Add a build flag for ES6 class syntax
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
2
3         Add a build flag for ES6 class syntax
4         https://bugs.webkit.org/show_bug.cgi?id=140760
5
6         Reviewed by Michael Saboff.
7
8         Added ES6_CLASS_SYNTAX build flag and used it in tokenizer to recognize
9         "class", "extends", "static" and "super" keywords.
10
11         * Configurations/FeatureDefines.xcconfig:
12         * parser/Keywords.table:
13         * parser/ParserTokens.h:
14
15 2015-01-22  Commit Queue  <commit-queue@webkit.org>
16
17         Unreviewed, rolling out r178894.
18         https://bugs.webkit.org/show_bug.cgi?id=140775
19
20         Broke JSC and bindings tests (Requested by ap_ on #webkit).
21
22         Reverted changeset:
23
24         "put_by_val_direct need to check the property is index or not
25         for using putDirect / putDirectIndex"
26         https://bugs.webkit.org/show_bug.cgi?id=140426
27         http://trac.webkit.org/changeset/178894
28
29 2015-01-22  Mark Lam  <mark.lam@apple.com>
30
31         BytecodeGenerator::initializeCapturedVariable() sets a misleading value for the 5th operand of op_put_to_scope.
32         <https://webkit.org/b/140743>
33
34         Reviewed by Oliver Hunt.
35
36         BytecodeGenerator::initializeCapturedVariable() was setting the 5th operand to
37         op_put_to_scope to an inappropriate value (i.e. 0).  As a result, the execution
38         of put_to_scope could store a wrong inferred value into the VariableWatchpointSet
39         for which ever captured variable is at local index 0.  In practice, this turns
40         out to be the local for the Arguments object.  In this reproduction case in the
41         bug, the wrong inferred value written there is the boolean true.
42
43         Subsequently, DFG compilation occurs and CreateArguments is emitted to first do
44         a check of the local for the Arguments object.  But because that local has a
45         wrong inferred value, the check always discovers a non-null value and we never
46         actually create the Arguments object.  Immediately after this, an OSR exit
47         occurs leaving the Arguments object local uninitialized.  Later on at arguments
48         tear off, we run into a boolean true where we had expected to find an Arguments
49         object, which in turn, leads to the crash.
50
51         The fix is to:
52         1. In the case where the resolveModeType is LocalClosureVar, change the
53            5th operand of op_put_to_scope to be a boolean.  True means that the
54            local var is watchable.  False means it is not watchable.  We no longer
55            pass the local index (instead of true) and UINT_MAX (instead of false).
56
57            This allows us to express more clearer in the code what that value means,
58            as well as remove the redundant way of getting the local's identifier.
59            The identifier is always the one passed in the 2nd operand. 
60
61         2. Previously, though intuitively, we know that the watchable variable
62            identifier should be the same as the one that is passed in operand 2, this
63            relationship was not clear in the code.  By code analysis, I confirmed that 
64            the callers of BytecodeGenerator::emitPutToScope() always use the same
65            identifier for operand 2 and for filling out the ResolveScopeInfo from
66            which we get the watchable variable identifier later.  I've changed the
67            code to make this clear now by always using the identifier passed in
68            operand 2.
69
70         3. In the case where the resolveModeType is LocalClosureVar,
71            initializeCapturedVariable() and emitPutToScope() will now query
72            hasWatchableVariable() to determine if the local is watchable or not.
73            Accordingly, we pass the boolean result of hasWatchableVariable() as
74            operand 5 of op_put_to_scope.
75
76         Also added some assertions.
77
78         * bytecode/CodeBlock.cpp:
79         (JSC::CodeBlock::CodeBlock):
80         * bytecompiler/BytecodeGenerator.cpp:
81         (JSC::BytecodeGenerator::initializeCapturedVariable):
82         (JSC::BytecodeGenerator::hasConstant):
83         (JSC::BytecodeGenerator::emitPutToScope):
84         * bytecompiler/BytecodeGenerator.h:
85         (JSC::BytecodeGenerator::hasWatchableVariable):
86         (JSC::BytecodeGenerator::watchableVariableIdentifier):
87         (JSC::BytecodeGenerator::watchableVariable): Deleted.
88
89 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
90
91         PropertyListNode::emitNode duplicates the code to put a constant property
92         https://bugs.webkit.org/show_bug.cgi?id=140761
93
94         Reviewed by Geoffrey Garen.
95
96         Extracted PropertyListNode::emitPutConstantProperty to share the code.
97
98         Also made PropertyListNode::emitBytecode private since nobody is calling this function directly.
99
100         * bytecompiler/NodesCodegen.cpp:
101         (JSC::PropertyListNode::emitBytecode):
102         (JSC::PropertyListNode::emitPutConstantProperty): Added.
103         * parser/Nodes.h:
104
105 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
106
107         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
108         https://bugs.webkit.org/show_bug.cgi?id=140426
109
110         Reviewed by Geoffrey Garen.
111
112         In the put_by_val_direct operation, we use JSObject::putDirect.
113         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
114         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
115         It forces callers to check the value is index or not explicitly.
116         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
117
118         * bytecode/GetByIdStatus.cpp:
119         (JSC::GetByIdStatus::computeFor):
120         * bytecode/PutByIdStatus.cpp:
121         (JSC::PutByIdStatus::computeFor):
122         * bytecompiler/BytecodeGenerator.cpp:
123         (JSC::BytecodeGenerator::emitDirectPutById):
124         * dfg/DFGOperations.cpp:
125         (JSC::DFG::operationPutByValInternal):
126         * jit/JITOperations.cpp:
127         * jit/Repatch.cpp:
128         (JSC::emitPutTransitionStubAndGetOldStructure):
129         * jsc.cpp:
130         * llint/LLIntSlowPaths.cpp:
131         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
132         * runtime/Arguments.cpp:
133         (JSC::Arguments::getOwnPropertySlot):
134         (JSC::Arguments::put):
135         (JSC::Arguments::deleteProperty):
136         (JSC::Arguments::defineOwnProperty):
137         * runtime/ArrayPrototype.cpp:
138         (JSC::arrayProtoFuncSort):
139         * runtime/JSArray.cpp:
140         (JSC::JSArray::defineOwnProperty):
141         * runtime/JSCJSValue.cpp:
142         (JSC::JSValue::putToPrimitive):
143         * runtime/JSGenericTypedArrayViewInlines.h:
144         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
145         (JSC::JSGenericTypedArrayView<Adaptor>::put):
146         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
147         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
148         * runtime/JSObject.cpp:
149         (JSC::JSObject::put):
150         (JSC::JSObject::putDirectAccessor):
151         (JSC::JSObject::putDirectCustomAccessor):
152         (JSC::JSObject::deleteProperty):
153         (JSC::JSObject::putDirectMayBeIndex):
154         (JSC::JSObject::defineOwnProperty):
155         * runtime/JSObject.h:
156         (JSC::JSObject::getOwnPropertySlot):
157         (JSC::JSObject::getPropertySlot):
158         (JSC::JSObject::putDirectInternal):
159         * runtime/JSString.cpp:
160         (JSC::JSString::getStringPropertyDescriptor):
161         * runtime/JSString.h:
162         (JSC::JSString::getStringPropertySlot):
163         * runtime/LiteralParser.cpp:
164         (JSC::LiteralParser<CharType>::parse):
165         * runtime/PropertyName.h:
166         (JSC::toUInt32FromCharacters):
167         (JSC::toUInt32FromStringImpl):
168         (JSC::PropertyName::asIndex):
169         * runtime/PropertyNameArray.cpp:
170         (JSC::PropertyNameArray::add):
171         * runtime/StringObject.cpp:
172         (JSC::StringObject::deleteProperty):
173         * runtime/Structure.cpp:
174         (JSC::Structure::prototypeChainMayInterceptStoreTo):
175
176 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
177
178         Consolidate out arguments of parseFunctionInfo into a struct
179         https://bugs.webkit.org/show_bug.cgi?id=140754
180
181         Reviewed by Oliver Hunt.
182
183         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
184
185         * JavaScriptCore.xcodeproj/project.pbxproj:
186         * parser/ASTBuilder.h:
187         (JSC::ASTBuilder::createFunctionExpr):
188         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
189         ParserFunctionInfo since the property name and the function name could differ.
190         (JSC::ASTBuilder::createFuncDeclStatement):
191         * parser/Parser.cpp:
192         (JSC::Parser<LexerType>::parseFunctionInfo):
193         (JSC::Parser<LexerType>::parseFunctionDeclaration):
194         (JSC::Parser<LexerType>::parseProperty):
195         (JSC::Parser<LexerType>::parseMemberExpression):
196         * parser/Parser.h:
197         * parser/ParserFunctionInfo.h: Added.
198         * parser/SyntaxChecker.h:
199         (JSC::SyntaxChecker::createFunctionExpr):
200         (JSC::SyntaxChecker::createFuncDeclStatement):
201         (JSC::SyntaxChecker::createClassDeclStatement):
202         (JSC::SyntaxChecker::createGetterOrSetterProperty):
203
204 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
205
206         Change Heap::m_compiledCode to use a Vector
207         https://bugs.webkit.org/show_bug.cgi?id=140717
208
209         Reviewed by Andreas Kling.
210
211         Right now it's a DoublyLinkedList, which is iterated during each
212         collection. This contributes to some of the longish Eden pause times.
213         A Vector would be more appropriate and would also allow ExecutableBase
214         to be 2 pointers smaller.
215
216         * heap/Heap.cpp:
217         (JSC::Heap::deleteAllCompiledCode):
218         (JSC::Heap::deleteAllUnlinkedFunctionCode):
219         (JSC::Heap::clearUnmarkedExecutables):
220         * heap/Heap.h:
221         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
222
223 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
224
225         BytecodeGenerator shouldn't expose all of its member variables
226         https://bugs.webkit.org/show_bug.cgi?id=140752
227
228         Reviewed by Mark Lam.
229
230         Added "private:" and removed unused data members as detected by clang.
231
232         * bytecompiler/BytecodeGenerator.cpp:
233         (JSC::BytecodeGenerator::BytecodeGenerator):
234         * bytecompiler/BytecodeGenerator.h:
235         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
236         * bytecompiler/NodesCodegen.cpp:
237         (JSC::BinaryOpNode::emitBytecode):
238
239 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
240
241         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
242         https://bugs.webkit.org/show_bug.cgi?id=140746
243
244         Reviewed by Timothy Hatcher.
245
246         * inspector/InjectedScriptSource.js:
247         Do not add impure properties to the descriptor object that will
248         eventually be sent to the frontend.
249
250 2015-01-21  Matthew Mirman  <mmirman@apple.com>
251
252         Updated split such that it does not include the empty end of input string match.
253         https://bugs.webkit.org/show_bug.cgi?id=138129
254         <rdar://problem/18807403>
255
256         Reviewed by Filip Pizlo.
257
258         * runtime/StringPrototype.cpp:
259         (JSC::stringProtoFuncSplit):
260         * tests/stress/empty_eos_regex_split.js: Added.
261
262 2015-01-21  Michael Saboff  <msaboff@apple.com>
263
264         Eliminate Scope slot from JavaScript CallFrame
265         https://bugs.webkit.org/show_bug.cgi?id=136724
266
267         Reviewed by Geoffrey Garen.
268
269         This finishes the removal of the scope chain slot from the call frame header.
270
271         * dfg/DFGOSRExitCompilerCommon.cpp:
272         (JSC::DFG::reifyInlinedCallFrames):
273         * dfg/DFGPreciseLocalClobberize.h:
274         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
275         * dfg/DFGSpeculativeJIT32_64.cpp:
276         (JSC::DFG::SpeculativeJIT::emitCall):
277         * dfg/DFGSpeculativeJIT64.cpp:
278         (JSC::DFG::SpeculativeJIT::emitCall):
279         * ftl/FTLJSCall.cpp:
280         (JSC::FTL::JSCall::emit):
281         * ftl/FTLLowerDFGToLLVM.cpp:
282         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
283         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
284         * interpreter/JSStack.h:
285         * interpreter/VMInspector.cpp:
286         (JSC::VMInspector::dumpFrame):
287         * jit/JITCall.cpp:
288         (JSC::JIT::compileOpCall):
289         * jit/JITCall32_64.cpp:
290         (JSC::JIT::compileOpCall):
291         * jit/JITOpcodes32_64.cpp:
292         (JSC::JIT::privateCompileCTINativeCall):
293         * jit/Repatch.cpp:
294         (JSC::generateByIdStub):
295         (JSC::linkClosureCall):
296         * jit/ThunkGenerators.cpp:
297         (JSC::virtualForThunkGenerator):
298         (JSC::nativeForGenerator):
299         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
300         read or set.  In most cases this was where we make JS calls.
301
302         * interpreter/CallFrameClosure.h:
303         (JSC::CallFrameClosure::setArgument):
304         (JSC::CallFrameClosure::resetCallFrame): Deleted.
305         * interpreter/Interpreter.cpp:
306         (JSC::Interpreter::execute):
307         (JSC::Interpreter::executeCall):
308         (JSC::Interpreter::executeConstruct):
309         (JSC::Interpreter::prepareForRepeatCall):
310         * interpreter/ProtoCallFrame.cpp:
311         (JSC::ProtoCallFrame::init):
312         * interpreter/ProtoCallFrame.h:
313         (JSC::ProtoCallFrame::scope): Deleted.
314         (JSC::ProtoCallFrame::setScope): Deleted.
315         * llint/LLIntData.cpp:
316         (JSC::LLInt::Data::performAssertions):
317         * llint/LowLevelInterpreter.asm:
318         * llint/LowLevelInterpreter64.asm:
319         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
320         registers that needed to be copied from the ProtoCallFrame to a callee's frame
321         from 5 to 4.
322
323         * llint/LowLevelInterpreter32_64.asm:
324         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
325
326 2015-01-21  Michael Saboff  <msaboff@apple.com>
327
328         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
329         https://bugs.webkit.org/show_bug.cgi?id=140708
330
331         Reviewed by Mark Lam.
332
333         Eliminated construct methods and change getConstructData() for both classes to return
334         ConstructTypeNone as they can never be called.
335
336         * runtime/NullGetterFunction.cpp:
337         (JSC::NullGetterFunction::getConstructData):
338         (JSC::constructReturnUndefined): Deleted.
339         * runtime/NullSetterFunction.cpp:
340         (JSC::NullSetterFunction::getConstructData):
341         (JSC::constructReturnUndefined): Deleted.
342
343 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
344
345         Remove ENABLE(INSPECTOR) ifdef guards
346         https://bugs.webkit.org/show_bug.cgi?id=140668
347
348         Reviewed by Darin Adler.
349
350         * Configurations/FeatureDefines.xcconfig:
351         * bindings/ScriptValue.cpp:
352         (Deprecated::ScriptValue::toInspectorValue):
353         * bindings/ScriptValue.h:
354         * inspector/ConsoleMessage.cpp:
355         * inspector/ConsoleMessage.h:
356         * inspector/ContentSearchUtilities.cpp:
357         * inspector/ContentSearchUtilities.h:
358         * inspector/IdentifiersFactory.cpp:
359         * inspector/IdentifiersFactory.h:
360         * inspector/InjectedScript.cpp:
361         * inspector/InjectedScript.h:
362         * inspector/InjectedScriptBase.cpp:
363         * inspector/InjectedScriptBase.h:
364         * inspector/InjectedScriptHost.cpp:
365         * inspector/InjectedScriptHost.h:
366         * inspector/InjectedScriptManager.cpp:
367         * inspector/InjectedScriptManager.h:
368         * inspector/InjectedScriptModule.cpp:
369         * inspector/InjectedScriptModule.h:
370         * inspector/InspectorAgentRegistry.cpp:
371         * inspector/InspectorBackendDispatcher.cpp:
372         * inspector/InspectorBackendDispatcher.h:
373         * inspector/InspectorProtocolTypes.h:
374         * inspector/JSGlobalObjectConsoleClient.cpp:
375         * inspector/JSGlobalObjectInspectorController.cpp:
376         * inspector/JSGlobalObjectInspectorController.h:
377         * inspector/JSGlobalObjectScriptDebugServer.cpp:
378         * inspector/JSGlobalObjectScriptDebugServer.h:
379         * inspector/JSInjectedScriptHost.cpp:
380         * inspector/JSInjectedScriptHost.h:
381         * inspector/JSInjectedScriptHostPrototype.cpp:
382         * inspector/JSInjectedScriptHostPrototype.h:
383         * inspector/JSJavaScriptCallFrame.cpp:
384         * inspector/JSJavaScriptCallFrame.h:
385         * inspector/JSJavaScriptCallFramePrototype.cpp:
386         * inspector/JSJavaScriptCallFramePrototype.h:
387         * inspector/JavaScriptCallFrame.cpp:
388         * inspector/JavaScriptCallFrame.h:
389         * inspector/ScriptCallFrame.cpp:
390         (Inspector::ScriptCallFrame::buildInspectorObject):
391         * inspector/ScriptCallFrame.h:
392         * inspector/ScriptCallStack.cpp:
393         (Inspector::ScriptCallStack::buildInspectorArray):
394         * inspector/ScriptCallStack.h:
395         * inspector/ScriptDebugServer.cpp:
396         * inspector/agents/InspectorAgent.cpp:
397         * inspector/agents/InspectorAgent.h:
398         * inspector/agents/InspectorConsoleAgent.cpp:
399         * inspector/agents/InspectorConsoleAgent.h:
400         * inspector/agents/InspectorDebuggerAgent.cpp:
401         * inspector/agents/InspectorDebuggerAgent.h:
402         * inspector/agents/InspectorRuntimeAgent.cpp:
403         * inspector/agents/InspectorRuntimeAgent.h:
404         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
405         * inspector/agents/JSGlobalObjectConsoleAgent.h:
406         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
407         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
408         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
409         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
410         * inspector/scripts/codegen/cpp_generator_templates.py:
411         (CppGeneratorTemplates):
412         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
413         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
414         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
415         * inspector/scripts/tests/expected/enum-values.json-result:
416         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
417         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
418         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
419         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
420         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
421         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
422         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
423         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
424         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
425         * runtime/TypeSet.cpp:
426         (JSC::TypeSet::inspectorTypeSet):
427         (JSC::StructureShape::inspectorRepresentation):
428
429 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
430
431         Web Inspector: Clean up InjectedScriptSource.js
432         https://bugs.webkit.org/show_bug.cgi?id=140709
433
434         Reviewed by Timothy Hatcher.
435
436         This patch includes some relevant Blink patches and small changes.
437         
438         Patch by <aandrey@chromium.org>
439         DevTools: Remove console last result $_ on console clear.
440         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
441
442         Patch by <eustas@chromium.org>
443         [Inspect DOM properties] incorrect CSS Selector Syntax
444         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
445
446         * inspector/InjectedScriptSource.js:
447
448 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
449
450         Web Inspector: Cleanup RuntimeAgent a bit
451         https://bugs.webkit.org/show_bug.cgi?id=140706
452
453         Reviewed by Timothy Hatcher.
454
455         * inspector/InjectedScript.h:
456         * inspector/InspectorBackendDispatcher.h:
457         * inspector/ScriptCallFrame.cpp:
458         * inspector/agents/InspectorRuntimeAgent.cpp:
459         (Inspector::InspectorRuntimeAgent::evaluate):
460         (Inspector::InspectorRuntimeAgent::getProperties):
461         (Inspector::InspectorRuntimeAgent::run):
462         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
463         (Inspector::recompileAllJSFunctionsForTypeProfiling):
464         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
465
466 2015-01-20  Matthew Mirman  <mmirman@apple.com>
467
468         Made Identity in the DFG allocate a new temp register and move 
469         the old data to it.
470         https://bugs.webkit.org/show_bug.cgi?id=140700
471         <rdar://problem/19339106>
472
473         Reviewed by Filip Pizlo.
474
475         * dfg/DFGSpeculativeJIT64.cpp:
476         (JSC::DFG::SpeculativeJIT::compile): 
477         Added scratch registers for Identity. 
478         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
479
480 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
481
482         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
483         https://bugs.webkit.org/show_bug.cgi?id=137306
484
485         Reviewed by Timothy Hatcher.
486
487         Provide another optional parameter to getProperties, to gather a list
488         of all own and getter properties.
489
490         * inspector/InjectedScript.cpp:
491         (Inspector::InjectedScript::getProperties):
492         * inspector/InjectedScript.h:
493         * inspector/InjectedScriptSource.js:
494         * inspector/agents/InspectorRuntimeAgent.cpp:
495         (Inspector::InspectorRuntimeAgent::getProperties):
496         * inspector/agents/InspectorRuntimeAgent.h:
497         * inspector/protocol/Runtime.json:
498
499 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
500
501         Web Inspector: Should show dynamic specificity values
502         https://bugs.webkit.org/show_bug.cgi?id=140647
503
504         Reviewed by Benjamin Poulain.
505
506         * inspector/protocol/CSS.json:
507         Clarify CSSSelector optional values and add "dynamic" property indicating
508         if the selector can be dynamic based on the element it is matched against.
509
510 2015-01-20  Commit Queue  <commit-queue@webkit.org>
511
512         Unreviewed, rolling out r178751.
513         https://bugs.webkit.org/show_bug.cgi?id=140694
514
515         Caused 32-bit JSC test failures (Requested by JoePeck on
516         #webkit).
517
518         Reverted changeset:
519
520         "put_by_val_direct need to check the property is index or not
521         for using putDirect / putDirectIndex"
522         https://bugs.webkit.org/show_bug.cgi?id=140426
523         http://trac.webkit.org/changeset/178751
524
525 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
526
527         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
528         https://bugs.webkit.org/show_bug.cgi?id=140426
529
530         Reviewed by Geoffrey Garen.
531
532         In the put_by_val_direct operation, we use JSObject::putDirect.
533         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
534         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
535         It forces callers to check the value is index or not explicitly.
536         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
537
538         * bytecode/GetByIdStatus.cpp:
539         (JSC::GetByIdStatus::computeFor):
540         * bytecode/PutByIdStatus.cpp:
541         (JSC::PutByIdStatus::computeFor):
542         * bytecompiler/BytecodeGenerator.cpp:
543         (JSC::BytecodeGenerator::emitDirectPutById):
544         * dfg/DFGOperations.cpp:
545         (JSC::DFG::operationPutByValInternal):
546         * jit/JITOperations.cpp:
547         * jit/Repatch.cpp:
548         (JSC::emitPutTransitionStubAndGetOldStructure):
549         * jsc.cpp:
550         * llint/LLIntSlowPaths.cpp:
551         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
552         * runtime/Arguments.cpp:
553         (JSC::Arguments::getOwnPropertySlot):
554         (JSC::Arguments::put):
555         (JSC::Arguments::deleteProperty):
556         (JSC::Arguments::defineOwnProperty):
557         * runtime/ArrayPrototype.cpp:
558         (JSC::arrayProtoFuncSort):
559         * runtime/JSArray.cpp:
560         (JSC::JSArray::defineOwnProperty):
561         * runtime/JSCJSValue.cpp:
562         (JSC::JSValue::putToPrimitive):
563         * runtime/JSGenericTypedArrayViewInlines.h:
564         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
565         (JSC::JSGenericTypedArrayView<Adaptor>::put):
566         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
567         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
568         * runtime/JSObject.cpp:
569         (JSC::JSObject::put):
570         (JSC::JSObject::putDirectAccessor):
571         (JSC::JSObject::putDirectCustomAccessor):
572         (JSC::JSObject::deleteProperty):
573         (JSC::JSObject::putDirectMayBeIndex):
574         (JSC::JSObject::defineOwnProperty):
575         * runtime/JSObject.h:
576         (JSC::JSObject::getOwnPropertySlot):
577         (JSC::JSObject::getPropertySlot):
578         (JSC::JSObject::putDirectInternal):
579         * runtime/JSString.cpp:
580         (JSC::JSString::getStringPropertyDescriptor):
581         * runtime/JSString.h:
582         (JSC::JSString::getStringPropertySlot):
583         * runtime/LiteralParser.cpp:
584         (JSC::LiteralParser<CharType>::parse):
585         * runtime/PropertyName.h:
586         (JSC::toUInt32FromCharacters):
587         (JSC::toUInt32FromStringImpl):
588         (JSC::PropertyName::asIndex):
589         * runtime/PropertyNameArray.cpp:
590         (JSC::PropertyNameArray::add):
591         * runtime/StringObject.cpp:
592         (JSC::StringObject::deleteProperty):
593         * runtime/Structure.cpp:
594         (JSC::Structure::prototypeChainMayInterceptStoreTo):
595
596 2015-01-20  Michael Saboff  <msaboff@apple.com>
597
598         REGRESSION(178696): Sporadic crashes while garbage collecting
599         https://bugs.webkit.org/show_bug.cgi?id=140688
600
601         Reviewed by Geoffrey Garen.
602
603         Added missing visitor.append(&thisObject->m_nullSetterFunction).
604
605         * runtime/JSGlobalObject.cpp:
606         (JSC::JSGlobalObject::visitChildren):
607
608 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
609
610         Web Replay: code generator should take supplemental specifications and allow cross-framework references
611         https://bugs.webkit.org/show_bug.cgi?id=136312
612
613         Reviewed by Joseph Pecoraro.
614
615         Some types are shared between replay inputs from different frameworks.
616         Previously, these type declarations were duplicated in every input
617         specification file in which they were used. This caused some type encoding
618         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
619
620         This patch teaches the replay inputs code generator to accept multiple
621         input specification files. Inputs can freely reference types from other
622         frameworks without duplicating declarations.
623
624         On the code generation side, the model could contain types and inputs from
625         frameworks that are not the target framework. Only generate code for the
626         target framework.
627
628         To properly generate cross-framework type encoding traits, use
629         Type.encoding_type_argument in more places, and add the export macro for WebCore
630         and the Test framework.
631
632         Adjust some tests so that enum coverage is preserved by moving the enum types
633         into "Test" (the target framework for tests).
634
635         * JavaScriptCore.vcxproj/copy-files.cmd:
636         For Windows, copy over JSInputs.json as if it were a private header.
637
638         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
639         * replay/JSInputs.json:
640         Put all primitive types and WTF types in this specification file.
641
642         * replay/scripts/CodeGeneratorReplayInputs.py:
643         (Input.__init__):
644         (InputsModel.__init__): Keep track of the input's framework.
645         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
646         and allow either types or inputs to be missing from a single file.
647
648         (InputsModel.parse_type_with_framework):
649         (InputsModel.parse_input_with_framework):
650         (Generator.should_generate_item): Added helper method.
651         (Generator.generate_header): Filter inputs to generate.
652         (Generator.generate_implementation): Filter inputs to generate.
653         (Generator.generate_enum_trait_declaration): Filter enums to generate.
654         Add WEBCORE_EXPORT macro to enum encoding traits.
655
656         (Generator.generate_for_each_macro): Filter inputs to generate.
657         (Generator.generate_enum_trait_implementation): Filter enums to generate.
658         (generate_from_specifications): Added.
659         (generate_from_specifications.parse_json_from_file):
660         (InputsModel.parse_toplevel): Deleted.
661         (InputsModel.parse_type_with_framework_name): Deleted.
662         (InputsModel.parse_input): Deleted.
663         (generate_from_specification): Deleted.
664         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
665         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
666         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
667         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
668         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
669         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
670         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
671         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
672         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
673         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
674         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
675         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
676         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
677         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
678         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
679         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
680         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
681         * replay/scripts/tests/fail-on-duplicate-input-names.json:
682         * replay/scripts/tests/fail-on-duplicate-type-names.json:
683         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
684         * replay/scripts/tests/fail-on-missing-input-member-name.json:
685         * replay/scripts/tests/fail-on-missing-input-name.json:
686         * replay/scripts/tests/fail-on-missing-input-queue.json:
687         * replay/scripts/tests/fail-on-missing-type-mode.json:
688         * replay/scripts/tests/fail-on-missing-type-name.json:
689         * replay/scripts/tests/fail-on-no-inputs.json:
690         Removed, no longer required to be in a single file.
691
692         * replay/scripts/tests/fail-on-no-types.json:
693         Removed, no longer required to be in a single file.
694
695         * replay/scripts/tests/fail-on-unknown-input-queue.json:
696         * replay/scripts/tests/fail-on-unknown-member-type.json:
697         * replay/scripts/tests/fail-on-unknown-type-mode.json:
698         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
699         * replay/scripts/tests/generate-enum-encoding-helpers.json:
700         * replay/scripts/tests/generate-enum-with-guard.json:
701         Include enums that are and are not generated.
702
703         * replay/scripts/tests/generate-enums-with-same-base-name.json:
704         * replay/scripts/tests/generate-event-loop-shape-types.json:
705         * replay/scripts/tests/generate-input-with-guard.json:
706         * replay/scripts/tests/generate-input-with-vector-members.json:
707         * replay/scripts/tests/generate-inputs-with-flags.json:
708         * replay/scripts/tests/generate-memoized-type-modes.json:
709
710 2015-01-20  Tomas Popela  <tpopela@redhat.com>
711
712         [GTK] Cannot compile 2.7.3 on PowerPC machines
713         https://bugs.webkit.org/show_bug.cgi?id=140616
714
715         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
716
717         Reviewed by Csaba Osztrogonác.
718
719         * runtime/BasicBlockLocation.cpp:
720
721 2015-01-19  Michael Saboff  <msaboff@apple.com>
722
723         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
724         https://bugs.webkit.org/show_bug.cgi?id=139418
725
726         Reviewed by Filip Pizlo.
727
728         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
729         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
730
731         * CMakeLists.txt:
732         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
733         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
734         * JavaScriptCore.xcodeproj/project.pbxproj:
735         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
736
737         * runtime/GetterSetter.h:
738         (JSC::GetterSetter::GetterSetter):
739         (JSC::GetterSetter::isSetterNull):
740         (JSC::GetterSetter::setSetter):
741         Change setter instances from using NullGetterFunction to using NullSetterFunction.
742
743         * runtime/JSGlobalObject.cpp:
744         (JSC::JSGlobalObject::init):
745         * runtime/JSGlobalObject.h:
746         (JSC::JSGlobalObject::nullSetterFunction):
747         Added m_nullSetterFunction and accessor.
748
749         * runtime/NullSetterFunction.cpp: Added.
750         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
751         (JSC::GetCallerStrictnessFunctor::operator()):
752         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
753         (JSC::callerIsStrict):
754         Method to determine if the caller is in strict mode.
755
756         (JSC::callReturnUndefined):
757         (JSC::constructReturnUndefined):
758         (JSC::NullSetterFunction::getCallData):
759         (JSC::NullSetterFunction::getConstructData):
760         * runtime/NullSetterFunction.h: Added.
761         (JSC::NullSetterFunction::create):
762         (JSC::NullSetterFunction::createStructure):
763         (JSC::NullSetterFunction::NullSetterFunction):
764         Class with handlers for a null setter.
765
766 2015-01-19  Saam Barati  <saambarati1@gmail.com>
767
768         Web Inspector: Provide a front end for JSC's Control Flow Profiler
769         https://bugs.webkit.org/show_bug.cgi?id=138454
770
771         Reviewed by Timothy Hatcher.
772
773         This patch puts the final touches on what JSC needs to provide
774         for the Web Inspector to show a UI for the control flow profiler.
775
776         * inspector/agents/InspectorRuntimeAgent.cpp:
777         (Inspector::recompileAllJSFunctionsForTypeProfiling):
778         * runtime/ControlFlowProfiler.cpp:
779         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
780         * runtime/FunctionHasExecutedCache.cpp:
781         (JSC::FunctionHasExecutedCache::getFunctionRanges):
782         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
783         * runtime/FunctionHasExecutedCache.h:
784
785 2015-01-19  David Kilzer  <ddkilzer@apple.com>
786
787         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
788         <http://webkit.org/b/140658>
789
790         Reviewed by Filip Pizlo.
791
792         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
793         only when building for 64-bit architectures.
794
795 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
796
797         ClosureCallStubRoutine no longer needs codeOrigin
798         https://bugs.webkit.org/show_bug.cgi?id=140659
799
800         Reviewed by Michael Saboff.
801         
802         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
803         would start with the CodeBlock according to the caller frame's call frame header. But if the
804         call was a closure call, the return PC would be inside some closure call stub. So if the
805         CodeBlock search failed, we would search *all* closure call stub routines to see which one
806         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
807         object. This was all a bunch of madness, and we actually got rid of it - we now determine
808         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
809         argument count.
810         
811         This patch removes the final vestiges of the madness:
812         
813         - Remove the totally unused method declaration for the thing that did the closure call stub
814           search.
815         
816         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
817           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
818           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
819           anymore.
820
821         * bytecode/CodeBlock.h:
822         * jit/ClosureCallStubRoutine.cpp:
823         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
824         * jit/ClosureCallStubRoutine.h:
825         (JSC::ClosureCallStubRoutine::executable):
826         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
827         * jit/Repatch.cpp:
828         (JSC::linkClosureCall):
829
830 2015-01-19  Saam Barati  <saambarati1@gmail.com>
831
832         Basic block start offsets should never be larger than end offsets in the control flow profiler
833         https://bugs.webkit.org/show_bug.cgi?id=140377
834
835         Reviewed by Filip Pizlo.
836
837         The bytecode generator will emit code more than once for some AST nodes. For instance, 
838         the finally block of TryNode will emit two code paths for its finally block: one for 
839         the normal path, and another for the path where an exception is thrown in the catch block. 
840         
841         This repeated code emission of the same AST node previously broke how the control 
842         flow profiler computed text ranges of basic blocks because when the same AST node 
843         is emitted multiple times, there is a good chance that there are ranges that span 
844         from the end offset of one of these duplicated nodes back to the start offset of 
845         the same duplicated node. This caused a basic block range to report a larger start 
846         offset than end offset. This was incorrect. Now, when this situation is encountered 
847         while linking a CodeBlock, the faulty range in question is ignored.
848
849         * bytecode/CodeBlock.cpp:
850         (JSC::CodeBlock::CodeBlock):
851         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
852         * bytecode/CodeBlock.h:
853         * bytecompiler/NodesCodegen.cpp:
854         (JSC::ForInNode::emitMultiLoopBytecode):
855         (JSC::ForOfNode::emitBytecode):
856         (JSC::TryNode::emitBytecode):
857         * parser/Parser.cpp:
858         (JSC::Parser<LexerType>::parseConditionalExpression):
859         * runtime/ControlFlowProfiler.cpp:
860         (JSC::ControlFlowProfiler::ControlFlowProfiler):
861         * runtime/ControlFlowProfiler.h:
862         (JSC::ControlFlowProfiler::dummyBasicBlock):
863
864 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
865
866         [SVG -> OTF Converter] Flip the switch on
867         https://bugs.webkit.org/show_bug.cgi?id=140592
868
869         Reviewed by Antti Koivisto.
870
871         * Configurations/FeatureDefines.xcconfig:
872
873 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
874
875         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
876         https://bugs.webkit.org/show_bug.cgi?id=140512
877
878         Reviewed by Chris Dumez.
879
880         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
881         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
882         input types, and the type traits macro is defined in namespace WTF.
883
884         * replay/NondeterministicInput.h: Make overridden methods public.
885         * replay/scripts/CodeGeneratorReplayInputs.py:
886         (Generator.generate_header):
887         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
888         (Generator.generate_input_type_trait_declaration): Added.
889         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
890         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
891         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
892         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
893         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
894         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
895         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
896         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
897         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
898
899 2015-01-19  Commit Queue  <commit-queue@webkit.org>
900
901         Unreviewed, rolling out r178653.
902         https://bugs.webkit.org/show_bug.cgi?id=140634
903
904         Broke multiple SVG tests on Mountain Lion (Requested by ap on
905         #webkit).
906
907         Reverted changeset:
908
909         "[SVG -> OTF Converter] Flip the switch on"
910         https://bugs.webkit.org/show_bug.cgi?id=140592
911         http://trac.webkit.org/changeset/178653
912
913 2015-01-18  Dean Jackson  <dino@apple.com>
914
915         ES6: Support Array.of construction
916         https://bugs.webkit.org/show_bug.cgi?id=140605
917         <rdar://problem/19513655>
918
919         Reviewed by Geoffrey Garen.
920
921         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
922         specification (15 Jan 2015). The Array.of() method creates a new Array
923         instance with a variable number of arguments, regardless of number or type
924         of the arguments.
925
926         * runtime/ArrayConstructor.cpp:
927         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
928         over the arguments, setting them to the appropriate index.
929
930 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
931
932         [SVG -> OTF Converter] Flip the switch on
933         https://bugs.webkit.org/show_bug.cgi?id=140592
934
935         Reviewed by Antti Koivisto.
936
937         * Configurations/FeatureDefines.xcconfig:
938
939 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
940
941         Web Inspector: highlight data for overlay should use protocol type builders
942         https://bugs.webkit.org/show_bug.cgi?id=129441
943
944         Reviewed by Timothy Hatcher.
945
946         Add a new domain for overlay types.
947
948         * CMakeLists.txt:
949         * DerivedSources.make:
950         * inspector/protocol/OverlayTypes.json: Added.
951
952 2015-01-17  Michael Saboff  <msaboff@apple.com>
953
954         Crash in JSScope::resolve() on tools.ups.com
955         https://bugs.webkit.org/show_bug.cgi?id=140579
956
957         Reviewed by Geoffrey Garen.
958
959         For op_resolve_scope of a global property or variable that needs to check for the var
960         injection check watchpoint, we need to keep the scope around with a Phantom.  The
961         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
962         fired.
963
964         * dfg/DFGByteCodeParser.cpp:
965         (JSC::DFG::ByteCodeParser::parseBlock):
966
967 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
968
969         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
970         https://bugs.webkit.org/show_bug.cgi?id=140557
971
972         Reviewed by Joseph Pecoraro.
973
974         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
975         This makes it longwinded and confusing to use the type in C++ code.
976
977         This patch adds a typedef for array type declarations, so types such as Console::CallStack
978         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
979
980         Some tests were updated to cover array type declarations used as parameters and type members.
981
982         * inspector/ScriptCallStack.cpp: Use the new typedef.
983         (Inspector::ScriptCallStack::buildInspectorArray):
984         * inspector/ScriptCallStack.h:
985         * inspector/scripts/codegen/cpp_generator.py:
986         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
987         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
988         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
989         (_generate_typedefs_for_domain.Inspector):
990         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
991         (ArrayType.__init__):
992         (Protocol.resolve_types):
993         (Protocol.lookup_type_reference):
994         * inspector/scripts/tests/commands-with-async-attribute.json:
995         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
996         * inspector/scripts/tests/events-with-optional-parameters.json:
997         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
998         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
999         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1000         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1001         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1002         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1003         * inspector/scripts/tests/type-declaration-object-type.json:
1004
1005 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1006
1007         Web Replay: purge remaining PassRefPtr uses and minor cleanup
1008         https://bugs.webkit.org/show_bug.cgi?id=140456
1009
1010         Reviewed by Andreas Kling.
1011
1012         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
1013         Remove mistaken uses of AtomicString that were not removed as part of r174113.
1014
1015         * replay/EmptyInputCursor.h:
1016         * replay/InputCursor.h:
1017         (JSC::InputCursor::InputCursor):
1018
1019 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1020
1021         Web Inspector: code generator should fail on duplicate parameter and member names
1022         https://bugs.webkit.org/show_bug.cgi?id=140555
1023
1024         Reviewed by Timothy Hatcher.
1025
1026         * inspector/scripts/codegen/models.py:
1027         (find_duplicates): Add a helper function to find duplicates in a list.
1028         (Protocol.parse_type_declaration):
1029         (Protocol.parse_command):
1030         (Protocol.parse_event):
1031         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
1032         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
1033         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
1034         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
1035         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
1036         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
1037         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
1038         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
1039
1040 2015-01-16  Michael Saboff  <msaboff@apple.com>
1041
1042         REGRESSION (r174226): Header on huffingtonpost.com is too large
1043         https://bugs.webkit.org/show_bug.cgi?id=140306
1044
1045         Reviewed by Filip Pizlo.
1046
1047         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
1048         arguments register or whether we need to resolve "arguments".  If the arguments have
1049         been captured, then they are stored in the lexical environment and the arguments
1050         register is not used.
1051
1052         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
1053         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
1054         better indicate what we are checking.
1055
1056         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
1057         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
1058         incorrectly calculated the location of the reified callee frame.  This alignment resulted
1059         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
1060
1061         * bytecompiler/BytecodeGenerator.cpp:
1062         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
1063         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
1064         (JSC::BytecodeGenerator::emitCall):
1065         (JSC::BytecodeGenerator::emitConstruct):
1066         (JSC::BytecodeGenerator::emitEnumeration):
1067         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
1068         * bytecompiler/BytecodeGenerator.h:
1069         * bytecompiler/NodesCodegen.cpp:
1070         (JSC::BracketAccessorNode::emitBytecode):
1071         (JSC::DotAccessorNode::emitBytecode):
1072         (JSC::getArgumentByVal):
1073         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1074         (JSC::ArrayPatternNode::emitDirectBinding):
1075         * dfg/DFGOSRExitCompilerCommon.cpp:
1076         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
1077         * dfg/DFGOperations.cpp:
1078         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
1079         * dfg/DFGOperations.h:
1080         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
1081
1082 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
1083
1084         Remove ENABLE(SQL_DATABASE) guards
1085         https://bugs.webkit.org/show_bug.cgi?id=140434
1086
1087         Reviewed by Darin Adler.
1088
1089         * CMakeLists.txt:
1090         * Configurations/FeatureDefines.xcconfig:
1091         * DerivedSources.make:
1092         * inspector/protocol/Database.json:
1093
1094 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
1095
1096         Web Inspector and regular console use different source code locations for messages
1097         https://bugs.webkit.org/show_bug.cgi?id=140478
1098
1099         Reviewed by Brian Burg.
1100
1101         * inspector/ConsoleMessage.h: Expose computed source location.
1102
1103         * inspector/agents/InspectorConsoleAgent.cpp:
1104         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1105         (Inspector::InspectorConsoleAgent::stopTiming):
1106         (Inspector::InspectorConsoleAgent::count):
1107         * inspector/agents/InspectorConsoleAgent.h:
1108         addMessageToConsole() now takes a pre-made ConsoleMessage object.
1109
1110         * inspector/JSGlobalObjectConsoleClient.cpp:
1111         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1112         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
1113         * inspector/JSGlobalObjectInspectorController.cpp:
1114         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
1115         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1116         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1117         Updated for the above changes.
1118
1119 2015-01-15  Mark Lam  <mark.lam@apple.com>
1120
1121         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
1122         <https://webkit.org/b/140093>
1123
1124         Reviewed by Geoffrey Garen.
1125
1126         * interpreter/StackVisitor.cpp:
1127         (JSC::StackVisitor::Frame::createArguments):
1128         - We should not fetching the lexicalEnvironment here.  The reason we've
1129           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
1130           may not be available to us at this point.  Instead, we'll just pass a nullptr.
1131
1132         * runtime/Arguments.cpp:
1133         (JSC::Arguments::tearOffForCloning):
1134         * runtime/Arguments.h:
1135         (JSC::Arguments::finishCreation):
1136         - Use the new tearOffForCloning() to tear off arguments right out of the values
1137           passed on the stack.  tearOff() is not appropriate for this purpose because
1138           it takes slowArgumentsData into account.
1139
1140 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1141
1142         Removed accidental commit of "invalid_array.js" 
1143         http://trac.webkit.org/changeset/178439
1144
1145         * tests/stress/invalid_array.js: Removed.
1146
1147 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1148
1149         Fixes operationPutByIdOptimizes such that they check that the put didn't
1150         change the structure of the object who's property access is being
1151         cached.  Also removes uses of the new base value from the cache generation code.
1152         https://bugs.webkit.org/show_bug.cgi?id=139500
1153
1154         Reviewed by Filip Pizlo.
1155
1156         * jit/JITOperations.cpp:
1157         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
1158         (JSC::operationPutByIdNonStrictOptimize): ditto.
1159         (JSC::operationPutByIdDirectStrictOptimize): ditto.
1160         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
1161         * jit/Repatch.cpp:
1162         (JSC::generateByIdStub):
1163         (JSC::tryCacheGetByID):
1164         (JSC::tryBuildGetByIDList):
1165         (JSC::emitPutReplaceStub):
1166         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
1167         (JSC::tryCachePutByID):
1168         (JSC::repatchPutByID):
1169         (JSC::tryBuildPutByIdList):
1170         (JSC::tryRepatchIn):
1171         (JSC::emitPutTransitionStub): Deleted.
1172         * jit/Repatch.h:
1173         * llint/LLIntSlowPaths.cpp:
1174         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1175         * runtime/JSPropertyNameEnumerator.h:
1176         (JSC::genericPropertyNameEnumerator):
1177         * runtime/Operations.h:
1178         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
1179         (JSC::normalizePrototypeChain): restructured to not use the base value.
1180         * tests/mozilla/mozilla-tests.yaml:
1181         * tests/stress/proto-setter.js: Added.
1182         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
1183         Added test that fails without this patch.
1184
1185 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
1186
1187         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
1188         https://bugs.webkit.org/show_bug.cgi?id=140404
1189
1190         Reviewed by Timothy Hatcher.
1191
1192         * inspector/protocol/Timeline.json:
1193
1194 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1195
1196         DFG can call PutByValDirect for generic arrays
1197         https://bugs.webkit.org/show_bug.cgi?id=140389
1198
1199         Reviewed by Geoffrey Garen.
1200
1201         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
1202         However, current DFG asserts that put_by_val_direct is not used for the generic array,
1203         the assertion failure is raised.
1204         This patch allow DFG to use put_by_val_direct to generic arrays.
1205
1206         And fix the DFG put_by_val_direct implementation for string properties.
1207         At first, put_by_val_direct is inteded to be used for spread elements.
1208         So the property keys were limited to numbers (indexes).
1209         But now, it's also used for computed properties in object initializers.
1210
1211         * dfg/DFGOperations.cpp:
1212         (JSC::DFG::operationPutByValInternal):
1213         * dfg/DFGSpeculativeJIT64.cpp:
1214         (JSC::DFG::SpeculativeJIT::compile):
1215
1216 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
1217
1218         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
1219         https://bugs.webkit.org/show_bug.cgi?id=140397
1220
1221         Reviewed by Geoffrey Garen.
1222
1223         Patch by Alexey Proskuryakov.
1224
1225         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
1226
1227         No performance change.
1228
1229         No test, since this is a small past-the-end read, which is very
1230         difficult to turn into a reproducible failing test -- and existing tests
1231         crash reliably using ASan.
1232
1233         * bytecompiler/NodesCodegen.cpp:
1234         (JSC::BracketAccessorNode::emitBytecode):
1235         (JSC::DotAccessorNode::emitBytecode):
1236         (JSC::FunctionCallBracketNode::emitBytecode):
1237         (JSC::PostfixNode::emitResolve):
1238         (JSC::DeleteBracketNode::emitBytecode):
1239         (JSC::DeleteDotNode::emitBytecode):
1240         (JSC::PrefixNode::emitResolve):
1241         (JSC::UnaryOpNode::emitBytecode):
1242         (JSC::BitwiseNotNode::emitBytecode):
1243         (JSC::BinaryOpNode::emitBytecode):
1244         (JSC::EqualNode::emitBytecode):
1245         (JSC::StrictEqualNode::emitBytecode):
1246         (JSC::ThrowableBinaryOpNode::emitBytecode):
1247         (JSC::AssignDotNode::emitBytecode):
1248         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
1249         register used across a call to a function that might allocate a new
1250         temporary register must be held in a RefPtr.
1251
1252 2015-01-12  Michael Saboff  <msaboff@apple.com>
1253
1254         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1255         https://bugs.webkit.org/show_bug.cgi?id=140348
1256
1257         Reviewed by Mark Lam.
1258
1259         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
1260         because those registers may have been spilled on the stack and replaced with other values by
1261         the time we call down to gatherFromCurrentThread().
1262
1263         Now we get the register contents at the same place that we demarcate the current top of
1264         stack using the address of a local variable, in Heap::markRoots().  The register contents
1265         buffer is passed along with the demarcation pointer.  These need to be done at this level 
1266         in the call tree and no lower, as markRoots() calls various functions that visit object
1267         pointers that may be latter proven dead.  Any of those pointers that are left on the
1268         stack or in registers could be incorrectly marked as live if we scan the stack contents
1269         from a called function or one of its callees.  The stack demarcation pointer and register
1270         saving need to be done in the same function so that we have a consistent stack, active
1271         and spilled registers.
1272
1273         Because we don't want to make unnecessary calls to get the register contents, we use
1274         a macro to allocated, and possibly align, the register structure and get the actual
1275         register contents.
1276
1277
1278         * heap/Heap.cpp:
1279         (JSC::Heap::markRoots):
1280         (JSC::Heap::gatherStackRoots):
1281         * heap/Heap.h:
1282         * heap/MachineStackMarker.cpp:
1283         (JSC::MachineThreads::gatherFromCurrentThread):
1284         (JSC::MachineThreads::gatherConservativeRoots):
1285         * heap/MachineStackMarker.h:
1286
1287 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
1288
1289         Add basic pattern matching support to the url filters
1290         https://bugs.webkit.org/show_bug.cgi?id=140283
1291
1292         Reviewed by Andreas Kling.
1293
1294         * JavaScriptCore.xcodeproj/project.pbxproj:
1295         Make YarrParser.h private in order to use it from WebCore.
1296
1297 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
1298
1299         Out of bounds read in IdentifierArena::makeIdentifier
1300         https://bugs.webkit.org/show_bug.cgi?id=140376
1301
1302         Patch by Alexey Proskuryakov.
1303
1304         Reviewed and ChangeLogged by Geoffrey Garen.
1305
1306         No test, since this is a small past-the-end read, which is very
1307         difficult to turn into a reproducible failing test -- and existing tests
1308         crash reliably using ASan.
1309
1310         * parser/ParserArena.h:
1311         (JSC::IdentifierArena::makeIdentifier):
1312         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
1313         zero-length string input, like we do in the literal parser, since it is
1314         not valid to dereference characters in a zero-length string.
1315
1316         A zero-length string is allowed in JavaScript -- for example, "".
1317
1318 2015-01-11  Sam Weinig  <sam@webkit.org>
1319
1320         Remove support for SharedWorkers
1321         https://bugs.webkit.org/show_bug.cgi?id=140344
1322
1323         Reviewed by Anders Carlsson.
1324
1325         * Configurations/FeatureDefines.xcconfig:
1326
1327 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
1328
1329         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
1330         https://bugs.webkit.org/show_bug.cgi?id=136769
1331
1332         Reviewed by Antti Koivisto.
1333
1334         * Configurations/FeatureDefines.xcconfig:
1335
1336 2015-01-12  Commit Queue  <commit-queue@webkit.org>
1337
1338         Unreviewed, rolling out r178266.
1339         https://bugs.webkit.org/show_bug.cgi?id=140363
1340
1341         Broke a JSC test (Requested by ap on #webkit).
1342
1343         Reverted changeset:
1344
1345         "Local JSArray* "keys" in objectConstructorKeys() is not
1346         marked during garbage collection"
1347         https://bugs.webkit.org/show_bug.cgi?id=140348
1348         http://trac.webkit.org/changeset/178266
1349
1350 2015-01-12  Michael Saboff  <msaboff@apple.com>
1351
1352         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1353         https://bugs.webkit.org/show_bug.cgi?id=140348
1354
1355         Reviewed by Mark Lam.
1356
1357         Move the address of the local variable that is used to demarcate the top of the stack for 
1358         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
1359         the register values using setjmp().  That way we don't lose any callee save register
1360         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
1361         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
1362         erroneously.
1363
1364         * heap/Heap.cpp:
1365         (JSC::Heap::markRoots):
1366         (JSC::Heap::gatherStackRoots):
1367         * heap/Heap.h:
1368         * heap/MachineStackMarker.cpp:
1369         (JSC::MachineThreads::gatherFromCurrentThread):
1370         (JSC::MachineThreads::gatherConservativeRoots):
1371         * heap/MachineStackMarker.h:
1372
1373 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
1374
1375         Fix typo in testate.c error messages
1376         https://bugs.webkit.org/show_bug.cgi?id=140305
1377
1378         Reviewed by Geoffrey Garen.
1379
1380         * API/tests/testapi.c:
1381         (main): "... script did not timed out ..." -> "... script did not time out ..."
1382
1383 2015-01-09  Michael Saboff  <msaboff@apple.com>
1384
1385         Breakpoint doesn't fire in this HTML5 game
1386         https://bugs.webkit.org/show_bug.cgi?id=140269
1387
1388         Reviewed by Mark Lam.
1389
1390         When parsing a single line cached function, use the lineStartOffset of the
1391         location where we found the cached function instead of the cached lineStartOffset.
1392         The cache location's lineStartOffset has not been adjusted for any possible
1393         containing functions.
1394
1395         This change is not needed for multi-line cached functions.  Consider the
1396         single line source:
1397
1398         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
1399
1400         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
1401         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
1402         character is at outer()'s outermost open brace.  That is what we should use for
1403         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
1404         to the saved location for inner1(), including the lineStartOffset of 0.  We need
1405         to use the value of lineStartOffset before we started parsing inner1().  That is
1406         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
1407
1408         For a multi-line function, the close brace is guaranteed to be on a different line
1409         than the open brace.  Hence, its lineStartOffset will not change with the change of
1410         the SourceCode start character
1411
1412         * parser/Parser.cpp:
1413         (JSC::Parser<LexerType>::parseFunctionInfo):
1414
1415 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1416
1417         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
1418         https://bugs.webkit.org/show_bug.cgi?id=140279
1419         rdar://problem/19422299
1420
1421         Reviewed by Oliver Hunt.
1422
1423         * runtime/MapData.cpp:
1424         (JSC::MapData::replaceAndPackBackingStore):
1425         The cell table also needs to have its values fixed.
1426
1427 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1428
1429         Web Inspector: Remove or use TimelineAgent Resource related event types
1430         https://bugs.webkit.org/show_bug.cgi?id=140155
1431
1432         Reviewed by Timothy Hatcher.
1433
1434         Remove unused / stale Timeline event types.
1435
1436         * inspector/protocol/Timeline.json:
1437
1438 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
1439
1440         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
1441         https://bugs.webkit.org/show_bug.cgi?id=140098
1442
1443         Reviewed by Brian Burg.
1444
1445         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
1446
1447 2015-01-08  Mark Lam  <mark.lam@apple.com>
1448
1449         Argument object created by "Function dot arguments" should use a clone of the argument values.
1450         <https://webkit.org/b/140093>
1451
1452         Reviewed by Geoffrey Garen.
1453
1454         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
1455         test will crash.  The relevant code which manifests the issue is as follows:
1456
1457             function bar() {
1458                 return foo.arguments;
1459             }
1460
1461             function foo(p) {
1462                 var x = 42;
1463                 if (p)
1464                     return (function() { return x; });
1465                 else
1466                     return bar();
1467             }
1468
1469         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
1470         has dead code eliminated the SetLocal that stores it into its designated local.
1471         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
1472         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
1473         but instead, finds it to be uninitialized.  This results in a null pointer access
1474         which causes a crash.
1475
1476         This can be resolved by having bar() instantiate a clone of the Arguments object
1477         instead, and populate its elements with values fetched directly from foo's frame.
1478         There's no need to reference foo's LexicalEnvironment (whether present or not).
1479
1480         * interpreter/StackVisitor.cpp:
1481         (JSC::StackVisitor::Frame::createArguments):
1482         * runtime/Arguments.h:
1483         (JSC::Arguments::finishCreation):
1484
1485 2015-01-08  Mark Lam  <mark.lam@apple.com>
1486
1487         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1488         <https://webkit.org/b/140236>
1489
1490         Reviewed by Geoffrey Garen.
1491
1492         Will change the DFG to use the operand on a subsequent pass.  For now,
1493         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1494         retain the old behavior of getting the lexicalEnviroment from the
1495         ExecState.
1496
1497         * bytecompiler/BytecodeGenerator.cpp:
1498         (JSC::BytecodeGenerator::BytecodeGenerator):
1499         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1500         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1501         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1502           instead of an empty JSValue as the lexicalEnvironment operand.
1503
1504         * dfg/DFGOperations.cpp:
1505         - Use the lexicalEnvironment from the ExecState for now.
1506
1507         * dfg/DFGSpeculativeJIT32_64.cpp:
1508         (JSC::DFG::SpeculativeJIT::compile):
1509         * dfg/DFGSpeculativeJIT64.cpp:
1510         (JSC::DFG::SpeculativeJIT::compile):
1511         - Use the operationCreateArgumentsForDFG() thunk for now.
1512
1513         * interpreter/CallFrame.cpp:
1514         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1515         * interpreter/CallFrame.h:
1516         - Added this convenience function to return either the
1517           lexicalEnvironment or a nullptr so that we don't need to do a
1518           conditional check on codeBlock->needsActivation() at multiple sites.
1519
1520         * interpreter/StackVisitor.cpp:
1521         (JSC::StackVisitor::Frame::createArguments):
1522         * jit/JIT.h:
1523         * jit/JITInlines.h:
1524         (JSC::JIT::callOperation):
1525         * jit/JITOpcodes.cpp:
1526         (JSC::JIT::emit_op_create_arguments):
1527         (JSC::JIT::emitSlow_op_get_argument_by_val):
1528         * jit/JITOpcodes32_64.cpp:
1529         (JSC::JIT::emit_op_create_arguments):
1530         (JSC::JIT::emitSlow_op_get_argument_by_val):
1531         * jit/JITOperations.cpp:
1532         * jit/JITOperations.h:
1533         * llint/LLIntSlowPaths.cpp:
1534         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1535         * runtime/Arguments.h:
1536         (JSC::Arguments::create):
1537         (JSC::Arguments::finishCreation):
1538         * runtime/CommonSlowPaths.cpp:
1539         (JSC::SLOW_PATH_DECL):
1540         * runtime/JSLexicalEnvironment.cpp:
1541         (JSC::JSLexicalEnvironment::argumentsGetter):
1542
1543 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1544
1545         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
1546         https://bugs.webkit.org/show_bug.cgi?id=138991
1547
1548         Reviewed by Timothy Hatcher.
1549
1550         * debugger/Debugger.cpp:
1551         (JSC::Debugger::Debugger):
1552         (JSC::Debugger::pauseIfNeeded):
1553         (JSC::Debugger::didReachBreakpoint):
1554         When actually pausing, if we hit a breakpoint ensure the reason
1555         is PausedForBreakpoint, otherwise use the current reason.
1556
1557         * debugger/Debugger.h:
1558         Make pause reason and pausing breakpoint ID public.
1559
1560         * inspector/agents/InspectorDebuggerAgent.h:
1561         * inspector/agents/InspectorDebuggerAgent.cpp:
1562         (Inspector::buildAssertPauseReason):
1563         (Inspector::buildCSPViolationPauseReason):
1564         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
1565         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
1566         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1567         (Inspector::buildObjectForBreakpointCookie):
1568         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1569         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
1570         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1571         (Inspector::InspectorDebuggerAgent::pause):
1572         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1573         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1574         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
1575         Clean up creation of pause reason objects and other cleanup
1576         of PassRefPtr use and InjectedScript use.
1577
1578         (Inspector::InspectorDebuggerAgent::didPause):
1579         Clean up so that we first check for an Exception, and then fall
1580         back to including a Pause Reason derived from the Debugger.
1581
1582         * inspector/protocol/Debugger.json:
1583         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
1584
1585 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1586
1587         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
1588         https://bugs.webkit.org/show_bug.cgi?id=140209
1589
1590         Reviewed by Timothy Hatcher.
1591
1592         Check the types of objects in NSArrays for all interfaces (commands, events, types)
1593         when the user can set an array of objects. Previously we were only type checking
1594         they were RWIJSONObjects, now we add an explicit check for the exact object type.
1595
1596         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1597         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1598         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1599         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1600         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1601         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1602         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
1603         * inspector/scripts/codegen/objc_generator.py:
1604         (ObjCGenerator.objc_class_for_array_type):
1605         (ObjCGenerator):
1606
1607 2015-01-07  Mark Lam  <mark.lam@apple.com>
1608
1609         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
1610         <https://webkit.org/b/140233>
1611
1612         Reviewed by Filip Pizlo.
1613
1614         This patch only adds the operand to the bytecode.  It is not in use yet.
1615
1616         * bytecode/BytecodeList.json:
1617         * bytecode/BytecodeUseDef.h:
1618         (JSC::computeUsesForBytecodeOffset):
1619         * bytecode/CodeBlock.cpp:
1620         (JSC::CodeBlock::dumpBytecode):
1621         * bytecompiler/BytecodeGenerator.cpp:
1622         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1623         * llint/LowLevelInterpreter32_64.asm:
1624         * llint/LowLevelInterpreter64.asm:
1625
1626 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1627
1628         Investigate the character type of repeated string instead of checking is8Bit flag
1629         https://bugs.webkit.org/show_bug.cgi?id=140139
1630
1631         Reviewed by Darin Adler.
1632
1633         Instead of checking is8Bit flag of the repeated string, investigate
1634         the actual value of the repeated character since i8Bit flag give a false negative case.
1635
1636         * runtime/StringPrototype.cpp:
1637         (JSC::repeatCharacter):
1638         (JSC::stringProtoFuncRepeat):
1639         (JSC::repeatSmallString): Deleted.
1640
1641 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1642
1643         Web Inspector: ObjC Generate types from the GenericTypes domain
1644         https://bugs.webkit.org/show_bug.cgi?id=140229
1645
1646         Reviewed by Timothy Hatcher.
1647
1648         Generate types from the GenericTypes domain, as they are expected
1649         by other domains (like Page domain). Also, don't include the @protocol
1650         forward declaration for a domain if it doesn't have any commands.
1651
1652         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1653         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1654         (ObjCBackendDispatcherHeaderGenerator): Deleted.
1655         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
1656         * inspector/scripts/codegen/objc_generator.py:
1657         (ObjCGenerator):
1658         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1659         * inspector/scripts/tests/expected/enum-values.json-result:
1660         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1661         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1662         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1663         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1664         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1665         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1666         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1667         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1668         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1669
1670 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1671
1672         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
1673         https://bugs.webkit.org/show_bug.cgi?id=140228
1674
1675         Reviewed by Timothy Hatcher.
1676
1677         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1678         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1679         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1680         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1681         * inspector/scripts/tests/expected/enum-values.json-result:
1682         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1683
1684 2015-01-07  Saam Barati  <saambarati1@gmail.com>
1685
1686         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
1687         https://bugs.webkit.org/show_bug.cgi?id=140165
1688
1689         Reviewed by Michael Saboff.
1690
1691         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
1692         into the LLInt speeds up type profiling.
1693
1694         * llint/LLIntOffsetsExtractor.cpp:
1695         * llint/LowLevelInterpreter.asm:
1696         * llint/LowLevelInterpreter32_64.asm:
1697         * llint/LowLevelInterpreter64.asm:
1698         * runtime/CommonSlowPaths.cpp:
1699         (JSC::SLOW_PATH_DECL):
1700         * runtime/CommonSlowPaths.h:
1701         * runtime/TypeProfilerLog.h:
1702         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
1703
1704 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
1705
1706         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1707         https://bugs.webkit.org/show_bug.cgi?id=140053
1708
1709         Reviewed by Andreas Kling.
1710
1711         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1712         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1713         references are always non-null. These two refactorings have been combined since
1714         they tend to require similar changes to the code.
1715
1716         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1717         have been updated to take a Ref instead of RefPtr.
1718
1719         Builders for typed protocol objects now return a Ref. Since there is no implicit
1720         call to operator&, callsites now must explicitly call .release() to convert a
1721         builder object into the corresponding protocol object once required fields are set.
1722         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1723
1724         Tests for inspector protocol and replay inputs have been rebaselined.
1725
1726         * bindings/ScriptValue.cpp:
1727         (Deprecated::jsToInspectorValue):
1728         (Deprecated::ScriptValue::toInspectorValue):
1729         * bindings/ScriptValue.h:
1730         * inspector/ConsoleMessage.cpp:
1731         (Inspector::ConsoleMessage::addToFrontend):
1732         * inspector/ContentSearchUtilities.cpp:
1733         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1734         (Inspector::ContentSearchUtilities::searchInTextByLines):
1735         * inspector/ContentSearchUtilities.h:
1736         * inspector/InjectedScript.cpp:
1737         (Inspector::InjectedScript::getFunctionDetails):
1738         (Inspector::InjectedScript::getProperties):
1739         (Inspector::InjectedScript::getInternalProperties):
1740         (Inspector::InjectedScript::wrapCallFrames):
1741         (Inspector::InjectedScript::wrapObject):
1742         (Inspector::InjectedScript::wrapTable):
1743         * inspector/InjectedScript.h:
1744         * inspector/InjectedScriptBase.cpp:
1745         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1746         * inspector/InspectorBackendDispatcher.cpp:
1747         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1748         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1749         (Inspector::InspectorBackendDispatcher::create):
1750         (Inspector::InspectorBackendDispatcher::dispatch):
1751         (Inspector::InspectorBackendDispatcher::sendResponse):
1752         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1753         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1754         (Inspector::InspectorBackendDispatcher::getInteger):
1755         (Inspector::InspectorBackendDispatcher::getDouble):
1756         (Inspector::InspectorBackendDispatcher::getString):
1757         (Inspector::InspectorBackendDispatcher::getBoolean):
1758         (Inspector::InspectorBackendDispatcher::getObject):
1759         (Inspector::InspectorBackendDispatcher::getArray):
1760         (Inspector::InspectorBackendDispatcher::getValue):
1761         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1762         protocol error strings.
1763         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1764         Convert the supplemental dispatcher's reference to Ref since it is never null.
1765         * inspector/InspectorEnvironment.h:
1766         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1767         StructItemTraits. Add more versions of addItem to handle pushing various types.
1768         (Inspector::Protocol::Array::openAccessors):
1769         (Inspector::Protocol::Array::addItem):
1770         (Inspector::Protocol::Array::create):
1771         (Inspector::Protocol::StructItemTraits::push):
1772         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1773         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1774         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1775         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1776         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1777         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1778         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1779         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1780         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1781         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1782         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1783         the same call signature as other getters. Use Ref where possible.
1784         (Inspector::InspectorObjectBase::getBoolean):
1785         (Inspector::InspectorObjectBase::getString):
1786         (Inspector::InspectorObjectBase::getObject):
1787         (Inspector::InspectorObjectBase::getArray):
1788         (Inspector::InspectorObjectBase::getValue):
1789         (Inspector::InspectorObjectBase::writeJSON):
1790         (Inspector::InspectorArrayBase::get):
1791         (Inspector::InspectorObject::create):
1792         (Inspector::InspectorArray::create):
1793         (Inspector::InspectorValue::null):
1794         (Inspector::InspectorString::create):
1795         (Inspector::InspectorBasicValue::create):
1796         (Inspector::InspectorObjectBase::get): Deleted.
1797         * inspector/InspectorValues.h:
1798         (Inspector::InspectorObjectBase::setValue):
1799         (Inspector::InspectorObjectBase::setObject):
1800         (Inspector::InspectorObjectBase::setArray):
1801         (Inspector::InspectorArrayBase::pushValue):
1802         (Inspector::InspectorArrayBase::pushObject):
1803         (Inspector::InspectorArrayBase::pushArray):
1804         * inspector/JSGlobalObjectConsoleClient.cpp:
1805         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1806         (Inspector::JSGlobalObjectConsoleClient::count):
1807         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1808         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1809         * inspector/JSGlobalObjectConsoleClient.h:
1810         * inspector/JSGlobalObjectInspectorController.cpp:
1811         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1812         * inspector/JSGlobalObjectInspectorController.h:
1813         * inspector/ScriptCallFrame.cpp:
1814         (Inspector::ScriptCallFrame::buildInspectorObject):
1815         * inspector/ScriptCallFrame.h:
1816         * inspector/ScriptCallStack.cpp:
1817         (Inspector::ScriptCallStack::create):
1818         (Inspector::ScriptCallStack::buildInspectorArray):
1819         * inspector/ScriptCallStack.h:
1820         * inspector/agents/InspectorAgent.cpp:
1821         (Inspector::InspectorAgent::enable):
1822         (Inspector::InspectorAgent::inspect):
1823         (Inspector::InspectorAgent::activateExtraDomain):
1824         * inspector/agents/InspectorAgent.h:
1825         * inspector/agents/InspectorDebuggerAgent.cpp:
1826         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1827         (Inspector::buildObjectForBreakpointCookie):
1828         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1829         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1830         (Inspector::InspectorDebuggerAgent::continueToLocation):
1831         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1832         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1833         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1834         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1835         (Inspector::InspectorDebuggerAgent::didParseSource):
1836         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1837         (Inspector::InspectorDebuggerAgent::breakProgram):
1838         * inspector/agents/InspectorDebuggerAgent.h:
1839         * inspector/agents/InspectorRuntimeAgent.cpp:
1840         (Inspector::buildErrorRangeObject):
1841         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1842         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1843         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1844         * inspector/agents/InspectorRuntimeAgent.h:
1845         * inspector/scripts/codegen/cpp_generator.py:
1846         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1847         (CppGenerator.cpp_type_for_type_with_name):
1848         (CppGenerator.cpp_type_for_formal_async_parameter):
1849         (CppGenerator.should_use_references_for_type):
1850         (CppGenerator):
1851         * inspector/scripts/codegen/cpp_generator_templates.py:
1852         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1853         (CppBackendDispatcherHeaderGenerator.generate_output):
1854         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1855         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1856         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1857         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1858         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1859         (CppFrontendDispatcherHeaderGenerator.generate_output):
1860         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1861         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1862         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1863         (CppProtocolTypesHeaderGenerator.generate_output):
1864         (_generate_class_for_object_declaration):
1865         (_generate_unchecked_setter_for_member):
1866         (_generate_forward_declarations_for_binding_traits):
1867         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1868         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1869         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1870         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1871         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1872         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1873         (ObjCProtocolTypesImplementationGenerator.generate_output):
1874         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1875         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1876         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1877         * inspector/scripts/tests/expected/enum-values.json-result:
1878         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1879         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1880         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1881         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1882         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1883         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1884         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1885         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1886         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1887         * replay/EncodedValue.cpp:
1888         (JSC::EncodedValue::asObject):
1889         (JSC::EncodedValue::asArray):
1890         (JSC::EncodedValue::put<EncodedValue>):
1891         (JSC::EncodedValue::append<EncodedValue>):
1892         (JSC::EncodedValue::get<EncodedValue>):
1893         * replay/EncodedValue.h:
1894         * replay/scripts/CodeGeneratorReplayInputs.py:
1895         (Type.borrow_type):
1896         (Type.argument_type):
1897         (Generator.generate_member_move_expression):
1898         * runtime/ConsoleClient.cpp:
1899         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1900         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1901         (JSC::ConsoleClient::logWithLevel):
1902         (JSC::ConsoleClient::clear):
1903         (JSC::ConsoleClient::dir):
1904         (JSC::ConsoleClient::dirXML):
1905         (JSC::ConsoleClient::table):
1906         (JSC::ConsoleClient::trace):
1907         (JSC::ConsoleClient::assertCondition):
1908         (JSC::ConsoleClient::group):
1909         (JSC::ConsoleClient::groupCollapsed):
1910         (JSC::ConsoleClient::groupEnd):
1911         * runtime/ConsoleClient.h:
1912         * runtime/TypeSet.cpp:
1913         (JSC::TypeSet::allStructureRepresentations):
1914         (JSC::TypeSet::inspectorTypeSet):
1915         (JSC::StructureShape::inspectorRepresentation):
1916         * runtime/TypeSet.h:
1917
1918 2015-01-07  Commit Queue  <commit-queue@webkit.org>
1919
1920         Unreviewed, rolling out r178039.
1921         https://bugs.webkit.org/show_bug.cgi?id=140187
1922
1923         Breaks ObjC Inspector Protocol (Requested by JoePeck on
1924         #webkit).
1925
1926         Reverted changeset:
1927
1928         "Web Inspector: purge PassRefPtr from Inspector code and use
1929         Ref for typed and untyped protocol objects"
1930         https://bugs.webkit.org/show_bug.cgi?id=140053
1931         http://trac.webkit.org/changeset/178039
1932
1933 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
1934
1935         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1936         https://bugs.webkit.org/show_bug.cgi?id=140053
1937
1938         Reviewed by Andreas Kling.
1939
1940         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1941         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1942         references are always non-null. These two refactorings have been combined since
1943         they tend to require similar changes to the code.
1944
1945         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1946         have been updated to take a Ref instead of RefPtr.
1947
1948         Builders for typed protocol objects now return a Ref. Since there is no implicit
1949         call to operator&, callsites now must explicitly call .release() to convert a
1950         builder object into the corresponding protocol object once required fields are set.
1951         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1952
1953         Tests for inspector protocol and replay inputs have been rebaselined.
1954
1955         * bindings/ScriptValue.cpp:
1956         (Deprecated::jsToInspectorValue):
1957         (Deprecated::ScriptValue::toInspectorValue):
1958         * bindings/ScriptValue.h:
1959         * inspector/ConsoleMessage.cpp:
1960         (Inspector::ConsoleMessage::addToFrontend):
1961         * inspector/ContentSearchUtilities.cpp:
1962         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1963         (Inspector::ContentSearchUtilities::searchInTextByLines):
1964         * inspector/ContentSearchUtilities.h:
1965         * inspector/InjectedScript.cpp:
1966         (Inspector::InjectedScript::getFunctionDetails):
1967         (Inspector::InjectedScript::getProperties):
1968         (Inspector::InjectedScript::getInternalProperties):
1969         (Inspector::InjectedScript::wrapCallFrames):
1970         (Inspector::InjectedScript::wrapObject):
1971         (Inspector::InjectedScript::wrapTable):
1972         * inspector/InjectedScript.h:
1973         * inspector/InjectedScriptBase.cpp:
1974         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1975         * inspector/InspectorBackendDispatcher.cpp:
1976         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1977         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1978         (Inspector::InspectorBackendDispatcher::create):
1979         (Inspector::InspectorBackendDispatcher::dispatch):
1980         (Inspector::InspectorBackendDispatcher::sendResponse):
1981         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1982         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1983         (Inspector::InspectorBackendDispatcher::getInteger):
1984         (Inspector::InspectorBackendDispatcher::getDouble):
1985         (Inspector::InspectorBackendDispatcher::getString):
1986         (Inspector::InspectorBackendDispatcher::getBoolean):
1987         (Inspector::InspectorBackendDispatcher::getObject):
1988         (Inspector::InspectorBackendDispatcher::getArray):
1989         (Inspector::InspectorBackendDispatcher::getValue):
1990         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1991         protocol error strings.
1992         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1993         Convert the supplemental dispatcher's reference to Ref since it is never null.
1994         * inspector/InspectorEnvironment.h:
1995         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1996         StructItemTraits. Add more versions of addItem to handle pushing various types.
1997         (Inspector::Protocol::Array::openAccessors):
1998         (Inspector::Protocol::Array::addItem):
1999         (Inspector::Protocol::Array::create):
2000         (Inspector::Protocol::StructItemTraits::push):
2001         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
2002         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
2003         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
2004         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
2005         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
2006         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
2007         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
2008         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
2009         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
2010         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
2011         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
2012         the same call signature as other getters. Use Ref where possible.
2013         (Inspector::InspectorObjectBase::getBoolean):
2014         (Inspector::InspectorObjectBase::getString):
2015         (Inspector::InspectorObjectBase::getObject):
2016         (Inspector::InspectorObjectBase::getArray):
2017         (Inspector::InspectorObjectBase::getValue):
2018         (Inspector::InspectorObjectBase::writeJSON):
2019         (Inspector::InspectorArrayBase::get):
2020         (Inspector::InspectorObject::create):
2021         (Inspector::InspectorArray::create):
2022         (Inspector::InspectorValue::null):
2023         (Inspector::InspectorString::create):
2024         (Inspector::InspectorBasicValue::create):
2025         (Inspector::InspectorObjectBase::get): Deleted.
2026         * inspector/InspectorValues.h:
2027         (Inspector::InspectorObjectBase::setValue):
2028         (Inspector::InspectorObjectBase::setObject):
2029         (Inspector::InspectorObjectBase::setArray):
2030         (Inspector::InspectorArrayBase::pushValue):
2031         (Inspector::InspectorArrayBase::pushObject):
2032         (Inspector::InspectorArrayBase::pushArray):
2033         * inspector/JSGlobalObjectConsoleClient.cpp:
2034         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2035         (Inspector::JSGlobalObjectConsoleClient::count):
2036         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2037         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
2038         * inspector/JSGlobalObjectConsoleClient.h:
2039         * inspector/JSGlobalObjectInspectorController.cpp:
2040         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
2041         * inspector/JSGlobalObjectInspectorController.h:
2042         * inspector/ScriptCallFrame.cpp:
2043         (Inspector::ScriptCallFrame::buildInspectorObject):
2044         * inspector/ScriptCallFrame.h:
2045         * inspector/ScriptCallStack.cpp:
2046         (Inspector::ScriptCallStack::create):
2047         (Inspector::ScriptCallStack::buildInspectorArray):
2048         * inspector/ScriptCallStack.h:
2049         * inspector/agents/InspectorAgent.cpp:
2050         (Inspector::InspectorAgent::enable):
2051         (Inspector::InspectorAgent::inspect):
2052         (Inspector::InspectorAgent::activateExtraDomain):
2053         * inspector/agents/InspectorAgent.h:
2054         * inspector/agents/InspectorDebuggerAgent.cpp:
2055         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2056         (Inspector::buildObjectForBreakpointCookie):
2057         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2058         (Inspector::InspectorDebuggerAgent::setBreakpoint):
2059         (Inspector::InspectorDebuggerAgent::continueToLocation):
2060         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2061         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2062         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2063         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2064         (Inspector::InspectorDebuggerAgent::didParseSource):
2065         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
2066         (Inspector::InspectorDebuggerAgent::breakProgram):
2067         * inspector/agents/InspectorDebuggerAgent.h:
2068         * inspector/agents/InspectorRuntimeAgent.cpp:
2069         (Inspector::buildErrorRangeObject):
2070         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2071         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2072         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2073         * inspector/agents/InspectorRuntimeAgent.h:
2074         * inspector/scripts/codegen/cpp_generator.py:
2075         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
2076         (CppGenerator.cpp_type_for_type_with_name):
2077         (CppGenerator.cpp_type_for_formal_async_parameter):
2078         (CppGenerator.should_use_references_for_type):
2079         (CppGenerator):
2080         * inspector/scripts/codegen/cpp_generator_templates.py:
2081         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2082         (CppBackendDispatcherHeaderGenerator.generate_output):
2083         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2084         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2085         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2086         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2087         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2088         (CppFrontendDispatcherHeaderGenerator.generate_output):
2089         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2090         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2091         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2092         (CppProtocolTypesHeaderGenerator.generate_output):
2093         (_generate_class_for_object_declaration):
2094         (_generate_unchecked_setter_for_member):
2095         (_generate_forward_declarations_for_binding_traits):
2096         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2097         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2098         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2099         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2100         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2101         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2102         (ObjCProtocolTypesImplementationGenerator.generate_output):
2103         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2104         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2105         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2106         * inspector/scripts/tests/expected/enum-values.json-result:
2107         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2108         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2109         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2110         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2111         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2112         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2113         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2114         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2115         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2116         * replay/EncodedValue.cpp:
2117         (JSC::EncodedValue::asObject):
2118         (JSC::EncodedValue::asArray):
2119         (JSC::EncodedValue::put<EncodedValue>):
2120         (JSC::EncodedValue::append<EncodedValue>):
2121         (JSC::EncodedValue::get<EncodedValue>):
2122         * replay/EncodedValue.h:
2123         * replay/scripts/CodeGeneratorReplayInputs.py:
2124         (Type.borrow_type):
2125         (Type.argument_type):
2126         (Generator.generate_member_move_expression):
2127         * runtime/ConsoleClient.cpp:
2128         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2129         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2130         (JSC::ConsoleClient::logWithLevel):
2131         (JSC::ConsoleClient::clear):
2132         (JSC::ConsoleClient::dir):
2133         (JSC::ConsoleClient::dirXML):
2134         (JSC::ConsoleClient::table):
2135         (JSC::ConsoleClient::trace):
2136         (JSC::ConsoleClient::assertCondition):
2137         (JSC::ConsoleClient::group):
2138         (JSC::ConsoleClient::groupCollapsed):
2139         (JSC::ConsoleClient::groupEnd):
2140         * runtime/ConsoleClient.h:
2141         * runtime/TypeSet.cpp:
2142         (JSC::TypeSet::allStructureRepresentations):
2143         (JSC::TypeSet::inspectorTypeSet):
2144         (JSC::StructureShape::inspectorRepresentation):
2145         * runtime/TypeSet.h:
2146
2147 2015-01-06  Chris Dumez  <cdumez@apple.com>
2148
2149         Drop ResourceResponseBase::connectionID and connectionReused members
2150         https://bugs.webkit.org/show_bug.cgi?id=140158
2151
2152         Reviewed by Sam Weinig.
2153
2154         Drop ResourceResponseBase::connectionID and connectionReused members.
2155         Those were needed by the Chromium port but are no longer used.
2156
2157         * inspector/protocol/Network.json:
2158
2159 2015-01-06  Mark Lam  <mark.lam@apple.com>
2160
2161         Add the lexicalEnvironment as an operand to op_create_arguments.
2162         <https://webkit.org/b/140148>
2163
2164         Reviewed by Geoffrey Garen.
2165
2166         This patch only adds the operand to the bytecode.  It is not in use yet.
2167
2168         * bytecode/BytecodeList.json:
2169         * bytecode/BytecodeUseDef.h:
2170         (JSC::computeUsesForBytecodeOffset):
2171         * bytecode/CodeBlock.cpp:
2172         (JSC::CodeBlock::dumpBytecode):
2173         * bytecompiler/BytecodeGenerator.cpp:
2174         (JSC::BytecodeGenerator::BytecodeGenerator):
2175         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2176         - Adds the lexicalEnvironment register (if present) as an operand to
2177           op_create_arguments.  Else, adds a constant empty JSValue.
2178         * llint/LowLevelInterpreter32_64.asm:
2179         * llint/LowLevelInterpreter64.asm:
2180
2181 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
2182
2183         ADDRESS_SANITIZER macro is overloaded
2184         https://bugs.webkit.org/show_bug.cgi?id=140130
2185
2186         Reviewed by Anders Carlsson.
2187
2188         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
2189         This code is nearly unused (only compiled in when JIT is disabled at build time),
2190         however I've been told that it's best to keep it.
2191
2192 2015-01-06  Mark Lam  <mark.lam@apple.com>
2193
2194         Fix Use details for op_create_arguments.
2195         <https://webkit.org/b/140110>
2196
2197         Rubber stamped by Filip Pizlo.
2198
2199         The previous patch was wrong about op_create_arguments not using its 1st operand.
2200         It does read from it (hence, used) to check if the Arguments object has already
2201         been created or not.  This patch reverts the change for op_create_arguments.
2202
2203         * bytecode/BytecodeUseDef.h:
2204         (JSC::computeUsesForBytecodeOffset):
2205
2206 2015-01-06  Mark Lam  <mark.lam@apple.com>
2207
2208         Fix Use details for op_create_lexical_environment and op_create_arguments.
2209         <https://webkit.org/b/140110>
2210
2211         Reviewed by Filip Pizlo.
2212
2213         The current "Use" details for op_create_lexical_environment and
2214         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
2215         1st operand (the output local).  op_create_lexical_environment uses its 2nd
2216         operand (the scope chain) instead of the 1st (the output local).
2217         This patch fixes them to specify the proper uses.
2218
2219         * bytecode/BytecodeUseDef.h:
2220         (JSC::computeUsesForBytecodeOffset):
2221
2222 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2223
2224         Implement ES6 String.prototype.repeat(count)
2225         https://bugs.webkit.org/show_bug.cgi?id=140047
2226
2227         Reviewed by Darin Adler.
2228
2229         Introducing ES6 String.prototype.repeat(count) function.
2230
2231         * runtime/JSString.h:
2232         * runtime/StringPrototype.cpp:
2233         (JSC::StringPrototype::finishCreation):
2234         (JSC::repeatSmallString):
2235         (JSC::stringProtoFuncRepeat):
2236
2237 2015-01-03  Michael Saboff  <msaboff@apple.com>
2238
2239         Crash in operationNewFunction when scrolling on Google+
2240         https://bugs.webkit.org/show_bug.cgi?id=140033
2241
2242         Reviewed by Oliver Hunt.
2243
2244         In DFG code, the scope register can be eliminated because all uses have been
2245         dead code eliminated.  In the case where one of the uses was creating a function
2246         that is never used, the baseline code will still create the function.  If we OSR
2247         exit to a path where that function gets created, check the scope register value
2248         and set the new, but dead, function to undefined instead of creating a new function.
2249
2250         * jit/JITOpcodes.cpp:
2251         (JSC::JIT::emit_op_new_func_exp):
2252
2253 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2254
2255         String includes methods perform toString on searchString before toInt32 on a offset
2256         https://bugs.webkit.org/show_bug.cgi?id=140031
2257
2258         Reviewed by Darin Adler.
2259
2260         * runtime/StringPrototype.cpp:
2261         (JSC::stringProtoFuncStartsWith):
2262         (JSC::stringProtoFuncEndsWith):
2263         (JSC::stringProtoFuncIncludes):
2264
2265 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2266
2267         Change to return std::unique_ptr<> in fooCreate()
2268         https://bugs.webkit.org/show_bug.cgi?id=139983
2269
2270         Reviewed by Darin Adler.
2271
2272         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
2273
2274         * create_regex_tables:
2275         * yarr/YarrPattern.h:
2276         (JSC::Yarr::YarrPattern::reset):
2277         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2278         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2279         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2280         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2281         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2282         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2283         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2284
2285 2015-01-01  Jeff Miller  <jeffm@apple.com>
2286
2287         Update user-visible copyright strings to include 2015
2288         https://bugs.webkit.org/show_bug.cgi?id=139880
2289
2290         Reviewed by Darin Adler.
2291
2292         * Info.plist:
2293
2294 2015-01-01  Darin Adler  <darin@apple.com>
2295
2296         We often misspell identifier as "identifer"
2297         https://bugs.webkit.org/show_bug.cgi?id=140025
2298
2299         Reviewed by Michael Saboff.
2300
2301         * runtime/ArrayConventions.h: Fix it.
2302
2303 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2304
2305         Move JavaScriptCore/yarr to std::unique_ptr
2306         https://bugs.webkit.org/show_bug.cgi?id=139621
2307
2308         Reviewed by Anders Carlsson.
2309
2310         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
2311
2312         * yarr/YarrInterpreter.cpp:
2313         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2314         * yarr/YarrInterpreter.h:
2315         (JSC::Yarr::BytecodePattern::BytecodePattern):
2316         * yarr/YarrJIT.cpp:
2317         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2318         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2319         (JSC::Yarr::YarrGenerator::opCompileBody):
2320         * yarr/YarrPattern.cpp:
2321         (JSC::Yarr::CharacterClassConstructor::charClass):
2322         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
2323         (JSC::Yarr::YarrPatternConstructor::reset):
2324         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
2325         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
2326         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
2327         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
2328         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
2329         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2330         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2331         * yarr/YarrPattern.h:
2332         (JSC::Yarr::PatternDisjunction::addNewAlternative):
2333         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2334         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2335         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2336         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2337         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2338         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2339         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2340
2341 2014-12-26  Dan Bernstein  <mitz@apple.com>
2342
2343         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
2344         https://bugs.webkit.org/show_bug.cgi?id=139950
2345
2346         Reviewed by David Kilzer.
2347
2348         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
2349         in a manner that works with Xcode 5.1.1.
2350
2351 2014-12-22  Mark Lam  <mark.lam@apple.com>
2352
2353         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
2354         <https://webkit.org/b/139892>
2355
2356         Reviewed by Michael Saboff.
2357
2358         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
2359         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
2360         This patch changes it to use the helper function consistently.
2361
2362         * jit/JITOperations.cpp:
2363
2364 2014-12-22  Mark Lam  <mark.lam@apple.com>
2365
2366         Fix some typos in a comment.
2367         <https://webkit.org/b/139882>
2368
2369         Reviewed by Michael Saboff.
2370
2371         * jit/JITPropertyAccess.cpp:
2372         (JSC::JIT::emit_op_get_by_val):
2373
2374 2014-12-22  Mark Lam  <mark.lam@apple.com>
2375
2376         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
2377         <https://webkit.org/b/138118>
2378
2379         Reviewed by Michael Saboff.
2380
2381         * runtime/JSObject.cpp:
2382         (JSC::JSObject::convertInt32ToArrayStorage):
2383         (JSC::JSObject::convertDoubleToArrayStorage):
2384         (JSC::JSObject::convertContiguousToArrayStorage):
2385
2386 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
2387
2388         [iOS] add optimized fullscreen API
2389         https://bugs.webkit.org/show_bug.cgi?id=139833
2390         <rdar://problem/18844486>
2391
2392         Reviewed by Simon Fraser.
2393
2394         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
2395
2396 2014-12-20  David Kilzer  <ddkilzer@apple.com>
2397
2398         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2399         <http://webkit.org/b/139463>
2400
2401         Reviewed by Mark Rowe.
2402
2403         * Configurations/JavaScriptCore.xcconfig:
2404         - Simplify SECTORDER_FLAGS.
2405
2406 2014-12-19  Andreas Kling  <akling@apple.com>
2407
2408         Plug leak below LLVMCopyStringRepOfTargetData().
2409         <https://webkit.org/b/139832>
2410
2411         Reviewed by Michael Saboff.
2412
2413         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
2414         to free() it after we're done using it.
2415
2416         * ftl/FTLCompile.cpp:
2417         (JSC::FTL::mmAllocateDataSection):
2418
2419 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2420
2421         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
2422         https://bugs.webkit.org/show_bug.cgi?id=139797
2423
2424         Reviewed by Mark Lam.
2425
2426         * debugger/Debugger.h:
2427         * debugger/Debugger.cpp:
2428         (JSC::Debugger::isAttached):
2429         Check if we are the debugger for a particular global object.
2430         (JSC::Debugger::pauseIfNeeded):
2431         Pass the global object on when hitting a brekapoint.
2432
2433         * inspector/ScriptDebugServer.h:
2434         * inspector/ScriptDebugServer.cpp:
2435         (Inspector::ScriptDebugServer::handleBreakpointHit):
2436         Stop evaluting breakpoint actions if a previous action caused the
2437         debugger to detach from this global object.
2438         (Inspector::ScriptDebugServer::handlePause):
2439         Standardize on passing JSGlobalObject parameter first.
2440
2441 2014-12-19  Mark Lam  <mark.lam@apple.com>
2442
2443         [Win] Endless compiler warnings created by DFGEdge.h.
2444         <https://webkit.org/b/139801>
2445
2446         Reviewed by Brent Fulgham.
2447
2448         Add a cast to fix the type just the way the 64-bit version does.
2449
2450         * dfg/DFGEdge.h:
2451         (JSC::DFG::Edge::makeWord):
2452
2453 2014-12-19  Commit Queue  <commit-queue@webkit.org>
2454
2455         Unreviewed, rolling out r177574.
2456         https://bugs.webkit.org/show_bug.cgi?id=139821
2457
2458         "Broke Production builds by installing
2459         libWebCoreTestSupport.dylib in the wrong directory" (Requested
2460         by ddkilzer on #webkit).
2461
2462         Reverted changeset:
2463
2464         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
2465         WebInspectorUI, WebKit, WebKit2"
2466         https://bugs.webkit.org/show_bug.cgi?id=139463
2467         http://trac.webkit.org/changeset/177574
2468
2469 2014-12-19  Michael Saboff  <msaboff@apple.com>
2470
2471         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
2472         https://bugs.webkit.org/show_bug.cgi?id=139808
2473
2474         Reviewed by Oliver Hunt.
2475
2476         There are three changes here.
2477         1) Create a VariableWatchpointSet for captured arguments variables.
2478         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2479         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2480
2481         * bytecompiler/BytecodeGenerator.cpp:
2482         (JSC::BytecodeGenerator::BytecodeGenerator):
2483         * llint/LowLevelInterpreter32_64.asm:
2484         * llint/LowLevelInterpreter64.asm:
2485
2486 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2487
2488         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2489         <http://webkit.org/b/139463>
2490
2491         Reviewed by Mark Rowe.
2492
2493         * Configurations/JavaScriptCore.xcconfig:
2494         - Simplify SECTORDER_FLAGS.
2495
2496 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2497
2498         Unreviewed build fix.
2499
2500         * jsc.cpp: Remove typo.
2501
2502 2014-12-17  Michael Saboff  <msaboff@apple.com>
2503
2504         Tests with infinite recursion frequently crash
2505         https://bugs.webkit.org/show_bug.cgi?id=139548
2506
2507         Reviewed by Geoffrey Garen.
2508
2509         While unwinding, if the call frame doesn't have a codeblock, then we
2510         are in native code, handle appropriately.
2511
2512         * interpreter/Interpreter.cpp:
2513         (JSC::unwindCallFrame):
2514         (JSC::UnwindFunctor::operator()):
2515         Added checks for null CodeBlock.
2516
2517         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2518
2519 2014-12-17  Chris Dumez  <cdumez@apple.com>
2520
2521         [iOS] Make it possible to toggle FeatureCounter support at runtime
2522         https://bugs.webkit.org/show_bug.cgi?id=139688
2523         <rdar://problem/19266254>
2524
2525         Reviewed by Andreas Kling.
2526
2527         Stop linking against AppSupport framework as the functionality is no
2528         longer in WTF (it was moved to WebCore).
2529
2530         * Configurations/JavaScriptCore.xcconfig:
2531
2532 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2533
2534         [Win] Correct DebugSuffix builds under MSBuild
2535         https://bugs.webkit.org/show_bug.cgi?id=139733
2536         <rdar://problem/19276880>
2537
2538         Reviewed by Simon Fraser.
2539
2540         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
2541         '_debug' suffix when building the DebugSuffix target.
2542
2543 2014-12-16  Enrica Casucci  <enrica@apple.com>
2544
2545         Fix iOS builders for 8.0
2546         https://bugs.webkit.org/show_bug.cgi?id=139495
2547
2548         Reviewed by Michael Saboff.
2549
2550         * Configurations/LLVMForJSC.xcconfig:
2551         * llvm/library/LLVMExports.cpp:
2552         (initializeAndGetJSCLLVMAPI):
2553
2554 2014-12-16  Commit Queue  <commit-queue@webkit.org>
2555
2556         Unreviewed, rolling out r177380.
2557         https://bugs.webkit.org/show_bug.cgi?id=139707
2558
2559         "Breaks js/regres/elidable-new-object-* tests" (Requested by
2560         msaboff_ on #webkit).
2561
2562         Reverted changeset:
2563
2564         "Fixes operationPutByIdOptimizes such that they check that the
2565         put didn't"
2566         https://bugs.webkit.org/show_bug.cgi?id=139500
2567         http://trac.webkit.org/changeset/177380
2568
2569 2014-12-16  Matthew Mirman  <mmirman@apple.com>
2570
2571         Fixes operationPutByIdOptimizes such that they check that the put didn't
2572         change the structure of the object who's property access is being
2573         cached.
2574         https://bugs.webkit.org/show_bug.cgi?id=139500
2575
2576         Reviewed by Geoffrey Garen.
2577
2578         * jit/JITOperations.cpp:
2579         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2580         (JSC::operationPutByIdNonStrictOptimize): ditto.
2581         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2582         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2583         * jit/Repatch.cpp:
2584         (JSC::tryCachePutByID): Added argument for the old structure
2585         (JSC::repatchPutByID): Added argument for the old structure
2586         * jit/Repatch.h:
2587         * tests/stress/put-by-id-build-list-order-recurse.js: 
2588         Added test that fails without this patch.
2589
2590 2014-12-15  Chris Dumez  <cdumez@apple.com>
2591
2592         [iOS] Add feature counting support
2593         https://bugs.webkit.org/show_bug.cgi?id=139652
2594         <rdar://problem/19255690>
2595
2596         Reviewed by Gavin Barraclough.
2597
2598         Link against AppSupport framework on iOS as we need it to implement
2599         the new FeatureCounter API in WTF.
2600
2601         * Configurations/JavaScriptCore.xcconfig:
2602
2603 2014-12-15  Commit Queue  <commit-queue@webkit.org>
2604
2605         Unreviewed, rolling out r177284.
2606         https://bugs.webkit.org/show_bug.cgi?id=139658
2607
2608         "Breaks API tests and LayoutTests on Yosemite Debug"
2609         (Requested by msaboff on #webkit).
2610
2611         Reverted changeset:
2612
2613         "Make sure range based iteration of Vector<> still receives
2614         bounds checking"
2615         https://bugs.webkit.org/show_bug.cgi?id=138821
2616         http://trac.webkit.org/changeset/177284
2617
2618 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2619
2620         [EFL] FTL JIT not working on ARM64
2621         https://bugs.webkit.org/show_bug.cgi?id=139295
2622
2623         Reviewed by Michael Saboff.
2624
2625         Added the missing code for stack unwinding and some additional small fixes
2626         to get FTL working correctly.
2627
2628         * ftl/FTLCompile.cpp:
2629         (JSC::FTL::mmAllocateDataSection):
2630         * ftl/FTLUnwindInfo.cpp:
2631         (JSC::FTL::UnwindInfo::parse):
2632
2633 2014-12-15  Oliver Hunt  <oliver@apple.com>
2634
2635         Make sure range based iteration of Vector<> still receives bounds checking
2636         https://bugs.webkit.org/show_bug.cgi?id=138821
2637
2638         Reviewed by Mark Lam.
2639
2640         Update code to deal with slightly changed iterator semantics.
2641
2642         * bytecode/UnlinkedCodeBlock.cpp:
2643         (JSC::UnlinkedCodeBlock::visitChildren):
2644         * bytecompiler/BytecodeGenerator.cpp:
2645         (JSC::BytecodeGenerator::emitComplexPopScopes):
2646         * dfg/DFGSpeculativeJIT.cpp:
2647         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
2648         * ftl/FTLAbbreviations.h:
2649         (JSC::FTL::mdNode):
2650         (JSC::FTL::buildCall):
2651         * llint/LLIntData.cpp:
2652         (JSC::LLInt::Data::performAssertions):
2653         * parser/Parser.h:
2654         (JSC::Scope::Scope):
2655         * runtime/JSArray.cpp:
2656         (JSC::JSArray::setLengthWithArrayStorage):
2657         (JSC::JSArray::sortCompactedVector):
2658         * tools/ProfileTreeNode.h:
2659         (JSC::ProfileTreeNode::dumpInternal):
2660         * yarr/YarrJIT.cpp:
2661         (JSC::Yarr::YarrGenerator::matchCharacterClass):
2662
2663 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
2664
2665         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
2666         https://bugs.webkit.org/show_bug.cgi?id=139630
2667
2668         Reviewed by Oliver Hunt.
2669         
2670         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
2671         comments that reconstruct my reasoning about this code. I had to work hard to remember how
2672         deferral worked so I wrote my discoveries down.
2673
2674         * dfg/DFGInsertionSet.h:
2675         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
2676         * dfg/DFGPutLocalSinkingPhase.cpp:
2677         * tests/stress/put-local-conservative.js: Added.
2678         (foo):
2679         (.result):
2680         (bar):
2681
2682 2014-12-14  Andreas Kling  <akling@apple.com>
2683
2684         Replace PassRef with Ref/Ref&& across the board.
2685         <https://webkit.org/b/139587>
2686
2687         Reviewed by Darin Adler.
2688
2689         * runtime/Identifier.cpp:
2690         (JSC::Identifier::add):
2691         (JSC::Identifier::add8):
2692         * runtime/Identifier.h:
2693         (JSC::Identifier::add):
2694         * runtime/IdentifierInlines.h:
2695         (JSC::Identifier::add):
2696
2697 2014-12-12  Matthew Mirman  <mmirman@apple.com>
2698
2699         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
2700         https://bugs.webkit.org/show_bug.cgi?id=139598
2701         <rdar://problem/18779367>
2702
2703         Reviewed by Filip Pizlo.
2704
2705         * runtime/JSArray.cpp:
2706         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
2707         * tests/stress/sparse_splice.js: Added.
2708
2709 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2710
2711         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
2712         https://bugs.webkit.org/show_bug.cgi?id=139532
2713
2714         Reviewed by Mark Lam.
2715
2716         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
2717
2718         * builtins/BuiltinExecutables.h:
2719         * bytecode/CodeBlock.h:
2720         * bytecode/UnlinkedCodeBlock.cpp:
2721         (JSC::generateFunctionCodeBlock):
2722         * ftl/FTLAbstractHeap.cpp:
2723         (JSC::FTL::IndexedAbstractHeap::atSlow):
2724         * ftl/FTLAbstractHeap.h:
2725         * ftl/FTLCompile.cpp:
2726         (JSC::FTL::mmAllocateDataSection):
2727         * ftl/FTLJITFinalizer.h:
2728         * jsc.cpp:
2729         (jscmain):
2730         * parser/Lexer.h:
2731         * runtime/PropertyMapHashTable.h:
2732         (JSC::PropertyTable::clearDeletedOffsets):
2733         (JSC::PropertyTable::addDeletedOffset):
2734         * runtime/PropertyTable.cpp:
2735         (JSC::PropertyTable::PropertyTable):
2736         * runtime/RegExpObject.cpp:
2737         * runtime/SmallStrings.cpp:
2738         * runtime/Structure.cpp:
2739         * runtime/StructureIDTable.cpp:
2740         (JSC::StructureIDTable::StructureIDTable):
2741         (JSC::StructureIDTable::resize):
2742         * runtime/StructureIDTable.h:
2743         * runtime/StructureTransitionTable.h:
2744         * runtime/VM.cpp:
2745         (JSC::VM::VM):
2746         (JSC::VM::~VM):
2747         * runtime/VM.h:
2748         * tools/CodeProfile.h:
2749         (JSC::CodeProfile::CodeProfile):
2750         (JSC::CodeProfile::addChild):
2751
2752 2014-12-11  Dan Bernstein  <mitz@apple.com>
2753
2754         iOS Simulator production build fix.
2755
2756         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
2757         Simulator, as we did prior to 177027.
2758
2759 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
2760
2761         Explicitly export somre more RWIProtocol classes.
2762         rdar://problem/19220408
2763
2764         Unreviewed build fix.
2765
2766         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2767         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
2768         * inspector/scripts/codegen/generate_objc_header.py:
2769         (ObjCHeaderGenerator._generate_event_interfaces):
2770         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2771         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2772         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2773         * inspector/scripts/tests/expected/enum-values.json-result:
2774         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2775         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2776         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2777         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2778         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2779         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2780         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2781         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2782         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2783
2784 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
2785
2786         Explicitly export some RWIProtocol classes
2787         rdar://problem/19220408
2788
2789         * inspector/scripts/codegen/generate_objc_header.py:
2790         (ObjCHeaderGenerator._generate_type_interface):
2791         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2792         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2793         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2794         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2795         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2796         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2797         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2798
2799 2014-12-11  Mark Lam  <mark.lam@apple.com>
2800
2801         Fix broken build after r177146.
2802         https://bugs.webkit.org/show_bug.cgi?id=139533 
2803
2804         Not reviewed.
2805
2806         * interpreter/CallFrame.h:
2807         (JSC::ExecState::init):
2808         - Restored CallFrame::init() minus the unused JSScope* arg.
2809         * runtime/JSGlobalObject.cpp:
2810         (JSC::JSGlobalObject::init):
2811         - Remove JSScope* arg when calling CallFrame::init().
2812
2813 2014-12-11  Michael Saboff  <msaboff@apple.com>
2814
2815         REGRESSION: Use of undefined CallFrame::ScopeChain value
2816         https://bugs.webkit.org/show_bug.cgi?id=139533
2817
2818         Reviewed by Mark Lam.
2819
2820         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
2821         all usages of these funcitons.  In some cases the scope is passed in or determined
2822         another way.  In some cases the scope is used to calculate other values.  Lastly
2823         were places where these functions where used that are no longer needed.  For
2824         example when making a call, the caller's ScopeChain was copied to the callee's
2825         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
2826         That slot will be removed in a future patch.
2827
2828         * dfg/DFGByteCodeParser.cpp:
2829         (JSC::DFG::ByteCodeParser::parseBlock):
2830         * dfg/DFGSpeculativeJIT32_64.cpp:
2831         (JSC::DFG::SpeculativeJIT::compile):
2832         * dfg/DFGSpeculativeJIT64.cpp:
2833         (JSC::DFG::SpeculativeJIT::compile):
2834         * dfg/DFGSpeculativeJIT.h:
2835         (JSC::DFG::SpeculativeJIT::callOperation):
2836         * jit/JIT.h:
2837         * jit/JITInlines.h:
2838         (JSC::JIT::callOperation):
2839         * runtime/JSLexicalEnvironment.h:
2840         (JSC::JSLexicalEnvironment::create):
2841         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
2842         * jit/JITOpcodes.cpp:
2843         (JSC::JIT::emit_op_create_lexical_environment):
2844         * jit/JITOpcodes32_64.cpp:
2845         (JSC::JIT::emit_op_create_lexical_environment):
2846         * jit/JITOperations.cpp:
2847         * jit/JITOperations.h:
2848         * llint/LLIntSlowPaths.cpp:
2849         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2850         (JSC::LLInt::handleHostCall):
2851         (JSC::LLInt::setUpCall):
2852         (JSC::LLInt::llint_throw_stack_overflow_error):
2853         Pass the current scope value to the helper operationCreateActivation() and
2854         the call to JSLexicalEnvironment::create() instead of using the stack frame
2855         scope chain value.
2856
2857         * dfg/DFGFixupPhase.cpp:
2858         (JSC::DFG::FixupPhase::fixupNode):
2859         CreateActivation now has a second child, the scope.
2860
2861         * interpreter/CallFrame.h:
2862         (JSC::ExecState::init): Deleted.  This is dead code.
2863         (JSC::ExecState::scope): Deleted.
2864         (JSC::ExecState::setScope): Deleted.
2865
2866         * interpreter/Interpreter.cpp:
2867         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
2868         chain slot.  
2869         
2870         (JSC::Interpreter::execute):
2871         (JSC::Interpreter::executeCall):
2872         (JSC::Interpreter::executeConstruct):
2873         Changed process to find JSScope values on the stack or by some other means.
2874
2875         * runtime/JSWithScope.h:
2876         (JSC::JSWithScope::JSWithScope): Deleted.
2877         Eliminated unused constructor.
2878
2879         * runtime/StrictEvalActivation.cpp:
2880         (JSC::StrictEvalActivation::StrictEvalActivation):
2881         * runtime/StrictEvalActivation.h:
2882         (JSC::StrictEvalActivation::create):
2883         Changed to pass in the current scope.
2884
2885 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2886
2887         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
2888         https://bugs.webkit.org/show_bug.cgi?id=139351
2889
2890         Reviewed by Filip Pizlo.
2891
2892         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
2893
2894         * bytecode/SamplingTool.h:
2895         (JSC::SamplingTool::SamplingTool):
2896         * heap/CopiedBlock.h:
2897         (JSC::CopiedBlock::didSurviveGC):
2898         (JSC::CopiedBlock::pin):
2899         * heap/CopiedBlockInlines.h:
2900         (JSC::CopiedBlock::reportLiveBytes):
2901         * heap/GCActivityCallback.h:
2902         * heap/GCThread.cpp:
2903         * heap/Heap.h:
2904         * heap/HeapInlines.h:
2905         (JSC::Heap::markListSet):
2906         * jit/ExecutableAllocator.cpp:
2907         * jit/JIT.cpp:
2908         (JSC::JIT::privateCompile):
2909         * jit/JIT.h:
2910         * jit/JITThunks.cpp:
2911         (JSC::JITThunks::JITThunks):
2912         (JSC::JITThunks::clearHostFunctionStubs):
2913         * jit/JITThunks.h:
2914         * parser/Parser.cpp:
2915         (JSC::Parser<LexerType>::Parser):
2916         * parser/Parser.h:
2917         (JSC::Scope::Scope):
2918         (JSC::Scope::pushLabel):
2919         * parser/ParserArena.cpp:
2920         * parser/ParserArena.h:
2921         (JSC::ParserArena::identifierArena):
2922         * parser/SourceProviderCache.h:
2923         * runtime/CodeCache.h:
2924         * runtime/Executable.h:
2925         * runtime/JSArray.cpp:
2926         (JSC::JSArray::sortVector):
2927         * runtime/JSGlobalObject.h:
2928
2929 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
2930
2931         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
2932         https://bugs.webkit.org/show_bug.cgi?id=139501
2933
2934         Reviewed by Gavin Barraclough.
2935
2936         NSVersionOfLinkTimeLibrary only works if you link directly against
2937         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
2938
2939         It's easy enough just to disable this check on Apple TV, since it has no
2940         backwards compatibility requirement.
2941
2942         * API/JSWrapperMap.mm:
2943         (supportsInitMethodConstructors):
2944
2945 2014-12-10  Matthew Mirman  <mmirman@apple.com>
2946
2947         Fixes operationPutByIds such that they check that the put didn't
2948         change the structure of the object who's property access is being
2949         cached.
2950         https://bugs.webkit.org/show_bug.cgi?id=139196
2951
2952         Reviewed by Filip Pizlo.
2953
2954         * jit/JITOperations.cpp:
2955         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
2956         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
2957         (JSC::operationPutByIdNonStrictBuildList): ditto.
2958         (JSC::operationPutByIdDirectStrictBuildList): ditto.
2959         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
2960         * jit/Repatch.cpp:
2961         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
2962         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
2963         is the same as the new.
2964         (JSC::buildPutByIdList): Added an argument
2965         * jit/Repatch.h: 
2966         (JSC::buildPutByIdList): Added an argument
2967         * tests/stress/put-by-id-strict-build-list-order.js: Added.
2968
2969 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
2970
2971         URTBF after r177030.
2972
2973         Fix linking failure occured on ARM buildbots:
2974         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
2975
2976         * runtime/NullGetterFunction.cpp:
2977
2978 2014-12-09  Michael Saboff  <msaboff@apple.com>
2979
2980         DFG Tries using an inner object's getter/setter when one hasn't been defined
2981         https://bugs.webkit.org/show_bug.cgi?id=139229
2982
2983         Reviewed by Filip Pizlo.
2984
2985         Added a new NullGetterFunction singleton class to use for getters and setters that
2986         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
2987         and createReturnUndefined() methods return undefined.  Changed all null checks of the
2988         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
2989         helper methods.  
2990
2991         * CMakeLists.txt:
2992         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2993         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2994         * JavaScriptCore.xcodeproj/project.pbxproj:
2995         Added NullGetterFunction.cpp & .h to build files.
2996
2997         * dfg/DFGAbstractInterpreterInlines.h:
2998         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2999         * runtime/ObjectPrototype.cpp:
3000         (JSC::objectProtoFuncLookupGetter):
3001         (JSC::objectProtoFuncLookupSetter):
3002         * runtime/PropertyDescriptor.cpp:
3003         (JSC::PropertyDescriptor::setDescriptor):
3004         (JSC::PropertyDescriptor::setAccessorDescriptor):
3005         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
3006         helpers.
3007
3008         * inspector/JSInjectedScriptHostPrototype.cpp:
3009         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
3010         * inspector/JSJavaScriptCallFramePrototype.cpp:
3011         * jit/JITOperations.cpp:
3012         * llint/LLIntSlowPaths.cpp:
3013         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3014         * runtime/JSObject.cpp:
3015         (JSC::JSObject::putIndexedDescriptor):
3016         (JSC::putDescriptor):
3017         (JSC::JSObject::defineOwnNonIndexProperty):
3018         * runtime/MapPrototype.cpp:
3019         (JSC::MapPrototype::finishCreation):
3020         * runtime/SetPrototype.cpp:
3021         (JSC::SetPrototype::finishCreation):
3022         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
3023         and withSetter() to provide a global object.
3024
3025         * runtime/GetterSetter.cpp:
3026         (JSC::GetterSetter::withGetter):
3027         (JSC::GetterSetter::withSetter):
3028         (JSC::callGetter):
3029         (JSC::callSetter):
3030         * runtime/GetterSetter.h:
3031         (JSC::GetterSetter::GetterSetter):
3032         (JSC::GetterSetter::create):
3033         (JSC::GetterSetter::isGetterNull):
3034         (JSC::GetterSetter::isSetterNull):
3035         (JSC::GetterSetter::setGetter):
3036         (JSC::GetterSetter::setSetter):
3037         Changed to use NullGetterFunction for unspecified getters / setters.
3038
3039         * runtime/JSGlobalObject.cpp:
3040         (JSC::JSGlobalObject::init):
3041         (JSC::JSGlobalObject::createThrowTypeError):
3042         (JSC::JSGlobalObject::visitChildren):
3043         * runtime/JSGlobalObject.h:
3044         (JSC::JSGlobalObject::nullGetterFunction):
3045         (JSC::JSGlobalObject::evalFunction):
3046         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
3047         setGetter() and setSetter() to provide a global object.
3048
3049         * runtime/NullGetterFunction.cpp: Added.
3050         (JSC::callReturnUndefined):
3051         (JSC::constructReturnUndefined):
3052         (JSC::NullGetterFunction::getCallData):
3053         (JSC::NullGetterFunction::getConstructData):
3054         * runtime/NullGetterFunction.h: Added.
3055         (JSC::NullGetterFunction::create):
3056         (JSC::NullGetterFunction::createStructure):
3057         (JSC::NullGetterFunction::NullGetterFunction):
3058         New singleton class that returns undefined when called.
3059
3060 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
3061
3062         Re-enable function.arguments
3063         https://bugs.webkit.org/show_bug.cgi?id=139452
3064         <rdar://problem/18848149>
3065
3066         Reviewed by Sam Weinig.
3067
3068         Disabling function.arguments broke a few websites, and we don't have
3069         time right now to work through the details.
3070
3071         I'm re-enabling function.arguments but leaving in the infrastructure
3072         to re-disable it, so we can try this experiment again in the future.
3073
3074         * runtime/Options.h:
3075
3076 2014-12-09  David Kilzer  <ddkilzer@apple.com>
3077
3078         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
3079         <http://webkit.org/b/139212>
3080
3081         Reviewed by Joseph Pecoraro.
3082
3083         * Configurations/Base.xcconfig:
3084         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
3085           on OS X.
3086         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
3087           OS X.
3088         - Set JAVASCRIPTCORE_CONTENTS_DIR and
3089           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
3090
3091         * Configurations/DebugRelease.xcconfig:
3092         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
3093
3094         * Configurations/JSC.xcconfig:
3095         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
3096
3097         * Configurations/JavaScriptCore.xcconfig:
3098         - Set OTHER_LDFLAGS separately for iOS and OS X.
3099         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
3100           Production builds.
3101         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
3102
3103         * Configurations/LLVMForJSC.xcconfig:
3104         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
3105         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
3106           separately for iOS hardware and OS X.
3107         - Fix curly braces in LIBRARY_SEARCH_PATHS.
3108         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
3109           done before this patch.)
3110
3111         * Configurations/ToolExecutable.xcconfig:
3112         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
3113         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
3114         - Add missing newline.
3115
3116         * Configurations/Version.xcconfig:
3117         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
3118
3119 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3120
3121         Fix EFL build fix since r177001
3122         https://bugs.webkit.org/show_bug.cgi?id=139428
3123
3124         Unreviewed, EFL build fix.
3125
3126         Do not inherit duplicated class. ExpressionNode is already
3127         child of ParserArenaFreeable class.
3128
3129         * parser/Nodes.h:
3130
3131 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
3132
3133         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
3134         https://bugs.webkit.org/show_bug.cgi?id=139384
3135
3136         Reviewed by Mark Lam.
3137
3138         Fix Build Warning by using dataLog() function instead of dataLogF() function.
3139
3140         * runtime/ControlFlowProfiler.cpp:
3141         (JSC::ControlFlowProfiler::dumpData):
3142
3143 2014-12-08  Saam Barati  <saambarati1@gmail.com>
3144
3145         Web Inspector: Enable runtime API for JSC's control flow profiler
3146         https://bugs.webkit.org/show_bug.cgi?id=139346
3147
3148         Reviewed by Joseph Pecoraro.
3149
3150         This patch creates an API that the Web Inspector can use
3151         to get information about which basic blocks have exectued
3152         from JSC's control flow profiler.
3153
3154         * inspector/agents/InspectorRuntimeAgent.cpp:
3155         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3156         * inspector/agents/InspectorRuntimeAgent.h:
3157         * inspector/protocol/Runtime.json:
3158
3159 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
3160
3161         Removed some allocation and cruft from the parser
3162         https://bugs.webkit.org/show_bug.cgi?id=139416
3163
3164         Reviewed by Mark Lam.
3165
3166         Now, the only AST nodes that require a destructor are the ones that
3167         relate to pickling a function's arguments -- which will required some
3168         deeper thinking to resolve.
3169
3170         This is a < 1% parser speedup.
3171
3172         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3173         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3174         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
3175         was unused.
3176
3177         * bytecompiler/NodesCodegen.cpp:
3178         (JSC::CommaNode::emitBytecode):
3179         (JSC::SourceElements::lastStatement):
3180         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
3181
3182         * parser/ASTBuilder.h:
3183         (JSC::ASTBuilder::ASTBuilder):
3184         (JSC::ASTBuilder::varDeclarations):
3185         (JSC::ASTBuilder::funcDeclarations):
3186         (JSC::ASTBuilder::createFuncDeclStatement):
3187         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
3188         it wasn't buying us anything. We can just use Vector directly.
3189
3190         (JSC::ASTBuilder::createCommaExpr):
3191         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
3192         of a vector, to avoid allocating a vector with inline capacity in the
3193         common case in which an expression is not followed by a vector.
3194
3195         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
3196         up a Vector*.
3197
3198         (JSC::ASTBuilder::appendToComma): Deleted.
3199         (JSC::ASTBuilder::combineCommaNodes): Deleted.
3200
3201         * parser/Lexer.cpp:
3202
3203         * parser/NodeConstructors.h:
3204         (JSC::StatementNode::StatementNode):
3205         (JSC::CommaNode::CommaNode):
3206         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
3207
3208         * parser/NodeInfo.h: Removed.
3209
3210         * parser/Nodes.cpp:
3211         (JSC::SourceElements::append):
3212         (JSC::SourceElements::singleStatement): Use a linked list instead of a
3213         vector to track the statements in a list. This removes some allocation
3214         and it means that we don't need a destructor anymore.
3215
3216         (JSC::ScopeNode::ScopeNode):
3217         (JSC::ProgramNode::ProgramNode):
3218         (JSC::EvalNode::EvalNode):
3219         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
3220         since these values are never null.
3221
3222         * parser/Nodes.h:
3223         (JSC::StatementNode::next):
3224         (JSC::StatementNode::setNext):
3225         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
3226
3227         * parser/Parser.cpp:
3228         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
3229
3230         (JSC::Parser<LexerType>::parseVarDeclarationList):
3231         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
3232         an explicit list of CommaNodes, removing a use of vector and a destructor.
3233
3234         * parser/Parser.h:
3235         (JSC::Parser<LexerType>::parse):
3236         * parser/SyntaxChecker.h:
3237         (JSC::SyntaxChecker::createCommaExpr):
3238         (JSC::SyntaxChecker::appendToCommaExpr):
3239         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
3240
3241 2014-12-08  Commit Queue  <commit-queue@webkit.org>
3242
3243         Unreviewed, rolling out r176979.
3244         https://bugs.webkit.org/show_bug.cgi?id=139424
3245
3246         "New JSC test in this patch is failing" (Requested by mlam on
3247         #webkit).
3248
3249         Reverted changeset:
3250
3251         "Fixes operationPutByIds such that they check that the put
3252         didn't"
3253         https://bugs.webkit.org/show_bug.cgi?id=139196
3254         http://trac.webkit.org/changeset/176979
3255
3256 2014-12-08  Matthew Mirman  <mmirman@apple.com>
3257
3258         Fixes operationPutByIds such that they check that the put didn't
3259         change the structure of the object who's property access is being
3260         cached.
3261         https://bugs.webkit.org/show_bug.cgi?id=139196
3262
3263         Reviewed by Filip Pizlo.
3264
3265         * jit/JITOperations.cpp:
3266         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3267         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3268         (JSC::operationPutByIdNonStrictBuildList): ditto.
3269         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3270         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3271         * jit/Repatch.cpp:
3272         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3273         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3274         is the same as the new.
3275         (JSC::buildPutByIdList): Added an argument
3276         * jit/Repatch.h: 
3277         (JSC::buildPutByIdList): Added an argument
3278         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
3279         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3280
3281  
3282 2014-12-08  Anders Carlsson  <andersca@apple.com>
3283
3284         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
3285         https://bugs.webkit.org/show_bug.cgi?id=139410
3286
3287         Reviewed by Andreas Kling.
3288
3289         * API/JSContextRef.cpp:
3290         (JSContextGroupSetExecutionTimeLimit):
3291         (JSContextGroupClearExecutionTimeLimit):
3292         * runtime/Watchdog.cpp:
3293         (JSC::Watchdog::setTimeLimit):
3294         (JSC::Watchdog::didFire):
3295         (JSC::Watchdog::startCountdownIfNeeded):
3296         (JSC::Watchdog::startCountdown):
3297         * runtime/Watchdog.h:
3298         * runtime/WatchdogMac.cpp:
3299         (JSC::Watchdog::startTimer):
3300
3301 2014-12-08  Mark Lam  <mark.lam@apple.com>
3302
3303         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
3304         <https://webkit.org/b/139327>
3305
3306         Reviewed by Michael Saboff.
3307
3308         The code generator and runtime slow paths expects otherwise.  This patch fixes
3309         CFA to match the code generator's expectation.
3310
3311         * dfg/DFGArrayMode.h:
3312         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
3313         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
3314
3315 2014-12-08  Chris Dumez  <cdumez@apple.com>
3316
3317         Revert r176293 & r176275
3318
3319         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
3320         instead of size_t. There is some disagreement regarding the long-term direction
3321         of the API and we shouldn’t leave the API partly transitioned to unsigned type
3322         while making a decision.
3323
3324         * bytecode/PreciseJumpTargets.cpp:
3325         * replay/EncodedValue.h:
3326
3327 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
3328
3329         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
3330         https://bugs.webkit.org/show_bug.cgi?id=139373
3331
3332         Reviewed by Sam Weinig.
3333
3334         * interpreter/Interpreter.cpp:
3335
3336 2014-12-06  Anders Carlsson  <andersca@apple.com>
3337
3338         Fix build with newer versions of clang.
3339         rdar://problem/18978716
3340
3341         * ftl/FTLJITCode.h:
3342         Add missing overrides.
3343
3344 2014-12-05  Roger Fong  <roger_fong@apple.com>
3345
3346         [Win] proj files copying over too many resources..
3347         https://bugs.webkit.org/show_bug.cgi?id=139315.
3348         <rdar://problem/19148278>
3349
3350         Reviewed by Brent Fulgham.
3351
3352         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
3353
3354 2014-12-05  Juergen Ributzka  <juergen@apple.com>
3355
3356         [JSC][FTL] Add the data layout to the module and fix the pass order.
3357         https://bugs.webkit.org/show_bug.cgi?id=138748
3358
3359         Reviewed by Oliver Hunt.
3360
3361         This adds the data layout to the module, so it can be used by all
3362         optimization passes in the LLVM optimizer pipeline. This also allows
3363         FastISel to select more instructions, because less non-legal types are
3364         generated.
3365         
3366         Also fix the order of the alias analysis passes in the optimization
3367         pipeline.
3368
3369         * ftl/FTLCompile.cpp:
3370         (JSC::FTL::mmAllocateDataSection):
3371
3372 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
3373
3374         Removed an unused function.
3375
3376         Reviewed by Michael Saboff.
3377
3378         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
3379
3380         * parser/ParserArena.h:
3381