-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
ChangeLog
9405 lines (8047 loc) · 409 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2022-05-13 Ross Kirsling <ross.kirsling@sony.com>
TemporalPlainTime::toTemporalTimeRecord shouldn't require all properties to be provided
https://bugs.webkit.org/show_bug.cgi?id=240394
Reviewed by Yusuke Suzuki and Darin Adler.
Following the spec correction of https://github.com/tc39/proposal-temporal/pull/1862, this patch
fixes our Temporal.PlainTime implementation to require that *one* property be provided, not *all* of them.
* runtime/TemporalDuration.cpp:
(JSC::TemporalDuration::fromDurationLike):
* runtime/TemporalPlainTime.cpp:
(JSC::toTemporalTimeRecord):
2022-05-13 Anjali Kumar <anjalik_22@apple.com>
Web Inspector: [Meta] Implement Timelines Film Strip
https://bugs.webkit.org/show_bug.cgi?id=239350
Reviewed by Devin Rousso and Patrick Angle.
* inspector/protocol/Timeline.json:
2022-05-13 Lauro Moura <lmoura@igalia.com>
Unreviewed, non-unified build fixes
https://bugs.webkit.org/show_bug.cgi?id=240369
* runtime/DateConversion.cpp:
2022-05-08 Saam Barati <sbarati@apple.com>
Better handle clobbered registers in O0 register allocation
https://bugs.webkit.org/show_bug.cgi?id=240205
<rdar://87220688>
Reviewed by Yusuke Suzuki.
This patch makes Air's O0 register allocator better handle clobbered
registers. We now model both early and late clobber directly, and use
this to perform a basic interference analysis when allocating a register
to a Tmp. An early clobber interferes with any Use in an instruction, and
any early Defs. A late clobber interferes with any Defs in an instruction,
and any late Uses. What this enables is an early Use can be allocated
to a register that is only late clobbered. And a result can be allocated
to a register that is only early clobbered.
Prior to this, the algorithm had a bug where a Use may be allocated to
a register that is early clobbered.
* b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp:
(JSC::B3::Air::GenerateAndAllocateRegisters::buildLiveRanges):
(JSC::B3::Air::GenerateAndAllocateRegisters::alloc):
(JSC::B3::Air::GenerateAndAllocateRegisters::freeDeadTmpsIfNeeded):
(JSC::B3::Air::GenerateAndAllocateRegisters::assignTmp):
(JSC::B3::Air::GenerateAndAllocateRegisters::prepareForGeneration):
(JSC::B3::Air::GenerateAndAllocateRegisters::generate):
* b3/air/AirAllocateRegistersAndStackAndGenerateCode.h:
* b3/air/testair.cpp:
* jit/RegisterSet.h:
2022-05-11 Patrick Angle <pangle@apple.com>
Web Inspector: Parse InjectedScriptSource as a built-in to get guaranteed non-user-overriden JSC built-ins
https://bugs.webkit.org/show_bug.cgi?id=152294
Reviewed by Devin Rousso.
Covered by existing tests, and new test cases in `LayoutTests/inspector/injected-script/observable.html`
* CMakeLists.txt:
* DerivedSources-output.xcfilelist:
* DerivedSources.make:
* JavaScriptCore.xcodeproj/project.pbxproj:
- Build InjectedScriptSource.js as a builtin, not as a plain header file containing its source code.
* Scripts/wkbuiltins/builtins_model.py:
(BuiltinFunction.fromString):
(BuiltinsCollection._parse_functions):
- InspectorInjectedScript contains unbalanced curly brackets inside quotes. The generation of builtins is now
hardened against this. Previously all curly brackets were counted, which meant that the source code would be cut
off earlier than the actual end of the function.
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createExecutable):
- CommandLineAPIModuleSource.js uses destructuring to get the `RemoteObject` and `CommandLineAPI` classes at
instantiation. We need to treat this destructure as a single parameter, otherwise debug assertions will catch
the discrepancy between parameter counts.
* builtins/BuiltinNames.h:
* bytecode/LinkTimeConstant.h:
- Add symbols that we need to have a private version of, and for some of those symbols make them link-time constants.
* builtins/IteratorHelpers.js:
(globalPrivate.builtinSetIterable):
(globalPrivate.builtinMapIterable):
- Add reusable helpers for getting builtin iterators for Maps and Sets. This is done with private symbols that
represent the same function that the iterator would have returned. We create a new wrapper object to allow usage
to follow the same pattern at dealing with an unwrapped iterable object.
* inspector/InjectedScriptManager.cpp:
(Inspector::InjectedScriptManager::createInjectedScript):
(Inspector::InjectedScriptManager::injectedScriptFor):
(Inspector::InjectedScriptManager::injectedScriptSource): Deleted.
* inspector/InjectedScriptManager.h:
- Use the new link-time constant for the Injected Script creation function.
* inspector/InjectedScriptModule.cpp:
(Inspector::InjectedScriptModule::ensureInjected):
* inspector/InjectedScriptModule.h:
- Injected modules are now provided as a JSFunction, not raw source code.
* inspector/InjectedScriptSource.js:
- Use private symbols throughout to ensure we get non-observable, non-overridden versions of functions and values.
- In many cases, this is a 1:1 mapping where the new symbol is just prefixed with an `@`.
- For pushing values to arrays, use `@arrayPush`, the builtin way of pushing a value into an array.
- For the `Symbol` constructor, just use the existing `@createPrivateSymbol` instead of exposing a private
version of the `Symbol` constructor..
- `Symbol.toStringTag` is converted to `@@toStringTag`, the private version of that symbol.
- `Math.max` in `RemoteObject.prototype._generatePreview` now uses a helper function that performs a comparison
instead of exposing both Math and Math.max as private builtins.
- Create objects as prototype-less using the new builtin helper @createPrototypelessObject, which can also take
arguments that are key value pairs for near-parity with normal Object creation via `{}`.
- Create arrays as prototype-less using the new builtin helper @createPrototypelessArray, which can also take
arguments which are entries to put into the array.
- For spreading arguments (for the console commandline functions) we should create a new prototypeless array to
spread instead of spreading the raw arguments to avoid interacting with a potentially modified iterator.
* parser/Parser.h:
(JSC::parse):
- Add the line number to builtin compilation logging to help identify where sometimes ambiguous errors occurred.
* runtime/ArrayConstructor.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/MapPrototype.cpp:
* runtime/ObjectConstructor.cpp:
* runtime/SetPrototype.cpp:
* runtime/StringPrototype.cpp:
- Expose necessary functions/constructors via their private name for use in InjectedScriptSource.js and
CommandLineAPIModuleSource.js
* runtime/JSGlobalObject.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSGlobalObject::init):
* runtime/JSGlobalObject.h:
- Add a link-time constant for the String constructor.
- Add helpers for JSON parsing/serialization.
2022-05-10 Ross Kirsling <ross.kirsling@sony.com>
[Temporal] Years 0-999 should be canonically represented with 4 digits, not 6
https://bugs.webkit.org/show_bug.cgi?id=240294
Reviewed by Yusuke Suzuki.
This patch implements the spec change of https://github.com/tc39/proposal-temporal/issues/2082:
The range for 4-digit years in ISO8601 date strings should be 0-9999, not 1000-9999.
* runtime/TemporalInstant.cpp:
2022-05-09 Yusuke Suzuki <ysuzuki@apple.com>
Upstream TypedArray.prototype.fill speedup from bun
https://bugs.webkit.org/show_bug.cgi?id=239891
Reviewed by Saam Barati.
This patch imports bun's improvement in TypedArray#fill[1], bun is MIT licensed.
We use memset and its variant to fill TypedArray if possible.
Microbenchmarks show 5x improvement.
ToT Patched
typed-array-fill 1092.0348+-6.2496 ^ 221.3430+-9.1261 ^ definitely 4.9337x faster
[1]: https://github.com/Jarred-Sumner/WebKit/commit/b06577c1f1de19d2ef3d4a87d14ea41909ddf5fc
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::speciesConstruct):
(JSC::genericTypedArrayViewProtoFuncCopyWithin):
(JSC::genericTypedArrayViewProtoFuncIncludes):
(JSC::genericTypedArrayViewProtoFuncIndexOf):
(JSC::genericTypedArrayViewProtoFuncJoin):
(JSC::genericTypedArrayViewProtoFuncFill):
(JSC::genericTypedArrayViewProtoFuncLastIndexOf):
(JSC::genericTypedArrayViewProtoFuncReverse):
(JSC::genericTypedArrayViewPrivateFuncSort):
(JSC::genericTypedArrayViewProtoFuncSlice):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
2022-05-10 Mark Lam <mark.lam@apple.com>
Add optional Integrity checks at JSC API boundaries.
https://bugs.webkit.org/show_bug.cgi?id=240264
Reviewed by Yusuke Suzuki.
1. Defined ENABLE_EXTRA_INTEGRITY_CHECKS in Integrity.h. JSC developers can enable
this for their local build if they want to enable more prolific Integrity audits.
This is disabled by default.
This feature is currently only supported for USE(JSVALUE64) targets.
The following changes only take effect if ENABLE(EXTRA_INTEGRITY_CHECKS) is enabled.
Otherwise, these are no-ops.
2. Added Integrity audits to all toJS and toRef conversion functions in APICast.h.
This will help us detect if bad values are passed across the API boundary.
3. Added some Integrity audits in JSValue.mm where the APICast ones were insufficient.
The following changes are in effect even when ENABLE(EXTRA_INTEGRITY_CHECKS) is
disabled. Some of these were made to support ENABLE(EXTRA_INTEGRITY_CHECKS), and
some are just clean up in related code that I had to touch along the way.
4. Moved isSanePointer() to Integrity.h so that it can be used in more places.
5. Changed VM registration with the VMInspector so that it's registered earlier
and removed later. Integrity audits may need to audit VM pointers while the
VM is being constructed and destructed.
6. Added VM::m_isInService to track when the VM is fully constructed or about to
be destructed since the VM is now registered with the VMInspector differently
(see (4) above). Applied this check in places that need it.
7. Fixed VMInspector::isValidExecutableMemory() to check the ExecutableAllocator
directly without iterating VMs (which is completely unnecessary).
8. Fixed VMInspector::isValidExecutableMemory() and VMInspector::codeBlockForMachinePC()
to use AdoptLock. This fixes a race condition where the lock can be contended
after ensureIsSafeToLock() succeeds.
9. Added VMInspector::isValidVM() to check if a VM pointer is registered or not.
VMInspector caches the most recently added or found VM so that isValidVM()
can just check the cache for its fast path.
10. Moved the implementation of VMInspector::verifyCell() to Integrity::analyzeCell()
and add more checks to it. VMInspector::verifyCell() now calls Integrity::verifyCell()
which uses Integrity::analyzeCell() to do the real cell analysis.
11. Also strengten Integrity::auditStructureID() so that it will check if a
Structure's memory has been released. This change is enabled on Debug builds
by default as well as when ENABLE(EXTRA_INTEGRITY_CHECKS). It is disabled
on Release builds.
* API/APICast.h:
(toJS):
(toJSForGC):
(uncheckedToJS):
(toRef):
(toGlobalRef):
* API/JSContext.mm:
* API/JSContextRef.cpp:
* API/JSScript.mm:
* API/JSValue.mm:
(ObjcContainerConvertor::convert):
(objectToValueWithoutCopy):
(objectToValue):
* API/JSVirtualMachine.mm:
* API/JSWeakPrivate.cpp:
* API/glib/JSCContext.cpp:
* API/glib/JSCWrapperMap.cpp:
* API/tests/JSObjectGetProxyTargetTest.cpp:
* bytecode/SpeculatedType.cpp:
(JSC::speculationFromCell):
(JSC::isSanePointer): Deleted.
* heap/HeapFinalizerCallback.cpp:
* heap/WeakSet.h:
* runtime/Structure.h:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:
(JSC::VM::isInService const):
* tools/HeapVerifier.cpp:
(JSC::HeapVerifier::checkIfRecorded):
* tools/Integrity.cpp:
(JSC::Integrity::Random::reloadAndCheckShouldAuditSlow):
(JSC::Integrity::auditCellMinimallySlow):
(JSC::Integrity::doAudit):
(JSC::Integrity::Analyzer::analyzeVM):
(JSC::Integrity::Analyzer::analyzeCell):
(JSC::Integrity::doAuditSlow):
(JSC::Integrity::verifyCell):
(): Deleted.
(JSC::Integrity::auditCellFully): Deleted.
* tools/Integrity.h:
(JSC::isSanePointer):
(JSC::Integrity::auditCell):
(JSC::Integrity::audit):
* tools/IntegrityInlines.h:
(JSC::Integrity::auditCell):
(JSC::Integrity::auditCellFully):
(JSC::Integrity::auditStructureID):
(JSC::Integrity::doAudit):
* tools/VMInspector.cpp:
(JSC::VMInspector::add):
(JSC::VMInspector::remove):
(JSC::VMInspector::isValidVMSlow):
(JSC::VMInspector::dumpVMs):
(JSC::VMInspector::isValidExecutableMemory):
(JSC::VMInspector::codeBlockForMachinePC):
(JSC::ensureIsSafeToLock): Deleted.
* tools/VMInspector.h:
(JSC::VMInspector::isValidVM):
(): Deleted.
(JSC::VMInspector::unusedVerifier): Deleted.
* tools/VMInspectorInlines.h:
(JSC::VMInspector::verifyCell):
(JSC::VMInspector::verifyCellSize): Deleted.
2022-05-09 Ross Kirsling <ross.kirsling@sony.com>
Unreviewed, address Darin's feedback on r250361.
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::toIntegerWithoutRounding const):
Normalize away -0 by unconditionally adding positive 0 (instead of making a separate zero check).
2022-05-09 Ross Kirsling <ross.kirsling@sony.com>
Temporal round and total methods should accept string param
https://bugs.webkit.org/show_bug.cgi?id=240249
Reviewed by Yusuke Suzuki.
This patch implements https://github.com/tc39/proposal-temporal/pull/1875,
which allows certain required string options to be passed directly instead of as part of an options object.
Namely:
- `{Duration, Instant, PlainTime}::round` now accept `smallestUnit` as a string param
- `Duration::total` now accepts `unit` as a string param
* runtime/TemporalDuration.cpp:
(JSC::TemporalDuration::round const):
(JSC::TemporalDuration::total const):
* runtime/TemporalInstant.cpp:
* runtime/TemporalPlainTime.cpp:
(JSC::TemporalPlainTime::round const):
2022-05-09 Ross Kirsling <ross.kirsling@sony.com>
Temporal and Date must reject expanded year -000000
https://bugs.webkit.org/show_bug.cgi?id=240263
Reviewed by Yusuke Suzuki.
As of the following two PRs, -000000 is officially disallowed as a representation of the year zero in ISO date strings.
https://github.com/tc39/ecma262/pull/2550
https://github.com/tc39/proposal-temporal/pull/1992
This patch implements the change for Temporal and Date alike.
* runtime/ISO8601.cpp:
(JSC::ISO8601::parseDate):
2022-05-06 Ross Kirsling <ross.kirsling@sony.com>
Temporal.Duration#toString should never ignore fractionalSecondDigits
https://bugs.webkit.org/show_bug.cgi?id=240193
Reviewed by Yusuke Suzuki.
This patch implements the spec correction of https://github.com/tc39/proposal-temporal/pull/1956:
`new Temporal.Duration(1).toString({ fractionalSecondDigits: 2 })` should be P1Y0.00S, not just P1Y.
* runtime/TemporalDuration.cpp:
(JSC::TemporalDuration::toString):
2022-05-06 Ross Kirsling <ross.kirsling@sony.com>
ISO8601::Duration should guard against -0
https://bugs.webkit.org/show_bug.cgi?id=240185
Reviewed by Yusuke Suzuki.
Currently, when we parse a negative ISO duration string or negate a positive Duration object,
we end up storing -0 for the zero fields. This patch ensures that we always store +0 instead.
* runtime/ISO8601.h:
(JSC::ISO8601::Duration::operator- const):
2022-05-06 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Add more information about MarkedBlock assertion
https://bugs.webkit.org/show_bug.cgi?id=240176
Reviewed by Mark Lam and Saam Barati.
Collect more information about assertion via CRASH_WITH_INFO.
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::specializedSweep):
2022-05-05 Ross Kirsling <ross.kirsling@sony.com>
Temporal.Duration constructor should handle -0 properly
https://bugs.webkit.org/show_bug.cgi?id=240145
Reviewed by Yusuke Suzuki.
r250284 broke a new test262 test which verifies that -0 is normalized to 0 in cases like
`new Temporal.Duration(-0)` and `Temporal.Duration.from({years: -0 })`.
This patch properly aligns these paths with the spec.
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::toIntegerWithoutRounding const): Added.
(JSC::JSValue::toIntegerOrInfinity const):
* runtime/TemporalDuration.cpp:
(JSC::TemporalDuration::fromDurationLike):
* runtime/TemporalDurationConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
2022-05-06 Fujii Hironori <Hironori.Fujii@sony.com>
builtins-generator-tests are failing after 250242@main
https://bugs.webkit.org/show_bug.cgi?id=239792
<rdar://problem/92532725>
Unreviewed resetting the results.
Tools/Scripts/run-builtins-generator-tests --reset-results
* Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
2022-05-05 Chris Dumez <cdumez@apple.com>
Identifier::string() should return an AtomString
https://bugs.webkit.org/show_bug.cgi?id=240122
Reviewed by Yusuke Suzuki.
Identifier::string() should return an AtomString instead of a String, since
it holds an AtomString internally.
Also add some overloads to jsString() to resolve ambiguity for some callers.
* API/JSContext.mm:
(-[JSContext dependencyIdentifiersForModuleJSScript:]):
* bytecompiler/NodesCodegen.cpp:
(JSC::processClauseList):
* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::functionDetails):
* jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
* runtime/Error.cpp:
(JSC::addErrorInfo):
* runtime/ErrorInstance.cpp:
(JSC::ErrorInstance::finishCreation):
* runtime/ErrorPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/FunctionExecutable.cpp:
(JSC::FunctionExecutable::toStringSlow):
* runtime/Identifier.h:
(JSC::Identifier::string const):
(JSC::Identifier::atomString const): Deleted.
* runtime/IdentifierInlines.h:
(JSC::identifierToJSValue):
(JSC::identifierToSafePublicJSValue):
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::format const):
(JSC::IntlDateTimeFormat::formatRange):
* runtime/IntlDisplayNames.cpp:
(JSC::IntlDisplayNames::of const):
* runtime/IntlListFormat.cpp:
(JSC::IntlListFormat::format const):
* runtime/IntlRelativeTimeFormat.cpp:
(JSC::IntlRelativeTimeFormat::format const):
* runtime/JSFunction.cpp:
(JSC::JSFunction::reifyName):
* runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::requestImportModule):
* runtime/JSString.h:
(JSC::jsString):
* runtime/JSStringInlines.h:
(JSC::repeatCharacter):
* runtime/StringPrototype.cpp:
(JSC::jsSpliceSubstrings):
(JSC::jsSpliceSubstringsWithSeparators):
(JSC::toLocaleCase):
(JSC::normalize):
* runtime/SymbolPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
2022-05-05 Yusuke Suzuki <ysuzuki@apple.com>
Unreviewed, partial revert of r293813 because of proposal's issue.
https://bugs.webkit.org/show_bug.cgi?id=240102
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::initializeNumberFormat):
2022-05-05 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Clean up StructureID related data
https://bugs.webkit.org/show_bug.cgi?id=240114
Reviewed by Mark Lam.
This patch moves structureHeapAddressSize to StructureID. And define it only when we use it.
We also use decontaminate() in ADDRESS32 tryDecode. Strictly speaking, it is not necessary
for now since 32bit environment does not have concurrent GC & concurrent JIT compiler, but
it can have that.
* runtime/JSCConfig.h:
* runtime/StructureID.h:
(JSC::StructureID::tryDecode const):
2022-05-05 Diego Pino Garcia <dpino@igalia.com>
[GCC] REGRESSION(r293605): error: cannot convert ‘<brace-enclosed initializer list>’ to ‘unsigned char:3’ in initialization
https://bugs.webkit.org/show_bug.cgi?id=239897
Reviewed by Yusuke Suzuki.
* bytecode/MethodOfGettingAValueProfile.h: Move initialization of 'm_kind' to class constructor.
2022-05-04 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Intl.NumberFormat lacks some validation for rounding-increment
https://bugs.webkit.org/show_bug.cgi?id=240102
Reviewed by Ross Kirsling.
This patch adds some validations added in Intl.NumberFormat v3[1].
Important thing is one is TypeError and one is RangeError.
Both are tested in test262.
[1]: https://tc39.es/proposal-intl-numberformat-v3/out/numberformat/proposed.html#sec-initializenumberformat
* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::initializeNumberFormat):
2022-05-04 Ross Kirsling <ross.kirsling@sony.com>
Temporal.Duration constructor should throw on non-integers
https://bugs.webkit.org/show_bug.cgi?id=240094
Reviewed by Yusuke Suzuki.
Belated implementation for https://github.com/tc39/proposal-temporal/pull/1872 --
this patch makes `new Temporal.Duration(1.1)` throw just as `Temporal.Duration.from({ years: 1.1 })` does.
* runtime/TemporalDurationConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
2022-05-04 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Temporal.Instant since/until should not accept year / month / day / week units
https://bugs.webkit.org/show_bug.cgi?id=240097
Reviewed by Ross Kirsling.
Temporal.Instant.{since,until} should not accept year / month / day / week units as smallestUnit / largestUnit
according to the spec [1,2]. But we missed that and crashing with the attached test. This patch fixes it.
[1]: https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.until
[2]: https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.since
* runtime/TemporalInstant.cpp:
2022-05-04 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Use decontaminate in StructureID::decode
https://bugs.webkit.org/show_bug.cgi?id=240088
Reviewed by Saam Barati and Mark Lam.
We have a bug that ENABLE(STRUCTURE_ID_WITH_SHIFT) and CPU(ADDRESS32) version of StructureID::decode
does not have decontaminate() call. It is wrong since these ID can be decoded concurrently. This patch fixes it.
* runtime/StructureID.h:
(JSC::StructureID::decode const):
2022-05-04 Mark Lam <mark.lam@apple.com>
Use IterationStatus in more places.
https://bugs.webkit.org/show_bug.cgi?id=239864
Reviewed by Saam Barati.
There's no need for a StackVisitor::Status and a VMInspector::FunctorStatus which
represent the same idea.
* API/JSContextRef.cpp:
(BacktraceFunctor::operator() const):
* bytecode/CodeBlock.cpp:
(JSC::RecursionCheckFunctor::operator() const):
* debugger/DebuggerCallFrame.cpp:
(JSC::LineAndColumnFunctor::operator() const):
* inspector/ScriptCallStackFactory.cpp:
(Inspector::CreateScriptCallStackFunctor::operator() const):
* interpreter/CallFrame.cpp:
(JSC::CallFrame::callerSourceOrigin):
(JSC::CallFrame::globalObjectOfClosestCodeBlock):
* interpreter/CallFrame.h:
* interpreter/Interpreter.cpp:
(JSC::GetStackTraceFunctor::operator() const):
(JSC::Interpreter::getStackTrace):
(JSC::GetCatchHandlerFunctor::operator() const):
(JSC::UnwindFunctor::operator() const):
* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::update):
* interpreter/StackVisitor.h:
(JSC::StackVisitor::visit):
(JSC::CallerFunctor::operator() const):
* jsc.cpp:
(FunctionJSCStackFunctor::operator() const):
(startTimeoutTimer):
* runtime/Error.cpp:
(JSC::FindFirstCallerFrameWithCodeblockFunctor::operator() const):
* runtime/FunctionPrototype.cpp:
(JSC::RetrieveArgumentsFunctor::operator() const):
(JSC::RetrieveCallerFunctionFunctor::operator() const):
* runtime/JSGlobalObject.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/NullSetterFunction.cpp:
(JSC::GetCallerStrictnessFunctor::operator() const):
* tools/HeapVerifier.cpp:
(JSC::HeapVerifier::checkIfRecorded):
* tools/JSDollarVM.cpp:
(JSC::CallerFrameJITTypeFunctor::operator() const):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* tools/VMInspector.cpp:
(JSC::VMInspector::forEachVM):
(JSC::VMInspector::isValidExecutableMemory):
(JSC::VMInspector::codeBlockForMachinePC):
(JSC::VMInspector::codeBlockForFrame):
(JSC::DumpFrameFunctor::operator() const):
(JSC::VMInspector::dumpRegisters):
* tools/VMInspector.h:
(JSC::VMInspector::WTF_REQUIRES_LOCK):
2022-04-30 Philippe Normand <philn@igalia.com>
Web Inspector: Update jsmin to 3.0.1
https://bugs.webkit.org/show_bug.cgi?id=239924
Reviewed by Yusuke Suzuki.
Updated jsmin from upstream version, applying a few style changes suggested by
check-webkit-style. This new version is Python3-only and also much faster. Old:
time python3 /app/webkit/Source/JavaScriptCore/Scripts/jsmin.py < /app/webkit/WebKitBuild/Release/WebInspectorUI/DerivedSources/Main.js > foo.js
real 1m21.234s
user 0m59.580s
sys 0m21.253s
New:
time python3 /app/webkit/Source/JavaScriptCore/Scripts/jsmin.py < /app/webkit/WebKitBuild/Release/WebInspectorUI/DerivedSources/Main.js > foo.js
real 0m3.933s
user 0m3.899s
sys 0m0.018s
* Scripts/jsmin.py:
(jsmin):
(JavascriptMinify.__init__):
(JavascriptMinify.minify.write):
(JavascriptMinify.minify):
(JavascriptMinify):
(JavascriptMinify.regex_literal):
(JavascriptMinify.regex_literal.cannot):
(JavascriptMinify.line_comment):
(JavascriptMinify.block_comment):
(JavascriptMinify.newline):
(JavascriptMinify.minify.read): Deleted.
2022-05-03 Zan Dobersek <zdobersek@igalia.com>
[RISCV64] Implement MacroAssemblerRISCV64 move-conditionally methods
https://bugs.webkit.org/show_bug.cgi?id=239998
Reviewed by Yusuke Suzuki.
Provide implementations for the variants of the move-conditionally
operation in MacroAssemblerRISCV64. These are true macro operations,
often requiring scratch registers and branches to implement the
behavior since the RISC-V ISA doesn't provide appropriate instructions
out-of-the-box.
Test cases in testmasm are also enabled, including some additional
guards to avoid unused-variable warnings at build-time.
* assembler/MacroAssemblerRISCV64.h:
(JSC::MacroAssemblerRISCV64::moveConditionally32):
(JSC::MacroAssemblerRISCV64::moveConditionally64):
(JSC::MacroAssemblerRISCV64::moveConditionallyFloat):
(JSC::MacroAssemblerRISCV64::moveConditionallyDouble):
(JSC::MacroAssemblerRISCV64::moveConditionallyTest32):
(JSC::MacroAssemblerRISCV64::moveConditionallyTest64):
(JSC::MacroAssemblerRISCV64::moveDoubleConditionally32):
(JSC::MacroAssemblerRISCV64::moveDoubleConditionally64):
(JSC::MacroAssemblerRISCV64::moveDoubleConditionallyFloat):
(JSC::MacroAssemblerRISCV64::moveDoubleConditionallyDouble):
(JSC::MacroAssemblerRISCV64::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerRISCV64::moveDoubleConditionallyTest64):
(JSC::MacroAssemblerRISCV64::branchForMoveConditionally):
* assembler/testmasm.cpp:
(JSC::testProbeModifiesStackPointer):
(JSC::testProbeModifiesStackValues):
2022-05-03 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Extend Structure heap size from 1GB to 4GB
https://bugs.webkit.org/show_bug.cgi?id=240028
Reviewed by Saam Barati.
1GB was much smaller compared to StructureIDTable (which allowed 7GB).
This patch extends 1GB to 4GB, that's maximum limit of the current encoding scheme (we can
extend it further to 64GB if we introduce shift based on alignment, but currently not used).
We use this 4GB on platforms which has enough virtual address space.
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitNonNullDecodeStructureID):
* runtime/JSCConfig.h:
2022-05-03 Philippe Normand <pnormand@igalia.com> and Pavel Feldman <pavel.feldman@gmail.com> and Yury Semikhatsky <yurys@chromium.org>
[WK2] Add API to allow embedder to set a timezone override
https://bugs.webkit.org/show_bug.cgi?id=213884
Reviewed by Yusuke Suzuki.
* runtime/DateConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* runtime/DateConversion.cpp:
(JSC::formatDateTime): Format the overridden timezone if it's enabled.
* runtime/DateConversion.h:
* runtime/DatePrototype.cpp:
(JSC::formateDateInstance):
* runtime/JSDateMath.cpp:
(JSC::toICUTimeZone):
(JSC::toOpaqueICUTimeZone):
(JSC::OpaqueICUTimeZoneDeleter::operator()):
(JSC::DateCache::calculateLocalTimeOffset):
(JSC::DateCache::defaultTimeZone):
(JSC::DateCache::timeZoneDisplayNameOverride):
(JSC::DateCache::timeZoneCacheSlow): Apply timezone override if it is set.
(JSC::DateCache::resetIfNecessary):
* runtime/JSDateMath.h:
2022-04-29 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Introduce unlinked version of invalidation
https://bugs.webkit.org/show_bug.cgi?id=239887
Reviewed by Saam Barati.
This patch makes invalidation mechanism unlinked for unlinked DFG.
1. We always use CheckTraps instead of InvalidationPoint with VMTraps so that we do not need
to repatch existing code.
2. We introduce load-and-branch based InvalidationPoint for unlinked DFG so that we do not need
to repatch it to jump to OSR exit when watchpoint fires. We store this condition in DFG::JITData
so that code can quickly access to that.
3. We make isStillValid conditions in DFG::CommonData always true for unlinked DFG code. Instead,
we check isJettisoned() condition of CodeBlock since it will become eventually per CodeBlock
information (while this CodeBlock gets invalidated, unlinked DFG code itself can be used for
the other CodeBlock).
After this change, now, jumpReplacements for unlinked DFG becomes empty. We no longer repatch these invalidation points.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::hasInstalledVMTrapsBreakpoints const):
(JSC::CodeBlock::canInstallVMTrapBreakpoints const):
(JSC::CodeBlock::installVMTrapBreakpoints):
(JSC::CodeBlock::hasInstalledVMTrapBreakpoints const): Deleted.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::isJettisoned const):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::invalidateLinkedCode):
(JSC::DFG::CommonData::~CommonData):
(JSC::DFG::CommonData::installVMTrapBreakpoints):
(JSC::DFG::CommonData::invalidate): Deleted.
(JSC::DFG::CommonData::isVMTrapBreakpoint): Deleted.
* dfg/DFGCommonData.h:
(JSC::DFG::CommonData::CommonData):
(JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints const):
(JSC::DFG::CommonData::isUnlinked const):
(JSC::DFG::CommonData::isStillValid const):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGJITCode.cpp:
(JSC::DFG::JITCode::JITCode):
* dfg/DFGJITCode.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
(JSC::DFG::prepareCatchOSREntry):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::finalize):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInvalidationPoint):
(JSC::DFG::SpeculativeJIT::compileCheckTraps):
(JSC::DFG::SpeculativeJIT::emitInvalidationPoint): Deleted.
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLJITCode.cpp:
(JSC::FTL::JITCode::JITCode):
* ftl/FTLJITCode.h:
(JSC::FTL::JITCode::isUnlinked const):
* ftl/FTLOSREntry.cpp:
(JSC::FTL::prepareOSREntry):
* jit/JITCode.cpp:
(JSC::JITCode::isUnlinked const):
* jit/JITCode.h:
* runtime/VMTraps.cpp:
(JSC::VMTraps::tryInstallTrapBreakpoints):
(JSC::VMTraps::handleTraps):
2022-05-02 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Introduce shifting Structure encoding
https://bugs.webkit.org/show_bug.cgi?id=239957
Reviewed by Mark Lam.
For platforms which have limited amount of virtual address space (<= 36 bits), this patch introduces
shifting Structure encoding. We align Structure on a 32-bytes boundary instead of 16 bytes so that
we can ensure that lower 5 bits are zero. Then, we can use 1 bit for nuke, and shifting 4 bits to
convert 36 bit address to 32 bit StructureID. By using this mechanism, we do not need to allocate
large virtual address space for these platforms. If we an address can have more than 36 bits, then
we should just reserve a larger address region since we have enough address space. Current Structure
size is 112 bytes, which is 3.5 atoms at 32 bytes / atom. Hence, this alignment costs us 16 bytes per
Structure.
Relanding with debug build failure & crash on static atomSize assumption in IsoSubspace.
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* heap/Heap.cpp:
* heap/IsoSubspace.h:
(JSC::GCClient::IsoSubspace::allocatorFor):
* heap/IsoSubspaceInlines.h:
(JSC::GCClient::IsoSubspace::allocate):
* heap/StructureAlignedMemoryAllocator.cpp:
(JSC::StructureMemoryManager::StructureMemoryManager):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitNonNullDecodeStructureID):
* llint/LLIntOfflineAsmConfig.h:
* llint/LowLevelInterpreter64.asm:
* runtime/JSCell.h:
* runtime/JSCellInlines.h:
(JSC::JSCell::JSCell):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
* runtime/Structure.h:
* runtime/StructureID.h:
(JSC::StructureID::decode const):
(JSC::StructureID::tryDecode const):
(JSC::StructureID::encode):
* tools/IntegrityInlines.h:
(JSC::Integrity::auditStructureID):
2022-05-01 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Add ISO8601 based Temporal.PlainDate getters
https://bugs.webkit.org/show_bug.cgi?id=239949
Reviewed by Ross Kirsling and Dean Jackson.
This patch adds missing getters of Temporal.PlainDate. Currently, we are not querying to Calendar.
It will be wired once we bake Calendar completely.
* runtime/ISO8601.cpp:
(JSC::ISO8601::dayOfWeek):
(JSC::ISO8601::dayOfYear):
(JSC::ISO8601::weekOfYear):
(JSC::ISO8601::daysInMonth):
(JSC::ISO8601::monthCode):
* runtime/ISO8601.h:
* runtime/TemporalPlainDate.cpp:
(JSC::TemporalPlainDate::from):
(JSC::TemporalPlainDate::monthCode const):
(JSC::TemporalPlainDate::dayOfWeek const):
(JSC::TemporalPlainDate::dayOfYear const):
(JSC::TemporalPlainDate::weekOfYear const):
* runtime/TemporalPlainDate.h:
* runtime/TemporalPlainDatePrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
2022-05-02 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Fix ASan crash due to CString ownership
https://bugs.webkit.org/show_bug.cgi?id=239981
Reviewed by Darin Adler and Mark Lam.
We need to ensure that CString is kept alive.
* runtime/JSDateMath.cpp:
(JSC::DateCache::timeZoneDisplayName):
2022-05-02 Justin Michaud <justin_michaud@apple.com>
Add option to JSC shell to wait for a USR2 signal before exiting to aid in collection of vmmaps
https://bugs.webkit.org/show_bug.cgi?id=239919
Reviewed by Yusuke Suzuki.
* jsc.cpp:
(main):
2022-05-02 Commit Queue <commit-queue@webkit.org>
Unreviewed, reverting r293680.
https://bugs.webkit.org/show_bug.cgi?id=239983
crash on iOS
Reverted changeset:
"[JSC] Introduce shifting Structure encoding"
https://bugs.webkit.org/show_bug.cgi?id=239957
https://commits.webkit.org/r293680
2022-05-02 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Introduce shifting Structure encoding
https://bugs.webkit.org/show_bug.cgi?id=239957
Reviewed by Mark Lam.
For platforms which have limited amount of virtual address space (<= 36 bits), this patch introduces
shifting Structure encoding. We align Structure on a 32-bytes boundary instead of 16 bytes so that
we can ensure that lower 5 bits are zero. Then, we can use 1 bit for nuke, and shifting 4 bits to
convert 36 bit address to 32 bit StructureID. By using this mechanism, we do not need to allocate
large virtual address space for these platforms. If we an address can have more than 36 bits, then
we should just reserve a larger address region since we have enough address space. Current Structure
size is 112 bytes, which is 3.5 atoms at 32 bytes / atom. Hence, this alignment costs us 16 bytes per
Structure.
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* heap/Heap.cpp:
* heap/StructureAlignedMemoryAllocator.cpp:
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitNonNullDecodeStructureID):
* llint/LLIntOfflineAsmConfig.h:
* llint/LowLevelInterpreter64.asm:
* runtime/JSCConfig.h:
* runtime/JSCell.h:
(JSC::JSCell::atomSize):
* runtime/Structure.h:
(JSC::Structure::atomSize):
* runtime/StructureID.h:
(JSC::StructureID::decode const):
(JSC::StructureID::tryDecode const):
(JSC::StructureID::encode):
* tools/IntegrityInlines.h:
(JSC::Integrity::auditStructureID):
2022-05-01 Yusuke Suzuki <ysuzuki@apple.com>
[JSC] Revive JSC's guard against speculation collection
https://bugs.webkit.org/show_bug.cgi?id=239939
Reviewed by Mark Lam.
r288815 dropped JSC's guard against structures in speculation collection, but this is wrong.
This patch reverts it back.
* bytecode/SpeculatedType.cpp:
(JSC::speculationFromCell):
* heap/StructureAlignedMemoryAllocator.cpp:
(JSC::StructureMemoryManager::StructureMemoryManager):
(JSC::StructureMemoryManager::tryMallocStructureBlock):
(JSC::StructureMemoryManager::freeStructureBlock):
(JSC::StructureAlignedMemoryAllocator::initializeStructureAddressSpace):
* runtime/JSCConfig.h:
* runtime/StructureID.h:
(JSC::StructureID::tryDecode const):
2022-05-01 Zan Dobersek <zdobersek@igalia.com>
[RISCV64] Implement MacroAssembler::probe(), ctiMasmProbeTrampoline
https://bugs.webkit.org/show_bug.cgi?id=239938
Reviewed by Yusuke Suzuki.