Add the Intl API to the status page
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
2
3         Add the Intl API to the status page
4
5         * features.json:
6         Andy VanWagoner landed the skeleton of the API and it is
7         enabled by default.
8
9 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
10
11         Rename Mutex to DeprecatedMutex
12         https://bugs.webkit.org/show_bug.cgi?id=147675
13
14         Reviewed by Geoffrey Garen.
15
16         * bytecode/SamplingTool.cpp:
17         (JSC::SamplingTool::doRun):
18         (JSC::SamplingTool::notifyOfScope):
19         * bytecode/SamplingTool.h:
20         * dfg/DFGThreadData.h:
21         * dfg/DFGWorklist.cpp:
22         (JSC::DFG::Worklist::~Worklist):
23         (JSC::DFG::Worklist::isActiveForVM):
24         (JSC::DFG::Worklist::enqueue):
25         (JSC::DFG::Worklist::compilationState):
26         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
27         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
28         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
29         (JSC::DFG::Worklist::visitWeakReferences):
30         (JSC::DFG::Worklist::removeDeadPlans):
31         (JSC::DFG::Worklist::queueLength):
32         (JSC::DFG::Worklist::dump):
33         (JSC::DFG::Worklist::runThread):
34         * dfg/DFGWorklist.h:
35         * disassembler/Disassembler.cpp:
36         * heap/CopiedSpace.cpp:
37         (JSC::CopiedSpace::doneFillingBlock):
38         (JSC::CopiedSpace::doneCopying):
39         * heap/CopiedSpace.h:
40         * heap/CopiedSpaceInlines.h:
41         (JSC::CopiedSpace::recycleBorrowedBlock):
42         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
43         * heap/HeapTimer.h:
44         * heap/MachineStackMarker.cpp:
45         (JSC::ActiveMachineThreadsManager::Locker::Locker):
46         (JSC::ActiveMachineThreadsManager::add):
47         (JSC::ActiveMachineThreadsManager::remove):
48         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
49         (JSC::MachineThreads::~MachineThreads):
50         (JSC::MachineThreads::addCurrentThread):
51         (JSC::MachineThreads::removeThreadIfFound):
52         (JSC::MachineThreads::tryCopyOtherThreadStack):
53         (JSC::MachineThreads::tryCopyOtherThreadStacks):
54         (JSC::MachineThreads::gatherConservativeRoots):
55         * heap/MachineStackMarker.h:
56         * interpreter/JSStack.cpp:
57         (JSC::stackStatisticsMutex):
58         (JSC::JSStack::addToCommittedByteCount):
59         (JSC::JSStack::committedByteCount):
60         * jit/JITThunks.h:
61         * profiler/ProfilerDatabase.h:
62
63 2015-08-05  Saam barati  <saambarati1@gmail.com>
64
65         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
66         https://bugs.webkit.org/show_bug.cgi?id=147657
67
68         Reviewed by Mark Lam.
69
70         This kills the last of the name scope objects. Function name scopes are
71         now built on top of the scoping mechanisms introduced with ES6 block scoping.
72         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
73         function name scoped variable carefully depending on if the function is in
74         strict mode. If we're in strict mode, then we treat the variable exactly
75         like a "const" variable. If we're not in strict mode, we can't treat
76         this variable like like ES6 "const" because that would cause the bytecode
77         generator to throw an exception when it shouldn't.
78
79         * CMakeLists.txt:
80         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
81         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
82         * JavaScriptCore.xcodeproj/project.pbxproj:
83         * bytecode/BytecodeList.json:
84         * bytecode/BytecodeUseDef.h:
85         (JSC::computeUsesForBytecodeOffset):
86         (JSC::computeDefsForBytecodeOffset):
87         * bytecode/CodeBlock.cpp:
88         (JSC::CodeBlock::dumpBytecode):
89         * bytecompiler/BytecodeGenerator.cpp:
90         (JSC::BytecodeGenerator::BytecodeGenerator):
91         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
92         (JSC::BytecodeGenerator::pushLexicalScope):
93         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
94         (JSC::BytecodeGenerator::variable):
95         (JSC::BytecodeGenerator::resolveType):
96         (JSC::BytecodeGenerator::emitThrowTypeError):
97         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
98         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
99         (JSC::BytecodeGenerator::emitPushCatchScope):
100         * bytecompiler/BytecodeGenerator.h:
101         * bytecompiler/NodesCodegen.cpp:
102         * debugger/DebuggerScope.cpp:
103         * dfg/DFGOperations.cpp:
104         * interpreter/Interpreter.cpp:
105         * jit/JIT.cpp:
106         (JSC::JIT::privateCompileMainPass):
107         * jit/JIT.h:
108         * jit/JITOpcodes.cpp:
109         (JSC::JIT::emit_op_to_string):
110         (JSC::JIT::emit_op_catch):
111         (JSC::JIT::emit_op_push_name_scope): Deleted.
112         * jit/JITOpcodes32_64.cpp:
113         (JSC::JIT::emitSlow_op_to_string):
114         (JSC::JIT::emit_op_catch):
115         (JSC::JIT::emit_op_push_name_scope): Deleted.
116         * jit/JITOperations.cpp:
117         (JSC::pushNameScope): Deleted.
118         * llint/LLIntSlowPaths.cpp:
119         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
120         * llint/LLIntSlowPaths.h:
121         * llint/LowLevelInterpreter.asm:
122         * parser/Nodes.cpp:
123         * runtime/CommonSlowPaths.cpp:
124         * runtime/Executable.cpp:
125         (JSC::ScriptExecutable::newCodeBlockFor):
126         * runtime/JSFunctionNameScope.cpp: Removed.
127         * runtime/JSFunctionNameScope.h: Removed.
128         * runtime/JSGlobalObject.cpp:
129         (JSC::JSGlobalObject::init):
130         (JSC::JSGlobalObject::visitChildren):
131         * runtime/JSGlobalObject.h:
132         (JSC::JSGlobalObject::withScopeStructure):
133         (JSC::JSGlobalObject::strictEvalActivationStructure):
134         (JSC::JSGlobalObject::activationStructure):
135         (JSC::JSGlobalObject::directArgumentsStructure):
136         (JSC::JSGlobalObject::scopedArgumentsStructure):
137         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
138         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
139         * runtime/JSNameScope.cpp: Removed.
140         * runtime/JSNameScope.h: Removed.
141         * runtime/JSObject.cpp:
142         (JSC::JSObject::toThis):
143         (JSC::JSObject::seal):
144         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
145         * runtime/JSObject.h:
146         * runtime/JSScope.cpp:
147         (JSC::JSScope::isCatchScope):
148         (JSC::JSScope::isFunctionNameScopeObject):
149         (JSC::resolveModeName):
150         * runtime/JSScope.h:
151         * runtime/JSSymbolTableObject.cpp:
152         * runtime/SymbolTable.h:
153         * runtime/VM.cpp:
154
155 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
156
157         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
158         https://bugs.webkit.org/show_bug.cgi?id=147679
159
160         Reviewed by Timothy Hatcher.
161
162         Improve native iterator support for the PropertyName Iterator by
163         allowing inspection of the internal object within the iterator
164         and peeking of the next upcoming values of the iterator.
165
166         * inspector/JSInjectedScriptHost.cpp:
167         (Inspector::JSInjectedScriptHost::subtype):
168         (Inspector::JSInjectedScriptHost::getInternalProperties):
169         (Inspector::JSInjectedScriptHost::iteratorEntries):
170         * runtime/JSPropertyNameIterator.h:
171         (JSC::JSPropertyNameIterator::iteratedValue):
172
173 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
174
175         [Win] Update Apple Windows build for VS2015
176         https://bugs.webkit.org/show_bug.cgi?id=147653
177
178         Reviewed by Dean Jackson.
179
180         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
181         Show JSC files in proper project locations in IDE.
182
183 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
184
185         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
186         https://bugs.webkit.org/show_bug.cgi?id=147328
187
188         Reviewed by Timothy Hatcher.
189
190         * inspector/InjectedScriptSource.js:
191         Use classList and classList.toString instead of className.
192
193 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
194
195         [ES6] Support Module Syntax
196         https://bugs.webkit.org/show_bug.cgi?id=147422
197
198         Reviewed by Saam Barati.
199
200         This patch introduces ES6 Modules syntax parsing part.
201         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
202         and this patch does not include the code generator part.
203
204         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
205         and do not execute the body or construct the AST. And after analyzing all the dependent
206         modules, we will parse the dependent modules next.
207         After all analyzing part is done, we will start the second pass. In the second pass, we
208         will parse the module, produce the AST, and execute the body.
209         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
210         because the given module can be executed after the all dependent modules are executed. It
211         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
212         the dependent modules' information.
213
214         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
215         This patch aims at just implementing the syntax parsing functionality correctly.
216         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
217         to collect the dependent modules fast[1].
218
219         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
220         By using this, we can parse the given string as the module.
221
222         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
223
224         * bytecompiler/NodesCodegen.cpp:
225         (JSC::ModuleProgramNode::emitBytecode):
226         (JSC::ImportDeclarationNode::emitBytecode):
227         (JSC::ExportAllDeclarationNode::emitBytecode):
228         (JSC::ExportDefaultDeclarationNode::emitBytecode):
229         (JSC::ExportLocalDeclarationNode::emitBytecode):
230         (JSC::ExportNamedDeclarationNode::emitBytecode):
231         * jsc.cpp:
232         (GlobalObject::finishCreation):
233         (functionCheckModuleSyntax):
234         * parser/ASTBuilder.h:
235         (JSC::ASTBuilder::createModuleSpecifier):
236         (JSC::ASTBuilder::createImportSpecifier):
237         (JSC::ASTBuilder::createImportSpecifierList):
238         (JSC::ASTBuilder::appendImportSpecifier):
239         (JSC::ASTBuilder::createImportDeclaration):
240         (JSC::ASTBuilder::createExportAllDeclaration):
241         (JSC::ASTBuilder::createExportDefaultDeclaration):
242         (JSC::ASTBuilder::createExportLocalDeclaration):
243         (JSC::ASTBuilder::createExportNamedDeclaration):
244         (JSC::ASTBuilder::createExportSpecifier):
245         (JSC::ASTBuilder::createExportSpecifierList):
246         (JSC::ASTBuilder::appendExportSpecifier):
247         * parser/Keywords.table:
248         * parser/NodeConstructors.h:
249         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
250         (JSC::ImportSpecifierNode::ImportSpecifierNode):
251         (JSC::ImportDeclarationNode::ImportDeclarationNode):
252         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
253         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
254         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
255         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
256         (JSC::ExportSpecifierNode::ExportSpecifierNode):
257         * parser/Nodes.cpp:
258         (JSC::ModuleProgramNode::ModuleProgramNode):
259         * parser/Nodes.h:
260         (JSC::ModuleProgramNode::startColumn):
261         (JSC::ModuleProgramNode::endColumn):
262         (JSC::ModuleSpecifierNode::moduleName):
263         (JSC::ImportSpecifierNode::importedName):
264         (JSC::ImportSpecifierNode::localName):
265         (JSC::ImportSpecifierListNode::specifiers):
266         (JSC::ImportSpecifierListNode::append):
267         (JSC::ImportDeclarationNode::specifierList):
268         (JSC::ImportDeclarationNode::moduleSpecifier):
269         (JSC::ExportAllDeclarationNode::moduleSpecifier):
270         (JSC::ExportDefaultDeclarationNode::declaration):
271         (JSC::ExportLocalDeclarationNode::declaration):
272         (JSC::ExportSpecifierNode::exportedName):
273         (JSC::ExportSpecifierNode::localName):
274         (JSC::ExportSpecifierListNode::specifiers):
275         (JSC::ExportSpecifierListNode::append):
276         (JSC::ExportNamedDeclarationNode::specifierList):
277         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
278         * parser/Parser.cpp:
279         (JSC::Parser<LexerType>::Parser):
280         (JSC::Parser<LexerType>::parseInner):
281         (JSC::Parser<LexerType>::parseModuleSourceElements):
282         (JSC::Parser<LexerType>::parseVariableDeclaration):
283         (JSC::Parser<LexerType>::parseVariableDeclarationList):
284         (JSC::Parser<LexerType>::createBindingPattern):
285         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
286         (JSC::Parser<LexerType>::parseDestructuringPattern):
287         (JSC::Parser<LexerType>::parseForStatement):
288         (JSC::Parser<LexerType>::parseFormalParameters):
289         (JSC::Parser<LexerType>::parseFunctionParameters):
290         (JSC::Parser<LexerType>::parseFunctionDeclaration):
291         (JSC::Parser<LexerType>::parseClassDeclaration):
292         (JSC::Parser<LexerType>::parseModuleSpecifier):
293         (JSC::Parser<LexerType>::parseImportClauseItem):
294         (JSC::Parser<LexerType>::parseImportDeclaration):
295         (JSC::Parser<LexerType>::parseExportSpecifier):
296         (JSC::Parser<LexerType>::parseExportDeclaration):
297         (JSC::Parser<LexerType>::parseMemberExpression):
298         * parser/Parser.h:
299         (JSC::isIdentifierOrKeyword):
300         (JSC::ModuleScopeData::create):
301         (JSC::ModuleScopeData::exportedBindings):
302         (JSC::ModuleScopeData::exportName):
303         (JSC::ModuleScopeData::exportBinding):
304         (JSC::Scope::Scope):
305         (JSC::Scope::setIsModule):
306         (JSC::Scope::moduleScopeData):
307         (JSC::Parser::matchContextualKeyword):
308         (JSC::Parser::matchIdentifierOrKeyword):
309         (JSC::Parser::isofToken): Deleted.
310         * parser/ParserModes.h:
311         * parser/ParserTokens.h:
312         * parser/SyntaxChecker.h:
313         (JSC::SyntaxChecker::createModuleSpecifier):
314         (JSC::SyntaxChecker::createImportSpecifier):
315         (JSC::SyntaxChecker::createImportSpecifierList):
316         (JSC::SyntaxChecker::appendImportSpecifier):
317         (JSC::SyntaxChecker::createImportDeclaration):
318         (JSC::SyntaxChecker::createExportAllDeclaration):
319         (JSC::SyntaxChecker::createExportDefaultDeclaration):
320         (JSC::SyntaxChecker::createExportLocalDeclaration):
321         (JSC::SyntaxChecker::createExportNamedDeclaration):
322         (JSC::SyntaxChecker::createExportSpecifier):
323         (JSC::SyntaxChecker::createExportSpecifierList):
324         (JSC::SyntaxChecker::appendExportSpecifier):
325         * runtime/CommonIdentifiers.cpp:
326         (JSC::CommonIdentifiers::CommonIdentifiers):
327         * runtime/CommonIdentifiers.h:
328         * runtime/Completion.cpp:
329         (JSC::checkModuleSyntax):
330         * runtime/Completion.h:
331         * tests/stress/modules-syntax-error-with-names.js: Added.
332         (shouldThrow):
333         * tests/stress/modules-syntax-error.js: Added.
334         (shouldThrow):
335         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
336         * tests/stress/modules-syntax.js: Added.
337         (prototype.checkModuleSyntax):
338         (checkModuleSyntax):
339         * tests/stress/tagged-templates-syntax.js:
340
341 2015-08-03  Csaba Osztrogonác  <ossy@webkit.org>
342
343         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
344         https://bugs.webkit.org/show_bug.cgi?id=146833
345
346         Reviewed by Alexey Proskuryakov.
347
348         * assembler/ARM64Assembler.h:
349         * assembler/ARMAssembler.h:
350         (JSC::ARMAssembler::cacheFlush):
351         * assembler/MacroAssemblerARM.cpp:
352         (JSC::isVFPPresent):
353         * assembler/MacroAssemblerX86Common.h:
354         (JSC::MacroAssemblerX86Common::isSSE2Present):
355         * heap/MachineStackMarker.h:
356         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
357         (JSC::logF):
358         * jit/HostCallReturnValue.h:
359         * jit/JIT.h:
360         * jit/JITOperations.cpp:
361         * jit/JITStubsARM.h:
362         * jit/JITStubsARMv7.h:
363         * jit/JITStubsX86.h:
364         * jit/JITStubsX86Common.h:
365         * jit/JITStubsX86_64.h:
366         * jit/ThunkGenerators.cpp:
367         * runtime/JSExportMacros.h:
368         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
369         (JSC::clz32):
370
371 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
372
373         Unreviewed, fix uninitialized property leading to an assert.
374
375         * runtime/PutPropertySlot.h:
376         (JSC::PutPropertySlot::PutPropertySlot):
377
378 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
379
380         Unreviewed, fix Windows.
381
382         * bytecode/ObjectPropertyConditionSet.h:
383         (JSC::ObjectPropertyConditionSet::fromRawPointer):
384
385 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
386
387         DFG should have adaptive structure watchpoints
388         https://bugs.webkit.org/show_bug.cgi?id=146929
389
390         Reviewed by Geoffrey Garen.
391
392         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
393         property, you'd check that the object still has the structure that you first saw the object have. We
394         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
395         elide the structure check.
396
397         But this approach fails when that object frequently has new properties added to it. This would
398         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
399         we'd have to recompile either the IC or an entire code block.
400
401         This change introduces a new concept: an object property condition. This value describes some
402         condition involving a property on some object. There are four kinds: presence, absence,
403         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
404         object has some property at some offset with some attributes. This allows us to implement a new kind
405         of watchpoint, which knows about the object property condition that it's being used to enforce. If
406         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
407         on the new structure.
408
409         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
410         and prototype accesses. They are also used for any DFG accesses to object constants, including
411         global property accesses.
412
413         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
414         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
415         chain situation. It's also a small speed-up on getter-richards.
416
417         * CMakeLists.txt:
418         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
419         * JavaScriptCore.xcodeproj/project.pbxproj:
420         * bytecode/CodeBlock.cpp:
421         (JSC::CodeBlock::printGetByIdCacheStatus):
422         (JSC::CodeBlock::printPutByIdCacheStatus):
423         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
424         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
425         * bytecode/ComplexGetStatus.cpp:
426         (JSC::ComplexGetStatus::computeFor):
427         * bytecode/ComplexGetStatus.h:
428         (JSC::ComplexGetStatus::ComplexGetStatus):
429         (JSC::ComplexGetStatus::takesSlowPath):
430         (JSC::ComplexGetStatus::kind):
431         (JSC::ComplexGetStatus::offset):
432         (JSC::ComplexGetStatus::conditionSet):
433         (JSC::ComplexGetStatus::attributes): Deleted.
434         (JSC::ComplexGetStatus::specificValue): Deleted.
435         (JSC::ComplexGetStatus::chain): Deleted.
436         * bytecode/ConstantStructureCheck.cpp: Removed.
437         * bytecode/ConstantStructureCheck.h: Removed.
438         * bytecode/GetByIdStatus.cpp:
439         (JSC::GetByIdStatus::computeForStubInfo):
440         * bytecode/GetByIdVariant.cpp:
441         (JSC::GetByIdVariant::GetByIdVariant):
442         (JSC::GetByIdVariant::~GetByIdVariant):
443         (JSC::GetByIdVariant::operator=):
444         (JSC::GetByIdVariant::attemptToMerge):
445         (JSC::GetByIdVariant::dumpInContext):
446         (JSC::GetByIdVariant::baseStructure): Deleted.
447         * bytecode/GetByIdVariant.h:
448         (JSC::GetByIdVariant::operator!):
449         (JSC::GetByIdVariant::structureSet):
450         (JSC::GetByIdVariant::conditionSet):
451         (JSC::GetByIdVariant::offset):
452         (JSC::GetByIdVariant::callLinkStatus):
453         (JSC::GetByIdVariant::constantChecks): Deleted.
454         (JSC::GetByIdVariant::alternateBase): Deleted.
455         * bytecode/ObjectPropertyCondition.cpp: Added.
456         (JSC::ObjectPropertyCondition::dumpInContext):
457         (JSC::ObjectPropertyCondition::dump):
458         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
459         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
460         (JSC::ObjectPropertyCondition::isStillValid):
461         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
462         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
463         (JSC::ObjectPropertyCondition::isWatchable):
464         (JSC::ObjectPropertyCondition::isStillLive):
465         (JSC::ObjectPropertyCondition::validateReferences):
466         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
467         * bytecode/ObjectPropertyCondition.h: Added.
468         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
469         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
470         (JSC::ObjectPropertyCondition::presence):
471         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
472         (JSC::ObjectPropertyCondition::absence):
473         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
474         (JSC::ObjectPropertyCondition::absenceOfSetter):
475         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
476         (JSC::ObjectPropertyCondition::equivalence):
477         (JSC::ObjectPropertyCondition::operator!):
478         (JSC::ObjectPropertyCondition::object):
479         (JSC::ObjectPropertyCondition::condition):
480         (JSC::ObjectPropertyCondition::kind):
481         (JSC::ObjectPropertyCondition::uid):
482         (JSC::ObjectPropertyCondition::hasOffset):
483         (JSC::ObjectPropertyCondition::offset):
484         (JSC::ObjectPropertyCondition::hasAttributes):
485         (JSC::ObjectPropertyCondition::attributes):
486         (JSC::ObjectPropertyCondition::hasPrototype):
487         (JSC::ObjectPropertyCondition::prototype):
488         (JSC::ObjectPropertyCondition::hasRequiredValue):
489         (JSC::ObjectPropertyCondition::requiredValue):
490         (JSC::ObjectPropertyCondition::hash):
491         (JSC::ObjectPropertyCondition::operator==):
492         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
493         (JSC::ObjectPropertyCondition::isCompatibleWith):
494         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
495         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
496         (JSC::ObjectPropertyCondition::isValidValueForPresence):
497         (JSC::ObjectPropertyConditionHash::hash):
498         (JSC::ObjectPropertyConditionHash::equal):
499         * bytecode/ObjectPropertyConditionSet.cpp: Added.
500         (JSC::ObjectPropertyConditionSet::forObject):
501         (JSC::ObjectPropertyConditionSet::forConditionKind):
502         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
503         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
504         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
505         (JSC::ObjectPropertyConditionSet::mergedWith):
506         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
507         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
508         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
509         (JSC::ObjectPropertyConditionSet::areStillLive):
510         (JSC::ObjectPropertyConditionSet::dumpInContext):
511         (JSC::ObjectPropertyConditionSet::dump):
512         (JSC::generateConditionsForPropertyMiss):
513         (JSC::generateConditionsForPropertySetterMiss):
514         (JSC::generateConditionsForPrototypePropertyHit):
515         (JSC::generateConditionsForPrototypePropertyHitCustom):
516         (JSC::generateConditionsForPropertySetterMissConcurrently):
517         * bytecode/ObjectPropertyConditionSet.h: Added.
518         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
519         (JSC::ObjectPropertyConditionSet::invalid):
520         (JSC::ObjectPropertyConditionSet::nonEmpty):
521         (JSC::ObjectPropertyConditionSet::isValid):
522         (JSC::ObjectPropertyConditionSet::isEmpty):
523         (JSC::ObjectPropertyConditionSet::begin):
524         (JSC::ObjectPropertyConditionSet::end):
525         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
526         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
527         (JSC::ObjectPropertyConditionSet::fromRawPointer):
528         (JSC::ObjectPropertyConditionSet::Data::Data):
529         * bytecode/PolymorphicGetByIdList.cpp:
530         (JSC::GetByIdAccess::GetByIdAccess):
531         (JSC::GetByIdAccess::~GetByIdAccess):
532         (JSC::GetByIdAccess::visitWeak):
533         * bytecode/PolymorphicGetByIdList.h:
534         (JSC::GetByIdAccess::GetByIdAccess):
535         (JSC::GetByIdAccess::structure):
536         (JSC::GetByIdAccess::conditionSet):
537         (JSC::GetByIdAccess::stubRoutine):
538         (JSC::GetByIdAccess::chain): Deleted.
539         (JSC::GetByIdAccess::chainCount): Deleted.
540         * bytecode/PolymorphicPutByIdList.cpp:
541         (JSC::PutByIdAccess::fromStructureStubInfo):
542         (JSC::PutByIdAccess::visitWeak):
543         * bytecode/PolymorphicPutByIdList.h:
544         (JSC::PutByIdAccess::PutByIdAccess):
545         (JSC::PutByIdAccess::transition):
546         (JSC::PutByIdAccess::setter):
547         (JSC::PutByIdAccess::newStructure):
548         (JSC::PutByIdAccess::conditionSet):
549         (JSC::PutByIdAccess::stubRoutine):
550         (JSC::PutByIdAccess::chain): Deleted.
551         (JSC::PutByIdAccess::chainCount): Deleted.
552         * bytecode/PropertyCondition.cpp: Added.
553         (JSC::PropertyCondition::dumpInContext):
554         (JSC::PropertyCondition::dump):
555         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
556         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
557         (JSC::PropertyCondition::isStillValid):
558         (JSC::PropertyCondition::isWatchableWhenValid):
559         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
560         (JSC::PropertyCondition::isWatchable):
561         (JSC::PropertyCondition::isStillLive):
562         (JSC::PropertyCondition::validateReferences):
563         (JSC::PropertyCondition::isValidValueForAttributes):
564         (JSC::PropertyCondition::isValidValueForPresence):
565         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
566         (WTF::printInternal):
567         * bytecode/PropertyCondition.h: Added.
568         (JSC::PropertyCondition::PropertyCondition):
569         (JSC::PropertyCondition::presenceWithoutBarrier):
570         (JSC::PropertyCondition::presence):
571         (JSC::PropertyCondition::absenceWithoutBarrier):
572         (JSC::PropertyCondition::absence):
573         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
574         (JSC::PropertyCondition::absenceOfSetter):
575         (JSC::PropertyCondition::equivalenceWithoutBarrier):
576         (JSC::PropertyCondition::equivalence):
577         (JSC::PropertyCondition::operator!):
578         (JSC::PropertyCondition::kind):
579         (JSC::PropertyCondition::uid):
580         (JSC::PropertyCondition::hasOffset):
581         (JSC::PropertyCondition::offset):
582         (JSC::PropertyCondition::hasAttributes):
583         (JSC::PropertyCondition::attributes):
584         (JSC::PropertyCondition::hasPrototype):
585         (JSC::PropertyCondition::prototype):
586         (JSC::PropertyCondition::hasRequiredValue):
587         (JSC::PropertyCondition::requiredValue):
588         (JSC::PropertyCondition::hash):
589         (JSC::PropertyCondition::operator==):
590         (JSC::PropertyCondition::isHashTableDeletedValue):
591         (JSC::PropertyCondition::isCompatibleWith):
592         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
593         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
594         (JSC::PropertyConditionHash::hash):
595         (JSC::PropertyConditionHash::equal):
596         * bytecode/PutByIdStatus.cpp:
597         (JSC::PutByIdStatus::computeFromLLInt):
598         (JSC::PutByIdStatus::computeFor):
599         (JSC::PutByIdStatus::computeForStubInfo):
600         * bytecode/PutByIdVariant.cpp:
601         (JSC::PutByIdVariant::operator=):
602         (JSC::PutByIdVariant::transition):
603         (JSC::PutByIdVariant::setter):
604         (JSC::PutByIdVariant::makesCalls):
605         (JSC::PutByIdVariant::attemptToMerge):
606         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
607         (JSC::PutByIdVariant::dumpInContext):
608         (JSC::PutByIdVariant::baseStructure): Deleted.
609         * bytecode/PutByIdVariant.h:
610         (JSC::PutByIdVariant::PutByIdVariant):
611         (JSC::PutByIdVariant::kind):
612         (JSC::PutByIdVariant::structure):
613         (JSC::PutByIdVariant::structureSet):
614         (JSC::PutByIdVariant::oldStructure):
615         (JSC::PutByIdVariant::conditionSet):
616         (JSC::PutByIdVariant::offset):
617         (JSC::PutByIdVariant::callLinkStatus):
618         (JSC::PutByIdVariant::constantChecks): Deleted.
619         (JSC::PutByIdVariant::alternateBase): Deleted.
620         * bytecode/StructureStubClearingWatchpoint.cpp:
621         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
622         (JSC::StructureStubClearingWatchpoint::push):
623         (JSC::StructureStubClearingWatchpoint::fireInternal):
624         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
625         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
626         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
627         * bytecode/StructureStubClearingWatchpoint.h:
628         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
629         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
630         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
631         * bytecode/StructureStubInfo.cpp:
632         (JSC::StructureStubInfo::deref):
633         (JSC::StructureStubInfo::visitWeakReferences):
634         * bytecode/StructureStubInfo.h:
635         (JSC::StructureStubInfo::initPutByIdTransition):
636         (JSC::StructureStubInfo::initPutByIdReplace):
637         (JSC::StructureStubInfo::setSeen):
638         (JSC::StructureStubInfo::addWatchpoint):
639         * dfg/DFGAbstractInterpreterInlines.h:
640         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
641         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
642         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
643         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
644         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
645         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
646         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
647         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
648         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
649         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
650         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
651         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
652         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
653         (JSC::DFG::AdaptiveStructureWatchpoint::install):
654         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
655         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
656         (JSC::DFG::AdaptiveStructureWatchpoint::key):
657         * dfg/DFGByteCodeParser.cpp:
658         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
659         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
660         (JSC::DFG::ByteCodeParser::handleGetByOffset):
661         (JSC::DFG::ByteCodeParser::handlePutByOffset):
662         (JSC::DFG::ByteCodeParser::check):
663         (JSC::DFG::ByteCodeParser::promoteToConstant):
664         (JSC::DFG::ByteCodeParser::planLoad):
665         (JSC::DFG::ByteCodeParser::load):
666         (JSC::DFG::ByteCodeParser::presenceLike):
667         (JSC::DFG::ByteCodeParser::checkPresenceLike):
668         (JSC::DFG::ByteCodeParser::store):
669         (JSC::DFG::ByteCodeParser::handleGetById):
670         (JSC::DFG::ByteCodeParser::handlePutById):
671         (JSC::DFG::ByteCodeParser::parseBlock):
672         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
673         * dfg/DFGCommonData.cpp:
674         (JSC::DFG::CommonData::validateReferences):
675         * dfg/DFGCommonData.h:
676         * dfg/DFGConstantFoldingPhase.cpp:
677         (JSC::DFG::ConstantFoldingPhase::foldConstants):
678         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
679         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
680         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
681         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
682         * dfg/DFGDesiredWatchpoints.cpp:
683         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
684         (JSC::DFG::InferredValueAdaptor::add):
685         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
686         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
687         (JSC::DFG::DesiredWatchpoints::addLazily):
688         (JSC::DFG::DesiredWatchpoints::consider):
689         (JSC::DFG::DesiredWatchpoints::reallyAdd):
690         (JSC::DFG::DesiredWatchpoints::areStillValid):
691         (JSC::DFG::DesiredWatchpoints::dumpInContext):
692         * dfg/DFGDesiredWatchpoints.h:
693         (JSC::DFG::SetPointerAdaptor::add):
694         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
695         (JSC::DFG::SetPointerAdaptor::dumpInContext):
696         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
697         (JSC::DFG::InferredValueAdaptor::dumpInContext):
698         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
699         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
700         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
701         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
702         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
703         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
704         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
705         (JSC::DFG::DesiredWatchpoints::isWatched):
706         (JSC::DFG::GenericSetAdaptor::add): Deleted.
707         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
708         * dfg/DFGDesiredWeakReferences.cpp:
709         (JSC::DFG::DesiredWeakReferences::addLazily):
710         (JSC::DFG::DesiredWeakReferences::contains):
711         * dfg/DFGDesiredWeakReferences.h:
712         * dfg/DFGGraph.cpp:
713         (JSC::DFG::Graph::dump):
714         (JSC::DFG::Graph::clearFlagsOnAllNodes):
715         (JSC::DFG::Graph::watchCondition):
716         (JSC::DFG::Graph::isSafeToLoad):
717         (JSC::DFG::Graph::livenessFor):
718         (JSC::DFG::Graph::tryGetConstantProperty):
719         (JSC::DFG::Graph::visitChildren):
720         * dfg/DFGGraph.h:
721         (JSC::DFG::Graph::identifiers):
722         (JSC::DFG::Graph::watchpoints):
723         * dfg/DFGMultiGetByOffsetData.cpp: Added.
724         (JSC::DFG::GetByOffsetMethod::dumpInContext):
725         (JSC::DFG::GetByOffsetMethod::dump):
726         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
727         (JSC::DFG::MultiGetByOffsetCase::dump):
728         (WTF::printInternal):
729         * dfg/DFGMultiGetByOffsetData.h: Added.
730         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
731         (JSC::DFG::GetByOffsetMethod::constant):
732         (JSC::DFG::GetByOffsetMethod::load):
733         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
734         (JSC::DFG::GetByOffsetMethod::operator!):
735         (JSC::DFG::GetByOffsetMethod::kind):
736         (JSC::DFG::GetByOffsetMethod::prototype):
737         (JSC::DFG::GetByOffsetMethod::offset):
738         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
739         (JSC::DFG::MultiGetByOffsetCase::set):
740         (JSC::DFG::MultiGetByOffsetCase::method):
741         * dfg/DFGNode.h:
742         * dfg/DFGSafeToExecute.h:
743         (JSC::DFG::safeToExecute):
744         * dfg/DFGStructureRegistrationPhase.cpp:
745         (JSC::DFG::StructureRegistrationPhase::run):
746         * ftl/FTLLowerDFGToLLVM.cpp:
747         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
748         * jit/Repatch.cpp:
749         (JSC::repatchByIdSelfAccess):
750         (JSC::checkObjectPropertyCondition):
751         (JSC::checkObjectPropertyConditions):
752         (JSC::replaceWithJump):
753         (JSC::generateByIdStub):
754         (JSC::actionForCell):
755         (JSC::tryBuildGetByIDList):
756         (JSC::emitPutReplaceStub):
757         (JSC::emitPutTransitionStub):
758         (JSC::tryCachePutByID):
759         (JSC::tryBuildPutByIdList):
760         (JSC::tryRepatchIn):
761         (JSC::addStructureTransitionCheck): Deleted.
762         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
763         * runtime/IntendedStructureChain.cpp: Removed.
764         * runtime/IntendedStructureChain.h: Removed.
765         * runtime/JSCJSValue.h:
766         * runtime/JSObject.cpp:
767         (JSC::throwTypeError):
768         (JSC::JSObject::convertToDictionary):
769         (JSC::JSObject::shiftButterflyAfterFlattening):
770         * runtime/JSObject.h:
771         (JSC::JSObject::flattenDictionaryObject):
772         (JSC::JSObject::convertToDictionary): Deleted.
773         * runtime/Operations.h:
774         (JSC::normalizePrototypeChain):
775         (JSC::normalizePrototypeChainForChainAccess): Deleted.
776         (JSC::isPrototypeChainNormalized): Deleted.
777         * runtime/PropertySlot.h:
778         (JSC::PropertySlot::PropertySlot):
779         (JSC::PropertySlot::slotBase):
780         * runtime/Structure.cpp:
781         (JSC::Structure::addPropertyTransition):
782         (JSC::Structure::attributeChangeTransition):
783         (JSC::Structure::toDictionaryTransition):
784         (JSC::Structure::toCacheableDictionaryTransition):
785         (JSC::Structure::toUncacheableDictionaryTransition):
786         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
787         (JSC::Structure::startWatchingPropertyForReplacements):
788         (JSC::Structure::didCachePropertyReplacement):
789         (JSC::Structure::dump):
790         * runtime/Structure.h:
791         * runtime/VM.h:
792         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
793         (foo):
794         (bar):
795         (baz):
796         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
797         (foo):
798         * tests/stress/replacement-watchpoint-dictionary.js: Added.
799         (foo):
800         * tests/stress/replacement-watchpoint.js: Added.
801         (foo):
802         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
803         (foo):
804         * tests/stress/undefined-access-then-proto-change.js: Added.
805         (foo):
806
807 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
808
809         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
810         https://bugs.webkit.org/show_bug.cgi?id=147538
811
812         Reviewed by Geoffrey Garen.
813
814         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
815         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
816         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
817
818         * parser/ParserTokens.h:
819         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
820         (testSyntaxError):
821
822 2015-08-03  Keith Miller  <keith_miller@apple.com>
823
824         Clean up the naming for AST expression generation.
825         https://bugs.webkit.org/show_bug.cgi?id=147581
826
827         Reviewed by Yusuke Suzuki.
828
829         * parser/ASTBuilder.h:
830         (JSC::ASTBuilder::createThisExpr):
831         (JSC::ASTBuilder::createSuperExpr):
832         (JSC::ASTBuilder::createNewTargetExpr):
833         (JSC::ASTBuilder::thisExpr): Deleted.
834         (JSC::ASTBuilder::superExpr): Deleted.
835         (JSC::ASTBuilder::newTargetExpr): Deleted.
836         * parser/Parser.cpp:
837         (JSC::Parser<LexerType>::parsePrimaryExpression):
838         (JSC::Parser<LexerType>::parseMemberExpression):
839         * parser/SyntaxChecker.h:
840         (JSC::SyntaxChecker::createThisExpr):
841         (JSC::SyntaxChecker::createSuperExpr):
842         (JSC::SyntaxChecker::createNewTargetExpr):
843         (JSC::SyntaxChecker::thisExpr): Deleted.
844         (JSC::SyntaxChecker::superExpr): Deleted.
845         (JSC::SyntaxChecker::newTargetExpr): Deleted.
846
847 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
848
849         Don't set up the callsite to operationGetByValDefault when the optimization is already done
850         https://bugs.webkit.org/show_bug.cgi?id=147577
851
852         Reviewed by Filip Pizlo.
853
854         operationGetByValDefault should be called only when the IC is not set.
855         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
856         operationGetByValDefault raises the assertion failure.
857         In this patch, we change the callsite setting up code in operationGetByValString when
858         the IC is already set. And to make the operation's meaning explicitly, we changed the
859         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
860         GetById case.
861
862         * jit/JITOperations.cpp:
863         * jit/JITOperations.h:
864         * jit/JITPropertyAccess.cpp:
865         (JSC::JIT::emitSlow_op_get_by_val):
866         * jit/JITPropertyAccess32_64.cpp:
867         (JSC::JIT::emitSlow_op_get_by_val):
868         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
869         (hello):
870
871 2015-08-03  Csaba Osztrogonác  <ossy@webkit.org>
872
873         [FTL] Remove unused scripts related to native call inlining
874         https://bugs.webkit.org/show_bug.cgi?id=147448
875
876         Reviewed by Filip Pizlo.
877
878         * build-symbol-table-index.py: Removed.
879         * copy-llvm-ir-to-derived-sources.sh: Removed.
880         * create-llvm-ir-from-source-file.py: Removed.
881         * create-symbol-table-index.py: Removed.
882
883 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
884
885         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
886         https://bugs.webkit.org/show_bug.cgi?id=118455
887
888         Reviewed by Filip Pizlo.
889
890         LivenessAnalysisPhase lights up like a christmas tree in profiles.
891
892         This patch cuts its cost by 4.
893         About half of the gains come from removing many rehash() when copying
894         the HashSet.
895         The last quarter is achieved by having a special add() function for initializing
896         a HashSet.
897
898         This makes benchmarks progress by 1-2% here and there. Nothing massive.
899
900         * dfg/DFGLivenessAnalysisPhase.cpp:
901         (JSC::DFG::LivenessAnalysisPhase::process):
902         The m_live HashSet is only useful per block. When we are done with it,
903         we can transfer it to liveAtHead to avoid a copy.
904
905 2015-08-01  Saam barati  <saambarati1@gmail.com>
906
907         Unreviewed. Remove unintentional "print" statement in test case.
908         https://bugs.webkit.org/show_bug.cgi?id=142567
909
910         * tests/stress/class-syntax-definition-semantics.js:
911         (shouldBeSyntaxError):
912
913 2015-07-31  Alex Christensen  <achristensen@webkit.org>
914
915         Prepare for VS2015
916         https://bugs.webkit.org/show_bug.cgi?id=146579
917
918         Reviewed by Jon Honeycutt.
919
920         * heap/Heap.h:
921         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
922
923 2015-07-31  Saam barati  <saambarati1@gmail.com>
924
925         ES6 class syntax should use block scoping
926         https://bugs.webkit.org/show_bug.cgi?id=142567
927
928         Reviewed by Geoffrey Garen.
929
930         We treat class declarations like we do "let" declarations.
931         The class name is under TDZ until the class declaration
932         statement is evaluated. Class declarations also follow
933         the same rules as "let": No duplicate definitions inside
934         a lexical environment.
935
936         * parser/ASTBuilder.h:
937         (JSC::ASTBuilder::createClassDeclStatement):
938         * parser/Parser.cpp:
939         (JSC::Parser<LexerType>::parseClassDeclaration):
940         * tests/stress/class-syntax-block-scoping.js: Added.
941         (assert):
942         (truth):
943         (.):
944         * tests/stress/class-syntax-definition-semantics.js: Added.
945         (shouldBeSyntaxError):
946         (shouldNotBeSyntaxError):
947         (truth):
948         * tests/stress/class-syntax-tdz.js:
949         (assert):
950         (shouldThrowTDZ):
951         (truth):
952         (.):
953
954 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
955
956         Implement WebAssembly module parser
957         https://bugs.webkit.org/show_bug.cgi?id=147293
958
959         Reviewed by Mark Lam.
960
961         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
962         include file: 'JSWASMModule.h'" issue on Windows.
963
964         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
965         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
966         the magic number at the beginning of the files. Parsing of the rest will be
967         implemented in a subsequent patch.
968
969         * CMakeLists.txt:
970         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
971         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
972         * JavaScriptCore.xcodeproj/project.pbxproj:
973         * jsc.cpp:
974         (GlobalObject::finishCreation):
975         (functionLoadWebAssembly):
976         * parser/SourceProvider.h:
977         (JSC::WebAssemblySourceProvider::create):
978         (JSC::WebAssemblySourceProvider::data):
979         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
980         * runtime/JSGlobalObject.cpp:
981         (JSC::JSGlobalObject::init):
982         (JSC::JSGlobalObject::visitChildren):
983         * runtime/JSGlobalObject.h:
984         (JSC::JSGlobalObject::wasmModuleStructure):
985         * wasm/WASMMagicNumber.h: Added.
986         * wasm/WASMModuleParser.cpp: Added.
987         (JSC::WASMModuleParser::WASMModuleParser):
988         (JSC::WASMModuleParser::parse):
989         (JSC::WASMModuleParser::parseModule):
990         (JSC::parseWebAssembly):
991         * wasm/WASMModuleParser.h: Added.
992         * wasm/WASMReader.cpp: Added.
993         (JSC::WASMReader::readUnsignedInt32):
994         (JSC::WASMReader::readFloat):
995         (JSC::WASMReader::readDouble):
996         * wasm/WASMReader.h: Added.
997         (JSC::WASMReader::WASMReader):
998
999 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1000
1001         Add the "wasm" directory to the Additional Include Directories for jsc.exe
1002         https://bugs.webkit.org/show_bug.cgi?id=147443
1003
1004         Reviewed by Mark Lam.
1005
1006         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
1007         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
1008
1009         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
1010
1011 2015-07-30  Chris Dumez  <cdumez@apple.com>
1012
1013         Mark more classes as fast allocated
1014         https://bugs.webkit.org/show_bug.cgi?id=147440
1015
1016         Reviewed by Sam Weinig.
1017
1018         Mark more classes as fast allocated for performance. We heap-allocate
1019         objects of those types throughout the code base.
1020
1021         * API/JSCallbackObject.h:
1022         * API/ObjCCallbackFunction.mm:
1023         * bytecode/BytecodeKills.h:
1024         * bytecode/BytecodeLivenessAnalysis.h:
1025         * bytecode/CallLinkStatus.h:
1026         * bytecode/FullBytecodeLiveness.h:
1027         * bytecode/SamplingTool.h:
1028         * bytecompiler/BytecodeGenerator.h:
1029         * dfg/DFGBasicBlock.h:
1030         * dfg/DFGBlockMap.h:
1031         * dfg/DFGInPlaceAbstractState.h:
1032         * dfg/DFGThreadData.h:
1033         * heap/HeapVerifier.h:
1034         * heap/SlotVisitor.h:
1035         * parser/Lexer.h:
1036         * runtime/ControlFlowProfiler.h:
1037         * runtime/TypeProfiler.h:
1038         * runtime/TypeProfilerLog.h:
1039         * runtime/Watchdog.h:
1040
1041 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
1042
1043         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
1044         https://bugs.webkit.org/show_bug.cgi?id=147433
1045         rdar://problem/21668986
1046
1047         Reviewed by Mark Lam.
1048
1049         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
1050         currently that's not what it does - it emits a SetArgument for every argument that a varargs
1051         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
1052         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
1053         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
1054         have a PutStack.
1055
1056         This fixes the bug by removing the code to optimize away PutStacks in
1057         ArgumentsEliminationPhase.
1058
1059         * dfg/DFGArgumentsEliminationPhase.cpp:
1060         * tests/stress/varargs-inlining-underflow.js: Added.
1061         (baz):
1062         (bar):
1063         (foo):
1064
1065 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
1066
1067         Implement basic types for ECMAScript Internationalization API
1068         https://bugs.webkit.org/show_bug.cgi?id=146926
1069
1070         Reviewed by Benjamin Poulain.
1071
1072         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
1073         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
1074
1075         * CMakeLists.txt: Added new Intl files.
1076         * Configurations/FeatureDefines.xcconfig: Enable INTL.
1077         * DerivedSources.make: Added Intl files.
1078         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
1079         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
1080         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
1081         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
1082         * runtime/DateConstructor.cpp: Made Date.now public.
1083         * runtime/DateConstructor.h: Made Date.now public.
1084         * runtime/IntlCollator.cpp: Added.
1085         (JSC::IntlCollator::create):
1086         (JSC::IntlCollator::createStructure):
1087         (JSC::IntlCollator::IntlCollator):
1088         (JSC::IntlCollator::finishCreation):
1089         (JSC::IntlCollator::destroy):
1090         (JSC::IntlCollator::visitChildren):
1091         (JSC::IntlCollator::setBoundCompare):
1092         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
1093         * runtime/IntlCollator.h: Added.
1094         (JSC::IntlCollator::constructor):
1095         (JSC::IntlCollator::boundCompare):
1096         * runtime/IntlCollatorConstructor.cpp: Added.
1097         (JSC::IntlCollatorConstructor::create):
1098         (JSC::IntlCollatorConstructor::createStructure):
1099         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
1100         (JSC::IntlCollatorConstructor::finishCreation):
1101         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
1102         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
1103         (JSC::IntlCollatorConstructor::getConstructData):
1104         (JSC::IntlCollatorConstructor::getCallData):
1105         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
1106         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1107         (JSC::IntlCollatorConstructor::visitChildren):
1108         * runtime/IntlCollatorConstructor.h: Added.
1109         (JSC::IntlCollatorConstructor::collatorStructure):
1110         * runtime/IntlCollatorPrototype.cpp: Added.
1111         (JSC::IntlCollatorPrototype::create):
1112         (JSC::IntlCollatorPrototype::createStructure):
1113         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
1114         (JSC::IntlCollatorPrototype::finishCreation):
1115         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
1116         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
1117         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1118         * runtime/IntlCollatorPrototype.h: Added.
1119         * runtime/IntlDateTimeFormat.cpp: Added.
1120         (JSC::IntlDateTimeFormat::create):
1121         (JSC::IntlDateTimeFormat::createStructure):
1122         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
1123         (JSC::IntlDateTimeFormat::finishCreation):
1124         (JSC::IntlDateTimeFormat::destroy):
1125         (JSC::IntlDateTimeFormat::visitChildren):
1126         (JSC::IntlDateTimeFormat::setBoundFormat):
1127         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
1128         * runtime/IntlDateTimeFormat.h: Added.
1129         (JSC::IntlDateTimeFormat::constructor):
1130         (JSC::IntlDateTimeFormat::boundFormat):
1131         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
1132         (JSC::IntlDateTimeFormatConstructor::create):
1133         (JSC::IntlDateTimeFormatConstructor::createStructure):
1134         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
1135         (JSC::IntlDateTimeFormatConstructor::finishCreation):
1136         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
1137         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
1138         (JSC::IntlDateTimeFormatConstructor::getConstructData):
1139         (JSC::IntlDateTimeFormatConstructor::getCallData):
1140         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
1141         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1142         (JSC::IntlDateTimeFormatConstructor::visitChildren):
1143         * runtime/IntlDateTimeFormatConstructor.h: Added.
1144         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
1145         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
1146         (JSC::IntlDateTimeFormatPrototype::create):
1147         (JSC::IntlDateTimeFormatPrototype::createStructure):
1148         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
1149         (JSC::IntlDateTimeFormatPrototype::finishCreation):
1150         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
1151         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
1152         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1153         * runtime/IntlDateTimeFormatPrototype.h: Added.
1154         * runtime/IntlNumberFormat.cpp: Added.
1155         (JSC::IntlNumberFormat::create):
1156         (JSC::IntlNumberFormat::createStructure):
1157         (JSC::IntlNumberFormat::IntlNumberFormat):
1158         (JSC::IntlNumberFormat::finishCreation):
1159         (JSC::IntlNumberFormat::destroy):
1160         (JSC::IntlNumberFormat::visitChildren):
1161         (JSC::IntlNumberFormat::setBoundFormat):
1162         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
1163         * runtime/IntlNumberFormat.h: Added.
1164         (JSC::IntlNumberFormat::constructor):
1165         (JSC::IntlNumberFormat::boundFormat):
1166         * runtime/IntlNumberFormatConstructor.cpp: Added.
1167         (JSC::IntlNumberFormatConstructor::create):
1168         (JSC::IntlNumberFormatConstructor::createStructure):
1169         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
1170         (JSC::IntlNumberFormatConstructor::finishCreation):
1171         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
1172         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
1173         (JSC::IntlNumberFormatConstructor::getConstructData):
1174         (JSC::IntlNumberFormatConstructor::getCallData):
1175         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
1176         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1177         (JSC::IntlNumberFormatConstructor::visitChildren):
1178         * runtime/IntlNumberFormatConstructor.h: Added.
1179         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
1180         * runtime/IntlNumberFormatPrototype.cpp: Added.
1181         (JSC::IntlNumberFormatPrototype::create):
1182         (JSC::IntlNumberFormatPrototype::createStructure):
1183         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
1184         (JSC::IntlNumberFormatPrototype::finishCreation):
1185         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
1186         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
1187         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1188         * runtime/IntlNumberFormatPrototype.h: Added.
1189         * runtime/IntlObject.cpp:
1190         (JSC::IntlObject::create):
1191         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
1192         (JSC::IntlObject::visitChildren):
1193         * runtime/IntlObject.h:
1194         (JSC::IntlObject::collatorConstructor):
1195         (JSC::IntlObject::collatorPrototype):
1196         (JSC::IntlObject::collatorStructure):
1197         (JSC::IntlObject::numberFormatConstructor):
1198         (JSC::IntlObject::numberFormatPrototype):
1199         (JSC::IntlObject::numberFormatStructure):
1200         (JSC::IntlObject::dateTimeFormatConstructor):
1201         (JSC::IntlObject::dateTimeFormatPrototype):
1202         (JSC::IntlObject::dateTimeFormatStructure):
1203         * runtime/JSGlobalObject.cpp:
1204         (JSC::JSGlobalObject::init):
1205
1206 2015-07-29  Commit Queue  <commit-queue@webkit.org>
1207
1208         Unreviewed, rolling out r187550.
1209         https://bugs.webkit.org/show_bug.cgi?id=147420
1210
1211         Broke Windows build (again) (Requested by smfr on #webkit).
1212
1213         Reverted changeset:
1214
1215         "Implement WebAssembly module parser"
1216         https://bugs.webkit.org/show_bug.cgi?id=147293
1217         http://trac.webkit.org/changeset/187550
1218
1219 2015-07-29  Basile Clement  <basile_clement@apple.com>
1220
1221         Remove native call inlining
1222         https://bugs.webkit.org/show_bug.cgi?id=147417
1223
1224         Rubber Stamped by Filip Pizlo.
1225
1226         * CMakeLists.txt:
1227         * dfg/DFGAbstractInterpreterInlines.h:
1228         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1229         * dfg/DFGByteCodeParser.cpp:
1230         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
1231         * dfg/DFGClobberize.h:
1232         (JSC::DFG::clobberize): Deleted.
1233         * dfg/DFGDoesGC.cpp:
1234         (JSC::DFG::doesGC): Deleted.
1235         * dfg/DFGFixupPhase.cpp:
1236         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1237         * dfg/DFGNode.h:
1238         (JSC::DFG::Node::hasHeapPrediction): Deleted.
1239         (JSC::DFG::Node::hasCellOperand): Deleted.
1240         * dfg/DFGNodeType.h:
1241         * dfg/DFGPredictionPropagationPhase.cpp:
1242         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1243         * dfg/DFGSafeToExecute.h:
1244         (JSC::DFG::safeToExecute): Deleted.
1245         * dfg/DFGSpeculativeJIT32_64.cpp:
1246         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1247         * dfg/DFGSpeculativeJIT64.cpp:
1248         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1249         * ftl/FTLCapabilities.cpp:
1250         (JSC::FTL::canCompile): Deleted.
1251         * ftl/FTLLowerDFGToLLVM.cpp:
1252         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
1253         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1254         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
1255         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
1256         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
1257         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
1258         * ftl/FTLState.cpp:
1259         (JSC::FTL::State::State): Deleted.
1260         * ftl/FTLState.h:
1261         * runtime/BundlePath.cpp: Removed.
1262         (JSC::bundlePath): Deleted.
1263         * runtime/JSDataViewPrototype.cpp:
1264         (JSC::getData):
1265         (JSC::setData):
1266         * runtime/Options.h:
1267
1268 2015-07-29  Basile Clement  <basile_clement@apple.com>
1269
1270         Unreviewed, skipping a test that is too complex for its own good
1271         https://bugs.webkit.org/show_bug.cgi?id=147167
1272
1273         * tests/stress/math-pow-coherency.js:
1274
1275 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1276
1277         Implement WebAssembly module parser
1278         https://bugs.webkit.org/show_bug.cgi?id=147293
1279
1280         Reviewed by Mark Lam.
1281
1282         Reupload the patch, since r187539 should fix the "Cannot open include file:
1283         'JSWASMModule.h'" issue in the Windows build.
1284
1285         * CMakeLists.txt:
1286         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1287         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1288         * JavaScriptCore.xcodeproj/project.pbxproj:
1289         * jsc.cpp:
1290         (GlobalObject::finishCreation):
1291         (functionLoadWebAssembly):
1292         * parser/SourceProvider.h:
1293         (JSC::WebAssemblySourceProvider::create):
1294         (JSC::WebAssemblySourceProvider::data):
1295         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
1296         * runtime/JSGlobalObject.cpp:
1297         (JSC::JSGlobalObject::init):
1298         (JSC::JSGlobalObject::visitChildren):
1299         * runtime/JSGlobalObject.h:
1300         (JSC::JSGlobalObject::wasmModuleStructure):
1301         * wasm/WASMMagicNumber.h: Added.
1302         * wasm/WASMModuleParser.cpp: Added.
1303         (JSC::WASMModuleParser::WASMModuleParser):
1304         (JSC::WASMModuleParser::parse):
1305         (JSC::WASMModuleParser::parseModule):
1306         (JSC::parseWebAssembly):
1307         * wasm/WASMModuleParser.h: Added.
1308         * wasm/WASMReader.cpp: Added.
1309         (JSC::WASMReader::readUnsignedInt32):
1310         (JSC::WASMReader::readFloat):
1311         (JSC::WASMReader::readDouble):
1312         * wasm/WASMReader.h: Added.
1313         (JSC::WASMReader::WASMReader):
1314
1315 2015-07-29  Basile Clement  <basile_clement@apple.com>
1316
1317         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
1318         https://bugs.webkit.org/show_bug.cgi?id=147167
1319
1320         * tests/stress/math-pow-coherency.js:
1321
1322 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1323
1324         Add the "wasm" directory to Visual Studio project files
1325         https://bugs.webkit.org/show_bug.cgi?id=147400
1326
1327         Reviewed by Simon Fraser.
1328
1329         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
1330         in the Windows build.
1331
1332         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1333         * JavaScriptCore.vcxproj/copy-files.cmd:
1334
1335 2015-07-28  Commit Queue  <commit-queue@webkit.org>
1336
1337         Unreviewed, rolling out r187531.
1338         https://bugs.webkit.org/show_bug.cgi?id=147397
1339
1340         Broke Windows bild (Requested by smfr on #webkit).
1341
1342         Reverted changeset:
1343
1344         "Implement WebAssembly module parser"
1345         https://bugs.webkit.org/show_bug.cgi?id=147293
1346         http://trac.webkit.org/changeset/187531
1347
1348 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
1349
1350         Speed up the Stringifier::toJSON() fast case
1351         https://bugs.webkit.org/show_bug.cgi?id=147383
1352
1353         Reviewed by Andreas Kling.
1354
1355         * runtime/JSONObject.cpp:
1356         (JSC::Stringifier::toJSON):
1357         (JSC::Stringifier::toJSONImpl):
1358
1359 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1360
1361         Implement WebAssembly module parser
1362         https://bugs.webkit.org/show_bug.cgi?id=147293
1363
1364         Reviewed by Geoffrey Garen.
1365
1366         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
1367         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
1368         the magic number at the beginning of the files. Parsing of the rest will be
1369         implemented in a subsequent patch.
1370
1371         * CMakeLists.txt:
1372         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1373         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1374         * JavaScriptCore.xcodeproj/project.pbxproj:
1375         * jsc.cpp:
1376         (GlobalObject::finishCreation):
1377         (functionLoadWebAssembly):
1378         * parser/SourceProvider.h:
1379         (JSC::WebAssemblySourceProvider::create):
1380         (JSC::WebAssemblySourceProvider::data):
1381         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
1382         * runtime/JSGlobalObject.cpp:
1383         (JSC::JSGlobalObject::init):
1384         (JSC::JSGlobalObject::visitChildren):
1385         * runtime/JSGlobalObject.h:
1386         (JSC::JSGlobalObject::wasmModuleStructure):
1387         * wasm/WASMMagicNumber.h: Added.
1388         * wasm/WASMModuleParser.cpp: Added.
1389         (JSC::WASMModuleParser::WASMModuleParser):
1390         (JSC::WASMModuleParser::parse):
1391         (JSC::WASMModuleParser::parseModule):
1392         (JSC::parseWebAssembly):
1393         * wasm/WASMModuleParser.h: Added.
1394         * wasm/WASMReader.cpp: Added.
1395         (JSC::WASMReader::readUnsignedInt32):
1396         (JSC::WASMReader::readFloat):
1397         (JSC::WASMReader::readDouble):
1398         * wasm/WASMReader.h: Added.
1399         (JSC::WASMReader::WASMReader):
1400
1401 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
1402
1403         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
1404         https://bugs.webkit.org/show_bug.cgi?id=147350
1405
1406         Reviewed by Sam Weinig.
1407
1408         * Configurations/FeatureDefines.xcconfig:
1409
1410 2015-07-28  Saam barati  <saambarati1@gmail.com>
1411
1412         Make the type profiler work with lexical scoping and add tests
1413         https://bugs.webkit.org/show_bug.cgi?id=145438
1414
1415         Reviewed by Geoffrey Garen.
1416
1417         op_profile_type now knows how to resolve variables allocated within
1418         the local scope stack. This means it knows how to resolve "let"
1419         and "const" variables. Also, some refactoring was done inside
1420         the BytecodeGenerator to make writing code to support the type
1421         profiler much simpler and clearer.
1422
1423         * bytecode/CodeBlock.cpp:
1424         (JSC::CodeBlock::CodeBlock):
1425         * bytecode/CodeBlock.h:
1426         (JSC::CodeBlock::symbolTable): Deleted.
1427         * bytecode/UnlinkedCodeBlock.h:
1428         (JSC::UnlinkedCodeBlock::addExceptionHandler):
1429         (JSC::UnlinkedCodeBlock::exceptionHandler):
1430         (JSC::UnlinkedCodeBlock::vm):
1431         (JSC::UnlinkedCodeBlock::addArrayProfile):
1432         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
1433         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
1434         * bytecompiler/BytecodeGenerator.cpp:
1435         (JSC::BytecodeGenerator::BytecodeGenerator):
1436         (JSC::BytecodeGenerator::emitMove):
1437         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
1438         (JSC::BytecodeGenerator::emitProfileType):
1439         (JSC::BytecodeGenerator::emitProfileControlFlow):
1440         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1441         * bytecompiler/BytecodeGenerator.h:
1442         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
1443         * bytecompiler/NodesCodegen.cpp:
1444         (JSC::ThisNode::emitBytecode):
1445         (JSC::ResolveNode::emitBytecode):
1446         (JSC::BracketAccessorNode::emitBytecode):
1447         (JSC::DotAccessorNode::emitBytecode):
1448         (JSC::FunctionCallValueNode::emitBytecode):
1449         (JSC::FunctionCallResolveNode::emitBytecode):
1450         (JSC::FunctionCallBracketNode::emitBytecode):
1451         (JSC::FunctionCallDotNode::emitBytecode):
1452         (JSC::CallFunctionCallDotNode::emitBytecode):
1453         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1454         (JSC::PostfixNode::emitResolve):
1455         (JSC::PostfixNode::emitBracket):
1456         (JSC::PostfixNode::emitDot):
1457         (JSC::PrefixNode::emitResolve):
1458         (JSC::PrefixNode::emitBracket):
1459         (JSC::PrefixNode::emitDot):
1460         (JSC::ReadModifyResolveNode::emitBytecode):
1461         (JSC::AssignResolveNode::emitBytecode):
1462         (JSC::AssignDotNode::emitBytecode):
1463         (JSC::ReadModifyDotNode::emitBytecode):
1464         (JSC::AssignBracketNode::emitBytecode):
1465         (JSC::ReadModifyBracketNode::emitBytecode):
1466         (JSC::EmptyVarExpression::emitBytecode):
1467         (JSC::EmptyLetExpression::emitBytecode):
1468         (JSC::ForInNode::emitLoopHeader):
1469         (JSC::ForOfNode::emitBytecode):
1470         (JSC::ReturnNode::emitBytecode):
1471         (JSC::FunctionNode::emitBytecode):
1472         (JSC::BindingNode::bindValue):
1473         * dfg/DFGSpeculativeJIT32_64.cpp:
1474         (JSC::DFG::SpeculativeJIT::compile):
1475         * dfg/DFGSpeculativeJIT64.cpp:
1476         (JSC::DFG::SpeculativeJIT::compile):
1477         * jit/JITOpcodes.cpp:
1478         (JSC::JIT::emit_op_profile_type):
1479         * jit/JITOpcodes32_64.cpp:
1480         (JSC::JIT::emit_op_profile_type):
1481         * llint/LowLevelInterpreter32_64.asm:
1482         * llint/LowLevelInterpreter64.asm:
1483         * tests/typeProfiler/es6-block-scoping.js: Added.
1484         (noop):
1485         (arr):
1486         (wrapper.changeFoo):
1487         (wrapper.scoping):
1488         (wrapper.scoping2):
1489         (wrapper):
1490         * tests/typeProfiler/es6-classes.js: Added.
1491         (noop):
1492         (wrapper.Animal):
1493         (wrapper.Animal.prototype.methodA):
1494         (wrapper.Dog):
1495         (wrapper.Dog.prototype.methodB):
1496         (wrapper):
1497
1498 2015-07-28  Saam barati  <saambarati1@gmail.com>
1499
1500         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
1501         https://bugs.webkit.org/show_bug.cgi?id=146979
1502
1503         Reviewed by Geoffrey Garen.
1504
1505         Now that BytecodeGenerator has a notion of local scope depth,
1506         we can easily implement a catch scope that doesn't claim that
1507         all variables are dynamically scoped. This means that functions
1508         that use try/catch can have local variable resolution. This also
1509         means that all functions that use try/catch don't have all
1510         their variables marked as being captured.
1511
1512         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
1513         single variable. Catch scopes are now just JSLexicalEnvironments and the 
1514         symbol table backing the catch scope knows that it corresponds to a catch scope.
1515
1516         * CMakeLists.txt:
1517         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1518         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1519         * JavaScriptCore.xcodeproj/project.pbxproj:
1520         * bytecode/CodeBlock.cpp:
1521         (JSC::CodeBlock::dumpBytecode):
1522         * bytecode/EvalCodeCache.h:
1523         (JSC::EvalCodeCache::isCacheable):
1524         * bytecompiler/BytecodeGenerator.cpp:
1525         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1526         (JSC::BytecodeGenerator::emitLoadGlobalObject):
1527         (JSC::BytecodeGenerator::pushLexicalScope):
1528         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1529         (JSC::BytecodeGenerator::popLexicalScope):
1530         (JSC::BytecodeGenerator::popLexicalScopeInternal):
1531         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1532         (JSC::BytecodeGenerator::variable):
1533         (JSC::BytecodeGenerator::resolveType):
1534         (JSC::BytecodeGenerator::emitResolveScope):
1535         (JSC::BytecodeGenerator::emitPopScope):
1536         (JSC::BytecodeGenerator::emitPopWithScope):
1537         (JSC::BytecodeGenerator::emitDebugHook):
1538         (JSC::BytecodeGenerator::popScopedControlFlowContext):
1539         (JSC::BytecodeGenerator::emitPushCatchScope):
1540         (JSC::BytecodeGenerator::emitPopCatchScope):
1541         (JSC::BytecodeGenerator::beginSwitch):
1542         (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
1543         * bytecompiler/BytecodeGenerator.h:
1544         (JSC::BytecodeGenerator::lastOpcodeID):
1545         * bytecompiler/NodesCodegen.cpp:
1546         (JSC::AssignResolveNode::emitBytecode):
1547         (JSC::WithNode::emitBytecode):
1548         (JSC::TryNode::emitBytecode):
1549         * debugger/DebuggerScope.cpp:
1550         (JSC::DebuggerScope::isCatchScope):
1551         (JSC::DebuggerScope::isFunctionNameScope):
1552         (JSC::DebuggerScope::isFunctionOrEvalScope):
1553         (JSC::DebuggerScope::caughtValue):
1554         * debugger/DebuggerScope.h:
1555         * inspector/ScriptDebugServer.cpp:
1556         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
1557         * interpreter/Interpreter.cpp:
1558         (JSC::Interpreter::execute):
1559         * jit/JITOpcodes.cpp:
1560         (JSC::JIT::emit_op_push_name_scope):
1561         * jit/JITOpcodes32_64.cpp:
1562         (JSC::JIT::emit_op_push_name_scope):
1563         * jit/JITOperations.cpp:
1564         * jit/JITOperations.h:
1565         * parser/ASTBuilder.h:
1566         (JSC::ASTBuilder::createContinueStatement):
1567         (JSC::ASTBuilder::createTryStatement):
1568         * parser/NodeConstructors.h:
1569         (JSC::ThrowNode::ThrowNode):
1570         (JSC::TryNode::TryNode):
1571         (JSC::FunctionParameters::FunctionParameters):
1572         * parser/Nodes.h:
1573         * parser/Parser.cpp:
1574         (JSC::Parser<LexerType>::parseTryStatement):
1575         * parser/SyntaxChecker.h:
1576         (JSC::SyntaxChecker::createBreakStatement):
1577         (JSC::SyntaxChecker::createContinueStatement):
1578         (JSC::SyntaxChecker::createTryStatement):
1579         (JSC::SyntaxChecker::createSwitchStatement):
1580         (JSC::SyntaxChecker::createWhileStatement):
1581         (JSC::SyntaxChecker::createWithStatement):
1582         * runtime/JSCatchScope.cpp:
1583         * runtime/JSCatchScope.h:
1584         (JSC::JSCatchScope::JSCatchScope): Deleted.
1585         (JSC::JSCatchScope::create): Deleted.
1586         (JSC::JSCatchScope::createStructure): Deleted.
1587         * runtime/JSFunctionNameScope.h:
1588         (JSC::JSFunctionNameScope::JSFunctionNameScope):
1589         * runtime/JSGlobalObject.cpp:
1590         (JSC::JSGlobalObject::init):
1591         (JSC::JSGlobalObject::visitChildren):
1592         * runtime/JSGlobalObject.h:
1593         (JSC::JSGlobalObject::withScopeStructure):
1594         (JSC::JSGlobalObject::strictEvalActivationStructure):
1595         (JSC::JSGlobalObject::activationStructure):
1596         (JSC::JSGlobalObject::functionNameScopeStructure):
1597         (JSC::JSGlobalObject::directArgumentsStructure):
1598         (JSC::JSGlobalObject::scopedArgumentsStructure):
1599         (JSC::JSGlobalObject::catchScopeStructure): Deleted.
1600         * runtime/JSNameScope.cpp:
1601         (JSC::JSNameScope::create):
1602         (JSC::JSNameScope::toThis):
1603         * runtime/JSNameScope.h:
1604         * runtime/JSObject.cpp:
1605         (JSC::JSObject::toThis):
1606         (JSC::JSObject::isFunctionNameScopeObject):
1607         (JSC::JSObject::isCatchScopeObject): Deleted.
1608         * runtime/JSObject.h:
1609         * runtime/JSScope.cpp:
1610         (JSC::JSScope::collectVariablesUnderTDZ):
1611         (JSC::JSScope::isLexicalScope):
1612         (JSC::JSScope::isCatchScope):
1613         (JSC::resolveModeName):
1614         * runtime/JSScope.h:
1615         * runtime/SymbolTable.cpp:
1616         (JSC::SymbolTable::SymbolTable):
1617         (JSC::SymbolTable::cloneScopePart):
1618         * runtime/SymbolTable.h:
1619         * tests/stress/const-semantics.js:
1620         (.):
1621
1622 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
1623
1624         DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
1625         https://bugs.webkit.org/show_bug.cgi?id=147373
1626
1627         Reviewed by Mark Lam.
1628
1629         The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
1630         safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
1631         safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
1632
1633         When converting a GetByVal to GetStack, there are three possibilities:
1634
1635         1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
1636            know to have stored to the stack. For example, if we inline a function that does
1637            "arguments[42]" at a call that passes no arguments.
1638
1639         2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
1640            can happen for "arguments[42]" with no inline call frame (since we don't know statically
1641            how many arguments we will be passed) or in a varargs call frame.
1642
1643         3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
1644            happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
1645            frame, and we know that the caller passed 42 or more arguments.
1646
1647         The way the phase handles this is it first determines that we're not in case (1). This is
1648         called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
1649         frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
1650         is in-bounds (i.e. case (3)).
1651
1652         But the phase was again doing a check for whether the index is in-bounds for non-varargs
1653         inline call frames even when safeToGetStack was true. That check is redundant and should be
1654         eliminated, since it makes the code confusing.
1655
1656         * dfg/DFGArgumentsEliminationPhase.cpp:
1657
1658 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
1659
1660         DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
1661         https://bugs.webkit.org/show_bug.cgi?id=147371
1662
1663         Reviewed by Mark Lam.
1664
1665         Two fixes:
1666
1667         - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
1668           using ConflictingFlush for arguments.
1669
1670         - Assert that a GetStack never sees ConflictingFlush.
1671
1672         * dfg/DFGPutStackSinkingPhase.cpp:
1673
1674 2015-07-28  Basile Clement  <basile_clement@apple.com>
1675
1676         Misleading error message: "At least one digit must occur after a decimal point"
1677         https://bugs.webkit.org/show_bug.cgi?id=146238
1678
1679         Reviewed by Geoffrey Garen.
1680
1681         Interestingly, we had a comment explaining what this error message was
1682         about that is much clearer than the error message itself. This patch
1683         simply replaces the error message with the explanation from the
1684         comment.
1685
1686         * parser/Lexer.cpp:
1687         (JSC::Lexer<T>::lex):
1688
1689 2015-07-28  Basile Clement  <basile_clement@apple.com>
1690
1691         Simplify call linking
1692         https://bugs.webkit.org/show_bug.cgi?id=147363
1693
1694         Reviewed by Filip Pizlo.
1695
1696         Previously, we were passing both the CallLinkInfo and a
1697         (CodeSpecializationKind, RegisterPreservationMode) pair to the
1698         different call linking slow paths. However, the CallLinkInfo already
1699         has all of that information, and we don't gain anything by having them
1700         in additional static parameters - except possibly a very small
1701         performance gain in presence of inlining. However since those are
1702         already slow paths, this performance loss (if it exists) will not be
1703         visible in practice.
1704
1705         This patch removes the various specialized thunks and JIT operations
1706         for regular and polymorphic call linking with a single thunk and
1707         operation for each case. Moreover, it removes the four specialized
1708         virtual call thunks and operations with one virtual call thunk for each
1709         call link info, allowing for better branch prediction by the CPU and
1710         fixing a pre-existing FIXME.
1711
1712         * bytecode/CallLinkInfo.cpp:
1713         (JSC::CallLinkInfo::unlink):
1714         (JSC::CallLinkInfo::dummy): Deleted.
1715         * bytecode/CallLinkInfo.h:
1716         (JSC::CallLinkInfo::CallLinkInfo):
1717         (JSC::CallLinkInfo::registerPreservationMode):
1718         (JSC::CallLinkInfo::setUpCallFromFTL):
1719         (JSC::CallLinkInfo::setSlowStub):
1720         (JSC::CallLinkInfo::clearSlowStub):
1721         (JSC::CallLinkInfo::slowStub):
1722         * dfg/DFGDriver.cpp:
1723         (JSC::DFG::compileImpl):
1724         * dfg/DFGJITCompiler.cpp:
1725         (JSC::DFG::JITCompiler::link):
1726         * ftl/FTLJSCallBase.cpp:
1727         (JSC::FTL::JSCallBase::link):
1728         * jit/JITCall.cpp:
1729         (JSC::JIT::compileCallEvalSlowCase):
1730         (JSC::JIT::compileOpCall):
1731         (JSC::JIT::compileOpCallSlowCase):
1732         * jit/JITCall32_64.cpp:
1733         (JSC::JIT::compileCallEvalSlowCase):
1734         (JSC::JIT::compileOpCall):
1735         (JSC::JIT::compileOpCallSlowCase):
1736         * jit/JITOperations.cpp:
1737         * jit/JITOperations.h:
1738         (JSC::operationLinkFor): Deleted.
1739         (JSC::operationVirtualFor): Deleted.
1740         (JSC::operationLinkPolymorphicCallFor): Deleted.
1741         * jit/Repatch.cpp:
1742         (JSC::generateByIdStub):
1743         (JSC::linkSlowFor):
1744         (JSC::linkFor):
1745         (JSC::revertCall):
1746         (JSC::unlinkFor):
1747         (JSC::linkVirtualFor):
1748         (JSC::linkPolymorphicCall):
1749         * jit/Repatch.h:
1750         * jit/ThunkGenerators.cpp:
1751         (JSC::linkCallThunkGenerator):
1752         (JSC::linkPolymorphicCallThunkGenerator):
1753         (JSC::virtualThunkFor):
1754         (JSC::linkForThunkGenerator): Deleted.
1755         (JSC::linkConstructThunkGenerator): Deleted.
1756         (JSC::linkCallThatPreservesRegsThunkGenerator): Deleted.
1757         (JSC::linkConstructThatPreservesRegsThunkGenerator): Deleted.
1758         (JSC::linkPolymorphicCallForThunkGenerator): Deleted.
1759         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator): Deleted.
1760         (JSC::virtualForThunkGenerator): Deleted.
1761         (JSC::virtualCallThunkGenerator): Deleted.
1762         (JSC::virtualConstructThunkGenerator): Deleted.
1763         (JSC::virtualCallThatPreservesRegsThunkGenerator): Deleted.
1764         (JSC::virtualConstructThatPreservesRegsThunkGenerator): Deleted.
1765         * jit/ThunkGenerators.h:
1766         (JSC::linkThunkGeneratorFor): Deleted.
1767         (JSC::linkPolymorphicCallThunkGeneratorFor): Deleted.
1768         (JSC::virtualThunkGeneratorFor): Deleted.
1769
1770 2015-07-28  Basile Clement  <basile_clement@apple.com>
1771
1772         stress/math-pow-with-constants.js fails in cloop
1773         https://bugs.webkit.org/show_bug.cgi?id=147167
1774
1775         Reviewed by Geoffrey Garen.
1776
1777         Baseline JIT, DFG and FTL are using a fast exponentiation fast path
1778         when computing Math.pow() with an integer exponent that is not taken in
1779         the LLInt (or the DFG abstract interpreter). This leads to the result
1780         of pow changing depending on the compilation tier or the fact that
1781         constant propagation kicks in, which is undesirable.
1782
1783         This patch adds the fast path to the slow operationMathPow in order to
1784         maintain an illusion of consistency.
1785
1786         * runtime/MathCommon.cpp:
1787         (JSC::operationMathPow):
1788         * tests/stress/math-pow-coherency.js: Added.
1789         (pow42):
1790         (build42AsDouble.opaqueAdd):
1791         (build42AsDouble):
1792         (powDouble42):
1793         (clobber):
1794         (pow42NoConstantFolding):
1795         (powDouble42NoConstantFolding):
1796
1797 2015-07-28  Joseph Pecoraro  <pecoraro@apple.com>
1798
1799         Web Inspector: Show Pseudo Elements in DOM Tree
1800         https://bugs.webkit.org/show_bug.cgi?id=139612
1801
1802         Reviewed by Timothy Hatcher.
1803
1804         * inspector/protocol/DOM.json:
1805         Add new properties to DOMNode if it is a pseudo element or if it has
1806         pseudo element children. Add new events for if a pseudo element is
1807         added or removed dynamically to an existing DOMNode.
1808
1809 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
1810
1811         Add logging when executable code gets deallocated
1812         https://bugs.webkit.org/show_bug.cgi?id=147355
1813
1814         Reviewed by Mark Lam.
1815
1816         * ftl/FTLJITCode.cpp:
1817         (JSC::FTL::JITCode::~JITCode): Print something when this is freed.
1818         * jit/JITCode.cpp:
1819         (JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef): Print something when this is freed.
1820
1821 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
1822
1823         DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
1824         https://bugs.webkit.org/show_bug.cgi?id=147354
1825
1826         Reviewed by Michael Saboff.
1827
1828         If m_structure.isClobbered(), it means that we had a side effect that clobbered
1829         the abstract value but it may recover back to its original value at the next
1830         invalidation point. Since the invalidation point hasn't been reached yet, we need
1831         to conservatively treat the clobbered state as if it was top. At the invalidation
1832         point, the clobbered set will return back to being unclobbered.
1833
1834         In addition to fixing the bug, this introduces isInfinite(), which should be used
1835         in places where it's tempting to just use isTop().
1836
1837         * dfg/DFGSafeToExecute.h:
1838         (JSC::DFG::safeToExecute): Fix the bug.
1839         * dfg/DFGStructureAbstractValue.cpp:
1840         (JSC::DFG::StructureAbstractValue::contains): Switch to using isInfinite().
1841         (JSC::DFG::StructureAbstractValue::isSubsetOf): Switch to using isInfinite().
1842         (JSC::DFG::StructureAbstractValue::isSupersetOf): Switch to using isInfinite().
1843         (JSC::DFG::StructureAbstractValue::overlaps): Switch to using isInfinite().
1844         * dfg/DFGStructureAbstractValue.h:
1845         (JSC::DFG::StructureAbstractValue::isFinite): New convenience method.
1846         (JSC::DFG::StructureAbstractValue::isInfinite): New convenience method.
1847         (JSC::DFG::StructureAbstractValue::onlyStructure): Switch to using isInfinite().
1848
1849 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
1850
1851         [ES6] Implement Reflect.enumerate
1852         https://bugs.webkit.org/show_bug.cgi?id=147347
1853
1854         Reviewed by Sam Weinig.
1855
1856         This patch implements Reflect.enumerate.
1857         It returns the iterator that iterates the enumerable keys of the given object.
1858         It follows the for-in's enumeration order.
1859
1860         To implement it, we write down the same logic to the for-in's enumeration code in C++.
1861
1862         * CMakeLists.txt:
1863         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1864         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1865         * JavaScriptCore.xcodeproj/project.pbxproj:
1866         * runtime/JSGlobalObject.cpp:
1867         (JSC::JSGlobalObject::init):
1868         (JSC::JSGlobalObject::visitChildren):
1869         * runtime/JSGlobalObject.h:
1870         (JSC::JSGlobalObject::propertyNameIteratorStructure):
1871         * runtime/JSPropertyNameIterator.cpp: Added.
1872         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1873         (JSC::JSPropertyNameIterator::clone):
1874         (JSC::JSPropertyNameIterator::create):
1875         (JSC::JSPropertyNameIterator::finishCreation):
1876         (JSC::JSPropertyNameIterator::visitChildren):
1877         (JSC::JSPropertyNameIterator::next):
1878         (JSC::propertyNameIteratorFuncNext):
1879         * runtime/JSPropertyNameIterator.h: Added.
1880         (JSC::JSPropertyNameIterator::createStructure):
1881         * runtime/ReflectObject.cpp:
1882         (JSC::reflectObjectEnumerate):
1883         * tests/stress/reflect-enumerate.js: Added.
1884         (shouldBe):
1885         (shouldThrow):
1886
1887 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
1888
1889         [ES6] Implement Reflect.preventExtensions
1890         https://bugs.webkit.org/show_bug.cgi?id=147331
1891
1892         Reviewed by Sam Weinig.
1893
1894         Implement Reflect.preventExtensions.
1895         This is different from Object.preventExensions.
1896
1897         1. When preventExtensions is called onto the non-object, it raises the TypeError.
1898         2. Reflect.preventExtensions does not raise the TypeError when the preventExtensions operation is failed.
1899
1900         For the (2) case, since there is no Proxy implementation currently, Reflect.preventExtensions always succeed.
1901
1902         * runtime/ReflectObject.cpp:
1903         (JSC::reflectObjectPreventExtensions):
1904         * tests/stress/reflect-prevent-extensions.js: Added.
1905         (shouldBe):
1906         (shouldThrow):
1907
1908 2015-07-27  Alex Christensen  <achristensen@webkit.org>
1909
1910         Use Ninja on Windows.
1911         https://bugs.webkit.org/show_bug.cgi?id=147228
1912
1913         Reviewed by Martin Robinson.
1914
1915         * CMakeLists.txt:
1916         Set the working directory when generating LowLevelInterpreterWin.asm to put LowLevelInterpreterWin.asm.sym in the right place.
1917
1918 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
1919
1920         SparseValueMap check is skipped when the butterfly's vectorLength is larger than the access-requested index
1921         https://bugs.webkit.org/show_bug.cgi?id=147265
1922
1923         Reviewed by Geoffrey Garen.
1924
1925         JSObject's vector holds the indexed values and we leverage it to represent stored values and holes.
1926         By checking that the given index is in-bound of the vector's length, we can look up the property fast.
1927         And for the sparse array, we have also the separated SparseValueMap to hold the pairs.
1928         And we need to take care that the length of the vector should not overlap the indices stored in the SparseValueMap.
1929
1930         The vector only holds the pure JS values to avoid additional checking for accessors when looking up the value
1931         from the vector. To achieve this, we also store the accessors (and attributed properties) to SparseValueMap
1932         even the index is less than MIN_SPARSE_ARRAY_INDEX.
1933
1934         As a result, if the length of the vector overlaps the indices of the accessors stored in the SparseValueMap,
1935         we accidentally skip the phase looking up from the SparseValueMap. Instead, we just load from the vector and
1936         if the loaded value is an array hole, we decide the given object does not have the value for the given index.
1937
1938         This patch fixes the problem.
1939         When defining the attributed value that index is smaller than the length of the vector, we throw away the vector
1940         and change the object to DictionaryIndexingMode. Since we can assume that indexed accessors rarely exist in
1941         practice, we expect this does not hurt the performance while keeping the fast property access system without
1942         checking the sparse map.
1943
1944         * runtime/JSObject.cpp:
1945         (JSC::JSObject::putDirectIndexBeyondVectorLength):
1946         * tests/stress/sparse-map-non-overlapping.js: Added.
1947         (shouldBe):
1948         (testing):
1949         (object.get 1000):
1950         * tests/stress/sparse-map-non-skip-getter-overriding.js: Added.
1951         (shouldBe):
1952         (obj.get 1):
1953         (testing):
1954         * tests/stress/sparse-map-non-skip.js: Added.
1955         (shouldBe):
1956         (testing):
1957         (testing2):
1958         (.get for):
1959
1960 2015-07-27  Saam barati  <saambarati1@gmail.com>
1961
1962         Reduce execution time for "let" and "const" tests
1963         https://bugs.webkit.org/show_bug.cgi?id=147291
1964
1965         Reviewed by Geoffrey Garen.
1966
1967         We don't need to loop so many times for things that will not make it 
1968         into the DFG.  Also, we can loop a lot less for almost all the tests 
1969         because they're mostly testing the bytecode generator.
1970
1971         * tests/stress/const-and-with-statement.js:
1972         * tests/stress/const-exception-handling.js:
1973         * tests/stress/const-loop-semantics.js:
1974         * tests/stress/const-not-strict-mode.js:
1975         * tests/stress/const-semantics.js:
1976         * tests/stress/const-tdz.js:
1977         * tests/stress/lexical-let-and-with-statement.js:
1978         * tests/stress/lexical-let-exception-handling.js:
1979         (assert):
1980         * tests/stress/lexical-let-loop-semantics.js:
1981         (assert):
1982         (shouldThrowTDZ):
1983         (.):
1984         * tests/stress/lexical-let-not-strict-mode.js:
1985         * tests/stress/lexical-let-semantics.js:
1986         (.):
1987         * tests/stress/lexical-let-tdz.js:
1988         (shouldThrowTDZ):
1989         (.):
1990
1991 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
1992
1993         Rename PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols
1994         https://bugs.webkit.org/show_bug.cgi?id=147311
1995
1996         Reviewed by Sam Weinig.
1997
1998         To make the meaning clear in the user side (PropertyNameArray array(exec, PropertyNameMode::StringsAndSymbols)),
1999         this patch renames PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols.
2000
2001         * bytecode/ObjectAllocationProfile.h:
2002         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
2003         * runtime/EnumerationMode.h:
2004         * runtime/ObjectConstructor.cpp:
2005         (JSC::ownEnumerablePropertyKeys):
2006         (JSC::defineProperties):
2007         (JSC::objectConstructorSeal):
2008         (JSC::objectConstructorFreeze):
2009         (JSC::objectConstructorIsSealed):
2010         (JSC::objectConstructorIsFrozen):
2011         (JSC::ownPropertyKeys):
2012         * runtime/ReflectObject.cpp:
2013         (JSC::reflectObjectOwnKeys):
2014
2015 2015-07-27  Saam barati  <saambarati1@gmail.com>
2016
2017         Added a comment explaining that all "addVar()"s should happen before
2018         emitting bytecode for a function's default parameter expressions
2019
2020         Rubber Stamped by Mark Lam.
2021
2022         * bytecompiler/BytecodeGenerator.cpp:
2023         (JSC::BytecodeGenerator::BytecodeGenerator):
2024
2025 2015-07-26  Sam Weinig  <sam@webkit.org>
2026
2027         Add missing builtin files to the JavaScriptCore Xcode project
2028         https://bugs.webkit.org/show_bug.cgi?id=147312
2029
2030         Reviewed by Darin Adler.
2031
2032         * JavaScriptCore.xcodeproj/project.pbxproj:
2033         Add missing files.
2034
2035 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2036
2037         [ES6] Implement Reflect.isExtensible
2038         https://bugs.webkit.org/show_bug.cgi?id=147308
2039
2040         Reviewed by Sam Weinig.
2041
2042         This patch implements Reflect.isExtensible.
2043         It is similar to Object.isExtensible.
2044         The difference is that it raises an error if the first argument is not an object.
2045
2046         * runtime/ReflectObject.cpp:
2047         (JSC::reflectObjectIsExtensible):
2048         * tests/stress/reflect-is-extensible.js: Added.
2049         (shouldBe):
2050         (shouldThrow):
2051
2052 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2053
2054         Unreviewed, fix the debug build due to touching the non-declared variable in ASSERT
2055         https://bugs.webkit.org/show_bug.cgi?id=147307
2056
2057         * runtime/ObjectConstructor.cpp:
2058         (JSC::ownPropertyKeys):
2059
2060 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
2061
2062         [ES6] Implement Reflect.ownKeys
2063         https://bugs.webkit.org/show_bug.cgi?id=147307
2064
2065         Reviewed by Sam Weinig.
2066
2067         This patch implements Reflect.ownKeys.
2068         In this patch, we refactor the existing code to list up own keys in the object.
2069         Such code is used by Object.getOwnPropertyNames, Object.getOwnPropertyKeys, Object.keys and @ownEnumerableKeys.
2070         We factor out the listing up own keys as ownPropertyKeys function and also use it in Reflect.ownKeys.
2071
2072         * runtime/ObjectConstructor.cpp:
2073         (JSC::objectConstructorGetOwnPropertyNames):
2074         (JSC::objectConstructorGetOwnPropertySymbols):
2075         (JSC::objectConstructorKeys):
2076         (JSC::ownEnumerablePropertyKeys):
2077         (JSC::ownPropertyKeys):
2078         * runtime/ObjectConstructor.h:
2079         * runtime/ReflectObject.cpp:
2080         (JSC::reflectObjectOwnKeys):
2081         * tests/stress/reflect-own-keys.js: Added.
2082         (shouldBe):
2083         (shouldThrow):
2084         (shouldBeArray):
2085
2086 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
2087
2088         [ES6] Implement Reflect.apply
2089         https://bugs.webkit.org/show_bug.cgi?id=147306
2090
2091         Reviewed by Sam Weinig.
2092
2093         Implement Reflect.apply.
2094         The large part of this can be implemented by the @apply builtin annotation.
2095         The only thing which is different from the Funciton.prototype.apply is the third parameter,
2096         "argumentsList" is needed to be an object.
2097
2098         * builtins/ReflectObject.js:
2099         (apply):
2100         (deleteProperty):
2101         * runtime/ReflectObject.cpp:
2102         * tests/stress/reflect-apply.js: Added.
2103         (shouldBe):
2104         (shouldThrow):
2105         (get shouldThrow):
2106         (.get shouldThrow):
2107         (get var.array.get length):
2108         (get var.array.get 0):
2109         (.get var):
2110         * tests/stress/reflect-delete-property.js:
2111
2112 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
2113
2114         [ES6] Add Reflect namespace and add Reflect.deleteProperty
2115         https://bugs.webkit.org/show_bug.cgi?id=147287
2116
2117         Reviewed by Sam Weinig.
2118
2119         This patch just creates the namespace for ES6 Reflect APIs.
2120         And add template files to implement the actual code.
2121
2122         Not to keep the JS generated properties C array empty,
2123         we added one small method, Reflect.deleteProperty in this patch.
2124
2125         * CMakeLists.txt:
2126         * DerivedSources.make:
2127         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2128         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2129         * JavaScriptCore.xcodeproj/project.pbxproj:
2130         * builtins/ReflectObject.js: Added.
2131         (deleteProperty):
2132         * runtime/CommonIdentifiers.h:
2133         * runtime/JSGlobalObject.cpp:
2134         (JSC::JSGlobalObject::init):
2135         * runtime/ReflectObject.cpp: Added.
2136         (JSC::ReflectObject::ReflectObject):
2137         (JSC::ReflectObject::finishCreation):
2138         (JSC::ReflectObject::getOwnPropertySlot):
2139         * runtime/ReflectObject.h: Added.
2140         (JSC::ReflectObject::create):
2141         (JSC::ReflectObject::createStructure):
2142         * tests/stress/reflect-delete-property.js: Added.
2143         (shouldBe):
2144         (shouldThrow):
2145
2146 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
2147
2148         Avoid 2 times name iteration in Object.assign
2149         https://bugs.webkit.org/show_bug.cgi?id=147268
2150
2151         Reviewed by Geoffrey Garen.
2152
2153         Object.assign calls Object.getOwnPropertyNames & Object.getOwnPropertySymbols to collect all the names.
2154         But exposing the private API that collects both at the same time makes the API efficient when the given Object has so many non-indexed properties.
2155         Since Object.assign is so generic API (some form of utility API), the form of the given Object is not expected.
2156         So the taken object may have so many non-indexed properties.
2157
2158         In this patch, we introduce `ownEnumerablePropertyKeys` private function.
2159         It is minor changed version of `[[OwnPropertyKeys]]` in the ES6 spec;
2160         It only includes enumerable properties.
2161
2162         By filtering out the non-enumerable properties in the exposed private function,
2163         we avoid calling @objectGetOwnPropertyDescriptor for each property at the same time.
2164
2165         * builtins/ObjectConstructor.js:
2166         (assign):
2167         * runtime/CommonIdentifiers.h:
2168         * runtime/EnumerationMode.h:
2169         * runtime/JSGlobalObject.cpp:
2170         (JSC::JSGlobalObject::init):
2171         * runtime/ObjectConstructor.cpp:
2172         (JSC::ownEnumerablePropertyKeys):
2173         * runtime/ObjectConstructor.h:
2174         * tests/stress/object-assign-enumerable.js: Added.
2175         (shouldBe):
2176         * tests/stress/object-assign-order.js: Added.
2177         (shouldBe):
2178
2179 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
2180
2181         Remove runtime flags for symbols
2182         https://bugs.webkit.org/show_bug.cgi?id=147246
2183
2184         Reviewed by Alex Christensen.
2185
2186         * runtime/ArrayPrototype.cpp:
2187         (JSC::ArrayPrototype::finishCreation):
2188         * runtime/JSGlobalObject.cpp:
2189         (JSC::JSGlobalObject::init): Deleted.
2190         * runtime/JSGlobalObject.h:
2191         * runtime/ObjectConstructor.cpp:
2192         (JSC::ObjectConstructor::finishCreation):
2193         * runtime/RuntimeFlags.h:
2194
2195 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
2196
2197         Object.getOwnPropertySymbols on large list takes very long
2198         https://bugs.webkit.org/show_bug.cgi?id=146137
2199
2200         Reviewed by Mark Lam.
2201
2202         Before this patch, Object.getOwnPropertySymbols collects all the names including strings.
2203         And after it's done, filter the names to only retrieve the symbols.
2204         But it's so time consuming if the given object is a large non-holed array since it has
2205         many indexed properties and all the indexes have to be converted to uniqued_strings and
2206         added to the collection of property names (though they may not be of the requested type
2207         and will be filtered out later)
2208
2209         This patch introduces PropertyNameMode.
2210         We leverage this mode in 2 places.
2211
2212         1. PropertyNameArray side
2213         It is set in PropertyNameArray and it filters the incoming added identifiers based on the mode.
2214         It ensures that PropertyNameArray doesn't become so large in the pathological case.
2215         And it ensures that non-expected typed keys by the filter (Symbols or Strings) are never added
2216         to the property name array collections.
2217         However it does not solve the whole problem because the huge array still incurs the many
2218         "indexed property to uniqued string" conversion and the large iteration before adding the keys
2219         to the property name array.
2220
2221         2. getOwnPropertyNames side
2222         So we can use the PropertyNameMode in the caller side (getOwnPropertyNames) as a **hint**.
2223         When the large iteration may occur, the caller side can use the PropertyNameMode as a hint to
2224         avoid the iteration.
2225         But we cannot exclusively rely on these caller side checks because it would require that we
2226         exhaustively add the checks to all custom implementations of getOwnPropertyNames as well.
2227         This process requires manual inspection of many pieces of code, and is error prone. Instead,
2228         we only apply the caller side check in a few strategic places where it is known to yield
2229         performance benefits; and we rely on the filter in PropertyNameArray::add() to reject the wrong
2230         types of properties for all other calls to PropertyNameArray::add().
2231
2232         In this patch, there's a concept in use that is not clear just from reading the code, and hence
2233         should be documented here. When selecting the PropertyNameMode for the PropertyNameArray to be
2234         instantiated, we apply the following logic:
2235
2236         1. Only JavaScriptCore code is aware of ES6 Symbols.
2237         We can assume that pre-existing external code that interfaces JSC are only looking for string named properties. This includes:
2238             a. WebCore bindings
2239             b. Serializer bindings
2240             c. NPAPI bindings
2241             d. Objective C bindings
2242         2. In JSC, code that compute object storage space needs to iterate both Symbol and String named properties. Hence, use PropertyNameMode::Both.
2243         3. In JSC, ES6 APIs that work with Symbols should use PropertyNameMode::Symbols.
2244         4. In JSC, ES6 APIs that work with String named properties should use PropertyNameMode::Strings.
2245
2246         * API/JSObjectRef.cpp:
2247         (JSObjectCopyPropertyNames):
2248         * bindings/ScriptValue.cpp:
2249         (Deprecated::jsToInspectorValue):
2250         * bytecode/ObjectAllocationProfile.h:
2251         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
2252         * runtime/EnumerationMode.h:
2253         (JSC::EnumerationMode::EnumerationMode):
2254         (JSC::EnumerationMode::includeSymbolProperties): Deleted.
2255         * runtime/GenericArgumentsInlines.h:
2256         (JSC::GenericArguments<Type>::getOwnPropertyNames):
2257         * runtime/JSGenericTypedArrayViewInlines.h:
2258         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertyNames):
2259         * runtime/JSLexicalEnvironment.cpp:
2260         (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
2261         * runtime/JSONObject.cpp:
2262         (JSC::Stringifier::Stringifier):
2263         (JSC::Stringifier::Holder::appendNextProperty):
2264         (JSC::Walker::walk):
2265         * runtime/JSObject.cpp:
2266         (JSC::JSObject::getOwnPropertyNames):
2267         * runtime/JSPropertyNameEnumerator.cpp:
2268         (JSC::JSPropertyNameEnumerator::create):
2269         * runtime/JSPropertyNameEnumerator.h:
2270         (JSC::propertyNameEnumerator):
2271         * runtime/JSSymbolTableObject.cpp:
2272         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
2273         * runtime/ObjectConstructor.cpp:
2274         (JSC::objectConstructorGetOwnPropertyNames):
2275         (JSC::objectConstructorGetOwnPropertySymbols):
2276         (JSC::objectConstructorKeys):
2277         (JSC::defineProperties):
2278         (JSC::objectConstructorSeal):
2279         (JSC::objectConstructorFreeze):
2280         (JSC::objectConstructorIsSealed):
2281         (JSC::objectConstructorIsFrozen):
2282         * runtime/PropertyNameArray.h:
2283         (JSC::PropertyNameArray::PropertyNameArray):
2284         (JSC::PropertyNameArray::mode):
2285         (JSC::PropertyNameArray::addKnownUnique):
2286         (JSC::PropertyNameArray::add):
2287         (JSC::PropertyNameArray::isUidMatchedToTypeMode):
2288         (JSC::PropertyNameArray::includeSymbolProperties):
2289         (JSC::PropertyNameArray::includeStringProperties):
2290         * runtime/StringObject.cpp:
2291         (JSC::StringObject::getOwnPropertyNames):
2292         * runtime/Structure.cpp:
2293         (JSC::Structure::getPropertyNamesFromStructure):
2294
2295 2015-07-24  Saam barati  <saambarati1@gmail.com>
2296
2297         [ES6] Add support for default parameters
2298         https://bugs.webkit.org/show_bug.cgi?id=38409
2299
2300         Reviewed by Filip Pizlo.
2301
2302         This patch implements ES6 default parameters according to the ES6
2303         specification. This patch builds off the components introduced with 
2304         "let" scoping and parsing function parameters in the same parser
2305         arena as the function itself. "let" scoping allows functions with default 
2306         parameter values to place their parameters under the TDZ. Parsing function
2307         parameters in the same parser arena allows the FunctionParameters AST node
2308         refer to ExpressionNodes.
2309
2310         The most subtle part of this patch is how we allocate lexical environments
2311         when functions have default parameter values. If a function has default
2312         parameter values then there must be a separate lexical environment for
2313         its parameters. Then, the function's "var" lexical environment must have
2314         the parameter lexical environment as its parent. The BytecodeGenerator
2315         takes great care to not allocate the "var" lexical environment before its
2316         really needed.
2317
2318         The "arguments" object for a function with default parameters will never be 
2319         a mapped arugments object. It will always be a cloned arugments object.
2320
2321         * bytecompiler/BytecodeGenerator.cpp:
2322         (JSC::BytecodeGenerator::generate):
2323         (JSC::BytecodeGenerator::BytecodeGenerator):
2324         (JSC::BytecodeGenerator::~BytecodeGenerator):
2325         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2326         (JSC::BytecodeGenerator::initializeNextParameter):
2327         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2328         (JSC::BytecodeGenerator::visibleNameForParameter):
2329         (JSC::BytecodeGenerator::emitLoadGlobalObject):
2330         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2331         (JSC::BytecodeGenerator::pushLexicalScope):
2332         (JSC::BytecodeGenerator::popLexicalScope):
2333         * bytecompiler/BytecodeGenerator.h:
2334         (JSC::BytecodeGenerator::lastOpcodeID):
2335         * bytecompiler/NodesCodegen.cpp:
2336         (JSC::FunctionNode::emitBytecode):
2337         * jit/JITOperations.cpp:
2338         * parser/ASTBuilder.h:
2339         (JSC::ASTBuilder::createElementList):
2340         (JSC::ASTBuilder::createFormalParameterList):
2341         (JSC::ASTBuilder::appendParameter):
2342         (JSC::ASTBuilder::createClause):
2343         (JSC::ASTBuilder::createClauseList):
2344         * parser/Nodes.h:
2345         (JSC::FunctionParameters::size):
2346         (JSC::FunctionParameters::at):
2347         (JSC::FunctionParameters::hasDefaultParameterValues):
2348         (JSC::FunctionParameters::append):
2349         * parser/Parser.cpp:
2350         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2351         (JSC::Parser<LexerType>::createBindingPattern):
2352         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2353         (JSC::Parser<LexerType>::parseDestructuringPattern):
2354         (JSC::Parser<LexerType>::parseFormalParameters):
2355         (JSC::Parser<LexerType>::parseFunctionParameters):
2356         * parser/Parser.h:
2357         (JSC::Scope::declareParameter):
2358         * parser/SyntaxChecker.h:
2359         (JSC::SyntaxChecker::createElementList):
2360         (JSC::SyntaxChecker::createFormalParameterList):
2361         (JSC::SyntaxChecker::appendParameter):
2362         (JSC::SyntaxChecker::createClause):
2363         (JSC::SyntaxChecker::createClauseList):
2364         * tests/stress/es6-default-parameters.js: Added.
2365         (assert):
2366         (shouldThrow):
2367         (shouldThrowSyntaxError):
2368         (shouldThrowTDZ):
2369         (basic):
2370         (basicFunctionCaptureInDefault.basicFunctionCaptureInDefault.basicCaptured):
2371         (basicCaptured.basicCaptured.tricky):
2372         (strict):
2373         (playground):
2374         (scoping):
2375         (augmentsArguments1):
2376         (augmentsArguments2):
2377         (augmentsArguments3):
2378         (augmentsArguments4):
2379         (augmentsArguments5):
2380
2381 2015-07-24  Xabier Rodriguez Calvar  <calvaris@igalia.com>
2382
2383         Remove JS Promise constructor unused piece of code
2384         https://bugs.webkit.org/show_bug.cgi?id=147262
2385
2386         Reviewed by Geoffrey Garen.
2387
2388         * runtime/JSPromiseConstructor.cpp:
2389         (JSC::constructPromise): Deleted.
2390         * runtime/JSPromiseConstructor.h: Removed JSC::constructPromise.
2391
2392 2015-07-24  Mark Lam  <mark.lam@apple.com>
2393
2394         Add WASM files to vcxproj files.
2395         https://bugs.webkit.org/show_bug.cgi?id=147264
2396
2397         Reviewed by Geoffrey Garen.
2398
2399         This is a follow up to http://trac.webkit.org/changeset/187254 where WASM files
2400         were introduced but were not able to be added to the vcxproj files yet.
2401
2402         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2403         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2404
2405 2015-07-23  Filip Pizlo  <fpizlo@apple.com>
2406
2407         DFG::safeToExecute() is wrong for MultiGetByOffset, doesn't consider the structures of the prototypes that get loaded from
2408         https://bugs.webkit.org/show_bug.cgi?id=147250
2409
2410         Reviewed by Geoffrey Garen.
2411         
2412         This fixes a nasty - but currently benign - bug in DFG::safeToExecute(). That function
2413         will tell you if hoisting a node to some point is safe in the sense that the node will
2414         not crash the VM if it executes at that point. A node may be unsafe to execute if we
2415         cannot prove that at that point, the memory it is loading is not garbage. This is a
2416         necessarily loose notion - for example it's OK to hoist a load if we haven't proved
2417         that the load makes semantic sense at that point, since anyway the place where the node
2418         did get used will still be guarded by any such semantic checks. But because we may also
2419         hoist uses of the load, we need to make sure that it doesn't produce a garbage value.
2420         Also, we need to ensure that the load won't trap. Hence safeToExecute() returns true
2421         anytime we can be sure that a node will not produce a garbage result (i.e. a malformed
2422         JSValue or object pointer) and will not trap when executed at the point in question.
2423         
2424         The bug is that this verification isn't performed for the loads from prototypes inside
2425         MultiGetByOffset. DFG::ByteCodeParser will guard MultiGetByOffset with CheckStructure's
2426         on the prototypes. So, hypothetically, you might end up hoisting a MultiGetByOffset
2427         above those structure checks, which would mean that we might load a value from a memory
2428         location without knowing that the location is valid. It might then return the value
2429         loaded.
2430         
2431         This never happens in practice. Those structure checks are more hoistable that the
2432         MultiGetByOffset, since they read a strict subset of the MultiGetByOffset's abstract
2433         heap reads. Also, we hoist in program order. So, those CheckStructure's will always be
2434         hoisted before the MultiGetByOffset gets hoisted.
2435         
2436         But we should fix this anyway. DFG::safeToExecute() has a clear definition of what a
2437         "true" return means for IR transformations, and it fails in satisfying that definition
2438         for MultiGetByOffset.
2439         
2440         There are various approaches we can use for making this safe. I considered two:
2441         
2442         1) Have MultiGetByOffset refer to the prototypes it is loading from in IR, so that we
2443            can check if it's safe to load from them.
2444         
2445         2) Turn off MultiGetByOffset hoisting when it will emit loads from prototypes, and the
2446            prototype structure isn't being watched.
2447         
2448         I ended up using (2), because it will be the most natural solution once I finish
2449         https://bugs.webkit.org/show_bug.cgi?id=146929. Already now, it's somewhat more natural
2450         than (1) since that requires more extensive IR changes. Also, (2) will give us what we
2451         want in *most* cases: we will usually watch the prototype structure, and we will
2452         usually constant-fold loads from prototypes. Both of these usually-true things would
2453         have to become false for MultiGetByOffset hoisting to be disabled by this change.
2454         
2455         This change also adds my attempt at a test, though it's not really a test of this bug.
2456         This bug is currently benign. But, the test does at least trigger the logic to run,
2457         which is better than nothing.
2458
2459         * dfg/DFGSafeToExecute.h:
2460         (JSC::DFG::safeToExecute):
2461         * tests/stress/multi-get-by-offset-hoist-around-structure-check.js: Added.
2462         (foo):
2463
2464 2015-07-23  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2465
2466         Implement WebAssembly modules
2467         https://bugs.webkit.org/show_bug.cgi?id=147222
2468
2469         Reviewed by Filip Pizlo.
2470
2471         Make JSWASMModule inherit from JSDestructibleObject so that the destructor is called.
2472
2473         * wasm/JSWASMModule.h:
2474
2475 2015-07-23  Alex Christensen  <achristensen@webkit.org>
2476
2477         Remove compile and runtime flags for promises.
2478         https://bugs.webkit.org/show_bug.cgi?id=147244
2479
2480         Reviewed by Yusuke Suzuki.
2481
2482         * API/JSCallbackObjectFunctions.h:
2483         (JSC::JSCallbackObject<Parent>::JSCallbackObject):
2484         * API/JSContextRef.cpp:
2485         (JSGlobalContextCreateInGroup):
2486         * Configurations/FeatureDefines.xcconfig:
2487         * inspector/JSInjectedScriptHost.cpp:
2488         (Inspector::JSInjectedScriptHost::getInternalProperties):
2489         * runtime/JSGlobalObject.cpp:
2490         (JSC::JSGlobalObject::init):
2491         (JSC::JSGlobalObject::visitChildren):
2492         * runtime/JSGlobalObject.h:
2493         (JSC::JSGlobalObject::create):
2494         (JSC::JSGlobalObject::syntaxErrorConstructor):
2495         (JSC::JSGlobalObject::typeErrorConstructor):
2496         (JSC::JSGlobalObject::URIErrorConstructor):
2497         (JSC::JSGlobalObject::promiseConstructor):
2498         (JSC::JSGlobalObject::nullGetterFunction):
2499         (JSC::JSGlobalObject::nullSetterFunction):
2500         (JSC::JSGlobalObject::applyFunction):
2501         (JSC::JSGlobalObject::definePropertyFunction):
2502         (JSC::JSGlobalObject::arrayProtoValuesFunction):
2503         (JSC::JSGlobalObject::initializePromiseFunction):
2504         (JSC::JSGlobalObject::newPromiseDeferredFunction):
2505         (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
2506         (JSC::JSGlobalObject::regExpPrototype):
2507         (JSC::JSGlobalObject::errorPrototype):
2508         (JSC::JSGlobalObject::iteratorPrototype):
2509         (JSC::JSGlobalObject::promisePrototype):
2510         (JSC::JSGlobalObject::debuggerScopeStructure):
2511         (JSC::JSGlobalObject::withScopeStructure):
2512         (JSC::JSGlobalObject::iteratorResultStructure):
2513         (JSC::JSGlobalObject::iteratorResultStructureOffset):
2514         (JSC::JSGlobalObject::regExpMatchesArrayStructure):
2515         (JSC::JSGlobalObject::promiseStructure):
2516         * runtime/JSPromise.cpp:
2517         (JSC::JSPromise::result):
2518         * runtime/JSPromise.h:
2519         * runtime/JSPromiseConstructor.cpp:
2520         (JSC::constructPromise):
2521         * runtime/JSPromiseConstructor.h:
2522         * runtime/JSPromiseDeferred.cpp:
2523         (JSC::JSPromiseDeferred::visitChildren):
2524         * runtime/JSPromiseDeferred.h:
2525         * runtime/JSPromisePrototype.cpp:
2526         (JSC::JSPromisePrototype::getOwnPropertySlot):
2527         * runtime/JSPromisePrototype.h:
2528         * runtime/RuntimeFlags.h:
2529         * runtime/VM.cpp:
2530         (JSC::VM::VM):
2531         * runtime/VM.h:
2532
2533 2015-07-23  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2534
2535         Implement WebAssembly modules
2536         https://bugs.webkit.org/show_bug.cgi?id=147222
2537
2538         Reviewed by Mark Lam.
2539
2540         Introducing the boilerplate data structure for the WebAssembly module.
2541         WebAssembly functionality will be added in a subsequent patch.
2542
2543         * CMakeLists.txt:
2544         * JavaScriptCore.xcodeproj/project.pbxproj:
2545         * wasm/JSWASMModule.cpp: Added.
2546         (JSC::JSWASMModule::visitChildren):
2547         * wasm/JSWASMModule.h: Added.
2548         (JSC::JSWASMModule::create):
2549         (JSC::JSWASMModule::createStructure):
2550         (JSC::JSWASMModule::JSWASMModule):
2551
2552 2015-07-23  Devin Rousso  <drousso@apple.com>
2553
2554         Web Inspector: Add a function to CSSCompletions to get a list of supported system fonts
2555         https://bugs.webkit.org/show_bug.cgi?id=147009
2556
2557         Reviewed by Joseph Pecoraro.
2558
2559         * inspector/protocol/CSS.json: Added getSupportedSystemFontFamilyNames function.
2560
2561 2015-07-22  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2562
2563         Add ENABLE_WEBASSEMBLY feature flag for WebAssembly
2564         https://bugs.webkit.org/show_bug.cgi?id=147212
2565
2566         Reviewed by Filip Pizlo.
2567
2568         * Configurations/FeatureDefines.xcconfig:
2569
2570 2015-07-22  Filip Pizlo  <fpizlo@apple.com>
2571
2572         Simplify DFG::DesiredIdentifiers and make it possible to turn a UniquedStringImpl* into an identifierNumber at any time
2573         https://bugs.webkit.org/show_bug.cgi?id=147218
2574
2575         Reviewed by Sam Weinig.
2576         
2577         I want to be able to take a UniquedStringImpl* and turn it into an identifierNumber at
2578         various points in my work on https://bugs.webkit.org/show_bug.cgi?id=146929. Currently,
2579         most Nodes that deal with identifiers use identifierNumbers and you can only create an
2580         identifierNumber in BytecodeGenerator. DFG::ByteCodeParser does sort of have the
2581         ability to create new identifierNumbers when inlining - it takes the inlined code's
2582         identifiers and either gives them new numbers or reuses numbers from the enclosing
2583         code.
2584         
2585         This patch takes that basic functionality and puts it in
2586         DFG::DesiredIdentifiers::ensure(). Anyone can call this at any time to turn a
2587         UniquedStringImpl* into an identifierNumber. This data structure is already used by
2588         Plan to properly install any newly created identifier table entries into the CodeBlock.
2589
2590         * dfg/DFGByteCodeParser.cpp:
2591         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2592         (JSC::DFG::ByteCodeParser::noticeArgumentsUse):
2593         (JSC::DFG::ByteCodeParser::linkBlocks):
2594         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2595         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): Deleted.
2596         * dfg/DFGDesiredIdentifiers.cpp:
2597         (JSC::DFG::DesiredIdentifiers::DesiredIdentifiers):
2598         (JSC::DFG::DesiredIdentifiers::numberOfIdentifiers):
2599         (JSC::DFG::DesiredIdentifiers::ensure):
2600         (JSC::DFG::DesiredIdentifiers::at):
2601         (JSC::DFG::DesiredIdentifiers::addLazily): Deleted.
2602         * dfg/DFGDesiredIdentifiers.h:
2603
2604 2015-07-22  Filip Pizlo  <fpizlo@apple.com>
2605
2606         Simplify things like CompareEq(@x,@x)
2607         https://bugs.webkit.org/show_bug.cgi?id=145850
2608
2609         Reviewed by Sam Weinig.
2610         
2611         This simplifies x==x to true, except in cases where x might be a double (in which case this
2612         might still be false if x is NaN).
2613
2614         * dfg/DFGAbstractInterpreterInlines.h:
2615         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2616         * tests/stress/nan-equal-untyped.js: Added.
2617         (foo):
2618         (test):
2619         * tests/stress/nan-equal.js: Added.
2620         (foo):
2621
2622 2015-07-22  Joseph Pecoraro  <pecoraro@apple.com>
2623
2624         Web Inspector: Timeline should immediately start moving play head when starting a new recording
2625         https://bugs.webkit.org/show_bug.cgi?id=147210
2626
2627         Reviewed by Timothy Hatcher.
2628
2629         * inspector/protocol/Timeline.json:
2630         Add timestamps to recordingStarted and recordingStopped events.
2631
2632 2015-07-22  Yusuke Suzuki  <utatane.tea@gmail.com>
2633
2634         Introducing construct ability into JS executables
2635         https://bugs.webkit.org/show_bug.cgi?id=147183
2636
2637         Reviewed by Geoffrey Garen.
2638
2639         Decouple the construct ability from the builtin functions.
2640         Currently, all builtin functions are not constructors after r182995.
2641         In that patch, when the given function is builtin JS function, we recognize it as the non-constructor function.
2642
2643         But, we need to relax it to implement some constructors in builtins JS.
2644         By decoupling the construct ability from whether the function is builtin or not, we can provide
2645
2646         1. constructors written in builtin JS
2647         2. non-constructors in normal JS functions
2648
2649         (1) is needed for Promise constructor.
2650         And (2) is needed for method functions and arrow functions.
2651
2652         This patch introduces ConstructAbility into the unlinked function executables.
2653         It holds whether the given JS function has the construct ability or not.
2654         By leveraging this, this patch disables the construct ability of the method definitions, setters, getters and arrow functions.
2655
2656         And at the same time, this patch introduces the annotation for constructor in builtin JS.
2657         We can define the function as follows,
2658
2659             constructor Promise(executor)
2660             {
2661                 ...
2662             }
2663
2664         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2665         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2666         * JavaScriptCore.xcodeproj/project.pbxproj:
2667         * builtins/BuiltinExecutables.cpp:
2668         (JSC::BuiltinExecutables::createDefaultConstructor):
2669         (JSC::BuiltinExecutables::createExecutableInternal):
2670         * builtins/BuiltinExecutables.h:
2671         * builtins/Iterator.prototype.js:
2672         (symbolIterator):
2673         (SymbolIterator): Deleted.
2674         * bytecode/UnlinkedCodeBlock.cpp:
2675         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2676         * bytecode/UnlinkedCodeBlock.h:
2677         * bytecompiler/BytecodeGenerator.h:
2678         (JSC::BytecodeGenerator::makeFunction):
2679         * generate-js-builtins:
2680         (getCopyright):
2681         (Function):
2682         (Function.__init__):
2683         (Function.mangleName):
2684         (getFunctions):
2685         (mangleName): Deleted.
2686         * jit/JITOperations.cpp:
2687         * llint/LLIntSlowPaths.cpp:
2688         (JSC::LLInt::setUpCall):
2689         * parser/Parser.cpp:
2690         (JSC::Parser<LexerType>::parseClass):
2691         * runtime/CodeCache.cpp:
2692         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2693         * runtime/CommonIdentifiers.h:
2694         * runtime/ConstructAbility.h: Copied from Source/JavaScriptCore/builtins/Iterator.prototype.js.
2695         * runtime/Executable.h:
2696         * runtime/JSFunction.cpp:
2697         (JSC::JSFunction::getConstructData):
2698         * runtime/JSGlobalObject.cpp:
2699         (JSC::JSGlobalObject::init):
2700         * tests/stress/non-constructors.js: Added.
2701         (shouldThrow):
2702         (.prototype.method):
2703         (.prototype.get getter):
2704         (.prototype.set setter):
2705         (.method):
2706         (.get shouldThrow):
2707         (.set shouldThrow):
2708         (set var.test.get getter):
2709         (set var.test.set setter):
2710         (set var.test.normal):
2711         (.set var):
2712         (.set new):
2713
2714 2015-07-22  Csaba Osztrogonác  <ossy@webkit.org>
2715
2716         [JSC] Enable exception fuzzing for GCC too
2717         https://bugs.webkit.org/show_bug.cgi?id=146831
2718
2719         Reviewed by Darin Adler.
2720
2721         * jit/JITOperations.cpp:
2722
2723 2015-07-22  Filip Pizlo  <fpizlo@apple.com>
2724
2725         Fixed pool allocation should always be aligned
2726         https://bugs.webkit.org/show_bug.cgi?id=147201
2727
2728         Reviewed by Simon Fraser.
2729         
2730         Passing an unaligned size to the allocator can cause asserts or even worse things. The
2731         Options reservation value isn't going to be aligned.
2732
2733         * jit/ExecutableAllocatorFixedVMPool.cpp:
2734         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
2735
2736 2015-07-22  Csaba Osztrogonác  <ossy@webkit.org>
2737
2738         Enable STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE for GCC
2739         https://bugs.webkit.org/show_bug.cgi?id=146829
2740
2741         Reviewed by Brent Fulgham.
2742
2743         * heap/GCAssertions.h:
2744
2745 2015-07-22  Alex Christensen  <achristensen@webkit.org>
2746
2747         Fix quirks in CMake build on Mac and Windows
2748         https://bugs.webkit.org/show_bug.cgi?id=147174
2749
2750         Reviewed by Gyuyoung Kim.
2751
2752         * PlatformMac.cmake:
2753         Add JSRemoteInspector.cpp and remove semicolon from command to make it actually run.
2754
2755 2015-07-21  Yusuke Suzuki  <utatane.tea@gmail.com>
2756
2757         Add newTarget accessor to JS constructor written in C++
2758         https://bugs.webkit.org/show_bug.cgi?id=147160
2759
2760         Reviewed by Geoffrey Garen.
2761
2762         This patch adds `ExecState#newTarget()` which returns `new.target` defined in ECMA262 6th.
2763         It enables some C++ constructors (like Intl.XXX constructors) to leverage this to complete
2764         its implementation.
2765
2766         When the constructor is called, |this| in the arguments is used for storing new.target instead.
2767         So by adding the accessor for |this|, JS constructor written in C++ can access new.target.
2768
2769         And at the same time, this patch extends the existing `construct` to accept new.target value.
2770         It is corresponding to the spec's Construct abstract operation.
2771
2772         * interpreter/CallFrame.h:
2773         (JSC::ExecState::newTarget):
2774         * interpreter/Interpreter.cpp:
2775         (JSC::Interpreter::executeConstruct):
2776         * interpreter/Interpreter.h:
2777         * runtime/ConstructData.cpp:
2778         (JSC::construct):
2779         * runtime/ConstructData.h:
2780         (JSC::construct):
2781
2782 2015-07-21  Filip Pizlo  <fpizlo@apple.com>
2783
2784         Unreviewed, fix a lot of tests. Need to initialize WTF threading sooner.
2785
2786         * jsc.cpp:
2787         (main):
2788
2789 2015-07-21  Filip Pizlo  <fpizlo@apple.com>
2790
2791         Fixed VM pool allocation should have a reserve for allocations that cannot fail
2792         https://bugs.webkit.org/show_bug.cgi?id=147154
2793         rdar://problem/21847618
2794
2795         Reviewed by Geoffrey Garen.
2796         
2797         This adds the notion of a JIT pool reserve fraction. Some fraction, currently 1/4, of
2798         the JIT pool is reserved for allocations that cannot fail. It makes sense to make this
2799         a fraction rather than a constant because each allocation that can fail may cause some
2800         number of allocations that cannot fail (for example, the OSR exit thunks that we
2801         compile when we exit from some CodeBlock cannot fail).
2802         
2803         I've tested this by adding a test mode where we artificially limit the JIT pool size.
2804         Prior to the fix, we had >20 failures. Now we have none.
2805
2806         * heap/GCLogging.cpp:
2807         (WTF::printInternal): I needed a dump method on Options members when debugging this.
2808         * heap/GCLogging.h:
2809         * jit/ExecutableAllocator.h: Raise the ARM64 limit to 32MB because 16MB is cutting it too close.
2810         * jit/ExecutableAllocatorFixedVMPool.cpp:
2811         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Add the ability to artificially limit JIT pool size for testing.
2812         (JSC::ExecutableAllocator::memoryPressureMultiplier): Implement the reserve when computing memory pressure for JIT tier-up heuristics.
2813         (JSC::ExecutableAllocator::allocate): Implement the reserve when allocating can-fail things.
2814         * jsc.cpp: Rewire some options parsing so that CommandLine happens before we create the JIT pool.
2815         (main):
2816         (CommandLine::parseArguments):
2817         (jscmain):
2818         * runtime/Options.cpp: 
2819         (JSC::OptionRange::dump): I needed a dump method on Options members when debugging this.
2820         (JSC::Options::initialize): This can now be called more than once.
2821         * runtime/Options.h:
2822
2823 2015-07-21  Saam barati  <saambarati1@gmail.com>
2824
2825         ObjectPatternNode's entry should use "const Identifier&" instead of "Identifier"
2826         https://bugs.webkit.org/show_bug.cgi?id=147156
2827
2828         Reviewed by Andreas Kling.
2829
2830         * parser/Nodes.h:
2831
2832 2015-07-21  Basile Clement  <basile_clement@apple.com>
2833
2834         Object allocation sinking phase is performing needless HashMap copies
2835         https://bugs.webkit.org/show_bug.cgi?id=147159
2836
2837         Reviewed by Geoffrey Garen.
2838
2839         The points-to analyzer in the object allocation sinking phase is
2840         currently performing copies of its allocation and pointers tables in
2841         several places. While this is not a huge problem since those tables are
2842         usually small and we are in the FTL path anyway, we still shouldn't be
2843         doing such useless copying.
2844
2845         This patch also removes the DFGInsertOSRHintsForUpdate files that are
2846         no longer needed with the new object sinking phase and should have been
2847         removed in r186795.
2848
2849         * CMakeLists.txt:
2850         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2851         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2852         * JavaScriptCore.xcodeproj/project.pbxproj:
2853         * dfg/DFGInsertOSRHintsForUpdate.cpp: Removed.
2854         (JSC::DFG::insertOSRHintsForUpdate): Deleted.
2855         * dfg/DFGInsertOSRHintsForUpdate.h: Removed.
2856         * dfg/DFGObjectAllocationSinkingPhase.cpp:
2857
2858 2015-07-21  Saam barati  <saambarati1@gmail.com>
2859
2860         DestructuringPatternNode and DestructuringAssignmentNode should be ParserArenaFreeable
2861         https://bugs.webkit.org/show_bug.cgi?id=147140
2862
2863         Reviewed by Geoffrey Garen.
2864
2865         The descendants of DestructuringPatternNode that need destruction also
2866         inherit from ParserArenaDeletable.
2867
2868         * parser/Nodes.h:
2869         (JSC::DestructuringPatternNode::~DestructuringPatternNode):
2870         (JSC::ObjectPatternNode::appendEntry):
2871         (JSC::DestructuringAssignmentNode::bindings):
2872
2873 2015-07-21  Keith Miller  <keith_miller@apple.com>
2874
2875         Add support for the new.target syntax.
2876         https://bugs.webkit.org/show_bug.cgi?id=147051
2877
2878         Reviewed by Yusuke Suzuki.
2879
2880         Add support for new.target. Essentially the implementation is, before constructor calls,
2881         the target of a "new" is placed where "this" noramlly goes in the calling convention.
2882         Then in the constructor before object is initialized we move the target of the "new"
2883         into a local variable.
2884
2885         * bytecompiler/BytecodeGenerator.cpp:
2886         (JSC::BytecodeGenerator::BytecodeGenerator):
2887         * bytecompiler/NodesCodegen.cpp:
2888         (JSC::NewTargetNode::emitBytecode):
2889         * parser/ASTBuilder.h:
2890         (JSC::ASTBuilder::newTargetExpr):
2891         * parser/NodeConstructors.h:
2892         (JSC::NewTargetNode::NewTargetNode):
2893         * parser/Nodes.h:
2894         * parser/Parser.cpp:
2895         (JSC::Parser<LexerType>::parseMemberExpression):
2896         * parser/SyntaxChecker.h:
2897         (JSC::SyntaxChecker::newTargetExpr):
2898         * runtime/CommonIdentifiers.h:
2899         * tests/stress/new-target.js: Added.
2900         (test):
2901         (call):
2902         (Constructor.subCall):
2903         (Constructor.SubConstructor):
2904         (Constructor):
2905         (noAssign):
2906         (doWeirdThings):
2907         (SuperClass):
2908         (SubClass):
2909
2910 2015-07-20  Saam barati  <saambarati1@gmail.com>
2911
2912         "let" scoping introduced incoherent story about symbol table cloning
2913         https://bugs.webkit.org/show_bug.cgi?id=147046
2914
2915         Reviewed by Filip Pizlo.
2916
2917         This patch now establishes a clear set of rules for how SymbolTables
2918         are owned by CodeBlock. Every SymbolTable that is used by a bytecode
2919         instruction must live in CodeBlock's constant register pool. When CodeBlock
2920         is being linked, it ensures that every SymbolTable in the constant pool is cloned. 
2921         This leaves no room for an un-cloned symbol table to be used by a bytecode instruction. 
2922         Some instructions may refer to SymbolTable's indirectly through a JSLexicalEnvironment. 
2923         This is fine, all JSLexicalEnvironment's are allocated with references to cloned symbol tables.
2924
2925         Another goal of this patch is to remove the notion that a SymbolTable is 1 to 1 
2926         with a CodeBlock. With lexical scoping, this view of the world is no longer
2927         correct. This patch begins to remove this assumption by making CodeBlock's
2928         symbolTable() getter method private. There is still one place where we need
2929         to purge our codebase of this assumption and that is the type profiler. It 
2930         has not been updated for lexical scoping. After it is updated in 
2931         https://bugs.webkit.org/show_bug.cgi?id=145438
2932         we will be able to remove CodeBlock's symbolTable() getter entirely.
2933
2934         * bytecode/CodeBlock.cpp:
2935         (JSC::CodeBlock::CodeBlock):
2936         (JSC::CodeBlock::nameForRegister):
2937         * bytecode/CodeBlock.h:
2938         (JSC::CodeBlock::addStringSwitchJumpTable):
2939         (JSC::CodeBlock::stringSwitchJumpTable):
2940         (JSC::CodeBlock::evalCodeCache):
2941         (JSC::CodeBlock::symbolTable):
2942         * bytecode/UnlinkedCodeBlock.cpp:
2943         (JSC::UnlinkedFunctionExecutable::visitChildren):
2944         (JSC::UnlinkedFunctionExecutable::link):
2945         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
2946         * bytecode/UnlinkedCodeBlock.h:
2947         (JSC::UnlinkedCodeBlock::addExceptionHandler):
2948         (JSC::UnlinkedCodeBlock::exceptionHandler):
2949         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex):
2950         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex):
2951         (JSC::UnlinkedCodeBlock::symbolTable): Deleted.
2952         (JSC::UnlinkedCodeBlock::setSymbolTable): Deleted.
2953         * bytecompiler/BytecodeGenerator.cpp:
2954         (JSC::BytecodeGenerator::generate):
2955         (JSC::BytecodeGenerator::BytecodeGenerator):
2956         (JSC::BytecodeGenerator::pushLexicalScope):
2957         (JSC::BytecodeGenerator::variableForLocalEntry):
2958         (JSC::BytecodeGenerator::createVariable):
2959         (JSC::BytecodeGenerator::resolveType):
2960         (JSC::BytecodeGenerator::emitResolveScope):
2961         * bytecompiler/BytecodeGenerator.h:
2962         (JSC::BytecodeGenerator::thisRegister):
2963         (JSC::BytecodeGenerator::instructions):
2964         (JSC::BytecodeGenerator::symbolTable): Deleted.
2965         * dfg/DFGGraph.h:
2966         (JSC::DFG::Graph::baselineCodeBlockFor):
2967         (JSC::DFG::Graph::isStrictModeFor):
2968         (JSC::DFG::Graph::symbolTableFor): Deleted.
2969         * jit/AssemblyHelpers.h:
2970         (JSC::AssemblyHelpers::baselineCodeBlock):
2971         (JSC::AssemblyHelpers::argumentsStart):
2972         (JSC::AssemblyHelpers::symbolTableFor): Deleted.
2973         * runtime/CommonSlowPaths.cpp:
2974         (JSC::SLOW_PATH_DECL):
2975         * runtime/Executable.cpp:
2976         (JSC::FunctionExecutable::visitChildren):
2977         (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation):
2978         (JSC::FunctionExecutable::symbolTable): Deleted.
2979         * runtime/Executable.h:
2980
2981 2015-07-18  Filip Pizlo  <fpizlo@apple.com>
2982
2983         REGRESSION(186691): OSR entry is broken on loop headers that have no live variables
2984         https://bugs.webkit.org/show_bug.cgi?id=147074
2985         rdar://problem/21869970
2986
2987         Reviewed by Michael Saboff.
2988         
2989         The OSR entry must-handle block/value widening introduced in r186691 would cause the
2990         CFA to reexecute if it caused any live local variables to change value. But this fails
2991         if the must-handle block has no live local variables, and the entry block otherwise
2992         appears to be unreachable.
2993         
2994         This fixes the bug by having the change detection include whether the block hadn't been
2995         visited in addition to whether any local variable values got widened.
2996         
2997         This is a ~4% speed-up on SunSpider in browser.
2998
2999         * dfg/DFGCFAPhase.cpp:
3000         (JSC::DFG::CFAPhase::run):
3001
3002 2015-07-20  Mark Lam  <mark.lam@apple.com>
3003
3004         Rollout r187020 and r187021: breaks JSC API tests on debug builds.
3005         https://bugs.webkit.org/show_bug.cgi?id=147110
3006
3007         * heap/MachineStackMarker.cpp:
3008         (JSC::MachineThreads::addCurrentThread):
3009         * runtime/JSLock.cpp:
3010         (JSC::JSLockHolder::~JSLockHolder):
3011         (JSC::JSLock::JSLock):
3012         (JSC::JSLock::willDestroyVM):
3013         (JSC::JSLock::setExclusiveThread):
3014         (JSC::JSLock::lock):
3015         (JSC::JSLock::unlock):
3016         (JSC::JSLock::currentThreadIsHoldingLock):
3017         (JSC::JSLock::dropAllLocks):
3018         * runtime/JSLock.h:
3019         (JSC::JSLock::vm):
3020         (JSC::JSLock::hasExclusiveThread):
3021         (JSC::JSLock::exclusiveThread):
3022         * runtime/VM.h:
3023         (JSC::VM::hasExclusiveThread):
3024         (JSC::VM::exclusiveThread):
3025         (JSC::VM::setExclusiveThread):
3026
3027 2015-07-20  Per Arne Vollan  <peavo@outlook.com>
3028
3029         Unreviewed debug build fix after r187020.
3030
3031         * heap/MachineStackMarker.cpp:
3032         (JSC::MachineThreads::addCurrentThread):
3033         VM::exclusiveThread() has changed return type to ThreadIdentifier.
3034
3035 2015-07-20  Per Arne Vollan  <peavo@outlook.com>
3036
3037         JavaScriptCore performance is very bad on Windows
3038         https://bugs.webkit.org/show_bug.cgi?id=146448
3039
3040         Reviewed by Mark Lam.
3041
3042         Profiling shows that std::this_thread::get_id() is slow on Windows.
3043         Use WTF::currentThread() instead, which calls GetCurrentThreadId().
3044         This is faster on Windows. The issue has been reported to Microsoft,
3045         https://connect.microsoft.com/VisualStudio/feedback/details/1558211.
3046
3047         * runtime/JSLock.cpp:
3048         (JSC::JSLockHolder::~JSLockHolder):
3049         (JSC::JSLock::JSLock):
3050         (JSC::JSLock::willDestroyVM):
3051         (JSC::JSLock::setExclusiveThread):
3052         (JSC::JSLock::lock):
3053         (JSC::JSLock::unlock):
3054         (JSC::JSLock::currentThreadIsHoldingLock):
3055         * runtime/JSLock.h:
3056         (JSC::JSLock::vm):
3057         (JSC::JSLock::hasExclusiveThread):
3058         (JSC::JSLock::exclusiveThread):
3059         * runtime/VM.h:
3060         (JSC::VM::hasExclusiveThread):
3061         (JSC::VM::exclusiveThread):
3062         (JSC::VM::setExclusiveThread):
3063
3064 2015-07-19  Yusuke Suzuki  <utatane.tea@gmail.com>
3065
3066         In strict mode, `Object.keys(arguments)` includes "length"
3067         https://bugs.webkit.org/show_bug.cgi?id=147071
3068
3069         Reviewed by Darin Adler.
3070
3071         ClonedAguments didn't set the "length" with DontEnum.
3072
3073         * runtime/ClonedArguments.cpp:
3074         (JSC::ClonedArguments::createWithInlineFrame):
3075         (JSC::ClonedArguments::createByCopyingFrom):
3076         * tests/stress/arguments-length-always-dont-enum.js: Added.
3077         (shouldBe):
3078         (argsSloppy):
3079         (argsStrict):
3080
3081 2015-07-19  Jordan Harband  <ljharb@gmail.com>
3082
3083         new Date(NaN).toJSON() must return null instead of throwing a TypeError
3084         https://bugs.webkit.org/show_bug.cgi?id=141115
3085
3086         Reviewed by Yusuke Suzuki.
3087
3088         * runtime/DatePrototype.cpp:
3089         (JSC::dateProtoFuncToJSON):
3090
3091 2015-07-19  Saam barati  <saambarati1@gmail.com>
3092
3093         Parser::parseFunctionInfo hits RELEASE_ASSERT for Arrow Functions
3094         https://bugs.webkit.org/show_bug.cgi?id=147090
3095
3096         Reviewed by Yusuke Suzuki.
3097
3098         ArrowFunction's have there ParserFunctionInfo "name" field to 
3099         be a non-null pointer. This is obviously allowed and valid except we 
3100         had a RELEASE_ASSERT that claimed otherwise. This is a mistake. 
3101
3102         Note: ArrowFunction's will never actually have a function name;
3103         there ParserFunctionInfo "name" field will be the empty string. 
3104         This is not be mistaken with the name field being a null pointer.
3105
3106         * parser/Parser.cpp:
3107         (JSC::Parser<LexerType>::parseFunctionInfo):
3108
3109 2015-07-18  Saam barati  <saambarati1@gmail.com>
3110
3111         [ES6] Add support for block scope const
3112         https://bugs.webkit.org/show_bug.cgi?id=31813
3113
3114         Reviewed by Filip Pizlo.
3115
3116         'const' is now implemented in an ES6 spec compliant manner.
3117         'const' variables are always block scoped and always live
3118         either on the stack or in a JSLexicalEnvironment. 'const'
3119         variables never live on the global object.
3120
3121         Inside the BytecodeGenerator, when assigning to a stack
3122         'const' variable or a LocalClosureVar 'const' variable,
3123         we will emit code that just throws a type error.
3124         When assigning to a ClosureVar const variable, CodeBlock linking
3125         will ensure that we perform a dynamic lookup of that variable so
3126         that put_to_scope's slow path throws a type error.
3127
3128         The old 'const' implementation has been removed in this patch.
3129
3130         * bytecode/BytecodeList.json:
3131         * bytecode/BytecodeUseDef.h:
3132         (JSC::computeUsesForBytecodeOffset):
3133         (JSC::computeDefsForBytecodeOffset):
3134         * bytecode/CodeBlock.cpp:
3135         (JSC::CodeBlock::dumpBytecode):
3136         (JSC::CodeBlock::CodeBlock):
3137         * bytecompiler/BytecodeGenerator.cpp:
3138         (JSC::BytecodeGenerator::BytecodeGenerator):
3139         (JSC::BytecodeGenerator::pushLexicalScope):
3140         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3141         (JSC::BytecodeGenerator::variable):
3142         (JSC::BytecodeGenerator::variableForLocalEntry):
3143         (JSC::BytecodeGenerator::createVariable):
3144         (JSC::BytecodeGenerator::emitResolveScope):
3145         (JSC::BytecodeGenerator::emitInstanceOf):
3146         (JSC::BytecodeGenerator::emitGetById):
3147         (JSC::BytecodeGenerator::isArgumentNumber):
3148         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
3149         (JSC::BytecodeGenerator::emitEnumeration):
3150         (JSC::BytecodeGenerator::variablePerSymbolTable): Deleted.
3151         (JSC::BytecodeGenerator::emitInitGlobalConst): Deleted.
3152         * bytecompiler/BytecodeGenerator.h:
3153         (JSC::Variable::Variable):
3154         (JSC::Variable::isReadOnly):
3155         (JSC::Variable::isSpecial):
3156         (JSC::Variable::isConst):
3157         (JSC::BytecodeGenerator::thisRegister):
3158         (JSC::BytecodeGenerator::emitTypeOf):
3159         (JSC::BytecodeGenerator::emitIn):
3160         * bytecompiler/NodesCodegen.cpp:
3161         (JSC::PostfixNode::emitResolve):
3162         (JSC::PrefixNode::emitResolve):
3163         (JSC::ReadModifyResolveNode::emitBytecode):
3164         (JSC::AssignResolveNode::emitBytecode):
3165         (JSC::CommaNode::emitBytecode):
3166         (JSC::BindingNode::bindValue):
3167         (JSC::ConstDeclNode::emitCodeSingle): Deleted.
3168         (JSC::ConstDeclNode::emitBytecode): Deleted.
3169         (JSC::ConstStatementNode::emitBytecode): Deleted.
3170         * dfg/DFGByteCodeParser.cpp:
3171         (JSC::DFG::ByteCodeParser::parseBlock):
3172         * dfg/DFGCapabilities.cpp:
3173         (JSC::DFG::capabilityLevel):
3174         * jit/JIT.cpp:
3175         (JSC::JIT::privateCompileMainPass):
3176         * jit/JIT.h:
3177         * jit/JITPropertyAccess.cpp:
3178         (JSC::JIT::emit_op_put_to_arguments):
3179         (JSC::JIT::emit_op_init_global_const): Deleted.
3180         * jit/JITPropertyAccess32_64.cpp:
3181         (JSC::JIT::emit_op_put_to_arguments):
3182         (JSC::JIT::emit_op_init_global_const): Deleted.
3183         * llint/LowLevelInterpreter.asm:
3184         * llint/LowLevelInterpreter32_64.asm:
3185         * llint/LowLevelInterpreter64.asm:
3186         * parser/ASTBuilder.h:
3187         (JSC::ASTBuilder::createDeclarationStatement):
3188         (JSC::ASTBuilder::createEmptyVarExpression):
3189         (JSC::ASTBuilder::createDebugger):
3190         (JSC::ASTBuilder::appendStatement):
3191         (JSC::ASTBuilder::createVarStatement): Deleted.
3192         (JSC::ASTBuilder::createLetStatement): Deleted.
3193         (JSC::ASTBuilder::createConstStatement): Deleted.
3194         (JSC::ASTBuilder::appendConstDecl): Deleted.
3195         * parser/NodeConstructors.h:
3196         (JSC::CommaNode::CommaNode):
3197         (JSC::SourceElements::SourceElements):
3198         (JSC::SwitchNode::SwitchNode):
3199         (JSC::BlockNode::BlockNode):
3200         (JSC::ConstStatementNode::ConstStatementNode): Deleted.
3201         (JSC::ConstDeclNode::ConstDeclNode): Deleted.
3202         * parser/Nodes.h:
3203         (JSC::ConstDeclNode::hasInitializer): Deleted.
3204         (JSC::ConstDeclNode::ident): Deleted.
3205         * parser/Parser.cpp:
3206         (JSC::Parser<LexerType>::parseStatementListItem):
3207         (JSC::Parser<LexerType>::parseVariableDeclaration):
3208         (JSC::Parser<LexerType>::parseWhileStatement):
3209         (JSC::Parser<LexerType>::parseVariableDeclarationList):
3210         (JSC::Parser<LexerType>::createBindingPattern):
3211         (JSC::Parser<LexerType>::parseDestructuringPattern):
3212         (JSC::Parser<LexerType>::parseDefaultValueForDestructuringPattern):
3213         (JSC::Parser<LexerType>::parseForStatement):
3214         (JSC::Parser<LexerType>::parseTryStatement):
3215         (JSC::Parser<LexerType>::parseFunctionInfo):
3216         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3217         (JSC::Parser<LexerType>::parseClass):
3218         (JSC::Parser<LexerType>::parseConstDeclaration): Deleted.
3219         (JSC::Parser<LexerType>::parseConstDeclarationList): Deleted.
3220         * parser/Parser.h:
3221         (JSC::isEvalNode):
3222         (JSC::isEvalNode<EvalNode>):
3223         (JSC::isArguments):
3224         (JSC::isEval):
3225         (JSC::isEvalOrArgumentsIdentifier):
3226         (JSC::Scope::Scope):
3227         (JSC::Scope::declareCallee):
3228         (JSC::Scope::declareVariable):
3229         (JSC::Scope::declareLexicalVariable):
3230         (JSC::Scope::hasDeclaredVariable):
3231         (JSC::Scope::allowsVarDeclarations):
3232         (JSC::Scope::allowsLexicalDeclarations):
3233         (JSC::Scope::declareParameter):
3234         (JSC::Scope::declareBoundParameter):
3235         (JSC::Parser::destructuringKindFromDeclarationType):
3236         (JSC::Parser::assignmentContextFromDeclarationType):
3237         (JSC::Parser::isEvalOrArguments):
3238         (JSC::Parser::currentScope):
3239         (JSC::Parser::popScope):
3240         (JSC::Parser::declareVariable):
3241         (JSC::Parser::hasDeclaredVariable):
3242         (JSC::Parser::setStrictMode):
3243         (JSC::Parser::strictMode):
3244         (JSC::Parser::isValidStrictMode):
3245         (JSC::Parser::declareParameter):
3246         (JSC::Parser::declareBoundParameter):
3247         (JSC::Parser::breakIsValid):
3248         * parser/SyntaxChecker.h:
3249         (JSC::SyntaxChecker::createForInLoop):
3250         (JSC::SyntaxChecker::createForOfLoop):
3251         (JSC::SyntaxChecker::createEmptyStatement):
3252         (JSC::SyntaxChecker::createDeclarationStatement):
3253         (JSC::SyntaxChecker::createReturnStatement):
3254         (JSC::SyntaxChecker::createBreakStatement):
3255         (JSC::SyntaxChecker::createVarStatement): Deleted.
3256         (JSC::SyntaxChecker::createLetStatement): Deleted.
3257         * parser/VariableEnvironment.h:
3258         (JSC::VariableEnvironmentEntry::isCaptured):
3259         (JSC::VariableEnvironmentEntry::isConst):
3260         (JSC::VariableEnvironmentEntry::isVar):
3261         (JSC::VariableEnvironmentEntry::isLet):
3262         (JSC::VariableEnvironmentEntry::setIsCaptured):
3263         (JSC::VariableEnvironmentEntry::setIsConst):
3264         (JSC::VariableEnvironmentEntry::setIsVar):
3265         (JSC::VariableEnvironmentEntry::setIsLet):
3266         (JSC::VariableEnvironmentEntry::isConstant): Deleted.
3267         (JSC::VariableEnvironmentEntry::setIsConstant): Deleted.
3268         * runtime/Executable.cpp:
3269         (JSC::ProgramExecutable::initializeGlobalProperties):
3270         * runtime/JSGlobalObject.cpp:
3271         (JSC::JSGlobalObject::defineOwnProperty):
3272         (JSC::JSGlobalObject::addGlobalVar):
3273         (JSC::JSGlobalObject::addFunction):
3274         (JSC::lastInPrototypeChain):
3275         * runtime/JSGlobalObject.h:
3276         (JSC::JSGlobalObject::finishCreation):
3277         (JSC::JSGlobalObject::addVar):
3278         (JSC::JSGlobalObject::addConst): Deleted.
3279         * runtime/JSLexicalEnvironment.cpp:
3280         (JSC::JSLexicalEnvironment::symbolTablePut):
3281         * tests/stress/const-and-with-statement.js: Added.
3282         (truth):
3283         (assert):
3284         (shouldThrowInvalidConstAssignment):
3285         (.):
3286         * tests/stress/const-exception-handling.js: Added.
3287         (truth):
3288         (assert):
3289         (.):
3290         * tests/stress/const-loop-semantics.js: Added.
3291         (truth):
3292         (assert):
3293         (shouldThrowInvalidConstAssignment):
3294         (.):
3295         * tests/stress/const-not-strict-mode.js: Added.
3296         (truth):
3297         (assert):
3298         (shouldThrowTDZ):
3299         (.):
3300         * tests/stress/const-semantics.js: Added.
3301         (truth):
3302         (assert):
3303         (shouldThrowInvalidConstAssignment):
3304         (.):
3305         * tests/stress/const-tdz.js: Added.
3306         (truth):
3307         (assert):
3308         (shouldThrowTDZ):
3309         (.):
3310
3311 2015-07-18  Saam barati  <saambarati1@gmail.com>
3312
3313         lexical scoping is broken with respect to "break" and "continue"
3314         https://bugs.webkit.org/show_bug.cgi?id=147063
3315
3316         Reviewed by Filip Pizlo.
3317
3318         Bug #142944 which introduced "let" and lexical scoping
3319         didn't properly hook into the bytecode generator's machinery
3320         for calculating scope depth deltas for "break" and "continue". This
3321         resulted in the bytecode generator popping an incorrect number
3322         of scopes when lexical scopes were involved.
3323
3324         This patch fixes this problem and generalizes this machinery a bit.
3325         This patch also renames old functions in a sensible way that is more
3326         coherent in a world with lexical scoping.
3327
3328         * bytecompiler/BytecodeGenerator.cpp:
3329         (JSC::BytecodeGenerator::BytecodeGenerator):
3330         (JSC::BytecodeGenerator::newLabelScope):
3331         (JSC::BytecodeGenerator::emitProfileType):
3332         (JSC::BytecodeGenerator::pushLexicalScope):
3333         (JSC::BytecodeGenerator::popLexicalScope):
3334         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3335         (JSC::BytecodeGenerator::resolveType):
3336         (JSC::BytecodeGenerator::emitResolveScope):
3337         (JSC::BytecodeGenerator::emitGetFromScope):
3338         (JSC::BytecodeGenerator::emitPutToScope):
3339         (JSC::BytecodeGenerator::emitPushWithScope):
3340         (JSC::BytecodeGenerator::emitGetParentScope):
3341         (JSC::BytecodeGenerator::emitPopScope):
3342         (JSC::BytecodeGenerator::emitPopWithOrCatchScope):
3343         (JSC::BytecodeGenerator::emitPopScopes):
3344         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler):
3345         (JSC::BytecodeGenerator::localScopeDepth):
3346         (JSC::BytecodeGenerator::labelScopeDepth):
3347         (JSC::BytecodeGenerator::emitThrowReferenceError):
3348         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
3349         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
3350         (JSC::BytecodeGenerator::popScopedControlFlowContext):
3351         (JSC::BytecodeGenerator::emitPushCatchScope):
3352         (JSC::BytecodeGenerator::currentScopeDepth): Deleted.
3353         * bytecompiler/BytecodeGenerator.h: