Occasional failure in v8-v6/v8-raytrace.js.ftl-eager
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-14  Basile Clement  <basile_clement@apple.com>
2
3         Occasional failure in v8-v6/v8-raytrace.js.ftl-eager
4         https://bugs.webkit.org/show_bug.cgi?id=147165
5
6         Reviewed by Saam Barati.
7
8         The object allocation sinking phase was not properly checking that a
9         MultiGetByOffset was safe to lower before lowering it.
10         This makes it so that we only lower MultiGetByOffset if it only loads
11         from direct properties of the object, and considers it as an escape in
12         any other case (e.g. a load from the prototype).
13
14         It also ensure proper conversion of MultiGetByOffset into
15         CheckStructureImmediate when needed.
16
17         * dfg/DFGObjectAllocationSinkingPhase.cpp:
18         * ftl/FTLLowerDFGToLLVM.cpp:
19         (JSC::FTL::DFG::LowerDFGToLLVM::checkStructure):
20             We were not compiling properly CheckStructure and
21             CheckStructureImmediate nodes with an empty StructureSet.
22         * tests/stress/sink-multigetbyoffset.js: Regression test.
23
24 2015-08-14  Filip Pizlo  <fpizlo@apple.com>
25
26         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
27         https://bugs.webkit.org/show_bug.cgi?id=147999
28
29         Reviewed by Geoffrey Garen.
30
31         * API/JSVirtualMachine.mm:
32         (initWrapperCache):
33         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
34         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
35         (wrapperCacheMutex): Deleted.
36         * bytecode/SamplingTool.cpp:
37         (JSC::SamplingTool::doRun):
38         (JSC::SamplingTool::notifyOfScope):
39         * bytecode/SamplingTool.h:
40         * dfg/DFGThreadData.h:
41         * dfg/DFGWorklist.cpp:
42         (JSC::DFG::Worklist::~Worklist):
43         (JSC::DFG::Worklist::isActiveForVM):
44         (JSC::DFG::Worklist::enqueue):
45         (JSC::DFG::Worklist::compilationState):
46         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
47         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
48         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
49         (JSC::DFG::Worklist::visitWeakReferences):
50         (JSC::DFG::Worklist::removeDeadPlans):
51         (JSC::DFG::Worklist::queueLength):
52         (JSC::DFG::Worklist::dump):
53         (JSC::DFG::Worklist::runThread):
54         * dfg/DFGWorklist.h:
55         * disassembler/Disassembler.cpp:
56         * heap/CopiedSpace.cpp:
57         (JSC::CopiedSpace::doneFillingBlock):
58         (JSC::CopiedSpace::doneCopying):
59         * heap/CopiedSpace.h:
60         * heap/CopiedSpaceInlines.h:
61         (JSC::CopiedSpace::recycleBorrowedBlock):
62         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
63         * heap/GCThread.cpp:
64         (JSC::GCThread::waitForNextPhase):
65         (JSC::GCThread::gcThreadMain):
66         * heap/GCThreadSharedData.cpp:
67         (JSC::GCThreadSharedData::GCThreadSharedData):
68         (JSC::GCThreadSharedData::~GCThreadSharedData):
69         (JSC::GCThreadSharedData::startNextPhase):
70         (JSC::GCThreadSharedData::endCurrentPhase):
71         (JSC::GCThreadSharedData::didStartMarking):
72         (JSC::GCThreadSharedData::didFinishMarking):
73         * heap/GCThreadSharedData.h:
74         * heap/HeapTimer.h:
75         * heap/MachineStackMarker.cpp:
76         (JSC::ActiveMachineThreadsManager::Locker::Locker):
77         (JSC::ActiveMachineThreadsManager::add):
78         (JSC::ActiveMachineThreadsManager::remove):
79         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
80         (JSC::MachineThreads::~MachineThreads):
81         (JSC::MachineThreads::addCurrentThread):
82         (JSC::MachineThreads::removeThreadIfFound):
83         (JSC::MachineThreads::tryCopyOtherThreadStack):
84         (JSC::MachineThreads::tryCopyOtherThreadStacks):
85         (JSC::MachineThreads::gatherConservativeRoots):
86         * heap/MachineStackMarker.h:
87         * heap/SlotVisitor.cpp:
88         (JSC::SlotVisitor::donateKnownParallel):
89         (JSC::SlotVisitor::drain):
90         (JSC::SlotVisitor::drainFromShared):
91         (JSC::SlotVisitor::mergeOpaqueRoots):
92         * heap/SlotVisitorInlines.h:
93         (JSC::SlotVisitor::containsOpaqueRootTriState):
94         * inspector/remote/RemoteInspectorDebuggableConnection.h:
95         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
96         (Inspector::RemoteInspectorHandleRunSourceGlobal):
97         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
98         (Inspector::RemoteInspectorInitializeGlobalQueue):
99         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
100         (Inspector::RemoteInspectorDebuggableConnection::setup):
101         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
102         (Inspector::RemoteInspectorDebuggableConnection::close):
103         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
104         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
105         * interpreter/JSStack.cpp:
106         (JSC::JSStack::JSStack):
107         (JSC::JSStack::releaseExcessCapacity):
108         (JSC::JSStack::addToCommittedByteCount):
109         (JSC::JSStack::committedByteCount):
110         (JSC::stackStatisticsMutex): Deleted.
111         (JSC::JSStack::initializeThreading): Deleted.
112         * interpreter/JSStack.h:
113         (JSC::JSStack::gatherConservativeRoots):
114         (JSC::JSStack::sanitizeStack):
115         (JSC::JSStack::size):
116         (JSC::JSStack::initializeThreading): Deleted.
117         * jit/ExecutableAllocator.cpp:
118         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
119         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
120         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
121         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
122         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
123         (JSC::DemandExecutableAllocator::allocators):
124         (JSC::DemandExecutableAllocator::allocatorsMutex):
125         * jit/JITThunks.cpp:
126         (JSC::JITThunks::ctiStub):
127         * jit/JITThunks.h:
128         * profiler/ProfilerDatabase.cpp:
129         (JSC::Profiler::Database::ensureBytecodesFor):
130         (JSC::Profiler::Database::notifyDestruction):
131         * profiler/ProfilerDatabase.h:
132         * runtime/InitializeThreading.cpp:
133         (JSC::initializeThreading):
134         * runtime/JSLock.cpp:
135         (JSC::GlobalJSLock::GlobalJSLock):
136         (JSC::GlobalJSLock::~GlobalJSLock):
137         (JSC::JSLockHolder::JSLockHolder):
138         (JSC::GlobalJSLock::initialize): Deleted.
139         * runtime/JSLock.h:
140
141 2015-08-14  Ryosuke Niwa  <rniwa@webkit.org>
142
143         ES6 class syntax should allow computed name method
144         https://bugs.webkit.org/show_bug.cgi?id=142690
145
146         Reviewed by Saam Barati.
147
148         Added a new "attributes" attribute to op_put_getter_by_id, op_put_setter_by_id, op_put_getter_setter to specify
149         the property descriptor options so that we can use use op_put_setter_by_id and op_put_getter_setter to define
150         getters and setters for classes. Without this, getters and setters could erroneously override methods.
151
152         * bytecode/BytecodeList.json:
153         * bytecode/BytecodeUseDef.h:
154         (JSC::computeUsesForBytecodeOffset):
155         * bytecode/CodeBlock.cpp:
156         (JSC::CodeBlock::dumpBytecode):
157         * bytecompiler/BytecodeGenerator.cpp:
158         (JSC::BytecodeGenerator::emitDirectPutById):
159         (JSC::BytecodeGenerator::emitPutGetterById):
160         (JSC::BytecodeGenerator::emitPutSetterById):
161         (JSC::BytecodeGenerator::emitPutGetterSetter):
162         * bytecompiler/BytecodeGenerator.h:
163         * bytecompiler/NodesCodegen.cpp:
164         (JSC::PropertyListNode::emitBytecode): Always use emitPutGetterSetter to emit getters and setters for classes
165         as done for object literals.
166         (JSC::PropertyListNode::emitPutConstantProperty):
167         (JSC::ClassExprNode::emitBytecode):
168         * jit/CCallHelpers.h:
169         (JSC::CCallHelpers::setupArgumentsWithExecState):
170         * jit/JIT.h:
171         * jit/JITInlines.h:
172         (JSC::JIT::callOperation):
173         * jit/JITOperations.cpp:
174         * jit/JITOperations.h:
175         * jit/JITPropertyAccess.cpp:
176         (JSC::JIT::emit_op_put_getter_by_id):
177         (JSC::JIT::emit_op_put_setter_by_id):
178         (JSC::JIT::emit_op_put_getter_setter):
179         (JSC::JIT::emit_op_del_by_id):
180         * jit/JITPropertyAccess32_64.cpp:
181         (JSC::JIT::emit_op_put_getter_by_id):
182         (JSC::JIT::emit_op_put_setter_by_id):
183         (JSC::JIT::emit_op_put_getter_setter):
184         (JSC::JIT::emit_op_del_by_id):
185         * llint/LLIntSlowPaths.cpp:
186         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
187         * llint/LowLevelInterpreter.asm:
188         * parser/ASTBuilder.h:
189         (JSC::ASTBuilder::createProperty):
190         (JSC::ASTBuilder::createPropertyList):
191         * parser/NodeConstructors.h:
192         (JSC::PropertyNode::PropertyNode):
193         * parser/Nodes.h:
194         (JSC::PropertyNode::expressionName):
195         (JSC::PropertyNode::name):
196         * parser/Parser.cpp:
197         (JSC::Parser<LexerType>::parseClass): Added the support for computed property name. We don't support computed names
198         for getters and setters.
199         * parser/SyntaxChecker.h:
200         (JSC::SyntaxChecker::createProperty):
201         * runtime/JSObject.cpp:
202         (JSC::JSObject::allowsAccessFrom):
203         (JSC::JSObject::putGetter):
204         (JSC::JSObject::putSetter):
205         * runtime/JSObject.h:
206         * runtime/PropertyDescriptor.h:
207
208 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
209
210         Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises
211         https://bugs.webkit.org/show_bug.cgi?id=147942
212
213         Reviewed by Geoffrey Garen.
214
215         This patch adds new private global object, @InspectorInstrumentation.
216         It is intended to be used as the namespace object (like Reflect/Math) for Inspector's
217         instrumentation system and it is used to instrument the builtin JS code, like Promises.
218
219         * CMakeLists.txt:
220         * DerivedSources.make:
221         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
222         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
223         * JavaScriptCore.xcodeproj/project.pbxproj:
224         * builtins/InspectorInstrumentationObject.js: Added.
225         (debug):
226         (promiseFulfilled):
227         (promiseRejected):
228         * builtins/Operations.Promise.js:
229         (rejectPromise):
230         (fulfillPromise):
231         * runtime/CommonIdentifiers.h:
232         * runtime/InspectorInstrumentationObject.cpp: Added.
233         (JSC::InspectorInstrumentationObject::InspectorInstrumentationObject):
234         (JSC::InspectorInstrumentationObject::finishCreation):
235         (JSC::InspectorInstrumentationObject::getOwnPropertySlot):
236         (JSC::InspectorInstrumentationObject::isEnabled):
237         (JSC::InspectorInstrumentationObject::enable):
238         (JSC::InspectorInstrumentationObject::disable):
239         (JSC::inspectorInstrumentationObjectDataLogImpl):
240         * runtime/InspectorInstrumentationObject.h: Added.
241         (JSC::InspectorInstrumentationObject::create):
242         (JSC::InspectorInstrumentationObject::createStructure):
243         * runtime/JSGlobalObject.cpp:
244         (JSC::JSGlobalObject::init):
245
246 2015-08-14  Commit Queue  <commit-queue@webkit.org>
247
248         Unreviewed, rolling out r188444.
249         https://bugs.webkit.org/show_bug.cgi?id=148029
250
251         Broke GTK and EFL (see bug #148027) (Requested by philn on
252         #webkit).
253
254         Reverted changeset:
255
256         "Use WTF::Lock and WTF::Condition instead of WTF::Mutex,
257         WTF::ThreadCondition, std::mutex, and std::condition_variable"
258         https://bugs.webkit.org/show_bug.cgi?id=147999
259         http://trac.webkit.org/changeset/188444
260
261 2015-08-13  Filip Pizlo  <fpizlo@apple.com>
262
263         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
264         https://bugs.webkit.org/show_bug.cgi?id=147999
265
266         Reviewed by Geoffrey Garen.
267
268         * API/JSVirtualMachine.mm:
269         (initWrapperCache):
270         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
271         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
272         (wrapperCacheMutex): Deleted.
273         * bytecode/SamplingTool.cpp:
274         (JSC::SamplingTool::doRun):
275         (JSC::SamplingTool::notifyOfScope):
276         * bytecode/SamplingTool.h:
277         * dfg/DFGThreadData.h:
278         * dfg/DFGWorklist.cpp:
279         (JSC::DFG::Worklist::~Worklist):
280         (JSC::DFG::Worklist::isActiveForVM):
281         (JSC::DFG::Worklist::enqueue):
282         (JSC::DFG::Worklist::compilationState):
283         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
284         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
285         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
286         (JSC::DFG::Worklist::visitWeakReferences):
287         (JSC::DFG::Worklist::removeDeadPlans):
288         (JSC::DFG::Worklist::queueLength):
289         (JSC::DFG::Worklist::dump):
290         (JSC::DFG::Worklist::runThread):
291         * dfg/DFGWorklist.h:
292         * disassembler/Disassembler.cpp:
293         * heap/CopiedSpace.cpp:
294         (JSC::CopiedSpace::doneFillingBlock):
295         (JSC::CopiedSpace::doneCopying):
296         * heap/CopiedSpace.h:
297         * heap/CopiedSpaceInlines.h:
298         (JSC::CopiedSpace::recycleBorrowedBlock):
299         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
300         * heap/GCThread.cpp:
301         (JSC::GCThread::waitForNextPhase):
302         (JSC::GCThread::gcThreadMain):
303         * heap/GCThreadSharedData.cpp:
304         (JSC::GCThreadSharedData::GCThreadSharedData):
305         (JSC::GCThreadSharedData::~GCThreadSharedData):
306         (JSC::GCThreadSharedData::startNextPhase):
307         (JSC::GCThreadSharedData::endCurrentPhase):
308         (JSC::GCThreadSharedData::didStartMarking):
309         (JSC::GCThreadSharedData::didFinishMarking):
310         * heap/GCThreadSharedData.h:
311         * heap/HeapTimer.h:
312         * heap/MachineStackMarker.cpp:
313         (JSC::ActiveMachineThreadsManager::Locker::Locker):
314         (JSC::ActiveMachineThreadsManager::add):
315         (JSC::ActiveMachineThreadsManager::remove):
316         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
317         (JSC::MachineThreads::~MachineThreads):
318         (JSC::MachineThreads::addCurrentThread):
319         (JSC::MachineThreads::removeThreadIfFound):
320         (JSC::MachineThreads::tryCopyOtherThreadStack):
321         (JSC::MachineThreads::tryCopyOtherThreadStacks):
322         (JSC::MachineThreads::gatherConservativeRoots):
323         * heap/MachineStackMarker.h:
324         * heap/SlotVisitor.cpp:
325         (JSC::SlotVisitor::donateKnownParallel):
326         (JSC::SlotVisitor::drain):
327         (JSC::SlotVisitor::drainFromShared):
328         (JSC::SlotVisitor::mergeOpaqueRoots):
329         * heap/SlotVisitorInlines.h:
330         (JSC::SlotVisitor::containsOpaqueRootTriState):
331         * inspector/remote/RemoteInspectorDebuggableConnection.h:
332         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
333         (Inspector::RemoteInspectorHandleRunSourceGlobal):
334         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
335         (Inspector::RemoteInspectorInitializeGlobalQueue):
336         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
337         (Inspector::RemoteInspectorDebuggableConnection::setup):
338         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
339         (Inspector::RemoteInspectorDebuggableConnection::close):
340         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
341         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
342         * interpreter/JSStack.cpp:
343         (JSC::JSStack::JSStack):
344         (JSC::JSStack::releaseExcessCapacity):
345         (JSC::JSStack::addToCommittedByteCount):
346         (JSC::JSStack::committedByteCount):
347         (JSC::stackStatisticsMutex): Deleted.
348         (JSC::JSStack::initializeThreading): Deleted.
349         * interpreter/JSStack.h:
350         (JSC::JSStack::gatherConservativeRoots):
351         (JSC::JSStack::sanitizeStack):
352         (JSC::JSStack::size):
353         (JSC::JSStack::initializeThreading): Deleted.
354         * jit/ExecutableAllocator.cpp:
355         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
356         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
357         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
358         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
359         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
360         (JSC::DemandExecutableAllocator::allocators):
361         (JSC::DemandExecutableAllocator::allocatorsMutex):
362         * jit/JITThunks.cpp:
363         (JSC::JITThunks::ctiStub):
364         * jit/JITThunks.h:
365         * profiler/ProfilerDatabase.cpp:
366         (JSC::Profiler::Database::ensureBytecodesFor):
367         (JSC::Profiler::Database::notifyDestruction):
368         * profiler/ProfilerDatabase.h:
369         * runtime/InitializeThreading.cpp:
370         (JSC::initializeThreading):
371         * runtime/JSLock.cpp:
372         (JSC::GlobalJSLock::GlobalJSLock):
373         (JSC::GlobalJSLock::~GlobalJSLock):
374         (JSC::JSLockHolder::JSLockHolder):
375         (JSC::GlobalJSLock::initialize): Deleted.
376         * runtime/JSLock.h:
377
378 2015-08-13  Commit Queue  <commit-queue@webkit.org>
379
380         Unreviewed, rolling out r188428.
381         https://bugs.webkit.org/show_bug.cgi?id=148015
382
383         broke cmake build (Requested by alexchristensen on #webkit).
384
385         Reverted changeset:
386
387         "Move some commands from ./CMakeLists.txt to Source/cmake"
388         https://bugs.webkit.org/show_bug.cgi?id=148003
389         http://trac.webkit.org/changeset/188428
390
391 2015-08-13  Commit Queue  <commit-queue@webkit.org>
392
393         Unreviewed, rolling out r188431.
394         https://bugs.webkit.org/show_bug.cgi?id=148013
395
396         JSC headers are too hard to understand (Requested by smfr on
397         #webkit).
398
399         Reverted changeset:
400
401         "Remove a few includes from JSGlobalObject.h"
402         https://bugs.webkit.org/show_bug.cgi?id=148004
403         http://trac.webkit.org/changeset/188431
404
405 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
406
407         [JSC] Add support for GetByVal on arrays of Undecided shape
408         https://bugs.webkit.org/show_bug.cgi?id=147814
409
410         Reviewed by Filip Pizlo.
411
412         Previously, GetByVal on Array::Undecided would just take
413         the generic path. The problem is the generic path is so
414         slow that it could take a significant amount of time
415         even for unfrequent accesses.
416
417         With this patch, if the following conditions are met,
418         the GetByVal just returns a "undefined" constant:
419         -The object is an OriginalArray.
420         -The prototype chain is sane.
421         -The index is an integer.
422         -The integer is positive (runtime check).
423
424         Ideally, the 4th conditions should be removed
425         deducing a compile-time constant gives us so much better
426         opportunities at getting rid of this code.
427
428         There are two cases where this patch removes the runtime
429         check:
430         -If the index is constant (uncommon but easy)
431         -If the index is within a range known to be positive.
432          (common case and made possible with DFGIntegerRangeOptimizationPhase).
433
434         When we get into those cases, DFG just nukes everything
435         and all we have left is a structure check :)
436
437         This patch is a 14% improvement on audio-beat-detection,
438         a few percent faster here and there and no regression.
439
440         * dfg/DFGAbstractInterpreterInlines.h:
441         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
442         If the index is a positive constant, we can get rid of the GetByVal
443         entirely. :)
444
445         * dfg/DFGArrayMode.cpp:
446         (JSC::DFG::ArrayMode::fromObserved):
447         The returned type is now Array::Undecided + profiling information.
448         The useful type is set in ArrayMode::refine().
449
450         (JSC::DFG::ArrayMode::refine):
451         If we meet the particular set conditions, we speculate an Undecided
452         array type with sane chain. Anything else comes back to Generic.
453
454         (JSC::DFG::ArrayMode::originalArrayStructure):
455         To enable the structure check for Undecided array.
456
457         (JSC::DFG::ArrayMode::alreadyChecked):
458         * dfg/DFGArrayMode.h:
459         (JSC::DFG::ArrayMode::withProfile):
460         (JSC::DFG::ArrayMode::canCSEStorage):
461         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
462         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
463         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
464
465         * dfg/DFGByteCodeParser.cpp:
466         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
467         This is somewhat unrelated.
468
469         Having Array::Undecided on ArrayPush was impossible before
470         since ArrayMode::fromObserved() used to return Array::Generic.
471
472         Now that Array::Undecided is possible, we must make sure not
473         to provide it to ArrayPush since there is no code to handle it
474         properly.
475
476         * dfg/DFGClobberize.h:
477         (JSC::DFG::clobberize):
478         The operation only depends on the index, it is pure.
479
480         * dfg/DFGFixupPhase.cpp:
481         (JSC::DFG::FixupPhase::fixupNode): Deleted.
482         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
483         * dfg/DFGSpeculativeJIT.cpp:
484         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
485         (JSC::DFG::SpeculativeJIT::checkArray):
486         * dfg/DFGSpeculativeJIT32_64.cpp:
487         (JSC::DFG::SpeculativeJIT::compile):
488         * dfg/DFGSpeculativeJIT64.cpp:
489         (JSC::DFG::SpeculativeJIT::compile):
490         * ftl/FTLCapabilities.cpp:
491         (JSC::FTL::canCompile):
492         * ftl/FTLLowerDFGToLLVM.cpp:
493         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
494         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
495         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
496         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
497         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
498         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
499         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
500         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
501
502 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
503
504         Remove a few includes from JSGlobalObject.h
505         https://bugs.webkit.org/show_bug.cgi?id=148004
506
507         Reviewed by Tim Horton.
508         
509         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
510
511         * parser/VariableEnvironment.cpp:
512         * parser/VariableEnvironment.h:
513         * runtime/JSGlobalObject.h:
514         * runtime/Structure.h:
515         * runtime/StructureInlines.h:
516
517 2015-08-13  Alex Christensen  <achristensen@webkit.org>
518
519         Move some commands from ./CMakeLists.txt to Source/cmake
520         https://bugs.webkit.org/show_bug.cgi?id=148003
521
522         Reviewed by Brent Fulgham.
523
524         * CMakeLists.txt:
525         Added commands needed to build JSC by itself.
526
527 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
528
529         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
530         https://bugs.webkit.org/show_bug.cgi?id=147353
531
532         Reviewed by Saam Barati.
533
534         This is the follow-up patch after r188355.
535         It includes the following changes.
536
537         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
538         - Make SourceParseMode to C++ strongly-typed enum.
539         - Fix the comments.
540         - Rename ModuleSpecifier to ModuleName.
541         - Add the type name `ImportEntry` before the C++11 uniform initialization.
542         - Fix the thrown message for duplicate 'default' names.
543         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
544
545         * API/JSScriptRef.cpp:
546         (parseScript):
547         * builtins/BuiltinExecutables.cpp:
548         (JSC::BuiltinExecutables::createExecutableInternal):
549         * bytecode/UnlinkedFunctionExecutable.cpp:
550         (JSC::generateFunctionCodeBlock):
551         * bytecode/UnlinkedFunctionExecutable.h:
552         * bytecompiler/BytecodeGenerator.h:
553         (JSC::BytecodeGenerator::makeFunction):
554         * parser/ASTBuilder.h:
555         (JSC::ASTBuilder::createFunctionMetadata):
556         (JSC::ASTBuilder::createModuleName):
557         (JSC::ASTBuilder::createImportDeclaration):
558         (JSC::ASTBuilder::createExportAllDeclaration):
559         (JSC::ASTBuilder::createExportNamedDeclaration):
560         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
561         * parser/ModuleAnalyzer.cpp:
562         (JSC::ModuleAnalyzer::analyze):
563         * parser/NodeConstructors.h:
564         (JSC::ModuleNameNode::ModuleNameNode):
565         (JSC::ImportDeclarationNode::ImportDeclarationNode):
566         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
567         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
568         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
569         * parser/Nodes.cpp:
570         (JSC::FunctionMetadataNode::FunctionMetadataNode):
571         * parser/Nodes.h:
572         (JSC::StatementNode::isModuleDeclarationNode):
573         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
574         (JSC::ImportDeclarationNode::moduleName):
575         (JSC::ExportAllDeclarationNode::moduleName):
576         (JSC::ExportNamedDeclarationNode::moduleName):
577         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
578         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
579         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
580         * parser/NodesAnalyzeModule.cpp:
581         (JSC::SourceElements::analyzeModule):
582         (JSC::ImportDeclarationNode::analyzeModule):
583         (JSC::ExportAllDeclarationNode::analyzeModule):
584         (JSC::ExportNamedDeclarationNode::analyzeModule):
585         * parser/Parser.cpp:
586         (JSC::Parser<LexerType>::Parser):
587         (JSC::Parser<LexerType>::parseInner):
588         (JSC::Parser<LexerType>::parseModuleSourceElements):
589         (JSC::Parser<LexerType>::parseFunctionBody):
590         (JSC::stringForFunctionMode):
591         (JSC::Parser<LexerType>::parseFunctionParameters):
592         (JSC::Parser<LexerType>::parseFunctionInfo):
593         (JSC::Parser<LexerType>::parseFunctionDeclaration):
594         (JSC::Parser<LexerType>::parseClass):
595         (JSC::Parser<LexerType>::parseModuleName):
596         (JSC::Parser<LexerType>::parseImportDeclaration):
597         (JSC::Parser<LexerType>::parseExportDeclaration):
598         (JSC::Parser<LexerType>::parsePropertyMethod):
599         (JSC::Parser<LexerType>::parseGetterSetter):
600         (JSC::Parser<LexerType>::parsePrimaryExpression):
601         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
602         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
603         * parser/Parser.h:
604         (JSC::Parser<LexerType>::parse):
605         (JSC::parse):
606         * parser/ParserModes.h:
607         (JSC::isFunctionParseMode):
608         (JSC::isModuleParseMode):
609         (JSC::isProgramParseMode):
610         * parser/SyntaxChecker.h:
611         (JSC::SyntaxChecker::createFunctionMetadata):
612         (JSC::SyntaxChecker::createModuleName):
613         (JSC::SyntaxChecker::createImportDeclaration):
614         (JSC::SyntaxChecker::createExportAllDeclaration):
615         (JSC::SyntaxChecker::createExportNamedDeclaration):
616         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
617         * runtime/CodeCache.cpp:
618         (JSC::CodeCache::getGlobalCodeBlock):
619         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
620         * runtime/Completion.cpp:
621         (JSC::checkSyntax):
622         (JSC::checkModuleSyntax):
623         * runtime/Executable.cpp:
624         (JSC::ProgramExecutable::checkSyntax):
625         * tests/stress/modules-syntax-error-with-names.js:
626
627 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
628
629         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
630         https://bugs.webkit.org/show_bug.cgi?id=147966
631
632         Reviewed by Timothy Hatcher.
633
634         * inspector/InjectedScriptSource.js:
635         (InjectedScript.prototype._initialPreview):
636         Renamed to initial preview. This is not a complete preview for
637         this object, and it needs some processing in order to be a
638         complete accurate preview.
639
640         (InjectedScript.RemoteObject.prototype._emptyPreview):
641         This attempts to be an accurate empty preview for the given object.
642         For types with entries, it adds an empty entries list and updates
643         the overflow and lossless properties.
644
645         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
646         Take a generatePreview parameter to generate a full preview or empty preview.
647
648         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
649         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
650         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
651         Take care to avoid cycles.
652
653 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
654
655         Periodic code deletion should delete RegExp code
656         https://bugs.webkit.org/show_bug.cgi?id=147990
657
658         Reviewed by Filip Pizlo.
659
660         The RegExp code cache was created for the sake of simple loops that
661         re-created the same RegExps. It's reasonable to delete it periodically.
662
663         * heap/Heap.cpp:
664         (JSC::Heap::deleteOldCode):
665
666 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
667
668         RegExpCache::finalize should not delete code
669         https://bugs.webkit.org/show_bug.cgi?id=147987
670
671         Reviewed by Mark Lam.
672
673         The RegExp object already knows how to delete its own code in its
674         destructor. Our job is just to clear our stale pointer.
675
676         * runtime/RegExpCache.cpp:
677         (JSC::RegExpCache::finalize):
678         (JSC::RegExpCache::addToStrongCache):
679
680 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
681
682         Standardize on the phrase "delete code"
683         https://bugs.webkit.org/show_bug.cgi?id=147984
684
685         Reviewed by Mark Lam.
686
687         Use "delete" when we talk about throwing away code, as opposed to
688         "invalidate" or "discard".
689
690         * debugger/Debugger.cpp:
691         (JSC::Debugger::forEachCodeBlock):
692         (JSC::Debugger::setSteppingMode):
693         (JSC::Debugger::recompileAllJSFunctions):
694         * heap/Heap.cpp:
695         (JSC::Heap::deleteAllCompiledCode):
696         * inspector/agents/InspectorRuntimeAgent.cpp:
697         (Inspector::recompileAllJSFunctionsForTypeProfiling):
698         * runtime/RegExp.cpp:
699         (JSC::RegExp::match):
700         (JSC::RegExp::deleteCode):
701         (JSC::RegExp::invalidateCode): Deleted.
702         * runtime/RegExp.h:
703         * runtime/RegExpCache.cpp:
704         (JSC::RegExpCache::finalize):
705         (JSC::RegExpCache::addToStrongCache):
706         (JSC::RegExpCache::deleteAllCode):
707         (JSC::RegExpCache::invalidateCode): Deleted.
708         * runtime/RegExpCache.h:
709         * runtime/VM.cpp:
710         (JSC::VM::stopSampling):
711         (JSC::VM::prepareToDeleteCode):
712         (JSC::VM::deleteAllCode):
713         (JSC::VM::setEnabledProfiler):
714         (JSC::VM::prepareToDiscardCode): Deleted.
715         (JSC::VM::discardAllCode): Deleted.
716         * runtime/VM.h:
717         (JSC::VM::apiLock):
718         (JSC::VM::codeCache):
719         * runtime/Watchdog.cpp:
720         (JSC::Watchdog::setTimeLimit):
721
722 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
723
724         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
725         https://bugs.webkit.org/show_bug.cgi?id=147930
726
727         Reviewed by Saam Barati.
728
729         When the passed prototype object to be set is the same to the existing
730         prototype object, [[SetPrototypeOf]] just finishes its operation even
731         if the extensibility of the target object is `false`.
732
733         * runtime/JSGlobalObjectFunctions.cpp:
734         (JSC::globalFuncProtoSetter):
735         * runtime/ObjectConstructor.cpp:
736         (JSC::objectConstructorSetPrototypeOf):
737         * runtime/ReflectObject.cpp:
738         (JSC::reflectObjectSetPrototypeOf):
739         * tests/stress/set-same-prototype.js: Added.
740         (shouldBe):
741         (shouldThrow):
742
743 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
744
745         Removed clearEvalCodeCache()
746         https://bugs.webkit.org/show_bug.cgi?id=147957
747
748         Reviewed by Filip Pizlo.
749
750         It was unused.
751
752         * bytecode/CodeBlock.cpp:
753         (JSC::CodeBlock::linkIncomingCall):
754         (JSC::CodeBlock::install):
755         (JSC::CodeBlock::clearEvalCache): Deleted.
756         * bytecode/CodeBlock.h:
757         (JSC::CodeBlock::numberOfJumpTargets):
758         (JSC::CodeBlock::jumpTarget):
759         (JSC::CodeBlock::numberOfArgumentValueProfiles):
760
761 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
762
763         [ES6] Implement Reflect.defineProperty
764         https://bugs.webkit.org/show_bug.cgi?id=147943
765
766         Reviewed by Saam Barati.
767
768         This patch implements Reflect.defineProperty.
769         The difference from the Object.defineProperty is,
770
771         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
772         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
773         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
774
775         And this patch comments the links to the ES6 spec.
776
777         * builtins/ReflectObject.js:
778         * runtime/ObjectConstructor.cpp:
779         (JSC::toPropertyDescriptor):
780         * runtime/ObjectConstructor.h:
781         * runtime/ReflectObject.cpp:
782         (JSC::reflectObjectDefineProperty):
783         * tests/stress/reflect-define-property.js: Added.
784         (shouldBe):
785         (shouldThrow):
786         (.set getter):
787         (setter):
788         (.get testDescriptor):
789         (.set get var):
790         (.set testDescriptor):
791         (.set get testDescriptor):
792         (.set get shouldThrow):
793         (.get var):
794
795 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
796
797         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
798         https://bugs.webkit.org/show_bug.cgi?id=147950
799
800         Reviewed by Michael Saboff.
801
802         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
803         responsible for memory corruption, since it would sometimes install watchpoints on structures that
804         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
805         entirely since later phases also do constant folding, and they do it without introducing the bug.
806         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
807         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
808         be maximally aggressive in constant-folding whenever possible.
809
810         So, this change now brings back that constant folding rule - for loads from object constants that
811         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
812         tryGetConstantProperty() if we have registered the structure set.
813
814         * dfg/DFGByteCodeParser.cpp:
815         (JSC::DFG::ByteCodeParser::load):
816
817 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
818
819         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
820         https://bugs.webkit.org/show_bug.cgi?id=147353
821
822         Reviewed by Geoffrey Garen.
823
824         This patch implements ModuleRecord and ModuleAnalyzer.
825         ModuleAnalyzer analyzes the produced AST from the parser.
826         By collaborating with the parser, ModuleAnalyzer collects the information
827         that is necessary to request the loading for the dependent modules and
828         construct module's environment and namespace object before executing the actual
829         module body.
830
831         In the parser, we annotate which variable is imported binding and which variable
832         is exported from the current module. This information is leveraged in the ModuleAnalyzer
833         to categorize the export entries.
834
835         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
836         instead of introducing a new TreeContext type. This is because only 2 users use the
837         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
838         enough to switch the context to the SyntaxChecker when parsing the non-module related
839         statement in the preparsing phase.
840
841         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
842         into the JSC shell. By specifying this, the result of analysis is dumped when the module
843         is parsed and analyzed.
844
845         * CMakeLists.txt:
846         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
847         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
848         * JavaScriptCore.xcodeproj/project.pbxproj:
849         * builtins/BuiltinNames.h:
850         * parser/ASTBuilder.h:
851         (JSC::ASTBuilder::createExportDefaultDeclaration):
852         * parser/ModuleAnalyzer.cpp: Added.
853         (JSC::ModuleAnalyzer::ModuleAnalyzer):
854         (JSC::ModuleAnalyzer::exportedBinding):
855         (JSC::ModuleAnalyzer::declareExportAlias):
856         (JSC::ModuleAnalyzer::exportVariable):
857         (JSC::ModuleAnalyzer::analyze):
858         * parser/ModuleAnalyzer.h: Added.
859         (JSC::ModuleAnalyzer::vm):
860         (JSC::ModuleAnalyzer::moduleRecord):
861         * parser/ModuleRecord.cpp: Added.
862         (JSC::printableName):
863         (JSC::ModuleRecord::dump):
864         * parser/ModuleRecord.h: Added.
865         (JSC::ModuleRecord::ImportEntry::isNamespace):
866         (JSC::ModuleRecord::create):
867         (JSC::ModuleRecord::appendRequestedModule):
868         (JSC::ModuleRecord::addImportEntry):
869         (JSC::ModuleRecord::addExportEntry):
870         (JSC::ModuleRecord::addStarExportEntry):
871         * parser/NodeConstructors.h:
872         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
873         (JSC::ImportDeclarationNode::ImportDeclarationNode):
874         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
875         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
876         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
877         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
878         * parser/Nodes.h:
879         (JSC::ExportDefaultDeclarationNode::localName):
880         * parser/NodesAnalyzeModule.cpp: Added.
881         (JSC::ScopeNode::analyzeModule):
882         (JSC::SourceElements::analyzeModule):
883         (JSC::ImportDeclarationNode::analyzeModule):
884         (JSC::ExportAllDeclarationNode::analyzeModule):
885         (JSC::ExportDefaultDeclarationNode::analyzeModule):
886         (JSC::ExportLocalDeclarationNode::analyzeModule):
887         (JSC::ExportNamedDeclarationNode::analyzeModule):
888         * parser/Parser.cpp:
889         (JSC::Parser<LexerType>::parseInner):
890         (JSC::Parser<LexerType>::parseModuleSourceElements):
891         (JSC::Parser<LexerType>::parseVariableDeclarationList):
892         (JSC::Parser<LexerType>::createBindingPattern):
893         (JSC::Parser<LexerType>::parseFunctionDeclaration):
894         (JSC::Parser<LexerType>::parseClassDeclaration):
895         (JSC::Parser<LexerType>::parseImportClauseItem):
896         (JSC::Parser<LexerType>::parseExportSpecifier):
897         (JSC::Parser<LexerType>::parseExportDeclaration):
898         * parser/Parser.h:
899         (JSC::Scope::lexicalVariables):
900         (JSC::Scope::declareLexicalVariable):
901         (JSC::Parser::declareVariable):
902         (JSC::Parser::exportName):
903         (JSC::Parser<LexerType>::parse):
904         (JSC::parse):
905         * parser/ParserModes.h:
906         * parser/SyntaxChecker.h:
907         (JSC::SyntaxChecker::createExportDefaultDeclaration):
908         * parser/VariableEnvironment.cpp:
909         (JSC::VariableEnvironment::markVariableAsImported):
910         (JSC::VariableEnvironment::markVariableAsExported):
911         * parser/VariableEnvironment.h:
912         (JSC::VariableEnvironmentEntry::isExported):
913         (JSC::VariableEnvironmentEntry::isImported):
914         (JSC::VariableEnvironmentEntry::setIsExported):
915         (JSC::VariableEnvironmentEntry::setIsImported):
916         * runtime/CommonIdentifiers.h:
917         * runtime/Completion.cpp:
918         (JSC::checkModuleSyntax):
919         * runtime/Options.h:
920
921 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
922
923         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
924
925         * jit/ExecutableAllocator.h:
926         * jsc.cpp:
927         (GlobalObject::finishCreation):
928         (functionAddressOf):
929         (functionVersion):
930         (functionReleaseExecutableMemory): Deleted.
931         * runtime/VM.cpp:
932         (JSC::StackPreservingRecompiler::operator()):
933         (JSC::VM::throwException):
934         (JSC::VM::updateFTLLargestStackSize):
935         (JSC::VM::gatherConservativeRoots):
936         (JSC::VM::releaseExecutableMemory): Deleted.
937         (JSC::releaseExecutableMemory): Deleted.
938         * runtime/VM.h:
939         (JSC::VM::isCollectorBusy):
940         * runtime/Watchdog.cpp:
941         (JSC::Watchdog::setTimeLimit):
942
943 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
944
945         Roll out r188339, which broke the build.
946
947         Unreviewed.
948
949         * jit/ExecutableAllocator.h:
950         * jsc.cpp:
951         (GlobalObject::finishCreation):
952         (functionReleaseExecutableMemory):
953         * runtime/VM.cpp:
954         (JSC::StackPreservingRecompiler::visit):
955         (JSC::StackPreservingRecompiler::operator()):
956         (JSC::VM::releaseExecutableMemory):
957         (JSC::releaseExecutableMemory):
958         * runtime/VM.h:
959         * runtime/Watchdog.cpp:
960         (JSC::Watchdog::setTimeLimit):
961
962 2015-08-12  Alex Christensen  <achristensen@webkit.org>
963
964         Fix Debug CMake builds on Windows
965         https://bugs.webkit.org/show_bug.cgi?id=147940
966
967         Reviewed by Chris Dumez.
968
969         * PlatformWin.cmake:
970         Copy the plist to the JavaScriptCore.resources directory.
971
972 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
973
974         Remove VM::releaseExecutableMemory
975         https://bugs.webkit.org/show_bug.cgi?id=147915
976
977         Reviewed by Saam Barati.
978
979         releaseExecutableMemory() was only used in one place, where discardAllCode()
980         would work just as well.
981
982         It's confusing to have two slightly different ways to discard code. Also,
983         releaseExecutableMemory() is unused in any production code, and it seems
984         to have bit-rotted.
985
986         * jit/ExecutableAllocator.h:
987         * jsc.cpp:
988         (GlobalObject::finishCreation):
989         (functionAddressOf):
990         (functionVersion):
991         (functionReleaseExecutableMemory): Deleted.
992         * runtime/VM.cpp:
993         (JSC::StackPreservingRecompiler::operator()):
994         (JSC::VM::throwException):
995         (JSC::VM::updateFTLLargestStackSize):
996         (JSC::VM::gatherConservativeRoots):
997         (JSC::VM::releaseExecutableMemory): Deleted.
998         (JSC::releaseExecutableMemory): Deleted.
999         * runtime/VM.h:
1000         (JSC::VM::isCollectorBusy):
1001         * runtime/Watchdog.cpp:
1002         (JSC::Watchdog::setTimeLimit):
1003
1004 2015-08-12  Mark Lam  <mark.lam@apple.com>
1005
1006         Add a JSC option to enable the watchdog for testing.
1007         https://bugs.webkit.org/show_bug.cgi?id=147939
1008
1009         Reviewed by Michael Saboff.
1010
1011         * API/JSContextRef.cpp:
1012         (JSContextGroupSetExecutionTimeLimit):
1013         (createWatchdogIfNeeded): Deleted.
1014         * runtime/Options.h:
1015         * runtime/VM.cpp:
1016         (JSC::VM::VM):
1017         (JSC::VM::~VM):
1018         (JSC::VM::sharedInstanceInternal):
1019         (JSC::VM::ensureWatchdog):
1020         (JSC::thunkGeneratorForIntrinsic):
1021         * runtime/VM.h:
1022
1023 2015-08-11  Mark Lam  <mark.lam@apple.com>
1024
1025         Implementation JavaScript watchdog using WTF::WorkQueue.
1026         https://bugs.webkit.org/show_bug.cgi?id=147107
1027
1028         Reviewed by Geoffrey Garen.
1029
1030         How the Watchdog works?
1031         ======================
1032
1033         1. When do we start the Watchdog?
1034            =============================
1035            The watchdog should only be started if both the following conditions are true:
1036            1. A time limit has been set.
1037            2. We have entered the VM.
1038  
1039         2. CPU time vs Wall Clock time
1040            ===========================
1041            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
1042
1043            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
1044            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
1045            indicates the wall clock time point when the WorkQueue timer is expected to fire.
1046
1047            The time limit for which we allow JS code to run should be measured in CPU time, which can
1048            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
1049            should fire.
1050
1051            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
1052            we need to check if m_cpuDeadline has been reached.
1053
1054            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
1055
1056            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
1057            code to continue to run for.  Hence, we need to start a new timer to fire again after
1058            Tremainder microseconds.
1059     
1060            See Watchdog::didFireSlow().
1061
1062         3. Spurious wake ups
1063            =================
1064            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
1065            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
1066            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
1067            wake ups are considered to be spurious and will be ignored.
1068  
1069            See Watchdog::didFireSlow().
1070  
1071         4. Minimizing Timer creation cost
1072            ==============================
1073            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
1074            than this.
1075  
1076            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
1077            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
1078            time limit. Consider the following example:
1079  
1080                |---|-----|---|----------------|---------|
1081                t0  t1    t2  t3            t0 + L    t2 + L 
1082
1083                |<--- T1 --------------------->|
1084                          |<--- T2 --------------------->|
1085                |<-- Td ->|                    |<-- Td ->|
1086
1087            1. The user initializes the watchdog with time limit L.
1088            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
1089               The timer is set to expire at t0 + L.
1090            3. At t1, we exit the VM.
1091            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
1092          
1093               However, we can note that the expiration time for T2 would be after the expiration time
1094               of T1. Specifically, T2 would have expired at Td after T1 expires.
1095          
1096               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
1097               for a period or Td instead.
1098
1099            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
1100            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
1101            automatically take care of starting a new timer for the difference Td in the example above.
1102            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
1103            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
1104
1105            The benefit:
1106
1107            1. we minimize the number of timer instances we have queued in the workqueue at the same time
1108               (ideally only 1 or 0), and use less peak memory usage.
1109
1110            2. we minimize the frequency of instantiating timer instances. By waiting for the current
1111               active timer to expire first, on average, we get to start one timer per time limit
1112               (which is infrequent because time limits tend to be long) instead of one timer per
1113               VM entry (which tends to be frequent).
1114
1115            See Watchdog::startTimer().
1116
1117         * API/JSContextRef.cpp:
1118         (createWatchdogIfNeeded):
1119         (JSContextGroupClearExecutionTimeLimit):
1120         - No need to create the watchdog (if not already created) just to clear it.
1121           If the watchdog is not created yet, then it is effectively cleared.
1122
1123         * API/tests/ExecutionTimeLimitTest.cpp:
1124         (currentCPUTimeAsJSFunctionCallback):
1125         (testExecutionTimeLimit):
1126         (currentCPUTime): Deleted.
1127         * API/tests/testapi.c:
1128         (main):
1129         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1130         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
1131         - Enable watchdog tests for all platforms.
1132
1133         * CMakeLists.txt:
1134         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1135         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1136         * JavaScriptCore.xcodeproj/project.pbxproj:
1137         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
1138
1139         * PlatformEfl.cmake:
1140
1141         * dfg/DFGByteCodeParser.cpp:
1142         (JSC::DFG::ByteCodeParser::parseBlock):
1143         * dfg/DFGSpeculativeJIT32_64.cpp:
1144         * dfg/DFGSpeculativeJIT64.cpp:
1145         * interpreter/Interpreter.cpp:
1146         (JSC::Interpreter::execute):
1147         (JSC::Interpreter::executeCall):
1148         (JSC::Interpreter::executeConstruct):
1149         * jit/JITOpcodes.cpp:
1150         (JSC::JIT::emit_op_loop_hint):
1151         (JSC::JIT::emitSlow_op_loop_hint):
1152         * jit/JITOperations.cpp:
1153         * llint/LLIntOffsetsExtractor.cpp:
1154         * llint/LLIntSlowPaths.cpp:
1155         * runtime/VM.cpp:
1156         - #include Watchdog.h in these files directly instead of doing it via VM.h.
1157           These saves us from having to recompile the world when we change Watchdog.h.
1158
1159         * runtime/VM.h:
1160         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
1161           thread-safe ref counted.
1162
1163         * runtime/VMEntryScope.cpp:
1164         (JSC::VMEntryScope::VMEntryScope):
1165         (JSC::VMEntryScope::~VMEntryScope):
1166         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
1167           Instead, the VMEntryScope will inform the watchdog of when we have entered and
1168           exited the VM.
1169
1170         * runtime/Watchdog.cpp:
1171         (JSC::currentWallClockTime):
1172         (JSC::Watchdog::Watchdog):
1173         (JSC::Watchdog::hasStartedTimer):
1174         (JSC::Watchdog::setTimeLimit):
1175         (JSC::Watchdog::didFireSlow):
1176         (JSC::Watchdog::hasTimeLimit):
1177         (JSC::Watchdog::fire):
1178         (JSC::Watchdog::enteredVM):
1179         (JSC::Watchdog::exitedVM):
1180
1181         (JSC::Watchdog::startTimer):
1182         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
1183           (from a different thread) even after the VM shuts down.  We need to keep it
1184           alive until the WorkQueue callback completes.
1185
1186           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
1187           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
1188           is done with it.  This ensures that the Watchdog is kept alive until all
1189           WorkQueue callbacks are done.
1190
1191         (JSC::Watchdog::stopTimer):
1192         (JSC::Watchdog::~Watchdog): Deleted.
1193         (JSC::Watchdog::didFire): Deleted.
1194         (JSC::Watchdog::isEnabled): Deleted.
1195         (JSC::Watchdog::arm): Deleted.
1196         (JSC::Watchdog::disarm): Deleted.
1197         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
1198         (JSC::Watchdog::startCountdown): Deleted.
1199         (JSC::Watchdog::stopCountdown): Deleted.
1200         * runtime/Watchdog.h:
1201         (JSC::Watchdog::didFire):
1202         (JSC::Watchdog::timerDidFireAddress):
1203         (JSC::Watchdog::isArmed): Deleted.
1204         (JSC::Watchdog::Scope::Scope): Deleted.
1205         (JSC::Watchdog::Scope::~Scope): Deleted.
1206         * runtime/WatchdogMac.cpp:
1207         (JSC::Watchdog::initTimer): Deleted.
1208         (JSC::Watchdog::destroyTimer): Deleted.
1209         (JSC::Watchdog::startTimer): Deleted.
1210         (JSC::Watchdog::stopTimer): Deleted.
1211         * runtime/WatchdogNone.cpp:
1212         (JSC::Watchdog::initTimer): Deleted.
1213         (JSC::Watchdog::destroyTimer): Deleted.
1214         (JSC::Watchdog::startTimer): Deleted.
1215         (JSC::Watchdog::stopTimer): Deleted.
1216
1217 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1218
1219         Always use a byte-sized lock implementation
1220         https://bugs.webkit.org/show_bug.cgi?id=147908
1221
1222         Reviewed by Geoffrey Garen.
1223
1224         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
1225
1226 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
1227
1228         Make ASan build not depend on asan.xcconfig
1229         https://bugs.webkit.org/show_bug.cgi?id=147840
1230         rdar://problem/21093702
1231
1232         Reviewed by Daniel Bates.
1233
1234         * dfg/DFGOSREntry.cpp:
1235         (JSC::DFG::OSREntryData::dump):
1236         (JSC::DFG::prepareOSREntry):
1237         * ftl/FTLOSREntry.cpp:
1238         (JSC::FTL::prepareOSREntry):
1239         * heap/ConservativeRoots.cpp:
1240         (JSC::ConservativeRoots::genericAddPointer):
1241         (JSC::ConservativeRoots::genericAddSpan):
1242         * heap/MachineStackMarker.cpp:
1243         (JSC::MachineThreads::removeThreadIfFound):
1244         (JSC::MachineThreads::gatherFromCurrentThread):
1245         (JSC::MachineThreads::Thread::captureStack):
1246         (JSC::copyMemory):
1247         * interpreter/Register.h:
1248         (JSC::Register::operator=):
1249         (JSC::Register::asanUnsafeJSValue):
1250         (JSC::Register::jsValue):
1251
1252 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1253
1254         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1255         https://bugs.webkit.org/show_bug.cgi?id=147480
1256
1257         Reviewed by Filip Pizlo.
1258
1259         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1260         The IC site only caches one id. After checking that the given id is the same to the
1261         cached one, we perform the get_by_id IC onto it.
1262         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1263         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1264         operations when the given get_by_val leverages the property load with the cached id.
1265
1266         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1267         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1268         This can be leveraged to optimize symbol operations in DFG.
1269
1270         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1271         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1272         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1273         argument ArrayProfile* in the operations with ByValInfo*.
1274
1275         * bytecode/ByValInfo.h:
1276         (JSC::ByValInfo::ByValInfo):
1277         * bytecode/CodeBlock.cpp:
1278         (JSC::CodeBlock::getByValInfoMap):
1279         (JSC::CodeBlock::addByValInfo):
1280         * bytecode/CodeBlock.h:
1281         (JSC::CodeBlock::getByValInfo): Deleted.
1282         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1283         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1284         (JSC::CodeBlock::byValInfo): Deleted.
1285         * bytecode/ExitKind.cpp:
1286         (JSC::exitKindToString):
1287         * bytecode/ExitKind.h:
1288         * bytecode/GetByIdStatus.cpp:
1289         (JSC::GetByIdStatus::computeFor):
1290         (JSC::GetByIdStatus::computeForStubInfo):
1291         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1292         * bytecode/GetByIdStatus.h:
1293         * dfg/DFGAbstractInterpreterInlines.h:
1294         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1295         * dfg/DFGByteCodeParser.cpp:
1296         (JSC::DFG::ByteCodeParser::parseBlock):
1297         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1298         * dfg/DFGClobberize.h:
1299         (JSC::DFG::clobberize):
1300         * dfg/DFGConstantFoldingPhase.cpp:
1301         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1302         * dfg/DFGDoesGC.cpp:
1303         (JSC::DFG::doesGC):
1304         * dfg/DFGFixupPhase.cpp:
1305         (JSC::DFG::FixupPhase::fixupNode):
1306         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1307         * dfg/DFGNode.h:
1308         (JSC::DFG::Node::hasUidOperand):
1309         (JSC::DFG::Node::uidOperand):
1310         * dfg/DFGNodeType.h:
1311         * dfg/DFGPredictionPropagationPhase.cpp:
1312         (JSC::DFG::PredictionPropagationPhase::propagate):
1313         * dfg/DFGSafeToExecute.h:
1314         (JSC::DFG::SafeToExecuteEdge::operator()):
1315         (JSC::DFG::safeToExecute):
1316         * dfg/DFGSpeculativeJIT.cpp:
1317         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1318         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1319         (JSC::DFG::SpeculativeJIT::speculate):
1320         * dfg/DFGSpeculativeJIT.h:
1321         * dfg/DFGSpeculativeJIT32_64.cpp:
1322         (JSC::DFG::SpeculativeJIT::compile):
1323         * dfg/DFGSpeculativeJIT64.cpp:
1324         (JSC::DFG::SpeculativeJIT::compile):
1325         * dfg/DFGUseKind.cpp:
1326         (WTF::printInternal):
1327         * dfg/DFGUseKind.h:
1328         (JSC::DFG::typeFilterFor):
1329         (JSC::DFG::isCell):
1330         * ftl/FTLAbstractHeapRepository.h:
1331         * ftl/FTLCapabilities.cpp:
1332         (JSC::FTL::canCompile):
1333         * ftl/FTLLowerDFGToLLVM.cpp:
1334         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1335         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1336         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1337         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1338         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1339         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1340         * jit/JIT.cpp:
1341         (JSC::JIT::privateCompile):
1342         * jit/JIT.h:
1343         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1344         (JSC::JIT::compileGetByValWithCachedId):
1345         * jit/JITInlines.h:
1346         (JSC::JIT::callOperation):
1347         * jit/JITOpcodes.cpp:
1348         (JSC::JIT::emit_op_has_indexed_property):
1349         (JSC::JIT::emitSlow_op_has_indexed_property):
1350         * jit/JITOpcodes32_64.cpp:
1351         (JSC::JIT::emit_op_has_indexed_property):
1352         (JSC::JIT::emitSlow_op_has_indexed_property):
1353         * jit/JITOperations.cpp:
1354         (JSC::getByVal):
1355         * jit/JITOperations.h:
1356         * jit/JITPropertyAccess.cpp:
1357         (JSC::JIT::emit_op_get_by_val):
1358         (JSC::JIT::emitGetByValWithCachedId):
1359         (JSC::JIT::emitSlow_op_get_by_val):
1360         (JSC::JIT::emit_op_put_by_val):
1361         (JSC::JIT::emitSlow_op_put_by_val):
1362         (JSC::JIT::privateCompileGetByVal):
1363         (JSC::JIT::privateCompileGetByValWithCachedId):
1364         * jit/JITPropertyAccess32_64.cpp:
1365         (JSC::JIT::emit_op_get_by_val):
1366         (JSC::JIT::emitGetByValWithCachedId):
1367         (JSC::JIT::emitSlow_op_get_by_val):
1368         (JSC::JIT::emit_op_put_by_val):
1369         (JSC::JIT::emitSlow_op_put_by_val):
1370         * runtime/Symbol.h:
1371         * tests/stress/get-by-val-with-string-constructor.js: Added.
1372         (Hello):
1373         (get Hello.prototype.generate):
1374         (ok):
1375         * tests/stress/get-by-val-with-string-exit.js: Added.
1376         (shouldBe):
1377         (getByVal):
1378         (getStr1):
1379         (getStr2):
1380         * tests/stress/get-by-val-with-string-generated.js: Added.
1381         (shouldBe):
1382         (getByVal):
1383         (getStr1):
1384         (getStr2):
1385         * tests/stress/get-by-val-with-string-getter.js: Added.
1386         (object.get hello):
1387         (ok):
1388         * tests/stress/get-by-val-with-string.js: Added.
1389         (shouldBe):
1390         (getByVal):
1391         (getStr1):
1392         (getStr2):
1393         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1394         (Hello):
1395         (get Hello.prototype.generate):
1396         (ok):
1397         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1398         (shouldBe):
1399         (getByVal):
1400         (getSym1):
1401         (getSym2):
1402         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1403         (object.get hello):
1404         (.get ok):
1405         * tests/stress/get-by-val-with-symbol.js: Added.
1406         (shouldBe):
1407         (getByVal):
1408         (getSym1):
1409         (getSym2):
1410
1411 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1412
1413         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
1414         https://bugs.webkit.org/show_bug.cgi?id=147891
1415         rdar://problem/22129447
1416
1417         Reviewed by Mark Lam.
1418
1419         * dfg/DFGByteCodeParser.cpp:
1420         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
1421         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
1422         * dfg/DFGGraph.cpp:
1423         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
1424         * dfg/DFGStructureRegistrationPhase.cpp:
1425         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
1426
1427 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1428
1429         [Win] Switch Windows build to Visual Studio 2015
1430         https://bugs.webkit.org/show_bug.cgi?id=147887
1431         <rdar://problem/22235098>
1432
1433         Reviewed by Alex Christensen.
1434
1435         Update Visual Studio project file settings to use the current Visual
1436         Studio and compiler. Continue targeting binaries to run on our minimum
1437         supported configuration of Windows 7.
1438
1439         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1440         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
1441         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
1442         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
1443         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
1444         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
1445         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
1446         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
1447         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1448         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
1449         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1450         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
1451
1452 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
1453
1454         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
1455         https://bugs.webkit.org/show_bug.cgi?id=147665
1456
1457         Reviewed by Mark Lam.
1458
1459         Replace ByteSpinLock with ByteLock.
1460
1461         * runtime/ConcurrentJITLock.h:
1462
1463 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1464
1465         Numeric setter on prototype doesn't get called.
1466         https://bugs.webkit.org/show_bug.cgi?id=144252
1467
1468         Reviewed by Darin Adler.
1469
1470         When switching the blank indexing type to the other one in putByIndex,
1471         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
1472         it to the slow put indexing type and reloop the putByIndex since there may
1473         be some indexing accessor in the prototype chain. Previously, we just set
1474         the value into the allocated vector.
1475
1476         In the putDirectIndex case, we just store the value to the vector.
1477         This is because putDirectIndex is the operation to store the own property
1478         and it does not check the accessors in the prototype chain.
1479
1480         * runtime/JSObject.cpp:
1481         (JSC::JSObject::putByIndexBeyondVectorLength):
1482         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
1483         (shouldBe):
1484         (Trace):
1485         (Trace.prototype.trace):
1486         (Trace.prototype.get count):
1487         (.):
1488         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
1489         (shouldBe):
1490         (Trace):
1491         (Trace.prototype.trace):
1492         (Trace.prototype.get count):
1493         (.):
1494         * tests/stress/numeric-setter-on-prototype.js: Added.
1495         (shouldBe):
1496         (Trace):
1497         (Trace.prototype.trace):
1498         (Trace.prototype.get count):
1499         (.z.__proto__.set 3):
1500         * tests/stress/numeric-setter-on-self.js: Added.
1501         (shouldBe):
1502         (Trace):
1503         (Trace.prototype.trace):
1504         (Trace.prototype.get count):
1505         (.y.set 2):
1506
1507 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1508
1509         [Win] Unreviewed gardening.
1510
1511         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
1512         file references so they appear in the proper IDE locations.
1513
1514 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1515
1516         Unreviewed windows build fix for VS2015.
1517
1518         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
1519
1520 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1521
1522         [ES6] Implement Reflect.has
1523         https://bugs.webkit.org/show_bug.cgi?id=147875
1524
1525         Reviewed by Sam Weinig.
1526
1527         This patch implements Reflect.has[1].
1528         Since the semantics is the same to the `in` operator in the JS[2],
1529         we can implement it in builtin JS code.
1530
1531         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
1532         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
1533
1534         * builtins/ReflectObject.js:
1535         (has):
1536         * runtime/ReflectObject.cpp:
1537         * tests/stress/reflect-has.js: Added.
1538         (shouldBe):
1539         (shouldThrow):
1540
1541 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1542
1543         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
1544         https://bugs.webkit.org/show_bug.cgi?id=147874
1545
1546         Reviewed by Darin Adler.
1547
1548         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
1549         The difference from the Object.* one is
1550
1551         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
1552         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
1553
1554         * runtime/ObjectConstructor.cpp:
1555         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
1556         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
1557         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
1558         (JSC::objectConstructorGetPrototypeOf):
1559         * runtime/ObjectConstructor.h:
1560         * runtime/ReflectObject.cpp:
1561         (JSC::reflectObjectGetPrototypeOf):
1562         (JSC::reflectObjectSetPrototypeOf):
1563         * tests/stress/reflect-get-prototype-of.js: Added.
1564         (shouldBe):
1565         (shouldThrow):
1566         (Base):
1567         (Derived):
1568         * tests/stress/reflect-set-prototype-of.js: Added.
1569         (shouldBe):
1570         (shouldThrow):
1571
1572 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
1573
1574         Fix debug build when optimization is enabled
1575         https://bugs.webkit.org/show_bug.cgi?id=147816
1576
1577         Reviewed by Alexey Proskuryakov.
1578
1579         * llint/LLIntEntrypoint.cpp:
1580         * runtime/FunctionExecutableDump.cpp:
1581
1582 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1583
1584         Ensure that Reflect.enumerate does not produce the deleted keys
1585         https://bugs.webkit.org/show_bug.cgi?id=147677
1586
1587         Reviewed by Darin Adler.
1588
1589         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
1590
1591         * tests/stress/reflect-enumerate.js:
1592
1593 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
1594
1595         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
1596         https://bugs.webkit.org/show_bug.cgi?id=147856
1597
1598         Reviewed by Saam Barati.
1599
1600         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
1601
1602         * CMakeLists.txt:
1603         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1604         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1605         * JavaScriptCore.xcodeproj/project.pbxproj:
1606         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1607         (JSC::ExecutableInfo::ExecutableInfo):
1608         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1609         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1610         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1611         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1612         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1613         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1614         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1615         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1616         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1617         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1618         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1619         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1620         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1621         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1622         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1623         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1624         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1625         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1626         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1627         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1628         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1629         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1630         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1631         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1632         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1633         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1634         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1635         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1636         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1637         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1638         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1639         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1640         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1641         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1642         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1643         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1644         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1645         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1646         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1647         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1648         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1649         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1650         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1651         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1652         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1653         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1654         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1655         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1656         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1657         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1658         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1659         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1660         (JSC::UnlinkedCodeBlock::vm): Deleted.
1661         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1662         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1663         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1664         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1665         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1666         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1667         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1668         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1669         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1670         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1671         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1672         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1673         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1674         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1675         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1676         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1677         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1678         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1679         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1680         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1681         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1682         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1683         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1684         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1685         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1686         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1687         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1688         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1689         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1690         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1691         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1692         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1693         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1694         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1695         * bytecode/UnlinkedCodeBlock.cpp:
1696         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1697         (JSC::generateFunctionCodeBlock): Deleted.
1698         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
1699         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
1700         (JSC::UnlinkedFunctionExecutable::link): Deleted.
1701         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
1702         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
1703         * bytecode/UnlinkedCodeBlock.h:
1704         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1705         (JSC::ExecutableInfo::needsActivation): Deleted.
1706         (JSC::ExecutableInfo::usesEval): Deleted.
1707         (JSC::ExecutableInfo::isStrictMode): Deleted.
1708         (JSC::ExecutableInfo::isConstructor): Deleted.
1709         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1710         (JSC::ExecutableInfo::constructorKind): Deleted.
1711         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
1712         (JSC::generateFunctionCodeBlock):
1713         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1714         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
1715         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
1716         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
1717         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
1718         (JSC::dumpLineColumnEntry): Deleted.
1719         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
1720         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
1721         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
1722         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
1723         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
1724         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
1725         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
1726         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
1727         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
1728         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
1729         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
1730         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
1731         (JSC::UnlinkedCodeBlock::instructions): Deleted.
1732         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1733         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1734         (JSC::ExecutableInfo::needsActivation): Deleted.
1735         (JSC::ExecutableInfo::usesEval): Deleted.
1736         (JSC::ExecutableInfo::isStrictMode): Deleted.
1737         (JSC::ExecutableInfo::isConstructor): Deleted.
1738         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1739         (JSC::ExecutableInfo::constructorKind): Deleted.
1740         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1741         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1742         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1743         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1744         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1745         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1746         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1747         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1748         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1749         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1750         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1751         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1752         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1753         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1754         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1755         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1756         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1757         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1758         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1759         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1760         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1761         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1762         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1763         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1764         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1765         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1766         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1767         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1768         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1769         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1770         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1771         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1772         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1773         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1774         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1775         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1776         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1777         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1778         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1779         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1780         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1781         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1782         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1783         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1784         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1785         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1786         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1787         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1788         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1789         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1790         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1791         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1792         (JSC::UnlinkedCodeBlock::vm): Deleted.
1793         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1794         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1795         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1796         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1797         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1798         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1799         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1800         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1801         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1802         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1803         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1804         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1805         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1806         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1807         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1808         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1809         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1810         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1811         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1812         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1813         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1814         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1815         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1816         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1817         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1818         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1819         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1820         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1821         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1822         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1823         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1824         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1825         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1826         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1827         * runtime/Executable.h:
1828
1829 2015-08-10  Mark Lam  <mark.lam@apple.com>
1830
1831         Refactor LiveObjectList and LiveObjectData into their own files.
1832         https://bugs.webkit.org/show_bug.cgi?id=147843
1833
1834         Reviewed by Saam Barati.
1835
1836         There is no behavior change in this patch.
1837
1838         * CMakeLists.txt:
1839         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1840         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1841         * JavaScriptCore.xcodeproj/project.pbxproj:
1842         * heap/HeapVerifier.cpp:
1843         (JSC::HeapVerifier::HeapVerifier):
1844         (JSC::LiveObjectList::findObject): Deleted.
1845         * heap/HeapVerifier.h:
1846         (JSC::LiveObjectData::LiveObjectData): Deleted.
1847         (JSC::LiveObjectList::LiveObjectList): Deleted.
1848         (JSC::LiveObjectList::reset): Deleted.
1849         * heap/LiveObjectData.h: Added.
1850         (JSC::LiveObjectData::LiveObjectData):
1851         * heap/LiveObjectList.cpp: Added.
1852         (JSC::LiveObjectList::findObject):
1853         * heap/LiveObjectList.h: Added.
1854         (JSC::LiveObjectList::LiveObjectList):
1855         (JSC::LiveObjectList::reset):
1856
1857 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1858
1859         Let's rename FunctionBodyNode
1860         https://bugs.webkit.org/show_bug.cgi?id=147292
1861
1862         Reviewed by Mark Lam & Saam Barati.
1863
1864         FunctionBodyNode => FunctionMetadataNode
1865
1866         Make FunctionMetadataNode inherit from Node instead of StatementNode
1867         because a FunctionMetadataNode can appear in expression context and does
1868         not have a next statement.
1869
1870         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1871         and to retain "Node" in its name, because it really is a parsing
1872         construct, and we transform its data before consuming it elsewhere.
1873
1874         There is still room for a future patch to distill and simplify the
1875         metadata we track about functions between FunDeclNode/FuncExprNode,
1876         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1877
1878         * builtins/BuiltinExecutables.cpp:
1879         (JSC::BuiltinExecutables::createExecutableInternal):
1880         * bytecode/UnlinkedCodeBlock.cpp:
1881         (JSC::generateFunctionCodeBlock):
1882         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1883         * bytecode/UnlinkedCodeBlock.h:
1884         * bytecompiler/BytecodeGenerator.cpp:
1885         (JSC::BytecodeGenerator::generate):
1886         (JSC::BytecodeGenerator::BytecodeGenerator):
1887         (JSC::BytecodeGenerator::emitNewArray):
1888         (JSC::BytecodeGenerator::emitNewFunction):
1889         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1890         * bytecompiler/BytecodeGenerator.h:
1891         (JSC::BytecodeGenerator::makeFunction):
1892         * bytecompiler/NodesCodegen.cpp:
1893         (JSC::EvalNode::emitBytecode):
1894         (JSC::FunctionNode::emitBytecode):
1895         (JSC::FunctionBodyNode::emitBytecode): Deleted.
1896         * parser/ASTBuilder.h:
1897         (JSC::ASTBuilder::createFunctionExpr):
1898         (JSC::ASTBuilder::createFunctionBody):
1899         * parser/NodeConstructors.h:
1900         (JSC::FunctionParameters::FunctionParameters):
1901         (JSC::FuncExprNode::FuncExprNode):
1902         (JSC::FuncDeclNode::FuncDeclNode):
1903         * parser/Nodes.cpp:
1904         (JSC::EvalNode::EvalNode):
1905         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1906         (JSC::FunctionMetadataNode::finishParsing):
1907         (JSC::FunctionMetadataNode::setEndPosition):
1908         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
1909         (JSC::FunctionBodyNode::finishParsing): Deleted.
1910         (JSC::FunctionBodyNode::setEndPosition): Deleted.
1911         * parser/Nodes.h:
1912         (JSC::FuncExprNode::body):
1913         (JSC::FuncDeclNode::body):
1914         * parser/Parser.h:
1915         (JSC::Parser::isFunctionMetadataNode):
1916         (JSC::Parser::next):
1917         (JSC::Parser<LexerType>::parse):
1918         (JSC::Parser::isFunctionBodyNode): Deleted.
1919         * runtime/CodeCache.cpp:
1920         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1921         * runtime/CodeCache.h:
1922
1923 2015-08-09  Chris Dumez  <cdumez@apple.com>
1924
1925         Regression(r188105): Seems to have caused crashes during PLT on some iPads
1926         https://bugs.webkit.org/show_bug.cgi?id=147818
1927
1928         Unreviewed, roll out r188105.
1929
1930         * bytecode/ByValInfo.h:
1931         (JSC::ByValInfo::ByValInfo):
1932         * bytecode/CodeBlock.cpp:
1933         (JSC::CodeBlock::getByValInfoMap): Deleted.
1934         (JSC::CodeBlock::addByValInfo): Deleted.
1935         * bytecode/CodeBlock.h:
1936         (JSC::CodeBlock::getByValInfo):
1937         (JSC::CodeBlock::setNumberOfByValInfos):
1938         (JSC::CodeBlock::numberOfByValInfos):
1939         (JSC::CodeBlock::byValInfo):
1940         * bytecode/ExitKind.cpp:
1941         (JSC::exitKindToString): Deleted.
1942         * bytecode/ExitKind.h:
1943         * bytecode/GetByIdStatus.cpp:
1944         (JSC::GetByIdStatus::computeFor):
1945         (JSC::GetByIdStatus::computeForStubInfo):
1946         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
1947         * bytecode/GetByIdStatus.h:
1948         * dfg/DFGAbstractInterpreterInlines.h:
1949         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1950         * dfg/DFGByteCodeParser.cpp:
1951         (JSC::DFG::ByteCodeParser::parseBlock):
1952         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
1953         * dfg/DFGClobberize.h:
1954         (JSC::DFG::clobberize): Deleted.
1955         * dfg/DFGConstantFoldingPhase.cpp:
1956         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
1957         * dfg/DFGDoesGC.cpp:
1958         (JSC::DFG::doesGC): Deleted.
1959         * dfg/DFGFixupPhase.cpp:
1960         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1961         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
1962         * dfg/DFGNode.h:
1963         (JSC::DFG::Node::hasUidOperand): Deleted.
1964         (JSC::DFG::Node::uidOperand): Deleted.
1965         * dfg/DFGNodeType.h:
1966         * dfg/DFGPredictionPropagationPhase.cpp:
1967         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1968         * dfg/DFGSafeToExecute.h:
1969         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
1970         (JSC::DFG::safeToExecute): Deleted.
1971         * dfg/DFGSpeculativeJIT.cpp:
1972         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1973         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1974         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1975         * dfg/DFGSpeculativeJIT.h:
1976         * dfg/DFGSpeculativeJIT32_64.cpp:
1977         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1978         * dfg/DFGSpeculativeJIT64.cpp:
1979         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1980         * dfg/DFGUseKind.cpp:
1981         (WTF::printInternal): Deleted.
1982         * dfg/DFGUseKind.h:
1983         (JSC::DFG::typeFilterFor): Deleted.
1984         (JSC::DFG::isCell): Deleted.
1985         * ftl/FTLAbstractHeapRepository.h:
1986         * ftl/FTLCapabilities.cpp:
1987         (JSC::FTL::canCompile): Deleted.
1988         * ftl/FTLLowerDFGToLLVM.cpp:
1989         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1990         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1991         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1992         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1993         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1994         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1995         * jit/JIT.cpp:
1996         (JSC::JIT::privateCompile):
1997         * jit/JIT.h:
1998         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1999         (JSC::JIT::compileGetByValWithCachedId): Deleted.
2000         * jit/JITInlines.h:
2001         (JSC::JIT::callOperation): Deleted.
2002         * jit/JITOpcodes.cpp:
2003         (JSC::JIT::emit_op_has_indexed_property):
2004         (JSC::JIT::emitSlow_op_has_indexed_property):
2005         * jit/JITOpcodes32_64.cpp:
2006         (JSC::JIT::emit_op_has_indexed_property):
2007         (JSC::JIT::emitSlow_op_has_indexed_property):
2008         * jit/JITOperations.cpp:
2009         (JSC::getByVal):
2010         * jit/JITOperations.h:
2011         * jit/JITPropertyAccess.cpp:
2012         (JSC::JIT::emit_op_get_by_val):
2013         (JSC::JIT::emitSlow_op_get_by_val):
2014         (JSC::JIT::emit_op_put_by_val):
2015         (JSC::JIT::emitSlow_op_put_by_val):
2016         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2017         (JSC::JIT::privateCompileGetByVal): Deleted.
2018         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
2019         * jit/JITPropertyAccess32_64.cpp:
2020         (JSC::JIT::emit_op_get_by_val):
2021         (JSC::JIT::emitSlow_op_get_by_val):
2022         (JSC::JIT::emit_op_put_by_val):
2023         (JSC::JIT::emitSlow_op_put_by_val):
2024         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2025         * runtime/Symbol.h:
2026         * tests/stress/get-by-val-with-string-constructor.js: Removed.
2027         * tests/stress/get-by-val-with-string-exit.js: Removed.
2028         * tests/stress/get-by-val-with-string-generated.js: Removed.
2029         * tests/stress/get-by-val-with-string-getter.js: Removed.
2030         * tests/stress/get-by-val-with-string.js: Removed.
2031         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
2032         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
2033         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
2034         * tests/stress/get-by-val-with-symbol.js: Removed.
2035
2036 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2037
2038         Reduce uses of PassRefPtr in bindings
2039         https://bugs.webkit.org/show_bug.cgi?id=147781
2040
2041         Reviewed by Chris Dumez.
2042
2043         Use RefPtr when function can return null or an instance. If not, Ref is used.
2044
2045         * runtime/JSGenericTypedArrayView.h:
2046         (JSC::toNativeTypedView):
2047
2048 2015-08-07  Alex Christensen  <achristensen@webkit.org>
2049
2050         Build more testing binaries with CMake on Windows
2051         https://bugs.webkit.org/show_bug.cgi?id=147799
2052
2053         Reviewed by Brent Fulgham.
2054
2055         * shell/PlatformWin.cmake: Added.
2056         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
2057
2058 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
2059
2060         Lightweight locks should be adaptive
2061         https://bugs.webkit.org/show_bug.cgi?id=147545
2062
2063         Reviewed by Geoffrey Garen.
2064
2065         * dfg/DFGCommon.cpp:
2066         (JSC::DFG::startCrashing):
2067         * heap/CopiedBlock.h:
2068         (JSC::CopiedBlock::workListLock):
2069         * heap/CopiedBlockInlines.h:
2070         (JSC::CopiedBlock::shouldReportLiveBytes):
2071         (JSC::CopiedBlock::reportLiveBytes):
2072         * heap/CopiedSpace.cpp:
2073         (JSC::CopiedSpace::doneFillingBlock):
2074         * heap/CopiedSpace.h:
2075         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
2076         * heap/CopiedSpaceInlines.h:
2077         (JSC::CopiedSpace::recycleEvacuatedBlock):
2078         * heap/GCThreadSharedData.cpp:
2079         (JSC::GCThreadSharedData::didStartCopying):
2080         * heap/GCThreadSharedData.h:
2081         (JSC::GCThreadSharedData::getNextBlocksToCopy):
2082         * heap/ListableHandler.h:
2083         (JSC::ListableHandler::List::addThreadSafe):
2084         (JSC::ListableHandler::List::addNotThreadSafe):
2085         * heap/MachineStackMarker.cpp:
2086         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2087         * heap/SlotVisitorInlines.h:
2088         (JSC::SlotVisitor::copyLater):
2089         * parser/SourceProvider.cpp:
2090         (JSC::SourceProvider::~SourceProvider):
2091         (JSC::SourceProvider::getID):
2092         * profiler/ProfilerDatabase.cpp:
2093         (JSC::Profiler::Database::addDatabaseToAtExit):
2094         (JSC::Profiler::Database::removeDatabaseFromAtExit):
2095         (JSC::Profiler::Database::removeFirstAtExitDatabase):
2096         * runtime/TypeProfilerLog.h:
2097
2098 2015-08-07  Mark Lam  <mark.lam@apple.com>
2099
2100         Rename some variables in the JSC watchdog implementation.
2101         https://bugs.webkit.org/show_bug.cgi?id=147790
2102
2103         Rubber stamped by Benjamin Poulain.
2104
2105         This is just a refactoring patch to give the variable better names that describe their
2106         intended use.  There is no behavior change.
2107
2108         * runtime/Watchdog.cpp:
2109         (JSC::Watchdog::Watchdog):
2110         (JSC::Watchdog::setTimeLimit):
2111         (JSC::Watchdog::didFire):
2112         (JSC::Watchdog::isEnabled):
2113         (JSC::Watchdog::fire):
2114         (JSC::Watchdog::startCountdownIfNeeded):
2115         * runtime/Watchdog.h:
2116
2117 2015-08-07  Saam barati  <saambarati1@gmail.com>
2118
2119         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
2120         https://bugs.webkit.org/show_bug.cgi?id=147666
2121
2122         Reviewed by Geoffrey Garen.
2123
2124         If we make the bytecode generator know about every local scope it 
2125         creates, and if we give each local scope a unique register, the
2126         bytecode generator has all the information it needs to assign
2127         the correct scope to a catch handler. Because the bytecode generator
2128         knows this information, it's a better separation of responsibilties
2129         for it to set up the proper scope instead of relying on the exception
2130         handling runtime to find the scope.
2131
2132         * bytecode/BytecodeList.json:
2133         * bytecode/BytecodeUseDef.h:
2134         (JSC::computeUsesForBytecodeOffset):
2135         * bytecode/CodeBlock.cpp:
2136         (JSC::CodeBlock::dumpBytecode):
2137         (JSC::CodeBlock::CodeBlock):
2138         * bytecode/HandlerInfo.h:
2139         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
2140         (JSC::HandlerInfo::initialize):
2141         * bytecompiler/BytecodeGenerator.cpp:
2142         (JSC::BytecodeGenerator::generate):
2143         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2144         (JSC::BytecodeGenerator::emitGetScope):
2145         (JSC::BytecodeGenerator::emitPushWithScope):
2146         (JSC::BytecodeGenerator::emitGetParentScope):
2147         (JSC::BytecodeGenerator::emitPopScope):
2148         (JSC::BytecodeGenerator::emitPopWithScope):
2149         (JSC::BytecodeGenerator::allocateAndEmitScope):
2150         (JSC::BytecodeGenerator::emitComplexPopScopes):
2151         (JSC::BytecodeGenerator::pushTry):
2152         (JSC::BytecodeGenerator::popTryAndEmitCatch):
2153         (JSC::BytecodeGenerator::localScopeDepth):
2154         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
2155         * bytecompiler/BytecodeGenerator.h:
2156         * bytecompiler/NodesCodegen.cpp:
2157         (JSC::WithNode::emitBytecode):
2158         * interpreter/Interpreter.cpp:
2159         (JSC::Interpreter::unwind):
2160         * jit/JITOpcodes.cpp:
2161         (JSC::JIT::emit_op_push_with_scope):
2162         (JSC::JIT::compileOpStrictEq):
2163         * jit/JITOpcodes32_64.cpp:
2164         (JSC::JIT::emit_op_push_with_scope):
2165         (JSC::JIT::emit_op_to_number):
2166         * jit/JITOperations.cpp:
2167         * jit/JITOperations.h:
2168         * llint/LLIntSlowPaths.cpp:
2169         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2170         * llint/LLIntSlowPaths.h:
2171         * llint/LowLevelInterpreter.asm:
2172         * runtime/CommonSlowPaths.cpp:
2173         (JSC::SLOW_PATH_DECL):
2174         * runtime/CommonSlowPaths.h:
2175         * runtime/JSScope.cpp:
2176         (JSC::JSScope::objectAtScope):
2177         (JSC::isUnscopable):
2178         (JSC::JSScope::depth): Deleted.
2179         * runtime/JSScope.h:
2180
2181 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2182
2183         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
2184         https://bugs.webkit.org/show_bug.cgi?id=147761
2185
2186         Reviewed by Mark Lam.
2187
2188         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
2189         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
2190         it truncates the immediate pointer into the 32bit immediate.
2191         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
2192
2193         * assembler/MacroAssemblerARM64.h:
2194         (JSC::MacroAssemblerARM64::patchableBranchPtr):
2195         (JSC::MacroAssemblerARM64::patchableBranch64):
2196         * assembler/MacroAssemblerX86_64.h:
2197         (JSC::MacroAssemblerX86_64::patchableBranch64):
2198         * jit/JIT.h:
2199         * jit/JITInlines.h:
2200         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
2201         * jit/JITPropertyAccess.cpp:
2202         (JSC::JIT::emit_op_get_by_val):
2203
2204 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2205
2206         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
2207         https://bugs.webkit.org/show_bug.cgi?id=147480
2208
2209         Reviewed by Filip Pizlo.
2210
2211         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
2212         The IC site only caches one id. After checking that the given id is the same to the
2213         cached one, we perform the get_by_id IC onto it.
2214         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
2215         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
2216         operations when the given get_by_val leverages the property load with the cached id.
2217
2218         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
2219         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
2220         This can be leveraged to optimize symbol operations in DFG.
2221
2222         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
2223         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
2224         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
2225         argument ArrayProfile* in the operations with ByValInfo*.
2226
2227         * bytecode/ByValInfo.h:
2228         (JSC::ByValInfo::ByValInfo):
2229         * bytecode/CodeBlock.cpp:
2230         (JSC::CodeBlock::getByValInfoMap):
2231         (JSC::CodeBlock::addByValInfo):
2232         * bytecode/CodeBlock.h:
2233         (JSC::CodeBlock::getByValInfo): Deleted.
2234         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
2235         (JSC::CodeBlock::numberOfByValInfos): Deleted.
2236         (JSC::CodeBlock::byValInfo): Deleted.
2237         * bytecode/ExitKind.cpp:
2238         (JSC::exitKindToString):
2239         * bytecode/ExitKind.h:
2240         * bytecode/GetByIdStatus.cpp:
2241         (JSC::GetByIdStatus::computeFor):
2242         (JSC::GetByIdStatus::computeForStubInfo):
2243         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
2244         * bytecode/GetByIdStatus.h:
2245         * dfg/DFGAbstractInterpreterInlines.h:
2246         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2247         * dfg/DFGByteCodeParser.cpp:
2248         (JSC::DFG::ByteCodeParser::parseBlock):
2249         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2250         * dfg/DFGClobberize.h:
2251         (JSC::DFG::clobberize):
2252         * dfg/DFGConstantFoldingPhase.cpp:
2253         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2254         * dfg/DFGDoesGC.cpp:
2255         (JSC::DFG::doesGC):
2256         * dfg/DFGFixupPhase.cpp:
2257         (JSC::DFG::FixupPhase::fixupNode):
2258         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2259         * dfg/DFGNode.h:
2260         (JSC::DFG::Node::hasUidOperand):
2261         (JSC::DFG::Node::uidOperand):
2262         * dfg/DFGNodeType.h:
2263         * dfg/DFGPredictionPropagationPhase.cpp:
2264         (JSC::DFG::PredictionPropagationPhase::propagate):
2265         * dfg/DFGSafeToExecute.h:
2266         (JSC::DFG::SafeToExecuteEdge::operator()):
2267         (JSC::DFG::safeToExecute):
2268         * dfg/DFGSpeculativeJIT.cpp:
2269         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
2270         (JSC::DFG::SpeculativeJIT::speculateSymbol):
2271         (JSC::DFG::SpeculativeJIT::speculate):
2272         * dfg/DFGSpeculativeJIT.h:
2273         * dfg/DFGSpeculativeJIT32_64.cpp:
2274         (JSC::DFG::SpeculativeJIT::compile):
2275         * dfg/DFGSpeculativeJIT64.cpp:
2276         (JSC::DFG::SpeculativeJIT::compile):
2277         * dfg/DFGUseKind.cpp:
2278         (WTF::printInternal):
2279         * dfg/DFGUseKind.h:
2280         (JSC::DFG::typeFilterFor):
2281         (JSC::DFG::isCell):
2282         * ftl/FTLAbstractHeapRepository.h:
2283         * ftl/FTLCapabilities.cpp:
2284         (JSC::FTL::canCompile):
2285         * ftl/FTLLowerDFGToLLVM.cpp:
2286         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2287         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
2288         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
2289         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
2290         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
2291         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
2292         * jit/JIT.cpp:
2293         (JSC::JIT::privateCompile):
2294         * jit/JIT.h:
2295         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2296         (JSC::JIT::compileGetByValWithCachedId):
2297         * jit/JITInlines.h:
2298         (JSC::JIT::callOperation):
2299         * jit/JITOpcodes.cpp:
2300         (JSC::JIT::emit_op_has_indexed_property):
2301         (JSC::JIT::emitSlow_op_has_indexed_property):
2302         * jit/JITOpcodes32_64.cpp:
2303         (JSC::JIT::emit_op_has_indexed_property):
2304         (JSC::JIT::emitSlow_op_has_indexed_property):
2305         * jit/JITOperations.cpp:
2306         (JSC::getByVal):
2307         * jit/JITOperations.h:
2308         * jit/JITPropertyAccess.cpp:
2309         (JSC::JIT::emit_op_get_by_val):
2310         (JSC::JIT::emitGetByValWithCachedId):
2311         (JSC::JIT::emitSlow_op_get_by_val):
2312         (JSC::JIT::emit_op_put_by_val):
2313         (JSC::JIT::emitSlow_op_put_by_val):
2314         (JSC::JIT::privateCompileGetByVal):
2315         (JSC::JIT::privateCompileGetByValWithCachedId):
2316         * jit/JITPropertyAccess32_64.cpp:
2317         (JSC::JIT::emit_op_get_by_val):
2318         (JSC::JIT::emitGetByValWithCachedId):
2319         (JSC::JIT::emitSlow_op_get_by_val):
2320         (JSC::JIT::emit_op_put_by_val):
2321         (JSC::JIT::emitSlow_op_put_by_val):
2322         * runtime/Symbol.h:
2323         * tests/stress/get-by-val-with-string-constructor.js: Added.
2324         (Hello):
2325         (get Hello.prototype.generate):
2326         (ok):
2327         * tests/stress/get-by-val-with-string-exit.js: Added.
2328         (shouldBe):
2329         (getByVal):
2330         (getStr1):
2331         (getStr2):
2332         * tests/stress/get-by-val-with-string-generated.js: Added.
2333         (shouldBe):
2334         (getByVal):
2335         (getStr1):
2336         (getStr2):
2337         * tests/stress/get-by-val-with-string-getter.js: Added.
2338         (object.get hello):
2339         (ok):
2340         * tests/stress/get-by-val-with-string.js: Added.
2341         (shouldBe):
2342         (getByVal):
2343         (getStr1):
2344         (getStr2):
2345         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
2346         (Hello):
2347         (get Hello.prototype.generate):
2348         (ok):
2349         * tests/stress/get-by-val-with-symbol-exit.js: Added.
2350         (shouldBe):
2351         (getByVal):
2352         (getSym1):
2353         (getSym2):
2354         * tests/stress/get-by-val-with-symbol-getter.js: Added.
2355         (object.get hello):
2356         (.get ok):
2357         * tests/stress/get-by-val-with-symbol.js: Added.
2358         (shouldBe):
2359         (getByVal):
2360         (getSym1):
2361         (getSym2):
2362
2363 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2364
2365         Parse the entire WebAssembly modules
2366         https://bugs.webkit.org/show_bug.cgi?id=147393
2367
2368         Reviewed by Geoffrey Garen.
2369
2370         Parse the entire WebAssembly modules from files produced by pack-asmjs
2371         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
2372         parse modules whose function definition section contains only functions that
2373         have "return 0;" as their only statement. Parsing of any functions will be
2374         implemented in a subsequent patch.
2375
2376         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2377         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2378         * JavaScriptCore.xcodeproj/project.pbxproj:
2379         * wasm/JSWASMModule.cpp:
2380         (JSC::JSWASMModule::destroy):
2381         * wasm/JSWASMModule.h:
2382         (JSC::JSWASMModule::i32Constants):
2383         (JSC::JSWASMModule::f32Constants):
2384         (JSC::JSWASMModule::f64Constants):
2385         (JSC::JSWASMModule::signatures):
2386         (JSC::JSWASMModule::functionImports):
2387         (JSC::JSWASMModule::functionImportSignatures):
2388         (JSC::JSWASMModule::globalVariableTypes):
2389         (JSC::JSWASMModule::functionDeclarations):
2390         (JSC::JSWASMModule::functionPointerTables):
2391         * wasm/WASMFormat.h: Added.
2392         * wasm/WASMModuleParser.cpp:
2393         (JSC::WASMModuleParser::parse):
2394         (JSC::WASMModuleParser::parseModule):
2395         (JSC::WASMModuleParser::parseConstantPoolSection):
2396         (JSC::WASMModuleParser::parseSignatureSection):
2397         (JSC::WASMModuleParser::parseFunctionImportSection):
2398         (JSC::WASMModuleParser::parseGlobalSection):
2399         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
2400         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
2401         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
2402         (JSC::WASMModuleParser::parseFunctionDefinition):
2403         (JSC::WASMModuleParser::parseExportSection):
2404         * wasm/WASMModuleParser.h:
2405         * wasm/WASMReader.cpp:
2406         (JSC::WASMReader::readUInt32):
2407         (JSC::WASMReader::readCompactUInt32):
2408         (JSC::WASMReader::readString):
2409         (JSC::WASMReader::readType):
2410         (JSC::WASMReader::readExpressionType):
2411         (JSC::WASMReader::readExportFormat):
2412         (JSC::WASMReader::readByte):
2413         (JSC::WASMReader::readUnsignedInt32): Deleted.
2414         * wasm/WASMReader.h:
2415
2416 2015-08-06  Keith Miller  <keith_miller@apple.com>
2417
2418         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
2419         https://bugs.webkit.org/show_bug.cgi?id=147749
2420
2421         Reviewed by Filip Pizlo.
2422
2423         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
2424         thus no one calls this code.
2425
2426         * ftl/FTLLowerDFGToLLVM.cpp:
2427         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
2428
2429 2015-08-06  Keith Miller  <keith_miller@apple.com>
2430
2431         The JSONP parser incorrectly parsers -0 as +0.
2432         https://bugs.webkit.org/show_bug.cgi?id=147590
2433
2434         Reviewed by Michael Saboff.
2435
2436         In the LiteralParser we should use a double to store the accumulator for numerical tokens
2437         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
2438
2439         * runtime/LiteralParser.cpp:
2440         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
2441
2442 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
2443
2444         Structures used for tryGetConstantProperty() should be registered first
2445         https://bugs.webkit.org/show_bug.cgi?id=147750
2446
2447         Reviewed by Saam Barati and Michael Saboff.
2448
2449         * dfg/DFGGraph.cpp:
2450         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
2451         * dfg/DFGGraph.h:
2452         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
2453         * dfg/DFGStructureRegistrationPhase.cpp:
2454         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
2455         (JSC::DFG::StructureRegistrationPhase::registerStructures):
2456         (JSC::DFG::StructureRegistrationPhase::registerStructure):
2457         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
2458         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
2459         (JSC::DFG::performStructureRegistration):
2460
2461 2015-08-06  Keith Miller  <keith_miller@apple.com>
2462
2463         Remove UnspecifiedBoolType from JSC
2464         https://bugs.webkit.org/show_bug.cgi?id=147597
2465
2466         Reviewed by Mark Lam.
2467
2468         We were using the safe bool pattern in the code base for implicit casting to booleans.
2469         With C++11 this is no longer necessary and we can instead create an operator bool.
2470
2471         * API/JSRetainPtr.h:
2472         (JSRetainPtr::operator bool):
2473         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
2474         * dfg/DFGEdge.h:
2475         (JSC::DFG::Edge::operator bool):
2476         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
2477         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
2478         * heap/Weak.h:
2479         * heap/WeakInlines.h:
2480         (JSC::bool):
2481         (JSC::UnspecifiedBoolType): Deleted.
2482
2483 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
2484
2485         [ES6] Class parser does not allow methods named set and get.
2486         https://bugs.webkit.org/show_bug.cgi?id=147150
2487
2488         Reviewed by Oliver Hunt.
2489
2490         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
2491         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
2492         so that we only treat them as such when it's followed by another token that could be a method name.
2493
2494         * parser/Parser.cpp:
2495         (JSC::Parser<LexerType>::parseClass):
2496
2497 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
2498
2499         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
2500
2501         * bytecode/SamplingTool.cpp:
2502         (JSC::SamplingTool::doRun):
2503         (JSC::SamplingTool::notifyOfScope):
2504         * bytecode/SamplingTool.h:
2505         * dfg/DFGThreadData.h:
2506         * dfg/DFGWorklist.cpp:
2507         (JSC::DFG::Worklist::~Worklist):
2508         (JSC::DFG::Worklist::isActiveForVM):
2509         (JSC::DFG::Worklist::enqueue):
2510         (JSC::DFG::Worklist::compilationState):
2511         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2512         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2513         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2514         (JSC::DFG::Worklist::visitWeakReferences):
2515         (JSC::DFG::Worklist::removeDeadPlans):
2516         (JSC::DFG::Worklist::queueLength):
2517         (JSC::DFG::Worklist::dump):
2518         (JSC::DFG::Worklist::runThread):
2519         * dfg/DFGWorklist.h:
2520         * disassembler/Disassembler.cpp:
2521         * heap/CopiedSpace.cpp:
2522         (JSC::CopiedSpace::doneFillingBlock):
2523         (JSC::CopiedSpace::doneCopying):
2524         * heap/CopiedSpace.h:
2525         * heap/CopiedSpaceInlines.h:
2526         (JSC::CopiedSpace::recycleBorrowedBlock):
2527         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2528         * heap/HeapTimer.h:
2529         * heap/MachineStackMarker.cpp:
2530         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2531         (JSC::ActiveMachineThreadsManager::add):
2532         (JSC::ActiveMachineThreadsManager::remove):
2533         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2534         (JSC::MachineThreads::~MachineThreads):
2535         (JSC::MachineThreads::addCurrentThread):
2536         (JSC::MachineThreads::removeThreadIfFound):
2537         (JSC::MachineThreads::tryCopyOtherThreadStack):
2538         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2539         (JSC::MachineThreads::gatherConservativeRoots):
2540         * heap/MachineStackMarker.h:
2541         * interpreter/JSStack.cpp:
2542         (JSC::stackStatisticsMutex):
2543         (JSC::JSStack::addToCommittedByteCount):
2544         (JSC::JSStack::committedByteCount):
2545         * jit/JITThunks.h:
2546         * profiler/ProfilerDatabase.h:
2547
2548 2015-08-05  Saam barati  <saambarati1@gmail.com>
2549
2550         Bytecodegenerator emits crappy code for returns in a lexical scope.
2551         https://bugs.webkit.org/show_bug.cgi?id=147688
2552
2553         Reviewed by Mark Lam.
2554
2555         When returning, we only need to emit complex pop scopes if we're in 
2556         a finally block. Otherwise, we can just return like normal. This saves
2557         us from inefficiently emitting unnecessary pop scopes.
2558
2559         * bytecompiler/BytecodeGenerator.h:
2560         (JSC::BytecodeGenerator::isInFinallyBlock):
2561         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
2562         * bytecompiler/NodesCodegen.cpp:
2563         (JSC::ReturnNode::emitBytecode):
2564
2565 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
2566
2567         Add the Intl API to the status page
2568
2569         * features.json:
2570         Andy VanWagoner landed the skeleton of the API and it is
2571         enabled by default.
2572
2573 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
2574
2575         Rename Mutex to DeprecatedMutex
2576         https://bugs.webkit.org/show_bug.cgi?id=147675
2577
2578         Reviewed by Geoffrey Garen.
2579
2580         * bytecode/SamplingTool.cpp:
2581         (JSC::SamplingTool::doRun):
2582         (JSC::SamplingTool::notifyOfScope):
2583         * bytecode/SamplingTool.h:
2584         * dfg/DFGThreadData.h:
2585         * dfg/DFGWorklist.cpp:
2586         (JSC::DFG::Worklist::~Worklist):
2587         (JSC::DFG::Worklist::isActiveForVM):
2588         (JSC::DFG::Worklist::enqueue):
2589         (JSC::DFG::Worklist::compilationState):
2590         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2591         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2592         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2593         (JSC::DFG::Worklist::visitWeakReferences):
2594         (JSC::DFG::Worklist::removeDeadPlans):
2595         (JSC::DFG::Worklist::queueLength):
2596         (JSC::DFG::Worklist::dump):
2597         (JSC::DFG::Worklist::runThread):
2598         * dfg/DFGWorklist.h:
2599         * disassembler/Disassembler.cpp:
2600         * heap/CopiedSpace.cpp:
2601         (JSC::CopiedSpace::doneFillingBlock):
2602         (JSC::CopiedSpace::doneCopying):
2603         * heap/CopiedSpace.h:
2604         * heap/CopiedSpaceInlines.h:
2605         (JSC::CopiedSpace::recycleBorrowedBlock):
2606         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2607         * heap/HeapTimer.h:
2608         * heap/MachineStackMarker.cpp:
2609         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2610         (JSC::ActiveMachineThreadsManager::add):
2611         (JSC::ActiveMachineThreadsManager::remove):
2612         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2613         (JSC::MachineThreads::~MachineThreads):
2614         (JSC::MachineThreads::addCurrentThread):
2615         (JSC::MachineThreads::removeThreadIfFound):
2616         (JSC::MachineThreads::tryCopyOtherThreadStack):
2617         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2618         (JSC::MachineThreads::gatherConservativeRoots):
2619         * heap/MachineStackMarker.h:
2620         * interpreter/JSStack.cpp:
2621         (JSC::stackStatisticsMutex):
2622         (JSC::JSStack::addToCommittedByteCount):
2623         (JSC::JSStack::committedByteCount):
2624         * jit/JITThunks.h:
2625         * profiler/ProfilerDatabase.h:
2626
2627 2015-08-05  Saam barati  <saambarati1@gmail.com>
2628
2629         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
2630         https://bugs.webkit.org/show_bug.cgi?id=147657
2631
2632         Reviewed by Mark Lam.
2633
2634         This kills the last of the name scope objects. Function name scopes are
2635         now built on top of the scoping mechanisms introduced with ES6 block scoping.
2636         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
2637         function name scoped variable carefully depending on if the function is in
2638         strict mode. If we're in strict mode, then we treat the variable exactly
2639         like a "const" variable. If we're not in strict mode, we can't treat
2640         this variable like like ES6 "const" because that would cause the bytecode
2641         generator to throw an exception when it shouldn't.
2642
2643         * CMakeLists.txt:
2644         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2645         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2646         * JavaScriptCore.xcodeproj/project.pbxproj:
2647         * bytecode/BytecodeList.json:
2648         * bytecode/BytecodeUseDef.h:
2649         (JSC::computeUsesForBytecodeOffset):
2650         (JSC::computeDefsForBytecodeOffset):
2651         * bytecode/CodeBlock.cpp:
2652         (JSC::CodeBlock::dumpBytecode):
2653         * bytecompiler/BytecodeGenerator.cpp:
2654         (JSC::BytecodeGenerator::BytecodeGenerator):
2655         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2656         (JSC::BytecodeGenerator::pushLexicalScope):
2657         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2658         (JSC::BytecodeGenerator::variable):
2659         (JSC::BytecodeGenerator::resolveType):
2660         (JSC::BytecodeGenerator::emitThrowTypeError):
2661         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
2662         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
2663         (JSC::BytecodeGenerator::emitPushCatchScope):
2664         * bytecompiler/BytecodeGenerator.h:
2665         * bytecompiler/NodesCodegen.cpp:
2666         * debugger/DebuggerScope.cpp:
2667         * dfg/DFGOperations.cpp:
2668         * interpreter/Interpreter.cpp:
2669         * jit/JIT.cpp:
2670         (JSC::JIT::privateCompileMainPass):
2671         * jit/JIT.h:
2672         * jit/JITOpcodes.cpp:
2673         (JSC::JIT::emit_op_to_string):
2674         (JSC::JIT::emit_op_catch):
2675         (JSC::JIT::emit_op_push_name_scope): Deleted.
2676         * jit/JITOpcodes32_64.cpp:
2677         (JSC::JIT::emitSlow_op_to_string):
2678         (JSC::JIT::emit_op_catch):
2679         (JSC::JIT::emit_op_push_name_scope): Deleted.
2680         * jit/JITOperations.cpp:
2681         (JSC::pushNameScope): Deleted.
2682         * llint/LLIntSlowPaths.cpp:
2683         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2684         * llint/LLIntSlowPaths.h:
2685         * llint/LowLevelInterpreter.asm:
2686         * parser/Nodes.cpp:
2687         * runtime/CommonSlowPaths.cpp:
2688         * runtime/Executable.cpp:
2689         (JSC::ScriptExecutable::newCodeBlockFor):
2690         * runtime/JSFunctionNameScope.cpp: Removed.
2691         * runtime/JSFunctionNameScope.h: Removed.
2692         * runtime/JSGlobalObject.cpp:
2693         (JSC::JSGlobalObject::init):
2694         (JSC::JSGlobalObject::visitChildren):
2695         * runtime/JSGlobalObject.h:
2696         (JSC::JSGlobalObject::withScopeStructure):
2697         (JSC::JSGlobalObject::strictEvalActivationStructure):
2698         (JSC::JSGlobalObject::activationStructure):
2699         (JSC::JSGlobalObject::directArgumentsStructure):
2700         (JSC::JSGlobalObject::scopedArgumentsStructure):
2701         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
2702         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
2703         * runtime/JSNameScope.cpp: Removed.
2704         * runtime/JSNameScope.h: Removed.
2705         * runtime/JSObject.cpp:
2706         (JSC::JSObject::toThis):
2707         (JSC::JSObject::seal):
2708         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
2709         * runtime/JSObject.h:
2710         * runtime/JSScope.cpp:
2711         (JSC::JSScope::isCatchScope):
2712         (JSC::JSScope::isFunctionNameScopeObject):
2713         (JSC::resolveModeName):
2714         * runtime/JSScope.h:
2715         * runtime/JSSymbolTableObject.cpp:
2716         * runtime/SymbolTable.h:
2717         * runtime/VM.cpp:
2718
2719 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
2720
2721         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
2722         https://bugs.webkit.org/show_bug.cgi?id=147679
2723
2724         Reviewed by Timothy Hatcher.
2725
2726         Improve native iterator support for the PropertyName Iterator by
2727         allowing inspection of the internal object within the iterator
2728         and peeking of the next upcoming values of the iterator.
2729
2730         * inspector/JSInjectedScriptHost.cpp:
2731         (Inspector::JSInjectedScriptHost::subtype):
2732         (Inspector::JSInjectedScriptHost::getInternalProperties):
2733         (Inspector::JSInjectedScriptHost::iteratorEntries):
2734         * runtime/JSPropertyNameIterator.h:
2735         (JSC::JSPropertyNameIterator::iteratedValue):
2736
2737 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
2738
2739         [Win] Update Apple Windows build for VS2015
2740         https://bugs.webkit.org/show_bug.cgi?id=147653
2741
2742         Reviewed by Dean Jackson.
2743
2744         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
2745         Show JSC files in proper project locations in IDE.
2746
2747 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
2748
2749         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
2750         https://bugs.webkit.org/show_bug.cgi?id=147328
2751
2752         Reviewed by Timothy Hatcher.
2753
2754         * inspector/InjectedScriptSource.js:
2755         Use classList and classList.toString instead of className.
2756
2757 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2758
2759         [ES6] Support Module Syntax
2760         https://bugs.webkit.org/show_bug.cgi?id=147422
2761
2762         Reviewed by Saam Barati.
2763
2764         This patch introduces ES6 Modules syntax parsing part.
2765         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2766         and this patch does not include the code generator part.
2767
2768         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2769         and do not execute the body or construct the AST. And after analyzing all the dependent
2770         modules, we will parse the dependent modules next.
2771         After all analyzing part is done, we will start the second pass. In the second pass, we
2772         will parse the module, produce the AST, and execute the body.
2773         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2774         because the given module can be executed after the all dependent modules are executed. It
2775         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2776         the dependent modules' information.
2777
2778         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2779         This patch aims at just implementing the syntax parsing functionality correctly.
2780         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2781         to collect the dependent modules fast[1].
2782
2783         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2784         By using this, we can parse the given string as the module.
2785
2786         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2787
2788         * bytecompiler/NodesCodegen.cpp:
2789         (JSC::ModuleProgramNode::emitBytecode):
2790         (JSC::ImportDeclarationNode::emitBytecode):
2791         (JSC::ExportAllDeclarationNode::emitBytecode):
2792         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2793         (JSC::ExportLocalDeclarationNode::emitBytecode):
2794         (JSC::ExportNamedDeclarationNode::emitBytecode):
2795         * jsc.cpp:
2796         (GlobalObject::finishCreation):
2797         (functionCheckModuleSyntax):
2798         * parser/ASTBuilder.h:
2799         (JSC::ASTBuilder::createModuleSpecifier):
2800         (JSC::ASTBuilder::createImportSpecifier):
2801         (JSC::ASTBuilder::createImportSpecifierList):
2802         (JSC::ASTBuilder::appendImportSpecifier):
2803         (JSC::ASTBuilder::createImportDeclaration):
2804         (JSC::ASTBuilder::createExportAllDeclaration):
2805         (JSC::ASTBuilder::createExportDefaultDeclaration):
2806         (JSC::ASTBuilder::createExportLocalDeclaration):
2807         (JSC::ASTBuilder::createExportNamedDeclaration):
2808         (JSC::ASTBuilder::createExportSpecifier):
2809         (JSC::ASTBuilder::createExportSpecifierList):
2810         (JSC::ASTBuilder::appendExportSpecifier):
2811         * parser/Keywords.table:
2812         * parser/NodeConstructors.h:
2813         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2814         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2815         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2816         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2817         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2818         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2819         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2820         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2821         * parser/Nodes.cpp:
2822         (JSC::ModuleProgramNode::ModuleProgramNode):
2823         * parser/Nodes.h:
2824         (JSC::ModuleProgramNode::startColumn):
2825         (JSC::ModuleProgramNode::endColumn):
2826         (JSC::ModuleSpecifierNode::moduleName):
2827         (JSC::ImportSpecifierNode::importedName):
2828         (JSC::ImportSpecifierNode::localName):
2829         (JSC::ImportSpecifierListNode::specifiers):
2830         (JSC::ImportSpecifierListNode::append):
2831         (JSC::ImportDeclarationNode::specifierList):
2832         (JSC::ImportDeclarationNode::moduleSpecifier):
2833         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2834         (JSC::ExportDefaultDeclarationNode::declaration):
2835         (JSC::ExportLocalDeclarationNode::declaration):
2836         (JSC::ExportSpecifierNode::exportedName):
2837         (JSC::ExportSpecifierNode::localName):
2838         (JSC::ExportSpecifierListNode::specifiers):
2839         (JSC::ExportSpecifierListNode::append):
2840         (JSC::ExportNamedDeclarationNode::specifierList):
2841         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2842         * parser/Parser.cpp:
2843         (JSC::Parser<LexerType>::Parser):
2844         (JSC::Parser<LexerType>::parseInner):
2845         (JSC::Parser<LexerType>::parseModuleSourceElements):
2846         (JSC::Parser<LexerType>::parseVariableDeclaration):
2847         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2848         (JSC::Parser<LexerType>::createBindingPattern):
2849         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2850         (JSC::Parser<LexerType>::parseDestructuringPattern):
2851         (JSC::Parser<LexerType>::parseForStatement):
2852         (JSC::Parser<LexerType>::parseFormalParameters):
2853         (JSC::Parser<LexerType>::parseFunctionParameters):
2854         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2855         (JSC::Parser<LexerType>::parseClassDeclaration):
2856         (JSC::Parser<LexerType>::parseModuleSpecifier):
2857         (JSC::Parser<LexerType>::parseImportClauseItem):
2858         (JSC::Parser<LexerType>::parseImportDeclaration):
2859         (JSC::Parser<LexerType>::parseExportSpecifier):
2860         (JSC::Parser<LexerType>::parseExportDeclaration):
2861         (JSC::Parser<LexerType>::parseMemberExpression):
2862         * parser/Parser.h:
2863         (JSC::isIdentifierOrKeyword):
2864         (JSC::ModuleScopeData::create):
2865         (JSC::ModuleScopeData::exportedBindings):
2866         (JSC::ModuleScopeData::exportName):
2867         (JSC::ModuleScopeData::exportBinding):
2868         (JSC::Scope::Scope):
2869         (JSC::Scope::setIsModule):
2870         (JSC::Scope::moduleScopeData):
2871         (JSC::Parser::matchContextualKeyword):
2872         (JSC::Parser::matchIdentifierOrKeyword):
2873         (JSC::Parser::isofToken): Deleted.
2874         * parser/ParserModes.h:
2875         * parser/ParserTokens.h:
2876         * parser/SyntaxChecker.h:
2877         (JSC::SyntaxChecker::createModuleSpecifier):
2878         (JSC::SyntaxChecker::createImportSpecifier):
2879         (JSC::SyntaxChecker::createImportSpecifierList):
2880         (JSC::SyntaxChecker::appendImportSpecifier):
2881         (JSC::SyntaxChecker::createImportDeclaration):
2882         (JSC::SyntaxChecker::createExportAllDeclaration):
2883         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2884         (JSC::SyntaxChecker::createExportLocalDeclaration):
2885         (JSC::SyntaxChecker::createExportNamedDeclaration):
2886         (JSC::SyntaxChecker::createExportSpecifier):
2887         (JSC::SyntaxChecker::createExportSpecifierList):
2888         (JSC::SyntaxChecker::appendExportSpecifier):
2889         * runtime/CommonIdentifiers.cpp:
2890         (JSC::CommonIdentifiers::CommonIdentifiers):
2891         * runtime/CommonIdentifiers.h:
2892         * runtime/Completion.cpp:
2893         (JSC::checkModuleSyntax):
2894         * runtime/Completion.h:
2895         * tests/stress/modules-syntax-error-with-names.js: Added.
2896         (shouldThrow):
2897         * tests/stress/modules-syntax-error.js: Added.
2898         (shouldThrow):
2899         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
2900         * tests/stress/modules-syntax.js: Added.
2901         (prototype.checkModuleSyntax):
2902         (checkModuleSyntax):
2903         * tests/stress/tagged-templates-syntax.js:
2904
2905 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2906
2907         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
2908         https://bugs.webkit.org/show_bug.cgi?id=146833
2909
2910         Reviewed by Alexey Proskuryakov.
2911
2912         * assembler/ARM64Assembler.h:
2913         * assembler/ARMAssembler.h:
2914         (JSC::ARMAssembler::cacheFlush):
2915         * assembler/MacroAssemblerARM.cpp:
2916         (JSC::isVFPPresent):
2917         * assembler/MacroAssemblerX86Common.h:
2918         (JSC::MacroAssemblerX86Common::isSSE2Present):
2919         * heap/MachineStackMarker.h:
2920         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
2921         (JSC::logF):
2922         * jit/HostCallReturnValue.h:
2923         * jit/JIT.h:
2924         * jit/JITOperations.cpp:
2925         * jit/JITStubsARM.h:
2926         * jit/JITStubsARMv7.h:
2927         * jit/JITStubsX86.h:
2928         * jit/JITStubsX86Common.h:
2929         * jit/JITStubsX86_64.h:
2930         * jit/ThunkGenerators.cpp:
2931         * runtime/JSExportMacros.h:
2932         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
2933         (JSC::clz32):
2934
2935 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2936
2937         Unreviewed, fix uninitialized property leading to an assert.
2938
2939         * runtime/PutPropertySlot.h:
2940         (JSC::PutPropertySlot::PutPropertySlot):
2941
2942 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2943
2944         Unreviewed, fix Windows.
2945
2946         * bytecode/ObjectPropertyConditionSet.h:
2947         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2948
2949 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
2950
2951         DFG should have adaptive structure watchpoints
2952         https://bugs.webkit.org/show_bug.cgi?id=146929
2953
2954         Reviewed by Geoffrey Garen.
2955
2956         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
2957         property, you'd check that the object still has the structure that you first saw the object have. We
2958         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
2959         elide the structure check.
2960
2961         But this approach fails when that object frequently has new properties added to it. This would
2962         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
2963         we'd have to recompile either the IC or an entire code block.
2964
2965         This change introduces a new concept: an object property condition. This value describes some
2966         condition involving a property on some object. There are four kinds: presence, absence,
2967         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
2968         object has some property at some offset with some attributes. This allows us to implement a new kind
2969         of watchpoint, which knows about the object property condition that it's being used to enforce. If
2970         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2971         on the new structure.
2972
2973         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2974         and prototype accesses. They are also used for any DFG accesses to object constants, including
2975         global property accesses.
2976
2977         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2978         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2979         chain situation. It's also a small speed-up on getter-richards.
2980
2981         * CMakeLists.txt:
2982         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2983         * JavaScriptCore.xcodeproj/project.pbxproj:
2984         * bytecode/CodeBlock.cpp:
2985         (JSC::CodeBlock::printGetByIdCacheStatus):
2986         (JSC::CodeBlock::printPutByIdCacheStatus):
2987         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2988         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2989         * bytecode/ComplexGetStatus.cpp:
2990         (JSC::ComplexGetStatus::computeFor):
2991         * bytecode/ComplexGetStatus.h:
2992         (JSC::ComplexGetStatus::ComplexGetStatus):
2993         (JSC::ComplexGetStatus::takesSlowPath):
2994         (JSC::ComplexGetStatus::kind):
2995         (JSC::ComplexGetStatus::offset):
2996         (JSC::ComplexGetStatus::conditionSet):
2997         (JSC::ComplexGetStatus::attributes): Deleted.
2998         (JSC::ComplexGetStatus::specificValue): Deleted.
2999         (JSC::ComplexGetStatus::chain): Deleted.
3000         * bytecode/ConstantStructureCheck.cpp: Removed.
3001         * bytecode/ConstantStructureCheck.h: Removed.
3002         * bytecode/GetByIdStatus.cpp:
3003         (JSC::GetByIdStatus::computeForStubInfo):
3004         * bytecode/GetByIdVariant.cpp:
3005         (JSC::GetByIdVariant::GetByIdVariant):
3006         (JSC::GetByIdVariant::~GetByIdVariant):
3007         (JSC::GetByIdVariant::operator=):
3008         (JSC::GetByIdVariant::attemptToMerge):
3009         (JSC::GetByIdVariant::dumpInContext):
3010         (JSC::GetByIdVariant::baseStructure): Deleted.
3011         * bytecode/GetByIdVariant.h:
3012         (JSC::GetByIdVariant::operator!):
3013         (JSC::GetByIdVariant::structureSet):
3014         (JSC::GetByIdVariant::conditionSet):
3015         (JSC::GetByIdVariant::offset):
3016         (JSC::GetByIdVariant::callLinkStatus):
3017         (JSC::GetByIdVariant::constantChecks): Deleted.
3018         (JSC::GetByIdVariant::alternateBase): Deleted.
3019         * bytecode/ObjectPropertyCondition.cpp: Added.
3020         (JSC::ObjectPropertyCondition::dumpInContext):
3021         (JSC::ObjectPropertyCondition::dump):
3022         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
3023         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
3024         (JSC::ObjectPropertyCondition::isStillValid):
3025         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
3026         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3027         (JSC::ObjectPropertyCondition::isWatchable):
3028         (JSC::ObjectPropertyCondition::isStillLive):
3029         (JSC::ObjectPropertyCondition::validateReferences):
3030         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3031         * bytecode/ObjectPropertyCondition.h: Added.
3032         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
3033         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
3034         (JSC::ObjectPropertyCondition::presence):
3035         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
3036         (JSC::ObjectPropertyCondition::absence):
3037         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
3038         (JSC::ObjectPropertyCondition::absenceOfSetter):
3039         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
3040         (JSC::ObjectPropertyCondition::equivalence):
3041         (JSC::ObjectPropertyCondition::operator!):
3042         (JSC::ObjectPropertyCondition::object):
3043         (JSC::ObjectPropertyCondition::condition):
3044         (JSC::ObjectPropertyCondition::kind):
3045         (JSC::ObjectPropertyCondition::uid):
3046         (JSC::ObjectPropertyCondition::hasOffset):
3047         (JSC::ObjectPropertyCondition::offset):
3048         (JSC::ObjectPropertyCondition::hasAttributes):
3049         (JSC::ObjectPropertyCondition::attributes):
3050         (JSC::ObjectPropertyCondition::hasPrototype):
3051         (JSC::ObjectPropertyCondition::prototype):
3052         (JSC::ObjectPropertyCondition::hasRequiredValue):
3053         (JSC::ObjectPropertyCondition::requiredValue):
3054         (JSC::ObjectPropertyCondition::hash):
3055         (JSC::ObjectPropertyCondition::operator==):
3056         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
3057         (JSC::ObjectPropertyCondition::isCompatibleWith):
3058         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3059         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
3060         (JSC::ObjectPropertyCondition::isValidValueForPresence):
3061         (JSC::ObjectPropertyConditionHash::hash):
3062         (JSC::ObjectPropertyConditionHash::equal):
3063         * bytecode/ObjectPropertyConditionSet.cpp: Added.
3064         (JSC::ObjectPropertyConditionSet::forObject):
3065         (JSC::ObjectPropertyConditionSet::forConditionKind):
3066         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
3067         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
3068         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
3069         (JSC::ObjectPropertyConditionSet::mergedWith):
3070         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
3071         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
3072         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
3073         (JSC::ObjectPropertyConditionSet::areStillLive):
3074         (JSC::ObjectPropertyConditionSet::dumpInContext):
3075         (JSC::ObjectPropertyConditionSet::dump):
3076         (JSC::generateConditionsForPropertyMiss):
3077         (JSC::generateConditionsForPropertySetterMiss):
3078         (JSC::generateConditionsForPrototypePropertyHit):
3079         (JSC::generateConditionsForPrototypePropertyHitCustom):
3080         (JSC::generateConditionsForPropertySetterMissConcurrently):
3081         * bytecode/ObjectPropertyConditionSet.h: Added.
3082         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
3083         (JSC::ObjectPropertyConditionSet::invalid):
3084         (JSC::ObjectPropertyConditionSet::nonEmpty):
3085         (JSC::ObjectPropertyConditionSet::isValid):
3086         (JSC::ObjectPropertyConditionSet::isEmpty):
3087         (JSC::ObjectPropertyConditionSet::begin):
3088         (JSC::ObjectPropertyConditionSet::end):
3089         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
3090         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
3091         (JSC::ObjectPropertyConditionSet::fromRawPointer):
3092         (JSC::ObjectPropertyConditionSet::Data::Data):
3093         * bytecode/PolymorphicGetByIdList.cpp:
3094         (JSC::GetByIdAccess::GetByIdAccess):
3095         (JSC::GetByIdAccess::~GetByIdAccess):
3096         (JSC::GetByIdAccess::visitWeak):
3097         * bytecode/PolymorphicGetByIdList.h:
3098         (JSC::GetByIdAccess::GetByIdAccess):
3099         (JSC::GetByIdAccess::structure):
3100         (JSC::GetByIdAccess::conditionSet):
3101         (JSC::GetByIdAccess::stubRoutine):
3102         (JSC::GetByIdAccess::chain): Deleted.
3103         (JSC::GetByIdAccess::chainCount): Deleted.
3104         * bytecode/PolymorphicPutByIdList.cpp:
3105         (JSC::PutByIdAccess::fromStructureStubInfo):
3106         (JSC::PutByIdAccess::visitWeak):
3107         * bytecode/PolymorphicPutByIdList.h:
3108         (JSC::PutByIdAccess::PutByIdAccess):
3109         (JSC::PutByIdAccess::transition):
3110         (JSC::PutByIdAccess::setter):
3111         (JSC::PutByIdAccess::newStructure):
3112         (JSC::PutByIdAccess::conditionSet):
3113         (JSC::PutByIdAccess::stubRoutine):
3114         (JSC::PutByIdAccess::chain): Deleted.
3115         (JSC::PutByIdAccess::chainCount): Deleted.
3116         * bytecode/PropertyCondition.cpp: Added.
3117         (JSC::PropertyCondition::dumpInContext):
3118         (JSC::PropertyCondition::dump):
3119         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
3120         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
3121         (JSC::PropertyCondition::isStillValid):
3122         (JSC::PropertyCondition::isWatchableWhenValid):
3123         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3124         (JSC::PropertyCondition::isWatchable):
3125         (JSC::PropertyCondition::isStillLive):
3126         (JSC::PropertyCondition::validateReferences):
3127         (JSC::PropertyCondition::isValidValueForAttributes):
3128         (JSC::PropertyCondition::isValidValueForPresence):
3129         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3130         (WTF::printInternal):
3131         * bytecode/PropertyCondition.h: Added.
3132         (JSC::PropertyCondition::PropertyCondition):
3133         (JSC::PropertyCondition::presenceWithoutBarrier):
3134         (JSC::PropertyCondition::presence):
3135         (JSC::PropertyCondition::absenceWithoutBarrier):
3136         (JSC::PropertyCondition::absence):
3137         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
3138         (JSC::PropertyCondition::absenceOfSetter):
3139         (JSC::PropertyCondition::equivalenceWithoutBarrier):
3140         (JSC::PropertyCondition::equivalence):
3141         (JSC::PropertyCondition::operator!):
3142         (JSC::PropertyCondition::kind):
3143         (JSC::PropertyCondition::uid):
3144         (JSC::PropertyCondition::hasOffset):
3145         (JSC::PropertyCondition::offset):
3146         (JSC::PropertyCondition::hasAttributes):
3147         (JSC::PropertyCondition::attributes):
3148         (JSC::PropertyCondition::hasPrototype):
3149         (JSC::PropertyCondition::prototype):
3150         (JSC::PropertyCondition::hasRequiredValue):
3151         (JSC::PropertyCondition::requiredValue):
3152         (JSC::PropertyCondition::hash):
3153         (JSC::PropertyCondition::operator==):
3154         (JSC::PropertyCondition::isHashTableDeletedValue):
3155         (JSC::PropertyCondition::isCompatibleWith):
3156         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3157         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
3158         (JSC::PropertyConditionHash::hash):
3159         (JSC::PropertyConditionHash::equal):
3160         * bytecode/PutByIdStatus.cpp:
3161         (JSC::PutByIdStatus::computeFromLLInt):
3162         (JSC::PutByIdStatus::computeFor):
3163         (JSC::PutByIdStatus::computeForStubInfo):
3164         * bytecode/PutByIdVariant.cpp:
3165         (JSC::PutByIdVariant::operator=):
3166         (JSC::PutByIdVariant::transition):
3167         (JSC::PutByIdVariant::setter):
3168         (JSC::PutByIdVariant::makesCalls):
3169         (JSC::PutByIdVariant::attemptToMerge):
3170         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
3171         (JSC::PutByIdVariant::dumpInContext):
3172         (JSC::PutByIdVariant::baseStructure): Deleted.
3173         * bytecode/PutByIdVariant.h:
3174         (JSC::PutByIdVariant::PutByIdVariant):
3175         (JSC::PutByIdVariant::kind):
3176         (JSC::PutByIdVariant::structure):
3177         (JSC::PutByIdVariant::structureSet):
3178         (JSC::PutByIdVariant::oldStructure):
3179         (JSC::PutByIdVariant::conditionSet):
3180         (JSC::PutByIdVariant::offset):
3181         (JSC::PutByIdVariant::callLinkStatus):
3182         (JSC::PutByIdVariant::constantChecks): Deleted.
3183         (JSC::PutByIdVariant::alternateBase): Deleted.
3184         * bytecode/StructureStubClearingWatchpoint.cpp:
3185         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
3186         (JSC::StructureStubClearingWatchpoint::push):
3187         (JSC::StructureStubClearingWatchpoint::fireInternal):
3188         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
3189         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
3190         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
3191         * bytecode/StructureStubClearingWatchpoint.h:
3192         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
3193         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
3194         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
3195         * bytecode/StructureStubInfo.cpp:
3196         (JSC::StructureStubInfo::deref):
3197         (JSC::StructureStubInfo::visitWeakReferences):
3198         * bytecode/StructureStubInfo.h:
3199         (JSC::StructureStubInfo::initPutByIdTransition):
3200         (JSC::StructureStubInfo::initPutByIdReplace):
3201         (JSC::StructureStubInfo::setSeen):
3202         (JSC::StructureStubInfo::addWatchpoint):
3203         * dfg/DFGAbstractInterpreterInlines.h:
3204         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3205         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
3206         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
3207         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
3208         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
3209         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
3210         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
3211         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
3212         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
3213         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
3214         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
3215         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
3216         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
3217         (JSC::DFG::AdaptiveStructureWatchpoint::install):
3218         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
3219         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
3220         (JSC::DFG::AdaptiveStructureWatchpoint::key):
3221         * dfg/DFGByteCodeParser.cpp:
3222         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
3223         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3224         (JSC::DFG::ByteCodeParser::handleGetByOffset):
3225         (JSC::DFG::ByteCodeParser::handlePutByOffset):
3226         (JSC::DFG::ByteCodeParser::check):
3227         (JSC::DFG::ByteCodeParser::promoteToConstant):
3228         (JSC::DFG::ByteCodeParser::planLoad):
3229         (JSC::DFG::ByteCodeParser::load):
3230         (JSC::DFG::ByteCodeParser::presenceLike):
3231         (JSC::DFG::ByteCodeParser::checkPresenceLike):
3232         (JSC::DFG::ByteCodeParser::store):
3233         (JSC::DFG::ByteCodeParser::handleGetById):
3234         (JSC::DFG::ByteCodeParser::handlePutById):
3235         (JSC::DFG::ByteCodeParser::parseBlock):
3236         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
3237         * dfg/DFGCommonData.cpp:
3238         (JSC::DFG::CommonData::validateReferences):
3239         * dfg/DFGCommonData.h:
3240         * dfg/DFGConstantFoldingPhase.cpp:
3241         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3242         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
3243         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
3244         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
3245         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
3246         * dfg/DFGDesiredWatchpoints.cpp:
3247         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
3248         (JSC::DFG::InferredValueAdaptor::add):
3249         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
3250         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
3251         (JSC::DFG::DesiredWatchpoints::addLazily):
3252         (JSC::DFG::DesiredWatchpoints::consider):
3253         (JSC::DFG::DesiredWatchpoints::reallyAdd):
3254         (JSC::DFG::DesiredWatchpoints::areStillValid):
3255         (JSC::DFG::DesiredWatchpoints::dumpInContext):
3256         * dfg/DFGDesiredWatchpoints.h:
3257         (JSC::DFG::SetPointerAdaptor::add):
3258         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
3259         (JSC::DFG::SetPointerAdaptor::dumpInContext):
3260         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
3261         (JSC::DFG::InferredValueAdaptor::dumpInContext):
3262         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
3263         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
3264         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
3265         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
3266         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
3267         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
3268         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
3269         (JSC::DFG::DesiredWatchpoints::isWatched):
3270         (JSC::DFG::GenericSetAdaptor::add): Deleted.
3271         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
3272         * dfg/DFGDesiredWeakReferences.cpp:
3273         (JSC::DFG::DesiredWeakReferences::addLazily):
3274         (JSC::DFG::DesiredWeakReferences::contains):
3275         * dfg/DFGDesiredWeakReferences.h:
3276         * dfg/DFGGraph.cpp:
3277         (JSC::DFG::Graph::dump):
3278         (JSC::DFG::Graph::clearFlagsOnAllNodes):
3279         (JSC::DFG::Graph::watchCondition):
3280         (JSC::DFG::Graph::isSafeToLoad):
3281         (JSC::DFG::Graph::livenessFor):
3282         (JSC::DFG::Graph::tryGetConstantProperty):
3283         (JSC::DFG::Graph::visitChildren):
3284         * dfg/DFGGraph.h:
3285         (JSC::DFG::Graph::identifiers):
3286         (JSC::DFG::Graph::watchpoints):
3287         * dfg/DFGMultiGetByOffsetData.cpp: Added.
3288         (JSC::DFG::GetByOffsetMethod::dumpInContext):
3289         (JSC::DFG::GetByOffsetMethod::dump):
3290         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
3291         (JSC::DFG::MultiGetByOffsetCase::dump):
3292         (WTF::printInternal):
3293         * dfg/DFGMultiGetByOffsetData.h: Added.
3294         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
3295         (JSC::DFG::GetByOffsetMethod::constant):
3296         (JSC::DFG::GetByOffsetMethod::load):
3297         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
3298         (JSC::DFG::GetByOffsetMethod::operator!):
3299         (JSC::DFG::GetByOffsetMethod::kind):
3300         (JSC::DFG::GetByOffsetMethod::prototype):
3301         (JSC::DFG::GetByOffsetMethod::offset):
3302         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
3303         (JSC::DFG::MultiGetByOffsetCase::set):
3304         (JSC::DFG::MultiGetByOffsetCase::method):
3305         * dfg/DFGNode.h:
3306         * dfg/DFGSafeToExecute.h:
3307         (JSC::DFG::safeToExecute):
3308         * dfg/DFGStructureRegistrationPhase.cpp:
3309         (JSC::DFG::StructureRegistrationPhase::run):
3310         * ftl/FTLLowerDFGToLLVM.cpp:
3311         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
3312         * jit/Repatch.cpp:
3313         (JSC::repatchByIdSelfAccess):
3314         (JSC::checkObjectPropertyCondition):
3315         (JSC::checkObjectPropertyConditions):
3316         (JSC::replaceWithJump):
3317         (JSC::generateByIdStub):
3318         (JSC::actionForCell):
3319         (JSC::tryBuildGetByIDList):
3320         (JSC::emitPutReplaceStub):
3321         (JSC::emitPutTransitionStub):
3322         (JSC::tryCachePutByID):
3323         (JSC::tryBuildPutByIdList):
3324         (JSC::tryRepatchIn):
3325         (JSC::addStructureTransitionCheck): Deleted.
3326         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
3327         * runtime/IntendedStructureChain.cpp: Removed.
3328         * runtime/IntendedStructureChain.h: Removed.
3329         * runtime/JSCJSValue.h:
3330         * runtime/JSObject.cpp:
3331         (JSC::throwTypeError):
3332         (JSC::JSObject::convertToDictionary):
3333         (JSC::JSObject::shiftButterflyAfterFlattening):
3334         * runtime/JSObject.h:
3335         (JSC::JSObject::flattenDictionaryObject):
3336         (JSC::JSObject::convertToDictionary): Deleted.
3337         * runtime/Operations.h:
3338         (JSC::normalizePrototypeChain):
3339         (JSC::normalizePrototypeChainForChainAccess): Deleted.
3340         (JSC::isPrototypeChainNormalized): Deleted.
3341         * runtime/PropertySlot.h:
3342         (JSC::PropertySlot::PropertySlot):
3343         (JSC::PropertySlot::slotBase):
3344         * runtime/Structure.cpp:
3345         (JSC::Structure::addPropertyTransition):
3346         (JSC::Structure::attributeChangeTransition):
3347         (JSC::Structure::toDictionaryTransition):
3348         (JSC::Structure::toCacheableDictionaryTransition):
3349         (JSC::Structure::toUncacheableDictionaryTransition):
3350         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
3351         (JSC::Structure::startWatchingPropertyForReplacements):
3352         (JSC::Structure::didCachePropertyReplacement):
3353         (JSC::Structure::dump