[CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-09-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2
3         [CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
4         https://bugs.webkit.org/show_bug.cgi?id=136194
5
6         Reviewed by Csaba Osztrogonác.
7
8         Set the LINK_INTERFACE_LIBRARIES target property on the top level CMakeLists.txt.
9
10         * CMakeLists.txt:
11
12 2014-08-26  Maciej Stachowiak  <mjs@apple.com>
13
14         Use RetainPtr::autorelease in some places where it seems appropriate
15         https://bugs.webkit.org/show_bug.cgi?id=136280
16
17         Reviewed by Darin Adler.
18
19         * API/JSContext.mm:
20         (-[JSContext name]): Use RetainPtr::autorelease() in place of ObjC autorelease.
21         * API/JSValue.mm:
22         (valueToString): Make appropriate use of RetainPtr
23
24 2014-08-29  Akos Kiss  <akiss@inf.u-szeged.hu>
25
26         Ensure that the call frame passed from doVMEntry to the called function always contains the valid scope chain.
27         https://bugs.webkit.org/show_bug.cgi?id=136391
28
29         Reviewed by Michael Saboff.
30
31         Do not rely on calling conventions to fill in the CallerFrame component
32         of the ExecState* parameter of the called function.
33
34         * llint/LowLevelInterpreter32_64.asm:
35         * llint/LowLevelInterpreter64.asm:
36
37 2014-08-29  Saam Barati  <sbarati@apple.com>
38
39         emit op_profile_type for deconstruction assignments
40         https://bugs.webkit.org/show_bug.cgi?id=136274
41
42         Reviewed by Filip Pizlo.
43
44         Enable type profiling for ES6 deconstruction expressions.
45
46         * bytecompiler/NodesCodegen.cpp:
47         (JSC::BindingNode::bindValue):
48
49 2014-08-29  Joseph Pecoraro  <pecoraro@apple.com>
50
51         JavaScriptCore: Use ASCIILiteral where possible
52         https://bugs.webkit.org/show_bug.cgi?id=136179
53
54         Reviewed by Michael Saboff.
55
56         General string / character related changes. Use ASCIILiteral where
57         possible, jsNontrivialString where possible, and replace string
58         literals with character literals in some places.
59
60         No new tests, no changes to functionality.
61
62         * bytecode/CodeBlock.cpp:
63         (JSC::CodeBlock::nameForRegister):
64         * bytecompiler/NodesCodegen.cpp:
65         (JSC::PostfixNode::emitBytecode):
66         (JSC::PrefixNode::emitBytecode):
67         (JSC::AssignErrorNode::emitBytecode):
68         (JSC::ForInNode::emitMultiLoopBytecode):
69         (JSC::ForOfNode::emitBytecode):
70         (JSC::ObjectPatternNode::toString):
71         * dfg/DFGFunctionWhitelist.cpp:
72         (JSC::DFG::FunctionWhitelist::contains):
73         * dfg/DFGOperations.cpp:
74         (JSC::DFG::newTypedArrayWithSize):
75         (JSC::DFG::newTypedArrayWithOneArgument):
76         * inspector/ConsoleMessage.cpp:
77         (Inspector::ConsoleMessage::addToFrontend):
78         * inspector/InspectorBackendDispatcher.cpp:
79         (Inspector::InspectorBackendDispatcher::dispatch):
80         * inspector/ScriptCallStackFactory.cpp:
81         (Inspector::extractSourceInformationFromException):
82         * inspector/scripts/codegen/generator_templates.py:
83         * interpreter/StackVisitor.cpp:
84         (JSC::StackVisitor::Frame::functionName):
85         (JSC::StackVisitor::Frame::sourceURL):
86         * jit/JITOperations.cpp:
87         * jsc.cpp:
88         (functionDescribeArray):
89         (functionRun):
90         (functionLoad):
91         (functionReadFile):
92         (functionCheckSyntax):
93         (functionTransferArrayBuffer):
94         (runWithScripts):
95         (runInteractive):
96         * parser/Lexer.cpp:
97         (JSC::Lexer<T>::invalidCharacterMessage):
98         (JSC::Lexer<T>::parseString):
99         (JSC::Lexer<T>::parseStringSlowCase):
100         (JSC::Lexer<T>::lex):
101         * profiler/Profile.cpp:
102         (JSC::Profile::Profile):
103         * runtime/Arguments.cpp:
104         (JSC::argumentsFuncIterator):
105         * runtime/ArrayPrototype.cpp:
106         (JSC::performSlowSort):
107         (JSC::arrayProtoFuncSort):
108         * runtime/ExceptionHelpers.cpp:
109         (JSC::createError):
110         (JSC::createInvalidParameterError):
111         (JSC::createNotAConstructorError):
112         (JSC::createNotAFunctionError):
113         (JSC::createNotAnObjectError):
114         (JSC::createErrorForInvalidGlobalAssignment):
115         * runtime/FunctionPrototype.cpp:
116         (JSC::insertSemicolonIfNeeded):
117         * runtime/JSArray.cpp:
118         (JSC::JSArray::defineOwnProperty):
119         (JSC::JSArray::pop):
120         (JSC::JSArray::push):
121         * runtime/JSArrayBufferConstructor.cpp:
122         (JSC::JSArrayBufferConstructor::finishCreation):
123         * runtime/JSArrayBufferPrototype.cpp:
124         (JSC::arrayBufferProtoFuncSlice):
125         * runtime/JSDataView.cpp:
126         (JSC::JSDataView::create):
127         * runtime/JSDataViewPrototype.cpp:
128         (JSC::getData):
129         (JSC::setData):
130         * runtime/JSGlobalObject.cpp:
131         (JSC::JSGlobalObject::reset):
132         * runtime/JSGlobalObjectFunctions.cpp:
133         (JSC::globalFuncProtoSetter):
134         * runtime/JSPromiseConstructor.cpp:
135         (JSC::JSPromiseConstructor::finishCreation):
136         * runtime/LiteralParser.cpp:
137         (JSC::LiteralParser<CharType>::Lexer::lex):
138         (JSC::LiteralParser<CharType>::Lexer::lexString):
139         (JSC::LiteralParser<CharType>::parse):
140         * runtime/LiteralParser.h:
141         (JSC::LiteralParser::getErrorMessage):
142         * runtime/TypeSet.cpp:
143         (JSC::TypeSet::seenTypes):
144         (JSC::TypeSet::displayName):
145         (JSC::TypeSet::allPrimitiveTypeNames):
146         (JSC::StructureShape::propertyHash):
147         (JSC::StructureShape::stringRepresentation):
148
149 2014-08-29  Csaba Osztrogonác  <ossy@webkit.org>
150
151         Unreviwed, remove empty directories.
152
153         * qt: Removed.
154
155 2014-08-28  Mark Lam  <mark.lam@apple.com>
156
157         DebuggerCallFrame::scope() should return a DebuggerScope.
158         <https://webkit.org/b/134420>
159
160         Reviewed by Geoffrey Garen.
161
162         Rolling back in r170680 with the fix for <https://webkit.org/b/135656>.
163
164         Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
165         peers) which the WebInspector will use to introspect CallFrame variables.
166         Instead, we should be returning a DebuggerScope as an abstraction layer that
167         provides the introspection functionality that the WebInspector needs.  This
168         is the first step towards not forcing every frame to have a JSActivation
169         object just because the debugger is enabled.
170
171         1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject
172            instead of the VM.  This allows JSObject::globalObject() to be able to
173            return the global object for the DebuggerScope.
174
175         2. On the DebuggerScope's life-cycle management:
176
177            The DebuggerCallFrame is designed to be "valid" only during a debugging session
178            (while the debugger is broken) through the use of a DebuggerCallFrameScope in
179            Debugger::pauseIfNeeded().  Once the debugger resumes from the break, the
180            DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
181            We can't guarantee (from this code alone) that the Inspector code isn't still
182            holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
183            the frame will be invalidated, and any attempt to query it will return null values.
184            This is pre-existing behavior.
185
186            Now, we're adding the DebuggerScope into the picture.  While a single debugger
187            pause session is in progress, the Inspector may request the scope from the
188            DebuggerCallFrame.  While the DebuggerCallFrame is still valid, we want
189            DebuggerCallFrame::scope() to always return the same DebuggerScope object.
190            This is why we hold on to the DebuggerScope with a strong ref.
191
192            If we use a weak ref instead, the following cooky behavior can manifest:
193            1. The Inspector calls Debugger::scope() to get the top scope.
194            2. The Inspector iterates down the scope chain and is now only holding a
195               reference to a parent scope.  It is no longer referencing the top scope.
196            3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope
197               gets cleared.
198            4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets
199               a different DebuggerScope instance.
200            5. The Inspector iterates down the scope chain but never sees the parent scope
201               instance that retained a ref to in step 2 above.  This is because when iterating
202               this new DebuggerScope instance (which has no knowledge of the previous parent
203               DebuggerScope instance), a new DebuggerScope instance will get created for the
204               same parent scope. 
205
206            Since the DebuggerScope is a JSObject, its liveness is determined by its reachability.
207            However, its "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
208            When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
209            instantiated) will also get invalidated.  This is why we need the
210            DebuggerScope::invalidateChain() method.  The Inspector should not be using the
211            DebuggerScope instance after its owner DebuggerCallFrame is invalidated.  If it does,
212            those methods will do nothing or returned a failed status.
213
214         Fix for <https://webkit.org/b/135656>:
215         3. DebuggerScope::getOwnPropertySlot() and DebuggerScope::put() need to set
216            m_thisValue in the returned slot to the wrapped scope object.  Previously,
217            it was pointing to the DebuggerScope though the rest of the fields in the
218            returned slot will be set to data pertaining the wrapped scope object.
219
220         4. DebuggerScope::getOwnPropertySlot() will invoke getPropertySlot() on its
221            wrapped scope.  This is because JSObject::getPropertySlot() cannot be
222            overridden, and when called on a DebuggerScope, will not know to look in
223            the ptototype chain of the DebuggerScope's wrapped scope.  Hence, we'll
224            treat all properties in the wrapped scope as own properties in the
225            DebuggerScope.  This is fine because the WebInspector does not presently
226            care about where in the prototype chain the scope property comes from.
227
228            Note that the DebuggerScope and the JSActivation objects that it wraps do
229            not have prototypes.  They are always jsNull().  This works perfectly with
230            the above change to use getPropertySlot() instead of getOwnPropertySlot().
231            To make this an explicit invariant, I also changed DebuggerScope::createStructure()
232            and JSActivation::createStructure() to not take a prototype argument, and
233            to always use jsNull() for their prototype value.
234
235         * debugger/Debugger.h:
236         * debugger/DebuggerCallFrame.cpp:
237         (JSC::DebuggerCallFrame::scope):
238         (JSC::DebuggerCallFrame::evaluate):
239         (JSC::DebuggerCallFrame::invalidate):
240         * debugger/DebuggerCallFrame.h:
241         * debugger/DebuggerScope.cpp:
242         (JSC::DebuggerScope::DebuggerScope):
243         (JSC::DebuggerScope::finishCreation):
244         (JSC::DebuggerScope::visitChildren):
245         (JSC::DebuggerScope::className):
246         (JSC::DebuggerScope::getOwnPropertySlot):
247         (JSC::DebuggerScope::put):
248         (JSC::DebuggerScope::deleteProperty):
249         (JSC::DebuggerScope::getOwnPropertyNames):
250         (JSC::DebuggerScope::defineOwnProperty):
251         (JSC::DebuggerScope::next):
252         (JSC::DebuggerScope::invalidateChain):
253         (JSC::DebuggerScope::isWithScope):
254         (JSC::DebuggerScope::isGlobalScope):
255         (JSC::DebuggerScope::isFunctionOrEvalScope):
256         * debugger/DebuggerScope.h:
257         (JSC::DebuggerScope::create):
258         (JSC::DebuggerScope::createStructure):
259         (JSC::DebuggerScope::iterator::iterator):
260         (JSC::DebuggerScope::iterator::get):
261         (JSC::DebuggerScope::iterator::operator++):
262         (JSC::DebuggerScope::iterator::operator==):
263         (JSC::DebuggerScope::iterator::operator!=):
264         (JSC::DebuggerScope::isValid):
265         (JSC::DebuggerScope::jsScope):
266         (JSC::DebuggerScope::begin):
267         (JSC::DebuggerScope::end):
268         * inspector/JSJavaScriptCallFrame.cpp:
269         (Inspector::JSJavaScriptCallFrame::scopeType):
270         (Inspector::JSJavaScriptCallFrame::scopeChain):
271         * inspector/JavaScriptCallFrame.h:
272         (Inspector::JavaScriptCallFrame::scopeChain):
273         * inspector/ScriptDebugServer.cpp:
274         * runtime/JSActivation.h:
275         (JSC::JSActivation::createStructure):
276         * runtime/JSGlobalObject.cpp:
277         (JSC::JSGlobalObject::reset):
278         (JSC::JSGlobalObject::visitChildren):
279         * runtime/JSGlobalObject.h:
280         (JSC::JSGlobalObject::debuggerScopeStructure):
281         * runtime/JSObject.cpp:
282         * runtime/JSObject.h:
283         (JSC::JSObject::isWithScope):
284         * runtime/JSScope.h:
285         * runtime/PropertySlot.h:
286         (JSC::PropertySlot::setThisValue):
287         * runtime/PutPropertySlot.h:
288         (JSC::PutPropertySlot::setThisValue):
289         * runtime/VM.cpp:
290         (JSC::VM::VM):
291         * runtime/VM.h:
292
293 2014-08-28  Andreas Kling  <akling@apple.com>
294
295         Use JSString::toIdentifier() in more places.
296         <https://webkit.org/b/136348>
297
298         Call sites that grab the WTF::String from a JSString using value() can
299         use the more efficient toIdentifier() if the string is going to be used
300         to construct an Identifier.
301
302         If the JSString is a rope that resolves to something that is already
303         present in the VM's Identifier table, using toIdentifier() can avoid
304         allocating a new StringImpl.
305
306         Reviewed by Geoffrey Garen.
307
308         * jit/JITOperations.cpp:
309         * llint/LLIntSlowPaths.cpp:
310         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
311         * runtime/CommonSlowPaths.cpp:
312         (JSC::SLOW_PATH_DECL):
313         * runtime/CommonSlowPaths.h:
314         (JSC::CommonSlowPaths::opIn):
315         * runtime/JSONObject.cpp:
316         (JSC::Stringifier::Stringifier):
317         * runtime/ObjectConstructor.cpp:
318         (JSC::objectConstructorGetOwnPropertyDescriptor):
319         (JSC::objectConstructorDefineProperty):
320         * runtime/ObjectPrototype.cpp:
321         (JSC::objectProtoFuncPropertyIsEnumerable):
322
323 2014-08-27  Filip Pizlo  <fpizlo@apple.com>
324
325         DFG should compute immediate dominators using the O(n log n) form of Lengauer and Tarjan's "A Fast Algorithm for Finding Dominators in a Flowgraph"
326         https://bugs.webkit.org/show_bug.cgi?id=93361
327
328         Reviewed by Mark Hahnenberg.
329         
330         This patch also adds some new utilities for reasoning about block-keyed maps, block sets,
331         and block worklists. It changes preexisting code to use these abstractions.
332         
333         The main effect of this code is that all current clients of dominators end up using the
334         results of the new idom calculation. We convert the dom tree to a dominance test using
335         Dietz's pre/post number range check trick.
336
337         * CMakeLists.txt:
338         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
339         * JavaScriptCore.xcodeproj/project.pbxproj:
340         * dfg/DFGAnalysis.h:
341         (JSC::DFG::Analysis::computeIfNecessary):
342         (JSC::DFG::Analysis::computeDependencies):
343         * dfg/DFGBlockMap.h: Added.
344         (JSC::DFG::BlockMap::BlockMap):
345         (JSC::DFG::BlockMap::size):
346         (JSC::DFG::BlockMap::atIndex):
347         (JSC::DFG::BlockMap::operator[]):
348         * dfg/DFGBlockMapInlines.h: Added.
349         (JSC::DFG::BlockMap<T>::BlockMap):
350         * dfg/DFGBlockSet.h: Added.
351         (JSC::DFG::BlockSet::BlockSet):
352         (JSC::DFG::BlockSet::add):
353         (JSC::DFG::BlockSet::contains):
354         * dfg/DFGBlockWorklist.cpp: Added.
355         (JSC::DFG::BlockWorklist::BlockWorklist):
356         (JSC::DFG::BlockWorklist::~BlockWorklist):
357         (JSC::DFG::BlockWorklist::push):
358         (JSC::DFG::BlockWorklist::pop):
359         (JSC::DFG::PostOrderBlockWorklist::PostOrderBlockWorklist):
360         (JSC::DFG::PostOrderBlockWorklist::~PostOrderBlockWorklist):
361         (JSC::DFG::PostOrderBlockWorklist::pushPre):
362         (JSC::DFG::PostOrderBlockWorklist::pushPost):
363         (JSC::DFG::PostOrderBlockWorklist::pop):
364         * dfg/DFGBlockWorklist.h: Added.
365         (JSC::DFG::BlockWorklist::notEmpty):
366         (JSC::DFG::BlockWith::BlockWith):
367         (JSC::DFG::BlockWith::operator UnspecifiedBoolType*):
368         (JSC::DFG::ExtendedBlockWorklist::ExtendedBlockWorklist):
369         (JSC::DFG::ExtendedBlockWorklist::forcePush):
370         (JSC::DFG::ExtendedBlockWorklist::push):
371         (JSC::DFG::ExtendedBlockWorklist::notEmpty):
372         (JSC::DFG::ExtendedBlockWorklist::pop):
373         (JSC::DFG::BlockWithOrder::BlockWithOrder):
374         (JSC::DFG::BlockWithOrder::operator UnspecifiedBoolType*):
375         (JSC::DFG::PostOrderBlockWorklist::push):
376         (JSC::DFG::PostOrderBlockWorklist::notEmpty):
377         * dfg/DFGCSEPhase.cpp:
378         * dfg/DFGDominators.cpp:
379         (JSC::DFG::Dominators::compute):
380         (JSC::DFG::Dominators::naiveDominates):
381         (JSC::DFG::Dominators::dump):
382         (JSC::DFG::Dominators::pruneDominators): Deleted.
383         * dfg/DFGDominators.h:
384         (JSC::DFG::Dominators::strictlyDominates):
385         (JSC::DFG::Dominators::dominates):
386         (JSC::DFG::Dominators::BlockData::BlockData):
387         * dfg/DFGGraph.cpp:
388         (JSC::DFG::Graph::dumpBlockHeader):
389         (JSC::DFG::Graph::getBlocksInPreOrder):
390         (JSC::DFG::Graph::getBlocksInPostOrder):
391         * dfg/DFGInvalidationPointInjectionPhase.cpp:
392         (JSC::DFG::InvalidationPointInjectionPhase::run):
393         * dfg/DFGNaiveDominators.cpp: Added.
394         (JSC::DFG::NaiveDominators::NaiveDominators):
395         (JSC::DFG::NaiveDominators::~NaiveDominators):
396         (JSC::DFG::NaiveDominators::compute):
397         (JSC::DFG::NaiveDominators::pruneDominators):
398         (JSC::DFG::NaiveDominators::dump):
399         * dfg/DFGNaiveDominators.h: Added.
400         (JSC::DFG::NaiveDominators::dominates):
401         * dfg/DFGNaturalLoops.cpp:
402         (JSC::DFG::NaturalLoops::computeDependencies):
403         (JSC::DFG::NaturalLoops::compute):
404         * dfg/DFGNaturalLoops.h:
405
406 2014-08-27  Filip Pizlo  <fpizlo@apple.com>
407
408         FTL should be able to do polymorphic call inlining
409         https://bugs.webkit.org/show_bug.cgi?id=135145
410
411         Reviewed by Geoffrey Garen.
412         
413         Added a log-based high-fidelity call edge profiler that runs in DFG JIT (and optionally
414         baseline JIT) code. Used it to do precise polymorphic inlining in the FTL. Potential
415         inlining sites use the call edge profile if it is available, but they will still fall back
416         on the call inline cache and rare case counts if it's not. Polymorphic inlining means that
417         multiple possible callees can be inlined with a switch to guard them. The slow path may
418         either be an OSR exit or a virtual call.
419         
420         The call edge profiling added in this patch is very precise - it will tell you about every
421         call that has ever happened. It took some effort to reduce the overhead of this profiling.
422         This mostly involved ensuring that we don't do it unnecessarily. For example, we avoid it
423         in the baseline JIT (you can conditionally enable it but it's off by default) and we only do
424         it in the DFG JIT if we know that the regular inline cache profiling wasn't precise enough.
425         I also experimented with reducing the precision of the profiling. This led to a significant
426         reduction in the speed-up, so I avoided this approach. I also explored making log processing
427         concurrent, but that didn't help. Also, I tested the overhead of the log processing and
428         found that most of the overhead of this profiling is actually in putting things into the log
429         rather than in processing the log - that part appears to be surprisingly cheap.
430         
431         Polymorphic inlining could be enabled in the DFG if we enabled baseline call edge profiling,
432         and if we guarded such inlining sites with some profiling mechanism to detect
433         polyvariant monomorphisation opportunities (where the callsite being inlined reveals that
434         it's actually monomorphic).
435         
436         This is a ~28% speed-up on deltablue and a ~7% speed-up on richards, with small speed-ups on
437         other programs as well. It's about a 2% speed-up on Octane version 2, and never a regression
438         on anything we care about. Some aggregates, like V8Spider, see a regression. This is
439         highlighting the increase in profiling overhead. But since this doesn't show up on any major
440         score (code-load or SunSpider), it's probably not relevant.
441         
442         Relanding after fixing debug assertions in fast/storage/serialized-script-value.html.
443
444         * CMakeLists.txt:
445         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
446         * JavaScriptCore.xcodeproj/project.pbxproj:
447         * bytecode/CallEdge.cpp: Added.
448         (JSC::CallEdge::dump):
449         * bytecode/CallEdge.h: Added.
450         (JSC::CallEdge::operator!):
451         (JSC::CallEdge::callee):
452         (JSC::CallEdge::count):
453         (JSC::CallEdge::despecifiedClosure):
454         (JSC::CallEdge::CallEdge):
455         * bytecode/CallEdgeProfile.cpp: Added.
456         (JSC::CallEdgeProfile::callEdges):
457         (JSC::CallEdgeProfile::numCallsToKnownCells):
458         (JSC::worthDespecifying):
459         (JSC::CallEdgeProfile::worthDespecifying):
460         (JSC::CallEdgeProfile::visitWeak):
461         (JSC::CallEdgeProfile::addSlow):
462         (JSC::CallEdgeProfile::mergeBack):
463         (JSC::CallEdgeProfile::fadeByHalf):
464         (JSC::CallEdgeLog::CallEdgeLog):
465         (JSC::CallEdgeLog::~CallEdgeLog):
466         (JSC::CallEdgeLog::isEnabled):
467         (JSC::operationProcessCallEdgeLog):
468         (JSC::CallEdgeLog::emitLogCode):
469         (JSC::CallEdgeLog::processLog):
470         * bytecode/CallEdgeProfile.h: Added.
471         (JSC::CallEdgeProfile::numCallsToNotCell):
472         (JSC::CallEdgeProfile::numCallsToUnknownCell):
473         (JSC::CallEdgeProfile::totalCalls):
474         * bytecode/CallEdgeProfileInlines.h: Added.
475         (JSC::CallEdgeProfile::CallEdgeProfile):
476         (JSC::CallEdgeProfile::add):
477         * bytecode/CallLinkInfo.cpp:
478         (JSC::CallLinkInfo::visitWeak):
479         * bytecode/CallLinkInfo.h:
480         * bytecode/CallLinkStatus.cpp:
481         (JSC::CallLinkStatus::CallLinkStatus):
482         (JSC::CallLinkStatus::computeFromLLInt):
483         (JSC::CallLinkStatus::computeFor):
484         (JSC::CallLinkStatus::computeExitSiteData):
485         (JSC::CallLinkStatus::computeFromCallLinkInfo):
486         (JSC::CallLinkStatus::computeFromCallEdgeProfile):
487         (JSC::CallLinkStatus::computeDFGStatuses):
488         (JSC::CallLinkStatus::isClosureCall):
489         (JSC::CallLinkStatus::makeClosureCall):
490         (JSC::CallLinkStatus::dump):
491         (JSC::CallLinkStatus::function): Deleted.
492         (JSC::CallLinkStatus::internalFunction): Deleted.
493         (JSC::CallLinkStatus::intrinsicFor): Deleted.
494         * bytecode/CallLinkStatus.h:
495         (JSC::CallLinkStatus::CallLinkStatus):
496         (JSC::CallLinkStatus::isSet):
497         (JSC::CallLinkStatus::couldTakeSlowPath):
498         (JSC::CallLinkStatus::edges):
499         (JSC::CallLinkStatus::size):
500         (JSC::CallLinkStatus::at):
501         (JSC::CallLinkStatus::operator[]):
502         (JSC::CallLinkStatus::canOptimize):
503         (JSC::CallLinkStatus::canTrustCounts):
504         (JSC::CallLinkStatus::isClosureCall): Deleted.
505         (JSC::CallLinkStatus::callTarget): Deleted.
506         (JSC::CallLinkStatus::executable): Deleted.
507         (JSC::CallLinkStatus::makeClosureCall): Deleted.
508         * bytecode/CallVariant.cpp: Added.
509         (JSC::CallVariant::dump):
510         * bytecode/CallVariant.h: Added.
511         (JSC::CallVariant::CallVariant):
512         (JSC::CallVariant::operator!):
513         (JSC::CallVariant::despecifiedClosure):
514         (JSC::CallVariant::rawCalleeCell):
515         (JSC::CallVariant::internalFunction):
516         (JSC::CallVariant::function):
517         (JSC::CallVariant::isClosureCall):
518         (JSC::CallVariant::executable):
519         (JSC::CallVariant::nonExecutableCallee):
520         (JSC::CallVariant::intrinsicFor):
521         (JSC::CallVariant::functionExecutable):
522         (JSC::CallVariant::isHashTableDeletedValue):
523         (JSC::CallVariant::operator==):
524         (JSC::CallVariant::operator!=):
525         (JSC::CallVariant::operator<):
526         (JSC::CallVariant::operator>):
527         (JSC::CallVariant::operator<=):
528         (JSC::CallVariant::operator>=):
529         (JSC::CallVariant::hash):
530         (JSC::CallVariant::deletedToken):
531         (JSC::CallVariantHash::hash):
532         (JSC::CallVariantHash::equal):
533         * bytecode/CodeOrigin.h:
534         (JSC::InlineCallFrame::isNormalCall):
535         * bytecode/ExitKind.cpp:
536         (JSC::exitKindToString):
537         * bytecode/ExitKind.h:
538         * bytecode/GetByIdStatus.cpp:
539         (JSC::GetByIdStatus::computeForStubInfo):
540         * bytecode/PutByIdStatus.cpp:
541         (JSC::PutByIdStatus::computeForStubInfo):
542         * dfg/DFGAbstractInterpreterInlines.h:
543         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
544         * dfg/DFGBackwardsPropagationPhase.cpp:
545         (JSC::DFG::BackwardsPropagationPhase::propagate):
546         * dfg/DFGBasicBlock.cpp:
547         (JSC::DFG::BasicBlock::~BasicBlock):
548         * dfg/DFGBasicBlock.h:
549         (JSC::DFG::BasicBlock::takeLast):
550         (JSC::DFG::BasicBlock::didLink):
551         * dfg/DFGByteCodeParser.cpp:
552         (JSC::DFG::ByteCodeParser::processSetLocalQueue):
553         (JSC::DFG::ByteCodeParser::removeLastNodeFromGraph):
554         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
555         (JSC::DFG::ByteCodeParser::addCall):
556         (JSC::DFG::ByteCodeParser::handleCall):
557         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
558         (JSC::DFG::ByteCodeParser::undoFunctionChecks):
559         (JSC::DFG::ByteCodeParser::inliningCost):
560         (JSC::DFG::ByteCodeParser::inlineCall):
561         (JSC::DFG::ByteCodeParser::cancelLinkingForBlock):
562         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
563         (JSC::DFG::ByteCodeParser::handleInlining):
564         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
565         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
566         (JSC::DFG::ByteCodeParser::clearCaches):
567         (JSC::DFG::ByteCodeParser::parseBlock):
568         (JSC::DFG::ByteCodeParser::linkBlock):
569         (JSC::DFG::ByteCodeParser::linkBlocks):
570         (JSC::DFG::ByteCodeParser::parseCodeBlock):
571         * dfg/DFGCPSRethreadingPhase.cpp:
572         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
573         * dfg/DFGClobberize.h:
574         (JSC::DFG::clobberize):
575         * dfg/DFGCommon.h:
576         * dfg/DFGConstantFoldingPhase.cpp:
577         (JSC::DFG::ConstantFoldingPhase::foldConstants):
578         * dfg/DFGDoesGC.cpp:
579         (JSC::DFG::doesGC):
580         * dfg/DFGDriver.cpp:
581         (JSC::DFG::compileImpl):
582         * dfg/DFGFixupPhase.cpp:
583         (JSC::DFG::FixupPhase::fixupNode):
584         * dfg/DFGGraph.cpp:
585         (JSC::DFG::Graph::dump):
586         (JSC::DFG::Graph::getBlocksInPreOrder):
587         (JSC::DFG::Graph::visitChildren):
588         * dfg/DFGJITCompiler.cpp:
589         (JSC::DFG::JITCompiler::link):
590         * dfg/DFGLazyJSValue.cpp:
591         (JSC::DFG::LazyJSValue::switchLookupValue):
592         * dfg/DFGLazyJSValue.h:
593         (JSC::DFG::LazyJSValue::switchLookupValue): Deleted.
594         * dfg/DFGNode.cpp:
595         (WTF::printInternal):
596         * dfg/DFGNode.h:
597         (JSC::DFG::OpInfo::OpInfo):
598         (JSC::DFG::Node::hasHeapPrediction):
599         (JSC::DFG::Node::hasCellOperand):
600         (JSC::DFG::Node::cellOperand):
601         (JSC::DFG::Node::setCellOperand):
602         (JSC::DFG::Node::canBeKnownFunction): Deleted.
603         (JSC::DFG::Node::hasKnownFunction): Deleted.
604         (JSC::DFG::Node::knownFunction): Deleted.
605         (JSC::DFG::Node::giveKnownFunction): Deleted.
606         (JSC::DFG::Node::hasFunction): Deleted.
607         (JSC::DFG::Node::function): Deleted.
608         (JSC::DFG::Node::hasExecutable): Deleted.
609         (JSC::DFG::Node::executable): Deleted.
610         * dfg/DFGNodeType.h:
611         * dfg/DFGPhantomCanonicalizationPhase.cpp:
612         (JSC::DFG::PhantomCanonicalizationPhase::run):
613         * dfg/DFGPhantomRemovalPhase.cpp:
614         (JSC::DFG::PhantomRemovalPhase::run):
615         * dfg/DFGPredictionPropagationPhase.cpp:
616         (JSC::DFG::PredictionPropagationPhase::propagate):
617         * dfg/DFGSafeToExecute.h:
618         (JSC::DFG::safeToExecute):
619         * dfg/DFGSpeculativeJIT.cpp:
620         (JSC::DFG::SpeculativeJIT::emitSwitch):
621         * dfg/DFGSpeculativeJIT32_64.cpp:
622         (JSC::DFG::SpeculativeJIT::emitCall):
623         (JSC::DFG::SpeculativeJIT::compile):
624         * dfg/DFGSpeculativeJIT64.cpp:
625         (JSC::DFG::SpeculativeJIT::emitCall):
626         (JSC::DFG::SpeculativeJIT::compile):
627         * dfg/DFGStructureRegistrationPhase.cpp:
628         (JSC::DFG::StructureRegistrationPhase::run):
629         * dfg/DFGTierUpCheckInjectionPhase.cpp:
630         (JSC::DFG::TierUpCheckInjectionPhase::run):
631         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling):
632         * dfg/DFGValidate.cpp:
633         (JSC::DFG::Validate::validate):
634         * dfg/DFGWatchpointCollectionPhase.cpp:
635         (JSC::DFG::WatchpointCollectionPhase::handle):
636         * ftl/FTLCapabilities.cpp:
637         (JSC::FTL::canCompile):
638         * ftl/FTLLowerDFGToLLVM.cpp:
639         (JSC::FTL::ftlUnreachable):
640         (JSC::FTL::LowerDFGToLLVM::lower):
641         (JSC::FTL::LowerDFGToLLVM::compileNode):
642         (JSC::FTL::LowerDFGToLLVM::compileCheckCell):
643         (JSC::FTL::LowerDFGToLLVM::compileCheckBadCell):
644         (JSC::FTL::LowerDFGToLLVM::compileGetExecutable):
645         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
646         (JSC::FTL::LowerDFGToLLVM::compileSwitch):
647         (JSC::FTL::LowerDFGToLLVM::buildSwitch):
648         (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): Deleted.
649         (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): Deleted.
650         * heap/Heap.cpp:
651         (JSC::Heap::collect):
652         * jit/AssemblyHelpers.h:
653         (JSC::AssemblyHelpers::storeValue):
654         (JSC::AssemblyHelpers::loadValue):
655         * jit/CCallHelpers.h:
656         (JSC::CCallHelpers::setupArguments):
657         * jit/GPRInfo.h:
658         (JSC::JSValueRegs::uses):
659         * jit/JITCall.cpp:
660         (JSC::JIT::compileOpCall):
661         * jit/JITCall32_64.cpp:
662         (JSC::JIT::compileOpCall):
663         * runtime/Options.h:
664         * runtime/VM.cpp:
665         (JSC::VM::ensureCallEdgeLog):
666         * runtime/VM.h:
667         * tests/stress/fold-profiled-call-to-call.js: Added. This test pinpoints the problem we saw in fast/storage/serialized-script-value.html.
668         * tests/stress/new-array-then-exit.js: Added.
669         * tests/stress/poly-call-exit-this.js: Added.
670         * tests/stress/poly-call-exit.js: Added.
671
672 2014-08-28  Julien Brianceau   <jbriance@cisco.com>
673
674         Correct GC length unit and prevent division by 0 in showObjectStatistics.
675         https://bugs.webkit.org/show_bug.cgi?id=136340
676
677         Reviewed by Mark Hahnenberg.
678
679         * heap/HeapStatistics.cpp:
680         (JSC::HeapStatistics::showObjectStatistics):
681
682 2014-08-27  Akos Kiss  <akiss@inf.u-szeged.hu>
683
684         Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
685         https://bugs.webkit.org/show_bug.cgi?id=136313
686
687         Reviewed by Michael Saboff.
688
689         Do not rely on calling conventions to fill in the CallerFrame component
690         of the execCallee parameter of JSC::operationCallEval.
691
692         * jit/JITOperations.cpp:
693
694 2014-08-27  Saam Barati  <sbarati@apple.com>
695
696         Deconstruction object pattern node emits the wrong start/end text positions
697         https://bugs.webkit.org/show_bug.cgi?id=136304
698
699         Reviewed by Geoffrey Garen.
700
701         Object pattern nodes that used the syntactic sugar binding: 
702         'var {foo} = {foo:20}' instead of 'var {foo:foo} = {foo:20}' 
703         would get the wrong text position for variable 'foo'. The position 
704         would be placed on the comma(s)/closing brace instead of the identifier. 
705         This patch fixes this bug by caching the identifier's JSToken before 
706         trying to parse an optional colon.
707
708         * parser/Parser.cpp:
709         (JSC::Parser<LexerType>::parseVarDeclarationList):
710         (JSC::Parser<LexerType>::createBindingPattern):
711         (JSC::Parser<LexerType>::parseDeconstructionPattern):
712         * parser/Parser.h:
713
714 2014-08-27  Brent Fulgham  <bfulgham@apple.com>
715
716         [Win] Build fix after last commit.
717
718         Check in new DLLLauncherMain.cpp file.
719
720         * JavaScriptCore.vcxproj/jsc/DLLLauncherMain.cpp: Added.
721         (enableTerminationOnHeapCorruption):
722         (getStringValue):
723         (applePathFromRegistry):
724         (appleApplicationSupportDirectory):
725         (copyEnvironmentVariable):
726         (prependPath):
727         (fatalError):
728         (directoryExists):
729         (modifyPath):
730         (getLastErrorString):
731         (wWinMain):
732
733 2014-08-27  Brent Fulgham  <bfulgham@apple.com>
734
735         [Win] testapi and testRegExp need to find support libraries.
736         https://bugs.webkit.org/show_bug.cgi?id=136008.
737
738         Reviewed by Dean Jackson.
739
740         Revise the Windows build of jsc, testapi, and testRegExp so that they
741         find and use the proper runtime support libraries.
742
743         These locations vary between the Apple Windows build and WinCairo, and
744         are generally not in the system PATH environment setting. Consequently,
745         these applications fail on launch unless the user modifies their
746         PATH.
747
748         This patch revises these tools to work like WinLauncher and DumpRenderTree
749         so that they run reliably.
750
751         * API/tests/testapi.c:
752         (dllLauncherEntryPoint): Added.
753         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Add new build projects and
754           provide proper dependencies with existing projects.
755         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Ditto.
756         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Switch to build
757           a DLL, rather than an executable.
758         * JavaScriptCore.vcxproj/jsc/jscCommon.props: Add shlwapi.lib
759           to the list of libraries needed at link-time, and to use
760           the DLL/Console combination entry point.
761         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Added.
762         * JavaScriptCore.vcxproj/jsc/jscLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd.
763         * JavaScriptCore.vcxproj/jsc/jscLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPreBuild.cmd.
764         * JavaScriptCore.vcxproj/jsc/jscLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPreLink.cmd.
765         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Switch to build
766           a DLL, rather than an executable.
767         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: Add shlwapi.lib
768           to the list of libraries needed at link-time, and to use
769           the DLL/Console combination entry point.
770         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Added.
771         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd.
772         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd.
773         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd.
774         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Switch to build
775           a DLL, rather than an executable.
776         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Added.
777         * JavaScriptCore.vcxproj/testapi/testapiCommon.props: Add shlwapi.lib
778           to the list of libraries needed at link-time, and to use
779           the DLL/Console combination entry point.
780         * JavaScriptCore.vcxproj/testapi/testapiLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd.
781         * JavaScriptCore.vcxproj/testapi/testapiLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd.
782         * JavaScriptCore.vcxproj/testapi/testapiLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd.
783         * jsc.cpp:
784         (dllLauncherEntryPoint): Added.
785         * testRegExp.cpp:
786         (dllLauncherEntryPoint): Added.
787
788 2014-08-27  Julien Brianceau   <jbriance@cisco.com>
789
790         Take advantage of 3 parameters or32() calls
791         https://bugs.webkit.org/show_bug.cgi?id=136287
792
793         Reviewed by Michael Saboff.
794
795         For specific architectures (arm and mips for instance), or32() calls
796         with 3 parameters are likely to produce a single instruction.
797
798         * dfg/DFGSpeculativeJIT32_64.cpp:
799         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
800         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
801         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
802         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
803         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
804         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
805         (JSC::DFG::SpeculativeJIT::branchIsOther):
806         (JSC::DFG::SpeculativeJIT::branchNotOther):
807
808 2014-08-26  Brian J. Burg  <burg@cs.washington.edu>
809
810         Web Inspector: put feature flags for Inspector domains in the protocol specification
811         https://bugs.webkit.org/show_bug.cgi?id=136027
812
813         Reviewed by Timothy Hatcher.
814
815         Remove the hardcoded map of domains to feature guards, and instead parse it from the specification.
816
817         Test: inspector/scripts/tests/generate-domains-with-feature-guards.json
818
819         * inspector/scripts/codegen/generator.py:
820         (Generator.wrap_with_guard_for_domain):
821         * inspector/scripts/codegen/models.py:
822         (Protocol.parse_domain):
823         (Domain.__init__):
824         (Domains):
825         * inspector/scripts/tests/generate-domains-with-feature-guards.json: Added.
826         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
827         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
828         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
829         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
830         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
831
832 2014-08-26  Andy Estes  <aestes@apple.com>
833
834         [Cocoa] Some projects are incorrectly installed to $BUILT_PRODUCTS_DIR
835         https://bugs.webkit.org/show_bug.cgi?id=136267
836
837         Reviewed by Dan Bernstein.
838
839         INSTALL_PATH was set to $BUILT_PRODUCTS_DIR for engineering configurations in r20225 as part of a build fix.
840         Not only is this no longer necessary to build, but it causes built products to be incorrectly installed in
841         engineering configurations.
842
843         Remove the setting of INSTALL_PATH from the pbxproj file so that the value specified in the xcconfig files is
844         used instead.
845
846         * JavaScriptCore.xcodeproj/project.pbxproj:
847
848 2014-08-26  Michael Saboff  <msaboff@apple.com>
849
850         [Win] 64-bit JavaScriptCore crashes on launch
851         https://bugs.webkit.org/show_bug.cgi?id=136241
852
853         Reviewed by Mark Lam.
854
855         * llint/LowLevelInterpreter.asm:
856         (vmEntryRecord): X86_64_WIN doesn't use "a0" (rax) for the first argument, it uses
857         "t2" (rcx).  Changed to get the input parameter using the correct register.
858
859 2014-08-26  Saam Barati  <sbarati@apple.com>
860
861         TypeSet caches structureIDs even after the corresponding Structure could be GCed
862         https://bugs.webkit.org/show_bug.cgi?id=136178
863
864         Reviewed by Geoffrey Garen.
865
866         Currently, TypeSet will never remove StructureIDs from its cache,
867         even after the corresponding Structures could be garbage collected.
868         Now, when the Garbage Collector collects, and type profiling is 
869         enabled, the Garbage Collector will invalidate all TypeSet caches.
870
871         * heap/Heap.cpp:
872         (JSC::Heap::collect):
873         * runtime/TypeSet.cpp:
874         (JSC::TypeSet::addTypeInformation):
875         (JSC::TypeSet::invalidateCache):
876         * runtime/TypeSet.h:
877         * runtime/VM.cpp:
878         (JSC::VM::invalidateTypeSetCache):
879         * runtime/VM.h:
880
881 2014-08-26  Michael Saboff  <msaboff@apple.com>
882
883         REGRESSION(r172794) + 32Bit build: for-in-base-reassigned-later-and-change-structure.js fail with NaN result
884         https://bugs.webkit.org/show_bug.cgi?id=136187
885
886         Reviewed by Mark Hahnenberg.
887
888         Added two arg version for 32 bit builds of callOperation(J_JITOperation_ECJ, ...) that
889         doesn't require a tag for the second argument, instead it fills in a CellTag.  This is
890         used for the slow case of the GetDirectPname case in SpeculativeJIT::compile since we
891         haven't set up a register with a tag and we know that argument 2 is a cell.
892
893         * dfg/DFGSpeculativeJIT.h:
894         (JSC::DFG::SpeculativeJIT::callOperation): New version with implicit CellTag.
895         * dfg/DFGSpeculativeJIT32_64.cpp:
896         (JSC::DFG::SpeculativeJIT::compile): Eliminated extraneous filling of the scratchGPR
897         with CellTag as it wasn't in the control flow for the slow path that needed the tag.
898         Instead changed to calling new version of callOperation with an implicit CellTag.
899
900 2014-08-26  Commit Queue  <commit-queue@webkit.org>
901
902         Unreviewed, rolling out r172940.
903         https://bugs.webkit.org/show_bug.cgi?id=136256
904
905         Caused assertions on fast/storage/serialized-script-
906         value.html, and possibly flakiness on more tests (Requested by
907         ap on #webkit).
908
909         Reverted changeset:
910
911         "FTL should be able to do polymorphic call inlining"
912         https://bugs.webkit.org/show_bug.cgi?id=135145
913         http://trac.webkit.org/changeset/172940
914
915 2014-08-26  Michael Saboff  <msaboff@apple.com>
916
917         REGRESSION(r172794) + 32Bit build: ASSERT failures in for-in-tests.js tests.
918         https://bugs.webkit.org/show_bug.cgi?id=136165
919
920         Reviewed by Mark Hahnenberg.
921
922         Changed switch case GetDirectPname: to always use the slow path for X86 since it only has
923         6 registers available, but the code requires 7.
924
925         * dfg/DFGSpeculativeJIT32_64.cpp:
926         (JSC::DFG::SpeculativeJIT::compile):
927
928 2014-08-25  Saam Barati  <sbarati@apple.com>
929
930         TypeProfiler search breaks on return statements
931         https://bugs.webkit.org/show_bug.cgi?id=136201
932
933         Reviewed by Filip Pizlo.
934
935         Searching for return statements in the TypeProfiler currently 
936         breaks down because it expected to see the search descriptor 
937         TypeProfilerSearchDescriptorFunctionReturn when looking for 
938         return statements in the actual source code of the program. 
939         But, TypeProfilerSearchDescriptorFunctionReturn search descriptor 
940         is reserved for looking for return statements that aren't in the 
941         actual source code of the program, but when asking for the 
942         aggregate return type of a function. Now, searching for 
943         return statements in the actual source code of the program will 
944         work when passing in the search descriptor TypeProfilerSearchDescriptorNormal.  
945
946         * bytecode/CodeBlock.cpp:
947         (JSC::CodeBlock::CodeBlock):
948         * runtime/TypeProfiler.cpp:
949         (JSC::TypeProfiler::findLocation):
950         (JSC::descriptorMatchesTypeLocation): Deleted.
951
952 2014-08-25  Saam Barati  <sbarati@apple.com>
953
954         Return statement TypeSet's might be duplicated
955         https://bugs.webkit.org/show_bug.cgi?id=136200
956
957         Reviewed by Filip Pizlo.
958
959         Currently, the globalTypeSet that converges the types of all 
960         return statements in a function lives off of CodeBlock. It lives 
961         off CodeBlock because of a faulty assumption that CodeBlock 
962         will have a one to one mapping with a function in the source 
963         text of the program. (Currently, there isn't an actual bug 
964         with this design because TypeLocationCache will hash cons to 
965         the same TypeLocation, but this is still an incorrect design). 
966         In this patch, the globalTypeSet for function return statements  
967         is moved to the FunctionExecutable object which does have a one 
968         to one mapping with functions in the source text of a program.
969
970         * bytecode/CodeBlock.cpp:
971         (JSC::CodeBlock::CodeBlock):
972         * bytecode/CodeBlock.h:
973         (JSC::CodeBlock::returnStatementTypeSet): Deleted.
974         * runtime/Executable.h:
975         (JSC::FunctionExecutable::returnStatementTypeSet):
976
977 2014-08-24  Filip Pizlo  <fpizlo@apple.com>
978
979         FTL should be able to do polymorphic call inlining
980         https://bugs.webkit.org/show_bug.cgi?id=135145
981
982         Reviewed by Geoffrey Garen.
983         
984         Added a log-based high-fidelity call edge profiler that runs in DFG JIT (and optionally
985         baseline JIT) code. Used it to do precise polymorphic inlining in the FTL. Potential
986         inlining sites use the call edge profile if it is available, but they will still fall back
987         on the call inline cache and rare case counts if it's not. Polymorphic inlining means that
988         multiple possible callees can be inlined with a switch to guard them. The slow path may
989         either be an OSR exit or a virtual call.
990         
991         The call edge profiling added in this patch is very precise - it will tell you about every
992         call that has ever happened. It took some effort to reduce the overhead of this profiling.
993         This mostly involved ensuring that we don't do it unnecessarily. For example, we avoid it
994         in the baseline JIT (you can conditionally enable it but it's off by default) and we only do
995         it in the DFG JIT if we know that the regular inline cache profiling wasn't precise enough.
996         I also experimented with reducing the precision of the profiling. This led to a significant
997         reduction in the speed-up, so I avoided this approach. I also explored making log processing
998         concurrent, but that didn't help. Also, I tested the overhead of the log processing and
999         found that most of the overhead of this profiling is actually in putting things into the log
1000         rather than in processing the log - that part appears to be surprisingly cheap.
1001         
1002         Polymorphic inlining could be enabled in the DFG if we enabled baseline call edge profiling,
1003         and if we guarded such inlining sites with some profiling mechanism to detect
1004         polyvariant monomorphisation opportunities (where the callsite being inlined reveals that
1005         it's actually monomorphic).
1006         
1007         This is a ~28% speed-up on deltablue and a ~7% speed-up on richards, with small speed-ups on
1008         other programs as well. It's about a 2% speed-up on Octane version 2, and never a regression
1009         on anything we care about. Some aggregates, like V8Spider, see a regression. This is
1010         highlighting the increase in profiling overhead. But since this doesn't show up on any major
1011         score (code-load or SunSpider), it's probably not relevant.
1012         
1013         * CMakeLists.txt:
1014         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1015         * JavaScriptCore.xcodeproj/project.pbxproj:
1016         * bytecode/CallEdge.cpp: Added.
1017         (JSC::CallEdge::dump):
1018         * bytecode/CallEdge.h: Added.
1019         (JSC::CallEdge::operator!):
1020         (JSC::CallEdge::callee):
1021         (JSC::CallEdge::count):
1022         (JSC::CallEdge::despecifiedClosure):
1023         (JSC::CallEdge::CallEdge):
1024         * bytecode/CallEdgeProfile.cpp: Added.
1025         (JSC::CallEdgeProfile::callEdges):
1026         (JSC::CallEdgeProfile::numCallsToKnownCells):
1027         (JSC::worthDespecifying):
1028         (JSC::CallEdgeProfile::worthDespecifying):
1029         (JSC::CallEdgeProfile::visitWeak):
1030         (JSC::CallEdgeProfile::addSlow):
1031         (JSC::CallEdgeProfile::mergeBack):
1032         (JSC::CallEdgeProfile::fadeByHalf):
1033         (JSC::CallEdgeLog::CallEdgeLog):
1034         (JSC::CallEdgeLog::~CallEdgeLog):
1035         (JSC::CallEdgeLog::isEnabled):
1036         (JSC::operationProcessCallEdgeLog):
1037         (JSC::CallEdgeLog::emitLogCode):
1038         (JSC::CallEdgeLog::processLog):
1039         * bytecode/CallEdgeProfile.h: Added.
1040         (JSC::CallEdgeProfile::numCallsToNotCell):
1041         (JSC::CallEdgeProfile::numCallsToUnknownCell):
1042         (JSC::CallEdgeProfile::totalCalls):
1043         * bytecode/CallEdgeProfileInlines.h: Added.
1044         (JSC::CallEdgeProfile::CallEdgeProfile):
1045         (JSC::CallEdgeProfile::add):
1046         * bytecode/CallLinkInfo.cpp:
1047         (JSC::CallLinkInfo::visitWeak):
1048         * bytecode/CallLinkInfo.h:
1049         * bytecode/CallLinkStatus.cpp:
1050         (JSC::CallLinkStatus::CallLinkStatus):
1051         (JSC::CallLinkStatus::computeFromLLInt):
1052         (JSC::CallLinkStatus::computeFor):
1053         (JSC::CallLinkStatus::computeExitSiteData):
1054         (JSC::CallLinkStatus::computeFromCallLinkInfo):
1055         (JSC::CallLinkStatus::computeFromCallEdgeProfile):
1056         (JSC::CallLinkStatus::computeDFGStatuses):
1057         (JSC::CallLinkStatus::isClosureCall):
1058         (JSC::CallLinkStatus::makeClosureCall):
1059         (JSC::CallLinkStatus::dump):
1060         (JSC::CallLinkStatus::function): Deleted.
1061         (JSC::CallLinkStatus::internalFunction): Deleted.
1062         (JSC::CallLinkStatus::intrinsicFor): Deleted.
1063         * bytecode/CallLinkStatus.h:
1064         (JSC::CallLinkStatus::CallLinkStatus):
1065         (JSC::CallLinkStatus::isSet):
1066         (JSC::CallLinkStatus::couldTakeSlowPath):
1067         (JSC::CallLinkStatus::edges):
1068         (JSC::CallLinkStatus::size):
1069         (JSC::CallLinkStatus::at):
1070         (JSC::CallLinkStatus::operator[]):
1071         (JSC::CallLinkStatus::canOptimize):
1072         (JSC::CallLinkStatus::canTrustCounts):
1073         (JSC::CallLinkStatus::isClosureCall): Deleted.
1074         (JSC::CallLinkStatus::callTarget): Deleted.
1075         (JSC::CallLinkStatus::executable): Deleted.
1076         (JSC::CallLinkStatus::makeClosureCall): Deleted.
1077         * bytecode/CallVariant.cpp: Added.
1078         (JSC::CallVariant::dump):
1079         * bytecode/CallVariant.h: Added.
1080         (JSC::CallVariant::CallVariant):
1081         (JSC::CallVariant::operator!):
1082         (JSC::CallVariant::despecifiedClosure):
1083         (JSC::CallVariant::rawCalleeCell):
1084         (JSC::CallVariant::internalFunction):
1085         (JSC::CallVariant::function):
1086         (JSC::CallVariant::isClosureCall):
1087         (JSC::CallVariant::executable):
1088         (JSC::CallVariant::nonExecutableCallee):
1089         (JSC::CallVariant::intrinsicFor):
1090         (JSC::CallVariant::functionExecutable):
1091         (JSC::CallVariant::isHashTableDeletedValue):
1092         (JSC::CallVariant::operator==):
1093         (JSC::CallVariant::operator!=):
1094         (JSC::CallVariant::operator<):
1095         (JSC::CallVariant::operator>):
1096         (JSC::CallVariant::operator<=):
1097         (JSC::CallVariant::operator>=):
1098         (JSC::CallVariant::hash):
1099         (JSC::CallVariant::deletedToken):
1100         (JSC::CallVariantHash::hash):
1101         (JSC::CallVariantHash::equal):
1102         * bytecode/CodeOrigin.h:
1103         (JSC::InlineCallFrame::isNormalCall):
1104         * bytecode/ExitKind.cpp:
1105         (JSC::exitKindToString):
1106         * bytecode/ExitKind.h:
1107         * bytecode/GetByIdStatus.cpp:
1108         (JSC::GetByIdStatus::computeForStubInfo):
1109         * bytecode/PutByIdStatus.cpp:
1110         (JSC::PutByIdStatus::computeForStubInfo):
1111         * dfg/DFGAbstractInterpreterInlines.h:
1112         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1113         * dfg/DFGBackwardsPropagationPhase.cpp:
1114         (JSC::DFG::BackwardsPropagationPhase::propagate):
1115         * dfg/DFGBasicBlock.cpp:
1116         (JSC::DFG::BasicBlock::~BasicBlock):
1117         * dfg/DFGBasicBlock.h:
1118         (JSC::DFG::BasicBlock::takeLast):
1119         (JSC::DFG::BasicBlock::didLink):
1120         * dfg/DFGByteCodeParser.cpp:
1121         (JSC::DFG::ByteCodeParser::processSetLocalQueue):
1122         (JSC::DFG::ByteCodeParser::removeLastNodeFromGraph):
1123         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
1124         (JSC::DFG::ByteCodeParser::addCall):
1125         (JSC::DFG::ByteCodeParser::handleCall):
1126         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
1127         (JSC::DFG::ByteCodeParser::undoFunctionChecks):
1128         (JSC::DFG::ByteCodeParser::inliningCost):
1129         (JSC::DFG::ByteCodeParser::inlineCall):
1130         (JSC::DFG::ByteCodeParser::cancelLinkingForBlock):
1131         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
1132         (JSC::DFG::ByteCodeParser::handleInlining):
1133         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1134         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
1135         (JSC::DFG::ByteCodeParser::clearCaches):
1136         (JSC::DFG::ByteCodeParser::parseBlock):
1137         (JSC::DFG::ByteCodeParser::linkBlock):
1138         (JSC::DFG::ByteCodeParser::linkBlocks):
1139         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1140         * dfg/DFGCPSRethreadingPhase.cpp:
1141         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
1142         * dfg/DFGClobberize.h:
1143         (JSC::DFG::clobberize):
1144         * dfg/DFGCommon.h:
1145         * dfg/DFGConstantFoldingPhase.cpp:
1146         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1147         * dfg/DFGDoesGC.cpp:
1148         (JSC::DFG::doesGC):
1149         * dfg/DFGDriver.cpp:
1150         (JSC::DFG::compileImpl):
1151         * dfg/DFGFixupPhase.cpp:
1152         (JSC::DFG::FixupPhase::fixupNode):
1153         * dfg/DFGGraph.cpp:
1154         (JSC::DFG::Graph::dump):
1155         (JSC::DFG::Graph::visitChildren):
1156         * dfg/DFGJITCompiler.cpp:
1157         (JSC::DFG::JITCompiler::link):
1158         * dfg/DFGLazyJSValue.cpp:
1159         (JSC::DFG::LazyJSValue::switchLookupValue):
1160         * dfg/DFGLazyJSValue.h:
1161         (JSC::DFG::LazyJSValue::switchLookupValue): Deleted.
1162         * dfg/DFGNode.cpp:
1163         (WTF::printInternal):
1164         * dfg/DFGNode.h:
1165         (JSC::DFG::OpInfo::OpInfo):
1166         (JSC::DFG::Node::hasHeapPrediction):
1167         (JSC::DFG::Node::hasCellOperand):
1168         (JSC::DFG::Node::cellOperand):
1169         (JSC::DFG::Node::setCellOperand):
1170         (JSC::DFG::Node::canBeKnownFunction): Deleted.
1171         (JSC::DFG::Node::hasKnownFunction): Deleted.
1172         (JSC::DFG::Node::knownFunction): Deleted.
1173         (JSC::DFG::Node::giveKnownFunction): Deleted.
1174         (JSC::DFG::Node::hasFunction): Deleted.
1175         (JSC::DFG::Node::function): Deleted.
1176         (JSC::DFG::Node::hasExecutable): Deleted.
1177         (JSC::DFG::Node::executable): Deleted.
1178         * dfg/DFGNodeType.h:
1179         * dfg/DFGPhantomCanonicalizationPhase.cpp:
1180         (JSC::DFG::PhantomCanonicalizationPhase::run):
1181         * dfg/DFGPhantomRemovalPhase.cpp:
1182         (JSC::DFG::PhantomRemovalPhase::run):
1183         * dfg/DFGPredictionPropagationPhase.cpp:
1184         (JSC::DFG::PredictionPropagationPhase::propagate):
1185         * dfg/DFGSafeToExecute.h:
1186         (JSC::DFG::safeToExecute):
1187         * dfg/DFGSpeculativeJIT.cpp:
1188         (JSC::DFG::SpeculativeJIT::emitSwitch):
1189         * dfg/DFGSpeculativeJIT32_64.cpp:
1190         (JSC::DFG::SpeculativeJIT::emitCall):
1191         (JSC::DFG::SpeculativeJIT::compile):
1192         * dfg/DFGSpeculativeJIT64.cpp:
1193         (JSC::DFG::SpeculativeJIT::emitCall):
1194         (JSC::DFG::SpeculativeJIT::compile):
1195         * dfg/DFGStructureRegistrationPhase.cpp:
1196         (JSC::DFG::StructureRegistrationPhase::run):
1197         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1198         (JSC::DFG::TierUpCheckInjectionPhase::run):
1199         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling):
1200         * dfg/DFGValidate.cpp:
1201         (JSC::DFG::Validate::validate):
1202         * dfg/DFGWatchpointCollectionPhase.cpp:
1203         (JSC::DFG::WatchpointCollectionPhase::handle):
1204         * ftl/FTLCapabilities.cpp:
1205         (JSC::FTL::canCompile):
1206         * ftl/FTLLowerDFGToLLVM.cpp:
1207         (JSC::FTL::ftlUnreachable):
1208         (JSC::FTL::LowerDFGToLLVM::lower):
1209         (JSC::FTL::LowerDFGToLLVM::compileNode):
1210         (JSC::FTL::LowerDFGToLLVM::compileCheckCell):
1211         (JSC::FTL::LowerDFGToLLVM::compileCheckBadCell):
1212         (JSC::FTL::LowerDFGToLLVM::compileGetExecutable):
1213         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
1214         (JSC::FTL::LowerDFGToLLVM::compileSwitch):
1215         (JSC::FTL::LowerDFGToLLVM::buildSwitch):
1216         (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): Deleted.
1217         (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): Deleted.
1218         * heap/Heap.cpp:
1219         (JSC::Heap::collect):
1220         * jit/AssemblyHelpers.h:
1221         (JSC::AssemblyHelpers::storeValue):
1222         (JSC::AssemblyHelpers::loadValue):
1223         * jit/CCallHelpers.h:
1224         (JSC::CCallHelpers::setupArguments):
1225         * jit/GPRInfo.h:
1226         (JSC::JSValueRegs::uses):
1227         * jit/JITCall.cpp:
1228         (JSC::JIT::compileOpCall):
1229         * jit/JITCall32_64.cpp:
1230         (JSC::JIT::compileOpCall):
1231         * runtime/Options.h:
1232         * runtime/VM.cpp:
1233         (JSC::VM::ensureCallEdgeLog):
1234         * runtime/VM.h:
1235         * tests/stress/new-array-then-exit.js: Added.
1236         (foo):
1237         * tests/stress/poly-call-exit-this.js: Added.
1238         * tests/stress/poly-call-exit.js: Added.
1239
1240 2014-08-22  Michael Saboff  <msaboff@apple.com>
1241
1242         After r172867 another crash in in js/dom/line-column-numbers.html
1243         https://bugs.webkit.org/show_bug.cgi?id=136192
1244
1245         Reviewed by Geoffrey Garen.
1246
1247         In lookupExceptionHandlerFromCallerFrame(), We need to use the caller's CallFrame
1248         and VMEntryFrame when calling genericUnwind().  NativeCallFrameTracerWithRestore()
1249         does that for us.
1250
1251         In general, NativeCallFrameTracerWithRestore(), restores the values because we may
1252         do more processing that requires the current callFrame and vmEntryFrame before we
1253         get to the catch handler where we change these to the catch values.  In this
1254         particular case, that restoration isn't currently needed, but we add complexity
1255         and possible future confusion if we create another NativeCallFrameTracerXXX()
1256         version that doesn't restore the values.
1257
1258         * jit/JITOperations.cpp:
1259         (JSC::lookupExceptionHandlerFromCallerFrame): Changed NativeCallFrameTracer() to
1260         NativeCallFrameTracerWithRestore() so that VM::topVMEntryFrame will be updated
1261         before calling genericUnwind().
1262
1263 2014-08-24  Brian J. Burg  <burg@cs.washington.edu>
1264
1265         Web Inspector: rename Inspector::TypeBuilder to Inspector::Protocol
1266         https://bugs.webkit.org/show_bug.cgi?id=136031
1267
1268         Reviewed by Timothy Hatcher.
1269
1270         Rename TypeBuilder namespace to Protocol. Disambiguate where
1271         necessary. Also rename InspectorTypeBuilder to ProtocolTypes.
1272
1273         * CMakeLists.txt:
1274         * DerivedSources.make:
1275         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1276         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1277         * JavaScriptCore.vcxproj/copy-files.cmd:
1278         * JavaScriptCore.xcodeproj/project.pbxproj:
1279         * inspector/ConsoleMessage.cpp:
1280         (Inspector::messageSourceValue):
1281         (Inspector::messageTypeValue):
1282         (Inspector::messageLevelValue):
1283         (Inspector::ConsoleMessage::addToFrontend):
1284         * inspector/ContentSearchUtilities.cpp:
1285         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1286         (Inspector::ContentSearchUtilities::searchInTextByLines):
1287         * inspector/ContentSearchUtilities.h:
1288         * inspector/InjectedScript.cpp:
1289         (Inspector::InjectedScript::evaluate):
1290         (Inspector::InjectedScript::callFunctionOn):
1291         (Inspector::InjectedScript::evaluateOnCallFrame):
1292         (Inspector::InjectedScript::getFunctionDetails):
1293         (Inspector::InjectedScript::getProperties):
1294         (Inspector::InjectedScript::getInternalProperties):
1295         (Inspector::InjectedScript::wrapCallFrames):
1296         (Inspector::InjectedScript::wrapObject):
1297         (Inspector::InjectedScript::wrapTable):
1298         * inspector/InjectedScript.h:
1299         * inspector/InjectedScriptBase.cpp:
1300         (Inspector::InjectedScriptBase::makeEvalCall):
1301         * inspector/InjectedScriptBase.h:
1302         * inspector/InspectorTypeBuilder.h: Removed.
1303         * inspector/ScriptCallFrame.cpp:
1304         (Inspector::ScriptCallFrame::buildInspectorObject):
1305         * inspector/ScriptCallFrame.h:
1306         * inspector/ScriptCallStack.cpp:
1307         (Inspector::ScriptCallStack::buildInspectorArray):
1308         * inspector/ScriptCallStack.h:
1309         * inspector/agents/InspectorAgent.cpp:
1310         (Inspector::InspectorAgent::inspect):
1311         * inspector/agents/InspectorAgent.h:
1312         * inspector/agents/InspectorDebuggerAgent.cpp:
1313         (Inspector::breakpointActionTypeForString):
1314         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1315         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1316         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1317         (Inspector::InspectorDebuggerAgent::searchInContent):
1318         (Inspector::InspectorDebuggerAgent::getFunctionDetails):
1319         (Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):
1320         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1321         (Inspector::InspectorDebuggerAgent::didParseSource):
1322         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1323         * inspector/agents/InspectorDebuggerAgent.h:
1324         * inspector/agents/InspectorProfilerAgent.cpp:
1325         (Inspector::InspectorProfilerAgent::createProfileHeader):
1326         (Inspector::InspectorProfilerAgent::getProfileHeaders):
1327         (Inspector::buildInspectorObject):
1328         (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
1329         (Inspector::InspectorProfilerAgent::getCPUProfile):
1330         * inspector/agents/InspectorProfilerAgent.h:
1331         * inspector/agents/InspectorRuntimeAgent.cpp:
1332         (Inspector::buildErrorRangeObject):
1333         (Inspector::InspectorRuntimeAgent::parse):
1334         (Inspector::InspectorRuntimeAgent::evaluate):
1335         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1336         (Inspector::InspectorRuntimeAgent::getProperties):
1337         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1338         * inspector/agents/InspectorRuntimeAgent.h:
1339         * inspector/scripts/codegen/__init__.py:
1340         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
1341         (BackendDispatcherHeaderGenerator.generate_output):
1342         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
1343         (BackendDispatcherImplementationGenerator._generate_async_dispatcher_class_for_domain):
1344         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1345         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
1346         (FrontendDispatcherHeaderGenerator.generate_output):
1347         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
1348         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1349         * inspector/scripts/codegen/generate_type_builder_header.py: Removed.
1350         * inspector/scripts/codegen/generate_type_builder_implementation.py: Removed.
1351         * inspector/scripts/codegen/generator.py:
1352         (Generator.protocol_type_string_for_type):
1353         (Generator.protocol_type_string_for_type_member):
1354         (Generator.type_string_for_type_with_name):
1355         (Generator.type_string_for_formal_out_parameter):
1356         (Generator.type_string_for_formal_async_parameter):
1357         (Generator.type_string_for_stack_in_parameter):
1358         (Generator.type_string_for_stack_out_parameter):
1359         (Generator.assertion_method_for_type_member.assertion_method_for_type):
1360         (Generator.assertion_method_for_type_member):
1361         (Generator.type_builder_string_for_type): Deleted.
1362         (Generator.type_builder_string_for_type_member): Deleted.
1363         * inspector/scripts/codegen/generator_templates.py:
1364         (Inspector):
1365         * inspector/scripts/generate-inspector-protocol-bindings.py:
1366         (generate_from_specification):
1367         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1368         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1369         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1370         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1371         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1372         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1373         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1374         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1375         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1376         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1377         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1378         * runtime/HighFidelityTypeProfiler.cpp:
1379         (JSC::HighFidelityTypeProfiler::getTypesForVariableAtOffsetForInspector):
1380         * runtime/HighFidelityTypeProfiler.h:
1381         * runtime/TypeSet.cpp:
1382         (JSC::TypeSet::allPrimitiveTypeNames):
1383         (JSC::TypeSet::allStructureRepresentations):
1384         (JSC::StructureShape::inspectorRepresentation):
1385         * runtime/TypeSet.h:
1386
1387 2014-08-24  Brian J. Burg  <burg@cs.washington.edu>
1388
1389         Web Inspector: Rename DOM.RGBA and remove workarounds in the bindings generator
1390         https://bugs.webkit.org/show_bug.cgi?id=136025
1391
1392         Reviewed by Joseph Pecoraro.
1393
1394         This workaround can be removed since it is no longer necessary.
1395
1396         * inspector/scripts/codegen/models.py:
1397         (TypeReference.__init__):
1398         (Type.raw_name):
1399         (TypeDeclaration.__init__):
1400         * inspector/scripts/tests/type-declaration-object-type.json: Remove related test input.
1401         * inspector/scripts/tests/expected/type-declaration-object-type.json-result: Rebaseline.
1402
1403 2014-08-23  Joseph Pecoraro  <pecoraro@apple.com>
1404
1405         Web Inspector: Do not copy large module source strings
1406         https://bugs.webkit.org/show_bug.cgi?id=136191
1407
1408         Reviewed by Benjamin Poulain.
1409
1410         * inspector/InjectedScriptManager.cpp:
1411         (Inspector::InjectedScriptManager::injectedScriptSource):
1412
1413 2014-08-21  Michael Saboff  <msaboff@apple.com>
1414
1415         REGRESSION(r163179): Sporadic crash in js/dom/line-column-numbers.html test
1416         https://bugs.webkit.org/show_bug.cgi?id=136111
1417
1418         Reviewed by Filip Pizlo.
1419
1420         The problem was that we weren't properly handling VM::topVMEntryFrame in two ways.
1421
1422         First in the case where we get an exception of a stack overflow during setup of the direct
1423         callee frame of a VM entry frame, we need to throw the exception in the caller's frame.
1424         This requires unrolling topVMEntryFrame while creating the exception object.  This is
1425         accomplished with the renamed NativeCallFrameTracerWithRestore object.  As part of this,
1426         split the JIT rollback exception handling to call a new helper,
1427         callLookupExceptionHandlerFromCallerFrame, which will unroll the callFrame and VMEntryFrame.
1428
1429         Second, when we unwind to find a handler, we also need to unwind topVMCallFrame for the
1430         case where we end up (re)throwing another exception after entering the catch block, but
1431         before another vmEntry call.  Added VM::vmEntryFrameForThrow as a way similar to
1432         VM::callFrameForThrow to pass the appropriate VMENtryFrame to the catch block.
1433
1434
1435         * dfg/DFGJITCompiler.cpp:
1436         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1437         * ftl/FTLCompile.cpp:
1438         (JSC::FTL::fixFunctionBasedOnStackMaps):
1439         * jit/JIT.cpp:
1440         (JSC::JIT::privateCompileExceptionHandlers):
1441         Split out the unroll cases to use the new helper callLookupExceptionHandlerFromCallerFrame()
1442         to unwind both the callFrame and topVMEntryFrame.
1443
1444         * interpreter/Interpreter.cpp:
1445         (JSC::UnwindFunctor::UnwindFunctor):
1446         (JSC::UnwindFunctor::operator()):
1447         (JSC::Interpreter::unwind):
1448         * jit/JITExceptions.cpp:
1449         (JSC::genericUnwind):
1450         Added VMEntryFrame as another component to unwind.
1451
1452         * interpreter/Interpreter.h:
1453         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
1454         (JSC::NativeCallFrameTracerWithRestore::NativeCallFrameTracerWithRestore):
1455         (JSC::NativeCallFrameTracerWithRestore::~NativeCallFrameTracerWithRestore):
1456         Renamed and changed to save and restore topCallFrame and topVMEntryFrame around the setting of
1457         both values.
1458
1459         * interpreter/StackVisitor.cpp:
1460         (JSC::StackVisitor::gotoNextFrame):
1461         (JSC::StackVisitor::readNonInlinedFrame):
1462         * interpreter/StackVisitor.h:
1463         (JSC::StackVisitor::Frame::vmEntryFrame):
1464         Added code to unwind the VMEntryFrame.
1465
1466         * jit/CCallHelpers.h:
1467         (JSC::CCallHelpers::jumpToExceptionHandler): Updated comment to indicate that the value
1468         the handler should use for VM::topEntryFrame is in VM::vmEntryFrameForThrow.
1469
1470         * jit/JITOpcodes.cpp:
1471         (JSC::JIT::emit_op_catch):
1472         * jit/JITOpcodes32_64.cpp:
1473         (JSC::JIT::emit_op_catch):
1474         * llint/LowLevelInterpreter32_64.asm:
1475         * llint/LowLevelInterpreter64.asm:
1476         Added code to update VM::topVMEntryFrame from VM::vmEntryFrameForThrowOffset.
1477
1478         * jit/JITOperations.cpp:
1479         * jit/JITOperations.h:
1480         (JSC::operationThrowStackOverflowError):
1481         (JSC::operationCallArityCheck):
1482         (JSC::operationConstructArityCheck):
1483
1484         * runtime/VM.h:
1485         (JSC::VM::vmEntryFrameForThrowOffset):
1486         (JSC::VM::topVMEntryFrameOffset):
1487         Added as the side channel to return the topVMEntryFrame that the handler should use.
1488
1489 2014-08-22  Daniel Bates  <dabates@apple.com>
1490
1491         [iOS] Disable ENABLE_IOS_{GESTURE, TOUCH}_EVENTS, and temporarily disable ENABLE_TOUCH_EVENTS
1492         and ENABLE_XSLT when building with the iOS public SDK
1493         https://bugs.webkit.org/show_bug.cgi?id=135945
1494
1495         Reviewed by Andy Estes.
1496
1497         * Configurations/FeatureDefines.xcconfig:
1498
1499 2014-08-22  Jon Lee  <jonlee@apple.com>
1500
1501         Fix iOS build due to r172832 and move RUBBER_BANDING out of FeatureDefines.h
1502         https://bugs.webkit.org/show_bug.cgi?id=136157
1503
1504         Reviewed by Simon Fraser.
1505
1506         * Configurations/FeatureDefines.xcconfig: Add ENABLE(RUBBER_BANDING).
1507
1508 2014-08-21  Mark Lam  <mark.lam@apple.com>
1509
1510         r171362 accidentally increased the size of InlineCallFrame.
1511         <https://webkit.org/b/136141>
1512
1513         Reviewed by Filip Pizlo.
1514
1515         r171362 increased the size of InlineCallFrame::kind to 2 bits.  This increased
1516         the size of InlineCallFrame from 72 to 80 though not intentionally.  The fix
1517         is to reduce the size of InlineCallFrame::stackOffset to 29 bits.
1518
1519         Also added an assert to ensure that we never set a value that exceeds the size
1520         of InlineCallFrame::stackOffset.
1521
1522         * bytecode/CodeOrigin.h:
1523         (JSC::InlineCallFrame::setStackOffset):
1524         * dfg/DFGByteCodeParser.cpp:
1525         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1526
1527 2014-08-21  Joseph Pecoraro  <pecoraro@apple.com>
1528
1529         Web Inspector: RetainPtr misuse, CFRunLoopSource leak
1530         https://bugs.webkit.org/show_bug.cgi?id=136143
1531
1532         Reviewed by Timothy Hatcher.
1533
1534         Adopt a Create into the RetainPtr to avoid leaking.
1535
1536         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1537         (Inspector::RemoteInspectorDebuggableConnection::setupRunLoop):
1538
1539 2014-08-21  Mark Lam  <mark.lam@apple.com>
1540
1541         REGRESSION(r172808): It made 6 different tests fail on 32 bit platforms.
1542         <https://webkit.org/b/136123>
1543
1544         Reviewed by Filip Pizlo.
1545
1546         The original patch in r172808 removed the code to skip the top scope in
1547         the 64-bit port of JIT::emitResolveClosure() but not in the 32-bit port.
1548         This patch fixes that and achieves parity.
1549
1550         * jit/JITPropertyAccess32_64.cpp:
1551         (JSC::JIT::emitResolveClosure):
1552
1553 2014-08-21  Zalan Bujtas  <zalan@apple.com>
1554
1555         Enable SATURATED_LAYOUT_ARITHMETIC.
1556         https://bugs.webkit.org/show_bug.cgi?id=136106
1557
1558         Reviewed by Simon Fraser.
1559
1560         SATURATED_LAYOUT_ARITHMETIC protects LayoutUnit against arithmetic overflow.
1561         (No measurable performance regression on Mac.)
1562
1563         * Configurations/FeatureDefines.xcconfig:
1564
1565 2014-08-20  Saam Barati  <sbarati@apple.com>
1566
1567         Fix how CodeBlock dumps the opcode op_profile_type
1568         https://bugs.webkit.org/show_bug.cgi?id=136088
1569
1570         Reviewed by Filip Pizlo.
1571
1572         op_profile_type was modified to receive two extra arguments,
1573         but its dump in CodeBlock::dumpBytecode wasn't changed to 
1574         account for this, so it broke CodeBlock::dumpBytecode when
1575         op_profile_type was in the stream of bytecode instructions.
1576         CodeBlock::dumpBytecode now accounts for the change in 
1577         op_profile_type's arity.
1578
1579         * bytecode/CodeBlock.cpp:
1580         (JSC::CodeBlock::dumpBytecode):
1581
1582 2014-08-20  Saam Barati  <sbarati@apple.com>
1583
1584         Rename HighFidelityTypeProfiling variables for more clarity
1585         https://bugs.webkit.org/show_bug.cgi?id=135899
1586
1587         Reviewed by Geoffrey Garen.
1588
1589         Many names that are used in the type profiling infrastructure
1590         prefix themselves with "HighFidelity" or include the words "high"
1591         and/or "fidelity" in some way. But the words "high" and "fidelity" don't 
1592         add anything descriptive to the names surrounding type profiling. 
1593         So this patch removes all uses of "HighFidelity" and its variants.
1594
1595         Most renamings change "HighFidelity*" to "TypeProfiler*" or simply 
1596         drop the prefix "HighFidelity" all together. Now, almost all names 
1597         in relation to type profiling contain in them "TypeProfiler" or 
1598         "TypeProfiling" or some combination of the words "type" and "profile".
1599
1600         This patch also changes how we check if type profiling is enabled:
1601         We no longer call vm::isProfilingTypesWithHighFidelity. We now just 
1602         check that vm::typeProfiler is not null.
1603
1604         This patch also changes all calls to TypeProfilerLog::processLogEntries
1605         to use ASCIILiteral to form WTFStrings instead of vanilla C string literals.
1606
1607         * CMakeLists.txt:
1608         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1609         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1610         * JavaScriptCore.xcodeproj/project.pbxproj:
1611         * bytecode/BytecodeList.json:
1612         * bytecode/BytecodeUseDef.h:
1613         (JSC::computeUsesForBytecodeOffset):
1614         (JSC::computeDefsForBytecodeOffset):
1615         * bytecode/CodeBlock.cpp:
1616         (JSC::CodeBlock::dumpBytecode):
1617         (JSC::CodeBlock::CodeBlock):
1618         * bytecode/TypeLocation.h:
1619         * bytecode/UnlinkedCodeBlock.cpp:
1620         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1621         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
1622         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
1623         (JSC::UnlinkedCodeBlock::highFidelityTypeProfileExpressionInfoForBytecodeOffset): Deleted.
1624         (JSC::UnlinkedCodeBlock::addHighFidelityTypeProfileExpressionInfo): Deleted.
1625         * bytecode/UnlinkedCodeBlock.h:
1626         (JSC::UnlinkedFunctionExecutable::typeProfilingStartOffset):
1627         (JSC::UnlinkedFunctionExecutable::typeProfilingEndOffset):
1628         (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingStartOffset): Deleted.
1629         (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingEndOffset): Deleted.
1630         * bytecompiler/BytecodeGenerator.cpp:
1631         (JSC::BytecodeGenerator::generate):
1632         (JSC::BytecodeGenerator::BytecodeGenerator):
1633         (JSC::BytecodeGenerator::emitMove):
1634         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
1635         (JSC::BytecodeGenerator::emitProfileType):
1636         (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo): Deleted.
1637         (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): Deleted.
1638         * bytecompiler/BytecodeGenerator.h:
1639         (JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity): Deleted.
1640         * bytecompiler/NodesCodegen.cpp:
1641         (JSC::ThisNode::emitBytecode):
1642         (JSC::ResolveNode::emitBytecode):
1643         (JSC::BracketAccessorNode::emitBytecode):
1644         (JSC::DotAccessorNode::emitBytecode):
1645         (JSC::FunctionCallValueNode::emitBytecode):
1646         (JSC::FunctionCallResolveNode::emitBytecode):
1647         (JSC::FunctionCallBracketNode::emitBytecode):
1648         (JSC::FunctionCallDotNode::emitBytecode):
1649         (JSC::CallFunctionCallDotNode::emitBytecode):
1650         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1651         (JSC::PostfixNode::emitResolve):
1652         (JSC::PostfixNode::emitBracket):
1653         (JSC::PostfixNode::emitDot):
1654         (JSC::PrefixNode::emitResolve):
1655         (JSC::PrefixNode::emitBracket):
1656         (JSC::PrefixNode::emitDot):
1657         (JSC::ReadModifyResolveNode::emitBytecode):
1658         (JSC::AssignResolveNode::emitBytecode):
1659         (JSC::AssignDotNode::emitBytecode):
1660         (JSC::ReadModifyDotNode::emitBytecode):
1661         (JSC::AssignBracketNode::emitBytecode):
1662         (JSC::ReadModifyBracketNode::emitBytecode):
1663         (JSC::ConstDeclNode::emitCodeSingle):
1664         (JSC::EmptyVarExpression::emitBytecode):
1665         (JSC::ReturnNode::emitBytecode):
1666         (JSC::FunctionBodyNode::emitBytecode):
1667         * heap/Heap.cpp:
1668         (JSC::Heap::collect):
1669         * inspector/agents/InspectorRuntimeAgent.cpp:
1670         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1671         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1672         (Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
1673         (Inspector::InspectorRuntimeAgent::enableTypeProfiler):
1674         (Inspector::InspectorRuntimeAgent::disableTypeProfiler):
1675         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
1676         (Inspector::InspectorRuntimeAgent::enableHighFidelityTypeProfiling): Deleted.
1677         (Inspector::InspectorRuntimeAgent::disableHighFidelityTypeProfiling): Deleted.
1678         (Inspector::InspectorRuntimeAgent::setHighFidelityTypeProfilingEnabledState): Deleted.
1679         * inspector/agents/InspectorRuntimeAgent.h:
1680         * inspector/protocol/Runtime.json:
1681         * jit/JIT.cpp:
1682         (JSC::JIT::privateCompileMainPass):
1683         (JSC::JIT::privateCompile):
1684         * jit/JIT.h:
1685         * jit/JITOpcodes.cpp:
1686         (JSC::JIT::emit_op_profile_type):
1687         (JSC::JIT::emit_op_profile_types_with_high_fidelity): Deleted.
1688         * jit/JITOpcodes32_64.cpp:
1689         (JSC::JIT::emit_op_profile_type):
1690         (JSC::JIT::emit_op_profile_types_with_high_fidelity): Deleted.
1691         * jit/JITOperations.cpp:
1692         * jsc.cpp:
1693         (functionDumpTypesForAllVariables):
1694         * llint/LLIntSlowPaths.cpp:
1695         * llint/LowLevelInterpreter.asm:
1696         * runtime/CodeCache.cpp:
1697         (JSC::CodeCache::getGlobalCodeBlock):
1698         * runtime/CommonSlowPaths.cpp:
1699         (JSC::SLOW_PATH_DECL):
1700         * runtime/CommonSlowPaths.h:
1701         * runtime/Executable.cpp:
1702         (JSC::ScriptExecutable::ScriptExecutable):
1703         (JSC::ProgramExecutable::ProgramExecutable):
1704         (JSC::FunctionExecutable::FunctionExecutable):
1705         (JSC::ProgramExecutable::initializeGlobalProperties):
1706         * runtime/Executable.h:
1707         (JSC::ScriptExecutable::typeProfilingStartOffset):
1708         (JSC::ScriptExecutable::typeProfilingEndOffset):
1709         (JSC::ScriptExecutable::highFidelityTypeProfilingStartOffset): Deleted.
1710         (JSC::ScriptExecutable::highFidelityTypeProfilingEndOffset): Deleted.
1711         * runtime/HighFidelityLog.cpp: Removed.
1712         * runtime/HighFidelityLog.h: Removed.
1713         * runtime/HighFidelityTypeProfiler.cpp: Removed.
1714         * runtime/HighFidelityTypeProfiler.h: Removed.
1715         * runtime/Options.h:
1716         * runtime/SymbolTable.cpp:
1717         (JSC::SymbolTable::prepareForTypeProfiling):
1718         (JSC::SymbolTable::uniqueIDForVariable):
1719         (JSC::SymbolTable::uniqueIDForRegister):
1720         (JSC::SymbolTable::prepareForHighFidelityTypeProfiling): Deleted.
1721         * runtime/SymbolTable.h:
1722         * runtime/TypeProfiler.cpp: Added.
1723         (JSC::TypeProfiler::logTypesForTypeLocation):
1724         (JSC::TypeProfiler::insertNewLocation):
1725         (JSC::TypeProfiler::getTypesForVariableAtOffsetForInspector):
1726         (JSC::descriptorMatchesTypeLocation):
1727         (JSC::TypeProfiler::findLocation):
1728         * runtime/TypeProfiler.h: Added.
1729         (JSC::QueryKey::QueryKey):
1730         (JSC::QueryKey::isHashTableDeletedValue):
1731         (JSC::QueryKey::operator==):
1732         (JSC::QueryKey::hash):
1733         (JSC::QueryKeyHash::hash):
1734         (JSC::QueryKeyHash::equal):
1735         (JSC::TypeProfiler::functionHasExecutedCache):
1736         (JSC::TypeProfiler::typeLocationCache):
1737         * runtime/TypeProfilerLog.cpp: Added.
1738         (JSC::TypeProfilerLog::initializeLog):
1739         (JSC::TypeProfilerLog::~TypeProfilerLog):
1740         (JSC::TypeProfilerLog::processLogEntries):
1741         * runtime/TypeProfilerLog.h: Added.
1742         (JSC::TypeProfilerLog::LogEntry::structureIDOffset):
1743         (JSC::TypeProfilerLog::LogEntry::valueOffset):
1744         (JSC::TypeProfilerLog::LogEntry::locationOffset):
1745         (JSC::TypeProfilerLog::TypeProfilerLog):
1746         (JSC::TypeProfilerLog::recordTypeInformationForLocation):
1747         (JSC::TypeProfilerLog::logEndPtr):
1748         (JSC::TypeProfilerLog::logStartOffset):
1749         (JSC::TypeProfilerLog::currentLogEntryOffset):
1750         * runtime/VM.cpp:
1751         (JSC::VM::VM):
1752         (JSC::VM::enableTypeProfiler):
1753         (JSC::VM::disableTypeProfiler):
1754         (JSC::VM::dumpTypeProfilerData):
1755         (JSC::VM::enableHighFidelityTypeProfiling): Deleted.
1756         (JSC::VM::disableHighFidelityTypeProfiling): Deleted.
1757         (JSC::VM::dumpHighFidelityProfilingTypes): Deleted.
1758         * runtime/VM.h:
1759         (JSC::VM::typeProfilerLog):
1760         (JSC::VM::typeProfiler):
1761         (JSC::VM::isProfilingTypesWithHighFidelity): Deleted.
1762         (JSC::VM::highFidelityLog): Deleted.
1763         (JSC::VM::highFidelityTypeProfiler): Deleted.
1764
1765 2014-08-20  Csaba Osztrogonác  <ossy@webkit.org>
1766
1767         URTBF after r172799.
1768
1769         * disassembler/ARM64/A64DOpcode.cpp:
1770         * disassembler/ARM64Disassembler.cpp:
1771
1772 2014-08-20  Oliver Hunt  <oliver@apple.com>
1773
1774         Stop implicitly skipping a function's own activation when walking the scope chain
1775         https://bugs.webkit.org/show_bug.cgi?id=136118
1776
1777         Reviewed by Geoffrey Garen.
1778
1779         Remove the current logic that implicitly skips a function's
1780         own activation when walking the scope chain. This is ground
1781         work for ensuring that all closed variable access is made
1782         through the function's activation. This leads to a further
1783         10% regression on earley, but we're already tracking the
1784         overall performance regression.
1785
1786         * bytecode/CodeBlock.cpp:
1787         (JSC::CodeBlock::CodeBlock):
1788         * dfg/DFGAbstractInterpreterInlines.h:
1789         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1790         * dfg/DFGByteCodeParser.cpp:
1791         (JSC::DFG::ByteCodeParser::getScope):
1792         (JSC::DFG::ByteCodeParser::parseBlock):
1793         * dfg/DFGClobberize.h:
1794         (JSC::DFG::clobberize):
1795         * dfg/DFGDoesGC.cpp:
1796         (JSC::DFG::doesGC):
1797         * dfg/DFGFixupPhase.cpp:
1798         (JSC::DFG::FixupPhase::fixupNode):
1799         * dfg/DFGHeapLocation.cpp:
1800         (WTF::printInternal):
1801         * dfg/DFGHeapLocation.h:
1802         * dfg/DFGNodeType.h:
1803         * dfg/DFGPredictionPropagationPhase.cpp:
1804         (JSC::DFG::PredictionPropagationPhase::propagate):
1805         * dfg/DFGSafeToExecute.h:
1806         (JSC::DFG::safeToExecute):
1807         * dfg/DFGSpeculativeJIT32_64.cpp:
1808         (JSC::DFG::SpeculativeJIT::compile):
1809         * dfg/DFGSpeculativeJIT64.cpp:
1810         (JSC::DFG::SpeculativeJIT::compile):
1811         * jit/JITPropertyAccess.cpp:
1812         (JSC::JIT::emitResolveClosure):
1813         * llint/LowLevelInterpreter32_64.asm:
1814         * llint/LowLevelInterpreter64.asm:
1815         * runtime/JSScope.cpp:
1816         (JSC::JSScope::abstractResolve):
1817         * runtime/JSScope.h:
1818
1819 2014-08-20  Michael Saboff  <msaboff@apple.com>
1820
1821         REGRESSION: Web Inspector crashes when reloading apple.com with Timeline recording active
1822         https://bugs.webkit.org/show_bug.cgi?id=136034
1823
1824         Reviewed by Mark Lam.
1825
1826         DebuggerCallFrame::positionForCallFrame is trying to unwind starting somewhere in the middle
1827         of the stack.  Hardened StackVisitor to skip over the frames between the current top frame
1828         and the requested start frame.
1829
1830         * interpreter/StackVisitor.cpp:
1831         (JSC::StackVisitor::StackVisitor):
1832
1833 2014-08-20  Brent Fulgham  <bfulgham@apple.com>
1834
1835         [Win] JavaScriptCore.dll is missing version information.
1836         https://bugs.webkit.org/show_bug.cgi?id=136105
1837         <rdar://problem/18075852>
1838
1839         Reviewed by Dean Jackson.
1840
1841         * JavaScriptCore.vcxproj/JavaScriptCorePreBuild.cmd: Add missing step to generate
1842         version information for intermediary build path.
1843
1844 2014-08-20  Saam Barati  <sbarati@apple.com>
1845
1846         Fix a memory leak in TypeSet
1847         https://bugs.webkit.org/show_bug.cgi?id=135913
1848
1849         Reviewed by Filip Pizlo.
1850
1851         Currently, TypeSet unconditionally allocates memory for its member
1852         variable m_structureHistory, but never deallocates it. Change this 
1853         from being a pointer that is unconditionally allocated to a member 
1854         variable that will be deallocated when TypeSet itself is deallocated.
1855
1856         * runtime/TypeSet.cpp:
1857         (JSC::TypeSet::TypeSet):
1858         (JSC::TypeSet::addTypeInformation):
1859         (JSC::TypeSet::seenTypes):
1860         (JSC::TypeSet::displayName):
1861         (JSC::TypeSet::allStructureRepresentations):
1862         (JSC::StructureShape::leastCommonAncestor):
1863         * runtime/TypeSet.h:
1864
1865 2014-08-20  peavo@outlook.com  <peavo@outlook.com>
1866
1867         [Win] Assertion fails when running JSC stress tests.
1868         https://bugs.webkit.org/show_bug.cgi?id=136103
1869
1870         Reviewed by Darin Adler.
1871
1872         Use unsigned bitfield member instead of enum bitfield member to avoid negative values.
1873
1874         * bytecode/CodeOrigin.h: Use unsigned bitfield member.
1875         (JSC::InlineCallFrame::specializationKind): Compile fix.
1876
1877 2014-08-20  Akos Kiss  <akiss@inf.u-szeged.hu>
1878
1879         Enable ARM64 disassembler on EFL
1880         https://bugs.webkit.org/show_bug.cgi?id=136089
1881
1882         Reviewed by Filip Pizlo.
1883
1884         * CMakeLists.txt:
1885         Added disassembler/ARM64Disassembler.cpp and
1886         disassembler/ARM64/A64DOpcode.cpp to JavaScriptCore_SOURCES.
1887
1888         * disassembler/ARM64/A64DOpcode.cpp:
1889         Added USE(ARM64_DISASSEMBLER) guard around implementation.
1890
1891         * disassembler/ARM64/A64DOpcode.h:
1892         (JSC::ARM64Disassembler::A64DOpcode::appendUnsignedImmediate64):
1893         (JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset):
1894         Made format strings portable by changing "%llx" to "%" PRIx64 for
1895         uint64_t arguments.
1896
1897 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
1898
1899         REGRESSION(r172401): for-in optimization no longer works at all
1900         https://bugs.webkit.org/show_bug.cgi?id=136056
1901
1902         Reviewed by Geoffrey Garen.
1903         
1904         Roll this back in, along with a fix to make proxies work. Previously, for-in over proxies
1905         would instacrash every time.
1906
1907         * bytecompiler/BytecodeGenerator.cpp:
1908         (JSC::BytecodeGenerator::emitGetByVal):
1909         (JSC::BytecodeGenerator::pushIndexedForInScope):
1910         (JSC::BytecodeGenerator::pushStructureForInScope):
1911         * bytecompiler/BytecodeGenerator.h:
1912         (JSC::ForInContext::ForInContext):
1913         (JSC::StructureForInContext::StructureForInContext):
1914         (JSC::IndexedForInContext::IndexedForInContext):
1915         (JSC::ForInContext::base): Deleted.
1916         * bytecompiler/NodesCodegen.cpp:
1917         (JSC::ForInNode::emitMultiLoopBytecode):
1918         * runtime/JSProxy.cpp:
1919         (JSC::JSProxy::getStructurePropertyNames):
1920         (JSC::JSProxy::getGenericPropertyNames):
1921         * tests/stress/for-in-base-reassigned-later-and-change-structure.js: Added.
1922         (foo):
1923         * tests/stress/for-in-base-reassigned-later.js: Added.
1924         (foo):
1925         * tests/stress/for-in-base-reassigned.js: Added.
1926         (foo):
1927         * tests/stress/for-in-proxy-target-changed-structure.js: Added.
1928         (deleteAll):
1929         (foo):
1930         * tests/stress/for-in-proxy.js: Added.
1931         (foo):
1932
1933 2014-08-19  Jaehun Lim  <ljaehun.lim@samsung.com>
1934
1935         Unreviewed, fix EFL build after r17275
1936
1937         Fix error: ignoring #pragma clang diagnostic [-Werror=unknown-pragmas]
1938
1939         * runtime/JSDataViewPrototype.cpp:
1940         Add #if COMPILER(CLANG) and #endif.
1941
1942 2014-08-19  Michael Saboff  <msaboff@apple.com>
1943
1944         Crash in jsc-layout-tests.yaml/js/script-tests/reentrant-caching.js
1945         https://bugs.webkit.org/show_bug.cgi?id=136080
1946
1947         Reviewed by Mark Lam.
1948
1949         Update VM::topVMEntryFrame via NativeCallFrameTracer() when we pass the caller's frame
1950         to NativeCallFrameTracer() as the callee's frame may be the first callee from an entry
1951         frame.  In that case, the caller will have the prior VM entry frame.
1952
1953         The new NativeCallFrameTracer with a VMEntryFrame parameter should be used when throwing
1954         an exception from a caller frame.  The value to use for the VMEntryFrame should be a
1955         value possibly modified by CallFrame::callerFrame(&*VMEntryFrame) used to find the caller.
1956
1957         * interpreter/Interpreter.h:
1958         (JSC::NativeCallFrameTracer::NativeCallFrameTracer): Added a new constructor that takes a
1959         VMEntryFrame.  Added an ASSERT to both constructors to check that the updated topCallFrame
1960         is below the current vmEntryFrame.
1961
1962         * jit/JITOperations.cpp:
1963         (JSC::operationThrowStackOverflowError):
1964         (JSC::operationCallArityCheck):
1965         (JSC::operationConstructArityCheck):
1966         Set VM::topVMEntryFrame to the possibly updated VMEntryFrame after getting the caller's frame.
1967
1968 2014-08-19  Andy Estes  <aestes@apple.com>
1969
1970         [Cocoa] Offline Assembler build phase fails when $BUILT_PRODUCTS_DIR contains spaces
1971         https://bugs.webkit.org/show_bug.cgi?id=136086
1972
1973         Reviewed by Filip Pizlo.
1974
1975         Enclosed arguments to asm.rb containing $BUILT_PRODUCTS_DIR in double quotes so that they don't get split on
1976         whitespace. Also let Xcode have its way with an unrelated part of the project file.
1977
1978         * JavaScriptCore.xcodeproj/project.pbxproj:
1979
1980 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
1981
1982         LLInt build should be way faster
1983         https://bugs.webkit.org/show_bug.cgi?id=136085
1984
1985         Reviewed by Geoffrey Garen.
1986         
1987         This does three things to improve the LLInt build performance. One of them is only for
1988         Xcode for now while the others should benefit all platforms:
1989         
1990         - Don't exponentially build settings combinations that correspond to being on two backends
1991           simultaneously. This is by far the biggest win.
1992         
1993         - Don't generate offset extraction code for backends that aren't supported by the current
1994           port. This currently only works on Xcode-based ports. This is a relatively small win.
1995         
1996         - Remove the ALWAYS_ALLOCATE_SLOW option. Each option increases build time, and we haven't
1997           used this one in a long time. Anyway, setting this option could be emulated by just
1998           directly hacking the code.
1999         
2000         This is an enormous speed-up in the LLInt build.
2001
2002         * JavaScriptCore.xcodeproj/project.pbxproj: Prune the set of backends that we should consider on Xcode-based platforms.
2003         * llint/LLIntOfflineAsmConfig.h: Remove ALWAYS_ALLOCATE_SLOW
2004         * llint/LowLevelInterpreter.asm: Remove ALWAYS_ALLOCATE_SLOW
2005         * offlineasm/backends.rb: Add infrastructure for reasoning about valid backends.
2006         * offlineasm/generate_offset_extractor.rb: Allow the client to specify a filtered set of valid backends.
2007         * offlineasm/settings.rb: Improve the construction of settings combinations so that it doesn't traverse the enourmous set of obviously invalid multi-backend combinations. Also glue into support for valid backends.
2008
2009 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
2010
2011         Fix indentation and style in LowLevelInterpreter.asm
2012         https://bugs.webkit.org/show_bug.cgi?id=136083
2013
2014         Reviewed by Mark Lam.
2015
2016         * llint/LowLevelInterpreter.asm:
2017
2018 2014-08-19  Magnus Granberg  <zorry@gentoo.org>
2019
2020         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
2021         https://bugs.webkit.org/show_bug.cgi?id=70610
2022
2023         Reviewed by Darin Adler.
2024
2025         Setup %ebx so we can use the plt.
2026
2027         * jit/ThunkGenerators.cpp:
2028
2029 2014-08-19  Zalan Bujtas  <zalan@apple.com>
2030
2031         Remove ENABLE(SUBPIXEL_LAYOUT).
2032         https://bugs.webkit.org/show_bug.cgi?id=136077
2033
2034         Reviewed by Simon Fraser.
2035
2036         Remove compile time flag SUBPIXEL_LAYOUT. All ports have it enabled for a while now.
2037
2038         * Configurations/FeatureDefines.xcconfig:
2039
2040 2014-08-19  Alex Christensen  <achristensen@webkit.org>
2041
2042         [CMake] Generate LLInt assembly correctly on Windows.
2043         https://bugs.webkit.org/show_bug.cgi?id=135888
2044
2045         Reviewed by Oliver Hunt.
2046
2047         * CMakeLists.txt:
2048         Generate LowLevelInterpreterWin.asm instead of LLIntAssembly.h on Windows like the existing build system.
2049         * PlatformWin.cmake:
2050         Don't build JSGlobalObjectInspectorController.cpp on Windows.
2051         * offlineasm/x86.rb:
2052         Detect non-cygwin ruby installations correctly.
2053
2054 2014-08-19  Michael Saboff  <msaboff@apple.com>
2055
2056         REGRESSION(r163179): It broke the build on ARM Thumb2 with GCC
2057         https://bugs.webkit.org/show_bug.cgi?id=136028
2058
2059         Reviewed by Oliver Hunt.
2060
2061         Added back ARMv7 conditionals around three op addp and subp since ARM Thumb2 spec says that
2062         the behavior for those ops are undefined.  This was originally done in changeset 163179.
2063
2064         * llint/LowLevelInterpreter32_64.asm:
2065
2066 2014-08-18  Commit Queue  <commit-queue@webkit.org>
2067
2068         Unreviewed, rolling out r172741.
2069         https://bugs.webkit.org/show_bug.cgi?id=136058
2070
2071         This change is breaking PLT. (Requested by mlam on #webkit).
2072
2073         Reverted changeset:
2074
2075         "REGRESSION(r172401): for-in optimization no longer works at
2076         all"
2077         https://bugs.webkit.org/show_bug.cgi?id=136056
2078         http://trac.webkit.org/changeset/172741
2079
2080 2014-08-18  Filip Pizlo  <fpizlo@apple.com>
2081
2082         REGRESSION(r172401): for-in optimization no longer works at all
2083         https://bugs.webkit.org/show_bug.cgi?id=136056
2084
2085         Reviewed by Mark Hahnenberg.
2086         
2087         This is a partial roll-out of r172401. It turns out that the fix wasn't actually fixing a
2088         real bug (since it's fine to use op_get_direct_pname on the wrong base because it has a
2089         structure check) and it was actually breaking the entire for-in optimization (since there is
2090         no way that we can statically prove that the base matches, because the base we see is a
2091         newly created temporary, and anyway doing it right would be really hard in our bytecode
2092         because it's 3AC form).
2093         
2094         But, I added a new test for the problem, and kept the original test. Both the old test and
2095         the new test prove that r172401 wasn't fixing what it thought it was fixing. To the extent
2096         that it resolved crashes it was because it just disabled the for-in optimization entirely.
2097
2098         * bytecompiler/BytecodeGenerator.cpp:
2099         (JSC::BytecodeGenerator::emitGetByVal):
2100         (JSC::BytecodeGenerator::pushIndexedForInScope):
2101         (JSC::BytecodeGenerator::pushStructureForInScope):
2102         * bytecompiler/BytecodeGenerator.h:
2103         (JSC::ForInContext::ForInContext):
2104         (JSC::StructureForInContext::StructureForInContext):
2105         (JSC::IndexedForInContext::IndexedForInContext):
2106         (JSC::ForInContext::base): Deleted.
2107         * bytecompiler/NodesCodegen.cpp:
2108         (JSC::ForInNode::emitMultiLoopBytecode):
2109         * tests/stress/for-in-base-reassigned.js: Added.
2110         * tests/stress/for-in-base-reassigned-later.js: Added.
2111         * tests/stress/for-in-base-reassigned-later-and-change-structure.js: Added.
2112
2113 2014-08-18  Mark Lam  <mark.lam@apple.com>
2114
2115         Gardening: build fix for non-Mac builds after r172737.
2116         https://bugs.webkit.org/show_bug.cgi?id=135750
2117
2118         Not reviewed.
2119
2120         * CMakeLists.txt:
2121         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2122         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2123
2124 2014-08-18  Filip Pizlo  <fpizlo@apple.com>
2125
2126         REGRESSION(r172129): ftlopt branch merge made performance tests flakey crash
2127         https://bugs.webkit.org/show_bug.cgi?id=135750
2128
2129         Reviewed by Mark Lam.
2130         
2131         This was caused by a rather embarrassing oversight in how the DFG tracks structures: we
2132         could sometimes perform an optimization that requires a structure to be alive but forget to
2133         ensure that the structure is actually kept alive. In particular, any watchpoint-based
2134         optimizations involve setting watchpoints even if the code that got optimized is eventually
2135         deleted because it is unreachable. All such optimizations would leave behind something in
2136         the IR to tell us that we are interested in the structure and that therefore it should be
2137         kept alive. But, IR can be deleted if it is unreachable.
2138         
2139         The solution is to ensure that as soon as the DFG is made aware of a structure, it adds it
2140         to the set of weak references.
2141
2142         * JavaScriptCore.xcodeproj/project.pbxproj:
2143         * dfg/DFGAbstractInterpreterInlines.h:
2144         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2145         * dfg/DFGAbstractValue.cpp:
2146         (JSC::DFG::AbstractValue::setOSREntryValue):
2147         (JSC::DFG::AbstractValue::set):
2148         (JSC::DFG::AbstractValue::normalizeClarity):
2149         (JSC::DFG::AbstractValue::assertIsRegistered):
2150         (JSC::DFG::AbstractValue::assertIsWatched): Deleted.
2151         * dfg/DFGAbstractValue.h:
2152         (JSC::DFG::AbstractValue::assertIsRegistered):
2153         (JSC::DFG::AbstractValue::assertIsWatched): Deleted.
2154         * dfg/DFGCommon.h:
2155         * dfg/DFGConstantFoldingPhase.cpp:
2156         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2157         * dfg/DFGDesiredWeakReferences.cpp:
2158         (JSC::DFG::DesiredWeakReferences::addLazily):
2159         (JSC::DFG::DesiredWeakReferences::contains):
2160         (JSC::DFG::DesiredWeakReferences::reallyAdd):
2161         (JSC::DFG::DesiredWeakReferences::visitChildren):
2162         * dfg/DFGDesiredWeakReferences.h:
2163         * dfg/DFGFixupPhase.cpp:
2164         (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
2165         * dfg/DFGGraph.cpp:
2166         (JSC::DFG::Graph::Graph):
2167         (JSC::DFG::Graph::registerFrozenValues):
2168         (JSC::DFG::Graph::convertToConstant):
2169         (JSC::DFG::Graph::registerStructure):
2170         (JSC::DFG::Graph::assertIsRegistered):
2171         (JSC::DFG::Graph::assertIsWatched): Deleted.
2172         * dfg/DFGGraph.h:
2173         * dfg/DFGPlan.cpp:
2174         (JSC::DFG::Plan::compileInThreadImpl):
2175         * dfg/DFGStructureAbstractValue.cpp:
2176         (JSC::DFG::StructureAbstractValue::assertIsRegistered):
2177         (JSC::DFG::StructureAbstractValue::assertIsWatched): Deleted.
2178         * dfg/DFGStructureAbstractValue.h:
2179         (JSC::DFG::StructureAbstractValue::assertIsRegistered):
2180         (JSC::DFG::StructureAbstractValue::assertIsWatched): Deleted.
2181         * dfg/DFGStructureRegistrationPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGWatchableStructureWatchingPhase.cpp.
2182         (JSC::DFG::StructureRegistrationPhase::StructureRegistrationPhase):
2183         (JSC::DFG::StructureRegistrationPhase::run):
2184         (JSC::DFG::StructureRegistrationPhase::registerStructures):
2185         (JSC::DFG::StructureRegistrationPhase::registerStructure):
2186         (JSC::DFG::performStructureRegistration):
2187         (JSC::DFG::WatchableStructureWatchingPhase::WatchableStructureWatchingPhase): Deleted.
2188         (JSC::DFG::WatchableStructureWatchingPhase::run): Deleted.
2189         (JSC::DFG::WatchableStructureWatchingPhase::tryWatch): Deleted.
2190         (JSC::DFG::performWatchableStructureWatching): Deleted.
2191         * dfg/DFGStructureRegistrationPhase.h: Copied from Source/JavaScriptCore/dfg/DFGWatchableStructureWatchingPhase.h.
2192         * dfg/DFGWatchableStructureWatchingPhase.cpp: Removed.
2193         * dfg/DFGWatchableStructureWatchingPhase.h: Removed.
2194
2195 2014-08-18  Akos Kiss  <akiss@inf.u-szeged.hu>
2196
2197         Fix ASSERT in ARM64's JSC::GPRInfo::debugName
2198         https://bugs.webkit.org/show_bug.cgi?id=136050
2199
2200         Reviewed by Darin Adler.
2201
2202         Remove cast of GPRReg to unsigned to prevent signed/unsigned comparison
2203         error.
2204
2205         * jit/GPRInfo.h:
2206         (JSC::GPRInfo::debugName):
2207
2208 2014-08-18  Andreas Kling  <akling@apple.com>
2209
2210         REGRESSION(r168256): JSString can get 8-bit flag wrong when re-using AtomicStrings.
2211         <https://webkit.org/b/133574>
2212         <rdar://problem/18051847>
2213
2214         The optimization that resolves JSRopeStrings into an existing
2215         AtomicString (to save time and memory by avoiding StringImpl allocation)
2216         had a bug that it wasn't copying the 8-bit flag from the AtomicString.
2217
2218         This could lead to a situation where a 16-bit StringImpl containing
2219         only 8-bit characters is sitting in the AtomicString table, is found
2220         by the rope resolution optimization, and gives you a rope that thinks
2221         it's all 8-bit, but has a fiber with 16-bit characters.
2222
2223         Resolving that rope will then yield incorrect results.
2224
2225         This was all caught by an assertion, but very hard to reproduce.
2226
2227         Test: js/dopey-rope-with-16-bit-propertyname.html
2228
2229         Reviewed by Darin Adler.
2230
2231         * runtime/JSString.cpp:
2232         (JSC::JSRopeString::resolveRopeToAtomicString):
2233         (JSC::JSRopeString::resolveRopeToExistingAtomicString):
2234         * runtime/JSString.h:
2235         (JSC::JSString::setIs8Bit):
2236         (JSC::JSString::toExistingAtomicString):
2237
2238 2014-08-18  Matthew Mirman  <mmirman@apple.com>
2239
2240         Merges the two native inlining passes from the build.
2241         Also adds the AvailableExternallyLinkage assertion to linked 
2242         functions to allow unused and duplicate ones to be removed.
2243         https://bugs.webkit.org/show_bug.cgi?id=135526
2244
2245         Reviewed by Filip Pizlo.
2246
2247         * JavaScriptCore.xcodeproj/project.pbxproj: 
2248         Removed second generation of llvm binary files.
2249         Fixed the flags on the first pass. 
2250         * build-symbol-table-index.py: Modified some paths.
2251         * build-symbol-table-index.sh: Removed.
2252         * copy-llvm-ir-to-derived-sources.sh: Now calls build-symbol-table-index directly.
2253         * ftl/FTLLowerDFGToLLVM.cpp: Added LLVMAvailableExternallyLinkage assertion.
2254         (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): 
2255         * runtime/ArrayPrototype.cpp: Removed static declarations. 
2256         * runtime/DateConstructor.cpp: ditto.
2257         (JSC::dateParse):
2258         (JSC::dateNow):
2259         (JSC::dateUTC):
2260         * runtime/DatePrototype.cpp: ditto.
2261         * runtime/JSDataViewPrototype.cpp: ditto on both.
2262         (JSC::dataViewProtoFuncGetInt8):
2263         (JSC::dataViewProtoFuncGetInt16):
2264         (JSC::dataViewProtoFuncGetInt32):
2265         (JSC::dataViewProtoFuncGetUint8):
2266         (JSC::dataViewProtoFuncGetUint16):
2267         (JSC::dataViewProtoFuncGetUint32):
2268         (JSC::dataViewProtoFuncGetFloat32):
2269         (JSC::dataViewProtoFuncGetFloat64):
2270         (JSC::dataViewProtoFuncSetInt8):
2271         (JSC::dataViewProtoFuncSetInt16):
2272         (JSC::dataViewProtoFuncSetInt32):
2273         (JSC::dataViewProtoFuncSetUint8):
2274         (JSC::dataViewProtoFuncSetUint16):
2275         (JSC::dataViewProtoFuncSetUint32):
2276         (JSC::dataViewProtoFuncSetFloat32):
2277         (JSC::dataViewProtoFuncSetFloat64):
2278         * runtime/JSONObject.cpp: ditto.
2279         * runtime/ObjectConstructor.cpp: ditto.
2280         * runtime/StringPrototype.cpp: ditto.
2281
2282 2014-08-18  Saam Barati  <sbarati@apple.com>
2283
2284         The parser should generate AST nodes the var declarations with no initializers
2285         https://bugs.webkit.org/show_bug.cgi?id=135545
2286
2287         Reviewed by Geoffrey Garen.
2288
2289         Currently, JSC's parser ignores variable declarations
2290         that have no assignment initializer value because all 
2291         variables are implicitly assigned to undefined. But, 
2292         type profiling needs an AST node to be generated for these 
2293         empty variable declarations because it needs to be able to 
2294         profile their text locations and to see that their type 
2295         is undefined.
2296
2297         * bytecompiler/NodesCodegen.cpp:
2298         (JSC::EmptyVarExpression::emitBytecode):
2299         * parser/ASTBuilder.h:
2300         (JSC::ASTBuilder::createVarStatement):
2301         (JSC::ASTBuilder::createEmptyVarExpression):
2302         * parser/NodeConstructors.h:
2303         (JSC::EmptyVarExpression::EmptyVarExpression):
2304         * parser/Nodes.h:
2305         * parser/Parser.cpp:
2306         (JSC::Parser<LexerType>::parseVarDeclarationList):
2307         * parser/SyntaxChecker.h:
2308         (JSC::SyntaxChecker::createEmptyVarExpression):
2309
2310 2014-08-18  Diego Pino Garcia  <dpino@igalia.com>
2311
2312         Completed iterator can be revived by adding more than one new entry to the target object
2313         https://bugs.webkit.org/show_bug.cgi?id=129993
2314
2315         Reviewed by Oliver Hunt.
2316
2317         When iterator reaches end, finish iterator.
2318
2319         * runtime/JSMapIterator.h:
2320         (JSC::JSMapIterator::finish):
2321         * runtime/JSSetIterator.h:
2322         (JSC::JSSetIterator::finish):
2323         * runtime/MapData.h:
2324         (JSC::MapData::const_iterator::finish): set index of iterator to max
2325         Int32.
2326         * runtime/MapIteratorPrototype.cpp:
2327         (JSC::MapIteratorPrototypeFuncNext):
2328         * runtime/SetIteratorPrototype.cpp:
2329         (JSC::SetIteratorPrototypeFuncNext):
2330
2331 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2332
2333         Web Inspector: rewrite CodeGeneratorInspector to be modular and testable
2334         https://bugs.webkit.org/show_bug.cgi?id=131596
2335
2336         Unreviewed gardening to rebaseline inspector generator tests after addressing review comments.
2337
2338         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2339         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2340         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2341         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2342         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2343         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2344         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2345         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2346         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2347         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2348         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2349
2350 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2351
2352         Unreviewed build fix for some GTK bots after r172655.
2353
2354         Some bots use Python 2.6, which lacks the 'flags' named parameter for re.sub.
2355
2356         * inspector/scripts/codegen/generator.py:
2357         (Generator.stylized_name_for_enum_value): Do things the old-school way.
2358
2359 2014-08-15  Michael Saboff  <msaboff@apple.com>
2360
2361         Change callToJavaScript and callToNativeFunction so their callFrames match the native calling conventions
2362         https://bugs.webkit.org/show_bug.cgi?id=131578
2363
2364         Reviewed by Geoffrey Garen.
2365
2366         Renamed callToJavaScript and callToNativeFunction to vmEntryToJavaScript and vmEntryToNative,
2367         respectively.  Eliminated the sentinel frame and replaced it with the structure VMEntryRecord
2368         that appears in the "locals" area of a VM entry stack frame.  Changed the order that
2369         vmEntryToJavaScript and vmEntryToNative creates their stack frames to be native calling
2370         convention compliant.  That is to save prior frame pointer, save callee save registers, then
2371         allocate and populate the VMEntryRecord, and finally allocate a CallFrame for the JS function
2372         that vmEntryToJavaScript will invoke.  The top most vm entry frame pointer is saved in
2373         VM::topVMEntryFrame.  The vmEntry functions save prior contents of VM::topVMEntryFrame
2374         along with the VM and VM::topCallFrame in the VMEntryRecord it places on the stack.  Starting
2375         at VM::topCallFrame, the stack can be walked using these VMEntryRecords.
2376
2377         Arbitrary stack unwinding is now handled either iteratively by loading VM::topVMEntryFrame
2378         into a local variable and using CallFrame::callerFrame(VMEntryFrame*&) or by using StackVisitor.
2379         Given that the stack is effectively a singly linked list, general stack unwinding needs to use
2380         one of these two methods.
2381
2382         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2383         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2384         * JavaScriptCore.xcodeproj/project.pbxproj:
2385         Addition of VMEntryRecord.h
2386
2387         * bytecode/BytecodeList.json:
2388         Renaming of llint helper opcodes due to renaming callToJavaScript and callToNativeFunction.
2389
2390         * debugger/Debugger.cpp:
2391         (JSC::Debugger::stepOutOfFunction):
2392         (JSC::Debugger::returnEvent):
2393         (JSC::Debugger::didExecuteProgram):
2394         * jsc.cpp:
2395         (functionDumpCallFrame):
2396         * jit/JITOperations.cpp:
2397         Changed unwinding to use CallFrame::callerFrame(VMEntryFrame*&).
2398
2399         * bytecode/CodeBlock.cpp:
2400         (JSC::RecursionCheckFunctor::RecursionCheckFunctor):
2401         (JSC::RecursionCheckFunctor::operator()):
2402         (JSC::RecursionCheckFunctor::didRecurse):
2403         (JSC::CodeBlock::noticeIncomingCall):
2404         * debugger/DebuggerCallFrame.cpp:
2405         (JSC::FindCallerMidStackFunctor::FindCallerMidStackFunctor):
2406         (JSC::FindCallerMidStackFunctor::operator()):
2407         (JSC::FindCallerMidStackFunctor::getCallerFrame):
2408         (JSC::DebuggerCallFrame::callerFrame):
2409         * interpreter/VMInspector.cpp:
2410         (JSC::CountFramesFunctor::CountFramesFunctor):
2411         (JSC::CountFramesFunctor::operator()):
2412         (JSC::CountFramesFunctor::count):
2413         (JSC::VMInspector::countFrames):
2414         * runtime/VM.cpp:
2415         (JSC::VM::VM):
2416         (JSC::FindFirstCallerFrameWithCodeblockFunctor::FindFirstCallerFrameWithCodeblockFunctor):
2417         (JSC::FindFirstCallerFrameWithCodeblockFunctor::operator()):
2418         (JSC::FindFirstCallerFrameWithCodeblockFunctor::foundCallFrame):
2419         (JSC::FindFirstCallerFrameWithCodeblockFunctor::index):
2420         (JSC::VM::throwException):
2421         Changed unwinding to use StackVisitor including added functor classes.
2422
2423         * interpreter/CallFrame.cpp:
2424         (JSC::CallFrame::callerFrame):
2425         Added new flavor of callerFrame() that can iteratively unwind the stack.
2426
2427         * interpreter/CallFrame.h:
2428         (JSC::ExecState::callerFrame): Changed callerFrame() to use private common helper.
2429         (JSC::ExecState::callerFrameOrVMEntryFrame): Deleted.
2430         (JSC::ExecState::isVMEntrySentinel): Deleted.
2431         (JSC::ExecState::vmEntrySentinelCallerFrame): Deleted.
2432         (JSC::ExecState::initializeVMEntrySentinelFrame): Deleted.
2433         (JSC::ExecState::callerFrameSkippingVMEntrySentinel): Deleted.
2434         (JSC::ExecState::vmEntrySentinelCodeBlock): Deleted.
2435
2436         * interpreter/CallFrame.h:
2437         (JSC::ExecState::init):
2438         (JSC::ExecState::topOfFrame):
2439         (JSC::ExecState::currentVPC):
2440         (JSC::ExecState::setCurrentVPC):
2441         Eliminated unneded checking of sentinel frame.
2442
2443         * interpreter/Interpreter.cpp:
2444         (JSC::unwindCallFrame):
2445         (JSC::Interpreter::getStackTrace): Updated for unwidning changes.
2446         (JSC::Interpreter::unwind): Eliminated unneeded sentinel frame check.
2447
2448         * interpreter/Interpreter.cpp:
2449         (JSC::Interpreter::executeCall):
2450         (JSC::Interpreter::executeConstruct):
2451         * jit/JITStubs.h:
2452         * llint/LLIntThunks.cpp:
2453         (JSC::callToJavaScript): Deleted.
2454         (JSC::callToNativetion): Deleted.
2455         (JSC::vmEntryToJavaScript):
2456         (JSC::vmEntryToNative):
2457         * llint/LLIntThunks.h:
2458         Updated for vmEntryToJavaScript and vmEntryToNative name changes.
2459
2460         * interpreter/Interpreter.h:
2461         (JSC::TopCallFrameSetter::TopCallFrameSetter):
2462         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
2463         Eliminated unneeded sentinel frame check.
2464
2465         * interpreter/Interpreter.h:
2466         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
2467         Removed sentinel specific constructor.
2468
2469         * interpreter/StackVisitor.cpp:
2470         (JSC::StackVisitor::StackVisitor):
2471         (JSC::StackVisitor::readFrame):
2472         (JSC::StackVisitor::readNonInlinedFrame):
2473         (JSC::StackVisitor::readInlinedFrame):
2474         (JSC::StackVisitor::Frame::print):
2475         * interpreter/StackVisitor.h:
2476         (JSC::StackVisitor::Frame::callerIsVMEntry):
2477         Changes for unwinding using CallFrame::callerFrame(VMEntryFrame*&).  Also added field that
2478         indicates when about to step over a VM entry frame.
2479
2480         * interpreter/VMEntryRecord.h: Added.
2481         (JSC::VMEntryRecord::prevTopCallFrame):
2482         (JSC::VMEntryRecord::prevTopVMEntryFrame):
2483         New struct to record prior state of VM's notion of VM entry and top call frames.
2484
2485         * jit/JITCode.cpp:
2486         (JSC::JITCode::execute):
2487         Use new vmEntryToJavaScript and vmEntryToNative name.
2488
2489         * llint/LLIntOffsetsExtractor.cpp: Added include for VMEntryRecord.h.
2490
2491         * llint/LowLevelInterpreter.asm:
2492         * llint/LowLevelInterpreter32_64.asm:
2493         * llint/LowLevelInterpreter64.asm:
2494         Offline assembly implementation of creating stack frame with VMEntryRecord and well as restoring 
2495         relevent VM fields when exiting the VM.  Added a helper that returns a VMEntryRecord given
2496         a pointer to the VM entry frame.
2497
2498         * llint/LLIntThunks.cpp:
2499         (JSC::vmEntryRecord):
2500         * llint/LowLevelInterpreter.cpp:
2501         (JSC::CLoop::execute):
2502         C Loop changes to mirror the assembly changes.
2503
2504         * runtime/VM.h:
2505         Added topVMEntryFrame field.
2506
2507 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2508
2509         Web Inspector: rewrite CodeGeneratorInspector to be modular and testable
2510         https://bugs.webkit.org/show_bug.cgi?id=131596
2511
2512         Reviewed by Joseph Pecoraro.
2513
2514         Replace CodeGeneratorInspector.py with generate-inspector-protocol-bindings.py.
2515         The new generator decouples parsing and typechecking a model of the protocol from
2516         code generation. Each generated file is created by a different subclass of Generator.
2517         Helper methods to compute various type signatures are shared among generators.
2518
2519         This patch introduces a test harness and a test suite that covers all functionality.
2520
2521         Aside from hooking up the new inspector bindings generator to the build system,
2522         there are a few comingled changes that would be painful to split from the main
2523         patch:
2524
2525         Convert protocol enumeration types from struct-namespaced enums to C++ scoped enums.
2526
2527         Move all runtimeCast(), assertValueHasExpectedType(), and RuntimeCastHelper methods to static
2528         methods of BindingTraits specializations.
2529
2530         Together, these changes reduce duplication and make it possible to forward-declare
2531         all protocol enum and object types, reducing weird ordering dependencies between domains.
2532
2533         * CMakeLists.txt:
2534         * DerivedSources.make:
2535         * JavaScriptCore.vcxproj/copy-files.cmd:
2536         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2537         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add inspector scripts to solution filters.
2538         * JavaScriptCore.xcodeproj/project.pbxproj:
2539         * inspector/ConsoleMessage.cpp: Convert to scoped enums.
2540         (Inspector::messageSourceValue):
2541         (Inspector::messageTypeValue):
2542         (Inspector::messageLevelValue):
2543         * inspector/InjectedScript.cpp: Convert to scoped enums and BindingTraits.
2544         (Inspector::InjectedScript::getFunctionDetails):
2545         (Inspector::InjectedScript::getProperties):
2546         (Inspector::InjectedScript::getInternalProperties):
2547         (Inspector::InjectedScript::wrapCallFrames):
2548         (Inspector::InjectedScript::wrapObject):
2549         (Inspector::InjectedScript::wrapTable):
2550         * inspector/InjectedScriptBase.cpp: Convert InspectorValue::Type to a scoped enum.
2551         (Inspector::InjectedScriptBase::makeEvalCall):
2552         * inspector/InjectedScriptManager.cpp:
2553         (Inspector::InjectedScriptManager::injectedScriptForObjectId):
2554         * inspector/InspectorTypeBuilder.h:
2555         (Inspector::TypeBuilder::Array::create):
2556         (Inspector::TypeBuilder::StructItemTraits::pushRefPtr):
2557         (Inspector::TypeBuilder::ArrayItemHelper<String>::Traits::pushRaw):
2558         (Inspector::TypeBuilder::ArrayItemHelper<int>::Traits::pushRaw):
2559         (Inspector::TypeBuilder::ArrayItemHelper<double>::Traits::pushRaw):
2560         (Inspector::TypeBuilder::ArrayItemHelper<bool>::Traits::pushRaw):
2561         (Inspector::TypeBuilder::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr):
2562         (Inspector::TypeBuilder::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr):
2563         (Inspector::TypeBuilder::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr):
2564         (Inspector::TypeBuilder::PrimitiveBindingTraits::assertValueHasExpectedType):
2565         (Inspector::TypeBuilder::BindingTraits<TypeBuilder::Array<T>>::runtimeCast):
2566         (Inspector::TypeBuilder::BindingTraits<TypeBuilder::Array<T>>::assertValueHasExpectedType):
2567         (Inspector::TypeBuilder::BindingTraits<InspectorValue>::assertValueHasExpectedType):
2568         (Inspector::TypeBuilder::BindingTraits<int>::assertValueHasExpectedType):
2569         (Inspector::TypeBuilder::ExactlyInt::ExactlyInt): Deleted. It was not used.
2570         (Inspector::TypeBuilder::ExactlyInt::operator int): Deleted.
2571         (Inspector::TypeBuilder::ExactlyInt::cast_to_int): Deleted.
2572         (Inspector::TypeBuilder::ExactlyInt::cast_to_int<int>): Deleted.
2573         (Inspector::TypeBuilder::int>): Deleted.
2574         (Inspector::TypeBuilder::RuntimeCastHelper::assertType): Deleted.
2575         (Inspector::TypeBuilder::RuntimeCastHelper::assertAny): Deleted.
2576         (Inspector::TypeBuilder::RuntimeCastHelper::assertInt): Deleted.
2577         (Inspector::TypeBuilder::Array::runtimeCast): Deleted.
2578         (Inspector::TypeBuilder::Array::assertCorrectValue): Deleted.
2579         (Inspector::TypeBuilder::StructItemTraits::assertCorrectValue): Deleted.
2580         (Inspector::TypeBuilder::ArrayItemHelper<String>::Traits::assertCorrectValue): Deleted.
2581         (Inspector::TypeBuilder::ArrayItemHelper<int>::Traits::assertCorrectValue): Deleted.
2582         (Inspector::TypeBuilder::ArrayItemHelper<double>::Traits::assertCorrectValue): Deleted.
2583         (Inspector::TypeBuilder::ArrayItemHelper<bool>::Traits::assertCorrectValue): Deleted.
2584         (Inspector::TypeBuilder::ArrayItemHelper<InspectorValue>::Traits::assertCorrectValue): Deleted.
2585         (Inspector::TypeBuilder::ArrayItemHelper<InspectorObject>::Traits::assertCorrectValue): Deleted.
2586         (Inspector::TypeBuilder::ArrayItemHelper<InspectorArray>::Traits::assertCorrectValue): Deleted.
2587         (Inspector::TypeBuilder::ArrayItemHelper<TypeBuilder::Array<T>>::Traits::assertCorrectValue): Deleted.
2588
2589         * inspector/InspectorValues.cpp: Convert InspectorValue::Type to a scoped enum.
2590         (Inspector::InspectorValue::writeJSON):
2591         (Inspector::InspectorBasicValue::asBoolean):
2592         (Inspector::InspectorBasicValue::asNumber):
2593         (Inspector::InspectorBasicValue::writeJSON):
2594         (Inspector::InspectorString::writeJSON):
2595         (Inspector::InspectorObjectBase::InspectorObjectBase):
2596         (Inspector::InspectorObjectBase::setArray): Take InspectorArrayBase.
2597         (Inspector::InspectorObjectBase::setObject): Take InspectorObjectBase.
2598         (Inspector::InspectorArrayBase::InspectorArrayBase):
2599         * inspector/InspectorValues.h:
2600
2601         * inspector/agents/InspectorDebuggerAgent.cpp: Convert to scoped enums.
2602         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2603         (Inspector::InspectorDebuggerAgent::breakProgram):
2604         * inspector/agents/InspectorDebuggerAgent.h:
2605         * inspector/agents/InspectorRuntimeAgent.cpp:
2606         (Inspector::InspectorRuntimeAgent::parse):
2607         * inspector/agents/InspectorRuntimeAgent.h:
2608
2609         * inspector/scripts/CodeGeneratorInspector.py: Removed.
2610         * inspector/scripts/codegen/__init__.py: Added.
2611         * inspector/scripts/codegen/generate_backend_commands.py: Added.
2612         (BackendCommandsGenerator):
2613         (BackendCommandsGenerator.__init__):
2614         (BackendCommandsGenerator.model):
2615         (BackendCommandsGenerator.output_filename):
2616         (BackendCommandsGenerator.generate_license):
2617         (BackendCommandsGenerator.generate_output):
2618         (BackendCommandsGenerator.generate_domain):
2619         (BackendCommandsGenerator.generate_domain.is_anonymous_enum_member):
2620         (BackendCommandsGenerator.generate_domain.generate_parameter_object):
2621         * inspector/scripts/codegen/generate_backend_dispatcher_header.py: Added.
2622         (BackendDispatcherHeaderGenerator):
2623         (BackendDispatcherHeaderGenerator.__init__):
2624         (BackendDispatcherHeaderGenerator.model):
2625         (BackendDispatcherHeaderGenerator.output_filename):
2626         (BackendDispatcherHeaderGenerator.generate_license):
2627         (BackendDispatcherHeaderGenerator.generate_output):
2628         (BackendDispatcherHeaderGenerator.generate_output.for):
2629         (BackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
2630         (BackendDispatcherHeaderGenerator._generate_anonymous_enum_for_parameter):
2631         (BackendDispatcherHeaderGenerator._generate_handler_declaration_for_command):
2632         (BackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2633         (BackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2634         (BackendDispatcherHeaderGenerator._generate_dispatcher_declaration_for_command):
2635         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py: Added.
2636         (BackendDispatcherImplementationGenerator):
2637         (BackendDispatcherImplementationGenerator.__init__):
2638         (BackendDispatcherImplementationGenerator.model):
2639         (BackendDispatcherImplementationGenerator.output_filename):
2640         (BackendDispatcherImplementationGenerator.generate_license):
2641         (BackendDispatcherImplementationGenerator.generate_output):
2642         (BackendDispatcherImplementationGenerator._generate_handler_class_destructor_for_domain):
2643         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
2644         (BackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2645         (BackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
2646         (BackendDispatcherImplementationGenerator._generate_async_dispatcher_class_for_domain):
2647         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2648         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py: Added.
2649         (FrontendDispatcherHeaderGenerator):
2650         (FrontendDispatcherHeaderGenerator.__init__):
2651         (FrontendDispatcherHeaderGenerator.model):
2652         (FrontendDispatcherHeaderGenerator.output_filename):
2653         (FrontendDispatcherHeaderGenerator.generate_license):
2654         (FrontendDispatcherHeaderGenerator.generate_output):
2655         (FrontendDispatcherHeaderGenerator._generate_anonymous_enum_for_parameter):
2656         (FrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2657         (FrontendDispatcherHeaderGenerator._generate_dispatcher_declaration_for_event):
2658         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py: Added.
2659         (FrontendDispatcherImplementationGenerator):
2660         (FrontendDispatcherImplementationGenerator.__init__):
2661         (FrontendDispatcherImplementationGenerator.model):
2662         (FrontendDispatcherImplementationGenerator.output_filename):
2663         (FrontendDispatcherImplementationGenerator.generate_license):
2664         (FrontendDispatcherImplementationGenerator.generate_output):
2665         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
2666         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2667         * inspector/scripts/codegen/generate_type_builder_header.py: Added.
2668         (TypeBuilderHeaderGenerator):
2669         (TypeBuilderHeaderGenerator.__init__):
2670         (TypeBuilderHeaderGenerator.model):
2671         (TypeBuilderHeaderGenerator.output_filename):
2672         (TypeBuilderHeaderGenerator.generate_license):
2673         (TypeBuilderHeaderGenerator.generate_output):
2674         (TypeBuilderHeaderGenerator._generate_forward_declarations):
2675         (_generate_typedefs):
2676         (_generate_typedefs_for_domain):
2677         (_generate_builders_for_domain):
2678         (_generate_class_for_object_declaration):
2679         (_generate_struct_for_enum_declaration):
2680         (_generate_struct_for_anonymous_enum_member):
2681         (_generate_struct_for_anonymous_enum_member.apply_indentation):
2682         (_generate_struct_for_enum_type):
2683         (_generate_builder_state_enum):
2684         (_generate_builder_setter_for_member):
2685         (_generate_unchecked_setter_for_member):
2686         (_generate_forward_declarations_for_binding_traits):
2687         * inspector/scripts/codegen/generate_type_builder_implementation.py: Added.
2688         (TypeBuilderImplementationGenerator):
2689         (TypeBuilderImplementationGenerator.__init__):
2690         (TypeBuilderImplementationGenerator.model):
2691         (TypeBuilderImplementationGenerator.output_filename):
2692         (TypeBuilderImplementationGenerator.generate_license):
2693         (TypeBuilderImplementationGenerator.generate_output):
2694         (TypeBuilderImplementationGenerator._generate_enum_mapping):
2695         (TypeBuilderImplementationGenerator._generate_open_field_names):
2696         (TypeBuilderImplementationGenerator._generate_builders_for_domain):
2697         (TypeBuilderImplementationGenerator._generate_runtime_cast_for_object_declaration):
2698         (TypeBuilderImplementationGenerator._generate_assertion_for_object_declaration):
2699         (TypeBuilderImplementationGenerator._generate_assertion_for_enum):
2700         * inspector/scripts/codegen/generator.py: Added.
2701         (ucfirst):
2702         (Generator):
2703         (Generator.__init__):
2704         (Generator.model):
2705         (Generator.generate_license):
2706         (Generator.domains_to_generate):
2707         (Generator.generate_output):
2708         (Generator.output_filename):
2709         (Generator.encoding_for_enum_value):
2710         (Generator.assigned_enum_values):
2711         (Generator.type_needs_runtime_casts):
2712         (Generator.type_has_open_fields):
2713         (Generator.type_needs_shape_assertions):
2714         (Generator.calculate_types_requiring_shape_assertions):
2715         (Generator.calculate_types_requiring_shape_assertions.gather_transitively_referenced_types):
2716         (Generator._traverse_and_assign_enum_values):
2717         (Generator._assign_encoding_for_enum_value):
2718         (Generator.wrap_with_guard_for_domain):
2719         (Generator.stylized_name_for_enum_value):
2720         (Generator.stylized_name_for_enum_value.replaceCallback):
2721         (Generator.keyed_get_method_for_type):
2722         (Generator.keyed_set_method_for_type):
2723         (Generator.type_builder_string_for_type):
2724         (Generator.type_builder_string_for_type_member):
2725         (Generator.type_string_for_unchecked_formal_in_parameter):
2726         (Generator.type_string_for_checked_formal_event_parameter):
2727         (Generator.type_string_for_type_member):
2728         (Generator.type_string_for_type_with_name):
2729         (Generator.type_string_for_formal_out_parameter):
2730         (Generator.type_string_for_formal_async_parameter):
2731         (Generator.type_string_for_stack_in_parameter):
2732         (Generator.type_string_for_stack_out_parameter):
2733         (Generator.assertion_method_for_type_member):
2734         (Generator.assertion_method_for_type_member.assertion_method_for_type):
2735         (Generator.cpp_name_for_primitive_type):
2736         (Generator.js_name_for_parameter_type):
2737         (Generator.should_use_wrapper_for_return_type):
2738         (Generator.should_pass_by_copy_for_return_type):
2739         * inspector/scripts/codegen/generator_templates.py: Added.
2740         (GeneratorTemplates):
2741         (void):
2742         (HashMap):
2743         (Builder):
2744         (Inspector):
2745         * inspector/scripts/codegen/models.py: Added.
2746         (ucfirst):
2747         (ParseException):
2748         (TypecheckException):
2749         (Framework):
2750         (Framework.__init__):
2751         (Framework.setting):
2752         (Framework.fromString):
2753         (Frameworks):
2754         (TypeReference):
2755         (TypeReference.__init__):
2756         (TypeReference.referenced_name):
2757         (Type):
2758         (Type.__init__):
2759         (Type.__eq__):
2760         (Type.__hash__):
2761         (Type.raw_name):
2762         (Type.is_enum):
2763         (Type.type_domain):
2764         (Type.qualified_name):
2765         (Type.resolve_type_references):
2766         (PrimitiveType):
2767         (PrimitiveType.__init__):
2768         (PrimitiveType.__repr__):
2769         (PrimitiveType.type_domain):
2770         (PrimitiveType.qualified_name):
2771         (AliasedType):
2772         (AliasedType.__init__):
2773         (AliasedType.__repr__):
2774         (AliasedType.is_enum):
2775         (AliasedType.type_domain):
2776         (AliasedType.qualified_name):
2777         (AliasedType.resolve_type_references):
2778         (EnumType):
2779         (EnumType.__init__):
2780         (EnumType.__repr__):
2781         (EnumType.is_enum):
2782         (EnumType.type_domain):
2783         (EnumType.enum_values):
2784         (EnumType.qualified_name):
2785         (EnumType.resolve_type_references):
2786         (ArrayType):
2787         (ArrayType.__init__):
2788         (ArrayType.__repr__):
2789         (ArrayType.type_domain):
2790         (ArrayType.qualified_name):
2791         (ArrayType.resolve_type_references):
2792         (ObjectType):
2793         (ObjectType.__init__):
2794         (ObjectType.__repr__):
2795         (ObjectType.type_domain):
2796         (ObjectType.qualified_name):
2797         (check_for_required_properties):
2798         (Protocol):
2799         (Protocol.__init__):
2800         (Protocol.parse_specification):
2801         (Protocol.parse_domain):
2802         (Protocol.parse_type_declaration):
2803         (Protocol.parse_type_member):
2804         (Protocol.parse_command):
2805         (Protocol.parse_event):
2806         (Protocol.parse_call_or_return_parameter):
2807         (Protocol.resolve_types):
2808         (Protocol.lookup_type_for_declaration):
2809         (Protocol.lookup_type_reference):
2810         (Domain):
2811         (Domain.__init__):
2812         (Domain.resolve_type_references):
2813         (Domains):
2814         (TypeDeclaration):
2815         (TypeDeclaration.__init__):
2816         (TypeDeclaration.resolve_type_references):
2817         (TypeMember):
2818         (TypeMember.__init__):
2819         (TypeMember.resolve_type_references):
2820         (Parameter):
2821         (Parameter.__init__):
2822         (Parameter.resolve_type_references):
2823         (Command):
2824         (Command.__init__):
2825         (Command.resolve_type_references):
2826         (Event):
2827         (Event.__init__):
2828         (Event.resolve_type_references):
2829         * inspector/scripts/generate-inspector-protocol-bindings.py: Added.
2830         (IncrementalFileWriter):
2831         (IncrementalFileWriter.__init__):
2832         (IncrementalFileWriter.write):
2833         (IncrementalFileWriter.close):
2834         (generate_from_specification):
2835         (generate_from_specification.load_specification):
2836         * inspector/scripts/tests/commands-with-async-attribute.json: Added.
2837         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json: Added.
2838         * inspector/scripts/tests/domains-with-varying-command-sizes.json: Added.
2839         * inspector/scripts/tests/events-with-optional-parameters.json: Added.
2840         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result: Added.
2841         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result: Added.
2842         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result: Added.
2843         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result: Added.
2844         * inspector/scripts/tests/fail-on-duplicate-type-declarations.json-error: Added.
2845         * inspector/scripts/tests/fail-on-enum-with-no-values.json-error: Added.
2846         * inspector/scripts/tests/fail-on-type-declaration-using-type-reference.json-error: Added.
2847         * inspector/scripts/tests/fail-on-type-with-lowercase-name.json-error: Added.
2848         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-declaration.json-error: Added.
2849         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-member.json-error: Added.
2850         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result: Added.
2851         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result: Added.
2852         * inspector/scripts/tests/expected/type-declaration-array-type.json-result: Added.
2853         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result: Added.
2854         * inspector/scripts/tests/expected/type-declaration-object-type.json-result: Added.
2855         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result: Added.
2856         * inspector/scripts/tests/fail-on-duplicate-type-declarations.json: Added.
2857         * inspector/scripts/tests/fail-on-enum-with-no-values.json: Added.
2858         * inspector/scripts/tests/fail-on-type-declaration-using-type-reference.json: Added.
2859         * inspector/scripts/tests/fail-on-type-with-lowercase-name.json: Added.
2860         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-declaration.json: Added.
2861         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-member.json: Added.
2862         * inspector/scripts/tests/same-type-id-different-domain.json: Added.
2863         * inspector/scripts/tests/type-declaration-aliased-primitive-type.json: Added.
2864         * inspector/scripts/tests/type-declaration-array-type.json: Added.
2865         * inspector/scripts/tests/type-declaration-enum-type.json: Added.
2866         * inspector/scripts/tests/type-declaration-object-type.json: Added.
2867         * inspector/scripts/tests/type-requiring-runtime-casts.json: Added.
2868
2869 2014-08-15  Matthew Mirman  <mmirman@apple.com>
2870
2871         Made native inlining errors not segfault. 
2872         https://bugs.webkit.org/show_bug.cgi?id=135988
2873         
2874         Reviewed by Geoffrey Garen.
2875
2876         * ftl/FTLAbbreviations.h:
2877         (JSC::FTL::disposeMessage): Added.
2878         * ftl/FTLLowerDFGToLLVM.cpp:
2879         (JSC::FTL::LowerDFGToLLVM::compilePutById): 
2880         abstracted out Options::verboseCompilation as was the case in the rest of the file.
2881         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
2882         (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): 
2883         added output error messages for llvm module loading.
2884
2885 2014-08-14  Andreas Kling  <akling@apple.com>
2886
2887         Allocate the whole RegExpMatchesArray backing store up front.
2888         <https://webkit.org/b/135217>
2889
2890         We were using the generic array backing store allocation path for
2891         RegExpMatchesArray which meant starting with 4 slots and then growing
2892         it dynamically as we append. Since we always know the final number of
2893         entries up front, allocate a perfectly-sized backing store right away.
2894
2895         ~2% progression on Octane/regexp.
2896
2897         Reviewed by Geoffrey Garen.
2898
2899         * runtime/JSArray.h:
2900         (JSC::createArrayButterflyWithExactLength):
2901         * runtime/RegExpMatchesArray.cpp:
2902         (JSC::RegExpMatchesArray::create):
2903
2904 2014-08-14  Saam Barati  <sbarati@apple.com>
2905
2906         Allow high fidelity type profiling to be enabled and disabled.
2907         https://bugs.webkit.org/show_bug.cgi?id=135423
2908
2909         Reviewed by Geoffrey Garen.
2910
2911         - Merged op_put_to_scope_with_profile and op_get_from_scope_with_profile into
2912           op_profile_types_with_high_fidelity by adding extra arguments to the opcode.
2913         - Altered SymbolTable to use less memory by adding a rare data structure for 
2914           type profiling.
2915         - Created an interface to turn on and off type profiling from the Web
2916           Inspector.
2917         - Refactored how entries are written to HighFidelityLog to make it
2918           easier to inline when generating machine code.
2919         - Implemented op_profile_types_with_high_fidelity in the baseline JIT
2920           by inlining the process of writing to the log and doing a small amount
2921           of type inference optimizations.
2922
2923         * bytecode/BytecodeList.json:
2924         * bytecode/BytecodeUseDef.h:
2925         (JSC::computeUsesForBytecodeOffset):
2926         (JSC::computeDefsForBytecodeOffset):
2927         * bytecode/CodeBlock.cpp:
2928         (JSC::CodeBlock::dumpBytecode):
2929         (JSC::CodeBlock::CodeBlock):
2930         (JSC::CodeBlock::finalizeUnconditionally):
2931         (JSC::CodeBlock::scopeDependentProfile): Deleted.
2932         * bytecode/CodeBlock.h:
2933         * bytecode/TypeLocation.h:
2934         (JSC::TypeLocation::TypeLocation):
2935         * bytecompiler/BytecodeGenerator.cpp:
2936         (JSC::BytecodeGenerator::generate):
2937         (JSC::BytecodeGenerator::emitMove):
2938         (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity):
2939         (JSC::BytecodeGenerator::emitGetFromScopeWithProfile): Deleted.
2940         (JSC::BytecodeGenerator::emitPutToScopeWithProfile): Deleted.
2941         * bytecompiler/BytecodeGenerator.h:
2942         * bytecompiler/NodesCodegen.cpp:
2943         (JSC::ThisNode::emitBytecode):
2944         (JSC::ResolveNode::emitBytecode):
2945         (JSC::BracketAccessorNode::emitBytecode):
2946         (JSC::DotAccessorNode::emitBytecode):
2947         (JSC::FunctionCallValueNode::emitBytecode):
2948         (JSC::FunctionCallResolveNode::emitBytecode):
2949         (JSC::FunctionCallBracketNode::emitBytecode):
2950         (JSC::FunctionCallDotNode::emitBytecode):
2951         (JSC::CallFunctionCallDotNode::emitBytecode):
2952         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2953         (JSC::PostfixNode::emitResolve):
2954         (JSC::PostfixNode::emitBracket):
2955         (JSC::PostfixNode::emitDot):
2956         (JSC::PrefixNode::emitResolve):
2957         (JSC::PrefixNode::emitBracket):
2958         (JSC::PrefixNode::emitDot):
2959         (JSC::ReadModifyResolveNode::emitBytecode):
2960         (JSC::AssignResolveNode::emitBytecode):
2961         (JSC::AssignDotNode::emitBytecode):
2962         (JSC::ReadModifyDotNode::emitBytecode):
2963         (JSC::AssignBracketNode::emitBytecode):
2964         (JSC::ReadModifyBracketNode::emitBytecode):
2965         (JSC::ReturnNode::emitBytecode):
2966         (JSC::FunctionBodyNode::emitBytecode):
2967         * inspector/agents/InspectorRuntimeAgent.cpp:
2968         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
2969         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2970         (Inspector::TypeRecompiler::operator()):
2971         (Inspector::recompileAllJSFunctionsForTypeProfiling):
2972         (Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
2973         (Inspector::InspectorRuntimeAgent::enableHighFidelityTypeProfiling):
2974         (Inspector::InspectorRuntimeAgent::disableHighFidelityTypeProfiling):
2975         (Inspector::InspectorRuntimeAgent::setHighFidelityTypeProfilingEnabledState):
2976         * inspector/agents/InspectorRuntimeAgent.h:
2977         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
2978         (Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):
2979         * inspector/protocol/Runtime.json:
2980         * jit/JIT.cpp:
2981         (JSC::JIT::privateCompileMainPass):
2982         (JSC::JIT::privateCompile):
2983         * jit/JIT.h:
2984         * jit/JITOpcodes.cpp:
2985         (JSC::JIT::emit_op_profile_types_with_high_fidelity):
2986         * jit/JITOpcodes32_64.cpp:
2987         (JSC::JIT::emit_op_profile_types_with_high_fidelity):
2988         * jit/JITOperations.cpp:
2989         * jit/JITOperations.h:
2990         * llint/LLIntSlowPaths.cpp:
2991         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2992         (JSC::LLInt::getFromScopeCommon): Deleted.
2993         (JSC::LLInt::putToScopeCommon): Deleted.
2994         * llint/LLIntSlowPaths.h:
2995         * llint/LowLevelInterpreter.asm:
2996         * runtime/CodeCache.cpp:
2997         (JSC::CodeCache::getGlobalCodeBlock):
2998         * runtime/CommonSlowPaths.cpp:
2999         (JSC::SLOW_PATH_DECL):
3000         * runtime/CommonSlowPaths.h:
3001         * runtime/HighFidelityLog.cpp:
3002         (JSC::HighFidelityLog::initializeHighFidelityLog):
3003         (JSC::HighFidelityLog::~HighFidelityLog):
3004         (JSC::HighFidelityLog::processHighFidelityLog):
3005         * runtime/HighFidelityLog.h:
3006         (JSC::HighFidelityLog::LogEntry::structureIDOffset):
3007         (JSC::HighFidelityLog::LogEntry::valueOffset):
3008         (JSC::HighFidelityLog::LogEntry::locationOffset):
3009         (JSC::HighFidelityLog::recordTypeInformationForLocation):
3010         (JSC::HighFidelityLog::logEndPtr):
3011         (JSC::HighFidelityLog::logStartOffset):
3012         (JSC::HighFidelityLog::currentLogEntryOffset):
3013         * runtime/HighFidelityTypeProfiler.cpp:
3014         (JSC::HighFidelityTypeProfiler::logTypesForTypeLocation):
3015         (JSC::descriptorMatchesTypeLocation):
3016         * runtime/HighFidelityTypeProfiler.h:
3017         * runtime/SymbolTable.cpp:
3018         (JSC::SymbolTable::SymbolTable):
3019         (JSC::SymbolTable::cloneCapturedNames):
3020         (JSC::SymbolTable::prepareForHighFidelityTypeProfiling):
3021         (JSC::SymbolTable::uniqueIDForVariable):
3022         (JSC::SymbolTable::uniqueIDForRegister):
3023         (JSC::SymbolTable::globalTypeSetForRegister):
3024         (JSC::SymbolTable::globalTypeSetForVariable):
3025         * runtime/SymbolTable.h:
3026         (JSC::SymbolTable::add):
3027         (JSC::SymbolTable::set):
3028         * runtime/TypeLocationCache.cpp:
3029         (JSC::TypeLocationCache::getTypeLocation):
3030         * runtime/TypeSet.cpp:
3031         (JSC::TypeSet::getRuntimeTypeForValue):
3032         (JSC::TypeSet::addTypeInformation):
3033         (JSC::TypeSet::allPrimitiveTypeNames):
3034         (JSC::TypeSet::addTypeForValue): Deleted.
3035         * runtime/TypeSet.h:
3036         * runtime/VM.cpp:
3037         (JSC::VM::VM):
3038         (JSC::VM::nextTypeLocation):
3039         (JSC::VM::enableHighFidelityTypeProfiling):
3040         (JSC::VM::disableHighFidelityTypeProfiling):
3041         (JSC::VM::dumpHighFidelityProfilingTypes):
3042         * runtime/VM.h:
3043         (JSC::VM::nextLocation): Deleted.
3044
3045 2014-08-14  Oliver Hunt  <oliver@apple.com>
3046
3047         Update scope resolution to assume that the parent activation is always there
3048         https://bugs.webkit.org/show_bug.cgi?id=135947
3049
3050         Reviewed by Andreas Kling.
3051
3052         Another incremental step in removing the idea of lazily created
3053         activations.
3054
3055         * dfg/DFGSpeculativeJIT32_64.cpp:
3056         (JSC::DFG::SpeculativeJIT::compile):
3057         * dfg/DFGSpeculativeJIT64.cpp:
3058         (JSC::DFG::SpeculativeJIT::compile):
3059         * jit/JITPropertyAccess.cpp:
3060         (JSC::JIT::emitResolveClosure):
3061         * jit/JITPropertyAccess32_64.cpp:
3062         (JSC::JIT::emitResolveClosure):
3063         * llint/LowLevelInterpreter32_64.asm:
3064         * llint/LowLevelInterpreter64.asm:
3065
3066 2014-08-14  Oliver Hunt  <oliver@apple.com>
3067
3068         Create activations eagerly
3069         https://bugs.webkit.org/show_bug.cgi?id=135942
3070
3071         Reviewed by Geoffrey Garen.
3072
3073         Prepare to rewrite activation objects into a more
3074         sane implementation. Step 1 is reverting to eager
3075         creation of the activation object. This results in
3076         a 1.35x regression in earley, but otherwise has a
3077         minimal performance impact.
3078
3079         The earley regression is being tracked by bug #135943
3080
3081         * bytecompiler/BytecodeGenerator.cpp:
3082         (JSC::BytecodeGenerator::BytecodeGenerator):
3083         (JSC::BytecodeGenerator::emitNewFunctionInternal):
3084         (JSC::BytecodeGenerator::emitNewFunctionExpression):
3085         (JSC::BytecodeGenerator::emitCallEval):
3086         (JSC::BytecodeGenerator::emitPushWithScope):
3087         (JSC::BytecodeGenerator::emitPushCatchScope):
3088         (JSC::BytecodeGenerator::createActivationIfNecessary): Deleted.
3089         * bytecompiler/BytecodeGenerator.h:
3090         * jit/JITOpcodes.cpp:
3091         (JSC::JIT::emit_op_create_activation):
3092         * jit/JITOpcodes32_64.cpp:
3093         (JSC::JIT::emit_op_create_activation):
3094         * llint/LowLevelInterpreter32_64.asm:
3095         * llint/LowLevelInterpreter64.asm:
3096
3097 2014-08-14  Oliver Hunt  <oliver@apple.com>
3098
3099         Create activations eagerly
3100         https://bugs.webkit.org/show_bug.cgi?id=135942
3101
3102         Reviewed by Geoffrey Garen.
3103
3104         Prepare to rewrite activation objects into a more
3105         sane implementation. Step 1 is reverting to eager
3106         creation of the activation object. This results in
3107         a 1.35x regression in earley, but otherwise has a
3108         minimal performance impact.
3109
3110         The earley regression is being tracked by 
3111         http://webkit.org/b/135943
3112
3113         * bytecompiler/BytecodeGenerator.cpp:
3114         (JSC::BytecodeGenerator::BytecodeGenerator):
3115         (JSC::BytecodeGenerator::emitNewFunctionInternal):
3116         (JSC::BytecodeGenerator::emitNewFunctionExpression):
3117         (JSC::BytecodeGenerator::emitCallEval):
3118         (JSC::BytecodeGenerator::emitPushWithScope):
3119         (JSC::BytecodeGenerator::emitPushCatchScope):
3120         (JSC::BytecodeGenerator::createActivationIfNecessary): Deleted.
3121         * bytecompiler/BytecodeGenerator.h:
3122         * jit/JITOpcodes.cpp:
3123         (JSC::JIT::emit_op_create_activation):
3124         * jit/JITOpcodes32_64.cpp:
3125         (JSC::JIT::emit_op_create_activation):
3126         * llint/LowLevelInterpreter32_64.asm:
3127         * llint/LowLevelInterpreter64.asm:
3128
3129 2014-08-14  Tomas Popela  <tpopela@redhat.com>
3130
3131         Add support for ppc, ppc64, ppc64le, s390, s390x into the CMake build
3132         https://bugs.webkit.org/show_bug.cgi?id=135937
3133
3134         Reviewed by Carlos Garcia Campos.
3135
3136         * CMakeLists.txt:
3137
3138 2014-08-14  Akos Kiss  <akiss@inf.u-szeged.hu>
3139
3140         Fix JSC::ARM64Assembler::LinkRecord::RealTypes
3141         https://bugs.webkit.org/show_bug.cgi?id=135906
3142
3143         Reviewed by Michael Saboff.
3144
3145         JSC::ARM64Assembler::LinkRecord::RealTypes::m_compareRegister is defined
3146         to occupy 5 bits but JSC::ARM64Assembler::RegisterID needs 6 bits. So,
3147         increase the size of the bit field and also reorganize the struct to 
3148         better align with word boundaries.
3149
3150         * assembler/ARM64Assembler.h:
3151
3152 2014-08-13  Akos Kiss  <akiss@inf.u-szeged.hu>
3153
3154         Add ARM64 support to CMake-based builds
3155         https://bugs.webkit.org/show_bug.cgi?id=135912
3156
3157         Reviewed by Gyuyoung Kim.
3158
3159         This patch ensures that CMake does not fail with Unknown CPU error when
3160         building for ARM64.
3161
3162         * CMakeLists.txt:
3163
3164 2014-08-13  Wenson Hsieh  <wenson_hsieh@apple.com>
3165
3166         Enable CSS_SCROLL_SNAP for iOS
3167         https://bugs.webkit.org/show_bug.cgi?id=135915
3168
3169         Turn on CSS_SCROLL_SNAP for iOS and the iOS simulator.
3170
3171         Reviewed by Tim Horton.
3172
3173         * Configurations/FeatureDefines.xcconfig:
3174
3175 2014-08-13  Alex Christensen  <achristensen@webkit.org>
3176
3177         Progress towards CMake on Mac.
3178         https://bugs.webkit.org/show_bug.cgi?id=135819
3179
3180         Reviewed by Laszlo Gombos.
3181
3182         * CMakeLists.txt:
3183         Add the remote inspector headers to the forwarding headers list.
3184
3185 2014-08-13  Daniel Bates  <dabates@apple.com>
3186
3187         [iOS] Make JavaScriptCore and bmalloc build with the public SDK
3188         https://bugs.webkit.org/show_bug.cgi?id=135848
3189
3190         Reviewed by Geoffrey Garen.
3191
3192         * API/JSBase.h: Declare NSMap functions with external linkage when building for iOS without the
3193         header <Foundation/NSMapTablePriv.h>.
3194         * inspector/remote/RemoteInspector.mm: Define XPC functions with external linkage when building
3195         without the system header <xpc/xpc.h>.
3196         * inspector/remote/RemoteInspectorXPCConnection.h: Define xpc_connection_t and xpc_object_t when building
3197         without the system header <xpc/xpc.h>.
3198         * inspector/remote/RemoteInspectorXPCConnection.mm: Declare XPC functions with external linkage when
3199         building without without the system header <xpc/xpc.h>.
3200         (Inspector::RemoteInspectorXPCConnection::closeOnQueue): Fix code style; use nullptr instead of NULL.
3201         (Inspector::RemoteInspectorXPCConnection::sendMessage): Ditto.
3202
3203 2014-08-12  Peyton Randolph  <prandolph@apple.com>
3204
3205         Runtime switch for long mouse press gesture. Part of 135257 - Add long mouse press gesture.
3206         https://bugs.webkit.org/show_bug.cgi?id=135682
3207
3208         Reviewed by Tim Horton.
3209
3210         * Configurations/FeatureDefines.xcconfig:
3211         Remove ENABLE_LONG_MOUSE_PRESS feature flag.
3212
3213 2014-08-12  Alex Christensen  <achristensen@webkit.org>
3214
3215         Generate header detection headers for CMake on Windows.
3216         https://bugs.webkit.org/show_bug.cgi?id=135807
3217
3218         Reviewed by Brent Fulgham.
3219
3220         * CMakeLists.txt:
3221         Include the derived sources directory to find WTF/WTFHeaderDetection.h.
3222
3223 2014-08-11  Andy Estes  <aestes@apple.com>
3224
3225         [iOS] Get rid of iOS.xcconfig
3226         https://bugs.webkit.org/show_bug.cgi?id=135809
3227
3228         Reviewed by Joseph Pecoraro.
3229
3230         All iOS.xcconfig did was include AspenFamily.xcconfig, so there's no need for the indirection.
3231
3232         * Configurations/Base.xcconfig:
3233         * Configurations/iOS.xcconfig: Removed.
3234         * JavaScriptCore.xcodeproj/project.pbxproj:
3235
3236 2014-08-11  Michael Saboff  <msaboff@apple.com>
3237
3238         Eliminate {push,pop}CalleeSaves in favor of individual pushes & pops
3239         https://bugs.webkit.org/show_bug.cgi?id=127155
3240
3241         Reviewed by Geoffrey Garen.
3242
3243         Eliminated the offline assembler instructions {push,pop}CalleeSaves as well as the
3244         ARM64 specific {push,pop}LRAndFP and replaced them with individual push and pop
3245         instructions. Where the registers referenced by the added push and pop instructions
3246         are not part of the offline assembler register aliases, used a newly added "emit"
3247         offline assembler instruction which takes a string literal and outputs that
3248         string as a native instruction.
3249
3250         * llint/LowLevelInterpreter.asm:
3251         * offlineasm/arm.rb:
3252         * offlineasm/arm64.rb:
3253         * offlineasm/ast.rb:
3254         * offlineasm/cloop.rb:
3255         * offlineasm/instructions.rb:
3256         * offlineasm/mips.rb:
3257         * offlineasm/parser.rb:
3258         * offlineasm/sh4.rb:
3259         * offlineasm/transform.rb:
3260         * offlineasm/x86.rb:
3261
3262 2014-08-11  Mark Lam  <mark.lam@apple.com>
3263
3264         Re-landing r172401 with fixed test.
3265         <https://webkit.org/b/135782>
3266
3267         Not reviewed.
3268
3269         * bytecompiler/BytecodeGenerator.cpp:
3270         (JSC::BytecodeGenerator::emitGetByVal):
3271         (JSC::BytecodeGenerator::pushIndexedForInScope):
3272         (JSC::BytecodeGenerator::pushStructureForInScope):
3273         * bytecompiler/BytecodeGenerator.h:
3274         (JSC::ForInContext::ForInContext):
3275         (JSC::ForInContext::base):
3276         (JSC::StructureForInContext::StructureForInContext):
3277         (JSC::IndexedForInContext::IndexedForInContext):
3278         * bytecompiler/NodesCodegen.cpp:
3279         (JSC::ForInNode::emitMultiLoopBytecode):
3280         * tests/stress/for-in-tests.js:
3281
3282 2014-08-11  Commit Queue  <commit-queue@webkit.org>
3283
3284         Unreviewed, rolling out r172401.
3285         https://bugs.webkit.org/show_bug.cgi?id=135812
3286
3287         Failing stress/for-in-tests.js
3288         http://build.webkit.org/builders/Apple%20Mavericks%20Release%20WK1%20%28Tests%29/builds/7945/steps
3289         /jscore-test/logs/stdio (Requested by mlam on #webkit).
3290
3291         Reverted changeset:
3292
3293         "for-in optimization should also make sure the base matches
3294         the object being iterated"
3295         https://bugs.webkit.org/show_bug.cgi?id=135782
3296         http://trac.webkit.org/changeset/172401
3297
3298 2014-08-11  Brian J. Burg  <burg@cs.washington.edu>
3299
3300         Web Inspector: use type builders to construct high fidelity type information payloads
3301         https://bugs.webkit.org/show_bug.cgi?id=135803
3302
3303         Reviewed by Timothy Hatcher.
3304
3305         Due to some typos in the protocol file, the code had worked with raw objects
3306         rather than with type builders. Convert to using builders.
3307
3308         * inspector/agents/InspectorRuntimeAgent.cpp:
3309         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3310         * inspector/agents/InspectorRuntimeAgent.h:
3311         * inspector/protocol/Runtime.json: Fix 'item' for 'items'; true for 'true'.
3312         * runtime/HighFidelityTypeProfiler.cpp:
3313         (JSC::HighFidelityTypeProfiler::getTypesForVariableAtOffsetForInspector):
3314         * runtime/HighFidelityTypeProfiler.h:
3315         * runtime/TypeSet.cpp:
3316         (JSC::TypeSet::allStructureRepresentations):
3317         (JSC::StructureShape::stringRepresentation):
3318         (JSC::StructureShape::inspectorRepresentation):
3319         * runtime/TypeSet.h:
3320
3321 2014-08-11  Mark Hahnenberg  <mhahnenberg@apple.com>
3322
3323         for-in optimization should also make sure the base matches the object being iterated
3324         https://bugs.webkit.org/show_bug.cgi?id=135782
3325
3326         Reviewed by Geoffrey Garen.
3327
3328         If we access a different base object with the same index, we shouldn't try to randomly 
3329         load from that object's backing store.
3330
3331         * bytecompiler/BytecodeGenerator.cpp:
3332         (JSC::BytecodeGenerator::emitGetByVal):
3333         (JSC::BytecodeGenerator::pushIndexedForInScope):
3334         (JSC::BytecodeGenerator::pushStructureForInScope):
3335         * bytecompiler/BytecodeGenerator.h: