1. 04 Dec, 2013 3 commits
    • fpizlo@apple.com's avatar
      Fold constant typed arrays · ee327c85
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=125205
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt and Mark Hahnenberg.
              
      If by some other mechanism we have a typed array access on a compile-time constant
      typed array pointer, then fold:
              
      - Array bounds checks. Specifically, fold the load of length.
              
      - Loading the vector.
              
      This needs to install a watchpoint on the array itself because of the possibility of
      neutering. Neutering is ridiculous. We do this without bloating the size of
      ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you
      allocated an array that didn't end up becoming a compile-time constant). To install
      the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to
      the ArrayBuffer, where that incoming reference is from a watchpoint object. The
      ArrayBuffer already knows about such incoming references and can fire the
      watchpoints that way.
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGDesiredWatchpoints.cpp:
      (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
      (JSC::DFG::DesiredWatchpoints::addLazily):
      * dfg/DFGDesiredWatchpoints.h:
      (JSC::DFG::GenericSetAdaptor::add):
      (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated):
      (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
      (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
      (JSC::DFG::GenericDesiredWatchpoints::areStillValid):
      (JSC::DFG::GenericDesiredWatchpoints::isStillValid):
      (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState):
      (JSC::DFG::DesiredWatchpoints::isStillValid):
      (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState):
      (JSC::DFG::DesiredWatchpoints::isValidOrMixed):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::tryGetFoldableView):
      * dfg/DFGGraph.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
      (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGWatchpointCollectionPhase.cpp:
      (JSC::DFG::WatchpointCollectionPhase::handle):
      (JSC::DFG::WatchpointCollectionPhase::addLazily):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
      (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
      (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
      (JSC::FTL::LowerDFGToLLVM::typedArrayLength):
      * runtime/ArrayBuffer.cpp:
      (JSC::ArrayBuffer::transfer):
      * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added.
      (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint):
      (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint):
      (JSC::ArrayBufferNeuteringWatchpoint::finishCreation):
      (JSC::ArrayBufferNeuteringWatchpoint::destroy):
      (JSC::ArrayBufferNeuteringWatchpoint::create):
      (JSC::ArrayBufferNeuteringWatchpoint::createStructure):
      * runtime/ArrayBufferNeuteringWatchpoint.h: Added.
      (JSC::ArrayBufferNeuteringWatchpoint::set):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      * runtime/VM.h:
      
      LayoutTests: 
      
      Reviewed by Oliver Hunt and Mark Hahnenberg.
      
      * js/regress/fixed-typed-array-storage-expected.txt: Added.
      * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added.
      * js/regress/fixed-typed-array-storage-var-index.html: Added.
      * js/regress/fixed-typed-array-storage.html: Added.
      * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added.
      (foo):
      * js/regress/script-tests/fixed-typed-array-storage.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ee327c85
    • joepeck@webkit.org's avatar
      Web Inspector: Push Remote Inspector debugging connection management into JavaScriptCore · d2ecf37f
      joepeck@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=124613
      
      Reviewed by Timothy Hatcher.
      
      Source/JavaScriptCore:
      
      Move the ENABLE(REMOTE_INSPECTOR) remote debugger connection management
      into JavaScriptCore (originally from WebKit/mac). Include enhancements:
      
        * allow for different types of remote debuggable targets,
          eventually at least a JSContext, WebView, WKView.
        * allow debuggables to be registered and debugged on any thread. Unlike
          WebViews, JSContexts may be run entirely off of the main thread.
        * move the remote connection (XPC connection) itself off of the main thread,
          it doesn't need to be on the main thread.
      
      Make JSContext @class and JavaScriptCore::JSContextRef
      "JavaScript" Remote Debuggables.
      
      * inspector/remote/RemoteInspectorDebuggable.h: Added.
      * inspector/remote/RemoteInspectorDebuggable.cpp: Added.
      (Inspector::RemoteInspectorDebuggable::RemoteInspectorDebuggable):
      (Inspector::RemoteInspectorDebuggable::~RemoteInspectorDebuggable):
      (Inspector::RemoteInspectorDebuggable::init):
      (Inspector::RemoteInspectorDebuggable::update):
      (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
      (Inspector::RemoteInspectorDebuggable::info):
      RemoteInspectorDebuggable defines a debuggable target. As long as
      something creates a debuggable and is set to allow remote inspection
      it will be listed in remote debuggers. For the different types of
      debuggables (JavaScript and Web) there is different basic information
      that may be listed.
      
      * inspector/InspectorFrontendChannel.h: Added.
      (Inspector::InspectorFrontendChannel::~InspectorFrontendChannel):
      The only thing a debuggable needs for remote debugging is an
      InspectorFrontendChannel a way to send messages to a remote frontend.
      This class provides that method, and is vended to the
      RemoteInspectorDebuggable when a remote connection is setup.
      
      * inspector/remote/RemoteInspector.h: Added.
      * inspector/remote/RemoteInspector.mm: Added.
      Singleton, created at least when the first Debuggable is created.
      This class manages the list of debuggables, any connection to a
      remote debugger proxy (XPC service "com.apple.webinspector").
      
      (Inspector::dispatchAsyncOnQueueSafeForAnyDebuggable):
      (Inspector::RemoteInspector::shared):
      (Inspector::RemoteInspector::RemoteInspector):
      (Inspector::RemoteInspector::nextAvailableIdentifier):
      (Inspector::RemoteInspector::registerDebuggable):
      (Inspector::RemoteInspector::unregisterDebuggable):
      (Inspector::RemoteInspector::updateDebuggable):
      Debuggable management. When debuggables are added, removed, or updated
      we stash a copy of the debuggable information and push an update to
      debuggers. Stashing a copy of the information in the RemoteInspector
      is a thread safe way to avoid walking over all debuggables to gather
      the information when it is needed.
      
      (Inspector::RemoteInspector::start):
      (Inspector::RemoteInspector::stop):
      Runtime API to enable / disable the feature.
      
      (Inspector::RemoteInspector::listingForDebuggable):
      (Inspector::RemoteInspector::pushListingNow):
      (Inspector::RemoteInspector::pushListingSoon):
      Pushing a listing to remote debuggers.
      
      (Inspector::RemoteInspector::sendMessageToRemoteFrontend):
      (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
      (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
      (Inspector::RemoteInspector::xpcConnectionFailed):
      (Inspector::RemoteInspector::xpcConnectionUnhandledMessage):
      XPC setup, send, and receive handling.
      
      (Inspector::RemoteInspector::updateHasActiveDebugSession):
      Applications being debugged may want to know when a debug
      session is active. This provides that notification.
      
      (Inspector::RemoteInspector::receivedSetupMessage):
      (Inspector::RemoteInspector::receivedDataMessage):
      (Inspector::RemoteInspector::receivedDidCloseMessage):
      (Inspector::RemoteInspector::receivedGetListingMessage):
      (Inspector::RemoteInspector::receivedIndicateMessage):
      (Inspector::RemoteInspector::receivedConnectionDiedMessage):
      Dispatching incoming remote debugging protocol messages.
      These are wrapping above the inspector protocol messages.
      
      * inspector/remote/RemoteInspectorConstants.h: Added.
      Protocol messages and dictionary keys inside the messages.
      
      (Inspector::RemoteInspectorDebuggableInfo::RemoteInspectorDebuggableInfo):
      * inspector/remote/RemoteInspectorDebuggableConnection.h: Added.
      * inspector/remote/RemoteInspectorDebuggableConnection.mm: Added.
      This is a connection between the RemoteInspector singleton and a RemoteInspectorDebuggable.
      
      (Inspector::RemoteInspectorDebuggableConnection::RemoteInspectorDebuggableConnection):
      (Inspector::RemoteInspectorDebuggableConnection::~RemoteInspectorDebuggableConnection):
      Allow for dispatching messages on JavaScript debuggables on a dispatch_queue
      instead of the main queue.
      
      (Inspector::RemoteInspectorDebuggableConnection::destination):
      (Inspector::RemoteInspectorDebuggableConnection::connectionIdentifier):
      Needed in the remote debugging protocol to identify the remote debugger.
      
      (Inspector::RemoteInspectorDebuggableConnection::dispatchSyncOnDebuggable):
      (Inspector::RemoteInspectorDebuggableConnection::dispatchAsyncOnDebuggable):
      (Inspector::RemoteInspectorDebuggableConnection::setup):
      (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
      (Inspector::RemoteInspectorDebuggableConnection::close):
      (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
      (Inspector::RemoteInspectorDebuggableConnection::sendMessageToFrontend):
      The connection is a thin channel between the two sides that can be closed
      from either side, so there is some logic around multi-threaded access.
      
      * inspector/remote/RemoteInspectorXPCConnection.h: Added.
      (Inspector::RemoteInspectorXPCConnection::Client::~Client):
      * inspector/remote/RemoteInspectorXPCConnection.mm: Added.
      (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
      (Inspector::RemoteInspectorXPCConnection::~RemoteInspectorXPCConnection):
      (Inspector::RemoteInspectorXPCConnection::close):
      (Inspector::RemoteInspectorXPCConnection::deserializeMessage):
      (Inspector::RemoteInspectorXPCConnection::handleEvent):
      (Inspector::RemoteInspectorXPCConnection::sendMessage):
      This is a connection between the RemoteInspector singleton and an XPC service
      named "com.apple.webinspector". This handles serialization of the dictionary
      messages to and from the service. The receiving is done on a non-main queue.
      
      * API/JSContext.h:
      * API/JSContext.mm:
      (-[JSContext name]):
      (-[JSContext setName:]):
      ObjC API to enable/disable JSContext remote inspection and give a name.
      
      * API/JSContextRef.h:
      * API/JSContextRef.cpp:
      (JSGlobalContextGetName):
      (JSGlobalContextSetName):
      C API to give a JSContext a name.
      
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::setName):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::name):
      Shared handling of the APIs above.
      
      * runtime/JSGlobalObjectDebuggable.cpp: Added.
      (JSC::JSGlobalObjectDebuggable::JSGlobalObjectDebuggable):
      (JSC::JSGlobalObjectDebuggable::name):
      (JSC::JSGlobalObjectDebuggable::connect):
      (JSC::JSGlobalObjectDebuggable::disconnect):
      (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
      * runtime/JSGlobalObjectDebuggable.h: Added.
      Stub for the actual remote debugging implementation. We will push
      down the appropriate WebCore/inspector peices suitable for debugging
      just a JavaScript context.
      
      * CMakeLists.txt:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      Update build files.
      
      Source/WebCore:
      
      Make a WebCore::Page a "Web" Remote Debuggable.
      
      * bindings/js/JSDOMGlobalObject.cpp:
      Disable JavaScript context inspection on JSGlobalObjects inside WebCore::Page's.
      
      * page/Page.cpp:
      (WebCore::Page::Page):
      (WebCore::Page::remoteInspectionAllowed):
      (WebCore::Page::setRemoteInspectionAllowed):
      (WebCore::Page::remoteInspectorInformationDidChange):
      * page/Page.h:
      * page/PageDebuggable.h:
      * page/PageDebuggable.cpp: Added.
      (WebCore::PageDebuggable::PageDebuggable):
      (WebCore::PageDebuggable::name):
      (WebCore::PageDebuggable::url):
      (WebCore::PageDebuggable::hasLocalDebugger):
      (WebCore::PageDebuggable::connect):
      (WebCore::PageDebuggable::disconnect):
      (WebCore::PageDebuggable::dispatchMessageFromRemoteFrontend):
      (WebCore::PageDebuggable::setIndicating):
      Make a page a "Web" debuggable.
      
      * GNUmakefile.list.am:
      * WebCore.exp.in:
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * WebCore.xcodeproj/project.pbxproj:
      Misc.
      
      * inspector/InspectorClient.h:
      (WebCore::InspectorClient::indicate):
      (WebCore::InspectorClient::hideIndicate):
      Forward indicate methods to WebKit clients.
      
      * loader/FrameLoader.cpp:
      (WebCore::FrameLoader::didChangeTitle):
      (WebCore::FrameLoader::dispatchDidCommitLoad):
      Push updates when remote debuggable information like the Page's
      URL or title change.
      
      * ForwardingHeaders/inspector/InspectorFrontendChannel.h:
      * inspector/InspectorForwarding.h:
      Re-export Inspector::InspectorFrontendChannel as WebCore::InspectorFrontendChannel
      to avoid needlessly updating code all over the place.
      
      * inspector/CodeGeneratorInspectorStrings.py:
      * inspector/InspectorWorkerAgent.cpp:
      * inspector/WorkerInspectorController.cpp:
      * testing/Internals.cpp:
      Update include names.
      
      * page/ContextMenuController.cpp:
      (WebCore::ContextMenuController::populate):
      Make the "Inspect Element" context menu work correctly when there is a
      remote inspector instead of a local inspector.
      
      Source/WebKit:
      
      * WebKit.xcodeproj/project.pbxproj:
      
      Source/WebKit/blackberry:
      
      * WebCoreSupport/InspectorClientBlackBerry.h:
      
      Source/WebKit/cf:
      
      * WebCoreSupport/WebInspectorClientCF.cpp:
      (WebInspectorClient::sendMessageToFrontend):
      
      Source/WebKit/efl:
      
      * WebCoreSupport/InspectorClientEfl.h:
      
      Source/WebKit/gtk:
      
      * WebCoreSupport/InspectorClientGtk.h:
      
      Source/WebKit/ios:
      
      * WebCoreSupport/WebInspectorClientIOS.mm:
      (WebInspectorClient::WebInspectorClient):
      (WebInspectorClient::inspectorDestroyed):
      
      Source/WebKit/mac:
      
      Remove the old ENABLE(REMOTE_INSPECTOR) connection management implementation.
      
      * WebCoreSupport/WebInspectorClient.h:
      * WebCoreSupport/WebInspectorClient.mm:
      (WebInspectorClient::indicate):
      (WebInspectorClient::hideIndicate):
      Hook up WebView indication through this new path.
      
      * WebCoreSupport/WebFrameLoaderClient.mm:
      (WebFrameLoaderClient::dispatchDidReceiveTitle):
      * WebCoreSupport/WebInspectorClient.h:
      * WebCoreSupport/WebInspectorClient.mm:
      (WebInspectorClient::WebInspectorClient):
      (WebInspectorClient::inspectorDestroyed):
      * WebInspector/remote/WebInspectorClientRegistry.h: Removed.
      * WebInspector/remote/WebInspectorClientRegistry.mm: Removed.
      * WebInspector/remote/WebInspectorRelayDefinitions.h: Removed.
      * WebInspector/remote/WebInspectorRemoteChannel.h: Removed.
      * WebInspector/remote/WebInspectorRemoteChannel.mm: Removed.
      * WebInspector/remote/WebInspectorServer.h: Removed.
      * WebInspector/remote/WebInspectorServer.mm: Removed.
      * WebInspector/remote/WebInspectorServerWebViewConnection.h: Removed.
      * WebInspector/remote/WebInspectorServerWebViewConnection.mm: Removed.
      * WebInspector/remote/WebInspectorServerWebViewConnectionController.h: Removed.
      * WebInspector/remote/WebInspectorServerWebViewConnectionController.mm: Removed.
      * WebInspector/remote/WebInspectorXPCWrapper.h: Removed.
      * WebInspector/remote/WebInspectorXPCWrapper.m: Removed.
      * WebKit.exp:
      * WebView/WebView.mm:
      (-[WebView _commonInitializationWithFrameName:groupName:]):
      (+[WebView _enableRemoteInspector]):
      (+[WebView _disableRemoteInspector]):
      (+[WebView _disableAutoStartRemoteInspector]):
      (+[WebView _isRemoteInspectorEnabled]):
      (+[WebView _hasRemoteInspectorSession]):
      (-[WebView allowsRemoteInspection]):
      (-[WebView setAllowsRemoteInspection:]):
      (-[WebView setIndicatingForRemoteInspector:]):
      (-[WebView setHostApplicationBundleId:name:]):
      (-[WebView _didCommitLoadForFrame:]):
      * WebView/WebViewData.h:
      * WebView/WebViewData.mm:
      (-[WebViewPrivate init]):
      (-[WebViewPrivate dealloc]):
      * WebView/WebViewInternal.h:
      * WebView/WebViewPrivate.h:
      Remove old REMOTE_INSPECTOR.
      
      Source/WebKit/win:
      
      * WebCoreSupport/WebInspectorClient.h:
      
      Source/WebKit/wince:
      
      * WebCoreSupport/InspectorClientWinCE.h:
      
      Source/WebKit2:
      
      * WebProcess/WebPage/WebPage.cpp:
      (WebKit::WebPage::WebPage):
      * WebProcess/com.apple.WebProcess.sb.in:
      Allow the WebProcess to access the "com.apple.webinspector" named
      XPC service to expose its WebCore::Page's to remote debuggers.
      
      Source/WTF:
      
      * wtf/ios/WebCoreThread.cpp:
      * wtf/ios/WebCoreThread.h:
      Expose WebThreadRun/WebThreadRunSync iOS methods defined in WebCore through
      WTF so that JavaScriptCore can use it. Another such method already existed.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160099 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d2ecf37f
    • msaboff@apple.com's avatar
      Move the setting up of callee's callFrame from pushFrame to callToJavaScript thunk · 6f0b31aa
      msaboff@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=123999
      
      Reviewed by Filip Pizlo.
      
      Changed LLInt and/or JIT enabled ports to allocate the stack frame in the
      callToJavaScript stub.  Added an additional stub, callToNativeFunction that
      allocates a stack frame in a similar way for calling native entry points
      that take a single ExecState* argument.  These stubs are implemented
      using common macros in LowLevelInterpreter{32_64,64}.asm.  There are also
      Windows X86 and X86-64 versions in the corresponding JitStubsXX.h.
      The stubs allocate and create a sentinel frame, then create the callee's
      frame, populating  the header and arguments from the passed in ProtoCallFrame*.
      It is assumed that the caller of either stub does a check for enough stack space
      via JSStack::entryCheck().
      
      For ports using the C-Loop interpreter, the prior method for allocating stack
      frame and invoking functions is used, namely with JSStack::pushFrame() and
      ::popFrame().
      
      Made spelling changes "sentinal" -> "sentinel".
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * interpreter/CachedCall.h:
      (JSC::CachedCall::CachedCall):
      (JSC::CachedCall::setThis):
      (JSC::CachedCall::setArgument):
      * interpreter/CallFrameClosure.h:
      (JSC::CallFrameClosure::resetCallFrame):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      * interpreter/Interpreter.h:
      * interpreter/JSStack.h:
      * interpreter/JSStackInlines.h:
      (JSC::JSStack::entryCheck):
      (JSC::JSStack::pushFrame):
      (JSC::JSStack::popFrame):
      * interpreter/ProtoCallFrame.cpp: Added.
      (JSC::ProtoCallFrame::init):
      * interpreter/ProtoCallFrame.h: Added.
      (JSC::ProtoCallFrame::codeBlock):
      (JSC::ProtoCallFrame::setCodeBlock):
      (JSC::ProtoCallFrame::setScope):
      (JSC::ProtoCallFrame::setCallee):
      (JSC::ProtoCallFrame::argumentCountIncludingThis):
      (JSC::ProtoCallFrame::argumentCount):
      (JSC::ProtoCallFrame::setArgumentCountIncludingThis):
      (JSC::ProtoCallFrame::setPaddedArgsCount):
      (JSC::ProtoCallFrame::clearCurrentVPC):
      (JSC::ProtoCallFrame::setThisValue):
      (JSC::ProtoCallFrame::setArgument):
      * jit/JITCode.cpp:
      (JSC::JITCode::execute):
      * jit/JITCode.h:
      * jit/JITOperations.cpp:
      * jit/JITStubs.h:
      * jit/JITStubsMSVC64.asm:
      * jit/JITStubsX86.h:
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LLIntThunks.h:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArgList.h:
      (JSC::ArgList::data):
      * runtime/JSArray.cpp:
      (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
      * runtime/StringPrototype.cpp:
      (JSC::replaceUsingRegExpSearch):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160094 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6f0b31aa
  2. 20 Nov, 2013 1 commit
    • mark.lam@apple.com's avatar
      Introducing VMEntryScope to update the VM stack limit. · 30721257
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124634.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      1. Introduced USE(SEPARATE_C_AND_JS_STACK) (defined in Platform.h).
         Currently, it is hardcoded to use separate C and JS stacks. Once we
         switch to using the C stack for JS frames, we'll need to fix this to
         only be enabled when ENABLE(LLINT_C_LOOP).
      
      2. Stack limits are now tracked in the VM.
      
         Logically, there are 2 stack limits:
         a. m_stackLimit for the native C stack, and
         b. m_jsStackLimit for the JS stack.
      
         If USE(SEPARATE_C_AND_JS_STACK), then the 2 limits are the same
         value, and are implemented as 2 fields in a union.
      
      3. The VM native stackLimit is set as follows:
         a. Initially, the VM sets it to the limit of the stack of the thread that
            instantiated the VM. This allows the parser and bytecode generator to
            run before we enter the VM to execute JS code.
      
         b. Upon entry into the VM to execute JS code (via one of the
            Interpreter::execute...() functions), we instantiate a VMEntryScope
            that sets the VM's stackLimit to the limit of the current thread's
            stack. The VMEntryScope will automatically restore the previous
            entryScope and stack limit upon destruction.
      
         If USE(SEPARATE_C_AND_JS_STACK), the JSStack's methods will set the VM's
         jsStackLimit whenever it grows or shrinks.
      
      4. The VM now provides a isSafeToRecurse() function that compares the
         current stack pointer against its native stackLimit. This subsumes and
         obsoletes the VMStackBounds class.
      
      5. The VMEntryScope class also subsumes DynamicGlobalObjectScope for
         tracking the JSGlobalObject that we last entered the VM with.
      
      6. Renamed dynamicGlobalObject() to vmEntryGlobalObject() since that is
         the value that the function retrieves.
      
      7. Changed JIT and LLINT code to do stack checks against the jsStackLimit
         in the VM class instead of the JSStack.
      
      * API/JSBase.cpp:
      (JSEvaluateScript):
      (JSCheckScriptSyntax):
      * API/JSContextRef.cpp:
      (JSGlobalContextRetain):
      (JSGlobalContextRelease):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::emitNode):
      (JSC::BytecodeGenerator::emitNodeInConditionContext):
      * debugger/Debugger.cpp:
      (JSC::Debugger::detach):
      (JSC::Debugger::recompileAllJSFunctions):
      (JSC::Debugger::pauseIfNeeded):
      * debugger/DebuggerCallFrame.cpp:
      (JSC::DebuggerCallFrame::vmEntryGlobalObject):
      * debugger/DebuggerCallFrame.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOSREntry.cpp:
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLOSREntry.cpp:
      * heap/Heap.cpp:
      (JSC::Heap::lastChanceToFinalize):
      (JSC::Heap::deleteAllCompiledCode):
      * interpreter/CachedCall.h:
      (JSC::CachedCall::CachedCall):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::vmEntryGlobalObject):
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      (JSC::unwindCallFrame):
      (JSC::Interpreter::unwind):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      (JSC::Interpreter::debug):
      * interpreter/JSStack.cpp:
      (JSC::JSStack::JSStack):
      (JSC::JSStack::growSlowCase):
      * interpreter/JSStack.h:
      * interpreter/JSStackInlines.h:
      (JSC::JSStack::shrink):
      (JSC::JSStack::grow):
      - Moved these inlined functions here from JSStack.h. It reduces some
        #include dependencies of JSSTack.h which had previously resulted
        in some EWS bots' unhappiness with this patch.
      (JSC::JSStack::updateStackLimit):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITOperations.cpp:
      * llint/LLIntSlowPaths.cpp:
      * llint/LowLevelInterpreter.asm:
      * parser/Parser.cpp:
      (JSC::::Parser):
      * parser/Parser.h:
      (JSC::Parser::canRecurse):
      * runtime/CommonSlowPaths.h:
      * runtime/Completion.cpp:
      (JSC::evaluate):
      * runtime/FunctionConstructor.cpp:
      (JSC::constructFunctionSkippingEvalEnabledCheck):
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/StringRecursionChecker.h:
      (JSC::StringRecursionChecker::performCheck):
      * runtime/VM.cpp:
      (JSC::VM::VM):
      (JSC::VM::releaseExecutableMemory):
      (JSC::VM::throwException):
      * runtime/VM.h:
      (JSC::VM::addressOfJSStackLimit):
      (JSC::VM::jsStackLimit):
      (JSC::VM::setJSStackLimit):
      (JSC::VM::stackLimit):
      (JSC::VM::setStackLimit):
      (JSC::VM::isSafeToRecurse):
      * runtime/VMEntryScope.cpp: Added.
      (JSC::VMEntryScope::VMEntryScope):
      (JSC::VMEntryScope::~VMEntryScope):
      (JSC::VMEntryScope::requiredCapacity):
      * runtime/VMEntryScope.h: Added.
      (JSC::VMEntryScope::globalObject):
      * runtime/VMStackBounds.h: Removed.
      
      Source/WebCore: 
      
      No new tests.
      
      Renamed dynamicGlobalObject() to vmEntryGlobalObject().
      Replaced uses of DynamicGlobalObjectScope with VMEntryScope.
      
      * ForwardingHeaders/runtime/VMEntryScope.h: Added.
      * WebCore.vcxproj/WebCore.vcxproj:
      * WebCore.vcxproj/WebCore.vcxproj.filters:
      * bindings/js/JSCryptoAlgorithmBuilder.cpp:
      (WebCore::JSCryptoAlgorithmBuilder::add):
      * bindings/js/JSCustomXPathNSResolver.cpp:
      (WebCore::JSCustomXPathNSResolver::create):
      * bindings/js/JSDOMBinding.cpp:
      (WebCore::firstDOMWindow):
      * bindings/js/JSErrorHandler.cpp:
      (WebCore::JSErrorHandler::handleEvent):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::handleEvent):
      * bindings/js/JavaScriptCallFrame.h:
      (WebCore::JavaScriptCallFrame::vmEntryGlobalObject):
      * bindings/js/PageScriptDebugServer.cpp:
      (WebCore::PageScriptDebugServer::recompileAllJSFunctions):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::evaluateBreakpointAction):
      (WebCore::ScriptDebugServer::handlePause):
      * bindings/js/WorkerScriptDebugServer.cpp:
      (WebCore::WorkerScriptDebugServer::recompileAllJSFunctions):
      * bindings/objc/WebScriptObject.mm:
      (WebCore::addExceptionToConsole):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/objc/objc_instance.mm:
      (ObjcInstance::moveGlobalExceptionToExecState):
      * bridge/objc/objc_runtime.mm:
      (JSC::Bindings::convertValueToObjcObject):
      * bridge/objc/objc_utility.mm:
      (JSC::Bindings::convertValueToObjcValue):
      
      Source/WebKit/mac: 
      
      * WebView/WebScriptDebugger.mm:
      (WebScriptDebugger::sourceParsed):
      
      Source/WTF: 
      
      * wtf/Platform.h:
      * wtf/StackBounds.h:
      (WTF::StackBounds::StackBounds):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159605 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      30721257
  3. 17 Nov, 2013 1 commit
    • fpizlo@apple.com's avatar
      FTL should have an explicit notion of bytecode liveness · 002405c0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124181
      
      Source/JavaScriptCore: 
      
      Reviewed by Sam Weinig.
              
      This makes FTL OSR exit use bytecode liveness analysis to determine which variables
      to include values for. The decision of how to get the values of variables is based on
      forward propagation of MovHints and SetLocals.
              
      This fixes a bunch of bugs (like https://bugs.webkit.org/show_bug.cgi?id=124138 but
      also others that I noticed when I started writing more targetted tests) and allows us
      to remove some sketchy code.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/BytecodeBasicBlock.h:
      * bytecode/BytecodeLivenessAnalysis.cpp:
      (JSC::isValidRegisterForLiveness):
      (JSC::setForOperand):
      (JSC::computeUsesForBytecodeOffset):
      (JSC::computeDefsForBytecodeOffset):
      (JSC::stepOverInstruction):
      (JSC::computeLocalLivenessForBytecodeOffset):
      (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
      (JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset):
      (JSC::getLivenessInfo):
      (JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset):
      (JSC::BytecodeLivenessAnalysis::computeFullLiveness):
      * bytecode/BytecodeLivenessAnalysis.h:
      * bytecode/BytecodeLivenessAnalysisInlines.h: Added.
      (JSC::operandIsAlwaysLive):
      (JSC::operandThatIsNotAlwaysLiveIsLive):
      (JSC::operandIsLive):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::captureCount):
      (JSC::CodeBlock::captureStart):
      (JSC::CodeBlock::captureEnd):
      * bytecode/CodeOrigin.cpp:
      (JSC::InlineCallFrame::dumpInContext):
      * bytecode/FullBytecodeLiveness.h: Added.
      (JSC::FullBytecodeLiveness::FullBytecodeLiveness):
      (JSC::FullBytecodeLiveness::getOut):
      (JSC::FullBytecodeLiveness::operandIsLive):
      (JSC::FullBytecodeLiveness::getLiveness):
      * dfg/DFGAvailability.cpp: Added.
      (JSC::DFG::Availability::dump):
      (JSC::DFG::Availability::dumpInContext):
      * dfg/DFGAvailability.h: Added.
      (JSC::DFG::Availability::Availability):
      (JSC::DFG::Availability::unavailable):
      (JSC::DFG::Availability::withFlush):
      (JSC::DFG::Availability::withNode):
      (JSC::DFG::Availability::withUnavailableNode):
      (JSC::DFG::Availability::nodeIsUndecided):
      (JSC::DFG::Availability::nodeIsUnavailable):
      (JSC::DFG::Availability::hasNode):
      (JSC::DFG::Availability::node):
      (JSC::DFG::Availability::flushedAt):
      (JSC::DFG::Availability::operator!):
      (JSC::DFG::Availability::operator==):
      (JSC::DFG::Availability::merge):
      (JSC::DFG::Availability::mergeNodes):
      (JSC::DFG::Availability::unavailableMarker):
      * dfg/DFGBasicBlock.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::Disassembler):
      * dfg/DFGFlushFormat.cpp:
      (WTF::printInternal):
      * dfg/DFGFlushFormat.h:
      (JSC::DFG::resultFor):
      (JSC::DFG::useKindFor):
      (JSC::DFG::dataFormatFor):
      * dfg/DFGFlushedAt.cpp:
      (JSC::DFG::FlushedAt::dump):
      * dfg/DFGFlushedAt.h:
      (JSC::DFG::FlushedAt::FlushedAt):
      (JSC::DFG::FlushedAt::merge):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::livenessFor):
      (JSC::DFG::Graph::isLiveInBytecode):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::baselineCodeBlockFor):
      * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
      (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
      * dfg/DFGOSRAvailabilityAnalysisPhase.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGResurrectionForValidationPhase.cpp: Added.
      (JSC::DFG::ResurrectionForValidationPhase::ResurrectionForValidationPhase):
      (JSC::DFG::ResurrectionForValidationPhase::run):
      (JSC::DFG::performResurrectionForValidation):
      * dfg/DFGResurrectionForValidationPhase.h: Added.
      * dfg/DFGSSAConversionPhase.cpp:
      (JSC::DFG::SSAConversionPhase::run):
      * dfg/DFGValueSource.h:
      (JSC::DFG::ValueSource::forFlushFormat):
      * dfg/DFGVariableAccessData.h:
      * ftl/FTLExitValue.cpp:
      (JSC::FTL::ExitValue::dumpInContext):
      * ftl/FTLInlineCacheSize.cpp:
      (JSC::FTL::sizeOfGetById):
      * ftl/FTLLocation.cpp:
      (JSC::FTL::Location::gpr):
      (JSC::FTL::Location::fpr):
      (JSC::FTL::Location::directGPR):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
      (JSC::FTL::LowerDFGToLLVM::compileBlock):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileZombieHint):
      (JSC::FTL::LowerDFGToLLVM::compilePutById):
      (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
      (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
      (JSC::FTL::LowerDFGToLLVM::observeMovHint):
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::alloca):
      * ftl/FTLValueSource.cpp: Removed.
      * ftl/FTLValueSource.h: Removed.
      * llvm/LLVMAPIFunctions.h:
      * runtime/DumpContext.cpp:
      (JSC::DumpContext::DumpContext):
      * runtime/DumpContext.h:
      * runtime/Options.h:
      * runtime/SymbolTable.h:
      (JSC::SharedSymbolTable::captureStart):
      (JSC::SharedSymbolTable::captureEnd):
      (JSC::SharedSymbolTable::captureCount):
      
      Tools: 
      
      Reviewed by Mark Hahnenberg.
      
      * Scripts/run-jsc-stress-tests:
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg or Sam Weinig.
              
      I totally added this test after the rest of the patch was r+'d. Under the right tier-up
      modes this triggers one of the bugs that the rest of the patch is trying to avoid.
      
      * js/regress/script-tests/weird-inlining-const-prop.js: Added.
      (foo):
      (bar):
      (fuzz):
      (testImpl):
      (test):
      * js/regress/weird-inlining-const-prop-expected.txt: Added.
      * js/regress/weird-inlining-const-prop.html: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159394 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      002405c0
  4. 15 Nov, 2013 2 commits
  5. 12 Nov, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      CodeBlocks should be able to determine bytecode liveness · 3811e215
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=118546
      
      Reviewed by Filip Pizlo.
      
      This will simplify some things in the DFG related to OSR exits and determining 
      which bytecode variables are live at which points during execution. It will
      also be useful for making our conservative GC scan more precise. Currently it 
      doesn't properly account for liveness while the DFG is running, so it will be 
      off by default behing a runtime Options flag.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/BytecodeBasicBlock.cpp: Added.
      (JSC::isBranch): Used to determine the end of basic blocks.
      (JSC::isUnconditionalBranch): Used to determine when a branch at the end of a 
      basic block can't possibly fall through to the next basic block in program order.
      (JSC::isTerminal): Also used to detect the end of a block.
      (JSC::isThrow):
      (JSC::isJumpTarget): Used to correctly separate basic blocks. Any jump destination 
      must be the head of its own basic block.
      (JSC::linkBlocks): Links two blocks together in a bi-direcitonal fashion.
      (JSC::computeBytecodeBasicBlocks): Creates a set of basic blocks given a particular 
      CodeBlock and links them together.
      * bytecode/BytecodeBasicBlock.h: Added.
      (JSC::BytecodeBasicBlock::isEntryBlock): Entry blocks are a special basic blocks 
      that indicate the beginning of the function.
      (JSC::BytecodeBasicBlock::isExitBlock): Exit blocks are a special basic block that 
      all blocks that exit the function have as a successor. Entry and exit blocks allows 
      the various code paths to be more regular.
      (JSC::BytecodeBasicBlock::leaderBytecodeOffset): The leader bytecode offset is the 
      bytecode offset of the first instruction in the block.
      (JSC::BytecodeBasicBlock::totalBytecodeLength): The total length of all the bytecodes 
      in this block.
      (JSC::BytecodeBasicBlock::bytecodeOffsets): The bytecode offsets in this particular 
      basic block. This Vector allows us to iterate over the bytecodes in reverse order 
      which wouldn't be possible normally since they are of variable size.
      (JSC::BytecodeBasicBlock::addPredecessor): Links a block to a specified predecessor. 
      Only creates one direction of the link.
      (JSC::BytecodeBasicBlock::addSuccessor): Same as addPredecessor, but for successors.
      (JSC::BytecodeBasicBlock::predecessors): Getter for predecessors.
      (JSC::BytecodeBasicBlock::successors): Getter for successors.
      (JSC::BytecodeBasicBlock::in): Getter for the liveness info at the head of the block.
      (JSC::BytecodeBasicBlock::out): Getter for the liveness info at  the tail of the block.
      (JSC::BytecodeBasicBlock::BytecodeBasicBlock):
      (JSC::BytecodeBasicBlock::addBytecodeLength): When creating basic blocks we call 
      this function when we want to add the next bytecode in program order to this block.
      * bytecode/BytecodeLivenessAnalysis.cpp: Added.
      (JSC::BytecodeLivenessAnalysis::BytecodeLivenessAnalysis):
      (JSC::numberOfCapturedVariables): Convenience wrapper. Returns the
      number of captured variables for a particular CodeBlock, or 0 if 
      the CodeBlock has no SymbolTable.
      (JSC::captureStart): Ditto, but for captureStart().
      (JSC::captureEnd): Ditto, but for captureEnd().
      (JSC::isValidRegisterForLiveness): Returns true if the liveness analysis should 
      track the liveness of a particular operand. We ignore constants, arguments, and 
      captured variables. We ignore arguments because they're live for the duration of 
      a function call. We ignore captured variables because we also treat them as live 
      for the duration of the function. This could probably be improved to be more precise, 
      but it didn't seem worth it for now.
      (JSC::setForOperand): Convenience wrapper that sets the bit in the provided bit 
      vector for the provided operand. It handles skipping over captured variables.
      (JSC::computeUsesForBytecodeOffset): Computes which operands are used by a particular bytecode.
      (JSC::computeDefsForBytecodeOffset): Computes which operands are defined by a particular 
      bytecode. Typically this is just the left-most operand.
      (JSC::findBasicBlockWithLeaderOffset): 
      (JSC::findBasicBlockForBytecodeOffset): Scans over basic blocks to find the block 
      which contains a particular bytecode offset.
      (JSC::computeLocalLivenessForBytecodeOffset): Computes block-local liveness from the 
      bottom of the block until a specified bytecode offset is reached. 
      (JSC::computeLocalLivenessForBlock): Computes liveness for the entire block and 
      stores the resulting liveness at the head.
      (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint): Runs backward flow liveness 
      analysis to fixpoint.
      (JSC::BytecodeLivenessAnalysis::getLivenessInfoForNonCapturedVarsAtBytecodeOffset): 
      Slow path to get liveness info for non-captured, non-argument variable.
      (JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset): 
      (JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset): Returns the liveness 
      info for both captured and non-captured vars at a particular bytecode offset.
      (JSC::BytecodeLivenessAnalysis::dumpResults): Dumps the output of the liveness analysis. 
      Controlled by new flag in Options.h/.cpp.
      (JSC::BytecodeLivenessAnalysis::compute): Creates bytecode basic blocks and runs 
      full liveness analysis.
      * bytecode/BytecodeLivenessAnalysis.h: Added.
      (JSC::BytecodeLivenessAnalysis::hasBeenComputed):
      (JSC::BytecodeLivenessAnalysis::computeIfNecessary):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::livenessAnalysis):
      * bytecode/PreciseJumpTargets.cpp: Refactored to be able to get the jump targets for 
      a particular bytecode offset for use during bytecode basic block construction.
      (JSC::getJumpTargetsForBytecodeOffset):
      (JSC::computePreciseJumpTargets):
      (JSC::findJumpTargetsForBytecodeOffset):
      * bytecode/PreciseJumpTargets.h:
      * runtime/Options.cpp:
      (JSC::Options::initialize):
      * runtime/Options.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3811e215
  6. 10 Nov, 2013 1 commit
    • oliver@apple.com's avatar
      Implement Set iterators · 96cafa31
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124129
      
      Reviewed by Antti Koivisto.
      
      Source/JavaScriptCore:
      
      Add Set iterator classes and implementations
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSSetIterator.cpp: Added.
      (JSC::JSSetIterator::finishCreation):
      (JSC::JSSetIterator::visitChildren):
      (JSC::JSSetIterator::createPair):
      * runtime/JSSetIterator.h: Added.
      (JSC::JSSetIterator::createStructure):
      (JSC::JSSetIterator::create):
      (JSC::JSSetIterator::next):
      (JSC::JSSetIterator::JSSetIterator):
      * runtime/SetIteratorConstructor.cpp: Added.
      (JSC::SetIteratorConstructor::finishCreation):
      * runtime/SetIteratorConstructor.h: Added.
      (JSC::SetIteratorConstructor::create):
      (JSC::SetIteratorConstructor::createStructure):
      (JSC::SetIteratorConstructor::SetIteratorConstructor):
      * runtime/SetIteratorPrototype.cpp: Added.
      (JSC::SetIteratorPrototype::finishCreation):
      (JSC::SetIteratorPrototypeFuncIterator):
      (JSC::SetIteratorPrototypeFuncNext):
      * runtime/SetIteratorPrototype.h: Added.
      (JSC::SetIteratorPrototype::create):
      (JSC::SetIteratorPrototype::createStructure):
      (JSC::SetIteratorPrototype::SetIteratorPrototype):
      * runtime/SetPrototype.cpp:
      (JSC::SetPrototype::finishCreation):
      (JSC::setProtoFuncValues):
      (JSC::setProtoFuncEntries):
      (JSC::setProtoFuncKeys):
      
      LayoutTests:
      
      Move Set tests to more sensible location and add iterator tests
      
      * js/basic-set-expected.txt: Renamed from LayoutTests/js/dom/basic-set-expected.txt.
      * js/basic-set.html: Renamed from LayoutTests/js/dom/basic-set.html.
      * js/script-tests/basic-set.js: Renamed from LayoutTests/js/dom/script-tests/basic-set.js.
      (set new):
      (otherString.string_appeared_here.set add):
      (try.set forEach):
      (set forEach):
      (set gc):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159031 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      96cafa31
  7. 09 Nov, 2013 1 commit
    • oliver@apple.com's avatar
      Add Map Iterators · 2d11c160
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=124109
      
      Reviewed by Andreas Kling.
      
      Source/JavaScriptCore:
      
      Added new Map iterator implementation.  This is a mostly boilerplate patch
      however there's a a little bit of additional logic added to the MapData iterator
      to deal with the possibility of map mutation between creation of the iterator
      and use of it.  We'll be able to improve the performance of this substantially
      by using intrinsics, however I'm pondering coming up with a better way to define
      these thunks without requiring so much duplicated logic.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      * runtime/JSMapIterator.cpp: Added.
      (JSC::JSMapIterator::finishCreation):
      (JSC::JSMapIterator::visitChildren):
      (JSC::JSMapIterator::createPair):
      * runtime/JSMapIterator.h: Added.
      (JSC::JSMapIterator::createStructure):
      (JSC::JSMapIterator::create):
      (JSC::JSMapIterator::next):
      (JSC::JSMapIterator::JSMapIterator):
      * runtime/MapData.h:
      (JSC::MapData::const_iterator::ensureSlot):
      * runtime/MapIteratorConstructor.cpp: Added.
      (JSC::MapIteratorConstructor::finishCreation):
      * runtime/MapIteratorConstructor.h: Added.
      (JSC::MapIteratorConstructor::create):
      (JSC::MapIteratorConstructor::createStructure):
      (JSC::MapIteratorConstructor::MapIteratorConstructor):
      * runtime/MapIteratorPrototype.cpp: Added.
      (JSC::MapIteratorPrototype::finishCreation):
      (JSC::MapIteratorPrototypeFuncIterator):
      (JSC::MapIteratorPrototypeFuncNext):
      * runtime/MapIteratorPrototype.h: Added.
      (JSC::MapIteratorPrototype::create):
      (JSC::MapIteratorPrototype::createStructure):
      (JSC::MapIteratorPrototype::MapIteratorPrototype):
      * runtime/MapPrototype.cpp:
      (JSC::MapPrototype::finishCreation):
      (JSC::mapProtoFuncValues):
      (JSC::mapProtoFuncEntries):
      (JSC::mapProtoFuncKeys):
      
      LayoutTests:
      
      Moved map tests to a more sensible location, and added new iteration tests.
      
      * js/basic-map-expected.txt: Renamed from LayoutTests/js/dom/basic-map-expected.txt.
      * js/basic-map.html: Renamed from LayoutTests/js/dom/basic-map.html.
      * js/script-tests/basic-map.js: Renamed from LayoutTests/js/dom/script-tests/basic-map.js.
      (set shouldBe):
      (set var):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159008 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2d11c160
  8. 06 Nov, 2013 1 commit
    • oliver@apple.com's avatar
      Support iteration of the Arguments object · 125f4cff
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=123835
      
      Reviewed by Mark Lam.
      
      Source/JavaScriptCore:
      
      Add an ArgumentsIterator object, and associated classes so that we can support
      iteration of the arguments object.
      
      This is a largely mechanical patch.  The only gnarliness is in the
      logic to avoid reifying the Arguments object in for(... of arguments)
      scenarios.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitEnumeration):
      * runtime/Arguments.cpp:
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::argumentsFuncIterator):
      * runtime/Arguments.h:
      * runtime/ArgumentsIteratorConstructor.cpp: Added.
      (JSC::ArgumentsIteratorConstructor::finishCreation):
      * runtime/ArgumentsIteratorConstructor.h: Added.
      (JSC::ArgumentsIteratorConstructor::create):
      (JSC::ArgumentsIteratorConstructor::createStructure):
      (JSC::ArgumentsIteratorConstructor::ArgumentsIteratorConstructor):
      * runtime/ArgumentsIteratorPrototype.cpp: Added.
      (JSC::ArgumentsIteratorPrototype::finishCreation):
      (JSC::argumentsIteratorPrototypeFuncIterator):
      (JSC::argumentsIteratorPrototypeFuncNext):
      * runtime/ArgumentsIteratorPrototype.h: Added.
      (JSC::ArgumentsIteratorPrototype::create):
      (JSC::ArgumentsIteratorPrototype::createStructure):
      (JSC::ArgumentsIteratorPrototype::ArgumentsIteratorPrototype):
      * runtime/CommonIdentifiers.h:
      * runtime/JSArgumentsIterator.cpp: Added.
      (JSC::JSArgumentsIterator::finishCreation):
      * runtime/JSArgumentsIterator.h: Added.
      (JSC::JSArgumentsIterator::createStructure):
      (JSC::JSArgumentsIterator::create):
      (JSC::JSArgumentsIterator::next):
      (JSC::JSArgumentsIterator::JSArgumentsIterator):
      * runtime/JSArrayIterator.cpp:
      (JSC::createIteratorResult):
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      
      LayoutTests:
      
      Add test cases
      
      * js/arguments-iterator-expected.txt: Added.
      * js/arguments-iterator.html: Added.
      * js/script-tests/arguments-iterator.js: Added.
      (shouldThrow.test):
      (testAlias):
      (testStrict):
      (testReifiedArguments):
      (testOverwrittenArguments):
      (testNullArguments):
      (testNonArrayLikeArguments):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158793 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      125f4cff
  9. 30 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      Add InvalidationPoints to the DFG and use them for all watchpoints · d84425d1
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=123472
      
      Reviewed by Mark Hahnenberg.
              
      This makes a fundamental change to how watchpoints work in the DFG.
              
      Previously, a watchpoint was an instruction whose execution semantics were something
      like:
              
          if (watchpoint->invalidated)
              exit
              
      We would implement this without any branch by using jump replacement.
              
      This is a very good optimization. But it's a bit awkward once you get a lot of
      watchpoints: semantically we will have lots of these branches in the code, which the
      compiler needs to reason about even though they don't actually result in any emitted
      code.
              
      Separately, we also had a mechanism for jettisoning a CodeBlock. This mechanism would
      be invoked if a CodeBlock exited a lot. It would ensure that a CodeBlock wouldn't be
      called into again, but it would do nothing for CodeBlocks that were already on the
      stack.
              
      This change flips jettisoning and watchpoint invalidation on their heads. Now, the jump
      replacement has nothing to do with watchpoints; instead it's something that happens if
      you ever jettison a CodeBlock. Jump replacement is now an all-or-nothing operation over
      all of the potential call-return safe-exit-points in a CodeBlock. We call these
      "InvalidationPoint"s. A watchpoint instruction is now "lowered" by having the DFG
      collect all of the watchpoint sets that the CodeBlock cares about, and then registering
      a CodeBlockJettisoningWatchpoint with all of them. That is, if the watchpoint fires, it
      jettisons the CodeBlock, which in turn ensures that the CodeBlock can't be called into
      (because the entrypoint now points to baseline code) and can't be returned into
      (because returning exits to baseline before the next bytecode instruction).
              
      This will allow for a sensible lowering of watchpoints to LLVM IR. It will also allow
      for jettison() to be used effectively for things like breakpointing and single-stepping
      in the debugger.
              
      Well, basically, this mechanism just takes us into the HotSpot-style world where anyone
      can, at any time and for any reason, request that an optimized CodeBlock is rendered
      immediately invalid. You can use this for many cool things, I'm sure.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/AbstractMacroAssembler.h:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::jettison):
      * bytecode/CodeBlock.h:
      * bytecode/CodeBlockJettisoningWatchpoint.cpp: Added.
      (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
      * bytecode/CodeBlockJettisoningWatchpoint.h: Added.
      (JSC::CodeBlockJettisoningWatchpoint::CodeBlockJettisoningWatchpoint):
      * bytecode/ExitKind.cpp:
      (JSC::exitKindToString):
      * bytecode/ExitKind.h:
      * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added.
      (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
      * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h: Added.
      (JSC::ProfiledCodeBlockJettisoningWatchpoint::ProfiledCodeBlockJettisoningWatchpoint):
      * dfg/DFGAbstractHeap.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGClobberize.cpp:
      (JSC::DFG::writesOverlap):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      (JSC::DFG::AbstractHeapOverlaps::AbstractHeapOverlaps):
      (JSC::DFG::AbstractHeapOverlaps::operator()):
      (JSC::DFG::AbstractHeapOverlaps::result):
      * dfg/DFGCommonData.cpp:
      (JSC::DFG::CommonData::invalidate):
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * dfg/DFGDesiredWatchpoints.cpp:
      (JSC::DFG::DesiredWatchpoints::addLazily):
      (JSC::DFG::DesiredWatchpoints::reallyAdd):
      * dfg/DFGDesiredWatchpoints.h:
      (JSC::DFG::WatchpointForGenericWatchpointSet::WatchpointForGenericWatchpointSet):
      (JSC::DFG::GenericDesiredWatchpoints::addLazily):
      (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
      (JSC::DFG::GenericDesiredWatchpoints::areStillValid):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGInvalidationPointInjectionPhase.cpp: Added.
      (JSC::DFG::InvalidationPointInjectionPhase::InvalidationPointInjectionPhase):
      (JSC::DFG::InvalidationPointInjectionPhase::run):
      (JSC::DFG::InvalidationPointInjectionPhase::handle):
      (JSC::DFG::InvalidationPointInjectionPhase::insertInvalidationCheck):
      (JSC::DFG::performInvalidationPointInjection):
      * dfg/DFGInvalidationPointInjectionPhase.h: Added.
      * dfg/DFGJITCode.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      * dfg/DFGJumpReplacement.cpp: Added.
      (JSC::DFG::JumpReplacement::fire):
      * dfg/DFGJumpReplacement.h: Added.
      (JSC::DFG::JumpReplacement::JumpReplacement):
      * dfg/DFGNodeType.h:
      * dfg/DFGOSRExitCompilationInfo.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::compileInThreadImpl):
      (JSC::DFG::Plan::reallyAdd):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
      (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGWatchpointCollectionPhase.cpp: Added.
      (JSC::DFG::WatchpointCollectionPhase::WatchpointCollectionPhase):
      (JSC::DFG::WatchpointCollectionPhase::run):
      (JSC::DFG::WatchpointCollectionPhase::handle):
      (JSC::DFG::WatchpointCollectionPhase::handleEdge):
      (JSC::DFG::WatchpointCollectionPhase::handleMasqueradesAsUndefined):
      (JSC::DFG::WatchpointCollectionPhase::handleStringGetByVal):
      (JSC::DFG::WatchpointCollectionPhase::addLazily):
      (JSC::DFG::WatchpointCollectionPhase::globalObject):
      (JSC::DFG::performWatchpointCollection):
      * dfg/DFGWatchpointCollectionPhase.h: Added.
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint):
      (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
      (JSC::FTL::LowerDFGToLLVM::compileGlobalVarWatchpoint):
      (JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
      (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEqConstant):
      (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
      (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
      (JSC::FTL::LowerDFGToLLVM::speculateNonNullObject):
      * jit/JITOperations.cpp:
      * jit/JumpReplacementWatchpoint.cpp: Removed.
      * jit/JumpReplacementWatchpoint.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158304 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d84425d1
  10. 20 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      StructureStubInfo's usedRegisters set should be able to track all registers,... · 9dbc4b4f
      fpizlo@apple.com authored
      StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
      https://bugs.webkit.org/show_bug.cgi?id=123076
      
      Source/JavaScriptCore: 
      
      Reviewed by Sam Weinig.
              
      Start preparing for a world in which we are patching code generated by LLVM, which may have
      very different register usage conventions than our JITs. This requires us being more explicit
      about the registers we are using. For example, the repatching code shouldn't take for granted
      that tagMaskRegister holds the TagMask or that the register is even in use.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/MacroAssembler.h:
      (JSC::MacroAssembler::numberOfRegisters):
      (JSC::MacroAssembler::registerIndex):
      (JSC::MacroAssembler::numberOfFPRegisters):
      (JSC::MacroAssembler::fpRegisterIndex):
      (JSC::MacroAssembler::totalNumberOfRegisters):
      * bytecode/StructureStubInfo.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::usedRegisters):
      * dfg/DFGSpeculativeJIT.h:
      * ftl/FTLSaveRestore.cpp:
      (JSC::FTL::bytesForGPRs):
      (JSC::FTL::bytesForFPRs):
      (JSC::FTL::offsetOfGPR):
      (JSC::FTL::offsetOfFPR):
      * jit/JITInlineCacheGenerator.cpp:
      (JSC::JITByIdGenerator::JITByIdGenerator):
      (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
      * jit/JITInlineCacheGenerator.h:
      (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emit_op_put_by_id):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emit_op_put_by_id):
      * jit/RegisterSet.cpp: Added.
      (JSC::RegisterSet::specialRegisters):
      * jit/RegisterSet.h: Added.
      (JSC::RegisterSet::RegisterSet):
      (JSC::RegisterSet::set):
      (JSC::RegisterSet::clear):
      (JSC::RegisterSet::get):
      (JSC::RegisterSet::merge):
      * jit/Repatch.cpp:
      (JSC::generateProtoChainAccessStub):
      (JSC::tryCacheGetByID):
      (JSC::tryBuildGetByIDList):
      (JSC::emitPutReplaceStub):
      (JSC::tryRepatchIn):
      (JSC::linkClosureCall):
      * jit/TempRegisterSet.cpp: Added.
      (JSC::TempRegisterSet::TempRegisterSet):
      * jit/TempRegisterSet.h:
      
      Source/WTF: 
      
      Reviewed by Sam Weinig.
              
      Teach BitVector how to efficiently merge (i.e. bitvector |=).
      
      * wtf/BitVector.cpp:
      (WTF::BitVector::mergeSlow):
      * wtf/BitVector.h:
      (WTF::BitVector::merge):
      (WTF::BitVector::cleanseInlineBits):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157707 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9dbc4b4f
  11. 19 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      Baseline JIT and DFG IC code generation should be unified and rationalized · 5ba07883
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122939
      
      Reviewed by Geoffrey Garen.
              
      Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
      some register info and creates JIT inline caches for you. Used this to even furhter
      unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
      is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
      that it needs to do the equivalent of get_by_id, so with this generator it will be able
      to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::DataLabelCompact::label):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::ecmaMode):
      * dfg/DFGInlineCacheWrapper.h: Added.
      (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
      * dfg/DFGInlineCacheWrapperInlines.h: Added.
      (JSC::DFG::::finalize):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::addGetById):
      (JSC::DFG::JITCompiler::addPutById):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::isStrictModeFor):
      (JSC::AssemblyHelpers::strictModeFor):
      * jit/GPRInfo.h:
      (JSC::JSValueRegs::tagGPR):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      * jit/JITInlineCacheGenerator.cpp: Added.
      (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
      (JSC::JITByIdGenerator::JITByIdGenerator):
      (JSC::JITByIdGenerator::finalize):
      (JSC::JITByIdGenerator::generateFastPathChecks):
      (JSC::JITGetByIdGenerator::generateFastPath):
      (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
      (JSC::JITPutByIdGenerator::generateFastPath):
      (JSC::JITPutByIdGenerator::slowPathFunction):
      * jit/JITInlineCacheGenerator.h: Added.
      (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
      (JSC::JITInlineCacheGenerator::stubInfo):
      (JSC::JITByIdGenerator::JITByIdGenerator):
      (JSC::JITByIdGenerator::reportSlowPathCall):
      (JSC::JITByIdGenerator::slowPathJump):
      (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
      (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::emitSlow_op_put_by_id):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::emitSlow_op_put_by_id):
      * jit/RegisterSet.h:
      (JSC::RegisterSet::set):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157685 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5ba07883
  12. 16 Oct, 2013 1 commit
    • mhahnenberg@apple.com's avatar
      llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock · efd0d517
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122667
      
      Reviewed by Geoffrey Garen.
      
      The issue this patch is attempting to fix is that there are places in our codebase
      where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
      operations that can initiate a garbage collection. Garbage collection then calls 
      some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
      always necessarily run during garbage collection). This causes a deadlock.
       
      To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
      into a thread-local field that indicates that it is unsafe to perform any operation 
      that could trigger garbage collection on the current thread. In debug builds, 
      ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
      detect deadlocks.
       
      This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
      which uses the DeferGC mechanism to prevent collections from occurring while the 
      lock is held.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/DeferGC.h:
      (JSC::DisallowGC::DisallowGC):
      (JSC::DisallowGC::~DisallowGC):
      (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
      (JSC::DisallowGC::initialize):
      * jit/Repatch.cpp:
      (JSC::repatchPutByID):
      (JSC::buildPutByIdList):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/ConcurrentJITLock.h:
      (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
      (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
      (JSC::ConcurrentJITLockerBase::unlockEarly):
      (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
      (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
      (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
      (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      * runtime/JSCellInlines.h:
      (JSC::allocateCell):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTablePut):
      * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
      can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
      before the caller has a chance to use the newly created PropertyTable. The garbage collection
      clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
      we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
      the Structure.
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::despecifyDictionaryFunction):
      (JSC::Structure::changePrototypeTransition):
      (JSC::Structure::despecifyFunctionTransition):
      (JSC::Structure::attributeChangeTransition):
      (JSC::Structure::toDictionaryTransition):
      (JSC::Structure::preventExtensionsTransition):
      (JSC::Structure::takePropertyTableOrCloneIfPinned):
      (JSC::Structure::isSealed):
      (JSC::Structure::isFrozen):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::get):
      (JSC::Structure::despecifyFunction):
      (JSC::Structure::despecifyAllFunctions):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      (JSC::Structure::getPropertyNamesFromStructure):
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      * runtime/SymbolTable.h:
      (JSC::SymbolTable::find):
      (JSC::SymbolTable::end):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157539 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      efd0d517
  13. 14 Oct, 2013 2 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r157413. · 68083b55
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/157413
      https://bugs.webkit.org/show_bug.cgi?id=122779
      
      Appears to have caused frequent crashes (Requested by ap on
      #webkit).
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/DeferGC.cpp: Removed.
      * heap/DeferGC.h:
      * jit/JITStubs.cpp:
      (JSC::tryCacheGetByID):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/ConcurrentJITLock.h:
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      * runtime/JSCellInlines.h:
      (JSC::allocateCell):
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157424 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      68083b55
    • mhahnenberg@apple.com's avatar
      llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock · e8cc67f5
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122667
      
      Reviewed by Filip Pizlo.
      
      The issue this patch is attempting to fix is that there are places in our codebase
      where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
      operations that can initiate a garbage collection. Garbage collection then calls 
      some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
      always necessarily run during garbage collection). This causes a deadlock.
      
      To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
      into a thread-local field that indicates that it is unsafe to perform any operation 
      that could trigger garbage collection on the current thread. In debug builds, 
      ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
      detect deadlocks.
      
      This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
      which uses the DeferGC mechanism to prevent collections from occurring while the 
      lock is held.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/DeferGC.cpp: Added.
      * heap/DeferGC.h:
      (JSC::DisallowGC::DisallowGC):
      (JSC::DisallowGC::~DisallowGC):
      (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
      (JSC::DisallowGC::initialize):
      * jit/JITStubs.cpp:
      (JSC::tryCachePutByID):
      (JSC::tryCacheGetByID):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/ConcurrentJITLock.h:
      (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
      (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
      (JSC::ConcurrentJITLockerBase::unlockEarly):
      (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
      (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      * runtime/JSCellInlines.h:
      (JSC::allocateCell):
      * runtime/Structure.cpp:
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::createPropertyMap):
      * runtime/Structure.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157413 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e8cc67f5
  14. 09 Oct, 2013 1 commit
  15. 05 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      Compress DFG stack layout · a62d4829
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122024
      
      Reviewed by Oliver Hunt.
              
      The DFG needs to be able to store things at a known offset from frame pointer so that
      the runtime can read those things. Prior to this patch, the DFG would use the exact
      offsets that the bytecode asked for, even in the case of inlining, where it would use
      the callsite stack offset to shift all of the inlined function's variables over just as
      they would have been if a bytecode interpreter had really made the call.
              
      But this won't work once WebKit-LLVM integration is complete. LLVM has no notion of
      storing things at a fixed offset from the frame pointer. We could try to hack LLVM to do
      that, but it would seriously complicate LLVM's stack layout. But what we might be able
      to do is have LLVM tell us (via an addressof intrinsic and a side-channel) where some
      alloca landed relative to the frame pointer. Hence if the DFG can put all of its flushed
      variables in a contiguous range that can be expressed to LLVM as a struct that we
      alloca, then all of this can still work just fine.
              
      Previously the flushed variables didn't fit in a contiguous range, but this patch makes
      them contiguous by allowing the stack layout to be compressed.
              
      What this really means is that there is now a distinction between where the DFG saw a
      variable stored in bytecode and where it will actually store it in the resulting machine
      code. Henceforth when the DFG says "local" or "virtual register" it means the variable
      according to bytecode (with the stack offsetting for inlined code as before), but when
      it says "machine local" or "machine virtual register" it means the actual place where it
      will store things in the resulting machine code. All of the OSR exit, inlined arguments,
      captured variables, and various stack unwinding machine now knows about all of this.
              
      Note that the DFG's abstract interpretation still uses bytecode variables rather than
      machine variables. Same for CSE and abstract heaps. This makes sense since it means that
      we don't have to decide on machine variable allocation just to do those optimizations.
              
      The decision of what a local's machine location becomes is deferred to very late in
      compilation. We only need to assign machine locations to variables that must be stored
      to the stack. It's now mandatory to run some kind of "stack layout phase" that makes the
      decision and updates all data structures.
              
      So far the way that this is being used is just to compress the DFG stack layout, which
      is something that we should have done anyway, a long time ago. And the compression isn't
      even that good - the current StackLayoutPhase just identifies local indices that are
      unused in machine code and slides all other variables towards zero. This doesn't achieve
      particularly good compression but it is better than nothing. Note that this phase makes
      it seem like the bytecode-machine mapping is based on bytecode local indices; for
      example if bytecode local 4 is mapped to machine local 3 then it always will be. That's
      true for the current StackLayoutPhase but it _will not_ be true for all possible stack
      layout phases and it would be incorrect to assume that it should be true. This is why
      the current data structures have each VariableAccessData hold its own copy of the
      machine virtual register, and also have each InlineCallFrame report their own machine
      virtual registers for the various things. The DFG backend is likely to always use the
      dumb StackLayoutPhase since it is very cheap to run, but the FTL backend is likely to
      eventually get a better one, where we do some kind of constraint-based coloring: we
      institute constraints where some VariableAccessData's must have the same indices as some
      other ones, and also must be right next to some other ones; then we process all
      VariableAccessData's and attempt to assign them machine locals while preserving those
      constraints. This could lead to two VariableAccessDatas for the same bytecode local
      ending up with different machine locals.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::isCaptured):
      (JSC::CodeBlock::framePointerOffsetToGetActivationRegisters):
      (JSC::CodeBlock::machineSlowArguments):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::hasSlowArguments):
      * bytecode/CodeOrigin.cpp:
      (JSC::CodeOrigin::dump):
      (JSC::InlineCallFrame::calleeForCallFrame):
      (JSC::InlineCallFrame::dumpInContext):
      * bytecode/CodeOrigin.h:
      (JSC::InlineCallFrame::InlineCallFrame):
      (JSC::InlineCallFrame::calleeConstant):
      * bytecode/Operands.h:
      (JSC::Operands::indexForOperand):
      * dfg/DFGBasicBlock.cpp:
      (JSC::DFG::BasicBlock::SSAData::SSAData):
      * dfg/DFGBasicBlock.h:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCommon.h:
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * dfg/DFGDesiredWriteBarriers.cpp:
      (JSC::DFG::DesiredWriteBarrier::trigger):
      * dfg/DFGDesiredWriteBarriers.h:
      * dfg/DFGFlushLivenessAnalysisPhase.cpp:
      (JSC::DFG::FlushLivenessAnalysisPhase::run):
      (JSC::DFG::FlushLivenessAnalysisPhase::process):
      (JSC::DFG::FlushLivenessAnalysisPhase::reportError):
      * dfg/DFGFlushedAt.cpp: Added.
      (JSC::DFG::FlushedAt::dump):
      (JSC::DFG::FlushedAt::dumpInContext):
      * dfg/DFGFlushedAt.h: Added.
      (JSC::DFG::FlushedAt::FlushedAt):
      (JSC::DFG::FlushedAt::operator!):
      (JSC::DFG::FlushedAt::format):
      (JSC::DFG::FlushedAt::virtualRegister):
      (JSC::DFG::FlushedAt::operator==):
      (JSC::DFG::FlushedAt::operator!=):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::bytecodeRegisterForArgument):
      (JSC::DFG::Graph::argumentsRegisterFor):
      (JSC::DFG::Graph::machineArgumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
      (JSC::DFG::Graph::activationRegister):
      (JSC::DFG::Graph::uncheckedActivationRegister):
      (JSC::DFG::Graph::machineActivationRegister):
      (JSC::DFG::Graph::uncheckedMachineActivationRegister):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToGetLocalUnlinked):
      (JSC::DFG::Node::convertToGetLocal):
      (JSC::DFG::Node::machineLocal):
      (JSC::DFG::Node::hasUnlinkedMachineLocal):
      (JSC::DFG::Node::setUnlinkedMachineLocal):
      (JSC::DFG::Node::unlinkedMachineLocal):
      (JSC::DFG::Node::hasInlineStartData):
      (JSC::DFG::Node::inlineStartData):
      * dfg/DFGNodeFlags.cpp:
      (JSC::DFG::dumpNodeFlags):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntry.h:
      (JSC::DFG::OSREntryReshuffling::OSREntryReshuffling):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompilerCommon.cpp:
      (JSC::DFG::reifyInlinedCallFrames):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::ScoreBoard):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
      (JSC::DFG::SpeculativeJIT::createOSREntries):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::calleeFrameOffset):
      (JSC::DFG::SpeculativeJIT::callFrameSlot):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
      (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
      (JSC::DFG::SpeculativeJIT::framePointerOffsetToGetActivationRegisters):
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStackLayoutPhase.cpp: Added.
      (JSC::DFG::StackLayoutPhase::StackLayoutPhase):
      (JSC::DFG::StackLayoutPhase::run):
      (JSC::DFG::performStackLayout):
      * dfg/DFGStackLayoutPhase.h: Added.
      * dfg/DFGValidate.cpp:
      (JSC::DFG::Validate::validate):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::machineLocal):
      (JSC::DFG::VariableAccessData::flushedAt):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLExitValue.h:
      (JSC::FTL::ExitValue::inJSStack):
      (JSC::FTL::ExitValue::inJSStackAsInt32):
      (JSC::FTL::ExitValue::inJSStackAsInt52):
      (JSC::FTL::ExitValue::inJSStackAsDouble):
      (JSC::FTL::ExitValue::virtualRegister):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
      (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
      (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
      * ftl/FTLOSRExitCompiler.cpp:
      (JSC::FTL::compileStub):
      * ftl/FTLValueSource.cpp:
      (JSC::FTL::ValueSource::dump):
      * ftl/FTLValueSource.h:
      (JSC::FTL::ValueSource::ValueSource):
      (JSC::FTL::ValueSource::kind):
      (JSC::FTL::ValueSource::operator!):
      (JSC::FTL::ValueSource::node):
      (JSC::FTL::ValueSource::virtualRegister):
      * interpreter/Interpreter.cpp:
      (JSC::unwindCallFrame):
      * interpreter/StackVisitor.cpp:
      (JSC::StackVisitor::readInlinedFrame):
      (JSC::StackVisitor::Frame::createArguments):
      (JSC::StackVisitor::Frame::existingArguments):
      * interpreter/StackVisitor.h:
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::addressFor):
      (JSC::AssemblyHelpers::tagFor):
      (JSC::AssemblyHelpers::payloadFor):
      (JSC::AssemblyHelpers::offsetOfArgumentsIncludingThis):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      (JSC::Arguments::allocateSlowArguments):
      (JSC::Arguments::tryDeleteArgument):
      (JSC::Arguments::isDeletedArgument):
      (JSC::Arguments::isArgument):
      (JSC::Arguments::argument):
      (JSC::Arguments::finishCreation):
      * runtime/JSActivation.h:
      (JSC::JSActivation::create):
      (JSC::JSActivation::JSActivation):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156984 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a62d4829
  16. 02 Oct, 2013 1 commit
    • oliver@apple.com's avatar
      Implement Array key, value and entries iterators · 9719b8c9
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122195
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      Add implementation of ES6 Array iterators for keys(), values() and entries()
      
      Fairly self explanatory as we just need a simple implementation so that we can
      implement and test other features.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/ArrayIteratorConstructor.cpp: Added.
      (JSC::ArrayIteratorConstructor::finishCreation):
      * runtime/ArrayIteratorConstructor.h: Added.
      (JSC::ArrayIteratorConstructor::create):
      (JSC::ArrayIteratorConstructor::createStructure):
      (JSC::ArrayIteratorConstructor::ArrayIteratorConstructor):
      * runtime/ArrayIteratorPrototype.cpp: Added.
      (JSC::ArrayIteratorPrototype::finishCreation):
      (JSC::createIteratorResult):
      (JSC::arrayIteratorPrototypeNext):
      * runtime/ArrayIteratorPrototype.h: Added.
      (JSC::ArrayIteratorPrototype::create):
      (JSC::ArrayIteratorPrototype::createStructure):
      (JSC::ArrayIteratorPrototype::ArrayIteratorPrototype):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncValues):
      (JSC::arrayProtoFuncEntries):
      (JSC::arrayProtoFuncKeys):
      * runtime/CommonIdentifiers.h:
      * runtime/Identifier.h:
      (JSC::Identifier::createEmptyUnique):
      * runtime/JSArrayIterator.cpp: Added.
      (JSC::JSArrayIterator::finishCreation):
      * runtime/JSArrayIterator.h: Added.
      (JSC::JSArrayIterator::createStructure):
      (JSC::JSArrayIterator::create):
      (JSC::JSArrayIterator::iterationKind):
      (JSC::JSArrayIterator::iteratedObject):
      (JSC::JSArrayIterator::nextIndex):
      (JSC::JSArrayIterator::setNextIndex):
      (JSC::JSArrayIterator::finish):
      (JSC::JSArrayIterator::JSArrayIterator):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::iteratorResultStructure):
      
      LayoutTests:
      
      Add tests
      
      * js/Object-getOwnPropertyNames-expected.txt:
      * js/array-iterators-expected.txt: Added.
      * js/array-iterators.html: Added.
      * js/script-tests/Object-getOwnPropertyNames.js:
      * js/script-tests/array-iterators.js: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156791 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9719b8c9
  17. 30 Sep, 2013 1 commit
    • fpizlo@apple.com's avatar
      Get rid of the AlreadyInJSStack recoveries since they are totally redundant... · c6bb4a9f
      fpizlo@apple.com authored
      Get rid of the AlreadyInJSStack recoveries since they are totally redundant with the DisplacedInJSStack recoveries
      https://bugs.webkit.org/show_bug.cgi?id=122065
      
      Reviewed by Mark Hahnenberg.
              
      This mostly just kills a bunch of code.
              
      But incidentaly while killing that code, I uncovered a bug in our FTL OSR entrypoint
      creation phase. The phase inserts a sequence of SetLocal(ExtractOSREntryLocal) nodes.
      If we hoist some type check into the local, then we might inject a conversion node
      between the ExtractOSREntryLocal and the SetLocal - for example we might put in a
      Int32ToDouble node. But currently the FixupPhase will make all conversion nodes placed
      on an edge of a SetLocal use forward exit. This then confuses the OSR exit machinery.
      When OSR exit sees a forward exit, it tries to "roll forward" execution from the exiting
      node to the first node that has a different CodeOrigin. This only works if the nodes
      after the forward exit are MovHints or other tnings that the OSR exit compiler can
      forward-execute. But here, it will see a bunch of SetLocal and ExtractOSREntryLocal
      nodes for the same bytecode index. Two possible solutions exist. We could teach the
      forward-execution logic how to deal with multiple SetLocals and ExtractOSREntryLocals.
      This would be a lot of complexity; right now it just needs to deal with exactly one
      SetLocal-like operation. The alternative is to make sure that the conversion node that
      we inject ends up exiting *backward* rather than forward.
              
      But making the conversion nodes exit backward is somewhat tricky. Before this patch,
      conversion nodes always exit forward for SetLocals and backwards otherwise. It turns out
      that the solution is to rationalize how we choose the speculation direciton for a
      conversion node. The conversion node's speculation direction should be the same as the
      speculation direction of the node for which it is doing a conversion. Since SetLocal's
      already exit forward by default, this policy preserves our previous behavior. But it
      also allows the OSR entrypoint creation phase to make its SetLocals exit backward
      instead.
              
      Of course, if the SetLocal(ExtractOSREntryLocal) sequences exit backward, then we need
      to make sure that the OSR exit machine knows that the local variables are indeed live.
      Consider that if we have:
              
          a: ExtractOSREntryLocal(loc1)
          b: SetLocal(@a, loc1)
          c: ExtractOSRentryLocal(loc2)
          d: SetLocal(@c, loc2)
              
      Without additional magic, the exit at @b will think that loc2 is dead and the OSR exit
      compiler will clobber loc2 with Undefined. So we need to make sure that we actually
      emit code like:
              
          a: ExtractOSREntryLocal(loc1)
          b: ExtractOSREntryLocal(loc2)
          c: SetLocal(@a, loc1)
          d: SetLocal(@b, loc2)
          e: SetLocal(@a, loc1)
          f: SetLocal(@b, loc2)
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeOrigin.h:
      * bytecode/ValueRecovery.cpp: Added.
      (JSC::ValueRecovery::recover):
      (JSC::ValueRecovery::dumpInContext):
      (JSC::ValueRecovery::dump):
      * bytecode/ValueRecovery.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
      (JSC::DFG::FixupPhase::fixEdge):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::speculationDirection):
      (JSC::DFG::Node::setSpeculationDirection):
      * dfg/DFGOSREntrypointCreationPhase.cpp:
      (JSC::DFG::OSREntrypointCreationPhase::run):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileInlineStart):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGValueSource.h:
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::speculate):
      (JSC::FTL::LowerDFGToLLVM::speculateMachineInt):
      * interpreter/Register.h:
      (JSC::Register::unboxedStrictInt52):
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156677 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c6bb4a9f
  18. 26 Sep, 2013 1 commit
    • mark.lam@apple.com's avatar
      Move DFG inline caching logic into jit/. · 9df8b83f
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121749.
      
      Reviewed by Geoffrey Garen.
      
      Relanding http://trac.webkit.org/changeset/156235 after rebasing to latest
      revision and fixing build breakages on Windows.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::resetStubInternal):
      * bytecode/StructureStubInfo.h:
      * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
      (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
      (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationPutByValInternal):
      * dfg/DFGOperations.h:
      (JSC::DFG::operationNewTypedArrayWithSizeForType):
      (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
      * dfg/DFGRegisterSet.h: Removed.
      * dfg/DFGRepatch.cpp: Removed.
      * dfg/DFGRepatch.h: Removed.
      * dfg/DFGScratchRegisterAllocator.h: Removed.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compare):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      * dfg/DFGThunks.h:
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      * ftl/FTLOSRExitCompiler.h:
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::writeBarrier):
      * jit/JIT.cpp:
      (JSC::JIT::linkFor):
      (JSC::JIT::linkSlowCall):
      * jit/JITCall.cpp:
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITOperationWrappers.h: Copied from Source/JavaScriptCore/jit/JITOperationWrappers.h.
      * jit/JITOperations.cpp: Copied from Source/JavaScriptCore/jit/JITOperations.cpp.
      (JSC::getHostCallReturnValueWithExecState):
      * jit/JITOperations.h: Copied from Source/JavaScriptCore/jit/JITOperations.h.
      * jit/RegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
      * jit/Repatch.cpp: Copied from Source/JavaScriptCore/jit/Repatch.cpp.
      (JSC::tryBuildGetByIDList):
      * jit/Repatch.h: Copied from Source/JavaScriptCore/jit/Repatch.h.
      * jit/ScratchRegisterAllocator.h: Copied from Source/JavaScriptCore/jit/ScratchRegisterAllocator.h.
      * jit/ThunkGenerators.cpp:
      (JSC::oldStyleGenerateSlowCaseFor):
      (JSC::oldStyleLinkForGenerator):
      (JSC::oldStyleLinkCallGenerator):
      (JSC::oldStyleLinkConstructGenerator):
      (JSC::oldStyleLinkClosureCallGenerator):
      (JSC::oldStyleVirtualForGenerator):
      (JSC::oldStyleVirtualCallGenerator):
      (JSC::oldStyleVirtualConstructGenerator):
      (JSC::emitPointerValidation):
      (JSC::throwExceptionFromCallSlowPathGenerator):
      (JSC::slowPathFor):
      (JSC::linkForThunkGenerator):
      (JSC::linkCallThunkGenerator):
      (JSC::linkConstructThunkGenerator):
      (JSC::linkClosureCallThunkGenerator):
      (JSC::virtualForThunkGenerator):
      (JSC::virtualCallThunkGenerator):
      (JSC::virtualConstructThunkGenerator):
      * jit/ThunkGenerators.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156490 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9df8b83f
  19. 23 Sep, 2013 2 commits
    • fpizlo@apple.com's avatar
      Never use ReturnPC for exception handling and quit using exception check... · 48a7bc89
      fpizlo@apple.com authored
      Never use ReturnPC for exception handling and quit using exception check indices as a lame replica of the CodeOrigin index
      https://bugs.webkit.org/show_bug.cgi?id=121734
      
      Reviewed by Mark Hahnenberg.
              
      Exception handling can deduce where the exception was thrown from by looking at the
      code origin that was stored into the call frame header. There is no need to pass any
      additional meta-data into the exception throwing logic. But the DFG was still doing it
      anyway.
              
      This removes all of the logic to pass extra meta-data into lookupExceptionHandler()
      and friends. It simplifies a lot of code.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::codeOrigins):
      (JSC::CodeBlock::hasCodeOrigins):
      (JSC::CodeBlock::canGetCodeOrigin):
      (JSC::CodeBlock::codeOrigin):
      * bytecode/CodeOrigin.h:
      (JSC::InlineCallFrame::InlineCallFrame):
      * bytecode/InlineCallFrameSet.cpp: Added.
      (JSC::InlineCallFrameSet::InlineCallFrameSet):
      (JSC::InlineCallFrameSet::~InlineCallFrameSet):
      (JSC::InlineCallFrameSet::add):
      (JSC::InlineCallFrameSet::shrinkToFit):
      * bytecode/InlineCallFrameSet.h: Added.
      (JSC::InlineCallFrameSet::isEmpty):
      (JSC::InlineCallFrameSet::size):
      (JSC::InlineCallFrameSet::at):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCommonData.cpp:
      (JSC::DFG::CommonData::addCodeOrigin):
      (JSC::DFG::CommonData::shrinkToFit):
      * dfg/DFGCommonData.h:
      * dfg/DFGDesiredWriteBarriers.cpp:
      (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
      (JSC::DFG::DesiredWriteBarrier::trigger):
      * dfg/DFGDesiredWriteBarriers.h:
      (JSC::DFG::DesiredWriteBarriers::add):
      (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
      (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::JITCompiler):
      (JSC::DFG::JITCompiler::compileExceptionHandlers):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
      (JSC::DFG::JITCompiler::exceptionCheck):
      (JSC::DFG::JITCompiler::fastExceptionCheck):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryBuildGetByIDList):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
      (JSC::DFG::SpeculativeJIT::appendCallSetResult):
      (JSC::DFG::SpeculativeJIT::appendCall):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::callPreflight):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::emitExceptionCheck):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156300 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      48a7bc89
    • paroga@webkit.org's avatar
      Cleanup CMake files in JavaScriptCore · 4207b08a
      paroga@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=121762
      
      Reviewed by Gyuyoung Kim.
      
      Sort files and unify style.
      
      * CMakeLists.txt:
      * shell/CMakeLists.txt:
      * shell/PlatformBlackBerry.cmake:
      * shell/PlatformEfl.cmake:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156263 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4207b08a
  20. 21 Sep, 2013 2 commits
    • fpizlo@apple.com's avatar
      Unreviewed, revert http://trac.webkit.org/changeset/156235. It won't work on Windows. · da4645e1
      fpizlo@apple.com authored
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::resetStubInternal):
      * bytecode/StructureStubInfo.h:
      * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
      (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
      (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationPutByValInternal):
      * dfg/DFGOperations.h:
      (JSC::DFG::operationNewTypedArrayWithSizeForType):
      (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
      * dfg/DFGRegisterSet.h: Added.
      (JSC::DFG::RegisterSet::RegisterSet):
      (JSC::DFG::RegisterSet::asPOD):
      (JSC::DFG::RegisterSet::copyInfo):
      (JSC::DFG::RegisterSet::set):
      (JSC::DFG::RegisterSet::setGPRByIndex):
      (JSC::DFG::RegisterSet::clear):
      (JSC::DFG::RegisterSet::get):
      (JSC::DFG::RegisterSet::getGPRByIndex):
      (JSC::DFG::RegisterSet::getFreeGPR):
      (JSC::DFG::RegisterSet::setFPRByIndex):
      (JSC::DFG::RegisterSet::getFPRByIndex):
      (JSC::DFG::RegisterSet::setByIndex):
      (JSC::DFG::RegisterSet::getByIndex):
      (JSC::DFG::RegisterSet::numberOfSetGPRs):
      (JSC::DFG::RegisterSet::numberOfSetFPRs):
      (JSC::DFG::RegisterSet::numberOfSetRegisters):
      (JSC::DFG::RegisterSet::setBit):
      (JSC::DFG::RegisterSet::clearBit):
      (JSC::DFG::RegisterSet::getBit):
      * dfg/DFGRepatch.cpp: Added.
      (JSC::DFG::repatchCall):
      (JSC::DFG::repatchByIdSelfAccess):
      (JSC::DFG::addStructureTransitionCheck):
      (JSC::DFG::replaceWithJump):
      (JSC::DFG::emitRestoreScratch):
      (JSC::DFG::linkRestoreScratch):
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::repatchGetByID):
      (JSC::DFG::getPolymorphicStructureList):
      (JSC::DFG::patchJumpToGetByIdStub):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::buildGetByIDList):
      (JSC::DFG::appropriateGenericPutByIdFunction):
      (JSC::DFG::appropriateListBuildingPutByIdFunction):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::repatchPutByID):
      (JSC::DFG::tryBuildPutByIdList):
      (JSC::DFG::buildPutByIdList):
      (JSC::DFG::tryRepatchIn):
      (JSC::DFG::repatchIn):
      (JSC::DFG::linkSlowFor):
      (JSC::DFG::linkFor):
      (JSC::DFG::linkClosureCall):
      (JSC::DFG::resetGetByID):
      (JSC::DFG::resetPutByID):
      (JSC::DFG::resetIn):
      * dfg/DFGRepatch.h: Added.
      (JSC::DFG::resetGetByID):
      (JSC::DFG::resetPutByID):
      (JSC::DFG::resetIn):
      * dfg/DFGScratchRegisterAllocator.h: Added.
      (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
      (JSC::DFG::ScratchRegisterAllocator::lock):
      (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
      (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
      (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
      (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
      (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
      (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
      (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
      (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
      (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::writeBarrier):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compare):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::emitPointerValidation):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::linkForThunkGenerator):
      (JSC::DFG::linkCallThunkGenerator):
      (JSC::DFG::linkConstructThunkGenerator):
      (JSC::DFG::linkClosureCallThunkGenerator):
      (JSC::DFG::virtualForThunkGenerator):
      (JSC::DFG::virtualCallThunkGenerator):
      (JSC::DFG::virtualConstructThunkGenerator):
      * dfg/DFGThunks.h:
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      * ftl/FTLOSRExitCompiler.h:
      * jit/AssemblyHelpers.h:
      * jit/JIT.cpp:
      (JSC::JIT::linkFor):
      (JSC::JIT::linkSlowCall):
      * jit/JITCall.cpp:
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITOperationWrappers.h: Removed.
      * jit/JITOperations.cpp: Removed.
      * jit/JITOperations.h: Removed.
      * jit/RegisterSet.h: Removed.
      * jit/Repatch.cpp: Removed.
      * jit/Repatch.h: Removed.
      * jit/ScratchRegisterAllocator.h: Removed.
      * jit/ThunkGenerators.cpp:
      (JSC::generateSlowCaseFor):
      (JSC::linkForGenerator):
      (JSC::linkCallGenerator):
      (JSC::linkConstructGenerator):
      (JSC::linkClosureCallGenerator):
      (JSC::virtualForGenerator):
      (JSC::virtualCallGenerator):
      (JSC::virtualConstructGenerator):
      * jit/ThunkGenerators.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156237 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      da4645e1
    • fpizlo@apple.com's avatar
      Move DFG inline caching logic into jit/ · 4513333c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121749
      
      Rubber stamped by Sam Weinig.
              
      We want to get rid of the baseline JIT's inline caching machinery and have it use the
      DFG's instead. But before we do that we need to move the DFG's inline caching machine
      out from behind its ENABLE(DFG_JIT) guards and make it available to the whole system.
      This patch does that:
              
      - dfg/DFGRepatch becomes jit/Repatch.
              
      - The thunks used by the DFG IC go into jit/ThunkGenerators, instead of dfg/DFGThunks.
              
      - The operations used by the DFG IC go into jit/JITOperations, instead of
        dfg/DFGOperations.
              
      - The old JIT's thunk generators for calls are renamed to reduce confusion. Previously
        it was easy to know which generators belong to which JIT because the old JIT used
        JSC::virtualCallBlah and the DFG used JSC::DFG::virtualCallBlah, but that's not the
        case anymore. Note that the old JIT's thunk generators will die in a future patch.
              
      No functional changes beyond those moves.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CallLinkInfo.cpp:
      (JSC::CallLinkInfo::unlink):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::resetStubInternal):
      * bytecode/StructureStubInfo.h:
      * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
      (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
      (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOperations.cpp:
      (JSC::DFG::operationPutByValInternal):
      * dfg/DFGOperations.h:
      (JSC::DFG::operationNewTypedArrayWithSizeForType):
      (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
      * dfg/DFGRegisterSet.h: Removed.
      * dfg/DFGRepatch.cpp: Removed.
      * dfg/DFGRepatch.h: Removed.
      * dfg/DFGScratchRegisterAllocator.h: Removed.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::compare):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      * dfg/DFGThunks.h:
      * ftl/FTLIntrinsicRepository.h:
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::writeBarrier):
      * jit/JIT.cpp:
      (JSC::JIT::linkFor):
      (JSC::JIT::linkSlowCall):
      * jit/JITCall.cpp:
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCallSlowCase):
      (JSC::JIT::privateCompileClosureCall):
      * jit/JITOperationWrappers.h: Added.
      * jit/JITOperations.cpp: Added.
      * jit/JITOperations.h: Added.
      * jit/RegisterSet.h: Added.
      (JSC::RegisterSet::RegisterSet):
      (JSC::RegisterSet::asPOD):
      (JSC::RegisterSet::copyInfo):
      (JSC::RegisterSet::set):
      (JSC::RegisterSet::setGPRByIndex):
      (JSC::RegisterSet::clear):
      (JSC::RegisterSet::get):
      (JSC::RegisterSet::getGPRByIndex):
      (JSC::RegisterSet::getFreeGPR):
      (JSC::RegisterSet::setFPRByIndex):
      (JSC::RegisterSet::getFPRByIndex):
      (JSC::RegisterSet::setByIndex):
      (JSC::RegisterSet::getByIndex):
      (JSC::RegisterSet::numberOfSetGPRs):
      (JSC::RegisterSet::numberOfSetFPRs):
      (JSC::RegisterSet::numberOfSetRegisters):
      (JSC::RegisterSet::setBit):
      (JSC::RegisterSet::clearBit):
      (JSC::RegisterSet::getBit):
      * jit/Repatch.cpp: Added.
      (JSC::repatchCall):
      (JSC::repatchByIdSelfAccess):
      (JSC::addStructureTransitionCheck):
      (JSC::replaceWithJump):
      (JSC::emitRestoreScratch):
      (JSC::linkRestoreScratch):
      (JSC::generateProtoChainAccessStub):
      (JSC::tryCacheGetByID):
      (JSC::repatchGetByID):
      (JSC::getPolymorphicStructureList):
      (JSC::patchJumpToGetByIdStub):
      (JSC::tryBuildGetByIDList):
      (JSC::buildGetByIDList):
      (JSC::appropriateGenericPutByIdFunction):
      (JSC::appropriateListBuildingPutByIdFunction):
      (JSC::emitPutReplaceStub):
      (JSC::emitPutTransitionStub):
      (JSC::tryCachePutByID):
      (JSC::repatchPutByID):
      (JSC::tryBuildPutByIdList):
      (JSC::buildPutByIdList):
      (JSC::tryRepatchIn):
      (JSC::repatchIn):
      (JSC::linkSlowFor):
      (JSC::linkFor):
      (JSC::linkClosureCall):
      (JSC::resetGetByID):
      (JSC::resetPutByID):
      (JSC::resetIn):
      * jit/Repatch.h: Added.
      (JSC::resetGetByID):
      (JSC::resetPutByID):
      (JSC::resetIn):
      * jit/ScratchRegisterAllocator.h: Added.
      (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
      (JSC::ScratchRegisterAllocator::lock):
      (JSC::ScratchRegisterAllocator::allocateScratch):
      (JSC::ScratchRegisterAllocator::allocateScratchGPR):
      (JSC::ScratchRegisterAllocator::allocateScratchFPR):
      (JSC::ScratchRegisterAllocator::didReuseRegisters):
      (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
      (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
      (JSC::ScratchRegisterAllocator::desiredScratchBufferSize):
      (JSC::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
      (JSC::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
      * jit/ThunkGenerators.cpp:
      (JSC::oldStyleGenerateSlowCaseFor):
      (JSC::oldStyleLinkForGenerator):
      (JSC::oldStyleLinkCallGenerator):
      (JSC::oldStyleLinkConstructGenerator):
      (JSC::oldStyleLinkClosureCallGenerator):
      (JSC::oldStyleVirtualForGenerator):
      (JSC::oldStyleVirtualCallGenerator):
      (JSC::oldStyleVirtualConstructGenerator):
      (JSC::emitPointerValidation):
      (JSC::throwExceptionFromCallSlowPathGenerator):
      (JSC::slowPathFor):
      (JSC::linkForThunkGenerator):
      (JSC::linkCallThunkGenerator):
      (JSC::linkConstructThunkGenerator):
      (JSC::linkClosureCallThunkGenerator):
      (JSC::virtualForThunkGenerator):
      (JSC::virtualCallThunkGenerator):
      (JSC::virtualConstructThunkGenerator):
      * jit/ThunkGenerators.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156235 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4513333c
  21. 20 Sep, 2013 2 commits
    • fpizlo@apple.com's avatar
      Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them · cd8eb2c1
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121637
      
      Rubber stamped by Michael Saboff.
              
      Also moved GPRInfo/FPRInfo into jit/. Rolling back in after fixing JIT-only build
      and tests.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAssemblyHelpers.cpp: Removed.
      * dfg/DFGAssemblyHelpers.h: Removed.
      * dfg/DFGBinarySwitch.h:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCCallHelpers.h: Removed.
      * dfg/DFGDisassembler.cpp:
      * dfg/DFGFPRInfo.h: Removed.
      * dfg/DFGGPRInfo.h: Removed.
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExit.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOSRExitCompilerCommon.h:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGRegisterSet.h:
      * dfg/DFGRepatch.cpp:
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGThunks.cpp:
      * dfg/DFGVariableEvent.cpp:
      * ftl/FTLCArgumentGetter.h:
      (JSC::FTL::CArgumentGetter::CArgumentGetter):
      (JSC::FTL::CArgumentGetter::loadNext8):
      (JSC::FTL::CArgumentGetter::loadNext32):
      (JSC::FTL::CArgumentGetter::loadNext64):
      (JSC::FTL::CArgumentGetter::loadNextPtr):
      (JSC::FTL::CArgumentGetter::loadNextDouble):
      * ftl/FTLCompile.cpp:
      * ftl/FTLExitThunkGenerator.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLThunks.cpp:
      * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
      * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
      (JSC::AssemblyHelpers::AssemblyHelpers):
      (JSC::AssemblyHelpers::debugCall):
      * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
      * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
      (WTF::printInternal):
      * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
      (WTF::printInternal):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JSInterfaceJIT.h:
      (JSC::JSInterfaceJIT::JSInterfaceJIT):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::linkForGenerator):
      (JSC::virtualForGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::arityFixup):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      (JSC::imulThunkGenerator):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      * runtime/JSCJSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156184 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cd8eb2c1
    • paroga@webkit.org's avatar
      [CMake] Use COMPILE_DEFINITIONS target property for setting BUILDING_* defines · 7249361b
      paroga@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=121672
      
      Reviewed by Gyuyoung Kim.
      
      Since the scope of add_definitions() is always a whole file, we need to use
      target properties instead to set definitions only for specific targets.
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      
      Source/WebCore:
      
      * CMakeLists.txt:
      
      Source/WebKit:
      
      * CMakeLists.txt:
      
      Source/WTF:
      
      * wtf/CMakeLists.txt:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156159 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7249361b
  22. 19 Sep, 2013 2 commits
    • bfulgham@apple.com's avatar
      Unreviewed, rolling out r156120. · 63eba56c
      bfulgham@apple.com authored
      http://trac.webkit.org/changeset/156120
      https://bugs.webkit.org/show_bug.cgi?id=121651
      
      Broke windows runtime and all tests (Requested by bfulgham on
      #webkit).
      
      Patch by Commit Queue <commit-queue@webkit.org> on 2013-09-19
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAssemblyHelpers.cpp: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.cpp.
      (JSC::DFG::AssemblyHelpers::executableFor):
      (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
      (JSC::DFG::AssemblyHelpers::setSamplingFlag):
      (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
      (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
      (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
      (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
      * dfg/DFGAssemblyHelpers.h: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.h.
      (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::codeBlock):
      (JSC::DFG::AssemblyHelpers::vm):
      (JSC::DFG::AssemblyHelpers::assembler):
      (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
      (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
      (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
      (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
      (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
      (JSC::DFG::AssemblyHelpers::branchIfNotCell):
      (JSC::DFG::AssemblyHelpers::addressFor):
      (JSC::DFG::AssemblyHelpers::tagFor):
      (JSC::DFG::AssemblyHelpers::payloadFor):
      (JSC::DFG::AssemblyHelpers::branchIfNotObject):
      (JSC::DFG::AssemblyHelpers::selectScratchGPR):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
      (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
      (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
      (JSC::DFG::AssemblyHelpers::boxDouble):
      (JSC::DFG::AssemblyHelpers::unboxDouble):
      (JSC::DFG::AssemblyHelpers::boxInt52):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      (JSC::DFG::AssemblyHelpers::emitCount):
      (JSC::DFG::AssemblyHelpers::globalObjectFor):
      (JSC::DFG::AssemblyHelpers::strictModeFor):
      (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
      (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
      (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
      (JSC::DFG::AssemblyHelpers::symbolTableFor):
      (JSC::DFG::AssemblyHelpers::offsetOfLocals):
      (JSC::DFG::AssemblyHelpers::offsetOfArgumentsIncludingThis):
      * dfg/DFGBinarySwitch.h:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCCallHelpers.h: Renamed from Source/JavaScriptCore/jit/CCallHelpers.h.
      (JSC::DFG::CCallHelpers::CCallHelpers):
      (JSC::DFG::CCallHelpers::resetCallArguments):
      (JSC::DFG::CCallHelpers::addCallArgument):
      (JSC::DFG::CCallHelpers::setupArguments):
      (JSC::DFG::CCallHelpers::setupArgumentsExecState):
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (JSC::DFG::CCallHelpers::setupTwoStubArgs):
      (JSC::DFG::CCallHelpers::setupStubArguments):
      (JSC::DFG::CCallHelpers::setupResults):
      * dfg/DFGDisassembler.cpp:
      * dfg/DFGFPRInfo.h: Renamed from Source/JavaScriptCore/jit/FPRInfo.h.
      (JSC::DFG::FPRInfo::toRegister):
      (JSC::DFG::FPRInfo::toIndex):
      (JSC::DFG::FPRInfo::toArgumentRegister):
      (JSC::DFG::FPRInfo::debugName):
      * dfg/DFGGPRInfo.h: Renamed from Source/JavaScriptCore/jit/GPRInfo.h.
      (JSC::DFG::JSValueRegs::JSValueRegs):
      (JSC::DFG::JSValueRegs::payloadOnly):
      (JSC::DFG::JSValueRegs::operator!):
      (JSC::DFG::JSValueRegs::gpr):
      (JSC::DFG::JSValueRegs::payloadGPR):
      (JSC::DFG::JSValueSource::JSValueSource):
      (JSC::DFG::JSValueSource::unboxedCell):
      (JSC::DFG::JSValueSource::operator!):
      (JSC::DFG::JSValueSource::isAddress):
      (JSC::DFG::JSValueSource::offset):
      (JSC::DFG::JSValueSource::base):
      (JSC::DFG::JSValueSource::gpr):
      (JSC::DFG::JSValueSource::asAddress):
      (JSC::DFG::JSValueSource::notAddress):
      (JSC::DFG::JSValueRegs::tagGPR):
      (JSC::DFG::JSValueSource::tagGPR):
      (JSC::DFG::JSValueSource::payloadGPR):
      (JSC::DFG::JSValueSource::hasKnownTag):
      (JSC::DFG::JSValueSource::tag):
      (JSC::DFG::GPRInfo::toRegister):
      (JSC::DFG::GPRInfo::toIndex):
      (JSC::DFG::GPRInfo::debugName):
      (JSC::DFG::GPRInfo::toArgumentRegister):
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExit.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOSRExitCompilerCommon.h:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGRegisterSet.h:
      * dfg/DFGRepatch.cpp:
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGThunks.cpp:
      * dfg/DFGVariableEvent.cpp:
      * ftl/FTLCArgumentGetter.h:
      (JSC::FTL::CArgumentGetter::CArgumentGetter):
      (JSC::FTL::CArgumentGetter::loadNext8):
      (JSC::FTL::CArgumentGetter::loadNext32):
      (JSC::FTL::CArgumentGetter::loadNext64):
      (JSC::FTL::CArgumentGetter::loadNextPtr):
      (JSC::FTL::CArgumentGetter::loadNextDouble):
      * ftl/FTLCompile.cpp:
      * ftl/FTLExitThunkGenerator.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLThunks.cpp:
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JSInterfaceJIT.h:
      (JSC::JSInterfaceJIT::preserveReturnAddressAfterCall):
      (JSC::JSInterfaceJIT::restoreReturnAddressBeforeReturn):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::linkForGenerator):
      (JSC::virtualForGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::arityFixup):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      (JSC::imulThunkGenerator):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      * runtime/JSCJSValue.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      63eba56c
    • fpizlo@apple.com's avatar
      Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them · 620acab5
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=121637
      
      Rubber stamped by Michael Saboff.
              
      Also moved GPRInfo/FPRInfo into jit/.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::dumpInContext):
      * dfg/DFGAssemblyHelpers.cpp: Removed.
      * dfg/DFGAssemblyHelpers.h: Removed.
      * dfg/DFGBinarySwitch.h:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCCallHelpers.h: Removed.
      * dfg/DFGDisassembler.cpp:
      * dfg/DFGFPRInfo.h: Removed.
      * dfg/DFGGPRInfo.h: Removed.
      * dfg/DFGGraph.cpp:
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExit.cpp:
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOSRExitCompilerCommon.h:
      * dfg/DFGRegisterBank.h:
      * dfg/DFGRegisterSet.h:
      * dfg/DFGRepatch.cpp:
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGThunks.cpp:
      * dfg/DFGVariableEvent.cpp:
      * ftl/FTLCArgumentGetter.h:
      (JSC::FTL::CArgumentGetter::CArgumentGetter):
      (JSC::FTL::CArgumentGetter::loadNext8):
      (JSC::FTL::CArgumentGetter::loadNext32):
      (JSC::FTL::CArgumentGetter::loadNext64):
      (JSC::FTL::CArgumentGetter::loadNextPtr):
      (JSC::FTL::CArgumentGetter::loadNextDouble):
      * ftl/FTLCompile.cpp:
      * ftl/FTLExitThunkGenerator.h:
      * ftl/FTLLink.cpp:
      * ftl/FTLThunks.cpp:
      * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
      * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
      (JSC::AssemblyHelpers::AssemblyHelpers):
      (JSC::AssemblyHelpers::debugCall):
      * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
      * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
      (WTF::printInternal):
      * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
      (WTF::printInternal):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      * jit/JSInterfaceJIT.h:
      (JSC::JSInterfaceJIT::JSInterfaceJIT):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::linkForGenerator):
      (JSC::virtualForGenerator):
      (JSC::stringLengthTrampolineGenerator):
      (JSC::nativeForGenerator):
      (JSC::arityFixup):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      (JSC::imulThunkGenerator):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      * runtime/JSCJSValue.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156120 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      620acab5
  23. 10 Sep, 2013 1 commit
    • oliver@apple.com's avatar
      Support WeakMap · bfcc048e
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120912
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Add support for ES6 WeakMap.  Add the cluster of boilerplate
      classes around the core WeakMapData class.
      
      WeakMapData is a simple object->value hash table that uses a
      combo of WeakReferenceHarvester to conditionally keep the weak
      value reference live, and UnconditionalFinalizer to clean the
      dead keys from the table post-GC.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::weakMapDataStructure):
      * runtime/JSWeakMap.cpp: Added.
      (JSC::JSWeakMap::finishCreation):
      (JSC::JSWeakMap::visitChildren):
      * runtime/JSWeakMap.h: Added.
      (JSC::JSWeakMap::createStructure):
      (JSC::JSWeakMap::create):
      (JSC::JSWeakMap::weakMapData):
      (JSC::JSWeakMap::JSWeakMap):
      * runtime/WeakMapConstructor.cpp: Added.
      (JSC::WeakMapConstructor::finishCreation):
      (JSC::constructWeakMap):
      (JSC::WeakMapConstructor::getConstructData):
      (JSC::WeakMapConstructor::getCallData):
      * runtime/WeakMapConstructor.h: Added.
      (JSC::WeakMapConstructor::create):
      (JSC::WeakMapConstructor::createStructure):
      (JSC::WeakMapConstructor::WeakMapConstructor):
      * runtime/WeakMapData.cpp: Added.
      (JSC::WeakMapData::WeakMapData):
      (JSC::WeakMapData::finishCreation):
      (JSC::WeakMapData::destroy):
      (JSC::WeakMapData::visitChildren):
      (JSC::WeakMapData::set):
      (JSC::WeakMapData::get):
      (JSC::WeakMapData::remove):
      (JSC::WeakMapData::contains):
      (JSC::WeakMapData::clear):
      (JSC::WeakMapData::DeadKeyCleaner::visitWeakReferences):
      (JSC::WeakMapData::DeadKeyCleaner::finalizeUnconditionally):
      * runtime/WeakMapData.h: Added.
      (JSC::WeakMapData::create):
      (JSC::WeakMapData::createStructure):
      (JSC::WeakMapData::DeadKeyCleaner::DeadKeyCleaner):
      * runtime/WeakMapPrototype.cpp: Added.
      (JSC::WeakMapPrototype::finishCreation):
      (JSC::getWeakMapData):
      (JSC::protoFuncWeakMapClear):
      (JSC::protoFuncWeakMapDelete):
      (JSC::protoFuncWeakMapGet):
      (JSC::protoFuncWeakMapHas):
      (JSC::protoFuncWeakMapSet):
      * runtime/WeakMapPrototype.h: Added.
      (JSC::WeakMapPrototype::create):
      (JSC::WeakMapPrototype::createStructure):
      (JSC::WeakMapPrototype::WeakMapPrototype):
      
      LayoutTests:
      
      Basic tests.
      
      * js/basic-weakmap-expected.txt: Added.
      * js/basic-weakmap.html: Added.
      * js/script-tests/basic-weakmap.js: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155473 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bfcc048e
  24. 04 Sep, 2013 3 commits
    • fpizlo@apple.com's avatar
      run-fast-jsc should work with new-school fast/js tests that loop until the DFG tiers up · 44225e60
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120697
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      * API/JSCTestRunnerUtils.cpp:
      (JSC::numberOfDFGCompiles):
      (JSC::setNeverInline):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * jsc.cpp:
      (GlobalObject::finishCreation):
      (functionNeverInlineFunction):
      (functionNumberOfDFGCompiles):
      * runtime/TestRunnerUtils.cpp: Added.
      (JSC::getExecutable):
      (JSC::numberOfDFGCompiles):
      (JSC::setNeverInline):
      * runtime/TestRunnerUtils.h: Added.
      
      LayoutTests: 
      
      * fast/js/resources/standalone-pre.js:
      (testPassed):
      (testFailed):
      (dfgCompiled):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155090 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      44225e60
    • mark.lam@apple.com's avatar
      Renamed StackIterator to StackVisitor. · fa2a142f
      mark.lam@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120706.
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      Also did some minor refactoring:
      - Renamed StackIterator::iterate() to StackVisitor::visit().
      - Make StackVisitor::visit() a static method.
      - Move the instantiation of the StackVisitor instance into StackVisitor::visit()
        from CallFrame::iterate().
      - Removed StackIterator::resetIterator() and inline its body into the
        StackVisitor constructor since this is the only remaining caller of it.
      
      * API/JSContextRef.cpp:
      (BacktraceFunctor::operator()):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * interpreter/CallFrame.h:
      (JSC::ExecState::iterate):
      * interpreter/Interpreter.cpp:
      (JSC::DumpRegisterFunctor::operator()):
      (JSC::unwindCallFrame):
      (JSC::getStackFrameCodeType):
      (JSC::GetStackTraceFunctor::operator()):
      (JSC::UnwindFunctor::operator()):
      * interpreter/Interpreter.h:
      * interpreter/StackIterator.cpp: Removed.
      * interpreter/StackIterator.h: Removed.
      * interpreter/StackVisitor.cpp: Copied from Source/JavaScriptCore/interpreter/StackIterator.cpp.
      (JSC::StackVisitor::StackVisitor):
      (JSC::StackVisitor::gotoNextFrame):
      (JSC::StackVisitor::readFrame):
      (JSC::StackVisitor::readNonInlinedFrame):
      (JSC::StackVisitor::readInlinedFrame):
      (JSC::StackVisitor::Frame::codeType):
      (JSC::StackVisitor::Frame::functionName):
      (JSC::StackVisitor::Frame::sourceURL):
      (JSC::StackVisitor::Frame::toString):
      (JSC::StackVisitor::Frame::arguments):
      (JSC::StackVisitor::Frame::computeLineAndColumn):
      (JSC::StackVisitor::Frame::retrieveExpressionInfo):
      (JSC::StackVisitor::Frame::setToEnd):
      (JSC::StackVisitor::Frame::print):
      (DebugPrintFrameFunctor::operator()):
      * interpreter/StackVisitor.h: Copied from Source/JavaScriptCore/interpreter/StackIterator.h.
      (JSC::StackVisitor::visit):
      * jsc.cpp:
      (FunctionJSCStackFunctor::operator()):
      * profiler/ProfileGenerator.cpp:
      (JSC::AddParentForConsoleStartFunctor::operator()):
      * runtime/JSFunction.cpp:
      (JSC::RetrieveArgumentsFunctor::operator()):
      (JSC::RetrieveCallerFunctionFunctor::operator()):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::GlobalFuncProtoGetterFunctor::operator()):
      (JSC::GlobalFuncProtoSetterFunctor::operator()):
      * runtime/ObjectConstructor.cpp:
      (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/interpreter/StackIterator.h: Removed.
      * ForwardingHeaders/interpreter/StackVisitor.h: Copied from Source/WebCore/ForwardingHeaders/interpreter/StackIterator.h.
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::SendFunctor::operator()):
      * bindings/js/ScriptCallStackFactory.cpp:
      (WebCore::CreateScriptCallStackFunctor::operator()):
      (WebCore::CreateScriptCallStackForConsoleFunctor::operator()):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155081 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fa2a142f
    • fpizlo@apple.com's avatar
      The DFG should be able to tier-up and OSR enter into the FTL · 532f1e51
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=112838
      
      Source/JavaScriptCore: 
      
      Reviewed by Mark Hahnenberg.
              
      This adds the ability for the DFG to tier-up into the FTL. This works in both
      of the expected tier-up modes:
              
      Replacement: frequently called functions eventually have their entrypoint
      replaced with one that goes into FTL-compiled code. Note, this will be a
      slow-down for now since we don't yet have LLVM calling convention integration.
              
      OSR entry: code stuck in hot loops gets OSR'd into the FTL from the DFG.
              
      This means that if the DFG detects that a function is an FTL candidate, it
      inserts execution counting code similar to the kind that the baseline JIT
      would use. If you trip on a loop count in a loop header that is an OSR
      candidate (it's not an inlined loop), we do OSR; otherwise we do replacement.
      OSR almost always also implies future replacement.
              
      OSR entry into the FTL is really cool. It uses a specialized FTL compile of
      the code, where early in the DFG pipeline we replace the original root block
      with an OSR entrypoint block that jumps to the pre-header of the hot loop.
      The OSR entrypoint loads all live state at the loop pre-header using loads
      from a scratch buffer, which gets populated by the runtime's OSR entry
      preparation code (FTL::prepareOSREntry()). This approach appears to work well
      with all of our subsequent optimizations, including prediction propagation,
      CFA, and LICM. LLVM seems happy with it, too. Best of all, it works naturally
      with concurrent compilation: when we hit the tier-up trigger we spawn a
      compilation plan at the bytecode index from which we triggered; once the
      compilation finishes the next trigger will try to enter, at that bytecode
      index. If it can't - for example because the code has moved on to another
      loop - then we just try again. Loops that get hot enough for OSR entry (about
      25,000 iterations) will probably still be running when a concurrent compile
      finishes, so this doesn't appear to be a big problem.
              
      This immediately gives us a 70% speed-up on imaging-gaussian-blur. We could
      get a bigger speed-up by adding some more intelligence and tweaking LLVM to
      compile code faster. Those things will happen eventually but this is a good
      start. Probably this code will see more tuning as we get more coverage in the
      FTL JIT, but I'll worry about that in future patches.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
      * bytecode/CodeBlock.h:
      * dfg/DFGAbstractInterpreterInlines.h:
      (JSC::DFG::::executeEffects):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      * dfg/DFGClobberize.h:
      (JSC::DFG::clobberize):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::killBlockAndItsContents):
      (JSC::DFG::Graph::killUnreachableBlocks):
      * dfg/DFGGraph.h:
      * dfg/DFGInPlaceAbstractState.cpp:
      (JSC::DFG::InPlaceAbstractState::initialize):
      * dfg/DFGJITCode.cpp:
      (JSC::DFG::JITCode::reconstruct):
      (JSC::DFG::JITCode::checkIfOptimizationThresholdReached):
      (JSC::DFG::JITCode::optimizeNextInvocation):
      (JSC::DFG::JITCode::dontOptimizeAnytimeSoon):
      (JSC::DFG::JITCode::optimizeAfterWarmUp):
      (JSC::DFG::JITCode::optimizeSoon):
      (JSC::DFG::JITCode::forceOptimizationSlowPathConcurrently):
      (JSC::DFG::JITCode::setOptimizationThresholdBasedOnCompilationResult):
      * dfg/DFGJITCode.h:
      * dfg/DFGJITFinalizer.cpp:
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGLoopPreHeaderCreationPhase.cpp:
      (JSC::DFG::createPreHeader):
      (JSC::DFG::LoopPreHeaderCreationPhase::run):
      * dfg/DFGLoopPreHeaderCreationPhase.h:
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasUnlinkedLocal):
      (JSC::DFG::Node::unlinkedLocal):
      * dfg/DFGNodeType.h:
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSREntrypointCreationPhase.cpp: Added.
      (JSC::DFG::OSREntrypointCreationPhase::OSREntrypointCreationPhase):
      (JSC::DFG::OSREntrypointCreationPhase::run):
      (JSC::DFG::performOSREntrypointCreation):
      * dfg/DFGOSREntrypointCreationPhase.h: Added.
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::compileInThreadImpl):
      * dfg/DFGPlan.h:
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSafeToExecute.h:
      (JSC::DFG::safeToExecute):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGTierUpCheckInjectionPhase.cpp: Added.
      (JSC::DFG::TierUpCheckInjectionPhase::TierUpCheckInjectionPhase):
      (JSC::DFG::TierUpCheckInjectionPhase::run):
      (JSC::DFG::performTierUpCheckInjection):
      * dfg/DFGTierUpCheckInjectionPhase.h: Added.
      * dfg/DFGToFTLDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLDeferredCompilationCallback::ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::~ToFTLDeferredCompilationCallback):
      (JSC::DFG::ToFTLDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLDeferredCompilationCallback.h: Added.
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp: Added.
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::~ToFTLForOSREntryDeferredCompilationCallback):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::create):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
      (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
      * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h: Added.
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * ftl/FTLCapabilities.cpp:
      (JSC::FTL::canCompile):
      * ftl/FTLCapabilities.h:
      * ftl/FTLForOSREntryJITCode.cpp: Added.
      (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::~ForOSREntryJITCode):
      (JSC::FTL::ForOSREntryJITCode::ftlForOSREntry):
      (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
      * ftl/FTLForOSREntryJITCode.h: Added.
      (JSC::FTL::ForOSREntryJITCode::entryBuffer):
      (JSC::FTL::ForOSREntryJITCode::setBytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::bytecodeIndex):
      (JSC::FTL::ForOSREntryJITCode::countEntryFailure):
      (JSC::FTL::ForOSREntryJITCode::entryFailureCount):
      * ftl/FTLJITFinalizer.cpp:
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::compileBlock):
      (JSC::FTL::LowerDFGToLLVM::compileNode):
      (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
      (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
      (JSC::FTL::LowerDFGToLLVM::addWeakReference):
      * ftl/FTLOSREntry.cpp: Added.
      (JSC::FTL::prepareOSREntry):
      * ftl/FTLOSREntry.h: Added.
      * ftl/FTLOutput.h:
      (JSC::FTL::Output::crashNonTerminal):
      (JSC::FTL::Output::crash):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * interpreter/Register.h:
      (JSC::Register::unboxedDouble):
      * jit/JIT.cpp:
      (JSC::JIT::emitEnterOptimizationCheck):
      * jit/JITCode.cpp:
      (JSC::JITCode::ftlForOSREntry):
      * jit/JITCode.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::newReplacementCodeBlockFor):
      * runtime/Options.h:
      * runtime/VM.cpp:
      (JSC::VM::ensureWorklist):
      * runtime/VM.h:
      
      LayoutTests: 
      
      Reviewed by Mark Hahnenberg.
              
      Fix marsaglia to check the result instead of printing, and add a second
      version that relies on OSR entry.
      
      * fast/js/regress/marsaglia-osr-entry-expected.txt: Added.
      * fast/js/regress/marsaglia-osr-entry.html: Added.
      * fast/js/regress/script-tests/marsaglia-osr-entry.js: Added.
      (marsaglia):
      * fast/js/regress/script-tests/marsaglia.js:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155023 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      532f1e51
  25. 03 Sep, 2013 1 commit
    • fpizlo@apple.com's avatar
      CodeBlock::jettison() should be implicit · 195d7b84
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120567
      
      Reviewed by Oliver Hunt.
              
      This is a risky change from a performance standpoint, but I believe it's
      necessary. This makes all CodeBlocks get swept by GC. Nobody but the GC
      can delete CodeBlocks because the GC always holds a reference to them.
      Once a CodeBlock reaches just one reference (i.e. the one from the GC)
      then the GC will free it only if it's not on the stack.
              
      This allows me to get rid of the jettisoning logic. We need this for FTL
      tier-up. Well; we don't need it, but it will help prevent a lot of bugs.
      Previously, if you wanted to to replace one code block with another, you
      had to remember to tell the GC that the previous code block is
      "jettisoned". We would need to do this when tiering up from DFG to FTL
      and when dealing with DFG-to-FTL OSR entry code blocks. There are a lot
      of permutations here - tiering up to the FTL, OSR entering into the FTL,
      deciding that an OSR entry code block is not relevant anymore - just to
      name a few. In each of these cases we'd have to jettison the previous
      code block. It smells like a huge source of future bugs.
              
      So I made jettisoning implicit by making the GC always watch out for a
      CodeBlock being owned solely by the GC.
              
      This change is performance neutral.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::visitAggregate):
      (JSC::CodeBlock::jettison):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::setJITCode):
      (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
      (JSC::CodeBlockSet::mark):
      * dfg/DFGCommonData.h:
      (JSC::DFG::CommonData::CommonData):
      * heap/CodeBlockSet.cpp: Added.
      (JSC::CodeBlockSet::CodeBlockSet):
      (JSC::CodeBlockSet::~CodeBlockSet):
      (JSC::CodeBlockSet::add):
      (JSC::CodeBlockSet::clearMarks):
      (JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
      (JSC::CodeBlockSet::traceMarked):
      * heap/CodeBlockSet.h: Added.
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::add):
      * heap/ConservativeRoots.h:
      * heap/DFGCodeBlocks.cpp: Removed.
      * heap/DFGCodeBlocks.h: Removed.
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteAllCompiledCode):
      (JSC::Heap::deleteUnmarkedCompiledCode):
      * heap/Heap.h:
      * interpreter/JSStack.cpp:
      (JSC::JSStack::gatherConservativeRoots):
      * interpreter/JSStack.h:
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::installCode):
      * runtime/Executable.h:
      * runtime/VM.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154986 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      195d7b84
  26. 30 Aug, 2013 1 commit
    • oliver@apple.com's avatar
      Implement ES6 Set class · b8d80ed3
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120549
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      We simply reuse the MapData type from JSMap making the
      it much simpler.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * runtime/CommonIdentifiers.h:
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSC::JSGlobalObject::setStructure):
      * runtime/JSSet.cpp: Added.
      (JSC::JSSet::visitChildren):
      (JSC::JSSet::finishCreation):
      * runtime/JSSet.h: Added.
      (JSC::JSSet::createStructure):
      (JSC::JSSet::create):
      (JSC::JSSet::mapData):
      (JSC::JSSet::JSSet):
      * runtime/SetConstructor.cpp: Added.
      (JSC::SetConstructor::finishCreation):
      (JSC::callSet):
      (JSC::constructSet):
      (JSC::SetConstructor::getConstructData):
      (JSC::SetConstructor::getCallData):
      * runtime/SetConstructor.h: Added.
      (JSC::SetConstructor::create):
      (JSC::SetConstructor::createStructure):
      (JSC::SetConstructor::SetConstructor):
      * runtime/SetPrototype.cpp: Added.
      (JSC::SetPrototype::finishCreation):
      (JSC::getMapData):
      (JSC::setProtoFuncAdd):
      (JSC::setProtoFuncClear):
      (JSC::setProtoFuncDelete):
      (JSC::setProtoFuncForEach):
      (JSC::setProtoFuncHas):
      (JSC::setProtoFuncSize):
      * runtime/SetPrototype.h: Added.
      (JSC::SetPrototype::create):
      (JSC::SetPrototype::createStructure):
      (JSC::SetPrototype::SetPrototype):
      
      LayoutTests:
      
      Add tests
      
      * fast/js/basic-set-expected.txt: Added.
      * fast/js/basic-set.html: Added.
      * fast/js/script-tests/basic-set.js: Added.
      (set new):
      (otherString.string_appeared_here.set add):
      (try.set forEach):
      (set forEach):
      (set gc):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154916 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b8d80ed3
  27. 29 Aug, 2013 4 commits
    • ryuan.choi@samsung.com's avatar
      Fix build break after r154861 · 639d4f6b
      ryuan.choi@samsung.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120503
      
      Reviewed by Geoffrey Garen.
      
      Unreviewed build fix attempt for GTK, Qt Windows and CMake based ports.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
      * Target.pri:
      * runtime/MapData.h:
      (JSC::MapData::KeyType::KeyType):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154864 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      639d4f6b
    • oliver@apple.com's avatar
      Implement ES6 Map object · 005f9e8f
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120333
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore:
      
      Implement support for the ES6 Map type and related classes.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/CopyToken.h: Add a new token to track copying the backing store
      * runtime/CommonIdentifiers.h: Add new identifiers
      * runtime/JSGlobalObject.cpp:
      * runtime/JSGlobalObject.h:
          Add new structures and prototypes
      
      * runtime/JSMap.cpp: Added.
      * runtime/JSMap.h: Added.
          New JSMap class to represent a Map instance
      
      * runtime/MapConstructor.cpp: Added.
      * runtime/MapConstructor.h: Added.
          The Map constructor
      
      * runtime/MapData.cpp: Added.
      * runtime/MapData.h: Added.
          The most interesting data structure.  The roughly corresponds
          to the ES6 notion of MapData.  It provides the core JSValue->JSValue
          map implementation.  We implement it using 2 hashtables and a flat
          table.  Due to the different semantics of string comparisons vs.
          all others we need have one map keyed by String and the other by
          generic JSValue.  The actual table is represented more or less
          exactly as described in the ES6 draft - a single contiguous list of
          key/value pairs.  The entire map could be achieved with just this
          table, however we need the HashMaps in order to maintain O(1) lookup.
      
          Deleted values are simply cleared as the draft says, however the
          implementation compacts the storage on copy as long as the are no
          active iterators.
      
      * runtime/MapPrototype.cpp: Added.
      * runtime/MapPrototype.h: Added.
          Implement Map prototype functions
      
      * runtime/VM.cpp:
          Add new structures.
      
      LayoutTests:
      
      Tests
      
      * fast/js/basic-map-expected.txt: Added.
      * fast/js/basic-map.html: Added.
      * fast/js/script-tests/basic-map.js: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154861 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      005f9e8f
    • fpizlo@apple.com's avatar
      Teach DFG::Worklist and its clients that it may be reused for different kinds of compilations · 6931c476
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120489
      
      Reviewed by Geoffrey Garen.
              
      If the baseline JIT hits an OSR entry trigger into the DFG and we already have a
      DFG compilation but we've also started one or more FTL compilations, then we
      shouldn't get confused. Previously we would have gotten confused because we would
      see an in-process deferred compile (the FTL compile) and also an optimized
      replacement (the DFG code).
              
      If the baseline JIT hits an OSR entry trigger into the DFG and we previously
      did two things in this order: triggered a tier-up compilation from the DFG into
      the FTL, and then jettisoned the DFG code because it exited a bunch, then we
      shouldn't be confused by the presence of an in-process deferred compile (the FTL
      compile). Previously we would have waited for that compile to finish; but the more
      sensible thing to do is to let it complete and then invalidate it, while at the
      same time enqueueing a DFG compile to create a new, more valid, DFG code block.
              
      If the DFG JIT hits a loop OSR entry trigger (into the FTL) and it has already
      triggered an FTL compile for replacement, then it should fire off a second compile
      instead of thinking that it can wait for that one to finish. Or vice-versa. We
      need to allow for two FTL compiles to be enqueued at the same time (one for
      replacement and one for OSR entry in a loop).
              
      Then there's also the problem that DFG::compile() is almost certainly going to be
      the hook for triggering both DFG compiles and the two kinds of FTL compiles, but
      right now there is no way to tell it which one you want.
              
      This fixes these problems and removes a bunch of potential confusion by making the
      key for a compile in the DFG::Worklist be a CompilationMode (one of DFGMode,
      FTLMode, or FTLForOSREntryMode). That mode is also passed to DFG::compile().
              
      Awkwardly, this still leaves us in a no DFG->FTL tier-up situation - so
      DFG::compile() is always passed DFGMode and then it might do an FTL compile if
      possible. Fixing that is a bigger issue for a later changeset.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::checkIfOptimizationThresholdReached):
      * dfg/DFGCompilationKey.cpp: Added.
      (JSC::DFG::CompilationKey::dump):
      * dfg/DFGCompilationKey.h: Added.
      (JSC::DFG::CompilationKey::CompilationKey):
      (JSC::DFG::CompilationKey::operator!):
      (JSC::DFG::CompilationKey::isHashTableDeletedValue):
      (JSC::DFG::CompilationKey::profiledBlock):
      (JSC::DFG::CompilationKey::mode):
      (JSC::DFG::CompilationKey::operator==):
      (JSC::DFG::CompilationKey::hash):
      (JSC::DFG::CompilationKeyHash::hash):
      (JSC::DFG::CompilationKeyHash::equal):
      * dfg/DFGCompilationMode.cpp: Added.
      (WTF::printInternal):
      * dfg/DFGCompilationMode.h: Added.
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      * dfg/DFGPlan.cpp:
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::key):
      * dfg/DFGPlan.h:
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::Worklist::enqueue):
      (JSC::DFG::Worklist::compilationState):
      (JSC::DFG::Worklist::completeAllReadyPlansForVM):
      (JSC::DFG::Worklist::runThread):
      * dfg/DFGWorklist.h:
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154854 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6931c476
    • fpizlo@apple.com's avatar
      CodeBlock::prepareForExecution() is silly · 1342e7a8
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120453
      
      Reviewed by Oliver Hunt.
              
      Instead of saying:
              
          codeBlock->prepareForExecution(stuff, BaselineJIT, more stuff)
              
      we should just say:
              
          JIT::compile(stuff, codeBlock, more stuff);
              
      And similarly for the LLInt and DFG.
              
      This kills a bunch of code, since CodeBlock::prepareForExecution() is just a
      wrapper that uses the JITType argument to call into the appropriate execution
      engine, which is what the user wanted to do in the first place.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compileImpl):
      (JSC::DFG::compile):
      * dfg/DFGDriver.h:
      (JSC::DFG::tryCompile):
      * dfg/DFGOSRExitPreparation.cpp:
      (JSC::DFG::prepareCodeOriginForOSRExit):
      * dfg/DFGWorklist.cpp:
      (JSC::DFG::globalWorklist):
      * dfg/DFGWorklist.h:
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::JIT::compile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntEntrypoint.cpp: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.cpp.
      (JSC::LLInt::setFunctionEntrypoint):
      (JSC::LLInt::setEvalEntrypoint):
      (JSC::LLInt::setProgramEntrypoint):
      (JSC::LLInt::setEntrypoint):
      * llint/LLIntEntrypoint.h: Copied from Source/JavaScriptCore/llint/LLIntEntrypoints.h.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * runtime/Executable.cpp:
      (JSC::ScriptExecutable::prepareForExecutionImpl):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154833 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1342e7a8