<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[245239] trunk/Source</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/245239">245239</a></dd>
<dt>Author</dt> <dd>ysuzuki@apple.com</dd>
<dt>Date</dt> <dd>2019-05-13 10:32:31 -0700 (Mon, 13 May 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>[JSC] Compress miscelaneous JIT related data structures with Packed<>
https://bugs.webkit.org/show_bug.cgi?id=197830

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch leverages Packed<> to compress miscelaneous data structures related to JIT.

1. JIT IC data structures

2. ValueRecovery

    We use Packed<> for EncodedJSValue in ValueRecovery. This means that conservative GC cannot find
    these values. But this is OK anyway since ValueRecovery's constant should be already registered
    in DFG graph. From 16 (alignment 8) to 9 (alignment 1).

3. FTL::ExitValue

    We use Packed<> for EncodedJSValue in FTL::ExitValue. This is also OK since this constant should
    be already registered by DFG/FTL graph. From 16 (alignment 8) to 9 (alignment 1).

* assembler/CodeLocation.h:
* bytecode/ByValInfo.h:
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::callReturnLocation):
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::nearCallMode const):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::addJITAddIC):
(JSC::CodeBlock::addJITMulIC):
(JSC::CodeBlock::addJITSubIC):
(JSC::CodeBlock::addJITNegIC):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addMathIC):
* bytecode/InlineCallFrame.h:
(JSC::InlineCallFrame::InlineCallFrame):
* bytecode/ValueRecovery.h:
(JSC::ValueRecovery::inGPR):
(JSC::ValueRecovery::inPair):
(JSC::ValueRecovery::inFPR):
(JSC::ValueRecovery::displacedInJSStack):
(JSC::ValueRecovery::constant):
(JSC::ValueRecovery::directArgumentsThatWereNotCreated):
(JSC::ValueRecovery::clonedArgumentsThatWereNotCreated):
(JSC::ValueRecovery::gpr const):
(JSC::ValueRecovery::tagGPR const):
(JSC::ValueRecovery::payloadGPR const):
(JSC::ValueRecovery::fpr const):
(JSC::ValueRecovery::virtualRegister const):
(JSC::ValueRecovery::withLocalsOffset const):
(JSC::ValueRecovery::constant const):
(JSC::ValueRecovery::nodeID const):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueAdd):
(JSC::DFG::SpeculativeJIT::compileValueSub):
(JSC::DFG::SpeculativeJIT::compileValueNegate):
(JSC::DFG::SpeculativeJIT::compileValueMul):
* ftl/FTLExitValue.cpp:
(JSC::FTL::ExitValue::materializeNewObject):
* ftl/FTLExitValue.h:
(JSC::FTL::ExitValue::inJSStack):
(JSC::FTL::ExitValue::inJSStackAsInt32):
(JSC::FTL::ExitValue::inJSStackAsInt52):
(JSC::FTL::ExitValue::inJSStackAsDouble):
(JSC::FTL::ExitValue::constant):
(JSC::FTL::ExitValue::exitArgument):
(JSC::FTL::ExitValue::exitArgument const):
(JSC::FTL::ExitValue::adjustStackmapLocationsIndexByOffset):
(JSC::FTL::ExitValue::constant const):
(JSC::FTL::ExitValue::virtualRegister const):
(JSC::FTL::ExitValue::objectMaterialization const):
(JSC::FTL::ExitValue::withVirtualRegister const):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
(JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
(JSC::FTL::DFG::LowerDFGToB3::compileValueMul):
(JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
(JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
* jit/CachedRecovery.h:
* jit/CallFrameShuffleData.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_negate):
(JSC::JIT::emit_op_add):
(JSC::JIT::emit_op_mul):
(JSC::JIT::emit_op_sub):
* jit/JITMathIC.h:
(JSC::isProfileEmpty):
(JSC::JITBinaryMathIC::JITBinaryMathIC):
(JSC::JITUnaryMathIC::JITUnaryMathIC):
* jit/PolymorphicCallStubRoutine.h:
(JSC::PolymorphicCallNode::hasCallLinkInfo):
* jit/SnippetOperand.h:
(JSC::SnippetOperand::asRawBits const):
(JSC::SnippetOperand::asConstInt32 const):
(JSC::SnippetOperand::asConstDouble const):
(JSC::SnippetOperand::setConstInt32):
(JSC::SnippetOperand::setConstDouble):

Source/WTF:

* wtf/Packed.h:
(WTF::alignof):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreassemblerCodeLocationh">trunk/Source/JavaScriptCore/assembler/CodeLocation.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeByValInfoh">trunk/Source/JavaScriptCore/bytecode/ByValInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCallLinkInfocpp">trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCallLinkInfoh">trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockh">trunk/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeInlineCallFrameh">trunk/Source/JavaScriptCore/bytecode/InlineCallFrame.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeValueRecoveryh">trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitValuecpp">trunk/Source/JavaScriptCore/ftl/FTLExitValue.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLExitValueh">trunk/Source/JavaScriptCore/ftl/FTLExitValue.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCachedRecoveryh">trunk/Source/JavaScriptCore/jit/CachedRecovery.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCallFrameShuffleDatah">trunk/Source/JavaScriptCore/jit/CallFrameShuffleData.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITArithmeticcpp">trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITMathICh">trunk/Source/JavaScriptCore/jit/JITMathIC.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitPolymorphicCallStubRoutineh">trunk/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitSnippetOperandh">trunk/Source/JavaScriptCore/jit/SnippetOperand.h</a></li>
<li><a href="#trunkSourceWTFChangeLog">trunk/Source/WTF/ChangeLog</a></li>
<li><a href="#trunkSourceWTFwtfPackedh">trunk/Source/WTF/wtf/Packed.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog    2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/ChangeLog       2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -1,3 +1,105 @@
</span><ins>+2019-05-13  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Compress miscelaneous JIT related data structures with Packed<>
+        https://bugs.webkit.org/show_bug.cgi?id=197830
+
+        Reviewed by Saam Barati.
+
+        This patch leverages Packed<> to compress miscelaneous data structures related to JIT.
+
+        1. JIT IC data structures
+
+        2. ValueRecovery
+
+            We use Packed<> for EncodedJSValue in ValueRecovery. This means that conservative GC cannot find
+            these values. But this is OK anyway since ValueRecovery's constant should be already registered
+            in DFG graph. From 16 (alignment 8) to 9 (alignment 1).
+
+        3. FTL::ExitValue
+
+            We use Packed<> for EncodedJSValue in FTL::ExitValue. This is also OK since this constant should
+            be already registered by DFG/FTL graph. From 16 (alignment 8) to 9 (alignment 1).
+
+        * assembler/CodeLocation.h:
+        * bytecode/ByValInfo.h:
+        * bytecode/CallLinkInfo.cpp:
+        (JSC::CallLinkInfo::CallLinkInfo):
+        (JSC::CallLinkInfo::callReturnLocation):
+        * bytecode/CallLinkInfo.h:
+        (JSC::CallLinkInfo::nearCallMode const):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::addJITAddIC):
+        (JSC::CodeBlock::addJITMulIC):
+        (JSC::CodeBlock::addJITSubIC):
+        (JSC::CodeBlock::addJITNegIC):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::addMathIC):
+        * bytecode/InlineCallFrame.h:
+        (JSC::InlineCallFrame::InlineCallFrame):
+        * bytecode/ValueRecovery.h:
+        (JSC::ValueRecovery::inGPR):
+        (JSC::ValueRecovery::inPair):
+        (JSC::ValueRecovery::inFPR):
+        (JSC::ValueRecovery::displacedInJSStack):
+        (JSC::ValueRecovery::constant):
+        (JSC::ValueRecovery::directArgumentsThatWereNotCreated):
+        (JSC::ValueRecovery::clonedArgumentsThatWereNotCreated):
+        (JSC::ValueRecovery::gpr const):
+        (JSC::ValueRecovery::tagGPR const):
+        (JSC::ValueRecovery::payloadGPR const):
+        (JSC::ValueRecovery::fpr const):
+        (JSC::ValueRecovery::virtualRegister const):
+        (JSC::ValueRecovery::withLocalsOffset const):
+        (JSC::ValueRecovery::constant const):
+        (JSC::ValueRecovery::nodeID const):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileValueAdd):
+        (JSC::DFG::SpeculativeJIT::compileValueSub):
+        (JSC::DFG::SpeculativeJIT::compileValueNegate):
+        (JSC::DFG::SpeculativeJIT::compileValueMul):
+        * ftl/FTLExitValue.cpp:
+        (JSC::FTL::ExitValue::materializeNewObject):
+        * ftl/FTLExitValue.h:
+        (JSC::FTL::ExitValue::inJSStack):
+        (JSC::FTL::ExitValue::inJSStackAsInt32):
+        (JSC::FTL::ExitValue::inJSStackAsInt52):
+        (JSC::FTL::ExitValue::inJSStackAsDouble):
+        (JSC::FTL::ExitValue::constant):
+        (JSC::FTL::ExitValue::exitArgument):
+        (JSC::FTL::ExitValue::exitArgument const):
+        (JSC::FTL::ExitValue::adjustStackmapLocationsIndexByOffset):
+        (JSC::FTL::ExitValue::constant const):
+        (JSC::FTL::ExitValue::virtualRegister const):
+        (JSC::FTL::ExitValue::objectMaterialization const):
+        (JSC::FTL::ExitValue::withVirtualRegister const):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
+        (JSC::FTL::DFG::LowerDFGToB3::compileValueSub):
+        (JSC::FTL::DFG::LowerDFGToB3::compileValueMul):
+        (JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
+        (JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
+        (JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
+        (JSC::FTL::DFG::LowerDFGToB3::compileValueNegate):
+        * jit/CachedRecovery.h:
+        * jit/CallFrameShuffleData.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_negate):
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emit_op_mul):
+        (JSC::JIT::emit_op_sub):
+        * jit/JITMathIC.h:
+        (JSC::isProfileEmpty):
+        (JSC::JITBinaryMathIC::JITBinaryMathIC):
+        (JSC::JITUnaryMathIC::JITUnaryMathIC):
+        * jit/PolymorphicCallStubRoutine.h:
+        (JSC::PolymorphicCallNode::hasCallLinkInfo):
+        * jit/SnippetOperand.h:
+        (JSC::SnippetOperand::asRawBits const):
+        (JSC::SnippetOperand::asConstInt32 const):
+        (JSC::SnippetOperand::asConstDouble const):
+        (JSC::SnippetOperand::setConstInt32):
+        (JSC::SnippetOperand::setConstDouble):
+
</ins><span class="cx"> 2019-05-12  Yusuke Suzuki  <ysuzuki@apple.com>
</span><span class="cx"> 
</span><span class="cx">         [JSC] Compress Watchpoint size by using enum type and Packed<> data structure
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreassemblerCodeLocationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/assembler/CodeLocation.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/assembler/CodeLocation.h     2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/assembler/CodeLocation.h        2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -31,7 +31,7 @@
</span><span class="cx"> 
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><del>-enum NearCallMode { Regular, Tail };
</del><ins>+enum class NearCallMode : uint8_t { Regular, Tail };
</ins><span class="cx"> 
</span><span class="cx"> template<PtrTag> class CodeLocationInstruction;
</span><span class="cx"> template<PtrTag> class CodeLocationLabel;
</span><span class="lines">@@ -153,7 +153,7 @@
</span><span class="cx">         : CodeLocationCommon<tag>(MacroAssemblerCodePtr<tag>(location)), m_callMode(callMode) { }
</span><span class="cx">     NearCallMode callMode() { return m_callMode; }
</span><span class="cx"> private:
</span><del>-    NearCallMode m_callMode = NearCallMode::Regular;
</del><ins>+    NearCallMode m_callMode { NearCallMode::Regular };
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> template<PtrTag tag>
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeByValInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ByValInfo.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ByValInfo.h 2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/bytecode/ByValInfo.h    2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -39,7 +39,7 @@
</span><span class="cx"> 
</span><span class="cx"> class StructureStubInfo;
</span><span class="cx"> 
</span><del>-enum JITArrayMode {
</del><ins>+enum JITArrayMode : uint8_t {
</ins><span class="cx">     JITInt32,
</span><span class="cx">     JITDouble,
</span><span class="cx">     JITContiguous,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCallLinkInfocpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp    2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp       2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -63,8 +63,6 @@
</span><span class="cx">     , m_clearedByJettison(false)
</span><span class="cx">     , m_callType(None)
</span><span class="cx">     , m_calleeGPR(255)
</span><del>-    , m_maxNumArguments(0)
-    , m_slowPathCount(0)
</del><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -100,7 +98,7 @@
</span><span class="cx"> CodeLocationNearCall<JSInternalPtrTag> CallLinkInfo::callReturnLocation()
</span><span class="cx"> {
</span><span class="cx">     RELEASE_ASSERT(!isDirect());
</span><del>-    return CodeLocationNearCall<JSInternalPtrTag>(m_callReturnLocationOrPatchableJump, Regular);
</del><ins>+    return CodeLocationNearCall<JSInternalPtrTag>(m_callReturnLocationOrPatchableJump, NearCallMode::Regular);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> CodeLocationJump<JSInternalPtrTag> CallLinkInfo::patchableJump()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCallLinkInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h      2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/bytecode/CallLinkInfo.h 2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -41,7 +41,7 @@
</span><span class="cx"> enum OpcodeID : unsigned;
</span><span class="cx"> struct CallFrameShuffleData;
</span><span class="cx"> 
</span><del>-class CallLinkInfo : public BasicRawSentinelNode<CallLinkInfo> {
</del><ins>+class CallLinkInfo : public PackedRawSentinelNode<CallLinkInfo> {
</ins><span class="cx"> public:
</span><span class="cx">     enum CallType {
</span><span class="cx">         None,
</span><span class="lines">@@ -146,7 +146,7 @@
</span><span class="cx">     
</span><span class="cx">     NearCallMode nearCallMode() const
</span><span class="cx">     {
</span><del>-        return isTailCall() ? Tail : Regular;
</del><ins>+        return isTailCall() ? NearCallMode::Tail : NearCallMode::Regular;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     bool isVarargs() const
</span><span class="lines">@@ -347,6 +347,7 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx"> private:
</span><ins>+    uint32_t m_maxNumArguments { 0 }; // For varargs: the profiled maximum number of arguments. For direct: the number of stack slots allocated for arguments.
</ins><span class="cx">     CodeLocationLabel<JSInternalPtrTag> m_callReturnLocationOrPatchableJump;
</span><span class="cx">     CodeLocationLabel<JSInternalPtrTag> m_hotPathBeginOrSlowPathStart;
</span><span class="cx">     CodeLocationNearCall<JSInternalPtrTag> m_hotPathOther;
</span><span class="lines">@@ -355,6 +356,7 @@
</span><span class="cx">     RefPtr<PolymorphicCallStubRoutine> m_stub;
</span><span class="cx">     RefPtr<JITStubRoutine> m_slowStub;
</span><span class="cx">     std::unique_ptr<CallFrameShuffleData> m_frameShuffleData;
</span><ins>+    CodeOrigin m_codeOrigin;
</ins><span class="cx">     bool m_hasSeenShouldRepatch : 1;
</span><span class="cx">     bool m_hasSeenClosure : 1;
</span><span class="cx">     bool m_clearedByGC : 1;
</span><span class="lines">@@ -363,9 +365,7 @@
</span><span class="cx">     bool m_clearedByJettison : 1;
</span><span class="cx">     unsigned m_callType : 4; // CallType
</span><span class="cx">     unsigned m_calleeGPR : 8;
</span><del>-    uint32_t m_maxNumArguments; // For varargs: the profiled maximum number of arguments. For direct: the number of stack slots allocated for arguments.
-    uint32_t m_slowPathCount;
-    CodeOrigin m_codeOrigin;
</del><ins>+    uint32_t m_slowPathCount { 0 };
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> inline CodeOrigin getCallLinkInfoCodeOrigin(CallLinkInfo& callLinkInfo)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp       2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp  2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -1427,28 +1427,28 @@
</span><span class="cx">     return ensureJITData(locker).m_stubInfos.add(accessType);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-JITAddIC* CodeBlock::addJITAddIC(ArithProfile* arithProfile, const Instruction* instruction)
</del><ins>+JITAddIC* CodeBlock::addJITAddIC(ArithProfile* arithProfile)
</ins><span class="cx"> {
</span><span class="cx">     ConcurrentJSLocker locker(m_lock);
</span><del>-    return ensureJITData(locker).m_addICs.add(arithProfile, instruction);
</del><ins>+    return ensureJITData(locker).m_addICs.add(arithProfile);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-JITMulIC* CodeBlock::addJITMulIC(ArithProfile* arithProfile, const Instruction* instruction)
</del><ins>+JITMulIC* CodeBlock::addJITMulIC(ArithProfile* arithProfile)
</ins><span class="cx"> {
</span><span class="cx">     ConcurrentJSLocker locker(m_lock);
</span><del>-    return ensureJITData(locker).m_mulICs.add(arithProfile, instruction);
</del><ins>+    return ensureJITData(locker).m_mulICs.add(arithProfile);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-JITSubIC* CodeBlock::addJITSubIC(ArithProfile* arithProfile, const Instruction* instruction)
</del><ins>+JITSubIC* CodeBlock::addJITSubIC(ArithProfile* arithProfile)
</ins><span class="cx"> {
</span><span class="cx">     ConcurrentJSLocker locker(m_lock);
</span><del>-    return ensureJITData(locker).m_subICs.add(arithProfile, instruction);
</del><ins>+    return ensureJITData(locker).m_subICs.add(arithProfile);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-JITNegIC* CodeBlock::addJITNegIC(ArithProfile* arithProfile, const Instruction* instruction)
</del><ins>+JITNegIC* CodeBlock::addJITNegIC(ArithProfile* arithProfile)
</ins><span class="cx"> {
</span><span class="cx">     ConcurrentJSLocker locker(m_lock);
</span><del>-    return ensureJITData(locker).m_negICs.add(arithProfile, instruction);
</del><ins>+    return ensureJITData(locker).m_negICs.add(arithProfile);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> StructureStubInfo* CodeBlock::findStubInfo(CodeOrigin codeOrigin)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.h    2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -261,8 +261,8 @@
</span><span class="cx">         Bag<JITSubIC> m_subICs;
</span><span class="cx">         Bag<ByValInfo> m_byValInfos;
</span><span class="cx">         Bag<CallLinkInfo> m_callLinkInfos;
</span><del>-        SentinelLinkedList<CallLinkInfo, BasicRawSentinelNode<CallLinkInfo>> m_incomingCalls;
-        SentinelLinkedList<PolymorphicCallNode, BasicRawSentinelNode<PolymorphicCallNode>> m_incomingPolymorphicCalls;
</del><ins>+        SentinelLinkedList<CallLinkInfo, PackedRawSentinelNode<CallLinkInfo>> m_incomingCalls;
+        SentinelLinkedList<PolymorphicCallNode, PackedRawSentinelNode<PolymorphicCallNode>> m_incomingPolymorphicCalls;
</ins><span class="cx">         SegmentedVector<RareCaseProfile, 8> m_rareCaseProfiles;
</span><span class="cx">         std::unique_ptr<PCToCodeOriginMap> m_pcToCodeOriginMap;
</span><span class="cx">         std::unique_ptr<RegisterAtOffsetList> m_calleeSaveRegisters;
</span><span class="lines">@@ -277,22 +277,22 @@
</span><span class="cx">     }
</span><span class="cx">     JITData& ensureJITDataSlow(const ConcurrentJSLocker&);
</span><span class="cx"> 
</span><del>-    JITAddIC* addJITAddIC(ArithProfile*, const Instruction*);
-    JITMulIC* addJITMulIC(ArithProfile*, const Instruction*);
-    JITNegIC* addJITNegIC(ArithProfile*, const Instruction*);
-    JITSubIC* addJITSubIC(ArithProfile*, const Instruction*);
</del><ins>+    JITAddIC* addJITAddIC(ArithProfile*);
+    JITMulIC* addJITMulIC(ArithProfile*);
+    JITNegIC* addJITNegIC(ArithProfile*);
+    JITSubIC* addJITSubIC(ArithProfile*);
</ins><span class="cx"> 
</span><span class="cx">     template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITAddGenerator>::value>::type>
</span><del>-    JITAddIC* addMathIC(ArithProfile* profile, const Instruction* instruction) { return addJITAddIC(profile, instruction); }
</del><ins>+    JITAddIC* addMathIC(ArithProfile* profile) { return addJITAddIC(profile); }
</ins><span class="cx"> 
</span><span class="cx">     template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITMulGenerator>::value>::type>
</span><del>-    JITMulIC* addMathIC(ArithProfile* profile, const Instruction* instruction) { return addJITMulIC(profile, instruction); }
</del><ins>+    JITMulIC* addMathIC(ArithProfile* profile) { return addJITMulIC(profile); }
</ins><span class="cx"> 
</span><span class="cx">     template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITNegGenerator>::value>::type>
</span><del>-    JITNegIC* addMathIC(ArithProfile* profile, const Instruction* instruction) { return addJITNegIC(profile, instruction); }
</del><ins>+    JITNegIC* addMathIC(ArithProfile* profile) { return addJITNegIC(profile); }
</ins><span class="cx"> 
</span><span class="cx">     template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITSubGenerator>::value>::type>
</span><del>-    JITSubIC* addMathIC(ArithProfile* profile, const Instruction* instruction) { return addJITSubIC(profile, instruction); }
</del><ins>+    JITSubIC* addMathIC(ArithProfile* profile) { return addJITSubIC(profile); }
</ins><span class="cx"> 
</span><span class="cx">     StructureStubInfo* addStubInfo(AccessType);
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeInlineCallFrameh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/InlineCallFrame.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/InlineCallFrame.h   2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/bytecode/InlineCallFrame.h      2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -177,21 +177,21 @@
</span><span class="cx">     
</span><span class="cx">     Vector<ValueRecovery> argumentsWithFixup; // Includes 'this' and arity fixups.
</span><span class="cx">     WriteBarrier<CodeBlock> baselineCodeBlock;
</span><del>-    ValueRecovery calleeRecovery;
</del><span class="cx">     CodeOrigin directCaller;
</span><span class="cx"> 
</span><del>-    unsigned argumentCountIncludingThis; // Do not include fixups.
</del><ins>+    unsigned argumentCountIncludingThis { 0 }; // Do not include fixups.
</ins><span class="cx">     signed stackOffset : 28;
</span><span class="cx">     unsigned kind : 3; // real type is Kind
</span><span class="cx">     bool isClosureCall : 1; // If false then we know that callee/scope are constants and the DFG won't treat them as variables, i.e. they have to be recovered manually.
</span><span class="cx">     VirtualRegister argumentCountRegister; // Only set when we inline a varargs call.
</span><ins>+
+    ValueRecovery calleeRecovery;
</ins><span class="cx">     
</span><span class="cx">     // There is really no good notion of a "default" set of values for
</span><span class="cx">     // InlineCallFrame's fields. This constructor is here just to reduce confusion if
</span><span class="cx">     // we forgot to initialize explicitly.
</span><span class="cx">     InlineCallFrame()
</span><del>-        : argumentCountIncludingThis(0)
-        , stackOffset(0)
</del><ins>+        : stackOffset(0)
</ins><span class="cx">         , kind(Call)
</span><span class="cx">         , isClosureCall(false)
</span><span class="cx">     {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeValueRecoveryh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h     2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/bytecode/ValueRecovery.h        2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -43,7 +43,7 @@
</span><span class="cx"> 
</span><span class="cx"> // Describes how to recover a given bytecode virtual register at a given
</span><span class="cx"> // code point.
</span><del>-enum ValueRecoveryTechnique {
</del><ins>+enum ValueRecoveryTechnique : uint8_t {
</ins><span class="cx">     // It's in a register.
</span><span class="cx">     InGPR,
</span><span class="cx">     UnboxedInt32InGPR,
</span><span class="lines">@@ -116,7 +116,9 @@
</span><span class="cx">             result.m_technique = UnboxedCellInGPR;
</span><span class="cx">         else
</span><span class="cx">             result.m_technique = InGPR;
</span><del>-        result.m_source.gpr = gpr;
</del><ins>+        UnionType u;
+        u.gpr = gpr;
+        result.m_source = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -125,8 +127,10 @@
</span><span class="cx">     {
</span><span class="cx">         ValueRecovery result;
</span><span class="cx">         result.m_technique = InPair;
</span><del>-        result.m_source.pair.tagGPR = tagGPR;
-        result.m_source.pair.payloadGPR = payloadGPR;
</del><ins>+        UnionType u;
+        u.pair.tagGPR = tagGPR;
+        u.pair.payloadGPR = payloadGPR;
+        result.m_source = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx"> #endif
</span><span class="lines">@@ -139,7 +143,9 @@
</span><span class="cx">             result.m_technique = UnboxedDoubleInFPR;
</span><span class="cx">         else
</span><span class="cx">             result.m_technique = InFPR;
</span><del>-        result.m_source.fpr = fpr;
</del><ins>+        UnionType u;
+        u.fpr = fpr;
+        result.m_source = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -176,7 +182,9 @@
</span><span class="cx">             result.m_technique = DisplacedInJSStack;
</span><span class="cx">             break;
</span><span class="cx">         }
</span><del>-        result.m_source.virtualReg = virtualReg.offset();
</del><ins>+        UnionType u;
+        u.virtualReg = virtualReg.offset();
+        result.m_source = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -184,7 +192,9 @@
</span><span class="cx">     {
</span><span class="cx">         ValueRecovery result;
</span><span class="cx">         result.m_technique = Constant;
</span><del>-        result.m_source.constant = JSValue::encode(value);
</del><ins>+        UnionType u;
+        u.constant = JSValue::encode(value);
+        result.m_source = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -192,7 +202,9 @@
</span><span class="cx">     {
</span><span class="cx">         ValueRecovery result;
</span><span class="cx">         result.m_technique = DirectArgumentsThatWereNotCreated;
</span><del>-        result.m_source.nodeID = id.bits();
</del><ins>+        UnionType u;
+        u.nodeID = id.bits();
+        result.m_source = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -200,7 +212,9 @@
</span><span class="cx">     {
</span><span class="cx">         ValueRecovery result;
</span><span class="cx">         result.m_technique = ClonedArgumentsThatWereNotCreated;
</span><del>-        result.m_source.nodeID = id.bits();
</del><ins>+        UnionType u;
+        u.nodeID = id.bits();
+        result.m_source = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -292,7 +306,7 @@
</span><span class="cx">     MacroAssembler::RegisterID gpr() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isInGPR());
</span><del>-        return m_source.gpr;
</del><ins>+        return m_source.get().gpr;
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="lines">@@ -299,13 +313,13 @@
</span><span class="cx">     MacroAssembler::RegisterID tagGPR() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(m_technique == InPair);
</span><del>-        return m_source.pair.tagGPR;
</del><ins>+        return m_source.get().pair.tagGPR;
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     MacroAssembler::RegisterID payloadGPR() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(m_technique == InPair);
</span><del>-        return m_source.pair.payloadGPR;
</del><ins>+        return m_source.get().pair.payloadGPR;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     bool isInJSValueRegs() const
</span><span class="lines">@@ -330,13 +344,13 @@
</span><span class="cx">     MacroAssembler::FPRegisterID fpr() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isInFPR());
</span><del>-        return m_source.fpr;
</del><ins>+        return m_source.get().fpr;
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     VirtualRegister virtualRegister() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isInJSStack());
</span><del>-        return VirtualRegister(m_source.virtualReg);
</del><ins>+        return VirtualRegister(m_source.get().virtualReg);
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     ValueRecovery withLocalsOffset(int offset) const
</span><span class="lines">@@ -351,7 +365,9 @@
</span><span class="cx">         case StrictInt52DisplacedInJSStack: {
</span><span class="cx">             ValueRecovery result;
</span><span class="cx">             result.m_technique = m_technique;
</span><del>-            result.m_source.virtualReg = m_source.virtualReg + offset;
</del><ins>+            UnionType u;
+            u.virtualReg = m_source.get().virtualReg + offset;
+            result.m_source = WTFMove(u);
</ins><span class="cx">             return result;
</span><span class="cx">         }
</span><span class="cx">             
</span><span class="lines">@@ -363,13 +379,13 @@
</span><span class="cx">     JSValue constant() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isConstant());
</span><del>-        return JSValue::decode(m_source.constant);
</del><ins>+        return JSValue::decode(m_source.get().constant);
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     DFG::MinifiedID nodeID() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(m_technique == DirectArgumentsThatWereNotCreated || m_technique == ClonedArgumentsThatWereNotCreated);
</span><del>-        return DFG::MinifiedID::fromBits(m_source.nodeID);
</del><ins>+        return DFG::MinifiedID::fromBits(m_source.get().nodeID);
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     JSValue recover(ExecState*) const;
</span><span class="lines">@@ -408,7 +424,7 @@
</span><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     ValueRecoveryTechnique m_technique;
</span><del>-    union {
</del><ins>+    union UnionType {
</ins><span class="cx">         MacroAssembler::RegisterID gpr;
</span><span class="cx">         MacroAssembler::FPRegisterID fpr;
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="lines">@@ -420,7 +436,9 @@
</span><span class="cx">         int virtualReg;
</span><span class="cx">         EncodedJSValue constant;
</span><span class="cx">         unsigned nodeID;
</span><del>-    } m_source;
</del><ins>+    };
+    Packed<UnionType> m_source;
</ins><span class="cx"> };
</span><ins>+static_assert(alignof(ValueRecovery) == 1);
</ins><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp    2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp       2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -3953,8 +3953,7 @@
</span><span class="cx">     CodeBlock* baselineCodeBlock = m_jit.graph().baselineCodeBlockFor(node->origin.semantic);
</span><span class="cx">     unsigned bytecodeIndex = node->origin.semantic.bytecodeIndex();
</span><span class="cx">     ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-    const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
-    JITAddIC* addIC = m_jit.codeBlock()->addJITAddIC(arithProfile, instruction);
</del><ins>+    JITAddIC* addIC = m_jit.codeBlock()->addJITAddIC(arithProfile);
</ins><span class="cx">     auto repatchingFunction = operationValueAddOptimize;
</span><span class="cx">     auto nonRepatchingFunction = operationValueAdd;
</span><span class="cx">     
</span><span class="lines">@@ -3978,8 +3977,7 @@
</span><span class="cx">         CodeBlock* baselineCodeBlock = m_jit.graph().baselineCodeBlockFor(node->origin.semantic);
</span><span class="cx">         unsigned bytecodeIndex = node->origin.semantic.bytecodeIndex();
</span><span class="cx">         ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-        const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
-        JITSubIC* subIC = m_jit.codeBlock()->addJITSubIC(arithProfile, instruction);
</del><ins>+        JITSubIC* subIC = m_jit.codeBlock()->addJITSubIC(arithProfile);
</ins><span class="cx">         auto repatchingFunction = operationValueSubOptimize;
</span><span class="cx">         auto nonRepatchingFunction = operationValueSub;
</span><span class="cx"> 
</span><span class="lines">@@ -4573,8 +4571,7 @@
</span><span class="cx">     CodeBlock* baselineCodeBlock = m_jit.graph().baselineCodeBlockFor(node->origin.semantic);
</span><span class="cx">     unsigned bytecodeIndex = node->origin.semantic.bytecodeIndex();
</span><span class="cx">     ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-    const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
-    JITNegIC* negIC = m_jit.codeBlock()->addJITNegIC(arithProfile, instruction);
</del><ins>+    JITNegIC* negIC = m_jit.codeBlock()->addJITNegIC(arithProfile);
</ins><span class="cx">     auto repatchingFunction = operationArithNegateOptimize;
</span><span class="cx">     auto nonRepatchingFunction = operationArithNegate;
</span><span class="cx">     bool needsScratchGPRReg = true;
</span><span class="lines">@@ -4797,8 +4794,7 @@
</span><span class="cx">     CodeBlock* baselineCodeBlock = m_jit.graph().baselineCodeBlockFor(node->origin.semantic);
</span><span class="cx">     unsigned bytecodeIndex = node->origin.semantic.bytecodeIndex();
</span><span class="cx">     ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-    const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
-    JITMulIC* mulIC = m_jit.codeBlock()->addJITMulIC(arithProfile, instruction);
</del><ins>+    JITMulIC* mulIC = m_jit.codeBlock()->addJITMulIC(arithProfile);
</ins><span class="cx">     auto repatchingFunction = operationValueMulOptimize;
</span><span class="cx">     auto nonRepatchingFunction = operationValueMul;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitValuecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitValue.cpp (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitValue.cpp 2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitValue.cpp    2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -38,7 +38,9 @@
</span><span class="cx"> {
</span><span class="cx">     ExitValue result;
</span><span class="cx">     result.m_kind = ExitValueMaterializeNewObject;
</span><del>-    result.u.newObjectMaterializationData = data;
</del><ins>+    UnionType u;
+    u.newObjectMaterializationData = data;
+    result.m_value = WTFMove(u);
</ins><span class="cx">     return result;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLExitValueh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLExitValue.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLExitValue.h   2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/ftl/FTLExitValue.h      2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -45,7 +45,7 @@
</span><span class="cx"> // telling us the mapping between operands in bytecode and the arguments to
</span><span class="cx"> // the call.
</span><span class="cx"> 
</span><del>-enum ExitValueKind {
</del><ins>+enum ExitValueKind : uint8_t {
</ins><span class="cx">     InvalidExitValue,
</span><span class="cx">     ExitValueDead,
</span><span class="cx">     ExitValueArgument,
</span><span class="lines">@@ -79,7 +79,9 @@
</span><span class="cx">     {
</span><span class="cx">         ExitValue result;
</span><span class="cx">         result.m_kind = ExitValueInJSStack;
</span><del>-        result.u.virtualRegister = reg.offset();
</del><ins>+        UnionType u;
+        u.virtualRegister = reg.offset();
+        result.m_value = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -87,7 +89,9 @@
</span><span class="cx">     {
</span><span class="cx">         ExitValue result;
</span><span class="cx">         result.m_kind = ExitValueInJSStackAsInt32;
</span><del>-        result.u.virtualRegister = reg.offset();
</del><ins>+        UnionType u;
+        u.virtualRegister = reg.offset();
+        result.m_value = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -95,7 +99,9 @@
</span><span class="cx">     {
</span><span class="cx">         ExitValue result;
</span><span class="cx">         result.m_kind = ExitValueInJSStackAsInt52;
</span><del>-        result.u.virtualRegister = reg.offset();
</del><ins>+        UnionType u;
+        u.virtualRegister = reg.offset();
+        result.m_value = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -103,7 +109,9 @@
</span><span class="cx">     {
</span><span class="cx">         ExitValue result;
</span><span class="cx">         result.m_kind = ExitValueInJSStackAsDouble;
</span><del>-        result.u.virtualRegister = reg.offset();
</del><ins>+        UnionType u;
+        u.virtualRegister = reg.offset();
+        result.m_value = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -111,7 +119,9 @@
</span><span class="cx">     {
</span><span class="cx">         ExitValue result;
</span><span class="cx">         result.m_kind = ExitValueConstant;
</span><del>-        result.u.constant = JSValue::encode(value);
</del><ins>+        UnionType u;
+        u.constant = JSValue::encode(value);
+        result.m_value = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -119,7 +129,9 @@
</span><span class="cx">     {
</span><span class="cx">         ExitValue result;
</span><span class="cx">         result.m_kind = ExitValueArgument;
</span><del>-        result.u.argument = argument.representation();
</del><ins>+        UnionType u;
+        u.argument = argument.representation();
+        result.m_value = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -148,7 +160,7 @@
</span><span class="cx">     ExitArgument exitArgument() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isArgument());
</span><del>-        return ExitArgument(u.argument);
</del><ins>+        return ExitArgument(m_value.get().argument);
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     void adjustStackmapLocationsIndexByOffset(unsigned offset)
</span><span class="lines">@@ -155,25 +167,27 @@
</span><span class="cx">     {
</span><span class="cx">         ASSERT(hasIndexInStackmapLocations());
</span><span class="cx">         ASSERT(isArgument());
</span><ins>+        UnionType u = m_value.get();
</ins><span class="cx">         u.argument.argument += offset;
</span><ins>+        m_value = WTFMove(u);
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     JSValue constant() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isConstant());
</span><del>-        return JSValue::decode(u.constant);
</del><ins>+        return JSValue::decode(m_value.get().constant);
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     VirtualRegister virtualRegister() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isInJSStackSomehow());
</span><del>-        return VirtualRegister(u.virtualRegister);
</del><ins>+        return VirtualRegister(m_value.get().virtualRegister);
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     ExitTimeObjectMaterialization* objectMaterialization() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(isObjectMaterialization());
</span><del>-        return u.newObjectMaterializationData;
</del><ins>+        return m_value.get().newObjectMaterializationData;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     ExitValue withVirtualRegister(VirtualRegister virtualRegister) const
</span><span class="lines">@@ -181,7 +195,9 @@
</span><span class="cx">         ASSERT(isInJSStackSomehow());
</span><span class="cx">         ExitValue result;
</span><span class="cx">         result.m_kind = m_kind;
</span><del>-        result.u.virtualRegister = virtualRegister.offset();
</del><ins>+        UnionType u;
+        u.virtualRegister = virtualRegister.offset();
+        result.m_value = WTFMove(u);
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -200,12 +216,13 @@
</span><span class="cx">     
</span><span class="cx"> private:
</span><span class="cx">     ExitValueKind m_kind;
</span><del>-    union {
</del><ins>+    union UnionType {
</ins><span class="cx">         ExitArgumentRepresentation argument;
</span><span class="cx">         EncodedJSValue constant;
</span><span class="cx">         int virtualRegister;
</span><span class="cx">         ExitTimeObjectMaterialization* newObjectMaterializationData;
</span><del>-    } u;
</del><ins>+    };
+    Packed<UnionType> m_value;
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } } // namespace JSC::FTL
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp      2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -2070,10 +2070,9 @@
</span><span class="cx">         CodeBlock* baselineCodeBlock = m_ftlState.graph.baselineCodeBlockFor(m_node->origin.semantic);
</span><span class="cx">         unsigned bytecodeIndex = m_node->origin.semantic.bytecodeIndex();
</span><span class="cx">         ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-        const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
</del><span class="cx">         auto repatchingFunction = operationValueAddOptimize;
</span><span class="cx">         auto nonRepatchingFunction = operationValueAdd;
</span><del>-        compileBinaryMathIC<JITAddGenerator>(arithProfile, instruction, repatchingFunction, nonRepatchingFunction);
</del><ins>+        compileBinaryMathIC<JITAddGenerator>(arithProfile, repatchingFunction, nonRepatchingFunction);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void compileValueSub()
</span><span class="lines">@@ -2090,10 +2089,9 @@
</span><span class="cx">         CodeBlock* baselineCodeBlock = m_ftlState.graph.baselineCodeBlockFor(m_node->origin.semantic);
</span><span class="cx">         unsigned bytecodeIndex = m_node->origin.semantic.bytecodeIndex();
</span><span class="cx">         ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-        const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
</del><span class="cx">         auto repatchingFunction = operationValueSubOptimize;
</span><span class="cx">         auto nonRepatchingFunction = operationValueSub;
</span><del>-        compileBinaryMathIC<JITSubGenerator>(arithProfile, instruction, repatchingFunction, nonRepatchingFunction);
</del><ins>+        compileBinaryMathIC<JITSubGenerator>(arithProfile, repatchingFunction, nonRepatchingFunction);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void compileValueMul()
</span><span class="lines">@@ -2110,15 +2108,14 @@
</span><span class="cx">         CodeBlock* baselineCodeBlock = m_ftlState.graph.baselineCodeBlockFor(m_node->origin.semantic);
</span><span class="cx">         unsigned bytecodeIndex = m_node->origin.semantic.bytecodeIndex();
</span><span class="cx">         ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-        const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
</del><span class="cx">         auto repatchingFunction = operationValueMulOptimize;
</span><span class="cx">         auto nonRepatchingFunction = operationValueMul;
</span><del>-        compileBinaryMathIC<JITMulGenerator>(arithProfile, instruction, repatchingFunction, nonRepatchingFunction);
</del><ins>+        compileBinaryMathIC<JITMulGenerator>(arithProfile, repatchingFunction, nonRepatchingFunction);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     template <typename Generator, typename Func1, typename Func2,
</span><span class="cx">         typename = std::enable_if_t<std::is_function<typename std::remove_pointer<Func1>::type>::value && std::is_function<typename std::remove_pointer<Func2>::type>::value>>
</span><del>-    void compileUnaryMathIC(ArithProfile* arithProfile, const Instruction* instruction, Func1 repatchingFunction, Func2 nonRepatchingFunction)
</del><ins>+    void compileUnaryMathIC(ArithProfile* arithProfile, Func1 repatchingFunction, Func2 nonRepatchingFunction)
</ins><span class="cx">     {
</span><span class="cx">         Node* node = m_node;
</span><span class="cx"> 
</span><span class="lines">@@ -2144,7 +2141,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx">                 Box<MathICGenerationState> mathICGenerationState = Box<MathICGenerationState>::create();
</span><del>-                JITUnaryMathIC<Generator>* mathIC = jit.codeBlock()->addMathIC<Generator>(arithProfile, instruction);
</del><ins>+                JITUnaryMathIC<Generator>* mathIC = jit.codeBlock()->addMathIC<Generator>(arithProfile);
</ins><span class="cx">                 mathIC->m_generator = Generator(JSValueRegs(params[0].gpr()), JSValueRegs(params[1].gpr()), params.gpScratch(0));
</span><span class="cx"> 
</span><span class="cx">                 bool shouldEmitProfiling = false;
</span><span class="lines">@@ -2204,7 +2201,7 @@
</span><span class="cx"> 
</span><span class="cx">     template <typename Generator, typename Func1, typename Func2,
</span><span class="cx">         typename = std::enable_if_t<std::is_function<typename std::remove_pointer<Func1>::type>::value && std::is_function<typename std::remove_pointer<Func2>::type>::value>>
</span><del>-    void compileBinaryMathIC(ArithProfile* arithProfile, const Instruction* instruction, Func1 repatchingFunction, Func2 nonRepatchingFunction)
</del><ins>+    void compileBinaryMathIC(ArithProfile* arithProfile, Func1 repatchingFunction, Func2 nonRepatchingFunction)
</ins><span class="cx">     {
</span><span class="cx">         Node* node = m_node;
</span><span class="cx">         
</span><span class="lines">@@ -2238,7 +2235,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx">                 Box<MathICGenerationState> mathICGenerationState = Box<MathICGenerationState>::create();
</span><del>-                JITBinaryMathIC<Generator>* mathIC = jit.codeBlock()->addMathIC<Generator>(arithProfile, instruction);
</del><ins>+                JITBinaryMathIC<Generator>* mathIC = jit.codeBlock()->addMathIC<Generator>(arithProfile);
</ins><span class="cx">                 mathIC->m_generator = Generator(leftOperand, rightOperand, JSValueRegs(params[0].gpr()),
</span><span class="cx">                     JSValueRegs(params[1].gpr()), JSValueRegs(params[2].gpr()), params.fpScratch(0),
</span><span class="cx">                     params.fpScratch(1), params.gpScratch(0), InvalidFPRReg);
</span><span class="lines">@@ -2372,10 +2369,9 @@
</span><span class="cx">             CodeBlock* baselineCodeBlock = m_ftlState.graph.baselineCodeBlockFor(m_node->origin.semantic);
</span><span class="cx">             unsigned bytecodeIndex = m_node->origin.semantic.bytecodeIndex();
</span><span class="cx">             ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-            const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
</del><span class="cx">             auto repatchingFunction = operationValueSubOptimize;
</span><span class="cx">             auto nonRepatchingFunction = operationValueSub;
</span><del>-            compileBinaryMathIC<JITSubGenerator>(arithProfile, instruction, repatchingFunction, nonRepatchingFunction);
</del><ins>+            compileBinaryMathIC<JITSubGenerator>(arithProfile, repatchingFunction, nonRepatchingFunction);
</ins><span class="cx">             break;
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="lines">@@ -3023,10 +3019,9 @@
</span><span class="cx">         CodeBlock* baselineCodeBlock = m_ftlState.graph.baselineCodeBlockFor(m_node->origin.semantic);
</span><span class="cx">         unsigned bytecodeIndex = m_node->origin.semantic.bytecodeIndex();
</span><span class="cx">         ArithProfile* arithProfile = baselineCodeBlock->arithProfileForBytecodeOffset(bytecodeIndex);
</span><del>-        const Instruction* instruction = baselineCodeBlock->instructions().at(bytecodeIndex).ptr();
</del><span class="cx">         auto repatchingFunction = operationArithNegateOptimize;
</span><span class="cx">         auto nonRepatchingFunction = operationArithNegate;
</span><del>-        compileUnaryMathIC<JITNegGenerator>(arithProfile, instruction, repatchingFunction, nonRepatchingFunction);
</del><ins>+        compileUnaryMathIC<JITNegGenerator>(arithProfile, repatchingFunction, nonRepatchingFunction);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void compileArithNegate()
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCachedRecoveryh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CachedRecovery.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CachedRecovery.h 2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/jit/CachedRecovery.h    2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -123,10 +123,10 @@
</span><span class="cx"> 
</span><span class="cx">     FPRReg wantedFPR() const { return m_wantedFPR; }
</span><span class="cx"> private:
</span><ins>+    Vector<VirtualRegister, 1> m_targets;
</ins><span class="cx">     ValueRecovery m_recovery;
</span><span class="cx">     JSValueRegs m_wantedJSValueRegs;
</span><span class="cx">     FPRReg m_wantedFPR { InvalidFPRReg };
</span><del>-    Vector<VirtualRegister, 1> m_targets;
</del><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCallFrameShuffleDatah"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CallFrameShuffleData.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CallFrameShuffleData.h   2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/jit/CallFrameShuffleData.h      2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -35,7 +35,6 @@
</span><span class="cx"> struct CallFrameShuffleData {
</span><span class="cx">     WTF_MAKE_FAST_ALLOCATED;
</span><span class="cx"> public:
</span><del>-    ValueRecovery callee;
</del><span class="cx">     Vector<ValueRecovery> args;
</span><span class="cx">     unsigned numLocals { UINT_MAX };
</span><span class="cx">     unsigned numPassedArgs { UINT_MAX };
</span><span class="lines">@@ -45,6 +44,7 @@
</span><span class="cx"> 
</span><span class="cx">     void setupCalleeSaveRegisters(CodeBlock*);
</span><span class="cx"> #endif
</span><ins>+    ValueRecovery callee;
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITArithmeticcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp        2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp   2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -453,7 +453,7 @@
</span><span class="cx"> void JIT::emit_op_negate(const Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx">     ArithProfile* arithProfile = &currentInstruction->as<OpNegate>().metadata(m_codeBlock).m_arithProfile;
</span><del>-    JITNegIC* negateIC = m_codeBlock->addJITNegIC(arithProfile, currentInstruction);
</del><ins>+    JITNegIC* negateIC = m_codeBlock->addJITNegIC(arithProfile);
</ins><span class="cx">     m_instructionToMathIC.add(currentInstruction, negateIC);
</span><span class="cx">     emitMathICFast<OpNegate>(negateIC, currentInstruction, operationArithNegateProfiled, operationArithNegate);
</span><span class="cx"> }
</span><span class="lines">@@ -641,7 +641,7 @@
</span><span class="cx"> void JIT::emit_op_add(const Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx">     ArithProfile* arithProfile = &currentInstruction->as<OpAdd>().metadata(m_codeBlock).m_arithProfile;
</span><del>-    JITAddIC* addIC = m_codeBlock->addJITAddIC(arithProfile, currentInstruction);
</del><ins>+    JITAddIC* addIC = m_codeBlock->addJITAddIC(arithProfile);
</ins><span class="cx">     m_instructionToMathIC.add(currentInstruction, addIC);
</span><span class="cx">     emitMathICFast<OpAdd>(addIC, currentInstruction, operationValueAddProfiled, operationValueAdd);
</span><span class="cx"> }
</span><span class="lines">@@ -960,7 +960,7 @@
</span><span class="cx"> void JIT::emit_op_mul(const Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx">     ArithProfile* arithProfile = &currentInstruction->as<OpMul>().metadata(m_codeBlock).m_arithProfile;
</span><del>-    JITMulIC* mulIC = m_codeBlock->addJITMulIC(arithProfile, currentInstruction);
</del><ins>+    JITMulIC* mulIC = m_codeBlock->addJITMulIC(arithProfile);
</ins><span class="cx">     m_instructionToMathIC.add(currentInstruction, mulIC);
</span><span class="cx">     emitMathICFast<OpMul>(mulIC, currentInstruction, operationValueMulProfiled, operationValueMul);
</span><span class="cx"> }
</span><span class="lines">@@ -976,7 +976,7 @@
</span><span class="cx"> void JIT::emit_op_sub(const Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx">     ArithProfile* arithProfile = &currentInstruction->as<OpSub>().metadata(m_codeBlock).m_arithProfile;
</span><del>-    JITSubIC* subIC = m_codeBlock->addJITSubIC(arithProfile, currentInstruction);
</del><ins>+    JITSubIC* subIC = m_codeBlock->addJITSubIC(arithProfile);
</ins><span class="cx">     m_instructionToMathIC.add(currentInstruction, subIC);
</span><span class="cx">     emitMathICFast<OpSub>(subIC, currentInstruction, operationValueSubProfiled, operationValueSub);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITMathICh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITMathIC.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITMathIC.h      2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/jit/JITMathIC.h 2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -56,9 +56,8 @@
</span><span class="cx"> class JITMathIC {
</span><span class="cx">     WTF_MAKE_FAST_ALLOCATED;
</span><span class="cx"> public:
</span><del>-    JITMathIC(ArithProfile* arithProfile, const Instruction* instruction)
</del><ins>+    JITMathIC(ArithProfile* arithProfile)
</ins><span class="cx">         : m_arithProfile(arithProfile)
</span><del>-        , m_instruction(instruction)
</del><span class="cx">     {
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -225,7 +224,6 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     ArithProfile* arithProfile() const { return m_arithProfile; }
</span><del>-    const Instruction* instruction() const { return m_instruction; }
</del><span class="cx"> 
</span><span class="cx"> #if ENABLE(MATH_IC_STATS)
</span><span class="cx">     size_t m_generatedCodeSize { 0 };
</span><span class="lines">@@ -239,7 +237,6 @@
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx">     ArithProfile* m_arithProfile;
</span><del>-    const Instruction* m_instruction;
</del><span class="cx">     MacroAssemblerCodeRef<JITStubRoutinePtrTag> m_code;
</span><span class="cx">     CodeLocationLabel<JSInternalPtrTag> m_inlineStart;
</span><span class="cx">     CodeLocationLabel<JSInternalPtrTag> m_inlineEnd;
</span><span class="lines">@@ -256,8 +253,8 @@
</span><span class="cx"> template <typename GeneratorType>
</span><span class="cx"> class JITBinaryMathIC : public JITMathIC<GeneratorType, isBinaryProfileEmpty> {
</span><span class="cx"> public:
</span><del>-    JITBinaryMathIC(ArithProfile* arithProfile, const Instruction* instruction)
-        : JITMathIC<GeneratorType, isBinaryProfileEmpty>(arithProfile, instruction)
</del><ins>+    JITBinaryMathIC(ArithProfile* arithProfile)
+        : JITMathIC<GeneratorType, isBinaryProfileEmpty>(arithProfile)
</ins><span class="cx">     {
</span><span class="cx">     }
</span><span class="cx"> };
</span><span class="lines">@@ -274,8 +271,8 @@
</span><span class="cx"> template <typename GeneratorType>
</span><span class="cx"> class JITUnaryMathIC : public JITMathIC<GeneratorType, isUnaryProfileEmpty> {
</span><span class="cx"> public:
</span><del>-    JITUnaryMathIC(ArithProfile* arithProfile, const Instruction* instruction)
-        : JITMathIC<GeneratorType, isUnaryProfileEmpty>(arithProfile, instruction)
</del><ins>+    JITUnaryMathIC(ArithProfile* arithProfile)
+        : JITMathIC<GeneratorType, isUnaryProfileEmpty>(arithProfile)
</ins><span class="cx">     {
</span><span class="cx">     }
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitPolymorphicCallStubRoutineh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h     2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h        2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -38,7 +38,7 @@
</span><span class="cx"> 
</span><span class="cx"> class CallLinkInfo;
</span><span class="cx"> 
</span><del>-class PolymorphicCallNode : public BasicRawSentinelNode<PolymorphicCallNode> {
</del><ins>+class PolymorphicCallNode : public PackedRawSentinelNode<PolymorphicCallNode> {
</ins><span class="cx">     WTF_MAKE_NONCOPYABLE(PolymorphicCallNode);
</span><span class="cx"> public:
</span><span class="cx">     PolymorphicCallNode(CallLinkInfo* info)
</span><span class="lines">@@ -50,11 +50,11 @@
</span><span class="cx">     
</span><span class="cx">     void unlink(VM&);
</span><span class="cx"> 
</span><del>-    bool hasCallLinkInfo(CallLinkInfo* info) { return m_callLinkInfo == info; }
</del><ins>+    bool hasCallLinkInfo(CallLinkInfo* info) { return m_callLinkInfo.get() == info; }
</ins><span class="cx">     void clearCallLinkInfo();
</span><span class="cx">     
</span><span class="cx"> private:
</span><del>-    CallLinkInfo* m_callLinkInfo;
</del><ins>+    PackedPtr<CallLinkInfo> m_callLinkInfo;
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> class PolymorphicCallCase {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitSnippetOperandh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/SnippetOperand.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/SnippetOperand.h 2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/JavaScriptCore/jit/SnippetOperand.h    2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -28,11 +28,12 @@
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> 
</span><span class="cx"> #include "ResultType.h"
</span><ins>+#include <wtf/Packed.h>
</ins><span class="cx"> 
</span><span class="cx"> namespace JSC {
</span><span class="cx"> 
</span><span class="cx"> class SnippetOperand {
</span><del>-    enum ConstOrVarType {
</del><ins>+    enum ConstOrVarType : uint8_t {
</ins><span class="cx">         Variable,
</span><span class="cx">         ConstInt32,
</span><span class="cx">         ConstDouble
</span><span class="lines">@@ -55,18 +56,18 @@
</span><span class="cx">     bool isConstDouble() const { return m_type == ConstDouble; }
</span><span class="cx">     bool isPositiveConstInt32() const { return isConstInt32() && asConstInt32() > 0; }
</span><span class="cx"> 
</span><del>-    int64_t asRawBits() const { return m_val.rawBits; }
</del><ins>+    int64_t asRawBits() const { return m_val.get().rawBits; }
</ins><span class="cx"> 
</span><span class="cx">     int32_t asConstInt32() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(m_type == ConstInt32);
</span><del>-        return m_val.int32Val;
</del><ins>+        return m_val.get().int32Val;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     double asConstDouble() const
</span><span class="cx">     {
</span><span class="cx">         ASSERT(m_type == ConstDouble);
</span><del>-        return m_val.doubleVal;
</del><ins>+        return m_val.get().doubleVal;
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     double asConstNumber() const
</span><span class="lines">@@ -80,24 +81,30 @@
</span><span class="cx">     void setConstInt32(int32_t value)
</span><span class="cx">     {
</span><span class="cx">         m_type = ConstInt32;
</span><del>-        m_val.int32Val = value;
</del><ins>+        UnionType u;
+        u.int32Val = value;
+        m_val = WTFMove(u);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     void setConstDouble(double value)
</span><span class="cx">     {
</span><span class="cx">         m_type = ConstDouble;
</span><del>-        m_val.doubleVal = value;
</del><ins>+        UnionType u;
+        u.doubleVal = value;
+        m_val = WTFMove(u);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     ResultType m_resultType;
</span><span class="cx">     ConstOrVarType m_type { Variable };
</span><del>-    union {
</del><ins>+    union UnionType {
</ins><span class="cx">         int32_t int32Val;
</span><span class="cx">         double doubleVal;
</span><span class="cx">         int64_t rawBits;
</span><del>-    } m_val;
</del><ins>+    };
+    Packed<UnionType> m_val;
</ins><span class="cx"> };
</span><ins>+static_assert(alignof(SnippetOperand) == 1);
</ins><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/ChangeLog (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/ChangeLog       2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/WTF/ChangeLog  2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -1,3 +1,13 @@
</span><ins>+2019-05-13  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Compress miscelaneous JIT related data structures with Packed<>
+        https://bugs.webkit.org/show_bug.cgi?id=197830
+
+        Reviewed by Saam Barati.
+
+        * wtf/Packed.h:
+        (WTF::alignof):
+
</ins><span class="cx"> 2019-05-13  Michael Catanzaro  <mcatanzaro@igalia.com>
</span><span class="cx"> 
</span><span class="cx">         Unreviewed, fix unused variable warnings in release builds
</span></span></pre></div>
<a id="trunkSourceWTFwtfPackedh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/Packed.h (245238 => 245239)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/Packed.h    2019-05-13 16:52:05 UTC (rev 245238)
+++ trunk/Source/WTF/wtf/Packed.h       2019-05-13 17:32:31 UTC (rev 245239)
</span><span class="lines">@@ -161,6 +161,7 @@
</span><span class="cx">     T* operator->() const { return get(); }
</span><span class="cx">     T& operator*() const { return *get(); }
</span><span class="cx">     bool operator!() const { return !get(); }
</span><ins>+    explicit operator bool() const { return get(); }
</ins><span class="cx"> 
</span><span class="cx">     PackedAlignedPtr& operator=(T* value)
</span><span class="cx">     {
</span></span></pre>
</div>
</div>

</body>
</html>