flow of values more obvious. |
| |
| * API/JSValue.mm: |
| (+[JSValue valueWithNewSymbolFromDescription:inContext:]): Added a |
| missing JSStringRelease to fix a leak. |
| |
| * API/tests/CustomGlobalObjectClassTest.c: |
| (customGlobalObjectClassTest): Added a JSGlobalContextRelease to fix a leak. |
| (globalObjectSetPrototypeTest): Ditto. |
| (globalObjectPrivatePropertyTest): Ditto. |
| |
| * API/tests/ExecutionTimeLimitTest.cpp: |
| (testResetAfterTimeout): Added a call to JSStringRelease to fix a leak. |
| (testExecutionTimeLimit): Ditto, lots more. |
| |
| * API/tests/FunctionOverridesTest.cpp: |
| (testFunctionOverrides): Added a call to JSStringRelease to fix a leak. |
| |
| * API/tests/JSObjectGetProxyTargetTest.cpp: |
| (testJSObjectGetProxyTarget): Added a call to JSGlobalContextRelease to fix |
| a leak. |
| |
| * API/tests/PingPongStackOverflowTest.cpp: |
| (testPingPongStackOverflow): Added calls to JSGlobalContextRelease and |
| JSStringRelease to fix leaks. |
| |
| * API/tests/testapi.c: |
| (throwException): Added. Helper function for repeated idiom where we want |
| to throw an exception, but with additional JSStringRelease calls so we don't |
| have to leak just to keep the code simpler to read. |
| (MyObject_getProperty): Use throwException. |
| (MyObject_setProperty): Ditto. |
| (MyObject_deleteProperty): Ditto. |
| (isValueEqualToString): Added. Helper function for an idiom where we check |
| if something is a string and then if it's equal to a particular string |
| constant, but a version that has an additional JSStringRelease call so we |
| don't have to leak just to keep the code simpler to read. |
| (MyObject_callAsFunction): Use isValueEqualToString and throwException. |
| (MyObject_callAsConstructor): Ditto. |
| (MyObject_hasInstance): Ditto. |
| (globalContextNameTest): Added a JSGlobalContextRelease to fix a leak. |
| (testMarkingConstraintsAndHeapFinalizers): Ditto. |
| |
| 2018-09-14 Saam barati <sbarati@apple.com> |
| |
| Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed |
| https://bugs.webkit.org/show_bug.cgi?id=189628 |
| <rdar://problem/39481690> |
| |
| Reviewed by Mark Lam. |
| |
| An Availability may point to a Node. And that Node may be removed from |
| the graph, e.g, it's freed and its memory is no longer owned by Graph. |
| This patch makes it so we no longer dump this metadata by default. If |
| this metadata is interesting to you, you'll need to go in and change |
| Graph::dump to dump the needed metadata. |
| |
| * dfg/DFGGraph.cpp: |
| (JSC::DFG::Graph::dump): |
| |
| 2018-09-14 Mark Lam <mark.lam@apple.com> |
| |
| Refactor some ForInContext code for better encapsulation. |
| https://bugs.webkit.org/show_bug.cgi?id=189626 |
| <rdar://problem/44466415> |
| |
| Reviewed by Keith Miller. |
| |
| 1. Add a ForInContext::m_type field to store the context type. This does not |
| increase the class size, but eliminates the need for a virtual call to get the |
| type. |
| |
| Note: we still need a virtual destructor because we'll be mingling |
| IndexedForInContexts and StructureForInContexts in the BytecodeGenerator::m_forInContextStack. |
| |
| 2. Add ForInContext::isIndexedForInContext() and ForInContext::isStructureForInContext() |
| convenience methods. |
| |
| 3. Add ForInContext::asIndexedForInContext() and ForInContext::asStructureForInContext() |
| to do the casting to the subclass types. This ensures that we'll properly |
| assert that the casting is legal. |
| |
| * bytecompiler/BytecodeGenerator.cpp: |
| (JSC::BytecodeGenerator::emitGetByVal): |
| (JSC::BytecodeGenerator::popIndexedForInScope): |
| (JSC::BytecodeGenerator::popStructureForInScope): |
| * bytecompiler/BytecodeGenerator.h: |
| (JSC::ForInContext::type const): |
| (JSC::ForInContext::isIndexedForInContext const): |
| (JSC::ForInContext::isStructureForInContext const): |
| (JSC::ForInContext::asIndexedForInContext): |
| (JSC::ForInContext::asStructureForInContext): |
| (JSC::ForInContext::ForInContext): |
| (JSC::StructureForInContext::StructureForInContext): |
| (JSC::IndexedForInContext::IndexedForInContext): |
| (JSC::ForInContext::~ForInContext): Deleted. |
| |
| 2018-09-14 Devin Rousso <webkit@devinrousso.com> |
| |
| Web Inspector: Record actions performed on ImageBitmapRenderingContext |
| https://bugs.webkit.org/show_bug.cgi?id=181341 |
| |
| Reviewed by Joseph Pecoraro. |
| |
| * inspector/protocol/Recording.json: |
| * inspector/scripts/codegen/generator.py: |
| |
| 2018-09-14 Mike Gorse <mgorse@suse.com> |
| |
| builtins directory causes name conflict on Python 3 |
| https://bugs.webkit.org/show_bug.cgi?id=189552 |
| |
| Reviewed by Michael Catanzaro. |
| |
| * CMakeLists.txt: builtins -> wkbuiltins. |
| * DerivedSources.make: builtins -> wkbuiltins. |
| * Scripts/generate-js-builtins.py: import wkbuiltins, rather than |
| builtins. |
| * Scripts/wkbuiltins/__init__.py: Renamed from Source/JavaScriptCore/Scripts/builtins/__init__.py. |
| * Scripts/wkbuiltins/builtins_generate_combined_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_header.py. |
| * Scripts/wkbuiltins/builtins_generate_internals_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py. |
| * Scripts/wkbuiltins/builtins_generate_separate_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_header.py. |
| * Scripts/wkbuiltins/builtins_generate_separate_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py. |
| * Scripts/wkbuiltins/builtins_generate_wrapper_header.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_header.py. |
| * Scripts/wkbuiltins/builtins_generate_wrapper_implementation.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generate_wrapper_implementation.py. |
| * Scripts/wkbuiltins/builtins_generator.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_generator.py. |
| * Scripts/wkbuiltins/builtins_model.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_model.py. |
| * Scripts/wkbuiltins/builtins_templates.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins_templates.py. |
| * Scripts/wkbuiltins/wkbuiltins.py: Renamed from Source/JavaScriptCore/Scripts/builtins/builtins.py. |
| * JavaScriptCore.xcodeproj/project.pbxproj: Update for the renaming. |
| |
| 2018-09-13 Yusuke Suzuki <yusukesuzuki@slowstart.org> |
| |
| [WebAssembly] Inline WasmContext accessor functions |
| https://bugs.webkit.org/show_bug.cgi?id=189416 |
| |
| Reviewed by Saam Barati. |
| |
| WasmContext accessor functions are very small while it resides in the critical path of |
| JS to Wasm function call. This patch makes them inline to improve performance. |
| This change improves a small benchmark (calling JS to Wasm function 1e7 times) from 320ms to 270ms. |
| |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| * Sources.txt: |
| * interpreter/CallFrame.cpp: |
| * jit/AssemblyHelpers.cpp: |
| * wasm/WasmB3IRGenerator.cpp: |
| * wasm/WasmContextInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmContext.cpp. |
| (JSC::Wasm::Context::useFastTLS): |
| (JSC::Wasm::Context::load const): |
| (JSC::Wasm::Context::store): |
| * wasm/WasmMemoryInformation.cpp: |
| * wasm/WasmModuleParser.cpp: Include <wtf/SHA1.h> due to changes of unified source combinations. |
| * wasm/js/JSToWasm.cpp: |
| * wasm/js/WebAssemblyFunction.cpp: |
| |
| 2018-09-12 David Kilzer <ddkilzer@apple.com> |
| |
| Move JavaScriptCore files to match Xcode project hierarchy |
| <https://webkit.org/b/189574> |
| |
| Reviewed by Filip Pizlo. |
| |
| * API/JSAPIValueWrapper.cpp: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.cpp. |
| * API/JSAPIValueWrapper.h: Rename from Source/JavaScriptCore/runtime/JSAPIValueWrapper.h. |
| * CMakeLists.txt: Update for new path to |
| generateYarrUnicodePropertyTables.py, hasher.py and |
| JSAPIValueWrapper.h. |
| * DerivedSources.make: Ditto. Add missing dependency on |
| hasher.py captured by CMakeLists.txt. |
| * JavaScriptCore.xcodeproj/project.pbxproj: Update for new file |
| reference paths. Add hasher.py library to project. |
| * Sources.txt: Update for new path to |
| JSAPIValueWrapper.cpp. |
| * runtime/JSImmutableButterfly.h: Add missing includes |
| after changes to Sources.txt and regenerating unified |
| sources. |
| * runtime/RuntimeType.h: Ditto. |
| * yarr/generateYarrUnicodePropertyTables.py: Rename from Source/JavaScriptCore/Scripts/generateYarrUnicodePropertyTables.py. |
| * yarr/hasher.py: Rename from Source/JavaScriptCore/Scripts/hasher.py. |
| |
| 2018-09-12 David Kilzer <ddkilzer@apple.com> |
| |
| Let Xcode have its way with the JavaScriptCore project |
| |
| * JavaScriptCore.xcodeproj/project.pbxproj: |
| |
| 2018-09-12 Guillaume Emont <guijemont@igalia.com> |
| |
| Add IGNORE_WARNING_.* macros |
| https://bugs.webkit.org/show_bug.cgi?id=188996 |
| |
| Reviewed by Michael Catanzaro. |
| |
| * API/JSCallbackObject.h: |
| * API/tests/testapi.c: |
| * assembler/LinkBuffer.h: |
| (JSC::LinkBuffer::finalizeCodeWithDisassembly): |
| * b3/B3LowerToAir.cpp: |
| * b3/B3Opcode.cpp: |
| * b3/B3Type.h: |
| * b3/B3TypeMap.h: |
| * b3/B3Width.h: |
| * b3/air/AirArg.cpp: |
| * b3/air/AirArg.h: |
| * b3/air/AirCode.h: |
| * bytecode/Opcode.h: |
| (JSC::padOpcodeName): |
| * dfg/DFGSpeculativeJIT.cpp: |
| (JSC::DFG::SpeculativeJIT::speculateNumber): |
| (JSC::DFG::SpeculativeJIT::speculateMisc): |
| * dfg/DFGSpeculativeJIT64.cpp: |
| * ftl/FTLOutput.h: |
| * jit/CCallHelpers.h: |
| (JSC::CCallHelpers::calculatePokeOffset): |
| * llint/LLIntData.cpp: |
| * llint/LLIntSlowPaths.cpp: |
| (JSC::LLInt::slowPathLogF): |
| * runtime/ConfigFile.cpp: |
| (JSC::ConfigFile::canonicalizePaths): |
| * runtime/JSDataViewPrototype.cpp: |
| * runtime/JSGenericTypedArrayViewConstructor.h: |
| * runtime/JSGenericTypedArrayViewPrototype.h: |
| * runtime/Options.cpp: |
| (JSC::Options::setAliasedOption): |
| * tools/CodeProfiling.cpp: |
| * wasm/WasmSections.h: |
| * wasm/generateWasmValidateInlinesHeader.py: |
| |
| == Rolled over to ChangeLog-2018-09-11 == |
