Google Git
Sign in
webkit / WebKit / e5fb32b0feee281c69a2795efd7eedc666e49978 / . / Source / JavaScriptCore / ChangeLog
blob: b1aa66b119f879a20f89da99c51c7e4ed9d8cd22 [file] [log] [blame]
2022-04-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] PropertyTable should have compact mode
https://bugs.webkit.org/show_bug.cgi?id=239451
Reviewed by Saam Barati.
This patch introduces "compact" version of PropertyTable. PropertyTable needs to hold two kind of integers: index and property offset.
But for most of objects, both are pretty small and they can fit in uint8_t. If we can use uint8_t for both, we can significantly reduce
size of allocated memory for PropertyTable (only 40% of memory is required!). This is good for memory, but also good for performance.
Now each CompactPropertyTableEntry is 8bytes while original PropertyMapEntry was 16bytes, so CompactPropertyTableEntry can fit in CPU cache well.
Also, not allocating large amount of memory can reduce memory allocation / deallocation cost. One of costly destruction of GC-managed objects is
PropertyTable (and CodeBlock), and we can reduce that cost by not allocating much memory.
The approach is following.
1. For index vector, we use uint8_t if index can fit within uint8_t.
2. For proprety offset, we use uint8_t and CompactPropertyTableEntry if it is suitable.
3. Once the table gets non-compact, we keep it non-compact since we could have deleted index which has larger than uint8_t. We could improve this
strategy when deleted indexes are cleared, but for now, we are taking simple approach.
4. We store isCompactFlag 1 bit in the pointer to the table.
5. We encapsulate functions modifying property table entry in PropertyTable itself, so we do not leak internal compact / non-compact mode to the user
of PropertyTable. We remove begin() / end() iterators and instead use forEachproperty, which can implement iteration for each mode more efficiently.
We have a further opportunity to improve this further: we can deploy 75% load factor only for compact table. Then we can increase threshold of
compact table further and keep more and more tables compact mode. Plus, for small sized tables, small backing memory is better in terms of
CPU cache hit (and that's measured in WTF::HashTable, and that's why WTF::Hashtable deploys 75% load factor only for small tables). This is left
for the subsequent change.
This change is neutral in JetStream2, 0.3% improvement in Speedometer2 with 80% confidence, and 0.41% improvement in RAMification with 95% confidence.
* bytecode/ObjectAllocationProfileInlines.h:
(JSC::ObjectAllocationProfileBase<Derived>::initializeProfile):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGSpeculativeJIT.cpp:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* ftl/FTLOperations.cpp:
(JSC::FTL::JSC_DEFINE_JIT_OPERATION):
* runtime/ClonedArguments.h:
* runtime/IteratorOperations.cpp:
(JSC::createIteratorResultObjectStructure):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSONObject.cpp:
(JSC::Stringifier::Holder::appendNextProperty):
* runtime/JSObject.cpp:
(JSC::JSObject::analyzeHeap):
* runtime/JSObject.h:
* runtime/ObjectConstructor.h:
(JSC::constructEmptyObject):
(JSC::createDataPropertyDescriptorObjectStructure):
(JSC::createAccessorPropertyDescriptorObjectStructure):
* runtime/ObjectConstructorInlines.h:
(JSC::objectAssignFast):
* runtime/PropertyOffset.h:
* runtime/PropertySlot.h:
* runtime/PropertyTable.cpp:
(JSC::PropertyTable::PropertyTable):
(JSC::PropertyTable::finishCreation):
(JSC::PropertyTable::visitChildrenImpl):
(JSC::PropertyTable::~PropertyTable):
(JSC::PropertyTable::seal):
(JSC::PropertyTable::freeze):
(JSC::PropertyTable::isSealed const):
(JSC::PropertyTable::isFrozen const):
(JSC::PropertyTable::renumberPropertyOffsets):
(JSC::PropertyTable::forEachPropertyMutable):
* runtime/PropertyTable.h:
(JSC::isPowerOf2):
(JSC::nextPowerOf2):
(JSC::PropertyTable::findImpl):
(JSC::PropertyTable::find):
(JSC::PropertyTable::get):
(JSC::PropertyTable::add):
(JSC::PropertyTable::remove):
(JSC::PropertyTable::take):
(JSC::PropertyTable::updateAttributeIfExists):
(JSC::PropertyTable::sizeInMemory):
(JSC::PropertyTable::reinsert):
(JSC::PropertyTable::rehash):
(JSC::PropertyTable::skipDeletedEntries):
(JSC::PropertyTable::usedCount const):
(JSC::PropertyTable::dataSize):
(JSC::PropertyTable::allocateIndexVector):
(JSC::PropertyTable::allocateZeroedIndexVector):
(JSC::PropertyTable::destroyIndexVector):
(JSC::PropertyTable::canInsert):
(JSC::PropertyTable::forEachProperty const):
(JSC::PropertyTable::begin): Deleted.
(JSC::PropertyTable::end): Deleted.
(JSC::PropertyTable::begin const): Deleted.
(JSC::PropertyTable::end const): Deleted.
(JSC::PropertyTable::table): Deleted.
(JSC::PropertyTable::table const): Deleted.
* runtime/RegExpMatchesArray.h:
* runtime/Structure.cpp:
(JSC::Structure::dumpStatistics):
(JSC::Structure::Structure):
(JSC::Structure::materializePropertyTable):
(JSC::Structure::nonPropertyTransitionSlow):
(JSC::Structure::isSealed):
(JSC::Structure::isFrozen):
(JSC::Structure::flattenDictionaryStructure):
(JSC::PropertyTableStatisticsExitLogger::~PropertyTableStatisticsExitLogger):
(JSC::Structure::getConcurrently):
(JSC::Structure::getPropertiesConcurrently):
(JSC::Structure::getPropertyNamesFromStructure):
(JSC::Structure::toStructureShape):
(JSC::Structure::dump const):
* runtime/Structure.h:
(JSC::CompactPropertyTableEntry::CompactPropertyTableEntry):
(JSC::CompactPropertyTableEntry::key const):
(JSC::CompactPropertyTableEntry::setKey):
(JSC::CompactPropertyTableEntry::offset const):
(JSC::CompactPropertyTableEntry::setOffset):
(JSC::CompactPropertyTableEntry::attributes const):
(JSC::CompactPropertyTableEntry::setAttributes):
(JSC::PropertyTableEntry::PropertyTableEntry):
(JSC::PropertyTableEntry::key const):
(JSC::PropertyTableEntry::setKey):
(JSC::PropertyTableEntry::offset const):
(JSC::PropertyTableEntry::setOffset):
(JSC::PropertyTableEntry::attributes const):
(JSC::PropertyTableEntry::setAttributes):
(JSC::PropertyMapEntry::PropertyMapEntry): Deleted.
* runtime/StructureInlines.h:
(JSC::Structure::get):
(JSC::Structure::forEachPropertyConcurrently):
(JSC::Structure::forEachProperty):
(JSC::Structure::add):
(JSC::Structure::remove):
(JSC::Structure::attributeChange):
2022-04-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Remove TempRegisterSet
https://bugs.webkit.org/show_bug.cgi?id=239578
Reviewed by Mark Lam.
We can always use RegisterSet. TempRegisterSet can save several bytes, but we have no code using TempRegisterSet in
heap-allocated classes. So, this does not make sense anymore. Instead of TempRegisterSet, we will consistently use
RegisterSet to pass register info and ScratchRegisterAllocator to manage allocation of temp / scratch registers.
We also remove the copyCalleeSavesToEntryFrameCalleeSavesBuffer function which takes no scratch register. It was
using TempRegisterSet to allocate a scratch register, but the caller of this function was making assumptions on how
TempRegisterSet will allocate that scratch. This is very fragile and dangerous. We should explicitly pass a scratch
register instead in that case.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::copyLLIntBaselineCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::copyLLIntBaselineCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer): Deleted.
* jit/RegisterSet.h:
* jit/ScratchRegisterAllocator.cpp:
(JSC::ScratchRegisterAllocator::lock):
(JSC::ScratchRegisterAllocator::allocateScratch):
(JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
(JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
* jit/ScratchRegisterAllocator.h:
* jit/TempRegisterSet.cpp: Removed.
* jit/TempRegisterSet.h: Removed.
* jit/ThunkGenerators.cpp:
(JSC::handleExceptionGenerator):
(JSC::handleExceptionWithCallFrameRollbackGenerator):
(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::nativeForGenerator):
(JSC::boundFunctionCallGenerator):
(JSC::remoteFunctionCallGenerator):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
2022-04-21 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r293146.
https://bugs.webkit.org/show_bug.cgi?id=239613
Broke JSC tests. Looks like EWS was blocked by label
<https://bugs.webkit.org/show_bug.cgi?id=239411>
Reverted changeset:
"[JSC] Remove TempRegisterSet"
https://bugs.webkit.org/show_bug.cgi?id=239578
https://commits.webkit.org/r293146
2022-04-20 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Remove TempRegisterSet
https://bugs.webkit.org/show_bug.cgi?id=239578
Reviewed by Mark Lam.
We can always use RegisterSet. TempRegisterSet can save several bytes, but we have no code using TempRegisterSet in
heap-allocated class, so this does not make sense anymore. Instead of TempRegisterSet, we should consistently use
ScratchRegisterAllocator.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::copyLLIntBaselineCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::copyCalleeSavesToEntryFrameCalleeSavesBuffer):
(JSC::AssemblyHelpers::copyLLIntBaselineCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer): Deleted.
* jit/RegisterSet.h:
* jit/ScratchRegisterAllocator.cpp:
(JSC::ScratchRegisterAllocator::lock):
(JSC::ScratchRegisterAllocator::allocateScratch):
(JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
(JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
* jit/ScratchRegisterAllocator.h:
* jit/TempRegisterSet.cpp: Removed.
* jit/TempRegisterSet.h: Removed.
2022-04-20 Yusuke Suzuki <ysuzuki@apple.com>
Fix GPRInfo inconsistency in unlinked DFG bringup
https://bugs.webkit.org/show_bug.cgi?id=239573
Reviewed by Mark Lam.
Previously, we forgot changing GPRInfo::toIndex of x64 so that we got assertion in ScratchRegisterAllocator.
This patch fixes it and test this consistency in testmasm.
It allows unlinked DFG style register usage in x64, so we reenabled it again.
* assembler/testmasm.cpp:
(JSC::testGPRInfoConsistency):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* jit/GPRInfo.h:
(JSC::GPRInfo::toRegister):
(JSC::GPRInfo::toArgumentRegister):
(JSC::GPRInfo::toIndex):
2022-04-20 Zan Dobersek <zdobersek@igalia.com>
Unreviewed, RISC-V build fix.
* assembler/MacroAssemblerRISCV64.h:
(JSC::MacroAssemblerRISCV64::store64):
Add the store64(TrustedImmPtr, Address) overload required after 249798@main.
It constructs a 32-bit or 64-bit TrustedImm value, based on the detected
pointer size, and relays it to the appropriate store64() method.
2022-04-20 Zan Dobersek <zdobersek@igalia.com>
[JSC] Accommodate the RISCV64 C calling convention
https://bugs.webkit.org/show_bug.cgi?id=236367
<rdar://problem/89026012>
Reviewed by Yusuke Suzuki.
The 64-bit RISC-V (RV64) calling convention requires 32-bit arguments
to be sign-extended to fill out the whole 64-bit register, fitting
nicely with different instructions in this ISA that operate on 32-bit
values, and differring from other 64-bit ISAs that provide partial-sized
registers (which are aliased to the whole register).
JSC JIT is tailored to the other ISAs, often taking shortcuts to pack
non-sign-extended values into registers that are then accessed for those
32-bit values through the partial-sized aliases. This can trip up RISC-V
execution when constructing calls that pass 32-bit values to native code
using the C calling convention.
To avoid this, arguments setup done through the CCallHelpers class is
enhanced to, after packing up arguments either into argument registers
or onto the stack, another pass of the argument types for the desired
operation is done, detecting whether the argument was supposed to be
packed into an GPR or an FPR destination. On RV64, when packed into a
GPR argument register that matches a 32-bit argument in the operation,
the additional sign extension is performed on that argument register.
GPR and FPR distinction for a given argument's register type is based
on whether or not the double type is used as the argument's type. All
non-double-typed arguments are passed as GPRs. Additional compile-time
validation is provided to ensure that's the case for every operation
that's having its arguments set up. This is relied upon when traversing
the operation's arguments and indexing every GPR argument along the way.
This approach only accommodates the RV64 calling convention for the
Baseline JIT level. For higher levels, similar but probably different
solutions will have to be crafted.
* jit/CCallHelpers.h:
(JSC::CCallHelpers::finalizeGPRArguments):
(JSC::CCallHelpers::gprArgsCount):
(JSC::CCallHelpers::fprArgsCount):
(JSC::CCallHelpers::setupArgumentsImpl):
(JSC::CCallHelpers::setupArgumentsEntryImpl):
2022-04-20 Mikhail R. Gadelha <mikhail@igalia.com>
Unify calls and checks for CellTag
https://bugs.webkit.org/show_bug.cgi?id=238025
Reviewed by Yusuke Suzuki.
This patch moves all the places where cell tags are written and checked
when branching: this will be needed when implementing the concurrency on
32 bits archs, so we can focus on changing storeCell, branchIfNotCell and
branchIfCell to implement the mutex locks/unlocks.
It also reduces the code size in JetStream2 by ~1% on average on 32
bits platforms.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::store8):
(JSC::MacroAssemblerARMv7::storePair32):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::storePair32):
* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectStrictEquality):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::jitAssertIsCell):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::storeCell):
(JSC::AssemblyHelpers::storeTrustedValue):
(JSC::AssemblyHelpers::branchIfNotCell):
(JSC::AssemblyHelpers::branchIfCell):
* jit/CallFrameShuffler32_64.cpp:
(JSC::CallFrameShuffler::emitStore):
* jit/JSInterfaceJIT.h:
(JSC::JSInterfaceJIT::emitLoadJSCell):
2022-04-19 Michael Saboff <msaboff@apple.com>
Various WebKit tools need to be told about the system content path
https://bugs.webkit.org/show_bug.cgi?id=239516
Reviewed by Ryan Haddad.
Added the INSTALL_PATH_PREFIX to the INSTALL_PATH for TestAPI and the JSC tools.
This will contain the system content path prefix when enabled.
* Configurations/TestAPI.xcconfig:
* Configurations/ToolExecutable.xcconfig:
2022-04-19 Yusuke Suzuki <ysuzuki@apple.com>
REGRESSION(r292372): cloop crashes on s390x
https://bugs.webkit.org/show_bug.cgi?id=238956
Reviewed by Mark Lam.
CodeBlock* is stored without tags. So we should just put it as a pointer without PayloadOffset.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::calleeFrameCodeBlockBeforeCall):
(JSC::AssemblyHelpers::calleeFrameCodeBlockBeforeTailCall):
* jit/ThunkGenerators.cpp:
(JSC::boundFunctionCallGenerator):
(JSC::remoteFunctionCallGenerator):
* llint/LowLevelInterpreter.asm:
2022-04-19 Yusuke Suzuki <ysuzuki@apple.com>
Unreviewed, disable UnlinkedDFG code in x64
https://bugs.webkit.org/show_bug.cgi?id=237863
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* jit/GPRInfo.h:
(JSC::GPRInfo::toRegister):
2022-04-19 Yusuke Suzuki <ysuzuki@apple.com>
Unreviewed, do not use RELEASE_ASSERT_NOT_REACHED in super hot path to suppress warnings
https://bugs.webkit.org/show_bug.cgi?id=239290
* bytecode/PropertyCondition.cpp:
(JSC::watchabilityToConcurrency):
* runtime/JSObject.h:
(JSC::JSObject::getDirect const):
* runtime/Structure.h:
(JSC::Structure::get):
2022-04-19 Martin Robinson <mrobinson@webkit.org>
Fix the address sanitizer build when building with gcc
https://bugs.webkit.org/show_bug.cgi?id=238869
Reviewed by Philippe Normand.
* runtime/ConfigFile.cpp:
(JSC::ConfigFile::ConfigFile):
2022-04-18 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use constants buffer in DFG
https://bugs.webkit.org/show_bug.cgi?id=237863
Reviewed by Saam Barati.
This patch newly introduces LinkableConstant concept. We replace TrustedImmPtr::weakPointer with
that, and it can be switched between two modes: (1) just embedding a constant pointer in machine code
or (2) emitting a load from specific callee-save register. We use (2) for unlinked DFG code so that
we can start decoupling constants from machine code, which will be separately allocated as DFG constant buffer.
To introduce this mechanism, we introduce CCallHelpers::ConstantMaterializer concept, which can be used
to materialize constant in a specified way in CCallHelpers. And we use this to implement DFG LinkableConstant.
We also avoid embedding global object pointer in the tail call by modifying CallFrameShuffler to save it.
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::transfer64):
(JSC::MacroAssemblerARM64::transferPtr):
(JSC::MacroAssemblerARM64::branch64):
(JSC::MacroAssemblerARM64::branchPtr):
* assembler/MacroAssemblerRISCV64.h:
(JSC::MacroAssemblerRISCV64::transfer64):
(JSC::MacroAssemblerRISCV64::transferPtr):
(JSC::MacroAssemblerRISCV64::branch64):
(JSC::MacroAssemblerRISCV64::branchPtr):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::transfer64):
(JSC::MacroAssemblerX86_64::transferPtr):
(JSC::MacroAssemblerX86_64::branch64):
(JSC::MacroAssemblerX86_64::branchPtr):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::setupWithUnlinkedBaselineCode):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::finalizeJITInlineCaches):
(JSC::CodeBlock::getICStatusMap):
(JSC::CodeBlock::findStubInfo):
(JSC::CodeBlock::resetBaselineJITData):
(JSC::CodeBlock::stronglyVisitStrongReferences):
(JSC::CodeBlock::findPC):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::offsetOfJITData):
(JSC::CodeBlock::baselineJITData):
(JSC::CodeBlock::setDFGJITData):
(JSC::CodeBlock::dfgJITData):
(JSC::CodeBlock::offsetOfBaselineJITData): Deleted.
* dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
* dfg/DFGJITCode.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::loadLinkableConstant):
(JSC::DFG::JITCompiler::storeLinkableConstant):
(JSC::DFG::JITCompiler::LinkableConstant::LinkableConstant):
(JSC::DFG::JITCompiler::LinkableConstant::materialize):
(JSC::DFG::JITCompiler::LinkableConstant::store):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::branchLinkableConstant):
(JSC::DFG::JITCompiler::branchWeakPtr): Deleted.
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::addLinkableConstant):
(JSC::DFG::Plan::finalizeJITData):
* dfg/DFGPlan.h:
* dfg/DFGSaneStringGetByValSlowPathGenerator.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitGetCallee):
(JSC::DFG::SpeculativeJIT::silentFill):
(JSC::DFG::SpeculativeJIT::compileDeleteById):
(JSC::DFG::SpeculativeJIT::compileDeleteByVal):
(JSC::DFG::SpeculativeJIT::compileInById):
(JSC::DFG::SpeculativeJIT::compileInByVal):
(JSC::DFG::SpeculativeJIT::compileHasPrivate):
(JSC::DFG::SpeculativeJIT::compilePushWithScope):
(JSC::DFG::SpeculativeJIT::compileStringSlice):
(JSC::DFG::SpeculativeJIT::compileToLowerCase):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileCheckTraps):
(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
(JSC::DFG::SpeculativeJIT::compilePutByVal):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
(JSC::DFG::SpeculativeJIT::compileFromCharCode):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::TrustedImmPtr::TrustedImmPtr):
(JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
(JSC::DFG::SpeculativeJIT::branchLinkableConstant):
(JSC::DFG::SpeculativeJIT::TrustedImmPtr::weakPointer): Deleted.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileArithRandom):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileCompareEqPtr):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitUntypedBranch):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGThunks.cpp:
(JSC::DFG::osrEntryThunkGenerator):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::executableFor): Deleted.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::globalObjectFor): Deleted.
* jit/CCallHelpers.h:
(JSC::CCallHelpers::pokeForArgument):
(JSC::CCallHelpers::setupArgumentsImpl):
* jit/GPRInfo.h:
(JSC::GPRInfo::toRegister):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::emitMaterializeMetadataAndConstantPoolRegisters):
(JSC::JIT::consistencyCheckGenerator):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_catch):
* jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* jit/RegisterSet.cpp:
(JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
(JSC::RegisterSet::dfgCalleeSaveRegisters):
(JSC::RegisterSet::ftlCalleeSaveRegisters):
* llint/LLIntData.h:
* llint/LowLevelInterpreter.asm:
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::offsetOfGlobalThis):
2022-04-18 Mark Lam <mark.lam@apple.com>
The VMTraps signal handler should no return SignalAction::NotHandled on codeBlockSet lock contention.
https://bugs.webkit.org/show_bug.cgi?id=239457
Reviewed by Yusuke Suzuki.
The signal handler is triggered by the mutator thread due to the installed halt
instructions in JIT code (which we already confirmed higher up in the signal handler).
Hence, the mutator cannot be in C++ code, and therefore, cannot be already holding
the codeBlockSet lock. The only time the codeBlockSet lock could be in contention
is if the Sampling Profiler thread is holding it. In that case, we'll simply wait
till the Sampling Profiler is done with it. There are no lock ordering issues w.r.t.
the Sampling Profiler on this code path.
Note that it is not ok to return SignalAction::NotHandled here if we see contention.
Doing so will cause the fault to be handled by the default handler, which will crash.
It is also not productive to return SignalAction::Handled on contention. Doing so
will simply trigger this fault handler over and over again. We might as well wait
for the Sampling Profiler to release the lock, which is what we should do.
This issue was detected by the stress/get-array-length-concurrently-change-mode.js.ftl-no-cjit-validate-sampling-profiler
test, resulting in intermittent crashes.
* runtime/VMTraps.cpp:
2022-04-18 Elliott Williams <emw@apple.com>
[XCBuild] Use XCBuild for all command-line and project builds
https://bugs.webkit.org/show_bug.cgi?id=238916
Reviewed by Alexey Proskuryakov.
Switch to the new build system, without changing anything about our
build order. Make will still build projects one-at-a-time, but this
drops our dependency on the legacy build system.
* JavaScriptCore.xcodeproj/project.pbxproj:
2022-04-16 Mark Lam <mark.lam@apple.com>
Harden JSObject::setPrototypeOf.
https://bugs.webkit.org/show_bug.cgi?id=239440
Reviewed by Yusuke Suzuki.
* runtime/JSObject.cpp:
(JSC::JSObject::setPrototypeDirect):
(JSC::JSObject::setPrototypeWithCycleCheck):
* runtime/JSObject.h:
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorSetPrototypeOf):
2022-04-16 Mark Lam <mark.lam@apple.com>
Fix a deadlock in VMTraps.
https://bugs.webkit.org/show_bug.cgi?id=239421
<rdar://problem/91851592>
Reviewed by Michael Saboff.
The sampling profiler first acquires the codeBlockSet lock followed by the ThreadSuspendLocker.
VMTraps, on the other hand, first acquires the ThreadSuspendLocker followed by the
codeBlockSet lock. As a result, VMTraps can deadlock with the Sampling Profiler
thread, and leave the mutator in a suspended state, or forever blocked on the
codeBlockSet lock.
This was discovered while running the stress/has-indexed-property-with-worsening-array-mode.js.ftl-no-cjit-validate-sampling-profiler
test on a Debug build of jsc on an M1 MBP. Since it requires a race condition to
reproduce, reproducibility is not always reliable.
* runtime/VMTraps.cpp:
(JSC::VMTraps::tryInstallTrapBreakpoints):
2022-04-15 Chris Dumez <cdumez@apple.com>
Leverage StringView in more places to avoid some String allocations
https://bugs.webkit.org/show_bug.cgi?id=239356
Reviewed by Darin Adler.
* inspector/ContentSearchUtilities.cpp:
(Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines):
(Inspector::ContentSearchUtilities::findMagicComment):
* runtime/ExceptionHelpers.cpp:
(JSC::invalidParameterInSourceAppender):
(JSC::invalidParameterInstanceofSourceAppender):
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::formatToParts const):
(JSC::IntlDateTimeFormat::formatRangeToParts):
* runtime/IntlListFormat.cpp:
(JSC::IntlListFormat::formatToParts const):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::formatRangeToPartsInternal):
* tools/FunctionOverrides.cpp:
(JSC::initializeOverrideInfo):
2022-04-15 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Remove VM& parameter from structure related code including jsDyamicCast
https://bugs.webkit.org/show_bug.cgi?id=239362
Reviewed by Darin Adler.
As structure lookup no longer requires VM&, we can remove bunch of VM& parameter from various methods: classInfo, structure, methodTable etc.
And it leads to removing VM& from jsDynamicCast. This is important since this makes it possible to incorporate the underlying mechanism of
WebCore downcast + jsDynamicCast. I like keeping jsDynamicCast name since it is clear that this is JSCell, but we can (1) unify the underlying
implementations and (2) add `static_assert(std::base_v<T, JSCell>)` in jsDynamicCast so that we can keep jsDynamicCast interface.
It also has a chance to avoid unnecessary load of VM& in various places.
We still keep JSXXX::toWrapped's VM& parameter since it is possible that we need VM& for querying wrapped one. Once we are confident that we no
longer need it even in the future, we will remove that too in a separate patch.
We also rename Structure::classInfo to Structure::classInfoForCells, and hiding Structure::classInfo function since JSCell::classInfo and
Structure::classInfoForCellsare different.
* API/APICallbackFunction.h:
(JSC::APICallbackFunction::constructImpl):
* API/APICast.h:
(toJS):
(toJSForGC):
* API/JSAPIGlobalObject.mm:
(JSC::JSAPIGlobalObject::moduleLoaderResolve):
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::finishCreation):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::finishCreation):
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::asCallbackObject):
(JSC::JSCallbackObject<Parent>::finishCreation):
(JSC::JSCallbackObject<Parent>::init):
(JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
(JSC::JSCallbackObject<Parent>::getOwnPropertySlotByIndex):
(JSC::JSCallbackObject<Parent>::customToPrimitive):
(JSC::JSCallbackObject<Parent>::staticFunctionGetterImpl):
* API/JSContext.mm:
(-[JSContext evaluateJSScript:]):
* API/JSContextRef.cpp:
(JSContextGetGlobalObject):
(JSGlobalContextSetUnhandledRejectionCallback):
* API/JSObjectRef.cpp:
(JSObjectGetPrototype):
(JSObjectSetProperty):
(JSObjectSetPropertyForKey):
(JSObjectSetPropertyAtIndex):
(classInfoPrivate):
(JSObjectGetPrivate):
(JSObjectSetPrivate):
(JSObjectGetPrivateProperty):
(JSObjectSetPrivateProperty):
(JSObjectDeletePrivateProperty):
(JSObjectIsFunction):
(JSObjectCallAsFunction):
(JSObjectIsConstructor):
(JSObjectCallAsConstructor):
(JSObjectGetProxyTarget):
* API/JSTypedArray.cpp:
(JSValueGetTypedArrayType):
(JSObjectMakeTypedArrayWithArrayBuffer):
(JSObjectMakeTypedArrayWithArrayBufferAndOffset):
(JSObjectGetTypedArrayBytesPtr):
(JSObjectGetTypedArrayLength):
(JSObjectGetTypedArrayByteLength):
(JSObjectGetTypedArrayByteOffset):
(JSObjectGetTypedArrayBuffer):
(JSObjectGetArrayBufferBytesPtr):
(JSObjectGetArrayBufferByteLength):
* API/JSValue.mm:
(isDate):
(isArray):
(valueToObjectWithoutCopy):
* API/JSValueRef.cpp:
(JSValueIsArray):
(JSValueIsDate):
(JSValueIsObjectOfClass):
(JSValueIsInstanceOfConstructor):
* API/JSWeakObjectMapRefPrivate.cpp:
* API/JSWrapperMap.mm:
(putNonEnumerable):
(copyMethodsToObject):
(tryUnwrapObjcObject):
* API/ObjCCallbackFunction.h:
* API/ObjCCallbackFunction.mm:
(tryUnwrapConstructor):
* API/glib/JSCClass.cpp:
(isWrappedObject):
* API/glib/JSCValue.cpp:
(jsc_value_object_define_property_data):
(jscValueObjectDefinePropertyAccessor):
(jsc_value_is_array_buffer):
(jsc_value_typed_array_get_type):
* API/glib/JSCWrapperMap.cpp:
(JSC::WrapperMap::wrappedObject const):
* API/tests/JSWrapperMapTests.mm:
(+[JSWrapperMapTests testStructureIdentity]):
* bindings/ScriptFunctionCall.cpp:
(Deprecated::ScriptFunctionCall::call):
* bindings/ScriptValue.cpp:
(Inspector::jsToInspectorValue):
* bytecode/AccessCase.cpp:
(JSC::AccessCase::fromStructureStubInfo):
(JSC::AccessCase::generateImpl):
* bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:
(JSC::AdaptiveInferredPropertyValueWatchpointBase::install):
* bytecode/ArrayProfile.cpp:
(JSC::ArrayProfile::observeIndexedRead):
* bytecode/ArrayProfile.h:
* bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::filter):
* bytecode/CallLinkStatus.h:
* bytecode/CallVariant.cpp:
(JSC::CallVariant::filter):
* bytecode/CallVariant.h:
(JSC::CallVariant::internalFunction const):
(JSC::CallVariant::function const):
(JSC::CallVariant::isClosureCall const):
(JSC::CallVariant::executable const):
(JSC::CallVariant::functionExecutable const):
(JSC::CallVariant::nativeExecutable const):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::isConstantOwnedByUnlinkedCodeBlock const):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::determineLiveness):
(JSC::CodeBlock::replacement):
(JSC::CodeBlock::computeCapabilityLevel):
(JSC::CodeBlock::nameForRegister):
* bytecode/GetByStatus.cpp:
(JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
* bytecode/GetByVariant.cpp:
(JSC::GetByVariant::canMergeIntrinsicStructures const):
* bytecode/InByStatus.cpp:
(JSC::InByStatus::computeForStubInfoWithoutExitSiteFeedback):
* bytecode/InternalFunctionAllocationProfile.h:
(JSC::InternalFunctionAllocationProfile::createAllocationStructureFromBase):
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::install):
* bytecode/ObjectAllocationProfileInlines.h:
(JSC::ObjectAllocationProfileBase<Derived>::possibleDefaultPropertyCount):
* bytecode/ObjectPropertyCondition.cpp:
(JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier const):
* bytecode/ObjectPropertyCondition.h:
(JSC::ObjectPropertyCondition::isValidValueForPresence const):
* bytecode/ObjectPropertyConditionSet.cpp:
(JSC::generateConditionsForPropertyMiss):
(JSC::generateConditionsForPropertySetterMiss):
(JSC::generateConditionsForPrototypePropertyHit):
(JSC::generateConditionsForPrototypePropertyHitCustom):
(JSC::generateConditionsForInstanceOf):
(JSC::generateConditionsForPrototypeEquivalenceConcurrently):
(JSC::generateConditionsForPropertyMissConcurrently):
(JSC::generateConditionsForPropertySetterMissConcurrently):
(JSC::prepareChainForCaching):
* bytecode/PolyProtoAccessChain.cpp:
(JSC::PolyProtoAccessChain::tryCreate):
* bytecode/PropertyCondition.cpp:
(JSC::PropertyCondition::isValidValueForAttributes):
(JSC::PropertyCondition::isValidValueForPresence const):
(JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier const):
* bytecode/PropertyCondition.h:
* bytecode/PutByStatus.cpp:
(JSC::PutByStatus::computeForStubInfo):
* bytecode/Repatch.cpp:
(JSC::jsToWasmICCodePtr):
(JSC::actionForCell):
(JSC::tryCacheGetBy):
(JSC::tryCacheArrayGetByVal):
(JSC::tryCachePutBy):
(JSC::tryCacheArrayPutByVal):
(JSC::tryCacheDeleteBy):
(JSC::repatchDeleteBy):
(JSC::tryCacheInBy):
(JSC::repatchInBy):
(JSC::tryCacheHasPrivateBrand):
(JSC::tryCacheCheckPrivateBrand):
(JSC::tryCacheSetPrivateBrand):
(JSC::tryCacheInstanceOf):
(JSC::linkPolymorphicCall):
* bytecode/Repatch.h:
* bytecode/RepatchInlines.h:
(JSC::handleHostCall):
(JSC::linkFor):
(JSC::virtualForWithFunction):
* bytecode/SpeculatedType.cpp:
(JSC::speculationFromStructure):
* bytecode/StructureStubClearingWatchpoint.cpp:
(JSC::StructureTransitionStructureStubClearingWatchpoint::fireInternal):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::visitWeakReferences):
(JSC::StructureStubInfo::propagateTransitions):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::inlineAccessBaseStructure const):
(JSC::StructureStubInfo::inlineAccessBaseStructure): Deleted.
* bytecode/ValueProfile.h:
(JSC::ValueProfileBase::classInfo const):
* debugger/Debugger.cpp:
(JSC::Debugger::attach):
(JSC::Debugger::exception):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::functionName const):
(JSC::DebuggerCallFrame::scope):
(JSC::DebuggerCallFrame::type const):
* debugger/DebuggerScope.cpp:
(JSC::DebuggerScope::create):
(JSC::DebuggerScope::put):
(JSC::DebuggerScope::deleteProperty):
(JSC::DebuggerScope::defineOwnProperty):
(JSC::DebuggerScope::name const):
(JSC::DebuggerScope::location const):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::isToThisAnIdentity):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::filterICStatus):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::mergeOSREntryValue):
* dfg/DFGAdaptiveStructureWatchpoint.cpp:
(JSC::DFG::AdaptiveStructureWatchpoint::install):
* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::refine const):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
(JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
(JSC::DFG::ByteCodeParser::check):
(JSC::DFG::ByteCodeParser::planLoad):
(JSC::DFG::ByteCodeParser::checkPresenceForReplace):
(JSC::DFG::ByteCodeParser::load):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::handlePutByVal):
(JSC::DFG::ByteCodeParser::handleCreateInternalFieldObject):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
(JSC::DFG::ConstantFoldingPhase::tryFoldAsPutByOffset):
* dfg/DFGDesiredWeakReferences.cpp:
(JSC::DFG::DesiredWeakReferences::reallyAdd):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixupMakeRope):
(JSC::DFG::FixupPhase::setSaneChainIfPossible):
* dfg/DFGFrozenValue.h:
(JSC::DFG::FrozenValue::FrozenValue):
(JSC::DFG::FrozenValue::dynamicCast):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::tryGetConstantProperty):
(JSC::DFG::Graph::tryGetConstantClosureVar):
(JSC::DFG::Graph::tryGetFoldableView):
(JSC::DFG::Graph::freeze):
(JSC::DFG::Graph::getRegExpPrototypeProperty):
(JSC::DFG::Graph::isStringPrototypeMethodSane):
(JSC::DFG::Graph::canOptimizeStringObjectAccess):
* dfg/DFGGraph.h:
* dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::tryGetStringImpl const):
(JSC::DFG::LazyJSValue::tryGetString const):
* dfg/DFGLazyJSValue.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::dynamicCastConstant):
* dfg/DFGObjectAllocationSinkingPhase.cpp:
* dfg/DFGOperations.cpp:
(JSC::DFG::putByVal):
(JSC::DFG::getByValObject):
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
(JSC::DFG::defineDataProperty):
(JSC::DFG::defineAccessorProperty):
(JSC::DFG::putDynamicVar):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* dfg/DFGStructureAbstractValue.cpp:
(JSC::DFG::StructureAbstractValue::filterClassInfoSlow):
(JSC::DFG::StructureAbstractValue::isSubClassOf const):
(JSC::DFG::StructureAbstractValue::isNotSubClassOf const):
* dfg/DFGValidate.cpp:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewInternalFieldObject):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAtImpl):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* ftl/FTLOperations.cpp:
(JSC::FTL::JSC_DEFINE_JIT_OPERATION):
* heap/GCAssertions.h:
* heap/Heap.cpp:
(JSC::GatherExtraHeapData::GatherExtraHeapData):
(JSC::GatherExtraHeapData::operator() const):
(JSC::Heap::gatherExtraHeapData):
(JSC::Heap::protectedObjectTypeCounts):
(JSC::Heap::objectTypeCounts):
(JSC::Heap::addCoreConstraints):
* heap/HeapCellType.cpp:
(JSC::DefaultDestroyFunc::operator() const):
* heap/HeapSnapshotBuilder.cpp:
(JSC::HeapSnapshotBuilder::descriptionForCell const):
(JSC::HeapSnapshotBuilder::json):
* heap/SlotVisitor.cpp:
(JSC::validate):
(JSC::SlotVisitor::visitChildren):
* heap/VerifierSlotVisitor.cpp:
(JSC::VerifierSlotVisitor::visitChildren):
* inspector/InjectedScriptManager.cpp:
(Inspector::InjectedScriptManager::createInjectedScript):
* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::finishCreation):
(Inspector::JSInjectedScriptHost::isPromiseRejectedWithNativeGetterTypeError):
(Inspector::JSInjectedScriptHost::subtype):
(Inspector::JSInjectedScriptHost::functionDetails):
(Inspector::JSInjectedScriptHost::getInternalProperties):
(Inspector::JSInjectedScriptHost::proxyTargetValue):
(Inspector::JSInjectedScriptHost::weakMapSize):
(Inspector::JSInjectedScriptHost::weakMapEntries):
(Inspector::JSInjectedScriptHost::weakSetSize):
(Inspector::JSInjectedScriptHost::weakSetEntries):
(Inspector::JSInjectedScriptHost::iteratorEntries):
(Inspector::JSInjectedScriptHost::queryInstances):
* inspector/JSInjectedScriptHost.h:
* inspector/JSInjectedScriptHostPrototype.cpp:
(Inspector::JSInjectedScriptHostPrototype::finishCreation):
(Inspector::JSC_DEFINE_HOST_FUNCTION):
* inspector/JSJavaScriptCallFrame.cpp:
(Inspector::JSJavaScriptCallFrame::finishCreation):
(Inspector::JSJavaScriptCallFrame::caller const):
(Inspector::JSJavaScriptCallFrame::scopeChain const):
* inspector/JSJavaScriptCallFramePrototype.cpp:
(Inspector::JSJavaScriptCallFramePrototype::finishCreation):
(Inspector::JSC_DEFINE_HOST_FUNCTION):
* inspector/ScriptArguments.cpp:
(Inspector::ScriptArguments::getArgumentAtIndexAsString const):
* inspector/ScriptCallStackFactory.cpp:
(Inspector::extractSourceInformationFromException):
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::snapshot):
(Inspector::InspectorHeapAgent::getPreview):
(Inspector::InspectorHeapAgent::getRemoteObject):
* interpreter/CachedCall.h:
(JSC::CachedCall::CachedCall):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::convertToStackOverflowFrame):
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator() const):
(JSC::UnwindFunctor::notifyDebuggerOfUnwinding):
(JSC::sanitizeRemoteFunctionException):
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):
* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::Packet::dump const):
(JSC::ShadowChicken::Frame::dump const):
(JSC::ShadowChicken::update):
* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::Frame::calleeSaveRegistersForUnwinding):
* jit/IntrinsicEmitter.cpp:
(JSC::IntrinsicGetterAccessCase::canEmitIntrinsicGetter):
(JSC::IntrinsicGetterAccessCase::emitIntrinsicGetter):
* jit/JITOperations.cpp:
(JSC::getWrappedValue):
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::setPrivateField):
(JSC::definePrivateField):
(JSC::putByVal):
(JSC::putByValOptimize):
(JSC::directPutByValOptimize):
(JSC::putPrivateNameOptimize):
(JSC::newFunctionCommon):
(JSC::getByVal):
(JSC::deleteById):
(JSC::deleteByVal):
* jsc.cpp:
(JSC_DEFINE_CUSTOM_SETTER):
(JSC_DEFINE_HOST_FUNCTION):
(checkException):
(runJSC):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::performLLIntGetByID):
(JSC::LLInt::getByVal):
(JSC::LLInt::handleHostCall):
(JSC::LLInt::setUpCall):
(JSC::LLInt::llint_throw_stack_overflow_error):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::finishCreation):
(JSC::AbstractModuleRecord::link):
(JSC::AbstractModuleRecord::evaluate):
* runtime/AggregateErrorConstructor.cpp:
(JSC::AggregateErrorConstructor::finishCreation):
* runtime/AggregateErrorPrototype.cpp:
(JSC::AggregateErrorPrototype::finishCreation):
* runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::notifyDetaching):
* runtime/ArrayConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/ArrayIteratorPrototype.cpp:
(JSC::ArrayIteratorPrototype::finishCreation):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
(JSC::setLength):
(JSC::speciesWatchpointIsValid):
(JSC::holesMustForwardToPrototype):
(JSC::fastJoin):
(JSC::canUseDefaultArrayJoinForToString):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::toLocaleString):
(JSC::fastIndexOf):
(JSC::moveElements):
* runtime/AsyncFromSyncIteratorPrototype.cpp:
(JSC::AsyncFromSyncIteratorPrototype::finishCreation):
* runtime/AsyncFunctionPrototype.cpp:
(JSC::AsyncFunctionPrototype::finishCreation):
* runtime/AsyncGeneratorFunctionPrototype.cpp:
(JSC::AsyncGeneratorFunctionPrototype::finishCreation):
* runtime/AsyncGeneratorPrototype.cpp:
(JSC::AsyncGeneratorPrototype::finishCreation):
* runtime/AsyncIteratorPrototype.cpp:
(JSC::AsyncIteratorPrototype::finishCreation):
* runtime/AtomicsObject.cpp:
(JSC::AtomicsObject::finishCreation):
* runtime/BatchedTransitionOptimizer.h:
(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
* runtime/BigIntConstructor.cpp:
(JSC::BigIntConstructor::finishCreation):
* runtime/BigIntObject.cpp:
(JSC::BigIntObject::finishCreation):
* runtime/BigIntPrototype.cpp:
(JSC::BigIntPrototype::finishCreation):
(JSC::toThisBigIntValue):
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::finishCreation):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/CachedSpecialPropertyAdaptiveStructureWatchpoint.cpp:
(JSC::CachedSpecialPropertyAdaptiveStructureWatchpoint::install):
* runtime/CachedTypes.cpp:
(JSC::CachedJSValue::encode):
(JSC::encodeCodeBlock):
* runtime/CallData.cpp:
(JSC::call):
* runtime/CellSize.h:
(JSC::cellSize):
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::createEmpty):
(JSC::ClonedArguments::createWithInlineFrame):
(JSC::ClonedArguments::createWithMachineFrame):
(JSC::ClonedArguments::createByCopyingFrom):
(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::materializeSpecials):
* runtime/CodeCache.cpp:
(JSC::CodeCacheMap::pruneSlowCase):
(JSC::CodeCache::write):
(JSC::writeCodeBlock):
* runtime/CodeCache.h:
* runtime/CommonSlowPaths.cpp:
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):
(JSC::createInternalFieldObject):
(JSC::iteratorNextTryFastImpl):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::opInByVal):
(JSC::CommonSlowPaths::originalStructureBeforePut):
(JSC::CommonSlowPaths::putDirectWithReify):
(JSC::CommonSlowPaths::putDirectAccessorWithReify):
* runtime/CommonSlowPathsInlines.h:
(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
* runtime/ConsoleObject.cpp:
(JSC::ConsoleObject::finishCreation):
* runtime/ConstructData.cpp:
(JSC::construct):
* runtime/DateConstructor.cpp:
(JSC::constructDate):
* runtime/DateInstance.cpp:
(JSC::DateInstance::finishCreation):
* runtime/DatePrototype.cpp:
(JSC::formateDateInstance):
(JSC::DatePrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::setNewValueFromTimeArgs):
(JSC::setNewValueFromDateArgs):
* runtime/DeferredWorkTimer.cpp:
(JSC::DeferredWorkTimer::doWork):
* runtime/DirectArguments.h:
* runtime/Error.cpp:
(JSC::getStackTrace):
(JSC::addErrorInfo):
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::finishCreation):
(JSC::ErrorInstance::sanitizedNameString):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototypeBase::finishCreation):
* runtime/ExceptionHelpers.cpp:
(JSC::errorDescriptionForValue):
(JSC::createError):
(JSC::createInvalidFunctionApplyParameterError):
* runtime/FinalizationRegistryConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/FinalizationRegistryPrototype.cpp:
(JSC::FinalizationRegistryPrototype::finishCreation):
(JSC::getFinalizationRegistry):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
(JSC::RetrieveCallerFunctionFunctor::operator() const):
(JSC::JSC_DEFINE_CUSTOM_SETTER):
* runtime/GeneratorFunctionPrototype.cpp:
(JSC::GeneratorFunctionPrototype::finishCreation):
* runtime/GeneratorPrototype.cpp:
(JSC::GeneratorPrototype::finishCreation):
* runtime/GenericArgumentsInlines.h:
(JSC::GenericArguments<Type>::getOwnPropertySlot):
* runtime/GetterSetter.cpp:
(JSC::GetterSetter::callGetter):
(JSC::GetterSetter::callSetter):
* runtime/GetterSetter.h:
* runtime/HasOwnPropertyCache.h:
(JSC::HasOwnPropertyCache::tryAdd):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
(JSC::InternalFunction::createSubclassStructure):
(JSC::getFunctionRealm):
* runtime/IntlCollator.cpp:
(JSC::IntlCollator::finishCreation):
* runtime/IntlCollatorPrototype.cpp:
(JSC::IntlCollatorPrototype::finishCreation):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::finishCreation):
* runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::IntlDateTimeFormatPrototype::finishCreation):
(JSC::IntlDateTimeFormat::handleDateTimeValue):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlDisplayNames.cpp:
(JSC::IntlDisplayNames::finishCreation):
* runtime/IntlDisplayNamesPrototype.cpp:
(JSC::IntlDisplayNamesPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlListFormat.cpp:
(JSC::IntlListFormat::finishCreation):
* runtime/IntlListFormatPrototype.cpp:
(JSC::IntlListFormatPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlLocale.cpp:
(JSC::IntlLocale::finishCreation):
(JSC::IntlLocale::initializeLocale):
* runtime/IntlLocalePrototype.cpp:
(JSC::IntlLocalePrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::finishCreation):
* runtime/IntlNumberFormatPrototype.cpp:
(JSC::IntlNumberFormatPrototype::finishCreation):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlObject.cpp:
(JSC::createCollatorConstructor):
(JSC::createDateTimeFormatConstructor):
(JSC::createDisplayNamesConstructor):
(JSC::createListFormatConstructor):
(JSC::createLocaleConstructor):
(JSC::createNumberFormatConstructor):
(JSC::createPluralRulesConstructor):
(JSC::createRelativeTimeFormatConstructor):
(JSC::createSegmenterConstructor):
(JSC::IntlObject::finishCreation):
(JSC::canonicalizeLocaleList):
* runtime/IntlObjectInlines.h:
(JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
(JSC::unwrapForLegacyIntlConstructor):
* runtime/IntlPluralRules.cpp:
(JSC::IntlPluralRules::finishCreation):
* runtime/IntlPluralRulesPrototype.cpp:
(JSC::IntlPluralRulesPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlRelativeTimeFormat.cpp:
(JSC::IntlRelativeTimeFormat::finishCreation):
* runtime/IntlRelativeTimeFormatPrototype.cpp:
(JSC::IntlRelativeTimeFormatPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlSegmentIterator.cpp:
(JSC::IntlSegmentIterator::finishCreation):
* runtime/IntlSegmentIteratorPrototype.cpp:
(JSC::IntlSegmentIteratorPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlSegmenter.cpp:
(JSC::IntlSegmenter::finishCreation):
* runtime/IntlSegmenterPrototype.cpp:
(JSC::IntlSegmenterPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IntlSegments.cpp:
(JSC::IntlSegments::finishCreation):
* runtime/IntlSegmentsPrototype.cpp:
(JSC::IntlSegmentsPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/IteratorOperations.cpp:
(JSC::iteratorNext):
(JSC::iteratorClose):
(JSC::iteratorForIterable):
(JSC::getIterationMode):
* runtime/IteratorPrototype.cpp:
(JSC::IteratorPrototype::finishCreation):
* runtime/JSArray.cpp:
(JSC::JSArray::eagerlyInitializeButterfly):
(JSC::JSArray::unshiftCountSlowCase):
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::fastSlice):
(JSC::JSArray::shiftCountWithArrayStorage):
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithArrayStorage):
(JSC::JSArray::isIteratorProtocolFastAndNonObservable):
* runtime/JSArray.h:
(JSC::JSArray::finishCreation):
(JSC::asArray):
(JSC::isJSArray):
* runtime/JSArrayBuffer.h:
(JSC::toPossiblySharedArrayBuffer):
* runtime/JSArrayBufferConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSArrayBufferPrototype.cpp:
(JSC::arrayBufferSpeciesConstructorSlow):
(JSC::arrayBufferSlice):
(JSC::arrayBufferByteLength):
* runtime/JSArrayBufferPrototypeInlines.h:
(JSC::speciesWatchpointIsValid):
(JSC::arrayBufferSpeciesConstructor):
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::finishCreation):
(JSC::JSArrayBufferView::unsharedJSBuffer):
(JSC::JSArrayBufferView::possiblySharedJSBuffer):
(JSC::JSArrayBufferView::slowDownAndWasteMemory):
(JSC::validateTypedArray):
* runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::toWrapped):
(JSC::JSArrayBufferView::toWrappedAllowShared):
* runtime/JSArrayInlines.h:
(JSC::JSArray::canFastCopy):
(JSC::JSArray::canDoFastIndexedAccess):
(JSC::JSArray::pushInline):
* runtime/JSAsyncFunction.cpp:
(JSC::JSAsyncFunction::createImpl):
(JSC::JSAsyncFunction::create):
(JSC::JSAsyncFunction::createWithInvalidatedReallocationWatchpoint):
* runtime/JSAsyncGeneratorFunction.cpp:
(JSC::JSAsyncGeneratorFunction::createImpl):
(JSC::JSAsyncGeneratorFunction::create):
(JSC::JSAsyncGeneratorFunction::createWithInvalidatedReallocationWatchpoint):
* runtime/JSBoundFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::getBoundFunctionStructure):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::finishCreation):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitive):
(JSC::JSValue::dumpInContextAssumingStructure const):
(JSC::JSValue::dumpForBacktrace const):
(JSC::JSValue::toWTFStringForConsole const):
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::isCallable const):
(JSC::JSValue::isCallableWithConcurrency const):
(JSC::JSValue::isConstructor const):
(JSC::JSValue::isConstructorWithConcurrency const):
(JSC::JSValue::inherits const):
(JSC::JSValue::classInfoOrNull const):
(JSC::JSValue::toThis const):
(JSC::JSValue::put):
(JSC::JSValue::putByIndex):
(JSC::JSValue::structureOrNull const):
(JSC::JSValue::equalSlowCaseInline):
* runtime/JSCallee.cpp:
(JSC::JSCallee::finishCreation):
* runtime/JSCast.h:
(JSC::jsCast):
(JSC::JSCastingHelpers::FinalTypeDispatcher::inheritsGeneric):
(JSC::JSCastingHelpers::inheritsJSTypeImpl):
(JSC::JSCastingHelpers::InheritsTraits::inherits):
(JSC::JSCastingHelpers::inherits):
(JSC::jsDynamicCast):
(JSC::jsSecureCast):
* runtime/JSCell.cpp:
(JSC::JSCell::dump const):
(JSC::JSCell::dumpToStream):
(JSC::JSCell::estimatedSizeInBytes const):
(JSC::JSCell::put):
(JSC::JSCell::putByIndex):
(JSC::JSCell::deleteProperty):
(JSC::JSCell::deletePropertyByIndex):
(JSC::JSCell::className const):
* runtime/JSCell.h:
* runtime/JSCellInlines.h:
(JSC::JSCell::visitChildrenImpl):
(JSC::JSCell::isCallableWithConcurrency):
(JSC::JSCell::isConstructorWithConcurrency):
(JSC::JSCell::isCallable):
(JSC::JSCell::isConstructor):
(JSC::JSCell::setStructure):
(JSC::JSCell::methodTable const):
(JSC::JSCell::inherits const):
(JSC::JSCell::classInfo const):
(JSC::JSCell::toBoolean const):
(JSC::JSCell::putInline):
* runtime/JSCustomGetterFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSDataViewPrototype.cpp:
(JSC::JSDataViewPrototype::finishCreation):
(JSC::getData):
(JSC::setData):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/JSDestructibleObject.h:
(JSC::JSDestructibleObject::JSDestructibleObject):
* runtime/JSFinalizationRegistry.cpp:
(JSC::JSFinalizationRegistry::finishCreation):
(JSC::JSFinalizationRegistry::registerTarget):
* runtime/JSFunction.cpp:
(JSC::JSFunction::create):
(JSC::JSFunction::finishCreation):
(JSC::JSFunction::name):
(JSC::JSFunction::toString):
(JSC::getCalculatedDisplayName):
(JSC::JSFunction::reifyLength):
(JSC::JSFunction::reifyLazyPropertyIfNeeded):
(JSC::JSFunction::reifyLazyPropertyForHostOrBuiltinIfNeeded):
(JSC::JSFunction::reifyLazyBoundNameIfNeeded):
(JSC::JSFunction::assertTypeInfoFlagInvariants):
* runtime/JSFunction.h:
(JSC::JSFunction::createImpl):
* runtime/JSFunctionInlines.h:
(JSC::JSFunction::createWithInvalidatedReallocationWatchpoint):
(JSC::JSFunction::isRemoteFunction const):
(JSC::isRemoteFunction):
(JSC::JSFunction::asStringConcurrently const):
* runtime/JSGeneratorFunction.cpp:
(JSC::JSGeneratorFunction::createImpl):
(JSC::JSGeneratorFunction::create):
(JSC::JSGeneratorFunction::createWithInvalidatedReallocationWatchpoint):
* runtime/JSGenericTypedArrayView.h:
(JSC::toPossiblySharedNativeTypedView):
* runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::constructCustomArrayBufferIfNeeded):
(JSC::constructGenericTypedArrayViewWithArguments):
(JSC::constructGenericTypedArrayViewImpl):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::set):
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::speciesConstruct):
(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewProtoFuncSlice):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
* runtime/JSGenericTypedArrayViewPrototypeInlines.h:
(JSC::JSGenericTypedArrayViewPrototype<ViewClass>::finishCreation):
* runtime/JSGlobalObject.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::setupAdaptiveWatchpoint):
(JSC::JSGlobalObject::init):
(JSC::lastInPrototypeChain):
(JSC::JSGlobalObject::haveABadTime):
(JSC::JSGlobalObject::fixupPrototypeChainWithObjectPrototype):
(JSC::JSGlobalObject::resetPrototype):
(JSC::JSGlobalObject::tryInstallSpeciesWatchpoint):
(JSC::JSGlobalObject::finishCreation):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::isOriginalTypedArrayStructure):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::arrayPrototypeChainIsSane):
(JSC::JSGlobalObject::stringPrototypeChainIsSane):
* runtime/JSInternalPromise.cpp:
(JSC::JSInternalPromise::then):
* runtime/JSLexicalEnvironment.cpp:
(JSC::JSLexicalEnvironment::getOwnPropertySlot):
(JSC::JSLexicalEnvironment::put):
* runtime/JSMap.cpp:
(JSC::JSMap::isIteratorProtocolFastAndNonObservable):
* runtime/JSMicrotask.cpp:
(JSC::JSMicrotask::run):
* runtime/JSModuleEnvironment.cpp:
(JSC::JSModuleEnvironment::getOwnPropertySlot):
* runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::finishCreation):
(JSC::JSModuleLoader::dependencyKeysIfEvaluated):
(JSC::JSModuleLoader::provideFetch):
(JSC::JSModuleLoader::loadAndEvaluateModule):
(JSC::JSModuleLoader::loadModule):
(JSC::JSModuleLoader::linkAndEvaluateModule):
(JSC::JSModuleLoader::requestImportModule):
(JSC::JSModuleLoader::evaluateNonVirtual):
(JSC::JSModuleLoader::getModuleNamespaceObject):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::finishCreation):
* runtime/JSModuleNamespaceObject.h:
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::finishCreation):
* runtime/JSNativeStdFunction.cpp:
(JSC::JSNativeStdFunction::finishCreation):
* runtime/JSONObject.cpp:
(JSC::JSONObject::finishCreation):
(JSC::unwrapBoxedPrimitive):
(JSC::Stringifier::Stringifier):
(JSC::Stringifier::toJSON):
(JSC::Stringifier::appendStringifiedValue):
(JSC::Stringifier::Holder::appendNextProperty):
(JSC::Walker::walk):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSObject.cpp:
(JSC::JSObject::visitButterflyImpl):
(JSC::JSObject::estimatedSize):
(JSC::JSObject::calculatedClassName):
(JSC::JSObject::getOwnPropertySlotByIndex):
(JSC::ordinarySetSlow):
(JSC::JSObject::putInlineSlow):
(JSC::definePropertyOnReceiverSlow):
(JSC::JSObject::definePropertyOnReceiver):
(JSC::JSObject::putInlineFastReplacingStaticPropertyIfNeeded):
(JSC::JSObject::putByIndex):
(JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
(JSC::JSObject::notifyPresenceOfIndexedAccessors):
(JSC::JSObject::createInitialIndexedStorage):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::createInitialArrayStorage):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToContiguous):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToContiguous):
(JSC::JSObject::convertDoubleToArrayStorage):
(JSC::JSObject::convertContiguousToArrayStorage):
(JSC::JSObject::convertFromCopyOnWrite):
(JSC::JSObject::tryMakeWritableInt32Slow):
(JSC::JSObject::tryMakeWritableDoubleSlow):
(JSC::JSObject::tryMakeWritableContiguousSlow):
(JSC::JSObject::ensureArrayStorageSlow):
(JSC::JSObject::switchToSlowPutArrayStorage):
(JSC::JSObject::setPrototypeDirect):
(JSC::JSObject::setPrototypeWithCycleCheck):
(JSC::JSObject::getPrototype):
(JSC::JSObject::setPrototype):
(JSC::JSObject::putDirectCustomAccessor):
(JSC::JSObject::putDirectNonIndexAccessor):
(JSC::JSObject::hasEnumerableProperty const):
(JSC::JSObject::deleteProperty):
(JSC::callToPrimitiveFunction):
(JSC::JSObject::ordinaryToPrimitive const):
(JSC::JSObject::getOwnStaticPropertySlot):
(JSC::JSObject::findPropertyHashEntry const):
(JSC::JSObject::hasInstance):
(JSC::JSObject::getPropertyNames):
(JSC::JSObject::getOwnNonIndexPropertyNames):
(JSC::JSObject::seal):
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::isExtensible):
(JSC::JSObject::reifyAllStaticProperties):
(JSC::JSObject::fillGetterPropertySlot):
(JSC::canDoFastPutDirectIndex):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::putByIndexBeyondVectorLength):
(JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::putDirectIndexSlowOrBeyondVectorLength):
(JSC::JSObject::getNewVectorLength):
(JSC::JSObject::increaseVectorLength):
(JSC::JSObject::ensureLengthSlow):
(JSC::JSObject::reallocateAndShrinkButterfly):
(JSC::JSObject::allocateMoreOutOfLineStorage):
(JSC::JSObject::getOwnPropertyDescriptor):
(JSC::JSObject::convertToDictionary):
(JSC::JSObject::convertToUncacheableDictionary):
(JSC::JSObject::shiftButterflyAfterFlattening):
(JSC::JSObject::getEnumerableLength):
(JSC::JSObject::getMethod):
(JSC::JSObject::anyObjectInChainMayInterceptIndexedAccesses const):
(JSC::JSObject::needsSlowPutIndexing const):
(JSC::JSObject::suggestedArrayStorageTransition const):
* runtime/JSObject.h:
(JSC::JSObject::putByIndexInline):
(JSC::JSObject::hasIndexingHeader const):
(JSC::JSObject::getDirectIndex):
(JSC::JSObject::getDirect const):
(JSC::JSObject::getDirectOffset):
(JSC::JSObject::hasCustomProperties):
(JSC::JSObject::hasGetterSetterProperties):
(JSC::JSObject::hasCustomGetterSetterProperties):
(JSC::JSObject::hasNonReifiedStaticProperties):
(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isStructureExtensible):
(JSC::JSObject::indexingShouldBeSparse):
(JSC::JSObject::staticPropertiesReified):
(JSC::JSObject::flattenDictionaryObject):
(JSC::JSObject::finishCreation):
(JSC::JSNonFinalObject::finishCreation):
(JSC::JSObject::getPrototypeDirect const):
(JSC::JSObject::getPrototype):
(JSC::JSObject::getOwnNonIndexPropertySlot):
(JSC::JSObject::fillCustomGetterPropertySlot):
(JSC::JSObject::getOwnPropertySlotImpl):
(JSC::JSObject::butterflyPreCapacity):
(JSC::JSObject::butterflyTotalSize):
* runtime/JSObjectInlines.h:
(JSC::JSObject::canPerformFastPutInlineExcludingProto):
(JSC::JSObject::canPerformFastPutInline):
(JSC::JSObject::getPropertySlot):
(JSC::JSObject::getNonIndexPropertySlot):
(JSC::JSObject::getOwnPropertySlotInline):
(JSC::JSObject::mayInterceptIndexedAccesses):
(JSC::JSObject::putInlineForJSObject):
(JSC::JSObject::createDataProperty):
(JSC::JSObject::hasOwnProperty const):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::validatePutOwnDataProperty):
(JSC::getCallData):
(JSC::getConstructData):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::getPrivateFieldSlot):
(JSC::JSObject::hasPrivateField):
(JSC::JSObject::getNonReifiedStaticPropertyNames):
(JSC::JSObject::hasPrivateBrand):
(JSC::JSObject::checkPrivateBrand):
(JSC::JSObject::setPrivateBrand):
* runtime/JSPromise.cpp:
(JSC::JSPromise::createNewPromiseCapability):
(JSC::JSPromise::resolvedPromise):
(JSC::callFunction):
(JSC::JSPromise::resolve):
(JSC::JSPromise::reject):
(JSC::JSPromise::performPromiseThen):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::getEnumerablePropertyNames):
* runtime/JSPropertyNameEnumerator.h:
(JSC::propertyNameEnumerator):
* runtime/JSProxy.cpp:
(JSC::JSProxy::setTarget):
(JSC::JSProxy::getOwnPropertySlot):
(JSC::JSProxy::getOwnPropertySlotByIndex):
(JSC::JSProxy::put):
(JSC::JSProxy::putByIndex):
(JSC::JSProxy::defineOwnProperty):
(JSC::JSProxy::deleteProperty):
(JSC::JSProxy::isExtensible):
(JSC::JSProxy::preventExtensions):
(JSC::JSProxy::deletePropertyByIndex):
(JSC::JSProxy::getOwnPropertyNames):
(JSC::JSProxy::setPrototype):
(JSC::JSProxy::getPrototype):
* runtime/JSRemoteFunction.cpp:
(JSC::wrapValue):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSRemoteFunction::tryCreate):
(JSC::JSRemoteFunction::finishCreation):
* runtime/JSScope.cpp:
(JSC::abstractAccess):
(JSC::JSScope::resolve):
(JSC::JSScope::resolveScopeForHoistingFuncDeclInEval):
(JSC::JSScope::symbolTable):
* runtime/JSScope.h:
* runtime/JSSet.cpp:
(JSC::JSSet::isIteratorProtocolFastAndNonObservable):
* runtime/JSString.cpp:
(JSC::JSString::dumpToStream):
* runtime/JSStringIterator.cpp:
(JSC::JSStringIterator::finishCreation):
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSTypedArrayViewPrototype::finishCreation):
* runtime/Lookup.cpp:
(JSC::reifyStaticAccessor):
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
(JSC::getStaticPropertySlotFromTable):
(JSC::reifyStaticProperty):
* runtime/MapConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/MapIteratorPrototype.cpp:
(JSC::MapIteratorPrototype::finishCreation):
* runtime/MapPrototype.cpp:
(JSC::MapPrototype::finishCreation):
(JSC::getMap):
* runtime/MathObject.cpp:
(JSC::MathObject::finishCreation):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructorBase::finishCreation):
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::finishCreation):
* runtime/NumberObject.cpp:
(JSC::NumberObject::finishCreation):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::finishCreation):
(JSC::toThisNumber):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetOwnPropertyDescriptors):
(JSC::objectAssignGeneric):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::toPropertyDescriptor):
(JSC::defineProperties):
(JSC::setIntegrityLevel):
(JSC::testIntegrityLevel):
(JSC::objectConstructorSeal):
(JSC::objectConstructorFreeze):
(JSC::ownPropertyKeys):
* runtime/ObjectConstructorInlines.h:
(JSC::objectAssignFast):
* runtime/ObjectInitializationScope.cpp:
(JSC::ObjectInitializationScope::verifyPropertiesAreInitialized):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::finishCreation):
(JSC::objectPrototypeHasOwnProperty):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::inferBuiltinTag):
(JSC::objectPrototypeToString):
* runtime/Operations.cpp:
(JSC::jsTypeStringForValueWithConcurrency):
(JSC::normalizePrototypeChain):
* runtime/Operations.h:
(JSC::jsTypeofIsObjectWithConcurrency):
(JSC::jsTypeofIsFunctionWithConcurrency):
* runtime/ProgramExecutable.cpp:
(JSC::ProgramExecutable::initializeGlobalProperties):
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::customGetter const):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::structureForTarget):
(JSC::ProxyObject::finishCreation):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::put):
(JSC::ProxyObject::putByIndexCommon):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::ProxyObject::deleteProperty):
(JSC::ProxyObject::deletePropertyByIndex):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
* runtime/ReflectObject.cpp:
(JSC::ReflectObject::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::finishCreation):
(JSC::constructRegExp):
* runtime/RegExpConstructor.h:
(JSC::isRegExp):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::finishCreation):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/RegExpStringIteratorPrototype.cpp:
(JSC::RegExpStringIteratorPrototype::finishCreation):
* runtime/RuntimeType.cpp:
(JSC::runtimeTypeForValue):
* runtime/RuntimeType.h:
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::processUnverifiedStackTraces):
(JSC::SamplingProfiler::StackFrame::nameFromCallee):
(JSC::SamplingProfiler::reportTopBytecodes):
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::hasClearableCode const):
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
(JSC::ScriptExecutable::prepareForExecutionImpl):
(JSC::ScriptExecutable::overrideLineNumber const):
(JSC::ScriptExecutable::typeProfilingStartOffset const):
(JSC::ScriptExecutable::typeProfilingEndOffset const):
* runtime/ScriptExecutable.h:
* runtime/SetConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/SetIteratorPrototype.cpp:
(JSC::SetIteratorPrototype::finishCreation):
* runtime/SetPrototype.cpp:
(JSC::SetPrototype::finishCreation):
(JSC::getSet):
* runtime/ShadowRealmObject.cpp:
(JSC::ShadowRealmObject::finishCreation):
* runtime/ShadowRealmPrototype.cpp:
(JSC::ShadowRealmPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/SparseArrayValueMap.cpp:
(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayValueMap::putDirect):
* runtime/StringIteratorPrototype.cpp:
(JSC::StringIteratorPrototype::finishCreation):
* runtime/StringObject.cpp:
(JSC::StringObject::finishCreation):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
(JSC::replaceUsingRegExpSearch):
(JSC::replaceUsingStringSearch):
(JSC::replace):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyTable):
(JSC::Structure::holesMustForwardToPrototype const):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::toStructureShape):
(JSC::Structure::dump const):
(JSC::Structure::dumpBrief const):
(JSC::Structure::findPropertyHashEntry const):
* runtime/Structure.h:
(JSC::Structure::classInfoForCells const):
(JSC::Structure::previousID const):
(JSC::Structure::totalStorageCapacity const):
(JSC::Structure::classInfo const): Deleted.
* runtime/StructureCache.cpp:
(JSC::StructureCache::emptyStructureForPrototypeFromBaseStructure):
* runtime/StructureChain.cpp:
(JSC::StructureChain::create):
(JSC::StructureChain::finishCreation):
* runtime/StructureInlines.h:
(JSC::Structure::create):
(JSC::Structure::get):
(JSC::Structure::prototypeChain const):
(JSC::Structure::isValid const):
(JSC::Structure::shouldConvertToPolyProto):
* runtime/StructureRareData.cpp:
(JSC::StructureRareData::cacheSpecialPropertySlow):
* runtime/Symbol.cpp:
(JSC::Symbol::finishCreation):
* runtime/SymbolObject.cpp:
(JSC::SymbolObject::finishCreation):
* runtime/SymbolPrototype.cpp:
(JSC::SymbolPrototype::finishCreation):
(JSC::tryExtractSymbol):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/TemporalCalendarPrototype.cpp:
(JSC::TemporalCalendarPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::defaultMergeFields):
* runtime/TemporalDuration.cpp:
(JSC::TemporalDuration::finishCreation):
(JSC::TemporalDuration::fromDurationLike):
(JSC::TemporalDuration::toTemporalDuration):
(JSC::TemporalDuration::from):
* runtime/TemporalDurationPrototype.cpp:
(JSC::TemporalDurationPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/TemporalInstant.cpp:
* runtime/TemporalInstantPrototype.cpp:
(JSC::TemporalInstantPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/TemporalNow.cpp:
(JSC::TemporalNow::finishCreation):
* runtime/TemporalObject.cpp:
(JSC::createCalendarConstructor):
(JSC::createNowObject):
(JSC::createDurationConstructor):
(JSC::createInstantConstructor):
(JSC::createPlainDateConstructor):
(JSC::createPlainTimeConstructor):
(JSC::createTimeZoneConstructor):
(JSC::TemporalObject::finishCreation):
* runtime/TemporalPlainDate.cpp:
(JSC::TemporalPlainDate::finishCreation):
* runtime/TemporalPlainDateConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/TemporalPlainDatePrototype.cpp:
(JSC::TemporalPlainDatePrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/TemporalPlainTime.cpp:
(JSC::TemporalPlainTime::finishCreation):
(JSC::getTemporalCalendarWithISODefault):
(JSC::TemporalPlainTime::from):
(JSC::TemporalPlainTime::with const):
* runtime/TemporalPlainTimeConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/TemporalPlainTimePrototype.cpp:
(JSC::TemporalPlainTimePrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/TemporalTimeZonePrototype.cpp:
(JSC::TemporalTimeZonePrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/TestRunnerUtils.cpp:
(JSC::getExecutableForFunction):
* runtime/ThrowScope.cpp:
(JSC::ThrowScope::throwException):
* runtime/TypeProfilerLog.cpp:
(JSC::TypeProfilerLog::processLogEntries):
* runtime/VM.cpp:
(JSC::VM::throwException):
(JSC::VM::callPromiseRejectionCallback):
* runtime/WeakMapConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/WeakMapPrototype.cpp:
(JSC::WeakMapPrototype::finishCreation):
(JSC::getWeakMap):
* runtime/WeakObjectRefPrototype.cpp:
(JSC::WeakObjectRefPrototype::finishCreation):
(JSC::getWeakRef):
* runtime/WeakSetConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/WeakSetPrototype.cpp:
(JSC::WeakSetPrototype::finishCreation):
(JSC::getWeakSet):
* tools/CellProfile.h:
(JSC::CellProfile::CellProfile):
* tools/HeapVerifier.cpp:
(JSC::HeapVerifier::validateJSCell):
(JSC::HeapVerifier::reportCell):
* tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::getExecutableForFunction):
(JSC::codeBlockFromArg):
(JSC::callWithStackSizeProbeFunction):
(JSC::JSC_DEFINE_HOST_FUNCTION_WITH_ATTRIBUTES):
(JSC::JSDollarVM::finishCreation):
* tools/VMInspector.cpp:
(JSC::VMInspector::dumpCellMemoryToStream):
* tools/VMInspector.h:
* tools/VMInspectorInlines.h:
(JSC::VMInspector::verifyCellSize):
(JSC::VMInspector::verifyCell):
* wasm/WasmGlobal.cpp:
(JSC::Wasm::Global::set):
* wasm/WasmInstance.cpp:
(JSC::Wasm::Instance::setFunctionWrapper):
(JSC::Wasm::Instance::initElementSegment):
* wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
(JSC::Wasm::setWasmTableElement):
* wasm/WasmSlowPaths.cpp:
(JSC::LLInt::doWasmCallRef):
(JSC::LLInt::WASM_SLOW_PATH_DECL):
* wasm/js/JSWebAssembly.cpp:
(JSC::JSWebAssembly::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/JSWebAssemblyException.cpp:
(JSC::JSWebAssemblyException::finishCreation):
* wasm/js/JSWebAssemblyGlobal.cpp:
(JSC::JSWebAssemblyGlobal::finishCreation):
* wasm/js/JSWebAssemblyHelpers.h:
(JSC::getWasmBufferFromValue):
(JSC::createSourceBufferFromValue):
(JSC::isWebAssemblyHostFunction):
(JSC::fromJSValue):
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::finishCreation):
* wasm/js/JSWebAssemblyMemory.cpp:
(JSC::JSWebAssemblyMemory::finishCreation):
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::finishCreation):
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::finishCreation):
* wasm/js/WebAssemblyCompileErrorPrototype.cpp:
(JSC::WebAssemblyCompileErrorPrototype::finishCreation):
* wasm/js/WebAssemblyExceptionConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyExceptionPrototype.cpp:
(JSC::WebAssemblyExceptionPrototype::finishCreation):
(JSC::getException):
(JSC::getTag):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyFunctionBase.cpp:
(JSC::WebAssemblyFunctionBase::finishCreation):
* wasm/js/WebAssemblyGlobalConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyGlobalPrototype.cpp:
(JSC::getGlobal):
(JSC::WebAssemblyGlobalPrototype::finishCreation):
* wasm/js/WebAssemblyInstanceConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyInstancePrototype.cpp:
(JSC::getInstance):
(JSC::WebAssemblyInstancePrototype::finishCreation):
* wasm/js/WebAssemblyLinkErrorPrototype.cpp:
(JSC::WebAssemblyLinkErrorPrototype::finishCreation):
* wasm/js/WebAssemblyMemoryPrototype.cpp:
(JSC::getMemory):
(JSC::WebAssemblyMemoryPrototype::finishCreation):
* wasm/js/WebAssemblyModuleConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyModulePrototype.cpp:
(JSC::WebAssemblyModulePrototype::finishCreation):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::finishCreation):
(JSC::WebAssemblyModuleRecord::initializeImports):
(JSC::WebAssemblyModuleRecord::initializeExports):
(JSC::WebAssemblyModuleRecord::evaluate):
* wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:
(JSC::WebAssemblyRuntimeErrorPrototype::finishCreation):
* wasm/js/WebAssemblyTableConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyTablePrototype.cpp:
(JSC::getTable):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::WebAssemblyTablePrototype::finishCreation):
* wasm/js/WebAssemblyTagPrototype.cpp:
(JSC::WebAssemblyTagPrototype::finishCreation):
(JSC::getTag):
* wasm/js/WebAssemblyWrapperFunction.cpp:
(JSC::WebAssemblyWrapperFunction::create):
(JSC::WebAssemblyWrapperFunction::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
2022-04-15 Mark Lam <mark.lam@apple.com>
Apply purifyNaN in more places.
https://bugs.webkit.org/show_bug.cgi?id=239393
Reviewed by Saam Barati.
Also removed some unused functions.
* wasm/WasmInstance.h:
(JSC::Wasm::Instance::loadI64Global const):
(JSC::Wasm::Instance::loadF32Global const): Deleted.
(JSC::Wasm::Instance::loadF64Global const): Deleted.
* wasm/js/JSWebAssemblyHelpers.h:
(JSC::toJSValue):
2022-04-14 Caitlin Potter <caitp@igalia.com>
[JSC] ShadowRealm global object has a mutable prototype
https://bugs.webkit.org/show_bug.cgi?id=239332
Reviewed by Yusuke Suzuki.
This patch circumvents the `ASSERT(toThis() == this)` in JSObject::setPrototypeWithCycleCheck()
when `this` is a GlobalObject. Ordinarily, GlobalObjects have the IsImmutablePrototypeExoticObject
bit set and miss this pathway, however this is not the case for ShadowRealm Global Objects.
In addition, the JSC internal version is also modified to have a mutable prototype in the same way
as in WebCore.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::deriveShadowRealmGlobalObject):
(JSC::JSGlobalObject::createStructureForShadowRealm):
* runtime/JSObject.cpp:
(JSC::JSObject::setPrototypeWithCycleCheck):
2022-04-14 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Reduce use of CallFrame::deprecatedVM
https://bugs.webkit.org/show_bug.cgi?id=239326
Reviewed by Devin Rousso.
Reduce use of CallFrame::deprecatedVM, mainly in inspector related code to eventually remove CallFrame::deprecatedVM.
* debugger/Debugger.cpp:
(JSC::Debugger::evaluateBreakpointCondition):
(JSC::Debugger::evaluateBreakpointActions):
(JSC::Debugger::exceptionOrCaughtValue):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::globalObject):
(JSC::DebuggerCallFrame::functionName const):
(JSC::DebuggerCallFrame::scope):
(JSC::DebuggerCallFrame::type const):
(JSC::DebuggerCallFrame::evaluateWithScopeExtension):
(JSC::DebuggerCallFrame::deprecatedVMEntryGlobalObject const): Deleted.
* debugger/DebuggerCallFrame.h:
* inspector/JSJavaScriptCallFrame.cpp:
(Inspector::JSJavaScriptCallFrame::evaluateWithScopeExtension):
(Inspector::JSJavaScriptCallFrame::scopeDescriptions):
(Inspector::JSJavaScriptCallFrame::functionName const):
(Inspector::JSJavaScriptCallFrame::scopeChain const):
(Inspector::JSJavaScriptCallFrame::type const):
* inspector/JavaScriptCallFrame.h:
(Inspector::JavaScriptCallFrame::functionName const):
(Inspector::JavaScriptCallFrame::type const):
(Inspector::JavaScriptCallFrame::scopeChain const):
(Inspector::JavaScriptCallFrame::evaluateWithScopeExtension const):
(Inspector::JavaScriptCallFrame::deprecatedVMEntryGlobalObject const): Deleted.
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::debuggerScopeExtensionObject):
(Inspector::InspectorDebuggerAgent::didPause):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::debug):
2022-04-14 Alexey Shvayka <ashvayka@apple.com>
InternalFunction::createSubclassStructure() should use base object's global object
https://bugs.webkit.org/show_bug.cgi?id=239346
Unreviewed, account for offline feedback by Yusuke Suzuki.
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::createSubclassStructure):
2022-04-14 Alexey Shvayka <ashvayka@apple.com>
InternalFunction::createSubclassStructure() should use base object's global object
https://bugs.webkit.org/show_bug.cgi?id=239346
Reviewed by Darin Adler.
Chrome and Firefox don't agree on interoperable behavior in case of cross-realm
NewTarget's "prototype", so this patch aligns WebKit with Chrome to fix a web-compat issue.
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::createSubclassStructure):
2022-04-14 Chris Dumez <cdumez@apple.com>
Drop inefficient String::append() overloads
https://bugs.webkit.org/show_bug.cgi?id=239289
Reviewed by Sam Weinig.
* heap/HeapSnapshotBuilder.cpp:
(JSC::HeapSnapshotBuilder::json):
* runtime/IntlObject.cpp:
(JSC::resolveLocale):
* runtime/TemporalObject.cpp:
(JSC::ellipsizeAt):
* tools/FunctionOverrides.cpp:
(JSC::initializeOverrideInfo):
(JSC::parseClause):
2022-04-14 Justin Michaud <justin_michaud@apple.com>
[PGO] We should be able to build WebKit to collect PGO profiles easily
https://bugs.webkit.org/show_bug.cgi?id=238776
Reviewed by Wenson Hsieh.
* Configurations/JavaScriptCore.xcconfig:
* runtime/VM.cpp:
(JSC::VM::VM):
2022-04-13 Chris Dumez <cdumez@apple.com>
Replace calls to substring(0, x) with the more concise left(x)
https://bugs.webkit.org/show_bug.cgi?id=239306
Reviewed by Darin Adler.
* inspector/ScriptArguments.h:
* runtime/ExceptionHelpers.cpp:
(JSC::clampErrorMessage):
* runtime/IntlNumberFormat.cpp:
(JSC::wellFormedUnitIdentifier):
* runtime/IntlObject.cpp:
(JSC::resolveLocale):
* runtime/IntlObjectInlines.h:
(JSC::bestAvailableLocale):
2022-04-13 Michael Catanzaro <mcatanzaro@redhat.com>
GCC 12 -Wdangling-pointer warning spam from AbstractSlotVisitorInlines.h
https://bugs.webkit.org/show_bug.cgi?id=239299
Reviewed by Mark Lam.
Suppress this warning, so we can see other warnings.
* heap/AbstractSlotVisitorInlines.h:
(JSC::AbstractSlotVisitor::ReferrerContext::ReferrerContext):
2022-04-13 Michael Catanzaro <mcatanzaro@redhat.com>
Misc compiler warnings, April 2022 edition
https://bugs.webkit.org/show_bug.cgi?id=239290
Reviewed by Adrian Perez de Castro.
* bytecode/PropertyCondition.cpp:
(JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint const):
(JSC::watchabilityToConcurrency):
(JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint const):
* runtime/JSObject.h:
(JSC::JSObject::getDirect const):
* runtime/Structure.h:
(JSC::Structure::get):
2022-04-13 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Remove DeprecatedCallFrameForDebugger
https://bugs.webkit.org/show_bug.cgi?id=239045
Reviewed by Devin Rousso.
We should not enlarge sizeof(JSGlobalObject) by having DeprecatedCallFrameForDebugger which is only used for Debugger, and it is used
only when we have an error when evaluating top-level SyntaxError. This patch removes it: we introduce EmptyTopLevelCallFrameForDebugger
which can be constructed on stack and we use it instead of DeprecatedCallFrameForDebugger.
* debugger/Debugger.cpp:
(JSC::Debugger::updateCallFrame):
(JSC::EmptyTopLevelCallFrameForDebugger::EmptyTopLevelCallFrameForDebugger):
(JSC::EmptyTopLevelCallFrameForDebugger::asCallFrame):
(JSC::Debugger::exception):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::create):
(JSC::DebuggerCallFrame::positionForCallFrame):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::convertToStackOverflowFrame):
(JSC::CallFrame::initDeprecatedCallFrameForDebugger): Deleted.
* interpreter/CallFrame.h:
(JSC::CallFrame::isEmptyTopLevelCallFrameForDebugger const):
(JSC::CallFrame::isDeprecatedCallFrameForDebugger const): Deleted.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::deprecatedCallFrameForDebugger): Deleted.
* runtime/JSGlobalObject.h:
* runtime/VM.cpp:
(JSC::VM::throwException):
2022-04-13 Chris Dumez <cdumez@apple.com>
Replace AtomString(const char*) with AtomString::fromLatin1(const char*)
https://bugs.webkit.org/show_bug.cgi?id=239127
Reviewed by Darin Adler.
* API/JSBase.cpp:
(JSGetMemoryUsageStatistics):
* runtime/Identifier.h:
* runtime/IdentifierInlines.h:
(JSC::Identifier::fromLatin1):
(JSC::Identifier::fromCString): Deleted.
* runtime/JSObject.cpp:
(JSC::JSObject::reifyAllStaticProperties):
* runtime/JSObjectInlines.h:
(JSC::JSObject::getNonReifiedStaticPropertyNames):
2022-04-12 Elliott Williams <emw@apple.com>
[Xcode] In open-source builds, disable bitcode in xcconfigs instead of build-webkit
https://bugs.webkit.org/show_bug.cgi?id=239262
Reviewed by Alexey Proskuryakov.
Disable bitcode in open-source builds, as WebKit never part of an App
Store submission. This improves support for building WebKit directly
from the workspace.
* Configurations/Base.xcconfig:
2022-04-12 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Move StructureCache from VM to JSGlobalObject
https://bugs.webkit.org/show_bug.cgi?id=239044
Reviewed by Saam Barati.
We should have StructureCache per JSGlobalObject since cached structures are tied to some of JSGlobalObject.
This can (1) reduce size of each StructureCache, (2) destroy StructureCache timely at the destruction of
JSGlobalObject, and (3) simplifies JSGlobalObject::haveABadTime handling in the compiler.
* bytecode/InternalFunctionAllocationProfile.h:
(JSC::InternalFunctionAllocationProfile::createAllocationStructureFromBase):
* bytecode/ObjectAllocationProfileInlines.h:
(JSC::ObjectAllocationProfileBase<Derived>::initializeProfile):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::createSubclassStructure):
* runtime/IteratorOperations.cpp:
(JSC::createIteratorResultObjectStructure):
* runtime/JSBoundFunction.cpp:
(JSC::getBoundFunctionStructure):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::fireWatchpointAndMakeAllArrayStructuresSlowPut):
(JSC::JSGlobalObject::haveABadTime):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::structureCache):
* runtime/ObjectConstructor.h:
(JSC::constructEmptyObject):
(JSC::createDataPropertyDescriptorObjectStructure):
(JSC::createAccessorPropertyDescriptorObjectStructure):
* runtime/PrototypeKey.h:
(JSC::PrototypeKey::PrototypeKey):
(JSC::PrototypeKey::classInfo const):
(JSC::PrototypeKey::operator== const):
(JSC::PrototypeKey::hash const):
(JSC::PrototypeKey::globalObject const): Deleted.
* runtime/StructureCache.cpp:
(JSC::StructureCache::createEmptyStructure):
(JSC::StructureCache::emptyObjectStructureConcurrently):
* runtime/StructureCache.h:
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
2022-04-12 Tim Horton <timothy_horton@apple.com>
Adopt "version set"-based linked-on-or-after checks instead of platform-specific ones
https://bugs.webkit.org/show_bug.cgi?id=239054
<rdar://problem/83436715>
Reviewed by Wenson Hsieh.
* API/JSTypedArray.cpp:
(isLinkedBeforeTypedArrayLengthQuirk):
* API/JSWrapperMap.mm:
(supportsInitMethodConstructors):
* API/tests/testapi.cpp:
(TestAPI::promiseDrainDoesNotEatExceptions):
* API/tests/testapi.mm:
(testMicrotaskWithFunction):
* runtime/JSLock.cpp:
(JSC::JSLock::willReleaseLock):
* runtime/ObjectPrototype.cpp:
(JSC::isPokerBros):
Adopt the new naming.
2022-04-12 Elliott Williams <emw@apple.com>
Reland "[XCBuild] Enable dependency validation by default"
https://bugs.webkit.org/show_bug.cgi?id=238901
<rdar://problem/91379968>
Reviewed by Alexey Proskuryakov.
* Configurations/DebugRelease.xcconfig: In open-source builds, disable
VALIDATE_DEPENDENCIES when there is no PRODUCT_TYPE (i.e. not building
a native target).
2022-04-12 Aditi Singh <asingh@igalia.com>
Implement Change Array by copy proposal
https://bugs.webkit.org/show_bug.cgi?id=234604
Reviewed by Alexey Shvayka.
This patch implements proposal Change Array By Copy. The proposal provides additional
methods on Array.prototype and TypedArray.prototype to enable changes on the array by
returning a new copy of it with the change.
Since, a call to intrinsic functions: Array.prototype.sort(comparefn) and
%TypedArray%.prototype.sort(comparefn) was needed, LinkTimeConstants have
been added for the same.
LinkTimeConstants were added instead of:
function sort(comparefn) { return @arraySort.@call(this, cmp); }
because this introduces an extra function call, which is slower.
%%TypedArray%%.prototype.sort(comparefn) and Array.prototype.sort(comparefn) are
implemented differently to avoid eager initialisation for TypedArrayPrototype
because it is quite large and not commonly used on the web.
The proposal details can be found here:
https://github.com/tc39/proposal-change-array-by-copy
* builtins/ArrayPrototype.js:
(toReversed):
(toSorted):
(toSpliced):
(with):
* builtins/BuiltinNames.h:
* builtins/TypedArrayPrototype.js:
(toReversed):
(toSorted):
(toSpliced):
(with):
(sort):
* bytecode/LinkTimeConstant.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildrenImpl):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::typedArrayProtoSort const):
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::JSTypedArrayViewPrototype::finishCreation):
* runtime/OptionsList.h:
2022-04-12 Dmitry Bezhetskov <dbezhetskov@igalia.com>
[WASM-GC] Introduce structs types
https://bugs.webkit.org/show_bug.cgi?id=237029
Reviewed by Keith Miller.
Introduce struct types via extending existing Signature infrastructure.
Signature is a unique representation of Wasm function types and we use them
to compare signatures from different wasm modules. Signatures are held globally
in a hash set and have one point of access.
With GC proposal and new struct types we want to represent new types uniformly with existing
Signature infrastructure. So, in this patch we extend Signature class with two options -
FunctionSignature and StructType. FunctionSignature (can be named as FunctionType) is a
representation of signatures as it was before the patch and StructType is a new option which
is representing struct types from GC proposal. Generally speaking we replace Signature class
with new algebraic type TypeDefinition = Signature | StructType.
This representation of struct types allows us not to change WasmType representation and
uniformly store FunctionType (aka FunctionSignature) or StructType. New options for types,
for example arrays, also can be easily added. Also, we save memory because we reuse existing
uniqueness of signatures. Additionally we can compare different struct types as fast as we do it for
signatures.
As Signature class now doesn't only holds Signature it has been renamed into TypeDefinition.
All corresponding signature related things also have been renamed.
To access specific option two classes was introduced StructType and FunctionSignature, so TypeDefinition
can be casted to specific option and only via it option methods of that option can be called.
This is done with preserving the cache-locality optimization for allocation signatures.
* CMakeLists.txt:
* Sources.txt:
* bytecode/BytecodeDumper.cpp:
(JSC::Wasm::BytecodeDumper::dumpBlock):
* bytecode/BytecodeList.rb:
* runtime/OptionsList.h:
* wasm/WasmAirIRGenerator.cpp:
(JSC::Wasm::AirIRGenerator::ControlData::branchTargetArity const):
(JSC::Wasm::AirIRGenerator::ControlData::branchTargetType const):
(JSC::Wasm::AirIRGenerator::emitCallPatchpoint):
(JSC::Wasm::AirIRGenerator::tmpsForSignature):
(JSC::Wasm::AirIRGenerator::AirIRGenerator):
(JSC::Wasm::AirIRGenerator::toB3ResultType):
(JSC::Wasm::AirIRGenerator::addArguments):
(JSC::Wasm::AirIRGenerator::addRefFunc):
(JSC::Wasm::AirIRGenerator::getGlobal):
(JSC::Wasm::AirIRGenerator::setGlobal):
(JSC::Wasm::AirIRGenerator::addCatch):
(JSC::Wasm::AirIRGenerator::addCatchToUnreachable):
(JSC::Wasm::AirIRGenerator::addReturn):
(JSC::Wasm::AirIRGenerator::addEndToUnreachable):
(JSC::Wasm::AirIRGenerator::addCall):
(JSC::Wasm::AirIRGenerator::addCallIndirect):
(JSC::Wasm::AirIRGenerator::addCallRef):
(JSC::Wasm::AirIRGenerator::emitIndirectCall):
(JSC::Wasm::parseAndCompileAir):
* wasm/WasmAirIRGenerator.h:
* wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::ControlData::ControlData):
(JSC::Wasm::B3IRGenerator::ControlData::hasNonVoidresult const):
(JSC::Wasm::B3IRGenerator::ControlData::branchTargetArity const):
(JSC::Wasm::B3IRGenerator::ControlData::branchTargetType const):
(JSC::Wasm::B3IRGenerator::toB3ResultType):
(JSC::Wasm::B3IRGenerator::addArguments):
(JSC::Wasm::B3IRGenerator::emitIndirectCall):
(JSC::Wasm::B3IRGenerator::getGlobal):
(JSC::Wasm::B3IRGenerator::setGlobal):
(JSC::Wasm::B3IRGenerator::addLoop):
(JSC::Wasm::B3IRGenerator::addElseToUnreachable):
(JSC::Wasm::B3IRGenerator::addCatch):
(JSC::Wasm::B3IRGenerator::addCatchToUnreachable):
(JSC::Wasm::B3IRGenerator::endBlock):
(JSC::Wasm::B3IRGenerator::addEndToUnreachable):
(JSC::Wasm::B3IRGenerator::createCallPatchpoint):
(JSC::Wasm::B3IRGenerator::addCall):
(JSC::Wasm::B3IRGenerator::addCallIndirect):
(JSC::Wasm::B3IRGenerator::addCallRef):
(JSC::Wasm::parseAndCompileB3):
* wasm/WasmB3IRGenerator.h:
* wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::work):
(JSC::Wasm::BBQPlan::compileFunction):
(JSC::Wasm::BBQPlan::didCompleteCompilation):
* wasm/WasmCallee.h:
* wasm/WasmCallingConvention.h:
(JSC::Wasm::WasmCallingConvention::callInformationFor const):
(JSC::Wasm::JSCallingConvention::callInformationFor const):
* wasm/WasmEmbedder.h:
* wasm/WasmEntryPlan.cpp:
(JSC::Wasm::EntryPlan::prepare):
* wasm/WasmFormat.h:
(JSC::Wasm::isExternref):
(JSC::Wasm::isFuncref):
(JSC::Wasm::funcrefType):
(JSC::Wasm::externrefType):
(JSC::Wasm::WasmToWasmImportableFunction::offsetOfSignatureIndex):
* wasm/WasmFunctionCodeBlockGenerator.cpp:
(JSC::Wasm::FunctionCodeBlockGenerator::addSignature):
* wasm/WasmFunctionCodeBlockGenerator.h:
* wasm/WasmFunctionParser.h:
(JSC::Wasm::splitStack):
(JSC::Wasm::FunctionParser::signature const):
(JSC::Wasm::FunctionParser<Context>::FunctionParser):
(JSC::Wasm::FunctionParser<Context>::parse):
(JSC::Wasm::FunctionParser<Context>::unify):
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmGlobal.cpp:
(JSC::Wasm::Global::set):
* wasm/WasmGlobal.h:
* wasm/WasmInstance.cpp:
(JSC::Wasm::Instance::initElementSegment):
* wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::ControlType::loop):
(JSC::Wasm::LLIntGenerator::ControlType::block):
(JSC::Wasm::LLIntGenerator::ControlType::if_):
(JSC::Wasm::LLIntGenerator::ControlType::createTry):
(JSC::Wasm::LLIntGenerator::ControlType::createCatch):
(JSC::Wasm::LLIntGenerator::ControlType::branchTargetArity const):
(JSC::Wasm::LLIntGenerator::ControlType::branchTargetType const):
(JSC::Wasm::parseAndCompileBytecode):
(JSC::Wasm::LLIntGenerator::LLIntGenerator):
(JSC::Wasm::LLIntGenerator::callInformationForCaller):
(JSC::Wasm::LLIntGenerator::callInformationForCallee):
(JSC::Wasm::LLIntGenerator::addArguments):
(JSC::Wasm::LLIntGenerator::addElseToUnreachable):
(JSC::Wasm::LLIntGenerator::addCatch):
(JSC::Wasm::LLIntGenerator::addCatchToUnreachable):
(JSC::Wasm::LLIntGenerator::addReturn):
(JSC::Wasm::LLIntGenerator::addEndToUnreachable):
(JSC::Wasm::LLIntGenerator::endTopLevel):
(JSC::Wasm::LLIntGenerator::addCall):
(JSC::Wasm::LLIntGenerator::addCallIndirect):
(JSC::Wasm::LLIntGenerator::addCallRef):
* wasm/WasmLLIntGenerator.h:
* wasm/WasmLLIntPlan.cpp:
(JSC::Wasm::LLIntPlan::compileFunction):
(JSC::Wasm::LLIntPlan::didCompleteCompilation):
* wasm/WasmLimits.h:
* wasm/WasmModule.cpp:
(JSC::Wasm::Module::typeIndexFromFunctionIndexSpace const):
(JSC::Wasm::Module::signatureIndexFromFunctionIndexSpace const): Deleted.
* wasm/WasmModule.h:
* wasm/WasmModuleInformation.h:
(JSC::Wasm::ModuleInformation::functionIndexSpaceSize const):
(JSC::Wasm::ModuleInformation::isImportedFunctionFromFunctionIndexSpace const):
(JSC::Wasm::ModuleInformation::typeIndexFromFunctionIndexSpace const):
(JSC::Wasm::ModuleInformation::exceptionIndexSpaceSize const):
(JSC::Wasm::ModuleInformation::isImportedExceptionFromExceptionIndexSpace const):
(JSC::Wasm::ModuleInformation::typeIndexFromExceptionIndexSpace const):
(JSC::Wasm::ModuleInformation::importFunctionCount const):
(JSC::Wasm::ModuleInformation::internalFunctionCount const):
(JSC::Wasm::ModuleInformation::importExceptionCount const):
(JSC::Wasm::ModuleInformation::internalExceptionCount const):
(JSC::Wasm::ModuleInformation::typeCount const):
(JSC::Wasm::ModuleInformation::signatureIndexFromFunctionIndexSpace const): Deleted.
(JSC::Wasm::ModuleInformation::signatureIndexFromExceptionIndexSpace const): Deleted.
* wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
* wasm/WasmOSREntryPlan.cpp:
(JSC::Wasm::OSREntryPlan::work):
* wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* wasm/WasmOperations.h:
* wasm/WasmParser.h:
(JSC::Wasm::Parser<SuccessType>::Parser):
(JSC::Wasm::Parser<SuccessType>::parseBlockSignature):
(JSC::Wasm::Parser<SuccessType>::parseHeapType):
(JSC::Wasm::Parser<SuccessType>::parseValueType):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseType):
(JSC::Wasm::SectionParser::parseImport):
(JSC::Wasm::SectionParser::parseFunction):
(JSC::Wasm::SectionParser::parseExport):
(JSC::Wasm::SectionParser::parseStart):
(JSC::Wasm::SectionParser::parseInitExpr):
(JSC::Wasm::SectionParser::parseFunctionType):
(JSC::Wasm::SectionParser::parseStructType):
(JSC::Wasm::SectionParser::parseGlobalType):
(JSC::Wasm::SectionParser::parseException):
* wasm/WasmSectionParser.h:
* wasm/WasmSignature.cpp: Removed.
* wasm/WasmSignature.h: Removed.
* wasm/WasmSlowPaths.cpp:
(JSC::LLInt::doWasmCallIndirect):
(JSC::LLInt::WASM_SLOW_PATH_DECL):
(JSC::LLInt::doWasmCallRef):
* wasm/WasmStreamingParser.cpp:
* wasm/WasmStreamingPlan.cpp:
* wasm/WasmTable.cpp:
(JSC::Wasm::Table::clear):
(JSC::Wasm::FuncRefTable::FuncRefTable):
* wasm/WasmTag.h:
* wasm/WasmTypeDefinition.cpp: Added.
(JSC::Wasm::TypeDefinition::toString const):
(JSC::Wasm::TypeDefinition::dump const):
(JSC::Wasm::FunctionSignature::toString const):
(JSC::Wasm::FunctionSignature::dump const):
(JSC::Wasm::StructType::toString const):
(JSC::Wasm::StructType::dump const):
(JSC::Wasm::computeSignatureHash):
(JSC::Wasm::computeStructTypeHash):
(JSC::Wasm::TypeDefinition::hash const):
(JSC::Wasm::TypeDefinition::tryCreateFunctionSignature):
(JSC::Wasm::TypeDefinition::tryCreateStructType):
(JSC::Wasm::TypeInformation::TypeInformation):
(JSC::Wasm::FunctionParameterTypes::hash):
(JSC::Wasm::FunctionParameterTypes::equal):
(JSC::Wasm::FunctionParameterTypes::translate):
(JSC::Wasm::StructParameterTypes::hash):
(JSC::Wasm::StructParameterTypes::equal):
(JSC::Wasm::StructParameterTypes::translate):
(JSC::Wasm::TypeInformation::typeDefinitionForFunction):
(JSC::Wasm::TypeInformation::typeDefinitionForStruct):
(JSC::Wasm::TypeInformation::tryCleanup):
* wasm/WasmTypeDefinition.h: Added.
(JSC::Wasm::FunctionSignature::FunctionSignature):
(JSC::Wasm::FunctionSignature::argumentCount const):
(JSC::Wasm::FunctionSignature::returnCount const):
(JSC::Wasm::FunctionSignature::returnType const):
(JSC::Wasm::FunctionSignature::returnsVoid const):
(JSC::Wasm::FunctionSignature::argumentType const):
(JSC::Wasm::FunctionSignature::getReturnType):
(JSC::Wasm::FunctionSignature::getArgumentType):
(JSC::Wasm::FunctionSignature::storage):
(JSC::Wasm::FunctionSignature::storage const):
(JSC::Wasm::StructField::operator== const):
(JSC::Wasm::StructField::operator!= const):
(JSC::Wasm::StructType::StructType):
(JSC::Wasm::StructType::fieldCount const):
(JSC::Wasm::StructType::field const):
(JSC::Wasm::StructType::getField):
(JSC::Wasm::StructType::storage):
(JSC::Wasm::StructType::storage const):
(JSC::Wasm::TypeDefinition::TypeDefinition):
(JSC::Wasm::TypeDefinition::payload):
(JSC::Wasm::TypeDefinition::allocatedFunctionSize):
(JSC::Wasm::TypeDefinition::allocatedStructSize):
(JSC::Wasm::TypeDefinition::is const):
(JSC::Wasm::TypeDefinition::as):
(JSC::Wasm::TypeDefinition::as const):
(JSC::Wasm::TypeDefinition::index const):
(JSC::Wasm::TypeDefinition::operator== const):
(JSC::Wasm::TypeHash::TypeHash):
(JSC::Wasm::TypeHash::operator== const):
(JSC::Wasm::TypeHash::equal):
(JSC::Wasm::TypeHash::hash):
(JSC::Wasm::TypeHash::isHashTableDeletedValue const):
(JSC::Wasm::TypeInformation::thunkFor const):
* wasm/WasmTypeDefinitionInlines.h: Renamed from Source/JavaScriptCore/wasm/WasmSignatureInlines.h.
(JSC::Wasm::TypeInformation::singleton):
(JSC::Wasm::TypeInformation::get):
(JSC::Wasm::TypeInformation::getFunctionSignature):
* wasm/generateWasmOpsHeader.py:
* wasm/js/JSToWasm.cpp:
(JSC::Wasm::marshallJSResult):
(JSC::Wasm::createJSToWasmWrapper):
* wasm/js/JSToWasm.h:
* wasm/js/JSWebAssemblyException.cpp:
(JSC::JSWebAssemblyException::visitChildrenImpl):
(JSC::JSWebAssemblyException::getArg const):
* wasm/js/JSWebAssemblyGlobal.cpp:
(JSC::JSWebAssemblyGlobal::type):
* wasm/js/JSWebAssemblyHelpers.h:
(JSC::fromJSValue):
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::destroy):
(JSC::JSWebAssemblyModule::typeIndexFromFunctionIndexSpace const):
(JSC::JSWebAssemblyModule::generateWasmToJSStubs):
(JSC::JSWebAssemblyModule::signatureIndexFromFunctionIndexSpace const): Deleted.
* wasm/js/JSWebAssemblyModule.h:
* wasm/js/JSWebAssemblyTag.h:
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
* wasm/js/WasmToJS.h:
* wasm/js/WebAssemblyExceptionConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::WebAssemblyFunction::usesTagRegisters const):
(JSC::WebAssemblyFunction::jsCallEntrypointSlow):
(JSC::WebAssemblyFunction::create):
(JSC::WebAssemblyFunction::WebAssemblyFunction):
* wasm/js/WebAssemblyFunction.h:
* wasm/js/WebAssemblyFunctionBase.h:
(JSC::WebAssemblyFunctionBase::typeIndex const):
(JSC::WebAssemblyFunctionBase::signatureIndex const): Deleted.
* wasm/js/WebAssemblyGlobalConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyGlobalPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::initializeImports):
(JSC::WebAssemblyModuleRecord::initializeExports):
* wasm/js/WebAssemblyTagConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyWrapperFunction.cpp:
(JSC::WebAssemblyWrapperFunction::create):
* wasm/js/WebAssemblyWrapperFunction.h:
* wasm/wasm.json:
2022-04-12 Geza Lore <glore@igalia.com>
[JSC] Reduce Baseline JIT code size in debug builds
https://bugs.webkit.org/show_bug.cgi?id=238928
Reviewed by Saam Barati.
The Baseline JIT used to emit a substantial but identical sequence to
check pinned registers and the SP at the beginning of every bytecode.
This caused large code bloat and made it somewhat difficult to use
debug builds on resource constrained platforms. Trying to alleviate
this by emitting a small dispatcher after the slow path section (but
before the stack overflow check), which then tail-calls a shared
thunk. The opcodes then call this very small dispatcher. The source op
of a faulting bytecode is easily visible in the link register (or on
the stack on x86).
This saves 34% Baseline JIT code size (and 14% overall) on a debug
build with JetStream2. Also fixes all code-size related test failures
on the ARMv7 debug build.
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::emitConsistencyCheck):
(JSC::JIT::compileAndLinkWithoutFinalizing):
(JSC::JIT::link):
* jit/JIT.h:
2022-04-11 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Reduce use of unnecessary cryptographicallyRandom numbers
https://bugs.webkit.org/show_bug.cgi?id=239026
Reviewed by Saam Barati.
This patch removes cryptographically random calls in some of super hot critical path.
MarkedBlock's use is very hot and it appears on Speedometer2 artrace. But this is just
a random shuffling of freelist, and WeakRandom is enough for that. This patch replaces
them with WeakRandom. It offers 0.3% improvement in Speedometer2.
* assembler/AbstractMacroAssembler.cpp:
(JSC::AbstractMacroAssemblerBase::initializeRandom):
(WTF::printInternal):
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssemblerBase::random):
(JSC::AbstractMacroAssembler::AbstractMacroAssembler):
(JSC::AbstractMacroAssembler::random): Deleted.
* b3/air/AirCode.cpp:
(JSC::B3::Air::Code::Code):
* b3/air/AirCode.h:
(JSC::B3::Air::Code::weakRandom): Deleted.
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::specializedSweep):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::heapRandom):
2022-04-11 Yusuke Suzuki <ysuzuki@apple.com>
Unreviewed, use std::forward instead of WTFMove since it becomes template typename Vector&&
https://bugs.webkit.org/show_bug.cgi?id=239025
* bytecode/ObjectPropertyConditionSet.h:
(JSC::ObjectPropertyConditionSet::create):
2022-04-10 Chris Dumez <cdumez@apple.com>
Unreviewed WatchOS build fix.
* runtime/MathCommon.cpp:
(JSC::fdlibmPow):
2022-04-10 Chris Dumez <cdumez@apple.com>
Unreviewed WatchOS build fix.
* runtime/MathCommon.cpp:
(JSC::fdlibmPow):
2022-04-10 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] DFG / FTL should be aware of JSString's String replacement
https://bugs.webkit.org/show_bug.cgi?id=238918
Reviewed by Saam Barati.
After r289359, String in JSString* can be replaced even after it is resolved. When atomizing String inside JSString*,
we may replace the existing one to new AtomStringImpl if different AtomStringImpl is already registered in the
AtomStringTable. However, DFG / FTL GetIndexedPropertyStorage assumes that StringImpl* in JSString* never changes after
resolving. And this is wrong.
This patch decouples String handling in GetIndexedPropertyStorage as ResolveRope DFG node. GetIndexedPropertyStorage no
longer handles JSString and it is now tailored to object cases. ResolveRope does not expose StringImpl::m_data pointer,
and instead it keeps resolved JSString*. After this change,
GetByVal(String:@0, Untyped:@1, GetIndexedProperty(String:@0))
is changed to
GetByVal(ResolveRope(String:@0), Untyped:@1)
Also, we revisit all the value(...) callsites (by changing function name) and ensure that we have no code assuming String
cannot be changed after resolving.
A/B test ensured that this is perf-neutral.
* b3/B3Generate.cpp:
(JSC::B3::generateToAir):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitEqualityOpImpl):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::checkArray):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasStorageChild const):
(JSC::DFG::Node::storageChildIndex):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileStringCodePointAt):
* dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLCompile.cpp:
(JSC::FTL::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileGetIndexedPropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::compileResolveRope):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAtImpl):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharCodeAt):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCodePointAt):
* jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
* runtime/HashMapImplInlines.h:
(JSC::jsMapHashImpl):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::name):
(JSC::InternalFunction::displayName):
(JSC::InternalFunction::calculatedDisplayName):
* runtime/InternalFunction.h:
* runtime/JSBoundFunction.h:
* runtime/JSCJSValueInlines.h:
(JSC::toPreferredPrimitiveType):
* runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::importModule):
* runtime/JSONObject.cpp:
(JSC::Stringifier::appendStringifiedValue):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::JSPropertyNameEnumerator::computeNext):
* runtime/JSRemoteFunction.h:
* runtime/Operations.h:
(JSC::jsString):
(JSC::compareBigIntToOtherPrimitive):
(JSC::compareBigInt32ToOtherPrimitive):
* runtime/RegExpMatchesArray.h:
(JSC::createRegExpMatchesArray):
* runtime/StringPrototype.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/SymbolConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
2022-04-09 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use Vector with inline capacity in ObjectPropertyConditionSet creation
https://bugs.webkit.org/show_bug.cgi?id=239025
Reviewed by Keith Miller.
Since we anyway allocate ThreadSafeRefCountedFixedVector<ObjectPropertyCondition> in ObjectPropertyConditionSet, which has exact size,
generateXXX and mergeWith should not allocate heap Vector just for temporarily collecting ObjectPropertyCondition.
We pick 8 in generateXXX function and 16 for mergeWith function. This looks reasonable number and at least covers all cases in Speedometer2.
* bytecode/ObjectPropertyConditionSet.cpp:
(JSC::ObjectPropertyConditionSet::mergedWith const):
(JSC::generateConditionsForPropertyMiss):
(JSC::generateConditionsForPropertySetterMiss):
(JSC::generateConditionsForPrototypePropertyHit):
(JSC::generateConditionsForPrototypePropertyHitCustom):
(JSC::generateConditionsForInstanceOf):
(JSC::generateConditionsForPrototypeEquivalenceConcurrently):
(JSC::generateConditionsForPropertyMissConcurrently):
(JSC::generateConditionsForPropertySetterMissConcurrently):
* bytecode/ObjectPropertyConditionSet.h:
(JSC::ObjectPropertyConditionSet::create):
2022-04-09 Adrian Perez de Castro <aperez@igalia.com>
[GTK][WPE] Missing inter-module documentation links
https://bugs.webkit.org/show_bug.cgi?id=239016
Reviewed by Michael Catanzaro.
Add JS snippets to be used in the gi-docgen output to setup links to
other modules. Take advantage of being able to compute the documentation
API version suffix from the currently loaded page URL, which avoids having
a number of templates depending on the API version and having to deal with
the documentation API version being sometimes different than the actual API
version of the library. The URLs for GTK3 vs. GTK4 documentation cannot be
handled in the same way, and instead the JS snippet is also a template
expanded by CMake to allows using the ${GTK_API_VERSION} variable there.
* API/glib/docs/jsc.toml.in: Use added urlmap.js file.
* API/glib/docs/urlmap.js: Added.
2022-04-08 Elliott Williams <emw@apple.com>
[Xcode] Avoid targeting 32-bit iOS and Mac architectures
https://bugs.webkit.org/show_bug.cgi?id=238971
Reviewed by Alexey Proskuryakov.
Modern Xcode supports building armv7 iOS and i386 macOS, but only when targeting older OSes.
We do not support these targets, but our ARCHS override implies we do. Remove our setting
and use the default.
This improves support for building directly from WebKit.xcworkspace to a `generic/*`
destination.
* Configurations/DebugRelease.xcconfig:
2022-04-08 Brent Fulgham <bfulgham@apple.com>
Move WebGPU to WebCore/features.json and add <model> element
https://bugs.webkit.org/show_bug.cgi?id=238981
Reviewed by Myles C. Maxfield
Move WebGPU stuff to the WebCore features.json file.
* features.json:
2022-04-08 Elliott Williams <emw@apple.com>
Unreviewed, reverting r292591.
Causing spurious EWS errors
Reverted changeset:
"[XCBuild] Enable dependency validation by default"
https://bugs.webkit.org/show_bug.cgi?id=238901
https://commits.webkit.org/r292591
2022-04-08 Chris Dumez <cdumez@apple.com>
Reduce number of StringView to String conversions in JSC
https://bugs.webkit.org/show_bug.cgi?id=238911
Reviewed by Darin Adler.
* dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::getValue const):
Resolve ambiguity by explicitly converting the StringImpl to a String before
calling jsString(). [1]
* jsc.cpp:
Avoid constructing a String from the StringView, just to compute a hash.
Instead, rely on the StringViewHashTranslator for this.
* profiler/ProfilerOSRExit.cpp:
(JSC::Profiler::OSRExit::toJS const):
exitKindToString() returns an ASCIILiteral whose length is always greater
than 1 so we can call the more efficient jsNontrivialString() instead of
jsString(). Calling jsString() here had become ambiguous because an
ASCIILiteral can be implicitely converted to both a String and a
StringView [2].
* runtime/ArrayPrototype.cpp:
(JSC::fastJoin):
Call the new jsString() overload that takes a StringView, to avoid
unnecessarily constructing a String in the case where the length is <= 1 [3].
* runtime/ErrorInstance.cpp:
(JSC::appendSourceToErrorMessage):
* runtime/ErrorInstance.h:
* runtime/ExceptionHelpers.cpp:
(JSC::defaultApproximateSourceError):
(JSC::defaultSourceAppender):
(JSC::functionCallBase):
(JSC::notAFunctionSourceAppender):
(JSC::invalidParameterInSourceAppender):
(JSC::invalidParameterInstanceofSourceAppender):
(JSC::invalidParameterInstanceofNotFunctionSourceAppender):
(JSC::invalidParameterInstanceofhasInstanceValueNotFunctionSourceAppender):
(JSC::invalidPrototypeSourceAppender):
* runtime/ExceptionHelpers.h:
Call SourceAppender with a StringView since this is what we have. In most
cases, these appenders end up calling makeString() and it is thus beneficial
to avoid temporary/intermediate String constructions.
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::toStringSlow):
Same as [3].
* runtime/IdentifierInlines.h:
(JSC::identifierToJSValue):
(JSC::identifierToSafePublicJSValue):
Same as [1].
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::formatToParts const):
(JSC::IntlDateTimeFormat::formatRangeToParts):
* runtime/IntlLocale.cpp:
(JSC::IntlLocale::textInfo):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::formatRangeToPartsInternal):
(JSC::IntlNumberFormat::formatToPartsInternal):
Same as [2].
* runtime/IntlRelativeTimeFormat.cpp:
(JSC::IntlRelativeTimeFormat::formatToParts const):
Same as [3].
* runtime/JSArrayBufferPrototype.cpp:
(JSC::JSArrayBufferPrototype::finishCreation):
Same as [2].
* runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::requestImportModule):
(JSC::JSC_DEFINE_HOST_FUNCTION):
Same as [1].
* runtime/JSString.h:
(JSC::jsString):
Add a jsString() overload that takes in a StringView instead of a String.
This avoids construction of a String for call sites having a StringView
in the event where the view's length is <= 1.
* runtime/SymbolConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
Same as [1].
2022-04-08 Keith Miller <keith_miller@apple.com>
Broaden TypedArray API fix to all apps not just Bleacher Report
https://bugs.webkit.org/show_bug.cgi?id=238955
Reviewed by Saam Barati.
* API/JSTypedArray.cpp:
(isLinkedBeforeTypedArrayLengthQuirk):
(JSObjectGetArrayBufferByteLength):
(isBleecherReport): Deleted.
2022-04-07 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Fire structure transition watchpoint in Structure::finishCreation instead of Structure constructor
https://bugs.webkit.org/show_bug.cgi?id=238980
Reviewed by Saam Barati.
After https://github.com/WebKit/WebKit/commit/dc3a347474a183891f8e07966dc09e684d7a1d13 change,
we start using Structure::get in the main thread. However one of the difference between Structure::get and
Structure::getConcurrently is that it can allocate GC memory: PropertyTable can be materialized.
Structure constructor was firing structure transition watchpoint. And some of watchpoints were using
Structure::getConcurrently. That's fine before, but now, it becomes Structure::get. It is not OK since
we cannot allocate GC memory inside constructor of GC managed objects.
This patch split didTransitionFromThisStructure into didTransitionFromThisStructureWithoutFiringWatchpoint and
fireStructureTransitionWatchpoint. And firing watchpoints in Structure::finishCreation instead of Structure
constructor so that we can allocate GC memory while firing watchpoints.
* runtime/BrandedStructure.cpp:
(JSC::BrandedStructure::BrandedStructure):
(JSC::BrandedStructure::create):
* runtime/BrandedStructure.h:
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::didTransitionFromThisStructureWithoutFiringWatchpoint const):
(JSC::Structure::fireStructureTransitionWatchpoint const):
(JSC::Structure::didTransitionFromThisStructure const):
* runtime/Structure.h:
(JSC::Structure::finishCreation):
* runtime/StructureInlines.h:
(JSC::Structure::create):
2022-04-07 Elliott Williams <emw@apple.com>
[XCBuild] Enable dependency validation by default
https://bugs.webkit.org/show_bug.cgi?id=238901
<rdar://problem/91379968>
Reviewed by Alexey Proskuryakov.
* Configurations/DebugRelease.xcconfig:
2022-04-07 Geza Lore <glore@igalia.com>
[JSC][ARMv7] Support proper near calls and JUMP_ISLANDS
https://bugs.webkit.org/show_bug.cgi?id=238143
Reviewed by Yusuke Suzuki.
Implement nearCall and nearTailCall as single instruction direct
branches on ARMv7/Thumb-2. (Will need to support these for Wasm JITs,
to implement threadSafePatchableNearcall.) To make this possible while
also having an executable pool size larger than the branch range, I
also ported JUMP_ISLANDS.
To port JUMP_ISLANDS, a reformulation of the region allocations was
necessary, which is now done in terms of the range of the
nearCall/nearTailCall macroassembler macros. For ARM64, the behaviour
should be identical.
The jump islad reservation on ARMv7 is set to 5% of executable memory
size, which is approximately the same as the baseline JIT code size
saving provided by using short branches for near calls, so the change
should be neutral overall with respect to executable memory
consumption.
Also made it possible for the --jitMemoryReservationSize option to
request JIT memory that is larger than the default hardcoded size
while using JUMP_ISLANDS (we need this for testing on ARMv7, which has
a smaller default executable pool size). To do this the region
allocators are no longer statically allocated but are held in a
FixedVector.
Also removed the unused repatchCompact methods from assemblers.
* assembler/ARM64Assembler.h:
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::isEven):
(JSC::ARMv7Assembler::makeEven):
(JSC::ARMv7Assembler::bl):
(JSC::ARMv7Assembler::link):
(JSC::ARMv7Assembler::linkTailCall):
(JSC::ARMv7Assembler::linkCall):
(JSC::ARMv7Assembler::relinkCall):
(JSC::ARMv7Assembler::relinkTailCall):
(JSC::ARMv7Assembler::prepareForAtomicRelinkJumpConcurrently):
(JSC::ARMv7Assembler::prepareForAtomicRelinkCallConcurrently):
(JSC::ARMv7Assembler::replaceWithJump):
(JSC::ARMv7Assembler::canEmitJump):
(JSC::ARMv7Assembler::isBL):
(JSC::ARMv7Assembler::linkJumpT4):
(JSC::ARMv7Assembler::linkConditionalJumpT4):
(JSC::ARMv7Assembler::linkJumpAbsolute):
(JSC::ARMv7Assembler::linkBranch):
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::repatchNearCall):
* assembler/AssemblerCommon.h:
(JSC::isInt):
* assembler/MIPSAssembler.h:
* assembler/MacroAssemblerARM64.h:
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::nearTailCall):
(JSC::MacroAssemblerARMv7::linkCall):
* assembler/MacroAssemblerMIPS.h:
* assembler/MacroAssemblerRISCV64.h:
* assembler/MacroAssemblerX86Common.h:
* assembler/X86Assembler.h:
* bytecode/Repatch.cpp:
(JSC::linkPolymorphicCall):
* jit/ExecutableAllocator.cpp:
(JSC::initializeJITPageReservation):
2022-04-07 Geza Lore <glore@igalia.com>
[JSC][32bit] Use constexpr tags instead of enums
https://bugs.webkit.org/show_bug.cgi?id=238926
Reviewed by Yusuke Suzuki.
The *Tag values are just 32-bit constants, so define them as
constexpr. This reduces compiler nuisance warnings about enum
comparisons.
* dfg/DFGSpeculativeJIT.cpp:
* runtime/JSCJSValue.h:
2022-04-07 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK][WPE] RemoteInspector add support for IPv6
https://bugs.webkit.org/show_bug.cgi?id=238797
Reviewed by Adrian Perez de Castro.
* inspector/remote/glib/RemoteInspectorServer.cpp:
(Inspector::RemoteInspectorServer::start): Receive a GSocketAddress instead of address and port parameters.
* inspector/remote/glib/RemoteInspectorServer.h:
2022-04-06 Saam Barati <sbarati@apple.com>
Call Structure::get instead of Structure::getConcurrently on the mutator thread
https://bugs.webkit.org/show_bug.cgi?id=238823
Reviewed by Yusuke Suzuki.
We try to call Structure::get instead of Structure::getConcurrently when
we know for sure we're on the main thread. This is because getConcurrently
is slower than get.
* bytecode/AccessCase.cpp:
(JSC::AccessCase::couldStillSucceed const):
(JSC::AccessCase::generateImpl):
* bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:
(JSC::AdaptiveInferredPropertyValueWatchpointBase::install):
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::install):
* bytecode/ObjectPropertyCondition.cpp:
(JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint const):
(JSC::ObjectPropertyCondition::isStillValidAssumingImpurePropertyWatchpoint const):
(JSC::ObjectPropertyCondition::isStillValid const):
(JSC::ObjectPropertyCondition::structureEnsuresValidity const):
* bytecode/ObjectPropertyCondition.h:
* bytecode/ObjectPropertyConditionSet.cpp:
(JSC::ObjectPropertyConditionSet::structuresEnsureValidity const):
(JSC::generateConditionsForPropertyMiss):
(JSC::generateConditionsForPropertySetterMiss):
(JSC::generateConditionsForPrototypePropertyHit):
(JSC::generateConditionsForPrototypePropertyHitCustom):
(JSC::generateConditionsForPrototypeEquivalenceConcurrently):
(JSC::generateConditionsForPropertyMissConcurrently):
(JSC::generateConditionsForPropertySetterMissConcurrently):
(JSC::generateConditionForSelfEquivalence):
(JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint const): Deleted.
(JSC::ObjectPropertyConditionSet::isValidAndWatchable const): Deleted.
* bytecode/ObjectPropertyConditionSet.h:
* bytecode/PropertyCondition.cpp:
(JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint const):
(JSC::watchabilityToConcurrency):
(JSC::PropertyCondition::isStillValid const):
(JSC::PropertyCondition::isWatchableWhenValid const):
(JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint const):
(JSC::PropertyCondition::isWatchable const):
* bytecode/PropertyCondition.h:
* dfg/DFGAdaptiveStructureWatchpoint.cpp:
(JSC::DFG::AdaptiveStructureWatchpoint::install):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::check):
(JSC::DFG::ByteCodeParser::planLoad):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::tryFoldAsPutByOffset):
* dfg/DFGDesiredWatchpoints.h:
(JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::watchCondition):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setupGetByIdPrototypeCache):
* runtime/CachedSpecialPropertyAdaptiveStructureWatchpoint.cpp:
(JSC::CachedSpecialPropertyAdaptiveStructureWatchpoint::install):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::tryInstallSpeciesWatchpoint):
* runtime/JSObject.h:
(JSC::JSObject::getDirect const):
* runtime/Structure.h:
(JSC::Structure::get):
* runtime/StructureRareData.cpp:
(JSC::StructureRareData::cacheSpecialPropertySlow):
2022-04-06 Chris Dumez <cdumez@apple.com>
Start replacing String(const char*) constructor with a String::fromLatin1(const char*) function
https://bugs.webkit.org/show_bug.cgi?id=238701
Reviewed by Geoffrey Garen.
* API/JSValue.mm:
(createStructHandlerMap):
(handerForStructTag):
* API/JSWrapperMap.mm:
(allocateConstructorForCustomClass):
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunctionImpl::name):
* API/glib/JSCContext.cpp:
(jsc_context_check_syntax):
* b3/air/testair.cpp:
* bindings/ScriptFunctionCall.cpp:
(Deprecated::ScriptCallArgumentHandler::appendArgument):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::functionName const):
* heap/HeapSnapshotBuilder.cpp:
(JSC::HeapSnapshotBuilder::json):
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
* inspector/remote/socket/RemoteInspectorSocket.cpp:
(Inspector::RemoteInspector::sendMessageToBackend):
* jit/ExecutableAllocator.cpp:
(JSC::dumpJITMemory):
* jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
(runWithOptions):
(CommandLine::parseArguments):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parsePrimaryExpression):
* parser/Parser.h:
(JSC::Parser::updateErrorMessage):
* parser/SourceProvider.h:
* runtime/BytecodeCacheError.cpp:
(JSC::BytecodeCacheError::StandardError::message const):
* runtime/IntlLocale.cpp:
(JSC::IntlLocale::keywordValue const):
(JSC::IntlLocale::numberingSystems):
* runtime/IntlObject.cpp:
(JSC::numberingSystemsForLocale):
* runtime/NumberPrototype.cpp:
(JSC::toStringWithRadix):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::numberToStringInternal):
(JSC::int52ToString):
* runtime/Options.cpp:
(JSC::Options::overrideAliasedOptionWithHeuristic):
(JSC::Options::setAliasedOption):
* runtime/RegExpPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::StackFrame::displayName):
* runtime/StringPrototype.cpp:
(JSC::toLocaleCase):
* testRegExp.cpp:
(parseArguments):
* tools/CompilerTimingScope.cpp:
* tools/FunctionAllowlist.cpp:
(JSC::FunctionAllowlist::FunctionAllowlist):
* wasm/js/WebAssemblyModuleConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
2022-04-06 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Substring resolving should check 8bit / 16bit again
https://bugs.webkit.org/show_bug.cgi?id=236775
<rdar://problem/89253391>
Reviewed by Saam Barati.
Substring JSString is wrapping JSString. Thus it is possible that underlying JSString's 8Bit / 16Bit status
becomes different from substring JSString wrapper's bit. We should not assume they are the same.
* runtime/JSString.cpp:
(JSC::JSRopeString::resolveRopeInternal const):
(JSC::JSRopeString::resolveRopeToAtomString const):
(JSC::JSRopeString::resolveRopeToExistingAtomString const):
(JSC::JSRopeString::resolveRopeInternal8 const): Deleted.
(JSC::JSRopeString::resolveRopeInternal16 const): Deleted.
* runtime/JSString.h:
2022-04-06 Chris Dumez <cdumez@apple.com>
Reduce number of conversions from StringView to String
https://bugs.webkit.org/show_bug.cgi?id=238841
Reviewed by Geoffrey Garen.
* runtime/RegExp.h:
* runtime/StringPrototype.cpp:
(JSC::substituteBackreferencesSlow):
2022-04-06 Justin Michaud <justin_michaud@apple.com>
CSE should be more careful with values that have WritesPinned, ExitsSideways, or are of different sizes
https://bugs.webkit.org/show_bug.cgi?id=238302
Reviewed by Saam Barati.
1) CSE for WasmAddressValue searches for any nodes marked with WritesPinned between all paths from the redundant
WasmAddressValue to the replacement that dominates it. For a switch construct, we might miss some paths while
performing this DFS of predecessor blocks because the termination condition was a break instead of a continue.
2) The CSE phase looks for a pattern it calls a store after clobber. That is, two stores to the same location where
the first store is not observable. It searches for reads and writes that overlap with the store and its clobber, and
bails if it finds them. When we add in CSE for WasmAddressValue, we expose the fact that WasmBoundsCheck has ExitSideways
but does not claim to read top, even though the code it exits to totally can. This can cause us to eliminate an observable store.
3) The store after clobber phase does not check that the size of the clobber is the same as the size of the store. Again,
this is usually hidden by JavaScript because the sizes are usually the same. Also, when WASM fast memory is enabled, this
bug is hidden because the loads/stores say that they may trap. That is why the unity test case only failed on iOS (although
it does fail on mac with __XPC_JSC_useWebAssemblyFastMemory=0).
* b3/B3EliminateCommonSubexpressions.cpp:
* b3/testb3.h:
* b3/testb3_8.cpp:
(testWasmAddressDoesNotCSE):
(addCopyTests):
2022-04-06 Xan Lopez <xan@igalia.com>
[JSC] Add DoNotHaveTagRegisters mode to unboxDouble
https://bugs.webkit.org/show_bug.cgi?id=238018
Reviewed by Yusuke Suzuki.
Wasm cannot use unboxDouble as-is because
GPRInfo::numberTagRegister is not available. Add a
DoNotHaveTagRegister mode so we can get rid of some duplicated
code.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::unboxDoubleWithoutAssertions):
(JSC::AssemblyHelpers::unboxDouble):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
2022-04-06 Adrian Perez de Castro <aperez@igalia.com>
[JSC] Nested includes do not change offlineasm hash output
https://bugs.webkit.org/show_bug.cgi?id=237779
Reviewed by Mark Lam.
The Ruby tooling around offlineasm can produce on their output a line containing a
checksum which depends on the input files processed. This is used to avoid redoing
in case the source files have not been changed since the last run. While there is
code to scan the "include" directives in the main input file and take the included
files into account for checksum calculation, included files themselves were not being
further processed for the second or additional levels of "include:. This adds the
missing recursive processing of "include" directives in order to take nested includes
into account.
* offlineasm/parser.rb: Process nested includes recursively for checksum calculation.
2022-04-06 Geza Lore <glore@igalia.com>
[JSC]Squash alignment warning
https://bugs.webkit.org/show_bug.cgi?id=238670
Unreviewed gardening.
Squash a "cast increases required alignment of target type" due to
poiner arithmetic via char*
* wasm/WasmSignature.h:
(JSC::Wasm::Signature::storage):
2022-04-05 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use inlined assertion for CodeBlock type
https://bugs.webkit.org/show_bug.cgi?id=238849
Reviewed by Michael Saboff.
We introduced probeDebug-based CodeBlock assertion, but it is too slow and causing timeout on Debug JSC tests.
Instead, we use inlined assertion which is much faster to prevent these Debug build timeout.
* assembler/AbortReason.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
* dfg/DFGThunks.cpp:
(JSC::DFG::osrEntryThunkGenerator):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameWithType):
(JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameIsOptimizingJIT):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameWithType):
(JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameIsOptimizingJIT):
* jit/JIT.cpp:
(JSC::JIT::compileAndLinkWithoutFinalizing):
* jit/JITCode.h:
(JSC::JITCode::offsetOfJITType):
2022-04-05 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Strictly annotate pointers with TrustedImmPtr in CCallHelpers
https://bugs.webkit.org/show_bug.cgi?id=238827
Reviewed by Mark Lam.
This allows us to detect pointer use in DFG easy. This is important in unlinked DFG development.
We also consistently use m_graph instead of m_jit.graph() in DFG::SpeculativeJIT.
We also purge CodeBlock* embedding in DFG code completely. Now we load it from the cfr
instead (compileLogShadowChickenTail and callOperationWithCallFrameRollbackOnException).
* dfg/DFGArrayifySlowPathGenerator.h:
* dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
* dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::osrWriteBarrier):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::emitGetCallee):
(JSC::DFG::SpeculativeJIT::emitOSRExitFuzzCheck):
(JSC::DFG::SpeculativeJIT::speculationCheck):
(JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::useChildren):
(JSC::DFG::SpeculativeJIT::compileGetById):
(JSC::DFG::SpeculativeJIT::compileGetByIdFlush):
(JSC::DFG::SpeculativeJIT::compileDeleteById):
(JSC::DFG::SpeculativeJIT::compileDeleteByVal):
(JSC::DFG::SpeculativeJIT::compileInById):
(JSC::DFG::SpeculativeJIT::compileInByVal):
(JSC::DFG::SpeculativeJIT::compileHasPrivate):
(JSC::DFG::SpeculativeJIT::compileStringSlice):
(JSC::DFG::SpeculativeJIT::compileLoopHint):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::createOSREntries):
(JSC::DFG::SpeculativeJIT::linkOSREntries):
(JSC::DFG::SpeculativeJIT::compileCheckTraps):
(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
(JSC::DFG::SpeculativeJIT::compilePutByVal):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
(JSC::DFG::compileClampDoubleToByte):
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::nextBlock):
(JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
(JSC::DFG::SpeculativeJIT::identifierUID):
(JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::compileToBoolean):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileArithRandom):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Strict):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::fillSpeculateBigInt32):
(JSC::DFG::SpeculativeJIT::compileCompareEqPtr):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::compileToBoolean):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitUntypedBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compileNewTypedArrayWithInt52Size):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileArithRandom):
(JSC::DFG::SpeculativeJIT::compileDateGet):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::getPrivateName):
(JSC::FTL::DFG::LowerDFGToB3::compilePrivateBrandAccess):
(JSC::FTL::DFG::LowerDFGToB3::compilePutPrivateName):
(JSC::FTL::DFG::LowerDFGToB3::cachedPutById):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileDelBy):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
(JSC::FTL::DFG::LowerDFGToB3::compileObjectKeysOrObjectGetOwnPropertyNames):
(JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject):
(JSC::FTL::DFG::LowerDFGToB3::emitNewTypedArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* jit/CCallHelpers.cpp:
* jit/CCallHelpers.h:
(JSC::CCallHelpers::std::is_pointer<CURRENT_ARGUMENT_TYPE>::value): Deleted.
* jit/JIT.cpp:
(JSC::JIT::emitEnterOptimizationCheck):
* jit/JITArithmetic.cpp:
(JSC::JIT::emitMathICFast):
(JSC::JIT::emitMathICSlow):
* jit/JITOpcodes.cpp:
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::op_enter_handlerGenerator):
(JSC::JIT::emit_op_debug):
(JSC::JIT::emitSlow_op_loop_hint):
(JSC::JIT::emit_op_new_regexp):
(JSC::JIT::emitNewFuncCommon):
(JSC::JIT::emitNewFuncExprCommon):
(JSC::JIT::emit_op_profile_type):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):
(JSC::JIT::emit_op_put_getter_setter_by_id):
(JSC::JIT::emitWriteBarrier):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
2022-04-05 Chris Dumez <cdumez@apple.com>
Avoid unnecessary String constructions in IdentifiersFactory.cpp
https://bugs.webkit.org/show_bug.cgi?id=238819
Reviewed by Geoffrey Garen.
* inspector/IdentifiersFactory.cpp:
(Inspector::addPrefixToIdentifier):
(Inspector::IdentifiersFactory::createIdentifier):
(Inspector::IdentifiersFactory::requestId):
2022-04-05 Chris Dumez <cdumez@apple.com>
Mark String(const char*) constructor as explicit
https://bugs.webkit.org/show_bug.cgi?id=238693
Reviewed by Geoffrey Garen.
* API/glib/JSCContext.cpp:
(jsc_context_check_syntax):
* inspector/remote/socket/RemoteInspectorSocket.cpp:
(Inspector::RemoteInspector::startAutomationSession):
* tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION_WITH_ATTRIBUTES):
2022-04-04 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Reduce sizeof(BaselineCallLinkInfo) to make bug 238535 good
https://bugs.webkit.org/show_bug.cgi?id=238777
Reviewed by Mark Lam.
https://bugs.webkit.org/show_bug.cgi?id=238535 adds one pointer to CallLinkInfo.
To make BaselineCallLinkInfo small, this patch removes std::unique_ptr<CallFrameShuffleData>
in BaselineCallLinkInfo since it can be computed in repatching code.
* bytecode/CallLinkInfo.cpp:
(JSC::BaselineCallLinkInfo::initialize):
(JSC::OptimizingCallLinkInfo::setFrameShuffleData):
(JSC::CallLinkInfo::setFrameShuffleData): Deleted.
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::frameShuffleData): Deleted.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* bytecode/Repatch.cpp:
(JSC::linkPolymorphicCall):
2022-04-04 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Store CodeBlock in caller side
https://bugs.webkit.org/show_bug.cgi?id=238535
Reviewed by Saam Barati.
This patch changes the calling convention of JS functions. Now, we need to store CodeBlock to the stack in the caller side instead.
This helps LLInt, unlinked Baseline, and DFG since we no longer need to load CodeBlock from callee via costly dependent loads: unlinked
ones cannot embed CodeBlock raw pointer into the machine code itself. So we needed to load it from callee. But now, caller puts the
right CodeBlock pointer into the stack so we do not need that code. And in most cases, caller already knows CodeBlock since it is tied
to actually used machine code pointer.
OSR entry also materializes CodeBlock in the stack in the OSR entry side instead of doing it in the callee side.
This contributes to 0.3% progression in Speedometer2.
* assembler/CPU.h:
(JSC::prologueStackPointerDelta):
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::setMonomorphicCallee):
(JSC::CallLinkInfo::clearCallee):
(JSC::CallLinkInfo::revertCallToStub):
(JSC::CallLinkInfo::emitFastPathImpl):
(JSC::CallLinkInfo::setStub):
(JSC::OptimizingCallLinkInfo::emitDirectFastPath):
(JSC::OptimizingCallLinkInfo::emitDirectTailCallFastPath):
(JSC::OptimizingCallLinkInfo::initializeDirectCall):
(JSC::OptimizingCallLinkInfo::setDirectCallTarget):
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::offsetOfCodeBlock):
* bytecode/Repatch.cpp:
(JSC::linkMonomorphicCall):
(JSC::linkDirectCall):
(JSC::linkPolymorphicCall):
* bytecode/RepatchInlines.h:
(JSC::virtualForWithFunction):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
(JSC::DFG::prepareCatchOSREntry):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
* dfg/DFGThunks.cpp:
(JSC::DFG::osrEntryThunkGenerator):
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
* interpreter/CallFrame.h:
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::calleeFrameCodeBlockBeforeCall):
(JSC::AssemblyHelpers::calleeFrameCodeBlockBeforeTailCall):
(JSC::AssemblyHelpers::prologueStackPointerDelta): Deleted.
* jit/CCallHelpers.h:
(JSC::CCallHelpers::prepareForTailCallSlow):
* jit/JIT.cpp:
(JSC::JIT::compileAndLinkWithoutFinalizing):
(JSC::JIT::emitPutCodeBlockToFrameInPrologue): Deleted.
* jit/JIT.h:
* jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):
(JSC::boundFunctionCallGenerator):
(JSC::remoteFunctionCallGenerator):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* llint/WebAssembly.asm:
* runtime/FunctionExecutable.h:
* runtime/JSCast.h:
* runtime/VM.cpp:
(JSC::VM::getRemoteFunction):
* wasm/WasmOperations.cpp:
(JSC::Wasm::doOSREntry):
2022-04-04 Saam Barati <sbarati@apple.com>
Turn off LLInt ICs in captive portal mode
https://bugs.webkit.org/show_bug.cgi?id=238778
<rdar://84830873>
Reviewed by Yusuke Suzuki.
* bytecode/CallLinkInfo.cpp:
(JSC::BaselineCallLinkInfo::initialize):
* bytecode/Repatch.cpp:
(JSC::unlinkCall):
* llint/LLIntCommon.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::performLLIntGetByID):
* runtime/OptionsList.h:
2022-04-04 Geoffrey Garen <ggaren@apple.com>
Only check isPagedOut() under memory pressure
https://bugs.webkit.org/show_bug.cgi?id=238742
Reviewed by Cameron McCormack.
Worth about 0.4% on Speedometer.
In theory, if we're not under memory pressure, we're either (a) not
paged out because we were not recently under memory pressure or (b)
paged out but OK to page in again because memory is available.
This could increase swap if a system frequently oscillated between
yes-memory-pressure and no-memory-pressure; but in practice the systems
we see under significant memory pressure tend to stay that way.
* heap/FullGCActivityCallback.cpp:
(JSC::FullGCActivityCallback::doCollection):
2022-04-02 Chris Dumez <cdumez@apple.com>
Add default constructor to ASCIILiteral
https://bugs.webkit.org/show_bug.cgi?id=238700
Reviewed by Geoffrey Garen.
Add default constructor to ASCIILiteral, to replace the more verbose ASCIILiteral::null().
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result:
* Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
* Scripts/wkbuiltins/builtins_model.py:
(BuiltinFunction.fromString):
* runtime/ArrayBufferSharingMode.h:
(JSC::arrayBufferSharingModeName):
* runtime/IntlCollator.cpp:
(JSC::IntlCollator::initializeCollator):
(JSC::IntlCollator::usageString):
(JSC::IntlCollator::sensitivityString):
(JSC::IntlCollator::caseFirstString):
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::initializeDateTimeFormat):
(JSC::IntlDateTimeFormat::hourCycleString):
(JSC::IntlDateTimeFormat::weekdayString):
(JSC::IntlDateTimeFormat::eraString):
(JSC::IntlDateTimeFormat::yearString):
(JSC::IntlDateTimeFormat::monthString):
(JSC::IntlDateTimeFormat::dayString):
(JSC::IntlDateTimeFormat::dayPeriodString):
(JSC::IntlDateTimeFormat::hourString):
(JSC::IntlDateTimeFormat::minuteString):
(JSC::IntlDateTimeFormat::secondString):
(JSC::IntlDateTimeFormat::timeZoneNameString):
(JSC::IntlDateTimeFormat::formatStyleString):
* runtime/IntlDisplayNames.cpp:
(JSC::IntlDisplayNames::styleString):
(JSC::IntlDisplayNames::typeString):
(JSC::IntlDisplayNames::fallbackString):
(JSC::IntlDisplayNames::languageDisplayString):
* runtime/IntlListFormat.cpp:
(JSC::IntlListFormat::styleString):
(JSC::IntlListFormat::typeString):
* runtime/IntlLocale.cpp:
(JSC::IntlLocale::initializeLocale):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::initializeNumberFormat):
(JSC::IntlNumberFormat::styleString):
(JSC::IntlNumberFormat::currencyDisplayString):
(JSC::IntlNumberFormat::notationString):
(JSC::IntlNumberFormat::currencySignString):
(JSC::IntlNumberFormat::unitDisplayString):
(JSC::IntlNumberFormat::compactDisplayString):
(JSC::IntlNumberFormat::signDisplayString):
(JSC::IntlNumberFormat::roundingModeString):
(JSC::IntlNumberFormat::trailingZeroDisplayString):
(JSC::IntlNumberFormat::roundingPriorityString):
* runtime/IntlObject.cpp:
(JSC::relevantExtensionKeyString):
* runtime/IntlRelativeTimeFormat.cpp:
(JSC::IntlRelativeTimeFormat::initializeRelativeTimeFormat):
(JSC::IntlRelativeTimeFormat::styleString):
* runtime/IntlSegmenter.cpp:
(JSC::IntlSegmenter::granularityString):
* runtime/JSObjectInlines.h:
(JSC::JSObject::putDirectInternal):
* runtime/TemporalDuration.cpp:
(JSC::TemporalDuration::total const):
* runtime/TemporalObject.cpp:
(JSC::temporalLargestUnit):
(JSC::temporalSmallestUnit):
* yarr/YarrErrorCode.cpp:
(JSC::Yarr::errorMessage):
2022-04-02 Keith Miller <keith_miller@apple.com>
AI should do int32 optimization in ValueRep
https://bugs.webkit.org/show_bug.cgi?id=238699
Reviewed by Saam Barati.
When constant folding an int52 into a ValueRep AI doesn't
do our normal int32 boxing optimization. I'm not sure if
it matters since I couldn't find a test but it probably
doesn't hurt.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2022-04-02 Adrian Perez de Castro <aperez@igalia.com>
[GTK] Replace gtk-doc with gi-docgen
https://bugs.webkit.org/show_bug.cgi?id=226662
Reviewed by Michael Catanzaro.
Import two new CMake modules which define commands to easy setup of GObject-Introspection
and gi-docgen. These in turn allow to remove a bunch of duplicated CMake code, reuse
the same for both the WPE and GTK ports, and remove the gnarly DocBook templates and
other auxiliary files previously used by gtk-doc (which amount to a sizeable amount of
code).
While at it, do a quick pass to fix the most egregious issues reported by gi-docgen's
linting mode and that all public symbols end up with at least some documentation in
the generated output. Follow-up patches will be needed to keep adapting to the style
encouraged by gi-docgen, fix linking between documented entities, make code examples
display properly, and a few other things.
* API/glib/JSCClass.cpp: Fix documentation comments.
* API/glib/JSCContext.cpp: Ditto.
* API/glib/JSCDefines.h: Ditto.
* API/glib/JSCException.cpp: Ditto.
* API/glib/JSCValue.cpp: Ditto.
* API/glib/JSCVersion.cpp: Ditto.
* API/glib/JSCVersion.h.in: Ditto.
* API/glib/JSCVirtualMachine.cpp: Ditto.
* API/glib/JSCWeakValue.cpp: Ditto.
* API/glib/docs/jsc-glib-4.0-sections.txt: Removed.
* API/glib/docs/jsc-glib-4.0.types: Removed.
* API/glib/docs/jsc-glib-docs.sgml: Removed.
* API/glib/docs/jsc.toml.in: Added.
* PlatformGTK.cmake: Adapt to use the new CMake modules.
2022-04-01 Michael Saboff <msaboff@apple.com>
Stop copying StagedFrameworks to the secondary path by default
https://bugs.webkit.org/show_bug.cgi?id=238688
Reviewed by Saam Barati.
Decoupled COPY_STAGED_FRAMEWORKS_TO_SECONDARY_PATH from USE_SYSTEM_CONTENT_PATH so we won't
always copy frameworks to the secondary path on macOS. Instead, the build configuration can set
COPY_STAGED_FRAMEWORKS_TO_SECONDARY_PATH as appropriate.
* Configurations/Base.xcconfig:
2022-04-01 Jeff Miller <jeffm@apple.com>
WKBundlePageUIClient console message support should include source URL, column number, and console messages with arguments
https://bugs.webkit.org/show_bug.cgi?id=238032
Reviewed by Alex Christensen.
Add a function to ScriptArguments to get a vector of argument strings. As we do in
ScriptArguments::getFirstArgumentAsString(), avoid triggering Proxy traps on a Proxy object when
generating the vector.
* inspector/ScriptArguments.cpp:
(Inspector::ScriptArguments::getArgumentAtIndexAsString const):
Refactored from getFirstArgumentAsString().
(Inspector::ScriptArguments::getFirstArgumentAsString const):
Use getArgumentAtIndexAsString().
(Inspector::ScriptArguments::getArgumentsAsStrings const):
* inspector/ScriptArguments.h:
2022-04-01 Diego Pino Garcia <dpino@igalia.com>
Unreviewed, fix non-unified build after r292191
* runtime/ScriptExecutableInlines.h:
2022-03-31 Chris Dumez <cdumez@apple.com>
Adopt Identifier::fromString(ASCIILiteral) more broadly
https://bugs.webkit.org/show_bug.cgi?id=238574
Reviewed by Darin Adler.
Adopt Identifier::fromString(ASCIILiteral) more broadly, now that it is very efficient.
* API/JSBase.cpp:
(JSGetMemoryUsageStatistics):
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result:
* Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
* Scripts/wkbuiltins/builtins_model.py:
(BuiltinFunction.fromString):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitThrowReferenceError):
(JSC::BytecodeGenerator::emitThrowTypeError):
(JSC::BytecodeGenerator::emitRequireObjectCoercible):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::ThrowableExpressionData::emitThrowReferenceError):
* inspector/JSInjectedScriptHostPrototype.cpp:
(Inspector::JSInjectedScriptHostPrototype::finishCreation):
* inspector/JSJavaScriptCallFramePrototype.cpp:
(Inspector::JSJavaScriptCallFramePrototype::finishCreation):
* jsc.cpp:
(JSC_DEFINE_CUSTOM_SETTER):
(JSCMemoryFootprint::finishCreation):
(JSCMemoryFootprint::addProperty):
(JSC_DEFINE_HOST_FUNCTION):
* parser/Nodes.h:
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
* runtime/ConsoleObject.cpp:
(JSC::ConsoleObject::finishCreation):
* runtime/Identifier.cpp:
(JSC::Identifier::add): Deleted.
* runtime/Identifier.h:
* runtime/IdentifierInlines.h:
(JSC::Identifier::fromCString):
* runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::IntlDateTimeFormatPrototype::finishCreation):
* runtime/IntlNumberFormatPrototype.cpp:
(JSC::IntlNumberFormatPrototype::finishCreation):
* runtime/IntlObject.cpp:
(JSC::IntlObject::finishCreation):
* runtime/JSObject.cpp:
(JSC::JSObject::reifyAllStaticProperties):
* runtime/JSObject.h:
(JSC::makeIdentifier):
* runtime/JSObjectInlines.h:
(JSC::JSObject::getNonReifiedStaticPropertyNames):
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::JSTypedArrayViewPrototype::finishCreation):
* runtime/ProxyConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::ProxyConstructor::finishCreation):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::performGetPrototype):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
* tools/JSDollarVM.cpp:
(JSC::JSDollarVM::finishCreation):
(JSC::JSDollarVM::addFunction):
(JSC::JSDollarVM::addConstructibleFunction):
* tools/JSDollarVM.h:
* wasm/js/JSWebAssembly.cpp:
(JSC::JSWebAssembly::finishCreation):
2022-03-31 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Remove ExecutableToCodeBlockEdge
https://bugs.webkit.org/show_bug.cgi?id=238485
Reviewed by Keith Miller.
It turned out that getting CodeBlock from JSFunction is critical. As we start using unlinked Baseline, we are loading
CodeBlock from JSFunction instead of embedding it, and it roughly contributes to 0.5% regression in Speedometer2.
It is also crucial to some other places: bound function thunk, remote function thunk, and virtual function calls.
While the subsequent patch will embed CodeBlock into CallLinkInfo to make it fast, we also would like to keep loading
CodeBlock from JSFunction faster since this is still used in bound function thunk etc.
In this patch, we remove ExecutableToCodeBlockEdge to remove one-level indirection between Executable to CodeBlock.
We can delegate ExecutableToCodeBlockEdge's job to existing Executables so that we can keep the current weak-edge
feature without introducing ExecutableToCodeBlockEdge. It also removes ExecutableToCodeBlockEdge allocations and
shrinks sizeof(CodeBlock) by 8 byte.
We move key functions from ExecutableToCodeBlockEdge to ScriptExecutable, and we maintain Executable-to-CodeBlock edge
in Executable side.
Local testing showed that 0.3% progression in Speedometer2.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::visitChildrenImpl):
(JSC::CodeBlock::visitChildren):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::stronglyVisitStrongReferences):
(JSC::CodeBlock::finishCreationCommon): Deleted.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::ownerEdge const): Deleted.
* bytecode/ExecutableToCodeBlockEdge.cpp: Removed.
* bytecode/ExecutableToCodeBlockEdge.h: Removed.
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::finalizeUnconditionalFinalizers):
(JSC::Heap::deleteAllCodeBlocks):
(JSC::Heap::addCoreConstraints):
* heap/Heap.h:
(JSC::Heap::ScriptExecutableSpaceAndSet::ScriptExecutableSpaceAndSet):
(JSC::Heap::ScriptExecutableSpaceAndSet::setAndSpaceFor):
(JSC::Heap::ScriptExecutableSpaceAndSet::clearableCodeSetFor):
(JSC::Heap::ScriptExecutableSpaceAndSet::outputConstraintsSetFor):
(JSC::Heap::ScriptExecutableSpaceAndSet::finalizerSetFor):
* heap/IsoCellSet.h:
* jit/JIT.cpp:
(JSC::JIT::emitPutCodeBlockToFrameInPrologue):
* llint/LowLevelInterpreter.asm:
* runtime/DirectEvalExecutable.cpp:
(JSC::DirectEvalExecutable::create):
* runtime/EvalExecutable.cpp:
(JSC::EvalExecutable::visitChildrenImpl):
* runtime/EvalExecutable.h:
(JSC::EvalExecutable::codeBlock const):
(JSC::EvalExecutable::unlinkedCodeBlock const):
(JSC::EvalExecutable::numVariables):
(JSC::EvalExecutable::numFunctionHoistingCandidates):
(JSC::EvalExecutable::numTopLevelFunctionDecls):
(JSC::EvalExecutable::allowDirectEvalCache const):
(JSC::EvalExecutable::codeBlock): Deleted.
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::baselineCodeBlockFor):
(JSC::shouldKeepInConstraintSet):
(JSC::FunctionExecutable::visitChildrenImpl):
(JSC::FunctionExecutable::visitOutputConstraintsImpl):
* runtime/FunctionExecutable.h:
* runtime/FunctionExecutableInlines.h:
(JSC::FunctionExecutable::finalizeUnconditionally):
(JSC::FunctionExecutable::replaceCodeBlockWith):
(JSC::FunctionExecutable::toString):
* runtime/GlobalExecutable.cpp:
(JSC::GlobalExecutable::visitChildrenImpl):
(JSC::GlobalExecutable::visitOutputConstraintsImpl):
(JSC::GlobalExecutable::replaceCodeBlockWith):
(JSC::GlobalExecutable::finalizeUnconditionally):
* runtime/GlobalExecutable.h:
(JSC::GlobalExecutable::codeBlock const):
(JSC::GlobalExecutable::unlinkedCodeBlock const):
* runtime/IndirectEvalExecutable.cpp:
(JSC::IndirectEvalExecutable::createImpl):
* runtime/JSFunction.cpp:
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::link):
(JSC::JSModuleRecord::instantiateDeclarations):
* runtime/ModuleProgramExecutable.cpp:
(JSC::ModuleProgramExecutable::create):
(JSC::ModuleProgramExecutable::visitChildrenImpl):
* runtime/ModuleProgramExecutable.h:
* runtime/ProgramExecutable.cpp:
(JSC::ProgramExecutable::initializeGlobalProperties):
(JSC::ProgramExecutable::visitChildrenImpl):
* runtime/ProgramExecutable.h:
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::clearCode):
(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::hasClearableCode const):
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::runConstraint):
(JSC::ScriptExecutable::visitCodeBlockEdge):
* runtime/ScriptExecutable.h:
* runtime/ScriptExecutableInlines.h: Copied from Source/JavaScriptCore/runtime/FunctionExecutableInlines.h.
(JSC::ScriptExecutable::finalizeCodeBlockEdge):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::executableToCodeBlockEdgesWithConstraints): Deleted.
(JSC::VM::executableToCodeBlockEdgesWithFinalizers): Deleted.
2022-03-31 Patrick Angle <pangle@apple.com>
Web Inspector: Support Container Queries in the Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=238346
Reviewed by Devin Rousso.
Add new `container-rule` type for `CSS::Grouping::Type`.
* inspector/protocol/CSS.json:
2022-03-30 Chris Dumez <cdumez@apple.com>
Optimize the construction of a JSC::Identifier from an ASCIILiteral
https://bugs.webkit.org/show_bug.cgi?id=238552
Reviewed by Geoffrey Garen.
There are two ways to construct a JSC::Identifier from a string literal and both
were sub-optimal:
- template<unsigned charactersCount> static Identifier fromString(VM&, const char (&characters)[charactersCount]):
Even though it knows the charactersCount at compile time, it doesn't leverage this information
at all. Also, it ends up calling AtomStringImpl::add() instead of AtomStringImpl::addLiteral()
which means we lose the knowledge that it was a string literal and the optimization that come
with it (e.g. not copying the characters over). In this patch, I am deprecating this function
in favor of fromString(ASCIILiteral) which is now more efficient. I'll remove it in a follow up.
- static Identifier fromString(VM&, ASCIILiteral):
It ended up calling the Identifier(VM&, String) constructor which meant that we were potentially constructing
a String/StringImpl unnecessarily before atomizing it since the string may already be in the
AtomString table. We also failed to use the smallStrings cache for literals whose length is 1,
which would happen when calling `fromString(VM&, const char (&characters)[charactersCount])`.
In this patch, I optimized `fromString(VM&, ASCIILiteral)` to leverage the smallStrings cache
when necessary and call AtomStringImpl::addLiteral() instead of AtomStringImpl::add(). I also
made sure to mark `fromString(VM&, ASCIILiteral)` and `Identifier(VM&, ASCIILiteral)` as
ALWAYS_INLINE to make sure the compiler can optimize out the strlen() calls.
According to A/B bots, this is a 1-1.5% progression on Speedometer and and a 1.3% progression on
JetStream on iMac 20,1 (Intel). Sadly, this is perf-neutral on those two benchmarks on Apple
Silicon.
* API/JSAPIGlobalObject.mm:
(JSC::JSAPIGlobalObject::moduleLoaderCreateImportMetaProperties):
* API/JSBase.cpp:
(JSGetMemoryUsageStatistics):
* API/JSObjectRef.cpp:
(JSObjectMakeFunction):
* builtins/BuiltinNames.cpp:
(JSC::BuiltinNames::BuiltinNames):
* builtins/BuiltinUtils.h:
* dynbench.cpp:
* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::functionDetails):
(Inspector::constructInternalProperty):
(Inspector::JSInjectedScriptHost::weakMapEntries):
(Inspector::JSInjectedScriptHost::weakSetEntries):
(Inspector::JSInjectedScriptHost::iteratorEntries):
* inspector/JSJavaScriptCallFrame.cpp:
(Inspector::valueForScopeLocation):
(Inspector::JSJavaScriptCallFrame::scopeDescriptions):
* inspector/ScriptCallStackFactory.cpp:
(Inspector::extractSourceInformationFromException):
* inspector/agents/InspectorAuditAgent.cpp:
(Inspector::InspectorAuditAgent::populateAuditObject):
* jsc.cpp:
(GlobalObject::moduleLoaderCreateImportMetaProperties):
(JSC_DEFINE_HOST_FUNCTION):
(dumpException):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::hostResolveImportedModule):
* runtime/AtomicsObject.cpp:
(JSC::AtomicsObject::finishCreation):
* runtime/CommonIdentifiers.cpp:
(JSC::CommonIdentifiers::CommonIdentifiers):
* runtime/FinalizationRegistryPrototype.cpp:
(JSC::FinalizationRegistryPrototype::finishCreation):
* runtime/Identifier.cpp:
(JSC::Identifier::addLiteral):
* runtime/Identifier.h:
(JSC::Identifier::Identifier):
* runtime/IdentifierInlines.h:
(JSC::Identifier::fromString):
* runtime/IntlLocale.cpp:
(JSC::IntlLocale::textInfo):
(JSC::IntlLocale::weekInfo):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::initializeNumberFormat):
(JSC::IntlNumberFormat::resolvedOptions const):
(JSC::IntlNumberFormat::formatToPartsInternal):
* runtime/IntlPluralRules.cpp:
(JSC::IntlPluralRules::resolvedOptions const):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::exposeDollarVM):
* runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::finishCreation):
* runtime/MathObject.cpp:
(JSC::MathObject::finishCreation):
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::finishCreation):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
* runtime/SymbolConstructor.cpp:
* tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSDollarVM::finishCreation):
* wasm/js/JSWebAssemblyGlobal.cpp:
(JSC::JSWebAssemblyGlobal::type):
* wasm/js/JSWebAssemblyMemory.cpp:
(JSC::JSWebAssemblyMemory::type):
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::type):
* wasm/js/WebAssemblyGlobalConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyMemoryConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyModuleConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyTableConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyTagPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
2022-03-30 Mark Lam <mark.lam@apple.com>
Remove obsolete --useProbeOSRExit option.
https://bugs.webkit.org/show_bug.cgi?id=238534
Reviewed by Saam Barati.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* runtime/Options.cpp:
(JSC::Options::recomputeDependentOptions):
* runtime/OptionsList.h:
2022-03-29 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use constants buffer to load JSGlobalObject in BaselineJIT thunks
https://bugs.webkit.org/show_bug.cgi?id=238414
Reviewed by Saam Barati.
Since these thunks are only called from BaselineJIT, we can assume constants
buffer register. And since we are always using 0 index for JSGlobalObject,
we can encode this into these shared thunks directly instead of loading
CodeBlock pointer from the stack.
We also fix using OBJECT_OFFSETOF for JSGlobalObject directly. We should use
it as JSGlobalObject::offsetOfXXX to make it clean and make it annotated that
these fields are accessed by JIT.
This patch also removes UnusedPointer.h since it is no longer used.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::emitVarReadOnlyCheck):
* jit/JIT.h:
* jit/JITInlines.h:
(JSC::JIT::loadConstant):
(JSC::JIT::loadGlobalObject):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_overrides_has_instance):
(JSC::JIT::valueIsFalseyGenerator):
(JSC::JIT::valueIsTruthyGenerator):
(JSC::JIT::op_throw_handlerGenerator):
(JSC::JIT::op_check_traps_handlerGenerator):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::slow_op_get_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_del_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_del_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_get_by_id_with_this_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::slow_op_put_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::generateOpResolveScopeThunk):
(JSC::JIT::generateOpGetFromScopeThunk):
(JSC::JIT::emitVarInjectionCheck):
* jit/UnusedPointer.h: Removed.
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::offsetOfVarInjectionWatchpoint):
(JSC::JSGlobalObject::offsetOfVarReadOnlyWatchpoint):
(JSC::JSGlobalObject::offsetOfFunctionProtoHasInstanceSymbolFunction):
2022-03-29 Geza Lore <glore@igalia.com>
[JSC][ARMv7] Cleanup GPR numbering
https://bugs.webkit.org/show_bug.cgi?id=235027
Reviewed by Yusuke Suzuki.
- Make the the lower order callee save register be regCS0/llint csr0.
Some of the CSR store/restore code relies on this and using a
numbering scheme consistent with other targets (that is: regCS<N> maps
to a lower number machine register than regCS<N+1>) eliminates some
ifdefs in LLInt, and hopefully will prevent hard to find issues due to
the mismatch from other targets that all follow this rule.
- In the Thumb-2 instruction set, use of r0-r7 can often be encoded
using a shorter, 16-bit instruction. Swap regT4/regT5 with
regT7/regT6, so lower order temporaries (which are usually used first)
map to the lower order registers that can yield denser code. This
then simplifies BaselineJITRegisters.h, and also saves about ~1% DFG
code size.
- In offlineasm, prefer low order registers for temporaries.
- Also clean up baseline instanceof op implementation.
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::initializeFromUnlinkedStructureStubInfo):
* jit/BaselineJITRegisters.h:
* jit/GPRInfo.h:
(JSC::GPRInfo::toIndex):
(JSC::PreferredArgumentImpl::preferredArgumentJSR):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emitSlow_op_put_private_name):
(JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
* llint/LowLevelInterpreter.asm:
* offlineasm/arm.rb:
2022-03-29 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use spoolers in FTL OSR exit thunk
https://bugs.webkit.org/show_bug.cgi?id=238444
Reviewed by Mark Lam.
We deploy spoolers in FTL OSR exit thunk to reduce generated code size.
This change reduces FTLOSRExit code size in JetStream2 by 35%.
Before:
FTLOSRExit: 803564 (784.730469 KB) count 363 avg size 2213
After:
FTLOSRExit: 516432 (504.328125 KB) count 362 avg size 1426
* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::compileExit):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
2022-03-29 Patrick Angle <pangle@apple.com>
Web Inspector: Add check for null `entryScope` in JSC::Debugger::detach
https://bugs.webkit.org/show_bug.cgi?id=238518
Reviewed by Devin Rousso.
A virtual machine may not always have an `entryScope`, which can occur if a `JSGlobalObject` is being destructed
(which will call into `JSC::Debugger::Detach`) before a `VMEntryScope` is created or after a `VMEntryScope` has
fallen out of scope, causing the VM's `entryScope` to be null again. In the original internal issue that led to
finding this, this most commonly occurred in conjunction with page refresh while the debugger was paused.
Because it is possible that we were previously paused in the VM that now has no `entryScope`, we should go ahead
and unpause.
* debugger/Debugger.cpp:
(JSC::Debugger::detach):
2022-03-29 Patrick Angle <pangle@apple.com>
Web Inspector: [Cocoa] Indicate a request was sent through proxy/private relay in Network tab
https://bugs.webkit.org/show_bug.cgi?id=233202
Reviewed by Devin Rousso.
Add new `isProxyConnection` property to network metrics protocol object.
* inspector/protocol/Network.json:
2022-03-28 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Clean up some 32bit load/store with 64bit load/store
https://bugs.webkit.org/show_bug.cgi?id=238440
Reviewed by Mark Lam.
1. On OSR entry, we should copy values from scratch to stack via loadValue / storeValue instead of 32bit load/store.
2. We should initialize tail-call's argumentCountIncludingThis slot via store64.
* dfg/DFGThunks.cpp:
(JSC::DFG::osrEntryThunkGenerator):
* jit/CallFrameShuffler.cpp:
(JSC::CallFrameShuffler::prepareAny):
2022-03-28 Mark Lam <mark.lam@apple.com>
The lazy symbolObjectStructure should be realized before we allocate a SymbolObject.
https://bugs.webkit.org/show_bug.cgi?id=238474
<rdar://problem/90918765>
Reviewed by Yusuke Suzuki and Saam Barati.
We should not be allocating the symbolObjectStructure while in the middle of
initializing a SymbolObject.
* runtime/Symbol.cpp:
(JSC::Symbol::toObject const):
(JSC::SymbolObject::create): Deleted.
* runtime/SymbolObject.h:
2022-03-28 Chris Dumez <cdumez@apple.com>
Unreviewed, address post-landing review comment from Darin after r291972.
* yarr/YarrJIT.cpp:
2022-03-28 Chris Dumez <cdumez@apple.com>
Use StringView for Yarr / RegularExpression parsing
https://bugs.webkit.org/show_bug.cgi?id=238420
Reviewed by Sam Weinig.
Use StringView for Yarr / RegularExpression parsing, to avoid unnecessary String construction
in some cases. It is not uncommon for the pattern to be a string literal.
* yarr/RegularExpression.cpp:
(JSC::Yarr::RegularExpression::Private::create):
(JSC::Yarr::RegularExpression::Private::Private):
(JSC::Yarr::RegularExpression::Private::compile):
(JSC::Yarr::RegularExpression::RegularExpression):
(JSC::Yarr::RegularExpression::match const):
(JSC::Yarr::RegularExpression::searchRev const):
(JSC::Yarr::replace):
* yarr/RegularExpression.h:
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::interpret):
* yarr/YarrInterpreter.h:
* yarr/YarrJIT.cpp:
(JSC::Yarr::jitCompile):
(JSC::Yarr::jitCompileInlinedTest):
* yarr/YarrJIT.h:
* yarr/YarrParser.h:
(JSC::Yarr::Parser::Parser):
(JSC::Yarr::parse):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):
(JSC::Yarr::YarrPattern::dumpPatternString):
(JSC::Yarr::YarrPattern::dumpPattern):
* yarr/YarrPattern.h:
* yarr/YarrSyntaxChecker.cpp:
(JSC::Yarr::checkSyntax):
* yarr/YarrSyntaxChecker.h:
2022-03-27 Lauro Moura <lmoura@igalia.com>
Unreviewed, non-unified buildfix
https://bugs.webkit.org/show_bug.cgi?id=238436
* dfg/DFGStrengthReductionPhase.cpp:
2022-03-26 Yusuke Suzuki <ysuzuki@apple.com>
Use static_assert instead of COMPILE_ASSERT
https://bugs.webkit.org/show_bug.cgi?id=238417
Reviewed by Mark Lam.
* assembler/ARM64Assembler.h:
* assembler/ARMv7Assembler.h:
* assembler/MacroAssemblerX86Common.h:
* bytecode/Opcode.h:
* bytecode/VirtualRegister.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
* inspector/InspectorProtocolTypes.h:
(Inspector::Protocol::BindingTraits<JSON::ArrayOf<T>>::runtimeCast):
* inspector/scripts/codegen/cpp_generator_templates.py:
* inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
* inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/expected/definitions-with-mac-platform.json-result:
* inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
* inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
* inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
* inspector/scripts/tests/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
* inspector/scripts/tests/expected/type-with-open-parameters.json-result:
* jit/FPRInfo.h:
* jit/GPRInfo.h:
* parser/Parser.h:
* runtime/JSCell.cpp:
* runtime/JSObject.h:
* runtime/SmallStrings.cpp:
(JSC::SmallStrings::SmallStrings):
* runtime/Structure.h:
(JSC::Structure::outOfLineCapacity):
* yarr/YarrInterpreter.cpp:
2022-03-26 Yusuke Suzuki <ysuzuki@apple.com>
Use unary static_assert
https://bugs.webkit.org/show_bug.cgi?id=238412
Reviewed by Mark Lam.
Replace `static_assert(..., "");` with `static_assert(...);`
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::relinkJumpOrCall):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::putIntegralUnchecked):
* assembler/MacroAssemblerCodeRef.h:
* bytecode/AdaptiveInferredPropertyValueWatchpointBase.h:
* bytecode/ArrayProfile.h:
* bytecode/CodeBlockHash.cpp:
(JSC::CodeBlockHash::CodeBlockHash):
* bytecode/ParseHash.cpp:
(JSC::ParseHash::ParseHash):
* bytecode/Watchpoint.h:
* dfg/DFGNode.h:
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGSpeculativeJIT.cpp:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileArrayPush):
* jit/RegisterSet.cpp:
(JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
(JSC::RegisterSet::dfgCalleeSaveRegisters):
(JSC::RegisterSet::ftlCalleeSaveRegisters):
* runtime/CachedBytecode.cpp:
(JSC::CachedBytecode::commitUpdates const):
* runtime/ClonedArguments.h:
* runtime/DirectArguments.h:
* runtime/DirectEvalExecutable.h:
* runtime/ErrorConstructor.h:
* runtime/IndirectEvalExecutable.h:
* runtime/JSArrayBufferView.cpp:
* runtime/JSBoundFunction.h:
* runtime/JSLexicalEnvironment.h:
(JSC::JSLexicalEnvironment::subspaceFor):
* runtime/JSString.cpp:
(JSC::JSRopeString::RopeBuilder<RecordOverflow>::expand):
* runtime/JSString.h:
* runtime/NativeFunction.h:
* runtime/Operations.h:
(JSC::jsString):
* runtime/RegExpObject.h:
* runtime/ScopedArguments.h:
* runtime/ScopedArgumentsTable.cpp:
* runtime/TypedArrayAdaptors.h:
(JSC::IntegralTypedArrayAdaptor::toJSValue):
* runtime/TypedArrayType.h:
* runtime/WeakMapImpl.h:
* wasm/WasmAirIRGenerator.cpp:
(JSC::Wasm::AirIRGenerator::addCallIndirect):
(JSC::Wasm::AirIRGenerator::emitChecksForModOrDiv):
(JSC::Wasm::AirIRGenerator::emitModOrDiv):
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::DisjunctionContext::allocationSize):
(JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::allocationSize):
2022-03-26 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Include argumentRegisters in identity of SlowPathCallKey when clobberAllRegsInFTLICSlowPath is enabled
https://bugs.webkit.org/show_bug.cgi?id=238411
Reviewed by Mark Lam.
While SlowPathCallKey includes argumentRegisters, it is not used for its identity check. But this argumentRegisters
is effectual on the resulting code in FTLThunks if Options::clobberAllRegsInFTLICSlowPath is set. This causes
x64 Debug JSC test failures after enabling DataIC because the same FTLThunks should not be picked for different
argument registers when Options::clobberAllRegsInFTLICSlowPath is true.
However, always including argumentRegisters in the identity check will cause a code size regression since we will
lose a chance to duplicate thunks when argumentRegisters is ineffectual. Note that Options::clobberAllRegsInFTLICSlowPath
is only set for debugging use cases. Hence, argumentRegisters is normally not effectual.
In this patch, we include argumentRegisters in SlowPathCallKey's identity check only when Options::clobberAllRegsInFTLICSlowPath
is set. And we also refactor SlowPathCallKey to reduce size of it from 40 to 24.
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerCodeRef.h:
(JSC::CFunctionPtr::CFunctionPtr):
(JSC::FunctionPtr::FunctionPtr):
* ftl/FTLSlowPathCall.cpp:
(JSC::FTL::SlowPathCallContext::keyWithTarget const):
* ftl/FTLSlowPathCallKey.cpp:
(JSC::FTL::SlowPathCallKey::dump const):
* ftl/FTLSlowPathCallKey.h:
(JSC::FTL::SlowPathCallKey::SlowPathCallKey):
(JSC::FTL::SlowPathCallKey::callTarget const):
(JSC::FTL::SlowPathCallKey::usedRegisters const):
(JSC::FTL::SlowPathCallKey::argumentRegistersIfClobberingCheckIsEnabled const):
(JSC::FTL::SlowPathCallKey::indirectOffset const):
(JSC::FTL::SlowPathCallKey::withCallTarget):
(JSC::FTL::SlowPathCallKey::isEmptyValue const):
(JSC::FTL::SlowPathCallKey::isDeletedValue const):
(JSC::FTL::SlowPathCallKey::operator== const):
(JSC::FTL::SlowPathCallKey::hash const):
(JSC::FTL::SlowPathCallKey::argumentRegisters const): Deleted.
* ftl/FTLThunks.cpp:
(JSC::FTL::registerClobberCheck):
(JSC::FTL::slowPathCallThunkGenerator):
* jit/HashableRegisterSet.h: Removed.
* jit/RegisterSet.h:
(JSC::RegisterSetHash::hash):
(JSC::RegisterSetHash::equal):
2022-03-25 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Clean up DataIC polymorphic call code for OptimizingCallLinkInfo
https://bugs.webkit.org/show_bug.cgi?id=238395
Reviewed by Saam Barati.
When using DataIC, return address is already appropriate in non-tail call case
in polymorphic call stub code. This patch cleans up the code to align it to
DataIC BaselineCallLinkInfo.
* bytecode/Repatch.cpp:
(JSC::linkPolymorphicCall):
2022-03-25 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r291745.
https://bugs.webkit.org/show_bug.cgi?id=238399
JSC debug test failures
Reverted changeset:
"[JSC] Add DoNotHaveTagRegisters mode to unboxDouble"
https://bugs.webkit.org/show_bug.cgi?id=238018
https://commits.webkit.org/r291745
2022-03-24 Justin Michaud <justin_michaud@apple.com>
AI should not set the structure for ObjectCreate
https://bugs.webkit.org/show_bug.cgi?id=238349
Reviewed by Saam Barati and Yusuke Suzuki.
The AbstractInterpreter should not set the structure for ObjectCreate because it might change by
the time the constant folding phase runs if the structure cache is cleared.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2022-03-25 Wenson Hsieh <wenson_hsieh@apple.com>
Enable PGO when building for release and production
https://bugs.webkit.org/show_bug.cgi?id=238119
rdar://90182309
Reviewed by Alexey Proskuryakov and Geoff Garen.
See WebCore/ChangeLog for more information.
* Configurations/Base.xcconfig:
* Configurations/JavaScriptCore.xcconfig:
* JavaScriptCore.xcodeproj/project.pbxproj:
2022-03-24 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use Data CallIC in unlinked DFG
https://bugs.webkit.org/show_bug.cgi?id=238176
Reviewed by Saam Barati.
This patch enables Data CallIC when Options::useDataICInOptimizingJIT() is true
to pave the way to introducing unlinked DFG.
The most complicated part is DFG tail call handling. We load CallLinkInfo in one
non-callee-save register, and we set up CallFrameShuffleData to keep this value
in the same register even after call frame shuffling for the tail call. This must
be non-callee-save register since callee-save registers are restored to values
of the one-level upper caller for the tail-call.
We also clean up CallLinkInfo code so that many functions work well with DataIC.
Currently, direct calls are not supported, and we will not emit direct calls when
unlinked DFG is used.
* bytecode/AccessCase.cpp:
(JSC::AccessCase::generateImpl):
* bytecode/CallLinkInfo.cpp:
(JSC::BaselineCallLinkInfo::initialize):
(JSC::OptimizingCallLinkInfo::emitFastPath):
(JSC::OptimizingCallLinkInfo::emitTailCallFastPath):
(JSC::OptimizingCallLinkInfo::slowPathStart):
(JSC::OptimizingCallLinkInfo::emitDirectFastPath):
(JSC::OptimizingCallLinkInfo::emitDirectTailCallFastPath):
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::isDataIC const):
(JSC::CallLinkInfo::useDataIC const):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::setUsesDataICs): Deleted.
* bytecode/Repatch.cpp:
(JSC::linkPolymorphicCall):
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::addCallLinkInfo):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::prepareForTailCallSlow):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
2022-03-25 Keith Miller <keith_miller@apple.com>
Remove unused JITOperation, operationTryOSREnterAtCatch.
https://bugs.webkit.org/show_bug.cgi?id=238379
Reviewed by Mark Lam.
* jit/JITOperations.cpp:
* jit/JITOperations.h:
2022-03-25 Chris Dumez <cdumez@apple.com>
Start preparing WebCore for making the String(const char*) constructor explicit
https://bugs.webkit.org/show_bug.cgi?id=238336
Reviewed by Geoffrey Garen.
Start preparing WebCore for making the String(const char*) constructor explicit.
Making this constructor explicit helps catch at compile time cases where the ""_s
prefix is missing on String literals.
* API/JSValue.mm:
(createStructHandlerMap):
(handerForStructTag):
* API/JSWrapperMap.mm:
(allocateConstructorForCustomClass):
* inspector/agents/InspectorAuditAgent.cpp:
(Inspector::InspectorAuditAgent::run):
2022-03-25 Diego Pino Garcia <dpino@igalia.com>
Unreviewed, fix non-unified build after r291779
* wasm/WasmExceptionType.h:
2022-03-24 Don Olmstead <don.olmstead@sony.com>
Non-unified build fixes, late March 2022 edition
https://bugs.webkit.org/show_bug.cgi?id=238358
Unreviewed non-unified build fixes.
* bytecode/ExitKind.cpp:
* bytecode/ExitKind.h:
* heap/RootMarkReason.cpp:
* heap/RootMarkReason.h:
* runtime/CallData.h:
2022-03-24 Chris Dumez <cdumez@apple.com>
FileSystem::pathByAppendingComponent() should take in StringViews instead of Strings
https://bugs.webkit.org/show_bug.cgi?id=238344
Reviewed by Geoff Garen.
* jsc.cpp:
2022-03-24 Chris Dumez <cdumez@apple.com>
String's startsWith() / endsWith() / replace() should take in a StringView instead of a String
https://bugs.webkit.org/show_bug.cgi?id=238333
Reviewed by Geoff Garen.
* runtime/FileBasedFuzzerAgent.cpp:
(JSC::FileBasedFuzzerAgent::getPredictionInternal):
* runtime/IntlRelativeTimeFormat.cpp:
(JSC::singularUnit):
* runtime/TemporalObject.cpp:
(JSC::singularUnit):
2022-03-24 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] JSRemoteFunction thunk should materialize code-pointer
https://bugs.webkit.org/show_bug.cgi?id=238313
Reviewed by Mark Lam.
When invoking a JSRemoteFunction, we must first wrap the arguments passed to it.
The wrapping operation may trigger a GC, and GC can jettison JIT code. As a result,
even though we know that the target JSFunction has JIT code that we want to execute,
the JIT code may be jettisoned (while wrapping the arguments for it) before we get
to the call. This resulted in occasional crashes on the JSTests/stress/shadow-realm-evaluate.js test.
This patch fixes this by doing a null check on the JIT code just before calling it,
and if null (i.e. the JIT code has been jettisoned), re-materializing the JIT code
first before making the call.
* jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* jit/ThunkGenerators.cpp:
(JSC::remoteFunctionCallGenerator):
2022-03-23 Geza Lore <glore@igalia.com>
[JSC] Fix remoteFunctionCallGenerator on MIPS
https://bugs.webkit.org/show_bug.cgi?id=238274
Reviewed by Yusuke Suzuki.
Eliminate register conflict (nonArgGPR0 == regT4, which is used in
valueRegs)
* jit/ThunkGenerators.cpp:
(JSC::remoteFunctionCallGenerator):
2022-03-23 Chris Dumez <cdumez@apple.com>
Prepare JSC for making the String(const char*) constructor explicit
https://bugs.webkit.org/show_bug.cgi?id=238264
Reviewed by Geoff Garen.
Prepare JSC for making the String(const char*) constructor explicit. Making this constructor
explicit helps catch many instances where we're constructing a String from a literal but we
are missing the ""_s suffix.
* API/JSAPIGlobalObject.cpp:
* API/JSAPIGlobalObject.mm:
(JSC::computeValidImportSpecifier):
(JSC::JSAPIGlobalObject::moduleLoaderFetch):
* API/JSAPIValueWrapper.cpp:
* API/JSAPIWrapperObject.mm:
* API/JSCallbackConstructor.cpp:
* API/JSCallbackFunction.cpp:
* API/JSCallbackObject.cpp:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
* API/JSScript.mm:
(-[JSScript readCache]):
* API/JSTypedArray.cpp:
(JSObjectMakeTypedArrayWithArrayBuffer):
(JSObjectMakeTypedArrayWithArrayBufferAndOffset):
* API/JSValue.mm:
(createStructHandlerMap):
(handerForStructTag):
* API/JSWrapperMap.mm:
(allocateConstructorForCustomClass):
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunctionImpl::name):
* API/glib/JSAPIWrapperGlobalObject.cpp:
* API/glib/JSAPIWrapperObjectGLib.cpp:
* API/glib/JSCCallbackFunction.cpp:
* API/tests/JSONParseTest.cpp:
(testJSONParse):
* bindings/ScriptFunctionCall.cpp:
(Deprecated::ScriptCallArgumentHandler::appendArgument):
* bytecode/CodeBlock.cpp:
* bytecode/EvalCodeBlock.cpp:
* bytecode/ExecutableToCodeBlockEdge.cpp:
* bytecode/ExitKind.cpp:
(JSC::exitKindToString):
* bytecode/ExitKind.h:
* bytecode/FunctionCodeBlock.cpp:
* bytecode/ModuleProgramCodeBlock.cpp:
* bytecode/ProgramCodeBlock.cpp:
* bytecode/UnlinkedCodeBlock.cpp:
* bytecode/UnlinkedEvalCodeBlock.cpp:
* bytecode/UnlinkedFunctionCodeBlock.cpp:
* bytecode/UnlinkedFunctionExecutable.cpp:
* bytecode/UnlinkedModuleProgramCodeBlock.cpp:
* bytecode/UnlinkedProgramCodeBlock.cpp:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitHasPrivateBrand):
(JSC::BytecodeGenerator::emitCheckPrivateBrand):
(JSC::BytecodeGenerator::emitReturn):
* bytecompiler/NodesCodegen.cpp:
(JSC::PropertyListNode::emitSaveComputedFieldName):
(JSC::BaseDotNode::emitGetPropertyValue):
(JSC::BaseDotNode::emitPutProperty):
(JSC::PostfixNode::emitDot):
(JSC::DeleteBracketNode::emitBytecode):
(JSC::DeleteDotNode::emitBytecode):
(JSC::PrefixNode::emitDot):
(JSC::InstanceOfNode::emitBytecode):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::functionName const):
* debugger/DebuggerScope.cpp:
* heap/HeapSnapshotBuilder.cpp:
(JSC::HeapSnapshotBuilder::json):
* heap/RootMarkReason.cpp:
(JSC::rootMarkReasonDescription):
* heap/RootMarkReason.h:
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::getInternalProperties):
* inspector/JSInjectedScriptHostPrototype.cpp:
* inspector/JSJavaScriptCallFrame.cpp:
* inspector/JSJavaScriptCallFramePrototype.cpp:
* inspector/agents/InspectorAuditAgent.cpp:
(Inspector::InspectorAuditAgent::run):
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::getScriptSource):
* inspector/agents/InspectorDebuggerAgent.h:
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::getRemoteObject):
* jit/ExecutableAllocator.cpp:
(JSC::dumpJITMemory):
* jit/JITCode.cpp:
(JSC::JITCode::typeName):
* jit/JITCode.h:
* jit/JITOperations.cpp:
(JSC::getWrappedValue):
* jsc.cpp:
(toCString):
(JSC_DEFINE_HOST_FUNCTION):
(runWithOptions):
(CommandLine::parseArguments):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::handleVarargsCheckpoint):
* parser/Lexer.cpp:
(JSC::Lexer<T>::scanRegExp):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parsePrimaryExpression):
* runtime/AbstractModuleRecord.cpp:
* runtime/AggregateErrorConstructor.cpp:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayIteratorPrototype.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/AsyncFromSyncIteratorPrototype.cpp:
* runtime/AsyncFunctionConstructor.cpp:
* runtime/AsyncFunctionPrototype.cpp:
* runtime/AsyncGeneratorFunctionConstructor.cpp:
* runtime/AsyncGeneratorFunctionPrototype.cpp:
* runtime/AsyncGeneratorPrototype.cpp:
* runtime/AsyncIteratorPrototype.cpp:
* runtime/AtomicsObject.cpp:
* runtime/BigIntConstructor.cpp:
* runtime/BigIntObject.cpp:
* runtime/BigIntPrototype.cpp:
* runtime/BooleanConstructor.cpp:
* runtime/BooleanObject.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/BytecodeCacheError.cpp:
(JSC::BytecodeCacheError::StandardError::message const):
* runtime/CallData.cpp:
(JSC::call):
* runtime/CallData.h:
* runtime/ClassInfo.h:
* runtime/ClonedArguments.cpp:
* runtime/CodeCache.cpp:
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
* runtime/Completion.cpp:
(JSC::checkModuleSyntax):
(JSC::createSymbolForEntryPointModule):
* runtime/ConsoleObject.cpp:
* runtime/ConstructData.cpp:
(JSC::construct):
* runtime/ConstructData.h:
* runtime/CustomGetterSetter.cpp:
* runtime/DOMAttributeGetterSetter.cpp:
* runtime/DateConstructor.cpp:
* runtime/DateInstance.cpp:
* runtime/DatePrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/DirectArguments.cpp:
* runtime/Error.h:
(JSC::throwVMError):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorInstance.cpp:
* runtime/ErrorPrototype.cpp:
* runtime/EvalExecutable.cpp:
* runtime/Exception.cpp:
* runtime/ExceptionHelpers.cpp:
(JSC::notAFunctionSourceAppender):
(JSC::invalidParameterInSourceAppender):
(JSC::invalidParameterInstanceofSourceAppender):
(JSC::invalidPrototypeSourceAppender):
(JSC::createTDZError):
(JSC::createInvalidPrivateNameError):
(JSC::createRedefinedPrivateNameError):
(JSC::createPrivateMethodAccessError):
(JSC::createReinstallPrivateMethodError):
* runtime/ExecutableBase.cpp:
* runtime/FinalizationRegistryConstructor.cpp:
* runtime/FinalizationRegistryPrototype.cpp:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::toStringSlow):
* runtime/FunctionPrototype.cpp:
* runtime/FunctionRareData.cpp:
* runtime/GeneratorFunctionConstructor.cpp:
* runtime/GeneratorFunctionPrototype.cpp:
* runtime/GeneratorPrototype.cpp:
* runtime/GetterSetter.cpp:
* runtime/GlobalExecutable.cpp:
* runtime/HashMapImpl.cpp:
* runtime/InternalFunction.cpp:
* runtime/IntlCollator.cpp:
(JSC::IntlCollator::initializeCollator):
* runtime/IntlCollatorConstructor.cpp:
* runtime/IntlCollatorPrototype.cpp:
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::initializeDateTimeFormat):
* runtime/IntlDateTimeFormatConstructor.cpp:
* runtime/IntlDateTimeFormatPrototype.cpp:
* runtime/IntlDisplayNames.cpp:
* runtime/IntlDisplayNamesConstructor.cpp:
* runtime/IntlDisplayNamesPrototype.cpp:
* runtime/IntlListFormat.cpp:
* runtime/IntlListFormatConstructor.cpp:
* runtime/IntlListFormatPrototype.cpp:
* runtime/IntlLocale.cpp:
(JSC::IntlLocale::initializeLocale):
* runtime/IntlLocaleConstructor.cpp:
* runtime/IntlLocalePrototype.cpp:
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::initializeNumberFormat):
* runtime/IntlNumberFormatConstructor.cpp:
* runtime/IntlNumberFormatPrototype.cpp:
* runtime/IntlObject.cpp:
(JSC::intlStringOption):
* runtime/IntlObject.h:
* runtime/IntlPluralRules.cpp:
* runtime/IntlPluralRulesConstructor.cpp:
* runtime/IntlPluralRulesPrototype.cpp:
* runtime/IntlRelativeTimeFormat.cpp:
(JSC::IntlRelativeTimeFormat::initializeRelativeTimeFormat):
* runtime/IntlRelativeTimeFormatConstructor.cpp:
* runtime/IntlRelativeTimeFormatPrototype.cpp:
* runtime/IntlSegmentIterator.cpp:
* runtime/IntlSegmentIteratorPrototype.cpp:
* runtime/IntlSegmenter.cpp:
* runtime/IntlSegmenterConstructor.cpp:
* runtime/IntlSegmenterPrototype.cpp:
* runtime/IntlSegments.cpp:
* runtime/IntlSegmentsPrototype.cpp:
* runtime/IteratorPrototype.cpp:
* runtime/JSArray.cpp:
(JSC::JSArray::tryCreateUninitializedRestricted):
* runtime/JSArrayBuffer.cpp:
* runtime/JSArrayBufferConstructor.cpp:
* runtime/JSArrayBufferPrototype.cpp:
* runtime/JSArrayBufferView.cpp:
* runtime/JSArrayIterator.cpp:
* runtime/JSAsyncFunction.cpp:
* runtime/JSAsyncGenerator.cpp:
* runtime/JSAsyncGeneratorFunction.cpp:
* runtime/JSBigInt.cpp:
(JSC::JSBigInt::parseInt):
* runtime/JSBoundFunction.cpp:
* runtime/JSCallee.cpp:
* runtime/JSCell.cpp:
(JSC::JSCell::dumpToStream):
(JSC::JSCell::className const):
* runtime/JSCell.h:
* runtime/JSCustomGetterFunction.cpp:
* runtime/JSCustomSetterFunction.cpp:
* runtime/JSDataView.cpp:
* runtime/JSDataViewPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/JSFinalizationRegistry.cpp:
(JSC::JSFinalizationRegistry::runFinalizationCleanup):
* runtime/JSFunction.cpp:
* runtime/JSGenerator.cpp:
* runtime/JSGeneratorFunction.cpp:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::create):
(JSC::JSGenericTypedArrayView<Adaptor>::validateRange):
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::speciesConstruct):
(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
* runtime/JSGlobalLexicalEnvironment.cpp:
* runtime/JSGlobalObject.cpp:
* runtime/JSImmutableButterfly.cpp:
* runtime/JSInternalPromise.cpp:
* runtime/JSInternalPromiseConstructor.cpp:
* runtime/JSInternalPromisePrototype.cpp:
* runtime/JSLexicalEnvironment.cpp:
* runtime/JSMap.cpp:
* runtime/JSMapIterator.cpp:
* runtime/JSModuleEnvironment.cpp:
* runtime/JSModuleLoader.cpp:
* runtime/JSModuleNamespaceObject.cpp:
* runtime/JSModuleRecord.cpp:
* runtime/JSNativeStdFunction.cpp:
* runtime/JSONObject.cpp:
* runtime/JSObject.cpp:
(JSC::JSObject::markAuxiliaryAndVisitOutOfLineProperties):
* runtime/JSPromise.cpp:
* runtime/JSPromiseConstructor.cpp:
* runtime/JSPromisePrototype.cpp:
* runtime/JSPropertyNameEnumerator.cpp:
* runtime/JSProxy.cpp:
* runtime/JSRemoteFunction.cpp:
(JSC::wrapArgument):
(JSC::wrapReturnValue):
(JSC::JSRemoteFunction::finishCreation):
* runtime/JSScope.cpp:
* runtime/JSScriptFetchParameters.cpp:
* runtime/JSScriptFetcher.cpp:
* runtime/JSSegmentedVariableObject.cpp:
* runtime/JSSet.cpp:
* runtime/JSSetIterator.cpp:
* runtime/JSSourceCode.cpp:
* runtime/JSString.cpp:
(JSC::JSString::dumpToStream):
* runtime/JSStringIterator.cpp:
* runtime/JSSymbolTableObject.cpp:
* runtime/JSTemplateObjectDescriptor.cpp:
* runtime/JSTypedArrayConstructors.cpp:
* runtime/JSTypedArrayPrototypes.cpp:
* runtime/JSTypedArrayViewConstructor.cpp:
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSTypedArrays.cpp:
* runtime/JSWeakMap.cpp:
* runtime/JSWeakObjectRef.cpp:
* runtime/JSWeakSet.cpp:
* runtime/JSWithScope.cpp:
* runtime/LiteralParser.cpp:
(JSC::LiteralParser<CharType>::parsePrimitiveValue):
* runtime/MapConstructor.cpp:
* runtime/MapIteratorPrototype.cpp:
* runtime/MapPrototype.cpp:
* runtime/MathObject.cpp:
* runtime/ModuleProgramExecutable.cpp:
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeExecutable.cpp:
* runtime/NullGetterFunction.cpp:
* runtime/NullSetterFunction.cpp:
* runtime/NumberConstructor.cpp:
* runtime/NumberObject.cpp:
* runtime/NumberPrototype.cpp:
(JSC::toStringWithRadix):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::numberToStringInternal):
(JSC::int52ToString):
* runtime/ObjectConstructor.cpp:
* runtime/ObjectPrototype.cpp:
* runtime/Operations.h:
(JSC::arithmeticBinaryOp):
(JSC::shift):
(JSC::bitwiseBinaryOp):
* runtime/ProgramExecutable.cpp:
* runtime/PropertyTable.cpp:
* runtime/ProxyConstructor.cpp:
(JSC::ProxyConstructor::finishCreation):
* runtime/ProxyObject.cpp:
* runtime/ProxyRevoke.cpp:
* runtime/ReflectObject.cpp:
* runtime/RegExp.cpp:
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::ensureEmptyRegExpSlow):
* runtime/RegExpConstructor.cpp:
* runtime/RegExpObject.cpp:
* runtime/RegExpPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/RegExpStringIteratorPrototype.cpp:
* runtime/ScopedArguments.cpp:
* runtime/ScopedArgumentsTable.cpp:
* runtime/ScriptExecutable.cpp:
* runtime/SetConstructor.cpp:
* runtime/SetIteratorPrototype.cpp:
* runtime/SetPrototype.cpp:
* runtime/ShadowRealmConstructor.cpp:
* runtime/ShadowRealmObject.cpp:
* runtime/ShadowRealmPrototype.cpp:
* runtime/SparseArrayValueMap.cpp:
* runtime/StrictEvalActivation.cpp:
* runtime/StringConstructor.cpp:
* runtime/StringIteratorPrototype.cpp:
* runtime/StringObject.cpp:
* runtime/StringPrototype.cpp:
(JSC::toLocaleCase):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/Structure.cpp:
* runtime/StructureChain.cpp:
* runtime/StructureRareData.cpp:
* runtime/Symbol.cpp:
* runtime/SymbolConstructor.cpp:
* runtime/SymbolObject.cpp:
* runtime/SymbolPrototype.cpp:
* runtime/SymbolTable.cpp:
* runtime/TemporalCalendar.cpp:
* runtime/TemporalCalendarConstructor.cpp:
* runtime/TemporalCalendarPrototype.cpp:
* runtime/TemporalDuration.cpp:
(JSC::TemporalDuration::total const):
* runtime/TemporalDurationConstructor.cpp:
* runtime/TemporalDurationPrototype.cpp:
* runtime/TemporalInstant.cpp:
* runtime/TemporalInstantConstructor.cpp:
* runtime/TemporalInstantPrototype.cpp:
* runtime/TemporalNow.cpp:
* runtime/TemporalObject.cpp:
(JSC::temporalLargestUnit):
(JSC::temporalSmallestUnit):
* runtime/TemporalPlainDate.cpp:
* runtime/TemporalPlainDateConstructor.cpp:
* runtime/TemporalPlainDatePrototype.cpp:
* runtime/TemporalPlainTime.cpp:
* runtime/TemporalPlainTimeConstructor.cpp:
* runtime/TemporalPlainTimePrototype.cpp:
* runtime/TemporalTimeZone.cpp:
* runtime/TemporalTimeZoneConstructor.cpp:
* runtime/TemporalTimeZonePrototype.cpp:
* runtime/TypeProfiler.cpp:
(JSC::TypeProfiler::logTypesForTypeLocation):
* runtime/TypeSet.cpp:
(JSC::StructureShape::propertyHash):
* runtime/WeakMapConstructor.cpp:
* runtime/WeakMapPrototype.cpp:
(JSC::WeakMapPrototype::finishCreation):
* runtime/WeakObjectRefConstructor.cpp:
* runtime/WeakObjectRefPrototype.cpp:
* runtime/WeakSetConstructor.cpp:
* runtime/WeakSetPrototype.cpp:
(JSC::WeakSetPrototype::finishCreation):
* testRegExp.cpp:
* tools/FunctionAllowlist.cpp:
(JSC::FunctionAllowlist::FunctionAllowlist):
* tools/FunctionOverrides.cpp:
(JSC::initializeOverrideInfo):
* tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSC_DEFINE_HOST_FUNCTION_WITH_ATTRIBUTES):
* tools/SigillCrashAnalyzer.cpp:
(JSC::SigillCrashAnalyzer::analyze):
* tools/VMInspector.cpp:
(JSC::VMInspector::dumpRegisters):
(JSC::VMInspector::dumpCellMemoryToStream):
* wasm/WasmExceptionType.h:
(JSC::Wasm::errorMessageForExceptionType):
* wasm/WasmFormat.h:
(JSC::Wasm::typeToString):
* wasm/WasmGlobal.cpp:
(JSC::Wasm::Global::set):
* wasm/WasmLLIntPlan.cpp:
(JSC::Wasm::LLIntPlan::didCompleteCompilation):
* wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* wasm/js/JSToWasmICCallee.cpp:
* wasm/js/JSWebAssembly.cpp:
* wasm/js/JSWebAssemblyException.cpp:
* wasm/js/JSWebAssemblyGlobal.cpp:
(JSC::JSWebAssemblyGlobal::type):
* wasm/js/JSWebAssemblyHelpers.h:
(JSC::fromJSValue):
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::createPrivateModuleKey):
(JSC::JSWebAssemblyInstance::tryCreate):
* wasm/js/JSWebAssemblyMemory.cpp:
* wasm/js/JSWebAssemblyModule.cpp:
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::type):
* wasm/js/JSWebAssemblyTag.cpp:
* wasm/js/WebAssemblyCompileErrorConstructor.cpp:
* wasm/js/WebAssemblyCompileErrorPrototype.cpp:
* wasm/js/WebAssemblyExceptionConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyExceptionPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyFunction.cpp:
* wasm/js/WebAssemblyFunctionBase.cpp:
* wasm/js/WebAssemblyGlobalConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyGlobalPrototype.cpp:
* wasm/js/WebAssemblyInstanceConstructor.cpp:
* wasm/js/WebAssemblyInstancePrototype.cpp:
* wasm/js/WebAssemblyLinkErrorConstructor.cpp:
* wasm/js/WebAssemblyLinkErrorPrototype.cpp:
* wasm/js/WebAssemblyMemoryConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyMemoryPrototype.cpp:
* wasm/js/WebAssemblyModuleConstructor.cpp:
* wasm/js/WebAssemblyModulePrototype.cpp:
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::initializeExports):
* wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
* wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:
* wasm/js/WebAssemblyTableConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyTablePrototype.cpp:
* wasm/js/WebAssemblyTagConstructor.cpp:
* wasm/js/WebAssemblyTagPrototype.cpp:
* wasm/js/WebAssemblyWrapperFunction.cpp:
(JSC::WebAssemblyWrapperFunction::create):
* yarr/RegularExpression.cpp:
(JSC::Yarr::RegularExpression::Private::compile):
* yarr/YarrErrorCode.cpp:
(JSC::Yarr::errorMessage):
* yarr/YarrErrorCode.h:
2022-03-23 Yusuke Suzuki <ysuzuki@apple.com>
[JSC][MSVC] custom getter creation needs to include classInfo since MSVC ICF is not "safe" variant
https://bugs.webkit.org/show_bug.cgi?id=238030
Reviewed by Alexey Shvayka.
MSVC performs very aggressive ICF (identical code folding) and it even merges the identical two functions
into one even though a pointer to this function is used. This means MSVC's ICF is not "safe"[1], and custom
function weakmap is broken on MSVC since it is assuming function pointers are different for different functions.
Unfortunately, it seems that there is no attribute / annotation to prevent this behavior, so we need to workaround it.
Since JSCustomGetterFunction does separate thing based on attached DOMAttribute, we need to include const ClassInfo*
into a key of JSCustomGetterFunction weakmap to ensure that two identical functions with different const ClassInfo*
do not get the same JSCustomGetterFunction.
[1]: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/36912.pdf
* runtime/JSCustomGetterFunction.h:
* runtime/JSCustomSetterFunction.h:
* runtime/JSGlobalObject.h:
* runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::WeakCustomGetterOrSetterHash<T>::hash):
* runtime/JSObject.cpp:
(JSC::WeakCustomGetterOrSetterHashTranslator::hash):
(JSC::WeakCustomGetterOrSetterHashTranslator::equal):
(JSC::createCustomGetterFunction):
(JSC::createCustomSetterFunction):
2022-03-23 Chris Dumez <cdumez@apple.com>
Avoid unnecessary String constructor under FunctionExecutable::toStringSlow()
https://bugs.webkit.org/show_bug.cgi?id=238263
Reviewed by Darin Adler.
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::toStringSlow):
2022-03-23 Yusuke Suzuki <ysuzuki@apple.com>
Unreviewed, fix DataIC's slowPathJump handling
https://bugs.webkit.org/show_bug.cgi?id=231224
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInById):
2022-03-23 Patrick Angle <pangle@apple.com>
No breakpoints hit on github.com, and some are invalid
https://bugs.webkit.org/show_bug.cgi?id=235607
Reviewed by Yusuke Suzuki.
New test: JSTests/stress/regress-88440831.js
Added test case in: inspector/debugger/breakpoints/resolved-dump-all-pause-locations.html
Previously not all line terminations resulted in setting the `m_lineStart` to the current m_code, which meant
that the location for pause-able locations and stack traces were inaccurate when they were on a line that
terminated multi-line comments, strings, or template strings. We now always update m_lineStart when shifting for
a line terminator, instead of only when the terminator appears outside a string or comment.
* debugger/Breakpoint.cpp:
(JSC::Breakpoint::resolve):
- The existing assertions were somewhat in conflict with each other. If we permit the line number to increase,
there is no guarantee that the column number will remain the same or increase, which can now more easily occur
with multi-line strings. Instead, we should make sure that the overall offset has increased.
* parser/Lexer.cpp:
(JSC::Lexer<T>::shiftLineTerminator):
(JSC::Lexer<T>::lexWithoutClearingLineTerminator):
(JSC::Lexer<T>::scanTemplateString):
2022-03-23 Xan Lopez <xan@igalia.com>
[JSC] Add DoNotHaveTagRegisters mode to unboxDouble
https://bugs.webkit.org/show_bug.cgi?id=238018
Reviewed by Yusuke Suzuki.
Wasm cannot use unboxDouble as-is because
GPRInfo::numberTagRegister is not available. Add a
DoNotHaveTagRegister mode so we can get rid of some duplicated
code.
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::add64):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::unboxDoubleWithoutAssertions):
(JSC::AssemblyHelpers::unboxDouble):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
2022-03-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Test DFG / FTL DataIC
https://bugs.webkit.org/show_bug.cgi?id=231224
Reviewed by Saam Barati.
This patch revives DataIC in DFG and FTL, and re-enable testing to make it usable
for unlinked DFG. Currently, only x64 / ARM64 are supported.
* bytecode/InlineAccess.cpp:
(JSC::InlineAccess::isCacheableArrayLength):
(JSC::InlineAccess::isCacheableStringLength):
(JSC::InlineAccess::rewireStubAsJumpInAccess):
(JSC::InlineAccess::resetStubAsJumpInAccess):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetById):
(JSC::DFG::SpeculativeJIT::compileGetByIdFlush):
(JSC::DFG::SpeculativeJIT::compileInById):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::cachedPutById):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* jit/JITCode.h:
(JSC::JITCode::useDataIC):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::generateFastCommon):
(JSC::generateGetByIdInlineAccess):
(JSC::JITGetByIdGenerator::generateFastPath):
(JSC::JITGetByIdWithThisGenerator::generateFastPath):
(JSC::generatePutByIdInlineAccess):
(JSC::JITPutByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITPutByIdGenerator::generateFastPath):
(JSC::JITDelByValGenerator::generateFastPath):
(JSC::JITDelByIdGenerator::generateFastPath):
(JSC::JITInByValGenerator::generateFastPath):
(JSC::generateInByIdInlineAccess):
(JSC::JITInByIdGenerator::generateFastPath):
(JSC::JITInByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITInstanceOfGenerator::generateFastPath):
(JSC::JITGetByValGenerator::generateFastPath):
(JSC::JITPutByValGenerator::generateFastPath):
(JSC::JITPrivateBrandAccessGenerator::generateFastPath):
* jit/JITInlineCacheGenerator.h:
(JSC::JITInlineCacheGenerator::reportSlowPathCall):
(JSC::JITInlineCacheGenerator::slowPathBegin const):
(JSC::JITByIdGenerator::slowPathJump const):
(JSC::JITInByValGenerator::slowPathJump const):
* runtime/Options.cpp:
(JSC::Options::recomputeDependentOptions):
* runtime/OptionsList.h:
2022-03-22 Chris Dumez <cdumez@apple.com>
Use ASCIILiteral in a few more places where it is useful
https://bugs.webkit.org/show_bug.cgi?id=238235
Reviewed by Geoffrey Garen.
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::toStringSlow):
2022-03-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Change Date.parse to stop returning numbers with fractional part
https://bugs.webkit.org/show_bug.cgi?id=238050
Reviewed by Saam Barati.
Date.parse should return NaN or integer numbers[1,2]. This patch applies timeClip
to the result of Date.parse to ensure that the returned value is time value.
[1]: https://tc39.es/ecma262/multipage/numbers-and-dates.html#sec-date.parse
[2]: https://tc39.es/ecma262/multipage/numbers-and-dates.html#sec-time-values-and-time-range
* runtime/DateConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
2022-03-21 Saam Barati <sbarati@apple.com>
Fix bug in Relationship::mergeImpl
https://bugs.webkit.org/show_bug.cgi?id=238183
<rdar://89822922>
Reviewed by Yusuke Suzuki.
* dfg/DFGIntegerRangeOptimizationPhase.cpp:
2022-03-21 Saam Barati <sbarati@apple.com>
AirFixObviousSpills needs to consider a PreIndex and PostIndex as clobbering the Reg used for indexing
https://bugs.webkit.org/show_bug.cgi?id=238178
<rdar://87345895>
Reviewed by Mark Lam.
Inside AirFixObviousSpills, we run a basic alias analysis for StackSlots and
registers. For example, when we overwrite a register, we clear anything
it's aliased with. However, the way we were doing this was by looking at
each Arg that was Defd. However, this iteration was missing that
PostIndex/PreIndex mutate the register that feeds into the address Arg.
This patch fixes the issue by walking the instruction in such a way that
we visit all the Defs we care about, both Regs and StackSlots.
* b3/air/AirFixObviousSpills.cpp:
2022-03-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] ReferenceError when using extra parens in class fields
https://bugs.webkit.org/show_bug.cgi?id=236843
Reviewed by Saam Barati.
class field initializer should create its own used-variables set
to capture used variables separately from the other variables since
it becomes independent CodeBlock internally later. The current code
was wrong since,
1. Incorrectly using the current set of class-scope.
2. Incorrectly marking only the last set while parseAssignmentExpression can create a new set inside it.
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseClass):
* parser/Parser.h:
(JSC::Scope::markLastUsedVariablesSetAsCaptured):
2022-03-21 Jonathan Bedard <jbedard@apple.com>
Unreviewed, reverting r291558.
Exceeded GitHub file size limit
Reverted changeset:
"Enable PGO when building for release and production"
https://bugs.webkit.org/show_bug.cgi?id=238119
https://commits.webkit.org/r291558
2022-03-21 Wenson Hsieh <wenson_hsieh@apple.com>
Enable PGO when building for release and production
https://bugs.webkit.org/show_bug.cgi?id=238119
rdar://90182309
Reviewed by Saam Barati.
See WebCore/ChangeLog for more details.
* Configurations/Base.xcconfig:
* Configurations/JavaScriptCore.xcconfig:
* Profiling/JavaScriptCore.profdata: Added.
2022-03-18 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Further reduce # of registers used in RegExpTestInline
https://bugs.webkit.org/show_bug.cgi?id=238105
Reviewed by Saam Barati.
This patch further reduces # of registers used in RegExpTestInline.
After flushRegisters(), we can use baseGPR for any purpose.
We also remove x64 hack since we have enough registers for x64 even
if we use one callee-save register in unlinked DFG.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
2022-03-18 Devin Rousso <drousso@apple.com>
Web Inspector: REGRESSION(?): Emulate User Gesture doesn't work
https://bugs.webkit.org/show_bug.cgi?id=232584
<rdar://problem/84899576>
Reviewed by Patrick Angle.
* inspector/agents/InspectorDebuggerAgent.h:
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):
* inspector/agents/InspectorRuntimeAgent.h:
* inspector/agents/InspectorRuntimeAgent.cpp:
(Inspector::InspectorRuntimeAgent::evaluate):
(Inspector::InspectorRuntimeAgent::callFunctionOn):
Create overloads for these (protocol) methods so that we can avoid having to fetch the same
`InjectedScript` more than once (i.e. if the subclass fetches the `InjectedScript` and then
called into the baseclass, which also fetches the same `InjectedScript`).
* debugger/Debugger.h:
(JSC::Debugger::Client::debuggerWillEvaluate):
(JSC::Debugger::Client::debuggerDidEvaluate):
* debugger/Debugger.cpp:
(JSC::Debugger::evaluateBreakpointActions):
Pass along the current `JSGlobalObject` to eventually derive a relevant `WebCore::Document`.
2022-03-18 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Reduce # of registers used in RegExpTestInline to allow using unlinked DFG in x64
https://bugs.webkit.org/show_bug.cgi?id=238092
Reviewed by Michael Saboff.
This patch reduces # of registers used in RegExpTestInline implementation to make it work
well for x64 unlinked DFG since it can reduce # of registers to use one callee-save register
for constants buffer.
We also add YarrJITRegisters::validate to ensure that used registers meet the invariants in YarrJIT.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
* yarr/YarrJIT.cpp:
(JSC::Yarr::jitCompileInlinedTest):
* yarr/YarrJITRegisters.h:
(JSC::Yarr::YarrJITRegisters::validate):
(JSC::Yarr::YarrJITRegisters::YarrJITRegisters): Deleted.
2022-03-17 Keith Miller <keith_miller@apple.com>
Fix crash in Bleacher Report due to bad JSObjectRef passed to API
https://bugs.webkit.org/show_bug.cgi?id=238048
<rdar://88766464>
Reviewed by Yusuke Suzuki.
Prior to the StructureID overhaul the JSObjectGetArrayBufferByteLength would
automatically check if the JSObjectRef passed to that function was null before
short circuiting to the non-typed array return value, 0. While technically valid
since derefencing null is UB, this meant the Clang was covering up this crash.
To fix this I'm adding an app specific workaround for the time being so Bleacher
Report can fix their code to no longer pass this nullptr.
* API/JSTypedArray.cpp:
(isBleecherReport):
(JSObjectGetArrayBufferByteLength):
2022-03-17 Mikhail R. Gadelha <mikhail@igalia.com>
Unreviewed, non-unified build fix
https://bugs.webkit.org/show_bug.cgi?id=237929
* dfg/DFGCapabilities.cpp:
* jit/JITDisassembler.cpp:
* jit/JITPlan.cpp:
* llint/LLIntEntrypoint.cpp:
* runtime/FileBasedFuzzerAgentBase.cpp:
* runtime/ShadowRealmObject.cpp:
* runtime/ShadowRealmPrototype.cpp:
2022-03-16 Devin Rousso <drousso@apple.com>
Web Inspector: REGRESSION(r290720): Debugger: Step next should not behave the same as Step into
https://bugs.webkit.org/show_bug.cgi?id=237936
Reviewed by Joseph Pecoraro.
Covered by existing tests (not sure why they don't fail on EWS, but they fail locally).
* debugger/Debugger.cpp:
(JSC::Debugger::pauseIfNeeded):
Checking that the desired `CallFrame` matches the current `CallFrame` is enough to determine
whether the `Debugger` should pause for Step next and Step out, as both of those actions set
a desired `CallFrame`. We explicitly do not want to check for the `bool` flags that indicate
those actions because they have different behaviors regarding the current `CallFrame` (the
former desires the same `CallFrame` and the latter desires the parent `CallFrame`). This
patch partially reverts r290720.
2022-03-16 Angelos Oikonomopoulos <angelos@igalia.com>
MacroAssemblerARMv7: Be friendlier to DisallowMacroScratchRegisterUsage
https://bugs.webkit.org/show_bug.cgi?id=237888
Reviewed by Žan Doberšek.
Only check that we're allowed to use the scratch register at sites
where we're using it implicitly. When it's explicitly passed in by the
caller, use invalidateCachedAddressTempRegister to invalidate it
without asserting anything about m_allowScratchRegister.
Since helpers can explictly make use of addressTempRegister, an
argument can be made that this is still fragile (i.e. future changes
could run into this). The alternative would be to have the topmost caller
do fine-grained management of DisallowMacroScratchRegisterUsage,
allowing it around explicit calls to MacroAssemblerARMv7 with
scratchRegister() in the arguments and disallowing it for helpers.
As there are currently no helpers that would trip this, this patch opts
for the former approach, to make DisallowMacroScratchRegisterUsage
easier to work with (there'll be more usage of the API in an upcoming
wasm32 patch).
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::scratchRegister):
(JSC::MacroAssemblerARMv7::load32):
(JSC::MacroAssemblerARMv7::load16):
(JSC::MacroAssemblerARMv7::load16SignedExtendTo32):
(JSC::MacroAssemblerARMv7::load8):
(JSC::MacroAssemblerARMv7::load8SignedExtendTo32):
(JSC::MacroAssemblerARMv7::loadPair32):
(JSC::MacroAssemblerARMv7::move):
(JSC::MacroAssemblerARMv7::farJump):
(JSC::MacroAssemblerARMv7::setupArmAddress):
(JSC::MacroAssemblerARMv7::invalidateCachedAddressTempRegister):
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::emitFastPathImpl):
* jit/BaselineJITRegisters.h:
2022-03-15 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Add UnlinkedDFG compilation mode enum
https://bugs.webkit.org/show_bug.cgi?id=237934
Reviewed by Mark Lam.
This patch adds UnlinkedDFG compilation mode to prepare new unlinked DFG.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inliningCost):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::watchCondition):
(JSC::DFG::Graph::watchConditions):
(JSC::DFG::Graph::watchGlobalProperty):
(JSC::DFG::Graph::tryGetConstantProperty):
(JSC::DFG::Graph::tryGetConstantClosureVar):
(JSC::DFG::Graph::tryGetFoldableView):
(JSC::DFG::Graph::getRegExpPrototypeProperty):
(JSC::DFG::Graph::canOptimizeStringObjectAccess):
(JSC::DFG::Graph::canDoFastSpread):
* dfg/DFGGraph.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
* jit/JITCompilationMode.cpp:
(WTF::printInternal):
* jit/JITCompilationMode.h:
(JSC::isDFG):
(JSC::isUnlinked):
* jit/JITPlan.cpp:
(JSC::JITPlan::tier const):
(JSC::JITPlan::reportCompileTimes const):
* jit/JITPlan.h:
(JSC::JITPlan::isDFG const):
(JSC::JITPlan::isUnlinked const):
* profiler/ProfilerCompilationKind.cpp:
(WTF::printInternal):
* profiler/ProfilerCompilationKind.h:
2022-03-15 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Concurrent byteOffsetImpl should not assume non-detached array-buffer
https://bugs.webkit.org/show_bug.cgi?id=237935
Reviewed by Saam Barati.
r279707 is not enough to fix the issue since underlying ArrayBuffer can be also detached concurrently to
the compiler thread too. This patch fixes it by using dataWithoutPACValidation in the concurrent compiler
thread.
* runtime/ArrayBuffer.h:
(JSC::ArrayBufferContents::dataWithoutPACValidation const):
(JSC::ArrayBuffer::dataWithoutPACValidation):
(JSC::ArrayBuffer::dataWithoutPACValidation const):
* runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::byteOffsetImpl):
2022-03-14 Adrian Perez de Castro <aperez@igalia.com>
[GLib] Expose typed arrays in the public API
https://bugs.webkit.org/show_bug.cgi?id=197535
Reviewed by Carlos Garcia Campos.
This adds a set of new functions to operate on JSCValue objects which refer to typed
arrays in the JavaScript side of the world. Typed array values can be created with an
existing ArrayBuffer to hold the contents, in which case custom allocations are possible;
or letting JSC handle allocation. Operating on typed arrays is expected to be done on an
element-by-element basis, and in general it is recommended to use the functions dealing
with the "length" (number of elements) of typed arrays; nevertheless it is also possible
to retrieve their "size" and "offset" over the underlying ArrayBuffer, and/or retrieving
said ArrayBuffer.
* API/glib/JSCValue.cpp:
(toTypedArrayType):
(toJSCTypedArrayType):
(jsc_value_new_typed_array):
(jsc_value_new_typed_array_with_buffer):
(jsc_value_is_typed_array):
(jsc_value_typed_array_get_buffer):
(jsc_value_typed_array_get_data):
(jsc_value_typed_array_get_length):
(jsc_value_typed_array_get_offset):
(jsc_value_typed_array_get_size):
(jsc_value_typed_array_get_type):
* API/glib/JSCValue.h:
* API/glib/docs/jsc-glib-4.0-sections.txt:
2022-03-13 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Use addressTempRegister in loadValue(void *) on 32 bits
https://bugs.webkit.org/show_bug.cgi?id=237773
Reviewed by Žan Doberšek.
Instead of using one of the destination registers as an address
temporary, use addressTempRegister instead. This allows reusing
the value in addressTempRegister (with an appropriate offset) if
possible, which results in a >25% size reduction for DFGOSRExit
(JS2) on ARMv7 (though not a significant size reduction overall).
Technically, this change could be killing some address reuse that
was previously possible because loadValue was not clobbering
addressTempRegister but, if so, this seems to be balanced out for
JS2.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::BoundsNonDoubleWordOffset::within):
(JSC::MacroAssemblerARMv7::BoundsDoubleWordOffset::within):
(JSC::MacroAssemblerARMv7::loadPair32):
(JSC::MacroAssemblerARMv7::setupArmAddress):
(JSC::MacroAssemblerARMv7::absoluteAddressWithinShortOffset):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::loadPair32):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::loadValue):
2022-03-12 Tim Horton <timothy_horton@apple.com>
Adopt FALLBACK_PLATFORM_NAME in place of FALLBACK_PLATFORM
https://bugs.webkit.org/show_bug.cgi?id=237809
Reviewed by Per Arne Vollan.
* Configurations/SDKVariant.xcconfig:
2022-03-11 Adrian Perez de Castro <aperez@igalia.com>
[GLib] Expose ArrayBuffer in the public API
https://bugs.webkit.org/show_bug.cgi?id=237088
Reviewed by Carlos Garcia Campos.
This adds a set of new functions to operate on JSCValue objects which refer to array
buffers in the JS side of the world. This allows sharing chunks of memory buffers
efficiently with native code, without needing to copy nor encode data back and forth.
* API/glib/JSCValue.cpp:
(jscArrayBufferDeallocate):
(jsc_value_new_array_buffer):
(jsc_value_is_array_buffer):
(jsc_value_array_buffer_get_data):
(jsc_value_array_buffer_get_length):
* API/glib/JSCValue.h:
* API/glib/docs/jsc-glib-4.0-sections.txt:
2022-03-11 Mikhail R. Gadelha <mikhail@igalia.com>
Debug build failure after r246172: ASSERT_UNDER_CONSTEXPR_CONTEXT should work in constexpr contexts
https://bugs.webkit.org/show_bug.cgi?id=236728
Reviewed by Michael Catanzaro.
ASSERT_UNDER_CONSTEXPR_CONTEXT is calling a non-constexpr function (WTFReportAssertionFailure)
when it fails, so it cannot be used for an assert not reached.
This patch adds a new RELEASE_ASSERT_NOT_REACHED_UNDER_CONSTEXPR_CONTEXT() macro
that calls CRASH_UNDER_CONSTEXPR_CONTEXT() instead of WTFReportAssertionFailure.
No functional change.
* wasm/WasmCompilationMode.h:
(JSC::Wasm::isOSREntry):
(JSC::Wasm::isAnyBBQ):
(JSC::Wasm::isAnyOMG):
2022-03-10 Elliott Williams <emw@apple.com>
[XCBuild] Emit a discovered dependency file from offlineasm
https://bugs.webkit.org/show_bug.cgi?id=237329
Reviewed by Alexey Proskuryakov.
Xcode needs to know what files offlineasm uses and produces in order to schedule it
correctly in incremental builds. Rather than use generated xcfilelists like WebKit does
elsewhere in the project, emit a depfile from offlineasm based on the parse tree's source
files.
Discovered dependency files ("depfiles") are Makefile-formatted files which list the inputs
used to produce an output. They are emitting during the build to a temporary directory, and
ensure that subsequent incremental builds will re-run offlineasm when any of the included
sources change. This is the same mechanism clang uses to track header dependencies.
Unfortunately, the legacy build system will refuse to execute a script phase or rule that
emits a depfile. To work around this, convert the offlineasm pipeline to be based on build
rules, to be used by XCBuild only. The idea is that LowLevelInterpreter.asm is listed as a
source build file in JSCLLIntSettingsExtractor, JSCLLIntOffsetsExtractor, and
JavaScriptCore. Each target uses a build rule to generate its respective header from
LowLevelInterpreter.asm. Xcode schedules these rule executions before any clang tasks.
The legacy build system avoids executing the rules via EXCLUDED_SOURCE_FILE_NAMES, and
instead uses the existing build phases, which have "(Legacy)" in their names and are now
no-ops under XCBuild.
Aside from working around the legacy build system's limitations, using build rules is
probably a superior way to express what we're doing, as it gives Xcode the opportunity to
compile other objects in parallel, and could be easily extended to compile multiple discrete
asm files should the need arise.
* Configurations/ToolExecutable.xcconfig: Build rules are XCBuild-only.
* JavaScriptCore.xcodeproj/project.pbxproj: Add build rules, rename legacy scripts.
* offlineasm/asm.rb: Add --depfile flag.
* offlineasm/generate_offset_extractor.rb: Add --depfile flag.
* offlineasm/generate_settings_extractor.rb: Add --depfile flag.
2022-03-10 Michael Saboff <msaboff@apple.com>
Catalyst JavaScriptCore, WebCore, WebKitLegacy, and WebKit shouldn't be copied to the Secondary Path
https://bugs.webkit.org/show_bug.cgi?id=237748
Reviewed by Mark Lam.
Updated the configuration to exclude copying Catalyst build products to the secondary path.
* Configurations/Base.xcconfig:
2022-03-10 Elliott Williams <emw@apple.com>
[XCBuild] Fix GeneratedSources dependency validation errors
https://bugs.webkit.org/show_bug.cgi?id=237490
Reviewed by Alexey Proskuryakov.
Declare JSCBuiltins.cpp in DerivedSources.make. It's created by generate-js-builtins.py but
was never declared as an output.
* DerivedSources-output.xcfilelist: Autogenerated changes.
* DerivedSources.make:
2022-03-10 Chris Dumez <cdumez@apple.com>
Optimize further the passing of data across threads
https://bugs.webkit.org/show_bug.cgi?id=237695
Reviewed by Geoffrey Garen.
Optimize further the passing of data across threads by leveraging the optimized
version of isolatedCopy() on r-value references whenever possible.
* inspector/remote/RemoteConnectionToTarget.cpp:
(Inspector::RemoteConnectionToTarget::sendMessageToTarget):
* inspector/remote/RemoteConnectionToTarget.h:
* inspector/remote/RemoteControllableTarget.h:
* jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
* runtime/JSGlobalObjectDebuggable.cpp:
(JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemote):
* runtime/JSGlobalObjectDebuggable.h:
* tools/FunctionOverrides.cpp:
(JSC::FunctionOverrides::initializeOverrideFor):
2022-03-08 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK][WPE] Web Inspector: make it possible to use the remote inspector from other browsers
https://bugs.webkit.org/show_bug.cgi?id=237601
Reviewed by Michael Catanzaro.
Make it possible to start the inspector server with 0 port, meaning any free one will be used.
* inspector/remote/glib/RemoteInspectorServer.cpp:
(Inspector::RemoteInspectorServer::start): Pass the effective address to g_socket_listener_add_address and get the port.
* inspector/remote/glib/RemoteInspectorServer.h:
(Inspector::RemoteInspectorServer::port const): Return the port the server is listening to.
2022-03-09 Saam Barati <sbarati@apple.com>
Limit WK_XCODE_SUPPORTS_LTO in JavaScriptCore based on target OS
https://bugs.webkit.org/show_bug.cgi?id=237682
Reviewed by Alexey Proskuryakov.
* Configurations/Base.xcconfig:
* Configurations/WebKitTargetConditionals.xcconfig:
2022-03-09 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK][WPE] Stop using the env var WEBKIT_INSPECTOR_SERVER to connect to the inspector
https://bugs.webkit.org/show_bug.cgi?id=237646
Reviewed by Adrian Perez de Castro.
Add RemoteInspector::s_inspectorServerAddress to keep the remote inspector server address instead of the
environment variable used to start the server.
* inspector/remote/RemoteInspector.h:
* inspector/remote/glib/RemoteInspectorGlib.cpp:
(Inspector::RemoteInspector::RemoteInspector): Only call start if s_inspectorServerAddress is not null.
(Inspector::RemoteInspector::start): Use s_inspectorServerAddress instead of querying the environment.
2022-03-08 Robin Morisset <rmorisset@apple.com>
[WTF] LikelyDenseUnsignedIntegerSet::add can cause a reindexing of the entire bit vector with every call in the worst case
https://bugs.webkit.org/show_bug.cgi?id=236997
Reviewed by Saam Barati.
Just make it a little bit easier to change the number of stack slots in testZDefOfSpillSlotWithOffsetNeedingToBeMaterializedInARegister.
* b3/air/testair.cpp:
2022-03-08 Robin Morisset <rmorisset@apple.com>
Enable tier-up in loops created by recursive tail call optimizations.
https://bugs.webkit.org/show_bug.cgi?id=178389
Reviewed by Saam Barati.
Made the recursive tail call optimization only run in FTL mode, since it is a significant progression on TailBench.
Also some trivial refactoring of handleRecursiveTailCall.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
2022-03-08 Saam Barati <sbarati@apple.com>
[JSC] Enable ThinLTO
https://bugs.webkit.org/show_bug.cgi?id=229019
<rdar://problem/82107543>
Reviewed by Mark Lam.
It's a 1% speedup on Speedometer2 across x86 and arm64, and 0.5-1% speedup on
JetStream2 depending on the device.
* Configurations/Base.xcconfig:
2022-03-08 Chris Dumez <cdumez@apple.com>
Unreviewed, reverting r290975.
Broke the build for some configurations
Reverted changeset:
"[XCBuild] Emit a discovered dependency file from offlineasm"
https://bugs.webkit.org/show_bug.cgi?id=237329
https://commits.webkit.org/r290975
2022-03-08 Mark Lam <mark.lam@apple.com>
Remove invalid ASSERT in LocaleIDBuilder::overrideLanguageScriptRegion().
https://bugs.webkit.org/show_bug.cgi?id=237573
<rdar://problem/83326232>
Reviewed by Yusuke Suzuki.
The ASSERT(length) in LocaleIDBuilder::overrideLanguageScriptRegion() is simply
incorrect. The length can be 0 if uloc_forLanguageTag returns a 0 length in
localeIDBufferForLanguageTagWithNullTerminator(). LocaleIDBuilder::overrideLanguageScriptRegion()
already handles this scenario correctly. We just need to remove this incorrect ASSERT.
Also verified that we're producing the same result on the attached test case as
Chrome and Firefox produces.
* runtime/IntlObject.cpp:
(JSC::localeIDBufferForLanguageTagWithNullTerminator):
2022-03-07 Elliott Williams <emw@apple.com>
[XCBuild] Emit a discovered dependency file from offlineasm
https://bugs.webkit.org/show_bug.cgi?id=237329
Reviewed by Keith Miller.
Xcode needs to know what files offlineasm uses and produces in order to schedule it
correctly in incremental builds. Rather than use generated xcfilelists like WebKit does
elsewhere in the project, emit a depfile from offlineasm based on the parse tree's source
files.
Discovered dependency files ("depfiles") are Makefile-formatted files which list the inputs
used to produce an output. They are emitting during the build to a temporary directory, and
ensure that subsequent incremental builds will re-run offlineasm when any of the included
sources change. This is the same mechanism clang uses to track header dependencies.
Unfortunately, the legacy build system will refuse to execute a script phase or rule that
emits a depfile. To work around this, convert the offlineasm pipeline to be based on build
rules, to be used by XCBuild only. The idea is that LowLevelInterpreter.asm is listed as a
source build file in JSCLLIntSettingsExtractor, JSCLLIntOffsetsExtractor, and
JavaScriptCore. Each target uses a build rule to generate its respective header from
LowLevelInterpreter.asm. Xcode schedules these rule executions before any clang tasks.
The legacy build system avoids executing the rules via EXCLUDED_SOURCE_FILE_NAMES, and
instead uses the existing build phases, which have "(Legacy)" in their names and are now
no-ops under XCBuild.
Aside from working around the legacy build system's limitations, using build rules is
probably a superior way to express what we're doing, as it gives Xcode the opportunity to
compile other objects in parallel, and could be easily extended to compile multiple discrete
asm files should the need arise.
* Configurations/ToolExecutable.xcconfig: Build rules are XCBuild-only.
* JavaScriptCore.xcodeproj/project.pbxproj: Add build rules, rename legacy scripts.
* offlineasm/asm.rb: Add --depfile flag.
* offlineasm/generate_offset_extractor.rb: Add --depfile flag.
* offlineasm/generate_settings_extractor.rb: Add --depfile flag.
2022-03-07 Angelos Oikonomopoulos <angelos@igalia.com>
AssemblyHelpersSpoolers: use load/store pair on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=235112
Reviewed by Žan Doberšek.
Save ~1% code size for baseline JIT on JS2 by emitting load/store pair
instructions on 32-bit ARM.
* assembler/ARMv7Assembler.h:
(JSC::ARMv6Assembler::vldmia):
(JSC::ARMv7Assembler::vstmia):
* assembler/CPU.h:
(JSC::isARM):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::loadPair64):
(JSC::MacroAssemblerARMv7::storePair64):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::copyLLIntBaselineCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer):
* jit/AssemblyHelpersSpoolers.h:
(JSC::AssemblyHelpers::LoadRegSpooler::executePair):
(JSC::AssemblyHelpers::StoreRegSpooler::executePair):
(JSC::AssemblyHelpers::CopySpooler::CopySpooler):
(JSC::AssemblyHelpers::CopySpooler::loadPair):
(JSC::AssemblyHelpers::CopySpooler::storePair):
2022-03-07 Zan Dobersek <zdobersek@igalia.com>
[JSC] Add missing CPU(RISCV64) guards in CTI thunk prologue, epilogue generators
https://bugs.webkit.org/show_bug.cgi?id=237517
Unreviewed, adding missing CPU(RISCV64) guards to the CTI thunk prologue
and epilogue generators in CCallHelpers, reusing the ARM variants of the
pair push/pop calls.
* jit/CCallHelpers.cpp:
(JSC::CCallHelpers::emitCTIThunkPrologue):
(JSC::CCallHelpers::emitCTIThunkEpilogue):
2022-03-05 Mark Lam <mark.lam@apple.com>
Fix JITOperationList::addPointers() to support JIT_OPERATION_VALIDATION_ASSERT_ENABLED.
https://bugs.webkit.org/show_bug.cgi?id=237504
<rdar://problem/89770507>
Reviewed by Saam Barati.
According to tagJSCCodePtrImpl(), we will only use an operation's validation entry
if Options::useJITCage(). Make JITOperationList::addPointers() conform to this.
* assembler/JITOperationList.cpp:
(JSC::JITOperationList::addPointers):
2022-03-05 Mark Lam <mark.lam@apple.com>
Optimize VMTraps::maybeNeedHandling().
https://bugs.webkit.org/show_bug.cgi?id=237503
Reviewed by Saam Barati.
There's no need for VMTraps::maybeNeedHandling() to mask the VMTraps bits for
events. Under normal circumstances, there are no traps firing and the traps bits
are 0 anyway. We should optimize for this and do away with the masking. Clients
who use VMTraps::maybeNeedHandling() should and current do call VMTraps::needHandling()
to get the real story on whether there are actually traps to handle or not. Hence,
the masking in VMTraps::maybeNeedHandling() is also not needed for correctness.
We know from experience that changes in RETURN_IN_EXCEPTION can have an impact on
performance. Perhaps this change can also help performance.
* runtime/ExceptionScope.h:
* runtime/VMTraps.h:
(JSC::VMTraps::maybeNeedHandling const):
2022-03-05 Mark Lam <mark.lam@apple.com>
Fix broken SuspendExceptionScope and remove redundant VM::DeferExceptionScope.
https://bugs.webkit.org/show_bug.cgi?id=237441
<rdar://problem/89769627>
Reviewed by Yusuke Suzuki.
SuspendExceptionScope was meant to do exactly the same thing that VM::DeferExceptionScope
does, except that SuspendExceptionScope hasn't been updated to handle exception
handling via VMTraps bits.
This patch will fix SuspendExceptionScope to work like VM::DeferExceptionScope,
and remove the now redundant VM::DeferExceptionScope. SuspendExceptionScope is
the better name here because the scope actually suspends any pending exception.
This is different from other Defer scopes where we prevent some new event from
arising and defer the event to a later time.
* interpreter/FrameTracers.h:
(JSC::SuspendExceptionScope::SuspendExceptionScope):
(JSC::SuspendExceptionScope::~SuspendExceptionScope):
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::notifyDebuggerOfUnwinding):
* runtime/TypeProfilerLog.cpp:
(JSC::TypeProfilerLog::processLogEntries):
* runtime/VM.h:
(JSC::VM::restorePreviousException): Deleted.
(JSC::VM::DeferExceptionScope::DeferExceptionScope): Deleted.
(JSC::VM::DeferExceptionScope::~DeferExceptionScope): Deleted.
2022-03-04 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Improve reuse of known register values on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=237424
Reviewed by Žan Doberšek.
Reduce the generated code size by introducing and pervasively using
setupArmAddress(AbsoluteAddress address, ...). This effectively
replaces sequences of e.g.
movw r6, cst1
movt r6, cst2
strd r0, r1, [r6]
with
strd r0, r1, [r6, offset]
when a close enough address is already available in r6.
While here, change short_move to only emit an add/sub if this results in an
actual reduction in code size. When the add/sub would be neutral,
prefer loading an immediate as that doesn't introduce a data dependency
between the instructions.
This results in a measurable but small (< 1%) reduction in the
generated code size on JS2.
Hat tip to Geza Lore for the suggestions.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::add32):
(JSC::MacroAssemblerARMv7::add64):
(JSC::MacroAssemblerARMv7::or8):
(JSC::MacroAssemblerARMv7::or16):
(JSC::MacroAssemblerARMv7::or32):
(JSC::MacroAssemblerARMv7::sub32):
(JSC::MacroAssemblerARMv7::load32):
(JSC::MacroAssemblerARMv7::load8):
(JSC::MacroAssemblerARMv7::load16):
(JSC::MacroAssemblerARMv7::store32):
(JSC::MacroAssemblerARMv7::store8):
(JSC::MacroAssemblerARMv7::store16):
(JSC::MacroAssemblerARMv7::storePair32):
(JSC::MacroAssemblerARMv7::short_move):
(JSC::MacroAssemblerARMv7::add32Impl):
(JSC::MacroAssemblerARMv7::branch8):
(JSC::MacroAssemblerARMv7::branchTest32):
(JSC::MacroAssemblerARMv7::branchTest8):
(JSC::MacroAssemblerARMv7::branchTest16):
(JSC::MacroAssemblerARMv7::farJump):
(JSC::MacroAssemblerARMv7::absoluteAddressWithinShortOffset):
(JSC::MacroAssemblerARMv7::setupArmAddress):
2022-03-03 Michael Saboff <msaboff@apple.com>
Copy WebKit frameworks and XPC processes to Secondary Path
https://bugs.webkit.org/show_bug.cgi?id=237394
Reviewed by Saam Barati.
Added build configuration variables and scripts to copy the built Framework to the SYSTEM_SECONDARY_CONTENT_PATH
when it is set.
* Configurations/Base.xcconfig:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Scripts/copy-frameworks-to-secondary-path.sh: Added.
2022-03-03 Tom Tartarin <tom@leaningtech.com>
[JSC] Update wasm branch hinting
https://bugs.webkit.org/show_bug.cgi?id=237411
Reviewed by Yusuke Suzuki.
Change the section's name.
Clarify semantics in the parser.
* wasm/WasmBranchHintsSectionParser.cpp:
(JSC::Wasm::BranchHintsSectionParser::parse):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseCustom):
2022-03-03 Saam Barati <sbarati@apple.com>
Add a DeferTraps scope
https://bugs.webkit.org/show_bug.cgi?id=237306
<rdar://83494949>
Reviewed by Mark Lam.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::noticeIncomingCall):
* bytecode/CodeBlock.h:
* bytecode/RepatchInlines.h:
(JSC::linkFor):
(JSC::virtualForWithFunction):
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):
* interpreter/InterpreterInlines.h:
(JSC::Interpreter::execute):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
* runtime/ExceptionScope.h:
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::installCode):
* runtime/VMTraps.cpp:
(JSC::VMTraps::handleTraps):
(JSC::VMTraps::takeTopPriorityTrap):
* runtime/VMTraps.h:
(JSC::VMTraps::needHandling const):
(JSC::VMTraps::maybeNeedHandling const):
(JSC::VMTraps::hasTrapBit):
(JSC::VMTraps::setTrapBit):
* runtime/VMTrapsInlines.h:
(JSC::DeferTraps::DeferTraps):
(JSC::DeferTraps::~DeferTraps):
2022-03-03 Adrian Perez de Castro <aperez@igalia.com>
Non-unified build fixes, early March 2022 edition
https://bugs.webkit.org/show_bug.cgi?id=237420
Unreviewed non-unified build fixes.
* llint/LLIntExceptions.h: Add forward declaration for WasmInstruction.
2022-03-02 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r290717.
https://bugs.webkit.org/show_bug.cgi?id=237409
Speedometer2
Reverted changeset:
"Add a DeferTraps scope"
https://bugs.webkit.org/show_bug.cgi?id=237306
https://commits.webkit.org/r290717
2022-03-02 Justin Michaud <justin_michaud@apple.com>
Refactor OpcodeTraits to support the possibility of having 2-byte WASM opcode ids in bytecode streams
https://bugs.webkit.org/show_bug.cgi?id=237347
The number of WASM opcodes will increase beyond 255 when WASM SIMD is implemented, and so this patch
changes OpcodeTraits to allow for the possibility of having two-byte WASM opcodes without regressing
JS. We have to thread these OpcodeTraits everywhere that they are used so that code can read the
correct value when decoding an instruction stream. This patch does not change the size of WASM opcodes
yet, although I have tested that the test suite still passes if we do increase the opcode size.
Reviewed by Keith Miller.
* bytecode/BytecodeBasicBlock.cpp:
(JSC::BytecodeBasicBlock<OpcodeTraits>::BytecodeBasicBlock):
(JSC::BytecodeBasicBlock<OpcodeTraits>::addLength):
(JSC::BytecodeBasicBlock<OpcodeTraits>::shrinkToFit):
(JSC::isJumpTarget):
(JSC::BytecodeBasicBlock<OpcodeTraits>::computeImpl):
(JSC::BytecodeBasicBlock<JSOpcodeTraits>::compute):
(JSC::BytecodeBasicBlock::BytecodeBasicBlock): Deleted.
(JSC::BytecodeBasicBlock::addLength): Deleted.
(JSC::BytecodeBasicBlock::shrinkToFit): Deleted.
(JSC::BytecodeBasicBlock::computeImpl): Deleted.
(JSC::BytecodeBasicBlock::compute): Deleted.
* bytecode/BytecodeBasicBlock.h:
(JSC::BytecodeBasicBlock::addSuccessor):
* bytecode/BytecodeDumper.cpp:
(JSC::BytecodeDumperBase<InstructionStreamType>::printLocationAndOp):
(JSC::BytecodeDumperBase<InstructionStreamType>::dumpValue):
(JSC::BytecodeDumper<Block>::outOfLineJumpOffset const):
(JSC::BytecodeDumper<Block>::dumpBytecode):
(JSC::dumpHeader):
(JSC::CodeBlockBytecodeDumper<Block>::dumpBlock):
(JSC::CodeBlockBytecodeDumper<Block>::dumpGraph):
(JSC::Wasm::BytecodeDumper::dumpBlock):
(JSC::Wasm::BytecodeDumper::registerName const):
(JSC::Wasm::BytecodeDumper::outOfLineJumpOffset const):
(JSC::BytecodeDumperBase::printLocationAndOp): Deleted.
(JSC::BytecodeDumperBase::dumpValue): Deleted.
* bytecode/BytecodeDumper.h:
* bytecode/BytecodeGeneratorification.cpp:
(JSC::BytecodeGeneratorification::BytecodeGeneratorification):
(JSC::BytecodeGeneratorification::enterPoint const):
(JSC::BytecodeGeneratorification::instructions const):
(JSC::GeneratorLivenessAnalysis::run):
(JSC::performGeneratorification):
* bytecode/BytecodeGeneratorification.h:
* bytecode/BytecodeGraph.h:
(JSC::BytecodeGraph::blockContainsBytecodeOffset):
(JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
(JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
(JSC::BytecodeGraph::at const):
(JSC::BytecodeGraph::operator[] const):
(JSC::BytecodeGraph::first):
(JSC::BytecodeGraph::last):
(JSC::BytecodeGraph::dump):
(JSC::BytecodeGraph::BytecodeGraph):
* bytecode/BytecodeLivenessAnalysis.cpp:
(JSC::BytecodeLivenessAnalysis::computeFullLiveness):
(JSC::BytecodeLivenessAnalysis::dumpResults):
* bytecode/BytecodeLivenessAnalysis.h:
* bytecode/BytecodeLivenessAnalysisInlines.h:
(JSC::BytecodeLivenessPropagation::stepOverBytecodeIndexDef):
(JSC::BytecodeLivenessPropagation::stepOverBytecodeIndexUse):
(JSC::BytecodeLivenessPropagation::stepOverBytecodeIndexUseInExceptionHandler):
(JSC::BytecodeLivenessPropagation::stepOverBytecodeIndex):
(JSC::BytecodeLivenessPropagation::stepOverInstruction):
(JSC::BytecodeLivenessPropagation::computeLocalLivenessForInstruction):
(JSC::BytecodeLivenessPropagation::computeLocalLivenessForBlock):
(JSC::BytecodeLivenessPropagation::getLivenessInfoAtInstruction):
(JSC::BytecodeLivenessPropagation::runLivenessFixpoint):
* bytecode/BytecodeRewriter.cpp:
(JSC::BytecodeRewriter::insertImpl):
(JSC::BytecodeRewriter::adjustJumpTargets):
* bytecode/BytecodeRewriter.h:
(JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
(JSC::BytecodeRewriter::Fragment::Fragment):
(JSC::BytecodeRewriter::BytecodeRewriter):
(JSC::BytecodeRewriter::insertFragmentBefore):
(JSC::BytecodeRewriter::insertFragmentAfter):
(JSC::BytecodeRewriter::replaceBytecodeWithFragment):
(JSC::BytecodeRewriter::adjustAbsoluteOffset):
(JSC::BytecodeRewriter::adjustJumpTarget):
* bytecode/BytecodeUseDef.cpp:
(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeIndex):
(JSC::computeDefsForBytecodeIndex):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::hasOpDebugForLineAndColumn):
(JSC::CodeBlock::notifyLexicalBindingUpdate):
(JSC::CodeBlock::validate):
(JSC::CodeBlock::outOfLineJumpOffset):
(JSC::CodeBlock::outOfLineJumpTarget):
(JSC::CodeBlock::binaryArithProfileForPC):
(JSC::CodeBlock::unaryArithProfileForPC):
(JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::outOfLineJumpOffset):
(JSC::CodeBlock::bytecodeOffset):
(JSC::CodeBlock::bytecodeIndex):
(JSC::CodeBlock::instructions const):
(JSC::CodeBlock::instructionAt const):
* bytecode/Instruction.h:
(JSC::BaseInstruction::opcodeID const):
(JSC::BaseInstruction::name const):
(JSC::BaseInstruction::isWide16 const):
(JSC::BaseInstruction::isWide32 const):
(JSC::BaseInstruction::width const):
(JSC::BaseInstruction::hasMetadata const):
(JSC::BaseInstruction::hasCheckpoints const):
(JSC::BaseInstruction::numberOfCheckpoints const):
(JSC::BaseInstruction::sizeShiftAmount const):
(JSC::BaseInstruction::opcodeIDWidth const):
(JSC::BaseInstruction::opcodeIDBytes const):
(JSC::BaseInstruction::size const):
(JSC::BaseInstruction::is const):
(JSC::BaseInstruction::as const):
(JSC::BaseInstruction::asKnownWidth const):
(JSC::BaseInstruction::cast):
(JSC::BaseInstruction::cast const):
(JSC::BaseInstruction::wide16 const):
(JSC::BaseInstruction::wide32 const):
* bytecode/InstructionStream.cpp:
(JSC::InstructionStream::InstructionStream): Deleted.
(JSC::InstructionStream::sizeInBytes const): Deleted.
(JSC::InstructionStream::contains const): Deleted.
* bytecode/InstructionStream.h:
(JSC::InstructionStream::sizeInBytes const):
(JSC::InstructionStream::BaseRef::operator-> const):
(JSC::InstructionStream::BaseRef::ptr const):
(JSC::InstructionStream::BaseRef::unwrap const):
(JSC::InstructionStream::MutableRef::operator->):
(JSC::InstructionStream::MutableRef::operator-> const):
(JSC::InstructionStream::MutableRef::ptr):
(JSC::InstructionStream::MutableRef::ptr const):
(JSC::InstructionStream::MutableRef::unwrap):
(JSC::InstructionStream::MutableRef::unwrap const):
(JSC::InstructionStream::iterator::operator++):
(JSC::InstructionStream::contains const):
(JSC::InstructionStream::InstructionStream):
(JSC::InstructionStreamWriter::InstructionStreamWriter):
(JSC::InstructionStreamWriter::finalize):
(JSC::InstructionStreamWriter::swap):
(JSC::InstructionStreamWriter::iterator::operator++):
* bytecode/Opcode.h:
* bytecode/OpcodeInlines.h:
(JSC::isOpcodeShape):
* bytecode/OpcodeSize.h:
* bytecode/PreciseJumpTargets.cpp:
(JSC::getJumpTargetsForInstruction):
(JSC::computePreciseJumpTargetsInternal):
(JSC::computePreciseJumpTargets):
(JSC::recomputePreciseJumpTargets):
(JSC::findJumpTargetsForInstruction):
* bytecode/PreciseJumpTargets.h:
* bytecode/PreciseJumpTargetsInlines.h:
(JSC::jumpTargetForInstruction):
(JSC::extractStoredJumpTargetsForInstruction):
(JSC::updateStoredJumpTargetsForInstruction):
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::dumpLineColumnEntry):
(JSC::UnlinkedCodeBlock::instructions const):
(JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::instructionAt const):
(JSC::UnlinkedCodeBlock::bytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
(JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
* bytecode/UnlinkedCodeBlockGenerator.cpp:
(JSC::UnlinkedCodeBlockGenerator::finalize):
(JSC::UnlinkedCodeBlockGenerator::applyModification):
(JSC::UnlinkedCodeBlockGenerator::addOutOfLineJumpTarget):
(JSC::UnlinkedCodeBlockGenerator::outOfLineJumpOffset):
* bytecode/UnlinkedCodeBlockGenerator.h:
(JSC::UnlinkedCodeBlockGenerator::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlockGenerator::outOfLineJumpOffset):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::instructions const):
(JSC::BytecodeGenerator::withWriter):
* bytecompiler/BytecodeGeneratorBase.h:
* bytecompiler/BytecodeGeneratorBaseInlines.h:
(JSC::BytecodeGeneratorBase<Traits>::recordOpcode):
(JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode16):
(JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode32):
* bytecompiler/StaticPropertyAnalysis.h:
(JSC::StaticPropertyAnalysis::create):
(JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
* bytecompiler/StaticPropertyAnalyzer.h:
(JSC::StaticPropertyAnalyzer::createThis):
(JSC::StaticPropertyAnalyzer::newObject):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleVarargsCall):
(JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
(JSC::DFG::ByteCodeParser::inlineCall):
(JSC::DFG::ByteCodeParser::parseGetById):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGCapabilities.h:
(JSC::DFG::capabilityLevel):
* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::callerReturnPC):
(JSC::DFG::adjustAndJumpToTarget):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileLoopHint):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* ftl/FTLOperations.cpp:
(JSC::FTL::JSC_DEFINE_JIT_OPERATION):
* generator/Argument.rb:
* generator/DSL.rb:
* generator/Opcode.rb:
* interpreter/AbstractPC.h:
* interpreter/CallFrame.cpp:
(JSC::CallFrame::currentVPC const):
(JSC::CallFrame::setCurrentVPC):
* interpreter/CallFrame.h:
* interpreter/Interpreter.cpp:
(JSC::CatchInfo::CatchInfo):
* interpreter/Interpreter.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_jless):
(JSC::JIT::emit_op_jlesseq):
(JSC::JIT::emit_op_jgreater):
(JSC::JIT::emit_op_jgreatereq):
(JSC::JIT::emit_op_jnless):
(JSC::JIT::emit_op_jnlesseq):
(JSC::JIT::emit_op_jngreater):
(JSC::JIT::emit_op_jngreatereq):
(JSC::JIT::emitSlow_op_jless):
(JSC::JIT::emitSlow_op_jlesseq):
(JSC::JIT::emitSlow_op_jgreater):
(JSC::JIT::emitSlow_op_jgreatereq):
(JSC::JIT::emitSlow_op_jnless):
(JSC::JIT::emitSlow_op_jnlesseq):
(JSC::JIT::emitSlow_op_jngreater):
(JSC::JIT::emitSlow_op_jngreatereq):
(JSC::JIT::emit_op_below):
(JSC::JIT::emit_op_beloweq):
(JSC::JIT::emit_op_jbelow):
(JSC::JIT::emit_op_jbeloweq):
(JSC::JIT::emit_op_unsigned):
(JSC::JIT::emit_compareAndJump):
(JSC::JIT::emit_compareUnsignedAndJump):
(JSC::JIT::emit_compareUnsigned):
(JSC::JIT::emit_compareAndJumpSlow):
(JSC::JIT::emit_op_inc):
(JSC::JIT::emit_op_dec):
(JSC::JIT::emit_op_mod):
(JSC::JIT::emitSlow_op_mod):
(JSC::JIT::emit_op_pow):
(JSC::JIT::emitSlow_op_pow):
(JSC::JIT::emit_op_negate):
(JSC::JIT::emitSlow_op_negate):
(JSC::JIT::emitBitBinaryOpFastPath):
(JSC::JIT::emit_op_bitnot):
(JSC::JIT::emit_op_bitand):
(JSC::JIT::emit_op_bitor):
(JSC::JIT::emit_op_bitxor):
(JSC::JIT::emit_op_lshift):
(JSC::JIT::emitRightShiftFastPath):
(JSC::JIT::emit_op_rshift):
(JSC::JIT::emit_op_urshift):
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):
(JSC::JIT::emitMathICFast):
(JSC::JIT::emitMathICSlow):
(JSC::JIT::emit_op_div):
(JSC::JIT::emit_op_mul):
(JSC::JIT::emitSlow_op_mul):
(JSC::JIT::emit_op_sub):
(JSC::JIT::emitSlow_op_sub):
* jit/JITCall.cpp:
(JSC::JIT::emit_op_ret):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_tail_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_tail_call_varargs):
(JSC::JIT::emit_op_tail_call_forward_arguments):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::emit_op_construct):
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_tail_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_forward_arguments):
(JSC::JIT::emitSlow_op_construct_varargs):
(JSC::JIT::emitSlow_op_construct):
(JSC::JIT::emit_op_iterator_open):
(JSC::JIT::emitSlow_op_iterator_open):
(JSC::JIT::emit_op_iterator_next):
(JSC::JIT::emitSlow_op_iterator_next):
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITInlines.h:
(JSC::JIT::fastPathResumePoint const):
(JSC::JIT::jumpTarget):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_mov):
(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_jmp):
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_overrides_has_instance):
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emit_op_is_empty):
(JSC::JIT::emit_op_typeof_is_undefined):
(JSC::JIT::emit_op_is_undefined_or_null):
(JSC::JIT::emit_op_is_boolean):
(JSC::JIT::emit_op_is_number):
(JSC::JIT::emit_op_is_big_int):
(JSC::JIT::emit_op_is_cell_with_type):
(JSC::JIT::emit_op_is_object):
(JSC::JIT::emit_op_to_primitive):
(JSC::JIT::emit_op_to_property_key):
(JSC::JIT::emit_op_set_function_name):
(JSC::JIT::emit_op_not):
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_jundefined_or_null):
(JSC::JIT::emit_op_jnundefined_or_null):
(JSC::JIT::emit_op_jeq_ptr):
(JSC::JIT::emit_op_jneq_ptr):
(JSC::JIT::emit_op_eq):
(JSC::JIT::emit_op_jeq):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emit_op_neq):
(JSC::JIT::emit_op_jneq):
(JSC::JIT::emit_op_throw):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emit_op_stricteq):
(JSC::JIT::emit_op_nstricteq):
(JSC::JIT::compileOpStrictEqJump):
(JSC::JIT::emit_op_jstricteq):
(JSC::JIT::emit_op_jnstricteq):
(JSC::JIT::emitSlow_op_jstricteq):
(JSC::JIT::emitSlow_op_jnstricteq):
(JSC::JIT::emit_op_to_number):
(JSC::JIT::emit_op_to_numeric):
(JSC::JIT::emit_op_to_string):
(JSC::JIT::emit_op_to_object):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_identity_with_profile):
(JSC::JIT::emit_op_get_parent_scope):
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_switch_char):
(JSC::JIT::emit_op_switch_string):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emit_op_get_scope):
(JSC::JIT::emit_op_to_this):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emit_op_check_tdz):
(JSC::JIT::emitSlow_op_eq):
(JSC::JIT::emitSlow_op_neq):
(JSC::JIT::emitSlow_op_jeq):
(JSC::JIT::emitSlow_op_jneq):
(JSC::JIT::emit_op_debug):
(JSC::JIT::emit_op_loop_hint):
(JSC::JIT::emitSlow_op_loop_hint):
(JSC::JIT::emit_op_check_traps):
(JSC::JIT::emit_op_nop):
(JSC::JIT::emit_op_super_sampler_begin):
(JSC::JIT::emit_op_super_sampler_end):
(JSC::JIT::emitSlow_op_check_traps):
(JSC::JIT::emit_op_new_regexp):
(JSC::JIT::emitNewFuncCommon):
(JSC::JIT::emit_op_new_func):
(JSC::JIT::emit_op_new_generator_func):
(JSC::JIT::emit_op_new_async_generator_func):
(JSC::JIT::emit_op_new_async_func):
(JSC::JIT::emitNewFuncExprCommon):
(JSC::JIT::emit_op_new_func_exp):
(JSC::JIT::emit_op_new_generator_func_exp):
(JSC::JIT::emit_op_new_async_func_exp):
(JSC::JIT::emit_op_new_async_generator_func_exp):
(JSC::JIT::emit_op_new_array):
(JSC::JIT::emit_op_new_array_with_size):
(JSC::JIT::emit_op_profile_type):
(JSC::JIT::emit_op_log_shadow_chicken_prologue):
(JSC::JIT::emit_op_log_shadow_chicken_tail):
(JSC::JIT::emit_op_profile_control_flow):
(JSC::JIT::emit_op_argument_count):
(JSC::JIT::emit_op_get_rest_length):
(JSC::JIT::emit_op_get_argument):
(JSC::JIT::emit_op_get_prototype_of):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_eq):
(JSC::JIT::emit_op_neq):
(JSC::JIT::emit_op_jeq):
(JSC::JIT::emit_op_jneq):
(JSC::JIT::emitSlow_op_eq):
(JSC::JIT::emitSlow_op_neq):
(JSC::JIT::emitSlow_op_jeq):
(JSC::JIT::emitSlow_op_jneq):
(JSC::JIT::emit_op_stricteq):
(JSC::JIT::emit_op_nstricteq):
(JSC::JIT::emit_op_jstricteq):
(JSC::JIT::emit_op_jnstricteq):
(JSC::JIT::emitSlow_op_jstricteq):
(JSC::JIT::emitSlow_op_jnstricteq):
* jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_get_private_name):
(JSC::JIT::emitSlow_op_get_private_name):
(JSC::JIT::emit_op_set_private_brand):
(JSC::JIT::emitSlow_op_set_private_brand):
(JSC::JIT::emit_op_check_private_brand):
(JSC::JIT::emitSlow_op_check_private_brand):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_by_val_direct):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emitSlow_op_put_private_name):
(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):
(JSC::JIT::emit_op_put_getter_setter_by_id):
(JSC::JIT::emit_op_put_getter_by_val):
(JSC::JIT::emit_op_put_setter_by_val):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emitSlow_op_del_by_id):
(JSC::JIT::emit_op_del_by_val):
(JSC::JIT::emitSlow_op_del_by_val):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id_direct):
(JSC::JIT::emitSlow_op_get_by_id_direct):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::emit_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_id):
(JSC::JIT::emit_op_in_by_val):
(JSC::JIT::emitSlow_op_in_by_val):
(JSC::JIT::emit_op_has_private_name):
(JSC::JIT::emitSlow_op_has_private_name):
(JSC::JIT::emit_op_has_private_brand):
(JSC::JIT::emitSlow_op_has_private_brand):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emit_op_get_from_arguments):
(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_get_internal_field):
(JSC::JIT::emit_op_put_internal_field):
(JSC::JIT::emit_op_get_property_enumerator):
(JSC::JIT::emit_op_enumerator_next):
(JSC::JIT::emit_op_enumerator_get_by_val):
(JSC::JIT::emitSlow_op_enumerator_get_by_val):
(JSC::JIT::emit_op_enumerator_in_by_val):
(JSC::JIT::emit_op_enumerator_has_own_property):
* llint/LLIntData.cpp:
(JSC::LLInt::initialize):
* llint/LLIntData.h:
(JSC::LLInt::exceptionInstructions):
(JSC::LLInt::wasmExceptionInstructions):
* llint/LLIntExceptions.cpp:
(JSC::LLInt::returnToThrow):
(JSC::LLInt::wasmReturnToThrow):
* llint/LLIntExceptions.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::llint_trace_operand):
(JSC::LLInt::llint_trace_value):
(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::performLLIntGetByID):
(JSC::LLInt::varargsSetup):
(JSC::LLInt::commonCallEval):
(JSC::LLInt::dispatchToNextInstructionDuringExit):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter.cpp:
(JSC::CLoopRegister::operator const JSInstruction*):
(JSC::CLoop::execute):
(JSC::CLoopRegister::operator const Instruction*): Deleted.
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* llint/WebAssembly.asm:
* runtime/CachedTypes.cpp:
(JSC::CachedInstructionStream::encode):
(JSC::CachedInstructionStream::decode const):
(JSC::CachedCodeBlock::instructions const):
* runtime/CommonSlowPaths.cpp:
(JSC::updateArithProfileForBinaryArithOp):
(JSC::iteratorOpenTryFastImpl):
(JSC::iteratorNextTryFastImpl):
* runtime/CommonSlowPaths.h:
* runtime/JSCConfig.h:
* runtime/JSCJSValue.h:
* runtime/SlowPathFunction.h:
* runtime/VM.cpp:
(JSC::VM::addLoopHintExecutionCounter):
(JSC::VM::getLoopHintExecutionCounter):
(JSC::VM::removeLoopHintExecutionCounter):
* runtime/VM.h:
* wasm/WasmCallee.cpp:
(JSC::Wasm::LLIntCallee::LLIntCallee):
(JSC::Wasm::LLIntCallee::outOfLineJumpOffset):
(JSC::Wasm::LLIntCallee::outOfLineJumpTarget):
* wasm/WasmCallee.h:
* wasm/WasmFunctionCodeBlockGenerator.cpp:
(JSC::Wasm::FunctionCodeBlockGenerator::setInstructions):
(JSC::Wasm::FunctionCodeBlockGenerator::addOutOfLineJumpTarget):
(JSC::Wasm::FunctionCodeBlockGenerator::outOfLineJumpOffset):
* wasm/WasmFunctionCodeBlockGenerator.h:
(JSC::Wasm::FunctionCodeBlockGenerator::constantRegisters const):
(JSC::Wasm::FunctionCodeBlockGenerator::instructions const):
(JSC::Wasm::FunctionCodeBlockGenerator::addJumpTarget):
(JSC::Wasm::FunctionCodeBlockGenerator::numberOfJumpTargets):
(JSC::Wasm::FunctionCodeBlockGenerator::lastJumpTarget):
(JSC::Wasm::FunctionCodeBlockGenerator::outOfLineJumpOffset):
(JSC::Wasm::FunctionCodeBlockGenerator::bytecodeOffset):
(JSC::Wasm::FunctionCodeBlockGenerator::tierUpCounter):
* wasm/WasmGeneratorTraits.h:
* wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::addSwitch):
(JSC::GenericLabel<Wasm::GeneratorTraits>::setLocation):
* wasm/WasmLLIntTierUpCounter.cpp:
(JSC::Wasm::LLIntTierUpCounter::addOSREntryDataForLoop):
(JSC::Wasm::LLIntTierUpCounter::osrEntryDataForLoop const const):
* wasm/WasmLLIntTierUpCounter.h:
(JSC::Wasm::LLIntTierUpCounter::LLIntTierUpCounter):
* wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
(JSC::LLInt::slow_path_wasm_throw_exception):
(JSC::LLInt::slow_path_wasm_popcount):
(JSC::LLInt::slow_path_wasm_popcountll):
* wasm/WasmSlowPaths.h:
2022-03-01 Devin Rousso <drousso@apple.com>
Web Inspector: add a switch to control whether breakpoint evaluations (condition, ignore count, actions) are also affected by script blackboxing
https://bugs.webkit.org/show_bug.cgi?id=235274
Reviewed by Patrick Angle.
Being able to defer breakpoint evaluations until the next actual pause can sometimes be far
more useful than doing the breakpoint evaluations at the breakpoint's original location.
As an example, configuring the All Events breakpoint with a `console.trace()` action and
auto-continue enabled would not provide much useful information without also blackboxing
breakpoint evaluations as the original pause location of the All Events breakpoint is on the
first line of the event handler, meaning that if the script containing the event handler is
blackboxed then the `console.trace()` would still only show that location even though the
Sources Tab would show the first line of code outside of that script (due to the blackbox).
Being able to also blackbox breakpoint evaluations would instead cause the `console.trace()`
action to have the same output as the Sources Tab, since it's evaluation would be deferred
until execution actually paused, which is further inside the event handler.
* debugger/Debugger.cpp:
(JSC::Debugger::Debugger):
(JSC::Debugger::didHitBreakpoint):
(JSC::Debugger::evaluateBreakpointCondition):
(JSC::Debugger::continueProgram):
(JSC::Debugger::pauseIfNeeded):
(JSC::Debugger::didExecuteProgram):
(JSC::Debugger::setBlackboxBreakpointEvaluations): Added.
Keep track of every `Breakpoint` wants to pause but is deferred due to blackboxing.
Depending on whether breakpoint evaluations are also blackboxed (based on the flag set via
the piping code/logic below), check if the script attempting to be paused in is blackboxed
before or after handling breakpoint evaluations.
Side effects of this change are:
- breakpoint conditions are now evaluated right before that breakpoint's actions, instead of
evaluating all breakpoint conditions before all breakpoint actions
- if breakpoint evaluations are blackboxed, more than two breakpoints can now be evaluated
during a single pause attempt depending on how may deferrals (with breakpoints) happened
* debugger/Debugger.h:
(JSC::Debugger::Observer::didDeferBreakpointPause): Added.
Add a way to notify `InspectorDebuggerAgent` of deferred breakpoint pauses so that the
correct `originalReason` will be used after a deferred pause.
* inspector/protocol/Debugger.json:
* inspector/agents/InspectorDebuggerAgent.h:
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::setBlackboxBreakpointEvaluations): Added.
(Inspector::InspectorDebuggerAgent::didDeferBreakpointPause): Added.
Add a `setBlackboxBreakpointEvaluations` command that passes directly to `Debugger`.
2022-03-01 Saam Barati <sbarati@apple.com>
Add a DeferTraps scope
https://bugs.webkit.org/show_bug.cgi?id=237306
<rdar://83494949>
Reviewed by Mark Lam.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::noticeIncomingCall):
* bytecode/CodeBlock.h:
* bytecode/RepatchInlines.h:
(JSC::linkFor):
(JSC::virtualForWithFunction):
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):
* interpreter/InterpreterInlines.h:
(JSC::Interpreter::execute):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::installCode):
* runtime/VMTraps.cpp:
(JSC::VMTraps::handleTraps):
(JSC::VMTraps::takeTopPriorityTrap):
* runtime/VMTraps.h:
(JSC::VMTraps::needHandling const):
(JSC::VMTraps::hasTrapBit):
(JSC::VMTraps::setTrapBit):
* runtime/VMTrapsInlines.h:
(JSC::DeferTraps::DeferTraps):
(JSC::DeferTraps::~DeferTraps):
2022-03-01 Fujii Hironori <Hironori.Fujii@sony.com>
WTF::SentinelLinkedList::iterator should have operator++ for range-for loop
https://bugs.webkit.org/show_bug.cgi?id=237265
Reviewed by Yusuke Suzuki.
SentinelLinkedList::iterator isn't a pointer of node now, it
should be deferenced before comparing with a pointer.
* bytecode/Watchpoint.cpp:
(JSC::WatchpointSet::fireAllWatchpoints):
* heap/HandleSet.cpp:
(JSC::HandleSet::visitStrongHandles):
(JSC::HandleSet::protectedGlobalObjectCount):
* heap/HandleSet.h:
(JSC::HandleSet::forEachStrongHandle):
* heap/IsoSubspace.cpp:
(JSC::IsoSubspace::tryAllocateFromLowerTier):
* heap/SubspaceInlines.h:
(JSC::Subspace::forEachPreciseAllocation):
* jsc.cpp:
(Workers::broadcast):
2022-03-01 Michael Catanzaro <mcatanzaro@gnome.org>
Misc compiler warnings, late Feb 2022 edition
https://bugs.webkit.org/show_bug.cgi?id=237275
Reviewed by Adrian Perez de Castro.
Suppress suspected false-positive -Wstringop-overflow and -Wformat-overflow warnings. Also,
remove an unused variable.
* API/tests/MultithreadedMultiVMExecutionTest.cpp:
(startMultithreadedMultiVMExecutionTest):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* ftl/FTLOSRExit.cpp:
(JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
* yarr/YarrJIT.cpp:
2022-03-01 Alex Christensen <achristensen@webkit.org>
[AppleWin] Start using Visual Studio 2022
https://bugs.webkit.org/show_bug.cgi?id=234933
Reviewed by Maciej Stachowiak.
* JavaScriptCore.vcxproj/JavaScriptCore.proj:
2022-03-01 Geza Lore <glore@igalia.com>
[JSC] Port EXTRA_CTI_THUNKS to all platforms
https://bugs.webkit.org/show_bug.cgi?id=233822
Reviewed by Saam Barati.
Port and enable all code paths under #ifdef ENABLE(EXTRA_CTI_THUNKS)
on all platforms, and remove the now unused code paths.
To port the extra thunks to all platforms, it was necessary to enable
them to do function calls to C++ slow path operations, which on some
platforms require passing arguments on the stack. To enable this,
CCallHelpers::emitCTIThunkPrologue and
CCallHelpers::emitCTIThunkEpilogue are introduced that allocate some
additional stack space on platforms where this is necessary.
Additionally, the thunks that require subsequent exception checking
now tail call directly to the exception check thunk, rather than
returning to the baseline code and do a separate call to the exception
check thunk. This saves an extra call site in the generated baseline
ops and reduces code size on all platforms (~1.5% reduction on x86_64).
Also factored out the statically allocated register definitions for
baseline ops into BaselineJITRegisters.h, as there are now quite a lot
of them and some are somewhat elaborate. This necessitates moving the
noOverlap and preferredArgumentGPR/preferredArgumentJSR constexpr
functions out from their previous place, so these now live in
GPRInfo.h
Enabling the extra CTI thunks on ARMv7/Thumb-2 saves about 25%
baseline code size, according to --dumpLinkBufferStats.
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::subPtr):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::scratchRegister):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::sub64):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessGenerationState::emitExplicitExceptionHandler):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::initializeFromUnlinkedStructureStubInfo):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
* ftl/FTLCompile.cpp:
(JSC::FTL::compile):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::emitCTIThunkPrologue):
(JSC::CCallHelpers::emitCTIThunkEpilogue):
* jit/JIT.cpp:
(JSC::JIT::emitSlowCaseCall):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::compileAndLinkWithoutFinalizing):
(JSC::JIT::link):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emitSlow_op_mod):
(JSC::JIT::emit_op_mod):
(JSC::JIT::emit_op_div):
* jit/JITCall.cpp:
(JSC::JIT::emit_op_iterator_open):
(JSC::JIT::emit_op_iterator_next):
(JSC::JIT::emitSlow_op_iterator_next):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITGetByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITGetByIdWithThisGenerator::generateBaselineDataICFastPath):
(JSC::JITPutByIdGenerator::generateBaselineDataICFastPath):
* jit/JITInlineCacheGenerator.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::valueIsFalseyGenerator):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::valueIsTruthyGenerator):
(JSC::JIT::emit_op_throw):
(JSC::JIT::op_throw_handlerGenerator):
(JSC::JIT::emit_op_enter):
(JSC::JIT::op_enter_handlerGenerator):
(JSC::JIT::emitSlow_op_check_traps):
(JSC::JIT::op_check_traps_handlerGenerator):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::generateGetByValSlowCase):
(JSC::JIT::slow_op_get_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_get_private_name):
(JSC::JIT::emitSlow_op_get_private_name):
(JSC::JIT::slow_op_get_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_set_private_brand):
(JSC::JIT::emitSlow_op_set_private_brand):
(JSC::JIT::emit_op_check_private_brand):
(JSC::JIT::emitSlow_op_check_private_brand):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emitSlow_op_put_private_name):
(JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emitSlow_op_del_by_id):
(JSC::JIT::slow_op_del_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_del_by_val):
(JSC::JIT::emitSlow_op_del_by_val):
(JSC::JIT::slow_op_del_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id_direct):
(JSC::JIT::emitSlow_op_get_by_id_direct):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::slow_op_get_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
(JSC::JIT::slow_op_get_by_id_with_this_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::slow_op_put_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emitSlow_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_val):
(JSC::JIT::emitHasPrivateSlow):
(JSC::JIT::emitSlow_op_has_private_name):
(JSC::JIT::emitSlow_op_has_private_brand):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::slow_op_put_to_scopeGenerator):
(JSC::JIT::emit_op_get_property_enumerator):
(JSC::JIT::emit_op_enumerator_next):
(JSC::JIT::emit_enumerator_has_propertyImpl):
(JSC::JIT::emit_op_enumerator_get_by_val):
(JSC::JIT::emit_op_enumerator_in_by_val):
(JSC::JIT::emit_op_enumerator_has_own_property):
* jit/JITThunks.cpp:
* jit/JITThunks.h:
* jit/SlowPathCall.cpp:
(JSC::JITSlowPathCall::call):
(JSC::JITSlowPathCall::generateThunk):
* jit/SlowPathCall.h:
(JSC::JITSlowPathCall::JITSlowPathCall):
* jit/ThunkGenerators.cpp:
(JSC::handleExceptionGenerator):
(JSC::checkExceptionGenerator):
* jit/ThunkGenerators.h:
2022-02-28 Devin Rousso <drousso@apple.com>
Web Inspector: [Flexbox] Add options to show each area's CSS `order` and/or DOM index in the parent flex container
https://bugs.webkit.org/show_bug.cgi?id=237215
Reviewed by Patrick Angle.
This will help developers better understand how CSS `order` and the DOM index of each flex
item interact and result in what's eventually rendered.
* inspector/protocol/DOM.json:
Add an optional boolean parameter to `DOM.showFlexOverlay`:
- `showOrderNumbers` controls whether labels with the computed CSS `order` value are shown
over each flex item's area.
2022-02-28 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use DeferTerminationForAWhile in Interpreter::unwind
https://bugs.webkit.org/show_bug.cgi?id=237176
Reviewed by Mark Lam.
If we're unwinding the stack due to a regular exception (not a TerminationException), then
we want to use a DeferTerminationForAWhile scope. This is because we want to avoid a
TerminationException being raised (due to a concurrent termination request) in the middle
of unwinding. The unwinding code only checks if we're handling a TerminationException before
it starts unwinding and is not expecting this status to change in the middle. Without the
DeferTerminationForAWhile scope, control flow may end up in an exception handler, and effectively
"catch" the newly raised TerminationException, which should not be catchable.
On the other hand, if we're unwinding the stack due to a TerminationException, we do not need
nor want the DeferTerminationForAWhile scope. This is because on exit, DeferTerminationForAWhile
will set the VMTraps NeedTermination bit if termination is in progress. The system expects the
NeedTermination bit to be have been cleared by VMTraps::handleTraps() once the TerminationException
has been raised. Some legacy client apps relies on this and expects to be able to re-enter the
VM after it exits due to termination. If the NeedTermination bit is set, upon re-entry, the
VM will behave as if a termination request is pending and terminate almost immediately, thereby
breaking the legacy client apps.
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::notifyDebuggerOfUnwinding):
(JSC::sanitizeRemoteFunctionException):
(JSC::Interpreter::unwind):
(JSC::notifyDebuggerOfUnwinding): Deleted.
2022-02-28 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Reuse known register values on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=237207
Reviewed by Žan Doberšek.
Set up a CachedTempRegister for each of addressTempRegister,
dataTempRegister on ARMv7 and use them to generate shorter instruction
sequences when possible.
Saves 1.5-2% of code size on JS2 with no measurable difference in
performance.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::CachedTempRegister::value):
* assembler/MacroAssemblerARMv7.cpp:
(JSC::MacroAssembler::probe):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::MacroAssemblerARMv7):
(JSC::MacroAssemblerARMv7::add32):
(JSC::MacroAssemblerARMv7::getEffectiveAddress):
(JSC::MacroAssemblerARMv7::add64):
(JSC::MacroAssemblerARMv7::lshift32):
(JSC::MacroAssemblerARMv7::mul32):
(JSC::MacroAssemblerARMv7::rshift32):
(JSC::MacroAssemblerARMv7::urshift32):
(JSC::MacroAssemblerARMv7::load32):
(JSC::MacroAssemblerARMv7::load16):
(JSC::MacroAssemblerARMv7::load16SignedExtendTo32):
(JSC::MacroAssemblerARMv7::load8):
(JSC::MacroAssemblerARMv7::load8SignedExtendTo32):
(JSC::MacroAssemblerARMv7::loadPair32):
(JSC::MacroAssemblerARMv7::store8):
(JSC::MacroAssemblerARMv7::storePair32):
(JSC::MacroAssemblerARMv7::loadDouble):
(JSC::MacroAssemblerARMv7::loadFloat):
(JSC::MacroAssemblerARMv7::storeDouble):
(JSC::MacroAssemblerARMv7::storeFloat):
(JSC::MacroAssemblerARMv7::branchTruncateDoubleToInt32):
(JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
(JSC::MacroAssemblerARMv7::long_move):
(JSC::MacroAssemblerARMv7::short_move):
(JSC::MacroAssemblerARMv7::move):
(JSC::MacroAssemblerARMv7::compare32AndSetFlags):
(JSC::MacroAssemblerARMv7::branch8):
(JSC::MacroAssemblerARMv7::branchTest8):
(JSC::MacroAssemblerARMv7::branchTest16):
(JSC::MacroAssemblerARMv7::farJump):
(JSC::MacroAssemblerARMv7::branchMul32):
(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::nearTailCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::compare8):
(JSC::MacroAssemblerARMv7::test8):
(JSC::MacroAssemblerARMv7::jump):
(JSC::MacroAssemblerARMv7::makeBranch):
(JSC::MacroAssemblerARMv7::setupArmAddress):
(JSC::MacroAssemblerARMv7::makeBaseIndexBase):
(JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
(JSC::MacroAssemblerARMv7::cachedDataTempRegister):
(JSC::MacroAssemblerARMv7::cachedAddressTempRegister):
(JSC::MacroAssemblerARMv7::getCachedDataTempRegisterIDAndInvalidate):
(JSC::MacroAssemblerARMv7::getCachedAddressTempRegisterIDAndInvalidate):
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::emitFastPathImpl):
2022-02-27 Chris Dumez <cdumez@apple.com>
Omit template parameter for SetForScope<> variables
https://bugs.webkit.org/show_bug.cgi?id=237258
Reviewed by Darin Adler.
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitNode):
* debugger/Debugger.cpp:
(JSC::Debugger::dispatchFunctionToObservers):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::setLocalOrTmp):
(JSC::DFG::ByteCodeParser::setArgument):
* inspector/InspectorBackendDispatcher.cpp:
(Inspector::BackendDispatcher::dispatch):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::parseAsyncFunctionSourceElements):
(JSC::Parser<LexerType>::parseAsyncGeneratorFunctionSourceElements):
(JSC::Parser<LexerType>::parseFunctionBody):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseFunctionDeclaration):
(JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parseGetterSetter):
(JSC::Parser<LexerType>::parseFunctionExpression):
(JSC::Parser<LexerType>::parseAsyncFunctionExpression):
(JSC::Parser<LexerType>::parseArrowFunctionExpression):
2022-02-26 Basuke Suzuki <basuke.suzuki@sony.com>
Remove UNUSED warnings for non-Cocoa platform after r290449
https://bugs.webkit.org/show_bug.cgi?id=237233
Reviewed by Darin Adler.
* runtime/JSDateMath.cpp:
2022-02-24 Mark Lam <mark.lam@apple.com>
Remove incorrect ASSERT.
https://bugs.webkit.org/show_bug.cgi?id=237185
<rdar://problem/83902782>
Reviewed by Yusuke Suzuki.
These debug ASSERTs were added in http://trac.webkit.org/r283632 back when we
weren't sure that the StringImpl pointer can be null or not. We're now certain
that the StringImpl pointer can be null because:
The site of the ASSERT looks like this:
```
auto* impl = string->tryGetValueImpl();
ASSERT(impl); // FIXME: rdar://83902782
if (impl && impl->isAtom() &&
...
```
... where string is a JSString, which can also be a JSRopeString.
JSString::tryGetValueImpl() is:
```
inline const StringImpl* JSString::tryGetValueImpl() const
{
uintptr_t pointer = fiberConcurrently();
if (pointer & isRopeInPointer)
return nullptr;
return bitwise_cast<StringImpl*>(pointer);
}
```
If string is a JSRopeString, the returned impl will be null. Hence, the ASSERT is
invalid and should be removed.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::handlePutByVal):
2022-02-25 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r290516.
https://bugs.webkit.org/show_bug.cgi?id=237222
broke debug tests
Reverted changeset:
"[JSC] Use DeferTerminationForAWhile in Interpreter::unwind"
https://bugs.webkit.org/show_bug.cgi?id=237176
https://commits.webkit.org/r290516
2022-02-25 Mark Lam <mark.lam@apple.com>
operationMaterializeObjectInOSR should DeferTerminationForAWhile instead of just DeferTermination.
https://bugs.webkit.org/show_bug.cgi?id=237173
rdar://problem/89450245
Reviewed by Yusuke Suzuki.
DeferTermination can throw the TerminationException on destruction of the scope
object. operationMaterializeObjectInOSR() was using DeferTermination, resulting
in the TerminationException being thrown on exit. This trips up
validateDFGExceptionHandling testing (which is enabled on Debug builds) because the
TerminationException is unexpected. The solution is simply to use
DeferTerminationForAWhile instead, and let a more natural trap checkpoint throw
the TerminationException later.
Also refactored notifyDebuggerOfUnwinding() to return early if a debugger is not
present. This avoids unnecessarily entering and exiting a DeferTermination scope
in notifyDebuggerOfUnwinding(). This was observed while testing this change on
the attached test case.
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):
* interpreter/Interpreter.cpp:
(JSC::notifyDebuggerOfUnwinding):
2022-02-24 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use DeferTerminationForAWhile in Interpreter::unwind
https://bugs.webkit.org/show_bug.cgi?id=237176
Reviewed by Mark Lam.
Interpreter::unwind calls sanitizeRemoteFunctionException, which would like to create scope (but it
does not have user observable behavior). Problem is that, since it is creating a scope, it can throw
a termination exception. We were using DeferTermination, but destructor of this scope can still set
termination exception, which results in throwing a termination exception for the error handler.
We use DeferTerminationForAWhile in the prologue of the Interpreter::unwind to ensure that this function
will not accept termination exception coming concurrently.
* interpreter/Interpreter.cpp:
(JSC::sanitizeRemoteFunctionException):
(JSC::Interpreter::unwind):
2022-02-25 Patrick Angle <pangle@apple.com>
Web Inspector: [Cocoa] Split remote inspector message data into smaller chunks for large messages
https://bugs.webkit.org/show_bug.cgi?id=237110
<rdar://89364487>
Reviewed by Devin Rousso.
Messages over 2 MiB will now be split into multiple chunks, which allows us to not exceed any receiving daemon
process' memory limit under otherwise normal conditions. 2 MiB was chosen as a balance between not having to
split most messages at all and making sure that the messages (and any copies made during the relaying of the
messages) do not exceed the memory limits of the receiving daemon process.
In order to prevent us from sending chunked messages to a process that doesn't support them we check for a flag
to enable this functionality during connection setup.
* inspector/remote/RemoteInspector.h:
* inspector/remote/RemoteInspectorConstants.h:
* inspector/remote/cocoa/RemoteInspectorCocoa.mm:
(Inspector::RemoteInspector::sendMessageToRemote):
(Inspector::RemoteInspector::receivedSetupMessage):
2022-02-24 Chris Dumez <cdumez@apple.com>
[Cocoa] Only clear ICU cache when time zone is changed
https://bugs.webkit.org/show_bug.cgi?id=236996
Reviewed by Yusuke Suzuki.
We used to unconditionally invalidate the VM's DateCache in VMEntryScope in order to
make sure we always used the latest time zone from the host machine (in case it changed).
This overly aggressive invalidation was causing us to repeatedly go to the disk in order
to determine the host time zone. On Cocoa ports, we now listen to the
kCFTimeZoneSystemTimeZoneDidChangeNotification notification and only invalidate the
VM's DateCache in VMEntryScope if the host time zone has actually changed since the
last time.
* runtime/JSDateMath.cpp:
(JSC::timeZoneChangeNotification):
(JSC::DateCache::DateCache):
(JSC::DateCache::resetIfNecessary):
(JSC::DateCache::reset): Deleted.
* runtime/JSDateMath.h:
* runtime/VM.h:
(JSC::VM::resetDateCacheIfNecessary):
(JSC::VM::resetDateCache): Deleted.
* runtime/VMEntryScope.cpp:
(JSC::VMEntryScope::VMEntryScope):
2022-02-24 Geza Lore <glore@igalia.com>
[JSC] Respect bytecode alignment in BytecodeRewriter
https://bugs.webkit.org/show_bug.cgi?id=237092
Reviewed by Yusuke Suzuki.
Note: This patch only affects bytecode generation on platforms which
set CPU(NEEDS_ALIGNED_ACCESS), which are ARMv7 and MIPS. On all other
platforms the generated bytecode is identical.
The previous BytecodeRewriter::removeBytecode method unconditionally
removed the given instruction, which could then break the required
alignment of subsequent wide ops. While this could be fixed by
inserting padding after the removal, all current uses of
removeBytecode are such that they constitute one half of a replace.
Instead of adding unnecessary padding, added an explicit
replaceBytecodeWithFragment method that removes the old instruction
and replaces it with the given fragment, while maintaining alignment
of the subsequent bytecode. This yields fewer nops. If removeBytecode
turns out to be necessary later, use replaceBytecodeWithFragment with
an empty fragment.
* bytecode/BytecodeGeneratorification.cpp:
(JSC::BytecodeGeneratorification::run):
* bytecode/BytecodeRewriter.h:
(JSC::BytecodeRewriter::Fragment::align):
(JSC::BytecodeRewriter::insertFragmentAfter):
(JSC::BytecodeRewriter::replaceBytecodeWithFragment):
* bytecompiler/BytecodeGeneratorBaseInlines.h:
(JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode32):
2022-02-23 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] WeakMapImpl do not need to take cellLock in visitOutputConstraints and main thread
https://bugs.webkit.org/show_bug.cgi?id=200195
Reviewed by Mark Lam.
WeakMapImpl::visitOutputConstraints is called in the constraint solver, so the main thread is stopped.
WeakMapImpl::rehash can destroy the buffer, but it is only called on either the main thread or GC finalizer. As a result,
it never happens that destroying the buffer while touching it in visitOutputConstraints. We can remove the lock guarding
this buffer.
* runtime/WeakMapImpl.cpp:
(JSC::WeakMapImpl<BucketType>::visitOutputConstraints):
* runtime/WeakMapImpl.h:
(JSC::WeakMapImpl::WeakMapImpl):
(JSC::WeakMapImpl::makeAndSetNewBuffer):
(JSC::WeakMapImpl::finishCreation): Deleted.
* runtime/WeakMapImplInlines.h:
(JSC::WeakMapImpl<WeakMapBucket>::rehash):
2022-02-23 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Adjust thread number for GC throughput
https://bugs.webkit.org/show_bug.cgi?id=237122
Reviewed by Mark Lam.
Adjust numberOfGCMarkers from 4 to 3 to make GC and main thread througput better on M1 macOS.
3 makes sense since there is also a main thread when they are running concurrently to the
main thread.
It offers 1.2% improvement in Speedometer2 in M1Max MBP and 0.4% improvement in M1 MBP.
----------------------------------------------------------------------------------------------------------------------------------
| subtest | ms | ms | b / a | pValue (significance using False Discovery Rate) |
----------------------------------------------------------------------------------------------------------------------------------
| Elm-TodoMVC |107.445000 |102.856667 |0.957296 | 0.000000 (significant) |
| VueJS-TodoMVC |21.571667 |21.805000 |1.010817 | 0.403054 |
| EmberJS-TodoMVC |113.320000 |111.300000 |0.982174 | 0.000027 (significant) |
| BackboneJS-TodoMVC |39.981667 |39.318333 |0.983409 | 0.002346 (significant) |
| Preact-TodoMVC |15.516667 |15.648333 |1.008485 | 0.544754 |
| AngularJS-TodoMVC |117.010000 |115.346667 |0.985785 | 0.000495 (significant) |
| Vanilla-ES2015-TodoMVC |57.790000 |57.176667 |0.989387 | 0.000270 (significant) |
| Inferno-TodoMVC |55.275000 |53.755000 |0.972501 | 0.000000 (significant) |
| Flight-TodoMVC |53.875000 |53.941667 |1.001237 | 0.739556 |
| Angular2-TypeScript-TodoMVC |36.600000 |36.471667 |0.996494 | 0.743761 |
| VanillaJS-TodoMVC |48.058333 |47.671667 |0.991954 | 0.158193 |
| jQuery-TodoMVC |203.433333 |201.878333 |0.992356 | 0.009271 (significant) |
| EmberJS-Debug-TodoMVC |325.058333 |319.848333 |0.983972 | 0.000003 (significant) |
| React-TodoMVC |80.533333 |79.281667 |0.984458 | 0.000011 (significant) |
| React-Redux-TodoMVC |134.738333 |131.801667 |0.978205 | 0.000000 (significant) |
| Vanilla-ES2015-Babel-Webpack-TodoMVC |56.780000 |56.168333 |0.989227 | 0.000514 (significant) |
----------------------------------------------------------------------------------------------------------------------------------
a mean = 293.86568
b mean = 297.52900
pValue = 0.0266899465
(Bigger means are better.)
1.012 times better
Results ARE significant
* runtime/Options.cpp:
(JSC::overrideDefaults):
2022-02-23 Adrian Perez de Castro <aperez@igalia.com>
Ensure generated inline assembler that setups segments returns to previous state
https://bugs.webkit.org/show_bug.cgi?id=236976
Reviewed by Yusuke Suzuki.
Use .previous in inline assembler in order to ensure that mixed emission of assembler
functions and other definitions correctly puts each of them in their rightful sections
in the output object code.
* assembler/MacroAssemblerARM64.cpp:
* assembler/MacroAssemblerARMv7.cpp:
* assembler/MacroAssemblerMIPS.cpp:
* assembler/MacroAssemblerX86Common.cpp:
2022-02-22 Chris Dumez <cdumez@apple.com>
Add a URL constructor that takes a String
https://bugs.webkit.org/show_bug.cgi?id=237068
Reviewed by Darin Adler.
Adopt the new `URL(const String&)` constructor.
* API/JSAPIGlobalObject.mm:
(JSC::computeValidImportSpecifier):
2022-02-22 Alexander Kanavin <alex@linutronix.de>
When building introspection files, add CMAKE_C_FLAGS to the compiler flags.
https://bugs.webkit.org/show_bug.cgi?id=232936
Reviewed by Michael Catanzaro.
g-ir-compiler is using a C compiler internally, so it needs to set
the proper flags for it.
* PlatformGTK.cmake:
2022-02-22 Asumu Takikawa <asumu@igalia.com>
Initial support for Wasm/ESM-integration in the WebCore module loader
https://bugs.webkit.org/show_bug.cgi?id=236268
Reviewed by Yusuke Suzuki.
Adjust WebAssemblySourceProvider to inherit from a new abstract base
class that exposes the data as a pointer and size, to allow
implementations other than a Vector. Also add initialization
and cleanup methods managed by RAII class.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* parser/SourceProvider.cpp:
(JSC::BaseWebAssemblySourceProvider::BaseWebAssemblySourceProvider):
* parser/SourceProvider.h:
(JSC::BaseWebAssemblySourceProvider::lockUnderlyingBuffer):
(JSC::BaseWebAssemblySourceProvider::unlockUnderlyingBuffer):
(JSC::WebAssemblySourceProviderBufferGuard::WebAssemblySourceProviderBufferGuard):
(JSC::WebAssemblySourceProviderBufferGuard::~WebAssemblySourceProviderBufferGuard):
* runtime/CachedTypes.cpp:
(JSC::CachedWebAssemblySourceProvider::encode):
* tools/JSDollarVM.cpp:
* wasm/js/JSWebAssemblyHelpers.h:
(JSC::getWasmBufferFromValue):
(JSC::createSourceBufferFromValue):
2022-02-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] ShadowRealm JSRemoteFunction creation should convert CopyNameAndLength errors to TypeError
https://bugs.webkit.org/show_bug.cgi?id=237007
Reviewed by Alexey Shvayka.
1. Rename JSRemoteFunction::create to tryCreate since it can throw an error.
2. Passing JSGlobalObject* as a first parameter to JSRemoteFunction::tryCreate since it can throw an error.
3. Extract CopyNameAndLength part and convert errors to TypeError as specified.
* jit/JITOperations.cpp:
(JSC::getWrappedValue):
(JSC::JSC_DEFINE_JIT_OPERATION):
* runtime/JSRemoteFunction.cpp:
(JSC::wrapValue):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSRemoteFunction::tryCreate):
(JSC::JSRemoteFunction::copyNameAndLength):
(JSC::JSRemoteFunction::finishCreation):
(JSC::JSRemoteFunction::create): Deleted.
* runtime/JSRemoteFunction.h:
2022-02-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] TypeError from JSRemoteFunction should be generated by JSRemoteFunction's JSGlobalObject
https://bugs.webkit.org/show_bug.cgi?id=237013
Reviewed by Saam Barati.
Our unwinding converts any errors inside JSRemoteFunction to TypeError. At that time, we should
use JSRemoteFunction's JSGlobalObject for this type error.
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator() const):
(JSC::sanitizeRemoteFunctionException):
(JSC::Interpreter::unwind):
2022-02-21 Robin Morisset <rmorisset@apple.com>
[JSC] Format the output of --reportTotalPhaseTimes=1 more nicely
https://bugs.webkit.org/show_bug.cgi?id=237005
Reviewed by Saam Barati.
Before this patch:
[B3] moveConstants total ms: 64.307583 max ms: 1.703167
[B3] lowerToAir total ms: 151.297782 max ms: 5.426375
[B3] generateToAir total ms: 1623.987166 max ms: 92.826750
[B3] simplifyCFG total ms: 11.760463 max ms: 1.088083
[B3] Air::lowerMacros total ms: 5.975679 max ms: 0.382000
After this patch:
total ms: 66.328 max ms: 2.283 [B3] moveConstants
total ms: 148.097 max ms: 5.361 [B3] lowerToAir
total ms: 1619.115 max ms: 96.307 [Total B3] generateToAir
total ms: 11.959 max ms: 1.185 [Air] simplifyCFG
total ms: 6.519 max ms: 0.697 [Air] Air::lowerMacros
Concretely there are two changes:
- use FixedWidthDouble (also introduced to WTF in this patch) to line-up the total times.
This makes it possible to see at a glance which phases are worth optimizing and which aren't.
- Tag phases more precisely, and in particular replace [B3] by [Air] where relevant,
and give different tags to measurements that correspond to groups of phases instead of a single phase (e.g. generateToAir).
* JavaScriptCore.xcodeproj/project.pbxproj:
* b3/B3Compile.cpp:
(JSC::B3::compile):
* b3/B3FixSSA.cpp:
* b3/B3Generate.cpp:
(JSC::B3::prepareForGeneration):
(JSC::B3::generateToAir):
* b3/B3PhaseScope.cpp:
(JSC::B3::PhaseScope::PhaseScope):
* b3/B3PhaseScope.h:
* b3/B3TimingScope.h: Removed.
(JSC::B3::TimingScope::TimingScope): Deleted.
* b3/B3VariableLiveness.cpp:
(JSC::B3::VariableLiveness::VariableLiveness):
* b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp:
(JSC::B3::Air::GenerateAndAllocateRegisters::generate):
* b3/air/AirAllocateRegistersAndStackByLinearScan.cpp:
* b3/air/AirGenerate.cpp:
(JSC::B3::Air::prepareForGeneration):
(JSC::B3::Air::generateWithAlreadyAllocatedRegisters):
* b3/air/AirLiveness.h:
(JSC::B3::Air::Liveness::Liveness):
* b3/air/AirPhaseScope.cpp:
(JSC::B3::Air::PhaseScope::PhaseScope):
* b3/air/AirPhaseScope.h:
* tools/CompilerTimingScope.cpp:
2022-02-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Fix ShadowRealm unwinding
https://bugs.webkit.org/show_bug.cgi?id=237001
Reviewed by Saam Barati.
This patch fixes a crash bug found by test262. Regardless of it is RemoteFunction,
we should handle it as the same way to the other normal host functions except
for setting m_seenRemoteFunction = true flag. Previously, we are early returning,
this is wrong since we should stop unwinding if the caller is entry frame.
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::operator() const):
2022-02-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Temporal.PlainDate should validate input range
https://bugs.webkit.org/show_bug.cgi?id=236936
Reviewed by Darin Adler.
Implement https://tc39.es/proposal-temporal/#sec-temporal-isodatetimewithinlimits check in
PlainDate to validate input range. For example, 0x7fffffff year should be rejected since
it is larger than ECMAScript datetime representation value. This is checked via ISODateTimeWithinLimits
in the spec.
We also remove isValid assertions in ExactTime. This should not be checked in these accessors, rather,
we should call that function when we would like to check, since PlainDate can represent a bit smaller
value than ExactTime's minValue (minValue - nsPerDay).
We also extend ExactTime::fromISOPartsAndOffset to handle values via Int128 to accept int32_t range years.
By using Int128 for nanoseconds, we can even represent int32_t max / min years. And we remove
`ASSERT(y >= -999999 && y <= 999999)` check since this is not necessary.
* runtime/ISO8601.cpp:
(JSC::ISO8601::ExactTime::fromISOPartsAndOffset):
(JSC::ISO8601::isDateTimeWithinLimits):
* runtime/ISO8601.h:
(JSC::ISO8601::ExactTime::ExactTime): Deleted.
(JSC::ISO8601::ExactTime::fromEpochSeconds): Deleted.
(JSC::ISO8601::ExactTime::fromEpochMilliseconds): Deleted.
(JSC::ISO8601::ExactTime::fromEpochMicroseconds): Deleted.
(JSC::ISO8601::ExactTime::epochSeconds const): Deleted.
(JSC::ISO8601::ExactTime::epochMilliseconds const): Deleted.
(JSC::ISO8601::ExactTime::epochMicroseconds const): Deleted.
(JSC::ISO8601::ExactTime::epochNanoseconds const): Deleted.
(JSC::ISO8601::ExactTime::nanosecondsFraction const): Deleted.
(JSC::ISO8601::ExactTime::asString const): Deleted.
(JSC::ISO8601::ExactTime::isValid const): Deleted.
(JSC::ISO8601::ExactTime::operator< const): Deleted.
(JSC::ISO8601::ExactTime::operator<= const): Deleted.
(JSC::ISO8601::ExactTime::operator== const): Deleted.
(JSC::ISO8601::ExactTime::operator!= const): Deleted.
(JSC::ISO8601::ExactTime::operator>= const): Deleted.
(JSC::ISO8601::ExactTime::operator> const): Deleted.
* runtime/TemporalPlainDate.cpp:
(JSC::toPlainDate):
== Rolled over to ChangeLog-2022-02-22 ==