Google Git
Sign in
chromium / external / github.com / WebKit / webkit / d6d1978eae80cffb36c29a37360db3c2a370efb9 / . / Source / JavaScriptCore / ChangeLog
blob: e3fc49235a86110497811b6a2e6e40c906f8861f [file] [log] [blame]
2022-03-26 Yusuke Suzuki <ysuzuki@apple.com>
Use static_assert instead of COMPILE_ASSERT
https://bugs.webkit.org/show_bug.cgi?id=238417
Reviewed by Mark Lam.
* assembler/ARM64Assembler.h:
* assembler/ARMv7Assembler.h:
* assembler/MacroAssemblerX86Common.h:
* bytecode/Opcode.h:
* bytecode/VirtualRegister.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
* inspector/InspectorProtocolTypes.h:
(Inspector::Protocol::BindingTraits<JSON::ArrayOf<T>>::runtimeCast):
* inspector/scripts/codegen/cpp_generator_templates.py:
* inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
* inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/expected/definitions-with-mac-platform.json-result:
* inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
* inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
* inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
* inspector/scripts/tests/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
* inspector/scripts/tests/expected/type-with-open-parameters.json-result:
* jit/FPRInfo.h:
* jit/GPRInfo.h:
* parser/Parser.h:
* runtime/JSCell.cpp:
* runtime/JSObject.h:
* runtime/SmallStrings.cpp:
(JSC::SmallStrings::SmallStrings):
* runtime/Structure.h:
(JSC::Structure::outOfLineCapacity):
* yarr/YarrInterpreter.cpp:
2022-03-26 Yusuke Suzuki <ysuzuki@apple.com>
Use unary static_assert
https://bugs.webkit.org/show_bug.cgi?id=238412
Reviewed by Mark Lam.
Replace `static_assert(..., "");` with `static_assert(...);`
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::relinkJumpOrCall):
* assembler/AssemblerBuffer.h:
(JSC::AssemblerBuffer::putIntegralUnchecked):
* assembler/MacroAssemblerCodeRef.h:
* bytecode/AdaptiveInferredPropertyValueWatchpointBase.h:
* bytecode/ArrayProfile.h:
* bytecode/CodeBlockHash.cpp:
(JSC::CodeBlockHash::CodeBlockHash):
* bytecode/ParseHash.cpp:
(JSC::ParseHash::ParseHash):
* bytecode/Watchpoint.h:
* dfg/DFGNode.h:
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGSpeculativeJIT.cpp:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileArrayPush):
* jit/RegisterSet.cpp:
(JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
(JSC::RegisterSet::dfgCalleeSaveRegisters):
(JSC::RegisterSet::ftlCalleeSaveRegisters):
* runtime/CachedBytecode.cpp:
(JSC::CachedBytecode::commitUpdates const):
* runtime/ClonedArguments.h:
* runtime/DirectArguments.h:
* runtime/DirectEvalExecutable.h:
* runtime/ErrorConstructor.h:
* runtime/IndirectEvalExecutable.h:
* runtime/JSArrayBufferView.cpp:
* runtime/JSBoundFunction.h:
* runtime/JSLexicalEnvironment.h:
(JSC::JSLexicalEnvironment::subspaceFor):
* runtime/JSString.cpp:
(JSC::JSRopeString::RopeBuilder<RecordOverflow>::expand):
* runtime/JSString.h:
* runtime/NativeFunction.h:
* runtime/Operations.h:
(JSC::jsString):
* runtime/RegExpObject.h:
* runtime/ScopedArguments.h:
* runtime/ScopedArgumentsTable.cpp:
* runtime/TypedArrayAdaptors.h:
(JSC::IntegralTypedArrayAdaptor::toJSValue):
* runtime/TypedArrayType.h:
* runtime/WeakMapImpl.h:
* wasm/WasmAirIRGenerator.cpp:
(JSC::Wasm::AirIRGenerator::addCallIndirect):
(JSC::Wasm::AirIRGenerator::emitChecksForModOrDiv):
(JSC::Wasm::AirIRGenerator::emitModOrDiv):
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::DisjunctionContext::allocationSize):
(JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::allocationSize):
2022-03-26 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Include argumentRegisters in identity of SlowPathCallKey when clobberAllRegsInFTLICSlowPath is enabled
https://bugs.webkit.org/show_bug.cgi?id=238411
Reviewed by Mark Lam.
While SlowPathCallKey includes argumentRegisters, it is not used for its identity check. But this argumentRegisters
is effectual on the resulting code in FTLThunks if Options::clobberAllRegsInFTLICSlowPath is set. This causes
x64 Debug JSC test failures after enabling DataIC because the same FTLThunks should not be picked for different
argument registers when Options::clobberAllRegsInFTLICSlowPath is true.
However, always including argumentRegisters in the identity check will cause a code size regression since we will
lose a chance to duplicate thunks when argumentRegisters is ineffectual. Note that Options::clobberAllRegsInFTLICSlowPath
is only set for debugging use cases. Hence, argumentRegisters is normally not effectual.
In this patch, we include argumentRegisters in SlowPathCallKey's identity check only when Options::clobberAllRegsInFTLICSlowPath
is set. And we also refactor SlowPathCallKey to reduce size of it from 40 to 24.
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerCodeRef.h:
(JSC::CFunctionPtr::CFunctionPtr):
(JSC::FunctionPtr::FunctionPtr):
* ftl/FTLSlowPathCall.cpp:
(JSC::FTL::SlowPathCallContext::keyWithTarget const):
* ftl/FTLSlowPathCallKey.cpp:
(JSC::FTL::SlowPathCallKey::dump const):
* ftl/FTLSlowPathCallKey.h:
(JSC::FTL::SlowPathCallKey::SlowPathCallKey):
(JSC::FTL::SlowPathCallKey::callTarget const):
(JSC::FTL::SlowPathCallKey::usedRegisters const):
(JSC::FTL::SlowPathCallKey::argumentRegistersIfClobberingCheckIsEnabled const):
(JSC::FTL::SlowPathCallKey::indirectOffset const):
(JSC::FTL::SlowPathCallKey::withCallTarget):
(JSC::FTL::SlowPathCallKey::isEmptyValue const):
(JSC::FTL::SlowPathCallKey::isDeletedValue const):
(JSC::FTL::SlowPathCallKey::operator== const):
(JSC::FTL::SlowPathCallKey::hash const):
(JSC::FTL::SlowPathCallKey::argumentRegisters const): Deleted.
* ftl/FTLThunks.cpp:
(JSC::FTL::registerClobberCheck):
(JSC::FTL::slowPathCallThunkGenerator):
* jit/HashableRegisterSet.h: Removed.
* jit/RegisterSet.h:
(JSC::RegisterSetHash::hash):
(JSC::RegisterSetHash::equal):
2022-03-25 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Clean up DataIC polymorphic call code for OptimizingCallLinkInfo
https://bugs.webkit.org/show_bug.cgi?id=238395
Reviewed by Saam Barati.
When using DataIC, return address is already appropriate in non-tail call case
in polymorphic call stub code. This patch cleans up the code to align it to
DataIC BaselineCallLinkInfo.
* bytecode/Repatch.cpp:
(JSC::linkPolymorphicCall):
2022-03-25 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r291745.
https://bugs.webkit.org/show_bug.cgi?id=238399
JSC debug test failures
Reverted changeset:
"[JSC] Add DoNotHaveTagRegisters mode to unboxDouble"
https://bugs.webkit.org/show_bug.cgi?id=238018
https://commits.webkit.org/r291745
2022-03-24 Justin Michaud <justin_michaud@apple.com>
AI should not set the structure for ObjectCreate
https://bugs.webkit.org/show_bug.cgi?id=238349
Reviewed by Saam Barati and Yusuke Suzuki.
The AbstractInterpreter should not set the structure for ObjectCreate because it might change by
the time the constant folding phase runs if the structure cache is cleared.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2022-03-25 Wenson Hsieh <wenson_hsieh@apple.com>
Enable PGO when building for release and production
https://bugs.webkit.org/show_bug.cgi?id=238119
rdar://90182309
Reviewed by Alexey Proskuryakov and Geoff Garen.
See WebCore/ChangeLog for more information.
* Configurations/Base.xcconfig:
* Configurations/JavaScriptCore.xcconfig:
* JavaScriptCore.xcodeproj/project.pbxproj:
2022-03-24 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use Data CallIC in unlinked DFG
https://bugs.webkit.org/show_bug.cgi?id=238176
Reviewed by Saam Barati.
This patch enables Data CallIC when Options::useDataICInOptimizingJIT() is true
to pave the way to introducing unlinked DFG.
The most complicated part is DFG tail call handling. We load CallLinkInfo in one
non-callee-save register, and we set up CallFrameShuffleData to keep this value
in the same register even after call frame shuffling for the tail call. This must
be non-callee-save register since callee-save registers are restored to values
of the one-level upper caller for the tail-call.
We also clean up CallLinkInfo code so that many functions work well with DataIC.
Currently, direct calls are not supported, and we will not emit direct calls when
unlinked DFG is used.
* bytecode/AccessCase.cpp:
(JSC::AccessCase::generateImpl):
* bytecode/CallLinkInfo.cpp:
(JSC::BaselineCallLinkInfo::initialize):
(JSC::OptimizingCallLinkInfo::emitFastPath):
(JSC::OptimizingCallLinkInfo::emitTailCallFastPath):
(JSC::OptimizingCallLinkInfo::slowPathStart):
(JSC::OptimizingCallLinkInfo::emitDirectFastPath):
(JSC::OptimizingCallLinkInfo::emitDirectTailCallFastPath):
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::isDataIC const):
(JSC::CallLinkInfo::useDataIC const):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::setUsesDataICs): Deleted.
* bytecode/Repatch.cpp:
(JSC::linkPolymorphicCall):
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::addCallLinkInfo):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::prepareForTailCallSlow):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
2022-03-25 Keith Miller <keith_miller@apple.com>
Remove unused JITOperation, operationTryOSREnterAtCatch.
https://bugs.webkit.org/show_bug.cgi?id=238379
Reviewed by Mark Lam.
* jit/JITOperations.cpp:
* jit/JITOperations.h:
2022-03-25 Chris Dumez <cdumez@apple.com>
Start preparing WebCore for making the String(const char*) constructor explicit
https://bugs.webkit.org/show_bug.cgi?id=238336
Reviewed by Geoffrey Garen.
Start preparing WebCore for making the String(const char*) constructor explicit.
Making this constructor explicit helps catch at compile time cases where the ""_s
prefix is missing on String literals.
* API/JSValue.mm:
(createStructHandlerMap):
(handerForStructTag):
* API/JSWrapperMap.mm:
(allocateConstructorForCustomClass):
* inspector/agents/InspectorAuditAgent.cpp:
(Inspector::InspectorAuditAgent::run):
2022-03-25 Diego Pino Garcia <dpino@igalia.com>
Unreviewed, fix non-unified build after r291779
* wasm/WasmExceptionType.h:
2022-03-24 Don Olmstead <don.olmstead@sony.com>
Non-unified build fixes, late March 2022 edition
https://bugs.webkit.org/show_bug.cgi?id=238358
Unreviewed non-unified build fixes.
* bytecode/ExitKind.cpp:
* bytecode/ExitKind.h:
* heap/RootMarkReason.cpp:
* heap/RootMarkReason.h:
* runtime/CallData.h:
2022-03-24 Chris Dumez <cdumez@apple.com>
FileSystem::pathByAppendingComponent() should take in StringViews instead of Strings
https://bugs.webkit.org/show_bug.cgi?id=238344
Reviewed by Geoff Garen.
* jsc.cpp:
2022-03-24 Chris Dumez <cdumez@apple.com>
String's startsWith() / endsWith() / replace() should take in a StringView instead of a String
https://bugs.webkit.org/show_bug.cgi?id=238333
Reviewed by Geoff Garen.
* runtime/FileBasedFuzzerAgent.cpp:
(JSC::FileBasedFuzzerAgent::getPredictionInternal):
* runtime/IntlRelativeTimeFormat.cpp:
(JSC::singularUnit):
* runtime/TemporalObject.cpp:
(JSC::singularUnit):
2022-03-24 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] JSRemoteFunction thunk should materialize code-pointer
https://bugs.webkit.org/show_bug.cgi?id=238313
Reviewed by Mark Lam.
When invoking a JSRemoteFunction, we must first wrap the arguments passed to it.
The wrapping operation may trigger a GC, and GC can jettison JIT code. As a result,
even though we know that the target JSFunction has JIT code that we want to execute,
the JIT code may be jettisoned (while wrapping the arguments for it) before we get
to the call. This resulted in occasional crashes on the JSTests/stress/shadow-realm-evaluate.js test.
This patch fixes this by doing a null check on the JIT code just before calling it,
and if null (i.e. the JIT code has been jettisoned), re-materializing the JIT code
first before making the call.
* jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* jit/ThunkGenerators.cpp:
(JSC::remoteFunctionCallGenerator):
2022-03-23 Geza Lore <glore@igalia.com>
[JSC] Fix remoteFunctionCallGenerator on MIPS
https://bugs.webkit.org/show_bug.cgi?id=238274
Reviewed by Yusuke Suzuki.
Eliminate register conflict (nonArgGPR0 == regT4, which is used in
valueRegs)
* jit/ThunkGenerators.cpp:
(JSC::remoteFunctionCallGenerator):
2022-03-23 Chris Dumez <cdumez@apple.com>
Prepare JSC for making the String(const char*) constructor explicit
https://bugs.webkit.org/show_bug.cgi?id=238264
Reviewed by Geoff Garen.
Prepare JSC for making the String(const char*) constructor explicit. Making this constructor
explicit helps catch many instances where we're constructing a String from a literal but we
are missing the ""_s suffix.
* API/JSAPIGlobalObject.cpp:
* API/JSAPIGlobalObject.mm:
(JSC::computeValidImportSpecifier):
(JSC::JSAPIGlobalObject::moduleLoaderFetch):
* API/JSAPIValueWrapper.cpp:
* API/JSAPIWrapperObject.mm:
* API/JSCallbackConstructor.cpp:
* API/JSCallbackFunction.cpp:
* API/JSCallbackObject.cpp:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
* API/JSScript.mm:
(-[JSScript readCache]):
* API/JSTypedArray.cpp:
(JSObjectMakeTypedArrayWithArrayBuffer):
(JSObjectMakeTypedArrayWithArrayBufferAndOffset):
* API/JSValue.mm:
(createStructHandlerMap):
(handerForStructTag):
* API/JSWrapperMap.mm:
(allocateConstructorForCustomClass):
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunctionImpl::name):
* API/glib/JSAPIWrapperGlobalObject.cpp:
* API/glib/JSAPIWrapperObjectGLib.cpp:
* API/glib/JSCCallbackFunction.cpp:
* API/tests/JSONParseTest.cpp:
(testJSONParse):
* bindings/ScriptFunctionCall.cpp:
(Deprecated::ScriptCallArgumentHandler::appendArgument):
* bytecode/CodeBlock.cpp:
* bytecode/EvalCodeBlock.cpp:
* bytecode/ExecutableToCodeBlockEdge.cpp:
* bytecode/ExitKind.cpp:
(JSC::exitKindToString):
* bytecode/ExitKind.h:
* bytecode/FunctionCodeBlock.cpp:
* bytecode/ModuleProgramCodeBlock.cpp:
* bytecode/ProgramCodeBlock.cpp:
* bytecode/UnlinkedCodeBlock.cpp:
* bytecode/UnlinkedEvalCodeBlock.cpp:
* bytecode/UnlinkedFunctionCodeBlock.cpp:
* bytecode/UnlinkedFunctionExecutable.cpp:
* bytecode/UnlinkedModuleProgramCodeBlock.cpp:
* bytecode/UnlinkedProgramCodeBlock.cpp:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitHasPrivateBrand):
(JSC::BytecodeGenerator::emitCheckPrivateBrand):
(JSC::BytecodeGenerator::emitReturn):
* bytecompiler/NodesCodegen.cpp:
(JSC::PropertyListNode::emitSaveComputedFieldName):
(JSC::BaseDotNode::emitGetPropertyValue):
(JSC::BaseDotNode::emitPutProperty):
(JSC::PostfixNode::emitDot):
(JSC::DeleteBracketNode::emitBytecode):
(JSC::DeleteDotNode::emitBytecode):
(JSC::PrefixNode::emitDot):
(JSC::InstanceOfNode::emitBytecode):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::functionName const):
* debugger/DebuggerScope.cpp:
* heap/HeapSnapshotBuilder.cpp:
(JSC::HeapSnapshotBuilder::json):
* heap/RootMarkReason.cpp:
(JSC::rootMarkReasonDescription):
* heap/RootMarkReason.h:
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::getInternalProperties):
* inspector/JSInjectedScriptHostPrototype.cpp:
* inspector/JSJavaScriptCallFrame.cpp:
* inspector/JSJavaScriptCallFramePrototype.cpp:
* inspector/agents/InspectorAuditAgent.cpp:
(Inspector::InspectorAuditAgent::run):
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::getScriptSource):
* inspector/agents/InspectorDebuggerAgent.h:
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::getRemoteObject):
* jit/ExecutableAllocator.cpp:
(JSC::dumpJITMemory):
* jit/JITCode.cpp:
(JSC::JITCode::typeName):
* jit/JITCode.h:
* jit/JITOperations.cpp:
(JSC::getWrappedValue):
* jsc.cpp:
(toCString):
(JSC_DEFINE_HOST_FUNCTION):
(runWithOptions):
(CommandLine::parseArguments):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::handleVarargsCheckpoint):
* parser/Lexer.cpp:
(JSC::Lexer<T>::scanRegExp):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parsePrimaryExpression):
* runtime/AbstractModuleRecord.cpp:
* runtime/AggregateErrorConstructor.cpp:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayIteratorPrototype.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/AsyncFromSyncIteratorPrototype.cpp:
* runtime/AsyncFunctionConstructor.cpp:
* runtime/AsyncFunctionPrototype.cpp:
* runtime/AsyncGeneratorFunctionConstructor.cpp:
* runtime/AsyncGeneratorFunctionPrototype.cpp:
* runtime/AsyncGeneratorPrototype.cpp:
* runtime/AsyncIteratorPrototype.cpp:
* runtime/AtomicsObject.cpp:
* runtime/BigIntConstructor.cpp:
* runtime/BigIntObject.cpp:
* runtime/BigIntPrototype.cpp:
* runtime/BooleanConstructor.cpp:
* runtime/BooleanObject.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/BytecodeCacheError.cpp:
(JSC::BytecodeCacheError::StandardError::message const):
* runtime/CallData.cpp:
(JSC::call):
* runtime/CallData.h:
* runtime/ClassInfo.h:
* runtime/ClonedArguments.cpp:
* runtime/CodeCache.cpp:
(JSC::CodeCache::getUnlinkedGlobalFunctionExecutable):
* runtime/Completion.cpp:
(JSC::checkModuleSyntax):
(JSC::createSymbolForEntryPointModule):
* runtime/ConsoleObject.cpp:
* runtime/ConstructData.cpp:
(JSC::construct):
* runtime/ConstructData.h:
* runtime/CustomGetterSetter.cpp:
* runtime/DOMAttributeGetterSetter.cpp:
* runtime/DateConstructor.cpp:
* runtime/DateInstance.cpp:
* runtime/DatePrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/DirectArguments.cpp:
* runtime/Error.h:
(JSC::throwVMError):
* runtime/ErrorConstructor.cpp:
* runtime/ErrorInstance.cpp:
* runtime/ErrorPrototype.cpp:
* runtime/EvalExecutable.cpp:
* runtime/Exception.cpp:
* runtime/ExceptionHelpers.cpp:
(JSC::notAFunctionSourceAppender):
(JSC::invalidParameterInSourceAppender):
(JSC::invalidParameterInstanceofSourceAppender):
(JSC::invalidPrototypeSourceAppender):
(JSC::createTDZError):
(JSC::createInvalidPrivateNameError):
(JSC::createRedefinedPrivateNameError):
(JSC::createPrivateMethodAccessError):
(JSC::createReinstallPrivateMethodError):
* runtime/ExecutableBase.cpp:
* runtime/FinalizationRegistryConstructor.cpp:
* runtime/FinalizationRegistryPrototype.cpp:
* runtime/FunctionConstructor.cpp:
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::toStringSlow):
* runtime/FunctionPrototype.cpp:
* runtime/FunctionRareData.cpp:
* runtime/GeneratorFunctionConstructor.cpp:
* runtime/GeneratorFunctionPrototype.cpp:
* runtime/GeneratorPrototype.cpp:
* runtime/GetterSetter.cpp:
* runtime/GlobalExecutable.cpp:
* runtime/HashMapImpl.cpp:
* runtime/InternalFunction.cpp:
* runtime/IntlCollator.cpp:
(JSC::IntlCollator::initializeCollator):
* runtime/IntlCollatorConstructor.cpp:
* runtime/IntlCollatorPrototype.cpp:
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::initializeDateTimeFormat):
* runtime/IntlDateTimeFormatConstructor.cpp:
* runtime/IntlDateTimeFormatPrototype.cpp:
* runtime/IntlDisplayNames.cpp:
* runtime/IntlDisplayNamesConstructor.cpp:
* runtime/IntlDisplayNamesPrototype.cpp:
* runtime/IntlListFormat.cpp:
* runtime/IntlListFormatConstructor.cpp:
* runtime/IntlListFormatPrototype.cpp:
* runtime/IntlLocale.cpp:
(JSC::IntlLocale::initializeLocale):
* runtime/IntlLocaleConstructor.cpp:
* runtime/IntlLocalePrototype.cpp:
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::initializeNumberFormat):
* runtime/IntlNumberFormatConstructor.cpp:
* runtime/IntlNumberFormatPrototype.cpp:
* runtime/IntlObject.cpp:
(JSC::intlStringOption):
* runtime/IntlObject.h:
* runtime/IntlPluralRules.cpp:
* runtime/IntlPluralRulesConstructor.cpp:
* runtime/IntlPluralRulesPrototype.cpp:
* runtime/IntlRelativeTimeFormat.cpp:
(JSC::IntlRelativeTimeFormat::initializeRelativeTimeFormat):
* runtime/IntlRelativeTimeFormatConstructor.cpp:
* runtime/IntlRelativeTimeFormatPrototype.cpp:
* runtime/IntlSegmentIterator.cpp:
* runtime/IntlSegmentIteratorPrototype.cpp:
* runtime/IntlSegmenter.cpp:
* runtime/IntlSegmenterConstructor.cpp:
* runtime/IntlSegmenterPrototype.cpp:
* runtime/IntlSegments.cpp:
* runtime/IntlSegmentsPrototype.cpp:
* runtime/IteratorPrototype.cpp:
* runtime/JSArray.cpp:
(JSC::JSArray::tryCreateUninitializedRestricted):
* runtime/JSArrayBuffer.cpp:
* runtime/JSArrayBufferConstructor.cpp:
* runtime/JSArrayBufferPrototype.cpp:
* runtime/JSArrayBufferView.cpp:
* runtime/JSArrayIterator.cpp:
* runtime/JSAsyncFunction.cpp:
* runtime/JSAsyncGenerator.cpp:
* runtime/JSAsyncGeneratorFunction.cpp:
* runtime/JSBigInt.cpp:
(JSC::JSBigInt::parseInt):
* runtime/JSBoundFunction.cpp:
* runtime/JSCallee.cpp:
* runtime/JSCell.cpp:
(JSC::JSCell::dumpToStream):
(JSC::JSCell::className const):
* runtime/JSCell.h:
* runtime/JSCustomGetterFunction.cpp:
* runtime/JSCustomSetterFunction.cpp:
* runtime/JSDataView.cpp:
* runtime/JSDataViewPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* runtime/JSFinalizationRegistry.cpp:
(JSC::JSFinalizationRegistry::runFinalizationCleanup):
* runtime/JSFunction.cpp:
* runtime/JSGenerator.cpp:
* runtime/JSGeneratorFunction.cpp:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::create):
(JSC::JSGenericTypedArrayView<Adaptor>::validateRange):
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::speciesConstruct):
(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
* runtime/JSGlobalLexicalEnvironment.cpp:
* runtime/JSGlobalObject.cpp:
* runtime/JSImmutableButterfly.cpp:
* runtime/JSInternalPromise.cpp:
* runtime/JSInternalPromiseConstructor.cpp:
* runtime/JSInternalPromisePrototype.cpp:
* runtime/JSLexicalEnvironment.cpp:
* runtime/JSMap.cpp:
* runtime/JSMapIterator.cpp:
* runtime/JSModuleEnvironment.cpp:
* runtime/JSModuleLoader.cpp:
* runtime/JSModuleNamespaceObject.cpp:
* runtime/JSModuleRecord.cpp:
* runtime/JSNativeStdFunction.cpp:
* runtime/JSONObject.cpp:
* runtime/JSObject.cpp:
(JSC::JSObject::markAuxiliaryAndVisitOutOfLineProperties):
* runtime/JSPromise.cpp:
* runtime/JSPromiseConstructor.cpp:
* runtime/JSPromisePrototype.cpp:
* runtime/JSPropertyNameEnumerator.cpp:
* runtime/JSProxy.cpp:
* runtime/JSRemoteFunction.cpp:
(JSC::wrapArgument):
(JSC::wrapReturnValue):
(JSC::JSRemoteFunction::finishCreation):
* runtime/JSScope.cpp:
* runtime/JSScriptFetchParameters.cpp:
* runtime/JSScriptFetcher.cpp:
* runtime/JSSegmentedVariableObject.cpp:
* runtime/JSSet.cpp:
* runtime/JSSetIterator.cpp:
* runtime/JSSourceCode.cpp:
* runtime/JSString.cpp:
(JSC::JSString::dumpToStream):
* runtime/JSStringIterator.cpp:
* runtime/JSSymbolTableObject.cpp:
* runtime/JSTemplateObjectDescriptor.cpp:
* runtime/JSTypedArrayConstructors.cpp:
* runtime/JSTypedArrayPrototypes.cpp:
* runtime/JSTypedArrayViewConstructor.cpp:
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/JSTypedArrays.cpp:
* runtime/JSWeakMap.cpp:
* runtime/JSWeakObjectRef.cpp:
* runtime/JSWeakSet.cpp:
* runtime/JSWithScope.cpp:
* runtime/LiteralParser.cpp:
(JSC::LiteralParser<CharType>::parsePrimitiveValue):
* runtime/MapConstructor.cpp:
* runtime/MapIteratorPrototype.cpp:
* runtime/MapPrototype.cpp:
* runtime/MathObject.cpp:
* runtime/ModuleProgramExecutable.cpp:
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeExecutable.cpp:
* runtime/NullGetterFunction.cpp:
* runtime/NullSetterFunction.cpp:
* runtime/NumberConstructor.cpp:
* runtime/NumberObject.cpp:
* runtime/NumberPrototype.cpp:
(JSC::toStringWithRadix):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::numberToStringInternal):
(JSC::int52ToString):
* runtime/ObjectConstructor.cpp:
* runtime/ObjectPrototype.cpp:
* runtime/Operations.h:
(JSC::arithmeticBinaryOp):
(JSC::shift):
(JSC::bitwiseBinaryOp):
* runtime/ProgramExecutable.cpp:
* runtime/PropertyTable.cpp:
* runtime/ProxyConstructor.cpp:
(JSC::ProxyConstructor::finishCreation):
* runtime/ProxyObject.cpp:
* runtime/ProxyRevoke.cpp:
* runtime/ReflectObject.cpp:
* runtime/RegExp.cpp:
* runtime/RegExpCache.cpp:
(JSC::RegExpCache::ensureEmptyRegExpSlow):
* runtime/RegExpConstructor.cpp:
* runtime/RegExpObject.cpp:
* runtime/RegExpPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/RegExpStringIteratorPrototype.cpp:
* runtime/ScopedArguments.cpp:
* runtime/ScopedArgumentsTable.cpp:
* runtime/ScriptExecutable.cpp:
* runtime/SetConstructor.cpp:
* runtime/SetIteratorPrototype.cpp:
* runtime/SetPrototype.cpp:
* runtime/ShadowRealmConstructor.cpp:
* runtime/ShadowRealmObject.cpp:
* runtime/ShadowRealmPrototype.cpp:
* runtime/SparseArrayValueMap.cpp:
* runtime/StrictEvalActivation.cpp:
* runtime/StringConstructor.cpp:
* runtime/StringIteratorPrototype.cpp:
* runtime/StringObject.cpp:
* runtime/StringPrototype.cpp:
(JSC::toLocaleCase):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/Structure.cpp:
* runtime/StructureChain.cpp:
* runtime/StructureRareData.cpp:
* runtime/Symbol.cpp:
* runtime/SymbolConstructor.cpp:
* runtime/SymbolObject.cpp:
* runtime/SymbolPrototype.cpp:
* runtime/SymbolTable.cpp:
* runtime/TemporalCalendar.cpp:
* runtime/TemporalCalendarConstructor.cpp:
* runtime/TemporalCalendarPrototype.cpp:
* runtime/TemporalDuration.cpp:
(JSC::TemporalDuration::total const):
* runtime/TemporalDurationConstructor.cpp:
* runtime/TemporalDurationPrototype.cpp:
* runtime/TemporalInstant.cpp:
* runtime/TemporalInstantConstructor.cpp:
* runtime/TemporalInstantPrototype.cpp:
* runtime/TemporalNow.cpp:
* runtime/TemporalObject.cpp:
(JSC::temporalLargestUnit):
(JSC::temporalSmallestUnit):
* runtime/TemporalPlainDate.cpp:
* runtime/TemporalPlainDateConstructor.cpp:
* runtime/TemporalPlainDatePrototype.cpp:
* runtime/TemporalPlainTime.cpp:
* runtime/TemporalPlainTimeConstructor.cpp:
* runtime/TemporalPlainTimePrototype.cpp:
* runtime/TemporalTimeZone.cpp:
* runtime/TemporalTimeZoneConstructor.cpp:
* runtime/TemporalTimeZonePrototype.cpp:
* runtime/TypeProfiler.cpp:
(JSC::TypeProfiler::logTypesForTypeLocation):
* runtime/TypeSet.cpp:
(JSC::StructureShape::propertyHash):
* runtime/WeakMapConstructor.cpp:
* runtime/WeakMapPrototype.cpp:
(JSC::WeakMapPrototype::finishCreation):
* runtime/WeakObjectRefConstructor.cpp:
* runtime/WeakObjectRefPrototype.cpp:
* runtime/WeakSetConstructor.cpp:
* runtime/WeakSetPrototype.cpp:
(JSC::WeakSetPrototype::finishCreation):
* testRegExp.cpp:
* tools/FunctionAllowlist.cpp:
(JSC::FunctionAllowlist::FunctionAllowlist):
* tools/FunctionOverrides.cpp:
(JSC::initializeOverrideInfo):
* tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSC_DEFINE_HOST_FUNCTION_WITH_ATTRIBUTES):
* tools/SigillCrashAnalyzer.cpp:
(JSC::SigillCrashAnalyzer::analyze):
* tools/VMInspector.cpp:
(JSC::VMInspector::dumpRegisters):
(JSC::VMInspector::dumpCellMemoryToStream):
* wasm/WasmExceptionType.h:
(JSC::Wasm::errorMessageForExceptionType):
* wasm/WasmFormat.h:
(JSC::Wasm::typeToString):
* wasm/WasmGlobal.cpp:
(JSC::Wasm::Global::set):
* wasm/WasmLLIntPlan.cpp:
(JSC::Wasm::LLIntPlan::didCompleteCompilation):
* wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* wasm/js/JSToWasmICCallee.cpp:
* wasm/js/JSWebAssembly.cpp:
* wasm/js/JSWebAssemblyException.cpp:
* wasm/js/JSWebAssemblyGlobal.cpp:
(JSC::JSWebAssemblyGlobal::type):
* wasm/js/JSWebAssemblyHelpers.h:
(JSC::fromJSValue):
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::createPrivateModuleKey):
(JSC::JSWebAssemblyInstance::tryCreate):
* wasm/js/JSWebAssemblyMemory.cpp:
* wasm/js/JSWebAssemblyModule.cpp:
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::type):
* wasm/js/JSWebAssemblyTag.cpp:
* wasm/js/WebAssemblyCompileErrorConstructor.cpp:
* wasm/js/WebAssemblyCompileErrorPrototype.cpp:
* wasm/js/WebAssemblyExceptionConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyExceptionPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyFunction.cpp:
* wasm/js/WebAssemblyFunctionBase.cpp:
* wasm/js/WebAssemblyGlobalConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyGlobalPrototype.cpp:
* wasm/js/WebAssemblyInstanceConstructor.cpp:
* wasm/js/WebAssemblyInstancePrototype.cpp:
* wasm/js/WebAssemblyLinkErrorConstructor.cpp:
* wasm/js/WebAssemblyLinkErrorPrototype.cpp:
* wasm/js/WebAssemblyMemoryConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyMemoryPrototype.cpp:
* wasm/js/WebAssemblyModuleConstructor.cpp:
* wasm/js/WebAssemblyModulePrototype.cpp:
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::initializeExports):
* wasm/js/WebAssemblyRuntimeErrorConstructor.cpp:
* wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:
* wasm/js/WebAssemblyTableConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* wasm/js/WebAssemblyTablePrototype.cpp:
* wasm/js/WebAssemblyTagConstructor.cpp:
* wasm/js/WebAssemblyTagPrototype.cpp:
* wasm/js/WebAssemblyWrapperFunction.cpp:
(JSC::WebAssemblyWrapperFunction::create):
* yarr/RegularExpression.cpp:
(JSC::Yarr::RegularExpression::Private::compile):
* yarr/YarrErrorCode.cpp:
(JSC::Yarr::errorMessage):
* yarr/YarrErrorCode.h:
2022-03-23 Yusuke Suzuki <ysuzuki@apple.com>
[JSC][MSVC] custom getter creation needs to include classInfo since MSVC ICF is not "safe" variant
https://bugs.webkit.org/show_bug.cgi?id=238030
Reviewed by Alexey Shvayka.
MSVC performs very aggressive ICF (identical code folding) and it even merges the identical two functions
into one even though a pointer to this function is used. This means MSVC's ICF is not "safe"[1], and custom
function weakmap is broken on MSVC since it is assuming function pointers are different for different functions.
Unfortunately, it seems that there is no attribute / annotation to prevent this behavior, so we need to workaround it.
Since JSCustomGetterFunction does separate thing based on attached DOMAttribute, we need to include const ClassInfo*
into a key of JSCustomGetterFunction weakmap to ensure that two identical functions with different const ClassInfo*
do not get the same JSCustomGetterFunction.
[1]: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/36912.pdf
* runtime/JSCustomGetterFunction.h:
* runtime/JSCustomSetterFunction.h:
* runtime/JSGlobalObject.h:
* runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::WeakCustomGetterOrSetterHash<T>::hash):
* runtime/JSObject.cpp:
(JSC::WeakCustomGetterOrSetterHashTranslator::hash):
(JSC::WeakCustomGetterOrSetterHashTranslator::equal):
(JSC::createCustomGetterFunction):
(JSC::createCustomSetterFunction):
2022-03-23 Chris Dumez <cdumez@apple.com>
Avoid unnecessary String constructor under FunctionExecutable::toStringSlow()
https://bugs.webkit.org/show_bug.cgi?id=238263
Reviewed by Darin Adler.
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::toStringSlow):
2022-03-23 Yusuke Suzuki <ysuzuki@apple.com>
Unreviewed, fix DataIC's slowPathJump handling
https://bugs.webkit.org/show_bug.cgi?id=231224
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInById):
2022-03-23 Patrick Angle <pangle@apple.com>
No breakpoints hit on github.com, and some are invalid
https://bugs.webkit.org/show_bug.cgi?id=235607
Reviewed by Yusuke Suzuki.
New test: JSTests/stress/regress-88440831.js
Added test case in: inspector/debugger/breakpoints/resolved-dump-all-pause-locations.html
Previously not all line terminations resulted in setting the `m_lineStart` to the current m_code, which meant
that the location for pause-able locations and stack traces were inaccurate when they were on a line that
terminated multi-line comments, strings, or template strings. We now always update m_lineStart when shifting for
a line terminator, instead of only when the terminator appears outside a string or comment.
* debugger/Breakpoint.cpp:
(JSC::Breakpoint::resolve):
- The existing assertions were somewhat in conflict with each other. If we permit the line number to increase,
there is no guarantee that the column number will remain the same or increase, which can now more easily occur
with multi-line strings. Instead, we should make sure that the overall offset has increased.
* parser/Lexer.cpp:
(JSC::Lexer<T>::shiftLineTerminator):
(JSC::Lexer<T>::lexWithoutClearingLineTerminator):
(JSC::Lexer<T>::scanTemplateString):
2022-03-23 Xan Lopez <xan@igalia.com>
[JSC] Add DoNotHaveTagRegisters mode to unboxDouble
https://bugs.webkit.org/show_bug.cgi?id=238018
Reviewed by Yusuke Suzuki.
Wasm cannot use unboxDouble as-is because
GPRInfo::numberTagRegister is not available. Add a
DoNotHaveTagRegister mode so we can get rid of some duplicated
code.
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::add64):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::unboxDoubleWithoutAssertions):
(JSC::AssemblyHelpers::unboxDouble):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
2022-03-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Test DFG / FTL DataIC
https://bugs.webkit.org/show_bug.cgi?id=231224
Reviewed by Saam Barati.
This patch revives DataIC in DFG and FTL, and re-enable testing to make it usable
for unlinked DFG. Currently, only x64 / ARM64 are supported.
* bytecode/InlineAccess.cpp:
(JSC::InlineAccess::isCacheableArrayLength):
(JSC::InlineAccess::isCacheableStringLength):
(JSC::InlineAccess::rewireStubAsJumpInAccess):
(JSC::InlineAccess::resetStubAsJumpInAccess):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetById):
(JSC::DFG::SpeculativeJIT::compileGetByIdFlush):
(JSC::DFG::SpeculativeJIT::compileInById):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::cachedPutById):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* jit/JITCode.h:
(JSC::JITCode::useDataIC):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::generateFastCommon):
(JSC::generateGetByIdInlineAccess):
(JSC::JITGetByIdGenerator::generateFastPath):
(JSC::JITGetByIdWithThisGenerator::generateFastPath):
(JSC::generatePutByIdInlineAccess):
(JSC::JITPutByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITPutByIdGenerator::generateFastPath):
(JSC::JITDelByValGenerator::generateFastPath):
(JSC::JITDelByIdGenerator::generateFastPath):
(JSC::JITInByValGenerator::generateFastPath):
(JSC::generateInByIdInlineAccess):
(JSC::JITInByIdGenerator::generateFastPath):
(JSC::JITInByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITInstanceOfGenerator::generateFastPath):
(JSC::JITGetByValGenerator::generateFastPath):
(JSC::JITPutByValGenerator::generateFastPath):
(JSC::JITPrivateBrandAccessGenerator::generateFastPath):
* jit/JITInlineCacheGenerator.h:
(JSC::JITInlineCacheGenerator::reportSlowPathCall):
(JSC::JITInlineCacheGenerator::slowPathBegin const):
(JSC::JITByIdGenerator::slowPathJump const):
(JSC::JITInByValGenerator::slowPathJump const):
* runtime/Options.cpp:
(JSC::Options::recomputeDependentOptions):
* runtime/OptionsList.h:
2022-03-22 Chris Dumez <cdumez@apple.com>
Use ASCIILiteral in a few more places where it is useful
https://bugs.webkit.org/show_bug.cgi?id=238235
Reviewed by Geoffrey Garen.
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::toStringSlow):
2022-03-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Change Date.parse to stop returning numbers with fractional part
https://bugs.webkit.org/show_bug.cgi?id=238050
Reviewed by Saam Barati.
Date.parse should return NaN or integer numbers[1,2]. This patch applies timeClip
to the result of Date.parse to ensure that the returned value is time value.
[1]: https://tc39.es/ecma262/multipage/numbers-and-dates.html#sec-date.parse
[2]: https://tc39.es/ecma262/multipage/numbers-and-dates.html#sec-time-values-and-time-range
* runtime/DateConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
2022-03-21 Saam Barati <sbarati@apple.com>
Fix bug in Relationship::mergeImpl
https://bugs.webkit.org/show_bug.cgi?id=238183
<rdar://89822922>
Reviewed by Yusuke Suzuki.
* dfg/DFGIntegerRangeOptimizationPhase.cpp:
2022-03-21 Saam Barati <sbarati@apple.com>
AirFixObviousSpills needs to consider a PreIndex and PostIndex as clobbering the Reg used for indexing
https://bugs.webkit.org/show_bug.cgi?id=238178
<rdar://87345895>
Reviewed by Mark Lam.
Inside AirFixObviousSpills, we run a basic alias analysis for StackSlots and
registers. For example, when we overwrite a register, we clear anything
it's aliased with. However, the way we were doing this was by looking at
each Arg that was Defd. However, this iteration was missing that
PostIndex/PreIndex mutate the register that feeds into the address Arg.
This patch fixes the issue by walking the instruction in such a way that
we visit all the Defs we care about, both Regs and StackSlots.
* b3/air/AirFixObviousSpills.cpp:
2022-03-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] ReferenceError when using extra parens in class fields
https://bugs.webkit.org/show_bug.cgi?id=236843
Reviewed by Saam Barati.
class field initializer should create its own used-variables set
to capture used variables separately from the other variables since
it becomes independent CodeBlock internally later. The current code
was wrong since,
1. Incorrectly using the current set of class-scope.
2. Incorrectly marking only the last set while parseAssignmentExpression can create a new set inside it.
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseClass):
* parser/Parser.h:
(JSC::Scope::markLastUsedVariablesSetAsCaptured):
2022-03-21 Jonathan Bedard <jbedard@apple.com>
Unreviewed, reverting r291558.
Exceeded GitHub file size limit
Reverted changeset:
"Enable PGO when building for release and production"
https://bugs.webkit.org/show_bug.cgi?id=238119
https://commits.webkit.org/r291558
2022-03-21 Wenson Hsieh <wenson_hsieh@apple.com>
Enable PGO when building for release and production
https://bugs.webkit.org/show_bug.cgi?id=238119
rdar://90182309
Reviewed by Saam Barati.
See WebCore/ChangeLog for more details.
* Configurations/Base.xcconfig:
* Configurations/JavaScriptCore.xcconfig:
* Profiling/JavaScriptCore.profdata: Added.
2022-03-18 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Further reduce # of registers used in RegExpTestInline
https://bugs.webkit.org/show_bug.cgi?id=238105
Reviewed by Saam Barati.
This patch further reduces # of registers used in RegExpTestInline.
After flushRegisters(), we can use baseGPR for any purpose.
We also remove x64 hack since we have enough registers for x64 even
if we use one callee-save register in unlinked DFG.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
2022-03-18 Devin Rousso <drousso@apple.com>
Web Inspector: REGRESSION(?): Emulate User Gesture doesn't work
https://bugs.webkit.org/show_bug.cgi?id=232584
<rdar://problem/84899576>
Reviewed by Patrick Angle.
* inspector/agents/InspectorDebuggerAgent.h:
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):
* inspector/agents/InspectorRuntimeAgent.h:
* inspector/agents/InspectorRuntimeAgent.cpp:
(Inspector::InspectorRuntimeAgent::evaluate):
(Inspector::InspectorRuntimeAgent::callFunctionOn):
Create overloads for these (protocol) methods so that we can avoid having to fetch the same
`InjectedScript` more than once (i.e. if the subclass fetches the `InjectedScript` and then
called into the baseclass, which also fetches the same `InjectedScript`).
* debugger/Debugger.h:
(JSC::Debugger::Client::debuggerWillEvaluate):
(JSC::Debugger::Client::debuggerDidEvaluate):
* debugger/Debugger.cpp:
(JSC::Debugger::evaluateBreakpointActions):
Pass along the current `JSGlobalObject` to eventually derive a relevant `WebCore::Document`.
2022-03-18 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Reduce # of registers used in RegExpTestInline to allow using unlinked DFG in x64
https://bugs.webkit.org/show_bug.cgi?id=238092
Reviewed by Michael Saboff.
This patch reduces # of registers used in RegExpTestInline implementation to make it work
well for x64 unlinked DFG since it can reduce # of registers to use one callee-save register
for constants buffer.
We also add YarrJITRegisters::validate to ensure that used registers meet the invariants in YarrJIT.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
* yarr/YarrJIT.cpp:
(JSC::Yarr::jitCompileInlinedTest):
* yarr/YarrJITRegisters.h:
(JSC::Yarr::YarrJITRegisters::validate):
(JSC::Yarr::YarrJITRegisters::YarrJITRegisters): Deleted.
2022-03-17 Keith Miller <keith_miller@apple.com>
Fix crash in Bleacher Report due to bad JSObjectRef passed to API
https://bugs.webkit.org/show_bug.cgi?id=238048
<rdar://88766464>
Reviewed by Yusuke Suzuki.
Prior to the StructureID overhaul the JSObjectGetArrayBufferByteLength would
automatically check if the JSObjectRef passed to that function was null before
short circuiting to the non-typed array return value, 0. While technically valid
since derefencing null is UB, this meant the Clang was covering up this crash.
To fix this I'm adding an app specific workaround for the time being so Bleacher
Report can fix their code to no longer pass this nullptr.
* API/JSTypedArray.cpp:
(isBleecherReport):
(JSObjectGetArrayBufferByteLength):
2022-03-17 Mikhail R. Gadelha <mikhail@igalia.com>
Unreviewed, non-unified build fix
https://bugs.webkit.org/show_bug.cgi?id=237929
* dfg/DFGCapabilities.cpp:
* jit/JITDisassembler.cpp:
* jit/JITPlan.cpp:
* llint/LLIntEntrypoint.cpp:
* runtime/FileBasedFuzzerAgentBase.cpp:
* runtime/ShadowRealmObject.cpp:
* runtime/ShadowRealmPrototype.cpp:
2022-03-16 Devin Rousso <drousso@apple.com>
Web Inspector: REGRESSION(r290720): Debugger: Step next should not behave the same as Step into
https://bugs.webkit.org/show_bug.cgi?id=237936
Reviewed by Joseph Pecoraro.
Covered by existing tests (not sure why they don't fail on EWS, but they fail locally).
* debugger/Debugger.cpp:
(JSC::Debugger::pauseIfNeeded):
Checking that the desired `CallFrame` matches the current `CallFrame` is enough to determine
whether the `Debugger` should pause for Step next and Step out, as both of those actions set
a desired `CallFrame`. We explicitly do not want to check for the `bool` flags that indicate
those actions because they have different behaviors regarding the current `CallFrame` (the
former desires the same `CallFrame` and the latter desires the parent `CallFrame`). This
patch partially reverts r290720.
2022-03-16 Angelos Oikonomopoulos <angelos@igalia.com>
MacroAssemblerARMv7: Be friendlier to DisallowMacroScratchRegisterUsage
https://bugs.webkit.org/show_bug.cgi?id=237888
Reviewed by Žan Doberšek.
Only check that we're allowed to use the scratch register at sites
where we're using it implicitly. When it's explicitly passed in by the
caller, use invalidateCachedAddressTempRegister to invalidate it
without asserting anything about m_allowScratchRegister.
Since helpers can explictly make use of addressTempRegister, an
argument can be made that this is still fragile (i.e. future changes
could run into this). The alternative would be to have the topmost caller
do fine-grained management of DisallowMacroScratchRegisterUsage,
allowing it around explicit calls to MacroAssemblerARMv7 with
scratchRegister() in the arguments and disallowing it for helpers.
As there are currently no helpers that would trip this, this patch opts
for the former approach, to make DisallowMacroScratchRegisterUsage
easier to work with (there'll be more usage of the API in an upcoming
wasm32 patch).
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::scratchRegister):
(JSC::MacroAssemblerARMv7::load32):
(JSC::MacroAssemblerARMv7::load16):
(JSC::MacroAssemblerARMv7::load16SignedExtendTo32):
(JSC::MacroAssemblerARMv7::load8):
(JSC::MacroAssemblerARMv7::load8SignedExtendTo32):
(JSC::MacroAssemblerARMv7::loadPair32):
(JSC::MacroAssemblerARMv7::move):
(JSC::MacroAssemblerARMv7::farJump):
(JSC::MacroAssemblerARMv7::setupArmAddress):
(JSC::MacroAssemblerARMv7::invalidateCachedAddressTempRegister):
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::emitFastPathImpl):
* jit/BaselineJITRegisters.h:
2022-03-15 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Add UnlinkedDFG compilation mode enum
https://bugs.webkit.org/show_bug.cgi?id=237934
Reviewed by Mark Lam.
This patch adds UnlinkedDFG compilation mode to prepare new unlinked DFG.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inliningCost):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::watchCondition):
(JSC::DFG::Graph::watchConditions):
(JSC::DFG::Graph::watchGlobalProperty):
(JSC::DFG::Graph::tryGetConstantProperty):
(JSC::DFG::Graph::tryGetConstantClosureVar):
(JSC::DFG::Graph::tryGetFoldableView):
(JSC::DFG::Graph::getRegExpPrototypeProperty):
(JSC::DFG::Graph::canOptimizeStringObjectAccess):
(JSC::DFG::Graph::canDoFastSpread):
* dfg/DFGGraph.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
* jit/JITCompilationMode.cpp:
(WTF::printInternal):
* jit/JITCompilationMode.h:
(JSC::isDFG):
(JSC::isUnlinked):
* jit/JITPlan.cpp:
(JSC::JITPlan::tier const):
(JSC::JITPlan::reportCompileTimes const):
* jit/JITPlan.h:
(JSC::JITPlan::isDFG const):
(JSC::JITPlan::isUnlinked const):
* profiler/ProfilerCompilationKind.cpp:
(WTF::printInternal):
* profiler/ProfilerCompilationKind.h:
2022-03-15 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Concurrent byteOffsetImpl should not assume non-detached array-buffer
https://bugs.webkit.org/show_bug.cgi?id=237935
Reviewed by Saam Barati.
r279707 is not enough to fix the issue since underlying ArrayBuffer can be also detached concurrently to
the compiler thread too. This patch fixes it by using dataWithoutPACValidation in the concurrent compiler
thread.
* runtime/ArrayBuffer.h:
(JSC::ArrayBufferContents::dataWithoutPACValidation const):
(JSC::ArrayBuffer::dataWithoutPACValidation):
(JSC::ArrayBuffer::dataWithoutPACValidation const):
* runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::byteOffsetImpl):
2022-03-14 Adrian Perez de Castro <aperez@igalia.com>
[GLib] Expose typed arrays in the public API
https://bugs.webkit.org/show_bug.cgi?id=197535
Reviewed by Carlos Garcia Campos.
This adds a set of new functions to operate on JSCValue objects which refer to typed
arrays in the JavaScript side of the world. Typed array values can be created with an
existing ArrayBuffer to hold the contents, in which case custom allocations are possible;
or letting JSC handle allocation. Operating on typed arrays is expected to be done on an
element-by-element basis, and in general it is recommended to use the functions dealing
with the "length" (number of elements) of typed arrays; nevertheless it is also possible
to retrieve their "size" and "offset" over the underlying ArrayBuffer, and/or retrieving
said ArrayBuffer.
* API/glib/JSCValue.cpp:
(toTypedArrayType):
(toJSCTypedArrayType):
(jsc_value_new_typed_array):
(jsc_value_new_typed_array_with_buffer):
(jsc_value_is_typed_array):
(jsc_value_typed_array_get_buffer):
(jsc_value_typed_array_get_data):
(jsc_value_typed_array_get_length):
(jsc_value_typed_array_get_offset):
(jsc_value_typed_array_get_size):
(jsc_value_typed_array_get_type):
* API/glib/JSCValue.h:
* API/glib/docs/jsc-glib-4.0-sections.txt:
2022-03-13 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Use addressTempRegister in loadValue(void *) on 32 bits
https://bugs.webkit.org/show_bug.cgi?id=237773
Reviewed by Žan Doberšek.
Instead of using one of the destination registers as an address
temporary, use addressTempRegister instead. This allows reusing
the value in addressTempRegister (with an appropriate offset) if
possible, which results in a >25% size reduction for DFGOSRExit
(JS2) on ARMv7 (though not a significant size reduction overall).
Technically, this change could be killing some address reuse that
was previously possible because loadValue was not clobbering
addressTempRegister but, if so, this seems to be balanced out for
JS2.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::BoundsNonDoubleWordOffset::within):
(JSC::MacroAssemblerARMv7::BoundsDoubleWordOffset::within):
(JSC::MacroAssemblerARMv7::loadPair32):
(JSC::MacroAssemblerARMv7::setupArmAddress):
(JSC::MacroAssemblerARMv7::absoluteAddressWithinShortOffset):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::loadPair32):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::loadValue):
2022-03-12 Tim Horton <timothy_horton@apple.com>
Adopt FALLBACK_PLATFORM_NAME in place of FALLBACK_PLATFORM
https://bugs.webkit.org/show_bug.cgi?id=237809
Reviewed by Per Arne Vollan.
* Configurations/SDKVariant.xcconfig:
2022-03-11 Adrian Perez de Castro <aperez@igalia.com>
[GLib] Expose ArrayBuffer in the public API
https://bugs.webkit.org/show_bug.cgi?id=237088
Reviewed by Carlos Garcia Campos.
This adds a set of new functions to operate on JSCValue objects which refer to array
buffers in the JS side of the world. This allows sharing chunks of memory buffers
efficiently with native code, without needing to copy nor encode data back and forth.
* API/glib/JSCValue.cpp:
(jscArrayBufferDeallocate):
(jsc_value_new_array_buffer):
(jsc_value_is_array_buffer):
(jsc_value_array_buffer_get_data):
(jsc_value_array_buffer_get_length):
* API/glib/JSCValue.h:
* API/glib/docs/jsc-glib-4.0-sections.txt:
2022-03-11 Mikhail R. Gadelha <mikhail@igalia.com>
Debug build failure after r246172: ASSERT_UNDER_CONSTEXPR_CONTEXT should work in constexpr contexts
https://bugs.webkit.org/show_bug.cgi?id=236728
Reviewed by Michael Catanzaro.
ASSERT_UNDER_CONSTEXPR_CONTEXT is calling a non-constexpr function (WTFReportAssertionFailure)
when it fails, so it cannot be used for an assert not reached.
This patch adds a new RELEASE_ASSERT_NOT_REACHED_UNDER_CONSTEXPR_CONTEXT() macro
that calls CRASH_UNDER_CONSTEXPR_CONTEXT() instead of WTFReportAssertionFailure.
No functional change.
* wasm/WasmCompilationMode.h:
(JSC::Wasm::isOSREntry):
(JSC::Wasm::isAnyBBQ):
(JSC::Wasm::isAnyOMG):
2022-03-10 Elliott Williams <emw@apple.com>
[XCBuild] Emit a discovered dependency file from offlineasm
https://bugs.webkit.org/show_bug.cgi?id=237329
Reviewed by Alexey Proskuryakov.
Xcode needs to know what files offlineasm uses and produces in order to schedule it
correctly in incremental builds. Rather than use generated xcfilelists like WebKit does
elsewhere in the project, emit a depfile from offlineasm based on the parse tree's source
files.
Discovered dependency files ("depfiles") are Makefile-formatted files which list the inputs
used to produce an output. They are emitting during the build to a temporary directory, and
ensure that subsequent incremental builds will re-run offlineasm when any of the included
sources change. This is the same mechanism clang uses to track header dependencies.
Unfortunately, the legacy build system will refuse to execute a script phase or rule that
emits a depfile. To work around this, convert the offlineasm pipeline to be based on build
rules, to be used by XCBuild only. The idea is that LowLevelInterpreter.asm is listed as a
source build file in JSCLLIntSettingsExtractor, JSCLLIntOffsetsExtractor, and
JavaScriptCore. Each target uses a build rule to generate its respective header from
LowLevelInterpreter.asm. Xcode schedules these rule executions before any clang tasks.
The legacy build system avoids executing the rules via EXCLUDED_SOURCE_FILE_NAMES, and
instead uses the existing build phases, which have "(Legacy)" in their names and are now
no-ops under XCBuild.
Aside from working around the legacy build system's limitations, using build rules is
probably a superior way to express what we're doing, as it gives Xcode the opportunity to
compile other objects in parallel, and could be easily extended to compile multiple discrete
asm files should the need arise.
* Configurations/ToolExecutable.xcconfig: Build rules are XCBuild-only.
* JavaScriptCore.xcodeproj/project.pbxproj: Add build rules, rename legacy scripts.
* offlineasm/asm.rb: Add --depfile flag.
* offlineasm/generate_offset_extractor.rb: Add --depfile flag.
* offlineasm/generate_settings_extractor.rb: Add --depfile flag.
2022-03-10 Michael Saboff <msaboff@apple.com>
Catalyst JavaScriptCore, WebCore, WebKitLegacy, and WebKit shouldn't be copied to the Secondary Path
https://bugs.webkit.org/show_bug.cgi?id=237748
Reviewed by Mark Lam.
Updated the configuration to exclude copying Catalyst build products to the secondary path.
* Configurations/Base.xcconfig:
2022-03-10 Elliott Williams <emw@apple.com>
[XCBuild] Fix GeneratedSources dependency validation errors
https://bugs.webkit.org/show_bug.cgi?id=237490
Reviewed by Alexey Proskuryakov.
Declare JSCBuiltins.cpp in DerivedSources.make. It's created by generate-js-builtins.py but
was never declared as an output.
* DerivedSources-output.xcfilelist: Autogenerated changes.
* DerivedSources.make:
2022-03-10 Chris Dumez <cdumez@apple.com>
Optimize further the passing of data across threads
https://bugs.webkit.org/show_bug.cgi?id=237695
Reviewed by Geoffrey Garen.
Optimize further the passing of data across threads by leveraging the optimized
version of isolatedCopy() on r-value references whenever possible.
* inspector/remote/RemoteConnectionToTarget.cpp:
(Inspector::RemoteConnectionToTarget::sendMessageToTarget):
* inspector/remote/RemoteConnectionToTarget.h:
* inspector/remote/RemoteControllableTarget.h:
* jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
* runtime/JSGlobalObjectDebuggable.cpp:
(JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemote):
* runtime/JSGlobalObjectDebuggable.h:
* tools/FunctionOverrides.cpp:
(JSC::FunctionOverrides::initializeOverrideFor):
2022-03-08 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK][WPE] Web Inspector: make it possible to use the remote inspector from other browsers
https://bugs.webkit.org/show_bug.cgi?id=237601
Reviewed by Michael Catanzaro.
Make it possible to start the inspector server with 0 port, meaning any free one will be used.
* inspector/remote/glib/RemoteInspectorServer.cpp:
(Inspector::RemoteInspectorServer::start): Pass the effective address to g_socket_listener_add_address and get the port.
* inspector/remote/glib/RemoteInspectorServer.h:
(Inspector::RemoteInspectorServer::port const): Return the port the server is listening to.
2022-03-09 Saam Barati <sbarati@apple.com>
Limit WK_XCODE_SUPPORTS_LTO in JavaScriptCore based on target OS
https://bugs.webkit.org/show_bug.cgi?id=237682
Reviewed by Alexey Proskuryakov.
* Configurations/Base.xcconfig:
* Configurations/WebKitTargetConditionals.xcconfig:
2022-03-09 Carlos Garcia Campos <cgarcia@igalia.com>
[GTK][WPE] Stop using the env var WEBKIT_INSPECTOR_SERVER to connect to the inspector
https://bugs.webkit.org/show_bug.cgi?id=237646
Reviewed by Adrian Perez de Castro.
Add RemoteInspector::s_inspectorServerAddress to keep the remote inspector server address instead of the
environment variable used to start the server.
* inspector/remote/RemoteInspector.h:
* inspector/remote/glib/RemoteInspectorGlib.cpp:
(Inspector::RemoteInspector::RemoteInspector): Only call start if s_inspectorServerAddress is not null.
(Inspector::RemoteInspector::start): Use s_inspectorServerAddress instead of querying the environment.
2022-03-08 Robin Morisset <rmorisset@apple.com>
[WTF] LikelyDenseUnsignedIntegerSet::add can cause a reindexing of the entire bit vector with every call in the worst case
https://bugs.webkit.org/show_bug.cgi?id=236997
Reviewed by Saam Barati.
Just make it a little bit easier to change the number of stack slots in testZDefOfSpillSlotWithOffsetNeedingToBeMaterializedInARegister.
* b3/air/testair.cpp:
2022-03-08 Robin Morisset <rmorisset@apple.com>
Enable tier-up in loops created by recursive tail call optimizations.
https://bugs.webkit.org/show_bug.cgi?id=178389
Reviewed by Saam Barati.
Made the recursive tail call optimization only run in FTL mode, since it is a significant progression on TailBench.
Also some trivial refactoring of handleRecursiveTailCall.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
2022-03-08 Saam Barati <sbarati@apple.com>
[JSC] Enable ThinLTO
https://bugs.webkit.org/show_bug.cgi?id=229019
<rdar://problem/82107543>
Reviewed by Mark Lam.
It's a 1% speedup on Speedometer2 across x86 and arm64, and 0.5-1% speedup on
JetStream2 depending on the device.
* Configurations/Base.xcconfig:
2022-03-08 Chris Dumez <cdumez@apple.com>
Unreviewed, reverting r290975.
Broke the build for some configurations
Reverted changeset:
"[XCBuild] Emit a discovered dependency file from offlineasm"
https://bugs.webkit.org/show_bug.cgi?id=237329
https://commits.webkit.org/r290975
2022-03-08 Mark Lam <mark.lam@apple.com>
Remove invalid ASSERT in LocaleIDBuilder::overrideLanguageScriptRegion().
https://bugs.webkit.org/show_bug.cgi?id=237573
<rdar://problem/83326232>
Reviewed by Yusuke Suzuki.
The ASSERT(length) in LocaleIDBuilder::overrideLanguageScriptRegion() is simply
incorrect. The length can be 0 if uloc_forLanguageTag returns a 0 length in
localeIDBufferForLanguageTagWithNullTerminator(). LocaleIDBuilder::overrideLanguageScriptRegion()
already handles this scenario correctly. We just need to remove this incorrect ASSERT.
Also verified that we're producing the same result on the attached test case as
Chrome and Firefox produces.
* runtime/IntlObject.cpp:
(JSC::localeIDBufferForLanguageTagWithNullTerminator):
2022-03-07 Elliott Williams <emw@apple.com>
[XCBuild] Emit a discovered dependency file from offlineasm
https://bugs.webkit.org/show_bug.cgi?id=237329
Reviewed by Keith Miller.
Xcode needs to know what files offlineasm uses and produces in order to schedule it
correctly in incremental builds. Rather than use generated xcfilelists like WebKit does
elsewhere in the project, emit a depfile from offlineasm based on the parse tree's source
files.
Discovered dependency files ("depfiles") are Makefile-formatted files which list the inputs
used to produce an output. They are emitting during the build to a temporary directory, and
ensure that subsequent incremental builds will re-run offlineasm when any of the included
sources change. This is the same mechanism clang uses to track header dependencies.
Unfortunately, the legacy build system will refuse to execute a script phase or rule that
emits a depfile. To work around this, convert the offlineasm pipeline to be based on build
rules, to be used by XCBuild only. The idea is that LowLevelInterpreter.asm is listed as a
source build file in JSCLLIntSettingsExtractor, JSCLLIntOffsetsExtractor, and
JavaScriptCore. Each target uses a build rule to generate its respective header from
LowLevelInterpreter.asm. Xcode schedules these rule executions before any clang tasks.
The legacy build system avoids executing the rules via EXCLUDED_SOURCE_FILE_NAMES, and
instead uses the existing build phases, which have "(Legacy)" in their names and are now
no-ops under XCBuild.
Aside from working around the legacy build system's limitations, using build rules is
probably a superior way to express what we're doing, as it gives Xcode the opportunity to
compile other objects in parallel, and could be easily extended to compile multiple discrete
asm files should the need arise.
* Configurations/ToolExecutable.xcconfig: Build rules are XCBuild-only.
* JavaScriptCore.xcodeproj/project.pbxproj: Add build rules, rename legacy scripts.
* offlineasm/asm.rb: Add --depfile flag.
* offlineasm/generate_offset_extractor.rb: Add --depfile flag.
* offlineasm/generate_settings_extractor.rb: Add --depfile flag.
2022-03-07 Angelos Oikonomopoulos <angelos@igalia.com>
AssemblyHelpersSpoolers: use load/store pair on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=235112
Reviewed by Žan Doberšek.
Save ~1% code size for baseline JIT on JS2 by emitting load/store pair
instructions on 32-bit ARM.
* assembler/ARMv7Assembler.h:
(JSC::ARMv6Assembler::vldmia):
(JSC::ARMv7Assembler::vstmia):
* assembler/CPU.h:
(JSC::isARM):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::loadPair64):
(JSC::MacroAssemblerARMv7::storePair64):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::copyLLIntBaselineCalleeSavesFromFrameOrRegisterToEntryFrameCalleeSavesBuffer):
* jit/AssemblyHelpersSpoolers.h:
(JSC::AssemblyHelpers::LoadRegSpooler::executePair):
(JSC::AssemblyHelpers::StoreRegSpooler::executePair):
(JSC::AssemblyHelpers::CopySpooler::CopySpooler):
(JSC::AssemblyHelpers::CopySpooler::loadPair):
(JSC::AssemblyHelpers::CopySpooler::storePair):
2022-03-07 Zan Dobersek <zdobersek@igalia.com>
[JSC] Add missing CPU(RISCV64) guards in CTI thunk prologue, epilogue generators
https://bugs.webkit.org/show_bug.cgi?id=237517
Unreviewed, adding missing CPU(RISCV64) guards to the CTI thunk prologue
and epilogue generators in CCallHelpers, reusing the ARM variants of the
pair push/pop calls.
* jit/CCallHelpers.cpp:
(JSC::CCallHelpers::emitCTIThunkPrologue):
(JSC::CCallHelpers::emitCTIThunkEpilogue):
2022-03-05 Mark Lam <mark.lam@apple.com>
Fix JITOperationList::addPointers() to support JIT_OPERATION_VALIDATION_ASSERT_ENABLED.
https://bugs.webkit.org/show_bug.cgi?id=237504
<rdar://problem/89770507>
Reviewed by Saam Barati.
According to tagJSCCodePtrImpl(), we will only use an operation's validation entry
if Options::useJITCage(). Make JITOperationList::addPointers() conform to this.
* assembler/JITOperationList.cpp:
(JSC::JITOperationList::addPointers):
2022-03-05 Mark Lam <mark.lam@apple.com>
Optimize VMTraps::maybeNeedHandling().
https://bugs.webkit.org/show_bug.cgi?id=237503
Reviewed by Saam Barati.
There's no need for VMTraps::maybeNeedHandling() to mask the VMTraps bits for
events. Under normal circumstances, there are no traps firing and the traps bits
are 0 anyway. We should optimize for this and do away with the masking. Clients
who use VMTraps::maybeNeedHandling() should and current do call VMTraps::needHandling()
to get the real story on whether there are actually traps to handle or not. Hence,
the masking in VMTraps::maybeNeedHandling() is also not needed for correctness.
We know from experience that changes in RETURN_IN_EXCEPTION can have an impact on
performance. Perhaps this change can also help performance.
* runtime/ExceptionScope.h:
* runtime/VMTraps.h:
(JSC::VMTraps::maybeNeedHandling const):
2022-03-05 Mark Lam <mark.lam@apple.com>
Fix broken SuspendExceptionScope and remove redundant VM::DeferExceptionScope.
https://bugs.webkit.org/show_bug.cgi?id=237441
<rdar://problem/89769627>
Reviewed by Yusuke Suzuki.
SuspendExceptionScope was meant to do exactly the same thing that VM::DeferExceptionScope
does, except that SuspendExceptionScope hasn't been updated to handle exception
handling via VMTraps bits.
This patch will fix SuspendExceptionScope to work like VM::DeferExceptionScope,
and remove the now redundant VM::DeferExceptionScope. SuspendExceptionScope is
the better name here because the scope actually suspends any pending exception.
This is different from other Defer scopes where we prevent some new event from
arising and defer the event to a later time.
* interpreter/FrameTracers.h:
(JSC::SuspendExceptionScope::SuspendExceptionScope):
(JSC::SuspendExceptionScope::~SuspendExceptionScope):
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::notifyDebuggerOfUnwinding):
* runtime/TypeProfilerLog.cpp:
(JSC::TypeProfilerLog::processLogEntries):
* runtime/VM.h:
(JSC::VM::restorePreviousException): Deleted.
(JSC::VM::DeferExceptionScope::DeferExceptionScope): Deleted.
(JSC::VM::DeferExceptionScope::~DeferExceptionScope): Deleted.
2022-03-04 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Improve reuse of known register values on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=237424
Reviewed by Žan Doberšek.
Reduce the generated code size by introducing and pervasively using
setupArmAddress(AbsoluteAddress address, ...). This effectively
replaces sequences of e.g.
movw r6, cst1
movt r6, cst2
strd r0, r1, [r6]
with
strd r0, r1, [r6, offset]
when a close enough address is already available in r6.
While here, change short_move to only emit an add/sub if this results in an
actual reduction in code size. When the add/sub would be neutral,
prefer loading an immediate as that doesn't introduce a data dependency
between the instructions.
This results in a measurable but small (< 1%) reduction in the
generated code size on JS2.
Hat tip to Geza Lore for the suggestions.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::add32):
(JSC::MacroAssemblerARMv7::add64):
(JSC::MacroAssemblerARMv7::or8):
(JSC::MacroAssemblerARMv7::or16):
(JSC::MacroAssemblerARMv7::or32):
(JSC::MacroAssemblerARMv7::sub32):
(JSC::MacroAssemblerARMv7::load32):
(JSC::MacroAssemblerARMv7::load8):
(JSC::MacroAssemblerARMv7::load16):
(JSC::MacroAssemblerARMv7::store32):
(JSC::MacroAssemblerARMv7::store8):
(JSC::MacroAssemblerARMv7::store16):
(JSC::MacroAssemblerARMv7::storePair32):
(JSC::MacroAssemblerARMv7::short_move):
(JSC::MacroAssemblerARMv7::add32Impl):
(JSC::MacroAssemblerARMv7::branch8):
(JSC::MacroAssemblerARMv7::branchTest32):
(JSC::MacroAssemblerARMv7::branchTest8):
(JSC::MacroAssemblerARMv7::branchTest16):
(JSC::MacroAssemblerARMv7::farJump):
(JSC::MacroAssemblerARMv7::absoluteAddressWithinShortOffset):
(JSC::MacroAssemblerARMv7::setupArmAddress):
2022-03-03 Michael Saboff <msaboff@apple.com>
Copy WebKit frameworks and XPC processes to Secondary Path
https://bugs.webkit.org/show_bug.cgi?id=237394
Reviewed by Saam Barati.
Added build configuration variables and scripts to copy the built Framework to the SYSTEM_SECONDARY_CONTENT_PATH
when it is set.
* Configurations/Base.xcconfig:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Scripts/copy-frameworks-to-secondary-path.sh: Added.
2022-03-03 Tom Tartarin <tom@leaningtech.com>
[JSC] Update wasm branch hinting
https://bugs.webkit.org/show_bug.cgi?id=237411
Reviewed by Yusuke Suzuki.
Change the section's name.
Clarify semantics in the parser.
* wasm/WasmBranchHintsSectionParser.cpp:
(JSC::Wasm::BranchHintsSectionParser::parse):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseCustom):
2022-03-03 Saam Barati <sbarati@apple.com>
Add a DeferTraps scope
https://bugs.webkit.org/show_bug.cgi?id=237306
<rdar://83494949>
Reviewed by Mark Lam.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::noticeIncomingCall):
* bytecode/CodeBlock.h:
* bytecode/RepatchInlines.h:
(JSC::linkFor):
(JSC::virtualForWithFunction):
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):
* interpreter/InterpreterInlines.h:
(JSC::Interpreter::execute):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
* runtime/ExceptionScope.h:
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::installCode):
* runtime/VMTraps.cpp:
(JSC::VMTraps::handleTraps):
(JSC::VMTraps::takeTopPriorityTrap):
* runtime/VMTraps.h:
(JSC::VMTraps::needHandling const):
(JSC::VMTraps::maybeNeedHandling const):
(JSC::VMTraps::hasTrapBit):
(JSC::VMTraps::setTrapBit):
* runtime/VMTrapsInlines.h:
(JSC::DeferTraps::DeferTraps):
(JSC::DeferTraps::~DeferTraps):
2022-03-03 Adrian Perez de Castro <aperez@igalia.com>
Non-unified build fixes, early March 2022 edition
https://bugs.webkit.org/show_bug.cgi?id=237420
Unreviewed non-unified build fixes.
* llint/LLIntExceptions.h: Add forward declaration for WasmInstruction.
2022-03-02 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r290717.
https://bugs.webkit.org/show_bug.cgi?id=237409
Speedometer2
Reverted changeset:
"Add a DeferTraps scope"
https://bugs.webkit.org/show_bug.cgi?id=237306
https://commits.webkit.org/r290717
2022-03-02 Justin Michaud <justin_michaud@apple.com>
Refactor OpcodeTraits to support the possibility of having 2-byte WASM opcode ids in bytecode streams
https://bugs.webkit.org/show_bug.cgi?id=237347
The number of WASM opcodes will increase beyond 255 when WASM SIMD is implemented, and so this patch
changes OpcodeTraits to allow for the possibility of having two-byte WASM opcodes without regressing
JS. We have to thread these OpcodeTraits everywhere that they are used so that code can read the
correct value when decoding an instruction stream. This patch does not change the size of WASM opcodes
yet, although I have tested that the test suite still passes if we do increase the opcode size.
Reviewed by Keith Miller.
* bytecode/BytecodeBasicBlock.cpp:
(JSC::BytecodeBasicBlock<OpcodeTraits>::BytecodeBasicBlock):
(JSC::BytecodeBasicBlock<OpcodeTraits>::addLength):
(JSC::BytecodeBasicBlock<OpcodeTraits>::shrinkToFit):
(JSC::isJumpTarget):
(JSC::BytecodeBasicBlock<OpcodeTraits>::computeImpl):
(JSC::BytecodeBasicBlock<JSOpcodeTraits>::compute):
(JSC::BytecodeBasicBlock::BytecodeBasicBlock): Deleted.
(JSC::BytecodeBasicBlock::addLength): Deleted.
(JSC::BytecodeBasicBlock::shrinkToFit): Deleted.
(JSC::BytecodeBasicBlock::computeImpl): Deleted.
(JSC::BytecodeBasicBlock::compute): Deleted.
* bytecode/BytecodeBasicBlock.h:
(JSC::BytecodeBasicBlock::addSuccessor):
* bytecode/BytecodeDumper.cpp:
(JSC::BytecodeDumperBase<InstructionStreamType>::printLocationAndOp):
(JSC::BytecodeDumperBase<InstructionStreamType>::dumpValue):
(JSC::BytecodeDumper<Block>::outOfLineJumpOffset const):
(JSC::BytecodeDumper<Block>::dumpBytecode):
(JSC::dumpHeader):
(JSC::CodeBlockBytecodeDumper<Block>::dumpBlock):
(JSC::CodeBlockBytecodeDumper<Block>::dumpGraph):
(JSC::Wasm::BytecodeDumper::dumpBlock):
(JSC::Wasm::BytecodeDumper::registerName const):
(JSC::Wasm::BytecodeDumper::outOfLineJumpOffset const):
(JSC::BytecodeDumperBase::printLocationAndOp): Deleted.
(JSC::BytecodeDumperBase::dumpValue): Deleted.
* bytecode/BytecodeDumper.h:
* bytecode/BytecodeGeneratorification.cpp:
(JSC::BytecodeGeneratorification::BytecodeGeneratorification):
(JSC::BytecodeGeneratorification::enterPoint const):
(JSC::BytecodeGeneratorification::instructions const):
(JSC::GeneratorLivenessAnalysis::run):
(JSC::performGeneratorification):
* bytecode/BytecodeGeneratorification.h:
* bytecode/BytecodeGraph.h:
(JSC::BytecodeGraph::blockContainsBytecodeOffset):
(JSC::BytecodeGraph::findBasicBlockForBytecodeOffset):
(JSC::BytecodeGraph::findBasicBlockWithLeaderOffset):
(JSC::BytecodeGraph::at const):
(JSC::BytecodeGraph::operator[] const):
(JSC::BytecodeGraph::first):
(JSC::BytecodeGraph::last):
(JSC::BytecodeGraph::dump):
(JSC::BytecodeGraph::BytecodeGraph):
* bytecode/BytecodeLivenessAnalysis.cpp:
(JSC::BytecodeLivenessAnalysis::computeFullLiveness):
(JSC::BytecodeLivenessAnalysis::dumpResults):
* bytecode/BytecodeLivenessAnalysis.h:
* bytecode/BytecodeLivenessAnalysisInlines.h:
(JSC::BytecodeLivenessPropagation::stepOverBytecodeIndexDef):
(JSC::BytecodeLivenessPropagation::stepOverBytecodeIndexUse):
(JSC::BytecodeLivenessPropagation::stepOverBytecodeIndexUseInExceptionHandler):
(JSC::BytecodeLivenessPropagation::stepOverBytecodeIndex):
(JSC::BytecodeLivenessPropagation::stepOverInstruction):
(JSC::BytecodeLivenessPropagation::computeLocalLivenessForInstruction):
(JSC::BytecodeLivenessPropagation::computeLocalLivenessForBlock):
(JSC::BytecodeLivenessPropagation::getLivenessInfoAtInstruction):
(JSC::BytecodeLivenessPropagation::runLivenessFixpoint):
* bytecode/BytecodeRewriter.cpp:
(JSC::BytecodeRewriter::insertImpl):
(JSC::BytecodeRewriter::adjustJumpTargets):
* bytecode/BytecodeRewriter.h:
(JSC::BytecodeRewriter::InsertionPoint::InsertionPoint):
(JSC::BytecodeRewriter::Fragment::Fragment):
(JSC::BytecodeRewriter::BytecodeRewriter):
(JSC::BytecodeRewriter::insertFragmentBefore):
(JSC::BytecodeRewriter::insertFragmentAfter):
(JSC::BytecodeRewriter::replaceBytecodeWithFragment):
(JSC::BytecodeRewriter::adjustAbsoluteOffset):
(JSC::BytecodeRewriter::adjustJumpTarget):
* bytecode/BytecodeUseDef.cpp:
(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeIndex):
(JSC::computeDefsForBytecodeIndex):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::hasOpDebugForLineAndColumn):
(JSC::CodeBlock::notifyLexicalBindingUpdate):
(JSC::CodeBlock::validate):
(JSC::CodeBlock::outOfLineJumpOffset):
(JSC::CodeBlock::outOfLineJumpTarget):
(JSC::CodeBlock::binaryArithProfileForPC):
(JSC::CodeBlock::unaryArithProfileForPC):
(JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::outOfLineJumpOffset):
(JSC::CodeBlock::bytecodeOffset):
(JSC::CodeBlock::bytecodeIndex):
(JSC::CodeBlock::instructions const):
(JSC::CodeBlock::instructionAt const):
* bytecode/Instruction.h:
(JSC::BaseInstruction::opcodeID const):
(JSC::BaseInstruction::name const):
(JSC::BaseInstruction::isWide16 const):
(JSC::BaseInstruction::isWide32 const):
(JSC::BaseInstruction::width const):
(JSC::BaseInstruction::hasMetadata const):
(JSC::BaseInstruction::hasCheckpoints const):
(JSC::BaseInstruction::numberOfCheckpoints const):
(JSC::BaseInstruction::sizeShiftAmount const):
(JSC::BaseInstruction::opcodeIDWidth const):
(JSC::BaseInstruction::opcodeIDBytes const):
(JSC::BaseInstruction::size const):
(JSC::BaseInstruction::is const):
(JSC::BaseInstruction::as const):
(JSC::BaseInstruction::asKnownWidth const):
(JSC::BaseInstruction::cast):
(JSC::BaseInstruction::cast const):
(JSC::BaseInstruction::wide16 const):
(JSC::BaseInstruction::wide32 const):
* bytecode/InstructionStream.cpp:
(JSC::InstructionStream::InstructionStream): Deleted.
(JSC::InstructionStream::sizeInBytes const): Deleted.
(JSC::InstructionStream::contains const): Deleted.
* bytecode/InstructionStream.h:
(JSC::InstructionStream::sizeInBytes const):
(JSC::InstructionStream::BaseRef::operator-> const):
(JSC::InstructionStream::BaseRef::ptr const):
(JSC::InstructionStream::BaseRef::unwrap const):
(JSC::InstructionStream::MutableRef::operator->):
(JSC::InstructionStream::MutableRef::operator-> const):
(JSC::InstructionStream::MutableRef::ptr):
(JSC::InstructionStream::MutableRef::ptr const):
(JSC::InstructionStream::MutableRef::unwrap):
(JSC::InstructionStream::MutableRef::unwrap const):
(JSC::InstructionStream::iterator::operator++):
(JSC::InstructionStream::contains const):
(JSC::InstructionStream::InstructionStream):
(JSC::InstructionStreamWriter::InstructionStreamWriter):
(JSC::InstructionStreamWriter::finalize):
(JSC::InstructionStreamWriter::swap):
(JSC::InstructionStreamWriter::iterator::operator++):
* bytecode/Opcode.h:
* bytecode/OpcodeInlines.h:
(JSC::isOpcodeShape):
* bytecode/OpcodeSize.h:
* bytecode/PreciseJumpTargets.cpp:
(JSC::getJumpTargetsForInstruction):
(JSC::computePreciseJumpTargetsInternal):
(JSC::computePreciseJumpTargets):
(JSC::recomputePreciseJumpTargets):
(JSC::findJumpTargetsForInstruction):
* bytecode/PreciseJumpTargets.h:
* bytecode/PreciseJumpTargetsInlines.h:
(JSC::jumpTargetForInstruction):
(JSC::extractStoredJumpTargetsForInstruction):
(JSC::updateStoredJumpTargetsForInstruction):
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::dumpLineColumnEntry):
(JSC::UnlinkedCodeBlock::instructions const):
(JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::instructionAt const):
(JSC::UnlinkedCodeBlock::bytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets const):
(JSC::UnlinkedCodeBlock::outOfLineJumpOffset):
* bytecode/UnlinkedCodeBlockGenerator.cpp:
(JSC::UnlinkedCodeBlockGenerator::finalize):
(JSC::UnlinkedCodeBlockGenerator::applyModification):
(JSC::UnlinkedCodeBlockGenerator::addOutOfLineJumpTarget):
(JSC::UnlinkedCodeBlockGenerator::outOfLineJumpOffset):
* bytecode/UnlinkedCodeBlockGenerator.h:
(JSC::UnlinkedCodeBlockGenerator::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlockGenerator::outOfLineJumpOffset):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::instructions const):
(JSC::BytecodeGenerator::withWriter):
* bytecompiler/BytecodeGeneratorBase.h:
* bytecompiler/BytecodeGeneratorBaseInlines.h:
(JSC::BytecodeGeneratorBase<Traits>::recordOpcode):
(JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode16):
(JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode32):
* bytecompiler/StaticPropertyAnalysis.h:
(JSC::StaticPropertyAnalysis::create):
(JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
* bytecompiler/StaticPropertyAnalyzer.h:
(JSC::StaticPropertyAnalyzer::createThis):
(JSC::StaticPropertyAnalyzer::newObject):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleVarargsCall):
(JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
(JSC::DFG::ByteCodeParser::inlineCall):
(JSC::DFG::ByteCodeParser::parseGetById):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGCapabilities.h:
(JSC::DFG::capabilityLevel):
* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::callerReturnPC):
(JSC::DFG::adjustAndJumpToTarget):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileLoopHint):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* ftl/FTLOperations.cpp:
(JSC::FTL::JSC_DEFINE_JIT_OPERATION):
* generator/Argument.rb:
* generator/DSL.rb:
* generator/Opcode.rb:
* interpreter/AbstractPC.h:
* interpreter/CallFrame.cpp:
(JSC::CallFrame::currentVPC const):
(JSC::CallFrame::setCurrentVPC):
* interpreter/CallFrame.h:
* interpreter/Interpreter.cpp:
(JSC::CatchInfo::CatchInfo):
* interpreter/Interpreter.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_jless):
(JSC::JIT::emit_op_jlesseq):
(JSC::JIT::emit_op_jgreater):
(JSC::JIT::emit_op_jgreatereq):
(JSC::JIT::emit_op_jnless):
(JSC::JIT::emit_op_jnlesseq):
(JSC::JIT::emit_op_jngreater):
(JSC::JIT::emit_op_jngreatereq):
(JSC::JIT::emitSlow_op_jless):
(JSC::JIT::emitSlow_op_jlesseq):
(JSC::JIT::emitSlow_op_jgreater):
(JSC::JIT::emitSlow_op_jgreatereq):
(JSC::JIT::emitSlow_op_jnless):
(JSC::JIT::emitSlow_op_jnlesseq):
(JSC::JIT::emitSlow_op_jngreater):
(JSC::JIT::emitSlow_op_jngreatereq):
(JSC::JIT::emit_op_below):
(JSC::JIT::emit_op_beloweq):
(JSC::JIT::emit_op_jbelow):
(JSC::JIT::emit_op_jbeloweq):
(JSC::JIT::emit_op_unsigned):
(JSC::JIT::emit_compareAndJump):
(JSC::JIT::emit_compareUnsignedAndJump):
(JSC::JIT::emit_compareUnsigned):
(JSC::JIT::emit_compareAndJumpSlow):
(JSC::JIT::emit_op_inc):
(JSC::JIT::emit_op_dec):
(JSC::JIT::emit_op_mod):
(JSC::JIT::emitSlow_op_mod):
(JSC::JIT::emit_op_pow):
(JSC::JIT::emitSlow_op_pow):
(JSC::JIT::emit_op_negate):
(JSC::JIT::emitSlow_op_negate):
(JSC::JIT::emitBitBinaryOpFastPath):
(JSC::JIT::emit_op_bitnot):
(JSC::JIT::emit_op_bitand):
(JSC::JIT::emit_op_bitor):
(JSC::JIT::emit_op_bitxor):
(JSC::JIT::emit_op_lshift):
(JSC::JIT::emitRightShiftFastPath):
(JSC::JIT::emit_op_rshift):
(JSC::JIT::emit_op_urshift):
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):
(JSC::JIT::emitMathICFast):
(JSC::JIT::emitMathICSlow):
(JSC::JIT::emit_op_div):
(JSC::JIT::emit_op_mul):
(JSC::JIT::emitSlow_op_mul):
(JSC::JIT::emit_op_sub):
(JSC::JIT::emitSlow_op_sub):
* jit/JITCall.cpp:
(JSC::JIT::emit_op_ret):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emit_op_call):
(JSC::JIT::emit_op_tail_call):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_tail_call_varargs):
(JSC::JIT::emit_op_tail_call_forward_arguments):
(JSC::JIT::emit_op_construct_varargs):
(JSC::JIT::emit_op_construct):
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_tail_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_varargs):
(JSC::JIT::emitSlow_op_tail_call_forward_arguments):
(JSC::JIT::emitSlow_op_construct_varargs):
(JSC::JIT::emitSlow_op_construct):
(JSC::JIT::emit_op_iterator_open):
(JSC::JIT::emitSlow_op_iterator_open):
(JSC::JIT::emit_op_iterator_next):
(JSC::JIT::emitSlow_op_iterator_next):
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITInlines.h:
(JSC::JIT::fastPathResumePoint const):
(JSC::JIT::jumpTarget):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_mov):
(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_jmp):
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_overrides_has_instance):
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emit_op_is_empty):
(JSC::JIT::emit_op_typeof_is_undefined):
(JSC::JIT::emit_op_is_undefined_or_null):
(JSC::JIT::emit_op_is_boolean):
(JSC::JIT::emit_op_is_number):
(JSC::JIT::emit_op_is_big_int):
(JSC::JIT::emit_op_is_cell_with_type):
(JSC::JIT::emit_op_is_object):
(JSC::JIT::emit_op_to_primitive):
(JSC::JIT::emit_op_to_property_key):
(JSC::JIT::emit_op_set_function_name):
(JSC::JIT::emit_op_not):
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_jundefined_or_null):
(JSC::JIT::emit_op_jnundefined_or_null):
(JSC::JIT::emit_op_jeq_ptr):
(JSC::JIT::emit_op_jneq_ptr):
(JSC::JIT::emit_op_eq):
(JSC::JIT::emit_op_jeq):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emit_op_neq):
(JSC::JIT::emit_op_jneq):
(JSC::JIT::emit_op_throw):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emit_op_stricteq):
(JSC::JIT::emit_op_nstricteq):
(JSC::JIT::compileOpStrictEqJump):
(JSC::JIT::emit_op_jstricteq):
(JSC::JIT::emit_op_jnstricteq):
(JSC::JIT::emitSlow_op_jstricteq):
(JSC::JIT::emitSlow_op_jnstricteq):
(JSC::JIT::emit_op_to_number):
(JSC::JIT::emit_op_to_numeric):
(JSC::JIT::emit_op_to_string):
(JSC::JIT::emit_op_to_object):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_identity_with_profile):
(JSC::JIT::emit_op_get_parent_scope):
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_switch_char):
(JSC::JIT::emit_op_switch_string):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emit_op_get_scope):
(JSC::JIT::emit_op_to_this):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emit_op_check_tdz):
(JSC::JIT::emitSlow_op_eq):
(JSC::JIT::emitSlow_op_neq):
(JSC::JIT::emitSlow_op_jeq):
(JSC::JIT::emitSlow_op_jneq):
(JSC::JIT::emit_op_debug):
(JSC::JIT::emit_op_loop_hint):
(JSC::JIT::emitSlow_op_loop_hint):
(JSC::JIT::emit_op_check_traps):
(JSC::JIT::emit_op_nop):
(JSC::JIT::emit_op_super_sampler_begin):
(JSC::JIT::emit_op_super_sampler_end):
(JSC::JIT::emitSlow_op_check_traps):
(JSC::JIT::emit_op_new_regexp):
(JSC::JIT::emitNewFuncCommon):
(JSC::JIT::emit_op_new_func):
(JSC::JIT::emit_op_new_generator_func):
(JSC::JIT::emit_op_new_async_generator_func):
(JSC::JIT::emit_op_new_async_func):
(JSC::JIT::emitNewFuncExprCommon):
(JSC::JIT::emit_op_new_func_exp):
(JSC::JIT::emit_op_new_generator_func_exp):
(JSC::JIT::emit_op_new_async_func_exp):
(JSC::JIT::emit_op_new_async_generator_func_exp):
(JSC::JIT::emit_op_new_array):
(JSC::JIT::emit_op_new_array_with_size):
(JSC::JIT::emit_op_profile_type):
(JSC::JIT::emit_op_log_shadow_chicken_prologue):
(JSC::JIT::emit_op_log_shadow_chicken_tail):
(JSC::JIT::emit_op_profile_control_flow):
(JSC::JIT::emit_op_argument_count):
(JSC::JIT::emit_op_get_rest_length):
(JSC::JIT::emit_op_get_argument):
(JSC::JIT::emit_op_get_prototype_of):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_eq):
(JSC::JIT::emit_op_neq):
(JSC::JIT::emit_op_jeq):
(JSC::JIT::emit_op_jneq):
(JSC::JIT::emitSlow_op_eq):
(JSC::JIT::emitSlow_op_neq):
(JSC::JIT::emitSlow_op_jeq):
(JSC::JIT::emitSlow_op_jneq):
(JSC::JIT::emit_op_stricteq):
(JSC::JIT::emit_op_nstricteq):
(JSC::JIT::emit_op_jstricteq):
(JSC::JIT::emit_op_jnstricteq):
(JSC::JIT::emitSlow_op_jstricteq):
(JSC::JIT::emitSlow_op_jnstricteq):
* jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_get_private_name):
(JSC::JIT::emitSlow_op_get_private_name):
(JSC::JIT::emit_op_set_private_brand):
(JSC::JIT::emitSlow_op_set_private_brand):
(JSC::JIT::emit_op_check_private_brand):
(JSC::JIT::emitSlow_op_check_private_brand):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_by_val_direct):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emitSlow_op_put_private_name):
(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):
(JSC::JIT::emit_op_put_getter_setter_by_id):
(JSC::JIT::emit_op_put_getter_by_val):
(JSC::JIT::emit_op_put_setter_by_val):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emitSlow_op_del_by_id):
(JSC::JIT::emit_op_del_by_val):
(JSC::JIT::emitSlow_op_del_by_val):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id_direct):
(JSC::JIT::emitSlow_op_get_by_id_direct):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::emit_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_id):
(JSC::JIT::emit_op_in_by_val):
(JSC::JIT::emitSlow_op_in_by_val):
(JSC::JIT::emit_op_has_private_name):
(JSC::JIT::emitSlow_op_has_private_name):
(JSC::JIT::emit_op_has_private_brand):
(JSC::JIT::emitSlow_op_has_private_brand):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emit_op_get_from_arguments):
(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_get_internal_field):
(JSC::JIT::emit_op_put_internal_field):
(JSC::JIT::emit_op_get_property_enumerator):
(JSC::JIT::emit_op_enumerator_next):
(JSC::JIT::emit_op_enumerator_get_by_val):
(JSC::JIT::emitSlow_op_enumerator_get_by_val):
(JSC::JIT::emit_op_enumerator_in_by_val):
(JSC::JIT::emit_op_enumerator_has_own_property):
* llint/LLIntData.cpp:
(JSC::LLInt::initialize):
* llint/LLIntData.h:
(JSC::LLInt::exceptionInstructions):
(JSC::LLInt::wasmExceptionInstructions):
* llint/LLIntExceptions.cpp:
(JSC::LLInt::returnToThrow):
(JSC::LLInt::wasmReturnToThrow):
* llint/LLIntExceptions.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::llint_trace_operand):
(JSC::LLInt::llint_trace_value):
(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::performLLIntGetByID):
(JSC::LLInt::varargsSetup):
(JSC::LLInt::commonCallEval):
(JSC::LLInt::dispatchToNextInstructionDuringExit):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter.cpp:
(JSC::CLoopRegister::operator const JSInstruction*):
(JSC::CLoop::execute):
(JSC::CLoopRegister::operator const Instruction*): Deleted.
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* llint/WebAssembly.asm:
* runtime/CachedTypes.cpp:
(JSC::CachedInstructionStream::encode):
(JSC::CachedInstructionStream::decode const):
(JSC::CachedCodeBlock::instructions const):
* runtime/CommonSlowPaths.cpp:
(JSC::updateArithProfileForBinaryArithOp):
(JSC::iteratorOpenTryFastImpl):
(JSC::iteratorNextTryFastImpl):
* runtime/CommonSlowPaths.h:
* runtime/JSCConfig.h:
* runtime/JSCJSValue.h:
* runtime/SlowPathFunction.h:
* runtime/VM.cpp:
(JSC::VM::addLoopHintExecutionCounter):
(JSC::VM::getLoopHintExecutionCounter):
(JSC::VM::removeLoopHintExecutionCounter):
* runtime/VM.h:
* wasm/WasmCallee.cpp:
(JSC::Wasm::LLIntCallee::LLIntCallee):
(JSC::Wasm::LLIntCallee::outOfLineJumpOffset):
(JSC::Wasm::LLIntCallee::outOfLineJumpTarget):
* wasm/WasmCallee.h:
* wasm/WasmFunctionCodeBlockGenerator.cpp:
(JSC::Wasm::FunctionCodeBlockGenerator::setInstructions):
(JSC::Wasm::FunctionCodeBlockGenerator::addOutOfLineJumpTarget):
(JSC::Wasm::FunctionCodeBlockGenerator::outOfLineJumpOffset):
* wasm/WasmFunctionCodeBlockGenerator.h:
(JSC::Wasm::FunctionCodeBlockGenerator::constantRegisters const):
(JSC::Wasm::FunctionCodeBlockGenerator::instructions const):
(JSC::Wasm::FunctionCodeBlockGenerator::addJumpTarget):
(JSC::Wasm::FunctionCodeBlockGenerator::numberOfJumpTargets):
(JSC::Wasm::FunctionCodeBlockGenerator::lastJumpTarget):
(JSC::Wasm::FunctionCodeBlockGenerator::outOfLineJumpOffset):
(JSC::Wasm::FunctionCodeBlockGenerator::bytecodeOffset):
(JSC::Wasm::FunctionCodeBlockGenerator::tierUpCounter):
* wasm/WasmGeneratorTraits.h:
* wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::addSwitch):
(JSC::GenericLabel<Wasm::GeneratorTraits>::setLocation):
* wasm/WasmLLIntTierUpCounter.cpp:
(JSC::Wasm::LLIntTierUpCounter::addOSREntryDataForLoop):
(JSC::Wasm::LLIntTierUpCounter::osrEntryDataForLoop const const):
* wasm/WasmLLIntTierUpCounter.h:
(JSC::Wasm::LLIntTierUpCounter::LLIntTierUpCounter):
* wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
(JSC::LLInt::slow_path_wasm_throw_exception):
(JSC::LLInt::slow_path_wasm_popcount):
(JSC::LLInt::slow_path_wasm_popcountll):
* wasm/WasmSlowPaths.h:
2022-03-01 Devin Rousso <drousso@apple.com>
Web Inspector: add a switch to control whether breakpoint evaluations (condition, ignore count, actions) are also affected by script blackboxing
https://bugs.webkit.org/show_bug.cgi?id=235274
Reviewed by Patrick Angle.
Being able to defer breakpoint evaluations until the next actual pause can sometimes be far
more useful than doing the breakpoint evaluations at the breakpoint's original location.
As an example, configuring the All Events breakpoint with a `console.trace()` action and
auto-continue enabled would not provide much useful information without also blackboxing
breakpoint evaluations as the original pause location of the All Events breakpoint is on the
first line of the event handler, meaning that if the script containing the event handler is
blackboxed then the `console.trace()` would still only show that location even though the
Sources Tab would show the first line of code outside of that script (due to the blackbox).
Being able to also blackbox breakpoint evaluations would instead cause the `console.trace()`
action to have the same output as the Sources Tab, since it's evaluation would be deferred
until execution actually paused, which is further inside the event handler.
* debugger/Debugger.cpp:
(JSC::Debugger::Debugger):
(JSC::Debugger::didHitBreakpoint):
(JSC::Debugger::evaluateBreakpointCondition):
(JSC::Debugger::continueProgram):
(JSC::Debugger::pauseIfNeeded):
(JSC::Debugger::didExecuteProgram):
(JSC::Debugger::setBlackboxBreakpointEvaluations): Added.
Keep track of every `Breakpoint` wants to pause but is deferred due to blackboxing.
Depending on whether breakpoint evaluations are also blackboxed (based on the flag set via
the piping code/logic below), check if the script attempting to be paused in is blackboxed
before or after handling breakpoint evaluations.
Side effects of this change are:
- breakpoint conditions are now evaluated right before that breakpoint's actions, instead of
evaluating all breakpoint conditions before all breakpoint actions
- if breakpoint evaluations are blackboxed, more than two breakpoints can now be evaluated
during a single pause attempt depending on how may deferrals (with breakpoints) happened
* debugger/Debugger.h:
(JSC::Debugger::Observer::didDeferBreakpointPause): Added.
Add a way to notify `InspectorDebuggerAgent` of deferred breakpoint pauses so that the
correct `originalReason` will be used after a deferred pause.
* inspector/protocol/Debugger.json:
* inspector/agents/InspectorDebuggerAgent.h:
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::setBlackboxBreakpointEvaluations): Added.
(Inspector::InspectorDebuggerAgent::didDeferBreakpointPause): Added.
Add a `setBlackboxBreakpointEvaluations` command that passes directly to `Debugger`.
2022-03-01 Saam Barati <sbarati@apple.com>
Add a DeferTraps scope
https://bugs.webkit.org/show_bug.cgi?id=237306
<rdar://83494949>
Reviewed by Mark Lam.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::noticeIncomingCall):
* bytecode/CodeBlock.h:
* bytecode/RepatchInlines.h:
(JSC::linkFor):
(JSC::virtualForWithFunction):
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):
* interpreter/InterpreterInlines.h:
(JSC::Interpreter::execute):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::installCode):
* runtime/VMTraps.cpp:
(JSC::VMTraps::handleTraps):
(JSC::VMTraps::takeTopPriorityTrap):
* runtime/VMTraps.h:
(JSC::VMTraps::needHandling const):
(JSC::VMTraps::hasTrapBit):
(JSC::VMTraps::setTrapBit):
* runtime/VMTrapsInlines.h:
(JSC::DeferTraps::DeferTraps):
(JSC::DeferTraps::~DeferTraps):
2022-03-01 Fujii Hironori <Hironori.Fujii@sony.com>
WTF::SentinelLinkedList::iterator should have operator++ for range-for loop
https://bugs.webkit.org/show_bug.cgi?id=237265
Reviewed by Yusuke Suzuki.
SentinelLinkedList::iterator isn't a pointer of node now, it
should be deferenced before comparing with a pointer.
* bytecode/Watchpoint.cpp:
(JSC::WatchpointSet::fireAllWatchpoints):
* heap/HandleSet.cpp:
(JSC::HandleSet::visitStrongHandles):
(JSC::HandleSet::protectedGlobalObjectCount):
* heap/HandleSet.h:
(JSC::HandleSet::forEachStrongHandle):
* heap/IsoSubspace.cpp:
(JSC::IsoSubspace::tryAllocateFromLowerTier):
* heap/SubspaceInlines.h:
(JSC::Subspace::forEachPreciseAllocation):
* jsc.cpp:
(Workers::broadcast):
2022-03-01 Michael Catanzaro <mcatanzaro@gnome.org>
Misc compiler warnings, late Feb 2022 edition
https://bugs.webkit.org/show_bug.cgi?id=237275
Reviewed by Adrian Perez de Castro.
Suppress suspected false-positive -Wstringop-overflow and -Wformat-overflow warnings. Also,
remove an unused variable.
* API/tests/MultithreadedMultiVMExecutionTest.cpp:
(startMultithreadedMultiVMExecutionTest):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* ftl/FTLOSRExit.cpp:
(JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
* yarr/YarrJIT.cpp:
2022-03-01 Alex Christensen <achristensen@webkit.org>
[AppleWin] Start using Visual Studio 2022
https://bugs.webkit.org/show_bug.cgi?id=234933
Reviewed by Maciej Stachowiak.
* JavaScriptCore.vcxproj/JavaScriptCore.proj:
2022-03-01 Geza Lore <glore@igalia.com>
[JSC] Port EXTRA_CTI_THUNKS to all platforms
https://bugs.webkit.org/show_bug.cgi?id=233822
Reviewed by Saam Barati.
Port and enable all code paths under #ifdef ENABLE(EXTRA_CTI_THUNKS)
on all platforms, and remove the now unused code paths.
To port the extra thunks to all platforms, it was necessary to enable
them to do function calls to C++ slow path operations, which on some
platforms require passing arguments on the stack. To enable this,
CCallHelpers::emitCTIThunkPrologue and
CCallHelpers::emitCTIThunkEpilogue are introduced that allocate some
additional stack space on platforms where this is necessary.
Additionally, the thunks that require subsequent exception checking
now tail call directly to the exception check thunk, rather than
returning to the baseline code and do a separate call to the exception
check thunk. This saves an extra call site in the generated baseline
ops and reduces code size on all platforms (~1.5% reduction on x86_64).
Also factored out the statically allocated register definitions for
baseline ops into BaselineJITRegisters.h, as there are now quite a lot
of them and some are somewhat elaborate. This necessitates moving the
noOverlap and preferredArgumentGPR/preferredArgumentJSR constexpr
functions out from their previous place, so these now live in
GPRInfo.h
Enabling the extra CTI thunks on ARMv7/Thumb-2 saves about 25%
baseline code size, according to --dumpLinkBufferStats.
* assembler/MacroAssembler.h:
(JSC::MacroAssembler::subPtr):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::scratchRegister):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::sub64):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessGenerationState::emitExplicitExceptionHandler):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::initializeFromUnlinkedStructureStubInfo):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
* ftl/FTLCompile.cpp:
(JSC::FTL::compile):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::emitCTIThunkPrologue):
(JSC::CCallHelpers::emitCTIThunkEpilogue):
* jit/JIT.cpp:
(JSC::JIT::emitSlowCaseCall):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::compileAndLinkWithoutFinalizing):
(JSC::JIT::link):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emitSlow_op_mod):
(JSC::JIT::emit_op_mod):
(JSC::JIT::emit_op_div):
* jit/JITCall.cpp:
(JSC::JIT::emit_op_iterator_open):
(JSC::JIT::emit_op_iterator_next):
(JSC::JIT::emitSlow_op_iterator_next):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITGetByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITGetByIdWithThisGenerator::generateBaselineDataICFastPath):
(JSC::JITPutByIdGenerator::generateBaselineDataICFastPath):
* jit/JITInlineCacheGenerator.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::valueIsFalseyGenerator):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::valueIsTruthyGenerator):
(JSC::JIT::emit_op_throw):
(JSC::JIT::op_throw_handlerGenerator):
(JSC::JIT::emit_op_enter):
(JSC::JIT::op_enter_handlerGenerator):
(JSC::JIT::emitSlow_op_check_traps):
(JSC::JIT::op_check_traps_handlerGenerator):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::generateGetByValSlowCase):
(JSC::JIT::slow_op_get_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_get_private_name):
(JSC::JIT::emitSlow_op_get_private_name):
(JSC::JIT::slow_op_get_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_set_private_brand):
(JSC::JIT::emitSlow_op_set_private_brand):
(JSC::JIT::emit_op_check_private_brand):
(JSC::JIT::emitSlow_op_check_private_brand):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emitSlow_op_put_private_name):
(JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emitSlow_op_del_by_id):
(JSC::JIT::slow_op_del_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_del_by_val):
(JSC::JIT::emitSlow_op_del_by_val):
(JSC::JIT::slow_op_del_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id_direct):
(JSC::JIT::emitSlow_op_get_by_id_direct):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::slow_op_get_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
(JSC::JIT::slow_op_get_by_id_with_this_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::slow_op_put_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emitSlow_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_val):
(JSC::JIT::emitHasPrivateSlow):
(JSC::JIT::emitSlow_op_has_private_name):
(JSC::JIT::emitSlow_op_has_private_brand):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::slow_op_put_to_scopeGenerator):
(JSC::JIT::emit_op_get_property_enumerator):
(JSC::JIT::emit_op_enumerator_next):
(JSC::JIT::emit_enumerator_has_propertyImpl):
(JSC::JIT::emit_op_enumerator_get_by_val):
(JSC::JIT::emit_op_enumerator_in_by_val):
(JSC::JIT::emit_op_enumerator_has_own_property):
* jit/JITThunks.cpp:
* jit/JITThunks.h:
* jit/SlowPathCall.cpp:
(JSC::JITSlowPathCall::call):
(JSC::JITSlowPathCall::generateThunk):
* jit/SlowPathCall.h:
(JSC::JITSlowPathCall::JITSlowPathCall):
* jit/ThunkGenerators.cpp:
(JSC::handleExceptionGenerator):
(JSC::checkExceptionGenerator):
* jit/ThunkGenerators.h:
2022-02-28 Devin Rousso <drousso@apple.com>
Web Inspector: [Flexbox] Add options to show each area's CSS `order` and/or DOM index in the parent flex container
https://bugs.webkit.org/show_bug.cgi?id=237215
Reviewed by Patrick Angle.
This will help developers better understand how CSS `order` and the DOM index of each flex
item interact and result in what's eventually rendered.
* inspector/protocol/DOM.json:
Add an optional boolean parameter to `DOM.showFlexOverlay`:
- `showOrderNumbers` controls whether labels with the computed CSS `order` value are shown
over each flex item's area.
2022-02-28 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use DeferTerminationForAWhile in Interpreter::unwind
https://bugs.webkit.org/show_bug.cgi?id=237176
Reviewed by Mark Lam.
If we're unwinding the stack due to a regular exception (not a TerminationException), then
we want to use a DeferTerminationForAWhile scope. This is because we want to avoid a
TerminationException being raised (due to a concurrent termination request) in the middle
of unwinding. The unwinding code only checks if we're handling a TerminationException before
it starts unwinding and is not expecting this status to change in the middle. Without the
DeferTerminationForAWhile scope, control flow may end up in an exception handler, and effectively
"catch" the newly raised TerminationException, which should not be catchable.
On the other hand, if we're unwinding the stack due to a TerminationException, we do not need
nor want the DeferTerminationForAWhile scope. This is because on exit, DeferTerminationForAWhile
will set the VMTraps NeedTermination bit if termination is in progress. The system expects the
NeedTermination bit to be have been cleared by VMTraps::handleTraps() once the TerminationException
has been raised. Some legacy client apps relies on this and expects to be able to re-enter the
VM after it exits due to termination. If the NeedTermination bit is set, upon re-entry, the
VM will behave as if a termination request is pending and terminate almost immediately, thereby
breaking the legacy client apps.
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::notifyDebuggerOfUnwinding):
(JSC::sanitizeRemoteFunctionException):
(JSC::Interpreter::unwind):
(JSC::notifyDebuggerOfUnwinding): Deleted.
2022-02-28 Angelos Oikonomopoulos <angelos@igalia.com>
[JSC] Reuse known register values on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=237207
Reviewed by Žan Doberšek.
Set up a CachedTempRegister for each of addressTempRegister,
dataTempRegister on ARMv7 and use them to generate shorter instruction
sequences when possible.
Saves 1.5-2% of code size on JS2 with no measurable difference in
performance.
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::CachedTempRegister::value):
* assembler/MacroAssemblerARMv7.cpp:
(JSC::MacroAssembler::probe):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::MacroAssemblerARMv7):
(JSC::MacroAssemblerARMv7::add32):
(JSC::MacroAssemblerARMv7::getEffectiveAddress):
(JSC::MacroAssemblerARMv7::add64):
(JSC::MacroAssemblerARMv7::lshift32):
(JSC::MacroAssemblerARMv7::mul32):
(JSC::MacroAssemblerARMv7::rshift32):
(JSC::MacroAssemblerARMv7::urshift32):
(JSC::MacroAssemblerARMv7::load32):
(JSC::MacroAssemblerARMv7::load16):
(JSC::MacroAssemblerARMv7::load16SignedExtendTo32):
(JSC::MacroAssemblerARMv7::load8):
(JSC::MacroAssemblerARMv7::load8SignedExtendTo32):
(JSC::MacroAssemblerARMv7::loadPair32):
(JSC::MacroAssemblerARMv7::store8):
(JSC::MacroAssemblerARMv7::storePair32):
(JSC::MacroAssemblerARMv7::loadDouble):
(JSC::MacroAssemblerARMv7::loadFloat):
(JSC::MacroAssemblerARMv7::storeDouble):
(JSC::MacroAssemblerARMv7::storeFloat):
(JSC::MacroAssemblerARMv7::branchTruncateDoubleToInt32):
(JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
(JSC::MacroAssemblerARMv7::long_move):
(JSC::MacroAssemblerARMv7::short_move):
(JSC::MacroAssemblerARMv7::move):
(JSC::MacroAssemblerARMv7::compare32AndSetFlags):
(JSC::MacroAssemblerARMv7::branch8):
(JSC::MacroAssemblerARMv7::branchTest8):
(JSC::MacroAssemblerARMv7::branchTest16):
(JSC::MacroAssemblerARMv7::farJump):
(JSC::MacroAssemblerARMv7::branchMul32):
(JSC::MacroAssemblerARMv7::nearCall):
(JSC::MacroAssemblerARMv7::nearTailCall):
(JSC::MacroAssemblerARMv7::call):
(JSC::MacroAssemblerARMv7::compare8):
(JSC::MacroAssemblerARMv7::test8):
(JSC::MacroAssemblerARMv7::jump):
(JSC::MacroAssemblerARMv7::makeBranch):
(JSC::MacroAssemblerARMv7::setupArmAddress):
(JSC::MacroAssemblerARMv7::makeBaseIndexBase):
(JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
(JSC::MacroAssemblerARMv7::cachedDataTempRegister):
(JSC::MacroAssemblerARMv7::cachedAddressTempRegister):
(JSC::MacroAssemblerARMv7::getCachedDataTempRegisterIDAndInvalidate):
(JSC::MacroAssemblerARMv7::getCachedAddressTempRegisterIDAndInvalidate):
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::emitFastPathImpl):
2022-02-27 Chris Dumez <cdumez@apple.com>
Omit template parameter for SetForScope<> variables
https://bugs.webkit.org/show_bug.cgi?id=237258
Reviewed by Darin Adler.
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitNode):
* debugger/Debugger.cpp:
(JSC::Debugger::dispatchFunctionToObservers):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::setLocalOrTmp):
(JSC::DFG::ByteCodeParser::setArgument):
* inspector/InspectorBackendDispatcher.cpp:
(Inspector::BackendDispatcher::dispatch):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::parseAsyncFunctionSourceElements):
(JSC::Parser<LexerType>::parseAsyncGeneratorFunctionSourceElements):
(JSC::Parser<LexerType>::parseFunctionBody):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseFunctionDeclaration):
(JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parseGetterSetter):
(JSC::Parser<LexerType>::parseFunctionExpression):
(JSC::Parser<LexerType>::parseAsyncFunctionExpression):
(JSC::Parser<LexerType>::parseArrowFunctionExpression):
2022-02-26 Basuke Suzuki <basuke.suzuki@sony.com>
Remove UNUSED warnings for non-Cocoa platform after r290449
https://bugs.webkit.org/show_bug.cgi?id=237233
Reviewed by Darin Adler.
* runtime/JSDateMath.cpp:
2022-02-24 Mark Lam <mark.lam@apple.com>
Remove incorrect ASSERT.
https://bugs.webkit.org/show_bug.cgi?id=237185
<rdar://problem/83902782>
Reviewed by Yusuke Suzuki.
These debug ASSERTs were added in http://trac.webkit.org/r283632 back when we
weren't sure that the StringImpl pointer can be null or not. We're now certain
that the StringImpl pointer can be null because:
The site of the ASSERT looks like this:
```
auto* impl = string->tryGetValueImpl();
ASSERT(impl); // FIXME: rdar://83902782
if (impl && impl->isAtom() &&
...
```
... where string is a JSString, which can also be a JSRopeString.
JSString::tryGetValueImpl() is:
```
inline const StringImpl* JSString::tryGetValueImpl() const
{
uintptr_t pointer = fiberConcurrently();
if (pointer & isRopeInPointer)
return nullptr;
return bitwise_cast<StringImpl*>(pointer);
}
```
If string is a JSRopeString, the returned impl will be null. Hence, the ASSERT is
invalid and should be removed.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::handlePutByVal):
2022-02-25 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r290516.
https://bugs.webkit.org/show_bug.cgi?id=237222
broke debug tests
Reverted changeset:
"[JSC] Use DeferTerminationForAWhile in Interpreter::unwind"
https://bugs.webkit.org/show_bug.cgi?id=237176
https://commits.webkit.org/r290516
2022-02-25 Mark Lam <mark.lam@apple.com>
operationMaterializeObjectInOSR should DeferTerminationForAWhile instead of just DeferTermination.
https://bugs.webkit.org/show_bug.cgi?id=237173
rdar://problem/89450245
Reviewed by Yusuke Suzuki.
DeferTermination can throw the TerminationException on destruction of the scope
object. operationMaterializeObjectInOSR() was using DeferTermination, resulting
in the TerminationException being thrown on exit. This trips up
validateDFGExceptionHandling testing (which is enabled on Debug builds) because the
TerminationException is unexpected. The solution is simply to use
DeferTerminationForAWhile instead, and let a more natural trap checkpoint throw
the TerminationException later.
Also refactored notifyDebuggerOfUnwinding() to return early if a debugger is not
present. This avoids unnecessarily entering and exiting a DeferTermination scope
in notifyDebuggerOfUnwinding(). This was observed while testing this change on
the attached test case.
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):
* interpreter/Interpreter.cpp:
(JSC::notifyDebuggerOfUnwinding):
2022-02-24 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use DeferTerminationForAWhile in Interpreter::unwind
https://bugs.webkit.org/show_bug.cgi?id=237176
Reviewed by Mark Lam.
Interpreter::unwind calls sanitizeRemoteFunctionException, which would like to create scope (but it
does not have user observable behavior). Problem is that, since it is creating a scope, it can throw
a termination exception. We were using DeferTermination, but destructor of this scope can still set
termination exception, which results in throwing a termination exception for the error handler.
We use DeferTerminationForAWhile in the prologue of the Interpreter::unwind to ensure that this function
will not accept termination exception coming concurrently.
* interpreter/Interpreter.cpp:
(JSC::sanitizeRemoteFunctionException):
(JSC::Interpreter::unwind):
2022-02-25 Patrick Angle <pangle@apple.com>
Web Inspector: [Cocoa] Split remote inspector message data into smaller chunks for large messages
https://bugs.webkit.org/show_bug.cgi?id=237110
<rdar://89364487>
Reviewed by Devin Rousso.
Messages over 2 MiB will now be split into multiple chunks, which allows us to not exceed any receiving daemon
process' memory limit under otherwise normal conditions. 2 MiB was chosen as a balance between not having to
split most messages at all and making sure that the messages (and any copies made during the relaying of the
messages) do not exceed the memory limits of the receiving daemon process.
In order to prevent us from sending chunked messages to a process that doesn't support them we check for a flag
to enable this functionality during connection setup.
* inspector/remote/RemoteInspector.h:
* inspector/remote/RemoteInspectorConstants.h:
* inspector/remote/cocoa/RemoteInspectorCocoa.mm:
(Inspector::RemoteInspector::sendMessageToRemote):
(Inspector::RemoteInspector::receivedSetupMessage):
2022-02-24 Chris Dumez <cdumez@apple.com>
[Cocoa] Only clear ICU cache when time zone is changed
https://bugs.webkit.org/show_bug.cgi?id=236996
Reviewed by Yusuke Suzuki.
We used to unconditionally invalidate the VM's DateCache in VMEntryScope in order to
make sure we always used the latest time zone from the host machine (in case it changed).
This overly aggressive invalidation was causing us to repeatedly go to the disk in order
to determine the host time zone. On Cocoa ports, we now listen to the
kCFTimeZoneSystemTimeZoneDidChangeNotification notification and only invalidate the
VM's DateCache in VMEntryScope if the host time zone has actually changed since the
last time.
* runtime/JSDateMath.cpp:
(JSC::timeZoneChangeNotification):
(JSC::DateCache::DateCache):
(JSC::DateCache::resetIfNecessary):
(JSC::DateCache::reset): Deleted.
* runtime/JSDateMath.h:
* runtime/VM.h:
(JSC::VM::resetDateCacheIfNecessary):
(JSC::VM::resetDateCache): Deleted.
* runtime/VMEntryScope.cpp:
(JSC::VMEntryScope::VMEntryScope):
2022-02-24 Geza Lore <glore@igalia.com>
[JSC] Respect bytecode alignment in BytecodeRewriter
https://bugs.webkit.org/show_bug.cgi?id=237092
Reviewed by Yusuke Suzuki.
Note: This patch only affects bytecode generation on platforms which
set CPU(NEEDS_ALIGNED_ACCESS), which are ARMv7 and MIPS. On all other
platforms the generated bytecode is identical.
The previous BytecodeRewriter::removeBytecode method unconditionally
removed the given instruction, which could then break the required
alignment of subsequent wide ops. While this could be fixed by
inserting padding after the removal, all current uses of
removeBytecode are such that they constitute one half of a replace.
Instead of adding unnecessary padding, added an explicit
replaceBytecodeWithFragment method that removes the old instruction
and replaces it with the given fragment, while maintaining alignment
of the subsequent bytecode. This yields fewer nops. If removeBytecode
turns out to be necessary later, use replaceBytecodeWithFragment with
an empty fragment.
* bytecode/BytecodeGeneratorification.cpp:
(JSC::BytecodeGeneratorification::run):
* bytecode/BytecodeRewriter.h:
(JSC::BytecodeRewriter::Fragment::align):
(JSC::BytecodeRewriter::insertFragmentAfter):
(JSC::BytecodeRewriter::replaceBytecodeWithFragment):
* bytecompiler/BytecodeGeneratorBaseInlines.h:
(JSC::BytecodeGeneratorBase<Traits>::alignWideOpcode32):
2022-02-23 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] WeakMapImpl do not need to take cellLock in visitOutputConstraints and main thread
https://bugs.webkit.org/show_bug.cgi?id=200195
Reviewed by Mark Lam.
WeakMapImpl::visitOutputConstraints is called in the constraint solver, so the main thread is stopped.
WeakMapImpl::rehash can destroy the buffer, but it is only called on either the main thread or GC finalizer. As a result,
it never happens that destroying the buffer while touching it in visitOutputConstraints. We can remove the lock guarding
this buffer.
* runtime/WeakMapImpl.cpp:
(JSC::WeakMapImpl<BucketType>::visitOutputConstraints):
* runtime/WeakMapImpl.h:
(JSC::WeakMapImpl::WeakMapImpl):
(JSC::WeakMapImpl::makeAndSetNewBuffer):
(JSC::WeakMapImpl::finishCreation): Deleted.
* runtime/WeakMapImplInlines.h:
(JSC::WeakMapImpl<WeakMapBucket>::rehash):
2022-02-23 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Adjust thread number for GC throughput
https://bugs.webkit.org/show_bug.cgi?id=237122
Reviewed by Mark Lam.
Adjust numberOfGCMarkers from 4 to 3 to make GC and main thread througput better on M1 macOS.
3 makes sense since there is also a main thread when they are running concurrently to the
main thread.
It offers 1.2% improvement in Speedometer2 in M1Max MBP and 0.4% improvement in M1 MBP.
----------------------------------------------------------------------------------------------------------------------------------
| subtest | ms | ms | b / a | pValue (significance using False Discovery Rate) |
----------------------------------------------------------------------------------------------------------------------------------
| Elm-TodoMVC |107.445000 |102.856667 |0.957296 | 0.000000 (significant) |
| VueJS-TodoMVC |21.571667 |21.805000 |1.010817 | 0.403054 |
| EmberJS-TodoMVC |113.320000 |111.300000 |0.982174 | 0.000027 (significant) |
| BackboneJS-TodoMVC |39.981667 |39.318333 |0.983409 | 0.002346 (significant) |
| Preact-TodoMVC |15.516667 |15.648333 |1.008485 | 0.544754 |
| AngularJS-TodoMVC |117.010000 |115.346667 |0.985785 | 0.000495 (significant) |
| Vanilla-ES2015-TodoMVC |57.790000 |57.176667 |0.989387 | 0.000270 (significant) |
| Inferno-TodoMVC |55.275000 |53.755000 |0.972501 | 0.000000 (significant) |
| Flight-TodoMVC |53.875000 |53.941667 |1.001237 | 0.739556 |
| Angular2-TypeScript-TodoMVC |36.600000 |36.471667 |0.996494 | 0.743761 |
| VanillaJS-TodoMVC |48.058333 |47.671667 |0.991954 | 0.158193 |
| jQuery-TodoMVC |203.433333 |201.878333 |0.992356 | 0.009271 (significant) |
| EmberJS-Debug-TodoMVC |325.058333 |319.848333 |0.983972 | 0.000003 (significant) |
| React-TodoMVC |80.533333 |79.281667 |0.984458 | 0.000011 (significant) |
| React-Redux-TodoMVC |134.738333 |131.801667 |0.978205 | 0.000000 (significant) |
| Vanilla-ES2015-Babel-Webpack-TodoMVC |56.780000 |56.168333 |0.989227 | 0.000514 (significant) |
----------------------------------------------------------------------------------------------------------------------------------
a mean = 293.86568
b mean = 297.52900
pValue = 0.0266899465
(Bigger means are better.)
1.012 times better
Results ARE significant
* runtime/Options.cpp:
(JSC::overrideDefaults):
2022-02-23 Adrian Perez de Castro <aperez@igalia.com>
Ensure generated inline assembler that setups segments returns to previous state
https://bugs.webkit.org/show_bug.cgi?id=236976
Reviewed by Yusuke Suzuki.
Use .previous in inline assembler in order to ensure that mixed emission of assembler
functions and other definitions correctly puts each of them in their rightful sections
in the output object code.
* assembler/MacroAssemblerARM64.cpp:
* assembler/MacroAssemblerARMv7.cpp:
* assembler/MacroAssemblerMIPS.cpp:
* assembler/MacroAssemblerX86Common.cpp:
2022-02-22 Chris Dumez <cdumez@apple.com>
Add a URL constructor that takes a String
https://bugs.webkit.org/show_bug.cgi?id=237068
Reviewed by Darin Adler.
Adopt the new `URL(const String&)` constructor.
* API/JSAPIGlobalObject.mm:
(JSC::computeValidImportSpecifier):
2022-02-22 Alexander Kanavin <alex@linutronix.de>
When building introspection files, add CMAKE_C_FLAGS to the compiler flags.
https://bugs.webkit.org/show_bug.cgi?id=232936
Reviewed by Michael Catanzaro.
g-ir-compiler is using a C compiler internally, so it needs to set
the proper flags for it.
* PlatformGTK.cmake:
2022-02-22 Asumu Takikawa <asumu@igalia.com>
Initial support for Wasm/ESM-integration in the WebCore module loader
https://bugs.webkit.org/show_bug.cgi?id=236268
Reviewed by Yusuke Suzuki.
Adjust WebAssemblySourceProvider to inherit from a new abstract base
class that exposes the data as a pointer and size, to allow
implementations other than a Vector. Also add initialization
and cleanup methods managed by RAII class.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* parser/SourceProvider.cpp:
(JSC::BaseWebAssemblySourceProvider::BaseWebAssemblySourceProvider):
* parser/SourceProvider.h:
(JSC::BaseWebAssemblySourceProvider::lockUnderlyingBuffer):
(JSC::BaseWebAssemblySourceProvider::unlockUnderlyingBuffer):
(JSC::WebAssemblySourceProviderBufferGuard::WebAssemblySourceProviderBufferGuard):
(JSC::WebAssemblySourceProviderBufferGuard::~WebAssemblySourceProviderBufferGuard):
* runtime/CachedTypes.cpp:
(JSC::CachedWebAssemblySourceProvider::encode):
* tools/JSDollarVM.cpp:
* wasm/js/JSWebAssemblyHelpers.h:
(JSC::getWasmBufferFromValue):
(JSC::createSourceBufferFromValue):
2022-02-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] ShadowRealm JSRemoteFunction creation should convert CopyNameAndLength errors to TypeError
https://bugs.webkit.org/show_bug.cgi?id=237007
Reviewed by Alexey Shvayka.
1. Rename JSRemoteFunction::create to tryCreate since it can throw an error.
2. Passing JSGlobalObject* as a first parameter to JSRemoteFunction::tryCreate since it can throw an error.
3. Extract CopyNameAndLength part and convert errors to TypeError as specified.
* jit/JITOperations.cpp:
(JSC::getWrappedValue):
(JSC::JSC_DEFINE_JIT_OPERATION):
* runtime/JSRemoteFunction.cpp:
(JSC::wrapValue):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSRemoteFunction::tryCreate):
(JSC::JSRemoteFunction::copyNameAndLength):
(JSC::JSRemoteFunction::finishCreation):
(JSC::JSRemoteFunction::create): Deleted.
* runtime/JSRemoteFunction.h:
2022-02-22 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] TypeError from JSRemoteFunction should be generated by JSRemoteFunction's JSGlobalObject
https://bugs.webkit.org/show_bug.cgi?id=237013
Reviewed by Saam Barati.
Our unwinding converts any errors inside JSRemoteFunction to TypeError. At that time, we should
use JSRemoteFunction's JSGlobalObject for this type error.
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator() const):
(JSC::sanitizeRemoteFunctionException):
(JSC::Interpreter::unwind):
2022-02-21 Robin Morisset <rmorisset@apple.com>
[JSC] Format the output of --reportTotalPhaseTimes=1 more nicely
https://bugs.webkit.org/show_bug.cgi?id=237005
Reviewed by Saam Barati.
Before this patch:
[B3] moveConstants total ms: 64.307583 max ms: 1.703167
[B3] lowerToAir total ms: 151.297782 max ms: 5.426375
[B3] generateToAir total ms: 1623.987166 max ms: 92.826750
[B3] simplifyCFG total ms: 11.760463 max ms: 1.088083
[B3] Air::lowerMacros total ms: 5.975679 max ms: 0.382000
After this patch:
total ms: 66.328 max ms: 2.283 [B3] moveConstants
total ms: 148.097 max ms: 5.361 [B3] lowerToAir
total ms: 1619.115 max ms: 96.307 [Total B3] generateToAir
total ms: 11.959 max ms: 1.185 [Air] simplifyCFG
total ms: 6.519 max ms: 0.697 [Air] Air::lowerMacros
Concretely there are two changes:
- use FixedWidthDouble (also introduced to WTF in this patch) to line-up the total times.
This makes it possible to see at a glance which phases are worth optimizing and which aren't.
- Tag phases more precisely, and in particular replace [B3] by [Air] where relevant,
and give different tags to measurements that correspond to groups of phases instead of a single phase (e.g. generateToAir).
* JavaScriptCore.xcodeproj/project.pbxproj:
* b3/B3Compile.cpp:
(JSC::B3::compile):
* b3/B3FixSSA.cpp:
* b3/B3Generate.cpp:
(JSC::B3::prepareForGeneration):
(JSC::B3::generateToAir):
* b3/B3PhaseScope.cpp:
(JSC::B3::PhaseScope::PhaseScope):
* b3/B3PhaseScope.h:
* b3/B3TimingScope.h: Removed.
(JSC::B3::TimingScope::TimingScope): Deleted.
* b3/B3VariableLiveness.cpp:
(JSC::B3::VariableLiveness::VariableLiveness):
* b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp:
(JSC::B3::Air::GenerateAndAllocateRegisters::generate):
* b3/air/AirAllocateRegistersAndStackByLinearScan.cpp:
* b3/air/AirGenerate.cpp:
(JSC::B3::Air::prepareForGeneration):
(JSC::B3::Air::generateWithAlreadyAllocatedRegisters):
* b3/air/AirLiveness.h:
(JSC::B3::Air::Liveness::Liveness):
* b3/air/AirPhaseScope.cpp:
(JSC::B3::Air::PhaseScope::PhaseScope):
* b3/air/AirPhaseScope.h:
* tools/CompilerTimingScope.cpp:
2022-02-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Fix ShadowRealm unwinding
https://bugs.webkit.org/show_bug.cgi?id=237001
Reviewed by Saam Barati.
This patch fixes a crash bug found by test262. Regardless of it is RemoteFunction,
we should handle it as the same way to the other normal host functions except
for setting m_seenRemoteFunction = true flag. Previously, we are early returning,
this is wrong since we should stop unwinding if the caller is entry frame.
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::operator() const):
2022-02-21 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Temporal.PlainDate should validate input range
https://bugs.webkit.org/show_bug.cgi?id=236936
Reviewed by Darin Adler.
Implement https://tc39.es/proposal-temporal/#sec-temporal-isodatetimewithinlimits check in
PlainDate to validate input range. For example, 0x7fffffff year should be rejected since
it is larger than ECMAScript datetime representation value. This is checked via ISODateTimeWithinLimits
in the spec.
We also remove isValid assertions in ExactTime. This should not be checked in these accessors, rather,
we should call that function when we would like to check, since PlainDate can represent a bit smaller
value than ExactTime's minValue (minValue - nsPerDay).
We also extend ExactTime::fromISOPartsAndOffset to handle values via Int128 to accept int32_t range years.
By using Int128 for nanoseconds, we can even represent int32_t max / min years. And we remove
`ASSERT(y >= -999999 && y <= 999999)` check since this is not necessary.
* runtime/ISO8601.cpp:
(JSC::ISO8601::ExactTime::fromISOPartsAndOffset):
(JSC::ISO8601::isDateTimeWithinLimits):
* runtime/ISO8601.h:
(JSC::ISO8601::ExactTime::ExactTime): Deleted.
(JSC::ISO8601::ExactTime::fromEpochSeconds): Deleted.
(JSC::ISO8601::ExactTime::fromEpochMilliseconds): Deleted.
(JSC::ISO8601::ExactTime::fromEpochMicroseconds): Deleted.
(JSC::ISO8601::ExactTime::epochSeconds const): Deleted.
(JSC::ISO8601::ExactTime::epochMilliseconds const): Deleted.
(JSC::ISO8601::ExactTime::epochMicroseconds const): Deleted.
(JSC::ISO8601::ExactTime::epochNanoseconds const): Deleted.
(JSC::ISO8601::ExactTime::nanosecondsFraction const): Deleted.
(JSC::ISO8601::ExactTime::asString const): Deleted.
(JSC::ISO8601::ExactTime::isValid const): Deleted.
(JSC::ISO8601::ExactTime::operator< const): Deleted.
(JSC::ISO8601::ExactTime::operator<= const): Deleted.
(JSC::ISO8601::ExactTime::operator== const): Deleted.
(JSC::ISO8601::ExactTime::operator!= const): Deleted.
(JSC::ISO8601::ExactTime::operator>= const): Deleted.
(JSC::ISO8601::ExactTime::operator> const): Deleted.
* runtime/TemporalPlainDate.cpp:
(JSC::toPlainDate):
== Rolled over to ChangeLog-2022-02-22 ==