1 2015-08-05 Benjamin Poulain <benjamin@webkit.org>
3 Add the Intl API to the status page
6 Andy VanWagoner landed the skeleton of the API and it is
9 2015-08-04 Filip Pizlo <fpizlo@apple.com>
11 Rename Mutex to DeprecatedMutex
12 https://bugs.webkit.org/show_bug.cgi?id=147675
14 Reviewed by Geoffrey Garen.
16 * bytecode/SamplingTool.cpp:
17 (JSC::SamplingTool::doRun):
18 (JSC::SamplingTool::notifyOfScope):
19 * bytecode/SamplingTool.h:
20 * dfg/DFGThreadData.h:
21 * dfg/DFGWorklist.cpp:
22 (JSC::DFG::Worklist::~Worklist):
23 (JSC::DFG::Worklist::isActiveForVM):
24 (JSC::DFG::Worklist::enqueue):
25 (JSC::DFG::Worklist::compilationState):
26 (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
27 (JSC::DFG::Worklist::removeAllReadyPlansForVM):
28 (JSC::DFG::Worklist::completeAllReadyPlansForVM):
29 (JSC::DFG::Worklist::visitWeakReferences):
30 (JSC::DFG::Worklist::removeDeadPlans):
31 (JSC::DFG::Worklist::queueLength):
32 (JSC::DFG::Worklist::dump):
33 (JSC::DFG::Worklist::runThread):
35 * disassembler/Disassembler.cpp:
36 * heap/CopiedSpace.cpp:
37 (JSC::CopiedSpace::doneFillingBlock):
38 (JSC::CopiedSpace::doneCopying):
40 * heap/CopiedSpaceInlines.h:
41 (JSC::CopiedSpace::recycleBorrowedBlock):
42 (JSC::CopiedSpace::allocateBlockForCopyingPhase):
44 * heap/MachineStackMarker.cpp:
45 (JSC::ActiveMachineThreadsManager::Locker::Locker):
46 (JSC::ActiveMachineThreadsManager::add):
47 (JSC::ActiveMachineThreadsManager::remove):
48 (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
49 (JSC::MachineThreads::~MachineThreads):
50 (JSC::MachineThreads::addCurrentThread):
51 (JSC::MachineThreads::removeThreadIfFound):
52 (JSC::MachineThreads::tryCopyOtherThreadStack):
53 (JSC::MachineThreads::tryCopyOtherThreadStacks):
54 (JSC::MachineThreads::gatherConservativeRoots):
55 * heap/MachineStackMarker.h:
56 * interpreter/JSStack.cpp:
57 (JSC::stackStatisticsMutex):
58 (JSC::JSStack::addToCommittedByteCount):
59 (JSC::JSStack::committedByteCount):
61 * profiler/ProfilerDatabase.h:
63 2015-08-05 Saam barati <saambarati1@gmail.com>
65 Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
66 https://bugs.webkit.org/show_bug.cgi?id=147657
70 This kills the last of the name scope objects. Function name scopes are
71 now built on top of the scoping mechanisms introduced with ES6 block scoping.
72 A name scope is now just a JSLexicalEnvironment. We treat assignments to the
73 function name scoped variable carefully depending on if the function is in
74 strict mode. If we're in strict mode, then we treat the variable exactly
75 like a "const" variable. If we're not in strict mode, we can't treat
76 this variable like like ES6 "const" because that would cause the bytecode
77 generator to throw an exception when it shouldn't.
80 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
81 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
82 * JavaScriptCore.xcodeproj/project.pbxproj:
83 * bytecode/BytecodeList.json:
84 * bytecode/BytecodeUseDef.h:
85 (JSC::computeUsesForBytecodeOffset):
86 (JSC::computeDefsForBytecodeOffset):
87 * bytecode/CodeBlock.cpp:
88 (JSC::CodeBlock::dumpBytecode):
89 * bytecompiler/BytecodeGenerator.cpp:
90 (JSC::BytecodeGenerator::BytecodeGenerator):
91 (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
92 (JSC::BytecodeGenerator::pushLexicalScope):
93 (JSC::BytecodeGenerator::pushLexicalScopeInternal):
94 (JSC::BytecodeGenerator::variable):
95 (JSC::BytecodeGenerator::resolveType):
96 (JSC::BytecodeGenerator::emitThrowTypeError):
97 (JSC::BytecodeGenerator::emitPushFunctionNameScope):
98 (JSC::BytecodeGenerator::pushScopedControlFlowContext):
99 (JSC::BytecodeGenerator::emitPushCatchScope):
100 * bytecompiler/BytecodeGenerator.h:
101 * bytecompiler/NodesCodegen.cpp:
102 * debugger/DebuggerScope.cpp:
103 * dfg/DFGOperations.cpp:
104 * interpreter/Interpreter.cpp:
106 (JSC::JIT::privateCompileMainPass):
108 * jit/JITOpcodes.cpp:
109 (JSC::JIT::emit_op_to_string):
110 (JSC::JIT::emit_op_catch):
111 (JSC::JIT::emit_op_push_name_scope): Deleted.
112 * jit/JITOpcodes32_64.cpp:
113 (JSC::JIT::emitSlow_op_to_string):
114 (JSC::JIT::emit_op_catch):
115 (JSC::JIT::emit_op_push_name_scope): Deleted.
116 * jit/JITOperations.cpp:
117 (JSC::pushNameScope): Deleted.
118 * llint/LLIntSlowPaths.cpp:
119 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
120 * llint/LLIntSlowPaths.h:
121 * llint/LowLevelInterpreter.asm:
123 * runtime/CommonSlowPaths.cpp:
124 * runtime/Executable.cpp:
125 (JSC::ScriptExecutable::newCodeBlockFor):
126 * runtime/JSFunctionNameScope.cpp: Removed.
127 * runtime/JSFunctionNameScope.h: Removed.
128 * runtime/JSGlobalObject.cpp:
129 (JSC::JSGlobalObject::init):
130 (JSC::JSGlobalObject::visitChildren):
131 * runtime/JSGlobalObject.h:
132 (JSC::JSGlobalObject::withScopeStructure):
133 (JSC::JSGlobalObject::strictEvalActivationStructure):
134 (JSC::JSGlobalObject::activationStructure):
135 (JSC::JSGlobalObject::directArgumentsStructure):
136 (JSC::JSGlobalObject::scopedArgumentsStructure):
137 (JSC::JSGlobalObject::outOfBandArgumentsStructure):
138 (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
139 * runtime/JSNameScope.cpp: Removed.
140 * runtime/JSNameScope.h: Removed.
141 * runtime/JSObject.cpp:
142 (JSC::JSObject::toThis):
143 (JSC::JSObject::seal):
144 (JSC::JSObject::isFunctionNameScopeObject): Deleted.
145 * runtime/JSObject.h:
146 * runtime/JSScope.cpp:
147 (JSC::JSScope::isCatchScope):
148 (JSC::JSScope::isFunctionNameScopeObject):
149 (JSC::resolveModeName):
151 * runtime/JSSymbolTableObject.cpp:
152 * runtime/SymbolTable.h:
155 2015-08-05 Joseph Pecoraro <pecoraro@apple.com>
157 Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
158 https://bugs.webkit.org/show_bug.cgi?id=147679
160 Reviewed by Timothy Hatcher.
162 Improve native iterator support for the PropertyName Iterator by
163 allowing inspection of the internal object within the iterator
164 and peeking of the next upcoming values of the iterator.
166 * inspector/JSInjectedScriptHost.cpp:
167 (Inspector::JSInjectedScriptHost::subtype):
168 (Inspector::JSInjectedScriptHost::getInternalProperties):
169 (Inspector::JSInjectedScriptHost::iteratorEntries):
170 * runtime/JSPropertyNameIterator.h:
171 (JSC::JSPropertyNameIterator::iteratedValue):
173 2015-08-04 Brent Fulgham <bfulgham@apple.com>
175 [Win] Update Apple Windows build for VS2015
176 https://bugs.webkit.org/show_bug.cgi?id=147653
178 Reviewed by Dean Jackson.
180 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
181 Show JSC files in proper project locations in IDE.
183 2015-08-04 Joseph Pecoraro <pecoraro@apple.com>
185 Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
186 https://bugs.webkit.org/show_bug.cgi?id=147328
188 Reviewed by Timothy Hatcher.
190 * inspector/InjectedScriptSource.js:
191 Use classList and classList.toString instead of className.
193 2015-08-04 Yusuke Suzuki <utatane.tea@gmail.com>
195 [ES6] Support Module Syntax
196 https://bugs.webkit.org/show_bug.cgi?id=147422
198 Reviewed by Saam Barati.
200 This patch introduces ES6 Modules syntax parsing part.
201 In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
202 and this patch does not include the code generator part.
204 Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
205 and do not execute the body or construct the AST. And after analyzing all the dependent
206 modules, we will parse the dependent modules next.
207 After all analyzing part is done, we will start the second pass. In the second pass, we
208 will parse the module, produce the AST, and execute the body.
209 If we don't do so, we need to create all the ASTs in the module's dependent graph at first
210 because the given module can be executed after the all dependent modules are executed. It
211 means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
212 the dependent modules' information.
214 In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
215 This patch aims at just implementing the syntax parsing functionality correctly.
216 After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
217 to collect the dependent modules fast[1].
219 To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
220 By using this, we can parse the given string as the module.
222 [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
224 * bytecompiler/NodesCodegen.cpp:
225 (JSC::ModuleProgramNode::emitBytecode):
226 (JSC::ImportDeclarationNode::emitBytecode):
227 (JSC::ExportAllDeclarationNode::emitBytecode):
228 (JSC::ExportDefaultDeclarationNode::emitBytecode):
229 (JSC::ExportLocalDeclarationNode::emitBytecode):
230 (JSC::ExportNamedDeclarationNode::emitBytecode):
232 (GlobalObject::finishCreation):
233 (functionCheckModuleSyntax):
234 * parser/ASTBuilder.h:
235 (JSC::ASTBuilder::createModuleSpecifier):
236 (JSC::ASTBuilder::createImportSpecifier):
237 (JSC::ASTBuilder::createImportSpecifierList):
238 (JSC::ASTBuilder::appendImportSpecifier):
239 (JSC::ASTBuilder::createImportDeclaration):
240 (JSC::ASTBuilder::createExportAllDeclaration):
241 (JSC::ASTBuilder::createExportDefaultDeclaration):
242 (JSC::ASTBuilder::createExportLocalDeclaration):
243 (JSC::ASTBuilder::createExportNamedDeclaration):
244 (JSC::ASTBuilder::createExportSpecifier):
245 (JSC::ASTBuilder::createExportSpecifierList):
246 (JSC::ASTBuilder::appendExportSpecifier):
247 * parser/Keywords.table:
248 * parser/NodeConstructors.h:
249 (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
250 (JSC::ImportSpecifierNode::ImportSpecifierNode):
251 (JSC::ImportDeclarationNode::ImportDeclarationNode):
252 (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
253 (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
254 (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
255 (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
256 (JSC::ExportSpecifierNode::ExportSpecifierNode):
258 (JSC::ModuleProgramNode::ModuleProgramNode):
260 (JSC::ModuleProgramNode::startColumn):
261 (JSC::ModuleProgramNode::endColumn):
262 (JSC::ModuleSpecifierNode::moduleName):
263 (JSC::ImportSpecifierNode::importedName):
264 (JSC::ImportSpecifierNode::localName):
265 (JSC::ImportSpecifierListNode::specifiers):
266 (JSC::ImportSpecifierListNode::append):
267 (JSC::ImportDeclarationNode::specifierList):
268 (JSC::ImportDeclarationNode::moduleSpecifier):
269 (JSC::ExportAllDeclarationNode::moduleSpecifier):
270 (JSC::ExportDefaultDeclarationNode::declaration):
271 (JSC::ExportLocalDeclarationNode::declaration):
272 (JSC::ExportSpecifierNode::exportedName):
273 (JSC::ExportSpecifierNode::localName):
274 (JSC::ExportSpecifierListNode::specifiers):
275 (JSC::ExportSpecifierListNode::append):
276 (JSC::ExportNamedDeclarationNode::specifierList):
277 (JSC::ExportNamedDeclarationNode::moduleSpecifier):
279 (JSC::Parser<LexerType>::Parser):
280 (JSC::Parser<LexerType>::parseInner):
281 (JSC::Parser<LexerType>::parseModuleSourceElements):
282 (JSC::Parser<LexerType>::parseVariableDeclaration):
283 (JSC::Parser<LexerType>::parseVariableDeclarationList):
284 (JSC::Parser<LexerType>::createBindingPattern):
285 (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
286 (JSC::Parser<LexerType>::parseDestructuringPattern):
287 (JSC::Parser<LexerType>::parseForStatement):
288 (JSC::Parser<LexerType>::parseFormalParameters):
289 (JSC::Parser<LexerType>::parseFunctionParameters):
290 (JSC::Parser<LexerType>::parseFunctionDeclaration):
291 (JSC::Parser<LexerType>::parseClassDeclaration):
292 (JSC::Parser<LexerType>::parseModuleSpecifier):
293 (JSC::Parser<LexerType>::parseImportClauseItem):
294 (JSC::Parser<LexerType>::parseImportDeclaration):
295 (JSC::Parser<LexerType>::parseExportSpecifier):
296 (JSC::Parser<LexerType>::parseExportDeclaration):
297 (JSC::Parser<LexerType>::parseMemberExpression):
299 (JSC::isIdentifierOrKeyword):
300 (JSC::ModuleScopeData::create):
301 (JSC::ModuleScopeData::exportedBindings):
302 (JSC::ModuleScopeData::exportName):
303 (JSC::ModuleScopeData::exportBinding):
305 (JSC::Scope::setIsModule):
306 (JSC::Scope::moduleScopeData):
307 (JSC::Parser::matchContextualKeyword):
308 (JSC::Parser::matchIdentifierOrKeyword):
309 (JSC::Parser::isofToken): Deleted.
310 * parser/ParserModes.h:
311 * parser/ParserTokens.h:
312 * parser/SyntaxChecker.h:
313 (JSC::SyntaxChecker::createModuleSpecifier):
314 (JSC::SyntaxChecker::createImportSpecifier):
315 (JSC::SyntaxChecker::createImportSpecifierList):
316 (JSC::SyntaxChecker::appendImportSpecifier):
317 (JSC::SyntaxChecker::createImportDeclaration):
318 (JSC::SyntaxChecker::createExportAllDeclaration):
319 (JSC::SyntaxChecker::createExportDefaultDeclaration):
320 (JSC::SyntaxChecker::createExportLocalDeclaration):
321 (JSC::SyntaxChecker::createExportNamedDeclaration):
322 (JSC::SyntaxChecker::createExportSpecifier):
323 (JSC::SyntaxChecker::createExportSpecifierList):
324 (JSC::SyntaxChecker::appendExportSpecifier):
325 * runtime/CommonIdentifiers.cpp:
326 (JSC::CommonIdentifiers::CommonIdentifiers):
327 * runtime/CommonIdentifiers.h:
328 * runtime/Completion.cpp:
329 (JSC::checkModuleSyntax):
330 * runtime/Completion.h:
331 * tests/stress/modules-syntax-error-with-names.js: Added.
333 * tests/stress/modules-syntax-error.js: Added.
335 (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
336 * tests/stress/modules-syntax.js: Added.
337 (prototype.checkModuleSyntax):
339 * tests/stress/tagged-templates-syntax.js:
341 2015-08-03 Csaba Osztrogonác <ossy@webkit.org>
343 Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
344 https://bugs.webkit.org/show_bug.cgi?id=146833
346 Reviewed by Alexey Proskuryakov.
348 * assembler/ARM64Assembler.h:
349 * assembler/ARMAssembler.h:
350 (JSC::ARMAssembler::cacheFlush):
351 * assembler/MacroAssemblerARM.cpp:
353 * assembler/MacroAssemblerX86Common.h:
354 (JSC::MacroAssemblerX86Common::isSSE2Present):
355 * heap/MachineStackMarker.h:
356 * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
358 * jit/HostCallReturnValue.h:
360 * jit/JITOperations.cpp:
362 * jit/JITStubsARMv7.h:
364 * jit/JITStubsX86Common.h:
365 * jit/JITStubsX86_64.h:
366 * jit/ThunkGenerators.cpp:
367 * runtime/JSExportMacros.h:
368 * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
371 2015-08-03 Filip Pizlo <fpizlo@apple.com>
373 Unreviewed, fix uninitialized property leading to an assert.
375 * runtime/PutPropertySlot.h:
376 (JSC::PutPropertySlot::PutPropertySlot):
378 2015-08-03 Filip Pizlo <fpizlo@apple.com>
380 Unreviewed, fix Windows.
382 * bytecode/ObjectPropertyConditionSet.h:
383 (JSC::ObjectPropertyConditionSet::fromRawPointer):
385 2015-07-31 Filip Pizlo <fpizlo@apple.com>
387 DFG should have adaptive structure watchpoints
388 https://bugs.webkit.org/show_bug.cgi?id=146929
390 Reviewed by Geoffrey Garen.
392 Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
393 property, you'd check that the object still has the structure that you first saw the object have. We
394 optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
395 elide the structure check.
397 But this approach fails when that object frequently has new properties added to it. This would
398 change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
399 we'd have to recompile either the IC or an entire code block.
401 This change introduces a new concept: an object property condition. This value describes some
402 condition involving a property on some object. There are four kinds: presence, absence,
403 absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
404 object has some property at some offset with some attributes. This allows us to implement a new kind
405 of watchpoint, which knows about the object property condition that it's being used to enforce. If
406 the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
407 on the new structure.
409 Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
410 and prototype accesses. They are also used for any DFG accesses to object constants, including
411 global property accesses.
413 Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
414 neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
415 chain situation. It's also a small speed-up on getter-richards.
418 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
419 * JavaScriptCore.xcodeproj/project.pbxproj:
420 * bytecode/CodeBlock.cpp:
421 (JSC::CodeBlock::printGetByIdCacheStatus):
422 (JSC::CodeBlock::printPutByIdCacheStatus):
423 * bytecode/CodeBlockJettisoningWatchpoint.cpp:
424 (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
425 * bytecode/ComplexGetStatus.cpp:
426 (JSC::ComplexGetStatus::computeFor):
427 * bytecode/ComplexGetStatus.h:
428 (JSC::ComplexGetStatus::ComplexGetStatus):
429 (JSC::ComplexGetStatus::takesSlowPath):
430 (JSC::ComplexGetStatus::kind):
431 (JSC::ComplexGetStatus::offset):
432 (JSC::ComplexGetStatus::conditionSet):
433 (JSC::ComplexGetStatus::attributes): Deleted.
434 (JSC::ComplexGetStatus::specificValue): Deleted.
435 (JSC::ComplexGetStatus::chain): Deleted.
436 * bytecode/ConstantStructureCheck.cpp: Removed.
437 * bytecode/ConstantStructureCheck.h: Removed.
438 * bytecode/GetByIdStatus.cpp:
439 (JSC::GetByIdStatus::computeForStubInfo):
440 * bytecode/GetByIdVariant.cpp:
441 (JSC::GetByIdVariant::GetByIdVariant):
442 (JSC::GetByIdVariant::~GetByIdVariant):
443 (JSC::GetByIdVariant::operator=):
444 (JSC::GetByIdVariant::attemptToMerge):
445 (JSC::GetByIdVariant::dumpInContext):
446 (JSC::GetByIdVariant::baseStructure): Deleted.
447 * bytecode/GetByIdVariant.h:
448 (JSC::GetByIdVariant::operator!):
449 (JSC::GetByIdVariant::structureSet):
450 (JSC::GetByIdVariant::conditionSet):
451 (JSC::GetByIdVariant::offset):
452 (JSC::GetByIdVariant::callLinkStatus):
453 (JSC::GetByIdVariant::constantChecks): Deleted.
454 (JSC::GetByIdVariant::alternateBase): Deleted.
455 * bytecode/ObjectPropertyCondition.cpp: Added.
456 (JSC::ObjectPropertyCondition::dumpInContext):
457 (JSC::ObjectPropertyCondition::dump):
458 (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
459 (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
460 (JSC::ObjectPropertyCondition::isStillValid):
461 (JSC::ObjectPropertyCondition::structureEnsuresValidity):
462 (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
463 (JSC::ObjectPropertyCondition::isWatchable):
464 (JSC::ObjectPropertyCondition::isStillLive):
465 (JSC::ObjectPropertyCondition::validateReferences):
466 (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
467 * bytecode/ObjectPropertyCondition.h: Added.
468 (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
469 (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
470 (JSC::ObjectPropertyCondition::presence):
471 (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
472 (JSC::ObjectPropertyCondition::absence):
473 (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
474 (JSC::ObjectPropertyCondition::absenceOfSetter):
475 (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
476 (JSC::ObjectPropertyCondition::equivalence):
477 (JSC::ObjectPropertyCondition::operator!):
478 (JSC::ObjectPropertyCondition::object):
479 (JSC::ObjectPropertyCondition::condition):
480 (JSC::ObjectPropertyCondition::kind):
481 (JSC::ObjectPropertyCondition::uid):
482 (JSC::ObjectPropertyCondition::hasOffset):
483 (JSC::ObjectPropertyCondition::offset):
484 (JSC::ObjectPropertyCondition::hasAttributes):
485 (JSC::ObjectPropertyCondition::attributes):
486 (JSC::ObjectPropertyCondition::hasPrototype):
487 (JSC::ObjectPropertyCondition::prototype):
488 (JSC::ObjectPropertyCondition::hasRequiredValue):
489 (JSC::ObjectPropertyCondition::requiredValue):
490 (JSC::ObjectPropertyCondition::hash):
491 (JSC::ObjectPropertyCondition::operator==):
492 (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
493 (JSC::ObjectPropertyCondition::isCompatibleWith):
494 (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
495 (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
496 (JSC::ObjectPropertyCondition::isValidValueForPresence):
497 (JSC::ObjectPropertyConditionHash::hash):
498 (JSC::ObjectPropertyConditionHash::equal):
499 * bytecode/ObjectPropertyConditionSet.cpp: Added.
500 (JSC::ObjectPropertyConditionSet::forObject):
501 (JSC::ObjectPropertyConditionSet::forConditionKind):
502 (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
503 (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
504 (JSC::ObjectPropertyConditionSet::slotBaseCondition):
505 (JSC::ObjectPropertyConditionSet::mergedWith):
506 (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
507 (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
508 (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
509 (JSC::ObjectPropertyConditionSet::areStillLive):
510 (JSC::ObjectPropertyConditionSet::dumpInContext):
511 (JSC::ObjectPropertyConditionSet::dump):
512 (JSC::generateConditionsForPropertyMiss):
513 (JSC::generateConditionsForPropertySetterMiss):
514 (JSC::generateConditionsForPrototypePropertyHit):
515 (JSC::generateConditionsForPrototypePropertyHitCustom):
516 (JSC::generateConditionsForPropertySetterMissConcurrently):
517 * bytecode/ObjectPropertyConditionSet.h: Added.
518 (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
519 (JSC::ObjectPropertyConditionSet::invalid):
520 (JSC::ObjectPropertyConditionSet::nonEmpty):
521 (JSC::ObjectPropertyConditionSet::isValid):
522 (JSC::ObjectPropertyConditionSet::isEmpty):
523 (JSC::ObjectPropertyConditionSet::begin):
524 (JSC::ObjectPropertyConditionSet::end):
525 (JSC::ObjectPropertyConditionSet::releaseRawPointer):
526 (JSC::ObjectPropertyConditionSet::adoptRawPointer):
527 (JSC::ObjectPropertyConditionSet::fromRawPointer):
528 (JSC::ObjectPropertyConditionSet::Data::Data):
529 * bytecode/PolymorphicGetByIdList.cpp:
530 (JSC::GetByIdAccess::GetByIdAccess):
531 (JSC::GetByIdAccess::~GetByIdAccess):
532 (JSC::GetByIdAccess::visitWeak):
533 * bytecode/PolymorphicGetByIdList.h:
534 (JSC::GetByIdAccess::GetByIdAccess):
535 (JSC::GetByIdAccess::structure):
536 (JSC::GetByIdAccess::conditionSet):
537 (JSC::GetByIdAccess::stubRoutine):
538 (JSC::GetByIdAccess::chain): Deleted.
539 (JSC::GetByIdAccess::chainCount): Deleted.
540 * bytecode/PolymorphicPutByIdList.cpp:
541 (JSC::PutByIdAccess::fromStructureStubInfo):
542 (JSC::PutByIdAccess::visitWeak):
543 * bytecode/PolymorphicPutByIdList.h:
544 (JSC::PutByIdAccess::PutByIdAccess):
545 (JSC::PutByIdAccess::transition):
546 (JSC::PutByIdAccess::setter):
547 (JSC::PutByIdAccess::newStructure):
548 (JSC::PutByIdAccess::conditionSet):
549 (JSC::PutByIdAccess::stubRoutine):
550 (JSC::PutByIdAccess::chain): Deleted.
551 (JSC::PutByIdAccess::chainCount): Deleted.
552 * bytecode/PropertyCondition.cpp: Added.
553 (JSC::PropertyCondition::dumpInContext):
554 (JSC::PropertyCondition::dump):
555 (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
556 (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
557 (JSC::PropertyCondition::isStillValid):
558 (JSC::PropertyCondition::isWatchableWhenValid):
559 (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
560 (JSC::PropertyCondition::isWatchable):
561 (JSC::PropertyCondition::isStillLive):
562 (JSC::PropertyCondition::validateReferences):
563 (JSC::PropertyCondition::isValidValueForAttributes):
564 (JSC::PropertyCondition::isValidValueForPresence):
565 (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
566 (WTF::printInternal):
567 * bytecode/PropertyCondition.h: Added.
568 (JSC::PropertyCondition::PropertyCondition):
569 (JSC::PropertyCondition::presenceWithoutBarrier):
570 (JSC::PropertyCondition::presence):
571 (JSC::PropertyCondition::absenceWithoutBarrier):
572 (JSC::PropertyCondition::absence):
573 (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
574 (JSC::PropertyCondition::absenceOfSetter):
575 (JSC::PropertyCondition::equivalenceWithoutBarrier):
576 (JSC::PropertyCondition::equivalence):
577 (JSC::PropertyCondition::operator!):
578 (JSC::PropertyCondition::kind):
579 (JSC::PropertyCondition::uid):
580 (JSC::PropertyCondition::hasOffset):
581 (JSC::PropertyCondition::offset):
582 (JSC::PropertyCondition::hasAttributes):
583 (JSC::PropertyCondition::attributes):
584 (JSC::PropertyCondition::hasPrototype):
585 (JSC::PropertyCondition::prototype):
586 (JSC::PropertyCondition::hasRequiredValue):
587 (JSC::PropertyCondition::requiredValue):
588 (JSC::PropertyCondition::hash):
589 (JSC::PropertyCondition::operator==):
590 (JSC::PropertyCondition::isHashTableDeletedValue):
591 (JSC::PropertyCondition::isCompatibleWith):
592 (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
593 (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
594 (JSC::PropertyConditionHash::hash):
595 (JSC::PropertyConditionHash::equal):
596 * bytecode/PutByIdStatus.cpp:
597 (JSC::PutByIdStatus::computeFromLLInt):
598 (JSC::PutByIdStatus::computeFor):
599 (JSC::PutByIdStatus::computeForStubInfo):
600 * bytecode/PutByIdVariant.cpp:
601 (JSC::PutByIdVariant::operator=):
602 (JSC::PutByIdVariant::transition):
603 (JSC::PutByIdVariant::setter):
604 (JSC::PutByIdVariant::makesCalls):
605 (JSC::PutByIdVariant::attemptToMerge):
606 (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
607 (JSC::PutByIdVariant::dumpInContext):
608 (JSC::PutByIdVariant::baseStructure): Deleted.
609 * bytecode/PutByIdVariant.h:
610 (JSC::PutByIdVariant::PutByIdVariant):
611 (JSC::PutByIdVariant::kind):
612 (JSC::PutByIdVariant::structure):
613 (JSC::PutByIdVariant::structureSet):
614 (JSC::PutByIdVariant::oldStructure):
615 (JSC::PutByIdVariant::conditionSet):
616 (JSC::PutByIdVariant::offset):
617 (JSC::PutByIdVariant::callLinkStatus):
618 (JSC::PutByIdVariant::constantChecks): Deleted.
619 (JSC::PutByIdVariant::alternateBase): Deleted.
620 * bytecode/StructureStubClearingWatchpoint.cpp:
621 (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
622 (JSC::StructureStubClearingWatchpoint::push):
623 (JSC::StructureStubClearingWatchpoint::fireInternal):
624 (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
625 (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
626 (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
627 * bytecode/StructureStubClearingWatchpoint.h:
628 (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
629 (JSC::WatchpointsOnStructureStubInfo::codeBlock):
630 (JSC::WatchpointsOnStructureStubInfo::stubInfo):
631 * bytecode/StructureStubInfo.cpp:
632 (JSC::StructureStubInfo::deref):
633 (JSC::StructureStubInfo::visitWeakReferences):
634 * bytecode/StructureStubInfo.h:
635 (JSC::StructureStubInfo::initPutByIdTransition):
636 (JSC::StructureStubInfo::initPutByIdReplace):
637 (JSC::StructureStubInfo::setSeen):
638 (JSC::StructureStubInfo::addWatchpoint):
639 * dfg/DFGAbstractInterpreterInlines.h:
640 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
641 * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
642 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
643 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
644 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
645 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
646 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
647 * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
648 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
649 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
650 (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
651 * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
652 (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
653 (JSC::DFG::AdaptiveStructureWatchpoint::install):
654 (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
655 * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
656 (JSC::DFG::AdaptiveStructureWatchpoint::key):
657 * dfg/DFGByteCodeParser.cpp:
658 (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
659 (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
660 (JSC::DFG::ByteCodeParser::handleGetByOffset):
661 (JSC::DFG::ByteCodeParser::handlePutByOffset):
662 (JSC::DFG::ByteCodeParser::check):
663 (JSC::DFG::ByteCodeParser::promoteToConstant):
664 (JSC::DFG::ByteCodeParser::planLoad):
665 (JSC::DFG::ByteCodeParser::load):
666 (JSC::DFG::ByteCodeParser::presenceLike):
667 (JSC::DFG::ByteCodeParser::checkPresenceLike):
668 (JSC::DFG::ByteCodeParser::store):
669 (JSC::DFG::ByteCodeParser::handleGetById):
670 (JSC::DFG::ByteCodeParser::handlePutById):
671 (JSC::DFG::ByteCodeParser::parseBlock):
672 (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
673 * dfg/DFGCommonData.cpp:
674 (JSC::DFG::CommonData::validateReferences):
675 * dfg/DFGCommonData.h:
676 * dfg/DFGConstantFoldingPhase.cpp:
677 (JSC::DFG::ConstantFoldingPhase::foldConstants):
678 (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
679 (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
680 (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
681 (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
682 * dfg/DFGDesiredWatchpoints.cpp:
683 (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
684 (JSC::DFG::InferredValueAdaptor::add):
685 (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
686 (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
687 (JSC::DFG::DesiredWatchpoints::addLazily):
688 (JSC::DFG::DesiredWatchpoints::consider):
689 (JSC::DFG::DesiredWatchpoints::reallyAdd):
690 (JSC::DFG::DesiredWatchpoints::areStillValid):
691 (JSC::DFG::DesiredWatchpoints::dumpInContext):
692 * dfg/DFGDesiredWatchpoints.h:
693 (JSC::DFG::SetPointerAdaptor::add):
694 (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
695 (JSC::DFG::SetPointerAdaptor::dumpInContext):
696 (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
697 (JSC::DFG::InferredValueAdaptor::dumpInContext):
698 (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
699 (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
700 (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
701 (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
702 (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
703 (JSC::DFG::GenericDesiredWatchpoints::isWatched):
704 (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
705 (JSC::DFG::DesiredWatchpoints::isWatched):
706 (JSC::DFG::GenericSetAdaptor::add): Deleted.
707 (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
708 * dfg/DFGDesiredWeakReferences.cpp:
709 (JSC::DFG::DesiredWeakReferences::addLazily):
710 (JSC::DFG::DesiredWeakReferences::contains):
711 * dfg/DFGDesiredWeakReferences.h:
713 (JSC::DFG::Graph::dump):
714 (JSC::DFG::Graph::clearFlagsOnAllNodes):
715 (JSC::DFG::Graph::watchCondition):
716 (JSC::DFG::Graph::isSafeToLoad):
717 (JSC::DFG::Graph::livenessFor):
718 (JSC::DFG::Graph::tryGetConstantProperty):
719 (JSC::DFG::Graph::visitChildren):
721 (JSC::DFG::Graph::identifiers):
722 (JSC::DFG::Graph::watchpoints):
723 * dfg/DFGMultiGetByOffsetData.cpp: Added.
724 (JSC::DFG::GetByOffsetMethod::dumpInContext):
725 (JSC::DFG::GetByOffsetMethod::dump):
726 (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
727 (JSC::DFG::MultiGetByOffsetCase::dump):
728 (WTF::printInternal):
729 * dfg/DFGMultiGetByOffsetData.h: Added.
730 (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
731 (JSC::DFG::GetByOffsetMethod::constant):
732 (JSC::DFG::GetByOffsetMethod::load):
733 (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
734 (JSC::DFG::GetByOffsetMethod::operator!):
735 (JSC::DFG::GetByOffsetMethod::kind):
736 (JSC::DFG::GetByOffsetMethod::prototype):
737 (JSC::DFG::GetByOffsetMethod::offset):
738 (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
739 (JSC::DFG::MultiGetByOffsetCase::set):
740 (JSC::DFG::MultiGetByOffsetCase::method):
742 * dfg/DFGSafeToExecute.h:
743 (JSC::DFG::safeToExecute):
744 * dfg/DFGStructureRegistrationPhase.cpp:
745 (JSC::DFG::StructureRegistrationPhase::run):
746 * ftl/FTLLowerDFGToLLVM.cpp:
747 (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
749 (JSC::repatchByIdSelfAccess):
750 (JSC::checkObjectPropertyCondition):
751 (JSC::checkObjectPropertyConditions):
752 (JSC::replaceWithJump):
753 (JSC::generateByIdStub):
754 (JSC::actionForCell):
755 (JSC::tryBuildGetByIDList):
756 (JSC::emitPutReplaceStub):
757 (JSC::emitPutTransitionStub):
758 (JSC::tryCachePutByID):
759 (JSC::tryBuildPutByIdList):
761 (JSC::addStructureTransitionCheck): Deleted.
762 (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
763 * runtime/IntendedStructureChain.cpp: Removed.
764 * runtime/IntendedStructureChain.h: Removed.
765 * runtime/JSCJSValue.h:
766 * runtime/JSObject.cpp:
767 (JSC::throwTypeError):
768 (JSC::JSObject::convertToDictionary):
769 (JSC::JSObject::shiftButterflyAfterFlattening):
770 * runtime/JSObject.h:
771 (JSC::JSObject::flattenDictionaryObject):
772 (JSC::JSObject::convertToDictionary): Deleted.
773 * runtime/Operations.h:
774 (JSC::normalizePrototypeChain):
775 (JSC::normalizePrototypeChainForChainAccess): Deleted.
776 (JSC::isPrototypeChainNormalized): Deleted.
777 * runtime/PropertySlot.h:
778 (JSC::PropertySlot::PropertySlot):
779 (JSC::PropertySlot::slotBase):
780 * runtime/Structure.cpp:
781 (JSC::Structure::addPropertyTransition):
782 (JSC::Structure::attributeChangeTransition):
783 (JSC::Structure::toDictionaryTransition):
784 (JSC::Structure::toCacheableDictionaryTransition):
785 (JSC::Structure::toUncacheableDictionaryTransition):
786 (JSC::Structure::ensurePropertyReplacementWatchpointSet):
787 (JSC::Structure::startWatchingPropertyForReplacements):
788 (JSC::Structure::didCachePropertyReplacement):
789 (JSC::Structure::dump):
790 * runtime/Structure.h:
792 * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
796 * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
798 * tests/stress/replacement-watchpoint-dictionary.js: Added.
800 * tests/stress/replacement-watchpoint.js: Added.
802 * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
804 * tests/stress/undefined-access-then-proto-change.js: Added.
807 2015-08-03 Yusuke Suzuki <utatane.tea@gmail.com>
809 JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
810 https://bugs.webkit.org/show_bug.cgi?id=147538
812 Reviewed by Geoffrey Garen.
814 Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
815 As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
816 This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
818 * parser/ParserTokens.h:
819 * tests/stress/arrow-function-token-is-not-keyword.js: Added.
822 2015-08-03 Keith Miller <keith_miller@apple.com>
824 Clean up the naming for AST expression generation.
825 https://bugs.webkit.org/show_bug.cgi?id=147581
827 Reviewed by Yusuke Suzuki.
829 * parser/ASTBuilder.h:
830 (JSC::ASTBuilder::createThisExpr):
831 (JSC::ASTBuilder::createSuperExpr):
832 (JSC::ASTBuilder::createNewTargetExpr):
833 (JSC::ASTBuilder::thisExpr): Deleted.
834 (JSC::ASTBuilder::superExpr): Deleted.
835 (JSC::ASTBuilder::newTargetExpr): Deleted.
837 (JSC::Parser<LexerType>::parsePrimaryExpression):
838 (JSC::Parser<LexerType>::parseMemberExpression):
839 * parser/SyntaxChecker.h:
840 (JSC::SyntaxChecker::createThisExpr):
841 (JSC::SyntaxChecker::createSuperExpr):
842 (JSC::SyntaxChecker::createNewTargetExpr):
843 (JSC::SyntaxChecker::thisExpr): Deleted.
844 (JSC::SyntaxChecker::superExpr): Deleted.
845 (JSC::SyntaxChecker::newTargetExpr): Deleted.
847 2015-08-03 Yusuke Suzuki <utatane.tea@gmail.com>
849 Don't set up the callsite to operationGetByValDefault when the optimization is already done
850 https://bugs.webkit.org/show_bug.cgi?id=147577
852 Reviewed by Filip Pizlo.
854 operationGetByValDefault should be called only when the IC is not set.
855 operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
856 operationGetByValDefault raises the assertion failure.
857 In this patch, we change the callsite setting up code in operationGetByValString when
858 the IC is already set. And to make the operation's meaning explicitly, we changed the
859 name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
862 * jit/JITOperations.cpp:
863 * jit/JITOperations.h:
864 * jit/JITPropertyAccess.cpp:
865 (JSC::JIT::emitSlow_op_get_by_val):
866 * jit/JITPropertyAccess32_64.cpp:
867 (JSC::JIT::emitSlow_op_get_by_val):
868 * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
871 2015-08-03 Csaba Osztrogonác <ossy@webkit.org>
873 [FTL] Remove unused scripts related to native call inlining
874 https://bugs.webkit.org/show_bug.cgi?id=147448
876 Reviewed by Filip Pizlo.
878 * build-symbol-table-index.py: Removed.
879 * copy-llvm-ir-to-derived-sources.sh: Removed.
880 * create-llvm-ir-from-source-file.py: Removed.
881 * create-symbol-table-index.py: Removed.
883 2015-08-02 Benjamin Poulain <bpoulain@apple.com>
885 Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
886 https://bugs.webkit.org/show_bug.cgi?id=118455
888 Reviewed by Filip Pizlo.
890 LivenessAnalysisPhase lights up like a christmas tree in profiles.
892 This patch cuts its cost by 4.
893 About half of the gains come from removing many rehash() when copying
895 The last quarter is achieved by having a special add() function for initializing
898 This makes benchmarks progress by 1-2% here and there. Nothing massive.
900 * dfg/DFGLivenessAnalysisPhase.cpp:
901 (JSC::DFG::LivenessAnalysisPhase::process):
902 The m_live HashSet is only useful per block. When we are done with it,
903 we can transfer it to liveAtHead to avoid a copy.
905 2015-08-01 Saam barati <saambarati1@gmail.com>
907 Unreviewed. Remove unintentional "print" statement in test case.
908 https://bugs.webkit.org/show_bug.cgi?id=142567
910 * tests/stress/class-syntax-definition-semantics.js:
911 (shouldBeSyntaxError):
913 2015-07-31 Alex Christensen <achristensen@webkit.org>
916 https://bugs.webkit.org/show_bug.cgi?id=146579
918 Reviewed by Jon Honeycutt.
921 Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
923 2015-07-31 Saam barati <saambarati1@gmail.com>
925 ES6 class syntax should use block scoping
926 https://bugs.webkit.org/show_bug.cgi?id=142567
928 Reviewed by Geoffrey Garen.
930 We treat class declarations like we do "let" declarations.
931 The class name is under TDZ until the class declaration
932 statement is evaluated. Class declarations also follow
933 the same rules as "let": No duplicate definitions inside
934 a lexical environment.
936 * parser/ASTBuilder.h:
937 (JSC::ASTBuilder::createClassDeclStatement):
939 (JSC::Parser<LexerType>::parseClassDeclaration):
940 * tests/stress/class-syntax-block-scoping.js: Added.
944 * tests/stress/class-syntax-definition-semantics.js: Added.
945 (shouldBeSyntaxError):
946 (shouldNotBeSyntaxError):
948 * tests/stress/class-syntax-tdz.js:
954 2015-07-31 Sukolsak Sakshuwong <sukolsak@gmail.com>
956 Implement WebAssembly module parser
957 https://bugs.webkit.org/show_bug.cgi?id=147293
959 Reviewed by Mark Lam.
961 Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
962 include file: 'JSWASMModule.h'" issue on Windows.
964 Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
965 <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
966 the magic number at the beginning of the files. Parsing of the rest will be
967 implemented in a subsequent patch.
970 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
971 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
972 * JavaScriptCore.xcodeproj/project.pbxproj:
974 (GlobalObject::finishCreation):
975 (functionLoadWebAssembly):
976 * parser/SourceProvider.h:
977 (JSC::WebAssemblySourceProvider::create):
978 (JSC::WebAssemblySourceProvider::data):
979 (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
980 * runtime/JSGlobalObject.cpp:
981 (JSC::JSGlobalObject::init):
982 (JSC::JSGlobalObject::visitChildren):
983 * runtime/JSGlobalObject.h:
984 (JSC::JSGlobalObject::wasmModuleStructure):
985 * wasm/WASMMagicNumber.h: Added.
986 * wasm/WASMModuleParser.cpp: Added.
987 (JSC::WASMModuleParser::WASMModuleParser):
988 (JSC::WASMModuleParser::parse):
989 (JSC::WASMModuleParser::parseModule):
990 (JSC::parseWebAssembly):
991 * wasm/WASMModuleParser.h: Added.
992 * wasm/WASMReader.cpp: Added.
993 (JSC::WASMReader::readUnsignedInt32):
994 (JSC::WASMReader::readFloat):
995 (JSC::WASMReader::readDouble):
996 * wasm/WASMReader.h: Added.
997 (JSC::WASMReader::WASMReader):
999 2015-07-30 Sukolsak Sakshuwong <sukolsak@gmail.com>
1001 Add the "wasm" directory to the Additional Include Directories for jsc.exe
1002 https://bugs.webkit.org/show_bug.cgi?id=147443
1004 Reviewed by Mark Lam.
1006 This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
1007 Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
1009 * JavaScriptCore.vcxproj/jsc/jscCommon.props:
1011 2015-07-30 Chris Dumez <cdumez@apple.com>
1013 Mark more classes as fast allocated
1014 https://bugs.webkit.org/show_bug.cgi?id=147440
1016 Reviewed by Sam Weinig.
1018 Mark more classes as fast allocated for performance. We heap-allocate
1019 objects of those types throughout the code base.
1021 * API/JSCallbackObject.h:
1022 * API/ObjCCallbackFunction.mm:
1023 * bytecode/BytecodeKills.h:
1024 * bytecode/BytecodeLivenessAnalysis.h:
1025 * bytecode/CallLinkStatus.h:
1026 * bytecode/FullBytecodeLiveness.h:
1027 * bytecode/SamplingTool.h:
1028 * bytecompiler/BytecodeGenerator.h:
1029 * dfg/DFGBasicBlock.h:
1030 * dfg/DFGBlockMap.h:
1031 * dfg/DFGInPlaceAbstractState.h:
1032 * dfg/DFGThreadData.h:
1033 * heap/HeapVerifier.h:
1034 * heap/SlotVisitor.h:
1036 * runtime/ControlFlowProfiler.h:
1037 * runtime/TypeProfiler.h:
1038 * runtime/TypeProfilerLog.h:
1039 * runtime/Watchdog.h:
1041 2015-07-29 Filip Pizlo <fpizlo@apple.com>
1043 DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
1044 https://bugs.webkit.org/show_bug.cgi?id=147433
1045 rdar://problem/21668986
1047 Reviewed by Mark Lam.
1049 Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments. But
1050 currently that's not what it does - it emits a SetArgument for every argument that a varargs
1051 call may pass. Each SetArgument gets turned into a GetStack. This means that if
1052 ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
1053 get passed or used, we get degenerate IR where we have a GetStack of something that didn't
1056 This fixes the bug by removing the code to optimize away PutStacks in
1057 ArgumentsEliminationPhase.
1059 * dfg/DFGArgumentsEliminationPhase.cpp:
1060 * tests/stress/varargs-inlining-underflow.js: Added.
1065 2015-07-29 Andy VanWagoner <thetalecrafter@gmail.com>
1067 Implement basic types for ECMAScript Internationalization API
1068 https://bugs.webkit.org/show_bug.cgi?id=146926
1070 Reviewed by Benjamin Poulain.
1072 Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
1073 http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
1075 * CMakeLists.txt: Added new Intl files.
1076 * Configurations/FeatureDefines.xcconfig: Enable INTL.
1077 * DerivedSources.make: Added Intl files.
1078 * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
1079 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
1080 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
1081 * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
1082 * runtime/DateConstructor.cpp: Made Date.now public.
1083 * runtime/DateConstructor.h: Made Date.now public.
1084 * runtime/IntlCollator.cpp: Added.
1085 (JSC::IntlCollator::create):
1086 (JSC::IntlCollator::createStructure):
1087 (JSC::IntlCollator::IntlCollator):
1088 (JSC::IntlCollator::finishCreation):
1089 (JSC::IntlCollator::destroy):
1090 (JSC::IntlCollator::visitChildren):
1091 (JSC::IntlCollator::setBoundCompare):
1092 (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
1093 * runtime/IntlCollator.h: Added.
1094 (JSC::IntlCollator::constructor):
1095 (JSC::IntlCollator::boundCompare):
1096 * runtime/IntlCollatorConstructor.cpp: Added.
1097 (JSC::IntlCollatorConstructor::create):
1098 (JSC::IntlCollatorConstructor::createStructure):
1099 (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
1100 (JSC::IntlCollatorConstructor::finishCreation):
1101 (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
1102 (JSC::callIntlCollator): Added Collator constructor (10.1.2).
1103 (JSC::IntlCollatorConstructor::getConstructData):
1104 (JSC::IntlCollatorConstructor::getCallData):
1105 (JSC::IntlCollatorConstructor::getOwnPropertySlot):
1106 (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1107 (JSC::IntlCollatorConstructor::visitChildren):
1108 * runtime/IntlCollatorConstructor.h: Added.
1109 (JSC::IntlCollatorConstructor::collatorStructure):
1110 * runtime/IntlCollatorPrototype.cpp: Added.
1111 (JSC::IntlCollatorPrototype::create):
1112 (JSC::IntlCollatorPrototype::createStructure):
1113 (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
1114 (JSC::IntlCollatorPrototype::finishCreation):
1115 (JSC::IntlCollatorPrototype::getOwnPropertySlot):
1116 (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
1117 (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1118 * runtime/IntlCollatorPrototype.h: Added.
1119 * runtime/IntlDateTimeFormat.cpp: Added.
1120 (JSC::IntlDateTimeFormat::create):
1121 (JSC::IntlDateTimeFormat::createStructure):
1122 (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
1123 (JSC::IntlDateTimeFormat::finishCreation):
1124 (JSC::IntlDateTimeFormat::destroy):
1125 (JSC::IntlDateTimeFormat::visitChildren):
1126 (JSC::IntlDateTimeFormat::setBoundFormat):
1127 (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
1128 * runtime/IntlDateTimeFormat.h: Added.
1129 (JSC::IntlDateTimeFormat::constructor):
1130 (JSC::IntlDateTimeFormat::boundFormat):
1131 * runtime/IntlDateTimeFormatConstructor.cpp: Added.
1132 (JSC::IntlDateTimeFormatConstructor::create):
1133 (JSC::IntlDateTimeFormatConstructor::createStructure):
1134 (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
1135 (JSC::IntlDateTimeFormatConstructor::finishCreation):
1136 (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
1137 (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
1138 (JSC::IntlDateTimeFormatConstructor::getConstructData):
1139 (JSC::IntlDateTimeFormatConstructor::getCallData):
1140 (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
1141 (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1142 (JSC::IntlDateTimeFormatConstructor::visitChildren):
1143 * runtime/IntlDateTimeFormatConstructor.h: Added.
1144 (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
1145 * runtime/IntlDateTimeFormatPrototype.cpp: Added.
1146 (JSC::IntlDateTimeFormatPrototype::create):
1147 (JSC::IntlDateTimeFormatPrototype::createStructure):
1148 (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
1149 (JSC::IntlDateTimeFormatPrototype::finishCreation):
1150 (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
1151 (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
1152 (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1153 * runtime/IntlDateTimeFormatPrototype.h: Added.
1154 * runtime/IntlNumberFormat.cpp: Added.
1155 (JSC::IntlNumberFormat::create):
1156 (JSC::IntlNumberFormat::createStructure):
1157 (JSC::IntlNumberFormat::IntlNumberFormat):
1158 (JSC::IntlNumberFormat::finishCreation):
1159 (JSC::IntlNumberFormat::destroy):
1160 (JSC::IntlNumberFormat::visitChildren):
1161 (JSC::IntlNumberFormat::setBoundFormat):
1162 (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
1163 * runtime/IntlNumberFormat.h: Added.
1164 (JSC::IntlNumberFormat::constructor):
1165 (JSC::IntlNumberFormat::boundFormat):
1166 * runtime/IntlNumberFormatConstructor.cpp: Added.
1167 (JSC::IntlNumberFormatConstructor::create):
1168 (JSC::IntlNumberFormatConstructor::createStructure):
1169 (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
1170 (JSC::IntlNumberFormatConstructor::finishCreation):
1171 (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
1172 (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
1173 (JSC::IntlNumberFormatConstructor::getConstructData):
1174 (JSC::IntlNumberFormatConstructor::getCallData):
1175 (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
1176 (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
1177 (JSC::IntlNumberFormatConstructor::visitChildren):
1178 * runtime/IntlNumberFormatConstructor.h: Added.
1179 (JSC::IntlNumberFormatConstructor::numberFormatStructure):
1180 * runtime/IntlNumberFormatPrototype.cpp: Added.
1181 (JSC::IntlNumberFormatPrototype::create):
1182 (JSC::IntlNumberFormatPrototype::createStructure):
1183 (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
1184 (JSC::IntlNumberFormatPrototype::finishCreation):
1185 (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
1186 (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
1187 (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
1188 * runtime/IntlNumberFormatPrototype.h: Added.
1189 * runtime/IntlObject.cpp:
1190 (JSC::IntlObject::create):
1191 (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
1192 (JSC::IntlObject::visitChildren):
1193 * runtime/IntlObject.h:
1194 (JSC::IntlObject::collatorConstructor):
1195 (JSC::IntlObject::collatorPrototype):
1196 (JSC::IntlObject::collatorStructure):
1197 (JSC::IntlObject::numberFormatConstructor):
1198 (JSC::IntlObject::numberFormatPrototype):
1199 (JSC::IntlObject::numberFormatStructure):
1200 (JSC::IntlObject::dateTimeFormatConstructor):
1201 (JSC::IntlObject::dateTimeFormatPrototype):
1202 (JSC::IntlObject::dateTimeFormatStructure):
1203 * runtime/JSGlobalObject.cpp:
1204 (JSC::JSGlobalObject::init):
1206 2015-07-29 Commit Queue <commit-queue@webkit.org>
1208 Unreviewed, rolling out r187550.
1209 https://bugs.webkit.org/show_bug.cgi?id=147420
1211 Broke Windows build (again) (Requested by smfr on #webkit).
1215 "Implement WebAssembly module parser"
1216 https://bugs.webkit.org/show_bug.cgi?id=147293
1217 http://trac.webkit.org/changeset/187550
1219 2015-07-29 Basile Clement <basile_clement@apple.com>
1221 Remove native call inlining
1222 https://bugs.webkit.org/show_bug.cgi?id=147417
1224 Rubber Stamped by Filip Pizlo.
1227 * dfg/DFGAbstractInterpreterInlines.h:
1228 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1229 * dfg/DFGByteCodeParser.cpp:
1230 (JSC::DFG::ByteCodeParser::handleCall): Deleted.
1231 * dfg/DFGClobberize.h:
1232 (JSC::DFG::clobberize): Deleted.
1233 * dfg/DFGDoesGC.cpp:
1234 (JSC::DFG::doesGC): Deleted.
1235 * dfg/DFGFixupPhase.cpp:
1236 (JSC::DFG::FixupPhase::fixupNode): Deleted.
1238 (JSC::DFG::Node::hasHeapPrediction): Deleted.
1239 (JSC::DFG::Node::hasCellOperand): Deleted.
1240 * dfg/DFGNodeType.h:
1241 * dfg/DFGPredictionPropagationPhase.cpp:
1242 (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1243 * dfg/DFGSafeToExecute.h:
1244 (JSC::DFG::safeToExecute): Deleted.
1245 * dfg/DFGSpeculativeJIT32_64.cpp:
1246 (JSC::DFG::SpeculativeJIT::compile): Deleted.
1247 * dfg/DFGSpeculativeJIT64.cpp:
1248 (JSC::DFG::SpeculativeJIT::compile): Deleted.
1249 * ftl/FTLCapabilities.cpp:
1250 (JSC::FTL::canCompile): Deleted.
1251 * ftl/FTLLowerDFGToLLVM.cpp:
1252 (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
1253 (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1254 (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
1255 (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
1256 (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
1257 (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
1259 (JSC::FTL::State::State): Deleted.
1261 * runtime/BundlePath.cpp: Removed.
1262 (JSC::bundlePath): Deleted.
1263 * runtime/JSDataViewPrototype.cpp:
1266 * runtime/Options.h:
1268 2015-07-29 Basile Clement <basile_clement@apple.com>
1270 Unreviewed, skipping a test that is too complex for its own good
1271 https://bugs.webkit.org/show_bug.cgi?id=147167
1273 * tests/stress/math-pow-coherency.js:
1275 2015-07-29 Sukolsak Sakshuwong <sukolsak@gmail.com>
1277 Implement WebAssembly module parser
1278 https://bugs.webkit.org/show_bug.cgi?id=147293
1280 Reviewed by Mark Lam.
1282 Reupload the patch, since r187539 should fix the "Cannot open include file:
1283 'JSWASMModule.h'" issue in the Windows build.
1286 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1287 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1288 * JavaScriptCore.xcodeproj/project.pbxproj:
1290 (GlobalObject::finishCreation):
1291 (functionLoadWebAssembly):
1292 * parser/SourceProvider.h:
1293 (JSC::WebAssemblySourceProvider::create):
1294 (JSC::WebAssemblySourceProvider::data):
1295 (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
1296 * runtime/JSGlobalObject.cpp:
1297 (JSC::JSGlobalObject::init):
1298 (JSC::JSGlobalObject::visitChildren):
1299 * runtime/JSGlobalObject.h:
1300 (JSC::JSGlobalObject::wasmModuleStructure):
1301 * wasm/WASMMagicNumber.h: Added.
1302 * wasm/WASMModuleParser.cpp: Added.
1303 (JSC::WASMModuleParser::WASMModuleParser):
1304 (JSC::WASMModuleParser::parse):
1305 (JSC::WASMModuleParser::parseModule):
1306 (JSC::parseWebAssembly):
1307 * wasm/WASMModuleParser.h: Added.
1308 * wasm/WASMReader.cpp: Added.
1309 (JSC::WASMReader::readUnsignedInt32):
1310 (JSC::WASMReader::readFloat):
1311 (JSC::WASMReader::readDouble):
1312 * wasm/WASMReader.h: Added.
1313 (JSC::WASMReader::WASMReader):
1315 2015-07-29 Basile Clement <basile_clement@apple.com>
1317 Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
1318 https://bugs.webkit.org/show_bug.cgi?id=147167
1320 * tests/stress/math-pow-coherency.js:
1322 2015-07-28 Sukolsak Sakshuwong <sukolsak@gmail.com>
1324 Add the "wasm" directory to Visual Studio project files
1325 https://bugs.webkit.org/show_bug.cgi?id=147400
1327 Reviewed by Simon Fraser.
1329 This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
1330 in the Windows build.
1332 * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1333 * JavaScriptCore.vcxproj/copy-files.cmd:
1335 2015-07-28 Commit Queue <commit-queue@webkit.org>
1337 Unreviewed, rolling out r187531.
1338 https://bugs.webkit.org/show_bug.cgi?id=147397
1340 Broke Windows bild (Requested by smfr on #webkit).
1344 "Implement WebAssembly module parser"
1345 https://bugs.webkit.org/show_bug.cgi?id=147293
1346 http://trac.webkit.org/changeset/187531
1348 2015-07-28 Benjamin Poulain <bpoulain@apple.com>
1350 Speed up the Stringifier::toJSON() fast case
1351 https://bugs.webkit.org/show_bug.cgi?id=147383
1353 Reviewed by Andreas Kling.
1355 * runtime/JSONObject.cpp:
1356 (JSC::Stringifier::toJSON):
1357 (JSC::Stringifier::toJSONImpl):
1359 2015-07-28 Sukolsak Sakshuwong <sukolsak@gmail.com>
1361 Implement WebAssembly module parser
1362 https://bugs.webkit.org/show_bug.cgi?id=147293
1364 Reviewed by Geoffrey Garen.
1366 Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
1367 <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
1368 the magic number at the beginning of the files. Parsing of the rest will be
1369 implemented in a subsequent patch.
1372 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1373 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1374 * JavaScriptCore.xcodeproj/project.pbxproj:
1376 (GlobalObject::finishCreation):
1377 (functionLoadWebAssembly):
1378 * parser/SourceProvider.h:
1379 (JSC::WebAssemblySourceProvider::create):
1380 (JSC::WebAssemblySourceProvider::data):
1381 (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
1382 * runtime/JSGlobalObject.cpp:
1383 (JSC::JSGlobalObject::init):
1384 (JSC::JSGlobalObject::visitChildren):
1385 * runtime/JSGlobalObject.h:
1386 (JSC::JSGlobalObject::wasmModuleStructure):
1387 * wasm/WASMMagicNumber.h: Added.
1388 * wasm/WASMModuleParser.cpp: Added.
1389 (JSC::WASMModuleParser::WASMModuleParser):
1390 (JSC::WASMModuleParser::parse):
1391 (JSC::WASMModuleParser::parseModule):
1392 (JSC::parseWebAssembly):
1393 * wasm/WASMModuleParser.h: Added.
1394 * wasm/WASMReader.cpp: Added.
1395 (JSC::WASMReader::readUnsignedInt32):
1396 (JSC::WASMReader::readFloat):
1397 (JSC::WASMReader::readDouble):
1398 * wasm/WASMReader.h: Added.
1399 (JSC::WASMReader::WASMReader):
1401 2015-07-28 Yusuke Suzuki <utatane.tea@gmail.com>
1403 [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
1404 https://bugs.webkit.org/show_bug.cgi?id=147350
1406 Reviewed by Sam Weinig.
1408 * Configurations/FeatureDefines.xcconfig:
1410 2015-07-28 Saam barati <saambarati1@gmail.com>
1412 Make the type profiler work with lexical scoping and add tests
1413 https://bugs.webkit.org/show_bug.cgi?id=145438
1415 Reviewed by Geoffrey Garen.
1417 op_profile_type now knows how to resolve variables allocated within
1418 the local scope stack. This means it knows how to resolve "let"
1419 and "const" variables. Also, some refactoring was done inside
1420 the BytecodeGenerator to make writing code to support the type
1421 profiler much simpler and clearer.
1423 * bytecode/CodeBlock.cpp:
1424 (JSC::CodeBlock::CodeBlock):
1425 * bytecode/CodeBlock.h:
1426 (JSC::CodeBlock::symbolTable): Deleted.
1427 * bytecode/UnlinkedCodeBlock.h:
1428 (JSC::UnlinkedCodeBlock::addExceptionHandler):
1429 (JSC::UnlinkedCodeBlock::exceptionHandler):
1430 (JSC::UnlinkedCodeBlock::vm):
1431 (JSC::UnlinkedCodeBlock::addArrayProfile):
1432 (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
1433 (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
1434 * bytecompiler/BytecodeGenerator.cpp:
1435 (JSC::BytecodeGenerator::BytecodeGenerator):
1436 (JSC::BytecodeGenerator::emitMove):
1437 (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
1438 (JSC::BytecodeGenerator::emitProfileType):
1439 (JSC::BytecodeGenerator::emitProfileControlFlow):
1440 (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1441 * bytecompiler/BytecodeGenerator.h:
1442 (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
1443 * bytecompiler/NodesCodegen.cpp:
1444 (JSC::ThisNode::emitBytecode):
1445 (JSC::ResolveNode::emitBytecode):
1446 (JSC::BracketAccessorNode::emitBytecode):
1447 (JSC::DotAccessorNode::emitBytecode):
1448 (JSC::FunctionCallValueNode::emitBytecode):
1449 (JSC::FunctionCallResolveNode::emitBytecode):
1450 (JSC::FunctionCallBracketNode::emitBytecode):
1451 (JSC::FunctionCallDotNode::emitBytecode):
1452 (JSC::CallFunctionCallDotNode::emitBytecode):
1453 (JSC::ApplyFunctionCallDotNode::emitBytecode):
1454 (JSC::PostfixNode::emitResolve):
1455 (JSC::PostfixNode::emitBracket):
1456 (JSC::PostfixNode::emitDot):
1457 (JSC::PrefixNode::emitResolve):
1458 (JSC::PrefixNode::emitBracket):
1459 (JSC::PrefixNode::emitDot):
1460 (JSC::ReadModifyResolveNode::emitBytecode):
1461 (JSC::AssignResolveNode::emitBytecode):
1462 (JSC::AssignDotNode::emitBytecode):
1463 (JSC::ReadModifyDotNode::emitBytecode):
1464 (JSC::AssignBracketNode::emitBytecode):
1465 (JSC::ReadModifyBracketNode::emitBytecode):
1466 (JSC::EmptyVarExpression::emitBytecode):
1467 (JSC::EmptyLetExpression::emitBytecode):
1468 (JSC::ForInNode::emitLoopHeader):
1469 (JSC::ForOfNode::emitBytecode):
1470 (JSC::ReturnNode::emitBytecode):
1471 (JSC::FunctionNode::emitBytecode):
1472 (JSC::BindingNode::bindValue):
1473 * dfg/DFGSpeculativeJIT32_64.cpp:
1474 (JSC::DFG::SpeculativeJIT::compile):
1475 * dfg/DFGSpeculativeJIT64.cpp:
1476 (JSC::DFG::SpeculativeJIT::compile):
1477 * jit/JITOpcodes.cpp:
1478 (JSC::JIT::emit_op_profile_type):
1479 * jit/JITOpcodes32_64.cpp:
1480 (JSC::JIT::emit_op_profile_type):
1481 * llint/LowLevelInterpreter32_64.asm:
1482 * llint/LowLevelInterpreter64.asm:
1483 * tests/typeProfiler/es6-block-scoping.js: Added.
1486 (wrapper.changeFoo):
1490 * tests/typeProfiler/es6-classes.js: Added.
1493 (wrapper.Animal.prototype.methodA):
1495 (wrapper.Dog.prototype.methodB):
1498 2015-07-28 Saam barati <saambarati1@gmail.com>
1500 Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
1501 https://bugs.webkit.org/show_bug.cgi?id=146979
1503 Reviewed by Geoffrey Garen.
1505 Now that BytecodeGenerator has a notion of local scope depth,
1506 we can easily implement a catch scope that doesn't claim that
1507 all variables are dynamically scoped. This means that functions
1508 that use try/catch can have local variable resolution. This also
1509 means that all functions that use try/catch don't have all
1510 their variables marked as being captured.
1512 Catch scopes now behave like a "let" scope (sans the TDZ logic) with a
1513 single variable. Catch scopes are now just JSLexicalEnvironments and the
1514 symbol table backing the catch scope knows that it corresponds to a catch scope.
1517 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1518 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1519 * JavaScriptCore.xcodeproj/project.pbxproj:
1520 * bytecode/CodeBlock.cpp:
1521 (JSC::CodeBlock::dumpBytecode):
1522 * bytecode/EvalCodeCache.h:
1523 (JSC::EvalCodeCache::isCacheable):
1524 * bytecompiler/BytecodeGenerator.cpp:
1525 (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1526 (JSC::BytecodeGenerator::emitLoadGlobalObject):
1527 (JSC::BytecodeGenerator::pushLexicalScope):
1528 (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1529 (JSC::BytecodeGenerator::popLexicalScope):
1530 (JSC::BytecodeGenerator::popLexicalScopeInternal):
1531 (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
1532 (JSC::BytecodeGenerator::variable):
1533 (JSC::BytecodeGenerator::resolveType):
1534 (JSC::BytecodeGenerator::emitResolveScope):
1535 (JSC::BytecodeGenerator::emitPopScope):
1536 (JSC::BytecodeGenerator::emitPopWithScope):
1537 (JSC::BytecodeGenerator::emitDebugHook):
1538 (JSC::BytecodeGenerator::popScopedControlFlowContext):
1539 (JSC::BytecodeGenerator::emitPushCatchScope):
1540 (JSC::BytecodeGenerator::emitPopCatchScope):
1541 (JSC::BytecodeGenerator::beginSwitch):
1542 (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
1543 * bytecompiler/BytecodeGenerator.h:
1544 (JSC::BytecodeGenerator::lastOpcodeID):
1545 * bytecompiler/NodesCodegen.cpp:
1546 (JSC::AssignResolveNode::emitBytecode):
1547 (JSC::WithNode::emitBytecode):
1548 (JSC::TryNode::emitBytecode):
1549 * debugger/DebuggerScope.cpp:
1550 (JSC::DebuggerScope::isCatchScope):
1551 (JSC::DebuggerScope::isFunctionNameScope):
1552 (JSC::DebuggerScope::isFunctionOrEvalScope):
1553 (JSC::DebuggerScope::caughtValue):
1554 * debugger/DebuggerScope.h:
1555 * inspector/ScriptDebugServer.cpp:
1556 (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
1557 * interpreter/Interpreter.cpp:
1558 (JSC::Interpreter::execute):
1559 * jit/JITOpcodes.cpp:
1560 (JSC::JIT::emit_op_push_name_scope):
1561 * jit/JITOpcodes32_64.cpp:
1562 (JSC::JIT::emit_op_push_name_scope):
1563 * jit/JITOperations.cpp:
1564 * jit/JITOperations.h:
1565 * parser/ASTBuilder.h:
1566 (JSC::ASTBuilder::createContinueStatement):
1567 (JSC::ASTBuilder::createTryStatement):
1568 * parser/NodeConstructors.h:
1569 (JSC::ThrowNode::ThrowNode):
1570 (JSC::TryNode::TryNode):
1571 (JSC::FunctionParameters::FunctionParameters):
1573 * parser/Parser.cpp:
1574 (JSC::Parser<LexerType>::parseTryStatement):
1575 * parser/SyntaxChecker.h:
1576 (JSC::SyntaxChecker::createBreakStatement):
1577 (JSC::SyntaxChecker::createContinueStatement):
1578 (JSC::SyntaxChecker::createTryStatement):
1579 (JSC::SyntaxChecker::createSwitchStatement):
1580 (JSC::SyntaxChecker::createWhileStatement):
1581 (JSC::SyntaxChecker::createWithStatement):
1582 * runtime/JSCatchScope.cpp:
1583 * runtime/JSCatchScope.h:
1584 (JSC::JSCatchScope::JSCatchScope): Deleted.
1585 (JSC::JSCatchScope::create): Deleted.
1586 (JSC::JSCatchScope::createStructure): Deleted.
1587 * runtime/JSFunctionNameScope.h:
1588 (JSC::JSFunctionNameScope::JSFunctionNameScope):
1589 * runtime/JSGlobalObject.cpp:
1590 (JSC::JSGlobalObject::init):
1591 (JSC::JSGlobalObject::visitChildren):
1592 * runtime/JSGlobalObject.h:
1593 (JSC::JSGlobalObject::withScopeStructure):
1594 (JSC::JSGlobalObject::strictEvalActivationStructure):
1595 (JSC::JSGlobalObject::activationStructure):
1596 (JSC::JSGlobalObject::functionNameScopeStructure):
1597 (JSC::JSGlobalObject::directArgumentsStructure):
1598 (JSC::JSGlobalObject::scopedArgumentsStructure):
1599 (JSC::JSGlobalObject::catchScopeStructure): Deleted.
1600 * runtime/JSNameScope.cpp:
1601 (JSC::JSNameScope::create):
1602 (JSC::JSNameScope::toThis):
1603 * runtime/JSNameScope.h:
1604 * runtime/JSObject.cpp:
1605 (JSC::JSObject::toThis):
1606 (JSC::JSObject::isFunctionNameScopeObject):
1607 (JSC::JSObject::isCatchScopeObject): Deleted.
1608 * runtime/JSObject.h:
1609 * runtime/JSScope.cpp:
1610 (JSC::JSScope::collectVariablesUnderTDZ):
1611 (JSC::JSScope::isLexicalScope):
1612 (JSC::JSScope::isCatchScope):
1613 (JSC::resolveModeName):
1614 * runtime/JSScope.h:
1615 * runtime/SymbolTable.cpp:
1616 (JSC::SymbolTable::SymbolTable):
1617 (JSC::SymbolTable::cloneScopePart):
1618 * runtime/SymbolTable.h:
1619 * tests/stress/const-semantics.js:
1622 2015-07-28 Filip Pizlo <fpizlo@apple.com>
1624 DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
1625 https://bugs.webkit.org/show_bug.cgi?id=147373
1627 Reviewed by Mark Lam.
1629 The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
1630 safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
1631 safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
1633 When converting a GetByVal to GetStack, there are three possibilities:
1635 1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
1636 know to have stored to the stack. For example, if we inline a function that does
1637 "arguments[42]" at a call that passes no arguments.
1639 2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
1640 can happen for "arguments[42]" with no inline call frame (since we don't know statically
1641 how many arguments we will be passed) or in a varargs call frame.
1643 3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
1644 happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
1645 frame, and we know that the caller passed 42 or more arguments.
1647 The way the phase handles this is it first determines that we're not in case (1). This is
1648 called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
1649 frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
1650 is in-bounds (i.e. case (3)).
1652 But the phase was again doing a check for whether the index is in-bounds for non-varargs
1653 inline call frames even when safeToGetStack was true. That check is redundant and should be
1654 eliminated, since it makes the code confusing.
1656 * dfg/DFGArgumentsEliminationPhase.cpp:
1658 2015-07-28 Filip Pizlo <fpizlo@apple.com>
1660 DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
1661 https://bugs.webkit.org/show_bug.cgi?id=147371
1663 Reviewed by Mark Lam.
1667 - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
1668 using ConflictingFlush for arguments.
1670 - Assert that a GetStack never sees ConflictingFlush.
1672 * dfg/DFGPutStackSinkingPhase.cpp:
1674 2015-07-28 Basile Clement <basile_clement@apple.com>
1676 Misleading error message: "At least one digit must occur after a decimal point"
1677 https://bugs.webkit.org/show_bug.cgi?id=146238
1679 Reviewed by Geoffrey Garen.
1681 Interestingly, we had a comment explaining what this error message was
1682 about that is much clearer than the error message itself. This patch
1683 simply replaces the error message with the explanation from the
1687 (JSC::Lexer<T>::lex):
1689 2015-07-28 Basile Clement <basile_clement@apple.com>
1691 Simplify call linking
1692 https://bugs.webkit.org/show_bug.cgi?id=147363
1694 Reviewed by Filip Pizlo.
1696 Previously, we were passing both the CallLinkInfo and a
1697 (CodeSpecializationKind, RegisterPreservationMode) pair to the
1698 different call linking slow paths. However, the CallLinkInfo already
1699 has all of that information, and we don't gain anything by having them
1700 in additional static parameters - except possibly a very small
1701 performance gain in presence of inlining. However since those are
1702 already slow paths, this performance loss (if it exists) will not be
1703 visible in practice.
1705 This patch removes the various specialized thunks and JIT operations
1706 for regular and polymorphic call linking with a single thunk and
1707 operation for each case. Moreover, it removes the four specialized
1708 virtual call thunks and operations with one virtual call thunk for each
1709 call link info, allowing for better branch prediction by the CPU and
1710 fixing a pre-existing FIXME.
1712 * bytecode/CallLinkInfo.cpp:
1713 (JSC::CallLinkInfo::unlink):
1714 (JSC::CallLinkInfo::dummy): Deleted.
1715 * bytecode/CallLinkInfo.h:
1716 (JSC::CallLinkInfo::CallLinkInfo):
1717 (JSC::CallLinkInfo::registerPreservationMode):
1718 (JSC::CallLinkInfo::setUpCallFromFTL):
1719 (JSC::CallLinkInfo::setSlowStub):
1720 (JSC::CallLinkInfo::clearSlowStub):
1721 (JSC::CallLinkInfo::slowStub):
1722 * dfg/DFGDriver.cpp:
1723 (JSC::DFG::compileImpl):
1724 * dfg/DFGJITCompiler.cpp:
1725 (JSC::DFG::JITCompiler::link):
1726 * ftl/FTLJSCallBase.cpp:
1727 (JSC::FTL::JSCallBase::link):
1729 (JSC::JIT::compileCallEvalSlowCase):
1730 (JSC::JIT::compileOpCall):
1731 (JSC::JIT::compileOpCallSlowCase):
1732 * jit/JITCall32_64.cpp:
1733 (JSC::JIT::compileCallEvalSlowCase):
1734 (JSC::JIT::compileOpCall):
1735 (JSC::JIT::compileOpCallSlowCase):
1736 * jit/JITOperations.cpp:
1737 * jit/JITOperations.h:
1738 (JSC::operationLinkFor): Deleted.
1739 (JSC::operationVirtualFor): Deleted.
1740 (JSC::operationLinkPolymorphicCallFor): Deleted.
1742 (JSC::generateByIdStub):
1747 (JSC::linkVirtualFor):
1748 (JSC::linkPolymorphicCall):
1750 * jit/ThunkGenerators.cpp:
1751 (JSC::linkCallThunkGenerator):
1752 (JSC::linkPolymorphicCallThunkGenerator):
1753 (JSC::virtualThunkFor):
1754 (JSC::linkForThunkGenerator): Deleted.
1755 (JSC::linkConstructThunkGenerator): Deleted.
1756 (JSC::linkCallThatPreservesRegsThunkGenerator): Deleted.
1757 (JSC::linkConstructThatPreservesRegsThunkGenerator): Deleted.
1758 (JSC::linkPolymorphicCallForThunkGenerator): Deleted.
1759 (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator): Deleted.
1760 (JSC::virtualForThunkGenerator): Deleted.
1761 (JSC::virtualCallThunkGenerator): Deleted.
1762 (JSC::virtualConstructThunkGenerator): Deleted.
1763 (JSC::virtualCallThatPreservesRegsThunkGenerator): Deleted.
1764 (JSC::virtualConstructThatPreservesRegsThunkGenerator): Deleted.
1765 * jit/ThunkGenerators.h:
1766 (JSC::linkThunkGeneratorFor): Deleted.
1767 (JSC::linkPolymorphicCallThunkGeneratorFor): Deleted.
1768 (JSC::virtualThunkGeneratorFor): Deleted.
1770 2015-07-28 Basile Clement <basile_clement@apple.com>
1772 stress/math-pow-with-constants.js fails in cloop
1773 https://bugs.webkit.org/show_bug.cgi?id=147167
1775 Reviewed by Geoffrey Garen.
1777 Baseline JIT, DFG and FTL are using a fast exponentiation fast path
1778 when computing Math.pow() with an integer exponent that is not taken in
1779 the LLInt (or the DFG abstract interpreter). This leads to the result
1780 of pow changing depending on the compilation tier or the fact that
1781 constant propagation kicks in, which is undesirable.
1783 This patch adds the fast path to the slow operationMathPow in order to
1784 maintain an illusion of consistency.
1786 * runtime/MathCommon.cpp:
1787 (JSC::operationMathPow):
1788 * tests/stress/math-pow-coherency.js: Added.
1790 (build42AsDouble.opaqueAdd):
1794 (pow42NoConstantFolding):
1795 (powDouble42NoConstantFolding):
1797 2015-07-28 Joseph Pecoraro <pecoraro@apple.com>
1799 Web Inspector: Show Pseudo Elements in DOM Tree
1800 https://bugs.webkit.org/show_bug.cgi?id=139612
1802 Reviewed by Timothy Hatcher.
1804 * inspector/protocol/DOM.json:
1805 Add new properties to DOMNode if it is a pseudo element or if it has
1806 pseudo element children. Add new events for if a pseudo element is
1807 added or removed dynamically to an existing DOMNode.
1809 2015-07-27 Filip Pizlo <fpizlo@apple.com>
1811 Add logging when executable code gets deallocated
1812 https://bugs.webkit.org/show_bug.cgi?id=147355
1814 Reviewed by Mark Lam.
1816 * ftl/FTLJITCode.cpp:
1817 (JSC::FTL::JITCode::~JITCode): Print something when this is freed.
1819 (JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef): Print something when this is freed.
1821 2015-07-27 Filip Pizlo <fpizlo@apple.com>
1823 DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
1824 https://bugs.webkit.org/show_bug.cgi?id=147354
1826 Reviewed by Michael Saboff.
1828 If m_structure.isClobbered(), it means that we had a side effect that clobbered
1829 the abstract value but it may recover back to its original value at the next
1830 invalidation point. Since the invalidation point hasn't been reached yet, we need
1831 to conservatively treat the clobbered state as if it was top. At the invalidation
1832 point, the clobbered set will return back to being unclobbered.
1834 In addition to fixing the bug, this introduces isInfinite(), which should be used
1835 in places where it's tempting to just use isTop().
1837 * dfg/DFGSafeToExecute.h:
1838 (JSC::DFG::safeToExecute): Fix the bug.
1839 * dfg/DFGStructureAbstractValue.cpp:
1840 (JSC::DFG::StructureAbstractValue::contains): Switch to using isInfinite().
1841 (JSC::DFG::StructureAbstractValue::isSubsetOf): Switch to using isInfinite().
1842 (JSC::DFG::StructureAbstractValue::isSupersetOf): Switch to using isInfinite().
1843 (JSC::DFG::StructureAbstractValue::overlaps): Switch to using isInfinite().
1844 * dfg/DFGStructureAbstractValue.h:
1845 (JSC::DFG::StructureAbstractValue::isFinite): New convenience method.
1846 (JSC::DFG::StructureAbstractValue::isInfinite): New convenience method.
1847 (JSC::DFG::StructureAbstractValue::onlyStructure): Switch to using isInfinite().
1849 2015-07-27 Yusuke Suzuki <utatane.tea@gmail.com>
1851 [ES6] Implement Reflect.enumerate
1852 https://bugs.webkit.org/show_bug.cgi?id=147347
1854 Reviewed by Sam Weinig.
1856 This patch implements Reflect.enumerate.
1857 It returns the iterator that iterates the enumerable keys of the given object.
1858 It follows the for-in's enumeration order.
1860 To implement it, we write down the same logic to the for-in's enumeration code in C++.
1863 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1864 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1865 * JavaScriptCore.xcodeproj/project.pbxproj:
1866 * runtime/JSGlobalObject.cpp:
1867 (JSC::JSGlobalObject::init):
1868 (JSC::JSGlobalObject::visitChildren):
1869 * runtime/JSGlobalObject.h:
1870 (JSC::JSGlobalObject::propertyNameIteratorStructure):
1871 * runtime/JSPropertyNameIterator.cpp: Added.
1872 (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1873 (JSC::JSPropertyNameIterator::clone):
1874 (JSC::JSPropertyNameIterator::create):
1875 (JSC::JSPropertyNameIterator::finishCreation):
1876 (JSC::JSPropertyNameIterator::visitChildren):
1877 (JSC::JSPropertyNameIterator::next):
1878 (JSC::propertyNameIteratorFuncNext):
1879 * runtime/JSPropertyNameIterator.h: Added.
1880 (JSC::JSPropertyNameIterator::createStructure):
1881 * runtime/ReflectObject.cpp:
1882 (JSC::reflectObjectEnumerate):
1883 * tests/stress/reflect-enumerate.js: Added.
1887 2015-07-27 Yusuke Suzuki <utatane.tea@gmail.com>
1889 [ES6] Implement Reflect.preventExtensions
1890 https://bugs.webkit.org/show_bug.cgi?id=147331
1892 Reviewed by Sam Weinig.
1894 Implement Reflect.preventExtensions.
1895 This is different from Object.preventExensions.
1897 1. When preventExtensions is called onto the non-object, it raises the TypeError.
1898 2. Reflect.preventExtensions does not raise the TypeError when the preventExtensions operation is failed.
1900 For the (2) case, since there is no Proxy implementation currently, Reflect.preventExtensions always succeed.
1902 * runtime/ReflectObject.cpp:
1903 (JSC::reflectObjectPreventExtensions):
1904 * tests/stress/reflect-prevent-extensions.js: Added.
1908 2015-07-27 Alex Christensen <achristensen@webkit.org>
1910 Use Ninja on Windows.
1911 https://bugs.webkit.org/show_bug.cgi?id=147228
1913 Reviewed by Martin Robinson.
1916 Set the working directory when generating LowLevelInterpreterWin.asm to put LowLevelInterpreterWin.asm.sym in the right place.
1918 2015-07-27 Yusuke Suzuki <utatane.tea@gmail.com>
1920 SparseValueMap check is skipped when the butterfly's vectorLength is larger than the access-requested index
1921 https://bugs.webkit.org/show_bug.cgi?id=147265
1923 Reviewed by Geoffrey Garen.
1925 JSObject's vector holds the indexed values and we leverage it to represent stored values and holes.
1926 By checking that the given index is in-bound of the vector's length, we can look up the property fast.
1927 And for the sparse array, we have also the separated SparseValueMap to hold the pairs.
1928 And we need to take care that the length of the vector should not overlap the indices stored in the SparseValueMap.
1930 The vector only holds the pure JS values to avoid additional checking for accessors when looking up the value
1931 from the vector. To achieve this, we also store the accessors (and attributed properties) to SparseValueMap
1932 even the index is less than MIN_SPARSE_ARRAY_INDEX.
1934 As a result, if the length of the vector overlaps the indices of the accessors stored in the SparseValueMap,
1935 we accidentally skip the phase looking up from the SparseValueMap. Instead, we just load from the vector and
1936 if the loaded value is an array hole, we decide the given object does not have the value for the given index.
1938 This patch fixes the problem.
1939 When defining the attributed value that index is smaller than the length of the vector, we throw away the vector
1940 and change the object to DictionaryIndexingMode. Since we can assume that indexed accessors rarely exist in
1941 practice, we expect this does not hurt the performance while keeping the fast property access system without
1942 checking the sparse map.
1944 * runtime/JSObject.cpp:
1945 (JSC::JSObject::putDirectIndexBeyondVectorLength):
1946 * tests/stress/sparse-map-non-overlapping.js: Added.
1950 * tests/stress/sparse-map-non-skip-getter-overriding.js: Added.
1954 * tests/stress/sparse-map-non-skip.js: Added.
1960 2015-07-27 Saam barati <saambarati1@gmail.com>
1962 Reduce execution time for "let" and "const" tests
1963 https://bugs.webkit.org/show_bug.cgi?id=147291
1965 Reviewed by Geoffrey Garen.
1967 We don't need to loop so many times for things that will not make it
1968 into the DFG. Also, we can loop a lot less for almost all the tests
1969 because they're mostly testing the bytecode generator.
1971 * tests/stress/const-and-with-statement.js:
1972 * tests/stress/const-exception-handling.js:
1973 * tests/stress/const-loop-semantics.js:
1974 * tests/stress/const-not-strict-mode.js:
1975 * tests/stress/const-semantics.js:
1976 * tests/stress/const-tdz.js:
1977 * tests/stress/lexical-let-and-with-statement.js:
1978 * tests/stress/lexical-let-exception-handling.js:
1980 * tests/stress/lexical-let-loop-semantics.js:
1984 * tests/stress/lexical-let-not-strict-mode.js:
1985 * tests/stress/lexical-let-semantics.js:
1987 * tests/stress/lexical-let-tdz.js:
1991 2015-07-26 Yusuke Suzuki <utatane.tea@gmail.com>
1993 Rename PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols
1994 https://bugs.webkit.org/show_bug.cgi?id=147311
1996 Reviewed by Sam Weinig.
1998 To make the meaning clear in the user side (PropertyNameArray array(exec, PropertyNameMode::StringsAndSymbols)),
1999 this patch renames PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols.
2001 * bytecode/ObjectAllocationProfile.h:
2002 (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
2003 * runtime/EnumerationMode.h:
2004 * runtime/ObjectConstructor.cpp:
2005 (JSC::ownEnumerablePropertyKeys):
2006 (JSC::defineProperties):
2007 (JSC::objectConstructorSeal):
2008 (JSC::objectConstructorFreeze):
2009 (JSC::objectConstructorIsSealed):
2010 (JSC::objectConstructorIsFrozen):
2011 (JSC::ownPropertyKeys):
2012 * runtime/ReflectObject.cpp:
2013 (JSC::reflectObjectOwnKeys):
2015 2015-07-27 Saam barati <saambarati1@gmail.com>
2017 Added a comment explaining that all "addVar()"s should happen before
2018 emitting bytecode for a function's default parameter expressions
2020 Rubber Stamped by Mark Lam.
2022 * bytecompiler/BytecodeGenerator.cpp:
2023 (JSC::BytecodeGenerator::BytecodeGenerator):
2025 2015-07-26 Sam Weinig <sam@webkit.org>
2027 Add missing builtin files to the JavaScriptCore Xcode project
2028 https://bugs.webkit.org/show_bug.cgi?id=147312
2030 Reviewed by Darin Adler.
2032 * JavaScriptCore.xcodeproj/project.pbxproj:
2035 2015-07-26 Yusuke Suzuki <utatane.tea@gmail.com>
2037 [ES6] Implement Reflect.isExtensible
2038 https://bugs.webkit.org/show_bug.cgi?id=147308
2040 Reviewed by Sam Weinig.
2042 This patch implements Reflect.isExtensible.
2043 It is similar to Object.isExtensible.
2044 The difference is that it raises an error if the first argument is not an object.
2046 * runtime/ReflectObject.cpp:
2047 (JSC::reflectObjectIsExtensible):
2048 * tests/stress/reflect-is-extensible.js: Added.
2052 2015-07-26 Yusuke Suzuki <utatane.tea@gmail.com>
2054 Unreviewed, fix the debug build due to touching the non-declared variable in ASSERT
2055 https://bugs.webkit.org/show_bug.cgi?id=147307
2057 * runtime/ObjectConstructor.cpp:
2058 (JSC::ownPropertyKeys):
2060 2015-07-25 Yusuke Suzuki <utatane.tea@gmail.com>
2062 [ES6] Implement Reflect.ownKeys
2063 https://bugs.webkit.org/show_bug.cgi?id=147307
2065 Reviewed by Sam Weinig.
2067 This patch implements Reflect.ownKeys.
2068 In this patch, we refactor the existing code to list up own keys in the object.
2069 Such code is used by Object.getOwnPropertyNames, Object.getOwnPropertyKeys, Object.keys and @ownEnumerableKeys.
2070 We factor out the listing up own keys as ownPropertyKeys function and also use it in Reflect.ownKeys.
2072 * runtime/ObjectConstructor.cpp:
2073 (JSC::objectConstructorGetOwnPropertyNames):
2074 (JSC::objectConstructorGetOwnPropertySymbols):
2075 (JSC::objectConstructorKeys):
2076 (JSC::ownEnumerablePropertyKeys):
2077 (JSC::ownPropertyKeys):
2078 * runtime/ObjectConstructor.h:
2079 * runtime/ReflectObject.cpp:
2080 (JSC::reflectObjectOwnKeys):
2081 * tests/stress/reflect-own-keys.js: Added.
2086 2015-07-26 Yusuke Suzuki <utatane.tea@gmail.com>
2088 [ES6] Implement Reflect.apply
2089 https://bugs.webkit.org/show_bug.cgi?id=147306
2091 Reviewed by Sam Weinig.
2093 Implement Reflect.apply.
2094 The large part of this can be implemented by the @apply builtin annotation.
2095 The only thing which is different from the Funciton.prototype.apply is the third parameter,
2096 "argumentsList" is needed to be an object.
2098 * builtins/ReflectObject.js:
2101 * runtime/ReflectObject.cpp:
2102 * tests/stress/reflect-apply.js: Added.
2107 (get var.array.get length):
2108 (get var.array.get 0):
2110 * tests/stress/reflect-delete-property.js:
2112 2015-07-25 Yusuke Suzuki <utatane.tea@gmail.com>
2114 [ES6] Add Reflect namespace and add Reflect.deleteProperty
2115 https://bugs.webkit.org/show_bug.cgi?id=147287
2117 Reviewed by Sam Weinig.
2119 This patch just creates the namespace for ES6 Reflect APIs.
2120 And add template files to implement the actual code.
2122 Not to keep the JS generated properties C array empty,
2123 we added one small method, Reflect.deleteProperty in this patch.
2126 * DerivedSources.make:
2127 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2128 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2129 * JavaScriptCore.xcodeproj/project.pbxproj:
2130 * builtins/ReflectObject.js: Added.
2132 * runtime/CommonIdentifiers.h:
2133 * runtime/JSGlobalObject.cpp:
2134 (JSC::JSGlobalObject::init):
2135 * runtime/ReflectObject.cpp: Added.
2136 (JSC::ReflectObject::ReflectObject):
2137 (JSC::ReflectObject::finishCreation):
2138 (JSC::ReflectObject::getOwnPropertySlot):
2139 * runtime/ReflectObject.h: Added.
2140 (JSC::ReflectObject::create):
2141 (JSC::ReflectObject::createStructure):
2142 * tests/stress/reflect-delete-property.js: Added.
2146 2015-07-24 Yusuke Suzuki <utatane.tea@gmail.com>
2148 Avoid 2 times name iteration in Object.assign
2149 https://bugs.webkit.org/show_bug.cgi?id=147268
2151 Reviewed by Geoffrey Garen.
2153 Object.assign calls Object.getOwnPropertyNames & Object.getOwnPropertySymbols to collect all the names.
2154 But exposing the private API that collects both at the same time makes the API efficient when the given Object has so many non-indexed properties.
2155 Since Object.assign is so generic API (some form of utility API), the form of the given Object is not expected.
2156 So the taken object may have so many non-indexed properties.
2158 In this patch, we introduce `ownEnumerablePropertyKeys` private function.
2159 It is minor changed version of `[[OwnPropertyKeys]]` in the ES6 spec;
2160 It only includes enumerable properties.
2162 By filtering out the non-enumerable properties in the exposed private function,
2163 we avoid calling @objectGetOwnPropertyDescriptor for each property at the same time.
2165 * builtins/ObjectConstructor.js:
2167 * runtime/CommonIdentifiers.h:
2168 * runtime/EnumerationMode.h:
2169 * runtime/JSGlobalObject.cpp:
2170 (JSC::JSGlobalObject::init):
2171 * runtime/ObjectConstructor.cpp:
2172 (JSC::ownEnumerablePropertyKeys):
2173 * runtime/ObjectConstructor.h:
2174 * tests/stress/object-assign-enumerable.js: Added.
2176 * tests/stress/object-assign-order.js: Added.
2179 2015-07-24 Yusuke Suzuki <utatane.tea@gmail.com>
2181 Remove runtime flags for symbols
2182 https://bugs.webkit.org/show_bug.cgi?id=147246
2184 Reviewed by Alex Christensen.
2186 * runtime/ArrayPrototype.cpp:
2187 (JSC::ArrayPrototype::finishCreation):
2188 * runtime/JSGlobalObject.cpp:
2189 (JSC::JSGlobalObject::init): Deleted.
2190 * runtime/JSGlobalObject.h:
2191 * runtime/ObjectConstructor.cpp:
2192 (JSC::ObjectConstructor::finishCreation):
2193 * runtime/RuntimeFlags.h:
2195 2015-07-24 Yusuke Suzuki <utatane.tea@gmail.com>
2197 Object.getOwnPropertySymbols on large list takes very long
2198 https://bugs.webkit.org/show_bug.cgi?id=146137
2200 Reviewed by Mark Lam.
2202 Before this patch, Object.getOwnPropertySymbols collects all the names including strings.
2203 And after it's done, filter the names to only retrieve the symbols.
2204 But it's so time consuming if the given object is a large non-holed array since it has
2205 many indexed properties and all the indexes have to be converted to uniqued_strings and
2206 added to the collection of property names (though they may not be of the requested type
2207 and will be filtered out later)
2209 This patch introduces PropertyNameMode.
2210 We leverage this mode in 2 places.
2212 1. PropertyNameArray side
2213 It is set in PropertyNameArray and it filters the incoming added identifiers based on the mode.
2214 It ensures that PropertyNameArray doesn't become so large in the pathological case.
2215 And it ensures that non-expected typed keys by the filter (Symbols or Strings) are never added
2216 to the property name array collections.
2217 However it does not solve the whole problem because the huge array still incurs the many
2218 "indexed property to uniqued string" conversion and the large iteration before adding the keys
2219 to the property name array.
2221 2. getOwnPropertyNames side
2222 So we can use the PropertyNameMode in the caller side (getOwnPropertyNames) as a **hint**.
2223 When the large iteration may occur, the caller side can use the PropertyNameMode as a hint to
2224 avoid the iteration.
2225 But we cannot exclusively rely on these caller side checks because it would require that we
2226 exhaustively add the checks to all custom implementations of getOwnPropertyNames as well.
2227 This process requires manual inspection of many pieces of code, and is error prone. Instead,
2228 we only apply the caller side check in a few strategic places where it is known to yield
2229 performance benefits; and we rely on the filter in PropertyNameArray::add() to reject the wrong
2230 types of properties for all other calls to PropertyNameArray::add().
2232 In this patch, there's a concept in use that is not clear just from reading the code, and hence
2233 should be documented here. When selecting the PropertyNameMode for the PropertyNameArray to be
2234 instantiated, we apply the following logic:
2236 1. Only JavaScriptCore code is aware of ES6 Symbols.
2237 We can assume that pre-existing external code that interfaces JSC are only looking for string named properties. This includes:
2239 b. Serializer bindings
2241 d. Objective C bindings
2242 2. In JSC, code that compute object storage space needs to iterate both Symbol and String named properties. Hence, use PropertyNameMode::Both.
2243 3. In JSC, ES6 APIs that work with Symbols should use PropertyNameMode::Symbols.
2244 4. In JSC, ES6 APIs that work with String named properties should use PropertyNameMode::Strings.
2246 * API/JSObjectRef.cpp:
2247 (JSObjectCopyPropertyNames):
2248 * bindings/ScriptValue.cpp:
2249 (Deprecated::jsToInspectorValue):
2250 * bytecode/ObjectAllocationProfile.h:
2251 (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
2252 * runtime/EnumerationMode.h:
2253 (JSC::EnumerationMode::EnumerationMode):
2254 (JSC::EnumerationMode::includeSymbolProperties): Deleted.
2255 * runtime/GenericArgumentsInlines.h:
2256 (JSC::GenericArguments<Type>::getOwnPropertyNames):
2257 * runtime/JSGenericTypedArrayViewInlines.h:
2258 (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertyNames):
2259 * runtime/JSLexicalEnvironment.cpp:
2260 (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
2261 * runtime/JSONObject.cpp:
2262 (JSC::Stringifier::Stringifier):
2263 (JSC::Stringifier::Holder::appendNextProperty):
2264 (JSC::Walker::walk):
2265 * runtime/JSObject.cpp:
2266 (JSC::JSObject::getOwnPropertyNames):
2267 * runtime/JSPropertyNameEnumerator.cpp:
2268 (JSC::JSPropertyNameEnumerator::create):
2269 * runtime/JSPropertyNameEnumerator.h:
2270 (JSC::propertyNameEnumerator):
2271 * runtime/JSSymbolTableObject.cpp:
2272 (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
2273 * runtime/ObjectConstructor.cpp:
2274 (JSC::objectConstructorGetOwnPropertyNames):
2275 (JSC::objectConstructorGetOwnPropertySymbols):
2276 (JSC::objectConstructorKeys):
2277 (JSC::defineProperties):
2278 (JSC::objectConstructorSeal):
2279 (JSC::objectConstructorFreeze):
2280 (JSC::objectConstructorIsSealed):
2281 (JSC::objectConstructorIsFrozen):
2282 * runtime/PropertyNameArray.h:
2283 (JSC::PropertyNameArray::PropertyNameArray):
2284 (JSC::PropertyNameArray::mode):
2285 (JSC::PropertyNameArray::addKnownUnique):
2286 (JSC::PropertyNameArray::add):
2287 (JSC::PropertyNameArray::isUidMatchedToTypeMode):
2288 (JSC::PropertyNameArray::includeSymbolProperties):
2289 (JSC::PropertyNameArray::includeStringProperties):
2290 * runtime/StringObject.cpp:
2291 (JSC::StringObject::getOwnPropertyNames):
2292 * runtime/Structure.cpp:
2293 (JSC::Structure::getPropertyNamesFromStructure):
2295 2015-07-24 Saam barati <saambarati1@gmail.com>
2297 [ES6] Add support for default parameters
2298 https://bugs.webkit.org/show_bug.cgi?id=38409
2300 Reviewed by Filip Pizlo.
2302 This patch implements ES6 default parameters according to the ES6
2303 specification. This patch builds off the components introduced with
2304 "let" scoping and parsing function parameters in the same parser
2305 arena as the function itself. "let" scoping allows functions with default
2306 parameter values to place their parameters under the TDZ. Parsing function
2307 parameters in the same parser arena allows the FunctionParameters AST node
2308 refer to ExpressionNodes.
2310 The most subtle part of this patch is how we allocate lexical environments
2311 when functions have default parameter values. If a function has default
2312 parameter values then there must be a separate lexical environment for
2313 its parameters. Then, the function's "var" lexical environment must have
2314 the parameter lexical environment as its parent. The BytecodeGenerator
2315 takes great care to not allocate the "var" lexical environment before its
2318 The "arguments" object for a function with default parameters will never be
2319 a mapped arugments object. It will always be a cloned arugments object.
2321 * bytecompiler/BytecodeGenerator.cpp:
2322 (JSC::BytecodeGenerator::generate):
2323 (JSC::BytecodeGenerator::BytecodeGenerator):
2324 (JSC::BytecodeGenerator::~BytecodeGenerator):
2325 (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2326 (JSC::BytecodeGenerator::initializeNextParameter):
2327 (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
2328 (JSC::BytecodeGenerator::visibleNameForParameter):
2329 (JSC::BytecodeGenerator::emitLoadGlobalObject):
2330 (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2331 (JSC::BytecodeGenerator::pushLexicalScope):
2332 (JSC::BytecodeGenerator::popLexicalScope):
2333 * bytecompiler/BytecodeGenerator.h:
2334 (JSC::BytecodeGenerator::lastOpcodeID):
2335 * bytecompiler/NodesCodegen.cpp:
2336 (JSC::FunctionNode::emitBytecode):
2337 * jit/JITOperations.cpp:
2338 * parser/ASTBuilder.h:
2339 (JSC::ASTBuilder::createElementList):
2340 (JSC::ASTBuilder::createFormalParameterList):
2341 (JSC::ASTBuilder::appendParameter):
2342 (JSC::ASTBuilder::createClause):
2343 (JSC::ASTBuilder::createClauseList):
2345 (JSC::FunctionParameters::size):
2346 (JSC::FunctionParameters::at):
2347 (JSC::FunctionParameters::hasDefaultParameterValues):
2348 (JSC::FunctionParameters::append):
2349 * parser/Parser.cpp:
2350 (JSC::Parser<LexerType>::parseVariableDeclarationList):
2351 (JSC::Parser<LexerType>::createBindingPattern):
2352 (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2353 (JSC::Parser<LexerType>::parseDestructuringPattern):
2354 (JSC::Parser<LexerType>::parseFormalParameters):
2355 (JSC::Parser<LexerType>::parseFunctionParameters):
2357 (JSC::Scope::declareParameter):
2358 * parser/SyntaxChecker.h:
2359 (JSC::SyntaxChecker::createElementList):
2360 (JSC::SyntaxChecker::createFormalParameterList):
2361 (JSC::SyntaxChecker::appendParameter):
2362 (JSC::SyntaxChecker::createClause):
2363 (JSC::SyntaxChecker::createClauseList):
2364 * tests/stress/es6-default-parameters.js: Added.
2367 (shouldThrowSyntaxError):
2370 (basicFunctionCaptureInDefault.basicFunctionCaptureInDefault.basicCaptured):
2371 (basicCaptured.basicCaptured.tricky):
2375 (augmentsArguments1):
2376 (augmentsArguments2):
2377 (augmentsArguments3):
2378 (augmentsArguments4):
2379 (augmentsArguments5):
2381 2015-07-24 Xabier Rodriguez Calvar <calvaris@igalia.com>
2383 Remove JS Promise constructor unused piece of code
2384 https://bugs.webkit.org/show_bug.cgi?id=147262
2386 Reviewed by Geoffrey Garen.
2388 * runtime/JSPromiseConstructor.cpp:
2389 (JSC::constructPromise): Deleted.
2390 * runtime/JSPromiseConstructor.h: Removed JSC::constructPromise.
2392 2015-07-24 Mark Lam <mark.lam@apple.com>
2394 Add WASM files to vcxproj files.
2395 https://bugs.webkit.org/show_bug.cgi?id=147264
2397 Reviewed by Geoffrey Garen.
2399 This is a follow up to http://trac.webkit.org/changeset/187254 where WASM files
2400 were introduced but were not able to be added to the vcxproj files yet.
2402 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2403 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2405 2015-07-23 Filip Pizlo <fpizlo@apple.com>
2407 DFG::safeToExecute() is wrong for MultiGetByOffset, doesn't consider the structures of the prototypes that get loaded from
2408 https://bugs.webkit.org/show_bug.cgi?id=147250
2410 Reviewed by Geoffrey Garen.
2412 This fixes a nasty - but currently benign - bug in DFG::safeToExecute(). That function
2413 will tell you if hoisting a node to some point is safe in the sense that the node will
2414 not crash the VM if it executes at that point. A node may be unsafe to execute if we
2415 cannot prove that at that point, the memory it is loading is not garbage. This is a
2416 necessarily loose notion - for example it's OK to hoist a load if we haven't proved
2417 that the load makes semantic sense at that point, since anyway the place where the node
2418 did get used will still be guarded by any such semantic checks. But because we may also
2419 hoist uses of the load, we need to make sure that it doesn't produce a garbage value.
2420 Also, we need to ensure that the load won't trap. Hence safeToExecute() returns true
2421 anytime we can be sure that a node will not produce a garbage result (i.e. a malformed
2422 JSValue or object pointer) and will not trap when executed at the point in question.
2424 The bug is that this verification isn't performed for the loads from prototypes inside
2425 MultiGetByOffset. DFG::ByteCodeParser will guard MultiGetByOffset with CheckStructure's
2426 on the prototypes. So, hypothetically, you might end up hoisting a MultiGetByOffset
2427 above those structure checks, which would mean that we might load a value from a memory
2428 location without knowing that the location is valid. It might then return the value
2431 This never happens in practice. Those structure checks are more hoistable that the
2432 MultiGetByOffset, since they read a strict subset of the MultiGetByOffset's abstract
2433 heap reads. Also, we hoist in program order. So, those CheckStructure's will always be
2434 hoisted before the MultiGetByOffset gets hoisted.
2436 But we should fix this anyway. DFG::safeToExecute() has a clear definition of what a
2437 "true" return means for IR transformations, and it fails in satisfying that definition
2438 for MultiGetByOffset.
2440 There are various approaches we can use for making this safe. I considered two:
2442 1) Have MultiGetByOffset refer to the prototypes it is loading from in IR, so that we
2443 can check if it's safe to load from them.
2445 2) Turn off MultiGetByOffset hoisting when it will emit loads from prototypes, and the
2446 prototype structure isn't being watched.
2448 I ended up using (2), because it will be the most natural solution once I finish
2449 https://bugs.webkit.org/show_bug.cgi?id=146929. Already now, it's somewhat more natural
2450 than (1) since that requires more extensive IR changes. Also, (2) will give us what we
2451 want in *most* cases: we will usually watch the prototype structure, and we will
2452 usually constant-fold loads from prototypes. Both of these usually-true things would
2453 have to become false for MultiGetByOffset hoisting to be disabled by this change.
2455 This change also adds my attempt at a test, though it's not really a test of this bug.
2456 This bug is currently benign. But, the test does at least trigger the logic to run,
2457 which is better than nothing.
2459 * dfg/DFGSafeToExecute.h:
2460 (JSC::DFG::safeToExecute):
2461 * tests/stress/multi-get-by-offset-hoist-around-structure-check.js: Added.
2464 2015-07-23 Sukolsak Sakshuwong <sukolsak@gmail.com>
2466 Implement WebAssembly modules
2467 https://bugs.webkit.org/show_bug.cgi?id=147222
2469 Reviewed by Filip Pizlo.
2471 Make JSWASMModule inherit from JSDestructibleObject so that the destructor is called.
2473 * wasm/JSWASMModule.h:
2475 2015-07-23 Alex Christensen <achristensen@webkit.org>
2477 Remove compile and runtime flags for promises.
2478 https://bugs.webkit.org/show_bug.cgi?id=147244
2480 Reviewed by Yusuke Suzuki.
2482 * API/JSCallbackObjectFunctions.h:
2483 (JSC::JSCallbackObject<Parent>::JSCallbackObject):
2484 * API/JSContextRef.cpp:
2485 (JSGlobalContextCreateInGroup):
2486 * Configurations/FeatureDefines.xcconfig:
2487 * inspector/JSInjectedScriptHost.cpp:
2488 (Inspector::JSInjectedScriptHost::getInternalProperties):
2489 * runtime/JSGlobalObject.cpp:
2490 (JSC::JSGlobalObject::init):
2491 (JSC::JSGlobalObject::visitChildren):
2492 * runtime/JSGlobalObject.h:
2493 (JSC::JSGlobalObject::create):
2494 (JSC::JSGlobalObject::syntaxErrorConstructor):
2495 (JSC::JSGlobalObject::typeErrorConstructor):
2496 (JSC::JSGlobalObject::URIErrorConstructor):
2497 (JSC::JSGlobalObject::promiseConstructor):
2498 (JSC::JSGlobalObject::nullGetterFunction):
2499 (JSC::JSGlobalObject::nullSetterFunction):
2500 (JSC::JSGlobalObject::applyFunction):
2501 (JSC::JSGlobalObject::definePropertyFunction):
2502 (JSC::JSGlobalObject::arrayProtoValuesFunction):
2503 (JSC::JSGlobalObject::initializePromiseFunction):
2504 (JSC::JSGlobalObject::newPromiseDeferredFunction):
2505 (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
2506 (JSC::JSGlobalObject::regExpPrototype):
2507 (JSC::JSGlobalObject::errorPrototype):
2508 (JSC::JSGlobalObject::iteratorPrototype):
2509 (JSC::JSGlobalObject::promisePrototype):
2510 (JSC::JSGlobalObject::debuggerScopeStructure):
2511 (JSC::JSGlobalObject::withScopeStructure):
2512 (JSC::JSGlobalObject::iteratorResultStructure):
2513 (JSC::JSGlobalObject::iteratorResultStructureOffset):
2514 (JSC::JSGlobalObject::regExpMatchesArrayStructure):
2515 (JSC::JSGlobalObject::promiseStructure):
2516 * runtime/JSPromise.cpp:
2517 (JSC::JSPromise::result):
2518 * runtime/JSPromise.h:
2519 * runtime/JSPromiseConstructor.cpp:
2520 (JSC::constructPromise):
2521 * runtime/JSPromiseConstructor.h:
2522 * runtime/JSPromiseDeferred.cpp:
2523 (JSC::JSPromiseDeferred::visitChildren):
2524 * runtime/JSPromiseDeferred.h:
2525 * runtime/JSPromisePrototype.cpp:
2526 (JSC::JSPromisePrototype::getOwnPropertySlot):
2527 * runtime/JSPromisePrototype.h:
2528 * runtime/RuntimeFlags.h:
2533 2015-07-23 Sukolsak Sakshuwong <sukolsak@gmail.com>
2535 Implement WebAssembly modules
2536 https://bugs.webkit.org/show_bug.cgi?id=147222
2538 Reviewed by Mark Lam.
2540 Introducing the boilerplate data structure for the WebAssembly module.
2541 WebAssembly functionality will be added in a subsequent patch.
2544 * JavaScriptCore.xcodeproj/project.pbxproj:
2545 * wasm/JSWASMModule.cpp: Added.
2546 (JSC::JSWASMModule::visitChildren):
2547 * wasm/JSWASMModule.h: Added.
2548 (JSC::JSWASMModule::create):
2549 (JSC::JSWASMModule::createStructure):
2550 (JSC::JSWASMModule::JSWASMModule):
2552 2015-07-23 Devin Rousso <drousso@apple.com>
2554 Web Inspector: Add a function to CSSCompletions to get a list of supported system fonts
2555 https://bugs.webkit.org/show_bug.cgi?id=147009
2557 Reviewed by Joseph Pecoraro.
2559 * inspector/protocol/CSS.json: Added getSupportedSystemFontFamilyNames function.
2561 2015-07-22 Sukolsak Sakshuwong <sukolsak@gmail.com>
2563 Add ENABLE_WEBASSEMBLY feature flag for WebAssembly
2564 https://bugs.webkit.org/show_bug.cgi?id=147212
2566 Reviewed by Filip Pizlo.
2568 * Configurations/FeatureDefines.xcconfig:
2570 2015-07-22 Filip Pizlo <fpizlo@apple.com>
2572 Simplify DFG::DesiredIdentifiers and make it possible to turn a UniquedStringImpl* into an identifierNumber at any time
2573 https://bugs.webkit.org/show_bug.cgi?id=147218
2575 Reviewed by Sam Weinig.
2577 I want to be able to take a UniquedStringImpl* and turn it into an identifierNumber at
2578 various points in my work on https://bugs.webkit.org/show_bug.cgi?id=146929. Currently,
2579 most Nodes that deal with identifiers use identifierNumbers and you can only create an
2580 identifierNumber in BytecodeGenerator. DFG::ByteCodeParser does sort of have the
2581 ability to create new identifierNumbers when inlining - it takes the inlined code's
2582 identifiers and either gives them new numbers or reuses numbers from the enclosing
2585 This patch takes that basic functionality and puts it in
2586 DFG::DesiredIdentifiers::ensure(). Anyone can call this at any time to turn a
2587 UniquedStringImpl* into an identifierNumber. This data structure is already used by
2588 Plan to properly install any newly created identifier table entries into the CodeBlock.
2590 * dfg/DFGByteCodeParser.cpp:
2591 (JSC::DFG::ByteCodeParser::ByteCodeParser):
2592 (JSC::DFG::ByteCodeParser::noticeArgumentsUse):
2593 (JSC::DFG::ByteCodeParser::linkBlocks):
2594 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2595 (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): Deleted.
2596 * dfg/DFGDesiredIdentifiers.cpp:
2597 (JSC::DFG::DesiredIdentifiers::DesiredIdentifiers):
2598 (JSC::DFG::DesiredIdentifiers::numberOfIdentifiers):
2599 (JSC::DFG::DesiredIdentifiers::ensure):
2600 (JSC::DFG::DesiredIdentifiers::at):
2601 (JSC::DFG::DesiredIdentifiers::addLazily): Deleted.
2602 * dfg/DFGDesiredIdentifiers.h:
2604 2015-07-22 Filip Pizlo <fpizlo@apple.com>
2606 Simplify things like CompareEq(@x,@x)
2607 https://bugs.webkit.org/show_bug.cgi?id=145850
2609 Reviewed by Sam Weinig.
2611 This simplifies x==x to true, except in cases where x might be a double (in which case this
2612 might still be false if x is NaN).
2614 * dfg/DFGAbstractInterpreterInlines.h:
2615 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2616 * tests/stress/nan-equal-untyped.js: Added.
2619 * tests/stress/nan-equal.js: Added.
2622 2015-07-22 Joseph Pecoraro <pecoraro@apple.com>
2624 Web Inspector: Timeline should immediately start moving play head when starting a new recording
2625 https://bugs.webkit.org/show_bug.cgi?id=147210
2627 Reviewed by Timothy Hatcher.
2629 * inspector/protocol/Timeline.json:
2630 Add timestamps to recordingStarted and recordingStopped events.
2632 2015-07-22 Yusuke Suzuki <utatane.tea@gmail.com>
2634 Introducing construct ability into JS executables
2635 https://bugs.webkit.org/show_bug.cgi?id=147183
2637 Reviewed by Geoffrey Garen.
2639 Decouple the construct ability from the builtin functions.
2640 Currently, all builtin functions are not constructors after r182995.
2641 In that patch, when the given function is builtin JS function, we recognize it as the non-constructor function.
2643 But, we need to relax it to implement some constructors in builtins JS.
2644 By decoupling the construct ability from whether the function is builtin or not, we can provide
2646 1. constructors written in builtin JS
2647 2. non-constructors in normal JS functions
2649 (1) is needed for Promise constructor.
2650 And (2) is needed for method functions and arrow functions.
2652 This patch introduces ConstructAbility into the unlinked function executables.
2653 It holds whether the given JS function has the construct ability or not.
2654 By leveraging this, this patch disables the construct ability of the method definitions, setters, getters and arrow functions.
2656 And at the same time, this patch introduces the annotation for constructor in builtin JS.
2657 We can define the function as follows,
2659 constructor Promise(executor)
2664 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2665 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2666 * JavaScriptCore.xcodeproj/project.pbxproj:
2667 * builtins/BuiltinExecutables.cpp:
2668 (JSC::BuiltinExecutables::createDefaultConstructor):
2669 (JSC::BuiltinExecutables::createExecutableInternal):
2670 * builtins/BuiltinExecutables.h:
2671 * builtins/Iterator.prototype.js:
2673 (SymbolIterator): Deleted.
2674 * bytecode/UnlinkedCodeBlock.cpp:
2675 (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2676 * bytecode/UnlinkedCodeBlock.h:
2677 * bytecompiler/BytecodeGenerator.h:
2678 (JSC::BytecodeGenerator::makeFunction):
2679 * generate-js-builtins:
2682 (Function.__init__):
2683 (Function.mangleName):
2685 (mangleName): Deleted.
2686 * jit/JITOperations.cpp:
2687 * llint/LLIntSlowPaths.cpp:
2688 (JSC::LLInt::setUpCall):
2689 * parser/Parser.cpp:
2690 (JSC::Parser<LexerType>::parseClass):
2691 * runtime/CodeCache.cpp:
2692 (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2693 * runtime/CommonIdentifiers.h:
2694 * runtime/ConstructAbility.h: Copied from Source/JavaScriptCore/builtins/Iterator.prototype.js.
2695 * runtime/Executable.h:
2696 * runtime/JSFunction.cpp:
2697 (JSC::JSFunction::getConstructData):
2698 * runtime/JSGlobalObject.cpp:
2699 (JSC::JSGlobalObject::init):
2700 * tests/stress/non-constructors.js: Added.
2702 (.prototype.method):
2703 (.prototype.get getter):
2704 (.prototype.set setter):
2708 (set var.test.get getter):
2709 (set var.test.set setter):
2710 (set var.test.normal):
2714 2015-07-22 Csaba Osztrogonác <ossy@webkit.org>
2716 [JSC] Enable exception fuzzing for GCC too
2717 https://bugs.webkit.org/show_bug.cgi?id=146831
2719 Reviewed by Darin Adler.
2721 * jit/JITOperations.cpp:
2723 2015-07-22 Filip Pizlo <fpizlo@apple.com>
2725 Fixed pool allocation should always be aligned
2726 https://bugs.webkit.org/show_bug.cgi?id=147201
2728 Reviewed by Simon Fraser.
2730 Passing an unaligned size to the allocator can cause asserts or even worse things. The
2731 Options reservation value isn't going to be aligned.
2733 * jit/ExecutableAllocatorFixedVMPool.cpp:
2734 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
2736 2015-07-22 Csaba Osztrogonác <ossy@webkit.org>
2738 Enable STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE for GCC
2739 https://bugs.webkit.org/show_bug.cgi?id=146829
2741 Reviewed by Brent Fulgham.
2743 * heap/GCAssertions.h:
2745 2015-07-22 Alex Christensen <achristensen@webkit.org>
2747 Fix quirks in CMake build on Mac and Windows
2748 https://bugs.webkit.org/show_bug.cgi?id=147174
2750 Reviewed by Gyuyoung Kim.
2752 * PlatformMac.cmake:
2753 Add JSRemoteInspector.cpp and remove semicolon from command to make it actually run.
2755 2015-07-21 Yusuke Suzuki <utatane.tea@gmail.com>
2757 Add newTarget accessor to JS constructor written in C++
2758 https://bugs.webkit.org/show_bug.cgi?id=147160
2760 Reviewed by Geoffrey Garen.
2762 This patch adds `ExecState#newTarget()` which returns `new.target` defined in ECMA262 6th.
2763 It enables some C++ constructors (like Intl.XXX constructors) to leverage this to complete
2766 When the constructor is called, |this| in the arguments is used for storing new.target instead.
2767 So by adding the accessor for |this|, JS constructor written in C++ can access new.target.
2769 And at the same time, this patch extends the existing `construct` to accept new.target value.
2770 It is corresponding to the spec's Construct abstract operation.
2772 * interpreter/CallFrame.h:
2773 (JSC::ExecState::newTarget):
2774 * interpreter/Interpreter.cpp:
2775 (JSC::Interpreter::executeConstruct):
2776 * interpreter/Interpreter.h:
2777 * runtime/ConstructData.cpp:
2779 * runtime/ConstructData.h:
2782 2015-07-21 Filip Pizlo <fpizlo@apple.com>
2784 Unreviewed, fix a lot of tests. Need to initialize WTF threading sooner.
2789 2015-07-21 Filip Pizlo <fpizlo@apple.com>
2791 Fixed VM pool allocation should have a reserve for allocations that cannot fail
2792 https://bugs.webkit.org/show_bug.cgi?id=147154
2793 rdar://problem/21847618
2795 Reviewed by Geoffrey Garen.
2797 This adds the notion of a JIT pool reserve fraction. Some fraction, currently 1/4, of
2798 the JIT pool is reserved for allocations that cannot fail. It makes sense to make this
2799 a fraction rather than a constant because each allocation that can fail may cause some
2800 number of allocations that cannot fail (for example, the OSR exit thunks that we
2801 compile when we exit from some CodeBlock cannot fail).
2803 I've tested this by adding a test mode where we artificially limit the JIT pool size.
2804 Prior to the fix, we had >20 failures. Now we have none.
2806 * heap/GCLogging.cpp:
2807 (WTF::printInternal): I needed a dump method on Options members when debugging this.
2809 * jit/ExecutableAllocator.h: Raise the ARM64 limit to 32MB because 16MB is cutting it too close.
2810 * jit/ExecutableAllocatorFixedVMPool.cpp:
2811 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Add the ability to artificially limit JIT pool size for testing.
2812 (JSC::ExecutableAllocator::memoryPressureMultiplier): Implement the reserve when computing memory pressure for JIT tier-up heuristics.
2813 (JSC::ExecutableAllocator::allocate): Implement the reserve when allocating can-fail things.
2814 * jsc.cpp: Rewire some options parsing so that CommandLine happens before we create the JIT pool.
2816 (CommandLine::parseArguments):
2818 * runtime/Options.cpp:
2819 (JSC::OptionRange::dump): I needed a dump method on Options members when debugging this.
2820 (JSC::Options::initialize): This can now be called more than once.
2821 * runtime/Options.h:
2823 2015-07-21 Saam barati <saambarati1@gmail.com>
2825 ObjectPatternNode's entry should use "const Identifier&" instead of "Identifier"
2826 https://bugs.webkit.org/show_bug.cgi?id=147156
2828 Reviewed by Andreas Kling.
2832 2015-07-21 Basile Clement <basile_clement@apple.com>
2834 Object allocation sinking phase is performing needless HashMap copies
2835 https://bugs.webkit.org/show_bug.cgi?id=147159
2837 Reviewed by Geoffrey Garen.
2839 The points-to analyzer in the object allocation sinking phase is
2840 currently performing copies of its allocation and pointers tables in
2841 several places. While this is not a huge problem since those tables are
2842 usually small and we are in the FTL path anyway, we still shouldn't be
2843 doing such useless copying.
2845 This patch also removes the DFGInsertOSRHintsForUpdate files that are
2846 no longer needed with the new object sinking phase and should have been
2850 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2851 * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2852 * JavaScriptCore.xcodeproj/project.pbxproj:
2853 * dfg/DFGInsertOSRHintsForUpdate.cpp: Removed.
2854 (JSC::DFG::insertOSRHintsForUpdate): Deleted.
2855 * dfg/DFGInsertOSRHintsForUpdate.h: Removed.
2856 * dfg/DFGObjectAllocationSinkingPhase.cpp:
2858 2015-07-21 Saam barati <saambarati1@gmail.com>
2860 DestructuringPatternNode and DestructuringAssignmentNode should be ParserArenaFreeable
2861 https://bugs.webkit.org/show_bug.cgi?id=147140
2863 Reviewed by Geoffrey Garen.
2865 The descendants of DestructuringPatternNode that need destruction also
2866 inherit from ParserArenaDeletable.
2869 (JSC::DestructuringPatternNode::~DestructuringPatternNode):
2870 (JSC::ObjectPatternNode::appendEntry):
2871 (JSC::DestructuringAssignmentNode::bindings):
2873 2015-07-21 Keith Miller <keith_miller@apple.com>
2875 Add support for the new.target syntax.
2876 https://bugs.webkit.org/show_bug.cgi?id=147051
2878 Reviewed by Yusuke Suzuki.
2880 Add support for new.target. Essentially the implementation is, before constructor calls,
2881 the target of a "new" is placed where "this" noramlly goes in the calling convention.
2882 Then in the constructor before object is initialized we move the target of the "new"
2883 into a local variable.
2885 * bytecompiler/BytecodeGenerator.cpp:
2886 (JSC::BytecodeGenerator::BytecodeGenerator):
2887 * bytecompiler/NodesCodegen.cpp:
2888 (JSC::NewTargetNode::emitBytecode):
2889 * parser/ASTBuilder.h:
2890 (JSC::ASTBuilder::newTargetExpr):
2891 * parser/NodeConstructors.h:
2892 (JSC::NewTargetNode::NewTargetNode):
2894 * parser/Parser.cpp:
2895 (JSC::Parser<LexerType>::parseMemberExpression):
2896 * parser/SyntaxChecker.h:
2897 (JSC::SyntaxChecker::newTargetExpr):
2898 * runtime/CommonIdentifiers.h:
2899 * tests/stress/new-target.js: Added.
2902 (Constructor.subCall):
2903 (Constructor.SubConstructor):
2910 2015-07-20 Saam barati <saambarati1@gmail.com>
2912 "let" scoping introduced incoherent story about symbol table cloning
2913 https://bugs.webkit.org/show_bug.cgi?id=147046
2915 Reviewed by Filip Pizlo.
2917 This patch now establishes a clear set of rules for how SymbolTables
2918 are owned by CodeBlock. Every SymbolTable that is used by a bytecode
2919 instruction must live in CodeBlock's constant register pool. When CodeBlock
2920 is being linked, it ensures that every SymbolTable in the constant pool is cloned.
2921 This leaves no room for an un-cloned symbol table to be used by a bytecode instruction.
2922 Some instructions may refer to SymbolTable's indirectly through a JSLexicalEnvironment.
2923 This is fine, all JSLexicalEnvironment's are allocated with references to cloned symbol tables.
2925 Another goal of this patch is to remove the notion that a SymbolTable is 1 to 1
2926 with a CodeBlock. With lexical scoping, this view of the world is no longer
2927 correct. This patch begins to remove this assumption by making CodeBlock's
2928 symbolTable() getter method private. There is still one place where we need
2929 to purge our codebase of this assumption and that is the type profiler. It
2930 has not been updated for lexical scoping. After it is updated in
2931 https://bugs.webkit.org/show_bug.cgi?id=145438
2932 we will be able to remove CodeBlock's symbolTable() getter entirely.
2934 * bytecode/CodeBlock.cpp:
2935 (JSC::CodeBlock::CodeBlock):
2936 (JSC::CodeBlock::nameForRegister):
2937 * bytecode/CodeBlock.h:
2938 (JSC::CodeBlock::addStringSwitchJumpTable):
2939 (JSC::CodeBlock::stringSwitchJumpTable):
2940 (JSC::CodeBlock::evalCodeCache):
2941 (JSC::CodeBlock::symbolTable):
2942 * bytecode/UnlinkedCodeBlock.cpp:
2943 (JSC::UnlinkedFunctionExecutable::visitChildren):
2944 (JSC::UnlinkedFunctionExecutable::link):
2945 (JSC::UnlinkedFunctionExecutable::codeBlockFor):
2946 * bytecode/UnlinkedCodeBlock.h:
2947 (JSC::UnlinkedCodeBlock::addExceptionHandler):
2948 (JSC::UnlinkedCodeBlock::exceptionHandler):
2949 (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex):
2950 (JSC::UnlinkedCodeBlock::symbolTableConstantIndex):
2951 (JSC::UnlinkedCodeBlock::symbolTable): Deleted.
2952 (JSC::UnlinkedCodeBlock::setSymbolTable): Deleted.
2953 * bytecompiler/BytecodeGenerator.cpp:
2954 (JSC::BytecodeGenerator::generate):
2955 (JSC::BytecodeGenerator::BytecodeGenerator):
2956 (JSC::BytecodeGenerator::pushLexicalScope):
2957 (JSC::BytecodeGenerator::variableForLocalEntry):
2958 (JSC::BytecodeGenerator::createVariable):
2959 (JSC::BytecodeGenerator::resolveType):
2960 (JSC::BytecodeGenerator::emitResolveScope):
2961 * bytecompiler/BytecodeGenerator.h:
2962 (JSC::BytecodeGenerator::thisRegister):
2963 (JSC::BytecodeGenerator::instructions):
2964 (JSC::BytecodeGenerator::symbolTable): Deleted.
2966 (JSC::DFG::Graph::baselineCodeBlockFor):
2967 (JSC::DFG::Graph::isStrictModeFor):
2968 (JSC::DFG::Graph::symbolTableFor): Deleted.
2969 * jit/AssemblyHelpers.h:
2970 (JSC::AssemblyHelpers::baselineCodeBlock):
2971 (JSC::AssemblyHelpers::argumentsStart):
2972 (JSC::AssemblyHelpers::symbolTableFor): Deleted.
2973 * runtime/CommonSlowPaths.cpp:
2974 (JSC::SLOW_PATH_DECL):
2975 * runtime/Executable.cpp:
2976 (JSC::FunctionExecutable::visitChildren):
2977 (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation):
2978 (JSC::FunctionExecutable::symbolTable): Deleted.
2979 * runtime/Executable.h:
2981 2015-07-18 Filip Pizlo <fpizlo@apple.com>
2983 REGRESSION(186691): OSR entry is broken on loop headers that have no live variables
2984 https://bugs.webkit.org/show_bug.cgi?id=147074
2985 rdar://problem/21869970
2987 Reviewed by Michael Saboff.
2989 The OSR entry must-handle block/value widening introduced in r186691 would cause the
2990 CFA to reexecute if it caused any live local variables to change value. But this fails
2991 if the must-handle block has no live local variables, and the entry block otherwise
2992 appears to be unreachable.
2994 This fixes the bug by having the change detection include whether the block hadn't been
2995 visited in addition to whether any local variable values got widened.
2997 This is a ~4% speed-up on SunSpider in browser.
2999 * dfg/DFGCFAPhase.cpp:
3000 (JSC::DFG::CFAPhase::run):
3002 2015-07-20 Mark Lam <mark.lam@apple.com>
3004 Rollout r187020 and r187021: breaks JSC API tests on debug builds.
3005 https://bugs.webkit.org/show_bug.cgi?id=147110
3007 * heap/MachineStackMarker.cpp:
3008 (JSC::MachineThreads::addCurrentThread):
3009 * runtime/JSLock.cpp:
3010 (JSC::JSLockHolder::~JSLockHolder):
3011 (JSC::JSLock::JSLock):
3012 (JSC::JSLock::willDestroyVM):
3013 (JSC::JSLock::setExclusiveThread):
3014 (JSC::JSLock::lock):
3015 (JSC::JSLock::unlock):
3016 (JSC::JSLock::currentThreadIsHoldingLock):
3017 (JSC::JSLock::dropAllLocks):
3020 (JSC::JSLock::hasExclusiveThread):
3021 (JSC::JSLock::exclusiveThread):
3023 (JSC::VM::hasExclusiveThread):
3024 (JSC::VM::exclusiveThread):
3025 (JSC::VM::setExclusiveThread):
3027 2015-07-20 Per Arne Vollan <peavo@outlook.com>
3029 Unreviewed debug build fix after r187020.
3031 * heap/MachineStackMarker.cpp:
3032 (JSC::MachineThreads::addCurrentThread):
3033 VM::exclusiveThread() has changed return type to ThreadIdentifier.
3035 2015-07-20 Per Arne Vollan <peavo@outlook.com>
3037 JavaScriptCore performance is very bad on Windows
3038 https://bugs.webkit.org/show_bug.cgi?id=146448
3040 Reviewed by Mark Lam.
3042 Profiling shows that std::this_thread::get_id() is slow on Windows.
3043 Use WTF::currentThread() instead, which calls GetCurrentThreadId().
3044 This is faster on Windows. The issue has been reported to Microsoft,
3045 https://connect.microsoft.com/VisualStudio/feedback/details/1558211.
3047 * runtime/JSLock.cpp:
3048 (JSC::JSLockHolder::~JSLockHolder):
3049 (JSC::JSLock::JSLock):
3050 (JSC::JSLock::willDestroyVM):
3051 (JSC::JSLock::setExclusiveThread):
3052 (JSC::JSLock::lock):
3053 (JSC::JSLock::unlock):
3054 (JSC::JSLock::currentThreadIsHoldingLock):
3057 (JSC::JSLock::hasExclusiveThread):
3058 (JSC::JSLock::exclusiveThread):
3060 (JSC::VM::hasExclusiveThread):
3061 (JSC::VM::exclusiveThread):
3062 (JSC::VM::setExclusiveThread):
3064 2015-07-19 Yusuke Suzuki <utatane.tea@gmail.com>
3066 In strict mode, `Object.keys(arguments)` includes "length"
3067 https://bugs.webkit.org/show_bug.cgi?id=147071
3069 Reviewed by Darin Adler.
3071 ClonedAguments didn't set the "length" with DontEnum.
3073 * runtime/ClonedArguments.cpp:
3074 (JSC::ClonedArguments::createWithInlineFrame):
3075 (JSC::ClonedArguments::createByCopyingFrom):
3076 * tests/stress/arguments-length-always-dont-enum.js: Added.
3081 2015-07-19 Jordan Harband <ljharb@gmail.com>
3083 new Date(NaN).toJSON() must return null instead of throwing a TypeError
3084 https://bugs.webkit.org/show_bug.cgi?id=141115
3086 Reviewed by Yusuke Suzuki.
3088 * runtime/DatePrototype.cpp:
3089 (JSC::dateProtoFuncToJSON):
3091 2015-07-19 Saam barati <saambarati1@gmail.com>
3093 Parser::parseFunctionInfo hits RELEASE_ASSERT for Arrow Functions
3094 https://bugs.webkit.org/show_bug.cgi?id=147090
3096 Reviewed by Yusuke Suzuki.
3098 ArrowFunction's have there ParserFunctionInfo "name" field to
3099 be a non-null pointer. This is obviously allowed and valid except we
3100 had a RELEASE_ASSERT that claimed otherwise. This is a mistake.
3102 Note: ArrowFunction's will never actually have a function name;
3103 there ParserFunctionInfo "name" field will be the empty string.
3104 This is not be mistaken with the name field being a null pointer.
3106 * parser/Parser.cpp:
3107 (JSC::Parser<LexerType>::parseFunctionInfo):
3109 2015-07-18 Saam barati <saambarati1@gmail.com>
3111 [ES6] Add support for block scope const
3112 https://bugs.webkit.org/show_bug.cgi?id=31813
3114 Reviewed by Filip Pizlo.
3116 'const' is now implemented in an ES6 spec compliant manner.
3117 'const' variables are always block scoped and always live
3118 either on the stack or in a JSLexicalEnvironment. 'const'
3119 variables never live on the global object.
3121 Inside the BytecodeGenerator, when assigning to a stack
3122 'const' variable or a LocalClosureVar 'const' variable,
3123 we will emit code that just throws a type error.
3124 When assigning to a ClosureVar const variable, CodeBlock linking
3125 will ensure that we perform a dynamic lookup of that variable so
3126 that put_to_scope's slow path throws a type error.
3128 The old 'const' implementation has been removed in this patch.
3130 * bytecode/BytecodeList.json:
3131 * bytecode/BytecodeUseDef.h:
3132 (JSC::computeUsesForBytecodeOffset):
3133 (JSC::computeDefsForBytecodeOffset):
3134 * bytecode/CodeBlock.cpp:
3135 (JSC::CodeBlock::dumpBytecode):
3136 (JSC::CodeBlock::CodeBlock):
3137 * bytecompiler/BytecodeGenerator.cpp:
3138 (JSC::BytecodeGenerator::BytecodeGenerator):
3139 (JSC::BytecodeGenerator::pushLexicalScope):
3140 (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3141 (JSC::BytecodeGenerator::variable):
3142 (JSC::BytecodeGenerator::variableForLocalEntry):
3143 (JSC::BytecodeGenerator::createVariable):
3144 (JSC::BytecodeGenerator::emitResolveScope):
3145 (JSC::BytecodeGenerator::emitInstanceOf):
3146 (JSC::BytecodeGenerator::emitGetById):
3147 (JSC::BytecodeGenerator::isArgumentNumber):
3148 (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
3149 (JSC::BytecodeGenerator::emitEnumeration):
3150 (JSC::BytecodeGenerator::variablePerSymbolTable): Deleted.
3151 (JSC::BytecodeGenerator::emitInitGlobalConst): Deleted.
3152 * bytecompiler/BytecodeGenerator.h:
3153 (JSC::Variable::Variable):
3154 (JSC::Variable::isReadOnly):
3155 (JSC::Variable::isSpecial):
3156 (JSC::Variable::isConst):
3157 (JSC::BytecodeGenerator::thisRegister):
3158 (JSC::BytecodeGenerator::emitTypeOf):
3159 (JSC::BytecodeGenerator::emitIn):
3160 * bytecompiler/NodesCodegen.cpp:
3161 (JSC::PostfixNode::emitResolve):
3162 (JSC::PrefixNode::emitResolve):
3163 (JSC::ReadModifyResolveNode::emitBytecode):
3164 (JSC::AssignResolveNode::emitBytecode):
3165 (JSC::CommaNode::emitBytecode):
3166 (JSC::BindingNode::bindValue):
3167 (JSC::ConstDeclNode::emitCodeSingle): Deleted.
3168 (JSC::ConstDeclNode::emitBytecode): Deleted.
3169 (JSC::ConstStatementNode::emitBytecode): Deleted.
3170 * dfg/DFGByteCodeParser.cpp:
3171 (JSC::DFG::ByteCodeParser::parseBlock):
3172 * dfg/DFGCapabilities.cpp:
3173 (JSC::DFG::capabilityLevel):
3175 (JSC::JIT::privateCompileMainPass):
3177 * jit/JITPropertyAccess.cpp:
3178 (JSC::JIT::emit_op_put_to_arguments):
3179 (JSC::JIT::emit_op_init_global_const): Deleted.
3180 * jit/JITPropertyAccess32_64.cpp:
3181 (JSC::JIT::emit_op_put_to_arguments):
3182 (JSC::JIT::emit_op_init_global_const): Deleted.
3183 * llint/LowLevelInterpreter.asm:
3184 * llint/LowLevelInterpreter32_64.asm:
3185 * llint/LowLevelInterpreter64.asm:
3186 * parser/ASTBuilder.h:
3187 (JSC::ASTBuilder::createDeclarationStatement):
3188 (JSC::ASTBuilder::createEmptyVarExpression):
3189 (JSC::ASTBuilder::createDebugger):
3190 (JSC::ASTBuilder::appendStatement):
3191 (JSC::ASTBuilder::createVarStatement): Deleted.
3192 (JSC::ASTBuilder::createLetStatement): Deleted.
3193 (JSC::ASTBuilder::createConstStatement): Deleted.
3194 (JSC::ASTBuilder::appendConstDecl): Deleted.
3195 * parser/NodeConstructors.h:
3196 (JSC::CommaNode::CommaNode):
3197 (JSC::SourceElements::SourceElements):
3198 (JSC::SwitchNode::SwitchNode):
3199 (JSC::BlockNode::BlockNode):
3200 (JSC::ConstStatementNode::ConstStatementNode): Deleted.
3201 (JSC::ConstDeclNode::ConstDeclNode): Deleted.
3203 (JSC::ConstDeclNode::hasInitializer): Deleted.
3204 (JSC::ConstDeclNode::ident): Deleted.
3205 * parser/Parser.cpp:
3206 (JSC::Parser<LexerType>::parseStatementListItem):
3207 (JSC::Parser<LexerType>::parseVariableDeclaration):
3208 (JSC::Parser<LexerType>::parseWhileStatement):
3209 (JSC::Parser<LexerType>::parseVariableDeclarationList):
3210 (JSC::Parser<LexerType>::createBindingPattern):
3211 (JSC::Parser<LexerType>::parseDestructuringPattern):
3212 (JSC::Parser<LexerType>::parseDefaultValueForDestructuringPattern):
3213 (JSC::Parser<LexerType>::parseForStatement):
3214 (JSC::Parser<LexerType>::parseTryStatement):
3215 (JSC::Parser<LexerType>::parseFunctionInfo):
3216 (JSC::Parser<LexerType>::parseFunctionDeclaration):
3217 (JSC::Parser<LexerType>::parseClass):
3218 (JSC::Parser<LexerType>::parseConstDeclaration): Deleted.
3219 (JSC::Parser<LexerType>::parseConstDeclarationList): Deleted.
3222 (JSC::isEvalNode<EvalNode>):
3225 (JSC::isEvalOrArgumentsIdentifier):
3226 (JSC::Scope::Scope):
3227 (JSC::Scope::declareCallee):
3228 (JSC::Scope::declareVariable):
3229 (JSC::Scope::declareLexicalVariable):
3230 (JSC::Scope::hasDeclaredVariable):
3231 (JSC::Scope::allowsVarDeclarations):
3232 (JSC::Scope::allowsLexicalDeclarations):
3233 (JSC::Scope::declareParameter):
3234 (JSC::Scope::declareBoundParameter):
3235 (JSC::Parser::destructuringKindFromDeclarationType):
3236 (JSC::Parser::assignmentContextFromDeclarationType):
3237 (JSC::Parser::isEvalOrArguments):
3238 (JSC::Parser::currentScope):
3239 (JSC::Parser::popScope):
3240 (JSC::Parser::declareVariable):
3241 (JSC::Parser::hasDeclaredVariable):
3242 (JSC::Parser::setStrictMode):
3243 (JSC::Parser::strictMode):
3244 (JSC::Parser::isValidStrictMode):
3245 (JSC::Parser::declareParameter):
3246 (JSC::Parser::declareBoundParameter):
3247 (JSC::Parser::breakIsValid):
3248 * parser/SyntaxChecker.h:
3249 (JSC::SyntaxChecker::createForInLoop):
3250 (JSC::SyntaxChecker::createForOfLoop):
3251 (JSC::SyntaxChecker::createEmptyStatement):
3252 (JSC::SyntaxChecker::createDeclarationStatement):
3253 (JSC::SyntaxChecker::createReturnStatement):
3254 (JSC::SyntaxChecker::createBreakStatement):
3255 (JSC::SyntaxChecker::createVarStatement): Deleted.
3256 (JSC::SyntaxChecker::createLetStatement): Deleted.
3257 * parser/VariableEnvironment.h:
3258 (JSC::VariableEnvironmentEntry::isCaptured):
3259 (JSC::VariableEnvironmentEntry::isConst):
3260 (JSC::VariableEnvironmentEntry::isVar):
3261 (JSC::VariableEnvironmentEntry::isLet):
3262 (JSC::VariableEnvironmentEntry::setIsCaptured):
3263 (JSC::VariableEnvironmentEntry::setIsConst):
3264 (JSC::VariableEnvironmentEntry::setIsVar):
3265 (JSC::VariableEnvironmentEntry::setIsLet):
3266 (JSC::VariableEnvironmentEntry::isConstant): Deleted.
3267 (JSC::VariableEnvironmentEntry::setIsConstant): Deleted.
3268 * runtime/Executable.cpp:
3269 (JSC::ProgramExecutable::initializeGlobalProperties):
3270 * runtime/JSGlobalObject.cpp:
3271 (JSC::JSGlobalObject::defineOwnProperty):
3272 (JSC::JSGlobalObject::addGlobalVar):
3273 (JSC::JSGlobalObject::addFunction):
3274 (JSC::lastInPrototypeChain):
3275 * runtime/JSGlobalObject.h:
3276 (JSC::JSGlobalObject::finishCreation):
3277 (JSC::JSGlobalObject::addVar):
3278 (JSC::JSGlobalObject::addConst): Deleted.
3279 * runtime/JSLexicalEnvironment.cpp:
3280 (JSC::JSLexicalEnvironment::symbolTablePut):
3281 * tests/stress/const-and-with-statement.js: Added.
3284 (shouldThrowInvalidConstAssignment):
3286 * tests/stress/const-exception-handling.js: Added.
3290 * tests/stress/const-loop-semantics.js: Added.
3293 (shouldThrowInvalidConstAssignment):
3295 * tests/stress/const-not-strict-mode.js: Added.
3300 * tests/stress/const-semantics.js: Added.
3303 (shouldThrowInvalidConstAssignment):
3305 * tests/stress/const-tdz.js: Added.
3311 2015-07-18 Saam barati <saambarati1@gmail.com>
3313 lexical scoping is broken with respect to "break" and "continue"
3314 https://bugs.webkit.org/show_bug.cgi?id=147063
3316 Reviewed by Filip Pizlo.
3318 Bug #142944 which introduced "let" and lexical scoping
3319 didn't properly hook into the bytecode generator's machinery
3320 for calculating scope depth deltas for "break" and "continue". This
3321 resulted in the bytecode generator popping an incorrect number
3322 of scopes when lexical scopes were involved.
3324 This patch fixes this problem and generalizes this machinery a bit.
3325 This patch also renames old functions in a sensible way that is more
3326 coherent in a world with lexical scoping.
3328 * bytecompiler/BytecodeGenerator.cpp:
3329 (JSC::BytecodeGenerator::BytecodeGenerator):
3330 (JSC::BytecodeGenerator::newLabelScope):
3331 (JSC::BytecodeGenerator::emitProfileType):
3332 (JSC::BytecodeGenerator::pushLexicalScope):
3333 (JSC::BytecodeGenerator::popLexicalScope):
3334 (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3335 (JSC::BytecodeGenerator::resolveType):
3336 (JSC::BytecodeGenerator::emitResolveScope):
3337 (JSC::BytecodeGenerator::emitGetFromScope):
3338 (JSC::BytecodeGenerator::emitPutToScope):
3339 (JSC::BytecodeGenerator::emitPushWithScope):
3340 (JSC::BytecodeGenerator::emitGetParentScope):
3341 (JSC::BytecodeGenerator::emitPopScope):
3342 (JSC::BytecodeGenerator::emitPopWithOrCatchScope):
3343 (JSC::BytecodeGenerator::emitPopScopes):
3344 (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler):
3345 (JSC::BytecodeGenerator::localScopeDepth):
3346 (JSC::BytecodeGenerator::labelScopeDepth):
3347 (JSC::BytecodeGenerator::emitThrowReferenceError):
3348 (JSC::BytecodeGenerator::emitPushFunctionNameScope):
3349 (JSC::BytecodeGenerator::pushScopedControlFlowContext):
3350 (JSC::BytecodeGenerator::popScopedControlFlowContext):
3351 (JSC::BytecodeGenerator::emitPushCatchScope):
3352 (JSC::BytecodeGenerator::currentScopeDepth): Deleted.
3353 * bytecompiler/BytecodeGenerator.h:
git://git.webkit.org / WebKit-https.git / blob