Skip to content

Instantly share code, notes, and snippets.

@daeken
Created April 1, 2017 22:12
Show Gist options
  • Save daeken/2ae6494d365e69f0d22e26f1801db451 to your computer and use it in GitHub Desktop.
Save daeken/2ae6494d365e69f0d22e26f1801db451 to your computer and use it in GitHub Desktop.
------------------------------------------------------------------------
r210821 | fpizlo@apple.com | 2017-01-17 18:55:55 +0000 (Tue, 17 Jan 2017) | 121 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm
M /trunk/Source/JavaScriptCore/API/JSCallbackObject.h
M /trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
M /trunk/Source/JavaScriptCore/API/JSObjectRef.cpp
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/FunctionCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/ProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedEvalCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedModuleProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/heap/CodeBlockSet.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp
M /trunk/Source/JavaScriptCore/jit/JITThunks.cpp
M /trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp
M /trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp
M /trunk/Source/JavaScriptCore/runtime/JSCellInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSLock.h
M /trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp
M /trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp
M /trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
M /trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp
M /trunk/Source/JavaScriptCore/runtime/VM.h
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMIterator.h
M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
JSCell::classInfo() shouldn't have a bunch of mitigations for being called during destruction
https://bugs.webkit.org/show_bug.cgi?id=167066
Reviewed by Keith Miller and Michael Saboff.
Source/JavaScriptCore:
This reduces the size of JSCell::classInfo() by half and removes some checks that
this function previously had to do in case it was called from destructors.
I changed all of the destructors so that they don't call JSCell::classInfo() and I
added an assertion to JSCell::classInfo() to catch cases where someone called it
from a destructor accidentally.
This means that we only have one place in destruction that needs to know the class:
the sweeper's call to the destructor.
One of the trickiest outcomes of this is the need to support inherits() tests in
JSObjectGetPrivate(), when it is called from the destructor callback on the object
being destructed. JSObjectGetPrivate() is undefined behavior anyway if you use it
on any dead-but-not-destructed object other than the one being destructed right
now. The purpose of the inherits() tests is to distinguish between different kinds
of CallbackObjects, which may have different kinds of base classes. I think that
this was always subtly wrong - for example, if the object being destructed is a
JSGlobalObject then it's not a DestructibleObject, is not in a destructor block,
but does not have an immortal Structure - so classInfo() is not valid. This fixes
the issue by having ~JSCallbackObject know its classInfo. It now stashes its
classInfo in VM so that JSObjectGetPrivate can use that classInfo if it detects
that it's being used on a currently-destructing object.
That was the only really weird part of this patch. The rest is mostly removing
illegal uses of jsCast<> in destructors. There were a few other genuine uses of
classInfo() but they were in code that already knew how to get its classInfo()
using other means:
- You can still say structure()->classInfo(), and I use this form in code that
knows that its StructureIsImmortal.
- You can use this->classInfo() if it's overridden, like in subclasses of
JSDestructibleObject.
* API/JSAPIWrapperObject.mm:
(JSAPIWrapperObjectHandleOwner::finalize):
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::~JSCallbackObject):
(JSC::JSCallbackObject<Parent>::init):
* API/JSObjectRef.cpp:
(classInfoPrivate):
(JSObjectGetPrivate):
(JSObjectSetPrivate):
* bytecode/EvalCodeBlock.cpp:
(JSC::EvalCodeBlock::destroy):
* bytecode/FunctionCodeBlock.cpp:
(JSC::FunctionCodeBlock::destroy):
* bytecode/ModuleProgramCodeBlock.cpp:
(JSC::ModuleProgramCodeBlock::destroy):
* bytecode/ProgramCodeBlock.cpp:
(JSC::ProgramCodeBlock::destroy):
* bytecode/UnlinkedEvalCodeBlock.cpp:
(JSC::UnlinkedEvalCodeBlock::destroy):
* bytecode/UnlinkedFunctionCodeBlock.cpp:
(JSC::UnlinkedFunctionCodeBlock::destroy):
* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::destroy):
* bytecode/UnlinkedModuleProgramCodeBlock.cpp:
(JSC::UnlinkedModuleProgramCodeBlock::destroy):
* bytecode/UnlinkedProgramCodeBlock.cpp:
(JSC::UnlinkedProgramCodeBlock::destroy):
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::lastChanceToFinalize):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::allocateSlowCaseImpl):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::sweep):
* jit/JITThunks.cpp:
(JSC::JITThunks::finalize):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::destroy):
* runtime/ExecutableBase.cpp:
(JSC::ExecutableBase::clearCode):
* runtime/JSCellInlines.h:
(JSC::JSCell::classInfo):
(JSC::JSCell::callDestructor):
* runtime/JSLock.h:
(JSC::JSLock::ownerThread):
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::destroy):
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::destroy):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::JSPropertyNameEnumerator::destroy):
* runtime/JSSegmentedVariableObject.h:
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::destroy):
* runtime/VM.h:
* wasm/js/JSWebAssemblyCallee.cpp:
(JSC::JSWebAssemblyCallee::destroy):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::destroy):
* wasm/js/WebAssemblyToJSCallee.cpp:
(JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
(JSC::WebAssemblyToJSCallee::destroy):
Source/WebCore:
No new tests because no new behavior.
It's now necessary to avoid jsCast in destructors and finalizers. This was an easy
rule to introduce because this used to always be the rule.
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::JSDeprecatedCSSOMValueOwner::finalize):
* bindings/js/JSDOMIterator.h:
(WebCore::IteratorTraits>::destroy):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210824 | fpizlo@apple.com | 2017-01-17 20:25:36 +0000 (Tue, 17 Jan 2017) | 80 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm
M /trunk/Source/JavaScriptCore/API/JSCallbackObject.h
M /trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
M /trunk/Source/JavaScriptCore/API/JSObjectRef.cpp
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/FunctionCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/ProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedEvalCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedModuleProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/heap/CodeBlockSet.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp
M /trunk/Source/JavaScriptCore/jit/JITThunks.cpp
M /trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp
M /trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp
M /trunk/Source/JavaScriptCore/runtime/JSCellInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSLock.h
M /trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp
M /trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp
M /trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
M /trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp
M /trunk/Source/JavaScriptCore/runtime/VM.h
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMIterator.h
M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Unreviewed, roll out http://trac.webkit.org/changeset/210821
It was causing crashes.
Source/JavaScriptCore:
* API/JSAPIWrapperObject.mm:
(JSAPIWrapperObjectHandleOwner::finalize):
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::~JSCallbackObject):
(JSC::JSCallbackObject<Parent>::init):
* API/JSObjectRef.cpp:
(JSObjectGetPrivate):
(JSObjectSetPrivate):
(classInfoPrivate): Deleted.
* bytecode/EvalCodeBlock.cpp:
(JSC::EvalCodeBlock::destroy):
* bytecode/FunctionCodeBlock.cpp:
(JSC::FunctionCodeBlock::destroy):
* bytecode/ModuleProgramCodeBlock.cpp:
(JSC::ModuleProgramCodeBlock::destroy):
* bytecode/ProgramCodeBlock.cpp:
(JSC::ProgramCodeBlock::destroy):
* bytecode/UnlinkedEvalCodeBlock.cpp:
(JSC::UnlinkedEvalCodeBlock::destroy):
* bytecode/UnlinkedFunctionCodeBlock.cpp:
(JSC::UnlinkedFunctionCodeBlock::destroy):
* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::destroy):
* bytecode/UnlinkedModuleProgramCodeBlock.cpp:
(JSC::UnlinkedModuleProgramCodeBlock::destroy):
* bytecode/UnlinkedProgramCodeBlock.cpp:
(JSC::UnlinkedProgramCodeBlock::destroy):
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::lastChanceToFinalize):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::allocateSlowCaseImpl):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::sweep):
* jit/JITThunks.cpp:
(JSC::JITThunks::finalize):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::destroy):
* runtime/ExecutableBase.cpp:
(JSC::ExecutableBase::clearCode):
* runtime/JSCellInlines.h:
(JSC::JSCell::classInfo):
(JSC::JSCell::callDestructor):
* runtime/JSLock.h:
(JSC::JSLock::exclusiveThread):
(JSC::JSLock::ownerThread): Deleted.
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::destroy):
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::destroy):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::JSPropertyNameEnumerator::destroy):
* runtime/JSSegmentedVariableObject.h:
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::destroy):
* runtime/VM.h:
* wasm/js/JSWebAssemblyCallee.cpp:
(JSC::JSWebAssemblyCallee::destroy):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::destroy):
* wasm/js/WebAssemblyToJSCallee.cpp:
(JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
(JSC::WebAssemblyToJSCallee::destroy):
Source/WebCore:
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::JSDeprecatedCSSOMValueOwner::finalize):
* bindings/js/JSDOMIterator.h:
(WebCore::IteratorTraits>::destroy):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210829 | fpizlo@apple.com | 2017-01-17 23:52:55 +0000 (Tue, 17 Jan 2017) | 131 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm
M /trunk/Source/JavaScriptCore/API/JSCallbackObject.h
M /trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
M /trunk/Source/JavaScriptCore/API/JSObjectRef.cpp
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecode/EvalCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/FunctionCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/ProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedEvalCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedModuleProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/UnlinkedProgramCodeBlock.cpp
M /trunk/Source/JavaScriptCore/heap/CodeBlockSet.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp
M /trunk/Source/JavaScriptCore/jit/JITThunks.cpp
M /trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp
M /trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp
M /trunk/Source/JavaScriptCore/runtime/JSCellInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSLock.h
M /trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp
M /trunk/Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp
M /trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
M /trunk/Source/JavaScriptCore/runtime/StructureInlines.h
M /trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp
M /trunk/Source/JavaScriptCore/runtime/VM.h
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.cpp
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/JSCSSValueCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMIterator.h
M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSInterfaceName.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIterable.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerialization.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp
JSCell::classInfo() shouldn't have a bunch of mitigations for being called during destruction
https://bugs.webkit.org/show_bug.cgi?id=167066
Reviewed by Keith Miller and Michael Saboff.
Source/JavaScriptCore:
This reduces the size of JSCell::classInfo() by half and removes some checks that
this function previously had to do in case it was called from destructors.
I changed all of the destructors so that they don't call JSCell::classInfo() and I
added an assertion to JSCell::classInfo() to catch cases where someone called it
from a destructor accidentally.
This means that we only have one place in destruction that needs to know the class:
the sweeper's call to the destructor.
One of the trickiest outcomes of this is the need to support inherits() tests in
JSObjectGetPrivate(), when it is called from the destructor callback on the object
being destructed. JSObjectGetPrivate() is undefined behavior anyway if you use it
on any dead-but-not-destructed object other than the one being destructed right
now. The purpose of the inherits() tests is to distinguish between different kinds
of CallbackObjects, which may have different kinds of base classes. I think that
this was always subtly wrong - for example, if the object being destructed is a
JSGlobalObject then it's not a DestructibleObject, is not in a destructor block,
but does not have an immortal Structure - so classInfo() is not valid. This fixes
the issue by having ~JSCallbackObject know its classInfo. It now stashes its
classInfo in VM so that JSObjectGetPrivate can use that classInfo if it detects
that it's being used on a currently-destructing object.
That was the only really weird part of this patch. The rest is mostly removing
illegal uses of jsCast<> in destructors. There were a few other genuine uses of
classInfo() but they were in code that already knew how to get its classInfo()
using other means:
- You can still say structure()->classInfo(), and I use this form in code that
knows that its StructureIsImmortal.
- You can use this->classInfo() if it's overridden, like in subclasses of
JSDestructibleObject.
Rolling this back in because I think I fixed the crashes.
* API/JSAPIWrapperObject.mm:
(JSAPIWrapperObjectHandleOwner::finalize):
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::~JSCallbackObject):
(JSC::JSCallbackObject<Parent>::init):
* API/JSObjectRef.cpp:
(classInfoPrivate):
(JSObjectGetPrivate):
(JSObjectSetPrivate):
* bytecode/EvalCodeBlock.cpp:
(JSC::EvalCodeBlock::destroy):
* bytecode/FunctionCodeBlock.cpp:
(JSC::FunctionCodeBlock::destroy):
* bytecode/ModuleProgramCodeBlock.cpp:
(JSC::ModuleProgramCodeBlock::destroy):
* bytecode/ProgramCodeBlock.cpp:
(JSC::ProgramCodeBlock::destroy):
* bytecode/UnlinkedEvalCodeBlock.cpp:
(JSC::UnlinkedEvalCodeBlock::destroy):
* bytecode/UnlinkedFunctionCodeBlock.cpp:
(JSC::UnlinkedFunctionCodeBlock::destroy):
* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::destroy):
* bytecode/UnlinkedModuleProgramCodeBlock.cpp:
(JSC::UnlinkedModuleProgramCodeBlock::destroy):
* bytecode/UnlinkedProgramCodeBlock.cpp:
(JSC::UnlinkedProgramCodeBlock::destroy):
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::lastChanceToFinalize):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::allocateSlowCaseImpl):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::sweep):
* jit/JITThunks.cpp:
(JSC::JITThunks::finalize):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::destroy):
* runtime/ExecutableBase.cpp:
(JSC::ExecutableBase::clearCode):
* runtime/JSCellInlines.h:
(JSC::JSCell::classInfo):
(JSC::JSCell::callDestructor):
* runtime/JSLock.h:
(JSC::JSLock::ownerThread):
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::destroy):
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::destroy):
* runtime/JSPropertyNameEnumerator.cpp:
(JSC::JSPropertyNameEnumerator::destroy):
* runtime/JSSegmentedVariableObject.h:
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::destroy):
* runtime/VM.h:
* wasm/js/JSWebAssemblyCallee.cpp:
(JSC::JSWebAssemblyCallee::destroy):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::destroy):
* wasm/js/WebAssemblyToJSCallee.cpp:
(JSC::WebAssemblyToJSCallee::WebAssemblyToJSCallee):
(JSC::WebAssemblyToJSCallee::destroy):
Source/WebCore:
No new tests because no new behavior.
It's now necessary to avoid jsCast in destructors and finalizers. This was an easy
rule to introduce because this used to always be the rule.
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::JSDeprecatedCSSOMValueOwner::finalize):
* bindings/js/JSDOMIterator.h:
(WebCore::IteratorTraits>::destroy):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
Source/WebKit2:
Just remove now-erroneous use of jsCast<>.
* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::finalize):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210832 | commit-queue@webkit.org | 2017-01-18 00:11:30 +0000 (Wed, 18 Jan 2017) | 42 lines
Changed paths:
M /trunk/ChangeLog
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/wtf/FeatureDefines.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebKit/mac/ChangeLog
M /trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig
M /trunk/Source/cmake/OptionsEfl.cmake
M /trunk/Source/cmake/OptionsWin.cmake
M /trunk/Source/cmake/WebKitFeatures.cmake
M /trunk/Source/cmake/tools/vsprops/FeatureDefines.props
M /trunk/Source/cmake/tools/vsprops/FeatureDefinesCairo.props
M /trunk/Tools/ChangeLog
M /trunk/Tools/Scripts/webkitperl/FeatureList.pm
M /trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig
ENABLE(USER_TIMING) Not Defined for Apple Windows or OS X Ports
https://bugs.webkit.org/show_bug.cgi?id=116551
<rdar://problem/13949830>
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-01-17
Reviewed by Alex Christensen.
.:
* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsWin.cmake:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmake/tools/vsprops/FeatureDefines.props:
* Source/cmake/tools/vsprops/FeatureDefinesCairo.props:
Source/JavaScriptCore:
* Configurations/FeatureDefines.xcconfig:
Source/WebCore:
* Configurations/FeatureDefines.xcconfig:
Source/WebKit/mac:
* Configurations/FeatureDefines.xcconfig:
Source/WebKit2:
* Configurations/FeatureDefines.xcconfig:
Source/WTF:
* wtf/FeatureDefines.h:
Tools:
* Scripts/webkitperl/FeatureList.pm:
Remove stale RESOURCE_TIMING references which are now a runtime enabled feature
that is part of the existing WEB_TIMING feature.
* TestWebKitAPI/Configurations/FeatureDefines.xcconfig:
------------------------------------------------------------------------
------------------------------------------------------------------------
r210837 | msaboff@apple.com | 2017-01-18 01:27:04 +0000 (Wed, 18 Jan 2017) | 82 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/microbenchmarks/regexp-nested-nonzero-min-counted-parens.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/yarr/YarrInterpreter.cpp
M /trunk/Source/JavaScriptCore/yarr/YarrInterpreter.h
M /trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp
M /trunk/Source/JavaScriptCore/yarr/YarrPattern.cpp
M /trunk/Source/JavaScriptCore/yarr/YarrPattern.h
Nested parenthesized regular expressions with non-zero minimum counts appear to hang and use lots of memory
https://bugs.webkit.org/show_bug.cgi?id=167125
Reviewed by Filip Pizlo.
JSTests:
* microbenchmarks/regexp-nested-nonzero-min-counted-parens.js: Added.
New test with limits that run slow and take a reasonable amount of memory
before the change and run fast, using little memory with the change.
Source/JavaScriptCore:
Changed Yarr to handle nested parenthesized subexpressions where the minimum count is
not 0 directly in the Yarr interpreter. Previously we'd factor an expression like
(a|b)+ into (a|b)(a|b)* with special handling for captures. This factoring was done
using a deep copy that doubled the size of the resulting expresion for each nested
parenthesized subexpression. Now the Yarr interpreter can directly process a regexp
like (a|b){2,42}.
The parser will allow one level of nested, non-zero minimum, counted parenthesis using
the old copy method. After one level, it will generate parenthesis terms with a non-zero
minimum. Such an expression wasn't handled by the Yarr JIT before the change, so this
change isn't a performance regression.
Added a minimum count to the YarrPattern and ByteTerm classes, and then factored that
minimum into the interpreter. A non-zero minimum is only handled by the Yarr interpreter.
If the Yarr JIT see such a term, it punts back to the interpreter.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::backtrackPatternCharacter):
(JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
(JSC::Yarr::Interpreter::matchCharacterClass):
(JSC::Yarr::Interpreter::backtrackCharacterClass):
(JSC::Yarr::Interpreter::matchBackReference):
(JSC::Yarr::Interpreter::backtrackBackReference):
(JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
(JSC::Yarr::Interpreter::matchParenthesesOnceEnd):
(JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
(JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
(JSC::Yarr::Interpreter::matchParenthesesTerminalBegin):
(JSC::Yarr::Interpreter::backtrackParenthesesTerminalBegin):
(JSC::Yarr::Interpreter::matchParentheticalAssertionBegin):
(JSC::Yarr::Interpreter::matchParentheticalAssertionEnd):
(JSC::Yarr::Interpreter::backtrackParentheticalAssertionBegin):
(JSC::Yarr::Interpreter::backtrackParentheticalAssertionEnd):
(JSC::Yarr::Interpreter::matchParentheses):
(JSC::Yarr::Interpreter::backtrackParentheses):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::ByteCompiler::atomPatternCharacter):
(JSC::Yarr::ByteCompiler::atomCharacterClass):
(JSC::Yarr::ByteCompiler::atomBackReference):
(JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
(JSC::Yarr::ByteCompiler::emitDisjunction):
* yarr/YarrInterpreter.h:
(JSC::Yarr::ByteTerm::ByteTerm):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
(JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
(JSC::Yarr::YarrGenerator::generateTerm):
(JSC::Yarr::YarrGenerator::backtrackTerm):
(JSC::Yarr::YarrGenerator::generate):
(JSC::Yarr::YarrGenerator::backtrack):
(JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::copyTerm):
(JSC::Yarr::YarrPatternConstructor::quantifyAtom):
(JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
(JSC::Yarr::YarrPattern::YarrPattern):
* yarr/YarrPattern.h:
(JSC::Yarr::PatternTerm::PatternTerm):
(JSC::Yarr::PatternTerm::quantify):
(JSC::Yarr::YarrPattern::reset):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210844 | fpizlo@apple.com | 2017-01-18 04:22:45 +0000 (Wed, 18 Jan 2017) | 403 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/microbenchmarks/stringalloc.js
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M /trunk/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h
M /trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
M /trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M /trunk/Source/JavaScriptCore/heap/AllocatorAttributes.h
A /trunk/Source/JavaScriptCore/heap/ConstraintVolatility.h
M /trunk/Source/JavaScriptCore/heap/GCActivityCallback.cpp
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
M /trunk/Source/JavaScriptCore/heap/Heap.h
M /trunk/Source/JavaScriptCore/heap/HeapInlines.h
M /trunk/Source/JavaScriptCore/heap/LargeAllocation.cpp
M /trunk/Source/JavaScriptCore/heap/LargeAllocation.h
M /trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedAllocator.h
A /trunk/Source/JavaScriptCore/heap/MarkedAllocatorInlines.h
M /trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedBlock.h
M /trunk/Source/JavaScriptCore/heap/MarkedBlockInlines.h
M /trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp
M /trunk/Source/JavaScriptCore/heap/MarkedSpace.h
M /trunk/Source/JavaScriptCore/heap/MarkingConstraint.cpp
M /trunk/Source/JavaScriptCore/heap/MarkingConstraint.h
M /trunk/Source/JavaScriptCore/heap/MarkingConstraintSet.cpp
M /trunk/Source/JavaScriptCore/heap/MarkingConstraintSet.h
M /trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp
M /trunk/Source/JavaScriptCore/heap/SlotVisitor.h
M /trunk/Source/JavaScriptCore/heap/SlotVisitorInlines.h
A /trunk/Source/JavaScriptCore/heap/Subspace.cpp
A /trunk/Source/JavaScriptCore/heap/Subspace.h
A /trunk/Source/JavaScriptCore/heap/SubspaceInlines.h
M /trunk/Source/JavaScriptCore/heap/WeakBlock.cpp
M /trunk/Source/JavaScriptCore/heap/WeakBlock.h
M /trunk/Source/JavaScriptCore/heap/WeakSet.h
M /trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h
M /trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp
M /trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/runtime/ButterflyInlines.h
M /trunk/Source/JavaScriptCore/runtime/ClassInfo.h
M /trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp
M /trunk/Source/JavaScriptCore/runtime/DirectArguments.cpp
M /trunk/Source/JavaScriptCore/runtime/GenericArgumentsInlines.h
M /trunk/Source/JavaScriptCore/runtime/HashMapImpl.h
M /trunk/Source/JavaScriptCore/runtime/JSArray.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp
M /trunk/Source/JavaScriptCore/runtime/JSCell.h
M /trunk/Source/JavaScriptCore/runtime/JSCellInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSDestructibleObject.h
A /trunk/Source/JavaScriptCore/runtime/JSDestructibleObjectSubspace.cpp
A /trunk/Source/JavaScriptCore/runtime/JSDestructibleObjectSubspace.h
M /trunk/Source/JavaScriptCore/runtime/JSObject.h
M /trunk/Source/JavaScriptCore/runtime/JSObjectInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
M /trunk/Source/JavaScriptCore/runtime/JSString.h
A /trunk/Source/JavaScriptCore/runtime/JSStringSubspace.cpp
A /trunk/Source/JavaScriptCore/runtime/JSStringSubspace.h
M /trunk/Source/JavaScriptCore/runtime/RegExpMatchesArray.h
M /trunk/Source/JavaScriptCore/runtime/VM.cpp
M /trunk/Source/JavaScriptCore/runtime/VM.h
M /trunk/Source/WebCore/CMakeLists.txt
M /trunk/Source/WebCore/ChangeLog
A /trunk/Source/WebCore/ForwardingHeaders/heap/MarkedAllocatorInlines.h
A /trunk/Source/WebCore/ForwardingHeaders/heap/MarkedBlockInlines.h
A /trunk/Source/WebCore/ForwardingHeaders/heap/MarkingConstraint.h
A /trunk/Source/WebCore/ForwardingHeaders/heap/SubspaceInlines.h
A /trunk/Source/WebCore/ForwardingHeaders/heap/VisitingTimeout.h
M /trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj
M /trunk/Source/WebCore/bindings/js/CommonVM.cpp
M /trunk/Source/WebCore/bindings/js/CommonVM.h
M /trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMWrapper.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMWrapper.h
A /trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp
M /trunk/Source/WebCore/bindings/js/WebCoreJSClientData.h
M /trunk/Source/WebCore/bindings/js/WorkerScriptController.cpp
M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
M /trunk/Source/WebCore/dom/ContainerNodeAlgorithms.cpp
Make opaque root scanning truly constraint-based
https://bugs.webkit.org/show_bug.cgi?id=165760
Reviewed by Geoffrey Garen.
JSTests:
Added this test, which demonstrates the benefit of having a dedicated string subspace.
* microbenchmarks/stringalloc.js: Added.
Source/JavaScriptCore:
We have bugs when visitChildren() changes its mind about what opaque root to add, since
we don't have barriers on opaque roots. This supposedly once worked for generational GC,
and I started adding more barriers to support concurrent GC. But I think that the real
bug here is that we want the JSObject->OpaqueRoot to be evaluated as a constraint that
participates in the fixpoint. I like to think of this as an *output* constraint, because it
is concerned with outgoing edges in the heap from the object that registered the constraint.
An *input* constraint is like what Weak<> does when deciding whether the thing it points to
should be live.
Whether or not an object has output constraints depends on its type. So, we want the GC to
have a feature where we rapidly call some function on all marked objects of some type.
It's easy to rapidly scan all marked objects in a MarkedBlock. So, we want to allocate all
objects that have output constraints in their own MarkedBlocks and we want to track the set
of MarkedBlocks with output constraints.
This patch makes it easy to have clients of JSC's internal C++ APIs create a Subspace - like
what we used to call MarkedSpace::Subspace but now it's in the JSC namespace - which is
a collection of objects that you can easily scan during GC from a MarkingConstraint. It's
now possible for internal C++ API clients to register their own MarkingConstraints. The DOM
now uses this to create two Subspaces (more on why two below) and it calls
JSCell::visitOutputConstraints() on all of the marked objects in those subspaces using a new
MarkingConstraint. That MarkingConstraint uses a new style of volatility, called
SeldomGreyed, which is like GreyedByExecution except it is opportunistically not executed
as roots in the hopes that their sole execution will be the snapshot-at-the-end. I also
converted the CodeBlock rescan constraint to SeldomGreyed, since that's also an output
constraint.
This patch also uses Subspace for something pretty obvious: knowing how to call the
destructor. Subspaces can specialize the sweep for their way of invoking destructors. We
have the following subspaces:
- auxiliary
- cell
- destructibleCell - for JSCell subclasses that have destructors and StructureIsImmortal
- stringSpace - inlines ~JSString into the sweep, making string allocation 7% faster
- destructibleObjectSpace - for JSDestructibleObject subclasses
And WebCore adds:
- outputConstraint - for JSDOMObjects that have a visitAdditionalChildren
- globalObjectOutputConstraint - for JSDOMGlobalObjects that have a visitAdditionalChildren,
since JSDOMGlobalObjects are not JSDestructibleObjects
The Subspace for a type is selected by saying JSC::subspaceFor<Type>(vm). This calls
Type::subspaceFor<Type>(vm). This allows cell classes to override subspaceFor<> and it
allows any subspaceFor<> implementation to query static flags in the type. This is how
JSCell::subspaceFor<> can select either cellSpace or destructibleCellSpace.
This patch is mostly about:
- Moving MarkedSpace::Subspace out of MarkedSpace and making it a nice class with a nice
API. Almost all of its functionality is just taken out of MarkedSpace.
- Converting users of the old API for allocating objects and getting MarkedAllocators, like
heap.allocatorForObjectWithoutDestructor() and its friends. That would now say
vm.cellSpace.allocatorFor().
Altogether, this means that we only have a small regression on Dromaeo. The regression is
due to the fact that we scan output constraints. Before the Subspace optimizations (see
r209766, which was rolled out in r209812), this regression on Dromaeo/jslib was 2x but after
the optimizations in this patch it's only 1.12x. Note that Dromaeo/jslib creats gigabytes of
DOM nodes. Compared to web pages, this is a very extreme synthetic microbenchmark. Still, we
like optimizing these because we don't want to presume what web pages will look like.
The use of Subspaces to specialize destructors happened not because it's super necessary but
because I wanted to introduce a single unified way of communicating to the GC how to treat
different types. Any Subspace feature that allowed us to collect some types together would
have to be mindful of the destructorness of objects. I could have turned this into a
liability where each Subspace has two subsubspaces - one for destructor objects and one for
non-destructor objects, which would have allowed me to keep the old sweep specialization
code. Just days prior, mlam wanted to do something that was hard because of that old sweep
specializer, so I decided to take the opportunity to fix the sweep specializer while also
making Subspace be the one true way of teaching the GC about types. To validate that this
actually does things, I added a JSStringSubspace and a test that shows that this is a 7%
string allocation progression.
In bug 167066, I'm getting rid of the rest of the code in JSC that would special-case for
JSDestructibleObject vs StructureIsImmortal by using the GC's DestructionMode. After that,
Subspace will be only mechanism by which JSC uses the GC to encode types.
Prior to this change, having multiple MarkedSpace::Subspaces would have been expensive
because they create a bunch of MarkedAllocators upfront. We now have the ability to create
MarkedAllocators lazily. We create them on the first allocation from that size class or when
a JIT asks for the MarkedAllocator. The concurrent JITs can ask for MarkedAllocators because
their creation is under a lock.
On my machine, this might be a 1.1% JetStream speed-up with 87% confidence and it might be
a 0.4% PLT3 slow-down with 92% confidence. Note that 0.4% on PLT3 is the level of systematic
error on PLT3 on my computer: I've seen definite 0.4% speed-ups and slow-downs that were not
confirmed by any bot. Let's see what the bots say.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/ObjectAllocationProfile.h:
(JSC::ObjectAllocationProfile::initialize):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generateImpl):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::compileMakeRope):
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileNewTypedArray):
(JSC::DFG::SpeculativeJIT::emitAllocateButterfly):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocatorForSize):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
* heap/AllocatorAttributes.h:
(JSC::AllocatorAttributes::AllocatorAttributes):
* heap/ConstraintVolatility.h: Added.
(WTF::printInternal):
* heap/GCActivityCallback.cpp:
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::lastChanceToFinalize):
(JSC::Heap::markToFixpoint):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collectInThread):
(JSC::Heap::stopTheWorld):
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::bytesVisited):
(JSC::Heap::addCoreConstraints):
(JSC::Heap::addMarkingConstraint):
(JSC::Heap::notifyIsSafeToCollect):
(JSC::Heap::preventCollection):
(JSC::Heap::allowCollection):
(JSC::Heap::setMutatorShouldBeFenced):
(JSC::Heap::buildConstraintSet): Deleted.
(JSC::Heap::writeBarrierOpaqueRootSlow): Deleted.
(JSC::Heap::addMutatorShouldBeFencedCache): Deleted.
* heap/Heap.h:
(JSC::Heap::mutatorExecutionVersion):
(JSC::Heap::numOpaqueRoots):
(JSC::Heap::vm): Deleted.
(JSC::Heap::subspaceForObjectWithoutDestructor): Deleted.
(JSC::Heap::subspaceForObjectDestructor): Deleted.
(JSC::Heap::subspaceForAuxiliaryData): Deleted.
(JSC::Heap::allocatorForObjectWithoutDestructor): Deleted.
(JSC::Heap::allocatorForObjectWithDestructor): Deleted.
(JSC::Heap::allocatorForAuxiliaryData): Deleted.
* heap/HeapInlines.h:
(JSC::Heap::vm):
(JSC::Heap::allocateWithDestructor): Deleted.
(JSC::Heap::allocateWithoutDestructor): Deleted.
(JSC::Heap::allocateObjectOfType): Deleted.
(JSC::Heap::subspaceForObjectOfType): Deleted.
(JSC::Heap::allocatorForObjectOfType): Deleted.
(JSC::Heap::allocateAuxiliary): Deleted.
(JSC::Heap::tryAllocateAuxiliary): Deleted.
(JSC::Heap::tryReallocateAuxiliary): Deleted.
(JSC::Heap::ascribeOwner): Deleted.
(JSC::Heap::writeBarrierOpaqueRoot): Deleted.
* heap/LargeAllocation.cpp:
(JSC::LargeAllocation::tryCreate):
(JSC::LargeAllocation::LargeAllocation):
(JSC::LargeAllocation::~LargeAllocation):
(JSC::LargeAllocation::sweep):
* heap/LargeAllocation.h:
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::MarkedAllocator):
(JSC::MarkedAllocator::tryAllocateWithoutCollecting):
(JSC::MarkedAllocator::tryAllocateIn):
(JSC::MarkedAllocator::allocateSlowCaseImpl):
(JSC::MarkedAllocator::tryAllocateBlock):
(JSC::MarkedAllocator::shrink):
(JSC::MarkedAllocator::markedSpace):
* heap/MarkedAllocator.h:
(JSC::MarkedAllocator::nextAllocatorInSubspace):
(JSC::MarkedAllocator::setNextAllocatorInSubspace):
(JSC::MarkedAllocator::subspace):
(JSC::MarkedAllocator::tryAllocate): Deleted.
(JSC::MarkedAllocator::allocate): Deleted.
(JSC::MarkedAllocator::forEachBlock): Deleted.
* heap/MarkedAllocatorInlines.h: Added.
(JSC::MarkedAllocator::tryAllocate):
(JSC::MarkedAllocator::allocate):
(JSC::MarkedAllocator::forEachBlock):
(JSC::MarkedAllocator::forEachNotEmptyBlock):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::subspace):
(JSC::MarkedBlock::Handle::sweep):
(JSC::MarkedBlock::Handle::specializedSweep): Deleted.
(JSC::MarkedBlock::Handle::sweepHelperSelectScribbleMode): Deleted.
(JSC::MarkedBlock::Handle::sweepHelperSelectEmptyMode): Deleted.
(JSC::MarkedBlock::Handle::sweepHelperSelectHasNewlyAllocated): Deleted.
(JSC::MarkedBlock::Handle::sweepHelperSelectSweepMode): Deleted.
(JSC::MarkedBlock::Handle::sweepHelperSelectMarksMode): Deleted.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::Handle::visitWeakSet):
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::isNewlyAllocatedStale):
(JSC::MarkedBlock::Handle::hasAnyNewlyAllocated):
(JSC::MarkedBlock::heap):
(JSC::MarkedBlock::space):
(JSC::MarkedBlock::Handle::space):
(JSC::MarkedBlock::Handle::specializedSweep):
(JSC::MarkedBlock::Handle::finishSweepKnowingSubspace):
(JSC::MarkedBlock::Handle::sweepDestructionMode):
(JSC::MarkedBlock::Handle::emptyMode):
(JSC::MarkedBlock::Handle::scribbleMode):
(JSC::MarkedBlock::Handle::newlyAllocatedMode):
(JSC::MarkedBlock::Handle::marksMode):
(JSC::MarkedBlock::Handle::forEachMarkedCell):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::initializeSizeClassForStepSize):
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::lastChanceToFinalize):
(JSC::MarkedSpace::addMarkedAllocator):
(JSC::MarkedSpace::allocate): Deleted.
(JSC::MarkedSpace::tryAllocate): Deleted.
(JSC::MarkedSpace::allocateLarge): Deleted.
(JSC::MarkedSpace::tryAllocateLarge): Deleted.
* heap/MarkedSpace.h:
(JSC::MarkedSpace::heap):
(JSC::MarkedSpace::allocatorLock):
(JSC::MarkedSpace::subspaceForObjectsWithDestructor): Deleted.
(JSC::MarkedSpace::subspaceForObjectsWithoutDestructor): Deleted.
(JSC::MarkedSpace::subspaceForAuxiliaryData): Deleted.
(JSC::MarkedSpace::allocatorFor): Deleted.
(JSC::MarkedSpace::destructorAllocatorFor): Deleted.
(JSC::MarkedSpace::auxiliaryAllocatorFor): Deleted.
(JSC::MarkedSpace::allocateWithoutDestructor): Deleted.
(JSC::MarkedSpace::allocateWithDestructor): Deleted.
(JSC::MarkedSpace::allocateAuxiliary): Deleted.
(JSC::MarkedSpace::tryAllocateAuxiliary): Deleted.
(JSC::MarkedSpace::forEachSubspace): Deleted.
* heap/MarkingConstraint.cpp:
(JSC::MarkingConstraint::MarkingConstraint):
* heap/MarkingConstraint.h:
(JSC::MarkingConstraint::volatility):
* heap/MarkingConstraintSet.cpp:
(JSC::MarkingConstraintSet::resetStats):
(JSC::MarkingConstraintSet::add):
(JSC::MarkingConstraintSet::executeConvergenceImpl):
* heap/MarkingConstraintSet.h:
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::visitChildren):
(JSC::SlotVisitor::visitAsConstraint):
(JSC::SlotVisitor::drain):
(JSC::SlotVisitor::addOpaqueRoot):
(JSC::SlotVisitor::mergeIfNecessary):
(JSC::SlotVisitor::mergeOpaqueRootsIfNecessary): Deleted.
* heap/SlotVisitor.h:
(JSC::SlotVisitor::setIgnoreNewOpaqueRoots):
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::reportExtraMemoryVisited):
(JSC::SlotVisitor::reportExternalMemoryVisited):
* heap/Subspace.cpp: Added.
(JSC::Subspace::Subspace):
(JSC::Subspace::~Subspace):
(JSC::Subspace::finishSweep):
(JSC::Subspace::destroy):
(JSC::Subspace::allocate):
(JSC::Subspace::tryAllocate):
(JSC::Subspace::allocatorForSlow):
(JSC::Subspace::allocateSlow):
(JSC::Subspace::tryAllocateSlow):
* heap/Subspace.h: Added.
(JSC::Subspace::tryAllocatorFor):
(JSC::Subspace::allocatorFor):
* heap/SubspaceInlines.h: Added.
(JSC::Subspace::forEachMarkedBlock):
(JSC::Subspace::forEachNotEmptyMarkedBlock):
(JSC::Subspace::forEachLargeAllocation):
(JSC::Subspace::forEachMarkedCell):
* heap/WeakBlock.cpp:
(JSC::WeakBlock::specializedVisit):
* heap/WeakBlock.h:
* heap/WeakSet.h:
(JSC::WeakSet::visit):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
(JSC::AssemblyHelpers::emitAllocateVariableSized):
(JSC::AssemblyHelpers::emitAllocateVariableSizedCell):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_object):
* jsc.cpp:
* runtime/ButterflyInlines.h:
(JSC::Butterfly::createUninitialized):
(JSC::Butterfly::growArrayRight):
* runtime/ClassInfo.h:
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::createEmpty):
* runtime/DirectArguments.cpp:
(JSC::DirectArguments::overrideThings):
* runtime/GenericArgumentsInlines.h:
(JSC::GenericArguments<Type>::initModifiedArgumentsDescriptor):
* runtime/HashMapImpl.h:
(JSC::HashMapBuffer::create):
* runtime/JSArray.cpp:
(JSC::JSArray::tryCreateUninitialized):
(JSC::JSArray::unshiftCountSlowCase):
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
* runtime/JSCell.h:
(JSC::subspaceFor):
* runtime/JSCellInlines.h:
(JSC::JSCell::visitOutputConstraints):
(JSC::JSCell::subspaceFor):
(JSC::allocateCell):
* runtime/JSDestructibleObject.h:
(JSC::JSDestructibleObject::subspaceFor):
* runtime/JSDestructibleObjectSubspace.cpp: Added.
(JSC::JSDestructibleObjectSubspace::JSDestructibleObjectSubspace):
(JSC::JSDestructibleObjectSubspace::~JSDestructibleObjectSubspace):
(JSC::JSDestructibleObjectSubspace::finishSweep):
(JSC::JSDestructibleObjectSubspace::destroy):
* runtime/JSDestructibleObjectSubspace.h: Added.
* runtime/JSObject.h:
(JSC::JSObject::JSObject):
* runtime/JSObjectInlines.h:
* runtime/JSSegmentedVariableObject.h:
* runtime/JSString.h:
(JSC::JSString::subspaceFor):
* runtime/JSStringSubspace.cpp: Added.
(JSC::JSStringSubspace::JSStringSubspace):
(JSC::JSStringSubspace::~JSStringSubspace):
(JSC::JSStringSubspace::finishSweep):
(JSC::JSStringSubspace::destroy):
* runtime/JSStringSubspace.h: Added.
* runtime/RegExpMatchesArray.h:
(JSC::tryCreateUninitializedRegExpMatchesArray):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
Source/WebCore:
No new tests yet. I think that writing tests for this is a big investigation:
https://bugs.webkit.org/show_bug.cgi?id=165808
Remove the previous advancing wavefront DOM write barrier. I don't think this will scale
very well. It's super confusing.
This change makes it so that visitAdditionalChildren can become a GC constraint that
executes as part of the fixpoint. This changes all WebCore visitAdditionalChildren into
output constraints by using new JSC API for Subspaces and MarkingConstraints.
* ForwardingHeaders/heap/MarkedAllocatorInlines.h: Added.
* ForwardingHeaders/heap/MarkedBlockInlines.h: Added.
* ForwardingHeaders/heap/MarkingConstraint.h: Added.
* ForwardingHeaders/heap/SubspaceInlines.h: Added.
* ForwardingHeaders/heap/VisitingTimeout.h: Added.
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/CommonVM.cpp:
(WebCore::commonVMSlow):
(WebCore::writeBarrierOpaqueRootSlow): Deleted.
* bindings/js/CommonVM.h:
(WebCore::writeBarrierOpaqueRoot): Deleted.
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::finishCreation):
(WebCore::JSDOMGlobalObject::scriptExecutionContext):
* bindings/js/JSDOMWrapper.cpp:
(WebCore::outputConstraintSubspaceFor):
(WebCore::globalObjectOutputConstraintSubspaceFor):
* bindings/js/JSDOMWrapper.h:
* bindings/js/WebCoreJSClientData.cpp: Added.
(WebCore::JSVMClientData::JSVMClientData):
(WebCore::JSVMClientData::~JSVMClientData):
(WebCore::JSVMClientData::getAllWorlds):
(WebCore::initNormalWorldClientData):
* bindings/js/WebCoreJSClientData.h:
(WebCore::JSVMClientData::outputConstraintSpace):
(WebCore::JSVMClientData::globalObjectOutputConstraintSpace):
(WebCore::JSVMClientData::forEachOutputConstraintSpace):
(WebCore::JSVMClientData::JSVMClientData): Deleted.
(WebCore::JSVMClientData::~JSVMClientData): Deleted.
(WebCore::JSVMClientData::getAllWorlds): Deleted.
(WebCore::initNormalWorldClientData): Deleted.
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
* dom/ContainerNodeAlgorithms.cpp:
(WebCore::notifyChildNodeInserted):
(WebCore::notifyChildNodeRemoved):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210849 | ossy@webkit.org | 2017-01-18 10:24:49 +0000 (Wed, 18 Jan 2017) | 8 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/EdenGCActivityCallback.cpp
Fix the JSCOnly build after r210844
https://bugs.webkit.org/show_bug.cgi?id=167155
Unreviewed buildfix.
* heap/EdenGCActivityCallback.cpp:
------------------------------------------------------------------------
------------------------------------------------------------------------
r210852 | bburg@apple.com | 2017-01-18 17:55:06 +0000 (Wed, 18 Jan 2017) | 27 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/inspector/scripts/codegen/objc_generator_templates.py
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/definitions-with-mac-platform.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/enum-values.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/ios/expected/definitions-with-mac-platform.json-result
M /trunk/Source/JavaScriptCore/inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result
Web Inspector: remove an unnecessary include in generated Objective-C Inspector protocol code
https://bugs.webkit.org/show_bug.cgi?id=167156
Rubber-stamped by Geoffrey Garen.
* inspector/scripts/codegen/objc_generator_templates.py:
This include of config.h doesn't make sense when using the code generator
outside of JavaScriptCore/WebKit. It is not necessary either, so remove it.
* inspector/scripts/tests/all/expected/definitions-with-mac-platform.json-result:
* inspector/scripts/tests/generic/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/generic/expected/definitions-with-mac-platform.json-result:
* inspector/scripts/tests/generic/expected/domains-with-varying-command-sizes.json-result:
* inspector/scripts/tests/generic/expected/enum-values.json-result:
* inspector/scripts/tests/generic/expected/events-with-optional-parameters.json-result:
* inspector/scripts/tests/generic/expected/generate-domains-with-feature-guards.json-result:
* inspector/scripts/tests/generic/expected/same-type-id-different-domain.json-result:
* inspector/scripts/tests/generic/expected/shadowed-optional-type-setters.json-result:
* inspector/scripts/tests/generic/expected/type-declaration-aliased-primitive-type.json-result:
* inspector/scripts/tests/generic/expected/type-declaration-array-type.json-result:
* inspector/scripts/tests/generic/expected/type-declaration-enum-type.json-result:
* inspector/scripts/tests/generic/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/generic/expected/type-requiring-runtime-casts.json-result:
* inspector/scripts/tests/ios/expected/definitions-with-mac-platform.json-result:
* inspector/scripts/tests/mac/expected/definitions-with-mac-platform.json-result:
Rebaseline test results.
------------------------------------------------------------------------
------------------------------------------------------------------------
r210858 | fpizlo@apple.com | 2017-01-18 19:30:50 +0000 (Wed, 18 Jan 2017) | 9 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSObjectRef.cpp
M /trunk/Source/JavaScriptCore/ChangeLog
JSObjectSetPrivate should not use jsCast<>
rdar://problem/30069096
Reviewed by Keith Miller.
* API/JSObjectRef.cpp:
(JSObjectSetPrivate):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210891 | antti@apple.com | 2017-01-18 22:53:39 +0000 (Wed, 18 Jan 2017) | 13 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
Only delete source provider caches on full collection
https://bugs.webkit.org/show_bug.cgi?id=167173
Reviewed by Andreas Kling.
They are currently often wiped and recreated during page loading due to eden collections.
It is not clear that tying the lifetime of these caches to gc makes sense at all but this
should at least help some.
* heap/Heap.cpp:
(JSC::Heap::deleteSourceProviderCaches):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210910 | commit-queue@webkit.org | 2017-01-19 05:06:10 +0000 (Thu, 19 Jan 2017) | 26 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/inspector/console/console-table-expected.txt
M /trunk/LayoutTests/inspector/console/console-table.html
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/inspector/InjectedScriptSource.js
M /trunk/Source/WebInspectorUI/ChangeLog
M /trunk/Source/WebInspectorUI/UserInterface/Views/ConsoleMessageView.js
Web Inspector: console.table only works for the first 5 properties
https://bugs.webkit.org/show_bug.cgi?id=167175
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-01-18
Reviewed by Timothy Hatcher.
Source/JavaScriptCore:
* inspector/InjectedScriptSource.js:
(InjectedScript.prototype.wrapTable):
(InjectedScript.RemoteObject.createObjectPreviewForValue):
(InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
Pass through secondLevelKeys. Though the keys are themselves ignored, the
existence is a signal that we should send more than the first 5 properties.
Source/WebInspectorUI:
* UserInterface/Views/ConsoleMessageView.js:
(WebInspector.ConsoleMessageView.prototype._formatParameterAsTable):
Allow a max of 15 columns instead of 10.
LayoutTests:
* inspector/console/console-table-expected.txt:
* inspector/console/console-table.html:
Include a test that we get values beyond the first 5 properties.
------------------------------------------------------------------------
------------------------------------------------------------------------
r210912 | fpizlo@apple.com | 2017-01-19 05:13:21 +0000 (Thu, 19 Jan 2017) | 70 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSCallbackObject.cpp
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/runtime/JSGlobalLexicalEnvironment.h
M /trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h
M /trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
A /trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObjectSubspace.cpp
A /trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObjectSubspace.h
M /trunk/Source/JavaScriptCore/runtime/VM.cpp
M /trunk/Source/JavaScriptCore/runtime/VM.h
M /trunk/Source/JavaScriptCore/testRegExp.cpp
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp
M /trunk/Source/WebCore/bindings/js/WebCoreJSClientData.h
M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
JSSegmentedVariableObject and its subclasses should have a sane destruction story
https://bugs.webkit.org/show_bug.cgi?id=167193
Reviewed by Saam Barati.
Source/JavaScriptCore:
Prior to this change, JSSegmentedVariableObjects' subclasses install finalizers that call
destroy. They did this in random ways, which sometimes resulted in
JSSegmentedVariableObject::~JSSegmentedVariableObject executing more than once (which worked
because of the way that ~SegmentedVector is written). Maybe this works now, but it's a disaster
waiting to happen.
Fortunately we can now just give those things their own Subspace and teach it its own protocol of
destruction. This change introduces JSSegmentedVariableObjectSubspace and stashes a m_classInfo
in JSSegmentedVariableObject. Now, subclasses of JSSegmentedVariableObject are destructible in
much the same way as JSDestructibleObject without having to be subclasses of
JSDestructibleObject.
* API/JSCallbackObject.cpp:
(JSC::JSCallbackObject<JSGlobalObject>::create):
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* jsc.cpp:
(GlobalObject::create):
* runtime/JSGlobalLexicalEnvironment.h:
(JSC::JSGlobalLexicalEnvironment::create):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::finishCreation):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create): Deleted.
(JSC::JSGlobalObject::finishCreation): Deleted.
* runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::destroy):
(JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
(JSC::JSSegmentedVariableObject::~JSSegmentedVariableObject):
(JSC::JSSegmentedVariableObject::finishCreation):
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::subspaceFor):
(JSC::JSSegmentedVariableObject::classInfo):
(JSC::JSSegmentedVariableObject::JSSegmentedVariableObject): Deleted.
(JSC::JSSegmentedVariableObject::finishCreation): Deleted.
* runtime/JSSegmentedVariableObjectSubspace.cpp: Added.
(JSC::JSSegmentedVariableObjectSubspace::JSSegmentedVariableObjectSubspace):
(JSC::JSSegmentedVariableObjectSubspace::~JSSegmentedVariableObjectSubspace):
(JSC::JSSegmentedVariableObjectSubspace::finishSweep):
(JSC::JSSegmentedVariableObjectSubspace::destroy):
* runtime/JSSegmentedVariableObjectSubspace.h: Added.
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* testRegExp.cpp:
(GlobalObject::create):
Source/WebCore:
No new tests because no new behavior.
JSSegmentedVariableObjects now get to have a sane destruction story. This means switching
subspace types for the DOM's global object subspace.
* bindings/js/WebCoreJSClientData.cpp:
(WebCore::JSVMClientData::JSVMClientData):
* bindings/js/WebCoreJSClientData.h:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210919 | utatane.tea@gmail.com | 2017-01-19 08:40:05 +0000 (Thu, 19 Jan 2017) | 26 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/b3/B3PureCSE.cpp
M /trunk/Source/JavaScriptCore/b3/testb3.cpp
[B3] B3 strength reduction could encounter Value without owner in PureCSE
https://bugs.webkit.org/show_bug.cgi?id=167161
Reviewed by Filip Pizlo.
PureCSE relies on the fact that all the stored Values have owner member.
This assumption is broken when you execute specializeSelect in B3ReduceStrength phase.
It clears owner of Values which are in between Select and Check to clone them to then/else
blocks. If these cleared Values are already stored in PureCSE map, this map poses a Value
with nullptr owner in PureCSE.
This patch changes PureCSE to ignore stored Values tha have nullptr owner. This even means
that a client of PureCSE could deliberately null the owner if they wanted to signal the
Value should be ignored.
While PureCSE ignores chance for optimization if Value's owner is nullptr, in the current
strength reduction algorithm, this does not hurt optimization because CSE will be eventually
applied since the strength reduction phase want to reach fixed point. But even without
this iterations, our result itself is valid since PureCSE is allowed to be conservative.
* b3/B3PureCSE.cpp:
(JSC::B3::PureCSE::findMatch):
(JSC::B3::PureCSE::process):
* b3/testb3.cpp:
(JSC::B3::testCheckSelectAndCSE):
(JSC::B3::run):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210925 | gskachkov@gmail.com | 2017-01-19 17:10:31 +0000 (Thu, 19 Jan 2017) | 29 lines
Changed paths:
M /trunk/JSTests/ChangeLog
M /trunk/JSTests/stress/async-arrow-functions-lexical-binding-in-class.js
M /trunk/JSTests/stress/async-arrow-functions-lexical-new.target-binding.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
"this" missing after await in async arrow function
https://bugs.webkit.org/show_bug.cgi?id=166919
Reviewed by Saam Barati.
Source/JavaScriptCore:
This patch fixed issue in async arrow function. Issue appears because in arrow
function _this_ is loaded from arrow function virtual scope.
Async arrow function can be suspended and when resuming should be used _this_ from
virtual scope, to allow this we load _this_ from virtual scope before store it to
generator.generatorThis property
* bytecompiler/NodesCodegen.cpp:
(JSC::FunctionNode::emitBytecode):
JSTests:
* stress/async-arrow-functions-lexical-binding-in-class.js:
(ChildClass.prototype.asyncThisPropWithAwaitBody):
(ChildClass.prototype.asyncThisPropInEvalWithAwaitBody):
(ChildClass.prototype.asyncThisValueBodyWithAwait):
(ChildClass.prototype.asyncThisValueInEvalWithAwaitBody):
(ChildClass):
(ChildClass3):
(ChildClass3.prototype.classValue):
(ChildClass3.prototype.get classProperty):
* stress/async-arrow-functions-lexical-new.target-binding.js:
(C2WithAwait):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210932 | mmaxfield@apple.com | 2017-01-19 19:24:12 +0000 (Thu, 19 Jan 2017) | 27 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebKit/mac/ChangeLog
M /trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig
M /trunk/Tools/ChangeLog
M /trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig
[Cocoa] Variation fonts are erroneously disabled on iOS
https://bugs.webkit.org/show_bug.cgi?id=167172
Reviewed by Simon Fraser.
OpenSource builders don't seem to understand sdk=embedded*.
Source/JavaScriptCore:
* Configurations/FeatureDefines.xcconfig:
Source/WebCore:
* Configurations/FeatureDefines.xcconfig:
Source/WebKit/mac:
* Configurations/FeatureDefines.xcconfig:
Source/WebKit2:
* Configurations/FeatureDefines.xcconfig:
Tools:
* TestWebKitAPI/Configurations/FeatureDefines.xcconfig:
------------------------------------------------------------------------
------------------------------------------------------------------------
r210935 | fpizlo@apple.com | 2017-01-19 20:53:42 +0000 (Thu, 19 Jan 2017) | 24 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSArray.cpp
The mutator needs to fire a barrier after memmoving stuff around in an object that the GC scans
https://bugs.webkit.org/show_bug.cgi?id=167208
Reviewed by Saam Barati.
It used to be that if you moved a value from one place to another in the same object
then there is no need for a barrier because the generational GC would have no need to
know that some old object still continues to refer to the same other old object.
But the concurrent GC might scan that object as the mutator moves pointers around in
it. If the ordering is right, this could mean that the collector never sees some of
those pointers. This can be fixed by adding a barrier.
This fixes the most obvious cases I found. There may be more and I'll continue to
audit. Most of the other memmove users seem to already use some kind of synchronization
to prevent this. For example, this can also be fixed by just holding the cell lock
around the memmove since we're dealing with indexing storage and the GC reads that
under the cell lock.
* runtime/JSArray.cpp:
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithAnyIndexingType):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210940 | jmarcell@apple.com | 2017-01-19 23:09:38 +0000 (Thu, 19 Jan 2017) | 1 line
Changed paths:
M /trunk/Source/JavaScriptCore/Configurations/Version.xcconfig
M /trunk/Source/WebCore/Configurations/Version.xcconfig
M /trunk/Source/WebInspectorUI/Configurations/Version.xcconfig
M /trunk/Source/WebKit/mac/Configurations/Version.xcconfig
M /trunk/Source/WebKit2/Configurations/Version.xcconfig
Versioning.
------------------------------------------------------------------------
------------------------------------------------------------------------
r210947 | fpizlo@apple.com | 2017-01-20 02:38:45 +0000 (Fri, 20 Jan 2017) | 40 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/ConcurrentJSLock.h
M /trunk/Source/JavaScriptCore/runtime/Structure.cpp
M /trunk/Source/JavaScriptCore/runtime/Structure.h
M /trunk/Source/JavaScriptCore/runtime/StructureInlines.h
Structure::pin() needs to be called while holding a lock
https://bugs.webkit.org/show_bug.cgi?id=167220
Reviewed by Saam Barati.
Imagine this race: the mutator calls pin() and the collector calls visitChildren(),
on the same Structure at the same time. In trunk pin() does not require a lock to be
held and it doesn't grab any locks. Meanwhile visitChildren() grabs the lock, checks
if the structure is pinned, and if not, it removes it by overwriting with zero. Now
imagine how this plays out when pin() runs. Since pin() grabs no locks, it is
irrelevant that visitChildren() grabs any locks. So, visitChildren() might check if
the table is pinned before pin() pins it, and then clear the table after it was
already pinned.
The problem here is that pin() should be holding a lock. We could either make pin()
grab that lock by itself, or what this patch does is makes the caller grab the lock.
This is great because it means that sometimes we don't have to introduce any new
locking.
This fixes a materializePropertyTable() checkOffsetConsistency() crash that happens
very rarely, but I was able to get it to reproduce with run-webkit-tests and
aggressive GC settings.
* runtime/ConcurrentJSLock.h:
* runtime/Structure.cpp:
(JSC::Structure::materializePropertyTable):
(JSC::Structure::changePrototypeTransition):
(JSC::Structure::attributeChangeTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::pin):
(JSC::Structure::pinForCaching):
(JSC::Structure::add):
* runtime/Structure.h:
* runtime/StructureInlines.h:
(JSC::Structure::checkOffsetConsistency):
(JSC::Structure::add):
(JSC::Structure::addPropertyWithoutTransition):
------------------------------------------------------------------------
------------------------------------------------------------------------
r210949 | cdumez@apple.com | 2017-01-20 03:23:50 +0000 (Fri, 20 Jan 2017) | 64 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/Modules/fetch/FetchHeaders.idl
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
M /trunk/Source/WebCore/bindings/scripts/test/TestObj.idl
M /trunk/Source/WebCore/css/FontFaceSet.idl
M /trunk/Source/WebCore/dom/NodeList.idl
M /trunk/Source/WebKit/mac/ChangeLog
M /trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h
M /trunk/Source/WebKit/mac/WebView/WebPreferences.mm
M /trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h
M /trunk/Source/WebKit/mac/WebView/WebView.mm
M /trunk/Source/WebKit/win/ChangeLog
M /trunk/Source/WebKit/win/Interfaces/IWebPreferencesPrivate.idl
M /trunk/Source/WebKit/win/WebPreferenceKeysPrivate.h
M /trunk/Source/WebKit/win/WebPreferences.cpp
M /trunk/Source/WebKit/win/WebPreferences.h
M /trunk/Source/WebKit/win/WebView.cpp
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h
M /trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp
M /trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp
M /trunk/Tools/ChangeLog
M /trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm
M /trunk/Tools/DumpRenderTree/win/DumpRenderTree.cpp
M /trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp
M /trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
M /trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
iterable<> should be enabled on WK1
https://bugs.webkit.org/show_bug.cgi?id=167221
<rdar://problem/30108531>
Reviewed by Youenn Fablet.
Source/JavaScriptCore:
* runtime/CommonIdentifiers.h:
Source/WebCore:
* Modules/fetch/FetchHeaders.idl:
* bindings/scripts/test/JS/JSTestNode.cpp:
(WebCore::JSTestNodePrototype::finishCreation):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObjPrototype::finishCreation):
* bindings/scripts/test/TestNode.idl:
* bindings/scripts/test/TestObj.idl:
* css/FontFaceSet.idl:
* dom/NodeList.idl:
Source/WebKit/mac:
* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(-[WebPreferences setCustomElementsEnabled:]):
(-[WebPreferences DOMIteratorEnabled]): Deleted.
(-[WebPreferences setDOMIteratorEnabled:]): Deleted.
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]):
Source/WebKit/win:
* Interfaces/IWebPreferencesPrivate.idl:
* WebPreferenceKeysPrivate.h:
* WebPreferences.cpp:
(WebPreferences::setDOMIteratorEnabled): Deleted.
(WebPreferences::domIteratorEnabled): Deleted.
* WebPreferences.h:
* WebView.cpp:
(WebView::notifyPreferencesChanged):
Source/WebKit2:
* Shared/WebPreferencesDefinitions.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):
Tools:
* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebPreferencesToConsistentValues):
* DumpRenderTree/win/DumpRenderTree.cpp:
(resetWebPreferencesToConsistentValues):
* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::beginTesting):
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setDOMIteratorEnabled): Deleted.
* WebKitTestRunner/InjectedBundle/TestRunner.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r210958 | gskachkov@gmail.com | 2017-01-20 11:43:24 +0000 (Fri, 20 Jan 2017) | 30 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/js/class-syntax-super-expected.txt
M /trunk/LayoutTests/js/script-tests/class-syntax-super.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M /trunk/Source/JavaScriptCore/parser/Parser.cpp
M /trunk/Source/JavaScriptCore/parser/Parser.h
M /trunk/Source/JavaScriptCore/parser/SourceProviderCacheItem.h
Super property access in base class constructor doesn't work
https://bugs.webkit.org/show_bug.cgi?id=166665
Reviewed by Ryosuke Niwa.
Source/JavaScriptCore:
Allow to use super inside of the constructor for classes
without parent class.
Parser checks if super used within the constructor and
add this information to function metedata, and later it is used
during byte code generation.
* bytecompiler/NodesCodegen.cpp:
(JSC::ClassExprNode::emitBytecode):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseFunctionBody):
(JSC::Parser<LexerType>::parseFunctionInfo):
* parser/Parser.h:
(JSC::Scope::usesEval):
(JSC::Scope::fillParametersForSourceProviderCache):
(JSC::Scope::restoreFromSourceProviderCache):
(JSC::Parser::adjustSuperBindingForBaseConstructor):
* parser/SourceProviderCacheItem.h:
(JSC::SourceProviderCacheItem::SourceProviderCacheItem):
LayoutTests:
* js/class-syntax-super-expected.txt:
* js/script-tests/class-syntax-super.js:
------------------------------------------------------------------------
------------------------------------------------------------------------
r210971 | sbarati@apple.com | 2017-01-20 18:10:55 +0000 (Fri, 20 Jan 2017) | 34 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSafepoint.cpp
M /trunk/Source/JavaScriptCore/runtime/Options.h
We should flash a safepoint before each DFG/FTL phase
https://bugs.webkit.org/show_bug.cgi?id=167234
Reviewed by Filip Pizlo.
The recent GC changes caused us to regress Kraken because of a
longstanding issue that happened to be hit with higher frequency because
of a change in timing between when a particular GC was happening and
when a particular FTL compilation was happening. The regression is caused
by the GC was waiting for a large function to make it through the DFG portion
of an FTL compilation. This was taking 20ms-30ms and started happened during a
particular test with much higher frequency.
This means that anytime the GC waits for this compilation, the test ran at least
~20ms slower because the GC waits for the compiler threads the mutator is stopped.
It's good that we have such an easily reproducible case of this performance
issue because it will effect many real JS programs, especially ones with
large functions that get hot.
The most straight forward solution to fix this is to flash a safepoint before
each phase, allowing the GC to suspend the compiler if needed. In my testing,
this progresses Kraken in the browser, and doesn't regress anything else. This
solution also makes the most sense. I did some analysis on the compilation time
of this function that took ~20-30ms to pass through the DFG phases, and
the phase times were mostly evenly distributed. Some took longer than others,
but no phase was longer than 3ms. Most were in the 0.25ms to 1.5ms range.
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGSafepoint.cpp:
(JSC::DFG::Safepoint::begin):
* runtime/Options.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r210992 | commit-queue@webkit.org | 2017-01-20 23:23:56 +0000 (Fri, 20 Jan 2017) | 52 lines
Changed paths:
M /trunk/ChangeLog
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/fast/dom/event-handler-attributes.html
M /trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics.html
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/wtf/FeatureDefines.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebCore/dom/Document.idl
M /trunk/Source/WebCore/page/RuntimeEnabledFeatures.cpp
M /trunk/Source/WebCore/page/RuntimeEnabledFeatures.h
M /trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
M /trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h
M /trunk/Source/WebKit/mac/ChangeLog
M /trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig
M /trunk/Source/cmake/OptionsMac.cmake
M /trunk/Source/cmake/OptionsWin.cmake
M /trunk/Source/cmake/WebKitFeatures.cmake
M /trunk/Source/cmake/tools/vsprops/FeatureDefines.props
M /trunk/Source/cmake/tools/vsprops/FeatureDefinesCairo.props
M /trunk/Tools/ChangeLog
M /trunk/Tools/Scripts/webkitperl/FeatureList.pm
M /trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig
Remove outdated ENABLE(CSP_NEXT) build flag
https://bugs.webkit.org/show_bug.cgi?id=167252
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-01-20
Reviewed by Brent Fulgham.
.:
* Source/cmake/OptionsMac.cmake:
* Source/cmake/OptionsWin.cmake:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmake/tools/vsprops/FeatureDefines.props:
* Source/cmake/tools/vsprops/FeatureDefinesCairo.props:
Source/JavaScriptCore:
* Configurations/FeatureDefines.xcconfig:
Source/WebCore:
* Configurations/FeatureDefines.xcconfig:
* dom/Document.idl:
* page/RuntimeEnabledFeatures.cpp:
(WebCore::RuntimeEnabledFeatures::reset):
* page/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::experimentalContentSecurityPolicyFeaturesEnabled): Deleted.
(WebCore::RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled): Deleted.
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::experimentalFeaturesEnabled): Deleted.
* page/csp/ContentSecurityPolicy.h:
Source/WebKit/mac:
* Configurations/FeatureDefines.xcconfig:
Source/WebKit2:
* Configurations/FeatureDefines.xcconfig:
Source/WTF:
* wtf/FeatureDefines.h:
Tools:
* Scripts/webkitperl/FeatureList.pm:
* TestWebKitAPI/Configurations/FeatureDefines.xcconfig:
LayoutTests:
* fast/dom/event-handler-attributes.html:
* http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics.html:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211017 | utatane.tea@gmail.com | 2017-01-21 22:10:54 +0000 (Sat, 21 Jan 2017) | 42 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/modules/import-call
A /trunk/JSTests/modules/import-call/main.js
A /trunk/JSTests/modules/import-call.js
M /trunk/JSTests/stress/import-syntax.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/parser/Parser.cpp
dynamic import is ambiguous with import declaration at module code
https://bugs.webkit.org/show_bug.cgi?id=167098
Reviewed by Darin Adler.
JSTests:
* modules/import-call.js: Added.
(from.string_appeared_here.import.string_appeared_here.then):
* modules/import-call/main.js: Added.
* stress/import-syntax.js:
(async):
Source/JavaScriptCore:
This patch fixes two syntax issues related to dynamic import.
1. Fix member expression parsing with dynamic import results
We should not return import expression immediately after parsing
it in parseMemberExpression. This prohibits us to parse the following
code,
import("...").then(function () {
});
2. dynamic import with import declaration under the module context
Before this patch, we always attempt to parse IMPORT as import declaration
under the module context. It means that import call in the top level
expression statement fails to be parsed since the parser attempts to parse
it as import declaration.
import("...") // module top level statement.
In this patch, we check the condition `[lookahead != (]` before starting
parsing import declaration. This allows us to put import call in the module
top level statement.
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseModuleSourceElements):
(JSC::Parser<LexerType>::parseMemberExpression):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211018 | utatane.tea@gmail.com | 2017-01-21 22:22:54 +0000 (Sat, 21 Jan 2017) | 27 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/builtins/BuiltinNames.h
M /trunk/Source/JavaScriptCore/builtins/ModuleLoaderPrototype.js
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/runtime/Completion.cpp
M /trunk/Source/JavaScriptCore/runtime/Completion.h
M /trunk/Source/JavaScriptCore/runtime/JSModuleLoader.cpp
M /trunk/Source/JavaScriptCore/runtime/JSModuleLoader.h
M /trunk/Source/JavaScriptCore/runtime/ModuleLoaderPrototype.cpp
[JSC] export JSC::importModule API for WebCore dynamic import
https://bugs.webkit.org/show_bug.cgi?id=167099
Reviewed by Darin Adler.
We newly expose JSC::importModule API. This can be used later
from WebCore to implement WebCore side dynamic import.
And JSC shell also uses this API.
And this patch also cleans up module loader a bit:
Dropping requestInstantiateAll.
* builtins/BuiltinNames.h:
* builtins/ModuleLoaderPrototype.js:
(requestLink):
(requestImportModule):
(requestInstantiateAll): Deleted.
(importModule): Deleted.
* jsc.cpp:
(GlobalObject::moduleLoaderImportModule):
* runtime/Completion.cpp:
(JSC::importModule):
* runtime/Completion.h:
* runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::requestImportModule):
* runtime/JSModuleLoader.h:
* runtime/ModuleLoaderPrototype.cpp:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211024 | cdumez@apple.com | 2017-01-22 05:48:28 +0000 (Sun, 22 Jan 2017) | 86 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
A /trunk/LayoutTests/fast/dom/FileList-iterator-expected.txt
A /trunk/LayoutTests/fast/dom/FileList-iterator.html
A /trunk/LayoutTests/fast/dom/collection-iterators-expected.txt
A /trunk/LayoutTests/fast/dom/collection-iterators.html
A /trunk/LayoutTests/fast/dom/document-all-undefined-expected.txt
A /trunk/LayoutTests/fast/dom/document-all-undefined.html
A /trunk/LayoutTests/fast/events/touch/ios/touchlist-iterator-expected.txt
A /trunk/LayoutTests/fast/events/touch/ios/touchlist-iterator.html
M /trunk/LayoutTests/inspector/model/remote-object-get-properties-expected.txt
A /trunk/LayoutTests/platform/ios-simulator/fast/dom/collection-iterators-expected.txt
M /trunk/LayoutTests/platform/wk2/TestExpectations
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/builtins/ArrayPrototype.js
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
JavaScript for-of does not work on a lot of collection types (e.g. HTMLCollection)
https://bugs.webkit.org/show_bug.cgi?id=167091
Reviewed by Darin Adler.
Source/JavaScriptCore:
Update Array methods to throw a TypeError when (this === null || this === undefined)
instead of when (this == null). This is because (this == null) returns true for types
that masquerades as undefined (such as document.all) and this prevented use of the
Array API on such types. The specification only stays to use ToObject(), which throws
when the input is undefined or null.
The corresponding specification is at:
- https://www.ecma-international.org/ecma-262/7.0/index.html#sec-array.prototype.values
- https://www.ecma-international.org/ecma-262/7.0/index.html#sec-toobject
* builtins/ArrayPrototype.js:
(values):
(keys):
(entries):
(reduce):
(reduceRight):
(every):
(forEach):
(filter):
(map):
(some):
(fill):
(find):
(findIndex):
(includes):
(sort):
(concatSlowPath):
(copyWithin):
Source/WebCore:
As per the Web IDL specification [1], https://heycam.github.io/webidl/#es-iterator
an interface should get an iterator if it has:
- an indexed property getter and an integer-typed attribute named "length".
We now comply with this part of the Web IDL specification. This adds an iterator
to the following interfaces:
- AudioTrackList, ClientRectList, CSSRuleList, CSSStyleDeclaration, CSSValueList,
MimeTypeArray, WebKitNamedFlowCollection, Plugin, PluginArray, DOMStringList,
FileList, HTMLAllCollection, HTMLCollection, HTMLFormElement, HTMLOptionsCollection,
HTMLSelectElement, MediaList, NamedNodeMap, SourceBufferList, StyleSheetList,
TextTrackCueList, TextTrackList, TouchList, VideoTrackList, VTTRegionList.
As a result, it is now possible to use `for ... of` for those types.
Tests: fast/dom/FileList-iterator.html
fast/dom/collection-iterators.html
fast/dom/document-all-undefined.html
fast/events/touch/ios/touchlist-iterator.html
* bindings/scripts/CodeGeneratorJS.pm:
(GetAttributeWithName):
(InterfaceNeedsIterator):
(GenerateImplementation):
(addIterableProperties):
LayoutTests:
* fast/dom/FileList-iterator-expected.txt: Added.
* fast/dom/FileList-iterator.html: Added.
* fast/dom/collection-iterators-expected.txt: Added.
* fast/dom/collection-iterators.html: Added.
* fast/events/touch/ios/touchlist-iterator-expected.txt: Added.
* fast/events/touch/ios/touchlist-iterator.html: Added.
Add layout test coverage for all types that gained an iterator.
* fast/dom/document-all-undefined-expected.txt: Added.
* fast/dom/document-all-undefined.html: Added.
Add layout test to cover the fact that HTMLAllCollection masquerades as
undefined, as per:
- https://html.spec.whatwg.org/multipage/obsolete.html#dom-document-all
* inspector/model/remote-object-get-properties-expected.txt:
Rebaseline now that there is an extra Symbol.iterator property.
* platform/wk2/TestExpectations:
Skip that requires beginDragWithFiles() as this is unimplemented in
WebKitTestRunner.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211027 | mmaxfield@apple.com | 2017-01-22 17:24:51 +0000 (Sun, 22 Jan 2017) | 84 lines
Changed paths:
M /trunk/CMakeLists.txt
M /trunk/ChangeLog
M /trunk/Source/CMakeLists.txt
M /trunk/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebCore/CMakeLists.txt
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebCore/Configurations/WebCore.xcconfig
A /trunk/Source/WebCore/PAL
A /trunk/Source/WebCore/PAL/Configurations
A /trunk/Source/WebCore/PAL/Configurations/Base.xcconfig
A /trunk/Source/WebCore/PAL/Configurations/DebugRelease.xcconfig
A /trunk/Source/WebCore/PAL/Configurations/FeatureDefines.xcconfig (from /trunk/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig:211026)
A /trunk/Source/WebCore/PAL/Configurations/PAL.xcconfig
A /trunk/Source/WebCore/PAL/Configurations/Version.xcconfig
A /trunk/Source/WebCore/PAL/PAL.xcodeproj
A /trunk/Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj
A /trunk/Source/WebCore/PAL/config.h
A /trunk/Source/WebCore/PAL/pal
A /trunk/Source/WebCore/PAL/pal/CMakeLists.txt
A /trunk/Source/WebCore/PAL/pal/PlatformEfl.cmake
A /trunk/Source/WebCore/PAL/pal/PlatformGTK.cmake
A /trunk/Source/WebCore/PAL/pal/PlatformMac.cmake
A /trunk/Source/WebCore/PAL/pal/PlatformWin.cmake
A /trunk/Source/WebCore/PAL/pal/crypto
A /trunk/Source/WebCore/PAL/pal/crypto/CryptoDigest.h (from /trunk/Source/WebCore/platform/crypto/CryptoDigest.h:211026)
A /trunk/Source/WebCore/PAL/pal/crypto/commoncrypto
A /trunk/Source/WebCore/PAL/pal/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp (from /trunk/Source/WebCore/platform/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp:211026)
A /trunk/Source/WebCore/PAL/pal/crypto/gcrypt
A /trunk/Source/WebCore/PAL/pal/crypto/gcrypt/CryptoDigestGCrypt.cpp (from /trunk/Source/WebCore/platform/crypto/gcrypt/CryptoDigestGCrypt.cpp:211026)
A /trunk/Source/WebCore/PAL/pal/crypto/gnutls
A /trunk/Source/WebCore/PAL/pal/crypto/gnutls/CryptoDigestGnuTLS.cpp (from /trunk/Source/WebCore/platform/crypto/gnutls/CryptoDigestGnuTLS.cpp:211026)
A /trunk/Source/WebCore/PAL/pal/crypto/win
A /trunk/Source/WebCore/PAL/pal/crypto/win/CryptoDigestWin.cpp (from /trunk/Source/WebCore/platform/crypto/win/CryptoDigestWin.cpp:211026)
M /trunk/Source/WebCore/PlatformEfl.cmake
M /trunk/Source/WebCore/PlatformGTK.cmake
M /trunk/Source/WebCore/PlatformMac.cmake
M /trunk/Source/WebCore/PlatformWin.cmake
M /trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj
M /trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmSHA1.cpp
M /trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmSHA224.cpp
M /trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmSHA256.cpp
M /trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmSHA384.cpp
M /trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmSHA512.cpp
M /trunk/Source/WebCore/crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp
M /trunk/Source/WebCore/inspector/InspectorDOMAgent.cpp
M /trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
D /trunk/Source/WebCore/platform/crypto
M /trunk/Source/WebCore/platform/network/soup/SoupNetworkSession.cpp
M /trunk/Source/WebKit/CMakeLists.txt
M /trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig
M /trunk/Source/cmake/OptionsWin.cmake
M /trunk/Source/cmake/WebKitFS.cmake
M /trunk/Tools/Scripts/webkitpy/style/checkers/featuredefines.py
M /trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig
Introducing the Platform Abstraction Layer (PAL)
https://bugs.webkit.org/show_bug.cgi?id=143358
Reviewed by Alex Christensen.
.:
* CMakeLists.txt:
* Source/CMakeLists.txt:
* Source/cmake/WebKitFS.cmake:
Source/WebCore:
In order to enforce layering and promote testability, WebCore/platform files
should be compiled in their own project. This new project can enforce layering
and can be tested with unit tests in addition to layout tests.
The name of this new project is the Platform Abstraction Layer, or "PAL."
This comprises of a new directory in WebCore which will be the destination
for files migrated from WebCore/platform. This new folder, and its associated
project, will maintain layering invariants. These invariants are enforced at
build-time by setting the #include path for PAL to not include the rest of
WebCore (which is the same layering enforcement mechanism for WTF). Files will
be migrated into this new target/directory piece-by-piece, and the migration
of a file will be performed as soon as it can be migrated without violating
layering.
Within WebCore, files should include PAL files using the convention
#include <pal/foo.h>. Symbols within PAL are placed within a new top-level
namespace, "PAL," and therefore when used should be referred to as PAL::Foo.
The first set of files to move into the new platform is the crypto/ subdirectory
because it is both simple but also includes platform-dependent files.
No new tests because there is no behavior change.
* CMakeLists.txt:
* Configurations/WebCore.xcconfig: Add PAL to the include path
* PAL/Configurations/Base.xcconfig: Added.
* PAL/Configurations/DebugRelease.xcconfig: Added.
* PAL/Configurations/PAL.xcconfig: Added. Sets up some PAL-specific
variables.
* PAL/Configurations/FeatureDefines.xcconfig: Added.
* PAL/Configurations/Version.xcconfig: Added.
* PAL/PAL.xcodeproj/project.pbxproj: Added. New project file.
* PAL/config.h: Added. Simplified from WebCore/config.h.
* PAL/pal/CMakeLists.txt: Added.
* PAL/pal/PlatformEfl.cmake: Added.
* PAL/pal/PlatformGTK.cmake: Added.
* PAL/pal/PlatformMac.cmake: Added.
* PAL/pal/PlatformWin.cmake: Added.
* PAL/pal/crypto/CryptoDigest.h: Renamed from Source/WebCore/platform/crypto/CryptoDigest.h.
* PAL/pal/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp: Renamed from Source/WebCore/platform/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp.
* PAL/pal/crypto/gcrypt/CryptoDigestGCrypt.cpp: Renamed from Source/WebCore/platform/crypto/gcrypt/CryptoDigestGCrypt.cpp.
* PAL/pal/crypto/gnutls/CryptoDigestGnuTLS.cpp: Renamed from Source/WebCore/platform/crypto/gnutls/CryptoDigestGnuTLS.cpp.
* PAL/pal/crypto/win/CryptoDigestWin.cpp: Renamed from Source/WebCore/platform/crypto/win/CryptoDigestWin.cpp.
* PlatformEfl.cmake:
* PlatformGTK.cmake:
* PlatformMac.cmake:
* PlatformWin.cmake:
* WebCore.xcodeproj/project.pbxproj: Create a project link so WebCore
knows that it needs to build PAL as a dependency.
* crypto/algorithms/CryptoAlgorithmSHA1.cpp:
(WebCore::CryptoAlgorithmSHA1::digest): Update #include and namespace.
* crypto/algorithms/CryptoAlgorithmSHA224.cpp:
(WebCore::CryptoAlgorithmSHA224::digest): Ditto.
* crypto/algorithms/CryptoAlgorithmSHA256.cpp:
(WebCore::CryptoAlgorithmSHA256::digest): Ditto.
* crypto/algorithms/CryptoAlgorithmSHA384.cpp:
(WebCore::CryptoAlgorithmSHA384::digest): Ditto.
* crypto/algorithms/CryptoAlgorithmSHA512.cpp:
(WebCore::CryptoAlgorithmSHA512::digest): Ditto.
* crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp:
(WebCore::cryptoDigestAlgorithm): Ditto.
(WebCore::signRSASSA_PKCS1_v1_5): Ditto.
(WebCore::verifyRSASSA_PKCS1_v1_5): Ditto.
* inspector/InspectorDOMAgent.cpp:
(WebCore::computeContentSecurityPolicySHA256Hash): Ditto.
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::toCryptoDigestAlgorithm): Ditto.
(WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Ditto.
* platform/network/soup/SoupNetworkSession.cpp:
(WebCore::HostTLSCertificateSet::computeCertificateHash): Ditto.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211037 | commit-queue@webkit.org | 2017-01-23 10:41:42 +0000 (Mon, 23 Jan 2017) | 10 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/debugger/Debugger.cpp
M /trunk/Source/JavaScriptCore/debugger/Debugger.h
JavaScriptCore has a weak external symbol in it
https://bugs.webkit.org/show_bug.cgi?id=167282
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-01-23
Reviewed by Yusuke Suzuki.
* debugger/Debugger.cpp:
(JSC::Debugger::ProfilingClient::~ProfilingClient):
* debugger/Debugger.h:
Avoid possible weak external symbol.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211043 | msaboff@apple.com | 2017-01-23 18:45:17 +0000 (Mon, 23 Jan 2017) | 32 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/Butterfly.h
M /trunk/Source/JavaScriptCore/runtime/ButterflyInlines.h
M /trunk/Source/JavaScriptCore/runtime/IntlObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArray.h
IntlObject uses JSArray::tryCreateUninitialized in an unsafe way
https://bugs.webkit.org/show_bug.cgi?id=167288
Reviewed by Filip Pizlo.
Refactored the following "create" methods into a "tryCreate" method and a
"create" wrapper: JSArray::create(), Butterfly::create() and
createArrayButterfly().
Changed IntlObject.cpp to use JSArray::tryCreate() as it is simpler to use
by not requiring the caller to be GC savey. The performance benefits of
tryCreateUninitialized() are not needed by the IntlObject c++ code.
Did not add a new test as the bug caused LayoutTests/js/intl.html to fail
reliably with the JSC option values scribbleFreeCells=true,
collectContinuously=true and JSC_useGenerationalGC=false.
* runtime/Butterfly.h:
* runtime/ButterflyInlines.h:
(JSC::Butterfly::tryCreate): Added.
(JSC::Butterfly::create):
* runtime/IntlObject.cpp:
(JSC::canonicalizeLocaleList):
(JSC::lookupSupportedLocales):
(JSC::intlObjectFuncGetCanonicalLocales):
* runtime/JSArray.h:
(JSC::createContiguousArrayButterfly): Deleted.
(JSC::tryCreateArrayButterfly): Added.
(JSC::createArrayButterfly):
(JSC::JSArray::tryCreate): Added.
(JSC::JSArray::create):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211063 | mark.lam@apple.com | 2017-01-23 22:49:26 +0000 (Mon, 23 Jan 2017) | 12 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm
M /trunk/Source/JavaScriptCore/ChangeLog
ObjCCallbackFunction::destroy() should not use jsCast().
https://bugs.webkit.org/show_bug.cgi?id=167322
Reviewed by Filip Pizlo.
Since r210829, it is no longer correct for object destructors to use jsCast().
Fixed ObjCCallbackFunction::destroy() to use a static_cast instead.
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunction::destroy):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211065 | fpizlo@apple.com | 2017-01-23 23:13:41 +0000 (Mon, 23 Jan 2017) | 22 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
A /trunk/LayoutTests/js/shared-array-buffer-webgl-expected.txt
A /trunk/LayoutTests/js/shared-array-buffer-webgl.html
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h
SharedArrayBuffer plus WebGL should not equal CRASH
https://bugs.webkit.org/show_bug.cgi?id=167329
Reviewed by Saam Barati.
Source/JavaScriptCore:
DOM unwrapping methods should return null rather than crashing. The code expects an
unshared buffer, so we should return null when it's shared. The caller can then decide
if they like null or not.
* runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::toWrapped):
LayoutTests:
This test used to crash and now it doesn't. It throws some exception.
* js/shared-array-buffer-webgl-expected.txt: Added.
* js/shared-array-buffer-webgl.html: Added.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211066 | mark.lam@apple.com | 2017-01-23 23:22:27 +0000 (Mon, 23 Jan 2017) | 8 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSCellInlines.h
Added a comment to clarify an assertion.
Rubber-stamped by Filip Pizlo.
* runtime/JSCellInlines.h:
(JSC::JSCell::classInfo):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211069 | fpizlo@apple.com | 2017-01-24 00:01:13 +0000 (Tue, 24 Jan 2017) | 120 lines
Changed paths:
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
M /trunk/Source/JavaScriptCore/heap/Heap.h
M /trunk/Source/JavaScriptCore/heap/MarkingConstraintSet.cpp
M /trunk/Source/JavaScriptCore/heap/MarkingConstraintSet.h
M /trunk/Source/JavaScriptCore/heap/MutatorScheduler.cpp
M /trunk/Source/JavaScriptCore/heap/MutatorScheduler.h
M /trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp
A /trunk/Source/JavaScriptCore/heap/StochasticSpaceTimeMutatorScheduler.cpp
A /trunk/Source/JavaScriptCore/heap/StochasticSpaceTimeMutatorScheduler.h
M /trunk/Source/JavaScriptCore/runtime/Options.h
Land the stochastic space-time scheduler disabled
https://bugs.webkit.org/show_bug.cgi?id=167249
Reviewed by Saam Barati.
The space-time scheduler is pretty weird. It uses a periodic scheduler where the next period is
simply determined by an integer multiple of time since when the scheduler last snapped phase. It
snaps phase after constraint solving. Both the snapping of the phase after constraint solving and
the periodicity appear to be necessary for good performance. For example, if the space-time
scheduler decided that it was in the resume part of the phase just by virtue of having just
resumed, then it would be empirically worse than our scheduler which asks "what time is it?" to
decide whether it should be suspended or resumed even if it just suspended or resumed. I've spent
a lot of time wondering why these two features are essential, and I think I found a reason.
What's happening is that sometimes the GC has an overrun and its increment takes longer than it
should have. The current scheduler forgives overruns when constraint solving, which seems to
make sense because it cannot control whether constraint solving runs with the mutator resumed or
suspended. It has to be suspended currently. Snapping phase after constraint solving accomplishes
this. What's more surprising is how important it is to manage deadline misses during draining.
The relevant kind of deadline miss is when doing mutator-suspended draining to catch up to the
retreating wavefront. Deadline misses while doing this can happen systematically in some
workloads, like JetStream/hash-map and some test in Speedometer. It's because they have some
ginormous object and it takes like ~3ms+-1.5ms just to scan it. The space-time scheduler's use
of time to decide what to do saves the day here: after the deadline miss, the scheduler will
initially realize that it missed its deadline to resume the mutator. But as soon as it does this
it asks: "based on current time since phase snap, what should I do?". In the case of a deadline
miss, this question is essentially a weighted coin flip because of the high noise in the amount
of time that it takes to do things in the GC. If you overrun, you will probably overrun by
multiple milliseconds, which is enough that where you land in the space-time scheduler's timeline
is random. The likelihood that you land in the "resume mutator" part of the timeline has a
probability that is roughly the same as what the space-time scheduler calls mutator utilization.
This is a super weird property. I did not intend for it to have this property, but it appears to
be the most important property of this scheduler.
Based on this, it seems that the fact that the space-time scheduler could suspend the mutator
before draining runs out of work doesn't accomplish anything. As soon as you resume the
mutator, you have a retreating wavefront to worry about. But if the collector is happily scanning
things then it's almost certain that the collector will outpace the mutator. Also, anything that
the mutator asks us to revisit is deferred anyway.
In the past I've tried to replace the scheduler in one patch and this turned out to be annoying
because even a poorly conceived scheduler should be iterated on. This patch lands a new scheduler
called the StochasticSpaceTime scheduler. It replaces two of the known-good features of the old
scheduler: (1) it forgives constraint pauses and (2) after deadline overrun its choice is random,
weighted by the mutator utilization target. Unlike the old scheduler, this one will only suspend
the mutator when the draining terminates, but it may pause for any amount of time after an
iteration of constraint solving. It computes the targetPause by measuring constraint solving time
and multiplying by the pauseScale (0.3 by default). If smaller then minimumPause (0.3ms by
default), then it uses minimumPause instead. The stochastic scheduler will then definitely do at
least targetPause worth of suspended draining after the constraint solving iteration, and then
it will decide whether or not to do another one at random. The probability that it will choose to
resume is exactly mutatorUtilization, which is computed exactly as before. Therefore, the
probability of resumption starts at 0.7 and goes down as memory usage rises. Conversely, the
probability that we will stay suspended starts at 0.3 and goes up from there.
This new scheduler looks like it might be a 25% improvement on splay-latency. It also looks like
a small progression on hash-map. Hash-map is a great test of one of the worst cases of retreating
wavefront, since it is repeatedly storing to a ginormous array. This array is sure to take a
while to scan, and to complete, the GC must be smart enough to visit any new objects it finds
while scanning the array immediately after scanning that array. This new scheduler means that
after scanning the array, the probability that you will scan whatever you found in it starts at
0.3 and rises as the program allocates. It's sure to be 0.3, and not 0.3^k, because after the
wavefront stops advancing, the only object on the mark stack after a constraint iteration will be
that array. Since there is sure to be a 0.3ms or longer pause, the GC will be sure to start
visiting this object. The GC can then complete if it just allows enough time after this to scan
whatever new objects it finds. If scanning the array overruns the deadline (and it almost
certainly will) then the probability that the GC keeps the mutator suspended is simply
1 - mutatorUtilization.
This scheduler is disabled by default. You can enable it with
--useStochasticMutatorScheduler=true.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::markToFixpoint):
* heap/Heap.h:
* heap/MarkingConstraintSet.cpp:
(JSC::MarkingConstraintSet::didStartMarking):
(JSC::MarkingConstraintSet::executeConvergenceImpl):
(JSC::MarkingConstraintSet::resetStats): Deleted.
(JSC::MarkingConstraintSet::executeBootstrap): Deleted.
* heap/MarkingConstraintSet.h:
* heap/MutatorScheduler.cpp:
(JSC::MutatorScheduler::didReachTermination):
(JSC::MutatorScheduler::synchronousDrainingDidStall):
* heap/MutatorScheduler.h:
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::didReachTermination):
(JSC::SlotVisitor::drainFromShared):
* heap/StochasticSpaceTimeMutatorScheduler.cpp: Added.
(JSC::StochasticSpaceTimeMutatorScheduler::Snapshot::Snapshot):
(JSC::StochasticSpaceTimeMutatorScheduler::Snapshot::now):
(JSC::StochasticSpaceTimeMutatorScheduler::Snapshot::bytesAllocatedThisCycle):
(JSC::StochasticSpaceTimeMutatorScheduler::StochasticSpaceTimeMutatorScheduler):
(JSC::StochasticSpaceTimeMutatorScheduler::~StochasticSpaceTimeMutatorScheduler):
(JSC::StochasticSpaceTimeMutatorScheduler::state):
(JSC::StochasticSpaceTimeMutatorScheduler::beginCollection):
(JSC::StochasticSpaceTimeMutatorScheduler::didStop):
(JSC::StochasticSpaceTimeMutatorScheduler::willResume):
(JSC::StochasticSpaceTimeMutatorScheduler::didReachTermination):
(JSC::StochasticSpaceTimeMutatorScheduler::didExecuteConstraints):
(JSC::StochasticSpaceTimeMutatorScheduler::synchronousDrainingDidStall):
(JSC::StochasticSpaceTimeMutatorScheduler::timeToStop):
(JSC::StochasticSpaceTimeMutatorScheduler::timeToResume):
(JSC::StochasticSpaceTimeMutatorScheduler::log):
(JSC::StochasticSpaceTimeMutatorScheduler::endCollection):
(JSC::StochasticSpaceTimeMutatorScheduler::setResumeTime):
(JSC::StochasticSpaceTimeMutatorScheduler::bytesAllocatedThisCycleImpl):
(JSC::StochasticSpaceTimeMutatorScheduler::bytesSinceBeginningOfCycle):
(JSC::StochasticSpaceTimeMutatorScheduler::maxHeadroom):
(JSC::StochasticSpaceTimeMutatorScheduler::headroomFullness):
(JSC::StochasticSpaceTimeMutatorScheduler::mutatorUtilization):
* heap/StochasticSpaceTimeMutatorScheduler.h: Added.
* runtime/Options.cpp:
(JSC::overrideDefaults):
* runtime/Options.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211070 | sbarati@apple.com | 2017-01-24 00:15:21 +0000 (Tue, 24 Jan 2017) | 51 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/spread-consults-correct-global-object.js
A /trunk/JSTests/stress/spread-correct-global-object-on-exception.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArray.h
M /trunk/Source/JavaScriptCore/runtime/JSArrayInlines.h
https://bugs.webkit.org/show_bug.cgi?id=167247
JSC: operationSpreadGeneric uses the wrong global object for the builtin function and slow_path_spread consults the wrong global object to prove if the iterator protocol is unobservable
<rdar://problem/30121809>
Reviewed by Filip Pizlo.
JSTests:
* stress/spread-consults-correct-global-object.js: Added.
(assert):
(spread):
* stress/spread-correct-global-object-on-exception.js: Added.
(assert):
(spread):
(const.objectText.let.o.Symbol.iterator):
(catch):
Source/JavaScriptCore:
There were two bugs in the different tiers with respect to how
spread handled global objects.
The first was in the LLInt/baseline inside slow_path_spread:
We consulted the lexical global object instead of the thing we're
spreading's global object to determine if the array iterator protocol
is unobservable. This is wrong if the incoming array is from a different
global object. We must consult the incoming array's global object
to determine if it can be spread using the fast path.
The second was in operationSpreadGeneric in the DFG/FTL:
We were always using the incoming array's global object, even
when going down the slow path. This is wrong because we were
fetching the builtin iteration function helper from the incoming
array's global object, which meant that if the iterator function
were to throw an exception, it could leak objects from a different
global object. We should be executing the iterator function with
the lexical global object.
* dfg/DFGOperations.cpp:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionGlobalObjectForObject):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/JSArray.h:
* runtime/JSArrayInlines.h:
(JSC::JSArray::isIteratorProtocolFastAndNonObservable):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211075 | commit-queue@webkit.org | 2017-01-24 03:19:03 +0000 (Tue, 24 Jan 2017) | 83 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/inspector/protocol/Console.json
M /trunk/Source/JavaScriptCore/inspector/protocol/Debugger.json
M /trunk/Source/JavaScriptCore/inspector/protocol/Heap.json
M /trunk/Source/JavaScriptCore/inspector/protocol/Runtime.json
M /trunk/Source/JavaScriptCore/inspector/scripts/codegen/generate_js_backend_commands.py
M /trunk/Source/JavaScriptCore/inspector/scripts/codegen/models.py
A /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/domain-availability.json
A /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/domain-availability.json-result
A /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/expected/worker-supported-domains.json-result
A /trunk/Source/JavaScriptCore/inspector/scripts/tests/generic/worker-supported-domains.json
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/inspector/WorkerInspectorController.cpp
M /trunk/Source/WebInspectorUI/ChangeLog
M /trunk/Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js
M /trunk/Source/WebInspectorUI/UserInterface/Controllers/HeapManager.js
A /trunk/Source/WebInspectorUI/UserInterface/Images/NavigationItemClear.svg
A /trunk/Source/WebInspectorUI/UserInterface/Images/NavigationItemGarbageCollect.svg
A /trunk/Source/WebInspectorUI/UserInterface/Images/gtk/NavigationItemClear.svg
M /trunk/Source/WebInspectorUI/UserInterface/Protocol/Connection.js
M /trunk/Source/WebInspectorUI/UserInterface/Protocol/HeapObserver.js
M /trunk/Source/WebInspectorUI/UserInterface/Protocol/InspectorBackend.js
M /trunk/Source/WebInspectorUI/UserInterface/Protocol/Legacy/10.3/InspectorBackendCommands.js
M /trunk/Source/WebInspectorUI/UserInterface/Protocol/Target.js
M /trunk/Source/WebInspectorUI/UserInterface/Protocol/WorkerTarget.js
M /trunk/Source/WebInspectorUI/UserInterface/Views/LogContentView.js
M /trunk/Source/WebInspectorUI/UserInterface/Views/NetworkGridContentView.js
M /trunk/Source/WebInspectorUI/UserInterface/Views/TimelineRecordingContentView.js
M /trunk/Source/WebInspectorUI/Versions/Inspector-iOS-10.3.json
Web Inspector: Provide a way to trigger a Garbage Collection
https://bugs.webkit.org/show_bug.cgi?id=167345
<rdar://problem/30102853>
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-01-23
Reviewed by Timothy Hatcher.
Source/JavaScriptCore:
* inspector/protocol/Console.json:
* inspector/protocol/Debugger.json:
* inspector/protocol/Heap.json:
* inspector/protocol/Runtime.json:
These domains are supported by Worker backends. Label them.
* inspector/scripts/codegen/generate_js_backend_commands.py:
(JSBackendCommandsGenerator.generate_domain):
* inspector/scripts/codegen/models.py:
(Protocol.parse_domain):
(Domain.__init__):
(Domains):
Parse "workerSupported" and include a line in BackendCommands.js
that calls to InspectorBackend.workerSupportedDomain().
* inspector/scripts/tests/generic/domain-availability.json: Added.
* inspector/scripts/tests/generic/expected/domain-availability.json-result: Added.
* inspector/scripts/tests/generic/expected/worker-supported-domains.json-result: Added.
* inspector/scripts/tests/generic/worker-supported-domains.json: Added.
Tests for domain "workerSupported" and "availability" properties.
Source/WebCore:
* inspector/WorkerInspectorController.cpp:
(WebCore::WorkerInspectorController::WorkerInspectorController):
Include a HeapAgent so we can do Heap.gc on Workers.
Source/WebInspectorUI:
* Localizations/en.lproj/localizedStrings.js:
New "Garbage collect" tooltip.
* Versions/Inspector-iOS-10.3.json:
* UserInterface/Protocol/Legacy/10.3/InspectorBackendCommands.js:
Update 10.3 so it generates its list of supported domains for workers.
Note that the Heap domain is not be available in this backend but it is now.
* UserInterface/Protocol/Connection.js:
(InspectorBackend.WorkerConnection):
* UserInterface/Protocol/HeapObserver.js:
(WebInspector.HeapObserver.prototype.garbageCollected):
* UserInterface/Protocol/InspectorBackend.js:
(InspectorBackendClass):
(InspectorBackendClass.prototype.get workerSupportedDomains):
(InspectorBackendClass.prototype.workerSupportedDomain):
* UserInterface/Images/NavigationItemClear.svg: Added.
* UserInterface/Images/NavigationItemGarbageCollect.svg: Added.
New image for Garbage Collection. Better image for clearing.
* UserInterface/Images/gtk/NavigationItemClear.svg: Added.
Copy the Trash icon for Clear for gtk.
* UserInterface/Protocol/Target.js:
(WebInspector.Target.prototype.get HeapAgent):
* UserInterface/Protocol/WorkerTarget.js:
(WebInspector.WorkerTarget):
Include Heap agent for Workers.
* UserInterface/Views/LogContentView.js:
(WebInspector.LogContentView):
(WebInspector.LogContentView.prototype.get navigationItems):
(WebInspector.LogContentView.prototype._garbageCollect):
Add garbage collect button which triggers gc on all capable targets.
* UserInterface/Views/NetworkGridContentView.js:
(WebInspector.NetworkGridContentView):
* UserInterface/Views/TimelineRecordingContentView.js:
(WebInspector.TimelineRecordingContentView):
Update the Clear icon to an improved icon.
* UserInterface/Controllers/HeapManager.js:
(WebInspector.HeapManager.prototype.garbageCollected):
Timelines only shows Main Target events, do not show GC events for Workers.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211091 | msaboff@apple.com | 2017-01-24 18:57:36 +0000 (Tue, 24 Jan 2017) | 14 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/InferredTypeTable.cpp
InferredTypeTable entry manipulation is not TOCTOU race safe
https://bugs.webkit.org/show_bug.cgi?id=167344
Reviewed by Filip Pizlo.
Made the accesses to table values safe from Time of Check,
Time of Use races with local temporary values.
* runtime/InferredTypeTable.cpp:
(JSC::InferredTypeTable::visitChildren):
(JSC::InferredTypeTable::get):
(JSC::InferredTypeTable::willStoreValue):
(JSC::InferredTypeTable::makeTop):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211110 | msaboff@apple.com | 2017-01-24 21:54:59 +0000 (Tue, 24 Jan 2017) | 27 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp
M /trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArray.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArray.h
M /trunk/Source/JavaScriptCore/runtime/RegExpMatchesArray.cpp
M /trunk/Source/JavaScriptCore/runtime/RegExpMatchesArray.h
JSArray::tryCreateUninitialized should be called JSArray::tryCreateForInitializationPrivate
https://bugs.webkit.org/show_bug.cgi?id=167334
Rubber-stamped by Filip Pizlo.
* dfg/DFGOperations.cpp:
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoPrivateFuncConcatMemcpy):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/JSArray.cpp:
(JSC::JSArray::tryCreateForInitializationPrivate):
(JSC::JSArray::fastSlice):
(JSC::JSArray::tryCreateUninitialized): Deleted.
* runtime/JSArray.h:
(JSC::JSArray::tryCreateForInitializationPrivate):
(JSC::constructArray):
(JSC::constructArrayNegativeIndexed):
(JSC::JSArray::tryCreateUninitialized): Deleted.
* runtime/RegExpMatchesArray.cpp:
(JSC::createEmptyRegExpMatchesArray):
* runtime/RegExpMatchesArray.h:
(JSC::createRegExpMatchesArray):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211111 | fpizlo@apple.com | 2017-01-24 22:07:34 +0000 (Tue, 24 Jan 2017) | 20 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/Options.cpp
Enable the stochastic space-time scheduler on the larger multicores
https://bugs.webkit.org/show_bug.cgi?id=167382
<rdar://problem/30173375>
Rubber stamped by Saam Barati
This looks like a 1.3% JetStream speed-up thanks to a 28% splay-latency improvement. This new
scheduler seems to prevent all of the same pathologies as the old one prevented. But instead of
periodically suspending the mutator, this new one will only suspend after an iteration of the
constraint fixpoint. The length of that suspension length is random with the distribution being
governed by mutatorUtilization. Once resumed, the mutator gets to run unimpeded until draining
stalls.
I'm enabling it on platforms as I benchmark those platforms. It's possible that we will want to
use a different scheduler on different platforms.
* runtime/Options.cpp:
(JSC::overrideDefaults):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211112 | commit-queue@webkit.org | 2017-01-24 22:40:40 +0000 (Tue, 24 Jan 2017) | 11 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/InferredTypeTable.cpp
Unreviewed, rolling out r211091.
https://bugs.webkit.org/show_bug.cgi?id=167384
introduces a subtle bug in InferredTypeTable, huge
Octane/deltablue regression (Requested by pizlo on #webkit).
Reverted changeset:
"InferredTypeTable entry manipulation is not TOCTOU race safe"
https://bugs.webkit.org/show_bug.cgi?id=167344
http://trac.webkit.org/changeset/211091
------------------------------------------------------------------------
------------------------------------------------------------------------
r211113 | fpizlo@apple.com | 2017-01-24 23:24:35 +0000 (Tue, 24 Jan 2017) | 14 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/atomics-neg-zero.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp
-0 is a valid array index and AtomicsObject should know this
https://bugs.webkit.org/show_bug.cgi?id=167386
Reviewed by Mark Lam.
JSTests:
* stress/atomics-neg-zero.js: Added.
Source/JavaScriptCore:
* runtime/AtomicsObject.cpp: The bug title really says it all.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211122 | fpizlo@apple.com | 2017-01-25 00:53:48 +0000 (Wed, 25 Jan 2017) | 32 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/atomics-store-return.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp
Atomics.store should return the int-converted value, not the value that it stored
https://bugs.webkit.org/show_bug.cgi?id=167395
Reviewed by Saam Barati.
JSTests:
* stress/atomics-store-return.js: Added.
Source/JavaScriptCore:
Previously the code was based around passing a lambda that operated over the native type of the
operation (so for example int8_t if we were doing things to Int8Arrays). But to support this
behavior of store, we need it to be able to control how it converts its result to JSValue and it
needs to see its argument as an int32_t. It turns out that it's easy for all of the functions in
AtomicsObject.cpp to also adopt this protocol since the conversion to JSValue is just jsNumber()
from the native type in those cases, and the conversion from int32_t is done for free in
std::atomic.
* runtime/AtomicsObject.cpp:
(JSC::atomicsFuncAdd):
(JSC::atomicsFuncAnd):
(JSC::atomicsFuncCompareExchange):
(JSC::atomicsFuncExchange):
(JSC::atomicsFuncLoad):
(JSC::atomicsFuncOr):
(JSC::atomicsFuncStore):
(JSC::atomicsFuncSub):
(JSC::atomicsFuncXor):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211124 | msaboff@apple.com | 2017-01-25 01:04:26 +0000 (Wed, 25 Jan 2017) | 18 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/InferredTypeTable.cpp
InferredTypeTable entry manipulation is not TOCTOU race safe
https://bugs.webkit.org/show_bug.cgi?id=167344
Reviewed by Filip Pizlo.
Made the accesses to table values safe from Time of Check,
Time of Use races with local temporary values.
Fixed point that we set an entry in the table to access the
current table entry instead of using the local entry. In that case,
we reload the now changed entry.
* runtime/InferredTypeTable.cpp:
(JSC::InferredTypeTable::visitChildren):
(JSC::InferredTypeTable::get):
(JSC::InferredTypeTable::willStoreValue):
(JSC::InferredTypeTable::makeTop):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211128 | utatane.tea@gmail.com | 2017-01-25 02:40:52 +0000 (Wed, 25 Jan 2017) | 31 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/to-string-with-int52.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSCJSValue.h
M /trunk/Source/JavaScriptCore/runtime/NumberPrototype.cpp
[JSC] Optimize Number#toString with Int52
https://bugs.webkit.org/show_bug.cgi?id=167303
Reviewed by Sam Weinig.
JSTests:
* stress/to-string-with-int52.js: Added.
(shouldBe):
Source/JavaScriptCore:
In kraken crypto-sha256-iterative, we frequently call Number.prototype.toString with
Int52. In that case, toString handles it in the generic double path. But we should
have a fast path for this since it can be represented in int64_t.
The stanford-crypto-sha256-iterative shows 1.6% performance improvement (on Linux machine hanayamata).
Collected 100 samples per benchmark/VM, with 100 VM invocations per benchmark. Emitted a call to gc() between
sample measurements. Used 1 benchmark iteration per VM invocation for warm-up. Used the jsc-specific preciseTime()
function to get microsecond-level timing. Reporting benchmark execution times with 95% confidence intervals in
milliseconds.
baseline patched
stanford-crypto-sha256-iterative 32.853+-0.075 ^ 32.325+-0.055 ^ definitely 1.0163x faster
* runtime/JSCJSValue.h:
* runtime/NumberPrototype.cpp:
(JSC::int52ToStringWithRadix):
(JSC::toStringWithRadix):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211129 | fpizlo@apple.com | 2017-01-25 02:52:51 +0000 (Wed, 25 Jan 2017) | 33 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/atomics-add-uint32.js
M /trunk/JSTests/stress/atomics-store-return.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp
Atomics.store should return the int-converted value according to toInteger
https://bugs.webkit.org/show_bug.cgi?id=167399
Reviewed by Saam Barati.
JSTests:
* stress/atomics-add-uint32.js: Added.
* stress/atomics-store-return.js: Fix the test to match what the spec wants.
Source/JavaScriptCore:
I keep getting this wrong, but I think I've finally done it right. What we want is for
Atomics.store to return the value it was passed after toInteger, which doesn't clip the value to
any kind of range. It does get truncated to double.
This changes the code to pass those "integers" as doubles. It doesn't matter that this is slow,
since all of these code paths are slow due to their need to check everything. We'll take care of
that by making them intrinsic later.
* runtime/AtomicsObject.cpp:
(JSC::atomicsFuncAdd):
(JSC::atomicsFuncAnd):
(JSC::atomicsFuncCompareExchange):
(JSC::atomicsFuncExchange):
(JSC::atomicsFuncLoad):
(JSC::atomicsFuncOr):
(JSC::atomicsFuncStore):
(JSC::atomicsFuncSub):
(JSC::atomicsFuncXor):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211133 | commit-queue@webkit.org | 2017-01-25 04:23:27 +0000 (Wed, 25 Jan 2017) | 90 lines
Changed paths:
M /trunk/ChangeLog
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/platform/gtk/fast/dom/Window/window-properties-performance-expected.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/wtf/FeatureDefines.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebCore/DerivedSources.make
M /trunk/Source/WebCore/PAL/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj
M /trunk/Source/WebCore/bindings/js/JSPerformanceEntryCustom.cpp
M /trunk/Source/WebCore/page/Performance.cpp
M /trunk/Source/WebCore/page/Performance.h
M /trunk/Source/WebCore/page/Performance.idl
M /trunk/Source/WebCore/page/PerformanceMark.h
M /trunk/Source/WebCore/page/PerformanceMark.idl
M /trunk/Source/WebCore/page/PerformanceMeasure.h
M /trunk/Source/WebCore/page/PerformanceMeasure.idl
M /trunk/Source/WebCore/page/PerformanceUserTiming.cpp
M /trunk/Source/WebCore/page/PerformanceUserTiming.h
M /trunk/Source/WebCore/page/RuntimeEnabledFeatures.h
M /trunk/Source/WebKit/mac/ChangeLog
M /trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig
M /trunk/Source/cmake/OptionsEfl.cmake
M /trunk/Source/cmake/OptionsWin.cmake
M /trunk/Source/cmake/WebKitFeatures.cmake
M /trunk/Source/cmake/tools/vsprops/FeatureDefines.props
M /trunk/Source/cmake/tools/vsprops/FeatureDefinesCairo.props
M /trunk/Tools/ChangeLog
M /trunk/Tools/Scripts/webkitperl/FeatureList.pm
M /trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig
Fold USER_TIMING into WEB_TIMING and make it a RuntimeEnabledFeature
https://bugs.webkit.org/show_bug.cgi?id=167394
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-01-24
Reviewed by Ryosuke Niwa.
.:
* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsWin.cmake:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmake/tools/vsprops/FeatureDefines.props:
* Source/cmake/tools/vsprops/FeatureDefinesCairo.props:
Source/JavaScriptCore:
* Configurations/FeatureDefines.xcconfig:
* runtime/CommonIdentifiers.h:
Source/WebCore:
All of the Performance Timing specifications are highly coupled.
So let make WEB_TIMING encompass them all:
- High Resolution Time (window.performance)
- Performance Timeline (PerformanceEntry, PerformanceObserver)
- Navigation Timing ("navigation" entries)
- Resource Timing ("resource" entries)
- User Timing ("mark" / "measure" entries)
We can then turn on and off individual pieces as runtime features,
such as Resource Timing, User Timing, and Performance Observer.
* DerivedSources.make:
* WebCore.xcodeproj/project.pbxproj:
Add User Timing files that are now included in WEB_TIMING builds.
* page/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::setUserTimingEnabled):
(WebCore::RuntimeEnabledFeatures::userTimingEnabled):
Add a runtime feature for user timing. Disabled by default.
* Configurations/FeatureDefines.xcconfig:
* PAL/Configurations/FeatureDefines.xcconfig:
* bindings/js/JSPerformanceEntryCustom.cpp:
(WebCore::toJSNewlyCreated):
* page/Performance.cpp:
(WebCore::Performance::getEntries):
(WebCore::Performance::getEntriesByType):
(WebCore::Performance::getEntriesByName):
(WebCore::Performance::mark):
(WebCore::Performance::clearMarks):
(WebCore::Performance::measure):
(WebCore::Performance::clearMeasures):
(WebCore::Performance::webkitMark): Deleted.
(WebCore::Performance::webkitClearMarks): Deleted.
(WebCore::Performance::webkitMeasure): Deleted.
(WebCore::Performance::webkitClearMeasures): Deleted.
* page/Performance.h:
* page/Performance.idl:
* page/PerformanceMark.h:
* page/PerformanceMark.idl:
* page/PerformanceMeasure.h:
* page/PerformanceMeasure.idl:
* page/PerformanceUserTiming.cpp:
* page/PerformanceUserTiming.h:
Convert USER_TIMING to WEB_TIMING.
Drop webkit prefixed legacy names.
Source/WebKit/mac:
* Configurations/FeatureDefines.xcconfig:
Source/WebKit2:
* Configurations/FeatureDefines.xcconfig:
Source/WTF:
* wtf/FeatureDefines.h:
Tools:
* Scripts/webkitperl/FeatureList.pm:
* TestWebKitAPI/Configurations/FeatureDefines.xcconfig:
LayoutTests:
* platform/gtk/fast/dom/Window/window-properties-performance-expected.txt:
Although this test is skipped on gtk, update the results.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211139 | rniwa@webkit.org | 2017-01-25 09:11:52 +0000 (Wed, 25 Jan 2017) | 37 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/page/DOMWindow.cpp
M /trunk/Source/WebCore/page/DOMWindow.h
M /trunk/Source/WebCore/page/DOMWindow.idl
M /trunk/Tools/ChangeLog
M /trunk/Tools/TestWebKitAPI/Tests/WebKit2/InjectedBundleMakeAllShadowRootsOpen.cpp
M /trunk/Tools/TestWebKitAPI/Tests/WebKit2/InjectedBundleMakeAllShadowRootsOpen_Bundle.cpp
M /trunk/Tools/TestWebKitAPI/Tests/WebKit2/closed-shadow-tree-test.html
collectMatchingElementsInFlatTree should not find elements inside an user agent shadow tree
https://bugs.webkit.org/show_bug.cgi?id=167409
Reviewed by Antti Koivisto.
Source/JavaScriptCore:
Added matchingElementInFlatTree as a common identifier since it's required in the bindings code.
* runtime/CommonIdentifiers.h:
Source/WebCore:
The bug was caused by collectMatchingElementsInFlatTree including elements inside an user agent shadow tree
even though it shouldn't. Fixed the bug by checking that condition.
Also added matchingElementInFlatTree to find the first element matching a selector as opposed to all,
again, only exposed in a world which forces all shadow trees to be accessible.
* page/DOMWindow.cpp:
(WebCore::selectorQueryInFrame):
(WebCore::DOMWindow::collectMatchingElementsInFlatTree):
(WebCore::DOMWindow::matchingElementInFlatTree):
* page/DOMWindow.h:
* page/DOMWindow.idl:
Tools:
Added a test case for collectMatchingElementsInFlatTree not finding elements inside an user agent shadow tree
as well as tests for the newly added matchingElementInFlatTree.
* TestWebKitAPI/Tests/WebKit2/InjectedBundleMakeAllShadowRootsOpen.cpp:
(TestWebKitAPI::runJavaScriptAlert):
* TestWebKitAPI/Tests/WebKit2/InjectedBundleMakeAllShadowRootsOpen_Bundle.cpp:
(TestWebKitAPI::InjectedBundleMakeAllShadowRootOpenTest::initialize):
* TestWebKitAPI/Tests/WebKit2/closed-shadow-tree-test.html:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211167 | fpizlo@apple.com | 2017-01-25 22:42:22 +0000 (Wed, 25 Jan 2017) | 13 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp
ARM/ARM64 stress/atomics-store-return.js fails
<rdar://problem/30192652>
Reviewed by Michael Saboff.
The problem was relying on double->int casts for anything. We need to use toInt32().
* runtime/AtomicsObject.cpp:
(JSC::atomicsFuncCompareExchange):
(JSC::atomicsFuncExchange):
(JSC::atomicsFuncStore):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211194 | fpizlo@apple.com | 2017-01-26 02:34:30 +0000 (Thu, 26 Jan 2017) | 59 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/lars-sab-workers.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.h
jsc.cpp should have the $.agent stuff for testing SAB
https://bugs.webkit.org/show_bug.cgi?id=167431
Reviewed by Saam Barati.
JSTests:
Add a very basic test of Atomics using $.agent. This is based on
LayoutTests/workers/sab/simple.html.
* stress/lars-sab-workers.js: Added.
(startWorker):
(resources):
(wake):
(else):
Source/JavaScriptCore:
This adds some stuff that the SAB branch of test262 needs. None of this is exposed except for our
own tests and the SAB branch of test262. We now pass all of the Atomics tests in the SAB branch
of test262.
* jsc.cpp:
(Message::releaseContents):
(Message::index):
(GlobalObject::finishCreation):
(GlobalObject::addFunction):
(Message::Message):
(Message::~Message):
(Worker::Worker):
(Worker::~Worker):
(Worker::send):
(Worker::receive):
(Worker::current):
(Worker::currentWorker):
(Workers::Workers):
(Workers::~Workers):
(Workers::broadcast):
(Workers::report):
(Workers::tryGetReport):
(Workers::getReport):
(Workers::singleton):
(functionDollarCreateRealm):
(functionDollarDetachArrayBuffer):
(functionDollarEvalScript):
(functionDollarAgentStart):
(functionDollarAgentReceiveBroadcast):
(functionDollarAgentReport):
(functionDollarAgentSleep):
(functionDollarAgentBroadcast):
(functionDollarAgentGetReport):
(functionWaitForReport):
(checkException):
(runWithScripts):
(runJSC):
(jscmain):
* runtime/JSArrayBuffer.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211195 | sbarati@apple.com | 2017-01-26 02:38:41 +0000 (Thu, 26 Jan 2017) | 32 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/wasm/function-tests/function-import-return-value.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp
M /trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h
M /trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
M /trunk/Source/JavaScriptCore/wasm/WasmBinding.cpp
WebAssembly JS API: coerce return values from imports
https://bugs.webkit.org/show_bug.cgi?id=165480
<rdar://problem/29760318>
Reviewed by Yusuke Suzuki.
JSTests:
* wasm/function-tests/function-import-return-value.js: Added.
(import.Builder.from.string_appeared_here.import.as.assert.from.string_appeared_here.const.tests.x.assert.eq):
(import.Builder.from.string_appeared_here.import.as.assert.from.string_appeared_here.const.tests.Math.fround):
(import.Builder.from.string_appeared_here.import.as.assert.from.string_appeared_here.let.type.of.Reflect.ownKeys):
(test.1):
(assert.truthy):
(assert.throws):
Source/JavaScriptCore:
This patch does proper coercion for all possible
JSValue return types from an imported function.
It also adds the spec-compliant code to throw an exception
when calling an import that has an i64 parameter or return
value.
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitJumpIfException):
* jit/AssemblyHelpers.h:
* wasm/WasmB3IRGenerator.cpp:
* wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToJs):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211224 | jfbastien@apple.com | 2017-01-26 19:52:35 +0000 (Thu, 26 Jan 2017) | 84 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/microbenchmarks/mandelbrot.js
A /trunk/JSTests/microbenchmarks/nonude.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M /trunk/Source/JavaScriptCore/dfg/DFGJITCode.h
M /trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGOSREntry.h
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
A /trunk/Source/JavaScriptCore/dfg/DFGTierUpEntryTrigger.h (from /trunk/Source/JavaScriptCore/ftl/FTLOSREntry.h:211223)
M /trunk/Source/JavaScriptCore/dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h
M /trunk/Source/JavaScriptCore/ftl/FTLOSREntry.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLOSREntry.h
M /trunk/Source/JavaScriptCore/jit/JITOperations.cpp
OSR entry: delay outer-loop compilation when at inner-loop
https://bugs.webkit.org/show_bug.cgi?id=167149
Reviewed by Filip Pizlo.
JSTests:
Try to be mean to OSR entry by using nested loops, and having
non-int32 types or truly varying types.
Mandelbrot currently never tiers up to FTL because it exits too
many times before this. That shouldn't happen because it's just
numbers and int32s. I'll file a bug to fix this.
* microbenchmarks/mandelbrot.js: Added.
(mandelbrot):
(printable):
* microbenchmarks/nonude.js: Added.
(Array.prototype.remove):
(const.u):
(const.load):
(const.scan):
(const.main):
Source/JavaScriptCore:
As of https://bugs.webkit.org/show_bug.cgi?id=155217 OSR
compilation can be kicked off for an entry into an outer-loop,
while executing an inner-loop. This is desirable because often the
codegen from an inner-entry isn't as good as the codegen from an
outer-entry, but execution from an inner-loop is often pretty hot
and likely to kick off compilation. This approach provided nice
speedups on Kraken because we'd select to enter to the outer-loop
very reliably, which reduces variability (the inner-loop was
selected roughly 1/5 times from my unscientific measurements).
When compilation starts we take a snapshot of the JSValues at the
current execution state using OSR's recovery mechanism. These
values are passed to the compiler and are used as way to perform
type profiling, and could be used to observe cell types as well as
to perform predictions such as through constant propagation.
It's therefore desired to enter from the outer-loop when we can,
but we need to be executing from that location to capture the
right JSValues, otherwise we're confusing the compiler and giving
it inaccurate JSValues which can lead it to predict the wrong
things, leading to suboptimal code or recompilation due to
misprediction, or in super-corner-cases a crash.
These effects are pretty hard to measure: Fil points out that
marsalis-osr-entry really needs mustHandleValues (the JSValues
from the point of execution) because right now it just happens to
correctly guess int32. I tried removing mustHandleValues entirely
and saw no slowdowns, but our benchmarks probably aren't
sufficient to reliably find issues, sometimes because we happen to
have sufficient mitigations.
DFG tier-up was added here:
https://bugs.webkit.org/show_bug.cgi?id=112838
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGJITCode.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSREntry.h:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGTierUpEntryTrigger.h: Copied from Source/JavaScriptCore/ftl/FTLOSREntry.h.
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::Ref<ToFTLForOSREntryDeferredCompilationCallback>ToFTLForOSREntryDeferredCompilationCallback::create):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h:
* ftl/FTLOSREntry.cpp:
(JSC::FTL::prepareOSREntry):
* ftl/FTLOSREntry.h:
* jit/JITOperations.cpp:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211237 | sbarati@apple.com | 2017-01-26 23:50:58 +0000 (Thu, 26 Jan 2017) | 297 lines
Changed paths:
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M /trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/StructureSet.cpp
M /trunk/Source/JavaScriptCore/bytecode/StructureSet.h
M /trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h
M /trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M /trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGAbstractValue.h
M /trunk/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGArrayifySlowPathGenerator.h
M /trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h
M /trunk/Source/JavaScriptCore/dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h
M /trunk/Source/JavaScriptCore/dfg/DFGCommonData.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGDesiredWeakReferences.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGGraph.h
M /trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h
M /trunk/Source/JavaScriptCore/dfg/DFGMultiGetByOffsetData.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGMultiGetByOffsetData.h
M /trunk/Source/JavaScriptCore/dfg/DFGNode.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGNode.h
M /trunk/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGOpInfo.h
M /trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp
A /trunk/Source/JavaScriptCore/dfg/DFGRegisteredStructure.h (from /trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.h:211236)
A /trunk/Source/JavaScriptCore/dfg/DFGRegisteredStructureSet.cpp (from /trunk/Source/JavaScriptCore/bytecode/StructureSet.cpp:211236)
A /trunk/Source/JavaScriptCore/dfg/DFGRegisteredStructureSet.h (from /trunk/Source/JavaScriptCore/bytecode/StructureSet.h:211236)
M /trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGStructureAbstractValue.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGStructureAbstractValue.h
D /trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp
D /trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.h
M /trunk/Source/JavaScriptCore/dfg/DFGTransition.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGTransition.h
M /trunk/Source/JavaScriptCore/dfg/DFGTypeCheckHoistingPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGValidate.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLOutput.h
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/wtf/TinyPtrSet.h
Harden how the compiler references GC objects
https://bugs.webkit.org/show_bug.cgi?id=167277
<rdar://problem/30179506>
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
Since r210971, the DFG/FTL will flash safepoints before
each phase. This means that there are more opportunities for
a GC to happen while the compiler is running. Because of this,
the compiler must keep track of all the heap pointers that are part
of the Graph data structure. To accomplish this, I've designed
a new type called RegisteredStructure that can only be constructed
after the Graph becomes aware of its underlying Structure*. I
designed this new type to have the type system in C++ help us catch
errors where we're not informing the graph/plan of a heap pointer.
I've made it a compile error to create an OpInfo with a pointer
T* where T inherits from HeapCell. This encourages an OpInfo
to be created with either a FrozenValue* or a RegisteredStructure.
I've added similar compile time assertions for TrustedImmPtr in DFG::SpeculativeJIT
and FTL::Output::constIntPtr. These static asserts don't save us from all bad
programs because there are ways to write code that's incorrect that compiles,
but the new types do help us ensure that the most obvious way of writing the
code is correct.
The reason this patch is so big is that I've strung RegisteredStructure and
RegisteredStructureSet through the entire DFG/FTL.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::determineLiveness):
* bytecode/StructureSet.cpp:
(JSC::StructureSet::filter): Deleted.
(JSC::StructureSet::filterArrayModes): Deleted.
(JSC::StructureSet::speculationFromStructures): Deleted.
(JSC::StructureSet::arrayModesFromStructures): Deleted.
(JSC::StructureSet::validateReferences): Deleted.
* bytecode/StructureSet.h:
* dfg/DFGAbstractInterpreter.h:
(JSC::DFG::AbstractInterpreter::filter):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::booleanResult):
(JSC::DFG::isToThisAnIdentity):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::filter):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::set):
(JSC::DFG::AbstractValue::setType):
(JSC::DFG::AbstractValue::mergeOSREntryValue):
(JSC::DFG::AbstractValue::filter):
(JSC::DFG::AbstractValue::changeStructure):
(JSC::DFG::AbstractValue::contains):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::observeTransition):
(JSC::DFG::AbstractValue::TransitionObserver::TransitionObserver):
* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::alreadyChecked):
* dfg/DFGArrayifySlowPathGenerator.h:
(JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
(JSC::DFG::ByteCodeParser::load):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::handlePutById):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
* dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
(JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
(JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
* dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
(JSC::DFG::CallCreateDirectArgumentsSlowPathGenerator::CallCreateDirectArgumentsSlowPathGenerator):
* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::notifyCompilingStructureTransition):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
(JSC::DFG::ConstantFoldingPhase::addBaseCheck):
(JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
* dfg/DFGDesiredWeakReferences.cpp:
(JSC::DFG::DesiredWeakReferences::reallyAdd):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::checkArray):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::tryGetConstantProperty):
(JSC::DFG::Graph::inferredValueForProperty):
(JSC::DFG::Graph::visitChildren):
(JSC::DFG::Graph::freeze):
(JSC::DFG::Graph::registerStructure):
(JSC::DFG::Graph::assertIsRegistered):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::registerStructure):
(JSC::DFG::Graph::addStructureSet):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::branchWeakStructure):
* dfg/DFGMultiGetByOffsetData.cpp:
(JSC::DFG::MultiGetByOffsetCase::dumpInContext):
* dfg/DFGMultiGetByOffsetData.h:
(JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
(JSC::DFG::MultiGetByOffsetCase::set):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToPutStructureHint):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToCheckStructure):
(JSC::DFG::Node::structureSet):
(JSC::DFG::Node::structure):
(JSC::DFG::Node::OpInfoWrapper::OpInfoWrapper):
(JSC::DFG::Node::OpInfoWrapper::operator=):
(JSC::DFG::Node::OpInfoWrapper::asRegisteredStructure):
* dfg/DFGObjectAllocationSinkingPhase.cpp:
* dfg/DFGOpInfo.h:
(JSC::DFG::OpInfo::OpInfo):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
* dfg/DFGRegisteredStructure.h: Added.
(JSC::DFG::RegisteredStructure::get):
(JSC::DFG::RegisteredStructure::operator->):
(JSC::DFG::RegisteredStructure::operator==):
(JSC::DFG::RegisteredStructure::operator!=):
(JSC::DFG::RegisteredStructure::operator bool):
(JSC::DFG::RegisteredStructure::RegisteredStructure):
(JSC::DFG::RegisteredStructure::createPrivate):
* dfg/DFGRegisteredStructureSet.cpp: Added.
(JSC::DFG::RegisteredStructureSet::filter):
(JSC::DFG::RegisteredStructureSet::filterArrayModes):
(JSC::DFG::RegisteredStructureSet::speculationFromStructures):
(JSC::DFG::RegisteredStructureSet::arrayModesFromStructures):
(JSC::DFG::RegisteredStructureSet::validateReferences):
* dfg/DFGRegisteredStructureSet.h: Added.
(JSC::DFG::RegisteredStructureSet::RegisteredStructureSet):
(JSC::DFG::RegisteredStructureSet::onlyStructure):
(JSC::DFG::RegisteredStructureSet::toStructureSet):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::emitGetCallee):
(JSC::DFG::SpeculativeJIT::silentFill):
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
(JSC::DFG::SpeculativeJIT::compileFromCharCode):
(JSC::DFG::SpeculativeJIT::compileDoubleRep):
(JSC::DFG::compileClampDoubleToByte):
(JSC::DFG::SpeculativeJIT::compileMakeRope):
(JSC::DFG::SpeculativeJIT::compileArithRounding):
(JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
(JSC::DFG::SpeculativeJIT::compileNewFunction):
(JSC::DFG::SpeculativeJIT::compileCreateActivation):
(JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
(JSC::DFG::SpeculativeJIT::compileCreateScopedArguments):
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
(JSC::DFG::SpeculativeJIT::compileSpread):
(JSC::DFG::SpeculativeJIT::compileArraySlice):
(JSC::DFG::SpeculativeJIT::compileTypeOf):
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnCell):
(JSC::DFG::SpeculativeJIT::compileNewTypedArray):
(JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
(JSC::DFG::SpeculativeJIT::compileMaterializeNewObject):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::TrustedImmPtr::TrustedImmPtr):
(JSC::DFG::SpeculativeJIT::TrustedImmPtr::weakPointer):
(JSC::DFG::SpeculativeJIT::TrustedImmPtr::operator MacroAssembler::TrustedImmPtr):
(JSC::DFG::SpeculativeJIT::TrustedImmPtr::asIntptr):
(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::emitAllocateDestructibleObject):
(JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* dfg/DFGStructureAbstractValue.cpp:
(JSC::DFG::StructureAbstractValue::assertIsRegistered):
(JSC::DFG::StructureAbstractValue::clobber):
(JSC::DFG::StructureAbstractValue::observeTransition):
(JSC::DFG::StructureAbstractValue::observeTransitions):
(JSC::DFG::StructureAbstractValue::add):
(JSC::DFG::StructureAbstractValue::merge):
(JSC::DFG::StructureAbstractValue::mergeNotTop):
(JSC::DFG::StructureAbstractValue::filter):
(JSC::DFG::StructureAbstractValue::filterSlow):
(JSC::DFG::StructureAbstractValue::filterClassInfoSlow):
(JSC::DFG::StructureAbstractValue::contains):
(JSC::DFG::StructureAbstractValue::isSubsetOf):
(JSC::DFG::StructureAbstractValue::isSupersetOf):
(JSC::DFG::StructureAbstractValue::overlaps):
(JSC::DFG::StructureAbstractValue::isSubClassOf):
(JSC::DFG::StructureAbstractValue::dumpInContext):
* dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::StructureAbstractValue):
(JSC::DFG::StructureAbstractValue::operator=):
(JSC::DFG::StructureAbstractValue::set):
(JSC::DFG::StructureAbstractValue::toStructureSet):
(JSC::DFG::StructureAbstractValue::at):
(JSC::DFG::StructureAbstractValue::operator[]):
(JSC::DFG::StructureAbstractValue::onlyStructure):
* dfg/DFGStructureRegistrationPhase.cpp:
(JSC::DFG::StructureRegistrationPhase::StructureRegistrationPhase): Deleted.
(JSC::DFG::StructureRegistrationPhase::run): Deleted.
(JSC::DFG::StructureRegistrationPhase::registerStructures): Deleted.
(JSC::DFG::StructureRegistrationPhase::registerStructure): Deleted.
(JSC::DFG::StructureRegistrationPhase::assertAreRegistered): Deleted.
(JSC::DFG::StructureRegistrationPhase::assertIsRegistered): Deleted.
(JSC::DFG::performStructureRegistration): Deleted.
* dfg/DFGStructureRegistrationPhase.h:
* dfg/DFGTransition.cpp:
(JSC::DFG::Transition::dumpInContext):
* dfg/DFGTransition.h:
(JSC::DFG::Transition::Transition):
* dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::noticeStructureCheck):
(JSC::DFG::TypeCheckHoistingPhase::noticeStructureCheckAccountingForArrayMode):
* dfg/DFGValidate.cpp:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
(JSC::FTL::DFG::LowerDFGToB3::compileCallObjectConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckStructure):
(JSC::FTL::DFG::LowerDFGToB3::compilePutStructure):
(JSC::FTL::DFG::LowerDFGToB3::compileArraySlice):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateRest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArray):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayBuffer):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::compileAllocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::compileReallocatePropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiGetByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiPutByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileGetMapBucket):
(JSC::FTL::DFG::LowerDFGToB3::compileOverridesHasInstance):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckStructureImmediate):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::compileLogShadowChickenTail):
(JSC::FTL::DFG::LowerDFGToB3::checkStructure):
(JSC::FTL::DFG::LowerDFGToB3::checkInferredType):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
(JSC::FTL::DFG::LowerDFGToB3::allocateUninitializedContiguousJSArray):
(JSC::FTL::DFG::LowerDFGToB3::boolify):
(JSC::FTL::DFG::LowerDFGToB3::equalNullOrUndefined):
(JSC::FTL::DFG::LowerDFGToB3::lowCell):
(JSC::FTL::DFG::LowerDFGToB3::speculateStringObjectForStructureID):
(JSC::FTL::DFG::LowerDFGToB3::weakPointer):
(JSC::FTL::DFG::LowerDFGToB3::frozenPointer):
(JSC::FTL::DFG::LowerDFGToB3::weakStructureID):
(JSC::FTL::DFG::LowerDFGToB3::weakStructure):
(JSC::FTL::DFG::LowerDFGToB3::crash):
* ftl/FTLOutput.h:
(JSC::FTL::Output::weakPointer):
(JSC::FTL::Output::constIntPtr):
Source/WTF:
I made TinyPtrSet use bitwise_cast instead of static_cast
for its singleEntry() function so that it can work on pointer-like
types just as it can on actual pointer types.
An example of where this matters is when you have TinyPtrSet<T>
where T is defined to be a struct which wraps a pointer, e.g:
struct T {
void* m_pointer;
}
* wtf/TinyPtrSet.h:
(WTF::TinyPtrSet::singleEntry):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211245 | commit-queue@webkit.org | 2017-01-27 01:33:38 +0000 (Fri, 27 Jan 2017) | 11 lines
Changed paths:
M /trunk/JSTests/ChangeLog
D /trunk/JSTests/microbenchmarks/mandelbrot.js
D /trunk/JSTests/microbenchmarks/nonude.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M /trunk/Source/JavaScriptCore/dfg/DFGJITCode.h
M /trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGOSREntry.h
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
D /trunk/Source/JavaScriptCore/dfg/DFGTierUpEntryTrigger.h
M /trunk/Source/JavaScriptCore/dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h
M /trunk/Source/JavaScriptCore/ftl/FTLOSREntry.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLOSREntry.h
M /trunk/Source/JavaScriptCore/jit/JITOperations.cpp
Unreviewed, rolling out r211224.
https://bugs.webkit.org/show_bug.cgi?id=167479
"It was a Kraken performance regression" (Requested by
saamyjoon on #webkit).
Reverted changeset:
"OSR entry: delay outer-loop compilation when at inner-loop"
https://bugs.webkit.org/show_bug.cgi?id=167149
http://trac.webkit.org/changeset/211224
------------------------------------------------------------------------
------------------------------------------------------------------------
r211246 | mark.lam@apple.com | 2017-01-27 01:38:05 +0000 (Fri, 27 Jan 2017) | 16 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/regress-166812.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h
Fix missing exception check in genericTypedArrayViewProtoFuncSet().
https://bugs.webkit.org/show_bug.cgi?id=166812
<rdar://problem/29916672>
Reviewed by Saam Barati.
JSTests:
* stress/regress-166812.js: Added.
Source/JavaScriptCore:
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncSet):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211247 | keith_miller@apple.com | 2017-01-27 01:47:52 +0000 (Fri, 27 Jan 2017) | 1134 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSCallbackConstructor.cpp
M /trunk/Source/JavaScriptCore/API/JSCallbackFunction.cpp
M /trunk/Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
M /trunk/Source/JavaScriptCore/API/JSObjectRef.cpp
M /trunk/Source/JavaScriptCore/API/JSTypedArray.cpp
M /trunk/Source/JavaScriptCore/API/JSValue.mm
M /trunk/Source/JavaScriptCore/API/JSValueRef.cpp
M /trunk/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp
M /trunk/Source/JavaScriptCore/API/JSWrapperMap.mm
M /trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.h
M /trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.mm
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bindings/ScriptFunctionCall.cpp
M /trunk/Source/JavaScriptCore/bytecode/CallVariant.h
M /trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h
M /trunk/Source/JavaScriptCore/bytecode/ObjectPropertyCondition.cpp
M /trunk/Source/JavaScriptCore/bytecode/ObjectPropertyCondition.h
M /trunk/Source/JavaScriptCore/bytecode/PropertyCondition.cpp
M /trunk/Source/JavaScriptCore/bytecode/PropertyCondition.h
M /trunk/Source/JavaScriptCore/bytecode/SpeculatedType.cpp
M /trunk/Source/JavaScriptCore/debugger/Debugger.cpp
M /trunk/Source/JavaScriptCore/debugger/DebuggerCallFrame.cpp
M /trunk/Source/JavaScriptCore/debugger/DebuggerScope.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h
M /trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M /trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGDesiredWeakReferences.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGFrozenValue.h
M /trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGLazyJSValue.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGLazyJSValue.h
M /trunk/Source/JavaScriptCore/dfg/DFGNode.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGNode.h
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp
M /trunk/Source/JavaScriptCore/heap/CodeBlockSet.cpp
M /trunk/Source/JavaScriptCore/heap/CodeBlockSet.h
M /trunk/Source/JavaScriptCore/heap/GCAssertions.h
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
M /trunk/Source/JavaScriptCore/heap/HeapSnapshotBuilder.cpp
M /trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp
M /trunk/Source/JavaScriptCore/inspector/InjectedScriptHost.h
M /trunk/Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp
M /trunk/Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp
M /trunk/Source/JavaScriptCore/inspector/JSInjectedScriptHostPrototype.cpp
M /trunk/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp
M /trunk/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.h
M /trunk/Source/JavaScriptCore/inspector/JSJavaScriptCallFramePrototype.cpp
M /trunk/Source/JavaScriptCore/inspector/ScriptArguments.cpp
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorHeapAgent.cpp
M /trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp
M /trunk/Source/JavaScriptCore/interpreter/ShadowChicken.cpp
M /trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp
M /trunk/Source/JavaScriptCore/jit/JITCode.cpp
M /trunk/Source/JavaScriptCore/jit/JITOperations.cpp
M /trunk/Source/JavaScriptCore/jit/Repatch.cpp
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
M /trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp
M /trunk/Source/JavaScriptCore/runtime/ArrayBuffer.cpp
M /trunk/Source/JavaScriptCore/runtime/ArrayBuffer.h
M /trunk/Source/JavaScriptCore/runtime/ArrayConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/ArrayConstructor.h
M /trunk/Source/JavaScriptCore/runtime/ArrayIteratorPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/AsyncFunctionPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp
M /trunk/Source/JavaScriptCore/runtime/BooleanObject.cpp
M /trunk/Source/JavaScriptCore/runtime/BooleanObject.h
M /trunk/Source/JavaScriptCore/runtime/BooleanPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/ConsoleObject.cpp
M /trunk/Source/JavaScriptCore/runtime/DateConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/DateInstance.cpp
M /trunk/Source/JavaScriptCore/runtime/DateInstance.h
M /trunk/Source/JavaScriptCore/runtime/DatePrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/ErrorInstance.cpp
M /trunk/Source/JavaScriptCore/runtime/ErrorPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/ExceptionHelpers.cpp
M /trunk/Source/JavaScriptCore/runtime/ExceptionHelpers.h
M /trunk/Source/JavaScriptCore/runtime/ExecutableBase.cpp
M /trunk/Source/JavaScriptCore/runtime/FunctionPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/GeneratorFunctionPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/GetterSetter.h
M /trunk/Source/JavaScriptCore/runtime/InspectorInstrumentationObject.cpp
M /trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp
M /trunk/Source/JavaScriptCore/runtime/InternalFunction.h
M /trunk/Source/JavaScriptCore/runtime/IntlCollator.cpp
M /trunk/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp
M /trunk/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp
M /trunk/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/IntlObject.cpp
M /trunk/Source/JavaScriptCore/runtime/IntlObjectInlines.h
M /trunk/Source/JavaScriptCore/runtime/IteratorPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArray.h
M /trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.h
M /trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h
M /trunk/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp
M /trunk/Source/JavaScriptCore/runtime/JSCJSValue.cpp
M /trunk/Source/JavaScriptCore/runtime/JSCJSValue.h
M /trunk/Source/JavaScriptCore/runtime/JSCJSValueInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSCallee.cpp
M /trunk/Source/JavaScriptCore/runtime/JSCell.cpp
M /trunk/Source/JavaScriptCore/runtime/JSCell.h
M /trunk/Source/JavaScriptCore/runtime/JSCellInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.cpp
M /trunk/Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/JSFunction.cpp
M /trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h
M /trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h
M /trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeInlines.h
M /trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M /trunk/Source/JavaScriptCore/runtime/JSInternalPromiseDeferred.cpp
M /trunk/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h
M /trunk/Source/JavaScriptCore/runtime/JSModuleLoader.cpp
M /trunk/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSModuleRecord.cpp
M /trunk/Source/JavaScriptCore/runtime/JSNativeStdFunction.cpp
M /trunk/Source/JavaScriptCore/runtime/JSONObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSObject.h
M /trunk/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp
M /trunk/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp
M /trunk/Source/JavaScriptCore/runtime/JSScope.cpp
M /trunk/Source/JavaScriptCore/runtime/JSScope.h
M /trunk/Source/JavaScriptCore/runtime/JSString.cpp
M /trunk/Source/JavaScriptCore/runtime/JSStringIterator.cpp
M /trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/LazyClassStructure.cpp
M /trunk/Source/JavaScriptCore/runtime/Lookup.h
M /trunk/Source/JavaScriptCore/runtime/MapConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/MapPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/MathObject.cpp
M /trunk/Source/JavaScriptCore/runtime/ModuleLoaderPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/NumberConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/NumberObject.cpp
M /trunk/Source/JavaScriptCore/runtime/NumberPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/ObjectPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/ProxyObject.cpp
M /trunk/Source/JavaScriptCore/runtime/ReflectObject.cpp
M /trunk/Source/JavaScriptCore/runtime/RegExpConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/RegExpConstructor.h
M /trunk/Source/JavaScriptCore/runtime/RegExpObject.cpp
M /trunk/Source/JavaScriptCore/runtime/RegExpObject.h
M /trunk/Source/JavaScriptCore/runtime/RegExpPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp
M /trunk/Source/JavaScriptCore/runtime/ScriptExecutable.cpp
M /trunk/Source/JavaScriptCore/runtime/SetConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/SetPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/StackFrame.cpp
M /trunk/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/StringObject.cpp
M /trunk/Source/JavaScriptCore/runtime/StringObject.h
M /trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/StructureRareData.cpp
M /trunk/Source/JavaScriptCore/runtime/Symbol.cpp
M /trunk/Source/JavaScriptCore/runtime/SymbolConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/SymbolObject.cpp
M /trunk/Source/JavaScriptCore/runtime/SymbolPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/TestRunnerUtils.cpp
M /trunk/Source/JavaScriptCore/runtime/ThrowScope.cpp
M /trunk/Source/JavaScriptCore/runtime/VM.cpp
M /trunk/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp
M /trunk/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp
M /trunk/Source/JavaScriptCore/tools/JSDollarVMPrototype.cpp
M /trunk/Source/JavaScriptCore/wasm/JSWebAssembly.cpp
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp
M /trunk/Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
M /trunk/Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/Modules/fetch/FetchBody.cpp
M /trunk/Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm
M /trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp
M /trunk/Source/WebCore/bindings/js/JSCommandLineAPIHostCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.cpp
M /trunk/Source/WebCore/bindings/js/JSCryptoCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSCryptoOperationData.cpp
M /trunk/Source/WebCore/bindings/js/JSCustomElementInterface.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMBinding.h
M /trunk/Source/WebCore/bindings/js/JSDOMConstructor.h
M /trunk/Source/WebCore/bindings/js/JSDOMConvert.h
M /trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMIterator.h
M /trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMWindowBase.h
M /trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMWindowShell.cpp
M /trunk/Source/WebCore/bindings/js/JSDOMWindowShell.h
M /trunk/Source/WebCore/bindings/js/JSDocumentCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSDynamicDowncast.h
M /trunk/Source/WebCore/bindings/js/JSEventListener.cpp
M /trunk/Source/WebCore/bindings/js/JSEventTargetCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSEventTargetCustom.h
M /trunk/Source/WebCore/bindings/js/JSExceptionBase.cpp
M /trunk/Source/WebCore/bindings/js/JSExceptionBase.h
M /trunk/Source/WebCore/bindings/js/JSInspectorFrontendHostCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSNodeCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSPluginElementFunctions.cpp
M /trunk/Source/WebCore/bindings/js/JSReadableStreamPrivateConstructors.cpp
M /trunk/Source/WebCore/bindings/js/JSReadableStreamSourceCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSSubtleCryptoCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSTrackCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSTrackCustom.h
M /trunk/Source/WebCore/bindings/js/JSWebKitSubtleCryptoCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp
M /trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h
M /trunk/Source/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSXPathNSResolverCustom.cpp
M /trunk/Source/WebCore/bindings/js/ScriptController.cpp
M /trunk/Source/WebCore/bindings/js/ScriptModuleLoader.cpp
M /trunk/Source/WebCore/bindings/js/ScriptState.cpp
M /trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp
M /trunk/Source/WebCore/bindings/js/StructuredClone.cpp
M /trunk/Source/WebCore/bindings/js/WorkerScriptController.cpp
M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSInterfaceName.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSInterfaceName.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestCustomNamedGetter.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestException.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIterable.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestIterable.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerialization.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerialization.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp
M /trunk/Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.h
M /trunk/Source/WebCore/bridge/c/CRuntimeObject.cpp
M /trunk/Source/WebCore/bridge/c/c_instance.cpp
M /trunk/Source/WebCore/bridge/c/c_utility.cpp
M /trunk/Source/WebCore/bridge/objc/ObjCRuntimeObject.mm
M /trunk/Source/WebCore/bridge/objc/WebScriptObject.mm
M /trunk/Source/WebCore/bridge/objc/objc_instance.mm
M /trunk/Source/WebCore/bridge/objc/objc_runtime.mm
M /trunk/Source/WebCore/bridge/runtime_array.cpp
M /trunk/Source/WebCore/bridge/runtime_method.cpp
M /trunk/Source/WebCore/bridge/runtime_object.cpp
M /trunk/Source/WebCore/css/FontFace.cpp
M /trunk/Source/WebCore/html/HTMLMediaElement.cpp
M /trunk/Source/WebCore/inspector/InspectorController.cpp
M /trunk/Source/WebCore/inspector/InspectorDOMAgent.cpp
M /trunk/Source/WebCore/inspector/WebInjectedScriptHost.cpp
M /trunk/Source/WebCore/inspector/WebInjectedScriptHost.h
M /trunk/Source/WebKit/mac/ChangeLog
M /trunk/Source/WebKit/mac/DOM/DOM.mm
M /trunk/Source/WebKit/mac/DOM/DOMUtility.mm
M /trunk/Source/WebKit/mac/DOM/WebDOMOperations.mm
M /trunk/Source/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm
M /trunk/Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm
M /trunk/Source/WebKit/mac/Plugins/Hosted/ProxyRuntimeObject.mm
M /trunk/Source/WebKit/mac/WebView/WebFrame.mm
M /trunk/Source/WebKit/mac/WebView/WebView.mm
M /trunk/Source/WebKit/win/ChangeLog
M /trunk/Source/WebKit/win/WebFrame.cpp
M /trunk/Source/WebKit/win/WebView.cpp
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/WebProcess/Automation/WebAutomationSessionProxy.cpp
M /trunk/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.cpp
M /trunk/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp
M /trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp
M /trunk/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPMethod.cpp
M /trunk/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp
M /trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NPJSObject.cpp
M /trunk/Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp
M /trunk/Source/WebKit2/WebProcess/WebPage/WebFrame.cpp
M /trunk/Tools/ChangeLog
M /trunk/Tools/DumpRenderTree/TestRunner.cpp
classInfo should take a VM so it is not materialized from the object on each call
https://bugs.webkit.org/show_bug.cgi?id=167424
Rubber Stamped by Michael Saboff.
Previously, classInfo() would get the VM from the target's
MarkedBlock. Most callers already have a VM on hand, so it is
wasteful to compute the VM from the marked block every time. This
patch refactors some of the most common callers of classInfo(),
jsDynamicCast and inherits to take a VM as well.
Source/JavaScriptCore:
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::finishCreation):
* API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::finishCreation):
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::asCallbackObject):
(JSC::JSCallbackObject<Parent>::finishCreation):
* API/JSObjectRef.cpp:
(JSObjectSetPrototype):
(classInfoPrivate):
(JSObjectGetPrivate):
(JSObjectSetPrivate):
(JSObjectGetPrivateProperty):
(JSObjectSetPrivateProperty):
(JSObjectDeletePrivateProperty):
* API/JSTypedArray.cpp:
(JSValueGetTypedArrayType):
(JSObjectMakeTypedArrayWithArrayBuffer):
(JSObjectMakeTypedArrayWithArrayBufferAndOffset):
(JSObjectGetTypedArrayBytesPtr):
(JSObjectGetTypedArrayLength):
(JSObjectGetTypedArrayByteLength):
(JSObjectGetTypedArrayByteOffset):
(JSObjectGetTypedArrayBuffer):
(JSObjectGetArrayBufferBytesPtr):
(JSObjectGetArrayBufferByteLength):
* API/JSValue.mm:
(isDate):
(isArray):
(valueToObjectWithoutCopy):
* API/JSValueRef.cpp:
(JSValueIsArray):
(JSValueIsDate):
(JSValueIsObjectOfClass):
* API/JSWeakObjectMapRefPrivate.cpp:
* API/JSWrapperMap.mm:
(tryUnwrapObjcObject):
* API/ObjCCallbackFunction.h:
* API/ObjCCallbackFunction.mm:
(tryUnwrapConstructor):
* bindings/ScriptFunctionCall.cpp:
(Deprecated::ScriptFunctionCall::call):
* bytecode/CallVariant.h:
(JSC::CallVariant::internalFunction):
(JSC::CallVariant::function):
(JSC::CallVariant::isClosureCall):
(JSC::CallVariant::executable):
(JSC::CallVariant::functionExecutable):
(JSC::CallVariant::nativeExecutable):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::replacement):
(JSC::CodeBlock::computeCapabilityLevel):
(JSC::CodeBlock::nameForRegister):
* bytecode/ObjectAllocationProfile.h:
(JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
* bytecode/ObjectPropertyCondition.cpp:
(JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
* bytecode/ObjectPropertyCondition.h:
(JSC::ObjectPropertyCondition::isValidValueForPresence):
* bytecode/PropertyCondition.cpp:
(JSC::PropertyCondition::isValidValueForAttributes):
(JSC::PropertyCondition::isValidValueForPresence):
(JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
* bytecode/PropertyCondition.h:
* bytecode/SpeculatedType.cpp:
(JSC::speculationFromCell):
* debugger/Debugger.cpp:
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::functionName):
(JSC::DebuggerCallFrame::scope):
(JSC::DebuggerCallFrame::type):
* debugger/DebuggerScope.cpp:
(JSC::DebuggerScope::name):
(JSC::DebuggerScope::location):
* dfg/DFGAbstractInterpreter.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::AbstractInterpreter):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::planLoad):
(JSC::DFG::ByteCodeParser::checkPresenceLike):
(JSC::DFG::ByteCodeParser::load):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDesiredWeakReferences.cpp:
(JSC::DFG::DesiredWeakReferences::reallyAdd):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupMakeRope):
* dfg/DFGFrozenValue.h:
(JSC::DFG::FrozenValue::FrozenValue):
(JSC::DFG::FrozenValue::dynamicCast):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::tryGetConstantClosureVar):
(JSC::DFG::Graph::tryGetFoldableView):
(JSC::DFG::Graph::getRegExpPrototypeProperty):
(JSC::DFG::Graph::isStringPrototypeMethodSane):
(JSC::DFG::Graph::canOptimizeStringObjectAccess):
* dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::tryGetStringImpl):
(JSC::DFG::LazyJSValue::tryGetString):
* dfg/DFGLazyJSValue.h:
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToPutStructureHint):
* dfg/DFGNode.h:
(JSC::DFG::Node::dynamicCastConstant):
(JSC::DFG::Node::castConstant):
* dfg/DFGOperations.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
(JSC::DFG::SpeculativeJIT::compileMaterializeNewObject):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileDirectCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileIn):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::lastChanceToFinalize):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
* heap/CodeBlockSet.h:
* heap/GCAssertions.h:
* heap/Heap.cpp:
(JSC::Heap::lastChanceToFinalize):
(JSC::Heap::protectedObjectTypeCounts):
(JSC::Heap::objectTypeCounts):
(JSC::Heap::deleteUnmarkedCompiledCode):
* heap/HeapSnapshotBuilder.cpp:
(JSC::HeapSnapshotBuilder::json):
* heap/SlotVisitor.cpp:
(JSC::validate):
* inspector/InjectedScriptHost.h:
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::reportAPIException):
* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::finishCreation):
(Inspector::JSInjectedScriptHost::isHTMLAllCollection):
(Inspector::JSInjectedScriptHost::subtype):
(Inspector::JSInjectedScriptHost::functionDetails):
(Inspector::JSInjectedScriptHost::getInternalProperties):
(Inspector::JSInjectedScriptHost::proxyTargetValue):
(Inspector::JSInjectedScriptHost::weakMapSize):
(Inspector::JSInjectedScriptHost::weakMapEntries):
(Inspector::JSInjectedScriptHost::weakSetSize):
(Inspector::JSInjectedScriptHost::weakSetEntries):
(Inspector::JSInjectedScriptHost::iteratorEntries):
* inspector/JSInjectedScriptHostPrototype.cpp:
(Inspector::JSInjectedScriptHostPrototype::finishCreation):
(Inspector::jsInjectedScriptHostPrototypeAttributeEvaluate):
(Inspector::jsInjectedScriptHostPrototypeFunctionInternalConstructorName):
(Inspector::jsInjectedScriptHostPrototypeFunctionIsHTMLAllCollection):
(Inspector::jsInjectedScriptHostPrototypeFunctionProxyTargetValue):
(Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapSize):
(Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapEntries):
(Inspector::jsInjectedScriptHostPrototypeFunctionWeakSetSize):
(Inspector::jsInjectedScriptHostPrototypeFunctionWeakSetEntries):
(Inspector::jsInjectedScriptHostPrototypeFunctionIteratorEntries):
(Inspector::jsInjectedScriptHostPrototypeFunctionEvaluateWithScopeExtension):
(Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
(Inspector::jsInjectedScriptHostPrototypeFunctionFunctionDetails):
(Inspector::jsInjectedScriptHostPrototypeFunctionGetInternalProperties):
* inspector/JSJavaScriptCallFrame.cpp:
(Inspector::JSJavaScriptCallFrame::finishCreation):
(Inspector::toJSJavaScriptCallFrame): Deleted.
* inspector/JSJavaScriptCallFrame.h:
* inspector/JSJavaScriptCallFramePrototype.cpp:
(Inspector::JSJavaScriptCallFramePrototype::finishCreation):
(Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluateWithScopeExtension):
(Inspector::jsJavaScriptCallFramePrototypeFunctionScopeDescriptions):
(Inspector::jsJavaScriptCallFrameAttributeCaller):
(Inspector::jsJavaScriptCallFrameAttributeSourceID):
(Inspector::jsJavaScriptCallFrameAttributeLine):
(Inspector::jsJavaScriptCallFrameAttributeColumn):
(Inspector::jsJavaScriptCallFrameAttributeFunctionName):
(Inspector::jsJavaScriptCallFrameAttributeScopeChain):
(Inspector::jsJavaScriptCallFrameAttributeThisObject):
(Inspector::jsJavaScriptCallFrameAttributeType):
(Inspector::jsJavaScriptCallFrameIsTailDeleted):
* inspector/ScriptArguments.cpp:
(Inspector::ScriptArguments::getFirstArgumentAsString):
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::getPreview):
* interpreter/Interpreter.cpp:
(JSC::notifyDebuggerOfUnwinding):
(JSC::Interpreter::unwind):
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
(JSC::Interpreter::execute):
* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::update):
* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::readFrame):
(JSC::StackVisitor::readNonInlinedFrame):
(JSC::StackVisitor::Frame::calleeSaveRegisters):
* jit/JITCode.cpp:
(JSC::JITCode::execute):
* jit/JITOperations.cpp:
(JSC::operationNewFunctionCommon):
* jit/Repatch.cpp:
(JSC::tryCacheGetByID):
* jsc.cpp:
(WTF::CustomGetter::customGetter):
(WTF::RuntimeArray::finishCreation):
(WTF::RuntimeArray::lengthGetter):
(WTF::DOMJITGetter::customGetter):
(WTF::DOMJITGetterComplex::DOMJITNodeDOMJIT::slowCall):
(WTF::DOMJITGetterComplex::functionEnableException):
(WTF::DOMJITGetterComplex::customGetter):
(WTF::DOMJITFunctionObject::safeFunction):
(functionDescribeArray):
(functionCreateElement):
(functionGetElement):
(functionSetElementRoot):
(functionGetHiddenValue):
(functionSetHiddenValue):
(functionSetImpureGetterDelegate):
(functionNoFTL):
(functionDollarEvalScript):
(functionDollarAgentBroadcast):
(functionTransferArrayBuffer):
(functionFindTypeForExpression):
(functionReturnTypeFor):
(functionHasBasicBlockExecuted):
(functionBasicBlockExecutionCount):
(functionEnsureArrayStorage):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::finishCreation):
* runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::transferTo):
* runtime/ArrayBuffer.h:
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::finishCreation):
(JSC::arrayConstructorPrivateFuncIsArraySlow):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):
* runtime/ArrayConstructor.h:
(JSC::isArrayConstructor): Deleted.
* runtime/ArrayIteratorPrototype.cpp:
(JSC::ArrayIteratorPrototype::finishCreation):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
* runtime/AsyncFunctionPrototype.cpp:
(JSC::AsyncFunctionPrototype::finishCreation):
* runtime/AtomicsObject.cpp:
(JSC::AtomicsObject::finishCreation):
(JSC::atomicsFuncWait):
(JSC::atomicsFuncWake):
* runtime/BooleanObject.cpp:
(JSC::BooleanObject::finishCreation):
* runtime/BooleanObject.h:
(JSC::asBooleanObject):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::finishCreation):
(JSC::booleanProtoFuncToString):
(JSC::booleanProtoFuncValueOf):
* runtime/ConsoleObject.cpp:
(JSC::ConsoleObject::finishCreation):
* runtime/DateConstructor.cpp:
(JSC::constructDate):
* runtime/DateInstance.cpp:
(JSC::DateInstance::finishCreation):
* runtime/DateInstance.h:
(JSC::asDateInstance):
* runtime/DatePrototype.cpp:
(JSC::formateDateInstance):
(JSC::DatePrototype::finishCreation):
(JSC::dateProtoFuncToISOString):
(JSC::dateProtoFuncToLocaleString):
(JSC::dateProtoFuncToLocaleDateString):
(JSC::dateProtoFuncToLocaleTimeString):
(JSC::dateProtoFuncGetTime):
(JSC::dateProtoFuncGetFullYear):
(JSC::dateProtoFuncGetUTCFullYear):
(JSC::dateProtoFuncGetMonth):
(JSC::dateProtoFuncGetUTCMonth):
(JSC::dateProtoFuncGetDate):
(JSC::dateProtoFuncGetUTCDate):
(JSC::dateProtoFuncGetDay):
(JSC::dateProtoFuncGetUTCDay):
(JSC::dateProtoFuncGetHours):
(JSC::dateProtoFuncGetUTCHours):
(JSC::dateProtoFuncGetMinutes):
(JSC::dateProtoFuncGetUTCMinutes):
(JSC::dateProtoFuncGetSeconds):
(JSC::dateProtoFuncGetUTCSeconds):
(JSC::dateProtoFuncGetMilliSeconds):
(JSC::dateProtoFuncGetUTCMilliseconds):
(JSC::dateProtoFuncGetTimezoneOffset):
(JSC::dateProtoFuncSetTime):
(JSC::setNewValueFromTimeArgs):
(JSC::setNewValueFromDateArgs):
(JSC::dateProtoFuncSetYear):
(JSC::dateProtoFuncGetYear):
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::finishCreation):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::finishCreation):
* runtime/ExceptionHelpers.cpp:
(JSC::isTerminatedExecutionException):
* runtime/ExceptionHelpers.h:
* runtime/ExecutableBase.cpp:
(JSC::ExecutableBase::clearCode):
(JSC::ExecutableBase::dump):
(JSC::ExecutableBase::hashFor):
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncToString):
* runtime/GeneratorFunctionPrototype.cpp:
(JSC::GeneratorFunctionPrototype::finishCreation):
* runtime/GeneratorPrototype.cpp:
(JSC::GeneratorPrototype::finishCreation):
* runtime/GetterSetter.h:
* runtime/InspectorInstrumentationObject.cpp:
(JSC::InspectorInstrumentationObject::finishCreation):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::finishCreation):
(JSC::InternalFunction::createSubclassStructure):
* runtime/InternalFunction.h:
(JSC::asInternalFunction):
* runtime/IntlCollator.cpp:
(JSC::IntlCollator::finishCreation):
* runtime/IntlCollatorPrototype.cpp:
(JSC::IntlCollatorPrototypeGetterCompare):
(JSC::IntlCollatorPrototypeFuncResolvedOptions):
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::finishCreation):
* runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::IntlDateTimeFormatPrototypeGetterFormat):
(JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::finishCreation):
* runtime/IntlNumberFormatPrototype.cpp:
(JSC::IntlNumberFormatPrototypeGetterFormat):
(JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
* runtime/IntlObject.cpp:
(JSC::IntlObject::finishCreation):
* runtime/IntlObjectInlines.h:
(JSC::constructIntlInstanceWithWorkaroundForLegacyIntlConstructor):
* runtime/IteratorPrototype.cpp:
(JSC::IteratorPrototype::finishCreation):
* runtime/JSArray.h:
(JSC::asArray):
(JSC::isJSArray):
* runtime/JSArrayBuffer.h:
(JSC::toPossiblySharedArrayBuffer):
(JSC::toUnsharedArrayBuffer):
(JSC::JSArrayBuffer::toWrapped):
* runtime/JSArrayBufferConstructor.cpp:
(JSC::arrayBufferFuncIsView):
* runtime/JSArrayBufferPrototype.cpp:
(JSC::arrayBufferProtoFuncSlice):
* runtime/JSArrayBufferView.h:
* runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::toWrapped):
* runtime/JSBoundFunction.cpp:
(JSC::isBoundFunction):
(JSC::getBoundFunctionStructure):
(JSC::JSBoundFunction::finishCreation):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::dumpForBacktrace):
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::inherits):
(JSC::JSValue::classInfoOrNull):
* runtime/JSCallee.cpp:
(JSC::JSCallee::finishCreation):
* runtime/JSCell.cpp:
(JSC::JSCell::dumpToStream):
(JSC::JSCell::className):
(JSC::JSCell::isAnyWasmCallee):
* runtime/JSCell.h:
(JSC::jsCast):
(JSC::jsDynamicCast):
* runtime/JSCellInlines.h:
(JSC::JSCell::methodTable):
(JSC::JSCell::inherits):
(JSC::JSCell::classInfo):
* runtime/JSCustomGetterSetterFunction.cpp:
(JSC::JSCustomGetterSetterFunction::finishCreation):
* runtime/JSDataViewPrototype.cpp:
(JSC::getData):
(JSC::setData):
(JSC::dataViewProtoGetterBuffer):
(JSC::dataViewProtoGetterByteLength):
(JSC::dataViewProtoGetterByteOffset):
* runtime/JSFunction.cpp:
(JSC::JSFunction::finishCreation):
(JSC::JSFunction::allocateAndInitializeRareData):
(JSC::JSFunction::initializeRareData):
(JSC::RetrieveArgumentsFunctor::RetrieveArgumentsFunctor):
(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
(JSC::RetrieveCallerFunctionFunctor::operator()):
(JSC::JSFunction::callerGetter):
(JSC::JSFunction::getOwnNonIndexPropertyNames):
(JSC::getCalculatedDisplayName):
(JSC::JSFunction::reifyBoundNameIfNeeded):
* runtime/JSGenericTypedArrayView.h:
(JSC::toPossiblySharedNativeTypedView):
(JSC::toUnsharedNativeTypedView):
(JSC::JSGenericTypedArrayView<Adaptor>::toWrapped):
* runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::constructGenericTypedArrayViewWithArguments):
(JSC::constructGenericTypedArrayView):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::set):
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::speciesConstruct):
(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewProtoFuncSlice):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
* runtime/JSGenericTypedArrayViewPrototypeInlines.h:
(JSC::JSGenericTypedArrayViewPrototype<ViewClass>::finishCreation):
* runtime/JSGlobalObject.cpp:
(JSC::getTemplateObject):
(JSC::enqueueJob):
(JSC::JSGlobalObject::init):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):
* runtime/JSInternalPromiseDeferred.cpp:
(JSC::JSInternalPromiseDeferred::create):
* runtime/JSLexicalEnvironment.h:
(JSC::asActivation):
* runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::finishCreation):
(JSC::JSModuleLoader::evaluate):
(JSC::JSModuleLoader::getModuleNamespaceObject):
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::finishCreation):
(JSC::moduleNamespaceObjectSymbolIterator):
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::finishCreation):
* runtime/JSNativeStdFunction.cpp:
(JSC::JSNativeStdFunction::finishCreation):
* runtime/JSONObject.cpp:
(JSC::JSONObject::finishCreation):
(JSC::unwrapBoxedPrimitive):
(JSC::Stringifier::Stringifier):
(JSC::Walker::walk):
* runtime/JSObject.cpp:
(JSC::JSObject::className):
(JSC::JSObject::toStringName):
(JSC::JSObject::calculatedClassName):
(JSC::JSObject::putInlineSlow):
(JSC::JSObject::ensureInt32Slow):
(JSC::JSObject::ensureDoubleSlow):
(JSC::JSObject::ensureContiguousSlow):
(JSC::JSObject::ensureArrayStorageSlow):
(JSC::JSObject::deleteProperty):
(JSC::JSObject::getOwnStaticPropertySlot):
(JSC::JSObject::findPropertyHashEntry):
(JSC::JSObject::getOwnNonIndexPropertyNames):
(JSC::JSObject::reifyAllStaticProperties):
(JSC::JSObject::getOwnPropertyDescriptor):
* runtime/JSObject.h:
(JSC::JSObject::finishCreation):
(JSC::JSNonFinalObject::finishCreation):
(JSC::JSFinalObject::finishCreation):
* runtime/JSPromiseDeferred.cpp:
(JSC::JSPromiseDeferred::create):
* runtime/JSPropertyNameIterator.cpp:
(JSC::JSPropertyNameIterator::finishCreation):
(JSC::propertyNameIteratorFuncNext):
* runtime/JSScope.cpp:
(JSC::JSScope::symbolTable):
* runtime/JSScope.h:
* runtime/JSString.cpp:
(JSC::JSString::dumpToStream):
* runtime/JSStringIterator.cpp:
(JSC::JSStringIterator::finishCreation):
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::typedArrayViewPrivateFuncIsTypedArrayView):
(JSC::typedArrayViewPrivateFuncLength):
(JSC::typedArrayViewPrivateFuncGetOriginalConstructor):
(JSC::typedArrayViewProtoGetterFuncToStringTag):
(JSC::JSTypedArrayViewPrototype::finishCreation):
* runtime/LazyClassStructure.cpp:
(JSC::LazyClassStructure::Initializer::setConstructor):
* runtime/Lookup.h:
(JSC::putEntry):
* runtime/MapConstructor.cpp:
(JSC::MapConstructor::finishCreation):
* runtime/MapIteratorPrototype.cpp:
(JSC::MapIteratorPrototype::finishCreation):
(JSC::MapIteratorPrototypeFuncNext):
* runtime/MapPrototype.cpp:
(JSC::MapPrototype::finishCreation):
(JSC::mapProtoFuncValues):
(JSC::mapProtoFuncEntries):
(JSC::mapProtoFuncKeys):
(JSC::privateFuncMapIterator):
(JSC::privateFuncMapIteratorNext):
* runtime/MathObject.cpp:
(JSC::MathObject::finishCreation):
* runtime/ModuleLoaderPrototype.cpp:
(JSC::moduleLoaderPrototypeParseModule):
(JSC::moduleLoaderPrototypeRequestedModules):
(JSC::moduleLoaderPrototypeModuleDeclarationInstantiation):
(JSC::moduleLoaderPrototypeResolve):
(JSC::moduleLoaderPrototypeFetch):
(JSC::moduleLoaderPrototypeInstantiate):
(JSC::moduleLoaderPrototypeGetModuleNamespaceObject):
(JSC::moduleLoaderPrototypeEvaluate):
* runtime/NativeErrorConstructor.cpp:
(JSC::NativeErrorConstructor::finishCreation):
* runtime/NumberConstructor.cpp:
(JSC::NumberConstructor::finishCreation):
* runtime/NumberObject.cpp:
(JSC::NumberObject::finishCreation):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::finishCreation):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::finishCreation):
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::finishCreation):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::toStringName):
(JSC::ProxyObject::finishCreation):
* runtime/ReflectObject.cpp:
(JSC::ReflectObject::finishCreation):
(JSC::reflectObjectConstruct):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::finishCreation):
(JSC::setRegExpConstructorInput):
(JSC::setRegExpConstructorMultiline):
(JSC::constructRegExp):
* runtime/RegExpConstructor.h:
(JSC::asRegExpConstructor):
(JSC::isRegExp):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::finishCreation):
* runtime/RegExpObject.h:
(JSC::asRegExpObject):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncTestFast):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncMatchFast):
(JSC::regExpProtoFuncCompile):
(JSC::regExpProtoGetterGlobal):
(JSC::regExpProtoGetterIgnoreCase):
(JSC::regExpProtoGetterMultiline):
(JSC::regExpProtoGetterSticky):
(JSC::regExpProtoGetterUnicode):
(JSC::regExpProtoGetterSource):
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::processUnverifiedStackTraces):
* runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ScriptExecutable::newReplacementCodeBlockFor):
* runtime/SetConstructor.cpp:
(JSC::SetConstructor::finishCreation):
* runtime/SetIteratorPrototype.cpp:
(JSC::SetIteratorPrototype::finishCreation):
(JSC::SetIteratorPrototypeFuncNext):
* runtime/SetPrototype.cpp:
(JSC::SetPrototype::finishCreation):
(JSC::setProtoFuncValues):
(JSC::setProtoFuncEntries):
(JSC::privateFuncSetIterator):
(JSC::privateFuncSetIteratorNext):
* runtime/StackFrame.cpp:
(JSC::StackFrame::sourceURL):
(JSC::StackFrame::functionName):
* runtime/StringIteratorPrototype.cpp:
(JSC::StringIteratorPrototype::finishCreation):
* runtime/StringObject.cpp:
(JSC::StringObject::finishCreation):
* runtime/StringObject.h:
(JSC::asStringObject):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
(JSC::replace):
(JSC::stringProtoFuncReplaceUsingRegExp):
(JSC::stringProtoFuncToString):
* runtime/StructureRareData.cpp:
(JSC::StructureRareData::setObjectToStringValue):
* runtime/Symbol.cpp:
(JSC::Symbol::finishCreation):
* runtime/SymbolConstructor.cpp:
(JSC::SymbolConstructor::finishCreation):
* runtime/SymbolObject.cpp:
(JSC::SymbolObject::finishCreation):
* runtime/SymbolPrototype.cpp:
(JSC::SymbolPrototype::finishCreation):
(JSC::symbolProtoFuncToString):
(JSC::symbolProtoFuncValueOf):
* runtime/TestRunnerUtils.cpp:
(JSC::getExecutableForFunction):
* runtime/ThrowScope.cpp:
(JSC::ThrowScope::throwException):
* runtime/VM.cpp:
(JSC::VM::throwException):
* runtime/WeakMapConstructor.cpp:
(JSC::WeakMapConstructor::finishCreation):
* runtime/WeakMapPrototype.cpp:
(JSC::WeakMapPrototype::finishCreation):
(JSC::getWeakMapData):
* runtime/WeakSetConstructor.cpp:
(JSC::WeakSetConstructor::finishCreation):
* runtime/WeakSetPrototype.cpp:
(JSC::WeakSetPrototype::finishCreation):
(JSC::getWeakMapData):
* tools/JSDollarVMPrototype.cpp:
(JSC::codeBlockFromArg):
* wasm/JSWebAssembly.cpp:
(JSC::JSWebAssembly::finishCreation):
* wasm/js/JSWebAssemblyHelpers.h:
(JSC::getWasmBufferFromValue):
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::finishCreation):
* wasm/js/JSWebAssemblyMemory.cpp:
(JSC::JSWebAssemblyMemory::grow):
(JSC::JSWebAssemblyMemory::finishCreation):
(JSC::JSWebAssemblyMemory::destroy):
(JSC::JSWebAssemblyMemory::~JSWebAssemblyMemory): Deleted.
* wasm/js/JSWebAssemblyMemory.h:
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::finishCreation):
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::finishCreation):
* wasm/js/WebAssemblyFunction.cpp:
(JSC::callWebAssemblyFunction):
(JSC::WebAssemblyFunction::finishCreation):
* wasm/js/WebAssemblyInstanceConstructor.cpp:
(JSC::constructJSWebAssemblyInstance):
* wasm/js/WebAssemblyMemoryPrototype.cpp:
(JSC::getMemory):
* wasm/js/WebAssemblyModulePrototype.cpp:
(JSC::webAssemblyModuleProtoCustomSections):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::finishCreation):
* wasm/js/WebAssemblyTablePrototype.cpp:
(JSC::getTable):
(JSC::webAssemblyTableProtoFuncSet):
Source/WebCore:
* Modules/fetch/FetchBody.cpp:
(WebCore::FetchBody::extract):
* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::installReplacement):
* bindings/js/IDBBindingUtilities.cpp:
(WebCore::createIDBKeyFromValue):
* bindings/js/JSCommandLineAPIHostCustom.cpp:
(WebCore::JSCommandLineAPIHost::getEventListeners):
(WebCore::JSCommandLineAPIHost::databaseId):
(WebCore::JSCommandLineAPIHost::storageId):
* bindings/js/JSCryptoAlgorithmDictionary.cpp:
(WebCore::JSCryptoAlgorithmDictionary::parseAlgorithmIdentifier):
(WebCore::createRsaKeyGenParams):
* bindings/js/JSCryptoCustom.cpp:
(WebCore::JSCrypto::getRandomValues):
* bindings/js/JSCryptoOperationData.cpp:
(WebCore::cryptoOperationDataFromJSValue):
* bindings/js/JSCustomElementInterface.cpp:
(WebCore::constructCustomElementSynchronously):
(WebCore::JSCustomElementInterface::upgradeElement):
* bindings/js/JSDOMBinding.cpp:
(WebCore::valueToDate):
(WebCore::reportException):
(WebCore::retrieveErrorMessage):
* bindings/js/JSDOMBinding.h:
(WebCore::castThisValue):
(WebCore::toPossiblySharedArrayBufferView):
(WebCore::toUnsharedArrayBufferView):
(WebCore::toPossiblySharedInt8Array):
(WebCore::toPossiblySharedInt16Array):
(WebCore::toPossiblySharedInt32Array):
(WebCore::toPossiblySharedUint8Array):
(WebCore::toPossiblySharedUint8ClampedArray):
(WebCore::toPossiblySharedUint16Array):
(WebCore::toPossiblySharedUint32Array):
(WebCore::toPossiblySharedFloat32Array):
(WebCore::toPossiblySharedFloat64Array):
(WebCore::toUnsharedInt8Array):
(WebCore::toUnsharedInt16Array):
(WebCore::toUnsharedInt32Array):
(WebCore::toUnsharedUint8Array):
(WebCore::toUnsharedUint8ClampedArray):
(WebCore::toUnsharedUint16Array):
(WebCore::toUnsharedUint32Array):
(WebCore::toUnsharedFloat32Array):
(WebCore::toUnsharedFloat64Array):
(WebCore::toRefNativeArray):
* bindings/js/JSDOMConstructor.h:
(WebCore::JSDOMConstructorNotConstructable<JSClass>::finishCreation):
(WebCore::JSDOMConstructor<JSClass>::finishCreation):
(WebCore::JSDOMNamedConstructor<JSClass>::finishCreation):
(WebCore::JSBuiltinConstructor<JSClass>::finishCreation):
* bindings/js/JSDOMConvert.h:
(WebCore::Converter<IDLInterface<T>>::convert):
(WebCore::Converter<IDLXPathNSResolver<T>>::convert):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::finishCreation):
(WebCore::JSDOMGlobalObject::scriptExecutionContext):
* bindings/js/JSDOMIterator.h:
(WebCore::IteratorTraits>::next):
(WebCore::IteratorTraits>::finishCreation):
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::finishCreation):
(WebCore::toJSDOMWindow):
* bindings/js/JSDOMWindowBase.h:
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::jsDOMWindowWebKit):
(WebCore::JSDOMWindow::toWrapped):
* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::finishCreation):
(WebCore::JSDOMWindowShell::toWrapped):
* bindings/js/JSDOMWindowShell.h:
* bindings/js/JSDocumentCustom.cpp:
(WebCore::cachedDocumentWrapper):
(WebCore::JSDocument::createTouchList):
* bindings/js/JSDynamicDowncast.h:
(WebCore::JSDynamicCastTrait::cast):
(WebCore::JSDynamicCastTrait<JSNode>::cast):
(WebCore::JSDynamicCastTrait<JSElement>::cast):
(WebCore::JSDynamicCastTrait<JSDocument>::cast):
(WebCore::JSDynamicCastTrait<JSEvent>::cast):
(WebCore::jsDynamicDowncast):
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::handleEvent):
* bindings/js/JSEventTargetCustom.cpp:
(WebCore::JSEventTarget::toWrapped):
(WebCore::jsEventTargetCast):
* bindings/js/JSEventTargetCustom.h:
(WebCore::BindingCaller<JSEventTarget>::callOperation):
* bindings/js/JSExceptionBase.cpp:
(WebCore::toExceptionBase):
* bindings/js/JSExceptionBase.h:
* bindings/js/JSInspectorFrontendHostCustom.cpp:
(WebCore::populateContextMenuItems):
(WebCore::JSInspectorFrontendHost::showContextMenu):
* bindings/js/JSNodeCustom.cpp:
(WebCore::JSNode::insertBefore):
(WebCore::JSNode::replaceChild):
(WebCore::JSNode::removeChild):
(WebCore::JSNode::appendChild):
(WebCore::JSNode::pushEventHandlerScope):
* bindings/js/JSPluginElementFunctions.cpp:
(WebCore::pluginElementPropertyGetter):
* bindings/js/JSReadableStreamPrivateConstructors.cpp:
(WebCore::constructJSReadableStreamDefaultReader):
* bindings/js/JSReadableStreamSourceCustom.cpp:
(WebCore::startReadableStream):
(WebCore::JSReadableStreamSource::start):
(WebCore::pullReadableStream):
* bindings/js/JSSubtleCryptoCustom.cpp:
(WebCore::toCryptoKey):
(WebCore::jsSubtleCryptoFunctionEncryptPromise):
(WebCore::jsSubtleCryptoFunctionDecryptPromise):
(WebCore::jsSubtleCryptoFunctionSignPromise):
(WebCore::jsSubtleCryptoFunctionVerifyPromise):
(WebCore::jsSubtleCryptoFunctionDigestPromise):
(WebCore::jsSubtleCryptoFunctionWrapKeyPromise):
(WebCore::jsSubtleCryptoFunctionUnwrapKeyPromise):
* bindings/js/JSTrackCustom.cpp:
(WebCore::toTrack): Deleted.
* bindings/js/JSTrackCustom.h:
* bindings/js/JSWebKitSubtleCryptoCustom.cpp:
(WebCore::JSWebKitSubtleCrypto::encrypt):
(WebCore::JSWebKitSubtleCrypto::decrypt):
(WebCore::JSWebKitSubtleCrypto::sign):
(WebCore::JSWebKitSubtleCrypto::verify):
(WebCore::JSWebKitSubtleCrypto::exportKey):
(WebCore::JSWebKitSubtleCrypto::wrapKey):
(WebCore::JSWebKitSubtleCrypto::unwrapKey):
* bindings/js/JSWorkerGlobalScopeBase.cpp:
(WebCore::JSWorkerGlobalScopeBase::finishCreation):
(WebCore::toJSDedicatedWorkerGlobalScope):
(WebCore::toJSWorkerGlobalScope):
* bindings/js/JSWorkerGlobalScopeBase.h:
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::send):
* bindings/js/JSXPathNSResolverCustom.cpp:
(WebCore::JSXPathNSResolver::toWrapped):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::setupModuleScriptHandlers):
* bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::fetch):
(WebCore::ScriptModuleLoader::evaluate):
* bindings/js/ScriptState.cpp:
(WebCore::domWindowFromExecState):
(WebCore::scriptExecutionContextFromExecState):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::isArray):
(WebCore::CloneSerializer::isMap):
(WebCore::CloneSerializer::isSet):
(WebCore::CloneSerializer::dumpArrayBufferView):
(WebCore::CloneSerializer::dumpIfTerminal):
(WebCore::CloneSerializer::serialize):
(WebCore::CloneDeserializer::CloneDeserializer):
(WebCore::CloneDeserializer::readArrayBufferView):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::transferArrayBuffers):
(WebCore::SerializedScriptValue::create):
* bindings/js/StructuredClone.cpp:
(WebCore::structuredCloneArrayBuffer):
(WebCore::structuredCloneArrayBufferView):
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::evaluate):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateOverloadedFunctionOrConstructor):
(GenerateImplementation):
* bindings/scripts/test/JS/JSInterfaceName.cpp:
(WebCore::JSInterfaceName::finishCreation):
(WebCore::jsInterfaceNameConstructor):
(WebCore::setJSInterfaceNameConstructor):
(WebCore::JSInterfaceName::toWrapped):
* bindings/scripts/test/JS/JSInterfaceName.h:
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::JSTestActiveDOMObject::finishCreation):
(WebCore::BindingCaller<JSTestActiveDOMObject>::castForAttribute):
(WebCore::BindingCaller<JSTestActiveDOMObject>::castForOperation):
(WebCore::jsTestActiveDOMObjectConstructor):
(WebCore::setJSTestActiveDOMObjectConstructor):
(WebCore::JSTestActiveDOMObject::toWrapped):
* bindings/scripts/test/JS/JSTestActiveDOMObject.h:
* bindings/scripts/test/JS/JSTestCEReactions.cpp:
(WebCore::JSTestCEReactions::finishCreation):
(WebCore::BindingCaller<JSTestCEReactions>::castForAttribute):
(WebCore::BindingCaller<JSTestCEReactions>::castForOperation):
(WebCore::jsTestCEReactionsConstructor):
(WebCore::setJSTestCEReactionsConstructor):
(WebCore::JSTestCEReactions::toWrapped):
* bindings/scripts/test/JS/JSTestCEReactions.h:
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
(WebCore::JSTestCEReactionsStringifier::finishCreation):
(WebCore::BindingCaller<JSTestCEReactionsStringifier>::castForAttribute):
(WebCore::BindingCaller<JSTestCEReactionsStringifier>::castForOperation):
(WebCore::jsTestCEReactionsStringifierConstructor):
(WebCore::setJSTestCEReactionsStringifierConstructor):
(WebCore::JSTestCEReactionsStringifier::toWrapped):
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.h:
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
(WebCore::JSTestClassWithJSBuiltinConstructor::finishCreation):
(WebCore::jsTestClassWithJSBuiltinConstructorConstructor):
(WebCore::setJSTestClassWithJSBuiltinConstructorConstructor):
(WebCore::JSTestClassWithJSBuiltinConstructor::toWrapped):
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
(WebCore::JSTestCustomConstructorWithNoInterfaceObject::finishCreation):
(WebCore::jsTestCustomConstructorWithNoInterfaceObjectConstructor):
(WebCore::setJSTestCustomConstructorWithNoInterfaceObjectConstructor):
(WebCore::JSTestCustomConstructorWithNoInterfaceObject::toWrapped):
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
(WebCore::JSTestCustomNamedGetter::finishCreation):
(WebCore::BindingCaller<JSTestCustomNamedGetter>::castForOperation):
(WebCore::jsTestCustomNamedGetterConstructor):
(WebCore::setJSTestCustomNamedGetterConstructor):
(WebCore::JSTestCustomNamedGetter::toWrapped):
* bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
(WebCore::JSTestDOMJIT::finishCreation):
(WebCore::BindingCaller<JSTestDOMJIT>::castForAttribute):
(WebCore::BindingCaller<JSTestDOMJIT>::castForOperation):
(WebCore::jsTestDOMJITConstructor):
(WebCore::setJSTestDOMJITConstructor):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructor::finishCreation):
(WebCore::BindingCaller<JSTestEventConstructor>::castForAttribute):
(WebCore::jsTestEventConstructorConstructor):
(WebCore::setJSTestEventConstructorConstructor):
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::JSTestEventTarget::finishCreation):
(WebCore::BindingCaller<JSTestEventTarget>::castForOperation):
(WebCore::jsTestEventTargetConstructor):
(WebCore::setJSTestEventTargetConstructor):
(WebCore::JSTestEventTarget::toWrapped):
* bindings/scripts/test/JS/JSTestEventTarget.h:
* bindings/scripts/test/JS/JSTestException.cpp:
(WebCore::JSTestException::finishCreation):
(WebCore::BindingCaller<JSTestException>::castForAttribute):
(WebCore::jsTestExceptionConstructor):
(WebCore::setJSTestExceptionConstructor):
(WebCore::JSTestException::toWrapped):
* bindings/scripts/test/JS/JSTestException.h:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
(WebCore::JSTestGenerateIsReachable::finishCreation):
(WebCore::jsTestGenerateIsReachableConstructor):
(WebCore::setJSTestGenerateIsReachableConstructor):
(WebCore::JSTestGenerateIsReachable::toWrapped):
* bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
(WebCore::JSTestGlobalObject::finishCreation):
(WebCore::BindingCaller<JSTestGlobalObject>::castForAttribute):
(WebCore::BindingCaller<JSTestGlobalObject>::castForOperation):
(WebCore::jsTestGlobalObjectConstructor):
(WebCore::setJSTestGlobalObjectConstructor):
(WebCore::JSTestGlobalObject::toWrapped):
* bindings/scripts/test/JS/JSTestGlobalObject.h:
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterface::finishCreation):
(WebCore::BindingCaller<JSTestInterface>::castForAttribute):
(WebCore::BindingCaller<JSTestInterface>::castForOperation):
(WebCore::jsTestInterfaceConstructor):
(WebCore::setJSTestInterfaceConstructor):
(WebCore::JSTestInterface::toWrapped):
* bindings/scripts/test/JS/JSTestInterface.h:
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
(WebCore::JSTestInterfaceLeadingUnderscore::finishCreation):
(WebCore::BindingCaller<JSTestInterfaceLeadingUnderscore>::castForAttribute):
(WebCore::jsTestInterfaceLeadingUnderscoreConstructor):
(WebCore::setJSTestInterfaceLeadingUnderscoreConstructor):
(WebCore::JSTestInterfaceLeadingUnderscore::toWrapped):
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.h:
* bindings/scripts/test/JS/JSTestIterable.cpp:
(WebCore::JSTestIterable::finishCreation):
(WebCore::BindingCaller<JSTestIterable>::castForOperation):
(WebCore::jsTestIterableConstructor):
(WebCore::setJSTestIterableConstructor):
(WebCore::JSTestIterable::toWrapped):
* bindings/scripts/test/JS/JSTestIterable.h:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
(WebCore::JSTestJSBuiltinConstructor::finishCreation):
(WebCore::BindingCaller<JSTestJSBuiltinConstructor>::castForAttribute):
(WebCore::BindingCaller<JSTestJSBuiltinConstructor>::castForOperation):
(WebCore::jsTestJSBuiltinConstructorConstructor):
(WebCore::setJSTestJSBuiltinConstructorConstructor):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::JSTestMediaQueryListListener::finishCreation):
(WebCore::BindingCaller<JSTestMediaQueryListListener>::castForOperation):
(WebCore::jsTestMediaQueryListListenerConstructor):
(WebCore::setJSTestMediaQueryListListenerConstructor):
(WebCore::JSTestMediaQueryListListener::toWrapped):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::JSTestNamedConstructor::finishCreation):
(WebCore::jsTestNamedConstructorConstructor):
(WebCore::setJSTestNamedConstructorConstructor):
(WebCore::JSTestNamedConstructor::toWrapped):
* bindings/scripts/test/JS/JSTestNamedConstructor.h:
* bindings/scripts/test/JS/JSTestNode.cpp:
(WebCore::JSTestNode::finishCreation):
(WebCore::BindingCaller<JSTestNode>::castForAttribute):
(WebCore::BindingCaller<JSTestNode>::castForOperation):
(WebCore::jsTestNodeConstructor):
(WebCore::setJSTestNodeConstructor):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObj::finishCreation):
(WebCore::BindingCaller<JSTestObj>::castForAttribute):
(WebCore::BindingCaller<JSTestObj>::castForOperation):
(WebCore::jsTestObjConstructor):
(WebCore::setJSTestObjConstructor):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithDistinguishingUnion):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWith2DistinguishingUnions):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithNonDistinguishingUnion):
(WebCore::jsTestObjPrototypeFunctionOverloadWithNullableUnion):
(WebCore::jsTestObjPrototypeFunctionOverloadWithNullableNonDistinguishingParameter):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction):
(WebCore::JSTestObj::toWrapped):
* bindings/scripts/test/JS/JSTestObj.h:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
(WebCore::JSTestOverloadedConstructorsConstructor::construct):
(WebCore::JSTestOverloadedConstructors::finishCreation):
(WebCore::jsTestOverloadedConstructorsConstructor):
(WebCore::setJSTestOverloadedConstructorsConstructor):
(WebCore::JSTestOverloadedConstructors::toWrapped):
* bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
(WebCore::JSTestOverloadedConstructorsWithSequence::finishCreation):
(WebCore::jsTestOverloadedConstructorsWithSequenceConstructor):
(WebCore::setJSTestOverloadedConstructorsWithSequenceConstructor):
(WebCore::JSTestOverloadedConstructorsWithSequence::toWrapped):
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.h:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
(WebCore::JSTestOverrideBuiltins::finishCreation):
(WebCore::BindingCaller<JSTestOverrideBuiltins>::castForOperation):
(WebCore::jsTestOverrideBuiltinsConstructor):
(WebCore::setJSTestOverrideBuiltinsConstructor):
(WebCore::JSTestOverrideBuiltins::toWrapped):
* bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
* bindings/scripts/test/JS/JSTestSerialization.cpp:
(WebCore::JSTestSerialization::finishCreation):
(WebCore::BindingCaller<JSTestSerialization>::castForAttribute):
(WebCore::BindingCaller<JSTestSerialization>::castForOperation):
(WebCore::jsTestSerializationConstructor):
(WebCore::setJSTestSerializationConstructor):
(WebCore::JSTestSerialization::toWrapped):
* bindings/scripts/test/JS/JSTestSerialization.h:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterface::finishCreation):
(WebCore::BindingCaller<JSTestSerializedScriptValueInterface>::castForAttribute):
(WebCore::BindingCaller<JSTestSerializedScriptValueInterface>::castForOperation):
(WebCore::jsTestSerializedScriptValueInterfaceConstructor):
(WebCore::setJSTestSerializedScriptValueInterfaceConstructor):
(WebCore::JSTestSerializedScriptValueInterface::toWrapped):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::JSTestTypedefs::finishCreation):
(WebCore::BindingCaller<JSTestTypedefs>::castForAttribute):
(WebCore::BindingCaller<JSTestTypedefs>::castForOperation):
(WebCore::jsTestTypedefsConstructor):
(WebCore::setJSTestTypedefsConstructor):
(WebCore::JSTestTypedefs::toWrapped):
* bindings/scripts/test/JS/JSTestTypedefs.h:
* bridge/c/CRuntimeObject.cpp:
(JSC::Bindings::CRuntimeObject::finishCreation):
* bridge/c/c_instance.cpp:
(JSC::Bindings::CRuntimeMethod::finishCreation):
(JSC::Bindings::CInstance::invokeMethod):
* bridge/c/c_utility.cpp:
(JSC::Bindings::convertValueToNPVariant):
* bridge/objc/ObjCRuntimeObject.mm:
(JSC::Bindings::ObjCRuntimeObject::finishCreation):
* bridge/objc/WebScriptObject.mm:
(-[WebScriptObject setValue:forKey:]):
(+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
* bridge/objc/objc_instance.mm:
(ObjCRuntimeMethod::finishCreation):
(ObjcInstance::invokeMethod):
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcFallbackObjectImp::finishCreation):
(JSC::Bindings::callObjCFallbackObject):
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::finishCreation):
(JSC::RuntimeArray::lengthGetter):
* bridge/runtime_method.cpp:
(JSC::RuntimeMethod::finishCreation):
(JSC::RuntimeMethod::lengthGetter):
(JSC::callRuntimeMethod):
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::finishCreation):
(JSC::Bindings::callRuntimeObject):
(JSC::Bindings::callRuntimeConstructor):
* css/FontFace.cpp:
(WebCore::FontFace::create):
* html/HTMLMediaElement.cpp:
(WebCore::controllerJSValue):
(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
* inspector/InspectorController.cpp:
(WebCore::InspectorController::canAccessInspectedScriptState):
* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::buildObjectForEventListener):
(WebCore::InspectorDOMAgent::scriptValueAsNode):
* inspector/WebInjectedScriptHost.cpp:
(WebCore::WebInjectedScriptHost::subtype):
(WebCore::WebInjectedScriptHost::isHTMLAllCollection):
* inspector/WebInjectedScriptHost.h:
Source/WebKit/mac:
* DOM/DOM.mm:
(+[DOMNode _nodeFromJSWrapper:]):
* DOM/DOMUtility.mm:
(createDOMWrapper):
* DOM/WebDOMOperations.mm:
* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::getObjectID):
(WebKit::NetscapePluginInstanceProxy::retainLocalObject):
(WebKit::NetscapePluginInstanceProxy::releaseLocalObject):
* Plugins/Hosted/ProxyInstance.mm:
(WebKit::ProxyRuntimeMethod::finishCreation):
(WebKit::ProxyInstance::invokeMethod):
* Plugins/Hosted/ProxyRuntimeObject.mm:
(WebKit::ProxyRuntimeObject::finishCreation):
* WebView/WebFrame.mm:
(-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]):
* WebView/WebView.mm:
(+[WebView _reportException:inContext:]):
(aeDescFromJSValue):
(-[WebView _notificationIDForTesting:]):
Source/WebKit/win:
* WebFrame.cpp:
(WebFrame::stringByEvaluatingJavaScriptInScriptWorld):
* WebView.cpp:
(WebView::elementFromJS):
Source/WebKit2:
* WebProcess/Automation/WebAutomationSessionProxy.cpp:
(WebKit::WebAutomationSessionProxy::elementForNodeHandle):
* WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.cpp:
(WebKit::InjectedBundleNodeHandle::getOrCreate):
* WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:
(WebKit::InjectedBundleRangeHandle::getOrCreate):
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::reportException):
(WebKit::InjectedBundle::webNotificationID):
(WebKit::InjectedBundle::createWebDataFromUint8Array):
* WebProcess/Plugins/Netscape/JSNPMethod.cpp:
(WebKit::JSNPMethod::finishCreation):
(WebKit::callMethod):
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::finishCreation):
(WebKit::callNPJSObject):
(WebKit::constructWithConstructor):
* WebProcess/Plugins/Netscape/NPJSObject.cpp:
(WebKit::NPJSObject::create):
* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::getOrCreateNPObject):
* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::frameForContext):
(WebKit::WebFrame::counterValue):
Tools:
* DumpRenderTree/TestRunner.cpp:
(setAudioResultCallback):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211276 | carlosgc@webkit.org | 2017-01-27 08:26:40 +0000 (Fri, 27 Jan 2017) | 3 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/GCAssertions.h
Unreviewed. Fix GTK+ debug build after r211247.
* heap/GCAssertions.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211300 | fpizlo@apple.com | 2017-01-27 21:01:50 +0000 (Fri, 27 Jan 2017) | 17 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSVirtualMachine.mm
M /trunk/Source/JavaScriptCore/ChangeLog
scanExternalRememberedSet needs to mergeIfNecessary
https://bugs.webkit.org/show_bug.cgi?id=167523
Reviewed by Keith Miller.
The protocol for opaque roots is that if you add to them outside of draining, then you need to call
mergeIfNecessary.
This means that every MarkingConstraint that adds opaque roots needs to mergeIfNecessary after.
scanExternalRememberedSet transitively calls addOpaqueRoot, is called from a MarkingConstraint, and
was missing a call to mergeIfNecessary. This fixes it.
* API/JSVirtualMachine.mm:
(scanExternalRememberedSet):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211306 | utatane.tea@gmail.com | 2017-01-27 23:29:26 +0000 (Fri, 27 Jan 2017) | 14 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/create_hash_table
M /trunk/Source/JavaScriptCore/runtime/StringConstructor.cpp
Extend create_hash_table to specify Intrinsic
https://bugs.webkit.org/show_bug.cgi?id=167505
Reviewed by Sam Weinig.
This patch extends create_hash_table to specify Intrinsic.
We can set Intrinsic in the static property table definition
in runtime/XXX.h.
And drop the adhoc code for String.fromCharCode in create_hash_table.
* create_hash_table:
* runtime/StringConstructor.cpp:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211316 | sbarati@apple.com | 2017-01-28 01:04:06 +0000 (Sat, 28 Jan 2017) | 30 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorScriptProfilerAgent.cpp
M /trunk/Source/JavaScriptCore/runtime/Options.h
M /trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp
M /trunk/Source/JavaScriptCore/runtime/SamplingProfiler.h
Make the CLI for the sampling profiler better for inlined call site indices
https://bugs.webkit.org/show_bug.cgi?id=167482
Reviewed by Mark Lam.
This patches changes the command line interface for the sampling
profiler to also dump the machine frame that the semantic code
origin is in if the semantic code origin is inlined. This helps
when doing performance work because it's helpful to know the
context that an inlined frame is in. Before, we used to just
say it was in the baseline JIT if it didn't have its own optimized
compile. Now, we can tell that its inlined into a DFG or FTL frame.
* inspector/agents/InspectorScriptProfilerAgent.cpp:
(Inspector::buildSamples):
* runtime/Options.h:
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::processUnverifiedStackTraces):
(JSC::SamplingProfiler::reportTopFunctions):
(JSC::SamplingProfiler::reportTopBytecodes):
* runtime/SamplingProfiler.h:
(JSC::SamplingProfiler::StackFrame::CodeLocation::hasCodeBlockHash):
(JSC::SamplingProfiler::StackFrame::CodeLocation::hasBytecodeIndex):
(JSC::SamplingProfiler::StackFrame::CodeLocation::hasExpressionInfo):
(JSC::SamplingProfiler::StackFrame::hasExpressionInfo):
(JSC::SamplingProfiler::StackFrame::lineNumber):
(JSC::SamplingProfiler::StackFrame::columnNumber):
(JSC::SamplingProfiler::StackFrame::hasBytecodeIndex): Deleted.
(JSC::SamplingProfiler::StackFrame::hasCodeBlockHash): Deleted.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211317 | jmarcell@apple.com | 2017-01-28 01:50:28 +0000 (Sat, 28 Jan 2017) | 1 line
Changed paths:
M /trunk/Source/JavaScriptCore/Configurations/Version.xcconfig
M /trunk/Source/WebCore/Configurations/Version.xcconfig
M /trunk/Source/WebCore/PAL/Configurations/Version.xcconfig
M /trunk/Source/WebInspectorUI/Configurations/Version.xcconfig
M /trunk/Source/WebKit/mac/Configurations/Version.xcconfig
M /trunk/Source/WebKit2/Configurations/Version.xcconfig
Versioning.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211319 | utatane.tea@gmail.com | 2017-01-28 03:09:12 +0000 (Sat, 28 Jan 2017) | 82 lines
Changed paths:
M /trunk/JSTests/ChakraCore/test/es6/unicode_6_identifier_Blue524737.baseline-jsc
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/lift-template-literal.js
M /trunk/JSTests/stress/template-literal-syntax.js
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/inspector/runtime/parse-expected.txt
M /trunk/LayoutTests/js/unicode-escape-sequences-expected.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M /trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M /trunk/Source/JavaScriptCore/parser/ASTBuilder.h
M /trunk/Source/JavaScriptCore/parser/Lexer.cpp
M /trunk/Source/JavaScriptCore/parser/Lexer.h
M /trunk/Source/JavaScriptCore/parser/NodeConstructors.h
M /trunk/Source/JavaScriptCore/parser/Nodes.h
M /trunk/Source/JavaScriptCore/parser/Parser.cpp
M /trunk/Source/JavaScriptCore/parser/ParserTokens.h
M /trunk/Source/JavaScriptCore/parser/SyntaxChecker.h
M /trunk/Source/JavaScriptCore/runtime/TemplateRegistry.cpp
M /trunk/Source/JavaScriptCore/runtime/TemplateRegistryKey.h
M /trunk/Source/JavaScriptCore/runtime/TemplateRegistryKeyTable.cpp
M /trunk/Source/JavaScriptCore/runtime/TemplateRegistryKeyTable.h
Lift template escape sequence restrictions in tagged templates
https://bugs.webkit.org/show_bug.cgi?id=166871
Reviewed by Saam Barati.
JSTests:
Update the error messages and add new tests.
* ChakraCore/test/es6/unicode_6_identifier_Blue524737.baseline-jsc:
* stress/lift-template-literal.js: Added.
(dump):
(testTag.return.tag):
(testTag):
* stress/template-literal-syntax.js:
Source/JavaScriptCore:
This patch implements stage 3 Lifting Template Literal Restriction[1].
Prior to this patch, template literal becomes syntax error if it contains
invalid escape sequences. But it is too restricted; Template literal
can have cooked and raw representations and only cooked representation
can escape sequences. So even if invalid escape sequences are included,
the raw representation can be valid.
Lifting Template Literal Restriction relaxes the above restriction.
When invalid escape sequence is included, if target template literals
are used as tagged templates, we make the result of the template including
the invalid escape sequence `undefined` instead of making it SyntaxError
immediately. It allows us to accept the templates including invalid
escape sequences in the raw representations in tagged templates.
On the other hand, the raw representation is only used in tagged templates.
So if invalid escape sequences are included in the usual template literals,
we just make it SyntaxError as before.
[1]: https://github.com/tc39/proposal-template-literal-revision
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitGetTemplateObject):
* bytecompiler/NodesCodegen.cpp:
(JSC::TemplateStringNode::emitBytecode):
(JSC::TemplateLiteralNode::emitBytecode):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createTemplateString):
* parser/Lexer.cpp:
(JSC::Lexer<CharacterType>::parseUnicodeEscape):
(JSC::Lexer<T>::parseTemplateLiteral):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::scanTemplateString):
(JSC::Lexer<T>::scanTrailingTemplateString): Deleted.
* parser/Lexer.h:
* parser/NodeConstructors.h:
(JSC::TemplateStringNode::TemplateStringNode):
* parser/Nodes.h:
(JSC::TemplateStringNode::cooked):
(JSC::TemplateStringNode::raw):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseAssignmentElement):
(JSC::Parser<LexerType>::parseTemplateString):
(JSC::Parser<LexerType>::parseTemplateLiteral):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):
* parser/ParserTokens.h:
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createTemplateString):
* runtime/TemplateRegistry.cpp:
(JSC::TemplateRegistry::getTemplateObject):
* runtime/TemplateRegistryKey.h:
(JSC::TemplateRegistryKey::cookedStrings):
(JSC::TemplateRegistryKey::create):
(JSC::TemplateRegistryKey::TemplateRegistryKey):
* runtime/TemplateRegistryKeyTable.cpp:
(JSC::TemplateRegistryKeyTable::createKey):
* runtime/TemplateRegistryKeyTable.h:
LayoutTests:
Update the error messages.
* inspector/runtime/parse-expected.txt:
* js/unicode-escape-sequences-expected.txt:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211344 | commit-queue@webkit.org | 2017-01-29 00:39:45 +0000 (Sun, 29 Jan 2017) | 16 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/inspector/remote/RemoteInspector.h
M /trunk/Source/JavaScriptCore/inspector/remote/RemoteInspector.mm
Remote Inspector: Listing should be updated when a target gains or loses a debugger session
https://bugs.webkit.org/show_bug.cgi?id=167449
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-01-28
Reviewed by Brian Burg.
* inspector/remote/RemoteInspector.h:
* inspector/remote/RemoteInspector.mm:
(Inspector::RemoteInspector::setupFailed):
(Inspector::RemoteInspector::updateTargetListing):
(Inspector::RemoteInspector::receivedSetupMessage):
(Inspector::RemoteInspector::receivedDidCloseMessage):
(Inspector::RemoteInspector::receivedConnectionDiedMessage):
Whenever we add/remove a connection we should update the listing properties
for that target that corresponded to that connection. In this way group
updating active sessions, the target, and pushing listing together.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211345 | mattbaker@apple.com | 2017-01-29 01:02:22 +0000 (Sun, 29 Jan 2017) | 123 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/inspector/debugger/async-stack-trace-expected.txt
M /trunk/LayoutTests/inspector/debugger/async-stack-trace.html
A /trunk/LayoutTests/inspector/debugger/resources/log-active-stack-trace.js
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
A /trunk/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp
A /trunk/Source/JavaScriptCore/inspector/AsyncStackTrace.h (from /trunk/Source/WebInspectorUI/UserInterface/Views/ThreadTreeElement.css:211344)
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.h
M /trunk/Source/JavaScriptCore/inspector/protocol/Console.json
M /trunk/Source/WebInspectorUI/ChangeLog
M /trunk/Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js
M /trunk/Source/WebInspectorUI/UserInterface/Models/StackTrace.js
M /trunk/Source/WebInspectorUI/UserInterface/Views/ThreadTreeElement.css
M /trunk/Source/WebInspectorUI/UserInterface/Views/ThreadTreeElement.js
M /trunk/Source/WebInspectorUI/Versions/Inspector-iOS-10.3.json
Web Inspector: Need some limit on Async Call Stacks for async loops (rAF loops)
https://bugs.webkit.org/show_bug.cgi?id=165633
<rdar://problem/29738502>
Reviewed by Joseph Pecoraro.
Source/JavaScriptCore:
This patch limits the memory used by the Inspector backend to store async
stack trace data.
Asynchronous stack traces are stored as a disjoint set of parent pointer
trees. Tree nodes represent asynchronous operations, and hold a copy of
the stack trace at the time the operation was scheduled. Each tree can
be regarded as a set of stack traces, stored as singly linked lists that
share part of their structure (specifically their tails). Traces belonging
to the same tree will at least share a common root. A stack trace begins
at a leaf node and follows the chain of parent pointers to the root of
of the tree. Leaf nodes always contain pending asynchronous calls.
When an asynchronous operation is scheduled with requestAnimationFrame,
setInterval, etc, a node is created containing the current call stack and
some bookkeeping data for the operation. An unique identifier comprised
of an operation type and callback identifier is mapped to the node. If
scheduling the callback was itself the result of an asynchronous call,
the node becomes a child of the node associated with that call, otherwise
it becomes the root of a new tree.
A node is either `pending`, `active`, `dispatched`, or `canceled`. Nodes
start out as pending. After a callback for a pending node is dispatched
the node is marked as such, unless it is a repeating callback such as
setInterval, in which case it remains pending. Once a node is no longer
pending it is removed, as long as it has no children. Since nodes are
reference counted, it is a property of the stack trace tree that nodes
that are no longer pending and have no children pointing to them will be
automatically pruned from the tree.
If an async operation is canceled (e.g. cancelTimeout), the associated
node is marked as such. If the callback is not being dispatched at the
time, and has no children, it is removed.
Because async operations can be chained indefinitely, stack traces are
limited to a maximum depth. The depth of a stack trace is equal to the
sum of the depths of its nodes, with a node's depth equal to the number
of frames in its associated call stack. For any stack trace,
S = { s𝟶, s𝟷, …, s𝑘 }, with endpoints s𝟶, s𝑘
depth(S) = depth(s𝟶) + depth(s𝟷) + … + depth(s𝑘)
A stack trace is truncated when it exceeds the maximum depth. Truncation
occurs on node boundaries, not call frames, consequently the maximum depth
is more of a target than a guarantee:
d = maximum stack trace depth
for all S, depth(S) ≤ d + depth(s𝑘)
Because nodes can belong to multiple stack traces, it may be necessary
to clone the tail of a stack trace being truncated to prevent other traces
from being effected.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/AsyncStackTrace.cpp: Added.
(Inspector::AsyncStackTrace::create):
(Inspector::AsyncStackTrace::AsyncStackTrace):
(Inspector::AsyncStackTrace::~AsyncStackTrace):
(Inspector::AsyncStackTrace::isPending):
(Inspector::AsyncStackTrace::isLocked):
(Inspector::AsyncStackTrace::willDispatchAsyncCall):
(Inspector::AsyncStackTrace::didDispatchAsyncCall):
(Inspector::AsyncStackTrace::didCancelAsyncCall):
(Inspector::AsyncStackTrace::buildInspectorObject):
(Inspector::AsyncStackTrace::truncate):
(Inspector::AsyncStackTrace::remove):
* inspector/AsyncStackTrace.h:
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):
(Inspector::InspectorDebuggerAgent::didCancelAsyncCall):
(Inspector::InspectorDebuggerAgent::willDispatchAsyncCall):
(Inspector::InspectorDebuggerAgent::didDispatchAsyncCall):
(Inspector::InspectorDebuggerAgent::didPause):
(Inspector::InspectorDebuggerAgent::clearAsyncStackTraceData):
(Inspector::InspectorDebuggerAgent::buildAsyncStackTrace): Deleted.
(Inspector::InspectorDebuggerAgent::refAsyncCallData): Deleted.
(Inspector::InspectorDebuggerAgent::derefAsyncCallData): Deleted.
* inspector/agents/InspectorDebuggerAgent.h:
* inspector/protocol/Console.json:
Source/WebInspectorUI:
* Localizations/en.lproj/localizedStrings.js:
Text for "Truncated" marker tree element.
* UserInterface/Models/StackTrace.js:
(WebInspector.StackTrace):
(WebInspector.StackTrace.fromPayload):
(WebInspector.StackTrace.prototype.get truncated):
Plumbing for new Console.StackTrace property `truncated`.
* UserInterface/Views/ThreadTreeElement.css:
(.tree-outline > .item.thread + ol > .item.truncated-call-frames):
(.tree-outline > .item.thread + ol > .item.truncated-call-frames .icon):
Styles for "Truncated" marker tree element.
* UserInterface/Views/ThreadTreeElement.js:
(WebInspector.ThreadTreeElement.prototype.refresh):
Append "Truncated" marker tree element if necessary.
* Versions/Inspector-iOS-10.3.json:
LayoutTests:
Add truncation test cases and cleanup call frame logging.
* inspector/debugger/async-stack-trace-expected.txt:
* inspector/debugger/async-stack-trace.html:
* inspector/debugger/resources/log-active-stack-trace.js: Added.
(TestPage.registerInitializer.window.getActiveStackTrace):
(TestPage.registerInitializer.logStackTrace.logCallFrame):
(TestPage.registerInitializer.):
(TestPage.registerInitializer.window.logActiveStackTrace):
(TestPage.registerInitializer):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211381 | ryanhaddad@apple.com | 2017-01-30 20:08:29 +0000 (Mon, 30 Jan 2017) | 10 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/inspector/debugger/async-stack-trace-expected.txt
M /trunk/LayoutTests/inspector/debugger/async-stack-trace.html
D /trunk/LayoutTests/inspector/debugger/resources/log-active-stack-trace.js
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
D /trunk/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp
D /trunk/Source/JavaScriptCore/inspector/AsyncStackTrace.h
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.h
M /trunk/Source/JavaScriptCore/inspector/protocol/Console.json
M /trunk/Source/WebInspectorUI/ChangeLog
M /trunk/Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js
M /trunk/Source/WebInspectorUI/UserInterface/Models/StackTrace.js
M /trunk/Source/WebInspectorUI/UserInterface/Views/ThreadTreeElement.css
M /trunk/Source/WebInspectorUI/UserInterface/Views/ThreadTreeElement.js
M /trunk/Source/WebInspectorUI/Versions/Inspector-iOS-10.3.json
Unreviewed, rolling out r211345.
The LayoutTest for this change is failing an assertion.
Reverted changeset:
"Web Inspector: Need some limit on Async Call Stacks for async
loops (rAF loops)"
https://bugs.webkit.org/show_bug.cgi?id=165633
http://trac.webkit.org/changeset/211345
------------------------------------------------------------------------
------------------------------------------------------------------------
r211385 | mattbaker@apple.com | 2017-01-30 22:01:07 +0000 (Mon, 30 Jan 2017) | 123 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/inspector/debugger/async-stack-trace-expected.txt
M /trunk/LayoutTests/inspector/debugger/async-stack-trace.html
A /trunk/LayoutTests/inspector/debugger/resources/log-active-stack-trace.js
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
A /trunk/Source/JavaScriptCore/inspector/AsyncStackTrace.cpp
A /trunk/Source/JavaScriptCore/inspector/AsyncStackTrace.h (from /trunk/Source/WebInspectorUI/UserInterface/Views/ThreadTreeElement.css:211382)
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.h
M /trunk/Source/JavaScriptCore/inspector/protocol/Console.json
M /trunk/Source/WebInspectorUI/ChangeLog
M /trunk/Source/WebInspectorUI/Localizations/en.lproj/localizedStrings.js
M /trunk/Source/WebInspectorUI/UserInterface/Models/StackTrace.js
M /trunk/Source/WebInspectorUI/UserInterface/Views/ThreadTreeElement.css
M /trunk/Source/WebInspectorUI/UserInterface/Views/ThreadTreeElement.js
M /trunk/Source/WebInspectorUI/Versions/Inspector-iOS-10.3.json
Web Inspector: Need some limit on Async Call Stacks for async loops (rAF loops)
https://bugs.webkit.org/show_bug.cgi?id=165633
<rdar://problem/29738502>
Reviewed by Joseph Pecoraro.
Source/JavaScriptCore:
This patch limits the memory used by the Inspector backend to store async
stack trace data.
Asynchronous stack traces are stored as a disjoint set of parent pointer
trees. Tree nodes represent asynchronous operations, and hold a copy of
the stack trace at the time the operation was scheduled. Each tree can
be regarded as a set of stack traces, stored as singly linked lists that
share part of their structure (specifically their tails). Traces belonging
to the same tree will at least share a common root. A stack trace begins
at a leaf node and follows the chain of parent pointers to the root of
of the tree. Leaf nodes always contain pending asynchronous calls.
When an asynchronous operation is scheduled with requestAnimationFrame,
setInterval, etc, a node is created containing the current call stack and
some bookkeeping data for the operation. An unique identifier comprised
of an operation type and callback identifier is mapped to the node. If
scheduling the callback was itself the result of an asynchronous call,
the node becomes a child of the node associated with that call, otherwise
it becomes the root of a new tree.
A node is either `pending`, `active`, `dispatched`, or `canceled`. Nodes
start out as pending. After a callback for a pending node is dispatched
the node is marked as such, unless it is a repeating callback such as
setInterval, in which case it remains pending. Once a node is no longer
pending it is removed, as long as it has no children. Since nodes are
reference counted, it is a property of the stack trace tree that nodes
that are no longer pending and have no children pointing to them will be
automatically pruned from the tree.
If an async operation is canceled (e.g. cancelTimeout), the associated
node is marked as such. If the callback is not being dispatched at the
time, and has no children, it is removed.
Because async operations can be chained indefinitely, stack traces are
limited to a maximum depth. The depth of a stack trace is equal to the
sum of the depths of its nodes, with a node's depth equal to the number
of frames in its associated call stack. For any stack trace,
S = { s𝟶, s𝟷, …, s𝑘 }, with endpoints s𝟶, s𝑘
depth(S) = depth(s𝟶) + depth(s𝟷) + … + depth(s𝑘)
A stack trace is truncated when it exceeds the maximum depth. Truncation
occurs on node boundaries, not call frames, consequently the maximum depth
is more of a target than a guarantee:
d = maximum stack trace depth
for all S, depth(S) ≤ d + depth(s𝑘)
Because nodes can belong to multiple stack traces, it may be necessary
to clone the tail of a stack trace being truncated to prevent other traces
from being effected.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/AsyncStackTrace.cpp: Added.
(Inspector::AsyncStackTrace::create):
(Inspector::AsyncStackTrace::AsyncStackTrace):
(Inspector::AsyncStackTrace::~AsyncStackTrace):
(Inspector::AsyncStackTrace::isPending):
(Inspector::AsyncStackTrace::isLocked):
(Inspector::AsyncStackTrace::willDispatchAsyncCall):
(Inspector::AsyncStackTrace::didDispatchAsyncCall):
(Inspector::AsyncStackTrace::didCancelAsyncCall):
(Inspector::AsyncStackTrace::buildInspectorObject):
(Inspector::AsyncStackTrace::truncate):
(Inspector::AsyncStackTrace::remove):
* inspector/AsyncStackTrace.h:
* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::didScheduleAsyncCall):
(Inspector::InspectorDebuggerAgent::didCancelAsyncCall):
(Inspector::InspectorDebuggerAgent::willDispatchAsyncCall):
(Inspector::InspectorDebuggerAgent::didDispatchAsyncCall):
(Inspector::InspectorDebuggerAgent::didPause):
(Inspector::InspectorDebuggerAgent::clearAsyncStackTraceData):
(Inspector::InspectorDebuggerAgent::buildAsyncStackTrace): Deleted.
(Inspector::InspectorDebuggerAgent::refAsyncCallData): Deleted.
(Inspector::InspectorDebuggerAgent::derefAsyncCallData): Deleted.
* inspector/agents/InspectorDebuggerAgent.h:
* inspector/protocol/Console.json:
Source/WebInspectorUI:
* Localizations/en.lproj/localizedStrings.js:
Text for "Truncated" marker tree element.
* UserInterface/Models/StackTrace.js:
(WebInspector.StackTrace):
(WebInspector.StackTrace.fromPayload):
(WebInspector.StackTrace.prototype.get truncated):
Plumbing for new Console.StackTrace property `truncated`.
* UserInterface/Views/ThreadTreeElement.css:
(.tree-outline > .item.thread + ol > .item.truncated-call-frames):
(.tree-outline > .item.thread + ol > .item.truncated-call-frames .icon):
Styles for "Truncated" marker tree element.
* UserInterface/Views/ThreadTreeElement.js:
(WebInspector.ThreadTreeElement.prototype.refresh):
Append "Truncated" marker tree element if necessary.
* Versions/Inspector-iOS-10.3.json:
LayoutTests:
Add truncation test cases and cleanup call frame logging.
* inspector/debugger/async-stack-trace-expected.txt:
* inspector/debugger/async-stack-trace.html:
* inspector/debugger/resources/log-active-stack-trace.js: Added.
(TestPage.registerInitializer.window.getActiveStackTrace):
(TestPage.registerInitializer.logStackTrace.logCallFrame):
(TestPage.registerInitializer.):
(TestPage.registerInitializer.window.logActiveStackTrace):
(TestPage.registerInitializer):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211406 | joepeck@webkit.org | 2017-01-31 06:21:35 +0000 (Tue, 31 Jan 2017) | 127 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
A /trunk/LayoutTests/performance-api
A /trunk/LayoutTests/performance-api/performance-observer-api-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-api.html
A /trunk/LayoutTests/performance-api/performance-observer-basic-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-basic.html
A /trunk/LayoutTests/performance-api/performance-observer-callback-mutate-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-callback-mutate.html
A /trunk/LayoutTests/performance-api/performance-observer-callback-task-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-callback-task.html
A /trunk/LayoutTests/performance-api/performance-observer-entry-sort-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-entry-sort.html
A /trunk/LayoutTests/performance-api/performance-observer-exception-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-exception.html
A /trunk/LayoutTests/performance-api/performance-observer-nested-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-nested.html
A /trunk/LayoutTests/performance-api/performance-observer-order-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-order.html
A /trunk/LayoutTests/performance-api/performance-observer-periodic-expected.txt
A /trunk/LayoutTests/performance-api/performance-observer-periodic.html
A /trunk/LayoutTests/performance-api/performance-timeline-api-expected.txt
A /trunk/LayoutTests/performance-api/performance-timeline-api.html
M /trunk/LayoutTests/platform/efl/js/dom/global-constructors-attributes-expected.txt
M /trunk/LayoutTests/platform/gtk/js/dom/global-constructors-attributes-expected.txt
M /trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt
M /trunk/LayoutTests/platform/mac-elcapitan/js/dom/global-constructors-attributes-expected.txt
M /trunk/LayoutTests/platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt
M /trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt
M /trunk/LayoutTests/platform/win/js/dom/global-constructors-attributes-expected.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h
M /trunk/Source/WebCore/CMakeLists.txt
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/DerivedSources.make
M /trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj
M /trunk/Source/WebCore/html/HTMLMediaElement.cpp
M /trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
M /trunk/Source/WebCore/page/IntersectionObserver.h
M /trunk/Source/WebCore/page/Performance.cpp
M /trunk/Source/WebCore/page/Performance.h
M /trunk/Source/WebCore/page/PerformanceEntry.cpp
M /trunk/Source/WebCore/page/PerformanceEntry.h
M /trunk/Source/WebCore/page/PerformanceMark.h
M /trunk/Source/WebCore/page/PerformanceMeasure.h
A /trunk/Source/WebCore/page/PerformanceObserver.cpp
A /trunk/Source/WebCore/page/PerformanceObserver.h (from /trunk/Source/WebCore/page/IntersectionObserver.h:211405)
A /trunk/Source/WebCore/page/PerformanceObserver.idl
A /trunk/Source/WebCore/page/PerformanceObserverCallback.h (from /trunk/Source/WebCore/page/IntersectionObserver.h:211405)
A /trunk/Source/WebCore/page/PerformanceObserverCallback.idl
A /trunk/Source/WebCore/page/PerformanceObserverEntryList.cpp
A /trunk/Source/WebCore/page/PerformanceObserverEntryList.h (from /trunk/Source/WebCore/page/IntersectionObserver.h:211405)
A /trunk/Source/WebCore/page/PerformanceObserverEntryList.idl
M /trunk/Source/WebCore/page/PerformanceResourceTiming.cpp
M /trunk/Source/WebCore/page/PerformanceUserTiming.cpp
M /trunk/Source/WebCore/page/PerformanceUserTiming.h
M /trunk/Source/WebInspectorUI/ChangeLog
M /trunk/Source/WebInspectorUI/UserInterface/Models/NativeFunctionParameters.js
Implement PerformanceObserver
https://bugs.webkit.org/show_bug.cgi?id=167546
<rdar://problem/30247959>
Reviewed by Ryosuke Niwa.
Source/JavaScriptCore:
* runtime/CommonIdentifiers.h:
Source/WebCore:
This implements PerformanceObserver from Performance Timeline Level 2:
https://w3c.github.io/performance-timeline/
Tests: performance-api/performance-observer-api.html
performance-api/performance-observer-basic.html
performance-api/performance-observer-callback-mutate.html
performance-api/performance-observer-callback-task.html
performance-api/performance-observer-entry-sort.html
performance-api/performance-observer-exception.html
performance-api/performance-observer-nested.html
performance-api/performance-observer-order.html
performance-api/performance-observer-periodic.html
performance-api/performance-timeline-api.html
* CMakeLists.txt:
* DerivedSources.make:
* WebCore.xcodeproj/project.pbxproj:
New files.
* page/Performance.h:
* page/Performance.cpp:
(WebCore::Performance::mark):
(WebCore::Performance::measure):
(WebCore::Performance::registerPerformanceObserver):
(WebCore::Performance::unregisterPerformanceObserver):
(WebCore::Performance::queueEntry):
Register PerformanceObservers with the Performance object.
When new PerformanceEntries are created (Mark and Measure
right now) check them against observers.
* page/PerformanceEntry.cpp:
(WebCore::PerformanceEntry::PerformanceEntry):
(WebCore::PerformanceEntry::typeForEntryTypeString):
* page/PerformanceEntry.h:
(WebCore::PerformanceEntry::type):
Give PerformanceEntry a convenience enum for easy comparison
and to know if it is one of the built-in known types (which the
PerformanceObserver API takes into account).
* page/PerformanceObserver.cpp: Added.
(WebCore::PerformanceObserver::PerformanceObserver):
(WebCore::PerformanceObserver::observe):
(WebCore::PerformanceObserver::disconnect):
(WebCore::PerformanceObserver::queueEntry):
(WebCore::PerformanceObserver::deliver):
* page/PerformanceObserver.h:
(WebCore::PerformanceObserver::create):
(WebCore::PerformanceObserver::typeFilter):
- TypeErrors on observe bad behavior
- Completely replace types filter on observe
- Handle register and unregister
- Handle calling the callback
* page/PerformanceObserverCallback.idl: Added.
* page/PerformanceObserverEntryList.cpp: Added.
(WebCore::PerformanceObserverEntryList::PerformanceObserverEntryList):
(WebCore::PerformanceObserverEntryList::getEntries):
(WebCore::PerformanceObserverEntryList::getEntriesByType):
(WebCore::PerformanceObserverEntryList::getEntriesByName):
* page/PerformanceObserverEntryList.h:
(WebCore::PerformanceObserverEntryList::create):
* page/PerformanceObserverEntryList.idl: Added.
Implement sorting and filtering of entries.
* page/PerformanceObserver.idl: Added.
* page/PerformanceObserverCallback.h:
(WebCore::PerformanceObserverCallback::~PerformanceObserverCallback):
Mostly autogenerated.
* page/PerformanceUserTiming.cpp:
(WebCore::UserTiming::mark):
(WebCore::UserTiming::measure):
* page/PerformanceUserTiming.h:
Update these to return the entry so it can be passed on to
any interested PerformanceObservers.
Source/WebInspectorUI:
* UserInterface/Models/NativeFunctionParameters.js:
Improve API view display of built-in performance methods.
LayoutTests:
* performance-api/performance-observer-api-expected.txt: Added.
* performance-api/performance-observer-api.html: Added.
* performance-api/performance-observer-basic-expected.txt: Added.
* performance-api/performance-observer-basic.html: Added.
* performance-api/performance-observer-callback-mutate-expected.txt: Added.
* performance-api/performance-observer-callback-mutate.html: Added.
* performance-api/performance-observer-callback-task-expected.txt: Added.
* performance-api/performance-observer-callback-task.html: Added.
* performance-api/performance-observer-entry-sort-expected.txt: Added.
* performance-api/performance-observer-entry-sort.html: Added.
* performance-api/performance-observer-exception-expected.txt: Added.
* performance-api/performance-observer-exception.html: Added.
* performance-api/performance-observer-nested-expected.txt: Added.
* performance-api/performance-observer-nested.html: Added.
* performance-api/performance-observer-order-expected.txt: Added.
* performance-api/performance-observer-order.html: Added.
* performance-api/performance-observer-periodic-expected.txt: Added.
* performance-api/performance-observer-periodic.html: Added.
PerformanceObserver tests.
* performance-api/performance-timeline-api-expected.txt: Added.
* performance-api/performance-timeline-api.html: Added.
Performance timeline tests.
* platform/efl/js/dom/global-constructors-attributes-expected.txt:
* platform/gtk/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-elcapitan/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:
* platform/win/js/dom/global-constructors-attributes-expected.txt:
New global constructors.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211410 | utatane.tea@gmail.com | 2017-01-31 07:21:43 +0000 (Tue, 31 Jan 2017) | 18 lines
Changed paths:
M /trunk/JSTests/ChangeLog
M /trunk/JSTests/wasm/js-api/Module-compile.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/wasm/JSWebAssembly.cpp
[JSC] Do not reject WebAssembly.compile() with Exception
https://bugs.webkit.org/show_bug.cgi?id=167585
Reviewed by Mark Lam.
JSTests:
* wasm/js-api/Module-compile.js:
(async.testPromiseAPI):
Source/JavaScriptCore:
We accidentally reject the promise with Exception instead of Exception::value()
for the result of WebAssembly::compile().
* wasm/JSWebAssembly.cpp:
(JSC::webAssemblyCompileFunc):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211434 | tpopela@redhat.com | 2017-01-31 16:52:00 +0000 (Tue, 31 Jan 2017) | 7 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h
Compilation error in JSArrayBufferView.h
https://bugs.webkit.org/show_bug.cgi?id=167642
Reviewed by Alex Christensen.
* runtime/JSArrayBufferView.h:
(JSC::JSArrayBufferView::vector):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211448 | fpizlo@apple.com | 2017-01-31 22:31:24 +0000 (Tue, 31 Jan 2017) | 90 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
M /trunk/Source/JavaScriptCore/heap/Heap.h
M /trunk/Source/JavaScriptCore/heap/MarkStack.cpp
M /trunk/Source/JavaScriptCore/heap/MarkStack.h
M /trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp
M /trunk/Source/JavaScriptCore/heap/SlotVisitor.h
M /trunk/Source/JavaScriptCore/heap/SlotVisitorInlines.h
M /trunk/Source/JavaScriptCore/heap/SpaceTimeMutatorScheduler.cpp
M /trunk/Source/JavaScriptCore/heap/StochasticSpaceTimeMutatorScheduler.cpp
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/runtime/Options.cpp
M /trunk/Source/JavaScriptCore/runtime/Options.h
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/wtf/DataLog.cpp
The mutator should be able to perform increments of GC work
https://bugs.webkit.org/show_bug.cgi?id=167528
Reviewed by Keith Miller and Geoffrey Garen.
Source/JavaScriptCore:
The cool thing about having a concurrent and parallel collector is that it's easy to also make
it incremental, because the load balancer can also hand over work to anyone (including the
mutator) and since the collector is running concurrently anyway, the mutator can usually rely
on the balancer having some spare work.
This change adds a classic work-based incremental mode to the GC. When you allocate K bytes,
you have to do Options::gcIncrementScale() * K "bytes" of draining. This is ammortized so that
it only happens in allocation slow paths.
On computers that have a lot of CPUs, this mode is not profitable and we set gcIncrementScale
to zero. On such computers, Riptide was already performing great because there was no way that
one mutator thread could outpace many GC threads. But on computers with fewer CPUs, there were
problems having to do with making the collector progress quickly enough so that the heap
doesn't grow too much. The stochastic scheduler actually made things worse, because it relies
a lot on the fact that the GC will simply be faster than the mutator anyway. The old scheduler
claimed to address the problem of GC pace, but it used a time-based scheduler, which is not as
precise at keeping pase as the new work-based incremental mode.
In theory, the work-based mode guarantees a bound on how much the heap can grow during a
collection just because each byte allocated means some number of bytes visited. We don't try
to create such a theoretical bound. We're just trying to give the collector an unfair advantage
in any race with the mutator.
Turning on incremental mode, the stochastic scheduler, and passive draining in combination with
each other is a huge splay-latency speed-up on my iPad. It's also a CDjs progression. It does
regress splay-throughput, but I think that's fine (the regression is 11%, the progression is
3x).
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::~Heap):
(JSC::Heap::markToFixpoint):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::endMarking):
(JSC::Heap::finalize):
(JSC::Heap::didAllocate):
(JSC::Heap::visitCount):
(JSC::Heap::bytesVisited):
(JSC::Heap::forEachSlotVisitor):
(JSC::Heap::performIncrement):
(JSC::Heap::threadVisitCount): Deleted.
(JSC::Heap::threadBytesVisited): Deleted.
* heap/Heap.h:
* heap/MarkStack.cpp:
(JSC::MarkStackArray::transferTo):
* heap/MarkStack.h:
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::didStartMarking):
(JSC::SlotVisitor::clearMarkStacks):
(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::noteLiveAuxiliaryCell):
(JSC::SlotVisitor::donateKnownParallel):
(JSC::SlotVisitor::drain):
(JSC::SlotVisitor::performIncrementOfDraining):
(JSC::SlotVisitor::didReachTermination):
(JSC::SlotVisitor::hasWork):
(JSC::SlotVisitor::drainFromShared):
(JSC::SlotVisitor::drainInParallelPassively):
(JSC::SlotVisitor::donateAll):
(JSC::SlotVisitor::correspondingGlobalStack):
* heap/SlotVisitor.h:
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::reportExtraMemoryVisited):
(JSC::SlotVisitor::forEachMarkStack):
* heap/SpaceTimeMutatorScheduler.cpp:
(JSC::SpaceTimeMutatorScheduler::log):
* heap/StochasticSpaceTimeMutatorScheduler.cpp:
(JSC::StochasticSpaceTimeMutatorScheduler::log):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionHeapCapacity):
* runtime/Options.cpp:
(JSC::overrideDefaults):
* runtime/Options.h:
Source/WTF:
We want dataLog to be locked even if you're not logging to a file!
* wtf/DataLog.cpp:
(WTF::initializeLogFileOnce):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211461 | jfbastien@apple.com | 2017-02-01 01:26:00 +0000 (Wed, 01 Feb 2017) | 53 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
OSR entry: delay outer-loop compilation when at inner-loop
https://bugs.webkit.org/show_bug.cgi?id=167149
Reviewed by Filip Pizlo.
r211224 was reverted because it caused a massive kraken/ai-astar
regression. This patch instead does the minimally-disruptive
change to fix the original bug as described below, but omits extra
tuning and refactoring which I had before. I'll commit tuning and
refactoring separately, if this sticks. This patch is therefore
very minimal, and layers carefully on top of the complex
spaghetti-logic. The only change it makes is that it uses triggers
to indicate to outer loops that they should compile, which fixes
the immediate bug and seems roughly perf neutral (maybe a small
gain on kraken sometimes, other times a small regression as would
be expected from compiling later).
As of https://bugs.webkit.org/show_bug.cgi?id=155217 OSR
compilation can be kicked off for an entry into an outer-loop,
while executing an inner-loop. This is desirable because often the
codegen from an inner-entry isn't as good as the codegen from an
outer-entry, but execution from an inner-loop is often pretty hot
and likely to kick off compilation. This approach provided nice
speedups on Kraken because we'd select to enter to the outer-loop
very reliably, which reduces variability (the inner-loop was
selected roughly 1/5 times from my unscientific measurements).
When compilation starts we take a snapshot of the JSValues at the
current execution state using OSR's recovery mechanism. These
values are passed to the compiler and are used as way to perform
type profiling, and could be used to observe cell types as well as
to perform predictions such as through constant propagation.
It's therefore desired to enter from the outer-loop when we can,
but we need to be executing from that location to capture the
right JSValues, otherwise we're confusing the compiler and giving
it inaccurate JSValues which can lead it to predict the wrong
things, leading to suboptimal code or recompilation due to
misprediction, or in super-corner-cases a crash.
These effects are pretty hard to measure: Fil points out that
marsalis-osr-entry really needs mustHandleValues (the JSValues
from the point of execution) because right now it just happens to
correctly guess int32. I tried removing mustHandleValues entirely
and saw no slowdowns, but our benchmarks probably aren't
sufficient to reliably find issues, sometimes because we happen to
have sufficient mitigations.
DFG tier-up was added here:
https://bugs.webkit.org/show_bug.cgi?id=112838
* dfg/DFGOperations.cpp:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211463 | fpizlo@apple.com | 2017-02-01 01:46:33 +0000 (Wed, 01 Feb 2017) | 9 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
Make verifyEdge a RELEASE_ASSERT
<rdar://problem/30296879>
Rubber stamped by Saam Barati.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211479 | utatane.tea@gmail.com | 2017-02-01 11:29:25 +0000 (Wed, 01 Feb 2017) | 26 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/arity-fixup-should-not-touch-stack-area-below-sp.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp
M /trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
M /trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
ArityFixup should adjust SP first
https://bugs.webkit.org/show_bug.cgi?id=167239
Reviewed by Michael Saboff.
JSTests:
Significantly large arity fixup reliably causes this crash.
* stress/arity-fixup-should-not-touch-stack-area-below-sp.js: Added.
Source/JavaScriptCore:
Arity fixup extends the stack and copy/fill the stack with
the values. At that time, we accidentally read/write stack
space below the stack pointer. As a result, we touch the area
of the stack space below the x64 red zone. These areas are unsafe.
OS may corrupt this space when constructing a signal stack.
The Linux kernel could not populate the pages for this space
and causes segmentation fault. This patch changes the stack
pointer before performing the arity fixup.
* jit/ThunkGenerators.cpp:
(JSC::arityFixupGenerator):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211486 | commit-queue@webkit.org | 2017-02-01 17:34:00 +0000 (Wed, 01 Feb 2017) | 14 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorHeapAgent.cpp
M /trunk/Source/JavaScriptCore/runtime/InitializeThreading.cpp
Web Inspector: Use guaranteed RunLoop instead of RunLoop::current for dispatching inspector GC event
https://bugs.webkit.org/show_bug.cgi?id=167683
<rdar://problem/30167791>
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-02-01
Reviewed by Timothy Hatcher.
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::SendGarbageCollectionEventsTask::SendGarbageCollectionEventsTask):
Use RunLoop::main instead of RunLoop::current which may go away.
* runtime/InitializeThreading.cpp:
(JSC::initializeThreading):
Ensure RunLoop::main is initialized when using JSC APIs.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211537 | jmarcell@apple.com | 2017-02-01 23:16:20 +0000 (Wed, 01 Feb 2017) | 1 line
Changed paths:
M /trunk/Source/JavaScriptCore/Configurations/Version.xcconfig
M /trunk/Source/WebCore/Configurations/Version.xcconfig
M /trunk/Source/WebCore/PAL/Configurations/Version.xcconfig
M /trunk/Source/WebInspectorUI/Configurations/Version.xcconfig
M /trunk/Source/WebKit/mac/Configurations/Version.xcconfig
M /trunk/Source/WebKit2/Configurations/Version.xcconfig
Versioning.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211542 | keith_miller@apple.com | 2017-02-02 01:23:37 +0000 (Thu, 02 Feb 2017) | 26 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/Options.h
M /trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp
M /trunk/Source/JavaScriptCore/runtime/SamplingProfiler.h
The sampling profile should have an option to sample from C frames.
https://bugs.webkit.org/show_bug.cgi?id=167614
Reviewed by Saam Barati.
We should be able to use the sampling profiler, at least
internally, to trace C calls. This patch only modifies the JSC
shell although it would be nice to add it to the Web Inspector in
a future patch.
* runtime/Options.h:
* runtime/SamplingProfiler.cpp:
(JSC::FrameWalker::FrameWalker):
(JSC::FrameWalker::walk):
(JSC::FrameWalker::recordJSFrame):
(JSC::CFrameWalker::CFrameWalker):
(JSC::CFrameWalker::walk):
(JSC::CFrameWalker::isCFrame):
(JSC::CFrameWalker::advanceToParentFrame):
(JSC::CFrameWalker::frame):
(JSC::SamplingProfiler::takeSample):
(JSC::SamplingProfiler::processUnverifiedStackTraces):
(JSC::SamplingProfiler::StackFrame::displayName):
* runtime/SamplingProfiler.h:
(JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211546 | keith_miller@apple.com | 2017-02-02 01:49:20 +0000 (Thu, 02 Feb 2017) | 4 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp
Unreviewed, fix unintended change.
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::StackFrame::displayName):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211548 | commit-queue@webkit.org | 2017-02-02 01:57:00 +0000 (Thu, 02 Feb 2017) | 10 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
Unreviewed, rolling out r211461.
https://bugs.webkit.org/show_bug.cgi?id=167721
Big regression on kraken (Requested by jfbastien on #webkit).
Reverted changeset:
"OSR entry: delay outer-loop compilation when at inner-loop"
https://bugs.webkit.org/show_bug.cgi?id=167149
http://trac.webkit.org/changeset/211461
------------------------------------------------------------------------
------------------------------------------------------------------------
r211552 | commit-queue@webkit.org | 2017-02-02 09:49:53 +0000 (Thu, 02 Feb 2017) | 9 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp
M /trunk/Source/JavaScriptCore/interpreter/Interpreter.h
Removed unused m_errorHandlingModeReentry from Interpreter
https://bugs.webkit.org/show_bug.cgi?id=167726
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-02-02
Reviewed by Yusuke Suzuki.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::Interpreter):
* interpreter/Interpreter.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211571 | akling@apple.com | 2017-02-02 18:35:55 +0000 (Thu, 02 Feb 2017) | 107 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
M /trunk/Source/JavaScriptCore/heap/Heap.h
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/WTF.xcodeproj/project.pbxproj
M /trunk/Source/WTF/wtf/CMakeLists.txt
A /trunk/Source/WTF/wtf/MemoryFootprint.cpp (from /trunk/Source/WebCore/bindings/js/CommonVM.cpp:211570)
A /trunk/Source/WTF/wtf/MemoryFootprint.h (from /trunk/Source/WebCore/page/MemoryRelease.h:211570)
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/CommonVM.cpp
M /trunk/Source/WebCore/loader/FrameLoader.cpp
M /trunk/Source/WebCore/page/MainFrame.cpp
M /trunk/Source/WebCore/page/MainFrame.h
M /trunk/Source/WebCore/page/MemoryRelease.cpp
M /trunk/Source/WebCore/page/MemoryRelease.h
M /trunk/Source/WebCore/page/ResourceUsageThread.h
M /trunk/Source/WebCore/page/cocoa/ResourceUsageThreadCocoa.mm
M /trunk/Source/WebCore/platform/MemoryPressureHandler.cpp
M /trunk/Source/WebCore/platform/MemoryPressureHandler.h
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/WebProcess/WebProcess.cpp
Source/JavaScriptCore:
[Mac] In-process memory pressure monitor for WebContent processes.
<https://webkit.org/b/167491>
<rdar://problem/30116072>
Reviewed by Antti Koivisto.
Remove the sloppy "max live heap size" mechanism from JSC in favor of the new
WebCore-side memory footprint monitor.
* heap/Heap.cpp:
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::didExceedMaxLiveSize): Deleted.
* heap/Heap.h:
(JSC::Heap::setMaxLiveSize): Deleted.
Source/WebCore:
[Mac] In-process memory pressure monitor for WebContent processes AKA websam
<https://webkit.org/b/167491>
<rdar://problem/30116072>
Reviewed by Antti Koivisto.
Add a new timer-based memory pressure monitor that checks the process memory
footprint every 30 seconds and reacts to changes by setting a MemoryUsagePolicy.
There are four MemoryUsagePolicy values:
- Unrestricted (below 1GB)
- Conservative (above 1GB)
- Strict (above 2GB)
- Panic (above 4GB, or 3GB if 32-bit)
For Strict and above, the old-style "isUnderMemoryPressure()" API will return true.
Transitioning to a higher policy will cause memory pressure handlers to run:
At Strict, we run the "non-critical" memory pressure handler, then carry on.
At Panic, we run the "critical" memory pressure handler. If that fails to recover
enough memory to bring us back below 4GB, we may kill the process:
A process is eligible to get killed for using too much memory if:
- It's not visible on screen (i.e it's a background tab.)
- It's not playing audio.
- It has not performed a main frame navigation in the last hour.
Before killing the process, an exit-time callback will run. This patch installs such
a callback that prints out some time-of-death statistics about C++ and JavaScript memory
usage to hopefully help understand what was soaking up all the memory.
* bindings/js/CommonVM.cpp:
(WebCore::commonVMSlow):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::setState):
* page/MainFrame.cpp:
(WebCore::MainFrame::didCompleteLoad):
* page/MainFrame.h:
* page/MemoryRelease.cpp:
(WebCore::pageCount):
(WebCore::logMemoryStatisticsAtTimeOfDeath):
(WebCore::didExceedMemoryLimitAndFailedToRecover):
(WebCore::processIsEligibleForMemoryKill):
* page/MemoryRelease.h:
* page/ResourceUsageThread.h:
* page/cocoa/ResourceUsageThreadCocoa.mm:
(WebCore::vmPageSize):
* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::MemoryPressureHandler):
(WebCore::MemoryPressureHandler::setShouldUsePeriodicMemoryMonitor):
(WebCore::toString):
(WebCore::thresholdForPolicy):
(WebCore::policyForFootprint):
(WebCore::MemoryPressureHandler::measurementTimerFired):
* platform/MemoryPressureHandler.h:
(WebCore::MemoryPressureHandler::setMemoryKillCallback):
(WebCore::MemoryPressureHandler::setProcessIsEligibleForMemoryKillCallback):
(WebCore::MemoryPressureHandler::isUnderMemoryPressure):
Source/WebKit2:
[Mac] In-process memory pressure monitor for WebContent processes.
<https://webkit.org/b/167491>
<rdar://problem/30116072>
Reviewed by Antti Koivisto.
Enable the in-process memory monitor for WebContent processes on macOS 10.12+
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
Source/WTF:
[Mac] In-process memory pressure monitor for WebContent processes.
<https://webkit.org/b/167491>
<rdar://problem/30116072>
Reviewed by Antti Koivisto.
Add a WTF helper function for getting the current process's memory footprint.
* WTF.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/MemoryFootprint.cpp:
(WTF::memoryFootprint):
* wtf/MemoryFootprint.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211587 | jmarcell@apple.com | 2017-02-02 21:00:43 +0000 (Thu, 02 Feb 2017) | 1 line
Changed paths:
M /trunk/Source/JavaScriptCore/Configurations/Version.xcconfig
M /trunk/Source/WebCore/Configurations/Version.xcconfig
M /trunk/Source/WebCore/PAL/Configurations/Version.xcconfig
M /trunk/Source/WebInspectorUI/Configurations/Version.xcconfig
M /trunk/Source/WebKit/mac/Configurations/Version.xcconfig
M /trunk/Source/WebKit2/Configurations/Version.xcconfig
Versioning.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211589 | commit-queue@webkit.org | 2017-02-02 21:24:11 +0000 (Thu, 02 Feb 2017) | 15 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
M /trunk/Source/JavaScriptCore/heap/Heap.h
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/WTF.xcodeproj/project.pbxproj
M /trunk/Source/WTF/wtf/CMakeLists.txt
D /trunk/Source/WTF/wtf/MemoryFootprint.cpp
D /trunk/Source/WTF/wtf/MemoryFootprint.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/CommonVM.cpp
M /trunk/Source/WebCore/loader/FrameLoader.cpp
M /trunk/Source/WebCore/page/MainFrame.cpp
M /trunk/Source/WebCore/page/MainFrame.h
M /trunk/Source/WebCore/page/MemoryRelease.cpp
M /trunk/Source/WebCore/page/MemoryRelease.h
M /trunk/Source/WebCore/page/ResourceUsageThread.h
M /trunk/Source/WebCore/page/cocoa/ResourceUsageThreadCocoa.mm
M /trunk/Source/WebCore/platform/MemoryPressureHandler.cpp
M /trunk/Source/WebCore/platform/MemoryPressureHandler.h
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/WebProcess/WebProcess.cpp
Unreviewed, rolling out r211571 and r211582.
https://bugs.webkit.org/show_bug.cgi?id=167751
This change caused API test WebKit1.MemoryPressureHandler to
fail with an assertion. (Requested by ryanhaddad on #webkit).
Reverted changesets:
"[Mac] In-process memory pressure monitor for WebContent
processes."
https://bugs.webkit.org/show_bug.cgi?id=167491
http://trac.webkit.org/changeset/211571
"Unreviewed attempt to fix the Windows build after r211571."
http://trac.webkit.org/changeset/211582
------------------------------------------------------------------------
------------------------------------------------------------------------
r211600 | cdumez@apple.com | 2017-02-02 23:18:34 +0000 (Thu, 02 Feb 2017) | 45 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/http/tests/security/symbols-cross-origin-expected.txt
M /trunk/LayoutTests/imported/w3c/ChangeLog
M /trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSProxy.cpp
M /trunk/Source/JavaScriptCore/runtime/JSProxy.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
M /trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp
M /trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
M /trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt
M /trunk/Source/WebCore/page/DOMWindow.idl
M /trunk/Source/WebCore/page/Location.idl
{}.toString.call(crossOriginWindow) should return "[object Object]"
https://bugs.webkit.org/show_bug.cgi?id=167701
<rdar://problem/30330797>
Reviewed by Keith Miller.
LayoutTests/imported/w3c:
Rebaseline W3C test now that one more check is passing.
* web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:
Source/JavaScriptCore:
Have JSProxy forward toStringName calls to its target so Window
can override it.
* runtime/JSProxy.cpp:
(JSC::JSProxy::toStringName):
* runtime/JSProxy.h:
Source/WebCore:
{}.toString.call() to should "[object Object] for cross origin
Window / Location objects. This new behavior is consistent with
Firefox and Chrome.
No new tests, rebaselined existing tests.
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::toStringName):
* bindings/js/JSLocationCustom.cpp:
(WebCore::JSLocation::toStringName):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
* bindings/scripts/IDLAttributes.txt:
* page/DOMWindow.idl:
* page/Location.idl:
LayoutTests:
Rebaselined existing test now that more checks are passing.
* http/tests/security/symbols-cross-origin-expected.txt:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211603 | mark.lam@apple.com | 2017-02-02 23:32:36 +0000 (Thu, 02 Feb 2017) | 57 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSVirtualMachine.mm
A /trunk/Source/JavaScriptCore/API/JSVirtualMachinePrivate.h
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M /trunk/Source/JavaScriptCore/assembler/ARM64Assembler.h
M /trunk/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
M /trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
M /trunk/Source/JavaScriptCore/assembler/X86Assembler.h
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
M /trunk/Source/JavaScriptCore/heap/Heap.h
M /trunk/Source/JavaScriptCore/heap/HeapInlines.h
M /trunk/Source/JavaScriptCore/runtime/Options.cpp
M /trunk/Source/JavaScriptCore/runtime/Options.h
M /trunk/Source/JavaScriptCore/runtime/VM.cpp
M /trunk/Source/JavaScriptCore/runtime/VM.h
A /trunk/Source/JavaScriptCore/tools/SigillCrashAnalyzer.cpp
A /trunk/Source/JavaScriptCore/tools/SigillCrashAnalyzer.h
A /trunk/Source/JavaScriptCore/tools/VMInspector.cpp
A /trunk/Source/JavaScriptCore/tools/VMInspector.h
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/wtf/StdLibExtras.h
Add a SIGILL crash analyzer to make debugging SIGILLs easier.
https://bugs.webkit.org/show_bug.cgi?id=167714
<rdar://problem/30318237>
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
The current implementation is only for X86_64 and ARM64 on OS(DARWIN). The
analyzer is not enabled for all other ports.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* API/JSVirtualMachine.mm:
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::illegalInstruction):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::illegalInstruction):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::illegalInstruction):
* assembler/X86Assembler.h:
(JSC::X86Assembler::illegalInstruction):
* heap/Heap.cpp:
(JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
* heap/Heap.h:
* heap/HeapInlines.h:
(JSC::Heap::forEachCodeBlockIgnoringJITPlans):
* runtime/Options.cpp:
(JSC::Options::isAvailable):
(JSC::recomputeDependentOptions):
* runtime/Options.h:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:
* tools/SigillCrashAnalyzer.cpp: Added.
(JSC::SignalContext::SignalContext):
(JSC::SignalContext::dump):
(JSC::handleCrash):
(JSC::initializeCrashHandler):
(JSC::ensureSigillCrashAnalyzer):
(JSC::SigillCrashAnalyzer::analyze):
(JSC::SigillCrashAnalyzer::dumpCodeBlock):
* tools/SigillCrashAnalyzer.h: Added.
* tools/VMInspector.cpp: Added.
(JSC::VMInspector::instance):
(JSC::VMInspector::add):
(JSC::VMInspector::remove):
(JSC::ensureIsSafeToLock):
* tools/VMInspector.h: Added.
(JSC::VMInspector::iterate):
Source/WTF:
* wtf/StdLibExtras.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211609 | mark.lam@apple.com | 2017-02-03 00:26:00 +0000 (Fri, 03 Feb 2017) | 11 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/tools/VMInspector.cpp
Add a SIGILL crash analyzer to make debugging SIGILLs easier.
https://bugs.webkit.org/show_bug.cgi?id=167714
<rdar://problem/30318237>
Not reviewed.
Build fix for CLOOP build.
* tools/VMInspector.cpp:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211622 | akling@apple.com | 2017-02-03 07:25:24 +0000 (Fri, 03 Feb 2017) | 93 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/Heap.cpp
M /trunk/Source/JavaScriptCore/heap/Heap.h
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/WTF.xcodeproj/project.pbxproj
M /trunk/Source/WTF/wtf/CMakeLists.txt
A /trunk/Source/WTF/wtf/MemoryFootprint.cpp (from /trunk/Source/WebCore/bindings/js/CommonVM.cpp:211621)
A /trunk/Source/WTF/wtf/MemoryFootprint.h (from /trunk/Source/WebCore/page/MemoryRelease.h:211621)
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/CommonVM.cpp
M /trunk/Source/WebCore/loader/FrameLoader.cpp
M /trunk/Source/WebCore/page/MainFrame.cpp
M /trunk/Source/WebCore/page/MainFrame.h
M /trunk/Source/WebCore/page/MemoryRelease.cpp
M /trunk/Source/WebCore/page/MemoryRelease.h
M /trunk/Source/WebCore/page/ResourceUsageThread.h
M /trunk/Source/WebCore/page/cocoa/ResourceUsageThreadCocoa.mm
M /trunk/Source/WebCore/platform/MemoryPressureHandler.cpp
M /trunk/Source/WebCore/platform/MemoryPressureHandler.h
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/WebProcess/WebProcess.cpp
[Mac] In-process memory pressure monitor for WebContent processes AKA websam
<https://webkit.org/b/167491>
<rdar://problem/30116072>
Reviewed by Antti Koivisto.
Source/JavaScriptCore:
Remove the sloppy "max live heap size" mechanism from JSC in favor of the new
WebCore-side memory footprint monitor.
* heap/Heap.cpp:
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::didExceedMaxLiveSize): Deleted.
* heap/Heap.h:
(JSC::Heap::setMaxLiveSize): Deleted.
Source/WebCore:
Add a new timer-based memory pressure monitor that checks the process memory
footprint every 30 seconds and reacts to changes by setting a MemoryUsagePolicy.
There are four MemoryUsagePolicy values:
- Unrestricted (below 1GB)
- Conservative (above 1GB)
- Strict (above 2GB)
- Panic (above 4GB, or 3GB if 32-bit)
For Strict and above, the old-style "isUnderMemoryPressure()" API will return true.
Transitioning to a higher policy will cause memory pressure handlers to run:
At Strict, we run the "non-critical" memory pressure handler, then carry on.
At Panic, we run the "critical" memory pressure handler. If that fails to recover
enough memory to bring us back below 4GB, we may kill the process:
A process is eligible to get killed for using too much memory if:
- It's not visible on screen (i.e it's a background tab.)
- It's not playing audio.
- It has not performed a main frame navigation in the last hour.
Before killing the process, an exit-time callback will run. This patch installs such
a callback that prints out some time-of-death statistics about C++ and JavaScript memory
usage to hopefully help understand what was soaking up all the memory.
* bindings/js/CommonVM.cpp:
(WebCore::commonVMSlow):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::setState):
* page/MainFrame.cpp:
(WebCore::MainFrame::didCompleteLoad):
* page/MainFrame.h:
* page/MemoryRelease.cpp:
(WebCore::pageCount):
(WebCore::logMemoryStatisticsAtTimeOfDeath):
(WebCore::didExceedMemoryLimitAndFailedToRecover):
(WebCore::processIsEligibleForMemoryKill):
* page/MemoryRelease.h:
* page/ResourceUsageThread.h:
* page/cocoa/ResourceUsageThreadCocoa.mm:
(WebCore::vmPageSize):
* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::MemoryPressureHandler):
(WebCore::MemoryPressureHandler::setShouldUsePeriodicMemoryMonitor):
(WebCore::toString):
(WebCore::thresholdForPolicy):
(WebCore::policyForFootprint):
(WebCore::MemoryPressureHandler::measurementTimerFired):
* platform/MemoryPressureHandler.h:
(WebCore::MemoryPressureHandler::setMemoryKillCallback):
(WebCore::MemoryPressureHandler::setProcessIsEligibleForMemoryKillCallback):
(WebCore::MemoryPressureHandler::isUnderMemoryPressure):
Source/WebKit2:
Enable the in-process memory monitor for WebContent processes on macOS 10.12+
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
Source/WTF:
Add a WTF helper function for getting the current process's memory footprint.
* WTF.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/MemoryFootprint.cpp:
(WTF::memoryFootprint):
* wtf/MemoryFootprint.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211630 | ossy@webkit.org | 2017-02-03 12:56:20 +0000 (Fri, 03 Feb 2017) | 4 lines
Changed paths:
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
[cmake] Unreviewed AArch64 buildfix after r211603.
https://bugs.webkit.org/show_bug.cgi?id=167714
* CMakeLists.txt:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211631 | carlosgc@webkit.org | 2017-02-03 13:03:33 +0000 (Fri, 03 Feb 2017) | 59 lines
Changed paths:
M /trunk/ChangeLog
M /trunk/LayoutTests/ChangeLog
M /trunk/LayoutTests/platform/gtk/TestExpectations
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/GCActivityCallback.cpp
M /trunk/Source/JavaScriptCore/heap/GCActivityCallback.h
M /trunk/Source/WTF/ChangeLog
M /trunk/Source/WTF/wtf/Platform.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/PlatformGTK.cmake
M /trunk/Source/WebCore/page/Page.cpp
M /trunk/Source/WebCore/page/ResourceUsageOverlay.h
M /trunk/Source/WebCore/page/ResourceUsageThread.h
A /trunk/Source/WebCore/page/linux
A /trunk/Source/WebCore/page/linux/ResourceUsageOverlayLinux.cpp
A /trunk/Source/WebCore/page/linux/ResourceUsageThreadLinux.cpp
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp
M /trunk/Source/cmake/OptionsGTK.cmake
[GTK] Add initial implementation of resource usage overlay
https://bugs.webkit.org/show_bug.cgi?id=167731
Reviewed by Michael Catanzaro.
.:
Enable RESOURCE_USAGE.
* Source/cmake/OptionsGTK.cmake:
Source/JavaScriptCore:
Also expose nextFireTime() for GTK+ port.
* heap/GCActivityCallback.cpp:
(JSC::GCActivityCallback::scheduleTimer):
(JSC::GCActivityCallback::cancelTimer):
* heap/GCActivityCallback.h:
Source/WebCore:
Add an implementation of ResourceUsageOverlay and ResourceUsageThread for Linux systems.
* PlatformGTK.cmake: Add new new files to compilation.
* page/Page.cpp:
(WebCore::Page::setResourceUsageOverlayVisible): Do not create the page overlay if accelerated compositing is
not enabled.
* page/ResourceUsageOverlay.h:
* page/linux/ResourceUsageOverlayLinux.cpp: Added.
(WebCore::cpuUsageString):
(WebCore::formatByteNumber):
(WebCore::gcTimerString):
(WebCore::ResourceUsageOverlay::platformInitialize):
(WebCore::ResourceUsageOverlay::platformDestroy):
* page/linux/ResourceUsageThreadLinux.cpp: Added.
(WebCore::cpuPeriod):
(WebCore::cpuUsage):
(WebCore::ResourceUsageThread::platformThreadBody):
Source/WebKit2:
Toggle the resource usage overlay visibility by pressing CTRL + Shift + G. Only available when building with
developer mode enabled.
* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseKeyPressEvent):
Source/WTF:
Enable RESOURCE_USAGE for GTK+ port too.
* wtf/Platform.h:
LayoutTests:
Unskip inpector tests depending on RESOURCE_USAGE.
* platform/gtk/TestExpectations:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211632 | ossy@webkit.org | 2017-02-03 13:04:50 +0000 (Fri, 03 Feb 2017) | 3 lines
Changed paths:
M /trunk/Source/JavaScriptCore/CMakeLists.txt
M /trunk/Source/JavaScriptCore/ChangeLog
Unreviewed typo fix after r211630.
* CMakeLists.txt:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211642 | sbarati@apple.com | 2017-02-03 20:00:53 +0000 (Fri, 03 Feb 2017) | 42 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp
M /trunk/Source/JavaScriptCore/interpreter/Interpreter.h
M /trunk/Source/JavaScriptCore/jit/JIT.cpp
M /trunk/Source/JavaScriptCore/jit/JIT.h
M /trunk/Source/JavaScriptCore/jit/JITWorklist.cpp
M /trunk/Source/JavaScriptCore/jit/JITWorklist.h
M /trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
M /trunk/Source/JavaScriptCore/runtime/Completion.cpp
When OSR entering to the baseline JIT from the LLInt for a ProgramCodeBlock we can skip compiling a lot of the program
https://bugs.webkit.org/show_bug.cgi?id=167725
<rdar://problem/30339082>
Reviewed by Michael Saboff.
We often want to baseline compile ProgramCode once we hit a loop in the LLInt.
However, some programs execute a non-trivial amount of code before the loop.
This code can never be executed again because ProgramCodeBlocks never run more
than once. We're wasting time and memory by compiling code that is unreachable
from the OSR entry destination. This patch fixes this by only compiling code
that is reachable from the OSR entry destination.
This is a speedup on Kraken/ai-astar for devices with limited CPUs (I've been
testing on devices with 2 CPUs). On ai-astar, we were spending 50-100ms compiling
a huge ProgramCodeBlock in the baseline JIT where the majority of the code
would never execute. If this compilation was kicked off on the main thread,
then we'd be stalled for a long time. If it were started on the baseline JITs
background compilation thread, we'd still waste 50-100ms in that thread, causing
all other baseline compilations to happen on the main thread.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::executeProgram):
* interpreter/Interpreter.h:
* jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
(JSC::JIT::compile):
* jit/JITWorklist.cpp:
(JSC::JITWorklist::Plan::Plan):
(JSC::JITWorklist::Plan::compileNow):
(JSC::JITWorklist::compileLater):
(JSC::JITWorklist::compileNow):
* jit/JITWorklist.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/Completion.cpp:
(JSC::evaluate):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211658 | jfbastien@apple.com | 2017-02-04 01:17:38 +0000 (Sat, 04 Feb 2017) | 63 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/dfg/DFGJITCode.h
M /trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h
OSR entry: delay outer-loop compilation when at inner-loop
https://bugs.webkit.org/show_bug.cgi?id=167149
Reviewed by Filip Pizlo.
r211224 and r211461 were reverted because they caused massive
kraken/ai-astar regressions. This patch instead does the
minimally-disruptive change to fix the original bug as described
below, but omits extra tuning and refactoring which I had
before. I'll commit tuning and refactoring separately, if this
sticks. This patch is therefore very minimal, and layers carefully
on top of the complex spaghetti-logic. The only change it makes is
that it uses triggers to indicate to outer loops that they should
compile, which fixes the immediate bug and seems roughly perf
neutral (maybe a small gain on kraken sometimes, other times a
small regression as would be expected from slightly compiling
later). As opposed to r211461 this patch doesn't unconditionally
unset the trigger because it prevents further DFG executions from
entering. It therefore makes the trigger a tri-state enum class:
don't trigger, compilation done, start compilation. Only "start
compilation" gets reset to "don't trigger". "Compilation done"
does not (unless there's a problem compiling, then it gets set
back to "don't trigger").
As of https://bugs.webkit.org/show_bug.cgi?id=155217 OSR
compilation can be kicked off for an entry into an outer-loop,
while executing an inner-loop. This is desirable because often the
codegen from an inner-entry isn't as good as the codegen from an
outer-entry, but execution from an inner-loop is often pretty hot
and likely to kick off compilation. This approach provided nice
speedups on Kraken because we'd select to enter to the outer-loop
very reliably, which reduces variability (the inner-loop was
selected roughly 1/5 times from my unscientific measurements).
When compilation starts we take a snapshot of the JSValues at the
current execution state using OSR's recovery mechanism. These
values are passed to the compiler and are used as way to perform
type profiling, and could be used to observe cell types as well as
to perform predictions such as through constant propagation.
It's therefore desired to enter from the outer-loop when we can,
but we need to be executing from that location to capture the
right JSValues, otherwise we're confusing the compiler and giving
it inaccurate JSValues which can lead it to predict the wrong
things, leading to suboptimal code or recompilation due to
misprediction, or in super-corner-cases a crash.
DFG tier-up was added here:
https://bugs.webkit.org/show_bug.cgi?id=112838
* dfg/DFGJITCode.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::Ref<ToFTLForOSREntryDeferredCompilationCallback>ToFTLForOSREntryDeferredCompilationCallback::create):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211666 | joepeck@webkit.org | 2017-02-04 05:18:18 +0000 (Sat, 04 Feb 2017) | 15 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorHeapAgent.cpp
M /trunk/Source/JavaScriptCore/runtime/InitializeThreading.cpp
M /trunk/Source/WebKit2/ChangeLog
M /trunk/Source/WebKit2/Shared/WebKit2Initialize.cpp
Unreviewed rollout of r211486, r211629.
Original change is not ideal and is causing issues.
Source/JavaScriptCore:
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::SendGarbageCollectionEventsTask::SendGarbageCollectionEventsTask):
* runtime/InitializeThreading.cpp:
(JSC::initializeThreading):
Source/WebKit2:
* Shared/WebKit2Initialize.cpp:
(WebKit::InitializeWebKit2):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211670 | utatane.tea@gmail.com | 2017-02-04 13:46:19 +0000 (Sat, 04 Feb 2017) | 117 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/to-int32-sensible.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/assembler/CPU.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLOutput.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLOutput.h
M /trunk/Source/JavaScriptCore/runtime/MathCommon.cpp
M /trunk/Source/JavaScriptCore/runtime/MathCommon.h
[JSC] Add operationToInt32SensibleSlow to optimize kraken pbkdf2 and sha256
https://bugs.webkit.org/show_bug.cgi?id=167736
Reviewed by Saam Barati.
JSTests:
* stress/to-int32-sensible.js: Added.
(shouldBe):
(toInt32):
(test):
Source/JavaScriptCore:
Add a new function operationToInt32SensibleSlow. This function is only
called after x86 cvttss2si_rr is failed. This means that the
given double number never in range of int32 truncatable numbers.
As a result, exp in operationToInt32 always becomes >= 31. So
we can change the condition from `exp < 32` to `exp == 31`.
This makes missingOne constant. And it leads significantly good
code generation.
The original operationToInt32 code.
170: 66 48 0f 7e c1 movq %xmm0,%rcx
175: 31 c0 xor %eax,%eax
177: 66 48 0f 7e c6 movq %xmm0,%rsi
17c: 48 c1 f9 34 sar $0x34,%rcx
180: 81 e1 ff 07 00 00 and $0x7ff,%ecx
186: 8d 91 01 fc ff ff lea -0x3ff(%rcx),%edx
18c: 83 fa 53 cmp $0x53,%edx
18f: 77 37 ja 1c8 <_ZN3JSC16operationToInt32Ed+0x58>
191: 83 fa 34 cmp $0x34,%edx
194: 7f 3a jg 1d0 <_ZN3JSC16operationToInt32Ed+0x60>
196: b9 34 00 00 00 mov $0x34,%ecx
19b: 66 48 0f 7e c7 movq %xmm0,%rdi
1a0: 29 d1 sub %edx,%ecx
1a2: 48 d3 ff sar %cl,%rdi
1a5: 83 fa 1f cmp $0x1f,%edx
1a8: 89 f8 mov %edi,%eax
1aa: 7f 12 jg 1be <_ZN3JSC16operationToInt32Ed+0x4e>
1ac: 89 d1 mov %edx,%ecx
1ae: b8 01 00 00 00 mov $0x1,%eax
1b3: d3 e0 shl %cl,%eax
1b5: 89 c2 mov %eax,%edx
1b7: 8d 40 ff lea -0x1(%rax),%eax
1ba: 21 f8 and %edi,%eax
1bc: 01 d0 add %edx,%eax
1be: 89 c2 mov %eax,%edx
1c0: f7 da neg %edx
1c2: 48 85 f6 test %rsi,%rsi
1c5: 0f 48 c2 cmovs %edx,%eax
1c8: f3 c3 repz retq
1ca: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
1d0: 66 48 0f 7e c0 movq %xmm0,%rax
1d5: 81 e9 33 04 00 00 sub $0x433,%ecx
1db: 48 d3 e0 shl %cl,%rax
1de: eb de jmp 1be <_ZN3JSC16operationToInt32Ed+0x4e>
The operationToInt32SensibleSlow code.
1e0: 66 48 0f 7e c1 movq %xmm0,%rcx
1e5: 66 48 0f 7e c2 movq %xmm0,%rdx
1ea: 48 c1 f9 34 sar $0x34,%rcx
1ee: 81 e1 ff 07 00 00 and $0x7ff,%ecx
1f4: 8d b1 01 fc ff ff lea -0x3ff(%rcx),%esi
1fa: 83 fe 34 cmp $0x34,%esi
1fd: 7e 21 jle 220 <_ZN3JSC28operationToInt32SensibleSlowEd+0x40>
1ff: 66 48 0f 7e c0 movq %xmm0,%rax
204: 81 e9 33 04 00 00 sub $0x433,%ecx
20a: 48 d3 e0 shl %cl,%rax
20d: 89 c1 mov %eax,%ecx
20f: f7 d9 neg %ecx
211: 48 85 d2 test %rdx,%rdx
214: 0f 48 c1 cmovs %ecx,%eax
217: c3 retq
218: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
21f: 00
220: 66 48 0f 7e c0 movq %xmm0,%rax
225: b9 34 00 00 00 mov $0x34,%ecx
22a: 29 f1 sub %esi,%ecx
22c: 48 d3 f8 sar %cl,%rax
22f: 89 c1 mov %eax,%ecx
231: 81 c9 00 00 00 80 or $0x80000000,%ecx
237: 83 fe 1f cmp $0x1f,%esi
23a: 0f 44 c1 cmove %ecx,%eax
23d: 89 c1 mov %eax,%ecx
23f: f7 d9 neg %ecx
241: 48 85 d2 test %rdx,%rdx
244: 0f 48 c1 cmovs %ecx,%eax
247: c3 retq
248: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
24f: 00
This improves kraken pbkdf2 by 10.8% and sha256 by 7.5%.
baseline patched
stanford-crypto-pbkdf2 153.195+-2.745 ^ 138.204+-2.513 ^ definitely 1.1085x faster
stanford-crypto-sha256-iterative 49.047+-1.038 ^ 45.610+-1.235 ^ definitely 1.0754x faster
<arithmetic> 101.121+-1.379 ^ 91.907+-1.500 ^ definitely 1.1003x faster
* assembler/CPU.h:
(JSC::hasSensibleDoubleToInt):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
(JSC::FTL::DFG::LowerDFGToB3::sensibleDoubleToInt32):
* ftl/FTLOutput.cpp:
(JSC::FTL::Output::hasSensibleDoubleToInt): Deleted.
* ftl/FTLOutput.h:
* runtime/MathCommon.cpp:
(JSC::operationToInt32SensibleSlow):
* runtime/MathCommon.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211675 | commit-queue@webkit.org | 2017-02-05 01:26:25 +0000 (Sun, 05 Feb 2017) | 17 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSMapIterator.h
M /trunk/Source/JavaScriptCore/runtime/JSSetIterator.h
Static Analyzer: Value stored to 'prev' is never read
https://bugs.webkit.org/show_bug.cgi?id=167844
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-02-04
Reviewed by Saam Barati.
Source/JavaScriptCore/runtime/JSMapIterator.h:60:13: warning: Value stored to 'prev' is never read
prev = bucket;
^ ~~~~~~
Source/JavaScriptCore/runtime/JSSetIterator.h:60:13: warning: Value stored to 'prev' is never read
prev = bucket;
^ ~~~~~~
* runtime/JSMapIterator.h:
(JSC::JSMapIterator::advanceIter):
* runtime/JSSetIterator.h:
(JSC::JSSetIterator::advanceIter):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211678 | commit-queue@webkit.org | 2017-02-05 07:02:30 +0000 (Sun, 05 Feb 2017) | 12 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/heap/MachineStackMarker.cpp
Static Analyzer: Value stored to 'recordedMachineThreads' during its initialization is never read
https://bugs.webkit.org/show_bug.cgi?id=167845
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-02-04
Reviewed by Saam Barati.
Source/JavaScriptCore/heap/MachineStackMarker.cpp:151:14: warning: Value stored to 'recordedMachineThreads' during its initialization is never read
auto recordedMachineThreads = m_set.take(machineThreads);
^~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~
* heap/MachineStackMarker.cpp:
(JSC::ActiveMachineThreadsManager::remove):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211684 | mark.lam@apple.com | 2017-02-05 19:26:50 +0000 (Sun, 05 Feb 2017) | 20 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/tools/SigillCrashAnalyzer.cpp
M /trunk/Source/JavaScriptCore/tools/VMInspector.cpp
M /trunk/Source/JavaScriptCore/tools/VMInspector.h
The VMInspector should use an RAII Locker.
https://bugs.webkit.org/show_bug.cgi?id=167854
Reviewed by Saam Barati.
Previously, VMInspector::lock() was returning an expected LockToken, and there's
no way to unlock it when we're done with it. This was not a problem before
because the VMInspector had only one client, the SigillCrashAnalyzer, that
expected the process to crash due to a SIGILL shortly thereafter.
However, the VMInspector is useful as a debugging tool that we can apply in other
debugging tasks. Fixing VMInspector::lock() to return an RAII locker will enable
other use cases. Plus it's just bad form to be able to lock something and never
be able to unlock it.
* tools/SigillCrashAnalyzer.cpp:
(JSC::SigillCrashAnalyzer::analyze):
* tools/VMInspector.cpp:
* tools/VMInspector.h:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211740 | commit-queue@webkit.org | 2017-02-06 19:16:07 +0000 (Mon, 06 Feb 2017) | 14 lines
Changed paths:
M /trunk/Source/JavaScriptCore/API/JSContext.mm
M /trunk/Source/JavaScriptCore/ChangeLog
Static Analyzer: JSContext.mm: Incorrect decrement of the reference count of an object
https://bugs.webkit.org/show_bug.cgi?id=167848
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-02-06
Reviewed by Saam Barati.
Source/JavaScriptCore/API/JSContext.mm:87:5: warning: Incorrect decrement of the reference count of an object that is not owned at this point by the caller
[self.exceptionHandler release];
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
* API/JSContext.mm:
(-[JSContext dealloc]):
Use the ivar in dealloc instead of going through the getter.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211771 | commit-queue@webkit.org | 2017-02-07 04:27:05 +0000 (Tue, 07 Feb 2017) | 63 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorHeapAgent.cpp
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorHeapAgent.h
M /trunk/Source/JavaScriptCore/inspector/agents/InspectorScriptProfilerAgent.cpp
M /trunk/Source/WebCore/CMakeLists.txt
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj
M /trunk/Source/WebCore/inspector/InspectorAllInOne.cpp
M /trunk/Source/WebCore/inspector/PageHeapAgent.cpp
M /trunk/Source/WebCore/inspector/PageHeapAgent.h
A /trunk/Source/WebCore/inspector/WebHeapAgent.cpp
A /trunk/Source/WebCore/inspector/WebHeapAgent.h (from /trunk/Source/WebCore/inspector/PageHeapAgent.h:211770)
M /trunk/Source/WebCore/inspector/WorkerInspectorController.cpp
Web Inspector: Do not use RunLoop when dispatching inspector GC event
https://bugs.webkit.org/show_bug.cgi?id=167683
<rdar://problem/30167791>
Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-02-06
Reviewed by Brian Burg.
Source/JavaScriptCore:
Move the RunLoop deferred implementation to WebCore. It is not needed
for JSContext inspection, and in JSContext inspection we are not
guarenteed a RunLoop to defer to.
* inspector/agents/InspectorHeapAgent.h:
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::InspectorHeapAgent):
(Inspector::InspectorHeapAgent::~InspectorHeapAgent):
(Inspector::InspectorHeapAgent::disable):
(Inspector::InspectorHeapAgent::didGarbageCollect):
(Inspector::SendGarbageCollectionEventsTask::SendGarbageCollectionEventsTask): Deleted.
(Inspector::SendGarbageCollectionEventsTask::addGarbageCollection): Deleted.
(Inspector::SendGarbageCollectionEventsTask::reset): Deleted.
(Inspector::SendGarbageCollectionEventsTask::timerFired): Deleted.
(Inspector::InspectorHeapAgent::dispatchGarbageCollectedEvent):
Make a virtual method so that WebCore implementations of this agent can choose
to dispatch this event asynchronously.
* inspector/agents/InspectorScriptProfilerAgent.cpp:
Remove unnecessary RunLoop include.
Source/WebCore:
Covered by existing tests.
* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:
* inspector/InspectorAllInOne.cpp:
Add new file.
* inspector/PageHeapAgent.cpp:
(WebCore::PageHeapAgent::PageHeapAgent):
(WebCore::PageHeapAgent::enable):
(WebCore::PageHeapAgent::disable):
* inspector/PageHeapAgent.h:
Extend WebHeapAgent.
* inspector/WorkerInspectorController.cpp:
(WebCore::WorkerInspectorController::WorkerInspectorController):
Use WebHeapAgent.
* inspector/WebHeapAgent.cpp: Added.
(WebCore::SendGarbageCollectionEventsTask::SendGarbageCollectionEventsTask):
(WebCore::SendGarbageCollectionEventsTask::addGarbageCollection):
(WebCore::SendGarbageCollectionEventsTask::reset):
(WebCore::SendGarbageCollectionEventsTask::timerFired):
(WebCore::WebHeapAgent::WebHeapAgent):
(WebCore::WebHeapAgent::~WebHeapAgent):
(WebCore::WebHeapAgent::disable):
(WebCore::WebHeapAgent::dispatchGarbageCollectedEvent):
(WebCore::WebHeapAgent::dispatchGarbageCollectionEventsAfterDelay):
* inspector/WebHeapAgent.h:
Move the defered event dispatch from InspectorHeapAgent here where a RunLoop is guarenteed.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211777 | utatane.tea@gmail.com | 2017-02-07 08:17:17 +0000 (Tue, 07 Feb 2017) | 47 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
A /trunk/LayoutTests/inspector/controller/resources
A /trunk/LayoutTests/inspector/controller/resources/cappuccino.js
A /trunk/LayoutTests/inspector/controller/resources/cocoa.js
A /trunk/LayoutTests/inspector/controller/resources/drink.js
M /trunk/LayoutTests/inspector/controller/runtime-controller-expected.txt
M /trunk/LayoutTests/inspector/controller/runtime-controller.html
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/ScriptModuleLoader.cpp
Web Inspector: allow import() inside the inspector
https://bugs.webkit.org/show_bug.cgi?id=167457
Reviewed by Ryosuke Niwa.
Source/JavaScriptCore:
We relax import module hook to accept null SourceOrigin.
Such a script can be evaluated from the inspector console.
* jsc.cpp:
(GlobalObject::moduleLoaderImportModule):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncImportModule):
Source/WebCore:
When evaluating `import("...")`, we need the caller's context to resolve
the module specifier correctly. For example, if `import("./cocoa.js")` is
evaluated in the script "drinks/hot.js", this module name is resolved to
"drinks/cocoa.js". If the same import operator is evaluated in the script
"menu/all.js", the module specifier becomes "menu/cocoa.js".
Previously we reject the import operator if the caller does not have such
a context. These context is SourceOrigin and its ScriptFetcher. While they
are offered in the script tag and other code evaluations, the inspector
console does not offer that. These class are offered in the WebCore side
and we should not touch these classes in the JSC's inspector code.
Now we relax the above restriction. If the above caller information is not
offered, we fallback to the default one. In the web page, we use the page's
URL as the caller's source origin. This allows us to evaluate the import
operator in the inspector console.
And as of r167698, the console recognizes `await import("...")` form. We use
this to test this `import()` in the console functionality.
* bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::importModule):
LayoutTests:
* inspector/controller/resources/cappuccino.js: Added.
* inspector/controller/resources/cocoa.js: Added.
* inspector/controller/resources/drink.js: Added.
* inspector/controller/runtime-controller-expected.txt:
* inspector/controller/runtime-controller.html:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211818 | utatane.tea@gmail.com | 2017-02-07 18:24:49 +0000 (Tue, 07 Feb 2017) | 24 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
D /trunk/LayoutTests/inspector/controller/resources
M /trunk/LayoutTests/inspector/controller/runtime-controller-expected.txt
M /trunk/LayoutTests/inspector/controller/runtime-controller.html
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/jsc.cpp
M /trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/ScriptModuleLoader.cpp
Unreviewed, manual roll out of r211777
https://bugs.webkit.org/show_bug.cgi?id=167457
Source/JavaScriptCore:
* jsc.cpp:
(GlobalObject::moduleLoaderImportModule):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncImportModule):
Source/WebCore:
* bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::importModule):
LayoutTests:
Later, I'll reland it with the deterministic tests.
* inspector/controller/resources/cappuccino.js: Removed.
* inspector/controller/resources/cocoa.js: Removed.
* inspector/controller/resources/drink.js: Removed.
* inspector/controller/runtime-controller-expected.txt:
* inspector/controller/runtime-controller.html:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211828 | mark.lam@apple.com | 2017-02-07 20:01:35 +0000 (Tue, 07 Feb 2017) | 52 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/tools/SigillCrashAnalyzer.cpp
The SigillCrashAnalyzer should play nicer with client code that may install its own SIGILL handler.
https://bugs.webkit.org/show_bug.cgi?id=167858
Reviewed by Michael Saboff.
Here are the scenarios that may come up:
1. Client code did not install a SIGILL handler.
- In this case, once we're done analyzing the SIGILL, we can just restore the
default handler and return to let the OS do the default action i.e. capture
a core dump.
2. Client code installed a SIGILL handler before JSC does.
- In this case, we will see a non-null handler returned as the old signal
handler when we install ours.
- In our signal handler, after doing our crash analysis, we should invoke the
client handler to let it do its work.
- Our analyzer can also tell us if the SIGILL source is from JSC code in
general (right now, this would just mean JIT code).
- If the SIGILL source is not from JSC, we'll just let the client handler
decided how to proceed. We assume that the client handler will do the right
thing (which is how the old behavior is before the SigillCrashAnalyzer was
introduced).
- If the SIGILL source is from JSC, then we know the SIGILL is an unrecoverable
condition. Hence, after we have given the client handler a chance to run,
we should restore the default handler and let the OS capture a core dump.
This intentionally overrides whatever signal settings the client handler may
have set.
3. Client code installed a SIGILL handler after JSC does.
- In this case, we are dependent on the client handler to call our handler
after it does its work. This is compatible with the old behavior before
SigillCrashAnalyzer was introduced.
- In our signal handler, if we determine that the SIGILL source is from JSC
code, then the SIGILL is not recoverable. We should then restore the
default handler and get a core dump.
- If the SIGILL source is not from JSC, we check to see if there's a client
handler installed after us.
- If we detect a client handler installed after us, we defer judgement on what
to do to the client handler. Since the client handler did not uninstall
itself, it must have considered itself to have recovered from the SIGILL.
We'll trust the client handler and take no restore action of our own (which
is compatible with old code behavior).
- If we detect no client handler and we have no previous handler, then we
should restore the default handler and get a core dump.
* tools/SigillCrashAnalyzer.cpp:
(JSC::handleCrash):
(JSC::installCrashHandler):
(JSC::SigillCrashAnalyzer::analyze): Deleted.
------------------------------------------------------------------------
------------------------------------------------------------------------
r211834 | mark.lam@apple.com | 2017-02-07 21:22:20 +0000 (Tue, 07 Feb 2017) | 11 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/tools/SigillCrashAnalyzer.cpp
SigillCrashAnalyzer::analyze() should use a do-while loop instead of a lambda.
https://bugs.webkit.org/show_bug.cgi?id=167950
Reviewed by Michael Saboff.
Lambdas aren't free (apparently, the compiler isn't able to detect that the
lambda does not escape and can be inlined completely). So, use a do-while loop
instead since we don't really need a lambda here.
* tools/SigillCrashAnalyzer.cpp:
------------------------------------------------------------------------
------------------------------------------------------------------------
r211896 | sbarati@apple.com | 2017-02-08 21:21:45 +0000 (Wed, 08 Feb 2017) | 29 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/b3/air/AirInsertionSet.cpp
M /trunk/Source/JavaScriptCore/b3/air/AirInsertionSet.h
M /trunk/Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp
M /trunk/Source/JavaScriptCore/b3/testb3.cpp
Air IRC might spill a terminal that produces a value after the terminal
https://bugs.webkit.org/show_bug.cgi?id=167919
<rdar://problem/29754721>
Reviewed by Filip Pizlo.
IRC may spill a value-producing terminal (a patchpoint can be a value-producing terminal).
It used to do this by placing the spill *after* the terminal. This produces an invalid
graph because no instructions are allowed after the terminal.
I fixed this bug by having a cleanup pass over the IR after IRC is done.
The pass detects this problem, and fixes it by moving the spill into the
successors. However, it is careful to detect when the edge to the
successor is a critical edge. If the value-producing patchpoint is
the only predecessor of the successor, it just moves the spill
code to the beginning of the successor. Otherwise, it's a critical
edge and it breaks it by adding a block that does the spilling then
jumps to the successor.
* b3/air/AirInsertionSet.cpp:
* b3/air/AirInsertionSet.h:
(JSC::B3::Air::InsertionSet::insertInsts):
* b3/air/AirIteratedRegisterCoalescing.cpp:
* b3/testb3.cpp:
(JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled):
(JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled2):
(JSC::B3::run):
------------------------------------------------------------------------
------------------------------------------------------------------------
r211908 | keith_miller@apple.com | 2017-02-09 00:02:20 +0000 (Thu, 09 Feb 2017) | 52 lines
Changed paths:
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecode/BytecodeList.json
M /trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M /trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
M /trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGNode.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M /trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M /trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M /trunk/Source/JavaScriptCore/jit/JITOperations.cpp
M /trunk/Source/JavaScriptCore/jit/JITOperations.h
M /trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
M /trunk/Source/JavaScriptCore/parser/Nodes.h
M /trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
M /trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h
[JSC] op_in should have ArrayProfile
https://bugs.webkit.org/show_bug.cgi?id=164581
Reviewed by Filip Pizlo.
This patch adds an ArrayProfile to the op_in bytecode. In the
DFG, if we see that we the key is an int32 we will convert the In
DFG node to a HasIndexedProperty node instead.
This patch also flips the two arguments of op_in and the In node
to reflect the other property lookup bytecodes.
* bytecode/BytecodeList.json:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finishCreation):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitIn):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitIn): Deleted.
* bytecompiler/NodesCodegen.cpp:
(JSC::InNode::emitBytecode):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::convertToHasIndexedProperty):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasArrayMode):
(JSC::DFG::Node::hasInternalMethodType):
(JSC::DFG::Node::internalMethodType):
(JSC::DFG::Node::setInternalMethodType):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileIn):
(JSC::FTL::DFG::LowerDFGToB3::compileHasIndexedProperty):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* llint/LowLevelInterpreter.asm:
* parser/Nodes.h:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::opIn):
------------------------------------------------------------------------
------------------------------------------------------------------------
r212009 | bfulgham@apple.com | 2017-02-10 00:59:15 +0000 (Fri, 10 Feb 2017) | 19 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/caller-native-code.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/JSFunction.cpp
We should not allow Function.caller to be used on native functions
https://bugs.webkit.org/show_bug.cgi?id=165628
Patch by Keith Miller <keith_miller@apple.com> on 2017-02-09
Reviewed by Mark Lam.
JSTests:
* stress/caller-native-code.js: Added.
(f):
Source/JavaScriptCore:
Also remove unneeded dynamic cast.
* runtime/JSFunction.cpp:
(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
(JSC::JSFunction::callerGetter):
------------------------------------------------------------------------
------------------------------------------------------------------------
r212015 | bfulgham@apple.com | 2017-02-10 01:39:13 +0000 (Fri, 10 Feb 2017) | 51 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
A /trunk/LayoutTests/http/tests/security/xssAuditor/regress-167121-expected.txt
A /trunk/LayoutTests/http/tests/security/xssAuditor/regress-167121.html
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
M /trunk/Source/JavaScriptCore/bytecode/InternalFunctionAllocationProfile.h
M /trunk/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h
M /trunk/Source/JavaScriptCore/runtime/FunctionRareData.cpp
M /trunk/Source/JavaScriptCore/runtime/FunctionRareData.h
M /trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp
M /trunk/Source/JavaScriptCore/runtime/IteratorOperations.cpp
M /trunk/Source/JavaScriptCore/runtime/JSBoundFunction.cpp
M /trunk/Source/JavaScriptCore/runtime/JSFunction.cpp
M /trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M /trunk/Source/JavaScriptCore/runtime/JSProxy.cpp
M /trunk/Source/JavaScriptCore/runtime/ObjectConstructor.h
M /trunk/Source/JavaScriptCore/runtime/PrototypeMap.cpp
M /trunk/Source/JavaScriptCore/runtime/PrototypeMap.h
Constructed object's global object should be the global object of the constructor.
https://bugs.webkit.org/show_bug.cgi?id=167121
<rdar://problem/30054759>
Patch by Mark Lam <mark.lam@apple.com> on 2017-02-09
Reviewed by Filip Pizlo and Geoffrey Garen.
Source/JavaScriptCore:
The realm (i.e. globalObject) of any object should be the same as the constructor
that instantiated the object. Changed PrototypeMap::createEmptyStructure() to
be passed the correct globalObject to use instead of assuming it's the same one
as the prototype object.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* bytecode/InternalFunctionAllocationProfile.h:
(JSC::InternalFunctionAllocationProfile::createAllocationStructureFromBase):
* bytecode/ObjectAllocationProfile.h:
(JSC::ObjectAllocationProfile::initialize):
* runtime/FunctionRareData.cpp:
(JSC::FunctionRareData::initializeObjectAllocationProfile):
* runtime/FunctionRareData.h:
(JSC::FunctionRareData::createInternalFunctionAllocationStructureFromBase):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::createSubclassStructure):
* runtime/IteratorOperations.cpp:
(JSC::createIteratorResultObjectStructure):
* runtime/JSBoundFunction.cpp:
(JSC::getBoundFunctionStructure):
* runtime/JSFunction.cpp:
(JSC::JSFunction::allocateAndInitializeRareData):
(JSC::JSFunction::initializeRareData):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSProxy.cpp:
(JSC::JSProxy::setTarget):
* runtime/ObjectConstructor.h:
(JSC::constructEmptyObject):
* runtime/PrototypeMap.cpp:
(JSC::PrototypeMap::createEmptyStructure):
(JSC::PrototypeMap::emptyStructureForPrototypeFromBaseStructure):
(JSC::PrototypeMap::emptyObjectStructureForPrototype):
(JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
* runtime/PrototypeMap.h:
LayoutTests:
* http/tests/security/xssAuditor/regress-167121-expected.txt: Added.
* http/tests/security/xssAuditor/regress-167121.html: Added.
------------------------------------------------------------------------
------------------------------------------------------------------------
r212019 | bfulgham@apple.com | 2017-02-10 01:54:24 +0000 (Fri, 10 Feb 2017) | 50 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/array-prototype-concat-of-long-spliced-arrays.js
A /trunk/JSTests/stress/array-prototype-concat-of-long-spliced-arrays2.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/builtins/ArrayPrototype.js
M /trunk/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.cpp
M /trunk/Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
M /trunk/Source/JavaScriptCore/runtime/ArrayPrototype.cpp
M /trunk/Source/JavaScriptCore/runtime/JSArray.cpp
Fix max length check in ArrayPrototype.js' concatSlowPath().
https://bugs.webkit.org/show_bug.cgi?id=167270
<rdar://problem/30128133>
Patch by Mark Lam <mark.lam@apple.com> on 2017-02-09
Reviewed by Filip Pizlo.
JSTests:
* stress/array-prototype-concat-of-long-spliced-arrays.js: Added.
* stress/array-prototype-concat-of-long-spliced-arrays2.js: Added.
Source/JavaScriptCore:
1. Fixed concatSlowPath() to ensure that the result array length does not exceed
@MAX_ARRAY_INDEX. The old code was checking against @MAX_SAFE_INTEGER in some
cases, but this is overly permissive.
2. Changed concatSlowPath() to throw a RangeError instead of a TypeError to be
consistent with the C++ runtime functions in JSArray.cpp.
3. Changed the RangeError message in concatSlowPath() and JSArray.cpp to "Length
exceeded the maximum array length" when the error is that the result length
exceeds MAX_ARRAY_INDEX. We do this for 2 reasons:
a. "Length exceeded the maximum array length" is more informative than
"Invalid array length".
b. We want to use the same string consistently for the same error.
There are still 2 places in JSArray.cpp that still throws a RangeError with
message "Invalid array length". In those cases, the error is not necessarily
due to the result length exceeding MAX_ARRAY_INDEX, but is due to attempting to
set a length value that is not an integer that fits in MAX_ARRAY_INDEX e.g.
an attempt to set a fractional length value. Hence, "Invalid array length" is
appropriate for those cases.
4. Fixed JSArray::appendMemcpy() to handle overflows when computing the result
array length.
* builtins/ArrayPrototype.js:
(concatSlowPath):
* bytecode/BytecodeIntrinsicRegistry.cpp:
(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
* bytecode/BytecodeIntrinsicRegistry.h:
* runtime/ArrayPrototype.cpp:
(JSC::concatAppendOne):
(JSC::arrayProtoPrivateFuncAppendMemcpy):
* runtime/JSArray.cpp:
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::push):
------------------------------------------------------------------------
------------------------------------------------------------------------
r212021 | bfulgham@apple.com | 2017-02-10 02:02:30 +0000 (Fri, 10 Feb 2017) | 31 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/sloppy-mode-hoist-arguments-function-non-simple-parameter-list.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
Sloppy mode: We don't properly hoist functions names "arguments" when we have a non-simple parameter list
https://bugs.webkit.org/show_bug.cgi?id=167319
<rdar://problem/30149432>
Patch by Saam Barati <sbarati@apple.com> on 2017-02-09
Reviewed by Mark Lam.
JSTests:
* stress/sloppy-mode-hoist-arguments-function-non-simple-parameter-list.js: Added.
(assert):
(assert.arguments):
(assert.b):
(x.arguments):
(x.b):
(x):
Source/JavaScriptCore:
When hoisting a function inside sloppy mode, we were assuming all "var"s are inside
what we call the "var" SymbolTableEntry. This was almost true, execpt for "arguments",
which has sufficiently weird behavior. "arguments" can be visible to the default
parameter expressions inside a function, therefore can't go inside the "var"
SymbolTableEntry since the parameter SymbolTableEntry comes before the "var"
SymbolTableEntry in the scope chain. Therefore, if we hoist a function named
"arguments", then we must also look for that variable inside the parameter scope
stack entry.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::hoistSloppyModeFunctionIfNecessary):
------------------------------------------------------------------------
------------------------------------------------------------------------
r212022 | bfulgham@apple.com | 2017-02-10 02:07:18 +0000 (Fri, 10 Feb 2017) | 16 lines
Changed paths:
M /trunk/JSTests/ChangeLog
A /trunk/JSTests/stress/b3-delete-orphans-should-neutralize-upsilons-with-dead-phis.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/b3/B3Procedure.cpp
B3::Procedure::deleteOrphans() should neutralize upsilons with dead phis.
https://bugs.webkit.org/show_bug.cgi?id=167437
<rdar://problem/30198083>
Patch by Mark Lam <mark.lam@apple.com> on 2017-02-09
Reviewed by Filip Pizlo.
JSTests:
* stress/b3-delete-orphans-should-neutralize-upsilons-with-dead-phis.js: Added.
Source/JavaScriptCore:
* b3/B3Procedure.cpp:
(JSC::B3::Procedure::deleteOrphans):
------------------------------------------------------------------------
------------------------------------------------------------------------
r212035 | fpizlo@apple.com | 2017-02-10 02:42:20 +0000 (Fri, 10 Feb 2017) | 96 lines
Changed paths:
M /trunk/LayoutTests/ChangeLog
A /trunk/LayoutTests/workers/sab/multi-memory-expected.txt
A /trunk/LayoutTests/workers/sab/multi-memory-multi-buffer-expected.txt
A /trunk/LayoutTests/workers/sab/multi-memory-multi-buffer.html
A /trunk/LayoutTests/workers/sab/multi-memory-worker-1.js
A /trunk/LayoutTests/workers/sab/multi-memory-worker-2.js
A /trunk/LayoutTests/workers/sab/multi-memory.html
A /trunk/LayoutTests/workers/sab/no-transfer-expected.txt
A /trunk/LayoutTests/workers/sab/no-transfer.html
A /trunk/LayoutTests/workers/sab/postMessage-clones-expected.txt
A /trunk/LayoutTests/workers/sab/postMessage-clones.html
A /trunk/LayoutTests/workers/sab/sab-creator-no-transfer.js
A /trunk/LayoutTests/workers/sab/sab-creator-transfer.js
A /trunk/LayoutTests/workers/sab/sent-from-worker-no-transfer-expected.txt
A /trunk/LayoutTests/workers/sab/sent-from-worker-no-transfer.html
A /trunk/LayoutTests/workers/sab/sent-from-worker-transfer-expected.txt
A /trunk/LayoutTests/workers/sab/sent-from-worker-transfer.html
M /trunk/LayoutTests/workers/sab/worker-resources.js
M /trunk/Source/JavaScriptCore/ChangeLog
M /trunk/Source/JavaScriptCore/runtime/ArrayBuffer.cpp
M /trunk/Source/JavaScriptCore/runtime/ArrayBuffer.h
M /trunk/Source/WebCore/ChangeLog
M /trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp
M /trunk/Source/WebCore/bindings/js/JSMessageEventCustom.cpp
M /trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp
M /trunk/Source/WebCore/bindings/js/SerializedScriptValue.h
M /trunk/Source/WebCore/dom/CustomEvent.cpp
M /trunk/Source/WebCore/dom/ErrorEvent.cpp
M /trunk/Source/WebCore/dom/MessageEvent.cpp
M /trunk/Source/WebCore/dom/PopStateEvent.cpp
M /trunk/Source/WebCore/workers/DedicatedWorkerGlobalScope.cpp
M /trunk/Source/WebCore/workers/Worker.cpp
SharedArrayBuffer does not need to be in the transfer list
https://bugs.webkit.org/show_bug.cgi?id=168079
Reviewed by Geoffrey Garen and Keith Miller.
Source/JavaScriptCore:
Exposes a simple shareWith() API for when you know you want to share the contents of
a shared buffer. Also a useful explicit operator bool.
* runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::shareWith):
* runtime/ArrayBuffer.h:
(JSC::ArrayBufferContents::operator bool):
Source/WebCore:
Tests: workers/sab/multi-memory-multi-buffer.html
workers/sab/multi-memory.html
workers/sab/no-transfer.html
workers/sab/postMessage-clones.html
workers/sab/sent-from-worker-no-transfer.html
workers/sab/sent-from-worker-transfer.html
The SAB API that we originally implemented required that SABs get put in transfer lists
when they are sent to workers.
The new SAB API that everyone is converging towards requires that you do not put the
SAB in the transfer list. That's supposed to be an error. Instead, anytime that a SAB
is part of any message to or from a dedicated worker then it is automatically shared.
The new API provides a lot more clarity about what is supposed to happen in contexts
that support transfering but don't support sharing.
Right now this patch allows both styles to work, but I hope we can disable the transfer
list capability soon.
* bindings/js/IDBBindingUtilities.cpp:
(WebCore::deserializeIDBValueToJSValue):
* bindings/js/JSMessageEventCustom.cpp:
(WebCore::JSMessageEvent::data):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::serialize):
(WebCore::CloneSerializer::CloneSerializer):
(WebCore::CloneSerializer::dumpIfTerminal):
(WebCore::CloneDeserializer::deserialize):
(WebCore::CloneDeserializer::CloneDeserializer):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::SerializedScriptValue::SerializedScriptValue):
(WebCore::SerializedScriptValue::create):
(WebCore::SerializedScriptValue::deserialize):
* bindings/js/SerializedScriptValue.h:
(): Deleted.
* dom/CustomEvent.cpp:
(WebCore::CustomEvent::trySerializeDetail):
* dom/ErrorEvent.cpp:
(WebCore::ErrorEvent::trySerializeError):
* dom/MessageEvent.cpp:
(WebCore::MessageEvent::trySerializeData):
* dom/PopStateEvent.cpp:
(WebCore::PopStateEvent::trySerializeState):
* workers/DedicatedWorkerGlobalScope.cpp:
(WebCore::DedicatedWorkerGlobalScope::postMessage):
* workers/Worker.cpp:
(WebCore::Worker::postMessage):
LayoutTests:
This adds tests that ensure that SABs behave correctly (are either cloned or shared)
depending on context, and that we currently share SABs whether they are in the transfer
list or not. This also adds tests for SABs being passed around via more complicated
data structures.
* workers/sab/multi-memory-expected.txt: Added.
* workers/sab/multi-memory-multi-buffer-expected.txt: Added.
* workers/sab/multi-memory-multi-buffer.html: Added.
* workers/sab/multi-memory-worker-1.js: Added.
(onmessage):
* workers/sab/multi-memory-worker-2.js: Added.
(onmessage):
* workers/sab/multi-memory.html: Added.
* workers/sab/no-transfer-expected.txt: Added.
* workers/sab/no-transfer.html: Added.
* workers/sab/postMessage-clones-expected.txt: Added.
* workers/sab/postMessage-clones.html: Added.
* workers/sab/sab-creator-no-transfer.js: Added.
* workers/sab/sab-creator-transfer.js: Added.
* workers/sab/sent-from-worker-no-transfer-expected.txt: Added.
* workers/sab/sent-from-worker-no-transfer.html: Added.
* workers/sab/sent-from-worker-transfer-expected.txt: Added.
* workers/sab/sent-from-worker-transfer.html: Added.
* workers/sab/worker-resources.js:
------------------------------------------------------------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment